summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:14:07 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:17:10 +0100
commit76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch)
tree1dd2d22a197bc40c5330e516969a7cb1ae9bc96f
parent559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff)
downloadgnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz
reindented code
Diffstat
-rw-r--r--doc/alert-printlist.c148
-rw-r--r--doc/common.c64
-rw-r--r--doc/common.h4
-rw-r--r--doc/errcodes.c177
-rw-r--r--doc/examples/ex-alert.c34
-rw-r--r--doc/examples/ex-cert-select-pkcs11.c251
-rw-r--r--doc/examples/ex-cert-select.c320
-rw-r--r--doc/examples/ex-client-anon.c168
-rw-r--r--doc/examples/ex-client-dtls.c201
-rw-r--r--doc/examples/ex-client-psk.c186
-rw-r--r--doc/examples/ex-client-resume.c261
-rw-r--r--doc/examples/ex-client-srp.c188
-rw-r--r--doc/examples/ex-client-x509.c292
-rw-r--r--doc/examples/ex-client-xssl1.c111
-rw-r--r--doc/examples/ex-client-xssl2.c143
-rw-r--r--doc/examples/ex-crq.c102
-rw-r--r--doc/examples/ex-ocsp-client.c448
-rw-r--r--doc/examples/ex-pkcs11-list.c56
-rw-r--r--doc/examples/ex-pkcs12.c218
-rw-r--r--doc/examples/ex-serv-anon.c250
-rw-r--r--doc/examples/ex-serv-dtls.c680
-rw-r--r--doc/examples/ex-serv-pgp.c265
-rw-r--r--doc/examples/ex-serv-psk.c319
-rw-r--r--doc/examples/ex-serv-srp.c261
-rw-r--r--doc/examples/ex-serv-x509.c295
-rw-r--r--doc/examples/ex-session-info.c220
-rw-r--r--doc/examples/ex-verify-ssh.c182
-rw-r--r--doc/examples/ex-verify.c209
-rw-r--r--doc/examples/ex-x509-info.c163
-rw-r--r--doc/examples/examples.h25
-rw-r--r--doc/examples/print-ciphersuites.c88
-rw-r--r--doc/examples/tcp.c57
-rw-r--r--doc/examples/udp.c59
-rw-r--r--doc/examples/verify.c74
-rw-r--r--doc/printlist.c355
-rw-r--r--extra/gnutls_openssl.c983
-rw-r--r--extra/includes/gnutls/openssl.h310
-rw-r--r--extra/openssl_compat.c221
-rw-r--r--extra/openssl_compat.h8
-rw-r--r--lib/abstract_int.h122
-rw-r--r--lib/accelerated/accelerated.c15
-rw-r--r--lib/accelerated/cryptodev-gcm.c360
-rw-r--r--lib/accelerated/cryptodev.c676
-rw-r--r--lib/accelerated/cryptodev.h6
-rw-r--r--lib/accelerated/x86/aes-gcm-padlock.c134
-rw-r--r--lib/accelerated/x86/aes-gcm-x86.c319
-rw-r--r--lib/accelerated/x86/aes-padlock.c578
-rw-r--r--lib/accelerated/x86/aes-padlock.h43
-rw-r--r--lib/accelerated/x86/aes-x86.c272
-rw-r--r--lib/accelerated/x86/aes-x86.h44
-rw-r--r--lib/accelerated/x86/hmac-padlock.c385
-rw-r--r--lib/accelerated/x86/sha-padlock.c476
-rw-r--r--lib/accelerated/x86/sha-padlock.h23
-rw-r--r--lib/accelerated/x86/x86.h12
-rw-r--r--lib/algorithms.h354
-rw-r--r--lib/algorithms/cert_types.c47
-rw-r--r--lib/algorithms/ciphers.c211
-rw-r--r--lib/algorithms/ciphersuites.c1852
-rw-r--r--lib/algorithms/ecc.c276
-rw-r--r--lib/algorithms/kx.c246
-rw-r--r--lib/algorithms/mac.c236
-rw-r--r--lib/algorithms/protocols.c180
-rw-r--r--lib/algorithms/publickey.c210
-rw-r--r--lib/algorithms/secparams.c157
-rw-r--r--lib/algorithms/sign.c306
-rw-r--r--lib/auth/anon.c226
-rw-r--r--lib/auth/anon.h25
-rw-r--r--lib/auth/anon_ecdh.c162
-rw-r--r--lib/auth/cert.c3935
-rw-r--r--lib/auth/cert.h223
-rw-r--r--lib/auth/dh_common.c489
-rw-r--r--lib/auth/dh_common.h37
-rw-r--r--lib/auth/dhe.c227
-rw-r--r--lib/auth/dhe_psk.c744
-rw-r--r--lib/auth/ecdhe.c529
-rw-r--r--lib/auth/ecdhe.h29
-rw-r--r--lib/auth/psk.c502
-rw-r--r--lib/auth/psk.h67
-rw-r--r--lib/auth/psk_passwd.c294
-rw-r--r--lib/auth/psk_passwd.h6
-rw-r--r--lib/auth/rsa.c455
-rw-r--r--lib/auth/rsa_common.h6
-rw-r--r--lib/auth/rsa_psk.c640
-rw-r--r--lib/auth/srp.c1601
-rw-r--r--lib/auth/srp.h47
-rw-r--r--lib/auth/srp_passwd.c763
-rw-r--r--lib/auth/srp_passwd.h25
-rw-r--r--lib/auth/srp_rsa.c398
-rw-r--r--lib/auth/srp_sb64.c622
-rw-r--r--lib/crypto-api.c306
-rw-r--r--lib/crypto-backend.c319
-rw-r--r--lib/crypto-backend.h449
-rw-r--r--lib/crypto.h12
-rw-r--r--lib/debug.c171
-rw-r--r--lib/debug.h18
-rw-r--r--lib/ext/alpn.c484
-rw-r--r--lib/ext/alpn.h15
-rw-r--r--lib/ext/cert_type.c367
-rw-r--r--lib/ext/ecc.c380
-rw-r--r--lib/ext/ecc.h3
-rw-r--r--lib/ext/heartbeat.c673
-rw-r--r--lib/ext/heartbeat.h4
-rw-r--r--lib/ext/max_record.c376
-rw-r--r--lib/ext/new_record_padding.c162
-rw-r--r--lib/ext/safe_renegotiation.c770
-rw-r--r--lib/ext/safe_renegotiation.h33
-rw-r--r--lib/ext/server_name.c693
-rw-r--r--lib/ext/server_name.h18
-rw-r--r--lib/ext/session_ticket.c1166
-rw-r--r--lib/ext/session_ticket.h4
-rw-r--r--lib/ext/signature.c658
-rw-r--r--lib/ext/signature.h31
-rw-r--r--lib/ext/srp.c403
-rw-r--r--lib/ext/srp.h7
-rw-r--r--lib/ext/srtp.c940
-rw-r--r--lib/ext/srtp.h15
-rw-r--r--lib/ext/status_request.c767
-rw-r--r--lib/ext/status_request.h6
-rw-r--r--lib/extras/randomart.c203
-rw-r--r--lib/extras/randomart.h9
-rw-r--r--lib/gnutls_alert.c396
-rw-r--r--lib/gnutls_anon_cred.c43
-rw-r--r--lib/gnutls_asn1_tab.c126
-rw-r--r--lib/gnutls_auth.c471
-rw-r--r--lib/gnutls_auth.h60
-rw-r--r--lib/gnutls_buffers.c2029
-rw-r--r--lib/gnutls_buffers.h100
-rw-r--r--lib/gnutls_cert.c834
-rw-r--r--lib/gnutls_cipher.c1863
-rw-r--r--lib/gnutls_cipher.h19
-rw-r--r--lib/gnutls_cipher_int.c590
-rw-r--r--lib/gnutls_cipher_int.h195
-rw-r--r--lib/gnutls_compress.c495
-rw-r--r--lib/gnutls_compress.h51
-rw-r--r--lib/gnutls_constate.c997
-rw-r--r--lib/gnutls_constate.h101
-rw-r--r--lib/gnutls_datum.c53
-rw-r--r--lib/gnutls_datum.h10
-rw-r--r--lib/gnutls_db.c321
-rw-r--r--lib/gnutls_db.h8
-rw-r--r--lib/gnutls_dh.c246
-rw-r--r--lib/gnutls_dh.h15
-rw-r--r--lib/gnutls_dh_primes.c679
-rw-r--r--lib/gnutls_dtls.c1306
-rw-r--r--lib/gnutls_dtls.h70
-rw-r--r--lib/gnutls_ecc.c135
-rw-r--r--lib/gnutls_ecc.h8
-rw-r--r--lib/gnutls_errors.c1053
-rw-r--r--lib/gnutls_errors.h34
-rw-r--r--lib/gnutls_extensions.c1020
-rw-r--r--lib/gnutls_extensions.h109
-rw-r--r--lib/gnutls_global.c263
-rw-r--r--lib/gnutls_global.h6
-rw-r--r--lib/gnutls_handshake.c5868
-rw-r--r--lib/gnutls_handshake.h59
-rw-r--r--lib/gnutls_hash_int.c787
-rw-r--r--lib/gnutls_hash_int.h135
-rw-r--r--lib/gnutls_helper.c15
-rw-r--r--lib/gnutls_helper.h2
-rw-r--r--lib/gnutls_int.h1338
-rw-r--r--lib/gnutls_kx.c1147
-rw-r--r--lib/gnutls_kx.h30
-rw-r--r--lib/gnutls_mbuffers.c352
-rw-r--r--lib/gnutls_mbuffers.h104
-rw-r--r--lib/gnutls_mem.c71
-rw-r--r--lib/gnutls_mem.h12
-rw-r--r--lib/gnutls_mpi.c542
-rw-r--r--lib/gnutls_mpi.h25
-rw-r--r--lib/gnutls_num.c68
-rw-r--r--lib/gnutls_num.h136
-rw-r--r--lib/gnutls_pcert.c450
-rw-r--r--lib/gnutls_pk.c625
-rw-r--r--lib/gnutls_pk.h49
-rw-r--r--lib/gnutls_priority.c1604
-rw-r--r--lib/gnutls_privkey.c1141
-rw-r--r--lib/gnutls_psk.c273
-rw-r--r--lib/gnutls_pubkey.c2513
-rw-r--r--lib/gnutls_range.c419
-rw-r--r--lib/gnutls_record.c2191
-rw-r--r--lib/gnutls_record.h44
-rw-r--r--lib/gnutls_rsa_export.c101
-rw-r--r--lib/gnutls_session.c168
-rw-r--r--lib/gnutls_session_pack.c1383
-rw-r--r--lib/gnutls_session_pack.h8
-rw-r--r--lib/gnutls_sig.c1293
-rw-r--r--lib/gnutls_sig.h56
-rw-r--r--lib/gnutls_srp.c813
-rw-r--r--lib/gnutls_srp.h22
-rw-r--r--lib/gnutls_state.c1507
-rw-r--r--lib/gnutls_state.h64
-rw-r--r--lib/gnutls_str.c1103
-rw-r--r--lib/gnutls_str.h110
-rw-r--r--lib/gnutls_str_array.h129
-rw-r--r--lib/gnutls_supplemental.c250
-rw-r--r--lib/gnutls_supplemental.h8
-rw-r--r--lib/gnutls_ui.c828
-rw-r--r--lib/gnutls_v2_compat.c395
-rw-r--r--lib/gnutls_v2_compat.h4
-rw-r--r--lib/gnutls_x509.c3142
-rw-r--r--lib/gnutls_x509.h18
-rw-r--r--lib/includes/gnutls/abstract.h709
-rw-r--r--lib/includes/gnutls/compat.h523
-rw-r--r--lib/includes/gnutls/crypto.h132
-rw-r--r--lib/includes/gnutls/dtls.h63
-rw-r--r--lib/includes/gnutls/gnutlsxx.h790
-rw-r--r--lib/includes/gnutls/ocsp.h287
-rw-r--r--lib/includes/gnutls/openpgp.h553
-rw-r--r--lib/includes/gnutls/pkcs11.h419
-rw-r--r--lib/includes/gnutls/pkcs12.h173
-rw-r--r--lib/includes/gnutls/tpm.h49
-rw-r--r--lib/includes/gnutls/x509.h1865
-rw-r--r--lib/includes/gnutls/xssl.h116
-rw-r--r--lib/locks.c17
-rw-r--r--lib/minitasn1/coding.c1782
-rw-r--r--lib/minitasn1/decoding.c4972
-rw-r--r--lib/minitasn1/element.c1238
-rw-r--r--lib/minitasn1/element.h10
-rw-r--r--lib/minitasn1/errors.c65
-rw-r--r--lib/minitasn1/gstr.c56
-rw-r--r--lib/minitasn1/gstr.h5
-rw-r--r--lib/minitasn1/int.h65
-rw-r--r--lib/minitasn1/libtasn1.h305
-rw-r--r--lib/minitasn1/parser_aux.c1390
-rw-r--r--lib/minitasn1/parser_aux.h91
-rw-r--r--lib/minitasn1/structure.c1736
-rw-r--r--lib/minitasn1/structure.h12
-rw-r--r--lib/minitasn1/version.c9
-rw-r--r--lib/nettle/cipher.c661
-rw-r--r--lib/nettle/egd.c385
-rw-r--r--lib/nettle/egd.h4
-rw-r--r--lib/nettle/gcm-camellia.c31
-rw-r--r--lib/nettle/gcm-camellia.h22
-rw-r--r--lib/nettle/init.c8
-rw-r--r--lib/nettle/mac.c638
-rw-r--r--lib/nettle/mpi.c874
-rw-r--r--lib/nettle/pk.c2093
-rw-r--r--lib/nettle/rnd.c641
-rw-r--r--lib/opencdk/armor.c933
-rw-r--r--lib/opencdk/context.h168
-rw-r--r--lib/opencdk/filters.h115
-rw-r--r--lib/opencdk/kbnode.c679
-rw-r--r--lib/opencdk/keydb.c3965
-rw-r--r--lib/opencdk/keydb.h68
-rw-r--r--lib/opencdk/literal.c479
-rw-r--r--lib/opencdk/main.h130
-rw-r--r--lib/opencdk/misc.c427
-rw-r--r--lib/opencdk/new-packet.c1112
-rw-r--r--lib/opencdk/opencdk.h1324
-rw-r--r--lib/opencdk/packet.h35
-rw-r--r--lib/opencdk/pubkey.c785
-rw-r--r--lib/opencdk/read-packet.c1865
-rw-r--r--lib/opencdk/seskey.c60
-rw-r--r--lib/opencdk/sig-check.c1015
-rw-r--r--lib/opencdk/stream.c1994
-rw-r--r--lib/opencdk/stream.h119
-rw-r--r--lib/opencdk/types.h2
-rw-r--r--lib/opencdk/write-packet.c1438
-rw-r--r--lib/openpgp/compat.c253
-rw-r--r--lib/openpgp/extras.c365
-rw-r--r--lib/openpgp/gnutls_openpgp.c896
-rw-r--r--lib/openpgp/gnutls_openpgp.h68
-rw-r--r--lib/openpgp/openpgp_int.h71
-rw-r--r--lib/openpgp/output.c934
-rw-r--r--lib/openpgp/pgp.c2143
-rw-r--r--lib/openpgp/pgpverify.c133
-rw-r--r--lib/openpgp/privkey.c1725
-rw-r--r--lib/pin.c21
-rw-r--r--lib/pin.h2
-rw-r--r--lib/pkcs11.c4715
-rw-r--r--lib/pkcs11_int.h324
-rw-r--r--lib/pkcs11_privkey.c1179
-rw-r--r--lib/pkcs11_secret.c202
-rw-r--r--lib/pkcs11_write.c1430
-rw-r--r--lib/pkix_asn1_tab.c999
-rw-r--r--lib/random.c41
-rw-r--r--lib/random.h23
-rw-r--r--lib/system.c972
-rw-r--r--lib/system.h53
-rw-r--r--lib/system_override.c41
-rw-r--r--lib/tpm.c2605
-rw-r--r--lib/vasprintf.c27
-rw-r--r--lib/vasprintf.h2
-rw-r--r--lib/verify-tofu.c1208
-rw-r--r--lib/x509/common.c2891
-rw-r--r--lib/x509/common.h166
-rw-r--r--lib/x509/crl.c1369
-rw-r--r--lib/x509/crl_write.c555
-rw-r--r--lib/x509/crq.c3351
-rw-r--r--lib/x509/dn.c1531
-rw-r--r--lib/x509/extensions.c2227
-rw-r--r--lib/x509/key_decode.c400
-rw-r--r--lib/x509/key_encode.c1312
-rw-r--r--lib/x509/mpi.c420
-rw-r--r--lib/x509/ocsp.c3127
-rw-r--r--lib/x509/ocsp_output.c1025
-rw-r--r--lib/x509/output.c4782
-rw-r--r--lib/x509/pbkdf2-sha1.c275
-rw-r--r--lib/x509/pbkdf2-sha1.h6
-rw-r--r--lib/x509/pkcs12.c3002
-rw-r--r--lib/x509/pkcs12_bag.c1008
-rw-r--r--lib/x509/pkcs12_encr.c292
-rw-r--r--lib/x509/pkcs7.c1366
-rw-r--r--lib/x509/privkey.c2429
-rw-r--r--lib/x509/privkey_openssl.c548
-rw-r--r--lib/x509/privkey_pkcs8.c4315
-rw-r--r--lib/x509/rfc2818_hostname.c107
-rw-r--r--lib/x509/sign.c206
-rw-r--r--lib/x509/verify-high.c882
-rw-r--r--lib/x509/verify-high.h4
-rw-r--r--lib/x509/verify-high2.c459
-rw-r--r--lib/x509/verify.c1539
-rw-r--r--lib/x509/x509.c4824
-rw-r--r--lib/x509/x509_dn.c260
-rw-r--r--lib/x509/x509_int.h466
-rw-r--r--lib/x509/x509_write.c2266
-rw-r--r--lib/x509_b64.c546
-rw-r--r--lib/x509_b64.h12
-rw-r--r--lib/xssl.c998
-rw-r--r--lib/xssl.h22
-rw-r--r--lib/xssl_getline.c148
-rw-r--r--libdane/dane-params.c117
-rw-r--r--libdane/dane.c1086
-rw-r--r--libdane/errors.c98
-rw-r--r--libdane/includes/gnutls/dane.h139
-rw-r--r--src/benchmark-cipher.c342
-rw-r--r--src/benchmark-tls.c739
-rw-r--r--src/benchmark.c186
-rw-r--r--src/benchmark.h49
-rw-r--r--src/certtool-cfg.c2782
-rw-r--r--src/certtool-cfg.h120
-rw-r--r--src/certtool-common.c1655
-rw-r--r--src/certtool-common.h129
-rw-r--r--src/certtool-extras.c170
-rw-r--r--src/certtool.c5864
-rw-r--r--src/cli-debug.c511
-rw-r--r--src/cli.c2972
-rw-r--r--src/common.c1877
-rw-r--r--src/common.h28
-rw-r--r--src/crywrap/crywrap.c1496
-rw-r--r--src/crywrap/crywrap.h48
-rw-r--r--src/crywrap/primes.h9
-rw-r--r--src/danetool.c781
-rwxr-xr-xsrc/inline_cmds.h40
-rw-r--r--src/list.h22
-rw-r--r--src/ocsptool-common.c675
-rw-r--r--src/ocsptool-common.h33
-rw-r--r--src/ocsptool.c865
-rw-r--r--src/p11tool.c404
-rw-r--r--src/p11tool.h44
-rw-r--r--src/pkcs11.c1505
-rw-r--r--src/psk.c395
-rw-r--r--src/serv.c2826
-rw-r--r--src/socket.c333
-rw-r--r--src/socket.h35
-rw-r--r--src/srptool.c1168
-rw-r--r--src/tests.c1513
-rw-r--r--src/tests.h89
-rw-r--r--src/tpmtool.c421
-rw-r--r--src/udp-serv.c456
-rw-r--r--src/udp-serv.h10
-rw-r--r--tests/anonself.c429
-rw-r--r--tests/certder.c658
-rw-r--r--tests/certificate_set_x509_crl.c118
-rw-r--r--tests/certuniqueid.c370
-rw-r--r--tests/chainverify-unsorted.c1364
-rw-r--r--tests/chainverify.c299
-rw-r--r--tests/crq_apis.c354
-rw-r--r--tests/crq_key_id.c316
-rw-r--r--tests/cve-2008-4989.c396
-rw-r--r--tests/cve-2009-1415.c99
-rw-r--r--tests/cve-2009-1416.c54
-rw-r--r--tests/dhepskself.c420
-rw-r--r--tests/dn.c189
-rw-r--r--tests/dn2.c120
-rw-r--r--tests/dtls/dtls-stress.c840
-rw-r--r--tests/eagain-common.h191
-rw-r--r--tests/gc.c126
-rw-r--r--tests/hostname-check.c1557
-rw-r--r--tests/infoaccess.c385
-rw-r--r--tests/init_roundtrip.c25
-rw-r--r--tests/key-openssl.c172
-rw-r--r--tests/mini-alpn.c447
-rw-r--r--tests/mini-cert-status.c437
-rw-r--r--tests/mini-deflate.c179
-rw-r--r--tests/mini-dtls-heartbeat.c548
-rw-r--r--tests/mini-dtls-hello-verify.c528
-rw-r--r--tests/mini-dtls-large.c480
-rw-r--r--tests/mini-dtls-record.c607
-rw-r--r--tests/mini-dtls-rehandshake.c593
-rw-r--r--tests/mini-dtls-srtp.c536
-rw-r--r--tests/mini-eagain-dtls.c177
-rw-r--r--tests/mini-eagain.c155
-rw-r--r--tests/mini-emsgsize-dtls.c248
-rw-r--r--tests/mini-handshake-timeout.c323
-rw-r--r--tests/mini-loss-time.c389
-rw-r--r--tests/mini-overhead.c480
-rw-r--r--tests/mini-record-2.c564
-rw-r--r--tests/mini-record-range.c566
-rw-r--r--tests/mini-record.c589
-rw-r--r--tests/mini-rehandshake.c222
-rw-r--r--tests/mini-rsa-psk.c495
-rw-r--r--tests/mini-tdb.c270
-rw-r--r--tests/mini-termination.c467
-rw-r--r--tests/mini-x509-2.c250
-rw-r--r--tests/mini-x509-callbacks.c301
-rw-r--r--tests/mini-x509-cas.c214
-rw-r--r--tests/mini-x509.c186
-rw-r--r--tests/mini-xssl.c579
-rw-r--r--tests/moredn.c99
-rw-r--r--tests/mpi.c74
-rw-r--r--tests/nul-in-x509-names.c201
-rw-r--r--tests/ocsp.c2503
-rw-r--r--tests/openpgp-auth.c502
-rw-r--r--tests/openpgp-auth2.c407
-rw-r--r--tests/openpgp-keyring.c478
-rw-r--r--tests/openpgp_test.c249
-rw-r--r--tests/openpgpself.c1023
-rw-r--r--tests/openssl.c37
-rw-r--r--tests/parse_ca.c93
-rw-r--r--tests/pgps2kgnu.c123
-rw-r--r--tests/pkcs12_encode.c356
-rw-r--r--tests/pkcs12_s2k.c231
-rw-r--r--tests/pkcs12_s2k_pem.c96
-rw-r--r--tests/pkcs12_simple.c217
-rw-r--r--tests/priorities.c135
-rw-r--r--tests/pskself.c401
-rw-r--r--tests/record-sizes-range.c236
-rw-r--r--tests/record-sizes.c220
-rw-r--r--tests/resume-dtls.c915
-rw-r--r--tests/resume.c906
-rw-r--r--tests/rng-fork.c119
-rw-r--r--tests/rsa-encrypt-decrypt.c220
-rw-r--r--tests/safe-renegotiation/srn0.c242
-rw-r--r--tests/safe-renegotiation/srn1.c199
-rw-r--r--tests/safe-renegotiation/srn2.c343
-rw-r--r--tests/safe-renegotiation/srn3.c200
-rw-r--r--tests/safe-renegotiation/srn4.c247
-rw-r--r--tests/safe-renegotiation/srn5.c258
-rw-r--r--tests/set_pkcs12_cred.c154
-rw-r--r--tests/setcredcrash.c31
-rw-r--r--tests/simple.c118
-rw-r--r--tests/slow/cipher-test.c1155
-rw-r--r--tests/slow/gendh.c32
-rw-r--r--tests/slow/keygen.c99
-rw-r--r--tests/srp/mini-srp.c482
-rw-r--r--tests/suite/ecore/eina_config.h14
-rw-r--r--tests/suite/ecore/src/include/Eina.h5
-rw-r--r--tests/suite/ecore/src/include/eina_accessor.h61
-rw-r--r--tests/suite/ecore/src/include/eina_array.h80
-rw-r--r--tests/suite/ecore/src/include/eina_benchmark.h22
-rw-r--r--tests/suite/ecore/src/include/eina_binshare.h19
-rw-r--r--tests/suite/ecore/src/include/eina_config.h14
-rw-r--r--tests/suite/ecore/src/include/eina_convert.h21
-rw-r--r--tests/suite/ecore/src/include/eina_counter.h15
-rw-r--r--tests/suite/ecore/src/include/eina_cpu.h23
-rw-r--r--tests/suite/ecore/src/include/eina_error.h18
-rw-r--r--tests/suite/ecore/src/include/eina_file.h40
-rw-r--r--tests/suite/ecore/src/include/eina_fp.h103
-rw-r--r--tests/suite/ecore/src/include/eina_hamster.h2
-rw-r--r--tests/suite/ecore/src/include/eina_hash.h194
-rw-r--r--tests/suite/ecore/src/include/eina_inlist.h80
-rw-r--r--tests/suite/ecore/src/include/eina_iterator.h54
-rw-r--r--tests/suite/ecore/src/include/eina_lalloc.h21
-rw-r--r--tests/suite/ecore/src/include/eina_list.h166
-rw-r--r--tests/suite/ecore/src/include/eina_log.h186
-rw-r--r--tests/suite/ecore/src/include/eina_magic.h19
-rw-r--r--tests/suite/ecore/src/include/eina_main.h17
-rw-r--r--tests/suite/ecore/src/include/eina_matrixsparse.h82
-rw-r--r--tests/suite/ecore/src/include/eina_mempool.h40
-rw-r--r--tests/suite/ecore/src/include/eina_module.h69
-rw-r--r--tests/suite/ecore/src/include/eina_quadtree.h37
-rw-r--r--tests/suite/ecore/src/include/eina_rbtree.h62
-rw-r--r--tests/suite/ecore/src/include/eina_rectangle.h105
-rw-r--r--tests/suite/ecore/src/include/eina_safety_checks.h6
-rw-r--r--tests/suite/ecore/src/include/eina_sched.h2
-rw-r--r--tests/suite/ecore/src/include/eina_str.h65
-rw-r--r--tests/suite/ecore/src/include/eina_strbuf.h94
-rw-r--r--tests/suite/ecore/src/include/eina_stringshare.h38
-rw-r--r--tests/suite/ecore/src/include/eina_tiler.h48
-rw-r--r--tests/suite/ecore/src/include/eina_trash.h18
-rw-r--r--tests/suite/ecore/src/include/eina_types.h261
-rw-r--r--tests/suite/ecore/src/include/eina_unicode.h37
-rw-r--r--tests/suite/ecore/src/include/eina_ustrbuf.h71
-rw-r--r--tests/suite/ecore/src/include/eina_ustringshare.h33
-rw-r--r--tests/suite/ecore/src/lib/Ecore.h804
-rw-r--r--tests/suite/ecore/src/lib/Ecore_Getopt.h317
-rw-r--r--tests/suite/ecore/src/lib/ecore.c494
-rw-r--r--tests/suite/ecore/src/lib/ecore_anim.c270
-rw-r--r--tests/suite/ecore/src/lib/ecore_app.c48
-rw-r--r--tests/suite/ecore/src/lib/ecore_events.c879
-rw-r--r--tests/suite/ecore/src/lib/ecore_exe.c2507
-rw-r--r--tests/suite/ecore/src/lib/ecore_getopt.c2879
-rw-r--r--tests/suite/ecore/src/lib/ecore_glib.c364
-rw-r--r--tests/suite/ecore/src/lib/ecore_idle_enterer.c239
-rw-r--r--tests/suite/ecore/src/lib/ecore_idle_exiter.c211
-rw-r--r--tests/suite/ecore/src/lib/ecore_idler.c200
-rw-r--r--tests/suite/ecore/src/lib/ecore_job.c110
-rw-r--r--tests/suite/ecore/src/lib/ecore_main.c2054
-rw-r--r--tests/suite/ecore/src/lib/ecore_pipe.c557
-rw-r--r--tests/suite/ecore/src/lib/ecore_poll.c584
-rw-r--r--tests/suite/ecore/src/lib/ecore_private.h154
-rw-r--r--tests/suite/ecore/src/lib/ecore_signal.c942
-rw-r--r--tests/suite/ecore/src/lib/ecore_thread.c1485
-rw-r--r--tests/suite/ecore/src/lib/ecore_time.c106
-rw-r--r--tests/suite/ecore/src/lib/ecore_timer.c777
-rw-r--r--tests/suite/ecore/src/lib/eina_accessor.c121
-rw-r--r--tests/suite/ecore/src/lib/eina_array.c543
-rw-r--r--tests/suite/ecore/src/lib/eina_benchmark.c430
-rw-r--r--tests/suite/ecore/src/lib/eina_binshare.c53
-rw-r--r--tests/suite/ecore/src/lib/eina_chained_mempool.c422
-rw-r--r--tests/suite/ecore/src/lib/eina_convert.c595
-rw-r--r--tests/suite/ecore/src/lib/eina_counter.c368
-rw-r--r--tests/suite/ecore/src/lib/eina_cpu.c235
-rw-r--r--tests/suite/ecore/src/lib/eina_error.c201
-rw-r--r--tests/suite/ecore/src/lib/eina_file.c577
-rw-r--r--tests/suite/ecore/src/lib/eina_fp.c1002
-rw-r--r--tests/suite/ecore/src/lib/eina_hamster.c103
-rw-r--r--tests/suite/ecore/src/lib/eina_hash.c1855
-rw-r--r--tests/suite/ecore/src/lib/eina_inlist.c576
-rw-r--r--tests/suite/ecore/src/lib/eina_iterator.c124
-rw-r--r--tests/suite/ecore/src/lib/eina_lalloc.c158
-rw-r--r--tests/suite/ecore/src/lib/eina_list.c1879
-rw-r--r--tests/suite/ecore/src/lib/eina_log.c2408
-rw-r--r--tests/suite/ecore/src/lib/eina_magic.c311
-rw-r--r--tests/suite/ecore/src/lib/eina_main.c310
-rw-r--r--tests/suite/ecore/src/lib/eina_matrixsparse.c1967
-rw-r--r--tests/suite/ecore/src/lib/eina_mempool.c328
-rw-r--r--tests/suite/ecore/src/lib/eina_module.c648
-rw-r--r--tests/suite/ecore/src/lib/eina_private.h15
-rw-r--r--tests/suite/ecore/src/lib/eina_quadtree.c1346
-rw-r--r--tests/suite/ecore/src/lib/eina_rbtree.c797
-rw-r--r--tests/suite/ecore/src/lib/eina_rectangle.c678
-rw-r--r--tests/suite/ecore/src/lib/eina_safety_checks.c16
-rw-r--r--tests/suite/ecore/src/lib/eina_sched.c79
-rw-r--r--tests/suite/ecore/src/lib/eina_share_common.c1070
-rw-r--r--tests/suite/ecore/src/lib/eina_share_common.h44
-rw-r--r--tests/suite/ecore/src/lib/eina_str.c639
-rw-r--r--tests/suite/ecore/src/lib/eina_strbuf.c118
-rw-r--r--tests/suite/ecore/src/lib/eina_strbuf_common.c680
-rw-r--r--tests/suite/ecore/src/lib/eina_strbuf_common.h105
-rw-r--r--tests/suite/ecore/src/lib/eina_stringshare.c1106
-rw-r--r--tests/suite/ecore/src/lib/eina_tiler.c1860
-rw-r--r--tests/suite/ecore/src/lib/eina_unicode.c156
-rw-r--r--tests/suite/ecore/src/lib/eina_ustrbuf.c18
-rw-r--r--tests/suite/ecore/src/lib/eina_ustringshare.c78
-rw-r--r--tests/suite/ecore/src/lib/eina_value.c12
-rw-r--r--tests/suite/mini-eagain2.c304
-rw-r--r--tests/suite/mini-record-timing.c1103
-rw-r--r--tests/utils.c207
-rw-r--r--tests/utils.h27
-rw-r--r--tests/x509_altname.c161
-rw-r--r--tests/x509cert-tl.c448
-rw-r--r--tests/x509cert.c283
-rw-r--r--tests/x509dn.c748
-rw-r--r--tests/x509self.c719
-rw-r--r--tests/x509sign-verify.c441
556 files changed, 149931 insertions, 153137 deletions
diff --git a/doc/alert-printlist.c b/doc/alert-printlist.c
index 59d53193a3..ab746aa2f2 100644
--- a/doc/alert-printlist.c
+++ b/doc/alert-printlist.c
@@ -27,94 +27,96 @@
#include <gnutls/openpgp.h>
#include "common.h"
-static void main_texinfo (void);
+static void main_texinfo(void);
static void main_latex(void);
char buffer[1024];
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- if (argc > 1)
- main_latex();
- else
- main_texinfo();
-
- return 0;
+ if (argc > 1)
+ main_latex();
+ else
+ main_texinfo();
+
+ return 0;
}
-static void main_texinfo (void)
+static void main_texinfo(void)
{
- {
- size_t i;
- const char *name;
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- printf ("@multitable @columnfractions .55 .10 .30\n@anchor{tab:alerts}\n");
- printf ("@headitem Alert @tab ID @tab Description\n");
- for (i = 0; i<256;i++)
- {
- if (gnutls_alert_get_strname(i)==NULL) continue;
- printf ("@item %s\n@tab %d\n@tab %s\n",
- escape_texi_string(gnutls_alert_get_strname(i), buffer, sizeof(buffer)),
- (unsigned int) i, gnutls_alert_get_name (i));
- }
- printf ("@end multitable\n");
-
- }
+ {
+ size_t i;
+ const char *name;
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+
+ printf
+ ("@multitable @columnfractions .55 .10 .30\n@anchor{tab:alerts}\n");
+ printf("@headitem Alert @tab ID @tab Description\n");
+ for (i = 0; i < 256; i++) {
+ if (gnutls_alert_get_strname(i) == NULL)
+ continue;
+ printf("@item %s\n@tab %d\n@tab %s\n",
+ escape_texi_string(gnutls_alert_get_strname
+ (i), buffer,
+ sizeof(buffer)),
+ (unsigned int) i, gnutls_alert_get_name(i));
+ }
+ printf("@end multitable\n");
+
+ }
}
static const char headers[] = "\\tablefirsthead{%\n"
- "\\hline\n"
- "Alert & ID & Description\\\\\n"
- "\\hline}\n"
+ "\\hline\n" "Alert & ID & Description\\\\\n" "\\hline}\n"
#if 0
- "\\tablehead{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
- "\\hline}\n"
- "\\tabletail{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
- "\\hline}\n"
+ "\\tablehead{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
+ "\\hline}\n"
+ "\\tabletail{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
+ "\\hline}\n"
#endif
- "\\tablelasttail{\\hline}\n"
- "\\bottomcaption{The TLS alert table}\n\n";
+ "\\tablelasttail{\\hline}\n"
+ "\\bottomcaption{The TLS alert table}\n\n";
static void main_latex(void)
{
-int i, j;
-const char* desc;
-const char* _name;
-
-puts( headers);
-
-printf("\\begin{supertabular}{|p{.50\\linewidth}|p{.07\\linewidth}|p{.34\\linewidth}|}\n\\label{tab:alerts}\n");
-
- {
- size_t i;
- const char *name;
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- for (i = 0; i<256;i++)
- {
- if (gnutls_alert_get_strname(i)==NULL) continue;
- printf ("{\\small{%s}} & \\code{%d} & %s",
- escape_string(gnutls_alert_get_strname(i), buffer, sizeof(buffer)),
- (unsigned int) i, gnutls_alert_get_name (i));
- printf( "\\\\\n");
- }
-
- printf("\\end{supertabular}\n\n");
-
- }
-
-return;
+ int i, j;
+ const char *desc;
+ const char *_name;
+
+ puts(headers);
+
+ printf
+ ("\\begin{supertabular}{|p{.50\\linewidth}|p{.07\\linewidth}|p{.34\\linewidth}|}\n\\label{tab:alerts}\n");
+
+ {
+ size_t i;
+ const char *name;
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+
+ for (i = 0; i < 256; i++) {
+ if (gnutls_alert_get_strname(i) == NULL)
+ continue;
+ printf("{\\small{%s}} & \\code{%d} & %s",
+ escape_string(gnutls_alert_get_strname(i),
+ buffer, sizeof(buffer)),
+ (unsigned int) i, gnutls_alert_get_name(i));
+ printf("\\\\\n");
+ }
+
+ printf("\\end{supertabular}\n\n");
+
+ }
+
+ return;
}
diff --git a/doc/common.c b/doc/common.c
index 4ceaff80cb..492f9b969e 100644
--- a/doc/common.c
+++ b/doc/common.c
@@ -1,47 +1,47 @@
-char* escape_string( const char* str, char* buffer, int buffer_size)
+char *escape_string(const char *str, char *buffer, int buffer_size)
{
-int i = 0, j = 0;
+ int i = 0, j = 0;
-while( str[i] != 0 && j <buffer_size - 1) {
- if (str[i]=='_') {
- buffer[j++] = '\\';
- buffer[j++] = '_';
- buffer[j++] = '\\';
- buffer[j++] = '-';
- } else if (str[i]=='#') {
- buffer[j++] = '\\';
- buffer[j++] = '#';
- } else {
- buffer[j++] = str[i];
- }
- i++;
-};
+ while (str[i] != 0 && j < buffer_size - 1) {
+ if (str[i] == '_') {
+ buffer[j++] = '\\';
+ buffer[j++] = '_';
+ buffer[j++] = '\\';
+ buffer[j++] = '-';
+ } else if (str[i] == '#') {
+ buffer[j++] = '\\';
+ buffer[j++] = '#';
+ } else {
+ buffer[j++] = str[i];
+ }
+ i++;
+ };
-buffer[j] = 0;
+ buffer[j] = 0;
-return buffer;
+ return buffer;
}
-char* escape_texi_string( const char* str, char* buffer, int buffer_size)
+char *escape_texi_string(const char *str, char *buffer, int buffer_size)
{
-int i = 0, j = 0;
+ int i = 0, j = 0;
-while( str[i] != 0 && j <buffer_size - 1) {
- if (str[i]=='_') {
- buffer[j++] = '_';
- buffer[j++] = '@';
- buffer[j++] = '-';
- } else {
- buffer[j++] = str[i];
- }
- i++;
-};
+ while (str[i] != 0 && j < buffer_size - 1) {
+ if (str[i] == '_') {
+ buffer[j++] = '_';
+ buffer[j++] = '@';
+ buffer[j++] = '-';
+ } else {
+ buffer[j++] = str[i];
+ }
+ i++;
+ };
-buffer[j] = 0;
+ buffer[j] = 0;
-return buffer;
+ return buffer;
}
diff --git a/doc/common.h b/doc/common.h
index 2338a39ccd..85fd78e7fa 100644
--- a/doc/common.h
+++ b/doc/common.h
@@ -1,2 +1,2 @@
-char* escape_string( const char* str, char* buffer, int buffer_size);
-char* escape_texi_string( const char* str, char* buffer, int buffer_size);
+char *escape_string(const char *str, char *buffer, int buffer_size);
+char *escape_texi_string(const char *str, char *buffer, int buffer_size);
diff --git a/doc/errcodes.c b/doc/errcodes.c
index 93f3a63a25..defee3a19c 100644
--- a/doc/errcodes.c
+++ b/doc/errcodes.c
@@ -29,126 +29,129 @@
#include "common.h"
static void main_latex(void);
-static int main_texinfo (void);
+static int main_texinfo(void);
#define MAX_CODES 600
-typedef struct
-{
- char name[128];
- int error_index;
+typedef struct {
+ char name[128];
+ int error_index;
} error_name;
-static int
-compar (const void *_n1, const void *_n2)
+static int compar(const void *_n1, const void *_n2)
{
- const error_name *n1 = (const error_name *) _n1,
- *n2 = (const error_name *) _n2;
- return strcmp (n1->name, n2->name);
+ const error_name *n1 = (const error_name *) _n1,
+ *n2 = (const error_name *) _n2;
+ return strcmp(n1->name, n2->name);
}
static const char headers[] = "\\tablefirsthead{%\n"
- "\\hline\n"
- "\\multicolumn{1}{|c}{Code} &\n"
- "\\multicolumn{1}{c}{Name} &\n"
- "\\multicolumn{1}{c|}{Description} \\\\\n"
- "\\hline}\n"
+ "\\hline\n"
+ "\\multicolumn{1}{|c}{Code} &\n"
+ "\\multicolumn{1}{c}{Name} &\n"
+ "\\multicolumn{1}{c|}{Description} \\\\\n" "\\hline}\n"
#if 0
- "\\tablehead{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
- "\\hline}\n"
- "\\tabletail{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
- "\\hline}\n"
+ "\\tablehead{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
+ "\\hline}\n"
+ "\\tabletail{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
+ "\\hline}\n"
#endif
- "\\tablelasttail{\\hline}\n"
- "\\bottomcaption{The error codes table}\n\n";
+ "\\tablelasttail{\\hline}\n"
+ "\\bottomcaption{The error codes table}\n\n";
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- if (argc > 1)
- main_latex();
- else
- main_texinfo();
-
- return 0;
+ if (argc > 1)
+ main_latex();
+ else
+ main_texinfo();
+
+ return 0;
}
-static int main_texinfo (void)
+static int main_texinfo(void)
{
- int i, j;
- const char *desc;
- const char *_name;
- char buffer[500];
- error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
+ int i, j;
+ const char *desc;
+ const char *_name;
+ char buffer[500];
+ error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
- printf ("@multitable @columnfractions .15 .40 .37\n");
+ printf("@multitable @columnfractions .15 .40 .37\n");
- memset (names_to_sort, 0, sizeof (names_to_sort));
- j = 0;
- for (i = 0; i > -MAX_CODES; i--)
- {
- _name = gnutls_strerror_name (i);
- if (_name == NULL)
- continue;
+ memset(names_to_sort, 0, sizeof(names_to_sort));
+ j = 0;
+ for (i = 0; i > -MAX_CODES; i--) {
+ _name = gnutls_strerror_name(i);
+ if (_name == NULL)
+ continue;
- desc = gnutls_strerror (i);
+ desc = gnutls_strerror(i);
- printf ("@item %d @tab %s @tab %s\n", i, escape_texi_string(_name, buffer,sizeof(buffer)), desc);
+ printf("@item %d @tab %s @tab %s\n", i,
+ escape_texi_string(_name, buffer, sizeof(buffer)),
+ desc);
- strcpy (names_to_sort[j].name, _name);
- names_to_sort[j].error_index = i;
- j++;
- }
+ strcpy(names_to_sort[j].name, _name);
+ names_to_sort[j].error_index = i;
+ j++;
+ }
- printf ("@end multitable\n");
+ printf("@end multitable\n");
- return 0;
+ return 0;
}
static void main_latex(void)
{
-int i, j;
-static char buffer1[500];
-static char buffer2[500];
-const char* desc;
-const char* _name;
-error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
-
-puts( headers);
-
-printf("\\begin{supertabular}{|p{.05\\linewidth}|p{.40\\linewidth}|p{.45\\linewidth}|}\n");
-
-memset( names_to_sort, 0, sizeof(names_to_sort));
-j=0;
-for (i=0;i>-MAX_CODES;i--)
-{
- _name = gnutls_strerror_name(i);
- if ( _name == NULL) continue;
-
- strcpy( names_to_sort[j].name, _name);
- names_to_sort[j].error_index = i;
- j++;
-}
+ int i, j;
+ static char buffer1[500];
+ static char buffer2[500];
+ const char *desc;
+ const char *_name;
+ error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
+
+ puts(headers);
+
+ printf
+ ("\\begin{supertabular}{|p{.05\\linewidth}|p{.40\\linewidth}|p{.45\\linewidth}|}\n");
+
+ memset(names_to_sort, 0, sizeof(names_to_sort));
+ j = 0;
+ for (i = 0; i > -MAX_CODES; i--) {
+ _name = gnutls_strerror_name(i);
+ if (_name == NULL)
+ continue;
+
+ strcpy(names_to_sort[j].name, _name);
+ names_to_sort[j].error_index = i;
+ j++;
+ }
//qsort( names_to_sort, j, sizeof(error_name), compar);
-for (i=0;i<j;i++)
-{
- _name = names_to_sort[i].name;
- desc = gnutls_strerror( names_to_sort[i].error_index);
- if (desc == NULL || _name == NULL) continue;
+ for (i = 0; i < j; i++) {
+ _name = names_to_sort[i].name;
+ desc = gnutls_strerror(names_to_sort[i].error_index);
+ if (desc == NULL || _name == NULL)
+ continue;
- printf( "%d & {\\scriptsize{%s}} & %s", names_to_sort[i].error_index, escape_string(_name, buffer1, sizeof(buffer1)), escape_string(desc, buffer2, sizeof(buffer2)));
- printf( "\\\\\n");
-}
+ printf("%d & {\\scriptsize{%s}} & %s",
+ names_to_sort[i].error_index, escape_string(_name,
+ buffer1,
+ sizeof
+ (buffer1)),
+ escape_string(desc, buffer2, sizeof(buffer2)));
+ printf("\\\\\n");
+ }
-printf("\\end{supertabular}\n\n");
+ printf("\\end{supertabular}\n\n");
-return;
+ return;
}
diff --git a/doc/examples/ex-alert.c b/doc/examples/ex-alert.c
index 6bc14562fe..868771a681 100644
--- a/doc/examples/ex-alert.c
+++ b/doc/examples/ex-alert.c
@@ -14,25 +14,23 @@
* a gnutls function (recv/send), is an alert, and will print
* that alert.
*/
-void
-check_alert (gnutls_session_t session, int ret)
+void check_alert(gnutls_session_t session, int ret)
{
- int last_alert;
+ int last_alert;
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
- || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- {
- last_alert = gnutls_alert_get (session);
+ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+ || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+ last_alert = gnutls_alert_get(session);
- /* The check for renegotiation is only useful if we are
- * a server, and we had requested a rehandshake.
- */
- if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
- ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
- printf ("* Received NO_RENEGOTIATION alert. "
- "Client Does not support renegotiation.\n");
- else
- printf ("* Received alert '%d': %s.\n", last_alert,
- gnutls_alert_get_name (last_alert));
- }
+ /* The check for renegotiation is only useful if we are
+ * a server, and we had requested a rehandshake.
+ */
+ if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
+ printf("* Received NO_RENEGOTIATION alert. "
+ "Client Does not support renegotiation.\n");
+ else
+ printf("* Received alert '%d': %s.\n", last_alert,
+ gnutls_alert_get_name(last_alert));
+ }
}
diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c
index 8e29a2586f..aa76662ccf 100644
--- a/doc/examples/ex-cert-select-pkcs11.c
+++ b/doc/examples/ex-cert-select-pkcs11.c
@@ -17,7 +17,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <getpass.h> /* for getpass() */
+#include <getpass.h> /* for getpass() */
/* A TLS client that loads the certificate and key.
*/
@@ -36,138 +36,131 @@
#define CERT_URL "pkcs11:manufacturer=SomeManufacturer;object=Certificate;" \
"objecttype=cert;id=db%5b%3e%b5%72%33"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
static int
-pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max)
+pin_callback(void *user, int attempt, const char *token_url,
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max)
{
- const char *password;
- int len;
-
- printf ("PIN required for token '%s' with URL '%s'\n", token_label,
- token_url);
- if (flags & GNUTLS_PIN_FINAL_TRY)
- printf ("*** This is the final try before locking!\n");
- if (flags & GNUTLS_PIN_COUNT_LOW)
- printf ("*** Only few tries left before locking!\n");
- if (flags & GNUTLS_PIN_WRONG)
- printf ("*** Wrong PIN\n");
-
- password = getpass ("Enter pin: ");
- if (password == NULL || password[0] == 0)
- {
- fprintf (stderr, "No password given\n");
- exit (1);
- }
-
- len = MIN (pin_max-1, strlen (password));
- memcpy (pin, password, len);
- pin[len] = 0;
-
- return 0;
+ const char *password;
+ int len;
+
+ printf("PIN required for token '%s' with URL '%s'\n", token_label,
+ token_url);
+ if (flags & GNUTLS_PIN_FINAL_TRY)
+ printf("*** This is the final try before locking!\n");
+ if (flags & GNUTLS_PIN_COUNT_LOW)
+ printf("*** Only few tries left before locking!\n");
+ if (flags & GNUTLS_PIN_WRONG)
+ printf("*** Wrong PIN\n");
+
+ password = getpass("Enter pin: ");
+ if (password == NULL || password[0] == 0) {
+ fprintf(stderr, "No password given\n");
+ exit(1);
+ }
+
+ len = MIN(pin_max - 1, strlen(password));
+ memcpy(pin, password, len);
+ pin[len] = 0;
+
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- gnutls_priority_t priorities_cache;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
- /* Allow connections to servers that have OpenPGP keys as well.
- */
-
- gnutls_global_init ();
- /* PKCS11 private key operations might require PIN.
- * Register a callback.
- */
- gnutls_pkcs11_set_pin_function (pin_callback, NULL);
-
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* priorities */
- gnutls_priority_init (&priorities_cache, "NORMAL", NULL);
-
- /* sets the trusted cas file
- */
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_key_file (xcred, CERT_URL, KEY_URL, GNUTLS_X509_FMT_DER);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set (session, priorities_cache);
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- /* connect to the peer
- */
- sd = tcp_connect ();
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
-end:
-
- tcp_close (sd);
-
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (xcred);
- gnutls_priority_deinit (priorities_cache);
-
- gnutls_global_deinit ();
-
- return 0;
+ int ret, sd, ii;
+ gnutls_session_t session;
+ gnutls_priority_t priorities_cache;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+ /* Allow connections to servers that have OpenPGP keys as well.
+ */
+
+ gnutls_global_init();
+ /* PKCS11 private key operations might require PIN.
+ * Register a callback.
+ */
+ gnutls_pkcs11_set_pin_function(pin_callback, NULL);
+
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* priorities */
+ gnutls_priority_init(&priorities_cache, "NORMAL", NULL);
+
+ /* sets the trusted cas file
+ */
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_key_file(xcred, CERT_URL, KEY_URL,
+ GNUTLS_X509_FMT_DER);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set(session, priorities_cache);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ tcp_close(sd);
+
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(xcred);
+ gnutls_priority_deinit(priorities_cache);
+
+ gnutls_global_deinit();
+
+ return 0;
}
diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c
index 6e12a8d3a1..99cd126d91 100644
--- a/doc/examples/ex-cert-select.c
+++ b/doc/examples/ex-cert-select.c
@@ -28,163 +28,155 @@
#define KEY_FILE "key.pem"
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
static int
-cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_pcert_st ** pcert,
- unsigned int *pcert_length, gnutls_privkey_t * pkey);
+cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_pcert_st ** pcert,
+ unsigned int *pcert_length, gnutls_privkey_t * pkey);
gnutls_pcert_st pcrt;
gnutls_privkey_t key;
/* Load the certificate and the private key.
*/
-static void
-load_keys (void)
+static void load_keys(void)
{
- int ret;
- gnutls_datum_t data;
-
- ret = gnutls_load_file (CERT_FILE, &data);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading certificate file.\n");
- exit (1);
- }
-
- ret = gnutls_pcert_import_x509_raw (&pcrt, &data, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading certificate file: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_free(data.data);
-
- ret = gnutls_load_file (KEY_FILE, &data);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading key file.\n");
- exit (1);
- }
-
- gnutls_privkey_init (&key);
-
- ret = gnutls_privkey_import_x509_raw (key, &data, GNUTLS_X509_FMT_PEM, NULL, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading key file: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_free(data.data);
+ int ret;
+ gnutls_datum_t data;
+
+ ret = gnutls_load_file(CERT_FILE, &data);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error loading certificate file.\n");
+ exit(1);
+ }
+
+ ret =
+ gnutls_pcert_import_x509_raw(&pcrt, &data, GNUTLS_X509_FMT_PEM,
+ 0);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error loading certificate file: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(data.data);
+
+ ret = gnutls_load_file(KEY_FILE, &data);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error loading key file.\n");
+ exit(1);
+ }
+
+ gnutls_privkey_init(&key);
+
+ ret =
+ gnutls_privkey_import_x509_raw(key, &data, GNUTLS_X509_FMT_PEM,
+ NULL, 0);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error loading key file: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(data.data);
}
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- gnutls_priority_t priorities_cache;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
- /* Allow connections to servers that have OpenPGP keys as well.
- */
+ int ret, sd, ii;
+ gnutls_session_t session;
+ gnutls_priority_t priorities_cache;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+ /* Allow connections to servers that have OpenPGP keys as well.
+ */
- gnutls_global_init ();
+ gnutls_global_init();
- load_keys ();
+ load_keys();
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
- /* priorities */
- gnutls_priority_init (&priorities_cache, "NORMAL", NULL);
+ /* priorities */
+ gnutls_priority_init(&priorities_cache, "NORMAL", NULL);
- /* sets the trusted cas file
- */
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
+ /* sets the trusted cas file
+ */
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_retrieve_function2 (xcred, cert_callback);
+ gnutls_certificate_set_retrieve_function2(xcred, cert_callback);
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
- /* Use default priorities */
- gnutls_priority_set (session, priorities_cache);
+ /* Use default priorities */
+ gnutls_priority_set(session, priorities_cache);
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- /* connect to the peer
- */
- sd = tcp_connect ();
+ /* connect to the peer
+ */
+ sd = tcp_connect();
- gnutls_transport_set_int (session, sd);
+ gnutls_transport_set_int(session, sd);
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
- gnutls_record_send (session, MSG, strlen (MSG));
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
+ gnutls_record_send(session, MSG, strlen(MSG));
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
-end:
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
- tcp_close (sd);
+ end:
- gnutls_deinit (session);
+ tcp_close(sd);
- gnutls_certificate_free_credentials (xcred);
- gnutls_priority_deinit (priorities_cache);
+ gnutls_deinit(session);
- gnutls_global_deinit ();
+ gnutls_certificate_free_credentials(xcred);
+ gnutls_priority_deinit(priorities_cache);
- return 0;
+ gnutls_global_deinit();
+
+ return 0;
}
@@ -195,52 +187,48 @@ end:
*/
static int
-cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_pcert_st ** pcert,
- unsigned int *pcert_length, gnutls_privkey_t * pkey)
+cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_pcert_st ** pcert,
+ unsigned int *pcert_length, gnutls_privkey_t * pkey)
{
- char issuer_dn[256];
- int i, ret;
- size_t len;
- gnutls_certificate_type_t type;
-
- /* Print the server's trusted CAs
- */
- if (nreqs > 0)
- printf ("- Server's trusted authorities:\n");
- else
- printf ("- Server did not send us any trusted authorities names.\n");
-
- /* print the names (if any) */
- for (i = 0; i < nreqs; i++)
- {
- len = sizeof (issuer_dn);
- ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
- if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
+ char issuer_dn[256];
+ int i, ret;
+ size_t len;
+ gnutls_certificate_type_t type;
+
+ /* Print the server's trusted CAs
+ */
+ if (nreqs > 0)
+ printf("- Server's trusted authorities:\n");
+ else
+ printf
+ ("- Server did not send us any trusted authorities names.\n");
+
+ /* print the names (if any) */
+ for (i = 0; i < nreqs; i++) {
+ len = sizeof(issuer_dn);
+ ret = gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn, &len);
+ if (ret >= 0) {
+ printf(" [%d]: ", i);
+ printf("%s\n", issuer_dn);
+ }
+ }
+
+ /* Select a certificate and return it.
+ * The certificate must be of any of the "sign algorithms"
+ * supported by the server.
+ */
+ type = gnutls_certificate_type_get(session);
+ if (type == GNUTLS_CRT_X509) {
+ *pcert_length = 1;
+ *pcert = &pcrt;
+ *pkey = key;
+ } else {
+ return -1;
}
- }
-
- /* Select a certificate and return it.
- * The certificate must be of any of the "sign algorithms"
- * supported by the server.
- */
- type = gnutls_certificate_type_get (session);
- if (type == GNUTLS_CRT_X509)
- {
- *pcert_length = 1;
- *pcert = &pcrt;
- *pkey = key;
- }
- else
- {
- return -1;
- }
-
- return 0;
+
+ return 0;
}
diff --git a/doc/examples/ex-client-anon.c b/doc/examples/ex-client-anon.c
index 4cb804e65d..e86e9302f5 100644
--- a/doc/examples/ex-client-anon.c
+++ b/doc/examples/ex-client-anon.c
@@ -19,103 +19,93 @@
#define MAX_BUF 1024
#define MSG "GET / HTTP/1.0\r\n\r\n"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- gnutls_global_init ();
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-ECDH:+ANON-DH",
- NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- /* connect to the peer
- */
- sd = tcp_connect ();
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ gnutls_global_init();
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "PERFORMANCE:+ANON-ECDH:+ANON-DH",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
-end:
+ end:
- tcp_close (sd);
+ tcp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_anon_free_client_credentials (anoncred);
+ gnutls_anon_free_client_credentials(anoncred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-dtls.c b/doc/examples/ex-client-dtls.c
index 9b8fd98c21..cb9375d2ab 100644
--- a/doc/examples/ex-client-dtls.c
+++ b/doc/examples/ex-client-dtls.c
@@ -21,121 +21,110 @@
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
-extern int udp_connect (void);
-extern void udp_close (int sd);
-extern int verify_certificate_callback (gnutls_session_t session);
+extern int udp_connect(void);
+extern void udp_close(int sd);
+extern int verify_certificate_callback(gnutls_session_t session);
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- const char *err;
- gnutls_certificate_credentials_t xcred;
-
- gnutls_global_init ();
-
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* sets the trusted cas file */
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_verify_function (xcred, verify_certificate_callback);
-
- /* Initialize TLS session */
- gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
-
- /* Use default priorities */
- ret = gnutls_priority_set_direct (session, "NORMAL", &err);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ const char *err;
+ gnutls_certificate_credentials_t xcred;
+
+ gnutls_global_init();
+
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* sets the trusted cas file */
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_verify_function(xcred,
+ verify_certificate_callback);
+
+ /* Initialize TLS session */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+
+ /* Use default priorities */
+ ret = gnutls_priority_set_direct(session, "NORMAL", &err);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ }
+ exit(1);
}
- exit (1);
- }
-
- /* put the x509 credentials to the current session */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name",
- strlen("my_host_name"));
-
- /* connect to the peer */
- sd = udp_connect ();
-
- gnutls_transport_set_int (session, sd);
-
- /* set the connection MTU */
- gnutls_dtls_set_mtu (session, 1000);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
- /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET */
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+
+ /* put the x509 credentials to the current session */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name",
+ strlen("my_host_name"));
+
+ /* connect to the peer */
+ sd = udp_connect();
+
+ gnutls_transport_set_int(session, sd);
+
+ /* set the connection MTU */
+ gnutls_dtls_set_mtu(session, 1000);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
+ /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET */
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS
- * connections because the peer's closure message might
- * be lost */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS
+ * connections because the peer's closure message might
+ * be lost */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
-end:
+ end:
- udp_close (sd);
+ udp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_certificate_free_credentials (xcred);
+ gnutls_certificate_free_credentials(xcred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c
index 60da53e66b..63a24a7247 100644
--- a/doc/examples/ex-client-psk.c
+++ b/doc/examples/ex-client-psk.c
@@ -19,113 +19,103 @@
#define MAX_BUF 1024
#define MSG "GET / HTTP/1.0\r\n\r\n"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- const char *err;
- gnutls_psk_client_credentials_t pskcred;
- const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
-
- gnutls_global_init ();
-
- gnutls_psk_allocate_client_credentials (&pskcred);
- gnutls_psk_set_client_credentials (pskcred, "test", &key,
- GNUTLS_PSK_KEY_HEX);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- ret = gnutls_priority_set_direct (session, "PERFORMANCE:+ECDHE-PSK:+DHE-PSK:+PSK", &err);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ const char *err;
+ gnutls_psk_client_credentials_t pskcred;
+ const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
+
+ gnutls_global_init();
+
+ gnutls_psk_allocate_client_credentials(&pskcred);
+ gnutls_psk_set_client_credentials(pskcred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ ret =
+ gnutls_priority_set_direct(session,
+ "PERFORMANCE:+ECDHE-PSK:+DHE-PSK:+PSK",
+ &err);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ }
+ exit(1);
}
- exit (1);
- }
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, pskcred);
-
- /* connect to the peer
- */
- sd = tcp_connect ();
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
-end:
+ end:
- tcp_close (sd);
+ tcp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_psk_free_client_credentials (pskcred);
+ gnutls_psk_free_client_credentials(pskcred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c
index 1842c5e7a1..218cc4447a 100644
--- a/doc/examples/ex-client-resume.c
+++ b/doc/examples/ex-client-resume.c
@@ -11,145 +11,136 @@
/* Those functions are defined in other examples.
*/
-extern void check_alert (gnutls_session_t session, int ret);
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern void check_alert(gnutls_session_t session, int ret);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
#define MAX_BUF 1024
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
-int
-main (void)
+int main(void)
{
- int ret;
- int sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
-
- /* variables used in session resuming
- */
- int t;
- char *session_data = NULL;
- size_t session_data_size = 0;
-
- gnutls_global_init ();
-
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
-
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
-
- for (t = 0; t < 2; t++)
- { /* connect 2 times to the server */
-
- sd = tcp_connect ();
-
- gnutls_init (&session, GNUTLS_CLIENT);
-
- gnutls_priority_set_direct (session, "PERFORMANCE:!ARCFOUR-128", NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- if (t > 0)
- {
- /* if this is not the first time we connect */
- gnutls_session_set_data (session, session_data, session_data_size);
- free (session_data);
- }
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- printf ("- Handshake was completed\n");
- }
-
- if (t == 0)
- { /* the first time we connect */
- /* get the session data size */
- gnutls_session_get_data (session, NULL, &session_data_size);
- session_data = malloc (session_data_size);
-
- /* put session data to the session variable */
- gnutls_session_get_data (session, session_data, &session_data_size);
-
- }
- else
- { /* the second time we connect */
-
- /* check if we actually resumed the previous session */
- if (gnutls_session_is_resumed (session) != 0)
- {
- printf ("- Previous session was resumed\n");
- }
- else
- {
- fprintf (stderr, "*** Previous session was NOT resumed\n");
- }
- }
-
- /* This function was defined in a previous example
- */
- /* print_info(session); */
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
- end:
-
- tcp_close (sd);
-
- gnutls_deinit (session);
-
- } /* for() */
-
- gnutls_certificate_free_credentials (xcred);
-
- gnutls_global_deinit ();
-
- return 0;
+ int ret;
+ int sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+
+ /* variables used in session resuming
+ */
+ int t;
+ char *session_data = NULL;
+ size_t session_data_size = 0;
+
+ gnutls_global_init();
+
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ for (t = 0; t < 2; t++) { /* connect 2 times to the server */
+
+ sd = tcp_connect();
+
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ gnutls_priority_set_direct(session,
+ "PERFORMANCE:!ARCFOUR-128",
+ NULL);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ xcred);
+
+ if (t > 0) {
+ /* if this is not the first time we connect */
+ gnutls_session_set_data(session, session_data,
+ session_data_size);
+ free(session_data);
+ }
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ printf("- Handshake was completed\n");
+ }
+
+ if (t == 0) { /* the first time we connect */
+ /* get the session data size */
+ gnutls_session_get_data(session, NULL,
+ &session_data_size);
+ session_data = malloc(session_data_size);
+
+ /* put session data to the session variable */
+ gnutls_session_get_data(session, session_data,
+ &session_data_size);
+
+ } else { /* the second time we connect */
+
+ /* check if we actually resumed the previous session */
+ if (gnutls_session_is_resumed(session) != 0) {
+ printf("- Previous session was resumed\n");
+ } else {
+ fprintf(stderr,
+ "*** Previous session was NOT resumed\n");
+ }
+ }
+
+ /* This function was defined in a previous example
+ */
+ /* print_info(session); */
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n",
+ gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ tcp_close(sd);
+
+ gnutls_deinit(session);
+
+ } /* for() */
+
+ gnutls_certificate_free_credentials(xcred);
+
+ gnutls_global_deinit();
+
+ return 0;
}
diff --git a/doc/examples/ex-client-srp.c b/doc/examples/ex-client-srp.c
index e828eb8eaa..722b79a0ae 100644
--- a/doc/examples/ex-client-srp.c
+++ b/doc/examples/ex-client-srp.c
@@ -11,9 +11,9 @@
/* Those functions are defined in other examples.
*/
-extern void check_alert (gnutls_session_t session, int ret);
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern void check_alert(gnutls_session_t session, int ret);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
#define MAX_BUF 1024
#define USERNAME "user"
@@ -21,109 +21,101 @@ extern void tcp_close (int sd);
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
-int
-main (void)
+int main(void)
{
- int ret;
- int sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_srp_client_credentials_t srp_cred;
- gnutls_certificate_credentials_t cert_cred;
-
- gnutls_global_init ();
-
- gnutls_srp_allocate_client_credentials (&srp_cred);
- gnutls_certificate_allocate_credentials (&cert_cred);
-
- gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
- gnutls_srp_set_client_credentials (srp_cred, USERNAME, PASSWORD);
-
- /* connects to server
- */
- sd = tcp_connect ();
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
-
- /* Set the priorities.
- */
- gnutls_priority_set_direct (session, "NORMAL:+SRP:+SRP-RSA:+SRP-DSS", NULL);
-
- /* put the SRP credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (gnutls_error_is_fatal (ret) != 0 || ret == 0)
- {
- if (ret == 0)
- {
- printf ("- Peer has closed the GnuTLS connection\n");
- goto end;
+ int ret;
+ int sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_srp_client_credentials_t srp_cred;
+ gnutls_certificate_credentials_t cert_cred;
+
+ gnutls_global_init();
+
+ gnutls_srp_allocate_client_credentials(&srp_cred);
+ gnutls_certificate_allocate_credentials(&cert_cred);
+
+ gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_srp_set_client_credentials(srp_cred, USERNAME, PASSWORD);
+
+ /* connects to server
+ */
+ sd = tcp_connect();
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+
+ /* Set the priorities.
+ */
+ gnutls_priority_set_direct(session,
+ "NORMAL:+SRP:+SRP-RSA:+SRP-DSS", NULL);
+
+ /* put the SRP credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred);
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
}
- else
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
}
- }
- else
- check_alert (session, ret);
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (gnutls_error_is_fatal(ret) != 0 || ret == 0) {
+ if (ret == 0) {
+ printf
+ ("- Peer has closed the GnuTLS connection\n");
+ goto end;
+ } else {
+ fprintf(stderr, "*** Error: %s\n",
+ gnutls_strerror(ret));
+ goto end;
+ }
+ } else
+ check_alert(session, ret);
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
-end:
+ end:
- tcp_close (sd);
+ tcp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_srp_free_client_credentials (srp_cred);
- gnutls_certificate_free_credentials (cert_cred);
+ gnutls_srp_free_client_credentials(srp_cred);
+ gnutls_certificate_free_credentials(cert_cred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c
index bf8ae6bbef..4d1753ae7f 100644
--- a/doc/examples/ex-client-x509.c
+++ b/doc/examples/ex-client-x509.c
@@ -20,173 +20,161 @@
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
-static int _verify_certificate_callback (gnutls_session_t session);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
+static int _verify_certificate_callback(gnutls_session_t session);
-int main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- const char *err;
- gnutls_certificate_credentials_t xcred;
-
- gnutls_global_init ();
-
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* sets the trusted cas file
- */
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_verify_function (xcred, _verify_certificate_callback);
-
- /* If client holds a certificate it can be set using the following:
- *
- gnutls_certificate_set_x509_key_file (xcred,
- "cert.pem", "key.pem",
- GNUTLS_X509_FMT_PEM);
- */
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- gnutls_session_set_ptr (session, (void *) "my_host_name");
-
- gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name",
- strlen("my_host_name"));
-
- /* Use default priorities */
- ret = gnutls_priority_set_direct (session, "NORMAL", &err);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ const char *err;
+ gnutls_certificate_credentials_t xcred;
+
+ gnutls_global_init();
+
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* sets the trusted cas file
+ */
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_verify_function(xcred,
+ _verify_certificate_callback);
+
+ /* If client holds a certificate it can be set using the following:
+ *
+ gnutls_certificate_set_x509_key_file (xcred,
+ "cert.pem", "key.pem",
+ GNUTLS_X509_FMT_PEM);
+ */
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ gnutls_session_set_ptr(session, (void *) "my_host_name");
+
+ gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name",
+ strlen("my_host_name"));
+
+ /* Use default priorities */
+ ret = gnutls_priority_set_direct(session, "NORMAL", &err);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ }
+ exit(1);
}
- exit (1);
- }
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- /* connect to the peer
- */
- sd = tcp_connect ();
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
-end:
+ end:
- tcp_close (sd);
+ tcp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_certificate_free_credentials (xcred);
+ gnutls_certificate_free_credentials(xcred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
/* This function will verify the peer's certificate, and check
* if the hostname matches, as well as the activation, expiration dates.
*/
-static int
-_verify_certificate_callback (gnutls_session_t session)
+static int _verify_certificate_callback(gnutls_session_t session)
{
- unsigned int status;
- int ret, type;
- const char *hostname;
- gnutls_datum_t out;
-
- /* read hostname */
- hostname = gnutls_session_get_ptr (session);
-
- /* This verification function uses the trusted CAs in the credentials
- * structure. So you must have installed one or more CA certificates.
- */
- ret = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- type = gnutls_certificate_type_get (session);
-
- ret = gnutls_certificate_verification_status_print( status, type, &out, 0);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- printf ("%s", out.data);
-
- gnutls_free(out.data);
-
- if (status != 0) /* Certificate is not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
-
- /* notify gnutls to continue handshake normally */
- return 0;
-}
+ unsigned int status;
+ int ret, type;
+ const char *hostname;
+ gnutls_datum_t out;
+
+ /* read hostname */
+ hostname = gnutls_session_get_ptr(session);
+
+ /* This verification function uses the trusted CAs in the credentials
+ * structure. So you must have installed one or more CA certificates.
+ */
+ ret = gnutls_certificate_verify_peers3(session, hostname, &status);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ type = gnutls_certificate_type_get(session);
+
+ ret =
+ gnutls_certificate_verification_status_print(status, type,
+ &out, 0);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+ printf("%s", out.data);
+
+ gnutls_free(out.data);
+
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+
+ /* notify gnutls to continue handshake normally */
+ return 0;
+}
diff --git a/doc/examples/ex-client-xssl1.c b/doc/examples/ex-client-xssl1.c
index f9d77e61c5..a50b4123a8 100644
--- a/doc/examples/ex-client-xssl1.c
+++ b/doc/examples/ex-client-xssl1.c
@@ -15,71 +15,68 @@
* is explicit.
*/
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
-int main (void)
+int main(void)
{
- int ret;
- char *line = NULL;
- size_t line_len;
- xssl_cred_t cred;
- xssl_t sb;
- unsigned int status;
- int fd;
-
- gnutls_global_init ();
-
- fd = tcp_connect ();
-
- ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_SYSTEM_CAS, NULL, 0);
- if (ret < 0)
- exit(1);
-
- /* Initialize TLS session
- */
- ret = xssl_client_init(&sb, "www.example.com", NULL,
- (gnutls_transport_ptr_t)fd,
- NULL, cred, &status, 0);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_AUTH_ERROR)
- {
- gnutls_datum_t txt;
-
- gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509,
- &txt, 0);
-
- fprintf(stderr, "Verification error (%x): %s\n", status, txt.data);
- gnutls_free(txt.data);
- }
- exit(1);
- }
+ int ret;
+ char *line = NULL;
+ size_t line_len;
+ xssl_cred_t cred;
+ xssl_t sb;
+ unsigned int status;
+ int fd;
+
+ gnutls_global_init();
+
+ fd = tcp_connect();
+
+ ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_SYSTEM_CAS, NULL, 0);
+ if (ret < 0)
+ exit(1);
+
+ /* Initialize TLS session
+ */
+ ret = xssl_client_init(&sb, "www.example.com", NULL,
+ (gnutls_transport_ptr_t) fd,
+ NULL, cred, &status, 0);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_AUTH_ERROR) {
+ gnutls_datum_t txt;
+ gnutls_certificate_verification_status_print
+ (status, GNUTLS_CRT_X509, &txt, 0);
+
+ fprintf(stderr, "Verification error (%x): %s\n",
+ status, txt.data);
+ gnutls_free(txt.data);
+ }
+ exit(1);
+ }
#define REQ "GET / HTTP/1.0\r\n"
- ret = xssl_write(sb, REQ, sizeof(REQ)-1);
- if (ret < 0)
- exit(1);
+ ret = xssl_write(sb, REQ, sizeof(REQ) - 1);
+ if (ret < 0)
+ exit(1);
+
+ do {
+ ret = xssl_getline(sb, &line, &line_len);
+ if (ret < 0)
+ exit(1);
+
+ fprintf(stderr, "received: %s\n", line);
+ }
+ while (ret >= 0);
- do
- {
- ret = xssl_getline(sb, &line, &line_len);
- if (ret < 0)
- exit(1);
-
- fprintf(stderr, "received: %s\n", line);
- }
- while (ret >= 0);
+ gnutls_free(line);
- gnutls_free(line);
+ xssl_deinit(sb);
- xssl_deinit(sb);
+ tcp_close(fd);
- tcp_close (fd);
+ xssl_cred_deinit(cred);
- xssl_cred_deinit (cred);
+ gnutls_global_deinit();
- gnutls_global_deinit ();
-
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-xssl2.c b/doc/examples/ex-client-xssl2.c
index d29735ce23..f457f315c4 100644
--- a/doc/examples/ex-client-xssl2.c
+++ b/doc/examples/ex-client-xssl2.c
@@ -15,86 +15,85 @@
* with a fixed CA, and trust on first use.
*/
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
-int main (void)
+int main(void)
{
- int ret;
- char *line = NULL;
- size_t line_len;
- xssl_cred_t cred;
- xssl_t sb;
- gnutls_cinput_st aux[2];
- unsigned aux_size = 0;
- unsigned int status;
- int fd;
-
- gnutls_global_init ();
-
- fd = tcp_connect ();
-
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
- aux[aux_size].contents = GNUTLS_CINPUT_CAS;
- aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
- aux[aux_size].i1.file = "/path/to/ca/file";
- aux_size++;
-
- /* This may be skipped to use the default DB file */
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
- aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB;
- aux[aux_size].i1.file = "/path/to/trust/db/file";
- aux_size++;
-
- ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_GIVEN_CAS|GNUTLS_VMETHOD_TOFU,
- aux, aux_size);
- if (ret < 0)
- exit(1);
-
- /* Initialize TLS session
- */
- ret = xssl_client_init(&sb, "www.example.com", NULL,
- (gnutls_transport_ptr_t)fd,
- NULL, cred, &status, 0);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_AUTH_ERROR)
- {
- gnutls_datum_t txt;
-
- gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509,
- &txt, 0);
-
- fprintf(stderr, "Verification error (%x): %s\n", status, txt.data);
- gnutls_free(txt.data);
+ int ret;
+ char *line = NULL;
+ size_t line_len;
+ xssl_cred_t cred;
+ xssl_t sb;
+ gnutls_cinput_st aux[2];
+ unsigned aux_size = 0;
+ unsigned int status;
+ int fd;
+
+ gnutls_global_init();
+
+ fd = tcp_connect();
+
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
+ aux[aux_size].contents = GNUTLS_CINPUT_CAS;
+ aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
+ aux[aux_size].i1.file = "/path/to/ca/file";
+ aux_size++;
+
+ /* This may be skipped to use the default DB file */
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
+ aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB;
+ aux[aux_size].i1.file = "/path/to/trust/db/file";
+ aux_size++;
+
+ ret =
+ xssl_cred_init(&cred,
+ GNUTLS_VMETHOD_GIVEN_CAS | GNUTLS_VMETHOD_TOFU,
+ aux, aux_size);
+ if (ret < 0)
+ exit(1);
+
+ /* Initialize TLS session
+ */
+ ret = xssl_client_init(&sb, "www.example.com", NULL,
+ (gnutls_transport_ptr_t) fd,
+ NULL, cred, &status, 0);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_AUTH_ERROR) {
+ gnutls_datum_t txt;
+
+ gnutls_certificate_verification_status_print
+ (status, GNUTLS_CRT_X509, &txt, 0);
+
+ fprintf(stderr, "Verification error (%x): %s\n",
+ status, txt.data);
+ gnutls_free(txt.data);
+ }
+ exit(1);
}
- exit(1);
- }
-
#define REQ "GET / HTTP/1.0\r\n"
- ret = xssl_write(sb, REQ, sizeof(REQ)-1);
- if (ret < 0)
- exit(1);
+ ret = xssl_write(sb, REQ, sizeof(REQ) - 1);
+ if (ret < 0)
+ exit(1);
+
+ do {
+ ret = xssl_getline(sb, &line, &line_len);
+ if (ret < 0)
+ exit(1);
+
+ fprintf(stderr, "received: %s\n", line);
+ }
+ while (ret >= 0);
- do
- {
- ret = xssl_getline(sb, &line, &line_len);
- if (ret < 0)
- exit(1);
-
- fprintf(stderr, "received: %s\n", line);
- }
- while (ret >= 0);
+ gnutls_free(line);
- gnutls_free(line);
+ xssl_deinit(sb);
- xssl_deinit(sb);
+ tcp_close(fd);
- tcp_close (fd);
+ xssl_cred_deinit(cred);
- xssl_cred_deinit (cred);
+ gnutls_global_deinit();
- gnutls_global_deinit ();
-
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-crq.c b/doc/examples/ex-crq.c
index f452460eab..448138573a 100644
--- a/doc/examples/ex-crq.c
+++ b/doc/examples/ex-crq.c
@@ -16,72 +16,76 @@
* request.
*/
-int
-main (void)
+int main(void)
{
- gnutls_x509_crq_t crq;
- gnutls_x509_privkey_t key;
- unsigned char buffer[10 * 1024];
- size_t buffer_size = sizeof (buffer);
- unsigned int bits;
+ gnutls_x509_crq_t crq;
+ gnutls_x509_privkey_t key;
+ unsigned char buffer[10 * 1024];
+ size_t buffer_size = sizeof(buffer);
+ unsigned int bits;
- gnutls_global_init ();
+ gnutls_global_init();
- /* Initialize an empty certificate request, and
- * an empty private key.
- */
- gnutls_x509_crq_init (&crq);
+ /* Initialize an empty certificate request, and
+ * an empty private key.
+ */
+ gnutls_x509_crq_init(&crq);
- gnutls_x509_privkey_init (&key);
+ gnutls_x509_privkey_init(&key);
- /* Generate an RSA key of moderate security.
- */
- bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL);
- gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0);
+ /* Generate an RSA key of moderate security.
+ */
+ bits =
+ gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA,
+ GNUTLS_SEC_PARAM_NORMAL);
+ gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, bits, 0);
- /* Add stuff to the distinguished name
- */
- gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME,
- 0, "GR", 2);
+ /* Add stuff to the distinguished name
+ */
+ gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME,
+ 0, "GR", 2);
- gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
- 0, "Nikos", strlen ("Nikos"));
+ gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME,
+ 0, "Nikos", strlen("Nikos"));
- /* Set the request version.
- */
- gnutls_x509_crq_set_version (crq, 1);
+ /* Set the request version.
+ */
+ gnutls_x509_crq_set_version(crq, 1);
- /* Set a challenge password.
- */
- gnutls_x509_crq_set_challenge_password (crq, "something to remember here");
+ /* Set a challenge password.
+ */
+ gnutls_x509_crq_set_challenge_password(crq,
+ "something to remember here");
- /* Associate the request with the private key
- */
- gnutls_x509_crq_set_key (crq, key);
+ /* Associate the request with the private key
+ */
+ gnutls_x509_crq_set_key(crq, key);
- /* Self sign the certificate request.
- */
- gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0);
+ /* Self sign the certificate request.
+ */
+ gnutls_x509_crq_sign2(crq, key, GNUTLS_DIG_SHA1, 0);
- /* Export the PEM encoded certificate request, and
- * display it.
- */
- gnutls_x509_crq_export (crq, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
+ /* Export the PEM encoded certificate request, and
+ * display it.
+ */
+ gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buffer,
+ &buffer_size);
- printf ("Certificate Request: \n%s", buffer);
+ printf("Certificate Request: \n%s", buffer);
- /* Export the PEM encoded private key, and
- * display it.
- */
- buffer_size = sizeof (buffer);
- gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
+ /* Export the PEM encoded private key, and
+ * display it.
+ */
+ buffer_size = sizeof(buffer);
+ gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer,
+ &buffer_size);
- printf ("\n\nPrivate key: \n%s", buffer);
+ printf("\n\nPrivate key: \n%s", buffer);
- gnutls_x509_crq_deinit (crq);
- gnutls_x509_privkey_deinit (key);
+ gnutls_x509_crq_deinit(crq);
+ gnutls_x509_privkey_deinit(key);
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-ocsp-client.c b/doc/examples/ex-ocsp-client.c
index 6373fc24e6..a995c2c81f 100644
--- a/doc/examples/ex-ocsp-client.c
+++ b/doc/examples/ex-ocsp-client.c
@@ -15,16 +15,15 @@
#endif
#include "read-file.h"
-size_t get_data (void *buffer, size_t size, size_t nmemb,
- void *userp);
-static gnutls_x509_crt_t load_cert (const char *cert_file);
-static void _response_info (const gnutls_datum_t * data);
+size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp);
+static gnutls_x509_crt_t load_cert(const char *cert_file);
+static void _response_info(const gnutls_datum_t * data);
static void
-_generate_request (gnutls_datum_t * rdata, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer);
+_generate_request(gnutls_datum_t * rdata, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer);
static int
-_verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t signer);
+_verify_response(gnutls_datum_t * data, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t signer);
/* This program queries an OCSP server.
It expects three files. argv[1] containing the certificate to
@@ -35,282 +34,273 @@ _verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert,
For simplicity the libcurl library is used.
*/
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- gnutls_datum_t ud, tmp;
- int ret;
- gnutls_datum_t req;
- gnutls_x509_crt_t cert, issuer, signer;
+ gnutls_datum_t ud, tmp;
+ int ret;
+ gnutls_datum_t req;
+ gnutls_x509_crt_t cert, issuer, signer;
#ifndef NO_LIBCURL
- CURL *handle;
- struct curl_slist *headers = NULL;
+ CURL *handle;
+ struct curl_slist *headers = NULL;
#endif
- int v, seq;
- const char *cert_file = argv[1];
- const char *issuer_file = argv[2];
- const char *signer_file = argv[3];
- char *hostname = NULL;
-
- gnutls_global_init ();
-
- if (argc > 4)
- hostname = argv[4];
-
- cert = load_cert (cert_file);
- issuer = load_cert (issuer_file);
- signer = load_cert (signer_file);
-
- if (hostname == NULL)
- {
-
- for (seq = 0;; seq++)
- {
- ret = gnutls_x509_crt_get_authority_info_access (cert, seq,
- GNUTLS_IA_OCSP_URI,
- &tmp,
- NULL);
- if (ret == GNUTLS_E_UNKNOWN_ALGORITHM)
- continue;
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- fprintf (stderr,
- "No URI was found in the certificate.\n");
- exit (1);
- }
- if (ret < 0)
- {
- fprintf (stderr, "error: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- printf ("CA issuers URI: %.*s\n", tmp.size, tmp.data);
-
- hostname = malloc (tmp.size + 1);
- memcpy (hostname, tmp.data, tmp.size);
- hostname[tmp.size] = 0;
-
- gnutls_free (tmp.data);
- break;
- }
-
- }
-
- /* Note that the OCSP servers hostname might be available
- * using gnutls_x509_crt_get_authority_info_access() in the issuer's
- * certificate */
-
- memset (&ud, 0, sizeof (ud));
- fprintf (stderr, "Connecting to %s\n", hostname);
-
- _generate_request (&req, cert, issuer);
+ int v, seq;
+ const char *cert_file = argv[1];
+ const char *issuer_file = argv[2];
+ const char *signer_file = argv[3];
+ char *hostname = NULL;
+
+ gnutls_global_init();
+
+ if (argc > 4)
+ hostname = argv[4];
+
+ cert = load_cert(cert_file);
+ issuer = load_cert(issuer_file);
+ signer = load_cert(signer_file);
+
+ if (hostname == NULL) {
+
+ for (seq = 0;; seq++) {
+ ret =
+ gnutls_x509_crt_get_authority_info_access(cert,
+ seq,
+ GNUTLS_IA_OCSP_URI,
+ &tmp,
+ NULL);
+ if (ret == GNUTLS_E_UNKNOWN_ALGORITHM)
+ continue;
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ fprintf(stderr,
+ "No URI was found in the certificate.\n");
+ exit(1);
+ }
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ printf("CA issuers URI: %.*s\n", tmp.size,
+ tmp.data);
+
+ hostname = malloc(tmp.size + 1);
+ memcpy(hostname, tmp.data, tmp.size);
+ hostname[tmp.size] = 0;
+
+ gnutls_free(tmp.data);
+ break;
+ }
+
+ }
+
+ /* Note that the OCSP servers hostname might be available
+ * using gnutls_x509_crt_get_authority_info_access() in the issuer's
+ * certificate */
+
+ memset(&ud, 0, sizeof(ud));
+ fprintf(stderr, "Connecting to %s\n", hostname);
+
+ _generate_request(&req, cert, issuer);
#ifndef NO_LIBCURL
- curl_global_init (CURL_GLOBAL_ALL);
-
- handle = curl_easy_init ();
- if (handle == NULL)
- exit (1);
-
- headers =
- curl_slist_append (headers,
- "Content-Type: application/ocsp-request");
-
- curl_easy_setopt (handle, CURLOPT_HTTPHEADER, headers);
- curl_easy_setopt (handle, CURLOPT_POSTFIELDS, (void *) req.data);
- curl_easy_setopt (handle, CURLOPT_POSTFIELDSIZE, req.size);
- curl_easy_setopt (handle, CURLOPT_URL, hostname);
- curl_easy_setopt (handle, CURLOPT_WRITEFUNCTION, get_data);
- curl_easy_setopt (handle, CURLOPT_WRITEDATA, &ud);
-
- ret = curl_easy_perform (handle);
- if (ret != 0)
- {
- fprintf (stderr, "curl[%d] error %d\n", __LINE__, ret);
- exit (1);
- }
-
- curl_easy_cleanup (handle);
+ curl_global_init(CURL_GLOBAL_ALL);
+
+ handle = curl_easy_init();
+ if (handle == NULL)
+ exit(1);
+
+ headers =
+ curl_slist_append(headers,
+ "Content-Type: application/ocsp-request");
+
+ curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers);
+ curl_easy_setopt(handle, CURLOPT_POSTFIELDS, (void *) req.data);
+ curl_easy_setopt(handle, CURLOPT_POSTFIELDSIZE, req.size);
+ curl_easy_setopt(handle, CURLOPT_URL, hostname);
+ curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, get_data);
+ curl_easy_setopt(handle, CURLOPT_WRITEDATA, &ud);
+
+ ret = curl_easy_perform(handle);
+ if (ret != 0) {
+ fprintf(stderr, "curl[%d] error %d\n", __LINE__, ret);
+ exit(1);
+ }
+
+ curl_easy_cleanup(handle);
#endif
- _response_info (&ud);
+ _response_info(&ud);
- v = _verify_response (&ud, cert, signer);
+ v = _verify_response(&ud, cert, signer);
- gnutls_x509_crt_deinit (cert);
- gnutls_x509_crt_deinit (issuer);
- gnutls_x509_crt_deinit (signer);
- gnutls_global_deinit ();
+ gnutls_x509_crt_deinit(cert);
+ gnutls_x509_crt_deinit(issuer);
+ gnutls_x509_crt_deinit(signer);
+ gnutls_global_deinit();
- return v;
+ return v;
}
-static void
-_response_info (const gnutls_datum_t * data)
+static void _response_info(const gnutls_datum_t * data)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- gnutls_datum buf;
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ gnutls_datum buf;
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_FULL, &buf);
- if (ret != 0)
- exit (1);
+ ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &buf);
+ if (ret != 0)
+ exit(1);
- printf ("%.*s", buf.size, buf.data);
- gnutls_free (buf.data);
+ printf("%.*s", buf.size, buf.data);
+ gnutls_free(buf.data);
- gnutls_ocsp_resp_deinit (resp);
+ gnutls_ocsp_resp_deinit(resp);
}
-static gnutls_x509_crt_t
-load_cert (const char *cert_file)
+static gnutls_x509_crt_t load_cert(const char *cert_file)
{
- gnutls_x509_crt_t crt;
- int ret;
- gnutls_datum_t data;
- size_t size;
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- exit (1);
-
- data.data = (void *) read_binary_file (cert_file, &size);
- data.size = size;
-
- if (!data.data)
- {
- fprintf (stderr, "Cannot open file: %s\n", cert_file);
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (crt, &data, GNUTLS_X509_FMT_PEM);
- free (data.data);
- if (ret < 0)
- {
- fprintf (stderr, "Cannot import certificate in %s: %s\n",
- cert_file, gnutls_strerror (ret));
- exit (1);
- }
-
- return crt;
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t data;
+ size_t size;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ exit(1);
+
+ data.data = (void *) read_binary_file(cert_file, &size);
+ data.size = size;
+
+ if (!data.data) {
+ fprintf(stderr, "Cannot open file: %s\n", cert_file);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(crt, &data, GNUTLS_X509_FMT_PEM);
+ free(data.data);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot import certificate in %s: %s\n",
+ cert_file, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return crt;
}
static void
-_generate_request (gnutls_datum_t * rdata, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer)
+_generate_request(gnutls_datum_t * rdata, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer)
{
- gnutls_ocsp_req_t req;
- int ret;
- unsigned char noncebuf[23];
- gnutls_datum_t nonce = { noncebuf, sizeof (noncebuf) };
+ gnutls_ocsp_req_t req;
+ int ret;
+ unsigned char noncebuf[23];
+ gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) };
- ret = gnutls_ocsp_req_init (&req);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_req_init(&req);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_req_add_cert (req, GNUTLS_DIG_SHA1, issuer, cert);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1, issuer, cert);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_rnd (GNUTLS_RND_RANDOM, nonce.data, nonce.size);
- if (ret < 0)
- exit (1);
+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, nonce.data, nonce.size);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_req_set_nonce (req, 0, &nonce);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_req_set_nonce(req, 0, &nonce);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_req_export (req, rdata);
- if (ret != 0)
- exit (1);
+ ret = gnutls_ocsp_req_export(req, rdata);
+ if (ret != 0)
+ exit(1);
- gnutls_ocsp_req_deinit (req);
+ gnutls_ocsp_req_deinit(req);
- return;
+ return;
}
static int
-_verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t signer)
+_verify_response(gnutls_datum_t * data, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t signer)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- unsigned verify;
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ unsigned verify;
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- exit (1);
-
- ret = gnutls_ocsp_resp_check_crt (resp, 0, cert);
- if (ret < 0)
- exit(1);
+ ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_verify_direct (resp, signer, &verify, 0);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_resp_verify_direct(resp, signer, &verify, 0);
+ if (ret < 0)
+ exit(1);
- printf ("Verifying OCSP Response: ");
- if (verify == 0)
- printf ("Verification success!\n");
- else
- printf ("Verification error!\n");
+ printf("Verifying OCSP Response: ");
+ if (verify == 0)
+ printf("Verification success!\n");
+ else
+ printf("Verification error!\n");
- if (verify & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND)
- printf ("Signer cert not found\n");
+ if (verify & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND)
+ printf("Signer cert not found\n");
- if (verify & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR)
- printf ("Signer cert keyusage error\n");
+ if (verify & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR)
+ printf("Signer cert keyusage error\n");
- if (verify & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER)
- printf ("Signer cert is not trusted\n");
+ if (verify & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER)
+ printf("Signer cert is not trusted\n");
- if (verify & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM)
- printf ("Insecure algorithm\n");
+ if (verify & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM)
+ printf("Insecure algorithm\n");
- if (verify & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE)
- printf ("Signature failure\n");
+ if (verify & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE)
+ printf("Signature failure\n");
- if (verify & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED)
- printf ("Signer cert not yet activated\n");
+ if (verify & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED)
+ printf("Signer cert not yet activated\n");
- if (verify & GNUTLS_OCSP_VERIFY_CERT_EXPIRED)
- printf ("Signer cert expired\n");
+ if (verify & GNUTLS_OCSP_VERIFY_CERT_EXPIRED)
+ printf("Signer cert expired\n");
- gnutls_ocsp_resp_deinit (resp);
+ gnutls_ocsp_resp_deinit(resp);
- return verify;
+ return verify;
}
-size_t
-get_data (void *buffer, size_t size, size_t nmemb, void *userp)
+size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp)
{
- gnutls_datum_t *ud = userp;
+ gnutls_datum_t *ud = userp;
- size *= nmemb;
+ size *= nmemb;
- ud->data = realloc (ud->data, size + ud->size);
- if (ud->data == NULL)
- {
- fprintf (stderr, "Not enough memory for the request\n");
- exit (1);
- }
+ ud->data = realloc(ud->data, size + ud->size);
+ if (ud->data == NULL) {
+ fprintf(stderr, "Not enough memory for the request\n");
+ exit(1);
+ }
- memcpy (&ud->data[ud->size], buffer, size);
- ud->size += size;
+ memcpy(&ud->data[ud->size], buffer, size);
+ ud->size += size;
- return size;
+ return size;
}
diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c
index 70849beada..5091161890 100644
--- a/doc/examples/ex-pkcs11-list.c
+++ b/doc/examples/ex-pkcs11-list.c
@@ -8,45 +8,43 @@
#define URL "pkcs11:URL"
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- gnutls_pkcs11_obj_t *obj_list;
- gnutls_x509_crt_t xcrt;
- unsigned int obj_list_size = 0;
- gnutls_datum_t cinfo;
- int ret;
- unsigned int i;
-
- obj_list_size = 0;
- ret = gnutls_pkcs11_obj_list_import_url (NULL, &obj_list_size, URL,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
- 0);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- return -1;
+ gnutls_pkcs11_obj_t *obj_list;
+ gnutls_x509_crt_t xcrt;
+ unsigned int obj_list_size = 0;
+ gnutls_datum_t cinfo;
+ int ret;
+ unsigned int i;
+
+ obj_list_size = 0;
+ ret = gnutls_pkcs11_obj_list_import_url(NULL, &obj_list_size, URL,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
+ 0);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ return -1;
/* no error checking from now on */
- obj_list = malloc (sizeof (*obj_list) * obj_list_size);
+ obj_list = malloc(sizeof(*obj_list) * obj_list_size);
- gnutls_pkcs11_obj_list_import_url (obj_list, &obj_list_size, URL,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
- 0);
+ gnutls_pkcs11_obj_list_import_url(obj_list, &obj_list_size, URL,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
+ 0);
/* now all certificates are in obj_list */
- for (i = 0; i < obj_list_size; i++)
- {
+ for (i = 0; i < obj_list_size; i++) {
- gnutls_x509_crt_init (&xcrt);
+ gnutls_x509_crt_init(&xcrt);
- gnutls_x509_crt_import_pkcs11 (xcrt, obj_list[i]);
+ gnutls_x509_crt_import_pkcs11(xcrt, obj_list[i]);
- gnutls_x509_crt_print (xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo);
+ gnutls_x509_crt_print(xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo);
- fprintf (stdout, "cert[%d]:\n %s\n\n", i, cinfo.data);
+ fprintf(stdout, "cert[%d]:\n %s\n\n", i, cinfo.data);
- gnutls_free (cinfo.data);
- gnutls_x509_crt_deinit (xcrt);
- }
+ gnutls_free(cinfo.data);
+ gnutls_x509_crt_deinit(xcrt);
+ }
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c
index 69e7987618..7890518f94 100644
--- a/doc/examples/ex-pkcs12.c
+++ b/doc/examples/ex-pkcs12.c
@@ -20,115 +20,113 @@
* password: is the password used to encrypt the PKCS #12 packet.
*/
int
-write_pkcs12 (const gnutls_datum_t * cert,
- const gnutls_datum_t * pkcs8_key, const char *password)
+write_pkcs12(const gnutls_datum_t * cert,
+ const gnutls_datum_t * pkcs8_key, const char *password)
{
- gnutls_pkcs12_t pkcs12;
- int ret, bag_index;
- gnutls_pkcs12_bag_t bag, key_bag;
- char pkcs12_struct[10 * 1024];
- size_t pkcs12_struct_size;
- FILE *fd;
-
- /* A good idea might be to use gnutls_x509_privkey_get_key_id()
- * to obtain a unique ID.
- */
- gnutls_datum_t key_id = { (void *) "\x00\x00\x07", 3 };
-
- gnutls_global_init ();
-
- /* Firstly we create two helper bags, which hold the certificate,
- * and the (encrypted) key.
- */
-
- gnutls_pkcs12_bag_init (&bag);
- gnutls_pkcs12_bag_init (&key_bag);
-
- ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CERTIFICATE, cert);
- if (ret < 0)
- {
- fprintf (stderr, "ret: %s\n", gnutls_strerror (ret));
- return 1;
- }
-
- /* ret now holds the bag's index.
- */
- bag_index = ret;
-
- /* Associate a friendly name with the given certificate. Used
- * by browsers.
- */
- gnutls_pkcs12_bag_set_friendly_name (bag, bag_index, "My name");
-
- /* Associate the certificate with the key using a unique key
- * ID.
- */
- gnutls_pkcs12_bag_set_key_id (bag, bag_index, &key_id);
-
- /* use weak encryption for the certificate.
- */
- gnutls_pkcs12_bag_encrypt (bag, password, GNUTLS_PKCS_USE_PKCS12_RC2_40);
-
- /* Now the key.
- */
-
- ret = gnutls_pkcs12_bag_set_data (key_bag,
- GNUTLS_BAG_PKCS8_ENCRYPTED_KEY,
- pkcs8_key);
- if (ret < 0)
- {
- fprintf (stderr, "ret: %s\n", gnutls_strerror (ret));
- return 1;
- }
-
- /* Note that since the PKCS #8 key is already encrypted we don't
- * bother encrypting that bag.
- */
- bag_index = ret;
-
- gnutls_pkcs12_bag_set_friendly_name (key_bag, bag_index, "My name");
-
- gnutls_pkcs12_bag_set_key_id (key_bag, bag_index, &key_id);
-
-
- /* The bags were filled. Now create the PKCS #12 structure.
- */
- gnutls_pkcs12_init (&pkcs12);
-
- /* Insert the two bags in the PKCS #12 structure.
- */
-
- gnutls_pkcs12_set_bag (pkcs12, bag);
- gnutls_pkcs12_set_bag (pkcs12, key_bag);
-
-
- /* Generate a message authentication code for the PKCS #12
- * structure.
- */
- gnutls_pkcs12_generate_mac (pkcs12, password);
-
- pkcs12_struct_size = sizeof (pkcs12_struct);
- ret =
- gnutls_pkcs12_export (pkcs12, GNUTLS_X509_FMT_DER, pkcs12_struct,
- &pkcs12_struct_size);
- if (ret < 0)
- {
- fprintf (stderr, "ret: %s\n", gnutls_strerror (ret));
- return 1;
- }
-
- fd = fopen (OUTFILE, "w");
- if (fd == NULL)
- {
- fprintf (stderr, "cannot open file\n");
- return 1;
- }
- fwrite (pkcs12_struct, 1, pkcs12_struct_size, fd);
- fclose (fd);
-
- gnutls_pkcs12_bag_deinit (bag);
- gnutls_pkcs12_bag_deinit (key_bag);
- gnutls_pkcs12_deinit (pkcs12);
-
- return 0;
+ gnutls_pkcs12_t pkcs12;
+ int ret, bag_index;
+ gnutls_pkcs12_bag_t bag, key_bag;
+ char pkcs12_struct[10 * 1024];
+ size_t pkcs12_struct_size;
+ FILE *fd;
+
+ /* A good idea might be to use gnutls_x509_privkey_get_key_id()
+ * to obtain a unique ID.
+ */
+ gnutls_datum_t key_id = { (void *) "\x00\x00\x07", 3 };
+
+ gnutls_global_init();
+
+ /* Firstly we create two helper bags, which hold the certificate,
+ * and the (encrypted) key.
+ */
+
+ gnutls_pkcs12_bag_init(&bag);
+ gnutls_pkcs12_bag_init(&key_bag);
+
+ ret =
+ gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, cert);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ return 1;
+ }
+
+ /* ret now holds the bag's index.
+ */
+ bag_index = ret;
+
+ /* Associate a friendly name with the given certificate. Used
+ * by browsers.
+ */
+ gnutls_pkcs12_bag_set_friendly_name(bag, bag_index, "My name");
+
+ /* Associate the certificate with the key using a unique key
+ * ID.
+ */
+ gnutls_pkcs12_bag_set_key_id(bag, bag_index, &key_id);
+
+ /* use weak encryption for the certificate.
+ */
+ gnutls_pkcs12_bag_encrypt(bag, password,
+ GNUTLS_PKCS_USE_PKCS12_RC2_40);
+
+ /* Now the key.
+ */
+
+ ret = gnutls_pkcs12_bag_set_data(key_bag,
+ GNUTLS_BAG_PKCS8_ENCRYPTED_KEY,
+ pkcs8_key);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ return 1;
+ }
+
+ /* Note that since the PKCS #8 key is already encrypted we don't
+ * bother encrypting that bag.
+ */
+ bag_index = ret;
+
+ gnutls_pkcs12_bag_set_friendly_name(key_bag, bag_index, "My name");
+
+ gnutls_pkcs12_bag_set_key_id(key_bag, bag_index, &key_id);
+
+
+ /* The bags were filled. Now create the PKCS #12 structure.
+ */
+ gnutls_pkcs12_init(&pkcs12);
+
+ /* Insert the two bags in the PKCS #12 structure.
+ */
+
+ gnutls_pkcs12_set_bag(pkcs12, bag);
+ gnutls_pkcs12_set_bag(pkcs12, key_bag);
+
+
+ /* Generate a message authentication code for the PKCS #12
+ * structure.
+ */
+ gnutls_pkcs12_generate_mac(pkcs12, password);
+
+ pkcs12_struct_size = sizeof(pkcs12_struct);
+ ret =
+ gnutls_pkcs12_export(pkcs12, GNUTLS_X509_FMT_DER,
+ pkcs12_struct, &pkcs12_struct_size);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ return 1;
+ }
+
+ fd = fopen(OUTFILE, "w");
+ if (fd == NULL) {
+ fprintf(stderr, "cannot open file\n");
+ return 1;
+ }
+ fwrite(pkcs12_struct, 1, pkcs12_struct_size, fd);
+ fclose(fd);
+
+ gnutls_pkcs12_bag_deinit(bag);
+ gnutls_pkcs12_bag_deinit(key_bag);
+ gnutls_pkcs12_deinit(pkcs12);
+
+ return 0;
}
diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c
index 727ed16bd6..fd24cbfa1f 100644
--- a/doc/examples/ex-serv-anon.c
+++ b/doc/examples/ex-serv-anon.c
@@ -26,141 +26,137 @@
/* These are global */
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- unsigned int bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, bits);
-
- return 0;
+ unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_LEGACY);
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, bits);
+
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int err, listen_sd;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- gnutls_anon_server_credentials_t anoncred;
- char buffer[MAX_BUF + 1];
- int optval = 1;
+ int err, listen_sd;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ generate_dh_params();
+
+ gnutls_anon_set_server_dh_params(anoncred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ err =
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+ SOCKET_ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ SOCKET_ERR(err, "listen");
+
+ printf("Server ready. Listening to port '%d'.\n\n", PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct(session,
+ "NORMAL:+ANON-ECDH:+ANON-DH",
+ NULL);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- generate_dh_params ();
-
- gnutls_anon_set_server_dh_params (anoncred, dh_params);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
- SOCKET_ERR (listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
- SOCKET_ERR (err, "bind");
- err = listen (listen_sd, 1024);
- SOCKET_ERR (err, "listen");
-
- printf ("Server ready. Listening to port '%d'.\n\n", PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
-
- do
- {
- ret = gnutls_handshake (session);
}
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
- printf ("- Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
- }
- printf ("\n");
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- }
- close (listen_sd);
+ close(listen_sd);
- gnutls_anon_free_server_credentials (anoncred);
+ gnutls_anon_free_server_credentials(anoncred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-dtls.c b/doc/examples/ex-serv-dtls.c
index 8b33a444bd..7e35bbca32 100644
--- a/doc/examples/ex-serv-dtls.c
+++ b/doc/examples/ex-serv-dtls.c
@@ -30,22 +30,22 @@
#define MAX_BUFFER 1024
#define PORT 5556
-typedef struct
-{
- gnutls_session_t session;
- int fd;
- struct sockaddr *cli_addr;
- socklen_t cli_addr_size;
+typedef struct {
+ gnutls_session_t session;
+ int fd;
+ struct sockaddr *cli_addr;
+ socklen_t cli_addr_size;
} priv_data_st;
-static int pull_timeout_func (gnutls_transport_ptr_t ptr, unsigned int ms);
-static ssize_t push_func (gnutls_transport_ptr_t p, const void *data,
- size_t size);
-static ssize_t pull_func (gnutls_transport_ptr_t p, void *data, size_t size);
-static const char *human_addr (const struct sockaddr *sa, socklen_t salen,
- char *buf, size_t buflen);
-static int wait_for_connection (int fd);
-static int generate_dh_params (void);
+static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms);
+static ssize_t push_func(gnutls_transport_ptr_t p, const void *data,
+ size_t size);
+static ssize_t pull_func(gnutls_transport_ptr_t p, void *data,
+ size_t size);
+static const char *human_addr(const struct sockaddr *sa, socklen_t salen,
+ char *buf, size_t buflen);
+static int wait_for_connection(int fd);
+static int generate_dh_params(void);
/* Use global credentials and parameters to simplify
* the example. */
@@ -53,386 +53,386 @@ static gnutls_certificate_credentials_t x509_cred;
static gnutls_priority_t priority_cache;
static gnutls_dh_params_t dh_params;
-int
-main (void)
+int main(void)
{
- int listen_sd;
- int sock, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in cli_addr;
- socklen_t cli_addr_size;
- gnutls_session_t session;
- char buffer[MAX_BUFFER];
- priv_data_st priv;
- gnutls_datum_t cookie_key;
- gnutls_dtls_prestate_st prestate;
- int mtu = 1400;
- unsigned char sequence[8];
-
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
- GNUTLS_X509_FMT_PEM);
-
- ret = gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- printf("No certificate or key were found\n");
- exit(1);
- }
-
- generate_dh_params ();
-
- gnutls_certificate_set_dh_params (x509_cred, dh_params);
-
- gnutls_priority_init (&priority_cache,
- "PERFORMANCE:-VERS-TLS-ALL:+VERS-DTLS1.0:%SERVER_PRECEDENCE",
- NULL);
-
- gnutls_key_generate (&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_DGRAM, 0);
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT);
-
- { /* DTLS requires the IP don't fragment (DF) bit to be set */
-#if defined(IP_DONTFRAG)
- int optval = 1;
- setsockopt (listen_sd, IPPROTO_IP, IP_DONTFRAG,
- (const void *) &optval, sizeof (optval));
-#elif defined(IP_MTU_DISCOVER)
- int optval = IP_PMTUDISC_DO;
- setsockopt(listen_sd, IPPROTO_IP, IP_MTU_DISCOVER,
- (const void*) &optval, sizeof (optval));
-#endif
- }
-
- bind (listen_sd, (struct sockaddr *) &sa_serv, sizeof (sa_serv));
-
- printf ("UDP server ready. Listening to port '%d'.\n\n", PORT);
-
- for (;;)
- {
- printf ("Waiting for connection...\n");
- sock = wait_for_connection (listen_sd);
- if (sock < 0)
- continue;
-
- cli_addr_size = sizeof (cli_addr);
- ret = recvfrom (sock, buffer, sizeof (buffer), MSG_PEEK,
- (struct sockaddr *) &cli_addr, &cli_addr_size);
- if (ret > 0)
- {
- memset (&prestate, 0, sizeof (prestate));
- ret = gnutls_dtls_cookie_verify (&cookie_key, &cli_addr,
- sizeof (cli_addr), buffer, ret,
- &prestate);
- if (ret < 0) /* cookie not valid */
- {
- priv_data_st s;
-
- memset (&s, 0, sizeof (s));
- s.fd = sock;
- s.cli_addr = (void *) &cli_addr;
- s.cli_addr_size = sizeof (cli_addr);
-
- printf ("Sending hello verify request to %s\n",
- human_addr ((struct sockaddr *) &cli_addr,
- sizeof (cli_addr), buffer,
- sizeof (buffer)));
-
- gnutls_dtls_cookie_send (&cookie_key, &cli_addr,
- sizeof (cli_addr), &prestate,
- (gnutls_transport_ptr_t) & s,
- push_func);
-
- /* discard peeked data */
- recvfrom (sock, buffer, sizeof (buffer), 0,
- (struct sockaddr *) &cli_addr, &cli_addr_size);
- usleep (100);
- continue;
- }
- printf ("Accepted connection from %s\n",
- human_addr ((struct sockaddr *)
- &cli_addr, sizeof (cli_addr), buffer,
- sizeof (buffer)));
+ int listen_sd;
+ int sock, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ gnutls_session_t session;
+ char buffer[MAX_BUFFER];
+ priv_data_st priv;
+ gnutls_datum_t cookie_key;
+ gnutls_dtls_prestate_st prestate;
+ int mtu = 1400;
+ unsigned char sequence[8];
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ ret =
+ gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE,
+ KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ printf("No certificate or key were found\n");
+ exit(1);
}
- else
- continue;
- gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- gnutls_priority_set (session, priority_cache);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ generate_dh_params();
- gnutls_dtls_prestate_set (session, &prestate);
- gnutls_dtls_set_mtu (session, mtu);
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
- priv.session = session;
- priv.fd = sock;
- priv.cli_addr = (struct sockaddr *) &cli_addr;
- priv.cli_addr_size = sizeof (cli_addr);
+ gnutls_priority_init(&priority_cache,
+ "PERFORMANCE:-VERS-TLS-ALL:+VERS-DTLS1.0:%SERVER_PRECEDENCE",
+ NULL);
- gnutls_transport_set_ptr (session, &priv);
- gnutls_transport_set_push_function (session, push_func);
- gnutls_transport_set_pull_function (session, pull_func);
- gnutls_transport_set_pull_timeout_function (session, pull_timeout_func);
+ gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
- /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET.
- * In that case the MTU should be adjusted.
- */
-
- if (ret < 0)
- {
- fprintf (stderr, "Error in handshake(): %s\n",
- gnutls_strerror (ret));
- gnutls_deinit (session);
- continue;
- }
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_DGRAM, 0);
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT);
- printf ("- Handshake was completed\n");
-
- for (;;)
- {
- do
- {
- ret = gnutls_record_recv_seq (session, buffer, MAX_BUFFER,
- sequence);
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- continue;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "Error in recv(): %s\n",
- gnutls_strerror (ret));
- break;
- }
-
- if (ret == 0)
- {
- printf ("EOF\n\n");
- break;
- }
-
- buffer[ret] = 0;
- printf ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n",
- sequence[0], sequence[1], sequence[2], sequence[3],
- sequence[4], sequence[5], sequence[6], sequence[7], buffer);
-
- /* reply back */
- ret = gnutls_record_send (session, buffer, ret);
- if (ret < 0)
- {
- fprintf (stderr, "Error in send(): %s\n",
- gnutls_strerror (ret));
- break;
- }
+ { /* DTLS requires the IP don't fragment (DF) bit to be set */
+#if defined(IP_DONTFRAG)
+ int optval = 1;
+ setsockopt(listen_sd, IPPROTO_IP, IP_DONTFRAG,
+ (const void *) &optval, sizeof(optval));
+#elif defined(IP_MTU_DISCOVER)
+ int optval = IP_PMTUDISC_DO;
+ setsockopt(listen_sd, IPPROTO_IP, IP_MTU_DISCOVER,
+ (const void *) &optval, sizeof(optval));
+#endif
}
- gnutls_bye (session, GNUTLS_SHUT_WR);
- gnutls_deinit (session);
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+
+ printf("UDP server ready. Listening to port '%d'.\n\n", PORT);
+
+ for (;;) {
+ printf("Waiting for connection...\n");
+ sock = wait_for_connection(listen_sd);
+ if (sock < 0)
+ continue;
+
+ cli_addr_size = sizeof(cli_addr);
+ ret = recvfrom(sock, buffer, sizeof(buffer), MSG_PEEK,
+ (struct sockaddr *) &cli_addr,
+ &cli_addr_size);
+ if (ret > 0) {
+ memset(&prestate, 0, sizeof(prestate));
+ ret =
+ gnutls_dtls_cookie_verify(&cookie_key,
+ &cli_addr,
+ sizeof(cli_addr),
+ buffer, ret,
+ &prestate);
+ if (ret < 0) { /* cookie not valid */
+ priv_data_st s;
+
+ memset(&s, 0, sizeof(s));
+ s.fd = sock;
+ s.cli_addr = (void *) &cli_addr;
+ s.cli_addr_size = sizeof(cli_addr);
+
+ printf
+ ("Sending hello verify request to %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr,
+ sizeof(cli_addr), buffer,
+ sizeof(buffer)));
+
+ gnutls_dtls_cookie_send(&cookie_key,
+ &cli_addr,
+ sizeof(cli_addr),
+ &prestate,
+ (gnutls_transport_ptr_t)
+ & s, push_func);
+
+ /* discard peeked data */
+ recvfrom(sock, buffer, sizeof(buffer), 0,
+ (struct sockaddr *) &cli_addr,
+ &cli_addr_size);
+ usleep(100);
+ continue;
+ }
+ printf("Accepted connection from %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr, sizeof(cli_addr),
+ buffer, sizeof(buffer)));
+ } else
+ continue;
+
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_priority_set(session, priority_cache);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ x509_cred);
+
+ gnutls_dtls_prestate_set(session, &prestate);
+ gnutls_dtls_set_mtu(session, mtu);
+
+ priv.session = session;
+ priv.fd = sock;
+ priv.cli_addr = (struct sockaddr *) &cli_addr;
+ priv.cli_addr_size = sizeof(cli_addr);
+
+ gnutls_transport_set_ptr(session, &priv);
+ gnutls_transport_set_push_function(session, push_func);
+ gnutls_transport_set_pull_function(session, pull_func);
+ gnutls_transport_set_pull_timeout_function(session,
+ pull_timeout_func);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_AGAIN);
+ /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET.
+ * In that case the MTU should be adjusted.
+ */
+
+ if (ret < 0) {
+ fprintf(stderr, "Error in handshake(): %s\n",
+ gnutls_strerror(ret));
+ gnutls_deinit(session);
+ continue;
+ }
+
+ printf("- Handshake was completed\n");
+
+ for (;;) {
+ do {
+ ret =
+ gnutls_record_recv_seq(session, buffer,
+ MAX_BUFFER,
+ sequence);
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ } else if (ret < 0) {
+ fprintf(stderr, "Error in recv(): %s\n",
+ gnutls_strerror(ret));
+ break;
+ }
+
+ if (ret == 0) {
+ printf("EOF\n\n");
+ break;
+ }
+
+ buffer[ret] = 0;
+ printf
+ ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n",
+ sequence[0], sequence[1], sequence[2],
+ sequence[3], sequence[4], sequence[5],
+ sequence[6], sequence[7], buffer);
+
+ /* reply back */
+ ret = gnutls_record_send(session, buffer, ret);
+ if (ret < 0) {
+ fprintf(stderr, "Error in send(): %s\n",
+ gnutls_strerror(ret));
+ break;
+ }
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+ gnutls_deinit(session);
- }
- close (listen_sd);
+ }
+ close(listen_sd);
- gnutls_certificate_free_credentials (x509_cred);
- gnutls_priority_deinit (priority_cache);
+ gnutls_certificate_free_credentials(x509_cred);
+ gnutls_priority_deinit(priority_cache);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
-static int
-wait_for_connection (int fd)
+static int wait_for_connection(int fd)
{
- fd_set rd, wr;
- int n;
+ fd_set rd, wr;
+ int n;
- FD_ZERO (&rd);
- FD_ZERO (&wr);
+ FD_ZERO(&rd);
+ FD_ZERO(&wr);
- FD_SET (fd, &rd);
+ FD_SET(fd, &rd);
- /* waiting part */
- n = select (fd + 1, &rd, &wr, NULL, NULL);
- if (n == -1 && errno == EINTR)
- return -1;
- if (n < 0)
- {
- perror ("select()");
- exit (1);
- }
+ /* waiting part */
+ n = select(fd + 1, &rd, &wr, NULL, NULL);
+ if (n == -1 && errno == EINTR)
+ return -1;
+ if (n < 0) {
+ perror("select()");
+ exit(1);
+ }
- return fd;
+ return fd;
}
/* Wait for data to be received within a timeout period in milliseconds
*/
-static int
-pull_timeout_func (gnutls_transport_ptr_t ptr, unsigned int ms)
+static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms)
{
- fd_set rfds;
- struct timeval tv;
- priv_data_st *priv = ptr;
- struct sockaddr_in cli_addr;
- socklen_t cli_addr_size;
- int ret;
- char c;
-
- FD_ZERO (&rfds);
- FD_SET (priv->fd, &rfds);
-
- tv.tv_sec = 0;
- tv.tv_usec = ms * 1000;
-
- while(tv.tv_usec >= 1000000)
- {
- tv.tv_usec -= 1000000;
- tv.tv_sec++;
- }
-
- ret = select (priv->fd + 1, &rfds, NULL, NULL, &tv);
-
- if (ret <= 0)
- return ret;
-
- /* only report ok if the next message is from the peer we expect
- * from
- */
- cli_addr_size = sizeof (cli_addr);
- ret =
- recvfrom (priv->fd, &c, 1, MSG_PEEK, (struct sockaddr *) &cli_addr,
- &cli_addr_size);
- if (ret > 0)
- {
- if (cli_addr_size == priv->cli_addr_size
- && memcmp (&cli_addr, priv->cli_addr, sizeof (cli_addr)) == 0)
- return 1;
- }
-
- return 0;
+ fd_set rfds;
+ struct timeval tv;
+ priv_data_st *priv = ptr;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ int ret;
+ char c;
+
+ FD_ZERO(&rfds);
+ FD_SET(priv->fd, &rfds);
+
+ tv.tv_sec = 0;
+ tv.tv_usec = ms * 1000;
+
+ while (tv.tv_usec >= 1000000) {
+ tv.tv_usec -= 1000000;
+ tv.tv_sec++;
+ }
+
+ ret = select(priv->fd + 1, &rfds, NULL, NULL, &tv);
+
+ if (ret <= 0)
+ return ret;
+
+ /* only report ok if the next message is from the peer we expect
+ * from
+ */
+ cli_addr_size = sizeof(cli_addr);
+ ret =
+ recvfrom(priv->fd, &c, 1, MSG_PEEK,
+ (struct sockaddr *) &cli_addr, &cli_addr_size);
+ if (ret > 0) {
+ if (cli_addr_size == priv->cli_addr_size
+ && memcmp(&cli_addr, priv->cli_addr,
+ sizeof(cli_addr)) == 0)
+ return 1;
+ }
+
+ return 0;
}
static ssize_t
-push_func (gnutls_transport_ptr_t p, const void *data, size_t size)
+push_func(gnutls_transport_ptr_t p, const void *data, size_t size)
{
- priv_data_st *priv = p;
+ priv_data_st *priv = p;
- return sendto (priv->fd, data, size, 0, priv->cli_addr,
- priv->cli_addr_size);
+ return sendto(priv->fd, data, size, 0, priv->cli_addr,
+ priv->cli_addr_size);
}
-static ssize_t
-pull_func (gnutls_transport_ptr_t p, void *data, size_t size)
+static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size)
{
- priv_data_st *priv = p;
- struct sockaddr_in cli_addr;
- socklen_t cli_addr_size;
- char buffer[64];
- int ret;
-
- cli_addr_size = sizeof (cli_addr);
- ret =
- recvfrom (priv->fd, data, size, 0, (struct sockaddr *) &cli_addr,
- &cli_addr_size);
- if (ret == -1)
- return ret;
-
- if (cli_addr_size == priv->cli_addr_size
- && memcmp (&cli_addr, priv->cli_addr, sizeof (cli_addr)) == 0)
- return ret;
-
- printf ("Denied connection from %s\n",
- human_addr ((struct sockaddr *)
- &cli_addr, sizeof (cli_addr), buffer, sizeof (buffer)));
-
- gnutls_transport_set_errno (priv->session, EAGAIN);
- return -1;
+ priv_data_st *priv = p;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ char buffer[64];
+ int ret;
+
+ cli_addr_size = sizeof(cli_addr);
+ ret =
+ recvfrom(priv->fd, data, size, 0,
+ (struct sockaddr *) &cli_addr, &cli_addr_size);
+ if (ret == -1)
+ return ret;
+
+ if (cli_addr_size == priv->cli_addr_size
+ && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr)) == 0)
+ return ret;
+
+ printf("Denied connection from %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr, sizeof(cli_addr), buffer,
+ sizeof(buffer)));
+
+ gnutls_transport_set_errno(priv->session, EAGAIN);
+ return -1;
}
-static const char *
-human_addr (const struct sockaddr *sa, socklen_t salen,
- char *buf, size_t buflen)
+static const char *human_addr(const struct sockaddr *sa, socklen_t salen,
+ char *buf, size_t buflen)
{
- const char *save_buf = buf;
- size_t l;
+ const char *save_buf = buf;
+ size_t l;
- if (!buf || !buflen)
- return NULL;
+ if (!buf || !buflen)
+ return NULL;
- *buf = '\0';
+ *buf = '\0';
- switch (sa->sa_family)
- {
+ switch (sa->sa_family) {
#if HAVE_IPV6
- case AF_INET6:
- snprintf (buf, buflen, "IPv6 ");
- break;
+ case AF_INET6:
+ snprintf(buf, buflen, "IPv6 ");
+ break;
#endif
- case AF_INET:
- snprintf (buf, buflen, "IPv4 ");
- break;
- }
+ case AF_INET:
+ snprintf(buf, buflen, "IPv4 ");
+ break;
+ }
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- if (getnameinfo (sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) != 0)
- return NULL;
+ if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) !=
+ 0)
+ return NULL;
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- strncat (buf, " port ", buflen);
+ strncat(buf, " port ", buflen);
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- if (getnameinfo (sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) != 0)
- return NULL;
+ if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) !=
+ 0)
+ return NULL;
- return save_buf;
+ return save_buf;
}
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- int bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
+ int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_LEGACY);
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. When short bit length is used, it might
- * be wise to regenerate parameters often.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, bits);
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. When short bit length is used, it might
+ * be wise to regenerate parameters often.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, bits);
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c
index 78e4c59e1f..b68a6bfec2 100644
--- a/doc/examples/ex-serv-pgp.c
+++ b/doc/examples/ex-serv-pgp.c
@@ -31,147 +31,144 @@
/* These are global */
gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- unsigned int bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
-
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, bits);
-
- return 0;
+ unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_LEGACY);
+
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, bits);
+
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int err, listen_sd;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- gnutls_certificate_credentials_t cred;
- char buffer[MAX_BUF + 1];
- int optval = 1;
- char name[256];
-
- strcpy (name, "Echo Server");
-
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_certificate_allocate_credentials (&cred);
- gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE,
- GNUTLS_OPENPGP_FMT_BASE64);
-
- gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE,
- GNUTLS_OPENPGP_FMT_BASE64);
-
- generate_dh_params ();
-
- gnutls_certificate_set_dh_params (cred, dh_params);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
- SOCKET_ERR (listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
- SOCKET_ERR (err, "bind");
- err = listen (listen_sd, 1024);
- SOCKET_ERR (err, "listen");
-
- printf ("%s ready. Listening to port '%d'.\n\n", name, PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set_direct (session, "NORMAL:+CTYPE-OPENPGP", NULL);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
- printf ("- Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
- }
- printf ("\n");
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ int err, listen_sd;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+ char name[256];
+
+ strcpy(name, "Echo Server");
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_certificate_allocate_credentials(&cred);
+ gnutls_certificate_set_openpgp_keyring_file(cred, RINGFILE,
+ GNUTLS_OPENPGP_FMT_BASE64);
+
+ gnutls_certificate_set_openpgp_key_file(cred, CERTFILE, KEYFILE,
+ GNUTLS_OPENPGP_FMT_BASE64);
+
+ generate_dh_params();
+
+ gnutls_certificate_set_dh_params(cred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ err =
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+ SOCKET_ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ SOCKET_ERR(err, "listen");
+
+ printf("%s ready. Listening to port '%d'.\n\n", name, PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct(session,
+ "NORMAL:+CTYPE-OPENPGP", NULL);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- close (sd);
- gnutls_deinit (session);
-
- }
- close (listen_sd);
+ }
+ close(listen_sd);
- gnutls_certificate_free_credentials (cred);
+ gnutls_certificate_free_credentials(cred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c
index 2e025ca9ca..7244787619 100644
--- a/doc/examples/ex-serv-psk.c
+++ b/doc/examples/ex-serv-psk.c
@@ -32,180 +32,179 @@
/* These are global */
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. When short bit length is used, it might
- * be wise to regenerate parameters.
- *
- * Check the ex-serv-export.c example for using static
- * parameters.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, DH_BITS);
-
- return 0;
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. When short bit length is used, it might
+ * be wise to regenerate parameters.
+ *
+ * Check the ex-serv-export.c example for using static
+ * parameters.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, DH_BITS);
+
+ return 0;
}
static int
-pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
+pskfunc(gnutls_session_t session, const char *username,
+ gnutls_datum_t * key)
{
- printf ("psk: username %s\n", username);
- key->data = gnutls_malloc (4);
- key->data[0] = 0xDE;
- key->data[1] = 0xAD;
- key->data[2] = 0xBE;
- key->data[3] = 0xEF;
- key->size = 4;
- return 0;
+ printf("psk: username %s\n", username);
+ key->data = gnutls_malloc(4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int err, listen_sd;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_psk_server_credentials_t psk_cred;
- gnutls_priority_t priority_cache;
- char buffer[MAX_BUF + 1];
- int optval = 1;
- int kx;
-
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_psk_allocate_server_credentials (&psk_cred);
- gnutls_psk_set_server_credentials_function (psk_cred, pskfunc);
-
- generate_dh_params ();
-
- gnutls_priority_init (&priority_cache, "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK", NULL);
-
- gnutls_certificate_set_dh_params (x509_cred, dh_params);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
- SOCKET_ERR (listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
- SOCKET_ERR (err, "bind");
- err = listen (listen_sd, 1024);
- SOCKET_ERR (err, "listen");
-
- printf ("Server ready. Listening to port '%d'.\n\n", PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set (session, priority_cache);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
- printf ("- Handshake was completed\n");
-
- kx = gnutls_kx_get(session);
- if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK ||
- kx == GNUTLS_KX_ECDHE_PSK)
- {
- printf("- User %s was connected\n", gnutls_psk_server_get_username(session));
- }
+ int err, listen_sd;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_psk_server_credentials_t psk_cred;
+ gnutls_priority_t priority_cache;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+ int kx;
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_psk_allocate_server_credentials(&psk_cred);
+ gnutls_psk_set_server_credentials_function(psk_cred, pskfunc);
+
+ generate_dh_params();
+
+ gnutls_priority_init(&priority_cache,
+ "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK", NULL);
+
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ err =
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+ SOCKET_ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ SOCKET_ERR(err, "listen");
+
+ printf("Server ready. Listening to port '%d'.\n\n", PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set(session, priority_cache);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ x509_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, psk_cred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ kx = gnutls_kx_get(session);
+ if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK ||
+ kx == GNUTLS_KX_ECDHE_PSK) {
+ printf("- User %s was connected\n",
+ gnutls_psk_server_get_username(session));
+ }
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
}
- printf ("\n");
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- }
- close (listen_sd);
+ close(listen_sd);
- gnutls_certificate_free_credentials (x509_cred);
- gnutls_psk_free_server_credentials (psk_cred);
+ gnutls_certificate_free_credentials(x509_cred);
+ gnutls_psk_free_server_credentials(psk_cred);
- gnutls_priority_deinit (priority_cache);
+ gnutls_priority_deinit(priority_cache);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c
index 3a95edd172..44b0a711ad 100644
--- a/doc/examples/ex-serv-srp.c
+++ b/doc/examples/ex-serv-srp.c
@@ -29,141 +29,140 @@
#define MAX_BUF 1024
#define PORT 5556 /* listen to 5556 port */
-int
-main (void)
+int main(void)
{
- int err, listen_sd;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- gnutls_srp_server_credentials_t srp_cred;
- gnutls_certificate_credentials_t cert_cred;
- char buffer[MAX_BUF + 1];
- int optval = 1;
- char name[256];
-
- strcpy (name, "Echo Server");
-
- gnutls_global_init ();
-
- /* SRP_PASSWD a password file (created with the included srptool utility)
- */
- gnutls_srp_allocate_server_credentials (&srp_cred);
- gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD,
- SRP_PASSWD_CONF);
-
- gnutls_certificate_allocate_credentials (&cert_cred);
- gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
-
- /* TCP socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
- SOCKET_ERR (listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
- SOCKET_ERR (err, "bind");
- err = listen (listen_sd, 1024);
- SOCKET_ERR (err, "listen");
-
- printf ("%s ready. Listening to port '%d'.\n\n", name, PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set_direct (session,
- "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
- /* for the certificate authenticated ciphersuites.
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
- printf ("- Handshake was completed\n");
- printf ("- User %s was connected\n", gnutls_srp_server_get_username(session));
-
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
- }
- printf ("\n");
- /* do not wait for the peer to close the connection. */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ int err, listen_sd;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ gnutls_srp_server_credentials_t srp_cred;
+ gnutls_certificate_credentials_t cert_cred;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+ char name[256];
+
+ strcpy(name, "Echo Server");
+
+ gnutls_global_init();
+
+ /* SRP_PASSWD a password file (created with the included srptool utility)
+ */
+ gnutls_srp_allocate_server_credentials(&srp_cred);
+ gnutls_srp_set_server_credentials_file(srp_cred, SRP_PASSWD,
+ SRP_PASSWD_CONF);
+
+ gnutls_certificate_allocate_credentials(&cert_cred);
+ gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_key_file(cert_cred, CERTFILE, KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ /* TCP socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ err =
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+ SOCKET_ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ SOCKET_ERR(err, "listen");
+
+ printf("%s ready. Listening to port '%d'.\n\n", name, PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct(session,
+ "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA",
+ NULL);
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred);
+ /* for the certificate authenticated ciphersuites.
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cert_cred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_IGNORE);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+ printf("- User %s was connected\n",
+ gnutls_srp_server_get_username(session));
+
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection. */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- close (sd);
- gnutls_deinit (session);
-
- }
- close (listen_sd);
+ }
+ close(listen_sd);
- gnutls_srp_free_server_credentials (srp_cred);
- gnutls_certificate_free_credentials (cert_cred);
+ gnutls_srp_free_server_credentials(srp_cred);
+ gnutls_certificate_free_credentials(cert_cred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-x509.c b/doc/examples/ex-serv-x509.c
index 2060f80a8b..bc5b371877 100644
--- a/doc/examples/ex-serv-x509.c
+++ b/doc/examples/ex-serv-x509.c
@@ -38,165 +38,164 @@
/* These are global */
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- unsigned int bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
+ unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_LEGACY);
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. When short bit length is used, it might
- * be wise to regenerate parameters often.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, bits);
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. When short bit length is used, it might
+ * be wise to regenerate parameters often.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, bits);
- return 0;
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int listen_sd;
- int sd, ret;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_priority_t priority_cache;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- int optval = 1;
-
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- /* gnutls_certificate_set_x509_system_trust(xcred); */
- gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
- GNUTLS_X509_FMT_PEM);
-
- ret = gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- printf("No certificate or key were found\n");
- exit(1);
- }
-
- /* loads an OCSP status request if available */
- gnutls_certificate_set_ocsp_status_request_file(x509_cred, OCSP_STATUS_FILE, 0);
-
- generate_dh_params ();
-
- gnutls_priority_init (&priority_cache, "PERFORMANCE:%SERVER_PRECEDENCE", NULL);
-
-
- gnutls_certificate_set_dh_params (x509_cred, dh_params);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
-
- listen (listen_sd, 1024);
-
- printf ("Server ready. Listening to port '%d'.\n\n", PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set (session, priority_cache);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- /* We don't request any certificate from the client.
- * If we did we would need to verify it.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
+ int listen_sd;
+ int sd, ret;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_priority_t priority_cache;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ /* gnutls_certificate_set_x509_system_trust(xcred); */
+ gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ ret =
+ gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE,
+ KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ printf("No certificate or key were found\n");
+ exit(1);
}
- printf ("- Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
- }
- printf ("\n");
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
- close (sd);
- gnutls_deinit (session);
+ /* loads an OCSP status request if available */
+ gnutls_certificate_set_ocsp_status_request_file(x509_cred,
+ OCSP_STATUS_FILE,
+ 0);
+
+ generate_dh_params();
+
+ gnutls_priority_init(&priority_cache,
+ "PERFORMANCE:%SERVER_PRECEDENCE", NULL);
+
+
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+
+ listen(listen_sd, 1024);
+
+ printf("Server ready. Listening to port '%d'.\n\n", PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set(session, priority_cache);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ x509_cred);
+ /* We don't request any certificate from the client.
+ * If we did we would need to verify it.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_IGNORE);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- }
- close (listen_sd);
+ }
+ close(listen_sd);
- gnutls_certificate_free_credentials (x509_cred);
- gnutls_priority_deinit (priority_cache);
+ gnutls_certificate_free_credentials(x509_cred);
+ gnutls_priority_deinit(priority_cache);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c
index e5f0b545e7..7838e43105 100644
--- a/doc/examples/ex-session-info.c
+++ b/doc/examples/ex-session-info.c
@@ -14,119 +14,121 @@
/* This function will print some details of the
* given session.
*/
-int
-print_info (gnutls_session_t session)
+int print_info(gnutls_session_t session)
{
- const char *tmp;
- gnutls_credentials_type_t cred;
- gnutls_kx_algorithm_t kx;
- int dhe, ecdh;
-
- dhe = ecdh = 0;
-
- /* print the key exchange's algorithm name
- */
- kx = gnutls_kx_get (session);
- tmp = gnutls_kx_get_name (kx);
- printf ("- Key Exchange: %s\n", tmp);
-
- /* Check the authentication type used and switch
- * to the appropriate.
- */
- cred = gnutls_auth_get_type (session);
- switch (cred)
- {
- case GNUTLS_CRD_IA:
- printf ("- TLS/IA session\n");
- break;
+ const char *tmp;
+ gnutls_credentials_type_t cred;
+ gnutls_kx_algorithm_t kx;
+ int dhe, ecdh;
+
+ dhe = ecdh = 0;
+
+ /* print the key exchange's algorithm name
+ */
+ kx = gnutls_kx_get(session);
+ tmp = gnutls_kx_get_name(kx);
+ printf("- Key Exchange: %s\n", tmp);
+
+ /* Check the authentication type used and switch
+ * to the appropriate.
+ */
+ cred = gnutls_auth_get_type(session);
+ switch (cred) {
+ case GNUTLS_CRD_IA:
+ printf("- TLS/IA session\n");
+ break;
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- printf ("- SRP session with username %s\n",
- gnutls_srp_server_get_username (session));
- break;
+ case GNUTLS_CRD_SRP:
+ printf("- SRP session with username %s\n",
+ gnutls_srp_server_get_username(session));
+ break;
#endif
- case GNUTLS_CRD_PSK:
- /* This returns NULL in server side.
- */
- if (gnutls_psk_client_get_hint (session) != NULL)
- printf ("- PSK authentication. PSK hint '%s'\n",
- gnutls_psk_client_get_hint (session));
- /* This returns NULL in client side.
- */
- if (gnutls_psk_server_get_username (session) != NULL)
- printf ("- PSK authentication. Connected as '%s'\n",
- gnutls_psk_server_get_username (session));
-
- if (kx == GNUTLS_KX_ECDHE_PSK)
- ecdh = 1;
- else if (kx == GNUTLS_KX_DHE_PSK)
- dhe = 1;
- break;
-
- case GNUTLS_CRD_ANON: /* anonymous authentication */
-
- printf ("- Anonymous authentication.\n");
- if (kx == GNUTLS_KX_ANON_ECDH)
- ecdh = 1;
- else if (kx == GNUTLS_KX_ANON_DH)
- dhe = 1;
- break;
-
- case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */
-
- /* Check if we have been using ephemeral Diffie-Hellman.
- */
- if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- dhe = 1;
- else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA)
- ecdh = 1;
-
- /* if the certificate list is available, then
- * print some information about it.
- */
- print_x509_certificate_info (session);
-
- } /* switch */
-
- if (ecdh != 0)
- printf ("- Ephemeral ECDH using curve %s\n",
- gnutls_ecc_curve_get_name (gnutls_ecc_curve_get (session)));
- else if (dhe != 0)
- printf ("- Ephemeral DH using prime of %d bits\n",
- gnutls_dh_get_prime_bits (session));
-
- /* print the protocol's name (ie TLS 1.0)
- */
- tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
- printf ("- Protocol: %s\n", tmp);
-
- /* print the certificate type of the peer.
- * ie X.509
- */
- tmp =
- gnutls_certificate_type_get_name (gnutls_certificate_type_get (session));
-
- printf ("- Certificate Type: %s\n", tmp);
-
- /* print the compression algorithm (if any)
- */
- tmp = gnutls_compression_get_name (gnutls_compression_get (session));
- printf ("- Compression: %s\n", tmp);
-
- /* print the name of the cipher used.
- * ie 3DES.
- */
- tmp = gnutls_cipher_get_name (gnutls_cipher_get (session));
- printf ("- Cipher: %s\n", tmp);
-
- /* Print the MAC algorithms name.
- * ie SHA1
- */
- tmp = gnutls_mac_get_name (gnutls_mac_get (session));
- printf ("- MAC: %s\n", tmp);
-
- return 0;
+ case GNUTLS_CRD_PSK:
+ /* This returns NULL in server side.
+ */
+ if (gnutls_psk_client_get_hint(session) != NULL)
+ printf("- PSK authentication. PSK hint '%s'\n",
+ gnutls_psk_client_get_hint(session));
+ /* This returns NULL in client side.
+ */
+ if (gnutls_psk_server_get_username(session) != NULL)
+ printf("- PSK authentication. Connected as '%s'\n",
+ gnutls_psk_server_get_username(session));
+
+ if (kx == GNUTLS_KX_ECDHE_PSK)
+ ecdh = 1;
+ else if (kx == GNUTLS_KX_DHE_PSK)
+ dhe = 1;
+ break;
+
+ case GNUTLS_CRD_ANON: /* anonymous authentication */
+
+ printf("- Anonymous authentication.\n");
+ if (kx == GNUTLS_KX_ANON_ECDH)
+ ecdh = 1;
+ else if (kx == GNUTLS_KX_ANON_DH)
+ dhe = 1;
+ break;
+
+ case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */
+
+ /* Check if we have been using ephemeral Diffie-Hellman.
+ */
+ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
+ dhe = 1;
+ else if (kx == GNUTLS_KX_ECDHE_RSA
+ || kx == GNUTLS_KX_ECDHE_ECDSA)
+ ecdh = 1;
+
+ /* if the certificate list is available, then
+ * print some information about it.
+ */
+ print_x509_certificate_info(session);
+
+ } /* switch */
+
+ if (ecdh != 0)
+ printf("- Ephemeral ECDH using curve %s\n",
+ gnutls_ecc_curve_get_name(gnutls_ecc_curve_get
+ (session)));
+ else if (dhe != 0)
+ printf("- Ephemeral DH using prime of %d bits\n",
+ gnutls_dh_get_prime_bits(session));
+
+ /* print the protocol's name (ie TLS 1.0)
+ */
+ tmp =
+ gnutls_protocol_get_name(gnutls_protocol_get_version(session));
+ printf("- Protocol: %s\n", tmp);
+
+ /* print the certificate type of the peer.
+ * ie X.509
+ */
+ tmp =
+ gnutls_certificate_type_get_name(gnutls_certificate_type_get
+ (session));
+
+ printf("- Certificate Type: %s\n", tmp);
+
+ /* print the compression algorithm (if any)
+ */
+ tmp = gnutls_compression_get_name(gnutls_compression_get(session));
+ printf("- Compression: %s\n", tmp);
+
+ /* print the name of the cipher used.
+ * ie 3DES.
+ */
+ tmp = gnutls_cipher_get_name(gnutls_cipher_get(session));
+ printf("- Cipher: %s\n", tmp);
+
+ /* Print the MAC algorithms name.
+ * ie SHA1
+ */
+ tmp = gnutls_mac_get_name(gnutls_mac_get(session));
+ printf("- MAC: %s\n", tmp);
+
+ return 0;
}
diff --git a/doc/examples/ex-verify-ssh.c b/doc/examples/ex-verify-ssh.c
index 474a3e6d1f..1bc0bfae72 100644
--- a/doc/examples/ex-verify-ssh.c
+++ b/doc/examples/ex-verify-ssh.c
@@ -16,97 +16,95 @@
* SSH-style authentication, where ultimately trusted keys
* are only the keys that have been seen before.
*/
-int
-_ssh_verify_certificate_callback (gnutls_session_t session)
+int _ssh_verify_certificate_callback(gnutls_session_t session)
{
- unsigned int status;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size;
- int ret, type;
- gnutls_datum_t out;
- const char *hostname;
-
- /* read hostname */
- hostname = gnutls_session_get_ptr (session);
-
- /* This verification function uses the trusted CAs in the credentials
- * structure. So you must have installed one or more CA certificates.
- */
- ret = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- type = gnutls_certificate_type_get (session);
-
- ret = gnutls_certificate_verification_status_print( status, type, &out, 0);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- printf ("%s", out.data);
-
- gnutls_free(out.data);
-
- if (status != 0) /* Certificate is not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
-
- /* Do SSH verification */
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list == NULL)
- {
- printf ("No certificate was found!\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- /* service may be obtained alternatively using getservbyport() */
- ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "https",
- type, &cert_list[0], 0);
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- printf("Host %s is not known.", hostname);
- if (status == 0)
- printf("Its certificate is valid for %s.\n", hostname);
-
- /* the certificate must be printed and user must be asked on
- * whether it is trustworthy. --see gnutls_x509_crt_print() */
-
- /* if not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
- else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- {
- printf("Warning: host %s is known but has another key associated.", hostname);
- printf("It might be that the server has multiple keys, or you are under attack\n");
- if (status == 0)
- printf("Its certificate is valid for %s.\n", hostname);
-
- /* the certificate must be printed and user must be asked on
- * whether it is trustworthy. --see gnutls_x509_crt_print() */
-
- /* if not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
- else if (ret < 0)
- {
- printf("gnutls_verify_stored_pubkey: %s\n", gnutls_strerror(ret));
- return ret;
- }
-
- /* user trusts the key -> store it */
- if (ret != 0)
- {
- ret = gnutls_store_pubkey(NULL, NULL, hostname, "https",
- type, &cert_list[0], 0, 0);
- if (ret < 0)
- printf("gnutls_store_pubkey: %s\n", gnutls_strerror(ret));
- }
-
- /* notify gnutls to continue handshake normally */
- return 0;
-}
+ unsigned int status;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size;
+ int ret, type;
+ gnutls_datum_t out;
+ const char *hostname;
+
+ /* read hostname */
+ hostname = gnutls_session_get_ptr(session);
+
+ /* This verification function uses the trusted CAs in the credentials
+ * structure. So you must have installed one or more CA certificates.
+ */
+ ret = gnutls_certificate_verify_peers3(session, hostname, &status);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ type = gnutls_certificate_type_get(session);
+
+ ret =
+ gnutls_certificate_verification_status_print(status, type,
+ &out, 0);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ printf("%s", out.data);
+
+ gnutls_free(out.data);
+
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ /* Do SSH verification */
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list == NULL) {
+ printf("No certificate was found!\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ /* service may be obtained alternatively using getservbyport() */
+ ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "https",
+ type, &cert_list[0], 0);
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ printf("Host %s is not known.", hostname);
+ if (status == 0)
+ printf("Its certificate is valid for %s.\n",
+ hostname);
+
+ /* the certificate must be printed and user must be asked on
+ * whether it is trustworthy. --see gnutls_x509_crt_print() */
+
+ /* if not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ } else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
+ printf
+ ("Warning: host %s is known but has another key associated.",
+ hostname);
+ printf
+ ("It might be that the server has multiple keys, or you are under attack\n");
+ if (status == 0)
+ printf("Its certificate is valid for %s.\n",
+ hostname);
+
+ /* the certificate must be printed and user must be asked on
+ * whether it is trustworthy. --see gnutls_x509_crt_print() */
+
+ /* if not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ } else if (ret < 0) {
+ printf("gnutls_verify_stored_pubkey: %s\n",
+ gnutls_strerror(ret));
+ return ret;
+ }
+
+ /* user trusts the key -> store it */
+ if (ret != 0) {
+ ret = gnutls_store_pubkey(NULL, NULL, hostname, "https",
+ type, &cert_list[0], 0, 0);
+ if (ret < 0)
+ printf("gnutls_store_pubkey: %s\n",
+ gnutls_strerror(ret));
+ }
+
+ /* notify gnutls to continue handshake normally */
+ return 0;
+}
diff --git a/doc/examples/ex-verify.c b/doc/examples/ex-verify.c
index 0d52429e3a..45618b9fe9 100644
--- a/doc/examples/ex-verify.c
+++ b/doc/examples/ex-verify.c
@@ -22,126 +22,129 @@ int crl_list_size;
gnutls_x509_crt_t *ca_list;
int ca_list_size;
-static int print_details_func (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crl_t crl,
- unsigned int verification_output);
+static int print_details_func(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_crl_t crl,
+ unsigned int verification_output);
/* This function will try to verify the peer's certificate chain, and
* also check if the hostname matches.
*/
void
-verify_certificate_chain (const char *hostname,
- const gnutls_datum_t * cert_chain,
- int cert_chain_length)
+verify_certificate_chain(const char *hostname,
+ const gnutls_datum_t * cert_chain,
+ int cert_chain_length)
{
- int i;
- gnutls_x509_trust_list_t tlist;
- gnutls_x509_crt_t *cert;
-
- unsigned int output;
-
- /* Initialize the trusted certificate list. This should be done
- * once on initialization. gnutls_x509_crt_list_import2() and
- * gnutls_x509_crl_list_import2() can be used to load them.
- */
- gnutls_x509_trust_list_init (&tlist, 0);
-
- gnutls_x509_trust_list_add_cas (tlist, ca_list, ca_list_size, 0);
- gnutls_x509_trust_list_add_crls (tlist, crl_list, crl_list_size,
- GNUTLS_TL_VERIFY_CRL, 0);
-
- cert = malloc (sizeof (*cert) * cert_chain_length);
-
- /* Import all the certificates in the chain to
- * native certificate format.
- */
- for (i = 0; i < cert_chain_length; i++)
- {
- gnutls_x509_crt_init (&cert[i]);
- gnutls_x509_crt_import (cert[i], &cert_chain[i], GNUTLS_X509_FMT_DER);
- }
-
- gnutls_x509_trust_list_verify_named_crt (tlist, cert[0], hostname,
- strlen (hostname),
- GNUTLS_VERIFY_DISABLE_CRL_CHECKS,
- &output, print_details_func);
-
- /* if this certificate is not explicitly trusted verify against CAs
- */
- if (output != 0)
- {
- gnutls_x509_trust_list_verify_crt (tlist, cert, cert_chain_length, 0,
- &output, print_details_func);
- }
-
- if (output & GNUTLS_CERT_INVALID)
- {
- fprintf (stderr, "Not trusted");
-
- if (output & GNUTLS_CERT_SIGNER_NOT_FOUND)
- fprintf (stderr, ": no issuer was found");
- if (output & GNUTLS_CERT_SIGNER_NOT_CA)
- fprintf (stderr, ": issuer is not a CA");
- if (output & GNUTLS_CERT_NOT_ACTIVATED)
- fprintf (stderr, ": not yet activated\n");
- if (output & GNUTLS_CERT_EXPIRED)
- fprintf (stderr, ": expired\n");
-
- fprintf (stderr, "\n");
- }
- else
- fprintf (stderr, "Trusted\n");
-
- /* Check if the name in the first certificate matches our destination!
- */
- if (!gnutls_x509_crt_check_hostname (cert[0], hostname))
- {
- printf ("The certificate's owner does not match hostname '%s'\n",
- hostname);
- }
-
- gnutls_x509_trust_list_deinit (tlist, 1);
-
- return;
+ int i;
+ gnutls_x509_trust_list_t tlist;
+ gnutls_x509_crt_t *cert;
+
+ unsigned int output;
+
+ /* Initialize the trusted certificate list. This should be done
+ * once on initialization. gnutls_x509_crt_list_import2() and
+ * gnutls_x509_crl_list_import2() can be used to load them.
+ */
+ gnutls_x509_trust_list_init(&tlist, 0);
+
+ gnutls_x509_trust_list_add_cas(tlist, ca_list, ca_list_size, 0);
+ gnutls_x509_trust_list_add_crls(tlist, crl_list, crl_list_size,
+ GNUTLS_TL_VERIFY_CRL, 0);
+
+ cert = malloc(sizeof(*cert) * cert_chain_length);
+
+ /* Import all the certificates in the chain to
+ * native certificate format.
+ */
+ for (i = 0; i < cert_chain_length; i++) {
+ gnutls_x509_crt_init(&cert[i]);
+ gnutls_x509_crt_import(cert[i], &cert_chain[i],
+ GNUTLS_X509_FMT_DER);
+ }
+
+ gnutls_x509_trust_list_verify_named_crt(tlist, cert[0], hostname,
+ strlen(hostname),
+ GNUTLS_VERIFY_DISABLE_CRL_CHECKS,
+ &output,
+ print_details_func);
+
+ /* if this certificate is not explicitly trusted verify against CAs
+ */
+ if (output != 0) {
+ gnutls_x509_trust_list_verify_crt(tlist, cert,
+ cert_chain_length, 0,
+ &output,
+ print_details_func);
+ }
+
+ if (output & GNUTLS_CERT_INVALID) {
+ fprintf(stderr, "Not trusted");
+
+ if (output & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ fprintf(stderr, ": no issuer was found");
+ if (output & GNUTLS_CERT_SIGNER_NOT_CA)
+ fprintf(stderr, ": issuer is not a CA");
+ if (output & GNUTLS_CERT_NOT_ACTIVATED)
+ fprintf(stderr, ": not yet activated\n");
+ if (output & GNUTLS_CERT_EXPIRED)
+ fprintf(stderr, ": expired\n");
+
+ fprintf(stderr, "\n");
+ } else
+ fprintf(stderr, "Trusted\n");
+
+ /* Check if the name in the first certificate matches our destination!
+ */
+ if (!gnutls_x509_crt_check_hostname(cert[0], hostname)) {
+ printf
+ ("The certificate's owner does not match hostname '%s'\n",
+ hostname);
+ }
+
+ gnutls_x509_trust_list_deinit(tlist, 1);
+
+ return;
}
static int
-print_details_func (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl,
- unsigned int verification_output)
+print_details_func(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl,
+ unsigned int verification_output)
{
- char name[512];
- char issuer_name[512];
- size_t name_size;
- size_t issuer_name_size;
+ char name[512];
+ char issuer_name[512];
+ size_t name_size;
+ size_t issuer_name_size;
- issuer_name_size = sizeof (issuer_name);
- gnutls_x509_crt_get_issuer_dn (cert, issuer_name, &issuer_name_size);
+ issuer_name_size = sizeof(issuer_name);
+ gnutls_x509_crt_get_issuer_dn(cert, issuer_name,
+ &issuer_name_size);
- name_size = sizeof (name);
- gnutls_x509_crt_get_dn (cert, name, &name_size);
+ name_size = sizeof(name);
+ gnutls_x509_crt_get_dn(cert, name, &name_size);
- fprintf (stdout, "\tSubject: %s\n", name);
- fprintf (stdout, "\tIssuer: %s\n", issuer_name);
+ fprintf(stdout, "\tSubject: %s\n", name);
+ fprintf(stdout, "\tIssuer: %s\n", issuer_name);
- if (issuer != NULL)
- {
- issuer_name_size = sizeof (issuer_name);
- gnutls_x509_crt_get_dn (issuer, issuer_name, &issuer_name_size);
+ if (issuer != NULL) {
+ issuer_name_size = sizeof(issuer_name);
+ gnutls_x509_crt_get_dn(issuer, issuer_name,
+ &issuer_name_size);
- fprintf (stdout, "\tVerified against: %s\n", issuer_name);
- }
+ fprintf(stdout, "\tVerified against: %s\n", issuer_name);
+ }
- if (crl != NULL)
- {
- issuer_name_size = sizeof (issuer_name);
- gnutls_x509_crl_get_issuer_dn (crl, issuer_name, &issuer_name_size);
+ if (crl != NULL) {
+ issuer_name_size = sizeof(issuer_name);
+ gnutls_x509_crl_get_issuer_dn(crl, issuer_name,
+ &issuer_name_size);
- fprintf (stdout, "\tVerified against CRL of: %s\n", issuer_name);
- }
+ fprintf(stdout, "\tVerified against CRL of: %s\n",
+ issuer_name);
+ }
- fprintf (stdout, "\tVerification output: %x\n\n", verification_output);
+ fprintf(stdout, "\tVerification output: %x\n\n",
+ verification_output);
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-x509-info.c b/doc/examples/ex-x509-info.c
index d2f39cf437..a54aeff468 100644
--- a/doc/examples/ex-x509-info.c
+++ b/doc/examples/ex-x509-info.c
@@ -11,112 +11,115 @@
#include "examples.h"
-static const char *
-bin2hex (const void *bin, size_t bin_size)
+static const char *bin2hex(const void *bin, size_t bin_size)
{
- static char printable[110];
- const unsigned char *_bin = bin;
- char *print;
- size_t i;
-
- if (bin_size > 50)
- bin_size = 50;
-
- print = printable;
- for (i = 0; i < bin_size; i++)
- {
- sprintf (print, "%.2x ", _bin[i]);
- print += 2;
- }
-
- return printable;
+ static char printable[110];
+ const unsigned char *_bin = bin;
+ char *print;
+ size_t i;
+
+ if (bin_size > 50)
+ bin_size = 50;
+
+ print = printable;
+ for (i = 0; i < bin_size; i++) {
+ sprintf(print, "%.2x ", _bin[i]);
+ print += 2;
+ }
+
+ return printable;
}
/* This function will print information about this session's peer
* certificate.
*/
-void
-print_x509_certificate_info (gnutls_session_t session)
+void print_x509_certificate_info(gnutls_session_t session)
{
- char serial[40];
- char dn[256];
- size_t size;
- unsigned int algo, bits;
- time_t expiration_time, activation_time;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- gnutls_x509_crt_t cert;
- gnutls_datum_t cinfo;
+ char serial[40];
+ char dn[256];
+ size_t size;
+ unsigned int algo, bits;
+ time_t expiration_time, activation_time;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ gnutls_x509_crt_t cert;
+ gnutls_datum_t cinfo;
- /* This function only works for X.509 certificates.
- */
- if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
- return;
+ /* This function only works for X.509 certificates.
+ */
+ if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+ return;
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
- printf ("Peer provided %d certificates.\n", cert_list_size);
+ printf("Peer provided %d certificates.\n", cert_list_size);
- if (cert_list_size > 0)
- {
- int ret;
+ if (cert_list_size > 0) {
+ int ret;
- /* we only print information about the first certificate.
- */
- gnutls_x509_crt_init (&cert);
+ /* we only print information about the first certificate.
+ */
+ gnutls_x509_crt_init(&cert);
- gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER);
+ gnutls_x509_crt_import(cert, &cert_list[0],
+ GNUTLS_X509_FMT_DER);
- printf ("Certificate info:\n");
+ printf("Certificate info:\n");
- /* This is the preferred way of printing short information about
- a certificate. */
+ /* This is the preferred way of printing short information about
+ a certificate. */
- ret = gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
- if (ret == 0)
- {
- printf ("\t%s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
+ ret =
+ gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_ONELINE,
+ &cinfo);
+ if (ret == 0) {
+ printf("\t%s\n", cinfo.data);
+ gnutls_free(cinfo.data);
+ }
- /* If you want to extract fields manually for some other reason,
- below are popular example calls. */
+ /* If you want to extract fields manually for some other reason,
+ below are popular example calls. */
- expiration_time = gnutls_x509_crt_get_expiration_time (cert);
- activation_time = gnutls_x509_crt_get_activation_time (cert);
+ expiration_time =
+ gnutls_x509_crt_get_expiration_time(cert);
+ activation_time =
+ gnutls_x509_crt_get_activation_time(cert);
- printf ("\tCertificate is valid since: %s", ctime (&activation_time));
- printf ("\tCertificate expires: %s", ctime (&expiration_time));
+ printf("\tCertificate is valid since: %s",
+ ctime(&activation_time));
+ printf("\tCertificate expires: %s",
+ ctime(&expiration_time));
- /* Print the serial number of the certificate.
- */
- size = sizeof (serial);
- gnutls_x509_crt_get_serial (cert, serial, &size);
+ /* Print the serial number of the certificate.
+ */
+ size = sizeof(serial);
+ gnutls_x509_crt_get_serial(cert, serial, &size);
- printf ("\tCertificate serial number: %s\n", bin2hex (serial, size));
+ printf("\tCertificate serial number: %s\n",
+ bin2hex(serial, size));
- /* Extract some of the public key algorithm's parameters
- */
- algo = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
+ /* Extract some of the public key algorithm's parameters
+ */
+ algo = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
- printf ("Certificate public key: %s",
- gnutls_pk_algorithm_get_name (algo));
+ printf("Certificate public key: %s",
+ gnutls_pk_algorithm_get_name(algo));
- /* Print the version of the X.509
- * certificate.
- */
- printf ("\tCertificate version: #%d\n",
- gnutls_x509_crt_get_version (cert));
+ /* Print the version of the X.509
+ * certificate.
+ */
+ printf("\tCertificate version: #%d\n",
+ gnutls_x509_crt_get_version(cert));
- size = sizeof (dn);
- gnutls_x509_crt_get_dn (cert, dn, &size);
- printf ("\tDN: %s\n", dn);
+ size = sizeof(dn);
+ gnutls_x509_crt_get_dn(cert, dn, &size);
+ printf("\tDN: %s\n", dn);
- size = sizeof (dn);
- gnutls_x509_crt_get_issuer_dn (cert, dn, &size);
- printf ("\tIssuer's DN: %s\n", dn);
+ size = sizeof(dn);
+ gnutls_x509_crt_get_issuer_dn(cert, dn, &size);
+ printf("\tIssuer's DN: %s\n", dn);
- gnutls_x509_crt_deinit (cert);
+ gnutls_x509_crt_deinit(cert);
- }
+ }
}
diff --git a/doc/examples/examples.h b/doc/examples/examples.h
index 0c2dbb3372..e5641a52e4 100644
--- a/doc/examples/examples.h
+++ b/doc/examples/examples.h
@@ -1,25 +1,24 @@
#ifndef EXAMPLES_H
#define EXAMPLES_H
-void check_alert (gnutls_session_t session, int ret);
+void check_alert(gnutls_session_t session, int ret);
-int write_pkcs12 (const gnutls_datum_t * cert,
- const gnutls_datum_t * pkcs8_key, const char *password);
+int write_pkcs12(const gnutls_datum_t * cert,
+ const gnutls_datum_t * pkcs8_key, const char *password);
-void verify_certificate (gnutls_session_t session, const char *hostname);
+void verify_certificate(gnutls_session_t session, const char *hostname);
-int print_info (gnutls_session_t session);
+int print_info(gnutls_session_t session);
-void print_x509_certificate_info (gnutls_session_t session);
+void print_x509_certificate_info(gnutls_session_t session);
-int
-_ssh_verify_certificate_callback (gnutls_session_t session);
+int _ssh_verify_certificate_callback(gnutls_session_t session);
void
-verify_certificate_chain (const char *hostname,
- const gnutls_datum_t * cert_chain,
- int cert_chain_length);
+verify_certificate_chain(const char *hostname,
+ const gnutls_datum_t * cert_chain,
+ int cert_chain_length);
-int verify_certificate_callback (gnutls_session_t session);
+int verify_certificate_callback(gnutls_session_t session);
-#endif /* EXAMPLES_H */
+#endif /* EXAMPLES_H */
diff --git a/doc/examples/print-ciphersuites.c b/doc/examples/print-ciphersuites.c
index a1f8ab3d1a..c0b83216dd 100644
--- a/doc/examples/print-ciphersuites.c
+++ b/doc/examples/print-ciphersuites.c
@@ -6,50 +6,54 @@
#include <string.h>
#include <gnutls/gnutls.h>
-static void
-print_cipher_suite_list (const char* priorities)
+static void print_cipher_suite_list(const char *priorities)
{
- size_t i;
- int ret;
- unsigned int idx;
- const char *name;
- const char *err;
- unsigned char id[2];
- gnutls_protocol_t version;
- gnutls_priority_t pcache;
-
- if (priorities != NULL)
- {
- printf ("Cipher suites for %s\n", priorities);
-
- ret = gnutls_priority_init(&pcache, priorities, &err);
- if (ret < 0)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
- exit(1);
- }
-
- for (i=0;;i++)
- {
- ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
- if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue;
-
- name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version);
-
- if (name != NULL)
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name, (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- }
-
- return;
- }
+ size_t i;
+ int ret;
+ unsigned int idx;
+ const char *name;
+ const char *err;
+ unsigned char id[2];
+ gnutls_protocol_t version;
+ gnutls_priority_t pcache;
+
+ if (priorities != NULL) {
+ printf("Cipher suites for %s\n", priorities);
+
+ ret = gnutls_priority_init(&pcache, priorities, &err);
+ if (ret < 0) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ exit(1);
+ }
+
+ for (i = 0;; i++) {
+ ret =
+ gnutls_priority_get_cipher_suite_index(pcache,
+ i,
+ &idx);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
+ continue;
+
+ name =
+ gnutls_cipher_suite_info(idx, id, NULL, NULL,
+ NULL, &version);
+
+ if (name != NULL)
+ printf("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name, (unsigned char) id[0],
+ (unsigned char) id[1],
+ gnutls_protocol_get_name(version));
+ }
+
+ return;
+ }
}
-int main(int argc, char** argv)
+int main(int argc, char **argv)
{
- if (argc > 1)
- print_cipher_suite_list (argv[1]);
- return 0;
+ if (argc > 1)
+ print_cipher_suite_list(argv[1]);
+ return 0;
}
diff --git a/doc/examples/tcp.c b/doc/examples/tcp.c
index fcf8441297..a9b2f0ddaf 100644
--- a/doc/examples/tcp.c
+++ b/doc/examples/tcp.c
@@ -14,44 +14,41 @@
#include <unistd.h>
/* tcp.c */
-int tcp_connect (void);
-void tcp_close (int sd);
+int tcp_connect(void);
+void tcp_close(int sd);
/* Connects to the peer and returns a socket
* descriptor.
*/
-extern int
-tcp_connect (void)
+extern int tcp_connect(void)
{
- const char *PORT = "5556";
- const char *SERVER = "127.0.0.1";
- int err, sd;
- struct sockaddr_in sa;
-
- /* connects to server
- */
- sd = socket (AF_INET, SOCK_STREAM, 0);
-
- memset (&sa, '\0', sizeof (sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (atoi (PORT));
- inet_pton (AF_INET, SERVER, &sa.sin_addr);
-
- err = connect (sd, (struct sockaddr *) & sa, sizeof (sa));
- if (err < 0)
- {
- fprintf (stderr, "Connect error\n");
- exit (1);
- }
-
- return sd;
+ const char *PORT = "5556";
+ const char *SERVER = "127.0.0.1";
+ int err, sd;
+ struct sockaddr_in sa;
+
+ /* connects to server
+ */
+ sd = socket(AF_INET, SOCK_STREAM, 0);
+
+ memset(&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons(atoi(PORT));
+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
+
+ err = connect(sd, (struct sockaddr *) &sa, sizeof(sa));
+ if (err < 0) {
+ fprintf(stderr, "Connect error\n");
+ exit(1);
+ }
+
+ return sd;
}
/* closes the given socket descriptor.
*/
-extern void
-tcp_close (int sd)
+extern void tcp_close(int sd)
{
- shutdown (sd, SHUT_RDWR); /* no more receptions */
- close (sd);
+ shutdown(sd, SHUT_RDWR); /* no more receptions */
+ close(sd);
}
diff --git a/doc/examples/udp.c b/doc/examples/udp.c
index 0c48ac1b5b..184f31718d 100644
--- a/doc/examples/udp.c
+++ b/doc/examples/udp.c
@@ -14,53 +14,50 @@
#include <unistd.h>
/* udp.c */
-int udp_connect (void);
-void udp_close (int sd);
+int udp_connect(void);
+void udp_close(int sd);
/* Connects to the peer and returns a socket
* descriptor.
*/
-extern int
-udp_connect (void)
+extern int udp_connect(void)
{
- const char *PORT = "5557";
- const char *SERVER = "127.0.0.1";
- int err, sd, optval;
- struct sockaddr_in sa;
+ const char *PORT = "5557";
+ const char *SERVER = "127.0.0.1";
+ int err, sd, optval;
+ struct sockaddr_in sa;
- /* connects to server
- */
- sd = socket (AF_INET, SOCK_DGRAM, 0);
+ /* connects to server
+ */
+ sd = socket(AF_INET, SOCK_DGRAM, 0);
- memset (&sa, '\0', sizeof (sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (atoi (PORT));
- inet_pton (AF_INET, SERVER, &sa.sin_addr);
+ memset(&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons(atoi(PORT));
+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
#if defined(IP_DONTFRAG)
- optval = 1;
- setsockopt (sd, IPPROTO_IP, IP_DONTFRAG,
- (const void *) &optval, sizeof (optval));
+ optval = 1;
+ setsockopt(sd, IPPROTO_IP, IP_DONTFRAG,
+ (const void *) &optval, sizeof(optval));
#elif defined(IP_MTU_DISCOVER)
- optval = IP_PMTUDISC_DO;
- setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER,
- (const void*) &optval, sizeof (optval));
+ optval = IP_PMTUDISC_DO;
+ setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER,
+ (const void *) &optval, sizeof(optval));
#endif
- err = connect (sd, (struct sockaddr *) & sa, sizeof (sa));
- if (err < 0)
- {
- fprintf (stderr, "Connect error\n");
- exit (1);
- }
+ err = connect(sd, (struct sockaddr *) &sa, sizeof(sa));
+ if (err < 0) {
+ fprintf(stderr, "Connect error\n");
+ exit(1);
+ }
- return sd;
+ return sd;
}
/* closes the given socket descriptor.
*/
-extern void
-udp_close (int sd)
+extern void udp_close(int sd)
{
- close (sd);
+ close(sd);
}
diff --git a/doc/examples/verify.c b/doc/examples/verify.c
index bee8e6bdf4..4d0d059ea6 100644
--- a/doc/examples/verify.c
+++ b/doc/examples/verify.c
@@ -10,42 +10,42 @@
#include "examples.h"
-int verify_certificate_callback (gnutls_session_t session)
+int verify_certificate_callback(gnutls_session_t session)
{
- unsigned int status;
- int ret, type;
- const char *hostname;
- gnutls_datum_t out;
-
- /* read hostname */
- hostname = gnutls_session_get_ptr (session);
-
- /* This verification function uses the trusted CAs in the credentials
- * structure. So you must have installed one or more CA certificates.
- */
- ret = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- type = gnutls_certificate_type_get (session);
-
- ret = gnutls_certificate_verification_status_print( status, type, &out, 0);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- printf ("%s", out.data);
-
- gnutls_free(out.data);
-
- if (status != 0) /* Certificate is not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
-
- /* notify gnutls to continue handshake normally */
- return 0;
+ unsigned int status;
+ int ret, type;
+ const char *hostname;
+ gnutls_datum_t out;
+
+ /* read hostname */
+ hostname = gnutls_session_get_ptr(session);
+
+ /* This verification function uses the trusted CAs in the credentials
+ * structure. So you must have installed one or more CA certificates.
+ */
+ ret = gnutls_certificate_verify_peers3(session, hostname, &status);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ type = gnutls_certificate_type_get(session);
+
+ ret =
+ gnutls_certificate_verification_status_print(status, type,
+ &out, 0);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ printf("%s", out.data);
+
+ gnutls_free(out.data);
+
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+
+ /* notify gnutls to continue handshake normally */
+ return 0;
}
diff --git a/doc/printlist.c b/doc/printlist.c
index de2796a774..a87f14c545 100644
--- a/doc/printlist.c
+++ b/doc/printlist.c
@@ -27,199 +27,198 @@
#include <gnutls/openpgp.h>
#include "common.h"
-static void main_texinfo (void);
+static void main_texinfo(void);
static void main_latex(void);
char buffer[1024];
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- if (argc > 1)
- main_latex();
- else
- main_texinfo();
-
- return 0;
+ if (argc > 1)
+ main_latex();
+ else
+ main_texinfo();
+
+ return 0;
}
-static void main_texinfo (void)
+static void main_texinfo(void)
{
- {
- size_t i;
- const char *name;
- char id[2];
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- printf ("@heading Ciphersuites\n");
- printf ("@multitable @columnfractions .60 .20 .20\n");
- printf("@headitem Ciphersuite name @tab TLS ID @tab Since\n");
- for (i = 0; (name = gnutls_cipher_suite_info
- (i, id, &kx, &cipher, &mac, &version)); i++)
- {
- printf ("@item %s\n@tab 0x%02X 0x%02X\n@tab %s\n",
- escape_texi_string(name, buffer, sizeof(buffer)),
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- }
- printf ("@end multitable\n");
-
- }
-
- {
- const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
-
- printf ("\n\n@heading Certificate types\n");
- printf ("@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_certificate_type_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_protocol_t *p = gnutls_protocol_list ();
-
- printf ("\n@heading Protocols\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_protocol_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
-
- printf ("\n@heading Ciphers\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_cipher_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
-
- printf ("\n@heading MAC algorithms\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_mac_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
-
- printf ("\n@heading Key exchange methods\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_kx_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
-
- printf ("\n@heading Public key algorithms\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_pk_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
-
- printf ("\n@heading Public key signature algorithms\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_sign_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
-
- printf ("\n@heading Elliptic curves\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_ecc_curve_get_name (*p));
- }
- printf ("@end table\n");
- }
-
-
- {
- const gnutls_compression_method_t *p = gnutls_compression_list ();
-
- printf ("\n@heading Compression methods\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_compression_get_name (*p));
- }
- printf ("@end table\n");
- }
+ {
+ size_t i;
+ const char *name;
+ char id[2];
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+
+ printf("@heading Ciphersuites\n");
+ printf("@multitable @columnfractions .60 .20 .20\n");
+ printf
+ ("@headitem Ciphersuite name @tab TLS ID @tab Since\n");
+ for (i = 0;
+ (name =
+ gnutls_cipher_suite_info(i, id, &kx, &cipher, &mac,
+ &version)); i++) {
+ printf("@item %s\n@tab 0x%02X 0x%02X\n@tab %s\n",
+ escape_texi_string(name, buffer,
+ sizeof(buffer)),
+ (unsigned char) id[0],
+ (unsigned char) id[1],
+ gnutls_protocol_get_name(version));
+ }
+ printf("@end multitable\n");
+
+ }
+
+ {
+ const gnutls_certificate_type_t *p =
+ gnutls_certificate_type_list();
+
+ printf("\n\n@heading Certificate types\n");
+ printf("@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n",
+ gnutls_certificate_type_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_protocol_t *p = gnutls_protocol_list();
+
+ printf("\n@heading Protocols\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_protocol_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_cipher_algorithm_t *p = gnutls_cipher_list();
+
+ printf("\n@heading Ciphers\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_cipher_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_mac_algorithm_t *p = gnutls_mac_list();
+
+ printf("\n@heading MAC algorithms\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_mac_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_kx_algorithm_t *p = gnutls_kx_list();
+
+ printf("\n@heading Key exchange methods\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_kx_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_pk_algorithm_t *p = gnutls_pk_list();
+
+ printf("\n@heading Public key algorithms\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_pk_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_sign_algorithm_t *p = gnutls_sign_list();
+
+ printf
+ ("\n@heading Public key signature algorithms\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_sign_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list();
+
+ printf("\n@heading Elliptic curves\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n",
+ gnutls_ecc_curve_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+
+ {
+ const gnutls_compression_method_t *p =
+ gnutls_compression_list();
+
+ printf("\n@heading Compression methods\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n",
+ gnutls_compression_get_name(*p));
+ }
+ printf("@end table\n");
+ }
}
static const char headers[] = "\\tablefirsthead{%\n"
- "\\hline\n"
- "Ciphersuite name & TLS ID & Since\\\\\n"
- "\\hline}\n"
+ "\\hline\n" "Ciphersuite name & TLS ID & Since\\\\\n" "\\hline}\n"
#if 0
- "\\tablehead{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
- "\\hline}\n"
- "\\tabletail{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
- "\\hline}\n"
+ "\\tablehead{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
+ "\\hline}\n"
+ "\\tabletail{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
+ "\\hline}\n"
#endif
- "\\tablelasttail{\\hline}\n"
- "\\bottomcaption{The ciphersuites table}\n\n";
+ "\\tablelasttail{\\hline}\n"
+ "\\bottomcaption{The ciphersuites table}\n\n";
static void main_latex(void)
{
-int i, j;
-const char* desc;
-const char* _name;
-
-puts( headers);
-
-printf("\\begin{supertabular}{|p{.64\\linewidth}|p{.12\\linewidth}|p{.09\\linewidth}|}\n");
-
- {
- size_t i;
- const char *name;
- char id[2];
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- for (i = 0; (name = gnutls_cipher_suite_info
- (i, id, &kx, &cipher, &mac, &version)); i++)
- {
- printf ("{\\small{%s}} & \\code{0x%02X 0x%02X} & %s",
- escape_string(name, buffer, sizeof(buffer)),
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- printf( "\\\\\n");
- }
- printf("\\end{supertabular}\n\n");
-
- }
-
-return;
+ int i, j;
+ const char *desc;
+ const char *_name;
+
+ puts(headers);
+
+ printf
+ ("\\begin{supertabular}{|p{.64\\linewidth}|p{.12\\linewidth}|p{.09\\linewidth}|}\n");
+
+ {
+ size_t i;
+ const char *name;
+ char id[2];
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+
+ for (i = 0; (name = gnutls_cipher_suite_info
+ (i, id, &kx, &cipher, &mac, &version)); i++) {
+ printf
+ ("{\\small{%s}} & \\code{0x%02X 0x%02X} & %s",
+ escape_string(name, buffer, sizeof(buffer)),
+ (unsigned char) id[0], (unsigned char) id[1],
+ gnutls_protocol_get_name(version));
+ printf("\\\\\n");
+ }
+ printf("\\end{supertabular}\n\n");
+
+ }
+
+ return;
}
diff --git a/extra/gnutls_openssl.c b/extra/gnutls_openssl.c
index c43ae08b69..f28fad855a 100644
--- a/extra/gnutls_openssl.c
+++ b/extra/gnutls_openssl.c
@@ -33,7 +33,7 @@
* undefine it to avoid the conflict with openssl.h.
*/
#ifdef X509_NAME
-# undef X509_NAME
+#undef X509_NAME
#endif
#include <gnutls/openssl.h>
@@ -51,859 +51,792 @@ static int last_error = 0;
/* Library initialisation functions */
-int
-SSL_library_init (void)
+int SSL_library_init(void)
{
- gnutls_global_init ();
- /* NB: we haven't got anywhere to call gnutls_global_deinit() */
- return 1;
+ gnutls_global_init();
+ /* NB: we haven't got anywhere to call gnutls_global_deinit() */
+ return 1;
}
-void
-OpenSSL_add_all_algorithms (void)
+void OpenSSL_add_all_algorithms(void)
{
}
/* SSL_CTX structure handling */
-SSL_CTX *
-SSL_CTX_new (SSL_METHOD * method)
+SSL_CTX *SSL_CTX_new(SSL_METHOD * method)
{
- SSL_CTX *ctx;
+ SSL_CTX *ctx;
- ctx = (SSL_CTX *) calloc (1, sizeof (SSL_CTX));
- ctx->method = method;
+ ctx = (SSL_CTX *) calloc(1, sizeof(SSL_CTX));
+ ctx->method = method;
- return ctx;
+ return ctx;
}
-void
-SSL_CTX_free (SSL_CTX * ctx)
+void SSL_CTX_free(SSL_CTX * ctx)
{
- free (ctx->method);
- free (ctx);
+ free(ctx->method);
+ free(ctx);
}
-int
-SSL_CTX_set_default_verify_paths (SSL_CTX * ctx)
+int SSL_CTX_set_default_verify_paths(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
int
-SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *certfile, int type)
+SSL_CTX_use_certificate_file(SSL_CTX * ctx, const char *certfile, int type)
{
- ctx->certfile = (char *) calloc (1, strlen (certfile) + 1);
- if (!ctx->certfile)
- return -1;
- memcpy (ctx->certfile, certfile, strlen (certfile));
+ ctx->certfile = (char *) calloc(1, strlen(certfile) + 1);
+ if (!ctx->certfile)
+ return -1;
+ memcpy(ctx->certfile, certfile, strlen(certfile));
- ctx->certfile_type = type;
+ ctx->certfile_type = type;
- return 1;
+ return 1;
}
int
-SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile, int type)
+SSL_CTX_use_PrivateKey_file(SSL_CTX * ctx, const char *keyfile, int type)
{
- ctx->keyfile = (char *) calloc (1, strlen (keyfile) + 1);
- if (!ctx->keyfile)
- return -1;
- memcpy (ctx->keyfile, keyfile, strlen (keyfile));
+ ctx->keyfile = (char *) calloc(1, strlen(keyfile) + 1);
+ if (!ctx->keyfile)
+ return -1;
+ memcpy(ctx->keyfile, keyfile, strlen(keyfile));
- ctx->keyfile_type = type;
+ ctx->keyfile_type = type;
- return 1;
+ return 1;
}
void
-SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode,
- int (*verify_callback) (int, X509_STORE_CTX *))
+SSL_CTX_set_verify(SSL_CTX * ctx, int verify_mode,
+ int (*verify_callback) (int, X509_STORE_CTX *))
{
- ctx->verify_mode = verify_mode;
- ctx->verify_callback = verify_callback;
+ ctx->verify_mode = verify_mode;
+ ctx->verify_callback = verify_callback;
}
-unsigned long
-SSL_CTX_set_options (SSL_CTX * ctx, unsigned long options)
+unsigned long SSL_CTX_set_options(SSL_CTX * ctx, unsigned long options)
{
- return (ctx->options |= options);
+ return (ctx->options |= options);
}
-long
-SSL_CTX_set_mode (SSL_CTX * ctx, long mode)
+long SSL_CTX_set_mode(SSL_CTX * ctx, long mode)
{
- return 0;
+ return 0;
}
-int
-SSL_CTX_set_cipher_list (SSL_CTX * ctx, const char *list)
+int SSL_CTX_set_cipher_list(SSL_CTX * ctx, const char *list)
{
- /* FIXME: ignore this for the moment */
- /* We're going to have to parse the "list" string to do this */
- /* It is a string, which in its simplest form is something like
- "DES-CBC3-SHA:IDEA-CBC-MD5", but can be rather more complicated
- (see OpenSSL's ciphers(1) manpage for details) */
+ /* FIXME: ignore this for the moment */
+ /* We're going to have to parse the "list" string to do this */
+ /* It is a string, which in its simplest form is something like
+ "DES-CBC3-SHA:IDEA-CBC-MD5", but can be rather more complicated
+ (see OpenSSL's ciphers(1) manpage for details) */
- return 1;
+ return 1;
}
/* SSL_CTX statistics */
-long
-SSL_CTX_sess_number (SSL_CTX * ctx)
+long SSL_CTX_sess_number(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_connect (SSL_CTX * ctx)
+long SSL_CTX_sess_connect(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_connect_good (SSL_CTX * ctx)
+long SSL_CTX_sess_connect_good(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_connect_renegotiate (SSL_CTX * ctx)
+long SSL_CTX_sess_connect_renegotiate(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_accept (SSL_CTX * ctx)
+long SSL_CTX_sess_accept(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_accept_good (SSL_CTX * ctx)
+long SSL_CTX_sess_accept_good(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_accept_renegotiate (SSL_CTX * ctx)
+long SSL_CTX_sess_accept_renegotiate(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_hits (SSL_CTX * ctx)
+long SSL_CTX_sess_hits(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_misses (SSL_CTX * ctx)
+long SSL_CTX_sess_misses(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
-long
-SSL_CTX_sess_timeouts (SSL_CTX * ctx)
+long SSL_CTX_sess_timeouts(SSL_CTX * ctx)
{
- return 0;
+ return 0;
}
/* SSL structure handling */
-SSL *
-SSL_new (SSL_CTX * ctx)
+SSL *SSL_new(SSL_CTX * ctx)
{
- SSL *ssl;
- int err;
+ SSL *ssl;
+ int err;
- ssl = (SSL *) calloc (1, sizeof (SSL));
- if (!ssl)
- return NULL;
+ ssl = (SSL *) calloc(1, sizeof(SSL));
+ if (!ssl)
+ return NULL;
- err = gnutls_certificate_allocate_credentials (&ssl->gnutls_cred);
- if (err < 0)
- {
- last_error = err;
- free (ssl);
- return NULL;
- }
+ err = gnutls_certificate_allocate_credentials(&ssl->gnutls_cred);
+ if (err < 0) {
+ last_error = err;
+ free(ssl);
+ return NULL;
+ }
- gnutls_init (&ssl->gnutls_state, ctx->method->connend);
+ gnutls_init(&ssl->gnutls_state, ctx->method->connend);
- gnutls_priority_set_direct (ssl->gnutls_state,
- ctx->method->priority_string, NULL);
+ gnutls_priority_set_direct(ssl->gnutls_state,
+ ctx->method->priority_string, NULL);
- gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
- ssl->gnutls_cred);
- if (ctx->certfile)
- gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred,
- ctx->certfile,
- ctx->certfile_type);
- if (ctx->keyfile)
- gnutls_certificate_set_x509_key_file (ssl->gnutls_cred,
- ctx->certfile, ctx->keyfile,
- ctx->keyfile_type);
- ssl->ctx = ctx;
- ssl->verify_mode = ctx->verify_mode;
- ssl->verify_callback = ctx->verify_callback;
+ gnutls_credentials_set(ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
+ ssl->gnutls_cred);
+ if (ctx->certfile)
+ gnutls_certificate_set_x509_trust_file(ssl->gnutls_cred,
+ ctx->certfile,
+ ctx->certfile_type);
+ if (ctx->keyfile)
+ gnutls_certificate_set_x509_key_file(ssl->gnutls_cred,
+ ctx->certfile,
+ ctx->keyfile,
+ ctx->keyfile_type);
+ ssl->ctx = ctx;
+ ssl->verify_mode = ctx->verify_mode;
+ ssl->verify_callback = ctx->verify_callback;
- ssl->options = ctx->options;
+ ssl->options = ctx->options;
- ssl->rfd = (gnutls_transport_ptr_t) - 1;
- ssl->wfd = (gnutls_transport_ptr_t) - 1;
+ ssl->rfd = (gnutls_transport_ptr_t) - 1;
+ ssl->wfd = (gnutls_transport_ptr_t) - 1;
- return ssl;
+ return ssl;
}
-void
-SSL_free (SSL * ssl)
+void SSL_free(SSL * ssl)
{
- gnutls_certificate_free_credentials (ssl->gnutls_cred);
- gnutls_deinit (ssl->gnutls_state);
- free (ssl);
+ gnutls_certificate_free_credentials(ssl->gnutls_cred);
+ gnutls_deinit(ssl->gnutls_state);
+ free(ssl);
}
-void
-SSL_load_error_strings (void)
+void SSL_load_error_strings(void)
{
}
-int
-SSL_get_error (SSL * ssl, int ret)
+int SSL_get_error(SSL * ssl, int ret)
{
- if (ret > 0)
- return SSL_ERROR_NONE;
+ if (ret > 0)
+ return SSL_ERROR_NONE;
- return SSL_ERROR_ZERO_RETURN;
+ return SSL_ERROR_ZERO_RETURN;
}
-int
-SSL_set_fd (SSL * ssl, int fd)
+int SSL_set_fd(SSL * ssl, int fd)
{
- gnutls_transport_set_ptr (ssl->gnutls_state, GNUTLS_INT_TO_POINTER (fd));
- return 1;
+ gnutls_transport_set_ptr(ssl->gnutls_state,
+ GNUTLS_INT_TO_POINTER(fd));
+ return 1;
}
-int
-SSL_set_rfd (SSL * ssl, int fd)
+int SSL_set_rfd(SSL * ssl, int fd)
{
- ssl->rfd = GNUTLS_INT_TO_POINTER (fd);
+ ssl->rfd = GNUTLS_INT_TO_POINTER(fd);
- if (ssl->wfd != (gnutls_transport_ptr_t) - 1)
- gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
+ if (ssl->wfd != (gnutls_transport_ptr_t) - 1)
+ gnutls_transport_set_ptr2(ssl->gnutls_state, ssl->rfd,
+ ssl->wfd);
- return 1;
+ return 1;
}
-int
-SSL_set_wfd (SSL * ssl, int fd)
+int SSL_set_wfd(SSL * ssl, int fd)
{
- ssl->wfd = GNUTLS_INT_TO_POINTER (fd);
+ ssl->wfd = GNUTLS_INT_TO_POINTER(fd);
- if (ssl->rfd != (gnutls_transport_ptr_t) - 1)
- gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
+ if (ssl->rfd != (gnutls_transport_ptr_t) - 1)
+ gnutls_transport_set_ptr2(ssl->gnutls_state, ssl->rfd,
+ ssl->wfd);
- return 1;
+ return 1;
}
-void
-SSL_set_bio (SSL * ssl, BIO * rbio, BIO * wbio)
+void SSL_set_bio(SSL * ssl, BIO * rbio, BIO * wbio)
{
- gnutls_transport_set_ptr2 (ssl->gnutls_state, rbio->fd, wbio->fd);
- /* free(BIO); ? */
+ gnutls_transport_set_ptr2(ssl->gnutls_state, rbio->fd, wbio->fd);
+ /* free(BIO); ? */
}
-void
-SSL_set_connect_state (SSL * ssl)
+void SSL_set_connect_state(SSL * ssl)
{
}
-int
-SSL_pending (SSL * ssl)
+int SSL_pending(SSL * ssl)
{
- return gnutls_record_check_pending (ssl->gnutls_state);
+ return gnutls_record_check_pending(ssl->gnutls_state);
}
void
-SSL_set_verify (SSL * ssl, int verify_mode,
- int (*verify_callback) (int, X509_STORE_CTX *))
+SSL_set_verify(SSL * ssl, int verify_mode,
+ int (*verify_callback) (int, X509_STORE_CTX *))
{
- ssl->verify_mode = verify_mode;
- ssl->verify_callback = verify_callback;
+ ssl->verify_mode = verify_mode;
+ ssl->verify_callback = verify_callback;
}
-const X509 *
-SSL_get_peer_certificate (SSL * ssl)
+const X509 *SSL_get_peer_certificate(SSL * ssl)
{
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
- cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
- &cert_list_size);
+ cert_list = gnutls_certificate_get_peers(ssl->gnutls_state,
+ &cert_list_size);
- return cert_list;
+ return cert_list;
}
/* SSL connection open/close/read/write functions */
-int
-SSL_connect (SSL * ssl)
-{
- X509_STORE_CTX *store;
- unsigned int cert_list_size = 0;
- int err;
- char x_priority[256];
- /* take options into account before connecting */
-
- memset (x_priority, 0, sizeof (x_priority));
- if (ssl->options & SSL_OP_NO_TLSv1)
- {
- snprintf(x_priority, sizeof(x_priority), "%s:-VERS-TLS1.0", ssl->ctx->method->priority_string);
- err = gnutls_priority_set_direct(ssl->gnutls_state, x_priority, NULL);
- if (err < 0)
- {
- last_error = err;
- return 0;
- }
- }
-
- err = gnutls_handshake (ssl->gnutls_state);
- ssl->last_error = err;
-
- if (err < 0)
- {
- last_error = err;
- return 0;
- }
-
- store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
- store->ssl = ssl;
- store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
- &cert_list_size);
-
- if (ssl->verify_callback)
- {
- ssl->verify_callback (1 /*FIXME*/, store);
- }
- ssl->state = SSL_ST_OK;
-
- err = store->error;
- free (store);
-
- /* FIXME: deal with error from callback */
-
- return 1;
+int SSL_connect(SSL * ssl)
+{
+ X509_STORE_CTX *store;
+ unsigned int cert_list_size = 0;
+ int err;
+ char x_priority[256];
+ /* take options into account before connecting */
+
+ memset(x_priority, 0, sizeof(x_priority));
+ if (ssl->options & SSL_OP_NO_TLSv1) {
+ snprintf(x_priority, sizeof(x_priority), "%s:-VERS-TLS1.0",
+ ssl->ctx->method->priority_string);
+ err =
+ gnutls_priority_set_direct(ssl->gnutls_state,
+ x_priority, NULL);
+ if (err < 0) {
+ last_error = err;
+ return 0;
+ }
+ }
+
+ err = gnutls_handshake(ssl->gnutls_state);
+ ssl->last_error = err;
+
+ if (err < 0) {
+ last_error = err;
+ return 0;
+ }
+
+ store = (X509_STORE_CTX *) calloc(1, sizeof(X509_STORE_CTX));
+ store->ssl = ssl;
+ store->cert_list = gnutls_certificate_get_peers(ssl->gnutls_state,
+ &cert_list_size);
+
+ if (ssl->verify_callback) {
+ ssl->verify_callback(1 /*FIXME*/, store);
+ }
+ ssl->state = SSL_ST_OK;
+
+ err = store->error;
+ free(store);
+
+ /* FIXME: deal with error from callback */
+
+ return 1;
}
-int
-SSL_accept (SSL * ssl)
+int SSL_accept(SSL * ssl)
{
- X509_STORE_CTX *store;
- unsigned int cert_list_size = 0;
- int err;
- char x_priority[256];
- /* take options into account before connecting */
+ X509_STORE_CTX *store;
+ unsigned int cert_list_size = 0;
+ int err;
+ char x_priority[256];
+ /* take options into account before connecting */
- memset (x_priority, 0, sizeof (x_priority));
- if (ssl->options & SSL_OP_NO_TLSv1)
- {
- snprintf(x_priority, sizeof(x_priority), "%s:-VERS-TLS1.0", ssl->ctx->method->priority_string);
- err = gnutls_priority_set_direct(ssl->gnutls_state, x_priority, NULL);
- if (err < 0)
- {
- last_error = err;
- return 0;
- }
- }
+ memset(x_priority, 0, sizeof(x_priority));
+ if (ssl->options & SSL_OP_NO_TLSv1) {
+ snprintf(x_priority, sizeof(x_priority), "%s:-VERS-TLS1.0",
+ ssl->ctx->method->priority_string);
+ err =
+ gnutls_priority_set_direct(ssl->gnutls_state,
+ x_priority, NULL);
+ if (err < 0) {
+ last_error = err;
+ return 0;
+ }
+ }
- /* FIXME: dh params, do we want client cert? */
+ /* FIXME: dh params, do we want client cert? */
- err = gnutls_handshake (ssl->gnutls_state);
- ssl->last_error = err;
+ err = gnutls_handshake(ssl->gnutls_state);
+ ssl->last_error = err;
- if (err < 0)
- {
- last_error = err;
- return 0;
- }
+ if (err < 0) {
+ last_error = err;
+ return 0;
+ }
- store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
- store->ssl = ssl;
- store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
- &cert_list_size);
+ store = (X509_STORE_CTX *) calloc(1, sizeof(X509_STORE_CTX));
+ store->ssl = ssl;
+ store->cert_list = gnutls_certificate_get_peers(ssl->gnutls_state,
+ &cert_list_size);
- if (ssl->verify_callback)
- {
- ssl->verify_callback (1 /*FIXME*/, store);
- }
- ssl->state = SSL_ST_OK;
+ if (ssl->verify_callback) {
+ ssl->verify_callback(1 /*FIXME*/, store);
+ }
+ ssl->state = SSL_ST_OK;
- err = store->error;
- free (store);
+ err = store->error;
+ free(store);
- /* FIXME: deal with error from callback */
+ /* FIXME: deal with error from callback */
- return 1;
+ return 1;
}
-int
-SSL_shutdown (SSL * ssl)
+int SSL_shutdown(SSL * ssl)
{
- if (!ssl->shutdown)
- {
- gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_WR);
- ssl->shutdown++;
- }
- else
- {
- gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_RDWR);
- ssl->shutdown++;
- }
+ if (!ssl->shutdown) {
+ gnutls_bye(ssl->gnutls_state, GNUTLS_SHUT_WR);
+ ssl->shutdown++;
+ } else {
+ gnutls_bye(ssl->gnutls_state, GNUTLS_SHUT_RDWR);
+ ssl->shutdown++;
+ }
- /* FIXME */
- return 1;
+ /* FIXME */
+ return 1;
}
-int
-SSL_read (SSL * ssl, void *buf, int len)
+int SSL_read(SSL * ssl, void *buf, int len)
{
- int ret;
+ int ret;
- ret = gnutls_record_recv (ssl->gnutls_state, buf, len);
- ssl->last_error = ret;
+ ret = gnutls_record_recv(ssl->gnutls_state, buf, len);
+ ssl->last_error = ret;
- if (ret < 0)
- {
- last_error = ret;
- return 0;
- }
+ if (ret < 0) {
+ last_error = ret;
+ return 0;
+ }
- return ret;
+ return ret;
}
-int
-SSL_write (SSL * ssl, const void *buf, int len)
+int SSL_write(SSL * ssl, const void *buf, int len)
{
- int ret;
+ int ret;
- ret = gnutls_record_send (ssl->gnutls_state, buf, len);
- ssl->last_error = ret;
+ ret = gnutls_record_send(ssl->gnutls_state, buf, len);
+ ssl->last_error = ret;
- if (ret < 0)
- {
- last_error = ret;
- return 0;
- }
+ if (ret < 0) {
+ last_error = ret;
+ return 0;
+ }
- return ret;
+ return ret;
}
-int
-SSL_want (SSL * ssl)
+int SSL_want(SSL * ssl)
{
- return SSL_NOTHING;
+ return SSL_NOTHING;
}
/* SSL_METHOD functions */
-SSL_METHOD *
-SSLv23_client_method (void)
+SSL_METHOD *SSLv23_client_method(void)
{
- SSL_METHOD *m;
- m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
- if (!m)
- return NULL;
+ SSL_METHOD *m;
+ m = (SSL_METHOD *) calloc(1, sizeof(SSL_METHOD));
+ if (!m)
+ return NULL;
- strcpy(m->priority_string, "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
+ strcpy(m->priority_string,
+ "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
- m->connend = GNUTLS_CLIENT;
+ m->connend = GNUTLS_CLIENT;
- return m;
+ return m;
}
-SSL_METHOD *
-SSLv23_server_method (void)
+SSL_METHOD *SSLv23_server_method(void)
{
- SSL_METHOD *m;
- m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
- if (!m)
- return NULL;
+ SSL_METHOD *m;
+ m = (SSL_METHOD *) calloc(1, sizeof(SSL_METHOD));
+ if (!m)
+ return NULL;
- strcpy(m->priority_string, "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
- m->connend = GNUTLS_SERVER;
+ strcpy(m->priority_string,
+ "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
+ m->connend = GNUTLS_SERVER;
- return m;
+ return m;
}
-SSL_METHOD *
-SSLv3_client_method (void)
+SSL_METHOD *SSLv3_client_method(void)
{
- SSL_METHOD *m;
- m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
- if (!m)
- return NULL;
+ SSL_METHOD *m;
+ m = (SSL_METHOD *) calloc(1, sizeof(SSL_METHOD));
+ if (!m)
+ return NULL;
- strcpy(m->priority_string, "NONE:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
- m->connend = GNUTLS_CLIENT;
+ strcpy(m->priority_string,
+ "NONE:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
+ m->connend = GNUTLS_CLIENT;
- return m;
+ return m;
}
-SSL_METHOD *
-SSLv3_server_method (void)
+SSL_METHOD *SSLv3_server_method(void)
{
- SSL_METHOD *m;
- m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
- if (!m)
- return NULL;
+ SSL_METHOD *m;
+ m = (SSL_METHOD *) calloc(1, sizeof(SSL_METHOD));
+ if (!m)
+ return NULL;
- strcpy(m->priority_string, "NONE:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
- m->connend = GNUTLS_SERVER;
+ strcpy(m->priority_string,
+ "NONE:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
+ m->connend = GNUTLS_SERVER;
- return m;
+ return m;
}
-SSL_METHOD *
-TLSv1_client_method (void)
+SSL_METHOD *TLSv1_client_method(void)
{
- SSL_METHOD *m;
- m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
- if (!m)
- return NULL;
+ SSL_METHOD *m;
+ m = (SSL_METHOD *) calloc(1, sizeof(SSL_METHOD));
+ if (!m)
+ return NULL;
- strcpy(m->priority_string, "NONE:+VERS-TLS1.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
- m->connend = GNUTLS_CLIENT;
+ strcpy(m->priority_string,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
+ m->connend = GNUTLS_CLIENT;
- return m;
+ return m;
}
-SSL_METHOD *
-TLSv1_server_method (void)
+SSL_METHOD *TLSv1_server_method(void)
{
- SSL_METHOD *m;
- m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
- if (!m)
- return NULL;
+ SSL_METHOD *m;
+ m = (SSL_METHOD *) calloc(1, sizeof(SSL_METHOD));
+ if (!m)
+ return NULL;
- strcpy(m->priority_string, "NONE:+VERS-TLS1.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
- m->connend = GNUTLS_SERVER;
+ strcpy(m->priority_string,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL");
+ m->connend = GNUTLS_SERVER;
- return m;
+ return m;
}
/* SSL_CIPHER functions */
-SSL_CIPHER *
-SSL_get_current_cipher (SSL * ssl)
+SSL_CIPHER *SSL_get_current_cipher(SSL * ssl)
{
- if (!ssl)
- return NULL;
+ if (!ssl)
+ return NULL;
- ssl->ciphersuite.version = gnutls_protocol_get_version (ssl->gnutls_state);
- ssl->ciphersuite.cipher = gnutls_cipher_get (ssl->gnutls_state);
- ssl->ciphersuite.kx = gnutls_kx_get (ssl->gnutls_state);
- ssl->ciphersuite.mac = gnutls_mac_get (ssl->gnutls_state);
- ssl->ciphersuite.compression = gnutls_compression_get (ssl->gnutls_state);
- ssl->ciphersuite.cert = gnutls_certificate_type_get (ssl->gnutls_state);
+ ssl->ciphersuite.version =
+ gnutls_protocol_get_version(ssl->gnutls_state);
+ ssl->ciphersuite.cipher = gnutls_cipher_get(ssl->gnutls_state);
+ ssl->ciphersuite.kx = gnutls_kx_get(ssl->gnutls_state);
+ ssl->ciphersuite.mac = gnutls_mac_get(ssl->gnutls_state);
+ ssl->ciphersuite.compression =
+ gnutls_compression_get(ssl->gnutls_state);
+ ssl->ciphersuite.cert =
+ gnutls_certificate_type_get(ssl->gnutls_state);
- return &(ssl->ciphersuite);
+ return &(ssl->ciphersuite);
}
-const char *
-SSL_CIPHER_get_name (SSL_CIPHER * cipher)
+const char *SSL_CIPHER_get_name(SSL_CIPHER * cipher)
{
- if (!cipher)
- return ("NONE");
+ if (!cipher)
+ return ("NONE");
- return gnutls_cipher_suite_get_name (cipher->kx,
- cipher->cipher, cipher->mac);
+ return gnutls_cipher_suite_get_name(cipher->kx,
+ cipher->cipher, cipher->mac);
}
-int
-SSL_CIPHER_get_bits (SSL_CIPHER * cipher, int *bits)
+int SSL_CIPHER_get_bits(SSL_CIPHER * cipher, int *bits)
{
- int bit_result;
+ int bit_result;
- if (!cipher)
- return 0;
+ if (!cipher)
+ return 0;
- bit_result = (8 * gnutls_cipher_get_key_size (cipher->cipher));
+ bit_result = (8 * gnutls_cipher_get_key_size(cipher->cipher));
- if (bits)
- *bits = bit_result;
+ if (bits)
+ *bits = bit_result;
- return bit_result;
+ return bit_result;
}
-const char *
-SSL_CIPHER_get_version (SSL_CIPHER * cipher)
+const char *SSL_CIPHER_get_version(SSL_CIPHER * cipher)
{
- const char *ret;
+ const char *ret;
- if (!cipher)
- return ("(NONE)");
+ if (!cipher)
+ return ("(NONE)");
- ret = gnutls_protocol_get_name (cipher->version);
- if (ret)
- return ret;
+ ret = gnutls_protocol_get_name(cipher->version);
+ if (ret)
+ return ret;
- return ("unknown");
+ return ("unknown");
}
-char *
-SSL_CIPHER_description (SSL_CIPHER * cipher, char *buf, int size)
+char *SSL_CIPHER_description(SSL_CIPHER * cipher, char *buf, int size)
{
- char *tmpbuf;
- int tmpsize;
- int local_alloc;
+ char *tmpbuf;
+ int tmpsize;
+ int local_alloc;
- if (buf)
- {
- tmpbuf = buf;
- tmpsize = size;
- local_alloc = 0;
- }
- else
- {
- tmpbuf = (char *) malloc (128);
- tmpsize = 128;
- local_alloc = 1;
- }
+ if (buf) {
+ tmpbuf = buf;
+ tmpsize = size;
+ local_alloc = 0;
+ } else {
+ tmpbuf = (char *) malloc(128);
+ tmpsize = 128;
+ local_alloc = 1;
+ }
- if (snprintf (tmpbuf, tmpsize, "%s %s %s %s",
- gnutls_protocol_get_name (cipher->version),
- gnutls_kx_get_name (cipher->kx),
- gnutls_cipher_get_name (cipher->cipher),
- gnutls_mac_get_name (cipher->mac)) == -1)
- {
- if (local_alloc)
- free (tmpbuf);
- return (char *) "Buffer too small";
- }
+ if (snprintf(tmpbuf, tmpsize, "%s %s %s %s",
+ gnutls_protocol_get_name(cipher->version),
+ gnutls_kx_get_name(cipher->kx),
+ gnutls_cipher_get_name(cipher->cipher),
+ gnutls_mac_get_name(cipher->mac)) == -1) {
+ if (local_alloc)
+ free(tmpbuf);
+ return (char *) "Buffer too small";
+ }
- return tmpbuf;
+ return tmpbuf;
}
/* X509 functions */
-X509_NAME *
-X509_get_subject_name (const X509 * cert)
+X509_NAME *X509_get_subject_name(const X509 * cert)
{
- gnutls_x509_dn *dn;
- dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
- if (gnutls_x509_extract_certificate_dn (cert, dn) < 0)
- {
- free (dn);
- return NULL;
- }
- return dn;
+ gnutls_x509_dn *dn;
+ dn = (gnutls_x509_dn *) calloc(1, sizeof(gnutls_x509_dn));
+ if (gnutls_x509_extract_certificate_dn(cert, dn) < 0) {
+ free(dn);
+ return NULL;
+ }
+ return dn;
}
-X509_NAME *
-X509_get_issuer_name (const X509 * cert)
+X509_NAME *X509_get_issuer_name(const X509 * cert)
{
- gnutls_x509_dn *dn;
- dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
- if (gnutls_x509_extract_certificate_issuer_dn (cert, dn) < 0)
- {
- free (dn);
- return NULL;
- }
- return dn;
+ gnutls_x509_dn *dn;
+ dn = (gnutls_x509_dn *) calloc(1, sizeof(gnutls_x509_dn));
+ if (gnutls_x509_extract_certificate_issuer_dn(cert, dn) < 0) {
+ free(dn);
+ return NULL;
+ }
+ return dn;
}
-char *
-X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len)
+char *X509_NAME_oneline(gnutls_x509_dn * name, char *buf, int len)
{
- /* XXX openssl allocates buffer if buf == NULL */
- if (!buf)
- return NULL;
- memset (buf, 0, len);
+ /* XXX openssl allocates buffer if buf == NULL */
+ if (!buf)
+ return NULL;
+ memset(buf, 0, len);
- snprintf (buf, len - 1,
- "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
- name->country, name->state_or_province_name,
- name->locality_name, name->organization,
- name->organizational_unit_name, name->common_name, name->email);
- return buf;
+ snprintf(buf, len - 1,
+ "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
+ name->country, name->state_or_province_name,
+ name->locality_name, name->organization,
+ name->organizational_unit_name, name->common_name,
+ name->email);
+ return buf;
}
-void
-X509_free (const X509 * cert)
+void X509_free(const X509 * cert)
{
- /* only get certificates as const items */
+ /* only get certificates as const items */
}
/* BIO functions */
-void
-BIO_get_fd (gnutls_session_t gnutls_state, int *fd)
+void BIO_get_fd(gnutls_session_t gnutls_state, int *fd)
{
- gnutls_transport_ptr_t tmp = gnutls_transport_get_ptr (gnutls_state);
- *fd = GNUTLS_POINTER_TO_INT (tmp);
+ gnutls_transport_ptr_t tmp =
+ gnutls_transport_get_ptr(gnutls_state);
+ *fd = GNUTLS_POINTER_TO_INT(tmp);
}
-BIO *
-BIO_new_socket (int sock, int close_flag)
+BIO *BIO_new_socket(int sock, int close_flag)
{
- BIO *bio;
+ BIO *bio;
- bio = (BIO *) malloc (sizeof (BIO));
- if (!bio)
- return NULL;
+ bio = (BIO *) malloc(sizeof(BIO));
+ if (!bio)
+ return NULL;
- bio->fd = GNUTLS_INT_TO_POINTER (sock);
+ bio->fd = GNUTLS_INT_TO_POINTER(sock);
- return bio;
+ return bio;
}
/* error handling */
-unsigned long
-ERR_get_error (void)
+unsigned long ERR_get_error(void)
{
- unsigned long ret;
+ unsigned long ret;
- ret = -1 * last_error;
- last_error = 0;
+ ret = -1 * last_error;
+ last_error = 0;
- return ret;
+ return ret;
}
-const char *
-ERR_error_string (unsigned long e, char *buf)
+const char *ERR_error_string(unsigned long e, char *buf)
{
- return gnutls_strerror (-1 * e);
+ return gnutls_strerror(-1 * e);
}
/* RAND functions */
-int
-RAND_status (void)
+int RAND_status(void)
{
- return 1;
+ return 1;
}
-void
-RAND_seed (const void *buf, int num)
+void RAND_seed(const void *buf, int num)
{
}
-int
-RAND_bytes (unsigned char *buf, int num)
+int RAND_bytes(unsigned char *buf, int num)
{
- gnutls_rnd (GNUTLS_RND_RANDOM, buf, num);
- return 1;
+ gnutls_rnd(GNUTLS_RND_RANDOM, buf, num);
+ return 1;
}
-int
-RAND_pseudo_bytes (unsigned char *buf, int num)
+int RAND_pseudo_bytes(unsigned char *buf, int num)
{
- gnutls_rnd (GNUTLS_RND_NONCE, buf, num);
- return 1;
+ gnutls_rnd(GNUTLS_RND_NONCE, buf, num);
+ return 1;
}
-const char *
-RAND_file_name (char *buf, size_t len)
+const char *RAND_file_name(char *buf, size_t len)
{
- return "";
+ return "";
}
-int
-RAND_load_file (const char *name, long maxbytes)
+int RAND_load_file(const char *name, long maxbytes)
{
- return maxbytes;
+ return maxbytes;
}
-int
-RAND_write_file (const char *name)
+int RAND_write_file(const char *name)
{
- return 0;
+ return 0;
}
-int
-RAND_egd_bytes (const char *path, int bytes)
+int RAND_egd_bytes(const char *path, int bytes)
{
- /* fake it */
- return bytes;
+ /* fake it */
+ return bytes;
}
/* message digest functions */
-void
-MD5_Init (MD5_CTX * ctx)
+void MD5_Init(MD5_CTX * ctx)
{
-int ret;
- ret = gnutls_hash_init((void*)&ctx->handle, GNUTLS_DIG_MD5);
- if (ret < 0)
- abort ();
+ int ret;
+ ret = gnutls_hash_init((void *) &ctx->handle, GNUTLS_DIG_MD5);
+ if (ret < 0)
+ abort();
}
-void
-MD5_Update (MD5_CTX * ctx, const void *buf, int len)
+void MD5_Update(MD5_CTX * ctx, const void *buf, int len)
{
- gnutls_hash (ctx->handle, buf, len);
+ gnutls_hash(ctx->handle, buf, len);
}
-void
-MD5_Final (unsigned char *md, MD5_CTX * ctx)
+void MD5_Final(unsigned char *md, MD5_CTX * ctx)
{
- gnutls_hash_deinit (ctx->handle, md);
+ gnutls_hash_deinit(ctx->handle, md);
}
-unsigned char *
-MD5 (const unsigned char *buf, unsigned long len, unsigned char *md)
+unsigned char *MD5(const unsigned char *buf, unsigned long len,
+ unsigned char *md)
{
- if (!md)
- return NULL;
+ if (!md)
+ return NULL;
- gnutls_hash_fast (GNUTLS_DIG_MD5, buf, len, md);
+ gnutls_hash_fast(GNUTLS_DIG_MD5, buf, len, md);
- return md;
+ return md;
}
-void
-RIPEMD160_Init (RIPEMD160_CTX * ctx)
+void RIPEMD160_Init(RIPEMD160_CTX * ctx)
{
-int ret;
- ret = gnutls_hash_init((void*)&ctx->handle, GNUTLS_DIG_RMD160);
- if (ret < 0)
- abort ();
+ int ret;
+ ret = gnutls_hash_init((void *) &ctx->handle, GNUTLS_DIG_RMD160);
+ if (ret < 0)
+ abort();
}
-void
-RIPEMD160_Update (RIPEMD160_CTX * ctx, const void *buf, int len)
+void RIPEMD160_Update(RIPEMD160_CTX * ctx, const void *buf, int len)
{
- gnutls_hash (ctx->handle, buf, len);
+ gnutls_hash(ctx->handle, buf, len);
}
-void
-RIPEMD160_Final (unsigned char *md, RIPEMD160_CTX * ctx)
+void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX * ctx)
{
- gnutls_hash_deinit (ctx->handle, md);
+ gnutls_hash_deinit(ctx->handle, md);
}
-unsigned char *
-RIPEMD160 (const unsigned char *buf, unsigned long len, unsigned char *md)
+unsigned char *RIPEMD160(const unsigned char *buf, unsigned long len,
+ unsigned char *md)
{
- if (!md)
- return NULL;
+ if (!md)
+ return NULL;
- gnutls_hash_fast (GNUTLS_DIG_RMD160, buf, len, md);
+ gnutls_hash_fast(GNUTLS_DIG_RMD160, buf, len, md);
- return md;
+ return md;
}
diff --git a/extra/includes/gnutls/openssl.h b/extra/includes/gnutls/openssl.h
index fd59d335b6..ec9fd3cc61 100644
--- a/extra/includes/gnutls/openssl.h
+++ b/extra/includes/gnutls/openssl.h
@@ -35,8 +35,7 @@
#define GNUTLS_OPENSSL_H
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#include <gnutls/gnutls.h>
@@ -51,16 +50,15 @@ extern "C"
#define GNUTLS_X509_S_SIZE 256
#define GNUTLS_X509_EMAIL_SIZE 256
- typedef struct
- {
- char common_name[GNUTLS_X509_CN_SIZE];
- char country[GNUTLS_X509_C_SIZE];
- char organization[GNUTLS_X509_O_SIZE];
- char organizational_unit_name[GNUTLS_X509_OU_SIZE];
- char locality_name[GNUTLS_X509_L_SIZE];
- char state_or_province_name[GNUTLS_X509_S_SIZE];
- char email[GNUTLS_X509_EMAIL_SIZE];
- } gnutls_x509_dn;
+ typedef struct {
+ char common_name[GNUTLS_X509_CN_SIZE];
+ char country[GNUTLS_X509_C_SIZE];
+ char organization[GNUTLS_X509_O_SIZE];
+ char organizational_unit_name[GNUTLS_X509_OU_SIZE];
+ char locality_name[GNUTLS_X509_L_SIZE];
+ char state_or_province_name[GNUTLS_X509_S_SIZE];
+ char email[GNUTLS_X509_EMAIL_SIZE];
+ } gnutls_x509_dn;
#define OPENSSL_VERSION_NUMBER (0x0090604F)
@@ -93,86 +91,79 @@ extern "C"
#undef X509_NAME
#undef X509
- typedef gnutls_x509_dn X509_NAME;
- typedef gnutls_datum_t X509;
-
- typedef struct _SSL SSL;
-
- typedef struct
- {
- char priority_string[256];
- unsigned int connend;
- } SSL_METHOD;
-
- typedef struct
- {
- gnutls_protocol_t version;
- gnutls_cipher_algorithm_t cipher;
- gnutls_kx_algorithm_t kx;
- gnutls_mac_algorithm_t mac;
- gnutls_compression_method_t compression;
- gnutls_certificate_type_t cert;
- } SSL_CIPHER;
-
- typedef struct _BIO
- {
- gnutls_transport_ptr_t fd;
- } BIO;
-
- typedef struct
- {
- SSL *ssl;
- int error;
- const gnutls_datum_t *cert_list;
+ typedef gnutls_x509_dn X509_NAME;
+ typedef gnutls_datum_t X509;
+
+ typedef struct _SSL SSL;
+
+ typedef struct {
+ char priority_string[256];
+ unsigned int connend;
+ } SSL_METHOD;
+
+ typedef struct {
+ gnutls_protocol_t version;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_kx_algorithm_t kx;
+ gnutls_mac_algorithm_t mac;
+ gnutls_compression_method_t compression;
+ gnutls_certificate_type_t cert;
+ } SSL_CIPHER;
+
+ typedef struct _BIO {
+ gnutls_transport_ptr_t fd;
+ } BIO;
+
+ typedef struct {
+ SSL *ssl;
+ int error;
+ const gnutls_datum_t *cert_list;
#define current_cert cert_list
- } X509_STORE_CTX;
+ } X509_STORE_CTX;
#define X509_STORE_CTX_get_current_cert(ctx) ((ctx)->current_cert)
- typedef struct _SSL_CTX
- {
- SSL_METHOD *method;
- char *certfile;
- int certfile_type;
- char *keyfile;
- int keyfile_type;
- unsigned long options;
+ typedef struct _SSL_CTX {
+ SSL_METHOD *method;
+ char *certfile;
+ int certfile_type;
+ char *keyfile;
+ int keyfile_type;
+ unsigned long options;
- int (*verify_callback) (int, X509_STORE_CTX *);
- int verify_mode;
+ int (*verify_callback) (int, X509_STORE_CTX *);
+ int verify_mode;
- } SSL_CTX;
+ } SSL_CTX;
- struct _SSL
- {
- gnutls_session_t gnutls_state;
+ struct _SSL {
+ gnutls_session_t gnutls_state;
- gnutls_certificate_client_credentials gnutls_cred;
+ gnutls_certificate_client_credentials gnutls_cred;
- SSL_CTX *ctx;
- SSL_CIPHER ciphersuite;
+ SSL_CTX *ctx;
+ SSL_CIPHER ciphersuite;
- int last_error;
- int shutdown;
- int state;
- unsigned long options;
+ int last_error;
+ int shutdown;
+ int state;
+ unsigned long options;
- int (*verify_callback) (int, X509_STORE_CTX *);
- int verify_mode;
+ int (*verify_callback) (int, X509_STORE_CTX *);
+ int verify_mode;
- gnutls_transport_ptr_t rfd;
- gnutls_transport_ptr_t wfd;
- };
+ gnutls_transport_ptr_t rfd;
+ gnutls_transport_ptr_t wfd;
+ };
#define rbio gnutls_state
- typedef struct
- {
- void *handle;
- } MD_CTX;
+ typedef struct {
+ void *handle;
+ } MD_CTX;
- struct rsa_st;
- typedef struct rsa_st RSA;
+ struct rsa_st;
+ typedef struct rsa_st RSA;
#define MD5_CTX MD_CTX
#define RIPEMD160_CTX MD_CTX
@@ -189,65 +180,68 @@ extern "C"
/* Library initialisation functions */
- int SSL_library_init (void);
- void OpenSSL_add_all_algorithms (void);
+ int SSL_library_init(void);
+ void OpenSSL_add_all_algorithms(void);
/* SSL_CTX structure handling */
- SSL_CTX *SSL_CTX_new (SSL_METHOD * method);
- void SSL_CTX_free (SSL_CTX * ctx);
- int SSL_CTX_set_default_verify_paths (SSL_CTX * ctx);
- int SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *certfile,
- int type);
- int SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile,
- int type);
- void SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode,
- int (*verify_callback) (int, X509_STORE_CTX *));
- unsigned long SSL_CTX_set_options (SSL_CTX * ctx, unsigned long options);
- long SSL_CTX_set_mode (SSL_CTX * ctx, long mode);
- int SSL_CTX_set_cipher_list (SSL_CTX * ctx, const char *list);
+ SSL_CTX *SSL_CTX_new(SSL_METHOD * method);
+ void SSL_CTX_free(SSL_CTX * ctx);
+ int SSL_CTX_set_default_verify_paths(SSL_CTX * ctx);
+ int SSL_CTX_use_certificate_file(SSL_CTX * ctx,
+ const char *certfile, int type);
+ int SSL_CTX_use_PrivateKey_file(SSL_CTX * ctx, const char *keyfile,
+ int type);
+ void SSL_CTX_set_verify(SSL_CTX * ctx, int verify_mode,
+ int (*verify_callback) (int,
+ X509_STORE_CTX *));
+ unsigned long SSL_CTX_set_options(SSL_CTX * ctx,
+ unsigned long options);
+ long SSL_CTX_set_mode(SSL_CTX * ctx, long mode);
+ int SSL_CTX_set_cipher_list(SSL_CTX * ctx, const char *list);
/* SSL_CTX statistics */
- long SSL_CTX_sess_number (SSL_CTX * ctx);
- long SSL_CTX_sess_connect (SSL_CTX * ctx);
- long SSL_CTX_sess_connect_good (SSL_CTX * ctx);
- long SSL_CTX_sess_connect_renegotiate (SSL_CTX * ctx);
- long SSL_CTX_sess_accept (SSL_CTX * ctx);
- long SSL_CTX_sess_accept_good (SSL_CTX * ctx);
- long SSL_CTX_sess_accept_renegotiate (SSL_CTX * ctx);
- long SSL_CTX_sess_hits (SSL_CTX * ctx);
- long SSL_CTX_sess_misses (SSL_CTX * ctx);
- long SSL_CTX_sess_timeouts (SSL_CTX * ctx);
+ long SSL_CTX_sess_number(SSL_CTX * ctx);
+ long SSL_CTX_sess_connect(SSL_CTX * ctx);
+ long SSL_CTX_sess_connect_good(SSL_CTX * ctx);
+ long SSL_CTX_sess_connect_renegotiate(SSL_CTX * ctx);
+ long SSL_CTX_sess_accept(SSL_CTX * ctx);
+ long SSL_CTX_sess_accept_good(SSL_CTX * ctx);
+ long SSL_CTX_sess_accept_renegotiate(SSL_CTX * ctx);
+ long SSL_CTX_sess_hits(SSL_CTX * ctx);
+ long SSL_CTX_sess_misses(SSL_CTX * ctx);
+ long SSL_CTX_sess_timeouts(SSL_CTX * ctx);
/* SSL structure handling */
- SSL *SSL_new (SSL_CTX * ctx);
- void SSL_free (SSL * ssl);
- void SSL_load_error_strings (void);
- int SSL_get_error (SSL * ssl, int ret);
- int SSL_set_fd (SSL * ssl, int fd);
- int SSL_set_rfd (SSL * ssl, int fd);
- int SSL_set_wfd (SSL * ssl, int fd);
- void SSL_set_bio (SSL * ssl, BIO * rbio, BIO * wbio);
- void SSL_set_connect_state (SSL * ssl);
- int SSL_pending (SSL * ssl);
- void SSL_set_verify (SSL * ssl, int verify_mode,
- int (*verify_callback) (int, X509_STORE_CTX *));
- const X509 *SSL_get_peer_certificate (SSL * ssl);
+ SSL *SSL_new(SSL_CTX * ctx);
+ void SSL_free(SSL * ssl);
+ void SSL_load_error_strings(void);
+ int SSL_get_error(SSL * ssl, int ret);
+ int SSL_set_fd(SSL * ssl, int fd);
+ int SSL_set_rfd(SSL * ssl, int fd);
+ int SSL_set_wfd(SSL * ssl, int fd);
+ void SSL_set_bio(SSL * ssl, BIO * rbio, BIO * wbio);
+ void SSL_set_connect_state(SSL * ssl);
+ int SSL_pending(SSL * ssl);
+ void SSL_set_verify(SSL * ssl, int verify_mode,
+ int (*verify_callback) (int,
+ X509_STORE_CTX *));
+ const X509 *SSL_get_peer_certificate(SSL * ssl);
/* SSL connection open/close/read/write functions */
- int SSL_connect (SSL * ssl);
- int SSL_accept (SSL * ssl);
- int SSL_shutdown (SSL * ssl);
- int SSL_read (SSL * ssl, void *buf, int len);
- int SSL_write (SSL * ssl, const void *buf, int len);
+ int SSL_connect(SSL * ssl);
+ int SSL_accept(SSL * ssl);
+ int SSL_shutdown(SSL * ssl);
+ int SSL_read(SSL * ssl, void *buf, int len);
+ int SSL_write(SSL * ssl, const void *buf, int len);
- int SSL_want (SSL * ssl);
+ int SSL_want(SSL * ssl);
#define SSL_NOTHING (1)
#define SSL_WRITING (2)
@@ -262,70 +256,72 @@ extern "C"
/* SSL_METHOD functions */
- SSL_METHOD *SSLv23_client_method (void);
- SSL_METHOD *SSLv23_server_method (void);
- SSL_METHOD *SSLv3_client_method (void);
- SSL_METHOD *SSLv3_server_method (void);
- SSL_METHOD *TLSv1_client_method (void);
- SSL_METHOD *TLSv1_server_method (void);
+ SSL_METHOD *SSLv23_client_method(void);
+ SSL_METHOD *SSLv23_server_method(void);
+ SSL_METHOD *SSLv3_client_method(void);
+ SSL_METHOD *SSLv3_server_method(void);
+ SSL_METHOD *TLSv1_client_method(void);
+ SSL_METHOD *TLSv1_server_method(void);
/* SSL_CIPHER functions */
- SSL_CIPHER *SSL_get_current_cipher (SSL * ssl);
- const char *SSL_CIPHER_get_name (SSL_CIPHER * cipher);
- int SSL_CIPHER_get_bits (SSL_CIPHER * cipher, int *bits);
- const char *SSL_CIPHER_get_version (SSL_CIPHER * cipher);
- char *SSL_CIPHER_description (SSL_CIPHER * cipher, char *buf, int size);
+ SSL_CIPHER *SSL_get_current_cipher(SSL * ssl);
+ const char *SSL_CIPHER_get_name(SSL_CIPHER * cipher);
+ int SSL_CIPHER_get_bits(SSL_CIPHER * cipher, int *bits);
+ const char *SSL_CIPHER_get_version(SSL_CIPHER * cipher);
+ char *SSL_CIPHER_description(SSL_CIPHER * cipher, char *buf,
+ int size);
/* X509 functions */
- X509_NAME *X509_get_subject_name (const X509 * cert);
- X509_NAME *X509_get_issuer_name (const X509 * cert);
- char *X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len);
- void X509_free (const X509 * cert);
+ X509_NAME *X509_get_subject_name(const X509 * cert);
+ X509_NAME *X509_get_issuer_name(const X509 * cert);
+ char *X509_NAME_oneline(gnutls_x509_dn * name, char *buf, int len);
+ void X509_free(const X509 * cert);
/* BIO functions */
- void BIO_get_fd (gnutls_session_t gnutls_state, int *fd);
- BIO *BIO_new_socket (int sock, int close_flag);
+ void BIO_get_fd(gnutls_session_t gnutls_state, int *fd);
+ BIO *BIO_new_socket(int sock, int close_flag);
/* error handling */
- unsigned long ERR_get_error (void);
- const char *ERR_error_string (unsigned long e, char *buf);
+ unsigned long ERR_get_error(void);
+ const char *ERR_error_string(unsigned long e, char *buf);
/* RAND functions */
- int RAND_status (void);
- void RAND_seed (const void *buf, int num);
- int RAND_bytes (unsigned char *buf, int num);
- int RAND_pseudo_bytes (unsigned char *buf, int num);
- const char *RAND_file_name (char *buf, size_t len);
- int RAND_load_file (const char *name, long maxbytes);
- int RAND_write_file (const char *name);
+ int RAND_status(void);
+ void RAND_seed(const void *buf, int num);
+ int RAND_bytes(unsigned char *buf, int num);
+ int RAND_pseudo_bytes(unsigned char *buf, int num);
+ const char *RAND_file_name(char *buf, size_t len);
+ int RAND_load_file(const char *name, long maxbytes);
+ int RAND_write_file(const char *name);
- int RAND_egd_bytes (const char *path, int bytes);
+ int RAND_egd_bytes(const char *path, int bytes);
#define RAND_egd(p) RAND_egd_bytes((p), 255)
/* message digest functions */
#define MD5_DIGEST_LENGTH 16
- void MD5_Init (MD5_CTX * ctx);
- void MD5_Update (MD5_CTX * ctx, const void *buf, int len);
- void MD5_Final (unsigned char *md, MD5_CTX * ctx);
- unsigned char *MD5 (const unsigned char *buf, unsigned long len,
- unsigned char *md);
-
- void RIPEMD160_Init (RIPEMD160_CTX * ctx);
- void RIPEMD160_Update (RIPEMD160_CTX * ctx, const void *buf, int len);
- void RIPEMD160_Final (unsigned char *md, RIPEMD160_CTX * ctx);
- unsigned char *RIPEMD160 (const unsigned char *buf, unsigned long len,
- unsigned char *md);
+ void MD5_Init(MD5_CTX * ctx);
+ void MD5_Update(MD5_CTX * ctx, const void *buf, int len);
+ void MD5_Final(unsigned char *md, MD5_CTX * ctx);
+ unsigned char *MD5(const unsigned char *buf, unsigned long len,
+ unsigned char *md);
+
+ void RIPEMD160_Init(RIPEMD160_CTX * ctx);
+ void RIPEMD160_Update(RIPEMD160_CTX * ctx, const void *buf,
+ int len);
+ void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX * ctx);
+ unsigned char *RIPEMD160(const unsigned char *buf,
+ unsigned long len, unsigned char *md);
#ifdef __cplusplus
}
diff --git a/extra/openssl_compat.c b/extra/openssl_compat.c
index ff68cd00e9..399df90c32 100644
--- a/extra/openssl_compat.c
+++ b/extra/openssl_compat.c
@@ -28,7 +28,7 @@
#include <gnutls_global.h>
#include <gnutls_errors.h>
-#include <string.h> /* memset */
+#include <string.h> /* memset */
#include <x509/x509_int.h>
#include <libtasn1.h>
#include <gnutls/x509.h>
@@ -45,57 +45,59 @@
* Returns a negative error code in case of an error.
-*/
int
-gnutls_x509_extract_certificate_dn (const gnutls_datum_t * cert,
- gnutls_x509_dn * ret)
+gnutls_x509_extract_certificate_dn(const gnutls_datum_t * cert,
+ gnutls_x509_dn * ret)
{
- gnutls_x509_crt_t xcert;
- int result;
- size_t len;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- len = sizeof (ret->country);
- gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_COUNTRY_NAME, 0,
- 0, ret->country, &len);
-
- len = sizeof (ret->organization);
- gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, 0, ret->organization, &len);
-
- len = sizeof (ret->organizational_unit_name);
- gnutls_x509_crt_get_dn_by_oid (xcert,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, 0, ret->organizational_unit_name, &len);
-
- len = sizeof (ret->common_name);
- gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
- ret->common_name, &len);
-
- len = sizeof (ret->locality_name);
- gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_LOCALITY_NAME, 0,
- 0, ret->locality_name, &len);
-
- len = sizeof (ret->state_or_province_name);
- gnutls_x509_crt_get_dn_by_oid (xcert,
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
- 0, 0, ret->state_or_province_name, &len);
-
- len = sizeof (ret->email);
- gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
- ret->email, &len);
-
- gnutls_x509_crt_deinit (xcert);
-
- return 0;
+ gnutls_x509_crt_t xcert;
+ int result;
+ size_t len;
+
+ result = gnutls_x509_crt_init(&xcert);
+ if (result < 0)
+ return result;
+
+ result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit(xcert);
+ return result;
+ }
+
+ len = sizeof(ret->country);
+ gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_COUNTRY_NAME,
+ 0, 0, ret->country, &len);
+
+ len = sizeof(ret->organization);
+ gnutls_x509_crt_get_dn_by_oid(xcert,
+ GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
+ 0, ret->organization, &len);
+
+ len = sizeof(ret->organizational_unit_name);
+ gnutls_x509_crt_get_dn_by_oid(xcert,
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, 0, ret->organizational_unit_name,
+ &len);
+
+ len = sizeof(ret->common_name);
+ gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_COMMON_NAME,
+ 0, 0, ret->common_name, &len);
+
+ len = sizeof(ret->locality_name);
+ gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_LOCALITY_NAME,
+ 0, 0, ret->locality_name, &len);
+
+ len = sizeof(ret->state_or_province_name);
+ gnutls_x509_crt_get_dn_by_oid(xcert,
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+ 0, 0, ret->state_or_province_name,
+ &len);
+
+ len = sizeof(ret->email);
+ gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
+ ret->email, &len);
+
+ gnutls_x509_crt_deinit(xcert);
+
+ return 0;
}
/*-
@@ -109,63 +111,64 @@ gnutls_x509_extract_certificate_dn (const gnutls_datum_t * cert,
* Returns a negative error code in case of an error.
-*/
int
-gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t * cert,
- gnutls_x509_dn * ret)
+gnutls_x509_extract_certificate_issuer_dn(const gnutls_datum_t * cert,
+ gnutls_x509_dn * ret)
{
- gnutls_x509_crt_t xcert;
- int result;
- size_t len;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- len = sizeof (ret->country);
- gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_COUNTRY_NAME, 0,
- 0, ret->country, &len);
-
- len = sizeof (ret->organization);
- gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, 0, ret->organization, &len);
-
- len = sizeof (ret->organizational_unit_name);
- gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, 0,
- ret->organizational_unit_name, &len);
-
- len = sizeof (ret->common_name);
- gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_COMMON_NAME, 0, 0,
- ret->common_name, &len);
-
- len = sizeof (ret->locality_name);
- gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_LOCALITY_NAME, 0,
- 0, ret->locality_name, &len);
-
- len = sizeof (ret->state_or_province_name);
- gnutls_x509_crt_get_issuer_dn_by_oid (xcert,
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
- 0, 0, ret->state_or_province_name,
- &len);
-
- len = sizeof (ret->email);
- gnutls_x509_crt_get_issuer_dn_by_oid (xcert, GNUTLS_OID_PKCS9_EMAIL, 0,
- 0, ret->email, &len);
-
- gnutls_x509_crt_deinit (xcert);
-
- return 0;
+ gnutls_x509_crt_t xcert;
+ int result;
+ size_t len;
+
+ result = gnutls_x509_crt_init(&xcert);
+ if (result < 0)
+ return result;
+
+ result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit(xcert);
+ return result;
+ }
+
+ len = sizeof(ret->country);
+ gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+ GNUTLS_OID_X520_COUNTRY_NAME,
+ 0, 0, ret->country, &len);
+
+ len = sizeof(ret->organization);
+ gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+ GNUTLS_OID_X520_ORGANIZATION_NAME,
+ 0, 0, ret->organization,
+ &len);
+
+ len = sizeof(ret->organizational_unit_name);
+ gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, 0,
+ ret->organizational_unit_name,
+ &len);
+
+ len = sizeof(ret->common_name);
+ gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+ GNUTLS_OID_X520_COMMON_NAME,
+ 0, 0, ret->common_name, &len);
+
+ len = sizeof(ret->locality_name);
+ gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+ GNUTLS_OID_X520_LOCALITY_NAME,
+ 0, 0, ret->locality_name,
+ &len);
+
+ len = sizeof(ret->state_or_province_name);
+ gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+ 0, 0,
+ ret->state_or_province_name,
+ &len);
+
+ len = sizeof(ret->email);
+ gnutls_x509_crt_get_issuer_dn_by_oid(xcert, GNUTLS_OID_PKCS9_EMAIL,
+ 0, 0, ret->email, &len);
+
+ gnutls_x509_crt_deinit(xcert);
+
+ return 0;
}
-
-
diff --git a/extra/openssl_compat.h b/extra/openssl_compat.h
index bd5e451080..7406207c1d 100644
--- a/extra/openssl_compat.h
+++ b/extra/openssl_compat.h
@@ -28,9 +28,9 @@
/* Extra definitions */
#include <gnutls/openssl.h>
-int gnutls_x509_extract_certificate_dn (const gnutls_datum_t *,
- gnutls_x509_dn *);
-int gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t *,
- gnutls_x509_dn *);
+int gnutls_x509_extract_certificate_dn(const gnutls_datum_t *,
+ gnutls_x509_dn *);
+int gnutls_x509_extract_certificate_issuer_dn(const gnutls_datum_t *,
+ gnutls_x509_dn *);
#endif
diff --git a/lib/abstract_int.h b/lib/abstract_int.h
index 0ea7f4c327..e6524bc2ea 100644
--- a/lib/abstract_int.h
+++ b/lib/abstract_int.h
@@ -21,93 +21,91 @@
*/
#ifndef _ABSTRACT_INT_H
-# define _ABSTRACT_INT_H
+#define _ABSTRACT_INT_H
#include <gnutls/abstract.h>
-struct gnutls_privkey_st
-{
- gnutls_privkey_type_t type;
- gnutls_pk_algorithm_t pk_algorithm;
+struct gnutls_privkey_st {
+ gnutls_privkey_type_t type;
+ gnutls_pk_algorithm_t pk_algorithm;
- union
- {
- gnutls_x509_privkey_t x509;
+ union {
+ gnutls_x509_privkey_t x509;
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_privkey_t pkcs11;
+ gnutls_pkcs11_privkey_t pkcs11;
#endif
#ifdef ENABLE_OPENPGP
- gnutls_openpgp_privkey_t openpgp;
+ gnutls_openpgp_privkey_t openpgp;
#endif
- struct {
- gnutls_privkey_sign_func sign_func;
- gnutls_privkey_decrypt_func decrypt_func;
- gnutls_privkey_deinit_func deinit_func;
- void* userdata;
- } ext;
- } key;
-
- unsigned int flags;
- struct pin_info_st pin;
+ struct {
+ gnutls_privkey_sign_func sign_func;
+ gnutls_privkey_decrypt_func decrypt_func;
+ gnutls_privkey_deinit_func deinit_func;
+ void *userdata;
+ } ext;
+ } key;
+
+ unsigned int flags;
+ struct pin_info_st pin;
};
-struct gnutls_pubkey_st
-{
- gnutls_pk_algorithm_t pk_algorithm;
- unsigned int bits; /* an indication of the security parameter */
-
- /* the size of params depends on the public
- * key algorithm
- * RSA: [0] is modulus
- * [1] is public exponent
- * DSA: [0] is p
- * [1] is q
- * [2] is g
- * [3] is public key
- */
- gnutls_pk_params_st params;
+struct gnutls_pubkey_st {
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int bits; /* an indication of the security parameter */
+
+ /* the size of params depends on the public
+ * key algorithm
+ * RSA: [0] is modulus
+ * [1] is public exponent
+ * DSA: [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is public key
+ */
+ gnutls_pk_params_st params;
#ifdef ENABLE_OPENPGP
- uint8_t openpgp_key_id[GNUTLS_OPENPGP_KEYID_SIZE];
- unsigned int openpgp_key_id_set;
+ uint8_t openpgp_key_id[GNUTLS_OPENPGP_KEYID_SIZE];
+ unsigned int openpgp_key_id_set;
- uint8_t openpgp_key_fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
- unsigned int openpgp_key_fpr_set:1;
+ uint8_t openpgp_key_fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
+ unsigned int openpgp_key_fpr_set:1;
#endif
- unsigned int key_usage; /* bits from GNUTLS_KEY_* */
-
- struct pin_info_st pin;
+ unsigned int key_usage; /* bits from GNUTLS_KEY_* */
+
+ struct pin_info_st pin;
};
-int _gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
- gnutls_pk_params_st*);
+int _gnutls_privkey_get_public_mpis(gnutls_privkey_t key,
+ gnutls_pk_params_st *);
-int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params);
-int _gnutls_pubkey_compatible_with_sig(gnutls_session_t, gnutls_pubkey_t pubkey,
- const version_entry_st* ver, gnutls_sign_algorithm_t sign);
+int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params);
+int _gnutls_pubkey_compatible_with_sig(gnutls_session_t,
+ gnutls_pubkey_t pubkey,
+ const version_entry_st * ver,
+ gnutls_sign_algorithm_t sign);
int _gnutls_pubkey_is_over_rsa_512(gnutls_pubkey_t pubkey);
int
-_gnutls_pubkey_get_mpis (gnutls_pubkey_t key,
- gnutls_pk_params_st * params);
+_gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params);
int
-pubkey_verify_hashed_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st * algo,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * issuer_params);
+pubkey_verify_hashed_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * algo,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * issuer_params);
-int pubkey_verify_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st * algo,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * issuer_params);
+int pubkey_verify_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * algo,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * issuer_params);
-const mac_entry_st*
-_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo,
- const gnutls_pk_params_st* params, unsigned int* hash_len);
+const mac_entry_st *_gnutls_dsa_q_to_hash(gnutls_pk_algorithm_t algo,
+ const gnutls_pk_params_st *
+ params, unsigned int *hash_len);
#endif
diff --git a/lib/accelerated/accelerated.c b/lib/accelerated/accelerated.c
index 21b36edf62..86983746a3 100644
--- a/lib/accelerated/accelerated.c
+++ b/lib/accelerated/accelerated.c
@@ -23,19 +23,18 @@
#include <config.h>
#include <accelerated.h>
#if defined(ASM_X86)
-# include <x86/aes-x86.h>
-# include <x86/x86.h>
+#include <x86/aes-x86.h>
+#include <x86/x86.h>
#endif
void _gnutls_register_accel_crypto(void)
{
#if defined(ASM_X86)
- if (gnutls_have_cpuid() != 0)
- {
- register_x86_crypto ();
- register_padlock_crypto ();
- }
+ if (gnutls_have_cpuid() != 0) {
+ register_x86_crypto();
+ register_padlock_crypto();
+ }
#endif
- return;
+ return;
}
diff --git a/lib/accelerated/cryptodev-gcm.c b/lib/accelerated/cryptodev-gcm.c
index 61bb544802..dd4e8fdc0e 100644
--- a/lib/accelerated/cryptodev-gcm.c
+++ b/lib/accelerated/cryptodev-gcm.c
@@ -45,259 +45,243 @@
#define GCM_BLOCK_SIZE 16
-struct cryptodev_gcm_ctx
-{
- struct session_op sess;
- struct crypt_auth_op cryp;
- uint8_t iv[GCM_BLOCK_SIZE];
- uint8_t tag[GCM_BLOCK_SIZE];
-
- void* auth_data;
- unsigned int auth_data_size;
-
- int op; /* whether encryption op has been executed */
-
- int cfd;
+struct cryptodev_gcm_ctx {
+ struct session_op sess;
+ struct crypt_auth_op cryp;
+ uint8_t iv[GCM_BLOCK_SIZE];
+ uint8_t tag[GCM_BLOCK_SIZE];
+
+ void *auth_data;
+ unsigned int auth_data_size;
+
+ int op; /* whether encryption op has been executed */
+
+ int cfd;
};
-static void
-aes_gcm_deinit (void *_ctx)
+static void aes_gcm_deinit(void *_ctx)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
- ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
- gnutls_free (ctx);
+ ioctl(ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
+ gnutls_free(ctx);
}
static const int cipher_map[] = {
- [GNUTLS_CIPHER_AES_128_GCM] = CRYPTO_AES_GCM,
- [GNUTLS_CIPHER_AES_256_GCM] = CRYPTO_AES_GCM,
+ [GNUTLS_CIPHER_AES_128_GCM] = CRYPTO_AES_GCM,
+ [GNUTLS_CIPHER_AES_256_GCM] = CRYPTO_AES_GCM,
};
static int
-aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ int enc)
{
- struct cryptodev_gcm_ctx *ctx;
+ struct cryptodev_gcm_ctx *ctx;
- *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_gcm_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ *_ctx = gnutls_calloc(1, sizeof(struct cryptodev_gcm_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx = *_ctx;
+ ctx = *_ctx;
- ctx->cfd = _gnutls_cryptodev_fd;
- ctx->sess.cipher = cipher_map[algorithm];
- ctx->cryp.iv = ctx->iv;
+ ctx->cfd = _gnutls_cryptodev_fd;
+ ctx->sess.cipher = cipher_map[algorithm];
+ ctx->cryp.iv = ctx->iv;
- return 0;
+ return 0;
}
static int
-aes_gcm_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
- ctx->sess.keylen = keysize;
- ctx->sess.key = (void*)userkey;
+ ctx->sess.keylen = keysize;
+ ctx->sess.key = (void *) userkey;
- if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
- ctx->cryp.ses = ctx->sess.ses;
+ if (ioctl(ctx->cfd, CIOCGSESSION, &ctx->sess)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ ctx->cryp.ses = ctx->sess.ses;
- return 0;
+ return 0;
}
-static int
-aes_gcm_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
- if (iv_size != GCM_BLOCK_SIZE - 4)
- return GNUTLS_E_INVALID_REQUEST;
+ if (iv_size != GCM_BLOCK_SIZE - 4)
+ return GNUTLS_E_INVALID_REQUEST;
- memcpy (ctx->iv, iv, GCM_BLOCK_SIZE - 4);
+ memcpy(ctx->iv, iv, GCM_BLOCK_SIZE - 4);
- ctx->cryp.iv = (void*)ctx->iv;
+ ctx->cryp.iv = (void *) ctx->iv;
- return 0;
+ return 0;
}
static int
-aes_gcm_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
-
- /* the GCM in kernel will place the tag after the
- * encrypted data.
- */
- if (dst_size < src_size + GCM_BLOCK_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ctx->cryp.len = src_size;
- ctx->cryp.src = (void *) src;
- ctx->cryp.dst = dst;
- ctx->cryp.op = COP_ENCRYPT;
-
- ctx->cryp.auth_len = ctx->auth_data_size;
- ctx->cryp.auth_src = ctx->auth_data;
-
- if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- ctx->cryp.auth_len = 0;
- ctx->op = 1;
- memcpy(ctx->tag, &((uint8_t*)dst)[src_size], GCM_BLOCK_SIZE);
- return 0;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
+
+ /* the GCM in kernel will place the tag after the
+ * encrypted data.
+ */
+ if (dst_size < src_size + GCM_BLOCK_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ctx->cryp.len = src_size;
+ ctx->cryp.src = (void *) src;
+ ctx->cryp.dst = dst;
+ ctx->cryp.op = COP_ENCRYPT;
+
+ ctx->cryp.auth_len = ctx->auth_data_size;
+ ctx->cryp.auth_src = ctx->auth_data;
+
+ if (ioctl(ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ ctx->cryp.auth_len = 0;
+ ctx->op = 1;
+ memcpy(ctx->tag, &((uint8_t *) dst)[src_size], GCM_BLOCK_SIZE);
+ return 0;
}
static int
-aes_gcm_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
-
- /* the GCM in kernel will place the tag after the
- * encrypted data.
- */
- ctx->cryp.len = src_size + GCM_BLOCK_SIZE;
- ctx->cryp.src = (void *) src;
- ctx->cryp.dst = dst;
- ctx->cryp.op = COP_DECRYPT;
-
- ctx->cryp.auth_len = ctx->auth_data_size;
- ctx->cryp.auth_src = ctx->auth_data;
-
- if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- ctx->cryp.auth_len = 0;
- ctx->op = 1;
- memcpy(ctx->tag, &((uint8_t*)dst)[src_size], GCM_BLOCK_SIZE);
- return 0;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
+
+ /* the GCM in kernel will place the tag after the
+ * encrypted data.
+ */
+ ctx->cryp.len = src_size + GCM_BLOCK_SIZE;
+ ctx->cryp.src = (void *) src;
+ ctx->cryp.dst = dst;
+ ctx->cryp.op = COP_DECRYPT;
+
+ ctx->cryp.auth_len = ctx->auth_data_size;
+ ctx->cryp.auth_src = ctx->auth_data;
+
+ if (ioctl(ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ ctx->cryp.auth_len = 0;
+ ctx->op = 1;
+ memcpy(ctx->tag, &((uint8_t *) dst)[src_size], GCM_BLOCK_SIZE);
+ return 0;
}
-static int
-aes_gcm_auth (void *_ctx, const void *src, size_t src_size)
+static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
- ctx->op = 0;
- ctx->auth_data = (void*)src;
- ctx->auth_data_size = src_size;
+ ctx->op = 0;
+ ctx->auth_data = (void *) src;
+ ctx->auth_data_size = src_size;
- return 0;
+ return 0;
}
-static void
-aes_gcm_tag (void *_ctx, void *tag, size_t tagsize)
+static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
-
- if (ctx->op == 0)
- {
- ctx->cryp.len = 0;
- ctx->cryp.src = NULL;
- ctx->cryp.dst = ctx->tag;
- ctx->cryp.op = COP_ENCRYPT;
-
- ctx->cryp.auth_len = ctx->auth_data_size;
- ctx->cryp.auth_src = ctx->auth_data;
-
- if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return;
- }
- }
-
- memcpy(tag, ctx->tag, tagsize);
- ctx->op = 0;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
+
+ if (ctx->op == 0) {
+ ctx->cryp.len = 0;
+ ctx->cryp.src = NULL;
+ ctx->cryp.dst = ctx->tag;
+ ctx->cryp.op = COP_ENCRYPT;
+
+ ctx->cryp.auth_len = ctx->auth_data_size;
+ ctx->cryp.auth_src = ctx->auth_data;
+
+ if (ioctl(ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return;
+ }
+ }
+
+ memcpy(tag, ctx->tag, tagsize);
+ ctx->op = 0;
}
static const gnutls_crypto_cipher_st cipher_struct = {
- .init = aes_gcm_cipher_init,
- .setkey = aes_gcm_cipher_setkey,
- .setiv = aes_gcm_setiv,
- .encrypt = aes_gcm_encrypt,
- .decrypt = aes_gcm_decrypt,
- .deinit = aes_gcm_deinit,
- .tag = aes_gcm_tag,
- .auth = aes_gcm_auth,
+ .init = aes_gcm_cipher_init,
+ .setkey = aes_gcm_cipher_setkey,
+ .setiv = aes_gcm_setiv,
+ .encrypt = aes_gcm_encrypt,
+ .decrypt = aes_gcm_decrypt,
+ .deinit = aes_gcm_deinit,
+ .tag = aes_gcm_tag,
+ .auth = aes_gcm_auth,
};
-int
-_cryptodev_register_gcm_crypto (int cfd)
+int _cryptodev_register_gcm_crypto(int cfd)
{
- struct session_op sess;
- uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- unsigned int i;
- int ret;
+ struct session_op sess;
+ uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ unsigned int i;
+ int ret;
#ifdef CIOCGSESSINFO
- struct session_info_op siop;
+ struct session_info_op siop;
- memset(&siop, 0, sizeof(siop));
+ memset(&siop, 0, sizeof(siop));
#endif
- memset (&sess, 0, sizeof (sess));
-
- for (i = 0; i < sizeof (cipher_map) / sizeof (cipher_map[0]);
- i++)
- {
- if (cipher_map[i] == 0)
- continue;
+ memset(&sess, 0, sizeof(sess));
- /* test if a cipher is support it and if yes register it */
- sess.cipher = cipher_map[i];
- sess.keylen = gnutls_cipher_get_key_size (i);
- sess.key = fake_key;
+ for (i = 0; i < sizeof(cipher_map) / sizeof(cipher_map[0]); i++) {
+ if (cipher_map[i] == 0)
+ continue;
- if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
+ /* test if a cipher is support it and if yes register it */
+ sess.cipher = cipher_map[i];
+ sess.keylen = gnutls_cipher_get_key_size(i);
+ sess.key = fake_key;
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
#ifdef CIOCGSESSINFO
- siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
- if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
- {
- if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
- {
- ioctl (cfd, CIOCFSESSION, &sess.ses);
- continue;
- }
- }
+ siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
+ if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0) {
+ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) {
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+ continue;
+ }
+ }
#endif
- ioctl (cfd, CIOCFSESSION, &sess.ses);
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
- _gnutls_debug_log ("/dev/crypto: registering: %s\n",
- gnutls_cipher_get_name (i));
- ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_debug_log("/dev/crypto: registering: %s\n",
+ gnutls_cipher_get_name(i));
+ ret =
+ gnutls_crypto_single_cipher_register(i, 90,
+ &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- }
+ }
- return 0;
+ return 0;
}
-#endif /* CIOCAUTHCRYPT */
+#endif /* CIOCAUTHCRYPT */
-#endif /* ENABLE_CRYPTODEV */
+#endif /* ENABLE_CRYPTODEV */
diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c
index 6a2f2fc3cb..012221dffb 100644
--- a/lib/accelerated/cryptodev.c
+++ b/lib/accelerated/cryptodev.c
@@ -42,259 +42,242 @@
int _gnutls_cryptodev_fd = -1;
-static int register_mac_digest (int cfd);
+static int register_mac_digest(int cfd);
-struct cryptodev_ctx
-{
- struct session_op sess;
- struct crypt_op cryp;
- uint8_t iv[EALG_MAX_BLOCK_LEN];
+struct cryptodev_ctx {
+ struct session_op sess;
+ struct crypt_op cryp;
+ uint8_t iv[EALG_MAX_BLOCK_LEN];
- int cfd;
+ int cfd;
};
static const int gnutls_cipher_map[] = {
- [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
- [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
- [GNUTLS_CIPHER_CAMELLIA_192_CBC] = CRYPTO_CAMELLIA_CBC,
- [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
- [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
+ [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_192_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
};
static int
-cryptodev_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+cryptodev_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ int enc)
{
- struct cryptodev_ctx *ctx;
- int cipher = gnutls_cipher_map[algorithm];
+ struct cryptodev_ctx *ctx;
+ int cipher = gnutls_cipher_map[algorithm];
- *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ *_ctx = gnutls_calloc(1, sizeof(struct cryptodev_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx = *_ctx;
+ ctx = *_ctx;
- ctx->cfd = _gnutls_cryptodev_fd;
- ctx->sess.cipher = cipher;
- ctx->cryp.iv = ctx->iv;
+ ctx->cfd = _gnutls_cryptodev_fd;
+ ctx->sess.cipher = cipher;
+ ctx->cryp.iv = ctx->iv;
- return 0;
+ return 0;
}
static int
-cryptodev_cipher_setkey (void *_ctx, const void *key, size_t keysize)
+cryptodev_cipher_setkey(void *_ctx, const void *key, size_t keysize)
{
- struct cryptodev_ctx *ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- ctx->sess.keylen = keysize;
- ctx->sess.key = (void*)key;
+ ctx->sess.keylen = keysize;
+ ctx->sess.key = (void *) key;
- if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
- ctx->cryp.ses = ctx->sess.ses;
+ if (ioctl(ctx->cfd, CIOCGSESSION, &ctx->sess)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ ctx->cryp.ses = ctx->sess.ses;
- return 0;
+ return 0;
}
-static int
-cryptodev_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int cryptodev_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct cryptodev_ctx *ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- memcpy (ctx->iv, iv, iv_size);
+ memcpy(ctx->iv, iv, iv_size);
- return 0;
+ return 0;
}
static int
-cryptodev_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+cryptodev_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct cryptodev_ctx *ctx = _ctx;
- ctx->cryp.len = src_size;
- ctx->cryp.src = (void *) src;
- ctx->cryp.dst = dst;
- ctx->cryp.op = COP_ENCRYPT;
- ctx->cryp.flags = COP_FLAG_WRITE_IV;
-
- if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- return 0;
+ struct cryptodev_ctx *ctx = _ctx;
+ ctx->cryp.len = src_size;
+ ctx->cryp.src = (void *) src;
+ ctx->cryp.dst = dst;
+ ctx->cryp.op = COP_ENCRYPT;
+ ctx->cryp.flags = COP_FLAG_WRITE_IV;
+
+ if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ return 0;
}
static int
-cryptodev_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+cryptodev_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct cryptodev_ctx *ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- ctx->cryp.len = src_size;
- ctx->cryp.src = (void *) src;
- ctx->cryp.dst = dst;
- ctx->cryp.op = COP_DECRYPT;
- ctx->cryp.flags = COP_FLAG_WRITE_IV;
+ ctx->cryp.len = src_size;
+ ctx->cryp.src = (void *) src;
+ ctx->cryp.dst = dst;
+ ctx->cryp.op = COP_DECRYPT;
+ ctx->cryp.flags = COP_FLAG_WRITE_IV;
- if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
+ if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
- return 0;
+ return 0;
}
-static void
-cryptodev_deinit (void *_ctx)
+static void cryptodev_deinit(void *_ctx)
{
- struct cryptodev_ctx *ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
- gnutls_free (ctx);
+ ioctl(ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
+ gnutls_free(ctx);
}
static const gnutls_crypto_cipher_st cipher_struct = {
- .init = cryptodev_cipher_init,
- .setkey = cryptodev_cipher_setkey,
- .setiv = cryptodev_setiv,
- .encrypt = cryptodev_encrypt,
- .decrypt = cryptodev_decrypt,
- .deinit = cryptodev_deinit,
+ .init = cryptodev_cipher_init,
+ .setkey = cryptodev_cipher_setkey,
+ .setiv = cryptodev_setiv,
+ .encrypt = cryptodev_encrypt,
+ .decrypt = cryptodev_decrypt,
+ .deinit = cryptodev_deinit,
};
-static int
-register_crypto (int cfd)
+static int register_crypto(int cfd)
{
- struct session_op sess;
- uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- unsigned int i;
- int ret;
+ struct session_op sess;
+ uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ unsigned int i;
+ int ret;
#ifdef CIOCGSESSINFO
- struct session_info_op siop;
+ struct session_info_op siop;
#endif
- memset (&sess, 0, sizeof (sess));
-
- for (i = 0; i < sizeof (gnutls_cipher_map) / sizeof (gnutls_cipher_map[0]);
- i++)
- {
- if (gnutls_cipher_map[i] == 0)
- continue;
+ memset(&sess, 0, sizeof(sess));
- /* test if a cipher is supported and if yes register it */
- sess.cipher = gnutls_cipher_map[i];
- sess.keylen = gnutls_cipher_get_key_size (i);
- sess.key = fake_key;
+ for (i = 0;
+ i < sizeof(gnutls_cipher_map) / sizeof(gnutls_cipher_map[0]);
+ i++) {
+ if (gnutls_cipher_map[i] == 0)
+ continue;
- if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
+ /* test if a cipher is supported and if yes register it */
+ sess.cipher = gnutls_cipher_map[i];
+ sess.keylen = gnutls_cipher_get_key_size(i);
+ sess.key = fake_key;
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
#ifdef CIOCGSESSINFO
- memset(&siop, 0, sizeof(siop));
-
- siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
- if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
- {
- if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
- {
- ioctl (cfd, CIOCFSESSION, &sess.ses);
- continue;
- }
- }
+ memset(&siop, 0, sizeof(siop));
+
+ siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
+ if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0) {
+ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) {
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+ continue;
+ }
+ }
#endif
- ioctl (cfd, CIOCFSESSION, &sess.ses);
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
- _gnutls_debug_log ("/dev/crypto: registering: %s\n",
- gnutls_cipher_get_name (i));
- ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_debug_log("/dev/crypto: registering: %s\n",
+ gnutls_cipher_get_name(i));
+ ret =
+ gnutls_crypto_single_cipher_register(i, 90,
+ &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- }
+ }
#ifdef CIOCAUTHCRYPT
- return _cryptodev_register_gcm_crypto(cfd);
+ return _cryptodev_register_gcm_crypto(cfd);
#else
- return 0;
+ return 0;
#endif
}
-int
-_gnutls_cryptodev_init (void)
+int _gnutls_cryptodev_init(void)
{
- int ret;
-
- /* Open the crypto device */
- _gnutls_cryptodev_fd = open ("/dev/crypto", O_RDWR, 0);
- if (_gnutls_cryptodev_fd < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
- }
-
+ int ret;
+
+ /* Open the crypto device */
+ _gnutls_cryptodev_fd = open("/dev/crypto", O_RDWR, 0);
+ if (_gnutls_cryptodev_fd < 0) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
+ }
#ifndef CRIOGET_NOT_NEEDED
- {
- int cfd = -1;
- /* Clone file descriptor */
- if (ioctl (_gnutls_cryptodev_fd, CRIOGET, &cfd))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- /* Set close-on-exec (not really neede here) */
- if (fcntl (cfd, F_SETFD, 1) == -1)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- close (_gnutls_cryptodev_fd);
- _gnutls_cryptodev_fd = cfd;
- }
+ {
+ int cfd = -1;
+ /* Clone file descriptor */
+ if (ioctl(_gnutls_cryptodev_fd, CRIOGET, &cfd)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ /* Set close-on-exec (not really neede here) */
+ if (fcntl(cfd, F_SETFD, 1) == -1) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ close(_gnutls_cryptodev_fd);
+ _gnutls_cryptodev_fd = cfd;
+ }
#endif
- ret = register_crypto (_gnutls_cryptodev_fd);
- if (ret < 0)
- gnutls_assert ();
+ ret = register_crypto(_gnutls_cryptodev_fd);
+ if (ret < 0)
+ gnutls_assert();
- if (ret >= 0)
- {
- ret = register_mac_digest (_gnutls_cryptodev_fd);
- if (ret < 0)
- gnutls_assert ();
- }
+ if (ret >= 0) {
+ ret = register_mac_digest(_gnutls_cryptodev_fd);
+ if (ret < 0)
+ gnutls_assert();
+ }
- if (ret < 0)
- {
- gnutls_assert ();
- close (_gnutls_cryptodev_fd);
- }
+ if (ret < 0) {
+ gnutls_assert();
+ close(_gnutls_cryptodev_fd);
+ }
- return ret;
+ return ret;
}
-void
-_gnutls_cryptodev_deinit (void)
+void _gnutls_cryptodev_deinit(void)
{
- if (_gnutls_cryptodev_fd != -1) close (_gnutls_cryptodev_fd);
+ if (_gnutls_cryptodev_fd != -1)
+ close(_gnutls_cryptodev_fd);
}
/* MAC and digest stuff */
@@ -304,223 +287,212 @@ _gnutls_cryptodev_deinit (void)
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_RESET)
static const int gnutls_mac_map[] = {
- [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC,
- [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC,
- [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC,
- [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC,
- [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC,
+ [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC,
+ [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC,
+ [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC,
+ [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC,
+ [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC,
};
static int
-cryptodev_mac_fast (gnutls_mac_algorithm_t algo,
- const void *key, size_t key_size, const void *text,
- size_t text_size, void *digest)
+cryptodev_mac_fast(gnutls_mac_algorithm_t algo,
+ const void *key, size_t key_size, const void *text,
+ size_t text_size, void *digest)
{
-struct cryptodev_ctx ctx;
-int ret;
-
- memset(&ctx, 0, sizeof(ctx));
- ctx.cfd = _gnutls_cryptodev_fd;
- ctx.sess.mac = gnutls_mac_map[algo];
-
- ctx.sess.mackeylen = key_size;
- ctx.sess.mackey = (void*)key;
-
- if (ioctl (ctx.cfd, CIOCGSESSION, &ctx.sess))
- return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
-
- ctx.cryp.ses = ctx.sess.ses;
-
- ctx.cryp.len = text_size;
- ctx.cryp.src = (void *) text;
- ctx.cryp.dst = NULL;
- ctx.cryp.op = COP_ENCRYPT;
- ctx.cryp.mac = digest;
-
- ret = ioctl (ctx.cfd, CIOCCRYPT, &ctx.cryp);
-
- ioctl (_gnutls_cryptodev_fd, CIOCFSESSION, &ctx.sess.ses);
- if (ret != 0)
- return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
-
- return 0;
+ struct cryptodev_ctx ctx;
+ int ret;
+
+ memset(&ctx, 0, sizeof(ctx));
+ ctx.cfd = _gnutls_cryptodev_fd;
+ ctx.sess.mac = gnutls_mac_map[algo];
+
+ ctx.sess.mackeylen = key_size;
+ ctx.sess.mackey = (void *) key;
+
+ if (ioctl(ctx.cfd, CIOCGSESSION, &ctx.sess))
+ return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
+
+ ctx.cryp.ses = ctx.sess.ses;
+
+ ctx.cryp.len = text_size;
+ ctx.cryp.src = (void *) text;
+ ctx.cryp.dst = NULL;
+ ctx.cryp.op = COP_ENCRYPT;
+ ctx.cryp.mac = digest;
+
+ ret = ioctl(ctx.cfd, CIOCCRYPT, &ctx.cryp);
+
+ ioctl(_gnutls_cryptodev_fd, CIOCFSESSION, &ctx.sess.ses);
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
+
+ return 0;
}
#define cryptodev_mac_deinit cryptodev_deinit
static const gnutls_crypto_mac_st mac_struct = {
- .init = NULL,
- .setkey = NULL,
- .setnonce = NULL,
- .hash = NULL,
- .output = NULL,
- .deinit = NULL,
- .fast = cryptodev_mac_fast
+ .init = NULL,
+ .setkey = NULL,
+ .setnonce = NULL,
+ .hash = NULL,
+ .output = NULL,
+ .deinit = NULL,
+ .fast = cryptodev_mac_fast
};
/* Digest algorithms */
static const int gnutls_digest_map[] = {
- [GNUTLS_DIG_MD5] = CRYPTO_MD5,
- [GNUTLS_DIG_SHA1] = CRYPTO_SHA1,
- [GNUTLS_DIG_SHA256] = CRYPTO_SHA2_256,
- [GNUTLS_DIG_SHA384] = CRYPTO_SHA2_384,
- [GNUTLS_DIG_SHA512] = CRYPTO_SHA2_512,
+ [GNUTLS_DIG_MD5] = CRYPTO_MD5,
+ [GNUTLS_DIG_SHA1] = CRYPTO_SHA1,
+ [GNUTLS_DIG_SHA256] = CRYPTO_SHA2_256,
+ [GNUTLS_DIG_SHA384] = CRYPTO_SHA2_384,
+ [GNUTLS_DIG_SHA512] = CRYPTO_SHA2_512,
};
static int
-cryptodev_digest_fast (gnutls_digest_algorithm_t algo,
- const void *text, size_t text_size,
- void *digest)
+cryptodev_digest_fast(gnutls_digest_algorithm_t algo,
+ const void *text, size_t text_size, void *digest)
{
-struct cryptodev_ctx ctx;
-int ret;
-
- memset(&ctx, 0, sizeof(ctx));
- ctx.cfd = _gnutls_cryptodev_fd;
- ctx.sess.mac = gnutls_digest_map[algo];
-
- if (ioctl (ctx.cfd, CIOCGSESSION, &ctx.sess))
- return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
-
- ctx.cryp.ses = ctx.sess.ses;
-
- ctx.cryp.len = text_size;
- ctx.cryp.src = (void *) text;
- ctx.cryp.dst = NULL;
- ctx.cryp.op = COP_ENCRYPT;
- ctx.cryp.mac = digest;
-
- ret = ioctl (ctx.cfd, CIOCCRYPT, &ctx.cryp);
-
- ioctl (_gnutls_cryptodev_fd, CIOCFSESSION, &ctx.sess.ses);
- if (ret != 0)
- return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
-
- return 0;
+ struct cryptodev_ctx ctx;
+ int ret;
+
+ memset(&ctx, 0, sizeof(ctx));
+ ctx.cfd = _gnutls_cryptodev_fd;
+ ctx.sess.mac = gnutls_digest_map[algo];
+
+ if (ioctl(ctx.cfd, CIOCGSESSION, &ctx.sess))
+ return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
+
+ ctx.cryp.ses = ctx.sess.ses;
+
+ ctx.cryp.len = text_size;
+ ctx.cryp.src = (void *) text;
+ ctx.cryp.dst = NULL;
+ ctx.cryp.op = COP_ENCRYPT;
+ ctx.cryp.mac = digest;
+
+ ret = ioctl(ctx.cfd, CIOCCRYPT, &ctx.cryp);
+
+ ioctl(_gnutls_cryptodev_fd, CIOCFSESSION, &ctx.sess.ses);
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
+
+ return 0;
}
static const gnutls_crypto_digest_st digest_struct = {
- .init = NULL,
- .hash = NULL,
- .output = NULL,
- .deinit = NULL,
- .fast = cryptodev_digest_fast
+ .init = NULL,
+ .hash = NULL,
+ .output = NULL,
+ .deinit = NULL,
+ .fast = cryptodev_digest_fast
};
-static int
-register_mac_digest (int cfd)
+static int register_mac_digest(int cfd)
{
- struct session_op sess;
- uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- unsigned int i;
- int ret;
+ struct session_op sess;
+ uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ unsigned int i;
+ int ret;
#ifdef CIOCGSESSINFO
- struct session_info_op siop;
+ struct session_info_op siop;
#endif
- memset (&sess, 0, sizeof (sess));
- for (i = 0; i < sizeof (gnutls_mac_map) / sizeof (gnutls_mac_map[0]); i++)
- {
- if (gnutls_mac_map[i] == 0)
- continue;
-
- sess.mac = gnutls_mac_map[i];
- sess.mackeylen = 8;
- sess.mackey = fake_key;
+ memset(&sess, 0, sizeof(sess));
+ for (i = 0; i < sizeof(gnutls_mac_map) / sizeof(gnutls_mac_map[0]);
+ i++) {
+ if (gnutls_mac_map[i] == 0)
+ continue;
- if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
+ sess.mac = gnutls_mac_map[i];
+ sess.mackeylen = 8;
+ sess.mackey = fake_key;
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
#ifdef CIOCGSESSINFO
- memset(&siop, 0, sizeof(siop));
-
- siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
- if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
- {
- if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
- {
- ioctl (cfd, CIOCFSESSION, &sess.ses);
- continue;
- }
- }
+ memset(&siop, 0, sizeof(siop));
+
+ siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
+ if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0) {
+ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) {
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+ continue;
+ }
+ }
#endif
- _gnutls_debug_log ("/dev/crypto: registering: HMAC-%s\n",
- gnutls_mac_get_name (i));
-
- ioctl (cfd, CIOCFSESSION, &sess.ses);
-
- ret = gnutls_crypto_single_mac_register (i, 90, &mac_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- memset (&sess, 0, sizeof (sess));
- for (i = 0; i < sizeof (gnutls_digest_map) / sizeof (gnutls_digest_map[0]); i++)
- {
- if (gnutls_digest_map[i] == 0)
- continue;
-
- sess.mac = gnutls_digest_map[i];
-
- if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
-
+ _gnutls_debug_log("/dev/crypto: registering: HMAC-%s\n",
+ gnutls_mac_get_name(i));
+
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+
+ ret =
+ gnutls_crypto_single_mac_register(i, 90, &mac_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ memset(&sess, 0, sizeof(sess));
+ for (i = 0;
+ i < sizeof(gnutls_digest_map) / sizeof(gnutls_digest_map[0]);
+ i++) {
+ if (gnutls_digest_map[i] == 0)
+ continue;
+
+ sess.mac = gnutls_digest_map[i];
+
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
#ifdef CIOCGSESSINFO
- memset(&siop, 0, sizeof(siop));
-
- siop.ses = sess.ses;
- if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
- {
- if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
- {
- ioctl (cfd, CIOCFSESSION, &sess.ses);
- continue;
- }
- }
+ memset(&siop, 0, sizeof(siop));
+
+ siop.ses = sess.ses;
+ if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0) {
+ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) {
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+ continue;
+ }
+ }
#endif
- ioctl (cfd, CIOCFSESSION, &sess.ses);
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
- _gnutls_debug_log ("/dev/crypto: registering: %s\n",
- gnutls_mac_get_name (i));
- ret = gnutls_crypto_single_digest_register (i, 90, &digest_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ _gnutls_debug_log("/dev/crypto: registering: %s\n",
+ gnutls_mac_get_name(i));
+ ret =
+ gnutls_crypto_single_digest_register(i, 90,
+ &digest_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
- return 0;
+ return 0;
}
#else
-static int
-register_mac_digest (int cfd)
+static int register_mac_digest(int cfd)
{
- return 0;
+ return 0;
}
-#endif /* defined(COP_FLAG_UPDATE) */
+#endif /* defined(COP_FLAG_UPDATE) */
-#else /* ENABLE_CRYPTODEV */
-int
-_gnutls_cryptodev_init (void)
+#else /* ENABLE_CRYPTODEV */
+int _gnutls_cryptodev_init(void)
{
- return 0;
+ return 0;
}
-void
-_gnutls_cryptodev_deinit (void)
+void _gnutls_cryptodev_deinit(void)
{
- return;
+ return;
}
-#endif /* ENABLE_CRYPTODEV */
+#endif /* ENABLE_CRYPTODEV */
diff --git a/lib/accelerated/cryptodev.h b/lib/accelerated/cryptodev.h
index a430bddf0e..b77fa6e89e 100644
--- a/lib/accelerated/cryptodev.h
+++ b/lib/accelerated/cryptodev.h
@@ -1,5 +1,5 @@
extern int _gnutls_cryptodev_fd;
-void _gnutls_cryptodev_deinit (void);
-int _gnutls_cryptodev_init (void);
-int _cryptodev_register_gcm_crypto (int cfd);
+void _gnutls_cryptodev_deinit(void);
+int _gnutls_cryptodev_init(void);
+int _cryptodev_register_gcm_crypto(int cfd);
diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c
index 721dec4c86..9a19622b29 100644
--- a/lib/accelerated/x86/aes-gcm-padlock.c
+++ b/lib/accelerated/x86/aes-gcm-padlock.c
@@ -46,121 +46,119 @@
struct gcm_padlock_aes_ctx GCM_CTX(struct padlock_ctx);
static void padlock_aes_encrypt(void *_ctx,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pce;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
- pce = ALIGN16(&ctx->expanded_key);
+ pce = ALIGN16(&ctx->expanded_key);
- padlock_ecb_encrypt(dst, src, pce, length);
+ padlock_ecb_encrypt(dst, src, pce, length);
}
static void padlock_aes_set_encrypt_key(struct padlock_ctx *_ctx,
- unsigned length, const uint8_t *key)
+ unsigned length,
+ const uint8_t * key)
{
- struct padlock_ctx *ctx = _ctx;
- ctx->enc = 1;
-
- padlock_aes_cipher_setkey(_ctx, key, length);
+ struct padlock_ctx *ctx = _ctx;
+ ctx->enc = 1;
+
+ padlock_aes_cipher_setkey(_ctx, key, length);
}
-static void
-aes_gcm_deinit (void *_ctx)
+static void aes_gcm_deinit(void *_ctx)
{
- gnutls_free (_ctx);
+ gnutls_free(_ctx);
}
static int
-aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ int enc)
{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
- algorithm != GNUTLS_CIPHER_AES_256_GCM)
- return GNUTLS_E_INVALID_REQUEST;
-
- *_ctx = gnutls_calloc (1, sizeof (struct gcm_padlock_aes_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_256_GCM)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ *_ctx = gnutls_calloc(1, sizeof(struct gcm_padlock_aes_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
static int
-aes_gcm_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
- GCM_SET_KEY(ctx, padlock_aes_set_encrypt_key, padlock_aes_encrypt, keysize, userkey);
+ GCM_SET_KEY(ctx, padlock_aes_set_encrypt_key, padlock_aes_encrypt,
+ keysize, userkey);
- return 0;
+ return 0;
}
-static int
-aes_gcm_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ if (iv_size != GCM_BLOCK_SIZE - 4)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (iv_size != GCM_BLOCK_SIZE - 4)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- GCM_SET_IV(ctx, iv_size, iv);
+ GCM_SET_IV(ctx, iv_size, iv);
- return 0;
+ return 0;
}
static int
-aes_gcm_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t length)
+aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t length)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
- GCM_ENCRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
+ GCM_ENCRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
- return 0;
+ return 0;
}
static int
-aes_gcm_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
- GCM_DECRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
- return 0;
+ GCM_DECRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
+ return 0;
}
-static int
-aes_gcm_auth (void *_ctx, const void *src, size_t src_size)
+static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
- GCM_UPDATE(ctx, src_size, src);
+ GCM_UPDATE(ctx, src_size, src);
- return 0;
+ return 0;
}
-static void
-aes_gcm_tag (void *_ctx, void *tag, size_t tagsize)
+static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
-
- GCM_DIGEST(ctx, padlock_aes_encrypt, tagsize, tag);
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ GCM_DIGEST(ctx, padlock_aes_encrypt, tagsize, tag);
}
const gnutls_crypto_cipher_st aes_gcm_padlock_struct = {
- .init = aes_gcm_cipher_init,
- .setkey = aes_gcm_cipher_setkey,
- .setiv = aes_gcm_setiv,
- .encrypt = aes_gcm_encrypt,
- .decrypt = aes_gcm_decrypt,
- .deinit = aes_gcm_deinit,
- .tag = aes_gcm_tag,
- .auth = aes_gcm_auth,
+ .init = aes_gcm_cipher_init,
+ .setkey = aes_gcm_cipher_setkey,
+ .setiv = aes_gcm_setiv,
+ .encrypt = aes_gcm_encrypt,
+ .decrypt = aes_gcm_decrypt,
+ .deinit = aes_gcm_deinit,
+ .tag = aes_gcm_tag,
+ .auth = aes_gcm_auth,
};
#endif
diff --git a/lib/accelerated/x86/aes-gcm-x86.c b/lib/accelerated/x86/aes-gcm-x86.c
index e7f463fa3e..d506553465 100644
--- a/lib/accelerated/x86/aes-gcm-x86.c
+++ b/lib/accelerated/x86/aes-gcm-x86.c
@@ -37,234 +37,231 @@
/* GCM mode */
-typedef struct
-{
- uint64_t hi, lo;
+typedef struct {
+ uint64_t hi, lo;
} u128;
/* This is the gcm128 structure used in openssl. It
* is compatible with the included assembly code.
*/
-struct gcm128_context
-{
- union
- {
- uint64_t u[2];
- uint32_t d[4];
- uint8_t c[16];
- } Yi, EKi, EK0, len, Xi, H;
- u128 Htable[16];
+struct gcm128_context {
+ union {
+ uint64_t u[2];
+ uint32_t d[4];
+ uint8_t c[16];
+ } Yi, EKi, EK0, len, Xi, H;
+ u128 Htable[16];
};
-struct aes_gcm_ctx
-{
- AES_KEY expanded_key;
- struct gcm128_context gcm;
+struct aes_gcm_ctx {
+ AES_KEY expanded_key;
+ struct gcm128_context gcm;
};
-void gcm_init_clmul (u128 Htable[16], const u64 Xi[2]);
-void gcm_ghash_clmul (uint64_t Xi[2], const u128 Htable[16],
- const uint8_t * inp, size_t len);
-void gcm_gmult_clmul (u64 Xi[2], const u128 Htable[16]);
+void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]);
+void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16],
+ const uint8_t * inp, size_t len);
+void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]);
-static void
-aes_gcm_deinit (void *_ctx)
+static void aes_gcm_deinit(void *_ctx)
{
- gnutls_free (_ctx);
+ gnutls_free(_ctx);
}
static int
-aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ int enc)
{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
- algorithm != GNUTLS_CIPHER_AES_256_GCM)
- return GNUTLS_E_INVALID_REQUEST;
-
- *_ctx = gnutls_calloc (1, sizeof (struct aes_gcm_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_256_GCM)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ *_ctx = gnutls_calloc(1, sizeof(struct aes_gcm_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
static int
-aes_gcm_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct aes_gcm_ctx *ctx = _ctx;
- int ret;
+ struct aes_gcm_ctx *ctx = _ctx;
+ int ret;
- ret = aesni_set_encrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key));
- if (ret != 0)
- return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
+ ret =
+ aesni_set_encrypt_key(userkey, keysize * 8,
+ ALIGN16(&ctx->expanded_key));
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
- aesni_ecb_encrypt (ctx->gcm.H.c, ctx->gcm.H.c,
- GCM_BLOCK_SIZE, ALIGN16(&ctx->expanded_key), 1);
+ aesni_ecb_encrypt(ctx->gcm.H.c, ctx->gcm.H.c,
+ GCM_BLOCK_SIZE, ALIGN16(&ctx->expanded_key), 1);
- ctx->gcm.H.u[0] = bswap_64 (ctx->gcm.H.u[0]);
- ctx->gcm.H.u[1] = bswap_64 (ctx->gcm.H.u[1]);
+ ctx->gcm.H.u[0] = bswap_64(ctx->gcm.H.u[0]);
+ ctx->gcm.H.u[1] = bswap_64(ctx->gcm.H.u[1]);
- gcm_init_clmul (ctx->gcm.Htable, ctx->gcm.H.u);
+ gcm_init_clmul(ctx->gcm.Htable, ctx->gcm.H.u);
- return 0;
+ return 0;
}
-static int
-aes_gcm_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct aes_gcm_ctx *ctx = _ctx;
+ struct aes_gcm_ctx *ctx = _ctx;
- if (iv_size != GCM_BLOCK_SIZE - 4)
- return GNUTLS_E_INVALID_REQUEST;
+ if (iv_size != GCM_BLOCK_SIZE - 4)
+ return GNUTLS_E_INVALID_REQUEST;
- memset (ctx->gcm.Xi.c, 0, sizeof (ctx->gcm.Xi.c));
- memset (ctx->gcm.len.c, 0, sizeof (ctx->gcm.len.c));
+ memset(ctx->gcm.Xi.c, 0, sizeof(ctx->gcm.Xi.c));
+ memset(ctx->gcm.len.c, 0, sizeof(ctx->gcm.len.c));
- memcpy (ctx->gcm.Yi.c, iv, GCM_BLOCK_SIZE - 4);
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 4] = 0;
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 3] = 0;
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 2] = 0;
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 1;
+ memcpy(ctx->gcm.Yi.c, iv, GCM_BLOCK_SIZE - 4);
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 4] = 0;
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 3] = 0;
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 2] = 0;
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 1;
- aesni_ecb_encrypt (ctx->gcm.Yi.c, ctx->gcm.EK0.c,
- GCM_BLOCK_SIZE, ALIGN16(&ctx->expanded_key), 1);
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 2;
- return 0;
+ aesni_ecb_encrypt(ctx->gcm.Yi.c, ctx->gcm.EK0.c,
+ GCM_BLOCK_SIZE, ALIGN16(&ctx->expanded_key), 1);
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 2;
+ return 0;
}
static void
-gcm_ghash (struct aes_gcm_ctx *ctx, const uint8_t * src, size_t src_size)
+gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src, size_t src_size)
{
- size_t rest = src_size % GCM_BLOCK_SIZE;
- size_t aligned_size = src_size - rest;
+ size_t rest = src_size % GCM_BLOCK_SIZE;
+ size_t aligned_size = src_size - rest;
- if (aligned_size > 0)
- gcm_ghash_clmul (ctx->gcm.Xi.u, ctx->gcm.Htable, src, aligned_size);
+ if (aligned_size > 0)
+ gcm_ghash_clmul(ctx->gcm.Xi.u, ctx->gcm.Htable, src,
+ aligned_size);
- if (rest > 0)
- {
- memxor (ctx->gcm.Xi.c, src + aligned_size, rest);
- gcm_gmult_clmul (ctx->gcm.Xi.u, ctx->gcm.Htable);
- }
+ if (rest > 0) {
+ memxor(ctx->gcm.Xi.c, src + aligned_size, rest);
+ gcm_gmult_clmul(ctx->gcm.Xi.u, ctx->gcm.Htable);
+ }
}
static inline void
-ctr_encrypt_last (struct aes_gcm_ctx *ctx, const uint8_t * src,
- uint8_t * dst, size_t pos, size_t length)
+ctr_encrypt_last(struct aes_gcm_ctx *ctx, const uint8_t * src,
+ uint8_t * dst, size_t pos, size_t length)
{
- uint8_t tmp[GCM_BLOCK_SIZE];
- uint8_t out[GCM_BLOCK_SIZE];
+ uint8_t tmp[GCM_BLOCK_SIZE];
+ uint8_t out[GCM_BLOCK_SIZE];
- memcpy (tmp, &src[pos], length);
- aesni_ctr32_encrypt_blocks (tmp, out, 1, ALIGN16(&ctx->expanded_key), ctx->gcm.Yi.c);
+ memcpy(tmp, &src[pos], length);
+ aesni_ctr32_encrypt_blocks(tmp, out, 1,
+ ALIGN16(&ctx->expanded_key),
+ ctx->gcm.Yi.c);
- memcpy (&dst[pos], out, length);
+ memcpy(&dst[pos], out, length);
}
static int
-aes_gcm_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t length)
+aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t length)
{
- struct aes_gcm_ctx *ctx = _ctx;
- int blocks = src_size / GCM_BLOCK_SIZE;
- int exp_blocks = blocks * GCM_BLOCK_SIZE;
- int rest = src_size - (exp_blocks);
- uint32_t counter;
-
- if (blocks > 0)
- {
- aesni_ctr32_encrypt_blocks (src, dst,
- blocks, ALIGN16(&ctx->expanded_key),
- ctx->gcm.Yi.c);
-
- counter = _gnutls_read_uint32 (ctx->gcm.Yi.c + 12);
- counter += blocks;
- _gnutls_write_uint32 (counter, ctx->gcm.Yi.c + 12);
- }
-
- if (rest > 0) /* last incomplete block */
- ctr_encrypt_last (ctx, src, dst, exp_blocks, rest);
-
- gcm_ghash (ctx, dst, src_size);
- ctx->gcm.len.u[1] += src_size;
-
- return 0;
+ struct aes_gcm_ctx *ctx = _ctx;
+ int blocks = src_size / GCM_BLOCK_SIZE;
+ int exp_blocks = blocks * GCM_BLOCK_SIZE;
+ int rest = src_size - (exp_blocks);
+ uint32_t counter;
+
+ if (blocks > 0) {
+ aesni_ctr32_encrypt_blocks(src, dst,
+ blocks,
+ ALIGN16(&ctx->expanded_key),
+ ctx->gcm.Yi.c);
+
+ counter = _gnutls_read_uint32(ctx->gcm.Yi.c + 12);
+ counter += blocks;
+ _gnutls_write_uint32(counter, ctx->gcm.Yi.c + 12);
+ }
+
+ if (rest > 0) /* last incomplete block */
+ ctr_encrypt_last(ctx, src, dst, exp_blocks, rest);
+
+ gcm_ghash(ctx, dst, src_size);
+ ctx->gcm.len.u[1] += src_size;
+
+ return 0;
}
static int
-aes_gcm_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct aes_gcm_ctx *ctx = _ctx;
- int blocks = src_size / GCM_BLOCK_SIZE;
- int exp_blocks = blocks * GCM_BLOCK_SIZE;
- int rest = src_size - (exp_blocks);
- uint32_t counter;
-
- gcm_ghash (ctx, src, src_size);
- ctx->gcm.len.u[1] += src_size;
-
- if (blocks > 0)
- {
- aesni_ctr32_encrypt_blocks (src, dst,
- blocks, ALIGN16(&ctx->expanded_key),
- ctx->gcm.Yi.c);
-
- counter = _gnutls_read_uint32 (ctx->gcm.Yi.c + 12);
- counter += blocks;
- _gnutls_write_uint32 (counter, ctx->gcm.Yi.c + 12);
- }
-
- if (rest > 0) /* last incomplete block */
- ctr_encrypt_last (ctx, src, dst, exp_blocks, rest);
-
- return 0;
+ struct aes_gcm_ctx *ctx = _ctx;
+ int blocks = src_size / GCM_BLOCK_SIZE;
+ int exp_blocks = blocks * GCM_BLOCK_SIZE;
+ int rest = src_size - (exp_blocks);
+ uint32_t counter;
+
+ gcm_ghash(ctx, src, src_size);
+ ctx->gcm.len.u[1] += src_size;
+
+ if (blocks > 0) {
+ aesni_ctr32_encrypt_blocks(src, dst,
+ blocks,
+ ALIGN16(&ctx->expanded_key),
+ ctx->gcm.Yi.c);
+
+ counter = _gnutls_read_uint32(ctx->gcm.Yi.c + 12);
+ counter += blocks;
+ _gnutls_write_uint32(counter, ctx->gcm.Yi.c + 12);
+ }
+
+ if (rest > 0) /* last incomplete block */
+ ctr_encrypt_last(ctx, src, dst, exp_blocks, rest);
+
+ return 0;
}
-static int
-aes_gcm_auth (void *_ctx, const void *src, size_t src_size)
+static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
{
- struct aes_gcm_ctx *ctx = _ctx;
+ struct aes_gcm_ctx *ctx = _ctx;
- gcm_ghash (ctx, src, src_size);
- ctx->gcm.len.u[0] += src_size;
+ gcm_ghash(ctx, src, src_size);
+ ctx->gcm.len.u[0] += src_size;
- return 0;
+ return 0;
}
-static void
-aes_gcm_tag (void *_ctx, void *tag, size_t tagsize)
+static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
{
- struct aes_gcm_ctx *ctx = _ctx;
- uint8_t buffer[GCM_BLOCK_SIZE];
- uint64_t alen, clen;
+ struct aes_gcm_ctx *ctx = _ctx;
+ uint8_t buffer[GCM_BLOCK_SIZE];
+ uint64_t alen, clen;
- alen = ctx->gcm.len.u[0] * 8;
- clen = ctx->gcm.len.u[1] * 8;
+ alen = ctx->gcm.len.u[0] * 8;
+ clen = ctx->gcm.len.u[1] * 8;
- _gnutls_write_uint64 (alen, buffer);
- _gnutls_write_uint64 (clen, &buffer[8]);
+ _gnutls_write_uint64(alen, buffer);
+ _gnutls_write_uint64(clen, &buffer[8]);
- gcm_ghash_clmul (ctx->gcm.Xi.u, ctx->gcm.Htable, buffer, GCM_BLOCK_SIZE);
+ gcm_ghash_clmul(ctx->gcm.Xi.u, ctx->gcm.Htable, buffer,
+ GCM_BLOCK_SIZE);
- ctx->gcm.Xi.u[0] ^= ctx->gcm.EK0.u[0];
- ctx->gcm.Xi.u[1] ^= ctx->gcm.EK0.u[1];
+ ctx->gcm.Xi.u[0] ^= ctx->gcm.EK0.u[0];
+ ctx->gcm.Xi.u[1] ^= ctx->gcm.EK0.u[1];
- memcpy (tag, ctx->gcm.Xi.c, MIN (GCM_BLOCK_SIZE, tagsize));
+ memcpy(tag, ctx->gcm.Xi.c, MIN(GCM_BLOCK_SIZE, tagsize));
}
const gnutls_crypto_cipher_st aes_gcm_struct = {
- .init = aes_gcm_cipher_init,
- .setkey = aes_gcm_cipher_setkey,
- .setiv = aes_gcm_setiv,
- .encrypt = aes_gcm_encrypt,
- .decrypt = aes_gcm_decrypt,
- .deinit = aes_gcm_deinit,
- .tag = aes_gcm_tag,
- .auth = aes_gcm_auth,
+ .init = aes_gcm_cipher_init,
+ .setkey = aes_gcm_cipher_setkey,
+ .setiv = aes_gcm_setiv,
+ .encrypt = aes_gcm_encrypt,
+ .decrypt = aes_gcm_decrypt,
+ .deinit = aes_gcm_deinit,
+ .tag = aes_gcm_tag,
+ .auth = aes_gcm_auth,
};
diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c
index 4e3729a89c..f4b1b168c8 100644
--- a/lib/accelerated/x86/aes-padlock.c
+++ b/lib/accelerated/x86/aes-padlock.c
@@ -32,379 +32,359 @@
#include <aes-x86.h>
#include <x86.h>
#ifdef HAVE_LIBNETTLE
-#include <nettle/aes.h> /* for key generation in 192 and 256 bits */
+#include <nettle/aes.h> /* for key generation in 192 and 256 bits */
#include <sha-padlock.h>
#endif
#include <aes-padlock.h>
static int
-aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_CBC
- && algorithm != GNUTLS_CIPHER_AES_192_CBC
- && algorithm != GNUTLS_CIPHER_AES_256_CBC)
- return GNUTLS_E_INVALID_REQUEST;
-
- *_ctx = gnutls_calloc (1, sizeof (struct padlock_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ((struct padlock_ctx *) (*_ctx))->enc = enc;
- return 0;
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_CBC
+ && algorithm != GNUTLS_CIPHER_AES_192_CBC
+ && algorithm != GNUTLS_CIPHER_AES_256_CBC)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ *_ctx = gnutls_calloc(1, sizeof(struct padlock_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ((struct padlock_ctx *) (*_ctx))->enc = enc;
+ return 0;
}
int
-padlock_aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pce;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
#ifdef HAVE_LIBNETTLE
- struct aes_ctx nc;
+ struct aes_ctx nc;
#endif
- memset (_ctx, 0, sizeof (struct padlock_cipher_data));
+ memset(_ctx, 0, sizeof(struct padlock_cipher_data));
- pce = ALIGN16 (&ctx->expanded_key);
+ pce = ALIGN16(&ctx->expanded_key);
- pce->cword.b.encdec = (ctx->enc == 0);
+ pce->cword.b.encdec = (ctx->enc == 0);
- switch (keysize)
- {
- case 16:
- pce->cword.b.ksize = 0;
- pce->cword.b.rounds = 10;
- memcpy (pce->ks.rd_key, userkey, 16);
- pce->cword.b.keygen = 0;
- break;
+ switch (keysize) {
+ case 16:
+ pce->cword.b.ksize = 0;
+ pce->cword.b.rounds = 10;
+ memcpy(pce->ks.rd_key, userkey, 16);
+ pce->cword.b.keygen = 0;
+ break;
#ifdef HAVE_LIBNETTLE
- case 24:
- pce->cword.b.ksize = 1;
- pce->cword.b.rounds = 12;
- goto common_24_32;
- case 32:
- pce->cword.b.ksize = 2;
- pce->cword.b.rounds = 14;
- common_24_32:
- /* expand key using nettle */
- if (ctx->enc)
- aes_set_encrypt_key (&nc, keysize, userkey);
- else
- aes_set_decrypt_key (&nc, keysize, userkey);
-
- memcpy (pce->ks.rd_key, nc.keys, sizeof (nc.keys));
- pce->ks.rounds = nc.nrounds;
-
- pce->cword.b.keygen = 1;
- break;
+ case 24:
+ pce->cword.b.ksize = 1;
+ pce->cword.b.rounds = 12;
+ goto common_24_32;
+ case 32:
+ pce->cword.b.ksize = 2;
+ pce->cword.b.rounds = 14;
+ common_24_32:
+ /* expand key using nettle */
+ if (ctx->enc)
+ aes_set_encrypt_key(&nc, keysize, userkey);
+ else
+ aes_set_decrypt_key(&nc, keysize, userkey);
+
+ memcpy(pce->ks.rd_key, nc.keys, sizeof(nc.keys));
+ pce->ks.rounds = nc.nrounds;
+
+ pce->cword.b.keygen = 1;
+ break;
#endif
- default:
- return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
- }
+ default:
+ return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
+ }
- padlock_reload_key ();
+ padlock_reload_key();
- return 0;
+ return 0;
}
-static int
-aes_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pce;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
- pce = ALIGN16 (&ctx->expanded_key);
+ pce = ALIGN16(&ctx->expanded_key);
- memcpy (pce->iv, iv, 16);
+ memcpy(pce->iv, iv, 16);
- return 0;
+ return 0;
}
static int
-padlock_aes_cbc_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+padlock_aes_cbc_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pce;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
- pce = ALIGN16 (&ctx->expanded_key);
+ pce = ALIGN16(&ctx->expanded_key);
- padlock_cbc_encrypt (dst, src, pce, src_size);
+ padlock_cbc_encrypt(dst, src, pce, src_size);
- return 0;
+ return 0;
}
static int
-padlock_aes_cbc_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+padlock_aes_cbc_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pcd;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pcd;
- pcd = ALIGN16 (&ctx->expanded_key);
+ pcd = ALIGN16(&ctx->expanded_key);
- padlock_cbc_encrypt (dst, src, pcd, src_size);
+ padlock_cbc_encrypt(dst, src, pcd, src_size);
- return 0;
+ return 0;
}
-static void
-aes_deinit (void *_ctx)
+static void aes_deinit(void *_ctx)
{
- gnutls_free (_ctx);
+ gnutls_free(_ctx);
}
static const gnutls_crypto_cipher_st aes_padlock_struct = {
- .init = aes_cipher_init,
- .setkey = padlock_aes_cipher_setkey,
- .setiv = aes_setiv,
- .encrypt = padlock_aes_cbc_encrypt,
- .decrypt = padlock_aes_cbc_decrypt,
- .deinit = aes_deinit,
+ .init = aes_cipher_init,
+ .setkey = padlock_aes_cipher_setkey,
+ .setiv = aes_setiv,
+ .encrypt = padlock_aes_cbc_encrypt,
+ .decrypt = padlock_aes_cbc_decrypt,
+ .deinit = aes_deinit,
};
-static int
-check_padlock (void)
+static int check_padlock(void)
{
- unsigned int edx = padlock_capability ();
+ unsigned int edx = padlock_capability();
- return ((edx & (0x3 << 6)) == (0x3 << 6));
+ return ((edx & (0x3 << 6)) == (0x3 << 6));
}
-static int
-check_phe (void)
+static int check_phe(void)
{
- unsigned int edx = padlock_capability ();
+ unsigned int edx = padlock_capability();
- return ((edx & (0x3 << 10)) == (0x3 << 10));
+ return ((edx & (0x3 << 10)) == (0x3 << 10));
}
/* We are actually checking for SHA512 */
-static int
-check_phe_sha512 (void)
+static int check_phe_sha512(void)
{
- unsigned int edx = padlock_capability ();
+ unsigned int edx = padlock_capability();
- return ((edx & (0x3 << 25)) == (0x3 << 25));
+ return ((edx & (0x3 << 25)) == (0x3 << 25));
}
-static int
-check_phe_partial (void)
+static int check_phe_partial(void)
{
- const char* text = "test and test";
- uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL,
- 0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL };
-
- padlock_sha1_blocks (iv, text, sizeof(text)-1);
- padlock_sha1_blocks (iv, text, sizeof(text)-1);
-
- if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL &&
- iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL &&
- iv[4] == 0x9D3FF5CFUL)
- return 1;
- else
- return 0;
+ const char *text = "test and test";
+ uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL,
+ 0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL
+ };
+
+ padlock_sha1_blocks(iv, text, sizeof(text) - 1);
+ padlock_sha1_blocks(iv, text, sizeof(text) - 1);
+
+ if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL &&
+ iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL &&
+ iv[4] == 0x9D3FF5CFUL)
+ return 1;
+ else
+ return 0;
}
-static unsigned
-check_via (void)
+static unsigned check_via(void)
{
- unsigned int a, b, c, d;
- gnutls_cpuid (0, &a, &b, &c, &d);
+ unsigned int a, b, c, d;
+ gnutls_cpuid(0, &a, &b, &c, &d);
- if ((memcmp (&b, "Cent", 4) == 0 &&
- memcmp (&d, "aurH", 4) == 0 && memcmp (&c, "auls", 4) == 0))
- {
- return 1;
- }
+ if ((memcmp(&b, "Cent", 4) == 0 &&
+ memcmp(&d, "aurH", 4) == 0 && memcmp(&c, "auls", 4) == 0)) {
+ return 1;
+ }
- return 0;
+ return 0;
}
-void
-register_padlock_crypto (void)
+void register_padlock_crypto(void)
{
- int ret, phe;
-
- if (check_via () == 0)
- return;
- if (check_padlock ())
- {
- _gnutls_debug_log ("Padlock AES accelerator was detected\n");
- ret =
- gnutls_crypto_single_cipher_register
- (GNUTLS_CIPHER_AES_128_CBC, 80, &aes_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- /* register GCM ciphers */
- ret =
- gnutls_crypto_single_cipher_register
- (GNUTLS_CIPHER_AES_128_GCM, 80, &aes_gcm_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
+ int ret, phe;
+
+ if (check_via() == 0)
+ return;
+ if (check_padlock()) {
+ _gnutls_debug_log
+ ("Padlock AES accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_128_CBC, 80, &aes_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ /* register GCM ciphers */
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_128_GCM, 80,
+ &aes_gcm_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
#ifdef HAVE_LIBNETTLE
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_192_CBC,
- 80, &aes_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_CBC,
- 80, &aes_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM,
- 80, &aes_gcm_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_CBC, 80, &aes_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_256_CBC, 80, &aes_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_256_GCM, 80,
+ &aes_gcm_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
#endif
- }
-
+ }
#ifdef HAVE_LIBNETTLE
- phe = check_phe ();
-
- if (phe && check_phe_partial ())
- {
- _gnutls_debug_log ("Padlock SHA1 and SHA256 (partial) accelerator was detected\n");
- if (check_phe_sha512 ())
- {
- _gnutls_debug_log ("Padlock SHA512 (partial) accelerator was detected\n");
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA384,
- 80,
- &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA512,
- 80,
- &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA384,
- 80,
- &hmac_sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA512,
- 80,
- &hmac_sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA1,
- 80, &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA224,
- 80, &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA256,
- 80, &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA1,
- 80, &hmac_sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- /* we don't register MAC_SHA224 because it is not used by TLS */
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA256,
- 80, &hmac_sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
- }
- else if (phe)
- {
- /* Original padlock PHE. Does not support incremental operations.
- */
- _gnutls_debug_log ("Padlock SHA1 and SHA256 accelerator was detected\n");
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA1,
- 80, &sha_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA256,
- 80, &sha_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA1,
- 80, &hmac_sha_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA256,
- 80, &hmac_sha_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
- }
+ phe = check_phe();
+
+ if (phe && check_phe_partial()) {
+ _gnutls_debug_log
+ ("Padlock SHA1 and SHA256 (partial) accelerator was detected\n");
+ if (check_phe_sha512()) {
+ _gnutls_debug_log
+ ("Padlock SHA512 (partial) accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_digest_register
+ (GNUTLS_DIG_SHA384, 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register
+ (GNUTLS_DIG_SHA512, 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register
+ (GNUTLS_MAC_SHA384, 80,
+ &hmac_sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register
+ (GNUTLS_MAC_SHA512, 80,
+ &hmac_sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1,
+ 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA224,
+ 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256,
+ 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA1,
+ 80,
+ &hmac_sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ /* we don't register MAC_SHA224 because it is not used by TLS */
+
+ ret =
+ gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA256,
+ 80,
+ &hmac_sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ } else if (phe) {
+ /* Original padlock PHE. Does not support incremental operations.
+ */
+ _gnutls_debug_log
+ ("Padlock SHA1 and SHA256 accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1,
+ 80,
+ &sha_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256,
+ 80,
+ &sha_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA1,
+ 80,
+ &hmac_sha_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA256,
+ 80,
+ &hmac_sha_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ }
#endif
- return;
+ return;
}
diff --git a/lib/accelerated/x86/aes-padlock.h b/lib/accelerated/x86/aes-padlock.h
index ccb8359af3..cd5d437c8f 100644
--- a/lib/accelerated/x86/aes-padlock.h
+++ b/lib/accelerated/x86/aes-padlock.h
@@ -1,30 +1,30 @@
#ifndef AES_PADLOCK_H
-# define AES_PADLOCK_H
+#define AES_PADLOCK_H
#include <gnutls_int.h>
#include <aes-x86.h>
struct padlock_cipher_data {
- unsigned char iv[16]; /* Initialization vector */
- union {
- unsigned int pad[4];
- struct {
- int rounds:4;
- int dgst:1; /* n/a in C3 */
- int align:1; /* n/a in C3 */
- int ciphr:1; /* n/a in C3 */
- unsigned int keygen:1;
- int interm:1;
- unsigned int encdec:1;
- int ksize:2;
- } b;
- } cword; /* Control word */
- AES_KEY ks; /* Encryption key */
+ unsigned char iv[16]; /* Initialization vector */
+ union {
+ unsigned int pad[4];
+ struct {
+ int rounds:4;
+ int dgst:1; /* n/a in C3 */
+ int align:1; /* n/a in C3 */
+ int ciphr:1; /* n/a in C3 */
+ unsigned int keygen:1;
+ int interm:1;
+ unsigned int encdec:1;
+ int ksize:2;
+ } b;
+ } cword; /* Control word */
+ AES_KEY ks; /* Encryption key */
};
struct padlock_ctx {
- struct padlock_cipher_data expanded_key;
- int enc;
+ struct padlock_cipher_data expanded_key;
+ int enc;
};
extern const gnutls_crypto_cipher_st aes_gcm_padlock_struct;
@@ -34,13 +34,14 @@ extern const gnutls_crypto_digest_st sha_padlock_struct;
extern const gnutls_crypto_mac_st hmac_sha_padlock_nano_struct;
extern const gnutls_crypto_digest_st sha_padlock_nano_struct;
-int padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize);
+int padlock_aes_cipher_setkey(void *_ctx, const void *userkey,
+ size_t keysize);
/* asm */
unsigned int padlock_capability(void);
void padlock_reload_key(void);
int padlock_ecb_encrypt(void *out, const void *inp,
- struct padlock_cipher_data *ctx, size_t len);
+ struct padlock_cipher_data *ctx, size_t len);
int padlock_cbc_encrypt(void *out, const void *inp,
- struct padlock_cipher_data *ctx, size_t len);
+ struct padlock_cipher_data *ctx, size_t len);
#endif
diff --git a/lib/accelerated/x86/aes-x86.c b/lib/accelerated/x86/aes-x86.c
index f3738bcde5..59e2b13280 100644
--- a/lib/accelerated/x86/aes-x86.c
+++ b/lib/accelerated/x86/aes-x86.c
@@ -32,192 +32,184 @@
#include <aes-x86.h>
#include <x86.h>
-struct aes_ctx
-{
- AES_KEY expanded_key;
- uint8_t iv[16];
- int enc;
+struct aes_ctx {
+ AES_KEY expanded_key;
+ uint8_t iv[16];
+ int enc;
};
static int
-aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
-{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_CBC
- && algorithm != GNUTLS_CIPHER_AES_192_CBC
- && algorithm != GNUTLS_CIPHER_AES_256_CBC)
- return GNUTLS_E_INVALID_REQUEST;
-
- *_ctx = gnutls_calloc (1, sizeof (struct aes_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ((struct aes_ctx*)(*_ctx))->enc = enc;
-
- return 0;
-}
-
-static int
-aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
{
- struct aes_ctx *ctx = _ctx;
- int ret;
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_CBC
+ && algorithm != GNUTLS_CIPHER_AES_192_CBC
+ && algorithm != GNUTLS_CIPHER_AES_256_CBC)
+ return GNUTLS_E_INVALID_REQUEST;
- if (ctx->enc)
- ret = aesni_set_encrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key));
- else
- ret = aesni_set_decrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key));
+ *_ctx = gnutls_calloc(1, sizeof(struct aes_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- if (ret != 0)
- return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
+ ((struct aes_ctx *) (*_ctx))->enc = enc;
- return 0;
+ return 0;
}
static int
-aes_setiv (void *_ctx, const void *iv, size_t iv_size)
+aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct aes_ctx *ctx = _ctx;
+ struct aes_ctx *ctx = _ctx;
+ int ret;
+
+ if (ctx->enc)
+ ret =
+ aesni_set_encrypt_key(userkey, keysize * 8,
+ ALIGN16(&ctx->expanded_key));
+ else
+ ret =
+ aesni_set_decrypt_key(userkey, keysize * 8,
+ ALIGN16(&ctx->expanded_key));
+
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
+
+ return 0;
+}
+
+static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)
+{
+ struct aes_ctx *ctx = _ctx;
- memcpy (ctx->iv, iv, 16);
- return 0;
+ memcpy(ctx->iv, iv, 16);
+ return 0;
}
static int
-aes_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct aes_ctx *ctx = _ctx;
+ struct aes_ctx *ctx = _ctx;
- aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 1);
- return 0;
+ aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
+ ctx->iv, 1);
+ return 0;
}
static int
-aes_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct aes_ctx *ctx = _ctx;
+ struct aes_ctx *ctx = _ctx;
- aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 0);
+ aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
+ ctx->iv, 0);
- return 0;
+ return 0;
}
-static void
-aes_deinit (void *_ctx)
+static void aes_deinit(void *_ctx)
{
- gnutls_free (_ctx);
+ gnutls_free(_ctx);
}
static const gnutls_crypto_cipher_st cipher_struct = {
- .init = aes_cipher_init,
- .setkey = aes_cipher_setkey,
- .setiv = aes_setiv,
- .encrypt = aes_encrypt,
- .decrypt = aes_decrypt,
- .deinit = aes_deinit,
+ .init = aes_cipher_init,
+ .setkey = aes_cipher_setkey,
+ .setiv = aes_setiv,
+ .encrypt = aes_encrypt,
+ .decrypt = aes_decrypt,
+ .deinit = aes_deinit,
};
-static unsigned
-check_optimized_aes (void)
+static unsigned check_optimized_aes(void)
{
- unsigned int a, b, c, d;
- gnutls_cpuid (1, &a, &b, &c, &d);
+ unsigned int a, b, c, d;
+ gnutls_cpuid(1, &a, &b, &c, &d);
- return (c & 0x2000000);
+ return (c & 0x2000000);
}
#ifdef ASM_X86_64
-static unsigned
-check_pclmul (void)
+static unsigned check_pclmul(void)
{
- unsigned int a, b, c, d;
- gnutls_cpuid (1, &a, &b, &c, &d);
+ unsigned int a, b, c, d;
+ gnutls_cpuid(1, &a, &b, &c, &d);
- return (c & 0x2);
+ return (c & 0x2);
}
#endif
-static unsigned
-check_intel_or_amd (void)
+static unsigned check_intel_or_amd(void)
{
- unsigned int a, b, c, d;
- gnutls_cpuid (0, &a, &b, &c, &d);
-
- if ((memcmp (&b, "Genu", 4) == 0 &&
- memcmp (&d, "ineI", 4) == 0 &&
- memcmp (&c, "ntel", 4) == 0) ||
- (memcmp (&b, "Auth", 4) == 0 &&
- memcmp (&d, "enti", 4) == 0 && memcmp (&c, "cAMD", 4) == 0))
- {
- return 1;
- }
-
- return 0;
+ unsigned int a, b, c, d;
+ gnutls_cpuid(0, &a, &b, &c, &d);
+
+ if ((memcmp(&b, "Genu", 4) == 0 &&
+ memcmp(&d, "ineI", 4) == 0 &&
+ memcmp(&c, "ntel", 4) == 0) ||
+ (memcmp(&b, "Auth", 4) == 0 &&
+ memcmp(&d, "enti", 4) == 0 && memcmp(&c, "cAMD", 4) == 0)) {
+ return 1;
+ }
+
+ return 0;
}
-void
-register_x86_crypto (void)
+void register_x86_crypto(void)
{
- int ret;
-
- if (check_intel_or_amd () == 0)
- return;
-
- if (check_optimized_aes ())
- {
- _gnutls_debug_log ("Intel AES accelerator was detected\n");
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_128_CBC, 80,
- &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_192_CBC, 80,
- &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_CBC, 80,
- &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
+ int ret;
+
+ if (check_intel_or_amd() == 0)
+ return;
+
+ if (check_optimized_aes()) {
+ _gnutls_debug_log("Intel AES accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_128_CBC, 80, &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_CBC, 80, &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_256_CBC, 80, &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
#ifdef ASM_X86_64
- if (check_pclmul ())
- {
- /* register GCM ciphers */
- _gnutls_debug_log ("Intel GCM accelerator was detected\n");
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_128_GCM,
- 80, &aes_gcm_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM,
- 80, &aes_gcm_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
- }
+ if (check_pclmul()) {
+ /* register GCM ciphers */
+ _gnutls_debug_log
+ ("Intel GCM accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_128_GCM, 80,
+ &aes_gcm_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_256_GCM, 80,
+ &aes_gcm_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ }
#endif
- }
+ }
- return;
+ return;
}
diff --git a/lib/accelerated/x86/aes-x86.h b/lib/accelerated/x86/aes-x86.h
index 33764fe4fe..379dbe6fd7 100644
--- a/lib/accelerated/x86/aes-x86.h
+++ b/lib/accelerated/x86/aes-x86.h
@@ -1,9 +1,9 @@
#ifndef AES_X86_H
-# define AES_X86_H
+#define AES_X86_H
#include <gnutls_int.h>
-void register_x86_crypto (void);
+void register_x86_crypto(void);
void register_padlock_crypto(void);
#define ALIGN16(x) \
@@ -11,32 +11,30 @@ void register_padlock_crypto(void);
#define AES_KEY_ALIGN_SIZE 4
#define AES_MAXNR 14
-typedef struct
-{
- /* We add few more integers to allow alignment
- * on a 16-byte boundary.
- */
- uint32_t rd_key[4 * (AES_MAXNR + 1)+AES_KEY_ALIGN_SIZE];
- uint32_t rounds;
+typedef struct {
+ /* We add few more integers to allow alignment
+ * on a 16-byte boundary.
+ */
+ uint32_t rd_key[4 * (AES_MAXNR + 1) + AES_KEY_ALIGN_SIZE];
+ uint32_t rounds;
} AES_KEY;
-void aesni_ecb_encrypt (const unsigned char *in, unsigned char *out,
- size_t len, const AES_KEY * key,
- int enc);
+void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY * key, int enc);
-void aesni_cbc_encrypt (const unsigned char *in, unsigned char *out,
- size_t len, const AES_KEY * key,
- unsigned char *ivec, const int enc);
-int aesni_set_decrypt_key (const unsigned char *userKey, const int bits,
- AES_KEY * key);
-int aesni_set_encrypt_key (const unsigned char *userKey, const int bits,
- AES_KEY * key);
+void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY * key,
+ unsigned char *ivec, const int enc);
+int aesni_set_decrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY * key);
+int aesni_set_encrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY * key);
void aesni_ctr32_encrypt_blocks(const unsigned char *in,
- unsigned char *out,
- size_t blocks,
- const void *key,
- const unsigned char *ivec);
+ unsigned char *out,
+ size_t blocks,
+ const void *key,
+ const unsigned char *ivec);
extern const gnutls_crypto_cipher_st aes_gcm_struct;
diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c
index 8e281f9a94..eb76a9d607 100644
--- a/lib/accelerated/x86/hmac-padlock.c
+++ b/lib/accelerated/x86/hmac-padlock.c
@@ -44,312 +44,305 @@ typedef void (*update_func) (void *, unsigned, const uint8_t *);
typedef void (*digest_func) (void *, unsigned, uint8_t *);
typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
-struct padlock_hmac_ctx
-{
- union
- {
- struct hmac_sha224_ctx sha224;
- struct hmac_sha256_ctx sha256;
- struct hmac_sha384_ctx sha384;
- struct hmac_sha512_ctx sha512;
- struct hmac_sha1_ctx sha1;
- } ctx;
-
- void *ctx_ptr;
- gnutls_mac_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
- set_key_func setkey;
+struct padlock_hmac_ctx {
+ union {
+ struct hmac_sha224_ctx sha224;
+ struct hmac_sha256_ctx sha256;
+ struct hmac_sha384_ctx sha384;
+ struct hmac_sha512_ctx sha512;
+ struct hmac_sha1_ctx sha1;
+ } ctx;
+
+ void *ctx_ptr;
+ gnutls_mac_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+ set_key_func setkey;
};
static void
-padlock_hmac_sha1_set_key (struct hmac_sha1_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha1_set_key(struct hmac_sha1_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha1, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha1, key_length, key);
}
static void
-padlock_hmac_sha1_update (struct hmac_sha1_ctx *ctx,
- unsigned length, const uint8_t * data)
+padlock_hmac_sha1_update(struct hmac_sha1_ctx *ctx,
+ unsigned length, const uint8_t * data)
{
- padlock_sha1_update (&ctx->state, length, data);
+ padlock_sha1_update(&ctx->state, length, data);
}
static void
-padlock_hmac_sha1_digest (struct hmac_sha1_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha1, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha1, length, digest);
}
static void
-padlock_hmac_sha256_set_key (struct hmac_sha256_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha256, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha256, key_length, key);
}
static void
-padlock_hmac_sha256_update (struct hmac_sha256_ctx *ctx,
- unsigned length, const uint8_t * data)
+padlock_hmac_sha256_update(struct hmac_sha256_ctx *ctx,
+ unsigned length, const uint8_t * data)
{
- padlock_sha256_update (&ctx->state, length, data);
+ padlock_sha256_update(&ctx->state, length, data);
}
static void
-padlock_hmac_sha256_digest (struct hmac_sha256_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha256, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha256, length, digest);
}
static void
-padlock_hmac_sha224_set_key (struct hmac_sha224_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha224, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha224, key_length, key);
}
static void
-padlock_hmac_sha224_digest (struct hmac_sha224_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha224, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha224, length, digest);
}
static void
-padlock_hmac_sha384_set_key (struct hmac_sha384_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha384, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha384, key_length, key);
}
static void
-padlock_hmac_sha384_digest (struct hmac_sha384_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha384_digest(struct hmac_sha384_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha384, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha384, length, digest);
}
static void
-padlock_hmac_sha512_set_key (struct hmac_sha512_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha512, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha512, key_length, key);
}
static void
-padlock_hmac_sha512_update (struct hmac_sha512_ctx *ctx,
- unsigned length, const uint8_t * data)
+padlock_hmac_sha512_update(struct hmac_sha512_ctx *ctx,
+ unsigned length, const uint8_t * data)
{
- padlock_sha512_update (&ctx->state, length, data);
+ padlock_sha512_update(&ctx->state, length, data);
}
static void
-padlock_hmac_sha512_digest (struct hmac_sha512_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha512, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha512, length, digest);
}
static int
-_hmac_ctx_init (gnutls_mac_algorithm_t algo, struct padlock_hmac_ctx *ctx)
+_hmac_ctx_init(gnutls_mac_algorithm_t algo, struct padlock_hmac_ctx *ctx)
{
- switch (algo)
- {
- case GNUTLS_MAC_SHA1:
- ctx->update = (update_func) padlock_hmac_sha1_update;
- ctx->digest = (digest_func) padlock_hmac_sha1_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha1_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA224:
- ctx->update = (update_func) padlock_hmac_sha256_update;
- ctx->digest = (digest_func) padlock_hmac_sha224_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha224_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA256:
- ctx->update = (update_func) padlock_hmac_sha256_update;
- ctx->digest = (digest_func) padlock_hmac_sha256_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha256_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA384:
- ctx->update = (update_func) padlock_hmac_sha512_update;
- ctx->digest = (digest_func) padlock_hmac_sha384_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha384_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA512:
- ctx->update = (update_func) padlock_hmac_sha512_update;
- ctx->digest = (digest_func) padlock_hmac_sha512_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha512_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ switch (algo) {
+ case GNUTLS_MAC_SHA1:
+ ctx->update = (update_func) padlock_hmac_sha1_update;
+ ctx->digest = (digest_func) padlock_hmac_sha1_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha1_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA224:
+ ctx->update = (update_func) padlock_hmac_sha256_update;
+ ctx->digest = (digest_func) padlock_hmac_sha224_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha224_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA256:
+ ctx->update = (update_func) padlock_hmac_sha256_update;
+ ctx->digest = (digest_func) padlock_hmac_sha256_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha256_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA384:
+ ctx->update = (update_func) padlock_hmac_sha512_update;
+ ctx->digest = (digest_func) padlock_hmac_sha384_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha384_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA512:
+ ctx->update = (update_func) padlock_hmac_sha512_update;
+ ctx->digest = (digest_func) padlock_hmac_sha512_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha512_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
-static int
-wrap_padlock_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
+static int wrap_padlock_hmac_init(gnutls_mac_algorithm_t algo, void **_ctx)
{
- struct padlock_hmac_ctx *ctx;
- int ret;
+ struct padlock_hmac_ctx *ctx;
+ int ret;
- ctx = gnutls_calloc (1, sizeof (struct padlock_hmac_ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ctx = gnutls_calloc(1, sizeof(struct padlock_hmac_ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx->algo = algo;
+ ctx->algo = algo;
- ret = _hmac_ctx_init (algo, ctx);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ ret = _hmac_ctx_init(algo, ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
static int
-wrap_padlock_hmac_setkey (void *_ctx, const void *key, size_t keylen)
+wrap_padlock_hmac_setkey(void *_ctx, const void *key, size_t keylen)
{
- struct padlock_hmac_ctx *ctx = _ctx;
+ struct padlock_hmac_ctx *ctx = _ctx;
- ctx->setkey (ctx->ctx_ptr, keylen, key);
+ ctx->setkey(ctx->ctx_ptr, keylen, key);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_padlock_hmac_update (void *_ctx, const void *text, size_t textsize)
+wrap_padlock_hmac_update(void *_ctx, const void *text, size_t textsize)
{
- struct padlock_hmac_ctx *ctx = _ctx;
+ struct padlock_hmac_ctx *ctx = _ctx;
- ctx->update (ctx->ctx_ptr, textsize, text);
+ ctx->update(ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_padlock_hmac_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_padlock_hmac_output(void *src_ctx, void *digest, size_t digestsize)
{
- struct padlock_hmac_ctx *ctx;
- ctx = src_ctx;
+ struct padlock_hmac_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (digestsize < ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- ctx->digest (ctx->ctx_ptr, digestsize, digest);
+ ctx->digest(ctx->ctx_ptr, digestsize, digest);
- return 0;
+ return 0;
}
-static void
-wrap_padlock_hmac_deinit (void *hd)
+static void wrap_padlock_hmac_deinit(void *hd)
{
- gnutls_free (hd);
+ gnutls_free(hd);
}
static int
-wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo,
- const void* nonce, size_t nonce_size,
- const void *key, size_t key_size, const void *text,
- size_t text_size, void *digest)
+wrap_padlock_hmac_fast(gnutls_mac_algorithm_t algo,
+ const void *nonce, size_t nonce_size,
+ const void *key, size_t key_size, const void *text,
+ size_t text_size, void *digest)
{
- if (algo == GNUTLS_MAC_SHA1 || algo == GNUTLS_MAC_SHA256)
- {
- unsigned char *pad;
- unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE];
- unsigned char hkey[MAX_SHA_DIGEST_SIZE];
- unsigned int digest_size = _gnutls_mac_get_algo_len (mac_to_entry(algo));
+ if (algo == GNUTLS_MAC_SHA1 || algo == GNUTLS_MAC_SHA256) {
+ unsigned char *pad;
+ unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE];
+ unsigned char hkey[MAX_SHA_DIGEST_SIZE];
+ unsigned int digest_size =
+ _gnutls_mac_get_algo_len(mac_to_entry(algo));
- if (key_size > SHA1_DATA_SIZE)
- {
- wrap_padlock_hash_fast ((gnutls_digest_algorithm_t)algo, key, key_size, hkey);
- key = hkey;
- key_size = digest_size;
- }
+ if (key_size > SHA1_DATA_SIZE) {
+ wrap_padlock_hash_fast((gnutls_digest_algorithm_t)
+ algo, key, key_size, hkey);
+ key = hkey;
+ key_size = digest_size;
+ }
- pad = gnutls_malloc (text_size + SHA1_DATA_SIZE);
- if (pad == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ pad = gnutls_malloc(text_size + SHA1_DATA_SIZE);
+ if (pad == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- memset (pad, IPAD, SHA1_DATA_SIZE);
- memxor (pad, key, key_size);
+ memset(pad, IPAD, SHA1_DATA_SIZE);
+ memxor(pad, key, key_size);
- memcpy (&pad[SHA1_DATA_SIZE], text, text_size);
+ memcpy(&pad[SHA1_DATA_SIZE], text, text_size);
- wrap_padlock_hash_fast ((gnutls_digest_algorithm_t)algo, pad, text_size + SHA1_DATA_SIZE,
- &pad2[SHA1_DATA_SIZE]);
+ wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo,
+ pad, text_size + SHA1_DATA_SIZE,
+ &pad2[SHA1_DATA_SIZE]);
- gnutls_free (pad);
+ gnutls_free(pad);
- memset (pad2, OPAD, SHA1_DATA_SIZE);
- memxor (pad2, key, key_size);
+ memset(pad2, OPAD, SHA1_DATA_SIZE);
+ memxor(pad2, key, key_size);
- wrap_padlock_hash_fast ((gnutls_digest_algorithm_t)algo, pad2, digest_size + SHA1_DATA_SIZE,
- digest);
+ wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo,
+ pad2, digest_size + SHA1_DATA_SIZE,
+ digest);
- }
- else
- {
- struct padlock_hmac_ctx ctx;
- int ret;
+ } else {
+ struct padlock_hmac_ctx ctx;
+ int ret;
- ret = _hmac_ctx_init (algo, &ctx);
- if (ret < 0)
- return gnutls_assert_val (ret);
- ctx.algo = algo;
+ ret = _hmac_ctx_init(algo, &ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ ctx.algo = algo;
- wrap_padlock_hmac_setkey (&ctx, key, key_size);
+ wrap_padlock_hmac_setkey(&ctx, key, key_size);
- wrap_padlock_hmac_update (&ctx, text, text_size);
+ wrap_padlock_hmac_update(&ctx, text, text_size);
- wrap_padlock_hmac_output (&ctx, digest, ctx.length);
- wrap_padlock_hmac_deinit (&ctx);
- }
+ wrap_padlock_hmac_output(&ctx, digest, ctx.length);
+ wrap_padlock_hmac_deinit(&ctx);
+ }
- return 0;
+ return 0;
}
const gnutls_crypto_mac_st hmac_sha_padlock_struct = {
- .init = NULL,
- .setkey = NULL,
- .setnonce = NULL,
- .hash = NULL,
- .output = NULL,
- .deinit = NULL,
- .fast = wrap_padlock_hmac_fast
+ .init = NULL,
+ .setkey = NULL,
+ .setnonce = NULL,
+ .hash = NULL,
+ .output = NULL,
+ .deinit = NULL,
+ .fast = wrap_padlock_hmac_fast
};
const gnutls_crypto_mac_st hmac_sha_padlock_nano_struct = {
- .init = wrap_padlock_hmac_init,
- .setkey = wrap_padlock_hmac_setkey,
- .setnonce = NULL,
- .hash = wrap_padlock_hmac_update,
- .output = wrap_padlock_hmac_output,
- .deinit = wrap_padlock_hmac_deinit,
- .fast = wrap_padlock_hmac_fast,
+ .init = wrap_padlock_hmac_init,
+ .setkey = wrap_padlock_hmac_setkey,
+ .setnonce = NULL,
+ .hash = wrap_padlock_hmac_update,
+ .output = wrap_padlock_hmac_output,
+ .deinit = wrap_padlock_hmac_deinit,
+ .fast = wrap_padlock_hmac_fast,
};
-#endif /* HAVE_LIBNETTLE */
+#endif /* HAVE_LIBNETTLE */
diff --git a/lib/accelerated/x86/sha-padlock.c b/lib/accelerated/x86/sha-padlock.c
index 1ba5a08f2e..bafe637184 100644
--- a/lib/accelerated/x86/sha-padlock.c
+++ b/lib/accelerated/x86/sha-padlock.c
@@ -38,38 +38,35 @@ typedef void (*digest_func) (void *, unsigned, uint8_t *);
typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
typedef void (*init_func) (void *);
-struct padlock_hash_ctx
-{
- union
- {
- struct sha1_ctx sha1;
- struct sha224_ctx sha224;
- struct sha256_ctx sha256;
- struct sha384_ctx sha384;
- struct sha512_ctx sha512;
- } ctx;
- void *ctx_ptr;
- gnutls_digest_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
- init_func init;
+struct padlock_hash_ctx {
+ union {
+ struct sha1_ctx sha1;
+ struct sha224_ctx sha224;
+ struct sha256_ctx sha256;
+ struct sha384_ctx sha384;
+ struct sha512_ctx sha512;
+ } ctx;
+ void *ctx_ptr;
+ gnutls_digest_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+ init_func init;
};
static int
-wrap_padlock_hash_update (void *_ctx, const void *text, size_t textsize)
+wrap_padlock_hash_update(void *_ctx, const void *text, size_t textsize)
{
- struct padlock_hash_ctx *ctx = _ctx;
+ struct padlock_hash_ctx *ctx = _ctx;
- ctx->update (ctx->ctx_ptr, textsize, text);
+ ctx->update(ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-static void
-wrap_padlock_hash_deinit (void *hd)
+static void wrap_padlock_hash_deinit(void *hd)
{
- gnutls_free (hd);
+ gnutls_free(hd);
}
#define SHA1_COMPRESS(ctx, data) (padlock_sha1_blocks((void*)(ctx)->state, data, 1))
@@ -78,293 +75,280 @@ wrap_padlock_hash_deinit (void *hd)
void
padlock_sha1_update(struct sha1_ctx *ctx,
- unsigned length, const uint8_t *data)
+ unsigned length, const uint8_t * data)
{
- MD_UPDATE (ctx, length, data, SHA1_COMPRESS, MD_INCR(ctx));
+ MD_UPDATE(ctx, length, data, SHA1_COMPRESS, MD_INCR(ctx));
}
void
padlock_sha256_update(struct sha256_ctx *ctx,
- unsigned length, const uint8_t *data)
+ unsigned length, const uint8_t * data)
{
- MD_UPDATE (ctx, length, data, SHA256_COMPRESS, MD_INCR(ctx));
+ MD_UPDATE(ctx, length, data, SHA256_COMPRESS, MD_INCR(ctx));
}
void
padlock_sha512_update(struct sha512_ctx *ctx,
- unsigned length, const uint8_t *data)
+ unsigned length, const uint8_t * data)
{
- MD_UPDATE (ctx, length, data, SHA512_COMPRESS, MD_INCR(ctx));
+ MD_UPDATE(ctx, length, data, SHA512_COMPRESS, MD_INCR(ctx));
}
static void
-_nettle_write_be32(unsigned length, uint8_t *dst,
- uint32_t *src)
+_nettle_write_be32(unsigned length, uint8_t * dst, uint32_t * src)
{
- unsigned i;
- unsigned words;
- unsigned leftover;
-
- words = length / 4;
- leftover = length % 4;
-
- for (i = 0; i < words; i++, dst += 4)
- WRITE_UINT32(dst, src[i]);
-
- if (leftover)
- {
- uint32_t word;
- unsigned j = leftover;
-
- word = src[i];
-
- switch (leftover)
- {
- default:
- abort();
- case 3:
- dst[--j] = (word >> 8) & 0xff;
- /* Fall through */
- case 2:
- dst[--j] = (word >> 16) & 0xff;
- /* Fall through */
- case 1:
- dst[--j] = (word >> 24) & 0xff;
+ unsigned i;
+ unsigned words;
+ unsigned leftover;
+
+ words = length / 4;
+ leftover = length % 4;
+
+ for (i = 0; i < words; i++, dst += 4)
+ WRITE_UINT32(dst, src[i]);
+
+ if (leftover) {
+ uint32_t word;
+ unsigned j = leftover;
+
+ word = src[i];
+
+ switch (leftover) {
+ default:
+ abort();
+ case 3:
+ dst[--j] = (word >> 8) & 0xff;
+ /* Fall through */
+ case 2:
+ dst[--j] = (word >> 16) & 0xff;
+ /* Fall through */
+ case 1:
+ dst[--j] = (word >> 24) & 0xff;
+ }
}
- }
}
static void
padlock_sha1_digest(struct sha1_ctx *ctx,
- unsigned length, uint8_t *digest)
+ unsigned length, uint8_t * digest)
{
- uint32_t high, low;
+ uint32_t high, low;
- assert(length <= SHA1_DIGEST_SIZE);
+ assert(length <= SHA1_DIGEST_SIZE);
- MD_PAD(ctx, 8, SHA1_COMPRESS);
+ MD_PAD(ctx, 8, SHA1_COMPRESS);
- /* There are 512 = 2^9 bits in one block */
- high = (ctx->count_high << 9) | (ctx->count_low >> 23);
- low = (ctx->count_low << 9) | (ctx->index << 3);
+ /* There are 512 = 2^9 bits in one block */
+ high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ low = (ctx->count_low << 9) | (ctx->index << 3);
- /* append the 64 bit count */
- WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), high);
- WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), low);
- SHA1_COMPRESS(ctx, ctx->block);
+ /* append the 64 bit count */
+ WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), high);
+ WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), low);
+ SHA1_COMPRESS(ctx, ctx->block);
- _nettle_write_be32(length, digest, ctx->state);
+ _nettle_write_be32(length, digest, ctx->state);
}
static void
padlock_sha256_digest(struct sha256_ctx *ctx,
- unsigned length,
- uint8_t *digest)
+ unsigned length, uint8_t * digest)
{
- uint32_t high, low;
+ uint32_t high, low;
- assert(length <= SHA256_DIGEST_SIZE);
+ assert(length <= SHA256_DIGEST_SIZE);
- MD_PAD(ctx, 8, SHA256_COMPRESS);
+ MD_PAD(ctx, 8, SHA256_COMPRESS);
- /* There are 512 = 2^9 bits in one block */
- high = (ctx->count_high << 9) | (ctx->count_low >> 23);
- low = (ctx->count_low << 9) | (ctx->index << 3);
+ /* There are 512 = 2^9 bits in one block */
+ high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ low = (ctx->count_low << 9) | (ctx->index << 3);
- /* This is slightly inefficient, as the numbers are converted to
- big-endian format, and will be converted back by the compression
- function. It's probably not worth the effort to fix this. */
- WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), high);
- WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), low);
- SHA256_COMPRESS(ctx, ctx->block);
+ /* This is slightly inefficient, as the numbers are converted to
+ big-endian format, and will be converted back by the compression
+ function. It's probably not worth the effort to fix this. */
+ WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), high);
+ WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), low);
+ SHA256_COMPRESS(ctx, ctx->block);
- _nettle_write_be32(length, digest, ctx->state);
+ _nettle_write_be32(length, digest, ctx->state);
}
static void
padlock_sha512_digest(struct sha512_ctx *ctx,
- unsigned length,
- uint8_t *digest)
+ unsigned length, uint8_t * digest)
{
- uint64_t high, low;
+ uint64_t high, low;
- unsigned i;
- unsigned words;
- unsigned leftover;
+ unsigned i;
+ unsigned words;
+ unsigned leftover;
- assert(length <= SHA512_DIGEST_SIZE);
+ assert(length <= SHA512_DIGEST_SIZE);
- MD_PAD(ctx, 16, SHA512_COMPRESS);
+ MD_PAD(ctx, 16, SHA512_COMPRESS);
- /* There are 1024 = 2^10 bits in one block */
- high = (ctx->count_high << 10) | (ctx->count_low >> 54);
- low = (ctx->count_low << 10) | (ctx->index << 3);
+ /* There are 1024 = 2^10 bits in one block */
+ high = (ctx->count_high << 10) | (ctx->count_low >> 54);
+ low = (ctx->count_low << 10) | (ctx->index << 3);
- /* This is slightly inefficient, as the numbers are converted to
- big-endian format, and will be converted back by the compression
- function. It's probably not worth the effort to fix this. */
- WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 16), high);
- WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 8), low);
- SHA512_COMPRESS(ctx, ctx->block);
+ /* This is slightly inefficient, as the numbers are converted to
+ big-endian format, and will be converted back by the compression
+ function. It's probably not worth the effort to fix this. */
+ WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 16), high);
+ WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 8), low);
+ SHA512_COMPRESS(ctx, ctx->block);
- words = length / 8;
- leftover = length % 8;
+ words = length / 8;
+ leftover = length % 8;
- for (i = 0; i < words; i++, digest += 8)
- WRITE_UINT64(digest, ctx->state[i]);
+ for (i = 0; i < words; i++, digest += 8)
+ WRITE_UINT64(digest, ctx->state[i]);
- if (leftover)
- {
- /* Truncate to the right size */
- uint64_t word = ctx->state[i] >> (8*(8 - leftover));
+ if (leftover) {
+ /* Truncate to the right size */
+ uint64_t word = ctx->state[i] >> (8 * (8 - leftover));
- do {
- digest[--leftover] = word & 0xff;
- word >>= 8;
- } while (leftover);
- }
+ do {
+ digest[--leftover] = word & 0xff;
+ word >>= 8;
+ } while (leftover);
+ }
}
-static int _ctx_init(gnutls_digest_algorithm_t algo, struct padlock_hash_ctx *ctx)
+static int _ctx_init(gnutls_digest_algorithm_t algo,
+ struct padlock_hash_ctx *ctx)
{
- switch (algo)
- {
- case GNUTLS_DIG_SHA1:
- sha1_init (&ctx->ctx.sha1);
- ctx->update = (update_func) padlock_sha1_update;
- ctx->digest = (digest_func) padlock_sha1_digest;
- ctx->init = (init_func)sha1_init;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA224:
- sha224_init (&ctx->ctx.sha224);
- ctx->update = (update_func) padlock_sha256_update;
- ctx->digest = (digest_func) padlock_sha256_digest;
- ctx->init = (init_func)sha224_init;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA256:
- sha256_init (&ctx->ctx.sha256);
- ctx->update = (update_func) padlock_sha256_update;
- ctx->digest = (digest_func) padlock_sha256_digest;
- ctx->init = (init_func)sha256_init;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA384:
- sha384_init (&ctx->ctx.sha384);
- ctx->update = (update_func) padlock_sha512_update;
- ctx->digest = (digest_func) padlock_sha512_digest;
- ctx->init = (init_func)sha384_init;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA512:
- sha512_init (&ctx->ctx.sha512);
- ctx->update = (update_func) padlock_sha512_update;
- ctx->digest = (digest_func) padlock_sha512_digest;
- ctx->init = (init_func)sha512_init;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ switch (algo) {
+ case GNUTLS_DIG_SHA1:
+ sha1_init(&ctx->ctx.sha1);
+ ctx->update = (update_func) padlock_sha1_update;
+ ctx->digest = (digest_func) padlock_sha1_digest;
+ ctx->init = (init_func) sha1_init;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA224:
+ sha224_init(&ctx->ctx.sha224);
+ ctx->update = (update_func) padlock_sha256_update;
+ ctx->digest = (digest_func) padlock_sha256_digest;
+ ctx->init = (init_func) sha224_init;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA256:
+ sha256_init(&ctx->ctx.sha256);
+ ctx->update = (update_func) padlock_sha256_update;
+ ctx->digest = (digest_func) padlock_sha256_digest;
+ ctx->init = (init_func) sha256_init;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA384:
+ sha384_init(&ctx->ctx.sha384);
+ ctx->update = (update_func) padlock_sha512_update;
+ ctx->digest = (digest_func) padlock_sha512_digest;
+ ctx->init = (init_func) sha384_init;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA512:
+ sha512_init(&ctx->ctx.sha512);
+ ctx->update = (update_func) padlock_sha512_update;
+ ctx->digest = (digest_func) padlock_sha512_digest;
+ ctx->init = (init_func) sha512_init;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
static int
-wrap_padlock_hash_init (gnutls_digest_algorithm_t algo, void **_ctx)
+wrap_padlock_hash_init(gnutls_digest_algorithm_t algo, void **_ctx)
{
- struct padlock_hash_ctx *ctx;
- int ret;
+ struct padlock_hash_ctx *ctx;
+ int ret;
- ctx = gnutls_malloc (sizeof (struct padlock_hash_ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ctx = gnutls_malloc(sizeof(struct padlock_hash_ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx->algo = algo;
+ ctx->algo = algo;
- if ((ret=_ctx_init( algo, ctx)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret = _ctx_init(algo, ctx)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
static int
-wrap_padlock_hash_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_padlock_hash_output(void *src_ctx, void *digest, size_t digestsize)
{
- struct padlock_hash_ctx *ctx;
- ctx = src_ctx;
+ struct padlock_hash_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length)
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ if (digestsize < ctx->length)
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- ctx->digest (ctx->ctx_ptr, digestsize, digest);
+ ctx->digest(ctx->ctx_ptr, digestsize, digest);
- ctx->init( ctx->ctx_ptr);
+ ctx->init(ctx->ctx_ptr);
- return 0;
+ return 0;
}
-int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
- const void* text, size_t text_size,
- void* digest)
+int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
+ const void *text, size_t text_size,
+ void *digest)
{
- if (algo == GNUTLS_DIG_SHA1)
- {
- uint32_t iv[5] =
- {
- 0x67452301UL,
- 0xEFCDAB89UL,
- 0x98BADCFEUL,
- 0x10325476UL,
- 0xC3D2E1F0UL,
- };
- padlock_sha1_oneshot (iv, text, text_size);
- _nettle_write_be32(20, digest, iv);
- }
- else if (algo == GNUTLS_DIG_SHA256)
- {
- uint32_t iv[8] =
- {
- 0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, 0xa54ff53aUL,
- 0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL, 0x5be0cd19UL,
- };
- padlock_sha256_oneshot (iv, text, text_size);
- _nettle_write_be32(32, digest, iv);
- }
- else
- {
- struct padlock_hash_ctx ctx;
- int ret;
-
- ret = _ctx_init(algo, &ctx);
- if (ret < 0)
- return gnutls_assert_val(ret);
- ctx.algo = algo;
-
- wrap_padlock_hash_update(&ctx, text, text_size);
-
- wrap_padlock_hash_output(&ctx, digest, ctx.length);
- wrap_padlock_hash_deinit(&ctx);
- }
-
- return 0;
+ if (algo == GNUTLS_DIG_SHA1) {
+ uint32_t iv[5] = {
+ 0x67452301UL,
+ 0xEFCDAB89UL,
+ 0x98BADCFEUL,
+ 0x10325476UL,
+ 0xC3D2E1F0UL,
+ };
+ padlock_sha1_oneshot(iv, text, text_size);
+ _nettle_write_be32(20, digest, iv);
+ } else if (algo == GNUTLS_DIG_SHA256) {
+ uint32_t iv[8] = {
+ 0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL,
+ 0xa54ff53aUL,
+ 0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL,
+ 0x5be0cd19UL,
+ };
+ padlock_sha256_oneshot(iv, text, text_size);
+ _nettle_write_be32(32, digest, iv);
+ } else {
+ struct padlock_hash_ctx ctx;
+ int ret;
+
+ ret = _ctx_init(algo, &ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ ctx.algo = algo;
+
+ wrap_padlock_hash_update(&ctx, text, text_size);
+
+ wrap_padlock_hash_output(&ctx, digest, ctx.length);
+ wrap_padlock_hash_deinit(&ctx);
+ }
+
+ return 0;
}
const struct nettle_hash padlock_sha1 = _NETTLE_HASH(sha1, SHA1);
@@ -374,19 +358,19 @@ const struct nettle_hash padlock_sha384 = _NETTLE_HASH(sha384, SHA384);
const struct nettle_hash padlock_sha512 = _NETTLE_HASH(sha512, SHA512);
const gnutls_crypto_digest_st sha_padlock_struct = {
- .init = NULL,
- .hash = NULL,
- .output = NULL,
- .deinit = NULL,
- .fast = wrap_padlock_hash_fast
+ .init = NULL,
+ .hash = NULL,
+ .output = NULL,
+ .deinit = NULL,
+ .fast = wrap_padlock_hash_fast
};
const gnutls_crypto_digest_st sha_padlock_nano_struct = {
- .init = wrap_padlock_hash_init,
- .hash = wrap_padlock_hash_update,
- .output = wrap_padlock_hash_output,
- .deinit = wrap_padlock_hash_deinit,
- .fast = wrap_padlock_hash_fast,
+ .init = wrap_padlock_hash_init,
+ .hash = wrap_padlock_hash_update,
+ .output = wrap_padlock_hash_output,
+ .deinit = wrap_padlock_hash_deinit,
+ .fast = wrap_padlock_hash_fast,
};
-#endif /* HAVE_LIBNETTLE */
+#endif /* HAVE_LIBNETTLE */
diff --git a/lib/accelerated/x86/sha-padlock.h b/lib/accelerated/x86/sha-padlock.h
index 5d1959a2a4..05af543075 100644
--- a/lib/accelerated/x86/sha-padlock.h
+++ b/lib/accelerated/x86/sha-padlock.h
@@ -1,25 +1,28 @@
#ifndef SHA_PADLOCK_H
-# define SHA_PADLOCK_H
+#define SHA_PADLOCK_H
#include <nettle/sha.h>
void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
-void padlock_sha1_blocks(unsigned int *ctx,const void *inp,size_t blocks);
-void padlock_sha256_blocks(unsigned int *ctx,const void *inp,size_t blocks);
-void padlock_sha512_blocks(unsigned int *ctx,const void *inp,size_t blocks);
+void padlock_sha1_blocks(unsigned int *ctx, const void *inp,
+ size_t blocks);
+void padlock_sha256_blocks(unsigned int *ctx, const void *inp,
+ size_t blocks);
+void padlock_sha512_blocks(unsigned int *ctx, const void *inp,
+ size_t blocks);
-int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
- const void* text, size_t text_size,
- void* digest);
+int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
+ const void *text, size_t text_size,
+ void *digest);
void padlock_sha1_update(struct sha1_ctx *ctx,
- unsigned length, const uint8_t *data);
+ unsigned length, const uint8_t * data);
void padlock_sha256_update(struct sha256_ctx *ctx,
- unsigned length, const uint8_t *data);
+ unsigned length, const uint8_t * data);
void padlock_sha512_update(struct sha512_ctx *ctx,
- unsigned length, const uint8_t *data);
+ unsigned length, const uint8_t * data);
extern const struct nettle_hash padlock_sha1;
extern const struct nettle_hash padlock_sha224;
diff --git a/lib/accelerated/x86/x86.h b/lib/accelerated/x86/x86.h
index f19168e70e..cfa03fe377 100644
--- a/lib/accelerated/x86/x86.h
+++ b/lib/accelerated/x86/x86.h
@@ -24,13 +24,13 @@
#if defined(ASM_X86)
-void gnutls_cpuid(unsigned int func, unsigned int *ax, unsigned int *bx, unsigned int *cx, unsigned int* dx);
+void gnutls_cpuid(unsigned int func, unsigned int *ax, unsigned int *bx,
+ unsigned int *cx, unsigned int *dx);
-# ifdef ASM_X86_32
+#ifdef ASM_X86_32
unsigned int gnutls_have_cpuid(void);
-# else
-# define gnutls_have_cpuid() 1
-# endif /* ASM_X86_32 */
+#else
+#define gnutls_have_cpuid() 1
+#endif /* ASM_X86_32 */
#endif
-
diff --git a/lib/algorithms.h b/lib/algorithms.h
index e2c89e4941..d57e48fd3f 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -32,58 +32,57 @@
#define MAX_CIPHERSUITE_SIZE 512
/* Functions for version handling. */
-const version_entry_st* version_to_entry(gnutls_protocol_t c);
-gnutls_protocol_t _gnutls_version_lowest (gnutls_session_t session);
-gnutls_protocol_t _gnutls_version_max (gnutls_session_t session);
-int _gnutls_version_priority (gnutls_session_t session,
- gnutls_protocol_t version);
-int _gnutls_version_is_supported (gnutls_session_t session,
- const gnutls_protocol_t version);
-gnutls_protocol_t _gnutls_version_get (uint8_t major, uint8_t minor);
+const version_entry_st *version_to_entry(gnutls_protocol_t c);
+gnutls_protocol_t _gnutls_version_lowest(gnutls_session_t session);
+gnutls_protocol_t _gnutls_version_max(gnutls_session_t session);
+int _gnutls_version_priority(gnutls_session_t session,
+ gnutls_protocol_t version);
+int _gnutls_version_is_supported(gnutls_session_t session,
+ const gnutls_protocol_t version);
+gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor);
/* Functions for feature checks */
inline static int
-_gnutls_version_has_selectable_prf (const version_entry_st* ver)
+_gnutls_version_has_selectable_prf(const version_entry_st * ver)
{
- if (unlikely(ver==NULL))
- return 0;
- return ver->selectable_prf;
+ if (unlikely(ver == NULL))
+ return 0;
+ return ver->selectable_prf;
}
inline static int
-_gnutls_version_has_selectable_sighash (const version_entry_st* ver)
+_gnutls_version_has_selectable_sighash(const version_entry_st * ver)
{
- if (unlikely(ver==NULL))
- return 0;
- return ver->selectable_sighash;
+ if (unlikely(ver == NULL))
+ return 0;
+ return ver->selectable_sighash;
}
inline static
-int _gnutls_version_has_extensions (const version_entry_st* ver)
+int _gnutls_version_has_extensions(const version_entry_st * ver)
{
- if (unlikely(ver==NULL))
- return 0;
- return ver->extensions;
+ if (unlikely(ver == NULL))
+ return 0;
+ return ver->extensions;
}
inline static
-int _gnutls_version_has_explicit_iv (const version_entry_st* ver)
+int _gnutls_version_has_explicit_iv(const version_entry_st * ver)
{
- if (unlikely(ver==NULL))
- return 0;
- return ver->explicit_iv;
+ if (unlikely(ver == NULL))
+ return 0;
+ return ver->explicit_iv;
}
/* Functions for MACs. */
-const mac_entry_st* mac_to_entry(gnutls_mac_algorithm_t c);
+const mac_entry_st *mac_to_entry(gnutls_mac_algorithm_t c);
-inline static int
-_gnutls_mac_is_ok (const mac_entry_st * e)
+inline static int _gnutls_mac_is_ok(const mac_entry_st * e)
{
- if (unlikely(e==NULL) || e->id == 0)
- return 0;
- else
- return 1;
+ if (unlikely(e == NULL) || e->id == 0)
+ return 0;
+ else
+ return 1;
}
/*-
@@ -95,230 +94,223 @@ _gnutls_mac_is_ok (const mac_entry_st * e)
* Returns: length (in bytes) of the MAC output size, or 0 if the
* given MAC algorithm is invalid.
-*/
-inline static size_t
-_gnutls_mac_get_algo_len (const mac_entry_st * e)
+inline static size_t _gnutls_mac_get_algo_len(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- else
- return e->output_size;
+ if (unlikely(e == NULL))
+ return 0;
+ else
+ return e->output_size;
}
-inline static const char*
-_gnutls_x509_mac_to_oid (const mac_entry_st * e)
+inline static const char *_gnutls_x509_mac_to_oid(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return NULL;
- else
- return e->oid;
+ if (unlikely(e == NULL))
+ return NULL;
+ else
+ return e->oid;
}
-inline static const char*
-_gnutls_mac_get_name (const mac_entry_st * e)
+inline static const char *_gnutls_mac_get_name(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return NULL;
- else
- return e->name;
+ if (unlikely(e == NULL))
+ return NULL;
+ else
+ return e->name;
}
-inline static int
-_gnutls_mac_block_size (const mac_entry_st * e)
+inline static int _gnutls_mac_block_size(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- else
- return e->block_size;
+ if (unlikely(e == NULL))
+ return 0;
+ else
+ return e->block_size;
}
-inline static int
-_gnutls_mac_get_key_size (const mac_entry_st * e)
+inline static int _gnutls_mac_get_key_size(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- else
- return e->key_size;
+ if (unlikely(e == NULL))
+ return 0;
+ else
+ return e->key_size;
}
-gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest (const char *oid);
+gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest(const char *oid);
/* Functions for digests. */
#define _gnutls_x509_digest_to_oid _gnutls_x509_mac_to_oid
#define _gnutls_digest_get_name _gnutls_mac_get_name
#define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len
-inline static int
-_gnutls_digest_is_secure (const mac_entry_st * e)
+inline static int _gnutls_digest_is_secure(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- else
- return e->secure;
+ if (unlikely(e == NULL))
+ return 0;
+ else
+ return e->secure;
}
/* Functions for cipher suites. */
-int _gnutls_supported_ciphersuites (gnutls_session_t session,
- uint8_t* cipher_suites,
- unsigned int max_cipher_suite_size);
-const char *_gnutls_cipher_suite_get_name (const uint8_t suite[2]);
-gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf (const uint8_t suite[2]);
-const cipher_entry_st* _gnutls_cipher_suite_get_cipher_algo (const
- uint8_t suite[2]);
-gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2]);
-const mac_entry_st* _gnutls_cipher_suite_get_mac_algo (const
- uint8_t suite[2]);
+int _gnutls_supported_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ unsigned int max_cipher_suite_size);
+const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2]);
+gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf(const uint8_t
+ suite[2]);
+const cipher_entry_st *_gnutls_cipher_suite_get_cipher_algo(const uint8_t
+ suite[2]);
+gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const uint8_t
+ suite[2]);
+const mac_entry_st *_gnutls_cipher_suite_get_mac_algo(const uint8_t
+ suite[2]);
int
-_gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm, uint8_t suite[2]);
+_gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm,
+ uint8_t suite[2]);
/* Functions for ciphers. */
-const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c);
+const cipher_entry_st *cipher_to_entry(gnutls_cipher_algorithm_t c);
-inline static int
-_gnutls_cipher_is_block (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return 0;
- return e->block;
+inline static int _gnutls_cipher_is_block(const cipher_entry_st * e)
+{
+ if (unlikely(e == NULL))
+ return 0;
+ return e->block;
}
-inline static int
-_gnutls_cipher_get_block_size (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return 0;
- return e->blocksize;
+inline static int _gnutls_cipher_get_block_size(const cipher_entry_st * e)
+{
+ if (unlikely(e == NULL))
+ return 0;
+ return e->blocksize;
}
inline static int
-_gnutls_cipher_get_implicit_iv_size (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return 0;
- return e->iv;
+_gnutls_cipher_get_implicit_iv_size(const cipher_entry_st * e)
+{
+ if (unlikely(e == NULL))
+ return 0;
+ return e->iv;
}
-inline static int
-_gnutls_cipher_get_key_size (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return 0;
- return e->keysize;
+inline static int _gnutls_cipher_get_key_size(const cipher_entry_st * e)
+{
+ if (unlikely(e == NULL))
+ return 0;
+ return e->keysize;
}
-inline static const char*
-_gnutls_cipher_get_name (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return NULL;
- return e->name;
+inline static const char *_gnutls_cipher_get_name(const cipher_entry_st *
+ e)
+{
+ if (unlikely(e == NULL))
+ return NULL;
+ return e->name;
}
-inline static int
-_gnutls_cipher_algo_is_aead (const cipher_entry_st* e)
+inline static int _gnutls_cipher_algo_is_aead(const cipher_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- return e->aead;
+ if (unlikely(e == NULL))
+ return 0;
+ return e->aead;
}
-inline static int
-_gnutls_cipher_is_ok (const cipher_entry_st* e)
+inline static int _gnutls_cipher_is_ok(const cipher_entry_st * e)
{
- if (unlikely(e==NULL) || e->id == 0)
- return 0;
- else
- return 1;
+ if (unlikely(e == NULL) || e->id == 0)
+ return 0;
+ else
+ return 1;
}
-inline static int
-_gnutls_cipher_get_tag_size (const cipher_entry_st* e)
+inline static int _gnutls_cipher_get_tag_size(const cipher_entry_st * e)
{
- size_t ret = 0;
+ size_t ret = 0;
- if (unlikely(e==NULL))
- return ret;
+ if (unlikely(e == NULL))
+ return ret;
- if (e->aead)
- ret = e->blocksize; /* FIXME: happens to be the same for now */
- else
- ret = 0;
- return ret;
+ if (e->aead)
+ ret = e->blocksize; /* FIXME: happens to be the same for now */
+ else
+ ret = 0;
+ return ret;
}
/* Functions for key exchange. */
-int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm);
-int _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm);
-mod_auth_st *_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm);
-int _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm);
+int _gnutls_kx_needs_dh_params(gnutls_kx_algorithm_t algorithm);
+int _gnutls_kx_needs_rsa_params(gnutls_kx_algorithm_t algorithm);
+mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm_t algorithm);
+int _gnutls_kx_is_ok(gnutls_kx_algorithm_t algorithm);
/* Type to KX mappings. */
-gnutls_kx_algorithm_t _gnutls_map_kx_get_kx (gnutls_credentials_type_t type,
- int server);
-gnutls_credentials_type_t _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t
- algorithm, int server);
+gnutls_kx_algorithm_t _gnutls_map_kx_get_kx(gnutls_credentials_type_t type,
+ int server);
+gnutls_credentials_type_t _gnutls_map_kx_get_cred(gnutls_kx_algorithm_t
+ algorithm, int server);
/* KX to PK mapping. */
/* DSA + RSA + ECC */
#define GNUTLS_DISTINCT_PK_ALGORITHMS 3
-gnutls_pk_algorithm_t _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t
- kx_algorithm);
-gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm (const char *oid);
-const char *_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t pk);
+gnutls_pk_algorithm_t _gnutls_map_pk_get_pk(gnutls_kx_algorithm_t
+ kx_algorithm);
+gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm(const char *oid);
+const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm_t pk);
-enum encipher_type
-{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
+enum encipher_type { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
-enum encipher_type _gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm);
+enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm_t
+ algorithm);
/* Functions for sign algorithms. */
-gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
-gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign);
-const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
- gnutls_digest_algorithm_t mac);
-gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st *
- aid);
-const sign_algorithm_st* _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
-
-int _gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm);
-int _gnutls_cipher_priority (gnutls_session_t session,
- gnutls_cipher_algorithm_t a);
-int _gnutls_kx_priority (gnutls_session_t session,
- gnutls_kx_algorithm_t algorithm);
-
-unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits);
+gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm(const char *oid);
+gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk(gnutls_sign_algorithm_t
+ sign);
+const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t,
+ gnutls_digest_algorithm_t mac);
+gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign(const sign_algorithm_st *
+ aid);
+const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t
+ sign);
+
+int _gnutls_mac_priority(gnutls_session_t session,
+ gnutls_mac_algorithm_t algorithm);
+int _gnutls_cipher_priority(gnutls_session_t session,
+ gnutls_cipher_algorithm_t a);
+int _gnutls_kx_priority(gnutls_session_t session,
+ gnutls_kx_algorithm_t algorithm);
+
+unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits);
/* ECC */
-struct gnutls_ecc_curve_entry_st
-{
- const char *name;
- const char* oid;
- gnutls_ecc_curve_t id;
- int tls_id; /* The RFC4492 namedCurve ID */
- int size; /* the size in bytes */
+struct gnutls_ecc_curve_entry_st {
+ const char *name;
+ const char *oid;
+ gnutls_ecc_curve_t id;
+ int tls_id; /* The RFC4492 namedCurve ID */
+ int size; /* the size in bytes */
};
typedef struct gnutls_ecc_curve_entry_st gnutls_ecc_curve_entry_st;
-const gnutls_ecc_curve_entry_st * _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve);
-gnutls_ecc_curve_t _gnutls_ecc_curve_get_id (const char *name);
-int _gnutls_tls_id_to_ecc_curve (int num);
-int _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc);
-const char * _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve);
-gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid);
-gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve (int bits);
+const gnutls_ecc_curve_entry_st
+ *_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve);
+gnutls_ecc_curve_t _gnutls_ecc_curve_get_id(const char *name);
+int _gnutls_tls_id_to_ecc_curve(int num);
+int _gnutls_ecc_curve_get_tls_id(gnutls_ecc_curve_t supported_ecc);
+const char *_gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve);
+gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve(const char *oid);
+gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(int bits);
#define MAX_ECC_CURVE_SIZE 66
static inline int _gnutls_kx_is_ecc(gnutls_kx_algorithm_t kx)
{
- if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA ||
- kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK)
- return 1;
+ if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA ||
+ kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK)
+ return 1;
- return 0;
+ return 0;
}
#endif
diff --git a/lib/algorithms/cert_types.c b/lib/algorithms/cert_types.c
index 303438b759..7ccab552e3 100644
--- a/lib/algorithms/cert_types.c
+++ b/lib/algorithms/cert_types.c
@@ -34,17 +34,17 @@
* Returns: a string that contains the name of the specified
* certificate type, or %NULL in case of unknown types.
**/
-const char *
-gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
+const char *gnutls_certificate_type_get_name(gnutls_certificate_type_t
+ type)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- if (type == GNUTLS_CRT_X509)
- ret = "X.509";
- if (type == GNUTLS_CRT_OPENPGP)
- ret = "OPENPGP";
+ if (type == GNUTLS_CRT_X509)
+ ret = "X.509";
+ if (type == GNUTLS_CRT_OPENPGP)
+ ret = "OPENPGP";
- return ret;
+ return ret;
}
/**
@@ -56,23 +56,23 @@ gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
* Returns: a #gnutls_certificate_type_t for the specified in a
* string certificate type, or %GNUTLS_CRT_UNKNOWN on error.
**/
-gnutls_certificate_type_t
-gnutls_certificate_type_get_id (const char *name)
+gnutls_certificate_type_t gnutls_certificate_type_get_id(const char *name)
{
- gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
+ gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
- if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
- return GNUTLS_CRT_X509;
- if (strcasecmp (name, "OPENPGP") == 0)
- return GNUTLS_CRT_OPENPGP;
+ if (strcasecmp(name, "X.509") == 0
+ || strcasecmp(name, "X509") == 0)
+ return GNUTLS_CRT_X509;
+ if (strcasecmp(name, "OPENPGP") == 0)
+ return GNUTLS_CRT_OPENPGP;
- return ret;
+ return ret;
}
static const gnutls_certificate_type_t supported_certificate_types[] = {
- GNUTLS_CRT_X509,
- GNUTLS_CRT_OPENPGP,
- 0
+ GNUTLS_CRT_X509,
+ GNUTLS_CRT_OPENPGP,
+ 0
};
/**
@@ -83,12 +83,7 @@ static const gnutls_certificate_type_t supported_certificate_types[] = {
* Returns: a (0)-terminated list of #gnutls_certificate_type_t
* integers indicating the available certificate types.
**/
-const gnutls_certificate_type_t *
-gnutls_certificate_type_list (void)
+const gnutls_certificate_type_t *gnutls_certificate_type_list(void)
{
- return supported_certificate_types;
+ return supported_certificate_types;
}
-
-
-
-
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index 2d57933e7a..a0d372818b 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -34,46 +34,67 @@
* Make sure to update MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
*/
static const cipher_entry_st algorithms[] = {
- {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 16, 0},
- {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 16, 0},
- {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 16, 0},
- {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
- {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0},
- {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0},
- {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0},
- {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0},
- {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0, 0},
- {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0},
+ {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM,
+ AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM,
+ AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0,
+ 0, 0},
+ {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32,
+ CIPHER_STREAM, 8, 8, 0},
+ {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM,
+ 8, 8, 0},
+ {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16,
+ CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32,
+ CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0},
+ {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0},
+ {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0,
+ 0},
+ {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0},
#ifdef ENABLE_OPENPGP
- {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0},
- {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, 8, 8, 0},
- {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0},
- {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8,
- 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0},
- {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16,
- CIPHER_BLOCK, 8, 8, 0},
- {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
- 16, 0},
- {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24, CIPHER_BLOCK, 16,
- 16, 0},
- {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32, CIPHER_BLOCK, 16,
- 16, 0},
- {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
- 16, 0},
+ {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8,
+ 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0},
+ {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16,
+ CIPHER_BLOCK, 8, 8, 0},
+ {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16,
+ CIPHER_BLOCK, 16,
+ 16, 0},
#endif
- {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0}
+ {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0}
};
#define GNUTLS_CIPHER_LOOP(b) \
@@ -85,11 +106,11 @@ static const cipher_entry_st algorithms[] = {
/* CIPHER functions */
-const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c)
+const cipher_entry_st *cipher_to_entry(gnutls_cipher_algorithm_t c)
{
- GNUTLS_CIPHER_LOOP (if (c==p->id) return p);
+ GNUTLS_CIPHER_LOOP(if (c == p->id) return p);
- return NULL;
+ return NULL;
}
/**
@@ -100,12 +121,11 @@ const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c)
*
* Since: 2.10.0
**/
-int
-gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm)
{
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->blocksize);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->blocksize);
+ return ret;
}
@@ -117,10 +137,9 @@ gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
*
* Since: 3.2.2
**/
-int
-gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm)
{
- return _gnutls_cipher_get_tag_size(cipher_to_entry(algorithm));
+ return _gnutls_cipher_get_tag_size(cipher_to_entry(algorithm));
}
/**
@@ -133,27 +152,27 @@ gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm)
*
* Since: 3.2.0
**/
-int
-gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm)
{
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->cipher_iv);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->cipher_iv);
+ return ret;
}
/* returns the priority */
int
-_gnutls_cipher_priority (gnutls_session_t session,
- gnutls_cipher_algorithm_t algorithm)
+_gnutls_cipher_priority(gnutls_session_t session,
+ gnutls_cipher_algorithm_t algorithm)
{
- unsigned int i;
- for (i = 0; i < session->internals.priorities.cipher.algorithms; i++)
- {
- if (session->internals.priorities.cipher.priority[i] == algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.cipher.algorithms;
+ i++) {
+ if (session->internals.priorities.cipher.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -165,12 +184,11 @@ _gnutls_cipher_priority (gnutls_session_t session,
* Returns: length (in bytes) of the given cipher's key size, or 0 if
* the given cipher is invalid.
**/
-size_t
-gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
-{ /* In bytes */
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->keysize);
- return ret;
+size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm)
+{ /* In bytes */
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->keysize);
+ return ret;
}
@@ -183,15 +201,14 @@ gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
* Returns: a pointer to a string that contains the name of the
* specified cipher, or %NULL.
**/
-const char *
-gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
+const char *gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -203,20 +220,18 @@ gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
* Returns: return a #gnutls_cipher_algorithm_t value corresponding to
* the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
**/
-gnutls_cipher_algorithm_t
-gnutls_cipher_get_id (const char *name)
+gnutls_cipher_algorithm_t gnutls_cipher_get_id(const char *name)
{
- gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
+ gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
- GNUTLS_CIPHER_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_CIPHER_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -233,22 +248,20 @@ gnutls_cipher_get_id (const char *name)
* integers indicating the available ciphers.
*
**/
-const gnutls_cipher_algorithm_t *
-gnutls_cipher_list (void)
+const gnutls_cipher_algorithm_t *gnutls_cipher_list(void)
{
-static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] = {0};
+ static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] =
+ { 0 };
- if (supported_ciphers[0] == 0)
- {
- int i = 0;
+ if (supported_ciphers[0] == 0) {
+ int i = 0;
- GNUTLS_CIPHER_LOOP (
- if (_gnutls_cipher_exists(p->id))
- supported_ciphers[i++]=p->id;
- );
- supported_ciphers[i++]=0;
- }
+ GNUTLS_CIPHER_LOOP(
+ if (_gnutls_cipher_exists(p->id))
+ supported_ciphers[i++] = p->id;
+ );
+ supported_ciphers[i++] = 0;
+ }
- return supported_ciphers;
+ return supported_ciphers;
}
-
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 03b2118fcc..b9637d71f6 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -31,18 +31,17 @@
#define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \
{ #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf}
-typedef struct
-{
- const char *name;
- const uint8_t id[2];
- gnutls_cipher_algorithm_t block_algorithm;
- gnutls_kx_algorithm_t kx_algorithm;
- gnutls_mac_algorithm_t mac_algorithm;
- gnutls_protocol_t min_version; /* this cipher suite is supported
- * from 'version' and above;
- */
- gnutls_protocol_t min_dtls_version; /* DTLS min version */
- gnutls_mac_algorithm_t prf;
+typedef struct {
+ const char *name;
+ const uint8_t id[2];
+ gnutls_cipher_algorithm_t block_algorithm;
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_mac_algorithm_t mac_algorithm;
+ gnutls_protocol_t min_version; /* this cipher suite is supported
+ * from 'version' and above;
+ */
+ gnutls_protocol_t min_dtls_version; /* DTLS min version */
+ gnutls_mac_algorithm_t prf;
} gnutls_cipher_suite_entry;
/* RSA with NULL cipher and MD5 MAC
@@ -312,764 +311,764 @@ typedef struct
#define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1)
static const gnutls_cipher_suite_entry cs_algorithms[] = {
- /* RSA-NULL */
- ENTRY (GNUTLS_RSA_NULL_MD5,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_NULL_SHA256,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
-
- /* RSA */
- ENTRY (GNUTLS_RSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_ARCFOUR_128_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ /* RSA-NULL */
+ ENTRY(GNUTLS_RSA_NULL_MD5,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_NULL_SHA256,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+
+ /* RSA */
+ ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* Salsa20 */
- ENTRY (GNUTLS_RSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_RSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- /* DHE_DSS */
+ ENTRY(GNUTLS_RSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_RSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ /* DHE_DSS */
#ifdef ENABLE_DHE
- ENTRY (GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
- /* DHE_RSA */
- ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+ /* DHE_RSA */
+ ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-#endif /* DHE */
+ ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+#endif /* DHE */
#ifdef ENABLE_ECDHE
/* ECC-RSA */
- ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* ECDHE-ECDSA */
- ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* More ECC */
-
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
- ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* ECDHE-ECDSA */
+ ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* More ECC */
+
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+ ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* Salsa20 */
- ENTRY (GNUTLS_ECDHE_RSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
#endif
#ifdef ENABLE_PSK
- /* ECC - PSK */
- ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
- ENTRY (GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
- ENTRY (GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-
- ENTRY (GNUTLS_ECDHE_PSK_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- /* PSK */
- ENTRY (GNUTLS_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
-
- ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- ENTRY (GNUTLS_PSK_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_PSK_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* RSA-PSK */
- ENTRY (GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
-
- ENTRY (GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF (GNUTLS_RSA_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
-
- /* DHE-PSK */
- ENTRY (GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ /* ECC - PSK */
+ ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+ ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+ ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+
+ ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ /* PSK */
+ ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+
+ ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ ENTRY(GNUTLS_PSK_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_PSK_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* RSA-PSK */
+ ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+
+ ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+
+ /* DHE-PSK */
+ ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
#endif
#ifdef ENABLE_ANON
- /* DH_ANON */
- ENTRY (GNUTLS_DH_ANON_ARCFOUR_128_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
- GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ /* DH_ANON */
+ ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* ECC-ANON */
- ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
#endif
#ifdef ENABLE_SRP
- /* SRP */
- ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
+ /* SRP */
+ ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
#endif
- {0, {0, 0}, 0, 0, 0, 0, 0, 0}
+ {0, {0, 0}, 0, 0, 0, 0, 0, 0}
};
#define CIPHER_SUITE_LOOP(b) \
@@ -1081,72 +1080,70 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
/* Cipher Suite's functions */
-const cipher_entry_st*
-_gnutls_cipher_suite_get_cipher_algo (const uint8_t suite[2])
+const cipher_entry_st *_gnutls_cipher_suite_get_cipher_algo(const uint8_t
+ suite[2])
{
- int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm);
- return cipher_to_entry(ret);
+ int ret = 0;
+ CIPHER_SUITE_ALG_LOOP(ret = p->block_algorithm);
+ return cipher_to_entry(ret);
}
gnutls_kx_algorithm_t
-_gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2])
+_gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2])
{
- int ret = 0;
+ int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm);
- return ret;
+ CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm);
+ return ret;
}
-gnutls_mac_algorithm_t
-_gnutls_cipher_suite_get_prf (const uint8_t suite[2])
+gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf(const uint8_t suite[2])
{
- int ret = 0;
+ int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->prf);
- return ret;
+ CIPHER_SUITE_ALG_LOOP(ret = p->prf);
+ return ret;
}
-const mac_entry_st*
-_gnutls_cipher_suite_get_mac_algo (const uint8_t suite[2])
-{ /* In bytes */
- int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
- return mac_to_entry(ret);
+const mac_entry_st *_gnutls_cipher_suite_get_mac_algo(const uint8_t
+ suite[2])
+{ /* In bytes */
+ int ret = 0;
+ CIPHER_SUITE_ALG_LOOP(ret = p->mac_algorithm);
+ return mac_to_entry(ret);
}
-const char *
-_gnutls_cipher_suite_get_name (const uint8_t suite[2])
+const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2])
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1);
+ /* avoid prefix */
+ CIPHER_SUITE_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1);
- return ret;
+ return ret;
}
-static const gnutls_cipher_suite_entry *
-cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm)
+static const gnutls_cipher_suite_entry
+ *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm)
{
- const gnutls_cipher_suite_entry *ret = NULL;
-
- CIPHER_SUITE_LOOP (
- if (kx_algorithm == p->kx_algorithm &&
- cipher_algorithm == p->block_algorithm && mac_algorithm == p->mac_algorithm)
- {
- ret = p;
- break;
- }
- );
-
- return ret;
+ const gnutls_cipher_suite_entry *ret = NULL;
+
+ CIPHER_SUITE_LOOP(
+ if (kx_algorithm == p->kx_algorithm &&
+ cipher_algorithm == p->block_algorithm
+ && mac_algorithm == p->mac_algorithm) {
+ ret = p;
+ break;
+ }
+ );
+
+ return ret;
}
@@ -1162,18 +1159,21 @@ cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm,
* Returns: a string that contains the name of a TLS cipher suite,
* specified by the given algorithms, or %NULL.
**/
-const char *
-gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm)
+const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t
+ kx_algorithm,
+ gnutls_cipher_algorithm_t
+ cipher_algorithm,
+ gnutls_mac_algorithm_t
+ mac_algorithm)
{
-const gnutls_cipher_suite_entry * ce;
-
- ce = cipher_suite_get (kx_algorithm, cipher_algorithm, mac_algorithm);
- if (ce == NULL)
- return NULL;
- else
- return ce->name + sizeof ("GNUTLS_") - 1;
+ const gnutls_cipher_suite_entry *ce;
+
+ ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
+ mac_algorithm);
+ if (ce == NULL)
+ return NULL;
+ else
+ return ce->name + sizeof("GNUTLS_") - 1;
}
/*-
@@ -1188,21 +1188,22 @@ const gnutls_cipher_suite_entry * ce;
* Returns: 0 on success or a negative error code otherwise.
-*/
int
-_gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm, uint8_t suite[2])
+_gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm,
+ uint8_t suite[2])
{
-const gnutls_cipher_suite_entry * ce;
-
- ce = cipher_suite_get (kx_algorithm, cipher_algorithm, mac_algorithm);
- if (ce == NULL)
- return GNUTLS_E_INVALID_REQUEST;
- else
- {
- suite[0] = ce->id[0];
- suite[1] = ce->id[1];
- }
- return 0;
+ const gnutls_cipher_suite_entry *ce;
+
+ ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
+ mac_algorithm);
+ if (ce == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+ else {
+ suite[0] = ce->id[0];
+ suite[1] = ce->id[1];
+ }
+ return 0;
}
/**
@@ -1223,44 +1224,42 @@ const gnutls_cipher_suite_entry * ce;
* about the cipher suite in the output variables. If @idx is out of
* bounds, %NULL is returned.
**/
-const char *
-gnutls_cipher_suite_info (size_t idx,
- unsigned char *cs_id,
- gnutls_kx_algorithm_t * kx,
- gnutls_cipher_algorithm_t * cipher,
- gnutls_mac_algorithm_t * mac,
- gnutls_protocol_t * min_version)
+const char *gnutls_cipher_suite_info(size_t idx,
+ unsigned char *cs_id,
+ gnutls_kx_algorithm_t * kx,
+ gnutls_cipher_algorithm_t * cipher,
+ gnutls_mac_algorithm_t * mac,
+ gnutls_protocol_t * min_version)
{
- if (idx >= CIPHER_SUITES_COUNT)
- return NULL;
-
- if (cs_id)
- memcpy (cs_id, cs_algorithms[idx].id, 2);
- if (kx)
- *kx = cs_algorithms[idx].kx_algorithm;
- if (cipher)
- *cipher = cs_algorithms[idx].block_algorithm;
- if (mac)
- *mac = cs_algorithms[idx].mac_algorithm;
- if (min_version)
- *min_version = cs_algorithms[idx].min_version;
-
- return cs_algorithms[idx].name + sizeof ("GNU") - 1;
+ if (idx >= CIPHER_SUITES_COUNT)
+ return NULL;
+
+ if (cs_id)
+ memcpy(cs_id, cs_algorithms[idx].id, 2);
+ if (kx)
+ *kx = cs_algorithms[idx].kx_algorithm;
+ if (cipher)
+ *cipher = cs_algorithms[idx].block_algorithm;
+ if (mac)
+ *mac = cs_algorithms[idx].mac_algorithm;
+ if (min_version)
+ *min_version = cs_algorithms[idx].min_version;
+
+ return cs_algorithms[idx].name + sizeof("GNU") - 1;
}
-static inline int
-_gnutls_cipher_suite_is_ok (const uint8_t suite[2])
+static inline int _gnutls_cipher_suite_is_ok(const uint8_t suite[2])
{
- size_t ret;
- const char *name = NULL;
+ size_t ret;
+ const char *name = NULL;
- CIPHER_SUITE_ALG_LOOP (name = p->name);
- if (name != NULL)
- ret = 0;
- else
- ret = 1;
- return ret;
+ CIPHER_SUITE_ALG_LOOP(name = p->name);
+ if (name != NULL)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
@@ -1277,47 +1276,63 @@ _gnutls_cipher_suite_is_ok (const uint8_t suite[2])
*
-*/
int
-_gnutls_supported_ciphersuites (gnutls_session_t session,
- uint8_t *cipher_suites, unsigned int max_cipher_suite_size)
+_gnutls_supported_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ unsigned int max_cipher_suite_size)
{
- unsigned int i, ret_count, j, z, k=0;
- const gnutls_cipher_suite_entry * ce;
- const version_entry_st* version = get_version( session);
- unsigned int is_dtls = IS_DTLS(session);
-
- for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
- for (j = 0; j < session->internals.priorities.cipher.algorithms; j++)
- for (z = 0; z < session->internals.priorities.mac.algorithms; z++)
- {
- ce = cipher_suite_get(session->internals.priorities.kx.priority[i],
- session->internals.priorities.cipher.priority[j],
- session->internals.priorities.mac.priority[z]);
-
- if (ce == NULL) continue;
-
- if (is_dtls == 0 && !(version->id >= ce->min_version))
- continue;
- else if (is_dtls != 0 && !(version->id >= ce->min_dtls_version))
-
- if (k+2 > max_cipher_suite_size)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- memcpy (&cipher_suites[k], ce->id, 2);
- k+=2;
- }
-
- ret_count = k;
-
- /* This function can no longer return 0 cipher suites.
- * It returns an error code instead.
- */
- if (ret_count == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CIPHER_SUITES;
- }
- return ret_count;
+ unsigned int i, ret_count, j, z, k = 0;
+ const gnutls_cipher_suite_entry *ce;
+ const version_entry_st *version = get_version(session);
+ unsigned int is_dtls = IS_DTLS(session);
+
+ for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
+ for (j = 0;
+ j < session->internals.priorities.cipher.algorithms;
+ j++)
+ for (z = 0;
+ z <
+ session->internals.priorities.mac.algorithms;
+ z++) {
+ ce = cipher_suite_get(session->internals.
+ priorities.kx.
+ priority[i],
+ session->internals.
+ priorities.cipher.
+ priority[j],
+ session->internals.
+ priorities.mac.
+ priority[z]);
+
+ if (ce == NULL)
+ continue;
+
+ if (is_dtls == 0
+ && !(version->id >= ce->min_version))
+ continue;
+ else if (is_dtls != 0
+ && !(version->id >=
+ ce->min_dtls_version))
+
+ if (k + 2 > max_cipher_suite_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ memcpy(&cipher_suites[k], ce->id, 2);
+ k += 2;
+ }
+
+ ret_count = k;
+
+ /* This function can no longer return 0 cipher suites.
+ * It returns an error code instead.
+ */
+ if (ret_count == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CIPHER_SUITES;
+ }
+ return ret_count;
}
/**
@@ -1337,32 +1352,37 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
* Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise.
**/
int
-gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache, unsigned int idx, unsigned int *sidx)
+gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
+ unsigned int idx,
+ unsigned int *sidx)
{
-int mac_idx, cipher_idx, kx_idx;
-unsigned int i;
-unsigned int total = pcache->mac.algorithms * pcache->cipher.algorithms * pcache->kx.algorithms;
-
- if (idx >= total)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- mac_idx = idx % pcache->mac.algorithms;
-
- idx /= pcache->mac.algorithms;
- cipher_idx = idx % pcache->cipher.algorithms;
-
- idx /= pcache->cipher.algorithms;
- kx_idx = idx % pcache->kx.algorithms;
-
- for (i=0;i<CIPHER_SUITES_COUNT;i++)
- {
- if (cs_algorithms[i].kx_algorithm == pcache->kx.priority[kx_idx] &&
- cs_algorithms[i].block_algorithm == pcache->cipher.priority[cipher_idx] &&
- cs_algorithms[i].mac_algorithm == pcache->mac.priority[mac_idx])
- {
- *sidx = i;
- return 0;
- }
- }
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ int mac_idx, cipher_idx, kx_idx;
+ unsigned int i;
+ unsigned int total =
+ pcache->mac.algorithms * pcache->cipher.algorithms *
+ pcache->kx.algorithms;
+
+ if (idx >= total)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ mac_idx = idx % pcache->mac.algorithms;
+
+ idx /= pcache->mac.algorithms;
+ cipher_idx = idx % pcache->cipher.algorithms;
+
+ idx /= pcache->cipher.algorithms;
+ kx_idx = idx % pcache->kx.algorithms;
+
+ for (i = 0; i < CIPHER_SUITES_COUNT; i++) {
+ if (cs_algorithms[i].kx_algorithm ==
+ pcache->kx.priority[kx_idx]
+ && cs_algorithms[i].block_algorithm ==
+ pcache->cipher.priority[cipher_idx]
+ && cs_algorithms[i].mac_algorithm ==
+ pcache->mac.priority[mac_idx]) {
+ *sidx = i;
+ return 0;
+ }
+ }
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
}
diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c
index c574036ae9..3aa4000f9d 100644
--- a/lib/algorithms/ecc.c
+++ b/lib/algorithms/ecc.c
@@ -30,42 +30,42 @@
*/
static const gnutls_ecc_curve_entry_st ecc_curves[] = {
- {
- .name = "SECP192R1",
- .oid = "1.2.840.10045.3.1.1",
- .id = GNUTLS_ECC_CURVE_SECP192R1,
- .tls_id = 19,
- .size = 24,
- },
- {
- .name = "SECP224R1",
- .oid = "1.3.132.0.33",
- .id = GNUTLS_ECC_CURVE_SECP224R1,
- .tls_id = 21,
- .size = 28,
- },
- {
- .name = "SECP256R1",
- .oid = "1.2.840.10045.3.1.7",
- .id = GNUTLS_ECC_CURVE_SECP256R1,
- .tls_id = 23,
- .size = 32,
- },
- {
- .name = "SECP384R1",
- .oid = "1.3.132.0.34",
- .id = GNUTLS_ECC_CURVE_SECP384R1,
- .tls_id = 24,
- .size = 48,
- },
- {
- .name = "SECP521R1",
- .oid = "1.3.132.0.35",
- .id = GNUTLS_ECC_CURVE_SECP521R1,
- .tls_id = 25,
- .size = 66,
- },
- {0, 0, 0}
+ {
+ .name = "SECP192R1",
+ .oid = "1.2.840.10045.3.1.1",
+ .id = GNUTLS_ECC_CURVE_SECP192R1,
+ .tls_id = 19,
+ .size = 24,
+ },
+ {
+ .name = "SECP224R1",
+ .oid = "1.3.132.0.33",
+ .id = GNUTLS_ECC_CURVE_SECP224R1,
+ .tls_id = 21,
+ .size = 28,
+ },
+ {
+ .name = "SECP256R1",
+ .oid = "1.2.840.10045.3.1.7",
+ .id = GNUTLS_ECC_CURVE_SECP256R1,
+ .tls_id = 23,
+ .size = 32,
+ },
+ {
+ .name = "SECP384R1",
+ .oid = "1.3.132.0.34",
+ .id = GNUTLS_ECC_CURVE_SECP384R1,
+ .tls_id = 24,
+ .size = 48,
+ },
+ {
+ .name = "SECP521R1",
+ .oid = "1.3.132.0.35",
+ .id = GNUTLS_ECC_CURVE_SECP521R1,
+ .tls_id = 25,
+ .size = 66,
+ },
+ {0, 0, 0}
};
#define GNUTLS_ECC_CURVE_LOOP(b) \
@@ -75,20 +75,15 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
/* Returns the TLS id of the given curve
*/
-int
-_gnutls_tls_id_to_ecc_curve (int num)
+int _gnutls_tls_id_to_ecc_curve(int num)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
-
- GNUTLS_ECC_CURVE_LOOP (
- if (p->tls_id == num)
- {
- ret = p->id;
- break;
- }
- );
-
- return ret;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+
+ GNUTLS_ECC_CURVE_LOOP(if (p->tls_id == num) {
+ ret = p->id; break;}
+ );
+
+ return ret;
}
/**
@@ -101,41 +96,35 @@ _gnutls_tls_id_to_ecc_curve (int num)
* Returns: Return a (0)-terminated list of #gnutls_ecc_curve_t
* integers indicating the available curves.
**/
-const gnutls_ecc_curve_t *
-gnutls_ecc_curve_list (void)
+const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void)
{
-static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
+ static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
- if (supported_curves[0] == 0)
- {
- int i = 0;
+ if (supported_curves[0] == 0) {
+ int i = 0;
- GNUTLS_ECC_CURVE_LOOP (
- supported_curves[i++]=p->id;
- );
- supported_curves[i++]=0;
- }
+ GNUTLS_ECC_CURVE_LOOP(supported_curves[i++] = p->id;);
+ supported_curves[i++] = 0;
+ }
- return supported_curves;
+ return supported_curves;
}
/* Maps numbers to TLS NamedCurve IDs (RFC4492).
* Returns a negative number on error.
*/
-int
-_gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc)
+int _gnutls_ecc_curve_get_tls_id(gnutls_ecc_curve_t supported_ecc)
{
- int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-
- GNUTLS_ECC_CURVE_LOOP (
- if (p->id == supported_ecc)
- {
- ret = p->tls_id;
- break;
- }
- );
-
- return ret;
+ int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == supported_ecc) {
+ ret = p->tls_id;
+ break;
+ }
+ );
+
+ return ret;
}
/*-
@@ -145,19 +134,18 @@ _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified OID, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid)
+gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve(const char *oid)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
- GNUTLS_ECC_CURVE_LOOP (
- if (strcasecmp (p->oid, oid) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (strcasecmp(p->oid, oid) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -169,20 +157,18 @@ gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified curve, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t
-_gnutls_ecc_curve_get_id (const char *name)
+gnutls_ecc_curve_t _gnutls_ecc_curve_get_id(const char *name)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
- GNUTLS_ECC_CURVE_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -192,20 +178,18 @@ _gnutls_ecc_curve_get_id (const char *name)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified bit length, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t
-_gnutls_ecc_bits_to_curve (int bits)
+gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(int bits)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1;
- GNUTLS_ECC_CURVE_LOOP (
- if (8*p->size >= bits)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (8 * p->size >= bits) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -219,20 +203,18 @@ _gnutls_ecc_bits_to_curve (int bits)
*
* Since: 3.0
**/
-const char *
-gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve)
+const char *gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -244,20 +226,18 @@ gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve)
* Returns: a string that contains the name of the specified
* curve or %NULL.
-*/
-const char *
-_gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve)
+const char *_gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->oid;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->oid;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -268,20 +248,19 @@ _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve)
*
* Returns: a pointer to #gnutls_ecc_curve_entry_st or %NULL.
-*/
-const gnutls_ecc_curve_entry_st *
-_gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve)
+const gnutls_ecc_curve_entry_st
+ *_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve)
{
- const gnutls_ecc_curve_entry_st *ret = NULL;
+ const gnutls_ecc_curve_entry_st *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -294,17 +273,16 @@ _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve)
*
* Since: 3.0
**/
-int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve)
+int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve)
{
- int ret = 0;
+ int ret = 0;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->size;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->size;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c
index eb7e11ac78..3fa8a317e0 100644
--- a/lib/algorithms/kx.c
+++ b/lib/algorithms/kx.c
@@ -46,30 +46,33 @@ extern mod_auth_st srp_dss_auth_struct;
* FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
* more than one credentials type.
*/
-typedef struct
-{
- gnutls_kx_algorithm_t algorithm;
- gnutls_credentials_type_t client_type;
- gnutls_credentials_type_t server_type; /* The type of credentials a server
- * needs to set */
+typedef struct {
+ gnutls_kx_algorithm_t algorithm;
+ gnutls_credentials_type_t client_type;
+ gnutls_credentials_type_t server_type; /* The type of credentials a server
+ * needs to set */
} gnutls_cred_map;
static const gnutls_cred_map cred_mappings[] = {
- {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
- {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
- {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
- {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
- {0, 0, 0}
+ {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
+ {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
+ {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {0, 0, 0}
};
#define GNUTLS_KX_MAP_LOOP(b) \
@@ -79,48 +82,48 @@ static const gnutls_cred_map cred_mappings[] = {
#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
-struct gnutls_kx_algo_entry
-{
- const char *name;
- gnutls_kx_algorithm_t algorithm;
- mod_auth_st *auth_struct;
- int needs_dh_params;
+struct gnutls_kx_algo_entry {
+ const char *name;
+ gnutls_kx_algorithm_t algorithm;
+ mod_auth_st *auth_struct;
+ int needs_dh_params;
};
typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
#if defined(ENABLE_ANON) && defined(ENABLE_DHE)
- {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1},
+ {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1},
#endif
#if defined(ENABLE_ANON) && defined(ENABLE_ECDHE)
- {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0},
+ {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0},
#endif
- {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct},
+ {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct},
#ifdef ENABLE_DHE
- {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
- {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
+ {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
+ {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
#endif
#ifdef ENABLE_ECDHE
- {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
- {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0},
+ {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
+ {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct,
+ 0},
#endif
#ifdef ENABLE_SRP
- {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0},
- {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0},
- {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0},
+ {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0},
+ {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0},
+ {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0},
#endif
#ifdef ENABLE_PSK
- {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0},
- {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0},
-# ifdef ENABLE_DHE
- {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
- 1 /* needs DHE params */},
-# endif
-# ifdef ENABLE_ECDHE
- {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
-# endif
+ {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0},
+ {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0},
+#ifdef ENABLE_DHE
+ {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
+ 1 /* needs DHE params */ },
+#endif
+#ifdef ENABLE_ECDHE
+ {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
#endif
- {0, 0, 0, 0}
+#endif
+ {0, 0, 0, 0}
};
#define GNUTLS_KX_LOOP(b) \
@@ -132,26 +135,25 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
/* Key EXCHANGE functions */
-mod_auth_st *
-_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm)
+mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm_t algorithm)
{
- mod_auth_st *ret = NULL;
- GNUTLS_KX_ALG_LOOP (ret = p->auth_struct);
- return ret;
+ mod_auth_st *ret = NULL;
+ GNUTLS_KX_ALG_LOOP(ret = p->auth_struct);
+ return ret;
}
int
-_gnutls_kx_priority (gnutls_session_t session,
- gnutls_kx_algorithm_t algorithm)
+_gnutls_kx_priority(gnutls_session_t session,
+ gnutls_kx_algorithm_t algorithm)
{
- unsigned int i;
- for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
- {
- if (session->internals.priorities.kx.priority[i] == algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.kx.algorithms; i++) {
+ if (session->internals.priorities.kx.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -163,15 +165,14 @@ _gnutls_kx_priority (gnutls_session_t session,
* Returns: a pointer to a string that contains the name of the
* specified key exchange algorithm, or %NULL.
**/
-const char *
-gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
+const char *gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_KX_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_KX_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -184,20 +185,18 @@ gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
* Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
* on error.
**/
-gnutls_kx_algorithm_t
-gnutls_kx_get_id (const char *name)
+gnutls_kx_algorithm_t gnutls_kx_get_id(const char *name)
{
- gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN;
+ gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN;
- GNUTLS_KX_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->algorithm;
- break;
- }
- );
+ GNUTLS_KX_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->algorithm;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -210,77 +209,66 @@ gnutls_kx_get_id (const char *name)
* Returns: a (0)-terminated list of #gnutls_kx_algorithm_t integers
* indicating the available key exchange algorithms.
**/
-const gnutls_kx_algorithm_t *
-gnutls_kx_list (void)
+const gnutls_kx_algorithm_t *gnutls_kx_list(void)
{
-static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = {0};
+ static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = { 0 };
- if (supported_kxs[0] == 0)
- {
- int i = 0;
+ if (supported_kxs[0] == 0) {
+ int i = 0;
- GNUTLS_KX_LOOP (supported_kxs[i++]=p->algorithm);
- supported_kxs[i++]=0;
- }
+ GNUTLS_KX_LOOP(supported_kxs[i++] = p->algorithm);
+ supported_kxs[i++] = 0;
+ }
- return supported_kxs;
+ return supported_kxs;
}
-int
-_gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm)
+int _gnutls_kx_is_ok(gnutls_kx_algorithm_t algorithm)
{
- ssize_t ret = -1;
- GNUTLS_KX_ALG_LOOP (ret = p->algorithm);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_KX_ALG_LOOP(ret = p->algorithm);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
-int
-_gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm)
+int _gnutls_kx_needs_dh_params(gnutls_kx_algorithm_t algorithm)
{
- ssize_t ret = 0;
- GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params);
- return ret;
+ ssize_t ret = 0;
+ GNUTLS_KX_ALG_LOOP(ret = p->needs_dh_params);
+ return ret;
}
/* Type to KX mappings */
gnutls_kx_algorithm_t
-_gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server)
+_gnutls_map_kx_get_kx(gnutls_credentials_type_t type, int server)
{
- gnutls_kx_algorithm_t ret = -1;
-
- if (server)
- {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
- }
- else
- {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
- }
- return ret;
+ gnutls_kx_algorithm_t ret = -1;
+
+ if (server) {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
+ } else {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
+ }
+ return ret;
}
/* Returns the credentials type required for this
* Key exchange method.
*/
gnutls_credentials_type_t
-_gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server)
+_gnutls_map_kx_get_cred(gnutls_kx_algorithm_t algorithm, int server)
{
- gnutls_credentials_type_t ret = -1;
- if (server)
- {
- GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
- p->server_type);
- }
- else
- {
- GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
- p->client_type);
- }
-
- return ret;
+ gnutls_credentials_type_t ret = -1;
+ if (server) {
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret =
+ p->server_type);
+ } else {
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret =
+ p->client_type);
+ }
+
+ return ret;
}
-
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index a2fc83688d..595eab348e 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -26,19 +26,24 @@
#include <x509/common.h>
static const mac_entry_st hash_algorithms[] = {
- {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64},
- {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64},
- {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1, 64},
- {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1, 64},
- {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1, 64},
- {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1, 64},
- {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
- {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0},
- {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0},
- {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */
- {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1, 64},
- {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0, 0}
+ {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64},
+ {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64},
+ {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1,
+ 64},
+ {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1,
+ 64},
+ {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1,
+ 64},
+ {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1,
+ 64},
+ {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
+ {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0},
+ {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0},
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */
+ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1,
+ 64},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0}
};
@@ -49,24 +54,24 @@ static const mac_entry_st hash_algorithms[] = {
#define GNUTLS_HASH_ALG_LOOP(a) \
GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
-const mac_entry_st* mac_to_entry(gnutls_mac_algorithm_t c)
+const mac_entry_st *mac_to_entry(gnutls_mac_algorithm_t c)
{
- GNUTLS_HASH_LOOP (if (c==p->id) return p);
+ GNUTLS_HASH_LOOP(if (c == p->id) return p);
- return NULL;
+ return NULL;
}
int
-_gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm)
-{ /* actually returns the priority */
- unsigned int i;
- for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
- {
- if (session->internals.priorities.mac.priority[i] == algorithm)
- return i;
- }
- return -1;
+_gnutls_mac_priority(gnutls_session_t session,
+ gnutls_mac_algorithm_t algorithm)
+{ /* actually returns the priority */
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.mac.algorithms; i++) {
+ if (session->internals.priorities.mac.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -78,15 +83,14 @@ _gnutls_mac_priority (gnutls_session_t session,
* Returns: a string that contains the name of the specified MAC
* algorithm, or %NULL.
**/
-const char *
-gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
+const char *gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -98,20 +102,18 @@ gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
* Returns: a string that contains the name of the specified digest
* algorithm, or %NULL.
**/
-const char *
-gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm)
+const char *gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_HASH_LOOP (
- if (algorithm == (unsigned)p->id && p->oid != NULL)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (algorithm == (unsigned) p->id && p->oid != NULL) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -124,20 +126,18 @@ gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm)
* Returns: a #gnutls_digest_algorithm_t id of the specified MAC
* algorithm string, or %GNUTLS_DIG_UNKNOWN on failures.
**/
-gnutls_digest_algorithm_t
-gnutls_digest_get_id (const char *name)
+gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name)
{
- gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+ gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
- GNUTLS_HASH_LOOP (
- if (p->oid != NULL && strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (p->oid != NULL && strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -150,20 +150,18 @@ gnutls_digest_get_id (const char *name)
* Returns: a #gnutls_mac_algorithm_t id of the specified MAC
* algorithm string, or %GNUTLS_MAC_UNKNOWN on failures.
**/
-gnutls_mac_algorithm_t
-gnutls_mac_get_id (const char *name)
+gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name)
{
- gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
+ gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
- GNUTLS_HASH_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -175,15 +173,14 @@ gnutls_mac_get_id (const char *name)
* Returns: length (in bytes) of the given MAC key size, or 0 if the
* given MAC algorithm is invalid.
**/
-size_t
-gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
+size_t gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm)
{
- size_t ret = 0;
+ size_t ret = 0;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->key_size);
- return ret;
+ return ret;
}
/**
@@ -196,15 +193,14 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
*
* Since: 3.2.0
**/
-size_t
-gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm)
+size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm)
{
- size_t ret = 0;
+ size_t ret = 0;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->nonce_size);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->nonce_size);
- return ret;
+ return ret;
}
/**
@@ -217,23 +213,21 @@ gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm)
* Returns: Return a (0)-terminated list of #gnutls_mac_algorithm_t
* integers indicating the available MACs.
**/
-const gnutls_mac_algorithm_t *
-gnutls_mac_list (void)
+const gnutls_mac_algorithm_t *gnutls_mac_list(void)
{
-static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
+ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
- if (supported_macs[0] == 0)
- {
- int i = 0;
+ if (supported_macs[0] == 0) {
+ int i = 0;
- GNUTLS_HASH_LOOP (
- if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
- supported_macs[i++]=p->id;
- );
- supported_macs[i++]=0;
- }
+ GNUTLS_HASH_LOOP(
+ if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
+ supported_macs[i++] = p->id;
+ );
+ supported_macs[i++] = 0;
+ }
- return supported_macs;
+ return supported_macs;
}
/**
@@ -246,39 +240,39 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
* Returns: Return a (0)-terminated list of #gnutls_digest_algorithm_t
* integers indicating the available digests.
**/
-const gnutls_digest_algorithm_t *
-gnutls_digest_list (void)
+const gnutls_digest_algorithm_t *gnutls_digest_list(void)
{
-static gnutls_digest_algorithm_t supported_digests[MAX_ALGOS] = { 0 };
-
- if (supported_digests[0] == 0)
- {
- int i = 0;
-
- GNUTLS_HASH_LOOP (
- if (p->oid != NULL && (p->placeholder != 0 || _gnutls_mac_exists(p->id)))
- supported_digests[i++]=p->id;
- );
- supported_digests[i++]=0;
- }
-
- return supported_digests;
+ static gnutls_digest_algorithm_t supported_digests[MAX_ALGOS] =
+ { 0 };
+
+ if (supported_digests[0] == 0) {
+ int i = 0;
+
+ GNUTLS_HASH_LOOP(
+ if (p->oid != NULL && (p->placeholder != 0 ||
+ _gnutls_mac_exists(p->id))) {
+
+ supported_digests[i++] = p->id;
+ }
+ );
+ supported_digests[i++] = 0;
+ }
+
+ return supported_digests;
}
-gnutls_digest_algorithm_t
-_gnutls_x509_oid_to_digest (const char *oid)
+gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest(const char *oid)
{
- gnutls_digest_algorithm_t ret = 0;
-
- GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = (gnutls_digest_algorithm_t)p->id;
- break;
- }
- );
-
- if (ret == 0)
- return GNUTLS_DIG_UNKNOWN;
- return ret;
+ gnutls_digest_algorithm_t ret = 0;
+
+ GNUTLS_HASH_LOOP(
+ if (p->oid && strcmp(oid, p->oid) == 0) {
+ ret = (gnutls_digest_algorithm_t) p->id;
+ break;
+ }
+ );
+
+ if (ret == 0)
+ return GNUTLS_DIG_UNKNOWN;
+ return ret;
}
-
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index 1f7a15804d..1ad022013e 100644
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -27,14 +27,14 @@
/* TLS Versions */
static const version_entry_st sup_versions[] = {
- {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1, 0, 0, 0, 0},
- {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1, 0, 1, 0, 0},
- {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1, 1, 1, 0, 0},
- {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1, 1, 1, 1, 1},
- {"DTLS0.9", GNUTLS_DTLS0_9, 1, 0, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
- {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* 1.1 over datagram */
- {"DTLS1.2", GNUTLS_DTLS1_2, 254, 253, GNUTLS_DGRAM, 1, 1, 1, 1, 1}, /* 1.2 over datagram */
- {0, 0, 0, 0, 0}
+ {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1, 0, 0, 0, 0},
+ {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1, 0, 1, 0, 0},
+ {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1, 1, 1, 0, 0},
+ {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1, 1, 1, 1, 1},
+ {"DTLS0.9", GNUTLS_DTLS0_9, 1, 0, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
+ {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* 1.1 over datagram */
+ {"DTLS1.2", GNUTLS_DTLS1_2, 254, 253, GNUTLS_DGRAM, 1, 1, 1, 1, 1}, /* 1.2 over datagram */
+ {0, 0, 0, 0, 0}
};
#define GNUTLS_VERSION_LOOP(b) \
@@ -44,68 +44,71 @@ static const version_entry_st sup_versions[] = {
#define GNUTLS_VERSION_ALG_LOOP(a) \
GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
-const version_entry_st* version_to_entry(gnutls_protocol_t version)
+const version_entry_st *version_to_entry(gnutls_protocol_t version)
{
- GNUTLS_VERSION_ALG_LOOP (return p);
- return NULL;
+ GNUTLS_VERSION_ALG_LOOP(return p);
+ return NULL;
}
/* Return the priority of the provided version number */
int
-_gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
+_gnutls_version_priority(gnutls_session_t session,
+ gnutls_protocol_t version)
{
- unsigned int i;
-
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- if (session->internals.priorities.protocol.priority[i] == version)
- return i;
- }
- return -1;
+ unsigned int i;
+
+ for (i = 0; i < session->internals.priorities.protocol.algorithms;
+ i++) {
+ if (session->internals.priorities.protocol.priority[i] ==
+ version)
+ return i;
+ }
+ return -1;
}
/* Returns the lowest TLS version number in the priorities.
*/
-gnutls_protocol_t
-_gnutls_version_lowest (gnutls_session_t session)
+gnutls_protocol_t _gnutls_version_lowest(gnutls_session_t session)
{
- unsigned int i, min = 0xff;
- gnutls_protocol_t cur_prot;
+ unsigned int i, min = 0xff;
+ gnutls_protocol_t cur_prot;
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- cur_prot = session->internals.priorities.protocol.priority[i];
+ for (i=0;i< session->internals.priorities.protocol.algorithms;i++) {
+ cur_prot =
+ session->internals.priorities.protocol.priority[i];
- if (cur_prot < min && _gnutls_version_is_supported(session, cur_prot))
- min = cur_prot;
- }
+ if (cur_prot < min
+ && _gnutls_version_is_supported(session, cur_prot))
+ min = cur_prot;
+ }
- if (min == 0xff)
- return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+ if (min == 0xff)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
- return min;
+ return min;
}
/* Returns the maximum version in the priorities
*/
-gnutls_protocol_t
-_gnutls_version_max (gnutls_session_t session)
+gnutls_protocol_t _gnutls_version_max(gnutls_session_t session)
{
- unsigned int i, max = 0x00;
- gnutls_protocol_t cur_prot;
+ unsigned int i, max = 0x00;
+ gnutls_protocol_t cur_prot;
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- cur_prot = session->internals.priorities.protocol.priority[i];
+ for (i = 0; i < session->internals.priorities.protocol.algorithms;
+ i++) {
+ cur_prot =
+ session->internals.priorities.protocol.priority[i];
- if (cur_prot > max && _gnutls_version_is_supported(session, cur_prot))
- max = cur_prot;
- }
+ if (cur_prot > max
+ && _gnutls_version_is_supported(session, cur_prot))
+ max = cur_prot;
+ }
- if (max == 0x00)
- return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+ if (max == 0x00)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
- return max;
+ return max;
}
@@ -118,14 +121,13 @@ _gnutls_version_max (gnutls_session_t session)
* Returns: a string that contains the name of the specified TLS
* version (e.g., "TLS1.0"), or %NULL.
**/
-const char *
-gnutls_protocol_get_name (gnutls_protocol_t version)
+const char *gnutls_protocol_get_name(gnutls_protocol_t version)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_VERSION_ALG_LOOP (ret = p->name);
- return ret;
+ /* avoid prefix */
+ GNUTLS_VERSION_ALG_LOOP(ret = p->name);
+ return ret;
}
/**
@@ -137,20 +139,18 @@ gnutls_protocol_get_name (gnutls_protocol_t version)
* Returns: an id of the specified protocol, or
* %GNUTLS_VERSION_UNKNOWN on error.
**/
-gnutls_protocol_t
-gnutls_protocol_get_id (const char *name)
+gnutls_protocol_t gnutls_protocol_get_id(const char *name)
{
- gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
+ gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
- GNUTLS_VERSION_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_VERSION_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -164,50 +164,50 @@ gnutls_protocol_get_id (const char *name)
* indicating the available protocols.
*
**/
-const gnutls_protocol_t *
-gnutls_protocol_list (void)
+const gnutls_protocol_t *gnutls_protocol_list(void)
{
-static gnutls_protocol_t supported_protocols[MAX_ALGOS] = {0};
+ static gnutls_protocol_t supported_protocols[MAX_ALGOS] = { 0 };
- if (supported_protocols[0] == 0)
- {
- int i = 0;
+ if (supported_protocols[0] == 0) {
+ int i = 0;
- GNUTLS_VERSION_LOOP (supported_protocols[i++]=p->id);
- supported_protocols[i++]=0;
- }
+ GNUTLS_VERSION_LOOP(supported_protocols[i++] = p->id);
+ supported_protocols[i++] = 0;
+ }
- return supported_protocols;
+ return supported_protocols;
}
/* Returns a version number given the major and minor numbers.
*/
-gnutls_protocol_t
-_gnutls_version_get (uint8_t major, uint8_t minor)
+gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor)
{
- int ret = -1;
+ int ret = -1;
- GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
- ret = p->id);
- return ret;
+ GNUTLS_VERSION_LOOP(
+ if ((p->major == major) && (p->minor == minor))
+ ret = p->id
+ );
+ return ret;
}
/* Version Functions */
int
-_gnutls_version_is_supported (gnutls_session_t session,
- const gnutls_protocol_t version)
+_gnutls_version_is_supported(gnutls_session_t session,
+ const gnutls_protocol_t version)
{
- int ret = 0;
+ int ret = 0;
- GNUTLS_VERSION_ALG_LOOP (ret = p->supported && p->transport == session->internals.transport);
+ GNUTLS_VERSION_ALG_LOOP(
+ ret = p->supported && p->transport == session->internals.transport
+ );
- if (ret == 0)
- return 0;
+ if (ret == 0)
+ return 0;
- if (_gnutls_version_priority (session, version) < 0)
- return 0; /* disabled by the user */
- else
- return 1;
+ if (_gnutls_version_priority(session, version) < 0)
+ return 0; /* disabled by the user */
+ else
+ return 1;
}
-
diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c
index f504c7b72f..59738d6ccf 100644
--- a/lib/algorithms/publickey.c
+++ b/lib/algorithms/publickey.c
@@ -27,17 +27,16 @@
/* KX mappings to PK algorithms */
-typedef struct
-{
- gnutls_kx_algorithm_t kx_algorithm;
- gnutls_pk_algorithm_t pk_algorithm;
- enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
- * for encryption, CIPHER_SIGN if signature only,
- * CIPHER_IGN if this does not apply at all.
- *
- * This is useful to certificate cipher suites, which check
- * against the certificate key usage bits.
- */
+typedef struct {
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_pk_algorithm_t pk_algorithm;
+ enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
+ * for encryption, CIPHER_SIGN if signature only,
+ * CIPHER_IGN if this does not apply at all.
+ *
+ * This is useful to certificate cipher suites, which check
+ * against the certificate key usage bits.
+ */
} gnutls_pk_map;
/* This table maps the Key exchange algorithms to
@@ -46,15 +45,15 @@ typedef struct
* use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
*/
static const gnutls_pk_map pk_mappings[] = {
- {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
- {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
- {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
- {0, 0, 0}
+ {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
+ {0, 0, 0}
};
#define GNUTLS_PK_MAP_LOOP(b) \
@@ -69,37 +68,36 @@ static const gnutls_pk_map pk_mappings[] = {
* the given gnutls_kx_algorithm_t.
*/
gnutls_pk_algorithm_t
-_gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm)
+_gnutls_map_pk_get_pk(gnutls_kx_algorithm_t kx_algorithm)
{
- gnutls_pk_algorithm_t ret = -1;
+ gnutls_pk_algorithm_t ret = -1;
- GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret;
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm) return ret;
}
/* pk algorithms;
*/
-struct gnutls_pk_entry
-{
- const char *name;
- const char *oid;
- gnutls_pk_algorithm_t id;
+struct gnutls_pk_entry {
+ const char *name;
+ const char *oid;
+ gnutls_pk_algorithm_t id;
};
typedef struct gnutls_pk_entry gnutls_pk_entry;
static const gnutls_pk_entry pk_algorithms[] = {
- /* having duplicate entries is ok, as long as the one
- * we want to return OID from is first */
- {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
- {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
- {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
- {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
- {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
- {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
- {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
- {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
- {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
- {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
- {0, 0, 0}
+ /* having duplicate entries is ok, as long as the one
+ * we want to return OID from is first */
+ {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
+ {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
+ {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
+ {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
+ {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
+ {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
+ {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
+ {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
+ {0, 0, 0}
};
#define GNUTLS_PK_LOOP(b) \
@@ -116,20 +114,18 @@ static const gnutls_pk_entry pk_algorithms[] = {
* Returns: a string that contains the name of the specified public
* key algorithm, or %NULL.
**/
-const char *
-gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
+const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_PK_LOOP(
- if (p->id == algorithm)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_PK_LOOP(
+ if (p->id == algorithm) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -144,20 +140,21 @@ gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
*
* Since: 2.6.0
**/
-const gnutls_pk_algorithm_t *
-gnutls_pk_list (void)
+const gnutls_pk_algorithm_t *gnutls_pk_list(void)
{
-static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0};
+ static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = { 0 };
- if (supported_pks[0] == 0)
- {
- int i = 0;
+ if (supported_pks[0] == 0) {
+ int i = 0;
- GNUTLS_PK_LOOP (if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i>0?(i-1):0]!=p->id) supported_pks[i++]=p->id);
- supported_pks[i++]=0;
- }
+ GNUTLS_PK_LOOP(
+ if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i > 0 ? (i - 1) : 0] != p->id)
+ supported_pks[i++] = p->id
+ );
+ supported_pks[i++] = 0;
+ }
- return supported_pks;
+ return supported_pks;
}
/**
@@ -173,20 +170,18 @@ static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0};
*
* Since: 2.6.0
**/
-gnutls_pk_algorithm_t
-gnutls_pk_get_id (const char *name)
+gnutls_pk_algorithm_t gnutls_pk_get_id(const char *name)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- const gnutls_pk_entry *p;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (name && strcmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (name && strcmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
- return ret;
+ return ret;
}
/**
@@ -200,52 +195,46 @@ gnutls_pk_get_id (const char *name)
*
* Since: 2.6.0
**/
-const char *
-gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm)
+const char *gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = "Unknown";
- const gnutls_pk_entry *p;
+ const char *ret = "Unknown";
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (algorithm == p->id)
- {
- ret = p->name;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (algorithm == p->id) {
+ ret = p->name;
+ break;
+ }
- return ret;
+ return ret;
}
-gnutls_pk_algorithm_t
-_gnutls_x509_oid2pk_algorithm (const char *oid)
+gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm(const char *oid)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- const gnutls_pk_entry *p;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (p->oid && strcmp (p->oid, oid) == 0)
- {
- ret = p->id;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->oid && strcmp(p->oid, oid) == 0) {
+ ret = p->id;
+ break;
+ }
- return ret;
+ return ret;
}
-const char *
-_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
+const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = NULL;
- const gnutls_pk_entry *p;
+ const char *ret = NULL;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (p->id == algorithm)
- {
- ret = p->oid;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->id == algorithm) {
+ ret = p->oid;
+ break;
+ }
- return ret;
+ return ret;
}
/* Returns the encipher type for the given key exchange algorithm.
@@ -254,10 +243,11 @@ _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
* ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
*/
enum encipher_type
-_gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm)
+_gnutls_kx_encipher_type(gnutls_kx_algorithm_t kx_algorithm)
{
- int ret = CIPHER_IGN;
- GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret;
+ int ret = CIPHER_IGN;
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type)
-}
+ return ret;
+}
diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c
index 36a1ebfa64..2dc04b7256 100644
--- a/lib/algorithms/secparams.c
+++ b/lib/algorithms/secparams.c
@@ -25,30 +25,29 @@
#include <gnutls_errors.h>
#include <x509/common.h>
-typedef struct
-{
- const char *name;
- gnutls_sec_param_t sec_param;
- unsigned int bits; /* security level */
- unsigned int pk_bits; /* DH, RSA, SRP */
- unsigned int dsa_bits; /* bits for DSA. Handled differently since
- * choice of key size in DSA is political.
- */
- unsigned int subgroup_bits; /* subgroup bits */
- unsigned int ecc_bits; /* bits for ECC keys */
+typedef struct {
+ const char *name;
+ gnutls_sec_param_t sec_param;
+ unsigned int bits; /* security level */
+ unsigned int pk_bits; /* DH, RSA, SRP */
+ unsigned int dsa_bits; /* bits for DSA. Handled differently since
+ * choice of key size in DSA is political.
+ */
+ unsigned int subgroup_bits; /* subgroup bits */
+ unsigned int ecc_bits; /* bits for ECC keys */
} gnutls_sec_params_entry;
static const gnutls_sec_params_entry sec_params[] = {
- {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
- {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 150, 0},
- {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0},
- {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
- {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
- {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
- {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
- {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
- {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
- {NULL, 0, 0, 0, 0, 0}
+ {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
+ {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 150, 0},
+ {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0},
+ {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
+ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
+ {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
+ {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
+ {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
+ {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
+ {NULL, 0, 0, 0, 0, 0}
};
#define GNUTLS_SEC_PARAM_LOOP(b) \
@@ -71,41 +70,40 @@ static const gnutls_sec_params_entry sec_params[] = {
* Since: 2.12.0
**/
unsigned int
-gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
- gnutls_sec_param_t param)
+gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
+ gnutls_sec_param_t param)
{
- unsigned int ret = 0;
-
- /* handle DSA differently */
- GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- if (algo == GNUTLS_PK_DSA)
- ret = p->dsa_bits;
- else if (algo == GNUTLS_PK_EC)
- ret = p->ecc_bits;
- else
- ret = p->pk_bits;
- break;
- }
- );
- return ret;
+ unsigned int ret = 0;
+
+ /* handle DSA differently */
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->sec_param == param) {
+ if (algo == GNUTLS_PK_DSA)
+ ret = p->dsa_bits;
+ else if (algo == GNUTLS_PK_EC)
+ ret = p->ecc_bits;
+ else
+ ret = p->pk_bits; break;
+ }
+ );
+ return ret;
}
/* Returns the corresponding size for subgroup bits (q),
* given the group bits (p).
*/
-unsigned int
-_gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
+unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits)
{
- unsigned int ret = 0;
+ unsigned int ret = 0;
- GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits)
- {
- ret = p->subgroup_bits; break;
- }
- );
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->pk_bits >= pk_bits) {
+ ret = p->subgroup_bits;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -119,18 +117,18 @@ _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
*
* Since: 2.12.0
**/
-const char *
-gnutls_sec_param_get_name (gnutls_sec_param_t param)
+const char *gnutls_sec_param_get_name(gnutls_sec_param_t param)
{
- const char *ret = "Unknown";
+ const char *ret = "Unknown";
- GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- ret = p->name; break;
- }
- );
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->sec_param == param) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -147,29 +145,28 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param)
* Since: 2.12.0
**/
gnutls_sec_param_t
-gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits)
+gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo, unsigned int bits)
{
- gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_INSECURE;
-
- if (bits == 0)
- return GNUTLS_SEC_PARAM_UNKNOWN;
-
- if (algo == GNUTLS_PK_EC)
- {
- GNUTLS_SEC_PARAM_LOOP (if (p->ecc_bits > bits)
- {
- break;
- }
- ret = p->sec_param;);
- }
- else
- {
- GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits)
- {
- break;
- }
- ret = p->sec_param;);
- }
-
- return ret;
+ gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_INSECURE;
+
+ if (bits == 0)
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+
+ if (algo == GNUTLS_PK_EC) {
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->ecc_bits > bits) {
+ break;
+ }
+ ret = p->sec_param;
+ );
+ } else {
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->pk_bits > bits) {
+ break;
+ }
+ ret = p->sec_param;
+ );
+ }
+
+ return ret;
}
diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 29348e9baa..04f2645a4b 100644
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -27,16 +27,15 @@
/* signature algorithms;
*/
-struct gnutls_sign_entry
-{
- const char *name;
- const char *oid;
- gnutls_sign_algorithm_t id;
- gnutls_pk_algorithm_t pk;
- gnutls_digest_algorithm_t mac;
- /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
- for values to use in aid struct. */
- const sign_algorithm_st aid;
+struct gnutls_sign_entry {
+ const char *name;
+ const char *oid;
+ gnutls_sign_algorithm_t id;
+ gnutls_pk_algorithm_t pk;
+ gnutls_digest_algorithm_t mac;
+ /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
+ for values to use in aid struct. */
+ const sign_algorithm_st aid;
};
typedef struct gnutls_sign_entry gnutls_sign_entry;
@@ -44,43 +43,57 @@ typedef struct gnutls_sign_entry gnutls_sign_entry;
static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN;
static const gnutls_sign_entry sign_algorithms[] = {
- {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA1, {2, 1}},
- {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA1, {2, 1}},
- {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA224, {3, 1}},
- {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA256, {4, 1}},
- {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA384, {5, 1}},
- {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA512, {6, 1}},
- {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
- GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN},
- {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA1, {2, 2}},
- {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA1, {2, 2}},
- {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA224, {3, 2}},
- {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA256, {4, 2}},
- {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD5, {1, 1}},
- {"RSA-MD5", "1.3.14.3.2.25", GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD5, {1, 1}},
- {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN},
- {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1, GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}},
- {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224, GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}},
- {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}},
- {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}},
- {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}},
- {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
- TLS_SIGN_AID_UNKNOWN},
- {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN},
- {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
+ {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA1, {2, 1}},
+ {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA1, {2, 1}},
+ {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA224, {3, 1}},
+ {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA256, {4, 1}},
+ {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA384, {5, 1}},
+ {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA512, {6, 1}},
+ {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN},
+ {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA1, {2, 2}},
+ {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA1, {2, 2}},
+ {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224,
+ GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA224, {3, 2}},
+ {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA256, {4, 2}},
+ {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD5, {1, 1}},
+ {"RSA-MD5", "1.3.14.3.2.25", GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD5, {1, 1}},
+ {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN},
+ {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}},
+ {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}},
+ {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}},
+ {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}},
+ {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}},
+ {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
+ TLS_SIGN_AID_UNKNOWN},
+ {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0,
+ TLS_SIGN_AID_UNKNOWN},
+ {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
};
#define GNUTLS_SIGN_LOOP(b) \
@@ -101,16 +114,15 @@ static const gnutls_sign_entry sign_algorithms[] = {
* Returns: a string that contains the name of the specified sign
* algorithm, or %NULL.
**/
-const char *
-gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
+const char *gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm)
{
- gnutls_sign_algorithm_t sign = algorithm;
- const char *ret = NULL;
+ gnutls_sign_algorithm_t sign = algorithm;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_SIGN_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -119,19 +131,18 @@ gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
*
* Returns: Non-zero if the provided signature algorithm is considered to be secure.
**/
-int
-gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
+int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm)
{
- gnutls_sign_algorithm_t sign = algorithm;
- gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN;
+ gnutls_sign_algorithm_t sign = algorithm;
+ gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN;
+
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP(dig = p->mac);
- /* avoid prefix */
- GNUTLS_SIGN_ALG_LOOP (dig = p->mac);
-
- if (dig != GNUTLS_DIG_UNKNOWN)
- return _gnutls_digest_is_secure(mac_to_entry(dig));
+ if (dig != GNUTLS_DIG_UNKNOWN)
+ return _gnutls_digest_is_secure(mac_to_entry(dig));
- return 0;
+ return 0;
}
/**
@@ -143,20 +154,18 @@ gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
* integers indicating the available ciphers.
*
**/
-const gnutls_sign_algorithm_t *
-gnutls_sign_list (void)
+const gnutls_sign_algorithm_t *gnutls_sign_list(void)
{
-static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0};
+ static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = { 0 };
- if (supported_sign[0] == 0)
- {
- int i = 0;
+ if (supported_sign[0] == 0) {
+ int i = 0;
- GNUTLS_SIGN_LOOP (supported_sign[i++]=p->id);
- supported_sign[i++]=0;
- }
+ GNUTLS_SIGN_LOOP(supported_sign[i++] = p->id);
+ supported_sign[i++] = 0;
+ }
- return supported_sign;
+ return supported_sign;
}
/**
@@ -168,41 +177,35 @@ static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0};
* Returns: return a #gnutls_sign_algorithm_t value corresponding to
* the specified algorithm, or %GNUTLS_SIGN_UNKNOWN on error.
**/
-gnutls_sign_algorithm_t
-gnutls_sign_get_id (const char *name)
+gnutls_sign_algorithm_t gnutls_sign_get_id(const char *name)
{
- gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
- GNUTLS_SIGN_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_SIGN_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
-gnutls_sign_algorithm_t
-_gnutls_x509_oid2sign_algorithm (const char *oid)
+gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm(const char *oid)
{
- gnutls_sign_algorithm_t ret = 0;
-
- GNUTLS_SIGN_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = p->id;
- break;
- }
- );
-
- if (ret == 0)
- {
- _gnutls_debug_log ("Unknown SIGN OID: '%s'\n", oid);
- return GNUTLS_SIGN_UNKNOWN;
- }
- return ret;
+ gnutls_sign_algorithm_t ret = 0;
+
+ GNUTLS_SIGN_LOOP(
+ if (p->oid && strcmp(oid, p->oid) == 0) {
+ ret = p->id; break;}
+ );
+
+ if (ret == 0) {
+ _gnutls_debug_log("Unknown SIGN OID: '%s'\n", oid);
+ return GNUTLS_SIGN_UNKNOWN;
+ }
+ return ret;
}
/**
@@ -216,33 +219,34 @@ _gnutls_x509_oid2sign_algorithm (const char *oid)
* Returns: return a #gnutls_sign_algorithm_t value, or %GNUTLS_SIGN_UNKNOWN on error.
**/
gnutls_sign_algorithm_t
-gnutls_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
+gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
{
- gnutls_sign_algorithm_t ret = 0;
-
- GNUTLS_SIGN_LOOP (if (pk == p->pk && hash == p->mac)
- {
- ret = p->id; break;}
- );
-
- if (ret == 0)
- return GNUTLS_SIGN_UNKNOWN;
- return ret;
+ gnutls_sign_algorithm_t ret = 0;
+
+ GNUTLS_SIGN_LOOP(
+ if (pk == p->pk && hash == p->mac) {
+ ret = p->id;
+ break;
+ }
+ );
+
+ if (ret == 0)
+ return GNUTLS_SIGN_UNKNOWN;
+ return ret;
}
-const char *
-_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t mac)
+const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t pk,
+ gnutls_digest_algorithm_t mac)
{
- gnutls_sign_algorithm_t sign;
- const char *ret = NULL;
+ gnutls_sign_algorithm_t sign;
+ const char *ret = NULL;
- sign = gnutls_pk_to_sign (pk, mac);
- if (sign == GNUTLS_SIGN_UNKNOWN)
- return NULL;
+ sign = gnutls_pk_to_sign(pk, mac);
+ if (sign == GNUTLS_SIGN_UNKNOWN)
+ return NULL;
- GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
- return ret;
+ GNUTLS_SIGN_ALG_LOOP(ret = p->oid);
+ return ret;
}
/**
@@ -257,13 +261,13 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
* Returns: return a #gnutls_digest_algorithm_t value, or %GNUTLS_DIG_UNKNOWN on error.
**/
gnutls_digest_algorithm_t
-gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign)
{
- gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+ gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
- GNUTLS_SIGN_ALG_LOOP (ret = p->mac);
+ GNUTLS_SIGN_ALG_LOOP(ret = p->mac);
- return ret;
+ return ret;
}
/**
@@ -278,46 +282,48 @@ gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
* Returns: return a #gnutls_pk_algorithm_t value, or %GNUTLS_PK_UNKNOWN on error.
**/
gnutls_pk_algorithm_t
-gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- GNUTLS_SIGN_ALG_LOOP (ret = p->pk);
+ GNUTLS_SIGN_ALG_LOOP(ret = p->pk);
- return ret;
+ return ret;
}
gnutls_sign_algorithm_t
-_gnutls_tls_aid_to_sign (const sign_algorithm_st * aid)
+_gnutls_tls_aid_to_sign(const sign_algorithm_st * aid)
{
- gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
- if (memcmp(aid, &unknown_tls_aid, sizeof(*aid))==0)
- return ret;
+ if (memcmp(aid, &unknown_tls_aid, sizeof(*aid)) == 0)
+ return ret;
- GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm
- && p->aid.sign_algorithm == aid->sign_algorithm)
- {
- ret = p->id; break;
- }
- );
+ GNUTLS_SIGN_LOOP(
+ if (p->aid.hash_algorithm == aid->hash_algorithm &&
+ p->aid.sign_algorithm == aid->sign_algorithm) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+
+ return ret;
}
/* Returns NULL if a valid AID is not found
*/
-const sign_algorithm_st*
-_gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign)
+const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t
+ sign)
{
- const sign_algorithm_st * ret = NULL;
+ const sign_algorithm_st *ret = NULL;
- GNUTLS_SIGN_ALG_LOOP (ret = &p->aid);
+ GNUTLS_SIGN_ALG_LOOP(ret = &p->aid);
- if (ret != NULL && memcmp(ret, &unknown_tls_aid, sizeof(*ret))==0)
- return NULL;
+ if (ret != NULL
+ && memcmp(ret, &unknown_tls_aid, sizeof(*ret)) == 0)
+ return NULL;
- return ret;
+ return ret;
}
-
diff --git a/lib/auth/anon.c b/lib/auth/anon.c
index e30261dcf4..54548300eb 100644
--- a/lib/auth/anon.c
+++ b/lib/auth/anon.c
@@ -38,136 +38,134 @@
#include <gnutls_state.h>
#include <auth/dh_common.h>
-static int gen_anon_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_anon_client_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_anon_server_kx (gnutls_session_t, uint8_t *, size_t);
+static int gen_anon_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_anon_client_kx(gnutls_session_t, uint8_t *, size_t);
+static int proc_anon_server_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st anon_auth_struct = {
- "ANON",
- NULL,
- NULL,
- gen_anon_server_kx,
- _gnutls_gen_dh_common_client_kx, /* this can be shared */
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_anon_server_kx,
- proc_anon_client_kx,
- NULL,
- NULL
+ "ANON",
+ NULL,
+ NULL,
+ gen_anon_server_kx,
+ _gnutls_gen_dh_common_client_kx, /* this can be shared */
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_anon_server_kx,
+ proc_anon_client_kx,
+ NULL,
+ NULL
};
static int
-gen_anon_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_anon_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- bigint_t g, p;
- const bigint_t *mpis;
- int ret;
- gnutls_dh_params_t dh_params;
- gnutls_anon_server_credentials_t cred;
-
- cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_dh_set_group (session, g, p);
-
- ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_anon_server_credentials_t cred;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_dh_set_group(session, g, p);
+
+ ret =
+ _gnutls_dh_common_print_server_kx(session, g, p,
+ dh_params->q_bits, data);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
static int
-proc_anon_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_anon_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_anon_server_credentials_t cred;
- int ret;
- bigint_t p, g;
- gnutls_dh_params_t dh_params;
- const bigint_t *mpis;
-
- cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- ret = _gnutls_proc_dh_common_client_kx (session, data, _data_size, g, p, NULL);
-
- return ret;
+ gnutls_anon_server_credentials_t cred;
+ int ret;
+ bigint_t p, g;
+ gnutls_dh_params_t dh_params;
+ const bigint_t *mpis;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ ret =
+ _gnutls_proc_dh_common_client_kx(session, data, _data_size, g,
+ p, NULL);
+
+ return ret;
}
int
-proc_anon_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_anon_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret;
-
- /* set auth_info */
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_ANON */
+#endif /* ENABLE_ANON */
diff --git a/lib/auth/anon.h b/lib/auth/anon.h
index b17c10cfc3..6424fdd9a7 100644
--- a/lib/auth/anon.h
+++ b/lib/auth/anon.h
@@ -24,24 +24,21 @@
#include <gnutls_auth.h>
#include <auth/dh_common.h>
-typedef struct gnutls_anon_server_credentials_st
-{
- gnutls_dh_params_t dh_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- gnutls_params_function *params_func;
+typedef struct gnutls_anon_server_credentials_st {
+ gnutls_dh_params_t dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
} anon_server_credentials_st;
-typedef struct gnutls_anon_client_credentials_st
-{
- int dummy;
+typedef struct gnutls_anon_client_credentials_st {
+ int dummy;
} anon_client_credentials_st;
-typedef struct anon_auth_info_st
-{
- dh_info_st dh;
- gnutls_ecc_curve_t curve;
+typedef struct anon_auth_info_st {
+ dh_info_st dh;
+ gnutls_ecc_curve_t curve;
} *anon_auth_info_t;
typedef struct anon_auth_info_st anon_auth_info_st;
diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c
index 3a99c482c6..7fc99e59b6 100644
--- a/lib/auth/anon_ecdh.c
+++ b/lib/auth/anon_ecdh.c
@@ -27,7 +27,7 @@
#include <gnutls_int.h>
-#if defined(ENABLE_ANON) && defined(ENABLE_ECDHE)
+#if defined(ENABLE_ANON) && defined(ENABLE_ECDHE)
#include "gnutls_auth.h"
#include "gnutls_errors.h"
@@ -39,101 +39,101 @@
#include <auth/ecdhe.h>
#include <ext/ecc.h>
-static int gen_anon_ecdh_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_anon_ecdh_client_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_anon_ecdh_server_kx (gnutls_session_t, uint8_t *, size_t);
+static int gen_anon_ecdh_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_anon_ecdh_client_kx(gnutls_session_t, uint8_t *, size_t);
+static int proc_anon_ecdh_server_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st anon_ecdh_auth_struct = {
- "ANON ECDH",
- NULL,
- NULL,
- gen_anon_ecdh_server_kx,
- _gnutls_gen_ecdh_common_client_kx, /* this can be shared */
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_anon_ecdh_server_kx,
- proc_anon_ecdh_client_kx,
- NULL,
- NULL
+ "ANON ECDH",
+ NULL,
+ NULL,
+ gen_anon_ecdh_server_kx,
+ _gnutls_gen_ecdh_common_client_kx, /* this can be shared */
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_anon_ecdh_server_kx,
+ proc_anon_ecdh_client_kx,
+ NULL,
+ NULL
};
static int
-gen_anon_ecdh_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_anon_ecdh_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret;
- gnutls_anon_server_credentials_t cred;
-
- cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_ecdh_common_print_server_kx (session, data, _gnutls_session_ecc_curve_get(session));
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ int ret;
+ gnutls_anon_server_credentials_t cred;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_ecdh_common_print_server_kx(session, data,
+ _gnutls_session_ecc_curve_get
+ (session));
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
static int
-proc_anon_ecdh_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_anon_ecdh_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_anon_server_credentials_t cred;
-
- cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- return _gnutls_proc_ecdh_common_client_kx (session, data, _data_size,
- _gnutls_session_ecc_curve_get(session), NULL);
+ gnutls_anon_server_credentials_t cred;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ return _gnutls_proc_ecdh_common_client_kx(session, data,
+ _data_size,
+ _gnutls_session_ecc_curve_get
+ (session), NULL);
}
int
-proc_anon_ecdh_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_anon_ecdh_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret;
-
- /* set auth_info */
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_proc_ecdh_common_server_kx (session, data, _data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_proc_ecdh_common_server_kx(session, data, _data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_ANON */
+#endif /* ENABLE_ANON */
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 9a5f5590c5..606e798607 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -47,98 +47,95 @@
#ifdef ENABLE_OPENPGP
#include "openpgp/gnutls_openpgp.h"
-static gnutls_privkey_t alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t
- key, int deinit);
-static gnutls_pcert_st *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert);
+static gnutls_privkey_t alloc_and_load_pgp_key(const
+ gnutls_openpgp_privkey_t
+ key, int deinit);
+static gnutls_pcert_st *alloc_and_load_pgp_certs(gnutls_openpgp_crt_t
+ cert);
#endif
-static gnutls_pcert_st *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs,
- unsigned);
-static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key,
- int deinit);
+static gnutls_pcert_st *alloc_and_load_x509_certs(gnutls_x509_crt_t *
+ certs, unsigned);
+static gnutls_privkey_t alloc_and_load_x509_key(gnutls_x509_privkey_t key,
+ int deinit);
#ifdef ENABLE_PKCS11
-static gnutls_privkey_t alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t
- key, int deinit);
+static gnutls_privkey_t alloc_and_load_pkcs11_key(gnutls_pkcs11_privkey_t
+ key, int deinit);
#endif
#define MAX_CLIENT_SIGN_ALGOS 3
#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
typedef enum CertificateSigType
-{ RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
+ { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
} CertificateSigType;
/* Copies data from a internal certificate struct (gnutls_pcert_st) to
* exported certificate struct (cert_auth_info_t)
*/
-static int
-_gnutls_copy_certificate_auth_info (cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts, /* openpgp only */
- void *keyid)
+static int _gnutls_copy_certificate_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts, /* openpgp only */
+ void *keyid)
{
- /* Copy peer's information to auth_info_t
- */
- int ret;
- size_t i, j;
-
- if (info->raw_certificate_list != NULL)
- {
- for (j = 0; j < info->ncerts; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
- gnutls_free (info->raw_certificate_list);
- }
-
- if (ncerts == 0)
- {
- info->raw_certificate_list = NULL;
- info->ncerts = 0;
- return 0;
- }
-
- info->raw_certificate_list =
- gnutls_calloc (ncerts, sizeof (gnutls_datum_t));
- if (info->raw_certificate_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i = 0; i < ncerts; i++)
- {
- if (certs[i].cert.size > 0)
- {
- ret =
- _gnutls_set_datum (&info->raw_certificate_list[i],
- certs[i].cert.data, certs[i].cert.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto clear;
- }
- }
- }
- info->ncerts = ncerts;
- info->cert_type = certs[0].type;
+ /* Copy peer's information to auth_info_t
+ */
+ int ret;
+ size_t i, j;
+
+ if (info->raw_certificate_list != NULL) {
+ for (j = 0; j < info->ncerts; j++)
+ _gnutls_free_datum(&info->raw_certificate_list[j]);
+ gnutls_free(info->raw_certificate_list);
+ }
+
+ if (ncerts == 0) {
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
+ return 0;
+ }
+
+ info->raw_certificate_list =
+ gnutls_calloc(ncerts, sizeof(gnutls_datum_t));
+ if (info->raw_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ if (certs[i].cert.size > 0) {
+ ret =
+ _gnutls_set_datum(&info->
+ raw_certificate_list[i],
+ certs[i].cert.data,
+ certs[i].cert.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto clear;
+ }
+ }
+ }
+ info->ncerts = ncerts;
+ info->cert_type = certs[0].type;
#ifdef ENABLE_OPENPGP
- if (certs[0].type == GNUTLS_CRT_OPENPGP)
- {
- if (keyid)
- memcpy (info->subkey_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
- }
+ if (certs[0].type == GNUTLS_CRT_OPENPGP) {
+ if (keyid)
+ memcpy(info->subkey_id, keyid,
+ GNUTLS_OPENPGP_KEYID_SIZE);
+ }
#endif
- return 0;
+ return 0;
-clear:
+ clear:
- for (j = 0; j < i; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
+ for (j = 0; j < i; j++)
+ _gnutls_free_datum(&info->raw_certificate_list[j]);
- gnutls_free (info->raw_certificate_list);
- info->raw_certificate_list = NULL;
+ gnutls_free(info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
- return ret;
+ return ret;
}
@@ -148,19 +145,17 @@ clear:
* -1 otherwise.
*/
inline static int
-_gnutls_check_pk_algo_in_list (const gnutls_pk_algorithm_t *
- pk_algos, int pk_algos_length,
- gnutls_pk_algorithm_t algo_to_check)
+_gnutls_check_pk_algo_in_list(const gnutls_pk_algorithm_t *
+ pk_algos, int pk_algos_length,
+ gnutls_pk_algorithm_t algo_to_check)
{
- int i;
- for (i = 0; i < pk_algos_length; i++)
- {
- if (algo_to_check == pk_algos[i])
- {
- return 0;
- }
- }
- return -1;
+ int i;
+ for (i = 0; i < pk_algos_length; i++) {
+ if (algo_to_check == pk_algos[i]) {
+ return 0;
+ }
+ }
+ return -1;
}
@@ -168,46 +163,48 @@ _gnutls_check_pk_algo_in_list (const gnutls_pk_algorithm_t *
* specified in cert.
*/
static int
-_gnutls_cert_get_issuer_dn (gnutls_pcert_st * cert, gnutls_datum_t * odn)
+_gnutls_cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn)
{
- ASN1_TYPE dn;
- int len, result;
- int start, end;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dn, cert->cert.data, cert->cert.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding_startEnd (dn, cert->cert.data, cert->cert.size,
- "tbsCertificate.issuer", &start, &end);
-
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
- asn1_delete_structure (&dn);
-
- len = end - start + 1;
-
- odn->size = len;
- odn->data = &cert->cert.data[start];
-
- return 0;
+ ASN1_TYPE dn;
+ int len, result;
+ int start, end;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.Certificate",
+ &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&dn, cert->cert.data, cert->cert.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding_startEnd(dn, cert->cert.data,
+ cert->cert.size,
+ "tbsCertificate.issuer", &start,
+ &end);
+
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+ asn1_delete_structure(&dn);
+
+ len = end - start + 1;
+
+ odn->size = len;
+ odn->data = &cert->cert.data[start];
+
+ return 0;
}
@@ -218,80 +215,85 @@ _gnutls_cert_get_issuer_dn (gnutls_pcert_st * cert, gnutls_datum_t * odn)
* CAs and sign algorithms supported by the peer server.
*/
static int
-_find_x509_cert (const gnutls_certificate_credentials_t cred,
- uint8_t * _data, size_t _data_size,
- const gnutls_pk_algorithm_t * pk_algos,
- int pk_algos_length, int *indx)
+_find_x509_cert(const gnutls_certificate_credentials_t cred,
+ uint8_t * _data, size_t _data_size,
+ const gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length, int *indx)
{
- unsigned size;
- gnutls_datum_t odn = { NULL, 0 };
- uint8_t *data = _data;
- ssize_t data_size = _data_size;
- unsigned i, j;
- int result, cert_pk;
-
- *indx = -1;
-
- /* If peer doesn't send any issuers and we have a single certificate
- * then send that one.
- */
- if (data_size == 0 && cred->ncerts == 1)
- {
- *indx = 0;
- return 0;
- }
-
- do
- {
- DECR_LENGTH_RET (data_size, 2, 0);
- size = _gnutls_read_uint16 (data);
- DECR_LENGTH_RET (data_size, size, 0);
- data += 2;
-
- for (i = 0; i < cred->ncerts; i++)
- {
- for (j = 0; j < cred->certs[i].cert_list_length; j++)
- {
- if ((result =
- _gnutls_cert_get_issuer_dn (&cred->certs[i].cert_list[j],
- &odn)) < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (odn.size != size)
- continue;
-
- /* If the DN matches and
- * the *_SIGN algorithm matches
- * the cert is our cert!
- */
- cert_pk =
- gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
- NULL);
-
- if ((memcmp (odn.data, data, size) == 0) &&
- (_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length, cert_pk) == 0))
- {
- *indx = i;
- break;
- }
- }
- if (*indx != -1)
- break;
- }
-
- if (*indx != -1)
- break;
-
- /* move to next record */
- data += size;
- }
- while (1);
-
- return 0;
+ unsigned size;
+ gnutls_datum_t odn = { NULL, 0 };
+ uint8_t *data = _data;
+ ssize_t data_size = _data_size;
+ unsigned i, j;
+ int result, cert_pk;
+
+ *indx = -1;
+
+ /* If peer doesn't send any issuers and we have a single certificate
+ * then send that one.
+ */
+ if (data_size == 0 && cred->ncerts == 1) {
+ *indx = 0;
+ return 0;
+ }
+
+ do {
+ DECR_LENGTH_RET(data_size, 2, 0);
+ size = _gnutls_read_uint16(data);
+ DECR_LENGTH_RET(data_size, size, 0);
+ data += 2;
+
+ for (i = 0; i < cred->ncerts; i++) {
+ for (j = 0; j < cred->certs[i].cert_list_length;
+ j++) {
+ if ((result =
+ _gnutls_cert_get_issuer_dn(&cred->
+ certs[i].
+ cert_list
+ [j],
+ &odn)) <
+ 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (odn.size != size)
+ continue;
+
+ /* If the DN matches and
+ * the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ cert_pk =
+ gnutls_pubkey_get_pk_algorithm(cred->
+ certs
+ [i].
+ cert_list
+ [0].
+ pubkey,
+ NULL);
+
+ if ((memcmp(odn.data, data, size) == 0) &&
+ (_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length,
+ cert_pk) == 0)) {
+ *indx = i;
+ break;
+ }
+ }
+ if (*indx != -1)
+ break;
+ }
+
+ if (*indx != -1)
+ break;
+
+ /* move to next record */
+ data += size;
+ }
+ while (1);
+
+ return 0;
}
@@ -299,37 +301,38 @@ _find_x509_cert (const gnutls_certificate_credentials_t cred,
/* Locates the most appropriate openpgp cert
*/
static int
-_find_openpgp_cert (const gnutls_certificate_credentials_t cred,
- gnutls_pk_algorithm_t * pk_algos,
- int pk_algos_length, int *indx)
+_find_openpgp_cert(const gnutls_certificate_credentials_t cred,
+ gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length, int *indx)
{
- unsigned i, j;
-
- *indx = -1;
-
- for (i = 0; i < cred->ncerts; i++)
- {
- for (j = 0; j < cred->certs[i].cert_list_length; j++)
- {
-
- /* If the *_SIGN algorithm matches
- * the cert is our cert!
- */
- if ((_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length,
- gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
- NULL)) == 0)
- && (cred->certs[i].cert_list[0].type == GNUTLS_CRT_OPENPGP))
- {
- *indx = i;
- break;
- }
- }
- if (*indx != -1)
- break;
- }
-
- return 0;
+ unsigned i, j;
+
+ *indx = -1;
+
+ for (i = 0; i < cred->ncerts; i++) {
+ for (j = 0; j < cred->certs[i].cert_list_length; j++) {
+
+ /* If the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ if ((_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length,
+ gnutls_pubkey_get_pk_algorithm(cred->
+ certs[i].
+ cert_list[0].
+ pubkey,
+ NULL)) == 0)
+ && (cred->certs[i].cert_list[0].type ==
+ GNUTLS_CRT_OPENPGP)) {
+ *indx = i;
+ break;
+ }
+ }
+ if (*indx != -1)
+ break;
+ }
+
+ return 0;
}
#endif
@@ -337,343 +340,318 @@ _find_openpgp_cert (const gnutls_certificate_credentials_t cred,
* certificate request packet.
*/
static int
-get_issuers_num (gnutls_session_t session, uint8_t * data, ssize_t data_size)
+get_issuers_num(gnutls_session_t session, uint8_t * data,
+ ssize_t data_size)
{
- int issuers_dn_len = 0, result;
- unsigned size;
+ int issuers_dn_len = 0, result;
+ unsigned size;
- /* Count the number of the given issuers;
- * This is used to allocate the issuers_dn without
- * using realloc().
- */
+ /* Count the number of the given issuers;
+ * This is used to allocate the issuers_dn without
+ * using realloc().
+ */
- if (data_size == 0 || data == NULL)
- return 0;
+ if (data_size == 0 || data == NULL)
+ return 0;
- if (data_size > 0)
- do
- {
- /* This works like DECR_LEN()
- */
- result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- DECR_LENGTH_COM (data_size, 2, goto error);
- size = _gnutls_read_uint16 (data);
+ if (data_size > 0)
+ do {
+ /* This works like DECR_LEN()
+ */
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM(data_size, 2, goto error);
+ size = _gnutls_read_uint16(data);
- result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- DECR_LENGTH_COM (data_size, size, goto error);
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM(data_size, size, goto error);
- data += 2;
+ data += 2;
- if (size > 0)
- {
- issuers_dn_len++;
- data += size;
- }
+ if (size > 0) {
+ issuers_dn_len++;
+ data += size;
+ }
- if (data_size == 0)
- break;
+ if (data_size == 0)
+ break;
- }
- while (1);
+ }
+ while (1);
- return issuers_dn_len;
+ return issuers_dn_len;
-error:
- return result;
+ error:
+ return result;
}
/* Returns the issuers in the server's certificate request
* packet.
*/
static int
-get_issuers (gnutls_session_t session,
- gnutls_datum_t * issuers_dn, int issuers_len,
- uint8_t * data, size_t data_size)
+get_issuers(gnutls_session_t session,
+ gnutls_datum_t * issuers_dn, int issuers_len,
+ uint8_t * data, size_t data_size)
{
- int i;
- unsigned size;
+ int i;
+ unsigned size;
- if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
- return 0;
+ if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+ return 0;
- /* put the requested DNs to req_dn, only in case
- * of X509 certificates.
- */
- if (issuers_len > 0)
- {
+ /* put the requested DNs to req_dn, only in case
+ * of X509 certificates.
+ */
+ if (issuers_len > 0) {
- for (i = 0; i < issuers_len; i++)
- {
- /* The checks here for the buffer boundaries
- * are not needed since the buffer has been
- * parsed above.
- */
- data_size -= 2;
+ for (i = 0; i < issuers_len; i++) {
+ /* The checks here for the buffer boundaries
+ * are not needed since the buffer has been
+ * parsed above.
+ */
+ data_size -= 2;
- size = _gnutls_read_uint16 (data);
+ size = _gnutls_read_uint16(data);
- data += 2;
+ data += 2;
- issuers_dn[i].data = data;
- issuers_dn[i].size = size;
+ issuers_dn[i].data = data;
+ issuers_dn[i].size = size;
- data += size;
- }
- }
+ data += size;
+ }
+ }
- return 0;
+ return 0;
}
-static void
-st_to_st2 (gnutls_retr2_st * st2, gnutls_retr_st * st)
+static void st_to_st2(gnutls_retr2_st * st2, gnutls_retr_st * st)
{
- st2->cert_type = st->type;
- if (st->type == GNUTLS_CRT_OPENPGP)
- {
- st2->key_type = GNUTLS_PRIVKEY_OPENPGP;
- }
- else
- {
- st2->key_type = GNUTLS_PRIVKEY_X509;
- }
- st2->ncerts = st->ncerts;
- st2->deinit_all = st->deinit_all;
-
- switch (st2->cert_type)
- {
- case GNUTLS_CRT_OPENPGP:
- st2->cert.pgp = st->cert.pgp;
- st2->key.pgp = st->key.pgp;
- break;
- case GNUTLS_CRT_X509:
- st2->cert.x509 = st->cert.x509;
- st2->key.x509 = st->key.x509;
- break;
- default:
- return;
- }
+ st2->cert_type = st->type;
+ if (st->type == GNUTLS_CRT_OPENPGP) {
+ st2->key_type = GNUTLS_PRIVKEY_OPENPGP;
+ } else {
+ st2->key_type = GNUTLS_PRIVKEY_X509;
+ }
+ st2->ncerts = st->ncerts;
+ st2->deinit_all = st->deinit_all;
+
+ switch (st2->cert_type) {
+ case GNUTLS_CRT_OPENPGP:
+ st2->cert.pgp = st->cert.pgp;
+ st2->key.pgp = st->key.pgp;
+ break;
+ case GNUTLS_CRT_X509:
+ st2->cert.x509 = st->cert.x509;
+ st2->key.x509 = st->key.x509;
+ break;
+ default:
+ return;
+ }
}
/* Calls the client get callback.
*/
static int
-call_get_cert_callback (gnutls_session_t session,
- const gnutls_datum_t * issuers_dn,
- int issuers_dn_length,
- gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
+call_get_cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * issuers_dn,
+ int issuers_dn_length,
+ gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length)
{
- unsigned i;
- gnutls_pcert_st *local_certs = NULL;
- gnutls_privkey_t local_key = NULL;
- int ret = GNUTLS_E_INTERNAL_ERROR;
- gnutls_certificate_type_t type = gnutls_certificate_type_get (session);
- gnutls_certificate_credentials_t cred;
- gnutls_retr2_st st2;
- gnutls_pcert_st *pcert = NULL;
- unsigned int pcert_length = 0;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- memset (&st2, 0, sizeof (st2));
-
- if (cred->get_cert_callback2)
- {
- /* we avoid all allocations and transformations */
- ret = cred->get_cert_callback2 (session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length,
- &pcert, &pcert_length, &local_key);
- if (ret < 0)
- return gnutls_assert_val (GNUTLS_E_USER_ERROR);
-
- if (pcert_length > 0 && type != pcert[0].type)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- if (pcert_length == 0)
- {
- pcert = NULL;
- local_key = NULL;
- }
- _gnutls_selected_certs_set (session, pcert, pcert_length, local_key, 0);
-
- return 0;
-
- }
- else if (cred->get_cert_callback)
- {
- ret = cred->get_cert_callback (session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length, &st2);
-
- }
- else
- { /* compatibility mode */
- gnutls_retr_st st;
- memset (&st, 0, sizeof (st));
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (cred->server_get_cert_callback == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = cred->server_get_cert_callback (session, &st);
- if (ret >= 0)
- st_to_st2 (&st2, &st);
- }
- else
- { /* CLIENT */
-
- if (cred->client_get_cert_callback == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = cred->client_get_cert_callback (session,
- issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length,
- &st);
- if (ret >= 0)
- st_to_st2 (&st2, &st);
- }
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_USER_ERROR;
- }
-
- if (st2.ncerts == 0)
- return 0; /* no certificate was selected */
-
- if (type != st2.cert_type)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
-
- if (type == GNUTLS_CRT_X509)
- {
- local_certs = alloc_and_load_x509_certs (st2.cert.x509, st2.ncerts);
- }
- else
- { /* PGP */
- if (st2.ncerts > 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
+ unsigned i;
+ gnutls_pcert_st *local_certs = NULL;
+ gnutls_privkey_t local_key = NULL;
+ int ret = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_certificate_type_t type =
+ gnutls_certificate_type_get(session);
+ gnutls_certificate_credentials_t cred;
+ gnutls_retr2_st st2;
+ gnutls_pcert_st *pcert = NULL;
+ unsigned int pcert_length = 0;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ memset(&st2, 0, sizeof(st2));
+
+ if (cred->get_cert_callback2) {
+ /* we avoid all allocations and transformations */
+ ret =
+ cred->get_cert_callback2(session, issuers_dn,
+ issuers_dn_length, pk_algos,
+ pk_algos_length, &pcert,
+ &pcert_length, &local_key);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_USER_ERROR);
+
+ if (pcert_length > 0 && type != pcert[0].type)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (pcert_length == 0) {
+ pcert = NULL;
+ local_key = NULL;
+ }
+ _gnutls_selected_certs_set(session, pcert, pcert_length,
+ local_key, 0);
+
+ return 0;
+
+ } else if (cred->get_cert_callback) {
+ ret =
+ cred->get_cert_callback(session, issuers_dn,
+ issuers_dn_length, pk_algos,
+ pk_algos_length, &st2);
+
+ } else { /* compatibility mode */
+ gnutls_retr_st st;
+ memset(&st, 0, sizeof(st));
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (cred->server_get_cert_callback == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->server_get_cert_callback(session, &st);
+ if (ret >= 0)
+ st_to_st2(&st2, &st);
+ } else { /* CLIENT */
+
+ if (cred->client_get_cert_callback == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->client_get_cert_callback(session,
+ issuers_dn,
+ issuers_dn_length,
+ pk_algos,
+ pk_algos_length,
+ &st);
+ if (ret >= 0)
+ st_to_st2(&st2, &st);
+ }
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_USER_ERROR;
+ }
+
+ if (st2.ncerts == 0)
+ return 0; /* no certificate was selected */
+
+ if (type != st2.cert_type) {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+
+ if (type == GNUTLS_CRT_X509) {
+ local_certs =
+ alloc_and_load_x509_certs(st2.cert.x509, st2.ncerts);
+ } else { /* PGP */
+ if (st2.ncerts > 1) {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
#ifdef ENABLE_OPENPGP
- {
- local_certs = alloc_and_load_pgp_certs (st2.cert.pgp);
- }
+ {
+ local_certs =
+ alloc_and_load_pgp_certs(st2.cert.pgp);
+ }
#else
- ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
- goto cleanup;
+ ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ goto cleanup;
#endif
- }
-
- if (local_certs == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- switch (st2.key_type)
- {
- case GNUTLS_PRIVKEY_OPENPGP:
+ }
+
+ if (local_certs == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ switch (st2.key_type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
#ifdef ENABLE_OPENPGP
- if (st2.key.pgp != NULL)
- {
- local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
+ if (st2.key.pgp != NULL) {
+ local_key =
+ alloc_and_load_pgp_key(st2.key.pgp,
+ st2.deinit_all);
+ if (local_key == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
#endif
- break;
- case GNUTLS_PRIVKEY_PKCS11:
+ break;
+ case GNUTLS_PRIVKEY_PKCS11:
#ifdef ENABLE_PKCS11
- if (st2.key.pkcs11 != NULL)
- {
- local_key =
- alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
+ if (st2.key.pkcs11 != NULL) {
+ local_key =
+ alloc_and_load_pkcs11_key(st2.key.pkcs11,
+ st2.deinit_all);
+ if (local_key == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
#endif
- break;
- case GNUTLS_PRIVKEY_X509:
- if (st2.key.x509 != NULL)
- {
- local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
- break;
- default:
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- _gnutls_selected_certs_set (session, local_certs,
- (local_certs != NULL) ? st2.ncerts : 0,
- local_key, 1);
-
- ret = 0;
-
-cleanup:
-
- if (st2.cert_type == GNUTLS_CRT_X509)
- {
- if (st2.deinit_all)
- {
- for (i = 0; i < st2.ncerts; i++)
- {
- gnutls_x509_crt_deinit (st2.cert.x509[i]);
- }
- gnutls_free(st2.cert.x509);
- }
- }
- else
- {
+ break;
+ case GNUTLS_PRIVKEY_X509:
+ if (st2.key.x509 != NULL) {
+ local_key =
+ alloc_and_load_x509_key(st2.key.x509,
+ st2.deinit_all);
+ if (local_key == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
+ break;
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ _gnutls_selected_certs_set(session, local_certs,
+ (local_certs != NULL) ? st2.ncerts : 0,
+ local_key, 1);
+
+ ret = 0;
+
+ cleanup:
+
+ if (st2.cert_type == GNUTLS_CRT_X509) {
+ if (st2.deinit_all) {
+ for (i = 0; i < st2.ncerts; i++) {
+ gnutls_x509_crt_deinit(st2.cert.x509[i]);
+ }
+ gnutls_free(st2.cert.x509);
+ }
+ } else {
#ifdef ENABLE_OPENPGP
- if (st2.deinit_all)
- {
- gnutls_openpgp_crt_deinit (st2.cert.pgp);
- }
+ if (st2.deinit_all) {
+ gnutls_openpgp_crt_deinit(st2.cert.pgp);
+ }
#endif
- }
+ }
- if (ret < 0)
- {
- if (local_key != NULL)
- gnutls_privkey_deinit (local_key);
- }
+ if (ret < 0) {
+ if (local_key != NULL)
+ gnutls_privkey_deinit(local_key);
+ }
- return ret;
+ return ret;
}
/* Finds the appropriate certificate depending on the cA Distinguished name
@@ -684,358 +662,365 @@ cleanup:
* algorithm (only in automatic mode).
*/
static int
-_select_client_cert (gnutls_session_t session,
- uint8_t * _data, size_t _data_size,
- gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
+_select_client_cert(gnutls_session_t session,
+ uint8_t * _data, size_t _data_size,
+ gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
{
- int result;
- int indx = -1;
- gnutls_certificate_credentials_t cred;
- uint8_t *data = _data;
- ssize_t data_size = _data_size;
- int issuers_dn_length;
- gnutls_datum_t *issuers_dn = NULL;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (cred->client_get_cert_callback != NULL
- || cred->get_cert_callback != NULL || cred->get_cert_callback2 != NULL)
- {
-
- /* use a callback to get certificate
- */
- if (session->security_parameters.cert_type != GNUTLS_CRT_X509)
- issuers_dn_length = 0;
- else
- {
- issuers_dn_length = get_issuers_num (session, data, data_size);
- if (issuers_dn_length < 0)
- {
- gnutls_assert ();
- return issuers_dn_length;
- }
-
- if (issuers_dn_length > 0)
- {
- issuers_dn =
- gnutls_malloc (sizeof (gnutls_datum_t) * issuers_dn_length);
- if (issuers_dn == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result =
- get_issuers (session, issuers_dn, issuers_dn_length,
- data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- }
-
- result =
- call_get_cert_callback (session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length);
- goto cleanup;
-
- }
- else
- {
- /* If we have no callbacks, try to guess.
- */
- result = 0;
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509)
- result =
- _find_x509_cert (cred, _data, _data_size,
- pk_algos, pk_algos_length, &indx);
+ int result;
+ int indx = -1;
+ gnutls_certificate_credentials_t cred;
+ uint8_t *data = _data;
+ ssize_t data_size = _data_size;
+ int issuers_dn_length;
+ gnutls_datum_t *issuers_dn = NULL;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (cred->client_get_cert_callback != NULL
+ || cred->get_cert_callback != NULL
+ || cred->get_cert_callback2 != NULL) {
+
+ /* use a callback to get certificate
+ */
+ if (session->security_parameters.cert_type !=
+ GNUTLS_CRT_X509)
+ issuers_dn_length = 0;
+ else {
+ issuers_dn_length =
+ get_issuers_num(session, data, data_size);
+ if (issuers_dn_length < 0) {
+ gnutls_assert();
+ return issuers_dn_length;
+ }
+
+ if (issuers_dn_length > 0) {
+ issuers_dn =
+ gnutls_malloc(sizeof(gnutls_datum_t) *
+ issuers_dn_length);
+ if (issuers_dn == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ get_issuers(session, issuers_dn,
+ issuers_dn_length, data,
+ data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ }
+
+ result =
+ call_get_cert_callback(session, issuers_dn,
+ issuers_dn_length, pk_algos,
+ pk_algos_length);
+ goto cleanup;
+
+ } else {
+ /* If we have no callbacks, try to guess.
+ */
+ result = 0;
+
+ if (session->security_parameters.cert_type ==
+ GNUTLS_CRT_X509)
+ result =
+ _find_x509_cert(cred, _data, _data_size,
+ pk_algos, pk_algos_length,
+ &indx);
#ifdef ENABLE_OPENPGP
- else if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP)
- result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
+ else if (session->security_parameters.cert_type ==
+ GNUTLS_CRT_OPENPGP)
+ result =
+ _find_openpgp_cert(cred, pk_algos,
+ pk_algos_length, &indx);
#endif
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (indx >= 0)
- {
- _gnutls_selected_certs_set (session,
- &cred->certs[indx].cert_list[0],
- cred->certs[indx].cert_list_length,
- cred->pkey[indx], 0);
- }
- else
- {
- _gnutls_selected_certs_set (session, NULL, 0, NULL, 0);
- }
-
- result = 0;
- }
-
-cleanup:
- gnutls_free (issuers_dn);
- return result;
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (indx >= 0) {
+ _gnutls_selected_certs_set(session,
+ &cred->certs[indx].
+ cert_list[0],
+ cred->certs[indx].
+ cert_list_length,
+ cred->pkey[indx], 0);
+ } else {
+ _gnutls_selected_certs_set(session, NULL, 0, NULL,
+ 0);
+ }
+
+ result = 0;
+ }
+
+ cleanup:
+ gnutls_free(issuers_dn);
+ return result;
}
/* Generate certificate message
*/
static int
-_gnutls_gen_x509_crt (gnutls_session_t session, gnutls_buffer_st * data)
+_gnutls_gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret, i;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate
- */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = 3;
- for (i = 0; i < apr_cert_list_length; i++)
- {
- ret += apr_cert_list[i].cert.size + 3;
- /* hold size
- * for uint24 */
- }
-
- /* if no certificates were found then send:
- * 0B 00 00 03 00 00 00 // Certificate with no certs
- * instead of:
- * 0B 00 00 00 // empty certificate handshake
- *
- * ( the above is the whole handshake message, not
- * the one produced here )
- */
-
- ret = _gnutls_buffer_append_prefix (data, 24, ret - 3);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- for (i = 0; i < apr_cert_list_length; i++)
- {
- ret =
- _gnutls_buffer_append_data_prefix (data, 24,
- apr_cert_list[i].cert.data,
- apr_cert_list[i].cert.size);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
-
- return data->length;
+ int ret, i;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate
+ */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = 3;
+ for (i = 0; i < apr_cert_list_length; i++) {
+ ret += apr_cert_list[i].cert.size + 3;
+ /* hold size
+ * for uint24 */
+ }
+
+ /* if no certificates were found then send:
+ * 0B 00 00 03 00 00 00 // Certificate with no certs
+ * instead of:
+ * 0B 00 00 00 // empty certificate handshake
+ *
+ * ( the above is the whole handshake message, not
+ * the one produced here )
+ */
+
+ ret = _gnutls_buffer_append_prefix(data, 24, ret - 3);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < apr_cert_list_length; i++) {
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 24,
+ apr_cert_list[i].
+ cert.data,
+ apr_cert_list[i].
+ cert.size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return data->length;
}
enum PGPKeyDescriptorType
-{ PGP_EMPTY_KEY=1, PGP_KEY_SUBKEY, PGP_KEY_FINGERPRINT_SUBKEY };
+ { PGP_EMPTY_KEY = 1, PGP_KEY_SUBKEY, PGP_KEY_FINGERPRINT_SUBKEY };
#ifdef ENABLE_OPENPGP
static int
-_gnutls_gen_openpgp_certificate (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_openpgp_certificate(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
- unsigned int subkey;
- uint8_t type;
- uint8_t fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
- char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
- size_t fpr_size;
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = 3 + 1 + 3;
-
- if (apr_cert_list_length > 0)
- {
- fpr_size = sizeof (fpr);
- ret =
- gnutls_pubkey_get_openpgp_key_id (apr_cert_list[0].pubkey, 0, fpr,
- &fpr_size, &subkey);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret += 1 + fpr_size; /* for the keyid */
- _gnutls_handshake_log("Sending PGP key ID %s (%s)\n", _gnutls_bin2hex(fpr, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL),
- subkey?"subkey":"master");
-
- ret += apr_cert_list[0].cert.size;
- }
-
- ret = _gnutls_buffer_append_prefix (data, 24, ret - 3);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
-
- if (apr_cert_list_length > 0)
- {
- type = PGP_KEY_SUBKEY;
-
- ret = _gnutls_buffer_append_data (data, &type, 1);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_data_prefix (data, 8, fpr, fpr_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret =
- _gnutls_buffer_append_data_prefix (data, 24,
- apr_cert_list[0].cert.data,
- apr_cert_list[0].cert.size);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
- else /* empty - no certificate */
- {
- type = PGP_EMPTY_KEY;
-
- ret = _gnutls_buffer_append_data (data, &type, 1);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_prefix (data, 24, 0);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
-
- return data->length;
+ int ret;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ unsigned int subkey;
+ uint8_t type;
+ uint8_t fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
+ char buf[2 * GNUTLS_OPENPGP_KEYID_SIZE + 1];
+ size_t fpr_size;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = 3 + 1 + 3;
+
+ if (apr_cert_list_length > 0) {
+ fpr_size = sizeof(fpr);
+ ret =
+ gnutls_pubkey_get_openpgp_key_id(apr_cert_list[0].
+ pubkey, 0, fpr,
+ &fpr_size, &subkey);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret += 1 + fpr_size; /* for the keyid */
+ _gnutls_handshake_log("Sending PGP key ID %s (%s)\n",
+ _gnutls_bin2hex(fpr,
+ GNUTLS_OPENPGP_KEYID_SIZE,
+ buf, sizeof(buf),
+ NULL),
+ subkey ? "subkey" : "master");
+
+ ret += apr_cert_list[0].cert.size;
+ }
+
+ ret = _gnutls_buffer_append_prefix(data, 24, ret - 3);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+
+ if (apr_cert_list_length > 0) {
+ type = PGP_KEY_SUBKEY;
+
+ ret = _gnutls_buffer_append_data(data, &type, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 8, fpr,
+ fpr_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 24,
+ apr_cert_list[0].
+ cert.data,
+ apr_cert_list[0].
+ cert.size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else { /* empty - no certificate */
+
+ type = PGP_EMPTY_KEY;
+
+ ret = _gnutls_buffer_append_data(data, &type, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_append_prefix(data, 24, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return data->length;
}
static int
-_gnutls_gen_openpgp_certificate_fpr (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_openpgp_certificate_fpr(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret, packet_size;
- uint8_t type, fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
- uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE];
- unsigned int subkey;
- size_t fpr_size, id_size;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (apr_cert_list_length <= 0)
- return _gnutls_gen_openpgp_certificate (session, data);
-
- id_size = sizeof (id);
- ret =
- gnutls_pubkey_get_openpgp_key_id (apr_cert_list[0].pubkey, 0, id,
- &id_size, &subkey);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- fpr_size = sizeof (fpr);
- ret =
- gnutls_pubkey_get_openpgp_key_id (apr_cert_list[0].pubkey,
- GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT,
- fpr, &fpr_size, NULL);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- packet_size = 3 + 1;
- packet_size += 1 + fpr_size; /* for the keyid */
-
- /* Only v4 fingerprints are sent
- */
- packet_size += 20 + 1;
-
- ret = _gnutls_buffer_append_prefix (data, 24, packet_size - 3);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- type = PGP_KEY_FINGERPRINT_SUBKEY;
- ret = _gnutls_buffer_append_data (data, &type, 1);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_data_prefix (data, 8, id, id_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_data_prefix (data, 8, fpr, fpr_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- return data->length;
+ int ret, packet_size;
+ uint8_t type, fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
+ uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE];
+ unsigned int subkey;
+ size_t fpr_size, id_size;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (apr_cert_list_length <= 0)
+ return _gnutls_gen_openpgp_certificate(session, data);
+
+ id_size = sizeof(id);
+ ret =
+ gnutls_pubkey_get_openpgp_key_id(apr_cert_list[0].pubkey, 0,
+ id, &id_size, &subkey);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ fpr_size = sizeof(fpr);
+ ret =
+ gnutls_pubkey_get_openpgp_key_id(apr_cert_list[0].pubkey,
+ GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT,
+ fpr, &fpr_size, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ packet_size = 3 + 1;
+ packet_size += 1 + fpr_size; /* for the keyid */
+
+ /* Only v4 fingerprints are sent
+ */
+ packet_size += 20 + 1;
+
+ ret = _gnutls_buffer_append_prefix(data, 24, packet_size - 3);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ type = PGP_KEY_FINGERPRINT_SUBKEY;
+ ret = _gnutls_buffer_append_data(data, &type, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_append_data_prefix(data, 8, id, id_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_append_data_prefix(data, 8, fpr, fpr_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return data->length;
}
#endif
int
-_gnutls_gen_cert_client_crt (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_cert_client_crt(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- switch (session->security_parameters.cert_type)
- {
+ switch (session->security_parameters.cert_type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- if (_gnutls_openpgp_send_fingerprint (session) == 0)
- return _gnutls_gen_openpgp_certificate (session, data);
- else
- return _gnutls_gen_openpgp_certificate_fpr (session, data);
+ case GNUTLS_CRT_OPENPGP:
+ if (_gnutls_openpgp_send_fingerprint(session) == 0)
+ return _gnutls_gen_openpgp_certificate(session,
+ data);
+ else
+ return _gnutls_gen_openpgp_certificate_fpr(session,
+ data);
#endif
- case GNUTLS_CRT_X509:
- return _gnutls_gen_x509_crt (session, data);
+ case GNUTLS_CRT_X509:
+ return _gnutls_gen_x509_crt(session, data);
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
int
-_gnutls_gen_cert_server_crt (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_cert_server_crt(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- switch (session->security_parameters.cert_type)
- {
+ switch (session->security_parameters.cert_type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_gen_openpgp_certificate (session, data);
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_gen_openpgp_certificate(session, data);
#endif
- case GNUTLS_CRT_X509:
- return _gnutls_gen_x509_crt (session, data);
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ case GNUTLS_CRT_X509:
+ return _gnutls_gen_x509_crt(session, data);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
/* Process server certificate
@@ -1043,385 +1028,360 @@ _gnutls_gen_cert_server_crt (gnutls_session_t session,
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) gnutls_pcert_deinit(&peer_certificate_list[x])
static int
-_gnutls_proc_x509_server_crt (gnutls_session_t session,
- uint8_t * data, size_t data_size)
+_gnutls_proc_x509_server_crt(gnutls_session_t session,
+ uint8_t * data, size_t data_size)
{
- int size, len, ret;
- uint8_t *p = data;
- cert_auth_info_t info;
- gnutls_certificate_credentials_t cred;
- ssize_t dsize = data_size;
- int i;
- gnutls_pcert_st *peer_certificate_list;
- size_t peer_certificate_list_size = 0, j, x;
- gnutls_datum_t tmp;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
-
- if (data == NULL || data_size == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- DECR_LEN (dsize, 3);
- size = _gnutls_read_uint24 (p);
- p += 3;
-
- /* some implementations send 0B 00 00 06 00 00 03 00 00 00
- * instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
- */
- if (size == 0 || size == 3)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- i = dsize;
- while (i > 0)
- {
- DECR_LEN (dsize, 3);
- len = _gnutls_read_uint24 (p);
- p += 3;
- DECR_LEN (dsize, len);
- peer_certificate_list_size++;
- p += len;
- i -= len + 3;
- }
-
- if (peer_certificate_list_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- /* Ok we now allocate the memory to hold the
- * certificate list
- */
-
- peer_certificate_list =
- gnutls_calloc (1,
- sizeof (gnutls_pcert_st) * (peer_certificate_list_size));
- if (peer_certificate_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p = data + 3;
-
- /* Now we start parsing the list (again).
- * We don't use DECR_LEN since the list has
- * been parsed before.
- */
-
- for (j = 0; j < peer_certificate_list_size; j++)
- {
- len = _gnutls_read_uint24 (p);
- p += 3;
-
- tmp.size = len;
- tmp.data = p;
-
- ret =
- gnutls_pcert_import_x509_raw (&peer_certificate_list
- [j], &tmp, GNUTLS_X509_FMT_DER, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- peer_certificate_list_size = j;
- goto cleanup;
- }
-
- p += len;
- }
-
-
- if ((ret =
- _gnutls_copy_certificate_auth_info (info,
- peer_certificate_list,
- peer_certificate_list_size,
- NULL)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((ret =
- _gnutls_check_key_usage (&peer_certificate_list[0],
- gnutls_kx_get (session))) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- CLEAR_CERTS;
- gnutls_free (peer_certificate_list);
- return ret;
+ int size, len, ret;
+ uint8_t *p = data;
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize = data_size;
+ int i;
+ gnutls_pcert_st *peer_certificate_list;
+ size_t peer_certificate_list_size = 0, j, x;
+ gnutls_datum_t tmp;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+
+ if (data == NULL || data_size == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ DECR_LEN(dsize, 3);
+ size = _gnutls_read_uint24(p);
+ p += 3;
+
+ /* some implementations send 0B 00 00 06 00 00 03 00 00 00
+ * instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
+ */
+ if (size == 0 || size == 3) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ i = dsize;
+ while (i > 0) {
+ DECR_LEN(dsize, 3);
+ len = _gnutls_read_uint24(p);
+ p += 3;
+ DECR_LEN(dsize, len);
+ peer_certificate_list_size++;
+ p += len;
+ i -= len + 3;
+ }
+
+ if (peer_certificate_list_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* Ok we now allocate the memory to hold the
+ * certificate list
+ */
+
+ peer_certificate_list =
+ gnutls_calloc(1,
+ sizeof(gnutls_pcert_st) *
+ (peer_certificate_list_size));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p = data + 3;
+
+ /* Now we start parsing the list (again).
+ * We don't use DECR_LEN since the list has
+ * been parsed before.
+ */
+
+ for (j = 0; j < peer_certificate_list_size; j++) {
+ len = _gnutls_read_uint24(p);
+ p += 3;
+
+ tmp.size = len;
+ tmp.data = p;
+
+ ret =
+ gnutls_pcert_import_x509_raw(&peer_certificate_list
+ [j], &tmp,
+ GNUTLS_X509_FMT_DER, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ peer_certificate_list_size = j;
+ goto cleanup;
+ }
+
+ p += len;
+ }
+
+
+ if ((ret =
+ _gnutls_copy_certificate_auth_info(info,
+ peer_certificate_list,
+ peer_certificate_list_size,
+ NULL)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_check_key_usage(&peer_certificate_list[0],
+ gnutls_kx_get(session))) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ CLEAR_CERTS;
+ gnutls_free(peer_certificate_list);
+ return ret;
}
#ifdef ENABLE_OPENPGP
static int
-_gnutls_proc_openpgp_server_crt (gnutls_session_t session,
- uint8_t * data, size_t data_size)
+_gnutls_proc_openpgp_server_crt(gnutls_session_t session,
+ uint8_t * data, size_t data_size)
{
- int size, ret, len;
- uint8_t *p = data;
- cert_auth_info_t info;
- gnutls_certificate_credentials_t cred;
- ssize_t dsize = data_size;
- int key_type;
- gnutls_pcert_st *peer_certificate_list = NULL;
- gnutls_datum_t tmp, akey = { NULL, 0 };
- unsigned int compat = 0;
- uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
-
- if (data == NULL || data_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- DECR_LEN (dsize, 3);
- size = _gnutls_read_uint24 (p);
- p += 3;
-
- if (size == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- /* Read PGPKeyDescriptor */
- DECR_LEN (dsize, 1);
- key_type = *p;
- p++;
-
- /* Try to read the keyid if present */
- if (key_type == PGP_KEY_FINGERPRINT_SUBKEY || key_type == PGP_KEY_SUBKEY)
- {
- /* check size */
- if (*p != GNUTLS_OPENPGP_KEYID_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- DECR_LEN (dsize, 1);
- p++;
-
- DECR_LEN (dsize, GNUTLS_OPENPGP_KEYID_SIZE);
- memcpy (subkey_id, p, GNUTLS_OPENPGP_KEYID_SIZE);
- p += GNUTLS_OPENPGP_KEYID_SIZE;
- }
-
- if (key_type == PGP_KEY_FINGERPRINT_SUBKEY)
- {
- DECR_LEN (dsize, 1);
- len = (uint8_t) * p;
- p++;
-
- if (len != 20)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
- }
-
- DECR_LEN (dsize, 20);
-
- /* request the actual key from our database, or
- * a key server or anything.
- */
- if ((ret =
- _gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- tmp = akey;
- }
- else if (key_type == PGP_KEY_SUBKEY)
- { /* the whole key */
-
- /* Read the actual certificate */
- DECR_LEN (dsize, 3);
- len = _gnutls_read_uint24 (p);
- p += 3;
-
- if (len == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- }
-
- DECR_LEN (dsize, len);
-
- tmp.size = len;
- tmp.data = p;
-
- }
- else if (key_type == PGP_EMPTY_KEY)
- { /* the whole key */
-
- /* Read the actual certificate */
- DECR_LEN (dsize, 3);
- len = _gnutls_read_uint24 (p);
- p += 3;
-
- if (len == 0) /* PGP_EMPTY_KEY */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- /* Uncomment to remove compatibility with RFC5081.
- else
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);*/
-
- DECR_LEN (dsize, len);
-
- tmp.size = len;
- tmp.data = p;
-
- compat = 1;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- /* ok we now have the peer's key in tmp datum
- */
- peer_certificate_list =
- gnutls_calloc (1, sizeof (gnutls_pcert_st));
- if (peer_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret =
- gnutls_pcert_import_openpgp_raw (&peer_certificate_list[0],
- &tmp,
- GNUTLS_OPENPGP_FMT_RAW,
- (compat==0)?subkey_id:NULL,
- 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (compat != 0)
- {
- size_t t = sizeof(subkey_id);
- gnutls_pubkey_get_openpgp_key_id(peer_certificate_list[0].pubkey, 0, subkey_id, &t, NULL);
- }
-
- ret =
- _gnutls_copy_certificate_auth_info (info,
- peer_certificate_list,
- 1, subkey_id);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((ret =
- _gnutls_check_key_usage (&peer_certificate_list[0],
- gnutls_kx_get (session))) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- _gnutls_free_datum (&akey);
- gnutls_pcert_deinit(&peer_certificate_list[0]);
- gnutls_free (peer_certificate_list);
- return ret;
+ int size, ret, len;
+ uint8_t *p = data;
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize = data_size;
+ int key_type;
+ gnutls_pcert_st *peer_certificate_list = NULL;
+ gnutls_datum_t tmp, akey = { NULL, 0 };
+ unsigned int compat = 0;
+ uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+
+ if (data == NULL || data_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ DECR_LEN(dsize, 3);
+ size = _gnutls_read_uint24(p);
+ p += 3;
+
+ if (size == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* Read PGPKeyDescriptor */
+ DECR_LEN(dsize, 1);
+ key_type = *p;
+ p++;
+
+ /* Try to read the keyid if present */
+ if (key_type == PGP_KEY_FINGERPRINT_SUBKEY
+ || key_type == PGP_KEY_SUBKEY) {
+ /* check size */
+ if (*p != GNUTLS_OPENPGP_KEYID_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ DECR_LEN(dsize, 1);
+ p++;
+
+ DECR_LEN(dsize, GNUTLS_OPENPGP_KEYID_SIZE);
+ memcpy(subkey_id, p, GNUTLS_OPENPGP_KEYID_SIZE);
+ p += GNUTLS_OPENPGP_KEYID_SIZE;
+ }
+
+ if (key_type == PGP_KEY_FINGERPRINT_SUBKEY) {
+ DECR_LEN(dsize, 1);
+ len = (uint8_t) * p;
+ p++;
+
+ if (len != 20) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
+ }
+
+ DECR_LEN(dsize, 20);
+
+ /* request the actual key from our database, or
+ * a key server or anything.
+ */
+ if ((ret =
+ _gnutls_openpgp_request_key(session, &akey, cred, p,
+ 20)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ tmp = akey;
+ } else if (key_type == PGP_KEY_SUBKEY) { /* the whole key */
+
+ /* Read the actual certificate */
+ DECR_LEN(dsize, 3);
+ len = _gnutls_read_uint24(p);
+ p += 3;
+
+ if (len == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ }
+
+ DECR_LEN(dsize, len);
+
+ tmp.size = len;
+ tmp.data = p;
+
+ } else if (key_type == PGP_EMPTY_KEY) { /* the whole key */
+
+ /* Read the actual certificate */
+ DECR_LEN(dsize, 3);
+ len = _gnutls_read_uint24(p);
+ p += 3;
+
+ if (len == 0) /* PGP_EMPTY_KEY */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ /* Uncomment to remove compatibility with RFC5081.
+ else
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); */
+
+ DECR_LEN(dsize, len);
+
+ tmp.size = len;
+ tmp.data = p;
+
+ compat = 1;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ /* ok we now have the peer's key in tmp datum
+ */
+ peer_certificate_list = gnutls_calloc(1, sizeof(gnutls_pcert_st));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_pcert_import_openpgp_raw(&peer_certificate_list[0],
+ &tmp,
+ GNUTLS_OPENPGP_FMT_RAW,
+ (compat ==
+ 0) ? subkey_id : NULL, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (compat != 0) {
+ size_t t = sizeof(subkey_id);
+ gnutls_pubkey_get_openpgp_key_id(peer_certificate_list[0].
+ pubkey, 0, subkey_id, &t,
+ NULL);
+ }
+
+ ret =
+ _gnutls_copy_certificate_auth_info(info,
+ peer_certificate_list,
+ 1, subkey_id);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_check_key_usage(&peer_certificate_list[0],
+ gnutls_kx_get(session))) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ _gnutls_free_datum(&akey);
+ gnutls_pcert_deinit(&peer_certificate_list[0]);
+ gnutls_free(peer_certificate_list);
+ return ret;
}
#endif
int
-_gnutls_proc_crt (gnutls_session_t session, uint8_t * data, size_t data_size)
+_gnutls_proc_crt(gnutls_session_t session, uint8_t * data,
+ size_t data_size)
{
- int ret;
- gnutls_certificate_credentials_t cred;
-
- cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
- GNUTLS_CRD_CERTIFICATE,
- NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- switch (session->security_parameters.cert_type)
- {
+ int ret;
+ gnutls_certificate_credentials_t cred;
+
+ cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred(session,
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ switch (session->security_parameters.cert_type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- ret = _gnutls_proc_openpgp_server_crt (session,
- data, data_size);
- break;
+ case GNUTLS_CRT_OPENPGP:
+ ret = _gnutls_proc_openpgp_server_crt(session,
+ data, data_size);
+ break;
#endif
- case GNUTLS_CRT_X509:
- ret = _gnutls_proc_x509_server_crt (session, data, data_size);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- return ret;
+ case GNUTLS_CRT_X509:
+ ret =
+ _gnutls_proc_x509_server_crt(session, data, data_size);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return ret;
}
@@ -1430,352 +1390,332 @@ _gnutls_proc_crt (gnutls_session_t session, uint8_t * data, size_t data_size)
* if true;
*/
inline static int
-_gnutls_check_supported_sign_algo (CertificateSigType algo)
+_gnutls_check_supported_sign_algo(CertificateSigType algo)
{
- switch (algo)
- {
- case RSA_SIGN:
- return GNUTLS_PK_RSA;
- case DSA_SIGN:
- return GNUTLS_PK_DSA;
- case ECDSA_SIGN:
- return GNUTLS_PK_EC;
- }
-
- return -1;
+ switch (algo) {
+ case RSA_SIGN:
+ return GNUTLS_PK_RSA;
+ case DSA_SIGN:
+ return GNUTLS_PK_DSA;
+ case ECDSA_SIGN:
+ return GNUTLS_PK_EC;
+ }
+
+ return -1;
}
int
-_gnutls_proc_cert_cert_req (gnutls_session_t session, uint8_t * data,
- size_t data_size)
+_gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data,
+ size_t data_size)
{
- int size, ret;
- uint8_t *p;
- gnutls_certificate_credentials_t cred;
- ssize_t dsize;
- int i;
- gnutls_pk_algorithm_t pk_algos[MAX_CLIENT_SIGN_ALGOS];
- int pk_algos_length;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- p = data;
- dsize = data_size;
-
- DECR_LEN (dsize, 1);
- size = p[0];
- p++;
- /* check if the sign algorithm is supported.
- */
- pk_algos_length = 0;
- for (i = 0; i < size; i++, p++)
- {
- DECR_LEN (dsize, 1);
- if ((ret = _gnutls_check_supported_sign_algo (*p)) > 0)
- {
- if (pk_algos_length < MAX_CLIENT_SIGN_ALGOS)
- {
- pk_algos[pk_algos_length++] = ret;
- }
- }
- }
-
- if (pk_algos_length == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- /* read supported hashes */
- int hash_num;
- DECR_LEN (dsize, 2);
- hash_num = _gnutls_read_uint16 (p);
- p += 2;
- DECR_LEN (dsize, hash_num);
-
- ret = _gnutls_sign_algorithm_parse_data (session, p, hash_num);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- p += hash_num;
- }
-
- /* read the certificate authorities */
- DECR_LEN (dsize, 2);
- size = _gnutls_read_uint16 (p);
- p += 2;
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP
- && size != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- DECR_LEN (dsize, size);
-
- /* now we ask the user to tell which one
- * he wants to use.
- */
- if ((ret =
- _select_client_cert (session, p, size, pk_algos, pk_algos_length)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* We should reply with a certificate message,
- * even if we have no certificate to send.
- */
- session->key.crt_requested = 1;
-
- return 0;
+ int size, ret;
+ uint8_t *p;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize;
+ int i;
+ gnutls_pk_algorithm_t pk_algos[MAX_CLIENT_SIGN_ALGOS];
+ int pk_algos_length;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ p = data;
+ dsize = data_size;
+
+ DECR_LEN(dsize, 1);
+ size = p[0];
+ p++;
+ /* check if the sign algorithm is supported.
+ */
+ pk_algos_length = 0;
+ for (i = 0; i < size; i++, p++) {
+ DECR_LEN(dsize, 1);
+ if ((ret = _gnutls_check_supported_sign_algo(*p)) > 0) {
+ if (pk_algos_length < MAX_CLIENT_SIGN_ALGOS) {
+ pk_algos[pk_algos_length++] = ret;
+ }
+ }
+ }
+
+ if (pk_algos_length == 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ /* read supported hashes */
+ int hash_num;
+ DECR_LEN(dsize, 2);
+ hash_num = _gnutls_read_uint16(p);
+ p += 2;
+ DECR_LEN(dsize, hash_num);
+
+ ret =
+ _gnutls_sign_algorithm_parse_data(session, p,
+ hash_num);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ p += hash_num;
+ }
+
+ /* read the certificate authorities */
+ DECR_LEN(dsize, 2);
+ size = _gnutls_read_uint16(p);
+ p += 2;
+
+ if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP
+ && size != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ DECR_LEN(dsize, size);
+
+ /* now we ask the user to tell which one
+ * he wants to use.
+ */
+ if ((ret =
+ _select_client_cert(session, p, size, pk_algos,
+ pk_algos_length)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* We should reply with a certificate message,
+ * even if we have no certificate to send.
+ */
+ session->key.crt_requested = 1;
+
+ return 0;
}
int
-_gnutls_gen_cert_client_crt_vrfy (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
- gnutls_datum_t signature = { NULL, 0 };
- gnutls_sign_algorithm_t sign_algo;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (apr_cert_list_length > 0)
- {
- if ((ret =
- _gnutls_handshake_sign_crt_vrfy (session,
- &apr_cert_list[0],
- apr_pkey, &signature)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- sign_algo = ret;
- }
- else
- {
- return 0;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- const sign_algorithm_st *aid;
- uint8_t p[2];
- /* error checking is not needed here since we have used those algorithms */
- aid = _gnutls_sign_to_tls_aid (sign_algo);
- if (aid == NULL)
- return gnutls_assert_val (GNUTLS_E_UNKNOWN_ALGORITHM);
-
- p[0] = aid->hash_algorithm;
- p[1] = aid->sign_algorithm;
- ret = _gnutls_buffer_append_data (data, p, 2);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret =
- _gnutls_buffer_append_data_prefix (data, 16, signature.data,
- signature.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = data->length;
-
-cleanup:
- _gnutls_free_datum (&signature);
- return ret;
+ int ret;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_datum_t signature = { NULL, 0 };
+ gnutls_sign_algorithm_t sign_algo;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (apr_cert_list_length > 0) {
+ if ((ret =
+ _gnutls_handshake_sign_crt_vrfy(session,
+ &apr_cert_list[0],
+ apr_pkey,
+ &signature)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ sign_algo = ret;
+ } else {
+ return 0;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ const sign_algorithm_st *aid;
+ uint8_t p[2];
+ /* error checking is not needed here since we have used those algorithms */
+ aid = _gnutls_sign_to_tls_aid(sign_algo);
+ if (aid == NULL)
+ return
+ gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
+
+ p[0] = aid->hash_algorithm;
+ p[1] = aid->sign_algorithm;
+ ret = _gnutls_buffer_append_data(data, p, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, signature.data,
+ signature.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+
+ cleanup:
+ _gnutls_free_datum(&signature);
+ return ret;
}
int
-_gnutls_proc_cert_client_crt_vrfy (gnutls_session_t session,
- uint8_t * data, size_t data_size)
+_gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session,
+ uint8_t * data, size_t data_size)
{
- int size, ret;
- ssize_t dsize = data_size;
- uint8_t *pdata = data;
- gnutls_datum_t sig;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
- gnutls_pcert_st peer_cert;
- gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL))
- {
- gnutls_assert ();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- sign_algorithm_st aid;
-
- DECR_LEN (dsize, 2);
- aid.hash_algorithm = pdata[0];
- aid.sign_algorithm = pdata[1];
-
- sign_algo = _gnutls_tls_aid_to_sign (&aid);
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
- pdata += 2;
- }
-
- ret = _gnutls_session_sign_algo_enabled (session, sign_algo);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
-
- DECR_LEN (dsize, 2);
- size = _gnutls_read_uint16 (pdata);
- pdata += 2;
-
- DECR_LEN (dsize, size);
-
- sig.data = pdata;
- sig.size = size;
-
- ret = _gnutls_get_auth_info_pcert (&peer_cert,
- session->security_parameters.cert_type,
- info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if ((ret =
- _gnutls_handshake_verify_crt_vrfy (session, &peer_cert, &sig,
- sign_algo)) < 0)
- {
- gnutls_assert ();
- gnutls_pcert_deinit (&peer_cert);
- return ret;
- }
- gnutls_pcert_deinit (&peer_cert);
-
- return 0;
+ int size, ret;
+ ssize_t dsize = data_size;
+ uint8_t *pdata = data;
+ gnutls_datum_t sig;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ gnutls_pcert_st peer_cert;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL)) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ sign_algorithm_st aid;
+
+ DECR_LEN(dsize, 2);
+ aid.hash_algorithm = pdata[0];
+ aid.sign_algorithm = pdata[1];
+
+ sign_algo = _gnutls_tls_aid_to_sign(&aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ pdata += 2;
+ }
+
+ ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+
+ DECR_LEN(dsize, 2);
+ size = _gnutls_read_uint16(pdata);
+ pdata += 2;
+
+ DECR_LEN(dsize, size);
+
+ sig.data = pdata;
+ sig.size = size;
+
+ ret = _gnutls_get_auth_info_pcert(&peer_cert,
+ session->security_parameters.
+ cert_type, info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_handshake_verify_crt_vrfy(session, &peer_cert, &sig,
+ sign_algo)) < 0) {
+ gnutls_assert();
+ gnutls_pcert_deinit(&peer_cert);
+ return ret;
+ }
+ gnutls_pcert_deinit(&peer_cert);
+
+ return 0;
}
int
-_gnutls_gen_cert_server_cert_req (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_cert_server_cert_req(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- gnutls_certificate_credentials_t cred;
- int ret;
- uint8_t tmp_data[CERTTYPE_SIZE];
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* Now we need to generate the RDN sequence. This is
- * already in the CERTIFICATE_CRED structure, to improve
- * performance.
- */
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- tmp_data[0] = CERTTYPE_SIZE - 1;
- tmp_data[1] = RSA_SIGN;
- tmp_data[2] = DSA_SIGN;
- tmp_data[3] = ECDSA_SIGN; /* only these for now */
-
- ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- uint8_t p[MAX_SIGN_ALGO_SIZE];
-
- ret =
- _gnutls_sign_algorithm_write_params (session, p, MAX_SIGN_ALGO_SIZE);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_append_data (data, p, ret);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
- session->internals.ignore_rdn_sequence == 0)
- {
- ret =
- _gnutls_buffer_append_data_prefix (data, 16,
- cred->x509_rdn_sequence.data,
- cred->x509_rdn_sequence.size);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
- else
- {
- ret = _gnutls_buffer_append_prefix (data, 16, 0);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
-
- return data->length;
+ gnutls_certificate_credentials_t cred;
+ int ret;
+ uint8_t tmp_data[CERTTYPE_SIZE];
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* Now we need to generate the RDN sequence. This is
+ * already in the CERTIFICATE_CRED structure, to improve
+ * performance.
+ */
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ tmp_data[0] = CERTTYPE_SIZE - 1;
+ tmp_data[1] = RSA_SIGN;
+ tmp_data[2] = DSA_SIGN;
+ tmp_data[3] = ECDSA_SIGN; /* only these for now */
+
+ ret = _gnutls_buffer_append_data(data, tmp_data, CERTTYPE_SIZE);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ uint8_t p[MAX_SIGN_ALGO_SIZE];
+
+ ret =
+ _gnutls_sign_algorithm_write_params(session, p,
+ MAX_SIGN_ALGO_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_data(data, p, ret);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
+ session->internals.ignore_rdn_sequence == 0) {
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16,
+ cred->
+ x509_rdn_sequence.
+ data,
+ cred->
+ x509_rdn_sequence.
+ size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else {
+ ret = _gnutls_buffer_append_prefix(data, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return data->length;
}
@@ -1787,187 +1727,176 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session,
*
*/
int
-_gnutls_get_selected_cert (gnutls_session_t session,
- gnutls_pcert_st ** apr_cert_list,
- int *apr_cert_list_length,
- gnutls_privkey_t * apr_pkey)
+_gnutls_get_selected_cert(gnutls_session_t session,
+ gnutls_pcert_st ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey_t * apr_pkey)
{
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
- /* select_client_cert() has been called before.
- */
+ /* select_client_cert() has been called before.
+ */
- *apr_cert_list = session->internals.selected_cert_list;
- *apr_pkey = session->internals.selected_key;
- *apr_cert_list_length = session->internals.selected_cert_list_length;
+ *apr_cert_list = session->internals.selected_cert_list;
+ *apr_pkey = session->internals.selected_key;
+ *apr_cert_list_length =
+ session->internals.selected_cert_list_length;
- if (*apr_cert_list_length == 0 || *apr_cert_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ if (*apr_cert_list_length == 0 || *apr_cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- }
- else
- { /* CLIENT SIDE
- */
+ } else { /* CLIENT SIDE
+ */
- /* we have already decided which certificate
- * to send.
- */
- *apr_cert_list = session->internals.selected_cert_list;
- *apr_cert_list_length = session->internals.selected_cert_list_length;
- *apr_pkey = session->internals.selected_key;
+ /* we have already decided which certificate
+ * to send.
+ */
+ *apr_cert_list = session->internals.selected_cert_list;
+ *apr_cert_list_length =
+ session->internals.selected_cert_list_length;
+ *apr_pkey = session->internals.selected_key;
- }
+ }
- return 0;
+ return 0;
}
/* converts the given x509 certificate list to gnutls_pcert_st* and allocates
* space for them.
*/
-static gnutls_pcert_st *
-alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, unsigned ncerts)
+static gnutls_pcert_st *alloc_and_load_x509_certs(gnutls_x509_crt_t *
+ certs, unsigned ncerts)
{
- gnutls_pcert_st *local_certs;
- int ret = 0;
- unsigned i, j;
-
- if (certs == NULL)
- return NULL;
-
- local_certs = gnutls_malloc (sizeof (gnutls_pcert_st) * ncerts);
- if (local_certs == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- for (i = 0; i < ncerts; i++)
- {
- ret = gnutls_pcert_import_x509 (&local_certs[i], certs[i], 0);
- if (ret < 0)
- break;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- for (j = 0; j < i; j++)
- {
- gnutls_pcert_deinit (&local_certs[j]);
- }
- gnutls_free (local_certs);
- return NULL;
- }
-
- return local_certs;
+ gnutls_pcert_st *local_certs;
+ int ret = 0;
+ unsigned i, j;
+
+ if (certs == NULL)
+ return NULL;
+
+ local_certs = gnutls_malloc(sizeof(gnutls_pcert_st) * ncerts);
+ if (local_certs == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ ret =
+ gnutls_pcert_import_x509(&local_certs[i], certs[i], 0);
+ if (ret < 0)
+ break;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ for (j = 0; j < i; j++) {
+ gnutls_pcert_deinit(&local_certs[j]);
+ }
+ gnutls_free(local_certs);
+ return NULL;
+ }
+
+ return local_certs;
}
/* converts the given x509 key to gnutls_privkey* and allocates
* space for it.
*/
static gnutls_privkey_t
-alloc_and_load_x509_key (gnutls_x509_privkey_t key, int deinit)
+alloc_and_load_x509_key(gnutls_x509_privkey_t key, int deinit)
{
- gnutls_privkey_t local_key;
- int ret = 0;
-
- if (key == NULL)
- return NULL;
-
- ret = gnutls_privkey_init (&local_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret =
- gnutls_privkey_import_x509 (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE :
- 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (local_key);
- return NULL;
- }
-
- return local_key;
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init(&local_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_x509(local_key, key,
+ deinit ?
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE :
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_privkey_deinit(local_key);
+ return NULL;
+ }
+
+ return local_key;
}
/* converts the given pgp certificate to gnutls_cert* and allocates
* space for them.
*/
#ifdef ENABLE_OPENPGP
-static gnutls_pcert_st *
-alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert)
+static gnutls_pcert_st *alloc_and_load_pgp_certs(gnutls_openpgp_crt_t cert)
{
- gnutls_pcert_st *local_certs;
- int ret = 0;
-
- if (cert == NULL)
- return NULL;
-
- local_certs = gnutls_malloc (sizeof (gnutls_pcert_st));
- if (local_certs == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret = gnutls_pcert_import_openpgp (local_certs, cert, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_pcert_deinit (local_certs);
- gnutls_free (local_certs);
- return NULL;
- }
-
- return local_certs;
+ gnutls_pcert_st *local_certs;
+ int ret = 0;
+
+ if (cert == NULL)
+ return NULL;
+
+ local_certs = gnutls_malloc(sizeof(gnutls_pcert_st));
+ if (local_certs == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret = gnutls_pcert_import_openpgp(local_certs, cert, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_pcert_deinit(local_certs);
+ gnutls_free(local_certs);
+ return NULL;
+ }
+
+ return local_certs;
}
/* converts the given raw key to gnutls_privkey* and allocates
* space for it.
*/
static gnutls_privkey_t
-alloc_and_load_pgp_key (gnutls_openpgp_privkey_t key, int deinit)
+alloc_and_load_pgp_key(gnutls_openpgp_privkey_t key, int deinit)
{
- gnutls_privkey_t local_key;
- int ret = 0;
-
- if (key == NULL)
- return NULL;
-
- ret = gnutls_privkey_init (&local_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret =
- gnutls_privkey_import_openpgp (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
- : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (local_key);
- return NULL;
- }
-
- return local_key;
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init(&local_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_openpgp(local_key, key,
+ deinit ?
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_privkey_deinit(local_key);
+ return NULL;
+ }
+
+ return local_key;
}
#endif
@@ -1977,91 +1906,92 @@ alloc_and_load_pgp_key (gnutls_openpgp_privkey_t key, int deinit)
* space for it.
*/
static gnutls_privkey_t
-alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t key, int deinit)
+alloc_and_load_pkcs11_key(gnutls_pkcs11_privkey_t key, int deinit)
{
- gnutls_privkey_t local_key;
- int ret = 0;
-
- if (key == NULL)
- return NULL;
-
- ret = gnutls_privkey_init (&local_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret =
- gnutls_privkey_import_pkcs11 (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
- : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (local_key);
- return NULL;
- }
-
- return local_key;
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init(&local_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_pkcs11(local_key, key,
+ deinit ?
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_privkey_deinit(local_key);
+ return NULL;
+ }
+
+ return local_key;
}
#endif
-void
-_gnutls_selected_certs_deinit (gnutls_session_t session)
+void _gnutls_selected_certs_deinit(gnutls_session_t session)
{
- if (session->internals.selected_need_free != 0)
- {
- int i;
-
- for (i = 0; i < session->internals.selected_cert_list_length; i++)
- {
- gnutls_pcert_deinit (&session->internals.selected_cert_list[i]);
- }
- gnutls_free (session->internals.selected_cert_list);
- session->internals.selected_cert_list = NULL;
- session->internals.selected_cert_list_length = 0;
-
- gnutls_privkey_deinit(session->internals.selected_key);
- session->internals.selected_key = NULL;
- }
-
- return;
+ if (session->internals.selected_need_free != 0) {
+ int i;
+
+ for (i = 0;
+ i < session->internals.selected_cert_list_length;
+ i++) {
+ gnutls_pcert_deinit(&session->internals.
+ selected_cert_list[i]);
+ }
+ gnutls_free(session->internals.selected_cert_list);
+ session->internals.selected_cert_list = NULL;
+ session->internals.selected_cert_list_length = 0;
+
+ gnutls_privkey_deinit(session->internals.selected_key);
+ session->internals.selected_key = NULL;
+ }
+
+ return;
}
void
-_gnutls_selected_certs_set (gnutls_session_t session,
- gnutls_pcert_st * certs, int ncerts,
- gnutls_privkey_t key, int need_free)
+_gnutls_selected_certs_set(gnutls_session_t session,
+ gnutls_pcert_st * certs, int ncerts,
+ gnutls_privkey_t key, int need_free)
{
- _gnutls_selected_certs_deinit (session);
+ _gnutls_selected_certs_deinit(session);
- session->internals.selected_cert_list = certs;
- session->internals.selected_cert_list_length = ncerts;
- session->internals.selected_key = key;
- session->internals.selected_need_free = need_free;
+ session->internals.selected_cert_list = certs;
+ session->internals.selected_cert_list_length = ncerts;
+ session->internals.selected_key = key;
+ session->internals.selected_need_free = need_free;
}
-static void get_server_name(gnutls_session_t session, uint8_t* name, size_t max_name_size)
+static void get_server_name(gnutls_session_t session, uint8_t * name,
+ size_t max_name_size)
{
-int ret, i;
-size_t max_name;
-unsigned int type;
-
- ret = 0;
- for (i=0; !(ret<0);i++)
- {
- max_name = max_name_size;
- ret = gnutls_server_name_get (session, name, &max_name, &type, i);
- if (ret >= 0 && type == GNUTLS_NAME_DNS)
- return;
- }
-
- name[0] = 0;
-
- return;
+ int ret, i;
+ size_t max_name;
+ unsigned int type;
+
+ ret = 0;
+ for (i = 0; !(ret < 0); i++) {
+ max_name = max_name_size;
+ ret =
+ gnutls_server_name_get(session, name, &max_name, &type,
+ i);
+ if (ret >= 0 && type == GNUTLS_NAME_DNS)
+ return;
+ }
+
+ name[0] = 0;
+
+ return;
}
/* finds the most appropriate certificate in the cert list.
@@ -2075,98 +2005,109 @@ unsigned int type;
*
*/
int
-_gnutls_server_select_cert (gnutls_session_t session,
- gnutls_pk_algorithm_t * pk_algos,
- size_t pk_algos_size)
+_gnutls_server_select_cert(gnutls_session_t session,
+ gnutls_pk_algorithm_t * pk_algos,
+ size_t pk_algos_size)
{
- unsigned i, j;
- int idx, ret;
- gnutls_certificate_credentials_t cred;
- char server_name[MAX_CN];
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* If the callback which retrieves certificate has been set,
- * use it and leave.
- */
- if (cred->server_get_cert_callback || cred->get_cert_callback
- || cred->get_cert_callback2)
- {
- ret = call_get_cert_callback (session, NULL, 0, NULL, 0);
- if (ret < 0)
- return gnutls_assert_val (ret);
- return ret;
- }
-
- /* Otherwise... */
-
- get_server_name(session, (unsigned char*)server_name, sizeof(server_name));
-
- idx = -1; /* default is use no certificate */
-
- /* find certificates that match the requested server_name
- */
-
- if (server_name[0] != 0)
- {
- for (i = 0; i < cred->ncerts; i++)
- {
- if (cred->certs[i].names != NULL && _gnutls_str_array_match(cred->certs[i].names, server_name) != 0)
- {
- /* if requested algorithms are also compatible select it */
- gnutls_pk_algorithm pk =
- gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
- NULL);
-
- _gnutls_handshake_log("HSK[%p]: Requested server name: '%s', ctype: %s (%d)", session, server_name,
- gnutls_certificate_type_get_name (session->security_parameters.cert_type),
- session->security_parameters.cert_type);
-
- if (session->security_parameters.cert_type == cred->certs[i].cert_list[0].type)
- {
- for (j = 0; j < pk_algos_size; j++)
- if (pk_algos[j] == pk)
- {
- idx = i;
- goto finished;
- }
- }
- }
- }
- }
-
- for (j = 0; j < pk_algos_size; j++)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Requested PK algorithm: %s (%d) -- ctype: %s (%d)\n",
- session, gnutls_pk_get_name (pk_algos[j]), pk_algos[j],
- gnutls_certificate_type_get_name (session->security_parameters.
- cert_type),
- session->security_parameters.cert_type);
-
- for (i = 0; i < cred->ncerts; i++)
- {
- gnutls_pk_algorithm pk =
- gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
- NULL);
- /* find one compatible certificate
- */
- _gnutls_handshake_log
- ("HSK[%p]: certificate[%d] PK algorithm: %s (%d) - ctype: %s (%d)\n",
- session, i, gnutls_pk_get_name (pk), pk,
- gnutls_certificate_type_get_name (cred->certs[i].cert_list[0].type),
- cred->certs[i].cert_list[0].type);
-
- if (pk_algos[j] == pk)
- {
- /* if cert type matches
- */
+ unsigned i, j;
+ int idx, ret;
+ gnutls_certificate_credentials_t cred;
+ char server_name[MAX_CN];
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* If the callback which retrieves certificate has been set,
+ * use it and leave.
+ */
+ if (cred->server_get_cert_callback || cred->get_cert_callback
+ || cred->get_cert_callback2) {
+ ret = call_get_cert_callback(session, NULL, 0, NULL, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ return ret;
+ }
+
+ /* Otherwise... */
+
+ get_server_name(session, (unsigned char *) server_name,
+ sizeof(server_name));
+
+ idx = -1; /* default is use no certificate */
+
+ /* find certificates that match the requested server_name
+ */
+
+ if (server_name[0] != 0) {
+ for (i = 0; i < cred->ncerts; i++) {
+ if (cred->certs[i].names != NULL
+ && _gnutls_str_array_match(cred->certs[i].
+ names,
+ server_name) != 0) {
+ /* if requested algorithms are also compatible select it */
+ gnutls_pk_algorithm pk =
+ gnutls_pubkey_get_pk_algorithm(cred->
+ certs
+ [i].
+ cert_list
+ [0].
+ pubkey,
+ NULL);
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Requested server name: '%s', ctype: %s (%d)",
+ session, server_name,
+ gnutls_certificate_type_get_name
+ (session->security_parameters.
+ cert_type),
+ session->security_parameters.
+ cert_type);
+
+ if (session->security_parameters.
+ cert_type ==
+ cred->certs[i].cert_list[0].type) {
+ for (j = 0; j < pk_algos_size; j++)
+ if (pk_algos[j] == pk) {
+ idx = i;
+ goto finished;
+ }
+ }
+ }
+ }
+ }
+
+ for (j = 0; j < pk_algos_size; j++) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Requested PK algorithm: %s (%d) -- ctype: %s (%d)\n",
+ session, gnutls_pk_get_name(pk_algos[j]), pk_algos[j],
+ gnutls_certificate_type_get_name(session->
+ security_parameters.cert_type),
+ session->security_parameters.cert_type);
+
+ for (i = 0; i < cred->ncerts; i++) {
+ gnutls_pk_algorithm pk =
+ gnutls_pubkey_get_pk_algorithm(cred->certs[i].
+ cert_list[0].
+ pubkey,
+ NULL);
+ /* find one compatible certificate
+ */
+ _gnutls_handshake_log
+ ("HSK[%p]: certificate[%d] PK algorithm: %s (%d) - ctype: %s (%d)\n",
+ session, i, gnutls_pk_get_name(pk), pk,
+ gnutls_certificate_type_get_name(cred->
+ certs[i].
+ cert_list[0].
+ type),
+ cred->certs[i].cert_list[0].type);
+
+ if (pk_algos[j] == pk) {
+ /* if cert type matches
+ */
/* *INDENT-OFF* */
if (session->security_parameters.cert_type == cred->certs[i].cert_list[0].type)
{
@@ -2174,191 +2115,181 @@ _gnutls_server_select_cert (gnutls_session_t session,
goto finished;
}
/* *INDENT-ON* */
- }
- }
- }
-
- /* store the certificate pointer for future use, in the handshake.
- * (This will allow not calling this callback again.)
- */
-finished:
- if (idx >= 0)
- {
- _gnutls_selected_certs_set (session,
- &cred->certs[idx].cert_list[0],
- cred->certs[idx].cert_list_length,
- cred->pkey[idx], 0);
- }
- else
- {
- gnutls_assert ();
- /* Certificate does not support REQUESTED_ALGO. */
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- return 0;
+ }
+ }
+ }
+
+ /* store the certificate pointer for future use, in the handshake.
+ * (This will allow not calling this callback again.)
+ */
+ finished:
+ if (idx >= 0) {
+ _gnutls_selected_certs_set(session,
+ &cred->certs[idx].cert_list[0],
+ cred->certs[idx].
+ cert_list_length,
+ cred->pkey[idx], 0);
+ } else {
+ gnutls_assert();
+ /* Certificate does not support REQUESTED_ALGO. */
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ return 0;
}
/* Frees the rsa_info_st structure.
*/
-void
-_gnutls_free_rsa_info (rsa_info_st * rsa)
+void _gnutls_free_rsa_info(rsa_info_st * rsa)
{
- _gnutls_free_datum (&rsa->modulus);
- _gnutls_free_datum (&rsa->exponent);
+ _gnutls_free_datum(&rsa->modulus);
+ _gnutls_free_datum(&rsa->exponent);
}
-int _gnutls_gen_dhe_signature(gnutls_session_t session, gnutls_buffer_st* data,
- uint8_t* plain, unsigned plain_size)
+int _gnutls_gen_dhe_signature(gnutls_session_t session,
+ gnutls_buffer_st * data, uint8_t * plain,
+ unsigned plain_size)
{
-gnutls_pcert_st *apr_cert_list;
-gnutls_privkey_t apr_pkey;
-int apr_cert_list_length;
-gnutls_datum_t signature = { NULL, 0 }, ddata;
-gnutls_sign_algorithm_t sign_algo;
-const version_entry_st* ver = get_version (session);
-int ret;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ddata.data = plain;
- ddata.size = plain_size;
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (apr_cert_list_length > 0)
- {
- if ((ret =
- _gnutls_handshake_sign_data (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature,
- &sign_algo)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- else
- {
- gnutls_assert ();
- ret = 0; /* ANON-DH, do not put a signature - ILLEGAL! */
- goto cleanup;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- const sign_algorithm_st *aid;
- uint8_t p[2];
-
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
-
- aid = _gnutls_sign_to_tls_aid (sign_algo);
- if (aid == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
-
- p[0] = aid->hash_algorithm;
- p[1] = aid->sign_algorithm;
-
- ret = _gnutls_buffer_append_data(data, p, 2);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, signature.data, signature.size);
- if (ret < 0)
- {
- gnutls_assert();
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&signature);
- return ret;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_datum_t signature = { NULL, 0 }, ddata;
+ gnutls_sign_algorithm_t sign_algo;
+ const version_entry_st *ver = get_version(session);
+ int ret;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ddata.data = plain;
+ ddata.size = plain_size;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (apr_cert_list_length > 0) {
+ if ((ret =
+ _gnutls_handshake_sign_data(session,
+ &apr_cert_list[0],
+ apr_pkey, &ddata,
+ &signature,
+ &sign_algo)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
+ gnutls_assert();
+ ret = 0; /* ANON-DH, do not put a signature - ILLEGAL! */
+ goto cleanup;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ const sign_algorithm_st *aid;
+ uint8_t p[2];
+
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ aid = _gnutls_sign_to_tls_aid(sign_algo);
+ if (aid == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ p[0] = aid->hash_algorithm;
+ p[1] = aid->sign_algorithm;
+
+ ret = _gnutls_buffer_append_data(data, p, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, signature.data,
+ signature.size);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&signature);
+ return ret;
}
int
-_gnutls_proc_dhe_signature (gnutls_session_t session, uint8_t * data,
- size_t _data_size, gnutls_datum_t* vparams)
+_gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data,
+ size_t _data_size, gnutls_datum_t * vparams)
{
- int sigsize;
- gnutls_datum_t signature;
- int ret;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
- ssize_t data_size = _data_size;
- gnutls_pcert_st peer_cert;
- gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL))
- {
- gnutls_assert ();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* VERIFY SIGNATURE */
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- sign_algorithm_st aid;
-
- DECR_LEN (data_size, 1);
- aid.hash_algorithm = *data++;
- DECR_LEN (data_size, 1);
- aid.sign_algorithm = *data++;
- sign_algo = _gnutls_tls_aid_to_sign (&aid);
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- _gnutls_debug_log("unknown signature %d.%d\n", aid.sign_algorithm, aid.hash_algorithm);
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
- }
- DECR_LEN (data_size, 2);
- sigsize = _gnutls_read_uint16 (data);
- data += 2;
-
- DECR_LEN (data_size, sigsize);
- signature.data = data;
- signature.size = sigsize;
-
- if ((ret =
- _gnutls_get_auth_info_pcert (&peer_cert,
- session->security_parameters.cert_type,
- info)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_handshake_verify_data (session, &peer_cert, vparams, &signature,
- sign_algo);
-
- gnutls_pcert_deinit (&peer_cert);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int sigsize;
+ gnutls_datum_t signature;
+ int ret;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ ssize_t data_size = _data_size;
+ gnutls_pcert_st peer_cert;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL)) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* VERIFY SIGNATURE */
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ sign_algorithm_st aid;
+
+ DECR_LEN(data_size, 1);
+ aid.hash_algorithm = *data++;
+ DECR_LEN(data_size, 1);
+ aid.sign_algorithm = *data++;
+ sign_algo = _gnutls_tls_aid_to_sign(&aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ _gnutls_debug_log("unknown signature %d.%d\n",
+ aid.sign_algorithm,
+ aid.hash_algorithm);
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ }
+ DECR_LEN(data_size, 2);
+ sigsize = _gnutls_read_uint16(data);
+ data += 2;
+
+ DECR_LEN(data_size, sigsize);
+ signature.data = data;
+ signature.size = sigsize;
+
+ if ((ret =
+ _gnutls_get_auth_info_pcert(&peer_cert,
+ session->security_parameters.
+ cert_type, info)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_handshake_verify_data(session, &peer_cert, vparams,
+ &signature, sign_algo);
+
+ gnutls_pcert_deinit(&peer_cert);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
diff --git a/lib/auth/cert.h b/lib/auth/cert.h
index 3bf59b1eb1..f6295e9576 100644
--- a/lib/auth/cert.h
+++ b/lib/auth/cert.h
@@ -31,142 +31,139 @@
#include <gnutls_str_array.h>
typedef struct {
- gnutls_pcert_st * cert_list; /* a certificate chain */
- unsigned int cert_list_length; /* its length */
- gnutls_str_array_t names; /* the names in the first certificate */
+ gnutls_pcert_st *cert_list; /* a certificate chain */
+ unsigned int cert_list_length; /* its length */
+ gnutls_str_array_t names; /* the names in the first certificate */
} certs_st;
/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
*/
-typedef struct gnutls_certificate_credentials_st
-{
- gnutls_dh_params_t dh_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- gnutls_params_function *params_func;
-
- certs_st *certs;
- unsigned ncerts; /* the number of certs */
-
- gnutls_privkey_t *pkey;
- /* private keys. It contains ncerts private
- * keys. pkey[i] corresponds to certificate in
- * cert_list[i][0].
- */
+typedef struct gnutls_certificate_credentials_st {
+ gnutls_dh_params_t dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
+
+ certs_st *certs;
+ unsigned ncerts; /* the number of certs */
+
+ gnutls_privkey_t *pkey;
+ /* private keys. It contains ncerts private
+ * keys. pkey[i] corresponds to certificate in
+ * cert_list[i][0].
+ */
#ifdef ENABLE_OPENPGP
- /* OpenPGP specific stuff */
- gnutls_openpgp_keyring_t keyring;
+ /* OpenPGP specific stuff */
+ gnutls_openpgp_keyring_t keyring;
#endif
- /* X509 specific stuff */
- gnutls_x509_trust_list_t tlist;
- unsigned int verify_flags; /* flags to be used at
- * certificate verification.
- */
- unsigned int verify_depth;
- unsigned int verify_bits;
-
- /* holds a sequence of the
- * RDNs of the CAs above.
- * This is better than
- * generating on every handshake.
- */
- gnutls_datum_t x509_rdn_sequence;
-
- /* It's a mess here. However we need to keep the old 3 functions
- * for compatibility */
- gnutls_certificate_retrieve_function *get_cert_callback; /* deprecated */
- gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
- gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
- gnutls_certificate_retrieve_function2 *get_cert_callback2;
-
- gnutls_certificate_verify_function *verify_callback;
-
- struct pin_info_st pin;
- /* temporarily hold the PIN if set_key_file2() is used with a PIN */
- char pin_tmp[GNUTLS_PKCS11_MAX_PIN_LEN];
-
- /* OCSP */
- gnutls_status_request_ocsp_func ocsp_func;
- void *ocsp_func_ptr;
- char *ocsp_response_file;
+ /* X509 specific stuff */
+ gnutls_x509_trust_list_t tlist;
+ unsigned int verify_flags; /* flags to be used at
+ * certificate verification.
+ */
+ unsigned int verify_depth;
+ unsigned int verify_bits;
+
+ /* holds a sequence of the
+ * RDNs of the CAs above.
+ * This is better than
+ * generating on every handshake.
+ */
+ gnutls_datum_t x509_rdn_sequence;
+
+ /* It's a mess here. However we need to keep the old 3 functions
+ * for compatibility */
+ gnutls_certificate_retrieve_function *get_cert_callback; /* deprecated */
+ gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
+ gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
+ gnutls_certificate_retrieve_function2 *get_cert_callback2;
+
+ gnutls_certificate_verify_function *verify_callback;
+
+ struct pin_info_st pin;
+ /* temporarily hold the PIN if set_key_file2() is used with a PIN */
+ char pin_tmp[GNUTLS_PKCS11_MAX_PIN_LEN];
+
+ /* OCSP */
+ gnutls_status_request_ocsp_func ocsp_func;
+ void *ocsp_func_ptr;
+ char *ocsp_response_file;
} certificate_credentials_st;
-typedef struct rsa_info_st
-{
- gnutls_datum_t modulus;
- gnutls_datum_t exponent;
+typedef struct rsa_info_st {
+ gnutls_datum_t modulus;
+ gnutls_datum_t exponent;
} rsa_info_st;
/* This is the information we keep for the peer
* certificate.
*/
-typedef struct cert_auth_info_st
-{
- /* These (dh/rsa) are just copies from the credentials_t structure.
- * They must be freed.
- */
- dh_info_st dh;
-
- gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
- * peer.
- */
- unsigned int ncerts; /* holds the size of the list above */
-
- gnutls_certificate_type_t cert_type;
+typedef struct cert_auth_info_st {
+ /* These (dh/rsa) are just copies from the credentials_t structure.
+ * They must be freed.
+ */
+ dh_info_st dh;
+
+ gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
+ * peer.
+ */
+ unsigned int ncerts; /* holds the size of the list above */
+
+ gnutls_certificate_type_t cert_type;
#ifdef ENABLE_OPENPGP
- uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
+ uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
#endif
} *cert_auth_info_t;
typedef struct cert_auth_info_st cert_auth_info_st;
-void _gnutls_free_rsa_info (rsa_info_st * rsa);
+void _gnutls_free_rsa_info(rsa_info_st * rsa);
/* AUTH X509 functions */
-int _gnutls_gen_cert_server_crt (gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_gen_cert_client_crt (gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_gen_cert_server_cert_req (gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_proc_cert_cert_req (gnutls_session_t, uint8_t *, size_t);
-int _gnutls_proc_cert_client_crt_vrfy (gnutls_session_t, uint8_t *, size_t);
-int _gnutls_proc_crt (gnutls_session_t, uint8_t *, size_t);
-int _gnutls_get_selected_cert (gnutls_session_t session,
- gnutls_pcert_st ** apr_cert_list,
- int *apr_cert_list_length,
- gnutls_privkey_t * apr_pkey);
-
-int _gnutls_server_select_cert (struct gnutls_session_int *,
- gnutls_pk_algorithm_t*, size_t);
-void _gnutls_selected_certs_deinit (gnutls_session_t session);
-void _gnutls_selected_certs_set (gnutls_session_t session,
- gnutls_pcert_st * certs, int ncerts,
- gnutls_privkey_t key, int need_free);
-
-int _gnutls_get_auth_info_pcert (gnutls_pcert_st* gcert,
- gnutls_certificate_type_t type,
- cert_auth_info_t info);
-
-int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
- res, gnutls_str_array_t names,
- gnutls_pcert_st* crt, int nr);
-int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
- gnutls_privkey_t pkey);
-
-int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
- gnutls_kx_algorithm_t * alg,
- int *alg_size);
-
-int
-_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res);
-
-int _gnutls_gen_dhe_signature(gnutls_session_t session, gnutls_buffer_st* data,
- uint8_t* plain, unsigned plain_size);
-int
-_gnutls_proc_dhe_signature (gnutls_session_t session, uint8_t * data,
- size_t _data_size, gnutls_datum_t *vparams);
+int _gnutls_gen_cert_server_crt(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_gen_cert_client_crt(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_gen_cert_server_cert_req(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_proc_cert_cert_req(gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_crt(gnutls_session_t, uint8_t *, size_t);
+int _gnutls_get_selected_cert(gnutls_session_t session,
+ gnutls_pcert_st ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey_t * apr_pkey);
+
+int _gnutls_server_select_cert(struct gnutls_session_int *,
+ gnutls_pk_algorithm_t *, size_t);
+void _gnutls_selected_certs_deinit(gnutls_session_t session);
+void _gnutls_selected_certs_set(gnutls_session_t session,
+ gnutls_pcert_st * certs, int ncerts,
+ gnutls_privkey_t key, int need_free);
+
+int _gnutls_get_auth_info_pcert(gnutls_pcert_st * gcert,
+ gnutls_certificate_type_t type,
+ cert_auth_info_t info);
+
+int certificate_credential_append_crt_list(gnutls_certificate_credentials_t
+ res, gnutls_str_array_t names,
+ gnutls_pcert_st * crt, int nr);
+int certificate_credentials_append_pkey(gnutls_certificate_credentials_t
+ res, gnutls_privkey_t pkey);
+
+int _gnutls_selected_cert_supported_kx(struct gnutls_session_int *session,
+ gnutls_kx_algorithm_t * alg,
+ int *alg_size);
+
+int _gnutls_check_key_cert_match(gnutls_certificate_credentials_t res);
+
+int _gnutls_gen_dhe_signature(gnutls_session_t session,
+ gnutls_buffer_st * data, uint8_t * plain,
+ unsigned plain_size);
+int _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data,
+ size_t _data_size,
+ gnutls_datum_t * vparams);
#endif
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 0d7f088cb7..1efb4a2771 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -42,287 +42,282 @@
/* Frees the dh_info_st structure.
*/
-void
-_gnutls_free_dh_info (dh_info_st * dh)
+void _gnutls_free_dh_info(dh_info_st * dh)
{
- dh->secret_bits = 0;
- _gnutls_free_datum (&dh->prime);
- _gnutls_free_datum (&dh->generator);
- _gnutls_free_datum (&dh->public_key);
+ dh->secret_bits = 0;
+ _gnutls_free_datum(&dh->prime);
+ _gnutls_free_datum(&dh->generator);
+ _gnutls_free_datum(&dh->public_key);
}
int
-_gnutls_proc_dh_common_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- bigint_t g, bigint_t p,
- gnutls_datum_t* psk_key)
+_gnutls_proc_dh_common_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size,
+ bigint_t g, bigint_t p,
+ gnutls_datum_t * psk_key)
{
- uint16_t n_Y;
- size_t _n_Y;
- int ret;
- ssize_t data_size = _data_size;
+ uint16_t n_Y;
+ size_t _n_Y;
+ int ret;
+ ssize_t data_size = _data_size;
- DECR_LEN (data_size, 2);
- n_Y = _gnutls_read_uint16 (&data[0]);
- _n_Y = n_Y;
+ DECR_LEN(data_size, 2);
+ n_Y = _gnutls_read_uint16(&data[0]);
+ _n_Y = n_Y;
- DECR_LEN (data_size, n_Y);
- if (_gnutls_mpi_scan_nz (&session->key.client_Y, &data[2], _n_Y))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ DECR_LEN(data_size, n_Y);
+ if (_gnutls_mpi_scan_nz(&session->key.client_Y, &data[2], _n_Y)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- _gnutls_dh_set_peer_public (session, session->key.client_Y);
+ _gnutls_dh_set_peer_public(session, session->key.client_Y);
- ret =
- gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, session->key.dh_secret, p);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ gnutls_calc_dh_key(&session->key.KEY, session->key.client_Y,
+ session->key.dh_secret, p);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- _gnutls_mpi_release (&session->key.client_Y);
- _gnutls_mpi_release (&session->key.dh_secret);
+ _gnutls_mpi_release(&session->key.client_Y);
+ _gnutls_mpi_release(&session->key.dh_secret);
- if (psk_key == NULL)
- {
- ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
- }
- else /* In DHE_PSK the key is set differently */
- {
- gnutls_datum_t tmp_dh_key;
- ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (psk_key == NULL) {
+ ret =
+ _gnutls_mpi_dprint(session->key.KEY,
+ &session->key.key);
+ } else { /* In DHE_PSK the key is set differently */
- ret = _gnutls_set_psk_session_key (session, psk_key, &tmp_dh_key);
- _gnutls_free_datum (&tmp_dh_key);
+ gnutls_datum_t tmp_dh_key;
+ ret = _gnutls_mpi_dprint(session->key.KEY, &tmp_dh_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- }
+ ret =
+ _gnutls_set_psk_session_key(session, psk_key,
+ &tmp_dh_key);
+ _gnutls_free_datum(&tmp_dh_key);
- _gnutls_mpi_release (&session->key.KEY);
+ }
- if (ret < 0)
- {
- return ret;
- }
+ _gnutls_mpi_release(&session->key.KEY);
- return 0;
+ if (ret < 0) {
+ return ret;
+ }
+
+ return 0;
}
-int _gnutls_gen_dh_common_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+int _gnutls_gen_dh_common_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
+ return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
}
int
-_gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* data, gnutls_datum_t* pskkey)
+_gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
+ gnutls_buffer_st * data,
+ gnutls_datum_t * pskkey)
{
- bigint_t x = NULL, X = NULL;
- int ret;
-
- ret = gnutls_calc_dh_secret (&X, &x, session->key.client_g,
- session->key.client_p, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
-
- ret = _gnutls_buffer_append_mpi( data, 16, X, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
-
- /* calculate the key after calculating the message */
- ret =
- gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, x, session->key.client_p);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
-
- /* THESE SHOULD BE DISCARDED */
- _gnutls_mpi_release (&session->key.client_Y);
- _gnutls_mpi_release (&session->key.client_p);
- _gnutls_mpi_release (&session->key.client_g);
-
- if (_gnutls_cipher_suite_get_kx_algo
- (session->security_parameters.cipher_suite)
- != GNUTLS_KX_DHE_PSK)
- {
- ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
- }
- else /* In DHE_PSK the key is set differently */
- {
- gnutls_datum_t tmp_dh_key;
-
- ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_set_psk_session_key (session, pskkey, &tmp_dh_key);
- _gnutls_free_datum (&tmp_dh_key);
- }
-
- _gnutls_mpi_release (&session->key.KEY);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = data->length;
-
-error:
- _gnutls_mpi_release (&x);
- _gnutls_mpi_release (&X);
- return ret;
+ bigint_t x = NULL, X = NULL;
+ int ret;
+
+ ret = gnutls_calc_dh_secret(&X, &x, session->key.client_g,
+ session->key.client_p, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(x));
+
+ ret = _gnutls_buffer_append_mpi(data, 16, X, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* calculate the key after calculating the message */
+ ret =
+ gnutls_calc_dh_key(&session->key.KEY, session->key.client_Y, x,
+ session->key.client_p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* THESE SHOULD BE DISCARDED */
+ _gnutls_mpi_release(&session->key.client_Y);
+ _gnutls_mpi_release(&session->key.client_p);
+ _gnutls_mpi_release(&session->key.client_g);
+
+ if (_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.cipher_suite)
+ != GNUTLS_KX_DHE_PSK) {
+ ret =
+ _gnutls_mpi_dprint(session->key.KEY,
+ &session->key.key);
+ } else { /* In DHE_PSK the key is set differently */
+
+ gnutls_datum_t tmp_dh_key;
+
+ ret = _gnutls_mpi_dprint(session->key.KEY, &tmp_dh_key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_set_psk_session_key(session, pskkey,
+ &tmp_dh_key);
+ _gnutls_free_datum(&tmp_dh_key);
+ }
+
+ _gnutls_mpi_release(&session->key.KEY);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = data->length;
+
+ error:
+ _gnutls_mpi_release(&x);
+ _gnutls_mpi_release(&X);
+ return ret;
}
/* Returns the bytes parsed */
int
-_gnutls_proc_dh_common_server_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+_gnutls_proc_dh_common_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size)
{
- uint16_t n_Y, n_g, n_p;
- size_t _n_Y, _n_g, _n_p;
- uint8_t *data_p;
- uint8_t *data_g;
- uint8_t *data_Y;
- int i, bits, ret;
- ssize_t data_size = _data_size;
-
- i = 0;
-
- DECR_LEN (data_size, 2);
- n_p = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_p);
- data_p = &data[i];
- i += n_p;
-
- DECR_LEN (data_size, 2);
- n_g = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_g);
- data_g = &data[i];
- i += n_g;
-
- DECR_LEN (data_size, 2);
- n_Y = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_Y);
- data_Y = &data[i];
-
- _n_Y = n_Y;
- _n_g = n_g;
- _n_p = n_p;
-
- if (_gnutls_mpi_scan_nz (&session->key.client_Y, data_Y, _n_Y) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (_gnutls_mpi_scan_nz (&session->key.client_g, data_g, _n_g) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
- if (_gnutls_mpi_scan_nz (&session->key.client_p, data_p, _n_p) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- bits = _gnutls_dh_get_min_prime_bits (session);
- if (bits < 0)
- {
- gnutls_assert ();
- return bits;
- }
-
- if (_gnutls_mpi_get_nbits (session->key.client_p) < (size_t) bits)
- {
- /* the prime used by the peer is not acceptable
- */
- gnutls_assert ();
- _gnutls_debug_log("Received a prime of %u bits, limit is %u\n", (unsigned)_gnutls_mpi_get_nbits (session->key.client_p),
- (unsigned)bits);
- return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
- }
-
- _gnutls_dh_set_group (session, session->key.client_g,
- session->key.client_p);
- _gnutls_dh_set_peer_public (session, session->key.client_Y);
-
- ret = n_Y + n_p + n_g + 6;
-
- return ret;
+ uint16_t n_Y, n_g, n_p;
+ size_t _n_Y, _n_g, _n_p;
+ uint8_t *data_p;
+ uint8_t *data_g;
+ uint8_t *data_Y;
+ int i, bits, ret;
+ ssize_t data_size = _data_size;
+
+ i = 0;
+
+ DECR_LEN(data_size, 2);
+ n_p = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_p);
+ data_p = &data[i];
+ i += n_p;
+
+ DECR_LEN(data_size, 2);
+ n_g = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_g);
+ data_g = &data[i];
+ i += n_g;
+
+ DECR_LEN(data_size, 2);
+ n_Y = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_Y);
+ data_Y = &data[i];
+
+ _n_Y = n_Y;
+ _n_g = n_g;
+ _n_p = n_p;
+
+ if (_gnutls_mpi_scan_nz(&session->key.client_Y, data_Y, _n_Y) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz(&session->key.client_g, data_g, _n_g) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ if (_gnutls_mpi_scan_nz(&session->key.client_p, data_p, _n_p) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ bits = _gnutls_dh_get_min_prime_bits(session);
+ if (bits < 0) {
+ gnutls_assert();
+ return bits;
+ }
+
+ if (_gnutls_mpi_get_nbits(session->key.client_p) < (size_t) bits) {
+ /* the prime used by the peer is not acceptable
+ */
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Received a prime of %u bits, limit is %u\n",
+ (unsigned) _gnutls_mpi_get_nbits(session->key.
+ client_p),
+ (unsigned) bits);
+ return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
+ }
+
+ _gnutls_dh_set_group(session, session->key.client_g,
+ session->key.client_p);
+ _gnutls_dh_set_peer_public(session, session->key.client_Y);
+
+ ret = n_Y + n_p + n_g + 6;
+
+ return ret;
}
int
-_gnutls_dh_common_print_server_kx (gnutls_session_t session,
- bigint_t g, bigint_t p, unsigned int q_bits,
- gnutls_buffer_st* data)
+_gnutls_dh_common_print_server_kx(gnutls_session_t session,
+ bigint_t g, bigint_t p,
+ unsigned int q_bits,
+ gnutls_buffer_st * data)
{
- bigint_t x, Y;
- int ret;
-
- /* Y=g^x mod p */
- ret = gnutls_calc_dh_secret (&Y, &x, g, p, q_bits);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- session->key.dh_secret = x;
- _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
-
- ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_mpi(data, 16, g, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = data->length;
-cleanup:
- _gnutls_mpi_release (&Y);
-
- return ret;
+ bigint_t x, Y;
+ int ret;
+
+ /* Y=g^x mod p */
+ ret = gnutls_calc_dh_secret(&Y, &x, g, p, q_bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ session->key.dh_secret = x;
+ _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(x));
+
+ ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_append_mpi(data, 16, g, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+ cleanup:
+ _gnutls_mpi_release(&Y);
+
+ return ret;
}
#endif
diff --git a/lib/auth/dh_common.h b/lib/auth/dh_common.h
index 8ab25a70a4..8bfaaaecff 100644
--- a/lib/auth/dh_common.h
+++ b/lib/auth/dh_common.h
@@ -25,26 +25,27 @@
#include <gnutls_auth.h>
-typedef struct
-{
- int secret_bits;
+typedef struct {
+ int secret_bits;
- gnutls_datum_t prime;
- gnutls_datum_t generator;
- gnutls_datum_t public_key;
+ gnutls_datum_t prime;
+ gnutls_datum_t generator;
+ gnutls_datum_t public_key;
} dh_info_st;
-void _gnutls_free_dh_info (dh_info_st * dh);
-int _gnutls_gen_dh_common_client_kx_int (gnutls_session_t, gnutls_buffer_st*, gnutls_datum_t *pskkey);
-int _gnutls_gen_dh_common_client_kx (gnutls_session_t, gnutls_buffer_st*);
-int _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- bigint_t p, bigint_t g,
- gnutls_datum_t* psk_key);
-int _gnutls_dh_common_print_server_kx (gnutls_session_t, bigint_t g,
- bigint_t p, unsigned int q_bits,
- gnutls_buffer_st* data);
-int _gnutls_proc_dh_common_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
+void _gnutls_free_dh_info(dh_info_st * dh);
+int _gnutls_gen_dh_common_client_kx_int(gnutls_session_t,
+ gnutls_buffer_st *,
+ gnutls_datum_t * pskkey);
+int _gnutls_gen_dh_common_client_kx(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size,
+ bigint_t p, bigint_t g,
+ gnutls_datum_t * psk_key);
+int _gnutls_dh_common_print_server_kx(gnutls_session_t, bigint_t g,
+ bigint_t p, unsigned int q_bits,
+ gnutls_buffer_st * data);
+int _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size);
#endif
diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c
index 24732d6f92..546194cdca 100644
--- a/lib/auth/dhe.c
+++ b/lib/auth/dhe.c
@@ -39,142 +39,145 @@
#include <auth/dh_common.h>
#include <auth/ecdhe.h>
-static int gen_dhe_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_dhe_server_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_dhe_client_kx (gnutls_session_t, uint8_t *, size_t);
+static int gen_dhe_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_dhe_server_kx(gnutls_session_t, uint8_t *, size_t);
+static int proc_dhe_client_kx(gnutls_session_t, uint8_t *, size_t);
#ifdef ENABLE_DHE
const mod_auth_st dhe_rsa_auth_struct = {
- "DHE_RSA",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- gen_dhe_server_kx,
- _gnutls_gen_dh_common_client_kx,
- _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- proc_dhe_server_kx,
- proc_dhe_client_kx,
- _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "DHE_RSA",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ gen_dhe_server_kx,
+ _gnutls_gen_dh_common_client_kx,
+ _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
const mod_auth_st dhe_dss_auth_struct = {
- "DHE_DSS",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- gen_dhe_server_kx,
- _gnutls_gen_dh_common_client_kx,
- _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- proc_dhe_server_kx,
- proc_dhe_client_kx,
- _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "DHE_DSS",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ gen_dhe_server_kx,
+ _gnutls_gen_dh_common_client_kx,
+ _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
#endif
static int
-gen_dhe_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- bigint_t g, p;
- const bigint_t *mpis;
- int ret = 0;
- gnutls_certificate_credentials_t cred;
- gnutls_dh_params_t dh_params;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
-
- if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- _gnutls_dh_set_group (session, g, p);
-
- ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Generate the signature. */
- return _gnutls_gen_dhe_signature(session, data, data->data, data->length);
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret = 0;
+ gnutls_certificate_credentials_t cred;
+ gnutls_dh_params_t dh_params;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st),
+ 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ _gnutls_dh_set_group(session, g, p);
+
+ ret =
+ _gnutls_dh_common_print_server_kx(session, g, p,
+ dh_params->q_bits, data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Generate the signature. */
+ return _gnutls_gen_dhe_signature(session, data, data->data,
+ data->length);
}
static int
-proc_dhe_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_dhe_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
-gnutls_datum_t vdata;
-int ret;
+ gnutls_datum_t vdata;
+ int ret;
- ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- vdata.data = data;
- vdata.size = ret;
+ vdata.data = data;
+ vdata.size = ret;
- return _gnutls_proc_dhe_signature(session, data+ret, _data_size-ret, &vdata);
+ return _gnutls_proc_dhe_signature(session, data + ret,
+ _data_size - ret, &vdata);
}
static int
-proc_dhe_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_dhe_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_certificate_credentials_t cred;
- bigint_t p, g;
- const bigint_t *mpis;
- gnutls_dh_params_t dh_params;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- return gnutls_assert_val(GNUTLS_E_NO_TEMPORARY_DH_PARAMS);
-
- p = mpis[0];
- g = mpis[1];
-
- return _gnutls_proc_dh_common_client_kx (session, data, _data_size, g, p, NULL);
+ gnutls_certificate_credentials_t cred;
+ bigint_t p, g;
+ const bigint_t *mpis;
+ gnutls_dh_params_t dh_params;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL)
+ return gnutls_assert_val(GNUTLS_E_NO_TEMPORARY_DH_PARAMS);
+
+ p = mpis[0];
+ g = mpis[1];
+
+ return _gnutls_proc_dh_common_client_kx(session, data, _data_size,
+ g, p, NULL);
}
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index a51aaa1305..08dc3ef8cc 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -44,424 +44,418 @@
#include <auth/psk_passwd.h>
static int
-proc_ecdhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
-static int gen_dhe_psk_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int gen_dhe_psk_client_kx (gnutls_session_t, gnutls_buffer_st*);
-static int gen_ecdhe_psk_client_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_ecdhe_psk_client_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_dhe_psk_server_kx (gnutls_session_t, uint8_t *, size_t);
-static int gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data);
-static int proc_dhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
+proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size);
+static int gen_dhe_psk_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int gen_dhe_psk_client_kx(gnutls_session_t, gnutls_buffer_st *);
+static int gen_ecdhe_psk_client_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_ecdhe_psk_client_kx(gnutls_session_t, uint8_t *, size_t);
+static int proc_dhe_psk_server_kx(gnutls_session_t, uint8_t *, size_t);
+static int gen_ecdhe_psk_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data);
+static int proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size);
#ifdef ENABLE_DHE
const mod_auth_st dhe_psk_auth_struct = {
- "DHE PSK",
- NULL,
- NULL,
- gen_dhe_psk_server_kx,
- gen_dhe_psk_client_kx,
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_dhe_psk_server_kx,
- proc_dhe_psk_client_kx,
- NULL,
- NULL
+ "DHE PSK",
+ NULL,
+ NULL,
+ gen_dhe_psk_server_kx,
+ gen_dhe_psk_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_dhe_psk_server_kx,
+ proc_dhe_psk_client_kx,
+ NULL,
+ NULL
};
#endif
#ifdef ENABLE_ECDHE
const mod_auth_st ecdhe_psk_auth_struct = {
- "ECDHE PSK",
- NULL,
- NULL,
- gen_ecdhe_psk_server_kx,
- gen_ecdhe_psk_client_kx,
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_ecdhe_psk_server_kx,
- proc_ecdhe_psk_client_kx,
- NULL,
- NULL
+ "ECDHE PSK",
+ NULL,
+ NULL,
+ gen_ecdhe_psk_server_kx,
+ gen_ecdhe_psk_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_ecdhe_psk_server_kx,
+ proc_ecdhe_psk_client_kx,
+ NULL,
+ NULL
};
#endif
static int
-gen_ecdhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret, free;
- gnutls_psk_client_credentials_t cred;
- gnutls_datum_t username, key;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, username.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* The PSK key is set in there */
- ret = _gnutls_gen_ecdh_common_client_kx_int (session, data, &key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = data->length;
-
-cleanup:
- if (free)
- {
- _gnutls_free_datum(&username);
- _gnutls_free_datum(&key);
- }
-
- return ret;
+ int ret, free;
+ gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, username.data,
+ username.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* The PSK key is set in there */
+ ret = _gnutls_gen_ecdh_common_client_kx_int(session, data, &key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+
+ cleanup:
+ if (free) {
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&key);
+ }
+
+ return ret;
}
static int
-gen_dhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret, free;
- gnutls_psk_client_credentials_t cred;
- gnutls_datum_t username, key;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, username.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* The PSK key is set in there */
- ret = _gnutls_gen_dh_common_client_kx_int (session, data, &key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = data->length;
-
-cleanup:
- if (free)
- {
- _gnutls_free_datum(&username);
- _gnutls_free_datum(&key);
- }
-
- return ret;
+ int ret, free;
+ gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, username.data,
+ username.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* The PSK key is set in there */
+ ret = _gnutls_gen_dh_common_client_kx_int(session, data, &key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+
+ cleanup:
+ if (free) {
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&key);
+ }
+
+ return ret;
}
static int
-gen_dhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_dhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- bigint_t g, p;
- const bigint_t *mpis;
- int ret;
- gnutls_dh_params_t dh_params;
- gnutls_psk_server_credentials_t cred;
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_dh_set_group (session, g, p);
-
- ret = _gnutls_buffer_append_prefix(data, 16, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data);
- if (ret < 0)
- gnutls_assert ();
-
- return ret;
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_psk_server_credentials_t cred;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_dh_set_group(session, g, p);
+
+ ret = _gnutls_buffer_append_prefix(data, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_dh_common_print_server_kx(session, g, p,
+ dh_params->q_bits, data);
+ if (ret < 0)
+ gnutls_assert();
+
+ return ret;
}
static int
-gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret;
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_append_prefix(data, 16, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_ecdh_common_print_server_kx (session, data,
- _gnutls_session_ecc_curve_get(session));
- if (ret < 0)
- gnutls_assert ();
-
- return ret;
+ int ret;
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_prefix(data, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_ecdh_common_print_server_kx(session, data,
+ _gnutls_session_ecc_curve_get
+ (session));
+ if (ret < 0)
+ gnutls_assert();
+
+ return ret;
}
static int
-proc_dhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret;
- bigint_t p, g;
- gnutls_dh_params_t dh_params;
- const bigint_t *mpis;
- gnutls_datum_t psk_key;
- gnutls_psk_server_credentials_t cred;
- psk_auth_info_t info;
- gnutls_datum_t username;
- ssize_t data_size = _data_size;
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- DECR_LEN (data_size, 2);
- username.size = _gnutls_read_uint16 (&data[0]);
-
- DECR_LEN (data_size, username.size);
-
- username.data = &data[2];
-
- /* copy the username to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
-
- if (username.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- memcpy (info->username, username.data, username.size);
- info->username[username.size] = 0;
-
- /* Adjust the data */
- data += username.size + 2;
-
- ret = _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_proc_dh_common_client_kx (session, data, data_size,
- g, p, &psk_key);
-
- _gnutls_free_datum(&psk_key);
-
- return ret;
+ int ret;
+ bigint_t p, g;
+ gnutls_dh_params_t dh_params;
+ const bigint_t *mpis;
+ gnutls_datum_t psk_key;
+ gnutls_psk_server_credentials_t cred;
+ psk_auth_info_t info;
+ gnutls_datum_t username;
+ ssize_t data_size = _data_size;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ DECR_LEN(data_size, 2);
+ username.size = _gnutls_read_uint16(&data[0]);
+
+ DECR_LEN(data_size, username.size);
+
+ username.data = &data[2];
+
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
+
+ if (username.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy(info->username, username.data, username.size);
+ info->username[username.size] = 0;
+
+ /* Adjust the data */
+ data += username.size + 2;
+
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_proc_dh_common_client_kx(session, data, data_size,
+ g, p, &psk_key);
+
+ _gnutls_free_datum(&psk_key);
+
+ return ret;
}
static int
-proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret;
- gnutls_psk_server_credentials_t cred;
- gnutls_datum_t psk_key;
- psk_auth_info_t info;
- gnutls_datum_t username;
- ssize_t data_size = _data_size;
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- DECR_LEN (data_size, 2);
- username.size = _gnutls_read_uint16 (&data[0]);
-
- DECR_LEN (data_size, username.size);
-
- username.data = &data[2];
-
- /* copy the username to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
-
- if (username.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- memcpy (info->username, username.data, username.size);
- info->username[username.size] = 0;
-
- /* Adjust the data */
- data += username.size + 2;
-
- /* should never fail. It will always return a key even if it is
- * a random one */
- ret = _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_proc_ecdh_common_client_kx(session, data, data_size,
- _gnutls_session_ecc_curve_get(session), &psk_key);
-
- _gnutls_free_datum(&psk_key);
-
- return ret;
+ int ret;
+ gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t psk_key;
+ psk_auth_info_t info;
+ gnutls_datum_t username;
+ ssize_t data_size = _data_size;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LEN(data_size, 2);
+ username.size = _gnutls_read_uint16(&data[0]);
+
+ DECR_LEN(data_size, username.size);
+
+ username.data = &data[2];
+
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
+
+ if (username.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy(info->username, username.data, username.size);
+ info->username[username.size] = 0;
+
+ /* Adjust the data */
+ data += username.size + 2;
+
+ /* should never fail. It will always return a key even if it is
+ * a random one */
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_proc_ecdh_common_client_kx(session, data, data_size,
+ _gnutls_session_ecc_curve_get
+ (session), &psk_key);
+
+ _gnutls_free_datum(&psk_key);
+
+ return ret;
}
static int
-proc_dhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret, psk_size;
- ssize_t data_size = _data_size;
-
- /* set auth_info */
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- DECR_LEN (data_size, 2);
- psk_size = _gnutls_read_uint16 (data);
- DECR_LEN (data_size, psk_size);
- data += 2 + psk_size;
-
- ret = _gnutls_proc_dh_common_server_kx (session, data, data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret, psk_size;
+ ssize_t data_size = _data_size;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LEN(data_size, 2);
+ psk_size = _gnutls_read_uint16(data);
+ DECR_LEN(data_size, psk_size);
+ data += 2 + psk_size;
+
+ ret = _gnutls_proc_dh_common_server_kx(session, data, data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
static int
-proc_ecdhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret, psk_size;
- ssize_t data_size = _data_size;
-
- /* set auth_info */
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- DECR_LEN (data_size, 2);
- psk_size = _gnutls_read_uint16 (data);
- DECR_LEN (data_size, psk_size);
- data += 2 + psk_size;
-
- ret = _gnutls_proc_ecdh_common_server_kx (session, data, data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret, psk_size;
+ ssize_t data_size = _data_size;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LEN(data_size, 2);
+ psk_size = _gnutls_read_uint16(data);
+ DECR_LEN(data_size, psk_size);
+ data += 2 + psk_size;
+
+ ret = _gnutls_proc_ecdh_common_server_kx(session, data, data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c
index 060c683233..8e8abbe498 100644
--- a/lib/auth/ecdhe.c
+++ b/lib/auth/ecdhe.c
@@ -42,308 +42,341 @@
#include <auth/cert.h>
#include <gnutls_pk.h>
-static int gen_ecdhe_server_kx (gnutls_session_t, gnutls_buffer_st*);
+static int gen_ecdhe_server_kx(gnutls_session_t, gnutls_buffer_st *);
static int
-proc_ecdhe_server_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size);
+proc_ecdhe_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size);
static int
-proc_ecdhe_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size);
+proc_ecdhe_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size);
#if defined(ENABLE_ECDHE)
const mod_auth_st ecdhe_ecdsa_auth_struct = {
- "ECDHE_ECDSA",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- gen_ecdhe_server_kx,
- _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
- _gnutls_gen_cert_client_crt_vrfy,
- _gnutls_gen_cert_server_cert_req,
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- proc_ecdhe_server_kx,
- proc_ecdhe_client_kx,
- _gnutls_proc_cert_client_crt_vrfy,
- _gnutls_proc_cert_cert_req
+ "ECDHE_ECDSA",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ gen_ecdhe_server_kx,
+ _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
+ _gnutls_gen_cert_client_crt_vrfy,
+ _gnutls_gen_cert_server_cert_req,
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ proc_ecdhe_server_kx,
+ proc_ecdhe_client_kx,
+ _gnutls_proc_cert_client_crt_vrfy,
+ _gnutls_proc_cert_cert_req
};
const mod_auth_st ecdhe_rsa_auth_struct = {
- "ECDHE_RSA",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- gen_ecdhe_server_kx,
- _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
- _gnutls_gen_cert_client_crt_vrfy,
- _gnutls_gen_cert_server_cert_req,
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- proc_ecdhe_server_kx,
- proc_ecdhe_client_kx,
- _gnutls_proc_cert_client_crt_vrfy,
- _gnutls_proc_cert_cert_req
+ "ECDHE_RSA",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ gen_ecdhe_server_kx,
+ _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
+ _gnutls_gen_cert_client_crt_vrfy,
+ _gnutls_gen_cert_server_cert_req,
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ proc_ecdhe_server_kx,
+ proc_ecdhe_client_kx,
+ _gnutls_proc_cert_client_crt_vrfy,
+ _gnutls_proc_cert_cert_req
};
-static int calc_ecdh_key( gnutls_session_t session, gnutls_datum_t * psk_key,
- gnutls_ecc_curve_t curve)
+static int calc_ecdh_key(gnutls_session_t session,
+ gnutls_datum_t * psk_key,
+ gnutls_ecc_curve_t curve)
{
-gnutls_pk_params_st pub;
-int ret;
-
- memset(&pub,0,sizeof(pub));
- pub.params[ECC_X] = session->key.ecdh_x;
- pub.params[ECC_Y] = session->key.ecdh_y;
- pub.flags = curve;
-
- if (psk_key == NULL)
- ret = _gnutls_pk_derive(GNUTLS_PK_EC, &session->key.key, &session->key.ecdh_params, &pub);
- else
- {
- gnutls_datum_t tmp_dh_key;
-
- ret = _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key, &session->key.ecdh_params, &pub);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = _gnutls_set_psk_session_key (session, psk_key, &tmp_dh_key);
- _gnutls_free_datum (&tmp_dh_key);
- }
-
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- /* no longer needed */
- _gnutls_mpi_release (&session->key.ecdh_x);
- _gnutls_mpi_release (&session->key.ecdh_y);
- gnutls_pk_params_release( &session->key.ecdh_params);
- return ret;
+ gnutls_pk_params_st pub;
+ int ret;
+
+ memset(&pub, 0, sizeof(pub));
+ pub.params[ECC_X] = session->key.ecdh_x;
+ pub.params[ECC_Y] = session->key.ecdh_y;
+ pub.flags = curve;
+
+ if (psk_key == NULL)
+ ret =
+ _gnutls_pk_derive(GNUTLS_PK_EC, &session->key.key,
+ &session->key.ecdh_params, &pub);
+ else {
+ gnutls_datum_t tmp_dh_key;
+
+ ret =
+ _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key,
+ &session->key.ecdh_params, &pub);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_set_psk_session_key(session, psk_key,
+ &tmp_dh_key);
+ _gnutls_free_datum(&tmp_dh_key);
+ }
+
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ /* no longer needed */
+ _gnutls_mpi_release(&session->key.ecdh_x);
+ _gnutls_mpi_release(&session->key.ecdh_y);
+ gnutls_pk_params_release(&session->key.ecdh_params);
+ return ret;
}
int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- gnutls_ecc_curve_t curve,
- gnutls_datum_t* psk_key)
+ uint8_t * data, size_t _data_size,
+ gnutls_ecc_curve_t curve,
+ gnutls_datum_t * psk_key)
{
- ssize_t data_size = _data_size;
- int ret, i = 0;
- int point_size;
-
- if (curve == GNUTLS_ECC_CURVE_INVALID)
- return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
-
- DECR_LEN (data_size, 1);
- point_size = data[i];
- i+=1;
-
- DECR_LEN (data_size, point_size);
- ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size, &session->key.ecdh_x, &session->key.ecdh_y);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* generate pre-shared key */
- ret = calc_ecdh_key(session, psk_key, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ ssize_t data_size = _data_size;
+ int ret, i = 0;
+ int point_size;
+
+ if (curve == GNUTLS_ECC_CURVE_INVALID)
+ return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
+
+ DECR_LEN(data_size, 1);
+ point_size = data[i];
+ i += 1;
+
+ DECR_LEN(data_size, point_size);
+ ret =
+ _gnutls_ecc_ansi_x963_import(&data[i], point_size,
+ &session->key.ecdh_x,
+ &session->key.ecdh_y);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* generate pre-shared key */
+ ret = calc_ecdh_key(session, psk_key, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
static int
-proc_ecdhe_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+proc_ecdhe_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size)
{
- gnutls_certificate_credentials_t cred;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- return _gnutls_proc_ecdh_common_client_kx(session, data, _data_size,
- _gnutls_session_ecc_curve_get(session), NULL);
+ gnutls_certificate_credentials_t cred;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ return _gnutls_proc_ecdh_common_client_kx(session, data,
+ _data_size,
+ _gnutls_session_ecc_curve_get
+ (session), NULL);
}
int
-_gnutls_gen_ecdh_common_client_kx (gnutls_session_t session,
- gnutls_buffer_st* data)
+_gnutls_gen_ecdh_common_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- return _gnutls_gen_ecdh_common_client_kx_int(session, data, NULL);
+ return _gnutls_gen_ecdh_common_client_kx_int(session, data, NULL);
}
int
-_gnutls_gen_ecdh_common_client_kx_int (gnutls_session_t session,
- gnutls_buffer_st* data,
- gnutls_datum_t * psk_key)
+_gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
+ gnutls_buffer_st * data,
+ gnutls_datum_t * psk_key)
{
- int ret;
- gnutls_datum_t out;
- int curve = _gnutls_session_ecc_curve_get(session);
-
- /* generate temporal key */
- ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[ECC_X] /* x */,
- session->key.ecdh_params.params[ECC_Y] /* y */, &out);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
-
- _gnutls_free_datum(&out);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* generate pre-shared key */
- ret = calc_ecdh_key(session, psk_key, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return data->length;
+ int ret;
+ gnutls_datum_t out;
+ int curve = _gnutls_session_ecc_curve_get(session);
+
+ /* generate temporal key */
+ ret =
+ _gnutls_pk_generate(GNUTLS_PK_EC, curve,
+ &session->key.ecdh_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_ecc_ansi_x963_export(curve,
+ session->key.ecdh_params.
+ params[ECC_X] /* x */ ,
+ session->key.ecdh_params.
+ params[ECC_Y] /* y */ , &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
+
+ _gnutls_free_datum(&out);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* generate pre-shared key */
+ ret = calc_ecdh_key(session, psk_key, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return data->length;
}
static int
-proc_ecdhe_server_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+proc_ecdhe_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size)
{
-int ret;
-gnutls_datum_t vparams;
+ int ret;
+ gnutls_datum_t vparams;
- ret = _gnutls_proc_ecdh_common_server_kx(session, data, _data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_proc_ecdh_common_server_kx(session, data, _data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- vparams.data = data;
- vparams.size = ret;
+ vparams.data = data;
+ vparams.size = ret;
- return _gnutls_proc_dhe_signature(session, data+ret, _data_size-ret, &vparams);
+ return _gnutls_proc_dhe_signature(session, data + ret,
+ _data_size - ret, &vparams);
}
int
-_gnutls_proc_ecdh_common_server_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+_gnutls_proc_ecdh_common_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size)
{
- int i, ret, point_size;
- gnutls_ecc_curve_t curve;
- ssize_t data_size = _data_size;
+ int i, ret, point_size;
+ gnutls_ecc_curve_t curve;
+ ssize_t data_size = _data_size;
- i = 0;
- DECR_LEN (data_size, 1);
- if (data[i++] != 3)
- return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
-
- DECR_LEN (data_size, 2);
- curve = _gnutls_tls_id_to_ecc_curve(_gnutls_read_uint16 (&data[i]));
- i += 2;
+ i = 0;
+ DECR_LEN(data_size, 1);
+ if (data[i++] != 3)
+ return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
- ret = _gnutls_session_supports_ecc_curve(session, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ DECR_LEN(data_size, 2);
+ curve = _gnutls_tls_id_to_ecc_curve(_gnutls_read_uint16(&data[i]));
+ i += 2;
- _gnutls_session_ecc_curve_set(session, curve);
+ ret = _gnutls_session_supports_ecc_curve(session, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- DECR_LEN (data_size, 1);
- point_size = data[i];
- i++;
+ _gnutls_session_ecc_curve_set(session, curve);
- DECR_LEN (data_size, point_size);
- ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size, &session->key.ecdh_x, &session->key.ecdh_y);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ DECR_LEN(data_size, 1);
+ point_size = data[i];
+ i++;
- i+=point_size;
+ DECR_LEN(data_size, point_size);
+ ret =
+ _gnutls_ecc_ansi_x963_import(&data[i], point_size,
+ &session->key.ecdh_x,
+ &session->key.ecdh_y);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return i;
+ i += point_size;
+
+ return i;
}
/* If the psk flag is set, then an empty psk_identity_hint will
* be inserted */
-int _gnutls_ecdh_common_print_server_kx (gnutls_session_t session, gnutls_buffer_st* data,
- gnutls_ecc_curve_t curve)
+int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data,
+ gnutls_ecc_curve_t curve)
{
- uint8_t p;
- int ret;
- gnutls_datum_t out;
-
- if (curve == GNUTLS_ECC_CURVE_INVALID)
- return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
-
- /* curve type */
- p = 3;
-
- ret = _gnutls_buffer_append_data(data, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_prefix(data, 16, _gnutls_ecc_curve_get_tls_id(curve));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* generate temporal key */
- ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[ECC_X] /* x */,
- session->key.ecdh_params.params[ECC_Y] /* y */, &out);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
-
- _gnutls_free_datum(&out);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return data->length;
+ uint8_t p;
+ int ret;
+ gnutls_datum_t out;
+
+ if (curve == GNUTLS_ECC_CURVE_INVALID)
+ return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
+
+ /* curve type */
+ p = 3;
+
+ ret = _gnutls_buffer_append_data(data, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_prefix(data, 16,
+ _gnutls_ecc_curve_get_tls_id
+ (curve));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* generate temporal key */
+ ret =
+ _gnutls_pk_generate(GNUTLS_PK_EC, curve,
+ &session->key.ecdh_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_ecc_ansi_x963_export(curve,
+ session->key.ecdh_params.
+ params[ECC_X] /* x */ ,
+ session->key.ecdh_params.
+ params[ECC_Y] /* y */ , &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
+
+ _gnutls_free_datum(&out);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return data->length;
}
static int
-gen_ecdhe_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret = 0;
- gnutls_certificate_credentials_t cred;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_ecdh_common_print_server_kx (session, data, _gnutls_session_ecc_curve_get(session));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Generate the signature. */
- return _gnutls_gen_dhe_signature(session, data, data->data, data->length);
+ int ret = 0;
+ gnutls_certificate_credentials_t cred;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st),
+ 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_ecdh_common_print_server_kx(session, data,
+ _gnutls_session_ecc_curve_get
+ (session));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Generate the signature. */
+ return _gnutls_gen_dhe_signature(session, data, data->data,
+ data->length);
}
#endif
diff --git a/lib/auth/ecdhe.h b/lib/auth/ecdhe.h
index 1401b19a22..33a0f47bb8 100644
--- a/lib/auth/ecdhe.h
+++ b/lib/auth/ecdhe.h
@@ -26,24 +26,25 @@
#include <gnutls_auth.h>
int
-_gnutls_gen_ecdh_common_client_kx (gnutls_session_t session,
- gnutls_buffer_st* data);
+_gnutls_gen_ecdh_common_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data);
int
-_gnutls_gen_ecdh_common_client_kx_int (gnutls_session_t session,
- gnutls_buffer_st* data,
- gnutls_datum_t * psk_key);
+_gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
+ gnutls_buffer_st * data,
+ gnutls_datum_t * psk_key);
int
-_gnutls_proc_ecdh_common_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- gnutls_ecc_curve_t curve,
- gnutls_datum_t *psk_key);
-
-int _gnutls_ecdh_common_print_server_kx (gnutls_session_t, gnutls_buffer_st* data,
- gnutls_ecc_curve_t curve);
-int _gnutls_proc_ecdh_common_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
+_gnutls_proc_ecdh_common_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size,
+ gnutls_ecc_curve_t curve,
+ gnutls_datum_t * psk_key);
+
+int _gnutls_ecdh_common_print_server_kx(gnutls_session_t,
+ gnutls_buffer_st * data,
+ gnutls_ecc_curve_t curve);
+int _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size);
diff --git a/lib/auth/psk.c b/lib/auth/psk.c
index 053f6027fa..828ded4ff8 100644
--- a/lib/auth/psk.c
+++ b/lib/auth/psk.c
@@ -35,113 +35,111 @@
#include <gnutls_datum.h>
-int _gnutls_proc_psk_client_kx (gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_psk_client_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st psk_auth_struct = {
- "PSK",
- NULL,
- NULL,
- _gnutls_gen_psk_server_kx,
- _gnutls_gen_psk_client_kx,
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- _gnutls_proc_psk_server_kx,
- _gnutls_proc_psk_client_kx,
- NULL,
- NULL
+ "PSK",
+ NULL,
+ NULL,
+ _gnutls_gen_psk_server_kx,
+ _gnutls_gen_psk_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ _gnutls_proc_psk_server_kx,
+ _gnutls_proc_psk_client_kx,
+ NULL,
+ NULL
};
/* Set the PSK premaster secret.
*/
int
-_gnutls_set_psk_session_key (gnutls_session_t session,
- gnutls_datum_t * ppsk /* key */,
- gnutls_datum_t * dh_secret)
+_gnutls_set_psk_session_key(gnutls_session_t session,
+ gnutls_datum_t * ppsk /* key */ ,
+ gnutls_datum_t * dh_secret)
{
- gnutls_datum_t pwd_psk = { NULL, 0 };
- size_t dh_secret_size;
- uint8_t * p;
- int ret;
-
- if (dh_secret == NULL)
- dh_secret_size = ppsk->size;
- else
- dh_secret_size = dh_secret->size;
-
- /* set the session key
- */
- session->key.key.size = 4 + dh_secret_size + ppsk->size;
- session->key.key.data = gnutls_malloc (session->key.key.size);
- if (session->key.key.data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* format of the premaster secret:
- * (uint16_t) psk_size
- * psk_size bytes of (0)s
- * (uint16_t) psk_size
- * the psk
- */
- p = session->key.key.data;
- _gnutls_write_uint16 (dh_secret_size, p);
- p+=2;
- if (dh_secret == NULL)
- memset (p, 0, dh_secret_size);
- else
- memcpy (p, dh_secret->data, dh_secret->size);
-
- p += dh_secret_size;
- _gnutls_write_uint16 (ppsk->size, p);
- if (ppsk->data != NULL)
- memcpy (p+2, ppsk->data, ppsk->size);
-
- ret = 0;
-
-error:
- _gnutls_free_datum (&pwd_psk);
- return ret;
+ gnutls_datum_t pwd_psk = { NULL, 0 };
+ size_t dh_secret_size;
+ uint8_t *p;
+ int ret;
+
+ if (dh_secret == NULL)
+ dh_secret_size = ppsk->size;
+ else
+ dh_secret_size = dh_secret->size;
+
+ /* set the session key
+ */
+ session->key.key.size = 4 + dh_secret_size + ppsk->size;
+ session->key.key.data = gnutls_malloc(session->key.key.size);
+ if (session->key.key.data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* format of the premaster secret:
+ * (uint16_t) psk_size
+ * psk_size bytes of (0)s
+ * (uint16_t) psk_size
+ * the psk
+ */
+ p = session->key.key.data;
+ _gnutls_write_uint16(dh_secret_size, p);
+ p += 2;
+ if (dh_secret == NULL)
+ memset(p, 0, dh_secret_size);
+ else
+ memcpy(p, dh_secret->data, dh_secret->size);
+
+ p += dh_secret_size;
+ _gnutls_write_uint16(ppsk->size, p);
+ if (ppsk->data != NULL)
+ memcpy(p + 2, ppsk->data, ppsk->size);
+
+ ret = 0;
+
+ error:
+ _gnutls_free_datum(&pwd_psk);
+ return ret;
}
/* returns the username and they key for the PSK session.
* Free is non (0) if they have to be freed.
*/
-int _gnutls_find_psk_key( gnutls_session_t session, gnutls_psk_client_credentials_t cred,
- gnutls_datum_t * username, gnutls_datum_t* key, int* free)
+int _gnutls_find_psk_key(gnutls_session_t session,
+ gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum_t * key,
+ int *free)
{
-char* user_p;
-int ret;
-
- *free = 0;
-
- if (cred->username.data != NULL && cred->key.data != NULL)
- {
- username->data = cred->username.data;
- username->size = cred->username.size;
- key->data = cred->key.data;
- key->size = cred->key.size;
- }
- else if (cred->get_function != NULL)
- {
- ret = cred->get_function (session, &user_p, key);
- if (ret)
- return gnutls_assert_val(ret);
-
- username->data = (uint8_t*)user_p;
- username->size = strlen(user_p);
-
- *free = 1;
- }
- else
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- return 0;
+ char *user_p;
+ int ret;
+
+ *free = 0;
+
+ if (cred->username.data != NULL && cred->key.data != NULL) {
+ username->data = cred->username.data;
+ username->size = cred->username.size;
+ key->data = cred->key.data;
+ key->size = cred->key.size;
+ } else if (cred->get_function != NULL) {
+ ret = cred->get_function(session, &user_p, key);
+ if (ret)
+ return gnutls_assert_val(ret);
+
+ username->data = (uint8_t *) user_p;
+ username->size = strlen(user_p);
+
+ *free = 1;
+ } else
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ return 0;
}
@@ -156,117 +154,113 @@ int ret;
*
*/
int
-_gnutls_gen_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_psk_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret, free;
- gnutls_datum_t username;
- gnutls_datum_t key;
- gnutls_psk_client_credentials_t cred;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_set_psk_session_key (session, &key, NULL);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, username.size);
- if (ret < 0)
- {
- gnutls_assert();
- }
-
-cleanup:
- if (free)
- {
- gnutls_free(username.data);
- gnutls_free(key.data);
- }
-
- return ret;
+ int ret, free;
+ gnutls_datum_t username;
+ gnutls_datum_t key;
+ gnutls_psk_client_credentials_t cred;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_set_psk_session_key(session, &key, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, username.data,
+ username.size);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ if (free) {
+ gnutls_free(username.data);
+ gnutls_free(key.data);
+ }
+
+ return ret;
}
/* just read the username from the client key exchange.
*/
int
-_gnutls_proc_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- ssize_t data_size = _data_size;
- int ret;
- gnutls_datum_t username, psk_key;
- gnutls_psk_server_credentials_t cred;
- psk_auth_info_t info;
+ ssize_t data_size = _data_size;
+ int ret;
+ gnutls_datum_t username, psk_key;
+ gnutls_psk_server_credentials_t cred;
+ psk_auth_info_t info;
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- DECR_LEN (data_size, 2);
- username.size = _gnutls_read_uint16 (&data[0]);
+ DECR_LEN(data_size, 2);
+ username.size = _gnutls_read_uint16(&data[0]);
- DECR_LEN (data_size, username.size);
+ DECR_LEN(data_size, username.size);
- username.data = &data[2];
+ username.data = &data[2];
- /* copy the username to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
- if (username.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
+ if (username.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
- memcpy (info->username, username.data, username.size);
- info->username[username.size] = 0;
+ memcpy(info->username, username.data, username.size);
+ info->username[username.size] = 0;
- ret = _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_set_psk_session_key (session, &psk_key, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ ret = _gnutls_set_psk_session_key(session, &psk_key, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
- ret = 0;
+ ret = 0;
-error:
- _gnutls_free_datum(&psk_key);
+ error:
+ _gnutls_free_datum(&psk_key);
- return ret;
+ return ret;
}
@@ -282,94 +276,90 @@ error:
*
*/
int
-_gnutls_gen_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_psk_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- gnutls_psk_server_credentials_t cred;
- gnutls_datum_t hint;
+ gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t hint;
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- /* Abort sending this message if there is no PSK identity hint. */
- if (cred->hint == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INT_RET_0;
- }
+ /* Abort sending this message if there is no PSK identity hint. */
+ if (cred->hint == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INT_RET_0;
+ }
- hint.data = (uint8_t*)cred->hint;
- hint.size = strlen (cred->hint);
+ hint.data = (uint8_t *) cred->hint;
+ hint.size = strlen(cred->hint);
- return _gnutls_buffer_append_data_prefix(data, 16, hint.data, hint.size);
+ return _gnutls_buffer_append_data_prefix(data, 16, hint.data,
+ hint.size);
}
/* just read the hint from the server key exchange.
*/
int
-_gnutls_proc_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- ssize_t data_size = _data_size;
- int ret;
- gnutls_datum_t hint;
- gnutls_psk_client_credentials_t cred;
- psk_auth_info_t info;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- DECR_LENGTH_RET (data_size, 2, 0);
- hint.size = _gnutls_read_uint16 (&data[0]);
-
- DECR_LEN (data_size, hint.size);
-
- hint.data = &data[2];
-
- /* copy the hint to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
-
- if (hint.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- memcpy (info->hint, hint.data, hint.size);
- info->hint[hint.size] = 0;
-
- ret = _gnutls_set_psk_session_key (session, &cred->key, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = 0;
-
-error:
- return ret;
+ ssize_t data_size = _data_size;
+ int ret;
+ gnutls_datum_t hint;
+ gnutls_psk_client_credentials_t cred;
+ psk_auth_info_t info;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LENGTH_RET(data_size, 2, 0);
+ hint.size = _gnutls_read_uint16(&data[0]);
+
+ DECR_LEN(data_size, hint.size);
+
+ hint.data = &data[2];
+
+ /* copy the hint to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
+
+ if (hint.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy(info->hint, hint.data, hint.size);
+ info->hint[hint.size] = 0;
+
+ ret = _gnutls_set_psk_session_key(session, &cred->key, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ return ret;
}
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
diff --git a/lib/auth/psk.h b/lib/auth/psk.h
index 1507425f47..3322493762 100644
--- a/lib/auth/psk.h
+++ b/lib/auth/psk.h
@@ -26,38 +26,35 @@
#include <gnutls_auth.h>
#include <auth/dh_common.h>
-typedef struct gnutls_psk_client_credentials_st
-{
- gnutls_datum_t username;
- gnutls_datum_t key;
- gnutls_psk_client_credentials_function *get_function;
+typedef struct gnutls_psk_client_credentials_st {
+ gnutls_datum_t username;
+ gnutls_datum_t key;
+ gnutls_psk_client_credentials_function *get_function;
} psk_client_credentials_st;
-typedef struct gnutls_psk_server_credentials_st
-{
- char *password_file;
- /* callback function, instead of reading the
- * password files.
- */
- gnutls_psk_server_credentials_function *pwd_callback;
+typedef struct gnutls_psk_server_credentials_st {
+ char *password_file;
+ /* callback function, instead of reading the
+ * password files.
+ */
+ gnutls_psk_server_credentials_function *pwd_callback;
- /* For DHE_PSK */
- gnutls_dh_params_t dh_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- gnutls_params_function *params_func;
+ /* For DHE_PSK */
+ gnutls_dh_params_t dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
- /* Identity hint. */
- char *hint;
+ /* Identity hint. */
+ char *hint;
} psk_server_cred_st;
/* these structures should not use allocated data */
-typedef struct psk_auth_info_st
-{
- char username[MAX_USERNAME_SIZE + 1];
- dh_info_st dh;
- char hint[MAX_USERNAME_SIZE + 1];
+typedef struct psk_auth_info_st {
+ char username[MAX_USERNAME_SIZE + 1];
+ dh_info_st dh;
+ char hint[MAX_USERNAME_SIZE + 1];
} *psk_auth_info_t;
@@ -66,17 +63,21 @@ typedef struct psk_auth_info_st
typedef struct psk_auth_info_st psk_auth_info_st;
int
-_gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t* key, gnutls_datum_t * psk2);
-int _gnutls_gen_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data);
-int _gnutls_gen_psk_client_kx (gnutls_session_t, gnutls_buffer_st*);
-int _gnutls_proc_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
+_gnutls_set_psk_session_key(gnutls_session_t session, gnutls_datum_t * key,
+ gnutls_datum_t * psk2);
+int _gnutls_gen_psk_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data);
+int _gnutls_gen_psk_client_kx(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size);
-int _gnutls_find_psk_key( gnutls_session_t session, gnutls_psk_client_credentials_t cred,
- gnutls_datum_t * username, gnutls_datum_t* key, int* free);
+int _gnutls_find_psk_key(gnutls_session_t session,
+ gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum_t * key,
+ int *free);
#else
#define _gnutls_set_psk_session_key(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
#endif
diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c
index b27161a663..5f39955c9c 100644
--- a/lib/auth/psk_passwd.c
+++ b/lib/auth/psk_passwd.c
@@ -42,50 +42,46 @@
/* this function parses passwd.psk file. Format is:
* string(username):hex(passwd)
*/
-static int
-pwd_put_values (gnutls_datum_t * psk, char *str)
+static int pwd_put_values(gnutls_datum_t * psk, char *str)
{
- char *p;
- int len, ret;
- size_t size;
-
- p = strchr (str, ':');
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- /* skip username
- */
-
- /* read the key
- */
- len = strlen (p);
- if (p[len - 1] == '\n' || p[len - 1] == ' ')
- len--;
-
- size = psk->size = len / 2;
- psk->data = gnutls_malloc (size);
- if (psk->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_hex2bin (p, len, psk->data, &size);
- psk->size = (unsigned int) size;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
-
- return 0;
+ char *p;
+ int len, ret;
+ size_t size;
+
+ p = strchr(str, ':');
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ /* skip username
+ */
+
+ /* read the key
+ */
+ len = strlen(p);
+ if (p[len - 1] == '\n' || p[len - 1] == ' ')
+ len--;
+
+ size = psk->size = len / 2;
+ psk->data = gnutls_malloc(size);
+ if (psk->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_hex2bin(p, len, psk->data, &size);
+ psk->size = (unsigned int) size;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+
+ return 0;
}
@@ -93,132 +89,118 @@ pwd_put_values (gnutls_datum_t * psk, char *str)
/* Randomizes the given password entry. It actually sets a random password.
* Returns 0 on success.
*/
-static int
-_randomize_psk (gnutls_datum_t * psk)
+static int _randomize_psk(gnutls_datum_t * psk)
{
- int ret;
+ int ret;
- psk->data = gnutls_malloc (16);
- if (psk->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ psk->data = gnutls_malloc(16);
+ if (psk->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- psk->size = 16;
+ psk->size = 16;
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, (char *) psk->data, 16);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, (char *) psk->data, 16);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/* Returns the PSK key of the given user.
* If the user doesn't exist a random password is returned instead.
*/
int
-_gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username,
- gnutls_datum_t * psk)
+_gnutls_psk_pwd_find_entry(gnutls_session_t session, char *username,
+ gnutls_datum_t * psk)
{
- gnutls_psk_server_credentials_t cred;
- FILE *fd;
- char line[2 * 1024];
- unsigned i, len;
- int ret;
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* if the callback which sends the parameters is
- * set, use it.
- */
- if (cred->pwd_callback != NULL)
- {
- ret = cred->pwd_callback (session, username, psk);
-
- if (ret == 1)
- { /* the user does not exist */
- ret = _randomize_psk (psk);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return 0;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
-
- return 0;
- }
-
- /* The callback was not set. Proceed.
- */
- if (cred->password_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
-
- /* Open the selected password file.
- */
- fd = fopen (cred->password_file, "r");
- if (fd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
-
- len = strlen (username);
- while (fgets (line, sizeof (line), fd) != NULL)
- {
- /* move to first ':' */
- i = 0;
- while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
-
- if (strncmp (username, line, MAX (i, len)) == 0)
- {
- ret = pwd_put_values (psk, line);
- fclose (fd);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
- return 0;
- }
- }
- fclose (fd);
-
- /* user was not found. Fake him.
- * the last index found and randomize the entry.
- */
- ret = _randomize_psk (psk);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ gnutls_psk_server_credentials_t cred;
+ FILE *fd;
+ char line[2 * 1024];
+ unsigned i, len;
+ int ret;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* if the callback which sends the parameters is
+ * set, use it.
+ */
+ if (cred->pwd_callback != NULL) {
+ ret = cred->pwd_callback(session, username, psk);
+
+ if (ret == 1) { /* the user does not exist */
+ ret = _randomize_psk(psk);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return 0;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ return 0;
+ }
+
+ /* The callback was not set. Proceed.
+ */
+ if (cred->password_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ /* Open the selected password file.
+ */
+ fd = fopen(cred->password_file, "r");
+ if (fd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ len = strlen(username);
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0')
+ && (i < sizeof(line))) {
+ i++;
+ }
+
+ if (strncmp(username, line, MAX(i, len)) == 0) {
+ ret = pwd_put_values(psk, line);
+ fclose(fd);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ return 0;
+ }
+ }
+ fclose(fd);
+
+ /* user was not found. Fake him.
+ * the last index found and randomize the entry.
+ */
+ ret = _randomize_psk(psk);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE PSK */
+#endif /* ENABLE PSK */
diff --git a/lib/auth/psk_passwd.h b/lib/auth/psk_passwd.h
index 9af98d4651..f09df621d5 100644
--- a/lib/auth/psk_passwd.h
+++ b/lib/auth/psk_passwd.h
@@ -23,7 +23,7 @@
#ifdef ENABLE_PSK
/* this is locally allocated. It should be freed using the provided function */
-int _gnutls_psk_pwd_find_entry (gnutls_session_t, char *username,
- gnutls_datum_t * key);
+int _gnutls_psk_pwd_find_entry(gnutls_session_t, char *username,
+ gnutls_datum_t * key);
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index 5a17627f62..aaaeb95888 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -42,177 +42,166 @@
#include <abstract_int.h>
#include <auth/rsa_common.h>
-int _gnutls_gen_rsa_client_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_rsa_client_kx (gnutls_session_t, uint8_t *, size_t);
+int _gnutls_gen_rsa_client_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_rsa_client_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st rsa_auth_struct = {
- "RSA",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- NULL, /* gen server kx */
- _gnutls_gen_rsa_client_kx,
- _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- NULL, /* proc server kx */
- proc_rsa_client_kx, /* proc client kx */
- _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "RSA",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ NULL, /* gen server kx */
+ _gnutls_gen_rsa_client_kx,
+ _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ NULL, /* proc server kx */
+ proc_rsa_client_kx, /* proc client kx */
+ _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
/* This function reads the RSA parameters from peer's certificate;
*/
int
-_gnutls_get_public_rsa_params (gnutls_session_t session,
- gnutls_pk_params_st * params)
+_gnutls_get_public_rsa_params(gnutls_session_t session,
+ gnutls_pk_params_st * params)
{
- int ret;
- cert_auth_info_t info;
- gnutls_pcert_st peer_cert;
-
- /* normal non export case */
-
- info = _gnutls_get_auth_info (session);
-
- if (info == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret =
- _gnutls_get_auth_info_pcert (&peer_cert,
- session->security_parameters.cert_type,
- info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- gnutls_pk_params_init(params);
-
- ret = _gnutls_pubkey_get_mpis(peer_cert.pubkey, params);
- if (ret < 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- goto cleanup2;
- }
-
- gnutls_pcert_deinit (&peer_cert);
- return 0;
-
-cleanup2:
- gnutls_pcert_deinit (&peer_cert);
-
- return ret;
+ int ret;
+ cert_auth_info_t info;
+ gnutls_pcert_st peer_cert;
+
+ /* normal non export case */
+
+ info = _gnutls_get_auth_info(session);
+
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_get_auth_info_pcert(&peer_cert,
+ session->security_parameters.
+ cert_type, info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ gnutls_pk_params_init(params);
+
+ ret = _gnutls_pubkey_get_mpis(peer_cert.pubkey, params);
+ if (ret < 0) {
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ goto cleanup2;
+ }
+
+ gnutls_pcert_deinit(&peer_cert);
+ return 0;
+
+ cleanup2:
+ gnutls_pcert_deinit(&peer_cert);
+
+ return ret;
}
static int
-proc_rsa_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_datum_t plaintext;
- gnutls_datum_t ciphertext;
- int ret, dsize;
- int randomize_key = 0;
- ssize_t data_size = _data_size;
-
- if (get_num_version (session) == GNUTLS_SSL3)
- {
- /* SSL 3.0
- */
- ciphertext.data = data;
- ciphertext.size = data_size;
- }
- else
- {
- /* TLS 1.0
- */
- DECR_LEN (data_size, 2);
- ciphertext.data = &data[2];
- dsize = _gnutls_read_uint16 (data);
-
- if (dsize != data_size)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- ciphertext.size = dsize;
- }
-
- ret =
- gnutls_privkey_decrypt_data (session->internals.selected_key, 0,
- &ciphertext, &plaintext);
-
- if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
- {
- /* In case decryption fails then don't inform
- * the peer. Just use a random key. (in order to avoid
- * attack against pkcs-1 formating).
- */
- gnutls_assert ();
- _gnutls_audit_log (session, "auth_rsa: Possible PKCS #1 format attack\n");
- randomize_key = 1;
- }
- else
- {
- /* If the secret was properly formatted, then
- * check the version number.
- */
- if (_gnutls_get_adv_version_major (session) != plaintext.data[0] ||
- (session->internals.priorities.allow_wrong_pms == 0 &&
- _gnutls_get_adv_version_minor (session) != plaintext.data[1]))
- {
- /* No error is returned here, if the version number check
- * fails. We proceed normally.
- * That is to defend against the attack described in the paper
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
- * Ondej Pokorny and Tomas Rosa.
- */
- gnutls_assert ();
- _gnutls_audit_log
- (session, "auth_rsa: Possible PKCS #1 version check format attack\n");
- }
- }
-
- if (randomize_key != 0)
- {
- session->key.key.size = GNUTLS_MASTER_SIZE;
- session->key.key.data = gnutls_malloc (session->key.key.size);
- if (session->key.key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* we do not need strong random numbers here.
- */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key.key.data,
- session->key.key.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- }
- else
- {
- session->key.key.data = plaintext.data;
- session->key.key.size = plaintext.size;
- }
-
- /* This is here to avoid the version check attack
- * discussed above.
- */
- session->key.key.data[0] = _gnutls_get_adv_version_major (session);
- session->key.key.data[1] = _gnutls_get_adv_version_minor (session);
-
- return 0;
+ gnutls_datum_t plaintext;
+ gnutls_datum_t ciphertext;
+ int ret, dsize;
+ int randomize_key = 0;
+ ssize_t data_size = _data_size;
+
+ if (get_num_version(session) == GNUTLS_SSL3) {
+ /* SSL 3.0
+ */
+ ciphertext.data = data;
+ ciphertext.size = data_size;
+ } else {
+ /* TLS 1.0
+ */
+ DECR_LEN(data_size, 2);
+ ciphertext.data = &data[2];
+ dsize = _gnutls_read_uint16(data);
+
+ if (dsize != data_size) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ ciphertext.size = dsize;
+ }
+
+ ret =
+ gnutls_privkey_decrypt_data(session->internals.selected_key, 0,
+ &ciphertext, &plaintext);
+
+ if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
+ /* In case decryption fails then don't inform
+ * the peer. Just use a random key. (in order to avoid
+ * attack against pkcs-1 formating).
+ */
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "auth_rsa: Possible PKCS #1 format attack\n");
+ randomize_key = 1;
+ } else {
+ /* If the secret was properly formatted, then
+ * check the version number.
+ */
+ if (_gnutls_get_adv_version_major(session) !=
+ plaintext.data[0]
+ || (session->internals.priorities.allow_wrong_pms == 0
+ && _gnutls_get_adv_version_minor(session) !=
+ plaintext.data[1])) {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert();
+ _gnutls_audit_log
+ (session,
+ "auth_rsa: Possible PKCS #1 version check format attack\n");
+ }
+ }
+
+ if (randomize_key != 0) {
+ session->key.key.size = GNUTLS_MASTER_SIZE;
+ session->key.key.data =
+ gnutls_malloc(session->key.key.size);
+ if (session->key.key.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* we do not need strong random numbers here.
+ */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data,
+ session->key.key.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ } else {
+ session->key.key.data = plaintext.data;
+ session->key.key.size = plaintext.size;
+ }
+
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+ session->key.key.data[0] = _gnutls_get_adv_version_major(session);
+ session->key.key.data[1] = _gnutls_get_adv_version_minor(session);
+
+ return 0;
}
@@ -220,82 +209,78 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t * data,
/* return RSA(random) using the peers public key
*/
int
-_gnutls_gen_rsa_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_rsa_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- cert_auth_info_t auth = session->key.auth_info;
- gnutls_datum_t sdata; /* data to send */
- gnutls_pk_params_st params;
- int ret;
-
- if (auth == NULL)
- {
- /* this shouldn't have happened. The proc_certificate
- * function should have detected that.
- */
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- session->key.key.size = GNUTLS_MASTER_SIZE;
- session->key.key.data = gnutls_malloc (session->key.key.size);
-
- if (session->key.key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key.key.data,
- session->key.key.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (session->internals.rsa_pms_version[0] == 0)
- {
- session->key.key.data[0] = _gnutls_get_adv_version_major(session);
- session->key.key.data[1] = _gnutls_get_adv_version_minor(session);
- }
- else
- { /* use the version provided */
- session->key.key.data[0] = session->internals.rsa_pms_version[0];
- session->key.key.data[1] = session->internals.rsa_pms_version[1];
- }
-
- /* move RSA parameters to key (session).
- */
- if ((ret =
- _gnutls_get_public_rsa_params (session, &params)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_pk_encrypt (GNUTLS_PK_RSA, &sdata, &session->key.key,
- &params);
-
- gnutls_pk_params_release(&params);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
-
- if (get_num_version (session) == GNUTLS_SSL3)
- {
- /* SSL 3.0 */
- _gnutls_buffer_replace_data( data, &sdata);
-
- return data->length;
- }
- else
- { /* TLS 1 */
- ret = _gnutls_buffer_append_data_prefix( data, 16, sdata.data, sdata.size);
-
- _gnutls_free_datum (&sdata);
- return ret;
- }
+ cert_auth_info_t auth = session->key.auth_info;
+ gnutls_datum_t sdata; /* data to send */
+ gnutls_pk_params_st params;
+ int ret;
+
+ if (auth == NULL) {
+ /* this shouldn't have happened. The proc_certificate
+ * function should have detected that.
+ */
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ session->key.key.size = GNUTLS_MASTER_SIZE;
+ session->key.key.data = gnutls_malloc(session->key.key.size);
+
+ if (session->key.key.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data,
+ session->key.key.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (session->internals.rsa_pms_version[0] == 0) {
+ session->key.key.data[0] =
+ _gnutls_get_adv_version_major(session);
+ session->key.key.data[1] =
+ _gnutls_get_adv_version_minor(session);
+ } else { /* use the version provided */
+ session->key.key.data[0] =
+ session->internals.rsa_pms_version[0];
+ session->key.key.data[1] =
+ session->internals.rsa_pms_version[1];
+ }
+
+ /* move RSA parameters to key (session).
+ */
+ if ((ret = _gnutls_get_public_rsa_params(session, &params)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key,
+ &params);
+
+ gnutls_pk_params_release(&params);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+
+ if (get_num_version(session) == GNUTLS_SSL3) {
+ /* SSL 3.0 */
+ _gnutls_buffer_replace_data(data, &sdata);
+
+ return data->length;
+ } else { /* TLS 1 */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, sdata.data,
+ sdata.size);
+
+ _gnutls_free_datum(&sdata);
+ return ret;
+ }
}
diff --git a/lib/auth/rsa_common.h b/lib/auth/rsa_common.h
index e1d2f39479..38ee264d6c 100644
--- a/lib/auth/rsa_common.h
+++ b/lib/auth/rsa_common.h
@@ -28,12 +28,12 @@
*/
#ifndef AUTH_RSA_COMMON
-# define AUTH_RSA_COMMON
+#define AUTH_RSA_COMMON
#include <abstract_int.h>
int
-_gnutls_get_public_rsa_params (gnutls_session_t session,
- gnutls_pk_params_st * params);
+_gnutls_get_public_rsa_params(gnutls_session_t session,
+ gnutls_pk_params_st * params);
#endif
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index e72d55d32a..23ff898bcd 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -49,68 +49,68 @@
#include <gnutls_datum.h>
#include <gnutls_state.h>
-static int _gnutls_gen_rsa_psk_client_kx (gnutls_session_t session,
- gnutls_buffer_st * data);
-static int _gnutls_proc_rsa_psk_client_kx (gnutls_session_t, uint8_t *,
- size_t);
+static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data);
+static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t, uint8_t *,
+ size_t);
const mod_auth_st rsa_psk_auth_struct = {
- "RSA PSK",
- _gnutls_gen_cert_server_crt,
- NULL, /* generate_client_certificate */
- _gnutls_gen_psk_server_kx,
- _gnutls_gen_rsa_psk_client_kx,
- NULL, /* generate_client_cert_vrfy */
- NULL, /* generate_server_certificate_request */
- _gnutls_proc_crt,
- NULL, /* process_client_certificate */
- _gnutls_proc_psk_server_kx,
- _gnutls_proc_rsa_psk_client_kx,
- NULL, /* process_client_cert_vrfy */
- NULL /* process_server_certificate_reuqest */
+ "RSA PSK",
+ _gnutls_gen_cert_server_crt,
+ NULL, /* generate_client_certificate */
+ _gnutls_gen_psk_server_kx,
+ _gnutls_gen_rsa_psk_client_kx,
+ NULL, /* generate_client_cert_vrfy */
+ NULL, /* generate_server_certificate_request */
+ _gnutls_proc_crt,
+ NULL, /* process_client_certificate */
+ _gnutls_proc_psk_server_kx,
+ _gnutls_proc_rsa_psk_client_kx,
+ NULL, /* process_client_cert_vrfy */
+ NULL /* process_server_certificate_reuqest */
};
/* Set the PSK premaster secret.
*/
static int
-set_rsa_psk_session_key (gnutls_session_t session,
- gnutls_datum_t *ppsk, gnutls_datum_t * rsa_secret)
+set_rsa_psk_session_key(gnutls_session_t session,
+ gnutls_datum_t * ppsk, gnutls_datum_t * rsa_secret)
{
- unsigned char *p;
- size_t rsa_secret_size;
- int ret;
-
-
- rsa_secret_size = rsa_secret->size;
-
- /* set the session key
- */
- session->key.key.size = 2 + rsa_secret_size + 2 + ppsk->size;
- session->key.key.data = gnutls_malloc (session->key.key.size);
- if (session->key.key.data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* format of the premaster secret:
- * (uint16_t) other_secret size (48)
- * other_secret: 2 byte version + 46 byte random
- * (uint16_t) psk_size
- * the psk
- */
- _gnutls_write_uint16 (rsa_secret_size, session->key.key.data);
- memcpy (&session->key.key.data[2], rsa_secret->data, rsa_secret->size);
- p = &session->key.key.data[rsa_secret_size + 2];
- _gnutls_write_uint16 (ppsk->size, p);
- if (ppsk->data != NULL)
- memcpy (p + 2, ppsk->data, ppsk->size);
-
- ret = 0;
-
-error:
- return ret;
+ unsigned char *p;
+ size_t rsa_secret_size;
+ int ret;
+
+
+ rsa_secret_size = rsa_secret->size;
+
+ /* set the session key
+ */
+ session->key.key.size = 2 + rsa_secret_size + 2 + ppsk->size;
+ session->key.key.data = gnutls_malloc(session->key.key.size);
+ if (session->key.key.data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* format of the premaster secret:
+ * (uint16_t) other_secret size (48)
+ * other_secret: 2 byte version + 46 byte random
+ * (uint16_t) psk_size
+ * the psk
+ */
+ _gnutls_write_uint16(rsa_secret_size, session->key.key.data);
+ memcpy(&session->key.key.data[2], rsa_secret->data,
+ rsa_secret->size);
+ p = &session->key.key.data[rsa_secret_size + 2];
+ _gnutls_write_uint16(ppsk->size, p);
+ if (ppsk->data != NULL)
+ memcpy(p + 2, ppsk->data, ppsk->size);
+
+ ret = 0;
+
+ error:
+ return ret;
}
/* Generate client key exchange message
@@ -124,297 +124,285 @@ error:
* } ClientKeyExchange;
*/
static int
-_gnutls_gen_rsa_psk_client_kx (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- cert_auth_info_t auth = session->key.auth_info;
- gnutls_datum_t sdata; /* data to send */
- gnutls_pk_params_st params;
- gnutls_psk_client_credentials_t cred;
- gnutls_datum_t username, key;
- int ret, free;
-
- if (auth == NULL)
- {
- /* this shouldn't have happened. The proc_certificate
- * function should have detected that.
- */
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- gnutls_datum_t premaster_secret;
- premaster_secret.size = GNUTLS_MASTER_SIZE;
- premaster_secret.data = gnutls_secure_malloc (premaster_secret.size);
-
- if (premaster_secret.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Generate random */
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, premaster_secret.data,
- premaster_secret.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Set version */
- if (session->internals.rsa_pms_version[0] == 0)
- {
- premaster_secret.data[0] = _gnutls_get_adv_version_major (session);
- premaster_secret.data[1] = _gnutls_get_adv_version_minor (session);
- }
- else
- { /* use the version provided */
- premaster_secret.data[0] = session->internals.rsa_pms_version[0];
- premaster_secret.data[1] = session->internals.rsa_pms_version[1];
- }
-
- /* move RSA parameters to key (session).
- */
- if ((ret = _gnutls_get_public_rsa_params (session, &params)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Encrypt premaster secret */
- if ((ret =
- _gnutls_pk_encrypt (GNUTLS_PK_RSA, &sdata, &premaster_secret,
- &params)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- gnutls_pk_params_release (&params);
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Here we set the PSK key */
- ret = set_rsa_psk_session_key (session, &key, &premaster_secret);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Create message for client key exchange
- *
- * struct {
- * uint8_t psk_identity<0..2^16-1>;
- * EncryptedPreMasterSecret;
- * }
- */
-
- /* Write psk_identity and EncryptedPreMasterSecret into data stream
- */
- ret = _gnutls_buffer_append_data_prefix (data, 16, cred->username.data,
- cred->username.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_data_prefix (data, 16, sdata.data, sdata.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&sdata);
- _gnutls_free_datum (&premaster_secret);
- if (free)
- {
- gnutls_free(key.data);
- gnutls_free(username.data);
- }
-
- return data->length;
+ cert_auth_info_t auth = session->key.auth_info;
+ gnutls_datum_t sdata; /* data to send */
+ gnutls_pk_params_st params;
+ gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
+ int ret, free;
+
+ if (auth == NULL) {
+ /* this shouldn't have happened. The proc_certificate
+ * function should have detected that.
+ */
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ gnutls_datum_t premaster_secret;
+ premaster_secret.size = GNUTLS_MASTER_SIZE;
+ premaster_secret.data =
+ gnutls_secure_malloc(premaster_secret.size);
+
+ if (premaster_secret.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Generate random */
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data,
+ premaster_secret.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Set version */
+ if (session->internals.rsa_pms_version[0] == 0) {
+ premaster_secret.data[0] =
+ _gnutls_get_adv_version_major(session);
+ premaster_secret.data[1] =
+ _gnutls_get_adv_version_minor(session);
+ } else { /* use the version provided */
+ premaster_secret.data[0] =
+ session->internals.rsa_pms_version[0];
+ premaster_secret.data[1] =
+ session->internals.rsa_pms_version[1];
+ }
+
+ /* move RSA parameters to key (session).
+ */
+ if ((ret = _gnutls_get_public_rsa_params(session, &params)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Encrypt premaster secret */
+ if ((ret =
+ _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret,
+ &params)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ gnutls_pk_params_release(&params);
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Here we set the PSK key */
+ ret = set_rsa_psk_session_key(session, &key, &premaster_secret);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Create message for client key exchange
+ *
+ * struct {
+ * uint8_t psk_identity<0..2^16-1>;
+ * EncryptedPreMasterSecret;
+ * }
+ */
+
+ /* Write psk_identity and EncryptedPreMasterSecret into data stream
+ */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16,
+ cred->username.data,
+ cred->username.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, sdata.data,
+ sdata.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&sdata);
+ _gnutls_free_datum(&premaster_secret);
+ if (free) {
+ gnutls_free(key.data);
+ gnutls_free(username.data);
+ }
+
+ return data->length;
}
/*
Process the client key exchange message
*/
static int
-_gnutls_proc_rsa_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_datum_t username;
- psk_auth_info_t info;
- gnutls_datum_t plaintext;
- gnutls_datum_t ciphertext;
- gnutls_datum_t pwd_psk = {NULL, 0};
- int ret, dsize;
- int randomize_key = 0;
- ssize_t data_size = _data_size;
- gnutls_psk_server_credentials_t cred;
- gnutls_datum_t premaster_secret = {NULL, 0};
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ret = _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ gnutls_datum_t username;
+ psk_auth_info_t info;
+ gnutls_datum_t plaintext;
+ gnutls_datum_t ciphertext;
+ gnutls_datum_t pwd_psk = { NULL, 0 };
+ int ret, dsize;
+ int randomize_key = 0;
+ ssize_t data_size = _data_size;
+ gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t premaster_secret = { NULL, 0 };
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ ret = _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
/*** 1. Extract user psk_identity ***/
- DECR_LEN (data_size, 2);
- username.size = _gnutls_read_uint16 (&data[0]);
+ DECR_LEN(data_size, 2);
+ username.size = _gnutls_read_uint16(&data[0]);
- DECR_LEN (data_size, username.size);
+ DECR_LEN(data_size, username.size);
- username.data = &data[2];
+ username.data = &data[2];
- /* copy the username to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
- if (username.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
+ if (username.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
- memcpy (info->username, username.data, username.size);
- info->username[username.size] = 0;
+ memcpy(info->username, username.data, username.size);
+ info->username[username.size] = 0;
- /* Adjust data so it points to EncryptedPreMasterSecret */
- data += username.size + 2;
+ /* Adjust data so it points to EncryptedPreMasterSecret */
+ data += username.size + 2;
/*** 2. Decrypt and extract EncryptedPreMasterSecret ***/
- DECR_LEN (data_size, 2);
- ciphertext.data = &data[2];
- dsize = _gnutls_read_uint16 (data);
-
- if (dsize != data_size)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- ciphertext.size = dsize;
-
- ret = gnutls_privkey_decrypt_data (session->internals.selected_key, 0,
- &ciphertext, &plaintext);
- if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
- {
- /* In case decryption fails then don't inform
- * the peer. Just use a random key. (in order to avoid
- * attack against pkcs-1 formating).
- */
- gnutls_assert ();
- _gnutls_debug_log ("auth_rsa_psk: Possible PKCS #1 format attack\n");
- randomize_key = 1;
- }
- else
- {
- /* If the secret was properly formatted, then
- * check the version number.
- */
- if (_gnutls_get_adv_version_major (session) != plaintext.data[0] ||
- (session->internals.priorities.allow_wrong_pms == 0 &&
- _gnutls_get_adv_version_minor (session) != plaintext.data[1]))
- {
- /* No error is returned here, if the version number check
- * fails. We proceed normally.
- * That is to defend against the attack described in the paper
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
- * Ondej Pokorny and Tomas Rosa.
- */
- gnutls_assert ();
- _gnutls_debug_log
- ("auth_rsa: Possible PKCS #1 version check format attack\n");
- }
- }
-
-
- if (randomize_key != 0)
- {
- premaster_secret.size = GNUTLS_MASTER_SIZE;
- premaster_secret.data = gnutls_malloc (premaster_secret.size);
- if (premaster_secret.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* we do not need strong random numbers here.
- */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, premaster_secret.data,
- premaster_secret.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- else
- {
- premaster_secret.data = plaintext.data;
- premaster_secret.size = plaintext.size;
- }
-
- /* This is here to avoid the version check attack
- * discussed above.
- */
-
- premaster_secret.data[0] = _gnutls_get_adv_version_major (session);
- premaster_secret.data[1] = _gnutls_get_adv_version_minor (session);
-
- /* find the key of this username
- */
- ret = _gnutls_psk_pwd_find_entry (session, info->username, &pwd_psk);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = set_rsa_psk_session_key (session, &pwd_psk, &premaster_secret);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-cleanup:
- _gnutls_free_datum (&pwd_psk);
- _gnutls_free_datum (&premaster_secret);
-
- return ret;
+ DECR_LEN(data_size, 2);
+ ciphertext.data = &data[2];
+ dsize = _gnutls_read_uint16(data);
+
+ if (dsize != data_size) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ ciphertext.size = dsize;
+
+ ret =
+ gnutls_privkey_decrypt_data(session->internals.selected_key, 0,
+ &ciphertext, &plaintext);
+ if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
+ /* In case decryption fails then don't inform
+ * the peer. Just use a random key. (in order to avoid
+ * attack against pkcs-1 formating).
+ */
+ gnutls_assert();
+ _gnutls_debug_log
+ ("auth_rsa_psk: Possible PKCS #1 format attack\n");
+ randomize_key = 1;
+ } else {
+ /* If the secret was properly formatted, then
+ * check the version number.
+ */
+ if (_gnutls_get_adv_version_major(session) !=
+ plaintext.data[0]
+ || (session->internals.priorities.allow_wrong_pms == 0
+ && _gnutls_get_adv_version_minor(session) !=
+ plaintext.data[1])) {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert();
+ _gnutls_debug_log
+ ("auth_rsa: Possible PKCS #1 version check format attack\n");
+ }
+ }
+
+
+ if (randomize_key != 0) {
+ premaster_secret.size = GNUTLS_MASTER_SIZE;
+ premaster_secret.data =
+ gnutls_malloc(premaster_secret.size);
+ if (premaster_secret.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* we do not need strong random numbers here.
+ */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
+ premaster_secret.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
+ premaster_secret.data = plaintext.data;
+ premaster_secret.size = plaintext.size;
+ }
+
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+
+ premaster_secret.data[0] = _gnutls_get_adv_version_major(session);
+ premaster_secret.data[1] = _gnutls_get_adv_version_minor(session);
+
+ /* find the key of this username
+ */
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, &pwd_psk);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ _gnutls_free_datum(&pwd_psk);
+ _gnutls_free_datum(&premaster_secret);
+
+ return ret;
}
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
diff --git a/lib/auth/srp.c b/lib/auth/srp.c
index 8a0b1d7b7f..d5a0af3618 100644
--- a/lib/auth/srp.c
+++ b/lib/auth/srp.c
@@ -36,20 +36,20 @@
#include <ext/srp.h>
const mod_auth_st srp_auth_struct = {
- "SRP",
- NULL,
- NULL,
- _gnutls_gen_srp_server_kx,
- _gnutls_gen_srp_client_kx,
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- _gnutls_proc_srp_server_kx,
- _gnutls_proc_srp_client_kx,
- NULL,
- NULL
+ "SRP",
+ NULL,
+ NULL,
+ _gnutls_gen_srp_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ _gnutls_proc_srp_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
};
@@ -66,41 +66,40 @@ const mod_auth_st srp_auth_struct = {
* Returns a proper error code in that case, and 0 when
* all are ok.
*/
-inline static int
-check_param_mod_n (bigint_t a, bigint_t n, int is_a)
+inline static int check_param_mod_n(bigint_t a, bigint_t n, int is_a)
{
- int ret, err = 0;
- bigint_t r;
-
- r = _gnutls_mpi_mod (a, n);
- if (r == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_mpi_cmp_ui (r, 0);
- if (ret == 0) err = 1;
-
- if (is_a != 0)
- {
- ret = _gnutls_mpi_cmp_ui (r, 1);
- if (ret == 0) err = 1;
-
- _gnutls_mpi_add_ui(r, r, 1);
- ret = _gnutls_mpi_cmp (r, n);
- if (ret == 0) err = 1;
- }
-
- _gnutls_mpi_release (&r);
-
- if (err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- return 0;
+ int ret, err = 0;
+ bigint_t r;
+
+ r = _gnutls_mpi_mod(a, n);
+ if (r == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_mpi_cmp_ui(r, 0);
+ if (ret == 0)
+ err = 1;
+
+ if (is_a != 0) {
+ ret = _gnutls_mpi_cmp_ui(r, 1);
+ if (ret == 0)
+ err = 1;
+
+ _gnutls_mpi_add_ui(r, r, 1);
+ ret = _gnutls_mpi_cmp(r, n);
+ if (ret == 0)
+ err = 1;
+ }
+
+ _gnutls_mpi_release(&r);
+
+ if (err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ return 0;
}
@@ -108,307 +107,292 @@ check_param_mod_n (bigint_t a, bigint_t n, int is_a)
* Data is allocated by the caller, and should have data_size size.
*/
int
-_gnutls_gen_srp_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_srp_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret;
- char *username;
- SRP_PWD_ENTRY *pwd_entry;
- srp_server_auth_info_t info;
- size_t tmp_size;
- extension_priv_data_t epriv;
- srp_ext_st *priv;
-
- ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0) /* peer didn't send a username */
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_SRP_USERNAME;
- }
- priv = epriv.ptr;
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
- sizeof (srp_server_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- username = info->username;
-
- _gnutls_str_cpy (username, MAX_USERNAME_SIZE, priv->username);
-
- ret = _gnutls_srp_pwd_read_entry (session, username, &pwd_entry);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* copy from pwd_entry to local variables (actually in session) */
- tmp_size = pwd_entry->g.size;
- if (_gnutls_mpi_scan_nz (&G, pwd_entry->g.data, tmp_size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- tmp_size = pwd_entry->n.size;
- if (_gnutls_mpi_scan_nz (&N, pwd_entry->n.data, tmp_size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- tmp_size = pwd_entry->v.size;
- if (_gnutls_mpi_scan_nz (&V, pwd_entry->v.data, tmp_size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- /* Calculate: B = (k*v + g^b) % N
- */
- B = _gnutls_calc_srp_B (&_b, G, N, V);
- if (B == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- /* copy N (mod n)
- */
- ret = _gnutls_buffer_append_data_prefix( data, 16, pwd_entry->n.data,
- pwd_entry->n.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* copy G (generator) to data
- */
- ret = _gnutls_buffer_append_data_prefix( data, 16, pwd_entry->g.data,
- pwd_entry->g.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* copy the salt
- */
- ret = _gnutls_buffer_append_data_prefix( data, 8, pwd_entry->salt.data,
- pwd_entry->salt.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Copy the B value
- */
-
- ret = _gnutls_buffer_append_mpi( data, 16, B, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- _gnutls_mpi_log ("SRP B: ", B);
-
- ret = data->length;
-
-cleanup:
- _gnutls_srp_entry_free (pwd_entry);
- return ret;
+ int ret;
+ char *username;
+ SRP_PWD_ENTRY *pwd_entry;
+ srp_server_auth_info_t info;
+ size_t tmp_size;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRP,
+ &epriv);
+ if (ret < 0) { /* peer didn't send a username */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_SRP,
+ sizeof(srp_server_auth_info_st),
+ 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+ username = info->username;
+
+ _gnutls_str_cpy(username, MAX_USERNAME_SIZE, priv->username);
+
+ ret = _gnutls_srp_pwd_read_entry(session, username, &pwd_entry);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* copy from pwd_entry to local variables (actually in session) */
+ tmp_size = pwd_entry->g.size;
+ if (_gnutls_mpi_scan_nz(&G, pwd_entry->g.data, tmp_size) < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ tmp_size = pwd_entry->n.size;
+ if (_gnutls_mpi_scan_nz(&N, pwd_entry->n.data, tmp_size) < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ tmp_size = pwd_entry->v.size;
+ if (_gnutls_mpi_scan_nz(&V, pwd_entry->v.data, tmp_size) < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ /* Calculate: B = (k*v + g^b) % N
+ */
+ B = _gnutls_calc_srp_B(&_b, G, N, V);
+ if (B == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ /* copy N (mod n)
+ */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->n.data,
+ pwd_entry->n.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* copy G (generator) to data
+ */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->g.data,
+ pwd_entry->g.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* copy the salt
+ */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 8,
+ pwd_entry->salt.data,
+ pwd_entry->salt.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Copy the B value
+ */
+
+ ret = _gnutls_buffer_append_mpi(data, 16, B, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_mpi_log("SRP B: ", B);
+
+ ret = data->length;
+
+ cleanup:
+ _gnutls_srp_entry_free(pwd_entry);
+ return ret;
}
/* return A = g^a % N */
int
-_gnutls_gen_srp_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_srp_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret;
- char *username, *password;
- gnutls_srp_client_credentials_t cred;
- extension_priv_data_t epriv;
- srp_ext_st *priv;
-
- ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0) /* peer didn't send a username */
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_SRP_USERNAME;
- }
- priv = epriv.ptr;
-
- cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (priv->username == NULL)
- {
- username = cred->username;
- password = cred->password;
- }
- else
- {
-
- username = priv->username;
- password = priv->password;
- }
-
- if (username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* calc A = g^a % N
- */
- if (G == NULL || N == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- A = _gnutls_calc_srp_A (&_a, G, N);
- if (A == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Rest of SRP calculations
- */
-
- /* calculate u */
- session->key.u = _gnutls_calc_srp_u (A, B, N);
- if (session->key.u == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_mpi_log ("SRP U: ", session->key.u);
-
- /* S = (B - g^x) ^ (a + u * x) % N */
- S = _gnutls_calc_srp_S2 (B, G, session->key.x, _a, session->key.u, N);
- if (S == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_mpi_log ("SRP B: ", B);
-
- _gnutls_mpi_release (&_b);
- _gnutls_mpi_release (&V);
- _gnutls_mpi_release (&session->key.u);
- _gnutls_mpi_release (&B);
-
- ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
- _gnutls_mpi_release (&S);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_append_mpi(data, 16, A, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_mpi_log ("SRP A: ", A);
-
- _gnutls_mpi_release (&A);
-
- return data->length;
+ int ret;
+ char *username, *password;
+ gnutls_srp_client_credentials_t cred;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRP,
+ &epriv);
+ if (ret < 0) { /* peer didn't send a username */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ cred = (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (priv->username == NULL) {
+ username = cred->username;
+ password = cred->password;
+ } else {
+
+ username = priv->username;
+ password = priv->password;
+ }
+
+ if (username == NULL || password == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* calc A = g^a % N
+ */
+ if (G == NULL || N == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ A = _gnutls_calc_srp_A(&_a, G, N);
+ if (A == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Rest of SRP calculations
+ */
+
+ /* calculate u */
+ session->key.u = _gnutls_calc_srp_u(A, B, N);
+ if (session->key.u == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log("SRP U: ", session->key.u);
+
+ /* S = (B - g^x) ^ (a + u * x) % N */
+ S = _gnutls_calc_srp_S2(B, G, session->key.x, _a, session->key.u,
+ N);
+ if (S == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log("SRP B: ", B);
+
+ _gnutls_mpi_release(&_b);
+ _gnutls_mpi_release(&V);
+ _gnutls_mpi_release(&session->key.u);
+ _gnutls_mpi_release(&B);
+
+ ret = _gnutls_mpi_dprint(session->key.KEY, &session->key.key);
+ _gnutls_mpi_release(&S);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_mpi(data, 16, A, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_mpi_log("SRP A: ", A);
+
+ _gnutls_mpi_release(&A);
+
+ return data->length;
}
/* just read A and put it to session */
int
-_gnutls_proc_srp_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- size_t _n_A;
- ssize_t data_size = _data_size;
- int ret;
-
- DECR_LEN (data_size, 2);
- _n_A = _gnutls_read_uint16 (&data[0]);
-
- DECR_LEN (data_size, _n_A);
- if (_gnutls_mpi_scan_nz (&A, &data[2], _n_A) || A == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- _gnutls_mpi_log ("SRP A: ", A);
- _gnutls_mpi_log ("SRP B: ", B);
-
- /* Checks if A % n == 0.
- */
- if ((ret = check_param_mod_n (A, N, 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Start the SRP calculations.
- * - Calculate u
- */
- session->key.u = _gnutls_calc_srp_u (A, B, N);
- if (session->key.u == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_mpi_log ("SRP U: ", session->key.u);
-
- /* S = (A * v^u) ^ b % N
- */
- S = _gnutls_calc_srp_S1 (A, _b, session->key.u, V, N);
- if (S == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_mpi_log ("SRP S: ", S);
-
- _gnutls_mpi_release (&A);
- _gnutls_mpi_release (&_b);
- _gnutls_mpi_release (&V);
- _gnutls_mpi_release (&session->key.u);
- _gnutls_mpi_release (&B);
-
- ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
- _gnutls_mpi_release (&S);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ size_t _n_A;
+ ssize_t data_size = _data_size;
+ int ret;
+
+ DECR_LEN(data_size, 2);
+ _n_A = _gnutls_read_uint16(&data[0]);
+
+ DECR_LEN(data_size, _n_A);
+ if (_gnutls_mpi_scan_nz(&A, &data[2], _n_A) || A == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ _gnutls_mpi_log("SRP A: ", A);
+ _gnutls_mpi_log("SRP B: ", B);
+
+ /* Checks if A % n == 0.
+ */
+ if ((ret = check_param_mod_n(A, N, 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Start the SRP calculations.
+ * - Calculate u
+ */
+ session->key.u = _gnutls_calc_srp_u(A, B, N);
+ if (session->key.u == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log("SRP U: ", session->key.u);
+
+ /* S = (A * v^u) ^ b % N
+ */
+ S = _gnutls_calc_srp_S1(A, _b, session->key.u, V, N);
+ if (S == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log("SRP S: ", S);
+
+ _gnutls_mpi_release(&A);
+ _gnutls_mpi_release(&_b);
+ _gnutls_mpi_release(&V);
+ _gnutls_mpi_release(&session->key.u);
+ _gnutls_mpi_release(&B);
+
+ ret = _gnutls_mpi_dprint(session->key.KEY, &session->key.key);
+ _gnutls_mpi_release(&S);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
@@ -418,260 +402,298 @@ _gnutls_proc_srp_client_kx (gnutls_session_t session, uint8_t * data,
* and _gnutls_srp_entry_free() should be changed.
*/
static const unsigned char srp_params_1024[] = {
- 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6,
- 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8,
- 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B,
- 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76,
- 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3,
- 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0,
- 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4,
- 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1,
- 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6,
- 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49,
- 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85,
- 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC,
- 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0,
- 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A,
- 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B,
- 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3
+ 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6,
+ 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8,
+ 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B,
+ 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76,
+ 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3,
+ 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0,
+ 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4,
+ 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1,
+ 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6,
+ 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49,
+ 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85,
+ 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC,
+ 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0,
+ 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A,
+ 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B,
+ 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3
};
static const unsigned char srp_generator = 0x02;
static const unsigned char srp3072_generator = 0x05;
const gnutls_datum_t gnutls_srp_1024_group_prime = {
- (void *) srp_params_1024, sizeof (srp_params_1024)
+ (void *) srp_params_1024, sizeof(srp_params_1024)
};
const gnutls_datum_t gnutls_srp_1024_group_generator = {
- (void *) &srp_generator, sizeof (srp_generator)
+ (void *) &srp_generator, sizeof(srp_generator)
};
static const unsigned char srp_params_1536[] = {
- 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1,
- 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5,
- 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, 0xBE, 0xEE, 0xA9,
- 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55,
- 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4,
- 0x60, 0x7A, 0x29, 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0,
- 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, 0x9A, 0x22, 0xE8,
- 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0,
- 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B,
- 0x60, 0x9E, 0x0B, 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54,
- 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, 0x76, 0x4E, 0x3F,
- 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E,
- 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39,
- 0x34, 0x96, 0x27, 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7,
- 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, 0x7D, 0x6C, 0x7F,
- 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE,
- 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F,
- 0x8A, 0x2F, 0xE9, 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02,
- 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, 0x8C, 0xE7, 0xA2,
- 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93,
- 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1,
- 0x35, 0xF9, 0xBB
+ 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1,
+ 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5,
+ 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, 0xBE, 0xEE, 0xA9,
+ 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55,
+ 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4,
+ 0x60, 0x7A, 0x29, 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0,
+ 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, 0x9A, 0x22, 0xE8,
+ 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0,
+ 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B,
+ 0x60, 0x9E, 0x0B, 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54,
+ 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, 0x76, 0x4E, 0x3F,
+ 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E,
+ 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39,
+ 0x34, 0x96, 0x27, 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7,
+ 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, 0x7D, 0x6C, 0x7F,
+ 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE,
+ 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F,
+ 0x8A, 0x2F, 0xE9, 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02,
+ 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, 0x8C, 0xE7, 0xA2,
+ 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93,
+ 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1,
+ 0x35, 0xF9, 0xBB
};
const gnutls_datum_t gnutls_srp_1536_group_prime = {
- (void *) srp_params_1536, sizeof (srp_params_1536)
+ (void *) srp_params_1536, sizeof(srp_params_1536)
};
const gnutls_datum_t gnutls_srp_1536_group_generator = {
- (void *) &srp_generator, sizeof (srp_generator)
+ (void *) &srp_generator, sizeof(srp_generator)
};
static const unsigned char srp_params_2048[] = {
- 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1,
- 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72,
- 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 0xFC, 0x31, 0x92,
- 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB,
- 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77,
- 0x67, 0xA1, 0x3D, 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03,
- 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD,
- 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
- 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66,
- 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18,
- 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 0x55, 0xF9, 0x79,
- 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A,
- 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5,
- 0xC3, 0x3E, 0xA7, 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14,
- 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80,
- 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
- 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B,
- 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45,
- 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 0x5E, 0xA7, 0x7A,
- 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB,
- 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04,
- 0xE5, 0x7A, 0xE6, 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE,
- 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08,
- 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
- 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94,
- 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE,
- 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 0x9B, 0x65, 0xE3,
- 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F,
- 0x9E, 0x4A, 0xFF, 0x73
+ 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1,
+ 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72,
+ 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 0xFC, 0x31, 0x92,
+ 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB,
+ 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77,
+ 0x67, 0xA1, 0x3D, 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03,
+ 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD,
+ 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
+ 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66,
+ 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18,
+ 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 0x55, 0xF9, 0x79,
+ 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A,
+ 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5,
+ 0xC3, 0x3E, 0xA7, 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14,
+ 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80,
+ 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
+ 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B,
+ 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45,
+ 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 0x5E, 0xA7, 0x7A,
+ 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB,
+ 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04,
+ 0xE5, 0x7A, 0xE6, 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE,
+ 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08,
+ 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
+ 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94,
+ 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE,
+ 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 0x9B, 0x65, 0xE3,
+ 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F,
+ 0x9E, 0x4A, 0xFF, 0x73
};
const gnutls_datum_t gnutls_srp_2048_group_prime = {
- (void *) srp_params_2048, sizeof (srp_params_2048)
+ (void *) srp_params_2048, sizeof(srp_params_2048)
};
const gnutls_datum_t gnutls_srp_2048_group_generator = {
- (void *) &srp_generator, sizeof (srp_generator)
+ (void *) &srp_generator, sizeof(srp_generator)
};
static const unsigned char srp_params_3072[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9,
- 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6,
- 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E,
- 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
- 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E,
- 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A,
- 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14,
- 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4,
- 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF,
- 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B,
- 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
- 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC,
- 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63,
- 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3,
- 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C,
- 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5,
- 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35,
- 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
- 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E,
- 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E,
- 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2,
- 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39,
- 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2,
- 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, 0x8E,
- 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
- 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF,
- 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB,
- 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C,
- 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E,
- 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3,
- 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA,
- 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
- 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17,
- 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61,
- 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46,
- 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B,
- 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9,
+ 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6,
+ 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E,
+ 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E,
+ 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A,
+ 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14,
+ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4,
+ 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF,
+ 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B,
+ 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC,
+ 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63,
+ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3,
+ 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C,
+ 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5,
+ 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35,
+ 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E,
+ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E,
+ 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2,
+ 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39,
+ 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2,
+ 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, 0x8E,
+ 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF,
+ 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB,
+ 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C,
+ 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E,
+ 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3,
+ 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA,
+ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17,
+ 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61,
+ 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46,
+ 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B,
+ 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
const gnutls_datum_t gnutls_srp_3072_group_generator = {
- (void *) &srp3072_generator, sizeof (srp3072_generator)
+ (void *) &srp3072_generator, sizeof(srp3072_generator)
};
const gnutls_datum_t gnutls_srp_3072_group_prime = {
- (void *) srp_params_3072, sizeof (srp_params_3072)
+ (void *) srp_params_3072, sizeof(srp_params_3072)
};
static const unsigned char srp_params_4096[] = {
-0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
-0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
-0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
-0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
-0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
-0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
-0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
-0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
-0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
-0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
-0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
-0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
-0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
-0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
-0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
-0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
-0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
-0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
-0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
-0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
-0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
-0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
-0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA,
+ 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C,
+ 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE,
+ 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04,
+ 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A,
+ 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2,
+ 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42,
+ 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7,
+ 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24,
+ 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B,
+ 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48,
+ 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF,
+ 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3,
+ 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96,
+ 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C,
+ 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE,
+ 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83,
+ 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52,
+ 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49,
+ 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05,
+ 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17,
+ 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA,
+ 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71,
+ 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4,
+ 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94,
+ 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE,
+ 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02,
+ 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20,
+ 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88,
+ 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB,
+ 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1,
+ 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6,
+ 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27,
+ 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B,
+ 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2,
+ 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA,
+ 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96,
+ 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7,
+ 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD,
+ 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A,
+ 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7,
+ 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31,
+ 0x99,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
const gnutls_datum_t gnutls_srp_4096_group_generator = {
- (void *) &srp3072_generator, sizeof (srp3072_generator)
+ (void *) &srp3072_generator, sizeof(srp3072_generator)
};
const gnutls_datum_t gnutls_srp_4096_group_prime = {
- (void *) srp_params_4096, sizeof (srp_params_4096)
+ (void *) srp_params_4096, sizeof(srp_params_4096)
};
/* Check if G and N are parameters from the SRP draft.
*/
static int
-check_g_n (const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n)
+check_g_n(const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n)
{
- if ((n_n == sizeof (srp_params_3072) &&
- memcmp (srp_params_3072, n, n_n) == 0) ||
- (n_n == sizeof (srp_params_4096) &&
- memcmp (srp_params_4096, n, n_n) == 0))
- {
- if (n_g != 1 || g[0] != srp3072_generator)
- {
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- }
- return 0;
- }
-
- if (n_g != 1 || g[0] != srp_generator)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- if (n_n == sizeof (srp_params_1024) &&
- memcmp (srp_params_1024, n, n_n) == 0)
- {
- return 0;
- }
-
- if (n_n == sizeof (srp_params_1536) &&
- memcmp (srp_params_1536, n, n_n) == 0)
- {
- return 0;
- }
-
- if (n_n == sizeof (srp_params_2048) &&
- memcmp (srp_params_2048, n, n_n) == 0)
- {
- return 0;
- }
-
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ if ((n_n == sizeof(srp_params_3072) &&
+ memcmp(srp_params_3072, n, n_n) == 0) ||
+ (n_n == sizeof(srp_params_4096) &&
+ memcmp(srp_params_4096, n, n_n) == 0)) {
+ if (n_g != 1 || g[0] != srp3072_generator) {
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ }
+ return 0;
+ }
+
+ if (n_g != 1 || g[0] != srp_generator) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if (n_n == sizeof(srp_params_1024) &&
+ memcmp(srp_params_1024, n, n_n) == 0) {
+ return 0;
+ }
+
+ if (n_n == sizeof(srp_params_1536) &&
+ memcmp(srp_params_1536, n, n_n) == 0) {
+ return 0;
+ }
+
+ if (n_n == sizeof(srp_params_2048) &&
+ memcmp(srp_params_2048, n, n_n) == 0) {
+ return 0;
+ }
+
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
/* Check if N is a prime and G a generator of the
@@ -679,273 +701,254 @@ check_g_n (const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n)
* Otherwise only the included parameters must be used.
*/
static int
-group_check_g_n (gnutls_session_t session, bigint_t g, bigint_t n)
+group_check_g_n(gnutls_session_t session, bigint_t g, bigint_t n)
{
- bigint_t q = NULL, two = NULL, w = NULL;
- int ret;
-
- if (_gnutls_mpi_get_nbits (n) < (session->internals.srp_prime_bits
- ? session->internals.srp_prime_bits
- : 2048))
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- /* N must be of the form N=2q+1
- * where q is also a prime.
- */
- if (_gnutls_prime_check (n) != 0)
- {
- _gnutls_mpi_log ("no prime N: ", n);
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- two = _gnutls_mpi_new (4);
- if (two == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- q = _gnutls_mpi_alloc_like (n);
- if (q == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* q = n-1
- */
- _gnutls_mpi_sub_ui (q, n, 1);
-
- /* q = q/2, remember that q is divisible by 2 (prime - 1)
- */
- _gnutls_mpi_set_ui (two, 2);
- _gnutls_mpi_div (q, q, two);
-
- if (_gnutls_prime_check (q) != 0)
- {
- /* N was not on the form N=2q+1, where q = prime
- */
- _gnutls_mpi_log ("no prime Q: ", q);
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- /* We also check whether g is a generator,
- */
-
- /* check if g < q < N
- */
- if (_gnutls_mpi_cmp (g, q) >= 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto error;
- }
-
- w = _gnutls_mpi_alloc_like (q);
- if (w == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* check if g^q mod N == N-1
- * w = g^q mod N
- */
- _gnutls_mpi_powm (w, g, q, n);
-
- /* w++
- */
- _gnutls_mpi_add_ui (w, w, 1);
-
- if (_gnutls_mpi_cmp (w, n) != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto error;
- }
-
- ret = 0;
-
-error:
- _gnutls_mpi_release (&q);
- _gnutls_mpi_release (&two);
- _gnutls_mpi_release (&w);
-
- return ret;
+ bigint_t q = NULL, two = NULL, w = NULL;
+ int ret;
+
+ if (_gnutls_mpi_get_nbits(n) < (session->internals.srp_prime_bits
+ ? session->internals.srp_prime_bits
+ : 2048)) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ /* N must be of the form N=2q+1
+ * where q is also a prime.
+ */
+ if (_gnutls_prime_check(n) != 0) {
+ _gnutls_mpi_log("no prime N: ", n);
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ two = _gnutls_mpi_new(4);
+ if (two == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ q = _gnutls_mpi_alloc_like(n);
+ if (q == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* q = n-1
+ */
+ _gnutls_mpi_sub_ui(q, n, 1);
+
+ /* q = q/2, remember that q is divisible by 2 (prime - 1)
+ */
+ _gnutls_mpi_set_ui(two, 2);
+ _gnutls_mpi_div(q, q, two);
+
+ if (_gnutls_prime_check(q) != 0) {
+ /* N was not on the form N=2q+1, where q = prime
+ */
+ _gnutls_mpi_log("no prime Q: ", q);
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ /* We also check whether g is a generator,
+ */
+
+ /* check if g < q < N
+ */
+ if (_gnutls_mpi_cmp(g, q) >= 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto error;
+ }
+
+ w = _gnutls_mpi_alloc_like(q);
+ if (w == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* check if g^q mod N == N-1
+ * w = g^q mod N
+ */
+ _gnutls_mpi_powm(w, g, q, n);
+
+ /* w++
+ */
+ _gnutls_mpi_add_ui(w, w, 1);
+
+ if (_gnutls_mpi_cmp(w, n) != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ _gnutls_mpi_release(&q);
+ _gnutls_mpi_release(&two);
+ _gnutls_mpi_release(&w);
+
+ return ret;
}
/* receive the key exchange message ( n, g, s, B)
*/
int
-_gnutls_proc_srp_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- uint8_t n_s;
- uint16_t n_g, n_n, n_b;
- size_t _n_g, _n_n, _n_b;
- const uint8_t *data_n;
- const uint8_t *data_g;
- const uint8_t *data_s;
- const uint8_t *data_b;
- int i, ret;
- uint8_t hd[SRP_MAX_HASH_SIZE];
- char *username, *password;
- ssize_t data_size = _data_size;
- gnutls_srp_client_credentials_t cred;
- extension_priv_data_t epriv;
- srp_ext_st *priv;
-
- ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_SRP_USERNAME;
- }
- priv = epriv.ptr;
-
- cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (priv->username == NULL)
- {
- username = cred->username;
- password = cred->password;
- }
- else
- {
- username = priv->username;
- password = priv->password;
- }
-
- if (username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- i = 0;
-
- /* Read N
- */
- DECR_LEN (data_size, 2);
- n_n = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_n);
- data_n = &data[i];
- i += n_n;
-
- /* Read G
- */
- DECR_LEN (data_size, 2);
- n_g = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_g);
- data_g = &data[i];
- i += n_g;
-
- /* Read salt
- */
- DECR_LEN (data_size, 1);
- n_s = data[i];
- i += 1;
-
- DECR_LEN (data_size, n_s);
- data_s = &data[i];
- i += n_s;
-
- /* Read B
- */
- DECR_LEN (data_size, 2);
- n_b = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_b);
- data_b = &data[i];
- i += n_b;
-
- _n_g = n_g;
- _n_n = n_n;
- _n_b = n_b;
-
- if (_gnutls_mpi_scan_nz (&N, data_n, _n_n) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (_gnutls_mpi_scan_nz (&G, data_g, _n_g) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (_gnutls_mpi_scan_nz (&B, data_b, _n_b) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
-
- /* Check if the g and n are from the SRP
- * draft. Otherwise check if N is a prime and G
- * a generator.
- */
- if ((ret = check_g_n (data_g, _n_g, data_n, _n_n)) < 0)
- {
- _gnutls_audit_log (session, "SRP group parameters are not in the white list. Checking validity.\n");
- if ((ret = group_check_g_n (session, G, N)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- /* Checks if b % n == 0
- */
- if ((ret = check_param_mod_n (B, N, 0)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
-
- /* generate x = SHA(s | SHA(U | ":" | p))
- * (or the equivalent using bcrypt)
- */
- if ((ret =
- _gnutls_calc_srp_x (username, password, (uint8_t *) data_s, n_s,
- &_n_g, hd)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (_gnutls_mpi_scan_nz (&session->key.x, hd, _n_g) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
-
- return i; /* return the processed data
- * needed in auth_srp_rsa.
- */
+ uint8_t n_s;
+ uint16_t n_g, n_n, n_b;
+ size_t _n_g, _n_n, _n_b;
+ const uint8_t *data_n;
+ const uint8_t *data_g;
+ const uint8_t *data_s;
+ const uint8_t *data_b;
+ int i, ret;
+ uint8_t hd[SRP_MAX_HASH_SIZE];
+ char *username, *password;
+ ssize_t data_size = _data_size;
+ gnutls_srp_client_credentials_t cred;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRP,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ cred = (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (priv->username == NULL) {
+ username = cred->username;
+ password = cred->password;
+ } else {
+ username = priv->username;
+ password = priv->password;
+ }
+
+ if (username == NULL || password == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ i = 0;
+
+ /* Read N
+ */
+ DECR_LEN(data_size, 2);
+ n_n = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_n);
+ data_n = &data[i];
+ i += n_n;
+
+ /* Read G
+ */
+ DECR_LEN(data_size, 2);
+ n_g = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_g);
+ data_g = &data[i];
+ i += n_g;
+
+ /* Read salt
+ */
+ DECR_LEN(data_size, 1);
+ n_s = data[i];
+ i += 1;
+
+ DECR_LEN(data_size, n_s);
+ data_s = &data[i];
+ i += n_s;
+
+ /* Read B
+ */
+ DECR_LEN(data_size, 2);
+ n_b = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_b);
+ data_b = &data[i];
+ i += n_b;
+
+ _n_g = n_g;
+ _n_n = n_n;
+ _n_b = n_b;
+
+ if (_gnutls_mpi_scan_nz(&N, data_n, _n_n) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz(&G, data_g, _n_g) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz(&B, data_b, _n_b) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+
+ /* Check if the g and n are from the SRP
+ * draft. Otherwise check if N is a prime and G
+ * a generator.
+ */
+ if ((ret = check_g_n(data_g, _n_g, data_n, _n_n)) < 0) {
+ _gnutls_audit_log(session,
+ "SRP group parameters are not in the white list. Checking validity.\n");
+ if ((ret = group_check_g_n(session, G, N)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ /* Checks if b % n == 0
+ */
+ if ((ret = check_param_mod_n(B, N, 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+
+ /* generate x = SHA(s | SHA(U | ":" | p))
+ * (or the equivalent using bcrypt)
+ */
+ if ((ret =
+ _gnutls_calc_srp_x(username, password, (uint8_t *) data_s,
+ n_s, &_n_g, hd)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (_gnutls_mpi_scan_nz(&session->key.x, hd, _n_g) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+
+ return i; /* return the processed data
+ * needed in auth_srp_rsa.
+ */
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/auth/srp.h b/lib/auth/srp.h
index e7723e1884..2bfce81474 100644
--- a/lib/auth/srp.h
+++ b/lib/auth/srp.h
@@ -25,44 +25,41 @@
#include <gnutls_auth.h>
-typedef struct gnutls_srp_client_credentials_st
-{
- char *username;
- char *password;
- gnutls_srp_client_credentials_function *get_function;
+typedef struct gnutls_srp_client_credentials_st {
+ char *username;
+ char *password;
+ gnutls_srp_client_credentials_function *get_function;
} srp_client_credentials_st;
-typedef struct gnutls_srp_server_credentials_st
-{
- char *password_file;
- char *password_conf_file;
- /* callback function, instead of reading the
- * password files.
- */
- gnutls_srp_server_credentials_function *pwd_callback;
+typedef struct gnutls_srp_server_credentials_st {
+ char *password_file;
+ char *password_conf_file;
+ /* callback function, instead of reading the
+ * password files.
+ */
+ gnutls_srp_server_credentials_function *pwd_callback;
} srp_server_cred_st;
/* these structures should not use allocated data */
-typedef struct srp_server_auth_info_st
-{
- char username[MAX_USERNAME_SIZE + 1];
+typedef struct srp_server_auth_info_st {
+ char username[MAX_USERNAME_SIZE + 1];
} *srp_server_auth_info_t;
#ifdef ENABLE_SRP
-int _gnutls_proc_srp_server_hello (gnutls_session_t state,
- const uint8_t * data, size_t data_size);
-int _gnutls_gen_srp_server_hello (gnutls_session_t state, uint8_t * data,
- size_t data_size);
+int _gnutls_proc_srp_server_hello(gnutls_session_t state,
+ const uint8_t * data, size_t data_size);
+int _gnutls_gen_srp_server_hello(gnutls_session_t state, uint8_t * data,
+ size_t data_size);
-int _gnutls_gen_srp_server_kx (gnutls_session_t, gnutls_buffer_st*);
-int _gnutls_gen_srp_client_kx (gnutls_session_t, gnutls_buffer_st*);
+int _gnutls_gen_srp_server_kx(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_gen_srp_client_kx(gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_proc_srp_server_kx (gnutls_session_t, uint8_t *, size_t);
-int _gnutls_proc_srp_client_kx (gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_srp_server_kx(gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_srp_client_kx(gnutls_session_t, uint8_t *, size_t);
typedef struct srp_server_auth_info_st srp_server_auth_info_st;
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
#endif
diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
index a9693d886e..a97114a2c1 100644
--- a/lib/auth/srp_passwd.c
+++ b/lib/auth/srp_passwd.c
@@ -39,160 +39,148 @@
#include <gnutls_num.h>
#include <random.h>
-static int _randomize_pwd_entry (SRP_PWD_ENTRY * entry);
+static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry);
/* this function parses tpasswd.conf file. Format is:
* string(username):base64(v):base64(salt):int(index)
*/
-static int
-parse_tpasswd_values (SRP_PWD_ENTRY * entry, char *str)
+static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str)
{
- char *p;
- int len, ret;
- uint8_t *verifier;
- size_t verifier_size;
- int indx;
-
- p = strrchr (str, ':'); /* we have index */
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- indx = atoi (p);
- if (indx == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- /* now go for salt */
- p = strrchr (str, ':'); /* we have salt */
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- len = strlen (p);
-
- entry->salt.size = _gnutls_sbase64_decode (p, len, &entry->salt.data);
-
- if (entry->salt.size <= 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- /* now go for verifier */
- p = strrchr (str, ':'); /* we have verifier */
- if (p == NULL)
- {
- _gnutls_free_datum (&entry->salt);
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- len = strlen (p);
- ret = _gnutls_sbase64_decode (p, len, &verifier);
- if (ret <= 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&entry->salt);
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- verifier_size = ret;
- entry->v.data = verifier;
- entry->v.size = verifier_size;
-
- /* now go for username */
- *p = '\0';
-
- entry->username = gnutls_strdup (str);
- if (entry->username == NULL)
- {
- _gnutls_free_datum (&entry->salt);
- _gnutls_free_datum (&entry->v);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return indx;
+ char *p;
+ int len, ret;
+ uint8_t *verifier;
+ size_t verifier_size;
+ int indx;
+
+ p = strrchr(str, ':'); /* we have index */
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ indx = atoi(p);
+ if (indx == 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ /* now go for salt */
+ p = strrchr(str, ':'); /* we have salt */
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen(p);
+
+ entry->salt.size =
+ _gnutls_sbase64_decode(p, len, &entry->salt.data);
+
+ if (entry->salt.size <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ /* now go for verifier */
+ p = strrchr(str, ':'); /* we have verifier */
+ if (p == NULL) {
+ _gnutls_free_datum(&entry->salt);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen(p);
+ ret = _gnutls_sbase64_decode(p, len, &verifier);
+ if (ret <= 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&entry->salt);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ verifier_size = ret;
+ entry->v.data = verifier;
+ entry->v.size = verifier_size;
+
+ /* now go for username */
+ *p = '\0';
+
+ entry->username = gnutls_strdup(str);
+ if (entry->username == NULL) {
+ _gnutls_free_datum(&entry->salt);
+ _gnutls_free_datum(&entry->v);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return indx;
}
/* this function parses tpasswd.conf file. Format is:
* int(index):base64(n):int(g)
*/
-static int
-parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str)
+static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str)
{
- char *p;
- int len;
- uint8_t *tmp;
- int ret;
-
- p = strrchr (str, ':'); /* we have g */
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- /* read the generator */
- len = strlen (p);
- if (p[len - 1] == '\n' || p[len - 1] == ' ')
- len--;
- ret = _gnutls_sbase64_decode (p, len, &tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- entry->g.data = tmp;
- entry->g.size = ret;
-
- /* now go for n - modulo */
- p = strrchr (str, ':'); /* we have n */
- if (p == NULL)
- {
- _gnutls_free_datum (&entry->g);
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- len = strlen (p);
- ret = _gnutls_sbase64_decode (p, len, &tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&entry->g);
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- entry->n.data = tmp;
- entry->n.size = ret;
-
- return 0;
+ char *p;
+ int len;
+ uint8_t *tmp;
+ int ret;
+
+ p = strrchr(str, ':'); /* we have g */
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ /* read the generator */
+ len = strlen(p);
+ if (p[len - 1] == '\n' || p[len - 1] == ' ')
+ len--;
+ ret = _gnutls_sbase64_decode(p, len, &tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ entry->g.data = tmp;
+ entry->g.size = ret;
+
+ /* now go for n - modulo */
+ p = strrchr(str, ':'); /* we have n */
+ if (p == NULL) {
+ _gnutls_free_datum(&entry->g);
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen(p);
+ ret = _gnutls_sbase64_decode(p, len, &tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&entry->g);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ entry->n.data = tmp;
+ entry->n.size = ret;
+
+ return 0;
}
@@ -200,283 +188,256 @@ parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str)
* values. They are put in the entry.
*/
static int
-pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY * entry, int idx)
+pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx)
{
- FILE *fd;
- char line[2 * 1024];
- unsigned i, len;
- char indexstr[10];
- int ret;
-
- snprintf (indexstr, sizeof(indexstr), "%u", (unsigned int)idx);
-
- fd = fopen (pconf_file, "r");
- if (fd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- len = strlen (indexstr);
- while (fgets (line, sizeof (line), fd) != NULL)
- {
- /* move to first ':' */
- i = 0;
- while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
- if (strncmp (indexstr, line, MAX (i, len)) == 0)
- {
- if ((idx = parse_tpasswd_conf_values (entry, line)) >= 0)
- {
- ret = 0;
- goto cleanup;
- }
- else
- {
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
- }
- }
- ret = GNUTLS_E_SRP_PWD_ERROR;
-
-cleanup:
- fclose(fd);
- return ret;
+ FILE *fd;
+ char line[2 * 1024];
+ unsigned i, len;
+ char indexstr[10];
+ int ret;
+
+ snprintf(indexstr, sizeof(indexstr), "%u", (unsigned int) idx);
+
+ fd = fopen(pconf_file, "r");
+ if (fd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ len = strlen(indexstr);
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0')
+ && (i < sizeof(line))) {
+ i++;
+ }
+ if (strncmp(indexstr, line, MAX(i, len)) == 0) {
+ if ((idx =
+ parse_tpasswd_conf_values(entry,
+ line)) >= 0) {
+ ret = 0;
+ goto cleanup;
+ } else {
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+ }
+ }
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+
+ cleanup:
+ fclose(fd);
+ return ret;
}
int
-_gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
- SRP_PWD_ENTRY ** _entry)
+_gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username,
+ SRP_PWD_ENTRY ** _entry)
{
- gnutls_srp_server_credentials_t cred;
- FILE *fd = NULL;
- char line[2 * 1024];
- unsigned i, len;
- int ret;
- int idx;
- SRP_PWD_ENTRY *entry = NULL;
-
- *_entry = gnutls_calloc (1, sizeof (SRP_PWD_ENTRY));
- if (*_entry == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- entry = *_entry;
-
- cred = (gnutls_srp_server_credentials_t)
- _gnutls_get_cred (state, GNUTLS_CRD_SRP, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- goto cleanup;
- }
-
- /* if the callback which sends the parameters is
- * set, use it.
- */
- if (cred->pwd_callback != NULL)
- {
- ret = cred->pwd_callback (state, username, &entry->salt,
- &entry->v, &entry->g, &entry->n);
-
- if (ret == 1)
- { /* the user does not exist */
- if (entry->g.size != 0 && entry->n.size != 0)
- {
- ret = _randomize_pwd_entry (entry);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- return 0;
- }
- else
- {
- gnutls_assert ();
- ret = -1; /* error in the callback */
- }
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
-
- return 0;
- }
-
- /* The callback was not set. Proceed.
- */
-
- if (cred->password_file == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
-
- /* Open the selected password file.
- */
- fd = fopen (cred->password_file, "r");
- if (fd == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
-
- len = strlen (username);
- while (fgets (line, sizeof (line), fd) != NULL)
- {
- /* move to first ':' */
- i = 0;
- while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
-
- if (strncmp (username, line, MAX (i, len)) == 0)
- {
- if ((idx = parse_tpasswd_values (entry, line)) >= 0)
- {
- /* Keep the last index in memory, so we can retrieve fake parameters (g,n)
- * when the user does not exist.
- */
- if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0)
- {
- goto found;
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
- }
- }
-
- /* user was not found. Fake him. Actually read the g,n values from
- * the last index found and randomize the entry.
- */
- if (pwd_read_conf (cred->password_conf_file, entry, 1) == 0)
- {
- ret = _randomize_pwd_entry (entry);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- goto found;
- }
-
- ret = GNUTLS_E_SRP_PWD_ERROR;
-cleanup:
- gnutls_assert ();
- if (fd) fclose(fd);
- _gnutls_srp_entry_free (entry);
- return ret;
-
-found:
- if (fd) fclose(fd);
- return 0;
+ gnutls_srp_server_credentials_t cred;
+ FILE *fd = NULL;
+ char line[2 * 1024];
+ unsigned i, len;
+ int ret;
+ int idx;
+ SRP_PWD_ENTRY *entry = NULL;
+
+ *_entry = gnutls_calloc(1, sizeof(SRP_PWD_ENTRY));
+ if (*_entry == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ entry = *_entry;
+
+ cred = (gnutls_srp_server_credentials_t)
+ _gnutls_get_cred(state, GNUTLS_CRD_SRP, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ goto cleanup;
+ }
+
+ /* if the callback which sends the parameters is
+ * set, use it.
+ */
+ if (cred->pwd_callback != NULL) {
+ ret = cred->pwd_callback(state, username, &entry->salt,
+ &entry->v, &entry->g, &entry->n);
+
+ if (ret == 1) { /* the user does not exist */
+ if (entry->g.size != 0 && entry->n.size != 0) {
+ ret = _randomize_pwd_entry(entry);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ return 0;
+ } else {
+ gnutls_assert();
+ ret = -1; /* error in the callback */
+ }
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+
+ return 0;
+ }
+
+ /* The callback was not set. Proceed.
+ */
+
+ if (cred->password_file == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+
+ /* Open the selected password file.
+ */
+ fd = fopen(cred->password_file, "r");
+ if (fd == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+
+ len = strlen(username);
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0')
+ && (i < sizeof(line))) {
+ i++;
+ }
+
+ if (strncmp(username, line, MAX(i, len)) == 0) {
+ if ((idx = parse_tpasswd_values(entry, line)) >= 0) {
+ /* Keep the last index in memory, so we can retrieve fake parameters (g,n)
+ * when the user does not exist.
+ */
+ if (pwd_read_conf
+ (cred->password_conf_file, entry,
+ idx) == 0) {
+ goto found;
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+ }
+ }
+
+ /* user was not found. Fake him. Actually read the g,n values from
+ * the last index found and randomize the entry.
+ */
+ if (pwd_read_conf(cred->password_conf_file, entry, 1) == 0) {
+ ret = _randomize_pwd_entry(entry);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ goto found;
+ }
+
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ cleanup:
+ gnutls_assert();
+ if (fd)
+ fclose(fd);
+ _gnutls_srp_entry_free(entry);
+ return ret;
+
+ found:
+ if (fd)
+ fclose(fd);
+ return 0;
}
/* Randomizes the given password entry. It actually sets the verifier
* and the salt. Returns 0 on success.
*/
-static int
-_randomize_pwd_entry (SRP_PWD_ENTRY * entry)
+static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry)
{
- unsigned char rnd;
- int ret;
-
- if (entry->g.size == 0 || entry->n.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- entry->salt.size = (rnd % 10) + 9;
-
- entry->v.data = gnutls_malloc (20);
- entry->v.size = 20;
- if (entry->v.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, entry->v.data, 20);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- entry->salt.data = gnutls_malloc (entry->salt.size);
- if (entry->salt.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, entry->salt.data, entry->salt.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ unsigned char rnd;
+ int ret;
+
+ if (entry->g.size == 0 || entry->n.size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, &rnd, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ entry->salt.size = (rnd % 10) + 9;
+
+ entry->v.data = gnutls_malloc(20);
+ entry->v.size = 20;
+ if (entry->v.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ entry->salt.data = gnutls_malloc(entry->salt.size);
+ if (entry->salt.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE, entry->salt.data,
+ entry->salt.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/* Free all the entry parameters, except if g and n are
* the static ones defined in gnutls.h
*/
-void
-_gnutls_srp_entry_free (SRP_PWD_ENTRY * entry)
+void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry)
{
- _gnutls_free_datum (&entry->v);
- _gnutls_free_datum (&entry->salt);
-
- if ((entry->g.data != gnutls_srp_1024_group_generator.data)
- && (entry->g.data != gnutls_srp_3072_group_generator.data))
- _gnutls_free_datum (&entry->g);
-
- if (entry->n.data != gnutls_srp_1024_group_prime.data &&
- entry->n.data != gnutls_srp_1536_group_prime.data &&
- entry->n.data != gnutls_srp_2048_group_prime.data &&
- entry->n.data != gnutls_srp_3072_group_prime.data &&
- entry->n.data != gnutls_srp_4096_group_prime.data)
- _gnutls_free_datum (&entry->n);
-
- gnutls_free (entry->username);
- gnutls_free (entry);
+ _gnutls_free_datum(&entry->v);
+ _gnutls_free_datum(&entry->salt);
+
+ if ((entry->g.data != gnutls_srp_1024_group_generator.data)
+ && (entry->g.data != gnutls_srp_3072_group_generator.data))
+ _gnutls_free_datum(&entry->g);
+
+ if (entry->n.data != gnutls_srp_1024_group_prime.data &&
+ entry->n.data != gnutls_srp_1536_group_prime.data &&
+ entry->n.data != gnutls_srp_2048_group_prime.data &&
+ entry->n.data != gnutls_srp_3072_group_prime.data &&
+ entry->n.data != gnutls_srp_4096_group_prime.data)
+ _gnutls_free_datum(&entry->n);
+
+ gnutls_free(entry->username);
+ gnutls_free(entry);
}
-#endif /* ENABLE SRP */
+#endif /* ENABLE SRP */
diff --git a/lib/auth/srp_passwd.h b/lib/auth/srp_passwd.h
index a04b4466ee..71bcc220de 100644
--- a/lib/auth/srp_passwd.h
+++ b/lib/auth/srp_passwd.h
@@ -22,21 +22,20 @@
#ifdef ENABLE_SRP
-typedef struct
-{
- char *username;
+typedef struct {
+ char *username;
- gnutls_datum_t salt;
- gnutls_datum_t v;
- gnutls_datum_t g;
- gnutls_datum_t n;
+ gnutls_datum_t salt;
+ gnutls_datum_t v;
+ gnutls_datum_t g;
+ gnutls_datum_t n;
} SRP_PWD_ENTRY;
/* this is locally allocated. It should be freed using the provided function */
-int _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
- SRP_PWD_ENTRY **);
-void _gnutls_srp_entry_free (SRP_PWD_ENTRY * entry);
-int _gnutls_sbase64_decode (char * data, size_t data_size,
- uint8_t ** result);
+int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username,
+ SRP_PWD_ENTRY **);
+void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry);
+int _gnutls_sbase64_decode(char *data, size_t data_size,
+ uint8_t ** result);
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c
index 97b5e918f5..83799ee388 100644
--- a/lib/auth/srp_rsa.c
+++ b/lib/auth/srp_rsa.c
@@ -40,222 +40,214 @@
#include <gnutls_x509.h>
#include <algorithms.h>
-static int gen_srp_cert_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_srp_cert_server_kx (gnutls_session_t, uint8_t *, size_t);
+static int gen_srp_cert_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_srp_cert_server_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st srp_rsa_auth_struct = {
- "SRP",
- _gnutls_gen_cert_server_crt,
- NULL,
- gen_srp_cert_server_kx,
- _gnutls_gen_srp_client_kx,
- NULL,
- NULL,
-
- _gnutls_proc_crt,
- NULL, /* certificate */
- proc_srp_cert_server_kx,
- _gnutls_proc_srp_client_kx,
- NULL,
- NULL
+ "SRP",
+ _gnutls_gen_cert_server_crt,
+ NULL,
+ gen_srp_cert_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ _gnutls_proc_crt,
+ NULL, /* certificate */
+ proc_srp_cert_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
};
const mod_auth_st srp_dss_auth_struct = {
- "SRP",
- _gnutls_gen_cert_server_crt,
- NULL,
- gen_srp_cert_server_kx,
- _gnutls_gen_srp_client_kx,
- NULL,
- NULL,
-
- _gnutls_proc_crt,
- NULL, /* certificate */
- proc_srp_cert_server_kx,
- _gnutls_proc_srp_client_kx,
- NULL,
- NULL
+ "SRP",
+ _gnutls_gen_cert_server_crt,
+ NULL,
+ gen_srp_cert_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ _gnutls_proc_crt,
+ NULL, /* certificate */
+ proc_srp_cert_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
};
static int
-gen_srp_cert_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- ssize_t ret;
- gnutls_datum_t signature, ddata;
- gnutls_certificate_credentials_t cred;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
- gnutls_sign_algorithm_t sign_algo;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret = _gnutls_gen_srp_server_kx (session, data);
-
- if (ret < 0)
- return ret;
-
- ddata.data = data->data;
- ddata.size = data->length;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if ((ret =
- _gnutls_handshake_sign_data (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature,
- &sign_algo)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- const sign_algorithm_st *aid;
- uint8_t p[2];
-
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
-
- aid = _gnutls_sign_to_tls_aid (sign_algo);
- if (aid == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
-
- p[0] = aid->hash_algorithm;
- p[1] = aid->sign_algorithm;
-
- ret = _gnutls_buffer_append_data(data, p, 2);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = _gnutls_buffer_append_data_prefix( data, 16, signature.data, signature.size);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = data->length;
-
-cleanup:
- _gnutls_free_datum (&signature);
- return ret;
+ ssize_t ret;
+ gnutls_datum_t signature, ddata;
+ gnutls_certificate_credentials_t cred;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_sign_algorithm_t sign_algo;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret = _gnutls_gen_srp_server_kx(session, data);
+
+ if (ret < 0)
+ return ret;
+
+ ddata.data = data->data;
+ ddata.size = data->length;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_handshake_sign_data(session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ const sign_algorithm_st *aid;
+ uint8_t p[2];
+
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ aid = _gnutls_sign_to_tls_aid(sign_algo);
+ if (aid == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ p[0] = aid->hash_algorithm;
+ p[1] = aid->sign_algorithm;
+
+ ret = _gnutls_buffer_append_data(data, p, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, signature.data,
+ signature.size);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+
+ cleanup:
+ _gnutls_free_datum(&signature);
+ return ret;
}
static int
-proc_srp_cert_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_srp_cert_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- ssize_t ret;
- int sigsize;
- gnutls_datum_t vparams, signature;
- ssize_t data_size;
- cert_auth_info_t info;
- gnutls_pcert_st peer_cert;
- uint8_t *p;
- gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret = _gnutls_proc_srp_server_kx (session, data, _data_size);
- if (ret < 0)
- return ret;
-
- data_size = _data_size - ret;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* VERIFY SIGNATURE */
-
- vparams.size = ret; /* all the data minus the signature */
- vparams.data = data;
-
- p = &data[vparams.size];
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- sign_algorithm_st aid;
-
- DECR_LEN (data_size, 1);
- aid.hash_algorithm = *p++;
- DECR_LEN (data_size, 1);
- aid.sign_algorithm = *p++;
- sign_algo = _gnutls_tls_aid_to_sign (&aid);
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- _gnutls_debug_log("unknown signature %d.%d\n", aid.sign_algorithm, aid.hash_algorithm);
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
- }
-
- DECR_LEN (data_size, 2);
- sigsize = _gnutls_read_uint16 (p);
-
- DECR_LEN (data_size, sigsize);
- signature.data = &p[2];
- signature.size = sigsize;
-
- ret =
- _gnutls_get_auth_info_pcert (&peer_cert,
- session->security_parameters.cert_type,
- info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
- sign_algo);
-
- gnutls_pcert_deinit (&peer_cert);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ ssize_t ret;
+ int sigsize;
+ gnutls_datum_t vparams, signature;
+ ssize_t data_size;
+ cert_auth_info_t info;
+ gnutls_pcert_st peer_cert;
+ uint8_t *p;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret = _gnutls_proc_srp_server_kx(session, data, _data_size);
+ if (ret < 0)
+ return ret;
+
+ data_size = _data_size - ret;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* VERIFY SIGNATURE */
+
+ vparams.size = ret; /* all the data minus the signature */
+ vparams.data = data;
+
+ p = &data[vparams.size];
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ sign_algorithm_st aid;
+
+ DECR_LEN(data_size, 1);
+ aid.hash_algorithm = *p++;
+ DECR_LEN(data_size, 1);
+ aid.sign_algorithm = *p++;
+ sign_algo = _gnutls_tls_aid_to_sign(&aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ _gnutls_debug_log("unknown signature %d.%d\n",
+ aid.sign_algorithm,
+ aid.hash_algorithm);
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ }
+
+ DECR_LEN(data_size, 2);
+ sigsize = _gnutls_read_uint16(p);
+
+ DECR_LEN(data_size, sigsize);
+ signature.data = &p[2];
+ signature.size = sigsize;
+
+ ret =
+ _gnutls_get_auth_info_pcert(&peer_cert,
+ session->security_parameters.
+ cert_type, info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_handshake_verify_data(session, &peer_cert, &vparams,
+ &signature, sign_algo);
+
+ gnutls_pcert_deinit(&peer_cert);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/auth/srp_sb64.c b/lib/auth/srp_sb64.c
index 47ae259fe5..852eb4dc09 100644
--- a/lib/auth/srp_sb64.c
+++ b/lib/auth/srp_sb64.c
@@ -31,115 +31,106 @@
* It seems that everybody makes their own base64 conversion.
*/
static const uint8_t b64table[] =
- "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+ "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
static const uint8_t asciitable[128] = {
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0x3e, 0x3f,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
- 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a,
- 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
- 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c,
- 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
- 0x23, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0x24, 0x25, 0x26, 0x27, 0x28,
- 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e,
- 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
- 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff,
- 0xff, 0xff
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x3e, 0x3f,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
+ 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+ 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c,
+ 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
+ 0x23, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x24, 0x25, 0x26, 0x27, 0x28,
+ 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e,
+ 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
+ 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff,
+ 0xff, 0xff
};
-inline static int
-encode (uint8_t * result, const uint8_t * rdata, int left)
+inline static int encode(uint8_t * result, const uint8_t * rdata, int left)
{
- int data_len;
- int c, ret = 4;
- uint8_t data[3];
-
- if (left > 3)
- data_len = 3;
- else
- data_len = left;
-
- data[0] = data[1] = data[2] = 0;
- memcpy (data, rdata, data_len);
-
- switch (data_len)
- {
- case 3:
- result[0] = b64table[((data[0] & 0xfc) >> 2)];
- result[1] =
- b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
- ((data[1] & 0xf0) >> 4))];
- result[2] =
- b64table[((((data[1] & 0x0f) << 2) & 0xff) |
- ((data[2] & 0xc0) >> 6))];
- result[3] = b64table[(data[2] & 0x3f) & 0xff];
- break;
- case 2:
- if ((c = ((data[0] & 0xf0) >> 4)) != 0)
- {
- result[0] = b64table[c];
- result[1] =
- b64table[((((data[0] & 0x0f) << 2) & 0xff) |
- ((data[1] & 0xc0) >> 6))];
- result[2] = b64table[(data[1] & 0x3f) & 0xff];
- result[3] = '\0';
- ret -= 1;
- }
- else
- {
- if ((c = ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >> 6)) != 0)
- {
- result[0] = b64table[c];
- result[1] = b64table[data[1] & 0x3f];
- result[2] = '\0';
- result[3] = '\0';
- ret -= 2;
- }
- else
- {
- result[0] = b64table[data[0] & 0x3f];
- result[1] = '\0';
- result[2] = '\0';
- result[3] = '\0';
- ret -= 3;
- }
- }
- break;
- case 1:
- if ((c = ((data[0] & 0xc0) >> 6)) != 0)
- {
- result[0] = b64table[c];
- result[1] = b64table[(data[0] & 0x3f) & 0xff];
- result[2] = '\0';
- result[3] = '\0';
- ret -= 2;
- }
- else
- {
- result[0] = b64table[(data[0] & 0x3f) & 0xff];
- result[1] = '\0';
- result[2] = '\0';
- result[3] = '\0';
- ret -= 3;
- }
- break;
- default:
- return -1;
- }
-
- return ret;
+ int data_len;
+ int c, ret = 4;
+ uint8_t data[3];
+
+ if (left > 3)
+ data_len = 3;
+ else
+ data_len = left;
+
+ data[0] = data[1] = data[2] = 0;
+ memcpy(data, rdata, data_len);
+
+ switch (data_len) {
+ case 3:
+ result[0] = b64table[((data[0] & 0xfc) >> 2)];
+ result[1] =
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ ((data[1] & 0xf0) >> 4))];
+ result[2] =
+ b64table[((((data[1] & 0x0f) << 2) & 0xff) |
+ ((data[2] & 0xc0) >> 6))];
+ result[3] = b64table[(data[2] & 0x3f) & 0xff];
+ break;
+ case 2:
+ if ((c = ((data[0] & 0xf0) >> 4)) != 0) {
+ result[0] = b64table[c];
+ result[1] =
+ b64table[((((data[0] & 0x0f) << 2) & 0xff) |
+ ((data[1] & 0xc0) >> 6))];
+ result[2] = b64table[(data[1] & 0x3f) & 0xff];
+ result[3] = '\0';
+ ret -= 1;
+ } else {
+ if ((c =
+ ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >>
+ 6)) != 0) {
+ result[0] = b64table[c];
+ result[1] = b64table[data[1] & 0x3f];
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 2;
+ } else {
+ result[0] = b64table[data[0] & 0x3f];
+ result[1] = '\0';
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 3;
+ }
+ }
+ break;
+ case 1:
+ if ((c = ((data[0] & 0xc0) >> 6)) != 0) {
+ result[0] = b64table[c];
+ result[1] = b64table[(data[0] & 0x3f) & 0xff];
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 2;
+ } else {
+ result[0] = b64table[(data[0] & 0x3f) & 0xff];
+ result[1] = '\0';
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 3;
+ }
+ break;
+ default:
+ return -1;
+ }
+
+ return ret;
}
@@ -147,56 +138,52 @@ encode (uint8_t * result, const uint8_t * rdata, int left)
* The result_size is the return value
*/
static int
-_gnutls_sbase64_encode (uint8_t * data, size_t data_size, char ** result)
+_gnutls_sbase64_encode(uint8_t * data, size_t data_size, char **result)
{
- unsigned i, j;
- int ret, tmp;
- uint8_t tmpres[4];
- int mod = data_size % 3;
+ unsigned i, j;
+ int ret, tmp;
+ uint8_t tmpres[4];
+ int mod = data_size % 3;
- ret = mod;
- if (ret != 0)
- ret = 4;
- else
- ret = 0;
+ ret = mod;
+ if (ret != 0)
+ ret = 4;
+ else
+ ret = 0;
- ret += (data_size * 4) / 3;
+ ret += (data_size * 4) / 3;
- (*result) = gnutls_calloc (1, ret + 1);
- if ((*result) == NULL)
- return -1;
+ (*result) = gnutls_calloc(1, ret + 1);
+ if ((*result) == NULL)
+ return -1;
- i = j = 0;
+ i = j = 0;
/* encode the bytes that are not a multiple of 3
*/
- if (mod > 0)
- {
- tmp = encode (tmpres, &data[0], mod);
- if (tmp < 0)
- {
- gnutls_free ((*result));
- return tmp;
- }
-
- memcpy (&(*result)[0], tmpres, tmp);
- i = mod;
- j = tmp;
-
- }
+ if (mod > 0) {
+ tmp = encode(tmpres, &data[0], mod);
+ if (tmp < 0) {
+ gnutls_free((*result));
+ return tmp;
+ }
+
+ memcpy(&(*result)[0], tmpres, tmp);
+ i = mod;
+ j = tmp;
+
+ }
/* encode the rest
*/
- for (; i < data_size; i += 3, j += 4)
- {
- tmp = encode (tmpres, &data[i], data_size - i);
- if (tmp < 0)
- {
- gnutls_free ((*result));
- return tmp;
- }
- memcpy (&(*result)[j], tmpres, tmp);
- }
-
- return strlen (*result);
+ for (; i < data_size; i += 3, j += 4) {
+ tmp = encode(tmpres, &data[i], data_size - i);
+ if (tmp < 0) {
+ gnutls_free((*result));
+ return tmp;
+ }
+ memcpy(&(*result)[j], tmpres, tmp);
+ }
+
+ return strlen(*result);
}
@@ -204,42 +191,41 @@ _gnutls_sbase64_encode (uint8_t * data, size_t data_size, char ** result)
* result should be 3 bytes
*/
#define TOASCII(c) (c < 127 ? asciitable[c] : 0xff)
-inline static int
-decode (uint8_t * result, const uint8_t * data)
+inline static int decode(uint8_t * result, const uint8_t * data)
{
- uint8_t a1, a2;
- int ret = 3;
-
- memset (result, 0, 3);
-
- a1 = TOASCII (data[3]);
- a2 = TOASCII (data[2]);
- if (a1 != 0xff)
- result[2] = a1 & 0xff;
- else
- return -1;
- if (a2 != 0xff)
- result[2] |= ((a2 & 0x03) << 6) & 0xff;
-
- a1 = a2;
- a2 = TOASCII (data[1]);
- if (a1 != 0xff)
- result[1] = ((a1 & 0x3c) >> 2);
- if (a2 != 0xff)
- result[1] |= ((a2 & 0x0f) << 4);
- else if (a1 == 0xff || result[1] == 0)
- ret--;
-
- a1 = a2;
- a2 = TOASCII (data[0]);
- if (a1 != 0xff)
- result[0] = (((a1 & 0x30) >> 4) & 0xff);
- if (a2 != 0xff)
- result[0] |= ((a2 << 2) & 0xff);
- else if (a1 == 0xff || result[0] == 0)
- ret--;
-
- return ret;
+ uint8_t a1, a2;
+ int ret = 3;
+
+ memset(result, 0, 3);
+
+ a1 = TOASCII(data[3]);
+ a2 = TOASCII(data[2]);
+ if (a1 != 0xff)
+ result[2] = a1 & 0xff;
+ else
+ return -1;
+ if (a2 != 0xff)
+ result[2] |= ((a2 & 0x03) << 6) & 0xff;
+
+ a1 = a2;
+ a2 = TOASCII(data[1]);
+ if (a1 != 0xff)
+ result[1] = ((a1 & 0x3c) >> 2);
+ if (a2 != 0xff)
+ result[1] |= ((a2 & 0x0f) << 4);
+ else if (a1 == 0xff || result[1] == 0)
+ ret--;
+
+ a1 = a2;
+ a2 = TOASCII(data[0]);
+ if (a1 != 0xff)
+ result[0] = (((a1 & 0x30) >> 4) & 0xff);
+ if (a2 != 0xff)
+ result[0] |= ((a2 << 2) & 0xff);
+ else if (a1 == 0xff || result[0] == 0)
+ ret--;
+
+ return ret;
}
/* decodes data and puts the result into result (locally allocated)
@@ -248,63 +234,59 @@ decode (uint8_t * result, const uint8_t * data)
* before calling it.
*/
int
-_gnutls_sbase64_decode (char * data, size_t idata_size, uint8_t ** result)
+_gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result)
{
- unsigned i, j;
- int ret, left;
- int data_size, tmp;
- uint8_t datrev[4];
- uint8_t tmpres[3];
-
- data_size = (idata_size / 4) * 4;
- left = idata_size % 4;
-
- ret = (data_size / 4) * 3;
-
- if (left > 0)
- ret += 3;
-
- (*result) = gnutls_malloc (ret + 1);
- if ((*result) == NULL)
- return -1;
-
- /* the first "block" is treated with special care */
- tmp = 0;
- if (left > 0)
- {
- memset (datrev, 0, 4);
- memcpy (&datrev[4 - left], data, left);
-
- tmp = decode (tmpres, datrev);
- if (tmp < 0)
- {
- gnutls_free ((*result));
- *result = NULL;
- return tmp;
- }
-
- memcpy (*result, &tmpres[3 - tmp], tmp);
- if (tmp < 3)
- ret -= (3 - tmp);
- }
-
- /* rest data */
- for (i = left, j = tmp; i < idata_size; i += 4)
- {
- tmp = decode (tmpres, (uint8_t*)&data[i]);
- if (tmp < 0)
- {
- gnutls_free ((*result));
- *result = NULL;
- return tmp;
- }
- memcpy (&(*result)[j], tmpres, tmp);
- if (tmp < 3)
- ret -= (3 - tmp);
- j += 3;
- }
-
- return ret;
+ unsigned i, j;
+ int ret, left;
+ int data_size, tmp;
+ uint8_t datrev[4];
+ uint8_t tmpres[3];
+
+ data_size = (idata_size / 4) * 4;
+ left = idata_size % 4;
+
+ ret = (data_size / 4) * 3;
+
+ if (left > 0)
+ ret += 3;
+
+ (*result) = gnutls_malloc(ret + 1);
+ if ((*result) == NULL)
+ return -1;
+
+ /* the first "block" is treated with special care */
+ tmp = 0;
+ if (left > 0) {
+ memset(datrev, 0, 4);
+ memcpy(&datrev[4 - left], data, left);
+
+ tmp = decode(tmpres, datrev);
+ if (tmp < 0) {
+ gnutls_free((*result));
+ *result = NULL;
+ return tmp;
+ }
+
+ memcpy(*result, &tmpres[3 - tmp], tmp);
+ if (tmp < 3)
+ ret -= (3 - tmp);
+ }
+
+ /* rest data */
+ for (i = left, j = tmp; i < idata_size; i += 4) {
+ tmp = decode(tmpres, (uint8_t *) & data[i]);
+ if (tmp < 0) {
+ gnutls_free((*result));
+ *result = NULL;
+ return tmp;
+ }
+ memcpy(&(*result)[j], tmpres, tmp);
+ if (tmp < 3)
+ ret -= (3 - tmp);
+ j += 3;
+ }
+
+ return ret;
}
/**
@@ -325,30 +307,27 @@ _gnutls_sbase64_decode (char * data, size_t idata_size, uint8_t ** result)
* long enough, or 0 on success.
**/
int
-gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
- size_t * result_size)
+gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result,
+ size_t * result_size)
{
- char *res;
- int size;
-
- size = _gnutls_sbase64_encode (data->data, data->size, &res);
- if (size < 0)
- return size;
-
- if (result == NULL || *result_size < (size_t) size)
- {
- gnutls_free (res);
- *result_size = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- memcpy (result, res, size);
- gnutls_free (res);
- *result_size = size;
- }
-
- return 0;
+ char *res;
+ int size;
+
+ size = _gnutls_sbase64_encode(data->data, data->size, &res);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (size_t) size) {
+ gnutls_free(res);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, res, size);
+ gnutls_free(res);
+ *result_size = size;
+ }
+
+ return 0;
}
/**
@@ -369,28 +348,25 @@ gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
* Returns: 0 on success, or an error code.
**/
int
-gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
- gnutls_datum_t * result)
+gnutls_srp_base64_encode_alloc(const gnutls_datum_t * data,
+ gnutls_datum_t * result)
{
- char *res;
- int size;
-
- size = _gnutls_sbase64_encode (data->data, data->size, &res);
- if (size < 0)
- return size;
-
- if (result == NULL)
- {
- gnutls_free (res);
- return GNUTLS_E_INVALID_REQUEST;
- }
- else
- {
- result->data = (uint8_t*)res;
- result->size = size;
- }
-
- return 0;
+ char *res;
+ int size;
+
+ size = _gnutls_sbase64_encode(data->data, data->size, &res);
+ if (size < 0)
+ return size;
+
+ if (result == NULL) {
+ gnutls_free(res);
+ return GNUTLS_E_INVALID_REQUEST;
+ } else {
+ result->data = (uint8_t *) res;
+ result->size = size;
+ }
+
+ return 0;
}
/**
@@ -411,30 +387,29 @@ gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
* long enough, or 0 on success.
**/
int
-gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
- size_t * result_size)
+gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result,
+ size_t * result_size)
{
- uint8_t *res;
- int size;
-
- size = _gnutls_sbase64_decode ((char*)b64_data->data, b64_data->size, &res);
- if (size < 0)
- return size;
-
- if (result == NULL || *result_size < (size_t) size)
- {
- gnutls_free (res);
- *result_size = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- memcpy (result, res, size);
- gnutls_free (res);
- *result_size = size;
- }
-
- return 0;
+ uint8_t *res;
+ int size;
+
+ size =
+ _gnutls_sbase64_decode((char *) b64_data->data, b64_data->size,
+ &res);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (size_t) size) {
+ gnutls_free(res);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, res, size);
+ gnutls_free(res);
+ *result_size = size;
+ }
+
+ return 0;
}
/**
@@ -454,28 +429,27 @@ gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
* Returns: 0 on success, or an error code.
**/
int
-gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
- gnutls_datum_t * result)
+gnutls_srp_base64_decode_alloc(const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result)
{
- uint8_t *ret;
- int size;
-
- size = _gnutls_sbase64_decode ((char*)b64_data->data, b64_data->size, &ret);
- if (size < 0)
- return size;
-
- if (result == NULL)
- {
- gnutls_free (ret);
- return GNUTLS_E_INVALID_REQUEST;
- }
- else
- {
- result->data = ret;
- result->size = size;
- }
-
- return 0;
+ uint8_t *ret;
+ int size;
+
+ size =
+ _gnutls_sbase64_decode((char *) b64_data->data, b64_data->size,
+ &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL) {
+ gnutls_free(ret);
+ return GNUTLS_E_INVALID_REQUEST;
+ } else {
+ result->data = ret;
+ result->size = size;
+ }
+
+ return 0;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 53e6276f7a..4a56bedd3c 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -29,10 +29,9 @@
#include <random.h>
#include <crypto.h>
-typedef struct api_cipher_hd_st
-{
- cipher_hd_st ctx_enc;
- cipher_hd_st ctx_dec;
+typedef struct api_cipher_hd_st {
+ cipher_hd_st ctx_enc;
+ cipher_hd_st ctx_dec;
} api_cipher_hd_st;
/**
@@ -52,27 +51,31 @@ typedef struct api_cipher_hd_st
* Since: 2.10.0
**/
int
-gnutls_cipher_init (gnutls_cipher_hd_t * handle,
- gnutls_cipher_algorithm_t cipher,
- const gnutls_datum_t * key, const gnutls_datum_t * iv)
+gnutls_cipher_init(gnutls_cipher_hd_t * handle,
+ gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key, const gnutls_datum_t * iv)
{
-api_cipher_hd_st * h;
-int ret;
-
- *handle = gnutls_calloc (1, sizeof (api_cipher_hd_st));
- if (*handle == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- h = *handle;
- ret = _gnutls_cipher_init (&h->ctx_enc, cipher_to_entry(cipher), key, iv, 1);
-
- if (ret >= 0 && _gnutls_cipher_is_aead(&h->ctx_enc) == 0) /* AEAD ciphers are stream - so far */
- ret = _gnutls_cipher_init (&h->ctx_dec, cipher_to_entry(cipher), key, iv, 0);
-
- return ret;
+ api_cipher_hd_st *h;
+ int ret;
+
+ *handle = gnutls_calloc(1, sizeof(api_cipher_hd_st));
+ if (*handle == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ h = *handle;
+ ret =
+ _gnutls_cipher_init(&h->ctx_enc, cipher_to_entry(cipher), key,
+ iv, 1);
+
+ if (ret >= 0 && _gnutls_cipher_is_aead(&h->ctx_enc) == 0) /* AEAD ciphers are stream - so far */
+ ret =
+ _gnutls_cipher_init(&h->ctx_dec,
+ cipher_to_entry(cipher), key, iv,
+ 0);
+
+ return ret;
}
/**
@@ -90,16 +93,16 @@ int ret;
* Since: 3.0
**/
int
-gnutls_cipher_tag (gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
+gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- _gnutls_cipher_tag( &h->ctx_enc, tag, tag_size);
-
- return 0;
+ _gnutls_cipher_tag(&h->ctx_enc, tag, tag_size);
+
+ return 0;
}
/**
@@ -118,16 +121,17 @@ api_cipher_hd_st * h = handle;
* Since: 3.0
**/
int
-gnutls_cipher_add_auth (gnutls_cipher_hd_t handle, const void *text, size_t text_size)
+gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *text,
+ size_t text_size)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
+
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ _gnutls_cipher_auth(&h->ctx_enc, text, text_size);
- _gnutls_cipher_auth( &h->ctx_enc, text, text_size);
-
- return 0;
+ return 0;
}
/**
@@ -142,14 +146,14 @@ api_cipher_hd_st * h = handle;
* Since: 3.0
**/
void
-gnutls_cipher_set_iv (gnutls_cipher_hd_t handle, void *iv, size_t ivlen)
+gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv, size_t ivlen)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- _gnutls_cipher_setiv( &h->ctx_enc, iv, ivlen);
+ _gnutls_cipher_setiv(&h->ctx_enc, iv, ivlen);
- if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
- _gnutls_cipher_setiv( &h->ctx_dec, iv, ivlen);
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) == 0)
+ _gnutls_cipher_setiv(&h->ctx_dec, iv, ivlen);
}
/**
@@ -166,11 +170,12 @@ api_cipher_hd_st * h = handle;
* Since: 2.10.0
**/
int
-gnutls_cipher_encrypt (gnutls_cipher_hd_t handle, void *text, size_t textlen)
+gnutls_cipher_encrypt(gnutls_cipher_hd_t handle, void *text,
+ size_t textlen)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- return _gnutls_cipher_encrypt (&h->ctx_enc, text, textlen);
+ return _gnutls_cipher_encrypt(&h->ctx_enc, text, textlen);
}
/**
@@ -190,15 +195,17 @@ api_cipher_hd_st * h = handle;
* Since: 2.10.0
**/
int
-gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
- size_t ciphertextlen)
+gnutls_cipher_decrypt(gnutls_cipher_hd_t handle, void *ciphertext,
+ size_t ciphertextlen)
{
-api_cipher_hd_st * h = handle;
-
- if (_gnutls_cipher_is_aead(&h->ctx_enc)!=0)
- return _gnutls_cipher_decrypt (&h->ctx_enc, ciphertext, ciphertextlen);
- else
- return _gnutls_cipher_decrypt (&h->ctx_dec, ciphertext, ciphertextlen);
+ api_cipher_hd_st *h = handle;
+
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) != 0)
+ return _gnutls_cipher_decrypt(&h->ctx_enc, ciphertext,
+ ciphertextlen);
+ else
+ return _gnutls_cipher_decrypt(&h->ctx_dec, ciphertext,
+ ciphertextlen);
}
/**
@@ -217,13 +224,14 @@ api_cipher_hd_st * h = handle;
* Since: 2.12.0
**/
int
-gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, const void *text, size_t textlen,
- void *ciphertext, size_t ciphertextlen)
+gnutls_cipher_encrypt2(gnutls_cipher_hd_t handle, const void *text,
+ size_t textlen, void *ciphertext,
+ size_t ciphertextlen)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- return _gnutls_cipher_encrypt2 (&h->ctx_enc, text, textlen,
- ciphertext, ciphertextlen);
+ return _gnutls_cipher_encrypt2(&h->ctx_enc, text, textlen,
+ ciphertext, ciphertextlen);
}
/**
@@ -245,17 +253,19 @@ api_cipher_hd_st * h = handle;
* Since: 2.12.0
**/
int
-gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext,
- size_t ciphertextlen, void *text, size_t textlen)
+gnutls_cipher_decrypt2(gnutls_cipher_hd_t handle, const void *ciphertext,
+ size_t ciphertextlen, void *text, size_t textlen)
{
-api_cipher_hd_st * h = handle;
-
- if (_gnutls_cipher_is_aead(&h->ctx_enc)!=0)
- return _gnutls_cipher_decrypt2 (&h->ctx_enc, ciphertext,
- ciphertextlen, text, textlen);
- else
- return _gnutls_cipher_decrypt2 (&h->ctx_dec, ciphertext,
- ciphertextlen, text, textlen);
+ api_cipher_hd_st *h = handle;
+
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) != 0)
+ return _gnutls_cipher_decrypt2(&h->ctx_enc, ciphertext,
+ ciphertextlen, text,
+ textlen);
+ else
+ return _gnutls_cipher_decrypt2(&h->ctx_dec, ciphertext,
+ ciphertextlen, text,
+ textlen);
}
/**
@@ -267,15 +277,14 @@ api_cipher_hd_st * h = handle;
*
* Since: 2.10.0
**/
-void
-gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
+void gnutls_cipher_deinit(gnutls_cipher_hd_t handle)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- _gnutls_cipher_deinit (&h->ctx_enc);
- if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
- _gnutls_cipher_deinit (&h->ctx_dec);
- gnutls_free (handle);
+ _gnutls_cipher_deinit(&h->ctx_enc);
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) == 0)
+ _gnutls_cipher_deinit(&h->ctx_dec);
+ gnutls_free(handle);
}
@@ -301,19 +310,18 @@ api_cipher_hd_st * h = handle;
* Since: 2.10.0
**/
int
-gnutls_hmac_init (gnutls_hmac_hd_t * dig,
- gnutls_mac_algorithm_t algorithm,
- const void *key, size_t keylen)
+gnutls_hmac_init(gnutls_hmac_hd_t * dig,
+ gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen)
{
- *dig = gnutls_malloc (sizeof (mac_hd_st));
- if (*dig == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return _gnutls_mac_init (((mac_hd_st *) * dig),
- mac_to_entry(algorithm), key, keylen);
+ *dig = gnutls_malloc(sizeof(mac_hd_st));
+ if (*dig == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_mac_init(((mac_hd_st *) * dig),
+ mac_to_entry(algorithm), key, keylen);
}
/**
@@ -327,9 +335,10 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig,
* Since: 3.2.0
**/
void
-gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len)
+gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle, const void *nonce,
+ size_t nonce_len)
{
- _gnutls_mac_set_nonce ((mac_hd_st *) handle, nonce, nonce_len);
+ _gnutls_mac_set_nonce((mac_hd_st *) handle, nonce, nonce_len);
}
/**
@@ -345,10 +354,9 @@ gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_
*
* Since: 2.10.0
**/
-int
-gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
+int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen)
{
- return _gnutls_mac ((mac_hd_st *) handle, text, textlen);
+ return _gnutls_mac((mac_hd_st *) handle, text, textlen);
}
/**
@@ -361,10 +369,9 @@ gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
*
* Since: 2.10.0
**/
-void
-gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
+void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest)
{
- _gnutls_mac_output ((mac_hd_st *) handle, digest);
+ _gnutls_mac_output((mac_hd_st *) handle, digest);
}
/**
@@ -377,11 +384,10 @@ gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
*
* Since: 2.10.0
**/
-void
-gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
+void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest)
{
- _gnutls_mac_deinit ((mac_hd_st *) handle, digest);
- gnutls_free (handle);
+ _gnutls_mac_deinit((mac_hd_st *) handle, digest);
+ gnutls_free(handle);
}
/**
@@ -395,10 +401,9 @@ gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
*
* Since: 2.10.0
**/
-int
-gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm)
+int gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm)
{
- return _gnutls_mac_get_algo_len (mac_to_entry(algorithm));
+ return _gnutls_mac_get_algo_len(mac_to_entry(algorithm));
}
/**
@@ -418,11 +423,12 @@ gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm)
* Since: 2.10.0
**/
int
-gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
- const void *key, size_t keylen,
- const void *text, size_t textlen, void *digest)
+gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen,
+ const void *text, size_t textlen, void *digest)
{
- return _gnutls_mac_fast (algorithm, key, keylen, text, textlen, digest);
+ return _gnutls_mac_fast(algorithm, key, keylen, text, textlen,
+ digest);
}
/* HASH */
@@ -442,16 +448,17 @@ gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
* Since: 2.10.0
**/
int
-gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm)
+gnutls_hash_init(gnutls_hash_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm)
{
- *dig = gnutls_malloc (sizeof (digest_hd_st));
- if (*dig == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return _gnutls_hash_init (((digest_hd_st *) * dig), mac_to_entry(algorithm));
+ *dig = gnutls_malloc(sizeof(digest_hd_st));
+ if (*dig == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_hash_init(((digest_hd_st *) * dig),
+ mac_to_entry(algorithm));
}
/**
@@ -467,10 +474,9 @@ gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm)
*
* Since: 2.10.0
**/
-int
-gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
+int gnutls_hash(gnutls_hash_hd_t handle, const void *text, size_t textlen)
{
- return _gnutls_hash ((digest_hd_st *) handle, text, textlen);
+ return _gnutls_hash((digest_hd_st *) handle, text, textlen);
}
/**
@@ -483,10 +489,9 @@ gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
*
* Since: 2.10.0
**/
-void
-gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
+void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest)
{
- _gnutls_hash_output ((digest_hd_st *) handle, digest);
+ _gnutls_hash_output((digest_hd_st *) handle, digest);
}
/**
@@ -499,11 +504,10 @@ gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
*
* Since: 2.10.0
**/
-void
-gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
+void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest)
{
- _gnutls_hash_deinit ((digest_hd_st *) handle, digest);
- gnutls_free (handle);
+ _gnutls_hash_deinit((digest_hd_st *) handle, digest);
+ gnutls_free(handle);
}
/**
@@ -517,10 +521,9 @@ gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
*
* Since: 2.10.0
**/
-int
-gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm)
+int gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm)
{
- return _gnutls_hash_get_algo_len (mac_to_entry(algorithm));
+ return _gnutls_hash_get_algo_len(mac_to_entry(algorithm));
}
/**
@@ -538,10 +541,10 @@ gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm)
* Since: 2.10.0
**/
int
-gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest)
+gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest)
{
- return _gnutls_hash_fast (algorithm, text, textlen, digest);
+ return _gnutls_hash_fast(algorithm, text, textlen, digest);
}
/**
@@ -557,26 +560,23 @@ gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
*
* Since: 3.0
**/
-int
-gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size)
+int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size)
{
- int ret;
-
- key->size = key_size;
- key->data = gnutls_malloc (key->size);
- if (!key->data)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, key->data, key->size);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (key);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ key->size = key_size;
+ key->data = gnutls_malloc(key->size);
+ if (!key->data) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(key);
+ return ret;
+ }
+
+ return 0;
}
diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c
index ebc67a9f2a..8840b1c123 100644
--- a/lib/crypto-backend.c
+++ b/lib/crypto-backend.c
@@ -35,12 +35,11 @@ int crypto_mac_prio = INT_MAX;
int crypto_digest_prio = INT_MAX;
int crypto_cipher_prio = INT_MAX;
-typedef struct algo_list
-{
- int algorithm;
- int priority;
- const void *alg_data;
- struct algo_list *next;
+typedef struct algo_list {
+ int algorithm;
+ int priority;
+ const void *alg_data;
+ struct algo_list *next;
} algo_list;
#define cipher_list algo_list
@@ -48,104 +47,92 @@ typedef struct algo_list
#define digest_list algo_list
static int
-_algo_register (algo_list * al, int algorithm, int priority, const void *s)
+_algo_register(algo_list * al, int algorithm, int priority, const void *s)
{
- algo_list *cl;
- algo_list *last_cl = al;
-
- if (al == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* look if there is any cipher with lowest priority. In that case do not add.
- */
- cl = al;
- while (cl && cl->alg_data)
- {
- if (cl->algorithm == algorithm)
- {
- if (cl->priority < priority)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
- }
- else
- {
- /* the current has higher priority -> overwrite */
- cl->algorithm = algorithm;
- cl->priority = priority;
- cl->alg_data = s;
- return 0;
- }
- }
- cl = cl->next;
- if (cl)
- last_cl = cl;
- }
-
- cl = gnutls_calloc (1, sizeof (cipher_list));
-
- if (cl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- last_cl->algorithm = algorithm;
- last_cl->priority = priority;
- last_cl->alg_data = s;
- last_cl->next = cl;
-
- return 0;
+ algo_list *cl;
+ algo_list *last_cl = al;
+
+ if (al == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* look if there is any cipher with lowest priority. In that case do not add.
+ */
+ cl = al;
+ while (cl && cl->alg_data) {
+ if (cl->algorithm == algorithm) {
+ if (cl->priority < priority) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ } else {
+ /* the current has higher priority -> overwrite */
+ cl->algorithm = algorithm;
+ cl->priority = priority;
+ cl->alg_data = s;
+ return 0;
+ }
+ }
+ cl = cl->next;
+ if (cl)
+ last_cl = cl;
+ }
+
+ cl = gnutls_calloc(1, sizeof(cipher_list));
+
+ if (cl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ last_cl->algorithm = algorithm;
+ last_cl->priority = priority;
+ last_cl->alg_data = s;
+ last_cl->next = cl;
+
+ return 0;
}
-static const void *
-_get_algo (algo_list * al, int algo)
+static const void *_get_algo(algo_list * al, int algo)
{
- cipher_list *cl;
-
- /* look if there is any cipher with lowest priority. In that case do not add.
- */
- cl = al;
- while (cl && cl->alg_data)
- {
- if (cl->algorithm == algo)
- {
- return cl->alg_data;
- }
- cl = cl->next;
- }
-
- return NULL;
+ cipher_list *cl;
+
+ /* look if there is any cipher with lowest priority. In that case do not add.
+ */
+ cl = al;
+ while (cl && cl->alg_data) {
+ if (cl->algorithm == algo) {
+ return cl->alg_data;
+ }
+ cl = cl->next;
+ }
+
+ return NULL;
}
static cipher_list glob_cl = { GNUTLS_CIPHER_NULL, 0, NULL, NULL };
static mac_list glob_ml = { GNUTLS_MAC_NULL, 0, NULL, NULL };
static digest_list glob_dl = { GNUTLS_MAC_NULL, 0, NULL, NULL };
-static void
-_deregister (algo_list * cl)
+static void _deregister(algo_list * cl)
{
- algo_list *next;
-
- next = cl->next;
- cl->next = NULL;
- cl = next;
-
- while (cl)
- {
- next = cl->next;
- gnutls_free (cl);
- cl = next;
- }
+ algo_list *next;
+
+ next = cl->next;
+ cl->next = NULL;
+ cl = next;
+
+ while (cl) {
+ next = cl->next;
+ gnutls_free(cl);
+ cl = next;
+ }
}
-void
-_gnutls_crypto_deregister (void)
+void _gnutls_crypto_deregister(void)
{
- _deregister (&glob_cl);
- _deregister (&glob_ml);
- _deregister (&glob_dl);
+ _deregister(&glob_cl);
+ _deregister(&glob_ml);
+ _deregister(&glob_dl);
}
/*-
@@ -170,17 +157,17 @@ _gnutls_crypto_deregister (void)
* Since: 2.6.0
-*/
int
-gnutls_crypto_single_cipher_register (gnutls_cipher_algorithm_t algorithm,
- int priority,
- const gnutls_crypto_cipher_st * s)
+gnutls_crypto_single_cipher_register(gnutls_cipher_algorithm_t algorithm,
+ int priority,
+ const gnutls_crypto_cipher_st * s)
{
- return _algo_register (&glob_cl, algorithm, priority, s);
+ return _algo_register(&glob_cl, algorithm, priority, s);
}
-const gnutls_crypto_cipher_st *
-_gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
+const gnutls_crypto_cipher_st
+ *_gnutls_get_crypto_cipher(gnutls_cipher_algorithm_t algo)
{
- return _get_algo (&glob_cl, algo);
+ return _get_algo(&glob_cl, algo);
}
/*-
@@ -204,17 +191,15 @@ _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
* Since: 2.6.0
-*/
int
-gnutls_crypto_rnd_register (int priority,
- const gnutls_crypto_rnd_st * s)
+gnutls_crypto_rnd_register(int priority, const gnutls_crypto_rnd_st * s)
{
- if (crypto_rnd_prio > priority)
- {
- memcpy (&_gnutls_rnd_ops, s, sizeof (*s));
- crypto_rnd_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_rnd_prio > priority) {
+ memcpy(&_gnutls_rnd_ops, s, sizeof(*s));
+ crypto_rnd_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -239,17 +224,17 @@ gnutls_crypto_rnd_register (int priority,
* Since: 2.6.0
-*/
int
-gnutls_crypto_single_mac_register (gnutls_mac_algorithm_t algorithm,
- int priority,
- const gnutls_crypto_mac_st * s)
+gnutls_crypto_single_mac_register(gnutls_mac_algorithm_t algorithm,
+ int priority,
+ const gnutls_crypto_mac_st * s)
{
- return _algo_register (&glob_ml, algorithm, priority, s);
+ return _algo_register(&glob_ml, algorithm, priority, s);
}
-const gnutls_crypto_mac_st *
-_gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
+const gnutls_crypto_mac_st *_gnutls_get_crypto_mac(gnutls_mac_algorithm_t
+ algo)
{
- return _get_algo (&glob_ml, algo);
+ return _get_algo(&glob_ml, algo);
}
/*-
@@ -274,17 +259,17 @@ _gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
* Since: 2.6.0
-*/
int
-gnutls_crypto_single_digest_register (gnutls_digest_algorithm_t algorithm,
- int priority,
- const gnutls_crypto_digest_st * s)
+gnutls_crypto_single_digest_register(gnutls_digest_algorithm_t algorithm,
+ int priority,
+ const gnutls_crypto_digest_st * s)
{
- return _algo_register (&glob_dl, algorithm, priority, s);
+ return _algo_register(&glob_dl, algorithm, priority, s);
}
-const gnutls_crypto_digest_st *
-_gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
+const gnutls_crypto_digest_st
+ *_gnutls_get_crypto_digest(gnutls_digest_algorithm_t algo)
{
- return _get_algo (&glob_dl, algo);
+ return _get_algo(&glob_dl, algo);
}
/*-
@@ -311,17 +296,16 @@ _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
* Since: 2.6.0
-*/
int
-gnutls_crypto_bigint_register (int priority,
- const gnutls_crypto_bigint_st * s)
+gnutls_crypto_bigint_register(int priority,
+ const gnutls_crypto_bigint_st * s)
{
- if (crypto_bigint_prio > priority)
- {
- memcpy (&_gnutls_mpi_ops, s, sizeof (*s));
- crypto_bigint_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_bigint_prio > priority) {
+ memcpy(&_gnutls_mpi_ops, s, sizeof(*s));
+ crypto_bigint_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -347,18 +331,15 @@ gnutls_crypto_bigint_register (int priority,
*
* Since: 2.6.0
-*/
-int
-gnutls_crypto_pk_register (int priority,
- const gnutls_crypto_pk_st * s)
+int gnutls_crypto_pk_register(int priority, const gnutls_crypto_pk_st * s)
{
- if (crypto_pk_prio > priority)
- {
- memcpy (&_gnutls_pk_ops, s, sizeof (*s));
- crypto_pk_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_pk_prio > priority) {
+ memcpy(&_gnutls_pk_ops, s, sizeof(*s));
+ crypto_pk_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -382,17 +363,16 @@ gnutls_crypto_pk_register (int priority,
* Since: 2.6.0
-*/
int
-gnutls_crypto_cipher_register (int priority,
- const gnutls_crypto_cipher_st * s)
+gnutls_crypto_cipher_register(int priority,
+ const gnutls_crypto_cipher_st * s)
{
- if (crypto_cipher_prio > priority)
- {
- memcpy (&_gnutls_cipher_ops, s, sizeof (*s));
- crypto_cipher_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_cipher_prio > priority) {
+ memcpy(&_gnutls_cipher_ops, s, sizeof(*s));
+ crypto_cipher_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -416,17 +396,15 @@ gnutls_crypto_cipher_register (int priority,
* Since: 2.6.0
-*/
int
-gnutls_crypto_mac_register (int priority,
- const gnutls_crypto_mac_st * s)
+gnutls_crypto_mac_register(int priority, const gnutls_crypto_mac_st * s)
{
- if (crypto_mac_prio > priority)
- {
- memcpy (&_gnutls_mac_ops, s, sizeof (*s));
- crypto_mac_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_mac_prio > priority) {
+ memcpy(&_gnutls_mac_ops, s, sizeof(*s));
+ crypto_mac_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -450,15 +428,14 @@ gnutls_crypto_mac_register (int priority,
* Since: 2.6.0
-*/
int
-gnutls_crypto_digest_register (int priority,
- const gnutls_crypto_digest_st * s)
+gnutls_crypto_digest_register(int priority,
+ const gnutls_crypto_digest_st * s)
{
- if (crypto_digest_prio > priority)
- {
- memcpy (&_gnutls_digest_ops, s, sizeof (*s));
- crypto_digest_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_digest_prio > priority) {
+ memcpy(&_gnutls_digest_ops, s, sizeof(*s));
+ crypto_digest_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index 53e71f62a8..ad0e92d37e 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -21,77 +21,74 @@
*/
#ifndef GNUTLS_CRYPTO_BACKEND_H
-# define GNUTLS_CRYPTO_BACKEND_H
-
-# include <gnutls/crypto.h>
-
-# define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
-# define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
-# define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
-
- typedef struct
- {
- int (*init) (gnutls_cipher_algorithm_t, void **ctx, int enc);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
- int (*setiv) (void *ctx, const void *iv, size_t ivsize);
- int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize);
- int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize);
- int (*auth) (void *ctx, const void *data, size_t datasize);
- void (*tag) (void *ctx, void *tag, size_t tagsize);
- void (*deinit) (void *ctx);
-
- /* Not needed for registered on run-time. Only included
- * should define it. */
- int (*exists) (gnutls_cipher_algorithm_t); /* true/false */
- } gnutls_crypto_cipher_st;
-
- typedef struct
- {
- int (*init) (gnutls_mac_algorithm_t, void **ctx);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
- int (*setnonce) (void *ctx, const void *nonce, size_t noncesize);
- int (*hash) (void *ctx, const void *text, size_t textsize);
- int (*output) (void *src_ctx, void *digest, size_t digestsize);
- void (*deinit) (void *ctx);
- int (*fast)(gnutls_mac_algorithm_t, const void* nonce, size_t nonce_size,
- const void *key, size_t keysize, const void *text, size_t textsize, void *digest);
-
- /* Not needed for registered on run-time. Only included
- * should define it. */
- int (*exists) (gnutls_mac_algorithm_t);
- } gnutls_crypto_mac_st;
-
- typedef struct
- {
- int (*init) (gnutls_digest_algorithm_t, void **ctx);
- int (*hash) (void *ctx, const void *src, size_t srcsize);
- int (*output) (void *src_ctx, void *digest, size_t digestsize);
- void (*deinit) (void *ctx);
- int (*fast)(gnutls_digest_algorithm_t, const void *src, size_t srcsize, void *digest);
-
- /* Not needed for registered on run-time. Only included
- * should define it. */
- int (*exists) (gnutls_digest_algorithm_t);
- } gnutls_crypto_digest_st;
-
- typedef struct gnutls_crypto_rnd
- {
- int (*init) (void **ctx);
- int (*rnd) (void *ctx, int level, void *data, size_t datasize);
- void (*rnd_refresh) (void *ctx);
- void (*deinit) (void *ctx);
- } gnutls_crypto_rnd_st;
-
- typedef void *bigint_t;
-
- typedef struct
- {
- bigint_t g; /* group generator */
- bigint_t p; /* prime */
- int q_bits; /* the number of bits of q */
- } gnutls_group_st;
+#define GNUTLS_CRYPTO_BACKEND_H
+
+#include <gnutls/crypto.h>
+
+#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
+#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
+#define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
+
+typedef struct {
+ int (*init) (gnutls_cipher_algorithm_t, void **ctx, int enc);
+ int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*setiv) (void *ctx, const void *iv, size_t ivsize);
+ int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize);
+ int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize);
+ int (*auth) (void *ctx, const void *data, size_t datasize);
+ void (*tag) (void *ctx, void *tag, size_t tagsize);
+ void (*deinit) (void *ctx);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_cipher_algorithm_t); /* true/false */
+} gnutls_crypto_cipher_st;
+
+typedef struct {
+ int (*init) (gnutls_mac_algorithm_t, void **ctx);
+ int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*setnonce) (void *ctx, const void *nonce, size_t noncesize);
+ int (*hash) (void *ctx, const void *text, size_t textsize);
+ int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*deinit) (void *ctx);
+ int (*fast) (gnutls_mac_algorithm_t, const void *nonce,
+ size_t nonce_size, const void *key, size_t keysize,
+ const void *text, size_t textsize, void *digest);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_mac_algorithm_t);
+} gnutls_crypto_mac_st;
+
+typedef struct {
+ int (*init) (gnutls_digest_algorithm_t, void **ctx);
+ int (*hash) (void *ctx, const void *src, size_t srcsize);
+ int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*deinit) (void *ctx);
+ int (*fast) (gnutls_digest_algorithm_t, const void *src,
+ size_t srcsize, void *digest);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_digest_algorithm_t);
+} gnutls_crypto_digest_st;
+
+typedef struct gnutls_crypto_rnd {
+ int (*init) (void **ctx);
+ int (*rnd) (void *ctx, int level, void *data, size_t datasize);
+ void (*rnd_refresh) (void *ctx);
+ void (*deinit) (void *ctx);
+} gnutls_crypto_rnd_st;
+
+typedef void *bigint_t;
+
+typedef struct {
+ bigint_t g; /* group generator */
+ bigint_t p; /* prime */
+ int q_bits; /* the number of bits of q */
+} gnutls_group_st;
/**
* gnutls_bigint_format_t:
@@ -102,85 +99,88 @@
*
* Enumeration of different bignum integer encoding formats.
*/
- typedef enum
- {
- /* raw unsigned integer format */
- GNUTLS_MPI_FORMAT_USG = 0,
- /* raw signed integer format - always a leading zero when positive */
- GNUTLS_MPI_FORMAT_STD = 1,
- /* the pgp integer format */
- GNUTLS_MPI_FORMAT_PGP = 2
- } gnutls_bigint_format_t;
+typedef enum {
+ /* raw unsigned integer format */
+ GNUTLS_MPI_FORMAT_USG = 0,
+ /* raw signed integer format - always a leading zero when positive */
+ GNUTLS_MPI_FORMAT_STD = 1,
+ /* the pgp integer format */
+ GNUTLS_MPI_FORMAT_PGP = 2
+} gnutls_bigint_format_t;
/* Multi precision integer arithmetic */
- typedef struct gnutls_crypto_bigint
- {
- bigint_t (*bigint_new) (int nbits);
- void (*bigint_release) (bigint_t n);
- void (*bigint_clear) (bigint_t n); /* zeros the int */
- /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
- int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
- /* as bigint_cmp */
- int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
- /* ret = a % b */
- bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b);
- /* a = b -> ret == a */
- bigint_t (*bigint_set) (bigint_t a, const bigint_t b);
- /* a = b -> ret == a */
- bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b);
- unsigned int (*bigint_get_nbits) (const bigint_t a);
- /* w = b ^ e mod m */
- bigint_t (*bigint_powm) (bigint_t w, const bigint_t b,
- const bigint_t e, const bigint_t m);
- /* w = a + b mod m */
- bigint_t (*bigint_addm) (bigint_t w, const bigint_t a,
- const bigint_t b, const bigint_t m);
- /* w = a - b mod m */
- bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m);
- /* w = a * b mod m */
- bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m);
- /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a,
- const bigint_t b);
- /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a,
- const bigint_t b);
- /* w = a * b */
- bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b);
- /* w = a + b */
- bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a,
- unsigned long b);
- /* w = a - b */
- bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a,
- unsigned long b);
- /* w = a * b */
- bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a,
- unsigned long b);
- /* q = a / b */
- bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b);
- /* 0 if prime */
- int (*bigint_prime_check) (const bigint_t pp);
- int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits);
-
- /* reads a bigint from a buffer */
- /* stores a bigint into the buffer. returns
- * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
- * store this integer, and updates the buf_size;
- */
- bigint_t (*bigint_scan) (const void *buf, size_t buf_size,
- gnutls_bigint_format_t format);
- int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size,
- gnutls_bigint_format_t format);
- } gnutls_crypto_bigint_st;
+typedef struct gnutls_crypto_bigint {
+ bigint_t(*bigint_new) (int nbits);
+ void (*bigint_release) (bigint_t n);
+ void (*bigint_clear) (bigint_t n); /* zeros the int */
+ /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
+ int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
+ /* as bigint_cmp */
+ int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
+ /* ret = a % b */
+ bigint_t(*bigint_mod) (const bigint_t a, const bigint_t b);
+ /* a = b -> ret == a */
+ bigint_t(*bigint_set) (bigint_t a, const bigint_t b);
+ /* a = b -> ret == a */
+ bigint_t(*bigint_set_ui) (bigint_t a, unsigned long b);
+ unsigned int (*bigint_get_nbits) (const bigint_t a);
+ /* w = b ^ e mod m */
+ bigint_t(*bigint_powm) (bigint_t w, const bigint_t b,
+ const bigint_t e, const bigint_t m);
+ /* w = a + b mod m */
+ bigint_t(*bigint_addm) (bigint_t w, const bigint_t a,
+ const bigint_t b, const bigint_t m);
+ /* w = a - b mod m */
+ bigint_t(*bigint_subm) (bigint_t w, const bigint_t a,
+ const bigint_t b, const bigint_t m);
+ /* w = a * b mod m */
+ bigint_t(*bigint_mulm) (bigint_t w, const bigint_t a,
+ const bigint_t b, const bigint_t m);
+ /* w = a + b */ bigint_t(*bigint_add) (bigint_t w,
+ const bigint_t a,
+ const bigint_t b);
+ /* w = a - b */ bigint_t(*bigint_sub) (bigint_t w,
+ const bigint_t a,
+ const bigint_t b);
+ /* w = a * b */
+ bigint_t(*bigint_mul) (bigint_t w, const bigint_t a,
+ const bigint_t b);
+ /* w = a + b */
+ bigint_t(*bigint_add_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* w = a - b */
+ bigint_t(*bigint_sub_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* w = a * b */
+ bigint_t(*bigint_mul_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* q = a / b */
+ bigint_t(*bigint_div) (bigint_t q, const bigint_t a,
+ const bigint_t b);
+ /* 0 if prime */
+ int (*bigint_prime_check) (const bigint_t pp);
+ int (*bigint_generate_group) (gnutls_group_st * gg,
+ unsigned int bits);
+
+ /* reads a bigint from a buffer */
+ /* stores a bigint into the buffer. returns
+ * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
+ * store this integer, and updates the buf_size;
+ */
+ bigint_t(*bigint_scan) (const void *buf, size_t buf_size,
+ gnutls_bigint_format_t format);
+ int (*bigint_print) (const bigint_t a, void *buf,
+ size_t * buf_size,
+ gnutls_bigint_format_t format);
+} gnutls_crypto_bigint_st;
#define GNUTLS_MAX_PK_PARAMS 16
- typedef struct
- {
- bigint_t params[GNUTLS_MAX_PK_PARAMS];
- unsigned int params_nr; /* the number of parameters */
- unsigned int flags;
- } gnutls_pk_params_st;
+typedef struct {
+ bigint_t params[GNUTLS_MAX_PK_PARAMS];
+ unsigned int params_nr; /* the number of parameters */
+ unsigned int flags;
+} gnutls_pk_params_st;
/**
* gnutls_pk_flag_t:
@@ -188,18 +188,17 @@
*
* Enumeration of public-key flag.
*/
- typedef enum
- {
- GNUTLS_PK_FLAG_NONE = 0
- } gnutls_pk_flag_t;
+typedef enum {
+ GNUTLS_PK_FLAG_NONE = 0
+} gnutls_pk_flag_t;
- void gnutls_pk_params_release (gnutls_pk_params_st * p);
- void gnutls_pk_params_clear (gnutls_pk_params_st * p);
- void gnutls_pk_params_init (gnutls_pk_params_st * p);
+void gnutls_pk_params_release(gnutls_pk_params_st * p);
+void gnutls_pk_params_clear(gnutls_pk_params_st * p);
+void gnutls_pk_params_init(gnutls_pk_params_st * p);
-#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
+#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PUBLIC_PARAMS 4
@@ -207,7 +206,7 @@
#define ECC_PUBLIC_PARAMS 2
-#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
+#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PRIVATE_PARAMS 5
@@ -286,83 +285,81 @@
*
* Enumeration of different directions.
*/
- typedef enum
- {
- GNUTLS_IMPORT = 0,
- GNUTLS_EXPORT = 1
- } gnutls_direction_t;
+typedef enum {
+ GNUTLS_IMPORT = 0,
+ GNUTLS_EXPORT = 1
+} gnutls_direction_t;
/* Public key algorithms */
- typedef struct gnutls_crypto_pk
- {
- /* The params structure should contain the private or public key
- * parameters, depending on the operation */
- int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pub);
- int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * priv);
-
- int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
- const gnutls_datum_t * data,
- const gnutls_pk_params_st * priv);
- int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
- const gnutls_datum_t * sig,
- const gnutls_pk_params_st * pub);
- /* given a signature and the public parameters,
- * suggest a hash algorithm */
- int (*hash_algorithm) (gnutls_pk_algorithm_t,
- const gnutls_datum_t * sig,
- gnutls_pk_params_st * issuer_params,
- gnutls_digest_algorithm_t*);
- /* sanity checks the public key parameters */
- int (*verify_params) (gnutls_pk_algorithm_t,
- const gnutls_pk_params_st * pub);
- int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
- gnutls_pk_params_st *);
- /* this function should convert params to ones suitable
- * for the above functions
- */
- int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t,
- gnutls_pk_params_st *);
- int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out,
- const gnutls_pk_params_st * priv,
- const gnutls_pk_params_st * pub);
-
-
- } gnutls_crypto_pk_st;
+typedef struct gnutls_crypto_pk {
+ /* The params structure should contain the private or public key
+ * parameters, depending on the operation */
+ int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pub);
+ int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * priv);
+
+ int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
+ const gnutls_datum_t * data,
+ const gnutls_pk_params_st * priv);
+ int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
+ const gnutls_datum_t * sig,
+ const gnutls_pk_params_st * pub);
+ /* given a signature and the public parameters,
+ * suggest a hash algorithm */
+ int (*hash_algorithm) (gnutls_pk_algorithm_t,
+ const gnutls_datum_t * sig,
+ gnutls_pk_params_st * issuer_params,
+ gnutls_digest_algorithm_t *);
+ /* sanity checks the public key parameters */
+ int (*verify_params) (gnutls_pk_algorithm_t,
+ const gnutls_pk_params_st * pub);
+ int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
+ gnutls_pk_params_st *);
+ /* this function should convert params to ones suitable
+ * for the above functions
+ */
+ int (*pk_fixup_private_params) (gnutls_pk_algorithm_t,
+ gnutls_direction_t,
+ gnutls_pk_params_st *);
+ int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out,
+ const gnutls_pk_params_st * priv,
+ const gnutls_pk_params_st * pub);
+
+
+} gnutls_crypto_pk_st;
/* priority: infinity for backend algorithms, 90 for kernel
algorithms, lowest wins
*/
- int gnutls_crypto_single_cipher_register (gnutls_cipher_algorithm_t
- algorithm, int priority,
- const
- gnutls_crypto_single_cipher_st *
- s);
- int gnutls_crypto_single_mac_register (gnutls_mac_algorithm_t algorithm,
- int priority,
- const gnutls_crypto_single_mac_st *
- s);
- int gnutls_crypto_single_digest_register (gnutls_digest_algorithm_t
- algorithm, int priority,
- const
- gnutls_crypto_single_digest_st *
- s);
-
- int gnutls_crypto_cipher_register (int priority,
- const gnutls_crypto_cipher_st * s);
- int gnutls_crypto_mac_register (int priority,
- const gnutls_crypto_mac_st * s);
- int gnutls_crypto_digest_register (int priority,
- const gnutls_crypto_digest_st * s);
-
- int gnutls_crypto_rnd_register (int priority,
- const gnutls_crypto_rnd_st * s);
- int gnutls_crypto_pk_register (int priority,
- const gnutls_crypto_pk_st * s);
- int gnutls_crypto_bigint_register (int priority,
- const gnutls_crypto_bigint_st * s);
+int gnutls_crypto_single_cipher_register(gnutls_cipher_algorithm_t
+ algorithm, int priority,
+ const
+ gnutls_crypto_single_cipher_st *
+ s);
+int gnutls_crypto_single_mac_register(gnutls_mac_algorithm_t algorithm,
+ int priority,
+ const gnutls_crypto_single_mac_st *
+ s);
+int gnutls_crypto_single_digest_register(gnutls_digest_algorithm_t
+ algorithm, int priority,
+ const
+ gnutls_crypto_single_digest_st *
+ s);
+
+int gnutls_crypto_cipher_register(int priority,
+ const gnutls_crypto_cipher_st * s);
+int gnutls_crypto_mac_register(int priority,
+ const gnutls_crypto_mac_st * s);
+int gnutls_crypto_digest_register(int priority,
+ const gnutls_crypto_digest_st * s);
+
+int gnutls_crypto_rnd_register(int priority,
+ const gnutls_crypto_rnd_st * s);
+int gnutls_crypto_pk_register(int priority, const gnutls_crypto_pk_st * s);
+int gnutls_crypto_bigint_register(int priority,
+ const gnutls_crypto_bigint_st * s);
#endif
diff --git a/lib/crypto.h b/lib/crypto.h
index 2ba236db84..d084420a3c 100644
--- a/lib/crypto.h
+++ b/lib/crypto.h
@@ -24,11 +24,11 @@
#define CRYPTO_H
const gnutls_crypto_cipher_st
- * _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo);
+ * _gnutls_get_crypto_cipher(gnutls_cipher_algorithm_t algo);
const gnutls_crypto_digest_st
- * _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo);
-const gnutls_crypto_mac_st *_gnutls_get_crypto_mac (gnutls_mac_algorithm_t
- algo);
-void _gnutls_crypto_deregister (void);
+ * _gnutls_get_crypto_digest(gnutls_digest_algorithm_t algo);
+const gnutls_crypto_mac_st *_gnutls_get_crypto_mac(gnutls_mac_algorithm_t
+ algo);
+void _gnutls_crypto_deregister(void);
-#endif /* CRYPTO_H */
+#endif /* CRYPTO_H */
diff --git a/lib/debug.c b/lib/debug.c
index cff40b2d11..a131519e81 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -28,49 +28,46 @@
#include <gnutls_mpi.h>
#ifdef DEBUG
-void
-_gnutls_dump_mpi (const char *prefix, bigint_t a)
+void _gnutls_dump_mpi(const char *prefix, bigint_t a)
{
- char buf[400];
- char buf_hex[2 * sizeof (buf)];
- size_t n = sizeof buf;
+ char buf[400];
+ char buf_hex[2 * sizeof(buf)];
+ size_t n = sizeof buf;
- if (_gnutls_mpi_print (a, buf, &n))
- strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */
- _gnutls_debug_log ("MPI: length: %d\n\t%s%s\n", (int) n, prefix,
- _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex),
- NULL));
+ if (_gnutls_mpi_print(a, buf, &n))
+ strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */
+ _gnutls_debug_log("MPI: length: %d\n\t%s%s\n", (int) n, prefix,
+ _gnutls_bin2hex(buf, n, buf_hex, sizeof(buf_hex),
+ NULL));
}
void
-_gnutls_dump_vector (const char *prefix, const uint8_t *a, size_t a_size)
+_gnutls_dump_vector(const char *prefix, const uint8_t * a, size_t a_size)
{
- char buf_hex[2 * a_size];
+ char buf_hex[2 * a_size];
- _gnutls_debug_log ("Vector: length: %d\n\t%s%s\n", (int) a_size, prefix,
- _gnutls_bin2hex (a, a_size, buf_hex, sizeof (buf_hex),
- NULL));
+ _gnutls_debug_log("Vector: length: %d\n\t%s%s\n", (int) a_size,
+ prefix, _gnutls_bin2hex(a, a_size, buf_hex,
+ sizeof(buf_hex), NULL));
}
#endif
-const char *
-_gnutls_packet2str (content_type_t packet)
+const char *_gnutls_packet2str(content_type_t packet)
{
- switch (packet)
- {
- case GNUTLS_CHANGE_CIPHER_SPEC:
- return "ChangeCipherSpec";
- case GNUTLS_ALERT:
- return "Alert";
- case GNUTLS_HANDSHAKE:
- return "Handshake";
- case GNUTLS_APPLICATION_DATA:
- return "Application Data";
- case GNUTLS_HEARTBEAT:
- return "HeartBeat";
- default:
- return "Unknown Packet";
- }
+ switch (packet) {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ return "ChangeCipherSpec";
+ case GNUTLS_ALERT:
+ return "Alert";
+ case GNUTLS_HANDSHAKE:
+ return "Handshake";
+ case GNUTLS_APPLICATION_DATA:
+ return "Application Data";
+ case GNUTLS_HEARTBEAT:
+ return "HeartBeat";
+ default:
+ return "Unknown Packet";
+ }
}
/**
@@ -82,60 +79,60 @@ _gnutls_packet2str (content_type_t packet)
* Returns: a string that contains the name of the specified handshake
* message or %NULL.
**/
-const char *
-gnutls_handshake_description_get_name (gnutls_handshake_description_t type)
+const char
+ *gnutls_handshake_description_get_name(gnutls_handshake_description_t
+ type)
{
- switch (type)
- {
- case GNUTLS_HANDSHAKE_HELLO_REQUEST:
- return "HELLO REQUEST";
- break;
- case GNUTLS_HANDSHAKE_CLIENT_HELLO:
- return "CLIENT HELLO";
- break;
- case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
- return "SSL2 CLIENT HELLO";
- break;
- case GNUTLS_HANDSHAKE_SERVER_HELLO:
- return "SERVER HELLO";
- break;
- case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
- return "HELLO VERIFY REQUEST";
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
- return "CERTIFICATE";
- break;
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
- return "SERVER KEY EXCHANGE";
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
- return "CERTIFICATE REQUEST";
- break;
- case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
- return "SERVER HELLO DONE";
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
- return "CERTIFICATE VERIFY";
- break;
- case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
- return "CLIENT KEY EXCHANGE";
- break;
- case GNUTLS_HANDSHAKE_FINISHED:
- return "FINISHED";
- break;
- case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
- return "SUPPLEMENTAL";
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
- return "CERTIFICATE STATUS";
- break;
- case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
- return "NEW SESSION TICKET";
- break;
- case GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC:
- return "CHANGE CIPHER SPEC";
- break;
- default:
- return "Unknown Handshake packet";
- }
+ switch (type) {
+ case GNUTLS_HANDSHAKE_HELLO_REQUEST:
+ return "HELLO REQUEST";
+ break;
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+ return "CLIENT HELLO";
+ break;
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
+ return "SSL2 CLIENT HELLO";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO:
+ return "SERVER HELLO";
+ break;
+ case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
+ return "HELLO VERIFY REQUEST";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+ return "CERTIFICATE";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
+ return "SERVER KEY EXCHANGE";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
+ return "CERTIFICATE REQUEST";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
+ return "SERVER HELLO DONE";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ return "CERTIFICATE VERIFY";
+ break;
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ return "CLIENT KEY EXCHANGE";
+ break;
+ case GNUTLS_HANDSHAKE_FINISHED:
+ return "FINISHED";
+ break;
+ case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
+ return "SUPPLEMENTAL";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
+ return "CERTIFICATE STATUS";
+ break;
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
+ return "NEW SESSION TICKET";
+ break;
+ case GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC:
+ return "CHANGE CIPHER SPEC";
+ break;
+ default:
+ return "Unknown Handshake packet";
+ }
}
diff --git a/lib/debug.h b/lib/debug.h
index e8b9a3428e..1c3ab1b013 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -20,12 +20,16 @@
*
*/
-const char *_gnutls_packet2str (content_type_t packet);
-inline static const char* _gnutls_handshake2str(unsigned x)
+const char *_gnutls_packet2str(content_type_t packet);
+inline static const char *_gnutls_handshake2str(unsigned x)
{
-const char* s = gnutls_handshake_description_get_name(x);
- if (s == NULL) return "Unknown Handshake packet";
- else return s;
+ const char *s = gnutls_handshake_description_get_name(x);
+ if (s == NULL)
+ return "Unknown Handshake packet";
+ else
+ return s;
}
-void _gnutls_dump_mpi (const char *prefix, bigint_t a);
-void _gnutls_dump_vector (const char *prefix, const uint8_t *a, size_t a_size);
+
+void _gnutls_dump_mpi(const char *prefix, bigint_t a);
+void _gnutls_dump_vector(const char *prefix, const uint8_t * a,
+ size_t a_size);
diff --git a/lib/ext/alpn.c b/lib/ext/alpn.c
index 3179d3aed6..b2f0f11a13 100644
--- a/lib/ext/alpn.c
+++ b/lib/ext/alpn.c
@@ -24,160 +24,174 @@
#include "gnutls_num.h"
#include <ext/alpn.h>
-static int _gnutls_alpn_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_alpn_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
+static int _gnutls_alpn_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_alpn_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
-static int _gnutls_alpn_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_alpn_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
-static void _gnutls_alpn_deinit_data (extension_priv_data_t priv);
+static int _gnutls_alpn_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_alpn_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void _gnutls_alpn_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_alpn = {
- .name = "ALPN",
- .type = GNUTLS_EXTENSION_ALPN,
- .parse_type = GNUTLS_EXT_APPLICATION,
-
- .recv_func = _gnutls_alpn_recv_params,
- .send_func = _gnutls_alpn_send_params,
- .pack_func = _gnutls_alpn_pack,
- .unpack_func = _gnutls_alpn_unpack,
- .deinit_func = _gnutls_alpn_deinit_data,
+ .name = "ALPN",
+ .type = GNUTLS_EXTENSION_ALPN,
+ .parse_type = GNUTLS_EXT_APPLICATION,
+
+ .recv_func = _gnutls_alpn_recv_params,
+ .send_func = _gnutls_alpn_send_params,
+ .pack_func = _gnutls_alpn_pack,
+ .unpack_func = _gnutls_alpn_unpack,
+ .deinit_func = _gnutls_alpn_deinit_data,
};
static int
-_gnutls_alpn_recv_params (gnutls_session_t session,
- const uint8_t *data, size_t _data_size)
+_gnutls_alpn_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- unsigned int i;
- int ret;
- const uint8_t *p = data;
- unsigned len1, len;
- ssize_t data_size = _data_size;
- alpn_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- DECR_LENGTH_RET (data_size, 2, 0);
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- if (len > data_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- while(data_size > 0)
- {
- DECR_LENGTH_RET (data_size, 1, 0);
- len1 = *p;
- p += 1;
- DECR_LENGTH_RET (data_size, len1, 0);
-
- for (i=0;i<priv->size;i++)
- if (priv->protocol_size[i] == len1 && memcmp(p, priv->protocols[i], len1) == 0)
- {
- priv->selected_protocol = priv->protocols[i];
- priv->selected_protocol_size = priv->protocol_size[i];
- break;
- }
- p += len1;
- }
- }
- else
- {
- DECR_LENGTH_RET (data_size, 1, 0);
- len1 = *p;
- p += 1;
- DECR_LENGTH_RET (data_size, len1, 0);
-
- for (i=0;i<priv->size;i++)
- if (priv->protocol_size[i] == len1 && memcmp(p, priv->protocols[i], len1) == 0)
- {
- priv->selected_protocol = priv->protocols[i];
- priv->selected_protocol_size = priv->protocol_size[i];
- break;
- }
- p += len1;
- }
-
- if (priv->selected_protocol == NULL && (priv->flags & GNUTLS_ALPN_MAND))
- return gnutls_assert_val(GNUTLS_E_NO_APPLICATION_PROTOCOL);
-
- return 0;
+ unsigned int i;
+ int ret;
+ const uint8_t *p = data;
+ unsigned len1, len;
+ ssize_t data_size = _data_size;
+ alpn_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_ALPN,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ DECR_LENGTH_RET(data_size, 2, 0);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ if (len > data_size)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ while (data_size > 0) {
+ DECR_LENGTH_RET(data_size, 1, 0);
+ len1 = *p;
+ p += 1;
+ DECR_LENGTH_RET(data_size, len1, 0);
+
+ for (i = 0; i < priv->size; i++)
+ if (priv->protocol_size[i] == len1
+ && memcmp(p, priv->protocols[i],
+ len1) == 0) {
+ priv->selected_protocol =
+ priv->protocols[i];
+ priv->selected_protocol_size =
+ priv->protocol_size[i];
+ break;
+ }
+ p += len1;
+ }
+ } else {
+ DECR_LENGTH_RET(data_size, 1, 0);
+ len1 = *p;
+ p += 1;
+ DECR_LENGTH_RET(data_size, len1, 0);
+
+ for (i = 0; i < priv->size; i++)
+ if (priv->protocol_size[i] == len1
+ && memcmp(p, priv->protocols[i], len1) == 0) {
+ priv->selected_protocol =
+ priv->protocols[i];
+ priv->selected_protocol_size =
+ priv->protocol_size[i];
+ break;
+ }
+ p += len1;
+ }
+
+ if (priv->selected_protocol == NULL
+ && (priv->flags & GNUTLS_ALPN_MAND))
+ return gnutls_assert_val(GNUTLS_E_NO_APPLICATION_PROTOCOL);
+
+ return 0;
}
static int
-_gnutls_alpn_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_alpn_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned i;
- int total_size = 0, ret;
- alpn_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- if (priv->size == 0)
- return 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (priv->selected_protocol_size == 0)
- return 0;
-
- ret = _gnutls_buffer_append_prefix(extdata, 16, priv->selected_protocol_size+1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- total_size += 2;
-
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, priv->selected_protocol, priv->selected_protocol_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- total_size += 1+priv->selected_protocol_size;
- }
- else
- {
- int t = 0;
- for (i=0;i<priv->size;i++)
- t += priv->protocol_size[i] + 1;
-
- ret = _gnutls_buffer_append_prefix(extdata, 16, t);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- total_size += 2;
-
- for (i=0;i<priv->size;i++)
- {
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, priv->protocols[i], priv->protocol_size[i]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- total_size += 1+priv->protocol_size[i];
- }
- }
-
- return total_size;
+ unsigned i;
+ int total_size = 0, ret;
+ alpn_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_ALPN,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ if (priv->size == 0)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (priv->selected_protocol_size == 0)
+ return 0;
+
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ priv->
+ selected_protocol_size +
+ 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ total_size += 2;
+
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8,
+ priv->
+ selected_protocol,
+ priv->
+ selected_protocol_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ total_size += 1 + priv->selected_protocol_size;
+ } else {
+ int t = 0;
+ for (i = 0; i < priv->size; i++)
+ t += priv->protocol_size[i] + 1;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 16, t);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ total_size += 2;
+
+ for (i = 0; i < priv->size; i++) {
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8,
+ priv->
+ protocols[i],
+ priv->
+ protocol_size
+ [i]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ total_size += 1 + priv->protocol_size[i];
+ }
+ }
+
+ return total_size;
}
/**
@@ -195,31 +209,32 @@ _gnutls_alpn_send_params (gnutls_session_t session,
* Since 3.1.11
**/
int
-gnutls_alpn_get_selected_protocol (gnutls_session_t session,
- gnutls_datum_t * protocol)
+gnutls_alpn_get_selected_protocol(gnutls_session_t session,
+ gnutls_datum_t * protocol)
{
- alpn_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
+ alpn_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_ALPN,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- priv = epriv.ptr;
+ priv = epriv.ptr;
- if (priv->selected_protocol_size == 0)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ if (priv->selected_protocol_size == 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- protocol->data = priv->selected_protocol;
- protocol->size = priv->selected_protocol_size;
+ protocol->data = priv->selected_protocol;
+ protocol->size = priv->selected_protocol_size;
- return 0;
+ return 0;
}
/**
@@ -241,95 +256,90 @@ gnutls_alpn_get_selected_protocol (gnutls_session_t session,
* Since 3.1.11
**/
int
-gnutls_alpn_set_protocols (gnutls_session_t session,
- const gnutls_datum_t * protocols, unsigned protocols_size,
- unsigned int flags)
+gnutls_alpn_set_protocols(gnutls_session_t session,
+ const gnutls_datum_t * protocols,
+ unsigned protocols_size, unsigned int flags)
{
- int ret;
- alpn_ext_st *priv;
- extension_priv_data_t epriv;
- unsigned i;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN,
- &epriv);
- if (ret < 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_ALPN,
- epriv);
- }
- else
- priv = epriv.ptr;
-
- if (protocols_size > MAX_ALPN_PROTOCOLS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- for (i=0;i<protocols_size;i++)
- {
- if (protocols[i].size >= MAX_ALPN_PROTOCOL_NAME)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- memcpy(priv->protocols[i], protocols[i].data, protocols[i].size);
- priv->protocol_size[i] = protocols[i].size;
- priv->size++;
- }
- priv->flags = flags;
-
- return 0;
+ int ret;
+ alpn_ext_st *priv;
+ extension_priv_data_t epriv;
+ unsigned i;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_ALPN,
+ &epriv);
+ if (ret < 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_ALPN, epriv);
+ } else
+ priv = epriv.ptr;
+
+ if (protocols_size > MAX_ALPN_PROTOCOLS)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ for (i = 0; i < protocols_size; i++) {
+ if (protocols[i].size >= MAX_ALPN_PROTOCOL_NAME)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ memcpy(priv->protocols[i], protocols[i].data,
+ protocols[i].size);
+ priv->protocol_size[i] = protocols[i].size;
+ priv->size++;
+ }
+ priv->flags = flags;
+
+ return 0;
}
-static void
-_gnutls_alpn_deinit_data (extension_priv_data_t priv)
+static void _gnutls_alpn_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
static int
-_gnutls_alpn_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_alpn_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- alpn_ext_st *priv = epriv.ptr;
- int ret;
+ alpn_ext_st *priv = epriv.ptr;
+ int ret;
- BUFFER_APPEND_PFX4 (ps, priv->selected_protocol, priv->selected_protocol_size);
+ BUFFER_APPEND_PFX4(ps, priv->selected_protocol,
+ priv->selected_protocol_size);
- return 0;
+ return 0;
}
static int
-_gnutls_alpn_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_alpn_unpack(gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
- alpn_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_NUM (ps, priv->protocol_size[0]);
- BUFFER_POP (ps, &priv->protocols[0], priv->protocol_size[0]);
- priv->size++;
- priv->selected_protocol_size = priv->protocol_size[0];
- priv->selected_protocol = priv->protocols[0];
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ alpn_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM(ps, priv->protocol_size[0]);
+ BUFFER_POP(ps, &priv->protocols[0], priv->protocol_size[0]);
+ priv->size++;
+ priv->selected_protocol_size = priv->protocol_size[0];
+ priv->selected_protocol = priv->protocols[0];
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
diff --git a/lib/ext/alpn.h b/lib/ext/alpn.h
index 5784f1de9c..739879a2d1 100644
--- a/lib/ext/alpn.h
+++ b/lib/ext/alpn.h
@@ -25,14 +25,13 @@
#define MAX_ALPN_PROTOCOLS 8
#define MAX_ALPN_PROTOCOL_NAME 32
-typedef struct
-{
- uint8_t protocols[MAX_ALPN_PROTOCOLS][MAX_ALPN_PROTOCOL_NAME];
- unsigned protocol_size[MAX_ALPN_PROTOCOLS];
- unsigned size;
- uint8_t *selected_protocol;
- unsigned selected_protocol_size;
- unsigned flags;
+typedef struct {
+ uint8_t protocols[MAX_ALPN_PROTOCOLS][MAX_ALPN_PROTOCOL_NAME];
+ unsigned protocol_size[MAX_ALPN_PROTOCOLS];
+ unsigned size;
+ uint8_t *selected_protocol;
+ unsigned selected_protocol_size;
+ unsigned flags;
} alpn_ext_st;
extern extension_entry_st ext_mod_alpn;
diff --git a/lib/ext/cert_type.c b/lib/ext/cert_type.c
index 763e569b23..698884fc67 100644
--- a/lib/ext/cert_type.c
+++ b/lib/ext/cert_type.c
@@ -34,24 +34,24 @@
/* Maps record size to numbers according to the
* extensions draft.
*/
-inline static int _gnutls_num2cert_type (int num);
-inline static int _gnutls_cert_type2num (int record_size);
-static int _gnutls_cert_type_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_cert_type_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata);
+inline static int _gnutls_num2cert_type(int num);
+inline static int _gnutls_cert_type2num(int record_size);
+static int _gnutls_cert_type_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_cert_type_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
extension_entry_st ext_mod_cert_type = {
- .name = "CERT TYPE",
- .type = GNUTLS_EXTENSION_CERT_TYPE,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_cert_type_recv_params,
- .send_func = _gnutls_cert_type_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL
+ .name = "CERT TYPE",
+ .type = GNUTLS_EXTENSION_CERT_TYPE,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_cert_type_recv_params,
+ .send_func = _gnutls_cert_type_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
};
/*
@@ -64,197 +64,186 @@ extension_entry_st ext_mod_cert_type = {
*/
static int
-_gnutls_cert_type_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_cert_type_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- int new_type = -1, ret, i;
- ssize_t data_size = _data_size;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (data_size > 0)
- {
- if (data_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- new_type = _gnutls_num2cert_type (data[0]);
-
- if (new_type < 0)
- {
- gnutls_assert ();
- return new_type;
- }
-
- /* Check if we support this cert_type */
- if ((ret =
- _gnutls_session_cert_type_supported (session, new_type)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_session_cert_type_set (session, new_type);
- }
- }
- else
- { /* SERVER SIDE - we must check if the sent cert type is the right one
- */
- if (data_size > 1)
- {
- uint8_t len;
-
- DECR_LEN (data_size, 1);
- len = data[0];
- DECR_LEN (data_size, len);
-
- for (i = 0; i < len; i++)
- {
- new_type = _gnutls_num2cert_type (data[i + 1]);
-
- if (new_type < 0)
- continue;
-
- /* Check if we support this cert_type */
- if ((ret =
- _gnutls_session_cert_type_supported (session,
- new_type)) < 0)
- {
- gnutls_assert ();
- continue;
- }
- else
- break;
- /* new_type is ok */
- }
-
- if (new_type < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- if ((ret =
- _gnutls_session_cert_type_supported (session, new_type)) < 0)
- {
- gnutls_assert ();
- /* The peer has requested unsupported certificate
- * types. Instead of failing, procceed normally.
- * (the ciphersuite selection would fail, or a
- * non certificate ciphersuite will be selected).
- */
- return 0;
- }
-
- _gnutls_session_cert_type_set (session, new_type);
- }
- }
-
- return 0;
+ int new_type = -1, ret, i;
+ ssize_t data_size = _data_size;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (data_size > 0) {
+ if (data_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_type = _gnutls_num2cert_type(data[0]);
+
+ if (new_type < 0) {
+ gnutls_assert();
+ return new_type;
+ }
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported(session,
+ new_type))
+ < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_session_cert_type_set(session, new_type);
+ }
+ } else { /* SERVER SIDE - we must check if the sent cert type is the right one
+ */
+ if (data_size > 1) {
+ uint8_t len;
+
+ DECR_LEN(data_size, 1);
+ len = data[0];
+ DECR_LEN(data_size, len);
+
+ for (i = 0; i < len; i++) {
+ new_type =
+ _gnutls_num2cert_type(data[i + 1]);
+
+ if (new_type < 0)
+ continue;
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported
+ (session, new_type)) < 0) {
+ gnutls_assert();
+ continue;
+ } else
+ break;
+ /* new_type is ok */
+ }
+
+ if (new_type < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if ((ret =
+ _gnutls_session_cert_type_supported(session,
+ new_type))
+ < 0) {
+ gnutls_assert();
+ /* The peer has requested unsupported certificate
+ * types. Instead of failing, procceed normally.
+ * (the ciphersuite selection would fail, or a
+ * non certificate ciphersuite will be selected).
+ */
+ return 0;
+ }
+
+ _gnutls_session_cert_type_set(session, new_type);
+ }
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_cert_type_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_cert_type_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned len, i;
- int ret;
- uint8_t p;
-
- /* this function sends the client extension data (dnsname) */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
-
- if (session->internals.priorities.cert_type.algorithms > 0)
- {
-
- len = session->internals.priorities.cert_type.algorithms;
-
- if (len == 1 &&
- session->internals.priorities.cert_type.priority[0] ==
- GNUTLS_CRT_X509)
- {
- /* We don't use this extension if X.509 certificates
- * are used.
- */
- return 0;
- }
-
- /* this is a vector!
- */
- p = (uint8_t) len;
- ret = _gnutls_buffer_append_data(extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < len; i++)
- {
- p =
- _gnutls_cert_type2num (session->internals.priorities.
- cert_type.priority[i]);
- ret = _gnutls_buffer_append_data(extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- return len + 1;
- }
-
- }
- else
- { /* server side */
- if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE)
- {
- len = 1;
-
- p =
- _gnutls_cert_type2num (session->security_parameters.cert_type);
- ret = _gnutls_buffer_append_data(extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return len;
- }
-
-
- }
-
- return 0;
+ unsigned len, i;
+ int ret;
+ uint8_t p;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+
+ if (session->internals.priorities.cert_type.algorithms > 0) {
+
+ len =
+ session->internals.priorities.cert_type.
+ algorithms;
+
+ if (len == 1 &&
+ session->internals.priorities.cert_type.
+ priority[0] == GNUTLS_CRT_X509) {
+ /* We don't use this extension if X.509 certificates
+ * are used.
+ */
+ return 0;
+ }
+
+ /* this is a vector!
+ */
+ p = (uint8_t) len;
+ ret = _gnutls_buffer_append_data(extdata, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < len; i++) {
+ p = _gnutls_cert_type2num(session->
+ internals.
+ priorities.cert_type.
+ priority[i]);
+ ret =
+ _gnutls_buffer_append_data(extdata, &p,
+ 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ return len + 1;
+ }
+
+ } else { /* server side */
+ if (session->security_parameters.cert_type !=
+ DEFAULT_CERT_TYPE) {
+ len = 1;
+
+ p = _gnutls_cert_type2num(session->
+ security_parameters.
+ cert_type);
+ ret = _gnutls_buffer_append_data(extdata, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return len;
+ }
+
+
+ }
+
+ return 0;
}
/* Maps numbers to record sizes according to the
* extensions draft.
*/
-inline static int
-_gnutls_num2cert_type (int num)
+inline static int _gnutls_num2cert_type(int num)
{
- switch (num)
- {
- case 0:
- return GNUTLS_CRT_X509;
- case 1:
- return GNUTLS_CRT_OPENPGP;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ switch (num) {
+ case 0:
+ return GNUTLS_CRT_X509;
+ case 1:
+ return GNUTLS_CRT_OPENPGP;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
/* Maps record size to numbers according to the
* extensions draft.
*/
-inline static int
-_gnutls_cert_type2num (int cert_type)
+inline static int _gnutls_cert_type2num(int cert_type)
{
- switch (cert_type)
- {
- case GNUTLS_CRT_X509:
- return 0;
- case GNUTLS_CRT_OPENPGP:
- return 1;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ switch (cert_type) {
+ case GNUTLS_CRT_X509:
+ return 0;
+ case GNUTLS_CRT_OPENPGP:
+ return 1;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
diff --git a/lib/ext/ecc.c b/lib/ext/ecc.c
index 8f9eddbae0..b913cb09be 100644
--- a/lib/ext/ecc.c
+++ b/lib/ext/ecc.c
@@ -36,40 +36,41 @@
* extensions draft.
*/
-static int _gnutls_supported_ecc_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_supported_ecc_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata);
-
-static int _gnutls_supported_ecc_pf_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_supported_ecc_pf_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata);
+static int _gnutls_supported_ecc_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_supported_ecc_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
+
+static int _gnutls_supported_ecc_pf_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
+ gnutls_buffer_st *
+ extdata);
extension_entry_st ext_mod_supported_ecc = {
- .name = "SUPPORTED ECC",
- .type = GNUTLS_EXTENSION_SUPPORTED_ECC,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_supported_ecc_recv_params,
- .send_func = _gnutls_supported_ecc_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL
+ .name = "SUPPORTED ECC",
+ .type = GNUTLS_EXTENSION_SUPPORTED_ECC,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_supported_ecc_recv_params,
+ .send_func = _gnutls_supported_ecc_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
};
extension_entry_st ext_mod_supported_ecc_pf = {
- .name = "SUPPORTED ECC POINT FORMATS",
- .type = GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_supported_ecc_pf_recv_params,
- .send_func = _gnutls_supported_ecc_pf_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL
+ .name = "SUPPORTED ECC POINT FORMATS",
+ .type = GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_supported_ecc_pf_recv_params,
+ .send_func = _gnutls_supported_ecc_pf_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
};
/*
@@ -81,111 +82,118 @@ extension_entry_st ext_mod_supported_ecc_pf = {
*
*/
static int
-_gnutls_supported_ecc_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_supported_ecc_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- int new_type = -1, ret, i;
- ssize_t data_size = _data_size;
- uint16_t len;
- const uint8_t* p = data;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- /* A client shouldn't receive this extension */
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
- }
- else
- { /* SERVER SIDE - we must check if the sent supported ecc type is the right one
- */
- if (data_size < 2)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-
- DECR_LEN (data_size, 2);
- len = _gnutls_read_uint16(p);
- p += 2;
-
- DECR_LEN (data_size, len);
-
- for (i = 0; i < len; i+=2)
- {
- new_type = _gnutls_tls_id_to_ecc_curve (_gnutls_read_uint16(&p[i]));
- if (new_type < 0)
- continue;
-
- /* Check if we support this supported_ecc */
- if ((ret =
- _gnutls_session_supports_ecc_curve (session, new_type)) < 0)
- {
- continue;
- }
- else
- break;
- /* new_type is ok */
- }
-
- if (new_type < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- if ((ret =
- _gnutls_session_supports_ecc_curve (session, new_type)) < 0)
- {
- /* The peer has requested unsupported ecc
- * types. Instead of failing, procceed normally.
- * (the ciphersuite selection would fail, or a
- * non certificate ciphersuite will be selected).
- */
- return gnutls_assert_val(0);
- }
-
- _gnutls_session_ecc_curve_set (session, new_type);
- }
-
- return 0;
+ int new_type = -1, ret, i;
+ ssize_t data_size = _data_size;
+ uint16_t len;
+ const uint8_t *p = data;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ /* A client shouldn't receive this extension */
+ return
+ gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+ } else { /* SERVER SIDE - we must check if the sent supported ecc type is the right one
+ */
+ if (data_size < 2)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+
+ DECR_LEN(data_size, 2);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ DECR_LEN(data_size, len);
+
+ for (i = 0; i < len; i += 2) {
+ new_type =
+ _gnutls_tls_id_to_ecc_curve(_gnutls_read_uint16
+ (&p[i]));
+ if (new_type < 0)
+ continue;
+
+ /* Check if we support this supported_ecc */
+ if ((ret =
+ _gnutls_session_supports_ecc_curve(session,
+ new_type))
+ < 0) {
+ continue;
+ } else
+ break;
+ /* new_type is ok */
+ }
+
+ if (new_type < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if ((ret =
+ _gnutls_session_supports_ecc_curve(session,
+ new_type)) < 0) {
+ /* The peer has requested unsupported ecc
+ * types. Instead of failing, procceed normally.
+ * (the ciphersuite selection would fail, or a
+ * non certificate ciphersuite will be selected).
+ */
+ return gnutls_assert_val(0);
+ }
+
+ _gnutls_session_ecc_curve_set(session, new_type);
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_supported_ecc_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_supported_ecc_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned len, i;
- int ret;
- uint16_t p;
-
- /* this extension is only being sent on client side */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
-
- if (session->internals.priorities.supported_ecc.algorithms > 0)
- {
-
- len = session->internals.priorities.supported_ecc.algorithms;
-
- /* this is a vector!
- */
- ret = _gnutls_buffer_append_prefix(extdata, 16, len*2);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < len; i++)
- {
- p =
- _gnutls_ecc_curve_get_tls_id (session->internals.priorities.
- supported_ecc.priority[i]);
- ret = _gnutls_buffer_append_prefix(extdata, 16, p);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- return (len + 1)*2;
- }
-
- }
-
- return 0;
+ unsigned len, i;
+ int ret;
+ uint16_t p;
+
+ /* this extension is only being sent on client side */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+
+ if (session->internals.priorities.supported_ecc.
+ algorithms > 0) {
+
+ len =
+ session->internals.priorities.supported_ecc.
+ algorithms;
+
+ /* this is a vector!
+ */
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ len * 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < len; i++) {
+ p = _gnutls_ecc_curve_get_tls_id(session->
+ internals.
+ priorities.supported_ecc.
+ priority
+ [i]);
+ ret =
+ _gnutls_buffer_append_prefix(extdata,
+ 16, p);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ return (len + 1) * 2;
+ }
+
+ }
+
+ return 0;
}
/*
@@ -197,56 +205,61 @@ _gnutls_supported_ecc_send_params (gnutls_session_t session, gnutls_buffer_st* e
*
*/
static int
-_gnutls_supported_ecc_pf_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_supported_ecc_pf_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t _data_size)
{
-int len, i;
-int uncompressed = 0;
-int data_size = _data_size;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (data_size < 1)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-
- len = data[0];
- DECR_LEN (data_size, len+1);
-
- for (i=1;i<=len;i++)
- if (data[i] == 0) /* uncompressed */
- uncompressed = 1;
-
- if (uncompressed == 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- }
- else
- {
- /* only sanity check here. We only support uncompressed points
- * and a client must support it thus nothing to check.
- */
- if (_data_size < 1)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
- }
-
- return 0;
+ int len, i;
+ int uncompressed = 0;
+ int data_size = _data_size;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (data_size < 1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+
+ len = data[0];
+ DECR_LEN(data_size, len + 1);
+
+ for (i = 1; i <= len; i++)
+ if (data[i] == 0) /* uncompressed */
+ uncompressed = 1;
+
+ if (uncompressed == 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+ } else {
+ /* only sanity check here. We only support uncompressed points
+ * and a client must support it thus nothing to check.
+ */
+ if (_data_size < 1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_supported_ecc_pf_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- const uint8_t p[2] = {0x01, 0x00}; /* only support uncompressed point format */
-
- if (session->security_parameters.entity == GNUTLS_SERVER && !_gnutls_session_is_ecc(session))
- return 0;
-
- if (session->internals.priorities.supported_ecc.algorithms > 0)
- {
- _gnutls_buffer_append_data(extdata, p, 2);
- return 2;
- }
- return 0;
+ const uint8_t p[2] = { 0x01, 0x00 }; /* only support uncompressed point format */
+
+ if (session->security_parameters.entity == GNUTLS_SERVER
+ && !_gnutls_session_is_ecc(session))
+ return 0;
+
+ if (session->internals.priorities.supported_ecc.algorithms > 0) {
+ _gnutls_buffer_append_data(extdata, p, 2);
+ return 2;
+ }
+ return 0;
}
@@ -254,18 +267,21 @@ _gnutls_supported_ecc_pf_send_params (gnutls_session_t session, gnutls_buffer_st
* session. A negative error value is returned otherwise.
*/
int
-_gnutls_session_supports_ecc_curve (gnutls_session_t session, unsigned int ecc_type)
+_gnutls_session_supports_ecc_curve(gnutls_session_t session,
+ unsigned int ecc_type)
{
- unsigned i;
-
- if (session->internals.priorities.supported_ecc.algorithms > 0)
- {
- for (i = 0; i < session->internals.priorities.supported_ecc.algorithms; i++)
- {
- if (session->internals.priorities.supported_ecc.priority[i] == ecc_type)
- return 0;
- }
- }
-
- return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
+ unsigned i;
+
+ if (session->internals.priorities.supported_ecc.algorithms > 0) {
+ for (i = 0;
+ i <
+ session->internals.priorities.supported_ecc.
+ algorithms; i++) {
+ if (session->internals.priorities.supported_ecc.
+ priority[i] == ecc_type)
+ return 0;
+ }
+ }
+
+ return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
}
diff --git a/lib/ext/ecc.h b/lib/ext/ecc.h
index d9a713651c..268ca8e1f8 100644
--- a/lib/ext/ecc.h
+++ b/lib/ext/ecc.h
@@ -28,6 +28,7 @@ extern extension_entry_st ext_mod_supported_ecc;
extern extension_entry_st ext_mod_supported_ecc_pf;
int
-_gnutls_session_supports_ecc_curve (gnutls_session_t session, unsigned int ecc_type);
+_gnutls_session_supports_ecc_curve(gnutls_session_t session,
+ unsigned int ecc_type);
#endif
diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
index 1c796acd24..70d3466d65 100644
--- a/lib/ext/heartbeat.c
+++ b/lib/ext/heartbeat.c
@@ -49,14 +49,13 @@
*
* Since: 3.1.2
**/
-void
-gnutls_heartbeat_enable (gnutls_session_t session, unsigned int type)
+void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type)
{
- extension_priv_data_t epriv;
+ extension_priv_data_t epriv;
- epriv.num = type;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_HEARTBEAT,
- epriv);
+ epriv.num = type;
+ _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_HEARTBEAT,
+ epriv);
}
/**
@@ -71,24 +70,21 @@ gnutls_heartbeat_enable (gnutls_session_t session, unsigned int type)
*
* Since: 3.1.2
**/
-int
-gnutls_heartbeat_allowed (gnutls_session_t session, unsigned int type)
+int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type)
{
- extension_priv_data_t epriv;
-
- if (_gnutls_ext_get_session_data
- (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
- return 0; /* Not enabled */
-
- if (type == GNUTLS_HB_LOCAL_ALLOWED_TO_SEND)
- {
- if (epriv.num & LOCAL_ALLOWED_TO_SEND)
- return 1;
- }
- else if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
- return 1;
-
- return 0;
+ extension_priv_data_t epriv;
+
+ if (_gnutls_ext_get_session_data
+ (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
+ return 0; /* Not enabled */
+
+ if (type == GNUTLS_HB_LOCAL_ALLOWED_TO_SEND) {
+ if (epriv.num & LOCAL_ALLOWED_TO_SEND)
+ return 1;
+ } else if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
+ return 1;
+
+ return 0;
}
#define DEFAULT_PAYLOAD_SIZE 16
@@ -97,39 +93,42 @@ gnutls_heartbeat_allowed (gnutls_session_t session, unsigned int type)
* Sends heartbeat data.
*/
static int
-heartbeat_send_data (gnutls_session_t session, const void *data,
- size_t data_size, uint8_t type)
+heartbeat_send_data(gnutls_session_t session, const void *data,
+ size_t data_size, uint8_t type)
{
- int ret, pos;
- uint8_t * response;
-
- response = gnutls_malloc(1+2+data_size+DEFAULT_PAYLOAD_SIZE);
- if (response == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- pos = 0;
- response[pos++] = type;
-
- _gnutls_write_uint16(data_size, &response[pos]);
- pos += 2;
-
- memcpy(&response[pos], data, data_size);
- pos += data_size;
-
- ret = gnutls_rnd (GNUTLS_RND_NONCE, &response[pos], DEFAULT_PAYLOAD_SIZE);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- pos += DEFAULT_PAYLOAD_SIZE;
-
- ret = _gnutls_send_int (session, GNUTLS_HEARTBEAT, -1, EPOCH_WRITE_CURRENT,
- response, pos, MBUFFER_FLUSH);
-
-cleanup:
- gnutls_free(response);
- return ret;
+ int ret, pos;
+ uint8_t *response;
+
+ response = gnutls_malloc(1 + 2 + data_size + DEFAULT_PAYLOAD_SIZE);
+ if (response == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos = 0;
+ response[pos++] = type;
+
+ _gnutls_write_uint16(data_size, &response[pos]);
+ pos += 2;
+
+ memcpy(&response[pos], data, data_size);
+ pos += data_size;
+
+ ret =
+ gnutls_rnd(GNUTLS_RND_NONCE, &response[pos],
+ DEFAULT_PAYLOAD_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ pos += DEFAULT_PAYLOAD_SIZE;
+
+ ret =
+ _gnutls_send_int(session, GNUTLS_HEARTBEAT, -1,
+ EPOCH_WRITE_CURRENT, response, pos,
+ MBUFFER_FLUSH);
+
+ cleanup:
+ gnutls_free(response);
+ return ret;
}
/**
@@ -151,103 +150,116 @@ cleanup:
* Since: 3.1.2
**/
int
-gnutls_heartbeat_ping (gnutls_session_t session, size_t data_size,
- unsigned int max_tries, unsigned int flags)
+gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
+ unsigned int max_tries, unsigned int flags)
{
- int ret;
- unsigned int retries = 1, diff;
- struct timespec now;
-
- if (data_size > MAX_HEARTBEAT_LENGTH)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (gnutls_heartbeat_allowed(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND)==0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* resume previous call if interrupted */
- if (session->internals.record_send_buffer.byte_length > 0 &&
- session->internals.record_send_buffer.head != NULL &&
- session->internals.record_send_buffer.head->type == GNUTLS_HEARTBEAT)
- return _gnutls_io_write_flush (session);
-
- switch(session->internals.hb_state)
- {
- case SHB_SEND1:
- if (data_size > DEFAULT_PAYLOAD_SIZE)
- data_size -= DEFAULT_PAYLOAD_SIZE;
- else
- data_size = 0;
-
- _gnutls_buffer_reset(&session->internals.hb_local_data);
-
- ret = _gnutls_buffer_resize (&session->internals.hb_local_data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->internals.hb_local_data.data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- gettime (&session->internals.hb_ping_start);
- session->internals.hb_local_data.length = data_size;
- session->internals.hb_state = SHB_SEND2;
- case SHB_SEND2:
- session->internals.hb_actual_retrans_timeout_ms = session->internals.hb_retrans_timeout_ms;
-retry:
- ret = heartbeat_send_data (session, session->internals.hb_local_data.data,
- session->internals.hb_local_data.length,
- HEARTBEAT_REQUEST);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- gettime (&session->internals.hb_ping_sent);
-
- if (!(flags & GNUTLS_HEARTBEAT_WAIT))
- {
- session->internals.hb_state = SHB_SEND1;
- break;
- }
-
- session->internals.hb_state = SHB_RECV;
-
- case SHB_RECV:
- ret = _gnutls_recv_int(session, GNUTLS_HEARTBEAT, -1, NULL, 0, NULL, session->internals.hb_actual_retrans_timeout_ms);
- if (ret == GNUTLS_E_HEARTBEAT_PONG_RECEIVED)
- {
- session->internals.hb_state = SHB_SEND1;
- break;
- }
- else if (ret == GNUTLS_E_TIMEDOUT)
- {
- retries++;
- if (max_tries > 0 && retries > max_tries)
- {
- session->internals.hb_state = SHB_SEND1;
- return gnutls_assert_val(ret);
- }
-
- gettime(&now);
- diff = timespec_sub_ms(&now, &session->internals.hb_ping_start);
- if (diff > session->internals.hb_total_timeout_ms)
- {
- session->internals.hb_state = SHB_SEND1;
- return gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- }
-
- session->internals.hb_actual_retrans_timeout_ms *= 2;
- session->internals.hb_actual_retrans_timeout_ms %= MAX_DTLS_TIMEOUT;
-
- session->internals.hb_state = SHB_SEND2;
- goto retry;
- }
- else if (ret < 0)
- {
- session->internals.hb_state = SHB_SEND1;
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
+ int ret;
+ unsigned int retries = 1, diff;
+ struct timespec now;
+
+ if (data_size > MAX_HEARTBEAT_LENGTH)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (gnutls_heartbeat_allowed
+ (session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* resume previous call if interrupted */
+ if (session->internals.record_send_buffer.byte_length > 0 &&
+ session->internals.record_send_buffer.head != NULL &&
+ session->internals.record_send_buffer.head->type ==
+ GNUTLS_HEARTBEAT)
+ return _gnutls_io_write_flush(session);
+
+ switch (session->internals.hb_state) {
+ case SHB_SEND1:
+ if (data_size > DEFAULT_PAYLOAD_SIZE)
+ data_size -= DEFAULT_PAYLOAD_SIZE;
+ else
+ data_size = 0;
+
+ _gnutls_buffer_reset(&session->internals.hb_local_data);
+
+ ret =
+ _gnutls_buffer_resize(&session->internals.
+ hb_local_data, data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE,
+ session->internals.hb_local_data.data,
+ data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ gettime(&session->internals.hb_ping_start);
+ session->internals.hb_local_data.length = data_size;
+ session->internals.hb_state = SHB_SEND2;
+ case SHB_SEND2:
+ session->internals.hb_actual_retrans_timeout_ms =
+ session->internals.hb_retrans_timeout_ms;
+ retry:
+ ret =
+ heartbeat_send_data(session,
+ session->internals.hb_local_data.
+ data,
+ session->internals.hb_local_data.
+ length, HEARTBEAT_REQUEST);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ gettime(&session->internals.hb_ping_sent);
+
+ if (!(flags & GNUTLS_HEARTBEAT_WAIT)) {
+ session->internals.hb_state = SHB_SEND1;
+ break;
+ }
+
+ session->internals.hb_state = SHB_RECV;
+
+ case SHB_RECV:
+ ret =
+ _gnutls_recv_int(session, GNUTLS_HEARTBEAT, -1, NULL,
+ 0, NULL,
+ session->internals.
+ hb_actual_retrans_timeout_ms);
+ if (ret == GNUTLS_E_HEARTBEAT_PONG_RECEIVED) {
+ session->internals.hb_state = SHB_SEND1;
+ break;
+ } else if (ret == GNUTLS_E_TIMEDOUT) {
+ retries++;
+ if (max_tries > 0 && retries > max_tries) {
+ session->internals.hb_state = SHB_SEND1;
+ return gnutls_assert_val(ret);
+ }
+
+ gettime(&now);
+ diff =
+ timespec_sub_ms(&now,
+ &session->internals.
+ hb_ping_start);
+ if (diff > session->internals.hb_total_timeout_ms) {
+ session->internals.hb_state = SHB_SEND1;
+ return
+ gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ }
+
+ session->internals.hb_actual_retrans_timeout_ms *=
+ 2;
+ session->internals.hb_actual_retrans_timeout_ms %=
+ MAX_DTLS_TIMEOUT;
+
+ session->internals.hb_state = SHB_SEND2;
+ goto retry;
+ } else if (ret < 0) {
+ session->internals.hb_state = SHB_SEND1;
+ return gnutls_assert_val(ret);
+ }
+ }
+
+ return 0;
}
/**
@@ -261,95 +273,106 @@ retry:
*
* Since: 3.1.2
**/
-int
-gnutls_heartbeat_pong (gnutls_session_t session, unsigned int flags)
+int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags)
{
-int ret;
+ int ret;
- if (session->internals.record_send_buffer.byte_length > 0 &&
- session->internals.record_send_buffer.head != NULL &&
- session->internals.record_send_buffer.head->type == GNUTLS_HEARTBEAT)
- return _gnutls_io_write_flush (session);
+ if (session->internals.record_send_buffer.byte_length > 0 &&
+ session->internals.record_send_buffer.head != NULL &&
+ session->internals.record_send_buffer.head->type ==
+ GNUTLS_HEARTBEAT)
+ return _gnutls_io_write_flush(session);
- if (session->internals.hb_remote_data.length == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (session->internals.hb_remote_data.length == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret = heartbeat_send_data (session, session->internals.hb_remote_data.data,
- session->internals.hb_remote_data.length,
- HEARTBEAT_RESPONSE);
+ ret =
+ heartbeat_send_data(session,
+ session->internals.hb_remote_data.data,
+ session->internals.hb_remote_data.length,
+ HEARTBEAT_RESPONSE);
- _gnutls_buffer_reset (&session->internals.hb_remote_data);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
+ _gnutls_buffer_reset(&session->internals.hb_remote_data);
- return 0;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
/*
* Processes a heartbeat message.
*/
-int
-_gnutls_heartbeat_handle (gnutls_session_t session, mbuffer_st * bufel)
+int _gnutls_heartbeat_handle(gnutls_session_t session, mbuffer_st * bufel)
{
- int ret;
- unsigned type;
- unsigned pos;
- uint8_t *msg = _mbuffer_get_udata_ptr (bufel);
- size_t hb_len, len = _mbuffer_get_udata_size (bufel);
-
- if (gnutls_heartbeat_allowed(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND) == 0)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET);
-
- if (len < 4)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- pos = 0;
- type = msg[pos++];
-
- hb_len = _gnutls_read_uint16 (&msg[pos]);
- if (hb_len > len - 3)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- pos += 2;
-
- switch (type)
- {
- case HEARTBEAT_REQUEST:
- _gnutls_buffer_reset(&session->internals.hb_remote_data);
-
- ret = _gnutls_buffer_resize (&session->internals.hb_remote_data, hb_len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (hb_len > 0)
- memcpy(session->internals.hb_remote_data.data, &msg[pos], hb_len);
- session->internals.hb_remote_data.length = hb_len;
-
- return gnutls_assert_val(GNUTLS_E_HEARTBEAT_PING_RECEIVED);
-
- case HEARTBEAT_RESPONSE:
-
- if (hb_len != session->internals.hb_local_data.length)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET);
-
- if (hb_len > 0 &&
- memcmp (&msg[pos], session->internals.hb_local_data.data, hb_len) != 0)
- {
- if (IS_DTLS(session))
- return gnutls_assert_val( GNUTLS_E_AGAIN); /* ignore it */
- else
- return gnutls_assert_val( GNUTLS_E_UNEXPECTED_PACKET);
- }
-
- _gnutls_buffer_reset (&session->internals.hb_local_data);
-
- return gnutls_assert_val(GNUTLS_E_HEARTBEAT_PONG_RECEIVED);
- default:
- _gnutls_record_log
- ("REC[%p]: HB: received unknown type %u\n", session, type);
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET);
- }
+ int ret;
+ unsigned type;
+ unsigned pos;
+ uint8_t *msg = _mbuffer_get_udata_ptr(bufel);
+ size_t hb_len, len = _mbuffer_get_udata_size(bufel);
+
+ if (gnutls_heartbeat_allowed
+ (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND) == 0)
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
+ if (len < 4)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ pos = 0;
+ type = msg[pos++];
+
+ hb_len = _gnutls_read_uint16(&msg[pos]);
+ if (hb_len > len - 3)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ pos += 2;
+
+ switch (type) {
+ case HEARTBEAT_REQUEST:
+ _gnutls_buffer_reset(&session->internals.hb_remote_data);
+
+ ret =
+ _gnutls_buffer_resize(&session->internals.
+ hb_remote_data, hb_len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (hb_len > 0)
+ memcpy(session->internals.hb_remote_data.data,
+ &msg[pos], hb_len);
+ session->internals.hb_remote_data.length = hb_len;
+
+ return gnutls_assert_val(GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+
+ case HEARTBEAT_RESPONSE:
+
+ if (hb_len != session->internals.hb_local_data.length)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
+ if (hb_len > 0 &&
+ memcmp(&msg[pos],
+ session->internals.hb_local_data.data,
+ hb_len) != 0) {
+ if (IS_DTLS(session))
+ return gnutls_assert_val(GNUTLS_E_AGAIN); /* ignore it */
+ else
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+ }
+
+ _gnutls_buffer_reset(&session->internals.hb_local_data);
+
+ return gnutls_assert_val(GNUTLS_E_HEARTBEAT_PONG_RECEIVED);
+ default:
+ _gnutls_record_log
+ ("REC[%p]: HB: received unknown type %u\n", session,
+ type);
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+ }
}
/**
@@ -366,17 +389,18 @@ _gnutls_heartbeat_handle (gnutls_session_t session, mbuffer_st * bufel)
*
* Since: 3.1.2
**/
-unsigned int gnutls_heartbeat_get_timeout (gnutls_session_t session)
+unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session)
{
-struct timespec now;
-unsigned int diff;
-
- gettime(&now);
- diff = timespec_sub_ms(&now, &session->internals.hb_ping_sent);
- if (diff >= session->internals.hb_actual_retrans_timeout_ms)
- return 0;
- else
- return session->internals.hb_actual_retrans_timeout_ms - diff;
+ struct timespec now;
+ unsigned int diff;
+
+ gettime(&now);
+ diff = timespec_sub_ms(&now, &session->internals.hb_ping_sent);
+ if (diff >= session->internals.hb_actual_retrans_timeout_ms)
+ return 0;
+ else
+ return session->internals.hb_actual_retrans_timeout_ms -
+ diff;
}
/**
@@ -396,142 +420,143 @@ unsigned int diff;
*
* Since: 3.1.2
**/
-void gnutls_heartbeat_set_timeouts (gnutls_session_t session, unsigned int retrans_timeout,
- unsigned int total_timeout)
+void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
+ unsigned int retrans_timeout,
+ unsigned int total_timeout)
{
- session->internals.hb_retrans_timeout_ms = retrans_timeout;
- session->internals.hb_total_timeout_ms = total_timeout;
+ session->internals.hb_retrans_timeout_ms = retrans_timeout;
+ session->internals.hb_total_timeout_ms = total_timeout;
}
static int
-_gnutls_heartbeat_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_heartbeat_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- unsigned policy;
- extension_priv_data_t epriv;
-
- if (_gnutls_ext_get_session_data
- (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
- {
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return gnutls_assert_val (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- return 0; /* Not enabled */
- }
-
- if (_data_size == 0)
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-
- policy = epriv.num;
-
- if (data[0] == 1)
- policy |= LOCAL_ALLOWED_TO_SEND;
- else if (data[0] == 2)
- policy |= LOCAL_NOT_ALLOWED_TO_SEND;
- else
- return gnutls_assert_val (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
-
- epriv.num = policy;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_HEARTBEAT,
- epriv);
-
- return 0;
+ unsigned policy;
+ extension_priv_data_t epriv;
+
+ if (_gnutls_ext_get_session_data
+ (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0) {
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return 0; /* Not enabled */
+ }
+
+ if (_data_size == 0)
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+
+ policy = epriv.num;
+
+ if (data[0] == 1)
+ policy |= LOCAL_ALLOWED_TO_SEND;
+ else if (data[0] == 2)
+ policy |= LOCAL_NOT_ALLOWED_TO_SEND;
+ else
+ return
+ gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
+ epriv.num = policy;
+ _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_HEARTBEAT,
+ epriv);
+
+ return 0;
}
static int
-_gnutls_heartbeat_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata)
+_gnutls_heartbeat_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- extension_priv_data_t epriv;
- uint8_t p;
+ extension_priv_data_t epriv;
+ uint8_t p;
- if (_gnutls_ext_get_session_data
- (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
- return 0; /* nothing to send - not enabled */
+ if (_gnutls_ext_get_session_data
+ (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
+ return 0; /* nothing to send - not enabled */
- if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
- p = 1;
- else /*if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND)*/
- p = 2;
+ if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
+ p = 1;
+ else /*if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND) */
+ p = 2;
- if (_gnutls_buffer_append_data (extdata, &p, 1) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ if (_gnutls_buffer_append_data(extdata, &p, 1) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- return 1;
+ return 1;
}
static int
-_gnutls_heartbeat_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_heartbeat_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- int ret;
+ int ret;
- BUFFER_APPEND_NUM (ps, epriv.num);
+ BUFFER_APPEND_NUM(ps, epriv.num);
- return 0;
+ return 0;
}
static int
-_gnutls_heartbeat_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_heartbeat_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
- extension_priv_data_t epriv;
- int ret;
+ extension_priv_data_t epriv;
+ int ret;
- BUFFER_POP_NUM (ps, epriv.num);
+ BUFFER_POP_NUM(ps, epriv.num);
- *_priv = epriv;
+ *_priv = epriv;
- ret = 0;
-error:
- return ret;
+ ret = 0;
+ error:
+ return ret;
}
extension_entry_st ext_mod_heartbeat = {
- .name = "HEARTBEAT",
- .type = GNUTLS_EXTENSION_HEARTBEAT,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_heartbeat_recv_params,
- .send_func = _gnutls_heartbeat_send_params,
- .pack_func = _gnutls_heartbeat_pack,
- .unpack_func = _gnutls_heartbeat_unpack,
- .deinit_func = NULL
+ .name = "HEARTBEAT",
+ .type = GNUTLS_EXTENSION_HEARTBEAT,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_heartbeat_recv_params,
+ .send_func = _gnutls_heartbeat_send_params,
+ .pack_func = _gnutls_heartbeat_pack,
+ .unpack_func = _gnutls_heartbeat_unpack,
+ .deinit_func = NULL
};
#else
-void
-gnutls_heartbeat_enable (gnutls_session_t session, unsigned int type)
+void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type)
{
}
-int
-gnutls_heartbeat_allowed (gnutls_session_t session, unsigned int type)
+int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type)
{
- return 0;
+ return 0;
}
int
-gnutls_heartbeat_ping (gnutls_session_t session, size_t data_size,
- unsigned int max_tries, unsigned int flags)
+gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
+ unsigned int max_tries, unsigned int flags)
{
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
-int
-gnutls_heartbeat_pong (gnutls_session_t session, unsigned int flags)
+int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags)
{
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
-unsigned int gnutls_heartbeat_get_timeout (gnutls_session_t session)
+unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session)
{
- return 0;
+ return 0;
}
-void gnutls_heartbeat_set_timeouts (gnutls_session_t session, unsigned int retrans_timeout,
- unsigned int total_timeout)
+void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
+ unsigned int retrans_timeout,
+ unsigned int total_timeout)
{
- return;
+ return;
}
#endif
diff --git a/lib/ext/heartbeat.h b/lib/ext/heartbeat.h
index 503506cea1..ceb09bb737 100644
--- a/lib/ext/heartbeat.h
+++ b/lib/ext/heartbeat.h
@@ -38,6 +38,6 @@
extern extension_entry_st ext_mod_heartbeat;
-int _gnutls_heartbeat_handle (gnutls_session_t session, mbuffer_st * bufel);
-int _gnutls_heartbeat_enabled (gnutls_session_t session, int local);
+int _gnutls_heartbeat_handle(gnutls_session_t session, mbuffer_st * bufel);
+int _gnutls_heartbeat_enabled(gnutls_session_t session, int local);
#endif
diff --git a/lib/ext/max_record.c b/lib/ext/max_record.c
index fd3097a6b2..b2811253b5 100644
--- a/lib/ext/max_record.c
+++ b/lib/ext/max_record.c
@@ -29,34 +29,34 @@
#include <gnutls_extensions.h>
#include <ext/max_record.h>
-static int _gnutls_max_record_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_max_record_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
+static int _gnutls_max_record_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_max_record_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
-static int _gnutls_max_record_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_max_record_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
+static int _gnutls_max_record_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_max_record_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
/* Maps record size to numbers according to the
* extensions draft.
*/
-static int _gnutls_mre_num2record (int num);
-static int _gnutls_mre_record2num (uint16_t record_size);
+static int _gnutls_mre_num2record(int num);
+static int _gnutls_mre_record2num(uint16_t record_size);
extension_entry_st ext_mod_max_record_size = {
- .name = "MAX RECORD SIZE",
- .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_max_record_recv_params,
- .send_func = _gnutls_max_record_send_params,
- .pack_func = _gnutls_max_record_pack,
- .unpack_func = _gnutls_max_record_unpack,
- .deinit_func = NULL
+ .name = "MAX RECORD SIZE",
+ .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_max_record_recv_params,
+ .send_func = _gnutls_max_record_send_params,
+ .pack_func = _gnutls_max_record_pack,
+ .unpack_func = _gnutls_max_record_unpack,
+ .deinit_func = NULL
};
/*
@@ -70,195 +70,179 @@ extension_entry_st ext_mod_max_record_size = {
*/
static int
-_gnutls_max_record_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_max_record_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- ssize_t new_size;
- ssize_t data_size = _data_size;
- extension_priv_data_t epriv;
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (data_size > 0)
- {
- DECR_LEN (data_size, 1);
-
- new_size = _gnutls_mre_num2record (data[0]);
-
- if (new_size < 0)
- {
- gnutls_assert ();
- return new_size;
- }
-
- session->security_parameters.max_record_send_size = new_size;
- session->security_parameters.max_record_recv_size = new_size;
- }
- }
- else
- { /* CLIENT SIDE - we must check if the sent record size is the right one
- */
- if (data_size > 0)
- {
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (data_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- new_size = _gnutls_mre_num2record (data[0]);
-
- if (new_size < 0 || new_size != (ssize_t)epriv.num)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
- else
- {
- session->security_parameters.max_record_recv_size = epriv.num;
- }
-
- }
-
-
- }
-
- return 0;
+ ssize_t new_size;
+ ssize_t data_size = _data_size;
+ extension_priv_data_t epriv;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (data_size > 0) {
+ DECR_LEN(data_size, 1);
+
+ new_size = _gnutls_mre_num2record(data[0]);
+
+ if (new_size < 0) {
+ gnutls_assert();
+ return new_size;
+ }
+
+ session->security_parameters.max_record_send_size =
+ new_size;
+ session->security_parameters.max_record_recv_size =
+ new_size;
+ }
+ } else { /* CLIENT SIDE - we must check if the sent record size is the right one
+ */
+ if (data_size > 0) {
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (data_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_size = _gnutls_mre_num2record(data[0]);
+
+ if (new_size < 0
+ || new_size != (ssize_t) epriv.num) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ } else {
+ session->security_parameters.
+ max_record_recv_size = epriv.num;
+ }
+
+ }
+
+
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_max_record_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_max_record_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- uint8_t p;
- int ret;
-
- /* this function sends the client extension data (dnsname) */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- &epriv);
- if (ret < 0) /* it is ok not to have it */
- {
- return 0;
- }
-
- if (epriv.num != DEFAULT_MAX_RECORD_SIZE)
- {
- p = (uint8_t) _gnutls_mre_record2num (epriv.num);
- ret = _gnutls_buffer_append_data( extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 1;
- }
-
- }
- else
- { /* server side */
-
- if (session->security_parameters.max_record_recv_size !=
- DEFAULT_MAX_RECORD_SIZE)
- {
- p =
- (uint8_t)
- _gnutls_mre_record2num
- (session->security_parameters.max_record_recv_size);
-
- ret = _gnutls_buffer_append_data( extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 1;
- }
- }
-
- return 0;
+ uint8_t p;
+ int ret;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0) { /* it is ok not to have it */
+ return 0;
+ }
+
+ if (epriv.num != DEFAULT_MAX_RECORD_SIZE) {
+ p = (uint8_t) _gnutls_mre_record2num(epriv.num);
+ ret = _gnutls_buffer_append_data(extdata, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 1;
+ }
+
+ } else { /* server side */
+
+ if (session->security_parameters.max_record_recv_size !=
+ DEFAULT_MAX_RECORD_SIZE) {
+ p = (uint8_t)
+ _gnutls_mre_record2num
+ (session->security_parameters.
+ max_record_recv_size);
+
+ ret = _gnutls_buffer_append_data(extdata, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 1;
+ }
+ }
+
+ return 0;
}
static int
-_gnutls_max_record_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_max_record_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- int ret;
+ int ret;
- BUFFER_APPEND_NUM (ps, epriv.num);
+ BUFFER_APPEND_NUM(ps, epriv.num);
- return 0;
+ return 0;
}
static int
-_gnutls_max_record_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_max_record_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
- extension_priv_data_t epriv;
- int ret;
+ extension_priv_data_t epriv;
+ int ret;
- BUFFER_POP_NUM (ps, epriv.num);
+ BUFFER_POP_NUM(ps, epriv.num);
- *_priv = epriv;
+ *_priv = epriv;
- ret = 0;
-error:
- return ret;
+ ret = 0;
+ error:
+ return ret;
}
/* Maps numbers to record sizes according to the
* extensions draft.
*/
-static int
-_gnutls_mre_num2record (int num)
+static int _gnutls_mre_num2record(int num)
{
- switch (num)
- {
- case 1:
- return 512;
- case 2:
- return 1024;
- case 3:
- return 2048;
- case 4:
- return 4096;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ switch (num) {
+ case 1:
+ return 512;
+ case 2:
+ return 1024;
+ case 3:
+ return 2048;
+ case 4:
+ return 4096;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
/* Maps record size to numbers according to the
* extensions draft.
*/
-static int
-_gnutls_mre_record2num (uint16_t record_size)
+static int _gnutls_mre_record2num(uint16_t record_size)
{
- switch (record_size)
- {
- case 512:
- return 1;
- case 1024:
- return 2;
- case 2048:
- return 3;
- case 4096:
- return 4;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ switch (record_size) {
+ case 512:
+ return 1;
+ case 1024:
+ return 2;
+ case 2048:
+ return 3;
+ case 4096:
+ return 4;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
@@ -271,13 +255,12 @@ _gnutls_mre_record2num (uint16_t record_size)
*
* Returns: The maximum record packet size in this connection.
**/
-size_t
-gnutls_record_get_max_size (gnutls_session_t session)
+size_t gnutls_record_get_max_size(gnutls_session_t session)
{
- /* Recv will hold the negotiated max record size
- * always.
- */
- return session->security_parameters.max_record_recv_size;
+ /* Recv will hold the negotiated max record size
+ * always.
+ */
+ return session->security_parameters.max_record_recv_size;
}
@@ -301,28 +284,27 @@ gnutls_record_get_max_size (gnutls_session_t session)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-ssize_t
-gnutls_record_set_max_size (gnutls_session_t session, size_t size)
+ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size)
{
- ssize_t new_size;
- extension_priv_data_t epriv;
+ ssize_t new_size;
+ extension_priv_data_t epriv;
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return GNUTLS_E_INVALID_REQUEST;
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return GNUTLS_E_INVALID_REQUEST;
- new_size = _gnutls_mre_record2num (size);
+ new_size = _gnutls_mre_record2num(size);
- if (new_size < 0)
- {
- gnutls_assert ();
- return new_size;
- }
+ if (new_size < 0) {
+ gnutls_assert();
+ return new_size;
+ }
- session->security_parameters.max_record_send_size = size;
- epriv.num = size;
+ session->security_parameters.max_record_send_size = size;
+ epriv.num = size;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- epriv);
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ epriv);
- return 0;
+ return 0;
}
diff --git a/lib/ext/new_record_padding.c b/lib/ext/new_record_padding.c
index d16da658e8..aceec7c4b9 100644
--- a/lib/ext/new_record_padding.c
+++ b/lib/ext/new_record_padding.c
@@ -29,104 +29,98 @@
#include <gnutls_extensions.h>
#include <ext/new_record_padding.h>
-static int new_record_padding_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int new_record_padding_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
-static int new_record_padding_before_epoch_change(gnutls_session_t session);
+static int new_record_padding_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int new_record_padding_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
+static int new_record_padding_before_epoch_change(gnutls_session_t
+ session);
extension_entry_st ext_mod_new_record_padding = {
- .name = "NEW_RECORD_PADDING",
- .type = GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = new_record_padding_recv_params,
- .send_func = new_record_padding_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL,
- .epoch_func = new_record_padding_before_epoch_change
+ .name = "NEW_RECORD_PADDING",
+ .type = GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = new_record_padding_recv_params,
+ .send_func = new_record_padding_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL,
+ .epoch_func = new_record_padding_before_epoch_change
};
static int
-new_record_padding_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+new_record_padding_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- ssize_t data_size = _data_size;
- extension_priv_data_t epriv;
-
- if (data_size > 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (session->internals.priorities.new_record_padding != 0)
- {
- epriv.num = 1;
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- epriv);
- }
- }
- else /* client */
- {
- if (session->internals.priorities.new_record_padding != 0)
- {
- epriv.num = 1;
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- epriv);
- }
- }
-
- return 0;
+ ssize_t data_size = _data_size;
+ extension_priv_data_t epriv;
+
+ if (data_size > 0)
+ return
+ gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (session->internals.priorities.new_record_padding != 0) {
+ epriv.num = 1;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ epriv);
+ }
+ } else { /* client */
+
+ if (session->internals.priorities.new_record_padding != 0) {
+ epriv.num = 1;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ epriv);
+ }
+ }
+
+ return 0;
}
static int new_record_padding_before_epoch_change(gnutls_session_t session)
{
- extension_priv_data_t epriv;
- int ret;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- &epriv);
- if (ret < 0)
- return 0; /* fine */
-
- if (epriv.num != 0)
- session->security_parameters.new_record_padding = 1;
-
- return 0;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ &epriv);
+ if (ret < 0)
+ return 0; /* fine */
+
+ if (epriv.num != 0)
+ session->security_parameters.new_record_padding = 1;
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-new_record_padding_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+new_record_padding_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
-extension_priv_data_t epriv;
-int ret;
-
- /* this function sends the client extension data (dnsname) */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (session->internals.priorities.new_record_padding != 0)
- return GNUTLS_E_INT_RET_0; /* advertize it */
- }
- else
- { /* server side */
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- &epriv);
- if (ret < 0)
- return 0;
-
- if (epriv.num != 0)
- return GNUTLS_E_INT_RET_0;
- }
-
- return 0;
+ extension_priv_data_t epriv;
+ int ret;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (session->internals.priorities.new_record_padding != 0)
+ return GNUTLS_E_INT_RET_0; /* advertize it */
+ } else { /* server side */
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ if (epriv.num != 0)
+ return GNUTLS_E_INT_RET_0;
+ }
+
+ return 0;
}
-
-
diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c
index 43b17956dc..e8c8b1d730 100644
--- a/lib/ext/safe_renegotiation.c
+++ b/lib/ext/safe_renegotiation.c
@@ -25,416 +25,390 @@
#include <gnutls_errors.h>
-static int _gnutls_sr_recv_params (gnutls_session_t state,
- const uint8_t * data, size_t data_size);
-static int _gnutls_sr_send_params (gnutls_session_t state, gnutls_buffer_st*);
-static void _gnutls_sr_deinit_data (extension_priv_data_t priv);
+static int _gnutls_sr_recv_params(gnutls_session_t state,
+ const uint8_t * data, size_t data_size);
+static int _gnutls_sr_send_params(gnutls_session_t state,
+ gnutls_buffer_st *);
+static void _gnutls_sr_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_sr = {
- .name = "SAFE RENEGOTIATION",
- .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- .parse_type = GNUTLS_EXT_MANDATORY,
-
- .recv_func = _gnutls_sr_recv_params,
- .send_func = _gnutls_sr_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = _gnutls_sr_deinit_data,
+ .name = "SAFE RENEGOTIATION",
+ .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ .parse_type = GNUTLS_EXT_MANDATORY,
+
+ .recv_func = _gnutls_sr_recv_params,
+ .send_func = _gnutls_sr_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = _gnutls_sr_deinit_data,
};
int
-_gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
- size_t vdata_size, int dir)
+_gnutls_ext_sr_finished(gnutls_session_t session, void *vdata,
+ size_t vdata_size, int dir)
{
- int ret;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
-
- if (session->internals.priorities.sr == SR_DISABLED)
- {
- return 0;
- }
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- priv = epriv.ptr;
-
- /* Save data for safe renegotiation.
- */
- if (vdata_size > MAX_VERIFY_DATA_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ((session->security_parameters.entity == GNUTLS_CLIENT && dir == 0) ||
- (session->security_parameters.entity == GNUTLS_SERVER && dir == 1))
- {
- priv->client_verify_data_len = vdata_size;
- memcpy (priv->client_verify_data, vdata, vdata_size);
- }
- else
- {
- priv->server_verify_data_len = vdata_size;
- memcpy (priv->server_verify_data, vdata, vdata_size);
- }
-
- return 0;
+ int ret;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (session->internals.priorities.sr == SR_DISABLED) {
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ priv = epriv.ptr;
+
+ /* Save data for safe renegotiation.
+ */
+ if (vdata_size > MAX_VERIFY_DATA_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((session->security_parameters.entity == GNUTLS_CLIENT
+ && dir == 0)
+ || (session->security_parameters.entity == GNUTLS_SERVER
+ && dir == 1)) {
+ priv->client_verify_data_len = vdata_size;
+ memcpy(priv->client_verify_data, vdata, vdata_size);
+ } else {
+ priv->server_verify_data_len = vdata_size;
+ memcpy(priv->server_verify_data, vdata, vdata_size);
+ }
+
+ return 0;
}
-int
-_gnutls_ext_sr_verify (gnutls_session_t session)
+int _gnutls_ext_sr_verify(gnutls_session_t session)
{
- int ret;
- sr_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- if (session->internals.priorities.sr == SR_DISABLED)
- {
- gnutls_assert ();
- return 0;
- }
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret >= 0)
- priv = epriv.ptr;
-
- /* Safe renegotiation */
-
- if (priv && priv->safe_renegotiation_received)
- {
- if ((priv->ri_extension_data_len < priv->client_verify_data_len) ||
- (memcmp (priv->ri_extension_data,
- priv->client_verify_data, priv->client_verify_data_len)))
- {
- gnutls_assert ();
- _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
- session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if ((priv->ri_extension_data_len !=
- priv->client_verify_data_len + priv->server_verify_data_len) ||
- memcmp (priv->ri_extension_data + priv->client_verify_data_len,
- priv->server_verify_data,
- priv->server_verify_data_len) != 0)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Safe renegotiation failed [2]\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
- else /* Make sure there are 0 extra bytes */
- {
- if (priv->ri_extension_data_len != priv->client_verify_data_len)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Safe renegotiation failed [3]\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
-
- _gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n",
- session);
- }
- else /* safe renegotiation not received... */
- {
- if (priv && priv->connection_using_safe_renegotiation)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Peer previously asked for safe renegotiation\n",
- session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
-
- /* Clients can't tell if it's an initial negotiation */
- if (session->internals.initial_negotiation_completed)
- {
- if (session->internals.priorities.sr < SR_PARTIAL)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
- }
- else
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Denying unsafe (re)negotiation\n", session);
- return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
- }
- }
- else
- {
- if (session->internals.priorities.sr < SR_SAFE)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
- }
- else
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Denying unsafe initial negotiation\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
- }
-
- return 0;
+ int ret;
+ sr_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (session->internals.priorities.sr == SR_DISABLED) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ /* Safe renegotiation */
+
+ if (priv && priv->safe_renegotiation_received) {
+ if ((priv->ri_extension_data_len <
+ priv->client_verify_data_len)
+ ||
+ (memcmp
+ (priv->ri_extension_data, priv->client_verify_data,
+ priv->client_verify_data_len))) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [1]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if ((priv->ri_extension_data_len !=
+ priv->client_verify_data_len +
+ priv->server_verify_data_len)
+ || memcmp(priv->ri_extension_data +
+ priv->client_verify_data_len,
+ priv->server_verify_data,
+ priv->server_verify_data_len) != 0) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [2]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ } else { /* Make sure there are 0 extra bytes */
+
+ if (priv->ri_extension_data_len !=
+ priv->client_verify_data_len) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [3]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation succeeded\n", session);
+ } else { /* safe renegotiation not received... */
+
+ if (priv && priv->connection_using_safe_renegotiation) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Peer previously asked for safe renegotiation\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ /* Clients can't tell if it's an initial negotiation */
+ if (session->internals.initial_negotiation_completed) {
+ if (session->internals.priorities.sr < SR_PARTIAL) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe (re)negotiation\n",
+ session);
+ } else {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe (re)negotiation\n",
+ session);
+ return
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
+ }
+ } else {
+ if (session->internals.priorities.sr < SR_SAFE) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe initial negotiation\n",
+ session);
+ } else {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe initial negotiation\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+ }
+
+ return 0;
}
/* if a server received the special ciphersuite.
*/
-int
-_gnutls_ext_sr_recv_cs (gnutls_session_t session)
+int _gnutls_ext_sr_recv_cs(gnutls_session_t session)
{
- int ret, set = 0;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
- else
- priv = epriv.ptr;
-
- priv->safe_renegotiation_received = 1;
- priv->connection_using_safe_renegotiation = 1;
-
- if (set != 0)
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
-
- return 0;
+ int ret, set = 0;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ } else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ } else
+ priv = epriv.ptr;
+
+ priv->safe_renegotiation_received = 1;
+ priv->connection_using_safe_renegotiation = 1;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+
+ return 0;
}
-int
-_gnutls_ext_sr_send_cs (gnutls_session_t session)
+int _gnutls_ext_sr_send_cs(gnutls_session_t session)
{
- int ret, set = 0;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
-
- if (set != 0)
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
-
- return 0;
+ int ret, set = 0;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ } else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ }
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+
+ return 0;
}
static int
-_gnutls_sr_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_sr_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- unsigned int len = data[0];
- ssize_t data_size = _data_size;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
- int set = 0, ret;
-
- DECR_LEN (data_size, len + 1 /* count the first byte and payload */ );
-
- if (session->internals.priorities.sr == SR_DISABLED)
- {
- gnutls_assert ();
- return 0;
- }
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER)
- {
- set = 1;
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
- else
- priv = epriv.ptr;
-
- /* It is not legal to receive this extension on a renegotiation and
- * not receive it on the initial negotiation.
- */
- if (session->internals.initial_negotiation_completed != 0 &&
- priv->connection_using_safe_renegotiation == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
-
- if (len > sizeof (priv->ri_extension_data))
- {
- gnutls_assert ();
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
-
- if (len > 0)
- memcpy (priv->ri_extension_data, &data[1], len);
- priv->ri_extension_data_len = len;
-
- /* "safe renegotiation received" means on *this* handshake; "connection using
- * safe renegotiation" means that the initial hello received on the connection
- * indicated safe renegotiation.
- */
- priv->safe_renegotiation_received = 1;
- priv->connection_using_safe_renegotiation = 1;
-
- if (set != 0)
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
- return 0;
+ unsigned int len = data[0];
+ ssize_t data_size = _data_size;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+ int set = 0, ret;
+
+ DECR_LEN(data_size,
+ len + 1 /* count the first byte and payload */ );
+
+ if (session->internals.priorities.sr == SR_DISABLED) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0
+ && session->security_parameters.entity == GNUTLS_SERVER) {
+ set = 1;
+ } else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ } else
+ priv = epriv.ptr;
+
+ /* It is not legal to receive this extension on a renegotiation and
+ * not receive it on the initial negotiation.
+ */
+ if (session->internals.initial_negotiation_completed != 0 &&
+ priv->connection_using_safe_renegotiation == 0) {
+ gnutls_assert();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (len > sizeof(priv->ri_extension_data)) {
+ gnutls_assert();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (len > 0)
+ memcpy(priv->ri_extension_data, &data[1], len);
+ priv->ri_extension_data_len = len;
+
+ /* "safe renegotiation received" means on *this* handshake; "connection using
+ * safe renegotiation" means that the initial hello received on the connection
+ * indicated safe renegotiation.
+ */
+ priv->safe_renegotiation_received = 1;
+ priv->connection_using_safe_renegotiation = 1;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+ return 0;
}
static int
-_gnutls_sr_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_sr_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- /* The format of this extension is a one-byte length of verify data followed
- * by the verify data itself. Note that the length byte does not include
- * itself; IOW, empty verify data is represented as a length of 0. That means
- * the minimum extension is one byte: 0x00.
- */
- sr_ext_st *priv;
- int ret, set = 0, len;
- extension_priv_data_t epriv;
- size_t init_length = extdata->length;
-
- if (session->internals.priorities.sr == SR_DISABLED)
- {
- gnutls_assert ();
- return 0;
- }
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
-
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- epriv);
- }
- else
- priv = epriv.ptr;
-
- /* Always offer the extension if we're a client */
- if (priv->connection_using_safe_renegotiation ||
- session->security_parameters.entity == GNUTLS_CLIENT)
- {
- len = priv->client_verify_data_len;
- if (session->security_parameters.entity == GNUTLS_SERVER)
- len += priv->server_verify_data_len;
-
- ret = _gnutls_buffer_append_prefix(extdata, 8, len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data(extdata, priv->client_verify_data,
- priv->client_verify_data_len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- ret = _gnutls_buffer_append_data(extdata, priv->server_verify_data,
- priv->server_verify_data_len);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- else
- return 0;
-
- return extdata->length - init_length;
+ /* The format of this extension is a one-byte length of verify data followed
+ * by the verify data itself. Note that the length byte does not include
+ * itself; IOW, empty verify data is represented as a length of 0. That means
+ * the minimum extension is one byte: 0x00.
+ */
+ sr_ext_st *priv;
+ int ret, set = 0, len;
+ extension_priv_data_t epriv;
+ size_t init_length = extdata->length;
+
+ if (session->internals.priorities.sr == SR_DISABLED) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+ } else
+ priv = epriv.ptr;
+
+ /* Always offer the extension if we're a client */
+ if (priv->connection_using_safe_renegotiation ||
+ session->security_parameters.entity == GNUTLS_CLIENT) {
+ len = priv->client_verify_data_len;
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ len += priv->server_verify_data_len;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 8, len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data(extdata,
+ priv->client_verify_data,
+ priv->
+ client_verify_data_len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ ret =
+ _gnutls_buffer_append_data(extdata,
+ priv->
+ server_verify_data,
+ priv->
+ server_verify_data_len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ } else
+ return 0;
+
+ return extdata->length - init_length;
}
-static void
-_gnutls_sr_deinit_data (extension_priv_data_t priv)
+static void _gnutls_sr_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
/**
@@ -449,22 +423,20 @@ _gnutls_sr_deinit_data (extension_priv_data_t priv)
*
* Since: 2.10.0
**/
-int
-gnutls_safe_renegotiation_status (gnutls_session_t session)
+int gnutls_safe_renegotiation_status(gnutls_session_t session)
{
- int ret;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return 0;
- }
- priv = epriv.ptr;
-
- return priv->connection_using_safe_renegotiation;
+ int ret;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ return priv->connection_using_safe_renegotiation;
}
diff --git a/lib/ext/safe_renegotiation.h b/lib/ext/safe_renegotiation.h
index 124c9295e0..cd334158a3 100644
--- a/lib/ext/safe_renegotiation.h
+++ b/lib/ext/safe_renegotiation.h
@@ -25,26 +25,25 @@
#include <gnutls_extensions.h>
-typedef struct
-{
- uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
- size_t client_verify_data_len;
- uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
- size_t server_verify_data_len;
- uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
- size_t ri_extension_data_len;
+typedef struct {
+ uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
+ size_t client_verify_data_len;
+ uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
+ size_t server_verify_data_len;
+ uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
+ size_t ri_extension_data_len;
- unsigned int safe_renegotiation_received:1;
- unsigned int initial_negotiation_completed:1;
- unsigned int connection_using_safe_renegotiation:1;
+ unsigned int safe_renegotiation_received:1;
+ unsigned int initial_negotiation_completed:1;
+ unsigned int connection_using_safe_renegotiation:1;
} sr_ext_st;
extern extension_entry_st ext_mod_sr;
-int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
- size_t vdata_size, int dir);
-int _gnutls_ext_sr_recv_cs (gnutls_session_t session);
-int _gnutls_ext_sr_verify (gnutls_session_t session);
-int _gnutls_ext_sr_send_cs (gnutls_session_t);
+int _gnutls_ext_sr_finished(gnutls_session_t session, void *vdata,
+ size_t vdata_size, int dir);
+int _gnutls_ext_sr_recv_cs(gnutls_session_t session);
+int _gnutls_ext_sr_verify(gnutls_session_t session);
+int _gnutls_ext_sr_send_cs(gnutls_session_t);
-#endif /* EXT_SAFE_RENEGOTIATION_H */
+#endif /* EXT_SAFE_RENEGOTIATION_H */
diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c
index c78a3c30d0..11240280e1 100644
--- a/lib/ext/server_name.c
+++ b/lib/ext/server_name.c
@@ -26,29 +26,29 @@
#include "gnutls_num.h"
#include <ext/server_name.h>
-static int _gnutls_server_name_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_server_name_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
+static int _gnutls_server_name_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_server_name_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
-static int _gnutls_server_name_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_server_name_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
-static void _gnutls_server_name_deinit_data (extension_priv_data_t priv);
+static int _gnutls_server_name_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_server_name_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void _gnutls_server_name_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_server_name = {
- .name = "SERVER NAME",
- .type = GNUTLS_EXTENSION_SERVER_NAME,
- .parse_type = GNUTLS_EXT_APPLICATION,
-
- .recv_func = _gnutls_server_name_recv_params,
- .send_func = _gnutls_server_name_send_params,
- .pack_func = _gnutls_server_name_pack,
- .unpack_func = _gnutls_server_name_unpack,
- .deinit_func = _gnutls_server_name_deinit_data,
+ .name = "SERVER NAME",
+ .type = GNUTLS_EXTENSION_SERVER_NAME,
+ .parse_type = GNUTLS_EXT_APPLICATION,
+
+ .recv_func = _gnutls_server_name_recv_params,
+ .send_func = _gnutls_server_name_send_params,
+ .pack_func = _gnutls_server_name_pack,
+ .unpack_func = _gnutls_server_name_unpack,
+ .deinit_func = _gnutls_server_name_deinit_data,
};
/*
@@ -61,191 +61,189 @@ extension_entry_st ext_mod_server_name = {
*
*/
static int
-_gnutls_server_name_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_server_name_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- int i;
- const unsigned char *p;
- uint16_t len, type;
- ssize_t data_size = _data_size;
- int server_names = 0;
- server_name_ext_st *priv;
- extension_priv_data_t epriv;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- DECR_LENGTH_RET (data_size, 2, 0);
- len = _gnutls_read_uint16 (data);
-
- if (len != data_size)
- {
- /* This is unexpected packet length, but
- * just ignore it, for now.
- */
- gnutls_assert ();
- return 0;
- }
-
- p = data + 2;
-
- /* Count all server_names in the packet. */
- while (data_size > 0)
- {
- DECR_LENGTH_RET (data_size, 1, 0);
- p++;
-
- DECR_LEN (data_size, 2);
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- if (len > 0)
- {
- DECR_LENGTH_RET (data_size, len, 0);
- server_names++;
- p += len;
- }
- else
- _gnutls_handshake_log
- ("HSK[%p]: Received (0) size server name (under attack?)\n",
- session);
-
- }
-
- /* we cannot accept more server names.
- */
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Too many server names received (under attack?)\n",
- session);
- server_names = MAX_SERVER_NAME_EXTENSIONS;
- }
-
- if (server_names == 0)
- return 0; /* no names found */
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- priv->server_names_size = server_names;
-
- p = data + 2;
- for (i = 0; i < server_names; i++)
- {
- type = *p;
- p++;
-
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- switch (type)
- {
- case 0: /* NAME_DNS */
- if (len <= MAX_SERVER_NAME_SIZE)
- {
- memcpy (priv->server_names[i].name, p, len);
- priv->server_names[i].name_length = len;
- priv->server_names[i].type = GNUTLS_NAME_DNS;
- break;
- }
- }
-
- /* move to next record */
- p += len;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- epriv);
-
- }
-
- return 0;
+ int i;
+ const unsigned char *p;
+ uint16_t len, type;
+ ssize_t data_size = _data_size;
+ int server_names = 0;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ DECR_LENGTH_RET(data_size, 2, 0);
+ len = _gnutls_read_uint16(data);
+
+ if (len != data_size) {
+ /* This is unexpected packet length, but
+ * just ignore it, for now.
+ */
+ gnutls_assert();
+ return 0;
+ }
+
+ p = data + 2;
+
+ /* Count all server_names in the packet. */
+ while (data_size > 0) {
+ DECR_LENGTH_RET(data_size, 1, 0);
+ p++;
+
+ DECR_LEN(data_size, 2);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ if (len > 0) {
+ DECR_LENGTH_RET(data_size, len, 0);
+ server_names++;
+ p += len;
+ } else
+ _gnutls_handshake_log
+ ("HSK[%p]: Received (0) size server name (under attack?)\n",
+ session);
+
+ }
+
+ /* we cannot accept more server names.
+ */
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Too many server names received (under attack?)\n",
+ session);
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
+ }
+
+ if (server_names == 0)
+ return 0; /* no names found */
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->server_names_size = server_names;
+
+ p = data + 2;
+ for (i = 0; i < server_names; i++) {
+ type = *p;
+ p++;
+
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ switch (type) {
+ case 0: /* NAME_DNS */
+ if (len <= MAX_SERVER_NAME_SIZE) {
+ memcpy(priv->server_names[i].name,
+ p, len);
+ priv->server_names[i].name_length =
+ len;
+ priv->server_names[i].type =
+ GNUTLS_NAME_DNS;
+ break;
+ }
+ }
+
+ /* move to next record */
+ p += len;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ epriv);
+
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_server_name_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_server_name_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- uint16_t len;
- unsigned i;
- int total_size = 0, ret;
- server_name_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
- if (ret < 0)
- return 0;
-
-
- /* this function sends the client extension data (dnsname)
- */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- priv = epriv.ptr;
-
- if (priv->server_names_size == 0)
- return 0;
-
- /* uint16_t
- */
- total_size = 2;
- for (i = 0; i < priv->server_names_size; i++)
- {
- /* count the total size
- */
- len = priv->server_names[i].name_length;
-
- /* uint8_t + uint16_t + size
- */
- total_size += 1 + 2 + len;
- }
-
- /* UINT16: write total size of all names
- */
- ret = _gnutls_buffer_append_prefix(extdata, 16, total_size - 2);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < priv->server_names_size; i++)
- {
-
- switch (priv->server_names[i].type)
- {
- case GNUTLS_NAME_DNS:
- len = priv->server_names[i].name_length;
- if (len == 0)
- break;
-
- /* UINT8: type of this extension
- * UINT16: size of the first name
- * LEN: the actual server name.
- */
- ret = _gnutls_buffer_append_prefix(extdata, 8, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(extdata, 16, priv->server_names[i].name, len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
- }
-
- return total_size;
+ uint16_t len;
+ unsigned i;
+ int total_size = 0, ret;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+
+ /* this function sends the client extension data (dnsname)
+ */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ priv = epriv.ptr;
+
+ if (priv->server_names_size == 0)
+ return 0;
+
+ /* uint16_t
+ */
+ total_size = 2;
+ for (i = 0; i < priv->server_names_size; i++) {
+ /* count the total size
+ */
+ len = priv->server_names[i].name_length;
+
+ /* uint8_t + uint16_t + size
+ */
+ total_size += 1 + 2 + len;
+ }
+
+ /* UINT16: write total size of all names
+ */
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ total_size - 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < priv->server_names_size; i++) {
+
+ switch (priv->server_names[i].type) {
+ case GNUTLS_NAME_DNS:
+ len = priv->server_names[i].name_length;
+ if (len == 0)
+ break;
+
+ /* UINT8: type of this extension
+ * UINT16: size of the first name
+ * LEN: the actual server name.
+ */
+ ret =
+ _gnutls_buffer_append_prefix(extdata,
+ 8, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix
+ (extdata, 16,
+ priv->server_names[i].name, len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+ }
+
+ return total_size;
}
/**
@@ -277,56 +275,51 @@ _gnutls_server_name_send_params (gnutls_session_t session,
* otherwise a negative error code is returned.
**/
int
-gnutls_server_name_get (gnutls_session_t session, void *data,
- size_t * data_length,
- unsigned int *type, unsigned int indx)
+gnutls_server_name_get(gnutls_session_t session, void *data,
+ size_t * data_length,
+ unsigned int *type, unsigned int indx)
{
- char *_data = data;
- server_name_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- priv = epriv.ptr;
-
- if (indx + 1 > priv->server_names_size)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- *type = priv->server_names[indx].type;
-
- if (*data_length > /* greater since we need one extra byte for the null */
- priv->server_names[indx].name_length)
- {
- *data_length = priv->server_names[indx].name_length;
- memcpy (data, priv->server_names[indx].name, *data_length);
-
- if (*type == GNUTLS_NAME_DNS) /* null terminate */
- _data[(*data_length)] = 0;
-
- }
- else
- {
- *data_length = priv->server_names[indx].name_length + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- return 0;
+ char *_data = data;
+ server_name_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ priv = epriv.ptr;
+
+ if (indx + 1 > priv->server_names_size) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ *type = priv->server_names[indx].type;
+
+ if (*data_length > /* greater since we need one extra byte for the null */
+ priv->server_names[indx].name_length) {
+ *data_length = priv->server_names[indx].name_length;
+ memcpy(data, priv->server_names[indx].name, *data_length);
+
+ if (*type == GNUTLS_NAME_DNS) /* null terminate */
+ _data[(*data_length)] = 0;
+
+ } else {
+ *data_length = priv->server_names[indx].name_length + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ return 0;
}
/**
@@ -350,123 +343,117 @@ gnutls_server_name_get (gnutls_session_t session, void *data,
* otherwise a negative error code is returned.
**/
int
-gnutls_server_name_set (gnutls_session_t session,
- gnutls_server_name_type_t type,
- const void *name, size_t name_length)
+gnutls_server_name_set(gnutls_session_t session,
+ gnutls_server_name_type_t type,
+ const void *name, size_t name_length)
{
- int server_names, ret;
- server_name_ext_st *priv;
- extension_priv_data_t epriv;
- int set = 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (name_length > MAX_SERVER_NAME_SIZE)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
- else
- priv = epriv.ptr;
-
- server_names = priv->server_names_size + 1;
-
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- server_names = MAX_SERVER_NAME_EXTENSIONS;
-
- priv->server_names[server_names - 1].type = type;
- memcpy (priv->server_names[server_names - 1].name, name, name_length);
- priv->server_names[server_names - 1].name_length = name_length;
-
- priv->server_names_size = server_names;
-
- if (set != 0)
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- epriv);
-
- return 0;
+ int server_names, ret;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+ int set = 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (name_length > MAX_SERVER_NAME_SIZE)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ } else
+ priv = epriv.ptr;
+
+ server_names = priv->server_names_size + 1;
+
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
+
+ priv->server_names[server_names - 1].type = type;
+ memcpy(priv->server_names[server_names - 1].name, name,
+ name_length);
+ priv->server_names[server_names - 1].name_length = name_length;
+
+ priv->server_names_size = server_names;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ epriv);
+
+ return 0;
}
-static void
-_gnutls_server_name_deinit_data (extension_priv_data_t priv)
+static void _gnutls_server_name_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
static int
-_gnutls_server_name_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_server_name_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps)
{
- server_name_ext_st *priv = epriv.ptr;
- unsigned int i;
- int ret;
-
- BUFFER_APPEND_NUM (ps, priv->server_names_size);
- for (i = 0; i < priv->server_names_size; i++)
- {
- BUFFER_APPEND_NUM (ps, priv->server_names[i].type);
- BUFFER_APPEND_PFX4 (ps, priv->server_names[i].name,
- priv->server_names[i].name_length);
- }
- return 0;
+ server_name_ext_st *priv = epriv.ptr;
+ unsigned int i;
+ int ret;
+
+ BUFFER_APPEND_NUM(ps, priv->server_names_size);
+ for (i = 0; i < priv->server_names_size; i++) {
+ BUFFER_APPEND_NUM(ps, priv->server_names[i].type);
+ BUFFER_APPEND_PFX4(ps, priv->server_names[i].name,
+ priv->server_names[i].name_length);
+ }
+ return 0;
}
static int
-_gnutls_server_name_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_server_name_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
- server_name_ext_st *priv;
- unsigned int i;
- int ret;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_NUM (ps, priv->server_names_size);
- for (i = 0; i < priv->server_names_size; i++)
- {
- BUFFER_POP_NUM (ps, priv->server_names[i].type);
- BUFFER_POP_NUM (ps, priv->server_names[i].name_length);
- if (priv->server_names[i].name_length >
- sizeof (priv->server_names[i].name))
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
- BUFFER_POP (ps, priv->server_names[i].name,
- priv->server_names[i].name_length);
- }
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ server_name_ext_st *priv;
+ unsigned int i;
+ int ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM(ps, priv->server_names_size);
+ for (i = 0; i < priv->server_names_size; i++) {
+ BUFFER_POP_NUM(ps, priv->server_names[i].type);
+ BUFFER_POP_NUM(ps, priv->server_names[i].name_length);
+ if (priv->server_names[i].name_length >
+ sizeof(priv->server_names[i].name)) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ BUFFER_POP(ps, priv->server_names[i].name,
+ priv->server_names[i].name_length);
+ }
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
diff --git a/lib/ext/server_name.h b/lib/ext/server_name.h
index 98fb3da293..fbc52177dc 100644
--- a/lib/ext/server_name.h
+++ b/lib/ext/server_name.h
@@ -24,20 +24,18 @@
#include <gnutls_extensions.h>
-typedef struct
-{
- uint8_t name[MAX_SERVER_NAME_SIZE];
- unsigned name_length;
- gnutls_server_name_type_t type;
+typedef struct {
+ uint8_t name[MAX_SERVER_NAME_SIZE];
+ unsigned name_length;
+ gnutls_server_name_type_t type;
} server_name_st;
#define MAX_SERVER_NAME_EXTENSIONS 3
-typedef struct
-{
- server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
- /* limit server_name extensions */
- unsigned server_names_size;
+typedef struct {
+ server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
+ /* limit server_name extensions */
+ unsigned server_names_size;
} server_name_ext_st;
extern extension_entry_st ext_mod_server_name;
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 0799fd788c..aa7707f472 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -41,26 +41,27 @@
#define MAC_SIZE 32
-static int session_ticket_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t data_size);
-static int session_ticket_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
-static int session_ticket_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int session_ticket_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
-static void session_ticket_deinit_data (extension_priv_data_t priv);
+static int session_ticket_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int session_ticket_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
+static int session_ticket_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int session_ticket_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void session_ticket_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_session_ticket = {
- .name = "SESSION TICKET",
- .type = GNUTLS_EXTENSION_SESSION_TICKET,
- .parse_type = GNUTLS_EXT_MANDATORY,
-
- .recv_func = session_ticket_recv_params,
- .send_func = session_ticket_send_params,
- .pack_func = session_ticket_pack,
- .unpack_func = session_ticket_unpack,
- .deinit_func = session_ticket_deinit_data,
+ .name = "SESSION TICKET",
+ .type = GNUTLS_EXTENSION_SESSION_TICKET,
+ .parse_type = GNUTLS_EXT_MANDATORY,
+
+ .recv_func = session_ticket_recv_params,
+ .send_func = session_ticket_send_params,
+ .pack_func = session_ticket_pack,
+ .unpack_func = session_ticket_unpack,
+ .deinit_func = session_ticket_deinit_data,
};
#define SESSION_KEY_SIZE (SESSION_TICKET_KEY_NAME_SIZE+SESSION_TICKET_KEY_SIZE+SESSION_TICKET_MAC_SECRET_SIZE)
@@ -68,396 +69,383 @@ extension_entry_st ext_mod_session_ticket = {
#define KEY_POS (SESSION_TICKET_KEY_NAME_SIZE)
#define MAC_SECRET_POS (SESSION_TICKET_KEY_NAME_SIZE+SESSION_TICKET_KEY_SIZE)
-typedef struct
-{
- int session_ticket_enable;
- int session_ticket_renew;
- uint8_t session_ticket_IV[SESSION_TICKET_IV_SIZE];
+typedef struct {
+ int session_ticket_enable;
+ int session_ticket_renew;
+ uint8_t session_ticket_IV[SESSION_TICKET_IV_SIZE];
- uint8_t *session_ticket;
- int session_ticket_len;
+ uint8_t *session_ticket;
+ int session_ticket_len;
- uint8_t key[SESSION_KEY_SIZE];
+ uint8_t key[SESSION_KEY_SIZE];
} session_ticket_ext_st;
-struct ticket
-{
- uint8_t key_name[KEY_NAME_SIZE];
- uint8_t IV[IV_SIZE];
- uint8_t *encrypted_state;
- uint16_t encrypted_state_len;
- uint8_t mac[MAC_SIZE];
+struct ticket {
+ uint8_t key_name[KEY_NAME_SIZE];
+ uint8_t IV[IV_SIZE];
+ uint8_t *encrypted_state;
+ uint16_t encrypted_state_len;
+ uint8_t mac[MAC_SIZE];
};
static int
-digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
- uint8_t * digest)
+digest_ticket(const gnutls_datum_t * key, struct ticket *ticket,
+ uint8_t * digest)
{
- mac_hd_st digest_hd;
- uint16_t length16;
- int ret;
-
- ret = _gnutls_mac_init (&digest_hd, mac_to_entry(GNUTLS_MAC_SHA256),
- key->data, key->size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- _gnutls_mac (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
- _gnutls_mac (&digest_hd, ticket->IV, IV_SIZE);
- length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len);
- _gnutls_mac (&digest_hd, &length16, 2);
- _gnutls_mac (&digest_hd, ticket->encrypted_state,
- ticket->encrypted_state_len);
- _gnutls_mac_deinit (&digest_hd, digest);
-
- return 0;
+ mac_hd_st digest_hd;
+ uint16_t length16;
+ int ret;
+
+ ret = _gnutls_mac_init(&digest_hd, mac_to_entry(GNUTLS_MAC_SHA256),
+ key->data, key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ _gnutls_mac(&digest_hd, ticket->key_name, KEY_NAME_SIZE);
+ _gnutls_mac(&digest_hd, ticket->IV, IV_SIZE);
+ length16 = _gnutls_conv_uint16(ticket->encrypted_state_len);
+ _gnutls_mac(&digest_hd, &length16, 2);
+ _gnutls_mac(&digest_hd, ticket->encrypted_state,
+ ticket->encrypted_state_len);
+ _gnutls_mac_deinit(&digest_hd, digest);
+
+ return 0;
}
static int
-decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
- struct ticket *ticket)
+decrypt_ticket(gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
{
- cipher_hd_st cipher_hd;
- gnutls_datum_t key, IV, mac_secret, state;
- uint8_t final[MAC_SECRET_SIZE];
- time_t timestamp = gnutls_time (0);
- int ret;
-
- /* Check the integrity of ticket using HMAC-SHA-256. */
- mac_secret.data = (void *) &priv->key[MAC_SECRET_POS];
- mac_secret.size = MAC_SECRET_SIZE;
- ret = digest_ticket (&mac_secret, ticket, final);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (memcmp (ticket->mac, final, MAC_SIZE))
- {
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
-
- /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
- key.data = (void *) &priv->key[KEY_POS];
- key.size = KEY_SIZE;
- IV.data = ticket->IV;
- IV.size = IV_SIZE;
- ret =
- _gnutls_cipher_init (&cipher_hd, cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
- &key, &IV, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- ret = _gnutls_cipher_decrypt (&cipher_hd, ticket->encrypted_state,
- ticket->encrypted_state_len);
- _gnutls_cipher_deinit (&cipher_hd);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Unpack security parameters. */
- state.data = ticket->encrypted_state;
- state.size = ticket->encrypted_state_len;
- ret = _gnutls_session_unpack (session, &state);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (timestamp - session->internals.resumed_security_parameters.timestamp >
- session->internals.expire_time
- || session->internals.resumed_security_parameters.timestamp > timestamp)
- {
- gnutls_assert ();
- return GNUTLS_E_EXPIRED;
- }
-
- session->internals.resumed = RESUME_TRUE;
-
- return 0;
+ cipher_hd_st cipher_hd;
+ gnutls_datum_t key, IV, mac_secret, state;
+ uint8_t final[MAC_SECRET_SIZE];
+ time_t timestamp = gnutls_time(0);
+ int ret;
+
+ /* Check the integrity of ticket using HMAC-SHA-256. */
+ mac_secret.data = (void *) &priv->key[MAC_SECRET_POS];
+ mac_secret.size = MAC_SECRET_SIZE;
+ ret = digest_ticket(&mac_secret, ticket, final);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (memcmp(ticket->mac, final, MAC_SIZE)) {
+ gnutls_assert();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
+ key.data = (void *) &priv->key[KEY_POS];
+ key.size = KEY_SIZE;
+ IV.data = ticket->IV;
+ IV.size = IV_SIZE;
+ ret =
+ _gnutls_cipher_init(&cipher_hd,
+ cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
+ &key, &IV, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ ret = _gnutls_cipher_decrypt(&cipher_hd, ticket->encrypted_state,
+ ticket->encrypted_state_len);
+ _gnutls_cipher_deinit(&cipher_hd);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Unpack security parameters. */
+ state.data = ticket->encrypted_state;
+ state.size = ticket->encrypted_state_len;
+ ret = _gnutls_session_unpack(session, &state);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (timestamp -
+ session->internals.resumed_security_parameters.timestamp >
+ session->internals.expire_time
+ || session->internals.resumed_security_parameters.timestamp >
+ timestamp) {
+ gnutls_assert();
+ return GNUTLS_E_EXPIRED;
+ }
+
+ session->internals.resumed = RESUME_TRUE;
+
+ return 0;
}
static int
-encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
- struct ticket *ticket)
+encrypt_ticket(gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
{
- cipher_hd_st cipher_hd;
- gnutls_datum_t key, IV, mac_secret, state, encrypted_state;
- int blocksize;
- int ret;
-
- /* Pack security parameters. */
- ret = _gnutls_session_pack (session, &state);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- blocksize = gnutls_cipher_get_block_size (GNUTLS_CIPHER_AES_128_CBC);
-
- encrypted_state.size =
- ((state.size + blocksize - 1) / blocksize) * blocksize;
- encrypted_state.data = gnutls_malloc (encrypted_state.size);
- if (!encrypted_state.data)
- {
- gnutls_assert ();
- _gnutls_free_datum (&state);
- return GNUTLS_E_MEMORY_ERROR;
- }
- memset (encrypted_state.data, 0, encrypted_state.size);
- memcpy (encrypted_state.data, state.data, state.size);
- _gnutls_free_datum (&state);
-
- /* Encrypt state using 128-bit AES in CBC mode. */
- key.data = (void *) &priv->key[KEY_POS];
- key.size = KEY_SIZE;
- IV.data = priv->session_ticket_IV;
- IV.size = IV_SIZE;
- ret =
- _gnutls_cipher_init (&cipher_hd, cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
- &key, &IV, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&encrypted_state);
- return ret;
- }
-
- ret = _gnutls_cipher_encrypt (&cipher_hd, encrypted_state.data,
- encrypted_state.size);
- _gnutls_cipher_deinit (&cipher_hd);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&encrypted_state);
- return ret;
- }
-
- /* Fill the ticket structure to compute MAC. */
- memcpy (ticket->key_name, &priv->key[NAME_POS], KEY_NAME_SIZE);
- memcpy (ticket->IV, IV.data, IV.size);
- ticket->encrypted_state_len = encrypted_state.size;
- ticket->encrypted_state = encrypted_state.data;
-
- mac_secret.data = &priv->key[MAC_SECRET_POS];
- mac_secret.size = MAC_SECRET_SIZE;
- ret = digest_ticket (&mac_secret, ticket, ticket->mac);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&encrypted_state);
- return ret;
- }
-
- return 0;
+ cipher_hd_st cipher_hd;
+ gnutls_datum_t key, IV, mac_secret, state, encrypted_state;
+ int blocksize;
+ int ret;
+
+ /* Pack security parameters. */
+ ret = _gnutls_session_pack(session, &state);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ blocksize =
+ gnutls_cipher_get_block_size(GNUTLS_CIPHER_AES_128_CBC);
+
+ encrypted_state.size =
+ ((state.size + blocksize - 1) / blocksize) * blocksize;
+ encrypted_state.data = gnutls_malloc(encrypted_state.size);
+ if (!encrypted_state.data) {
+ gnutls_assert();
+ _gnutls_free_datum(&state);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memset(encrypted_state.data, 0, encrypted_state.size);
+ memcpy(encrypted_state.data, state.data, state.size);
+ _gnutls_free_datum(&state);
+
+ /* Encrypt state using 128-bit AES in CBC mode. */
+ key.data = (void *) &priv->key[KEY_POS];
+ key.size = KEY_SIZE;
+ IV.data = priv->session_ticket_IV;
+ IV.size = IV_SIZE;
+ ret =
+ _gnutls_cipher_init(&cipher_hd,
+ cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
+ &key, &IV, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&encrypted_state);
+ return ret;
+ }
+
+ ret = _gnutls_cipher_encrypt(&cipher_hd, encrypted_state.data,
+ encrypted_state.size);
+ _gnutls_cipher_deinit(&cipher_hd);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&encrypted_state);
+ return ret;
+ }
+
+ /* Fill the ticket structure to compute MAC. */
+ memcpy(ticket->key_name, &priv->key[NAME_POS], KEY_NAME_SIZE);
+ memcpy(ticket->IV, IV.data, IV.size);
+ ticket->encrypted_state_len = encrypted_state.size;
+ ticket->encrypted_state = encrypted_state.data;
+
+ mac_secret.data = &priv->key[MAC_SECRET_POS];
+ mac_secret.size = MAC_SECRET_SIZE;
+ ret = digest_ticket(&mac_secret, ticket, ticket->mac);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&encrypted_state);
+ return ret;
+ }
+
+ return 0;
}
static int
-session_ticket_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+session_ticket_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- ssize_t data_size = _data_size;
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
- int ret;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret < 0)
- {
- return 0;
- }
- priv = epriv.ptr;
-
- if (!priv->session_ticket_enable)
- return 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- struct ticket ticket;
- const uint8_t *encrypted_state;
- int ret;
-
- /* The client requested a new session ticket. */
- if (data_size == 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
-
- DECR_LEN (data_size, KEY_NAME_SIZE);
- memcpy (ticket.key_name, data, KEY_NAME_SIZE);
- data += KEY_NAME_SIZE;
-
- /* If the key name of the ticket does not match the one that we
- hold, issue a new ticket. */
- if (memcmp (ticket.key_name, &priv->key[NAME_POS], KEY_NAME_SIZE))
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
-
- DECR_LEN (data_size, IV_SIZE);
- memcpy (ticket.IV, data, IV_SIZE);
- data += IV_SIZE;
-
- DECR_LEN (data_size, 2);
- ticket.encrypted_state_len = _gnutls_read_uint16 (data);
- data += 2;
-
- encrypted_state = data;
-
- DECR_LEN (data_size, ticket.encrypted_state_len);
- data += ticket.encrypted_state_len;
-
- DECR_LEN (data_size, MAC_SIZE);
- memcpy (ticket.mac, data, MAC_SIZE);
-
- ticket.encrypted_state = gnutls_malloc (ticket.encrypted_state_len);
- if (!ticket.encrypted_state)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- memcpy (ticket.encrypted_state, encrypted_state,
- ticket.encrypted_state_len);
-
- ret = decrypt_ticket (session, priv, &ticket);
- gnutls_free (ticket.encrypted_state);
- if (ret < 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
- }
- else /* Client */
- {
- if (data_size == 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
- }
-
- return 0;
+ ssize_t data_size = _data_size;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0) {
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_enable)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ struct ticket ticket;
+ const uint8_t *encrypted_state;
+ int ret;
+
+ /* The client requested a new session ticket. */
+ if (data_size == 0) {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+
+ DECR_LEN(data_size, KEY_NAME_SIZE);
+ memcpy(ticket.key_name, data, KEY_NAME_SIZE);
+ data += KEY_NAME_SIZE;
+
+ /* If the key name of the ticket does not match the one that we
+ hold, issue a new ticket. */
+ if (memcmp
+ (ticket.key_name, &priv->key[NAME_POS],
+ KEY_NAME_SIZE)) {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+
+ DECR_LEN(data_size, IV_SIZE);
+ memcpy(ticket.IV, data, IV_SIZE);
+ data += IV_SIZE;
+
+ DECR_LEN(data_size, 2);
+ ticket.encrypted_state_len = _gnutls_read_uint16(data);
+ data += 2;
+
+ encrypted_state = data;
+
+ DECR_LEN(data_size, ticket.encrypted_state_len);
+ data += ticket.encrypted_state_len;
+
+ DECR_LEN(data_size, MAC_SIZE);
+ memcpy(ticket.mac, data, MAC_SIZE);
+
+ ticket.encrypted_state =
+ gnutls_malloc(ticket.encrypted_state_len);
+ if (!ticket.encrypted_state) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy(ticket.encrypted_state, encrypted_state,
+ ticket.encrypted_state_len);
+
+ ret = decrypt_ticket(session, priv, &ticket);
+ gnutls_free(ticket.encrypted_state);
+ if (ret < 0) {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+ } else { /* Client */
+
+ if (data_size == 0) {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+ }
+
+ return 0;
}
/* returns a positive number if we send the extension data, (0) if we
do not want to send it, and a negative number on failure.
*/
static int
-session_ticket_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata)
+session_ticket_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
- int ret;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret >= 0)
- priv = epriv.ptr;
-
- if (priv == NULL || !priv->session_ticket_enable)
- return 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (priv && priv->session_ticket_renew)
- {
- return GNUTLS_E_INT_RET_0;
- }
- }
- else
- {
- ret =
- _gnutls_ext_get_resumed_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret >= 0)
- priv = epriv.ptr;
-
- /* no previous data. Just advertize it */
- if (ret < 0)
- return GNUTLS_E_INT_RET_0;
-
- /* previous data had session tickets disabled. Don't advertize. Ignore. */
- if (!priv->session_ticket_enable)
- return 0;
-
- if (priv->session_ticket_len > 0)
- {
- ret = _gnutls_buffer_append_data( extdata, priv->session_ticket, priv->session_ticket_len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return priv->session_ticket_len;
- }
- }
- return 0;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ if (priv == NULL || !priv->session_ticket_enable)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (priv && priv->session_ticket_renew) {
+ return GNUTLS_E_INT_RET_0;
+ }
+ } else {
+ ret =
+ _gnutls_ext_get_resumed_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ /* no previous data. Just advertize it */
+ if (ret < 0)
+ return GNUTLS_E_INT_RET_0;
+
+ /* previous data had session tickets disabled. Don't advertize. Ignore. */
+ if (!priv->session_ticket_enable)
+ return 0;
+
+ if (priv->session_ticket_len > 0) {
+ ret =
+ _gnutls_buffer_append_data(extdata,
+ priv->
+ session_ticket,
+ priv->
+ session_ticket_len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return priv->session_ticket_len;
+ }
+ }
+ return 0;
}
-static void
-session_ticket_deinit_data (extension_priv_data_t epriv)
+static void session_ticket_deinit_data(extension_priv_data_t epriv)
{
- session_ticket_ext_st *priv = epriv.ptr;
+ session_ticket_ext_st *priv = epriv.ptr;
- gnutls_free (priv->session_ticket);
- gnutls_free (priv);
+ gnutls_free(priv->session_ticket);
+ gnutls_free(priv);
}
static int
-session_ticket_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+session_ticket_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- session_ticket_ext_st *priv = epriv.ptr;
- int ret;
+ session_ticket_ext_st *priv = epriv.ptr;
+ int ret;
- BUFFER_APPEND_PFX4 (ps, priv->session_ticket, priv->session_ticket_len);
- BUFFER_APPEND_NUM (ps, priv->session_ticket_enable);
+ BUFFER_APPEND_PFX4(ps, priv->session_ticket,
+ priv->session_ticket_len);
+ BUFFER_APPEND_NUM(ps, priv->session_ticket_enable);
- return 0;
+ return 0;
}
static int
-session_ticket_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
+session_ticket_unpack(gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
- session_ticket_ext_st *priv = NULL;
- int ret;
- extension_priv_data_t epriv;
- gnutls_datum_t ticket;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_DATUM (ps, &ticket);
- priv->session_ticket = ticket.data;
- priv->session_ticket_len = ticket.size;
- BUFFER_POP_NUM (ps, priv->session_ticket_enable);
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ session_ticket_ext_st *priv = NULL;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum_t ticket;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_DATUM(ps, &ticket);
+ priv->session_ticket = ticket.data;
+ priv->session_ticket_len = ticket.size;
+ BUFFER_POP_NUM(ps, priv->session_ticket_enable);
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
@@ -475,10 +463,9 @@ error:
*
* Since: 2.10.0
**/
-int
-gnutls_session_ticket_key_generate (gnutls_datum_t * key)
+int gnutls_session_ticket_key_generate(gnutls_datum_t * key)
{
- return gnutls_key_generate(key, SESSION_KEY_SIZE);
+ return gnutls_key_generate(key, SESSION_KEY_SIZE);
}
/**
@@ -493,31 +480,29 @@ gnutls_session_ticket_key_generate (gnutls_datum_t * key)
*
* Since: 2.10.0
**/
-int
-gnutls_session_ticket_enable_client (gnutls_session_t session)
+int gnutls_session_ticket_enable_client(gnutls_session_t session)
{
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- if (!session)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- priv->session_ticket_enable = 1;
- epriv.ptr = priv;
-
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
-
- return 0;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (!session) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ priv->session_ticket_enable = 1;
+ epriv.ptr = priv;
+
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ epriv);
+
+ return 0;
}
/**
@@ -535,206 +520,211 @@ gnutls_session_ticket_enable_client (gnutls_session_t session)
* Since: 2.10.0
**/
int
-gnutls_session_ticket_enable_server (gnutls_session_t session,
- const gnutls_datum_t * key)
+gnutls_session_ticket_enable_server(gnutls_session_t session,
+ const gnutls_datum_t * key)
{
- int ret;
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- if (!session || !key
- || key->size != SESSION_KEY_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, priv->session_ticket_IV, IV_SIZE);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- memcpy (&priv->key, key->data, key->size);
- priv->session_ticket_enable = 1;
-
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
-
- return 0;
+ int ret;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (!session || !key || key->size != SESSION_KEY_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE, priv->session_ticket_IV,
+ IV_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ memcpy(&priv->key, key->data, key->size);
+ priv->session_ticket_enable = 1;
+
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ epriv);
+
+ return 0;
}
-int
-_gnutls_send_new_session_ticket (gnutls_session_t session, int again)
+int _gnutls_send_new_session_ticket(gnutls_session_t session, int again)
{
- mbuffer_st *bufel = NULL;
- uint8_t *data = NULL, *p;
- int data_size = 0;
- int ret;
- struct ticket ticket;
- uint16_t ticket_len;
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
- uint16_t epoch_saved = session->security_parameters.epoch_write;
-
- if (again == 0)
- {
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret < 0)
- return 0;
- priv = epriv.ptr;
-
- if (!priv->session_ticket_renew)
- return 0;
-
- /* XXX: Temporarily set write algorithms to be used.
- _gnutls_write_connection_state_init() does this job, but it also
- triggers encryption, while NewSessionTicket should not be
- encrypted in the record layer. */
- ret =
- _gnutls_epoch_set_keys (session,
- session->security_parameters.epoch_next);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- session->security_parameters.epoch_write =
- session->security_parameters.epoch_next;
-
- ret = encrypt_ticket (session, priv, &ticket);
- session->security_parameters.epoch_write = epoch_saved;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ticket_len = KEY_NAME_SIZE + IV_SIZE + 2 + ticket.encrypted_state_len
- + MAC_SIZE;
-
- bufel = _gnutls_handshake_alloc (session, 4 + 2 + ticket_len, 4+2+ticket_len);
- if (!bufel)
- {
- gnutls_assert ();
- gnutls_free (ticket.encrypted_state);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- data = _mbuffer_get_udata_ptr (bufel);
- p = data;
-
- _gnutls_write_uint32 (session->internals.expire_time, p);
- p += 4;
-
- _gnutls_write_uint16 (ticket_len, p);
- p += 2;
-
- memcpy (p, ticket.key_name, KEY_NAME_SIZE);
- p += KEY_NAME_SIZE;
-
- memcpy (p, ticket.IV, IV_SIZE);
- p += IV_SIZE;
-
- _gnutls_write_uint16 (ticket.encrypted_state_len, p);
- p += 2;
-
- memcpy (p, ticket.encrypted_state, ticket.encrypted_state_len);
- gnutls_free (ticket.encrypted_state);
- p += ticket.encrypted_state_len;
-
- memcpy (p, ticket.mac, MAC_SIZE);
- p += MAC_SIZE;
-
- data_size = p - data;
-
- session->internals.ticket_sent = 1;
- }
- return _gnutls_send_handshake (session, data_size ? bufel : NULL,
- GNUTLS_HANDSHAKE_NEW_SESSION_TICKET);
+ mbuffer_st *bufel = NULL;
+ uint8_t *data = NULL, *p;
+ int data_size = 0;
+ int ret;
+ struct ticket ticket;
+ uint16_t ticket_len;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ uint16_t epoch_saved = session->security_parameters.epoch_write;
+
+ if (again == 0) {
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0)
+ return 0;
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_renew)
+ return 0;
+
+ /* XXX: Temporarily set write algorithms to be used.
+ _gnutls_write_connection_state_init() does this job, but it also
+ triggers encryption, while NewSessionTicket should not be
+ encrypted in the record layer. */
+ ret =
+ _gnutls_epoch_set_keys(session,
+ session->security_parameters.
+ epoch_next);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ session->security_parameters.epoch_write =
+ session->security_parameters.epoch_next;
+
+ ret = encrypt_ticket(session, priv, &ticket);
+ session->security_parameters.epoch_write = epoch_saved;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ticket_len =
+ KEY_NAME_SIZE + IV_SIZE + 2 +
+ ticket.encrypted_state_len + MAC_SIZE;
+
+ bufel =
+ _gnutls_handshake_alloc(session, 4 + 2 + ticket_len,
+ 4 + 2 + ticket_len);
+ if (!bufel) {
+ gnutls_assert();
+ gnutls_free(ticket.encrypted_state);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ data = _mbuffer_get_udata_ptr(bufel);
+ p = data;
+
+ _gnutls_write_uint32(session->internals.expire_time, p);
+ p += 4;
+
+ _gnutls_write_uint16(ticket_len, p);
+ p += 2;
+
+ memcpy(p, ticket.key_name, KEY_NAME_SIZE);
+ p += KEY_NAME_SIZE;
+
+ memcpy(p, ticket.IV, IV_SIZE);
+ p += IV_SIZE;
+
+ _gnutls_write_uint16(ticket.encrypted_state_len, p);
+ p += 2;
+
+ memcpy(p, ticket.encrypted_state,
+ ticket.encrypted_state_len);
+ gnutls_free(ticket.encrypted_state);
+ p += ticket.encrypted_state_len;
+
+ memcpy(p, ticket.mac, MAC_SIZE);
+ p += MAC_SIZE;
+
+ data_size = p - data;
+
+ session->internals.ticket_sent = 1;
+ }
+ return _gnutls_send_handshake(session, data_size ? bufel : NULL,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET);
}
-int
-_gnutls_recv_new_session_ticket (gnutls_session_t session)
+int _gnutls_recv_new_session_ticket(gnutls_session_t session)
{
- uint8_t *p;
- int data_size;
- gnutls_buffer_st buf;
- uint16_t ticket_len;
- int ret;
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return 0;
- }
- priv = epriv.ptr;
-
- if (!priv->session_ticket_renew)
- return 0;
-
- ret = _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
- 0, &buf);
- if (ret < 0)
- return gnutls_assert_val_fatal(ret);
-
- p = buf.data;
- data_size = buf.length;
-
- DECR_LENGTH_COM (data_size, 4, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- /* skip over lifetime hint */
- p += 4;
-
- DECR_LENGTH_COM (data_size, 2, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- ticket_len = _gnutls_read_uint16 (p);
- p += 2;
-
- DECR_LENGTH_COM (data_size, ticket_len, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- priv->session_ticket = gnutls_realloc_fast (priv->session_ticket, ticket_len);
- if (!priv->session_ticket)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- memcpy (priv->session_ticket, p, ticket_len);
- priv->session_ticket_len = ticket_len;
-
- /* Discard the current session ID. (RFC5077 3.4) */
- ret = _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (priv->session_ticket);
- priv->session_ticket = NULL;
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto error;
- }
- ret = 0;
-
-error:
- _gnutls_buffer_clear (&buf);
-
- return ret;
+ uint8_t *p;
+ int data_size;
+ gnutls_buffer_st buf;
+ uint16_t ticket_len;
+ int ret;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_renew)
+ return 0;
+
+ ret = _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
+ 0, &buf);
+ if (ret < 0)
+ return gnutls_assert_val_fatal(ret);
+
+ p = buf.data;
+ data_size = buf.length;
+
+ DECR_LENGTH_COM(data_size, 4, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ /* skip over lifetime hint */
+ p += 4;
+
+ DECR_LENGTH_COM(data_size, 2, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ ticket_len = _gnutls_read_uint16(p);
+ p += 2;
+
+ DECR_LENGTH_COM(data_size, ticket_len, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ priv->session_ticket =
+ gnutls_realloc_fast(priv->session_ticket, ticket_len);
+ if (!priv->session_ticket) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ memcpy(priv->session_ticket, p, ticket_len);
+ priv->session_ticket_len = ticket_len;
+
+ /* Discard the current session ID. (RFC5077 3.4) */
+ ret =
+ _gnutls_generate_session_id(session->security_parameters.
+ session_id,
+ &session->security_parameters.
+ session_id_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(priv->session_ticket);
+ priv->session_ticket = NULL;
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+ }
+ ret = 0;
+
+ error:
+ _gnutls_buffer_clear(&buf);
+
+ return ret;
}
diff --git a/lib/ext/session_ticket.h b/lib/ext/session_ticket.h
index bf10a9f054..8c76a7a271 100644
--- a/lib/ext/session_ticket.h
+++ b/lib/ext/session_ticket.h
@@ -27,7 +27,7 @@
extern extension_entry_st ext_mod_session_ticket;
-int _gnutls_send_new_session_ticket (gnutls_session_t session, int again);
-int _gnutls_recv_new_session_ticket (gnutls_session_t session);
+int _gnutls_send_new_session_ticket(gnutls_session_t session, int again);
+int _gnutls_recv_new_session_ticket(gnutls_session_t session);
#endif
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 69ce76f1d4..799a08aaf1 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -34,78 +34,85 @@
#include <algorithms.h>
#include <abstract_int.h>
-static int _gnutls_signature_algorithm_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_signature_algorithm_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata);
-static void signature_algorithms_deinit_data (extension_priv_data_t priv);
-static int signature_algorithms_pack (extension_priv_data_t epriv,
- gnutls_buffer_st * ps);
-static int signature_algorithms_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
+static int _gnutls_signature_algorithm_recv_params(gnutls_session_t
+ session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_signature_algorithm_send_params(gnutls_session_t
+ session,
+ gnutls_buffer_st *
+ extdata);
+static void signature_algorithms_deinit_data(extension_priv_data_t priv);
+static int signature_algorithms_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps);
+static int signature_algorithms_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
extension_entry_st ext_mod_sig = {
- .name = "SIGNATURE ALGORITHMS",
- .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_signature_algorithm_recv_params,
- .send_func = _gnutls_signature_algorithm_send_params,
- .pack_func = signature_algorithms_pack,
- .unpack_func = signature_algorithms_unpack,
- .deinit_func = signature_algorithms_deinit_data,
+ .name = "SIGNATURE ALGORITHMS",
+ .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_signature_algorithm_recv_params,
+ .send_func = _gnutls_signature_algorithm_send_params,
+ .pack_func = signature_algorithms_pack,
+ .unpack_func = signature_algorithms_unpack,
+ .deinit_func = signature_algorithms_deinit_data,
};
-typedef struct
-{
- /* TLS 1.2 signature algorithms */
- gnutls_sign_algorithm_t sign_algorithms[MAX_SIGNATURE_ALGORITHMS];
- uint16_t sign_algorithms_size;
+typedef struct {
+ /* TLS 1.2 signature algorithms */
+ gnutls_sign_algorithm_t sign_algorithms[MAX_SIGNATURE_ALGORITHMS];
+ uint16_t sign_algorithms_size;
} sig_ext_st;
/* generates a SignatureAndHashAlgorithm structure with length as prefix
* by using the setup priorities.
*/
int
-_gnutls_sign_algorithm_write_params (gnutls_session_t session, uint8_t * data,
- size_t max_data_size)
+_gnutls_sign_algorithm_write_params(gnutls_session_t session,
+ uint8_t * data, size_t max_data_size)
{
- uint8_t *p = data, *len_p;
- unsigned int len, i, j;
- const sign_algorithm_st *aid;
-
- if (max_data_size < (session->internals.priorities.sign_algo.algorithms*2) + 2)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- len = 0;
- len_p = p;
-
- p += 2;
-
- for (i = j = 0; j < session->internals.priorities.sign_algo.algorithms; i += 2, j++)
- {
- aid =
- _gnutls_sign_to_tls_aid (session->internals.priorities.
- sign_algo.priority[j]);
-
- if (aid == NULL)
- continue;
-
- _gnutls_handshake_log ("EXT[%p]: sent signature algo (%d.%d) %s\n", session, aid->hash_algorithm,
- aid->sign_algorithm, gnutls_sign_get_name(session->internals.priorities.sign_algo.priority[j]));
- *p = aid->hash_algorithm;
- p++;
- *p = aid->sign_algorithm;
- p++;
- len+=2;
- }
-
- _gnutls_write_uint16 (len, len_p);
- return len + 2;
+ uint8_t *p = data, *len_p;
+ unsigned int len, i, j;
+ const sign_algorithm_st *aid;
+
+ if (max_data_size <
+ (session->internals.priorities.sign_algo.algorithms * 2) + 2) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ len = 0;
+ len_p = p;
+
+ p += 2;
+
+ for (i = j = 0;
+ j < session->internals.priorities.sign_algo.algorithms;
+ i += 2, j++) {
+ aid =
+ _gnutls_sign_to_tls_aid(session->internals.
+ priorities.sign_algo.
+ priority[j]);
+
+ if (aid == NULL)
+ continue;
+
+ _gnutls_handshake_log
+ ("EXT[%p]: sent signature algo (%d.%d) %s\n", session,
+ aid->hash_algorithm, aid->sign_algorithm,
+ gnutls_sign_get_name(session->internals.priorities.
+ sign_algo.priority[j]));
+ *p = aid->hash_algorithm;
+ p++;
+ *p = aid->sign_algorithm;
+ p++;
+ len += 2;
+ }
+
+ _gnutls_write_uint16(len, len_p);
+ return len + 2;
}
@@ -113,45 +120,48 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t session, uint8_t * data,
* session->security_parameters.extensions.
*/
int
-_gnutls_sign_algorithm_parse_data (gnutls_session_t session,
- const uint8_t * data, size_t data_size)
+_gnutls_sign_algorithm_parse_data(gnutls_session_t session,
+ const uint8_t * data, size_t data_size)
{
- unsigned int sig, i;
- sig_ext_st *priv;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i = 0; i < data_size; i += 2)
- {
- sign_algorithm_st aid;
-
- aid.hash_algorithm = data[i];
- aid.sign_algorithm = data[i + 1];
-
- sig = _gnutls_tls_aid_to_sign (&aid);
-
- _gnutls_handshake_log ("EXT[%p]: rcvd signature algo (%d.%d) %s\n", session, aid.hash_algorithm,
- aid.sign_algorithm, gnutls_sign_get_name(sig));
-
- if (sig != GNUTLS_SIGN_UNKNOWN)
- {
- priv->sign_algorithms[priv->sign_algorithms_size++] = sig;
- if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS)
- break;
- }
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv);
-
- return 0;
+ unsigned int sig, i;
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < data_size; i += 2) {
+ sign_algorithm_st aid;
+
+ aid.hash_algorithm = data[i];
+ aid.sign_algorithm = data[i + 1];
+
+ sig = _gnutls_tls_aid_to_sign(&aid);
+
+ _gnutls_handshake_log
+ ("EXT[%p]: rcvd signature algo (%d.%d) %s\n", session,
+ aid.hash_algorithm, aid.sign_algorithm,
+ gnutls_sign_get_name(sig));
+
+ if (sig != GNUTLS_SIGN_UNKNOWN) {
+ priv->sign_algorithms[priv->
+ sign_algorithms_size++] =
+ sig;
+ if (priv->sign_algorithms_size ==
+ MAX_SIGNATURE_ALGORITHMS)
+ break;
+ }
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ epriv);
+
+ return 0;
}
/*
@@ -164,131 +174,131 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
*/
static int
-_gnutls_signature_algorithm_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t _data_size)
+_gnutls_signature_algorithm_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t _data_size)
{
- ssize_t data_size = _data_size;
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- /* nothing for now */
- gnutls_assert ();
- /* Although TLS 1.2 mandates that we must not accept reply
- * to this message, there are good reasons to just ignore it. Check
- * http://www.ietf.org/mail-archive/web/tls/current/msg03880.html
- */
- /* return GNUTLS_E_UNEXPECTED_PACKET; */
- }
- else
- {
- /* SERVER SIDE - we must check if the sent cert type is the right one
- */
- if (data_size > 2)
- {
- uint16_t len;
-
- DECR_LEN (data_size, 2);
- len = _gnutls_read_uint16 (data);
- DECR_LEN (data_size, len);
-
- ret = _gnutls_sign_algorithm_parse_data (session, data + 2, len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- }
-
- return 0;
+ ssize_t data_size = _data_size;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ /* nothing for now */
+ gnutls_assert();
+ /* Although TLS 1.2 mandates that we must not accept reply
+ * to this message, there are good reasons to just ignore it. Check
+ * http://www.ietf.org/mail-archive/web/tls/current/msg03880.html
+ */
+ /* return GNUTLS_E_UNEXPECTED_PACKET; */
+ } else {
+ /* SERVER SIDE - we must check if the sent cert type is the right one
+ */
+ if (data_size > 2) {
+ uint16_t len;
+
+ DECR_LEN(data_size, 2);
+ len = _gnutls_read_uint16(data);
+ DECR_LEN(data_size, len);
+
+ ret =
+ _gnutls_sign_algorithm_parse_data(session,
+ data + 2,
+ len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_signature_algorithm_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_signature_algorithm_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- int ret;
- size_t init_length = extdata->length;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* this function sends the client extension data */
- if (session->security_parameters.entity == GNUTLS_CLIENT
- && _gnutls_version_has_selectable_sighash (ver))
- {
- if (session->internals.priorities.sign_algo.algorithms > 0)
- {
- uint8_t p[MAX_SIGN_ALGO_SIZE];
-
- ret =
- _gnutls_sign_algorithm_write_params (session, p, sizeof(p));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data(extdata, p, ret);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return extdata->length - init_length;
- }
- }
-
- /* if we are here it means we don't send the extension */
- return 0;
+ int ret;
+ size_t init_length = extdata->length;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* this function sends the client extension data */
+ if (session->security_parameters.entity == GNUTLS_CLIENT
+ && _gnutls_version_has_selectable_sighash(ver)) {
+ if (session->internals.priorities.sign_algo.algorithms > 0) {
+ uint8_t p[MAX_SIGN_ALGO_SIZE];
+
+ ret =
+ _gnutls_sign_algorithm_write_params(session, p,
+ sizeof(p));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_append_data(extdata, p, ret);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return extdata->length - init_length;
+ }
+ }
+
+ /* if we are here it means we don't send the extension */
+ return 0;
}
/* Returns a requested by the peer signature algorithm that
* matches the given certificate's public key algorithm.
*/
gnutls_sign_algorithm_t
-_gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert)
+_gnutls_session_get_sign_algo(gnutls_session_t session,
+ gnutls_pcert_st * cert)
{
- unsigned i;
- int ret;
- const version_entry_st* ver = get_version (session);
- sig_ext_st *priv;
- extension_priv_data_t epriv;
- unsigned int cert_algo;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- cert_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
-
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
- priv = epriv.ptr;
-
- if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver)
- || priv->sign_algorithms_size == 0)
- /* none set, allow SHA-1 only */
- {
- return gnutls_pk_to_sign (cert_algo, GNUTLS_DIG_SHA1);
- }
-
- for (i = 0; i < priv->sign_algorithms_size; i++)
- {
- if (gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == cert_algo)
- {
- if (_gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver, priv->sign_algorithms[i]) < 0)
- continue;
-
- if (_gnutls_session_sign_algo_enabled(session, priv->sign_algorithms[i]) < 0)
- continue;
-
- return priv->sign_algorithms[i];
- }
- }
-
- return GNUTLS_SIGN_UNKNOWN;
+ unsigned i;
+ int ret;
+ const version_entry_st *ver = get_version(session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+ unsigned int cert_algo;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ cert_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ priv = epriv.ptr;
+
+ if (ret < 0 || !_gnutls_version_has_selectable_sighash(ver)
+ || priv->sign_algorithms_size == 0)
+ /* none set, allow SHA-1 only */
+ {
+ return gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
+ }
+
+ for (i = 0; i < priv->sign_algorithms_size; i++) {
+ if (gnutls_sign_get_pk_algorithm(priv->sign_algorithms[i])
+ == cert_algo) {
+ if (_gnutls_pubkey_compatible_with_sig
+ (session, cert->pubkey, ver,
+ priv->sign_algorithms[i]) < 0)
+ continue;
+
+ if (_gnutls_session_sign_algo_enabled
+ (session, priv->sign_algorithms[i]) < 0)
+ continue;
+
+ return priv->sign_algorithms[i];
+ }
+ }
+
+ return GNUTLS_SIGN_UNKNOWN;
}
/* Check if the given signature algorithm is supported.
@@ -296,96 +306,92 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert)
* and in case of a server a matching certificate exists.
*/
int
-_gnutls_session_sign_algo_enabled (gnutls_session_t session,
- gnutls_sign_algorithm_t sig)
+_gnutls_session_sign_algo_enabled(gnutls_session_t session,
+ gnutls_sign_algorithm_t sig)
{
- unsigned i;
- int ret;
- const version_entry_st* ver = get_version (session);
- sig_ext_st *priv;
- extension_priv_data_t epriv;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return 0;
- }
- priv = epriv.ptr;
-
- if (!_gnutls_version_has_selectable_sighash (ver)
- || priv->sign_algorithms_size == 0)
- /* none set, allow all */
- {
- return 0;
- }
-
- for (i = 0; i < session->internals.priorities.sign_algo.algorithms; i++)
- {
- if (session->internals.priorities.sign_algo.priority[i] == sig)
- {
- return 0; /* ok */
- }
- }
-
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ unsigned i;
+ int ret;
+ const version_entry_st *ver = get_version(session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!_gnutls_version_has_selectable_sighash(ver)
+ || priv->sign_algorithms_size == 0)
+ /* none set, allow all */
+ {
+ return 0;
+ }
+
+ for (i = 0; i < session->internals.priorities.sign_algo.algorithms;
+ i++) {
+ if (session->internals.priorities.sign_algo.priority[i] ==
+ sig) {
+ return 0; /* ok */
+ }
+ }
+
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
-static void
-signature_algorithms_deinit_data (extension_priv_data_t priv)
+static void signature_algorithms_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
static int
-signature_algorithms_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+signature_algorithms_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps)
{
- sig_ext_st *priv = epriv.ptr;
- int ret, i;
-
- BUFFER_APPEND_NUM (ps, priv->sign_algorithms_size);
- for (i = 0; i < priv->sign_algorithms_size; i++)
- {
- BUFFER_APPEND_NUM (ps, priv->sign_algorithms[i]);
- }
- return 0;
+ sig_ext_st *priv = epriv.ptr;
+ int ret, i;
+
+ BUFFER_APPEND_NUM(ps, priv->sign_algorithms_size);
+ for (i = 0; i < priv->sign_algorithms_size; i++) {
+ BUFFER_APPEND_NUM(ps, priv->sign_algorithms[i]);
+ }
+ return 0;
}
static int
-signature_algorithms_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+signature_algorithms_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
- sig_ext_st *priv;
- int i, ret;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_NUM (ps, priv->sign_algorithms_size);
- for (i = 0; i < priv->sign_algorithms_size; i++)
- {
- BUFFER_POP_NUM (ps, priv->sign_algorithms[i]);
- }
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ sig_ext_st *priv;
+ int i, ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM(ps, priv->sign_algorithms_size);
+ for (i = 0; i < priv->sign_algorithms_size; i++) {
+ BUFFER_POP_NUM(ps, priv->sign_algorithms[i]);
+ }
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
@@ -412,42 +418,38 @@ error:
* Since: 2.10.0
**/
int
-gnutls_sign_algorithm_get_requested (gnutls_session_t session,
- size_t indx,
- gnutls_sign_algorithm_t * algo)
+gnutls_sign_algorithm_get_requested(gnutls_session_t session,
+ size_t indx,
+ gnutls_sign_algorithm_t * algo)
{
- const version_entry_st* ver = get_version (session);
- sig_ext_st *priv;
- extension_priv_data_t epriv;
- int ret;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- priv = epriv.ptr;
-
- if (!_gnutls_version_has_selectable_sighash (ver)
- || priv->sign_algorithms_size == 0)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (indx < priv->sign_algorithms_size)
- {
- *algo = priv->sign_algorithms[indx];
- return 0;
- }
- else
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ const version_entry_st *ver = get_version(session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+ int ret;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ priv = epriv.ptr;
+
+ if (!_gnutls_version_has_selectable_sighash(ver)
+ || priv->sign_algorithms_size == 0) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (indx < priv->sign_algorithms_size) {
+ *algo = priv->sign_algorithms[indx];
+ return 0;
+ } else
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
/**
@@ -461,10 +463,9 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session,
*
* Since: 3.1.1
**/
-int
-gnutls_sign_algorithm_get (gnutls_session_t session)
+int gnutls_sign_algorithm_get(gnutls_session_t session)
{
- return session->security_parameters.server_sign_algo;
+ return session->security_parameters.server_sign_algo;
}
/**
@@ -478,8 +479,7 @@ gnutls_sign_algorithm_get (gnutls_session_t session)
*
* Since: 3.1.11
**/
-int
-gnutls_sign_algorithm_get_client (gnutls_session_t session)
+int gnutls_sign_algorithm_get_client(gnutls_session_t session)
{
- return session->security_parameters.client_sign_algo;
+ return session->security_parameters.client_sign_algo;
}
diff --git a/lib/ext/signature.h b/lib/ext/signature.h
index 55e9540cc2..93858ef725 100644
--- a/lib/ext/signature.h
+++ b/lib/ext/signature.h
@@ -30,23 +30,28 @@
extern extension_entry_st ext_mod_sig;
gnutls_sign_algorithm_t
-_gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert);
-int _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
- const uint8_t * data, size_t data_size);
-int _gnutls_sign_algorithm_write_params (gnutls_session_t session,
- uint8_t * data, size_t max_data_size);
-int _gnutls_session_sign_algo_enabled (gnutls_session_t session,
- gnutls_sign_algorithm_t sig);
+_gnutls_session_get_sign_algo(gnutls_session_t session,
+ gnutls_pcert_st * cert);
+int _gnutls_sign_algorithm_parse_data(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+int _gnutls_sign_algorithm_write_params(gnutls_session_t session,
+ uint8_t * data,
+ size_t max_data_size);
+int _gnutls_session_sign_algo_enabled(gnutls_session_t session,
+ gnutls_sign_algorithm_t sig);
-static inline void
-gnutls_sign_algorithm_set_server (gnutls_session_t session, gnutls_sign_algorithm_t sign)
+static inline void
+gnutls_sign_algorithm_set_server(gnutls_session_t session,
+ gnutls_sign_algorithm_t sign)
{
- session->security_parameters.server_sign_algo = sign;
+ session->security_parameters.server_sign_algo = sign;
}
-static inline void
-gnutls_sign_algorithm_set_client (gnutls_session_t session, gnutls_sign_algorithm_t sign)
+static inline void
+gnutls_sign_algorithm_set_client(gnutls_session_t session,
+ gnutls_sign_algorithm_t sign)
{
- session->security_parameters.client_sign_algo = sign;
+ session->security_parameters.client_sign_algo = sign;
}
#endif
diff --git a/lib/ext/srp.c b/lib/ext/srp.c
index 403abd8d72..7dd98df74e 100644
--- a/lib/ext/srp.c
+++ b/lib/ext/srp.c
@@ -32,238 +32,237 @@
#include <gnutls_num.h>
#include <gnutls_extensions.h>
-static int _gnutls_srp_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_srp_pack (extension_priv_data_t epriv,
- gnutls_buffer_st * ps);
-static void _gnutls_srp_deinit_data (extension_priv_data_t epriv);
-static int _gnutls_srp_recv_params (gnutls_session_t state,
- const uint8_t * data, size_t data_size);
-static int _gnutls_srp_send_params (gnutls_session_t state, gnutls_buffer_st * extdata);
+static int _gnutls_srp_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_srp_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps);
+static void _gnutls_srp_deinit_data(extension_priv_data_t epriv);
+static int _gnutls_srp_recv_params(gnutls_session_t state,
+ const uint8_t * data, size_t data_size);
+static int _gnutls_srp_send_params(gnutls_session_t state,
+ gnutls_buffer_st * extdata);
extension_entry_st ext_mod_srp = {
- .name = "SRP",
- .type = GNUTLS_EXTENSION_SRP,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_srp_recv_params,
- .send_func = _gnutls_srp_send_params,
- .pack_func = _gnutls_srp_pack,
- .unpack_func = _gnutls_srp_unpack,
- .deinit_func = _gnutls_srp_deinit_data
+ .name = "SRP",
+ .type = GNUTLS_EXTENSION_SRP,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_srp_recv_params,
+ .send_func = _gnutls_srp_send_params,
+ .pack_func = _gnutls_srp_pack,
+ .unpack_func = _gnutls_srp_unpack,
+ .deinit_func = _gnutls_srp_deinit_data
};
static int
-_gnutls_srp_recv_params (gnutls_session_t session, const uint8_t * data,
- size_t _data_size)
+_gnutls_srp_recv_params(gnutls_session_t session, const uint8_t * data,
+ size_t _data_size)
{
- uint8_t len;
- ssize_t data_size = _data_size;
- extension_priv_data_t epriv;
- srp_ext_st *priv;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (data_size > 0)
- {
- len = data[0];
- DECR_LEN (data_size, len);
-
- if (MAX_USERNAME_SIZE < len)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- priv->username = gnutls_malloc (len + 1);
- if (priv->username)
- {
- memcpy (priv->username, &data[1], len);
- /* null terminated */
- priv->username[len] = 0;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
- }
- }
- return 0;
+ uint8_t len;
+ ssize_t data_size = _data_size;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (data_size > 0) {
+ len = data[0];
+ DECR_LEN(data_size, len);
+
+ if (MAX_USERNAME_SIZE < len) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->username = gnutls_malloc(len + 1);
+ if (priv->username) {
+ memcpy(priv->username, &data[1], len);
+ /* null terminated */
+ priv->username[len] = 0;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRP,
+ epriv);
+ }
+ }
+ return 0;
}
/* returns data_size or a negative number on failure
* data is allocated locally
*/
static int
-_gnutls_srp_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata)
+_gnutls_srp_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned len;
- int ret;
- extension_priv_data_t epriv;
- srp_ext_st *priv = NULL;
- char *username = NULL, *password = NULL;
-
- if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 &&
- _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 &&
- _gnutls_kx_priority (session, GNUTLS_KX_SRP_RSA) < 0)
- {
- /* algorithm was not allowed in this session
- */
- return 0;
- }
-
- /* this function sends the client extension data (username) */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
-
- if (cred == NULL)
- return 0;
-
- priv = gnutls_malloc (sizeof (*priv));
- if (priv == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- if (cred->username != NULL)
- { /* send username */
- len = MIN (strlen (cred->username), 255);
-
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, cred->username, len);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- priv->username = strdup(cred->username);
- if (priv->username == NULL)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- priv->password = strdup(cred->password);
- if (priv->password == NULL)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
-
- return len + 1;
- }
- else if (cred->get_function != NULL)
- {
- /* Try the callback
- */
-
- if (cred->get_function (session, &username, &password) < 0
- || username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- len = MIN (strlen (username), 255);
-
- priv->username = username;
- priv->password = password;
-
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, username, len);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
-
- return len + 1;
- }
- }
- return 0;
-
-cleanup:
- gnutls_free (username);
- gnutls_free (password);
- gnutls_free (priv);
-
- return ret;
+ unsigned len;
+ int ret;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv = NULL;
+ char *username = NULL, *password = NULL;
+
+ if (_gnutls_kx_priority(session, GNUTLS_KX_SRP) < 0 &&
+ _gnutls_kx_priority(session, GNUTLS_KX_SRP_DSS) < 0 &&
+ _gnutls_kx_priority(session, GNUTLS_KX_SRP_RSA) < 0) {
+ /* algorithm was not allowed in this session
+ */
+ return 0;
+ }
+
+ /* this function sends the client extension data (username) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ gnutls_srp_client_credentials_t cred =
+ (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL)
+ return 0;
+
+ priv = gnutls_malloc(sizeof(*priv));
+ if (priv == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ if (cred->username != NULL) { /* send username */
+ len = MIN(strlen(cred->username), 255);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8,
+ cred->
+ username,
+ len);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ priv->username = strdup(cred->username);
+ if (priv->username == NULL) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ priv->password = strdup(cred->password);
+ if (priv->password == NULL) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRP,
+ epriv);
+
+ return len + 1;
+ } else if (cred->get_function != NULL) {
+ /* Try the callback
+ */
+
+ if (cred->
+ get_function(session, &username, &password) < 0
+ || username == NULL || password == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ len = MIN(strlen(username), 255);
+
+ priv->username = username;
+ priv->password = password;
+
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8,
+ username,
+ len);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRP,
+ epriv);
+
+ return len + 1;
+ }
+ }
+ return 0;
+
+ cleanup:
+ gnutls_free(username);
+ gnutls_free(password);
+ gnutls_free(priv);
+
+ return ret;
}
-static void
-_gnutls_srp_deinit_data (extension_priv_data_t epriv)
+static void _gnutls_srp_deinit_data(extension_priv_data_t epriv)
{
- srp_ext_st *priv = epriv.ptr;
+ srp_ext_st *priv = epriv.ptr;
- gnutls_free (priv->username);
- gnutls_free (priv->password);
- gnutls_free (priv);
+ gnutls_free(priv->username);
+ gnutls_free(priv->password);
+ gnutls_free(priv);
}
static int
-_gnutls_srp_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_srp_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- srp_ext_st *priv = epriv.ptr;
- int ret;
- int password_len = 0, username_len = 0;
+ srp_ext_st *priv = epriv.ptr;
+ int ret;
+ int password_len = 0, username_len = 0;
- if (priv->username)
- username_len = strlen (priv->username);
+ if (priv->username)
+ username_len = strlen(priv->username);
- if (priv->password)
- password_len = strlen (priv->password);
+ if (priv->password)
+ password_len = strlen(priv->password);
- BUFFER_APPEND_PFX4 (ps, priv->username, username_len);
- BUFFER_APPEND_PFX4 (ps, priv->password, password_len);
+ BUFFER_APPEND_PFX4(ps, priv->username, username_len);
+ BUFFER_APPEND_PFX4(ps, priv->password, password_len);
- return 0;
+ return 0;
}
static int
-_gnutls_srp_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
+_gnutls_srp_unpack(gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
- srp_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
- gnutls_datum_t username = { NULL, 0 };
- gnutls_datum_t password = { NULL, 0 };
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_DATUM (ps, &username);
- BUFFER_POP_DATUM (ps, &password);
-
- priv->username = (char*)username.data;
- priv->password = (char*)password.data;
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- _gnutls_free_datum (&username);
- _gnutls_free_datum (&password);
- return ret;
+ srp_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum_t username = { NULL, 0 };
+ gnutls_datum_t password = { NULL, 0 };
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_DATUM(ps, &username);
+ BUFFER_POP_DATUM(ps, &password);
+
+ priv->username = (char *) username.data;
+ priv->password = (char *) password.data;
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&password);
+ return ret;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/ext/srp.h b/lib/ext/srp.h
index 432dbc8c3c..77e275dfc1 100644
--- a/lib/ext/srp.h
+++ b/lib/ext/srp.h
@@ -32,10 +32,9 @@
extern extension_entry_st ext_mod_srp;
-typedef struct
-{
- char *username;
- char *password;
+typedef struct {
+ char *username;
+ char *password;
} srp_ext_st;
#endif
diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c
index 0953da4d45..bb21f60850 100644
--- a/lib/ext/srtp.c
+++ b/lib/ext/srtp.c
@@ -26,100 +26,89 @@
#include "gnutls_num.h"
#include <ext/srtp.h>
-static int _gnutls_srtp_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_srtp_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
+static int _gnutls_srtp_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_srtp_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
-static int _gnutls_srtp_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_srtp_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
-static void _gnutls_srtp_deinit_data (extension_priv_data_t priv);
+static int _gnutls_srtp_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_srtp_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void _gnutls_srtp_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_srtp = {
- .name = "SRTP",
- .type = GNUTLS_EXTENSION_SRTP,
- .parse_type = GNUTLS_EXT_APPLICATION,
-
- .recv_func = _gnutls_srtp_recv_params,
- .send_func = _gnutls_srtp_send_params,
- .pack_func = _gnutls_srtp_pack,
- .unpack_func = _gnutls_srtp_unpack,
- .deinit_func = _gnutls_srtp_deinit_data,
+ .name = "SRTP",
+ .type = GNUTLS_EXTENSION_SRTP,
+ .parse_type = GNUTLS_EXT_APPLICATION,
+
+ .recv_func = _gnutls_srtp_recv_params,
+ .send_func = _gnutls_srtp_send_params,
+ .pack_func = _gnutls_srtp_pack,
+ .unpack_func = _gnutls_srtp_unpack,
+ .deinit_func = _gnutls_srtp_deinit_data,
};
-typedef struct
-{
- const char *name;
- gnutls_srtp_profile_t id;
- unsigned int key_length;
- unsigned int salt_length;
+typedef struct {
+ const char *name;
+ gnutls_srtp_profile_t id;
+ unsigned int key_length;
+ unsigned int salt_length;
} srtp_profile_st;
static const srtp_profile_st profile_names[] = {
- {
- "SRTP_AES128_CM_HMAC_SHA1_80",
- GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80,
- 16,14
- },
- {
- "SRTP_AES128_CM_HMAC_SHA1_32",
- GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32,
- 16,14
- },
- {
- "SRTP_NULL_HMAC_SHA1_80",
- GNUTLS_SRTP_NULL_HMAC_SHA1_80,
- 16,14
- },
- {
- "SRTP_NULL_SHA1_32",
- GNUTLS_SRTP_NULL_HMAC_SHA1_32,
- 16,14
- },
- {
- NULL,
- 0,0,0
- }
+ {
+ "SRTP_AES128_CM_HMAC_SHA1_80",
+ GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80,
+ 16, 14},
+ {
+ "SRTP_AES128_CM_HMAC_SHA1_32",
+ GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32,
+ 16, 14},
+ {
+ "SRTP_NULL_HMAC_SHA1_80",
+ GNUTLS_SRTP_NULL_HMAC_SHA1_80,
+ 16, 14},
+ {
+ "SRTP_NULL_SHA1_32",
+ GNUTLS_SRTP_NULL_HMAC_SHA1_32,
+ 16, 14},
+ {
+ NULL,
+ 0, 0, 0}
};
-static const srtp_profile_st *get_profile (gnutls_srtp_profile_t profile)
+static const srtp_profile_st *get_profile(gnutls_srtp_profile_t profile)
{
- const srtp_profile_st *p = profile_names;
- while (p->name != NULL)
- {
- if (p->id == profile)
- return p;
- p++;
- }
- return NULL;
+ const srtp_profile_st *p = profile_names;
+ while (p->name != NULL) {
+ if (p->id == profile)
+ return p;
+ p++;
+ }
+ return NULL;
}
-static gnutls_srtp_profile_t find_profile (const char *str, const char *end)
+static gnutls_srtp_profile_t find_profile(const char *str, const char *end)
{
- const srtp_profile_st *prof = profile_names;
- unsigned int len;
- if (end != NULL)
- {
- len = end - str;
- }
- else
- {
- len = strlen (str);
- }
-
- while (prof->name != NULL)
- {
- if (strlen (prof->name) == len && !strncmp (str, prof->name, len))
- {
- return prof->id;
- }
- prof++;
- }
- return 0;
+ const srtp_profile_st *prof = profile_names;
+ unsigned int len;
+ if (end != NULL) {
+ len = end - str;
+ } else {
+ len = strlen(str);
+ }
+
+ while (prof->name != NULL) {
+ if (strlen(prof->name) == len
+ && !strncmp(str, prof->name, len)) {
+ return prof->id;
+ }
+ prof++;
+ }
+ return 0;
}
/**
@@ -134,15 +123,14 @@ static gnutls_srtp_profile_t find_profile (const char *str, const char *end)
*
* Since 3.1.4
**/
-int gnutls_srtp_get_profile_id (const char *name,
- gnutls_srtp_profile_t *profile)
+int gnutls_srtp_get_profile_id(const char *name,
+ gnutls_srtp_profile_t * profile)
{
- *profile = find_profile (name, NULL);
- if (*profile == 0)
- {
- return GNUTLS_E_ILLEGAL_PARAMETER;
- }
- return 0;
+ *profile = find_profile(name, NULL);
+ if (*profile == 0) {
+ return GNUTLS_E_ILLEGAL_PARAMETER;
+ }
+ return 0;
}
#define MAX_PROFILES_IN_SRTP_EXTENSION 256
@@ -159,144 +147,147 @@ int gnutls_srtp_get_profile_id (const char *name,
*
* Since 3.1.4
**/
-const char *gnutls_srtp_get_profile_name (gnutls_srtp_profile_t profile)
+const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile)
{
- const srtp_profile_st *p = get_profile(profile);
-
- if (p != NULL)
- return p->name;
-
- return NULL;
+ const srtp_profile_st *p = get_profile(profile);
+
+ if (p != NULL)
+ return p->name;
+
+ return NULL;
}
static int
-_gnutls_srtp_recv_params (gnutls_session_t session,
- const uint8_t *data, size_t _data_size)
+_gnutls_srtp_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- unsigned int i;
- int ret;
- const uint8_t *p = data;
- int len;
- ssize_t data_size = _data_size;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
- uint16_t profile;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- DECR_LENGTH_RET (data_size, 2, 0);
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- if (len+1 > data_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (len > MAX_PROFILES_IN_SRTP_EXTENSION*2)
- return 0;
- }
- else
- {
- if (len != 2)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- }
-
- priv->selected_profile = 0;
-
- while (len > 0)
- {
- DECR_LEN (data_size, 2);
- profile = _gnutls_read_uint16 (p);
-
- for (i = 0; i < priv->profiles_size && priv->selected_profile == 0; i++)
- {
- if (priv->profiles[i] == profile)
- {
- priv->selected_profile = profile;
- break;
- }
- }
- p += 2;
- len -= 2;
- }
-
- DECR_LEN (data_size, 1);
- priv->mki_size = *p;
- p++;
-
- if (priv->mki_size > 0)
- {
- DECR_LEN (data_size, priv->mki_size);
- memcpy(priv->mki, p, priv->mki_size);
- priv->mki_received = 1;
- }
-
- return 0;
+ unsigned int i;
+ int ret;
+ const uint8_t *p = data;
+ int len;
+ ssize_t data_size = _data_size;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+ uint16_t profile;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ DECR_LENGTH_RET(data_size, 2, 0);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ if (len + 1 > data_size)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (len > MAX_PROFILES_IN_SRTP_EXTENSION * 2)
+ return 0;
+ } else {
+ if (len != 2)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ }
+
+ priv->selected_profile = 0;
+
+ while (len > 0) {
+ DECR_LEN(data_size, 2);
+ profile = _gnutls_read_uint16(p);
+
+ for (i = 0;
+ i < priv->profiles_size
+ && priv->selected_profile == 0; i++) {
+ if (priv->profiles[i] == profile) {
+ priv->selected_profile = profile;
+ break;
+ }
+ }
+ p += 2;
+ len -= 2;
+ }
+
+ DECR_LEN(data_size, 1);
+ priv->mki_size = *p;
+ p++;
+
+ if (priv->mki_size > 0) {
+ DECR_LEN(data_size, priv->mki_size);
+ memcpy(priv->mki, p, priv->mki_size);
+ priv->mki_received = 1;
+ }
+
+ return 0;
}
static int
-_gnutls_srtp_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_srtp_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned i;
- int total_size = 0, ret;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- if (priv->profiles_size == 0)
- return 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- /* Don't send anything if no matching profile was found */
- if (priv->selected_profile == 0)
- return 0;
-
- ret = _gnutls_buffer_append_prefix(extdata, 16, 2);
- if (ret < 0)
- return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_prefix(extdata, 16, priv->selected_profile);
- if (ret < 0)
- return gnutls_assert_val(ret);
- total_size = 4;
- }
- else
- {
- ret = _gnutls_buffer_append_prefix(extdata, 16, 2 * priv->profiles_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < priv->profiles_size; i++)
- {
- ret = _gnutls_buffer_append_prefix(extdata, 16, priv->profiles[i]);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- total_size = 2 + 2 * priv->profiles_size;
- }
-
- /* use_mki */
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, priv->mki, priv->mki_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- total_size += 1 + priv->mki_size;
-
- return total_size;
+ unsigned i;
+ int total_size = 0, ret;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ if (priv->profiles_size == 0)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ /* Don't send anything if no matching profile was found */
+ if (priv->selected_profile == 0)
+ return 0;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 16, 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ priv->selected_profile);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ total_size = 4;
+ } else {
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ 2 * priv->profiles_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < priv->profiles_size; i++) {
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ priv->
+ profiles[i]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ total_size = 2 + 2 * priv->profiles_size;
+ }
+
+ /* use_mki */
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8, priv->mki,
+ priv->mki_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ total_size += 1 + priv->mki_size;
+
+ return total_size;
}
/**
@@ -312,32 +303,30 @@ _gnutls_srtp_send_params (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_get_selected_profile (gnutls_session_t session,
- gnutls_srtp_profile_t *profile)
+gnutls_srtp_get_selected_profile(gnutls_session_t session,
+ gnutls_srtp_profile_t * profile)
{
- srtp_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
+ srtp_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- priv = epriv.ptr;
+ priv = epriv.ptr;
- if (priv->selected_profile == 0)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (priv->selected_profile == 0) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- *profile = priv->selected_profile;
+ *profile = priv->selected_profile;
- return 0;
+ return 0;
}
/**
@@ -354,29 +343,31 @@ gnutls_srtp_get_selected_profile (gnutls_session_t session,
*
* Since 3.1.4
**/
-int
-gnutls_srtp_get_mki (gnutls_session_t session,
- gnutls_datum_t *mki)
+int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki)
{
- srtp_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
+ srtp_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ priv = epriv.ptr;
- priv = epriv.ptr;
+ if (priv->mki_received == 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- if (priv->mki_received == 0)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- mki->data = priv->mki;
- mki->size = priv->mki_size;
+ mki->data = priv->mki;
+ mki->size = priv->mki_size;
- return 0;
+ return 0;
}
/**
@@ -393,40 +384,34 @@ gnutls_srtp_get_mki (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_set_mki (gnutls_session_t session,
- const gnutls_datum_t *mki)
+gnutls_srtp_set_mki(gnutls_session_t session, const gnutls_datum_t * mki)
{
- int ret;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRTP,
- epriv);
- }
- else
- priv = epriv.ptr;
-
- if (mki->size > 0 && mki->size <= sizeof(priv->mki))
- {
- priv->mki_size = mki->size;
- memcpy(priv->mki, mki->data, mki->size);
- }
- else
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- return 0;
+ int ret;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRTP, epriv);
+ } else
+ priv = epriv.ptr;
+
+ if (mki->size > 0 && mki->size <= sizeof(priv->mki)) {
+ priv->mki_size = mki->size;
+ memcpy(priv->mki, mki->data, mki->size);
+ } else
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ return 0;
}
/**
@@ -443,36 +428,33 @@ gnutls_srtp_set_mki (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_set_profile (gnutls_session_t session,
- gnutls_srtp_profile_t profile)
+gnutls_srtp_set_profile(gnutls_session_t session,
+ gnutls_srtp_profile_t profile)
{
- int ret;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRTP,
- epriv);
- }
- else
- priv = epriv.ptr;
-
- if (priv->profiles_size < MAX_SRTP_PROFILES)
- priv->profiles_size++;
- priv->profiles[priv->profiles_size - 1] = profile;
-
- return 0;
+ int ret;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRTP, epriv);
+ } else
+ priv = epriv.ptr;
+
+ if (priv->profiles_size < MAX_SRTP_PROFILES)
+ priv->profiles_size++;
+ priv->profiles[priv->profiles_size - 1] = profile;
+
+ return 0;
}
/**
@@ -491,61 +473,55 @@ gnutls_srtp_set_profile (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_set_profile_direct (gnutls_session_t session,
- const char *profiles, const char **err_pos)
+gnutls_srtp_set_profile_direct(gnutls_session_t session,
+ const char *profiles, const char **err_pos)
{
- int ret;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
- int set = 0;
- const char *col;
- gnutls_srtp_profile_t id;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- if (err_pos != NULL)
- *err_pos = profiles;
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
- else
- priv = epriv.ptr;
-
- do
- {
- col = strchr (profiles, ':');
- id = find_profile (profiles, col);
- if (id == 0)
- {
- if (set != 0)
- gnutls_free (priv);
- if (err_pos != NULL)
- *err_pos = profiles;
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (priv->profiles_size < MAX_SRTP_PROFILES)
- {
- priv->profiles_size++;
- }
- priv->profiles[priv->profiles_size - 1] = id;
- profiles = col + 1;
- } while (col != NULL);
-
- if (set != 0)
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRTP,
- epriv);
-
- return 0;
+ int ret;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+ int set = 0;
+ const char *col;
+ gnutls_srtp_profile_t id;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ if (err_pos != NULL)
+ *err_pos = profiles;
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ } else
+ priv = epriv.ptr;
+
+ do {
+ col = strchr(profiles, ':');
+ id = find_profile(profiles, col);
+ if (id == 0) {
+ if (set != 0)
+ gnutls_free(priv);
+ if (err_pos != NULL)
+ *err_pos = profiles;
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (priv->profiles_size < MAX_SRTP_PROFILES) {
+ priv->profiles_size++;
+ }
+ priv->profiles[priv->profiles_size - 1] = id;
+ profiles = col + 1;
+ } while (col != NULL);
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRTP, epriv);
+
+ return 0;
}
/**
@@ -571,131 +547,123 @@ gnutls_srtp_set_profile_direct (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_get_keys (gnutls_session_t session,
- void *key_material,
- unsigned int key_material_size,
- gnutls_datum_t *client_key,
- gnutls_datum_t *client_salt,
- gnutls_datum_t *server_key,
- gnutls_datum_t *server_salt)
-{
-int ret;
-const srtp_profile_st *p;
-gnutls_srtp_profile_t profile;
-unsigned int msize;
-uint8_t *km = key_material;
-
- ret = gnutls_srtp_get_selected_profile (session, &profile);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- p = get_profile(profile);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
-
- msize = 2*(p->key_length+p->salt_length);
- if (msize > key_material_size)
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
-
- if (msize == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = gnutls_prf(session, sizeof("EXTRACTOR-dtls_srtp")-1, "EXTRACTOR-dtls_srtp", 0, 0,
- NULL, msize, key_material);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (client_key)
- {
- client_key->data = km;
- client_key->size = p->key_length;
- }
-
- if (server_key)
- {
- server_key->data = km + p->key_length;
- server_key->size = p->key_length;
- }
-
- if (client_salt)
- {
- client_salt->data = km + 2*p->key_length;
- client_salt->size = p->salt_length;
- }
-
- if (server_salt)
- {
- server_salt->data = km + 2*p->key_length + p->salt_length;
- server_salt->size = p->salt_length;
- }
-
- return msize;
+gnutls_srtp_get_keys(gnutls_session_t session,
+ void *key_material,
+ unsigned int key_material_size,
+ gnutls_datum_t * client_key,
+ gnutls_datum_t * client_salt,
+ gnutls_datum_t * server_key,
+ gnutls_datum_t * server_salt)
+{
+ int ret;
+ const srtp_profile_st *p;
+ gnutls_srtp_profile_t profile;
+ unsigned int msize;
+ uint8_t *km = key_material;
+
+ ret = gnutls_srtp_get_selected_profile(session, &profile);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ p = get_profile(profile);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
+
+ msize = 2 * (p->key_length + p->salt_length);
+ if (msize > key_material_size)
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
+ if (msize == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret =
+ gnutls_prf(session, sizeof("EXTRACTOR-dtls_srtp") - 1,
+ "EXTRACTOR-dtls_srtp", 0, 0, NULL, msize,
+ key_material);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (client_key) {
+ client_key->data = km;
+ client_key->size = p->key_length;
+ }
+
+ if (server_key) {
+ server_key->data = km + p->key_length;
+ server_key->size = p->key_length;
+ }
+
+ if (client_salt) {
+ client_salt->data = km + 2 * p->key_length;
+ client_salt->size = p->salt_length;
+ }
+
+ if (server_salt) {
+ server_salt->data =
+ km + 2 * p->key_length + p->salt_length;
+ server_salt->size = p->salt_length;
+ }
+
+ return msize;
}
-static void
-_gnutls_srtp_deinit_data (extension_priv_data_t priv)
+static void _gnutls_srtp_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
static int
-_gnutls_srtp_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_srtp_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- srtp_ext_st *priv = epriv.ptr;
- unsigned int i;
- int ret;
-
- BUFFER_APPEND_NUM (ps, priv->profiles_size);
- for (i = 0; i < priv->profiles_size; i++)
- {
- BUFFER_APPEND_NUM (ps, priv->profiles[i]);
- }
-
- BUFFER_APPEND_NUM (ps, priv->mki_received);
- if (priv->mki_received)
- {
- BUFFER_APPEND_NUM (ps, priv->selected_profile);
- BUFFER_APPEND_PFX4 (ps, priv->mki, priv->mki_size);
- }
- return 0;
+ srtp_ext_st *priv = epriv.ptr;
+ unsigned int i;
+ int ret;
+
+ BUFFER_APPEND_NUM(ps, priv->profiles_size);
+ for (i = 0; i < priv->profiles_size; i++) {
+ BUFFER_APPEND_NUM(ps, priv->profiles[i]);
+ }
+
+ BUFFER_APPEND_NUM(ps, priv->mki_received);
+ if (priv->mki_received) {
+ BUFFER_APPEND_NUM(ps, priv->selected_profile);
+ BUFFER_APPEND_PFX4(ps, priv->mki, priv->mki_size);
+ }
+ return 0;
}
static int
-_gnutls_srtp_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_srtp_unpack(gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
- srtp_ext_st *priv;
- unsigned int i;
- int ret;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_NUM (ps, priv->profiles_size);
- for (i = 0; i < priv->profiles_size; i++)
- {
- BUFFER_POP_NUM (ps, priv->profiles[i]);
- }
- BUFFER_POP_NUM (ps, priv->selected_profile);
-
- BUFFER_POP_NUM (ps, priv->mki_received);
- if (priv->mki_received)
- {
- BUFFER_POP_NUM (ps, priv->mki_size);
- BUFFER_POP (ps, priv->mki, priv->mki_size);
- }
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ srtp_ext_st *priv;
+ unsigned int i;
+ int ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM(ps, priv->profiles_size);
+ for (i = 0; i < priv->profiles_size; i++) {
+ BUFFER_POP_NUM(ps, priv->profiles[i]);
+ }
+ BUFFER_POP_NUM(ps, priv->selected_profile);
+
+ BUFFER_POP_NUM(ps, priv->mki_received);
+ if (priv->mki_received) {
+ BUFFER_POP_NUM(ps, priv->mki_size);
+ BUFFER_POP(ps, priv->mki, priv->mki_size);
+ }
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
diff --git a/lib/ext/srtp.h b/lib/ext/srtp.h
index 579b3840d9..46ecfd7f02 100644
--- a/lib/ext/srtp.h
+++ b/lib/ext/srtp.h
@@ -26,14 +26,13 @@
#define MAX_SRTP_PROFILES 4
-typedef struct
-{
- gnutls_srtp_profile_t profiles[MAX_SRTP_PROFILES];
- unsigned profiles_size;
- gnutls_srtp_profile_t selected_profile;
- uint8_t mki[256];
- unsigned mki_size;
- unsigned int mki_received;
+typedef struct {
+ gnutls_srtp_profile_t profiles[MAX_SRTP_PROFILES];
+ unsigned profiles_size;
+ gnutls_srtp_profile_t selected_profile;
+ uint8_t mki[256];
+ unsigned mki_size;
+ unsigned int mki_received;
} srtp_ext_st;
extern extension_entry_st ext_mod_srtp;
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index ac512c2f90..d7009aab5b 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -34,14 +34,13 @@
#include <auth/cert.h>
#include <gnutls_handshake.h>
-typedef struct
-{
- gnutls_datum_t *responder_id;
- size_t responder_id_size;
- gnutls_datum_t request_extensions;
- gnutls_datum_t response;
+typedef struct {
+ gnutls_datum_t *responder_id;
+ size_t responder_id_size;
+ gnutls_datum_t request_extensions;
+ gnutls_datum_t response;
- unsigned int expect_cstatus;
+ unsigned int expect_cstatus;
} status_request_ext_st;
/*
@@ -66,108 +65,113 @@ typedef struct
*/
static int
-client_send (gnutls_session_t session,
- gnutls_buffer_st* extdata,
- status_request_ext_st *priv)
+client_send(gnutls_session_t session,
+ gnutls_buffer_st * extdata, status_request_ext_st * priv)
{
- int ret_len = 1 + 2;
- int ret;
- size_t i;
-
- ret = _gnutls_buffer_append_prefix (extdata, 8, 1);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_prefix (extdata, 16, priv->responder_id_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- for (i = 0; i < priv->responder_id_size; i++)
- {
- if (priv->responder_id[i].size <= 0)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- ret = _gnutls_buffer_append_data_prefix (extdata, 16,
- priv->responder_id[i].data,
- priv->responder_id[i].size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret_len += 2 + priv->responder_id[i].size;
- }
-
- ret = _gnutls_buffer_append_data_prefix (extdata, 16,
- priv->request_extensions.data,
- priv->request_extensions.size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret_len += 2 + priv->request_extensions.size;
-
- return ret_len;
+ int ret_len = 1 + 2;
+ int ret;
+ size_t i;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 8, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ priv->responder_id_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < priv->responder_id_size; i++) {
+ if (priv->responder_id[i].size <= 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = _gnutls_buffer_append_data_prefix(extdata, 16,
+ priv->
+ responder_id[i].
+ data,
+ priv->
+ responder_id[i].
+ size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret_len += 2 + priv->responder_id[i].size;
+ }
+
+ ret = _gnutls_buffer_append_data_prefix(extdata, 16,
+ priv->request_extensions.
+ data,
+ priv->request_extensions.
+ size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret_len += 2 + priv->request_extensions.size;
+
+ return ret_len;
}
static int
-server_recv (gnutls_session_t session,
- status_request_ext_st *priv,
- const uint8_t * data,
- size_t size)
+server_recv(gnutls_session_t session,
+ status_request_ext_st * priv,
+ const uint8_t * data, size_t size)
{
- size_t i;
- ssize_t data_size = size;
+ size_t i;
+ ssize_t data_size = size;
+
+ /* minimum message is type (1) + responder_id_list (2) +
+ request_extension (2) = 5 */
+ if (data_size < 5)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- /* minimum message is type (1) + responder_id_list (2) +
- request_extension (2) = 5 */
- if (data_size < 5)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ /* We ignore non-ocsp CertificateStatusType. The spec is unclear
+ what should be done. */
+ if (data[0] != 0x01) {
+ gnutls_assert();
+ _gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",
+ session, data[0]);
+ return 0;
+ }
+ DECR_LEN(data_size, 1);
+ data++;
- /* We ignore non-ocsp CertificateStatusType. The spec is unclear
- what should be done. */
- if (data[0] != 0x01)
- {
- gnutls_assert ();
- _gnutls_handshake_log ("EXT[%p]: unknown status_type %d\n",
- session, data[0]);
- return 0;
- }
- DECR_LEN(data_size, 1);
- data++;
+ priv->responder_id_size = _gnutls_read_uint16(data);
- priv->responder_id_size = _gnutls_read_uint16 (data);
-
- DECR_LEN(data_size, 2);
- data += 2;
+ DECR_LEN(data_size, 2);
+ data += 2;
- if (data_size <= (ssize_t)(priv->responder_id_size * 2))
- return gnutls_assert_val (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ if (data_size <= (ssize_t) (priv->responder_id_size * 2))
+ return
+ gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- priv->responder_id = gnutls_malloc (priv->responder_id_size
- * sizeof (*priv->responder_id));
- if (priv->responder_id == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ priv->responder_id = gnutls_malloc(priv->responder_id_size
+ * sizeof(*priv->responder_id));
+ if (priv->responder_id == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- for (i = 0; i < priv->responder_id_size; i++)
- {
- size_t l;
+ for (i = 0; i < priv->responder_id_size; i++) {
+ size_t l;
- DECR_LEN(data_size, 2);
+ DECR_LEN(data_size, 2);
- l = _gnutls_read_uint16 (data);
- data += 2;
+ l = _gnutls_read_uint16(data);
+ data += 2;
- DECR_LEN(data_size, l);
+ DECR_LEN(data_size, l);
- priv->responder_id[i].data = gnutls_malloc (l);
- if (priv->responder_id[i].data == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ priv->responder_id[i].data = gnutls_malloc(l);
+ if (priv->responder_id[i].data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- memcpy (priv->responder_id[i].data, data, l);
- priv->responder_id[i].size = l;
+ memcpy(priv->responder_id[i].data, data, l);
+ priv->responder_id[i].size = l;
- data += l;
- }
+ data += l;
+ }
- return 0;
+ return 0;
}
/*
@@ -181,99 +185,94 @@ server_recv (gnutls_session_t session,
*/
static int
-server_send (gnutls_session_t session,
- gnutls_buffer_st* extdata,
- status_request_ext_st *priv)
+server_send(gnutls_session_t session,
+ gnutls_buffer_st * extdata, status_request_ext_st * priv)
{
- int ret;
- gnutls_certificate_credentials_t cred;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) /* no certificate authentication */
- return gnutls_assert_val (0);
-
- if (cred->ocsp_func == NULL)
- return gnutls_assert_val (GNUTLS_E_SUCCESS);
-
- ret = cred->ocsp_func (session, cred->ocsp_func_ptr, &priv->response);
- if (ret == GNUTLS_E_NO_CERTIFICATE_STATUS)
- return 0;
- else if (ret < 0)
- return gnutls_assert_val (ret);
-
- return GNUTLS_E_INT_RET_0;
+ int ret;
+ gnutls_certificate_credentials_t cred;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) /* no certificate authentication */
+ return gnutls_assert_val(0);
+
+ if (cred->ocsp_func == NULL)
+ return gnutls_assert_val(GNUTLS_E_SUCCESS);
+
+ ret =
+ cred->ocsp_func(session, cred->ocsp_func_ptr, &priv->response);
+ if (ret == GNUTLS_E_NO_CERTIFICATE_STATUS)
+ return 0;
+ else if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return GNUTLS_E_INT_RET_0;
}
static int
-client_recv (gnutls_session_t session,
- status_request_ext_st *priv,
- const uint8_t * data,
- size_t size)
+client_recv(gnutls_session_t session,
+ status_request_ext_st * priv,
+ const uint8_t * data, size_t size)
{
- if (size != 0)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- else
- {
- priv->expect_cstatus = 1;
- return 0;
- }
+ if (size != 0)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ else {
+ priv->expect_cstatus = 1;
+ return 0;
+ }
}
static int
-_gnutls_status_request_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_status_request_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- extension_priv_data_t epriv;
- status_request_ext_st *priv;
- int ret;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (ret < 0 || epriv.ptr == NULL) /* it is ok not to have it */
- return 0;
- priv = epriv.ptr;
-
- return client_send (session, extdata, priv);
- }
- else
- {
- epriv.ptr = priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- epriv);
-
- return server_send (session, extdata, priv);
- }
+ extension_priv_data_t epriv;
+ status_request_ext_st *priv;
+ int ret;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (ret < 0 || epriv.ptr == NULL) /* it is ok not to have it */
+ return 0;
+ priv = epriv.ptr;
+
+ return client_send(session, extdata, priv);
+ } else {
+ epriv.ptr = priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ epriv);
+
+ return server_send(session, extdata, priv);
+ }
}
static int
-_gnutls_status_request_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t size)
+_gnutls_status_request_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t size)
{
- extension_priv_data_t epriv;
- status_request_ext_st *priv;
- int ret;
+ extension_priv_data_t epriv;
+ status_request_ext_st *priv;
+ int ret;
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
- if (ret < 0 || epriv.ptr == NULL) /* it is ok not to have it */
- return 0;
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+ if (ret < 0 || epriv.ptr == NULL) /* it is ok not to have it */
+ return 0;
- priv = epriv.ptr;
+ priv = epriv.ptr;
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return client_recv (session, priv, data, size);
- return server_recv (session, priv, data, size);
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ return client_recv(session, priv, data, size);
+ return server_recv(session, priv, data, size);
}
/**
@@ -295,34 +294,33 @@ _gnutls_status_request_recv_params (gnutls_session_t session,
* Since: 3.1.3
**/
int
-gnutls_ocsp_status_request_enable_client (gnutls_session_t session,
- gnutls_datum_t *responder_id,
- size_t responder_id_size,
- gnutls_datum_t *extensions)
+gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
+ gnutls_datum_t * responder_id,
+ size_t responder_id_size,
+ gnutls_datum_t * extensions)
{
- status_request_ext_st *priv;
- extension_priv_data_t epriv;
+ status_request_ext_st *priv;
+ extension_priv_data_t epriv;
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- epriv.ptr = priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ epriv.ptr = priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- priv->responder_id = responder_id;
- priv->responder_id_size = responder_id_size;
- if (extensions)
- {
- priv->request_extensions.data = extensions->data;
- priv->request_extensions.size = extensions->size;
- }
+ priv->responder_id = responder_id;
+ priv->responder_id_size = responder_id_size;
+ if (extensions) {
+ priv->request_extensions.data = extensions->data;
+ priv->request_extensions.size = extensions->size;
+ }
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- epriv);
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ epriv);
- return 0;
+ return 0;
}
/**
@@ -341,31 +339,33 @@ gnutls_ocsp_status_request_enable_client (gnutls_session_t session,
* Since: 3.1.3
**/
int
-gnutls_ocsp_status_request_get (gnutls_session_t session,
- gnutls_datum_t *response)
+gnutls_ocsp_status_request_get(gnutls_session_t session,
+ gnutls_datum_t * response)
{
- status_request_ext_st *priv;
- extension_priv_data_t epriv;
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- priv = epriv.ptr;
-
- if (priv == NULL || priv->response.data == NULL)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- response->data = priv->response.data;
- response->size = priv->response.size;
-
- return 0;
+ status_request_ext_st *priv;
+ extension_priv_data_t epriv;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ priv = epriv.ptr;
+
+ if (priv == NULL || priv->response.data == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ response->data = priv->response.data;
+ response->size = priv->response.size;
+
+ return 0;
}
/**
@@ -396,26 +396,26 @@ gnutls_ocsp_status_request_get (gnutls_session_t session,
* Since: 3.1.3
**/
void
-gnutls_certificate_set_ocsp_status_request_function (
- gnutls_certificate_credentials_t sc,
- gnutls_status_request_ocsp_func ocsp_func,
- void *ptr)
+gnutls_certificate_set_ocsp_status_request_function
+(gnutls_certificate_credentials_t sc,
+gnutls_status_request_ocsp_func ocsp_func, void *ptr)
{
-
- sc->ocsp_func = ocsp_func;
- sc->ocsp_func_ptr = ptr;
+
+ sc->ocsp_func = ocsp_func;
+ sc->ocsp_func_ptr = ptr;
}
-static int file_ocsp_func(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response)
+static int file_ocsp_func(gnutls_session_t session, void *ptr,
+ gnutls_datum_t * ocsp_response)
{
-int ret;
-gnutls_certificate_credentials_t sc = ptr;
-
- ret = gnutls_load_file(sc->ocsp_response_file, ocsp_response);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_STATUS);
-
- return 0;
+ int ret;
+ gnutls_certificate_credentials_t sc = ptr;
+
+ ret = gnutls_load_file(sc->ocsp_response_file, ocsp_response);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_STATUS);
+
+ return 0;
}
/**
@@ -437,191 +437,194 @@ gnutls_certificate_credentials_t sc = ptr;
* Since: 3.1.3
**/
int
-gnutls_certificate_set_ocsp_status_request_file (
- gnutls_certificate_credentials_t sc,
- const char* response_file,
- unsigned int flags)
+gnutls_certificate_set_ocsp_status_request_file
+(gnutls_certificate_credentials_t sc, const char *response_file,
+ unsigned int flags)
{
- sc->ocsp_func = file_ocsp_func;
- sc->ocsp_func_ptr = sc;
- sc->ocsp_response_file = gnutls_strdup(response_file);
- if (sc->ocsp_response_file == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- return 0;
+ sc->ocsp_func = file_ocsp_func;
+ sc->ocsp_func_ptr = sc;
+ sc->ocsp_response_file = gnutls_strdup(response_file);
+ if (sc->ocsp_response_file == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ return 0;
}
-static void
-_gnutls_status_request_deinit_data (extension_priv_data_t epriv)
+static void _gnutls_status_request_deinit_data(extension_priv_data_t epriv)
{
- status_request_ext_st *priv = epriv.ptr;
- size_t i;
+ status_request_ext_st *priv = epriv.ptr;
+ size_t i;
- if (priv == NULL)
- return;
+ if (priv == NULL)
+ return;
- for (i = 0; i < priv->responder_id_size; i++)
- gnutls_free (priv->responder_id[i].data);
+ for (i = 0; i < priv->responder_id_size; i++)
+ gnutls_free(priv->responder_id[i].data);
- gnutls_free (priv->responder_id);
- gnutls_free (priv->request_extensions.data);
- gnutls_free (priv->response.data);
- gnutls_free (priv);
+ gnutls_free(priv->responder_id);
+ gnutls_free(priv->request_extensions.data);
+ gnutls_free(priv->response.data);
+ gnutls_free(priv);
}
static int
-_gnutls_status_request_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_status_request_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps)
{
- status_request_ext_st *priv = epriv.ptr;
- int ret;
+ status_request_ext_st *priv = epriv.ptr;
+ int ret;
- BUFFER_APPEND_PFX4 (ps, priv->response.data,
- priv->response.size);
+ BUFFER_APPEND_PFX4(ps, priv->response.data, priv->response.size);
- return 0;
+ return 0;
}
static int
-_gnutls_status_request_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * epriv)
+_gnutls_status_request_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * epriv)
{
- status_request_ext_st *priv;
- int ret;
+ status_request_ext_st *priv;
+ int ret;
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- BUFFER_POP_DATUM (ps, &priv->response);
+ BUFFER_POP_DATUM(ps, &priv->response);
- epriv->ptr = priv;
+ epriv->ptr = priv;
- return 0;
+ return 0;
-error:
- gnutls_free (priv);
- return ret;
+ error:
+ gnutls_free(priv);
+ return ret;
}
extension_entry_st ext_mod_status_request = {
- .name = "STATUS REQUEST",
- .type = GNUTLS_EXTENSION_STATUS_REQUEST,
- .parse_type = GNUTLS_EXT_TLS,
- .recv_func = _gnutls_status_request_recv_params,
- .send_func = _gnutls_status_request_send_params,
- .pack_func = _gnutls_status_request_pack,
- .unpack_func = _gnutls_status_request_unpack,
- .deinit_func = _gnutls_status_request_deinit_data
+ .name = "STATUS REQUEST",
+ .type = GNUTLS_EXTENSION_STATUS_REQUEST,
+ .parse_type = GNUTLS_EXT_TLS,
+ .recv_func = _gnutls_status_request_recv_params,
+ .send_func = _gnutls_status_request_send_params,
+ .pack_func = _gnutls_status_request_pack,
+ .unpack_func = _gnutls_status_request_unpack,
+ .deinit_func = _gnutls_status_request_deinit_data
};
/* Functions to be called from handshake */
int
-_gnutls_send_server_certificate_status (gnutls_session_t session, int again)
+_gnutls_send_server_certificate_status(gnutls_session_t session, int again)
{
- mbuffer_st *bufel = NULL;
- uint8_t * data;
- int data_size = 0;
- int ret;
- status_request_ext_st *priv = NULL;
- extension_priv_data_t epriv;
- if (again == 0)
- {
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
- if (ret < 0)
- return 0;
- priv = epriv.ptr;
-
- if (!priv->response.size)
- return 0;
-
- data_size = priv->response.size + 4;
- bufel = _gnutls_handshake_alloc (session, data_size, data_size);
- if (!bufel)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- data = _mbuffer_get_udata_ptr (bufel);
-
- data[0] = 0x01;
- _gnutls_write_uint24(priv->response.size, &data[1]);
- memcpy(&data[4], priv->response.data, priv->response.size);
-
- _gnutls_free_datum(&priv->response);
- }
- return _gnutls_send_handshake (session, data_size ? bufel : NULL,
- GNUTLS_HANDSHAKE_CERTIFICATE_STATUS);
+ mbuffer_st *bufel = NULL;
+ uint8_t *data;
+ int data_size = 0;
+ int ret;
+ status_request_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ if (again == 0) {
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+ if (ret < 0)
+ return 0;
+ priv = epriv.ptr;
+
+ if (!priv->response.size)
+ return 0;
+
+ data_size = priv->response.size + 4;
+ bufel =
+ _gnutls_handshake_alloc(session, data_size, data_size);
+ if (!bufel)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ data = _mbuffer_get_udata_ptr(bufel);
+
+ data[0] = 0x01;
+ _gnutls_write_uint24(priv->response.size, &data[1]);
+ memcpy(&data[4], priv->response.data, priv->response.size);
+
+ _gnutls_free_datum(&priv->response);
+ }
+ return _gnutls_send_handshake(session, data_size ? bufel : NULL,
+ GNUTLS_HANDSHAKE_CERTIFICATE_STATUS);
}
-int
-_gnutls_recv_server_certificate_status (gnutls_session_t session)
+int _gnutls_recv_server_certificate_status(gnutls_session_t session)
{
- uint8_t *data;
- int data_size;
- size_t r_size;
- gnutls_buffer_st buf;
- int ret;
- status_request_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- if (!priv->expect_cstatus)
- return 0;
-
- priv->expect_cstatus = 0;
-
- ret = _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CERTIFICATE_STATUS,
- 0, &buf);
- if (ret < 0)
- return gnutls_assert_val_fatal(ret);
-
- data = buf.data;
- data_size = buf.length;
-
- /* minimum message is type (1) + response (3) + data */
- if (data_size == 0)
- return 0;
- else if (data_size < 4)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (data[0] != 0x01)
- {
- gnutls_assert ();
- _gnutls_handshake_log ("EXT[%p]: unknown status_type %d\n",
- session, data[0]);
- return 0;
- }
- DECR_LENGTH_COM (data_size, 1, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- data++;
-
- DECR_LENGTH_COM (data_size, 3, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- r_size = _gnutls_read_uint24(data);
- data += 3;
-
- DECR_LENGTH_COM (data_size, r_size, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
-
- ret = _gnutls_set_datum(&priv->response, data, r_size);
- if (ret < 0)
- goto error;
-
- ret = 0;
-
-error:
- _gnutls_buffer_clear (&buf);
-
- return ret;
+ uint8_t *data;
+ int data_size;
+ size_t r_size;
+ gnutls_buffer_st buf;
+ int ret;
+ status_request_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ if (!priv->expect_cstatus)
+ return 0;
+
+ priv->expect_cstatus = 0;
+
+ ret = _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_STATUS,
+ 0, &buf);
+ if (ret < 0)
+ return gnutls_assert_val_fatal(ret);
+
+ data = buf.data;
+ data_size = buf.length;
+
+ /* minimum message is type (1) + response (3) + data */
+ if (data_size == 0)
+ return 0;
+ else if (data_size < 4)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (data[0] != 0x01) {
+ gnutls_assert();
+ _gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",
+ session, data[0]);
+ return 0;
+ }
+ DECR_LENGTH_COM(data_size, 1, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ data++;
+
+ DECR_LENGTH_COM(data_size, 3, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ r_size = _gnutls_read_uint24(data);
+ data += 3;
+
+ DECR_LENGTH_COM(data_size, r_size, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+
+ ret = _gnutls_set_datum(&priv->response, data, r_size);
+ if (ret < 0)
+ goto error;
+
+ ret = 0;
+
+ error:
+ _gnutls_buffer_clear(&buf);
+
+ return ret;
}
diff --git a/lib/ext/status_request.h b/lib/ext/status_request.h
index e91b95aa31..cd1aaeea46 100644
--- a/lib/ext/status_request.h
+++ b/lib/ext/status_request.h
@@ -28,8 +28,8 @@
extern extension_entry_st ext_mod_status_request;
int
-_gnutls_send_server_certificate_status (gnutls_session_t session, int again);
-int
-_gnutls_recv_server_certificate_status (gnutls_session_t session);
+_gnutls_send_server_certificate_status(gnutls_session_t session,
+ int again);
+int _gnutls_recv_server_certificate_status(gnutls_session_t session);
#endif
diff --git a/lib/extras/randomart.c b/lib/extras/randomart.c
index 7b661a9a25..3b7bf8adc9 100644
--- a/lib/extras/randomart.c
+++ b/lib/extras/randomart.c
@@ -61,107 +61,106 @@
#define FLDBASE 8
#define FLDSIZE_Y (FLDBASE + 1)
#define FLDSIZE_X (FLDBASE * 2 + 1)
-char *
-_gnutls_key_fingerprint_randomart (uint8_t * dgst_raw, u_int dgst_raw_len,
- const char *key_type, unsigned int key_size,
- const char* prefix)
+char *_gnutls_key_fingerprint_randomart(uint8_t * dgst_raw,
+ u_int dgst_raw_len,
+ const char *key_type,
+ unsigned int key_size,
+ const char *prefix)
{
- /*
- * Chars to be used after each other every time the worm
- * intersects with itself. Matter of taste.
- */
- const char augmentation_string[] = " .o+=*BOX@%&#/^SE";
- char *retval, *p;
- uint8_t field[FLDSIZE_X][FLDSIZE_Y];
- unsigned int i, b;
- int x, y;
- const size_t len = sizeof(augmentation_string) - 2;
- unsigned int prefix_len = 0;
-
- if (prefix)
- prefix_len = strlen(prefix);
-
- retval = gnutls_calloc (1, (FLDSIZE_X + 3 + prefix_len) * (FLDSIZE_Y + 2));
- if (retval == NULL)
- {
- gnutls_assert();
- return NULL;
- }
-
- /* initialize field */
- memset (field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof (char));
- x = FLDSIZE_X / 2;
- y = FLDSIZE_Y / 2;
-
- /* process raw key */
- for (i = 0; i < dgst_raw_len; i++)
- {
- int input;
- /* each byte conveys four 2-bit move commands */
- input = dgst_raw[i];
- for (b = 0; b < 4; b++)
- {
- /* evaluate 2 bit, rest is shifted later */
- x += (input & 0x1) ? 1 : -1;
- y += (input & 0x2) ? 1 : -1;
-
- /* assure we are still in bounds */
- x = MAX (x, 0);
- y = MAX (y, 0);
- x = MIN (x, FLDSIZE_X - 1);
- y = MIN (y, FLDSIZE_Y - 1);
-
- /* augment the field */
- if (field[x][y] < len - 2)
- field[x][y]++;
- input = input >> 2;
- }
- }
-
- /* mark starting point and end point */
- field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
- field[x][y] = len;
-
- /* fill in retval */
- if (prefix_len)
- snprintf (retval, FLDSIZE_X + prefix_len, "%s+--[%4s %4u]", prefix, key_type, key_size);
- else
- snprintf (retval, FLDSIZE_X, "+--[%4s %4u]", key_type, key_size);
- p = strchr (retval, '\0');
-
- /* output upper border */
- for (i = p - retval - 1; i < FLDSIZE_X + prefix_len; i++)
- *p++ = '-';
- *p++ = '+';
- *p++ = '\n';
-
- if (prefix_len)
- {
- memcpy(p, prefix, prefix_len);
- p += prefix_len;
- }
-
- /* output content */
- for (y = 0; y < FLDSIZE_Y; y++)
- {
- *p++ = '|';
- for (x = 0; x < FLDSIZE_X; x++)
- *p++ = augmentation_string[MIN (field[x][y], len)];
- *p++ = '|';
- *p++ = '\n';
-
- if (prefix_len)
- {
- memcpy(p, prefix, prefix_len);
- p += prefix_len;
- }
- }
-
- /* output lower border */
- *p++ = '+';
- for (i = 0; i < FLDSIZE_X; i++)
- *p++ = '-';
- *p++ = '+';
-
- return retval;
+ /*
+ * Chars to be used after each other every time the worm
+ * intersects with itself. Matter of taste.
+ */
+ const char augmentation_string[] = " .o+=*BOX@%&#/^SE";
+ char *retval, *p;
+ uint8_t field[FLDSIZE_X][FLDSIZE_Y];
+ unsigned int i, b;
+ int x, y;
+ const size_t len = sizeof(augmentation_string) - 2;
+ unsigned int prefix_len = 0;
+
+ if (prefix)
+ prefix_len = strlen(prefix);
+
+ retval =
+ gnutls_calloc(1,
+ (FLDSIZE_X + 3 + prefix_len) * (FLDSIZE_Y + 2));
+ if (retval == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ /* initialize field */
+ memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
+ x = FLDSIZE_X / 2;
+ y = FLDSIZE_Y / 2;
+
+ /* process raw key */
+ for (i = 0; i < dgst_raw_len; i++) {
+ int input;
+ /* each byte conveys four 2-bit move commands */
+ input = dgst_raw[i];
+ for (b = 0; b < 4; b++) {
+ /* evaluate 2 bit, rest is shifted later */
+ x += (input & 0x1) ? 1 : -1;
+ y += (input & 0x2) ? 1 : -1;
+
+ /* assure we are still in bounds */
+ x = MAX(x, 0);
+ y = MAX(y, 0);
+ x = MIN(x, FLDSIZE_X - 1);
+ y = MIN(y, FLDSIZE_Y - 1);
+
+ /* augment the field */
+ if (field[x][y] < len - 2)
+ field[x][y]++;
+ input = input >> 2;
+ }
+ }
+
+ /* mark starting point and end point */
+ field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
+ field[x][y] = len;
+
+ /* fill in retval */
+ if (prefix_len)
+ snprintf(retval, FLDSIZE_X + prefix_len, "%s+--[%4s %4u]",
+ prefix, key_type, key_size);
+ else
+ snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type,
+ key_size);
+ p = strchr(retval, '\0');
+
+ /* output upper border */
+ for (i = p - retval - 1; i < FLDSIZE_X + prefix_len; i++)
+ *p++ = '-';
+ *p++ = '+';
+ *p++ = '\n';
+
+ if (prefix_len) {
+ memcpy(p, prefix, prefix_len);
+ p += prefix_len;
+ }
+
+ /* output content */
+ for (y = 0; y < FLDSIZE_Y; y++) {
+ *p++ = '|';
+ for (x = 0; x < FLDSIZE_X; x++)
+ *p++ = augmentation_string[MIN(field[x][y], len)];
+ *p++ = '|';
+ *p++ = '\n';
+
+ if (prefix_len) {
+ memcpy(p, prefix, prefix_len);
+ p += prefix_len;
+ }
+ }
+
+ /* output lower border */
+ *p++ = '+';
+ for (i = 0; i < FLDSIZE_X; i++)
+ *p++ = '-';
+ *p++ = '+';
+
+ return retval;
}
diff --git a/lib/extras/randomart.h b/lib/extras/randomart.h
index 07c44c121f..4c5769334b 100644
--- a/lib/extras/randomart.h
+++ b/lib/extras/randomart.h
@@ -1,4 +1,5 @@
-char *
-_gnutls_key_fingerprint_randomart (uint8_t * dgst_raw, u_int dgst_raw_len,
- const char *key_type, unsigned int key_size,
- const char* prefix);
+char *_gnutls_key_fingerprint_randomart(uint8_t * dgst_raw,
+ u_int dgst_raw_len,
+ const char *key_type,
+ unsigned int key_size,
+ const char *prefix);
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index c7932eb472..66270dc18a 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -30,51 +30,61 @@
#define _(String) dgettext (PACKAGE, String)
#define N_(String) gettext_noop (String)
-typedef struct
-{
- gnutls_alert_description_t alert;
- const char *name;
- const char *desc;
+typedef struct {
+ gnutls_alert_description_t alert;
+ const char *name;
+ const char *desc;
} gnutls_alert_entry;
#define ALERT_ENTRY(x,y) \
{x, #x, y}
static const gnutls_alert_entry sup_alerts[] = {
- ALERT_ENTRY(GNUTLS_A_CLOSE_NOTIFY, N_("Close notify")),
- ALERT_ENTRY(GNUTLS_A_UNEXPECTED_MESSAGE, N_("Unexpected message")),
- ALERT_ENTRY(GNUTLS_A_BAD_RECORD_MAC, N_("Bad record MAC")),
- ALERT_ENTRY(GNUTLS_A_DECRYPTION_FAILED, N_("Decryption failed")),
- ALERT_ENTRY(GNUTLS_A_RECORD_OVERFLOW, N_("Record overflow")),
- ALERT_ENTRY(GNUTLS_A_DECOMPRESSION_FAILURE, N_("Decompression failed")),
- ALERT_ENTRY(GNUTLS_A_HANDSHAKE_FAILURE, N_("Handshake failed")),
- ALERT_ENTRY(GNUTLS_A_BAD_CERTIFICATE, N_("Certificate is bad")),
- ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_CERTIFICATE, N_("Certificate is not supported")),
- ALERT_ENTRY(GNUTLS_A_CERTIFICATE_REVOKED, N_("Certificate was revoked")),
- ALERT_ENTRY(GNUTLS_A_CERTIFICATE_EXPIRED, N_("Certificate is expired")),
- ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNKNOWN, N_("Unknown certificate")),
- ALERT_ENTRY(GNUTLS_A_ILLEGAL_PARAMETER, N_("Illegal parameter")),
- ALERT_ENTRY(GNUTLS_A_UNKNOWN_CA, N_("CA is unknown")),
- ALERT_ENTRY(GNUTLS_A_ACCESS_DENIED, N_("Access was denied")),
- ALERT_ENTRY(GNUTLS_A_DECODE_ERROR, N_("Decode error")),
- ALERT_ENTRY(GNUTLS_A_DECRYPT_ERROR, N_("Decrypt error")),
- ALERT_ENTRY(GNUTLS_A_EXPORT_RESTRICTION, N_("Export restriction")),
- ALERT_ENTRY(GNUTLS_A_PROTOCOL_VERSION, N_("Error in protocol version")),
- ALERT_ENTRY(GNUTLS_A_INSUFFICIENT_SECURITY, N_("Insufficient security")),
- ALERT_ENTRY(GNUTLS_A_USER_CANCELED, N_("User canceled")),
- ALERT_ENTRY(GNUTLS_A_SSL3_NO_CERTIFICATE, N_("No certificate (SSL 3.0)")),
- ALERT_ENTRY(GNUTLS_A_INTERNAL_ERROR, N_("Internal error")),
- ALERT_ENTRY(GNUTLS_A_NO_RENEGOTIATION, N_("No renegotiation is allowed")),
- ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
- N_("Could not retrieve the specified certificate")),
- ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_EXTENSION, N_("An unsupported extension was sent")),
- ALERT_ENTRY(GNUTLS_A_UNRECOGNIZED_NAME,
- N_("The server name sent was not recognized")),
- ALERT_ENTRY(GNUTLS_A_UNKNOWN_PSK_IDENTITY,
- N_("The SRP/PSK username is missing or not known")),
- ALERT_ENTRY(GNUTLS_A_NO_APPLICATION_PROTOCOL,
- N_("No supported application protocol could be negotiated")),
- {0, NULL, NULL}
+ ALERT_ENTRY(GNUTLS_A_CLOSE_NOTIFY, N_("Close notify")),
+ ALERT_ENTRY(GNUTLS_A_UNEXPECTED_MESSAGE, N_("Unexpected message")),
+ ALERT_ENTRY(GNUTLS_A_BAD_RECORD_MAC, N_("Bad record MAC")),
+ ALERT_ENTRY(GNUTLS_A_DECRYPTION_FAILED, N_("Decryption failed")),
+ ALERT_ENTRY(GNUTLS_A_RECORD_OVERFLOW, N_("Record overflow")),
+ ALERT_ENTRY(GNUTLS_A_DECOMPRESSION_FAILURE,
+ N_("Decompression failed")),
+ ALERT_ENTRY(GNUTLS_A_HANDSHAKE_FAILURE, N_("Handshake failed")),
+ ALERT_ENTRY(GNUTLS_A_BAD_CERTIFICATE, N_("Certificate is bad")),
+ ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_CERTIFICATE,
+ N_("Certificate is not supported")),
+ ALERT_ENTRY(GNUTLS_A_CERTIFICATE_REVOKED,
+ N_("Certificate was revoked")),
+ ALERT_ENTRY(GNUTLS_A_CERTIFICATE_EXPIRED,
+ N_("Certificate is expired")),
+ ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNKNOWN,
+ N_("Unknown certificate")),
+ ALERT_ENTRY(GNUTLS_A_ILLEGAL_PARAMETER, N_("Illegal parameter")),
+ ALERT_ENTRY(GNUTLS_A_UNKNOWN_CA, N_("CA is unknown")),
+ ALERT_ENTRY(GNUTLS_A_ACCESS_DENIED, N_("Access was denied")),
+ ALERT_ENTRY(GNUTLS_A_DECODE_ERROR, N_("Decode error")),
+ ALERT_ENTRY(GNUTLS_A_DECRYPT_ERROR, N_("Decrypt error")),
+ ALERT_ENTRY(GNUTLS_A_EXPORT_RESTRICTION, N_("Export restriction")),
+ ALERT_ENTRY(GNUTLS_A_PROTOCOL_VERSION,
+ N_("Error in protocol version")),
+ ALERT_ENTRY(GNUTLS_A_INSUFFICIENT_SECURITY,
+ N_("Insufficient security")),
+ ALERT_ENTRY(GNUTLS_A_USER_CANCELED, N_("User canceled")),
+ ALERT_ENTRY(GNUTLS_A_SSL3_NO_CERTIFICATE,
+ N_("No certificate (SSL 3.0)")),
+ ALERT_ENTRY(GNUTLS_A_INTERNAL_ERROR, N_("Internal error")),
+ ALERT_ENTRY(GNUTLS_A_NO_RENEGOTIATION,
+ N_("No renegotiation is allowed")),
+ ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
+ N_("Could not retrieve the specified certificate")),
+ ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_EXTENSION,
+ N_("An unsupported extension was sent")),
+ ALERT_ENTRY(GNUTLS_A_UNRECOGNIZED_NAME,
+ N_("The server name sent was not recognized")),
+ ALERT_ENTRY(GNUTLS_A_UNKNOWN_PSK_IDENTITY,
+ N_("The SRP/PSK username is missing or not known")),
+ ALERT_ENTRY(GNUTLS_A_NO_APPLICATION_PROTOCOL,
+ N_
+ ("No supported application protocol could be negotiated")),
+ {0, NULL, NULL}
};
/**
@@ -86,16 +96,15 @@ static const gnutls_alert_entry sup_alerts[] = {
*
* Returns: string corresponding to #gnutls_alert_description_t value.
**/
-const char *
-gnutls_alert_get_name (gnutls_alert_description_t alert)
+const char *gnutls_alert_get_name(gnutls_alert_description_t alert)
{
- const gnutls_alert_entry *p;
+ const gnutls_alert_entry *p;
- for (p = sup_alerts; p->desc != NULL; p++)
- if (p->alert == alert)
- return _(p->desc);
+ for (p = sup_alerts; p->desc != NULL; p++)
+ if (p->alert == alert)
+ return _(p->desc);
- return NULL;
+ return NULL;
}
/**
@@ -108,16 +117,15 @@ gnutls_alert_get_name (gnutls_alert_description_t alert)
*
* Since: 3.0
**/
-const char *
-gnutls_alert_get_strname (gnutls_alert_description_t alert)
+const char *gnutls_alert_get_strname(gnutls_alert_description_t alert)
{
- const gnutls_alert_entry *p;
+ const gnutls_alert_entry *p;
- for (p = sup_alerts; p->name != NULL; p++)
- if (p->alert == alert)
- return p->name;
+ for (p = sup_alerts; p->name != NULL; p++)
+ if (p->alert == alert)
+ return p->name;
- return NULL;
+ return NULL;
}
/**
@@ -139,28 +147,29 @@ gnutls_alert_get_strname (gnutls_alert_description_t alert)
* an error code is returned.
**/
int
-gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
- gnutls_alert_description_t desc)
+gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level,
+ gnutls_alert_description_t desc)
{
- uint8_t data[2];
- int ret;
- const char *name;
+ uint8_t data[2];
+ int ret;
+ const char *name;
- data[0] = (uint8_t) level;
- data[1] = (uint8_t) desc;
+ data[0] = (uint8_t) level;
+ data[1] = (uint8_t) desc;
- name = gnutls_alert_get_name ((int) data[1]);
- if (name == NULL)
- name = "(unknown)";
- _gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0],
- data[1], name);
+ name = gnutls_alert_get_name((int) data[1]);
+ if (name == NULL)
+ name = "(unknown)";
+ _gnutls_record_log("REC: Sending Alert[%d|%d] - %s\n", data[0],
+ data[1], name);
- if ((ret =
- _gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data,
- 2, MBUFFER_FLUSH)) >= 0)
- return 0;
- else
- return ret;
+ if ((ret =
+ _gnutls_send_int(session, GNUTLS_ALERT, -1,
+ EPOCH_WRITE_CURRENT, data, 2,
+ MBUFFER_FLUSH)) >= 0)
+ return 0;
+ else
+ return ret;
}
/**
@@ -179,122 +188,120 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
*
* Returns: the alert code to use for a particular error code.
**/
-int
-gnutls_error_to_alert (int err, int *level)
+int gnutls_error_to_alert(int err, int *level)
{
- int ret, _level = -1;
+ int ret, _level = -1;
- switch (err)
- { /* send appropriate alert */
- case GNUTLS_E_DECRYPTION_FAILED:
- /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
- * it is not defined in SSL3. Note that we must
- * not distinguish Decryption failures from mac
- * check failures, due to the possibility of some
- * attacks.
- */
- ret = GNUTLS_A_BAD_RECORD_MAC;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_DECOMPRESSION_FAILED:
- ret = GNUTLS_A_DECOMPRESSION_FAILURE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
- case GNUTLS_E_ILLEGAL_SRP_USERNAME:
- ret = GNUTLS_A_ILLEGAL_PARAMETER;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNKNOWN_SRP_USERNAME:
- ret = GNUTLS_A_UNKNOWN_PSK_IDENTITY;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
- case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
- case GNUTLS_E_ASN1_DER_ERROR:
- case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
- case GNUTLS_E_ASN1_GENERIC_ERROR:
- case GNUTLS_E_ASN1_VALUE_NOT_VALID:
- case GNUTLS_E_ASN1_TAG_ERROR:
- case GNUTLS_E_ASN1_TAG_IMPLICIT:
- case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
- case GNUTLS_E_ASN1_SYNTAX_ERROR:
- case GNUTLS_E_ASN1_DER_OVERFLOW:
- case GNUTLS_E_CERTIFICATE_ERROR:
- ret = GNUTLS_A_BAD_CERTIFICATE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
- case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
- case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
- case GNUTLS_E_NO_CIPHER_SUITES:
- case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
- case GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:
- case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
- case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
- ret = GNUTLS_A_HANDSHAKE_FAILURE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
- ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_USER_ERROR:
- ret = GNUTLS_A_USER_CANCELED;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNEXPECTED_PACKET:
- case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:
- case GNUTLS_E_PREMATURE_TERMINATION:
- ret = GNUTLS_A_UNEXPECTED_MESSAGE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_REHANDSHAKE:
- case GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:
- ret = GNUTLS_A_NO_RENEGOTIATION;
- _level = GNUTLS_AL_WARNING;
- break;
- case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
- ret = GNUTLS_A_PROTOCOL_VERSION;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
- ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
- ret = GNUTLS_A_RECORD_OVERFLOW;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_INTERNAL_ERROR:
- case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
- case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
- ret = GNUTLS_A_INTERNAL_ERROR;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_OPENPGP_GETKEY_FAILED:
- ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
- case GNUTLS_E_NO_CERTIFICATE_FOUND:
- ret = GNUTLS_A_INSUFFICIENT_SECURITY;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_NO_APPLICATION_PROTOCOL:
- ret = GNUTLS_A_NO_APPLICATION_PROTOCOL;
- _level = GNUTLS_AL_FATAL;
- break;
- default:
- ret = GNUTLS_A_INTERNAL_ERROR;
- _level = GNUTLS_AL_FATAL;
- break;
- }
+ switch (err) { /* send appropriate alert */
+ case GNUTLS_E_DECRYPTION_FAILED:
+ /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
+ * it is not defined in SSL3. Note that we must
+ * not distinguish Decryption failures from mac
+ * check failures, due to the possibility of some
+ * attacks.
+ */
+ ret = GNUTLS_A_BAD_RECORD_MAC;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DECOMPRESSION_FAILED:
+ ret = GNUTLS_A_DECOMPRESSION_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
+ case GNUTLS_E_ILLEGAL_SRP_USERNAME:
+ ret = GNUTLS_A_ILLEGAL_PARAMETER;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNKNOWN_SRP_USERNAME:
+ ret = GNUTLS_A_UNKNOWN_PSK_IDENTITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
+ case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
+ case GNUTLS_E_ASN1_DER_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
+ case GNUTLS_E_ASN1_GENERIC_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_VALID:
+ case GNUTLS_E_ASN1_TAG_ERROR:
+ case GNUTLS_E_ASN1_TAG_IMPLICIT:
+ case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
+ case GNUTLS_E_ASN1_SYNTAX_ERROR:
+ case GNUTLS_E_ASN1_DER_OVERFLOW:
+ case GNUTLS_E_CERTIFICATE_ERROR:
+ ret = GNUTLS_A_BAD_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
+ case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
+ case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
+ case GNUTLS_E_NO_CIPHER_SUITES:
+ case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
+ case GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:
+ case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
+ case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
+ ret = GNUTLS_A_HANDSHAKE_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
+ ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_USER_ERROR:
+ ret = GNUTLS_A_USER_CANCELED;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET:
+ case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:
+ case GNUTLS_E_PREMATURE_TERMINATION:
+ ret = GNUTLS_A_UNEXPECTED_MESSAGE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_REHANDSHAKE:
+ case GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:
+ ret = GNUTLS_A_NO_RENEGOTIATION;
+ _level = GNUTLS_AL_WARNING;
+ break;
+ case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
+ ret = GNUTLS_A_PROTOCOL_VERSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
+ ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+ ret = GNUTLS_A_RECORD_OVERFLOW;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_INTERNAL_ERROR:
+ case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
+ case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
+ ret = GNUTLS_A_INTERNAL_ERROR;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_OPENPGP_GETKEY_FAILED:
+ ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
+ case GNUTLS_E_NO_CERTIFICATE_FOUND:
+ ret = GNUTLS_A_INSUFFICIENT_SECURITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_NO_APPLICATION_PROTOCOL:
+ ret = GNUTLS_A_NO_APPLICATION_PROTOCOL;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ default:
+ ret = GNUTLS_A_INTERNAL_ERROR;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ }
- if (level != NULL)
- *level = _level;
+ if (level != NULL)
+ *level = _level;
- return ret;
+ return ret;
}
/**
@@ -315,19 +322,17 @@ gnutls_error_to_alert (int err, int *level)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
* an error code is returned.
*/
-int
-gnutls_alert_send_appropriate (gnutls_session_t session, int err)
+int gnutls_alert_send_appropriate(gnutls_session_t session, int err)
{
- int alert;
- int level;
+ int alert;
+ int level;
- alert = gnutls_error_to_alert (err, &level);
- if (alert < 0)
- {
- return alert;
- }
+ alert = gnutls_error_to_alert(err, &level);
+ if (alert < 0) {
+ return alert;
+ }
- return gnutls_alert_send (session, level, alert);
+ return gnutls_alert_send(session, level, alert);
}
/**
@@ -343,8 +348,7 @@ gnutls_alert_send_appropriate (gnutls_session_t session, int err)
* Returns: the last alert received, a
* #gnutls_alert_description_t value.
**/
-gnutls_alert_description_t
-gnutls_alert_get (gnutls_session_t session)
+gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session)
{
- return session->internals.last_alert;
+ return session->internals.last_alert;
}
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index dc02c3032d..ad45b68515 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -39,10 +39,10 @@
* helper function is provided in order to free (deallocate) it.
**/
void
-gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc)
+gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t sc)
{
- gnutls_free (sc);
+ gnutls_free(sc);
}
/**
@@ -55,13 +55,13 @@ gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
- sc)
+gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st));
+ *sc = gnutls_calloc(1, sizeof(anon_server_credentials_st));
- return 0;
+ return 0;
}
@@ -73,12 +73,13 @@ gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
* helper function is provided in order to free (deallocate) it.
**/
void
-gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc)
+gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc)
{
}
static struct gnutls_anon_client_credentials_st anon_dummy_struct;
-static const gnutls_anon_client_credentials_t anon_dummy = &anon_dummy_struct;
+static const gnutls_anon_client_credentials_t anon_dummy =
+ &anon_dummy_struct;
/**
* gnutls_anon_allocate_client_credentials:
@@ -90,15 +91,15 @@ static const gnutls_anon_client_credentials_t anon_dummy = &anon_dummy_struct;
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t *
- sc)
+gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t *
+ sc)
{
- /* anon_dummy is only there for *sc not to be null.
- * it is not used at all;
- */
- *sc = anon_dummy;
+ /* anon_dummy is only there for *sc not to be null.
+ * it is not used at all;
+ */
+ *sc = anon_dummy;
- return 0;
+ return 0;
}
/**
@@ -111,10 +112,10 @@ gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t *
* Anonymous Diffie-Hellman cipher suites.
**/
void
-gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
- gnutls_dh_params_t dh_params)
+gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res,
+ gnutls_dh_params_t dh_params)
{
- res->dh_params = dh_params;
+ res->dh_params = dh_params;
}
/**
@@ -127,10 +128,10 @@ gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
* callback should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t res,
- gnutls_params_function * func)
+gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t
+ res, gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
#endif
diff --git a/lib/gnutls_asn1_tab.c b/lib/gnutls_asn1_tab.c
index 5ba1cc932b..8021f1f181 100644
--- a/lib/gnutls_asn1_tab.c
+++ b/lib/gnutls_asn1_tab.c
@@ -1,70 +1,70 @@
#if HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <libtasn1.h>
const asn1_static_node gnutls_asn1_tab[] = {
- { "GNUTLS", 536872976, NULL },
- { NULL, 1073741836, NULL },
- { "RSAPublicKey", 1610612741, NULL },
- { "modulus", 1073741827, NULL },
- { "publicExponent", 3, NULL },
- { "RSAPrivateKey", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "modulus", 1073741827, NULL },
- { "publicExponent", 1073741827, NULL },
- { "privateExponent", 1073741827, NULL },
- { "prime1", 1073741827, NULL },
- { "prime2", 1073741827, NULL },
- { "exponent1", 1073741827, NULL },
- { "exponent2", 1073741827, NULL },
- { "coefficient", 1073741827, NULL },
- { "otherPrimeInfos", 16386, "OtherPrimeInfos"},
- { "OtherPrimeInfos", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "OtherPrimeInfo"},
- { "OtherPrimeInfo", 1610612741, NULL },
- { "prime", 1073741827, NULL },
- { "exponent", 1073741827, NULL },
- { "coefficient", 3, NULL },
- { "AlgorithmIdentifier", 1610612741, NULL },
- { "algorithm", 1073741836, NULL },
- { "parameters", 541081613, NULL },
- { "algorithm", 1, NULL },
- { "DigestInfo", 1610612741, NULL },
- { "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
- { "digest", 2, "Digest"},
- { "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
- { "Digest", 1073741831, NULL },
- { "DSAPublicKey", 1073741827, NULL },
- { "DSAParameters", 1610612741, NULL },
- { "p", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "g", 3, NULL },
- { "DSASignatureValue", 1610612741, NULL },
- { "r", 1073741827, NULL },
- { "s", 3, NULL },
- { "DSAPrivateKey", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "p", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "g", 1073741827, NULL },
- { "Y", 1073741827, NULL },
- { "priv", 3, NULL },
- { "DHParameter", 1610612741, NULL },
- { "prime", 1073741827, NULL },
- { "base", 1073741827, NULL },
- { "privateValueLength", 16387, NULL },
- { "ECPoint", 1073741831, NULL },
- { "ECParameters", 1610612754, NULL },
- { "namedCurve", 12, NULL },
- { "ECPrivateKey", 536870917, NULL },
- { "Version", 1073741827, NULL },
- { "privateKey", 1073741831, NULL },
- { "parameters", 1610637314, "ECParameters"},
- { NULL, 2056, "0"},
- { "publicKey", 536895494, NULL },
- { NULL, 2056, "1"},
- { NULL, 0, NULL }
+ {"GNUTLS", 536872976, NULL},
+ {NULL, 1073741836, NULL},
+ {"RSAPublicKey", 1610612741, NULL},
+ {"modulus", 1073741827, NULL},
+ {"publicExponent", 3, NULL},
+ {"RSAPrivateKey", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"modulus", 1073741827, NULL},
+ {"publicExponent", 1073741827, NULL},
+ {"privateExponent", 1073741827, NULL},
+ {"prime1", 1073741827, NULL},
+ {"prime2", 1073741827, NULL},
+ {"exponent1", 1073741827, NULL},
+ {"exponent2", 1073741827, NULL},
+ {"coefficient", 1073741827, NULL},
+ {"otherPrimeInfos", 16386, "OtherPrimeInfos"},
+ {"OtherPrimeInfos", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "OtherPrimeInfo"},
+ {"OtherPrimeInfo", 1610612741, NULL},
+ {"prime", 1073741827, NULL},
+ {"exponent", 1073741827, NULL},
+ {"coefficient", 3, NULL},
+ {"AlgorithmIdentifier", 1610612741, NULL},
+ {"algorithm", 1073741836, NULL},
+ {"parameters", 541081613, NULL},
+ {"algorithm", 1, NULL},
+ {"DigestInfo", 1610612741, NULL},
+ {"digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
+ {"digest", 2, "Digest"},
+ {"DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
+ {"Digest", 1073741831, NULL},
+ {"DSAPublicKey", 1073741827, NULL},
+ {"DSAParameters", 1610612741, NULL},
+ {"p", 1073741827, NULL},
+ {"q", 1073741827, NULL},
+ {"g", 3, NULL},
+ {"DSASignatureValue", 1610612741, NULL},
+ {"r", 1073741827, NULL},
+ {"s", 3, NULL},
+ {"DSAPrivateKey", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"p", 1073741827, NULL},
+ {"q", 1073741827, NULL},
+ {"g", 1073741827, NULL},
+ {"Y", 1073741827, NULL},
+ {"priv", 3, NULL},
+ {"DHParameter", 1610612741, NULL},
+ {"prime", 1073741827, NULL},
+ {"base", 1073741827, NULL},
+ {"privateValueLength", 16387, NULL},
+ {"ECPoint", 1073741831, NULL},
+ {"ECParameters", 1610612754, NULL},
+ {"namedCurve", 12, NULL},
+ {"ECPrivateKey", 536870917, NULL},
+ {"Version", 1073741827, NULL},
+ {"privateKey", 1073741831, NULL},
+ {"parameters", 1610637314, "ECParameters"},
+ {NULL, 2056, "0"},
+ {"publicKey", 536895494, NULL},
+ {NULL, 2056, "1"},
+ {NULL, 0, NULL}
};
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 24df4579fb..106739d41d 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -41,21 +41,18 @@
*
* Clears all the credentials previously set in this session.
**/
-void
-gnutls_credentials_clear (gnutls_session_t session)
+void gnutls_credentials_clear(gnutls_session_t session)
{
- if (session->key.cred)
- { /* beginning of the list */
- auth_cred_st *ccred, *ncred;
- ccred = session->key.cred;
- while (ccred != NULL)
- {
- ncred = ccred->next;
- gnutls_free (ccred);
- ccred = ncred;
- }
- session->key.cred = NULL;
- }
+ if (session->key.cred) { /* beginning of the list */
+ auth_cred_st *ccred, *ncred;
+ ccred = session->key.cred;
+ while (ccred != NULL) {
+ ncred = ccred->next;
+ gnutls_free(ccred);
+ ccred = ncred;
+ }
+ session->key.cred = NULL;
+ }
}
/*
@@ -93,62 +90,54 @@ gnutls_credentials_clear (gnutls_session_t session)
* otherwise a negative error code is returned.
**/
int
-gnutls_credentials_set (gnutls_session_t session,
- gnutls_credentials_type_t type, void *cred)
+gnutls_credentials_set(gnutls_session_t session,
+ gnutls_credentials_type_t type, void *cred)
{
- auth_cred_st *ccred = NULL, *pcred = NULL;
- int exists = 0;
-
- if (session->key.cred == NULL)
- { /* beginning of the list */
-
- session->key.cred = gnutls_malloc (sizeof (auth_cred_st));
- if (session->key.cred == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- /* copy credentials locally */
- session->key.cred->credentials = cred;
-
- session->key.cred->next = NULL;
- session->key.cred->algorithm = type;
- }
- else
- {
- ccred = session->key.cred;
- while (ccred != NULL)
- {
- if (ccred->algorithm == type)
- {
- exists = 1;
- break;
- }
- pcred = ccred;
- ccred = ccred->next;
- }
- /* After this, pcred is not null.
- */
-
- if (exists == 0)
- { /* new entry */
- pcred->next = gnutls_malloc (sizeof (auth_cred_st));
- if (pcred->next == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ccred = pcred->next;
-
- /* copy credentials locally */
- ccred->credentials = cred;
-
- ccred->next = NULL;
- ccred->algorithm = type;
- }
- else
- { /* modify existing entry */
- ccred->credentials = cred;
- }
- }
-
- return 0;
+ auth_cred_st *ccred = NULL, *pcred = NULL;
+ int exists = 0;
+
+ if (session->key.cred == NULL) { /* beginning of the list */
+
+ session->key.cred = gnutls_malloc(sizeof(auth_cred_st));
+ if (session->key.cred == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ /* copy credentials locally */
+ session->key.cred->credentials = cred;
+
+ session->key.cred->next = NULL;
+ session->key.cred->algorithm = type;
+ } else {
+ ccred = session->key.cred;
+ while (ccred != NULL) {
+ if (ccred->algorithm == type) {
+ exists = 1;
+ break;
+ }
+ pcred = ccred;
+ ccred = ccred->next;
+ }
+ /* After this, pcred is not null.
+ */
+
+ if (exists == 0) { /* new entry */
+ pcred->next = gnutls_malloc(sizeof(auth_cred_st));
+ if (pcred->next == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ccred = pcred->next;
+
+ /* copy credentials locally */
+ ccred->credentials = cred;
+
+ ccred->next = NULL;
+ ccred->algorithm = type;
+ } else { /* modify existing entry */
+ ccred->credentials = cred;
+ }
+ }
+
+ return 0;
}
/**
@@ -166,19 +155,18 @@ gnutls_credentials_set (gnutls_session_t session,
* Returns: The type of credentials for the current authentication
* schema, a #gnutls_credentials_type_t type.
**/
-gnutls_credentials_type_t
-gnutls_auth_get_type (gnutls_session_t session)
+gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session)
{
/* This is not the credentials we must set, but the authentication data
* we get by the peer, so it should be reversed.
*/
- int server = session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1;
- return
- _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite),
- server);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite), server);
}
/**
@@ -193,12 +181,12 @@ gnutls_auth_get_type (gnutls_session_t session)
* schema, a #gnutls_credentials_type_t type.
**/
gnutls_credentials_type_t
-gnutls_auth_server_get_type (gnutls_session_t session)
+gnutls_auth_server_get_type(gnutls_session_t session)
{
- return
- _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite), 1);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite), 1);
}
/**
@@ -213,12 +201,12 @@ gnutls_auth_server_get_type (gnutls_session_t session)
* schema, a #gnutls_credentials_type_t type.
**/
gnutls_credentials_type_t
-gnutls_auth_client_get_type (gnutls_session_t session)
+gnutls_auth_client_get_type(gnutls_session_t session)
{
- return
- _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite), 0);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite), 0);
}
@@ -226,43 +214,42 @@ gnutls_auth_client_get_type (gnutls_session_t session)
* This returns a pointer to the linked list. Don't
* free that!!!
*/
-const void *
-_gnutls_get_kx_cred (gnutls_session_t session,
- gnutls_kx_algorithm_t algo, int *err)
+const void *_gnutls_get_kx_cred(gnutls_session_t session,
+ gnutls_kx_algorithm_t algo, int *err)
{
- int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
- return _gnutls_get_cred (session,
- _gnutls_map_kx_get_cred (algo, server), err);
+ return _gnutls_get_cred(session,
+ _gnutls_map_kx_get_cred(algo, server),
+ err);
}
-const void *
-_gnutls_get_cred (gnutls_session_t session, gnutls_credentials_type_t type, int *err)
+const void *_gnutls_get_cred(gnutls_session_t session,
+ gnutls_credentials_type_t type, int *err)
{
- const void *retval = NULL;
- int _err = -1;
- auth_cred_st *ccred;
- gnutls_key_st * key = &session->key;
-
- ccred = key->cred;
- while (ccred != NULL)
- {
- if (ccred->algorithm == type)
- {
- break;
- }
- ccred = ccred->next;
- }
- if (ccred == NULL)
- goto out;
-
- _err = 0;
- retval = ccred->credentials;
-
-out:
- if (err != NULL)
- *err = _err;
- return retval;
+ const void *retval = NULL;
+ int _err = -1;
+ auth_cred_st *ccred;
+ gnutls_key_st *key = &session->key;
+
+ ccred = key->cred;
+ while (ccred != NULL) {
+ if (ccred->algorithm == type) {
+ break;
+ }
+ ccred = ccred->next;
+ }
+ if (ccred == NULL)
+ goto out;
+
+ _err = 0;
+ retval = ccred->credentials;
+
+ out:
+ if (err != NULL)
+ *err = _err;
+ return retval;
}
/*-
@@ -278,10 +265,9 @@ out:
* In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
* In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
-*/
-void *
-_gnutls_get_auth_info (gnutls_session_t session)
+void *_gnutls_get_auth_info(gnutls_session_t session)
{
- return session->key.auth_info;
+ return session->key.auth_info;
}
/*-
@@ -292,75 +278,76 @@ _gnutls_get_auth_info (gnutls_session_t session)
* null. It must be called since some structures contain malloced
* elements.
-*/
-void
-_gnutls_free_auth_info (gnutls_session_t session)
+void _gnutls_free_auth_info(gnutls_session_t session)
{
- dh_info_st *dh_info;
-
- if (session == NULL)
- {
- gnutls_assert ();
- return;
- }
-
- switch (session->key.auth_info_type)
- {
- case GNUTLS_CRD_SRP:
- break;
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info = _gnutls_get_auth_info (session);
-
- if (info == NULL)
- break;
-
- dh_info = &info->dh;
- _gnutls_free_dh_info (dh_info);
- }
- break;
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info = _gnutls_get_auth_info (session);
-
- if (info == NULL)
- break;
-
- dh_info = &info->dh;
- _gnutls_free_dh_info (dh_info);
- }
- break;
- case GNUTLS_CRD_CERTIFICATE:
- {
- unsigned int i;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
-
- if (info == NULL)
- break;
-
- dh_info = &info->dh;
- for (i = 0; i < info->ncerts; i++)
- {
- _gnutls_free_datum (&info->raw_certificate_list[i]);
- }
-
- gnutls_free (info->raw_certificate_list);
- info->raw_certificate_list = NULL;
- info->ncerts = 0;
-
- _gnutls_free_dh_info (dh_info);
- }
-
-
- break;
- default:
- return;
-
- }
-
- gnutls_free (session->key.auth_info);
- session->key.auth_info = NULL;
- session->key.auth_info_size = 0;
- session->key.auth_info_type = 0;
+ dh_info_st *dh_info;
+
+ if (session == NULL) {
+ gnutls_assert();
+ return;
+ }
+
+ switch (session->key.auth_info_type) {
+ case GNUTLS_CRD_SRP:
+ break;
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info =
+ _gnutls_get_auth_info(session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ _gnutls_free_dh_info(dh_info);
+ }
+ break;
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info =
+ _gnutls_get_auth_info(session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ _gnutls_free_dh_info(dh_info);
+ }
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ unsigned int i;
+ cert_auth_info_t info =
+ _gnutls_get_auth_info(session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ for (i = 0; i < info->ncerts; i++) {
+ _gnutls_free_datum(&info->
+ raw_certificate_list
+ [i]);
+ }
+
+ gnutls_free(info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
+
+ _gnutls_free_dh_info(dh_info);
+ }
+
+
+ break;
+ default:
+ return;
+
+ }
+
+ gnutls_free(session->key.auth_info);
+ session->key.auth_info = NULL;
+ session->key.auth_info_size = 0;
+ session->key.auth_info_type = 0;
}
@@ -370,61 +357,53 @@ _gnutls_free_auth_info (gnutls_session_t session)
* info structure to a different type.
*/
int
-_gnutls_auth_info_set (gnutls_session_t session,
- gnutls_credentials_type_t type, int size,
- int allow_change)
+_gnutls_auth_info_set(gnutls_session_t session,
+ gnutls_credentials_type_t type, int size,
+ int allow_change)
{
- if (session->key.auth_info == NULL)
- {
- session->key.auth_info = gnutls_calloc (1, size);
- if (session->key.auth_info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- session->key.auth_info_type = type;
- session->key.auth_info_size = size;
- }
- else
- {
- if (allow_change == 0)
- {
- /* If the credentials for the current authentication scheme,
- * are not the one we want to set, then it's an error.
- * This may happen if a rehandshake is performed an the
- * ciphersuite which is negotiated has different authentication
- * schema.
- */
- if (gnutls_auth_get_type (session) != session->key.auth_info_type)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
- else
- {
- /* The new behaviour: Here we reallocate the auth info structure
- * in order to be able to negotiate different authentication
- * types. Ie. perform an auth_anon and then authenticate again using a
- * certificate (in order to prevent revealing the certificate's contents,
- * to passive eavesdropers.
- */
- if (gnutls_auth_get_type (session) != session->key.auth_info_type)
- {
-
- _gnutls_free_auth_info (session);
-
- session->key.auth_info = calloc (1, size);
- if (session->key.auth_info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- session->key.auth_info_type = type;
- session->key.auth_info_size = size;
- }
- }
- }
- return 0;
+ if (session->key.auth_info == NULL) {
+ session->key.auth_info = gnutls_calloc(1, size);
+ if (session->key.auth_info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ session->key.auth_info_type = type;
+ session->key.auth_info_size = size;
+ } else {
+ if (allow_change == 0) {
+ /* If the credentials for the current authentication scheme,
+ * are not the one we want to set, then it's an error.
+ * This may happen if a rehandshake is performed an the
+ * ciphersuite which is negotiated has different authentication
+ * schema.
+ */
+ if (gnutls_auth_get_type(session) !=
+ session->key.auth_info_type) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ } else {
+ /* The new behaviour: Here we reallocate the auth info structure
+ * in order to be able to negotiate different authentication
+ * types. Ie. perform an auth_anon and then authenticate again using a
+ * certificate (in order to prevent revealing the certificate's contents,
+ * to passive eavesdropers.
+ */
+ if (gnutls_auth_get_type(session) !=
+ session->key.auth_info_type) {
+
+ _gnutls_free_auth_info(session);
+
+ session->key.auth_info = calloc(1, size);
+ if (session->key.auth_info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ session->key.auth_info_type = type;
+ session->key.auth_info_size = size;
+ }
+ }
+ }
+ return 0;
}
diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h
index 09fa2672b8..31c1b5efc4 100644
--- a/lib/gnutls_auth.h
+++ b/lib/gnutls_auth.h
@@ -25,35 +25,41 @@
#include <gnutls_str.h>
-typedef struct mod_auth_st_int
-{
- const char *name; /* null terminated */
- int (*gnutls_generate_server_certificate) (gnutls_session_t, gnutls_buffer_st*);
- int (*gnutls_generate_client_certificate) (gnutls_session_t, gnutls_buffer_st*);
- int (*gnutls_generate_server_kx) (gnutls_session_t, gnutls_buffer_st*);
- int (*gnutls_generate_client_kx) (gnutls_session_t, gnutls_buffer_st*); /* used in SRP */
- int (*gnutls_generate_client_crt_vrfy) (gnutls_session_t, gnutls_buffer_st *);
- int (*gnutls_generate_server_crt_request) (gnutls_session_t,
- gnutls_buffer_st *);
+typedef struct mod_auth_st_int {
+ const char *name; /* null terminated */
+ int (*gnutls_generate_server_certificate) (gnutls_session_t,
+ gnutls_buffer_st *);
+ int (*gnutls_generate_client_certificate) (gnutls_session_t,
+ gnutls_buffer_st *);
+ int (*gnutls_generate_server_kx) (gnutls_session_t,
+ gnutls_buffer_st *);
+ int (*gnutls_generate_client_kx) (gnutls_session_t, gnutls_buffer_st *); /* used in SRP */
+ int (*gnutls_generate_client_crt_vrfy) (gnutls_session_t,
+ gnutls_buffer_st *);
+ int (*gnutls_generate_server_crt_request) (gnutls_session_t,
+ gnutls_buffer_st *);
- int (*gnutls_process_server_certificate) (gnutls_session_t, uint8_t *,
- size_t);
- int (*gnutls_process_client_certificate) (gnutls_session_t, uint8_t *,
- size_t);
- int (*gnutls_process_server_kx) (gnutls_session_t, uint8_t *, size_t);
- int (*gnutls_process_client_kx) (gnutls_session_t, uint8_t *, size_t);
- int (*gnutls_process_client_crt_vrfy) (gnutls_session_t, uint8_t *, size_t);
- int (*gnutls_process_server_crt_request) (gnutls_session_t,
- uint8_t *, size_t);
+ int (*gnutls_process_server_certificate) (gnutls_session_t,
+ uint8_t *, size_t);
+ int (*gnutls_process_client_certificate) (gnutls_session_t,
+ uint8_t *, size_t);
+ int (*gnutls_process_server_kx) (gnutls_session_t, uint8_t *,
+ size_t);
+ int (*gnutls_process_client_kx) (gnutls_session_t, uint8_t *,
+ size_t);
+ int (*gnutls_process_client_crt_vrfy) (gnutls_session_t, uint8_t *,
+ size_t);
+ int (*gnutls_process_server_crt_request) (gnutls_session_t,
+ uint8_t *, size_t);
} mod_auth_st;
-const void *_gnutls_get_cred (gnutls_session_t session,
- gnutls_credentials_type_t kx, int *err);
-const void *_gnutls_get_kx_cred (gnutls_session_t session,
- gnutls_kx_algorithm_t algo, int *err);
-void *_gnutls_get_auth_info (gnutls_session_t session);
-int _gnutls_auth_info_set (gnutls_session_t session,
- gnutls_credentials_type_t type, int size,
- int allow_change);
+const void *_gnutls_get_cred(gnutls_session_t session,
+ gnutls_credentials_type_t kx, int *err);
+const void *_gnutls_get_kx_cred(gnutls_session_t session,
+ gnutls_kx_algorithm_t algo, int *err);
+void *_gnutls_get_auth_info(gnutls_session_t session);
+int _gnutls_auth_info_set(gnutls_session_t session,
+ gnutls_credentials_type_t type, int size,
+ int allow_change);
#endif
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index a327bbd981..50d0f52ca1 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -48,8 +48,8 @@
#include <gnutls_state.h>
#include <gnutls_dtls.h>
#include <system.h>
-#include <gnutls_constate.h> /* gnutls_epoch_get */
-#include <gnutls_handshake.h> /* remaining_time() */
+#include <gnutls_constate.h> /* gnutls_epoch_get */
+#include <gnutls_handshake.h> /* remaining_time() */
#include <errno.h>
#include <system.h>
#include "debug.h"
@@ -66,18 +66,19 @@
* HANDSHAKE DATA and HEARTBEAT.
*/
int
-_gnutls_record_buffer_put (gnutls_session_t session,
- content_type_t type, uint64* seq, mbuffer_st* bufel)
+_gnutls_record_buffer_put(gnutls_session_t session,
+ content_type_t type, uint64 * seq,
+ mbuffer_st * bufel)
{
- bufel->type = type;
- memcpy(&bufel->record_sequence, seq, sizeof(*seq));
+ bufel->type = type;
+ memcpy(&bufel->record_sequence, seq, sizeof(*seq));
- _mbuffer_enqueue(&session->internals.record_buffer, bufel);
- _gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n",
- (int) bufel->msg.size, (int) type);
+ _mbuffer_enqueue(&session->internals.record_buffer, bufel);
+ _gnutls_buffers_log("BUF[REC]: Inserted %d bytes of Data(%d)\n",
+ (int) bufel->msg.size, (int) type);
- return 0;
+ return 0;
}
/**
@@ -91,278 +92,269 @@ _gnutls_record_buffer_put (gnutls_session_t session,
*
* Returns: Returns the size of the data or zero.
**/
-size_t
-gnutls_record_check_pending (gnutls_session_t session)
+size_t gnutls_record_check_pending(gnutls_session_t session)
{
- return _gnutls_record_buffer_get_size (session);
+ return _gnutls_record_buffer_get_size(session);
}
int
-_gnutls_record_buffer_get (content_type_t type,
- gnutls_session_t session, uint8_t * data,
- size_t length, uint8_t seq[8])
+_gnutls_record_buffer_get(content_type_t type,
+ gnutls_session_t session, uint8_t * data,
+ size_t length, uint8_t seq[8])
{
-gnutls_datum_t msg;
-mbuffer_st* bufel;
-
- if (length == 0 || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- bufel = _mbuffer_head_get_first(&session->internals.record_buffer, &msg);
- if (bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- if (type != bufel->type)
- {
- if (IS_DTLS(session))
- _gnutls_audit_log(session, "Discarded unexpected %s (%d) packet (expecting: %s (%d))\n",
- _gnutls_packet2str(bufel->type), (int)bufel->type,
- _gnutls_packet2str(type), (int)type);
- _mbuffer_head_remove_bytes(&session->internals.record_buffer, msg.size);
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- }
-
- if (msg.size <= length)
- length = msg.size;
-
- if (seq)
- memcpy(seq, bufel->record_sequence.i, 8);
-
- memcpy(data, msg.data, length);
- _mbuffer_head_remove_bytes(&session->internals.record_buffer, length);
-
- return length;
+ gnutls_datum_t msg;
+ mbuffer_st *bufel;
+
+ if (length == 0 || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ bufel =
+ _mbuffer_head_get_first(&session->internals.record_buffer,
+ &msg);
+ if (bufel == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ if (type != bufel->type) {
+ if (IS_DTLS(session))
+ _gnutls_audit_log(session,
+ "Discarded unexpected %s (%d) packet (expecting: %s (%d))\n",
+ _gnutls_packet2str(bufel->type),
+ (int) bufel->type,
+ _gnutls_packet2str(type),
+ (int) type);
+ _mbuffer_head_remove_bytes(&session->internals.
+ record_buffer, msg.size);
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+ }
+
+ if (msg.size <= length)
+ length = msg.size;
+
+ if (seq)
+ memcpy(seq, bufel->record_sequence.i, 8);
+
+ memcpy(data, msg.data, length);
+ _mbuffer_head_remove_bytes(&session->internals.record_buffer,
+ length);
+
+ return length;
}
-inline static void
-reset_errno (gnutls_session_t session)
+inline static void reset_errno(gnutls_session_t session)
{
- session->internals.errnum = 0;
+ session->internals.errnum = 0;
}
-inline static int
-get_errno (gnutls_session_t session)
+inline static int get_errno(gnutls_session_t session)
{
-int ret;
-
- if (session->internals.errnum != 0)
- ret = session->internals.errnum;
- else
- ret = session->internals.errno_func (session->
- internals.transport_recv_ptr);
- return ret;
+ int ret;
+
+ if (session->internals.errnum != 0)
+ ret = session->internals.errnum;
+ else
+ ret =
+ session->internals.errno_func(session->internals.
+ transport_recv_ptr);
+ return ret;
}
-inline static
+inline static
int errno_to_gerr(int err)
{
- switch(err)
- {
- case EAGAIN:
- return GNUTLS_E_AGAIN;
- case EINTR:
- return GNUTLS_E_INTERRUPTED;
- case EMSGSIZE:
- return GNUTLS_E_LARGE_PACKET;
- default:
- gnutls_assert ();
- return GNUTLS_E_PUSH_ERROR;
- }
+ switch (err) {
+ case EAGAIN:
+ return GNUTLS_E_AGAIN;
+ case EINTR:
+ return GNUTLS_E_INTERRUPTED;
+ case EMSGSIZE:
+ return GNUTLS_E_LARGE_PACKET;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_PUSH_ERROR;
+ }
}
static ssize_t
-_gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
- gnutls_pull_func pull_func, unsigned int *ms)
+_gnutls_dgram_read(gnutls_session_t session, mbuffer_st ** bufel,
+ gnutls_pull_func pull_func, unsigned int *ms)
{
- ssize_t i, ret;
- uint8_t *ptr;
- struct timespec t1, t2;
- size_t max_size = get_max_decrypted_data(session);
- size_t recv_size = MAX_RECV_SIZE(session);
- gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
- unsigned int diff;
-
- if (recv_size > max_size)
- recv_size = max_size;
-
- session->internals.direction = 0;
-
- if (ms && *ms > 0)
- {
- ret = _gnutls_io_check_recv(session, *ms);
- if (ret < 0)
- return gnutls_assert_val(ret);
- gettime(&t1);
- }
-
- *bufel = _mbuffer_alloc (0, max_size);
- if (*bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ptr = (*bufel)->msg.data;
-
- reset_errno (session);
- i = pull_func (fd, ptr, recv_size);
-
- if (i < 0)
- {
- int err = get_errno (session);
-
- _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
- (int) i, fd, errno, session->internals.errnum);
-
- ret = errno_to_gerr(err);
- goto cleanup;
- }
- else
- {
- _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd);
- if (i == 0)
- {
- /* If we get here, we likely have a stream socket.
- * FIXME: this probably breaks DCCP. */
- gnutls_assert ();
- ret = 0;
- goto cleanup;
- }
-
- _mbuffer_set_udata_size (*bufel, i);
- }
-
- if (ms && *ms > 0)
- {
- gettime(&t2);
- diff = timespec_sub_ms(&t2, &t1);
- if (diff < *ms)
- *ms -= diff;
- else
- {
- ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- goto cleanup;
- }
- }
-
- _gnutls_read_log ("READ: read %d bytes from %p\n", (int) i, fd);
-
- return i;
-
-cleanup:
- _mbuffer_xfree(bufel);
- return ret;
+ ssize_t i, ret;
+ uint8_t *ptr;
+ struct timespec t1, t2;
+ size_t max_size = get_max_decrypted_data(session);
+ size_t recv_size = MAX_RECV_SIZE(session);
+ gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
+ unsigned int diff;
+
+ if (recv_size > max_size)
+ recv_size = max_size;
+
+ session->internals.direction = 0;
+
+ if (ms && *ms > 0) {
+ ret = _gnutls_io_check_recv(session, *ms);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ gettime(&t1);
+ }
+
+ *bufel = _mbuffer_alloc(0, max_size);
+ if (*bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ptr = (*bufel)->msg.data;
+
+ reset_errno(session);
+ i = pull_func(fd, ptr, recv_size);
+
+ if (i < 0) {
+ int err = get_errno(session);
+
+ _gnutls_read_log
+ ("READ: %d returned from %p, errno=%d gerrno=%d\n",
+ (int) i, fd, errno, session->internals.errnum);
+
+ ret = errno_to_gerr(err);
+ goto cleanup;
+ } else {
+ _gnutls_read_log("READ: Got %d bytes from %p\n", (int) i,
+ fd);
+ if (i == 0) {
+ /* If we get here, we likely have a stream socket.
+ * FIXME: this probably breaks DCCP. */
+ gnutls_assert();
+ ret = 0;
+ goto cleanup;
+ }
+
+ _mbuffer_set_udata_size(*bufel, i);
+ }
+
+ if (ms && *ms > 0) {
+ gettime(&t2);
+ diff = timespec_sub_ms(&t2, &t1);
+ if (diff < *ms)
+ *ms -= diff;
+ else {
+ ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ goto cleanup;
+ }
+ }
+
+ _gnutls_read_log("READ: read %d bytes from %p\n", (int) i, fd);
+
+ return i;
+
+ cleanup:
+ _mbuffer_xfree(bufel);
+ return ret;
}
static ssize_t
-_gnutls_stream_read (gnutls_session_t session, mbuffer_st **bufel,
- size_t size, gnutls_pull_func pull_func, unsigned int *ms)
+_gnutls_stream_read(gnutls_session_t session, mbuffer_st ** bufel,
+ size_t size, gnutls_pull_func pull_func,
+ unsigned int *ms)
{
- size_t left;
- ssize_t i = 0;
- size_t max_size = get_max_decrypted_data(session);
- uint8_t *ptr;
- gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
- int ret;
- struct timespec t1, t2;
- unsigned int diff;
-
- session->internals.direction = 0;
-
- *bufel = _mbuffer_alloc (0, MAX(max_size, size));
- if (!*bufel)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- ptr = (*bufel)->msg.data;
-
- left = size;
- while (left > 0)
- {
- if (ms && *ms > 0)
- {
- ret = _gnutls_io_check_recv(session, *ms);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- gettime(&t1);
- }
-
- reset_errno (session);
-
- i = pull_func (fd, &ptr[size - left], left);
-
- if (i < 0)
- {
- int err = get_errno (session);
-
- _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
- (int) i, fd, errno, session->internals.errnum);
-
- if (err == EAGAIN || err == EINTR)
- {
- if (size - left > 0)
- {
-
- _gnutls_read_log ("READ: returning %d bytes from %p\n",
- (int) (size - left), fd);
-
- goto finish;
- }
-
- ret = errno_to_gerr(err);
- goto cleanup;
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_PULL_ERROR;
- goto cleanup;
- }
- }
- else
- {
-
- _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd);
-
- if (i == 0)
- break; /* EOF */
- }
-
- left -= i;
- (*bufel)->msg.size += i;
-
- if (ms && *ms > 0)
- {
- gettime(&t2);
- diff = timespec_sub_ms(&t2, &t1);
- if (diff < *ms)
- *ms -= diff;
- else
- {
- ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- goto cleanup;
- }
- }
- }
-
-finish:
-
- _gnutls_read_log ("READ: read %d bytes from %p\n",
- (int) (size - left), fd);
-
- if (size - left == 0)
- _mbuffer_xfree(bufel);
-
- return (size - left);
-
-cleanup:
- _mbuffer_xfree(bufel);
- return ret;
+ size_t left;
+ ssize_t i = 0;
+ size_t max_size = get_max_decrypted_data(session);
+ uint8_t *ptr;
+ gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
+ int ret;
+ struct timespec t1, t2;
+ unsigned int diff;
+
+ session->internals.direction = 0;
+
+ *bufel = _mbuffer_alloc(0, MAX(max_size, size));
+ if (!*bufel) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ ptr = (*bufel)->msg.data;
+
+ left = size;
+ while (left > 0) {
+ if (ms && *ms > 0) {
+ ret = _gnutls_io_check_recv(session, *ms);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ gettime(&t1);
+ }
+
+ reset_errno(session);
+
+ i = pull_func(fd, &ptr[size - left], left);
+
+ if (i < 0) {
+ int err = get_errno(session);
+
+ _gnutls_read_log
+ ("READ: %d returned from %p, errno=%d gerrno=%d\n",
+ (int) i, fd, errno,
+ session->internals.errnum);
+
+ if (err == EAGAIN || err == EINTR) {
+ if (size - left > 0) {
+
+ _gnutls_read_log
+ ("READ: returning %d bytes from %p\n",
+ (int) (size - left), fd);
+
+ goto finish;
+ }
+
+ ret = errno_to_gerr(err);
+ goto cleanup;
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_PULL_ERROR;
+ goto cleanup;
+ }
+ } else {
+
+ _gnutls_read_log("READ: Got %d bytes from %p\n",
+ (int) i, fd);
+
+ if (i == 0)
+ break; /* EOF */
+ }
+
+ left -= i;
+ (*bufel)->msg.size += i;
+
+ if (ms && *ms > 0) {
+ gettime(&t2);
+ diff = timespec_sub_ms(&t2, &t1);
+ if (diff < *ms)
+ *ms -= diff;
+ else {
+ ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ goto cleanup;
+ }
+ }
+ }
+
+ finish:
+
+ _gnutls_read_log("READ: read %d bytes from %p\n",
+ (int) (size - left), fd);
+
+ if (size - left == 0)
+ _mbuffer_xfree(bufel);
+
+ return (size - left);
+
+ cleanup:
+ _mbuffer_xfree(bufel);
+ return ret;
}
@@ -372,66 +364,68 @@ cleanup:
* Flags are only used if the default recv() function is being used.
*/
static ssize_t
-_gnutls_read (gnutls_session_t session, mbuffer_st **bufel,
- size_t size, gnutls_pull_func pull_func, unsigned int *ms)
+_gnutls_read(gnutls_session_t session, mbuffer_st ** bufel,
+ size_t size, gnutls_pull_func pull_func, unsigned int *ms)
{
- if (IS_DTLS (session))
- /* Size is not passed, since a whole datagram will be read. */
- return _gnutls_dgram_read (session, bufel, pull_func, ms);
- else
- return _gnutls_stream_read (session, bufel, size, pull_func, ms);
+ if (IS_DTLS(session))
+ /* Size is not passed, since a whole datagram will be read. */
+ return _gnutls_dgram_read(session, bufel, pull_func, ms);
+ else
+ return _gnutls_stream_read(session, bufel, size, pull_func,
+ ms);
}
static ssize_t
-_gnutls_writev_emu (gnutls_session_t session, gnutls_transport_ptr_t fd, const giovec_t * giovec,
- unsigned int giovec_cnt)
+_gnutls_writev_emu(gnutls_session_t session, gnutls_transport_ptr_t fd,
+ const giovec_t * giovec, unsigned int giovec_cnt)
{
- unsigned int j = 0;
- size_t total = 0;
- ssize_t ret = 0;
+ unsigned int j = 0;
+ size_t total = 0;
+ ssize_t ret = 0;
- for (j = 0; j < giovec_cnt; j++)
- {
- ret = session->internals.push_func (fd, giovec[j].iov_base, giovec[j].iov_len);
+ for (j = 0; j < giovec_cnt; j++) {
+ ret =
+ session->internals.push_func(fd, giovec[j].iov_base,
+ giovec[j].iov_len);
- if (ret == -1)
- break;
+ if (ret == -1)
+ break;
- total += ret;
+ total += ret;
- if ((size_t)ret != giovec[j].iov_len)
- break;
- }
+ if ((size_t) ret != giovec[j].iov_len)
+ break;
+ }
- if (total > 0)
- return total;
+ if (total > 0)
+ return total;
- return ret;
+ return ret;
}
static ssize_t
-_gnutls_writev (gnutls_session_t session, const giovec_t * giovec,
- int giovec_cnt)
+_gnutls_writev(gnutls_session_t session, const giovec_t * giovec,
+ int giovec_cnt)
{
- int i;
- gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
+ int i;
+ gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
- reset_errno (session);
+ reset_errno(session);
- if (session->internals.push_func != NULL)
- i = _gnutls_writev_emu (session, fd, giovec, giovec_cnt);
- else
- i = session->internals.vec_push_func (fd, giovec, giovec_cnt);
+ if (session->internals.push_func != NULL)
+ i = _gnutls_writev_emu(session, fd, giovec, giovec_cnt);
+ else
+ i = session->internals.vec_push_func(fd, giovec,
+ giovec_cnt);
- if (i == -1)
- {
- int err = get_errno (session);
- _gnutls_debug_log ("errno: %d\n", err);
+ if (i == -1) {
+ int err = get_errno(session);
+ _gnutls_debug_log("errno: %d\n", err);
- return errno_to_gerr(err);
- }
- return i;
+ return errno_to_gerr(err);
+ }
+ return i;
}
/*
@@ -450,91 +444,92 @@ _gnutls_writev (gnutls_session_t session, const giovec_t * giovec,
*
*/
ssize_t
-_gnutls_io_read_buffered (gnutls_session_t session, size_t total,
- content_type_t recv_type, unsigned int *ms)
+_gnutls_io_read_buffered(gnutls_session_t session, size_t total,
+ content_type_t recv_type, unsigned int *ms)
{
- ssize_t ret;
- size_t min;
- mbuffer_st *bufel = NULL;
- size_t recvdata, readsize;
-
- if (total > MAX_RECV_SIZE(session) || total == 0)
- {
- gnutls_assert (); /* internal error */
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* calculate the actual size, ie. get the minimum of the
- * buffered data and the requested data.
- */
- min = MIN (session->internals.record_recv_buffer.byte_length, total);
- if (min > 0)
- {
- /* if we have enough buffered data
- * then just return them.
- */
- if (min == total)
- {
- return min;
- }
- }
-
- /* min is over zero. recvdata is the data we must
- * receive in order to return the requested data.
- */
- recvdata = total - min;
- readsize = recvdata;
-
- /* Check if the previously read data plus the new data to
- * receive are longer than the maximum receive buffer size.
- */
- if ((session->internals.record_recv_buffer.byte_length + recvdata) >
- MAX_RECV_SIZE(session))
- {
- gnutls_assert (); /* internal error */
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* READ DATA
- */
- if (readsize > 0)
- {
- ret =
- _gnutls_read (session, &bufel, readsize,
- session->internals.pull_func, ms);
-
- /* return immediately if we got an interrupt or eagain
- * error.
- */
- if (ret < 0)
- {
- return gnutls_assert_val(ret);
- }
-
- if (ret == 0) /* EOF */
- return gnutls_assert_val(0);
-
- /* copy fresh data to our buffer.
- */
- _gnutls_read_log
- ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
- (int) session->internals.record_recv_buffer.byte_length, (int) ret);
- _gnutls_read_log ("RB: Requested %d bytes\n", (int) total);
-
- _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
-
- if(IS_DTLS(session))
- ret = MIN(total, session->internals.record_recv_buffer.byte_length);
- else
- ret = session->internals.record_recv_buffer.byte_length;
-
- if ((ret > 0) && ((size_t) ret < total)) /* Short Read */
- return gnutls_assert_val(GNUTLS_E_AGAIN);
- else
- return ret;
- }
- else
- return gnutls_assert_val(0);
+ ssize_t ret;
+ size_t min;
+ mbuffer_st *bufel = NULL;
+ size_t recvdata, readsize;
+
+ if (total > MAX_RECV_SIZE(session) || total == 0) {
+ gnutls_assert(); /* internal error */
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* calculate the actual size, ie. get the minimum of the
+ * buffered data and the requested data.
+ */
+ min =
+ MIN(session->internals.record_recv_buffer.byte_length, total);
+ if (min > 0) {
+ /* if we have enough buffered data
+ * then just return them.
+ */
+ if (min == total) {
+ return min;
+ }
+ }
+
+ /* min is over zero. recvdata is the data we must
+ * receive in order to return the requested data.
+ */
+ recvdata = total - min;
+ readsize = recvdata;
+
+ /* Check if the previously read data plus the new data to
+ * receive are longer than the maximum receive buffer size.
+ */
+ if ((session->internals.record_recv_buffer.byte_length +
+ recvdata) > MAX_RECV_SIZE(session)) {
+ gnutls_assert(); /* internal error */
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* READ DATA
+ */
+ if (readsize > 0) {
+ ret =
+ _gnutls_read(session, &bufel, readsize,
+ session->internals.pull_func, ms);
+
+ /* return immediately if we got an interrupt or eagain
+ * error.
+ */
+ if (ret < 0) {
+ return gnutls_assert_val(ret);
+ }
+
+ if (ret == 0) /* EOF */
+ return gnutls_assert_val(0);
+
+ /* copy fresh data to our buffer.
+ */
+ _gnutls_read_log
+ ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
+ (int) session->internals.record_recv_buffer.
+ byte_length, (int) ret);
+ _gnutls_read_log("RB: Requested %d bytes\n", (int) total);
+
+ _mbuffer_enqueue(&session->internals.record_recv_buffer,
+ bufel);
+
+ if (IS_DTLS(session))
+ ret =
+ MIN(total,
+ session->internals.record_recv_buffer.
+ byte_length);
+ else
+ ret =
+ session->internals.record_recv_buffer.
+ byte_length;
+
+ if ((ret > 0) && ((size_t) ret < total)) /* Short Read */
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
+ else
+ return ret;
+ } else
+ return gnutls_assert_val(0);
}
/* This function is like write. But it does not return -1 on error.
@@ -551,106 +546,98 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
*
*/
ssize_t
-_gnutls_io_write_buffered (gnutls_session_t session,
- mbuffer_st * bufel, unsigned int mflag)
+_gnutls_io_write_buffered(gnutls_session_t session,
+ mbuffer_st * bufel, unsigned int mflag)
{
- mbuffer_head_st *const send_buffer = &session->internals.record_send_buffer;
+ mbuffer_head_st *const send_buffer =
+ &session->internals.record_send_buffer;
- /* to know where the procedure was interrupted.
- */
- session->internals.direction = 1;
+ /* to know where the procedure was interrupted.
+ */
+ session->internals.direction = 1;
- _mbuffer_enqueue (send_buffer, bufel);
+ _mbuffer_enqueue(send_buffer, bufel);
- _gnutls_write_log
- ("WRITE: enqueued %d bytes for %p. Total %d bytes.\n",
- (int) bufel->msg.size, session->internals.transport_recv_ptr,
- (int) send_buffer->byte_length);
+ _gnutls_write_log
+ ("WRITE: enqueued %d bytes for %p. Total %d bytes.\n",
+ (int) bufel->msg.size, session->internals.transport_recv_ptr,
+ (int) send_buffer->byte_length);
- if (mflag == MBUFFER_FLUSH)
- return _gnutls_io_write_flush (session);
- else
- return bufel->msg.size;
+ if (mflag == MBUFFER_FLUSH)
+ return _gnutls_io_write_flush(session);
+ else
+ return bufel->msg.size;
}
-typedef ssize_t (*send_func) (gnutls_session_t, const giovec_t *, int);
+typedef ssize_t(*send_func) (gnutls_session_t, const giovec_t *, int);
/* This function writes the data that are left in the
* TLS write buffer (ie. because the previous write was
* interrupted.
*/
-ssize_t
-_gnutls_io_write_flush (gnutls_session_t session)
+ssize_t _gnutls_io_write_flush(gnutls_session_t session)
{
- gnutls_datum_t msg;
- mbuffer_head_st *send_buffer = &session->internals.record_send_buffer;
- int ret;
- ssize_t sent = 0, tosend = 0;
- giovec_t iovec[MAX_QUEUE];
- int i = 0;
- mbuffer_st *cur;
-
- _gnutls_write_log ("WRITE FLUSH: %d bytes in buffer.\n",
- (int) send_buffer->byte_length);
-
- for (cur = _mbuffer_head_get_first (send_buffer, &msg);
- cur != NULL; cur = _mbuffer_head_get_next (cur, &msg))
- {
- iovec[i].iov_base = msg.data;
- iovec[i++].iov_len = msg.size;
- tosend += msg.size;
-
- /* we buffer up to MAX_QUEUE messages */
- if (i >= MAX_QUEUE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
-
- if (tosend == 0)
- {
- gnutls_assert();
- return 0;
- }
-
- ret = _gnutls_writev (session, iovec, i);
- if (ret >= 0)
- {
- _mbuffer_head_remove_bytes (send_buffer, ret);
- _gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
-
- sent += ret;
- }
- else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)
- {
- _gnutls_write_log ("WRITE interrupted: %d bytes left.\n",
- (int) send_buffer->byte_length);
- return ret;
- }
- else if (ret == GNUTLS_E_LARGE_PACKET)
- {
- _mbuffer_head_remove_bytes (send_buffer, tosend);
- _gnutls_write_log ("WRITE cannot send large packet (%u bytes).\n",
- (unsigned int) tosend);
- return ret;
- }
- else
- {
- _gnutls_write_log ("WRITE error: code %d, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
-
- gnutls_assert ();
- return ret;
- }
-
- if (sent < tosend)
- {
- return gnutls_assert_val(GNUTLS_E_AGAIN);
- }
-
- return sent;
+ gnutls_datum_t msg;
+ mbuffer_head_st *send_buffer =
+ &session->internals.record_send_buffer;
+ int ret;
+ ssize_t sent = 0, tosend = 0;
+ giovec_t iovec[MAX_QUEUE];
+ int i = 0;
+ mbuffer_st *cur;
+
+ _gnutls_write_log("WRITE FLUSH: %d bytes in buffer.\n",
+ (int) send_buffer->byte_length);
+
+ for (cur = _mbuffer_head_get_first(send_buffer, &msg);
+ cur != NULL; cur = _mbuffer_head_get_next(cur, &msg)) {
+ iovec[i].iov_base = msg.data;
+ iovec[i++].iov_len = msg.size;
+ tosend += msg.size;
+
+ /* we buffer up to MAX_QUEUE messages */
+ if (i >= MAX_QUEUE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
+ if (tosend == 0) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = _gnutls_writev(session, iovec, i);
+ if (ret >= 0) {
+ _mbuffer_head_remove_bytes(send_buffer, ret);
+ _gnutls_write_log
+ ("WRITE: wrote %d bytes, %d bytes left.\n", ret,
+ (int) send_buffer->byte_length);
+
+ sent += ret;
+ } else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
+ _gnutls_write_log("WRITE interrupted: %d bytes left.\n",
+ (int) send_buffer->byte_length);
+ return ret;
+ } else if (ret == GNUTLS_E_LARGE_PACKET) {
+ _mbuffer_head_remove_bytes(send_buffer, tosend);
+ _gnutls_write_log
+ ("WRITE cannot send large packet (%u bytes).\n",
+ (unsigned int) tosend);
+ return ret;
+ } else {
+ _gnutls_write_log("WRITE error: code %d, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ gnutls_assert();
+ return ret;
+ }
+
+ if (sent < tosend) {
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
+ }
+
+ return sent;
}
/* Checks whether there are received data within
@@ -659,30 +646,31 @@ _gnutls_io_write_flush (gnutls_session_t session)
* Returns 0 if data were received, GNUTLS_E_TIMEDOUT
* on timeout and a negative error code on error.
*/
-int
-_gnutls_io_check_recv (gnutls_session_t session, unsigned int ms)
+int _gnutls_io_check_recv(gnutls_session_t session, unsigned int ms)
{
- gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
- int ret = 0, err;
-
- if (unlikely(session->internals.pull_timeout_func == system_recv_timeout &&
- session->internals.pull_func != system_read))
- return gnutls_assert_val(GNUTLS_E_PULL_ERROR);
-
- reset_errno (session);
-
- ret = session->internals.pull_timeout_func(fd, ms);
- if (ret == -1)
- {
- err = get_errno (session);
- _gnutls_read_log ("READ_TIMEOUT: %d returned from %p, errno=%d (timeout: %u)\n",
- (int) ret, fd, err, ms);
- return errno_to_gerr(err);
- }
-
- if (ret > 0)
- return 0;
- else return GNUTLS_E_TIMEDOUT;
+ gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
+ int ret = 0, err;
+
+ if (unlikely
+ (session->internals.pull_timeout_func == system_recv_timeout
+ && session->internals.pull_func != system_read))
+ return gnutls_assert_val(GNUTLS_E_PULL_ERROR);
+
+ reset_errno(session);
+
+ ret = session->internals.pull_timeout_func(fd, ms);
+ if (ret == -1) {
+ err = get_errno(session);
+ _gnutls_read_log
+ ("READ_TIMEOUT: %d returned from %p, errno=%d (timeout: %u)\n",
+ (int) ret, fd, err, ms);
+ return errno_to_gerr(err);
+ }
+
+ if (ret > 0)
+ return 0;
+ else
+ return GNUTLS_E_TIMEDOUT;
}
/* HANDSHAKE buffers part
@@ -693,56 +681,53 @@ _gnutls_io_check_recv (gnutls_session_t session, unsigned int ms)
* interrupted.
*
*/
-ssize_t
-_gnutls_handshake_io_write_flush (gnutls_session_t session)
+ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session)
{
- mbuffer_head_st *const send_buffer =
- &session->internals.handshake_send_buffer;
- gnutls_datum_t msg;
- int ret;
- uint16_t epoch;
- ssize_t total = 0;
- mbuffer_st *cur;
-
- _gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n",
- (int) send_buffer->byte_length);
-
- if (IS_DTLS(session))
- return _dtls_transmit(session);
-
- for (cur = _mbuffer_head_get_first (send_buffer, &msg);
- cur != NULL; cur = _mbuffer_head_get_first (send_buffer, &msg))
- {
- epoch = cur->epoch;
-
- ret = _gnutls_send_int (session, cur->type,
- cur->htype,
- epoch,
- msg.data, msg.size, 0);
-
- if (ret >= 0)
- {
- total += ret;
-
- ret = _mbuffer_head_remove_bytes (send_buffer, ret);
- if (ret == 1)
- _gnutls_epoch_refcount_dec(session, epoch);
-
- _gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
-
- }
- else
- {
- _gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
-
- gnutls_assert ();
- return ret;
- }
- }
-
- return _gnutls_io_write_flush (session);
+ mbuffer_head_st *const send_buffer =
+ &session->internals.handshake_send_buffer;
+ gnutls_datum_t msg;
+ int ret;
+ uint16_t epoch;
+ ssize_t total = 0;
+ mbuffer_st *cur;
+
+ _gnutls_write_log("HWRITE FLUSH: %d bytes in buffer.\n",
+ (int) send_buffer->byte_length);
+
+ if (IS_DTLS(session))
+ return _dtls_transmit(session);
+
+ for (cur = _mbuffer_head_get_first(send_buffer, &msg);
+ cur != NULL; cur = _mbuffer_head_get_first(send_buffer, &msg))
+ {
+ epoch = cur->epoch;
+
+ ret = _gnutls_send_int(session, cur->type,
+ cur->htype,
+ epoch, msg.data, msg.size, 0);
+
+ if (ret >= 0) {
+ total += ret;
+
+ ret = _mbuffer_head_remove_bytes(send_buffer, ret);
+ if (ret == 1)
+ _gnutls_epoch_refcount_dec(session, epoch);
+
+ _gnutls_write_log
+ ("HWRITE: wrote %d bytes, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ } else {
+ _gnutls_write_log
+ ("HWRITE error: code %d, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ return _gnutls_io_write_flush(session);
}
@@ -751,275 +736,327 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session)
*
*/
int
-_gnutls_handshake_io_cache_int (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- mbuffer_st * bufel)
+_gnutls_handshake_io_cache_int(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ mbuffer_st * bufel)
{
- mbuffer_head_st * send_buffer;
-
- if (IS_DTLS(session))
- {
- bufel->handshake_sequence = session->internals.dtls.hsk_write_seq-1;
- }
-
- send_buffer =
- &session->internals.handshake_send_buffer;
-
- bufel->epoch = (uint16_t)_gnutls_epoch_refcount_inc(session, EPOCH_WRITE_CURRENT);
- bufel->htype = htype;
- if (bufel->htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC)
- bufel->type = GNUTLS_CHANGE_CIPHER_SPEC;
- else
- bufel->type = GNUTLS_HANDSHAKE;
-
- _mbuffer_enqueue (send_buffer, bufel);
-
- _gnutls_write_log
- ("HWRITE: enqueued [%s] %d. Total %d bytes.\n",
- _gnutls_handshake2str (bufel->htype), (int) bufel->msg.size, (int) send_buffer->byte_length);
-
- return 0;
+ mbuffer_head_st *send_buffer;
+
+ if (IS_DTLS(session)) {
+ bufel->handshake_sequence =
+ session->internals.dtls.hsk_write_seq - 1;
+ }
+
+ send_buffer = &session->internals.handshake_send_buffer;
+
+ bufel->epoch =
+ (uint16_t) _gnutls_epoch_refcount_inc(session,
+ EPOCH_WRITE_CURRENT);
+ bufel->htype = htype;
+ if (bufel->htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC)
+ bufel->type = GNUTLS_CHANGE_CIPHER_SPEC;
+ else
+ bufel->type = GNUTLS_HANDSHAKE;
+
+ _mbuffer_enqueue(send_buffer, bufel);
+
+ _gnutls_write_log
+ ("HWRITE: enqueued [%s] %d. Total %d bytes.\n",
+ _gnutls_handshake2str(bufel->htype), (int) bufel->msg.size,
+ (int) send_buffer->byte_length);
+
+ return 0;
}
-static int handshake_compare(const void* _e1, const void* _e2)
+static int handshake_compare(const void *_e1, const void *_e2)
{
-const handshake_buffer_st* e1 = _e1;
-const handshake_buffer_st* e2 = _e2;
+ const handshake_buffer_st *e1 = _e1;
+ const handshake_buffer_st *e2 = _e2;
- if (e1->sequence <= e2->sequence)
- return 1;
- else
- return -1;
+ if (e1->sequence <= e2->sequence)
+ return 1;
+ else
+ return -1;
}
#define SSL2_HEADERS 1
static int
-parse_handshake_header (gnutls_session_t session, mbuffer_st* bufel,
- handshake_buffer_st* hsk)
+parse_handshake_header(gnutls_session_t session, mbuffer_st * bufel,
+ handshake_buffer_st * hsk)
{
- uint8_t *dataptr = NULL; /* for realloc */
- size_t handshake_header_size = HANDSHAKE_HEADER_SIZE(session), data_size;
-
- /* Note: SSL2_HEADERS == 1 */
- if (_mbuffer_get_udata_size(bufel) < handshake_header_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- dataptr = _mbuffer_get_udata_ptr(bufel);
-
- /* if reading a client hello of SSLv2 */
- if (unlikely(!IS_DTLS(session) && bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2))
- {
- handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
-
- hsk->length = _mbuffer_get_udata_size(bufel) - handshake_header_size; /* we've read the first byte */
-
- if (dataptr[0] != GNUTLS_HANDSHAKE_CLIENT_HELLO)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
-
- hsk->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
-
- hsk->sequence = 0;
- hsk->start_offset = 0;
- hsk->end_offset = hsk->length;
- }
- else /* TLS or DTLS handshake headers */
- {
-
- hsk->htype = dataptr[0];
-
- /* we do not use DECR_LEN because we know
- * that the packet has enough data.
- */
- hsk->length = _gnutls_read_uint24 (&dataptr[1]);
- handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
-
- if (IS_DTLS(session))
- {
- hsk->sequence = _gnutls_read_uint16 (&dataptr[4]);
- hsk->start_offset = _gnutls_read_uint24 (&dataptr[6]);
- hsk->end_offset = hsk->start_offset + _gnutls_read_uint24 (&dataptr[9]);
- }
- else
- {
- hsk->sequence = 0;
- hsk->start_offset = 0;
- hsk->end_offset = MIN((_mbuffer_get_udata_size(bufel) - handshake_header_size), hsk->length);
- }
- }
- data_size = _mbuffer_get_udata_size(bufel) - handshake_header_size;
-
- /* make the length offset */
- if (hsk->end_offset > 0) hsk->end_offset--;
-
- _gnutls_handshake_log ("HSK[%p]: %s (%u) was received. Length %d[%d], frag offset %d, frag length: %d, sequence: %d\n",
- session, _gnutls_handshake2str (hsk->htype), (unsigned)hsk->htype,
- (int) hsk->length, (int)data_size, hsk->start_offset, hsk->end_offset-hsk->start_offset+1, (int)hsk->sequence);
-
- hsk->header_size = handshake_header_size;
- memcpy(hsk->header, _mbuffer_get_udata_ptr(bufel), handshake_header_size);
-
- if (hsk->length > 0 &&
- (hsk->end_offset-hsk->start_offset >= data_size))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (hsk->length > 0 && (hsk->start_offset >= hsk->end_offset ||
- hsk->end_offset-hsk->start_offset >= data_size ||
- hsk->end_offset >= hsk->length))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- else if (hsk->length == 0 && hsk->end_offset != 0 && hsk->start_offset != 0)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- return handshake_header_size;
+ uint8_t *dataptr = NULL; /* for realloc */
+ size_t handshake_header_size =
+ HANDSHAKE_HEADER_SIZE(session), data_size;
+
+ /* Note: SSL2_HEADERS == 1 */
+ if (_mbuffer_get_udata_size(bufel) < handshake_header_size)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ dataptr = _mbuffer_get_udata_ptr(bufel);
+
+ /* if reading a client hello of SSLv2 */
+ if (unlikely
+ (!IS_DTLS(session)
+ && bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)) {
+ handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
+
+ hsk->length = _mbuffer_get_udata_size(bufel) - handshake_header_size; /* we've read the first byte */
+
+ if (dataptr[0] != GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
+ hsk->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
+
+ hsk->sequence = 0;
+ hsk->start_offset = 0;
+ hsk->end_offset = hsk->length;
+ } else { /* TLS or DTLS handshake headers */
+
+
+ hsk->htype = dataptr[0];
+
+ /* we do not use DECR_LEN because we know
+ * that the packet has enough data.
+ */
+ hsk->length = _gnutls_read_uint24(&dataptr[1]);
+ handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
+
+ if (IS_DTLS(session)) {
+ hsk->sequence = _gnutls_read_uint16(&dataptr[4]);
+ hsk->start_offset =
+ _gnutls_read_uint24(&dataptr[6]);
+ hsk->end_offset =
+ hsk->start_offset +
+ _gnutls_read_uint24(&dataptr[9]);
+ } else {
+ hsk->sequence = 0;
+ hsk->start_offset = 0;
+ hsk->end_offset =
+ MIN((_mbuffer_get_udata_size(bufel) -
+ handshake_header_size), hsk->length);
+ }
+ }
+ data_size = _mbuffer_get_udata_size(bufel) - handshake_header_size;
+
+ /* make the length offset */
+ if (hsk->end_offset > 0)
+ hsk->end_offset--;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: %s (%u) was received. Length %d[%d], frag offset %d, frag length: %d, sequence: %d\n",
+ session, _gnutls_handshake2str(hsk->htype),
+ (unsigned) hsk->htype, (int) hsk->length, (int) data_size,
+ hsk->start_offset, hsk->end_offset - hsk->start_offset + 1,
+ (int) hsk->sequence);
+
+ hsk->header_size = handshake_header_size;
+ memcpy(hsk->header, _mbuffer_get_udata_ptr(bufel),
+ handshake_header_size);
+
+ if (hsk->length > 0 &&
+ (hsk->end_offset - hsk->start_offset >= data_size))
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (hsk->length > 0 && (hsk->start_offset >= hsk->end_offset ||
+ hsk->end_offset - hsk->start_offset >=
+ data_size
+ || hsk->end_offset >= hsk->length))
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ else if (hsk->length == 0 && hsk->end_offset != 0
+ && hsk->start_offset != 0)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ return handshake_header_size;
}
-static void _gnutls_handshake_buffer_move(handshake_buffer_st* dst, handshake_buffer_st* src)
+static void _gnutls_handshake_buffer_move(handshake_buffer_st * dst,
+ handshake_buffer_st * src)
{
- memcpy(dst, src, sizeof(*dst));
- memset(src, 0, sizeof(*src));
- src->htype = -1;
+ memcpy(dst, src, sizeof(*dst));
+ memset(src, 0, sizeof(*src));
+ src->htype = -1;
}
/* will merge the given handshake_buffer_st to the handshake_recv_buffer
* list. The given hsk packet will be released in any case (success or failure).
* Only used in DTLS.
*/
-static int merge_handshake_packet(gnutls_session_t session, handshake_buffer_st* hsk)
+static int merge_handshake_packet(gnutls_session_t session,
+ handshake_buffer_st * hsk)
{
-int exists = 0, i, pos = 0;
-int ret;
-
- for (i=0;i<session->internals.handshake_recv_buffer_size;i++)
- {
- if (session->internals.handshake_recv_buffer[i].htype == hsk->htype)
- {
- exists = 1;
- pos = i;
- break;
- }
- }
-
- if (exists == 0)
- pos = session->internals.handshake_recv_buffer_size;
-
- if (pos > MAX_HANDSHAKE_MSGS)
- return gnutls_assert_val(GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS);
-
- if (exists == 0)
- {
- if (hsk->length > 0 && hsk->end_offset > 0 && hsk->end_offset-hsk->start_offset+1 != hsk->length)
- {
- ret = _gnutls_buffer_resize(&hsk->data, hsk->length);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- hsk->data.length = hsk->length;
-
- memmove(&hsk->data.data[hsk->start_offset], hsk->data.data, hsk->end_offset-hsk->start_offset+1);
- }
-
- session->internals.handshake_recv_buffer_size++;
-
- /* rewrite headers to make them look as each packet came as a single fragment */
- _gnutls_write_uint24(hsk->length, &hsk->header[1]);
- _gnutls_write_uint24(0, &hsk->header[6]);
- _gnutls_write_uint24(hsk->length, &hsk->header[9]);
-
- _gnutls_handshake_buffer_move(&session->internals.handshake_recv_buffer[pos], hsk);
-
- }
- else
- {
- if (hsk->start_offset < session->internals.handshake_recv_buffer[pos].start_offset &&
- hsk->end_offset >= session->internals.handshake_recv_buffer[pos].start_offset)
- {
- memcpy(&session->internals.handshake_recv_buffer[pos].data.data[hsk->start_offset],
- hsk->data.data, hsk->data.length);
- session->internals.handshake_recv_buffer[pos].start_offset = hsk->start_offset;
- session->internals.handshake_recv_buffer[pos].end_offset =
- MIN(hsk->end_offset, session->internals.handshake_recv_buffer[pos].end_offset);
- }
- else if (hsk->end_offset > session->internals.handshake_recv_buffer[pos].end_offset &&
- hsk->start_offset <= session->internals.handshake_recv_buffer[pos].end_offset+1)
- {
- memcpy(&session->internals.handshake_recv_buffer[pos].data.data[hsk->start_offset],
- hsk->data.data, hsk->data.length);
-
- session->internals.handshake_recv_buffer[pos].end_offset = hsk->end_offset;
- session->internals.handshake_recv_buffer[pos].start_offset =
- MIN(hsk->start_offset, session->internals.handshake_recv_buffer[pos].start_offset);
- }
- _gnutls_handshake_buffer_clear(hsk);
- }
-
- return 0;
+ int exists = 0, i, pos = 0;
+ int ret;
+
+ for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
+ if (session->internals.handshake_recv_buffer[i].htype ==
+ hsk->htype) {
+ exists = 1;
+ pos = i;
+ break;
+ }
+ }
+
+ if (exists == 0)
+ pos = session->internals.handshake_recv_buffer_size;
+
+ if (pos > MAX_HANDSHAKE_MSGS)
+ return
+ gnutls_assert_val(GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS);
+
+ if (exists == 0) {
+ if (hsk->length > 0 && hsk->end_offset > 0
+ && hsk->end_offset - hsk->start_offset + 1 !=
+ hsk->length) {
+ ret =
+ _gnutls_buffer_resize(&hsk->data, hsk->length);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ hsk->data.length = hsk->length;
+
+ memmove(&hsk->data.data[hsk->start_offset],
+ hsk->data.data,
+ hsk->end_offset - hsk->start_offset + 1);
+ }
+
+ session->internals.handshake_recv_buffer_size++;
+
+ /* rewrite headers to make them look as each packet came as a single fragment */
+ _gnutls_write_uint24(hsk->length, &hsk->header[1]);
+ _gnutls_write_uint24(0, &hsk->header[6]);
+ _gnutls_write_uint24(hsk->length, &hsk->header[9]);
+
+ _gnutls_handshake_buffer_move(&session->internals.
+ handshake_recv_buffer[pos],
+ hsk);
+
+ } else {
+ if (hsk->start_offset <
+ session->internals.handshake_recv_buffer[pos].
+ start_offset
+ && hsk->end_offset >=
+ session->internals.handshake_recv_buffer[pos].
+ start_offset) {
+ memcpy(&session->internals.
+ handshake_recv_buffer[pos].data.data[hsk->
+ start_offset],
+ hsk->data.data, hsk->data.length);
+ session->internals.handshake_recv_buffer[pos].
+ start_offset = hsk->start_offset;
+ session->internals.handshake_recv_buffer[pos].
+ end_offset =
+ MIN(hsk->end_offset,
+ session->internals.
+ handshake_recv_buffer[pos].end_offset);
+ } else if (hsk->end_offset >
+ session->internals.handshake_recv_buffer[pos].
+ end_offset
+ && hsk->start_offset <=
+ session->internals.handshake_recv_buffer[pos].
+ end_offset + 1) {
+ memcpy(&session->internals.
+ handshake_recv_buffer[pos].data.data[hsk->
+ start_offset],
+ hsk->data.data, hsk->data.length);
+
+ session->internals.handshake_recv_buffer[pos].
+ end_offset = hsk->end_offset;
+ session->internals.handshake_recv_buffer[pos].
+ start_offset =
+ MIN(hsk->start_offset,
+ session->internals.
+ handshake_recv_buffer[pos].start_offset);
+ }
+ _gnutls_handshake_buffer_clear(hsk);
+ }
+
+ return 0;
}
/* returns non-zero on match and zero on mismatch
*/
-inline static int cmp_hsk_types(gnutls_handshake_description_t expected, gnutls_handshake_description_t recvd)
+inline static int cmp_hsk_types(gnutls_handshake_description_t expected,
+ gnutls_handshake_description_t recvd)
{
- if ((expected != GNUTLS_HANDSHAKE_CLIENT_HELLO || recvd != GNUTLS_HANDSHAKE_CLIENT_HELLO_V2) &&
- (expected != recvd))
- return 0;
-
- return 1;
+ if ((expected != GNUTLS_HANDSHAKE_CLIENT_HELLO
+ || recvd != GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
+ && (expected != recvd))
+ return 0;
+
+ return 1;
}
#define LAST_ELEMENT (session->internals.handshake_recv_buffer_size-1)
/* returns the last stored handshake packet.
*/
-static int get_last_packet(gnutls_session_t session, gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk, unsigned int optional)
+static int get_last_packet(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ handshake_buffer_st * hsk,
+ unsigned int optional)
{
-handshake_buffer_st* recv_buf = session->internals.handshake_recv_buffer;
-
- if (IS_DTLS(session))
- {
- if (session->internals.handshake_recv_buffer_size == 0 ||
- (session->internals.dtls.hsk_read_seq != recv_buf[LAST_ELEMENT].sequence))
- goto timeout;
-
- if (htype != recv_buf[LAST_ELEMENT].htype)
- {
- if (optional == 0)
- _gnutls_audit_log(session, "Received unexpected handshake message '%s' (%d). Expected '%s' (%d)\n",
- _gnutls_handshake2str(recv_buf[0].htype), (int)recv_buf[0].htype, _gnutls_handshake2str(htype), (int)htype);
-
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
- }
-
- else if ((recv_buf[LAST_ELEMENT].start_offset == 0 &&
- recv_buf[LAST_ELEMENT].end_offset == recv_buf[LAST_ELEMENT].length -1) ||
- recv_buf[LAST_ELEMENT].length == 0)
- {
- session->internals.dtls.hsk_read_seq++;
- _gnutls_handshake_buffer_move(hsk, &recv_buf[LAST_ELEMENT]);
- session->internals.handshake_recv_buffer_size--;
- return 0;
- }
- else
- goto timeout;
- }
- else /* TLS */
- {
- if (session->internals.handshake_recv_buffer_size > 0 && recv_buf[0].length == recv_buf[0].data.length)
- {
- if (cmp_hsk_types(htype, recv_buf[0].htype) == 0)
- {
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
- }
-
- _gnutls_handshake_buffer_move(hsk, &recv_buf[0]);
- session->internals.handshake_recv_buffer_size--;
- return 0;
- }
- else
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- }
-
-timeout:
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
+ handshake_buffer_st *recv_buf =
+ session->internals.handshake_recv_buffer;
+
+ if (IS_DTLS(session)) {
+ if (session->internals.handshake_recv_buffer_size == 0 ||
+ (session->internals.dtls.hsk_read_seq !=
+ recv_buf[LAST_ELEMENT].sequence))
+ goto timeout;
+
+ if (htype != recv_buf[LAST_ELEMENT].htype) {
+ if (optional == 0)
+ _gnutls_audit_log(session,
+ "Received unexpected handshake message '%s' (%d). Expected '%s' (%d)\n",
+ _gnutls_handshake2str
+ (recv_buf[0].htype),
+ (int) recv_buf[0].htype,
+ _gnutls_handshake2str
+ (htype), (int) htype);
+
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
+ }
+
+ else if ((recv_buf[LAST_ELEMENT].start_offset == 0 &&
+ recv_buf[LAST_ELEMENT].end_offset ==
+ recv_buf[LAST_ELEMENT].length - 1)
+ || recv_buf[LAST_ELEMENT].length == 0) {
+ session->internals.dtls.hsk_read_seq++;
+ _gnutls_handshake_buffer_move(hsk,
+ &recv_buf
+ [LAST_ELEMENT]);
+ session->internals.handshake_recv_buffer_size--;
+ return 0;
+ } else
+ goto timeout;
+ } else { /* TLS */
+
+ if (session->internals.handshake_recv_buffer_size > 0
+ && recv_buf[0].length == recv_buf[0].data.length) {
+ if (cmp_hsk_types(htype, recv_buf[0].htype) == 0) {
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
+ }
+
+ _gnutls_handshake_buffer_move(hsk, &recv_buf[0]);
+ session->internals.handshake_recv_buffer_size--;
+ return 0;
+ } else
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ }
+
+ timeout:
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
}
/* This is a receive function for the gnutls handshake
@@ -1027,208 +1064,250 @@ timeout:
*
* htype is the next handshake packet expected.
*/
-int
-_gnutls_parse_record_buffered_msgs (gnutls_session_t session)
+int _gnutls_parse_record_buffered_msgs(gnutls_session_t session)
{
- gnutls_datum_t msg;
- mbuffer_st* bufel = NULL, *prev = NULL;
- int ret;
- size_t data_size;
- handshake_buffer_st* recv_buf = session->internals.handshake_recv_buffer;
-
- bufel = _mbuffer_head_get_first(&session->internals.record_buffer, &msg);
- if (bufel == NULL)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- if (!IS_DTLS(session))
- {
- ssize_t remain, append, header_size;
-
- do
- {
- if (bufel->type != GNUTLS_HANDSHAKE)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
-
- /* if we have a half received message the complete it.
- */
- remain = recv_buf[0].length -
- recv_buf[0].data.length;
-
- /* this is the rest of a previous message */
- if (session->internals.handshake_recv_buffer_size > 0 && recv_buf[0].length > 0 && remain > 0)
- {
- if ((ssize_t)msg.size <= remain)
- append = msg.size;
- else
- append = remain;
-
- ret = _gnutls_buffer_append_data(&recv_buf[0].data, msg.data, append);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _mbuffer_head_remove_bytes(&session->internals.record_buffer, append);
- }
- else /* received new message */
- {
- ret = parse_handshake_header(session, bufel, &recv_buf[0]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- header_size = ret;
- session->internals.handshake_recv_buffer_size = 1;
-
- _mbuffer_set_uhead_size(bufel, header_size);
-
- data_size = MIN(recv_buf[0].length, _mbuffer_get_udata_size(bufel));
- ret = _gnutls_buffer_append_data(&recv_buf[0].data, _mbuffer_get_udata_ptr(bufel), data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- _mbuffer_set_uhead_size(bufel, 0);
- _mbuffer_head_remove_bytes(&session->internals.record_buffer, data_size+header_size);
- }
-
- /* if packet is complete then return it
- */
- if (recv_buf[0].length ==
- recv_buf[0].data.length)
- {
- return 0;
- }
- bufel = _mbuffer_head_get_first(&session->internals.record_buffer, &msg);
- }
- while(bufel != NULL);
-
- /* if we are here it means that the received packets were not
- * enough to complete the handshake packet.
- */
- return gnutls_assert_val(GNUTLS_E_AGAIN);
- }
- else /* DTLS */
- {
- handshake_buffer_st tmp;
-
- do
- {
- /* we now
- * 0. parse headers
- * 1. insert to handshake_recv_buffer
- * 2. sort handshake_recv_buffer on sequence numbers
- * 3. return first packet if completed or GNUTLS_E_AGAIN.
- */
- do
- {
- if (bufel->type != GNUTLS_HANDSHAKE)
- {
- gnutls_assert();
- goto next; /* ignore packet */
- }
-
- _gnutls_handshake_buffer_init(&tmp);
-
- ret = parse_handshake_header(session, bufel, &tmp);
- if (ret < 0)
- {
- gnutls_assert();
- _gnutls_audit_log(session, "Invalid handshake packet headers. Discarding.\n");
- break;
- }
-
- _mbuffer_consume(&session->internals.record_buffer, bufel, ret);
-
- data_size = MIN(tmp.length, tmp.end_offset-tmp.start_offset+1);
-
- ret = _gnutls_buffer_append_data(&tmp.data, _mbuffer_get_udata_ptr(bufel), data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _mbuffer_consume(&session->internals.record_buffer, bufel, data_size);
-
- ret = merge_handshake_packet(session, &tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- }
- while(_mbuffer_get_udata_size(bufel) > 0);
-
- prev = bufel;
- bufel = _mbuffer_dequeue(&session->internals.record_buffer, bufel);
-
- _mbuffer_xfree(&prev);
- continue;
-
-next:
- bufel = _mbuffer_head_get_next(bufel, NULL);
- }
- while(bufel != NULL);
-
- /* sort in descending order */
- if (session->internals.handshake_recv_buffer_size > 1)
- qsort(recv_buf, session->internals.handshake_recv_buffer_size,
- sizeof(recv_buf[0]), handshake_compare);
-
- while(session->internals.handshake_recv_buffer_size > 0 &&
- recv_buf[LAST_ELEMENT].sequence < session->internals.dtls.hsk_read_seq)
- {
- _gnutls_audit_log(session, "Discarded replayed handshake packet with sequence %d\n", recv_buf[LAST_ELEMENT].sequence);
- _gnutls_handshake_buffer_clear(&recv_buf[LAST_ELEMENT]);
- session->internals.handshake_recv_buffer_size--;
- }
-
- return 0;
- }
+ gnutls_datum_t msg;
+ mbuffer_st *bufel = NULL, *prev = NULL;
+ int ret;
+ size_t data_size;
+ handshake_buffer_st *recv_buf =
+ session->internals.handshake_recv_buffer;
+
+ bufel =
+ _mbuffer_head_get_first(&session->internals.record_buffer,
+ &msg);
+ if (bufel == NULL)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ if (!IS_DTLS(session)) {
+ ssize_t remain, append, header_size;
+
+ do {
+ if (bufel->type != GNUTLS_HANDSHAKE)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+
+ /* if we have a half received message the complete it.
+ */
+ remain = recv_buf[0].length -
+ recv_buf[0].data.length;
+
+ /* this is the rest of a previous message */
+ if (session->internals.handshake_recv_buffer_size >
+ 0 && recv_buf[0].length > 0 && remain > 0) {
+ if ((ssize_t) msg.size <= remain)
+ append = msg.size;
+ else
+ append = remain;
+
+ ret =
+ _gnutls_buffer_append_data(&recv_buf
+ [0].data,
+ msg.data,
+ append);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _mbuffer_head_remove_bytes(&session->
+ internals.
+ record_buffer,
+ append);
+ } else { /* received new message */
+
+ ret =
+ parse_handshake_header(session, bufel,
+ &recv_buf[0]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ header_size = ret;
+ session->internals.
+ handshake_recv_buffer_size = 1;
+
+ _mbuffer_set_uhead_size(bufel,
+ header_size);
+
+ data_size =
+ MIN(recv_buf[0].length,
+ _mbuffer_get_udata_size(bufel));
+ ret =
+ _gnutls_buffer_append_data(&recv_buf
+ [0].data,
+ _mbuffer_get_udata_ptr
+ (bufel),
+ data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ _mbuffer_set_uhead_size(bufel, 0);
+ _mbuffer_head_remove_bytes(&session->
+ internals.
+ record_buffer,
+ data_size +
+ header_size);
+ }
+
+ /* if packet is complete then return it
+ */
+ if (recv_buf[0].length == recv_buf[0].data.length) {
+ return 0;
+ }
+ bufel =
+ _mbuffer_head_get_first(&session->internals.
+ record_buffer, &msg);
+ }
+ while (bufel != NULL);
+
+ /* if we are here it means that the received packets were not
+ * enough to complete the handshake packet.
+ */
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
+ } else { /* DTLS */
+
+ handshake_buffer_st tmp;
+
+ do {
+ /* we now
+ * 0. parse headers
+ * 1. insert to handshake_recv_buffer
+ * 2. sort handshake_recv_buffer on sequence numbers
+ * 3. return first packet if completed or GNUTLS_E_AGAIN.
+ */
+ do {
+ if (bufel->type != GNUTLS_HANDSHAKE) {
+ gnutls_assert();
+ goto next; /* ignore packet */
+ }
+
+ _gnutls_handshake_buffer_init(&tmp);
+
+ ret =
+ parse_handshake_header(session, bufel,
+ &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Invalid handshake packet headers. Discarding.\n");
+ break;
+ }
+
+ _mbuffer_consume(&session->internals.
+ record_buffer, bufel,
+ ret);
+
+ data_size =
+ MIN(tmp.length,
+ tmp.end_offset - tmp.start_offset +
+ 1);
+
+ ret =
+ _gnutls_buffer_append_data(&tmp.data,
+ _mbuffer_get_udata_ptr
+ (bufel),
+ data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _mbuffer_consume(&session->internals.
+ record_buffer, bufel,
+ data_size);
+
+ ret =
+ merge_handshake_packet(session, &tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ }
+ while (_mbuffer_get_udata_size(bufel) > 0);
+
+ prev = bufel;
+ bufel =
+ _mbuffer_dequeue(&session->internals.
+ record_buffer, bufel);
+
+ _mbuffer_xfree(&prev);
+ continue;
+
+ next:
+ bufel = _mbuffer_head_get_next(bufel, NULL);
+ }
+ while (bufel != NULL);
+
+ /* sort in descending order */
+ if (session->internals.handshake_recv_buffer_size > 1)
+ qsort(recv_buf,
+ session->internals.
+ handshake_recv_buffer_size,
+ sizeof(recv_buf[0]), handshake_compare);
+
+ while (session->internals.handshake_recv_buffer_size > 0 &&
+ recv_buf[LAST_ELEMENT].sequence <
+ session->internals.dtls.hsk_read_seq) {
+ _gnutls_audit_log(session,
+ "Discarded replayed handshake packet with sequence %d\n",
+ recv_buf[LAST_ELEMENT].sequence);
+ _gnutls_handshake_buffer_clear(&recv_buf
+ [LAST_ELEMENT]);
+ session->internals.handshake_recv_buffer_size--;
+ }
+
+ return 0;
+ }
}
/* This is a receive function for the gnutls handshake
* protocol. Makes sure that we have received all data.
*/
ssize_t
-_gnutls_handshake_io_recv_int (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk, unsigned int optional)
+_gnutls_handshake_io_recv_int(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ handshake_buffer_st * hsk,
+ unsigned int optional)
{
- int ret;
- unsigned int tleft = 0;
-
- ret = get_last_packet(session, htype, hsk, optional);
- if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- return gnutls_assert_val(ret);
- }
-
- /* try using the already existing records before
- * trying to receive.
- */
- ret = _gnutls_parse_record_buffered_msgs(session);
-
- if (ret == 0) ret = get_last_packet(session, htype, hsk, optional);
-
- if (IS_DTLS(session))
- {
- if (ret >= 0)
- return ret;
- }
- else
- {
- if ((ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && ret < 0) || ret >= 0)
- return gnutls_assert_val(ret);
- }
-
- if (htype != (unsigned)-1)
- {
- ret = handshake_remaining_time(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- tleft = ret;
- }
-
- /* if we don't have a complete message waiting for us, try
- * receiving more */
- ret = _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE, htype, tleft);
- if (ret < 0)
- return gnutls_assert_val_fatal(ret);
-
- ret = _gnutls_parse_record_buffered_msgs(session);
- if (ret == 0) ret = get_last_packet(session, htype, hsk, optional);
-
- return ret;
+ int ret;
+ unsigned int tleft = 0;
+
+ ret = get_last_packet(session, htype, hsk, optional);
+ if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED
+ && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ return gnutls_assert_val(ret);
+ }
+
+ /* try using the already existing records before
+ * trying to receive.
+ */
+ ret = _gnutls_parse_record_buffered_msgs(session);
+
+ if (ret == 0)
+ ret = get_last_packet(session, htype, hsk, optional);
+
+ if (IS_DTLS(session)) {
+ if (ret >= 0)
+ return ret;
+ } else {
+ if ((ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && ret < 0) || ret >= 0)
+ return gnutls_assert_val(ret);
+ }
+
+ if (htype != (unsigned) -1) {
+ ret = handshake_remaining_time(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ tleft = ret;
+ }
+
+ /* if we don't have a complete message waiting for us, try
+ * receiving more */
+ ret =
+ _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE, htype,
+ tleft);
+ if (ret < 0)
+ return gnutls_assert_val_fatal(ret);
+
+ ret = _gnutls_parse_record_buffered_msgs(session);
+ if (ret == 0)
+ ret = get_last_packet(session, htype, hsk, optional);
+
+ return ret;
}
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index cb247a1cd8..887403f51c 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -25,13 +25,13 @@
#define MBUFFER_FLUSH 1
int
-_gnutls_record_buffer_put (gnutls_session_t session,
- content_type_t type, uint64* seq, mbuffer_st* bufel);
+_gnutls_record_buffer_put(gnutls_session_t session,
+ content_type_t type, uint64 * seq,
+ mbuffer_st * bufel);
-inline static int
-_gnutls_record_buffer_get_size (gnutls_session_t session)
+inline static int _gnutls_record_buffer_get_size(gnutls_session_t session)
{
- return session->internals.record_buffer.byte_length;
+ return session->internals.record_buffer.byte_length;
}
/*-
@@ -44,72 +44,76 @@ _gnutls_record_buffer_get_size (gnutls_session_t session)
*
* Returns: Returns the size of the data or zero.
-*/
-inline static size_t
-record_check_unprocessed (gnutls_session_t session)
+inline static size_t record_check_unprocessed(gnutls_session_t session)
{
- return session->internals.record_recv_buffer.byte_length;
+ return session->internals.record_recv_buffer.byte_length;
}
-int _gnutls_record_buffer_get (content_type_t type,
- gnutls_session_t session, uint8_t * data,
- size_t length, uint8_t seq[8]);
-ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n, content_type_t, unsigned int *ms);
-int _gnutls_io_clear_peeked_data (gnutls_session_t session);
+int _gnutls_record_buffer_get(content_type_t type,
+ gnutls_session_t session, uint8_t * data,
+ size_t length, uint8_t seq[8]);
+ssize_t _gnutls_io_read_buffered(gnutls_session_t, size_t n,
+ content_type_t, unsigned int *ms);
+int _gnutls_io_clear_peeked_data(gnutls_session_t session);
-ssize_t _gnutls_io_write_buffered (gnutls_session_t session,
- mbuffer_st * bufel, unsigned int mflag);
+ssize_t _gnutls_io_write_buffered(gnutls_session_t session,
+ mbuffer_st * bufel, unsigned int mflag);
-int _gnutls_handshake_io_cache_int (gnutls_session_t,
- gnutls_handshake_description_t,
- mbuffer_st * bufel);
+int _gnutls_handshake_io_cache_int(gnutls_session_t,
+ gnutls_handshake_description_t,
+ mbuffer_st * bufel);
ssize_t
-_gnutls_handshake_io_recv_int (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk, unsigned int optional);
+_gnutls_handshake_io_recv_int(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ handshake_buffer_st * hsk,
+ unsigned int optional);
-ssize_t _gnutls_io_write_flush (gnutls_session_t session);
-int
-_gnutls_io_check_recv (gnutls_session_t session, unsigned int ms);
-ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session);
+ssize_t _gnutls_io_write_flush(gnutls_session_t session);
+int _gnutls_io_check_recv(gnutls_session_t session, unsigned int ms);
+ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session);
-inline static void _gnutls_handshake_buffer_clear(handshake_buffer_st* hsk)
+inline static void _gnutls_handshake_buffer_clear(handshake_buffer_st *
+ hsk)
{
- _gnutls_buffer_clear(&hsk->data);
- hsk->htype = -1;
+ _gnutls_buffer_clear(&hsk->data);
+ hsk->htype = -1;
}
-inline static void _gnutls_handshake_buffer_init(handshake_buffer_st* hsk)
+inline static void _gnutls_handshake_buffer_init(handshake_buffer_st * hsk)
{
- memset(hsk, 0, sizeof(*hsk));
- _gnutls_buffer_init(&hsk->data);
- hsk->htype = -1;
+ memset(hsk, 0, sizeof(*hsk));
+ _gnutls_buffer_init(&hsk->data);
+ hsk->htype = -1;
}
-inline static void _gnutls_handshake_recv_buffer_clear(gnutls_session_t session)
+inline static void _gnutls_handshake_recv_buffer_clear(gnutls_session_t
+ session)
{
-int i;
- for (i=0;i<session->internals.handshake_recv_buffer_size;i++)
- _gnutls_handshake_buffer_clear(&session->internals.handshake_recv_buffer[i]);
- session->internals.handshake_recv_buffer_size = 0;
+ int i;
+ for (i = 0; i < session->internals.handshake_recv_buffer_size; i++)
+ _gnutls_handshake_buffer_clear(&session->internals.
+ handshake_recv_buffer[i]);
+ session->internals.handshake_recv_buffer_size = 0;
}
-inline static void _gnutls_handshake_recv_buffer_init(gnutls_session_t session)
+inline static void _gnutls_handshake_recv_buffer_init(gnutls_session_t
+ session)
{
-int i;
- for (i=0;i<MAX_HANDSHAKE_MSGS;i++)
- {
- _gnutls_handshake_buffer_init(&session->internals.handshake_recv_buffer[i]);
- }
- session->internals.handshake_recv_buffer_size = 0;
+ int i;
+ for (i = 0; i < MAX_HANDSHAKE_MSGS; i++) {
+ _gnutls_handshake_buffer_init(&session->internals.
+ handshake_recv_buffer[i]);
+ }
+ session->internals.handshake_recv_buffer_size = 0;
}
-int
-_gnutls_parse_record_buffered_msgs (gnutls_session_t session);
+int _gnutls_parse_record_buffered_msgs(gnutls_session_t session);
ssize_t
-_gnutls_recv_in_buffers (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype, unsigned int ms);
+_gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int ms);
#define _gnutls_handshake_io_buffer_clear( session) \
_mbuffer_head_clear( &session->internals.handshake_send_buffer); \
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 285d5dffbc..07514edffc 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -53,33 +53,29 @@
* TLS negotiation that uses the credentials is in progress.
*
**/
-void
-gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc)
+void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc)
{
- unsigned i, j;
-
- for (i = 0; i < sc->ncerts; i++)
- {
- for (j = 0; j < sc->certs[i].cert_list_length; j++)
- {
- gnutls_pcert_deinit (&sc->certs[i].cert_list[j]);
- }
- gnutls_free (sc->certs[i].cert_list);
- _gnutls_str_array_clear (&sc->certs[i].names);
- }
-
- gnutls_free (sc->certs);
- sc->certs = NULL;
-
- for (i = 0; i < sc->ncerts; i++)
- {
- gnutls_privkey_deinit (sc->pkey[i]);
- }
-
- gnutls_free (sc->pkey);
- sc->pkey = NULL;
-
- sc->ncerts = 0;
+ unsigned i, j;
+
+ for (i = 0; i < sc->ncerts; i++) {
+ for (j = 0; j < sc->certs[i].cert_list_length; j++) {
+ gnutls_pcert_deinit(&sc->certs[i].cert_list[j]);
+ }
+ gnutls_free(sc->certs[i].cert_list);
+ _gnutls_str_array_clear(&sc->certs[i].names);
+ }
+
+ gnutls_free(sc->certs);
+ sc->certs = NULL;
+
+ for (i = 0; i < sc->ncerts; i++) {
+ gnutls_privkey_deinit(sc->pkey[i]);
+ }
+
+ gnutls_free(sc->pkey);
+ sc->pkey = NULL;
+
+ sc->ncerts = 0;
}
/**
@@ -91,11 +87,10 @@ gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc)
* gnutls_certificate_verify_peers2() may call this to save some
* memory.
**/
-void
-gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc)
+void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc)
{
- /* FIXME: do nothing for now */
- return;
+ /* FIXME: do nothing for now */
+ return;
}
/**
@@ -113,10 +108,13 @@ gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc)
* Since: 3.0
**/
int
-gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc,
- gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags)
+gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc,
+ gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t * issuer,
+ unsigned int flags)
{
- return gnutls_x509_trust_list_get_issuer(sc->tlist, cert, issuer, flags);
+ return gnutls_x509_trust_list_get_issuer(sc->tlist, cert, issuer,
+ flags);
}
/**
@@ -138,21 +136,24 @@ gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc,
* Since: 3.2.5
**/
int
-gnutls_certificate_get_crt_raw (gnutls_certificate_credentials_t sc,
- unsigned idx1,
- unsigned idx2,
- gnutls_datum_t * cert)
+gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc,
+ unsigned idx1,
+ unsigned idx2, gnutls_datum_t * cert)
{
- if (idx1 >= sc->ncerts)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ if (idx1 >= sc->ncerts)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- if (idx2 >= sc->certs[idx1].cert_list_length)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ if (idx2 >= sc->certs[idx1].cert_list_length)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- cert->data = sc->certs[idx1].cert_list[idx2].cert.data;
- cert->size = sc->certs[idx1].cert_list[idx2].cert.size;
+ cert->data = sc->certs[idx1].cert_list[idx2].cert.data;
+ cert->size = sc->certs[idx1].cert_list[idx2].cert.size;
- return 0;
+ return 0;
}
/**
@@ -169,10 +170,9 @@ gnutls_certificate_get_crt_raw (gnutls_certificate_credentials_t sc,
* CA names are used by servers to advertise the CAs they support to
* clients.
**/
-void
-gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc)
+void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc)
{
- _gnutls_free_datum (&sc->x509_rdn_sequence);
+ _gnutls_free_datum(&sc->x509_rdn_sequence);
}
@@ -188,18 +188,18 @@ gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc)
* function).
**/
void
-gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc)
+gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc)
{
- gnutls_x509_trust_list_deinit(sc->tlist, 1);
- gnutls_certificate_free_keys (sc);
- gnutls_certificate_free_ca_names (sc);
- gnutls_free(sc->ocsp_response_file);
- memset(sc->pin_tmp, 0, sizeof(sc->pin_tmp));
+ gnutls_x509_trust_list_deinit(sc->tlist, 1);
+ gnutls_certificate_free_keys(sc);
+ gnutls_certificate_free_ca_names(sc);
+ gnutls_free(sc->ocsp_response_file);
+ memset(sc->pin_tmp, 0, sizeof(sc->pin_tmp));
#ifdef ENABLE_OPENPGP
- gnutls_openpgp_keyring_deinit (sc->keyring);
+ gnutls_openpgp_keyring_deinit(sc->keyring);
#endif
- gnutls_free (sc);
+ gnutls_free(sc);
}
@@ -213,27 +213,26 @@ gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t *
- res)
+gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t *
+ res)
{
-int ret;
+ int ret;
- *res = gnutls_calloc (1, sizeof (certificate_credentials_st));
+ *res = gnutls_calloc(1, sizeof(certificate_credentials_st));
- if (*res == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*res == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- ret = gnutls_x509_trust_list_init( &(*res)->tlist, 0);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_free(*res);
- return GNUTLS_E_MEMORY_ERROR;
- }
- (*res)->verify_bits = DEFAULT_MAX_VERIFY_BITS;
- (*res)->verify_depth = DEFAULT_MAX_VERIFY_DEPTH;
+ ret = gnutls_x509_trust_list_init(&(*res)->tlist, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(*res);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ (*res)->verify_bits = DEFAULT_MAX_VERIFY_BITS;
+ (*res)->verify_depth = DEFAULT_MAX_VERIFY_DEPTH;
- return 0;
+ return 0;
}
@@ -244,51 +243,48 @@ int ret;
* extensions in order to disable unneded algorithms.
*/
int
-_gnutls_selected_cert_supported_kx (gnutls_session_t session,
- gnutls_kx_algorithm_t * alg,
- int *alg_size)
+_gnutls_selected_cert_supported_kx(gnutls_session_t session,
+ gnutls_kx_algorithm_t * alg,
+ int *alg_size)
{
- gnutls_kx_algorithm_t kx;
- gnutls_pk_algorithm_t pk, cert_pk;
- gnutls_pcert_st *cert;
- int i;
-
- if (session->internals.selected_cert_list_length == 0)
- {
- *alg_size = 0;
- return 0;
- }
-
- cert = &session->internals.selected_cert_list[0];
- cert_pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
- i = 0;
-
- for (kx = 0; kx < MAX_ALGOS; kx++)
- {
- pk = _gnutls_map_pk_get_pk (kx);
- if (pk == cert_pk)
- {
- /* then check key usage */
- if (_gnutls_check_key_usage (cert, kx) == 0)
- {
- alg[i] = kx;
- i++;
-
- if (i > *alg_size)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
- }
- }
-
- if (i == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- *alg_size = i;
-
- return 0;
+ gnutls_kx_algorithm_t kx;
+ gnutls_pk_algorithm_t pk, cert_pk;
+ gnutls_pcert_st *cert;
+ int i;
+
+ if (session->internals.selected_cert_list_length == 0) {
+ *alg_size = 0;
+ return 0;
+ }
+
+ cert = &session->internals.selected_cert_list[0];
+ cert_pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+ i = 0;
+
+ for (kx = 0; kx < MAX_ALGOS; kx++) {
+ pk = _gnutls_map_pk_get_pk(kx);
+ if (pk == cert_pk) {
+ /* then check key usage */
+ if (_gnutls_check_key_usage(cert, kx) == 0) {
+ alg[i] = kx;
+ i++;
+
+ if (i > *alg_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+ }
+ }
+ }
+
+ if (i == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *alg_size = i;
+
+ return 0;
}
@@ -304,10 +300,10 @@ _gnutls_selected_cert_supported_kx (gnutls_session_t session,
* function then the client will not be asked to send a certificate.
**/
void
-gnutls_certificate_server_set_request (gnutls_session_t session,
- gnutls_certificate_request_t req)
+gnutls_certificate_server_set_request(gnutls_session_t session,
+ gnutls_certificate_request_t req)
{
- session->internals.send_cert_req = req;
+ session->internals.send_cert_req = req;
}
/**
@@ -345,10 +341,9 @@ gnutls_certificate_server_set_request (gnutls_session_t session,
* indicates error and the handshake will be terminated.
**/
void gnutls_certificate_client_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_client_retrieve_function * func)
-{
- cred->client_get_cert_callback = func;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_retrieve_function * func) {
+ cred->client_get_cert_callback = func;
}
/**
@@ -374,10 +369,9 @@ void gnutls_certificate_client_set_retrieve_function
* will be terminated.
**/
void gnutls_certificate_server_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_server_retrieve_function * func)
-{
- cred->server_get_cert_callback = func;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_server_retrieve_function * func) {
+ cred->server_get_cert_callback = func;
}
/**
@@ -418,10 +412,9 @@ void gnutls_certificate_server_set_retrieve_function
* Since: 3.0
**/
void gnutls_certificate_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_retrieve_function * func)
-{
- cred->get_cert_callback = func;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_retrieve_function * func) {
+ cred->get_cert_callback = func;
}
/**
@@ -465,10 +458,9 @@ void gnutls_certificate_set_retrieve_function
* Since: 3.0
**/
void gnutls_certificate_set_retrieve_function2
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_retrieve_function2 * func)
-{
- cred->get_cert_callback2 = func;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_retrieve_function2 * func) {
+ cred->get_cert_callback2 = func;
}
/**
@@ -495,11 +487,10 @@ void gnutls_certificate_set_retrieve_function2
* Since: 2.10.0
**/
void
- gnutls_certificate_set_verify_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_verify_function * func)
-{
- cred->verify_callback = func;
+ gnutls_certificate_set_verify_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_verify_function * func) {
+ cred->verify_callback = func;
}
/*-
@@ -513,27 +504,26 @@ void
*
-*/
static time_t
-_gnutls_x509_get_raw_crt_activation_time (const gnutls_datum_t * cert)
+_gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t * cert)
{
- gnutls_x509_crt_t xcert;
- time_t result;
+ gnutls_x509_crt_t xcert;
+ time_t result;
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return (time_t) - 1;
+ result = gnutls_x509_crt_init(&xcert);
+ if (result < 0)
+ return (time_t) - 1;
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return (time_t) - 1;
- }
+ result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit(xcert);
+ return (time_t) - 1;
+ }
- result = gnutls_x509_crt_get_activation_time (xcert);
+ result = gnutls_x509_crt_get_activation_time(xcert);
- gnutls_x509_crt_deinit (xcert);
+ gnutls_x509_crt_deinit(xcert);
- return result;
+ return result;
}
/*-
@@ -547,27 +537,26 @@ _gnutls_x509_get_raw_crt_activation_time (const gnutls_datum_t * cert)
*
-*/
static time_t
-_gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
+_gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t * cert)
{
- gnutls_x509_crt_t xcert;
- time_t result;
+ gnutls_x509_crt_t xcert;
+ time_t result;
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return (time_t) - 1;
+ result = gnutls_x509_crt_init(&xcert);
+ if (result < 0)
+ return (time_t) - 1;
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return (time_t) - 1;
- }
+ result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit(xcert);
+ return (time_t) - 1;
+ }
- result = gnutls_x509_crt_get_expiration_time (xcert);
+ result = gnutls_x509_crt_get_expiration_time(xcert);
- gnutls_x509_crt_deinit (xcert);
+ gnutls_x509_crt_deinit(xcert);
- return result;
+ return result;
}
#ifdef ENABLE_OPENPGP
@@ -579,58 +568,55 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
* Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
-*/
static int
-_gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
- const char* hostname,
- unsigned int *status)
+_gnutls_openpgp_crt_verify_peers(gnutls_session_t session,
+ const char *hostname,
+ unsigned int *status)
{
- cert_auth_info_t info;
- gnutls_certificate_credentials_t cred;
- int peer_certificate_list_size, ret;
-
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = info->ncerts;
-
- if (peer_certificate_list_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* Verify certificate
- */
- ret =
- _gnutls_openpgp_verify_key (cred, hostname, &info->raw_certificate_list[0],
- peer_certificate_list_size, status);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ int peer_certificate_list_size, ret;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = info->ncerts;
+
+ if (peer_certificate_list_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* Verify certificate
+ */
+ ret =
+ _gnutls_openpgp_verify_key(cred, hostname,
+ &info->raw_certificate_list[0],
+ peer_certificate_list_size, status);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
#endif
@@ -659,33 +645,33 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
* Returns: a negative error code on error and %GNUTLS_E_SUCCESS (0) on success.
**/
int
-gnutls_certificate_verify_peers2 (gnutls_session_t session,
- unsigned int *status)
+gnutls_certificate_verify_peers2(gnutls_session_t session,
+ unsigned int *status)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_cert_verify_peers (session, NULL, status);
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_cert_verify_peers(session, NULL,
+ status);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_openpgp_crt_verify_peers (session, NULL, status);
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_openpgp_crt_verify_peers(session, NULL,
+ status);
#endif
- default:
- return GNUTLS_E_INVALID_REQUEST;
- }
+ default:
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -716,34 +702,34 @@ gnutls_certificate_verify_peers2 (gnutls_session_t session,
* Since: 3.1.4
**/
int
-gnutls_certificate_verify_peers3 (gnutls_session_t session,
- const char* hostname,
- unsigned int *status)
+gnutls_certificate_verify_peers3(gnutls_session_t session,
+ const char *hostname,
+ unsigned int *status)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_cert_verify_peers (session, hostname, status);
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_cert_verify_peers(session, hostname,
+ status);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_openpgp_crt_verify_peers (session, hostname, status);
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_openpgp_crt_verify_peers(session, hostname,
+ status);
#endif
- default:
- return GNUTLS_E_INVALID_REQUEST;
- }
+ default:
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -756,40 +742,37 @@ gnutls_certificate_verify_peers3 (gnutls_session_t session,
*
* Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times.
**/
-time_t
-gnutls_certificate_expiration_time_peers (gnutls_session_t session)
+time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session)
{
- cert_auth_info_t info;
-
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- return (time_t) - 1;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
-
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- return
- _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list
- [0]);
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return (time_t) - 1;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return
+ _gnutls_x509_get_raw_crt_expiration_time(&info->
+ raw_certificate_list
+ [0]);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return
- _gnutls_openpgp_get_raw_key_expiration_time
- (&info->raw_certificate_list[0]);
+ case GNUTLS_CRT_OPENPGP:
+ return
+ _gnutls_openpgp_get_raw_key_expiration_time
+ (&info->raw_certificate_list[0]);
#endif
- default:
- return (time_t) - 1;
- }
+ default:
+ return (time_t) - 1;
+ }
}
/**
@@ -803,40 +786,38 @@ gnutls_certificate_expiration_time_peers (gnutls_session_t session)
*
* Deprecated: gnutls_certificate_verify_peers2() now verifies activation times.
**/
-time_t
-gnutls_certificate_activation_time_peers (gnutls_session_t session)
+time_t gnutls_certificate_activation_time_peers(gnutls_session_t session)
{
- cert_auth_info_t info;
-
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- return (time_t) - 1;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
-
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- return
- _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list
- [0]);
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return (time_t) - 1;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return
+ _gnutls_x509_get_raw_crt_activation_time(&info->
+ raw_certificate_list
+ [0]);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return
- _gnutls_openpgp_get_raw_key_creation_time (&info->raw_certificate_list
- [0]);
+ case GNUTLS_CRT_OPENPGP:
+ return
+ _gnutls_openpgp_get_raw_key_creation_time(&info->
+ raw_certificate_list
+ [0]);
#endif
- default:
- return (time_t) - 1;
- }
+ default:
+ return (time_t) - 1;
+ }
}
/**
@@ -861,11 +842,11 @@ gnutls_certificate_activation_time_peers (gnutls_session_t session)
* Deprecated: Use the PKCS 11 or #gnutls_privkey_t interfacess like gnutls_privkey_import_ext() instead.
**/
void
-gnutls_sign_callback_set (gnutls_session_t session,
- gnutls_sign_func sign_func, void *userdata)
+gnutls_sign_callback_set(gnutls_session_t session,
+ gnutls_sign_func sign_func, void *userdata)
{
- session->internals.sign_func = sign_func;
- session->internals.sign_func_userdata = userdata;
+ session->internals.sign_func = sign_func;
+ session->internals.sign_func_userdata = userdata;
}
/**
@@ -881,29 +862,31 @@ gnutls_sign_callback_set (gnutls_session_t session,
* Deprecated: Use the PKCS 11 interfaces instead.
**/
gnutls_sign_func
-gnutls_sign_callback_get (gnutls_session_t session, void **userdata)
+gnutls_sign_callback_get(gnutls_session_t session, void **userdata)
{
- if (userdata)
- *userdata = session->internals.sign_func_userdata;
- return session->internals.sign_func;
+ if (userdata)
+ *userdata = session->internals.sign_func_userdata;
+ return session->internals.sign_func;
}
/* returns error if the certificate has different algorithm than
* the given key parameters.
*/
-int
-_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
+int _gnutls_check_key_cert_match(gnutls_certificate_credentials_t res)
{
- int pk = gnutls_pubkey_get_pk_algorithm(res->certs[res->ncerts-1].cert_list[0].pubkey, NULL);
- int pk2 = gnutls_privkey_get_pk_algorithm (res->pkey[res->ncerts - 1], NULL);
-
- if (pk2 != pk)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- }
-
- return 0;
+ int pk =
+ gnutls_pubkey_get_pk_algorithm(res->certs[res->ncerts - 1].
+ cert_list[0].pubkey, NULL);
+ int pk2 =
+ gnutls_privkey_get_pk_algorithm(res->pkey[res->ncerts - 1],
+ NULL);
+
+ if (pk2 != pk) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ }
+
+ return 0;
}
/**
@@ -924,71 +907,104 @@ _gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
* Since: 3.1.4
**/
int
-gnutls_certificate_verification_status_print (unsigned int status,
- gnutls_certificate_type_t type,
- gnutls_datum_t * out, unsigned int flags)
+gnutls_certificate_verification_status_print(unsigned int status,
+ gnutls_certificate_type_t
+ type, gnutls_datum_t * out,
+ unsigned int flags)
{
- gnutls_buffer_st str;
- int ret;
-
- _gnutls_buffer_init (&str);
-
- if (status == 0)
- _gnutls_buffer_append_str (&str, _("The certificate is trusted. "));
- else
- _gnutls_buffer_append_str (&str, _("The certificate is NOT trusted. "));
-
- if (type == GNUTLS_CRT_X509)
- {
- if (status & GNUTLS_CERT_REVOKED)
- _gnutls_buffer_append_str (&str, _("The certificate chain is revoked. "));
-
- if (status & GNUTLS_CERT_MISMATCH)
- _gnutls_buffer_append_str (&str, _("The certificate doesn't match the local copy (TOFU). "));
-
- if (status & GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED)
- _gnutls_buffer_append_str (&str, _("The revocation data are old and have been superseded. "));
-
- if (status & GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE)
- _gnutls_buffer_append_str (&str, _("The revocation data are issued with a future date. "));
-
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- _gnutls_buffer_append_str (&str, _("The certificate issuer is unknown. "));
-
- if (status & GNUTLS_CERT_SIGNER_NOT_CA)
- _gnutls_buffer_append_str (&str, _("The certificate issuer is not a CA. "));
- }
- else if (type == GNUTLS_CRT_OPENPGP)
- {
- _gnutls_buffer_append_str (&str, _("The certificate is not trusted. "));
-
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- _gnutls_buffer_append_str (&str, _("Could not find a signer of the certificate. "));
-
- if (status & GNUTLS_CERT_REVOKED)
- _gnutls_buffer_append_str (&str, _("The certificate is revoked. "));
- }
-
- if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
- _gnutls_buffer_append_str (&str, _("The certificate chain uses insecure algorithm. "));
-
- if (status & GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE)
- _gnutls_buffer_append_str (&str, _("The certificate chain violates the signer's constraints. "));
-
- if (status & GNUTLS_CERT_NOT_ACTIVATED)
- _gnutls_buffer_append_str (&str, _("The certificate chain uses not yet valid certificate. "));
-
- if (status & GNUTLS_CERT_EXPIRED)
- _gnutls_buffer_append_str (&str, _("The certificate chain uses expired certificate. "));
-
- if (status & GNUTLS_CERT_SIGNATURE_FAILURE)
- _gnutls_buffer_append_str (&str, _("The signature in the certificate is invalid. "));
-
- if (status & GNUTLS_CERT_UNEXPECTED_OWNER)
- _gnutls_buffer_append_str (&str, _("The name in the certificate does not match the expected. "));
-
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
- return ret;
+ gnutls_buffer_st str;
+ int ret;
+
+ _gnutls_buffer_init(&str);
+
+ if (status == 0)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate is trusted. "));
+ else
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate is NOT trusted. "));
+
+ if (type == GNUTLS_CRT_X509) {
+ if (status & GNUTLS_CERT_REVOKED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain is revoked. "));
+
+ if (status & GNUTLS_CERT_MISMATCH)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate doesn't match the local copy (TOFU). "));
+
+ if (status & GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The revocation data are old and have been superseded. "));
+
+ if (status & GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The revocation data are issued with a future date. "));
+
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate issuer is unknown. "));
+
+ if (status & GNUTLS_CERT_SIGNER_NOT_CA)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate issuer is not a CA. "));
+ } else if (type == GNUTLS_CRT_OPENPGP) {
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate is not trusted. "));
+
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("Could not find a signer of the certificate. "));
+
+ if (status & GNUTLS_CERT_REVOKED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate is revoked. "));
+ }
+
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain uses insecure algorithm. "));
+
+ if (status & GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain violates the signer's constraints. "));
+
+ if (status & GNUTLS_CERT_NOT_ACTIVATED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain uses not yet valid certificate. "));
+
+ if (status & GNUTLS_CERT_EXPIRED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain uses expired certificate. "));
+
+ if (status & GNUTLS_CERT_SIGNATURE_FAILURE)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The signature in the certificate is invalid. "));
+
+ if (status & GNUTLS_CERT_UNEXPECTED_OWNER)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The name in the certificate does not match the expected. "));
+
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
+
+ return ret;
}
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 1586f7e33f..760e6607f3 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -42,48 +42,48 @@
#include <gnutls_state.h>
#include <random.h>
-static int compressed_to_ciphertext (gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t *compressed,
- size_t min_pad,
- content_type_t _type,
- record_parameters_st * params);
-static int ciphertext_to_compressed (gnutls_session_t session,
- gnutls_datum_t *ciphertext,
- gnutls_datum_t * compressed,
- uint8_t type,
- record_parameters_st * params, uint64* sequence);
-
-static int ciphertext_to_compressed_new (gnutls_session_t session,
- gnutls_datum_t *ciphertext,
- gnutls_datum_t * compressed,
- uint8_t type,
- record_parameters_st * params, uint64* sequence);
+static int compressed_to_ciphertext(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * compressed,
+ size_t min_pad,
+ content_type_t _type,
+ record_parameters_st * params);
+static int ciphertext_to_compressed(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * compressed,
+ uint8_t type,
+ record_parameters_st * params,
+ uint64 * sequence);
+
+static int ciphertext_to_compressed_new(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * compressed,
+ uint8_t type,
+ record_parameters_st * params,
+ uint64 * sequence);
static int
-compressed_to_ciphertext_new (gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t *compressed,
- size_t min_pad,
- content_type_t type,
- record_parameters_st * params);
-
-inline static int
-is_write_comp_null (record_parameters_st * record_params)
+compressed_to_ciphertext_new(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * compressed,
+ size_t min_pad,
+ content_type_t type,
+ record_parameters_st * params);
+
+inline static int is_write_comp_null(record_parameters_st * record_params)
{
- if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
- return 0;
+ if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
+ return 0;
- return 1;
+ return 1;
}
-inline static int
-is_read_comp_null (record_parameters_st * record_params)
+inline static int is_read_comp_null(record_parameters_st * record_params)
{
- if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
- return 0;
+ if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
+ return 0;
- return 1;
+ return 1;
}
@@ -92,69 +92,78 @@ is_read_comp_null (record_parameters_st * record_params)
*
*/
int
-_gnutls_encrypt (gnutls_session_t session,
- const uint8_t * data, size_t data_size,
- size_t min_pad,
- mbuffer_st* bufel,
- content_type_t type,
- record_parameters_st * params)
+_gnutls_encrypt(gnutls_session_t session,
+ const uint8_t * data, size_t data_size,
+ size_t min_pad,
+ mbuffer_st * bufel,
+ content_type_t type, record_parameters_st * params)
{
- gnutls_datum_t comp;
- int free_comp = 0;
- int ret;
-
- if (data_size == 0 || is_write_comp_null (params) == 0)
- {
- comp.data = (uint8_t*)data;
- comp.size = data_size;
- }
- else
- {
- /* Here comp is allocated and must be
- * freed.
- */
- free_comp = 1;
-
- comp.size = _mbuffer_get_udata_size(bufel);
- comp.data = gnutls_malloc(comp.size);
- if (comp.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = _gnutls_compress(&params->write.compression_state, data, data_size,
- comp.data, comp.size, session->internals.priorities.stateless_compression);
- if (ret < 0)
- {
- gnutls_free(comp.data);
- return gnutls_assert_val(ret);
- }
-
- comp.size = ret;
- }
-
- if (params->write.new_record_padding != 0)
- ret = compressed_to_ciphertext_new (session, _mbuffer_get_udata_ptr(bufel),
- _mbuffer_get_udata_size(bufel),
- &comp, min_pad, type, params);
- else
- ret = compressed_to_ciphertext (session, _mbuffer_get_udata_ptr(bufel),
- _mbuffer_get_udata_size(bufel),
- &comp, min_pad, type, params);
-
- if (free_comp)
- gnutls_free(comp.data);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if(IS_DTLS(session))
- _gnutls_write_uint16 (ret, ((uint8_t*)_mbuffer_get_uhead_ptr(bufel))+11);
- else
- _gnutls_write_uint16 (ret, ((uint8_t*)_mbuffer_get_uhead_ptr(bufel))+3);
-
- _mbuffer_set_udata_size(bufel, ret);
- _mbuffer_set_uhead_size(bufel, 0);
-
- return _mbuffer_get_udata_size(bufel);
+ gnutls_datum_t comp;
+ int free_comp = 0;
+ int ret;
+
+ if (data_size == 0 || is_write_comp_null(params) == 0) {
+ comp.data = (uint8_t *) data;
+ comp.size = data_size;
+ } else {
+ /* Here comp is allocated and must be
+ * freed.
+ */
+ free_comp = 1;
+
+ comp.size = _mbuffer_get_udata_size(bufel);
+ comp.data = gnutls_malloc(comp.size);
+ if (comp.data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ _gnutls_compress(&params->write.compression_state,
+ data, data_size, comp.data, comp.size,
+ session->internals.priorities.
+ stateless_compression);
+ if (ret < 0) {
+ gnutls_free(comp.data);
+ return gnutls_assert_val(ret);
+ }
+
+ comp.size = ret;
+ }
+
+ if (params->write.new_record_padding != 0)
+ ret =
+ compressed_to_ciphertext_new(session,
+ _mbuffer_get_udata_ptr
+ (bufel),
+ _mbuffer_get_udata_size
+ (bufel), &comp, min_pad,
+ type, params);
+ else
+ ret =
+ compressed_to_ciphertext(session,
+ _mbuffer_get_udata_ptr(bufel),
+ _mbuffer_get_udata_size
+ (bufel), &comp, min_pad, type,
+ params);
+
+ if (free_comp)
+ gnutls_free(comp.data);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (IS_DTLS(session))
+ _gnutls_write_uint16(ret,
+ ((uint8_t *)
+ _mbuffer_get_uhead_ptr(bufel)) + 11);
+ else
+ _gnutls_write_uint16(ret,
+ ((uint8_t *)
+ _mbuffer_get_uhead_ptr(bufel)) + 3);
+
+ _mbuffer_set_udata_size(bufel, ret);
+ _mbuffer_set_uhead_size(bufel, 0);
+
+ return _mbuffer_get_udata_size(bufel);
}
/* Decrypts the given data.
@@ -163,108 +172,112 @@ _gnutls_encrypt (gnutls_session_t session,
* The output is preallocated with the maximum allowed data size.
*/
int
-_gnutls_decrypt (gnutls_session_t session,
- gnutls_datum_t *ciphertext,
- gnutls_datum_t *output,
- content_type_t type,
- record_parameters_st * params, uint64 *sequence)
+_gnutls_decrypt(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * output,
+ content_type_t type,
+ record_parameters_st * params, uint64 * sequence)
{
- int ret;
-
- if (ciphertext->size == 0)
- return 0;
-
- if (is_read_comp_null (params) == 0)
- {
- if (params->read.new_record_padding != 0)
- ret =
- ciphertext_to_compressed_new (session, ciphertext, output,
- type, params, sequence);
- else
- ret =
- ciphertext_to_compressed (session, ciphertext, output,
- type, params, sequence);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return ret;
- }
- else
- {
- gnutls_datum_t tmp;
-
- tmp.size = output->size;
- tmp.data = gnutls_malloc(tmp.size);
- if (tmp.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- if (params->read.new_record_padding != 0)
- ret =
- ciphertext_to_compressed_new (session, ciphertext, &tmp,
- type, params, sequence);
- else
- ret =
- ciphertext_to_compressed (session, ciphertext, &tmp,
- type, params, sequence);
- if (ret < 0)
- goto leave;
-
- tmp.size = ret;
-
- if (ret != 0)
- {
- ret = _gnutls_decompress( &params->read.compression_state,
- tmp.data, tmp.size,
- output->data, output->size);
- if (ret < 0)
- goto leave;
- }
-
-leave:
- gnutls_free(tmp.data);
- return ret;
- }
+ int ret;
+
+ if (ciphertext->size == 0)
+ return 0;
+
+ if (is_read_comp_null(params) == 0) {
+ if (params->read.new_record_padding != 0)
+ ret =
+ ciphertext_to_compressed_new(session,
+ ciphertext,
+ output, type,
+ params, sequence);
+ else
+ ret =
+ ciphertext_to_compressed(session, ciphertext,
+ output, type, params,
+ sequence);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return ret;
+ } else {
+ gnutls_datum_t tmp;
+
+ tmp.size = output->size;
+ tmp.data = gnutls_malloc(tmp.size);
+ if (tmp.data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ if (params->read.new_record_padding != 0)
+ ret =
+ ciphertext_to_compressed_new(session,
+ ciphertext, &tmp,
+ type, params,
+ sequence);
+ else
+ ret =
+ ciphertext_to_compressed(session, ciphertext,
+ &tmp, type, params,
+ sequence);
+ if (ret < 0)
+ goto leave;
+
+ tmp.size = ret;
+
+ if (ret != 0) {
+ ret =
+ _gnutls_decompress(&params->read.
+ compression_state, tmp.data,
+ tmp.size, output->data,
+ output->size);
+ if (ret < 0)
+ goto leave;
+ }
+
+ leave:
+ gnutls_free(tmp.data);
+ return ret;
+ }
}
inline static int
-calc_enc_length_block (gnutls_session_t session,
- const version_entry_st* ver,
- int data_size,
- int hash_size, uint8_t * pad,
- unsigned auth_cipher, uint16_t blocksize)
+calc_enc_length_block(gnutls_session_t session,
+ const version_entry_st * ver,
+ int data_size,
+ int hash_size, uint8_t * pad,
+ unsigned auth_cipher, uint16_t blocksize)
{
- /* pad is the LH pad the user wants us to add. Besides
- * this LH pad, we only add minimal padding
- */
- unsigned int pre_length = data_size + hash_size + *pad;
- unsigned int length, new_pad;
+ /* pad is the LH pad the user wants us to add. Besides
+ * this LH pad, we only add minimal padding
+ */
+ unsigned int pre_length = data_size + hash_size + *pad;
+ unsigned int length, new_pad;
+
+ new_pad = (uint8_t) (blocksize - (pre_length % blocksize)) + *pad;
- new_pad = (uint8_t) (blocksize - (pre_length % blocksize)) + *pad;
-
- if (new_pad > 255)
- new_pad -= blocksize;
- *pad = new_pad;
+ if (new_pad > 255)
+ new_pad -= blocksize;
+ *pad = new_pad;
- length = data_size + hash_size + *pad;
+ length = data_size + hash_size + *pad;
- if (_gnutls_version_has_explicit_iv(ver))
- length += blocksize; /* for the IV */
+ if (_gnutls_version_has_explicit_iv(ver))
+ length += blocksize; /* for the IV */
- return length;
+ return length;
}
inline static int
-calc_enc_length_stream (gnutls_session_t session, int data_size,
- int hash_size, unsigned auth_cipher)
+calc_enc_length_stream(gnutls_session_t session, int data_size,
+ int hash_size, unsigned auth_cipher)
{
- unsigned int length;
+ unsigned int length;
- length = data_size + hash_size;
- if (auth_cipher)
- length += AEAD_EXPLICIT_DATA_SIZE;
+ length = data_size + hash_size;
+ if (auth_cipher)
+ length += AEAD_EXPLICIT_DATA_SIZE;
- return length;
+ return length;
}
#define MAX_PREAMBLE_SIZE 16
@@ -273,28 +286,27 @@ calc_enc_length_stream (gnutls_session_t session, int data_size,
* and are not to be sent). Returns their size.
*/
static inline int
-make_preamble (uint8_t * uint64_data, uint8_t type, unsigned int length,
- const version_entry_st* ver, uint8_t * preamble)
+make_preamble(uint8_t * uint64_data, uint8_t type, unsigned int length,
+ const version_entry_st * ver, uint8_t * preamble)
{
- uint8_t *p = preamble;
- uint16_t c_length;
-
- c_length = _gnutls_conv_uint16 (length);
-
- memcpy (p, uint64_data, 8);
- p += 8;
- *p = type;
- p++;
- if (ver->id != GNUTLS_SSL3)
- { /* TLS protocols */
- *p = ver->major;
- p++;
- *p = ver->minor;
- p++;
- }
- memcpy (p, &c_length, 2);
- p += 2;
- return p - preamble;
+ uint8_t *p = preamble;
+ uint16_t c_length;
+
+ c_length = _gnutls_conv_uint16(length);
+
+ memcpy(p, uint64_data, 8);
+ p += 8;
+ *p = type;
+ p++;
+ if (ver->id != GNUTLS_SSL3) { /* TLS protocols */
+ *p = ver->major;
+ p++;
+ *p = ver->minor;
+ p++;
+ }
+ memcpy(p, &c_length, 2);
+ p += 2;
+ return p - preamble;
}
/* This is the actual encryption
@@ -303,686 +315,805 @@ make_preamble (uint8_t * uint64_data, uint8_t type, unsigned int length,
* return the actual encrypted data length.
*/
static int
-compressed_to_ciphertext (gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t *compressed,
- size_t min_pad,
- content_type_t type,
- record_parameters_st * params)
+compressed_to_ciphertext(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * compressed,
+ size_t min_pad,
+ content_type_t type,
+ record_parameters_st * params)
{
- uint8_t pad;
- int length, ret;
- uint8_t preamble[MAX_PREAMBLE_SIZE];
- int preamble_size;
- int tag_size = _gnutls_auth_cipher_tag_len (&params->write.cipher_state);
- int blocksize = _gnutls_cipher_get_block_size (params->cipher);
- unsigned block_algo =
- _gnutls_cipher_is_block (params->cipher);
- uint8_t *data_ptr;
- const version_entry_st* ver = get_version (session);
- int explicit_iv = _gnutls_version_has_explicit_iv (ver);
- int auth_cipher = _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
- uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
- unsigned iv_size;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
-
- _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
- session, _gnutls_cipher_get_name(params->cipher), _gnutls_mac_get_name(params->mac),
- (unsigned int)params->epoch);
-
- preamble_size =
- make_preamble (UINT64DATA
- (params->write.sequence_number),
- type, compressed->size, ver, preamble);
-
- /* Calculate the encrypted length (padding etc.)
- */
- if (block_algo == CIPHER_BLOCK)
- {
- /* Call _gnutls_rnd() once. Get data used for the IV
- */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, nonce, blocksize);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- pad = min_pad;
-
- length =
- calc_enc_length_block (session, ver, compressed->size, tag_size, &pad,
- auth_cipher, blocksize);
- }
- else
- {
- pad = 0;
- length =
- calc_enc_length_stream (session, compressed->size, tag_size,
- auth_cipher);
- }
-
- if (length < 0)
- return gnutls_assert_val(length);
-
- /* copy the encrypted data to cipher_data.
- */
- if (cipher_size < length)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- data_ptr = cipher_data;
-
- if (explicit_iv) /* TLS 1.1 or later */
- {
- if (block_algo == CIPHER_BLOCK)
- {
- /* copy the random IV.
- */
- memcpy(data_ptr, nonce, blocksize);
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, data_ptr, blocksize);
-
- data_ptr += blocksize;
- cipher_data += blocksize;
- }
- else if (auth_cipher)
- {
- /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
- */
- if (params->write.IV.data == NULL || params->write.IV.size != AEAD_IMPLICIT_DATA_SIZE)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* Instead of generating a new nonce on every packet, we use the
- * write.sequence_number (It is a MAY on RFC 5288).
- */
- memcpy(nonce, params->write.IV.data, params->write.IV.size);
- memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE], UINT64DATA(params->write.sequence_number), 8);
-
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, nonce, AEAD_IMPLICIT_DATA_SIZE+AEAD_EXPLICIT_DATA_SIZE);
-
- /* copy the explicit part */
- memcpy(data_ptr, &nonce[AEAD_IMPLICIT_DATA_SIZE], AEAD_EXPLICIT_DATA_SIZE);
-
- data_ptr += AEAD_EXPLICIT_DATA_SIZE;
- cipher_data += AEAD_EXPLICIT_DATA_SIZE;
- }
- else if (iv_size > 0)
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
- }
- else
- {
- /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
- */
- if (auth_cipher)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- else if (block_algo == CIPHER_STREAM && iv_size > 0)
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
- }
-
- _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
-
- /* add the authenticate data */
- ret = _gnutls_auth_cipher_add_auth(&params->write.cipher_state, preamble, preamble_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Actual encryption.
- */
- ret =
- _gnutls_auth_cipher_encrypt2_tag (&params->write.cipher_state,
- compressed->data, compressed->size, cipher_data, cipher_size,
- pad);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return length;
+ uint8_t pad;
+ int length, ret;
+ uint8_t preamble[MAX_PREAMBLE_SIZE];
+ int preamble_size;
+ int tag_size =
+ _gnutls_auth_cipher_tag_len(&params->write.cipher_state);
+ int blocksize = _gnutls_cipher_get_block_size(params->cipher);
+ unsigned block_algo = _gnutls_cipher_is_block(params->cipher);
+ uint8_t *data_ptr;
+ const version_entry_st *ver = get_version(session);
+ int explicit_iv = _gnutls_version_has_explicit_iv(ver);
+ int auth_cipher =
+ _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
+ uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
+ unsigned iv_size;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+
+ _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
+ session, _gnutls_cipher_get_name(params->cipher),
+ _gnutls_mac_get_name(params->mac),
+ (unsigned int) params->epoch);
+
+ preamble_size =
+ make_preamble(UINT64DATA
+ (params->write.sequence_number),
+ type, compressed->size, ver, preamble);
+
+ /* Calculate the encrypted length (padding etc.)
+ */
+ if (block_algo == CIPHER_BLOCK) {
+ /* Call _gnutls_rnd() once. Get data used for the IV
+ */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ pad = min_pad;
+
+ length =
+ calc_enc_length_block(session, ver, compressed->size,
+ tag_size, &pad, auth_cipher,
+ blocksize);
+ } else {
+ pad = 0;
+ length =
+ calc_enc_length_stream(session, compressed->size,
+ tag_size, auth_cipher);
+ }
+
+ if (length < 0)
+ return gnutls_assert_val(length);
+
+ /* copy the encrypted data to cipher_data.
+ */
+ if (cipher_size < length)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ data_ptr = cipher_data;
+
+ if (explicit_iv) { /* TLS 1.1 or later */
+ if (block_algo == CIPHER_BLOCK) {
+ /* copy the random IV.
+ */
+ memcpy(data_ptr, nonce, blocksize);
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state, data_ptr,
+ blocksize);
+
+ data_ptr += blocksize;
+ cipher_data += blocksize;
+ } else if (auth_cipher) {
+ /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
+ */
+ if (params->write.IV.data == NULL
+ || params->write.IV.size !=
+ AEAD_IMPLICIT_DATA_SIZE)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ /* Instead of generating a new nonce on every packet, we use the
+ * write.sequence_number (It is a MAY on RFC 5288).
+ */
+ memcpy(nonce, params->write.IV.data,
+ params->write.IV.size);
+ memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE],
+ UINT64DATA(params->write.sequence_number),
+ 8);
+
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state, nonce,
+ AEAD_IMPLICIT_DATA_SIZE +
+ AEAD_EXPLICIT_DATA_SIZE);
+
+ /* copy the explicit part */
+ memcpy(data_ptr, &nonce[AEAD_IMPLICIT_DATA_SIZE],
+ AEAD_EXPLICIT_DATA_SIZE);
+
+ data_ptr += AEAD_EXPLICIT_DATA_SIZE;
+ cipher_data += AEAD_EXPLICIT_DATA_SIZE;
+ } else if (iv_size > 0)
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state,
+ UINT64DATA(params->write.
+ sequence_number),
+ 8);
+ } else {
+ /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
+ */
+ if (auth_cipher)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ else if (block_algo == CIPHER_STREAM && iv_size > 0)
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state,
+ UINT64DATA(params->write.
+ sequence_number),
+ 8);
+ }
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state,
+ UINT64DATA(params->write.
+ sequence_number), 8);
+
+ /* add the authenticate data */
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->write.cipher_state,
+ preamble, preamble_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Actual encryption.
+ */
+ ret =
+ _gnutls_auth_cipher_encrypt2_tag(&params->write.cipher_state,
+ compressed->data,
+ compressed->size, cipher_data,
+ cipher_size, pad);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return length;
}
static int
-compressed_to_ciphertext_new (gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t *compressed,
- size_t min_pad,
- content_type_t type,
- record_parameters_st * params)
+compressed_to_ciphertext_new(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * compressed,
+ size_t min_pad,
+ content_type_t type,
+ record_parameters_st * params)
{
- uint16_t pad = min_pad;
- int length, length_to_encrypt, ret;
- uint8_t preamble[MAX_PREAMBLE_SIZE];
- int preamble_size;
- int tag_size = _gnutls_auth_cipher_tag_len (&params->write.cipher_state);
- int blocksize = _gnutls_cipher_get_block_size (params->cipher);
- unsigned block_algo =
- _gnutls_cipher_is_block (params->cipher);
- uint8_t *data_ptr;
- const version_entry_st* ver = get_version (session);
- int explicit_iv = _gnutls_version_has_explicit_iv (ver);
- int auth_cipher = _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
- uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
- unsigned iv_size, final_cipher_size;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
-
- _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
- session, _gnutls_cipher_get_name(params->cipher), _gnutls_mac_get_name(params->mac),
- (unsigned int)params->epoch);
-
- /* Call _gnutls_rnd() once. Get data used for the IV
- */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, nonce, blocksize);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* cipher_data points to the start of data to be encrypted */
- data_ptr = cipher_data;
-
- length_to_encrypt = length = 0;
-
- if (explicit_iv)
- {
- if (block_algo == CIPHER_BLOCK)
- {
- /* copy the random IV.
- */
- DECR_LEN(cipher_size, blocksize);
-
- memcpy(data_ptr, nonce, blocksize);
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, data_ptr, blocksize);
-
- data_ptr += blocksize;
- cipher_data += blocksize;
- length += blocksize;
- }
- else if (auth_cipher)
- {
- /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
- */
- if (params->write.IV.data == NULL || params->write.IV.size != AEAD_IMPLICIT_DATA_SIZE)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* Instead of generating a new nonce on every packet, we use the
- * write.sequence_number (It is a MAY on RFC 5288).
- */
- memcpy(nonce, params->write.IV.data, params->write.IV.size);
- memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE], UINT64DATA(params->write.sequence_number), 8);
-
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, nonce, AEAD_IMPLICIT_DATA_SIZE+AEAD_EXPLICIT_DATA_SIZE);
-
- /* copy the explicit part */
- DECR_LEN(cipher_size, AEAD_EXPLICIT_DATA_SIZE);
- memcpy(data_ptr, &nonce[AEAD_IMPLICIT_DATA_SIZE], AEAD_EXPLICIT_DATA_SIZE);
-
- data_ptr += AEAD_EXPLICIT_DATA_SIZE;
- cipher_data += AEAD_EXPLICIT_DATA_SIZE;
- length += AEAD_EXPLICIT_DATA_SIZE;
- }
- else if (iv_size > 0)
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
- }
- else
- {
- /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
- */
- if (auth_cipher) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
-
- DECR_LEN(cipher_size, 2);
-
- if (block_algo == CIPHER_BLOCK) /* make pad a multiple of blocksize */
- {
- unsigned t = (2 + pad + compressed->size + tag_size) % blocksize;
- if (t > 0)
- {
- pad += blocksize - t;
- }
- }
-
- _gnutls_write_uint16 (pad, data_ptr);
- data_ptr += 2;
- length_to_encrypt += 2;
- length += 2;
- final_cipher_size = cipher_size;
-
- if (pad > 0)
- {
- unsigned t;
-
- t = cipher_size - compressed->size;
- if (pad > t)
- {
- if (block_algo == CIPHER_BLOCK)
- {
- if (pad <= blocksize)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- pad -= blocksize*((pad-t)/blocksize);
- }
- else
- pad = t;
- }
-
- DECR_LEN(cipher_size, pad);
-
- memset(data_ptr, 0, pad);
- data_ptr += pad;
- length_to_encrypt += pad;
- length += pad;
- }
-
- DECR_LEN(cipher_size, compressed->size);
-
- memcpy (data_ptr, compressed->data, compressed->size);
- data_ptr += compressed->size;
- length_to_encrypt += compressed->size;
- length += compressed->size;
-
- if (tag_size > 0)
- {
- DECR_LEN(cipher_size, tag_size);
-
- data_ptr += tag_size;
-
- /* In AEAD ciphers we don't encrypt the tag
- */
- length += tag_size;
- }
-
- preamble_size =
- make_preamble (UINT64DATA
- (params->write.sequence_number),
- type, compressed->size+2+pad, ver, preamble);
-
- _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
- /* add the authenticated data */
- ret = _gnutls_auth_cipher_add_auth(&params->write.cipher_state, preamble, preamble_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Actual encryption (inplace).
- */
- ret =
- _gnutls_auth_cipher_encrypt2_tag (&params->write.cipher_state,
- cipher_data, length_to_encrypt,
- cipher_data, final_cipher_size, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return length;
+ uint16_t pad = min_pad;
+ int length, length_to_encrypt, ret;
+ uint8_t preamble[MAX_PREAMBLE_SIZE];
+ int preamble_size;
+ int tag_size =
+ _gnutls_auth_cipher_tag_len(&params->write.cipher_state);
+ int blocksize = _gnutls_cipher_get_block_size(params->cipher);
+ unsigned block_algo = _gnutls_cipher_is_block(params->cipher);
+ uint8_t *data_ptr;
+ const version_entry_st *ver = get_version(session);
+ int explicit_iv = _gnutls_version_has_explicit_iv(ver);
+ int auth_cipher =
+ _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
+ uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
+ unsigned iv_size, final_cipher_size;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+
+ _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
+ session, _gnutls_cipher_get_name(params->cipher),
+ _gnutls_mac_get_name(params->mac),
+ (unsigned int) params->epoch);
+
+ /* Call _gnutls_rnd() once. Get data used for the IV
+ */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* cipher_data points to the start of data to be encrypted */
+ data_ptr = cipher_data;
+
+ length_to_encrypt = length = 0;
+
+ if (explicit_iv) {
+ if (block_algo == CIPHER_BLOCK) {
+ /* copy the random IV.
+ */
+ DECR_LEN(cipher_size, blocksize);
+
+ memcpy(data_ptr, nonce, blocksize);
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state, data_ptr,
+ blocksize);
+
+ data_ptr += blocksize;
+ cipher_data += blocksize;
+ length += blocksize;
+ } else if (auth_cipher) {
+ /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
+ */
+ if (params->write.IV.data == NULL
+ || params->write.IV.size !=
+ AEAD_IMPLICIT_DATA_SIZE)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ /* Instead of generating a new nonce on every packet, we use the
+ * write.sequence_number (It is a MAY on RFC 5288).
+ */
+ memcpy(nonce, params->write.IV.data,
+ params->write.IV.size);
+ memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE],
+ UINT64DATA(params->write.sequence_number),
+ 8);
+
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state, nonce,
+ AEAD_IMPLICIT_DATA_SIZE +
+ AEAD_EXPLICIT_DATA_SIZE);
+
+ /* copy the explicit part */
+ DECR_LEN(cipher_size, AEAD_EXPLICIT_DATA_SIZE);
+ memcpy(data_ptr, &nonce[AEAD_IMPLICIT_DATA_SIZE],
+ AEAD_EXPLICIT_DATA_SIZE);
+
+ data_ptr += AEAD_EXPLICIT_DATA_SIZE;
+ cipher_data += AEAD_EXPLICIT_DATA_SIZE;
+ length += AEAD_EXPLICIT_DATA_SIZE;
+ } else if (iv_size > 0)
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state,
+ UINT64DATA(params->write.
+ sequence_number),
+ 8);
+ } else {
+ /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
+ */
+ if (auth_cipher)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ DECR_LEN(cipher_size, 2);
+
+ if (block_algo == CIPHER_BLOCK) { /* make pad a multiple of blocksize */
+ unsigned t =
+ (2 + pad + compressed->size + tag_size) % blocksize;
+ if (t > 0) {
+ pad += blocksize - t;
+ }
+ }
+
+ _gnutls_write_uint16(pad, data_ptr);
+ data_ptr += 2;
+ length_to_encrypt += 2;
+ length += 2;
+ final_cipher_size = cipher_size;
+
+ if (pad > 0) {
+ unsigned t;
+
+ t = cipher_size - compressed->size;
+ if (pad > t) {
+ if (block_algo == CIPHER_BLOCK) {
+ if (pad <= blocksize)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ pad -= blocksize * ((pad - t) / blocksize);
+ } else
+ pad = t;
+ }
+
+ DECR_LEN(cipher_size, pad);
+
+ memset(data_ptr, 0, pad);
+ data_ptr += pad;
+ length_to_encrypt += pad;
+ length += pad;
+ }
+
+ DECR_LEN(cipher_size, compressed->size);
+
+ memcpy(data_ptr, compressed->data, compressed->size);
+ data_ptr += compressed->size;
+ length_to_encrypt += compressed->size;
+ length += compressed->size;
+
+ if (tag_size > 0) {
+ DECR_LEN(cipher_size, tag_size);
+
+ data_ptr += tag_size;
+
+ /* In AEAD ciphers we don't encrypt the tag
+ */
+ length += tag_size;
+ }
+
+ preamble_size =
+ make_preamble(UINT64DATA
+ (params->write.sequence_number),
+ type, compressed->size + 2 + pad, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state,
+ UINT64DATA(params->write.
+ sequence_number), 8);
+ /* add the authenticated data */
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->write.cipher_state,
+ preamble, preamble_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Actual encryption (inplace).
+ */
+ ret =
+ _gnutls_auth_cipher_encrypt2_tag(&params->write.cipher_state,
+ cipher_data,
+ length_to_encrypt,
+ cipher_data,
+ final_cipher_size, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return length;
}
-static void dummy_wait(record_parameters_st * params, gnutls_datum_t* plaintext,
- unsigned pad_failed, unsigned int pad, unsigned total)
+static void dummy_wait(record_parameters_st * params,
+ gnutls_datum_t * plaintext, unsigned pad_failed,
+ unsigned int pad, unsigned total)
{
- /* this hack is only needed on CBC ciphers */
- if (_gnutls_cipher_is_block (params->cipher) == CIPHER_BLOCK)
- {
- unsigned len;
-
- /* force an additional hash compression function evaluation to prevent timing
- * attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.
- */
- if (pad_failed == 0 && pad > 0)
- {
- len = _gnutls_mac_block_size(params->mac);
- if (len > 0)
- {
- /* This is really specific to the current hash functions.
- * It should be removed once a protocol fix is in place.
- */
- if ((pad+total) % len > len-9 && total % len <= len-9)
- {
- if (len < plaintext->size)
- _gnutls_auth_cipher_add_auth (&params->read.cipher_state, plaintext->data, len);
- else
- _gnutls_auth_cipher_add_auth (&params->read.cipher_state, plaintext->data, plaintext->size);
- }
- }
- }
- }
+ /* this hack is only needed on CBC ciphers */
+ if (_gnutls_cipher_is_block(params->cipher) == CIPHER_BLOCK) {
+ unsigned len;
+
+ /* force an additional hash compression function evaluation to prevent timing
+ * attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.
+ */
+ if (pad_failed == 0 && pad > 0) {
+ len = _gnutls_mac_block_size(params->mac);
+ if (len > 0) {
+ /* This is really specific to the current hash functions.
+ * It should be removed once a protocol fix is in place.
+ */
+ if ((pad + total) % len > len - 9
+ && total % len <= len - 9) {
+ if (len < plaintext->size)
+ _gnutls_auth_cipher_add_auth
+ (&params->read.
+ cipher_state,
+ plaintext->data, len);
+ else
+ _gnutls_auth_cipher_add_auth
+ (&params->read.
+ cipher_state,
+ plaintext->data,
+ plaintext->size);
+ }
+ }
+ }
+ }
}
/* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size.
* Returns the actual compressed packet size.
*/
static int
-ciphertext_to_compressed (gnutls_session_t session,
- gnutls_datum_t *ciphertext,
- gnutls_datum_t * compressed,
- uint8_t type, record_parameters_st * params,
- uint64* sequence)
+ciphertext_to_compressed(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * compressed,
+ uint8_t type, record_parameters_st * params,
+ uint64 * sequence)
{
- uint8_t tag[MAX_HASH_SIZE];
- const uint8_t* tag_ptr;
- unsigned int pad = 0, i;
- int length, length_to_decrypt;
- uint16_t blocksize;
- int ret;
- unsigned int tmp_pad_failed = 0;
- unsigned int pad_failed = 0;
- uint8_t preamble[MAX_PREAMBLE_SIZE];
- unsigned int preamble_size;
- const version_entry_st* ver = get_version (session);
- unsigned int tag_size = _gnutls_auth_cipher_tag_len (&params->read.cipher_state);
- unsigned int explicit_iv = _gnutls_version_has_explicit_iv (ver);
- unsigned iv_size;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
- blocksize = _gnutls_cipher_get_block_size (params->cipher);
-
- /* actual decryption (inplace)
- */
- switch (_gnutls_cipher_is_block (params->cipher))
- {
- case CIPHER_STREAM:
- /* The way AEAD ciphers are defined in RFC5246, it allows
- * only stream ciphers.
- */
- if (explicit_iv && _gnutls_auth_cipher_is_aead(&params->read.cipher_state))
- {
- uint8_t nonce[blocksize];
- /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
- */
- if (unlikely(params->read.IV.data == NULL || params->read.IV.size != 4))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (unlikely(ciphertext->size < tag_size+AEAD_EXPLICIT_DATA_SIZE))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- memcpy(nonce, params->read.IV.data, AEAD_IMPLICIT_DATA_SIZE);
- memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE], ciphertext->data, AEAD_EXPLICIT_DATA_SIZE);
-
- _gnutls_auth_cipher_setiv(&params->read.cipher_state, nonce, AEAD_EXPLICIT_DATA_SIZE+AEAD_IMPLICIT_DATA_SIZE);
-
- ciphertext->data += AEAD_EXPLICIT_DATA_SIZE;
- ciphertext->size -= AEAD_EXPLICIT_DATA_SIZE;
-
- length = length_to_decrypt = ciphertext->size - tag_size;
- tag_ptr = ciphertext->data + length_to_decrypt;
- }
- else if (iv_size > 0)
- { /* a stream cipher with explicit IV */
- _gnutls_auth_cipher_setiv(&params->read.cipher_state, UINT64DATA(*sequence), 8);
- length_to_decrypt = ciphertext->size;
- length = ciphertext->size - tag_size;
- tag_ptr = compressed->data + length;
- }
- else
- {
- if (unlikely(ciphertext->size < tag_size))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- length_to_decrypt = ciphertext->size;
- length = ciphertext->size - tag_size;
- tag_ptr = compressed->data + length;
- }
-
-
- /* Pass the type, version, length and compressed through
- * MAC.
- */
- preamble_size =
- make_preamble (UINT64DATA(*sequence), type,
- length, ver, preamble);
-
- _gnutls_auth_cipher_set_mac_nonce(&params->read.cipher_state, UINT64DATA(*sequence), 8);
- ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- if (unlikely((unsigned)length_to_decrypt > compressed->size))
- {
- _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
- (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- }
-
- ret =
- _gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
- ciphertext->data, length_to_decrypt,
- compressed->data, compressed->size);
-
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- break;
- case CIPHER_BLOCK:
- if (unlikely(ciphertext->size < blocksize || (ciphertext->size % blocksize != 0)))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- /* ignore the IV in TLS 1.1+
- */
- if (explicit_iv)
- {
- _gnutls_auth_cipher_setiv(&params->read.cipher_state,
- ciphertext->data, blocksize);
-
- ciphertext->size -= blocksize;
- ciphertext->data += blocksize;
- }
-
- if (unlikely(ciphertext->size < tag_size+1))
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- /* we don't use the auth_cipher interface here, since
- * TLS with block ciphers is impossible to be used under such
- * an API. (the length of plaintext is required to calculate
- * auth_data, but it is not available before decryption).
- */
- if (unlikely(ciphertext->size > compressed->size))
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- ret =
- _gnutls_cipher_decrypt2 (&params->read.cipher_state.cipher,
- ciphertext->data, ciphertext->size,
- compressed->data, compressed->size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- pad = compressed->data[ciphertext->size - 1]; /* pad */
-
- /* Check the pading bytes (TLS 1.x).
- * Note that we access all 256 bytes of ciphertext for padding check
- * because there is a timing channel in that memory access (in certain CPUs).
- */
- if (ver->id != GNUTLS_SSL3)
- for (i = 2; i <= MIN(256, ciphertext->size); i++)
- {
- tmp_pad_failed |= (compressed->data[ciphertext->size - i] != pad);
- pad_failed |= ((i<= (1+pad)) & (tmp_pad_failed));
- }
-
- if (unlikely(pad_failed != 0 || (1+pad > ((int) ciphertext->size - tag_size))))
- {
- /* We do not fail here. We check below for the
- * the pad_failed. If zero means success.
- */
- pad_failed = 1;
- pad = 0;
- }
-
- length = ciphertext->size - tag_size - pad - 1;
- tag_ptr = &compressed->data[length];
-
- /* Pass the type, version, length and compressed through
- * MAC.
- */
- preamble_size =
- make_preamble (UINT64DATA(*sequence), type,
- length, ver, preamble);
-
- _gnutls_auth_cipher_set_mac_nonce(&params->read.cipher_state, UINT64DATA(*sequence), 8);
- ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, compressed->data, length);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- break;
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
-
- ret = _gnutls_auth_cipher_tag(&params->read.cipher_state, tag, tag_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- /* Here there could be a timing leakage in CBC ciphersuites that
- * could be exploited if the cost of a successful memcmp is high.
- * A constant time memcmp would help there, but it is not easy to maintain
- * against compiler optimizations. Currently we rely on the fact that
- * a memcmp comparison is negligible over the crypto operations.
- */
- if (unlikely(memcmp (tag, tag_ptr, tag_size) != 0 || pad_failed != 0))
- {
- /* HMAC was not the same. */
- dummy_wait(params, compressed, pad_failed, pad, length+preamble_size);
-
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- }
-
- return length;
+ uint8_t tag[MAX_HASH_SIZE];
+ const uint8_t *tag_ptr;
+ unsigned int pad = 0, i;
+ int length, length_to_decrypt;
+ uint16_t blocksize;
+ int ret;
+ unsigned int tmp_pad_failed = 0;
+ unsigned int pad_failed = 0;
+ uint8_t preamble[MAX_PREAMBLE_SIZE];
+ unsigned int preamble_size;
+ const version_entry_st *ver = get_version(session);
+ unsigned int tag_size =
+ _gnutls_auth_cipher_tag_len(&params->read.cipher_state);
+ unsigned int explicit_iv = _gnutls_version_has_explicit_iv(ver);
+ unsigned iv_size;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+ blocksize = _gnutls_cipher_get_block_size(params->cipher);
+
+ /* actual decryption (inplace)
+ */
+ switch (_gnutls_cipher_is_block(params->cipher)) {
+ case CIPHER_STREAM:
+ /* The way AEAD ciphers are defined in RFC5246, it allows
+ * only stream ciphers.
+ */
+ if (explicit_iv
+ && _gnutls_auth_cipher_is_aead(&params->read.
+ cipher_state)) {
+ uint8_t nonce[blocksize];
+ /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
+ */
+ if (unlikely
+ (params->read.IV.data == NULL
+ || params->read.IV.size != 4))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ if (unlikely
+ (ciphertext->size <
+ tag_size + AEAD_EXPLICIT_DATA_SIZE))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ memcpy(nonce, params->read.IV.data,
+ AEAD_IMPLICIT_DATA_SIZE);
+ memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE],
+ ciphertext->data, AEAD_EXPLICIT_DATA_SIZE);
+
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state, nonce,
+ AEAD_EXPLICIT_DATA_SIZE +
+ AEAD_IMPLICIT_DATA_SIZE);
+
+ ciphertext->data += AEAD_EXPLICIT_DATA_SIZE;
+ ciphertext->size -= AEAD_EXPLICIT_DATA_SIZE;
+
+ length = length_to_decrypt =
+ ciphertext->size - tag_size;
+ tag_ptr = ciphertext->data + length_to_decrypt;
+ } else if (iv_size > 0) { /* a stream cipher with explicit IV */
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state,
+ UINT64DATA(*sequence),
+ 8);
+ length_to_decrypt = ciphertext->size;
+ length = ciphertext->size - tag_size;
+ tag_ptr = compressed->data + length;
+ } else {
+ if (unlikely(ciphertext->size < tag_size))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ length_to_decrypt = ciphertext->size;
+ length = ciphertext->size - tag_size;
+ tag_ptr = compressed->data + length;
+ }
+
+
+ /* Pass the type, version, length and compressed through
+ * MAC.
+ */
+ preamble_size =
+ make_preamble(UINT64DATA(*sequence), type,
+ length, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->read.
+ cipher_state,
+ UINT64DATA(*sequence),
+ 8);
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->read.
+ cipher_state, preamble,
+ preamble_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ if (unlikely
+ ((unsigned) length_to_decrypt > compressed->size)) {
+ _gnutls_audit_log(session,
+ "Received %u bytes, while expecting less than %u\n",
+ (unsigned int) length_to_decrypt,
+ (unsigned int) compressed->size);
+ return
+ gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ }
+
+ ret =
+ _gnutls_auth_cipher_decrypt2(&params->read.
+ cipher_state,
+ ciphertext->data,
+ length_to_decrypt,
+ compressed->data,
+ compressed->size);
+
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ break;
+ case CIPHER_BLOCK:
+ if (unlikely
+ (ciphertext->size < blocksize
+ || (ciphertext->size % blocksize != 0)))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ /* ignore the IV in TLS 1.1+
+ */
+ if (explicit_iv) {
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state,
+ ciphertext->data,
+ blocksize);
+
+ ciphertext->size -= blocksize;
+ ciphertext->data += blocksize;
+ }
+
+ if (unlikely(ciphertext->size < tag_size + 1))
+ return
+ gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
+ /* we don't use the auth_cipher interface here, since
+ * TLS with block ciphers is impossible to be used under such
+ * an API. (the length of plaintext is required to calculate
+ * auth_data, but it is not available before decryption).
+ */
+ if (unlikely(ciphertext->size > compressed->size))
+ return
+ gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
+ ret =
+ _gnutls_cipher_decrypt2(&params->read.cipher_state.
+ cipher, ciphertext->data,
+ ciphertext->size,
+ compressed->data,
+ compressed->size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ pad = compressed->data[ciphertext->size - 1]; /* pad */
+
+ /* Check the pading bytes (TLS 1.x).
+ * Note that we access all 256 bytes of ciphertext for padding check
+ * because there is a timing channel in that memory access (in certain CPUs).
+ */
+ if (ver->id != GNUTLS_SSL3)
+ for (i = 2; i <= MIN(256, ciphertext->size); i++) {
+ tmp_pad_failed |=
+ (compressed->
+ data[ciphertext->size - i] != pad);
+ pad_failed |=
+ ((i <= (1 + pad)) & (tmp_pad_failed));
+ }
+
+ if (unlikely
+ (pad_failed != 0
+ || (1 + pad > ((int) ciphertext->size - tag_size)))) {
+ /* We do not fail here. We check below for the
+ * the pad_failed. If zero means success.
+ */
+ pad_failed = 1;
+ pad = 0;
+ }
+
+ length = ciphertext->size - tag_size - pad - 1;
+ tag_ptr = &compressed->data[length];
+
+ /* Pass the type, version, length and compressed through
+ * MAC.
+ */
+ preamble_size =
+ make_preamble(UINT64DATA(*sequence), type,
+ length, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->read.
+ cipher_state,
+ UINT64DATA(*sequence),
+ 8);
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->read.
+ cipher_state, preamble,
+ preamble_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->read.
+ cipher_state,
+ compressed->data, length);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ ret =
+ _gnutls_auth_cipher_tag(&params->read.cipher_state, tag,
+ tag_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ /* Here there could be a timing leakage in CBC ciphersuites that
+ * could be exploited if the cost of a successful memcmp is high.
+ * A constant time memcmp would help there, but it is not easy to maintain
+ * against compiler optimizations. Currently we rely on the fact that
+ * a memcmp comparison is negligible over the crypto operations.
+ */
+ if (unlikely
+ (memcmp(tag, tag_ptr, tag_size) != 0 || pad_failed != 0)) {
+ /* HMAC was not the same. */
+ dummy_wait(params, compressed, pad_failed, pad,
+ length + preamble_size);
+
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ }
+
+ return length;
}
static int
-ciphertext_to_compressed_new (gnutls_session_t restrict session,
- gnutls_datum_t *restrict ciphertext,
- gnutls_datum_t *restrict compressed,
- uint8_t type, record_parameters_st *restrict params,
- uint64* restrict sequence)
+ciphertext_to_compressed_new(gnutls_session_t restrict session,
+ gnutls_datum_t * restrict ciphertext,
+ gnutls_datum_t * restrict compressed,
+ uint8_t type,
+ record_parameters_st * restrict params,
+ uint64 * restrict sequence)
{
- uint8_t tag[MAX_HASH_SIZE];
- const uint8_t *tag_ptr;
- unsigned int pad;
- int length, length_to_decrypt;
- uint16_t blocksize;
- int ret;
- uint8_t preamble[MAX_PREAMBLE_SIZE];
- unsigned int preamble_size;
- const version_entry_st* ver = get_version (session);
- unsigned int tag_size = _gnutls_auth_cipher_tag_len (&params->read.cipher_state);
- unsigned int explicit_iv = _gnutls_version_has_explicit_iv (ver);
- unsigned iv_size;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
- blocksize = _gnutls_cipher_get_block_size (params->cipher);
-
- /* actual decryption (inplace)
- */
- switch (_gnutls_cipher_is_block (params->cipher))
- {
- case CIPHER_STREAM:
- /* The way AEAD ciphers are defined in RFC5246, it allows
- * only stream ciphers.
- */
- if (explicit_iv && _gnutls_auth_cipher_is_aead(&params->read.cipher_state))
- {
- uint8_t nonce[blocksize];
- /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
- */
- if (params->read.IV.data == NULL || params->read.IV.size != 4)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (ciphertext->size < tag_size+AEAD_EXPLICIT_DATA_SIZE + 2)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- memcpy(nonce, params->read.IV.data, AEAD_IMPLICIT_DATA_SIZE);
- memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE], ciphertext->data, AEAD_EXPLICIT_DATA_SIZE);
-
- _gnutls_auth_cipher_setiv(&params->read.cipher_state, nonce, AEAD_EXPLICIT_DATA_SIZE+AEAD_IMPLICIT_DATA_SIZE);
-
- ciphertext->data += AEAD_EXPLICIT_DATA_SIZE;
- ciphertext->size -= AEAD_EXPLICIT_DATA_SIZE;
-
- length_to_decrypt = ciphertext->size - tag_size;
- }
- else if (iv_size > 0)
- { /* a stream cipher with explicit IV */
- _gnutls_auth_cipher_setiv(&params->read.cipher_state, UINT64DATA(*sequence), 8);
- length_to_decrypt = ciphertext->size;
- }
- else
- {
- if (ciphertext->size < tag_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- length_to_decrypt = ciphertext->size;
- }
- break;
- case CIPHER_BLOCK:
- if (ciphertext->size < blocksize || (ciphertext->size % blocksize != 0))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (explicit_iv)
- {
- _gnutls_auth_cipher_setiv(&params->read.cipher_state,
- ciphertext->data, blocksize);
-
- ciphertext->size -= blocksize;
- ciphertext->data += blocksize;
- }
-
- if (ciphertext->size < tag_size + 2)
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- length_to_decrypt = ciphertext->size;
- if (length_to_decrypt < blocksize)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- break;
-
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
-
- length = ciphertext->size - tag_size;
-
- preamble_size =
- make_preamble (UINT64DATA(*sequence), type,
- length, ver, preamble);
-
- _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(*sequence), 8);
- ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret =
- _gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
- ciphertext->data, length_to_decrypt,
- ciphertext->data, ciphertext->size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- pad = _gnutls_read_uint16(ciphertext->data);
-
- tag_ptr = &ciphertext->data[length];
- ret = _gnutls_auth_cipher_tag(&params->read.cipher_state, tag, tag_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Check MAC.
- */
- if (memcmp (tag, tag_ptr, tag_size) != 0)
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- DECR_LEN(length, 2+pad);
-
- /* copy the decrypted stuff to compress_data.
- */
- if (compressed->size < (unsigned)length)
- return gnutls_assert_val(GNUTLS_E_DECOMPRESSION_FAILED);
-
- memcpy (compressed->data, &ciphertext->data[2+pad], length);
-
- return length;
+ uint8_t tag[MAX_HASH_SIZE];
+ const uint8_t *tag_ptr;
+ unsigned int pad;
+ int length, length_to_decrypt;
+ uint16_t blocksize;
+ int ret;
+ uint8_t preamble[MAX_PREAMBLE_SIZE];
+ unsigned int preamble_size;
+ const version_entry_st *ver = get_version(session);
+ unsigned int tag_size =
+ _gnutls_auth_cipher_tag_len(&params->read.cipher_state);
+ unsigned int explicit_iv = _gnutls_version_has_explicit_iv(ver);
+ unsigned iv_size;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+ blocksize = _gnutls_cipher_get_block_size(params->cipher);
+
+ /* actual decryption (inplace)
+ */
+ switch (_gnutls_cipher_is_block(params->cipher)) {
+ case CIPHER_STREAM:
+ /* The way AEAD ciphers are defined in RFC5246, it allows
+ * only stream ciphers.
+ */
+ if (explicit_iv
+ && _gnutls_auth_cipher_is_aead(&params->read.
+ cipher_state)) {
+ uint8_t nonce[blocksize];
+ /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
+ */
+ if (params->read.IV.data == NULL
+ || params->read.IV.size != 4)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ if (ciphertext->size <
+ tag_size + AEAD_EXPLICIT_DATA_SIZE + 2)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ memcpy(nonce, params->read.IV.data,
+ AEAD_IMPLICIT_DATA_SIZE);
+ memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE],
+ ciphertext->data, AEAD_EXPLICIT_DATA_SIZE);
+
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state, nonce,
+ AEAD_EXPLICIT_DATA_SIZE +
+ AEAD_IMPLICIT_DATA_SIZE);
+
+ ciphertext->data += AEAD_EXPLICIT_DATA_SIZE;
+ ciphertext->size -= AEAD_EXPLICIT_DATA_SIZE;
+
+ length_to_decrypt = ciphertext->size - tag_size;
+ } else if (iv_size > 0) { /* a stream cipher with explicit IV */
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state,
+ UINT64DATA(*sequence),
+ 8);
+ length_to_decrypt = ciphertext->size;
+ } else {
+ if (ciphertext->size < tag_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ length_to_decrypt = ciphertext->size;
+ }
+ break;
+ case CIPHER_BLOCK:
+ if (ciphertext->size < blocksize
+ || (ciphertext->size % blocksize != 0))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (explicit_iv) {
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state,
+ ciphertext->data,
+ blocksize);
+
+ ciphertext->size -= blocksize;
+ ciphertext->data += blocksize;
+ }
+
+ if (ciphertext->size < tag_size + 2)
+ return
+ gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
+ length_to_decrypt = ciphertext->size;
+ if (length_to_decrypt < blocksize)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ break;
+
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ length = ciphertext->size - tag_size;
+
+ preamble_size =
+ make_preamble(UINT64DATA(*sequence), type,
+ length, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state,
+ UINT64DATA(*sequence), 8);
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->read.cipher_state,
+ preamble, preamble_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_auth_cipher_decrypt2(&params->read.cipher_state,
+ ciphertext->data,
+ length_to_decrypt,
+ ciphertext->data,
+ ciphertext->size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ pad = _gnutls_read_uint16(ciphertext->data);
+
+ tag_ptr = &ciphertext->data[length];
+ ret =
+ _gnutls_auth_cipher_tag(&params->read.cipher_state, tag,
+ tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Check MAC.
+ */
+ if (memcmp(tag, tag_ptr, tag_size) != 0)
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
+ DECR_LEN(length, 2 + pad);
+
+ /* copy the decrypted stuff to compress_data.
+ */
+ if (compressed->size < (unsigned) length)
+ return gnutls_assert_val(GNUTLS_E_DECOMPRESSION_FAILED);
+
+ memcpy(compressed->data, &ciphertext->data[2 + pad], length);
+
+ return length;
}
diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h
index cc4a1a08f1..121dff6794 100644
--- a/lib/gnutls_cipher.h
+++ b/lib/gnutls_cipher.h
@@ -20,14 +20,13 @@
*
*/
-int _gnutls_encrypt (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size, size_t min_pad,
- mbuffer_st* bufel,
- content_type_t type,
- record_parameters_st * params);
+int _gnutls_encrypt(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size, size_t min_pad,
+ mbuffer_st * bufel,
+ content_type_t type, record_parameters_st * params);
-int _gnutls_decrypt (gnutls_session_t session,
- gnutls_datum_t *ciphertext, gnutls_datum_t *output,
- content_type_t type, record_parameters_st * params,
- uint64* sequence);
+int _gnutls_decrypt(gnutls_session_t session,
+ gnutls_datum_t * ciphertext, gnutls_datum_t * output,
+ content_type_t type, record_parameters_st * params,
+ uint64 * sequence);
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 10caf76d28..d6483ab2d8 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -40,320 +40,330 @@
*/
int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher)
{
- const gnutls_crypto_cipher_st *cc;
- int ret;
-
- cc = _gnutls_get_crypto_cipher (cipher);
- if (cc != NULL) return 1;
-
- ret = _gnutls_cipher_ops.exists(cipher);
- return ret;
+ const gnutls_crypto_cipher_st *cc;
+ int ret;
+
+ cc = _gnutls_get_crypto_cipher(cipher);
+ if (cc != NULL)
+ return 1;
+
+ ret = _gnutls_cipher_ops.exists(cipher);
+ return ret;
}
int
-_gnutls_cipher_init (cipher_hd_st * handle, const cipher_entry_st* e,
- const gnutls_datum_t * key, const gnutls_datum_t * iv, int enc)
+_gnutls_cipher_init(cipher_hd_st * handle, const cipher_entry_st * e,
+ const gnutls_datum_t * key, const gnutls_datum_t * iv,
+ int enc)
{
- int ret = GNUTLS_E_INTERNAL_ERROR;
- const gnutls_crypto_cipher_st *cc = NULL;
-
- if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- handle->e = e;
-
- /* check if a cipher has been registered
- */
- cc = _gnutls_get_crypto_cipher (e->id);
- if (cc != NULL)
- {
- handle->encrypt = cc->encrypt;
- handle->decrypt = cc->decrypt;
- handle->deinit = cc->deinit;
- handle->auth = cc->auth;
- handle->tag = cc->tag;
- handle->setiv = cc->setiv;
-
- SR (cc->init (e->id, &handle->handle, enc), cc_cleanup);
- SR (cc->setkey( handle->handle, key->data, key->size), cc_cleanup);
- if (iv)
- {
- SR (cc->setiv( handle->handle, iv->data, iv->size), cc_cleanup);
- }
-
- return 0;
- }
-
- handle->encrypt = _gnutls_cipher_ops.encrypt;
- handle->decrypt = _gnutls_cipher_ops.decrypt;
- handle->deinit = _gnutls_cipher_ops.deinit;
- handle->auth = _gnutls_cipher_ops.auth;
- handle->tag = _gnutls_cipher_ops.tag;
- handle->setiv = _gnutls_cipher_ops.setiv;
-
- /* otherwise use generic cipher interface
- */
- ret = _gnutls_cipher_ops.init (e->id, &handle->handle, enc);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_cipher_ops.setkey(handle->handle, key->data, key->size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cc_cleanup;
- }
-
- if (iv)
- {
- ret = _gnutls_cipher_ops.setiv(handle->handle, iv->data, iv->size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cc_cleanup;
- }
- }
-
- return 0;
-
-cc_cleanup:
-
- if (handle->handle)
- handle->deinit (handle->handle);
-
- return ret;
+ int ret = GNUTLS_E_INTERNAL_ERROR;
+ const gnutls_crypto_cipher_st *cc = NULL;
+
+ if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ handle->e = e;
+
+ /* check if a cipher has been registered
+ */
+ cc = _gnutls_get_crypto_cipher(e->id);
+ if (cc != NULL) {
+ handle->encrypt = cc->encrypt;
+ handle->decrypt = cc->decrypt;
+ handle->deinit = cc->deinit;
+ handle->auth = cc->auth;
+ handle->tag = cc->tag;
+ handle->setiv = cc->setiv;
+
+ SR(cc->init(e->id, &handle->handle, enc), cc_cleanup);
+ SR(cc->setkey(handle->handle, key->data, key->size),
+ cc_cleanup);
+ if (iv) {
+ SR(cc->setiv(handle->handle, iv->data, iv->size),
+ cc_cleanup);
+ }
+
+ return 0;
+ }
+
+ handle->encrypt = _gnutls_cipher_ops.encrypt;
+ handle->decrypt = _gnutls_cipher_ops.decrypt;
+ handle->deinit = _gnutls_cipher_ops.deinit;
+ handle->auth = _gnutls_cipher_ops.auth;
+ handle->tag = _gnutls_cipher_ops.tag;
+ handle->setiv = _gnutls_cipher_ops.setiv;
+
+ /* otherwise use generic cipher interface
+ */
+ ret = _gnutls_cipher_ops.init(e->id, &handle->handle, enc);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_cipher_ops.setkey(handle->handle, key->data,
+ key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cc_cleanup;
+ }
+
+ if (iv) {
+ ret =
+ _gnutls_cipher_ops.setiv(handle->handle, iv->data,
+ iv->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cc_cleanup;
+ }
+ }
+
+ return 0;
+
+ cc_cleanup:
+
+ if (handle->handle)
+ handle->deinit(handle->handle);
+
+ return ret;
}
/* Auth_cipher API
*/
-int _gnutls_auth_cipher_init (auth_cipher_hd_st * handle,
- const cipher_entry_st* e,
- const gnutls_datum_t * cipher_key,
- const gnutls_datum_t * iv,
- const mac_entry_st* me,
- const gnutls_datum_t * mac_key,
- int ssl_hmac, int enc)
+int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
+ const cipher_entry_st * e,
+ const gnutls_datum_t * cipher_key,
+ const gnutls_datum_t * iv,
+ const mac_entry_st * me,
+ const gnutls_datum_t * mac_key,
+ int ssl_hmac, int enc)
{
-int ret;
-
- if (unlikely(e == NULL))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- memset(handle, 0, sizeof(*handle));
-
- if (e->id != GNUTLS_CIPHER_NULL)
- {
- handle->non_null = 1;
- ret = _gnutls_cipher_init(&handle->cipher, e, cipher_key, iv, enc);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- handle->non_null = 0;
-
- if (me->id != GNUTLS_MAC_AEAD)
- {
- handle->is_mac = 1;
- handle->ssl_hmac = ssl_hmac;
-
- if (ssl_hmac)
- ret = _gnutls_mac_init_ssl3(&handle->mac.dig, me, mac_key->data, mac_key->size);
- else
- ret = _gnutls_mac_init(&handle->mac.mac, me, mac_key->data, mac_key->size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- handle->tag_size = _gnutls_mac_get_algo_len(me);
- }
- else if (_gnutls_cipher_algo_is_aead(e))
- {
- handle->tag_size = _gnutls_cipher_get_tag_size(e);
- }
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- return 0;
-cleanup:
- if (handle->non_null != 0)
- _gnutls_cipher_deinit(&handle->cipher);
- return ret;
+ int ret;
+
+ if (unlikely(e == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ memset(handle, 0, sizeof(*handle));
+
+ if (e->id != GNUTLS_CIPHER_NULL) {
+ handle->non_null = 1;
+ ret =
+ _gnutls_cipher_init(&handle->cipher, e, cipher_key, iv,
+ enc);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
+ handle->non_null = 0;
+
+ if (me->id != GNUTLS_MAC_AEAD) {
+ handle->is_mac = 1;
+ handle->ssl_hmac = ssl_hmac;
+
+ if (ssl_hmac)
+ ret =
+ _gnutls_mac_init_ssl3(&handle->mac.dig, me,
+ mac_key->data,
+ mac_key->size);
+ else
+ ret =
+ _gnutls_mac_init(&handle->mac.mac, me,
+ mac_key->data, mac_key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ handle->tag_size = _gnutls_mac_get_algo_len(me);
+ } else if (_gnutls_cipher_algo_is_aead(e)) {
+ handle->tag_size = _gnutls_cipher_get_tag_size(e);
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ return 0;
+ cleanup:
+ if (handle->non_null != 0)
+ _gnutls_cipher_deinit(&handle->cipher);
+ return ret;
}
-int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text,
- int textlen)
+int _gnutls_auth_cipher_add_auth(auth_cipher_hd_st * handle,
+ const void *text, int textlen)
{
- if (handle->is_mac)
- {
- if (handle->ssl_hmac)
- return _gnutls_hash(&handle->mac.dig, text, textlen);
- else
- return _gnutls_mac(&handle->mac.mac, text, textlen);
- }
- else if (_gnutls_cipher_is_aead(&handle->cipher))
- return _gnutls_cipher_auth(&handle->cipher, text, textlen);
- else
- return 0;
+ if (handle->is_mac) {
+ if (handle->ssl_hmac)
+ return _gnutls_hash(&handle->mac.dig, text,
+ textlen);
+ else
+ return _gnutls_mac(&handle->mac.mac, text,
+ textlen);
+ } else if (_gnutls_cipher_is_aead(&handle->cipher))
+ return _gnutls_cipher_auth(&handle->cipher, text, textlen);
+ else
+ return 0;
}
/* The caller must make sure that textlen+pad_size+tag_size is divided by the block size of the cipher */
-int _gnutls_auth_cipher_encrypt2_tag (auth_cipher_hd_st * handle, const uint8_t *text,
- int textlen, void *_ciphertext, int ciphertextlen,
- int pad_size)
+int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
+ const uint8_t * text, int textlen,
+ void *_ciphertext, int ciphertextlen,
+ int pad_size)
{
-int ret;
-uint8_t * ciphertext = _ciphertext;
-unsigned blocksize = _gnutls_cipher_get_block_size(handle->cipher.e);
-unsigned l;
-
- if (handle->is_mac)
- {
- if (handle->ssl_hmac)
- ret = _gnutls_hash(&handle->mac.dig, text, textlen);
- else
- ret = _gnutls_mac(&handle->mac.mac, text, textlen);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- if (unlikely(textlen+pad_size+handle->tag_size) > ciphertextlen)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (handle->non_null != 0)
- {
- l = (textlen/blocksize)*blocksize;
- ret = _gnutls_cipher_encrypt2(&handle->cipher, text, l, ciphertext, ciphertextlen);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- textlen -= l;
- text += l;
- ciphertext += l;
- ciphertextlen -= l;
-
- if (ciphertext != text && textlen > 0)
- memcpy(ciphertext, text, textlen);
-
- ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- textlen += handle->tag_size;
-
- /* TLS 1.0 style padding */
- if (pad_size > 0)
- {
- memset (ciphertext+textlen, pad_size - 1, pad_size);
- textlen += pad_size;
- }
-
- ret = _gnutls_cipher_encrypt2(&handle->cipher, ciphertext, textlen, ciphertext, ciphertextlen);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else /* null cipher */
- {
- if (text != ciphertext)
- memcpy(ciphertext, text, textlen);
-
- ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- else if (_gnutls_cipher_is_aead(&handle->cipher))
- {
- ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
- }
- else if (handle->non_null == 0 && text != ciphertext)
- memcpy(ciphertext, text, textlen);
-
- return 0;
+ int ret;
+ uint8_t *ciphertext = _ciphertext;
+ unsigned blocksize =
+ _gnutls_cipher_get_block_size(handle->cipher.e);
+ unsigned l;
+
+ if (handle->is_mac) {
+ if (handle->ssl_hmac)
+ ret =
+ _gnutls_hash(&handle->mac.dig, text, textlen);
+ else
+ ret = _gnutls_mac(&handle->mac.mac, text, textlen);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ if (unlikely(textlen + pad_size + handle->tag_size) >
+ ciphertextlen)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (handle->non_null != 0) {
+ l = (textlen / blocksize) * blocksize;
+ ret =
+ _gnutls_cipher_encrypt2(&handle->cipher, text,
+ l, ciphertext,
+ ciphertextlen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ textlen -= l;
+ text += l;
+ ciphertext += l;
+ ciphertextlen -= l;
+
+ if (ciphertext != text && textlen > 0)
+ memcpy(ciphertext, text, textlen);
+
+ ret =
+ _gnutls_auth_cipher_tag(handle,
+ ciphertext + textlen,
+ handle->tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ textlen += handle->tag_size;
+
+ /* TLS 1.0 style padding */
+ if (pad_size > 0) {
+ memset(ciphertext + textlen, pad_size - 1,
+ pad_size);
+ textlen += pad_size;
+ }
+
+ ret =
+ _gnutls_cipher_encrypt2(&handle->cipher,
+ ciphertext, textlen,
+ ciphertext,
+ ciphertextlen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else { /* null cipher */
+
+ if (text != ciphertext)
+ memcpy(ciphertext, text, textlen);
+
+ ret =
+ _gnutls_auth_cipher_tag(handle,
+ ciphertext + textlen,
+ handle->tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ } else if (_gnutls_cipher_is_aead(&handle->cipher)) {
+ ret =
+ _gnutls_cipher_encrypt2(&handle->cipher, text, textlen,
+ ciphertext, ciphertextlen);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_auth_cipher_tag(handle, ciphertext + textlen,
+ handle->tag_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+ } else if (handle->non_null == 0 && text != ciphertext)
+ memcpy(ciphertext, text, textlen);
+
+ return 0;
}
-int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle,
- const void *ciphertext, int ciphertextlen,
- void *text, int textlen)
+int _gnutls_auth_cipher_decrypt2(auth_cipher_hd_st * handle,
+ const void *ciphertext, int ciphertextlen,
+ void *text, int textlen)
{
-int ret;
-
- if (unlikely(ciphertextlen > textlen))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (handle->non_null != 0)
- {
- ret = _gnutls_cipher_decrypt2(&handle->cipher, ciphertext, ciphertextlen,
- text, textlen);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else if (handle->non_null == 0 && text != ciphertext)
- memcpy(text, ciphertext, ciphertextlen);
-
- if (handle->is_mac)
- {
- /* The MAC is not to be hashed */
- ciphertextlen -= handle->tag_size;
-
- if (handle->ssl_hmac)
- return _gnutls_hash(&handle->mac.dig, text, ciphertextlen);
- else
- return _gnutls_mac(&handle->mac.mac, text, ciphertextlen);
- }
-
- return 0;
+ int ret;
+
+ if (unlikely(ciphertextlen > textlen))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (handle->non_null != 0) {
+ ret =
+ _gnutls_cipher_decrypt2(&handle->cipher, ciphertext,
+ ciphertextlen, text, textlen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else if (handle->non_null == 0 && text != ciphertext)
+ memcpy(text, ciphertext, ciphertextlen);
+
+ if (handle->is_mac) {
+ /* The MAC is not to be hashed */
+ ciphertextlen -= handle->tag_size;
+
+ if (handle->ssl_hmac)
+ return _gnutls_hash(&handle->mac.dig, text,
+ ciphertextlen);
+ else
+ return _gnutls_mac(&handle->mac.mac, text,
+ ciphertextlen);
+ }
+
+ return 0;
}
-int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void* tag, int tag_size)
+int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void *tag,
+ int tag_size)
{
-int ret;
-
- if (handle->is_mac)
- {
- if (handle->ssl_hmac)
- {
- ret = _gnutls_mac_output_ssl3 (&handle->mac.dig, tag);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- {
- _gnutls_mac_output (&handle->mac.mac, tag);
- }
- }
- else if (_gnutls_cipher_is_aead(&handle->cipher))
- {
- _gnutls_cipher_tag(&handle->cipher, tag, tag_size);
- }
- else
- memset(tag, 0, tag_size);
-
- return 0;
+ int ret;
+
+ if (handle->is_mac) {
+ if (handle->ssl_hmac) {
+ ret =
+ _gnutls_mac_output_ssl3(&handle->mac.dig, tag);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else {
+ _gnutls_mac_output(&handle->mac.mac, tag);
+ }
+ } else if (_gnutls_cipher_is_aead(&handle->cipher)) {
+ _gnutls_cipher_tag(&handle->cipher, tag, tag_size);
+ } else
+ memset(tag, 0, tag_size);
+
+ return 0;
}
-void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle)
+void _gnutls_auth_cipher_deinit(auth_cipher_hd_st * handle)
{
- if (handle->is_mac)
- {
- if (handle->ssl_hmac) /* failure here doesn't matter */
- _gnutls_mac_deinit_ssl3 (&handle->mac.dig, NULL);
- else
- _gnutls_mac_deinit(&handle->mac.mac, NULL);
- }
- if (handle->non_null!=0)
- _gnutls_cipher_deinit(&handle->cipher);
+ if (handle->is_mac) {
+ if (handle->ssl_hmac) /* failure here doesn't matter */
+ _gnutls_mac_deinit_ssl3(&handle->mac.dig, NULL);
+ else
+ _gnutls_mac_deinit(&handle->mac.mac, NULL);
+ }
+ if (handle->non_null != 0)
+ _gnutls_cipher_deinit(&handle->cipher);
}
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index 7d41b17fe7..4939af8bcf 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -29,10 +29,10 @@
extern int crypto_cipher_prio;
extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
-typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext, size_t,
- void *ciphertext, size_t);
-typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext, size_t,
- void *plaintext, size_t);
+typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext,
+ size_t, void *ciphertext, size_t);
+typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext,
+ size_t, void *plaintext, size_t);
typedef void (*cipher_deinit_func) (void *hd);
typedef int (*cipher_auth_func) (void *hd, const void *data, size_t);
@@ -40,62 +40,59 @@ typedef int (*cipher_setiv_func) (void *hd, const void *iv, size_t);
typedef void (*cipher_tag_func) (void *hd, void *tag, size_t);
-typedef struct
-{
- void *handle;
- const cipher_entry_st* e;
- cipher_encrypt_func encrypt;
- cipher_decrypt_func decrypt;
- cipher_auth_func auth;
- cipher_tag_func tag;
- cipher_setiv_func setiv;
- cipher_deinit_func deinit;
+typedef struct {
+ void *handle;
+ const cipher_entry_st *e;
+ cipher_encrypt_func encrypt;
+ cipher_decrypt_func decrypt;
+ cipher_auth_func auth;
+ cipher_tag_func tag;
+ cipher_setiv_func setiv;
+ cipher_deinit_func deinit;
} cipher_hd_st;
-int _gnutls_cipher_init (cipher_hd_st *, const cipher_entry_st* e,
- const gnutls_datum_t * key,
- const gnutls_datum_t * iv, int enc);
+int _gnutls_cipher_init(cipher_hd_st *, const cipher_entry_st * e,
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv, int enc);
-inline static void _gnutls_cipher_setiv (const cipher_hd_st * handle,
- const void *iv, size_t ivlen)
+inline static void _gnutls_cipher_setiv(const cipher_hd_st * handle,
+ const void *iv, size_t ivlen)
{
- handle->setiv(handle->handle, iv, ivlen);
+ handle->setiv(handle->handle, iv, ivlen);
}
inline static int
-_gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text,
- size_t textlen, void *ciphertext, size_t ciphertextlen)
+_gnutls_cipher_encrypt2(const cipher_hd_st * handle, const void *text,
+ size_t textlen, void *ciphertext,
+ size_t ciphertextlen)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- return handle->encrypt (handle->handle, text, textlen, ciphertext,
- ciphertextlen);
- }
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ return handle->encrypt(handle->handle, text, textlen,
+ ciphertext, ciphertextlen);
+ }
- return 0;
+ return 0;
}
inline static int
-_gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext,
- size_t ciphertextlen, void *text, size_t textlen)
+_gnutls_cipher_decrypt2(const cipher_hd_st * handle,
+ const void *ciphertext, size_t ciphertextlen,
+ void *text, size_t textlen)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- return handle->decrypt (handle->handle, ciphertext, ciphertextlen,
- text, textlen);
- }
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ return handle->decrypt(handle->handle, ciphertext,
+ ciphertextlen, text, textlen);
+ }
- return 0;
+ return 0;
}
-inline static void
-_gnutls_cipher_deinit (cipher_hd_st * handle)
+inline static void _gnutls_cipher_deinit(cipher_hd_st * handle)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- handle->deinit (handle->handle);
- handle->handle = NULL;
- }
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ handle->deinit(handle->handle);
+ handle->handle = NULL;
+ }
}
int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
@@ -103,24 +100,23 @@ int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
#define _gnutls_cipher_is_aead(h) _gnutls_cipher_algo_is_aead((h)->e)
/* returns the tag in AUTHENC ciphers */
-inline static void _gnutls_cipher_tag( const cipher_hd_st * handle, void* tag, size_t tag_size)
+inline static void _gnutls_cipher_tag(const cipher_hd_st * handle,
+ void *tag, size_t tag_size)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- handle->tag (handle->handle, tag, tag_size);
- }
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ handle->tag(handle->handle, tag, tag_size);
+ }
}
/* Add auth data for AUTHENC ciphers
*/
-inline static int _gnutls_cipher_auth (const cipher_hd_st * handle, const void *text,
- size_t textlen)
+inline static int _gnutls_cipher_auth(const cipher_hd_st * handle,
+ const void *text, size_t textlen)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- return handle->auth (handle->handle, text, textlen);
- }
- return GNUTLS_E_INTERNAL_ERROR;
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ return handle->auth(handle->handle, text, textlen);
+ }
+ return GNUTLS_E_INTERNAL_ERROR;
}
#define _gnutls_cipher_encrypt(x,y,z) _gnutls_cipher_encrypt2(x,y,z,y,z)
@@ -129,61 +125,66 @@ inline static int _gnutls_cipher_auth (const cipher_hd_st * handle, const void *
/* auth_cipher API. Allows combining a cipher with a MAC.
*/
-typedef struct
-{
- cipher_hd_st cipher;
- union {
- digest_hd_st dig;
- mac_hd_st mac;
- } mac;
- unsigned int is_mac:1;
- unsigned int ssl_hmac:1;
- unsigned int non_null:1;
- size_t tag_size;
+typedef struct {
+ cipher_hd_st cipher;
+ union {
+ digest_hd_st dig;
+ mac_hd_st mac;
+ } mac;
+ unsigned int is_mac:1;
+ unsigned int ssl_hmac:1;
+ unsigned int non_null:1;
+ size_t tag_size;
} auth_cipher_hd_st;
-int _gnutls_auth_cipher_init (auth_cipher_hd_st * handle,
- const cipher_entry_st* e,
- const gnutls_datum_t * cipher_key,
- const gnutls_datum_t * iv,
- const mac_entry_st *me,
- const gnutls_datum_t * mac_key, int ssl_hmac, int enc);
-
-int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text,
- int textlen);
-
-int _gnutls_auth_cipher_encrypt2_tag (auth_cipher_hd_st * handle, const uint8_t *text,
- int textlen, void *ciphertext, int ciphertextlen,
- int pad_size);
-int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle,
- const void *ciphertext, int ciphertextlen,
- void *text, int textlen);
-int _gnutls_auth_cipher_tag( auth_cipher_hd_st * handle, void* tag, int tag_size);
-
-inline static void _gnutls_auth_cipher_setiv (const auth_cipher_hd_st * handle,
- const void *iv, size_t ivlen)
+int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
+ const cipher_entry_st * e,
+ const gnutls_datum_t * cipher_key,
+ const gnutls_datum_t * iv,
+ const mac_entry_st * me,
+ const gnutls_datum_t * mac_key, int ssl_hmac,
+ int enc);
+
+int _gnutls_auth_cipher_add_auth(auth_cipher_hd_st * handle,
+ const void *text, int textlen);
+
+int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
+ const uint8_t * text, int textlen,
+ void *ciphertext, int ciphertextlen,
+ int pad_size);
+int _gnutls_auth_cipher_decrypt2(auth_cipher_hd_st * handle,
+ const void *ciphertext, int ciphertextlen,
+ void *text, int textlen);
+int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void *tag,
+ int tag_size);
+
+inline static void _gnutls_auth_cipher_setiv(const auth_cipher_hd_st *
+ handle, const void *iv,
+ size_t ivlen)
{
- _gnutls_cipher_setiv(&handle->cipher, iv, ivlen);
+ _gnutls_cipher_setiv(&handle->cipher, iv, ivlen);
}
inline static
-int _gnutls_auth_cipher_set_mac_nonce (auth_cipher_hd_st * handle,
- const void *nonce, int nonce_len)
+int _gnutls_auth_cipher_set_mac_nonce(auth_cipher_hd_st * handle,
+ const void *nonce, int nonce_len)
{
- if (handle->is_mac && !handle->ssl_hmac)
- return _gnutls_mac_set_nonce(&handle->mac.mac, nonce, nonce_len);
- else
- return 0;
+ if (handle->is_mac && !handle->ssl_hmac)
+ return _gnutls_mac_set_nonce(&handle->mac.mac, nonce,
+ nonce_len);
+ else
+ return 0;
}
-inline static size_t _gnutls_auth_cipher_tag_len( auth_cipher_hd_st * handle)
+inline static size_t _gnutls_auth_cipher_tag_len(auth_cipher_hd_st *
+ handle)
{
- return handle->tag_size;
+ return handle->tag_size;
}
#define _gnutls_auth_cipher_is_aead(h) _gnutls_cipher_is_aead(&(h)->cipher)
-void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle);
+void _gnutls_auth_cipher_deinit(auth_cipher_hd_st * handle);
-#endif /* GNUTLS_CIPHER_INT */
+#endif /* GNUTLS_CIPHER_INT */
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 727de98db8..ca76688c4d 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -40,20 +40,20 @@
const int _gnutls_comp_algorithms_size = MAX_COMP_METHODS;
gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = {
- GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
+ GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
#ifdef HAVE_LIBZ
- /* draft-ietf-tls-compression-02 */
- GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
+ /* draft-ietf-tls-compression-02 */
+ GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
#endif
- {0, 0, 0, 0, 0, 0}
+ {0, 0, 0, 0, 0, 0}
};
static const gnutls_compression_method_t supported_compressions[] = {
#ifdef HAVE_LIBZ
- GNUTLS_COMP_DEFLATE,
+ GNUTLS_COMP_DEFLATE,
#endif
- GNUTLS_COMP_NULL,
- 0
+ GNUTLS_COMP_NULL,
+ 0
};
#define GNUTLS_COMPRESSION_LOOP(b) \
@@ -75,15 +75,16 @@ static const gnutls_compression_method_t supported_compressions[] = {
* Returns: a pointer to a string that contains the name of the
* specified compression algorithm, or %NULL.
**/
-const char *
-gnutls_compression_get_name (gnutls_compression_method_t algorithm)
+const char *gnutls_compression_get_name(gnutls_compression_method_t
+ algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_COMP_") - 1);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret =
+ p->name + sizeof("GNUTLS_COMP_") - 1);
- return ret;
+ return ret;
}
/**
@@ -95,17 +96,16 @@ gnutls_compression_get_name (gnutls_compression_method_t algorithm)
* Returns: an id of the specified in a string compression method, or
* %GNUTLS_COMP_UNKNOWN on error.
**/
-gnutls_compression_method_t
-gnutls_compression_get_id (const char *name)
+gnutls_compression_method_t gnutls_compression_get_id(const char *name)
{
- gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN;
+ gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN;
- GNUTLS_COMPRESSION_LOOP (if
- (strcasecmp
- (p->name + sizeof ("GNUTLS_COMP_") - 1,
- name) == 0) ret = p->id);
+ GNUTLS_COMPRESSION_LOOP(if
+ (strcasecmp
+ (p->name + sizeof("GNUTLS_COMP_") - 1,
+ name) == 0) ret = p->id);
- return ret;
+ return ret;
}
/**
@@ -116,51 +116,46 @@ gnutls_compression_get_id (const char *name)
* Returns: a zero-terminated list of #gnutls_compression_method_t
* integers indicating the available compression methods.
**/
-const gnutls_compression_method_t *
-gnutls_compression_list (void)
+const gnutls_compression_method_t *gnutls_compression_list(void)
{
- return supported_compressions;
+ return supported_compressions;
}
/* return the tls number of the specified algorithm */
-int
-_gnutls_compression_get_num (gnutls_compression_method_t algorithm)
+int _gnutls_compression_get_num(gnutls_compression_method_t algorithm)
{
- int ret = -1;
+ int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->num);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->num);
- return ret;
+ return ret;
}
#ifdef HAVE_LIBZ
-static int
-get_wbits (gnutls_compression_method_t algorithm)
+static int get_wbits(gnutls_compression_method_t algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->window_bits);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->window_bits);
+ return ret;
}
-static int
-get_mem_level (gnutls_compression_method_t algorithm)
+static int get_mem_level(gnutls_compression_method_t algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->mem_level);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->mem_level);
+ return ret;
}
-static int
-get_comp_level (gnutls_compression_method_t algorithm)
+static int get_comp_level(gnutls_compression_method_t algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->comp_level);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->comp_level);
+ return ret;
}
#endif
@@ -168,27 +163,25 @@ get_comp_level (gnutls_compression_method_t algorithm)
/* returns the gnutls internal ID of the TLS compression
* method num
*/
-gnutls_compression_method_t
-_gnutls_compression_get_id (int num)
+gnutls_compression_method_t _gnutls_compression_get_id(int num)
{
- gnutls_compression_method_t ret = -1;
+ gnutls_compression_method_t ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP_NUM (ret = p->id);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP_NUM(ret = p->id);
- return ret;
+ return ret;
}
-int
-_gnutls_compression_is_ok (gnutls_compression_method_t algorithm)
+int _gnutls_compression_is_ok(gnutls_compression_method_t algorithm)
{
- ssize_t ret = -1;
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->id);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->id);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
@@ -201,244 +194,240 @@ _gnutls_compression_is_ok (gnutls_compression_method_t algorithm)
*/
#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms
int
-_gnutls_supported_compression_methods (gnutls_session_t session,
- uint8_t * comp, size_t comp_size)
+_gnutls_supported_compression_methods(gnutls_session_t session,
+ uint8_t * comp, size_t comp_size)
{
- unsigned int i, j;
-
- if (comp_size < SUPPORTED_COMPRESSION_METHODS)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++)
- {
- int tmp =
- _gnutls_compression_get_num (session->internals.
- priorities.compression.priority[i]);
-
- /* remove private compression algorithms, if requested.
- */
- if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
- session->internals.enable_private == 0))
- {
- gnutls_assert ();
- continue;
- }
-
- comp[j] = (uint8_t) tmp;
- j++;
- }
-
- if (j == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
- }
- return j;
+ unsigned int i, j;
+
+ if (comp_size < SUPPORTED_COMPRESSION_METHODS)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
+ int tmp =
+ _gnutls_compression_get_num(session->
+ internals.priorities.
+ compression.priority[i]);
+
+ /* remove private compression algorithms, if requested.
+ */
+ if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
+ session->internals.enable_private == 0))
+ {
+ gnutls_assert();
+ continue;
+ }
+
+ comp[j] = (uint8_t) tmp;
+ j++;
+ }
+
+ if (j == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
+ }
+ return j;
}
/* The flag d is the direction (compress, decompress). Non zero is
* decompress.
*/
-int _gnutls_comp_init (comp_hd_st* handle, gnutls_compression_method_t method, int d)
+int _gnutls_comp_init(comp_hd_st * handle,
+ gnutls_compression_method_t method, int d)
{
- handle->algo = method;
- handle->handle = NULL;
+ handle->algo = method;
+ handle->handle = NULL;
- switch (method)
- {
- case GNUTLS_COMP_DEFLATE:
+ switch (method) {
+ case GNUTLS_COMP_DEFLATE:
#ifdef HAVE_LIBZ
- {
- int window_bits, mem_level;
- int comp_level;
- z_stream *zhandle;
- int err;
-
- window_bits = get_wbits (method);
- mem_level = get_mem_level (method);
- comp_level = get_comp_level (method);
-
- handle->handle = gnutls_malloc (sizeof (z_stream));
- if (handle->handle == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- zhandle = handle->handle;
-
- zhandle->zalloc = (alloc_func) 0;
- zhandle->zfree = (free_func) 0;
- zhandle->opaque = (voidpf) 0;
-
- if (d)
- err = inflateInit2 (zhandle, window_bits);
- else
- {
- err = deflateInit2 (zhandle,
- comp_level, Z_DEFLATED,
- window_bits, mem_level, Z_DEFAULT_STRATEGY);
- }
- if (err != Z_OK)
- {
- gnutls_assert ();
- gnutls_free (handle->handle);
- return GNUTLS_E_COMPRESSION_FAILED;
- }
- }
- break;
+ {
+ int window_bits, mem_level;
+ int comp_level;
+ z_stream *zhandle;
+ int err;
+
+ window_bits = get_wbits(method);
+ mem_level = get_mem_level(method);
+ comp_level = get_comp_level(method);
+
+ handle->handle = gnutls_malloc(sizeof(z_stream));
+ if (handle->handle == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+
+ zhandle = handle->handle;
+
+ zhandle->zalloc = (alloc_func) 0;
+ zhandle->zfree = (free_func) 0;
+ zhandle->opaque = (voidpf) 0;
+
+ if (d)
+ err = inflateInit2(zhandle, window_bits);
+ else {
+ err = deflateInit2(zhandle,
+ comp_level, Z_DEFLATED,
+ window_bits, mem_level,
+ Z_DEFAULT_STRATEGY);
+ }
+ if (err != Z_OK) {
+ gnutls_assert();
+ gnutls_free(handle->handle);
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+ }
+ break;
#endif
- case GNUTLS_COMP_NULL:
- case GNUTLS_COMP_UNKNOWN:
- break;
- default:
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
- return 0;
+ case GNUTLS_COMP_NULL:
+ case GNUTLS_COMP_UNKNOWN:
+ break;
+ default:
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ return 0;
}
/* The flag d is the direction (compress, decompress). Non zero is
* decompress.
*/
-void
-_gnutls_comp_deinit (comp_hd_st* handle, int d)
+void _gnutls_comp_deinit(comp_hd_st * handle, int d)
{
- if (handle != NULL)
- {
- switch (handle->algo)
- {
+ if (handle != NULL) {
+ switch (handle->algo) {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- if (d)
- inflateEnd (handle->handle);
- else
- deflateEnd (handle->handle);
- break;
- }
+ case GNUTLS_COMP_DEFLATE:
+ {
+ if (d)
+ inflateEnd(handle->handle);
+ else
+ deflateEnd(handle->handle);
+ break;
+ }
#endif
- default:
- break;
- }
- gnutls_free (handle->handle);
- handle->handle = NULL;
- }
+ default:
+ break;
+ }
+ gnutls_free(handle->handle);
+ handle->handle = NULL;
+ }
}
/* These functions are memory consuming
*/
int
-_gnutls_compress (comp_hd_st *handle, const uint8_t * plain,
- size_t plain_size, uint8_t * compressed,
- size_t max_comp_size, unsigned int stateless)
+_gnutls_compress(comp_hd_st * handle, const uint8_t * plain,
+ size_t plain_size, uint8_t * compressed,
+ size_t max_comp_size, unsigned int stateless)
{
- int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
-
- /* NULL compression is not handled here
- */
- if (handle == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- switch (handle->algo)
- {
+ int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
+
+ /* NULL compression is not handled here
+ */
+ if (handle == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ switch (handle->algo) {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- z_stream *zhandle;
- int err;
- int type;
-
- if (stateless)
- {
- type = Z_FULL_FLUSH;
- }
- else
- type = Z_SYNC_FLUSH;
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef *) plain;
- zhandle->avail_in = plain_size;
- zhandle->next_out = (Bytef *) compressed;
- zhandle->avail_out = max_comp_size;
-
- err = deflate (zhandle, type);
- if (err != Z_OK || zhandle->avail_in != 0)
- return gnutls_assert_val(GNUTLS_E_COMPRESSION_FAILED);
-
-
- compressed_size = max_comp_size - zhandle->avail_out;
- break;
- }
+ case GNUTLS_COMP_DEFLATE:
+ {
+ z_stream *zhandle;
+ int err;
+ int type;
+
+ if (stateless) {
+ type = Z_FULL_FLUSH;
+ } else
+ type = Z_SYNC_FLUSH;
+
+ zhandle = handle->handle;
+
+ zhandle->next_in = (Bytef *) plain;
+ zhandle->avail_in = plain_size;
+ zhandle->next_out = (Bytef *) compressed;
+ zhandle->avail_out = max_comp_size;
+
+ err = deflate(zhandle, type);
+ if (err != Z_OK || zhandle->avail_in != 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_COMPRESSION_FAILED);
+
+
+ compressed_size =
+ max_comp_size - zhandle->avail_out;
+ break;
+ }
#endif
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ } /* switch */
#ifdef COMPRESSION_DEBUG
- _gnutls_debug_log ("Compression ratio: %f\n",
- (float) ((float) compressed_size / (float) plain_size));
+ _gnutls_debug_log("Compression ratio: %f\n",
+ (float) ((float) compressed_size /
+ (float) plain_size));
#endif
- return compressed_size;
+ return compressed_size;
}
int
-_gnutls_decompress (comp_hd_st *handle, uint8_t * compressed,
- size_t compressed_size, uint8_t * plain,
- size_t max_plain_size)
+_gnutls_decompress(comp_hd_st * handle, uint8_t * compressed,
+ size_t compressed_size, uint8_t * plain,
+ size_t max_plain_size)
{
- int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
+ int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
- if (compressed_size > max_plain_size + EXTRA_COMP_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
+ if (compressed_size > max_plain_size + EXTRA_COMP_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
- /* NULL compression is not handled here
- */
+ /* NULL compression is not handled here
+ */
- if (handle == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (handle == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- switch (handle->algo)
- {
+ switch (handle->algo) {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- z_stream *zhandle;
- int err;
+ case GNUTLS_COMP_DEFLATE:
+ {
+ z_stream *zhandle;
+ int err;
- zhandle = handle->handle;
+ zhandle = handle->handle;
- zhandle->next_in = (Bytef *) compressed;
- zhandle->avail_in = compressed_size;
+ zhandle->next_in = (Bytef *) compressed;
+ zhandle->avail_in = compressed_size;
- zhandle->next_out = (Bytef *) plain;
- zhandle->avail_out = max_plain_size;
- err = inflate (zhandle, Z_SYNC_FLUSH);
+ zhandle->next_out = (Bytef *) plain;
+ zhandle->avail_out = max_plain_size;
+ err = inflate(zhandle, Z_SYNC_FLUSH);
- if (err != Z_OK)
- return gnutls_assert_val(GNUTLS_E_DECOMPRESSION_FAILED);
+ if (err != Z_OK)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_DECOMPRESSION_FAILED);
- plain_size = max_plain_size - zhandle->avail_out;
- break;
- }
+ plain_size = max_plain_size - zhandle->avail_out;
+ break;
+ }
#endif
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ } /* switch */
- return plain_size;
+ return plain_size;
}
diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h
index 95305f4b00..691044113e 100644
--- a/lib/gnutls_compress.h
+++ b/lib/gnutls_compress.h
@@ -23,11 +23,11 @@
#define GNUTLS_COMPRESS_H
/* Algorithm handling. */
-int _gnutls_supported_compression_methods (gnutls_session_t session,
- uint8_t * comp, size_t max_comp);
-int _gnutls_compression_is_ok (gnutls_compression_method_t algorithm);
-int _gnutls_compression_get_num (gnutls_compression_method_t algorithm);
-gnutls_compression_method_t _gnutls_compression_get_id (int num);
+int _gnutls_supported_compression_methods(gnutls_session_t session,
+ uint8_t * comp, size_t max_comp);
+int _gnutls_compression_is_ok(gnutls_compression_method_t algorithm);
+int _gnutls_compression_get_num(gnutls_compression_method_t algorithm);
+gnutls_compression_method_t _gnutls_compression_get_id(int num);
#ifdef HAVE_LIBZ
#include <zlib.h>
@@ -35,32 +35,31 @@ gnutls_compression_method_t _gnutls_compression_get_id (int num);
#define GNUTLS_COMP_FAILED NULL
-typedef struct comp_hd_st
-{
- void *handle;
- gnutls_compression_method_t algo;
+typedef struct comp_hd_st {
+ void *handle;
+ gnutls_compression_method_t algo;
} comp_hd_st;
-int _gnutls_comp_init (comp_hd_st*, gnutls_compression_method_t, int d);
-void _gnutls_comp_deinit (comp_hd_st* handle, int d);
+int _gnutls_comp_init(comp_hd_st *, gnutls_compression_method_t, int d);
+void _gnutls_comp_deinit(comp_hd_st * handle, int d);
-int _gnutls_decompress (comp_hd_st* handle, uint8_t * compressed,
- size_t compressed_size, uint8_t * plain,
- size_t max_plain_size);
-int _gnutls_compress (comp_hd_st*, const uint8_t * plain, size_t plain_size,
- uint8_t * compressed, size_t max_comp_size, unsigned int stateless);
+int _gnutls_decompress(comp_hd_st * handle, uint8_t * compressed,
+ size_t compressed_size, uint8_t * plain,
+ size_t max_plain_size);
+int _gnutls_compress(comp_hd_st *, const uint8_t * plain,
+ size_t plain_size, uint8_t * compressed,
+ size_t max_comp_size, unsigned int stateless);
-struct gnutls_compression_entry
-{
- const char *name;
- gnutls_compression_method_t id;
- /* the number reserved in TLS for the specific compression method */
- int num;
+struct gnutls_compression_entry {
+ const char *name;
+ gnutls_compression_method_t id;
+ /* the number reserved in TLS for the specific compression method */
+ int num;
- /* used in zlib compressor */
- int window_bits;
- int mem_level;
- int comp_level;
+ /* used in zlib compressor */
+ int window_bits;
+ int mem_level;
+ int comp_level;
};
typedef struct gnutls_compression_entry gnutls_compression_entry;
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index a7c2d636a9..0ea7dae0ae 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -36,19 +36,19 @@
#include <gnutls_buffers.h>
static int
-_gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo);
+_gnutls_set_kx(gnutls_session_t session, gnutls_kx_algorithm_t algo);
static const char keyexp[] = "key expansion";
-static const int keyexp_length = sizeof (keyexp) - 1;
+static const int keyexp_length = sizeof(keyexp) - 1;
static const char ivblock[] = "IV block";
-static const int ivblock_length = sizeof (ivblock) - 1;
+static const int ivblock_length = sizeof(ivblock) - 1;
static const char cliwrite[] = "client write key";
-static const int cliwrite_length = sizeof (cliwrite) - 1;
+static const int cliwrite_length = sizeof(cliwrite) - 1;
static const char servwrite[] = "server write key";
-static const int servwrite_length = sizeof (servwrite) - 1;
+static const int servwrite_length = sizeof(servwrite) - 1;
/* This function is to be called after handshake, when master_secret,
* client_random and server_random have been initialized.
@@ -56,312 +56,321 @@ static const int servwrite_length = sizeof (servwrite) - 1;
* (session->cipher_specs)
*/
static int
-_gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
- int hash_size, int IV_size, int key_size)
+_gnutls_set_keys(gnutls_session_t session, record_parameters_st * params,
+ int hash_size, int IV_size, int key_size)
{
- /* FIXME: This function is too long
- */
- uint8_t rnd[2 * GNUTLS_RANDOM_SIZE];
- uint8_t rrnd[2 * GNUTLS_RANDOM_SIZE];
- int pos, ret;
- int block_size;
- char buf[65];
- /* avoid using malloc */
- uint8_t key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
- 2 * MAX_CIPHER_BLOCK_SIZE];
- record_state_st *client_write, *server_write;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- client_write = &params->write;
- server_write = &params->read;
- }
- else
- {
- client_write = &params->read;
- server_write = &params->write;
- }
-
- block_size = 2 * hash_size + 2 * key_size;
- block_size += 2 * IV_size;
-
- memcpy (rnd, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- memcpy (rrnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
-
- if (get_num_version(session) == GNUTLS_SSL3)
- { /* SSL 3 */
- ret =
- _gnutls_ssl3_generate_random
- (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
- 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
- }
- else
- { /* TLS 1.0 */
- ret =
- _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
- rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
- }
-
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
- _gnutls_bin2hex (key_block, block_size, buf,
- sizeof (buf), NULL));
-
- pos = 0;
- if (hash_size > 0)
- {
-
- if (_gnutls_set_datum
- (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- pos += hash_size;
-
- if (_gnutls_set_datum
- (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- pos += hash_size;
- }
-
- if (key_size > 0)
- {
- uint8_t *client_write_key, *server_write_key;
- int client_write_key_size, server_write_key_size;
-
- client_write_key = &key_block[pos];
- client_write_key_size = key_size;
-
- pos += key_size;
-
- server_write_key = &key_block[pos];
- server_write_key_size = key_size;
-
- pos += key_size;
-
- if (_gnutls_set_datum
- (&client_write->key, client_write_key, client_write_key_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
- client_write_key_size,
- _gnutls_bin2hex (client_write_key,
- client_write_key_size, buf,
- sizeof (buf), NULL));
-
- if (_gnutls_set_datum
- (&server_write->key, server_write_key, server_write_key_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
- server_write_key_size,
- _gnutls_bin2hex (server_write_key,
- server_write_key_size, buf,
- sizeof (buf), NULL));
-
- }
-
- /* IV generation in export and non export ciphers.
- */
- if (IV_size > 0)
- {
- if (_gnutls_set_datum
- (&client_write->IV, &key_block[pos], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- pos += IV_size;
-
- if (_gnutls_set_datum
- (&server_write->IV, &key_block[pos], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- }
-
- return 0;
+ /* FIXME: This function is too long
+ */
+ uint8_t rnd[2 * GNUTLS_RANDOM_SIZE];
+ uint8_t rrnd[2 * GNUTLS_RANDOM_SIZE];
+ int pos, ret;
+ int block_size;
+ char buf[65];
+ /* avoid using malloc */
+ uint8_t key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
+ 2 * MAX_CIPHER_BLOCK_SIZE];
+ record_state_st *client_write, *server_write;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ client_write = &params->write;
+ server_write = &params->read;
+ } else {
+ client_write = &params->read;
+ server_write = &params->write;
+ }
+
+ block_size = 2 * hash_size + 2 * key_size;
+ block_size += 2 * IV_size;
+
+ memcpy(rnd, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ memcpy(rrnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(&rrnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ if (get_num_version(session) == GNUTLS_SSL3) { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_generate_random
+ (session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, rnd, 2 * GNUTLS_RANDOM_SIZE,
+ block_size, key_block);
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF(session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
+ rnd, 2 * GNUTLS_RANDOM_SIZE, block_size,
+ key_block);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_hard_log("INT: KEY BLOCK[%d]: %s\n", block_size,
+ _gnutls_bin2hex(key_block, block_size, buf,
+ sizeof(buf), NULL));
+
+ pos = 0;
+ if (hash_size > 0) {
+
+ if (_gnutls_set_datum
+ (&client_write->mac_secret, &key_block[pos],
+ hash_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos += hash_size;
+
+ if (_gnutls_set_datum
+ (&server_write->mac_secret, &key_block[pos],
+ hash_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos += hash_size;
+ }
+
+ if (key_size > 0) {
+ uint8_t *client_write_key, *server_write_key;
+ int client_write_key_size, server_write_key_size;
+
+ client_write_key = &key_block[pos];
+ client_write_key_size = key_size;
+
+ pos += key_size;
+
+ server_write_key = &key_block[pos];
+ server_write_key_size = key_size;
+
+ pos += key_size;
+
+ if (_gnutls_set_datum
+ (&client_write->key, client_write_key,
+ client_write_key_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_hard_log("INT: CLIENT WRITE KEY [%d]: %s\n",
+ client_write_key_size,
+ _gnutls_bin2hex(client_write_key,
+ client_write_key_size,
+ buf, sizeof(buf), NULL));
+
+ if (_gnutls_set_datum
+ (&server_write->key, server_write_key,
+ server_write_key_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_hard_log("INT: SERVER WRITE KEY [%d]: %s\n",
+ server_write_key_size,
+ _gnutls_bin2hex(server_write_key,
+ server_write_key_size,
+ buf, sizeof(buf), NULL));
+
+ }
+
+ /* IV generation in export and non export ciphers.
+ */
+ if (IV_size > 0) {
+ if (_gnutls_set_datum
+ (&client_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos += IV_size;
+
+ if (_gnutls_set_datum
+ (&server_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ }
+
+ return 0;
}
static int
-_gnutls_init_record_state (record_parameters_st * params, const version_entry_st* ver,
- int read, record_state_st * state)
+_gnutls_init_record_state(record_parameters_st * params,
+ const version_entry_st * ver, int read,
+ record_state_st * state)
{
- int ret;
- gnutls_datum_t * iv = NULL;
-
- if (!_gnutls_version_has_explicit_iv(ver))
- {
- if (_gnutls_cipher_is_block (params->cipher) != CIPHER_STREAM)
- iv = &state->IV;
- }
-
- ret = _gnutls_auth_cipher_init (&state->cipher_state,
- params->cipher, &state->key, iv,
- params->mac, &state->mac_secret, (ver->id==GNUTLS_SSL3)?1:0, 1-read/*1==encrypt*/);
- if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
- return gnutls_assert_val (ret);
-
- ret =
- _gnutls_comp_init (&state->compression_state, params->compression_algorithm, read/*1==decompress*/);
-
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- return 0;
+ int ret;
+ gnutls_datum_t *iv = NULL;
+
+ if (!_gnutls_version_has_explicit_iv(ver)) {
+ if (_gnutls_cipher_is_block(params->cipher) !=
+ CIPHER_STREAM)
+ iv = &state->IV;
+ }
+
+ ret = _gnutls_auth_cipher_init(&state->cipher_state,
+ params->cipher, &state->key, iv,
+ params->mac, &state->mac_secret,
+ (ver->id == GNUTLS_SSL3) ? 1 : 0,
+ 1 - read /*1==encrypt */ );
+ if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_comp_init(&state->compression_state,
+ params->compression_algorithm,
+ read /*1==decompress */ );
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
int
-_gnutls_epoch_set_cipher_suite (gnutls_session_t session,
- int epoch_rel, const uint8_t suite[2])
+_gnutls_epoch_set_cipher_suite(gnutls_session_t session,
+ int epoch_rel, const uint8_t suite[2])
{
- const cipher_entry_st * cipher_algo;
- const mac_entry_st* mac_algo;
- record_parameters_st *params;
- int ret;
+ const cipher_entry_st *cipher_algo;
+ const mac_entry_st *mac_algo;
+ record_parameters_st *params;
+ int ret;
- ret = _gnutls_epoch_get (session, epoch_rel, &params);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ ret = _gnutls_epoch_get(session, epoch_rel, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- if (params->initialized
- || params->cipher != NULL
- || params->mac != NULL)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+ if (params->initialized
+ || params->cipher != NULL || params->mac != NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
- mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
+ cipher_algo = _gnutls_cipher_suite_get_cipher_algo(suite);
+ mac_algo = _gnutls_cipher_suite_get_mac_algo(suite);
- if (_gnutls_cipher_is_ok (cipher_algo) == 0
- || _gnutls_mac_is_ok (mac_algo) == 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_cipher_is_ok(cipher_algo) == 0
+ || _gnutls_mac_is_ok(mac_algo) == 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_cipher_priority (session, cipher_algo->id) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_cipher_priority(session, cipher_algo->id) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_mac_priority (session, mac_algo->id) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_mac_priority(session, mac_algo->id) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- params->cipher = cipher_algo;
- params->mac = mac_algo;
+ params->cipher = cipher_algo;
+ params->mac = mac_algo;
- return 0;
+ return 0;
}
int
-_gnutls_epoch_set_compression (gnutls_session_t session,
- int epoch_rel,
- gnutls_compression_method_t comp_algo)
+_gnutls_epoch_set_compression(gnutls_session_t session,
+ int epoch_rel,
+ gnutls_compression_method_t comp_algo)
{
- record_parameters_st *params;
- int ret;
+ record_parameters_st *params;
+ int ret;
- ret = _gnutls_epoch_get (session, epoch_rel, &params);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ ret = _gnutls_epoch_get(session, epoch_rel, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- if (params->initialized
- || params->compression_algorithm != GNUTLS_COMP_UNKNOWN)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+ if (params->initialized
+ || params->compression_algorithm != GNUTLS_COMP_UNKNOWN)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (_gnutls_compression_is_ok (comp_algo) != 0)
- return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
+ if (_gnutls_compression_is_ok(comp_algo) != 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
- params->compression_algorithm = comp_algo;
+ params->compression_algorithm = comp_algo;
- return 0;
+ return 0;
}
void
-_gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st * params)
+_gnutls_epoch_set_null_algos(gnutls_session_t session,
+ record_parameters_st * params)
{
- /* This is only called on startup. We are extra paranoid about this
- because it may cause unencrypted application data to go out on
- the wire. */
- if (params->initialized || params->epoch != 0)
- {
- gnutls_assert ();
- return;
- }
-
- params->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL);
- params->mac = mac_to_entry(GNUTLS_MAC_NULL);
- params->compression_algorithm = GNUTLS_COMP_NULL;
- params->initialized = 1;
+ /* This is only called on startup. We are extra paranoid about this
+ because it may cause unencrypted application data to go out on
+ the wire. */
+ if (params->initialized || params->epoch != 0) {
+ gnutls_assert();
+ return;
+ }
+
+ params->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL);
+ params->mac = mac_to_entry(GNUTLS_MAC_NULL);
+ params->compression_algorithm = GNUTLS_COMP_NULL;
+ params->initialized = 1;
}
-int
-_gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
+int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch)
{
- int hash_size;
- int IV_size;
- int key_size;
- gnutls_compression_method_t comp_algo;
- record_parameters_st *params;
- int ret;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ int hash_size;
+ int IV_size;
+ int key_size;
+ gnutls_compression_method_t comp_algo;
+ record_parameters_st *params;
+ int ret;
+ const version_entry_st *ver = get_version(session);
- ret = _gnutls_epoch_get (session, epoch, &params);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (params->initialized)
- return 0;
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- _gnutls_record_log
- ("REC[%p]: Initializing epoch #%u\n", session, params->epoch);
+ if (params->initialized)
+ return 0;
- comp_algo = params->compression_algorithm;
+ _gnutls_record_log
+ ("REC[%p]: Initializing epoch #%u\n", session, params->epoch);
- if (_gnutls_cipher_is_ok (params->cipher) == 0
- || _gnutls_mac_is_ok (params->mac) == 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ comp_algo = params->compression_algorithm;
- if (_gnutls_cipher_priority (session, params->cipher->id) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_cipher_is_ok(params->cipher) == 0
+ || _gnutls_mac_is_ok(params->mac) == 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_mac_priority (session, params->mac->id) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_cipher_priority(session, params->cipher->id) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_compression_is_ok (comp_algo) != 0)
- return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
+ if (_gnutls_mac_priority(session, params->mac->id) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- IV_size = _gnutls_cipher_get_implicit_iv_size (params->cipher);
- key_size = _gnutls_cipher_get_key_size (params->cipher);
- hash_size = _gnutls_mac_get_key_size (params->mac);
+ if (_gnutls_compression_is_ok(comp_algo) != 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
- ret = _gnutls_set_keys
- (session, params, hash_size, IV_size, key_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ IV_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+ key_size = _gnutls_cipher_get_key_size(params->cipher);
+ hash_size = _gnutls_mac_get_key_size(params->mac);
- ret = _gnutls_init_record_state (params, ver, 1, &params->read);
- if (ret < 0)
- return gnutls_assert_val (ret);
- params->read.new_record_padding = session->security_parameters.new_record_padding;
+ ret = _gnutls_set_keys
+ (session, params, hash_size, IV_size, key_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_init_record_state (params, ver, 0, &params->write);
- if (ret < 0)
- return gnutls_assert_val (ret);
- params->write.new_record_padding = session->security_parameters.new_record_padding;
+ ret = _gnutls_init_record_state(params, ver, 1, &params->read);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ params->read.new_record_padding =
+ session->security_parameters.new_record_padding;
- params->record_sw_size = 0;
+ ret = _gnutls_init_record_state(params, ver, 0, &params->write);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ params->write.new_record_padding =
+ session->security_parameters.new_record_padding;
- _gnutls_record_log ("REC[%p]: Epoch #%u ready\n", session, params->epoch);
+ params->record_sw_size = 0;
- params->initialized = 1;
- return 0;
+ _gnutls_record_log("REC[%p]: Epoch #%u ready\n", session,
+ params->epoch);
+
+ params->initialized = 1;
+ return 0;
}
@@ -379,15 +388,14 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
dst->max_record_recv_size = src->max_record_recv_size; \
dst->max_record_send_size = src->max_record_send_size
-static void
-_gnutls_set_resumed_parameters (gnutls_session_t session)
+static void _gnutls_set_resumed_parameters(gnutls_session_t session)
{
- security_parameters_st *src =
- &session->internals.resumed_security_parameters;
- security_parameters_st *dst = &session->security_parameters;
+ security_parameters_st *src =
+ &session->internals.resumed_security_parameters;
+ security_parameters_st *dst = &session->security_parameters;
- CPY_COMMON;
- dst->pversion = src->pversion;
+ CPY_COMMON;
+ dst->pversion = src->pversion;
}
/* Sets the current connection session to conform with the
@@ -396,68 +404,64 @@ _gnutls_set_resumed_parameters (gnutls_session_t session)
* secrets and random numbers to have been negotiated)
* This is to be called after sending the Change Cipher Spec packet.
*/
-int
-_gnutls_connection_state_init (gnutls_session_t session)
+int _gnutls_connection_state_init(gnutls_session_t session)
{
- int ret;
+ int ret;
/* Setup the master secret
*/
- if ((ret = _gnutls_generate_master (session, 0)) < 0)
- return gnutls_assert_val (ret);
+ if ((ret = _gnutls_generate_master(session, 0)) < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
int _gnutls_epoch_get_compression(gnutls_session_t session, int epoch)
{
-record_parameters_st *params;
-int ret;
+ record_parameters_st *params;
+ int ret;
- ret = _gnutls_epoch_get (session, epoch, &params);
- if (ret < 0)
- return GNUTLS_COMP_UNKNOWN;
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return GNUTLS_COMP_UNKNOWN;
- return params->compression_algorithm;
+ return params->compression_algorithm;
}
/* Initializes the read connection session
* (read encrypted data)
*/
-int
-_gnutls_read_connection_state_init (gnutls_session_t session)
+int _gnutls_read_connection_state_init(gnutls_session_t session)
{
- const uint16_t epoch_next = session->security_parameters.epoch_next;
- int ret;
-
- /* Update internals from CipherSuite selected.
- * If we are resuming just copy the connection session
- */
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_set_kx (session,
- _gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
- if (ret < 0)
- return ret;
- }
- else if (session->security_parameters.entity == GNUTLS_CLIENT)
- _gnutls_set_resumed_parameters (session);
-
- ret = _gnutls_epoch_set_keys (session, epoch_next);
- if (ret < 0)
- return ret;
-
- _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
- session,
- _gnutls_cipher_suite_get_name
- (session->
- security_parameters.cipher_suite));
-
- session->security_parameters.epoch_read = epoch_next;
-
- return 0;
+ const uint16_t epoch_next =
+ session->security_parameters.epoch_next;
+ int ret;
+
+ /* Update internals from CipherSuite selected.
+ * If we are resuming just copy the connection session
+ */
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_set_kx(session,
+ _gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+ if (ret < 0)
+ return ret;
+ } else if (session->security_parameters.entity == GNUTLS_CLIENT)
+ _gnutls_set_resumed_parameters(session);
+
+ ret = _gnutls_epoch_set_keys(session, epoch_next);
+ if (ret < 0)
+ return ret;
+
+ _gnutls_handshake_log("HSK[%p]: Cipher Suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (session->security_parameters.cipher_suite));
+
+ session->security_parameters.epoch_read = epoch_next;
+
+ return 0;
}
@@ -465,247 +469,256 @@ _gnutls_read_connection_state_init (gnutls_session_t session)
/* Initializes the write connection session
* (write encrypted data)
*/
-int
-_gnutls_write_connection_state_init (gnutls_session_t session)
+int _gnutls_write_connection_state_init(gnutls_session_t session)
{
- const uint16_t epoch_next = session->security_parameters.epoch_next;
- int ret;
+ const uint16_t epoch_next =
+ session->security_parameters.epoch_next;
+ int ret;
/* Update internals from CipherSuite selected.
* If we are resuming just copy the connection session
*/
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_set_kx (session,
- _gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
- if (ret < 0)
- return ret;
- }
- else if (session->security_parameters.entity == GNUTLS_SERVER)
- _gnutls_set_resumed_parameters (session);
-
- ret = _gnutls_epoch_set_keys (session, epoch_next);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
- _gnutls_cipher_suite_get_name
- (session->
- security_parameters.cipher_suite));
-
- _gnutls_handshake_log
- ("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
-
- session->security_parameters.epoch_write = epoch_next;
-
- return 0;
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_set_kx(session,
+ _gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+ if (ret < 0)
+ return ret;
+ } else if (session->security_parameters.entity == GNUTLS_SERVER)
+ _gnutls_set_resumed_parameters(session);
+
+ ret = _gnutls_epoch_set_keys(session, epoch_next);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_handshake_log("HSK[%p]: Cipher Suite: %s\n", session,
+ _gnutls_cipher_suite_get_name
+ (session->security_parameters.cipher_suite));
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Initializing internal [write] cipher sessions\n",
+ session);
+
+ session->security_parameters.epoch_write = epoch_next;
+
+ return 0;
}
/* Sets the specified kx algorithm into pending session
*/
static int
-_gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
+_gnutls_set_kx(gnutls_session_t session, gnutls_kx_algorithm_t algo)
{
- if (_gnutls_kx_is_ok (algo) == 0)
- {
- session->security_parameters.kx_algorithm = algo;
- }
- else
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+ if (_gnutls_kx_is_ok(algo) == 0) {
+ session->security_parameters.kx_algorithm = algo;
+ } else
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (_gnutls_kx_priority (session, algo) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_kx_priority(session, algo) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- return 0;
+ return 0;
}
static inline int
-epoch_resolve (gnutls_session_t session,
- unsigned int epoch_rel, uint16_t * epoch_out)
+epoch_resolve(gnutls_session_t session,
+ unsigned int epoch_rel, uint16_t * epoch_out)
{
- switch (epoch_rel)
- {
- case EPOCH_READ_CURRENT:
- *epoch_out = session->security_parameters.epoch_read;
- return 0;
-
- case EPOCH_WRITE_CURRENT:
- *epoch_out = session->security_parameters.epoch_write;
- return 0;
-
- case EPOCH_NEXT:
- *epoch_out = session->security_parameters.epoch_next;
- return 0;
-
- default:
- if (epoch_rel > 0xffffu)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- *epoch_out = epoch_rel;
- return 0;
- }
+ switch (epoch_rel) {
+ case EPOCH_READ_CURRENT:
+ *epoch_out = session->security_parameters.epoch_read;
+ return 0;
+
+ case EPOCH_WRITE_CURRENT:
+ *epoch_out = session->security_parameters.epoch_write;
+ return 0;
+
+ case EPOCH_NEXT:
+ *epoch_out = session->security_parameters.epoch_next;
+ return 0;
+
+ default:
+ if (epoch_rel > 0xffffu)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ *epoch_out = epoch_rel;
+ return 0;
+ }
}
-static inline record_parameters_st **
-epoch_get_slot (gnutls_session_t session, uint16_t epoch)
+static inline record_parameters_st **epoch_get_slot(gnutls_session_t
+ session,
+ uint16_t epoch)
{
- uint16_t epoch_index = epoch - session->security_parameters.epoch_min;
-
- if (epoch_index >= MAX_EPOCH_INDEX)
- {
- _gnutls_handshake_log("Epoch %d out of range (idx: %d, max: %d)\n", (int)epoch, (int)epoch_index, MAX_EPOCH_INDEX);
- gnutls_assert ();
- return NULL;
- }
- /* The slot may still be empty (NULL) */
- return &session->record_parameters[epoch_index];
+ uint16_t epoch_index =
+ epoch - session->security_parameters.epoch_min;
+
+ if (epoch_index >= MAX_EPOCH_INDEX) {
+ _gnutls_handshake_log
+ ("Epoch %d out of range (idx: %d, max: %d)\n",
+ (int) epoch, (int) epoch_index, MAX_EPOCH_INDEX);
+ gnutls_assert();
+ return NULL;
+ }
+ /* The slot may still be empty (NULL) */
+ return &session->record_parameters[epoch_index];
}
int
-_gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st ** params_out)
+_gnutls_epoch_get(gnutls_session_t session, unsigned int epoch_rel,
+ record_parameters_st ** params_out)
{
- uint16_t epoch;
- record_parameters_st **params;
- int ret;
+ uint16_t epoch;
+ record_parameters_st **params;
+ int ret;
- ret = epoch_resolve (session, epoch_rel, &epoch);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ ret = epoch_resolve(session, epoch_rel, &epoch);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- params = epoch_get_slot (session, epoch);
- if (params == NULL || *params == NULL)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ params = epoch_get_slot(session, epoch);
+ if (params == NULL || *params == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- *params_out = *params;
+ *params_out = *params;
- return 0;
+ return 0;
}
int
-_gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
- record_parameters_st ** out)
+_gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch,
+ record_parameters_st ** out)
{
- record_parameters_st **slot;
+ record_parameters_st **slot;
- _gnutls_record_log ("REC[%p]: Allocating epoch #%u\n", session, epoch);
+ _gnutls_record_log("REC[%p]: Allocating epoch #%u\n", session,
+ epoch);
- slot = epoch_get_slot (session, epoch);
+ slot = epoch_get_slot(session, epoch);
- /* If slot out of range or not empty. */
- if (slot == NULL)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ /* If slot out of range or not empty. */
+ if (slot == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (*slot != NULL)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ if (*slot != NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- *slot = gnutls_calloc (1, sizeof (record_parameters_st));
- if (*slot == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ *slot = gnutls_calloc(1, sizeof(record_parameters_st));
+ if (*slot == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- (*slot)->epoch = epoch;
- (*slot)->cipher = NULL;
- (*slot)->mac = NULL;
- (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
+ (*slot)->epoch = epoch;
+ (*slot)->cipher = NULL;
+ (*slot)->mac = NULL;
+ (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
- if (IS_DTLS (session))
- _gnutls_write_uint16 (epoch, UINT64DATA((*slot)->write.sequence_number));
+ if (IS_DTLS(session))
+ _gnutls_write_uint16(epoch,
+ UINT64DATA((*slot)->write.
+ sequence_number));
- if (out != NULL)
- *out = *slot;
+ if (out != NULL)
+ *out = *slot;
- return 0;
+ return 0;
}
static inline int
epoch_is_active(gnutls_session_t session, record_parameters_st * params)
{
- const security_parameters_st *sp = &session->security_parameters;
-
- if (params->epoch == sp->epoch_read)
- return 1;
-
- if (params->epoch == sp->epoch_write)
- return 1;
-
- if (params->epoch == sp->epoch_next)
- return 1;
-
- return 0;
+ const security_parameters_st *sp = &session->security_parameters;
+
+ if (params->epoch == sp->epoch_read)
+ return 1;
+
+ if (params->epoch == sp->epoch_write)
+ return 1;
+
+ if (params->epoch == sp->epoch_next)
+ return 1;
+
+ return 0;
}
static inline int
-epoch_alive (gnutls_session_t session, record_parameters_st * params)
+epoch_alive(gnutls_session_t session, record_parameters_st * params)
{
- if (params->usage_cnt > 0)
- return 1;
+ if (params->usage_cnt > 0)
+ return 1;
- return epoch_is_active(session, params);
+ return epoch_is_active(session, params);
}
-void
-_gnutls_epoch_gc (gnutls_session_t session)
+void _gnutls_epoch_gc(gnutls_session_t session)
{
- int i, j;
- unsigned int min_index = 0;
-
- _gnutls_record_log ("REC[%p]: Start of epoch cleanup\n", session);
-
- /* Free all dead cipher state */
- for (i = 0; i < MAX_EPOCH_INDEX; i++)
- {
- if (session->record_parameters[i] != NULL)
- {
- if (!epoch_is_active(session, session->record_parameters[i]) && session->record_parameters[i]->usage_cnt)
- _gnutls_record_log ("REC[%p]: Note inactive epoch %d has %d users\n", session, session->record_parameters[i]->epoch, session->record_parameters[i]->usage_cnt);
- if (!epoch_alive (session, session->record_parameters[i]))
- {
- _gnutls_epoch_free (session, session->record_parameters[i]);
- session->record_parameters[i] = NULL;
- }
- }
- }
-
- /* Look for contiguous NULLs at the start of the array */
- for (i = 0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL;
- i++);
- min_index = i;
-
- /* Pick up the slack in the epoch window. */
- for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++)
- session->record_parameters[i] = session->record_parameters[j];
-
- /* Set the new epoch_min */
- if (session->record_parameters[0] != NULL)
- session->security_parameters.epoch_min =
- session->record_parameters[0]->epoch;
-
- _gnutls_record_log ("REC[%p]: End of epoch cleanup\n", session);
+ int i, j;
+ unsigned int min_index = 0;
+
+ _gnutls_record_log("REC[%p]: Start of epoch cleanup\n", session);
+
+ /* Free all dead cipher state */
+ for (i = 0; i < MAX_EPOCH_INDEX; i++) {
+ if (session->record_parameters[i] != NULL) {
+ if (!epoch_is_active
+ (session, session->record_parameters[i])
+ && session->record_parameters[i]->usage_cnt)
+ _gnutls_record_log
+ ("REC[%p]: Note inactive epoch %d has %d users\n",
+ session,
+ session->record_parameters[i]->epoch,
+ session->record_parameters[i]->
+ usage_cnt);
+ if (!epoch_alive
+ (session, session->record_parameters[i])) {
+ _gnutls_epoch_free(session,
+ session->
+ record_parameters[i]);
+ session->record_parameters[i] = NULL;
+ }
+ }
+ }
+
+ /* Look for contiguous NULLs at the start of the array */
+ for (i = 0;
+ i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL;
+ i++);
+ min_index = i;
+
+ /* Pick up the slack in the epoch window. */
+ for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++)
+ session->record_parameters[i] =
+ session->record_parameters[j];
+
+ /* Set the new epoch_min */
+ if (session->record_parameters[0] != NULL)
+ session->security_parameters.epoch_min =
+ session->record_parameters[0]->epoch;
+
+ _gnutls_record_log("REC[%p]: End of epoch cleanup\n", session);
}
-static inline void
-free_record_state (record_state_st * state, int d)
+static inline void free_record_state(record_state_st * state, int d)
{
- _gnutls_free_datum (&state->mac_secret);
- _gnutls_free_datum (&state->IV);
- _gnutls_free_datum (&state->key);
+ _gnutls_free_datum(&state->mac_secret);
+ _gnutls_free_datum(&state->IV);
+ _gnutls_free_datum(&state->key);
- _gnutls_auth_cipher_deinit (&state->cipher_state);
+ _gnutls_auth_cipher_deinit(&state->cipher_state);
- if (state->compression_state.handle != NULL)
- _gnutls_comp_deinit (&state->compression_state, d);
+ if (state->compression_state.handle != NULL)
+ _gnutls_comp_deinit(&state->compression_state, d);
}
void
-_gnutls_epoch_free (gnutls_session_t session, record_parameters_st * params)
+_gnutls_epoch_free(gnutls_session_t session, record_parameters_st * params)
{
- _gnutls_record_log ("REC[%p]: Epoch #%u freed\n", session, params->epoch);
+ _gnutls_record_log("REC[%p]: Epoch #%u freed\n", session,
+ params->epoch);
- free_record_state (&params->read, 1);
- free_record_state (&params->write, 0);
+ free_record_state(&params->read, 1);
+ free_record_state(&params->write, 0);
- gnutls_free (params);
+ gnutls_free(params);
}
diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h
index cc83334fcf..bfec4534bb 100644
--- a/lib/gnutls_constate.h
+++ b/lib/gnutls_constate.h
@@ -23,67 +23,70 @@
#ifndef GNUTLS_CONSTATE_H
#define GNUTLS_CONSTATE_H
-int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int epoch_rel,
- const uint8_t suite[2]);
-int _gnutls_epoch_set_compression (gnutls_session_t session, int epoch_rel,
- gnutls_compression_method_t comp_algo);
-int _gnutls_epoch_get_compression (gnutls_session_t session, int epoch_rel);
-void _gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st * params);
-int _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch);
-int _gnutls_connection_state_init (gnutls_session_t session);
-int _gnutls_read_connection_state_init (gnutls_session_t session);
-int _gnutls_write_connection_state_init (gnutls_session_t session);
-
-int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st ** params_out);
-int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
- record_parameters_st ** out);
-void _gnutls_epoch_gc (gnutls_session_t session);
-void _gnutls_epoch_free (gnutls_session_t session,
- record_parameters_st * state);
-
-static inline int _gnutls_epoch_is_valid(gnutls_session_t session, int epoch)
+int _gnutls_epoch_set_cipher_suite(gnutls_session_t session, int epoch_rel,
+ const uint8_t suite[2]);
+int _gnutls_epoch_set_compression(gnutls_session_t session, int epoch_rel,
+ gnutls_compression_method_t comp_algo);
+int _gnutls_epoch_get_compression(gnutls_session_t session, int epoch_rel);
+void _gnutls_epoch_set_null_algos(gnutls_session_t session,
+ record_parameters_st * params);
+int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch);
+int _gnutls_connection_state_init(gnutls_session_t session);
+int _gnutls_read_connection_state_init(gnutls_session_t session);
+int _gnutls_write_connection_state_init(gnutls_session_t session);
+
+int _gnutls_epoch_get(gnutls_session_t session, unsigned int epoch_rel,
+ record_parameters_st ** params_out);
+int _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch,
+ record_parameters_st ** out);
+void _gnutls_epoch_gc(gnutls_session_t session);
+void _gnutls_epoch_free(gnutls_session_t session,
+ record_parameters_st * state);
+
+static inline int _gnutls_epoch_is_valid(gnutls_session_t session,
+ int epoch)
{
- record_parameters_st * params;
- int ret;
+ record_parameters_st *params;
+ int ret;
- ret = _gnutls_epoch_get( session, epoch, &params);
- if (ret < 0)
- return 0;
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return 0;
- return 1;
+ return 1;
}
-static inline int _gnutls_epoch_refcount_inc(gnutls_session_t session, int epoch)
+static inline int _gnutls_epoch_refcount_inc(gnutls_session_t session,
+ int epoch)
{
- record_parameters_st * params;
- int ret;
+ record_parameters_st *params;
+ int ret;
+
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return ret;
- ret = _gnutls_epoch_get( session, epoch, &params);
- if (ret < 0)
- return ret;
+ params->usage_cnt++;
- params->usage_cnt++;
-
- return params->epoch;
+ return params->epoch;
}
-static inline int _gnutls_epoch_refcount_dec(gnutls_session_t session, uint16_t epoch)
+static inline int _gnutls_epoch_refcount_dec(gnutls_session_t session,
+ uint16_t epoch)
{
- record_parameters_st * params;
- int ret;
-
- ret = _gnutls_epoch_get( session, epoch, &params);
- if (ret < 0)
- return ret;
-
- params->usage_cnt--;
- if (params->usage_cnt < 0)
- return GNUTLS_E_INTERNAL_ERROR;
-
- return 0;
+ record_parameters_st *params;
+ int ret;
+
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return ret;
+
+ params->usage_cnt--;
+ if (params->usage_cnt < 0)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ return 0;
}
#endif
diff --git a/lib/gnutls_datum.c b/lib/gnutls_datum.c
index 89b280a854..670279a246 100644
--- a/lib/gnutls_datum.c
+++ b/lib/gnutls_datum.c
@@ -31,47 +31,44 @@
#include <gnutls_errors.h>
int
-_gnutls_set_datum (gnutls_datum_t * dat, const void *data,
- size_t data_size)
+_gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size)
{
- if (data_size == 0 || data == NULL)
- {
- dat->data = NULL;
- dat->size = 0;
- return 0;
- }
+ if (data_size == 0 || data == NULL) {
+ dat->data = NULL;
+ dat->size = 0;
+ return 0;
+ }
- dat->data = gnutls_malloc (data_size);
- if (dat->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ dat->data = gnutls_malloc(data_size);
+ if (dat->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- dat->size = data_size;
- memcpy (dat->data, data, data_size);
+ dat->size = data_size;
+ memcpy(dat->data, data, data_size);
- return 0;
+ return 0;
}
int
-_gnutls_datum_append (gnutls_datum_t * dst, const void *data,
- size_t data_size)
+_gnutls_datum_append(gnutls_datum_t * dst, const void *data,
+ size_t data_size)
{
- dst->data = gnutls_realloc_fast (dst->data, data_size + dst->size);
- if (dst->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ dst->data = gnutls_realloc_fast(dst->data, data_size + dst->size);
+ if (dst->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- memcpy (&dst->data[dst->size], data, data_size);
- dst->size += data_size;
+ memcpy(&dst->data[dst->size], data, data_size);
+ dst->size += data_size;
- return 0;
+ return 0;
}
-void
-_gnutls_free_datum (gnutls_datum_t * dat)
+void _gnutls_free_datum(gnutls_datum_t * dat)
{
- if (dat->data != NULL)
- gnutls_free (dat->data);
+ if (dat->data != NULL)
+ gnutls_free(dat->data);
- dat->data = NULL;
- dat->size = 0;
+ dat->data = NULL;
+ dat->size = 0;
}
diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h
index e612c667a6..9397408047 100644
--- a/lib/gnutls_datum.h
+++ b/lib/gnutls_datum.h
@@ -23,12 +23,12 @@
#ifndef GNUTLS_DATUM_H
#define GNUTLS_DATUM_H
-int _gnutls_set_datum (gnutls_datum_t * dat, const void *data,
- size_t data_size);
+int _gnutls_set_datum(gnutls_datum_t * dat, const void *data,
+ size_t data_size);
-int _gnutls_datum_append (gnutls_datum_t * dat, const void *data,
- size_t data_size);
+int _gnutls_datum_append(gnutls_datum_t * dat, const void *data,
+ size_t data_size);
-void _gnutls_free_datum (gnutls_datum_t * dat);
+void _gnutls_free_datum(gnutls_datum_t * dat);
#endif
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index 382e53b4ec..2d9b744a72 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -47,10 +47,10 @@
* gnutls_db_set_ptr() has been called.
**/
void
-gnutls_db_set_retrieve_function (gnutls_session_t session,
- gnutls_db_retr_func retr_func)
+gnutls_db_set_retrieve_function(gnutls_session_t session,
+ gnutls_db_retr_func retr_func)
{
- session->internals.db_retrieve_func = retr_func;
+ session->internals.db_retrieve_func = retr_func;
}
/**
@@ -65,10 +65,10 @@ gnutls_db_set_retrieve_function (gnutls_session_t session,
* gnutls_db_set_ptr() has been called.
**/
void
-gnutls_db_set_remove_function (gnutls_session_t session,
- gnutls_db_remove_func rem_func)
+gnutls_db_set_remove_function(gnutls_session_t session,
+ gnutls_db_remove_func rem_func)
{
- session->internals.db_remove_func = rem_func;
+ session->internals.db_remove_func = rem_func;
}
/**
@@ -83,10 +83,10 @@ gnutls_db_set_remove_function (gnutls_session_t session,
* gnutls_db_set_ptr() has been called.
**/
void
-gnutls_db_set_store_function (gnutls_session_t session,
- gnutls_db_store_func store_func)
+gnutls_db_set_store_function(gnutls_session_t session,
+ gnutls_db_store_func store_func)
{
- session->internals.db_store_func = store_func;
+ session->internals.db_store_func = store_func;
}
/**
@@ -97,10 +97,9 @@ gnutls_db_set_store_function (gnutls_session_t session,
* Sets the pointer that will be provided to db store, retrieve and
* delete functions, as the first argument.
**/
-void
-gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
+void gnutls_db_set_ptr(gnutls_session_t session, void *ptr)
{
- session->internals.db_ptr = ptr;
+ session->internals.db_ptr = ptr;
}
/**
@@ -112,10 +111,9 @@ gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
* Returns: the pointer that will be sent to db store, retrieve and
* delete functions, as the first argument.
**/
-void *
-gnutls_db_get_ptr (gnutls_session_t session)
+void *gnutls_db_get_ptr(gnutls_session_t session)
{
- return session->internals.db_ptr;
+ return session->internals.db_ptr;
}
/**
@@ -126,10 +124,9 @@ gnutls_db_get_ptr (gnutls_session_t session)
* Set the expiration time for resumed sessions. The default is 3600
* (one hour) at the time of this writing.
**/
-void
-gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
+void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds)
{
- session->internals.expire_time = seconds;
+ session->internals.expire_time = seconds;
}
/**
@@ -143,9 +140,10 @@ gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
* expired or 0 otherwise.
**/
int
-gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
+gnutls_db_check_entry(gnutls_session_t session,
+ gnutls_datum_t session_entry)
{
- return 0;
+ return 0;
}
/**
@@ -158,152 +156,144 @@ gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
*
* Returns: The time this entry was created, or zero on error.
**/
-time_t
-gnutls_db_check_entry_time (gnutls_datum_t *entry)
+time_t gnutls_db_check_entry_time(gnutls_datum_t * entry)
{
-uint32_t t;
-uint32_t magic;
-
- if (entry->size < 8)
- return gnutls_assert_val(0);
-
- memcpy(&magic, entry->data, 4);
-
- if (magic != PACKED_SESSION_MAGIC)
- return gnutls_assert_val(0);
-
- memcpy(&t, &entry->data[4], 4);
-
- return t;
+ uint32_t t;
+ uint32_t magic;
+
+ if (entry->size < 8)
+ return gnutls_assert_val(0);
+
+ memcpy(&magic, entry->data, 4);
+
+ if (magic != PACKED_SESSION_MAGIC)
+ return gnutls_assert_val(0);
+
+ memcpy(&t, &entry->data[4], 4);
+
+ return t;
}
/* Checks if both db_store and db_retrieve functions have
* been set up.
*/
-static int
-db_func_is_ok (gnutls_session_t session)
+static int db_func_is_ok(gnutls_session_t session)
{
- if (session->internals.db_store_func != NULL &&
- session->internals.db_retrieve_func != NULL)
- return 0;
- else
- return GNUTLS_E_DB_ERROR;
+ if (session->internals.db_store_func != NULL &&
+ session->internals.db_retrieve_func != NULL)
+ return 0;
+ else
+ return GNUTLS_E_DB_ERROR;
}
/* Stores session data to the db backend.
*/
static int
-store_session (gnutls_session_t session,
- gnutls_datum_t session_id,
- gnutls_datum_t session_data)
+store_session(gnutls_session_t session,
+ gnutls_datum_t session_id, gnutls_datum_t session_data)
{
- int ret = 0;
+ int ret = 0;
- if (db_func_is_ok (session) != 0)
- {
- return GNUTLS_E_DB_ERROR;
- }
+ if (db_func_is_ok(session) != 0) {
+ return GNUTLS_E_DB_ERROR;
+ }
- if (session_data.data == NULL || session_data.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
+ if (session_data.data == NULL || session_data.size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
- /* if we can't read why bother writing? */
- ret = session->internals.db_store_func (session->internals.db_ptr,
- session_id, session_data);
+ /* if we can't read why bother writing? */
+ ret = session->internals.db_store_func(session->internals.db_ptr,
+ session_id, session_data);
- return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
+ return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
}
-int
-_gnutls_server_register_current_session (gnutls_session_t session)
+int _gnutls_server_register_current_session(gnutls_session_t session)
{
- gnutls_datum_t key;
- gnutls_datum_t content;
- int ret = 0;
-
- key.data = session->security_parameters.session_id;
- key.size = session->security_parameters.session_id_size;
-
- if (session->internals.resumable == RESUME_FALSE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- if (session->security_parameters.session_id == NULL
- || session->security_parameters.session_id_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- ret = _gnutls_session_pack (session, &content);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = store_session (session, key, content);
- _gnutls_free_datum (&content);
-
- return ret;
+ gnutls_datum_t key;
+ gnutls_datum_t content;
+ int ret = 0;
+
+ key.data = session->security_parameters.session_id;
+ key.size = session->security_parameters.session_id_size;
+
+ if (session->internals.resumable == RESUME_FALSE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ if (session->security_parameters.session_id == NULL
+ || session->security_parameters.session_id_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ ret = _gnutls_session_pack(session, &content);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = store_session(session, key, content);
+ _gnutls_free_datum(&content);
+
+ return ret;
}
int
-_gnutls_server_restore_session (gnutls_session_t session,
- uint8_t * session_id, int session_id_size)
+_gnutls_server_restore_session(gnutls_session_t session,
+ uint8_t * session_id, int session_id_size)
{
- gnutls_datum_t data;
- gnutls_datum_t key;
- int ret;
-
- if (session_id == NULL || session_id_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (session->internals.premaster_set != 0)
- { /* hack for CISCO's DTLS-0.9 */
- if (session_id_size == session->internals.resumed_security_parameters.session_id_size &&
- memcmp(session_id, session->internals.resumed_security_parameters.session_id, session_id_size) == 0)
- return 0;
- }
-
- key.data = session_id;
- key.size = session_id_size;
-
- if (db_func_is_ok (session) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- data = session->internals.db_retrieve_func (session->internals.db_ptr,
- key);
-
- if (data.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- /* expiration check is performed inside */
- ret = gnutls_session_set_data (session, data.data, data.size);
- gnutls_free (data.data);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
-
- return 0;
+ gnutls_datum_t data;
+ gnutls_datum_t key;
+ int ret;
+
+ if (session_id == NULL || session_id_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (session->internals.premaster_set != 0) { /* hack for CISCO's DTLS-0.9 */
+ if (session_id_size ==
+ session->internals.resumed_security_parameters.
+ session_id_size
+ && memcmp(session_id,
+ session->internals.
+ resumed_security_parameters.session_id,
+ session_id_size) == 0)
+ return 0;
+ }
+
+ key.data = session_id;
+ key.size = session_id_size;
+
+ if (db_func_is_ok(session) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ data =
+ session->internals.db_retrieve_func(session->internals.db_ptr,
+ key);
+
+ if (data.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ /* expiration check is performed inside */
+ ret = gnutls_session_set_data(session, data.data, data.size);
+ gnutls_free(data.data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+
+ return 0;
}
/**
@@ -318,30 +308,27 @@ _gnutls_server_restore_session (gnutls_session_t session,
* Normally gnutls_deinit() will remove abnormally terminated
* sessions.
**/
-void
-gnutls_db_remove_session (gnutls_session_t session)
+void gnutls_db_remove_session(gnutls_session_t session)
{
- gnutls_datum_t session_id;
- int ret = 0;
-
- session_id.data = session->security_parameters.session_id;
- session_id.size = session->security_parameters.session_id_size;
-
- if (session->internals.db_remove_func == NULL)
- {
- gnutls_assert ();
- return /* GNUTLS_E_DB_ERROR */;
- }
-
- if (session_id.data == NULL || session_id.size == 0)
- {
- gnutls_assert ();
- return /* GNUTLS_E_INVALID_SESSION */;
- }
-
- /* if we can't read why bother writing? */
- ret = session->internals.db_remove_func (session->internals.db_ptr,
- session_id);
- if (ret != 0)
- gnutls_assert ();
+ gnutls_datum_t session_id;
+ int ret = 0;
+
+ session_id.data = session->security_parameters.session_id;
+ session_id.size = session->security_parameters.session_id_size;
+
+ if (session->internals.db_remove_func == NULL) {
+ gnutls_assert();
+ return /* GNUTLS_E_DB_ERROR */ ;
+ }
+
+ if (session_id.data == NULL || session_id.size == 0) {
+ gnutls_assert();
+ return /* GNUTLS_E_INVALID_SESSION */ ;
+ }
+
+ /* if we can't read why bother writing? */
+ ret = session->internals.db_remove_func(session->internals.db_ptr,
+ session_id);
+ if (ret != 0)
+ gnutls_assert();
}
diff --git a/lib/gnutls_db.h b/lib/gnutls_db.h
index 4dc8c77858..20a8cbf886 100644
--- a/lib/gnutls_db.h
+++ b/lib/gnutls_db.h
@@ -20,9 +20,9 @@
*
*/
-int _gnutls_server_register_current_session (gnutls_session_t session);
-int _gnutls_server_restore_session (gnutls_session_t session,
- uint8_t * session_id,
- int session_id_size);
+int _gnutls_server_register_current_session(gnutls_session_t session);
+int _gnutls_server_restore_session(gnutls_session_t session,
+ uint8_t * session_id,
+ int session_id_size);
#define PACKED_SESSION_MAGIC 0xfadebadd
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index 7b9b79f1a6..5bbb0a6ced 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -46,115 +46,110 @@
/* returns the public value (X), and the secret (ret_x).
*/
int
-gnutls_calc_dh_secret (bigint_t* ret_y, bigint_t * ret_x, bigint_t g, bigint_t prime,
- unsigned int q_bits)
+gnutls_calc_dh_secret(bigint_t * ret_y, bigint_t * ret_x, bigint_t g,
+ bigint_t prime, unsigned int q_bits)
{
- bigint_t e=NULL, x = NULL;
- unsigned int x_size;
- int ret;
-
- if (q_bits == 0)
- {
- x_size = _gnutls_mpi_get_nbits (prime);
- if (x_size > 0) x_size--;
- }
- else
- x_size = q_bits;
-
- if (x_size > MAX_BITS || x_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- x = _gnutls_mpi_new(x_size);
- if (x == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto fail;
- }
-
- e = _gnutls_mpi_alloc_like (prime);
- if (e == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto fail;
- }
-
- do
- {
- if (_gnutls_mpi_randomize (x, x_size, GNUTLS_RND_RANDOM) == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto fail;
- }
-
- _gnutls_mpi_powm (e, g, x, prime);
- }
- while(_gnutls_mpi_cmp_ui(e, 1) == 0);
-
- *ret_x = x;
- *ret_y = e;
-
- return 0;
-
-fail:
- if (x) _gnutls_mpi_release (&x);
- if (e) _gnutls_mpi_release (&e);
- return ret;
+ bigint_t e = NULL, x = NULL;
+ unsigned int x_size;
+ int ret;
+
+ if (q_bits == 0) {
+ x_size = _gnutls_mpi_get_nbits(prime);
+ if (x_size > 0)
+ x_size--;
+ } else
+ x_size = q_bits;
+
+ if (x_size > MAX_BITS || x_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ x = _gnutls_mpi_new(x_size);
+ if (x == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
+
+ e = _gnutls_mpi_alloc_like(prime);
+ if (e == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
+
+ do {
+ if (_gnutls_mpi_randomize(x, x_size, GNUTLS_RND_RANDOM) ==
+ NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ _gnutls_mpi_powm(e, g, x, prime);
+ }
+ while (_gnutls_mpi_cmp_ui(e, 1) == 0);
+
+ *ret_x = x;
+ *ret_y = e;
+
+ return 0;
+
+ fail:
+ if (x)
+ _gnutls_mpi_release(&x);
+ if (e)
+ _gnutls_mpi_release(&e);
+ return ret;
}
/* returns f^x mod prime
*/
int
-gnutls_calc_dh_key (bigint_t *key, bigint_t f, bigint_t x, bigint_t prime)
+gnutls_calc_dh_key(bigint_t * key, bigint_t f, bigint_t x, bigint_t prime)
{
- bigint_t k, ff;
- unsigned int bits;
- int ret;
-
- ff = _gnutls_mpi_mod(f, prime);
- _gnutls_mpi_add_ui(ff, ff, 1);
-
- /* check if f==0,1,p-1.
- * or (ff=f+1) equivalently ff==1,2,p */
- if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) || (_gnutls_mpi_cmp_ui(ff, 1) == 0) ||
- (_gnutls_mpi_cmp(ff,prime) == 0))
- {
- gnutls_assert();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto cleanup;
- }
-
- bits = _gnutls_mpi_get_nbits (prime);
- if (bits == 0 || bits > MAX_BITS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto cleanup;
- }
-
- k = _gnutls_mpi_alloc_like (prime);
- if (k == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- _gnutls_mpi_powm (k, f, x, prime);
-
- *key = k;
-
- ret = 0;
-cleanup:
- _gnutls_mpi_release (&ff);
-
- return ret;
+ bigint_t k, ff;
+ unsigned int bits;
+ int ret;
+
+ ff = _gnutls_mpi_mod(f, prime);
+ _gnutls_mpi_add_ui(ff, ff, 1);
+
+ /* check if f==0,1,p-1.
+ * or (ff=f+1) equivalently ff==1,2,p */
+ if ((_gnutls_mpi_cmp_ui(ff, 2) == 0)
+ || (_gnutls_mpi_cmp_ui(ff, 1) == 0)
+ || (_gnutls_mpi_cmp(ff, prime) == 0)) {
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto cleanup;
+ }
+
+ bits = _gnutls_mpi_get_nbits(prime);
+ if (bits == 0 || bits > MAX_BITS) {
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto cleanup;
+ }
+
+ k = _gnutls_mpi_alloc_like(prime);
+ if (k == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ _gnutls_mpi_powm(k, f, x, prime);
+
+ *key = k;
+
+ ret = 0;
+ cleanup:
+ _gnutls_mpi_release(&ff);
+
+ return ret;
}
/*-
@@ -166,31 +161,28 @@ cleanup:
* This function will return the dh parameters pointer.
-*/
gnutls_dh_params_t
-_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
- gnutls_params_function * func,
- gnutls_session_t session)
+_gnutls_get_dh_params(gnutls_dh_params_t dh_params,
+ gnutls_params_function * func,
+ gnutls_session_t session)
{
- gnutls_params_st params;
- int ret;
-
- /* if cached return the cached */
- if (session->internals.params.dh_params)
- return session->internals.params.dh_params;
-
- if (dh_params)
- {
- session->internals.params.dh_params = dh_params;
- }
- else if (func)
- {
- ret = func (session, GNUTLS_PARAMS_DH, &params);
- if (ret == 0 && params.type == GNUTLS_PARAMS_DH)
- {
- session->internals.params.dh_params = params.params.dh;
- session->internals.params.free_dh_params = params.deinit;
- }
- }
-
- return session->internals.params.dh_params;
+ gnutls_params_st params;
+ int ret;
+
+ /* if cached return the cached */
+ if (session->internals.params.dh_params)
+ return session->internals.params.dh_params;
+
+ if (dh_params) {
+ session->internals.params.dh_params = dh_params;
+ } else if (func) {
+ ret = func(session, GNUTLS_PARAMS_DH, &params);
+ if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
+ session->internals.params.dh_params =
+ params.params.dh;
+ session->internals.params.free_dh_params =
+ params.deinit;
+ }
+ }
+
+ return session->internals.params.dh_params;
}
-
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index f4b5952fd0..fec2ec8282 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -23,14 +23,15 @@
#ifndef GNUTLS_DH_H
#define GNUTLS_DH_H
-const bigint_t *_gnutls_dh_params_to_mpi (gnutls_dh_params_t);
-int gnutls_calc_dh_secret (bigint_t* ret_y, bigint_t * ret_x, bigint_t g, bigint_t,
- unsigned int q_bits);
-int gnutls_calc_dh_key (bigint_t* key, bigint_t f, bigint_t x, bigint_t prime);
+const bigint_t *_gnutls_dh_params_to_mpi(gnutls_dh_params_t);
+int gnutls_calc_dh_secret(bigint_t * ret_y, bigint_t * ret_x, bigint_t g,
+ bigint_t, unsigned int q_bits);
+int gnutls_calc_dh_key(bigint_t * key, bigint_t f, bigint_t x,
+ bigint_t prime);
gnutls_dh_params_t
-_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
- gnutls_params_function * func,
- gnutls_session_t session);
+_gnutls_get_dh_params(gnutls_dh_params_t dh_params,
+ gnutls_params_function * func,
+ gnutls_session_t session);
#endif
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index 328f6ebf62..cb18785f51 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -23,7 +23,7 @@
#include <gnutls_int.h>
#include <gnutls_errors.h>
#include <gnutls_datum.h>
-#include <x509_b64.h> /* for PKCS3 PEM decoding */
+#include <x509_b64.h> /* for PKCS3 PEM decoding */
#include <gnutls_global.h>
#include <gnutls_dh.h>
#include <gnutls_pk.h>
@@ -35,16 +35,14 @@
/* returns the prime and the generator of DH params.
*/
-const bigint_t *
-_gnutls_dh_params_to_mpi (gnutls_dh_params_t dh_primes)
+const bigint_t *_gnutls_dh_params_to_mpi(gnutls_dh_params_t dh_primes)
{
- if (dh_primes == NULL || dh_primes->params[1] == NULL ||
- dh_primes->params[0] == NULL)
- {
- return NULL;
- }
+ if (dh_primes == NULL || dh_primes->params[1] == NULL ||
+ dh_primes->params[0] == NULL) {
+ return NULL;
+ }
- return dh_primes->params;
+ return dh_primes->params;
}
@@ -62,34 +60,32 @@ _gnutls_dh_params_to_mpi (gnutls_dh_params_t dh_primes)
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
- const gnutls_datum_t * prime,
- const gnutls_datum_t * generator)
+gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
+ const gnutls_datum_t * prime,
+ const gnutls_datum_t * generator)
{
- bigint_t tmp_prime, tmp_g;
- size_t siz;
-
- siz = prime->size;
- if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, siz))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = generator->size;
- if (_gnutls_mpi_scan_nz (&tmp_g, generator->data, siz))
- {
- _gnutls_mpi_release (&tmp_prime);
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* store the generated values
- */
- dh_params->params[0] = tmp_prime;
- dh_params->params[1] = tmp_g;
-
- return 0;
+ bigint_t tmp_prime, tmp_g;
+ size_t siz;
+
+ siz = prime->size;
+ if (_gnutls_mpi_scan_nz(&tmp_prime, prime->data, siz)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = generator->size;
+ if (_gnutls_mpi_scan_nz(&tmp_g, generator->data, siz)) {
+ _gnutls_mpi_release(&tmp_prime);
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* store the generated values
+ */
+ dh_params->params[0] = tmp_prime;
+ dh_params->params[1] = tmp_g;
+
+ return 0;
}
@@ -102,18 +98,16 @@ gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-int
-gnutls_dh_params_init (gnutls_dh_params_t * dh_params)
+int gnutls_dh_params_init(gnutls_dh_params_t * dh_params)
{
- (*dh_params) = gnutls_calloc (1, sizeof (dh_params_st));
- if (*dh_params == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ (*dh_params) = gnutls_calloc(1, sizeof(dh_params_st));
+ if (*dh_params == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
@@ -123,16 +117,15 @@ gnutls_dh_params_init (gnutls_dh_params_t * dh_params)
*
* This function will deinitialize the DH parameters structure.
**/
-void
-gnutls_dh_params_deinit (gnutls_dh_params_t dh_params)
+void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params)
{
- if (dh_params == NULL)
- return;
+ if (dh_params == NULL)
+ return;
- _gnutls_mpi_release (&dh_params->params[0]);
- _gnutls_mpi_release (&dh_params->params[1]);
+ _gnutls_mpi_release(&dh_params->params[0]);
+ _gnutls_mpi_release(&dh_params->params[1]);
- gnutls_free (dh_params);
+ gnutls_free(dh_params);
}
@@ -147,20 +140,19 @@ gnutls_dh_params_deinit (gnutls_dh_params_t dh_params)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-int
-gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src)
+int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src)
{
- if (src == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (src == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- dst->params[0] = _gnutls_mpi_copy (src->params[0]);
- dst->params[1] = _gnutls_mpi_copy (src->params[1]);
- dst->q_bits = src->q_bits;
+ dst->params[0] = _gnutls_mpi_copy(src->params[0]);
+ dst->params[1] = _gnutls_mpi_copy(src->params[1]);
+ dst->q_bits = src->q_bits;
- if (dst->params[0] == NULL || dst->params[1] == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (dst->params[0] == NULL || dst->params[1] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
@@ -184,23 +176,22 @@ gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src)
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_generate2 (gnutls_dh_params_t params, unsigned int bits)
+gnutls_dh_params_generate2(gnutls_dh_params_t params, unsigned int bits)
{
- int ret;
- gnutls_group_st group;
-
- ret = _gnutls_mpi_generate_group (&group, bits);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- params->params[0] = group.p;
- params->params[1] = group.g;
- params->q_bits = group.q_bits;
-
- return 0;
+ int ret;
+ gnutls_group_st group;
+
+ ret = _gnutls_mpi_generate_group(&group, bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ params->params[0] = group.p;
+ params->params[1] = group.g;
+ params->q_bits = group.q_bits;
+
+ return 0;
}
/**
@@ -219,116 +210,103 @@ gnutls_dh_params_generate2 (gnutls_dh_params_t params, unsigned int bits)
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
- const gnutls_datum_t * pkcs3_params,
- gnutls_x509_crt_fmt_t format)
+gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
+ const gnutls_datum_t * pkcs3_params,
+ gnutls_x509_crt_fmt_t format)
{
- ASN1_TYPE c2;
- int result, need_free = 0;
- unsigned int q_bits;
- gnutls_datum_t _params;
-
- if (format == GNUTLS_X509_FMT_PEM)
- {
-
- result = _gnutls_fbase64_decode ("DH PARAMETERS",
- pkcs3_params->data,
- pkcs3_params->size, &_params);
-
- if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
- else
- {
- _params.data = pkcs3_params->data;
- _params.size = pkcs3_params->size;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DHParameter", &c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- if (need_free != 0)
- {
- gnutls_free (_params.data);
- _params.data = NULL;
- }
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, _params.data, _params.size, NULL);
-
- if (need_free != 0)
- {
- gnutls_free (_params.data);
- _params.data = NULL;
- }
-
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
-
- _gnutls_debug_log ("DHParams: Decoding error %d\n", result);
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* Read q length */
- result = _gnutls_x509_read_uint (c2, "privateValueLength", &q_bits);
- if (result < 0)
- {
- gnutls_assert ();
- params->q_bits = 0;
- }
- else
- params->q_bits = q_bits;
-
- /* Read PRIME
- */
- result = _gnutls_x509_read_int (c2, "prime", &params->params[0]);
- if (result < 0)
- {
- asn1_delete_structure (&c2);
- gnutls_assert ();
- return result;
- }
-
- if (_gnutls_mpi_cmp_ui(params->params[0], 0) == 0)
- {
- asn1_delete_structure (&c2);
- return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- }
-
- /* read the generator
- */
- result = _gnutls_x509_read_int (c2, "base", &params->params[1]);
- if (result < 0)
- {
- asn1_delete_structure (&c2);
- _gnutls_mpi_release (&params->params[0]);
- gnutls_assert ();
- return result;
- }
-
- if (_gnutls_mpi_cmp_ui(params->params[1], 0) == 0)
- {
- asn1_delete_structure (&c2);
- _gnutls_mpi_release (&params->params[0]);
- return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
+ ASN1_TYPE c2;
+ int result, need_free = 0;
+ unsigned int q_bits;
+ gnutls_datum_t _params;
+
+ if (format == GNUTLS_X509_FMT_PEM) {
+
+ result = _gnutls_fbase64_decode("DH PARAMETERS",
+ pkcs3_params->data,
+ pkcs3_params->size,
+ &_params);
+
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ } else {
+ _params.data = pkcs3_params->data;
+ _params.size = pkcs3_params->size;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ if (need_free != 0) {
+ gnutls_free(_params.data);
+ _params.data = NULL;
+ }
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, _params.data, _params.size, NULL);
+
+ if (need_free != 0) {
+ gnutls_free(_params.data);
+ _params.data = NULL;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+
+ _gnutls_debug_log("DHParams: Decoding error %d\n", result);
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Read q length */
+ result = _gnutls_x509_read_uint(c2, "privateValueLength", &q_bits);
+ if (result < 0) {
+ gnutls_assert();
+ params->q_bits = 0;
+ } else
+ params->q_bits = q_bits;
+
+ /* Read PRIME
+ */
+ result = _gnutls_x509_read_int(c2, "prime", &params->params[0]);
+ if (result < 0) {
+ asn1_delete_structure(&c2);
+ gnutls_assert();
+ return result;
+ }
+
+ if (_gnutls_mpi_cmp_ui(params->params[0], 0) == 0) {
+ asn1_delete_structure(&c2);
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ }
+
+ /* read the generator
+ */
+ result = _gnutls_x509_read_int(c2, "base", &params->params[1]);
+ if (result < 0) {
+ asn1_delete_structure(&c2);
+ _gnutls_mpi_release(&params->params[0]);
+ gnutls_assert();
+ return result;
+ }
+
+ if (_gnutls_mpi_cmp_ui(params->params[1], 0) == 0) {
+ asn1_delete_structure(&c2);
+ _gnutls_mpi_release(&params->params[0]);
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
}
/**
@@ -350,36 +328,34 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size)
+gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
{
-gnutls_datum_t out;
-int ret;
-
- ret = gnutls_dh_params_export2_pkcs3( params, format, &out);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (*params_data_size < (unsigned) out.size+1)
- {
- gnutls_assert ();
- gnutls_free (out.data);
- *params_data_size = out.size + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *params_data_size = out.size;
- if (params_data)
- {
- memcpy( params_data, out.data, out.size);
- params_data[out.size] = 0;
- }
-
- gnutls_free(out.data);
-
- return 0;
+ gnutls_datum_t out;
+ int ret;
+
+ ret = gnutls_dh_params_export2_pkcs3(params, format, &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (*params_data_size < (unsigned) out.size + 1) {
+ gnutls_assert();
+ gnutls_free(out.data);
+ *params_data_size = out.size + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *params_data_size = out.size;
+ if (params_data) {
+ memcpy(params_data, out.data, out.size);
+ params_data[out.size] = 0;
+ }
+
+ gnutls_free(out.data);
+
+ return 0;
}
/**
@@ -401,116 +377,112 @@ int ret;
* Since: 3.1.3
**/
int
-gnutls_dh_params_export2_pkcs3 (gnutls_dh_params_t params,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out)
+gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out)
{
- ASN1_TYPE c2;
- int result;
- size_t g_size, p_size;
- uint8_t *p_data, *g_data;
- uint8_t *all_data;
-
- _gnutls_mpi_print_lz (params->params[1], NULL, &g_size);
- _gnutls_mpi_print_lz (params->params[0], NULL, &p_size);
-
- all_data = gnutls_malloc (g_size + p_size);
- if (all_data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p_data = &all_data[0];
- _gnutls_mpi_print_lz (params->params[0], p_data, &p_size);
-
- g_data = &all_data[p_size];
- _gnutls_mpi_print_lz (params->params[1], g_data, &g_size);
-
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DHParameter", &c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (all_data);
- return _gnutls_asn2err (result);
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value (c2, "prime",
- p_data, p_size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (all_data);
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- if (params->q_bits > 0)
- result = _gnutls_x509_write_uint32 (c2, "privateValueLength", params->q_bits);
- else
- result = asn1_write_value (c2, "privateValueLength", NULL, 0);
-
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (all_data);
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* Write the GENERATOR
- */
- if ((result = asn1_write_value (c2, "base",
- g_data, g_size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (all_data);
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- gnutls_free (all_data);
-
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- result = _gnutls_x509_der_encode(c2, "", out, 0);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- return gnutls_assert_val (result);
-
- }
- else
- { /* PEM */
- gnutls_datum_t t;
-
- result = _gnutls_x509_der_encode(c2, "", &t, 0);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- return gnutls_assert_val (result);
-
- result = _gnutls_fbase64_encode("DH PARAMETERS", t.data, t.size, out);
-
- gnutls_free (t.data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- return 0;
+ ASN1_TYPE c2;
+ int result;
+ size_t g_size, p_size;
+ uint8_t *p_data, *g_data;
+ uint8_t *all_data;
+
+ _gnutls_mpi_print_lz(params->params[1], NULL, &g_size);
+ _gnutls_mpi_print_lz(params->params[0], NULL, &p_size);
+
+ all_data = gnutls_malloc(g_size + p_size);
+ if (all_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p_data = &all_data[0];
+ _gnutls_mpi_print_lz(params->params[0], p_data, &p_size);
+
+ g_data = &all_data[p_size];
+ _gnutls_mpi_print_lz(params->params[1], g_data, &g_size);
+
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value(c2, "prime",
+ p_data, p_size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ if (params->q_bits > 0)
+ result =
+ _gnutls_x509_write_uint32(c2, "privateValueLength",
+ params->q_bits);
+ else
+ result =
+ asn1_write_value(c2, "privateValueLength", NULL, 0);
+
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Write the GENERATOR
+ */
+ if ((result = asn1_write_value(c2, "base",
+ g_data, g_size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ gnutls_free(all_data);
+
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ result = _gnutls_x509_der_encode(c2, "", out, 0);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ } else { /* PEM */
+ gnutls_datum_t t;
+
+ result = _gnutls_x509_der_encode(c2, "", &t, 0);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ result =
+ _gnutls_fbase64_encode("DH PARAMETERS", t.data, t.size,
+ out);
+
+ gnutls_free(t.data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ return 0;
}
/**
@@ -529,36 +501,33 @@ gnutls_dh_params_export2_pkcs3 (gnutls_dh_params_t params,
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_export_raw (gnutls_dh_params_t params,
- gnutls_datum_t * prime,
- gnutls_datum_t * generator, unsigned int *bits)
+gnutls_dh_params_export_raw(gnutls_dh_params_t params,
+ gnutls_datum_t * prime,
+ gnutls_datum_t * generator, unsigned int *bits)
{
- int ret;
-
- if (params->params[1] == NULL || params->params[0] == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_mpi_dprint (params->params[1], generator);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint (params->params[0], prime);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (generator);
- return ret;
- }
-
- if (bits)
- *bits = params->q_bits;
-
- return 0;
+ int ret;
+
+ if (params->params[1] == NULL || params->params[0] == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_mpi_dprint(params->params[1], generator);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(params->params[0], prime);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(generator);
+ return ret;
+ }
+
+ if (bits)
+ *bits = params->q_bits;
+
+ return 0;
}
diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index 64bf54a5d6..a8da2f07df 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -37,18 +37,18 @@
#include <gnutls/dtls.h>
#include <algorithms.h>
-void
-_dtls_async_timer_delete (gnutls_session_t session)
+void _dtls_async_timer_delete(gnutls_session_t session)
{
- if (session->internals.dtls.async_term != 0)
- {
- _gnutls_dtls_log ("DTLS[%p]: Deinitializing previous handshake state.\n", session);
- session->internals.dtls.async_term = 0; /* turn off "timer" */
-
- _dtls_reset_hsk_state(session);
- _gnutls_handshake_io_buffer_clear (session);
- _gnutls_epoch_gc(session);
- }
+ if (session->internals.dtls.async_term != 0) {
+ _gnutls_dtls_log
+ ("DTLS[%p]: Deinitializing previous handshake state.\n",
+ session);
+ session->internals.dtls.async_term = 0; /* turn off "timer" */
+
+ _dtls_reset_hsk_state(session);
+ _gnutls_handshake_io_buffer_clear(session);
+ _gnutls_epoch_gc(session);
+ }
}
/* This function fragments and transmits a previously buffered
@@ -56,97 +56,99 @@ _dtls_async_timer_delete (gnutls_session_t session)
* be reused (should be set to NULL initially).
*/
static inline int
-transmit_message (gnutls_session_t session,
- mbuffer_st *bufel, uint8_t **buf)
+transmit_message(gnutls_session_t session,
+ mbuffer_st * bufel, uint8_t ** buf)
{
- uint8_t *data, *mtu_data;
- int ret = 0;
- unsigned int offset, frag_len, data_size;
- const unsigned int mtu = gnutls_dtls_get_data_mtu(session) - DTLS_HANDSHAKE_HEADER_SIZE;
-
- if (bufel->type == GNUTLS_CHANGE_CIPHER_SPEC)
- {
- _gnutls_dtls_log ("DTLS[%p]: Sending Packet[%u] fragment %s(%d)\n",
- session, bufel->handshake_sequence,
- _gnutls_handshake2str (bufel->htype),
- bufel->htype);
-
- return _gnutls_send_int (session, bufel->type, -1,
- bufel->epoch,
- _mbuffer_get_uhead_ptr(bufel),
- _mbuffer_get_uhead_size(bufel), 0);
- }
-
- if (*buf == NULL) *buf = gnutls_malloc(mtu + DTLS_HANDSHAKE_HEADER_SIZE);
- if (*buf == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- mtu_data = *buf;
-
- data = _mbuffer_get_udata_ptr( bufel);
- data_size = _mbuffer_get_udata_size(bufel);
-
- /* Write fixed headers
- */
-
- /* Handshake type */
- mtu_data[0] = (uint8_t) bufel->htype;
-
- /* Total length */
- _gnutls_write_uint24 (data_size, &mtu_data[1]);
-
- /* Handshake sequence */
- _gnutls_write_uint16 (bufel->handshake_sequence, &mtu_data[4]);
-
- /* Chop up and send handshake message into mtu-size pieces. */
- for (offset=0; offset <= data_size; offset += mtu)
- {
- /* Calculate fragment length */
- if(offset + mtu > data_size)
- frag_len = data_size - offset;
- else
- frag_len = mtu;
-
- /* Fragment offset */
- _gnutls_write_uint24 (offset, &mtu_data[6]);
-
- /* Fragment length */
- _gnutls_write_uint24 (frag_len, &mtu_data[9]);
-
- memcpy (&mtu_data[DTLS_HANDSHAKE_HEADER_SIZE], data+offset, frag_len);
-
- _gnutls_dtls_log ("DTLS[%p]: Sending Packet[%u] fragment %s(%d) with "
- "length: %u, offset: %u, fragment length: %u\n",
- session, bufel->handshake_sequence,
- _gnutls_handshake2str (bufel->htype),
- bufel->htype, data_size, offset, frag_len);
-
- ret = _gnutls_send_int (session, bufel->type, bufel->htype,
- bufel->epoch, mtu_data, DTLS_HANDSHAKE_HEADER_SIZE + frag_len, 0);
- if (ret < 0)
- {
- gnutls_assert();
- break;
- }
- }
-
- return ret;
+ uint8_t *data, *mtu_data;
+ int ret = 0;
+ unsigned int offset, frag_len, data_size;
+ const unsigned int mtu =
+ gnutls_dtls_get_data_mtu(session) - DTLS_HANDSHAKE_HEADER_SIZE;
+
+ if (bufel->type == GNUTLS_CHANGE_CIPHER_SPEC) {
+ _gnutls_dtls_log
+ ("DTLS[%p]: Sending Packet[%u] fragment %s(%d)\n",
+ session, bufel->handshake_sequence,
+ _gnutls_handshake2str(bufel->htype), bufel->htype);
+
+ return _gnutls_send_int(session, bufel->type, -1,
+ bufel->epoch,
+ _mbuffer_get_uhead_ptr(bufel),
+ _mbuffer_get_uhead_size(bufel), 0);
+ }
+
+ if (*buf == NULL)
+ *buf = gnutls_malloc(mtu + DTLS_HANDSHAKE_HEADER_SIZE);
+ if (*buf == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ mtu_data = *buf;
+
+ data = _mbuffer_get_udata_ptr(bufel);
+ data_size = _mbuffer_get_udata_size(bufel);
+
+ /* Write fixed headers
+ */
+
+ /* Handshake type */
+ mtu_data[0] = (uint8_t) bufel->htype;
+
+ /* Total length */
+ _gnutls_write_uint24(data_size, &mtu_data[1]);
+
+ /* Handshake sequence */
+ _gnutls_write_uint16(bufel->handshake_sequence, &mtu_data[4]);
+
+ /* Chop up and send handshake message into mtu-size pieces. */
+ for (offset = 0; offset <= data_size; offset += mtu) {
+ /* Calculate fragment length */
+ if (offset + mtu > data_size)
+ frag_len = data_size - offset;
+ else
+ frag_len = mtu;
+
+ /* Fragment offset */
+ _gnutls_write_uint24(offset, &mtu_data[6]);
+
+ /* Fragment length */
+ _gnutls_write_uint24(frag_len, &mtu_data[9]);
+
+ memcpy(&mtu_data[DTLS_HANDSHAKE_HEADER_SIZE],
+ data + offset, frag_len);
+
+ _gnutls_dtls_log
+ ("DTLS[%p]: Sending Packet[%u] fragment %s(%d) with "
+ "length: %u, offset: %u, fragment length: %u\n",
+ session, bufel->handshake_sequence,
+ _gnutls_handshake2str(bufel->htype), bufel->htype,
+ data_size, offset, frag_len);
+
+ ret = _gnutls_send_int(session, bufel->type, bufel->htype,
+ bufel->epoch, mtu_data,
+ DTLS_HANDSHAKE_HEADER_SIZE +
+ frag_len, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ break;
+ }
+ }
+
+ return ret;
}
-static int drop_usage_count(gnutls_session_t session, mbuffer_head_st *const send_buffer)
+static int drop_usage_count(gnutls_session_t session,
+ mbuffer_head_st * const send_buffer)
{
- int ret;
- mbuffer_st *cur;
-
- for (cur = send_buffer->head;
- cur != NULL; cur = cur->next)
- {
- ret = _gnutls_epoch_refcount_dec(session, cur->epoch);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
+ int ret;
+ mbuffer_st *cur;
+
+ for (cur = send_buffer->head; cur != NULL; cur = cur->next) {
+ ret = _gnutls_epoch_refcount_dec(session, cur->epoch);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
- return 0;
+ return 0;
}
@@ -159,28 +161,33 @@ static int drop_usage_count(gnutls_session_t session, mbuffer_head_st *const sen
*/
static int is_next_hpacket_expected(gnutls_session_t session)
{
-int ret;
-
- /* htype is arbitrary */
- ret = _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE, GNUTLS_HANDSHAKE_FINISHED, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_parse_record_buffered_msgs(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (session->internals.handshake_recv_buffer_size > 0)
- return 0;
- else
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
+ int ret;
+
+ /* htype is arbitrary */
+ ret =
+ _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE,
+ GNUTLS_HANDSHAKE_FINISHED, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_parse_record_buffered_msgs(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (session->internals.handshake_recv_buffer_size > 0)
+ return 0;
+ else
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
}
void _dtls_reset_hsk_state(gnutls_session_t session)
{
- session->internals.dtls.flight_init = 0;
- drop_usage_count(session, &session->internals.handshake_send_buffer);
- _mbuffer_head_clear(&session->internals.handshake_send_buffer);
+ session->internals.dtls.flight_init = 0;
+ drop_usage_count(session,
+ &session->internals.handshake_send_buffer);
+ _mbuffer_head_clear(&session->internals.handshake_send_buffer);
}
@@ -200,204 +207,205 @@ void _dtls_reset_hsk_state(gnutls_session_t session)
* This function is called from the handshake layer and calls the
* record layer.
*/
-int
-_dtls_transmit (gnutls_session_t session)
+int _dtls_transmit(gnutls_session_t session)
{
-int ret;
-uint8_t* buf = NULL;
-unsigned int timeout;
-
- /* PREPARING -> SENDING state transition */
- mbuffer_head_st *const send_buffer =
- &session->internals.handshake_send_buffer;
- mbuffer_st *cur;
- gnutls_handshake_description_t last_type = 0;
- unsigned int diff;
- struct timespec now;
-
- gettime(&now);
-
- /* If we have already sent a flight and we are operating in a
- * non blocking way, check if it is time to retransmit or just
- * return.
- */
- if (session->internals.dtls.flight_init != 0 && session->internals.dtls.blocking == 0)
- {
- /* just in case previous run was interrupted */
- ret = _gnutls_io_write_flush (session);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if (session->internals.dtls.last_flight == 0 || !_dtls_is_async(session))
- {
- /* check for ACK */
- ret = _gnutls_io_check_recv(session, 0);
- if (ret == GNUTLS_E_TIMEDOUT)
- {
- /* if no retransmission is required yet just return
- */
- if (timespec_sub_ms(&now, &session->internals.dtls.last_retransmit) < TIMER_WINDOW)
- {
- gnutls_assert();
- goto nb_timeout;
- }
- }
- else /* received something */
- {
- if (ret == 0)
- {
- ret = is_next_hpacket_expected(session);
- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
- goto nb_timeout;
- if (ret < 0 && ret != GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
- {
- gnutls_assert();
- goto cleanup;
- }
- if (ret == 0) goto end_flight;
- /* if ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET retransmit */
- }
- else
- goto nb_timeout;
- }
- }
- }
-
- do
- {
- timeout = TIMER_WINDOW;
-
- diff = timespec_sub_ms(&now, &session->internals.dtls.handshake_start_time);
- if (diff >= session->internals.dtls.total_timeout_ms)
- {
- _gnutls_dtls_log("Session timeout: %u ms\n", diff);
- ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- goto end_flight;
- }
-
- diff = timespec_sub_ms(&now, &session->internals.dtls.last_retransmit);
- if (session->internals.dtls.flight_init == 0 || diff >= TIMER_WINDOW)
- {
- _gnutls_dtls_log ("DTLS[%p]: %sStart of flight transmission.\n", session, (session->internals.dtls.flight_init == 0)?"":"re-");
- for (cur = send_buffer->head;
- cur != NULL; cur = cur->next)
- {
- ret = transmit_message (session, cur, &buf);
- if (ret < 0)
- {
- gnutls_assert();
- goto end_flight;
- }
-
- last_type = cur->htype;
- }
- gettime(&session->internals.dtls.last_retransmit);
-
- if (session->internals.dtls.flight_init == 0)
- {
- session->internals.dtls.flight_init = 1;
- RESET_TIMER;
- timeout = TIMER_WINDOW;
-
- if (last_type == GNUTLS_HANDSHAKE_FINISHED)
- {
- /* On the last flight we cannot ensure retransmission
- * from here. _dtls_wait_and_retransmit() is being called
- * by handshake.
- */
- session->internals.dtls.last_flight = 1;
- }
- else
- session->internals.dtls.last_flight = 0;
- }
- else
- {
- UPDATE_TIMER;
- }
- }
-
- ret = _gnutls_io_write_flush (session);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- /* last message in handshake -> no ack */
- if (session->internals.dtls.last_flight != 0)
- {
- /* we don't wait here. We just return 0 and
- * if a retransmission occurs because peer didn't receive it
- * we rely on the record or handshake
- * layer calling this function again.
- */
- ret = 0;
- goto cleanup;
- }
- else /* all other messages -> implicit ack (receive of next flight) */
- {
- if (session->internals.dtls.blocking != 0)
- ret = _gnutls_io_check_recv(session, timeout);
- else
- {
- ret = _gnutls_io_check_recv(session, 0);
- if (ret == GNUTLS_E_TIMEDOUT)
- {
- goto nb_timeout;
- }
- }
-
- if (ret == 0)
- {
- ret = is_next_hpacket_expected(session);
- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
- goto nb_timeout;
-
- if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
- {
- ret = GNUTLS_E_TIMEDOUT;
- goto keep_up;
- }
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- goto end_flight;
- }
- }
-
-keep_up:
- gettime(&now);
- } while(ret == GNUTLS_E_TIMEDOUT);
-
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto end_flight;
- }
-
- ret = 0;
-
-end_flight:
- _gnutls_dtls_log ("DTLS[%p]: End of flight transmission.\n", session);
- _dtls_reset_hsk_state(session);
-
-cleanup:
- if (buf != NULL)
- gnutls_free(buf);
-
- /* SENDING -> WAITING state transition */
- return ret;
-
-nb_timeout:
- if (buf != NULL)
- gnutls_free(buf);
-
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
+ int ret;
+ uint8_t *buf = NULL;
+ unsigned int timeout;
+
+ /* PREPARING -> SENDING state transition */
+ mbuffer_head_st *const send_buffer =
+ &session->internals.handshake_send_buffer;
+ mbuffer_st *cur;
+ gnutls_handshake_description_t last_type = 0;
+ unsigned int diff;
+ struct timespec now;
+
+ gettime(&now);
+
+ /* If we have already sent a flight and we are operating in a
+ * non blocking way, check if it is time to retransmit or just
+ * return.
+ */
+ if (session->internals.dtls.flight_init != 0
+ && session->internals.dtls.blocking == 0) {
+ /* just in case previous run was interrupted */
+ ret = _gnutls_io_write_flush(session);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (session->internals.dtls.last_flight == 0
+ || !_dtls_is_async(session)) {
+ /* check for ACK */
+ ret = _gnutls_io_check_recv(session, 0);
+ if (ret == GNUTLS_E_TIMEDOUT) {
+ /* if no retransmission is required yet just return
+ */
+ if (timespec_sub_ms
+ (&now,
+ &session->internals.dtls.
+ last_retransmit) < TIMER_WINDOW) {
+ gnutls_assert();
+ goto nb_timeout;
+ }
+ } else { /* received something */
+
+ if (ret == 0) {
+ ret =
+ is_next_hpacket_expected
+ (session);
+ if (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED)
+ goto nb_timeout;
+ if (ret < 0
+ && ret !=
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ if (ret == 0)
+ goto end_flight;
+ /* if ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET retransmit */
+ } else
+ goto nb_timeout;
+ }
+ }
+ }
+
+ do {
+ timeout = TIMER_WINDOW;
+
+ diff =
+ timespec_sub_ms(&now,
+ &session->internals.dtls.
+ handshake_start_time);
+ if (diff >= session->internals.dtls.total_timeout_ms) {
+ _gnutls_dtls_log("Session timeout: %u ms\n", diff);
+ ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ goto end_flight;
+ }
+
+ diff =
+ timespec_sub_ms(&now,
+ &session->internals.dtls.
+ last_retransmit);
+ if (session->internals.dtls.flight_init == 0
+ || diff >= TIMER_WINDOW) {
+ _gnutls_dtls_log
+ ("DTLS[%p]: %sStart of flight transmission.\n",
+ session,
+ (session->internals.dtls.flight_init ==
+ 0) ? "" : "re-");
+ for (cur = send_buffer->head; cur != NULL;
+ cur = cur->next) {
+ ret = transmit_message(session, cur, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ goto end_flight;
+ }
+
+ last_type = cur->htype;
+ }
+ gettime(&session->internals.dtls.last_retransmit);
+
+ if (session->internals.dtls.flight_init == 0) {
+ session->internals.dtls.flight_init = 1;
+ RESET_TIMER;
+ timeout = TIMER_WINDOW;
+
+ if (last_type == GNUTLS_HANDSHAKE_FINISHED) {
+ /* On the last flight we cannot ensure retransmission
+ * from here. _dtls_wait_and_retransmit() is being called
+ * by handshake.
+ */
+ session->internals.dtls.
+ last_flight = 1;
+ } else
+ session->internals.dtls.
+ last_flight = 0;
+ } else {
+ UPDATE_TIMER;
+ }
+ }
+
+ ret = _gnutls_io_write_flush(session);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ /* last message in handshake -> no ack */
+ if (session->internals.dtls.last_flight != 0) {
+ /* we don't wait here. We just return 0 and
+ * if a retransmission occurs because peer didn't receive it
+ * we rely on the record or handshake
+ * layer calling this function again.
+ */
+ ret = 0;
+ goto cleanup;
+ } else { /* all other messages -> implicit ack (receive of next flight) */
+
+ if (session->internals.dtls.blocking != 0)
+ ret =
+ _gnutls_io_check_recv(session,
+ timeout);
+ else {
+ ret = _gnutls_io_check_recv(session, 0);
+ if (ret == GNUTLS_E_TIMEDOUT) {
+ goto nb_timeout;
+ }
+ }
+
+ if (ret == 0) {
+ ret = is_next_hpacket_expected(session);
+ if (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED)
+ goto nb_timeout;
+
+ if (ret ==
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) {
+ ret = GNUTLS_E_TIMEDOUT;
+ goto keep_up;
+ }
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ goto end_flight;
+ }
+ }
+
+ keep_up:
+ gettime(&now);
+ } while (ret == GNUTLS_E_TIMEDOUT);
+
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto end_flight;
+ }
+
+ ret = 0;
+
+ end_flight:
+ _gnutls_dtls_log("DTLS[%p]: End of flight transmission.\n",
+ session);
+ _dtls_reset_hsk_state(session);
+
+ cleanup:
+ if (buf != NULL)
+ gnutls_free(buf);
+
+ /* SENDING -> WAITING state transition */
+ return ret;
+
+ nb_timeout:
+ if (buf != NULL)
+ gnutls_free(buf);
+
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
}
/* Waits for the last flight or retransmits
@@ -405,48 +413,45 @@ nb_timeout:
*/
int _dtls_wait_and_retransmit(gnutls_session_t session)
{
-int ret;
-
- if (session->internals.dtls.blocking != 0)
- ret = _gnutls_io_check_recv(session, TIMER_WINDOW);
- else
- ret = _gnutls_io_check_recv(session, 0);
-
- if (ret == GNUTLS_E_TIMEDOUT)
- {
- ret = _dtls_retransmit(session);
- if (ret == 0)
- {
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
- }
- else
- return gnutls_assert_val(ret);
- }
+ int ret;
- RESET_TIMER;
- return 0;
+ if (session->internals.dtls.blocking != 0)
+ ret = _gnutls_io_check_recv(session, TIMER_WINDOW);
+ else
+ ret = _gnutls_io_check_recv(session, 0);
+
+ if (ret == GNUTLS_E_TIMEDOUT) {
+ ret = _dtls_retransmit(session);
+ if (ret == 0) {
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
+ } else
+ return gnutls_assert_val(ret);
+ }
+
+ RESET_TIMER;
+ return 0;
}
#define window_table rp->record_sw
#define window_size rp->record_sw_size
#define window_head_idx rp->record_sw_head_idx
-static void slide_window(struct record_parameters_st * rp, unsigned int places)
+static void slide_window(struct record_parameters_st *rp,
+ unsigned int places)
{
-unsigned int old_head = window_head_idx;
-
- if (places < window_size)
- {
- window_head_idx += places;
- window_head_idx %= DTLS_RECORD_WINDOW_SIZE;
-
- window_table[window_head_idx] = window_table[old_head] + places;
- }
- else
- {
- unsigned int last_idx = (window_head_idx + window_size - 1) % window_size;
- window_table[window_head_idx] = window_table[last_idx];
- }
+ unsigned int old_head = window_head_idx;
+
+ if (places < window_size) {
+ window_head_idx += places;
+ window_head_idx %= DTLS_RECORD_WINDOW_SIZE;
+
+ window_table[window_head_idx] =
+ window_table[old_head] + places;
+ } else {
+ unsigned int last_idx =
+ (window_head_idx + window_size - 1) % window_size;
+ window_table[window_head_idx] = window_table[last_idx];
+ }
}
/* Checks if a sequence number is not replayed. If replayed
@@ -454,83 +459,71 @@ unsigned int old_head = window_head_idx;
*/
int _dtls_record_check(struct record_parameters_st *rp, uint64 * _seq)
{
-uint64_t seq = 0, diff;
-unsigned int i, offset = 0;
-unsigned int last_idx;
-
- for (i=2;i<8;i++)
- {
- seq <<= 8;
- seq |= _seq->i[i] & 0xff;
- }
-
- /* only two values allowed in window_size */
- if (window_size == 0)
- {
- window_size = 1;
- window_head_idx = 0;
- last_idx = window_size - 1;
- window_table[last_idx] = window_table[window_head_idx] = seq;
- return 0;
- }
-
- last_idx = (window_head_idx + window_size - 1) % window_size;
-
- if (seq <= window_table[window_head_idx])
- {
- return -1;
- }
-
- if (seq <= window_table[last_idx])
- {
- /* is between first and last */
- diff = window_table[last_idx] - seq;
-
- if (diff >= window_size)
- {
- return -1;
- }
-
- if (diff > last_idx)
- {
- diff = diff - last_idx;
- offset = window_size - 1 - diff;
- }
- else
- offset = last_idx - diff;
-
- if (window_table[offset] == seq)
- {
- return -1;
- }
- else
- window_table[offset] = seq;
- }
- else /* seq > last */
- {
- diff = seq - window_table[last_idx];
-
- if (window_size + diff <= DTLS_RECORD_WINDOW_SIZE)
- {
- window_size += diff;
- }
- else
- {
- if (window_size < DTLS_RECORD_WINDOW_SIZE)
- {
- offset = DTLS_RECORD_WINDOW_SIZE-window_size;
- window_size = DTLS_RECORD_WINDOW_SIZE;
- diff -= offset;
- }
-
- /* diff > 0 */
- slide_window(rp, diff);
- }
-
- offset = (window_head_idx + window_size - 1) % window_size;
- window_table[offset] = seq;
- }
- return 0;
+ uint64_t seq = 0, diff;
+ unsigned int i, offset = 0;
+ unsigned int last_idx;
+
+ for (i = 2; i < 8; i++) {
+ seq <<= 8;
+ seq |= _seq->i[i] & 0xff;
+ }
+
+ /* only two values allowed in window_size */
+ if (window_size == 0) {
+ window_size = 1;
+ window_head_idx = 0;
+ last_idx = window_size - 1;
+ window_table[last_idx] = window_table[window_head_idx] =
+ seq;
+ return 0;
+ }
+
+ last_idx = (window_head_idx + window_size - 1) % window_size;
+
+ if (seq <= window_table[window_head_idx]) {
+ return -1;
+ }
+
+ if (seq <= window_table[last_idx]) {
+ /* is between first and last */
+ diff = window_table[last_idx] - seq;
+
+ if (diff >= window_size) {
+ return -1;
+ }
+
+ if (diff > last_idx) {
+ diff = diff - last_idx;
+ offset = window_size - 1 - diff;
+ } else
+ offset = last_idx - diff;
+
+ if (window_table[offset] == seq) {
+ return -1;
+ } else
+ window_table[offset] = seq;
+ } else { /* seq > last */
+
+ diff = seq - window_table[last_idx];
+
+ if (window_size + diff <= DTLS_RECORD_WINDOW_SIZE) {
+ window_size += diff;
+ } else {
+ if (window_size < DTLS_RECORD_WINDOW_SIZE) {
+ offset =
+ DTLS_RECORD_WINDOW_SIZE - window_size;
+ window_size = DTLS_RECORD_WINDOW_SIZE;
+ diff -= offset;
+ }
+
+ /* diff > 0 */
+ slide_window(rp, diff);
+ }
+
+ offset = (window_head_idx + window_size - 1) % window_size;
+ window_table[offset] = seq;
+ }
+ return 0;
}
@@ -556,11 +549,12 @@ unsigned int last_idx;
*
* Since: 3.0
**/
-void gnutls_dtls_set_timeouts (gnutls_session_t session, unsigned int retrans_timeout,
- unsigned int total_timeout)
+void gnutls_dtls_set_timeouts(gnutls_session_t session,
+ unsigned int retrans_timeout,
+ unsigned int total_timeout)
{
- session->internals.dtls.retrans_timeout_ms = retrans_timeout;
- session->internals.dtls.total_timeout_ms = total_timeout;
+ session->internals.dtls.retrans_timeout_ms = retrans_timeout;
+ session->internals.dtls.total_timeout_ms = total_timeout;
}
/**
@@ -576,51 +570,48 @@ void gnutls_dtls_set_timeouts (gnutls_session_t session, unsigned int retrans_ti
*
* Since: 3.0
**/
-void gnutls_dtls_set_mtu (gnutls_session_t session, unsigned int mtu)
+void gnutls_dtls_set_mtu(gnutls_session_t session, unsigned int mtu)
{
- session->internals.dtls.mtu = MIN(mtu, DEFAULT_MAX_RECORD_SIZE);
+ session->internals.dtls.mtu = MIN(mtu, DEFAULT_MAX_RECORD_SIZE);
}
-static int record_overhead(const cipher_entry_st* cipher, const mac_entry_st* mac,
- gnutls_compression_method_t comp,
- unsigned new_padding)
+static int record_overhead(const cipher_entry_st * cipher,
+ const mac_entry_st * mac,
+ gnutls_compression_method_t comp,
+ unsigned new_padding)
{
-int total = 0;
-int t, ret;
-
- if (_gnutls_cipher_is_block (cipher) == CIPHER_BLOCK)
- {
- t = _gnutls_cipher_get_implicit_iv_size(cipher);
- total += t;
-
- /* padding */
- t = _gnutls_cipher_get_block_size(cipher);
- if (new_padding == 0)
- total += t;
- }
+ int total = 0;
+ int t, ret;
- if (mac->id == GNUTLS_MAC_AEAD)
- {
- total += AEAD_EXPLICIT_DATA_SIZE;
- total += _gnutls_cipher_get_tag_size(cipher);
- }
- else
- {
- ret = _gnutls_mac_get_algo_len(mac);
- if (unlikely(ret < 0))
- return 0;
+ if (_gnutls_cipher_is_block(cipher) == CIPHER_BLOCK) {
+ t = _gnutls_cipher_get_implicit_iv_size(cipher);
+ total += t;
- total+=ret;
- }
+ /* padding */
+ t = _gnutls_cipher_get_block_size(cipher);
+ if (new_padding == 0)
+ total += t;
+ }
- if (new_padding != 0)
- total += 2;
+ if (mac->id == GNUTLS_MAC_AEAD) {
+ total += AEAD_EXPLICIT_DATA_SIZE;
+ total += _gnutls_cipher_get_tag_size(cipher);
+ } else {
+ ret = _gnutls_mac_get_algo_len(mac);
+ if (unlikely(ret < 0))
+ return 0;
- if (comp != GNUTLS_COMP_NULL)
- total += EXTRA_COMP_SIZE;
+ total += ret;
+ }
- return total;
-}
+ if (new_padding != 0)
+ total += 2;
+
+ if (comp != GNUTLS_COMP_NULL)
+ total += EXTRA_COMP_SIZE;
+
+ return total;
+}
/**
* gnutls_est_record_overhead_size:
@@ -640,14 +631,16 @@ int t, ret;
*
* Since: 3.2.2
**/
-size_t gnutls_est_record_overhead_size (gnutls_protocol_t version, gnutls_cipher_algorithm_t cipher,
- gnutls_mac_algorithm_t mac, gnutls_compression_method_t comp,
- unsigned int flags)
+size_t gnutls_est_record_overhead_size(gnutls_protocol_t version,
+ gnutls_cipher_algorithm_t cipher,
+ gnutls_mac_algorithm_t mac,
+ gnutls_compression_method_t comp,
+ unsigned int flags)
{
-const cipher_entry_st *c;
-const mac_entry_st *m;
-const version_entry_st* v;
-size_t total = 0;
+ const cipher_entry_st *c;
+ const mac_entry_st *m;
+ const version_entry_st *v;
+ size_t total = 0;
c = cipher_to_entry(cipher);
if (c == NULL)
@@ -656,18 +649,18 @@ size_t total = 0;
m = mac_to_entry(mac);
if (m == NULL)
return 0;
-
+
v = version_to_entry(version);
if (v == NULL)
return 0;
-
+
if (v->transport == GNUTLS_STREAM)
total = TLS_RECORD_HEADER_SIZE;
else
total = DTLS_RECORD_HEADER_SIZE;
-
+
total += record_overhead(c, m, comp, 0);
-
+
return total;
}
@@ -682,19 +675,21 @@ size_t total = 0;
*/
static int record_overhead_rt(gnutls_session_t session)
{
-record_parameters_st *params;
-int ret;
+ record_parameters_st *params;
+ int ret;
- if (session->internals.initial_negotiation_completed == 0)
- return GNUTLS_E_INVALID_REQUEST;
+ if (session->internals.initial_negotiation_completed == 0)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &params);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- /* requires padding */
- return record_overhead(params->cipher, params->mac, params->compression_algorithm,
- session->security_parameters.new_record_padding);
+ /* requires padding */
+ return record_overhead(params->cipher, params->mac,
+ params->compression_algorithm,
+ session->security_parameters.
+ new_record_padding);
}
/**
@@ -706,16 +701,16 @@ int ret;
*
* Since: 3.2.2
**/
-size_t gnutls_record_overhead_size (gnutls_session_t session)
+size_t gnutls_record_overhead_size(gnutls_session_t session)
{
-const version_entry_st* v = get_version(session);
-size_t total;
+ const version_entry_st *v = get_version(session);
+ size_t total;
if (v->transport == GNUTLS_STREAM)
total = TLS_RECORD_HEADER_SIZE;
else
total = DTLS_RECORD_HEADER_SIZE;
-
+
total += record_overhead_rt(session);
return total;
@@ -735,18 +730,18 @@ size_t total;
*
* Since: 3.0
**/
-unsigned int gnutls_dtls_get_data_mtu (gnutls_session_t session)
+unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t session)
{
-int mtu = session->internals.dtls.mtu;
-int overhead;
-
- mtu -= RECORD_HEADER_SIZE(session);
+ int mtu = session->internals.dtls.mtu;
+ int overhead;
+
+ mtu -= RECORD_HEADER_SIZE(session);
- overhead = record_overhead_rt(session);
- if (overhead < 0)
- return mtu;
+ overhead = record_overhead_rt(session);
+ if (overhead < 0)
+ return mtu;
- return mtu - overhead;
+ return mtu - overhead;
}
/**
@@ -769,22 +764,22 @@ int overhead;
*
* Since: 3.1
**/
-int gnutls_dtls_set_data_mtu (gnutls_session_t session, unsigned int mtu)
+int gnutls_dtls_set_data_mtu(gnutls_session_t session, unsigned int mtu)
{
- int overhead = record_overhead_rt(session);
+ int overhead = record_overhead_rt(session);
- /* You can't call this until the session is actually running */
- if (overhead < 0)
- return GNUTLS_E_INVALID_SESSION;
+ /* You can't call this until the session is actually running */
+ if (overhead < 0)
+ return GNUTLS_E_INVALID_SESSION;
- /* Add the overhead inside the encrypted part */
- mtu += overhead;
+ /* Add the overhead inside the encrypted part */
+ mtu += overhead;
- /* Add the *unencrypted header size */
- mtu += RECORD_HEADER_SIZE(session);
+ /* Add the *unencrypted header size */
+ mtu += RECORD_HEADER_SIZE(session);
- gnutls_dtls_set_mtu(session, mtu);
- return GNUTLS_E_SUCCESS;
+ gnutls_dtls_set_mtu(session, mtu);
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -800,9 +795,9 @@ int gnutls_dtls_set_data_mtu (gnutls_session_t session, unsigned int mtu)
*
* Since: 3.0
**/
-unsigned int gnutls_dtls_get_mtu (gnutls_session_t session)
+unsigned int gnutls_dtls_get_mtu(gnutls_session_t session)
{
- return session->internals.dtls.mtu;
+ return session->internals.dtls.mtu;
}
/**
@@ -819,18 +814,20 @@ unsigned int gnutls_dtls_get_mtu (gnutls_session_t session)
*
* Since: 3.0
**/
-unsigned int gnutls_dtls_get_timeout (gnutls_session_t session)
+unsigned int gnutls_dtls_get_timeout(gnutls_session_t session)
{
-struct timespec now;
-unsigned int diff;
-
- gettime(&now);
-
- diff = timespec_sub_ms(&now, &session->internals.dtls.last_retransmit);
- if (diff >= TIMER_WINDOW)
- return 0;
- else
- return TIMER_WINDOW - diff;
+ struct timespec now;
+ unsigned int diff;
+
+ gettime(&now);
+
+ diff =
+ timespec_sub_ms(&now,
+ &session->internals.dtls.last_retransmit);
+ if (diff >= TIMER_WINDOW)
+ return 0;
+ else
+ return TIMER_WINDOW - diff;
}
#define COOKIE_SIZE 16
@@ -869,16 +866,18 @@ unsigned int diff;
*
* Since: 3.0
**/
-int gnutls_dtls_cookie_send(gnutls_datum_t* key, void* client_data, size_t client_data_size,
- gnutls_dtls_prestate_st* prestate,
- gnutls_transport_ptr_t ptr, gnutls_push_func push_func)
+int gnutls_dtls_cookie_send(gnutls_datum_t * key, void *client_data,
+ size_t client_data_size,
+ gnutls_dtls_prestate_st * prestate,
+ gnutls_transport_ptr_t ptr,
+ gnutls_push_func push_func)
{
-uint8_t hvr[20+DTLS_HANDSHAKE_HEADER_SIZE+COOKIE_SIZE];
-int hvr_size = 0, ret;
-uint8_t digest[C_HASH_SIZE];
+ uint8_t hvr[20 + DTLS_HANDSHAKE_HEADER_SIZE + COOKIE_SIZE];
+ int hvr_size = 0, ret;
+ uint8_t digest[C_HASH_SIZE];
- if (key == NULL || key->data == NULL || key->size == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (key == NULL || key->data == NULL || key->size == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* send
* struct {
@@ -903,54 +902,57 @@ uint8_t digest[C_HASH_SIZE];
* ProtocolVersion server_version;
* uint8_t cookie<0..32>;
* } HelloVerifyRequest;
- */
-
- hvr[hvr_size++] = GNUTLS_HANDSHAKE;
- /* version */
- hvr[hvr_size++] = 254;
- hvr[hvr_size++] = 255;
-
- /* epoch + seq */
- memset(&hvr[hvr_size], 0, 8);
- hvr_size += 7;
- hvr[hvr_size++] = prestate->record_seq;
-
- /* length */
- _gnutls_write_uint16(DTLS_HANDSHAKE_HEADER_SIZE+COOKIE_SIZE+3, &hvr[hvr_size]);
- hvr_size += 2;
-
- /* now handshake headers */
- hvr[hvr_size++] = GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST;
- _gnutls_write_uint24(COOKIE_SIZE+3, &hvr[hvr_size]);
- hvr_size += 3;
-
- /* handshake seq */
- hvr[hvr_size++] = 0;
- hvr[hvr_size++] = prestate->hsk_write_seq;
-
- _gnutls_write_uint24(0, &hvr[hvr_size]);
- hvr_size += 3;
-
- _gnutls_write_uint24(COOKIE_SIZE+3, &hvr[hvr_size]);
- hvr_size += 3;
-
- /* version */
- hvr[hvr_size++] = 254;
- hvr[hvr_size++] = 255;
- hvr[hvr_size++] = COOKIE_SIZE;
-
- ret = _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- memcpy(&hvr[hvr_size], digest, COOKIE_MAC_SIZE);
- hvr_size+= COOKIE_MAC_SIZE;
-
- ret = push_func(ptr, hvr, hvr_size);
- if (ret < 0)
- ret = GNUTLS_E_PUSH_ERROR;
-
- return ret;
+ */
+
+ hvr[hvr_size++] = GNUTLS_HANDSHAKE;
+ /* version */
+ hvr[hvr_size++] = 254;
+ hvr[hvr_size++] = 255;
+
+ /* epoch + seq */
+ memset(&hvr[hvr_size], 0, 8);
+ hvr_size += 7;
+ hvr[hvr_size++] = prestate->record_seq;
+
+ /* length */
+ _gnutls_write_uint16(DTLS_HANDSHAKE_HEADER_SIZE + COOKIE_SIZE + 3,
+ &hvr[hvr_size]);
+ hvr_size += 2;
+
+ /* now handshake headers */
+ hvr[hvr_size++] = GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST;
+ _gnutls_write_uint24(COOKIE_SIZE + 3, &hvr[hvr_size]);
+ hvr_size += 3;
+
+ /* handshake seq */
+ hvr[hvr_size++] = 0;
+ hvr[hvr_size++] = prestate->hsk_write_seq;
+
+ _gnutls_write_uint24(0, &hvr[hvr_size]);
+ hvr_size += 3;
+
+ _gnutls_write_uint24(COOKIE_SIZE + 3, &hvr[hvr_size]);
+ hvr_size += 3;
+
+ /* version */
+ hvr[hvr_size++] = 254;
+ hvr[hvr_size++] = 255;
+ hvr[hvr_size++] = COOKIE_SIZE;
+
+ ret =
+ _gnutls_mac_fast(C_HASH, key->data, key->size, client_data,
+ client_data_size, digest);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ memcpy(&hvr[hvr_size], digest, COOKIE_MAC_SIZE);
+ hvr_size += COOKIE_MAC_SIZE;
+
+ ret = push_func(ptr, hvr, hvr_size);
+ if (ret < 0)
+ ret = GNUTLS_E_PUSH_ERROR;
+
+ return ret;
}
/**
@@ -973,61 +975,69 @@ uint8_t digest[C_HASH_SIZE];
*
* Since: 3.0
**/
-int gnutls_dtls_cookie_verify(gnutls_datum_t* key,
- void* client_data, size_t client_data_size,
- void* _msg, size_t msg_size, gnutls_dtls_prestate_st* prestate)
+int gnutls_dtls_cookie_verify(gnutls_datum_t * key,
+ void *client_data, size_t client_data_size,
+ void *_msg, size_t msg_size,
+ gnutls_dtls_prestate_st * prestate)
{
-gnutls_datum_t cookie;
-int ret;
-unsigned int pos, sid_size;
-uint8_t * msg = _msg;
-uint8_t digest[C_HASH_SIZE];
-
- if (key == NULL || key->data == NULL || key->size == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* format:
- * version - 2 bytes
- * random - 32 bytes
- * session_id - 1 byte length + content
- * cookie - 1 byte length + content
- */
-
- pos = 34+DTLS_RECORD_HEADER_SIZE+DTLS_HANDSHAKE_HEADER_SIZE;
-
- if (msg_size < pos+1)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- sid_size = msg[pos++];
-
- if (sid_size > 32 || msg_size < pos+sid_size+1)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- pos += sid_size;
- cookie.size = msg[pos++];
-
- if (msg_size < pos+cookie.size+1)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- cookie.data = &msg[pos];
- if (cookie.size != COOKIE_SIZE)
- {
- if (cookie.size > 0) _gnutls_audit_log(NULL, "Received cookie with illegal size %d. Expected %d\n", (int)cookie.size, COOKIE_SIZE);
- return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
- }
-
- ret = _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (memcmp(digest, cookie.data, COOKIE_MAC_SIZE) != 0)
- return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
-
- prestate->record_seq = msg[10]; /* client's record seq */
- prestate->hsk_read_seq = msg[DTLS_RECORD_HEADER_SIZE+5]; /* client's hsk seq */
- prestate->hsk_write_seq = 0;/* we always send zero for this msg */
-
- return 0;
+ gnutls_datum_t cookie;
+ int ret;
+ unsigned int pos, sid_size;
+ uint8_t *msg = _msg;
+ uint8_t digest[C_HASH_SIZE];
+
+ if (key == NULL || key->data == NULL || key->size == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* format:
+ * version - 2 bytes
+ * random - 32 bytes
+ * session_id - 1 byte length + content
+ * cookie - 1 byte length + content
+ */
+
+ pos = 34 + DTLS_RECORD_HEADER_SIZE + DTLS_HANDSHAKE_HEADER_SIZE;
+
+ if (msg_size < pos + 1)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ sid_size = msg[pos++];
+
+ if (sid_size > 32 || msg_size < pos + sid_size + 1)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ pos += sid_size;
+ cookie.size = msg[pos++];
+
+ if (msg_size < pos + cookie.size + 1)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ cookie.data = &msg[pos];
+ if (cookie.size != COOKIE_SIZE) {
+ if (cookie.size > 0)
+ _gnutls_audit_log(NULL,
+ "Received cookie with illegal size %d. Expected %d\n",
+ (int) cookie.size, COOKIE_SIZE);
+ return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
+ }
+
+ ret =
+ _gnutls_mac_fast(C_HASH, key->data, key->size, client_data,
+ client_data_size, digest);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (memcmp(digest, cookie.data, COOKIE_MAC_SIZE) != 0)
+ return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
+
+ prestate->record_seq = msg[10]; /* client's record seq */
+ prestate->hsk_read_seq = msg[DTLS_RECORD_HEADER_SIZE + 5]; /* client's hsk seq */
+ prestate->hsk_write_seq = 0; /* we always send zero for this msg */
+
+ return 0;
}
/**
@@ -1044,25 +1054,27 @@ uint8_t digest[C_HASH_SIZE];
*
* Since: 3.0
**/
-void gnutls_dtls_prestate_set(gnutls_session_t session, gnutls_dtls_prestate_st* prestate)
+void gnutls_dtls_prestate_set(gnutls_session_t session,
+ gnutls_dtls_prestate_st * prestate)
{
- record_parameters_st *params;
- int ret;
+ record_parameters_st *params;
+ int ret;
- if (prestate == NULL)
- return;
+ if (prestate == NULL)
+ return;
- /* we do not care about read_params, since we accept anything
- * the peer sends.
- */
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &params);
- if (ret < 0)
- return;
+ /* we do not care about read_params, since we accept anything
+ * the peer sends.
+ */
+ ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, &params);
+ if (ret < 0)
+ return;
- params->write.sequence_number.i[7] = prestate->record_seq;
+ params->write.sequence_number.i[7] = prestate->record_seq;
- session->internals.dtls.hsk_read_seq = prestate->hsk_read_seq;
- session->internals.dtls.hsk_write_seq = prestate->hsk_write_seq + 1;
+ session->internals.dtls.hsk_read_seq = prestate->hsk_read_seq;
+ session->internals.dtls.hsk_write_seq =
+ prestate->hsk_write_seq + 1;
}
/**
@@ -1076,7 +1088,7 @@ void gnutls_dtls_prestate_set(gnutls_session_t session, gnutls_dtls_prestate_st*
*
* Since: 3.0
**/
-unsigned int gnutls_record_get_discarded (gnutls_session_t session)
+unsigned int gnutls_record_get_discarded(gnutls_session_t session)
{
- return session->internals.dtls.packets_dropped;
+ return session->internals.dtls.packets_dropped;
}
diff --git a/lib/gnutls_dtls.h b/lib/gnutls_dtls.h
index 443c982d38..1f4ca848bb 100644
--- a/lib/gnutls_dtls.h
+++ b/lib/gnutls_dtls.h
@@ -21,7 +21,7 @@
*/
#ifndef DTLS_H
-# define DTLS_H
+#define DTLS_H
#include <config.h>
#include <gnutls_int.h>
@@ -66,27 +66,29 @@ int _dtls_wait_and_retransmit(gnutls_session_t session);
*/
inline static int _dtls_is_async(gnutls_session_t session)
{
- if ((session->security_parameters.entity == GNUTLS_SERVER && session->internals.resumed == RESUME_FALSE) ||
- (session->security_parameters.entity == GNUTLS_CLIENT && session->internals.resumed == RESUME_TRUE))
- return 1;
- else
- return 0;
+ if ((session->security_parameters.entity == GNUTLS_SERVER
+ && session->internals.resumed == RESUME_FALSE)
+ || (session->security_parameters.entity == GNUTLS_CLIENT
+ && session->internals.resumed == RESUME_TRUE))
+ return 1;
+ else
+ return 0;
}
inline static void _dtls_async_timer_init(gnutls_session_t session)
{
- if (_dtls_is_async(session))
- {
- _gnutls_dtls_log ("DTLS[%p]: Initializing timer for handshake state.\n", session);
- session->internals.dtls.async_term = gnutls_time(0) + MAX_DTLS_TIMEOUT/1000;
- }
- else
- {
- _dtls_reset_hsk_state(session);
- _gnutls_handshake_io_buffer_clear (session);
- _gnutls_epoch_gc(session);
- session->internals.dtls.async_term = 0;
- }
+ if (_dtls_is_async(session)) {
+ _gnutls_dtls_log
+ ("DTLS[%p]: Initializing timer for handshake state.\n",
+ session);
+ session->internals.dtls.async_term =
+ gnutls_time(0) + MAX_DTLS_TIMEOUT / 1000;
+ } else {
+ _dtls_reset_hsk_state(session);
+ _gnutls_handshake_io_buffer_clear(session);
+ _gnutls_epoch_gc(session);
+ session->internals.dtls.async_term = 0;
+ }
}
void _dtls_async_timer_delete(gnutls_session_t session);
@@ -95,28 +97,26 @@ void _dtls_async_timer_delete(gnutls_session_t session);
*/
inline static void _dtls_async_timer_check(gnutls_session_t session)
{
- if (!IS_DTLS(session))
- return;
-
- if (session->internals.dtls.async_term != 0)
- {
- time_t now = time(0);
-
- /* check if we need to expire the queued handshake data */
- if (now > session->internals.dtls.async_term)
- {
- _dtls_async_timer_delete(session);
- }
- }
+ if (!IS_DTLS(session))
+ return;
+
+ if (session->internals.dtls.async_term != 0) {
+ time_t now = time(0);
+
+ /* check if we need to expire the queued handshake data */
+ if (now > session->internals.dtls.async_term) {
+ _dtls_async_timer_delete(session);
+ }
+ }
}
/* Returns non-zero if the async timer is active */
inline static int _dtls_async_timer_active(gnutls_session_t session)
{
- if (!IS_DTLS(session))
- return 0;
+ if (!IS_DTLS(session))
+ return 0;
- return session->internals.dtls.async_term;
+ return session->internals.dtls.async_term;
}
/* This function is to be called from record layer once
@@ -126,7 +126,7 @@ inline static int _dtls_async_timer_active(gnutls_session_t session)
*/
inline static int _dtls_retransmit(gnutls_session_t session)
{
- return _dtls_transmit(session);
+ return _dtls_transmit(session);
}
#endif
diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
index da02aecc05..774b5b6d10 100644
--- a/lib/gnutls_ecc.c
+++ b/lib/gnutls_ecc.c
@@ -30,76 +30,79 @@
#include <gnutls_errors.h>
int
-_gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y,
- gnutls_datum_t * out)
+_gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
+ bigint_t y, gnutls_datum_t * out)
{
- int numlen = gnutls_ecc_curve_get_size (curve);
- int byte_size, ret;
- size_t size;
-
- if (numlen == 0)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- out->size = 1 + 2 * numlen;
-
- out->data = gnutls_malloc (out->size);
- if (out->data == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- memset (out->data, 0, out->size);
-
- /* store byte 0x04 */
- out->data[0] = 0x04;
-
- /* pad and store x */
- byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8;
- size = out->size - (1 + (numlen - byte_size));
- ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8;
- size = out->size - (1 + (numlen + numlen - byte_size));
- ret =
- _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- /* pad and store y */
- return 0;
+ int numlen = gnutls_ecc_curve_get_size(curve);
+ int byte_size, ret;
+ size_t size;
+
+ if (numlen == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ out->size = 1 + 2 * numlen;
+
+ out->data = gnutls_malloc(out->size);
+ if (out->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memset(out->data, 0, out->size);
+
+ /* store byte 0x04 */
+ out->data[0] = 0x04;
+
+ /* pad and store x */
+ byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8;
+ size = out->size - (1 + (numlen - byte_size));
+ ret =
+ _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)],
+ &size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8;
+ size = out->size - (1 + (numlen + numlen - byte_size));
+ ret =
+ _gnutls_mpi_print(y,
+ &out->data[1 + numlen + numlen - byte_size],
+ &size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* pad and store y */
+ return 0;
}
int
-_gnutls_ecc_ansi_x963_import (const uint8_t * in,
- unsigned long inlen, bigint_t * x, bigint_t * y)
+_gnutls_ecc_ansi_x963_import(const uint8_t * in,
+ unsigned long inlen, bigint_t * x,
+ bigint_t * y)
{
- int ret;
-
- /* must be odd */
- if ((inlen & 1) == 0)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* check for 4 */
- if (in[0] != 4)
- {
- return gnutls_assert_val (GNUTLS_E_PARSING_ERROR);
- }
-
- /* read data */
- ret = _gnutls_mpi_scan (x, in + 1, (inlen - 1) >> 1);
- if (ret < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- ret = _gnutls_mpi_scan (y, in + 1 + ((inlen - 1) >> 1), (inlen - 1) >> 1);
- if (ret < 0)
- {
- _gnutls_mpi_release (x);
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
- }
-
- return 0;
+ int ret;
+
+ /* must be odd */
+ if ((inlen & 1) == 0) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* check for 4 */
+ if (in[0] != 4) {
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+
+ /* read data */
+ ret = _gnutls_mpi_scan(x, in + 1, (inlen - 1) >> 1);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ _gnutls_mpi_scan(y, in + 1 + ((inlen - 1) >> 1),
+ (inlen - 1) >> 1);
+ if (ret < 0) {
+ _gnutls_mpi_release(x);
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ }
+
+ return 0;
}
-
diff --git a/lib/gnutls_ecc.h b/lib/gnutls_ecc.h
index 10104c743a..a0bd94c19d 100644
--- a/lib/gnutls_ecc.h
+++ b/lib/gnutls_ecc.h
@@ -21,8 +21,10 @@
*/
#ifndef GNUTLS_ECC_H
-# define GNUTLS_ECC_H
+#define GNUTLS_ECC_H
-int _gnutls_ecc_ansi_x963_import(const uint8_t *in, unsigned long inlen, bigint_t* x, bigint_t* y);
-int _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, bigint_t y, gnutls_datum_t * out);
+int _gnutls_ecc_ansi_x963_import(const uint8_t * in, unsigned long inlen,
+ bigint_t * x, bigint_t * y);
+int _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
+ bigint_t y, gnutls_datum_t * out);
#endif
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 8bb6118af1..3c932859fa 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -36,329 +36,367 @@
#define ERROR_ENTRY(desc, name, fatal) \
{ desc, #name, name, fatal}
-struct gnutls_error_entry
-{
- const char *desc;
- const char *_name;
- int number;
- int fatal; /* whether this error is fatal and the session for handshake
- * should be terminated.
- */
+struct gnutls_error_entry {
+ const char *desc;
+ const char *_name;
+ int number;
+ int fatal; /* whether this error is fatal and the session for handshake
+ * should be terminated.
+ */
};
typedef struct gnutls_error_entry gnutls_error_entry;
static const gnutls_error_entry error_algorithms[] = {
- /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
- ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
- ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
- GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
- ERROR_ENTRY (N_("No or insufficient priorities were set."),
- GNUTLS_E_NO_PRIORITIES_WERE_SET, 1),
- ERROR_ENTRY (N_("The cipher type is unsupported."),
- GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
- ERROR_ENTRY (N_("The certificate and the given key do not match."),
- GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
- ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
- GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
- ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
- GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
-
- ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
- GNUTLS_E_UNWANTED_ALGORITHM, 1),
- ERROR_ENTRY (N_("A record packet with illegal version was received."),
- GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
- ERROR_ENTRY (N_
- ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
- GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
- ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
- GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
- ERROR_ENTRY (N_("The TLS connection was non-properly terminated."),
- GNUTLS_E_PREMATURE_TERMINATION, 1),
- ERROR_ENTRY (N_
- ("The specified session has been invalidated for some reason."),
- GNUTLS_E_INVALID_SESSION, 1),
-
- ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
- ERROR_ENTRY (N_("An illegal TLS extension was received."),
- GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
- ERROR_ENTRY (N_("A TLS fatal alert has been received."),
- GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
- ERROR_ENTRY (N_("An unexpected TLS packet was received."),
- GNUTLS_E_UNEXPECTED_PACKET, 1),
- ERROR_ENTRY (N_("A TLS warning alert has been received."),
- GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
- ERROR_ENTRY (N_
- ("An error was encountered at the TLS Finished packet calculation."),
- GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
- ERROR_ENTRY (N_("No certificate was found."),
- GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
- ERROR_ENTRY (N_("The given DSA key is incompatible with the selected TLS protocol."),
- GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL, 1),
- ERROR_ENTRY (N_("A heartbeat pong message was received."),
- GNUTLS_E_HEARTBEAT_PONG_RECEIVED, 0),
- ERROR_ENTRY (N_("A heartbeat ping message was received."),
- GNUTLS_E_HEARTBEAT_PING_RECEIVED, 0),
- ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
- GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
-
- ERROR_ENTRY (N_("No temporary RSA parameters were found."),
- GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
- ERROR_ENTRY (N_("No temporary DH parameters were found."),
- GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
- ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
- GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
- ERROR_ENTRY (N_("The scanning of a large integer has failed."),
- GNUTLS_E_MPI_SCAN_FAILED, 1),
- ERROR_ENTRY (N_("Could not export a large integer."),
- GNUTLS_E_MPI_PRINT_FAILED, 1),
- ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
- ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
- ERROR_ENTRY (N_("Public key decryption has failed."),
- GNUTLS_E_PK_DECRYPTION_FAILED, 1),
- ERROR_ENTRY (N_("Public key encryption has failed."),
- GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
- ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
- 1),
- ERROR_ENTRY (N_("Public key signature verification has failed."),
- GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
- ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
- GNUTLS_E_DECOMPRESSION_FAILED, 1),
- ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
- GNUTLS_E_COMPRESSION_FAILED, 1),
-
- ERROR_ENTRY (N_("Internal error in memory allocation."),
- GNUTLS_E_MEMORY_ERROR, 1),
- ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
- GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
- ERROR_ENTRY (N_("Insufficient credentials for that request."),
- GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
- ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
- ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
- 1),
- ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
- ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
- ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
- 1),
- ERROR_ENTRY (N_("Base64 unexpected header error."),
- GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
- 1),
- ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
- 1),
- ERROR_ENTRY (N_("Parsing error in password file."),
- GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
- ERROR_ENTRY (N_("The requested data were not available."),
- GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1),
- ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
- ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
- ERROR_ENTRY (N_
- ("The upper limit of record packet sequence numbers has been reached. Wow!"),
- GNUTLS_E_RECORD_LIMIT_REACHED, 1),
- ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
- 1),
- ERROR_ENTRY (N_("Could not authenticate peer."), GNUTLS_E_AUTH_ERROR,
- 1),
- ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
- GNUTLS_E_X509_UNKNOWN_SAN, 1),
-
- ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
- GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
- ERROR_ENTRY (N_("Unsupported extension in X.509 certificate."),
- GNUTLS_E_X509_UNSUPPORTED_EXTENSION, 1),
- ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
- GNUTLS_E_KEY_USAGE_VIOLATION, 1),
- ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
- GNUTLS_E_AGAIN, 0),
- ERROR_ENTRY (N_("The transmitted packet is too large (EMSGSIZE)."),
- GNUTLS_E_LARGE_PACKET, 0),
- ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
- ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
- GNUTLS_E_REHANDSHAKE, 0),
- ERROR_ENTRY (N_
- ("TLS Application data were received, while expecting handshake data."),
- GNUTLS_E_GOT_APPLICATION_DATA, 1),
- ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
- ERROR_ENTRY (N_("The certificate type is not supported."),
- GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
- ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
- GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
- ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
- ERROR_ENTRY (N_("The cookie was bad."), GNUTLS_E_BAD_COOKIE, 1),
- ERROR_ENTRY (N_("An illegal parameter has been received."),
- GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
- ERROR_ENTRY (N_("An illegal parameter was found."),
- GNUTLS_E_ILLEGAL_PARAMETER, 1),
- ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
-
- ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
- GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
- ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
- GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
- ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
- GNUTLS_E_ASN1_DER_ERROR, 1),
- ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
- GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
- ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
- GNUTLS_E_ASN1_GENERIC_ERROR, 1),
- ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
- GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
- ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
- ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
- GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
- ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
- GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
- ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
- 1),
- ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
- GNUTLS_E_ASN1_DER_OVERFLOW, 1),
-
- ERROR_ENTRY (N_("Too many empty record packets have been received."),
- GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
- ERROR_ENTRY (N_("Too many handshake packets have been received."),
- GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS, 1),
- ERROR_ENTRY (N_("The crypto library version is too old."),
- GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
-
- ERROR_ENTRY (N_("The tasn1 library version is too old."),
- GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
- ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
- GNUTLS_E_OPENPGP_UID_REVOKED, 1),
- ERROR_ENTRY (N_("The OpenPGP key has not a preferred key set."),
- GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR, 1),
- ERROR_ENTRY (N_("Error loading the keyring."),
- GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
- ERROR_ENTRY (N_("The initialization of crypto backend has failed."),
- GNUTLS_E_CRYPTO_INIT_FAILED, 1),
- ERROR_ENTRY (N_("No supported compression algorithms have been found."),
- GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
- ERROR_ENTRY (N_("No supported cipher suites have been found."),
- GNUTLS_E_NO_CIPHER_SUITES, 1),
- ERROR_ENTRY (N_("Could not get OpenPGP key."),
- GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
- ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
- GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
- ERROR_ENTRY (N_("Safe renegotiation failed."),
- GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
- ERROR_ENTRY (N_("Unsafe renegotiation denied."),
- GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
-
- ERROR_ENTRY (N_("The SRP username supplied is illegal."),
- GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
- ERROR_ENTRY (N_("The SRP username supplied is unknown."),
- GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
-
- ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
- GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
- ERROR_ENTRY (N_("The signature algorithm is not supported."),
- GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
- ERROR_ENTRY (N_("The certificate has unsupported attributes."),
- GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
- ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
- 1),
- ERROR_ENTRY (N_("The hash algorithm is unknown."),
- GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
- ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
- GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
- ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
- GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
- ERROR_ENTRY (N_("The given password contains invalid characters."),
- GNUTLS_E_INVALID_PASSWORD, 1),
- ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
- GNUTLS_E_MAC_VERIFY_FAILED, 1),
- ERROR_ENTRY (N_("Some constraint limits were reached."),
- GNUTLS_E_CONSTRAINT_ERROR, 1),
- ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
- 1),
-
- ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
- GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
- ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
- GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
- ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
- GNUTLS_E_IA_VERIFY_FAILED, 1),
-
- ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
- GNUTLS_E_UNKNOWN_ALGORITHM, 1),
-
- ERROR_ENTRY (N_("The handshake data size is too large."),
- GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
-
- ERROR_ENTRY (N_("Error opening /dev/crypto"),
- GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
-
- ERROR_ENTRY (N_("Error interfacing with /dev/crypto"),
- GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
- ERROR_ENTRY (N_("Peer has terminated the connection"),
- GNUTLS_E_SESSION_EOF, 1),
- ERROR_ENTRY (N_("Channel binding data not available"),
- GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1),
-
- ERROR_ENTRY (N_("TPM error."),
- GNUTLS_E_TPM_ERROR, 1),
- ERROR_ENTRY (N_("TPM is not initialized."),
- GNUTLS_E_TPM_UNINITIALIZED, 1),
- ERROR_ENTRY (N_("TPM key was not found in persistent storage."),
- GNUTLS_E_TPM_KEY_NOT_FOUND, 1),
- ERROR_ENTRY (N_("Cannot initialize a session with the TPM."),
- GNUTLS_E_TPM_SESSION_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error."),
- GNUTLS_E_PKCS11_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 initialization error."),
- GNUTLS_E_PKCS11_LOAD_ERROR, 1),
- ERROR_ENTRY (N_("Error in parsing."),
- GNUTLS_E_PARSING_ERROR, 1),
- ERROR_ENTRY (N_("Error in provided PIN."),
- GNUTLS_E_PKCS11_PIN_ERROR, 1),
- ERROR_ENTRY (N_("Error in provided SRK password for TPM."),
- GNUTLS_E_TPM_SRK_PASSWORD_ERROR, 1),
- ERROR_ENTRY (N_("Error in provided password for key to be loaded in TPM."),
- GNUTLS_E_TPM_KEY_PASSWORD_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in slot"),
- GNUTLS_E_PKCS11_SLOT_ERROR, 1),
- ERROR_ENTRY (N_("Thread locking error"),
- GNUTLS_E_LOCKING_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in attribute"),
- GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in device"),
- GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in data"),
- GNUTLS_E_PKCS11_DATA_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 unsupported feature"),
- GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in key"),
- GNUTLS_E_PKCS11_KEY_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 PIN expired"),
- GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
- ERROR_ENTRY (N_("PKCS #11 PIN locked"),
- GNUTLS_E_PKCS11_PIN_LOCKED, 1),
- ERROR_ENTRY (N_("PKCS #11 error in session"),
- GNUTLS_E_PKCS11_SESSION_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in signature"),
- GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in token"),
- GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 user error"),
- GNUTLS_E_PKCS11_USER_ERROR, 1),
- ERROR_ENTRY (N_("The operation timed out"),
- GNUTLS_E_TIMEDOUT, 1),
- ERROR_ENTRY (N_("The operation was cancelled due to user error"),
- GNUTLS_E_USER_ERROR, 1),
- ERROR_ENTRY (N_("No supported ECC curves were found"),
- GNUTLS_E_ECC_NO_SUPPORTED_CURVES, 1),
- ERROR_ENTRY (N_("The curve is unsupported"),
- GNUTLS_E_ECC_UNSUPPORTED_CURVE, 1),
- ERROR_ENTRY (N_("The requested PKCS #11 object is not available"),
- GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE, 1),
- ERROR_ENTRY (N_("The provided X.509 certificate list is not sorted (in subject to issuer order)"),
- GNUTLS_E_CERTIFICATE_LIST_UNSORTED, 1),
- ERROR_ENTRY (N_("The OCSP response is invalid"),
- GNUTLS_E_OCSP_RESPONSE_ERROR, 1),
- ERROR_ENTRY (N_("There is no certificate status (OCSP)."),
- GNUTLS_E_NO_CERTIFICATE_STATUS, 1),
- ERROR_ENTRY (N_("Error in the system's randomness device."),
- GNUTLS_E_RANDOM_DEVICE_ERROR, 1),
- ERROR_ENTRY (N_("No common application protocol could be negotiated."),
- GNUTLS_E_NO_APPLICATION_PROTOCOL, 1),
- {NULL, NULL, 0, 0}
+ /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
+ ERROR_ENTRY(N_("Success."), GNUTLS_E_SUCCESS, 0),
+ ERROR_ENTRY(N_("Could not negotiate a supported cipher suite."),
+ GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
+ ERROR_ENTRY(N_("No or insufficient priorities were set."),
+ GNUTLS_E_NO_PRIORITIES_WERE_SET, 1),
+ ERROR_ENTRY(N_("The cipher type is unsupported."),
+ GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
+ ERROR_ENTRY(N_("The certificate and the given key do not match."),
+ GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
+ ERROR_ENTRY(N_
+ ("Could not negotiate a supported compression method."),
+ GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
+ ERROR_ENTRY(N_("An unknown public key algorithm was encountered."),
+ GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
+
+ ERROR_ENTRY(N_("An algorithm that is not enabled was negotiated."),
+ GNUTLS_E_UNWANTED_ALGORITHM, 1),
+ ERROR_ENTRY(N_
+ ("A record packet with illegal version was received."),
+ GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
+ ERROR_ENTRY(N_
+ ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
+ GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
+ ERROR_ENTRY(N_
+ ("A TLS packet with unexpected length was received."),
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
+ ERROR_ENTRY(N_("The TLS connection was non-properly terminated."),
+ GNUTLS_E_PREMATURE_TERMINATION, 1),
+ ERROR_ENTRY(N_
+ ("The specified session has been invalidated for some reason."),
+ GNUTLS_E_INVALID_SESSION, 1),
+
+ ERROR_ENTRY(N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR,
+ 1),
+ ERROR_ENTRY(N_("An illegal TLS extension was received."),
+ GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
+ ERROR_ENTRY(N_("A TLS fatal alert has been received."),
+ GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
+ ERROR_ENTRY(N_("An unexpected TLS packet was received."),
+ GNUTLS_E_UNEXPECTED_PACKET, 1),
+ ERROR_ENTRY(N_("A TLS warning alert has been received."),
+ GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
+ ERROR_ENTRY(N_
+ ("An error was encountered at the TLS Finished packet calculation."),
+ GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
+ ERROR_ENTRY(N_("No certificate was found."),
+ GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
+ ERROR_ENTRY(N_
+ ("The given DSA key is incompatible with the selected TLS protocol."),
+ GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL, 1),
+ ERROR_ENTRY(N_("A heartbeat pong message was received."),
+ GNUTLS_E_HEARTBEAT_PONG_RECEIVED, 0),
+ ERROR_ENTRY(N_("A heartbeat ping message was received."),
+ GNUTLS_E_HEARTBEAT_PING_RECEIVED, 0),
+ ERROR_ENTRY(N_
+ ("There is already a crypto algorithm with lower priority."),
+ GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
+
+ ERROR_ENTRY(N_("No temporary RSA parameters were found."),
+ GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
+ ERROR_ENTRY(N_("No temporary DH parameters were found."),
+ GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
+ ERROR_ENTRY(N_("An unexpected TLS handshake packet was received."),
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
+ ERROR_ENTRY(N_("The scanning of a large integer has failed."),
+ GNUTLS_E_MPI_SCAN_FAILED, 1),
+ ERROR_ENTRY(N_("Could not export a large integer."),
+ GNUTLS_E_MPI_PRINT_FAILED, 1),
+ ERROR_ENTRY(N_("Decryption has failed."),
+ GNUTLS_E_DECRYPTION_FAILED, 1),
+ ERROR_ENTRY(N_("Encryption has failed."),
+ GNUTLS_E_ENCRYPTION_FAILED, 1),
+ ERROR_ENTRY(N_("Public key decryption has failed."),
+ GNUTLS_E_PK_DECRYPTION_FAILED, 1),
+ ERROR_ENTRY(N_("Public key encryption has failed."),
+ GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
+ ERROR_ENTRY(N_("Public key signing has failed."),
+ GNUTLS_E_PK_SIGN_FAILED,
+ 1),
+ ERROR_ENTRY(N_("Public key signature verification has failed."),
+ GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
+ ERROR_ENTRY(N_
+ ("Decompression of the TLS record packet has failed."),
+ GNUTLS_E_DECOMPRESSION_FAILED, 1),
+ ERROR_ENTRY(N_("Compression of the TLS record packet has failed."),
+ GNUTLS_E_COMPRESSION_FAILED, 1),
+
+ ERROR_ENTRY(N_("Internal error in memory allocation."),
+ GNUTLS_E_MEMORY_ERROR, 1),
+ ERROR_ENTRY(N_
+ ("An unimplemented or disabled feature has been requested."),
+ GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
+ ERROR_ENTRY(N_("Insufficient credentials for that request."),
+ GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
+ ERROR_ENTRY(N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Wrong padding in PKCS1 packet."),
+ GNUTLS_E_PKCS1_WRONG_PAD,
+ 1),
+ ERROR_ENTRY(N_("The requested session has expired."),
+ GNUTLS_E_EXPIRED, 1),
+ ERROR_ENTRY(N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
+ ERROR_ENTRY(N_("Base64 decoding error."),
+ GNUTLS_E_BASE64_DECODING_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Base64 unexpected header error."),
+ GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Base64 encoding error."),
+ GNUTLS_E_BASE64_ENCODING_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Parsing error in password file."),
+ GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
+ ERROR_ENTRY(N_("The requested data were not available."),
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1),
+ ERROR_ENTRY(N_("Error in the pull function."), GNUTLS_E_PULL_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Error in the push function."), GNUTLS_E_PUSH_ERROR,
+ 1),
+ ERROR_ENTRY(N_
+ ("The upper limit of record packet sequence numbers has been reached. Wow!"),
+ GNUTLS_E_RECORD_LIMIT_REACHED, 1),
+ ERROR_ENTRY(N_("Error in the certificate."),
+ GNUTLS_E_CERTIFICATE_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Could not authenticate peer."),
+ GNUTLS_E_AUTH_ERROR,
+ 1),
+ ERROR_ENTRY(N_
+ ("Unknown Subject Alternative name in X.509 certificate."),
+ GNUTLS_E_X509_UNKNOWN_SAN, 1),
+
+ ERROR_ENTRY(N_
+ ("Unsupported critical extension in X.509 certificate."),
+ GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
+ ERROR_ENTRY(N_("Unsupported extension in X.509 certificate."),
+ GNUTLS_E_X509_UNSUPPORTED_EXTENSION, 1),
+ ERROR_ENTRY(N_
+ ("Key usage violation in certificate has been detected."),
+ GNUTLS_E_KEY_USAGE_VIOLATION, 1),
+ ERROR_ENTRY(N_("Resource temporarily unavailable, try again."),
+ GNUTLS_E_AGAIN, 0),
+ ERROR_ENTRY(N_("The transmitted packet is too large (EMSGSIZE)."),
+ GNUTLS_E_LARGE_PACKET, 0),
+ ERROR_ENTRY(N_("Function was interrupted."), GNUTLS_E_INTERRUPTED,
+ 0),
+ ERROR_ENTRY(N_("Rehandshake was requested by the peer."),
+ GNUTLS_E_REHANDSHAKE, 0),
+ ERROR_ENTRY(N_
+ ("TLS Application data were received, while expecting handshake data."),
+ GNUTLS_E_GOT_APPLICATION_DATA, 1),
+ ERROR_ENTRY(N_("Error in Database backend."), GNUTLS_E_DB_ERROR,
+ 1),
+ ERROR_ENTRY(N_("The certificate type is not supported."),
+ GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
+ ERROR_ENTRY(N_
+ ("The given memory buffer is too short to hold parameters."),
+ GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
+ ERROR_ENTRY(N_("The request is invalid."),
+ GNUTLS_E_INVALID_REQUEST, 1),
+ ERROR_ENTRY(N_("The cookie was bad."), GNUTLS_E_BAD_COOKIE, 1),
+ ERROR_ENTRY(N_("An illegal parameter has been received."),
+ GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
+ ERROR_ENTRY(N_("An illegal parameter was found."),
+ GNUTLS_E_ILLEGAL_PARAMETER, 1),
+ ERROR_ENTRY(N_("Error while reading file."), GNUTLS_E_FILE_ERROR,
+ 1),
+
+ ERROR_ENTRY(N_("ASN1 parser: Element was not found."),
+ GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Identifier was not found"),
+ GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Error in DER parsing."),
+ GNUTLS_E_ASN1_DER_ERROR, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Value was not found."),
+ GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Generic parsing error."),
+ GNUTLS_E_ASN1_GENERIC_ERROR, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Value is not valid."),
+ GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Error in TAG."),
+ GNUTLS_E_ASN1_TAG_ERROR, 1),
+ ERROR_ENTRY(N_("ASN1 parser: error in implicit tag"),
+ GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Error in type 'ANY'."),
+ GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Syntax error."),
+ GNUTLS_E_ASN1_SYNTAX_ERROR,
+ 1),
+ ERROR_ENTRY(N_("ASN1 parser: Overflow in DER parsing."),
+ GNUTLS_E_ASN1_DER_OVERFLOW, 1),
+
+ ERROR_ENTRY(N_
+ ("Too many empty record packets have been received."),
+ GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
+ ERROR_ENTRY(N_("Too many handshake packets have been received."),
+ GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS, 1),
+ ERROR_ENTRY(N_("The crypto library version is too old."),
+ GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
+
+ ERROR_ENTRY(N_("The tasn1 library version is too old."),
+ GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
+ ERROR_ENTRY(N_("The OpenPGP User ID is revoked."),
+ GNUTLS_E_OPENPGP_UID_REVOKED, 1),
+ ERROR_ENTRY(N_("The OpenPGP key has not a preferred key set."),
+ GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR, 1),
+ ERROR_ENTRY(N_("Error loading the keyring."),
+ GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
+ ERROR_ENTRY(N_("The initialization of crypto backend has failed."),
+ GNUTLS_E_CRYPTO_INIT_FAILED, 1),
+ ERROR_ENTRY(N_
+ ("No supported compression algorithms have been found."),
+ GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
+ ERROR_ENTRY(N_("No supported cipher suites have been found."),
+ GNUTLS_E_NO_CIPHER_SUITES, 1),
+ ERROR_ENTRY(N_("Could not get OpenPGP key."),
+ GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
+ ERROR_ENTRY(N_("Could not find OpenPGP subkey."),
+ GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
+ ERROR_ENTRY(N_("Safe renegotiation failed."),
+ GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
+ ERROR_ENTRY(N_("Unsafe renegotiation denied."),
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
+
+ ERROR_ENTRY(N_("The SRP username supplied is illegal."),
+ GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
+ ERROR_ENTRY(N_("The SRP username supplied is unknown."),
+ GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
+
+ ERROR_ENTRY(N_("The OpenPGP fingerprint is not supported."),
+ GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
+ ERROR_ENTRY(N_("The signature algorithm is not supported."),
+ GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
+ ERROR_ENTRY(N_("The certificate has unsupported attributes."),
+ GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
+ ERROR_ENTRY(N_("The OID is not supported."),
+ GNUTLS_E_X509_UNSUPPORTED_OID,
+ 1),
+ ERROR_ENTRY(N_("The hash algorithm is unknown."),
+ GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
+ ERROR_ENTRY(N_("The PKCS structure's content type is unknown."),
+ GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
+ ERROR_ENTRY(N_("The PKCS structure's bag type is unknown."),
+ GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
+ ERROR_ENTRY(N_("The given password contains invalid characters."),
+ GNUTLS_E_INVALID_PASSWORD, 1),
+ ERROR_ENTRY(N_
+ ("The Message Authentication Code verification failed."),
+ GNUTLS_E_MAC_VERIFY_FAILED, 1),
+ ERROR_ENTRY(N_("Some constraint limits were reached."),
+ GNUTLS_E_CONSTRAINT_ERROR, 1),
+ ERROR_ENTRY(N_("Failed to acquire random data."),
+ GNUTLS_E_RANDOM_FAILED,
+ 1),
+
+ ERROR_ENTRY(N_
+ ("Received a TLS/IA Intermediate Phase Finished message"),
+ GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
+ ERROR_ENTRY(N_("Received a TLS/IA Final Phase Finished message"),
+ GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
+ ERROR_ENTRY(N_("Verifying TLS/IA phase checksum failed"),
+ GNUTLS_E_IA_VERIFY_FAILED, 1),
+
+ ERROR_ENTRY(N_("The specified algorithm or protocol is unknown."),
+ GNUTLS_E_UNKNOWN_ALGORITHM, 1),
+
+ ERROR_ENTRY(N_("The handshake data size is too large."),
+ GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
+
+ ERROR_ENTRY(N_("Error opening /dev/crypto"),
+ GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
+
+ ERROR_ENTRY(N_("Error interfacing with /dev/crypto"),
+ GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
+ ERROR_ENTRY(N_("Peer has terminated the connection"),
+ GNUTLS_E_SESSION_EOF, 1),
+ ERROR_ENTRY(N_("Channel binding data not available"),
+ GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1),
+
+ ERROR_ENTRY(N_("TPM error."),
+ GNUTLS_E_TPM_ERROR, 1),
+ ERROR_ENTRY(N_("TPM is not initialized."),
+ GNUTLS_E_TPM_UNINITIALIZED, 1),
+ ERROR_ENTRY(N_("TPM key was not found in persistent storage."),
+ GNUTLS_E_TPM_KEY_NOT_FOUND, 1),
+ ERROR_ENTRY(N_("Cannot initialize a session with the TPM."),
+ GNUTLS_E_TPM_SESSION_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error."),
+ GNUTLS_E_PKCS11_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 initialization error."),
+ GNUTLS_E_PKCS11_LOAD_ERROR, 1),
+ ERROR_ENTRY(N_("Error in parsing."),
+ GNUTLS_E_PARSING_ERROR, 1),
+ ERROR_ENTRY(N_("Error in provided PIN."),
+ GNUTLS_E_PKCS11_PIN_ERROR, 1),
+ ERROR_ENTRY(N_("Error in provided SRK password for TPM."),
+ GNUTLS_E_TPM_SRK_PASSWORD_ERROR, 1),
+ ERROR_ENTRY(N_
+ ("Error in provided password for key to be loaded in TPM."),
+ GNUTLS_E_TPM_KEY_PASSWORD_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in slot"),
+ GNUTLS_E_PKCS11_SLOT_ERROR, 1),
+ ERROR_ENTRY(N_("Thread locking error"),
+ GNUTLS_E_LOCKING_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in attribute"),
+ GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in device"),
+ GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in data"),
+ GNUTLS_E_PKCS11_DATA_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 unsupported feature"),
+ GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in key"),
+ GNUTLS_E_PKCS11_KEY_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 PIN expired"),
+ GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
+ ERROR_ENTRY(N_("PKCS #11 PIN locked"),
+ GNUTLS_E_PKCS11_PIN_LOCKED, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in session"),
+ GNUTLS_E_PKCS11_SESSION_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in signature"),
+ GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in token"),
+ GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 user error"),
+ GNUTLS_E_PKCS11_USER_ERROR, 1),
+ ERROR_ENTRY(N_("The operation timed out"),
+ GNUTLS_E_TIMEDOUT, 1),
+ ERROR_ENTRY(N_("The operation was cancelled due to user error"),
+ GNUTLS_E_USER_ERROR, 1),
+ ERROR_ENTRY(N_("No supported ECC curves were found"),
+ GNUTLS_E_ECC_NO_SUPPORTED_CURVES, 1),
+ ERROR_ENTRY(N_("The curve is unsupported"),
+ GNUTLS_E_ECC_UNSUPPORTED_CURVE, 1),
+ ERROR_ENTRY(N_("The requested PKCS #11 object is not available"),
+ GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE, 1),
+ ERROR_ENTRY(N_
+ ("The provided X.509 certificate list is not sorted (in subject to issuer order)"),
+ GNUTLS_E_CERTIFICATE_LIST_UNSORTED, 1),
+ ERROR_ENTRY(N_("The OCSP response is invalid"),
+ GNUTLS_E_OCSP_RESPONSE_ERROR, 1),
+ ERROR_ENTRY(N_("There is no certificate status (OCSP)."),
+ GNUTLS_E_NO_CERTIFICATE_STATUS, 1),
+ ERROR_ENTRY(N_("Error in the system's randomness device."),
+ GNUTLS_E_RANDOM_DEVICE_ERROR, 1),
+ ERROR_ENTRY(N_
+ ("No common application protocol could be negotiated."),
+ GNUTLS_E_NO_APPLICATION_PROTOCOL, 1),
+ {NULL, NULL, 0, 0}
};
/**
@@ -380,27 +418,24 @@ static const gnutls_error_entry error_algorithms[] = {
* Returns: zero on non fatal errors or positive @error values. Non-zero
* on fatal error codes.
**/
-int
-gnutls_error_is_fatal (int error)
+int gnutls_error_is_fatal(int error)
{
- int ret = 1;
- const gnutls_error_entry *p;
-
- /* Input sanitzation. Positive values are not errors at all, and
- definitely not fatal. */
- if (error > 0)
- return 0;
-
- for (p = error_algorithms; p->desc != NULL; p++)
- {
- if (p->number == error)
- {
- ret = p->fatal;
- break;
- }
- }
-
- return ret;
+ int ret = 1;
+ const gnutls_error_entry *p;
+
+ /* Input sanitzation. Positive values are not errors at all, and
+ definitely not fatal. */
+ if (error > 0)
+ return 0;
+
+ for (p = error_algorithms; p->desc != NULL; p++) {
+ if (p->number == error) {
+ ret = p->fatal;
+ break;
+ }
+ }
+
+ return ret;
}
/**
@@ -410,10 +445,9 @@ gnutls_error_is_fatal (int error)
* This function is like perror(). The only difference is that it
* accepts an error number returned by a gnutls function.
**/
-void
-gnutls_perror (int error)
+void gnutls_perror(int error)
{
- fprintf (stderr, "GnuTLS error: %s\n", gnutls_strerror (error));
+ fprintf(stderr, "GnuTLS error: %s\n", gnutls_strerror(error));
}
@@ -429,26 +463,23 @@ gnutls_perror (int error)
*
* Returns: A string explaining the GnuTLS error message.
**/
-const char *
-gnutls_strerror (int error)
+const char *gnutls_strerror(int error)
{
- const char *ret = NULL;
- const gnutls_error_entry *p;
-
- for (p = error_algorithms; p->desc != NULL; p++)
- {
- if (p->number == error)
- {
- ret = p->desc;
- break;
- }
- }
-
- /* avoid prefix */
- if (ret == NULL)
- return _("(unknown error code)");
-
- return _(ret);
+ const char *ret = NULL;
+ const gnutls_error_entry *p;
+
+ for (p = error_algorithms; p->desc != NULL; p++) {
+ if (p->number == error) {
+ ret = p->desc;
+ break;
+ }
+ }
+
+ /* avoid prefix */
+ if (ret == NULL)
+ return _("(unknown error code)");
+
+ return _(ret);
}
/**
@@ -464,173 +495,162 @@ gnutls_strerror (int error)
*
* Since: 2.6.0
**/
-const char *
-gnutls_strerror_name (int error)
+const char *gnutls_strerror_name(int error)
{
- const char *ret = NULL;
- const gnutls_error_entry *p;
-
- for (p = error_algorithms; p->desc != NULL; p++)
- {
- if (p->number == error)
- {
- ret = p->_name;
- break;
- }
- }
-
- return ret;
+ const char *ret = NULL;
+ const gnutls_error_entry *p;
+
+ for (p = error_algorithms; p->desc != NULL; p++) {
+ if (p->number == error) {
+ ret = p->_name;
+ break;
+ }
+ }
+
+ return ret;
}
-int
-_gnutls_asn2err (int asn_err)
+int _gnutls_asn2err(int asn_err)
{
- switch (asn_err)
- {
- case ASN1_FILE_NOT_FOUND:
- return GNUTLS_E_FILE_ERROR;
- case ASN1_ELEMENT_NOT_FOUND:
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- case ASN1_IDENTIFIER_NOT_FOUND:
- return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
- case ASN1_DER_ERROR:
- return GNUTLS_E_ASN1_DER_ERROR;
- case ASN1_VALUE_NOT_FOUND:
- return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
- case ASN1_GENERIC_ERROR:
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- case ASN1_VALUE_NOT_VALID:
- return GNUTLS_E_ASN1_VALUE_NOT_VALID;
- case ASN1_TAG_ERROR:
- return GNUTLS_E_ASN1_TAG_ERROR;
- case ASN1_TAG_IMPLICIT:
- return GNUTLS_E_ASN1_TAG_IMPLICIT;
- case ASN1_ERROR_TYPE_ANY:
- return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
- case ASN1_SYNTAX_ERROR:
- return GNUTLS_E_ASN1_SYNTAX_ERROR;
- case ASN1_MEM_ERROR:
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- case ASN1_MEM_ALLOC_ERROR:
- return GNUTLS_E_MEMORY_ERROR;
- case ASN1_DER_OVERFLOW:
- return GNUTLS_E_ASN1_DER_OVERFLOW;
- default:
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
+ switch (asn_err) {
+ case ASN1_FILE_NOT_FOUND:
+ return GNUTLS_E_FILE_ERROR;
+ case ASN1_ELEMENT_NOT_FOUND:
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ case ASN1_IDENTIFIER_NOT_FOUND:
+ return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
+ case ASN1_DER_ERROR:
+ return GNUTLS_E_ASN1_DER_ERROR;
+ case ASN1_VALUE_NOT_FOUND:
+ return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
+ case ASN1_GENERIC_ERROR:
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ case ASN1_VALUE_NOT_VALID:
+ return GNUTLS_E_ASN1_VALUE_NOT_VALID;
+ case ASN1_TAG_ERROR:
+ return GNUTLS_E_ASN1_TAG_ERROR;
+ case ASN1_TAG_IMPLICIT:
+ return GNUTLS_E_ASN1_TAG_IMPLICIT;
+ case ASN1_ERROR_TYPE_ANY:
+ return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
+ case ASN1_SYNTAX_ERROR:
+ return GNUTLS_E_ASN1_SYNTAX_ERROR;
+ case ASN1_MEM_ERROR:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ case ASN1_MEM_ALLOC_ERROR:
+ return GNUTLS_E_MEMORY_ERROR;
+ case ASN1_DER_OVERFLOW:
+ return GNUTLS_E_ASN1_DER_OVERFLOW;
+ default:
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
}
-void
-_gnutls_mpi_log (const char *prefix, bigint_t a)
+void _gnutls_mpi_log(const char *prefix, bigint_t a)
{
- size_t binlen = 0;
- void *binbuf;
- size_t hexlen;
- char *hexbuf;
- int res;
-
- if (_gnutls_log_level < 2) return;
-
- res = _gnutls_mpi_print (a, NULL, &binlen);
- if (res < 0 && res != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s can't print value (%d/%d)\n", prefix, res,
- (int) binlen);
- return;
- }
-
- if (binlen > 1024 * 1024)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s too large mpi (%d)\n", prefix, (int) binlen);
- return;
- }
-
- binbuf = gnutls_malloc (binlen);
- if (!binbuf)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s out of memory (%d)\n", prefix, (int) binlen);
- return;
- }
-
- res = _gnutls_mpi_print (a, binbuf, &binlen);
- if (res != 0)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s can't print value (%d/%d)\n", prefix, res,
- (int) binlen);
- gnutls_free (binbuf);
- return;
- }
-
- hexlen = 2 * binlen + 1;
- hexbuf = gnutls_malloc (hexlen);
-
- if (!hexbuf)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s out of memory (hex %d)\n", prefix, (int) hexlen);
- gnutls_free (binbuf);
- return;
- }
-
- _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen, NULL);
-
- _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
- hexbuf);
-
- gnutls_free (hexbuf);
- gnutls_free (binbuf);
+ size_t binlen = 0;
+ void *binbuf;
+ size_t hexlen;
+ char *hexbuf;
+ int res;
+
+ if (_gnutls_log_level < 2)
+ return;
+
+ res = _gnutls_mpi_print(a, NULL, &binlen);
+ if (res < 0 && res != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s can't print value (%d/%d)\n",
+ prefix, res, (int) binlen);
+ return;
+ }
+
+ if (binlen > 1024 * 1024) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s too large mpi (%d)\n", prefix,
+ (int) binlen);
+ return;
+ }
+
+ binbuf = gnutls_malloc(binlen);
+ if (!binbuf) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s out of memory (%d)\n", prefix,
+ (int) binlen);
+ return;
+ }
+
+ res = _gnutls_mpi_print(a, binbuf, &binlen);
+ if (res != 0) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s can't print value (%d/%d)\n",
+ prefix, res, (int) binlen);
+ gnutls_free(binbuf);
+ return;
+ }
+
+ hexlen = 2 * binlen + 1;
+ hexbuf = gnutls_malloc(hexlen);
+
+ if (!hexbuf) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s out of memory (hex %d)\n",
+ prefix, (int) hexlen);
+ gnutls_free(binbuf);
+ return;
+ }
+
+ _gnutls_bin2hex(binbuf, binlen, hexbuf, hexlen, NULL);
+
+ _gnutls_hard_log("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
+ hexbuf);
+
+ gnutls_free(hexbuf);
+ gnutls_free(binbuf);
}
/* this function will output a message using the
* caller provided function
*/
-void
-_gnutls_log (int level, const char *fmt, ...)
+void _gnutls_log(int level, const char *fmt, ...)
{
- va_list args;
- char *str;
- int ret;
-
- if (_gnutls_log_func == NULL)
- return;
-
- va_start (args, fmt);
- ret = vasprintf (&str, fmt, args);
- va_end (args);
-
- if (ret >= 0)
- {
- _gnutls_log_func (level, str);
- free (str);
- }
+ va_list args;
+ char *str;
+ int ret;
+
+ if (_gnutls_log_func == NULL)
+ return;
+
+ va_start(args, fmt);
+ ret = vasprintf(&str, fmt, args);
+ va_end(args);
+
+ if (ret >= 0) {
+ _gnutls_log_func(level, str);
+ free(str);
+ }
}
-void
-_gnutls_audit_log (gnutls_session_t session, const char *fmt, ...)
+void _gnutls_audit_log(gnutls_session_t session, const char *fmt, ...)
{
- va_list args;
- char *str;
- int ret;
-
- if (_gnutls_audit_log_func == NULL && _gnutls_log_func == NULL)
- return;
-
- va_start (args, fmt);
- ret = vasprintf (&str, fmt, args);
- va_end (args);
-
- if (ret >= 0)
- {
- if (_gnutls_audit_log_func)
- _gnutls_audit_log_func (session, str);
- else
- _gnutls_log_func(1, str);
- free (str);
- }
+ va_list args;
+ char *str;
+ int ret;
+
+ if (_gnutls_audit_log_func == NULL && _gnutls_log_func == NULL)
+ return;
+
+ va_start(args, fmt);
+ ret = vasprintf(&str, fmt, args);
+ va_end(args);
+
+ if (ret >= 0) {
+ if (_gnutls_audit_log_func)
+ _gnutls_audit_log_func(session, str);
+ else
+ _gnutls_log_func(1, str);
+ free(str);
+ }
}
#ifndef DEBUG
@@ -639,11 +659,10 @@ _gnutls_audit_log (gnutls_session_t session, const char *fmt, ...)
/* Without C99 macros these functions have to
* be called. This may affect performance.
*/
-void
-_gnutls_null_log (void *x, ...)
+void _gnutls_null_log(void *x, ...)
{
- return;
+ return;
}
-#endif /* C99_MACROS */
-#endif /* DEBUG */
+#endif /* C99_MACROS */
+#endif /* DEBUG */
diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h
index 1f446a06a3..12df2588b9 100644
--- a/lib/gnutls_errors.h
+++ b/lib/gnutls_errors.h
@@ -34,28 +34,26 @@
#else
#define gnutls_assert()
#endif
-#else /* __FILE__ not defined */
+#else /* __FILE__ not defined */
#define gnutls_assert()
#endif
-int _gnutls_asn2err (int asn_err);
-void
-_gnutls_log (int, const char *fmt, ...)
+int _gnutls_asn2err(int asn_err);
+void _gnutls_log(int, const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 2, 3)));
+ __attribute__ ((format(printf, 2, 3)));
#else
- ;
+;
#endif
-void
-_gnutls_audit_log (gnutls_session_t, const char *fmt, ...)
+void _gnutls_audit_log(gnutls_session_t, const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 2, 3)));
+ __attribute__ ((format(printf, 2, 3)));
#else
- ;
+;
#endif
-void _gnutls_mpi_log (const char *prefix, bigint_t a);
+void _gnutls_mpi_log(const char *prefix, bigint_t a);
#ifdef C99_MACROS
#define LEVEL(l, ...) do { if (unlikely(_gnutls_log_level >= l)) \
@@ -84,9 +82,9 @@ void _gnutls_mpi_log (const char *prefix, bigint_t a);
#define _gnutls_read_log _gnutls_null_log
#define _gnutls_write_log _gnutls_null_log
-void _gnutls_null_log (void *, ...);
+void _gnutls_null_log(void *, ...);
-#endif /* C99_MACROS */
+#endif /* C99_MACROS */
/* GCC won't inline this by itself and results in a "fatal warning"
otherwise. Making this a macro has been tried, but it interacts
@@ -94,15 +92,15 @@ void _gnutls_null_log (void *, ...);
side. */
static inline
#ifdef __GNUC__
- __attribute__ ((always_inline))
+ __attribute__ ((always_inline))
#endif
-int gnutls_assert_val_int (int val, const char *file, int line)
+int gnutls_assert_val_int(int val, const char *file, int line)
{
- _gnutls_debug_log ("ASSERT: %s:%d\n", file, line);
- return val;
+ _gnutls_debug_log("ASSERT: %s:%d\n", file, line);
+ return val;
}
#define gnutls_assert_val(x) gnutls_assert_val_int(x, __FILE__, __LINE__)
#define gnutls_assert_val_fatal(x) (((x)!=GNUTLS_E_AGAIN && (x)!=GNUTLS_E_INTERRUPTED)?gnutls_assert_val_int(x, __FILE__, __LINE__):(x))
-#endif /* GNUTLS_ERRORS_H */
+#endif /* GNUTLS_ERRORS_H */
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index e045e98f7a..3633a5c84d 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -45,173 +45,169 @@
#include <gnutls_num.h>
-static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
- uint16_t type);
+static void _gnutls_ext_unset_resumed_session_data(gnutls_session_t
+ session, uint16_t type);
static size_t extfunc_size = 0;
static extension_entry_st *extfunc = NULL;
-static gnutls_ext_parse_type_t
-_gnutls_ext_parse_type (uint16_t type)
+static gnutls_ext_parse_type_t _gnutls_ext_parse_type(uint16_t type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- {
- if (extfunc[i].type == type)
- return extfunc[i].parse_type;
- }
+ for (i = 0; i < extfunc_size; i++) {
+ if (extfunc[i].type == type)
+ return extfunc[i].parse_type;
+ }
- return GNUTLS_EXT_NONE;
+ return GNUTLS_EXT_NONE;
}
static gnutls_ext_recv_func
-_gnutls_ext_func_recv (uint16_t type, gnutls_ext_parse_type_t parse_type)
+_gnutls_ext_func_recv(uint16_t type, gnutls_ext_parse_type_t parse_type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- if (extfunc[i].type == type)
- if (parse_type == GNUTLS_EXT_ANY || extfunc[i].parse_type == parse_type)
- return extfunc[i].recv_func;
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ if (parse_type == GNUTLS_EXT_ANY
+ || extfunc[i].parse_type == parse_type)
+ return extfunc[i].recv_func;
- return NULL;
+ return NULL;
}
-static gnutls_ext_deinit_data_func
-_gnutls_ext_func_deinit (uint16_t type)
+static gnutls_ext_deinit_data_func _gnutls_ext_func_deinit(uint16_t type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- if (extfunc[i].type == type)
- return extfunc[i].deinit_func;
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].deinit_func;
- return NULL;
+ return NULL;
}
-static gnutls_ext_unpack_func
-_gnutls_ext_func_unpack (uint16_t type)
+static gnutls_ext_unpack_func _gnutls_ext_func_unpack(uint16_t type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- if (extfunc[i].type == type)
- return extfunc[i].unpack_func;
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].unpack_func;
- return NULL;
+ return NULL;
}
-static const char *
-_gnutls_extension_get_name (uint16_t type)
+static const char *_gnutls_extension_get_name(uint16_t type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- if (extfunc[i].type == type)
- return extfunc[i].name;
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].name;
- return NULL;
+ return NULL;
}
/* Checks if the extension we just received is one of the
* requested ones. Otherwise it's a fatal error.
*/
static int
-_gnutls_extension_list_check (gnutls_session_t session, uint16_t type)
+_gnutls_extension_list_check(gnutls_session_t session, uint16_t type)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- int i;
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ int i;
- for (i = 0; i < session->internals.extensions_sent_size; i++)
- {
- if (type == session->internals.extensions_sent[i])
- return 0; /* ok found */
- }
+ for (i = 0; i < session->internals.extensions_sent_size;
+ i++) {
+ if (type == session->internals.extensions_sent[i])
+ return 0; /* ok found */
+ }
- return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
- }
+ return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
+ }
- return 0;
+ return 0;
}
int
-_gnutls_parse_extensions (gnutls_session_t session,
- gnutls_ext_parse_type_t parse_type,
- const uint8_t * data, int data_size)
+_gnutls_parse_extensions(gnutls_session_t session,
+ gnutls_ext_parse_type_t parse_type,
+ const uint8_t * data, int data_size)
{
- int next, ret;
- int pos = 0;
- uint16_t type;
- const uint8_t *sdata;
- gnutls_ext_recv_func ext_recv;
- uint16_t size;
+ int next, ret;
+ int pos = 0;
+ uint16_t type;
+ const uint8_t *sdata;
+ gnutls_ext_recv_func ext_recv;
+ uint16_t size;
#ifdef DEBUG
- int i;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- for (i = 0; i < session->internals.extensions_sent_size; i++)
- {
- _gnutls_handshake_log ("EXT[%d]: expecting extension '%s'\n",
- session,
- _gnutls_extension_get_name
- (session->internals.extensions_sent[i]));
- }
+ int i;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ for (i = 0; i < session->internals.extensions_sent_size;
+ i++) {
+ _gnutls_handshake_log
+ ("EXT[%d]: expecting extension '%s'\n",
+ session,
+ _gnutls_extension_get_name(session->internals.
+ extensions_sent
+ [i]));
+ }
#endif
- DECR_LENGTH_RET (data_size, 2, 0);
- next = _gnutls_read_uint16 (data);
- pos += 2;
+ DECR_LENGTH_RET(data_size, 2, 0);
+ next = _gnutls_read_uint16(data);
+ pos += 2;
- DECR_LENGTH_RET (data_size, next, 0);
+ DECR_LENGTH_RET(data_size, next, 0);
- do
- {
- DECR_LENGTH_RET (next, 2, 0);
- type = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
+ do {
+ DECR_LENGTH_RET(next, 2, 0);
+ type = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
- if ((ret = _gnutls_extension_list_check (session, type)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret =
+ _gnutls_extension_list_check(session, type)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- DECR_LENGTH_RET (next, 2, 0);
- size = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
+ DECR_LENGTH_RET(next, 2, 0);
+ size = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
- DECR_LENGTH_RET (next, size, 0);
- sdata = &data[pos];
- pos += size;
+ DECR_LENGTH_RET(next, size, 0);
+ sdata = &data[pos];
+ pos += size;
- ext_recv = _gnutls_ext_func_recv (type, parse_type);
- if (ext_recv == NULL)
- {
- _gnutls_handshake_log ("EXT[%p]: Found extension '%s/%d'\n", session,
- _gnutls_extension_get_name (type), type);
+ ext_recv = _gnutls_ext_func_recv(type, parse_type);
+ if (ext_recv == NULL) {
+ _gnutls_handshake_log
+ ("EXT[%p]: Found extension '%s/%d'\n", session,
+ _gnutls_extension_get_name(type), type);
- continue;
- }
+ continue;
+ }
- _gnutls_handshake_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
- session, _gnutls_extension_get_name (type), type,
- size);
+ _gnutls_handshake_log
+ ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
+ session, _gnutls_extension_get_name(type), type,
+ size);
- if ((ret = ext_recv (session, sdata, size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret = ext_recv(session, sdata, size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- }
- while (next > 2);
+ }
+ while (next > 2);
- return 0;
+ return 0;
}
@@ -219,444 +215,427 @@ _gnutls_parse_extensions (gnutls_session_t session,
* This list is used to check whether the (later) received
* extensions are the ones we requested.
*/
-void
-_gnutls_extension_list_add (gnutls_session_t session, uint16_t type)
+void _gnutls_extension_list_add(gnutls_session_t session, uint16_t type)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (session->internals.extensions_sent_size < MAX_EXT_TYPES)
- {
- session->internals.extensions_sent[session->internals.
- extensions_sent_size] = type;
- session->internals.extensions_sent_size++;
- }
- else
- {
- _gnutls_handshake_log ("extensions: Increase MAX_EXT_TYPES\n");
- }
- }
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (session->internals.extensions_sent_size <
+ MAX_EXT_TYPES) {
+ session->internals.extensions_sent[session->
+ internals.extensions_sent_size]
+ = type;
+ session->internals.extensions_sent_size++;
+ } else {
+ _gnutls_handshake_log
+ ("extensions: Increase MAX_EXT_TYPES\n");
+ }
+ }
}
int
-_gnutls_gen_extensions (gnutls_session_t session, gnutls_buffer_st * extdata,
- gnutls_ext_parse_type_t parse_type)
+_gnutls_gen_extensions(gnutls_session_t session,
+ gnutls_buffer_st * extdata,
+ gnutls_ext_parse_type_t parse_type)
{
- int size;
- int pos, size_pos, ret;
- size_t i, init_size = extdata->length;
-
- pos = extdata->length; /* we will store length later on */
- _gnutls_buffer_append_prefix( extdata, 16, 0);
-
- for (i = 0; i < extfunc_size; i++)
- {
- extension_entry_st *p = &extfunc[i];
-
- if (p->send_func == NULL)
- continue;
-
- if (parse_type != GNUTLS_EXT_ANY && p->parse_type != parse_type)
- continue;
-
- ret = _gnutls_buffer_append_prefix( extdata, 16, p->type);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- size_pos = extdata->length;
- ret = _gnutls_buffer_append_prefix (extdata, 16, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- size = p->send_func (session, extdata);
- /* returning GNUTLS_E_INT_RET_0 means to send an empty
- * extension of this type.
- */
- if (size > 0 || size == GNUTLS_E_INT_RET_0)
- {
- if (size == GNUTLS_E_INT_RET_0)
- size = 0;
-
- /* write the real size */
- _gnutls_write_uint16(size, &extdata->data[size_pos]);
-
- /* add this extension to the extension list
- */
- _gnutls_extension_list_add (session, p->type);
-
- _gnutls_handshake_log ("EXT[%p]: Sending extension %s (%d bytes)\n",
- session, p->name, size);
- }
- else if (size < 0)
- {
- gnutls_assert ();
- return size;
- }
- else if (size == 0)
- extdata->length -= 4; /* reset type and size */
- }
-
- /* remove any initial data, and the size of the header */
- size = extdata->length - init_size - 2;
-
- if ( size > 0)
- _gnutls_write_uint16(size, &extdata->data[pos]);
- else if (size == 0) extdata->length -= 2; /* the length bytes */
-
- return size;
+ int size;
+ int pos, size_pos, ret;
+ size_t i, init_size = extdata->length;
+
+ pos = extdata->length; /* we will store length later on */
+ _gnutls_buffer_append_prefix(extdata, 16, 0);
+
+ for (i = 0; i < extfunc_size; i++) {
+ extension_entry_st *p = &extfunc[i];
+
+ if (p->send_func == NULL)
+ continue;
+
+ if (parse_type != GNUTLS_EXT_ANY
+ && p->parse_type != parse_type)
+ continue;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 16, p->type);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ size_pos = extdata->length;
+ ret = _gnutls_buffer_append_prefix(extdata, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ size = p->send_func(session, extdata);
+ /* returning GNUTLS_E_INT_RET_0 means to send an empty
+ * extension of this type.
+ */
+ if (size > 0 || size == GNUTLS_E_INT_RET_0) {
+ if (size == GNUTLS_E_INT_RET_0)
+ size = 0;
+
+ /* write the real size */
+ _gnutls_write_uint16(size,
+ &extdata->data[size_pos]);
+
+ /* add this extension to the extension list
+ */
+ _gnutls_extension_list_add(session, p->type);
+
+ _gnutls_handshake_log
+ ("EXT[%p]: Sending extension %s (%d bytes)\n",
+ session, p->name, size);
+ } else if (size < 0) {
+ gnutls_assert();
+ return size;
+ } else if (size == 0)
+ extdata->length -= 4; /* reset type and size */
+ }
+
+ /* remove any initial data, and the size of the header */
+ size = extdata->length - init_size - 2;
+
+ if (size > 0)
+ _gnutls_write_uint16(size, &extdata->data[pos]);
+ else if (size == 0)
+ extdata->length -= 2; /* the length bytes */
+
+ return size;
}
-int
-_gnutls_ext_init (void)
+int _gnutls_ext_init(void)
{
- int ret;
+ int ret;
- ret = _gnutls_ext_register (&ext_mod_max_record_size);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_max_record_size);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_status_request);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_status_request);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_cert_type);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_cert_type);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_server_name);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_server_name);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_sr);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_sr);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#ifdef ENABLE_SRP
- ret = _gnutls_ext_register (&ext_mod_srp);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_srp);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#endif
#ifdef ENABLE_HEARTBEAT
- ret = _gnutls_ext_register (&ext_mod_heartbeat);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_heartbeat);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#endif
- ret = _gnutls_ext_register (&ext_mod_new_record_padding);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_new_record_padding);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_session_ticket);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_session_ticket);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_supported_ecc);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_supported_ecc);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_supported_ecc_pf);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_sig);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_sig);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#ifdef ENABLE_DTLS_SRTP
- ret = _gnutls_ext_register (&ext_mod_srtp);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_srtp);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#endif
#ifdef ENABLE_ALPN
- ret = _gnutls_ext_register (&ext_mod_alpn);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_alpn);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#endif
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-void
-_gnutls_ext_deinit (void)
+void _gnutls_ext_deinit(void)
{
- gnutls_free (extfunc);
- extfunc = NULL;
- extfunc_size = 0;
+ gnutls_free(extfunc);
+ extfunc = NULL;
+ extfunc_size = 0;
}
-int
-_gnutls_ext_register (extension_entry_st * mod)
+int _gnutls_ext_register(extension_entry_st * mod)
{
- extension_entry_st *p;
+ extension_entry_st *p;
- p = gnutls_realloc_fast (extfunc, sizeof (*extfunc) * (extfunc_size + 1));
- if (!p)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ p = gnutls_realloc_fast(extfunc,
+ sizeof(*extfunc) * (extfunc_size + 1));
+ if (!p) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- extfunc = p;
+ extfunc = p;
- memcpy (&extfunc[extfunc_size], mod, sizeof (*mod));
+ memcpy(&extfunc[extfunc_size], mod, sizeof(*mod));
- extfunc_size++;
+ extfunc_size++;
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-int
-_gnutls_ext_before_epoch_change (gnutls_session_t session)
+int _gnutls_ext_before_epoch_change(gnutls_session_t session)
{
- unsigned int i;
- int ret;
-
- for (i = 0; i < extfunc_size; i++)
- {
- if (extfunc[i].epoch_func != NULL)
- {
- ret = extfunc[i].epoch_func (session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
+ unsigned int i;
+ int ret;
+
+ for (i = 0; i < extfunc_size; i++) {
+ if (extfunc[i].epoch_func != NULL) {
+ ret = extfunc[i].epoch_func(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ }
+
+ return 0;
}
-int
-_gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed)
+int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st * packed)
{
- unsigned int i;
- int ret;
- extension_priv_data_t data;
- int cur_size;
- int size_offset;
- int total_exts_pos;
- int exts = 0;
-
- total_exts_pos = packed->length;
- BUFFER_APPEND_NUM (packed, 0);
-
- for (i = 0; i < extfunc_size; i++)
- {
- ret = _gnutls_ext_get_session_data (session, extfunc[i].type, &data);
- if (ret >= 0 && extfunc[i].pack_func != NULL)
- {
- BUFFER_APPEND_NUM (packed, extfunc[i].type);
-
- size_offset = packed->length;
- BUFFER_APPEND_NUM (packed, 0);
-
- cur_size = packed->length;
-
- ret = extfunc[i].pack_func (data, packed);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- exts++;
- /* write the actual size */
- _gnutls_write_uint32 (packed->length - cur_size,
- packed->data + size_offset);
- }
- }
-
- _gnutls_write_uint32 (exts, packed->data + total_exts_pos);
-
- return 0;
+ unsigned int i;
+ int ret;
+ extension_priv_data_t data;
+ int cur_size;
+ int size_offset;
+ int total_exts_pos;
+ int exts = 0;
+
+ total_exts_pos = packed->length;
+ BUFFER_APPEND_NUM(packed, 0);
+
+ for (i = 0; i < extfunc_size; i++) {
+ ret =
+ _gnutls_ext_get_session_data(session, extfunc[i].type,
+ &data);
+ if (ret >= 0 && extfunc[i].pack_func != NULL) {
+ BUFFER_APPEND_NUM(packed, extfunc[i].type);
+
+ size_offset = packed->length;
+ BUFFER_APPEND_NUM(packed, 0);
+
+ cur_size = packed->length;
+
+ ret = extfunc[i].pack_func(data, packed);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ exts++;
+ /* write the actual size */
+ _gnutls_write_uint32(packed->length - cur_size,
+ packed->data + size_offset);
+ }
+ }
+
+ _gnutls_write_uint32(exts, packed->data + total_exts_pos);
+
+ return 0;
}
-void
-_gnutls_ext_restore_resumed_session (gnutls_session_t session)
+void _gnutls_ext_restore_resumed_session(gnutls_session_t session)
{
- int i;
-
-
- /* clear everything except MANDATORY extensions */
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.extension_int_data[i].set != 0 &&
- _gnutls_ext_parse_type (session->internals.
- extension_int_data[i].type) !=
- GNUTLS_EXT_MANDATORY)
- {
- _gnutls_ext_unset_session_data (session,
- session->
- internals.extension_int_data[i].
- type);
- }
- }
-
- /* copy resumed to main */
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.resumed_extension_int_data[i].set != 0 &&
- _gnutls_ext_parse_type (session->
- internals.resumed_extension_int_data[i].
- type) != GNUTLS_EXT_MANDATORY)
- {
- _gnutls_ext_set_session_data (session,
- session->
- internals.resumed_extension_int_data
- [i].type,
- session->
- internals.resumed_extension_int_data
- [i].priv);
- session->internals.resumed_extension_int_data[i].set = 0;
- }
- }
+ int i;
+
+
+ /* clear everything except MANDATORY extensions */
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.extension_int_data[i].set != 0 &&
+ _gnutls_ext_parse_type(session->
+ internals.extension_int_data[i].
+ type) != GNUTLS_EXT_MANDATORY) {
+ _gnutls_ext_unset_session_data(session,
+ session->internals.
+ extension_int_data
+ [i].type);
+ }
+ }
+
+ /* copy resumed to main */
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.resumed_extension_int_data[i].set !=
+ 0
+ && _gnutls_ext_parse_type(session->internals.
+ resumed_extension_int_data
+ [i].type) !=
+ GNUTLS_EXT_MANDATORY) {
+ _gnutls_ext_set_session_data(session,
+ session->internals.
+ resumed_extension_int_data
+ [i].type,
+ session->internals.
+ resumed_extension_int_data
+ [i].priv);
+ session->internals.resumed_extension_int_data[i].
+ set = 0;
+ }
+ }
}
static void
-_gnutls_ext_set_resumed_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t data)
+_gnutls_ext_set_resumed_session_data(gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t data)
{
- int i;
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.resumed_extension_int_data[i].type == type
- || session->internals.resumed_extension_int_data[i].set == 0)
- {
-
- if (session->internals.resumed_extension_int_data[i].set != 0)
- _gnutls_ext_unset_resumed_session_data (session, type);
-
- session->internals.resumed_extension_int_data[i].type = type;
- session->internals.resumed_extension_int_data[i].priv = data;
- session->internals.resumed_extension_int_data[i].set = 1;
- return;
- }
- }
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.resumed_extension_int_data[i].
+ type == type
+ || session->internals.resumed_extension_int_data[i].
+ set == 0) {
+
+ if (session->internals.
+ resumed_extension_int_data[i].set != 0)
+ _gnutls_ext_unset_resumed_session_data
+ (session, type);
+
+ session->internals.resumed_extension_int_data[i].
+ type = type;
+ session->internals.resumed_extension_int_data[i].
+ priv = data;
+ session->internals.resumed_extension_int_data[i].
+ set = 1;
+ return;
+ }
+ }
}
-int
-_gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed)
+int _gnutls_ext_unpack(gnutls_session_t session, gnutls_buffer_st * packed)
{
- int i, ret;
- extension_priv_data_t data;
- gnutls_ext_unpack_func unpack;
- int max_exts = 0;
- uint16_t type;
- int size_for_type, cur_pos;
-
-
- BUFFER_POP_NUM (packed, max_exts);
- for (i = 0; i < max_exts; i++)
- {
- BUFFER_POP_NUM (packed, type);
- BUFFER_POP_NUM (packed, size_for_type);
-
- cur_pos = packed->length;
-
- unpack = _gnutls_ext_func_unpack (type);
- if (unpack == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
-
- ret = unpack (packed, &data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* verify that unpack read the correct bytes */
- cur_pos = cur_pos - packed->length;
- if (cur_pos /* read length */ != size_for_type)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
-
- _gnutls_ext_set_resumed_session_data (session, type, data);
- }
-
- return 0;
-
-error:
- return ret;
+ int i, ret;
+ extension_priv_data_t data;
+ gnutls_ext_unpack_func unpack;
+ int max_exts = 0;
+ uint16_t type;
+ int size_for_type, cur_pos;
+
+
+ BUFFER_POP_NUM(packed, max_exts);
+ for (i = 0; i < max_exts; i++) {
+ BUFFER_POP_NUM(packed, type);
+ BUFFER_POP_NUM(packed, size_for_type);
+
+ cur_pos = packed->length;
+
+ unpack = _gnutls_ext_func_unpack(type);
+ if (unpack == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ ret = unpack(packed, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* verify that unpack read the correct bytes */
+ cur_pos = cur_pos - packed->length;
+ if (cur_pos /* read length */ != size_for_type) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ _gnutls_ext_set_resumed_session_data(session, type, data);
+ }
+
+ return 0;
+
+ error:
+ return ret;
}
void
-_gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type)
+_gnutls_ext_unset_session_data(gnutls_session_t session, uint16_t type)
{
- gnutls_ext_deinit_data_func deinit;
- extension_priv_data_t data;
- int ret, i;
-
- deinit = _gnutls_ext_func_deinit (type);
- ret = _gnutls_ext_get_session_data (session, type, &data);
-
- if (ret >= 0 && deinit != NULL)
- {
- deinit (data);
- }
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.extension_int_data[i].type == type)
- {
- session->internals.extension_int_data[i].set = 0;
- return;
- }
- }
+ gnutls_ext_deinit_data_func deinit;
+ extension_priv_data_t data;
+ int ret, i;
+
+ deinit = _gnutls_ext_func_deinit(type);
+ ret = _gnutls_ext_get_session_data(session, type, &data);
+
+ if (ret >= 0 && deinit != NULL) {
+ deinit(data);
+ }
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.extension_int_data[i].type == type) {
+ session->internals.extension_int_data[i].set = 0;
+ return;
+ }
+ }
}
static void
-_gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
- uint16_t type)
+_gnutls_ext_unset_resumed_session_data(gnutls_session_t session,
+ uint16_t type)
{
- gnutls_ext_deinit_data_func deinit;
- extension_priv_data_t data;
- int ret, i;
-
- deinit = _gnutls_ext_func_deinit (type);
- ret = _gnutls_ext_get_resumed_session_data (session, type, &data);
-
- if (ret >= 0 && deinit != NULL)
- {
- deinit (data);
- }
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.resumed_extension_int_data[i].type == type)
- {
- session->internals.resumed_extension_int_data[i].set = 0;
- return;
- }
- }
+ gnutls_ext_deinit_data_func deinit;
+ extension_priv_data_t data;
+ int ret, i;
+
+ deinit = _gnutls_ext_func_deinit(type);
+ ret = _gnutls_ext_get_resumed_session_data(session, type, &data);
+
+ if (ret >= 0 && deinit != NULL) {
+ deinit(data);
+ }
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.resumed_extension_int_data[i].
+ type == type) {
+ session->internals.resumed_extension_int_data[i].
+ set = 0;
+ return;
+ }
+ }
}
/* Deinitializes all data that are associated with TLS extensions.
*/
-void
-_gnutls_ext_free_session_data (gnutls_session_t session)
+void _gnutls_ext_free_session_data(gnutls_session_t session)
{
- unsigned int i;
+ unsigned int i;
- for (i = 0; i < extfunc_size; i++)
- {
- _gnutls_ext_unset_session_data (session, extfunc[i].type);
- }
+ for (i = 0; i < extfunc_size; i++) {
+ _gnutls_ext_unset_session_data(session, extfunc[i].type);
+ }
- for (i = 0; i < extfunc_size; i++)
- {
- _gnutls_ext_unset_resumed_session_data (session, extfunc[i].type);
- }
+ for (i = 0; i < extfunc_size; i++) {
+ _gnutls_ext_unset_resumed_session_data(session,
+ extfunc[i].type);
+ }
}
@@ -665,65 +644,68 @@ _gnutls_ext_free_session_data (gnutls_session_t session)
* private pointer, to allow API additions by individual extensions.
*/
void
-_gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t data)
+_gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type,
+ extension_priv_data_t data)
{
- unsigned int i;
- gnutls_ext_deinit_data_func deinit;
-
- deinit = _gnutls_ext_func_deinit (type);
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.extension_int_data[i].type == type
- || session->internals.extension_int_data[i].set == 0)
- {
- if (session->internals.extension_int_data[i].set != 0)
- {
- if (deinit)
- deinit (session->internals.extension_int_data[i].priv);
- }
- session->internals.extension_int_data[i].type = type;
- session->internals.extension_int_data[i].priv = data;
- session->internals.extension_int_data[i].set = 1;
- return;
- }
- }
+ unsigned int i;
+ gnutls_ext_deinit_data_func deinit;
+
+ deinit = _gnutls_ext_func_deinit(type);
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.extension_int_data[i].type == type
+ || session->internals.extension_int_data[i].set == 0) {
+ if (session->internals.extension_int_data[i].set !=
+ 0) {
+ if (deinit)
+ deinit(session->internals.
+ extension_int_data[i].priv);
+ }
+ session->internals.extension_int_data[i].type =
+ type;
+ session->internals.extension_int_data[i].priv =
+ data;
+ session->internals.extension_int_data[i].set = 1;
+ return;
+ }
+ }
}
int
-_gnutls_ext_get_session_data (gnutls_session_t session,
- uint16_t type, extension_priv_data_t * data)
+_gnutls_ext_get_session_data(gnutls_session_t session,
+ uint16_t type, extension_priv_data_t * data)
{
- int i;
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.extension_int_data[i].set != 0 &&
- session->internals.extension_int_data[i].type == type)
- {
- *data = session->internals.extension_int_data[i].priv;
- return 0;
- }
- }
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.extension_int_data[i].set != 0 &&
+ session->internals.extension_int_data[i].type == type)
+ {
+ *data =
+ session->internals.extension_int_data[i].priv;
+ return 0;
+ }
+ }
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
int
-_gnutls_ext_get_resumed_session_data (gnutls_session_t session,
- uint16_t type,
- extension_priv_data_t * data)
+_gnutls_ext_get_resumed_session_data(gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t * data)
{
- int i;
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.resumed_extension_int_data[i].set != 0 &&
- session->internals.resumed_extension_int_data[i].type == type)
- {
- *data = session->internals.resumed_extension_int_data[i].priv;
- return 0;
- }
- }
- return GNUTLS_E_INVALID_REQUEST;
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.resumed_extension_int_data[i].set !=
+ 0
+ && session->internals.resumed_extension_int_data[i].
+ type == type) {
+ *data =
+ session->internals.
+ resumed_extension_int_data[i].priv;
+ return 0;
+ }
+ }
+ return GNUTLS_E_INVALID_REQUEST;
}
diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h
index c6ab1e6608..11c0faf1b4 100644
--- a/lib/gnutls_extensions.h
+++ b/lib/gnutls_extensions.h
@@ -26,74 +26,77 @@
#include <gnutls_str.h>
typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
- const unsigned char *data, size_t len);
+ const unsigned char *data,
+ size_t len);
typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
- gnutls_buffer_st *extdata);
+ gnutls_buffer_st * extdata);
-int _gnutls_parse_extensions (gnutls_session_t session,
- gnutls_ext_parse_type_t parse_type,
- const uint8_t * data, int data_size);
-int _gnutls_gen_extensions (gnutls_session_t session, gnutls_buffer_st * extdata,
- gnutls_ext_parse_type_t);
-int _gnutls_ext_init (void);
-void _gnutls_ext_deinit (void);
+int _gnutls_parse_extensions(gnutls_session_t session,
+ gnutls_ext_parse_type_t parse_type,
+ const uint8_t * data, int data_size);
+int _gnutls_gen_extensions(gnutls_session_t session,
+ gnutls_buffer_st * extdata,
+ gnutls_ext_parse_type_t);
+int _gnutls_ext_init(void);
+void _gnutls_ext_deinit(void);
-void _gnutls_extension_list_add (gnutls_session_t session, uint16_t type);
+void _gnutls_extension_list_add(gnutls_session_t session, uint16_t type);
typedef void (*gnutls_ext_deinit_data_func) (extension_priv_data_t data);
typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data,
- gnutls_buffer_st * packed_data);
+ gnutls_buffer_st * packed_data);
typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data,
- extension_priv_data_t * data);
+ extension_priv_data_t * data);
typedef int (*gnutls_ext_epoch_func) (gnutls_session_t session);
-void _gnutls_ext_free_session_data (gnutls_session_t session);
+void _gnutls_ext_free_session_data(gnutls_session_t session);
/* functions to be used by extensions internally
*/
-void _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type);
-void _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t);
-int _gnutls_ext_get_session_data (gnutls_session_t session,
- uint16_t type, extension_priv_data_t *);
-int _gnutls_ext_get_resumed_session_data (gnutls_session_t session,
- uint16_t type,
- extension_priv_data_t * data);
-
-void _gnutls_ext_restore_resumed_session (gnutls_session_t session);
-int _gnutls_ext_before_epoch_change (gnutls_session_t session);
+void _gnutls_ext_unset_session_data(gnutls_session_t session,
+ uint16_t type);
+void _gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type,
+ extension_priv_data_t);
+int _gnutls_ext_get_session_data(gnutls_session_t session, uint16_t type,
+ extension_priv_data_t *);
+int _gnutls_ext_get_resumed_session_data(gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t * data);
+
+void _gnutls_ext_restore_resumed_session(gnutls_session_t session);
+int _gnutls_ext_before_epoch_change(gnutls_session_t session);
/* for session packing */
-int _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed);
-int _gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed);
-
-typedef struct
-{
- const char *name;
- uint16_t type;
- gnutls_ext_parse_type_t parse_type;
-
- /* this function must return 0 when Not Applicable
- * size of extension data if ok
- * < 0 on other error.
- */
- gnutls_ext_recv_func recv_func;
-
- /* this function must return 0 when Not Applicable
- * size of extension data if ok
- * GNUTLS_E_INT_RET_0 if extension data size is zero
- * < 0 on other error.
- */
- gnutls_ext_send_func send_func;
-
- gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
- * internal data
- */
- gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
- gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
- gnutls_ext_epoch_func epoch_func; /* called after the handshake is finished */
+int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st * packed);
+int _gnutls_ext_unpack(gnutls_session_t session,
+ gnutls_buffer_st * packed);
+
+typedef struct {
+ const char *name;
+ uint16_t type;
+ gnutls_ext_parse_type_t parse_type;
+
+ /* this function must return 0 when Not Applicable
+ * size of extension data if ok
+ * < 0 on other error.
+ */
+ gnutls_ext_recv_func recv_func;
+
+ /* this function must return 0 when Not Applicable
+ * size of extension data if ok
+ * GNUTLS_E_INT_RET_0 if extension data size is zero
+ * < 0 on other error.
+ */
+ gnutls_ext_send_func send_func;
+
+ gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
+ * internal data
+ */
+ gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
+ gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
+ gnutls_ext_epoch_func epoch_func; /* called after the handshake is finished */
} extension_entry_st;
-int _gnutls_ext_register (extension_entry_st *);
+int _gnutls_ext_register(extension_entry_st *);
#endif
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index af291e17d7..d686ce8c35 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -27,7 +27,7 @@
#include <random.h>
#include <gnutls/pkcs11.h>
-#include <gnutls_extensions.h> /* for _gnutls_ext_init */
+#include <gnutls_extensions.h> /* for _gnutls_ext_init */
#include <locks.h>
#include <system.h>
#include <accelerated/cryptodev.h>
@@ -49,7 +49,7 @@ ASN1_TYPE _gnutls_gnutls_asn;
gnutls_log_func _gnutls_log_func = NULL;
gnutls_audit_log_func _gnutls_audit_log_func = NULL;
-int _gnutls_log_level = 0; /* default log level */
+int _gnutls_log_level = 0; /* default log level */
/**
* gnutls_global_set_log_function:
@@ -63,10 +63,9 @@ int _gnutls_log_level = 0; /* default log level */
* @gnutls_log_func is of the form,
* void (*gnutls_log_func)( int level, const char*);
**/
-void
-gnutls_global_set_log_function (gnutls_log_func log_func)
+void gnutls_global_set_log_function(gnutls_log_func log_func)
{
- _gnutls_log_func = log_func;
+ _gnutls_log_func = log_func;
}
/**
@@ -84,10 +83,9 @@ gnutls_global_set_log_function (gnutls_log_func log_func)
*
* Since: 3.0
**/
-void
-gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func)
+void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func)
{
- _gnutls_audit_log_func = log_func;
+ _gnutls_audit_log_func = log_func;
}
/**
@@ -100,10 +98,9 @@ gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func)
*
* Since: 2.12.0
**/
-void
-gnutls_global_set_time_function (gnutls_time_func time_func)
+void gnutls_global_set_time_function(gnutls_time_func time_func)
{
- gnutls_time = time_func;
+ gnutls_time = time_func;
}
/**
@@ -117,10 +114,9 @@ gnutls_global_set_time_function (gnutls_time_func time_func)
*
* Use a log level over 10 to enable all debugging options.
**/
-void
-gnutls_global_set_log_level (int level)
+void gnutls_global_set_log_level(int level)
{
- _gnutls_log_level = level;
+ _gnutls_log_level = level;
}
/**
@@ -141,29 +137,26 @@ gnutls_global_set_log_level (int level)
* This function is not thread safe.
**/
void
-gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
- gnutls_alloc_function secure_alloc_func,
- gnutls_is_secure_function is_secure_func,
- gnutls_realloc_function realloc_func,
- gnutls_free_function free_func)
+gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func,
+ gnutls_alloc_function secure_alloc_func,
+ gnutls_is_secure_function is_secure_func,
+ gnutls_realloc_function realloc_func,
+ gnutls_free_function free_func)
{
- gnutls_secure_malloc = secure_alloc_func;
- gnutls_malloc = alloc_func;
- gnutls_realloc = realloc_func;
- gnutls_free = free_func;
-
- /* if using the libc's default malloc
- * use libc's calloc as well.
- */
- if (gnutls_malloc == malloc)
- {
- gnutls_calloc = calloc;
- }
- else
- { /* use the included ones */
- gnutls_calloc = _gnutls_calloc;
- }
- gnutls_strdup = _gnutls_strdup;
+ gnutls_secure_malloc = secure_alloc_func;
+ gnutls_malloc = alloc_func;
+ gnutls_realloc = realloc_func;
+ gnutls_free = free_func;
+
+ /* if using the libc's default malloc
+ * use libc's calloc as well.
+ */
+ if (gnutls_malloc == malloc) {
+ gnutls_calloc = calloc;
+ } else { /* use the included ones */
+ gnutls_calloc = _gnutls_calloc;
+ }
+ gnutls_strdup = _gnutls_strdup;
}
@@ -196,94 +189,85 @@ static int _gnutls_init = 0;
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-int
-gnutls_global_init (void)
+int gnutls_global_init(void)
{
- int result = 0;
- int res;
-
- if (_gnutls_init++)
- goto out;
-
- if (gl_sockets_startup (SOCKETS_1_1))
- return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
-
- bindtextdomain (PACKAGE, LOCALEDIR);
-
- res = gnutls_crypto_init ();
- if (res != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTO_INIT_FAILED;
- }
-
- _gnutls_register_accel_crypto();
-
- /* initialize ASN.1 parser
- * This should not deal with files in the final
- * version.
- */
- if (asn1_check_version (GNUTLS_MIN_LIBTASN1_VERSION) == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Checking for libtasn1 failed: %s < %s\n",
- asn1_check_version (NULL),
- GNUTLS_MIN_LIBTASN1_VERSION);
- return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
- }
-
- res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
- if (res != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (res);
- goto out;
- }
-
- res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
- if (res != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (res);
- goto out;
- }
-
- /* Initialize the random generator */
- result = _gnutls_rnd_init ();
- if (result < 0)
- {
- gnutls_assert ();
- goto out;
- }
-
- /* Initialize the default TLS extensions */
- result = _gnutls_ext_init ();
- if (result < 0)
- {
- gnutls_assert ();
- goto out;
- }
-
- result = gnutls_mutex_init(&_gnutls_file_mutex);
- if (result < 0)
- {
- gnutls_assert();
- goto out;
- }
-
- result = gnutls_system_global_init ();
- if (result < 0)
- {
- gnutls_assert ();
- goto out;
- }
-
+ int result = 0;
+ int res;
+
+ if (_gnutls_init++)
+ goto out;
+
+ if (gl_sockets_startup(SOCKETS_1_1))
+ return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+
+ bindtextdomain(PACKAGE, LOCALEDIR);
+
+ res = gnutls_crypto_init();
+ if (res != 0) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+ }
+
+ _gnutls_register_accel_crypto();
+
+ /* initialize ASN.1 parser
+ * This should not deal with files in the final
+ * version.
+ */
+ if (asn1_check_version(GNUTLS_MIN_LIBTASN1_VERSION) == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Checking for libtasn1 failed: %s < %s\n",
+ asn1_check_version(NULL),
+ GNUTLS_MIN_LIBTASN1_VERSION);
+ return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
+ }
+
+ res = asn1_array2tree(pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
+ if (res != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(res);
+ goto out;
+ }
+
+ res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
+ if (res != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(res);
+ goto out;
+ }
+
+ /* Initialize the random generator */
+ result = _gnutls_rnd_init();
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ /* Initialize the default TLS extensions */
+ result = _gnutls_ext_init();
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ result = gnutls_mutex_init(&_gnutls_file_mutex);
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ result = gnutls_system_global_init();
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
+ gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
#endif
- _gnutls_cryptodev_init ();
+ _gnutls_cryptodev_init();
-out:
- return result;
+ out:
+ return result;
}
/**
@@ -295,26 +279,24 @@ out:
* Note! This function is not thread safe. See the discussion for
* gnutls_global_init() for more information.
**/
-void
-gnutls_global_deinit (void)
+void gnutls_global_deinit(void)
{
- if (_gnutls_init == 1)
- {
- gl_sockets_cleanup ();
- gnutls_crypto_deinit();
- _gnutls_rnd_deinit ();
- _gnutls_ext_deinit ();
- asn1_delete_structure (&_gnutls_gnutls_asn);
- asn1_delete_structure (&_gnutls_pkix1_asn);
- _gnutls_crypto_deregister ();
- _gnutls_cryptodev_deinit ();
- gnutls_system_global_deinit ();
+ if (_gnutls_init == 1) {
+ gl_sockets_cleanup();
+ gnutls_crypto_deinit();
+ _gnutls_rnd_deinit();
+ _gnutls_ext_deinit();
+ asn1_delete_structure(&_gnutls_gnutls_asn);
+ asn1_delete_structure(&_gnutls_pkix1_asn);
+ _gnutls_crypto_deregister();
+ _gnutls_cryptodev_deinit();
+ gnutls_system_global_deinit();
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_deinit ();
+ gnutls_pkcs11_deinit();
#endif
- gnutls_mutex_deinit(&_gnutls_file_mutex);
- }
- _gnutls_init--;
+ gnutls_mutex_deinit(&_gnutls_file_mutex);
+ }
+ _gnutls_init--;
}
/* These functions should be elsewere. Kept here for
@@ -336,11 +318,10 @@ gnutls_global_deinit (void)
* condition is not met. If %NULL is passed to this function no
* check is done and only the version string is returned.
**/
-const char *
-gnutls_check_version (const char *req_version)
+const char *gnutls_check_version(const char *req_version)
{
- if (!req_version || strverscmp (req_version, VERSION) <= 0)
- return VERSION;
+ if (!req_version || strverscmp(req_version, VERSION) <= 0)
+ return VERSION;
- return NULL;
+ return NULL;
}
diff --git a/lib/gnutls_global.h b/lib/gnutls_global.h
index a5f6b36b39..31e759ef81 100644
--- a/lib/gnutls_global.h
+++ b/lib/gnutls_global.h
@@ -26,7 +26,7 @@
#include <libtasn1.h>
#include <gnutls/gnutls.h>
-int gnutls_is_secure_memory (const void *mem);
+int gnutls_is_secure_memory(const void *mem);
extern ASN1_TYPE _gnutls_pkix1_asn;
extern ASN1_TYPE _gnutls_gnutls_asn;
@@ -41,7 +41,7 @@ extern ASN1_TYPE _gnutls_gnutls_asn;
extern gnutls_log_func _gnutls_log_func;
extern gnutls_audit_log_func _gnutls_audit_log_func;
extern int _gnutls_log_level;
-extern int gnutls_crypto_init (void);
-extern void gnutls_crypto_deinit (void);
+extern int gnutls_crypto_init(void);
+extern void gnutls_crypto_deinit(void);
#endif
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 7e5cc8b0d4..9b924c9b1c 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -49,8 +49,8 @@
#include <ext/session_ticket.h>
#include <ext/status_request.h>
#include <ext/safe_renegotiation.h>
-#include <auth/anon.h> /* for gnutls_anon_server_credentials_t */
-#include <auth/psk.h> /* for gnutls_psk_server_credentials_t */
+#include <auth/anon.h> /* for gnutls_anon_server_credentials_t */
+#include <auth/psk.h> /* for gnutls_psk_server_credentials_t */
#include <random.h>
#include <gnutls_dtls.h>
@@ -63,202 +63,206 @@
#define TRUE 1
#define FALSE 0
-static int _gnutls_server_select_comp_method (gnutls_session_t session,
- uint8_t * data, int datalen);
+static int _gnutls_server_select_comp_method(gnutls_session_t session,
+ uint8_t * data, int datalen);
static int
-_gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
- uint8_t * cipher_suites,
- int cipher_suites_size,
- gnutls_pk_algorithm_t *pk_algos,
- size_t pk_algos_size);
-static int _gnutls_handshake_client (gnutls_session_t session);
-static int _gnutls_handshake_server (gnutls_session_t session);
+_gnutls_remove_unwanted_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ int cipher_suites_size,
+ gnutls_pk_algorithm_t * pk_algos,
+ size_t pk_algos_size);
+static int _gnutls_handshake_client(gnutls_session_t session);
+static int _gnutls_handshake_server(gnutls_session_t session);
static int
-_gnutls_recv_handshake_final (gnutls_session_t session, int init);
+_gnutls_recv_handshake_final(gnutls_session_t session, int init);
static int
-_gnutls_send_handshake_final (gnutls_session_t session, int init);
+_gnutls_send_handshake_final(gnutls_session_t session, int init);
/* Empties but does not free the buffer
*/
static inline void
-_gnutls_handshake_hash_buffer_empty (gnutls_session_t session)
+_gnutls_handshake_hash_buffer_empty(gnutls_session_t session)
{
- _gnutls_buffers_log ("BUF[HSK]: Emptied buffer\n");
+ _gnutls_buffers_log("BUF[HSK]: Emptied buffer\n");
- session->internals.handshake_hash_buffer_prev_len = 0;
- session->internals.handshake_hash_buffer.length = 0;
- return;
+ session->internals.handshake_hash_buffer_prev_len = 0;
+ session->internals.handshake_hash_buffer.length = 0;
+ return;
}
static int
-_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
- gnutls_handshake_description_t recv_type,
- uint8_t * header, uint16_t header_size,
- uint8_t * dataptr, uint32_t datalen);
+_gnutls_handshake_hash_add_recvd(gnutls_session_t session,
+ gnutls_handshake_description_t recv_type,
+ uint8_t * header, uint16_t header_size,
+ uint8_t * dataptr, uint32_t datalen);
static int
-_gnutls_handshake_hash_add_sent (gnutls_session_t session,
- gnutls_handshake_description_t type,
- uint8_t * dataptr, uint32_t datalen);
+_gnutls_handshake_hash_add_sent(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ uint8_t * dataptr, uint32_t datalen);
static int
-_gnutls_recv_hello_verify_request (gnutls_session_t session,
- uint8_t * data, int datalen);
+_gnutls_recv_hello_verify_request(gnutls_session_t session,
+ uint8_t * data, int datalen);
/* Clears the handshake hash buffers and handles.
*/
-void
-_gnutls_handshake_hash_buffers_clear (gnutls_session_t session)
+void _gnutls_handshake_hash_buffers_clear(gnutls_session_t session)
{
- session->internals.handshake_hash_buffer_prev_len = 0;
- _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
+ session->internals.handshake_hash_buffer_prev_len = 0;
+ _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
}
/* this will copy the required values for resuming to
* internals, and to security_parameters.
* this will keep as less data to security_parameters.
*/
-static int
-resume_copy_required_values (gnutls_session_t session)
+static int resume_copy_required_values(gnutls_session_t session)
{
-int ret;
-
- /* get the new random values */
- memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- /* keep the ciphersuite and compression
- * That is because the client must see these in our
- * hello message.
- */
- memcpy (session->security_parameters.cipher_suite,
- session->internals.resumed_security_parameters.cipher_suite, 2);
- session->security_parameters.compression_method = session->internals.resumed_security_parameters.compression_method;
-
- ret = _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- session->
- internals.resumed_security_parameters.cipher_suite);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_epoch_set_compression (session, EPOCH_NEXT,
- session->
- internals.resumed_security_parameters.compression_method);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* or write_compression_algorithm
- * they are the same
- */
-
- session->security_parameters.entity =
- session->internals.resumed_security_parameters.entity;
-
- if (session->internals.resumed_security_parameters.pversion == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- _gnutls_set_current_version (session,
- session->internals.resumed_security_parameters.
- pversion->id);
-
- session->security_parameters.cert_type =
- session->internals.resumed_security_parameters.cert_type;
-
- memcpy (session->security_parameters.session_id,
- session->internals.resumed_security_parameters.session_id,
- sizeof (session->security_parameters.session_id));
- session->security_parameters.session_id_size =
- session->internals.resumed_security_parameters.session_id_size;
-
- return 0;
+ int ret;
+
+ /* get the new random values */
+ memcpy(session->internals.resumed_security_parameters.
+ server_random, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(session->internals.resumed_security_parameters.
+ client_random, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ /* keep the ciphersuite and compression
+ * That is because the client must see these in our
+ * hello message.
+ */
+ memcpy(session->security_parameters.cipher_suite,
+ session->internals.resumed_security_parameters.cipher_suite,
+ 2);
+ session->security_parameters.compression_method =
+ session->internals.resumed_security_parameters.
+ compression_method;
+
+ ret = _gnutls_epoch_set_cipher_suite(session, EPOCH_NEXT,
+ session->internals.
+ resumed_security_parameters.
+ cipher_suite);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_epoch_set_compression(session, EPOCH_NEXT,
+ session->internals.
+ resumed_security_parameters.
+ compression_method);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* or write_compression_algorithm
+ * they are the same
+ */
+
+ session->security_parameters.entity =
+ session->internals.resumed_security_parameters.entity;
+
+ if (session->internals.resumed_security_parameters.pversion ==
+ NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ _gnutls_set_current_version(session,
+ session->internals.
+ resumed_security_parameters.pversion->
+ id);
+
+ session->security_parameters.cert_type =
+ session->internals.resumed_security_parameters.cert_type;
+
+ memcpy(session->security_parameters.session_id,
+ session->internals.resumed_security_parameters.session_id,
+ sizeof(session->security_parameters.session_id));
+ session->security_parameters.session_id_size =
+ session->internals.resumed_security_parameters.session_id_size;
+
+ return 0;
}
/* this function will produce GNUTLS_RANDOM_SIZE==32 bytes of random data
* and put it to dst.
*/
-static int
-_gnutls_tls_create_random (uint8_t * dst)
+static int _gnutls_tls_create_random(uint8_t * dst)
{
- uint32_t tim;
- int ret;
-
- /* Use weak random numbers for the most of the
- * buffer except for the first 4 that are the
- * system's time.
- */
-
- tim = gnutls_time (NULL);
- /* generate server random value */
- _gnutls_write_uint32 (tim, dst);
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, &dst[4], GNUTLS_RANDOM_SIZE - 4);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ uint32_t tim;
+ int ret;
+
+ /* Use weak random numbers for the most of the
+ * buffer except for the first 4 that are the
+ * system's time.
+ */
+
+ tim = gnutls_time(NULL);
+ /* generate server random value */
+ _gnutls_write_uint32(tim, dst);
+
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE, &dst[4], GNUTLS_RANDOM_SIZE - 4);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-int
-_gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd)
+int _gnutls_set_client_random(gnutls_session_t session, uint8_t * rnd)
{
-int ret;
-
- if (rnd != NULL)
- memcpy (session->security_parameters.client_random, rnd,
- GNUTLS_RANDOM_SIZE);
- else
- {
- /* no random given, we generate. */
- if (session->internals.sc_random_set != 0)
- {
- memcpy (session->security_parameters.client_random,
- session->internals.resumed_security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- }
- else
- {
- ret = _gnutls_tls_create_random (session->security_parameters.client_random);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- return 0;
+ int ret;
+
+ if (rnd != NULL)
+ memcpy(session->security_parameters.client_random, rnd,
+ GNUTLS_RANDOM_SIZE);
+ else {
+ /* no random given, we generate. */
+ if (session->internals.sc_random_set != 0) {
+ memcpy(session->security_parameters.client_random,
+ session->internals.
+ resumed_security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ } else {
+ ret =
+ _gnutls_tls_create_random(session->
+ security_parameters.
+ client_random);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ }
+ return 0;
}
-int
-_gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd)
+int _gnutls_set_server_random(gnutls_session_t session, uint8_t * rnd)
{
-int ret;
-
- if (rnd != NULL)
- memcpy (session->security_parameters.server_random, rnd,
- GNUTLS_RANDOM_SIZE);
- else
- {
- /* no random given, we generate. */
- if (session->internals.sc_random_set != 0)
- {
- memcpy (session->security_parameters.server_random,
- session->internals.resumed_security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- }
- else
- {
- ret = _gnutls_tls_create_random (session->security_parameters.server_random);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- return 0;
+ int ret;
+
+ if (rnd != NULL)
+ memcpy(session->security_parameters.server_random, rnd,
+ GNUTLS_RANDOM_SIZE);
+ else {
+ /* no random given, we generate. */
+ if (session->internals.sc_random_set != 0) {
+ memcpy(session->security_parameters.server_random,
+ session->internals.
+ resumed_security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ } else {
+ ret =
+ _gnutls_tls_create_random(session->
+ security_parameters.
+ server_random);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ }
+ return 0;
}
/* Calculate The SSL3 Finished message
@@ -267,62 +271,62 @@ int ret;
#define SSL3_SERVER_MSG "SRVR"
#define SSL_MSG_LEN 4
static int
-_gnutls_ssl3_finished (gnutls_session_t session, int type, uint8_t * ret, int sending)
+_gnutls_ssl3_finished(gnutls_session_t session, int type, uint8_t * ret,
+ int sending)
{
- digest_hd_st td_md5;
- digest_hd_st td_sha;
- const char *mesg;
- int rc, len;
-
- if (sending)
- len = session->internals.handshake_hash_buffer.length;
- else
- len = session->internals.handshake_hash_buffer_prev_len;
-
- rc = _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
- if (rc < 0)
- return gnutls_assert_val(rc);
-
- rc = _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
- if (rc < 0)
- {
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(rc);
- }
-
- _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, len);
- _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, len);
-
- if (type == GNUTLS_SERVER)
- mesg = SSL3_SERVER_MSG;
- else
- mesg = SSL3_CLIENT_MSG;
-
- _gnutls_hash (&td_md5, mesg, SSL_MSG_LEN);
- _gnutls_hash (&td_sha, mesg, SSL_MSG_LEN);
-
- rc = _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (rc < 0)
- {
- _gnutls_hash_deinit (&td_md5, NULL);
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(rc);
- }
-
- rc = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (rc < 0)
- {
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(rc);
- }
-
- return 0;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ const char *mesg;
+ int rc, len;
+
+ if (sending)
+ len = session->internals.handshake_hash_buffer.length;
+ else
+ len = session->internals.handshake_hash_buffer_prev_len;
+
+ rc = _gnutls_hash_init(&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
+ if (rc < 0)
+ return gnutls_assert_val(rc);
+
+ rc = _gnutls_hash_init(&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
+ if (rc < 0) {
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(rc);
+ }
+
+ _gnutls_hash(&td_sha,
+ session->internals.handshake_hash_buffer.data, len);
+ _gnutls_hash(&td_md5,
+ session->internals.handshake_hash_buffer.data, len);
+
+ if (type == GNUTLS_SERVER)
+ mesg = SSL3_SERVER_MSG;
+ else
+ mesg = SSL3_CLIENT_MSG;
+
+ _gnutls_hash(&td_md5, mesg, SSL_MSG_LEN);
+ _gnutls_hash(&td_sha, mesg, SSL_MSG_LEN);
+
+ rc = _gnutls_mac_deinit_ssl3_handshake(&td_md5, ret,
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (rc < 0) {
+ _gnutls_hash_deinit(&td_md5, NULL);
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(rc);
+ }
+
+ rc = _gnutls_mac_deinit_ssl3_handshake(&td_sha, &ret[16],
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (rc < 0) {
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(rc);
+ }
+
+ return 0;
}
/* Hash the handshake messages as required by TLS 1.0
@@ -331,114 +335,117 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, uint8_t * ret, int se
#define CLIENT_MSG "client finished"
#define TLS_MSG_LEN 15
static int
-_gnutls_finished (gnutls_session_t session, int type, void *ret, int sending)
+_gnutls_finished(gnutls_session_t session, int type, void *ret,
+ int sending)
{
- const int siz = TLS_MSG_LEN;
- uint8_t concat[MAX_HASH_SIZE + 16 /*MD5 */ ];
- size_t hash_len;
- const char *mesg;
- int rc, len;
-
- if (sending)
- len = session->internals.handshake_hash_buffer.length;
- else
- len = session->internals.handshake_hash_buffer_prev_len;
-
- if (!_gnutls_version_has_selectable_prf (get_version(session)))
- {
- rc = _gnutls_hash_fast( GNUTLS_DIG_SHA1, session->internals.handshake_hash_buffer.data, len, &concat[16]);
- if (rc < 0)
- return gnutls_assert_val(rc);
-
- rc = _gnutls_hash_fast( GNUTLS_DIG_MD5, session->internals.handshake_hash_buffer.data, len, concat);
- if (rc < 0)
- return gnutls_assert_val(rc);
-
- hash_len = 20 + 16;
- }
- else
- {
- int algorithm = _gnutls_cipher_suite_get_prf(session->security_parameters.cipher_suite);
-
- rc = _gnutls_hash_fast( algorithm, session->internals.handshake_hash_buffer.data, len, concat);
- if (rc < 0)
- return gnutls_assert_val(rc);
-
- hash_len = _gnutls_hash_get_algo_len (mac_to_entry(algorithm));
- }
-
- if (type == GNUTLS_SERVER)
- {
- mesg = SERVER_MSG;
- }
- else
- {
- mesg = CLIENT_MSG;
- }
-
- return _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, mesg, siz, concat, hash_len, 12, ret);
+ const int siz = TLS_MSG_LEN;
+ uint8_t concat[MAX_HASH_SIZE + 16 /*MD5 */ ];
+ size_t hash_len;
+ const char *mesg;
+ int rc, len;
+
+ if (sending)
+ len = session->internals.handshake_hash_buffer.length;
+ else
+ len = session->internals.handshake_hash_buffer_prev_len;
+
+ if (!_gnutls_version_has_selectable_prf(get_version(session))) {
+ rc = _gnutls_hash_fast(GNUTLS_DIG_SHA1,
+ session->internals.
+ handshake_hash_buffer.data, len,
+ &concat[16]);
+ if (rc < 0)
+ return gnutls_assert_val(rc);
+
+ rc = _gnutls_hash_fast(GNUTLS_DIG_MD5,
+ session->internals.
+ handshake_hash_buffer.data, len,
+ concat);
+ if (rc < 0)
+ return gnutls_assert_val(rc);
+
+ hash_len = 20 + 16;
+ } else {
+ int algorithm =
+ _gnutls_cipher_suite_get_prf(session->
+ security_parameters.
+ cipher_suite);
+
+ rc = _gnutls_hash_fast(algorithm,
+ session->internals.
+ handshake_hash_buffer.data, len,
+ concat);
+ if (rc < 0)
+ return gnutls_assert_val(rc);
+
+ hash_len =
+ _gnutls_hash_get_algo_len(mac_to_entry(algorithm));
+ }
+
+ if (type == GNUTLS_SERVER) {
+ mesg = SERVER_MSG;
+ } else {
+ mesg = CLIENT_MSG;
+ }
+
+ return _gnutls_PRF(session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, mesg, siz, concat, hash_len,
+ 12, ret);
}
/* returns the 0 on success or a negative error code.
*/
int
-_gnutls_negotiate_version (gnutls_session_t session,
- gnutls_protocol_t adv_version)
+_gnutls_negotiate_version(gnutls_session_t session,
+ gnutls_protocol_t adv_version)
{
- int ret;
-
- /* if we do not support that version */
- if (_gnutls_version_is_supported (session, adv_version) == 0)
- {
- /* If he requested something we do not support
- * then we send him the highest we support.
- */
- ret = _gnutls_version_max (session);
- if (ret == GNUTLS_VERSION_UNKNOWN)
- {
- /* this check is not really needed.
- */
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
- }
- else
- {
- ret = adv_version;
- }
-
- _gnutls_set_current_version (session, ret);
-
- return ret;
+ int ret;
+
+ /* if we do not support that version */
+ if (_gnutls_version_is_supported(session, adv_version) == 0) {
+ /* If he requested something we do not support
+ * then we send him the highest we support.
+ */
+ ret = _gnutls_version_max(session);
+ if (ret == GNUTLS_VERSION_UNKNOWN) {
+ /* this check is not really needed.
+ */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+ } else {
+ ret = adv_version;
+ }
+
+ _gnutls_set_current_version(session, ret);
+
+ return ret;
}
int
-_gnutls_user_hello_func (gnutls_session_t session,
- gnutls_protocol_t adv_version)
+_gnutls_user_hello_func(gnutls_session_t session,
+ gnutls_protocol_t adv_version)
{
- int ret;
-
- if (session->internals.user_hello_func != NULL)
- {
- ret = session->internals.user_hello_func (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- /* Here we need to renegotiate the version since the callee might
- * have disabled some TLS versions.
- */
- ret = _gnutls_negotiate_version (session, adv_version);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- return 0;
+ int ret;
+
+ if (session->internals.user_hello_func != NULL) {
+ ret = session->internals.user_hello_func(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ /* Here we need to renegotiate the version since the callee might
+ * have disabled some TLS versions.
+ */
+ ret = _gnutls_negotiate_version(session, adv_version);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ return 0;
}
/* Read a client hello packet.
@@ -447,617 +454,613 @@ _gnutls_user_hello_func (gnutls_session_t session,
* since SSL version 2.0 is not supported).
*/
static int
-_gnutls_read_client_hello (gnutls_session_t session, uint8_t * data,
- int datalen)
+_gnutls_read_client_hello(gnutls_session_t session, uint8_t * data,
+ int datalen)
{
- uint8_t session_id_len;
- int pos = 0, ret;
- uint16_t suite_size, comp_size;
- gnutls_protocol_t adv_version;
- int neg_version;
- int len = datalen;
- uint8_t *suite_ptr, *comp_ptr, *session_id;
-
- DECR_LEN (len, 2);
-
- _gnutls_handshake_log ("HSK[%p]: Client's version: %d.%d\n", session,
- data[pos], data[pos + 1]);
-
- adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
- set_adv_version (session, data[pos], data[pos + 1]);
- pos += 2;
-
- neg_version = _gnutls_negotiate_version (session, adv_version);
- if (neg_version < 0)
- {
- gnutls_assert ();
- return neg_version;
- }
-
- /* Read client random value.
- */
- DECR_LEN (len, GNUTLS_RANDOM_SIZE);
- ret = _gnutls_set_client_random (session, &data[pos]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- pos += GNUTLS_RANDOM_SIZE;
-
- ret = _gnutls_set_server_random (session, NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- session->security_parameters.timestamp = gnutls_time (NULL);
-
- DECR_LEN (len, 1);
- session_id_len = data[pos++];
-
- /* RESUME SESSION
- */
- if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- DECR_LEN (len, session_id_len);
- session_id = &data[pos];
- pos += session_id_len;
-
- if (IS_DTLS(session))
- {
- int cookie_size;
-
- DECR_LEN (len, 1);
- cookie_size = data[pos++];
- DECR_LEN (len, cookie_size);
- pos+=cookie_size;
- }
-
- ret = _gnutls_server_restore_session (session, session_id, session_id_len);
-
- if (session_id_len > 0) session->internals.resumption_requested = 1;
-
- if (ret == 0)
- { /* resumed using default TLS resumption! */
- /* Parse only the safe renegotiation extension
- * We don't want to parse any other extensions since
- * we don't want new extension values to overwrite the
- * resumed ones.
- */
-
- /* move forward to extensions */
- DECR_LEN (len, 2);
- suite_size = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- DECR_LEN (len, suite_size);
- pos += suite_size;
-
- DECR_LEN (len, 1);
- comp_size = data[pos++]; /* z is the number of compression methods */
- DECR_LEN (len, comp_size);
- pos += comp_size;
-
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = resume_copy_required_values (session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- session->internals.resumed = RESUME_TRUE;
-
- return _gnutls_user_hello_func (session, adv_version);
- }
- else
- {
- _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
-
- session->internals.resumed = RESUME_FALSE;
- }
-
- /* Remember ciphersuites for later
- */
- DECR_LEN (len, 2);
- suite_size = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- DECR_LEN (len, suite_size);
- suite_ptr = &data[pos];
- pos += suite_size;
-
- /* Point to the compression methods
- */
- DECR_LEN (len, 1);
- comp_size = data[pos++]; /* z is the number of compression methods */
-
- DECR_LEN (len, comp_size);
- comp_ptr = &data[pos];
- pos += comp_size;
-
- /* Parse the extensions (if any)
- *
- * Unconditionally try to parse extensions; safe renegotiation uses them in
- * sslv3 and higher, even though sslv3 doesn't officially support them.
- */
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION,
- &data[pos], len);
- /* len is the rest of the parsed length */
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_user_hello_func (session, adv_version);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_TLS, &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* resumed by session_ticket extension */
- if (session->internals.resumed != RESUME_FALSE)
- {
- /* to indicate the client that the current session is resumed */
- memcpy (session->internals.resumed_security_parameters.session_id,
- session_id, session_id_len);
- session->internals.resumed_security_parameters.session_id_size =
- session_id_len;
-
- session->internals.resumed_security_parameters.max_record_recv_size =
- session->security_parameters.max_record_recv_size;
- session->internals.resumed_security_parameters.max_record_send_size =
- session->security_parameters.max_record_send_size;
-
- ret = resume_copy_required_values (session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_user_hello_func (session, adv_version);
- }
-
- /* select an appropriate cipher suite
- */
- ret = _gnutls_server_select_suite (session, suite_ptr, suite_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* select appropriate compression method */
- ret = _gnutls_server_select_comp_method (session, comp_ptr, comp_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ uint8_t session_id_len;
+ int pos = 0, ret;
+ uint16_t suite_size, comp_size;
+ gnutls_protocol_t adv_version;
+ int neg_version;
+ int len = datalen;
+ uint8_t *suite_ptr, *comp_ptr, *session_id;
+
+ DECR_LEN(len, 2);
+
+ _gnutls_handshake_log("HSK[%p]: Client's version: %d.%d\n",
+ session, data[pos], data[pos + 1]);
+
+ adv_version = _gnutls_version_get(data[pos], data[pos + 1]);
+ set_adv_version(session, data[pos], data[pos + 1]);
+ pos += 2;
+
+ neg_version = _gnutls_negotiate_version(session, adv_version);
+ if (neg_version < 0) {
+ gnutls_assert();
+ return neg_version;
+ }
+
+ /* Read client random value.
+ */
+ DECR_LEN(len, GNUTLS_RANDOM_SIZE);
+ ret = _gnutls_set_client_random(session, &data[pos]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ pos += GNUTLS_RANDOM_SIZE;
+
+ ret = _gnutls_set_server_random(session, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->security_parameters.timestamp = gnutls_time(NULL);
+
+ DECR_LEN(len, 1);
+ session_id_len = data[pos++];
+
+ /* RESUME SESSION
+ */
+ if (session_id_len > TLS_MAX_SESSION_ID_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ DECR_LEN(len, session_id_len);
+ session_id = &data[pos];
+ pos += session_id_len;
+
+ if (IS_DTLS(session)) {
+ int cookie_size;
+
+ DECR_LEN(len, 1);
+ cookie_size = data[pos++];
+ DECR_LEN(len, cookie_size);
+ pos += cookie_size;
+ }
+
+ ret =
+ _gnutls_server_restore_session(session, session_id,
+ session_id_len);
+
+ if (session_id_len > 0)
+ session->internals.resumption_requested = 1;
+
+ if (ret == 0) { /* resumed using default TLS resumption! */
+ /* Parse only the safe renegotiation extension
+ * We don't want to parse any other extensions since
+ * we don't want new extension values to overwrite the
+ * resumed ones.
+ */
+
+ /* move forward to extensions */
+ DECR_LEN(len, 2);
+ suite_size = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ DECR_LEN(len, suite_size);
+ pos += suite_size;
+
+ DECR_LEN(len, 1);
+ comp_size = data[pos++]; /* z is the number of compression methods */
+ DECR_LEN(len, comp_size);
+ pos += comp_size;
+
+ ret =
+ _gnutls_parse_extensions(session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = resume_copy_required_values(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->internals.resumed = RESUME_TRUE;
+
+ return _gnutls_user_hello_func(session, adv_version);
+ } else {
+ _gnutls_generate_session_id(session->security_parameters.
+ session_id,
+ &session->security_parameters.
+ session_id_size);
+
+ session->internals.resumed = RESUME_FALSE;
+ }
+
+ /* Remember ciphersuites for later
+ */
+ DECR_LEN(len, 2);
+ suite_size = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ DECR_LEN(len, suite_size);
+ suite_ptr = &data[pos];
+ pos += suite_size;
+
+ /* Point to the compression methods
+ */
+ DECR_LEN(len, 1);
+ comp_size = data[pos++]; /* z is the number of compression methods */
+
+ DECR_LEN(len, comp_size);
+ comp_ptr = &data[pos];
+ pos += comp_size;
+
+ /* Parse the extensions (if any)
+ *
+ * Unconditionally try to parse extensions; safe renegotiation uses them in
+ * sslv3 and higher, even though sslv3 doesn't officially support them.
+ */
+ ret = _gnutls_parse_extensions(session, GNUTLS_EXT_APPLICATION,
+ &data[pos], len);
+ /* len is the rest of the parsed length */
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_user_hello_func(session, adv_version);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_parse_extensions(session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_parse_extensions(session, GNUTLS_EXT_TLS, &data[pos],
+ len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* resumed by session_ticket extension */
+ if (session->internals.resumed != RESUME_FALSE) {
+ /* to indicate the client that the current session is resumed */
+ memcpy(session->internals.resumed_security_parameters.
+ session_id, session_id, session_id_len);
+ session->internals.resumed_security_parameters.
+ session_id_size = session_id_len;
+
+ session->internals.resumed_security_parameters.
+ max_record_recv_size =
+ session->security_parameters.max_record_recv_size;
+ session->internals.resumed_security_parameters.
+ max_record_send_size =
+ session->security_parameters.max_record_send_size;
+
+ ret = resume_copy_required_values(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_user_hello_func(session, adv_version);
+ }
+
+ /* select an appropriate cipher suite
+ */
+ ret = _gnutls_server_select_suite(session, suite_ptr, suite_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* select appropriate compression method */
+ ret =
+ _gnutls_server_select_comp_method(session, comp_ptr,
+ comp_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/* This is to be called after sending CHANGE CIPHER SPEC packet
* and initializing encryption. This is the first encrypted message
* we send.
*/
-static int
-_gnutls_send_finished (gnutls_session_t session, int again)
+static int _gnutls_send_finished(gnutls_session_t session, int again)
{
- mbuffer_st *bufel;
- uint8_t *data;
- int ret;
- size_t vdata_size = 0;
- const version_entry_st* vers;
-
- if (again == 0)
- {
- bufel = _gnutls_handshake_alloc (session, MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- data = _mbuffer_get_udata_ptr (bufel);
-
- vers = get_version(session);
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (vers->id == GNUTLS_SSL3)
- {
- ret =
- _gnutls_ssl3_finished (session,
- session->security_parameters.entity, data, 1);
- _mbuffer_set_udata_size (bufel, 36);
- }
- else
- { /* TLS 1.0+ */
- ret = _gnutls_finished (session,
- session->security_parameters.entity, data, 1);
- _mbuffer_set_udata_size (bufel, 12);
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- vdata_size = _mbuffer_get_udata_size (bufel);
-
- ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if ((session->internals.resumed == RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_CLIENT)
- || (session->internals.resumed != RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_SERVER))
- {
- /* if we are a client not resuming - or we are a server resuming */
- _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n",
- session);
- memcpy (session->internals.cb_tls_unique, data, vdata_size);
- session->internals.cb_tls_unique_len = vdata_size;
- }
-
- ret =
- _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
- }
- else
- {
- ret = _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_FINISHED);
- }
-
- return ret;
+ mbuffer_st *bufel;
+ uint8_t *data;
+ int ret;
+ size_t vdata_size = 0;
+ const version_entry_st *vers;
+
+ if (again == 0) {
+ bufel =
+ _gnutls_handshake_alloc(session, MAX_VERIFY_DATA_SIZE,
+ MAX_VERIFY_DATA_SIZE);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ data = _mbuffer_get_udata_ptr(bufel);
+
+ vers = get_version(session);
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (vers->id == GNUTLS_SSL3) {
+ ret =
+ _gnutls_ssl3_finished(session,
+ session->
+ security_parameters.
+ entity, data, 1);
+ _mbuffer_set_udata_size(bufel, 36);
+ } else { /* TLS 1.0+ */
+ ret = _gnutls_finished(session,
+ session->
+ security_parameters.entity,
+ data, 1);
+ _mbuffer_set_udata_size(bufel, 12);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ vdata_size = _mbuffer_get_udata_size(bufel);
+
+ ret =
+ _gnutls_ext_sr_finished(session, data, vdata_size, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity ==
+ GNUTLS_CLIENT)
+ || (session->internals.resumed != RESUME_FALSE
+ && session->security_parameters.entity ==
+ GNUTLS_SERVER)) {
+ /* if we are a client not resuming - or we are a server resuming */
+ _gnutls_handshake_log
+ ("HSK[%p]: recording tls-unique CB (send)\n",
+ session);
+ memcpy(session->internals.cb_tls_unique, data,
+ vdata_size);
+ session->internals.cb_tls_unique_len = vdata_size;
+ }
+
+ ret =
+ _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_FINISHED);
+ } else {
+ ret =
+ _gnutls_send_handshake(session, NULL,
+ GNUTLS_HANDSHAKE_FINISHED);
+ }
+
+ return ret;
}
/* This is to be called after sending our finished message. If everything
* went fine we have negotiated a secure connection
*/
-static int
-_gnutls_recv_finished (gnutls_session_t session)
+static int _gnutls_recv_finished(gnutls_session_t session)
{
- uint8_t data[MAX_VERIFY_DATA_SIZE], *vrfy;
- gnutls_buffer_st buf;
- int data_size;
- int ret;
- int vrfy_size;
- const version_entry_st* vers = get_version (session);
-
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret =
- _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_FINISHED,
- 0, &buf);
- if (ret < 0)
- {
- ERR ("recv finished int", ret);
- gnutls_assert ();
- return ret;
- }
-
- vrfy = buf.data;
- vrfy_size = buf.length;
-
- if (vers->id == GNUTLS_SSL3)
- data_size = 36;
- else
- data_size = 12;
-
- if (vrfy_size != data_size)
- {
- gnutls_assert ();
- ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
- goto cleanup;
- }
-
- if (vers->id == GNUTLS_SSL3)
- {
- ret =
- _gnutls_ssl3_finished (session,
- (session->security_parameters.entity + 1) % 2,
- data, 0);
- }
- else
- { /* TLS 1.0 */
- ret =
- _gnutls_finished (session,
- (session->security_parameters.entity +
- 1) % 2, data, 0);
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (memcmp (vrfy, data, data_size) != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
- goto cleanup;
- }
-
- ret = _gnutls_ext_sr_finished (session, data, data_size, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((session->internals.resumed != RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_CLIENT)
- || (session->internals.resumed == RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_SERVER))
- {
- /* if we are a client resuming - or we are a server not resuming */
- _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (recv)\n",
- session);
- memcpy (session->internals.cb_tls_unique, data, data_size);
- session->internals.cb_tls_unique_len = data_size;
- }
-
-
- session->internals.initial_negotiation_completed = 1;
-
-cleanup:
- _gnutls_buffer_clear(&buf);
-
- return ret;
+ uint8_t data[MAX_VERIFY_DATA_SIZE], *vrfy;
+ gnutls_buffer_st buf;
+ int data_size;
+ int ret;
+ int vrfy_size;
+ const version_entry_st *vers = get_version(session);
+
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret =
+ _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_FINISHED,
+ 0, &buf);
+ if (ret < 0) {
+ ERR("recv finished int", ret);
+ gnutls_assert();
+ return ret;
+ }
+
+ vrfy = buf.data;
+ vrfy_size = buf.length;
+
+ if (vers->id == GNUTLS_SSL3)
+ data_size = 36;
+ else
+ data_size = 12;
+
+ if (vrfy_size != data_size) {
+ gnutls_assert();
+ ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ goto cleanup;
+ }
+
+ if (vers->id == GNUTLS_SSL3) {
+ ret =
+ _gnutls_ssl3_finished(session,
+ (session->security_parameters.
+ entity + 1) % 2, data, 0);
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_finished(session,
+ (session->security_parameters.entity +
+ 1) % 2, data, 0);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (memcmp(vrfy, data, data_size) != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ goto cleanup;
+ }
+
+ ret = _gnutls_ext_sr_finished(session, data, data_size, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((session->internals.resumed != RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_SERVER)) {
+ /* if we are a client resuming - or we are a server not resuming */
+ _gnutls_handshake_log
+ ("HSK[%p]: recording tls-unique CB (recv)\n", session);
+ memcpy(session->internals.cb_tls_unique, data, data_size);
+ session->internals.cb_tls_unique_len = data_size;
+ }
+
+
+ session->internals.initial_negotiation_completed = 1;
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+
+ return ret;
}
/* returns PK_RSA if the given cipher suite list only supports,
* RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none.
*/
static int
-server_find_pk_algos_in_ciphersuites (const uint8_t *
- data, unsigned int datalen,
- gnutls_pk_algorithm_t * algos,
- size_t* algos_size)
+server_find_pk_algos_in_ciphersuites(const uint8_t *
+ data, unsigned int datalen,
+ gnutls_pk_algorithm_t * algos,
+ size_t * algos_size)
{
- unsigned int j, x;
- gnutls_kx_algorithm_t kx;
- gnutls_pk_algorithm_t pk;
- unsigned found;
- unsigned int max = *algos_size;
-
- if (datalen % 2 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- *algos_size = 0;
- for (j = 0; j < datalen; j += 2)
- {
- kx = _gnutls_cipher_suite_get_kx_algo (&data[j]);
- if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE)
- {
- pk = _gnutls_map_pk_get_pk (kx);
- found = 0;
- for (x=0;x<*algos_size;x++)
- {
- if (algos[x] == pk)
- {
- found = 1;
- break;
- }
- }
-
- if (found == 0)
- {
- algos[(*algos_size)++] = _gnutls_map_pk_get_pk (kx);
- if ((*algos_size) >= max)
- return 0;
- }
- }
- }
-
- return 0;
+ unsigned int j, x;
+ gnutls_kx_algorithm_t kx;
+ gnutls_pk_algorithm_t pk;
+ unsigned found;
+ unsigned int max = *algos_size;
+
+ if (datalen % 2 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ *algos_size = 0;
+ for (j = 0; j < datalen; j += 2) {
+ kx = _gnutls_cipher_suite_get_kx_algo(&data[j]);
+ if (_gnutls_map_kx_get_cred(kx, 1) ==
+ GNUTLS_CRD_CERTIFICATE) {
+ pk = _gnutls_map_pk_get_pk(kx);
+ found = 0;
+ for (x = 0; x < *algos_size; x++) {
+ if (algos[x] == pk) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (found == 0) {
+ algos[(*algos_size)++] =
+ _gnutls_map_pk_get_pk(kx);
+ if ((*algos_size) >= max)
+ return 0;
+ }
+ }
+ }
+
+ return 0;
}
/* This selects the best supported ciphersuite from the given ones. Then
* it adds the suite to the session and performs some checks.
*/
int
-_gnutls_server_select_suite (gnutls_session_t session, uint8_t * data,
- unsigned int datalen)
+_gnutls_server_select_suite(gnutls_session_t session, uint8_t * data,
+ unsigned int datalen)
{
- int ret;
- unsigned int i, j, cipher_suites_size;
- size_t pk_algos_size;
- uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE];
- int retval, err;
- gnutls_pk_algorithm_t pk_algos[MAX_ALGOS]; /* will hold the pk algorithms
- * supported by the peer.
- */
-
- /* First, check for safe renegotiation SCSV.
- */
- if (session->internals.priorities.sr != SR_DISABLED)
- {
- unsigned int offset;
-
- for (offset = 0; offset < datalen; offset += 2)
- {
- /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
- if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
- data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Received safe renegotiation CS\n", session);
- retval = _gnutls_ext_sr_recv_cs (session);
- if (retval < 0)
- {
- gnutls_assert ();
- return retval;
- }
- break;
- }
- }
- }
-
- pk_algos_size = MAX_ALGOS;
- ret = server_find_pk_algos_in_ciphersuites (data, datalen, pk_algos, &pk_algos_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- cipher_suites_size = ret;
-
- /* Here we remove any ciphersuite that does not conform
- * the certificate requested, or to the
- * authentication requested (e.g. SRP).
- */
- ret = _gnutls_remove_unwanted_ciphersuites (session, cipher_suites, cipher_suites_size, pk_algos, pk_algos_size);
- if (ret <= 0)
- {
- gnutls_assert ();
- if (ret < 0)
- return ret;
- else
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
-
- cipher_suites_size = ret;
-
- /* Data length should be zero mod 2 since
- * every ciphersuite is 2 bytes. (this check is needed
- * see below).
- */
- if (datalen % 2 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- memset (session->security_parameters.cipher_suite, 0, 2);
-
- retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
-
- _gnutls_handshake_log ("HSK[%p]: Requested cipher suites[size: %d]: \n", session, (int)datalen);
-
- if (session->internals.priorities.server_precedence == 0)
- {
- for (j = 0; j < datalen; j += 2)
- {
- _gnutls_handshake_log ("\t0x%.2x, 0x%.2x %s\n", data[j], data[j+1], _gnutls_cipher_suite_get_name (&data[j]));
- for (i = 0; i < cipher_suites_size; i+=2)
- {
- if (memcmp (&cipher_suites[i], &data[j], 2) == 0)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name (&data[j]));
- memcpy (session->security_parameters.cipher_suite,
- &cipher_suites[i], 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- session->
- security_parameters.cipher_suite);
-
-
- retval = 0;
- goto finish;
- }
- }
- }
- }
- else /* server selects */
- {
- for (i = 0; i < cipher_suites_size; i+=2)
- {
- for (j = 0; j < datalen; j += 2)
- {
- if (memcmp (&cipher_suites[i], &data[j], 2) == 0)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name (&data[j]));
- memcpy (session->security_parameters.cipher_suite,
- &cipher_suites[i], 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- session->
- security_parameters.cipher_suite);
-
-
- retval = 0;
- goto finish;
- }
- }
- }
- }
-finish:
-
- if (retval != 0)
- {
- gnutls_assert ();
- return retval;
- }
-
- /* check if the credentials (username, public key etc.) are ok
- */
- if (_gnutls_get_kx_cred
- (session,
- _gnutls_cipher_suite_get_kx_algo (session->
- security_parameters.cipher_suite),
- &err) == NULL && err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
-
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
- if (session->internals.auth_struct == NULL)
- {
-
- _gnutls_handshake_log
- ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
- session);
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- return 0;
+ int ret;
+ unsigned int i, j, cipher_suites_size;
+ size_t pk_algos_size;
+ uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE];
+ int retval, err;
+ gnutls_pk_algorithm_t pk_algos[MAX_ALGOS]; /* will hold the pk algorithms
+ * supported by the peer.
+ */
+
+ /* First, check for safe renegotiation SCSV.
+ */
+ if (session->internals.priorities.sr != SR_DISABLED) {
+ unsigned int offset;
+
+ for (offset = 0; offset < datalen; offset += 2) {
+ /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
+ if (data[offset] ==
+ GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR
+ && data[offset + 1] ==
+ GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Received safe renegotiation CS\n",
+ session);
+ retval = _gnutls_ext_sr_recv_cs(session);
+ if (retval < 0) {
+ gnutls_assert();
+ return retval;
+ }
+ break;
+ }
+ }
+ }
+
+ pk_algos_size = MAX_ALGOS;
+ ret =
+ server_find_pk_algos_in_ciphersuites(data, datalen, pk_algos,
+ &pk_algos_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_supported_ciphersuites(session, cipher_suites,
+ sizeof(cipher_suites));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ cipher_suites_size = ret;
+
+ /* Here we remove any ciphersuite that does not conform
+ * the certificate requested, or to the
+ * authentication requested (e.g. SRP).
+ */
+ ret =
+ _gnutls_remove_unwanted_ciphersuites(session, cipher_suites,
+ cipher_suites_size,
+ pk_algos, pk_algos_size);
+ if (ret <= 0) {
+ gnutls_assert();
+ if (ret < 0)
+ return ret;
+ else
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ cipher_suites_size = ret;
+
+ /* Data length should be zero mod 2 since
+ * every ciphersuite is 2 bytes. (this check is needed
+ * see below).
+ */
+ if (datalen % 2 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ memset(session->security_parameters.cipher_suite, 0, 2);
+
+ retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Requested cipher suites[size: %d]: \n", session,
+ (int) datalen);
+
+ if (session->internals.priorities.server_precedence == 0) {
+ for (j = 0; j < datalen; j += 2) {
+ _gnutls_handshake_log("\t0x%.2x, 0x%.2x %s\n",
+ data[j], data[j + 1],
+ _gnutls_cipher_suite_get_name
+ (&data[j]));
+ for (i = 0; i < cipher_suites_size; i += 2) {
+ if (memcmp(&cipher_suites[i], &data[j], 2)
+ == 0) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected cipher suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (&data[j]));
+ memcpy(session->
+ security_parameters.
+ cipher_suite,
+ &cipher_suites[i], 2);
+ _gnutls_epoch_set_cipher_suite
+ (session, EPOCH_NEXT,
+ session->security_parameters.
+ cipher_suite);
+
+
+ retval = 0;
+ goto finish;
+ }
+ }
+ }
+ } else { /* server selects */
+
+ for (i = 0; i < cipher_suites_size; i += 2) {
+ for (j = 0; j < datalen; j += 2) {
+ if (memcmp(&cipher_suites[i], &data[j], 2)
+ == 0) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected cipher suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (&data[j]));
+ memcpy(session->
+ security_parameters.
+ cipher_suite,
+ &cipher_suites[i], 2);
+ _gnutls_epoch_set_cipher_suite
+ (session, EPOCH_NEXT,
+ session->security_parameters.
+ cipher_suite);
+
+
+ retval = 0;
+ goto finish;
+ }
+ }
+ }
+ }
+ finish:
+
+ if (retval != 0) {
+ gnutls_assert();
+ return retval;
+ }
+
+ /* check if the credentials (username, public key etc.) are ok
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
+ cipher_suite), &err) == NULL
+ && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+ if (session->internals.auth_struct == NULL) {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return 0;
}
@@ -1065,69 +1068,72 @@ finish:
/* This selects the best supported compression method from the ones provided
*/
static int
-_gnutls_server_select_comp_method (gnutls_session_t session,
- uint8_t * data, int datalen)
+_gnutls_server_select_comp_method(gnutls_session_t session,
+ uint8_t * data, int datalen)
{
- int x, i, j;
- uint8_t comps[MAX_ALGOS];
-
- x = _gnutls_supported_compression_methods (session, comps, MAX_ALGOS);
- if (x < 0)
- {
- gnutls_assert ();
- return x;
- }
-
- if (session->internals.priorities.server_precedence == 0)
- {
- for (j = 0; j < datalen; j++)
- {
- for (i = 0; i < x; i++)
- {
- if (comps[i] == data[j])
- {
- gnutls_compression_method_t method =
- _gnutls_compression_get_id (comps[i]);
-
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, method);
- session->security_parameters.compression_method = method;
-
- _gnutls_handshake_log
- ("HSK[%p]: Selected Compression Method: %s\n", session,
- gnutls_compression_get_name (method));
- return 0;
- }
- }
- }
- }
- else
- {
- for (i = 0; i < x; i++)
- {
- for (j = 0; j < datalen; j++)
- {
- if (comps[i] == data[j])
- {
- gnutls_compression_method_t method =
- _gnutls_compression_get_id (comps[i]);
-
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, method);
- session->security_parameters.compression_method = method;
-
- _gnutls_handshake_log
- ("HSK[%p]: Selected Compression Method: %s\n", session,
- gnutls_compression_get_name (method));
- return 0;
- }
- }
- }
- }
-
- /* we were not able to find a compatible compression
- * algorithm
- */
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ int x, i, j;
+ uint8_t comps[MAX_ALGOS];
+
+ x = _gnutls_supported_compression_methods(session, comps,
+ MAX_ALGOS);
+ if (x < 0) {
+ gnutls_assert();
+ return x;
+ }
+
+ if (session->internals.priorities.server_precedence == 0) {
+ for (j = 0; j < datalen; j++) {
+ for (i = 0; i < x; i++) {
+ if (comps[i] == data[j]) {
+ gnutls_compression_method_t method
+ =
+ _gnutls_compression_get_id
+ (comps[i]);
+
+ _gnutls_epoch_set_compression
+ (session, EPOCH_NEXT, method);
+ session->security_parameters.
+ compression_method = method;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected Compression Method: %s\n",
+ session,
+ gnutls_compression_get_name
+ (method));
+ return 0;
+ }
+ }
+ }
+ } else {
+ for (i = 0; i < x; i++) {
+ for (j = 0; j < datalen; j++) {
+ if (comps[i] == data[j]) {
+ gnutls_compression_method_t method
+ =
+ _gnutls_compression_get_id
+ (comps[i]);
+
+ _gnutls_epoch_set_compression
+ (session, EPOCH_NEXT, method);
+ session->security_parameters.
+ compression_method = method;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected Compression Method: %s\n",
+ session,
+ gnutls_compression_get_name
+ (method));
+ return 0;
+ }
+ }
+ }
+ }
+
+ /* we were not able to find a compatible compression
+ * algorithm
+ */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
}
@@ -1137,37 +1143,38 @@ _gnutls_server_select_comp_method (gnutls_session_t session,
* (until it returns ok), with NULL parameters.
*/
static int
-_gnutls_send_empty_handshake (gnutls_session_t session,
- gnutls_handshake_description_t type, int again)
+_gnutls_send_empty_handshake(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ int again)
{
- mbuffer_st *bufel;
-
- if (again == 0)
- {
- bufel = _gnutls_handshake_alloc (session, 0, 0);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- bufel = NULL;
-
- return _gnutls_send_handshake (session, bufel, type);
+ mbuffer_st *bufel;
+
+ if (again == 0) {
+ bufel = _gnutls_handshake_alloc(session, 0, 0);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else
+ bufel = NULL;
+
+ return _gnutls_send_handshake(session, bufel, type);
}
inline
-static int call_hook_func(gnutls_session_t session, gnutls_handshake_description_t type,
- int post, unsigned incoming)
+ static int call_hook_func(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ int post, unsigned incoming)
{
- if (session->internals.h_hook != NULL)
- {
- if ((session->internals.h_type == type || session->internals.h_type == GNUTLS_HANDSHAKE_ANY) &&
- (session->internals.h_post == post || session->internals.h_post == GNUTLS_HOOK_BOTH))
- return session->internals.h_hook(session, type, post, incoming);
- }
- return 0;
+ if (session->internals.h_hook != NULL) {
+ if ((session->internals.h_type == type
+ || session->internals.h_type == GNUTLS_HANDSHAKE_ANY)
+ && (session->internals.h_post == post
+ || session->internals.h_post == GNUTLS_HOOK_BOTH))
+ return session->internals.h_hook(session, type,
+ post, incoming);
+ }
+ return 0;
}
/* This function sends a handshake message of type 'type' containing the
@@ -1176,116 +1183,111 @@ static int call_hook_func(gnutls_session_t session, gnutls_handshake_description
* (until it returns ok), with NULL parameters.
*/
int
-_gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
- gnutls_handshake_description_t type)
+_gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel,
+ gnutls_handshake_description_t type)
{
- int ret, ret2;
- uint8_t *data;
- uint32_t datasize, i_datasize;
- int pos = 0;
-
- if (bufel == NULL)
- {
- /* we are resuming a previously interrupted
- * send.
- */
- ret = _gnutls_handshake_io_write_flush (session);
- return ret;
-
- }
-
- /* first run */
- data = _mbuffer_get_uhead_ptr (bufel);
- i_datasize = _mbuffer_get_udata_size(bufel);
- datasize = i_datasize + _mbuffer_get_uhead_size (bufel);
-
- data[pos++] = (uint8_t) type;
- _gnutls_write_uint24 (_mbuffer_get_udata_size (bufel), &data[pos]);
- pos += 3;
-
- /* Add DTLS handshake fragment headers. The message will be
- * fragmented later by the fragmentation sub-layer. All fields must
- * be set properly for HMAC. The HMAC requires we pretend that the
- * message was sent in a single fragment. */
- if (IS_DTLS(session))
- {
- _gnutls_write_uint16 (session->internals.dtls.hsk_write_seq++, &data[pos]);
- pos += 2;
-
- /* Fragment offset */
- _gnutls_write_uint24 (0, &data[pos]);
- pos += 3;
-
- /* Fragment length */
- _gnutls_write_uint24 (i_datasize, &data[pos]);
- /* pos += 3; */
- }
-
- _gnutls_handshake_log ("HSK[%p]: %s was queued [%ld bytes]\n",
- session, _gnutls_handshake2str (type),
- (long) datasize);
-
- /* Here we keep the handshake messages in order to hash them...
- */
- if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
- if ((ret =
- _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0)
- {
- gnutls_assert ();
- _mbuffer_xfree(&bufel);
- return ret;
- }
-
- ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- _mbuffer_xfree(&bufel);
- return ret;
- }
-
- session->internals.last_handshake_out = type;
-
- ret = _gnutls_handshake_io_cache_int (session, type, bufel);
- if (ret < 0)
- {
- _mbuffer_xfree(&bufel);
- gnutls_assert();
- return ret;
- }
-
- switch (type)
- {
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
- * or ClientKeyExchange always.
- */
- case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
- case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
- case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
-
- /* now for client Certificate, ClientKeyExchange and
- * CertificateVerify are always followed by ChangeCipherSpec
- */
- case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
- case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
- ret = 0;
- break;
- default:
- /* send cached messages */
- ret = _gnutls_handshake_io_write_flush (session);
- break;
- }
-
- ret2 = call_hook_func(session, type, GNUTLS_HOOK_POST, 0);
- if (ret2 < 0)
- {
- gnutls_assert ();
- return ret2;
- }
-
- return ret;
+ int ret, ret2;
+ uint8_t *data;
+ uint32_t datasize, i_datasize;
+ int pos = 0;
+
+ if (bufel == NULL) {
+ /* we are resuming a previously interrupted
+ * send.
+ */
+ ret = _gnutls_handshake_io_write_flush(session);
+ return ret;
+
+ }
+
+ /* first run */
+ data = _mbuffer_get_uhead_ptr(bufel);
+ i_datasize = _mbuffer_get_udata_size(bufel);
+ datasize = i_datasize + _mbuffer_get_uhead_size(bufel);
+
+ data[pos++] = (uint8_t) type;
+ _gnutls_write_uint24(_mbuffer_get_udata_size(bufel), &data[pos]);
+ pos += 3;
+
+ /* Add DTLS handshake fragment headers. The message will be
+ * fragmented later by the fragmentation sub-layer. All fields must
+ * be set properly for HMAC. The HMAC requires we pretend that the
+ * message was sent in a single fragment. */
+ if (IS_DTLS(session)) {
+ _gnutls_write_uint16(session->internals.dtls.
+ hsk_write_seq++, &data[pos]);
+ pos += 2;
+
+ /* Fragment offset */
+ _gnutls_write_uint24(0, &data[pos]);
+ pos += 3;
+
+ /* Fragment length */
+ _gnutls_write_uint24(i_datasize, &data[pos]);
+ /* pos += 3; */
+ }
+
+ _gnutls_handshake_log("HSK[%p]: %s was queued [%ld bytes]\n",
+ session, _gnutls_handshake2str(type),
+ (long) datasize);
+
+ /* Here we keep the handshake messages in order to hash them...
+ */
+ if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ if ((ret =
+ _gnutls_handshake_hash_add_sent(session, type, data,
+ datasize)) < 0) {
+ gnutls_assert();
+ _mbuffer_xfree(&bufel);
+ return ret;
+ }
+
+ ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ _mbuffer_xfree(&bufel);
+ return ret;
+ }
+
+ session->internals.last_handshake_out = type;
+
+ ret = _gnutls_handshake_io_cache_int(session, type, bufel);
+ if (ret < 0) {
+ _mbuffer_xfree(&bufel);
+ gnutls_assert();
+ return ret;
+ }
+
+ switch (type) {
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
+ * or ClientKeyExchange always.
+ */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
+ case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
+
+ /* now for client Certificate, ClientKeyExchange and
+ * CertificateVerify are always followed by ChangeCipherSpec
+ */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ ret = 0;
+ break;
+ default:
+ /* send cached messages */
+ ret = _gnutls_handshake_io_write_flush(session);
+ break;
+ }
+
+ ret2 = call_hook_func(session, type, GNUTLS_HOOK_POST, 0);
+ if (ret2 < 0) {
+ gnutls_assert();
+ return ret2;
+ }
+
+ return ret;
}
#define CHECK_SIZE(ll) \
@@ -1299,88 +1301,90 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
* for the finished messages calculations.
*/
static int
-_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
- gnutls_handshake_description_t recv_type,
- uint8_t * header, uint16_t header_size,
- uint8_t * dataptr, uint32_t datalen)
+_gnutls_handshake_hash_add_recvd(gnutls_session_t session,
+ gnutls_handshake_description_t recv_type,
+ uint8_t * header, uint16_t header_size,
+ uint8_t * dataptr, uint32_t datalen)
{
- int ret;
- const version_entry_st* vers = get_version (session);
-
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if ((vers->id != GNUTLS_DTLS0_9 &&
- recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST) ||
- recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
- return 0;
-
- CHECK_SIZE(header_size + datalen);
-
- session->internals.handshake_hash_buffer_prev_len = session->internals.handshake_hash_buffer.length;
-
- if (vers->id != GNUTLS_DTLS0_9)
- {
- ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer,
- header, header_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- if (datalen > 0)
- {
- ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer,
- dataptr, datalen);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- return 0;
+ int ret;
+ const version_entry_st *vers = get_version(session);
+
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if ((vers->id != GNUTLS_DTLS0_9 &&
+ recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST) ||
+ recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ return 0;
+
+ CHECK_SIZE(header_size + datalen);
+
+ session->internals.handshake_hash_buffer_prev_len =
+ session->internals.handshake_hash_buffer.length;
+
+ if (vers->id != GNUTLS_DTLS0_9) {
+ ret =
+ _gnutls_buffer_append_data(&session->internals.
+ handshake_hash_buffer,
+ header, header_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ if (datalen > 0) {
+ ret =
+ _gnutls_buffer_append_data(&session->internals.
+ handshake_hash_buffer,
+ dataptr, datalen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return 0;
}
/* This function will store the handshake message we sent.
*/
static int
-_gnutls_handshake_hash_add_sent (gnutls_session_t session,
- gnutls_handshake_description_t type,
- uint8_t * dataptr, uint32_t datalen)
+_gnutls_handshake_hash_add_sent(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ uint8_t * dataptr, uint32_t datalen)
{
- int ret;
- const version_entry_st* vers = get_version (session);
-
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it
- * is not sent via that channel.
- */
- if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
- {
- CHECK_SIZE(datalen);
-
- if (vers->id == GNUTLS_DTLS0_9)
- {
- /* Old DTLS doesn't include the header in the MAC */
- if (datalen < 12)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- dataptr += 12;
- datalen -= 12;
-
- if (datalen == 0)
- return 0;
- }
-
- ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer,
- dataptr, datalen);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
- }
-
- return 0;
+ int ret;
+ const version_entry_st *vers = get_version(session);
+
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it
+ * is not sent via that channel.
+ */
+ if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) {
+ CHECK_SIZE(datalen);
+
+ if (vers->id == GNUTLS_DTLS0_9) {
+ /* Old DTLS doesn't include the header in the MAC */
+ if (datalen < 12) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ dataptr += 12;
+ datalen -= 12;
+
+ if (datalen == 0)
+ return 0;
+ }
+
+ ret =
+ _gnutls_buffer_append_data(&session->internals.
+ handshake_hash_buffer,
+ dataptr, datalen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
+ }
+
+ return 0;
}
/* This function will receive handshake messages of the given types,
@@ -1389,250 +1393,245 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session,
* passed to _gnutls_recv_hello().
*/
int
-_gnutls_recv_handshake (gnutls_session_t session,
- gnutls_handshake_description_t type,
- unsigned int optional, gnutls_buffer_st* buf)
+_gnutls_recv_handshake(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ unsigned int optional, gnutls_buffer_st * buf)
{
- int ret, ret2;
- handshake_buffer_st hsk;
-
- ret =
- _gnutls_handshake_io_recv_int (session, type, &hsk, optional);
- if (ret < 0)
- {
- if (optional != 0 && ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
- {
- if (buf) _gnutls_buffer_init(buf);
- return 0;
- }
-
- return gnutls_assert_val_fatal(ret);
- }
-
- session->internals.last_handshake_in = hsk.htype;
-
- ret = call_hook_func(session, hsk.htype, GNUTLS_HOOK_PRE, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_handshake_hash_add_recvd (session, hsk.htype,
- hsk.header, hsk.header_size,
- hsk.data.data, hsk.data.length);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- switch (hsk.htype)
- {
- case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
- case GNUTLS_HANDSHAKE_CLIENT_HELLO:
- case GNUTLS_HANDSHAKE_SERVER_HELLO:
- if (hsk.htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
- ret = _gnutls_read_client_hello_v2 (session, hsk.data.data, hsk.data.length);
- else
- ret = _gnutls_recv_hello (session, hsk.data.data, hsk.data.length);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- break;
- case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
- ret = _gnutls_recv_hello_verify_request (session, hsk.data.data, hsk.data.length);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- else
- {
- /* Signal our caller we have received a verification cookie
- and ClientHello needs to be sent again. */
- ret = 1;
- }
-
- break;
- case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
- if (hsk.data.length == 0)
- ret = 0;
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- goto cleanup;
- }
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
- case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
- case GNUTLS_HANDSHAKE_FINISHED:
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
- case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
- case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
- case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
- case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
- ret = hsk.data.length;
- break;
- default:
- gnutls_assert ();
- /* we shouldn't actually arrive here in any case .
- * unexpected messages should be catched after _gnutls_handshake_io_recv_int()
- */
- ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
- goto cleanup;
- }
-
- ret2 = call_hook_func(session, hsk.htype, GNUTLS_HOOK_POST, 1);
- if (ret2 < 0)
- {
- ret = ret2;
- gnutls_assert ();
- goto cleanup;
- }
-
- if (buf)
- {
- *buf = hsk.data;
- return ret;
- }
-
-cleanup:
- _gnutls_handshake_buffer_clear (&hsk);
- return ret;
+ int ret, ret2;
+ handshake_buffer_st hsk;
+
+ ret = _gnutls_handshake_io_recv_int(session, type, &hsk, optional);
+ if (ret < 0) {
+ if (optional != 0
+ && ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) {
+ if (buf)
+ _gnutls_buffer_init(buf);
+ return 0;
+ }
+
+ return gnutls_assert_val_fatal(ret);
+ }
+
+ session->internals.last_handshake_in = hsk.htype;
+
+ ret = call_hook_func(session, hsk.htype, GNUTLS_HOOK_PRE, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_handshake_hash_add_recvd(session, hsk.htype,
+ hsk.header, hsk.header_size,
+ hsk.data.data,
+ hsk.data.length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ switch (hsk.htype) {
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+ case GNUTLS_HANDSHAKE_SERVER_HELLO:
+ if (hsk.htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
+ ret =
+ _gnutls_read_client_hello_v2(session,
+ hsk.data.data,
+ hsk.data.length);
+ else
+ ret =
+ _gnutls_recv_hello(session, hsk.data.data,
+ hsk.data.length);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ break;
+ case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
+ ret =
+ _gnutls_recv_hello_verify_request(session,
+ hsk.data.data,
+ hsk.data.length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ } else {
+ /* Signal our caller we have received a verification cookie
+ and ClientHello needs to be sent again. */
+ ret = 1;
+ }
+
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
+ if (hsk.data.length == 0)
+ ret = 0;
+ else {
+ gnutls_assert();
+ ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto cleanup;
+ }
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+ case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
+ case GNUTLS_HANDSHAKE_FINISHED:
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
+ ret = hsk.data.length;
+ break;
+ default:
+ gnutls_assert();
+ /* we shouldn't actually arrive here in any case .
+ * unexpected messages should be catched after _gnutls_handshake_io_recv_int()
+ */
+ ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ goto cleanup;
+ }
+
+ ret2 = call_hook_func(session, hsk.htype, GNUTLS_HOOK_POST, 1);
+ if (ret2 < 0) {
+ ret = ret2;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (buf) {
+ *buf = hsk.data;
+ return ret;
+ }
+
+ cleanup:
+ _gnutls_handshake_buffer_clear(&hsk);
+ return ret;
}
/* This function checks if the given cipher suite is supported, and sets it
* to the session;
*/
static int
-_gnutls_client_set_ciphersuite (gnutls_session_t session, uint8_t suite[2])
+_gnutls_client_set_ciphersuite(gnutls_session_t session, uint8_t suite[2])
{
- uint8_t z;
- uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE];
- int cipher_suite_size;
- int i, err;
-
- z = 1;
- cipher_suite_size = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites));
- if (cipher_suite_size < 0)
- {
- gnutls_assert ();
- return cipher_suite_size;
- }
-
- for (i = 0; i < cipher_suite_size; i+=2)
- {
- if (memcmp (&cipher_suites[i], suite, 2) == 0)
- {
- z = 0;
- break;
- }
- }
-
- if (z != 0)
- {
- gnutls_assert ();
- _gnutls_handshake_log("HSK[%p]: unsupported cipher suite %.2X.%.2X\n", session,
- (unsigned int)suite[0], (unsigned int)suite[1]);
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
-
- memcpy (session->security_parameters.cipher_suite, suite, 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- session->
- security_parameters.cipher_suite);
-
- _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name
- (session->
- security_parameters.cipher_suite));
-
-
- /* check if the credentials (username, public key etc.) are ok.
- * Actually checks if they exist.
- */
- if (!session->internals.premaster_set &&
- _gnutls_get_kx_cred
- (session,
- _gnutls_cipher_suite_get_kx_algo
- (session->security_parameters.cipher_suite), &err) == NULL
- && err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
-
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
-
- if (session->internals.auth_struct == NULL)
- {
-
- _gnutls_handshake_log
- ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
- session);
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
-
- return 0;
+ uint8_t z;
+ uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE];
+ int cipher_suite_size;
+ int i, err;
+
+ z = 1;
+ cipher_suite_size =
+ _gnutls_supported_ciphersuites(session, cipher_suites,
+ sizeof(cipher_suites));
+ if (cipher_suite_size < 0) {
+ gnutls_assert();
+ return cipher_suite_size;
+ }
+
+ for (i = 0; i < cipher_suite_size; i += 2) {
+ if (memcmp(&cipher_suites[i], suite, 2) == 0) {
+ z = 0;
+ break;
+ }
+ }
+
+ if (z != 0) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: unsupported cipher suite %.2X.%.2X\n",
+ session, (unsigned int) suite[0],
+ (unsigned int) suite[1]);
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ memcpy(session->security_parameters.cipher_suite, suite, 2);
+ _gnutls_epoch_set_cipher_suite(session, EPOCH_NEXT,
+ session->security_parameters.
+ cipher_suite);
+
+ _gnutls_handshake_log("HSK[%p]: Selected cipher suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (session->security_parameters.cipher_suite));
+
+
+ /* check if the credentials (username, public key etc.) are ok.
+ * Actually checks if they exist.
+ */
+ if (!session->internals.premaster_set &&
+ _gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.cipher_suite), &err) == NULL
+ && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+
+ if (session->internals.auth_struct == NULL) {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+ return 0;
}
/* This function sets the given comp method to the session.
*/
static int
-_gnutls_client_set_comp_method (gnutls_session_t session, uint8_t comp_method)
+_gnutls_client_set_comp_method(gnutls_session_t session,
+ uint8_t comp_method)
{
- int comp_methods_num;
- uint8_t compression_methods[MAX_ALGOS];
- int id = _gnutls_compression_get_id(comp_method);
- int i;
-
- _gnutls_handshake_log ("HSK[%p]: Selected compression method: %s (%d)\n", session,
- gnutls_compression_get_name(id), (int)comp_method);
-
- comp_methods_num = _gnutls_supported_compression_methods (session,
- compression_methods, MAX_ALGOS);
- if (comp_methods_num < 0)
- {
- gnutls_assert ();
- return comp_methods_num;
- }
-
- for (i = 0; i < comp_methods_num; i++)
- {
- if (compression_methods[i] == comp_method)
- {
- comp_methods_num = 0;
- break;
- }
- }
-
- if (comp_methods_num != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
- session->security_parameters.compression_method = id;
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, id);
-
- return 0;
+ int comp_methods_num;
+ uint8_t compression_methods[MAX_ALGOS];
+ int id = _gnutls_compression_get_id(comp_method);
+ int i;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected compression method: %s (%d)\n", session,
+ gnutls_compression_get_name(id), (int) comp_method);
+
+ comp_methods_num = _gnutls_supported_compression_methods(session,
+ compression_methods,
+ MAX_ALGOS);
+ if (comp_methods_num < 0) {
+ gnutls_assert();
+ return comp_methods_num;
+ }
+
+ for (i = 0; i < comp_methods_num; i++) {
+ if (compression_methods[i] == comp_method) {
+ comp_methods_num = 0;
+ break;
+ }
+ }
+
+ if (comp_methods_num != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ session->security_parameters.compression_method = id;
+ _gnutls_epoch_set_compression(session, EPOCH_NEXT, id);
+
+ return 0;
}
/* This function returns 0 if we are resuming a session or -1 otherwise.
@@ -1640,54 +1639,57 @@ _gnutls_client_set_comp_method (gnutls_session_t session, uint8_t comp_method)
* hello.
*/
static int
-_gnutls_client_check_if_resuming (gnutls_session_t session,
- uint8_t * session_id, int session_id_len)
+_gnutls_client_check_if_resuming(gnutls_session_t session,
+ uint8_t * session_id, int session_id_len)
{
- char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
-
- _gnutls_handshake_log ("HSK[%p]: SessionID length: %d\n", session,
- session_id_len);
- _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
- _gnutls_bin2hex (session_id, session_id_len, buf,
- sizeof (buf), NULL));
-
- if ((session->internals.resumption_requested != 0 ||
- session->internals.premaster_set != 0) &&
- session_id_len > 0 &&
- session->internals.resumed_security_parameters.session_id_size ==
- session_id_len
- && memcmp (session_id,
- session->internals.resumed_security_parameters.session_id,
- session_id_len) == 0)
- {
- /* resume session */
- memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- _gnutls_epoch_set_cipher_suite
- (session, EPOCH_NEXT,
- session->internals.
- resumed_security_parameters.cipher_suite);
- _gnutls_epoch_set_compression (session, EPOCH_NEXT,
- session->
- internals.resumed_security_parameters.compression_method);
-
- session->internals.resumed = RESUME_TRUE; /* we are resuming */
-
- return 0;
- }
- else
- {
- /* keep the new session id */
- session->internals.resumed = RESUME_FALSE; /* we are not resuming */
- session->security_parameters.session_id_size = session_id_len;
- memcpy (session->security_parameters.session_id,
- session_id, session_id_len);
-
- return -1;
- }
+ char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
+
+ _gnutls_handshake_log("HSK[%p]: SessionID length: %d\n", session,
+ session_id_len);
+ _gnutls_handshake_log("HSK[%p]: SessionID: %s\n", session,
+ _gnutls_bin2hex(session_id, session_id_len,
+ buf, sizeof(buf), NULL));
+
+ if ((session->internals.resumption_requested != 0 ||
+ session->internals.premaster_set != 0) &&
+ session_id_len > 0 &&
+ session->internals.resumed_security_parameters.
+ session_id_size == session_id_len
+ && memcmp(session_id,
+ session->internals.resumed_security_parameters.
+ session_id, session_id_len) == 0) {
+ /* resume session */
+ memcpy(session->internals.resumed_security_parameters.
+ server_random,
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(session->internals.resumed_security_parameters.
+ client_random,
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ _gnutls_epoch_set_cipher_suite
+ (session, EPOCH_NEXT,
+ session->internals.resumed_security_parameters.
+ cipher_suite);
+ _gnutls_epoch_set_compression(session, EPOCH_NEXT,
+ session->internals.
+ resumed_security_parameters.
+ compression_method);
+
+ session->internals.resumed = RESUME_TRUE; /* we are resuming */
+
+ return 0;
+ } else {
+ /* keep the new session id */
+ session->internals.resumed = RESUME_FALSE; /* we are not resuming */
+ session->security_parameters.session_id_size =
+ session_id_len;
+ memcpy(session->security_parameters.session_id, session_id,
+ session_id_len);
+
+ return -1;
+ }
}
@@ -1696,113 +1698,106 @@ _gnutls_client_check_if_resuming (gnutls_session_t session,
* session.
*/
static int
-_gnutls_read_server_hello (gnutls_session_t session,
- uint8_t * data, int datalen)
+_gnutls_read_server_hello(gnutls_session_t session,
+ uint8_t * data, int datalen)
{
- uint8_t session_id_len = 0;
- int pos = 0;
- int ret = 0;
- gnutls_protocol_t version;
- int len = datalen;
-
- if (datalen < 38)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- _gnutls_handshake_log ("HSK[%p]: Server's version: %d.%d\n",
- session, data[pos], data[pos + 1]);
-
- DECR_LEN (len, 2);
- version = _gnutls_version_get (data[pos], data[pos + 1]);
- if (_gnutls_version_is_supported (session, version) == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- else
- {
- _gnutls_set_current_version (session, version);
- }
-
- pos += 2;
-
- DECR_LEN (len, GNUTLS_RANDOM_SIZE);
- ret = _gnutls_set_server_random (session, &data[pos]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- pos += GNUTLS_RANDOM_SIZE;
-
-
- /* Read session ID
- */
- DECR_LEN (len, 1);
- session_id_len = data[pos++];
-
- if (len < session_id_len)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- DECR_LEN (len, session_id_len);
-
- /* check if we are resuming and set the appropriate
- * values;
- */
- if (_gnutls_client_check_if_resuming
- (session, &data[pos], session_id_len) == 0)
- {
- pos += session_id_len + 2 + 1;
- DECR_LEN (len, 2 + 1);
-
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return 0;
- }
-
- pos += session_id_len;
-
- /* Check if the given cipher suite is supported and copy
- * it to the session.
- */
-
- DECR_LEN (len, 2);
- ret = _gnutls_client_set_ciphersuite (session, &data[pos]);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- pos += 2;
-
- /* move to compression
- */
- DECR_LEN (len, 1);
-
- ret = _gnutls_client_set_comp_method (session, data[pos++]);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
- /* Parse extensions.
- */
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_ANY, &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ uint8_t session_id_len = 0;
+ int pos = 0;
+ int ret = 0;
+ gnutls_protocol_t version;
+ int len = datalen;
+
+ if (datalen < 38) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ _gnutls_handshake_log("HSK[%p]: Server's version: %d.%d\n",
+ session, data[pos], data[pos + 1]);
+
+ DECR_LEN(len, 2);
+ version = _gnutls_version_get(data[pos], data[pos + 1]);
+ if (_gnutls_version_is_supported(session, version) == 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ } else {
+ _gnutls_set_current_version(session, version);
+ }
+
+ pos += 2;
+
+ DECR_LEN(len, GNUTLS_RANDOM_SIZE);
+ ret = _gnutls_set_server_random(session, &data[pos]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ pos += GNUTLS_RANDOM_SIZE;
+
+
+ /* Read session ID
+ */
+ DECR_LEN(len, 1);
+ session_id_len = data[pos++];
+
+ if (len < session_id_len) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ DECR_LEN(len, session_id_len);
+
+ /* check if we are resuming and set the appropriate
+ * values;
+ */
+ if (_gnutls_client_check_if_resuming
+ (session, &data[pos], session_id_len) == 0) {
+ pos += session_id_len + 2 + 1;
+ DECR_LEN(len, 2 + 1);
+
+ ret =
+ _gnutls_parse_extensions(session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return 0;
+ }
+
+ pos += session_id_len;
+
+ /* Check if the given cipher suite is supported and copy
+ * it to the session.
+ */
+
+ DECR_LEN(len, 2);
+ ret = _gnutls_client_set_ciphersuite(session, &data[pos]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ pos += 2;
+
+ /* move to compression
+ */
+ DECR_LEN(len, 1);
+
+ ret = _gnutls_client_set_comp_method(session, data[pos++]);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ /* Parse extensions.
+ */
+ ret =
+ _gnutls_parse_extensions(session, GNUTLS_EXT_ANY, &data[pos],
+ len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
@@ -1811,52 +1806,56 @@ _gnutls_read_server_hello (gnutls_session_t session,
* true, add the special safe renegotiation CS.
*/
static int
-_gnutls_copy_ciphersuites (gnutls_session_t session,
- gnutls_buffer_st * cdata,
- int add_scsv)
+_gnutls_copy_ciphersuites(gnutls_session_t session,
+ gnutls_buffer_st * cdata, int add_scsv)
{
- int ret;
- uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE+2];
- int cipher_suites_size;
- size_t init_length = cdata->length;
-
- ret = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites)-2);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Here we remove any ciphersuite that does not conform
- * the certificate requested, or to the
- * authentication requested (eg SRP).
- */
- ret =
- _gnutls_remove_unwanted_ciphersuites (session, cipher_suites, ret, NULL, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* If no cipher suites were enabled.
- */
- if (ret == 0)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- cipher_suites_size = ret;
- if (add_scsv)
- {
- cipher_suites[cipher_suites_size] = 0x00;
- cipher_suites[cipher_suites_size+1] = 0xff;
- cipher_suites_size += 2;
-
- ret = _gnutls_ext_sr_send_cs (session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- ret = _gnutls_buffer_append_data_prefix(cdata, 16, cipher_suites, cipher_suites_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = cdata->length - init_length;
-
- return ret;
+ int ret;
+ uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE + 2];
+ int cipher_suites_size;
+ size_t init_length = cdata->length;
+
+ ret =
+ _gnutls_supported_ciphersuites(session, cipher_suites,
+ sizeof(cipher_suites) - 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Here we remove any ciphersuite that does not conform
+ * the certificate requested, or to the
+ * authentication requested (eg SRP).
+ */
+ ret =
+ _gnutls_remove_unwanted_ciphersuites(session, cipher_suites,
+ ret, NULL, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* If no cipher suites were enabled.
+ */
+ if (ret == 0)
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ cipher_suites_size = ret;
+ if (add_scsv) {
+ cipher_suites[cipher_suites_size] = 0x00;
+ cipher_suites[cipher_suites_size + 1] = 0xff;
+ cipher_suites_size += 2;
+
+ ret = _gnutls_ext_sr_send_cs(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(cdata, 16, cipher_suites,
+ cipher_suites_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = cdata->length - init_length;
+
+ return ret;
}
@@ -1864,31 +1863,36 @@ _gnutls_copy_ciphersuites (gnutls_session_t session,
* Needed in hello messages. Returns the new data length.
*/
static int
-_gnutls_copy_comp_methods (gnutls_session_t session,
- gnutls_buffer_st * cdata)
+_gnutls_copy_comp_methods(gnutls_session_t session,
+ gnutls_buffer_st * cdata)
{
- int ret;
- uint8_t compression_methods[MAX_ALGOS], comp_num;
- size_t init_length = cdata->length;
+ int ret;
+ uint8_t compression_methods[MAX_ALGOS], comp_num;
+ size_t init_length = cdata->length;
- ret = _gnutls_supported_compression_methods (session, compression_methods, MAX_ALGOS);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_supported_compression_methods(session,
+ compression_methods,
+ MAX_ALGOS);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- comp_num = ret;
+ comp_num = ret;
- /* put the number of compression methods */
- ret = _gnutls_buffer_append_prefix(cdata, 8, comp_num);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ /* put the number of compression methods */
+ ret = _gnutls_buffer_append_prefix(cdata, 8, comp_num);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_data(cdata, compression_methods, comp_num);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_buffer_append_data(cdata, compression_methods,
+ comp_num);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = cdata->length - init_length;
+ ret = cdata->length - init_length;
- return ret;
+ return ret;
}
/* This should be sufficient by now. It should hold all the extensions
@@ -1898,314 +1902,323 @@ _gnutls_copy_comp_methods (gnutls_session_t session,
/* This function sends the client hello handshake message.
*/
-static int
-_gnutls_send_client_hello (gnutls_session_t session, int again)
+static int _gnutls_send_client_hello(gnutls_session_t session, int again)
{
- mbuffer_st *bufel = NULL;
- uint8_t *data = NULL;
- int pos = 0, type;
- int datalen = 0, ret = 0;
- const version_entry_st* hver;
- gnutls_buffer_st extdata;
- int rehandshake = 0;
- uint8_t session_id_len =
- session->internals.resumed_security_parameters.session_id_size;
- uint8_t cookie_len;
-
- _gnutls_buffer_init(&extdata);
-
- /* note that rehandshake is different than resuming
- */
- if (session->security_parameters.session_id_size)
- rehandshake = 1;
-
- if (again == 0)
- {
- if(IS_DTLS(session))
- {
- cookie_len = session->internals.dtls.cookie_len + 1;
- }
- else
- {
- cookie_len = 0;
- }
-
- datalen = 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE + cookie_len;
- /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE)
- */
-
- bufel = _gnutls_handshake_alloc (session, datalen, datalen+MAX_EXT_DATA_LENGTH);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- data = _mbuffer_get_udata_ptr (bufel);
-
- /* if we are resuming a session then we set the
- * version number to the previously established.
- */
- if (session->internals.resumption_requested == 0 &&
- session->internals.premaster_set == 0)
- {
- if (rehandshake) /* already negotiated version thus version_max == negotiated version */
- hver = get_version(session);
- else /* new handshake. just get the max */
- hver = version_to_entry(_gnutls_version_max (session));
- }
- else
- {
- /* we are resuming a session */
- hver = session->internals.resumed_security_parameters.pversion;
- }
-
- if (hver == NULL)
- {
- gnutls_assert ();
- gnutls_free (bufel);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- data[pos++] = hver->major;
- data[pos++] = hver->minor;
-
- /* Set the version we advertized as maximum
- * (RSA uses it).
- */
- set_adv_version (session, hver->major, hver->minor);
- _gnutls_set_current_version (session, hver->id);
-
- if (session->internals.priorities.ssl3_record_version != 0)
- {
- /* Advertize the SSL 3.0 record packet version in
- * record packets during the handshake.
- * That is to avoid confusing implementations
- * that do not support TLS 1.2 and don't know
- * how 3,3 version of record packets look like.
- */
- if (!IS_DTLS(session))
- _gnutls_record_set_default_version (session, 3, 0);
- else if (hver->id == GNUTLS_DTLS0_9)
- _gnutls_record_set_default_version (session, 1, 0);
- else
- _gnutls_record_set_default_version (session, 254, 255);
- }
-
- /* In order to know when this session was initiated.
- */
- session->security_parameters.timestamp = gnutls_time (NULL);
-
- /* Generate random data
- */
- if (!IS_DTLS (session)
- || session->internals.dtls.hsk_hello_verify_requests == 0)
- {
- ret = _gnutls_set_client_random (session, NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- memcpy (&data[pos], session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
- }
- else
- memcpy (&data[pos], session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- pos += GNUTLS_RANDOM_SIZE;
-
- /* Copy the Session ID
- */
- data[pos++] = session_id_len;
-
- if (session_id_len > 0)
- {
- memcpy (&data[pos],
- session->internals.resumed_security_parameters.session_id,
- session_id_len);
- pos += session_id_len;
- }
-
- /* Copy the DTLS cookie
- */
- if (IS_DTLS(session))
- {
- data[pos++] = session->internals.dtls.cookie_len;
- memcpy(&data[pos], &session->internals.dtls.cookie, session->internals.dtls.cookie_len);
- /* pos += session->internals.dtls.cookie_len; */
- }
-
- /* Copy the ciphersuites.
- *
- * If using SSLv3 Send TLS_RENEGO_PROTECTION_REQUEST SCSV for MITM
- * prevention on initial negotiation (but not renegotiation; that's
- * handled with the RI extension below).
- */
- if (!session->internals.initial_negotiation_completed &&
- session->security_parameters.entity == GNUTLS_CLIENT &&
- (hver->id == GNUTLS_SSL3 ||
- session->internals.priorities.no_extensions != 0))
- {
- ret =
- _gnutls_copy_ciphersuites (session, &extdata, TRUE);
- _gnutls_extension_list_add (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
- }
- else
- ret = _gnutls_copy_ciphersuites (session, &extdata, FALSE);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Copy the compression methods.
- */
- ret = _gnutls_copy_comp_methods (session, &extdata);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Generate and copy TLS extensions.
- */
- if (session->internals.priorities.no_extensions == 0)
- {
- if (_gnutls_version_has_extensions (hver))
- type = GNUTLS_EXT_ANY;
- else
- {
- if (session->internals.initial_negotiation_completed != 0)
- type = GNUTLS_EXT_MANDATORY;
- else
- type = GNUTLS_EXT_NONE;
- }
-
- ret = _gnutls_gen_extensions (session, &extdata, type);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- }
-
- ret = _mbuffer_append_data (bufel, extdata.data, extdata.length);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- _gnutls_buffer_clear(&extdata);
-
- return
- _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO);
-
-cleanup:
- _mbuffer_xfree(&bufel);
- _gnutls_buffer_clear(&extdata);
- return ret;
+ mbuffer_st *bufel = NULL;
+ uint8_t *data = NULL;
+ int pos = 0, type;
+ int datalen = 0, ret = 0;
+ const version_entry_st *hver;
+ gnutls_buffer_st extdata;
+ int rehandshake = 0;
+ uint8_t session_id_len =
+ session->internals.resumed_security_parameters.session_id_size;
+ uint8_t cookie_len;
+
+ _gnutls_buffer_init(&extdata);
+
+ /* note that rehandshake is different than resuming
+ */
+ if (session->security_parameters.session_id_size)
+ rehandshake = 1;
+
+ if (again == 0) {
+ if (IS_DTLS(session)) {
+ cookie_len =
+ session->internals.dtls.cookie_len + 1;
+ } else {
+ cookie_len = 0;
+ }
+
+ datalen =
+ 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE +
+ cookie_len;
+ /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE)
+ */
+
+ bufel =
+ _gnutls_handshake_alloc(session, datalen,
+ datalen + MAX_EXT_DATA_LENGTH);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ data = _mbuffer_get_udata_ptr(bufel);
+
+ /* if we are resuming a session then we set the
+ * version number to the previously established.
+ */
+ if (session->internals.resumption_requested == 0 &&
+ session->internals.premaster_set == 0) {
+ if (rehandshake) /* already negotiated version thus version_max == negotiated version */
+ hver = get_version(session);
+ else /* new handshake. just get the max */
+ hver =
+ version_to_entry(_gnutls_version_max
+ (session));
+ } else {
+ /* we are resuming a session */
+ hver =
+ session->internals.resumed_security_parameters.
+ pversion;
+ }
+
+ if (hver == NULL) {
+ gnutls_assert();
+ gnutls_free(bufel);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ data[pos++] = hver->major;
+ data[pos++] = hver->minor;
+
+ /* Set the version we advertized as maximum
+ * (RSA uses it).
+ */
+ set_adv_version(session, hver->major, hver->minor);
+ _gnutls_set_current_version(session, hver->id);
+
+ if (session->internals.priorities.ssl3_record_version != 0) {
+ /* Advertize the SSL 3.0 record packet version in
+ * record packets during the handshake.
+ * That is to avoid confusing implementations
+ * that do not support TLS 1.2 and don't know
+ * how 3,3 version of record packets look like.
+ */
+ if (!IS_DTLS(session))
+ _gnutls_record_set_default_version(session,
+ 3, 0);
+ else if (hver->id == GNUTLS_DTLS0_9)
+ _gnutls_record_set_default_version(session,
+ 1, 0);
+ else
+ _gnutls_record_set_default_version(session,
+ 254,
+ 255);
+ }
+
+ /* In order to know when this session was initiated.
+ */
+ session->security_parameters.timestamp = gnutls_time(NULL);
+
+ /* Generate random data
+ */
+ if (!IS_DTLS(session)
+ || session->internals.dtls.hsk_hello_verify_requests ==
+ 0) {
+ ret = _gnutls_set_client_random(session, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ memcpy(&data[pos],
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ } else
+ memcpy(&data[pos],
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ pos += GNUTLS_RANDOM_SIZE;
+
+ /* Copy the Session ID
+ */
+ data[pos++] = session_id_len;
+
+ if (session_id_len > 0) {
+ memcpy(&data[pos],
+ session->internals.
+ resumed_security_parameters.session_id,
+ session_id_len);
+ pos += session_id_len;
+ }
+
+ /* Copy the DTLS cookie
+ */
+ if (IS_DTLS(session)) {
+ data[pos++] = session->internals.dtls.cookie_len;
+ memcpy(&data[pos], &session->internals.dtls.cookie,
+ session->internals.dtls.cookie_len);
+ /* pos += session->internals.dtls.cookie_len; */
+ }
+
+ /* Copy the ciphersuites.
+ *
+ * If using SSLv3 Send TLS_RENEGO_PROTECTION_REQUEST SCSV for MITM
+ * prevention on initial negotiation (but not renegotiation; that's
+ * handled with the RI extension below).
+ */
+ if (!session->internals.initial_negotiation_completed &&
+ session->security_parameters.entity == GNUTLS_CLIENT &&
+ (hver->id == GNUTLS_SSL3 ||
+ session->internals.priorities.no_extensions != 0)) {
+ ret =
+ _gnutls_copy_ciphersuites(session, &extdata,
+ TRUE);
+ _gnutls_extension_list_add(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
+ } else
+ ret =
+ _gnutls_copy_ciphersuites(session, &extdata,
+ FALSE);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Copy the compression methods.
+ */
+ ret = _gnutls_copy_comp_methods(session, &extdata);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Generate and copy TLS extensions.
+ */
+ if (session->internals.priorities.no_extensions == 0) {
+ if (_gnutls_version_has_extensions(hver))
+ type = GNUTLS_EXT_ANY;
+ else {
+ if (session->internals.
+ initial_negotiation_completed != 0)
+ type = GNUTLS_EXT_MANDATORY;
+ else
+ type = GNUTLS_EXT_NONE;
+ }
+
+ ret =
+ _gnutls_gen_extensions(session, &extdata,
+ type);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ }
+
+ ret =
+ _mbuffer_append_data(bufel, extdata.data,
+ extdata.length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ _gnutls_buffer_clear(&extdata);
+
+ return
+ _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO);
+
+ cleanup:
+ _mbuffer_xfree(&bufel);
+ _gnutls_buffer_clear(&extdata);
+ return ret;
}
-static int
-_gnutls_send_server_hello (gnutls_session_t session, int again)
+static int _gnutls_send_server_hello(gnutls_session_t session, int again)
{
- mbuffer_st *bufel = NULL;
- uint8_t *data = NULL;
- gnutls_buffer_st extdata;
- int pos = 0;
- int datalen, ret = 0;
- uint8_t comp;
- uint8_t session_id_len = session->security_parameters.session_id_size;
- char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
- const version_entry_st* vers;
-
- _gnutls_buffer_init(&extdata);
-
- if (again == 0)
- {
- datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
- ret =
- _gnutls_gen_extensions (session, &extdata,
- (session->internals.resumed==RESUME_TRUE)?
- GNUTLS_EXT_MANDATORY:GNUTLS_EXT_ANY);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- bufel = _gnutls_handshake_alloc (session, datalen + extdata.length, datalen + extdata.length);
- if (bufel == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto fail;
- }
- data = _mbuffer_get_udata_ptr (bufel);
-
- vers = get_version(session);
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- data[pos++] = vers->major;
- data[pos++] = vers->minor;
-
- memcpy (&data[pos],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- pos += GNUTLS_RANDOM_SIZE;
-
- data[pos++] = session_id_len;
- if (session_id_len > 0)
- {
- memcpy (&data[pos], session->security_parameters.session_id,
- session_id_len);
- }
- pos += session_id_len;
-
- _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
- _gnutls_bin2hex (session->security_parameters.
- session_id, session_id_len, buf,
- sizeof (buf), NULL));
-
- memcpy (&data[pos],
- session->security_parameters.cipher_suite, 2);
- pos += 2;
-
- comp = _gnutls_compression_get_num ( session->security_parameters.compression_method);
- data[pos++] = comp;
-
- if (extdata.length > 0)
- {
- memcpy (&data[pos], extdata.data, extdata.length);
- }
- }
-
- ret =
- _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_SERVER_HELLO);
-
-fail:
- _gnutls_buffer_clear(&extdata);
- return ret;
+ mbuffer_st *bufel = NULL;
+ uint8_t *data = NULL;
+ gnutls_buffer_st extdata;
+ int pos = 0;
+ int datalen, ret = 0;
+ uint8_t comp;
+ uint8_t session_id_len =
+ session->security_parameters.session_id_size;
+ char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
+ const version_entry_st *vers;
+
+ _gnutls_buffer_init(&extdata);
+
+ if (again == 0) {
+ datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
+ ret =
+ _gnutls_gen_extensions(session, &extdata,
+ (session->internals.resumed ==
+ RESUME_TRUE) ?
+ GNUTLS_EXT_MANDATORY :
+ GNUTLS_EXT_ANY);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ bufel =
+ _gnutls_handshake_alloc(session,
+ datalen + extdata.length,
+ datalen + extdata.length);
+ if (bufel == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
+ data = _mbuffer_get_udata_ptr(bufel);
+
+ vers = get_version(session);
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ data[pos++] = vers->major;
+ data[pos++] = vers->minor;
+
+ memcpy(&data[pos],
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ pos += GNUTLS_RANDOM_SIZE;
+
+ data[pos++] = session_id_len;
+ if (session_id_len > 0) {
+ memcpy(&data[pos],
+ session->security_parameters.session_id,
+ session_id_len);
+ }
+ pos += session_id_len;
+
+ _gnutls_handshake_log("HSK[%p]: SessionID: %s\n", session,
+ _gnutls_bin2hex(session->
+ security_parameters.session_id,
+ session_id_len, buf,
+ sizeof(buf), NULL));
+
+ memcpy(&data[pos],
+ session->security_parameters.cipher_suite, 2);
+ pos += 2;
+
+ comp =
+ _gnutls_compression_get_num(session->
+ security_parameters.
+ compression_method);
+ data[pos++] = comp;
+
+ if (extdata.length > 0) {
+ memcpy(&data[pos], extdata.data, extdata.length);
+ }
+ }
+
+ ret =
+ _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_SERVER_HELLO);
+
+ fail:
+ _gnutls_buffer_clear(&extdata);
+ return ret;
}
-int
-_gnutls_send_hello (gnutls_session_t session, int again)
+int _gnutls_send_hello(gnutls_session_t session, int again)
{
- int ret;
+ int ret;
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- ret = _gnutls_send_client_hello (session, again);
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ ret = _gnutls_send_client_hello(session, again);
- }
- else
- { /* SERVER */
- ret = _gnutls_send_server_hello (session, again);
- }
+ } else { /* SERVER */
+ ret = _gnutls_send_server_hello(session, again);
+ }
- return ret;
+ return ret;
}
/* RECEIVE A HELLO MESSAGE. This should be called from gnutls_recv_handshake_int only if a
@@ -2213,94 +2226,84 @@ _gnutls_send_hello (gnutls_session_t session, int again)
* and internals.compression_method.
*/
int
-_gnutls_recv_hello (gnutls_session_t session, uint8_t * data, int datalen)
+_gnutls_recv_hello(gnutls_session_t session, uint8_t * data, int datalen)
{
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- ret = _gnutls_read_server_hello (session, data, datalen);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- else
- { /* Server side reading a client hello */
-
- ret = _gnutls_read_client_hello (session, data, datalen);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = _gnutls_ext_sr_verify (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ ret = _gnutls_read_server_hello(session, data, datalen);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ } else { /* Server side reading a client hello */
+
+ ret = _gnutls_read_client_hello(session, data, datalen);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_ext_sr_verify(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
static int
-_gnutls_recv_hello_verify_request (gnutls_session_t session,
- uint8_t * data, int datalen)
+_gnutls_recv_hello_verify_request(gnutls_session_t session,
+ uint8_t * data, int datalen)
{
- ssize_t len = datalen;
- size_t pos = 0;
- uint8_t cookie_len;
- unsigned int nb_verifs;
-
- if (!IS_DTLS (session)
- || session->security_parameters.entity == GNUTLS_SERVER)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- nb_verifs = ++session->internals.dtls.hsk_hello_verify_requests;
- if (nb_verifs >= MAX_HANDSHAKE_HELLO_VERIFY_REQUESTS)
- {
- /* The server is either buggy, malicious or changing cookie
- secrets _way_ too fast. */
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
-
- /* TODO: determine if we need to do anything with the server version field */
- DECR_LEN (len, 2);
- pos += 2;
-
- DECR_LEN (len, 1);
- cookie_len = data[pos];
- pos++;
-
- if (cookie_len > DTLS_MAX_COOKIE_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- DECR_LEN (len, cookie_len);
-
- session->internals.dtls.cookie_len = cookie_len;
- memcpy (session->internals.dtls.cookie, &data[pos], cookie_len);
-
- if (len != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- /* reset handshake hash buffers */
- _gnutls_handshake_hash_buffer_empty (session);
-
- return 0;
+ ssize_t len = datalen;
+ size_t pos = 0;
+ uint8_t cookie_len;
+ unsigned int nb_verifs;
+
+ if (!IS_DTLS(session)
+ || session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ nb_verifs = ++session->internals.dtls.hsk_hello_verify_requests;
+ if (nb_verifs >= MAX_HANDSHAKE_HELLO_VERIFY_REQUESTS) {
+ /* The server is either buggy, malicious or changing cookie
+ secrets _way_ too fast. */
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+ /* TODO: determine if we need to do anything with the server version field */
+ DECR_LEN(len, 2);
+ pos += 2;
+
+ DECR_LEN(len, 1);
+ cookie_len = data[pos];
+ pos++;
+
+ if (cookie_len > DTLS_MAX_COOKIE_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ DECR_LEN(len, cookie_len);
+
+ session->internals.dtls.cookie_len = cookie_len;
+ memcpy(session->internals.dtls.cookie, &data[pos], cookie_len);
+
+ if (len != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ /* reset handshake hash buffers */
+ _gnutls_handshake_hash_buffer_empty(session);
+
+ return 0;
}
/* The packets in gnutls_handshake (it's more broad than original TLS handshake)
@@ -2368,113 +2371,110 @@ _gnutls_recv_hello_verify_request (gnutls_session_t session,
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
-int
-gnutls_rehandshake (gnutls_session_t session)
+int gnutls_rehandshake(gnutls_session_t session)
{
- int ret;
+ int ret;
- /* only server sends that handshake packet */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return GNUTLS_E_INVALID_REQUEST;
+ /* only server sends that handshake packet */
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ return GNUTLS_E_INVALID_REQUEST;
- _dtls_async_timer_delete(session);
+ _dtls_async_timer_delete(session);
- ret =
- _gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
- AGAIN (STATE50));
- STATE = STATE50;
+ ret =
+ _gnutls_send_empty_handshake(session,
+ GNUTLS_HANDSHAKE_HELLO_REQUEST,
+ AGAIN(STATE50));
+ STATE = STATE50;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- STATE = STATE0;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ STATE = STATE0;
- return 0;
+ return 0;
}
inline static int
-_gnutls_abort_handshake (gnutls_session_t session, int ret)
+_gnutls_abort_handshake(gnutls_session_t session, int ret)
{
- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
- (gnutls_alert_get (session) == GNUTLS_A_NO_RENEGOTIATION))
- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
- return 0;
+ if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+ (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+ || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+ return 0;
- /* this doesn't matter */
- return GNUTLS_E_INTERNAL_ERROR;
+ /* this doesn't matter */
+ return GNUTLS_E_INTERNAL_ERROR;
}
-static int
-_gnutls_send_supplemental (gnutls_session_t session, int again)
+static int _gnutls_send_supplemental(gnutls_session_t session, int again)
{
- mbuffer_st *bufel;
- int ret = 0;
-
- _gnutls_debug_log ("EXT[%p]: Sending supplemental data\n", session);
-
- if (again)
- ret =
- _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_SUPPLEMENTAL);
- else
- {
- gnutls_buffer_st buf;
- _gnutls_buffer_init (&buf);
-
- ret = _gnutls_gen_supplemental (session, &buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- bufel = _gnutls_handshake_alloc(session, buf.length, buf.length);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _mbuffer_set_udata (bufel, buf.data, buf.length);
- _gnutls_buffer_clear (&buf);
-
- ret = _gnutls_send_handshake (session, bufel,
- GNUTLS_HANDSHAKE_SUPPLEMENTAL);
- }
-
- return ret;
+ mbuffer_st *bufel;
+ int ret = 0;
+
+ _gnutls_debug_log("EXT[%p]: Sending supplemental data\n", session);
+
+ if (again)
+ ret =
+ _gnutls_send_handshake(session, NULL,
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL);
+ else {
+ gnutls_buffer_st buf;
+ _gnutls_buffer_init(&buf);
+
+ ret = _gnutls_gen_supplemental(session, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ bufel =
+ _gnutls_handshake_alloc(session, buf.length,
+ buf.length);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _mbuffer_set_udata(bufel, buf.data, buf.length);
+ _gnutls_buffer_clear(&buf);
+
+ ret = _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL);
+ }
+
+ return ret;
}
-static int
-_gnutls_recv_supplemental (gnutls_session_t session)
+static int _gnutls_recv_supplemental(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret;
-
- _gnutls_debug_log ("EXT[%p]: Expecting supplemental data\n", session);
-
- ret = _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_SUPPLEMENTAL,
- 1, &buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_parse_supplemental (session, buf.data, buf.length);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
-cleanup:
- _gnutls_buffer_clear(&buf);
-
- return ret;
+ gnutls_buffer_st buf;
+ int ret;
+
+ _gnutls_debug_log("EXT[%p]: Expecting supplemental data\n",
+ session);
+
+ ret =
+ _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_SUPPLEMENTAL,
+ 1, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_parse_supplemental(session, buf.data, buf.length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+
+ return ret;
}
/**
@@ -2505,73 +2505,66 @@ cleanup:
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
-int
-gnutls_handshake (gnutls_session_t session)
+int gnutls_handshake(gnutls_session_t session)
{
- int ret;
- record_parameters_st *params;
-
- /* sanity check. Verify that there are priorities setup.
- */
- if (session->internals.priorities.protocol.algorithms == 0)
- return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
-
- if (session->internals.handshake_timeout_ms &&
- session->internals.handshake_endtime == 0)
- session->internals.handshake_endtime = gnutls_time(0) +
- session->internals.handshake_timeout_ms / 1000;
-
- ret = _gnutls_epoch_get (session, session->security_parameters.epoch_next,
- &params);
- if (ret < 0)
- {
- /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */
- ret =
- _gnutls_epoch_alloc (session, session->security_parameters.epoch_next,
- NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- do
- {
- ret = _gnutls_handshake_client (session);
- } while (ret == 1);
- }
- else
- {
- ret = _gnutls_handshake_server (session);
- }
- if (ret < 0)
- {
- /* In the case of a rehandshake abort
- * we should reset the handshake's internal state.
- */
- if (_gnutls_abort_handshake (session, ret) == 0)
- STATE = STATE0;
-
- return ret;
- }
-
- /* clear handshake buffer */
- _gnutls_handshake_hash_buffers_clear (session);
-
- if (IS_DTLS(session)==0)
- {
- _gnutls_handshake_io_buffer_clear (session);
- }
- else
- {
- _dtls_async_timer_init(session);
- }
-
- _gnutls_handshake_internal_state_clear (session);
-
- session->security_parameters.epoch_next++;
-
- return 0;
+ int ret;
+ record_parameters_st *params;
+
+ /* sanity check. Verify that there are priorities setup.
+ */
+ if (session->internals.priorities.protocol.algorithms == 0)
+ return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
+
+ if (session->internals.handshake_timeout_ms &&
+ session->internals.handshake_endtime == 0)
+ session->internals.handshake_endtime = gnutls_time(0) +
+ session->internals.handshake_timeout_ms / 1000;
+
+ ret =
+ _gnutls_epoch_get(session,
+ session->security_parameters.epoch_next,
+ &params);
+ if (ret < 0) {
+ /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */
+ ret =
+ _gnutls_epoch_alloc(session,
+ session->security_parameters.
+ epoch_next, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ do {
+ ret = _gnutls_handshake_client(session);
+ } while (ret == 1);
+ } else {
+ ret = _gnutls_handshake_server(session);
+ }
+ if (ret < 0) {
+ /* In the case of a rehandshake abort
+ * we should reset the handshake's internal state.
+ */
+ if (_gnutls_abort_handshake(session, ret) == 0)
+ STATE = STATE0;
+
+ return ret;
+ }
+
+ /* clear handshake buffer */
+ _gnutls_handshake_hash_buffers_clear(session);
+
+ if (IS_DTLS(session) == 0) {
+ _gnutls_handshake_io_buffer_clear(session);
+ } else {
+ _dtls_async_timer_init(session);
+ }
+
+ _gnutls_handshake_internal_state_clear(session);
+
+ session->security_parameters.epoch_next++;
+
+ return 0;
}
/**
@@ -2589,11 +2582,11 @@ gnutls_handshake (gnutls_session_t session)
*
**/
void
-gnutls_handshake_set_timeout (gnutls_session_t session, unsigned int ms)
+gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
{
- if (ms == GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT)
- ms = 40*1000;
- session->internals.handshake_timeout_ms = ms;
+ if (ms == GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT)
+ ms = 40 * 1000;
+ session->internals.handshake_timeout_ms = ms;
}
@@ -2616,218 +2609,220 @@ gnutls_handshake_set_timeout (gnutls_session_t session, unsigned int ms)
*/
static int run_verify_callback(gnutls_session_t session, unsigned int side)
{
- gnutls_certificate_credentials_t cred;
- int ret, type;
-
- cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
- GNUTLS_CRD_CERTIFICATE,
- NULL);
-
- if (side == GNUTLS_CLIENT)
- type = gnutls_auth_server_get_type(session);
- else
- type = gnutls_auth_client_get_type(session);
-
- if (type != GNUTLS_CRD_CERTIFICATE)
- return 0;
-
- if (cred != NULL && cred->verify_callback != NULL &&
- (session->security_parameters.entity == GNUTLS_CLIENT ||
- session->internals.send_cert_req != GNUTLS_CERT_IGNORE))
- {
- ret = cred->verify_callback (session);
- if (ret < -1)
- return ret;
- else if (ret != 0)
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- return 0;
+ gnutls_certificate_credentials_t cred;
+ int ret, type;
+
+ cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred(session,
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
+
+ if (side == GNUTLS_CLIENT)
+ type = gnutls_auth_server_get_type(session);
+ else
+ type = gnutls_auth_client_get_type(session);
+
+ if (type != GNUTLS_CRD_CERTIFICATE)
+ return 0;
+
+ if (cred != NULL && cred->verify_callback != NULL &&
+ (session->security_parameters.entity == GNUTLS_CLIENT ||
+ session->internals.send_cert_req != GNUTLS_CERT_IGNORE)) {
+ ret = cred->verify_callback(session);
+ if (ret < -1)
+ return ret;
+ else if (ret != 0)
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ return 0;
}
/*
* _gnutls_handshake_client
* This function performs the client side of the handshake of the TLS/SSL protocol.
*/
-static int
-_gnutls_handshake_client (gnutls_session_t session)
+static int _gnutls_handshake_client(gnutls_session_t session)
{
- int ret = 0;
+ int ret = 0;
#ifdef HANDSHAKE_DEBUG
- char buf[64];
-
- if (session->internals.resumed_security_parameters.session_id_size > 0)
- _gnutls_handshake_log ("HSK[%p]: Ask to resume: %s\n", session,
- _gnutls_bin2hex (session->
- internals.resumed_security_parameters.session_id,
- session->
- internals.resumed_security_parameters.session_id_size,
- buf, sizeof (buf), NULL));
+ char buf[64];
+
+ if (session->internals.resumed_security_parameters.
+ session_id_size > 0)
+ _gnutls_handshake_log("HSK[%p]: Ask to resume: %s\n",
+ session,
+ _gnutls_bin2hex(session->internals.
+ resumed_security_parameters.
+ session_id,
+ session->internals.
+ resumed_security_parameters.
+ session_id_size, buf,
+ sizeof(buf), NULL));
#endif
- switch (STATE)
- {
- case STATE0:
- case STATE1:
- ret = _gnutls_send_hello (session, AGAIN (STATE1));
- STATE = STATE1;
- IMED_RET ("send hello", ret, 1);
-
- case STATE2:
- if (IS_DTLS (session))
- {
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST,
- 1, NULL);
- STATE = STATE2;
- IMED_RET ("recv hello verify", ret, 1);
-
- if (ret == 1)
- {
- STATE = STATE0;
- return 1;
- }
- }
- case STATE3:
- /* receive the server hello */
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_HELLO,
- 0, NULL);
- STATE = STATE3;
- IMED_RET ("recv hello", ret, 1);
-
- case STATE4:
- if (session->security_parameters.do_recv_supplemental)
- {
- ret = _gnutls_recv_supplemental (session);
- STATE = STATE4;
- IMED_RET ("recv supplemental", ret, 1);
- }
-
- case STATE5:
- /* RECV CERTIFICATE */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_certificate (session);
- STATE = STATE5;
- IMED_RET ("recv server certificate", ret, 1);
-
- case STATE6:
- /* RECV CERTIFICATE STATUS */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_certificate_status (session);
- STATE = STATE6;
- IMED_RET ("recv server certificate", ret, 1);
-
- case STATE7:
- ret = run_verify_callback(session, GNUTLS_CLIENT);
- STATE = STATE7;
- if (ret < 0)
- return gnutls_assert_val(ret);
- case STATE8:
- /* receive the server key exchange */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_kx_message (session);
- STATE = STATE8;
- IMED_RET ("recv server kx message", ret, 1);
-
- case STATE9:
- /* receive the server certificate request - if any
- */
-
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_crt_request (session);
- STATE = STATE9;
- IMED_RET ("recv server certificate request message", ret, 1);
-
- case STATE10:
- /* receive the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- 0, NULL);
- STATE = STATE10;
- IMED_RET ("recv server hello done", ret, 1);
-
- case STATE11:
- if (session->security_parameters.do_send_supplemental)
- {
- ret = _gnutls_send_supplemental (session, AGAIN (STATE11));
- STATE = STATE11;
- IMED_RET ("send supplemental", ret, 0);
- }
-
- case STATE12:
- /* send our certificate - if any and if requested
- */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_send_client_certificate (session, AGAIN (STATE12));
- STATE = STATE12;
- IMED_RET ("send client certificate", ret, 0);
-
- case STATE13:
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_send_client_kx_message (session, AGAIN (STATE13));
- STATE = STATE13;
- IMED_RET ("send client kx", ret, 0);
-
- case STATE14:
- /* send client certificate verify */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_client_certificate_verify (session, AGAIN (STATE14));
- STATE = STATE14;
- IMED_RET ("send client certificate verify", ret, 1);
-
- case STATE15:
- STATE = STATE15;
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_send_handshake_final (session, TRUE);
- IMED_RET ("send handshake final 2", ret, 1);
- }
- else
- {
- ret = _gnutls_recv_new_session_ticket (session);
- IMED_RET ("recv handshake new session ticket", ret, 1);
- }
-
- case STATE16:
- STATE = STATE16;
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_recv_new_session_ticket (session);
- IMED_RET ("recv handshake new session ticket", ret, 1);
- }
- else
- {
- ret = _gnutls_recv_handshake_final (session, TRUE);
- IMED_RET ("recv handshake final", ret, 1);
- }
-
- case STATE17:
- STATE = STATE17;
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_recv_handshake_final (session, FALSE);
- IMED_RET ("recv handshake final 2", ret, 1);
- }
- else
- {
- ret = _gnutls_send_handshake_final (session, FALSE);
- IMED_RET ("send handshake final", ret, 1);
- }
-
- STATE = STATE0;
- default:
- break;
- }
-
- return 0;
+ switch (STATE) {
+ case STATE0:
+ case STATE1:
+ ret = _gnutls_send_hello(session, AGAIN(STATE1));
+ STATE = STATE1;
+ IMED_RET("send hello", ret, 1);
+
+ case STATE2:
+ if (IS_DTLS(session)) {
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST,
+ 1, NULL);
+ STATE = STATE2;
+ IMED_RET("recv hello verify", ret, 1);
+
+ if (ret == 1) {
+ STATE = STATE0;
+ return 1;
+ }
+ }
+ case STATE3:
+ /* receive the server hello */
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_SERVER_HELLO,
+ 0, NULL);
+ STATE = STATE3;
+ IMED_RET("recv hello", ret, 1);
+
+ case STATE4:
+ if (session->security_parameters.do_recv_supplemental) {
+ ret = _gnutls_recv_supplemental(session);
+ STATE = STATE4;
+ IMED_RET("recv supplemental", ret, 1);
+ }
+
+ case STATE5:
+ /* RECV CERTIFICATE */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_certificate(session);
+ STATE = STATE5;
+ IMED_RET("recv server certificate", ret, 1);
+
+ case STATE6:
+ /* RECV CERTIFICATE STATUS */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_server_certificate_status
+ (session);
+ STATE = STATE6;
+ IMED_RET("recv server certificate", ret, 1);
+
+ case STATE7:
+ ret = run_verify_callback(session, GNUTLS_CLIENT);
+ STATE = STATE7;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ case STATE8:
+ /* receive the server key exchange */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_kx_message(session);
+ STATE = STATE8;
+ IMED_RET("recv server kx message", ret, 1);
+
+ case STATE9:
+ /* receive the server certificate request - if any
+ */
+
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_crt_request(session);
+ STATE = STATE9;
+ IMED_RET("recv server certificate request message", ret,
+ 1);
+
+ case STATE10:
+ /* receive the server hello done */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ 0, NULL);
+ STATE = STATE10;
+ IMED_RET("recv server hello done", ret, 1);
+
+ case STATE11:
+ if (session->security_parameters.do_send_supplemental) {
+ ret =
+ _gnutls_send_supplemental(session,
+ AGAIN(STATE11));
+ STATE = STATE11;
+ IMED_RET("send supplemental", ret, 0);
+ }
+
+ case STATE12:
+ /* send our certificate - if any and if requested
+ */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_certificate(session,
+ AGAIN
+ (STATE12));
+ STATE = STATE12;
+ IMED_RET("send client certificate", ret, 0);
+
+ case STATE13:
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_kx_message(session,
+ AGAIN(STATE13));
+ STATE = STATE13;
+ IMED_RET("send client kx", ret, 0);
+
+ case STATE14:
+ /* send client certificate verify */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_certificate_verify(session,
+ AGAIN
+ (STATE14));
+ STATE = STATE14;
+ IMED_RET("send client certificate verify", ret, 1);
+
+ case STATE15:
+ STATE = STATE15;
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_send_handshake_final(session, TRUE);
+ IMED_RET("send handshake final 2", ret, 1);
+ } else {
+ ret = _gnutls_recv_new_session_ticket(session);
+ IMED_RET("recv handshake new session ticket", ret,
+ 1);
+ }
+
+ case STATE16:
+ STATE = STATE16;
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_recv_new_session_ticket(session);
+ IMED_RET("recv handshake new session ticket", ret,
+ 1);
+ } else {
+ ret = _gnutls_recv_handshake_final(session, TRUE);
+ IMED_RET("recv handshake final", ret, 1);
+ }
+
+ case STATE17:
+ STATE = STATE17;
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_recv_handshake_final(session, FALSE);
+ IMED_RET("recv handshake final 2", ret, 1);
+ } else {
+ ret = _gnutls_send_handshake_final(session, FALSE);
+ IMED_RET("send handshake final", ret, 1);
+ }
+
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+ return 0;
}
@@ -2835,517 +2830,499 @@ _gnutls_handshake_client (gnutls_session_t session)
/* This function is to be called if the handshake was successfully
* completed. This sends a Change Cipher Spec packet to the peer.
*/
-static ssize_t
-send_change_cipher_spec (gnutls_session_t session, int again)
+static ssize_t send_change_cipher_spec(gnutls_session_t session, int again)
{
- uint8_t* data;
- mbuffer_st * bufel;
- int ret;
- const version_entry_st* vers;
-
- if (again == 0)
- {
- bufel = _gnutls_handshake_alloc (session, 1, 1);
- if (bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- vers = get_version (session);
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (vers->id == GNUTLS_DTLS0_9)
- _mbuffer_set_uhead_size(bufel, 3);
- else
- _mbuffer_set_uhead_size(bufel, 1);
- _mbuffer_set_udata_size(bufel, 0);
-
- data = _mbuffer_get_uhead_ptr (bufel);
-
- data[0] = 1;
- if (vers->id == GNUTLS_DTLS0_9)
- {
- _gnutls_write_uint16 (session->internals.dtls.hsk_write_seq, &data[1]);
- session->internals.dtls.hsk_write_seq++;
- }
-
- ret = _gnutls_handshake_io_cache_int (session, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC, bufel);
- if (ret < 0)
- {
- _mbuffer_xfree(&bufel);
- return gnutls_assert_val(ret);
- }
-
- _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session);
- }
-
- return 0;
+ uint8_t *data;
+ mbuffer_st *bufel;
+ int ret;
+ const version_entry_st *vers;
+
+ if (again == 0) {
+ bufel = _gnutls_handshake_alloc(session, 1, 1);
+ if (bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ vers = get_version(session);
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (vers->id == GNUTLS_DTLS0_9)
+ _mbuffer_set_uhead_size(bufel, 3);
+ else
+ _mbuffer_set_uhead_size(bufel, 1);
+ _mbuffer_set_udata_size(bufel, 0);
+
+ data = _mbuffer_get_uhead_ptr(bufel);
+
+ data[0] = 1;
+ if (vers->id == GNUTLS_DTLS0_9) {
+ _gnutls_write_uint16(session->internals.dtls.
+ hsk_write_seq, &data[1]);
+ session->internals.dtls.hsk_write_seq++;
+ }
+
+ ret =
+ _gnutls_handshake_io_cache_int(session,
+ GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC,
+ bufel);
+ if (ret < 0) {
+ _mbuffer_xfree(&bufel);
+ return gnutls_assert_val(ret);
+ }
+
+ _gnutls_handshake_log("REC[%p]: Sent ChangeCipherSpec\n",
+ session);
+ }
+
+ return 0;
}
/* This function sends the final handshake packets and initializes connection
*/
-static int
-_gnutls_send_handshake_final (gnutls_session_t session, int init)
+static int _gnutls_send_handshake_final(gnutls_session_t session, int init)
{
- int ret = 0;
-
- /* Send the CHANGE CIPHER SPEC PACKET */
-
- switch (FINAL_STATE)
- {
- case STATE0:
- case STATE1:
- ret = send_change_cipher_spec (session, FAGAIN (STATE1));
- FINAL_STATE = STATE0;
-
- if (ret < 0)
- {
- ERR ("send ChangeCipherSpec", ret);
- gnutls_assert ();
- return ret;
- }
- /* Initialize the connection session (start encryption) - in case of client
- */
- if (init == TRUE)
- {
- ret = _gnutls_ext_before_epoch_change(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = _gnutls_write_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE2:
- /* send the finished message */
- ret = _gnutls_send_finished (session, FAGAIN (STATE2));
- FINAL_STATE = STATE2;
- if (ret < 0)
- {
- ERR ("send Finished", ret);
- gnutls_assert ();
- return ret;
- }
-
- FINAL_STATE = STATE0;
- default:
- break;
- }
-
- return 0;
+ int ret = 0;
+
+ /* Send the CHANGE CIPHER SPEC PACKET */
+
+ switch (FINAL_STATE) {
+ case STATE0:
+ case STATE1:
+ ret = send_change_cipher_spec(session, FAGAIN(STATE1));
+ FINAL_STATE = STATE0;
+
+ if (ret < 0) {
+ ERR("send ChangeCipherSpec", ret);
+ gnutls_assert();
+ return ret;
+ }
+ /* Initialize the connection session (start encryption) - in case of client
+ */
+ if (init == TRUE) {
+ ret = _gnutls_ext_before_epoch_change(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_write_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE2:
+ /* send the finished message */
+ ret = _gnutls_send_finished(session, FAGAIN(STATE2));
+ FINAL_STATE = STATE2;
+ if (ret < 0) {
+ ERR("send Finished", ret);
+ gnutls_assert();
+ return ret;
+ }
+
+ FINAL_STATE = STATE0;
+ default:
+ break;
+ }
+
+ return 0;
}
/* This function receives the final handshake packets
* And executes the appropriate function to initialize the
* read session.
*/
-static int
-_gnutls_recv_handshake_final (gnutls_session_t session, int init)
+static int _gnutls_recv_handshake_final(gnutls_session_t session, int init)
{
- int ret = 0;
- uint8_t ch;
- unsigned int ccs_len = 1;
- unsigned int tleft;
- const version_entry_st* vers;
-
- ret = handshake_remaining_time(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- tleft = ret;
-
- switch (FINAL_STATE)
- {
- case STATE0:
- case STATE30:
- FINAL_STATE = STATE30;
-
- /* This is the last flight and peer cannot be sure
- * we have received it unless we notify him. So we
- * wait for a message and retransmit if needed. */
- if (IS_DTLS(session) && !_dtls_is_async(session) &&
- (gnutls_record_check_pending (session) +
- record_check_unprocessed (session)) == 0)
- {
- ret = _dtls_wait_and_retransmit(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- vers = get_version (session);
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (vers->id == GNUTLS_DTLS0_9)
- ccs_len = 3;
-
- ret = _gnutls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, ccs_len, NULL,
- tleft);
- if (ret <= 0)
- {
- ERR ("recv ChangeCipherSpec", ret);
- gnutls_assert ();
- return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- if (vers->id == GNUTLS_DTLS0_9)
- session->internals.dtls.hsk_read_seq++;
-
- /* Initialize the connection session (start encryption) - in case of server */
- if (init == TRUE)
- {
- ret = _gnutls_ext_before_epoch_change(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = _gnutls_read_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE31:
- FINAL_STATE = STATE31;
-
- if (IS_DTLS(session) && !_dtls_is_async(session) &&
- (gnutls_record_check_pending( session) +
- record_check_unprocessed (session)) == 0)
- {
- ret = _dtls_wait_and_retransmit(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- ret = _gnutls_recv_finished (session);
- if (ret < 0)
- {
- ERR ("recv finished", ret);
- gnutls_assert ();
- return ret;
- }
- FINAL_STATE = STATE0;
- default:
- break;
- }
-
-
- return 0;
+ int ret = 0;
+ uint8_t ch;
+ unsigned int ccs_len = 1;
+ unsigned int tleft;
+ const version_entry_st *vers;
+
+ ret = handshake_remaining_time(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ tleft = ret;
+
+ switch (FINAL_STATE) {
+ case STATE0:
+ case STATE30:
+ FINAL_STATE = STATE30;
+
+ /* This is the last flight and peer cannot be sure
+ * we have received it unless we notify him. So we
+ * wait for a message and retransmit if needed. */
+ if (IS_DTLS(session) && !_dtls_is_async(session) &&
+ (gnutls_record_check_pending(session) +
+ record_check_unprocessed(session)) == 0) {
+ ret = _dtls_wait_and_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ vers = get_version(session);
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (vers->id == GNUTLS_DTLS0_9)
+ ccs_len = 3;
+
+ ret =
+ _gnutls_recv_int(session, GNUTLS_CHANGE_CIPHER_SPEC,
+ -1, &ch, ccs_len, NULL, tleft);
+ if (ret <= 0) {
+ ERR("recv ChangeCipherSpec", ret);
+ gnutls_assert();
+ return (ret <
+ 0) ? ret :
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ if (vers->id == GNUTLS_DTLS0_9)
+ session->internals.dtls.hsk_read_seq++;
+
+ /* Initialize the connection session (start encryption) - in case of server */
+ if (init == TRUE) {
+ ret = _gnutls_ext_before_epoch_change(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_read_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE31:
+ FINAL_STATE = STATE31;
+
+ if (IS_DTLS(session) && !_dtls_is_async(session) &&
+ (gnutls_record_check_pending(session) +
+ record_check_unprocessed(session)) == 0) {
+ ret = _dtls_wait_and_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ ret = _gnutls_recv_finished(session);
+ if (ret < 0) {
+ ERR("recv finished", ret);
+ gnutls_assert();
+ return ret;
+ }
+ FINAL_STATE = STATE0;
+ default:
+ break;
+ }
+
+
+ return 0;
}
/*
* _gnutls_handshake_server
* This function does the server stuff of the handshake protocol.
*/
-static int
-_gnutls_handshake_server (gnutls_session_t session)
+static int _gnutls_handshake_server(gnutls_session_t session)
{
- int ret = 0;
-
- switch (STATE)
- {
- case STATE0:
- case STATE1:
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CLIENT_HELLO,
- 0, NULL);
- STATE = STATE1;
- IMED_RET ("recv hello", ret, 1);
-
- case STATE2:
- ret = _gnutls_send_hello (session, AGAIN (STATE2));
- STATE = STATE2;
- IMED_RET ("send hello", ret, 1);
-
- case STATE70:
- if (session->security_parameters.do_send_supplemental)
- {
- ret = _gnutls_send_supplemental (session, AGAIN (STATE70));
- STATE = STATE70;
- IMED_RET ("send supplemental data", ret, 0);
- }
-
- /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
- case STATE3:
- /* NOTE: these should not be send if we are resuming */
-
- if (session->internals.resumed == RESUME_FALSE)
- ret = _gnutls_send_server_certificate (session, AGAIN (STATE3));
- STATE = STATE3;
- IMED_RET ("send server certificate", ret, 0);
-
- case STATE4:
- if (session->internals.resumed == RESUME_FALSE)
- ret = _gnutls_send_server_certificate_status (session, AGAIN (STATE4));
- STATE = STATE4;
- IMED_RET ("send server certificate status", ret, 0);
-
- case STATE5:
- /* send server key exchange (A) */
- if (session->internals.resumed == RESUME_FALSE)
- ret = _gnutls_send_server_kx_message (session, AGAIN (STATE5));
- STATE = STATE5;
- IMED_RET ("send server kx", ret, 0);
-
- case STATE6:
- /* Send certificate request - if requested to */
- if (session->internals.resumed == RESUME_FALSE)
- ret =
- _gnutls_send_server_crt_request (session, AGAIN (STATE6));
- STATE = STATE6;
- IMED_RET ("send server cert request", ret, 0);
-
- case STATE7:
- /* send the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_empty_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- AGAIN (STATE7));
- STATE = STATE7;
- IMED_RET ("send server hello done", ret, 1);
-
- case STATE71:
- if (session->security_parameters.do_recv_supplemental)
- {
- ret = _gnutls_recv_supplemental (session);
- STATE = STATE71;
- IMED_RET ("recv client supplemental", ret, 1);
- }
-
- /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
- case STATE8:
- /* receive the client certificate message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_certificate (session);
- STATE = STATE8;
- IMED_RET ("recv client certificate", ret, 1);
-
- case STATE9:
- ret = run_verify_callback(session, GNUTLS_SERVER);
- STATE = STATE9;
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- case STATE10:
- /* receive the client key exchange message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_kx_message (session);
- STATE = STATE10;
- IMED_RET ("recv client kx", ret, 1);
-
- case STATE11:
- /* receive the client certificate verify message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_certificate_verify_message (session);
- STATE = STATE11;
- IMED_RET ("recv client certificate verify", ret, 1);
-
- case STATE12:
- STATE = STATE12;
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- {
- ret = _gnutls_recv_handshake_final (session, TRUE);
- IMED_RET ("recv handshake final", ret, 1);
- }
- else
- {
- ret = _gnutls_send_handshake_final (session, TRUE);
- IMED_RET ("send handshake final 2", ret, 1);
- }
-
- case STATE13:
- ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE13));
- STATE = STATE13;
- IMED_RET ("send handshake new session ticket", ret, 0);
-
- case STATE14:
- STATE = STATE14;
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- {
- ret = _gnutls_send_handshake_final (session, FALSE);
- IMED_RET ("send handshake final", ret, 1);
-
- if (session->security_parameters.entity == GNUTLS_SERVER && session->internals.ticket_sent == 0)
- {
- /* if no ticket, save session data */
- _gnutls_server_register_current_session (session);
- }
- }
- else
- {
- ret = _gnutls_recv_handshake_final (session, FALSE);
- IMED_RET ("recv handshake final 2", ret, 1);
- }
-
- STATE = STATE0;
- default:
- break;
- }
-
-
- return 0;
+ int ret = 0;
+
+ switch (STATE) {
+ case STATE0:
+ case STATE1:
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO,
+ 0, NULL);
+ STATE = STATE1;
+ IMED_RET("recv hello", ret, 1);
+
+ case STATE2:
+ ret = _gnutls_send_hello(session, AGAIN(STATE2));
+ STATE = STATE2;
+ IMED_RET("send hello", ret, 1);
+
+ case STATE70:
+ if (session->security_parameters.do_send_supplemental) {
+ ret =
+ _gnutls_send_supplemental(session,
+ AGAIN(STATE70));
+ STATE = STATE70;
+ IMED_RET("send supplemental data", ret, 0);
+ }
+
+ /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
+ case STATE3:
+ /* NOTE: these should not be send if we are resuming */
+
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_certificate(session,
+ AGAIN(STATE3));
+ STATE = STATE3;
+ IMED_RET("send server certificate", ret, 0);
+
+ case STATE4:
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_certificate_status(session,
+ AGAIN
+ (STATE4));
+ STATE = STATE4;
+ IMED_RET("send server certificate status", ret, 0);
+
+ case STATE5:
+ /* send server key exchange (A) */
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_kx_message(session,
+ AGAIN(STATE5));
+ STATE = STATE5;
+ IMED_RET("send server kx", ret, 0);
+
+ case STATE6:
+ /* Send certificate request - if requested to */
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_crt_request(session,
+ AGAIN(STATE6));
+ STATE = STATE6;
+ IMED_RET("send server cert request", ret, 0);
+
+ case STATE7:
+ /* send the server hello done */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_empty_handshake(session,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ AGAIN(STATE7));
+ STATE = STATE7;
+ IMED_RET("send server hello done", ret, 1);
+
+ case STATE71:
+ if (session->security_parameters.do_recv_supplemental) {
+ ret = _gnutls_recv_supplemental(session);
+ STATE = STATE71;
+ IMED_RET("recv client supplemental", ret, 1);
+ }
+
+ /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
+ case STATE8:
+ /* receive the client certificate message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_certificate(session);
+ STATE = STATE8;
+ IMED_RET("recv client certificate", ret, 1);
+
+ case STATE9:
+ ret = run_verify_callback(session, GNUTLS_SERVER);
+ STATE = STATE9;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ case STATE10:
+ /* receive the client key exchange message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_kx_message(session);
+ STATE = STATE10;
+ IMED_RET("recv client kx", ret, 1);
+
+ case STATE11:
+ /* receive the client certificate verify message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_client_certificate_verify_message
+ (session);
+ STATE = STATE11;
+ IMED_RET("recv client certificate verify", ret, 1);
+
+ case STATE12:
+ STATE = STATE12;
+ if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */
+ ret = _gnutls_recv_handshake_final(session, TRUE);
+ IMED_RET("recv handshake final", ret, 1);
+ } else {
+ ret = _gnutls_send_handshake_final(session, TRUE);
+ IMED_RET("send handshake final 2", ret, 1);
+ }
+
+ case STATE13:
+ ret =
+ _gnutls_send_new_session_ticket(session,
+ AGAIN(STATE13));
+ STATE = STATE13;
+ IMED_RET("send handshake new session ticket", ret, 0);
+
+ case STATE14:
+ STATE = STATE14;
+ if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */
+ ret = _gnutls_send_handshake_final(session, FALSE);
+ IMED_RET("send handshake final", ret, 1);
+
+ if (session->security_parameters.entity ==
+ GNUTLS_SERVER
+ && session->internals.ticket_sent == 0) {
+ /* if no ticket, save session data */
+ _gnutls_server_register_current_session
+ (session);
+ }
+ } else {
+ ret = _gnutls_recv_handshake_final(session, FALSE);
+ IMED_RET("recv handshake final 2", ret, 1);
+ }
+
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+
+ return 0;
}
-int
-_gnutls_generate_session_id (uint8_t * session_id, uint8_t * len)
+int _gnutls_generate_session_id(uint8_t * session_id, uint8_t * len)
{
- int ret;
+ int ret;
- *len = TLS_MAX_SESSION_ID_SIZE;
+ *len = TLS_MAX_SESSION_ID_SIZE;
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, session_id, TLS_MAX_SESSION_ID_SIZE);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE, session_id,
+ TLS_MAX_SESSION_ID_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
int
-_gnutls_recv_hello_request (gnutls_session_t session, void *data,
- uint32_t data_size)
+_gnutls_recv_hello_request(gnutls_session_t session, void *data,
+ uint32_t data_size)
{
- uint8_t type;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
- if (data_size < 1)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- type = ((uint8_t *) data)[0];
- if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
- {
- if (IS_DTLS(session))
- session->internals.dtls.hsk_read_seq++;
- return GNUTLS_E_REHANDSHAKE;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
+ uint8_t type;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+ if (data_size < 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ type = ((uint8_t *) data)[0];
+ if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST) {
+ if (IS_DTLS(session))
+ session->internals.dtls.hsk_read_seq++;
+ return GNUTLS_E_REHANDSHAKE;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
}
/* Returns 1 if the given KX has not the corresponding parameters
* (DH or RSA) set up. Otherwise returns 0.
*/
inline static int
-check_server_params (gnutls_session_t session,
- gnutls_kx_algorithm_t kx,
- gnutls_kx_algorithm_t * alg, int alg_size)
+check_server_params(gnutls_session_t session,
+ gnutls_kx_algorithm_t kx,
+ gnutls_kx_algorithm_t * alg, int alg_size)
{
- int cred_type;
- gnutls_dh_params_t dh_params = NULL;
- int j;
-
- cred_type = _gnutls_map_kx_get_cred (kx, 1);
-
- /* Read the Diffie-Hellman parameters, if any.
- */
- if (cred_type == GNUTLS_CRD_CERTIFICATE)
- {
- int delete;
- gnutls_certificate_credentials_t x509_cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
- cred_type, NULL);
-
- if (x509_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (x509_cred->dh_params,
- x509_cred->params_func, session);
- }
-
- /* Check also if the certificate supports the
- * KX method.
- */
- delete = 1;
- for (j = 0; j < alg_size; j++)
- {
- if (alg[j] == kx)
- {
- delete = 0;
- break;
- }
- }
-
- if (delete == 1)
- return 1;
+ int cred_type;
+ gnutls_dh_params_t dh_params = NULL;
+ int j;
+
+ cred_type = _gnutls_map_kx_get_cred(kx, 1);
+
+ /* Read the Diffie-Hellman parameters, if any.
+ */
+ if (cred_type == GNUTLS_CRD_CERTIFICATE) {
+ int delete;
+ gnutls_certificate_credentials_t x509_cred =
+ (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session,
+ cred_type, NULL);
+
+ if (x509_cred != NULL) {
+ dh_params =
+ _gnutls_get_dh_params(x509_cred->dh_params,
+ x509_cred->params_func,
+ session);
+ }
+
+ /* Check also if the certificate supports the
+ * KX method.
+ */
+ delete = 1;
+ for (j = 0; j < alg_size; j++) {
+ if (alg[j] == kx) {
+ delete = 0;
+ break;
+ }
+ }
+
+ if (delete == 1)
+ return 1;
#ifdef ENABLE_ANON
- }
- else if (cred_type == GNUTLS_CRD_ANON)
- {
- gnutls_anon_server_credentials_t anon_cred =
- (gnutls_anon_server_credentials_t) _gnutls_get_cred (session,
- cred_type, NULL);
-
- if (anon_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (anon_cred->dh_params,
- anon_cred->params_func, session);
- }
+ } else if (cred_type == GNUTLS_CRD_ANON) {
+ gnutls_anon_server_credentials_t anon_cred =
+ (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session,
+ cred_type, NULL);
+
+ if (anon_cred != NULL) {
+ dh_params =
+ _gnutls_get_dh_params(anon_cred->dh_params,
+ anon_cred->params_func,
+ session);
+ }
#endif
#ifdef ENABLE_PSK
- }
- else if (cred_type == GNUTLS_CRD_PSK)
- {
- gnutls_psk_server_credentials_t psk_cred =
- (gnutls_psk_server_credentials_t) _gnutls_get_cred (session,
- cred_type, NULL);
-
- if (psk_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func,
- session);
- }
+ } else if (cred_type == GNUTLS_CRD_PSK) {
+ gnutls_psk_server_credentials_t psk_cred =
+ (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session,
+ cred_type, NULL);
+
+ if (psk_cred != NULL) {
+ dh_params =
+ _gnutls_get_dh_params(psk_cred->dh_params,
+ psk_cred->params_func,
+ session);
+ }
#endif
- }
- else
- return 0; /* no need for params */
-
- /* If the key exchange method needs DH params,
- * but they are not set then remove it.
- */
- if (_gnutls_kx_needs_dh_params (kx) != 0)
- {
- /* needs DH params. */
- if (_gnutls_dh_params_to_mpi (dh_params) == NULL)
- {
- gnutls_assert ();
- return 1;
- }
- }
-
- return 0;
+ } else
+ return 0; /* no need for params */
+
+ /* If the key exchange method needs DH params,
+ * but they are not set then remove it.
+ */
+ if (_gnutls_kx_needs_dh_params(kx) != 0) {
+ /* needs DH params. */
+ if (_gnutls_dh_params_to_mpi(dh_params) == NULL) {
+ gnutls_assert();
+ return 1;
+ }
+ }
+
+ return 0;
}
/* This function will remove algorithms that are not supported by
@@ -3356,131 +3333,131 @@ check_server_params (gnutls_session_t session,
* by checking certificates etc.
*/
static int
-_gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
- uint8_t * cipher_suites,
- int cipher_suites_size,
- gnutls_pk_algorithm_t *pk_algos,
- size_t pk_algos_size)
+_gnutls_remove_unwanted_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ int cipher_suites_size,
+ gnutls_pk_algorithm_t * pk_algos,
+ size_t pk_algos_size)
{
- int ret = 0;
- int i, new_suites_size;
- gnutls_certificate_credentials_t cert_cred;
- gnutls_kx_algorithm_t kx;
- int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
- gnutls_kx_algorithm_t alg[MAX_ALGOS];
- int alg_size = MAX_ALGOS;
-
- /* if we should use a specific certificate,
- * we should remove all algorithms that are not supported
- * by that certificate and are on the same authentication
- * method (CERTIFICATE).
- */
- cert_cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
- GNUTLS_CRD_CERTIFICATE,
- NULL);
-
- /* If there are certificate credentials, find an appropriate certificate
- * or disable them;
- */
- if (session->security_parameters.entity == GNUTLS_SERVER
- && cert_cred != NULL && pk_algos_size > 0)
- {
- ret = _gnutls_server_select_cert (session, pk_algos, pk_algos_size);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Could not find an appropriate certificate: %s\n",
- gnutls_strerror (ret));
- }
- }
-
- /* get all the key exchange algorithms that are
- * supported by the X509 certificate parameters.
- */
- if ((ret =
- _gnutls_selected_cert_supported_kx (session, alg, &alg_size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- new_suites_size = 0;
-
- /* now removes ciphersuites based on the KX algorithm
- */
- for (i = 0; i < cipher_suites_size; i+=2)
- {
- int delete = 0;
-
- /* finds the key exchange algorithm in
- * the ciphersuite
- */
- kx = _gnutls_cipher_suite_get_kx_algo (&cipher_suites[i]);
-
- /* if it is defined but had no credentials
- */
- if (!session->internals.premaster_set &&
- _gnutls_get_kx_cred (session, kx, NULL) == NULL)
- {
- delete = 1;
- }
- else
- {
- delete = 0;
-
- if (server)
- delete = check_server_params (session, kx, alg, alg_size);
- }
-
- /* If we have not agreed to a common curve with the peer don't bother
- * negotiating ECDH.
- */
- if (server != 0 && _gnutls_kx_is_ecc(kx))
- {
- if (_gnutls_session_ecc_curve_get(session) == GNUTLS_ECC_CURVE_INVALID)
- {
- delete = 1;
- }
- }
-
- /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
- (see cred_mappings in gnutls_algorithms.c), but it also
- requires a SRP credential. Don't use SRP kx unless we have a
- SRP credential too. */
- if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS)
- {
- if (!_gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL))
- {
- delete = 1;
- }
- }
-
- if (delete == 0)
- {
-
- _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s (%.2X.%.2X)\n",
- session,
- _gnutls_cipher_suite_get_name (&cipher_suites[i]),
- cipher_suites[i], cipher_suites[i+1]);
-
- if (i != new_suites_size)
- memmove( &cipher_suites[new_suites_size], &cipher_suites[i], 2);
- new_suites_size+=2;
- }
- else
- {
- _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n",
- session,
- _gnutls_cipher_suite_get_name (&cipher_suites[i]));
-
- }
- }
-
- ret = new_suites_size;
-
- return ret;
+ int ret = 0;
+ int i, new_suites_size;
+ gnutls_certificate_credentials_t cert_cred;
+ gnutls_kx_algorithm_t kx;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
+ gnutls_kx_algorithm_t alg[MAX_ALGOS];
+ int alg_size = MAX_ALGOS;
+
+ /* if we should use a specific certificate,
+ * we should remove all algorithms that are not supported
+ * by that certificate and are on the same authentication
+ * method (CERTIFICATE).
+ */
+ cert_cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred(session,
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
+
+ /* If there are certificate credentials, find an appropriate certificate
+ * or disable them;
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER
+ && cert_cred != NULL && pk_algos_size > 0) {
+ ret =
+ _gnutls_server_select_cert(session, pk_algos,
+ pk_algos_size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Could not find an appropriate certificate: %s\n",
+ gnutls_strerror(ret));
+ }
+ }
+
+ /* get all the key exchange algorithms that are
+ * supported by the X509 certificate parameters.
+ */
+ if ((ret =
+ _gnutls_selected_cert_supported_kx(session, alg,
+ &alg_size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ new_suites_size = 0;
+
+ /* now removes ciphersuites based on the KX algorithm
+ */
+ for (i = 0; i < cipher_suites_size; i += 2) {
+ int delete = 0;
+
+ /* finds the key exchange algorithm in
+ * the ciphersuite
+ */
+ kx = _gnutls_cipher_suite_get_kx_algo(&cipher_suites[i]);
+
+ /* if it is defined but had no credentials
+ */
+ if (!session->internals.premaster_set &&
+ _gnutls_get_kx_cred(session, kx, NULL) == NULL) {
+ delete = 1;
+ } else {
+ delete = 0;
+
+ if (server)
+ delete =
+ check_server_params(session, kx, alg,
+ alg_size);
+ }
+
+ /* If we have not agreed to a common curve with the peer don't bother
+ * negotiating ECDH.
+ */
+ if (server != 0 && _gnutls_kx_is_ecc(kx)) {
+ if (_gnutls_session_ecc_curve_get(session) ==
+ GNUTLS_ECC_CURVE_INVALID) {
+ delete = 1;
+ }
+ }
+
+ /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
+ (see cred_mappings in gnutls_algorithms.c), but it also
+ requires a SRP credential. Don't use SRP kx unless we have a
+ SRP credential too. */
+ if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) {
+ if (!_gnutls_get_cred
+ (session, GNUTLS_CRD_SRP, NULL)) {
+ delete = 1;
+ }
+ }
+
+ if (delete == 0) {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Keeping ciphersuite: %s (%.2X.%.2X)\n",
+ session,
+ _gnutls_cipher_suite_get_name(&cipher_suites
+ [i]),
+ cipher_suites[i], cipher_suites[i + 1]);
+
+ if (i != new_suites_size)
+ memmove(&cipher_suites[new_suites_size],
+ &cipher_suites[i], 2);
+ new_suites_size += 2;
+ } else {
+ _gnutls_handshake_log
+ ("HSK[%p]: Removing ciphersuite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name(&cipher_suites
+ [i]));
+
+ }
+ }
+
+ ret = new_suites_size;
+
+ return ret;
}
@@ -3499,9 +3476,10 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
* limit Denial of Service attacks.
**/
void
-gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max)
+gnutls_handshake_set_max_packet_length(gnutls_session_t session,
+ size_t max)
{
- session->internals.max_handshake_data_buffer_size = max;
+ session->internals.max_handshake_data_buffer_size = max;
}
/**
@@ -3519,9 +3497,9 @@ gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max)
* %gnutls_handshake_description_t.
**/
gnutls_handshake_description_t
-gnutls_handshake_get_last_in (gnutls_session_t session)
+gnutls_handshake_get_last_in(gnutls_session_t session)
{
- return session->internals.last_handshake_in;
+ return session->internals.last_handshake_in;
}
/**
@@ -3539,7 +3517,7 @@ gnutls_handshake_get_last_in (gnutls_session_t session)
* %gnutls_handshake_description_t.
**/
gnutls_handshake_description_t
-gnutls_handshake_get_last_out (gnutls_session_t session)
+gnutls_handshake_get_last_out(gnutls_session_t session)
{
- return session->internals.last_handshake_out;
+ return session->internals.last_handshake_out;
}
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index 77d163d5a0..d3555d48f5 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -25,29 +25,30 @@
#include <gnutls_errors.h>
-int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
- gnutls_handshake_description_t type);
-int _gnutls_recv_hello_request (gnutls_session_t session, void *data,
- uint32_t data_size);
-int _gnutls_send_hello (gnutls_session_t session, int again);
-int _gnutls_recv_hello (gnutls_session_t session, uint8_t * data, int datalen);
-int _gnutls_recv_handshake (gnutls_session_t session,
- gnutls_handshake_description_t type,
- unsigned int optional, gnutls_buffer_st* buf);
-int _gnutls_generate_session_id (uint8_t * session_id, uint8_t * len);
-int _gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd);
-int _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd);
+int _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel,
+ gnutls_handshake_description_t type);
+int _gnutls_recv_hello_request(gnutls_session_t session, void *data,
+ uint32_t data_size);
+int _gnutls_send_hello(gnutls_session_t session, int again);
+int _gnutls_recv_hello(gnutls_session_t session, uint8_t * data,
+ int datalen);
+int _gnutls_recv_handshake(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ unsigned int optional, gnutls_buffer_st * buf);
+int _gnutls_generate_session_id(uint8_t * session_id, uint8_t * len);
+int _gnutls_set_server_random(gnutls_session_t session, uint8_t * rnd);
+int _gnutls_set_client_random(gnutls_session_t session, uint8_t * rnd);
-int _gnutls_find_pk_algos_in_ciphersuites (uint8_t * data, int datalen);
-int _gnutls_server_select_suite (gnutls_session_t session, uint8_t * data,
- unsigned int datalen);
+int _gnutls_find_pk_algos_in_ciphersuites(uint8_t * data, int datalen);
+int _gnutls_server_select_suite(gnutls_session_t session, uint8_t * data,
+ unsigned int datalen);
-int _gnutls_negotiate_version (gnutls_session_t session,
- gnutls_protocol_t adv_version);
-int _gnutls_user_hello_func (gnutls_session_t session,
- gnutls_protocol_t adv_version);
+int _gnutls_negotiate_version(gnutls_session_t session,
+ gnutls_protocol_t adv_version);
+int _gnutls_user_hello_func(gnutls_session_t session,
+ gnutls_protocol_t adv_version);
-void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session);
+void _gnutls_handshake_hash_buffers_clear(gnutls_session_t session);
#define STATE session->internals.handshake_state
#define FINAL_STATE session->internals.handshake_final_state
@@ -60,15 +61,15 @@ void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session);
inline static int handshake_remaining_time(gnutls_session_t session)
{
- if (session->internals.handshake_endtime)
- {
- time_t now = gnutls_time(0);
- if (now < session->internals.handshake_endtime)
- return (session->internals.handshake_endtime - now) * 1000;
- else
- return gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- }
- return 0;
+ if (session->internals.handshake_endtime) {
+ time_t now = gnutls_time(0);
+ if (now < session->internals.handshake_endtime)
+ return (session->internals.handshake_endtime -
+ now) * 1000;
+ else
+ return gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ }
+ return 0;
}
#endif
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index c83b614496..7f16a54d3e 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -29,124 +29,117 @@
#include <gnutls_errors.h>
#include <algorithms.h>
-int
-_gnutls_hash_init (digest_hd_st * dig, const mac_entry_st* e)
+int _gnutls_hash_init(digest_hd_st * dig, const mac_entry_st * e)
{
- int result;
- const gnutls_crypto_digest_st *cc = NULL;
-
- dig->e = e;
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_digest (e->id);
- if (cc != NULL && cc->init)
- {
- if (cc->init (e->id, &dig->handle) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
-
- dig->hash = cc->hash;
- dig->output = cc->output;
- dig->deinit = cc->deinit;
-
- return 0;
- }
-
- result = _gnutls_digest_ops.init (e->id, &dig->handle);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- dig->hash = _gnutls_digest_ops.hash;
- dig->output = _gnutls_digest_ops.output;
- dig->deinit = _gnutls_digest_ops.deinit;
-
- return 0;
+ int result;
+ const gnutls_crypto_digest_st *cc = NULL;
+
+ dig->e = e;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_digest(e->id);
+ if (cc != NULL && cc->init) {
+ if (cc->init(e->id, &dig->handle) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ dig->hash = cc->hash;
+ dig->output = cc->output;
+ dig->deinit = cc->deinit;
+
+ return 0;
+ }
+
+ result = _gnutls_digest_ops.init(e->id, &dig->handle);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ dig->hash = _gnutls_digest_ops.hash;
+ dig->output = _gnutls_digest_ops.output;
+ dig->deinit = _gnutls_digest_ops.deinit;
+
+ return 0;
}
-void
-_gnutls_hash_deinit (digest_hd_st * handle, void *digest)
+void _gnutls_hash_deinit(digest_hd_st * handle, void *digest)
{
- if (handle->handle == NULL)
- {
- return;
- }
+ if (handle->handle == NULL) {
+ return;
+ }
- if (digest != NULL)
- _gnutls_hash_output (handle, digest);
+ if (digest != NULL)
+ _gnutls_hash_output(handle, digest);
- handle->deinit (handle->handle);
- handle->handle = NULL;
+ handle->deinit(handle->handle);
+ handle->handle = NULL;
}
int
-_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest)
+_gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest)
{
- int ret;
- const gnutls_crypto_digest_st *cc = NULL;
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_digest (algorithm);
- if (cc != NULL)
- {
- if (cc->fast (algorithm, text, textlen, digest) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
-
- return 0;
- }
-
- ret = _gnutls_digest_ops.fast (algorithm, text, textlen, digest);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+ const gnutls_crypto_digest_st *cc = NULL;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_digest(algorithm);
+ if (cc != NULL) {
+ if (cc->fast(algorithm, text, textlen, digest) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ return 0;
+ }
+
+ ret = _gnutls_digest_ops.fast(algorithm, text, textlen, digest);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/* HMAC interface */
int
-_gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- int keylen, const void *text, size_t textlen, void *digest)
+_gnutls_mac_fast(gnutls_mac_algorithm_t algorithm, const void *key,
+ int keylen, const void *text, size_t textlen,
+ void *digest)
{
- int ret;
- const gnutls_crypto_mac_st *cc = NULL;
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_mac (algorithm);
- if (cc != NULL)
- {
- if (cc->fast (algorithm, NULL, 0, key, keylen, text, textlen, digest) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
-
- return 0;
- }
-
- ret = _gnutls_mac_ops.fast (algorithm, NULL, 0, key, keylen, text, textlen, digest);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+ const gnutls_crypto_mac_st *cc = NULL;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_mac(algorithm);
+ if (cc != NULL) {
+ if (cc->
+ fast(algorithm, NULL, 0, key, keylen, text, textlen,
+ digest) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ return 0;
+ }
+
+ ret =
+ _gnutls_mac_ops.fast(algorithm, NULL, 0, key, keylen, text,
+ textlen, digest);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
@@ -155,382 +148,356 @@ _gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
*/
int _gnutls_mac_exists(gnutls_mac_algorithm_t algo)
{
- const gnutls_crypto_mac_st *cc = NULL;
+ const gnutls_crypto_mac_st *cc = NULL;
- cc = _gnutls_get_crypto_mac (algo);
- if (cc != NULL) return 1;
+ cc = _gnutls_get_crypto_mac(algo);
+ if (cc != NULL)
+ return 1;
- return _gnutls_mac_ops.exists (algo);
+ return _gnutls_mac_ops.exists(algo);
}
int
-_gnutls_mac_init (mac_hd_st * mac, const mac_entry_st* e,
- const void *key, int keylen)
+_gnutls_mac_init(mac_hd_st * mac, const mac_entry_st * e,
+ const void *key, int keylen)
{
- int result;
- const gnutls_crypto_mac_st *cc = NULL;
-
- mac->e = e;
- mac->mac_len = _gnutls_mac_get_algo_len (e);
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_mac (e->id);
- if (cc != NULL && cc->init != NULL)
- {
- if (cc->init (e->id, &mac->handle) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
-
- if (cc->setkey (mac->handle, key, keylen) < 0)
- {
- gnutls_assert ();
- cc->deinit (mac->handle);
- return GNUTLS_E_HASH_FAILED;
- }
-
- mac->hash = cc->hash;
- mac->setnonce = cc->setnonce;
- mac->output = cc->output;
- mac->deinit = cc->deinit;
-
- return 0;
- }
-
- result = _gnutls_mac_ops.init (e->id, &mac->handle);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- mac->hash = _gnutls_mac_ops.hash;
- mac->setnonce = _gnutls_mac_ops.setnonce;
- mac->output = _gnutls_mac_ops.output;
- mac->deinit = _gnutls_mac_ops.deinit;
-
- if (_gnutls_mac_ops.setkey (mac->handle, key, keylen) < 0)
- {
- gnutls_assert();
- mac->deinit(mac->handle);
- return GNUTLS_E_HASH_FAILED;
- }
-
- return 0;
+ int result;
+ const gnutls_crypto_mac_st *cc = NULL;
+
+ mac->e = e;
+ mac->mac_len = _gnutls_mac_get_algo_len(e);
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_mac(e->id);
+ if (cc != NULL && cc->init != NULL) {
+ if (cc->init(e->id, &mac->handle) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (cc->setkey(mac->handle, key, keylen) < 0) {
+ gnutls_assert();
+ cc->deinit(mac->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ mac->hash = cc->hash;
+ mac->setnonce = cc->setnonce;
+ mac->output = cc->output;
+ mac->deinit = cc->deinit;
+
+ return 0;
+ }
+
+ result = _gnutls_mac_ops.init(e->id, &mac->handle);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ mac->hash = _gnutls_mac_ops.hash;
+ mac->setnonce = _gnutls_mac_ops.setnonce;
+ mac->output = _gnutls_mac_ops.output;
+ mac->deinit = _gnutls_mac_ops.deinit;
+
+ if (_gnutls_mac_ops.setkey(mac->handle, key, keylen) < 0) {
+ gnutls_assert();
+ mac->deinit(mac->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ return 0;
}
-void
-_gnutls_mac_deinit (mac_hd_st * handle, void *digest)
+void _gnutls_mac_deinit(mac_hd_st * handle, void *digest)
{
- if (handle->handle == NULL)
- {
- return;
- }
+ if (handle->handle == NULL) {
+ return;
+ }
- if (digest)
- _gnutls_mac_output (handle, digest);
+ if (digest)
+ _gnutls_mac_output(handle, digest);
- handle->deinit (handle->handle);
- handle->handle = NULL;
+ handle->deinit(handle->handle);
+ handle->handle = NULL;
}
-inline static int
-get_padsize (gnutls_digest_algorithm_t algorithm)
+inline static int get_padsize(gnutls_digest_algorithm_t algorithm)
{
- switch (algorithm)
- {
- case GNUTLS_DIG_MD5:
- return 48;
- case GNUTLS_DIG_SHA1:
- return 40;
- default:
- return 0;
- }
+ switch (algorithm) {
+ case GNUTLS_DIG_MD5:
+ return 48;
+ case GNUTLS_DIG_SHA1:
+ return 40;
+ default:
+ return 0;
+ }
}
/* Special functions for SSL3 MAC
*/
int
-_gnutls_mac_init_ssl3 (digest_hd_st * ret, const mac_entry_st* e,
- void *key, int keylen)
+_gnutls_mac_init_ssl3(digest_hd_st * ret, const mac_entry_st * e,
+ void *key, int keylen)
{
- uint8_t ipad[48];
- int padsize, result;
+ uint8_t ipad[48];
+ int padsize, result;
- padsize = get_padsize ((gnutls_digest_algorithm_t)e->id);
- if (padsize == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
+ padsize = get_padsize((gnutls_digest_algorithm_t) e->id);
+ if (padsize == 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- memset (ipad, 0x36, padsize);
+ memset(ipad, 0x36, padsize);
- result = _gnutls_hash_init (ret, e);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result = _gnutls_hash_init(ret, e);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- ret->key = key;
- ret->keysize = keylen;
+ ret->key = key;
+ ret->keysize = keylen;
- if (keylen > 0)
- _gnutls_hash (ret, key, keylen);
- _gnutls_hash (ret, ipad, padsize);
+ if (keylen > 0)
+ _gnutls_hash(ret, key, keylen);
+ _gnutls_hash(ret, ipad, padsize);
- return 0;
+ return 0;
}
-int
-_gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest)
+int _gnutls_mac_output_ssl3(digest_hd_st * handle, void *digest)
{
- uint8_t ret[MAX_HASH_SIZE];
- digest_hd_st td;
- uint8_t opad[48];
- int padsize;
- int block, rc;
-
- padsize = get_padsize (handle->e->id);
- if (padsize == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- memset (opad, 0x5C, padsize);
-
- rc = _gnutls_hash_init (&td, handle->e);
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- if (handle->keysize > 0)
- _gnutls_hash (&td, handle->key, handle->keysize);
-
- _gnutls_hash (&td, opad, padsize);
- block = _gnutls_mac_get_algo_len (handle->e);
- _gnutls_hash_output (handle, ret); /* get the previous hash */
- _gnutls_hash (&td, ret, block);
-
- _gnutls_hash_deinit (&td, digest);
-
- /* reset handle */
- memset (opad, 0x36, padsize);
-
- if (handle->keysize > 0)
- _gnutls_hash (handle, handle->key, handle->keysize);
- _gnutls_hash (handle, opad, padsize);
-
- return 0;
+ uint8_t ret[MAX_HASH_SIZE];
+ digest_hd_st td;
+ uint8_t opad[48];
+ int padsize;
+ int block, rc;
+
+ padsize = get_padsize(handle->e->id);
+ if (padsize == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ memset(opad, 0x5C, padsize);
+
+ rc = _gnutls_hash_init(&td, handle->e);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ if (handle->keysize > 0)
+ _gnutls_hash(&td, handle->key, handle->keysize);
+
+ _gnutls_hash(&td, opad, padsize);
+ block = _gnutls_mac_get_algo_len(handle->e);
+ _gnutls_hash_output(handle, ret); /* get the previous hash */
+ _gnutls_hash(&td, ret, block);
+
+ _gnutls_hash_deinit(&td, digest);
+
+ /* reset handle */
+ memset(opad, 0x36, padsize);
+
+ if (handle->keysize > 0)
+ _gnutls_hash(handle, handle->key, handle->keysize);
+ _gnutls_hash(handle, opad, padsize);
+
+ return 0;
}
-int
-_gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest)
+int _gnutls_mac_deinit_ssl3(digest_hd_st * handle, void *digest)
{
-int ret = 0;
+ int ret = 0;
- if (digest != NULL) ret = _gnutls_mac_output_ssl3(handle, digest);
- _gnutls_hash_deinit(handle, NULL);
-
- return ret;
+ if (digest != NULL)
+ ret = _gnutls_mac_output_ssl3(handle, digest);
+ _gnutls_hash_deinit(handle, NULL);
+
+ return ret;
}
int
-_gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
- void *digest, uint8_t * key,
- uint32_t key_size)
+_gnutls_mac_deinit_ssl3_handshake(digest_hd_st * handle,
+ void *digest, uint8_t * key,
+ uint32_t key_size)
{
- uint8_t ret[MAX_HASH_SIZE];
- digest_hd_st td;
- uint8_t opad[48];
- uint8_t ipad[48];
- int padsize;
- int block, rc;
-
- padsize = get_padsize (handle->e->id);
- if (padsize == 0)
- {
- gnutls_assert ();
- rc = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- memset (opad, 0x5C, padsize);
- memset (ipad, 0x36, padsize);
-
- rc = _gnutls_hash_init (&td, handle->e);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (key_size > 0)
- _gnutls_hash (&td, key, key_size);
-
- _gnutls_hash (&td, opad, padsize);
- block = _gnutls_mac_get_algo_len (handle->e);
-
- if (key_size > 0)
- _gnutls_hash (handle, key, key_size);
- _gnutls_hash (handle, ipad, padsize);
- _gnutls_hash_deinit (handle, ret); /* get the previous hash */
-
- _gnutls_hash (&td, ret, block);
-
- _gnutls_hash_deinit (&td, digest);
-
- return 0;
-
-cleanup:
- _gnutls_hash_deinit(handle, NULL);
- return rc;
+ uint8_t ret[MAX_HASH_SIZE];
+ digest_hd_st td;
+ uint8_t opad[48];
+ uint8_t ipad[48];
+ int padsize;
+ int block, rc;
+
+ padsize = get_padsize(handle->e->id);
+ if (padsize == 0) {
+ gnutls_assert();
+ rc = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ memset(opad, 0x5C, padsize);
+ memset(ipad, 0x36, padsize);
+
+ rc = _gnutls_hash_init(&td, handle->e);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (key_size > 0)
+ _gnutls_hash(&td, key, key_size);
+
+ _gnutls_hash(&td, opad, padsize);
+ block = _gnutls_mac_get_algo_len(handle->e);
+
+ if (key_size > 0)
+ _gnutls_hash(handle, key, key_size);
+ _gnutls_hash(handle, ipad, padsize);
+ _gnutls_hash_deinit(handle, ret); /* get the previous hash */
+
+ _gnutls_hash(&td, ret, block);
+
+ _gnutls_hash_deinit(&td, digest);
+
+ return 0;
+
+ cleanup:
+ _gnutls_hash_deinit(handle, NULL);
+ return rc;
}
static int
-ssl3_sha (int i, uint8_t * secret, int secret_len,
- uint8_t * rnd, int rnd_len, void *digest)
+ssl3_sha(int i, uint8_t * secret, int secret_len,
+ uint8_t * rnd, int rnd_len, void *digest)
{
- int j, ret;
- uint8_t text1[26];
+ int j, ret;
+ uint8_t text1[26];
- digest_hd_st td;
+ digest_hd_st td;
- for (j = 0; j < i + 1; j++)
- {
- text1[j] = 65 + i; /* A==65 */
- }
+ for (j = 0; j < i + 1; j++) {
+ text1[j] = 65 + i; /* A==65 */
+ }
- ret = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_SHA1));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_hash_init(&td, mac_to_entry(GNUTLS_MAC_SHA1));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- _gnutls_hash (&td, text1, i + 1);
- _gnutls_hash (&td, secret, secret_len);
- _gnutls_hash (&td, rnd, rnd_len);
+ _gnutls_hash(&td, text1, i + 1);
+ _gnutls_hash(&td, secret, secret_len);
+ _gnutls_hash(&td, rnd, rnd_len);
- _gnutls_hash_deinit (&td, digest);
- return 0;
+ _gnutls_hash_deinit(&td, digest);
+ return 0;
}
#define SHA1_DIGEST_OUTPUT 20
#define MD5_DIGEST_OUTPUT 16
static int
-ssl3_md5 (int i, uint8_t * secret, int secret_len,
- uint8_t * rnd, int rnd_len, void *digest)
+ssl3_md5(int i, uint8_t * secret, int secret_len,
+ uint8_t * rnd, int rnd_len, void *digest)
{
- uint8_t tmp[MAX_HASH_SIZE];
- digest_hd_st td;
- int ret;
-
- ret = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_MD5));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td, secret, secret_len);
-
- ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&td, digest);
- return ret;
- }
-
- _gnutls_hash (&td, tmp, SHA1_DIGEST_OUTPUT);
-
- _gnutls_hash_deinit (&td, digest);
- return 0;
+ uint8_t tmp[MAX_HASH_SIZE];
+ digest_hd_st td;
+ int ret;
+
+ ret = _gnutls_hash_init(&td, mac_to_entry(GNUTLS_MAC_MD5));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td, secret, secret_len);
+
+ ret = ssl3_sha(i, secret, secret_len, rnd, rnd_len, tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_hash_deinit(&td, digest);
+ return ret;
+ }
+
+ _gnutls_hash(&td, tmp, SHA1_DIGEST_OUTPUT);
+
+ _gnutls_hash_deinit(&td, digest);
+ return 0;
}
int
-_gnutls_ssl3_hash_md5 (const void *first, int first_len,
- const void *second, int second_len,
- int ret_len, uint8_t * ret)
+_gnutls_ssl3_hash_md5(const void *first, int first_len,
+ const void *second, int second_len,
+ int ret_len, uint8_t * ret)
{
- uint8_t digest[MAX_HASH_SIZE];
- digest_hd_st td;
- int block = MD5_DIGEST_OUTPUT;
- int rc;
+ uint8_t digest[MAX_HASH_SIZE];
+ digest_hd_st td;
+ int block = MD5_DIGEST_OUTPUT;
+ int rc;
- rc = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_MD5));
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
+ rc = _gnutls_hash_init(&td, mac_to_entry(GNUTLS_MAC_MD5));
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
- _gnutls_hash (&td, first, first_len);
- _gnutls_hash (&td, second, second_len);
+ _gnutls_hash(&td, first, first_len);
+ _gnutls_hash(&td, second, second_len);
- _gnutls_hash_deinit (&td, digest);
+ _gnutls_hash_deinit(&td, digest);
- if (ret_len > block)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (ret_len > block) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- memcpy (ret, digest, ret_len);
+ memcpy(ret, digest, ret_len);
- return 0;
+ return 0;
}
int
-_gnutls_ssl3_generate_random (void *secret, int secret_len,
- void *rnd, int rnd_len,
- int ret_bytes, uint8_t * ret)
+_gnutls_ssl3_generate_random(void *secret, int secret_len,
+ void *rnd, int rnd_len,
+ int ret_bytes, uint8_t * ret)
{
- int i = 0, copy, output_bytes;
- uint8_t digest[MAX_HASH_SIZE];
- int block = MD5_DIGEST_OUTPUT;
- int result, times;
-
- output_bytes = 0;
- do
- {
- output_bytes += block;
- }
- while (output_bytes < ret_bytes);
-
- times = output_bytes / block;
-
- for (i = 0; i < times; i++)
- {
-
- result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if ((1 + i) * block < ret_bytes)
- {
- copy = block;
- }
- else
- {
- copy = ret_bytes - (i) * block;
- }
-
- memcpy (&ret[i * block], digest, copy);
- }
-
- return 0;
+ int i = 0, copy, output_bytes;
+ uint8_t digest[MAX_HASH_SIZE];
+ int block = MD5_DIGEST_OUTPUT;
+ int result, times;
+
+ output_bytes = 0;
+ do {
+ output_bytes += block;
+ }
+ while (output_bytes < ret_bytes);
+
+ times = output_bytes / block;
+
+ for (i = 0; i < times; i++) {
+
+ result =
+ ssl3_md5(i, secret, secret_len, rnd, rnd_len, digest);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if ((1 + i) * block < ret_bytes) {
+ copy = block;
+ } else {
+ copy = ret_bytes - (i) * block;
+ }
+
+ memcpy(&ret[i * block], digest, copy);
+ }
+
+ return 0;
}
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index a08ea248da..0377900a92 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -38,85 +38,79 @@ extern gnutls_crypto_digest_st _gnutls_digest_ops;
typedef int (*hash_func) (void *handle, const void *text, size_t size);
typedef int (*nonce_func) (void *handle, const void *text, size_t size);
-typedef int (*output_func) (void *src_ctx, void *digest, size_t digestsize);
+typedef int (*output_func) (void *src_ctx, void *digest,
+ size_t digestsize);
typedef void (*deinit_func) (void *handle);
-typedef struct
-{
- const mac_entry_st * e;
- hash_func hash;
- output_func output;
- deinit_func deinit;
+typedef struct {
+ const mac_entry_st *e;
+ hash_func hash;
+ output_func output;
+ deinit_func deinit;
- const void *key; /* esoteric use by SSL3 MAC functions */
- int keysize;
+ const void *key; /* esoteric use by SSL3 MAC functions */
+ int keysize;
- void *handle;
+ void *handle;
} digest_hd_st;
-typedef struct
-{
- const mac_entry_st * e;
- int mac_len;
+typedef struct {
+ const mac_entry_st *e;
+ int mac_len;
- hash_func hash;
- nonce_func setnonce;
- output_func output;
- deinit_func deinit;
+ hash_func hash;
+ nonce_func setnonce;
+ output_func output;
+ deinit_func deinit;
- void *handle;
+ void *handle;
} mac_hd_st;
/* basic functions */
int _gnutls_mac_exists(gnutls_mac_algorithm_t algorithm);
-int _gnutls_mac_init (mac_hd_st *, const mac_entry_st* e,
- const void *key, int keylen);
+int _gnutls_mac_init(mac_hd_st *, const mac_entry_st * e,
+ const void *key, int keylen);
-int _gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- int keylen, const void *text, size_t textlen,
- void *digest);
+int _gnutls_mac_fast(gnutls_mac_algorithm_t algorithm, const void *key,
+ int keylen, const void *text, size_t textlen,
+ void *digest);
inline static int
-_gnutls_mac (mac_hd_st * handle, const void *text, size_t textlen)
+_gnutls_mac(mac_hd_st * handle, const void *text, size_t textlen)
{
- if (textlen > 0)
- {
- return handle->hash (handle->handle, text, textlen);
- }
- return 0;
+ if (textlen > 0) {
+ return handle->hash(handle->handle, text, textlen);
+ }
+ return 0;
}
-inline static void
-_gnutls_mac_output (mac_hd_st * handle, void *digest)
+inline static void _gnutls_mac_output(mac_hd_st * handle, void *digest)
{
- if (digest != NULL)
- {
- handle->output (handle->handle, digest, handle->mac_len);
- }
+ if (digest != NULL) {
+ handle->output(handle->handle, digest, handle->mac_len);
+ }
}
inline static int
-_gnutls_mac_set_nonce (mac_hd_st * handle, const void *nonce, size_t n_size)
+_gnutls_mac_set_nonce(mac_hd_st * handle, const void *nonce, size_t n_size)
{
- if (handle->setnonce)
- return handle->setnonce (handle->handle, nonce, n_size);
- return 0;
+ if (handle->setnonce)
+ return handle->setnonce(handle->handle, nonce, n_size);
+ return 0;
}
-void
-_gnutls_mac_deinit (mac_hd_st * handle, void *digest);
+void _gnutls_mac_deinit(mac_hd_st * handle, void *digest);
/* Hash interface */
-int _gnutls_hash_init (digest_hd_st *, const mac_entry_st* e);
+int _gnutls_hash_init(digest_hd_st *, const mac_entry_st * e);
inline static int
-_gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
+_gnutls_hash(digest_hd_st * handle, const void *text, size_t textlen)
{
- if (textlen > 0)
- {
- handle->hash (handle->handle, text, textlen);
- }
- return 0;
+ if (textlen > 0) {
+ handle->hash(handle->handle, text, textlen);
+ }
+ return 0;
}
/* when the current output is needed without calling deinit
@@ -124,36 +118,35 @@ _gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
#define _gnutls_hash_output(h, d) \
(h)->output((h)->handle, d, _gnutls_hash_get_algo_len((h)->e))
-void
-_gnutls_hash_deinit (digest_hd_st * handle, void *digest);
+void _gnutls_hash_deinit(digest_hd_st * handle, void *digest);
int
-_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest);
+_gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest);
/* help functions */
-int _gnutls_mac_init_ssl3 (digest_hd_st *, const mac_entry_st* e,
- void *key, int keylen);
-int _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest);
-int _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest);
+int _gnutls_mac_init_ssl3(digest_hd_st *, const mac_entry_st * e,
+ void *key, int keylen);
+int _gnutls_mac_deinit_ssl3(digest_hd_st * handle, void *digest);
+int _gnutls_mac_output_ssl3(digest_hd_st * handle, void *digest);
-int _gnutls_ssl3_generate_random (void *secret, int secret_len,
- void *rnd, int random_len, int bytes,
- uint8_t * ret);
-int _gnutls_ssl3_hash_md5 (const void *first, int first_len,
- const void *second, int second_len,
- int ret_len, uint8_t * ret);
+int _gnutls_ssl3_generate_random(void *secret, int secret_len,
+ void *rnd, int random_len, int bytes,
+ uint8_t * ret);
+int _gnutls_ssl3_hash_md5(const void *first, int first_len,
+ const void *second, int second_len,
+ int ret_len, uint8_t * ret);
-int _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, void *digest,
- uint8_t * key, uint32_t key_size);
+int _gnutls_mac_deinit_ssl3_handshake(digest_hd_st * handle, void *digest,
+ uint8_t * key, uint32_t key_size);
inline static int IS_SHA(gnutls_digest_algorithm_t algo)
{
- if (algo == GNUTLS_DIG_SHA1 || algo == GNUTLS_DIG_SHA224 ||
- algo == GNUTLS_DIG_SHA256 || algo == GNUTLS_DIG_SHA384 ||
- algo == GNUTLS_DIG_SHA512)
- return 1;
- return 0;
+ if (algo == GNUTLS_DIG_SHA1 || algo == GNUTLS_DIG_SHA224 ||
+ algo == GNUTLS_DIG_SHA256 || algo == GNUTLS_DIG_SHA384 ||
+ algo == GNUTLS_DIG_SHA512)
+ return 1;
+ return 0;
}
-#endif /* GNUTLS_HASH_INT_H */
+#endif /* GNUTLS_HASH_INT_H */
diff --git a/lib/gnutls_helper.c b/lib/gnutls_helper.c
index 6a370ee865..d647fe3327 100644
--- a/lib/gnutls_helper.c
+++ b/lib/gnutls_helper.c
@@ -23,15 +23,14 @@
#include <gnutls_int.h>
#include <gnutls_helper.h>
-int
-_gnutls_file_exists (const char *file)
+int _gnutls_file_exists(const char *file)
{
- FILE *fd;
+ FILE *fd;
- fd = fopen (file, "r");
- if (fd == NULL)
- return -1;
+ fd = fopen(file, "r");
+ if (fd == NULL)
+ return -1;
- fclose (fd);
- return 0;
+ fclose(fd);
+ return 0;
}
diff --git a/lib/gnutls_helper.h b/lib/gnutls_helper.h
index c73a62c4b5..3529d6a494 100644
--- a/lib/gnutls_helper.h
+++ b/lib/gnutls_helper.h
@@ -20,4 +20,4 @@
*
*/
-int _gnutls_file_exists (const char *file);
+int _gnutls_file_exists(const char *file);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 2bda56f0fc..a095be190e 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -44,41 +44,40 @@ typedef int ssize_t;
#include <unistd.h>
#include <sys/stat.h>
#if HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#include <sys/socket.h>
#elif HAVE_WS2TCPIP_H
-# include <ws2tcpip.h>
+#include <ws2tcpip.h>
#endif
#include <time.h>
-#include <u64.h> /* gnulib for uint64_t */
+#include <u64.h> /* gnulib for uint64_t */
#ifdef HAVE_LIBNETTLE
-# include <nettle/memxor.h>
+#include <nettle/memxor.h>
#else
-# include <gl/memxor.h>
-# define memxor gl_memxor
+#include <gl/memxor.h>
+#define memxor gl_memxor
#endif
#ifdef __GNUC__
-# ifndef _GNUTLS_GCC_VERSION
-# define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
-# endif
-# if _GNUTLS_GCC_VERSION >= 30100
-# define likely(x) __builtin_expect((x), 1)
-# define unlikely(x) __builtin_expect((x), 0)
-# endif
+#ifndef _GNUTLS_GCC_VERSION
+#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#endif
+#if _GNUTLS_GCC_VERSION >= 30100
+#define likely(x) __builtin_expect((x), 1)
+#define unlikely(x) __builtin_expect((x), 0)
+#endif
#endif
#ifndef likely
-# define likely
-# define unlikely
+#define likely
+#define unlikely
#endif
/* some systems had problems with long long int, thus,
* it is not used.
*/
-typedef struct
-{
- unsigned char i[8];
+typedef struct {
+ unsigned char i[8];
} uint64;
#include <gnutls/gnutls.h>
@@ -148,29 +147,26 @@ typedef struct
* application level extensions before the "client_hello" callback
* is called.
*/
- typedef enum
- {
- GNUTLS_EXT_ANY = 0,
- GNUTLS_EXT_APPLICATION = 1,
- GNUTLS_EXT_TLS = 2,
- GNUTLS_EXT_MANDATORY = 3,
- GNUTLS_EXT_NONE = 4
- } gnutls_ext_parse_type_t;
+typedef enum {
+ GNUTLS_EXT_ANY = 0,
+ GNUTLS_EXT_APPLICATION = 1,
+ GNUTLS_EXT_TLS = 2,
+ GNUTLS_EXT_MANDATORY = 3,
+ GNUTLS_EXT_NONE = 4
+} gnutls_ext_parse_type_t;
/* expire time for resuming sessions */
#define DEFAULT_EXPIRE_TIME 3600
-typedef enum transport_t
-{
- GNUTLS_STREAM,
- GNUTLS_DGRAM
+typedef enum transport_t {
+ GNUTLS_STREAM,
+ GNUTLS_DGRAM
} transport_t;
-typedef enum record_flush_t
-{
- RECORD_FLUSH = 0,
- RECORD_CORKED,
+typedef enum record_flush_t {
+ RECORD_FLUSH = 0,
+ RECORD_CORKED,
} record_flush_t;
/* the maximum size of encrypted packets */
@@ -222,34 +218,30 @@ typedef enum record_flush_t
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
-typedef struct
-{
- uint8_t pint[3];
+typedef struct {
+ uint8_t pint[3];
} uint24;
#include <gnutls_mpi.h>
-typedef enum handshake_state_t
-{ STATE0 = 0, STATE1, STATE2,
- STATE3, STATE4, STATE5, STATE6, STATE7, STATE8,
- STATE9, STATE10, STATE11, STATE12, STATE13, STATE14,
- STATE15, STATE16, STATE17,
- STATE20 = 20, STATE21, STATE22,
- STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50,
- STATE60 = 60, STATE61, STATE62, STATE70, STATE71
+typedef enum handshake_state_t { STATE0 = 0, STATE1, STATE2,
+ STATE3, STATE4, STATE5, STATE6, STATE7, STATE8,
+ STATE9, STATE10, STATE11, STATE12, STATE13, STATE14,
+ STATE15, STATE16, STATE17,
+ STATE20 = 20, STATE21, STATE22,
+ STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50,
+ STATE60 = 60, STATE61, STATE62, STATE70, STATE71
} handshake_state_t;
-typedef enum heartbeat_state_t
-{
- SHB_SEND1 = 0,
- SHB_SEND2,
- SHB_RECV,
+typedef enum heartbeat_state_t {
+ SHB_SEND1 = 0,
+ SHB_SEND2,
+ SHB_RECV,
} heartbeat_state_t;
-typedef enum recv_state_t
-{
- RECV_STATE_0 = 0,
- RECV_STATE_DTLS_RETRANSMIT,
+typedef enum recv_state_t {
+ RECV_STATE_0 = 0,
+ RECV_STATE_DTLS_RETRANSMIT,
} recv_state_t;
#include <gnutls_str.h>
@@ -259,36 +251,33 @@ typedef enum recv_state_t
*/
#define MAX_ALGOS GNUTLS_MAX_ALGORITHM_NUM
-typedef enum extensions_t
-{
- GNUTLS_EXTENSION_SERVER_NAME = 0,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
- GNUTLS_EXTENSION_STATUS_REQUEST = 5,
- GNUTLS_EXTENSION_CERT_TYPE = 9,
- GNUTLS_EXTENSION_SUPPORTED_ECC = 10,
- GNUTLS_EXTENSION_SUPPORTED_ECC_PF = 11,
- GNUTLS_EXTENSION_SRP = 12,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
- GNUTLS_EXTENSION_SRTP = 14,
- GNUTLS_EXTENSION_HEARTBEAT = 15,
- GNUTLS_EXTENSION_ALPN = 16,
- GNUTLS_EXTENSION_SESSION_TICKET = 35,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING = 48015, /* aka: 0xbeaf */
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
+typedef enum extensions_t {
+ GNUTLS_EXTENSION_SERVER_NAME = 0,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
+ GNUTLS_EXTENSION_STATUS_REQUEST = 5,
+ GNUTLS_EXTENSION_CERT_TYPE = 9,
+ GNUTLS_EXTENSION_SUPPORTED_ECC = 10,
+ GNUTLS_EXTENSION_SUPPORTED_ECC_PF = 11,
+ GNUTLS_EXTENSION_SRP = 12,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
+ GNUTLS_EXTENSION_SRTP = 14,
+ GNUTLS_EXTENSION_HEARTBEAT = 15,
+ GNUTLS_EXTENSION_ALPN = 16,
+ GNUTLS_EXTENSION_SESSION_TICKET = 35,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING = 48015, /* aka: 0xbeaf */
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
} extensions_t;
-typedef enum
-{ CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
+typedef enum { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
#define RESUME_TRUE 1
#define RESUME_FALSE 0
/* Record Protocol */
-typedef enum content_type_t
-{
- GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
- GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
- GNUTLS_HEARTBEAT
+typedef enum content_type_t {
+ GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
+ GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
+ GNUTLS_HEARTBEAT
} content_type_t;
@@ -301,146 +290,140 @@ typedef enum content_type_t
* messages that can arrive in a single flight
*/
#define MAX_HANDSHAKE_MSGS 6
-typedef struct
-{
- /* Handshake layer type and sequence of message */
- gnutls_handshake_description_t htype;
- uint32_t length;
+typedef struct {
+ /* Handshake layer type and sequence of message */
+ gnutls_handshake_description_t htype;
+ uint32_t length;
- /* valid in DTLS */
- uint16_t sequence;
+ /* valid in DTLS */
+ uint16_t sequence;
- /* indicate whether that message is complete.
- * complete means start_offset == 0 and end_offset == length
- */
- uint32_t start_offset;
- uint32_t end_offset;
-
- uint8_t header[MAX_HANDSHAKE_HEADER_SIZE];
- int header_size;
+ /* indicate whether that message is complete.
+ * complete means start_offset == 0 and end_offset == length
+ */
+ uint32_t start_offset;
+ uint32_t end_offset;
- gnutls_buffer_st data;
+ uint8_t header[MAX_HANDSHAKE_HEADER_SIZE];
+ int header_size;
+
+ gnutls_buffer_st data;
} handshake_buffer_st;
-typedef struct mbuffer_st
-{
- /* when used in mbuffer_head_st */
- struct mbuffer_st *next;
- struct mbuffer_st *prev;
+typedef struct mbuffer_st {
+ /* when used in mbuffer_head_st */
+ struct mbuffer_st *next;
+ struct mbuffer_st *prev;
- /* msg->size - mark = number of bytes left to process in this
- message. Mark should only be non-zero when this buffer is the
- head of the queue. */
- size_t mark;
+ /* msg->size - mark = number of bytes left to process in this
+ message. Mark should only be non-zero when this buffer is the
+ head of the queue. */
+ size_t mark;
- /* the data */
- gnutls_datum_t msg;
- size_t maximum_size;
+ /* the data */
+ gnutls_datum_t msg;
+ size_t maximum_size;
- /* used during fill in, to separate header from data
- * body. */
- unsigned int uhead_mark;
+ /* used during fill in, to separate header from data
+ * body. */
+ unsigned int uhead_mark;
- /* Filled in by record layer on recv:
- * type, record_sequence
- */
+ /* Filled in by record layer on recv:
+ * type, record_sequence
+ */
- /* record layer content type */
- content_type_t type;
+ /* record layer content type */
+ content_type_t type;
- /* record layer sequence */
- uint64 record_sequence;
+ /* record layer sequence */
+ uint64 record_sequence;
- /* Filled in by handshake layer on send:
- * type, epoch, htype, handshake_sequence
- */
+ /* Filled in by handshake layer on send:
+ * type, epoch, htype, handshake_sequence
+ */
- /* Record layer epoch of message */
- uint16_t epoch;
+ /* Record layer epoch of message */
+ uint16_t epoch;
- /* Handshake layer type and sequence of message */
- gnutls_handshake_description_t htype;
- uint16_t handshake_sequence;
+ /* Handshake layer type and sequence of message */
+ gnutls_handshake_description_t htype;
+ uint16_t handshake_sequence;
} mbuffer_st;
-typedef struct mbuffer_head_st
-{
- mbuffer_st *head;
- mbuffer_st *tail;
+typedef struct mbuffer_head_st {
+ mbuffer_st *head;
+ mbuffer_st *tail;
- unsigned int length;
- size_t byte_length;
+ unsigned int length;
+ size_t byte_length;
} mbuffer_head_st;
/* Store & Retrieve functions defines:
*/
-typedef struct auth_cred_st
-{
- gnutls_credentials_type_t algorithm;
+typedef struct auth_cred_st {
+ gnutls_credentials_type_t algorithm;
- /* the type of credentials depends on algorithm
- */
- void *credentials;
- struct auth_cred_st *next;
+ /* the type of credentials depends on algorithm
+ */
+ void *credentials;
+ struct auth_cred_st *next;
} auth_cred_st;
-struct gnutls_key_st
-{
- /* For ECDH KX */
- gnutls_pk_params_st ecdh_params;
- bigint_t ecdh_x;
- bigint_t ecdh_y;
-
- /* For DH KX */
- gnutls_datum_t key;
- bigint_t KEY;
- bigint_t client_Y;
- bigint_t client_g;
- bigint_t client_p;
- bigint_t dh_secret;
- /* for SRP */
- bigint_t A;
- bigint_t B;
- bigint_t u;
- bigint_t b;
- bigint_t a;
- bigint_t x;
- /* RSA: e, m
- */
- bigint_t rsa[2];
-
- /* this is used to hold the peers authentication data
- */
- /* auth_info_t structures SHOULD NOT contain malloced
- * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
- * Remember that this should be calloced!
- */
- void *auth_info;
- gnutls_credentials_type_t auth_info_type;
- int auth_info_size; /* needed in order to store to db for restoring
- */
- uint8_t crypt_algo;
-
- auth_cred_st *cred; /* used to specify keys/certificates etc */
-
- int crt_requested;
- /* some ciphersuites use this
- * to provide client authentication.
- * 1 if client auth was requested
- * by the peer, 0 otherwise
- *** In case of a server this
- * holds 1 if we should wait
- * for a client certificate verify
- */
+struct gnutls_key_st {
+ /* For ECDH KX */
+ gnutls_pk_params_st ecdh_params;
+ bigint_t ecdh_x;
+ bigint_t ecdh_y;
+
+ /* For DH KX */
+ gnutls_datum_t key;
+ bigint_t KEY;
+ bigint_t client_Y;
+ bigint_t client_g;
+ bigint_t client_p;
+ bigint_t dh_secret;
+ /* for SRP */
+ bigint_t A;
+ bigint_t B;
+ bigint_t u;
+ bigint_t b;
+ bigint_t a;
+ bigint_t x;
+ /* RSA: e, m
+ */
+ bigint_t rsa[2];
+
+ /* this is used to hold the peers authentication data
+ */
+ /* auth_info_t structures SHOULD NOT contain malloced
+ * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
+ * Remember that this should be calloced!
+ */
+ void *auth_info;
+ gnutls_credentials_type_t auth_info_type;
+ int auth_info_size; /* needed in order to store to db for restoring
+ */
+ uint8_t crypt_algo;
+
+ auth_cred_st *cred; /* used to specify keys/certificates etc */
+
+ int crt_requested;
+ /* some ciphersuites use this
+ * to provide client authentication.
+ * 1 if client auth was requested
+ * by the peer, 0 otherwise
+ *** In case of a server this
+ * holds 1 if we should wait
+ * for a client certificate verify
+ */
};
typedef struct gnutls_key_st gnutls_key_st;
-struct pin_info_st
-{
- gnutls_pin_callback_t cb;
- void* data;
+struct pin_info_st {
+ gnutls_pin_callback_t cb;
+ void *data;
};
struct record_state_st;
@@ -450,43 +433,40 @@ struct record_parameters_st;
typedef struct record_parameters_st record_parameters_st;
/* cipher and mac parameters */
-typedef struct cipher_entry_st
-{
- const char *name;
- gnutls_cipher_algorithm_t id;
- uint16_t blocksize;
- uint16_t keysize;
- unsigned block:1;
- uint16_t iv; /* the size of implicit IV - TLS related */
- uint16_t cipher_iv; /* the size of IV needed by the cipher */
- unsigned aead:1; /* Whether it is authenc cipher */
+typedef struct cipher_entry_st {
+ const char *name;
+ gnutls_cipher_algorithm_t id;
+ uint16_t blocksize;
+ uint16_t keysize;
+ unsigned block:1;
+ uint16_t iv; /* the size of implicit IV - TLS related */
+ uint16_t cipher_iv; /* the size of IV needed by the cipher */
+ unsigned aead:1; /* Whether it is authenc cipher */
} cipher_entry_st;
-typedef struct mac_entry_st
-{
- const char *name;
- const char *oid; /* OID of the hash - if it is a hash */
- gnutls_mac_algorithm_t id;
- unsigned output_size;
- unsigned key_size;
- unsigned nonce_size;
- unsigned placeholder; /* if set, then not a real MAC */
- unsigned secure; /* if set the this algorithm is secure as hash */
- unsigned block_size; /* internal block size for HMAC */
+typedef struct mac_entry_st {
+ const char *name;
+ const char *oid; /* OID of the hash - if it is a hash */
+ gnutls_mac_algorithm_t id;
+ unsigned output_size;
+ unsigned key_size;
+ unsigned nonce_size;
+ unsigned placeholder; /* if set, then not a real MAC */
+ unsigned secure; /* if set the this algorithm is secure as hash */
+ unsigned block_size; /* internal block size for HMAC */
} mac_entry_st;
-typedef struct
-{
- const char *name;
- gnutls_protocol_t id; /* gnutls internal version number */
- uint8_t major; /* defined by the protocol */
- uint8_t minor; /* defined by the protocol */
- transport_t transport; /* Type of transport, stream or datagram */
- unsigned int supported:1; /* 0 not supported, > 0 is supported */
- unsigned int explicit_iv:1;
- unsigned int extensions:1; /* whether it supports extensions */
- unsigned int selectable_sighash:1; /* whether signatures can be selected */
- unsigned int selectable_prf:1; /* whether the PRF is ciphersuite-defined */
+typedef struct {
+ const char *name;
+ gnutls_protocol_t id; /* gnutls internal version number */
+ uint8_t major; /* defined by the protocol */
+ uint8_t minor; /* defined by the protocol */
+ transport_t transport; /* Type of transport, stream or datagram */
+ unsigned int supported:1; /* 0 not supported, > 0 is supported */
+ unsigned int explicit_iv:1;
+ unsigned int extensions:1; /* whether it supports extensions */
+ unsigned int selectable_sighash:1; /* whether signatures can be selected */
+ unsigned int selectable_prf:1; /* whether the PRF is ciphersuite-defined */
} version_entry_st;
@@ -496,10 +476,9 @@ typedef struct
#include <gnutls_cipher_int.h>
#include <gnutls_compress.h>
-typedef struct
-{
- uint8_t hash_algorithm;
- uint8_t sign_algorithm; /* pk algorithm actually */
+typedef struct {
+ uint8_t hash_algorithm;
+ uint8_t sign_algorithm; /* pk algorithm actually */
} sign_algorithm_st;
/* This structure holds parameters got from TLS extension
@@ -510,7 +489,7 @@ typedef struct
#define MAX_SIGNATURE_ALGORITHMS 16
#define MAX_SIGN_ALGO_SIZE (2 + MAX_SIGNATURE_ALGORITHMS * 2)
-#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
+#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
/* auth_info_t structures now MAY contain malloced
* elements.
@@ -530,70 +509,68 @@ typedef struct
* handshake has finished. The only value you may depend on while
* the handshake is in progress is the cipher suite value.
*/
-typedef struct
-{
- unsigned int entity; /* GNUTLS_SERVER or GNUTLS_CLIENT */
- gnutls_kx_algorithm_t kx_algorithm;
-
- /* The epoch used to read and write */
- uint16_t epoch_read;
- uint16_t epoch_write;
-
- /* The epoch that the next handshake will initialize. */
- uint16_t epoch_next;
-
- /* The epoch at index 0 of record_parameters. */
- uint16_t epoch_min;
-
- /* this is the ciphersuite we are going to use
- * moved here from internals in order to be restored
- * on resume;
- */
- uint8_t cipher_suite[2];
- gnutls_compression_method_t compression_method;
- uint8_t master_secret[GNUTLS_MASTER_SIZE];
- uint8_t client_random[GNUTLS_RANDOM_SIZE];
- uint8_t server_random[GNUTLS_RANDOM_SIZE];
- uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
- uint8_t session_id_size;
- time_t timestamp;
-
- /* if non-zero the new record padding is used */
- uint8_t new_record_padding;
-
- /* The send size is the one requested by the programmer.
- * The recv size is the one negotiated with the peer.
- */
- uint16_t max_record_send_size;
- uint16_t max_record_recv_size;
- /* holds the negotiated certificate type */
- gnutls_certificate_type_t cert_type;
- gnutls_ecc_curve_t ecc_curve; /* holds the first supported ECC curve requested by client */
-
- /* Holds the signature algorithm used in this session - If any */
- gnutls_sign_algorithm_t server_sign_algo;
- gnutls_sign_algorithm_t client_sign_algo;
-
- /* FIXME: The following are not saved in the session storage
- * for session resumption.
- */
-
- /* Used by extensions that enable supplemental data: Which ones
- * do that? Do they belong in security parameters?
- */
- int do_recv_supplemental, do_send_supplemental;
- const version_entry_st* pversion;
+typedef struct {
+ unsigned int entity; /* GNUTLS_SERVER or GNUTLS_CLIENT */
+ gnutls_kx_algorithm_t kx_algorithm;
+
+ /* The epoch used to read and write */
+ uint16_t epoch_read;
+ uint16_t epoch_write;
+
+ /* The epoch that the next handshake will initialize. */
+ uint16_t epoch_next;
+
+ /* The epoch at index 0 of record_parameters. */
+ uint16_t epoch_min;
+
+ /* this is the ciphersuite we are going to use
+ * moved here from internals in order to be restored
+ * on resume;
+ */
+ uint8_t cipher_suite[2];
+ gnutls_compression_method_t compression_method;
+ uint8_t master_secret[GNUTLS_MASTER_SIZE];
+ uint8_t client_random[GNUTLS_RANDOM_SIZE];
+ uint8_t server_random[GNUTLS_RANDOM_SIZE];
+ uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
+ uint8_t session_id_size;
+ time_t timestamp;
+
+ /* if non-zero the new record padding is used */
+ uint8_t new_record_padding;
+
+ /* The send size is the one requested by the programmer.
+ * The recv size is the one negotiated with the peer.
+ */
+ uint16_t max_record_send_size;
+ uint16_t max_record_recv_size;
+ /* holds the negotiated certificate type */
+ gnutls_certificate_type_t cert_type;
+ gnutls_ecc_curve_t ecc_curve; /* holds the first supported ECC curve requested by client */
+
+ /* Holds the signature algorithm used in this session - If any */
+ gnutls_sign_algorithm_t server_sign_algo;
+ gnutls_sign_algorithm_t client_sign_algo;
+
+ /* FIXME: The following are not saved in the session storage
+ * for session resumption.
+ */
+
+ /* Used by extensions that enable supplemental data: Which ones
+ * do that? Do they belong in security parameters?
+ */
+ int do_recv_supplemental, do_send_supplemental;
+ const version_entry_st *pversion;
} security_parameters_st;
-struct record_state_st
-{
- gnutls_datum_t mac_secret;
- gnutls_datum_t IV;
- gnutls_datum_t key;
- auth_cipher_hd_st cipher_state;
- comp_hd_st compression_state;
- uint64 sequence_number;
- uint8_t new_record_padding;
+struct record_state_st {
+ gnutls_datum_t mac_secret;
+ gnutls_datum_t IV;
+ gnutls_datum_t key;
+ auth_cipher_hd_st cipher_state;
+ comp_hd_st compression_state;
+ uint64 sequence_number;
+ uint8_t new_record_padding;
};
@@ -605,77 +582,73 @@ struct record_state_st
#define EPOCH_WRITE_CURRENT 70001
#define EPOCH_NEXT 70002
-struct record_parameters_st
-{
- uint16_t epoch;
- int initialized;
+struct record_parameters_st {
+ uint16_t epoch;
+ int initialized;
- gnutls_compression_method_t compression_algorithm;
+ gnutls_compression_method_t compression_algorithm;
- const cipher_entry_st* cipher;
- const mac_entry_st* mac;
+ const cipher_entry_st *cipher;
+ const mac_entry_st *mac;
- /* for DTLS */
- uint64_t record_sw[DTLS_RECORD_WINDOW_SIZE];
- unsigned int record_sw_head_idx;
- unsigned int record_sw_size;
+ /* for DTLS */
+ uint64_t record_sw[DTLS_RECORD_WINDOW_SIZE];
+ unsigned int record_sw_head_idx;
+ unsigned int record_sw_size;
- record_state_st read;
- record_state_st write;
-
- /* Whether this state is in use, i.e., if there is
- a pending handshake message waiting to be encrypted
- under this epoch's parameters.
- */
- int usage_cnt;
+ record_state_st read;
+ record_state_st write;
+
+ /* Whether this state is in use, i.e., if there is
+ a pending handshake message waiting to be encrypted
+ under this epoch's parameters.
+ */
+ int usage_cnt;
};
-typedef struct
-{
- unsigned int priority[MAX_ALGOS];
- unsigned int algorithms;
+typedef struct {
+ unsigned int priority[MAX_ALGOS];
+ unsigned int algorithms;
} priority_st;
-typedef enum
-{
- SR_DISABLED,
- SR_UNSAFE,
- SR_PARTIAL,
- SR_SAFE
+typedef enum {
+ SR_DISABLED,
+ SR_UNSAFE,
+ SR_PARTIAL,
+ SR_SAFE
} safe_renegotiation_t;
/* For the external api */
-struct gnutls_priority_st
-{
- priority_st cipher;
- priority_st mac;
- priority_st kx;
- priority_st compression;
- priority_st protocol;
- priority_st cert_type;
- priority_st sign_algo;
- priority_st supported_ecc;
-
- /* to disable record padding */
- unsigned int no_extensions:1;
- unsigned int allow_large_records:1;
- unsigned int new_record_padding:1;
- unsigned int max_empty_records;
- safe_renegotiation_t sr;
- unsigned int ssl3_record_version:1;
- unsigned int server_precedence:1;
- unsigned int allow_weak_keys:1;
- unsigned int allow_wrong_pms:1;
- /* Whether stateless compression will be used */
- unsigned int stateless_compression:1;
- unsigned int additional_verify_flags;
-
- /* The session's expected security level.
- * Will be used to determine the minimum DH bits,
- * (or the acceptable certificate security level).
- */
- gnutls_sec_param_t level;
- unsigned int dh_prime_bits; /* old (deprecated) variable */
+struct gnutls_priority_st {
+ priority_st cipher;
+ priority_st mac;
+ priority_st kx;
+ priority_st compression;
+ priority_st protocol;
+ priority_st cert_type;
+ priority_st sign_algo;
+ priority_st supported_ecc;
+
+ /* to disable record padding */
+ unsigned int no_extensions:1;
+ unsigned int allow_large_records:1;
+ unsigned int new_record_padding:1;
+ unsigned int max_empty_records;
+ safe_renegotiation_t sr;
+ unsigned int ssl3_record_version:1;
+ unsigned int server_precedence:1;
+ unsigned int allow_weak_keys:1;
+ unsigned int allow_wrong_pms:1;
+ /* Whether stateless compression will be used */
+ unsigned int stateless_compression:1;
+ unsigned int additional_verify_flags;
+
+ /* The session's expected security level.
+ * Will be used to determine the minimum DH bits,
+ * (or the acceptable certificate security level).
+ */
+ gnutls_sec_param_t level;
+ unsigned int dh_prime_bits; /* old (deprecated) variable */
};
/* Allow around 50KB of length-hiding padding
@@ -690,338 +663,330 @@ struct gnutls_priority_st
/* DH and RSA parameters types.
*/
-typedef struct gnutls_dh_params_int
-{
- /* [0] is the prime, [1] is the generator.
- */
- bigint_t params[2];
- int q_bits; /* length of q in bits. If zero then length is unknown.
- */
+typedef struct gnutls_dh_params_int {
+ /* [0] is the prime, [1] is the generator.
+ */
+ bigint_t params[2];
+ int q_bits; /* length of q in bits. If zero then length is unknown.
+ */
} dh_params_st;
-typedef struct
-{
- gnutls_dh_params_t dh_params;
- int free_dh_params;
+typedef struct {
+ gnutls_dh_params_t dh_params;
+ int free_dh_params;
} internal_params_st;
/* DTLS session state
*/
-typedef struct
-{
- /* HelloVerifyRequest DOS prevention cookie */
- uint8_t cookie[DTLS_MAX_COOKIE_SIZE];
- uint8_t cookie_len;
-
- /* For DTLS handshake fragmentation and reassembly. */
- uint16_t hsk_write_seq;
- /* the sequence number of the expected packet */
- unsigned int hsk_read_seq;
- uint16_t mtu;
-
- /* a flight transmission is in process */
- unsigned int flight_init:1;
- /* whether this is the last flight in the protocol */
- unsigned int last_flight:1;
-
- /* the retransmission timeout in milliseconds */
- unsigned int retrans_timeout_ms;
- /* the connection timeout in milliseconds */
- unsigned int total_timeout_ms;
-
- unsigned int hsk_hello_verify_requests;
-
- /* non blocking stuff variables */
- unsigned int blocking:1;
- /* starting time of current handshake */
- struct timespec handshake_start_time;
-
- /* The actual retrans_timeout for the next message (e.g. doubled or so)
- */
- unsigned int actual_retrans_timeout_ms;
-
- /* timers to handle async handshake after gnutls_handshake()
- * has terminated. Required to handle retransmissions.
- */
- time_t async_term;
-
- /* last retransmission triggered by record layer */
- struct timespec last_retransmit;
- unsigned int packets_dropped;
+typedef struct {
+ /* HelloVerifyRequest DOS prevention cookie */
+ uint8_t cookie[DTLS_MAX_COOKIE_SIZE];
+ uint8_t cookie_len;
+
+ /* For DTLS handshake fragmentation and reassembly. */
+ uint16_t hsk_write_seq;
+ /* the sequence number of the expected packet */
+ unsigned int hsk_read_seq;
+ uint16_t mtu;
+
+ /* a flight transmission is in process */
+ unsigned int flight_init:1;
+ /* whether this is the last flight in the protocol */
+ unsigned int last_flight:1;
+
+ /* the retransmission timeout in milliseconds */
+ unsigned int retrans_timeout_ms;
+ /* the connection timeout in milliseconds */
+ unsigned int total_timeout_ms;
+
+ unsigned int hsk_hello_verify_requests;
+
+ /* non blocking stuff variables */
+ unsigned int blocking:1;
+ /* starting time of current handshake */
+ struct timespec handshake_start_time;
+
+ /* The actual retrans_timeout for the next message (e.g. doubled or so)
+ */
+ unsigned int actual_retrans_timeout_ms;
+
+ /* timers to handle async handshake after gnutls_handshake()
+ * has terminated. Required to handle retransmissions.
+ */
+ time_t async_term;
+
+ /* last retransmission triggered by record layer */
+ struct timespec last_retransmit;
+ unsigned int packets_dropped;
} dtls_st;
-typedef union
-{
- void *ptr;
- uint32_t num;
+typedef union {
+ void *ptr;
+ uint32_t num;
} extension_priv_data_t;
-typedef struct
-{
- /* holds all the parsed data received by the record layer */
- mbuffer_head_st record_buffer;
-
- int handshake_hash_buffer_prev_len; /* keeps the length of handshake_hash_buffer, excluding
- * the last received message */
- gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
- * message */
- unsigned int resumable:1; /* TRUE or FALSE - if we can resume that session */
- unsigned int ticket_sent:1; /* whether a session ticket was sent */
- handshake_state_t handshake_final_state;
- handshake_state_t handshake_state; /* holds
- * a number which indicates where
- * the handshake procedure has been
- * interrupted. If it is 0 then
- * no interruption has happened.
- */
-
- int invalid_connection:1; /* true or FALSE - if this session is valid */
-
- int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
- */
- int may_not_write:1;
- int read_eof:1; /* non-zero if we have received a closure alert. */
-
- int last_alert; /* last alert received */
-
- /* The last handshake messages sent or received.
- */
- int last_handshake_in;
- int last_handshake_out;
-
- /* priorities */
- struct gnutls_priority_st priorities;
-
- /* resumed session */
- unsigned int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
- unsigned int resumption_requested:1; /* non-zero if resumption was requested by client */
- security_parameters_st resumed_security_parameters;
-
- /* These buffers are used in the handshake
- * protocol only. freed using _gnutls_handshake_io_buffer_clear();
- */
- mbuffer_head_st handshake_send_buffer;
- handshake_buffer_st handshake_recv_buffer[MAX_HANDSHAKE_MSGS];
- int handshake_recv_buffer_size;
-
- /* this buffer holds a record packet -mostly used for
- * non blocking IO.
- */
- mbuffer_head_st record_recv_buffer; /* buffer holding the unparsed record that is currently
- * being received */
- mbuffer_head_st record_send_buffer; /* holds cached data
- * for the gnutls_io_write_buffered()
- * function.
- */
- size_t record_send_buffer_user_size; /* holds the
- * size of the user specified data to
- * send.
- */
-
- record_flush_t record_flush_mode; /* GNUTLS_FLUSH or GNUTLS_CORKED */
- gnutls_buffer_st record_presend_buffer;/* holds cached data
- * for the gnutls_record_send()
- * function.
- */
-
- unsigned expire_time; /* after expire_time seconds this session will expire */
- struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
-
- /* this is the highest version available
- * to the peer. (advertized version).
- * This is obtained by the Handshake Client Hello
- * message. (some implementations read the Record version)
- */
- uint8_t adv_version_major;
- uint8_t adv_version_minor;
-
- /* if this is non zero a certificate request message
- * will be sent to the client. - only if the ciphersuite
- * supports it. In server side it contains GNUTLS_CERT_REQUIRE
- * or similar.
- */
- unsigned send_cert_req;
-
- size_t max_handshake_data_buffer_size;
-
- /* PUSH & PULL functions.
- */
- gnutls_pull_timeout_func pull_timeout_func;
- gnutls_pull_func pull_func;
- gnutls_push_func push_func;
- gnutls_vec_push_func vec_push_func;
- gnutls_errno_func errno_func;
- /* Holds the first argument of PUSH and PULL
- * functions;
- */
- gnutls_transport_ptr_t transport_recv_ptr;
- gnutls_transport_ptr_t transport_send_ptr;
-
- /* STORE & RETRIEVE functions. Only used if other
- * backend than gdbm is used.
- */
- gnutls_db_store_func db_store_func;
- gnutls_db_retr_func db_retrieve_func;
- gnutls_db_remove_func db_remove_func;
- void *db_ptr;
-
- /* post client hello callback (server side only)
- */
- gnutls_handshake_post_client_hello_func user_hello_func;
- /* handshake hook function */
- gnutls_handshake_hook_func h_hook;
- unsigned int h_type; /* the hooked type */
- int16_t h_post; /* whether post-generation/receive */
-
- /* holds the selected certificate and key.
- * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
- * to change them.
- */
- gnutls_pcert_st *selected_cert_list;
- int16_t selected_cert_list_length;
- struct gnutls_privkey_st *selected_key;
- unsigned selected_need_free:1;
-
- /* holds the extensions we sent to the peer
- * (in case of a client)
- */
- uint16_t extensions_sent[MAX_EXT_TYPES];
- uint16_t extensions_sent_size;
-
- /* is 0 if we are to send the whole PGP key, or non zero
- * if the fingerprint is to be sent.
- */
- unsigned pgp_fingerprint:1;
-
- /* This holds the default version that our first
- * record packet will have. */
- uint8_t default_record_version[2];
-
- void *user_ptr;
-
- unsigned enable_private:1; /* non zero to
- * enable cipher suites
- * which have 0xFF status.
- */
-
- /* Holds 0 if the last called function was interrupted while
- * receiving, and non zero otherwise.
- */
- unsigned direction:1;
-
- /* This callback will be used (if set) to receive an
- * openpgp key. (if the peer sends a fingerprint)
- */
- gnutls_openpgp_recv_key_func openpgp_recv_key_func;
-
- /* If non zero the server will not advertise the CA's he
- * trusts (do not send an RDN sequence).
- */
- unsigned ignore_rdn_sequence:1;
-
- /* This is used to set an arbitary version in the RSA
- * PMS secret. Can be used by clients to test whether the
- * server checks that version. (** only used in gnutls-cli-debug)
- */
- uint8_t rsa_pms_version[2];
-
- /* Here we cache the DH or RSA parameters got from the
- * credentials structure, or from a callback. That is to
- * minimize external calls.
- */
- internal_params_st params;
-
- /* To avoid using global variables, and especially on Windows where
- * the application may use a different errno variable than GnuTLS,
- * it is possible to use gnutls_transport_set_errno to set a
- * session-specific errno variable in the user-replaceable push/pull
- * functions. This value is used by the send/recv functions. (The
- * strange name of this variable is because 'errno' is typically
- * #define'd.)
- */
- int errnum;
-
- /* Function used to perform public-key signing operation during
- handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also
- gnutls_sign_callback_set(). */
- gnutls_sign_func sign_func;
- void *sign_func_userdata;
-
- /* minimum bits to allow for SRP
- * use gnutls_srp_set_prime_bits() to adjust it.
- */
- uint16_t srp_prime_bits;
-
- /* A handshake process has been completed */
- unsigned int initial_negotiation_completed:1;
-
- struct
- {
- uint16_t type;
- extension_priv_data_t priv;
- unsigned set:1;
- } extension_int_data[MAX_EXT_TYPES];
-
- struct
- {
- uint16_t type;
- extension_priv_data_t priv;
- unsigned set:1;
- } resumed_extension_int_data[MAX_EXT_TYPES];
- /* The type of transport protocol; stream or datagram */
- transport_t transport;
-
- /* DTLS session state */
- dtls_st dtls;
-
- /* if set it means that the master key was set using
- * gnutls_session_set_master() rather than being negotiated. */
- unsigned int premaster_set:1;
-
- unsigned int cb_tls_unique_len;
- unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
-
- time_t handshake_endtime; /* end time in seconds */
- unsigned int handshake_timeout_ms; /* timeout in milliseconds */
- unsigned int record_timeout_ms; /* timeout in milliseconds */
-
- gnutls_buffer_st hb_local_data;
- gnutls_buffer_st hb_remote_data;
- struct timespec hb_ping_start; /* timestamp: when first HeartBeat ping was sent*/
- struct timespec hb_ping_sent; /* timestamp: when last HeartBeat ping was sent*/
- unsigned int hb_actual_retrans_timeout_ms; /* current timeout, in milliseconds*/
- unsigned int hb_retrans_timeout_ms; /* the default timeout, in milliseconds*/
- unsigned int hb_total_timeout_ms; /* the total timeout, in milliseconds*/
-
- unsigned int ocsp_check_ok:1; /* will be zero if the OCSP response TLS extension
- * check failed (OCSP was old/unrelated or so). */
-
- heartbeat_state_t hb_state; /* for ping */
-
- recv_state_t recv_state; /* state of the receive function */
-
- unsigned int sc_random_set:1;
- unsigned int no_replay_protection:1; /* DTLS replay protection */
-
- /* If you add anything here, check _gnutls_handshake_internal_state_clear().
- */
+typedef struct {
+ /* holds all the parsed data received by the record layer */
+ mbuffer_head_st record_buffer;
+
+ int handshake_hash_buffer_prev_len; /* keeps the length of handshake_hash_buffer, excluding
+ * the last received message */
+ gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
+ * message */
+ unsigned int resumable:1; /* TRUE or FALSE - if we can resume that session */
+ unsigned int ticket_sent:1; /* whether a session ticket was sent */
+ handshake_state_t handshake_final_state;
+ handshake_state_t handshake_state; /* holds
+ * a number which indicates where
+ * the handshake procedure has been
+ * interrupted. If it is 0 then
+ * no interruption has happened.
+ */
+
+ int invalid_connection:1; /* true or FALSE - if this session is valid */
+
+ int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
+ */
+ int may_not_write:1;
+ int read_eof:1; /* non-zero if we have received a closure alert. */
+
+ int last_alert; /* last alert received */
+
+ /* The last handshake messages sent or received.
+ */
+ int last_handshake_in;
+ int last_handshake_out;
+
+ /* priorities */
+ struct gnutls_priority_st priorities;
+
+ /* resumed session */
+ unsigned int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
+ unsigned int resumption_requested:1; /* non-zero if resumption was requested by client */
+ security_parameters_st resumed_security_parameters;
+
+ /* These buffers are used in the handshake
+ * protocol only. freed using _gnutls_handshake_io_buffer_clear();
+ */
+ mbuffer_head_st handshake_send_buffer;
+ handshake_buffer_st handshake_recv_buffer[MAX_HANDSHAKE_MSGS];
+ int handshake_recv_buffer_size;
+
+ /* this buffer holds a record packet -mostly used for
+ * non blocking IO.
+ */
+ mbuffer_head_st record_recv_buffer; /* buffer holding the unparsed record that is currently
+ * being received */
+ mbuffer_head_st record_send_buffer; /* holds cached data
+ * for the gnutls_io_write_buffered()
+ * function.
+ */
+ size_t record_send_buffer_user_size; /* holds the
+ * size of the user specified data to
+ * send.
+ */
+
+ record_flush_t record_flush_mode; /* GNUTLS_FLUSH or GNUTLS_CORKED */
+ gnutls_buffer_st record_presend_buffer; /* holds cached data
+ * for the gnutls_record_send()
+ * function.
+ */
+
+ unsigned expire_time; /* after expire_time seconds this session will expire */
+ struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
+
+ /* this is the highest version available
+ * to the peer. (advertized version).
+ * This is obtained by the Handshake Client Hello
+ * message. (some implementations read the Record version)
+ */
+ uint8_t adv_version_major;
+ uint8_t adv_version_minor;
+
+ /* if this is non zero a certificate request message
+ * will be sent to the client. - only if the ciphersuite
+ * supports it. In server side it contains GNUTLS_CERT_REQUIRE
+ * or similar.
+ */
+ unsigned send_cert_req;
+
+ size_t max_handshake_data_buffer_size;
+
+ /* PUSH & PULL functions.
+ */
+ gnutls_pull_timeout_func pull_timeout_func;
+ gnutls_pull_func pull_func;
+ gnutls_push_func push_func;
+ gnutls_vec_push_func vec_push_func;
+ gnutls_errno_func errno_func;
+ /* Holds the first argument of PUSH and PULL
+ * functions;
+ */
+ gnutls_transport_ptr_t transport_recv_ptr;
+ gnutls_transport_ptr_t transport_send_ptr;
+
+ /* STORE & RETRIEVE functions. Only used if other
+ * backend than gdbm is used.
+ */
+ gnutls_db_store_func db_store_func;
+ gnutls_db_retr_func db_retrieve_func;
+ gnutls_db_remove_func db_remove_func;
+ void *db_ptr;
+
+ /* post client hello callback (server side only)
+ */
+ gnutls_handshake_post_client_hello_func user_hello_func;
+ /* handshake hook function */
+ gnutls_handshake_hook_func h_hook;
+ unsigned int h_type; /* the hooked type */
+ int16_t h_post; /* whether post-generation/receive */
+
+ /* holds the selected certificate and key.
+ * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
+ * to change them.
+ */
+ gnutls_pcert_st *selected_cert_list;
+ int16_t selected_cert_list_length;
+ struct gnutls_privkey_st *selected_key;
+ unsigned selected_need_free:1;
+
+ /* holds the extensions we sent to the peer
+ * (in case of a client)
+ */
+ uint16_t extensions_sent[MAX_EXT_TYPES];
+ uint16_t extensions_sent_size;
+
+ /* is 0 if we are to send the whole PGP key, or non zero
+ * if the fingerprint is to be sent.
+ */
+ unsigned pgp_fingerprint:1;
+
+ /* This holds the default version that our first
+ * record packet will have. */
+ uint8_t default_record_version[2];
+
+ void *user_ptr;
+
+ unsigned enable_private:1; /* non zero to
+ * enable cipher suites
+ * which have 0xFF status.
+ */
+
+ /* Holds 0 if the last called function was interrupted while
+ * receiving, and non zero otherwise.
+ */
+ unsigned direction:1;
+
+ /* This callback will be used (if set) to receive an
+ * openpgp key. (if the peer sends a fingerprint)
+ */
+ gnutls_openpgp_recv_key_func openpgp_recv_key_func;
+
+ /* If non zero the server will not advertise the CA's he
+ * trusts (do not send an RDN sequence).
+ */
+ unsigned ignore_rdn_sequence:1;
+
+ /* This is used to set an arbitary version in the RSA
+ * PMS secret. Can be used by clients to test whether the
+ * server checks that version. (** only used in gnutls-cli-debug)
+ */
+ uint8_t rsa_pms_version[2];
+
+ /* Here we cache the DH or RSA parameters got from the
+ * credentials structure, or from a callback. That is to
+ * minimize external calls.
+ */
+ internal_params_st params;
+
+ /* To avoid using global variables, and especially on Windows where
+ * the application may use a different errno variable than GnuTLS,
+ * it is possible to use gnutls_transport_set_errno to set a
+ * session-specific errno variable in the user-replaceable push/pull
+ * functions. This value is used by the send/recv functions. (The
+ * strange name of this variable is because 'errno' is typically
+ * #define'd.)
+ */
+ int errnum;
+
+ /* Function used to perform public-key signing operation during
+ handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also
+ gnutls_sign_callback_set(). */
+ gnutls_sign_func sign_func;
+ void *sign_func_userdata;
+
+ /* minimum bits to allow for SRP
+ * use gnutls_srp_set_prime_bits() to adjust it.
+ */
+ uint16_t srp_prime_bits;
+
+ /* A handshake process has been completed */
+ unsigned int initial_negotiation_completed:1;
+
+ struct {
+ uint16_t type;
+ extension_priv_data_t priv;
+ unsigned set:1;
+ } extension_int_data[MAX_EXT_TYPES];
+
+ struct {
+ uint16_t type;
+ extension_priv_data_t priv;
+ unsigned set:1;
+ } resumed_extension_int_data[MAX_EXT_TYPES];
+ /* The type of transport protocol; stream or datagram */
+ transport_t transport;
+
+ /* DTLS session state */
+ dtls_st dtls;
+
+ /* if set it means that the master key was set using
+ * gnutls_session_set_master() rather than being negotiated. */
+ unsigned int premaster_set:1;
+
+ unsigned int cb_tls_unique_len;
+ unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
+
+ time_t handshake_endtime; /* end time in seconds */
+ unsigned int handshake_timeout_ms; /* timeout in milliseconds */
+ unsigned int record_timeout_ms; /* timeout in milliseconds */
+
+ gnutls_buffer_st hb_local_data;
+ gnutls_buffer_st hb_remote_data;
+ struct timespec hb_ping_start; /* timestamp: when first HeartBeat ping was sent */
+ struct timespec hb_ping_sent; /* timestamp: when last HeartBeat ping was sent */
+ unsigned int hb_actual_retrans_timeout_ms; /* current timeout, in milliseconds */
+ unsigned int hb_retrans_timeout_ms; /* the default timeout, in milliseconds */
+ unsigned int hb_total_timeout_ms; /* the total timeout, in milliseconds */
+
+ unsigned int ocsp_check_ok:1; /* will be zero if the OCSP response TLS extension
+ * check failed (OCSP was old/unrelated or so). */
+
+ heartbeat_state_t hb_state; /* for ping */
+
+ recv_state_t recv_state; /* state of the receive function */
+
+ unsigned int sc_random_set:1;
+ unsigned int no_replay_protection:1; /* DTLS replay protection */
+
+ /* If you add anything here, check _gnutls_handshake_internal_state_clear().
+ */
} internals_st;
/* Maximum number of epochs we keep around. */
#define MAX_EPOCH_INDEX 16
-struct gnutls_session_int
-{
- security_parameters_st security_parameters;
- record_parameters_st *record_parameters[MAX_EPOCH_INDEX];
- internals_st internals;
- gnutls_key_st key;
+struct gnutls_session_int {
+ security_parameters_st security_parameters;
+ record_parameters_st *record_parameters[MAX_EPOCH_INDEX];
+ internals_st internals;
+ gnutls_key_st key;
};
/* functions
*/
-void _gnutls_free_auth_info (gnutls_session_t session);
+void _gnutls_free_auth_info(gnutls_session_t session);
/* These two macros return the advertised TLS version of
* the peer.
@@ -1036,21 +1001,19 @@ void _gnutls_free_auth_info (gnutls_session_t session);
session->internals.adv_version_major = major; \
session->internals.adv_version_minor = minor
-int _gnutls_is_secure_mem_null (const void *);
+int _gnutls_is_secure_mem_null(const void *);
-inline static const version_entry_st*
-get_version (gnutls_session_t session)
+inline static const version_entry_st *get_version(gnutls_session_t session)
{
- return session->security_parameters.pversion;
+ return session->security_parameters.pversion;
}
-inline static unsigned
-get_num_version (gnutls_session_t session)
+inline static unsigned get_num_version(gnutls_session_t session)
{
- if (likely(session->security_parameters.pversion != NULL))
- return session->security_parameters.pversion->id;
- else
- return GNUTLS_VERSION_UNKNOWN;
+ if (likely(session->security_parameters.pversion != NULL))
+ return session->security_parameters.pversion->id;
+ else
+ return GNUTLS_VERSION_UNKNOWN;
}
#define _gnutls_set_current_version(s, v) { \
@@ -1060,28 +1023,31 @@ get_num_version (gnutls_session_t session)
#define timespec_sub_ms _gnutls_timespec_sub_ms
unsigned int
/* returns a-b in ms */
-timespec_sub_ms (struct timespec *a, struct timespec *b);
+ timespec_sub_ms(struct timespec *a, struct timespec *b);
#include <algorithms.h>
-inline static size_t max_user_send_size(gnutls_session_t session, record_parameters_st *record_params)
+inline static size_t max_user_send_size(gnutls_session_t session,
+ record_parameters_st *
+ record_params)
{
-size_t max;
+ size_t max;
- if (IS_DTLS(session))
- max = gnutls_dtls_get_data_mtu(session);
- else
- {
- max = session->security_parameters.max_record_send_size;
- /* DTLS data MTU accounts for those */
+ if (IS_DTLS(session))
+ max = gnutls_dtls_get_data_mtu(session);
+ else {
+ max = session->security_parameters.max_record_send_size;
+ /* DTLS data MTU accounts for those */
- if (record_params->write.new_record_padding != 0)
- max -= 2;
+ if (record_params->write.new_record_padding != 0)
+ max -= 2;
- if (_gnutls_cipher_is_block (record_params->cipher))
- max -= _gnutls_cipher_get_block_size(record_params->cipher);
- }
+ if (_gnutls_cipher_is_block(record_params->cipher))
+ max -=
+ _gnutls_cipher_get_block_size(record_params->
+ cipher);
+ }
- return max;
+ return max;
}
-#endif /* GNUTLS_INT_H */
+#endif /* GNUTLS_INT_H */
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index a50ed3ec9c..778783bf5c 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -40,30 +40,28 @@
internal API is changed to use mbuffers. For now we don't avoid the
extra alloc + memcpy. */
static inline int
-send_handshake (gnutls_session_t session, uint8_t * data, size_t size,
- gnutls_handshake_description_t type)
+send_handshake(gnutls_session_t session, uint8_t * data, size_t size,
+ gnutls_handshake_description_t type)
{
- mbuffer_st *bufel;
+ mbuffer_st *bufel;
- if (data == NULL && size == 0)
- return _gnutls_send_handshake (session, NULL, type);
+ if (data == NULL && size == 0)
+ return _gnutls_send_handshake(session, NULL, type);
- if (data == NULL && size > 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (data == NULL && size > 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- bufel = _gnutls_handshake_alloc(session, size, size);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ bufel = _gnutls_handshake_alloc(session, size, size);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _mbuffer_set_udata (bufel, data, size);
+ _mbuffer_set_udata(bufel, data, size);
- return _gnutls_send_handshake (session, bufel, type);
+ return _gnutls_send_handshake(session, bufel, type);
}
@@ -72,90 +70,97 @@ send_handshake (gnutls_session_t session, uint8_t * data, size_t size,
#define MASTER_SECRET "master secret"
#define MASTER_SECRET_SIZE (sizeof(MASTER_SECRET)-1)
-static int generate_normal_master (gnutls_session_t session, gnutls_datum_t*, int);
+static int generate_normal_master(gnutls_session_t session,
+ gnutls_datum_t *, int);
-int
-_gnutls_generate_master (gnutls_session_t session, int keep_premaster)
+int _gnutls_generate_master(gnutls_session_t session, int keep_premaster)
{
- if (session->internals.resumed == RESUME_FALSE)
- return generate_normal_master (session, &session->key.key, keep_premaster);
- else if (session->internals.premaster_set)
- {
- gnutls_datum_t premaster;
- premaster.size = sizeof(session->internals.resumed_security_parameters.master_secret);
- premaster.data = session->internals.resumed_security_parameters.master_secret;
- return generate_normal_master(session, &premaster, 1);
- }
- return 0;
+ if (session->internals.resumed == RESUME_FALSE)
+ return generate_normal_master(session, &session->key.key,
+ keep_premaster);
+ else if (session->internals.premaster_set) {
+ gnutls_datum_t premaster;
+ premaster.size =
+ sizeof(session->internals.resumed_security_parameters.
+ master_secret);
+ premaster.data =
+ session->internals.resumed_security_parameters.
+ master_secret;
+ return generate_normal_master(session, &premaster, 1);
+ }
+ return 0;
}
/* here we generate the TLS Master secret.
*/
static int
-generate_normal_master (gnutls_session_t session, gnutls_datum_t *premaster,
- int keep_premaster)
+generate_normal_master(gnutls_session_t session,
+ gnutls_datum_t * premaster, int keep_premaster)
{
- int ret = 0;
- char buf[512];
-
- _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", premaster->size,
- _gnutls_bin2hex (premaster->data, premaster->size, buf,
- sizeof (buf), NULL));
- _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32,
- _gnutls_bin2hex (session->
- security_parameters.client_random, 32,
- buf, sizeof (buf), NULL));
- _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32,
- _gnutls_bin2hex (session->
- security_parameters.server_random, 32,
- buf, sizeof (buf), NULL));
-
- if (get_num_version (session) == GNUTLS_SSL3)
- {
- uint8_t rnd[2 * GNUTLS_RANDOM_SIZE + 1];
-
- memcpy (rnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
-
- ret =
- _gnutls_ssl3_generate_random (premaster->data, premaster->size,
- rnd, 2 * GNUTLS_RANDOM_SIZE,
- GNUTLS_MASTER_SIZE,
- session->
- security_parameters.master_secret);
-
- }
- else
- {
- uint8_t rnd[2 * GNUTLS_RANDOM_SIZE + 1];
-
- memcpy (rnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
-
- ret =
- _gnutls_PRF (session, premaster->data, premaster->size,
- MASTER_SECRET, MASTER_SECRET_SIZE,
- rnd, 2 * GNUTLS_RANDOM_SIZE, GNUTLS_MASTER_SIZE,
- session->security_parameters.master_secret);
- }
-
- if (!keep_premaster)
- _gnutls_free_datum (premaster);
-
- if (ret < 0)
- return ret;
-
- _gnutls_hard_log ("INT: MASTER SECRET: %s\n",
- _gnutls_bin2hex (session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, buf, sizeof (buf),
- NULL));
-
- return ret;
+ int ret = 0;
+ char buf[512];
+
+ _gnutls_hard_log("INT: PREMASTER SECRET[%d]: %s\n",
+ premaster->size, _gnutls_bin2hex(premaster->data,
+ premaster->size,
+ buf, sizeof(buf),
+ NULL));
+ _gnutls_hard_log("INT: CLIENT RANDOM[%d]: %s\n", 32,
+ _gnutls_bin2hex(session->security_parameters.
+ client_random, 32, buf,
+ sizeof(buf), NULL));
+ _gnutls_hard_log("INT: SERVER RANDOM[%d]: %s\n", 32,
+ _gnutls_bin2hex(session->security_parameters.
+ server_random, 32, buf,
+ sizeof(buf), NULL));
+
+ if (get_num_version(session) == GNUTLS_SSL3) {
+ uint8_t rnd[2 * GNUTLS_RANDOM_SIZE + 1];
+
+ memcpy(rnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ ret =
+ _gnutls_ssl3_generate_random(premaster->data,
+ premaster->size, rnd,
+ 2 * GNUTLS_RANDOM_SIZE,
+ GNUTLS_MASTER_SIZE,
+ session->security_parameters.
+ master_secret);
+
+ } else {
+ uint8_t rnd[2 * GNUTLS_RANDOM_SIZE + 1];
+
+ memcpy(rnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ ret =
+ _gnutls_PRF(session, premaster->data, premaster->size,
+ MASTER_SECRET, MASTER_SECRET_SIZE,
+ rnd, 2 * GNUTLS_RANDOM_SIZE,
+ GNUTLS_MASTER_SIZE,
+ session->security_parameters.
+ master_secret);
+ }
+
+ if (!keep_premaster)
+ _gnutls_free_datum(premaster);
+
+ if (ret < 0)
+ return ret;
+
+ _gnutls_hard_log("INT: MASTER SECRET: %s\n",
+ _gnutls_bin2hex(session->security_parameters.
+ master_secret, GNUTLS_MASTER_SIZE,
+ buf, sizeof(buf), NULL));
+
+ return ret;
}
@@ -163,129 +168,117 @@ generate_normal_master (gnutls_session_t session, gnutls_datum_t *premaster,
* server. It does nothing if this type of message is not required
* by the selected ciphersuite.
*/
-int
-_gnutls_send_server_kx_message (gnutls_session_t session, int again)
+int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
- if (session->internals.auth_struct->gnutls_generate_server_kx == NULL)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.auth_struct->gnutls_generate_server_kx (session,
- &data);
-
- if (ret == GNUTLS_E_INT_RET_0)
- {
- gnutls_assert ();
- ret = 0;
- goto cleanup;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+ if (session->internals.auth_struct->gnutls_generate_server_kx ==
+ NULL)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_server_kx(session, &data);
+
+ if (ret == GNUTLS_E_INT_RET_0) {
+ gnutls_assert();
+ ret = 0;
+ goto cleanup;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
/* This function sends a certificate request message to the
* client.
*/
-int
-_gnutls_send_server_crt_request (gnutls_session_t session, int again)
+int _gnutls_send_server_crt_request(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
- if (session->internals.
- auth_struct->gnutls_generate_server_crt_request == NULL)
- return 0;
-
- if (session->internals.send_cert_req <= 0)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.
- auth_struct->gnutls_generate_server_crt_request (session,
- &data);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+ if (session->internals.auth_struct->
+ gnutls_generate_server_crt_request == NULL)
+ return 0;
+
+ if (session->internals.send_cert_req <= 0)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_server_crt_request(session, &data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
/* This is the function for the client to send the key
* exchange message
*/
-int
-_gnutls_send_client_kx_message (gnutls_session_t session, int again)
+int _gnutls_send_client_kx_message(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
- if (session->internals.auth_struct->gnutls_generate_client_kx == NULL)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.auth_struct->gnutls_generate_client_kx (session,
- &data);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+ if (session->internals.auth_struct->gnutls_generate_client_kx ==
+ NULL)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_client_kx(session, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
@@ -293,393 +286,363 @@ cleanup:
* verify message
*/
int
-_gnutls_send_client_certificate_verify (gnutls_session_t session, int again)
+_gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
- /* This is a packet that is only sent by the client
- */
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return 0;
-
- /* if certificate verify is not needed just exit
- */
- if (session->key.crt_requested == 0)
- return 0;
-
-
- if (session->internals.auth_struct->gnutls_generate_client_crt_vrfy ==
- NULL)
- {
- gnutls_assert ();
- return 0; /* this algorithm does not support cli_crt_vrfy
- */
- }
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.
- auth_struct->gnutls_generate_client_crt_vrfy (session, &data);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if (ret == 0)
- goto cleanup;
-
- }
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
-
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+ /* This is a packet that is only sent by the client
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return 0;
+
+ /* if certificate verify is not needed just exit
+ */
+ if (session->key.crt_requested == 0)
+ return 0;
+
+
+ if (session->internals.auth_struct->
+ gnutls_generate_client_crt_vrfy == NULL) {
+ gnutls_assert();
+ return 0; /* this algorithm does not support cli_crt_vrfy
+ */
+ }
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_client_crt_vrfy(session, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (ret == 0)
+ goto cleanup;
+
+ }
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
+
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
/* This is called when we want send our certificate
*/
-int
-_gnutls_send_client_certificate (gnutls_session_t session, int again)
+int _gnutls_send_client_certificate(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
-
- if (session->key.crt_requested == 0)
- return 0;
-
- if (session->internals.auth_struct->gnutls_generate_client_certificate ==
- NULL)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- if (get_num_version (session) != GNUTLS_SSL3 ||
- session->internals.selected_cert_list_length > 0)
- {
- /* TLS 1.0 or SSL 3.0 with a valid certificate
- */
- ret =
- session->internals.
- auth_struct->gnutls_generate_client_certificate (session, &data);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- }
-
- /* In the SSL 3.0 protocol we need to send a
- * no certificate alert instead of an
- * empty certificate.
- */
- if (get_num_version (session) == GNUTLS_SSL3 &&
- session->internals.selected_cert_list_length == 0)
- {
- ret =
- gnutls_alert_send (session, GNUTLS_AL_WARNING,
- GNUTLS_A_SSL3_NO_CERTIFICATE);
-
- }
- else
- { /* TLS 1.0 or SSL 3.0 with a valid certificate
- */
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+
+ if (session->key.crt_requested == 0)
+ return 0;
+
+ if (session->internals.auth_struct->
+ gnutls_generate_client_certificate == NULL)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ if (get_num_version(session) != GNUTLS_SSL3 ||
+ session->internals.selected_cert_list_length > 0) {
+ /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_client_certificate(session,
+ &data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ }
+
+ /* In the SSL 3.0 protocol we need to send a
+ * no certificate alert instead of an
+ * empty certificate.
+ */
+ if (get_num_version(session) == GNUTLS_SSL3 &&
+ session->internals.selected_cert_list_length == 0) {
+ ret =
+ gnutls_alert_send(session, GNUTLS_AL_WARNING,
+ GNUTLS_A_SSL3_NO_CERTIFICATE);
+
+ } else { /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
/* This is called when we want send our certificate
*/
-int
-_gnutls_send_server_certificate (gnutls_session_t session, int again)
+int _gnutls_send_server_certificate(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
-
- if (session->internals.auth_struct->gnutls_generate_server_certificate ==
- NULL)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.
- auth_struct->gnutls_generate_server_certificate (session, &data);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+
+ if (session->internals.auth_struct->
+ gnutls_generate_server_certificate == NULL)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_server_certificate(session, &data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
-int
-_gnutls_recv_server_kx_message (gnutls_session_t session)
+int _gnutls_recv_server_kx_message(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
- unsigned int optflag = 0;
-
- if (session->internals.auth_struct->gnutls_process_server_kx != NULL)
- {
- /* Server key exchange packet is optional for PSK. */
- if (_gnutls_session_is_psk (session))
- optflag = 1;
-
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
- optflag, &buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- session->internals.auth_struct->gnutls_process_server_kx (session,
- buf.data,
- buf.length);
- _gnutls_buffer_clear(&buf);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- }
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+ unsigned int optflag = 0;
+
+ if (session->internals.auth_struct->gnutls_process_server_kx !=
+ NULL) {
+ /* Server key exchange packet is optional for PSK. */
+ if (_gnutls_session_is_psk(session))
+ optflag = 1;
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
+ optflag, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_kx(session, buf.data,
+ buf.length);
+ _gnutls_buffer_clear(&buf);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ }
+ return ret;
}
-int
-_gnutls_recv_server_crt_request (gnutls_session_t session)
+int _gnutls_recv_server_crt_request(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
-
- if (session->internals.
- auth_struct->gnutls_process_server_crt_request != NULL)
- {
-
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
- 1, &buf);
- if (ret < 0)
- return ret;
-
- if (ret == 0 && buf.length == 0)
- {
- _gnutls_buffer_clear(&buf);
- return 0; /* ignored */
- }
-
- ret =
- session->internals.
- auth_struct->gnutls_process_server_crt_request (session, buf.data,
- buf.length);
- _gnutls_buffer_clear (&buf);
- if (ret < 0)
- return ret;
-
- }
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+
+ if (session->internals.auth_struct->
+ gnutls_process_server_crt_request != NULL) {
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+ 1, &buf);
+ if (ret < 0)
+ return ret;
+
+ if (ret == 0 && buf.length == 0) {
+ _gnutls_buffer_clear(&buf);
+ return 0; /* ignored */
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_crt_request(session, buf.data,
+ buf.length);
+ _gnutls_buffer_clear(&buf);
+ if (ret < 0)
+ return ret;
+
+ }
+ return ret;
}
-int
-_gnutls_recv_client_kx_message (gnutls_session_t session)
+int _gnutls_recv_client_kx_message(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
+ gnutls_buffer_st buf;
+ int ret = 0;
- /* Do key exchange only if the algorithm permits it */
- if (session->internals.auth_struct->gnutls_process_client_kx != NULL)
- {
+ /* Do key exchange only if the algorithm permits it */
+ if (session->internals.auth_struct->gnutls_process_client_kx !=
+ NULL) {
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
- 0, &buf);
- if (ret < 0)
- return ret;
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
+ 0, &buf);
+ if (ret < 0)
+ return ret;
- ret =
- session->internals.auth_struct->gnutls_process_client_kx (session,
- buf.data,
- buf.length);
- _gnutls_buffer_clear (&buf);
- if (ret < 0)
- return ret;
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_kx(session, buf.data,
+ buf.length);
+ _gnutls_buffer_clear(&buf);
+ if (ret < 0)
+ return ret;
- }
+ }
- return ret;
+ return ret;
}
-int
-_gnutls_recv_client_certificate (gnutls_session_t session)
+int _gnutls_recv_client_certificate(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
- int optional;
-
- if (session->internals.auth_struct->gnutls_process_client_certificate ==
- NULL)
- return 0;
-
- /* if we have not requested a certificate then just return
- */
- if (session->internals.send_cert_req == 0)
- {
- return 0;
- }
-
- if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
- optional = 0;
- else
- optional = 1;
-
- ret =
- _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
- optional, &buf);
-
- if (ret < 0)
- {
- /* Handle the case of old SSL3 clients who send
- * a warning alert instead of an empty certificate to indicate
- * no certificate.
- */
- if (optional != 0 &&
- ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
- get_num_version (session) == GNUTLS_SSL3 &&
- gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE)
- {
-
- /* SSL3 does not send an empty certificate,
- * but this alert. So we just ignore it.
- */
- gnutls_assert ();
- return 0;
- }
-
- /* certificate was required
- */
- if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
- || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- && optional == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- return ret;
- }
-
- if (ret == 0 && buf.length == 0 && optional != 0)
- {
- /* Client has not sent the certificate message.
- * well I'm not sure we should accept this
- * behaviour.
- */
- gnutls_assert ();
- ret = 0;
- goto cleanup;
- }
- ret =
- session->internals.
- auth_struct->gnutls_process_client_certificate (session, buf.data,
- buf.length);
-
- if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* ok we should expect a certificate verify message now
- */
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional != 0)
- ret = 0;
- else
- session->key.crt_requested = 1;
-
-cleanup:
- _gnutls_buffer_clear(&buf);
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+ int optional;
+
+ if (session->internals.auth_struct->
+ gnutls_process_client_certificate == NULL)
+ return 0;
+
+ /* if we have not requested a certificate then just return
+ */
+ if (session->internals.send_cert_req == 0) {
+ return 0;
+ }
+
+ if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
+ optional = 0;
+ else
+ optional = 1;
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+ optional, &buf);
+
+ if (ret < 0) {
+ /* Handle the case of old SSL3 clients who send
+ * a warning alert instead of an empty certificate to indicate
+ * no certificate.
+ */
+ if (optional != 0 &&
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
+ get_num_version(session) == GNUTLS_SSL3 &&
+ gnutls_alert_get(session) ==
+ GNUTLS_A_SSL3_NO_CERTIFICATE) {
+
+ /* SSL3 does not send an empty certificate,
+ * but this alert. So we just ignore it.
+ */
+ gnutls_assert();
+ return 0;
+ }
+
+ /* certificate was required
+ */
+ if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+ || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ && optional == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ return ret;
+ }
+
+ if (ret == 0 && buf.length == 0 && optional != 0) {
+ /* Client has not sent the certificate message.
+ * well I'm not sure we should accept this
+ * behaviour.
+ */
+ gnutls_assert();
+ ret = 0;
+ goto cleanup;
+ }
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_certificate(session, buf.data,
+ buf.length);
+
+ if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* ok we should expect a certificate verify message now
+ */
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional != 0)
+ ret = 0;
+ else
+ session->key.crt_requested = 1;
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+ return ret;
}
-int
-_gnutls_recv_server_certificate (gnutls_session_t session)
+int _gnutls_recv_server_certificate(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
-
- if (session->internals.auth_struct->gnutls_process_server_certificate !=
- NULL)
- {
-
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
- 0, &buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- session->internals.
- auth_struct->gnutls_process_server_certificate (session, buf.data,
- buf.length);
- _gnutls_buffer_clear(&buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+
+ if (session->internals.auth_struct->
+ gnutls_process_server_certificate != NULL) {
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+ 0, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_certificate(session, buf.data,
+ buf.length);
+ _gnutls_buffer_clear(&buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ return ret;
}
@@ -687,43 +650,41 @@ _gnutls_recv_server_certificate (gnutls_session_t session)
* arrive if the peer did not send us a certificate.
*/
int
-_gnutls_recv_client_certificate_verify_message (gnutls_session_t session)
+_gnutls_recv_client_certificate_verify_message(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
-
-
- if (session->internals.auth_struct->gnutls_process_client_crt_vrfy == NULL)
- return 0;
-
- if (session->internals.send_cert_req == 0 ||
- session->key.crt_requested == 0)
- {
- return 0;
- }
-
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
- 1, &buf);
- if (ret < 0)
- return ret;
-
- if (ret == 0 && buf.length == 0
- && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
- {
- /* certificate was required */
- gnutls_assert ();
- ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
- goto cleanup;
- }
-
- ret =
- session->internals.
- auth_struct->gnutls_process_client_crt_vrfy (session, buf.data,
- buf.length);
-
-cleanup:
- _gnutls_buffer_clear(&buf);
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+
+
+ if (session->internals.auth_struct->
+ gnutls_process_client_crt_vrfy == NULL)
+ return 0;
+
+ if (session->internals.send_cert_req == 0 ||
+ session->key.crt_requested == 0) {
+ return 0;
+ }
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
+ 1, &buf);
+ if (ret < 0)
+ return ret;
+
+ if (ret == 0 && buf.length == 0
+ && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) {
+ /* certificate was required */
+ gnutls_assert();
+ ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ goto cleanup;
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_crt_vrfy(session, buf.data, buf.length);
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+ return ret;
}
diff --git a/lib/gnutls_kx.h b/lib/gnutls_kx.h
index a070af28da..00bd22f1af 100644
--- a/lib/gnutls_kx.h
+++ b/lib/gnutls_kx.h
@@ -20,18 +20,18 @@
*
*/
-int _gnutls_send_server_kx_message (gnutls_session_t session, int again);
-int _gnutls_send_client_kx_message (gnutls_session_t session, int again);
-int _gnutls_recv_server_kx_message (gnutls_session_t session);
-int _gnutls_recv_client_kx_message (gnutls_session_t session);
-int _gnutls_send_client_certificate_verify (gnutls_session_t session,
- int again);
-int _gnutls_send_server_certificate (gnutls_session_t session, int again);
-int _gnutls_generate_master (gnutls_session_t session, int keep_premaster);
-int _gnutls_recv_client_certificate (gnutls_session_t session);
-int _gnutls_recv_server_certificate (gnutls_session_t session);
-int _gnutls_send_client_certificate (gnutls_session_t session, int again);
-int _gnutls_recv_server_crt_request (gnutls_session_t session);
-int _gnutls_send_server_crt_request (gnutls_session_t session,
- int again);
-int _gnutls_recv_client_certificate_verify_message (gnutls_session_t session);
+int _gnutls_send_server_kx_message(gnutls_session_t session, int again);
+int _gnutls_send_client_kx_message(gnutls_session_t session, int again);
+int _gnutls_recv_server_kx_message(gnutls_session_t session);
+int _gnutls_recv_client_kx_message(gnutls_session_t session);
+int _gnutls_send_client_certificate_verify(gnutls_session_t session,
+ int again);
+int _gnutls_send_server_certificate(gnutls_session_t session, int again);
+int _gnutls_generate_master(gnutls_session_t session, int keep_premaster);
+int _gnutls_recv_client_certificate(gnutls_session_t session);
+int _gnutls_recv_server_certificate(gnutls_session_t session);
+int _gnutls_send_client_certificate(gnutls_session_t session, int again);
+int _gnutls_recv_server_crt_request(gnutls_session_t session);
+int _gnutls_send_server_crt_request(gnutls_session_t session, int again);
+int _gnutls_recv_client_certificate_verify_message(gnutls_session_t
+ session);
diff --git a/lib/gnutls_mbuffers.c b/lib/gnutls_mbuffers.c
index dfd13bd644..9dd486882c 100644
--- a/lib/gnutls_mbuffers.c
+++ b/lib/gnutls_mbuffers.c
@@ -51,14 +51,13 @@
*
* Cost: O(1)
*/
-void
-_mbuffer_head_init (mbuffer_head_st * buf)
+void _mbuffer_head_init(mbuffer_head_st * buf)
{
- buf->head = NULL;
- buf->tail = NULL;
+ buf->head = NULL;
+ buf->tail = NULL;
- buf->length = 0;
- buf->byte_length = 0;
+ buf->length = 0;
+ buf->byte_length = 0;
}
/* Deallocate all buffer segments and reset the buffer head.
@@ -66,38 +65,35 @@ _mbuffer_head_init (mbuffer_head_st * buf)
* Cost: O(n)
* n: Number of segments currently in the buffer.
*/
-void
-_mbuffer_head_clear (mbuffer_head_st * buf)
+void _mbuffer_head_clear(mbuffer_head_st * buf)
{
- mbuffer_st *bufel, *next;
+ mbuffer_st *bufel, *next;
- for (bufel = buf->head; bufel != NULL; bufel = next)
- {
- next = bufel->next;
- gnutls_free (bufel);
- }
+ for (bufel = buf->head; bufel != NULL; bufel = next) {
+ next = bufel->next;
+ gnutls_free(bufel);
+ }
- _mbuffer_head_init (buf);
+ _mbuffer_head_init(buf);
}
/* Append a segment to the end of this buffer.
*
* Cost: O(1)
*/
-void
-_mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel)
+void _mbuffer_enqueue(mbuffer_head_st * buf, mbuffer_st * bufel)
{
- bufel->next = NULL;
- bufel->prev = buf->tail;
+ bufel->next = NULL;
+ bufel->prev = buf->tail;
- buf->length++;
- buf->byte_length += bufel->msg.size - bufel->mark;
+ buf->length++;
+ buf->byte_length += bufel->msg.size - bufel->mark;
- if (buf->tail != NULL)
- buf->tail->next = bufel;
- else
- buf->head = bufel;
- buf->tail = bufel;
+ if (buf->tail != NULL)
+ buf->tail->next = bufel;
+ else
+ buf->head = bufel;
+ buf->tail = bufel;
}
/* Remove a segment from the buffer.
@@ -106,29 +102,28 @@ _mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel)
*
* Returns the buffer following it.
*/
-mbuffer_st *
-_mbuffer_dequeue (mbuffer_head_st * buf, mbuffer_st * bufel)
+mbuffer_st *_mbuffer_dequeue(mbuffer_head_st * buf, mbuffer_st * bufel)
{
-mbuffer_st* ret = bufel->next;
-
- if (buf->tail == bufel) /* if last */
- buf->tail = bufel->prev;
-
- if (buf->head == bufel) /* if first */
- buf->head = bufel->next;
-
- if (bufel->prev)
- bufel->prev->next = bufel->next;
-
- if (bufel->next)
- bufel->next->prev = NULL;
-
- buf->length--;
- buf->byte_length -= bufel->msg.size - bufel->mark;
-
- bufel->next = bufel->prev = NULL;
-
- return ret;
+ mbuffer_st *ret = bufel->next;
+
+ if (buf->tail == bufel) /* if last */
+ buf->tail = bufel->prev;
+
+ if (buf->head == bufel) /* if first */
+ buf->head = bufel->next;
+
+ if (bufel->prev)
+ bufel->prev->next = bufel->next;
+
+ if (bufel->next)
+ bufel->next->prev = NULL;
+
+ buf->length--;
+ buf->byte_length -= bufel->msg.size - bufel->mark;
+
+ bufel->next = bufel->prev = NULL;
+
+ return ret;
}
/* Get a reference to the first segment of the buffer and
@@ -138,17 +133,16 @@ mbuffer_st* ret = bufel->next;
*
* Cost: O(1)
*/
-mbuffer_st *
-_mbuffer_head_pop_first (mbuffer_head_st * buf)
+mbuffer_st *_mbuffer_head_pop_first(mbuffer_head_st * buf)
{
- mbuffer_st *bufel = buf->head;
+ mbuffer_st *bufel = buf->head;
- if (buf->head == NULL)
- return NULL;
+ if (buf->head == NULL)
+ return NULL;
- _mbuffer_dequeue(buf, bufel);
-
- return bufel;
+ _mbuffer_dequeue(buf, bufel);
+
+ return bufel;
}
/* Get a reference to the first segment of the buffer and its data.
@@ -157,25 +151,21 @@ _mbuffer_head_pop_first (mbuffer_head_st * buf)
*
* Cost: O(1)
*/
-mbuffer_st *
-_mbuffer_head_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg)
+mbuffer_st *_mbuffer_head_get_first(mbuffer_head_st * buf,
+ gnutls_datum_t * msg)
{
- mbuffer_st *bufel = buf->head;
-
- if (msg)
- {
- if (bufel)
- {
- msg->data = bufel->msg.data + bufel->mark;
- msg->size = bufel->msg.size - bufel->mark;
- }
- else
- {
- msg->data = NULL;
- msg->size = 0;
- }
- }
- return bufel;
+ mbuffer_st *bufel = buf->head;
+
+ if (msg) {
+ if (bufel) {
+ msg->data = bufel->msg.data + bufel->mark;
+ msg->size = bufel->msg.size - bufel->mark;
+ } else {
+ msg->data = NULL;
+ msg->size = 0;
+ }
+ }
+ return bufel;
}
/* Get a reference to the next segment of the buffer and its data.
@@ -184,25 +174,20 @@ _mbuffer_head_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg)
*
* Cost: O(1)
*/
-mbuffer_st *
-_mbuffer_head_get_next (mbuffer_st * cur, gnutls_datum_t * msg)
+mbuffer_st *_mbuffer_head_get_next(mbuffer_st * cur, gnutls_datum_t * msg)
{
- mbuffer_st *bufel = cur->next;
-
- if (msg)
- {
- if (bufel)
- {
- msg->data = bufel->msg.data + bufel->mark;
- msg->size = bufel->msg.size - bufel->mark;
- }
- else
- {
- msg->data = NULL;
- msg->size = 0;
- }
- }
- return bufel;
+ mbuffer_st *bufel = cur->next;
+
+ if (msg) {
+ if (bufel) {
+ msg->data = bufel->msg.data + bufel->mark;
+ msg->size = bufel->msg.size - bufel->mark;
+ } else {
+ msg->data = NULL;
+ msg->size = 0;
+ }
+ }
+ return bufel;
}
/* Remove the first segment from the buffer.
@@ -212,16 +197,15 @@ _mbuffer_head_get_next (mbuffer_st * cur, gnutls_datum_t * msg)
*
* Cost: O(1)
*/
-static inline void
-remove_front (mbuffer_head_st * buf)
+static inline void remove_front(mbuffer_head_st * buf)
{
- mbuffer_st *bufel = buf->head;
+ mbuffer_st *bufel = buf->head;
- if (!bufel)
- return;
+ if (!bufel)
+ return;
- _mbuffer_dequeue(buf, bufel);
- gnutls_free (bufel);
+ _mbuffer_dequeue(buf, bufel);
+ gnutls_free(bufel);
}
/* Remove a specified number of bytes from the start of the buffer.
@@ -234,37 +218,31 @@ remove_front (mbuffer_head_st * buf)
* Cost: O(n)
* n: Number of segments needed to remove the specified amount of data.
*/
-int
-_mbuffer_head_remove_bytes (mbuffer_head_st * buf, size_t bytes)
+int _mbuffer_head_remove_bytes(mbuffer_head_st * buf, size_t bytes)
{
- size_t left = bytes;
- mbuffer_st *bufel, *next;
- int ret = 0;
-
- if (bytes > buf->byte_length)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (bufel = buf->head; bufel != NULL && left > 0; bufel = next)
- {
- next = bufel->next;
-
- if (left >= (bufel->msg.size - bufel->mark))
- {
- left -= (bufel->msg.size - bufel->mark);
- remove_front (buf);
- ret = 1;
- }
- else
- {
- bufel->mark += left;
- buf->byte_length -= left;
- left = 0;
- }
- }
- return ret;
+ size_t left = bytes;
+ mbuffer_st *bufel, *next;
+ int ret = 0;
+
+ if (bytes > buf->byte_length) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (bufel = buf->head; bufel != NULL && left > 0; bufel = next) {
+ next = bufel->next;
+
+ if (left >= (bufel->msg.size - bufel->mark)) {
+ left -= (bufel->msg.size - bufel->mark);
+ remove_front(buf);
+ ret = 1;
+ } else {
+ bufel->mark += left;
+ buf->byte_length -= left;
+ left = 0;
+ }
+ }
+ return ret;
}
/* Allocate a buffer segment. The segment is not initially "owned" by
@@ -279,27 +257,25 @@ _mbuffer_head_remove_bytes (mbuffer_head_st * buf, size_t bytes)
*
* Cost: O(1)
*/
-mbuffer_st *
-_mbuffer_alloc (size_t payload_size, size_t maximum_size)
+mbuffer_st *_mbuffer_alloc(size_t payload_size, size_t maximum_size)
{
- mbuffer_st *st;
-
- st = gnutls_malloc (maximum_size + sizeof (mbuffer_st));
- if (st == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- /* set the structure to zero */
- memset(st, 0, sizeof(*st));
-
- /* payload points after the mbuffer_st structure */
- st->msg.data = (uint8_t *) st + sizeof (mbuffer_st);
- st->msg.size = payload_size;
- st->maximum_size = maximum_size;
-
- return st;
+ mbuffer_st *st;
+
+ st = gnutls_malloc(maximum_size + sizeof(mbuffer_st));
+ if (st == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ /* set the structure to zero */
+ memset(st, 0, sizeof(*st));
+
+ /* payload points after the mbuffer_st structure */
+ st->msg.data = (uint8_t *) st + sizeof(mbuffer_st);
+ st->msg.size = payload_size;
+ st->maximum_size = maximum_size;
+
+ return st;
}
/* Copy data into a segment. The segment must not be part of a buffer
@@ -313,20 +289,19 @@ _mbuffer_alloc (size_t payload_size, size_t maximum_size)
* n: number of bytes to copy
*/
int
-_mbuffer_append_data (mbuffer_st * bufel, void *newdata, size_t newdata_size)
+_mbuffer_append_data(mbuffer_st * bufel, void *newdata,
+ size_t newdata_size)
{
- if (bufel->msg.size + newdata_size <= bufel->maximum_size)
- {
- memcpy (&bufel->msg.data[bufel->msg.size], newdata, newdata_size);
- bufel->msg.size += newdata_size;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ if (bufel->msg.size + newdata_size <= bufel->maximum_size) {
+ memcpy(&bufel->msg.data[bufel->msg.size], newdata,
+ newdata_size);
+ bufel->msg.size += newdata_size;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
/* Takes a buffer in multiple chunks and puts all the data in a single
@@ -337,33 +312,30 @@ _mbuffer_append_data (mbuffer_st * bufel, void *newdata, size_t newdata_size)
* Cost: O(n)
* n: number of segments initially in the buffer
*/
-int
-_mbuffer_linearize (mbuffer_head_st * buf)
+int _mbuffer_linearize(mbuffer_head_st * buf)
{
- mbuffer_st *bufel, *cur;
- gnutls_datum_t msg;
- size_t pos = 0;
-
- if (buf->length <= 1)
- /* Nothing to do */
- return 0;
-
- bufel = _mbuffer_alloc (buf->byte_length, buf->byte_length);
- if (!bufel)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (cur = _mbuffer_head_get_first (buf, &msg);
- msg.data != NULL; cur = _mbuffer_head_get_next (cur, &msg))
- {
- memcpy (&bufel->msg.data[pos], msg.data, msg.size);
- pos += msg.size;
- }
-
- _mbuffer_head_clear (buf);
- _mbuffer_enqueue (buf, bufel);
-
- return 0;
+ mbuffer_st *bufel, *cur;
+ gnutls_datum_t msg;
+ size_t pos = 0;
+
+ if (buf->length <= 1)
+ /* Nothing to do */
+ return 0;
+
+ bufel = _mbuffer_alloc(buf->byte_length, buf->byte_length);
+ if (!bufel) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (cur = _mbuffer_head_get_first(buf, &msg);
+ msg.data != NULL; cur = _mbuffer_head_get_next(cur, &msg)) {
+ memcpy(&bufel->msg.data[pos], msg.data, msg.size);
+ pos += msg.size;
+ }
+
+ _mbuffer_head_clear(buf);
+ _mbuffer_enqueue(buf, bufel);
+
+ return 0;
}
diff --git a/lib/gnutls_mbuffers.h b/lib/gnutls_mbuffers.h
index b7cdca245d..fdb7aec4ed 100644
--- a/lib/gnutls_mbuffers.h
+++ b/lib/gnutls_mbuffers.h
@@ -26,100 +26,97 @@
#include <gnutls_int.h>
#include <gnutls_errors.h>
-void _mbuffer_head_init (mbuffer_head_st * buf);
-void _mbuffer_head_clear (mbuffer_head_st * buf);
-void _mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel);
-mbuffer_st* _mbuffer_dequeue (mbuffer_head_st * buf, mbuffer_st * bufel);
-int _mbuffer_head_remove_bytes (mbuffer_head_st * buf, size_t bytes);
-mbuffer_st *_mbuffer_alloc (size_t payload_size, size_t maximum_size);
+void _mbuffer_head_init(mbuffer_head_st * buf);
+void _mbuffer_head_clear(mbuffer_head_st * buf);
+void _mbuffer_enqueue(mbuffer_head_st * buf, mbuffer_st * bufel);
+mbuffer_st *_mbuffer_dequeue(mbuffer_head_st * buf, mbuffer_st * bufel);
+int _mbuffer_head_remove_bytes(mbuffer_head_st * buf, size_t bytes);
+mbuffer_st *_mbuffer_alloc(size_t payload_size, size_t maximum_size);
-mbuffer_st *_mbuffer_head_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg);
-mbuffer_st *_mbuffer_head_get_next (mbuffer_st * cur, gnutls_datum_t * msg);
+mbuffer_st *_mbuffer_head_get_first(mbuffer_head_st * buf,
+ gnutls_datum_t * msg);
+mbuffer_st *_mbuffer_head_get_next(mbuffer_st * cur, gnutls_datum_t * msg);
-mbuffer_st *
-_mbuffer_head_pop_first (mbuffer_head_st * buf);
+mbuffer_st *_mbuffer_head_pop_first(mbuffer_head_st * buf);
/* This is dangerous since it will replace bufel with a new
* one.
*/
-int _mbuffer_append_data (mbuffer_st * bufel, void *newdata,
- size_t newdata_size);
-int _mbuffer_linearize (mbuffer_head_st * buf);
+int _mbuffer_append_data(mbuffer_st * bufel, void *newdata,
+ size_t newdata_size);
+int _mbuffer_linearize(mbuffer_head_st * buf);
/* For "user" use. One can have buffer data and header.
*/
inline static void
-_mbuffer_set_udata (mbuffer_st * bufel, void *data, size_t data_size)
+_mbuffer_set_udata(mbuffer_st * bufel, void *data, size_t data_size)
{
- memcpy (bufel->msg.data + bufel->mark + bufel->uhead_mark, data, data_size);
- bufel->msg.size = data_size + bufel->uhead_mark + bufel->mark;
+ memcpy(bufel->msg.data + bufel->mark + bufel->uhead_mark, data,
+ data_size);
+ bufel->msg.size = data_size + bufel->uhead_mark + bufel->mark;
}
-inline static void *
-_mbuffer_get_uhead_ptr (mbuffer_st * bufel)
+inline static void *_mbuffer_get_uhead_ptr(mbuffer_st * bufel)
{
- return bufel->msg.data + bufel->mark;
+ return bufel->msg.data + bufel->mark;
}
-inline static void *
-_mbuffer_get_udata_ptr (mbuffer_st * bufel)
+inline static void *_mbuffer_get_udata_ptr(mbuffer_st * bufel)
{
- return bufel->msg.data + bufel->uhead_mark + bufel->mark;
+ return bufel->msg.data + bufel->uhead_mark + bufel->mark;
}
-inline static void
-_mbuffer_set_udata_size (mbuffer_st * bufel, size_t size)
+inline static void _mbuffer_set_udata_size(mbuffer_st * bufel, size_t size)
{
- bufel->msg.size = size + bufel->uhead_mark + bufel->mark;
+ bufel->msg.size = size + bufel->uhead_mark + bufel->mark;
}
-inline static size_t
-_mbuffer_get_udata_size (mbuffer_st * bufel)
+inline static size_t _mbuffer_get_udata_size(mbuffer_st * bufel)
{
- return bufel->msg.size - bufel->uhead_mark - bufel->mark;
+ return bufel->msg.size - bufel->uhead_mark - bufel->mark;
}
/* discards size bytes from the begging of the buffer */
inline static void
-_mbuffer_consume (mbuffer_head_st* buf, mbuffer_st * bufel, size_t size)
+_mbuffer_consume(mbuffer_head_st * buf, mbuffer_st * bufel, size_t size)
{
- bufel->uhead_mark = 0;
- if (bufel->mark+size < bufel->msg.size)
- bufel->mark += size;
- else
- bufel->mark = bufel->msg.size;
+ bufel->uhead_mark = 0;
+ if (bufel->mark + size < bufel->msg.size)
+ bufel->mark += size;
+ else
+ bufel->mark = bufel->msg.size;
- buf->byte_length -= size;
+ buf->byte_length -= size;
}
-inline static size_t
-_mbuffer_get_uhead_size (mbuffer_st * bufel)
+inline static size_t _mbuffer_get_uhead_size(mbuffer_st * bufel)
{
- return bufel->uhead_mark;
+ return bufel->uhead_mark;
}
-inline static void
-_mbuffer_set_uhead_size (mbuffer_st * bufel, size_t size)
+inline static void _mbuffer_set_uhead_size(mbuffer_st * bufel, size_t size)
{
- bufel->uhead_mark = size;
+ bufel->uhead_mark = size;
}
-inline static mbuffer_st *
-_gnutls_handshake_alloc (gnutls_session_t session, size_t size, size_t maximum)
+inline static mbuffer_st *_gnutls_handshake_alloc(gnutls_session_t session,
+ size_t size,
+ size_t maximum)
{
- mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE(session) + size,
- HANDSHAKE_HEADER_SIZE(session) + maximum);
+ mbuffer_st *ret =
+ _mbuffer_alloc(HANDSHAKE_HEADER_SIZE(session) + size,
+ HANDSHAKE_HEADER_SIZE(session) + maximum);
- if (!ret)
- return NULL;
+ if (!ret)
+ return NULL;
- _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE(session));
+ _mbuffer_set_uhead_size(ret, HANDSHAKE_HEADER_SIZE(session));
- return ret;
+ return ret;
}
/* Free a segment, if the pointer is not NULL
@@ -128,13 +125,12 @@ _gnutls_handshake_alloc (gnutls_session_t session, size_t size, size_t maximum)
* pointer case). It also makes sure the pointer has a known value
* after freeing.
*/
-inline static void
-_mbuffer_xfree (mbuffer_st ** bufel)
+inline static void _mbuffer_xfree(mbuffer_st ** bufel)
{
- if (*bufel)
- gnutls_free (*bufel);
+ if (*bufel)
+ gnutls_free(*bufel);
- *bufel = NULL;
+ *bufel = NULL;
}
#endif
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index 76d183a5c2..2effd1498f 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -33,58 +33,53 @@ gnutls_realloc_function gnutls_realloc = realloc;
void *(*gnutls_calloc) (size_t, size_t) = calloc;
char *(*gnutls_strdup) (const char *) = _gnutls_strdup;
-void *
-_gnutls_calloc (size_t nmemb, size_t size)
+void *_gnutls_calloc(size_t nmemb, size_t size)
{
- void *ret;
- size_t n = xtimes (nmemb, size);
- ret = (size_in_bounds_p (n) ? gnutls_malloc (n) : NULL);
- if (ret != NULL)
- memset (ret, 0, size);
- return ret;
+ void *ret;
+ size_t n = xtimes(nmemb, size);
+ ret = (size_in_bounds_p(n) ? gnutls_malloc(n) : NULL);
+ if (ret != NULL)
+ memset(ret, 0, size);
+ return ret;
}
-svoid *
-gnutls_secure_calloc (size_t nmemb, size_t size)
+svoid *gnutls_secure_calloc(size_t nmemb, size_t size)
{
- svoid *ret;
- size_t n = xtimes (nmemb, size);
- ret = (size_in_bounds_p (n) ? gnutls_secure_malloc (n) : NULL);
- if (ret != NULL)
- memset (ret, 0, size);
- return ret;
+ svoid *ret;
+ size_t n = xtimes(nmemb, size);
+ ret = (size_in_bounds_p(n) ? gnutls_secure_malloc(n) : NULL);
+ if (ret != NULL)
+ memset(ret, 0, size);
+ return ret;
}
/* This realloc will free ptr in case realloc
* fails.
*/
-void *
-gnutls_realloc_fast (void *ptr, size_t size)
+void *gnutls_realloc_fast(void *ptr, size_t size)
{
- void *ret;
+ void *ret;
- if (size == 0)
- return ptr;
+ if (size == 0)
+ return ptr;
- ret = gnutls_realloc (ptr, size);
- if (ret == NULL)
- {
- gnutls_free (ptr);
- }
+ ret = gnutls_realloc(ptr, size);
+ if (ret == NULL) {
+ gnutls_free(ptr);
+ }
- return ret;
+ return ret;
}
-char *
-_gnutls_strdup (const char *str)
+char *_gnutls_strdup(const char *str)
{
- size_t siz = strlen (str) + 1;
- char *ret;
+ size_t siz = strlen(str) + 1;
+ char *ret;
- ret = gnutls_malloc (siz);
- if (ret != NULL)
- memcpy (ret, str, siz);
- return ret;
+ ret = gnutls_malloc(siz);
+ if (ret != NULL)
+ memcpy(ret, str, siz);
+ return ret;
}
@@ -103,8 +98,7 @@ _gnutls_strdup (const char *str)
* The allocation function used is the one set by
* gnutls_global_set_mem_functions().
**/
-void *
-gnutls_malloc (size_t s)
+void *gnutls_malloc(size_t s)
{
}
@@ -118,8 +112,7 @@ gnutls_malloc (size_t s)
* gnutls_global_set_mem_functions().
*
**/
-void
-gnutls_free (void *ptr)
+void gnutls_free(void *ptr)
{
}
diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h
index a443c5a103..41fb88d9d0 100644
--- a/lib/gnutls_mem.h
+++ b/lib/gnutls_mem.h
@@ -23,18 +23,18 @@
#ifndef GNUTLS_MEM_H
#define GNUTLS_MEM_H
-typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
+typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
extern int (*_gnutls_is_secure_memory) (const void *);
/* this realloc function will return ptr if size==0, and
* will free the ptr if the new allocation failed.
*/
-void *gnutls_realloc_fast (void *ptr, size_t size);
+void *gnutls_realloc_fast(void *ptr, size_t size);
-svoid *gnutls_secure_calloc (size_t nmemb, size_t size);
+svoid *gnutls_secure_calloc(size_t nmemb, size_t size);
-void *_gnutls_calloc (size_t nmemb, size_t size);
-char *_gnutls_strdup (const char *);
+void *_gnutls_calloc(size_t nmemb, size_t size);
+char *_gnutls_strdup(const char *);
-#endif /* GNUTLS_MEM_H */
+#endif /* GNUTLS_MEM_H */
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c
index e0e05cb5d8..823d536b2d 100644
--- a/lib/gnutls_mpi.c
+++ b/lib/gnutls_mpi.c
@@ -38,199 +38,181 @@
#define clearbit(v,n) ((unsigned char)(v) & ~( (unsigned char)(1) << (unsigned)(n)))
bigint_t
-_gnutls_mpi_randomize (bigint_t r, unsigned int bits,
- gnutls_rnd_level_t level)
+_gnutls_mpi_randomize(bigint_t r, unsigned int bits,
+ gnutls_rnd_level_t level)
{
- size_t size = 1 + (bits / 8);
- int ret;
- int rem, i;
- bigint_t tmp;
- uint8_t tmpbuf[512];
- uint8_t *buf;
- int buf_release = 0;
-
- if (size < sizeof (tmpbuf))
- {
- buf = tmpbuf;
- }
- else
- {
- buf = gnutls_malloc (size);
- if (buf == NULL)
- {
- gnutls_assert ();
- goto cleanup;
- }
- buf_release = 1;
- }
-
-
- ret = _gnutls_rnd (level, buf, size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* mask the bits that weren't requested */
- rem = bits % 8;
-
- if (rem == 0)
- {
- buf[0] = 0;
- }
- else
- {
- for (i = 8; i >= rem; i--)
- buf[0] = clearbit (buf[0], i);
- }
-
- ret = _gnutls_mpi_scan (&tmp, buf, size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (buf_release != 0)
- {
- gnutls_free (buf);
- buf = NULL;
- }
-
- if (r != NULL)
- {
- _gnutls_mpi_set (r, tmp);
- _gnutls_mpi_release (&tmp);
- return r;
- }
-
- return tmp;
-
-cleanup:
- if (buf_release != 0)
- gnutls_free (buf);
- return NULL;
+ size_t size = 1 + (bits / 8);
+ int ret;
+ int rem, i;
+ bigint_t tmp;
+ uint8_t tmpbuf[512];
+ uint8_t *buf;
+ int buf_release = 0;
+
+ if (size < sizeof(tmpbuf)) {
+ buf = tmpbuf;
+ } else {
+ buf = gnutls_malloc(size);
+ if (buf == NULL) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ buf_release = 1;
+ }
+
+
+ ret = _gnutls_rnd(level, buf, size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* mask the bits that weren't requested */
+ rem = bits % 8;
+
+ if (rem == 0) {
+ buf[0] = 0;
+ } else {
+ for (i = 8; i >= rem; i--)
+ buf[0] = clearbit(buf[0], i);
+ }
+
+ ret = _gnutls_mpi_scan(&tmp, buf, size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (buf_release != 0) {
+ gnutls_free(buf);
+ buf = NULL;
+ }
+
+ if (r != NULL) {
+ _gnutls_mpi_set(r, tmp);
+ _gnutls_mpi_release(&tmp);
+ return r;
+ }
+
+ return tmp;
+
+ cleanup:
+ if (buf_release != 0)
+ gnutls_free(buf);
+ return NULL;
}
-void
-_gnutls_mpi_release (bigint_t * x)
+void _gnutls_mpi_release(bigint_t * x)
{
- if (*x == NULL)
- return;
+ if (*x == NULL)
+ return;
- _gnutls_mpi_ops.bigint_release (*x);
- *x = NULL;
+ _gnutls_mpi_ops.bigint_release(*x);
+ *x = NULL;
}
/* returns %GNUTLS_E_SUCCESS (0) on success
*/
-int
-_gnutls_mpi_scan (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+int _gnutls_mpi_scan(bigint_t * ret_mpi, const void *buffer, size_t nbytes)
{
- *ret_mpi =
- _gnutls_mpi_ops.bigint_scan (buffer, nbytes, GNUTLS_MPI_FORMAT_USG);
- if (*ret_mpi == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- return 0;
+ *ret_mpi =
+ _gnutls_mpi_ops.bigint_scan(buffer, nbytes,
+ GNUTLS_MPI_FORMAT_USG);
+ if (*ret_mpi == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ return 0;
}
/* returns %GNUTLS_E_SUCCESS (0) on success. Fails if the number is zero.
*/
int
-_gnutls_mpi_scan_nz (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+_gnutls_mpi_scan_nz(bigint_t * ret_mpi, const void *buffer, size_t nbytes)
{
- int ret;
+ int ret;
- ret = _gnutls_mpi_scan (ret_mpi, buffer, nbytes);
- if (ret < 0)
- return ret;
+ ret = _gnutls_mpi_scan(ret_mpi, buffer, nbytes);
+ if (ret < 0)
+ return ret;
- /* MPIs with 0 bits are illegal
- */
- if (_gnutls_mpi_cmp_ui (*ret_mpi, 0) == 0)
- {
- _gnutls_mpi_release (ret_mpi);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ /* MPIs with 0 bits are illegal
+ */
+ if (_gnutls_mpi_cmp_ui(*ret_mpi, 0) == 0) {
+ _gnutls_mpi_release(ret_mpi);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- return 0;
+ return 0;
}
int
-_gnutls_mpi_scan_pgp (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+_gnutls_mpi_scan_pgp(bigint_t * ret_mpi, const void *buffer, size_t nbytes)
{
- *ret_mpi =
- _gnutls_mpi_ops.bigint_scan (buffer, nbytes, GNUTLS_MPI_FORMAT_PGP);
- if (*ret_mpi == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- return 0;
+ *ret_mpi =
+ _gnutls_mpi_ops.bigint_scan(buffer, nbytes,
+ GNUTLS_MPI_FORMAT_PGP);
+ if (*ret_mpi == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ return 0;
}
/* Always has the first bit zero */
-int
-_gnutls_mpi_dprint_lz (const bigint_t a, gnutls_datum_t * dest)
+int _gnutls_mpi_dprint_lz(const bigint_t a, gnutls_datum_t * dest)
{
- int ret;
- uint8_t *buf = NULL;
- size_t bytes = 0;
-
- if (dest == NULL || a == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- _gnutls_mpi_print_lz (a, NULL, &bytes);
-
- if (bytes != 0)
- buf = gnutls_malloc (bytes);
- if (buf == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = _gnutls_mpi_print_lz (a, buf, &bytes);
- if (ret < 0)
- {
- gnutls_free (buf);
- return ret;
- }
-
- dest->data = buf;
- dest->size = bytes;
- return 0;
+ int ret;
+ uint8_t *buf = NULL;
+ size_t bytes = 0;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print_lz(a, NULL, &bytes);
+
+ if (bytes != 0)
+ buf = gnutls_malloc(bytes);
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = _gnutls_mpi_print_lz(a, buf, &bytes);
+ if (ret < 0) {
+ gnutls_free(buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = bytes;
+ return 0;
}
-int
-_gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest)
+int _gnutls_mpi_dprint(const bigint_t a, gnutls_datum_t * dest)
{
- int ret;
- uint8_t *buf = NULL;
- size_t bytes = 0;
-
- if (dest == NULL || a == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- _gnutls_mpi_print (a, NULL, &bytes);
- if (bytes != 0)
- buf = gnutls_malloc (bytes);
- if (buf == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = _gnutls_mpi_print (a, buf, &bytes);
- if (ret < 0)
- {
- gnutls_free (buf);
- return ret;
- }
-
- dest->data = buf;
- dest->size = bytes;
- return 0;
+ int ret;
+ uint8_t *buf = NULL;
+ size_t bytes = 0;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print(a, NULL, &bytes);
+ if (bytes != 0)
+ buf = gnutls_malloc(bytes);
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = _gnutls_mpi_print(a, buf, &bytes);
+ if (ret < 0) {
+ gnutls_free(buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = bytes;
+ return 0;
}
/* This function will copy the mpi data into a datum,
@@ -238,43 +220,40 @@ _gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest)
* the output value is left padded with zeros.
*/
int
-_gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest, size_t size)
+_gnutls_mpi_dprint_size(const bigint_t a, gnutls_datum_t * dest,
+ size_t size)
{
- int ret;
- uint8_t *buf = NULL;
- size_t bytes = 0;
- unsigned int i;
-
- if (dest == NULL || a == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- _gnutls_mpi_print (a, NULL, &bytes);
- if (bytes != 0)
- buf = gnutls_malloc (MAX (size, bytes));
- if (buf == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- if (bytes <= size)
- {
- size_t diff = size - bytes;
- for (i = 0; i < diff; i++)
- buf[i] = 0;
- ret = _gnutls_mpi_print (a, &buf[diff], &bytes);
- }
- else
- {
- ret = _gnutls_mpi_print (a, buf, &bytes);
- }
-
- if (ret < 0)
- {
- gnutls_free (buf);
- return ret;
- }
-
- dest->data = buf;
- dest->size = MAX (size, bytes);
- return 0;
+ int ret;
+ uint8_t *buf = NULL;
+ size_t bytes = 0;
+ unsigned int i;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print(a, NULL, &bytes);
+ if (bytes != 0)
+ buf = gnutls_malloc(MAX(size, bytes));
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ if (bytes <= size) {
+ size_t diff = size - bytes;
+ for (i = 0; i < diff; i++)
+ buf[i] = 0;
+ ret = _gnutls_mpi_print(a, &buf[diff], &bytes);
+ } else {
+ ret = _gnutls_mpi_print(a, buf, &bytes);
+ }
+
+ if (ret < 0) {
+ gnutls_free(buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = MAX(size, bytes);
+ return 0;
}
/* this function reads an integer
@@ -282,97 +261,90 @@ _gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest, size_t size)
* steps.
*/
int
-_gnutls_x509_read_int (ASN1_TYPE node, const char *value, bigint_t * ret_mpi)
+_gnutls_x509_read_int(ASN1_TYPE node, const char *value,
+ bigint_t * ret_mpi)
{
- int result;
- uint8_t *tmpstr = NULL;
- int tmpstr_size;
-
- tmpstr_size = 0;
- result = asn1_read_value (node, value, NULL, &tmpstr_size);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- tmpstr = gnutls_malloc (tmpstr_size);
- if (tmpstr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_read_value (node, value, tmpstr, &tmpstr_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmpstr);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_mpi_scan (ret_mpi, tmpstr, tmpstr_size);
- gnutls_free (tmpstr);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ uint8_t *tmpstr = NULL;
+ int tmpstr_size;
+
+ tmpstr_size = 0;
+ result = asn1_read_value(node, value, NULL, &tmpstr_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmpstr = gnutls_malloc(tmpstr_size);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(node, value, tmpstr, &tmpstr_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmpstr);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_mpi_scan(ret_mpi, tmpstr, tmpstr_size);
+ gnutls_free(tmpstr);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* Writes the specified integer into the specified node.
*/
int
-_gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
- int lz)
+_gnutls_x509_write_int(ASN1_TYPE node, const char *value, bigint_t mpi,
+ int lz)
{
- uint8_t *tmpstr;
- size_t s_len;
- int result;
-
- s_len = 0;
- if (lz)
- result = _gnutls_mpi_print_lz (mpi, NULL, &s_len);
- else
- result = _gnutls_mpi_print (mpi, NULL, &s_len);
-
- if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return result;
- }
-
- tmpstr = gnutls_malloc (s_len);
- if (tmpstr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (lz)
- result = _gnutls_mpi_print_lz (mpi, tmpstr, &s_len);
- else
- result = _gnutls_mpi_print (mpi, tmpstr, &s_len);
-
- if (result != 0)
- {
- gnutls_assert ();
- gnutls_free (tmpstr);
- return GNUTLS_E_MPI_PRINT_FAILED;
- }
-
- result = asn1_write_value (node, value, tmpstr, s_len);
-
- gnutls_free (tmpstr);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ uint8_t *tmpstr;
+ size_t s_len;
+ int result;
+
+ s_len = 0;
+ if (lz)
+ result = _gnutls_mpi_print_lz(mpi, NULL, &s_len);
+ else
+ result = _gnutls_mpi_print(mpi, NULL, &s_len);
+
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return result;
+ }
+
+ tmpstr = gnutls_malloc(s_len);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (lz)
+ result = _gnutls_mpi_print_lz(mpi, tmpstr, &s_len);
+ else
+ result = _gnutls_mpi_print(mpi, tmpstr, &s_len);
+
+ if (result != 0) {
+ gnutls_assert();
+ gnutls_free(tmpstr);
+ return GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ result = asn1_write_value(node, value, tmpstr, s_len);
+
+ gnutls_free(tmpstr);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h
index c905356db6..3134243252 100644
--- a/lib/gnutls_mpi.h
+++ b/lib/gnutls_mpi.h
@@ -30,8 +30,8 @@
extern int crypto_bigint_prio;
extern gnutls_crypto_bigint_st _gnutls_mpi_ops;
-bigint_t _gnutls_mpi_randomize (bigint_t, unsigned int bits,
- gnutls_rnd_level_t level);
+bigint_t _gnutls_mpi_randomize(bigint_t, unsigned int bits,
+ gnutls_rnd_level_t level);
#define _gnutls_mpi_new _gnutls_mpi_ops.bigint_new
#define _gnutls_mpi_clear _gnutls_mpi_ops.bigint_clear
@@ -59,18 +59,19 @@ bigint_t _gnutls_mpi_randomize (bigint_t, unsigned int bits,
#define _gnutls_mpi_print_pgp(x,y,z) _gnutls_mpi_ops.bigint_print(x,y,z,GNUTLS_MPI_FORMAT_PGP)
#define _gnutls_mpi_copy( a) _gnutls_mpi_set( NULL, a)
-void _gnutls_mpi_release (bigint_t * x);
+void _gnutls_mpi_release(bigint_t * x);
-int _gnutls_mpi_scan (bigint_t * ret_mpi, const void *buffer, size_t nbytes);
-int _gnutls_mpi_scan_nz (bigint_t * ret_mpi, const void *buffer,
- size_t nbytes);
-int _gnutls_mpi_scan_pgp (bigint_t * ret_mpi, const void *buffer,
- size_t nbytes);
+int _gnutls_mpi_scan(bigint_t * ret_mpi, const void *buffer,
+ size_t nbytes);
+int _gnutls_mpi_scan_nz(bigint_t * ret_mpi, const void *buffer,
+ size_t nbytes);
+int _gnutls_mpi_scan_pgp(bigint_t * ret_mpi, const void *buffer,
+ size_t nbytes);
-int _gnutls_mpi_dprint_lz (const bigint_t a, gnutls_datum_t * dest);
-int _gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest);
-int _gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest,
- size_t size);
+int _gnutls_mpi_dprint_lz(const bigint_t a, gnutls_datum_t * dest);
+int _gnutls_mpi_dprint(const bigint_t a, gnutls_datum_t * dest);
+int _gnutls_mpi_dprint_size(const bigint_t a, gnutls_datum_t * dest,
+ size_t size);
#define _gnutls_mpi_generate_group( gg, bits) _gnutls_mpi_ops.bigint_generate_group( gg, bits)
diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c
index 74a38d24f2..e9a7487917 100644
--- a/lib/gnutls_num.c
+++ b/lib/gnutls_num.c
@@ -32,56 +32,48 @@
* Returns 0 on success, or -1 if the uint64 max limit
* has been reached.
*/
-int
-_gnutls_uint64pp (uint64 * x)
+int _gnutls_uint64pp(uint64 * x)
{
- register int i, y = 0;
+ register int i, y = 0;
- for (i = 7; i >= 0; i--)
- {
- y = 0;
- if (x->i[i] == 0xff)
- {
- x->i[i] = 0;
- y = 1;
- }
- else
- x->i[i]++;
+ for (i = 7; i >= 0; i--) {
+ y = 0;
+ if (x->i[i] == 0xff) {
+ x->i[i] = 0;
+ y = 1;
+ } else
+ x->i[i]++;
- if (y == 0)
- break;
- }
- if (y != 0)
- return -1; /* over 64 bits! WOW */
+ if (y == 0)
+ break;
+ }
+ if (y != 0)
+ return -1; /* over 64 bits! WOW */
- return 0;
+ return 0;
}
/* This function will add one to uint48 x.
* Returns 0 on success, or -1 if the uint48 max limit
* has been reached.
*/
-int
-_gnutls_uint48pp (uint64 * x)
+int _gnutls_uint48pp(uint64 * x)
{
- register int i, y = 0;
+ register int i, y = 0;
- for (i = 7; i >= 3; i--)
- {
- y = 0;
- if (x->i[i] == 0xff)
- {
- x->i[i] = 0;
- y = 1;
- }
- else
- x->i[i]++;
+ for (i = 7; i >= 3; i--) {
+ y = 0;
+ if (x->i[i] == 0xff) {
+ x->i[i] = 0;
+ y = 1;
+ } else
+ x->i[i]++;
- if (y == 0)
- break;
- }
- if (y != 0)
- return -1; /* over 48 bits */
+ if (y == 0)
+ break;
+ }
+ if (y != 0)
+ return -1; /* over 48 bits */
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h
index 9e4530c4c7..13d33ba9d7 100644
--- a/lib/gnutls_num.h
+++ b/lib/gnutls_num.h
@@ -28,150 +28,138 @@
#include <minmax.h>
#include <byteswap.h>
-int _gnutls_uint64pp (uint64 *);
-int _gnutls_uint48pp (uint64 *);
+int _gnutls_uint64pp(uint64 *);
+int _gnutls_uint48pp(uint64 *);
-# define UINT64DATA(x) ((x).i)
+#define UINT64DATA(x) ((x).i)
-inline static uint32_t
-_gnutls_uint24touint32 (uint24 num)
+inline static uint32_t _gnutls_uint24touint32(uint24 num)
{
- uint32_t ret = 0;
+ uint32_t ret = 0;
- ((uint8_t *) & ret)[1] = num.pint[0];
- ((uint8_t *) & ret)[2] = num.pint[1];
- ((uint8_t *) & ret)[3] = num.pint[2];
- return ret;
+ ((uint8_t *) & ret)[1] = num.pint[0];
+ ((uint8_t *) & ret)[2] = num.pint[1];
+ ((uint8_t *) & ret)[3] = num.pint[2];
+ return ret;
}
-inline static uint24
-_gnutls_uint32touint24 (uint32_t num)
+inline static uint24 _gnutls_uint32touint24(uint32_t num)
{
- uint24 ret;
+ uint24 ret;
- ret.pint[0] = ((uint8_t *) & num)[1];
- ret.pint[1] = ((uint8_t *) & num)[2];
- ret.pint[2] = ((uint8_t *) & num)[3];
- return ret;
+ ret.pint[0] = ((uint8_t *) & num)[1];
+ ret.pint[1] = ((uint8_t *) & num)[2];
+ ret.pint[2] = ((uint8_t *) & num)[3];
+ return ret;
}
/* data should be at least 3 bytes */
-inline static uint32_t
-_gnutls_read_uint24 (const uint8_t * data)
+inline static uint32_t _gnutls_read_uint24(const uint8_t * data)
{
- uint32_t res;
- uint24 num;
+ uint32_t res;
+ uint24 num;
- num.pint[0] = data[0];
- num.pint[1] = data[1];
- num.pint[2] = data[2];
+ num.pint[0] = data[0];
+ num.pint[1] = data[1];
+ num.pint[2] = data[2];
- res = _gnutls_uint24touint32 (num);
+ res = _gnutls_uint24touint32(num);
#ifndef WORDS_BIGENDIAN
- res = bswap_32 (res);
+ res = bswap_32(res);
#endif
- return res;
+ return res;
}
-inline static void
-_gnutls_write_uint64 (uint64_t num, uint8_t * data)
+inline static void _gnutls_write_uint64(uint64_t num, uint8_t * data)
{
#ifndef WORDS_BIGENDIAN
- num = bswap_64 (num);
+ num = bswap_64(num);
#endif
- memcpy(data, &num, 8);
+ memcpy(data, &num, 8);
}
-inline static void
-_gnutls_write_uint24 (uint32_t num, uint8_t * data)
+inline static void _gnutls_write_uint24(uint32_t num, uint8_t * data)
{
- uint24 tmp;
+ uint24 tmp;
#ifndef WORDS_BIGENDIAN
- num = bswap_32 (num);
+ num = bswap_32(num);
#endif
- tmp = _gnutls_uint32touint24 (num);
+ tmp = _gnutls_uint32touint24(num);
- data[0] = tmp.pint[0];
- data[1] = tmp.pint[1];
- data[2] = tmp.pint[2];
+ data[0] = tmp.pint[0];
+ data[1] = tmp.pint[1];
+ data[2] = tmp.pint[2];
}
-inline static uint32_t
-_gnutls_read_uint32 (const uint8_t * data)
+inline static uint32_t _gnutls_read_uint32(const uint8_t * data)
{
- uint32_t res;
+ uint32_t res;
- memcpy (&res, data, sizeof (uint32_t));
+ memcpy(&res, data, sizeof(uint32_t));
#ifndef WORDS_BIGENDIAN
- res = bswap_32 (res);
+ res = bswap_32(res);
#endif
- return res;
+ return res;
}
-inline static void
-_gnutls_write_uint32 (uint32_t num, uint8_t * data)
+inline static void _gnutls_write_uint32(uint32_t num, uint8_t * data)
{
#ifndef WORDS_BIGENDIAN
- num = bswap_32 (num);
+ num = bswap_32(num);
#endif
- memcpy (data, &num, sizeof (uint32_t));
+ memcpy(data, &num, sizeof(uint32_t));
}
-inline static uint16_t
-_gnutls_read_uint16 (const uint8_t * data)
+inline static uint16_t _gnutls_read_uint16(const uint8_t * data)
{
- uint16_t res;
- memcpy (&res, data, sizeof (uint16_t));
+ uint16_t res;
+ memcpy(&res, data, sizeof(uint16_t));
#ifndef WORDS_BIGENDIAN
- res = bswap_16 (res);
+ res = bswap_16(res);
#endif
- return res;
+ return res;
}
-inline static void
-_gnutls_write_uint16 (uint16_t num, uint8_t * data)
+inline static void _gnutls_write_uint16(uint16_t num, uint8_t * data)
{
#ifndef WORDS_BIGENDIAN
- num = bswap_16 (num);
+ num = bswap_16(num);
#endif
- memcpy (data, &num, sizeof (uint16_t));
+ memcpy(data, &num, sizeof(uint16_t));
}
-inline static uint32_t
-_gnutls_conv_uint32 (uint32_t data)
+inline static uint32_t _gnutls_conv_uint32(uint32_t data)
{
#ifndef WORDS_BIGENDIAN
- return bswap_32 (data);
+ return bswap_32(data);
#else
- return data;
+ return data;
#endif
}
-inline static uint16_t
-_gnutls_conv_uint16 (uint16_t data)
+inline static uint16_t _gnutls_conv_uint16(uint16_t data)
{
#ifndef WORDS_BIGENDIAN
- return bswap_16 (data);
+ return bswap_16(data);
#else
- return data;
+ return data;
#endif
}
-inline static uint32_t
-_gnutls_uint64touint32 (const uint64 * num)
+inline static uint32_t _gnutls_uint64touint32(const uint64 * num)
{
- uint32_t ret;
+ uint32_t ret;
- memcpy (&ret, &num->i[4], 4);
+ memcpy(&ret, &num->i[4], 4);
#ifndef WORDS_BIGENDIAN
- ret = bswap_32 (ret);
+ ret = bswap_32(ret);
#endif
- return ret;
+ return ret;
}
-#endif /* GNUTLS_NUM_H */
+#endif /* GNUTLS_NUM_H */
diff --git a/lib/gnutls_pcert.c b/lib/gnutls_pcert.c
index 433a7c6785..56c2d6fe2e 100644
--- a/lib/gnutls_pcert.c
+++ b/lib/gnutls_pcert.c
@@ -44,45 +44,44 @@
*
* Since: 3.0
**/
-int gnutls_pcert_import_x509 (gnutls_pcert_st* pcert,
- gnutls_x509_crt_t crt, unsigned int flags)
+int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
+ gnutls_x509_crt_t crt, unsigned int flags)
{
-int ret;
-
- memset(pcert, 0, sizeof(*pcert));
-
- pcert->type = GNUTLS_CRT_X509;
- pcert->cert.data = NULL;
-
- ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &pcert->cert);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_pubkey_init(&pcert->pubkey);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0);
- if (ret < 0)
- {
- gnutls_pubkey_deinit(pcert->pubkey);
- pcert->pubkey = NULL;
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum(&pcert->cert);
-
- return ret;
+ int ret;
+
+ memset(pcert, 0, sizeof(*pcert));
+
+ pcert->type = GNUTLS_CRT_X509;
+ pcert->cert.data = NULL;
+
+ ret =
+ gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER,
+ &pcert->cert);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_init(&pcert->pubkey);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0);
+ if (ret < 0) {
+ gnutls_pubkey_deinit(pcert->pubkey);
+ pcert->pubkey = NULL;
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&pcert->cert);
+
+ return ret;
}
/**
@@ -105,50 +104,50 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_pcert_list_import_x509_raw (gnutls_pcert_st * pcerts,
- unsigned int *pcert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
+ unsigned int *pcert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
-int ret;
-unsigned int i = 0, j;
-gnutls_x509_crt_t *crt;
-
- crt = gnutls_malloc((*pcert_max) * sizeof(gnutls_x509_crt_t));
-
- if (crt == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = gnutls_x509_crt_list_import( crt, pcert_max, data, format, flags);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- for (i=0;i<*pcert_max;i++)
- {
- ret = gnutls_pcert_import_x509(&pcerts[i], crt[i], flags);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup_pcert;
- }
- }
-
- ret = 0;
- goto cleanup;
-
-cleanup_pcert:
- for (j=0;j<i;j++)
- gnutls_pcert_deinit(&pcerts[j]);
-
-cleanup:
- for (i=0;i<*pcert_max;i++)
- gnutls_x509_crt_deinit(crt[i]);
-
- gnutls_free(crt);
- return ret;
+ int ret;
+ unsigned int i = 0, j;
+ gnutls_x509_crt_t *crt;
+
+ crt = gnutls_malloc((*pcert_max) * sizeof(gnutls_x509_crt_t));
+
+ if (crt == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ gnutls_x509_crt_list_import(crt, pcert_max, data, format,
+ flags);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ for (i = 0; i < *pcert_max; i++) {
+ ret = gnutls_pcert_import_x509(&pcerts[i], crt[i], flags);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup_pcert;
+ }
+ }
+
+ ret = 0;
+ goto cleanup;
+
+ cleanup_pcert:
+ for (j = 0; j < i; j++)
+ gnutls_pcert_deinit(&pcerts[j]);
+
+ cleanup:
+ for (i = 0; i < *pcert_max; i++)
+ gnutls_x509_crt_deinit(crt[i]);
+
+ gnutls_free(crt);
+ return ret;
}
@@ -168,39 +167,38 @@ cleanup:
*
* Since: 3.0
**/
-int gnutls_pcert_import_x509_raw (gnutls_pcert_st *pcert,
- const gnutls_datum_t* cert,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
+ const gnutls_datum_t * cert,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
-int ret;
-gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_x509_crt_t crt;
- memset(pcert, 0, sizeof(*pcert));
+ memset(pcert, 0, sizeof(*pcert));
- ret = gnutls_x509_crt_init(&crt);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = gnutls_x509_crt_import(crt, cert, format);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
+ ret = gnutls_x509_crt_import(crt, cert, format);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
- ret = gnutls_pcert_import_x509(pcert, crt, flags);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
+ ret = gnutls_pcert_import_x509(pcert, crt, flags);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
- ret = 0;
+ ret = 0;
-cleanup:
- gnutls_x509_crt_deinit(crt);
+ cleanup:
+ gnutls_x509_crt_deinit(crt);
- return ret;
+ return ret;
}
#ifdef ENABLE_OPENPGP
@@ -220,62 +218,62 @@ cleanup:
*
* Since: 3.0
**/
-int gnutls_pcert_import_openpgp (gnutls_pcert_st* pcert,
- gnutls_openpgp_crt_t crt, unsigned int flags)
+int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert,
+ gnutls_openpgp_crt_t crt,
+ unsigned int flags)
{
-int ret;
-size_t sz;
-
- memset(pcert, 0, sizeof(*pcert));
-
- pcert->type = GNUTLS_CRT_OPENPGP;
- pcert->cert.data = NULL;
-
- sz = 0;
- ret = gnutls_openpgp_crt_export(crt, GNUTLS_OPENPGP_FMT_RAW, NULL, &sz);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- pcert->cert.data = gnutls_malloc(sz);
- if (pcert->cert.data == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_openpgp_crt_export(crt, GNUTLS_X509_FMT_DER, pcert->cert.data, &sz);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
- pcert->cert.size = sz;
-
- ret = gnutls_pubkey_init(&pcert->pubkey);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_openpgp(pcert->pubkey, crt, 0);
- if (ret < 0)
- {
- gnutls_pubkey_deinit(pcert->pubkey);
- pcert->pubkey = NULL;
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum(&pcert->cert);
-
- return ret;
+ int ret;
+ size_t sz;
+
+ memset(pcert, 0, sizeof(*pcert));
+
+ pcert->type = GNUTLS_CRT_OPENPGP;
+ pcert->cert.data = NULL;
+
+ sz = 0;
+ ret =
+ gnutls_openpgp_crt_export(crt, GNUTLS_OPENPGP_FMT_RAW, NULL,
+ &sz);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ pcert->cert.data = gnutls_malloc(sz);
+ if (pcert->cert.data == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_openpgp_crt_export(crt, GNUTLS_X509_FMT_DER,
+ pcert->cert.data, &sz);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ pcert->cert.size = sz;
+
+ ret = gnutls_pubkey_init(&pcert->pubkey);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_openpgp(pcert->pubkey, crt, 0);
+ if (ret < 0) {
+ gnutls_pubkey_deinit(pcert->pubkey);
+ pcert->pubkey = NULL;
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&pcert->cert);
+
+ return ret;
}
/**
@@ -295,49 +293,46 @@ cleanup:
*
* Since: 3.0
**/
-int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st *pcert,
- const gnutls_datum_t* cert,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert,
+ const gnutls_datum_t * cert,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
-int ret;
-gnutls_openpgp_crt_t crt;
-
- memset(pcert, 0, sizeof(*pcert));
-
- pcert->cert.data = NULL;
-
- ret = gnutls_openpgp_crt_init(&crt);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_crt_import(crt, cert, format);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_openpgp_crt_set_preferred_key_id(crt, keyid);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_pcert_import_openpgp(pcert, crt, flags);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
- ret = 0;
-
-cleanup:
- gnutls_openpgp_crt_deinit(crt);
-
- return ret;
+ int ret;
+ gnutls_openpgp_crt_t crt;
+
+ memset(pcert, 0, sizeof(*pcert));
+
+ pcert->cert.data = NULL;
+
+ ret = gnutls_openpgp_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_openpgp_crt_import(crt, cert, format);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_openpgp_crt_set_preferred_key_id(crt, keyid);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_pcert_import_openpgp(pcert, crt, flags);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ ret = 0;
+
+ cleanup:
+ gnutls_openpgp_crt_deinit(crt);
+
+ return ret;
}
#endif
@@ -350,36 +345,41 @@ cleanup:
*
* Since: 3.0
**/
-void
-gnutls_pcert_deinit (gnutls_pcert_st *pcert)
+void gnutls_pcert_deinit(gnutls_pcert_st * pcert)
{
- gnutls_pubkey_deinit(pcert->pubkey);
- pcert->pubkey = NULL;
- _gnutls_free_datum(&pcert->cert);
+ gnutls_pubkey_deinit(pcert->pubkey);
+ pcert->pubkey = NULL;
+ _gnutls_free_datum(&pcert->cert);
}
/* Converts the first certificate for the cert_auth_info structure
* to a pcert.
*/
int
-_gnutls_get_auth_info_pcert (gnutls_pcert_st* pcert,
- gnutls_certificate_type_t type,
- cert_auth_info_t info)
+_gnutls_get_auth_info_pcert(gnutls_pcert_st * pcert,
+ gnutls_certificate_type_t type,
+ cert_auth_info_t info)
{
- switch (type)
- {
- case GNUTLS_CRT_X509:
- return gnutls_pcert_import_x509_raw(pcert, &info->raw_certificate_list[0],
- GNUTLS_X509_FMT_DER, GNUTLS_PCERT_NO_CERT);
+ switch (type) {
+ case GNUTLS_CRT_X509:
+ return gnutls_pcert_import_x509_raw(pcert,
+ &info->
+ raw_certificate_list
+ [0],
+ GNUTLS_X509_FMT_DER,
+ GNUTLS_PCERT_NO_CERT);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return gnutls_pcert_import_openpgp_raw(pcert,
- &info->raw_certificate_list[0],
- GNUTLS_OPENPGP_FMT_RAW,
- info->subkey_id, GNUTLS_PCERT_NO_CERT);
+ case GNUTLS_CRT_OPENPGP:
+ return gnutls_pcert_import_openpgp_raw(pcert,
+ &info->
+ raw_certificate_list
+ [0],
+ GNUTLS_OPENPGP_FMT_RAW,
+ info->subkey_id,
+ GNUTLS_PCERT_NO_CERT);
#endif
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 8675c40cca..07fa28f186 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -39,207 +39,191 @@
/* encodes the Dss-Sig-Value structure
*/
int
-_gnutls_encode_ber_rs_raw (gnutls_datum_t * sig_value,
- const gnutls_datum_t *r,
- const gnutls_datum_t *s)
+_gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
+ const gnutls_datum_t * r,
+ const gnutls_datum_t * s)
{
- ASN1_TYPE sig;
- int result;
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value( sig, "r", r->data, r->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return _gnutls_asn2err(result);
- }
-
- result = asn1_write_value( sig, "s", s->data, s->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
- asn1_delete_structure (&sig);
-
- if (result < 0)
- return gnutls_assert_val(result);
-
- return 0;
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(sig, "r", r->data, r->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(sig, "s", s->data, s->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(sig, "", sig_value, 0);
+ asn1_delete_structure(&sig);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ return 0;
}
int
-_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
+_gnutls_encode_ber_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
{
- ASN1_TYPE sig;
- int result;
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_int (sig, "r", r, 1);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return result;
- }
-
- result = _gnutls_x509_write_int (sig, "s", s, 1);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return result;
- }
-
- result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
- asn1_delete_structure (&sig);
-
- if (result < 0)
- return gnutls_assert_val(result);
-
- return 0;
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(sig, "r", r, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_write_int(sig, "s", s, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(sig, "", sig_value, 0);
+ asn1_delete_structure(&sig);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ return 0;
}
/* decodes the Dss-Sig-Value structure
*/
int
-_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
- bigint_t * s)
+_gnutls_decode_ber_rs(const gnutls_datum_t * sig_value, bigint_t * r,
+ bigint_t * s)
{
- ASN1_TYPE sig;
- int result;
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&sig, sig_value->data, sig_value->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_read_int (sig, "r", r);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return result;
- }
-
- result = _gnutls_x509_read_int (sig, "s", s);
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_mpi_release (s);
- asn1_delete_structure (&sig);
- return result;
- }
-
- asn1_delete_structure (&sig);
-
- return 0;
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&sig, sig_value->data, sig_value->size,
+ NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_read_int(sig, "r", r);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_read_int(sig, "s", s);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_mpi_release(s);
+ asn1_delete_structure(&sig);
+ return result;
+ }
+
+ asn1_delete_structure(&sig);
+
+ return 0;
}
/* some generic pk functions */
-int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, const gnutls_pk_params_st * src)
+int _gnutls_pk_params_copy(gnutls_pk_params_st * dst,
+ const gnutls_pk_params_st * src)
{
- unsigned int i, j;
- dst->params_nr = 0;
-
- if (src == NULL || src->params_nr == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (i = 0; i < src->params_nr; i++)
- {
- dst->params[i] = _gnutls_mpi_set (NULL, src->params[i]);
- if (dst->params[i] == NULL)
- {
- for (j = 0; j < i; j++)
- _gnutls_mpi_release (&dst->params[j]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- dst->params_nr++;
- }
-
- return 0;
+ unsigned int i, j;
+ dst->params_nr = 0;
+
+ if (src == NULL || src->params_nr == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (i = 0; i < src->params_nr; i++) {
+ dst->params[i] = _gnutls_mpi_set(NULL, src->params[i]);
+ if (dst->params[i] == NULL) {
+ for (j = 0; j < i; j++)
+ _gnutls_mpi_release(&dst->params[j]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dst->params_nr++;
+ }
+
+ return 0;
}
-void
-gnutls_pk_params_init (gnutls_pk_params_st * p)
+void gnutls_pk_params_init(gnutls_pk_params_st * p)
{
- memset (p, 0, sizeof (gnutls_pk_params_st));
+ memset(p, 0, sizeof(gnutls_pk_params_st));
}
-void
-gnutls_pk_params_release (gnutls_pk_params_st * p)
+void gnutls_pk_params_release(gnutls_pk_params_st * p)
{
- unsigned int i;
- for (i = 0; i < p->params_nr; i++)
- {
- _gnutls_mpi_release (&p->params[i]);
- }
- p->params_nr = 0;
+ unsigned int i;
+ for (i = 0; i < p->params_nr; i++) {
+ _gnutls_mpi_release(&p->params[i]);
+ }
+ p->params_nr = 0;
}
-void
-gnutls_pk_params_clear (gnutls_pk_params_st * p)
+void gnutls_pk_params_clear(gnutls_pk_params_st * p)
{
- unsigned int i;
- for (i = 0; i < p->params_nr; i++)
- {
- if (p->params[i] != NULL) _gnutls_mpi_clear (p->params[i]);
- }
+ unsigned int i;
+ for (i = 0; i < p->params_nr; i++) {
+ if (p->params[i] != NULL)
+ _gnutls_mpi_clear(p->params[i]);
+ }
}
int
-_gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
- gnutls_pk_params_st* params,
- gnutls_digest_algorithm_t * dig,
- unsigned int *mand)
+_gnutls_pk_get_hash_algorithm(gnutls_pk_algorithm_t pk,
+ gnutls_pk_params_st * params,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand)
{
- if (mand)
- {
- if (pk == GNUTLS_PK_DSA)
- *mand = 1;
- else
- *mand = 0;
- }
+ if (mand) {
+ if (pk == GNUTLS_PK_DSA)
+ *mand = 1;
+ else
+ *mand = 0;
+ }
- return _gnutls_x509_verify_algorithm (dig,
- NULL, pk, params);
+ return _gnutls_x509_verify_algorithm(dig, NULL, pk, params);
}
@@ -247,87 +231,84 @@ _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
* structure. The digest info is allocated and stored into the info structure.
*/
int
-encode_ber_digest_info (const mac_entry_st* e,
- const gnutls_datum_t * digest,
- gnutls_datum_t * output)
+encode_ber_digest_info(const mac_entry_st * e,
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output)
{
- ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
- int result;
- const char *algo;
- uint8_t *tmp_output;
- int tmp_output_size;
-
- algo = _gnutls_x509_mac_to_oid (e);
- if (algo == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Hash algorithm: %d has no OID\n", e->id);
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DigestInfo",
- &dinfo)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- /* Write an ASN.1 NULL in the parameters field. This matches RFC
- 3279 and RFC 4055, although is arguable incorrect from a historic
- perspective (see those documents for more information).
- Regardless of what is correct, this appears to be what most
- implementations do. */
- result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
- ASN1_NULL, ASN1_NULL_SIZE);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (dinfo, "digest", digest->data, digest->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- tmp_output_size = 0;
- asn1_der_coding (dinfo, "", NULL, &tmp_output_size, NULL);
-
- tmp_output = gnutls_malloc (tmp_output_size);
- if (tmp_output == NULL)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_der_coding (dinfo, "", tmp_output, &tmp_output_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- asn1_delete_structure (&dinfo);
-
- output->size = tmp_output_size;
- output->data = tmp_output;
-
- return 0;
+ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+ int result;
+ const char *algo;
+ uint8_t *tmp_output;
+ int tmp_output_size;
+
+ algo = _gnutls_x509_mac_to_oid(e);
+ if (algo == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Hash algorithm: %d has no OID\n",
+ e->id);
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_write_value(dinfo, "digestAlgorithm.algorithm", algo, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Write an ASN.1 NULL in the parameters field. This matches RFC
+ 3279 and RFC 4055, although is arguable incorrect from a historic
+ perspective (see those documents for more information).
+ Regardless of what is correct, this appears to be what most
+ implementations do. */
+ result = asn1_write_value(dinfo, "digestAlgorithm.parameters",
+ ASN1_NULL, ASN1_NULL_SIZE);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_write_value(dinfo, "digest", digest->data, digest->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ tmp_output_size = 0;
+ asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL);
+
+ tmp_output = gnutls_malloc(tmp_output_size);
+ if (tmp_output == NULL) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ asn1_der_coding(dinfo, "", tmp_output, &tmp_output_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ asn1_delete_structure(&dinfo);
+
+ output->size = tmp_output_size;
+ output->data = tmp_output;
+
+ return 0;
}
/* Reads the digest information.
@@ -335,79 +316,75 @@ encode_ber_digest_info (const mac_entry_st* e,
* anyway.
*/
int
-decode_ber_digest_info (const gnutls_datum_t * info,
- gnutls_digest_algorithm_t * hash,
- uint8_t * digest, unsigned int *digest_size)
+decode_ber_digest_info(const gnutls_datum_t * info,
+ gnutls_digest_algorithm_t * hash,
+ uint8_t * digest, unsigned int *digest_size)
{
- ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
- int result;
- char str[1024];
- int len;
-
- if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DigestInfo",
- &dinfo)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dinfo, info->data, info->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- len = sizeof (str) - 1;
- result = asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- *hash = _gnutls_x509_oid_to_digest (str);
-
- if (*hash == GNUTLS_DIG_UNKNOWN)
- {
-
- _gnutls_debug_log ("verify.c: HASH OID: %s\n", str);
-
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return GNUTLS_E_UNKNOWN_ALGORITHM;
- }
-
- len = sizeof (str) - 1;
- result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
- /* To avoid permitting garbage in the parameters field, either the
- parameters field is not present, or it contains 0x05 0x00. */
- if (!(result == ASN1_ELEMENT_NOT_FOUND ||
- (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
- memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- len = *digest_size;
- result = asn1_read_value (dinfo, "digest", digest, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- *digest_size = len;
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- *digest_size = len;
- asn1_delete_structure (&dinfo);
-
- return 0;
+ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+ int result;
+ char str[1024];
+ int len;
+
+ if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&dinfo, info->data, info->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ len = sizeof(str) - 1;
+ result =
+ asn1_read_value(dinfo, "digestAlgorithm.algorithm", str, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ *hash = _gnutls_x509_oid_to_digest(str);
+
+ if (*hash == GNUTLS_DIG_UNKNOWN) {
+
+ _gnutls_debug_log("verify.c: HASH OID: %s\n", str);
+
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return GNUTLS_E_UNKNOWN_ALGORITHM;
+ }
+
+ len = sizeof(str) - 1;
+ result =
+ asn1_read_value(dinfo, "digestAlgorithm.parameters", str,
+ &len);
+ /* To avoid permitting garbage in the parameters field, either the
+ parameters field is not present, or it contains 0x05 0x00. */
+ if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+ (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
+ memcmp(str, ASN1_NULL, ASN1_NULL_SIZE) == 0))) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ len = *digest_size;
+ result = asn1_read_value(dinfo, "digest", digest, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ *digest_size = len;
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ *digest_size = len;
+ asn1_delete_structure(&dinfo);
+
+ return 0;
}
-
diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index 7eab664a23..22ff54a08d 100644
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -36,41 +36,44 @@ extern gnutls_crypto_pk_st _gnutls_pk_ops;
#define _gnutls_pk_hash_algorithm( pk, sig, params, hash) _gnutls_pk_ops.hash_algorithm(pk, sig, params, hash)
inline static int
-_gnutls_pk_fixup (gnutls_pk_algorithm_t algo, gnutls_direction_t direction,
- gnutls_pk_params_st * params)
+_gnutls_pk_fixup(gnutls_pk_algorithm_t algo, gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
{
- if (_gnutls_pk_ops.pk_fixup_private_params)
- return _gnutls_pk_ops.pk_fixup_private_params (algo, direction, params);
- return 0;
+ if (_gnutls_pk_ops.pk_fixup_private_params)
+ return _gnutls_pk_ops.pk_fixup_private_params(algo,
+ direction,
+ params);
+ return 0;
}
-int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, const gnutls_pk_params_st * src);
+int _gnutls_pk_params_copy(gnutls_pk_params_st * dst,
+ const gnutls_pk_params_st * src);
/* The internal PK interface */
int
-_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s);
+_gnutls_encode_ber_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s);
int
-_gnutls_encode_ber_rs_raw (gnutls_datum_t * sig_value,
- const gnutls_datum_t *r,
- const gnutls_datum_t *s);
+_gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
+ const gnutls_datum_t * r,
+ const gnutls_datum_t * s);
int
-_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
- bigint_t * s);
+_gnutls_decode_ber_rs(const gnutls_datum_t * sig_value, bigint_t * r,
+ bigint_t * s);
int
-encode_ber_digest_info (const mac_entry_st* e,
- const gnutls_datum_t * digest,
- gnutls_datum_t * output);
+encode_ber_digest_info(const mac_entry_st * e,
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output);
int
-decode_ber_digest_info (const gnutls_datum_t * info,
- gnutls_digest_algorithm_t * hash,
- uint8_t * digest, unsigned int *digest_size);
+decode_ber_digest_info(const gnutls_datum_t * info,
+ gnutls_digest_algorithm_t * hash,
+ uint8_t * digest, unsigned int *digest_size);
-int _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
- gnutls_pk_params_st*,
- gnutls_digest_algorithm_t * dig,
- unsigned int *mand);
+int _gnutls_pk_get_hash_algorithm(gnutls_pk_algorithm_t pk,
+ gnutls_pk_params_st *,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand);
-#endif /* GNUTLS_PK_H */
+#endif /* GNUTLS_PK_H */
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 8b9effff3d..7745a96918 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -29,9 +29,9 @@
#include <gnutls_num.h>
static void
-break_comma_list (char *etag,
- char **broken_etag, int *elements, int max_elements,
- char sep);
+break_comma_list(char *etag,
+ char **broken_etag, int *elements, int max_elements,
+ char sep);
/**
* gnutls_cipher_set_priority:
@@ -46,82 +46,71 @@ break_comma_list (char *etag,
*
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
-int
-gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
+int gnutls_cipher_set_priority(gnutls_session_t session, const int *list)
{
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0)
- num++;
- if (num > MAX_ALGOS)
- num = MAX_ALGOS;
- session->internals.priorities.cipher.algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.priorities.cipher.algorithms = num;
- for (i = 0; i < num; i++)
- {
- session->internals.priorities.cipher.priority[i] = list[i];
- }
+ for (i = 0; i < num; i++) {
+ session->internals.priorities.cipher.priority[i] = list[i];
+ }
- return 0;
+ return 0;
}
typedef void (bulk_rmadd_func) (priority_st * priority_list, const int *);
-inline static void
-_set_priority (priority_st * st, const int *list)
+inline static void _set_priority(priority_st * st, const int *list)
{
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0)
- num++;
- if (num > MAX_ALGOS)
- num = MAX_ALGOS;
- st->algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ st->algorithms = num;
- for (i = 0; i < num; i++)
- {
- st->priority[i] = list[i];
- }
+ for (i = 0; i < num; i++) {
+ st->priority[i] = list[i];
+ }
- return;
+ return;
}
-inline static void
-_add_priority (priority_st * st, const int *list)
+inline static void _add_priority(priority_st * st, const int *list)
{
- int num, i, j, init;
-
- init = i = st->algorithms;
-
- for (num=0;list[num]!=0;++num)
- {
- if (i+1 > MAX_ALGOS)
- {
- return;
- }
-
- for (j=0;j<init;j++)
- {
- if (st->priority[j] == (unsigned)list[num])
- {
- break;
- }
- }
-
- if (j == init)
- {
- st->priority[i++] = list[num];
- st->algorithms++;
- }
- }
-
- return;
+ int num, i, j, init;
+
+ init = i = st->algorithms;
+
+ for (num = 0; list[num] != 0; ++num) {
+ if (i + 1 > MAX_ALGOS) {
+ return;
+ }
+
+ for (j = 0; j < init; j++) {
+ if (st->priority[j] == (unsigned) list[num]) {
+ break;
+ }
+ }
+
+ if (j == init) {
+ st->priority[i++] = list[num];
+ st->algorithms++;
+ }
+ }
+
+ return;
}
-static void
-_clear_priorities (priority_st * st, const int *list)
+static void _clear_priorities(priority_st * st, const int *list)
{
- memset(st, 0, sizeof(*st));
+ memset(st, 0, sizeof(*st));
}
/**
@@ -138,11 +127,10 @@ _clear_priorities (priority_st * st, const int *list)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_kx_set_priority (gnutls_session_t session, const int *list)
+int gnutls_kx_set_priority(gnutls_session_t session, const int *list)
{
- _set_priority (&session->internals.priorities.kx, list);
- return 0;
+ _set_priority(&session->internals.priorities.kx, list);
+ return 0;
}
/**
@@ -159,11 +147,10 @@ gnutls_kx_set_priority (gnutls_session_t session, const int *list)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_mac_set_priority (gnutls_session_t session, const int *list)
+int gnutls_mac_set_priority(gnutls_session_t session, const int *list)
{
- _set_priority (&session->internals.priorities.mac, list);
- return 0;
+ _set_priority(&session->internals.priorities.mac, list);
+ return 0;
}
/**
@@ -185,10 +172,10 @@ gnutls_mac_set_priority (gnutls_session_t session, const int *list)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_compression_set_priority (gnutls_session_t session, const int *list)
+gnutls_compression_set_priority(gnutls_session_t session, const int *list)
{
- _set_priority (&session->internals.priorities.compression, list);
- return 0;
+ _set_priority(&session->internals.priorities.compression, list);
+ return 0;
}
/**
@@ -202,18 +189,17 @@ gnutls_compression_set_priority (gnutls_session_t session, const int *list)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_protocol_set_priority (gnutls_session_t session, const int *list)
+int gnutls_protocol_set_priority(gnutls_session_t session, const int *list)
{
- _set_priority (&session->internals.priorities.protocol, list);
+ _set_priority(&session->internals.priorities.protocol, list);
- /* set the current version to the first in the chain.
- * This will be overridden later.
- */
- if (list)
- _gnutls_set_current_version (session, list[0]);
+ /* set the current version to the first in the chain.
+ * This will be overridden later.
+ */
+ if (list)
+ _gnutls_set_current_version(session, list[0]);
- return 0;
+ return 0;
}
/**
@@ -231,331 +217,332 @@ gnutls_protocol_set_priority (gnutls_session_t session, const int *list)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_certificate_type_set_priority (gnutls_session_t session,
- const int *list)
+gnutls_certificate_type_set_priority(gnutls_session_t session,
+ const int *list)
{
#ifdef ENABLE_OPENPGP
- _set_priority (&session->internals.priorities.cert_type, list);
- return 0;
+ _set_priority(&session->internals.priorities.cert_type, list);
+ return 0;
#else
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
#endif
}
static const int supported_ecc_normal[] = {
- GNUTLS_ECC_CURVE_SECP192R1,
- GNUTLS_ECC_CURVE_SECP224R1,
- GNUTLS_ECC_CURVE_SECP256R1,
- GNUTLS_ECC_CURVE_SECP384R1,
- GNUTLS_ECC_CURVE_SECP521R1,
- 0
+ GNUTLS_ECC_CURVE_SECP192R1,
+ GNUTLS_ECC_CURVE_SECP224R1,
+ GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
+ GNUTLS_ECC_CURVE_SECP521R1,
+ 0
};
static const int supported_ecc_secure128[] = {
- GNUTLS_ECC_CURVE_SECP256R1,
- GNUTLS_ECC_CURVE_SECP384R1,
- GNUTLS_ECC_CURVE_SECP521R1,
- 0
+ GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
+ GNUTLS_ECC_CURVE_SECP521R1,
+ 0
};
static const int supported_ecc_suiteb128[] = {
- GNUTLS_ECC_CURVE_SECP256R1,
- GNUTLS_ECC_CURVE_SECP384R1,
- 0
+ GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
+ 0
};
static const int supported_ecc_suiteb192[] = {
- GNUTLS_ECC_CURVE_SECP384R1,
- 0
+ GNUTLS_ECC_CURVE_SECP384R1,
+ 0
};
static const int supported_ecc_secure192[] = {
- GNUTLS_ECC_CURVE_SECP384R1,
- GNUTLS_ECC_CURVE_SECP521R1,
- 0
+ GNUTLS_ECC_CURVE_SECP384R1,
+ GNUTLS_ECC_CURVE_SECP521R1,
+ 0
};
static const int protocol_priority[] = {
- GNUTLS_TLS1_2,
- GNUTLS_TLS1_1,
- GNUTLS_TLS1_0,
- GNUTLS_SSL3,
- GNUTLS_DTLS1_2,
- GNUTLS_DTLS1_0,
- 0
+ GNUTLS_TLS1_2,
+ GNUTLS_TLS1_1,
+ GNUTLS_TLS1_0,
+ GNUTLS_SSL3,
+ GNUTLS_DTLS1_2,
+ GNUTLS_DTLS1_0,
+ 0
};
static const int dtls_protocol_priority[] = {
- GNUTLS_DTLS1_2,
- GNUTLS_DTLS1_0,
- 0
+ GNUTLS_DTLS1_2,
+ GNUTLS_DTLS1_0,
+ 0
};
static const int protocol_priority_suiteb[] = {
- GNUTLS_TLS1_2,
- 0
+ GNUTLS_TLS1_2,
+ 0
};
static const int kx_priority_performance[] = {
- GNUTLS_KX_RSA,
+ GNUTLS_KX_RSA,
#ifdef ENABLE_ECDHE
- GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_KX_ECDHE_RSA,
#endif
#ifdef ENABLE_DHE
- GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
#endif
- 0
+ 0
};
static const int kx_priority_pfs[] = {
#ifdef ENABLE_ECDHE
- GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_KX_ECDHE_RSA,
#endif
#ifdef ENABLE_DHE
- GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
#endif
- 0
+ 0
};
static const int kx_priority_suiteb[] = {
- GNUTLS_KX_ECDHE_ECDSA,
- 0
+ GNUTLS_KX_ECDHE_ECDSA,
+ 0
};
static const int kx_priority_secure[] = {
- /* The ciphersuites that offer forward secrecy take
- * precedence
- */
+ /* The ciphersuites that offer forward secrecy take
+ * precedence
+ */
#ifdef ENABLE_ECDHE
- GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_KX_ECDHE_RSA,
#endif
- GNUTLS_KX_RSA,
- /* KX-RSA is now ahead of DHE-RSA and DHE-DSS due to the compatibility
- * issues the DHE ciphersuites have. That is, one cannot enforce a specific
- * security level without dropping the connection.
- */
+ GNUTLS_KX_RSA,
+ /* KX-RSA is now ahead of DHE-RSA and DHE-DSS due to the compatibility
+ * issues the DHE ciphersuites have. That is, one cannot enforce a specific
+ * security level without dropping the connection.
+ */
#ifdef ENABLE_DHE
- GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
#endif
- /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
- */
- 0
+ /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
+ */
+ 0
};
/* If GCM and AES acceleration is available then prefer
* them over anything else.
*/
static const int cipher_priority_performance[] = {
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_CAMELLIA_128_GCM,
- GNUTLS_CIPHER_CAMELLIA_256_GCM,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_CIPHER_3DES_CBC,
- 0
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_AES_256_GCM,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ 0
};
static const int cipher_priority_normal[] = {
- GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_CAMELLIA_128_GCM,
- GNUTLS_CIPHER_CAMELLIA_256_GCM,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_128,
- 0
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_AES_256_GCM,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ 0
};
static const int cipher_priority_suiteb128[] = {
- GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_AES_256_GCM,
- 0
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_AES_256_GCM,
+ 0
};
static const int cipher_priority_suiteb192[] = {
- GNUTLS_CIPHER_AES_256_GCM,
- 0
+ GNUTLS_CIPHER_AES_256_GCM,
+ 0
};
static const int cipher_priority_secure128[] = {
- GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_CAMELLIA_128_GCM,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_CAMELLIA_256_GCM,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- 0
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_AES_256_GCM,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ 0
};
static const int cipher_priority_secure192[] = {
- GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_CAMELLIA_256_GCM,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- 0
+ GNUTLS_CIPHER_AES_256_GCM,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ 0
};
static const int comp_priority[] = {
- /* compression should be explicitly requested to be enabled */
- GNUTLS_COMP_NULL,
- 0
+ /* compression should be explicitly requested to be enabled */
+ GNUTLS_COMP_NULL,
+ 0
};
static const int sign_priority_default[] = {
- GNUTLS_SIGN_RSA_SHA256,
- GNUTLS_SIGN_DSA_SHA256,
- GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_SIGN_ECDSA_SHA256,
- GNUTLS_SIGN_RSA_SHA384,
- GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_ECDSA_SHA384,
- GNUTLS_SIGN_RSA_SHA512,
- GNUTLS_SIGN_ECDSA_SHA512,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_ECDSA_SHA512,
- GNUTLS_SIGN_RSA_SHA224,
- GNUTLS_SIGN_DSA_SHA224,
- GNUTLS_SIGN_ECDSA_SHA224,
+ GNUTLS_SIGN_RSA_SHA224,
+ GNUTLS_SIGN_DSA_SHA224,
+ GNUTLS_SIGN_ECDSA_SHA224,
- GNUTLS_SIGN_RSA_SHA1,
- GNUTLS_SIGN_DSA_SHA1,
- GNUTLS_SIGN_ECDSA_SHA1,
- 0
+ GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_SIGN_DSA_SHA1,
+ GNUTLS_SIGN_ECDSA_SHA1,
+ 0
};
static const int sign_priority_suiteb128[] = {
- GNUTLS_SIGN_ECDSA_SHA256,
- GNUTLS_SIGN_ECDSA_SHA384,
- 0
+ GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_SIGN_ECDSA_SHA384,
+ 0
};
static const int sign_priority_suiteb192[] = {
- GNUTLS_SIGN_ECDSA_SHA384,
- 0
+ GNUTLS_SIGN_ECDSA_SHA384,
+ 0
};
static const int sign_priority_secure128[] = {
- GNUTLS_SIGN_RSA_SHA256,
- GNUTLS_SIGN_DSA_SHA256,
- GNUTLS_SIGN_ECDSA_SHA256,
- GNUTLS_SIGN_RSA_SHA384,
- GNUTLS_SIGN_ECDSA_SHA384,
- GNUTLS_SIGN_RSA_SHA512,
- GNUTLS_SIGN_ECDSA_SHA512,
- 0
+ GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_ECDSA_SHA512,
+ 0
};
static const int sign_priority_secure192[] = {
- GNUTLS_SIGN_RSA_SHA384,
- GNUTLS_SIGN_ECDSA_SHA384,
- GNUTLS_SIGN_RSA_SHA512,
- GNUTLS_SIGN_ECDSA_SHA512,
- 0
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_ECDSA_SHA512,
+ 0
};
static const int mac_priority_normal[] = {
- GNUTLS_MAC_SHA1,
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
- GNUTLS_MAC_AEAD,
- GNUTLS_MAC_MD5,
- 0
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_AEAD,
+ GNUTLS_MAC_MD5,
+ 0
};
static const int mac_priority_suiteb128[] = {
- GNUTLS_MAC_AEAD,
- 0
+ GNUTLS_MAC_AEAD,
+ 0
};
static const int mac_priority_suiteb192[] = {
- GNUTLS_MAC_AEAD,
- 0
+ GNUTLS_MAC_AEAD,
+ 0
};
static const int mac_priority_secure128[] = {
- GNUTLS_MAC_SHA1,
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
- GNUTLS_MAC_AEAD,
- 0
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_AEAD,
+ 0
};
static const int mac_priority_secure192[] = {
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
- GNUTLS_MAC_AEAD,
- 0
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_AEAD,
+ 0
};
static const int cert_type_priority_default[] = {
- GNUTLS_CRT_X509,
- 0
+ GNUTLS_CRT_X509,
+ 0
};
static const int cert_type_priority_all[] = {
- GNUTLS_CRT_X509,
- GNUTLS_CRT_OPENPGP,
- 0
+ GNUTLS_CRT_X509,
+ GNUTLS_CRT_OPENPGP,
+ 0
};
typedef void (rmadd_func) (priority_st * priority_list, unsigned int alg);
-static void
-prio_remove (priority_st * priority_list, unsigned int algo)
+static void prio_remove(priority_st * priority_list, unsigned int algo)
{
- unsigned int i;
-
- for (i=0;i<priority_list->algorithms;i++)
- {
- if (priority_list->priority[i] == algo)
- {
- priority_list->algorithms--;
- if ((priority_list->algorithms-i) > 0)
- memmove(&priority_list->priority[i], &priority_list->priority[i+1], (priority_list->algorithms-i)*sizeof(priority_list->priority[0]));
- priority_list->priority[priority_list->algorithms] = 0;
- break;
- }
- }
-
- return;
+ unsigned int i;
+
+ for (i = 0; i < priority_list->algorithms; i++) {
+ if (priority_list->priority[i] == algo) {
+ priority_list->algorithms--;
+ if ((priority_list->algorithms - i) > 0)
+ memmove(&priority_list->priority[i],
+ &priority_list->priority[i + 1],
+ (priority_list->algorithms -
+ i) *
+ sizeof(priority_list->
+ priority[0]));
+ priority_list->priority[priority_list->
+ algorithms] = 0;
+ break;
+ }
+ }
+
+ return;
}
-static void
-prio_add (priority_st * priority_list, unsigned int algo)
+static void prio_add(priority_st * priority_list, unsigned int algo)
{
- unsigned int i, l = priority_list->algorithms;
+ unsigned int i, l = priority_list->algorithms;
- if (l >= MAX_ALGOS)
- return; /* can't add it anyway */
+ if (l >= MAX_ALGOS)
+ return; /* can't add it anyway */
- for (i = 0; i < l; ++i)
- {
- if (algo == priority_list->priority[i])
- return; /* if it exists */
- }
+ for (i = 0; i < l; ++i) {
+ if (algo == priority_list->priority[i])
+ return; /* if it exists */
+ }
- priority_list->priority[l] = algo;
- priority_list->algorithms++;
+ priority_list->priority[l] = algo;
+ priority_list->algorithms++;
- return;
+ return;
}
@@ -570,33 +557,32 @@ prio_add (priority_st * priority_list, unsigned int algo)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority)
+gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
{
- if (priority == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CIPHER_SUITES;
- }
-
- memcpy (&session->internals.priorities, priority,
- sizeof (struct gnutls_priority_st));
-
- /* set the current version to the first in the chain.
- * This will be overridden later.
- */
- if (session->internals.priorities.protocol.algorithms > 0)
- _gnutls_set_current_version (session,
- session->internals.priorities.protocol.
- priority[0]);
-
- if (session->internals.priorities.protocol.algorithms == 0 ||
- session->internals.priorities.cipher.algorithms == 0 ||
- session->internals.priorities.mac.algorithms == 0 ||
- session->internals.priorities.kx.algorithms == 0 ||
- session->internals.priorities.compression.algorithms == 0)
- return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
-
- return 0;
+ if (priority == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CIPHER_SUITES;
+ }
+
+ memcpy(&session->internals.priorities, priority,
+ sizeof(struct gnutls_priority_st));
+
+ /* set the current version to the first in the chain.
+ * This will be overridden later.
+ */
+ if (session->internals.priorities.protocol.algorithms > 0)
+ _gnutls_set_current_version(session,
+ session->internals.priorities.
+ protocol.priority[0]);
+
+ if (session->internals.priorities.protocol.algorithms == 0 ||
+ session->internals.priorities.cipher.algorithms == 0 ||
+ session->internals.priorities.mac.algorithms == 0 ||
+ session->internals.priorities.kx.algorithms == 0 ||
+ session->internals.priorities.compression.algorithms == 0)
+ return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
+
+ return 0;
}
@@ -614,129 +600,108 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority)
#define LEVEL_EXPORT "EXPORT"
static
-int check_level(const char* level, gnutls_priority_t priority_cache, int add)
+int check_level(const char *level, gnutls_priority_t priority_cache,
+ int add)
{
-bulk_rmadd_func *func;
-
- if (add) func = _add_priority;
- else func = _set_priority;
-
- if (strcasecmp (level, LEVEL_PERFORMANCE) == 0)
- {
- func (&priority_cache->cipher,
- cipher_priority_performance);
- func (&priority_cache->kx, kx_priority_performance);
- func (&priority_cache->mac, mac_priority_normal);
- func (&priority_cache->sign_algo,
- sign_priority_default);
- func (&priority_cache->supported_ecc, supported_ecc_normal);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_NORMAL) == 0)
- {
- func (&priority_cache->cipher, cipher_priority_normal);
- func (&priority_cache->kx, kx_priority_secure);
- func (&priority_cache->mac, mac_priority_normal);
- func (&priority_cache->sign_algo,
- sign_priority_default);
- func (&priority_cache->supported_ecc, supported_ecc_normal);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_PFS) == 0)
- {
- func (&priority_cache->cipher, cipher_priority_normal);
- func (&priority_cache->kx, kx_priority_pfs);
- func (&priority_cache->mac, mac_priority_normal);
- func (&priority_cache->sign_algo,
- sign_priority_default);
- func (&priority_cache->supported_ecc, supported_ecc_normal);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_SECURE256) == 0
- || strcasecmp (level, LEVEL_SECURE192) == 0)
- {
- func (&priority_cache->cipher,
- cipher_priority_secure192);
- func (&priority_cache->kx, kx_priority_secure);
- func (&priority_cache->mac, mac_priority_secure192);
- func (&priority_cache->sign_algo,
- sign_priority_secure192);
- func (&priority_cache->supported_ecc, supported_ecc_secure192);
-
- /* be conservative for now. Set the bits to correspond to 96-bit level */
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_LEGACY;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_SECURE128) == 0
- || strcasecmp (level, "SECURE") == 0)
- {
- func (&priority_cache->cipher,
- cipher_priority_secure128);
- func (&priority_cache->kx, kx_priority_secure);
- func (&priority_cache->mac, mac_priority_secure128);
- func (&priority_cache->sign_algo,
- sign_priority_secure128);
- func (&priority_cache->supported_ecc, supported_ecc_secure128);
-
- /* be conservative for now. Set the bits to correspond to an 72-bit level */
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_WEAK;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_SUITEB128) == 0)
- {
- func (&priority_cache->protocol, protocol_priority_suiteb);
- func (&priority_cache->cipher,
- cipher_priority_suiteb128);
- func (&priority_cache->kx, kx_priority_suiteb);
- func (&priority_cache->mac, mac_priority_suiteb128);
- func (&priority_cache->sign_algo,
- sign_priority_suiteb128);
- func (&priority_cache->supported_ecc, supported_ecc_suiteb128);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_HIGH;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_SUITEB192) == 0)
- {
- func (&priority_cache->protocol, protocol_priority_suiteb);
- func (&priority_cache->cipher,
- cipher_priority_suiteb192);
- func (&priority_cache->kx, kx_priority_suiteb);
- func (&priority_cache->mac, mac_priority_suiteb192);
- func (&priority_cache->sign_algo,
- sign_priority_suiteb192);
- func (&priority_cache->supported_ecc, supported_ecc_suiteb192);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_ULTRA;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_EXPORT) == 0)
- {
- func (&priority_cache->cipher, cipher_priority_performance);
- func (&priority_cache->kx, kx_priority_performance);
- func (&priority_cache->mac, mac_priority_secure128);
- func (&priority_cache->sign_algo,
- sign_priority_default);
- func (&priority_cache->supported_ecc, supported_ecc_normal);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_EXPORT;
- return 1;
- }
- return 0;
+ bulk_rmadd_func *func;
+
+ if (add)
+ func = _add_priority;
+ else
+ func = _set_priority;
+
+ if (strcasecmp(level, LEVEL_PERFORMANCE) == 0) {
+ func(&priority_cache->cipher, cipher_priority_performance);
+ func(&priority_cache->kx, kx_priority_performance);
+ func(&priority_cache->mac, mac_priority_normal);
+ func(&priority_cache->sign_algo, sign_priority_default);
+ func(&priority_cache->supported_ecc, supported_ecc_normal);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_NORMAL) == 0) {
+ func(&priority_cache->cipher, cipher_priority_normal);
+ func(&priority_cache->kx, kx_priority_secure);
+ func(&priority_cache->mac, mac_priority_normal);
+ func(&priority_cache->sign_algo, sign_priority_default);
+ func(&priority_cache->supported_ecc, supported_ecc_normal);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_PFS) == 0) {
+ func(&priority_cache->cipher, cipher_priority_normal);
+ func(&priority_cache->kx, kx_priority_pfs);
+ func(&priority_cache->mac, mac_priority_normal);
+ func(&priority_cache->sign_algo, sign_priority_default);
+ func(&priority_cache->supported_ecc, supported_ecc_normal);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_SECURE256) == 0
+ || strcasecmp(level, LEVEL_SECURE192) == 0) {
+ func(&priority_cache->cipher, cipher_priority_secure192);
+ func(&priority_cache->kx, kx_priority_secure);
+ func(&priority_cache->mac, mac_priority_secure192);
+ func(&priority_cache->sign_algo, sign_priority_secure192);
+ func(&priority_cache->supported_ecc,
+ supported_ecc_secure192);
+
+ /* be conservative for now. Set the bits to correspond to 96-bit level */
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_LEGACY;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_SECURE128) == 0
+ || strcasecmp(level, "SECURE") == 0) {
+ func(&priority_cache->cipher, cipher_priority_secure128);
+ func(&priority_cache->kx, kx_priority_secure);
+ func(&priority_cache->mac, mac_priority_secure128);
+ func(&priority_cache->sign_algo, sign_priority_secure128);
+ func(&priority_cache->supported_ecc,
+ supported_ecc_secure128);
+
+ /* be conservative for now. Set the bits to correspond to an 72-bit level */
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_WEAK;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_SUITEB128) == 0) {
+ func(&priority_cache->protocol, protocol_priority_suiteb);
+ func(&priority_cache->cipher, cipher_priority_suiteb128);
+ func(&priority_cache->kx, kx_priority_suiteb);
+ func(&priority_cache->mac, mac_priority_suiteb128);
+ func(&priority_cache->sign_algo, sign_priority_suiteb128);
+ func(&priority_cache->supported_ecc,
+ supported_ecc_suiteb128);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_HIGH;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_SUITEB192) == 0) {
+ func(&priority_cache->protocol, protocol_priority_suiteb);
+ func(&priority_cache->cipher, cipher_priority_suiteb192);
+ func(&priority_cache->kx, kx_priority_suiteb);
+ func(&priority_cache->mac, mac_priority_suiteb192);
+ func(&priority_cache->sign_algo, sign_priority_suiteb192);
+ func(&priority_cache->supported_ecc,
+ supported_ecc_suiteb192);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_ULTRA;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_EXPORT) == 0) {
+ func(&priority_cache->cipher, cipher_priority_performance);
+ func(&priority_cache->kx, kx_priority_performance);
+ func(&priority_cache->mac, mac_priority_secure128);
+ func(&priority_cache->sign_algo, sign_priority_default);
+ func(&priority_cache->supported_ecc, supported_ecc_normal);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_EXPORT;
+ return 1;
+ }
+ return 0;
}
/**
@@ -814,294 +779,302 @@ bulk_rmadd_func *func;
* %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_priority_init (gnutls_priority_t * priority_cache,
- const char *priorities, const char **err_pos)
+gnutls_priority_init(gnutls_priority_t * priority_cache,
+ const char *priorities, const char **err_pos)
{
- char *broken_list[MAX_ELEMENTS];
- int broken_list_size = 0, i = 0, j;
- char *darg = NULL;
- int algo;
- rmadd_func *fn;
- bulk_rmadd_func *bulk_fn;
-
- *priority_cache = gnutls_calloc (1, sizeof (struct gnutls_priority_st));
- if (*priority_cache == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (err_pos)
- *err_pos = priorities;
-
- /* for now unsafe renegotiation is default on everyone. To be removed
- * when we make it the default.
- */
- (*priority_cache)->sr = SR_PARTIAL;
- (*priority_cache)->ssl3_record_version = 1;
-
-
- (*priority_cache)->max_empty_records = DEFAULT_MAX_EMPTY_RECORDS;
-
- if (priorities == NULL)
- priorities = LEVEL_NORMAL;
-
- darg = gnutls_strdup (priorities);
- if (darg == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- break_comma_list (darg, broken_list, &broken_list_size, MAX_ELEMENTS, ':');
- /* This is our default set of protocol version, certificate types and
- * compression methods.
- */
- if (strcasecmp (broken_list[0], LEVEL_NONE) != 0)
- {
- _set_priority (&(*priority_cache)->protocol, protocol_priority);
- _set_priority (&(*priority_cache)->compression, comp_priority);
- _set_priority (&(*priority_cache)->cert_type, cert_type_priority_default);
- _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
- _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
- i = 0;
- }
- else
- {
- i = 1;
- }
-
- for (; i < broken_list_size; i++)
- {
- if (check_level(broken_list[i], *priority_cache, 0) != 0)
- {
- continue;
- }
- else if (broken_list[i][0] == '!' || broken_list[i][0] == '+'
- || broken_list[i][0] == '-')
- {
- if (broken_list[i][0] == '+')
- {
- fn = prio_add;
- bulk_fn = _add_priority;
- }
- else
- {
- fn = prio_remove;
- bulk_fn = _clear_priorities;
- }
-
- if (broken_list[i][0] == '+' && check_level(&broken_list[i][1], *priority_cache, 1) != 0)
- {
- continue;
- }
- else if ((algo =
- gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN)
- fn (&(*priority_cache)->mac, algo);
- else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) !=
- GNUTLS_CIPHER_UNKNOWN)
- fn (&(*priority_cache)->cipher, algo);
- else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) !=
- GNUTLS_KX_UNKNOWN)
- fn (&(*priority_cache)->kx, algo);
- else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
- {
- bulk_fn (&(*priority_cache)->protocol,
- protocol_priority);
- }
- else if (strncasecmp (&broken_list[i][1], "VERS-DTLS-ALL", 13) == 0)
- {
- bulk_fn (&(*priority_cache)->protocol,
- dtls_protocol_priority);
- }
- else
- {
- if ((algo =
- gnutls_protocol_get_id (&broken_list[i][6])) !=
- GNUTLS_VERSION_UNKNOWN)
- fn (&(*priority_cache)->protocol, algo);
- else
- goto error;
-
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0)
- {
- bulk_fn (&(*priority_cache)->compression,
- comp_priority);
- }
- else
- {
- if ((algo =
- gnutls_compression_get_id (&broken_list[i][6])) !=
- GNUTLS_COMP_UNKNOWN)
- fn (&(*priority_cache)->compression, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "CURVE-", 6) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "CURVE-ALL", 9) == 0)
- {
- bulk_fn (&(*priority_cache)->supported_ecc,
- supported_ecc_normal);
- }
- else
- {
- if ((algo =
- _gnutls_ecc_curve_get_id (&broken_list[i][7])) !=
- GNUTLS_ECC_CURVE_INVALID)
- fn (&(*priority_cache)->supported_ecc, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
- {
- bulk_fn (&(*priority_cache)->cert_type,
- cert_type_priority_all);
- }
- else
- {
- if ((algo =
- gnutls_certificate_type_get_id (&broken_list[i][7])) !=
- GNUTLS_CRT_UNKNOWN)
- fn (&(*priority_cache)->cert_type, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0)
- {
- bulk_fn (&(*priority_cache)->sign_algo,
- sign_priority_default);
- }
- else
- {
- if ((algo =
- gnutls_sign_get_id (&broken_list[i][6])) !=
- GNUTLS_SIGN_UNKNOWN)
- fn (&(*priority_cache)->sign_algo, algo);
- else
- goto error;
- }
- }
- else if (strncasecmp (&broken_list[i][1], "MAC-ALL", 7) == 0)
- {
- bulk_fn (&(*priority_cache)->mac,
- mac_priority_normal);
- }
- else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 10) == 0)
- {
- bulk_fn (&(*priority_cache)->cipher,
- cipher_priority_normal);
- }
- else if (strncasecmp (&broken_list[i][1], "KX-ALL", 6) == 0)
- {
- bulk_fn (&(*priority_cache)->kx,
- kx_priority_secure);
- }
- else
- goto error;
- }
- else if (broken_list[i][0] == '%')
- {
- if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
- {
- ENABLE_COMPAT((*priority_cache));
- }
- else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
- {
- (*priority_cache)->no_extensions = 1;
- }
- else if (strcasecmp (&broken_list[i][1], "STATELESS_COMPRESSION") == 0)
- {
- (*priority_cache)->stateless_compression = 1;
- }
- else if (strcasecmp (&broken_list[i][1],
- "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
- {
- prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5);
- (*priority_cache)->additional_verify_flags |=
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
- }
- else if (strcasecmp (&broken_list[i][1],
- "VERIFY_DISABLE_CRL_CHECKS") == 0)
- {
- (*priority_cache)->additional_verify_flags |=
- GNUTLS_VERIFY_DISABLE_CRL_CHECKS;
- }
- else if (strcasecmp (&broken_list[i][1],
- "SSL3_RECORD_VERSION") == 0)
- (*priority_cache)->ssl3_record_version = 1;
- else if (strcasecmp (&broken_list[i][1],
- "LATEST_RECORD_VERSION") == 0)
- (*priority_cache)->ssl3_record_version = 0;
- else if (strcasecmp (&broken_list[i][1],
- "VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
- (*priority_cache)->additional_verify_flags |=
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
- else if (strcasecmp (&broken_list[i][1],
- "UNSAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_UNSAFE;
- }
- else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_SAFE;
- }
- else if (strcasecmp (&broken_list[i][1],
- "PARTIAL_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_PARTIAL;
- }
- else if (strcasecmp (&broken_list[i][1],
- "DISABLE_SAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_DISABLED;
- }
- else if (strcasecmp (&broken_list[i][1],
- "SERVER_PRECEDENCE") == 0)
- {
- (*priority_cache)->server_precedence = 1;
- }
- else if (strcasecmp (&broken_list[i][1],
- "NEW_PADDING") == 0)
- {
- (*priority_cache)->new_record_padding = 1;
- }
- else
- goto error;
- }
- else
- goto error;
- }
-
- gnutls_free (darg);
- return 0;
-
-error:
- if (err_pos != NULL && i < broken_list_size)
- {
- *err_pos = priorities;
- for (j = 0; j < i; j++)
- {
- (*err_pos) += strlen (broken_list[j]) + 1;
- }
- }
- gnutls_free (darg);
- gnutls_free (*priority_cache);
-
- return GNUTLS_E_INVALID_REQUEST;
+ char *broken_list[MAX_ELEMENTS];
+ int broken_list_size = 0, i = 0, j;
+ char *darg = NULL;
+ int algo;
+ rmadd_func *fn;
+ bulk_rmadd_func *bulk_fn;
+
+ *priority_cache =
+ gnutls_calloc(1, sizeof(struct gnutls_priority_st));
+ if (*priority_cache == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (err_pos)
+ *err_pos = priorities;
+
+ /* for now unsafe renegotiation is default on everyone. To be removed
+ * when we make it the default.
+ */
+ (*priority_cache)->sr = SR_PARTIAL;
+ (*priority_cache)->ssl3_record_version = 1;
+
+
+ (*priority_cache)->max_empty_records = DEFAULT_MAX_EMPTY_RECORDS;
+
+ if (priorities == NULL)
+ priorities = LEVEL_NORMAL;
+
+ darg = gnutls_strdup(priorities);
+ if (darg == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ break_comma_list(darg, broken_list, &broken_list_size,
+ MAX_ELEMENTS, ':');
+ /* This is our default set of protocol version, certificate types and
+ * compression methods.
+ */
+ if (strcasecmp(broken_list[0], LEVEL_NONE) != 0) {
+ _set_priority(&(*priority_cache)->protocol,
+ protocol_priority);
+ _set_priority(&(*priority_cache)->compression,
+ comp_priority);
+ _set_priority(&(*priority_cache)->cert_type,
+ cert_type_priority_default);
+ _set_priority(&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ _set_priority(&(*priority_cache)->supported_ecc,
+ supported_ecc_normal);
+ i = 0;
+ } else {
+ i = 1;
+ }
+
+ for (; i < broken_list_size; i++) {
+ if (check_level(broken_list[i], *priority_cache, 0) != 0) {
+ continue;
+ } else if (broken_list[i][0] == '!'
+ || broken_list[i][0] == '+'
+ || broken_list[i][0] == '-') {
+ if (broken_list[i][0] == '+') {
+ fn = prio_add;
+ bulk_fn = _add_priority;
+ } else {
+ fn = prio_remove;
+ bulk_fn = _clear_priorities;
+ }
+
+ if (broken_list[i][0] == '+'
+ && check_level(&broken_list[i][1],
+ *priority_cache, 1) != 0) {
+ continue;
+ } else if ((algo =
+ gnutls_mac_get_id(&broken_list[i][1]))
+ != GNUTLS_MAC_UNKNOWN)
+ fn(&(*priority_cache)->mac, algo);
+ else if ((algo =
+ gnutls_cipher_get_id(&broken_list[i][1]))
+ != GNUTLS_CIPHER_UNKNOWN)
+ fn(&(*priority_cache)->cipher, algo);
+ else if ((algo =
+ gnutls_kx_get_id(&broken_list[i][1])) !=
+ GNUTLS_KX_UNKNOWN)
+ fn(&(*priority_cache)->kx, algo);
+ else if (strncasecmp
+ (&broken_list[i][1], "VERS-", 5) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "VERS-TLS-ALL",
+ 12) == 0) {
+ bulk_fn(&(*priority_cache)->
+ protocol,
+ protocol_priority);
+ } else
+ if (strncasecmp
+ (&broken_list[i][1],
+ "VERS-DTLS-ALL", 13) == 0) {
+ bulk_fn(&(*priority_cache)->
+ protocol,
+ dtls_protocol_priority);
+ } else {
+ if ((algo =
+ gnutls_protocol_get_id
+ (&broken_list[i][6])) !=
+ GNUTLS_VERSION_UNKNOWN)
+ fn(&(*priority_cache)->
+ protocol, algo);
+ else
+ goto error;
+
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp
+ (&broken_list[i][1], "COMP-", 5) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "COMP-ALL",
+ 8) == 0) {
+ bulk_fn(&(*priority_cache)->
+ compression,
+ comp_priority);
+ } else {
+ if ((algo =
+ gnutls_compression_get_id
+ (&broken_list[i][6])) !=
+ GNUTLS_COMP_UNKNOWN)
+ fn(&(*priority_cache)->
+ compression, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp
+ (&broken_list[i][1], "CURVE-", 6) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "CURVE-ALL",
+ 9) == 0) {
+ bulk_fn(&(*priority_cache)->
+ supported_ecc,
+ supported_ecc_normal);
+ } else {
+ if ((algo =
+ _gnutls_ecc_curve_get_id
+ (&broken_list[i][7])) !=
+ GNUTLS_ECC_CURVE_INVALID)
+ fn(&(*priority_cache)->
+ supported_ecc, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp
+ (&broken_list[i][1], "CTYPE-", 6) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "CTYPE-ALL",
+ 9) == 0) {
+ bulk_fn(&(*priority_cache)->
+ cert_type,
+ cert_type_priority_all);
+ } else {
+ if ((algo =
+ gnutls_certificate_type_get_id
+ (&broken_list[i][7])) !=
+ GNUTLS_CRT_UNKNOWN)
+ fn(&(*priority_cache)->
+ cert_type, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp
+ (&broken_list[i][1], "SIGN-", 5) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "SIGN-ALL",
+ 8) == 0) {
+ bulk_fn(&(*priority_cache)->
+ sign_algo,
+ sign_priority_default);
+ } else {
+ if ((algo =
+ gnutls_sign_get_id
+ (&broken_list[i][6])) !=
+ GNUTLS_SIGN_UNKNOWN)
+ fn(&(*priority_cache)->
+ sign_algo, algo);
+ else
+ goto error;
+ }
+ } else
+ if (strncasecmp
+ (&broken_list[i][1], "MAC-ALL", 7) == 0) {
+ bulk_fn(&(*priority_cache)->mac,
+ mac_priority_normal);
+ } else
+ if (strncasecmp
+ (&broken_list[i][1], "CIPHER-ALL",
+ 10) == 0) {
+ bulk_fn(&(*priority_cache)->cipher,
+ cipher_priority_normal);
+ } else
+ if (strncasecmp
+ (&broken_list[i][1], "KX-ALL", 6) == 0) {
+ bulk_fn(&(*priority_cache)->kx,
+ kx_priority_secure);
+ } else
+ goto error;
+ } else if (broken_list[i][0] == '%') {
+ if (strcasecmp(&broken_list[i][1], "COMPAT") == 0) {
+ ENABLE_COMPAT((*priority_cache));
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "NO_EXTENSIONS") == 0) {
+ (*priority_cache)->no_extensions = 1;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "STATELESS_COMPRESSION") == 0) {
+ (*priority_cache)->stateless_compression =
+ 1;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) {
+ prio_add(&(*priority_cache)->sign_algo,
+ GNUTLS_SIGN_RSA_MD5);
+ (*priority_cache)->
+ additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "VERIFY_DISABLE_CRL_CHECKS") == 0) {
+ (*priority_cache)->
+ additional_verify_flags |=
+ GNUTLS_VERIFY_DISABLE_CRL_CHECKS;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "SSL3_RECORD_VERSION") == 0)
+ (*priority_cache)->ssl3_record_version = 1;
+ else if (strcasecmp(&broken_list[i][1],
+ "LATEST_RECORD_VERSION") == 0)
+ (*priority_cache)->ssl3_record_version = 0;
+ else if (strcasecmp(&broken_list[i][1],
+ "VERIFY_ALLOW_X509_V1_CA_CRT")
+ == 0)
+ (*priority_cache)->
+ additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
+ else if (strcasecmp
+ (&broken_list[i][1],
+ "UNSAFE_RENEGOTIATION") == 0) {
+ (*priority_cache)->sr = SR_UNSAFE;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "SAFE_RENEGOTIATION") == 0) {
+ (*priority_cache)->sr = SR_SAFE;
+ } else if (strcasecmp(&broken_list[i][1],
+ "PARTIAL_RENEGOTIATION") ==
+ 0) {
+ (*priority_cache)->sr = SR_PARTIAL;
+ } else if (strcasecmp(&broken_list[i][1],
+ "DISABLE_SAFE_RENEGOTIATION")
+ == 0) {
+ (*priority_cache)->sr = SR_DISABLED;
+ } else if (strcasecmp(&broken_list[i][1],
+ "SERVER_PRECEDENCE") == 0) {
+ (*priority_cache)->server_precedence = 1;
+ } else if (strcasecmp(&broken_list[i][1],
+ "NEW_PADDING") == 0) {
+ (*priority_cache)->new_record_padding = 1;
+ } else
+ goto error;
+ } else
+ goto error;
+ }
+
+ gnutls_free(darg);
+ return 0;
+
+ error:
+ if (err_pos != NULL && i < broken_list_size) {
+ *err_pos = priorities;
+ for (j = 0; j < i; j++) {
+ (*err_pos) += strlen(broken_list[j]) + 1;
+ }
+ }
+ gnutls_free(darg);
+ gnutls_free(*priority_cache);
+
+ return GNUTLS_E_INVALID_REQUEST;
}
@@ -1111,10 +1084,9 @@ error:
*
* Deinitializes the priority cache.
**/
-void
-gnutls_priority_deinit (gnutls_priority_t priority_cache)
+void gnutls_priority_deinit(gnutls_priority_t priority_cache)
{
- gnutls_free (priority_cache);
+ gnutls_free(priority_cache);
}
@@ -1133,63 +1105,59 @@ gnutls_priority_deinit (gnutls_priority_t priority_cache)
* %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_priority_set_direct (gnutls_session_t session,
- const char *priorities, const char **err_pos)
+gnutls_priority_set_direct(gnutls_session_t session,
+ const char *priorities, const char **err_pos)
{
- gnutls_priority_t prio;
- int ret;
-
- ret = gnutls_priority_init (&prio, priorities, err_pos);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_priority_set (session, prio);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- gnutls_priority_deinit (prio);
-
- return 0;
+ gnutls_priority_t prio;
+ int ret;
+
+ ret = gnutls_priority_init(&prio, priorities, err_pos);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_priority_set(session, prio);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ gnutls_priority_deinit(prio);
+
+ return 0;
}
/* Breaks a list of "xxx", "yyy", to a character array, of
* MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.
*/
static void
-break_comma_list (char *etag,
- char **broken_etag, int *elements, int max_elements,
- char sep)
+break_comma_list(char *etag,
+ char **broken_etag, int *elements, int max_elements,
+ char sep)
{
- char *p = etag;
- if (sep == 0)
- sep = ',';
-
- *elements = 0;
-
- do
- {
- broken_etag[*elements] = p;
-
- (*elements)++;
-
- p = strchr (p, sep);
- if (p)
- {
- *p = 0;
- p++; /* move to next entry and skip white
- * space.
- */
- while (*p == ' ')
- p++;
- }
- }
- while (p != NULL && *elements < max_elements);
+ char *p = etag;
+ if (sep == 0)
+ sep = ',';
+
+ *elements = 0;
+
+ do {
+ broken_etag[*elements] = p;
+
+ (*elements)++;
+
+ p = strchr(p, sep);
+ if (p) {
+ *p = 0;
+ p++; /* move to next entry and skip white
+ * space.
+ */
+ while (*p == ' ')
+ p++;
+ }
+ }
+ while (p != NULL && *elements < max_elements);
}
/**
@@ -1211,10 +1179,9 @@ break_comma_list (char *etag,
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_set_default_priority (gnutls_session_t session)
+int gnutls_set_default_priority(gnutls_session_t session)
{
- return gnutls_priority_set_direct (session, "NORMAL", NULL);
+ return gnutls_priority_set_direct(session, "NORMAL", NULL);
}
/**
@@ -1236,10 +1203,9 @@ gnutls_set_default_priority (gnutls_session_t session)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_set_default_export_priority (gnutls_session_t session)
+int gnutls_set_default_export_priority(gnutls_session_t session)
{
- return gnutls_priority_set_direct (session, "EXPORT", NULL);
+ return gnutls_priority_set_direct(session, "EXPORT", NULL);
}
/**
@@ -1254,13 +1220,14 @@ gnutls_set_default_export_priority (gnutls_session_t session)
* Since: 3.0
**/
int
-gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->supported_ecc.algorithms == 0)
- return 0;
-
- *list = pcache->supported_ecc.priority;
- return pcache->supported_ecc.algorithms;
+ if (pcache->supported_ecc.algorithms == 0)
+ return 0;
+
+ *list = pcache->supported_ecc.priority;
+ return pcache->supported_ecc.algorithms;
}
/**
@@ -1275,13 +1242,14 @@ gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** l
* Since: 3.2.3
**/
int
-gnutls_priority_kx_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_kx_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->kx.algorithms == 0)
- return 0;
-
- *list = pcache->kx.priority;
- return pcache->kx.algorithms;
+ if (pcache->kx.algorithms == 0)
+ return 0;
+
+ *list = pcache->kx.priority;
+ return pcache->kx.algorithms;
}
/**
@@ -1296,13 +1264,14 @@ gnutls_priority_kx_list (gnutls_priority_t pcache, const unsigned int** list)
* Since: 3.2.3
**/
int
-gnutls_priority_cipher_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_cipher_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->cipher.algorithms == 0)
- return 0;
-
- *list = pcache->cipher.priority;
- return pcache->cipher.algorithms;
+ if (pcache->cipher.algorithms == 0)
+ return 0;
+
+ *list = pcache->cipher.priority;
+ return pcache->cipher.algorithms;
}
/**
@@ -1317,13 +1286,14 @@ gnutls_priority_cipher_list (gnutls_priority_t pcache, const unsigned int** list
* Since: 3.2.3
**/
int
-gnutls_priority_mac_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_mac_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->mac.algorithms == 0)
- return 0;
-
- *list = pcache->mac.priority;
- return pcache->mac.algorithms;
+ if (pcache->mac.algorithms == 0)
+ return 0;
+
+ *list = pcache->mac.priority;
+ return pcache->mac.algorithms;
}
/**
@@ -1338,13 +1308,14 @@ gnutls_priority_mac_list (gnutls_priority_t pcache, const unsigned int** list)
* Since: 3.0
**/
int
-gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_compression_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->compression.algorithms == 0)
- return 0;
-
- *list = pcache->compression.priority;
- return pcache->compression.algorithms;
+ if (pcache->compression.algorithms == 0)
+ return 0;
+
+ *list = pcache->compression.priority;
+ return pcache->compression.algorithms;
}
/**
@@ -1359,13 +1330,14 @@ gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned int**
* Since: 3.0
**/
int
-gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_protocol_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->protocol.algorithms == 0)
- return 0;
-
- *list = pcache->protocol.priority;
- return pcache->protocol.algorithms;
+ if (pcache->protocol.algorithms == 0)
+ return 0;
+
+ *list = pcache->protocol.priority;
+ return pcache->protocol.algorithms;
}
/**
@@ -1380,13 +1352,14 @@ gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int** li
* Since: 3.0
**/
int
-gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_sign_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->sign_algo.algorithms == 0)
- return 0;
-
- *list = pcache->sign_algo.priority;
- return pcache->sign_algo.algorithms;
+ if (pcache->sign_algo.algorithms == 0)
+ return 0;
+
+ *list = pcache->sign_algo.priority;
+ return pcache->sign_algo.algorithms;
}
/**
@@ -1401,11 +1374,12 @@ gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list)
* Since: 3.0
**/
int
-gnutls_priority_certificate_type_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_certificate_type_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->cert_type.algorithms == 0)
- return 0;
-
- *list = pcache->cert_type.priority;
- return pcache->cert_type.algorithms;
+ if (pcache->cert_type.algorithms == 0)
+ return 0;
+
+ *list = pcache->cert_type.priority;
+ return pcache->cert_type.algorithms;
}
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 1436b16e89..febd8f028e 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -47,10 +47,9 @@
*
* Since: 2.12.0
**/
-gnutls_privkey_type_t
-gnutls_privkey_get_type (gnutls_privkey_t key)
+gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key)
{
- return key->type;
+ return key->type;
}
/**
@@ -68,157 +67,161 @@ gnutls_privkey_get_type (gnutls_privkey_t key)
* Since: 2.12.0
**/
int
-gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits)
+gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, unsigned int *bits)
{
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_get_pk_algorithm (key->key.openpgp, bits);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_get_pk_algorithm(key->key.
+ openpgp,
+ bits);
#endif
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_get_pk_algorithm (key->key.pkcs11, bits);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.
+ pkcs11,
+ bits);
#endif
- case GNUTLS_PRIVKEY_X509:
- if (bits)
- *bits = _gnutls_mpi_get_nbits (key->key.x509->params.params[0]);
- return gnutls_x509_privkey_get_pk_algorithm (key->key.x509);
- case GNUTLS_PRIVKEY_EXT:
- if (bits)
- *bits = 0;
- return key->pk_algorithm;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_X509:
+ if (bits)
+ *bits =
+ _gnutls_mpi_get_nbits(key->key.x509->params.
+ params[0]);
+ return gnutls_x509_privkey_get_pk_algorithm(key->key.x509);
+ case GNUTLS_PRIVKEY_EXT:
+ if (bits)
+ *bits = 0;
+ return key->pk_algorithm;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
static int
-privkey_to_pubkey (gnutls_pk_algorithm_t pk,
- const gnutls_pk_params_st* priv,
- gnutls_pk_params_st* pub)
+privkey_to_pubkey(gnutls_pk_algorithm_t pk,
+ const gnutls_pk_params_st * priv,
+ gnutls_pk_params_st * pub)
{
- int ret;
-
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
- pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
-
- pub->params_nr = RSA_PUBLIC_PARAMS;
-
- if (pub->params[0] == NULL || pub->params[1] == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- break;
- case GNUTLS_PK_DSA:
- pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
- pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
- pub->params[2] = _gnutls_mpi_copy (priv->params[2]);
- pub->params[3] = _gnutls_mpi_copy (priv->params[3]);
-
- pub->params_nr = DSA_PUBLIC_PARAMS;
-
- if (pub->params[0] == NULL || pub->params[1] == NULL ||
- pub->params[2] == NULL || pub->params[3] == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- break;
- case GNUTLS_PK_EC:
- pub->params[ECC_X] = _gnutls_mpi_copy (priv->params[ECC_X]);
- pub->params[ECC_Y] = _gnutls_mpi_copy (priv->params[ECC_Y]);
-
- pub->params_nr = ECC_PUBLIC_PARAMS;
- pub->flags = priv->flags;
-
- if (pub->params[ECC_X] == NULL || pub->params[ECC_Y] == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-cleanup:
- gnutls_pk_params_release(pub);
- return ret;
+ int ret;
+
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ pub->params[0] = _gnutls_mpi_copy(priv->params[0]);
+ pub->params[1] = _gnutls_mpi_copy(priv->params[1]);
+
+ pub->params_nr = RSA_PUBLIC_PARAMS;
+
+ if (pub->params[0] == NULL || pub->params[1] == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ break;
+ case GNUTLS_PK_DSA:
+ pub->params[0] = _gnutls_mpi_copy(priv->params[0]);
+ pub->params[1] = _gnutls_mpi_copy(priv->params[1]);
+ pub->params[2] = _gnutls_mpi_copy(priv->params[2]);
+ pub->params[3] = _gnutls_mpi_copy(priv->params[3]);
+
+ pub->params_nr = DSA_PUBLIC_PARAMS;
+
+ if (pub->params[0] == NULL || pub->params[1] == NULL ||
+ pub->params[2] == NULL || pub->params[3] == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ break;
+ case GNUTLS_PK_EC:
+ pub->params[ECC_X] = _gnutls_mpi_copy(priv->params[ECC_X]);
+ pub->params[ECC_Y] = _gnutls_mpi_copy(priv->params[ECC_Y]);
+
+ pub->params_nr = ECC_PUBLIC_PARAMS;
+ pub->flags = priv->flags;
+
+ if (pub->params[ECC_X] == NULL
+ || pub->params[ECC_Y] == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+ cleanup:
+ gnutls_pk_params_release(pub);
+ return ret;
}
/* Returns the public key of the private key (if possible)
*/
int
-_gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
- gnutls_pk_params_st * params)
+_gnutls_privkey_get_public_mpis(gnutls_privkey_t key,
+ gnutls_pk_params_st * params)
{
- int ret;
- gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm (key, NULL);
+ int ret;
+ gnutls_pk_algorithm_t pk =
+ gnutls_privkey_get_pk_algorithm(key, NULL);
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- {
- gnutls_pk_params_st tmp_params;
- uint32_t kid[2];
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret =
- gnutls_openpgp_privkey_get_preferred_key_id (key->key.openpgp,
- keyid);
- if (ret == 0)
- {
- KEYID_IMPORT (kid, keyid);
- ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, kid,
- &tmp_params);
- }
- else
- ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, NULL,
- &tmp_params);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = privkey_to_pubkey (pk,
- &tmp_params,
- params);
-
- gnutls_pk_params_release(&tmp_params);
- }
-
- break;
+ case GNUTLS_PRIVKEY_OPENPGP:
+ {
+ gnutls_pk_params_st tmp_params;
+ uint32_t kid[2];
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret =
+ gnutls_openpgp_privkey_get_preferred_key_id
+ (key->key.openpgp, keyid);
+ if (ret == 0) {
+ KEYID_IMPORT(kid, keyid);
+ ret =
+ _gnutls_openpgp_privkey_get_mpis(key->
+ key.
+ openpgp,
+ kid,
+ &tmp_params);
+ } else
+ ret =
+ _gnutls_openpgp_privkey_get_mpis(key->
+ key.
+ openpgp,
+ NULL,
+ &tmp_params);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = privkey_to_pubkey(pk, &tmp_params, params);
+
+ gnutls_pk_params_release(&tmp_params);
+ }
+
+ break;
#endif
- case GNUTLS_PRIVKEY_X509:
- ret = privkey_to_pubkey (pk,
- &key->key.x509->params,
- params);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return ret;
+ case GNUTLS_PRIVKEY_X509:
+ ret = privkey_to_pubkey(pk,
+ &key->key.x509->params, params);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return ret;
}
/**
@@ -232,17 +235,15 @@ _gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
*
* Since: 2.12.0
**/
-int
-gnutls_privkey_init (gnutls_privkey_t * key)
+int gnutls_privkey_init(gnutls_privkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (struct gnutls_privkey_st));
- if (*key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *key = gnutls_calloc(1, sizeof(struct gnutls_privkey_st));
+ if (*key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -253,45 +254,47 @@ gnutls_privkey_init (gnutls_privkey_t * key)
*
* Since: 2.12.0
**/
-void
-gnutls_privkey_deinit (gnutls_privkey_t key)
+void gnutls_privkey_deinit(gnutls_privkey_t key)
{
- if (key == NULL) return;
+ if (key == NULL)
+ return;
- if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
- switch (key->type)
- {
+ if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- gnutls_openpgp_privkey_deinit (key->key.openpgp);
- break;
+ case GNUTLS_PRIVKEY_OPENPGP:
+ gnutls_openpgp_privkey_deinit(key->key.openpgp);
+ break;
#endif
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
- break;
+ case GNUTLS_PRIVKEY_PKCS11:
+ gnutls_pkcs11_privkey_deinit(key->key.pkcs11);
+ break;
#endif
- case GNUTLS_PRIVKEY_X509:
- gnutls_x509_privkey_deinit (key->key.x509);
- break;
- case GNUTLS_PRIVKEY_EXT:
- if (key->key.ext.deinit_func != NULL)
- key->key.ext.deinit_func(key, key->key.ext.userdata);
- break;
- default:
- break;
- }
- gnutls_free (key);
+ case GNUTLS_PRIVKEY_X509:
+ gnutls_x509_privkey_deinit(key->key.x509);
+ break;
+ case GNUTLS_PRIVKEY_EXT:
+ if (key->key.ext.deinit_func != NULL)
+ key->key.ext.deinit_func(key,
+ key->key.ext.
+ userdata);
+ break;
+ default:
+ break;
+ }
+ gnutls_free(key);
}
/* will fail if the private key contains an actual key.
*/
static int check_if_clean(gnutls_privkey_t key)
{
- if (key->type != 0)
- return GNUTLS_E_INVALID_REQUEST;
+ if (key->type != 0)
+ return GNUTLS_E_INVALID_REQUEST;
- return 0;
+ return 0;
}
#ifdef ENABLE_PKCS11
@@ -317,30 +320,32 @@ static int check_if_clean(gnutls_privkey_t key)
* Since: 2.12.0
**/
int
-gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t key, unsigned int flags)
+gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags)
{
-int ret;
+ int ret;
- ret = check_if_clean(pkey);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
+ ret = check_if_clean(pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- pkey->key.pkcs11 = key;
- pkey->type = GNUTLS_PRIVKEY_PKCS11;
- pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
- pkey->flags = flags;
+ pkey->key.pkcs11 = key;
+ pkey->type = GNUTLS_PRIVKEY_PKCS11;
+ pkey->pk_algorithm =
+ gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL);
+ pkey->flags = flags;
- if (pkey->pin.data)
- gnutls_pkcs11_privkey_set_pin_function(key, pkey->pin.cb, pkey->pin.data);
+ if (pkey->pin.data)
+ gnutls_pkcs11_privkey_set_pin_function(key, pkey->pin.cb,
+ pkey->pin.data);
- return 0;
+ return 0;
}
/**
@@ -356,45 +361,44 @@ int ret;
*
* Since: 3.1.0
**/
-int
-gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url)
+int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url)
{
- gnutls_pkcs11_privkey_t pkey;
- int ret;
-
- ret = gnutls_pkcs11_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (key->pin.cb)
- gnutls_pkcs11_privkey_set_pin_function(pkey, key->pin.cb, key->pin.data);
-
- ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_privkey_import_pkcs11 (key, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_pkcs11_privkey_deinit (pkey);
-
- return ret;
+ gnutls_pkcs11_privkey_t pkey;
+ int ret;
+
+ ret = gnutls_pkcs11_privkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (key->pin.cb)
+ gnutls_pkcs11_privkey_set_pin_function(pkey, key->pin.cb,
+ key->pin.data);
+
+ ret = gnutls_pkcs11_privkey_import_url(pkey, url, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_import_pkcs11(key, pkey,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_pkcs11_privkey_deinit(pkey);
+
+ return ret;
}
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
/**
* gnutls_privkey_import_ext:
@@ -417,15 +421,15 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_privkey_import_ext (gnutls_privkey_t pkey,
- gnutls_pk_algorithm_t pk,
- void* userdata,
- gnutls_privkey_sign_func sign_func,
- gnutls_privkey_decrypt_func decrypt_func,
- unsigned int flags)
+gnutls_privkey_import_ext(gnutls_privkey_t pkey,
+ gnutls_pk_algorithm_t pk,
+ void *userdata,
+ gnutls_privkey_sign_func sign_func,
+ gnutls_privkey_decrypt_func decrypt_func,
+ unsigned int flags)
{
- return gnutls_privkey_import_ext2( pkey, pk, userdata, sign_func, decrypt_func,
- NULL, flags);
+ return gnutls_privkey_import_ext2(pkey, pk, userdata, sign_func,
+ decrypt_func, NULL, flags);
}
/**
@@ -454,39 +458,38 @@ gnutls_privkey_import_ext (gnutls_privkey_t pkey,
* Since: 3.1
**/
int
-gnutls_privkey_import_ext2 (gnutls_privkey_t pkey,
- gnutls_pk_algorithm_t pk,
- void* userdata,
- gnutls_privkey_sign_func sign_func,
- gnutls_privkey_decrypt_func decrypt_func,
- gnutls_privkey_deinit_func deinit_func,
- unsigned int flags)
+gnutls_privkey_import_ext2(gnutls_privkey_t pkey,
+ gnutls_pk_algorithm_t pk,
+ void *userdata,
+ gnutls_privkey_sign_func sign_func,
+ gnutls_privkey_decrypt_func decrypt_func,
+ gnutls_privkey_deinit_func deinit_func,
+ unsigned int flags)
{
-int ret;
-
- ret = check_if_clean(pkey);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- if (sign_func == NULL && decrypt_func == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- pkey->key.ext.sign_func = sign_func;
- pkey->key.ext.decrypt_func = decrypt_func;
- pkey->key.ext.deinit_func = deinit_func;
- pkey->key.ext.userdata = userdata;
- pkey->type = GNUTLS_PRIVKEY_EXT;
- pkey->pk_algorithm = pk;
- pkey->flags = flags;
-
- /* Ensure gnutls_privkey_deinit() calls the deinit_func */
- if (deinit_func)
- pkey->flags |= GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE;
-
- return 0;
+ int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (sign_func == NULL && decrypt_func == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ pkey->key.ext.sign_func = sign_func;
+ pkey->key.ext.decrypt_func = decrypt_func;
+ pkey->key.ext.deinit_func = deinit_func;
+ pkey->key.ext.userdata = userdata;
+ pkey->type = GNUTLS_PRIVKEY_EXT;
+ pkey->pk_algorithm = pk;
+ pkey->flags = flags;
+
+ /* Ensure gnutls_privkey_deinit() calls the deinit_func */
+ if (deinit_func)
+ pkey->flags |= GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE;
+
+ return 0;
}
/**
@@ -510,39 +513,35 @@ int ret;
* Since: 2.12.0
**/
int
-gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
- gnutls_x509_privkey_t key, unsigned int flags)
+gnutls_privkey_import_x509(gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key, unsigned int flags)
{
-int ret;
-
- ret = check_if_clean(pkey);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
- {
- ret = gnutls_x509_privkey_init(&pkey->key.x509);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
- if (ret < 0)
- {
- gnutls_x509_privkey_deinit(pkey->key.x509);
- return gnutls_assert_val(ret);
- }
- }
- else
- pkey->key.x509 = key;
-
- pkey->type = GNUTLS_PRIVKEY_X509;
- pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
- pkey->flags = flags;
-
- return 0;
+ int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) {
+ ret = gnutls_x509_privkey_init(&pkey->key.x509);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
+ if (ret < 0) {
+ gnutls_x509_privkey_deinit(pkey->key.x509);
+ return gnutls_assert_val(ret);
+ }
+ } else
+ pkey->key.x509 = key;
+
+ pkey->type = GNUTLS_PRIVKEY_X509;
+ pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key);
+ pkey->flags = flags;
+
+ return 0;
}
#ifdef ENABLE_OPENPGP
@@ -568,56 +567,53 @@ int ret;
* Since: 2.12.0
**/
int
-gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t key,
- unsigned int flags)
+gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags)
{
-int ret, idx;
-uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret = check_if_clean(pkey);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
- {
- ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
- if (ret < 0)
- {
- gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
- return gnutls_assert_val(ret);
- }
- }
- else
- pkey->key.openpgp = key;
-
- pkey->type = GNUTLS_PRIVKEY_OPENPGP;
-
- ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
- if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
- {
- pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
- }
- else
- {
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
-
- pkey->pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
- }
-
- pkey->flags = flags;
-
- return 0;
+ int ret, idx;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret = check_if_clean(pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) {
+ ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
+ if (ret < 0) {
+ gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
+ return gnutls_assert_val(ret);
+ }
+ } else
+ pkey->key.openpgp = key;
+
+ pkey->type = GNUTLS_PRIVKEY_OPENPGP;
+
+ ret = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR) {
+ pkey->pk_algorithm =
+ gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ } else {
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+
+ pkey->pk_algorithm =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm(key,
+ idx,
+ NULL);
+ }
+
+ pkey->flags = flags;
+
+ return 0;
}
/**
@@ -636,49 +632,51 @@ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
*
* Since: 3.1.0
**/
-int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const gnutls_openpgp_keyid_t keyid,
- const char* password)
+int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const gnutls_openpgp_keyid_t keyid,
+ const char *password)
{
- gnutls_openpgp_privkey_t xpriv;
- int ret;
-
- ret = gnutls_openpgp_privkey_init(&xpriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_privkey_import(xpriv, data, format, password, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if(keyid)
- {
- ret = gnutls_openpgp_privkey_set_preferred_key_id(xpriv, keyid);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = gnutls_privkey_import_openpgp(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_openpgp_privkey_deinit(xpriv);
-
- return ret;
+ gnutls_openpgp_privkey_t xpriv;
+ int ret;
+
+ ret = gnutls_openpgp_privkey_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_openpgp_privkey_import(xpriv, data, format, password,
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (keyid) {
+ ret =
+ gnutls_openpgp_privkey_set_preferred_key_id(xpriv,
+ keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ gnutls_privkey_import_openpgp(pkey, xpriv,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_openpgp_privkey_deinit(xpriv);
+
+ return ret;
}
#endif
@@ -704,47 +702,46 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_privkey_sign_data (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+gnutls_privkey_sign_data(gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
- int ret;
- gnutls_datum_t digest;
- const mac_entry_st* me = mac_to_entry(hash);
-
- if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = pk_hash_data (signer->pk_algorithm, me, NULL, data, &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = pk_prepare_hash (signer->pk_algorithm, me, &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_privkey_sign_raw_data (signer, flags, &digest, signature);
- _gnutls_free_datum (&digest);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum (&digest);
- return ret;
+ int ret;
+ gnutls_datum_t digest;
+ const mac_entry_st *me = mac_to_entry(hash);
+
+ if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = pk_hash_data(signer->pk_algorithm, me, NULL, data, &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = pk_prepare_hash(signer->pk_algorithm, me, &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_sign_raw_data(signer, flags, &digest,
+ signature);
+ _gnutls_free_datum(&digest);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&digest);
+ return ret;
}
/**
@@ -772,46 +769,48 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_privkey_sign_hash (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature)
+gnutls_privkey_sign_hash(gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
{
- int ret;
- gnutls_datum_t digest;
-
- if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
- return gnutls_privkey_sign_raw_data (signer, flags, hash_data, signature);
-
- digest.data = gnutls_malloc (hash_data->size);
- if (digest.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- digest.size = hash_data->size;
- memcpy (digest.data, hash_data->data, digest.size);
-
- ret = pk_prepare_hash (signer->pk_algorithm, mac_to_entry(hash_algo), &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_privkey_sign_raw_data (signer, flags, &digest, signature);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&digest);
- return ret;
+ int ret;
+ gnutls_datum_t digest;
+
+ if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
+ return gnutls_privkey_sign_raw_data(signer, flags,
+ hash_data, signature);
+
+ digest.data = gnutls_malloc(hash_data->size);
+ if (digest.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ digest.size = hash_data->size;
+ memcpy(digest.data, hash_data->data, digest.size);
+
+ ret =
+ pk_prepare_hash(signer->pk_algorithm, mac_to_entry(hash_algo),
+ &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_sign_raw_data(signer, flags, &digest,
+ signature);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&digest);
+ return ret;
}
/**
@@ -836,34 +835,35 @@ cleanup:
* Since: 3.1.10
**/
int
-gnutls_privkey_sign_raw_data (gnutls_privkey_t key,
- unsigned flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
+ unsigned flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
- data, signature);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_sign_hash(key->key.openpgp,
+ data, signature);
#endif
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
- data, signature);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return _gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11,
+ data, signature);
#endif
- case GNUTLS_PRIVKEY_X509:
- return _gnutls_pk_sign (key->key.x509->pk_algorithm,
- signature, data, &key->key.x509->params);
- case GNUTLS_PRIVKEY_EXT:
- if (key->key.ext.sign_func == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return key->key.ext.sign_func(key, key->key.ext.userdata, data, signature);
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_pk_sign(key->key.x509->pk_algorithm,
+ signature, data,
+ &key->key.x509->params);
+ case GNUTLS_PRIVKEY_EXT:
+ if (key->key.ext.sign_func == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return key->key.ext.sign_func(key, key->key.ext.userdata,
+ data, signature);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -882,36 +882,41 @@ gnutls_privkey_sign_raw_data (gnutls_privkey_t key,
* Since: 2.12.0
**/
int
-gnutls_privkey_decrypt_data (gnutls_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+gnutls_privkey_decrypt_data(gnutls_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return _gnutls_openpgp_privkey_decrypt_data (key->key.openpgp, flags,
- ciphertext, plaintext);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return _gnutls_openpgp_privkey_decrypt_data(key->key.
+ openpgp, flags,
+ ciphertext,
+ plaintext);
#endif
- case GNUTLS_PRIVKEY_X509:
- return _gnutls_pk_decrypt (key->pk_algorithm, plaintext, ciphertext,
- &key->key.x509->params);
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_pk_decrypt(key->pk_algorithm, plaintext,
+ ciphertext,
+ &key->key.x509->params);
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- return _gnutls_pkcs11_privkey_decrypt_data (key->key.pkcs11,
- flags,
- ciphertext, plaintext);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return _gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11,
+ flags,
+ ciphertext,
+ plaintext);
#endif
- case GNUTLS_PRIVKEY_EXT:
- if (key->key.ext.decrypt_func == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- return key->key.ext.decrypt_func(key, key->key.ext.userdata, ciphertext, plaintext);
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_EXT:
+ if (key->key.ext.decrypt_func == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ return key->key.ext.decrypt_func(key,
+ key->key.ext.userdata,
+ ciphertext, plaintext);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -933,38 +938,41 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key,
*
* Since: 3.1.0
**/
-int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags)
+int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags)
{
- gnutls_x509_privkey_t xpriv;
- int ret;
-
- ret = gnutls_x509_privkey_init(&xpriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_privkey_import2(xpriv, data, format, password, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_privkey_import_x509(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_x509_privkey_deinit(xpriv);
-
- return ret;
+ gnutls_x509_privkey_t xpriv;
+ int ret;
+
+ ret = gnutls_x509_privkey_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_privkey_import2(xpriv, data, format, password,
+ flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_import_x509(pkey, xpriv,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_x509_privkey_deinit(xpriv);
+
+ return ret;
}
/**
@@ -983,23 +991,25 @@ cleanup:
* Since: 3.1.0
**/
int
-gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned int flags)
+gnutls_privkey_import_url(gnutls_privkey_t key, const char *url,
+ unsigned int flags)
{
- if (strncmp(url, "pkcs11:", 7) == 0)
+ if (strncmp(url, "pkcs11:", 7) == 0)
#ifdef ENABLE_PKCS11
- return gnutls_privkey_import_pkcs11_url(key, url);
+ return gnutls_privkey_import_pkcs11_url(key, url);
#else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#endif
- if (strncmp(url, "tpmkey:", 7) == 0)
+ if (strncmp(url, "tpmkey:", 7) == 0)
#ifdef HAVE_TROUSERS
- return gnutls_privkey_import_tpm_url(key, url, NULL, NULL, 0);
+ return gnutls_privkey_import_tpm_url(key, url, NULL, NULL,
+ 0);
#else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#endif
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
/**
@@ -1018,11 +1028,12 @@ gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned int f
* Since: 3.1.0
*
**/
-void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
- gnutls_pin_callback_t fn, void *userdata)
+void gnutls_privkey_set_pin_function(gnutls_privkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- key->pin.cb = fn;
- key->pin.data = userdata;
+ key->pin.cb = fn;
+ key->pin.data = userdata;
}
/**
@@ -1040,16 +1051,14 @@ void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
* Since: 3.1.10
*
**/
-int
-gnutls_privkey_status (gnutls_privkey_t key)
+int gnutls_privkey_status(gnutls_privkey_t key)
{
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_status (key->key.pkcs11);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_status(key->key.pkcs11);
#endif
- default:
- return 1;
- }
+ default:
+ return 1;
+ }
}
diff --git a/lib/gnutls_psk.c b/lib/gnutls_psk.c
index 496e94fac5..5765e86050 100644
--- a/lib/gnutls_psk.c
+++ b/lib/gnutls_psk.c
@@ -42,12 +42,11 @@
* This structure is complex enough to manipulate directly thus this
* helper function is provided in order to free (deallocate) it.
**/
-void
-gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
+void gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc)
{
- _gnutls_free_datum (&sc->username);
- _gnutls_free_datum (&sc->key);
- gnutls_free (sc);
+ _gnutls_free_datum(&sc->username);
+ _gnutls_free_datum(&sc->key);
+ gnutls_free(sc);
}
/**
@@ -61,14 +60,15 @@ gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
* an error code is returned.
**/
int
-gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
+gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (psk_client_credentials_st));
+ *sc = gnutls_calloc(1, sizeof(psk_client_credentials_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
/**
@@ -90,60 +90,55 @@ gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
* an error code is returned.
**/
int
-gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
- const char *username,
- const gnutls_datum_t * key,
- gnutls_psk_key_flags flags)
+gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res,
+ const char *username,
+ const gnutls_datum_t * key,
+ gnutls_psk_key_flags flags)
{
- int ret;
-
- if (username == NULL || key == NULL || key->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_set_datum (&res->username, username, strlen (username));
- if (ret < 0)
- return ret;
-
- if (flags == GNUTLS_PSK_KEY_RAW)
- {
- if (_gnutls_set_datum (&res->key, key->data, key->size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- }
- else
- { /* HEX key */
- size_t size;
- size = res->key.size = key->size / 2;
- res->key.data = gnutls_malloc (size);
- if (res->key.data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- ret = gnutls_hex_decode (key, (char *) res->key.data, &size);
- res->key.size = (unsigned int) size;
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- }
-
- return 0;
-
-error:
- _gnutls_free_datum (&res->username);
-
- return ret;
+ int ret;
+
+ if (username == NULL || key == NULL || key->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_set_datum(&res->username, username, strlen(username));
+ if (ret < 0)
+ return ret;
+
+ if (flags == GNUTLS_PSK_KEY_RAW) {
+ if (_gnutls_set_datum(&res->key, key->data, key->size) < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ } else { /* HEX key */
+ size_t size;
+ size = res->key.size = key->size / 2;
+ res->key.data = gnutls_malloc(size);
+ if (res->key.data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ ret =
+ gnutls_hex_decode(key, (char *) res->key.data, &size);
+ res->key.size = (unsigned int) size;
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ }
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(&res->username);
+
+ return ret;
}
/**
@@ -153,11 +148,10 @@ error:
* This structure is complex enough to manipulate directly thus this
* helper function is provided in order to free (deallocate) it.
**/
-void
-gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc)
+void gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc)
{
- gnutls_free (sc->password_file);
- gnutls_free (sc);
+ gnutls_free(sc->password_file);
+ gnutls_free(sc);
}
/**
@@ -171,14 +165,15 @@ gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc)
* an error code is returned.
**/
int
-gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc)
+gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (psk_server_cred_st));
+ *sc = gnutls_calloc(1, sizeof(psk_server_cred_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
@@ -195,31 +190,28 @@ gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc)
* an error code is returned.
**/
int
-gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
- res, const char *password_file)
+gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
+ res, const char *password_file)
{
- if (password_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the files can be opened */
- if (_gnutls_file_exists (password_file) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- res->password_file = gnutls_strdup (password_file);
- if (res->password_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ if (password_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the files can be opened */
+ if (_gnutls_file_exists(password_file) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ res->password_file = gnutls_strdup(password_file);
+ if (res->password_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -238,17 +230,16 @@ gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
* Since: 2.4.0
**/
int
-gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res,
- const char *hint)
+gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t res,
+ const char *hint)
{
- res->hint = gnutls_strdup (hint);
- if (res->hint == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ res->hint = gnutls_strdup(hint);
+ if (res->hint == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -272,12 +263,12 @@ gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res,
* an error.
**/
void
-gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
- cred,
- gnutls_psk_server_credentials_function
- * func)
+gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t
+ cred,
+ gnutls_psk_server_credentials_function
+ * func)
{
- cred->pwd_callback = func;
+ cred->pwd_callback = func;
}
/**
@@ -301,12 +292,12 @@ gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
* -1 indicates an error.
**/
void
-gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
- cred,
- gnutls_psk_client_credentials_function
- * func)
+gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t
+ cred,
+ gnutls_psk_client_credentials_function
+ * func)
{
- cred->get_function = func;
+ cred->get_function = func;
}
@@ -319,21 +310,20 @@ gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
*
* Returns: the username of the peer, or %NULL in case of an error.
**/
-const char *
-gnutls_psk_server_get_username (gnutls_session_t session)
+const char *gnutls_psk_server_get_username(gnutls_session_t session)
{
- psk_auth_info_t info;
+ psk_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_PSK, NULL);
+ CHECK_AUTH(GNUTLS_CRD_PSK, NULL);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return NULL;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
- if (info->username[0] != 0)
- return info->username;
+ if (info->username[0] != 0)
+ return info->username;
- return NULL;
+ return NULL;
}
/**
@@ -348,21 +338,20 @@ gnutls_psk_server_get_username (gnutls_session_t session)
*
* Since: 2.4.0
**/
-const char *
-gnutls_psk_client_get_hint (gnutls_session_t session)
+const char *gnutls_psk_client_get_hint(gnutls_session_t session)
{
- psk_auth_info_t info;
+ psk_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_PSK, NULL);
+ CHECK_AUTH(GNUTLS_CRD_PSK, NULL);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return NULL;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
- if (info->hint[0] != 0)
- return info->hint;
+ if (info->hint[0] != 0)
+ return info->hint;
- return NULL;
+ return NULL;
}
/**
@@ -375,10 +364,10 @@ gnutls_psk_client_get_hint (gnutls_session_t session)
* Diffie-Hellman exchange with PSK cipher suites.
**/
void
-gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
- gnutls_dh_params_t dh_params)
+gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
+ gnutls_dh_params_t dh_params)
{
- res->dh_params = dh_params;
+ res->dh_params = dh_params;
}
/**
@@ -391,10 +380,10 @@ gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
* should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res,
- gnutls_params_function * func)
+gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t res,
+ gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index f27caa6477..f2a871ca19 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -42,19 +42,18 @@
#define OPENPGP_KEY_SUBKEY 1
-int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params)
+int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params)
{
- switch(pk)
- {
- case GNUTLS_PK_RSA:
- return _gnutls_mpi_get_nbits(params->params[0]);
- case GNUTLS_PK_DSA:
- return _gnutls_mpi_get_nbits(params->params[3]);
- case GNUTLS_PK_EC:
- return gnutls_ecc_curve_get_size(params->flags)*8;
- default:
- return 0;
- }
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ return _gnutls_mpi_get_nbits(params->params[0]);
+ case GNUTLS_PK_DSA:
+ return _gnutls_mpi_get_nbits(params->params[3]);
+ case GNUTLS_PK_EC:
+ return gnutls_ecc_curve_get_size(params->flags) * 8;
+ default:
+ return 0;
+ }
}
/**
@@ -71,13 +70,12 @@ int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits)
+int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, unsigned int *bits)
{
- if (bits)
- *bits = key->bits;
+ if (bits)
+ *bits = key->bits;
- return key->pk_algorithm;
+ return key->pk_algorithm;
}
/**
@@ -92,13 +90,12 @@ gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage)
+int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage)
{
- if (usage)
- *usage = key->key_usage;
+ if (usage)
+ *usage = key->key_usage;
- return 0;
+ return 0;
}
/**
@@ -112,17 +109,15 @@ gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_init (gnutls_pubkey_t * key)
+int gnutls_pubkey_init(gnutls_pubkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (struct gnutls_pubkey_st));
- if (*key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *key = gnutls_calloc(1, sizeof(struct gnutls_pubkey_st));
+ if (*key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -133,13 +128,12 @@ gnutls_pubkey_init (gnutls_pubkey_t * key)
*
* Since: 2.12.0
**/
-void
-gnutls_pubkey_deinit (gnutls_pubkey_t key)
+void gnutls_pubkey_deinit(gnutls_pubkey_t key)
{
- if (!key)
- return;
- gnutls_pk_params_release (&key->params);
- gnutls_free (key);
+ if (!key)
+ return;
+ gnutls_pk_params_release(&key->params);
+ gnutls_free(key);
}
/**
@@ -157,25 +151,25 @@ gnutls_pubkey_deinit (gnutls_pubkey_t key)
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
- unsigned int flags)
+gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt,
+ unsigned int flags)
{
- int ret;
+ int ret;
- key->pk_algorithm = gnutls_x509_crt_get_pk_algorithm (crt, &key->bits);
+ key->pk_algorithm =
+ gnutls_x509_crt_get_pk_algorithm(crt, &key->bits);
- ret = gnutls_x509_crt_get_key_usage (crt, &key->key_usage, NULL);
- if (ret < 0)
- key->key_usage = 0;
+ ret = gnutls_x509_crt_get_key_usage(crt, &key->key_usage, NULL);
+ if (ret < 0)
+ key->key_usage = 0;
- ret = _gnutls_x509_crt_get_mpis (crt, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_crt_get_mpis(crt, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -193,25 +187,25 @@ gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
* Since: 3.1.5
**/
int
-gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq,
- unsigned int flags)
+gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq,
+ unsigned int flags)
{
- int ret;
+ int ret;
- key->pk_algorithm = gnutls_x509_crq_get_pk_algorithm (crq, &key->bits);
+ key->pk_algorithm =
+ gnutls_x509_crq_get_pk_algorithm(crq, &key->bits);
- ret = gnutls_x509_crq_get_key_usage (crq, &key->key_usage, NULL);
- if (ret < 0)
- key->key_usage = 0;
+ ret = gnutls_x509_crq_get_key_usage(crq, &key->key_usage, NULL);
+ if (ret < 0)
+ key->key_usage = 0;
- ret = _gnutls_x509_crq_get_mpis (crq, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_crq_get_mpis(crq, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -230,14 +224,15 @@ gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq,
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
- unsigned int usage, unsigned int flags)
+gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey,
+ unsigned int usage, unsigned int flags)
{
- key->pk_algorithm = gnutls_privkey_get_pk_algorithm (pkey, &key->bits);
+ key->pk_algorithm =
+ gnutls_privkey_get_pk_algorithm(pkey, &key->bits);
- key->key_usage = usage;
+ key->key_usage = usage;
- return _gnutls_privkey_get_public_mpis (pkey, &key->params);
+ return _gnutls_privkey_get_public_mpis(pkey, &key->params);
}
/**
@@ -259,23 +254,21 @@ gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_pk_get_hash_algorithm (key->pk_algorithm,
- &key->params,
- hash, mand);
+ ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm,
+ &key->params, hash, mand);
- return ret;
+ return ret;
}
#ifdef ENABLE_PKCS11
@@ -295,83 +288,78 @@ gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
- gnutls_pkcs11_obj_t obj, unsigned int flags)
+gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
+ gnutls_pkcs11_obj_t obj, unsigned int flags)
{
- int ret, type;
-
- type = gnutls_pkcs11_obj_get_type (obj);
- if (type != GNUTLS_PKCS11_OBJ_PUBKEY && type != GNUTLS_PKCS11_OBJ_X509_CRT)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (type == GNUTLS_PKCS11_OBJ_X509_CRT)
- {
- gnutls_x509_crt_t xcrt;
-
- ret = gnutls_x509_crt_init (&xcrt);
- if (ret < 0)
- {
- gnutls_assert()
- return ret;
- }
-
- ret = gnutls_x509_crt_import_pkcs11 (xcrt, obj);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup_crt;
- }
-
- ret = gnutls_pubkey_import_x509 (key, xcrt, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup_crt;
- }
-
- gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, NULL);
-
- ret = 0;
-cleanup_crt:
- gnutls_x509_crt_deinit(xcrt);
- return ret;
- }
-
- key->key_usage = obj->key_usage;
-
- switch (obj->pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- ret = gnutls_pubkey_import_rsa_raw (key, &obj->pubkey[0],
- &obj->pubkey[1]);
- break;
- case GNUTLS_PK_DSA:
- ret = gnutls_pubkey_import_dsa_raw (key, &obj->pubkey[0],
- &obj->pubkey[1],
- &obj->pubkey[2], &obj->pubkey[3]);
- break;
- case GNUTLS_PK_EC:
- ret = gnutls_pubkey_import_ecc_x962 (key, &obj->pubkey[0],
- &obj->pubkey[1]);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret, type;
+
+ type = gnutls_pkcs11_obj_get_type(obj);
+ if (type != GNUTLS_PKCS11_OBJ_PUBKEY
+ && type != GNUTLS_PKCS11_OBJ_X509_CRT) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (type == GNUTLS_PKCS11_OBJ_X509_CRT) {
+ gnutls_x509_crt_t xcrt;
+
+ ret = gnutls_x509_crt_init(&xcrt);
+ if (ret < 0) {
+ gnutls_assert()
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_import_pkcs11(xcrt, obj);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup_crt;
+ }
+
+ ret = gnutls_pubkey_import_x509(key, xcrt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup_crt;
+ }
+
+ gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, NULL);
+
+ ret = 0;
+ cleanup_crt:
+ gnutls_x509_crt_deinit(xcrt);
+ return ret;
+ }
+
+ key->key_usage = obj->key_usage;
+
+ switch (obj->pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ ret = gnutls_pubkey_import_rsa_raw(key, &obj->pubkey[0],
+ &obj->pubkey[1]);
+ break;
+ case GNUTLS_PK_DSA:
+ ret = gnutls_pubkey_import_dsa_raw(key, &obj->pubkey[0],
+ &obj->pubkey[1],
+ &obj->pubkey[2],
+ &obj->pubkey[3]);
+ break;
+ case GNUTLS_PK_EC:
+ ret = gnutls_pubkey_import_ecc_x962(key, &obj->pubkey[0],
+ &obj->pubkey[1]);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
#ifdef ENABLE_OPENPGP
@@ -392,69 +380,75 @@ cleanup_crt:
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
- gnutls_openpgp_crt_t crt,
- unsigned int flags)
+gnutls_pubkey_import_openpgp(gnutls_pubkey_t key,
+ gnutls_openpgp_crt_t crt, unsigned int flags)
{
- int ret, idx;
- uint32_t kid32[2];
- uint32_t *k;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- size_t len;
-
- len = sizeof(key->openpgp_key_fpr);
- ret = gnutls_openpgp_crt_get_fingerprint(crt, key->openpgp_key_fpr, &len);
- if (ret < 0)
- return gnutls_assert_val(ret);
- key->openpgp_key_fpr_set = 1;
-
- ret = gnutls_openpgp_crt_get_preferred_key_id (crt, keyid);
- if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
- {
- key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt, &key->bits);
- key->openpgp_key_id_set = OPENPGP_KEY_PRIMARY;
-
- ret = gnutls_openpgp_crt_get_key_id(crt, key->openpgp_key_id);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage);
- if (ret < 0)
- key->key_usage = 0;
-
- k = NULL;
- }
- else
- {
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- key->openpgp_key_id_set = OPENPGP_KEY_SUBKEY;
-
- KEYID_IMPORT (kid32, keyid);
- k = kid32;
-
- idx = gnutls_openpgp_crt_get_subkey_idx (crt, keyid);
-
- ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, key->openpgp_key_id);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_crt_get_subkey_usage (crt, idx, &key->key_usage);
- if (ret < 0)
- key->key_usage = 0;
-
- key->pk_algorithm = gnutls_openpgp_crt_get_subkey_pk_algorithm (crt, idx, NULL);
- }
-
- ret =
- _gnutls_openpgp_crt_get_mpis (crt, k, &key->params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ int ret, idx;
+ uint32_t kid32[2];
+ uint32_t *k;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ size_t len;
+
+ len = sizeof(key->openpgp_key_fpr);
+ ret =
+ gnutls_openpgp_crt_get_fingerprint(crt, key->openpgp_key_fpr,
+ &len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ key->openpgp_key_fpr_set = 1;
+
+ ret = gnutls_openpgp_crt_get_preferred_key_id(crt, keyid);
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR) {
+ key->pk_algorithm =
+ gnutls_openpgp_crt_get_pk_algorithm(crt, &key->bits);
+ key->openpgp_key_id_set = OPENPGP_KEY_PRIMARY;
+
+ ret =
+ gnutls_openpgp_crt_get_key_id(crt,
+ key->openpgp_key_id);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_openpgp_crt_get_key_usage(crt, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ k = NULL;
+ } else {
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ key->openpgp_key_id_set = OPENPGP_KEY_SUBKEY;
+
+ KEYID_IMPORT(kid32, keyid);
+ k = kid32;
+
+ idx = gnutls_openpgp_crt_get_subkey_idx(crt, keyid);
+
+ ret =
+ gnutls_openpgp_crt_get_subkey_id(crt, idx,
+ key->openpgp_key_id);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_openpgp_crt_get_subkey_usage(crt, idx,
+ &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ key->pk_algorithm =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, idx,
+ NULL);
+ }
+
+ ret = _gnutls_openpgp_crt_get_mpis(crt, k, &key->params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
/**
@@ -483,54 +477,54 @@ gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
* Since: 3.0
**/
int
-gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size,
- unsigned int *subkey)
+gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t key, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size,
+ unsigned int *subkey)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT)
- {
- if (*output_data_size < sizeof(key->openpgp_key_fpr))
- {
- *output_data_size = sizeof(key->openpgp_key_fpr);
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- }
-
- if (key->openpgp_key_fpr_set == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (output_data)
- memcpy(output_data, key->openpgp_key_fpr, sizeof(key->openpgp_key_fpr));
- *output_data_size = sizeof(key->openpgp_key_fpr);
-
- return 0;
- }
-
- if (*output_data_size < sizeof(key->openpgp_key_id))
- {
- *output_data_size = sizeof(key->openpgp_key_id);
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- }
-
- if (key->openpgp_key_id_set == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (key->openpgp_key_id_set == OPENPGP_KEY_SUBKEY)
- if (subkey) *subkey = 1;
-
- if (output_data)
- {
- memcpy(output_data, key->openpgp_key_id, sizeof(key->openpgp_key_id));
- }
- *output_data_size = sizeof(key->openpgp_key_id);
-
- return 0;
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT) {
+ if (*output_data_size < sizeof(key->openpgp_key_fpr)) {
+ *output_data_size = sizeof(key->openpgp_key_fpr);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_SHORT_MEMORY_BUFFER);
+ }
+
+ if (key->openpgp_key_fpr_set == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (output_data)
+ memcpy(output_data, key->openpgp_key_fpr,
+ sizeof(key->openpgp_key_fpr));
+ *output_data_size = sizeof(key->openpgp_key_fpr);
+
+ return 0;
+ }
+
+ if (*output_data_size < sizeof(key->openpgp_key_id)) {
+ *output_data_size = sizeof(key->openpgp_key_id);
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ }
+
+ if (key->openpgp_key_id_set == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (key->openpgp_key_id_set == OPENPGP_KEY_SUBKEY)
+ if (subkey)
+ *subkey = 1;
+
+ if (output_data) {
+ memcpy(output_data, key->openpgp_key_id,
+ sizeof(key->openpgp_key_id));
+ }
+ *output_data_size = sizeof(key->openpgp_key_id);
+
+ return 0;
}
/**
@@ -549,49 +543,46 @@ gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags,
*
* Since: 3.1.3
**/
-int gnutls_pubkey_import_openpgp_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+int gnutls_pubkey_import_openpgp_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
- gnutls_openpgp_crt_t xpriv;
- int ret;
-
- ret = gnutls_openpgp_crt_init(&xpriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_crt_import(xpriv, data, format);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if(keyid)
- {
- ret = gnutls_openpgp_crt_set_preferred_key_id(xpriv, keyid);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = gnutls_pubkey_import_openpgp(pkey, xpriv, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_openpgp_crt_deinit(xpriv);
-
- return ret;
+ gnutls_openpgp_crt_t xpriv;
+ int ret;
+
+ ret = gnutls_openpgp_crt_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_openpgp_crt_import(xpriv, data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (keyid) {
+ ret =
+ gnutls_openpgp_crt_set_preferred_key_id(xpriv, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = gnutls_pubkey_import_openpgp(pkey, xpriv, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_openpgp_crt_deinit(xpriv);
+
+ return ret;
}
#endif
@@ -621,52 +612,49 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_pubkey_export (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_pubkey_export(gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- _gnutls_x509_encode_and_copy_PKI_params (spk, "",
- key->pk_algorithm,
- &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_export_int_named (spk, "",
- format, PK_PEM_HEADER,
- output_data, output_data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
-
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_encode_and_copy_PKI_params(spk, "",
+ key->pk_algorithm,
+ &key->params);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_export_int_named(spk, "",
+ format, PK_PEM_HEADER,
+ output_data,
+ output_data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ return result;
}
/**
@@ -690,51 +678,47 @@ cleanup:
* Since: 3.1.3
**/
int
-gnutls_pubkey_export2 (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out)
+gnutls_pubkey_export2(gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- _gnutls_x509_encode_and_copy_PKI_params (spk, "",
- key->pk_algorithm,
- &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_export_int_named2 (spk, "",
- format, PK_PEM_HEADER, out);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
-
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_encode_and_copy_PKI_params(spk, "",
+ key->pk_algorithm,
+ &key->params);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_export_int_named2(spk, "",
+ format, PK_PEM_HEADER,
+ out);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ return result;
}
/**
@@ -760,28 +744,26 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int ret = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- _gnutls_get_key_id (key->pk_algorithm, &key->params,
- output_data, output_data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_get_key_id(key->pk_algorithm, &key->params,
+ output_data, output_data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -799,39 +781,35 @@ gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e)
+gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_mpi_dprint_lz (key->params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint_lz (key->params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(key->params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(key->params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -851,65 +829,59 @@ gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm != GNUTLS_PK_DSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint_lz (key->params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint_lz (key->params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- return ret;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint_lz (key->params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- return ret;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ return ret;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -928,43 +900,40 @@ gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
* Since: 3.0
**/
int
-gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
- gnutls_datum_t * x, gnutls_datum_t * y)
+gnutls_pubkey_get_pk_ecc_raw(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t * curve,
+ gnutls_datum_t * x, gnutls_datum_t * y)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm != GNUTLS_PK_EC)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- *curve = key->params.flags;
-
- /* X */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X], x);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (x);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_EC) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *curve = key->params.flags;
+
+ /* X */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_X], x);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_Y], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(x);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -981,26 +950,26 @@ gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
*
* Since: 3.0
**/
-int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* parameters,
- gnutls_datum_t * ecpoint)
+int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key,
+ gnutls_datum_t * parameters,
+ gnutls_datum_t * ecpoint)
{
- int ret;
-
- if (key == NULL || key->pk_algorithm != GNUTLS_PK_EC)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = _gnutls_x509_write_ecc_pubkey(&key->params, ecpoint);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_x509_write_ecc_params(&key->params, parameters);
- if (ret < 0)
- {
- _gnutls_free_datum(ecpoint);
- return gnutls_assert_val(ret);
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL || key->pk_algorithm != GNUTLS_PK_EC)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = _gnutls_x509_write_ecc_pubkey(&key->params, ecpoint);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_x509_write_ecc_params(&key->params, parameters);
+ if (ret < 0) {
+ _gnutls_free_datum(ecpoint);
+ return gnutls_assert_val(ret);
+ }
+
+ return 0;
}
/**
@@ -1021,78 +990,73 @@ int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* paramete
* Since: 2.12.0
**/
int
-gnutls_pubkey_import (gnutls_pubkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_pubkey_import(gnutls_pubkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
- ASN1_TYPE spk;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header */
- result =
- _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&spk, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = _gnutls_get_asn_mpis (spk, "", &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* this has already been called by get_asn_mpis() thus it cannot
- * fail.
- */
- key->pk_algorithm = _gnutls_x509_get_pk_algorithm (spk, "", NULL);
- key->bits = pubkey_to_bits(key->pk_algorithm, &key->params);
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
-
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+ ASN1_TYPE spk;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PK_PEM_HEADER, data->data,
+ data->size, &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding(&spk, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = _gnutls_get_asn_mpis(spk, "", &key->params);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* this has already been called by get_asn_mpis() thus it cannot
+ * fail.
+ */
+ key->pk_algorithm = _gnutls_x509_get_pk_algorithm(spk, "", NULL);
+ key->bits = pubkey_to_bits(key->pk_algorithm, &key->params);
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/**
@@ -1108,32 +1072,29 @@ cleanup:
*
* Since: 2.12.0
**/
-int
-gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key)
+int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key)
{
- int result;
+ int result;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- key->pk_algorithm,
- &key->params);
+ result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (key->key_usage)
- gnutls_x509_crt_set_key_usage (crt, key->key_usage);
+ if (key->key_usage)
+ gnutls_x509_crt_set_key_usage(crt, key->key_usage);
- return 0;
+ return 0;
}
/**
@@ -1149,32 +1110,29 @@ gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key)
*
* Since: 2.12.0
**/
-int
-gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key)
+int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key)
{
- int result;
+ int result;
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_encode_and_copy_PKI_params
- (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- key->pk_algorithm, &key->params);
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ key->pk_algorithm, &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (key->key_usage)
- gnutls_x509_crq_set_key_usage (crq, key->key_usage);
+ if (key->key_usage)
+ gnutls_x509_crq_set_key_usage(crq, key->key_usage);
- return 0;
+ return 0;
}
/**
@@ -1191,12 +1149,11 @@ gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage)
+int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage)
{
- key->key_usage = usage;
+ key->key_usage = usage;
- return 0;
+ return 0;
}
#ifdef ENABLE_PKCS11
@@ -1216,45 +1173,43 @@ gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage)
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
+ unsigned int flags)
{
- gnutls_pkcs11_obj_t pcrt;
- int ret;
-
- ret = gnutls_pkcs11_obj_init (&pcrt);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (key->pin.cb)
- gnutls_pkcs11_obj_set_pin_function(pcrt, key->pin.cb, key->pin.data);
-
- ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_pkcs11 (key, pcrt, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-cleanup:
-
- gnutls_pkcs11_obj_deinit (pcrt);
-
- return ret;
+ gnutls_pkcs11_obj_t pcrt;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_init(&pcrt);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (key->pin.cb)
+ gnutls_pkcs11_obj_set_pin_function(pcrt, key->pin.cb,
+ key->pin.data);
+
+ ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_pkcs11(key, pcrt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+
+ gnutls_pkcs11_obj_deinit(pcrt);
+
+ return ret;
}
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
/**
* gnutls_pubkey_import_url:
@@ -1271,24 +1226,24 @@ cleanup:
* Since: 3.1.0
**/
int
-gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url,
+ unsigned int flags)
{
- if (strncmp(url, "pkcs11:", 7) == 0)
+ if (strncmp(url, "pkcs11:", 7) == 0)
#ifdef ENABLE_PKCS11
- return gnutls_pubkey_import_pkcs11_url(key, url, flags);
+ return gnutls_pubkey_import_pkcs11_url(key, url, flags);
#else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#endif
- if (strncmp(url, "tpmkey:", 7) == 0)
+ if (strncmp(url, "tpmkey:", 7) == 0)
#ifdef HAVE_TROUSERS
- return gnutls_pubkey_import_tpm_url(key, url, NULL, 0);
+ return gnutls_pubkey_import_tpm_url(key, url, NULL, 0);
#else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#endif
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
/**
@@ -1306,40 +1261,37 @@ gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e)
+gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
{
- size_t siz = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- gnutls_pk_params_init(&key->params);
-
- siz = m->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[0], m->data, siz))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = e->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[1], e->data, siz))
- {
- gnutls_assert ();
- _gnutls_mpi_release (&key->params.params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- key->params.params_nr = RSA_PUBLIC_PARAMS;
- key->pk_algorithm = GNUTLS_PK_RSA;
- key->bits = pubkey_to_bits(GNUTLS_PK_RSA, &key->params);
-
- return 0;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ gnutls_pk_params_init(&key->params);
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[0], m->data, siz)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[1], e->data, siz)) {
+ gnutls_assert();
+ _gnutls_mpi_release(&key->params.params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ key->params.params_nr = RSA_PUBLIC_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
+ key->bits = pubkey_to_bits(GNUTLS_PK_RSA, &key->params);
+
+ return 0;
}
/**
@@ -1358,43 +1310,42 @@ gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
* Since: 3.0
**/
int
-gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y)
+gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t curve,
+ const gnutls_datum_t * x,
+ const gnutls_datum_t * y)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- key->params.flags = curve;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_X], x->data, x->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_Y], y->data, y->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
- key->pk_algorithm = GNUTLS_PK_EC;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->params.flags = curve;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_X], x->data, x->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_Y], y->data, y->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+ key->pk_algorithm = GNUTLS_PK_EC;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
/**
@@ -1412,43 +1363,42 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key,
- const gnutls_datum_t * parameters,
- const gnutls_datum_t * ecpoint)
+gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
+ const gnutls_datum_t * parameters,
+ const gnutls_datum_t * ecpoint)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- key->params.params_nr = 0;
-
- ret = _gnutls_x509_read_ecc_params(parameters->data, parameters->size,
- &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_ecc_ansi_x963_import(ecpoint->data, ecpoint->size,
- &key->params.params[ECC_X], &key->params.params[ECC_Y]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- key->params.params_nr+=2;
- key->pk_algorithm = GNUTLS_PK_EC;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->params.params_nr = 0;
+
+ ret =
+ _gnutls_x509_read_ecc_params(parameters->data,
+ parameters->size, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_ecc_ansi_x963_import(ecpoint->data, ecpoint->size,
+ &key->params.params[ECC_X],
+ &key->params.params[ECC_Y]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ key->params.params_nr += 2;
+ key->pk_algorithm = GNUTLS_PK_EC;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
/**
@@ -1469,61 +1419,56 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y)
+gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y)
{
- size_t siz = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- gnutls_pk_params_init(&key->params);
-
- siz = p->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[0], p->data, siz))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = q->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[1], q->data, siz))
- {
- gnutls_assert ();
- _gnutls_mpi_release (&key->params.params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = g->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[2], g->data, siz))
- {
- gnutls_assert ();
- _gnutls_mpi_release (&key->params.params[1]);
- _gnutls_mpi_release (&key->params.params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = y->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[3], y->data, siz))
- {
- gnutls_assert ();
- _gnutls_mpi_release (&key->params.params[2]);
- _gnutls_mpi_release (&key->params.params[1]);
- _gnutls_mpi_release (&key->params.params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- key->params.params_nr = DSA_PUBLIC_PARAMS;
- key->pk_algorithm = GNUTLS_PK_DSA;
- key->bits = pubkey_to_bits(GNUTLS_PK_DSA, &key->params);
-
- return 0;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ gnutls_pk_params_init(&key->params);
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[0], p->data, siz)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[1], q->data, siz)) {
+ gnutls_assert();
+ _gnutls_mpi_release(&key->params.params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[2], g->data, siz)) {
+ gnutls_assert();
+ _gnutls_mpi_release(&key->params.params[1]);
+ _gnutls_mpi_release(&key->params.params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[3], y->data, siz)) {
+ gnutls_assert();
+ _gnutls_mpi_release(&key->params.params[2]);
+ _gnutls_mpi_release(&key->params.params[1]);
+ _gnutls_mpi_release(&key->params.params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ key->params.params_nr = DSA_PUBLIC_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->bits = pubkey_to_bits(GNUTLS_PK_DSA, &key->params);
+
+ return 0;
}
@@ -1546,34 +1491,32 @@ gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
* Since: 2.12.0
**/
int
-gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_data(gnutls_pubkey_t pubkey, unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
- int ret;
- gnutls_digest_algorithm_t hash;
-
- if (pubkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = gnutls_pubkey_get_verify_algorithm (pubkey, signature, &hash);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = pubkey_verify_data( pubkey->pk_algorithm, mac_to_entry(hash),
- data, signature, &pubkey->params);
- if (ret < 0)
- {
- gnutls_assert();
- }
-
- return ret;
+ int ret;
+ gnutls_digest_algorithm_t hash;
+
+ if (pubkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = gnutls_pubkey_get_verify_algorithm(pubkey, signature, &hash);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = pubkey_verify_data(pubkey->pk_algorithm, mac_to_entry(hash),
+ data, signature, &pubkey->params);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
/**
@@ -1593,33 +1536,31 @@ gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags,
* Since: 3.0
**/
int
-gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
+ gnutls_sign_algorithm_t algo,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
- int ret;
- const mac_entry_st* me;
-
- if (pubkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
- ret = pubkey_verify_data( pubkey->pk_algorithm, me,
- data, signature, &pubkey->params);
- if (ret < 0)
- {
- gnutls_assert();
- }
-
- return ret;
+ int ret;
+ const mac_entry_st *me;
+
+ if (pubkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
+ ret = pubkey_verify_data(pubkey->pk_algorithm, me,
+ data, signature, &pubkey->params);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
@@ -1642,19 +1583,22 @@ gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
* Since: 2.12.0
**/
int
-gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
-gnutls_digest_algorithm_t algo;
-int ret;
-
- ret = gnutls_pubkey_get_verify_algorithm (key, signature, &algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return gnutls_pubkey_verify_hash2(key, gnutls_pk_to_sign(key->pk_algorithm, algo),
- flags, hash, signature);
+ gnutls_digest_algorithm_t algo;
+ int ret;
+
+ ret = gnutls_pubkey_get_verify_algorithm(key, signature, &algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return gnutls_pubkey_verify_hash2(key,
+ gnutls_pk_to_sign(key->
+ pk_algorithm,
+ algo), flags,
+ hash, signature);
}
/**
@@ -1674,30 +1618,28 @@ int ret;
* Since: 3.0
**/
int
-gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
+ gnutls_sign_algorithm_t algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
- const mac_entry_st* me;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
- {
- return _gnutls_pk_verify (GNUTLS_PK_RSA, hash, signature, &key->params);
- }
- else
- {
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
- return pubkey_verify_hashed_data (key->pk_algorithm, me,
- hash, signature, &key->params);
- }
+ const mac_entry_st *me;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) {
+ return _gnutls_pk_verify(GNUTLS_PK_RSA, hash, signature,
+ &key->params);
+ } else {
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
+ return pubkey_verify_hashed_data(key->pk_algorithm, me,
+ hash, signature,
+ &key->params);
+ }
}
/**
@@ -1716,18 +1658,17 @@ gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
* Since: 3.0
**/
int
-gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * plaintext,
- gnutls_datum_t * ciphertext)
+gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * plaintext,
+ gnutls_datum_t * ciphertext)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_pk_encrypt (key->pk_algorithm, ciphertext,
- plaintext, &key->params);
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_pk_encrypt(key->pk_algorithm, ciphertext,
+ plaintext, &key->params);
}
/**
@@ -1745,19 +1686,18 @@ gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_verify_algorithm (hash, signature,
- key->pk_algorithm,
- &key->params);
+ return _gnutls_x509_verify_algorithm(hash, signature,
+ key->pk_algorithm,
+ &key->params);
}
@@ -1766,68 +1706,75 @@ gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
* it may be null.
*/
int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
- gnutls_pubkey_t pubkey,
- const version_entry_st* ver,
- gnutls_sign_algorithm_t sign)
+ gnutls_pubkey_t pubkey,
+ const version_entry_st * ver,
+ gnutls_sign_algorithm_t sign)
{
-unsigned int hash_size;
-unsigned int sig_hash_size;
-const mac_entry_st* me;
-
- if (pubkey->pk_algorithm == GNUTLS_PK_DSA)
- {
- me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size);
-
- /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
- if (!_gnutls_version_has_selectable_sighash (ver))
- {
- if (me->id != GNUTLS_MAC_SHA1)
- return gnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
- }
- else if (sign != GNUTLS_SIGN_UNKNOWN)
- {
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign));
- sig_hash_size = _gnutls_hash_get_algo_len(me);
- if (sig_hash_size < hash_size)
- _gnutls_audit_log(session, "The hash size used in signature (%u) is less than the expected (%u)\n", sig_hash_size, hash_size);
- }
-
- }
- else if (pubkey->pk_algorithm == GNUTLS_PK_EC)
- {
- if (_gnutls_version_has_selectable_sighash (ver) && sign != GNUTLS_SIGN_UNKNOWN)
- {
- me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size);
-
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign));
- sig_hash_size = _gnutls_hash_get_algo_len(me);
-
- if (sig_hash_size < hash_size)
- _gnutls_audit_log(session, "The hash size used in signature (%u) is less than the expected (%u)\n", sig_hash_size, hash_size);
- }
-
- }
-
- return 0;
+ unsigned int hash_size;
+ unsigned int sig_hash_size;
+ const mac_entry_st *me;
+
+ if (pubkey->pk_algorithm == GNUTLS_PK_DSA) {
+ me = _gnutls_dsa_q_to_hash(pubkey->pk_algorithm,
+ &pubkey->params, &hash_size);
+
+ /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
+ if (!_gnutls_version_has_selectable_sighash(ver)) {
+ if (me->id != GNUTLS_MAC_SHA1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
+ } else if (sign != GNUTLS_SIGN_UNKNOWN) {
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm
+ (sign));
+ sig_hash_size = _gnutls_hash_get_algo_len(me);
+ if (sig_hash_size < hash_size)
+ _gnutls_audit_log(session,
+ "The hash size used in signature (%u) is less than the expected (%u)\n",
+ sig_hash_size,
+ hash_size);
+ }
+
+ } else if (pubkey->pk_algorithm == GNUTLS_PK_EC) {
+ if (_gnutls_version_has_selectable_sighash(ver)
+ && sign != GNUTLS_SIGN_UNKNOWN) {
+ me = _gnutls_dsa_q_to_hash(pubkey->pk_algorithm,
+ &pubkey->params,
+ &hash_size);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm
+ (sign));
+ sig_hash_size = _gnutls_hash_get_algo_len(me);
+
+ if (sig_hash_size < hash_size)
+ _gnutls_audit_log(session,
+ "The hash size used in signature (%u) is less than the expected (%u)\n",
+ sig_hash_size,
+ hash_size);
+ }
+
+ }
+
+ return 0;
}
/* Returns zero if the public key has more than 512 bits */
int _gnutls_pubkey_is_over_rsa_512(gnutls_pubkey_t pubkey)
{
- if (pubkey->pk_algorithm == GNUTLS_PK_RSA && _gnutls_mpi_get_nbits (pubkey->params.params[0]) > 512)
- return 0;
- else
- return GNUTLS_E_INVALID_REQUEST; /* doesn't matter */
+ if (pubkey->pk_algorithm == GNUTLS_PK_RSA
+ && _gnutls_mpi_get_nbits(pubkey->params.params[0]) > 512)
+ return 0;
+ else
+ return GNUTLS_E_INVALID_REQUEST; /* doesn't matter */
}
/* Returns the public key.
*/
int
-_gnutls_pubkey_get_mpis (gnutls_pubkey_t key,
- gnutls_pk_params_st * params)
+_gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params)
{
- return _gnutls_pk_params_copy(params, &key->params);
+ return _gnutls_pk_params_copy(params, &key->params);
}
/* if hash==MD5 then we do RSA-MD5
@@ -1836,252 +1783,242 @@ _gnutls_pubkey_get_mpis (gnutls_pubkey_t key,
* params[1] is public key
*/
static int
-_pkcs1_rsa_verify_sig (const mac_entry_st* me,
- const gnutls_datum_t * text,
- const gnutls_datum_t * prehash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * params)
+_pkcs1_rsa_verify_sig(const mac_entry_st * me,
+ const gnutls_datum_t * text,
+ const gnutls_datum_t * prehash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * params)
{
- int ret;
- uint8_t md[MAX_HASH_SIZE], *cmp;
- unsigned int digest_size;
- gnutls_datum_t d, di;
- digest_hd_st hd;
-
- digest_size = _gnutls_hash_get_algo_len (me);
- if (prehash)
- {
- if (prehash->data == NULL || prehash->size != digest_size)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- cmp = prehash->data;
- }
- else
- {
- if (!text)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_hash_init (&hd, me);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&hd, text->data, text->size);
- _gnutls_hash_deinit (&hd, md);
-
- cmp = md;
- }
-
- d.data = cmp;
- d.size = digest_size;
-
- /* decrypted is a BER encoded data of type DigestInfo
- */
- ret = encode_ber_digest_info (me, &d, &di);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_pk_verify (GNUTLS_PK_RSA, &di, signature, params);
- _gnutls_free_datum (&di);
-
- return ret;
+ int ret;
+ uint8_t md[MAX_HASH_SIZE], *cmp;
+ unsigned int digest_size;
+ gnutls_datum_t d, di;
+ digest_hd_st hd;
+
+ digest_size = _gnutls_hash_get_algo_len(me);
+ if (prehash) {
+ if (prehash->data == NULL || prehash->size != digest_size)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ cmp = prehash->data;
+ } else {
+ if (!text) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_hash_init(&hd, me);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&hd, text->data, text->size);
+ _gnutls_hash_deinit(&hd, md);
+
+ cmp = md;
+ }
+
+ d.data = cmp;
+ d.size = digest_size;
+
+ /* decrypted is a BER encoded data of type DigestInfo
+ */
+ ret = encode_ber_digest_info(me, &d, &di);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_pk_verify(GNUTLS_PK_RSA, &di, signature, params);
+ _gnutls_free_datum(&di);
+
+ return ret;
}
/* Hashes input data and verifies a signature.
*/
static int
-dsa_verify_hashed_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st* algo,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st* params)
+dsa_verify_hashed_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * algo,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * params)
{
- gnutls_datum_t digest;
- unsigned int hash_len;
-
- if (algo == NULL)
- algo = _gnutls_dsa_q_to_hash(pk, params, &hash_len);
- else
- hash_len = _gnutls_hash_get_algo_len(algo);
-
- /* SHA1 or better allowed */
- if (!hash->data || hash->size < hash_len)
- {
- gnutls_assert();
- _gnutls_debug_log("Hash size (%d) does not correspond to hash %s(%d) or better.\n",
- (int)hash->size, _gnutls_mac_get_name(algo), hash_len);
-
- if (hash->size != 20) /* SHA1 is allowed */
- return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
- }
-
- digest.data = hash->data;
- digest.size = hash->size;
-
- return _gnutls_pk_verify (pk, &digest, signature, params);
+ gnutls_datum_t digest;
+ unsigned int hash_len;
+
+ if (algo == NULL)
+ algo = _gnutls_dsa_q_to_hash(pk, params, &hash_len);
+ else
+ hash_len = _gnutls_hash_get_algo_len(algo);
+
+ /* SHA1 or better allowed */
+ if (!hash->data || hash->size < hash_len) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Hash size (%d) does not correspond to hash %s(%d) or better.\n",
+ (int) hash->size, _gnutls_mac_get_name(algo),
+ hash_len);
+
+ if (hash->size != 20) /* SHA1 is allowed */
+ return
+ gnutls_assert_val
+ (GNUTLS_E_PK_SIG_VERIFY_FAILED);
+ }
+
+ digest.data = hash->data;
+ digest.size = hash->size;
+
+ return _gnutls_pk_verify(pk, &digest, signature, params);
}
static int
-dsa_verify_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st* algo,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st* params)
+dsa_verify_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * algo,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * params)
{
- int ret;
- uint8_t _digest[MAX_HASH_SIZE];
- gnutls_datum_t digest;
- digest_hd_st hd;
+ int ret;
+ uint8_t _digest[MAX_HASH_SIZE];
+ gnutls_datum_t digest;
+ digest_hd_st hd;
- if (algo == NULL)
- algo = _gnutls_dsa_q_to_hash (pk, params, NULL);
+ if (algo == NULL)
+ algo = _gnutls_dsa_q_to_hash(pk, params, NULL);
- ret = _gnutls_hash_init (&hd, algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_hash_init(&hd, algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- _gnutls_hash (&hd, data->data, data->size);
- _gnutls_hash_deinit (&hd, _digest);
+ _gnutls_hash(&hd, data->data, data->size);
+ _gnutls_hash_deinit(&hd, _digest);
- digest.data = _digest;
- digest.size = _gnutls_hash_get_algo_len(algo);
+ digest.data = _digest;
+ digest.size = _gnutls_hash_get_algo_len(algo);
- return _gnutls_pk_verify (pk, &digest, signature, params);
+ return _gnutls_pk_verify(pk, &digest, signature, params);
}
/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
* not verified, or 1 otherwise.
*/
int
-pubkey_verify_hashed_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st* hash_algo,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * issuer_params)
+pubkey_verify_hashed_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * hash_algo,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * issuer_params)
{
- switch (pk)
- {
- case GNUTLS_PK_RSA:
-
- if (_pkcs1_rsa_verify_sig
- (hash_algo, NULL, hash, signature, issuer_params) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 1;
- break;
-
- case GNUTLS_PK_EC:
- case GNUTLS_PK_DSA:
- if (dsa_verify_hashed_data(pk, hash_algo, hash, signature, issuer_params) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 1;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
-
- }
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+
+ if (_pkcs1_rsa_verify_sig
+ (hash_algo, NULL, hash, signature, issuer_params) != 0)
+ {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+
+ case GNUTLS_PK_EC:
+ case GNUTLS_PK_DSA:
+ if (dsa_verify_hashed_data
+ (pk, hash_algo, hash, signature, issuer_params) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
}
/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
* not verified, or 1 otherwise.
*/
int
-pubkey_verify_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st* me,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * issuer_params)
+pubkey_verify_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * me,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * issuer_params)
{
- switch (pk)
- {
- case GNUTLS_PK_RSA:
-
- if (_pkcs1_rsa_verify_sig
- (me, data, NULL, signature, issuer_params) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 1;
- break;
-
- case GNUTLS_PK_EC:
- case GNUTLS_PK_DSA:
- if (dsa_verify_data(pk, me, data, signature, issuer_params) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 1;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
-
- }
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+
+ if (_pkcs1_rsa_verify_sig
+ (me, data, NULL, signature, issuer_params) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+
+ case GNUTLS_PK_EC:
+ case GNUTLS_PK_DSA:
+ if (dsa_verify_data(pk, me, data, signature, issuer_params)
+ != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
}
-const mac_entry_st*
-_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params,
- unsigned int* hash_len)
+const mac_entry_st *_gnutls_dsa_q_to_hash(gnutls_pk_algorithm_t algo,
+ const gnutls_pk_params_st *
+ params, unsigned int *hash_len)
{
- int bits = 0;
- int ret;
-
- if (algo == GNUTLS_PK_DSA)
- bits = _gnutls_mpi_get_nbits (params->params[1]);
- else if (algo == GNUTLS_PK_EC)
- bits = gnutls_ecc_curve_get_size(params->flags)*8;
-
- if (bits <= 160)
- {
- if (hash_len) *hash_len = 20;
- ret = GNUTLS_DIG_SHA1;
- }
- else if (bits <= 192)
- {
- if (hash_len) *hash_len = 24;
- ret = GNUTLS_DIG_SHA256;
- }
- else if (bits <= 224)
- {
- if (hash_len) *hash_len = 28;
- ret = GNUTLS_DIG_SHA256;
- }
- else if (bits <= 256)
- {
- if (hash_len) *hash_len = 32;
- ret = GNUTLS_DIG_SHA256;
- }
- else if (bits <= 384)
- {
- if (hash_len) *hash_len = 48;
- ret = GNUTLS_DIG_SHA384;
- }
- else
- {
- if (hash_len) *hash_len = 64;
- ret = GNUTLS_DIG_SHA512;
- }
-
- return mac_to_entry(ret);
+ int bits = 0;
+ int ret;
+
+ if (algo == GNUTLS_PK_DSA)
+ bits = _gnutls_mpi_get_nbits(params->params[1]);
+ else if (algo == GNUTLS_PK_EC)
+ bits = gnutls_ecc_curve_get_size(params->flags) * 8;
+
+ if (bits <= 160) {
+ if (hash_len)
+ *hash_len = 20;
+ ret = GNUTLS_DIG_SHA1;
+ } else if (bits <= 192) {
+ if (hash_len)
+ *hash_len = 24;
+ ret = GNUTLS_DIG_SHA256;
+ } else if (bits <= 224) {
+ if (hash_len)
+ *hash_len = 28;
+ ret = GNUTLS_DIG_SHA256;
+ } else if (bits <= 256) {
+ if (hash_len)
+ *hash_len = 32;
+ ret = GNUTLS_DIG_SHA256;
+ } else if (bits <= 384) {
+ if (hash_len)
+ *hash_len = 48;
+ ret = GNUTLS_DIG_SHA384;
+ } else {
+ if (hash_len)
+ *hash_len = 64;
+ ret = GNUTLS_DIG_SHA512;
+ }
+
+ return mac_to_entry(ret);
}
/**
@@ -2100,11 +2037,12 @@ _gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* pa
* Since: 3.1.0
*
**/
-void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key,
- gnutls_pin_callback_t fn, void *userdata)
+void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- key->pin.cb = fn;
- key->pin.data = userdata;
+ key->pin.cb = fn;
+ key->pin.data = userdata;
}
/**
@@ -2122,37 +2060,34 @@ void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key,
*
* Since: 3.1.3
**/
-int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags)
+int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
- gnutls_x509_crt_t xpriv;
- int ret;
-
- ret = gnutls_x509_crt_init(&xpriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_crt_import(xpriv, data, format);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_x509(pkey, xpriv, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_x509_crt_deinit(xpriv);
-
- return ret;
-}
+ gnutls_x509_crt_t xpriv;
+ int ret;
+ ret = gnutls_x509_crt_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_x509_crt_import(xpriv, data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_x509(pkey, xpriv, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_x509_crt_deinit(xpriv);
+
+ return ret;
+}
diff --git a/lib/gnutls_range.c b/lib/gnutls_range.c
index a087ff9a32..853e54a7e0 100644
--- a/lib/gnutls_range.c
+++ b/lib/gnutls_range.c
@@ -27,12 +27,12 @@
#include "gnutls_record.h"
static void
-_gnutls_set_range (gnutls_range_st * dst, const size_t low,
- const size_t high)
+_gnutls_set_range(gnutls_range_st * dst, const size_t low,
+ const size_t high)
{
- dst->low = low;
- dst->high = high;
- return;
+ dst->low = low;
+ dst->high = high;
+ return;
}
/*
@@ -40,59 +40,54 @@ _gnutls_set_range (gnutls_range_st * dst, const size_t low,
* put at least data_length bytes of user data.
*/
static ssize_t
-_gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length,
- ssize_t max_frag)
+_gnutls_range_max_lh_pad(gnutls_session_t session, ssize_t data_length,
+ ssize_t max_frag)
{
- int ret;
- ssize_t max_pad;
- unsigned int fixed_pad;
- record_parameters_st *record_params;
- ssize_t this_pad;
- ssize_t block_size;
- ssize_t tag_size, overflow;
-
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params);
- if (ret < 0)
- {
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
- }
-
- if (session->security_parameters.new_record_padding != 0)
- {
- max_pad = max_user_send_size (session, record_params);
- fixed_pad = 2;
- }
- else
- {
- max_pad = MAX_PAD_SIZE;
- fixed_pad = 1;
- }
-
- this_pad = MIN (max_pad, max_frag - data_length);
-
- block_size =
- _gnutls_cipher_get_block_size (record_params->cipher);
- tag_size =
- _gnutls_auth_cipher_tag_len (&record_params->write.cipher_state);
- switch (_gnutls_cipher_is_block (record_params->cipher))
- {
- case CIPHER_STREAM:
- return this_pad;
-
- case CIPHER_BLOCK:
- overflow =
- (data_length + this_pad + tag_size + fixed_pad) % block_size;
- if (overflow > this_pad)
- {
- return this_pad;
- }
- else
- {
- return this_pad - overflow;
- }
- default:
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
- }
+ int ret;
+ ssize_t max_pad;
+ unsigned int fixed_pad;
+ record_parameters_st *record_params;
+ ssize_t this_pad;
+ ssize_t block_size;
+ ssize_t tag_size, overflow;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
+ &record_params);
+ if (ret < 0) {
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ if (session->security_parameters.new_record_padding != 0) {
+ max_pad = max_user_send_size(session, record_params);
+ fixed_pad = 2;
+ } else {
+ max_pad = MAX_PAD_SIZE;
+ fixed_pad = 1;
+ }
+
+ this_pad = MIN(max_pad, max_frag - data_length);
+
+ block_size = _gnutls_cipher_get_block_size(record_params->cipher);
+ tag_size =
+ _gnutls_auth_cipher_tag_len(&record_params->write.
+ cipher_state);
+ switch (_gnutls_cipher_is_block(record_params->cipher)) {
+ case CIPHER_STREAM:
+ return this_pad;
+
+ case CIPHER_BLOCK:
+ overflow =
+ (data_length + this_pad + tag_size +
+ fixed_pad) % block_size;
+ if (overflow > this_pad) {
+ return this_pad;
+ } else {
+ return this_pad - overflow;
+ }
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
/**
@@ -110,32 +105,31 @@ _gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length,
* Returns: true (1) if the current session supports length-hiding
* padding, false (0) if the current session does not.
**/
-int
-gnutls_record_can_use_length_hiding (gnutls_session_t session)
+int gnutls_record_can_use_length_hiding(gnutls_session_t session)
{
- int ret;
- record_parameters_st *record_params;
-
- if (session->security_parameters.new_record_padding != 0)
- return 1;
-
- if (get_num_version(session) == GNUTLS_SSL3)
- return 0;
-
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params);
- if (ret < 0)
- {
- return 0;
- }
-
- switch (_gnutls_cipher_is_block (record_params->cipher))
- {
- case CIPHER_BLOCK:
- return 1;
- case CIPHER_STREAM:
- default:
- return 0;
- }
+ int ret;
+ record_parameters_st *record_params;
+
+ if (session->security_parameters.new_record_padding != 0)
+ return 1;
+
+ if (get_num_version(session) == GNUTLS_SSL3)
+ return 0;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
+ &record_params);
+ if (ret < 0) {
+ return 0;
+ }
+
+ switch (_gnutls_cipher_is_block(record_params->cipher)) {
+ case CIPHER_BLOCK:
+ return 1;
+ case CIPHER_STREAM:
+ default:
+ return 0;
+ }
}
/**
@@ -157,62 +151,61 @@ gnutls_record_can_use_length_hiding (gnutls_session_t session)
* and @remainder are modified to store the resulting values.
*/
int
-gnutls_range_split (gnutls_session_t session,
- const gnutls_range_st *orig,
- gnutls_range_st * next,
- gnutls_range_st * remainder)
+gnutls_range_split(gnutls_session_t session,
+ const gnutls_range_st * orig,
+ gnutls_range_st * next, gnutls_range_st * remainder)
{
- int ret;
- ssize_t max_frag;
- ssize_t orig_low = (ssize_t) orig->low;
- ssize_t orig_high = (ssize_t) orig->high;
- record_parameters_st *record_params;
-
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- max_frag = max_user_send_size (session, record_params);
-
- if (orig_high == orig_low)
- {
- int length = MIN (orig_high, max_frag);
- int rem = orig_high - length;
- _gnutls_set_range (next, length, length);
- _gnutls_set_range (remainder, rem, rem);
-
- return 0;
- }
- else
- {
- if (orig_low >= max_frag)
- {
- _gnutls_set_range (next, max_frag, max_frag);
- _gnutls_set_range (remainder, orig_low - max_frag,
- orig_high - max_frag);
- }
- else
- {
- ret = _gnutls_range_max_lh_pad (session, orig_low, max_frag);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ssize_t this_pad = MIN (ret, orig_high - orig_low);
-
- _gnutls_set_range (next, orig_low, orig_low + this_pad);
- _gnutls_set_range (remainder, 0,
- orig_high - (orig_low + this_pad));
- }
-
- return 0;
- }
+ int ret;
+ ssize_t max_frag;
+ ssize_t orig_low = (ssize_t) orig->low;
+ ssize_t orig_high = (ssize_t) orig->high;
+ record_parameters_st *record_params;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
+ &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ max_frag = max_user_send_size(session, record_params);
+
+ if (orig_high == orig_low) {
+ int length = MIN(orig_high, max_frag);
+ int rem = orig_high - length;
+ _gnutls_set_range(next, length, length);
+ _gnutls_set_range(remainder, rem, rem);
+
+ return 0;
+ } else {
+ if (orig_low >= max_frag) {
+ _gnutls_set_range(next, max_frag, max_frag);
+ _gnutls_set_range(remainder, orig_low - max_frag,
+ orig_high - max_frag);
+ } else {
+ ret =
+ _gnutls_range_max_lh_pad(session, orig_low,
+ max_frag);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ssize_t this_pad = MIN(ret, orig_high - orig_low);
+
+ _gnutls_set_range(next, orig_low,
+ orig_low + this_pad);
+ _gnutls_set_range(remainder, 0,
+ orig_high - (orig_low +
+ this_pad));
+ }
+
+ return 0;
+ }
}
static size_t
-_gnutls_range_fragment (size_t data_size, gnutls_range_st cur,
- gnutls_range_st next)
+_gnutls_range_fragment(size_t data_size, gnutls_range_st cur,
+ gnutls_range_st next)
{
- return MIN (cur.high, data_size - next.low);
+ return MIN(cur.high, data_size - next.low);
}
/**
@@ -237,85 +230,85 @@ _gnutls_range_fragment (size_t data_size, gnutls_range_st cur,
* or a negative error code.
**/
ssize_t
-gnutls_record_send_range (gnutls_session_t session, const void *data,
- size_t data_size, const gnutls_range_st * range)
+gnutls_record_send_range(gnutls_session_t session, const void *data,
+ size_t data_size, const gnutls_range_st * range)
{
- size_t sent = 0;
- size_t next_fragment_length;
- ssize_t ret;
- gnutls_range_st cur_range, next_range;
-
- /* sanity check on range and data size */
- if (range->low > range->high ||
- data_size < range->low ||
- data_size > range->high)
- {
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
- }
-
- ret = gnutls_record_can_use_length_hiding (session);
- if (ret == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (ret == 0 && range->low != range->high)
- /* Cannot use LH, but a range was given */
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- _gnutls_set_range (&cur_range, range->low, range->high);
-
- _gnutls_record_log
- ("RANGE: Preparing message with size %d, range (%d,%d)\n",
- (int) data_size, (int) range->low, (int) range->high);
-
- while (cur_range.high != 0)
- {
- ret =
- gnutls_range_split (session, &cur_range, &cur_range,
- &next_range);
- if (ret < 0)
- {
- return ret; /* already gnutls_assert_val'd */
- }
-
- next_fragment_length =
- _gnutls_range_fragment (data_size, cur_range, next_range);
-
- _gnutls_record_log
- ("RANGE: Next fragment size: %d (%d,%d); remaining range: (%d,%d)\n",
- (int) next_fragment_length, (int) cur_range.low,
- (int) cur_range.high, (int) next_range.low,
- (int) next_range.high);
-
- ret = _gnutls_send_tlen_int (session, GNUTLS_APPLICATION_DATA, -1,
- EPOCH_WRITE_CURRENT,
- &(((char *) data)[sent]),
- next_fragment_length,
- cur_range.high-next_fragment_length,
- MBUFFER_FLUSH);
-
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
- {
- ret = _gnutls_send_tlen_int (session, GNUTLS_APPLICATION_DATA, -1,
- EPOCH_WRITE_CURRENT,
- NULL, 0, 0,
- MBUFFER_FLUSH);
- }
-
- if (ret < 0)
- {
- return gnutls_assert_val(ret);
- }
- if (ret != (ssize_t) next_fragment_length)
- {
- _gnutls_record_log
- ("RANGE: ERROR: ret = %d; next_fragment_length = %d\n",
- (int) ret, (int) next_fragment_length);
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
- }
- sent += next_fragment_length;
- data_size -= next_fragment_length;
- _gnutls_set_range (&cur_range, next_range.low, next_range.high);
- }
-
- return sent;
+ size_t sent = 0;
+ size_t next_fragment_length;
+ ssize_t ret;
+ gnutls_range_st cur_range, next_range;
+
+ /* sanity check on range and data size */
+ if (range->low > range->high ||
+ data_size < range->low || data_size > range->high) {
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ ret = gnutls_record_can_use_length_hiding(session);
+ if (ret == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (ret == 0 && range->low != range->high)
+ /* Cannot use LH, but a range was given */
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ _gnutls_set_range(&cur_range, range->low, range->high);
+
+ _gnutls_record_log
+ ("RANGE: Preparing message with size %d, range (%d,%d)\n",
+ (int) data_size, (int) range->low, (int) range->high);
+
+ while (cur_range.high != 0) {
+ ret =
+ gnutls_range_split(session, &cur_range, &cur_range,
+ &next_range);
+ if (ret < 0) {
+ return ret; /* already gnutls_assert_val'd */
+ }
+
+ next_fragment_length =
+ _gnutls_range_fragment(data_size, cur_range,
+ next_range);
+
+ _gnutls_record_log
+ ("RANGE: Next fragment size: %d (%d,%d); remaining range: (%d,%d)\n",
+ (int) next_fragment_length, (int) cur_range.low,
+ (int) cur_range.high, (int) next_range.low,
+ (int) next_range.high);
+
+ ret =
+ _gnutls_send_tlen_int(session, GNUTLS_APPLICATION_DATA,
+ -1, EPOCH_WRITE_CURRENT,
+ &(((char *) data)[sent]),
+ next_fragment_length,
+ cur_range.high -
+ next_fragment_length,
+ MBUFFER_FLUSH);
+
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED) {
+ ret =
+ _gnutls_send_tlen_int(session,
+ GNUTLS_APPLICATION_DATA,
+ -1, EPOCH_WRITE_CURRENT,
+ NULL, 0, 0,
+ MBUFFER_FLUSH);
+ }
+
+ if (ret < 0) {
+ return gnutls_assert_val(ret);
+ }
+ if (ret != (ssize_t) next_fragment_length) {
+ _gnutls_record_log
+ ("RANGE: ERROR: ret = %d; next_fragment_length = %d\n",
+ (int) ret, (int) next_fragment_length);
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ sent += next_fragment_length;
+ data_size -= next_fragment_length;
+ _gnutls_set_range(&cur_range, next_range.low,
+ next_range.high);
+ }
+
+ return sent;
}
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index a9875309fd..b597637884 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -54,15 +54,15 @@
#include <random.h>
struct tls_record_st {
- uint16_t header_size;
- uint8_t version[2];
- uint64 sequence; /* DTLS */
- uint16_t length;
- uint16_t packet_size; /* header_size + length */
- content_type_t type;
- uint16_t epoch; /* valid in DTLS only */
- unsigned v2:1; /* whether an SSLv2 client hello */
- /* the data */
+ uint16_t header_size;
+ uint8_t version[2];
+ uint64 sequence; /* DTLS */
+ uint16_t length;
+ uint16_t packet_size; /* header_size + length */
+ content_type_t type;
+ uint16_t epoch; /* valid in DTLS only */
+ unsigned v2:1; /* whether an SSLv2 client hello */
+ /* the data */
};
/**
@@ -78,10 +78,9 @@ struct tls_record_st {
* by default unless requested using gnutls_range_send_message().
*
**/
-void
-gnutls_record_disable_padding (gnutls_session_t session)
+void gnutls_record_disable_padding(gnutls_session_t session)
{
- return;
+ return;
}
/**
@@ -98,9 +97,10 @@ gnutls_record_disable_padding (gnutls_session_t session)
* of empty fragments in a row, you can use this function to set the desired value.
**/
void
-gnutls_record_set_max_empty_records (gnutls_session_t session, const unsigned int i)
+gnutls_record_set_max_empty_records(gnutls_session_t session,
+ const unsigned int i)
{
- session->internals.priorities.max_empty_records = i;
+ session->internals.priorities.max_empty_records = i;
}
/**
@@ -114,11 +114,11 @@ gnutls_record_set_max_empty_records (gnutls_session_t session, const unsigned in
*
**/
void
-gnutls_transport_set_ptr (gnutls_session_t session,
- gnutls_transport_ptr_t ptr)
+gnutls_transport_set_ptr(gnutls_session_t session,
+ gnutls_transport_ptr_t ptr)
{
- session->internals.transport_recv_ptr = ptr;
- session->internals.transport_send_ptr = ptr;
+ session->internals.transport_recv_ptr = ptr;
+ session->internals.transport_send_ptr = ptr;
}
/**
@@ -133,12 +133,12 @@ gnutls_transport_set_ptr (gnutls_session_t session,
* pointers for receiving and sending.
**/
void
-gnutls_transport_set_ptr2 (gnutls_session_t session,
- gnutls_transport_ptr_t recv_ptr,
- gnutls_transport_ptr_t send_ptr)
+gnutls_transport_set_ptr2(gnutls_session_t session,
+ gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr)
{
- session->internals.transport_send_ptr = send_ptr;
- session->internals.transport_recv_ptr = recv_ptr;
+ session->internals.transport_send_ptr = send_ptr;
+ session->internals.transport_recv_ptr = recv_ptr;
}
/**
@@ -155,12 +155,13 @@ gnutls_transport_set_ptr2 (gnutls_session_t session,
* Since: 3.1.9
**/
void
-gnutls_transport_set_int2 (gnutls_session_t session,
- int recv_int,
- int send_int)
+gnutls_transport_set_int2(gnutls_session_t session,
+ int recv_int, int send_int)
{
- session->internals.transport_send_ptr = (gnutls_transport_ptr_t)(long)send_int;
- session->internals.transport_recv_ptr = (gnutls_transport_ptr_t)(long)recv_int;
+ session->internals.transport_send_ptr =
+ (gnutls_transport_ptr_t) (long) send_int;
+ session->internals.transport_recv_ptr =
+ (gnutls_transport_ptr_t) (long) recv_int;
}
#if 0
@@ -176,11 +177,12 @@ gnutls_transport_set_int2 (gnutls_session_t session,
* Since: 3.1.9
*
**/
-void
-gnutls_transport_set_int (gnutls_session_t session, int i)
+void gnutls_transport_set_int(gnutls_session_t session, int i)
{
- session->internals.transport_recv_ptr = (gnutls_transport_ptr_t)(long)i;
- session->internals.transport_send_ptr = (gnutls_transport_ptr_t)(long)i;
+ session->internals.transport_recv_ptr =
+ (gnutls_transport_ptr_t) (long) i;
+ session->internals.transport_send_ptr =
+ (gnutls_transport_ptr_t) (long) i;
}
#endif
@@ -194,10 +196,9 @@ gnutls_transport_set_int (gnutls_session_t session, int i)
*
* Returns: The first argument of the transport function.
**/
-gnutls_transport_ptr_t
-gnutls_transport_get_ptr (gnutls_session_t session)
+gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session)
{
- return session->internals.transport_recv_ptr;
+ return session->internals.transport_recv_ptr;
}
/**
@@ -211,13 +212,13 @@ gnutls_transport_get_ptr (gnutls_session_t session)
* gnutls_transport_set_ptr2().
**/
void
-gnutls_transport_get_ptr2 (gnutls_session_t session,
- gnutls_transport_ptr_t * recv_ptr,
- gnutls_transport_ptr_t * send_ptr)
+gnutls_transport_get_ptr2(gnutls_session_t session,
+ gnutls_transport_ptr_t * recv_ptr,
+ gnutls_transport_ptr_t * send_ptr)
{
- *recv_ptr = session->internals.transport_recv_ptr;
- *send_ptr = session->internals.transport_send_ptr;
+ *recv_ptr = session->internals.transport_recv_ptr;
+ *send_ptr = session->internals.transport_send_ptr;
}
/**
@@ -233,13 +234,12 @@ gnutls_transport_get_ptr2 (gnutls_session_t session,
* Since: 3.1.9
**/
void
-gnutls_transport_get_int2 (gnutls_session_t session,
- int * recv_int,
- int * send_int)
+gnutls_transport_get_int2(gnutls_session_t session,
+ int *recv_int, int *send_int)
{
- *recv_int = (long)session->internals.transport_recv_ptr;
- *send_int = (long)session->internals.transport_send_ptr;
+ *recv_int = (long) session->internals.transport_recv_ptr;
+ *send_int = (long) session->internals.transport_send_ptr;
}
/**
@@ -254,10 +254,9 @@ gnutls_transport_get_int2 (gnutls_session_t session,
*
* Since: 3.1.9
**/
-int
-gnutls_transport_get_int (gnutls_session_t session)
+int gnutls_transport_get_int(gnutls_session_t session)
{
- return (long)session->internals.transport_recv_ptr;
+ return (long) session->internals.transport_recv_ptr;
}
/**
@@ -292,129 +291,118 @@ gnutls_transport_get_int (gnutls_session_t session)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
* function documentation for entire semantics.
**/
-int
-gnutls_bye (gnutls_session_t session, gnutls_close_request_t how)
+int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
{
- int ret = 0;
-
- switch (STATE)
- {
- case STATE0:
- case STATE60:
- ret = _gnutls_io_write_flush (session);
- STATE = STATE60;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE61:
- ret =
- gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY);
- STATE = STATE61;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE62:
- STATE = STATE62;
- if (how == GNUTLS_SHUT_RDWR)
- {
- do
- {
- ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0, NULL,
- session->internals.record_timeout_ms);
- }
- while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
-
- if (ret >= 0)
- session->internals.may_not_read = 1;
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- STATE = STATE62;
-
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- STATE = STATE0;
-
- session->internals.may_not_write = 1;
- return 0;
+ int ret = 0;
+
+ switch (STATE) {
+ case STATE0:
+ case STATE60:
+ ret = _gnutls_io_write_flush(session);
+ STATE = STATE60;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE61:
+ ret =
+ gnutls_alert_send(session, GNUTLS_AL_WARNING,
+ GNUTLS_A_CLOSE_NOTIFY);
+ STATE = STATE61;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE62:
+ STATE = STATE62;
+ if (how == GNUTLS_SHUT_RDWR) {
+ do {
+ ret =
+ _gnutls_recv_int(session, GNUTLS_ALERT,
+ -1, NULL, 0, NULL,
+ session->internals.
+ record_timeout_ms);
+ }
+ while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
+
+ if (ret >= 0)
+ session->internals.may_not_read = 1;
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ STATE = STATE62;
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ STATE = STATE0;
+
+ session->internals.may_not_write = 1;
+ return 0;
}
-inline static void
-session_invalidate (gnutls_session_t session)
+inline static void session_invalidate(gnutls_session_t session)
{
- session->internals.invalid_connection = 1;
+ session->internals.invalid_connection = 1;
}
-inline static void
-session_unresumable (gnutls_session_t session)
+inline static void session_unresumable(gnutls_session_t session)
{
- session->internals.resumable = RESUME_FALSE;
+ session->internals.resumable = RESUME_FALSE;
}
/* returns 0 if session is valid
*/
-inline static int
-session_is_valid (gnutls_session_t session)
+inline static int session_is_valid(gnutls_session_t session)
{
- if (session->internals.invalid_connection != 0)
- return GNUTLS_E_INVALID_SESSION;
+ if (session->internals.invalid_connection != 0)
+ return GNUTLS_E_INVALID_SESSION;
- return 0;
+ return 0;
}
/* Copies the record version into the headers. The
* version must have 2 bytes at least.
*/
inline static void
-copy_record_version (gnutls_session_t session,
- gnutls_handshake_description_t htype, uint8_t version[2])
+copy_record_version(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ uint8_t version[2])
{
- const version_entry_st* lver;
-
- if (session->internals.initial_negotiation_completed || htype != GNUTLS_HANDSHAKE_CLIENT_HELLO
- || session->internals.default_record_version[0] == 0)
- {
- lver = get_version (session);
-
- version[0] = lver->major;
- version[1] = lver->minor;
- }
- else
- {
- version[0] = session->internals.default_record_version[0];
- version[1] = session->internals.default_record_version[1];
- }
+ const version_entry_st *lver;
+
+ if (session->internals.initial_negotiation_completed
+ || htype != GNUTLS_HANDSHAKE_CLIENT_HELLO
+ || session->internals.default_record_version[0] == 0) {
+ lver = get_version(session);
+
+ version[0] = lver->major;
+ version[1] = lver->minor;
+ } else {
+ version[0] = session->internals.default_record_version[0];
+ version[1] = session->internals.default_record_version[1];
+ }
}
/* Increments the sequence value
*/
inline static int
-sequence_increment (gnutls_session_t session,
- uint64 * value)
+sequence_increment(gnutls_session_t session, uint64 * value)
{
- if (IS_DTLS(session))
- {
- return _gnutls_uint48pp(value);
- }
- else
- {
- return _gnutls_uint64pp(value);
- }
+ if (IS_DTLS(session)) {
+ return _gnutls_uint48pp(value);
+ } else {
+ return _gnutls_uint64pp(value);
+ }
}
/* This function behaves exactly like write(). The only difference is
@@ -440,179 +428,177 @@ sequence_increment (gnutls_session_t session,
*
*/
ssize_t
-_gnutls_send_tlen_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- unsigned int epoch_rel, const void *_data,
- size_t data_size, size_t min_pad, unsigned int mflags)
+_gnutls_send_tlen_int(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *_data,
+ size_t data_size, size_t min_pad,
+ unsigned int mflags)
{
- mbuffer_st *bufel;
- ssize_t cipher_size;
- int retval, ret;
- int send_data_size;
- uint8_t *headers;
- int header_size;
- const uint8_t *data = _data;
- record_parameters_st *record_params;
- size_t max_send_size;
- record_state_st *record_state;
-
- ret = _gnutls_epoch_get (session, epoch_rel, &record_params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Safeguard against processing data with an incomplete cipher state. */
- if (!record_params->initialized)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- record_state = &record_params->write;
-
- /* Do not allow null pointer if the send buffer is empty.
- * If the previous send was interrupted then a null pointer is
- * ok, and means to resume.
- */
- if (session->internals.record_send_buffer.byte_length == 0 &&
- (data_size == 0 && _data == NULL))
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (type != GNUTLS_ALERT) /* alert messages are sent anyway */
- if (session_is_valid (session) || session->internals.may_not_write != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- max_send_size = max_user_send_size(session, record_params);
-
- if (data_size > max_send_size)
- {
- if (IS_DTLS(session))
- return gnutls_assert_val(GNUTLS_E_LARGE_PACKET);
-
- send_data_size = max_send_size;
- }
- else
- send_data_size = data_size;
-
- /* Only encrypt if we don't have data to send
- * from the previous run. - probably interrupted.
- */
- if (mflags != 0 && session->internals.record_send_buffer.byte_length > 0)
- {
- ret = _gnutls_io_write_flush (session);
- if (ret > 0)
- cipher_size = ret;
- else
- cipher_size = 0;
-
- retval = session->internals.record_send_buffer_user_size;
- }
- else
- {
- if (unlikely((send_data_size == 0 && min_pad == 0)))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* now proceed to packet encryption
- */
- cipher_size = MAX_RECORD_SEND_SIZE(session);
- bufel = _mbuffer_alloc (0, cipher_size+CIPHER_SLACK_SIZE);
- if (bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- headers = _mbuffer_get_uhead_ptr(bufel);
- headers[0] = type;
- /* Use the default record version, if it is
- * set. */
- copy_record_version (session, htype, &headers[1]);
- header_size = RECORD_HEADER_SIZE(session);
- /* Adjust header length and add sequence for DTLS */
- if (IS_DTLS(session))
- memcpy(&headers[3], &record_state->sequence_number.i, 8);
-
- _gnutls_record_log
- ("REC[%p]: Preparing Packet %s(%d) with length: %d and min pad: %d\n", session,
- _gnutls_packet2str (type), type, (int) data_size, (int) min_pad);
-
- _mbuffer_set_udata_size(bufel, cipher_size);
- _mbuffer_set_uhead_size(bufel, header_size);
-
- ret =
- _gnutls_encrypt (session,
- data, send_data_size, min_pad,
- bufel, type, record_params);
- if (ret <= 0)
- {
- gnutls_assert ();
- if (ret == 0)
- ret = GNUTLS_E_ENCRYPTION_FAILED;
- gnutls_free (bufel);
- return ret; /* error */
- }
-
- cipher_size = _mbuffer_get_udata_size(bufel);
- retval = send_data_size;
- session->internals.record_send_buffer_user_size = send_data_size;
-
- /* increase sequence number
- */
- if (sequence_increment (session, &record_state->sequence_number) != 0)
- {
- session_invalidate (session);
- gnutls_free (bufel);
- return gnutls_assert_val(GNUTLS_E_RECORD_LIMIT_REACHED);
- }
-
- ret = _gnutls_io_write_buffered (session, bufel, mflags);
- }
-
- if (ret != cipher_size)
- {
- /* If we have sent any data then just return
- * the error value. Do not invalidate the session.
- */
- if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- return gnutls_assert_val(ret);
-
- if (ret > 0)
- ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- session_unresumable (session);
- session->internals.may_not_write = 1;
- return gnutls_assert_val(ret);
- }
-
- session->internals.record_send_buffer_user_size = 0;
-
- _gnutls_record_log ("REC[%p]: Sent Packet[%d] %s(%d) in epoch %d and length: %d\n",
- session,
- (unsigned int)
- _gnutls_uint64touint32
- (&record_state->sequence_number),
- _gnutls_packet2str (type), type,
- (int) record_params->epoch,
- (int) cipher_size);
-
- return retval;
+ mbuffer_st *bufel;
+ ssize_t cipher_size;
+ int retval, ret;
+ int send_data_size;
+ uint8_t *headers;
+ int header_size;
+ const uint8_t *data = _data;
+ record_parameters_st *record_params;
+ size_t max_send_size;
+ record_state_st *record_state;
+
+ ret = _gnutls_epoch_get(session, epoch_rel, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Safeguard against processing data with an incomplete cipher state. */
+ if (!record_params->initialized)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ record_state = &record_params->write;
+
+ /* Do not allow null pointer if the send buffer is empty.
+ * If the previous send was interrupted then a null pointer is
+ * ok, and means to resume.
+ */
+ if (session->internals.record_send_buffer.byte_length == 0 &&
+ (data_size == 0 && _data == NULL)) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (type != GNUTLS_ALERT) /* alert messages are sent anyway */
+ if (session_is_valid(session)
+ || session->internals.may_not_write != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ max_send_size = max_user_send_size(session, record_params);
+
+ if (data_size > max_send_size) {
+ if (IS_DTLS(session))
+ return gnutls_assert_val(GNUTLS_E_LARGE_PACKET);
+
+ send_data_size = max_send_size;
+ } else
+ send_data_size = data_size;
+
+ /* Only encrypt if we don't have data to send
+ * from the previous run. - probably interrupted.
+ */
+ if (mflags != 0
+ && session->internals.record_send_buffer.byte_length > 0) {
+ ret = _gnutls_io_write_flush(session);
+ if (ret > 0)
+ cipher_size = ret;
+ else
+ cipher_size = 0;
+
+ retval = session->internals.record_send_buffer_user_size;
+ } else {
+ if (unlikely((send_data_size == 0 && min_pad == 0)))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* now proceed to packet encryption
+ */
+ cipher_size = MAX_RECORD_SEND_SIZE(session);
+ bufel = _mbuffer_alloc(0, cipher_size + CIPHER_SLACK_SIZE);
+ if (bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ headers = _mbuffer_get_uhead_ptr(bufel);
+ headers[0] = type;
+ /* Use the default record version, if it is
+ * set. */
+ copy_record_version(session, htype, &headers[1]);
+ header_size = RECORD_HEADER_SIZE(session);
+ /* Adjust header length and add sequence for DTLS */
+ if (IS_DTLS(session))
+ memcpy(&headers[3],
+ &record_state->sequence_number.i, 8);
+
+ _gnutls_record_log
+ ("REC[%p]: Preparing Packet %s(%d) with length: %d and min pad: %d\n",
+ session, _gnutls_packet2str(type), type,
+ (int) data_size, (int) min_pad);
+
+ _mbuffer_set_udata_size(bufel, cipher_size);
+ _mbuffer_set_uhead_size(bufel, header_size);
+
+ ret =
+ _gnutls_encrypt(session,
+ data, send_data_size, min_pad,
+ bufel, type, record_params);
+ if (ret <= 0) {
+ gnutls_assert();
+ if (ret == 0)
+ ret = GNUTLS_E_ENCRYPTION_FAILED;
+ gnutls_free(bufel);
+ return ret; /* error */
+ }
+
+ cipher_size = _mbuffer_get_udata_size(bufel);
+ retval = send_data_size;
+ session->internals.record_send_buffer_user_size =
+ send_data_size;
+
+ /* increase sequence number
+ */
+ if (sequence_increment
+ (session, &record_state->sequence_number) != 0) {
+ session_invalidate(session);
+ gnutls_free(bufel);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECORD_LIMIT_REACHED);
+ }
+
+ ret = _gnutls_io_write_buffered(session, bufel, mflags);
+ }
+
+ if (ret != cipher_size) {
+ /* If we have sent any data then just return
+ * the error value. Do not invalidate the session.
+ */
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0)
+ return gnutls_assert_val(ret);
+
+ if (ret > 0)
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ session_unresumable(session);
+ session->internals.may_not_write = 1;
+ return gnutls_assert_val(ret);
+ }
+
+ session->internals.record_send_buffer_user_size = 0;
+
+ _gnutls_record_log
+ ("REC[%p]: Sent Packet[%d] %s(%d) in epoch %d and length: %d\n",
+ session, (unsigned int)
+ _gnutls_uint64touint32(&record_state->sequence_number),
+ _gnutls_packet2str(type), type, (int) record_params->epoch,
+ (int) cipher_size);
+
+ return retval;
}
inline static int
-check_recv_type (gnutls_session_t session, content_type_t recv_type)
+check_recv_type(gnutls_session_t session, content_type_t recv_type)
{
- switch (recv_type)
- {
- case GNUTLS_CHANGE_CIPHER_SPEC:
- case GNUTLS_ALERT:
- case GNUTLS_HANDSHAKE:
- case GNUTLS_HEARTBEAT:
- case GNUTLS_APPLICATION_DATA:
- return 0;
- default:
- gnutls_assert ();
- _gnutls_audit_log(session, "Received record packet of unknown type %u\n", (unsigned int)recv_type);
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
+ switch (recv_type) {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ case GNUTLS_ALERT:
+ case GNUTLS_HANDSHAKE:
+ case GNUTLS_HEARTBEAT:
+ case GNUTLS_APPLICATION_DATA:
+ return 0;
+ default:
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Received record packet of unknown type %u\n",
+ (unsigned int) recv_type);
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
}
@@ -621,33 +607,30 @@ check_recv_type (gnutls_session_t session, content_type_t recv_type)
* then it copies the data.
*/
static int
-check_buffers (gnutls_session_t session, content_type_t type,
- uint8_t * data, int data_size, void* seq)
+check_buffers(gnutls_session_t session, content_type_t type,
+ uint8_t * data, int data_size, void *seq)
{
- if ((type == GNUTLS_APPLICATION_DATA ||
- type == GNUTLS_HANDSHAKE ||
- type == GNUTLS_CHANGE_CIPHER_SPEC)
- && _gnutls_record_buffer_get_size (session) > 0)
- {
- int ret;
- ret = _gnutls_record_buffer_get (type, session, data, data_size, seq);
- if (ret < 0)
- {
- if (IS_DTLS(session))
- {
- if (ret == GNUTLS_E_UNEXPECTED_PACKET)
- {
- ret = GNUTLS_E_AGAIN;
- }
- }
- gnutls_assert ();
- return ret;
- }
-
- return ret;
- }
-
- return 0;
+ if ((type == GNUTLS_APPLICATION_DATA ||
+ type == GNUTLS_HANDSHAKE || type == GNUTLS_CHANGE_CIPHER_SPEC)
+ && _gnutls_record_buffer_get_size(session) > 0) {
+ int ret;
+ ret =
+ _gnutls_record_buffer_get(type, session, data,
+ data_size, seq);
+ if (ret < 0) {
+ if (IS_DTLS(session)) {
+ if (ret == GNUTLS_E_UNEXPECTED_PACKET) {
+ ret = GNUTLS_E_AGAIN;
+ }
+ }
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
+ }
+
+ return 0;
}
@@ -656,79 +639,74 @@ check_buffers (gnutls_session_t session, content_type_t type,
* negotiated in the handshake.
*/
inline static int
-record_check_version (gnutls_session_t session,
- gnutls_handshake_description_t htype, uint8_t version[2])
+record_check_version(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ uint8_t version[2])
{
-const version_entry_st* vers = get_version (session);
-int diff = 0;
-
- if (vers->major != version[0] || vers->minor != version[1])
- diff = 1;
-
- if (!IS_DTLS(session))
- {
- if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO ||
- htype == GNUTLS_HANDSHAKE_SERVER_HELLO)
- {
- if (version[0] != 3)
- {
- gnutls_assert ();
- _gnutls_record_log
- ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session,
- htype, version[0], version[1]);
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- }
- else if (diff != 0)
- {
- /* Reject record packets that have a different version than the
- * one negotiated. Note that this version is not protected by any
- * mac. I don't really think that this check serves any purpose.
- */
- gnutls_assert ();
- _gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
- session, htype, version[0], version[1]);
-
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- }
- else /* DTLS */
- {
- /* In DTLS the only information we have here is whether we
- * expect a handshake message or not.
- */
- if (htype == (gnutls_handshake_description_t)-1)
- {
- if (diff)
- {
- /* Reject record packets that have a different version than the
- * one negotiated. Note that this version is not protected by any
- * mac. I don't really think that this check serves any purpose.
- */
- gnutls_assert ();
- _gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
- session, htype, version[0], version[1]);
-
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- }
- else if (vers->id > GNUTLS_DTLS1_0 && version[0] > 254)
- {
- gnutls_assert ();
- _gnutls_record_log("REC[%p]: INVALID DTLS VERSION PACKET: (%d) %d.%d\n", session,
- htype, version[0], version[1]);
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- else if (vers->id == GNUTLS_DTLS0_9 && version[0] > 1)
- {
- gnutls_assert ();
- _gnutls_record_log("REC[%p]: INVALID DTLS VERSION PACKET: (%d) %d.%d\n", session,
- htype, version[0], version[1]);
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- }
-
- return 0;
+ const version_entry_st *vers = get_version(session);
+ int diff = 0;
+
+ if (vers->major != version[0] || vers->minor != version[1])
+ diff = 1;
+
+ if (!IS_DTLS(session)) {
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO ||
+ htype == GNUTLS_HANDSHAKE_SERVER_HELLO) {
+ if (version[0] != 3) {
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0],
+ version[1]);
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ } else if (diff != 0) {
+ /* Reject record packets that have a different version than the
+ * one negotiated. Note that this version is not protected by any
+ * mac. I don't really think that this check serves any purpose.
+ */
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0], version[1]);
+
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ } else { /* DTLS */
+
+ /* In DTLS the only information we have here is whether we
+ * expect a handshake message or not.
+ */
+ if (htype == (gnutls_handshake_description_t) - 1) {
+ if (diff) {
+ /* Reject record packets that have a different version than the
+ * one negotiated. Note that this version is not protected by any
+ * mac. I don't really think that this check serves any purpose.
+ */
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0],
+ version[1]);
+
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ } else if (vers->id > GNUTLS_DTLS1_0 && version[0] > 254) {
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID DTLS VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0], version[1]);
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ } else if (vers->id == GNUTLS_DTLS0_9 && version[0] > 1) {
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID DTLS VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0], version[1]);
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ }
+
+ return 0;
}
/* This function will check if the received record type is
@@ -737,209 +715,230 @@ int diff = 0;
* this function, even if it fails.
*/
static int
-record_add_to_buffers (gnutls_session_t session,
- struct tls_record_st *recv, content_type_t type,
- gnutls_handshake_description_t htype,
- uint64* seq,
- mbuffer_st* bufel)
+record_add_to_buffers(gnutls_session_t session,
+ struct tls_record_st *recv, content_type_t type,
+ gnutls_handshake_description_t htype,
+ uint64 * seq, mbuffer_st * bufel)
{
- int ret;
-
- if ((recv->type == type)
- && (type == GNUTLS_APPLICATION_DATA ||
- type == GNUTLS_CHANGE_CIPHER_SPEC ||
- type == GNUTLS_HANDSHAKE))
- {
- _gnutls_record_buffer_put (session, type, seq, bufel);
-
- /* if we received application data as expected then we
- * deactivate the async timer */
- _dtls_async_timer_delete(session);
- }
- else
- {
- /* if the expected type is different than the received
- */
- switch (recv->type)
- {
- case GNUTLS_ALERT:
- if (bufel->msg.size < 2)
- {
- ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- goto unexpected_packet;
- }
-
- _gnutls_record_log
- ("REC[%p]: Alert[%d|%d] - %s - was received\n", session,
- bufel->msg.data[0], bufel->msg.data[1], gnutls_alert_get_name ((int) bufel->msg.data[1]));
-
- session->internals.last_alert = bufel->msg.data[1];
-
- /* if close notify is received and
- * the alert is not fatal
- */
- if (bufel->msg.data[1] == GNUTLS_A_CLOSE_NOTIFY && bufel->msg.data[0] != GNUTLS_AL_FATAL)
- {
- /* If we have been expecting for an alert do
- */
- session->internals.read_eof = 1;
- ret = GNUTLS_E_SESSION_EOF;
- goto cleanup;
- }
- else
- {
- /* if the alert is FATAL or WARNING
- * return the apropriate message
- */
-
- gnutls_assert ();
- ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
- if (bufel->msg.data[0] == GNUTLS_AL_FATAL)
- {
- session_unresumable (session);
- session_invalidate (session);
- ret = gnutls_assert_val(GNUTLS_E_FATAL_ALERT_RECEIVED);
- }
- goto cleanup;
- }
- break;
-
- case GNUTLS_CHANGE_CIPHER_SPEC:
- if (!(IS_DTLS(session)))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
-
- _gnutls_record_buffer_put (session, recv->type, seq, bufel);
-
- break;
+ int ret;
+
+ if ((recv->type == type)
+ && (type == GNUTLS_APPLICATION_DATA ||
+ type == GNUTLS_CHANGE_CIPHER_SPEC ||
+ type == GNUTLS_HANDSHAKE)) {
+ _gnutls_record_buffer_put(session, type, seq, bufel);
+
+ /* if we received application data as expected then we
+ * deactivate the async timer */
+ _dtls_async_timer_delete(session);
+ } else {
+ /* if the expected type is different than the received
+ */
+ switch (recv->type) {
+ case GNUTLS_ALERT:
+ if (bufel->msg.size < 2) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ goto unexpected_packet;
+ }
+
+ _gnutls_record_log
+ ("REC[%p]: Alert[%d|%d] - %s - was received\n",
+ session, bufel->msg.data[0],
+ bufel->msg.data[1],
+ gnutls_alert_get_name((int) bufel->msg.
+ data[1]));
+
+ session->internals.last_alert = bufel->msg.data[1];
+
+ /* if close notify is received and
+ * the alert is not fatal
+ */
+ if (bufel->msg.data[1] == GNUTLS_A_CLOSE_NOTIFY
+ && bufel->msg.data[0] != GNUTLS_AL_FATAL) {
+ /* If we have been expecting for an alert do
+ */
+ session->internals.read_eof = 1;
+ ret = GNUTLS_E_SESSION_EOF;
+ goto cleanup;
+ } else {
+ /* if the alert is FATAL or WARNING
+ * return the apropriate message
+ */
+
+ gnutls_assert();
+ ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
+ if (bufel->msg.data[0] == GNUTLS_AL_FATAL) {
+ session_unresumable(session);
+ session_invalidate(session);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_FATAL_ALERT_RECEIVED);
+ }
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ if (!(IS_DTLS(session)))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+
+ _gnutls_record_buffer_put(session, recv->type, seq,
+ bufel);
+
+ break;
#ifdef ENABLE_HEARTBEAT
- case GNUTLS_HEARTBEAT:
- ret = _gnutls_heartbeat_handle (session, bufel);
- goto cleanup;
+ case GNUTLS_HEARTBEAT:
+ ret = _gnutls_heartbeat_handle(session, bufel);
+ goto cleanup;
#endif
- case GNUTLS_APPLICATION_DATA:
- if (session->internals.initial_negotiation_completed == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- goto unexpected_packet;
- }
-
-
- /* the got_application data is only returned
- * if expecting client hello (for rehandshake
- * reasons). Otherwise it is an unexpected packet
- */
- if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
- && type == GNUTLS_HANDSHAKE))
- {
- /* even if data is unexpected put it into the buffer */
- if ((ret =
- _gnutls_record_buffer_put (session, recv->type, seq,
- bufel)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return gnutls_assert_val(GNUTLS_E_GOT_APPLICATION_DATA);
- }
- else
- {
- ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- goto unexpected_packet;
- }
-
- break;
-
- case GNUTLS_HANDSHAKE:
- /* In DTLS we might receive a handshake replay from the peer to indicate
- * the our last TLS handshake messages were not received.
- */
- if (IS_DTLS(session))
- {
- if (type == GNUTLS_CHANGE_CIPHER_SPEC)
- {
- ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- goto unexpected_packet;
- }
-
- if (_dtls_is_async(session) && _dtls_async_timer_active(session))
- {
- if (session->security_parameters.entity == GNUTLS_SERVER &&
- bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
- {
- /* client requested rehandshake. Delete the timer */
- _dtls_async_timer_delete(session);
- }
- else
- {
- session->internals.recv_state = RECV_STATE_DTLS_RETRANSMIT;
- ret = _dtls_retransmit(session);
- if (ret == 0)
- {
- session->internals.recv_state = RECV_STATE_0;
- ret = gnutls_assert_val(GNUTLS_E_AGAIN);
- goto unexpected_packet;
- }
- goto cleanup;
- }
- }
- }
-
- /* This is legal if HELLO_REQUEST is received - and we are a client.
- * If we are a server, a client may initiate a renegotiation at any time.
- */
- if (session->security_parameters.entity == GNUTLS_SERVER &&
- bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
- {
- gnutls_assert ();
- ret =
- _gnutls_record_buffer_put (session, recv->type, seq, bufel);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- return GNUTLS_E_REHANDSHAKE;
- }
-
- /* If we are already in a handshake then a Hello
- * Request is illegal. But here we don't really care
- * since this message will never make it up here.
- */
-
- /* So we accept it, if it is a Hello. If not, this will
- * fail and trigger flight retransmissions after some time. */
- ret = _gnutls_recv_hello_request (session, bufel->msg.data, bufel->msg.size);
- goto unexpected_packet;
-
- break;
- default:
-
- _gnutls_record_log
- ("REC[%p]: Received unexpected packet %d (%s) expecting %d (%s)\n",
- session, recv->type, _gnutls_packet2str(recv->type), type, _gnutls_packet2str(type));
-
- gnutls_assert ();
- ret = GNUTLS_E_UNEXPECTED_PACKET;
- goto unexpected_packet;
- }
- }
-
- return 0;
-
-unexpected_packet:
- if (IS_DTLS(session) && ret != GNUTLS_E_REHANDSHAKE)
- {
- _mbuffer_xfree(&bufel);
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
- }
-
-cleanup:
- _mbuffer_xfree(&bufel);
- return ret;
+ case GNUTLS_APPLICATION_DATA:
+ if (session->internals.
+ initial_negotiation_completed == 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+ goto unexpected_packet;
+ }
+
+
+ /* the got_application data is only returned
+ * if expecting client hello (for rehandshake
+ * reasons). Otherwise it is an unexpected packet
+ */
+ if (type == GNUTLS_ALERT
+ || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
+ && type == GNUTLS_HANDSHAKE)) {
+ /* even if data is unexpected put it into the buffer */
+ if ((ret =
+ _gnutls_record_buffer_put(session,
+ recv->type,
+ seq,
+ bufel)) <
+ 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return
+ gnutls_assert_val
+ (GNUTLS_E_GOT_APPLICATION_DATA);
+ } else {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+ goto unexpected_packet;
+ }
+
+ break;
+
+ case GNUTLS_HANDSHAKE:
+ /* In DTLS we might receive a handshake replay from the peer to indicate
+ * the our last TLS handshake messages were not received.
+ */
+ if (IS_DTLS(session)) {
+ if (type == GNUTLS_CHANGE_CIPHER_SPEC) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+ goto unexpected_packet;
+ }
+
+ if (_dtls_is_async(session)
+ && _dtls_async_timer_active(session)) {
+ if (session->security_parameters.
+ entity == GNUTLS_SERVER
+ && bufel->htype ==
+ GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ {
+ /* client requested rehandshake. Delete the timer */
+ _dtls_async_timer_delete
+ (session);
+ } else {
+ session->internals.
+ recv_state =
+ RECV_STATE_DTLS_RETRANSMIT;
+ ret =
+ _dtls_retransmit
+ (session);
+ if (ret == 0) {
+ session->internals.
+ recv_state =
+ RECV_STATE_0;
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_AGAIN);
+ goto unexpected_packet;
+ }
+ goto cleanup;
+ }
+ }
+ }
+
+ /* This is legal if HELLO_REQUEST is received - and we are a client.
+ * If we are a server, a client may initiate a renegotiation at any time.
+ */
+ if (session->security_parameters.entity ==
+ GNUTLS_SERVER
+ && bufel->htype ==
+ GNUTLS_HANDSHAKE_CLIENT_HELLO) {
+ gnutls_assert();
+ ret =
+ _gnutls_record_buffer_put(session,
+ recv->type,
+ seq, bufel);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ return GNUTLS_E_REHANDSHAKE;
+ }
+
+ /* If we are already in a handshake then a Hello
+ * Request is illegal. But here we don't really care
+ * since this message will never make it up here.
+ */
+
+ /* So we accept it, if it is a Hello. If not, this will
+ * fail and trigger flight retransmissions after some time. */
+ ret =
+ _gnutls_recv_hello_request(session,
+ bufel->msg.data,
+ bufel->msg.size);
+ goto unexpected_packet;
+
+ break;
+ default:
+
+ _gnutls_record_log
+ ("REC[%p]: Received unexpected packet %d (%s) expecting %d (%s)\n",
+ session, recv->type,
+ _gnutls_packet2str(recv->type), type,
+ _gnutls_packet2str(type));
+
+ gnutls_assert();
+ ret = GNUTLS_E_UNEXPECTED_PACKET;
+ goto unexpected_packet;
+ }
+ }
+
+ return 0;
+
+ unexpected_packet:
+ if (IS_DTLS(session) && ret != GNUTLS_E_REHANDSHAKE) {
+ _mbuffer_xfree(&bufel);
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
+ }
+
+ cleanup:
+ _mbuffer_xfree(&bufel);
+ return ret;
}
@@ -948,158 +947,165 @@ cleanup:
* content type.
*/
static void
-record_read_headers (gnutls_session_t session,
- uint8_t headers[MAX_RECORD_HEADER_SIZE],
- content_type_t type,
- gnutls_handshake_description_t htype,
- struct tls_record_st* record)
+record_read_headers(gnutls_session_t session,
+ uint8_t headers[MAX_RECORD_HEADER_SIZE],
+ content_type_t type,
+ gnutls_handshake_description_t htype,
+ struct tls_record_st *record)
{
- /* Read the first two bytes to determine if this is a
- * version 2 message
- */
-
- if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
- && headers[0] > 127 && !(IS_DTLS(session)))
- {
-
- /* if msb set and expecting handshake message
- * it should be SSL 2 hello
- */
- record->version[0] = 3; /* assume SSL 3.0 */
- record->version[1] = 0;
-
- record->length = (((headers[0] & 0x7f) << 8)) | headers[1];
-
- /* SSL 2.0 headers */
- record->header_size = record->packet_size = 2;
- record->type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
- */
-
- /* in order to assist the handshake protocol.
- * V2 compatibility is a mess.
- */
- record->v2 = 1;
- record->epoch = 0;
- memset(&record->sequence, 0, sizeof(record->sequence));
-
- _gnutls_record_log ("REC[%p]: SSL 2.0 %s packet received. Length: %d\n",
- session,
- _gnutls_packet2str (record->type),
- record->length);
-
- }
- else
- {
- /* dtls version 1.0 and TLS version 1.x */
- record->v2 = 0;
-
- record->type = headers[0];
- record->version[0] = headers[1];
- record->version[1] = headers[2];
-
- if(IS_DTLS(session))
- {
- memcpy(record->sequence.i, &headers[3], 8);
- record->length = _gnutls_read_uint16 (&headers[11]);
- record->epoch = _gnutls_read_uint16(record->sequence.i);
- }
- else
- {
- memset(&record->sequence, 0, sizeof(record->sequence));
- record->length = _gnutls_read_uint16 (&headers[3]);
- record->epoch = 0;
- }
-
- _gnutls_record_log ("REC[%p]: SSL %d.%d %s packet received. Epoch %d, length: %d\n",
- session, (int)record->version[0], (int)record->version[1],
- _gnutls_packet2str (record->type),
- (int)record->epoch, record->length);
-
- }
-
- record->packet_size += record->length;
+ /* Read the first two bytes to determine if this is a
+ * version 2 message
+ */
+
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
+ && type == GNUTLS_HANDSHAKE && headers[0] > 127
+ && !(IS_DTLS(session))) {
+
+ /* if msb set and expecting handshake message
+ * it should be SSL 2 hello
+ */
+ record->version[0] = 3; /* assume SSL 3.0 */
+ record->version[1] = 0;
+
+ record->length = (((headers[0] & 0x7f) << 8)) | headers[1];
+
+ /* SSL 2.0 headers */
+ record->header_size = record->packet_size = 2;
+ record->type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
+ */
+
+ /* in order to assist the handshake protocol.
+ * V2 compatibility is a mess.
+ */
+ record->v2 = 1;
+ record->epoch = 0;
+ memset(&record->sequence, 0, sizeof(record->sequence));
+
+ _gnutls_record_log
+ ("REC[%p]: SSL 2.0 %s packet received. Length: %d\n",
+ session, _gnutls_packet2str(record->type),
+ record->length);
+
+ } else {
+ /* dtls version 1.0 and TLS version 1.x */
+ record->v2 = 0;
+
+ record->type = headers[0];
+ record->version[0] = headers[1];
+ record->version[1] = headers[2];
+
+ if (IS_DTLS(session)) {
+ memcpy(record->sequence.i, &headers[3], 8);
+ record->length = _gnutls_read_uint16(&headers[11]);
+ record->epoch =
+ _gnutls_read_uint16(record->sequence.i);
+ } else {
+ memset(&record->sequence, 0,
+ sizeof(record->sequence));
+ record->length = _gnutls_read_uint16(&headers[3]);
+ record->epoch = 0;
+ }
+
+ _gnutls_record_log
+ ("REC[%p]: SSL %d.%d %s packet received. Epoch %d, length: %d\n",
+ session, (int) record->version[0],
+ (int) record->version[1],
+ _gnutls_packet2str(record->type), (int) record->epoch,
+ record->length);
+
+ }
+
+ record->packet_size += record->length;
}
-static int recv_headers( gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- struct tls_record_st* record,
- unsigned int *ms)
+static int recv_headers(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ struct tls_record_st *record, unsigned int *ms)
{
-int ret;
-gnutls_datum_t raw; /* raw headers */
- /* Read the headers.
- */
- record->header_size = record->packet_size = RECORD_HEADER_SIZE(session);
-
- ret =
- _gnutls_io_read_buffered (session, record->header_size, -1, ms);
- if (ret != record->header_size)
- {
- if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- return ret;
-
- if (ret > 0)
- ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- else if (ret == 0)
- ret = GNUTLS_E_PREMATURE_TERMINATION;
-
- return gnutls_assert_val(ret);
- }
-
- ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _mbuffer_head_get_first (&session->internals.record_recv_buffer, &raw);
- if (raw.size < RECORD_HEADER_SIZE(session))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- record_read_headers (session, raw.data, type, htype, record);
-
- /* Check if the DTLS epoch is valid */
- if (IS_DTLS(session))
- {
- if (_gnutls_epoch_is_valid(session, record->epoch) == 0)
- {
- _gnutls_audit_log(session, "Discarded message[%u] with invalid epoch %u.\n",
- (unsigned int)_gnutls_uint64touint32 (&record->sequence),
- (unsigned int)record->sequence.i[0]*256+(unsigned int)record->sequence.i[1]);
- gnutls_assert();
- /* doesn't matter, just a fatal error */
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- }
-
- /* Here we check if the Type of the received packet is
- * ok.
- */
- if ((ret = check_recv_type (session, record->type)) < 0)
- return gnutls_assert_val(ret);
-
- /* Here we check if the advertized version is the one we
- * negotiated in the handshake.
- */
- if ((ret = record_check_version (session, htype, record->version)) < 0)
- return gnutls_assert_val(ret);
-
- if (record->length > MAX_RECV_SIZE(session))
- {
- _gnutls_audit_log
- (session, "Received packet with illegal length: %u\n", (unsigned int)record->length);
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- }
-
- _gnutls_record_log
- ("REC[%p]: Expected Packet %s(%d)\n", session,
- _gnutls_packet2str (type), type);
- _gnutls_record_log ("REC[%p]: Received Packet %s(%d) with length: %d\n",
- session,
- _gnutls_packet2str (record->type), record->type, record->length);
-
-
- return 0;
+ int ret;
+ gnutls_datum_t raw; /* raw headers */
+ /* Read the headers.
+ */
+ record->header_size = record->packet_size =
+ RECORD_HEADER_SIZE(session);
+
+ ret =
+ _gnutls_io_read_buffered(session, record->header_size, -1, ms);
+ if (ret != record->header_size) {
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0)
+ return ret;
+
+ if (ret > 0)
+ ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ else if (ret == 0)
+ ret = GNUTLS_E_PREMATURE_TERMINATION;
+
+ return gnutls_assert_val(ret);
+ }
+
+ ret = _mbuffer_linearize(&session->internals.record_recv_buffer);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _mbuffer_head_get_first(&session->internals.record_recv_buffer,
+ &raw);
+ if (raw.size < RECORD_HEADER_SIZE(session))
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ record_read_headers(session, raw.data, type, htype, record);
+
+ /* Check if the DTLS epoch is valid */
+ if (IS_DTLS(session)) {
+ if (_gnutls_epoch_is_valid(session, record->epoch) == 0) {
+ _gnutls_audit_log(session,
+ "Discarded message[%u] with invalid epoch %u.\n",
+ (unsigned int)
+ _gnutls_uint64touint32(&record->
+ sequence),
+ (unsigned int) record->sequence.
+ i[0] * 256 +
+ (unsigned int) record->sequence.
+ i[1]);
+ gnutls_assert();
+ /* doesn't matter, just a fatal error */
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ }
+
+ /* Here we check if the Type of the received packet is
+ * ok.
+ */
+ if ((ret = check_recv_type(session, record->type)) < 0)
+ return gnutls_assert_val(ret);
+
+ /* Here we check if the advertized version is the one we
+ * negotiated in the handshake.
+ */
+ if ((ret =
+ record_check_version(session, htype, record->version)) < 0)
+ return gnutls_assert_val(ret);
+
+ if (record->length > MAX_RECV_SIZE(session)) {
+ _gnutls_audit_log
+ (session, "Received packet with illegal length: %u\n",
+ (unsigned int) record->length);
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ }
+
+ _gnutls_record_log
+ ("REC[%p]: Expected Packet %s(%d)\n", session,
+ _gnutls_packet2str(type), type);
+ _gnutls_record_log
+ ("REC[%p]: Received Packet %s(%d) with length: %d\n", session,
+ _gnutls_packet2str(record->type), record->type,
+ record->length);
+
+
+ return 0;
}
/* @ms: is the number of milliseconds to wait for data. Use zero for indefinite.
@@ -1111,149 +1117,162 @@ gnutls_datum_t raw; /* raw headers */
* will be enforced.
*/
ssize_t
-_gnutls_recv_in_buffers (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype, unsigned int ms)
+_gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int ms)
{
- uint64 *packet_sequence;
- gnutls_datum_t ciphertext;
- mbuffer_st* bufel = NULL, *decrypted = NULL;
- gnutls_datum_t t;
- int ret;
- unsigned int empty_fragments = 0;
- record_parameters_st *record_params;
- record_state_st *record_state;
- struct tls_record_st record;
-
-begin:
-
- if (empty_fragments > session->internals.priorities.max_empty_records)
- {
- gnutls_assert ();
- return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
- }
-
- if (session->internals.read_eof != 0)
- {
- /* if we have already read an EOF
- */
- return 0;
- }
- else if (session_is_valid (session) != 0
- || session->internals.may_not_read != 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_SESSION);
-
- /* get the record state parameters */
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- /* Safeguard against processing data with an incomplete cipher state. */
- if (!record_params->initialized)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
-
- record_state = &record_params->read;
-
- /* receive headers */
- ret = recv_headers(session, type, htype, &record, &ms);
- if (ret < 0)
- {
- ret = gnutls_assert_val_fatal(ret);
- goto recv_error;
- }
-
- if (IS_DTLS(session))
- packet_sequence = &record.sequence;
- else
- packet_sequence = &record_state->sequence_number;
-
- /* Read the packet data and insert it to record_recv_buffer.
- */
- ret =
- _gnutls_io_read_buffered (session, record.packet_size,
- record.type, &ms);
- if (ret != record.packet_size)
- {
- gnutls_assert();
- goto recv_error;
- }
-
- /* ok now we are sure that we have read all the data - so
- * move on !
- */
- ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- bufel = _mbuffer_head_get_first (&session->internals.record_recv_buffer, NULL);
- if (bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* We allocate the maximum possible to allow few compressed bytes to expand to a
- * full record.
- */
- decrypted = _mbuffer_alloc(record.length, record.length);
- if (decrypted == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ciphertext.data = (uint8_t*)_mbuffer_get_udata_ptr(bufel) + record.header_size;
- ciphertext.size = record.length;
-
- /* decrypt the data we got.
- */
- t.data = _mbuffer_get_udata_ptr(decrypted);
- t.size = _mbuffer_get_udata_size(decrypted);
- ret =
- _gnutls_decrypt (session, &ciphertext, &t,
- record.type, record_params, packet_sequence);
- if (ret >= 0) _mbuffer_set_udata_size(decrypted, ret);
-
- _mbuffer_head_remove_bytes (&session->internals.record_recv_buffer,
- record.header_size + record.length);
- if (ret < 0)
- {
- gnutls_assert();
- _gnutls_audit_log(session, "Discarded message[%u] due to invalid decryption\n",
- (unsigned int)_gnutls_uint64touint32 (packet_sequence));
- goto sanity_check_error;
- }
-
- /* check for duplicates. We check after the message
- * is processed and authenticated to avoid someone
- * messing with our windows.
- */
- if (IS_DTLS(session) && session->internals.no_replay_protection == 0)
- {
- ret = _dtls_record_check(record_params, packet_sequence);
- if (ret < 0)
- {
- _gnutls_record_log("REC[%p]: Discarded duplicate message[%u.%u]: %s\n", session,
- (unsigned int)record.sequence.i[0]*256 +(unsigned int)record.sequence.i[1],
- (unsigned int) _gnutls_uint64touint32 (packet_sequence), _gnutls_packet2str (record.type));
- goto sanity_check_error;
- }
- _gnutls_record_log
- ("REC[%p]: Decrypted Packet[%u.%u] %s(%d) with length: %d\n", session,
- (unsigned int)record.sequence.i[0]*256 +(unsigned int)record.sequence.i[1],
- (unsigned int) _gnutls_uint64touint32 (packet_sequence),
- _gnutls_packet2str (record.type), record.type, (int)_mbuffer_get_udata_size(decrypted));
- }
- else
- {
- _gnutls_record_log
- ("REC[%p]: Decrypted Packet[%u] %s(%d) with length: %d\n", session,
- (unsigned int) _gnutls_uint64touint32 (packet_sequence),
- _gnutls_packet2str (record.type), record.type, (int)_mbuffer_get_udata_size(decrypted));
- }
-
- /* increase sequence number
- */
- if (!IS_DTLS(session) && sequence_increment (session, &record_state->sequence_number) != 0)
- {
- session_invalidate (session);
- gnutls_assert ();
- ret = GNUTLS_E_RECORD_LIMIT_REACHED;
- goto sanity_check_error;
- }
+ uint64 *packet_sequence;
+ gnutls_datum_t ciphertext;
+ mbuffer_st *bufel = NULL, *decrypted = NULL;
+ gnutls_datum_t t;
+ int ret;
+ unsigned int empty_fragments = 0;
+ record_parameters_st *record_params;
+ record_state_st *record_state;
+ struct tls_record_st record;
+
+ begin:
+
+ if (empty_fragments >
+ session->internals.priorities.max_empty_records) {
+ gnutls_assert();
+ return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
+ }
+
+ if (session->internals.read_eof != 0) {
+ /* if we have already read an EOF
+ */
+ return 0;
+ } else if (session_is_valid(session) != 0
+ || session->internals.may_not_read != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_SESSION);
+
+ /* get the record state parameters */
+ ret =
+ _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Safeguard against processing data with an incomplete cipher state. */
+ if (!record_params->initialized)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ record_state = &record_params->read;
+
+ /* receive headers */
+ ret = recv_headers(session, type, htype, &record, &ms);
+ if (ret < 0) {
+ ret = gnutls_assert_val_fatal(ret);
+ goto recv_error;
+ }
+
+ if (IS_DTLS(session))
+ packet_sequence = &record.sequence;
+ else
+ packet_sequence = &record_state->sequence_number;
+
+ /* Read the packet data and insert it to record_recv_buffer.
+ */
+ ret =
+ _gnutls_io_read_buffered(session, record.packet_size,
+ record.type, &ms);
+ if (ret != record.packet_size) {
+ gnutls_assert();
+ goto recv_error;
+ }
+
+ /* ok now we are sure that we have read all the data - so
+ * move on !
+ */
+ ret = _mbuffer_linearize(&session->internals.record_recv_buffer);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ bufel =
+ _mbuffer_head_get_first(&session->internals.record_recv_buffer,
+ NULL);
+ if (bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* We allocate the maximum possible to allow few compressed bytes to expand to a
+ * full record.
+ */
+ decrypted = _mbuffer_alloc(record.length, record.length);
+ if (decrypted == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ciphertext.data =
+ (uint8_t *) _mbuffer_get_udata_ptr(bufel) + record.header_size;
+ ciphertext.size = record.length;
+
+ /* decrypt the data we got.
+ */
+ t.data = _mbuffer_get_udata_ptr(decrypted);
+ t.size = _mbuffer_get_udata_size(decrypted);
+ ret =
+ _gnutls_decrypt(session, &ciphertext, &t,
+ record.type, record_params, packet_sequence);
+ if (ret >= 0)
+ _mbuffer_set_udata_size(decrypted, ret);
+
+ _mbuffer_head_remove_bytes(&session->internals.record_recv_buffer,
+ record.header_size + record.length);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Discarded message[%u] due to invalid decryption\n",
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence));
+ goto sanity_check_error;
+ }
+
+ /* check for duplicates. We check after the message
+ * is processed and authenticated to avoid someone
+ * messing with our windows.
+ */
+ if (IS_DTLS(session)
+ && session->internals.no_replay_protection == 0) {
+ ret = _dtls_record_check(record_params, packet_sequence);
+ if (ret < 0) {
+ _gnutls_record_log
+ ("REC[%p]: Discarded duplicate message[%u.%u]: %s\n",
+ session,
+ (unsigned int) record.sequence.i[0] * 256 +
+ (unsigned int) record.sequence.i[1],
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence),
+ _gnutls_packet2str(record.type));
+ goto sanity_check_error;
+ }
+ _gnutls_record_log
+ ("REC[%p]: Decrypted Packet[%u.%u] %s(%d) with length: %d\n",
+ session,
+ (unsigned int) record.sequence.i[0] * 256 +
+ (unsigned int) record.sequence.i[1],
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence),
+ _gnutls_packet2str(record.type), record.type,
+ (int) _mbuffer_get_udata_size(decrypted));
+ } else {
+ _gnutls_record_log
+ ("REC[%p]: Decrypted Packet[%u] %s(%d) with length: %d\n",
+ session,
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence),
+ _gnutls_packet2str(record.type), record.type,
+ (int) _mbuffer_get_udata_size(decrypted));
+ }
+
+ /* increase sequence number
+ */
+ if (!IS_DTLS(session)
+ && sequence_increment(session,
+ &record_state->sequence_number) != 0) {
+ session_invalidate(session);
+ gnutls_assert();
+ ret = GNUTLS_E_RECORD_LIMIT_REACHED;
+ goto sanity_check_error;
+ }
/* (originally for) TLS 1.0 CBC protection.
* Actually this code is called if we just received
@@ -1262,78 +1281,77 @@ begin:
* In that case we go to the beginning and start reading
* the next packet.
*/
- if (_mbuffer_get_udata_size(decrypted) == 0)
- {
- _mbuffer_xfree(&decrypted);
- empty_fragments++;
- goto begin;
- }
-
- if (record.v2)
- decrypted->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
- else
- {
- uint8_t * p = _mbuffer_get_udata_ptr(decrypted);
- decrypted->htype = p[0];
- }
-
- ret =
- record_add_to_buffers (session, &record, type, htype,
- packet_sequence, decrypted);
-
- /* bufel is now either deinitialized or buffered somewhere else */
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return ret;
-
-discard:
- session->internals.dtls.packets_dropped++;
-
- /* discard the whole received fragment. */
- bufel = _mbuffer_head_pop_first(&session->internals.record_recv_buffer);
- _mbuffer_xfree(&bufel);
- return gnutls_assert_val(GNUTLS_E_AGAIN);
-
-sanity_check_error:
- if (IS_DTLS(session))
- {
- session->internals.dtls.packets_dropped++;
- ret = gnutls_assert_val(GNUTLS_E_AGAIN);
- goto cleanup;
- }
-
- session_unresumable (session);
- session_invalidate (session);
-
-cleanup:
- _mbuffer_xfree(&decrypted);
- return ret;
-
-recv_error:
- if (ret < 0 && (gnutls_error_is_fatal (ret) == 0 || ret == GNUTLS_E_TIMEDOUT))
- return ret;
-
- if (type == GNUTLS_ALERT) /* we were expecting close notify */
- {
- session_invalidate (session);
- gnutls_assert ();
- return 0;
- }
-
- if (IS_DTLS(session))
- {
- goto discard;
- }
-
- session_invalidate (session);
- session_unresumable (session);
-
- if (ret == 0)
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- else
- return ret;
+ if (_mbuffer_get_udata_size(decrypted) == 0) {
+ _mbuffer_xfree(&decrypted);
+ empty_fragments++;
+ goto begin;
+ }
+
+ if (record.v2)
+ decrypted->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
+ else {
+ uint8_t *p = _mbuffer_get_udata_ptr(decrypted);
+ decrypted->htype = p[0];
+ }
+
+ ret =
+ record_add_to_buffers(session, &record, type, htype,
+ packet_sequence, decrypted);
+
+ /* bufel is now either deinitialized or buffered somewhere else */
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return ret;
+
+ discard:
+ session->internals.dtls.packets_dropped++;
+
+ /* discard the whole received fragment. */
+ bufel =
+ _mbuffer_head_pop_first(&session->internals.
+ record_recv_buffer);
+ _mbuffer_xfree(&bufel);
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
+
+ sanity_check_error:
+ if (IS_DTLS(session)) {
+ session->internals.dtls.packets_dropped++;
+ ret = gnutls_assert_val(GNUTLS_E_AGAIN);
+ goto cleanup;
+ }
+
+ session_unresumable(session);
+ session_invalidate(session);
+
+ cleanup:
+ _mbuffer_xfree(&decrypted);
+ return ret;
+
+ recv_error:
+ if (ret < 0
+ && (gnutls_error_is_fatal(ret) == 0
+ || ret == GNUTLS_E_TIMEDOUT))
+ return ret;
+
+ if (type == GNUTLS_ALERT) { /* we were expecting close notify */
+ session_invalidate(session);
+ gnutls_assert();
+ return 0;
+ }
+
+ if (IS_DTLS(session)) {
+ goto discard;
+ }
+
+ session_invalidate(session);
+ session_unresumable(session);
+
+ if (ret == 0)
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ else
+ return ret;
}
/* This function behaves exactly like read(). The only difference is
@@ -1344,55 +1362,52 @@ recv_error:
* The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos.
*/
ssize_t
-_gnutls_recv_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- uint8_t * data, size_t data_size, void* seq,
- unsigned int ms)
+_gnutls_recv_int(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ uint8_t * data, size_t data_size, void *seq,
+ unsigned int ms)
{
- int ret;
-
- if ((type != GNUTLS_ALERT && type != GNUTLS_HEARTBEAT) && (data_size == 0 || data == NULL))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (session->internals.read_eof != 0)
- {
- /* if we have already read an EOF
- */
- return 0;
- }
- else if (session_is_valid (session) != 0
- || session->internals.may_not_read != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- switch(session->internals.recv_state)
- {
- case RECV_STATE_DTLS_RETRANSMIT:
- ret = _dtls_retransmit(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- session->internals.recv_state = RECV_STATE_0;
- case RECV_STATE_0:
-
- _dtls_async_timer_check(session);
- /* If we have enough data in the cache do not bother receiving
- * a new packet. (in order to flush the cache)
- */
- ret = check_buffers (session, type, data, data_size, seq);
- if (ret != 0)
- return ret;
-
- ret = _gnutls_recv_in_buffers(session, type, htype, ms);
- if (ret < 0 && ret != GNUTLS_E_SESSION_EOF)
- return gnutls_assert_val(ret);
-
- return check_buffers (session, type, data, data_size, seq);
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
+ int ret;
+
+ if ((type != GNUTLS_ALERT && type != GNUTLS_HEARTBEAT)
+ && (data_size == 0 || data == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (session->internals.read_eof != 0) {
+ /* if we have already read an EOF
+ */
+ return 0;
+ } else if (session_is_valid(session) != 0
+ || session->internals.may_not_read != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ switch (session->internals.recv_state) {
+ case RECV_STATE_DTLS_RETRANSMIT:
+ ret = _dtls_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->internals.recv_state = RECV_STATE_0;
+ case RECV_STATE_0:
+
+ _dtls_async_timer_check(session);
+ /* If we have enough data in the cache do not bother receiving
+ * a new packet. (in order to flush the cache)
+ */
+ ret = check_buffers(session, type, data, data_size, seq);
+ if (ret != 0)
+ return ret;
+
+ ret = _gnutls_recv_in_buffers(session, type, htype, ms);
+ if (ret < 0 && ret != GNUTLS_E_SESSION_EOF)
+ return gnutls_assert_val(ret);
+
+ return check_buffers(session, type, data, data_size, seq);
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
/**
@@ -1427,25 +1442,26 @@ _gnutls_recv_int (gnutls_session_t session, content_type_t type,
* on the negotiated maximum record size.
**/
ssize_t
-gnutls_record_send (gnutls_session_t session, const void *data,
- size_t data_size)
+gnutls_record_send(gnutls_session_t session, const void *data,
+ size_t data_size)
{
- if (session->internals.record_flush_mode == RECORD_FLUSH)
- {
- return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1,
- EPOCH_WRITE_CURRENT, data, data_size,
- MBUFFER_FLUSH);
- }
- else /* GNUTLS_CORKED */
- {
- int ret;
-
- ret = _gnutls_buffer_append_data(&session->internals.record_presend_buffer, data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return data_size;
- }
+ if (session->internals.record_flush_mode == RECORD_FLUSH) {
+ return _gnutls_send_int(session, GNUTLS_APPLICATION_DATA,
+ -1, EPOCH_WRITE_CURRENT, data,
+ data_size, MBUFFER_FLUSH);
+ } else { /* GNUTLS_CORKED */
+
+ int ret;
+
+ ret =
+ _gnutls_buffer_append_data(&session->internals.
+ record_presend_buffer, data,
+ data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return data_size;
+ }
}
/**
@@ -1458,10 +1474,9 @@ gnutls_record_send (gnutls_session_t session, const void *data,
*
* Since: 3.1.9
**/
-void
-gnutls_record_cork (gnutls_session_t session)
+void gnutls_record_cork(gnutls_session_t session)
{
- session->internals.record_flush_mode = RECORD_CORKED;
+ session->internals.record_flush_mode = RECORD_CORKED;
}
/**
@@ -1480,46 +1495,51 @@ gnutls_record_cork (gnutls_session_t session)
*
* Since: 3.1.9
**/
-int
-gnutls_record_uncork (gnutls_session_t session, unsigned int flags)
+int gnutls_record_uncork(gnutls_session_t session, unsigned int flags)
{
-int ret;
-ssize_t total = 0;
-
- if (session->internals.record_flush_mode == RECORD_FLUSH)
- return 0; /* nothing to be done */
-
- session->internals.record_flush_mode = RECORD_FLUSH;
-
- while(session->internals.record_presend_buffer.length > 0)
- {
- if (flags == GNUTLS_RECORD_WAIT)
- {
- do
- {
- ret = gnutls_record_send(session, session->internals.record_presend_buffer.data,
- session->internals.record_presend_buffer.length);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- }
- else
- {
- ret = gnutls_record_send(session, session->internals.record_presend_buffer.data,
- session->internals.record_presend_buffer.length);
- }
- if (ret < 0)
- goto fail;
-
- session->internals.record_presend_buffer.data += ret;
- session->internals.record_presend_buffer.length -= ret;
- total += ret;
- }
-
- return total;
-
-fail:
- session->internals.record_flush_mode = RECORD_CORKED;
- return ret;
+ int ret;
+ ssize_t total = 0;
+
+ if (session->internals.record_flush_mode == RECORD_FLUSH)
+ return 0; /* nothing to be done */
+
+ session->internals.record_flush_mode = RECORD_FLUSH;
+
+ while (session->internals.record_presend_buffer.length > 0) {
+ if (flags == GNUTLS_RECORD_WAIT) {
+ do {
+ ret =
+ gnutls_record_send(session,
+ session->internals.
+ record_presend_buffer.
+ data,
+ session->internals.
+ record_presend_buffer.
+ length);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ } else {
+ ret =
+ gnutls_record_send(session,
+ session->internals.
+ record_presend_buffer.data,
+ session->internals.
+ record_presend_buffer.
+ length);
+ }
+ if (ret < 0)
+ goto fail;
+
+ session->internals.record_presend_buffer.data += ret;
+ session->internals.record_presend_buffer.length -= ret;
+ total += ret;
+ }
+
+ return total;
+
+ fail:
+ session->internals.record_flush_mode = RECORD_CORKED;
+ return ret;
}
/**
@@ -1550,10 +1570,11 @@ fail:
* The number of bytes received might be less than the requested @data_size.
**/
ssize_t
-gnutls_record_recv (gnutls_session_t session, void *data, size_t data_size)
+gnutls_record_recv(gnutls_session_t session, void *data, size_t data_size)
{
- return _gnutls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, data_size,
- NULL, session->internals.record_timeout_ms);
+ return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA, -1, data,
+ data_size, NULL,
+ session->internals.record_timeout_ms);
}
/**
@@ -1577,11 +1598,12 @@ gnutls_record_recv (gnutls_session_t session, void *data, size_t data_size)
* Since: 3.0
**/
ssize_t
-gnutls_record_recv_seq (gnutls_session_t session, void *data, size_t data_size,
- unsigned char *seq)
+gnutls_record_recv_seq(gnutls_session_t session, void *data,
+ size_t data_size, unsigned char *seq)
{
- return _gnutls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data,
- data_size, seq, session->internals.record_timeout_ms);
+ return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA, -1, data,
+ data_size, seq,
+ session->internals.record_timeout_ms);
}
/**
@@ -1600,8 +1622,7 @@ gnutls_record_recv_seq (gnutls_session_t session, void *data, size_t data_size,
* Since: 3.1.7
*
**/
-void
-gnutls_record_set_timeout (gnutls_session_t session, unsigned int ms)
+void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms)
{
- session->internals.record_timeout_ms = ms;
+ session->internals.record_timeout_ms = ms;
}
diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h
index 5c85dedf53..1a515610b4 100644
--- a/lib/gnutls_record.h
+++ b/lib/gnutls_record.h
@@ -26,38 +26,38 @@
#include <gnutls/gnutls.h>
#include <gnutls_buffers.h>
-ssize_t _gnutls_send_tlen_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- unsigned int epoch_rel, const void *data,
- size_t sizeofdata,
- size_t min_pad,
- unsigned int mflags);
+ssize_t _gnutls_send_tlen_int(gnutls_session_t session,
+ content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *data,
+ size_t sizeofdata, size_t min_pad,
+ unsigned int mflags);
inline static ssize_t
-_gnutls_send_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- unsigned int epoch_rel, const void *_data,
- size_t data_size, unsigned int mflags)
+_gnutls_send_int(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *_data,
+ size_t data_size, unsigned int mflags)
{
- return _gnutls_send_tlen_int(session,type,htype,epoch_rel,_data,data_size,0,mflags);
+ return _gnutls_send_tlen_int(session, type, htype, epoch_rel,
+ _data, data_size, 0, mflags);
}
-ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t, uint8_t * data,
- size_t sizeofdata, void* seq, unsigned int ms);
+ssize_t _gnutls_recv_int(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t, uint8_t * data,
+ size_t sizeofdata, void *seq, unsigned int ms);
-inline
-static int get_max_decrypted_data(gnutls_session_t session)
+inline static int get_max_decrypted_data(gnutls_session_t session)
{
-int ret;
+ int ret;
- ret = MAX_RECORD_RECV_SIZE(session) + MAX_RECORD_OVERHEAD(session);
+ ret = MAX_RECORD_RECV_SIZE(session) + MAX_RECORD_OVERHEAD(session);
- if (session->internals.priorities.allow_large_records != 0 &&
- gnutls_compression_get(session)==GNUTLS_COMP_NULL)
- ret += EXTRA_COMP_SIZE;
+ if (session->internals.priorities.allow_large_records != 0 &&
+ gnutls_compression_get(session) == GNUTLS_COMP_NULL)
+ ret += EXTRA_COMP_SIZE;
- return ret;
+ return ret;
}
#endif
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
index 396bc73d5f..29ee450511 100644
--- a/lib/gnutls_rsa_export.c
+++ b/lib/gnutls_rsa_export.c
@@ -52,15 +52,16 @@
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u)
+gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
{
- return gnutls_x509_privkey_import_rsa_raw (rsa_params, m, e, d, p, q, u);
+ return gnutls_x509_privkey_import_rsa_raw(rsa_params, m, e, d, p,
+ q, u);
}
/**
@@ -71,19 +72,17 @@ gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
*
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
-int
-gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params)
+int gnutls_rsa_params_init(gnutls_rsa_params_t * rsa_params)
{
- int ret;
+ int ret;
- ret = gnutls_x509_privkey_init (rsa_params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_x509_privkey_init(rsa_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -92,10 +91,9 @@ gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params)
*
* This function will deinitialize the RSA parameters structure.
**/
-void
-gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params)
+void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params)
{
- gnutls_x509_privkey_deinit (rsa_params);
+ gnutls_x509_privkey_deinit(rsa_params);
}
/**
@@ -108,10 +106,9 @@ gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
-int
-gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
+int gnutls_rsa_params_cpy(gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
{
- return gnutls_x509_privkey_cpy (dst, src);
+ return gnutls_x509_privkey_cpy(dst, src);
}
/**
@@ -131,9 +128,10 @@ gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, unsigned int bits)
+gnutls_rsa_params_generate2(gnutls_rsa_params_t params, unsigned int bits)
{
- return gnutls_x509_privkey_generate (params, GNUTLS_PK_RSA, bits, 0);
+ return gnutls_x509_privkey_generate(params, GNUTLS_PK_RSA, bits,
+ 0);
}
/**
@@ -151,11 +149,11 @@ gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, unsigned int bits)
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
- const gnutls_datum_t * pkcs1_params,
- gnutls_x509_crt_fmt_t format)
+gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t params,
+ const gnutls_datum_t * pkcs1_params,
+ gnutls_x509_crt_fmt_t format)
{
- return gnutls_x509_privkey_import (params, pkcs1_params, format);
+ return gnutls_x509_privkey_import(params, pkcs1_params, format);
}
/**
@@ -175,13 +173,13 @@ gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size)
+gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
{
- return gnutls_x509_privkey_export (params, format,
- params_data, params_data_size);
+ return gnutls_x509_privkey_export(params, format,
+ params_data, params_data_size);
}
/**
@@ -202,25 +200,24 @@ gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_export_raw (gnutls_rsa_params_t rsa,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- unsigned int *bits)
+gnutls_rsa_params_export_raw(gnutls_rsa_params_t rsa,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ unsigned int *bits)
{
- int ret;
+ int ret;
- ret = gnutls_x509_privkey_export_rsa_raw (rsa, m, e, d, p, q, u);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_x509_privkey_export_rsa_raw(rsa, m, e, d, p, q, u);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (bits)
- *bits = _gnutls_mpi_get_nbits (rsa->params.params[3]);
+ if (bits)
+ *bits = _gnutls_mpi_get_nbits(rsa->params.params[3]);
- return 0;
+ return 0;
}
-#endif /* ENABLE_RSA_EXPORT */
+#endif /* ENABLE_RSA_EXPORT */
diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
index f7d8113473..5a7fdf8a93 100644
--- a/lib/gnutls_session.c
+++ b/lib/gnutls_session.c
@@ -40,41 +40,39 @@
* an error code is returned.
**/
int
-gnutls_session_get_data (gnutls_session_t session,
- void *session_data, size_t * session_data_size)
+gnutls_session_get_data(gnutls_session_t session,
+ void *session_data, size_t * session_data_size)
{
- gnutls_datum_t psession;
- int ret;
+ gnutls_datum_t psession;
+ int ret;
- if (session->internals.resumable == RESUME_FALSE)
- return GNUTLS_E_INVALID_SESSION;
+ if (session->internals.resumable == RESUME_FALSE)
+ return GNUTLS_E_INVALID_SESSION;
- psession.data = session_data;
+ psession.data = session_data;
- ret = _gnutls_session_pack (session, &psession);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_session_pack(session, &psession);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (psession.size > *session_data_size)
- {
- *session_data_size = psession.size;
- ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto error;
- }
- *session_data_size = psession.size;
+ if (psession.size > *session_data_size) {
+ *session_data_size = psession.size;
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto error;
+ }
+ *session_data_size = psession.size;
- if (session_data != NULL)
- memcpy (session_data, psession.data, psession.size);
+ if (session_data != NULL)
+ memcpy(session_data, psession.data, psession.size);
- ret = 0;
+ ret = 0;
-error:
- _gnutls_free_datum (&psession);
- return ret;
+ error:
+ _gnutls_free_datum(&psession);
+ return ret;
}
/**
@@ -92,27 +90,25 @@ error:
* an error code is returned.
**/
int
-gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data)
+gnutls_session_get_data2(gnutls_session_t session, gnutls_datum_t * data)
{
- int ret;
+ int ret;
- if (data == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (data == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (session->internals.resumable == RESUME_FALSE)
- return GNUTLS_E_INVALID_SESSION;
+ if (session->internals.resumable == RESUME_FALSE)
+ return GNUTLS_E_INVALID_SESSION;
- ret = _gnutls_session_pack (session, data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_session_pack(session, data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -135,28 +131,27 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data)
* an error code is returned.
**/
int
-gnutls_session_get_id (gnutls_session_t session,
- void *session_id, size_t * session_id_size)
+gnutls_session_get_id(gnutls_session_t session,
+ void *session_id, size_t * session_id_size)
{
- size_t given_session_id_size = *session_id_size;
+ size_t given_session_id_size = *session_id_size;
- *session_id_size = session->security_parameters.session_id_size;
+ *session_id_size = session->security_parameters.session_id_size;
- /* just return the session size */
- if (session_id == NULL)
- {
- return 0;
- }
+ /* just return the session size */
+ if (session_id == NULL) {
+ return 0;
+ }
- if (given_session_id_size < session->security_parameters.session_id_size)
- {
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (given_session_id_size <
+ session->security_parameters.session_id_size) {
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- memcpy (session_id, &session->security_parameters.session_id,
- *session_id_size);
+ memcpy(session_id, &session->security_parameters.session_id,
+ *session_id_size);
- return 0;
+ return 0;
}
/**
@@ -173,13 +168,13 @@ gnutls_session_get_id (gnutls_session_t session,
* Since: 3.1.4
**/
int
-gnutls_session_get_id2 (gnutls_session_t session,
- gnutls_datum_t *session_id)
+gnutls_session_get_id2(gnutls_session_t session,
+ gnutls_datum_t * session_id)
{
- session_id->size = session->security_parameters.session_id_size;
- session_id->data = session->security_parameters.session_id;
+ session_id->size = session->security_parameters.session_id_size;
+ session_id->data = session->security_parameters.session_id;
- return 0;
+ return 0;
}
/**
@@ -201,30 +196,28 @@ gnutls_session_get_id2 (gnutls_session_t session,
* an error code is returned.
**/
int
-gnutls_session_set_data (gnutls_session_t session,
- const void *session_data, size_t session_data_size)
+gnutls_session_set_data(gnutls_session_t session,
+ const void *session_data, size_t session_data_size)
{
- int ret;
- gnutls_datum_t psession;
-
- psession.data = (uint8_t *) session_data;
- psession.size = session_data_size;
-
- if (session_data == NULL || session_data_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- ret = _gnutls_session_unpack (session, &psession);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- session->internals.resumption_requested = 1;
-
- return 0;
+ int ret;
+ gnutls_datum_t psession;
+
+ psession.data = (uint8_t *) session_data;
+ psession.size = session_data_size;
+
+ if (session_data == NULL || session_data_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ret = _gnutls_session_unpack(session, &psession);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ session->internals.resumption_requested = 1;
+
+ return 0;
}
/**
@@ -238,8 +231,7 @@ gnutls_session_set_data (gnutls_session_t session,
* applications.
*
**/
-void
-gnutls_session_force_valid (gnutls_session_t session)
+void gnutls_session_force_valid(gnutls_session_t session)
{
- session->internals.invalid_connection = 0;
+ session->internals.invalid_connection = 0;
}
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index b230f5e8fe..0fb11eeb2e 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -44,30 +44,30 @@
#include <gnutls_state.h>
#include <gnutls_db.h>
-static int pack_certificate_auth_info (gnutls_session_t,
- gnutls_buffer_st * packed_session);
-static int unpack_certificate_auth_info (gnutls_session_t,
- gnutls_buffer_st * packed_session);
+static int pack_certificate_auth_info(gnutls_session_t,
+ gnutls_buffer_st * packed_session);
+static int unpack_certificate_auth_info(gnutls_session_t,
+ gnutls_buffer_st * packed_session);
-static int unpack_srp_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
-static int pack_srp_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+static int unpack_srp_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_srp_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
-static int unpack_psk_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
-static int pack_psk_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+static int unpack_psk_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_psk_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
-static int unpack_anon_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
-static int pack_anon_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+static int unpack_anon_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_anon_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
-static int unpack_security_parameters (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
-static int pack_security_parameters (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+static int unpack_security_parameters(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_security_parameters(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
/* Since auth_info structures contain malloced data, this function
@@ -79,211 +79,194 @@ static int pack_security_parameters (gnutls_session_t session,
* The data will be in a platform independent format.
*/
int
-_gnutls_session_pack (gnutls_session_t session,
- gnutls_datum_t * packed_session)
+_gnutls_session_pack(gnutls_session_t session,
+ gnutls_datum_t * packed_session)
{
- int ret;
- gnutls_buffer_st sb;
- uint8_t id;
+ int ret;
+ gnutls_buffer_st sb;
+ uint8_t id;
- if (packed_session == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (packed_session == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- _gnutls_buffer_init (&sb);
+ _gnutls_buffer_init(&sb);
- id = gnutls_auth_get_type (session);
+ id = gnutls_auth_get_type(session);
- BUFFER_APPEND_NUM(&sb, PACKED_SESSION_MAGIC);
- BUFFER_APPEND_NUM(&sb, session->security_parameters.timestamp);
- BUFFER_APPEND (&sb, &id, 1);
+ BUFFER_APPEND_NUM(&sb, PACKED_SESSION_MAGIC);
+ BUFFER_APPEND_NUM(&sb, session->security_parameters.timestamp);
+ BUFFER_APPEND(&sb, &id, 1);
- switch (id)
- {
+ switch (id) {
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- ret = pack_srp_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- break;
+ case GNUTLS_CRD_SRP:
+ ret = pack_srp_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ break;
#endif
#ifdef ENABLE_PSK
- case GNUTLS_CRD_PSK:
- ret = pack_psk_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- break;
+ case GNUTLS_CRD_PSK:
+ ret = pack_psk_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ break;
#endif
#ifdef ENABLE_ANON
- case GNUTLS_CRD_ANON:
- ret = pack_anon_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- break;
+ case GNUTLS_CRD_ANON:
+ ret = pack_anon_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ break;
#endif
- case GNUTLS_CRD_CERTIFICATE:
- ret = pack_certificate_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- break;
- default:
- return GNUTLS_E_INTERNAL_ERROR;
-
- }
-
- /* Auth_info structures copied. Now copy security_parameters_st.
- * packed_session must have allocated space for the security parameters.
- */
- ret = pack_security_parameters (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- ret = _gnutls_ext_pack (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- return _gnutls_buffer_to_datum (&sb, packed_session);
-
-fail:
- _gnutls_buffer_clear (&sb);
- return ret;
+ case GNUTLS_CRD_CERTIFICATE:
+ ret = pack_certificate_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ break;
+ default:
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
+
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ * packed_session must have allocated space for the security parameters.
+ */
+ ret = pack_security_parameters(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ ret = _gnutls_ext_pack(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ return _gnutls_buffer_to_datum(&sb, packed_session);
+
+ fail:
+ _gnutls_buffer_clear(&sb);
+ return ret;
}
/* Load session data from a buffer.
*/
int
-_gnutls_session_unpack (gnutls_session_t session,
- const gnutls_datum_t * packed_session)
+_gnutls_session_unpack(gnutls_session_t session,
+ const gnutls_datum_t * packed_session)
{
- int ret;
- gnutls_buffer_st sb;
- uint32_t magic;
- uint8_t id;
-
- _gnutls_buffer_init (&sb);
-
- if (packed_session == NULL || packed_session->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret =
- _gnutls_buffer_append_data (&sb, packed_session->data,
- packed_session->size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (_gnutls_get_auth_info (session) != NULL)
- {
- _gnutls_free_auth_info (session);
- }
-
- BUFFER_POP_NUM (&sb, magic);
- if (magic != PACKED_SESSION_MAGIC)
- {
- ret = gnutls_assert_val(GNUTLS_E_DB_ERROR);
- goto error;
- }
-
- BUFFER_POP_NUM (&sb, session->internals.resumed_security_parameters.timestamp);
- BUFFER_POP (&sb, &id, 1);
-
- switch (id)
- {
+ int ret;
+ gnutls_buffer_st sb;
+ uint32_t magic;
+ uint8_t id;
+
+ _gnutls_buffer_init(&sb);
+
+ if (packed_session == NULL || packed_session->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_buffer_append_data(&sb, packed_session->data,
+ packed_session->size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (_gnutls_get_auth_info(session) != NULL) {
+ _gnutls_free_auth_info(session);
+ }
+
+ BUFFER_POP_NUM(&sb, magic);
+ if (magic != PACKED_SESSION_MAGIC) {
+ ret = gnutls_assert_val(GNUTLS_E_DB_ERROR);
+ goto error;
+ }
+
+ BUFFER_POP_NUM(&sb,
+ session->internals.resumed_security_parameters.
+ timestamp);
+ BUFFER_POP(&sb, &id, 1);
+
+ switch (id) {
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- ret = unpack_srp_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
+ case GNUTLS_CRD_SRP:
+ ret = unpack_srp_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ break;
#endif
#ifdef ENABLE_PSK
- case GNUTLS_CRD_PSK:
- ret = unpack_psk_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
+ case GNUTLS_CRD_PSK:
+ ret = unpack_psk_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ break;
#endif
#ifdef ENABLE_ANON
- case GNUTLS_CRD_ANON:
- ret = unpack_anon_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- break;
+ case GNUTLS_CRD_ANON:
+ ret = unpack_anon_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ break;
#endif
- case GNUTLS_CRD_CERTIFICATE:
- ret = unpack_certificate_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto error;
-
- }
-
- /* Auth_info structures copied. Now copy security_parameters_st.
- * packed_session must have allocated space for the security parameters.
- */
- ret = unpack_security_parameters (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_ext_unpack (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = 0;
-
-error:
- _gnutls_buffer_clear (&sb);
-
- return ret;
+ case GNUTLS_CRD_CERTIFICATE:
+ ret = unpack_certificate_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ break;
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+
+ }
+
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ * packed_session must have allocated space for the security parameters.
+ */
+ ret = unpack_security_parameters(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = _gnutls_ext_unpack(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ _gnutls_buffer_clear(&sb);
+
+ return ret;
}
@@ -311,112 +294,112 @@ error:
* and so on...
*/
static int
-pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_certificate_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- unsigned int i;
- int cur_size, ret;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
- int size_offset;
+ unsigned int i;
+ int cur_size, ret;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ int size_offset;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+ if (info) {
+
+ BUFFER_APPEND_NUM(ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX4(ps, info->dh.prime.data,
+ info->dh.prime.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+
+ BUFFER_APPEND_NUM(ps, info->ncerts);
+
+ for (i = 0; i < info->ncerts; i++)
+ BUFFER_APPEND_PFX4(ps,
+ info->raw_certificate_list[i].
+ data,
+ info->raw_certificate_list[i].
+ size);
+ }
+
+ /* write the real size */
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
+}
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
- if (info)
- {
+/* Upack certificate info.
+ */
+static int
+unpack_certificate_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * ps)
+{
+ int ret;
+ unsigned int i = 0, j = 0;
+ size_t pack_size;
+ cert_auth_info_t info = NULL;
- BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.generator.data,
- info->dh.generator.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data,
- info->dh.public_key.size);
+ BUFFER_POP_NUM(ps, pack_size);
- BUFFER_APPEND_NUM (ps, info->ncerts);
+ if (pack_size == 0)
+ return 0; /* nothing to be done */
- for (i = 0; i < info->ncerts; i++)
- BUFFER_APPEND_PFX4 (ps, info->raw_certificate_list[i].data,
- info->raw_certificate_list[i].size);
- }
+ /* client and server have the same auth_info here
+ */
+ ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* write the real size */
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- return 0;
-}
+ BUFFER_POP_NUM(ps, info->dh.secret_bits);
+ BUFFER_POP_DATUM(ps, &info->dh.prime);
+ BUFFER_POP_DATUM(ps, &info->dh.generator);
+ BUFFER_POP_DATUM(ps, &info->dh.public_key);
-/* Upack certificate info.
- */
-static int
-unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
-{
- int ret;
- unsigned int i = 0, j = 0;
- size_t pack_size;
- cert_auth_info_t info = NULL;
-
- BUFFER_POP_NUM (ps, pack_size);
-
- if (pack_size == 0)
- return 0; /* nothing to be done */
-
- /* client and server have the same auth_info here
- */
- ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- BUFFER_POP_NUM (ps, info->dh.secret_bits);
-
- BUFFER_POP_DATUM (ps, &info->dh.prime);
- BUFFER_POP_DATUM (ps, &info->dh.generator);
- BUFFER_POP_DATUM (ps, &info->dh.public_key);
-
- BUFFER_POP_NUM (ps, info->ncerts);
-
- if (info->ncerts > 0)
- {
- info->raw_certificate_list =
- gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
- if (info->raw_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- }
-
- for (i = 0; i < info->ncerts; i++)
- {
- BUFFER_POP_DATUM (ps, &info->raw_certificate_list[i]);
- }
-
- return 0;
-
-error:
- if (info)
- {
- _gnutls_free_datum (&info->dh.prime);
- _gnutls_free_datum (&info->dh.generator);
- _gnutls_free_datum (&info->dh.public_key);
-
- for (j = 0; j < i; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
-
- gnutls_free (info->raw_certificate_list);
- }
-
- return ret;
+ BUFFER_POP_NUM(ps, info->ncerts);
+
+ if (info->ncerts > 0) {
+ info->raw_certificate_list =
+ gnutls_calloc(info->ncerts, sizeof(gnutls_datum_t));
+ if (info->raw_certificate_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ }
+
+ for (i = 0; i < info->ncerts; i++) {
+ BUFFER_POP_DATUM(ps, &info->raw_certificate_list[i]);
+ }
+
+ return 0;
+
+ error:
+ if (info) {
+ _gnutls_free_datum(&info->dh.prime);
+ _gnutls_free_datum(&info->dh.generator);
+ _gnutls_free_datum(&info->dh.public_key);
+
+ for (j = 0; j < i; j++)
+ _gnutls_free_datum(&info->raw_certificate_list[j]);
+
+ gnutls_free(info->raw_certificate_list);
+ }
+
+ return ret;
}
@@ -430,70 +413,67 @@ error:
* x bytes the SRP username
*/
static int
-pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- srp_server_auth_info_t info = _gnutls_get_auth_info (session);
- int len, ret;
- int size_offset;
- size_t cur_size;
- const char* username = NULL;
-
- if (info && info->username)
- {
- username = info->username;
- len = strlen (info->username) + 1; /* include the terminating null */
- }
- else
- len = 0;
-
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
-
- BUFFER_APPEND_PFX4 (ps, username, len);
-
- /* write the real size */
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
-
- return 0;
+ srp_server_auth_info_t info = _gnutls_get_auth_info(session);
+ int len, ret;
+ int size_offset;
+ size_t cur_size;
+ const char *username = NULL;
+
+ if (info && info->username) {
+ username = info->username;
+ len = strlen(info->username) + 1; /* include the terminating null */
+ } else
+ len = 0;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+ BUFFER_APPEND_PFX4(ps, username, len);
+
+ /* write the real size */
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
}
static int
-unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+unpack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- size_t username_size;
- int ret;
- srp_server_auth_info_t info;
-
- BUFFER_POP_NUM (ps, username_size);
- if (username_size > sizeof (info->username))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
- sizeof (srp_server_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- BUFFER_POP (ps, info->username, username_size);
- if (username_size == 0)
- info->username[0] = 0;
-
- ret = 0;
-
-error:
- return ret;
+ size_t username_size;
+ int ret;
+ srp_server_auth_info_t info;
+
+ BUFFER_POP_NUM(ps, username_size);
+ if (username_size > sizeof(info->username)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_SRP,
+ sizeof(srp_server_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ BUFFER_POP(ps, info->username, username_size);
+ if (username_size == 0)
+ info->username[0] = 0;
+
+ ret = 0;
+
+ error:
+ return ret;
}
#endif
@@ -514,79 +494,78 @@ error:
* x bytes the public key
*/
static int
-pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- int cur_size, ret;
- anon_auth_info_t info = _gnutls_get_auth_info (session);
- int size_offset;
-
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
-
- if (info)
- {
- BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.generator.data,
- info->dh.generator.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data,
- info->dh.public_key.size);
- }
-
- /* write the real size */
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
-
- return 0;
+ int cur_size, ret;
+ anon_auth_info_t info = _gnutls_get_auth_info(session);
+ int size_offset;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+ if (info) {
+ BUFFER_APPEND_NUM(ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX4(ps, info->dh.prime.data,
+ info->dh.prime.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+ }
+
+ /* write the real size */
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
}
static int
-unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+unpack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- int ret;
- size_t pack_size;
- anon_auth_info_t info = NULL;
-
- BUFFER_POP_NUM (ps, pack_size);
-
- if (pack_size == 0)
- return 0; /* nothing to be done */
-
- /* client and server have the same auth_info here
- */
- ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- BUFFER_POP_NUM (ps, info->dh.secret_bits);
-
- BUFFER_POP_DATUM (ps, &info->dh.prime);
- BUFFER_POP_DATUM (ps, &info->dh.generator);
- BUFFER_POP_DATUM (ps, &info->dh.public_key);
-
- return 0;
-
-error:
- if (info)
- {
- _gnutls_free_datum (&info->dh.prime);
- _gnutls_free_datum (&info->dh.generator);
- _gnutls_free_datum (&info->dh.public_key);
- }
-
- return ret;
+ int ret;
+ size_t pack_size;
+ anon_auth_info_t info = NULL;
+
+ BUFFER_POP_NUM(ps, pack_size);
+
+ if (pack_size == 0)
+ return 0; /* nothing to be done */
+
+ /* client and server have the same auth_info here
+ */
+ ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ BUFFER_POP_NUM(ps, info->dh.secret_bits);
+
+ BUFFER_POP_DATUM(ps, &info->dh.prime);
+ BUFFER_POP_DATUM(ps, &info->dh.generator);
+ BUFFER_POP_DATUM(ps, &info->dh.public_key);
+
+ return 0;
+
+ error:
+ if (info) {
+ _gnutls_free_datum(&info->dh.prime);
+ _gnutls_free_datum(&info->dh.generator);
+ _gnutls_free_datum(&info->dh.public_key);
+ }
+
+ return ret;
}
-#endif /* ANON */
+#endif /* ANON */
#ifdef ENABLE_PSK
/* Packs the PSK session authentication data.
@@ -607,97 +586,97 @@ error:
* x bytes the public key
*/
static int
-pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- psk_auth_info_t info;
- int username_len;
- int hint_len, ret;
- int size_offset;
- size_t cur_size;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (info->username)
- username_len = strlen (info->username) + 1; /* include the terminating null */
- else
- username_len = 0;
-
- if (info->hint)
- hint_len = strlen (info->hint) + 1; /* include the terminating null */
- else
- hint_len = 0;
-
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
-
- BUFFER_APPEND_PFX4 (ps, info->username, username_len);
- BUFFER_APPEND_PFX4 (ps, info->hint, hint_len);
-
- BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.generator.data, info->dh.generator.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data, info->dh.public_key.size);
-
- /* write the real size */
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
-
- return 0;
+ psk_auth_info_t info;
+ int username_len;
+ int hint_len, ret;
+ int size_offset;
+ size_t cur_size;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (info->username)
+ username_len = strlen(info->username) + 1; /* include the terminating null */
+ else
+ username_len = 0;
+
+ if (info->hint)
+ hint_len = strlen(info->hint) + 1; /* include the terminating null */
+ else
+ hint_len = 0;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+ BUFFER_APPEND_PFX4(ps, info->username, username_len);
+ BUFFER_APPEND_PFX4(ps, info->hint, hint_len);
+
+ BUFFER_APPEND_NUM(ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX4(ps, info->dh.prime.data, info->dh.prime.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+
+ /* write the real size */
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
}
static int
-unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- size_t username_size, hint_size;
- int ret;
- psk_auth_info_t info;
-
- ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- BUFFER_POP_NUM (ps, username_size);
- if (username_size > sizeof (info->username))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- BUFFER_POP (ps, info->username, username_size);
-
- BUFFER_POP_NUM (ps, hint_size);
- if (hint_size > sizeof (info->hint))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- BUFFER_POP (ps, info->hint, hint_size);
-
- BUFFER_POP_NUM (ps, info->dh.secret_bits);
-
- BUFFER_POP_DATUM (ps, &info->dh.prime);
- BUFFER_POP_DATUM (ps, &info->dh.generator);
- BUFFER_POP_DATUM (ps, &info->dh.public_key);
-
- ret = 0;
-
-error:
- _gnutls_free_datum (&info->dh.prime);
- _gnutls_free_datum (&info->dh.generator);
- _gnutls_free_datum (&info->dh.public_key);
-
- return ret;
+ size_t username_size, hint_size;
+ int ret;
+ psk_auth_info_t info;
+
+ ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ BUFFER_POP_NUM(ps, username_size);
+ if (username_size > sizeof(info->username)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ BUFFER_POP(ps, info->username, username_size);
+
+ BUFFER_POP_NUM(ps, hint_size);
+ if (hint_size > sizeof(info->hint)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ BUFFER_POP(ps, info->hint, hint_size);
+
+ BUFFER_POP_NUM(ps, info->dh.secret_bits);
+
+ BUFFER_POP_DATUM(ps, &info->dh.prime);
+ BUFFER_POP_DATUM(ps, &info->dh.generator);
+ BUFFER_POP_DATUM(ps, &info->dh.public_key);
+
+ ret = 0;
+
+ error:
+ _gnutls_free_datum(&info->dh.prime);
+ _gnutls_free_datum(&info->dh.generator);
+ _gnutls_free_datum(&info->dh.public_key);
+
+ return ret;
}
#endif
@@ -737,150 +716,179 @@ error:
*
*/
static int
-pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps)
{
- int ret;
- int size_offset;
- size_t cur_size;
- record_parameters_st *params;
-
- if (session->security_parameters.epoch_read
- != session->security_parameters.epoch_write)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* move after the auth info stuff.
- */
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
-
-
- BUFFER_APPEND_NUM (ps, session->security_parameters.entity);
- BUFFER_APPEND_NUM (ps, session->security_parameters.kx_algorithm);
- BUFFER_APPEND (ps,
- session->security_parameters.cipher_suite, 2);
- BUFFER_APPEND_NUM (ps, session->security_parameters.compression_method);
- BUFFER_APPEND_NUM (ps, session->security_parameters.cert_type);
- BUFFER_APPEND_NUM (ps, session->security_parameters.pversion->id);
-
- BUFFER_APPEND (ps, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- BUFFER_APPEND (ps, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- BUFFER_APPEND (ps, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
-
- BUFFER_APPEND (ps, &session->security_parameters.session_id_size, 1);
- BUFFER_APPEND (ps, session->security_parameters.session_id,
- session->security_parameters.session_id_size);
-
- BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size);
- BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size);
- BUFFER_APPEND (ps, &session->security_parameters.new_record_padding, 1);
- BUFFER_APPEND_NUM (ps, session->security_parameters.ecc_curve);
-
- BUFFER_APPEND_NUM (ps, session->security_parameters.server_sign_algo);
- BUFFER_APPEND_NUM (ps, session->security_parameters.client_sign_algo);
-
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
-
- return 0;
+ int ret;
+ int size_offset;
+ size_t cur_size;
+ record_parameters_st *params;
+
+ if (session->security_parameters.epoch_read
+ != session->security_parameters.epoch_write) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* move after the auth info stuff.
+ */
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+
+ BUFFER_APPEND_NUM(ps, session->security_parameters.entity);
+ BUFFER_APPEND_NUM(ps, session->security_parameters.kx_algorithm);
+ BUFFER_APPEND(ps, session->security_parameters.cipher_suite, 2);
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.compression_method);
+ BUFFER_APPEND_NUM(ps, session->security_parameters.cert_type);
+ BUFFER_APPEND_NUM(ps, session->security_parameters.pversion->id);
+
+ BUFFER_APPEND(ps, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ BUFFER_APPEND(ps, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ BUFFER_APPEND(ps, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ BUFFER_APPEND(ps, &session->security_parameters.session_id_size,
+ 1);
+ BUFFER_APPEND(ps, session->security_parameters.session_id,
+ session->security_parameters.session_id_size);
+
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.
+ max_record_send_size);
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.
+ max_record_recv_size);
+ BUFFER_APPEND(ps, &session->security_parameters.new_record_padding,
+ 1);
+ BUFFER_APPEND_NUM(ps, session->security_parameters.ecc_curve);
+
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.server_sign_algo);
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.client_sign_algo);
+
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
}
static int
-unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
+unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps)
{
- size_t pack_size;
- int ret;
- unsigned version;
- time_t timestamp;
-
- BUFFER_POP_NUM (ps, pack_size);
-
- if (pack_size == 0)
- return GNUTLS_E_INVALID_REQUEST;
-
- timestamp = session->internals.resumed_security_parameters.timestamp;
- memset (&session->internals.resumed_security_parameters, 0,
- sizeof (session->internals.resumed_security_parameters));
- session->internals.resumed_security_parameters.timestamp = timestamp;
-
- timestamp = gnutls_time (0);
-
- BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.entity);
- BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.kx_algorithm);
- BUFFER_POP (ps,
- session->internals.
- resumed_security_parameters.cipher_suite, 2);
- BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.compression_method);
- BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.cert_type);
- BUFFER_POP_NUM (ps, version);
- session->internals.resumed_security_parameters.pversion = version_to_entry(version);
- if (session->internals.resumed_security_parameters.pversion == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- BUFFER_POP (ps,
- session->internals.resumed_security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
-
- BUFFER_POP (ps,
- session->internals.resumed_security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- BUFFER_POP (ps,
- session->internals.resumed_security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- BUFFER_POP (ps, &session->internals.
- resumed_security_parameters.session_id_size, 1);
-
- BUFFER_POP (ps, session->internals.resumed_security_parameters.session_id,
- session->internals.resumed_security_parameters.session_id_size);
-
- BUFFER_POP_NUM (ps,
- session->internals.
- resumed_security_parameters.max_record_send_size);
- BUFFER_POP_NUM (ps,
- session->internals.
- resumed_security_parameters.max_record_recv_size);
-
- BUFFER_POP (ps, &session->internals.resumed_security_parameters.new_record_padding, 1);
-
- BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.ecc_curve);
- BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.server_sign_algo);
- BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.client_sign_algo);
-
- if (session->internals.resumed_security_parameters.max_record_recv_size == 0 ||
- session->internals.resumed_security_parameters.max_record_send_size == 0)
- {
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
-
- if (timestamp - session->internals.resumed_security_parameters.timestamp >
- session->internals.expire_time
- || session->internals.resumed_security_parameters.timestamp > timestamp)
- {
- gnutls_assert ();
- return GNUTLS_E_EXPIRED;
- }
-
- ret = 0;
-
-error:
- return ret;
+ size_t pack_size;
+ int ret;
+ unsigned version;
+ time_t timestamp;
+
+ BUFFER_POP_NUM(ps, pack_size);
+
+ if (pack_size == 0)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ timestamp =
+ session->internals.resumed_security_parameters.timestamp;
+ memset(&session->internals.resumed_security_parameters, 0,
+ sizeof(session->internals.resumed_security_parameters));
+ session->internals.resumed_security_parameters.timestamp =
+ timestamp;
+
+ timestamp = gnutls_time(0);
+
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ entity);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ kx_algorithm);
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ cipher_suite, 2);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ compression_method);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ cert_type);
+ BUFFER_POP_NUM(ps, version);
+ session->internals.resumed_security_parameters.pversion =
+ version_to_entry(version);
+ if (session->internals.resumed_security_parameters.pversion ==
+ NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ master_secret, GNUTLS_MASTER_SIZE);
+
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ client_random, GNUTLS_RANDOM_SIZE);
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ server_random, GNUTLS_RANDOM_SIZE);
+ BUFFER_POP(ps,
+ &session->internals.resumed_security_parameters.
+ session_id_size, 1);
+
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ session_id,
+ session->internals.resumed_security_parameters.
+ session_id_size);
+
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ max_record_send_size);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ max_record_recv_size);
+
+ BUFFER_POP(ps,
+ &session->internals.resumed_security_parameters.
+ new_record_padding, 1);
+
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ ecc_curve);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ server_sign_algo);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ client_sign_algo);
+
+ if (session->internals.resumed_security_parameters.
+ max_record_recv_size == 0
+ || session->internals.resumed_security_parameters.
+ max_record_send_size == 0) {
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ if (timestamp -
+ session->internals.resumed_security_parameters.timestamp >
+ session->internals.expire_time
+ || session->internals.resumed_security_parameters.timestamp >
+ timestamp) {
+ gnutls_assert();
+ return GNUTLS_E_EXPIRED;
+ }
+
+ ret = 0;
+
+ error:
+ return ret;
}
/**
@@ -904,53 +912,68 @@ error:
* an error code is returned.
**/
int
-gnutls_session_set_premaster (gnutls_session_t session, unsigned int entity,
- gnutls_protocol_t version,
- gnutls_kx_algorithm_t kx,
- gnutls_cipher_algorithm_t cipher,
- gnutls_mac_algorithm_t mac,
- gnutls_compression_method_t comp,
- const gnutls_datum_t* master,
- const gnutls_datum_t * session_id)
+gnutls_session_set_premaster(gnutls_session_t session, unsigned int entity,
+ gnutls_protocol_t version,
+ gnutls_kx_algorithm_t kx,
+ gnutls_cipher_algorithm_t cipher,
+ gnutls_mac_algorithm_t mac,
+ gnutls_compression_method_t comp,
+ const gnutls_datum_t * master,
+ const gnutls_datum_t * session_id)
{
- int ret;
+ int ret;
+
+ memset(&session->internals.resumed_security_parameters, 0,
+ sizeof(session->internals.resumed_security_parameters));
+
+ session->internals.resumed_security_parameters.entity = entity;
+ session->internals.resumed_security_parameters.kx_algorithm = kx;
+
+ ret =
+ _gnutls_cipher_suite_get_id(kx, cipher, mac,
+ session->internals.
+ resumed_security_parameters.
+ cipher_suite);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- memset (&session->internals.resumed_security_parameters, 0,
- sizeof (session->internals.resumed_security_parameters));
-
- session->internals.resumed_security_parameters.entity = entity;
- session->internals.resumed_security_parameters.kx_algorithm = kx;
-
- ret = _gnutls_cipher_suite_get_id(kx, cipher, mac, session->internals.resumed_security_parameters.cipher_suite);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ session->internals.resumed_security_parameters.compression_method =
+ comp;
+ session->internals.resumed_security_parameters.cert_type =
+ DEFAULT_CERT_TYPE;
+ session->internals.resumed_security_parameters.pversion =
+ version_to_entry(version);
- session->internals.resumed_security_parameters.compression_method = comp;
- session->internals.resumed_security_parameters.cert_type = DEFAULT_CERT_TYPE;
- session->internals.resumed_security_parameters.pversion = version_to_entry(version);
-
- if (session->internals.resumed_security_parameters.pversion == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (session->internals.resumed_security_parameters.pversion ==
+ NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (master->size != GNUTLS_MASTER_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (master->size != GNUTLS_MASTER_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- memcpy(session->internals.resumed_security_parameters.master_secret, master->data, master->size);
+ memcpy(session->internals.resumed_security_parameters.
+ master_secret, master->data, master->size);
- if (session_id->size > GNUTLS_MAX_SESSION_ID)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (session_id->size > GNUTLS_MAX_SESSION_ID)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- session->internals.resumed_security_parameters.session_id_size = session_id->size;
- memcpy(session->internals.resumed_security_parameters.session_id, session_id->data, session_id->size);
+ session->internals.resumed_security_parameters.session_id_size =
+ session_id->size;
+ memcpy(session->internals.resumed_security_parameters.session_id,
+ session_id->data, session_id->size);
- session->internals.resumed_security_parameters.max_record_send_size =
- session->internals.resumed_security_parameters.max_record_recv_size = DEFAULT_MAX_RECORD_SIZE;
+ session->internals.resumed_security_parameters.
+ max_record_send_size =
+ session->internals.resumed_security_parameters.
+ max_record_recv_size = DEFAULT_MAX_RECORD_SIZE;
- session->internals.resumed_security_parameters.timestamp = gnutls_time(0);
+ session->internals.resumed_security_parameters.timestamp =
+ gnutls_time(0);
- session->internals.resumed_security_parameters.ecc_curve = GNUTLS_ECC_CURVE_INVALID;
+ session->internals.resumed_security_parameters.ecc_curve =
+ GNUTLS_ECC_CURVE_INVALID;
- session->internals.premaster_set = 1;
+ session->internals.premaster_set = 1;
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_session_pack.h b/lib/gnutls_session_pack.h
index 4404446a16..efb6cda01b 100644
--- a/lib/gnutls_session_pack.h
+++ b/lib/gnutls_session_pack.h
@@ -20,7 +20,7 @@
*
*/
-int _gnutls_session_pack (gnutls_session_t session,
- gnutls_datum_t * packed_session);
-int _gnutls_session_unpack (gnutls_session_t session,
- const gnutls_datum_t * packed_session);
+int _gnutls_session_pack(gnutls_session_t session,
+ gnutls_datum_t * packed_session);
+int _gnutls_session_unpack(gnutls_session_t session,
+ const gnutls_datum_t * packed_session);
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index d9afa677aa..b794e9e960 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -40,10 +40,10 @@
#include <abstract_int.h>
static int
-sign_tls_hash (gnutls_session_t session, const mac_entry_st* hash_algo,
- gnutls_pcert_st* cert, gnutls_privkey_t pkey,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature);
+sign_tls_hash(gnutls_session_t session, const mac_entry_st * hash_algo,
+ gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature);
/* While this is currently equal to the length of RSA/SHA512
@@ -57,107 +57,108 @@ sign_tls_hash (gnutls_session_t session, const mac_entry_st* hash_algo,
* Used in DHE_* ciphersuites.
*/
int
-_gnutls_handshake_sign_data (gnutls_session_t session, gnutls_pcert_st* cert,
- gnutls_privkey_t pkey, gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t * sign_algo)
+_gnutls_handshake_sign_data(gnutls_session_t session,
+ gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+ gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * sign_algo)
{
- gnutls_datum_t dconcat;
- int ret;
- digest_hd_st td_sha;
- uint8_t concat[MAX_SIG_SIZE];
- const version_entry_st* ver = get_version (session);
- const mac_entry_st* hash_algo;
-
- *sign_algo =
- _gnutls_session_get_sign_algo (session, cert);
- if (*sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- gnutls_sign_algorithm_set_server(session, *sign_algo);
-
- hash_algo = mac_to_entry(gnutls_sign_get_hash_algorithm (*sign_algo));
-
- _gnutls_handshake_log ("HSK[%p]: signing handshake data: using %s\n",
- session, gnutls_sign_algorithm_get_name (*sign_algo));
-
- ret = _gnutls_hash_init (&td_sha, hash_algo);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td_sha, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_sha, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_sha, params->data, params->size);
-
- switch (gnutls_privkey_get_pk_algorithm(pkey, NULL))
- {
- case GNUTLS_PK_RSA:
- if (!_gnutls_version_has_selectable_sighash (ver))
- {
- digest_hd_st td_md5;
-
- ret = _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_MAC_MD5));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td_md5, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, params->data, params->size);
-
- _gnutls_hash_deinit (&td_md5, concat);
- _gnutls_hash_deinit (&td_sha, &concat[16]);
-
- dconcat.data = concat;
- dconcat.size = 36;
- }
- else
- { /* TLS 1.2 way */
-
- _gnutls_hash_deinit (&td_sha, concat);
-
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
- }
- break;
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
- _gnutls_hash_deinit (&td_sha, concat);
-
- if (!IS_SHA(hash_algo->id))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
- break;
-
- default:
- gnutls_assert ();
- _gnutls_hash_deinit (&td_sha, NULL);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ gnutls_datum_t dconcat;
+ int ret;
+ digest_hd_st td_sha;
+ uint8_t concat[MAX_SIG_SIZE];
+ const version_entry_st *ver = get_version(session);
+ const mac_entry_st *hash_algo;
+
+ *sign_algo = _gnutls_session_get_sign_algo(session, cert);
+ if (*sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ gnutls_sign_algorithm_set_server(session, *sign_algo);
+
+ hash_algo =
+ mac_to_entry(gnutls_sign_get_hash_algorithm(*sign_algo));
+
+ _gnutls_handshake_log
+ ("HSK[%p]: signing handshake data: using %s\n", session,
+ gnutls_sign_algorithm_get_name(*sign_algo));
+
+ ret = _gnutls_hash_init(&td_sha, hash_algo);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td_sha, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_sha, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_sha, params->data, params->size);
+
+ switch (gnutls_privkey_get_pk_algorithm(pkey, NULL)) {
+ case GNUTLS_PK_RSA:
+ if (!_gnutls_version_has_selectable_sighash(ver)) {
+ digest_hd_st td_md5;
+
+ ret =
+ _gnutls_hash_init(&td_md5,
+ mac_to_entry
+ (GNUTLS_MAC_MD5));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td_md5,
+ session->security_parameters.
+ client_random, GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_md5,
+ session->security_parameters.
+ server_random, GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_md5, params->data, params->size);
+
+ _gnutls_hash_deinit(&td_md5, concat);
+ _gnutls_hash_deinit(&td_sha, &concat[16]);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+ } else { /* TLS 1.2 way */
+
+ _gnutls_hash_deinit(&td_sha, concat);
+
+ dconcat.data = concat;
+ dconcat.size =
+ _gnutls_hash_get_algo_len(hash_algo);
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+ _gnutls_hash_deinit(&td_sha, concat);
+
+ if (!IS_SHA(hash_algo->id)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len(hash_algo);
+ break;
+
+ default:
+ gnutls_assert();
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ sign_tls_hash(session, hash_algo, cert, pkey, &dconcat,
+ signature);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
@@ -166,138 +167,148 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_pcert_st* cert,
* it supports signing.
*/
static int
-sign_tls_hash (gnutls_session_t session, const mac_entry_st* hash_algo,
- gnutls_pcert_st* cert, gnutls_privkey_t pkey,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature)
+sign_tls_hash(gnutls_session_t session, const mac_entry_st * hash_algo,
+ gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature)
{
- const version_entry_st* ver = get_version (session);
- unsigned int key_usage = 0;
-
- /* If our certificate supports signing
- */
- if (cert != NULL)
- {
- gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
-
- if (key_usage != 0)
- if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
- {
- gnutls_assert ();
- _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
- }
-
- /* External signing. Deprecated. To be removed. */
- if (!pkey)
- {
- int ret;
-
- if (!session->internals.sign_func)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- if (!_gnutls_version_has_selectable_sighash (ver))
- return (*session->internals.sign_func)
- (session, session->internals.sign_func_userdata,
- cert->type, &cert->cert, hash_concat, signature);
- else
- {
- gnutls_datum_t digest;
-
- ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = pk_prepare_hash (gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL), hash_algo, &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- goto es_cleanup;
- }
-
- ret = (*session->internals.sign_func)
- (session, session->internals.sign_func_userdata,
- cert->type, &cert->cert, &digest, signature);
-es_cleanup:
- gnutls_free(digest.data);
-
- return ret;
- }
- }
- }
-
- if (!_gnutls_version_has_selectable_sighash (ver))
- return gnutls_privkey_sign_raw_data (pkey, 0, hash_concat, signature);
- else
- return gnutls_privkey_sign_hash (pkey, hash_algo->id, 0, hash_concat, signature);
+ const version_entry_st *ver = get_version(session);
+ unsigned int key_usage = 0;
+
+ /* If our certificate supports signing
+ */
+ if (cert != NULL) {
+ gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
+
+ if (key_usage != 0)
+ if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
+ }
+
+ /* External signing. Deprecated. To be removed. */
+ if (!pkey) {
+ int ret;
+
+ if (!session->internals.sign_func)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ if (!_gnutls_version_has_selectable_sighash(ver))
+ return (*session->internals.sign_func)
+ (session,
+ session->internals.sign_func_userdata,
+ cert->type, &cert->cert, hash_concat,
+ signature);
+ else {
+ gnutls_datum_t digest;
+
+ ret =
+ _gnutls_set_datum(&digest,
+ hash_concat->data,
+ hash_concat->size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ pk_prepare_hash
+ (gnutls_pubkey_get_pk_algorithm
+ (cert->pubkey, NULL), hash_algo,
+ &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ goto es_cleanup;
+ }
+
+ ret = (*session->internals.sign_func)
+ (session,
+ session->internals.sign_func_userdata,
+ cert->type, &cert->cert, &digest,
+ signature);
+ es_cleanup:
+ gnutls_free(digest.data);
+
+ return ret;
+ }
+ }
+ }
+
+ if (!_gnutls_version_has_selectable_sighash(ver))
+ return gnutls_privkey_sign_raw_data(pkey, 0, hash_concat,
+ signature);
+ else
+ return gnutls_privkey_sign_hash(pkey, hash_algo->id, 0,
+ hash_concat, signature);
}
static int
-verify_tls_hash (gnutls_session_t session,
- const version_entry_st* ver, gnutls_pcert_st* cert,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature, size_t sha1pos,
- gnutls_sign_algorithm_t sign_algo,
- gnutls_pk_algorithm_t pk_algo)
+verify_tls_hash(gnutls_session_t session,
+ const version_entry_st * ver, gnutls_pcert_st * cert,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature, size_t sha1pos,
+ gnutls_sign_algorithm_t sign_algo,
+ gnutls_pk_algorithm_t pk_algo)
{
- int ret;
- gnutls_datum_t vdata;
- unsigned int key_usage = 0, flags;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
-
- /* If the certificate supports signing continue.
- */
- if (key_usage != 0)
- if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
- {
- gnutls_assert ();
- _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
- }
-
- if (pk_algo == GNUTLS_PK_UNKNOWN)
- pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
- switch (pk_algo)
- {
- case GNUTLS_PK_RSA:
-
- vdata.data = hash_concat->data;
- vdata.size = hash_concat->size;
-
- /* verify signature */
- if (!_gnutls_version_has_selectable_sighash (ver))
- flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA;
- else
- flags = 0;
- break;
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
- vdata.data = &hash_concat->data[sha1pos];
- vdata.size = hash_concat->size - sha1pos;
-
- flags = 0;
-
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- gnutls_sign_algorithm_set_server(session, sign_algo);
-
- ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags,
- &vdata, signature);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
-
- return 0;
+ int ret;
+ gnutls_datum_t vdata;
+ unsigned int key_usage = 0, flags;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
+
+ /* If the certificate supports signing continue.
+ */
+ if (key_usage != 0)
+ if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
+ }
+
+ if (pk_algo == GNUTLS_PK_UNKNOWN)
+ pk_algo =
+ gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+ switch (pk_algo) {
+ case GNUTLS_PK_RSA:
+
+ vdata.data = hash_concat->data;
+ vdata.size = hash_concat->size;
+
+ /* verify signature */
+ if (!_gnutls_version_has_selectable_sighash(ver))
+ flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA;
+ else
+ flags = 0;
+ break;
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+ vdata.data = &hash_concat->data[sha1pos];
+ vdata.size = hash_concat->size - sha1pos;
+
+ flags = 0;
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ gnutls_sign_algorithm_set_server(session, sign_algo);
+
+ ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags,
+ &vdata, signature);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+
+ return 0;
}
@@ -305,95 +316,95 @@ verify_tls_hash (gnutls_session_t session,
* Used in DHE_* ciphersuites.
*/
int
-_gnutls_handshake_verify_data (gnutls_session_t session, gnutls_pcert_st* cert,
- const gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+_gnutls_handshake_verify_data(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
- gnutls_datum_t dconcat;
- int ret;
- digest_hd_st td_md5;
- digest_hd_st td_sha;
- uint8_t concat[MAX_SIG_SIZE];
- const version_entry_st* ver = get_version (session);
- gnutls_digest_algorithm_t hash_algo;
- const mac_entry_st * me;
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- _gnutls_handshake_log ("HSK[%p]: verify handshake data: using %s\n",
- session, gnutls_sign_algorithm_get_name (sign_algo));
-
- ret = _gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver, sign_algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_session_sign_algo_enabled (session, sign_algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
- me = mac_to_entry(hash_algo);
- }
- else
- {
- me = mac_to_entry(GNUTLS_DIG_MD5);
- ret = _gnutls_hash_init (&td_md5, me);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td_md5, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, params->data, params->size);
-
- me = mac_to_entry(GNUTLS_DIG_SHA1);
- }
-
- ret = _gnutls_hash_init (&td_sha, me);
- if (ret < 0)
- {
- gnutls_assert ();
- if (!_gnutls_version_has_selectable_sighash (ver))
- _gnutls_hash_deinit (&td_md5, NULL);
- return ret;
- }
-
- _gnutls_hash (&td_sha, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_sha, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_sha, params->data, params->size);
-
- if (!_gnutls_version_has_selectable_sighash (ver))
- {
- _gnutls_hash_deinit (&td_md5, concat);
- _gnutls_hash_deinit (&td_sha, &concat[16]);
- dconcat.data = concat;
- dconcat.size = 36;
- }
- else
- {
- _gnutls_hash_deinit (&td_sha, concat);
-
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (me);
- }
-
- ret = verify_tls_hash (session, ver, cert, &dconcat, signature,
- dconcat.size - _gnutls_hash_get_algo_len (me),
- sign_algo, gnutls_sign_get_pk_algorithm (sign_algo));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ gnutls_datum_t dconcat;
+ int ret;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ uint8_t concat[MAX_SIG_SIZE];
+ const version_entry_st *ver = get_version(session);
+ gnutls_digest_algorithm_t hash_algo;
+ const mac_entry_st *me;
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ _gnutls_handshake_log
+ ("HSK[%p]: verify handshake data: using %s\n", session,
+ gnutls_sign_algorithm_get_name(sign_algo));
+
+ ret =
+ _gnutls_pubkey_compatible_with_sig(session,
+ cert->pubkey, ver,
+ sign_algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_session_sign_algo_enabled(session, sign_algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ hash_algo = gnutls_sign_get_hash_algorithm(sign_algo);
+ me = mac_to_entry(hash_algo);
+ } else {
+ me = mac_to_entry(GNUTLS_DIG_MD5);
+ ret = _gnutls_hash_init(&td_md5, me);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td_md5,
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_md5,
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_md5, params->data, params->size);
+
+ me = mac_to_entry(GNUTLS_DIG_SHA1);
+ }
+
+ ret = _gnutls_hash_init(&td_sha, me);
+ if (ret < 0) {
+ gnutls_assert();
+ if (!_gnutls_version_has_selectable_sighash(ver))
+ _gnutls_hash_deinit(&td_md5, NULL);
+ return ret;
+ }
+
+ _gnutls_hash(&td_sha, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_sha, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_sha, params->data, params->size);
+
+ if (!_gnutls_version_has_selectable_sighash(ver)) {
+ _gnutls_hash_deinit(&td_md5, concat);
+ _gnutls_hash_deinit(&td_sha, &concat[16]);
+ dconcat.data = concat;
+ dconcat.size = 36;
+ } else {
+ _gnutls_hash_deinit(&td_sha, concat);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len(me);
+ }
+
+ ret = verify_tls_hash(session, ver, cert, &dconcat, signature,
+ dconcat.size - _gnutls_hash_get_algo_len(me),
+ sign_algo,
+ gnutls_sign_get_pk_algorithm(sign_algo));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
@@ -403,44 +414,48 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_pcert_st* cert,
/* this is _gnutls_handshake_verify_crt_vrfy for TLS 1.2
*/
static int
-_gnutls_handshake_verify_crt_vrfy12 (gnutls_session_t session,
- gnutls_pcert_st* cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+_gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
- int ret;
- uint8_t concat[MAX_HASH_SIZE];
- gnutls_datum_t dconcat;
- const version_entry_st* ver = get_version (session);
- gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
- const mac_entry_st *me;
-
- ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- gnutls_sign_algorithm_set_client(session, sign_algo);
-
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign_algo));
-
- ret = _gnutls_hash_fast(me->id, session->internals.handshake_hash_buffer.data,
- session->internals.handshake_hash_buffer_prev_len,
- concat);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (me);
-
- ret =
- verify_tls_hash (session, ver, cert, &dconcat, signature, 0, sign_algo, pk);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ int ret;
+ uint8_t concat[MAX_HASH_SIZE];
+ gnutls_datum_t dconcat;
+ const version_entry_st *ver = get_version(session);
+ gnutls_pk_algorithm_t pk =
+ gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+ const mac_entry_st *me;
+
+ ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ gnutls_sign_algorithm_set_client(session, sign_algo);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign_algo));
+
+ ret =
+ _gnutls_hash_fast(me->id,
+ session->internals.handshake_hash_buffer.
+ data,
+ session->internals.
+ handshake_hash_buffer_prev_len, concat);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len(me);
+
+ ret =
+ verify_tls_hash(session, ver, cert, &dconcat, signature, 0,
+ sign_algo, pk);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
@@ -448,145 +463,143 @@ _gnutls_handshake_verify_crt_vrfy12 (gnutls_session_t session,
* verify message).
*/
int
-_gnutls_handshake_verify_crt_vrfy (gnutls_session_t session,
- gnutls_pcert_st *cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+_gnutls_handshake_verify_crt_vrfy(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
- int ret;
- uint8_t concat[MAX_SIG_SIZE];
- digest_hd_st td_md5;
- digest_hd_st td_sha;
- gnutls_datum_t dconcat;
- const version_entry_st* ver = get_version (session);
-
- _gnutls_handshake_log ("HSK[%p]: verify cert vrfy: using %s\n",
- session, gnutls_sign_algorithm_get_name (sign_algo));
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (_gnutls_version_has_selectable_sighash(ver))
- return _gnutls_handshake_verify_crt_vrfy12 (session, cert, signature,
- sign_algo);
-
- ret =
- _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
- }
-
- _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len);
- _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len);
-
- if (ver->id == GNUTLS_SSL3)
- {
- ret = _gnutls_generate_master (session, 1);
- if (ret < 0)
- {
- _gnutls_hash_deinit (&td_md5, NULL);
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(ret);
- }
-
- ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (ret < 0)
- {
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(ret);
- }
-
- ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (ret < 0)
- {
- return gnutls_assert_val(ret);
- }
- }
- else
- {
- _gnutls_hash_deinit (&td_md5, concat);
- _gnutls_hash_deinit (&td_sha, &concat[16]);
- }
-
- dconcat.data = concat;
- dconcat.size = 20 + 16; /* md5+ sha */
-
- ret =
- verify_tls_hash (session, ver, cert, &dconcat, signature, 16,
- GNUTLS_SIGN_UNKNOWN,
- gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ int ret;
+ uint8_t concat[MAX_SIG_SIZE];
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ gnutls_datum_t dconcat;
+ const version_entry_st *ver = get_version(session);
+
+ _gnutls_handshake_log("HSK[%p]: verify cert vrfy: using %s\n",
+ session,
+ gnutls_sign_algorithm_get_name(sign_algo));
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_version_has_selectable_sighash(ver))
+ return _gnutls_handshake_verify_crt_vrfy12(session, cert,
+ signature,
+ sign_algo);
+
+ ret = _gnutls_hash_init(&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_hash_init(&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_hash_deinit(&td_md5, NULL);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ _gnutls_hash(&td_sha,
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer_prev_len);
+ _gnutls_hash(&td_md5,
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer_prev_len);
+
+ if (ver->id == GNUTLS_SSL3) {
+ ret = _gnutls_generate_master(session, 1);
+ if (ret < 0) {
+ _gnutls_hash_deinit(&td_md5, NULL);
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(ret);
+ }
+
+ ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5, concat,
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (ret < 0) {
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(ret);
+ }
+
+ ret =
+ _gnutls_mac_deinit_ssl3_handshake(&td_sha, &concat[16],
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (ret < 0) {
+ return gnutls_assert_val(ret);
+ }
+ } else {
+ _gnutls_hash_deinit(&td_md5, concat);
+ _gnutls_hash_deinit(&td_sha, &concat[16]);
+ }
+
+ dconcat.data = concat;
+ dconcat.size = 20 + 16; /* md5+ sha */
+
+ ret =
+ verify_tls_hash(session, ver, cert, &dconcat, signature, 16,
+ GNUTLS_SIGN_UNKNOWN,
+ gnutls_pubkey_get_pk_algorithm(cert->pubkey,
+ NULL));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
/* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2
*/
static int
-_gnutls_handshake_sign_crt_vrfy12 (gnutls_session_t session,
- gnutls_pcert_st* cert, gnutls_privkey_t pkey,
- gnutls_datum_t * signature)
+_gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * signature)
{
- gnutls_datum_t dconcat;
- int ret;
- uint8_t concat[MAX_SIG_SIZE];
- gnutls_sign_algorithm_t sign_algo;
- const mac_entry_st* me;
-
- sign_algo =
- _gnutls_session_get_sign_algo (session, cert);
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- gnutls_sign_algorithm_set_client(session, sign_algo);
-
- me = mac_to_entry(gnutls_sign_get_hash_algorithm (sign_algo));
-
- _gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
- gnutls_sign_algorithm_get_name (sign_algo),
- _gnutls_mac_get_name (me));
-
- ret = _gnutls_hash_fast (me->id, session->internals.handshake_hash_buffer.data,
- session->internals.handshake_hash_buffer.length,
- concat);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (me);
-
- ret = sign_tls_hash (session, me, cert, pkey, &dconcat, signature);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return sign_algo;
+ gnutls_datum_t dconcat;
+ int ret;
+ uint8_t concat[MAX_SIG_SIZE];
+ gnutls_sign_algorithm_t sign_algo;
+ const mac_entry_st *me;
+
+ sign_algo = _gnutls_session_get_sign_algo(session, cert);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ gnutls_sign_algorithm_set_client(session, sign_algo);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign_algo));
+
+ _gnutls_debug_log("sign handshake cert vrfy: picked %s with %s\n",
+ gnutls_sign_algorithm_get_name(sign_algo),
+ _gnutls_mac_get_name(me));
+
+ ret =
+ _gnutls_hash_fast(me->id,
+ session->internals.handshake_hash_buffer.
+ data,
+ session->internals.handshake_hash_buffer.
+ length, concat);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len(me);
+
+ ret = sign_tls_hash(session, me, cert, pkey, &dconcat, signature);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return sign_algo;
}
@@ -599,131 +612,136 @@ _gnutls_handshake_sign_crt_vrfy12 (gnutls_session_t session,
* For TLS1.2 returns the signature algorithm used on success, or a negative error code;
*/
int
-_gnutls_handshake_sign_crt_vrfy (gnutls_session_t session,
- gnutls_pcert_st* cert, gnutls_privkey_t pkey,
- gnutls_datum_t * signature)
+_gnutls_handshake_sign_crt_vrfy(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * signature)
{
- gnutls_datum_t dconcat;
- int ret;
- uint8_t concat[MAX_SIG_SIZE];
- digest_hd_st td_md5;
- digest_hd_st td_sha;
- const version_entry_st* ver = get_version (session);
- gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (_gnutls_version_has_selectable_sighash(ver))
- return _gnutls_handshake_sign_crt_vrfy12 (session, cert, pkey,
- signature);
-
- ret =
- _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length);
-
- if (ver->id == GNUTLS_SSL3)
- {
- ret = _gnutls_generate_master (session, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&td_sha, NULL);
- return ret;
- }
-
- ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- _gnutls_hash_deinit (&td_sha, &concat[16]);
-
- /* ensure 1024 bit DSA keys are used */
- ret = _gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver, GNUTLS_SIGN_UNKNOWN);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- ret =
- _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length);
-
- if (ver->id == GNUTLS_SSL3)
- {
- ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- _gnutls_hash_deinit (&td_md5, concat);
-
- dconcat.data = concat;
- dconcat.size = 36;
- break;
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
-
- dconcat.data = &concat[16];
- dconcat.size = 20;
- break;
-
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
- ret = sign_tls_hash (session, NULL, cert, pkey, &dconcat, signature);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ gnutls_datum_t dconcat;
+ int ret;
+ uint8_t concat[MAX_SIG_SIZE];
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ const version_entry_st *ver = get_version(session);
+ gnutls_pk_algorithm_t pk =
+ gnutls_privkey_get_pk_algorithm(pkey, NULL);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_version_has_selectable_sighash(ver))
+ return _gnutls_handshake_sign_crt_vrfy12(session, cert,
+ pkey, signature);
+
+ ret = _gnutls_hash_init(&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td_sha,
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer.length);
+
+ if (ver->id == GNUTLS_SSL3) {
+ ret = _gnutls_generate_master(session, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return ret;
+ }
+
+ ret =
+ _gnutls_mac_deinit_ssl3_handshake(&td_sha, &concat[16],
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
+ _gnutls_hash_deinit(&td_sha, &concat[16]);
+
+ /* ensure 1024 bit DSA keys are used */
+ ret =
+ _gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver,
+ GNUTLS_SIGN_UNKNOWN);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ ret =
+ _gnutls_hash_init(&td_md5,
+ mac_to_entry(GNUTLS_DIG_MD5));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_hash(&td_md5,
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer.
+ length);
+
+ if (ver->id == GNUTLS_SSL3) {
+ ret =
+ _gnutls_mac_deinit_ssl3_handshake(&td_md5,
+ concat,
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
+ _gnutls_hash_deinit(&td_md5, concat);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+ break;
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+
+ dconcat.data = &concat[16];
+ dconcat.size = 20;
+ break;
+
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ ret =
+ sign_tls_hash(session, NULL, cert, pkey, &dconcat, signature);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
int
-pk_hash_data (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
- gnutls_pk_params_st* params,
- const gnutls_datum_t * data, gnutls_datum_t * digest)
+pk_hash_data(gnutls_pk_algorithm_t pk, const mac_entry_st * hash,
+ gnutls_pk_params_st * params,
+ const gnutls_datum_t * data, gnutls_datum_t * digest)
{
- int ret;
-
- digest->size = _gnutls_hash_get_algo_len (hash);
- digest->data = gnutls_malloc (digest->size);
- if (digest->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_hash_fast (hash->id, data->data, data->size, digest->data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_free (digest->data);
- return ret;
+ int ret;
+
+ digest->size = _gnutls_hash_get_algo_len(hash);
+ digest->data = gnutls_malloc(digest->size);
+ if (digest->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ _gnutls_hash_fast(hash->id, data->data, data->size,
+ digest->data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_free(digest->data);
+ return ret;
}
@@ -733,35 +751,34 @@ cleanup:
* and will be freed if replacement is required.
*/
int
-pk_prepare_hash (gnutls_pk_algorithm_t pk,
- const mac_entry_st* hash, gnutls_datum_t * digest)
+pk_prepare_hash(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * hash, gnutls_datum_t * digest)
{
- int ret;
- gnutls_datum_t old_digest = { digest->data, digest->size };
-
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- if (unlikely(hash == NULL))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- /* Encode the digest as a DigestInfo
- */
- if ((ret = encode_ber_digest_info (hash, &old_digest, digest)) != 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_free_datum (&old_digest);
- break;
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- return 0;
+ int ret;
+ gnutls_datum_t old_digest = { digest->data, digest->size };
+
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ if (unlikely(hash == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ /* Encode the digest as a DigestInfo
+ */
+ if ((ret =
+ encode_ber_digest_info(hash, &old_digest,
+ digest)) != 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_free_datum(&old_digest);
+ break;
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ return 0;
}
-
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index d2a2f67927..a877acc49d 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -25,33 +25,33 @@
#include <gnutls/abstract.h>
-int _gnutls_handshake_sign_crt_vrfy (gnutls_session_t session,
- gnutls_pcert_st* cert,
- gnutls_privkey_t pkey,
- gnutls_datum_t * signature);
-
-int _gnutls_handshake_sign_data (gnutls_session_t session,
- gnutls_pcert_st* cert,
- gnutls_privkey_t pkey,
- gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t * algo);
-
-int _gnutls_handshake_verify_crt_vrfy (gnutls_session_t session,
- gnutls_pcert_st* cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t);
-
-int _gnutls_handshake_verify_data (gnutls_session_t session,
- gnutls_pcert_st* cert,
- const gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t algo);
-
-int pk_prepare_hash (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
- gnutls_datum_t * output);
-int pk_hash_data (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
- gnutls_pk_params_st * params, const gnutls_datum_t * data,
- gnutls_datum_t * digest);
+int _gnutls_handshake_sign_crt_vrfy(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * signature);
+
+int _gnutls_handshake_sign_data(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * algo);
+
+int _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t);
+
+int _gnutls_handshake_verify_data(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t algo);
+
+int pk_prepare_hash(gnutls_pk_algorithm_t pk, const mac_entry_st * hash,
+ gnutls_datum_t * output);
+int pk_hash_data(gnutls_pk_algorithm_t pk, const mac_entry_st * hash,
+ gnutls_pk_params_st * params, const gnutls_datum_t * data,
+ gnutls_datum_t * digest);
#endif
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 8707b87c43..be0143ff1a 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -41,50 +41,45 @@
*/
static int
-_gnutls_srp_gx (uint8_t * text, size_t textsize, uint8_t ** result,
- bigint_t g, bigint_t prime)
+_gnutls_srp_gx(uint8_t * text, size_t textsize, uint8_t ** result,
+ bigint_t g, bigint_t prime)
{
- bigint_t x, e;
- size_t result_size;
- int ret;
-
- if (_gnutls_mpi_scan_nz (&x, text, textsize))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- e = _gnutls_mpi_alloc_like (prime);
- if (e == NULL)
- {
- gnutls_assert ();
- _gnutls_mpi_release (&x);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* e = g^x mod prime (n) */
- _gnutls_mpi_powm (e, g, x, prime);
- _gnutls_mpi_release (&x);
-
- ret = _gnutls_mpi_print (e, NULL, &result_size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- *result = gnutls_malloc (result_size);
- if ((*result) == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- _gnutls_mpi_print (e, *result, &result_size);
- ret = result_size;
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_PRINT_FAILED;
- }
-
- _gnutls_mpi_release (&e);
-
- return ret;
+ bigint_t x, e;
+ size_t result_size;
+ int ret;
+
+ if (_gnutls_mpi_scan_nz(&x, text, textsize)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ e = _gnutls_mpi_alloc_like(prime);
+ if (e == NULL) {
+ gnutls_assert();
+ _gnutls_mpi_release(&x);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* e = g^x mod prime (n) */
+ _gnutls_mpi_powm(e, g, x, prime);
+ _gnutls_mpi_release(&x);
+
+ ret = _gnutls_mpi_print(e, NULL, &result_size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ *result = gnutls_malloc(result_size);
+ if ((*result) == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ _gnutls_mpi_print(e, *result, &result_size);
+ ret = result_size;
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ _gnutls_mpi_release(&e);
+
+ return ret;
}
@@ -95,242 +90,230 @@ _gnutls_srp_gx (uint8_t * text, size_t textsize, uint8_t ** result,
* Return: B and if ret_b is not NULL b.
*/
bigint_t
-_gnutls_calc_srp_B (bigint_t * ret_b, bigint_t g, bigint_t n, bigint_t v)
+_gnutls_calc_srp_B(bigint_t * ret_b, bigint_t g, bigint_t n, bigint_t v)
{
- bigint_t tmpB = NULL, tmpV = NULL;
- bigint_t b = NULL, B = NULL, k = NULL;
- int bits;
-
-
- /* calculate: B = (k*v + g^b) % N
- */
- bits = _gnutls_mpi_get_nbits (n);
-
- tmpV = _gnutls_mpi_alloc_like (n);
-
- if (tmpV == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- b = _gnutls_mpi_randomize (NULL, bits, GNUTLS_RND_RANDOM);
-
- tmpB = _gnutls_mpi_new (bits);
- if (tmpB == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- B = _gnutls_mpi_new (bits);
- if (B == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- k = _gnutls_calc_srp_u (n, g, n);
- if (k == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- _gnutls_mpi_mulm (tmpV, k, v, n);
- _gnutls_mpi_powm (tmpB, g, b, n);
-
- _gnutls_mpi_addm (B, tmpV, tmpB, n);
-
- _gnutls_mpi_release (&k);
- _gnutls_mpi_release (&tmpB);
- _gnutls_mpi_release (&tmpV);
-
- if (ret_b)
- *ret_b = b;
- else
- _gnutls_mpi_release (&b);
-
- return B;
-
-error:
- _gnutls_mpi_release (&b);
- _gnutls_mpi_release (&B);
- _gnutls_mpi_release (&k);
- _gnutls_mpi_release (&tmpB);
- _gnutls_mpi_release (&tmpV);
- return NULL;
+ bigint_t tmpB = NULL, tmpV = NULL;
+ bigint_t b = NULL, B = NULL, k = NULL;
+ int bits;
+
+
+ /* calculate: B = (k*v + g^b) % N
+ */
+ bits = _gnutls_mpi_get_nbits(n);
+
+ tmpV = _gnutls_mpi_alloc_like(n);
+
+ if (tmpV == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ b = _gnutls_mpi_randomize(NULL, bits, GNUTLS_RND_RANDOM);
+
+ tmpB = _gnutls_mpi_new(bits);
+ if (tmpB == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ B = _gnutls_mpi_new(bits);
+ if (B == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ k = _gnutls_calc_srp_u(n, g, n);
+ if (k == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ _gnutls_mpi_mulm(tmpV, k, v, n);
+ _gnutls_mpi_powm(tmpB, g, b, n);
+
+ _gnutls_mpi_addm(B, tmpV, tmpB, n);
+
+ _gnutls_mpi_release(&k);
+ _gnutls_mpi_release(&tmpB);
+ _gnutls_mpi_release(&tmpV);
+
+ if (ret_b)
+ *ret_b = b;
+ else
+ _gnutls_mpi_release(&b);
+
+ return B;
+
+ error:
+ _gnutls_mpi_release(&b);
+ _gnutls_mpi_release(&B);
+ _gnutls_mpi_release(&k);
+ _gnutls_mpi_release(&tmpB);
+ _gnutls_mpi_release(&tmpV);
+ return NULL;
}
/* This calculates the SHA1(A | B)
* A and B will be left-padded with zeros to fill n_size.
*/
-bigint_t
-_gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
+bigint_t _gnutls_calc_srp_u(bigint_t A, bigint_t B, bigint_t n)
{
- size_t b_size, a_size;
- uint8_t *holder, hd[MAX_HASH_SIZE];
- size_t holder_size, hash_size, n_size;
- int ret;
- bigint_t res;
-
- /* get the size of n in bytes */
- _gnutls_mpi_print (n, NULL, &n_size);
-
- _gnutls_mpi_print (A, NULL, &a_size);
- _gnutls_mpi_print (B, NULL, &b_size);
-
- if (a_size > n_size || b_size > n_size)
- {
- gnutls_assert ();
- return NULL; /* internal error */
- }
-
- holder_size = n_size + n_size;
-
- holder = gnutls_calloc (1, holder_size);
- if (holder == NULL)
- return NULL;
-
- _gnutls_mpi_print (A, &holder[n_size - a_size], &a_size);
- _gnutls_mpi_print (B, &holder[n_size + n_size - b_size], &b_size);
-
- ret = _gnutls_hash_fast (GNUTLS_MAC_SHA1, holder, holder_size, hd);
- if (ret < 0)
- {
- gnutls_free (holder);
- gnutls_assert ();
- return NULL;
- }
-
- /* convert the bytes of hd to integer
- */
- hash_size = 20; /* SHA */
- ret = _gnutls_mpi_scan_nz (&res, hd, hash_size);
- gnutls_free (holder);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- return res;
+ size_t b_size, a_size;
+ uint8_t *holder, hd[MAX_HASH_SIZE];
+ size_t holder_size, hash_size, n_size;
+ int ret;
+ bigint_t res;
+
+ /* get the size of n in bytes */
+ _gnutls_mpi_print(n, NULL, &n_size);
+
+ _gnutls_mpi_print(A, NULL, &a_size);
+ _gnutls_mpi_print(B, NULL, &b_size);
+
+ if (a_size > n_size || b_size > n_size) {
+ gnutls_assert();
+ return NULL; /* internal error */
+ }
+
+ holder_size = n_size + n_size;
+
+ holder = gnutls_calloc(1, holder_size);
+ if (holder == NULL)
+ return NULL;
+
+ _gnutls_mpi_print(A, &holder[n_size - a_size], &a_size);
+ _gnutls_mpi_print(B, &holder[n_size + n_size - b_size], &b_size);
+
+ ret = _gnutls_hash_fast(GNUTLS_MAC_SHA1, holder, holder_size, hd);
+ if (ret < 0) {
+ gnutls_free(holder);
+ gnutls_assert();
+ return NULL;
+ }
+
+ /* convert the bytes of hd to integer
+ */
+ hash_size = 20; /* SHA */
+ ret = _gnutls_mpi_scan_nz(&res, hd, hash_size);
+ gnutls_free(holder);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ return res;
}
/* S = (A * v^u) ^ b % N
* this is our shared key (server premaster secret)
*/
bigint_t
-_gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v,
- bigint_t n)
+_gnutls_calc_srp_S1(bigint_t A, bigint_t b, bigint_t u, bigint_t v,
+ bigint_t n)
{
- bigint_t tmp1 = NULL, tmp2 = NULL;
- bigint_t S = NULL;
+ bigint_t tmp1 = NULL, tmp2 = NULL;
+ bigint_t S = NULL;
- S = _gnutls_mpi_alloc_like (n);
- if (S == NULL)
- return NULL;
+ S = _gnutls_mpi_alloc_like(n);
+ if (S == NULL)
+ return NULL;
- tmp1 = _gnutls_mpi_alloc_like (n);
- tmp2 = _gnutls_mpi_alloc_like (n);
+ tmp1 = _gnutls_mpi_alloc_like(n);
+ tmp2 = _gnutls_mpi_alloc_like(n);
- if (tmp1 == NULL || tmp2 == NULL)
- goto freeall;
+ if (tmp1 == NULL || tmp2 == NULL)
+ goto freeall;
- _gnutls_mpi_powm (tmp1, v, u, n);
- _gnutls_mpi_mulm (tmp2, A, tmp1, n);
- _gnutls_mpi_powm (S, tmp2, b, n);
+ _gnutls_mpi_powm(tmp1, v, u, n);
+ _gnutls_mpi_mulm(tmp2, A, tmp1, n);
+ _gnutls_mpi_powm(S, tmp2, b, n);
- _gnutls_mpi_release (&tmp1);
- _gnutls_mpi_release (&tmp2);
+ _gnutls_mpi_release(&tmp1);
+ _gnutls_mpi_release(&tmp2);
- return S;
+ return S;
-freeall:
- _gnutls_mpi_release (&tmp1);
- _gnutls_mpi_release (&tmp2);
- return NULL;
+ freeall:
+ _gnutls_mpi_release(&tmp1);
+ _gnutls_mpi_release(&tmp2);
+ return NULL;
}
/* A = g^a % N
* returns A and a (which is random)
*/
-bigint_t
-_gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n)
+bigint_t _gnutls_calc_srp_A(bigint_t * a, bigint_t g, bigint_t n)
{
- bigint_t tmpa;
- bigint_t A;
- int bits;
-
- bits = _gnutls_mpi_get_nbits (n);
- tmpa = _gnutls_mpi_randomize (NULL, bits, GNUTLS_RND_RANDOM);
-
- A = _gnutls_mpi_new (bits);
- if (A == NULL)
- {
- gnutls_assert ();
- _gnutls_mpi_release (&tmpa);
- return NULL;
- }
- _gnutls_mpi_powm (A, g, tmpa, n);
-
- if (a != NULL)
- *a = tmpa;
- else
- _gnutls_mpi_release (&tmpa);
-
- return A;
+ bigint_t tmpa;
+ bigint_t A;
+ int bits;
+
+ bits = _gnutls_mpi_get_nbits(n);
+ tmpa = _gnutls_mpi_randomize(NULL, bits, GNUTLS_RND_RANDOM);
+
+ A = _gnutls_mpi_new(bits);
+ if (A == NULL) {
+ gnutls_assert();
+ _gnutls_mpi_release(&tmpa);
+ return NULL;
+ }
+ _gnutls_mpi_powm(A, g, tmpa, n);
+
+ if (a != NULL)
+ *a = tmpa;
+ else
+ _gnutls_mpi_release(&tmpa);
+
+ return A;
}
/* generate x = SHA(s | SHA(U | ":" | p))
* The output is exactly 20 bytes
*/
static int
-_gnutls_calc_srp_sha (const char *username, const char *password,
- uint8_t * salt, int salt_size, size_t * size,
- void *digest)
+_gnutls_calc_srp_sha(const char *username, const char *password,
+ uint8_t * salt, int salt_size, size_t * size,
+ void *digest)
{
- digest_hd_st td;
- uint8_t res[MAX_HASH_SIZE];
- int ret;
- const mac_entry_st* me = mac_to_entry(GNUTLS_MAC_SHA1);
+ digest_hd_st td;
+ uint8_t res[MAX_HASH_SIZE];
+ int ret;
+ const mac_entry_st *me = mac_to_entry(GNUTLS_MAC_SHA1);
- *size = 20;
+ *size = 20;
- ret = _gnutls_hash_init (&td, me);
- if (ret < 0)
- {
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_hash (&td, username, strlen (username));
- _gnutls_hash (&td, ":", 1);
- _gnutls_hash (&td, password, strlen (password));
+ ret = _gnutls_hash_init(&td, me);
+ if (ret < 0) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_hash(&td, username, strlen(username));
+ _gnutls_hash(&td, ":", 1);
+ _gnutls_hash(&td, password, strlen(password));
- _gnutls_hash_deinit (&td, res);
+ _gnutls_hash_deinit(&td, res);
- ret = _gnutls_hash_init (&td, me);
- if (ret < 0)
- {
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ret = _gnutls_hash_init(&td, me);
+ if (ret < 0) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _gnutls_hash (&td, salt, salt_size);
- _gnutls_hash (&td, res, 20); /* 20 bytes is the output of sha1 */
+ _gnutls_hash(&td, salt, salt_size);
+ _gnutls_hash(&td, res, 20); /* 20 bytes is the output of sha1 */
- _gnutls_hash_deinit (&td, digest);
+ _gnutls_hash_deinit(&td, digest);
- return 0;
+ return 0;
}
int
-_gnutls_calc_srp_x (char *username, char *password, uint8_t * salt,
- size_t salt_size, size_t * size, void *digest)
+_gnutls_calc_srp_x(char *username, char *password, uint8_t * salt,
+ size_t salt_size, size_t * size, void *digest)
{
- return _gnutls_calc_srp_sha (username, password, salt,
- salt_size, size, digest);
+ return _gnutls_calc_srp_sha(username, password, salt,
+ salt_size, size, digest);
}
@@ -338,59 +321,57 @@ _gnutls_calc_srp_x (char *username, char *password, uint8_t * salt,
* this is our shared key (client premaster secret)
*/
bigint_t
-_gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a,
- bigint_t u, bigint_t n)
+_gnutls_calc_srp_S2(bigint_t B, bigint_t g, bigint_t x, bigint_t a,
+ bigint_t u, bigint_t n)
{
- bigint_t S = NULL, tmp1 = NULL, tmp2 = NULL;
- bigint_t tmp4 = NULL, tmp3 = NULL, k = NULL;
-
- S = _gnutls_mpi_alloc_like (n);
- if (S == NULL)
- return NULL;
-
- tmp1 = _gnutls_mpi_alloc_like (n);
- tmp2 = _gnutls_mpi_alloc_like (n);
- tmp3 = _gnutls_mpi_alloc_like (n);
- if (tmp1 == NULL || tmp2 == NULL || tmp3 == NULL)
- {
- goto freeall;
- }
-
- k = _gnutls_calc_srp_u (n, g, n);
- if (k == NULL)
- {
- gnutls_assert ();
- goto freeall;
- }
-
- _gnutls_mpi_powm (tmp1, g, x, n); /* g^x */
- _gnutls_mpi_mulm (tmp3, tmp1, k, n); /* k*g^x mod n */
- _gnutls_mpi_subm (tmp2, B, tmp3, n);
-
- tmp4 = _gnutls_mpi_alloc_like (n);
- if (tmp4 == NULL)
- goto freeall;
-
- _gnutls_mpi_mul (tmp1, u, x);
- _gnutls_mpi_add (tmp4, a, tmp1);
- _gnutls_mpi_powm (S, tmp2, tmp4, n);
-
- _gnutls_mpi_release (&tmp1);
- _gnutls_mpi_release (&tmp2);
- _gnutls_mpi_release (&tmp3);
- _gnutls_mpi_release (&tmp4);
- _gnutls_mpi_release (&k);
-
- return S;
-
-freeall:
- _gnutls_mpi_release (&k);
- _gnutls_mpi_release (&tmp1);
- _gnutls_mpi_release (&tmp2);
- _gnutls_mpi_release (&tmp3);
- _gnutls_mpi_release (&tmp4);
- _gnutls_mpi_release (&S);
- return NULL;
+ bigint_t S = NULL, tmp1 = NULL, tmp2 = NULL;
+ bigint_t tmp4 = NULL, tmp3 = NULL, k = NULL;
+
+ S = _gnutls_mpi_alloc_like(n);
+ if (S == NULL)
+ return NULL;
+
+ tmp1 = _gnutls_mpi_alloc_like(n);
+ tmp2 = _gnutls_mpi_alloc_like(n);
+ tmp3 = _gnutls_mpi_alloc_like(n);
+ if (tmp1 == NULL || tmp2 == NULL || tmp3 == NULL) {
+ goto freeall;
+ }
+
+ k = _gnutls_calc_srp_u(n, g, n);
+ if (k == NULL) {
+ gnutls_assert();
+ goto freeall;
+ }
+
+ _gnutls_mpi_powm(tmp1, g, x, n); /* g^x */
+ _gnutls_mpi_mulm(tmp3, tmp1, k, n); /* k*g^x mod n */
+ _gnutls_mpi_subm(tmp2, B, tmp3, n);
+
+ tmp4 = _gnutls_mpi_alloc_like(n);
+ if (tmp4 == NULL)
+ goto freeall;
+
+ _gnutls_mpi_mul(tmp1, u, x);
+ _gnutls_mpi_add(tmp4, a, tmp1);
+ _gnutls_mpi_powm(S, tmp2, tmp4, n);
+
+ _gnutls_mpi_release(&tmp1);
+ _gnutls_mpi_release(&tmp2);
+ _gnutls_mpi_release(&tmp3);
+ _gnutls_mpi_release(&tmp4);
+ _gnutls_mpi_release(&k);
+
+ return S;
+
+ freeall:
+ _gnutls_mpi_release(&k);
+ _gnutls_mpi_release(&tmp1);
+ _gnutls_mpi_release(&tmp2);
+ _gnutls_mpi_release(&tmp3);
+ _gnutls_mpi_release(&tmp4);
+ _gnutls_mpi_release(&S);
+ return NULL;
}
/**
@@ -400,12 +381,11 @@ freeall:
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to free (deallocate) it.
**/
-void
-gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc)
+void gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc)
{
- gnutls_free (sc->username);
- gnutls_free (sc->password);
- gnutls_free (sc);
+ gnutls_free(sc->username);
+ gnutls_free(sc->password);
+ gnutls_free(sc);
}
/**
@@ -419,14 +399,15 @@ gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc)
* error code.
**/
int
-gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc)
+gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (srp_client_credentials_st));
+ *sc = gnutls_calloc(1, sizeof(srp_client_credentials_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
/**
@@ -445,28 +426,27 @@ gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc)
* error code.
**/
int
-gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
- const char *username, const char *password)
+gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res,
+ const char *username,
+ const char *password)
{
- if (username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (username == NULL || password == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- res->username = gnutls_strdup (username);
- if (res->username == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ res->username = gnutls_strdup(username);
+ if (res->username == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- res->password = gnutls_strdup (password);
- if (res->password == NULL)
- {
- gnutls_free (res->username);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ res->password = gnutls_strdup(password);
+ if (res->password == NULL) {
+ gnutls_free(res->username);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
/**
@@ -476,13 +456,12 @@ gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to free (deallocate) it.
**/
-void
-gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc)
+void gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc)
{
- gnutls_free (sc->password_file);
- gnutls_free (sc->password_conf_file);
+ gnutls_free(sc->password_file);
+ gnutls_free(sc->password_conf_file);
- gnutls_free (sc);
+ gnutls_free(sc);
}
/**
@@ -496,14 +475,15 @@ gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc)
* error code.
**/
int
-gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc)
+gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (srp_server_cred_st));
+ *sc = gnutls_calloc(1, sizeof(srp_server_cred_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
/**
@@ -521,47 +501,42 @@ gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc)
* error code.
**/
int
-gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res,
- const char *password_file,
- const char *password_conf_file)
+gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t res,
+ const char *password_file,
+ const char *password_conf_file)
{
- if (password_file == NULL || password_conf_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the files can be opened */
- if (_gnutls_file_exists (password_file) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- if (_gnutls_file_exists (password_conf_file) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- res->password_file = gnutls_strdup (password_file);
- if (res->password_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- res->password_conf_file = gnutls_strdup (password_conf_file);
- if (res->password_conf_file == NULL)
- {
- gnutls_assert ();
- gnutls_free (res->password_file);
- res->password_file = NULL;
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ if (password_file == NULL || password_conf_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the files can be opened */
+ if (_gnutls_file_exists(password_file) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (_gnutls_file_exists(password_conf_file) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ res->password_file = gnutls_strdup(password_file);
+ if (res->password_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->password_conf_file = gnutls_strdup(password_conf_file);
+ if (res->password_conf_file == NULL) {
+ gnutls_assert();
+ gnutls_free(res->password_file);
+ res->password_file = NULL;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
@@ -595,12 +570,12 @@ gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res,
* -1 indicates an error.
**/
void
-gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t
- cred,
- gnutls_srp_server_credentials_function
- * func)
+gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t
+ cred,
+ gnutls_srp_server_credentials_function
+ * func)
{
- cred->pwd_callback = func;
+ cred->pwd_callback = func;
}
/**
@@ -629,12 +604,12 @@ gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t
* -1 indicates an error.
**/
void
-gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t
- cred,
- gnutls_srp_client_credentials_function
- * func)
+gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t
+ cred,
+ gnutls_srp_client_credentials_function
+ * func)
{
- cred->get_function = func;
+ cred->get_function = func;
}
@@ -648,17 +623,16 @@ gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t
*
* Returns: SRP username of the peer, or NULL in case of error.
**/
-const char *
-gnutls_srp_server_get_username (gnutls_session_t session)
+const char *gnutls_srp_server_get_username(gnutls_session_t session)
{
- srp_server_auth_info_t info;
+ srp_server_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_SRP, NULL);
+ CHECK_AUTH(GNUTLS_CRD_SRP, NULL);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return NULL;
- return info->username;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
+ return info->username;
}
/**
@@ -681,47 +655,43 @@ gnutls_srp_server_get_username (gnutls_session_t session)
* error code.
**/
int
-gnutls_srp_verifier (const char *username, const char *password,
- const gnutls_datum_t * salt,
- const gnutls_datum_t * generator,
- const gnutls_datum_t * prime, gnutls_datum_t * res)
+gnutls_srp_verifier(const char *username, const char *password,
+ const gnutls_datum_t * salt,
+ const gnutls_datum_t * generator,
+ const gnutls_datum_t * prime, gnutls_datum_t * res)
{
- bigint_t _n, _g;
- int ret;
- size_t digest_size = 20, size;
- uint8_t digest[20];
-
- ret = _gnutls_calc_srp_sha (username, password, salt->data,
- salt->size, &digest_size, digest);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- size = prime->size;
- if (_gnutls_mpi_scan_nz (&_n, prime->data, size))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- size = generator->size;
- if (_gnutls_mpi_scan_nz (&_g, generator->data, size))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- ret = _gnutls_srp_gx (digest, 20, &res->data, _g, _n);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- res->size = ret;
-
- return 0;
+ bigint_t _n, _g;
+ int ret;
+ size_t digest_size = 20, size;
+ uint8_t digest[20];
+
+ ret = _gnutls_calc_srp_sha(username, password, salt->data,
+ salt->size, &digest_size, digest);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ size = prime->size;
+ if (_gnutls_mpi_scan_nz(&_n, prime->data, size)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ size = generator->size;
+ if (_gnutls_mpi_scan_nz(&_g, generator->data, size)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ ret = _gnutls_srp_gx(digest, 20, &res->data, _g, _n);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ res->size = ret;
+
+ return 0;
}
/**
@@ -741,10 +711,9 @@ gnutls_srp_verifier (const char *username, const char *password,
*
* Since: 2.6.0
**/
-void
-gnutls_srp_set_prime_bits (gnutls_session_t session, unsigned int bits)
+void gnutls_srp_set_prime_bits(gnutls_session_t session, unsigned int bits)
{
- session->internals.srp_prime_bits = bits;
+ session->internals.srp_prime_bits = bits;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/gnutls_srp.h b/lib/gnutls_srp.h
index eda858d9a8..b82cc577ef 100644
--- a/lib/gnutls_srp.h
+++ b/lib/gnutls_srp.h
@@ -22,17 +22,17 @@
#ifdef ENABLE_SRP
-bigint_t _gnutls_calc_srp_B (bigint_t * ret_b, bigint_t g, bigint_t n,
- bigint_t v);
-bigint_t _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t N);
-bigint_t _gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v,
- bigint_t n);
-bigint_t _gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n);
-bigint_t _gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a,
- bigint_t u, bigint_t n);
-int _gnutls_calc_srp_x (char *username, char *password, uint8_t * salt,
- size_t salt_size, size_t * size, void *digest);
-int _gnutls_srp_gn (uint8_t ** ret_g, uint8_t ** ret_n, int bits);
+bigint_t _gnutls_calc_srp_B(bigint_t * ret_b, bigint_t g, bigint_t n,
+ bigint_t v);
+bigint_t _gnutls_calc_srp_u(bigint_t A, bigint_t B, bigint_t N);
+bigint_t _gnutls_calc_srp_S1(bigint_t A, bigint_t b, bigint_t u,
+ bigint_t v, bigint_t n);
+bigint_t _gnutls_calc_srp_A(bigint_t * a, bigint_t g, bigint_t n);
+bigint_t _gnutls_calc_srp_S2(bigint_t B, bigint_t g, bigint_t x,
+ bigint_t a, bigint_t u, bigint_t n);
+int _gnutls_calc_srp_x(char *username, char *password, uint8_t * salt,
+ size_t salt_size, size_t * size, void *digest);
+int _gnutls_srp_gn(uint8_t ** ret_g, uint8_t ** ret_n, int bits);
/* g is defined to be 2 */
#define SRP_MAX_HASH_SIZE 24
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 4103a74230..a609fb97a5 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -50,24 +50,26 @@
/* These should really be static, but src/tests.c calls them. Make
them public functions? */
void
-_gnutls_rsa_pms_set_version (gnutls_session_t session,
- unsigned char major, unsigned char minor);
+_gnutls_rsa_pms_set_version(gnutls_session_t session,
+ unsigned char major, unsigned char minor);
void
-_gnutls_session_cert_type_set (gnutls_session_t session,
- gnutls_certificate_type_t ct)
+_gnutls_session_cert_type_set(gnutls_session_t session,
+ gnutls_certificate_type_t ct)
{
- _gnutls_handshake_log("HSK[%p]: Selected certificate type %s (%d)\n", session,
- gnutls_certificate_type_get_name(ct), ct);
- session->security_parameters.cert_type = ct;
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected certificate type %s (%d)\n", session,
+ gnutls_certificate_type_get_name(ct), ct);
+ session->security_parameters.cert_type = ct;
}
void
-_gnutls_session_ecc_curve_set (gnutls_session_t session,
- gnutls_ecc_curve_t c)
+_gnutls_session_ecc_curve_set(gnutls_session_t session,
+ gnutls_ecc_curve_t c)
{
- _gnutls_handshake_log("HSK[%p]: Selected ECC curve %s (%d)\n", session, gnutls_ecc_curve_get_name(c), c);
- session->security_parameters.ecc_curve = c;
+ _gnutls_handshake_log("HSK[%p]: Selected ECC curve %s (%d)\n",
+ session, gnutls_ecc_curve_get_name(c), c);
+ session->security_parameters.ecc_curve = c;
}
/**
@@ -79,17 +81,17 @@ _gnutls_session_ecc_curve_set (gnutls_session_t session,
* Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
* type.
**/
-gnutls_cipher_algorithm_t
-gnutls_cipher_get (gnutls_session_t session)
+gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session)
{
- record_parameters_st *record_params;
- int ret;
-
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_CIPHER_NULL);
-
- return record_params->cipher->id;
+ record_parameters_st *record_params;
+ int ret;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_CIPHER_NULL);
+
+ return record_params->cipher->id;
}
/**
@@ -103,9 +105,9 @@ gnutls_cipher_get (gnutls_session_t session)
* type.
**/
gnutls_certificate_type_t
-gnutls_certificate_type_get (gnutls_session_t session)
+gnutls_certificate_type_get(gnutls_session_t session)
{
- return session->security_parameters.cert_type;
+ return session->security_parameters.cert_type;
}
/**
@@ -117,10 +119,9 @@ gnutls_certificate_type_get (gnutls_session_t session)
* Returns: the key exchange algorithm used in the last handshake, a
* #gnutls_kx_algorithm_t value.
**/
-gnutls_kx_algorithm_t
-gnutls_kx_get (gnutls_session_t session)
+gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
{
- return session->security_parameters.kx_algorithm;
+ return session->security_parameters.kx_algorithm;
}
/**
@@ -132,17 +133,17 @@ gnutls_kx_get (gnutls_session_t session)
* Returns: the currently used mac algorithm, a
* #gnutls_mac_algorithm_t value.
**/
-gnutls_mac_algorithm_t
-gnutls_mac_get (gnutls_session_t session)
+gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session)
{
- record_parameters_st *record_params;
- int ret;
-
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_MAC_NULL);
-
- return record_params->mac->id;
+ record_parameters_st *record_params;
+ int ret;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_MAC_NULL);
+
+ return record_params->mac->id;
}
/**
@@ -155,16 +156,17 @@ gnutls_mac_get (gnutls_session_t session)
* #gnutls_compression_method_t value.
**/
gnutls_compression_method_t
-gnutls_compression_get (gnutls_session_t session)
+gnutls_compression_get(gnutls_session_t session)
{
- record_parameters_st *record_params;
- int ret;
-
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_COMP_NULL);
-
- return record_params->compression_algorithm;
+ record_parameters_st *record_params;
+ int ret;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_COMP_NULL);
+
+ return record_params->compression_algorithm;
}
/* Check if the given certificate type is supported.
@@ -172,109 +174,107 @@ gnutls_compression_get (gnutls_session_t session)
* and a matching certificate exists.
*/
int
-_gnutls_session_cert_type_supported (gnutls_session_t session,
- gnutls_certificate_type_t cert_type)
+_gnutls_session_cert_type_supported(gnutls_session_t session,
+ gnutls_certificate_type_t cert_type)
{
- unsigned i;
- unsigned cert_found = 0;
- gnutls_certificate_credentials_t cred;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
-
- if (cred == NULL)
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
-
- if (cred->server_get_cert_callback == NULL
- && cred->get_cert_callback == NULL)
- {
- for (i = 0; i < cred->ncerts; i++)
- {
- if (cred->certs[i].cert_list[0].type == cert_type)
- {
- cert_found = 1;
- break;
- }
- }
-
- if (cert_found == 0)
- /* no certificate is of that type.
- */
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
- }
-
- if (session->internals.priorities.cert_type.algorithms == 0
- && cert_type == DEFAULT_CERT_TYPE)
- return 0;
-
- for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++)
- {
- if (session->internals.priorities.cert_type.priority[i] == cert_type)
- {
- return 0; /* ok */
- }
- }
-
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ unsigned i;
+ unsigned cert_found = 0;
+ gnutls_certificate_credentials_t cred;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE,
+ NULL);
+
+ if (cred == NULL)
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+
+ if (cred->server_get_cert_callback == NULL
+ && cred->get_cert_callback == NULL) {
+ for (i = 0; i < cred->ncerts; i++) {
+ if (cred->certs[i].cert_list[0].type ==
+ cert_type) {
+ cert_found = 1;
+ break;
+ }
+ }
+
+ if (cert_found == 0)
+ /* no certificate is of that type.
+ */
+ return
+ GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+ }
+
+ if (session->internals.priorities.cert_type.algorithms == 0
+ && cert_type == DEFAULT_CERT_TYPE)
+ return 0;
+
+ for (i = 0; i < session->internals.priorities.cert_type.algorithms;
+ i++) {
+ if (session->internals.priorities.cert_type.priority[i] ==
+ cert_type) {
+ return 0; /* ok */
+ }
+ }
+
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
/* this function deinitializes all the internal parameters stored
* in a session struct.
*/
-inline static void
-deinit_internal_params (gnutls_session_t session)
+inline static void deinit_internal_params(gnutls_session_t session)
{
#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
- if (session->internals.params.free_dh_params)
- gnutls_dh_params_deinit (session->internals.params.dh_params);
+ if (session->internals.params.free_dh_params)
+ gnutls_dh_params_deinit(session->internals.params.
+ dh_params);
#endif
- _gnutls_handshake_hash_buffers_clear (session);
+ _gnutls_handshake_hash_buffers_clear(session);
- memset (&session->internals.params, 0, sizeof (session->internals.params));
+ memset(&session->internals.params, 0,
+ sizeof(session->internals.params));
}
/* This function will clear all the variables in internals
* structure within the session, which depend on the current handshake.
* This is used to allow further handshakes.
*/
-static void
-_gnutls_handshake_internal_state_init (gnutls_session_t session)
+static void _gnutls_handshake_internal_state_init(gnutls_session_t session)
{
- session->internals.extensions_sent_size = 0;
-
- /* by default no selected certificate */
- session->internals.adv_version_major = 0;
- session->internals.adv_version_minor = 0;
- session->internals.direction = 0;
-
- /* use out of band data for the last
- * handshake messages received.
- */
- session->internals.last_handshake_in = -1;
- session->internals.last_handshake_out = -1;
-
- session->internals.resumable = RESUME_TRUE;
-
- session->internals.dtls.hsk_read_seq = 0;
- session->internals.dtls.hsk_write_seq = 0;
- gettime(&session->internals.dtls.handshake_start_time);
+ session->internals.extensions_sent_size = 0;
+
+ /* by default no selected certificate */
+ session->internals.adv_version_major = 0;
+ session->internals.adv_version_minor = 0;
+ session->internals.direction = 0;
+
+ /* use out of band data for the last
+ * handshake messages received.
+ */
+ session->internals.last_handshake_in = -1;
+ session->internals.last_handshake_out = -1;
+
+ session->internals.resumable = RESUME_TRUE;
+
+ session->internals.dtls.hsk_read_seq = 0;
+ session->internals.dtls.hsk_write_seq = 0;
+ gettime(&session->internals.dtls.handshake_start_time);
}
-void
-_gnutls_handshake_internal_state_clear (gnutls_session_t session)
+void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
{
- _gnutls_handshake_internal_state_init (session);
+ _gnutls_handshake_internal_state_init(session);
+
+ deinit_internal_params(session);
- deinit_internal_params (session);
-
- _gnutls_epoch_gc(session);
+ _gnutls_epoch_gc(session);
- session->internals.handshake_endtime = 0;
+ session->internals.handshake_endtime = 0;
}
/**
@@ -303,121 +303,120 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t session)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_init (gnutls_session_t * session, unsigned int flags)
+int gnutls_init(gnutls_session_t * session, unsigned int flags)
{
- int ret;
- record_parameters_st *epoch;
+ int ret;
+ record_parameters_st *epoch;
- *session = gnutls_calloc (1, sizeof (struct gnutls_session_int));
- if (*session == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ *session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
+ if (*session == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- ret = _gnutls_epoch_alloc (*session, 0, &epoch);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ret = _gnutls_epoch_alloc(*session, 0, &epoch);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- /* Set all NULL algos on epoch 0 */
- _gnutls_epoch_set_null_algos (*session, epoch);
+ /* Set all NULL algos on epoch 0 */
+ _gnutls_epoch_set_null_algos(*session, epoch);
- (*session)->security_parameters.epoch_next = 1;
+ (*session)->security_parameters.epoch_next = 1;
- (*session)->security_parameters.entity = (flags&GNUTLS_SERVER?GNUTLS_SERVER:GNUTLS_CLIENT);
+ (*session)->security_parameters.entity =
+ (flags & GNUTLS_SERVER ? GNUTLS_SERVER : GNUTLS_CLIENT);
- /* the default certificate type for TLS */
- (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
+ /* the default certificate type for TLS */
+ (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
- /* Initialize buffers */
- _gnutls_buffer_init (&(*session)->internals.handshake_hash_buffer);
- _gnutls_buffer_init (&(*session)->internals.hb_remote_data);
- _gnutls_buffer_init (&(*session)->internals.hb_local_data);
- _gnutls_buffer_init (&(*session)->internals.record_presend_buffer);
+ /* Initialize buffers */
+ _gnutls_buffer_init(&(*session)->internals.handshake_hash_buffer);
+ _gnutls_buffer_init(&(*session)->internals.hb_remote_data);
+ _gnutls_buffer_init(&(*session)->internals.hb_local_data);
+ _gnutls_buffer_init(&(*session)->internals.record_presend_buffer);
- _mbuffer_head_init (&(*session)->internals.record_buffer);
- _mbuffer_head_init (&(*session)->internals.record_send_buffer);
- _mbuffer_head_init (&(*session)->internals.record_recv_buffer);
+ _mbuffer_head_init(&(*session)->internals.record_buffer);
+ _mbuffer_head_init(&(*session)->internals.record_send_buffer);
+ _mbuffer_head_init(&(*session)->internals.record_recv_buffer);
- _mbuffer_head_init (&(*session)->internals.handshake_send_buffer);
- _gnutls_handshake_recv_buffer_init(*session);
+ _mbuffer_head_init(&(*session)->internals.handshake_send_buffer);
+ _gnutls_handshake_recv_buffer_init(*session);
- (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
+ (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
- gnutls_handshake_set_max_packet_length ((*session),
- MAX_HANDSHAKE_PACKET_SIZE);
+ gnutls_handshake_set_max_packet_length((*session),
+ MAX_HANDSHAKE_PACKET_SIZE);
- /* set the socket pointers to -1;
- */
- (*session)->internals.transport_recv_ptr = (gnutls_transport_ptr_t) - 1;
- (*session)->internals.transport_send_ptr = (gnutls_transport_ptr_t) - 1;
+ /* set the socket pointers to -1;
+ */
+ (*session)->internals.transport_recv_ptr =
+ (gnutls_transport_ptr_t) - 1;
+ (*session)->internals.transport_send_ptr =
+ (gnutls_transport_ptr_t) - 1;
- /* set the default maximum record size for TLS
- */
- (*session)->security_parameters.max_record_recv_size =
- DEFAULT_MAX_RECORD_SIZE;
- (*session)->security_parameters.max_record_send_size =
- DEFAULT_MAX_RECORD_SIZE;
+ /* set the default maximum record size for TLS
+ */
+ (*session)->security_parameters.max_record_recv_size =
+ DEFAULT_MAX_RECORD_SIZE;
+ (*session)->security_parameters.max_record_send_size =
+ DEFAULT_MAX_RECORD_SIZE;
- /* everything else not initialized here is initialized
- * as NULL or 0. This is why calloc is used.
- */
+ /* everything else not initialized here is initialized
+ * as NULL or 0. This is why calloc is used.
+ */
- _gnutls_handshake_internal_state_init (*session);
+ _gnutls_handshake_internal_state_init(*session);
- /* emulate old gnutls behavior for old applications that do not use the priority_*
- * functions.
- */
- (*session)->internals.priorities.sr = SR_PARTIAL;
+ /* emulate old gnutls behavior for old applications that do not use the priority_*
+ * functions.
+ */
+ (*session)->internals.priorities.sr = SR_PARTIAL;
#ifdef HAVE_WRITEV
- gnutls_transport_set_vec_push_function (*session, system_writev);
+ gnutls_transport_set_vec_push_function(*session, system_writev);
#else
- gnutls_transport_set_push_function (*session, system_write);
+ gnutls_transport_set_push_function(*session, system_write);
#endif
- gnutls_transport_set_pull_function (*session, system_read);
- gnutls_transport_set_errno_function (*session, system_errno);
- gnutls_transport_set_pull_timeout_function (*session, system_recv_timeout);
-
- (*session)->internals.hb_retrans_timeout_ms = 1000;
- (*session)->internals.hb_total_timeout_ms = 60000;
-
- if (flags & GNUTLS_DATAGRAM)
- {
- (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
- (*session)->internals.transport = GNUTLS_DGRAM;
-
- (*session)->internals.dtls.retrans_timeout_ms = 1000;
- (*session)->internals.dtls.total_timeout_ms = 60000;
- }
- else
- (*session)->internals.transport = GNUTLS_STREAM;
-
- if (flags & GNUTLS_NONBLOCK)
- (*session)->internals.dtls.blocking = 0;
- else
- (*session)->internals.dtls.blocking = 1;
-
- /* Enable useful extensions */
- if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS))
- {
- gnutls_session_ticket_enable_client(*session);
- gnutls_ocsp_status_request_enable_client(*session, NULL, 0, NULL);
- }
-
- if (flags & GNUTLS_NO_REPLAY_PROTECTION)
- (*session)->internals.no_replay_protection = 1;
-
- return 0;
+ gnutls_transport_set_pull_function(*session, system_read);
+ gnutls_transport_set_errno_function(*session, system_errno);
+ gnutls_transport_set_pull_timeout_function(*session,
+ system_recv_timeout);
+
+ (*session)->internals.hb_retrans_timeout_ms = 1000;
+ (*session)->internals.hb_total_timeout_ms = 60000;
+
+ if (flags & GNUTLS_DATAGRAM) {
+ (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
+ (*session)->internals.transport = GNUTLS_DGRAM;
+
+ (*session)->internals.dtls.retrans_timeout_ms = 1000;
+ (*session)->internals.dtls.total_timeout_ms = 60000;
+ } else
+ (*session)->internals.transport = GNUTLS_STREAM;
+
+ if (flags & GNUTLS_NONBLOCK)
+ (*session)->internals.dtls.blocking = 0;
+ else
+ (*session)->internals.dtls.blocking = 1;
+
+ /* Enable useful extensions */
+ if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) {
+ gnutls_session_ticket_enable_client(*session);
+ gnutls_ocsp_status_request_enable_client(*session, NULL, 0,
+ NULL);
+ }
+
+ if (flags & GNUTLS_NO_REPLAY_PROTECTION)
+ (*session)->internals.no_replay_protection = 1;
+
+ return 0;
}
/* returns RESUME_FALSE or RESUME_TRUE.
*/
-int
-_gnutls_session_is_resumable (gnutls_session_t session)
+int _gnutls_session_is_resumable(gnutls_session_t session)
{
- return session->internals.resumable;
+ return session->internals.resumable;
}
@@ -429,240 +428,232 @@ _gnutls_session_is_resumable (gnutls_session_t session)
* This function will also remove session data from the session
* database if the session was terminated abnormally.
**/
-void
-gnutls_deinit (gnutls_session_t session)
+void gnutls_deinit(gnutls_session_t session)
{
- unsigned int i;
-
- if (session == NULL)
- return;
-
- _gnutls_rnd_refresh();
-
- /* remove auth info firstly */
- _gnutls_free_auth_info (session);
-
- _gnutls_handshake_internal_state_clear (session);
- _gnutls_handshake_io_buffer_clear (session);
- _gnutls_ext_free_session_data (session);
-
- for (i = 0; i < MAX_EPOCH_INDEX; i++)
- if (session->record_parameters[i] != NULL)
- {
- _gnutls_epoch_free (session, session->record_parameters[i]);
- session->record_parameters[i] = NULL;
- }
-
- _gnutls_buffer_clear (&session->internals.handshake_hash_buffer);
- _gnutls_buffer_clear (&session->internals.hb_remote_data);
- _gnutls_buffer_clear (&session->internals.hb_local_data);
- _gnutls_buffer_clear (&session->internals.record_presend_buffer);
-
- _mbuffer_head_clear (&session->internals.record_buffer);
- _mbuffer_head_clear (&session->internals.record_recv_buffer);
- _mbuffer_head_clear (&session->internals.record_send_buffer);
-
- gnutls_credentials_clear (session);
- _gnutls_selected_certs_deinit (session);
-
- gnutls_pk_params_release(&session->key.ecdh_params);
- _gnutls_mpi_release (&session->key.ecdh_x);
- _gnutls_mpi_release (&session->key.ecdh_y);
-
- _gnutls_mpi_release (&session->key.KEY);
- _gnutls_mpi_release (&session->key.client_Y);
- _gnutls_mpi_release (&session->key.client_p);
- _gnutls_mpi_release (&session->key.client_g);
-
- _gnutls_mpi_release (&session->key.u);
- _gnutls_mpi_release (&session->key.a);
- _gnutls_mpi_release (&session->key.x);
- _gnutls_mpi_release (&session->key.A);
- _gnutls_mpi_release (&session->key.B);
- _gnutls_mpi_release (&session->key.b);
-
- /* RSA */
- _gnutls_mpi_release (&session->key.rsa[0]);
- _gnutls_mpi_release (&session->key.rsa[1]);
-
- _gnutls_mpi_release (&session->key.dh_secret);
-
- gnutls_free (session);
+ unsigned int i;
+
+ if (session == NULL)
+ return;
+
+ _gnutls_rnd_refresh();
+
+ /* remove auth info firstly */
+ _gnutls_free_auth_info(session);
+
+ _gnutls_handshake_internal_state_clear(session);
+ _gnutls_handshake_io_buffer_clear(session);
+ _gnutls_ext_free_session_data(session);
+
+ for (i = 0; i < MAX_EPOCH_INDEX; i++)
+ if (session->record_parameters[i] != NULL) {
+ _gnutls_epoch_free(session,
+ session->record_parameters[i]);
+ session->record_parameters[i] = NULL;
+ }
+
+ _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
+ _gnutls_buffer_clear(&session->internals.hb_remote_data);
+ _gnutls_buffer_clear(&session->internals.hb_local_data);
+ _gnutls_buffer_clear(&session->internals.record_presend_buffer);
+
+ _mbuffer_head_clear(&session->internals.record_buffer);
+ _mbuffer_head_clear(&session->internals.record_recv_buffer);
+ _mbuffer_head_clear(&session->internals.record_send_buffer);
+
+ gnutls_credentials_clear(session);
+ _gnutls_selected_certs_deinit(session);
+
+ gnutls_pk_params_release(&session->key.ecdh_params);
+ _gnutls_mpi_release(&session->key.ecdh_x);
+ _gnutls_mpi_release(&session->key.ecdh_y);
+
+ _gnutls_mpi_release(&session->key.KEY);
+ _gnutls_mpi_release(&session->key.client_Y);
+ _gnutls_mpi_release(&session->key.client_p);
+ _gnutls_mpi_release(&session->key.client_g);
+
+ _gnutls_mpi_release(&session->key.u);
+ _gnutls_mpi_release(&session->key.a);
+ _gnutls_mpi_release(&session->key.x);
+ _gnutls_mpi_release(&session->key.A);
+ _gnutls_mpi_release(&session->key.B);
+ _gnutls_mpi_release(&session->key.b);
+
+ /* RSA */
+ _gnutls_mpi_release(&session->key.rsa[0]);
+ _gnutls_mpi_release(&session->key.rsa[1]);
+
+ _gnutls_mpi_release(&session->key.dh_secret);
+
+ gnutls_free(session);
}
/* Returns the minimum prime bits that are acceptable.
*/
-int
-_gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public)
+int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public)
{
- dh_info_st *dh;
- int ret;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (dh->public_key.data)
- _gnutls_free_datum (&dh->public_key);
-
- ret = _gnutls_mpi_dprint_lz (public, &dh->public_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ dh_info_st *dh;
+ int ret;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (dh->public_key.data)
+ _gnutls_free_datum(&dh->public_key);
+
+ ret = _gnutls_mpi_dprint_lz(public, &dh->public_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-int
-_gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits)
+int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits)
{
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- info->dh.secret_bits = bits;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
-
- return 0;
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ info->dh.secret_bits = bits;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
+ return 0;
}
/* Sets the prime and the generator in the auth info structure.
*/
int
-_gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime)
+_gnutls_dh_set_group(gnutls_session_t session, bigint_t gen,
+ bigint_t prime)
{
- dh_info_st *dh;
- int ret;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (dh->prime.data)
- _gnutls_free_datum (&dh->prime);
-
- if (dh->generator.data)
- _gnutls_free_datum (&dh->generator);
-
- /* prime
- */
- ret = _gnutls_mpi_dprint_lz (prime, &dh->prime);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* generator
- */
- ret = _gnutls_mpi_dprint_lz (gen, &dh->generator);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&dh->prime);
- return ret;
- }
-
- return 0;
+ dh_info_st *dh;
+ int ret;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (dh->prime.data)
+ _gnutls_free_datum(&dh->prime);
+
+ if (dh->generator.data)
+ _gnutls_free_datum(&dh->generator);
+
+ /* prime
+ */
+ ret = _gnutls_mpi_dprint_lz(prime, &dh->prime);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* generator
+ */
+ ret = _gnutls_mpi_dprint_lz(gen, &dh->generator);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&dh->prime);
+ return ret;
+ }
+
+ return 0;
}
#ifdef ENABLE_OPENPGP
@@ -677,10 +668,10 @@ _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime)
* that the server can obtain the client's key.
**/
void
-gnutls_openpgp_send_cert (gnutls_session_t session,
- gnutls_openpgp_crt_status_t status)
+gnutls_openpgp_send_cert(gnutls_session_t session,
+ gnutls_openpgp_crt_status_t status)
{
- session->internals.pgp_fingerprint = status;
+ session->internals.pgp_fingerprint = status;
}
#endif
@@ -699,17 +690,16 @@ gnutls_openpgp_send_cert (gnutls_session_t session,
* methods other than certificate with X.509 certificates.
**/
void
-gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
- int status)
+gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
+ int status)
{
- session->internals.ignore_rdn_sequence = status;
+ session->internals.ignore_rdn_sequence = status;
}
#ifdef ENABLE_OPENPGP
-int
-_gnutls_openpgp_send_fingerprint (gnutls_session_t session)
+int _gnutls_openpgp_send_fingerprint(gnutls_session_t session)
{
- return session->internals.pgp_fingerprint;
+ return session->internals.pgp_fingerprint;
}
#endif
@@ -724,11 +714,12 @@ _gnutls_openpgp_send_fingerprint (gnutls_session_t session)
* that know TLS internals and want to debug other implementations.
-*/
void
-_gnutls_record_set_default_version (gnutls_session_t session,
- unsigned char major, unsigned char minor)
+_gnutls_record_set_default_version(gnutls_session_t session,
+ unsigned char major,
+ unsigned char minor)
{
- session->internals.default_record_version[0] = major;
- session->internals.default_record_version[1] = minor;
+ session->internals.default_record_version[0] = major;
+ session->internals.default_record_version[1] = minor;
}
/**
@@ -747,23 +738,26 @@ _gnutls_record_set_default_version (gnutls_session_t session,
* gnutls servers and clients may cause interoperability problems.
**/
void
-gnutls_handshake_set_private_extensions (gnutls_session_t session, int allow)
+gnutls_handshake_set_private_extensions(gnutls_session_t session,
+ int allow)
{
- session->internals.enable_private = allow;
+ session->internals.enable_private = allow;
}
inline static int
-_gnutls_cal_PRF_A (const mac_entry_st* me,
- const void *secret, int secret_size,
- const void *seed, int seed_size, void *result)
+_gnutls_cal_PRF_A(const mac_entry_st * me,
+ const void *secret, int secret_size,
+ const void *seed, int seed_size, void *result)
{
- int ret;
+ int ret;
- ret = _gnutls_mac_fast (me->id, secret, secret_size, seed, seed_size, result);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_mac_fast(me->id, secret, secret_size, seed, seed_size,
+ result);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
#define MAX_SEED_SIZE 200
@@ -772,81 +766,71 @@ _gnutls_cal_PRF_A (const mac_entry_st* me,
* (used in the PRF function)
*/
static int
-P_hash (gnutls_mac_algorithm_t algorithm,
- const uint8_t * secret, int secret_size,
- const uint8_t * seed, int seed_size,
- int total_bytes, uint8_t * ret)
+P_hash(gnutls_mac_algorithm_t algorithm,
+ const uint8_t * secret, int secret_size,
+ const uint8_t * seed, int seed_size, int total_bytes, uint8_t * ret)
{
- mac_hd_st td2;
- int i, times, how, blocksize, A_size;
- uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
- int output_bytes, result;
- const mac_entry_st* me = mac_to_entry(algorithm);
-
- if (seed_size > MAX_SEED_SIZE || total_bytes <= 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- blocksize = _gnutls_mac_get_algo_len (me);
-
- output_bytes = 0;
- do
- {
- output_bytes += blocksize;
- }
- while (output_bytes < total_bytes);
-
- /* calculate A(0) */
-
- memcpy (Atmp, seed, seed_size);
- A_size = seed_size;
-
- times = output_bytes / blocksize;
-
- for (i = 0; i < times; i++)
- {
- result = _gnutls_mac_init (&td2, me, secret, secret_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* here we calculate A(i+1) */
- if ((result =
- _gnutls_cal_PRF_A (me, secret, secret_size, Atmp,
- A_size, Atmp)) < 0)
- {
- gnutls_assert ();
- _gnutls_mac_deinit (&td2, final);
- return result;
- }
-
- A_size = blocksize;
-
- _gnutls_mac (&td2, Atmp, A_size);
- _gnutls_mac (&td2, seed, seed_size);
- _gnutls_mac_deinit (&td2, final);
-
- if ((1 + i) * blocksize < total_bytes)
- {
- how = blocksize;
- }
- else
- {
- how = total_bytes - (i) * blocksize;
- }
-
- if (how > 0)
- {
- memcpy (&ret[i * blocksize], final, how);
- }
- }
-
- return 0;
+ mac_hd_st td2;
+ int i, times, how, blocksize, A_size;
+ uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
+ int output_bytes, result;
+ const mac_entry_st *me = mac_to_entry(algorithm);
+
+ if (seed_size > MAX_SEED_SIZE || total_bytes <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ blocksize = _gnutls_mac_get_algo_len(me);
+
+ output_bytes = 0;
+ do {
+ output_bytes += blocksize;
+ }
+ while (output_bytes < total_bytes);
+
+ /* calculate A(0) */
+
+ memcpy(Atmp, seed, seed_size);
+ A_size = seed_size;
+
+ times = output_bytes / blocksize;
+
+ for (i = 0; i < times; i++) {
+ result = _gnutls_mac_init(&td2, me, secret, secret_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* here we calculate A(i+1) */
+ if ((result =
+ _gnutls_cal_PRF_A(me, secret, secret_size, Atmp,
+ A_size, Atmp)) < 0) {
+ gnutls_assert();
+ _gnutls_mac_deinit(&td2, final);
+ return result;
+ }
+
+ A_size = blocksize;
+
+ _gnutls_mac(&td2, Atmp, A_size);
+ _gnutls_mac(&td2, seed, seed_size);
+ _gnutls_mac_deinit(&td2, final);
+
+ if ((1 + i) * blocksize < total_bytes) {
+ how = blocksize;
+ } else {
+ how = total_bytes - (i) * blocksize;
+ }
+
+ if (how > 0) {
+ memcpy(&ret[i * blocksize], final, how);
+ }
+ }
+
+ return 0;
}
#define MAX_PRF_BYTES 200
@@ -856,83 +840,75 @@ P_hash (gnutls_mac_algorithm_t algorithm,
* available.
*/
int
-_gnutls_PRF (gnutls_session_t session,
- const uint8_t * secret, unsigned int secret_size, const char *label,
- int label_size, const uint8_t * seed, int seed_size,
- int total_bytes, void *ret)
+_gnutls_PRF(gnutls_session_t session,
+ const uint8_t * secret, unsigned int secret_size,
+ const char *label, int label_size, const uint8_t * seed,
+ int seed_size, int total_bytes, void *ret)
{
- int l_s, s_seed_size;
- const uint8_t *s1, *s2;
- uint8_t s_seed[MAX_SEED_SIZE];
- uint8_t o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
- int result;
- const version_entry_st* ver = get_version (session);
-
- if (total_bytes > MAX_PRF_BYTES)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- /* label+seed = s_seed */
- s_seed_size = seed_size + label_size;
-
- if (s_seed_size > MAX_SEED_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- memcpy (s_seed, label, label_size);
- memcpy (&s_seed[label_size], seed, seed_size);
-
- if (_gnutls_version_has_selectable_prf (ver))
- {
- result =
- P_hash (_gnutls_cipher_suite_get_prf(session->security_parameters.cipher_suite),
- secret, secret_size,
- s_seed, s_seed_size, total_bytes, ret);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
- else
- {
- l_s = secret_size / 2;
-
- s1 = &secret[0];
- s2 = &secret[l_s];
-
- if (secret_size % 2 != 0)
- {
- l_s++;
- }
-
- result =
- P_hash (GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
- total_bytes, o1);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- P_hash (GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
- total_bytes, o2);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- memxor (o1, o2, total_bytes);
-
- memcpy (ret, o1, total_bytes);
- }
-
- return 0; /* ok */
+ int l_s, s_seed_size;
+ const uint8_t *s1, *s2;
+ uint8_t s_seed[MAX_SEED_SIZE];
+ uint8_t o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
+ int result;
+ const version_entry_st *ver = get_version(session);
+
+ if (total_bytes > MAX_PRF_BYTES) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ /* label+seed = s_seed */
+ s_seed_size = seed_size + label_size;
+
+ if (s_seed_size > MAX_SEED_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ memcpy(s_seed, label, label_size);
+ memcpy(&s_seed[label_size], seed, seed_size);
+
+ if (_gnutls_version_has_selectable_prf(ver)) {
+ result =
+ P_hash(_gnutls_cipher_suite_get_prf
+ (session->security_parameters.cipher_suite),
+ secret, secret_size, s_seed, s_seed_size,
+ total_bytes, ret);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ } else {
+ l_s = secret_size / 2;
+
+ s1 = &secret[0];
+ s2 = &secret[l_s];
+
+ if (secret_size % 2 != 0) {
+ l_s++;
+ }
+
+ result =
+ P_hash(GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
+ total_bytes, o1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ P_hash(GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
+ total_bytes, o2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ memxor(o1, o2, total_bytes);
+
+ memcpy(ret, o1, total_bytes);
+ }
+
+ return 0; /* ok */
}
@@ -966,20 +942,22 @@ _gnutls_PRF (gnutls_session_t session,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_prf_raw (gnutls_session_t session,
- size_t label_size,
- const char *label,
- size_t seed_size, const char *seed, size_t outsize, char *out)
+gnutls_prf_raw(gnutls_session_t session,
+ size_t label_size,
+ const char *label,
+ size_t seed_size, const char *seed, size_t outsize,
+ char *out)
{
- int ret;
+ int ret;
- ret = _gnutls_PRF (session,
- session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE,
- label,
- label_size, (uint8_t *) seed, seed_size, outsize, out);
+ ret = _gnutls_PRF(session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE,
+ label,
+ label_size, (uint8_t *) seed, seed_size, outsize,
+ out);
- return ret;
+ return ret;
}
/**
@@ -1013,39 +991,42 @@ gnutls_prf_raw (gnutls_session_t session,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_prf (gnutls_session_t session,
- size_t label_size,
- const char *label,
- int server_random_first,
- size_t extra_size, const char *extra, size_t outsize, char *out)
+gnutls_prf(gnutls_session_t session,
+ size_t label_size,
+ const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra, size_t outsize, char *out)
{
- int ret;
- uint8_t *seed;
- size_t seedsize = 2 * GNUTLS_RANDOM_SIZE + extra_size;
-
- seed = gnutls_malloc (seedsize);
- if (!seed)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (seed, server_random_first ?
- session->security_parameters.server_random :
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
- memcpy (seed + GNUTLS_RANDOM_SIZE, server_random_first ?
- session->security_parameters.client_random :
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
-
- memcpy (seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size);
-
- ret = _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE,
- label, label_size, seed, seedsize, outsize, out);
-
- gnutls_free (seed);
-
- return ret;
+ int ret;
+ uint8_t *seed;
+ size_t seedsize = 2 * GNUTLS_RANDOM_SIZE + extra_size;
+
+ seed = gnutls_malloc(seedsize);
+ if (!seed) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(seed, server_random_first ?
+ session->security_parameters.server_random :
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(seed + GNUTLS_RANDOM_SIZE,
+ server_random_first ? session->security_parameters.
+ client_random : session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ memcpy(seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size);
+
+ ret =
+ _gnutls_PRF(session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, label, label_size, seed,
+ seedsize, outsize, out);
+
+ gnutls_free(seed);
+
+ return ret;
}
/**
@@ -1057,27 +1038,26 @@ gnutls_prf (gnutls_session_t session,
* Returns: non zero if this session is resumed, or a zero if this is
* a new session.
**/
-int
-gnutls_session_is_resumed (gnutls_session_t session)
+int gnutls_session_is_resumed(gnutls_session_t session)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (session->security_parameters.session_id_size > 0 &&
- session->security_parameters.session_id_size ==
- session->internals.resumed_security_parameters.session_id_size
- && memcmp (session->security_parameters.session_id,
- session->internals.
- resumed_security_parameters.session_id,
- session->security_parameters.session_id_size) == 0)
- return 1;
- }
- else
- {
- if (session->internals.resumed != RESUME_FALSE)
- return 1;
- }
-
- return 0;
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (session->security_parameters.session_id_size > 0 &&
+ session->security_parameters.session_id_size ==
+ session->internals.resumed_security_parameters.
+ session_id_size
+ && memcmp(session->security_parameters.session_id,
+ session->
+ internals.resumed_security_parameters.
+ session_id,
+ session->security_parameters.
+ session_id_size) == 0)
+ return 1;
+ } else {
+ if (session->internals.resumed != RESUME_FALSE)
+ return 1;
+ }
+
+ return 0;
}
/**
@@ -1089,17 +1069,13 @@ gnutls_session_is_resumed (gnutls_session_t session)
*
* Returns: non zero if session resumption was asked, or a zero if not.
**/
-int
-gnutls_session_resumption_requested(gnutls_session_t session)
+int gnutls_session_resumption_requested(gnutls_session_t session)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- return 0;
- }
- else
- {
- return session->internals.resumption_requested;
- }
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ return 0;
+ } else {
+ return session->internals.resumption_requested;
+ }
}
/*-
@@ -1109,19 +1085,17 @@ gnutls_session_resumption_requested(gnutls_session_t session)
* This function will return non zero if this session uses a PSK key
* exchange algorithm.
-*/
-int
-_gnutls_session_is_psk (gnutls_session_t session)
+int _gnutls_session_is_psk(gnutls_session_t session)
{
- gnutls_kx_algorithm_t kx;
+ gnutls_kx_algorithm_t kx;
- kx =
- _gnutls_cipher_suite_get_kx_algo (session->
- security_parameters.cipher_suite);
- if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
- || kx == GNUTLS_KX_RSA_PSK)
- return 1;
+ kx = _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
+ cipher_suite);
+ if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
+ || kx == GNUTLS_KX_RSA_PSK)
+ return 1;
- return 0;
+ return 0;
}
/*-
@@ -1131,19 +1105,17 @@ _gnutls_session_is_psk (gnutls_session_t session)
* This function will return non zero if this session uses an elliptic
* curves key exchange exchange algorithm.
-*/
-int
-_gnutls_session_is_ecc (gnutls_session_t session)
+int _gnutls_session_is_ecc(gnutls_session_t session)
{
- gnutls_kx_algorithm_t kx;
+ gnutls_kx_algorithm_t kx;
- /* We get the key exchange algorithm through the ciphersuite because
- * the negotiated key exchange might not have been set yet.
- */
- kx =
- _gnutls_cipher_suite_get_kx_algo (session->
- security_parameters.cipher_suite);
+ /* We get the key exchange algorithm through the ciphersuite because
+ * the negotiated key exchange might not have been set yet.
+ */
+ kx = _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
+ cipher_suite);
- return _gnutls_kx_is_ecc(kx);
+ return _gnutls_kx_is_ecc(kx);
}
/**
@@ -1156,10 +1128,9 @@ _gnutls_session_is_ecc (gnutls_session_t session)
* Returns: the user given pointer from the session structure, or
* %NULL if it was never set.
**/
-void *
-gnutls_session_get_ptr (gnutls_session_t session)
+void *gnutls_session_get_ptr(gnutls_session_t session)
{
- return session->internals.user_ptr;
+ return session->internals.user_ptr;
}
/**
@@ -1171,10 +1142,9 @@ gnutls_session_get_ptr (gnutls_session_t session)
* the session structure. This pointer can be accessed with
* gnutls_session_get_ptr().
**/
-void
-gnutls_session_set_ptr (gnutls_session_t session, void *ptr)
+void gnutls_session_set_ptr(gnutls_session_t session, void *ptr)
{
- session->internals.user_ptr = ptr;
+ session->internals.user_ptr = ptr;
}
@@ -1195,10 +1165,9 @@ gnutls_session_set_ptr (gnutls_session_t session, void *ptr)
*
* Returns: 0 if trying to read data, 1 if trying to write data.
**/
-int
-gnutls_record_get_direction (gnutls_session_t session)
+int gnutls_record_get_direction(gnutls_session_t session)
{
- return session->internals.direction;
+ return session->internals.direction;
}
/*-
@@ -1212,11 +1181,11 @@ gnutls_record_get_direction (gnutls_session_t session)
* test server's capabilities.
-*/
void
-_gnutls_rsa_pms_set_version (gnutls_session_t session,
- unsigned char major, unsigned char minor)
+_gnutls_rsa_pms_set_version(gnutls_session_t session,
+ unsigned char major, unsigned char minor)
{
- session->internals.rsa_pms_version[0] = major;
- session->internals.rsa_pms_version[1] = minor;
+ session->internals.rsa_pms_version[0] = major;
+ session->internals.rsa_pms_version[1] = minor;
}
/**
@@ -1241,11 +1210,11 @@ _gnutls_rsa_pms_set_version (gnutls_session_t session,
* there is a man-in-the-middle attack being performed.
**/
void
-gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
- gnutls_handshake_post_client_hello_func
- func)
+gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
+ gnutls_handshake_post_client_hello_func
+ func)
{
- session->internals.user_hello_func = func;
+ session->internals.user_hello_func = func;
}
@@ -1264,10 +1233,9 @@ gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
* Note that this function must be called after any call to gnutls_priority
* functions.
**/
-void
-gnutls_session_enable_compatibility_mode (gnutls_session_t session)
+void gnutls_session_enable_compatibility_mode(gnutls_session_t session)
{
- ENABLE_COMPAT(&session->internals.priorities);
+ ENABLE_COMPAT(&session->internals.priorities);
}
/**
@@ -1287,24 +1255,24 @@ gnutls_session_enable_compatibility_mode (gnutls_session_t session)
* Since: 2.12.0
**/
int
-gnutls_session_channel_binding (gnutls_session_t session,
- gnutls_channel_binding_t cbtype,
- gnutls_datum_t * cb)
+gnutls_session_channel_binding(gnutls_session_t session,
+ gnutls_channel_binding_t cbtype,
+ gnutls_datum_t * cb)
{
- if (cbtype != GNUTLS_CB_TLS_UNIQUE)
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ if (cbtype != GNUTLS_CB_TLS_UNIQUE)
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- if (!session->internals.initial_negotiation_completed)
- return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
+ if (!session->internals.initial_negotiation_completed)
+ return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
- cb->size = session->internals.cb_tls_unique_len;
- cb->data = gnutls_malloc (cb->size);
- if (cb->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ cb->size = session->internals.cb_tls_unique_len;
+ cb->data = gnutls_malloc(cb->size);
+ if (cb->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- memcpy (cb->data, session->internals.cb_tls_unique, cb->size);
+ memcpy(cb->data, session->internals.cb_tls_unique, cb->size);
- return 0;
+ return 0;
}
/**
@@ -1321,7 +1289,7 @@ gnutls_session_channel_binding (gnutls_session_t session,
**/
gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
{
- return _gnutls_session_ecc_curve_get(session);
+ return _gnutls_session_ecc_curve_get(session);
}
/**
@@ -1332,10 +1300,9 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
*
* Returns: The version of the currently used protocol.
**/
-gnutls_protocol_t
-gnutls_protocol_get_version (gnutls_session_t session)
+gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session)
{
- return get_num_version(session);
+ return get_num_version(session);
}
/**
@@ -1354,26 +1321,26 @@ gnutls_protocol_get_version (gnutls_session_t session)
* Since: 3.0
**/
void
-gnutls_session_get_random (gnutls_session_t session, gnutls_datum_t* client, gnutls_datum_t* server)
+gnutls_session_get_random(gnutls_session_t session,
+ gnutls_datum_t * client, gnutls_datum_t * server)
{
- if (client)
- {
- client->data = session->security_parameters.client_random;
- client->size = sizeof(session->security_parameters.client_random);
- }
-
- if (server)
- {
- server->data = session->security_parameters.server_random;
- server->size = sizeof(session->security_parameters.server_random);
- }
+ if (client) {
+ client->data = session->security_parameters.client_random;
+ client->size =
+ sizeof(session->security_parameters.client_random);
+ }
+
+ if (server) {
+ server->data = session->security_parameters.server_random;
+ server->size =
+ sizeof(session->security_parameters.server_random);
+ }
}
-unsigned int
-timespec_sub_ms (struct timespec *a, struct timespec *b)
+unsigned int timespec_sub_ms(struct timespec *a, struct timespec *b)
{
- return (a->tv_sec * 1000 + a->tv_nsec / (1000 * 1000) -
- (b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
+ return (a->tv_sec * 1000 + a->tv_nsec / (1000 * 1000) -
+ (b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
}
/**
@@ -1395,18 +1362,21 @@ timespec_sub_ms (struct timespec *a, struct timespec *b)
* Since 3.1.9
**/
int
-gnutls_handshake_set_random (gnutls_session_t session, const gnutls_datum_t* random)
+gnutls_handshake_set_random(gnutls_session_t session,
+ const gnutls_datum_t * random)
{
- if (random->size != GNUTLS_RANDOM_SIZE)
- return GNUTLS_E_INVALID_REQUEST;
-
- session->internals.sc_random_set = 1;
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- memcpy(session->internals.resumed_security_parameters.client_random, random->data, random->size);
- else
- memcpy(session->internals.resumed_security_parameters.server_random, random->data, random->size);
-
- return 0;
+ if (random->size != GNUTLS_RANDOM_SIZE)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ session->internals.sc_random_set = 1;
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ memcpy(session->internals.resumed_security_parameters.
+ client_random, random->data, random->size);
+ else
+ memcpy(session->internals.resumed_security_parameters.
+ server_random, random->data, random->size);
+
+ return 0;
}
/**
@@ -1437,13 +1407,12 @@ gnutls_handshake_set_random (gnutls_session_t session, const gnutls_datum_t* ran
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
void
-gnutls_handshake_set_hook_function (gnutls_session_t session,
- unsigned int htype,
- int post,
- gnutls_handshake_hook_func func)
+gnutls_handshake_set_hook_function(gnutls_session_t session,
+ unsigned int htype,
+ int post,
+ gnutls_handshake_hook_func func)
{
- session->internals.h_hook = func;
- session->internals.h_type = htype;
- session->internals.h_post = post;
+ session->internals.h_hook = func;
+ session->internals.h_type = htype;
+ session->internals.h_post = post;
}
-
diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h
index edacde3e2a..89d40e037e 100644
--- a/lib/gnutls_state.h
+++ b/lib/gnutls_state.h
@@ -25,23 +25,25 @@
#include <gnutls_int.h>
-void _gnutls_session_cert_type_set (gnutls_session_t session,
- gnutls_certificate_type_t);
+void _gnutls_session_cert_type_set(gnutls_session_t session,
+ gnutls_certificate_type_t);
-inline static gnutls_ecc_curve_t _gnutls_session_ecc_curve_get(gnutls_session_t session)
+inline static gnutls_ecc_curve_t
+_gnutls_session_ecc_curve_get(gnutls_session_t session)
{
- return session->security_parameters.ecc_curve;
+ return session->security_parameters.ecc_curve;
}
-int _gnutls_session_is_ecc (gnutls_session_t session);
+int _gnutls_session_is_ecc(gnutls_session_t session);
void
-_gnutls_session_ecc_curve_set (gnutls_session_t session,
- gnutls_ecc_curve_t c);
+_gnutls_session_ecc_curve_set(gnutls_session_t session,
+ gnutls_ecc_curve_t c);
void
-_gnutls_record_set_default_version (gnutls_session_t session,
- unsigned char major, unsigned char minor);
+_gnutls_record_set_default_version(gnutls_session_t session,
+ unsigned char major,
+ unsigned char minor);
#include <gnutls_auth.h>
@@ -52,36 +54,36 @@ _gnutls_record_set_default_version (gnutls_session_t session,
#endif
-int _gnutls_session_cert_type_supported (gnutls_session_t,
- gnutls_certificate_type_t);
-int _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits);
+int _gnutls_session_cert_type_supported(gnutls_session_t,
+ gnutls_certificate_type_t);
+int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits);
-int _gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public);
-int _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen,
- bigint_t prime);
+int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public);
+int _gnutls_dh_set_group(gnutls_session_t session, bigint_t gen,
+ bigint_t prime);
-static inline int
-_gnutls_dh_get_min_prime_bits (gnutls_session_t session)
+static inline int _gnutls_dh_get_min_prime_bits(gnutls_session_t session)
{
- if (session->internals.priorities.dh_prime_bits != 0)
- return session->internals.priorities.dh_prime_bits;
- else
- return gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, session->internals.priorities.level);
+ if (session->internals.priorities.dh_prime_bits != 0)
+ return session->internals.priorities.dh_prime_bits;
+ else
+ return gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ session->internals.
+ priorities.level);
}
-void _gnutls_handshake_internal_state_clear (gnutls_session_t);
+void _gnutls_handshake_internal_state_clear(gnutls_session_t);
-int _gnutls_session_is_resumable (gnutls_session_t session);
+int _gnutls_session_is_resumable(gnutls_session_t session);
-int _gnutls_session_is_psk (gnutls_session_t session);
+int _gnutls_session_is_psk(gnutls_session_t session);
-int _gnutls_openpgp_send_fingerprint (gnutls_session_t session);
+int _gnutls_openpgp_send_fingerprint(gnutls_session_t session);
-int _gnutls_PRF (gnutls_session_t session,
- const uint8_t * secret, unsigned int secret_size,
- const char *label, int label_size,
- const uint8_t * seed, int seed_size,
- int total_bytes, void *ret);
+int _gnutls_PRF(gnutls_session_t session,
+ const uint8_t * secret, unsigned int secret_size,
+ const char *label, int label_size,
+ const uint8_t * seed, int seed_size,
+ int total_bytes, void *ret);
#define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
-
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index fb7451a0d2..5396c281d3 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -34,191 +34,172 @@
*
* They should be used only with null terminated strings.
*/
-void
-_gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src)
+void _gnutls_str_cat(char *dest, size_t dest_tot_size, const char *src)
{
- size_t str_size = strlen (src);
- size_t dest_size = strlen (dest);
+ size_t str_size = strlen(src);
+ size_t dest_size = strlen(dest);
- if (dest_tot_size - dest_size > str_size)
- {
- strcat (dest, src);
- }
- else
- {
- if (dest_tot_size - dest_size > 0)
- {
- strncat (dest, src, (dest_tot_size - dest_size) - 1);
- dest[dest_tot_size - 1] = 0;
- }
- }
+ if (dest_tot_size - dest_size > str_size) {
+ strcat(dest, src);
+ } else {
+ if (dest_tot_size - dest_size > 0) {
+ strncat(dest, src,
+ (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
}
-void
-_gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src)
+void _gnutls_str_cpy(char *dest, size_t dest_tot_size, const char *src)
{
- size_t str_size = strlen (src);
+ size_t str_size = strlen(src);
- if (dest_tot_size > str_size)
- {
- strcpy (dest, src);
- }
- else
- {
- if (dest_tot_size > 0)
- {
- strncpy (dest, src, (dest_tot_size) - 1);
- dest[dest_tot_size - 1] = 0;
- }
- }
+ if (dest_tot_size > str_size) {
+ strcpy(dest, src);
+ } else {
+ if (dest_tot_size > 0) {
+ strncpy(dest, src, (dest_tot_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
}
void
-_gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
- size_t src_size)
+_gnutls_mem_cpy(char *dest, size_t dest_tot_size, const char *src,
+ size_t src_size)
{
- if (dest_tot_size >= src_size)
- {
- memcpy (dest, src, src_size);
- }
- else
- {
- if (dest_tot_size > 0)
- {
- memcpy (dest, src, dest_tot_size);
- }
- }
+ if (dest_tot_size >= src_size) {
+ memcpy(dest, src, src_size);
+ } else {
+ if (dest_tot_size > 0) {
+ memcpy(dest, src, dest_tot_size);
+ }
+ }
}
-void
-_gnutls_buffer_init (gnutls_buffer_st * str)
+void _gnutls_buffer_init(gnutls_buffer_st * str)
{
- str->data = str->allocd = NULL;
- str->max_length = 0;
- str->length = 0;
+ str->data = str->allocd = NULL;
+ str->max_length = 0;
+ str->length = 0;
}
-void _gnutls_buffer_replace_data( gnutls_buffer_st * buf, gnutls_datum_t * data)
+void _gnutls_buffer_replace_data(gnutls_buffer_st * buf,
+ gnutls_datum_t * data)
{
- gnutls_free(buf->allocd);
- buf->allocd = buf->data = data->data;
- buf->max_length = buf->length = data->size;
+ gnutls_free(buf->allocd);
+ buf->allocd = buf->data = data->data;
+ buf->max_length = buf->length = data->size;
}
-void
-_gnutls_buffer_clear (gnutls_buffer_st * str)
+void _gnutls_buffer_clear(gnutls_buffer_st * str)
{
- if (str == NULL || str->allocd == NULL)
- return;
- gnutls_free (str->allocd);
+ if (str == NULL || str->allocd == NULL)
+ return;
+ gnutls_free(str->allocd);
- str->data = str->allocd = NULL;
- str->max_length = 0;
- str->length = 0;
+ str->data = str->allocd = NULL;
+ str->max_length = 0;
+ str->length = 0;
}
#define MIN_CHUNK 1024
int
-_gnutls_buffer_append_data (gnutls_buffer_st * dest, const void *data,
- size_t data_size)
-{
- size_t tot_len = data_size + dest->length;
-
- if (data_size == 0) return 0;
-
- if (dest->max_length >= tot_len)
- {
- size_t unused = MEMSUB (dest->data, dest->allocd);
-
- if (dest->max_length - unused <= tot_len)
- {
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
-
- dest->data = dest->allocd;
- }
- memmove (&dest->data[dest->length], data, data_size);
- dest->length = tot_len;
-
- return tot_len;
- }
- else
- {
- size_t unused = MEMSUB (dest->data, dest->allocd);
- size_t new_len =
- MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-
- dest->allocd = gnutls_realloc_fast (dest->allocd, new_len);
- if (dest->allocd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = new_len;
- dest->data = dest->allocd + unused;
-
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
-
- memcpy (&dest->data[dest->length], data, data_size);
- dest->length = tot_len;
-
- return tot_len;
- }
-}
-
-int
-_gnutls_buffer_resize (gnutls_buffer_st * dest, size_t new_size)
-{
- if (dest->max_length >= new_size)
- {
- size_t unused = MEMSUB (dest->data, dest->allocd);
- if (dest->max_length - unused <= new_size)
- {
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
- }
-
- return 0;
- }
- else
- {
- size_t unused = MEMSUB (dest->data, dest->allocd);
- size_t alloc_len =
- MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-
- dest->allocd = gnutls_realloc_fast (dest->allocd, alloc_len);
- if (dest->allocd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = alloc_len;
- dest->data = dest->allocd + unused;
-
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
-
- return 0;
- }
+_gnutls_buffer_append_data(gnutls_buffer_st * dest, const void *data,
+ size_t data_size)
+{
+ size_t tot_len = data_size + dest->length;
+
+ if (data_size == 0)
+ return 0;
+
+ if (dest->max_length >= tot_len) {
+ size_t unused = MEMSUB(dest->data, dest->allocd);
+
+ if (dest->max_length - unused <= tot_len) {
+ if (dest->length && dest->data)
+ memmove(dest->allocd, dest->data,
+ dest->length);
+
+ dest->data = dest->allocd;
+ }
+ memmove(&dest->data[dest->length], data, data_size);
+ dest->length = tot_len;
+
+ return tot_len;
+ } else {
+ size_t unused = MEMSUB(dest->data, dest->allocd);
+ size_t new_len =
+ MAX(data_size, MIN_CHUNK) + MAX(dest->max_length,
+ MIN_CHUNK);
+
+ dest->allocd = gnutls_realloc_fast(dest->allocd, new_len);
+ if (dest->allocd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dest->max_length = new_len;
+ dest->data = dest->allocd + unused;
+
+ if (dest->length && dest->data)
+ memmove(dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+
+ memcpy(&dest->data[dest->length], data, data_size);
+ dest->length = tot_len;
+
+ return tot_len;
+ }
+}
+
+int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+{
+ if (dest->max_length >= new_size) {
+ size_t unused = MEMSUB(dest->data, dest->allocd);
+ if (dest->max_length - unused <= new_size) {
+ if (dest->length && dest->data)
+ memmove(dest->allocd, dest->data,
+ dest->length);
+ dest->data = dest->allocd;
+ }
+
+ return 0;
+ } else {
+ size_t unused = MEMSUB(dest->data, dest->allocd);
+ size_t alloc_len =
+ MAX(new_size, MIN_CHUNK) + MAX(dest->max_length,
+ MIN_CHUNK);
+
+ dest->allocd =
+ gnutls_realloc_fast(dest->allocd, alloc_len);
+ if (dest->allocd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dest->max_length = alloc_len;
+ dest->data = dest->allocd + unused;
+
+ if (dest->length && dest->data)
+ memmove(dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+
+ return 0;
+ }
}
/* Appends the provided string. The null termination byte is appended
* but not included in length.
*/
-int
-_gnutls_buffer_append_str (gnutls_buffer_st * dest, const char *src)
+int _gnutls_buffer_append_str(gnutls_buffer_st * dest, const char *src)
{
-int ret;
- ret = _gnutls_buffer_append_data (dest, src, strlen (src) + 1);
- if (ret >= 0) dest->length--;
-
- return ret;
+ int ret;
+ ret = _gnutls_buffer_append_data(dest, src, strlen(src) + 1);
+ if (ret >= 0)
+ dest->length--;
+
+ return ret;
}
/* returns data from a string in a constant buffer.
@@ -226,214 +207,204 @@ int ret;
* data are appended in the buffer.
*/
void
-_gnutls_buffer_pop_datum (gnutls_buffer_st * str, gnutls_datum_t * data,
- size_t req_size)
+_gnutls_buffer_pop_datum(gnutls_buffer_st * str, gnutls_datum_t * data,
+ size_t req_size)
{
- if (str->length == 0)
- {
- data->data = NULL;
- data->size = 0;
- return;
- }
+ if (str->length == 0) {
+ data->data = NULL;
+ data->size = 0;
+ return;
+ }
- if (req_size > str->length)
- req_size = str->length;
+ if (req_size > str->length)
+ req_size = str->length;
- data->data = str->data;
- data->size = req_size;
+ data->data = str->data;
+ data->size = req_size;
- str->data += req_size;
- str->length -= req_size;
+ str->data += req_size;
+ str->length -= req_size;
- /* if string becomes empty start from begining */
- if (str->length == 0)
- {
- str->data = str->allocd;
- }
+ /* if string becomes empty start from begining */
+ if (str->length == 0) {
+ str->data = str->allocd;
+ }
- return;
+ return;
}
/* converts the buffer to a datum if possible. After this call
* (failed or not) the buffer should be considered deinitialized.
*/
-int
-_gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data)
-{
-
- if (str->length == 0)
- {
- data->data = NULL;
- data->size = 0;
- _gnutls_buffer_clear (str);
- return 0;
- }
-
- if (str->allocd != str->data)
- {
- data->data = gnutls_malloc (str->length);
- if (data->data == NULL)
- {
- gnutls_assert ();
- _gnutls_buffer_clear (str);
- return GNUTLS_E_MEMORY_ERROR;
- }
- memcpy (data->data, str->data, str->length);
- data->size = str->length;
- _gnutls_buffer_clear (str);
- }
- else
- {
- data->data = str->data;
- data->size = str->length;
- _gnutls_buffer_init(str);
- }
-
- return 0;
+int _gnutls_buffer_to_datum(gnutls_buffer_st * str, gnutls_datum_t * data)
+{
+
+ if (str->length == 0) {
+ data->data = NULL;
+ data->size = 0;
+ _gnutls_buffer_clear(str);
+ return 0;
+ }
+
+ if (str->allocd != str->data) {
+ data->data = gnutls_malloc(str->length);
+ if (data->data == NULL) {
+ gnutls_assert();
+ _gnutls_buffer_clear(str);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy(data->data, str->data, str->length);
+ data->size = str->length;
+ _gnutls_buffer_clear(str);
+ } else {
+ data->data = str->data;
+ data->size = str->length;
+ _gnutls_buffer_init(str);
+ }
+
+ return 0;
}
/* returns data from a string in a constant buffer.
*/
void
-_gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data,
- size_t * req_size)
+_gnutls_buffer_pop_data(gnutls_buffer_st * str, void *data,
+ size_t * req_size)
{
- gnutls_datum_t tdata;
+ gnutls_datum_t tdata;
- _gnutls_buffer_pop_datum (str, &tdata, *req_size);
- if (tdata.data == NULL)
- {
- *req_size = 0;
- return;
- }
+ _gnutls_buffer_pop_datum(str, &tdata, *req_size);
+ if (tdata.data == NULL) {
+ *req_size = 0;
+ return;
+ }
- *req_size = tdata.size;
- memcpy (data, tdata.data, tdata.size);
+ *req_size = tdata.size;
+ memcpy(data, tdata.data, tdata.size);
- return;
+ return;
}
int
-_gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...)
+_gnutls_buffer_append_printf(gnutls_buffer_st * dest, const char *fmt, ...)
{
- va_list args;
- int len;
- char *str;
+ va_list args;
+ int len;
+ char *str;
- va_start (args, fmt);
- len = vasprintf (&str, fmt, args);
- va_end (args);
+ va_start(args, fmt);
+ len = vasprintf(&str, fmt, args);
+ va_end(args);
- if (len < 0 || !str)
- return -1;
+ if (len < 0 || !str)
+ return -1;
- len = _gnutls_buffer_append_str (dest, str);
+ len = _gnutls_buffer_append_str(dest, str);
- free (str);
+ free(str);
- return len;
+ return len;
}
static int
-_gnutls_buffer_insert_data (gnutls_buffer_st * dest, int pos, const void *str,
- size_t str_size)
+_gnutls_buffer_insert_data(gnutls_buffer_st * dest, int pos,
+ const void *str, size_t str_size)
{
- size_t orig_length = dest->length;
- int ret;
+ size_t orig_length = dest->length;
+ int ret;
- ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */
- if (ret < 0)
- return ret;
+ ret = _gnutls_buffer_resize(dest, dest->length + str_size); /* resize to make space */
+ if (ret < 0)
+ return ret;
- memmove (&dest->data[pos + str_size], &dest->data[pos], orig_length - pos);
+ memmove(&dest->data[pos + str_size], &dest->data[pos],
+ orig_length - pos);
- memcpy (&dest->data[pos], str, str_size);
- dest->length += str_size;
+ memcpy(&dest->data[pos], str, str_size);
+ dest->length += str_size;
- return 0;
+ return 0;
}
static void
-_gnutls_buffer_delete_data (gnutls_buffer_st * dest, int pos, size_t str_size)
+_gnutls_buffer_delete_data(gnutls_buffer_st * dest, int pos,
+ size_t str_size)
{
- memmove (&dest->data[pos], &dest->data[pos + str_size],
- dest->length - pos - str_size);
+ memmove(&dest->data[pos], &dest->data[pos + str_size],
+ dest->length - pos - str_size);
- dest->length -= str_size;
+ dest->length -= str_size;
- return;
+ return;
}
int
-_gnutls_buffer_escape (gnutls_buffer_st * dest, int all,
- const char *const invalid_chars)
+_gnutls_buffer_escape(gnutls_buffer_st * dest, int all,
+ const char *const invalid_chars)
{
- int rv = -1;
- char t[5];
- unsigned int pos = 0;
+ int rv = -1;
+ char t[5];
+ unsigned int pos = 0;
- while (pos < dest->length)
- {
+ while (pos < dest->length) {
- if (all != 0 || (dest->data[pos] == '\\' || strchr (invalid_chars, dest->data[pos])
- || !c_isgraph (dest->data[pos])))
- {
+ if (all != 0
+ || (dest->data[pos] == '\\'
+ || strchr(invalid_chars, dest->data[pos])
+ || !c_isgraph(dest->data[pos]))) {
- snprintf (t, sizeof (t), "%%%.2X", (unsigned int) dest->data[pos]);
+ snprintf(t, sizeof(t), "%%%.2X",
+ (unsigned int) dest->data[pos]);
- _gnutls_buffer_delete_data (dest, pos, 1);
+ _gnutls_buffer_delete_data(dest, pos, 1);
- if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0)
- {
- rv = -1;
- goto cleanup;
- }
- pos+=3;
- }
- else
- pos++;
- }
+ if (_gnutls_buffer_insert_data(dest, pos, t, 3) <
+ 0) {
+ rv = -1;
+ goto cleanup;
+ }
+ pos += 3;
+ } else
+ pos++;
+ }
- rv = 0;
+ rv = 0;
-cleanup:
+ cleanup:
- return rv;
+ return rv;
}
-int
-_gnutls_buffer_unescape (gnutls_buffer_st * dest)
+int _gnutls_buffer_unescape(gnutls_buffer_st * dest)
{
- int rv = -1;
- unsigned int pos = 0;
+ int rv = -1;
+ unsigned int pos = 0;
- while (pos < dest->length)
- {
- if (dest->data[pos] == '%')
- {
- char b[3];
- unsigned int u;
- unsigned char x;
+ while (pos < dest->length) {
+ if (dest->data[pos] == '%') {
+ char b[3];
+ unsigned int u;
+ unsigned char x;
- b[0] = dest->data[pos + 1];
- b[1] = dest->data[pos + 2];
- b[2] = 0;
+ b[0] = dest->data[pos + 1];
+ b[1] = dest->data[pos + 2];
+ b[2] = 0;
- sscanf (b, "%02x", &u);
+ sscanf(b, "%02x", &u);
- x = u;
+ x = u;
- _gnutls_buffer_delete_data (dest, pos, 3);
- _gnutls_buffer_insert_data (dest, pos, &x, 1);
- }
- pos++;
- }
+ _gnutls_buffer_delete_data(dest, pos, 3);
+ _gnutls_buffer_insert_data(dest, pos, &x, 1);
+ }
+ pos++;
+ }
- rv = 0;
+ rv = 0;
- return rv;
+ return rv;
}
@@ -442,39 +413,37 @@ _gnutls_buffer_unescape (gnutls_buffer_st * dest)
* If the buffer does not have enough space to hold the string, a
* truncated hex string is returned (always null terminated).
*/
-char *
-_gnutls_bin2hex (const void *_old, size_t oldlen,
- char *buffer, size_t buffer_size, const char *separator)
+char *_gnutls_bin2hex(const void *_old, size_t oldlen,
+ char *buffer, size_t buffer_size,
+ const char *separator)
{
- unsigned int i, j;
- const uint8_t *old = _old;
- int step = 2;
- const char empty[] = "";
+ unsigned int i, j;
+ const uint8_t *old = _old;
+ int step = 2;
+ const char empty[] = "";
- if (separator != NULL && separator[0] != 0)
- step = 3;
- else
- separator = empty;
+ if (separator != NULL && separator[0] != 0)
+ step = 3;
+ else
+ separator = empty;
- if (buffer_size < 3)
- {
- gnutls_assert();
- return NULL;
- }
+ if (buffer_size < 3) {
+ gnutls_assert();
+ return NULL;
+ }
- i = j = 0;
- sprintf (&buffer[j], "%.2x", old[i]);
- j += 2;
- i++;
+ i = j = 0;
+ sprintf(&buffer[j], "%.2x", old[i]);
+ j += 2;
+ i++;
- for (; i < oldlen && j + step < buffer_size; j += step)
- {
- sprintf (&buffer[j], "%s%.2x", separator, old[i]);
- i++;
- }
- buffer[j] = '\0';
+ for (; i < oldlen && j + step < buffer_size; j += step) {
+ sprintf(&buffer[j], "%s%.2x", separator, old[i]);
+ i++;
+ }
+ buffer[j] = '\0';
- return buffer;
+ return buffer;
}
/**
@@ -492,52 +461,49 @@ _gnutls_bin2hex (const void *_old, size_t oldlen,
* Since: 2.4.0
**/
int
-gnutls_hex2bin (const char *hex_data,
- size_t hex_size, void *bin_data, size_t * bin_size)
+gnutls_hex2bin(const char *hex_data,
+ size_t hex_size, void *bin_data, size_t * bin_size)
{
- return _gnutls_hex2bin (hex_data, hex_size, (void*)bin_data, bin_size);
+ return _gnutls_hex2bin(hex_data, hex_size, (void *) bin_data,
+ bin_size);
}
int
-_gnutls_hex2bin (const char * hex_data, size_t hex_size, uint8_t * bin_data,
- size_t * bin_size)
-{
- unsigned int i, j;
- uint8_t hex2_data[3];
- unsigned long val;
-
- hex2_data[2] = 0;
-
- for (i = j = 0; i < hex_size;)
- {
- if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */
- {
- i++;
- continue;
- }
-
- if (j > *bin_size)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- hex2_data[0] = hex_data[i];
- hex2_data[1] = hex_data[i + 1];
- i += 2;
-
- val = strtoul ((char *) hex2_data, NULL, 16);
- if (val == ULONG_MAX)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
- bin_data[j] = val;
- j++;
- }
- *bin_size = j;
-
- return 0;
+_gnutls_hex2bin(const char *hex_data, size_t hex_size, uint8_t * bin_data,
+ size_t * bin_size)
+{
+ unsigned int i, j;
+ uint8_t hex2_data[3];
+ unsigned long val;
+
+ hex2_data[2] = 0;
+
+ for (i = j = 0; i < hex_size;) {
+ if (!isxdigit(hex_data[i])) { /* skip non-hex such as the ':' in 00:FF */
+ i++;
+ continue;
+ }
+
+ if (j > *bin_size) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ hex2_data[0] = hex_data[i];
+ hex2_data[1] = hex_data[i + 1];
+ i += 2;
+
+ val = strtoul((char *) hex2_data, NULL, 16);
+ if (val == ULONG_MAX) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ bin_data[j] = val;
+ j++;
+ }
+ *bin_size = j;
+
+ return 0;
}
/**
@@ -555,18 +521,18 @@ _gnutls_hex2bin (const char * hex_data, size_t hex_size, uint8_t * bin_data,
* long enough, or 0 on success.
**/
int
-gnutls_hex_decode (const gnutls_datum_t * hex_data, void *result,
- size_t * result_size)
+gnutls_hex_decode(const gnutls_datum_t * hex_data, void *result,
+ size_t * result_size)
{
- int ret;
+ int ret;
- ret =
- _gnutls_hex2bin ((char*)hex_data->data, hex_data->size, (uint8_t *) result,
- result_size);
- if (ret < 0)
- return ret;
+ ret =
+ _gnutls_hex2bin((char *) hex_data->data, hex_data->size,
+ (uint8_t *) result, result_size);
+ if (ret < 0)
+ return ret;
- return 0;
+ return 0;
}
/**
@@ -584,21 +550,21 @@ gnutls_hex_decode (const gnutls_datum_t * hex_data, void *result,
* long enough, or 0 on success.
**/
int
-gnutls_hex_encode (const gnutls_datum_t * data, char *result,
- size_t * result_size)
+gnutls_hex_encode(const gnutls_datum_t * data, char *result,
+ size_t * result_size)
{
- size_t res = data->size + data->size + 1;
+ size_t res = data->size + data->size + 1;
- if (*result_size < res)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (*result_size < res) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- _gnutls_bin2hex (data->data, data->size, result, *result_size, NULL);
- *result_size = res;
+ _gnutls_bin2hex(data->data, data->size, result, *result_size,
+ NULL);
+ *result_size = res;
- return 0;
+ return 0;
}
@@ -611,254 +577,245 @@ gnutls_hex_encode (const gnutls_datum_t * data, char *result,
* @level: is used for recursion. Use 0 when you call this function.
*/
int
-_gnutls_hostname_compare (const char *certname,
- size_t certnamesize, const char *hostname, int level)
+_gnutls_hostname_compare(const char *certname,
+ size_t certnamesize, const char *hostname,
+ int level)
{
- if (level > 5)
- return 0;
+ if (level > 5)
+ return 0;
- /* find the first different character */
- for (; *certname && *hostname && c_toupper (*certname) == c_toupper (*hostname);
- certname++, hostname++, certnamesize--)
- ;
+ /* find the first different character */
+ for (;
+ *certname && *hostname
+ && c_toupper(*certname) == c_toupper(*hostname);
+ certname++, hostname++, certnamesize--);
- /* the strings are the same */
- if (certnamesize == 0 && *hostname == '\0')
- return 1;
+ /* the strings are the same */
+ if (certnamesize == 0 && *hostname == '\0')
+ return 1;
- if (*certname == '*')
- {
- /* a wildcard certificate */
+ if (*certname == '*') {
+ /* a wildcard certificate */
- certname++;
- certnamesize--;
+ certname++;
+ certnamesize--;
- while (1)
- {
- /* Use a recursive call to allow multiple wildcards */
- if (_gnutls_hostname_compare (certname, certnamesize, hostname, level+1))
- return 1;
+ while (1) {
+ /* Use a recursive call to allow multiple wildcards */
+ if (_gnutls_hostname_compare
+ (certname, certnamesize, hostname, level + 1))
+ return 1;
- /* wildcards are only allowed to match a single domain
- component or component fragment */
- if (*hostname == '\0' || *hostname == '.')
- break;
- hostname++;
- }
+ /* wildcards are only allowed to match a single domain
+ component or component fragment */
+ if (*hostname == '\0' || *hostname == '.')
+ break;
+ hostname++;
+ }
- return 0;
- }
+ return 0;
+ }
- return 0;
+ return 0;
}
int
-_gnutls_buffer_append_prefix (gnutls_buffer_st * buf, int pfx_size, size_t data_size)
-{
- uint8_t ss[4];
-
- if (pfx_size == 32)
- {
- _gnutls_write_uint32 (data_size, ss);
- pfx_size = 4;
- }
- else if (pfx_size == 24)
- {
- _gnutls_write_uint24 (data_size, ss);
- pfx_size = 3;
- }
- else if (pfx_size == 16)
- {
- _gnutls_write_uint16 (data_size, ss);
- pfx_size = 2;
- }
- else if (pfx_size == 8)
- {
- ss[0] = data_size;
- pfx_size = 1;
- }
- else
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- return _gnutls_buffer_append_data (buf, ss, pfx_size);
+_gnutls_buffer_append_prefix(gnutls_buffer_st * buf, int pfx_size,
+ size_t data_size)
+{
+ uint8_t ss[4];
+
+ if (pfx_size == 32) {
+ _gnutls_write_uint32(data_size, ss);
+ pfx_size = 4;
+ } else if (pfx_size == 24) {
+ _gnutls_write_uint24(data_size, ss);
+ pfx_size = 3;
+ } else if (pfx_size == 16) {
+ _gnutls_write_uint16(data_size, ss);
+ pfx_size = 2;
+ } else if (pfx_size == 8) {
+ ss[0] = data_size;
+ pfx_size = 1;
+ } else
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ return _gnutls_buffer_append_data(buf, ss, pfx_size);
}
/* Reads an uint32 number from the buffer. If check is non zero it will also check whether
* the number read, is less than the data in the buffer
*/
int
-_gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
- int check)
+_gnutls_buffer_pop_prefix(gnutls_buffer_st * buf, size_t * data_size,
+ int check)
{
- size_t size;
+ size_t size;
- if (buf->length < 4)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ if (buf->length < 4) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
- size = _gnutls_read_uint32 (buf->data);
- if (check && size > buf->length - 4)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ size = _gnutls_read_uint32(buf->data);
+ if (check && size > buf->length - 4) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
- buf->data += 4;
- buf->length -= 4;
+ buf->data += 4;
+ buf->length -= 4;
- *data_size = size;
+ *data_size = size;
- return 0;
+ return 0;
}
int
-_gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
- gnutls_datum_t * data)
-{
- size_t size;
- int ret;
-
- ret = _gnutls_buffer_pop_prefix (buf, &size, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (size > 0)
- {
- size_t osize = size;
- _gnutls_buffer_pop_datum (buf, data, size);
- if (osize != data->size)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
- }
- else
- {
- data->size = 0;
- data->data = NULL;
- }
-
- return 0;
+_gnutls_buffer_pop_datum_prefix(gnutls_buffer_st * buf,
+ gnutls_datum_t * data)
+{
+ size_t size;
+ int ret;
+
+ ret = _gnutls_buffer_pop_prefix(buf, &size, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (size > 0) {
+ size_t osize = size;
+ _gnutls_buffer_pop_datum(buf, data, size);
+ if (osize != data->size) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ } else {
+ data->size = 0;
+ data->data = NULL;
+ }
+
+ return 0;
}
int
-_gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf,
- int pfx_size, const void *data, size_t data_size)
+_gnutls_buffer_append_data_prefix(gnutls_buffer_st * buf,
+ int pfx_size, const void *data,
+ size_t data_size)
{
-int ret = 0, ret1;
+ int ret = 0, ret1;
- ret1 = _gnutls_buffer_append_prefix (buf, pfx_size, data_size);
- if (ret1 < 0)
- return gnutls_assert_val(ret1);
+ ret1 = _gnutls_buffer_append_prefix(buf, pfx_size, data_size);
+ if (ret1 < 0)
+ return gnutls_assert_val(ret1);
- if (data_size > 0)
- {
- ret = _gnutls_buffer_append_data (buf, data, data_size);
+ if (data_size > 0) {
+ ret = _gnutls_buffer_append_data(buf, data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
- return ret + ret1;
+ return ret + ret1;
}
-int _gnutls_buffer_append_mpi (gnutls_buffer_st * buf, int pfx_size, bigint_t mpi, int lz)
+int _gnutls_buffer_append_mpi(gnutls_buffer_st * buf, int pfx_size,
+ bigint_t mpi, int lz)
{
-gnutls_datum_t dd;
-int ret;
+ gnutls_datum_t dd;
+ int ret;
- if (lz)
- ret = _gnutls_mpi_dprint_lz (mpi, &dd);
- else
- ret = _gnutls_mpi_dprint (mpi, &dd);
+ if (lz)
+ ret = _gnutls_mpi_dprint_lz(mpi, &dd);
+ else
+ ret = _gnutls_mpi_dprint(mpi, &dd);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_data_prefix(buf, pfx_size, dd.data, dd.size);
-
- _gnutls_free_datum(&dd);
-
- return ret;
+ ret =
+ _gnutls_buffer_append_data_prefix(buf, pfx_size, dd.data,
+ dd.size);
+
+ _gnutls_free_datum(&dd);
+
+ return ret;
}
int
-_gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
- size_t * data_size)
+_gnutls_buffer_pop_data_prefix(gnutls_buffer_st * buf, void *data,
+ size_t * data_size)
{
- size_t size;
- int ret;
+ size_t size;
+ int ret;
- ret = _gnutls_buffer_pop_prefix (buf, &size, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_buffer_pop_prefix(buf, &size, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (size > 0)
- _gnutls_buffer_pop_data (buf, data, data_size);
+ if (size > 0)
+ _gnutls_buffer_pop_data(buf, data, data_size);
- return 0;
+ return 0;
}
void
-_gnutls_buffer_hexprint (gnutls_buffer_st * str,
- const void *_data, size_t len)
+_gnutls_buffer_hexprint(gnutls_buffer_st * str,
+ const void *_data, size_t len)
{
- size_t j;
- const unsigned char* data = _data;
+ size_t j;
+ const unsigned char *data = _data;
- if (len == 0)
- _gnutls_buffer_append_str (str, "00");
- else
- {
- for (j = 0; j < len; j++)
- _gnutls_buffer_append_printf (str, "%.2x", (unsigned) data[j]);
- }
+ if (len == 0)
+ _gnutls_buffer_append_str(str, "00");
+ else {
+ for (j = 0; j < len; j++)
+ _gnutls_buffer_append_printf(str, "%.2x",
+ (unsigned) data[j]);
+ }
}
void
-_gnutls_buffer_hexdump (gnutls_buffer_st * str, const void *_data, size_t len,
- const char *spc)
-{
- size_t j;
- const unsigned char* data = _data;
-
- if (spc)
- _gnutls_buffer_append_str (str, spc);
- for (j = 0; j < len; j++)
- {
- if (((j + 1) % 16) == 0)
- {
- _gnutls_buffer_append_printf (str, "%.2x\n", (unsigned)data[j]);
- if (spc && j != (len - 1))
- _gnutls_buffer_append_str (str, spc);
- }
- else if (j == (len - 1))
- _gnutls_buffer_append_printf (str, "%.2x", (unsigned)data[j]);
- else
- _gnutls_buffer_append_printf (str, "%.2x:", (unsigned)data[j]);
- }
- if ((j % 16) != 0)
- _gnutls_buffer_append_str (str, "\n");
+_gnutls_buffer_hexdump(gnutls_buffer_st * str, const void *_data,
+ size_t len, const char *spc)
+{
+ size_t j;
+ const unsigned char *data = _data;
+
+ if (spc)
+ _gnutls_buffer_append_str(str, spc);
+ for (j = 0; j < len; j++) {
+ if (((j + 1) % 16) == 0) {
+ _gnutls_buffer_append_printf(str, "%.2x\n",
+ (unsigned) data[j]);
+ if (spc && j != (len - 1))
+ _gnutls_buffer_append_str(str, spc);
+ } else if (j == (len - 1))
+ _gnutls_buffer_append_printf(str, "%.2x",
+ (unsigned) data[j]);
+ else
+ _gnutls_buffer_append_printf(str, "%.2x:",
+ (unsigned) data[j]);
+ }
+ if ((j % 16) != 0)
+ _gnutls_buffer_append_str(str, "\n");
}
void
-_gnutls_buffer_asciiprint (gnutls_buffer_st * str,
- const char *data, size_t len)
-{
- size_t j;
-
- for (j = 0; j < len; j++)
- if (c_isprint (data[j]))
- _gnutls_buffer_append_printf (str, "%c", (unsigned char) data[j]);
- else
- _gnutls_buffer_append_printf (str, ".");
+_gnutls_buffer_asciiprint(gnutls_buffer_st * str,
+ const char *data, size_t len)
+{
+ size_t j;
+
+ for (j = 0; j < len; j++)
+ if (c_isprint(data[j]))
+ _gnutls_buffer_append_printf(str, "%c",
+ (unsigned char)
+ data[j]);
+ else
+ _gnutls_buffer_append_printf(str, ".");
}
diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h
index fde073291b..a99a6265c5 100644
--- a/lib/gnutls_str.h
+++ b/lib/gnutls_str.h
@@ -28,91 +28,93 @@
#include "gettext.h"
#define _(String) dgettext (PACKAGE, String)
-void _gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src);
-void _gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
- size_t src_size);
-void _gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src);
-
-typedef struct
-{
- uint8_t *allocd; /* pointer to allocated data */
- uint8_t *data; /* API: pointer to data to copy from */
- size_t max_length;
- size_t length; /* API: current length */
+void _gnutls_str_cpy(char *dest, size_t dest_tot_size, const char *src);
+void _gnutls_mem_cpy(char *dest, size_t dest_tot_size, const char *src,
+ size_t src_size);
+void _gnutls_str_cat(char *dest, size_t dest_tot_size, const char *src);
+
+typedef struct {
+ uint8_t *allocd; /* pointer to allocated data */
+ uint8_t *data; /* API: pointer to data to copy from */
+ size_t max_length;
+ size_t length; /* API: current length */
} gnutls_buffer_st;
/* Initialize a buffer */
-void _gnutls_buffer_init (gnutls_buffer_st *);
+void _gnutls_buffer_init(gnutls_buffer_st *);
/* Free the data in a buffer */
-void _gnutls_buffer_clear (gnutls_buffer_st *);
+void _gnutls_buffer_clear(gnutls_buffer_st *);
/* Set the buffer data to be of zero length */
-inline static void _gnutls_buffer_reset (gnutls_buffer_st * buf)
+inline static void _gnutls_buffer_reset(gnutls_buffer_st * buf)
{
- buf->data = buf->allocd;
- buf->length = 0;
+ buf->data = buf->allocd;
+ buf->length = 0;
}
-int _gnutls_buffer_resize (gnutls_buffer_st *, size_t new_size);
+int _gnutls_buffer_resize(gnutls_buffer_st *, size_t new_size);
-int _gnutls_buffer_append_str (gnutls_buffer_st *, const char *str);
-int _gnutls_buffer_append_data (gnutls_buffer_st *, const void *data,
- size_t data_size);
+int _gnutls_buffer_append_str(gnutls_buffer_st *, const char *str);
+int _gnutls_buffer_append_data(gnutls_buffer_st *, const void *data,
+ size_t data_size);
#include <gnutls_num.h>
-void _gnutls_buffer_replace_data( gnutls_buffer_st * buf, gnutls_datum_t * data);
+void _gnutls_buffer_replace_data(gnutls_buffer_st * buf,
+ gnutls_datum_t * data);
-int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, int pfx_size, size_t data_size);
+int _gnutls_buffer_append_prefix(gnutls_buffer_st * buf, int pfx_size,
+ size_t data_size);
-int _gnutls_buffer_append_mpi (gnutls_buffer_st * buf, int pfx_size, bigint_t, int lz);
+int _gnutls_buffer_append_mpi(gnutls_buffer_st * buf, int pfx_size,
+ bigint_t, int lz);
-int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, int pfx_size,
- const void *data, size_t data_size);
-void _gnutls_buffer_pop_data (gnutls_buffer_st *, void *, size_t * size);
-void _gnutls_buffer_pop_datum (gnutls_buffer_st *, gnutls_datum_t *,
- size_t max_size);
+int _gnutls_buffer_append_data_prefix(gnutls_buffer_st * buf, int pfx_size,
+ const void *data, size_t data_size);
+void _gnutls_buffer_pop_data(gnutls_buffer_st *, void *, size_t * size);
+void _gnutls_buffer_pop_datum(gnutls_buffer_st *, gnutls_datum_t *,
+ size_t max_size);
-int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
- int check);
+int _gnutls_buffer_pop_prefix(gnutls_buffer_st * buf, size_t * data_size,
+ int check);
-int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
- size_t * data_size);
+int _gnutls_buffer_pop_data_prefix(gnutls_buffer_st * buf, void *data,
+ size_t * data_size);
-int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
- gnutls_datum_t * data);
-int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data);
+int _gnutls_buffer_pop_datum_prefix(gnutls_buffer_st * buf,
+ gnutls_datum_t * data);
+int _gnutls_buffer_to_datum(gnutls_buffer_st * str, gnutls_datum_t * data);
-int _gnutls_buffer_escape (gnutls_buffer_st * dest, int all,
- const char *const invalid_chars);
-int _gnutls_buffer_unescape (gnutls_buffer_st * dest);
+int _gnutls_buffer_escape(gnutls_buffer_st * dest, int all,
+ const char *const invalid_chars);
+int _gnutls_buffer_unescape(gnutls_buffer_st * dest);
#ifndef __attribute__
/* This feature is available in gcc versions 2.5 and later. */
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#define __attribute__(Spec) /* empty */
+#define __attribute__(Spec) /* empty */
#endif
#endif
-int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt,
- ...)
- __attribute__ ((format (printf, 2, 3)));
+int _gnutls_buffer_append_printf(gnutls_buffer_st * dest, const char *fmt,
+ ...)
+ __attribute__ ((format(printf, 2, 3)));
-void _gnutls_buffer_hexprint (gnutls_buffer_st * str,
- const void *data, size_t len);
-void _gnutls_buffer_hexdump (gnutls_buffer_st * str, const void *data,
- size_t len, const char *spc);
-void _gnutls_buffer_asciiprint (gnutls_buffer_st * str,
- const char *data, size_t len);
+void _gnutls_buffer_hexprint(gnutls_buffer_st * str,
+ const void *data, size_t len);
+void _gnutls_buffer_hexdump(gnutls_buffer_st * str, const void *data,
+ size_t len, const char *spc);
+void _gnutls_buffer_asciiprint(gnutls_buffer_st * str,
+ const char *data, size_t len);
-char *_gnutls_bin2hex (const void *old, size_t oldlen, char *buffer,
- size_t buffer_size, const char *separator);
-int _gnutls_hex2bin (const char * hex_data, size_t hex_size, uint8_t * bin_data,
- size_t * bin_size);
+char *_gnutls_bin2hex(const void *old, size_t oldlen, char *buffer,
+ size_t buffer_size, const char *separator);
+int _gnutls_hex2bin(const char *hex_data, size_t hex_size,
+ uint8_t * bin_data, size_t * bin_size);
-int _gnutls_hostname_compare (const char *certname, size_t certnamesize,
- const char *hostname, int level);
+int _gnutls_hostname_compare(const char *certname, size_t certnamesize,
+ const char *hostname, int level);
#define MAX_CN 256
#define MAX_DN 1024
diff --git a/lib/gnutls_str_array.h b/lib/gnutls_str_array.h
index 9b6ddd6184..57aa828ac6 100644
--- a/lib/gnutls_str_array.h
+++ b/lib/gnutls_str_array.h
@@ -30,85 +30,86 @@
* are allowed to be added to the list and matched against it.
*/
-typedef struct gnutls_str_array_st
-{
- char* str;
- unsigned int len;
- struct gnutls_str_array_st* next;
+typedef struct gnutls_str_array_st {
+ char *str;
+ unsigned int len;
+ struct gnutls_str_array_st *next;
} *gnutls_str_array_t;
-inline static void _gnutls_str_array_init(gnutls_str_array_t* head)
+inline static void _gnutls_str_array_init(gnutls_str_array_t * head)
{
- *head = NULL;
+ *head = NULL;
}
-inline static void _gnutls_str_array_clear (gnutls_str_array_t *head)
+inline static void _gnutls_str_array_clear(gnutls_str_array_t * head)
{
- gnutls_str_array_t prev, array = *head;
-
- while(array != NULL)
- {
- prev = array;
- array = prev->next;
- gnutls_free(prev);
- }
- *head = NULL;
+ gnutls_str_array_t prev, array = *head;
+
+ while (array != NULL) {
+ prev = array;
+ array = prev->next;
+ gnutls_free(prev);
+ }
+ *head = NULL;
}
-inline static int _gnutls_str_array_match (gnutls_str_array_t head, const char* str)
+inline static int _gnutls_str_array_match(gnutls_str_array_t head,
+ const char *str)
{
- gnutls_str_array_t array = head;
-
- while(array != NULL)
- {
- if (strcmp(array->str, str) == 0) return 1;
- array = array->next;
- }
-
- return 0;
+ gnutls_str_array_t array = head;
+
+ while (array != NULL) {
+ if (strcmp(array->str, str) == 0)
+ return 1;
+ array = array->next;
+ }
+
+ return 0;
}
-inline static void append(gnutls_str_array_t array, const char* str, int len)
+inline static void append(gnutls_str_array_t array, const char *str,
+ int len)
{
- array->str = ((char*)array) + sizeof(struct gnutls_str_array_st);
- memcpy(array->str, str, len);
- array->str[len] = 0;
- array->len = len;
- array->next = NULL;
+ array->str = ((char *) array) + sizeof(struct gnutls_str_array_st);
+ memcpy(array->str, str, len);
+ array->str[len] = 0;
+ array->len = len;
+ array->next = NULL;
}
-inline static int _gnutls_str_array_append (gnutls_str_array_t* head, const char* str, int len)
+inline static int _gnutls_str_array_append(gnutls_str_array_t * head,
+ const char *str, int len)
{
- gnutls_str_array_t prev, array;
- if (*head == NULL)
- {
- *head = gnutls_malloc(len + 1 + sizeof(struct gnutls_str_array_st));
- if (*head == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- array = *head;
- append(array, str, len);
- }
- else
- {
- array = *head;
- prev = array;
- while(array != NULL)
- {
- prev = array;
- array = prev->next;
- }
- prev->next = gnutls_malloc(len + 1 + sizeof(struct gnutls_str_array_st));
-
- array = prev->next;
-
- if (array == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- append(array, str, len);
- }
-
- return 0;
+ gnutls_str_array_t prev, array;
+ if (*head == NULL) {
+ *head =
+ gnutls_malloc(len + 1 +
+ sizeof(struct gnutls_str_array_st));
+ if (*head == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ array = *head;
+ append(array, str, len);
+ } else {
+ array = *head;
+ prev = array;
+ while (array != NULL) {
+ prev = array;
+ array = prev->next;
+ }
+ prev->next =
+ gnutls_malloc(len + 1 +
+ sizeof(struct gnutls_str_array_st));
+
+ array = prev->next;
+
+ if (array == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ append(array, str, len);
+ }
+
+ return 0;
}
#endif
diff --git a/lib/gnutls_supplemental.c b/lib/gnutls_supplemental.c
index 1790a7d41c..56ca1e9f8c 100644
--- a/lib/gnutls_supplemental.c
+++ b/lib/gnutls_supplemental.c
@@ -49,20 +49,19 @@
#include "gnutls_num.h"
typedef int (*supp_recv_func) (gnutls_session_t session,
- const uint8_t * data, size_t data_size);
+ const uint8_t * data, size_t data_size);
typedef int (*supp_send_func) (gnutls_session_t session,
- gnutls_buffer_st * buf);
+ gnutls_buffer_st * buf);
-typedef struct
-{
- const char *name;
- gnutls_supplemental_data_format_type_t type;
- supp_recv_func supp_recv_func;
- supp_send_func supp_send_func;
+typedef struct {
+ const char *name;
+ gnutls_supplemental_data_format_type_t type;
+ supp_recv_func supp_recv_func;
+ supp_send_func supp_send_func;
} gnutls_supplemental_entry;
gnutls_supplemental_entry _gnutls_supplemental[] = {
- {0, 0, 0, 0}
+ {0, 0, 0, 0}
};
/**
@@ -75,141 +74,134 @@ gnutls_supplemental_entry _gnutls_supplemental[] = {
* Returns: a string that contains the name of the specified
* supplemental data format type, or %NULL for unknown types.
**/
-const char *
-gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t type)
+const char
+ *gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t
+ type)
{
- gnutls_supplemental_entry *p;
+ gnutls_supplemental_entry *p;
- for (p = _gnutls_supplemental; p->name != NULL; p++)
- if (p->type == type)
- return p->name;
+ for (p = _gnutls_supplemental; p->name != NULL; p++)
+ if (p->type == type)
+ return p->name;
- return NULL;
+ return NULL;
}
static supp_recv_func
-get_supp_func_recv (gnutls_supplemental_data_format_type_t type)
+get_supp_func_recv(gnutls_supplemental_data_format_type_t type)
{
- gnutls_supplemental_entry *p;
+ gnutls_supplemental_entry *p;
- for (p = _gnutls_supplemental; p->name != NULL; p++)
- if (p->type == type)
- return p->supp_recv_func;
+ for (p = _gnutls_supplemental; p->name != NULL; p++)
+ if (p->type == type)
+ return p->supp_recv_func;
- return NULL;
+ return NULL;
}
int
-_gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer_st * buf)
+_gnutls_gen_supplemental(gnutls_session_t session, gnutls_buffer_st * buf)
{
- gnutls_supplemental_entry *p;
- int ret;
-
- /* Make room for 3 byte length field. */
- ret = _gnutls_buffer_append_data (buf, "\0\0\0", 3);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- for (p = _gnutls_supplemental; p->name; p++)
- {
- supp_send_func supp_send = p->supp_send_func;
- size_t sizepos = buf->length;
-
- /* Make room for supplement type and length byte length field. */
- ret = _gnutls_buffer_append_data (buf, "\0\0\0\0", 4);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = supp_send (session, buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* If data were added, store type+length, otherwise reset. */
- if (buf->length > sizepos + 4)
- {
- buf->data[sizepos] = 0;
- buf->data[sizepos + 1] = p->type;
- buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF;
- buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF;
- }
- else
- buf->length -= 4;
- }
-
- buf->data[0] = ((buf->length - 3) >> 16) & 0xFF;
- buf->data[1] = ((buf->length - 3) >> 8) & 0xFF;
- buf->data[2] = (buf->length - 3) & 0xFF;
-
- _gnutls_debug_log ("EXT[%p]: Sending %d bytes of supplemental data\n",
- session, (int) buf->length);
-
- return buf->length;
+ gnutls_supplemental_entry *p;
+ int ret;
+
+ /* Make room for 3 byte length field. */
+ ret = _gnutls_buffer_append_data(buf, "\0\0\0", 3);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ for (p = _gnutls_supplemental; p->name; p++) {
+ supp_send_func supp_send = p->supp_send_func;
+ size_t sizepos = buf->length;
+
+ /* Make room for supplement type and length byte length field. */
+ ret = _gnutls_buffer_append_data(buf, "\0\0\0\0", 4);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = supp_send(session, buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* If data were added, store type+length, otherwise reset. */
+ if (buf->length > sizepos + 4) {
+ buf->data[sizepos] = 0;
+ buf->data[sizepos + 1] = p->type;
+ buf->data[sizepos + 2] =
+ ((buf->length - sizepos - 4) >> 8) & 0xFF;
+ buf->data[sizepos + 3] =
+ (buf->length - sizepos - 4) & 0xFF;
+ } else
+ buf->length -= 4;
+ }
+
+ buf->data[0] = ((buf->length - 3) >> 16) & 0xFF;
+ buf->data[1] = ((buf->length - 3) >> 8) & 0xFF;
+ buf->data[2] = (buf->length - 3) & 0xFF;
+
+ _gnutls_debug_log
+ ("EXT[%p]: Sending %d bytes of supplemental data\n", session,
+ (int) buf->length);
+
+ return buf->length;
}
int
-_gnutls_parse_supplemental (gnutls_session_t session,
- const uint8_t * data, int datalen)
+_gnutls_parse_supplemental(gnutls_session_t session,
+ const uint8_t * data, int datalen)
{
- const uint8_t *p = data;
- ssize_t dsize = datalen;
- size_t total_size;
-
- DECR_LEN (dsize, 3);
- total_size = _gnutls_read_uint24 (p);
- p += 3;
-
- if (dsize != (ssize_t) total_size)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- do
- {
- uint16_t supp_data_type;
- uint16_t supp_data_length;
- supp_recv_func recv_func;
-
- DECR_LEN (dsize, 2);
- supp_data_type = _gnutls_read_uint16 (p);
- p += 2;
-
- DECR_LEN (dsize, 2);
- supp_data_length = _gnutls_read_uint16 (p);
- p += 2;
-
- _gnutls_debug_log ("EXT[%p]: Got supplemental type=%02x length=%d\n",
- session, supp_data_type, supp_data_length);
-
- recv_func = get_supp_func_recv (supp_data_type);
- if (recv_func)
- {
- int ret = recv_func (session, p, supp_data_length);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- DECR_LEN (dsize, supp_data_length);
- p += supp_data_length;
- }
- while (dsize > 0);
-
- return 0;
+ const uint8_t *p = data;
+ ssize_t dsize = datalen;
+ size_t total_size;
+
+ DECR_LEN(dsize, 3);
+ total_size = _gnutls_read_uint24(p);
+ p += 3;
+
+ if (dsize != (ssize_t) total_size) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ do {
+ uint16_t supp_data_type;
+ uint16_t supp_data_length;
+ supp_recv_func recv_func;
+
+ DECR_LEN(dsize, 2);
+ supp_data_type = _gnutls_read_uint16(p);
+ p += 2;
+
+ DECR_LEN(dsize, 2);
+ supp_data_length = _gnutls_read_uint16(p);
+ p += 2;
+
+ _gnutls_debug_log
+ ("EXT[%p]: Got supplemental type=%02x length=%d\n",
+ session, supp_data_type, supp_data_length);
+
+ recv_func = get_supp_func_recv(supp_data_type);
+ if (recv_func) {
+ int ret = recv_func(session, p, supp_data_length);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ DECR_LEN(dsize, supp_data_length);
+ p += supp_data_length;
+ }
+ while (dsize > 0);
+
+ return 0;
}
diff --git a/lib/gnutls_supplemental.h b/lib/gnutls_supplemental.h
index fe2d6b4dd3..03c3f3b5f7 100644
--- a/lib/gnutls_supplemental.h
+++ b/lib/gnutls_supplemental.h
@@ -22,7 +22,7 @@
#include <gnutls_int.h>
-int _gnutls_parse_supplemental (gnutls_session_t session,
- const uint8_t * data, int data_size);
-int _gnutls_gen_supplemental (gnutls_session_t session,
- gnutls_buffer_st * buf);
+int _gnutls_parse_supplemental(gnutls_session_t session,
+ const uint8_t * data, int data_size);
+int _gnutls_gen_supplemental(gnutls_session_t session,
+ gnutls_buffer_st * buf);
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 6132eeb9d1..69fd05a947 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -53,21 +53,23 @@
* an error code is returned.
*
**/
-int gnutls_random_art (gnutls_random_art_t type,
- const char* key_type, unsigned int key_size,
- void * fpr, size_t fpr_size,
- gnutls_datum_t* art)
+int gnutls_random_art(gnutls_random_art_t type,
+ const char *key_type, unsigned int key_size,
+ void *fpr, size_t fpr_size, gnutls_datum_t * art)
{
- if (type != GNUTLS_RANDOM_ART_OPENSSH)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- art->data = (void*)_gnutls_key_fingerprint_randomart(fpr, fpr_size, key_type, key_size, NULL);
- if (art->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- art->size = strlen((char*)art->data);
-
- return 0;
+ if (type != GNUTLS_RANDOM_ART_OPENSSH)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ art->data =
+ (void *) _gnutls_key_fingerprint_randomart(fpr, fpr_size,
+ key_type, key_size,
+ NULL);
+ if (art->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ art->size = strlen((char *) art->data);
+
+ return 0;
}
/* ANON & DHE */
@@ -99,11 +101,13 @@ int gnutls_random_art (gnutls_random_art_t type,
*
*
**/
-void
-gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits)
+void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits)
{
- if (bits <= 512 && bits != 0) _gnutls_audit_log(session, "Note that the security level of the Diffie-Hellman key exchange has been lowered to %u bits and this may allow decryption of the session data\n", bits);
- session->internals.priorities.dh_prime_bits = bits;
+ if (bits <= 512 && bits != 0)
+ _gnutls_audit_log(session,
+ "Note that the security level of the Diffie-Hellman key exchange has been lowered to %u bits and this may allow decryption of the session data\n",
+ bits);
+ session->internals.priorities.dh_prime_bits = bits;
}
@@ -123,56 +127,55 @@ gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits)
* an error code is returned.
**/
int
-gnutls_dh_get_group (gnutls_session_t session,
- gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime)
+gnutls_dh_get_group(gnutls_session_t session,
+ gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime)
{
- dh_info_st *dh;
- int ret;
- anon_auth_info_t anon_info;
- cert_auth_info_t cert_info;
- psk_auth_info_t psk_info;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- anon_info = _gnutls_get_auth_info (session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
- case GNUTLS_CRD_PSK:
- psk_info = _gnutls_get_auth_info (session);
- if (psk_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &psk_info->dh;
- break;
- case GNUTLS_CRD_CERTIFICATE:
- cert_info = _gnutls_get_auth_info (session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (raw_prime);
- return ret;
- }
-
- return 0;
+ dh_info_st *dh;
+ int ret;
+ anon_auth_info_t anon_info;
+ cert_auth_info_t cert_info;
+ psk_auth_info_t psk_info;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ anon_info = _gnutls_get_auth_info(session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
+ case GNUTLS_CRD_PSK:
+ psk_info = _gnutls_get_auth_info(session);
+ if (psk_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &psk_info->dh;
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
+ cert_info = _gnutls_get_auth_info(session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_set_datum(raw_prime, dh->prime.data, dh->prime.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_set_datum(raw_gen, dh->generator.data,
+ dh->generator.size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(raw_prime);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -189,47 +192,46 @@ gnutls_dh_get_group (gnutls_session_t session,
* an error code is returned.
**/
int
-gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key)
+gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key)
{
- dh_info_st *dh;
- anon_auth_info_t anon_info;
- cert_auth_info_t cert_info;
- cert_auth_info_t psk_info;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_info = _gnutls_get_auth_info (session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_info = _gnutls_get_auth_info (session);
- if (psk_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &psk_info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
-
- cert_info = _gnutls_get_auth_info (session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_set_datum (raw_key, dh->public_key.data,
- dh->public_key.size);
+ dh_info_st *dh;
+ anon_auth_info_t anon_info;
+ cert_auth_info_t cert_info;
+ cert_auth_info_t psk_info;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_info = _gnutls_get_auth_info(session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_info = _gnutls_get_auth_info(session);
+ if (psk_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &psk_info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+
+ cert_info = _gnutls_get_auth_info(session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_set_datum(raw_key, dh->public_key.data,
+ dh->public_key.size);
}
/**
@@ -243,63 +245,59 @@ gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
* an error code is returned.
**/
-int
-gnutls_dh_get_secret_bits (gnutls_session_t session)
+int gnutls_dh_get_secret_bits(gnutls_session_t session)
{
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- return info->dh.secret_bits;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ return info->dh.secret_bits;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
-static int
-mpi_buf2bits (gnutls_datum_t * mpi_buf)
+static int mpi_buf2bits(gnutls_datum_t * mpi_buf)
{
- bigint_t mpi;
- int rc;
+ bigint_t mpi;
+ int rc;
- rc = _gnutls_mpi_scan_nz (&mpi, mpi_buf->data, mpi_buf->size);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
+ rc = _gnutls_mpi_scan_nz(&mpi, mpi_buf->data, mpi_buf->size);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
- rc = _gnutls_mpi_get_nbits (mpi);
- _gnutls_mpi_release (&mpi);
+ rc = _gnutls_mpi_get_nbits(mpi);
+ _gnutls_mpi_release(&mpi);
- return rc;
+ return rc;
}
/**
@@ -316,50 +314,48 @@ mpi_buf2bits (gnutls_datum_t * mpi_buf)
* Diffie-Hellman key exchange was done, or a negative error code on
* failure.
**/
-int
-gnutls_dh_get_prime_bits (gnutls_session_t session)
+int gnutls_dh_get_prime_bits(gnutls_session_t session)
{
- dh_info_st *dh;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return mpi_buf2bits (&dh->prime);
+ dh_info_st *dh;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return mpi_buf2bits(&dh->prime);
}
@@ -373,52 +369,50 @@ gnutls_dh_get_prime_bits (gnutls_session_t session)
* Returns: The public key bit size used in the last Diffie-Hellman
* key exchange with the peer, or a negative error code in case of error.
**/
-int
-gnutls_dh_get_peers_public_bits (gnutls_session_t session)
+int gnutls_dh_get_peers_public_bits(gnutls_session_t session)
{
- dh_info_st *dh;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return mpi_buf2bits (&dh->public_key);
+ dh_info_st *dh;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return mpi_buf2bits(&dh->public_key);
}
/**
@@ -434,13 +428,13 @@ gnutls_dh_get_peers_public_bits (gnutls_session_t session)
*
**/
void
-gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
- gnutls_dh_params_t dh_params)
+gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res,
+ gnutls_dh_params_t dh_params)
{
- res->dh_params = dh_params;
+ res->dh_params = dh_params;
}
-#endif /* DH */
+#endif /* DH */
/* CERTIFICATE STUFF */
@@ -456,25 +450,23 @@ gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
* certificate, or %NULL in case of an error or if no certificate
* was used.
**/
-const gnutls_datum_t *
-gnutls_certificate_get_ours (gnutls_session_t session)
+const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session)
{
- gnutls_certificate_credentials_t cred;
+ gnutls_certificate_credentials_t cred;
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL || cred->certs == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL || cred->certs == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
- if (session->internals.selected_cert_list == NULL)
- return NULL;
+ if (session->internals.selected_cert_list == NULL)
+ return NULL;
- return &session->internals.selected_cert_list[0].cert;
+ return &session->internals.selected_cert_list[0].cert;
}
/**
@@ -495,20 +487,20 @@ gnutls_certificate_get_ours (gnutls_session_t session)
* certificates, or %NULL in case of an error or if no certificate
* was used.
**/
-const gnutls_datum_t *
-gnutls_certificate_get_peers (gnutls_session_t
- session, unsigned int *list_size)
+const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t
+ session,
+ unsigned int *list_size)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return NULL;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
- *list_size = info->ncerts;
- return info->raw_certificate_list;
+ *list_size = info->ncerts;
+ return info->raw_certificate_list;
}
#ifdef ENABLE_OPENPGP
@@ -526,20 +518,20 @@ gnutls_certificate_get_peers (gnutls_session_t
* Since: 3.1.3
**/
int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
- gnutls_datum_t *id)
+ gnutls_datum_t * id)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- id->data = info->subkey_id;
- id->size = GNUTLS_OPENPGP_KEYID_SIZE;
+ id->data = info->subkey_id;
+ id->size = GNUTLS_OPENPGP_KEYID_SIZE;
- return 0;
+ return 0;
}
#endif
@@ -553,10 +545,9 @@ int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
* authentication or 1 otherwise, or a negative error code in case of
* error.
**/
-int
-gnutls_certificate_client_get_request_status (gnutls_session_t session)
+int gnutls_certificate_client_get_request_status(gnutls_session_t session)
{
- return session->key.crt_requested;
+ return session->key.crt_requested;
}
/**
@@ -580,28 +571,29 @@ gnutls_certificate_client_get_request_status (gnutls_session_t session)
* an error code is returned.
**/
int
-gnutls_fingerprint (gnutls_digest_algorithm_t algo,
- const gnutls_datum_t * data, void *result,
- size_t * result_size)
+gnutls_fingerprint(gnutls_digest_algorithm_t algo,
+ const gnutls_datum_t * data, void *result,
+ size_t * result_size)
{
- int ret;
- int hash_len = _gnutls_hash_get_algo_len (mac_to_entry(algo));
-
- if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
- {
- *result_size = hash_len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *result_size = hash_len;
-
- if (result)
- {
- ret = _gnutls_hash_fast( algo, data->data, data->size, result);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- return 0;
+ int ret;
+ int hash_len = _gnutls_hash_get_algo_len(mac_to_entry(algo));
+
+ if (hash_len < 0 || (unsigned) hash_len > *result_size
+ || result == NULL) {
+ *result_size = hash_len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *result_size = hash_len;
+
+ if (result) {
+ ret =
+ _gnutls_hash_fast(algo, data->data, data->size,
+ result);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return 0;
}
/**
@@ -614,10 +606,10 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
* authentication. The callback should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
- gnutls_params_function * func)
+gnutls_certificate_set_params_function(gnutls_certificate_credentials_t
+ res, gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
/**
@@ -631,10 +623,10 @@ gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
*
**/
void
-gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
- res, unsigned int flags)
+gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
+ res, unsigned int flags)
{
- res->verify_flags = flags;
+ res->verify_flags = flags;
}
/**
@@ -649,12 +641,12 @@ gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
* limits.
**/
void
-gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res,
- unsigned int max_bits,
- unsigned int max_depth)
+gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t res,
+ unsigned int max_bits,
+ unsigned int max_depth)
{
- res->verify_depth = max_depth;
- res->verify_bits = max_bits;
+ res->verify_depth = max_depth;
+ res->verify_bits = max_bits;
}
#ifdef ENABLE_PSK
@@ -668,10 +660,10 @@ gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res,
* callback should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
- gnutls_params_function * func)
+gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
+ gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
#endif
@@ -686,10 +678,10 @@ gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
* The callback should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
- gnutls_params_function * func)
+gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res,
+ gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
#endif
@@ -707,26 +699,25 @@ gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
*
* Since 3.1.0
**/
-int gnutls_load_file(const char* filename, gnutls_datum_t * data)
+int gnutls_load_file(const char *filename, gnutls_datum_t * data)
{
-size_t len;
-
- data->data = (void*)read_binary_file(filename, &len);
- if (data->data == NULL)
- return GNUTLS_E_FILE_ERROR;
-
- if (malloc != gnutls_malloc)
- {
- void* tmp = gnutls_malloc(len);
-
- memcpy(tmp, data->data, len);
- free(data->data);
- data->data = tmp;
- }
-
- data->size = len;
-
- return 0;
+ size_t len;
+
+ data->data = (void *) read_binary_file(filename, &len);
+ if (data->data == NULL)
+ return GNUTLS_E_FILE_ERROR;
+
+ if (malloc != gnutls_malloc) {
+ void *tmp = gnutls_malloc(len);
+
+ memcpy(tmp, data->data, len);
+ free(data->data);
+ data->data = tmp;
+ }
+
+ data->size = len;
+
+ return 0;
}
/**
@@ -744,9 +735,10 @@ size_t len;
* or sent and was invalid.
**/
int
-gnutls_ocsp_status_request_is_checked (gnutls_session_t session, unsigned int flags)
+gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
+ unsigned int flags)
{
- return session->internals.ocsp_check_ok;
+ return session->internals.ocsp_check_ok;
}
#ifdef ENABLE_RSA_EXPORT
@@ -765,11 +757,11 @@ gnutls_ocsp_status_request_is_checked (gnutls_session_t session, unsigned int fl
* an error code is returned.
**/
int
-gnutls_rsa_export_get_pubkey (gnutls_session_t session,
- gnutls_datum_t * exponent,
- gnutls_datum_t * modulus)
+gnutls_rsa_export_get_pubkey(gnutls_session_t session,
+ gnutls_datum_t * exponent,
+ gnutls_datum_t * modulus)
{
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
/**
@@ -781,10 +773,9 @@ gnutls_rsa_export_get_pubkey (gnutls_session_t session,
* Returns: The bits used in the last RSA-EXPORT key exchange with the
* peer, or a negative error code in case of error.
**/
-int
-gnutls_rsa_export_get_modulus_bits (gnutls_session_t session)
+int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session)
{
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
/**
@@ -797,10 +788,11 @@ gnutls_rsa_export_get_modulus_bits (gnutls_session_t session)
* RSA-EXPORT cipher suites.
**/
void
-gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
- res, gnutls_rsa_params_t rsa_params)
+gnutls_certificate_set_rsa_export_params(gnutls_certificate_credentials_t
+ res,
+ gnutls_rsa_params_t rsa_params)
{
- return;
+ return;
}
#endif
@@ -817,58 +809,62 @@ gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
*
* Since: 3.1.10
**/
-char *
-gnutls_session_get_desc (gnutls_session_t session)
+char *gnutls_session_get_desc(gnutls_session_t session)
{
- gnutls_kx_algorithm_t kx;
- unsigned type;
- char kx_name[32];
- char proto_name[32];
- const char* curve_name = NULL;
- unsigned dh_bits = 0;
- char* desc;
-
- kx = session->security_parameters.kx_algorithm;
-
- if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK ||
- kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA)
- {
- curve_name = gnutls_ecc_curve_get_name(gnutls_ecc_curve_get(session));
- }
- else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK ||
- kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- {
- dh_bits = gnutls_dh_get_prime_bits (session);
- }
-
- if (curve_name != NULL)
- snprintf(kx_name, sizeof(kx_name), "%s-%s", gnutls_kx_get_name(kx), curve_name);
- else if (dh_bits != 0)
- snprintf(kx_name, sizeof(kx_name), "%s-%u", gnutls_kx_get_name(kx), dh_bits);
- else
- snprintf(kx_name, sizeof(kx_name), "%s", gnutls_kx_get_name(kx));
-
- type = gnutls_certificate_type_get (session);
- if (type == GNUTLS_CRT_X509)
- snprintf(proto_name, sizeof(proto_name), "%s-PKIX", gnutls_protocol_get_name(get_num_version(session)));
- else
- snprintf(proto_name, sizeof(proto_name), "%s-%s", gnutls_protocol_get_name(get_num_version(session)),
- gnutls_certificate_type_get_name(type));
-
- gnutls_protocol_get_name(get_num_version (session)),
-
- desc = gnutls_malloc(DESC_SIZE);
- if (desc == NULL)
- return NULL;
-
- snprintf(desc, DESC_SIZE,
- "(%s)-(%s)-(%s)-(%s)",
- proto_name,
- kx_name,
- gnutls_cipher_get_name (gnutls_cipher_get (session)),
- gnutls_mac_get_name (gnutls_mac_get (session)));
-
- return desc;
+ gnutls_kx_algorithm_t kx;
+ unsigned type;
+ char kx_name[32];
+ char proto_name[32];
+ const char *curve_name = NULL;
+ unsigned dh_bits = 0;
+ char *desc;
+
+ kx = session->security_parameters.kx_algorithm;
+
+ if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK ||
+ kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) {
+ curve_name =
+ gnutls_ecc_curve_get_name(gnutls_ecc_curve_get
+ (session));
+ } else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK
+ || kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) {
+ dh_bits = gnutls_dh_get_prime_bits(session);
+ }
+
+ if (curve_name != NULL)
+ snprintf(kx_name, sizeof(kx_name), "%s-%s",
+ gnutls_kx_get_name(kx), curve_name);
+ else if (dh_bits != 0)
+ snprintf(kx_name, sizeof(kx_name), "%s-%u",
+ gnutls_kx_get_name(kx), dh_bits);
+ else
+ snprintf(kx_name, sizeof(kx_name), "%s",
+ gnutls_kx_get_name(kx));
+
+ type = gnutls_certificate_type_get(session);
+ if (type == GNUTLS_CRT_X509)
+ snprintf(proto_name, sizeof(proto_name), "%s-PKIX",
+ gnutls_protocol_get_name(get_num_version
+ (session)));
+ else
+ snprintf(proto_name, sizeof(proto_name), "%s-%s",
+ gnutls_protocol_get_name(get_num_version
+ (session)),
+ gnutls_certificate_type_get_name(type));
+
+ gnutls_protocol_get_name(get_num_version(session)),
+ desc = gnutls_malloc(DESC_SIZE);
+ if (desc == NULL)
+ return NULL;
+
+ snprintf(desc, DESC_SIZE,
+ "(%s)-(%s)-(%s)-(%s)",
+ proto_name,
+ kx_name,
+ gnutls_cipher_get_name(gnutls_cipher_get(session)),
+ gnutls_mac_get_name(gnutls_mac_get(session)));
+
+ return desc;
}
/**
@@ -886,19 +882,19 @@ gnutls_session_get_desc (gnutls_session_t session)
* an error code is returned.
**/
int
-gnutls_session_set_id (gnutls_session_t session,
- const gnutls_datum_t * sid)
+gnutls_session_set_id(gnutls_session_t session, const gnutls_datum_t * sid)
{
- if (session->security_parameters.entity == GNUTLS_SERVER ||
- sid->size > TLS_MAX_SESSION_ID_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (session->security_parameters.entity == GNUTLS_SERVER ||
+ sid->size > TLS_MAX_SESSION_ID_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- memset (&session->internals.resumed_security_parameters, 0,
- sizeof (session->internals.resumed_security_parameters));
+ memset(&session->internals.resumed_security_parameters, 0,
+ sizeof(session->internals.resumed_security_parameters));
- session->internals.resumed_security_parameters.session_id_size = sid->size;
- memcpy(session->internals.resumed_security_parameters.session_id,
- sid->data, sid->size);
+ session->internals.resumed_security_parameters.session_id_size =
+ sid->size;
+ memcpy(session->internals.resumed_security_parameters.session_id,
+ sid->data, sid->size);
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c
index 82855808e2..bed7d7d5a7 100644
--- a/lib/gnutls_v2_compat.c
+++ b/lib/gnutls_v2_compat.c
@@ -43,45 +43,41 @@
/* This selects the best supported ciphersuite from the ones provided */
static int
-_gnutls_handshake_select_v2_suite (gnutls_session_t session,
- uint8_t * data, unsigned int datalen)
+_gnutls_handshake_select_v2_suite(gnutls_session_t session,
+ uint8_t * data, unsigned int datalen)
{
- unsigned int i, j;
- int ret;
- uint8_t *_data;
- int _datalen;
-
- _gnutls_handshake_log ("HSK[%p]: Parsing a version 2.0 client hello.\n",
- session);
-
- _data = gnutls_malloc (datalen);
- if (_data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (datalen % 3 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- i = _datalen = 0;
- for (j = 0; j < datalen; j += 3)
- {
- if (data[j] == 0)
- {
- memcpy (&_data[i], &data[j + 1], 2);
- i += 2;
- _datalen += 2;
- }
- }
-
- ret = _gnutls_server_select_suite (session, _data, _datalen);
- gnutls_free (_data);
-
- return ret;
+ unsigned int i, j;
+ int ret;
+ uint8_t *_data;
+ int _datalen;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Parsing a version 2.0 client hello.\n", session);
+
+ _data = gnutls_malloc(datalen);
+ if (_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (datalen % 3 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ i = _datalen = 0;
+ for (j = 0; j < datalen; j += 3) {
+ if (data[j] == 0) {
+ memcpy(&_data[i], &data[j + 1], 2);
+ i += 2;
+ _datalen += 2;
+ }
+ }
+
+ ret = _gnutls_server_select_suite(session, _data, _datalen);
+ gnutls_free(_data);
+
+ return ret;
}
@@ -90,166 +86,167 @@ _gnutls_handshake_select_v2_suite (gnutls_session_t session,
* However they set their version to 3.0 or 3.1.
*/
int
-_gnutls_read_client_hello_v2 (gnutls_session_t session, uint8_t * data,
- unsigned int datalen)
+_gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
+ unsigned int datalen)
{
- uint16_t session_id_len = 0;
- int pos = 0;
- int ret = 0;
- uint16_t sizeOfSuites;
- gnutls_protocol_t adv_version;
- uint8_t rnd[GNUTLS_RANDOM_SIZE];
- int len = datalen;
- int err;
- uint16_t challenge;
- uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
-
- DECR_LEN (len, 2);
-
- _gnutls_handshake_log
- ("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
- data[pos], data[pos + 1]);
-
- set_adv_version (session, data[pos], data[pos + 1]);
-
- adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
-
- ret = _gnutls_negotiate_version (session, adv_version);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- pos += 2;
-
- /* Read uint16_t cipher_spec_length */
- DECR_LEN (len, 2);
- sizeOfSuites = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- /* read session id length */
- DECR_LEN (len, 2);
- session_id_len = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- /* read challenge length */
- DECR_LEN (len, 2);
- challenge = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- if (challenge < 16 || challenge > GNUTLS_RANDOM_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
-
- /* call the user hello callback
- */
- ret = _gnutls_user_hello_func (session, adv_version);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* find an appropriate cipher suite */
-
- DECR_LEN (len, sizeOfSuites);
- ret = _gnutls_handshake_select_v2_suite (session, &data[pos], sizeOfSuites);
-
- pos += sizeOfSuites;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* check if the credentials (username, public key etc.) are ok
- */
- if (_gnutls_get_kx_cred
- (session,
- _gnutls_cipher_suite_get_kx_algo (session->
- security_parameters.cipher_suite),
- &err) == NULL && err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
- if (session->internals.auth_struct == NULL)
- {
-
- _gnutls_handshake_log
- ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
- session);
-
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* read random new values -skip session id for now */
- DECR_LEN (len, session_id_len); /* skip session id for now */
- memcpy (session_id, &data[pos], session_id_len);
- pos += session_id_len;
-
- DECR_LEN (len, challenge);
- memset (rnd, 0, GNUTLS_RANDOM_SIZE);
-
- memcpy (&rnd[GNUTLS_RANDOM_SIZE - challenge], &data[pos], challenge);
-
- ret = _gnutls_set_client_random (session, rnd);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* generate server random value */
- ret = _gnutls_set_server_random (session, NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- session->security_parameters.timestamp = gnutls_time (NULL);
-
-
- /* RESUME SESSION */
-
- DECR_LEN (len, session_id_len);
- ret = _gnutls_server_restore_session (session, session_id, session_id_len);
-
- if (ret == 0)
- { /* resumed! */
- /* get the new random values */
- memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- session->internals.resumed = RESUME_TRUE;
- return 0;
- }
- else
- {
- _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
- session->internals.resumed = RESUME_FALSE;
- }
-
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, GNUTLS_COMP_NULL);
- session->security_parameters.compression_method = GNUTLS_COMP_NULL;
-
- return 0;
+ uint16_t session_id_len = 0;
+ int pos = 0;
+ int ret = 0;
+ uint16_t sizeOfSuites;
+ gnutls_protocol_t adv_version;
+ uint8_t rnd[GNUTLS_RANDOM_SIZE];
+ int len = datalen;
+ int err;
+ uint16_t challenge;
+ uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
+
+ DECR_LEN(len, 2);
+
+ _gnutls_handshake_log
+ ("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
+ data[pos], data[pos + 1]);
+
+ set_adv_version(session, data[pos], data[pos + 1]);
+
+ adv_version = _gnutls_version_get(data[pos], data[pos + 1]);
+
+ ret = _gnutls_negotiate_version(session, adv_version);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ pos += 2;
+
+ /* Read uint16_t cipher_spec_length */
+ DECR_LEN(len, 2);
+ sizeOfSuites = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ /* read session id length */
+ DECR_LEN(len, 2);
+ session_id_len = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ if (session_id_len > TLS_MAX_SESSION_ID_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ /* read challenge length */
+ DECR_LEN(len, 2);
+ challenge = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ if (challenge < 16 || challenge > GNUTLS_RANDOM_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+
+ /* call the user hello callback
+ */
+ ret = _gnutls_user_hello_func(session, adv_version);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* find an appropriate cipher suite */
+
+ DECR_LEN(len, sizeOfSuites);
+ ret =
+ _gnutls_handshake_select_v2_suite(session, &data[pos],
+ sizeOfSuites);
+
+ pos += sizeOfSuites;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* check if the credentials (username, public key etc.) are ok
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
+ cipher_suite), &err) == NULL
+ && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+ if (session->internals.auth_struct == NULL) {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* read random new values -skip session id for now */
+ DECR_LEN(len, session_id_len); /* skip session id for now */
+ memcpy(session_id, &data[pos], session_id_len);
+ pos += session_id_len;
+
+ DECR_LEN(len, challenge);
+ memset(rnd, 0, GNUTLS_RANDOM_SIZE);
+
+ memcpy(&rnd[GNUTLS_RANDOM_SIZE - challenge], &data[pos],
+ challenge);
+
+ ret = _gnutls_set_client_random(session, rnd);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* generate server random value */
+ ret = _gnutls_set_server_random(session, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->security_parameters.timestamp = gnutls_time(NULL);
+
+
+ /* RESUME SESSION */
+
+ DECR_LEN(len, session_id_len);
+ ret =
+ _gnutls_server_restore_session(session, session_id,
+ session_id_len);
+
+ if (ret == 0) { /* resumed! */
+ /* get the new random values */
+ memcpy(session->internals.resumed_security_parameters.
+ server_random,
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(session->internals.resumed_security_parameters.
+ client_random,
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ session->internals.resumed = RESUME_TRUE;
+ return 0;
+ } else {
+ _gnutls_generate_session_id(session->security_parameters.
+ session_id,
+ &session->security_parameters.
+ session_id_size);
+ session->internals.resumed = RESUME_FALSE;
+ }
+
+ _gnutls_epoch_set_compression(session, EPOCH_NEXT,
+ GNUTLS_COMP_NULL);
+ session->security_parameters.compression_method = GNUTLS_COMP_NULL;
+
+ return 0;
}
diff --git a/lib/gnutls_v2_compat.h b/lib/gnutls_v2_compat.h
index ab8cdd997e..fffd17e5e7 100644
--- a/lib/gnutls_v2_compat.h
+++ b/lib/gnutls_v2_compat.h
@@ -20,5 +20,5 @@
*
*/
-int _gnutls_read_client_hello_v2 (gnutls_session_t session, uint8_t * data,
- unsigned int datalen);
+int _gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
+ unsigned int datalen);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index e75b8723fc..b4039cd41b 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -45,7 +45,7 @@
#include <gnutls/x509.h>
#include "read-file.h"
#ifdef _WIN32
-# include <wincrypt.h>
+#include <wincrypt.h>
#endif
/*
@@ -56,34 +56,36 @@
* is unacceptable.
*/
inline static int
-check_bits (gnutls_session_t session, gnutls_x509_crt_t crt, unsigned int max_bits)
+check_bits(gnutls_session_t session, gnutls_x509_crt_t crt,
+ unsigned int max_bits)
{
- int ret, pk;
- unsigned int bits;
-
- ret = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- pk = ret;
-
- if (bits > max_bits && max_bits > 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CONSTRAINT_ERROR;
- }
-
- if (gnutls_pk_bits_to_sec_param(pk, bits) == GNUTLS_SEC_PARAM_INSECURE)
- {
- gnutls_assert();
- _gnutls_audit_log(session, "The security level of the certificate (%s: %u) is weak\n", gnutls_pk_get_name(pk), bits);
- if (session->internals.priorities.allow_weak_keys == 0)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
- }
-
- return 0;
+ int ret, pk;
+ unsigned int bits;
+
+ ret = gnutls_x509_crt_get_pk_algorithm(crt, &bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ pk = ret;
+
+ if (bits > max_bits && max_bits > 0) {
+ gnutls_assert();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
+
+ if (gnutls_pk_bits_to_sec_param(pk, bits) ==
+ GNUTLS_SEC_PARAM_INSECURE) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "The security level of the certificate (%s: %u) is weak\n",
+ gnutls_pk_get_name(pk), bits);
+ if (session->internals.priorities.allow_weak_keys == 0)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
+ }
+
+ return 0;
}
/* three days */
@@ -95,108 +97,106 @@ check_bits (gnutls_session_t session, gnutls_x509_crt_t crt, unsigned int max_bi
* Zero on success, a negative error code otherwise.
*/
static int
-check_ocsp_response (gnutls_session_t session, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer,
- gnutls_datum_t *data, unsigned int * ostatus)
+check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer,
+ gnutls_datum_t * data, unsigned int *ostatus)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- unsigned int status, cert_status;
- time_t rtime, vtime, ntime, now;
- int check_failed = 0;
-
- now = gnutls_time(0);
-
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- {
- _gnutls_audit_log (session, "There was an error parsing the OCSP response: %s.\n", gnutls_strerror(ret));
- ret = gnutls_assert_val(0);
- check_failed = 1;
- goto cleanup;
- }
-
- ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
- if (ret < 0)
- {
- ret = gnutls_assert_val(0);
- _gnutls_audit_log (session, "Got OCSP response with an unrelated certificate.\n");
- check_failed = 1;
- goto cleanup;
- }
-
- ret = gnutls_ocsp_resp_verify_direct( resp, issuer, &status, 0);
- if (ret < 0)
- {
- ret = gnutls_assert_val(0);
- gnutls_assert();
- check_failed = 1;
- goto cleanup;
- }
-
- /* do not consider revocation data if response was not verified */
- if (status != 0)
- {
- ret = gnutls_assert_val(0);
- check_failed = 1;
- goto cleanup;
- }
-
- ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
- &cert_status, &vtime, &ntime, &rtime, NULL);
- if (ret < 0)
- {
- _gnutls_audit_log (session, "There was an error parsing the OCSP response: %s.\n", gnutls_strerror(ret));
- ret = gnutls_assert_val(0);
- check_failed = 1;
- goto cleanup;
- }
-
- if (cert_status == GNUTLS_OCSP_CERT_REVOKED)
- {
- _gnutls_audit_log(session, "The certificate was revoked via OCSP\n");
- check_failed = 1;
- *ostatus |= GNUTLS_CERT_REVOKED;
- ret = gnutls_assert_val(0);
- goto cleanup;
- }
-
- /* Report but do not fail on the following errors. That is
- * because including the OCSP response in the handshake shouldn't
- * cause more problems that not including it.
- */
- if (ntime == -1)
- {
- if (now - vtime > MAX_OCSP_VALIDITY_SECS)
- {
- _gnutls_audit_log(session, "The OCSP response is old\n");
- check_failed = 1;
- goto cleanup;
- }
- }
- else
- {
- /* there is a newer OCSP answer, don't trust this one */
- if (ntime < now)
- {
- _gnutls_audit_log(session, "There is a newer OCSP response but was not provided by the server\n");
- check_failed = 1;
- goto cleanup;
- }
- }
-
- ret = 0;
-cleanup:
- if (check_failed == 0)
- session->internals.ocsp_check_ok = 1;
-
- gnutls_ocsp_resp_deinit (resp);
-
- return ret;
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ unsigned int status, cert_status;
+ time_t rtime, vtime, ntime, now;
+ int check_failed = 0;
+
+ now = gnutls_time(0);
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0) {
+ _gnutls_audit_log(session,
+ "There was an error parsing the OCSP response: %s.\n",
+ gnutls_strerror(ret));
+ ret = gnutls_assert_val(0);
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
+ if (ret < 0) {
+ ret = gnutls_assert_val(0);
+ _gnutls_audit_log(session,
+ "Got OCSP response with an unrelated certificate.\n");
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ ret = gnutls_ocsp_resp_verify_direct(resp, issuer, &status, 0);
+ if (ret < 0) {
+ ret = gnutls_assert_val(0);
+ gnutls_assert();
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ /* do not consider revocation data if response was not verified */
+ if (status != 0) {
+ ret = gnutls_assert_val(0);
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
+ &cert_status, &vtime, &ntime,
+ &rtime, NULL);
+ if (ret < 0) {
+ _gnutls_audit_log(session,
+ "There was an error parsing the OCSP response: %s.\n",
+ gnutls_strerror(ret));
+ ret = gnutls_assert_val(0);
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ if (cert_status == GNUTLS_OCSP_CERT_REVOKED) {
+ _gnutls_audit_log(session,
+ "The certificate was revoked via OCSP\n");
+ check_failed = 1;
+ *ostatus |= GNUTLS_CERT_REVOKED;
+ ret = gnutls_assert_val(0);
+ goto cleanup;
+ }
+
+ /* Report but do not fail on the following errors. That is
+ * because including the OCSP response in the handshake shouldn't
+ * cause more problems that not including it.
+ */
+ if (ntime == -1) {
+ if (now - vtime > MAX_OCSP_VALIDITY_SECS) {
+ _gnutls_audit_log(session,
+ "The OCSP response is old\n");
+ check_failed = 1;
+ goto cleanup;
+ }
+ } else {
+ /* there is a newer OCSP answer, don't trust this one */
+ if (ntime < now) {
+ _gnutls_audit_log(session,
+ "There is a newer OCSP response but was not provided by the server\n");
+ check_failed = 1;
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+ cleanup:
+ if (check_failed == 0)
+ session->internals.ocsp_check_ok = 1;
+
+ gnutls_ocsp_resp_deinit(resp);
+
+ return ret;
}
#endif
@@ -217,390 +217,386 @@ cleanup:
* actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
-*/
int
-_gnutls_x509_cert_verify_peers (gnutls_session_t session,
- const char* hostname,
- unsigned int *status)
+_gnutls_x509_cert_verify_peers(gnutls_session_t session,
+ const char *hostname, unsigned int *status)
{
- cert_auth_info_t info;
- gnutls_certificate_credentials_t cred;
- gnutls_x509_crt_t *peer_certificate_list;
- gnutls_datum_t resp;
- int peer_certificate_list_size, i, x, ret;
- gnutls_x509_crt_t issuer;
- unsigned int ocsp_status = 0;
- unsigned int verify_flags;
-
- /* No OCSP check so far */
- session->internals.ocsp_check_ok = 0;
-
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- if (info->ncerts > cred->verify_depth && cred->verify_depth > 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CONSTRAINT_ERROR;
- }
-
- verify_flags = cred->verify_flags | session->internals.priorities.additional_verify_flags;
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = info->ncerts;
- peer_certificate_list =
- gnutls_calloc (peer_certificate_list_size, sizeof (gnutls_x509_crt_t));
- if (peer_certificate_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i = 0; i < peer_certificate_list_size; i++)
- {
- ret = gnutls_x509_crt_init (&peer_certificate_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
-
- ret =
- gnutls_x509_crt_import (peer_certificate_list[i],
- &info->raw_certificate_list[i],
- GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
-
- ret = check_bits (session, peer_certificate_list[i], cred->verify_bits);
- if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
-
- }
-
- /* Use the OCSP extension if any */
- if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS)
- goto skip_ocsp;
-
- ret = gnutls_ocsp_status_request_get(session, &resp);
- if (ret < 0)
- goto skip_ocsp;
-
- if (peer_certificate_list_size > 1)
- issuer = peer_certificate_list[1];
- else
- {
- ret = gnutls_x509_trust_list_get_issuer(cred->tlist, peer_certificate_list[0],
- &issuer, 0);
- if (ret < 0)
- {
- goto skip_ocsp;
- }
- }
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ gnutls_x509_crt_t *peer_certificate_list;
+ gnutls_datum_t resp;
+ int peer_certificate_list_size, i, x, ret;
+ gnutls_x509_crt_t issuer;
+ unsigned int ocsp_status = 0;
+ unsigned int verify_flags;
+
+ /* No OCSP check so far */
+ session->internals.ocsp_check_ok = 0;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ if (info->ncerts > cred->verify_depth && cred->verify_depth > 0) {
+ gnutls_assert();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
+
+ verify_flags =
+ cred->verify_flags | session->internals.priorities.
+ additional_verify_flags;
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = info->ncerts;
+ peer_certificate_list =
+ gnutls_calloc(peer_certificate_list_size,
+ sizeof(gnutls_x509_crt_t));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < peer_certificate_list_size; i++) {
+ ret = gnutls_x509_crt_init(&peer_certificate_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crt_import(peer_certificate_list[i],
+ &info->raw_certificate_list[i],
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ ret =
+ check_bits(session, peer_certificate_list[i],
+ cred->verify_bits);
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ }
+
+ /* Use the OCSP extension if any */
+ if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS)
+ goto skip_ocsp;
+
+ ret = gnutls_ocsp_status_request_get(session, &resp);
+ if (ret < 0)
+ goto skip_ocsp;
+
+ if (peer_certificate_list_size > 1)
+ issuer = peer_certificate_list[1];
+ else {
+ ret =
+ gnutls_x509_trust_list_get_issuer(cred->tlist,
+ peer_certificate_list
+ [0], &issuer, 0);
+ if (ret < 0) {
+ goto skip_ocsp;
+ }
+ }
#ifdef ENABLE_OCSP
- ret = check_ocsp_response(session, peer_certificate_list[0], issuer, &resp, &ocsp_status);
- if (ret < 0)
- {
- CLEAR_CERTS;
- return gnutls_assert_val(ret);
- }
+ ret =
+ check_ocsp_response(session, peer_certificate_list[0], issuer,
+ &resp, &ocsp_status);
+ if (ret < 0) {
+ CLEAR_CERTS;
+ return gnutls_assert_val(ret);
+ }
#endif
-skip_ocsp:
- /* Verify certificate
- */
- ret = gnutls_x509_trust_list_verify_crt (cred->tlist, peer_certificate_list,
- peer_certificate_list_size,
- verify_flags, status, NULL);
-
- if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
-
- if (hostname)
- {
- ret = gnutls_x509_crt_check_hostname( peer_certificate_list[0], hostname);
- if (ret == 0)
- *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
- }
-
- CLEAR_CERTS;
-
- *status |= ocsp_status;
-
- return 0;
+ skip_ocsp:
+ /* Verify certificate
+ */
+ ret =
+ gnutls_x509_trust_list_verify_crt(cred->tlist,
+ peer_certificate_list,
+ peer_certificate_list_size,
+ verify_flags, status, NULL);
+
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ if (hostname) {
+ ret =
+ gnutls_x509_crt_check_hostname(peer_certificate_list
+ [0], hostname);
+ if (ret == 0)
+ *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
+ }
+
+ CLEAR_CERTS;
+
+ *status |= ocsp_status;
+
+ return 0;
}
/* Returns the name of the certificate of a null name
*/
-static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t *names)
+static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names)
{
-size_t max_size;
-int i, ret = 0, ret2;
-char name[MAX_CN];
-
- for (i = 0; !(ret < 0); i++)
- {
- max_size = sizeof(name);
-
- ret = gnutls_x509_crt_get_subject_alt_name(crt, i, name, &max_size, NULL);
- if (ret == GNUTLS_SAN_DNSNAME)
- {
- ret2 = _gnutls_str_array_append(names, name, max_size);
- if (ret2 < 0)
- {
- _gnutls_str_array_clear(names);
- return gnutls_assert_val(ret2);
- }
- }
- }
-
- max_size = sizeof(name);
- ret = gnutls_x509_crt_get_dn_by_oid (crt, OID_X520_COMMON_NAME, 0, 0, name, &max_size);
- if (ret >= 0)
- {
- ret = _gnutls_str_array_append(names, name, max_size);
- if (ret < 0)
- {
- _gnutls_str_array_clear(names);
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
+ size_t max_size;
+ int i, ret = 0, ret2;
+ char name[MAX_CN];
+
+ for (i = 0; !(ret < 0); i++) {
+ max_size = sizeof(name);
+
+ ret =
+ gnutls_x509_crt_get_subject_alt_name(crt, i, name,
+ &max_size, NULL);
+ if (ret == GNUTLS_SAN_DNSNAME) {
+ ret2 =
+ _gnutls_str_array_append(names, name,
+ max_size);
+ if (ret2 < 0) {
+ _gnutls_str_array_clear(names);
+ return gnutls_assert_val(ret2);
+ }
+ }
+ }
+
+ max_size = sizeof(name);
+ ret =
+ gnutls_x509_crt_get_dn_by_oid(crt, OID_X520_COMMON_NAME, 0, 0,
+ name, &max_size);
+ if (ret >= 0) {
+ ret = _gnutls_str_array_append(names, name, max_size);
+ if (ret < 0) {
+ _gnutls_str_array_clear(names);
+ return gnutls_assert_val(ret);
+ }
+ }
+
+ return 0;
}
-static int get_x509_name_raw(gnutls_datum_t *raw, gnutls_x509_crt_fmt_t type, gnutls_str_array_t *names)
+static int get_x509_name_raw(gnutls_datum_t * raw,
+ gnutls_x509_crt_fmt_t type,
+ gnutls_str_array_t * names)
{
-int ret;
-gnutls_x509_crt_t crt;
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_x509_crt_import (crt, raw, type);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (crt);
- return ret;
- }
-
- ret = get_x509_name(crt, names);
- gnutls_x509_crt_deinit (crt);
- return ret;
+ int ret;
+ gnutls_x509_crt_t crt;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_import(crt, raw, type);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ return ret;
+ }
+
+ ret = get_x509_name(crt, names);
+ gnutls_x509_crt_deinit(crt);
+ return ret;
}
/* Reads a DER encoded certificate list from memory and stores it to a
* gnutls_cert structure. Returns the number of certificates parsed.
*/
static int
-parse_der_cert_mem (gnutls_certificate_credentials_t res,
- const void *input_cert, int input_cert_size)
+parse_der_cert_mem(gnutls_certificate_credentials_t res,
+ const void *input_cert, int input_cert_size)
{
- gnutls_datum_t tmp;
- gnutls_x509_crt_t crt;
- gnutls_pcert_st *ccert;
- int ret;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- ccert = gnutls_malloc (sizeof (*ccert));
- if (ccert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- tmp.data = (uint8_t *) input_cert;
- tmp.size = input_cert_size;
-
- ret = gnutls_x509_crt_import (crt, &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (crt);
- goto cleanup;
- }
-
- ret = get_x509_name(crt, &names);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_x509_crt_deinit (crt);
- goto cleanup;
- }
-
- ret = gnutls_pcert_import_x509 (ccert, crt, 0);
- gnutls_x509_crt_deinit (crt);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credential_append_crt_list (res, names, ccert, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- _gnutls_str_array_clear(&names);
- gnutls_free (ccert);
- return ret;
+ gnutls_datum_t tmp;
+ gnutls_x509_crt_t crt;
+ gnutls_pcert_st *ccert;
+ int ret;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ ccert = gnutls_malloc(sizeof(*ccert));
+ if (ccert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ tmp.data = (uint8_t *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret = gnutls_x509_crt_import(crt, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ goto cleanup;
+ }
+
+ ret = get_x509_name(crt, &names);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ goto cleanup;
+ }
+
+ ret = gnutls_pcert_import_x509(ccert, crt, 0);
+ gnutls_x509_crt_deinit(crt);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = certificate_credential_append_crt_list(res, names, ccert, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ _gnutls_str_array_clear(&names);
+ gnutls_free(ccert);
+ return ret;
}
/* Reads a base64 encoded certificate list from memory and stores it to
* a gnutls_cert structure. Returns the number of certificate parsed.
*/
static int
-parse_pem_cert_mem (gnutls_certificate_credentials_t res,
- const char *input_cert, int input_cert_size)
+parse_pem_cert_mem(gnutls_certificate_credentials_t res,
+ const char *input_cert, int input_cert_size)
{
- int size;
- const char *ptr;
- gnutls_datum_t tmp;
- int ret, count, i;
- gnutls_pcert_st *certs = NULL;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- /* move to the certificate
- */
- ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr == NULL)
- ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- if (ptr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
- size = input_cert_size - (ptr - input_cert);
-
- count = 0;
-
- do
- {
- certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_pcert_st));
-
- if (certs == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- tmp.data = (void*)ptr;
- tmp.size = size;
-
- if (count == 0)
- {
- ret = get_x509_name_raw(&tmp, GNUTLS_X509_FMT_PEM, &names);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = gnutls_pcert_import_x509_raw (&certs[count], &tmp, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
- size = input_cert_size - (ptr - input_cert);
-
- if (size > 0)
- {
- char *ptr3;
-
- ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr3 == NULL)
- ptr3 = memmem (ptr, size, PEM_CERT_SEP2,
- sizeof (PEM_CERT_SEP2) - 1);
-
- ptr = ptr3;
- }
- else
- ptr = NULL;
-
- count++;
-
- }
- while (ptr != NULL);
-
- ret = certificate_credential_append_crt_list (res, names, certs, count);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return count;
-
-cleanup:
- _gnutls_str_array_clear(&names);
- for (i=0;i<count;i++)
- gnutls_pcert_deinit(&certs[i]);
- gnutls_free(certs);
- return ret;
+ int size;
+ const char *ptr;
+ gnutls_datum_t tmp;
+ int ret, count, i;
+ gnutls_pcert_st *certs = NULL;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ /* move to the certificate
+ */
+ ptr = memmem(input_cert, input_cert_size,
+ PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1);
+ if (ptr == NULL)
+ ptr = memmem(input_cert, input_cert_size,
+ PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1);
+
+ if (ptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ size = input_cert_size - (ptr - input_cert);
+
+ count = 0;
+
+ do {
+ certs =
+ gnutls_realloc_fast(certs,
+ (count +
+ 1) * sizeof(gnutls_pcert_st));
+
+ if (certs == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ tmp.data = (void *) ptr;
+ tmp.size = size;
+
+ if (count == 0) {
+ ret =
+ get_x509_name_raw(&tmp, GNUTLS_X509_FMT_PEM,
+ &names);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ gnutls_pcert_import_x509_raw(&certs[count], &tmp,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = input_cert_size - (ptr - input_cert);
+
+ if (size > 0) {
+ char *ptr3;
+
+ ptr3 =
+ memmem(ptr, size, PEM_CERT_SEP,
+ sizeof(PEM_CERT_SEP) - 1);
+ if (ptr3 == NULL)
+ ptr3 = memmem(ptr, size, PEM_CERT_SEP2,
+ sizeof(PEM_CERT_SEP2) - 1);
+
+ ptr = ptr3;
+ } else
+ ptr = NULL;
+
+ count++;
+
+ }
+ while (ptr != NULL);
+
+ ret =
+ certificate_credential_append_crt_list(res, names, certs,
+ count);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return count;
+
+ cleanup:
+ _gnutls_str_array_clear(&names);
+ for (i = 0; i < count; i++)
+ gnutls_pcert_deinit(&certs[i]);
+ gnutls_free(certs);
+ return ret;
}
@@ -608,37 +604,36 @@ cleanup:
/* Reads a DER or PEM certificate from memory
*/
static int
-read_cert_mem (gnutls_certificate_credentials_t res, const void *cert,
- int cert_size, gnutls_x509_crt_fmt_t type)
+read_cert_mem(gnutls_certificate_credentials_t res, const void *cert,
+ int cert_size, gnutls_x509_crt_fmt_t type)
{
- int ret;
+ int ret;
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_cert_mem (res, cert, cert_size);
- else
- ret = parse_pem_cert_mem (res, cert, cert_size);
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_cert_mem(res, cert, cert_size);
+ else
+ ret = parse_pem_cert_mem(res, cert, cert_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return ret;
+ return ret;
}
-static int tmp_pin_cb(void* userdata, int attempt, const char *token_url, const char *token_label,
- unsigned int flags, char *pin, size_t pin_max)
+static int tmp_pin_cb(void *userdata, int attempt, const char *token_url,
+ const char *token_label, unsigned int flags,
+ char *pin, size_t pin_max)
{
-const char* tmp_pin = userdata;
-
- if (attempt == 0)
- {
- snprintf(pin, pin_max, "%s", tmp_pin);
- return 0;
- }
-
- return -1;
+ const char *tmp_pin = userdata;
+
+ if (attempt == 0) {
+ snprintf(pin, pin_max, "%s", tmp_pin);
+ return 0;
+ }
+
+ return -1;
}
/* Reads a PEM encoded PKCS-1 RSA/DSA private key from memory. Type
@@ -646,174 +641,170 @@ const char* tmp_pin = userdata;
* that GnuTLS doesn't know the private key.
*/
static int
-read_key_mem (gnutls_certificate_credentials_t res,
- const void *key, int key_size, gnutls_x509_crt_fmt_t type,
- const char* pass, unsigned int flags)
+read_key_mem(gnutls_certificate_credentials_t res,
+ const void *key, int key_size, gnutls_x509_crt_fmt_t type,
+ const char *pass, unsigned int flags)
{
- int ret;
- gnutls_datum_t tmp;
- gnutls_privkey_t privkey;
-
- if (key)
- {
- tmp.data = (uint8_t *) key;
- tmp.size = key_size;
-
- ret = gnutls_privkey_init(&privkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (res->pin.cb)
- gnutls_privkey_set_pin_function(privkey, res->pin.cb, res->pin.data);
- else if (pass != NULL)
- {
- snprintf(res->pin_tmp, sizeof(res->pin_tmp), "%s", pass);
- gnutls_privkey_set_pin_function(privkey, tmp_pin_cb, res->pin_tmp);
- }
-
- ret = gnutls_privkey_import_x509_raw (privkey, &tmp, type, pass, flags);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = certificate_credentials_append_pkey (res, privkey);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (privkey);
- return ret;
- }
-
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-
- return 0;
+ int ret;
+ gnutls_datum_t tmp;
+ gnutls_privkey_t privkey;
+
+ if (key) {
+ tmp.data = (uint8_t *) key;
+ tmp.size = key_size;
+
+ ret = gnutls_privkey_init(&privkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (res->pin.cb)
+ gnutls_privkey_set_pin_function(privkey,
+ res->pin.cb,
+ res->pin.data);
+ else if (pass != NULL) {
+ snprintf(res->pin_tmp, sizeof(res->pin_tmp), "%s",
+ pass);
+ gnutls_privkey_set_pin_function(privkey,
+ tmp_pin_cb,
+ res->pin_tmp);
+ }
+
+ ret =
+ gnutls_privkey_import_x509_raw(privkey, &tmp, type,
+ pass, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = certificate_credentials_append_pkey(res, privkey);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_privkey_deinit(privkey);
+ return ret;
+ }
+
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ return 0;
}
/* Reads a private key from a token.
*/
static int
-read_key_url (gnutls_certificate_credentials_t res, const char *url)
+read_key_url(gnutls_certificate_credentials_t res, const char *url)
{
- int ret;
- gnutls_privkey_t pkey = NULL;
-
- /* allocate space for the pkey list
- */
- ret = gnutls_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (res->pin.cb)
- gnutls_privkey_set_pin_function(pkey, res->pin.cb, res->pin.data);
-
- ret = gnutls_privkey_import_url (pkey, url, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credentials_append_pkey (res, pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- if (pkey)
- gnutls_privkey_deinit (pkey);
-
- return ret;
+ int ret;
+ gnutls_privkey_t pkey = NULL;
+
+ /* allocate space for the pkey list
+ */
+ ret = gnutls_privkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (res->pin.cb)
+ gnutls_privkey_set_pin_function(pkey, res->pin.cb,
+ res->pin.data);
+
+ ret = gnutls_privkey_import_url(pkey, url, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = certificate_credentials_append_pkey(res, pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ if (pkey)
+ gnutls_privkey_deinit(pkey);
+
+ return ret;
}
#ifdef ENABLE_PKCS11
static int
-read_cas_url (gnutls_certificate_credentials_t res, const char *url)
+read_cas_url(gnutls_certificate_credentials_t res, const char *url)
{
- int ret;
- gnutls_x509_crt_t *xcrt_list = NULL;
- gnutls_pkcs11_obj_t *pcrt_list = NULL;
- unsigned int pcrt_list_size = 0;
-
- /* FIXME: should we use login? */
- ret =
- gnutls_pkcs11_obj_list_import_url (NULL, &pcrt_list_size, url,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (pcrt_list_size == 0)
- {
- gnutls_assert ();
- return 0;
- }
-
- pcrt_list = gnutls_malloc (sizeof (*pcrt_list) * pcrt_list_size);
- if (pcrt_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret =
- gnutls_pkcs11_obj_list_import_url (pcrt_list, &pcrt_list_size, url,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- xcrt_list = gnutls_malloc (sizeof (*xcrt_list) * pcrt_list_size);
- if (xcrt_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret =
- gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list,
- 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(res->tlist, xcrt_list, pcrt_list_size, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
-cleanup:
- gnutls_free (xcrt_list);
- gnutls_free (pcrt_list);
-
- return ret;
+ int ret;
+ gnutls_x509_crt_t *xcrt_list = NULL;
+ gnutls_pkcs11_obj_t *pcrt_list = NULL;
+ unsigned int pcrt_list_size = 0;
+
+ /* FIXME: should we use login? */
+ ret =
+ gnutls_pkcs11_obj_list_import_url(NULL, &pcrt_list_size, url,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
+ 0);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (pcrt_list_size == 0) {
+ gnutls_assert();
+ return 0;
+ }
+
+ pcrt_list = gnutls_malloc(sizeof(*pcrt_list) * pcrt_list_size);
+ if (pcrt_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url(pcrt_list, &pcrt_list_size,
+ url,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ xcrt_list = gnutls_malloc(sizeof(*xcrt_list) * pcrt_list_size);
+ if (xcrt_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size,
+ pcrt_list, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_cas(res->tlist, xcrt_list,
+ pcrt_list_size, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cleanup:
+ gnutls_free(xcrt_list);
+ gnutls_free(pcrt_list);
+
+ return ret;
}
@@ -821,108 +812,101 @@ cleanup:
/* Reads a certificate key from a token.
*/
static int
-read_cert_url (gnutls_certificate_credentials_t res, const char *url)
+read_cert_url(gnutls_certificate_credentials_t res, const char *url)
{
- int ret;
- gnutls_x509_crt_t crt;
- gnutls_pcert_st *ccert;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- ccert = gnutls_malloc (sizeof (*ccert));
- if (ccert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (res->pin.cb)
- gnutls_x509_crt_set_pin_function(crt, res->pin.cb, res->pin.data);
-
- ret = gnutls_x509_crt_import_pkcs11_url (crt, url, 0);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- ret =
- gnutls_x509_crt_import_pkcs11_url (crt, url,
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
-
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (crt);
- goto cleanup;
- }
-
- ret = get_x509_name(crt, &names);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (crt);
- goto cleanup;
- }
-
- ret = gnutls_pcert_import_x509 (ccert, crt, 0);
- gnutls_x509_crt_deinit (crt);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credential_append_crt_list (res, names, ccert, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- _gnutls_str_array_clear(&names);
- gnutls_free (ccert);
- return ret;
+ int ret;
+ gnutls_x509_crt_t crt;
+ gnutls_pcert_st *ccert;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ ccert = gnutls_malloc(sizeof(*ccert));
+ if (ccert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (res->pin.cb)
+ gnutls_x509_crt_set_pin_function(crt, res->pin.cb,
+ res->pin.data);
+
+ ret = gnutls_x509_crt_import_pkcs11_url(crt, url, 0);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ ret =
+ gnutls_x509_crt_import_pkcs11_url(crt, url,
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ goto cleanup;
+ }
+
+ ret = get_x509_name(crt, &names);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ goto cleanup;
+ }
+
+ ret = gnutls_pcert_import_x509(ccert, crt, 0);
+ gnutls_x509_crt_deinit(crt);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = certificate_credential_append_crt_list(res, names, ccert, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_str_array_clear(&names);
+ gnutls_free(ccert);
+ return ret;
}
#else
-# define read_cert_url(x,y) gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)
-# define read_cas_url(x,y) gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)
+#define read_cert_url(x,y) gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)
+#define read_cas_url(x,y) gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)
#endif
/* Reads a certificate file
*/
static int
-read_cert_file (gnutls_certificate_credentials_t res,
- const char *certfile, gnutls_x509_crt_fmt_t type)
+read_cert_file(gnutls_certificate_credentials_t res,
+ const char *certfile, gnutls_x509_crt_fmt_t type)
{
- int ret;
- size_t size;
- char *data;
+ int ret;
+ size_t size;
+ char *data;
- if (strncmp (certfile, "pkcs11:", 7) == 0)
- {
- return read_cert_url (res, certfile);
- }
+ if (strncmp(certfile, "pkcs11:", 7) == 0) {
+ return read_cert_url(res, certfile);
+ }
- data = read_binary_file (certfile, &size);
+ data = read_binary_file(certfile, &size);
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
- ret = read_cert_mem (res, data, size, type);
- free (data);
+ ret = read_cert_mem(res, data, size, type);
+ free(data);
- return ret;
+ return ret;
}
@@ -932,34 +916,34 @@ read_cert_file (gnutls_certificate_credentials_t res,
* stores it).
*/
static int
-read_key_file (gnutls_certificate_credentials_t res,
- const char *keyfile, gnutls_x509_crt_fmt_t type, const char* pass,
- unsigned int flags)
+read_key_file(gnutls_certificate_credentials_t res,
+ const char *keyfile, gnutls_x509_crt_fmt_t type,
+ const char *pass, unsigned int flags)
{
- int ret;
- size_t size;
- char *data;
-
- if (_gnutls_url_is_known(keyfile))
- {
- if (gnutls_url_is_supported(keyfile))
- return read_key_url (res, keyfile);
- else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
-
- data = read_binary_file (keyfile, &size);
-
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- ret = read_key_mem (res, data, size, type, pass, flags);
- free (data);
-
- return ret;
+ int ret;
+ size_t size;
+ char *data;
+
+ if (_gnutls_url_is_known(keyfile)) {
+ if (gnutls_url_is_supported(keyfile))
+ return read_key_url(res, keyfile);
+ else
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ data = read_binary_file(keyfile, &size);
+
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ret = read_key_mem(res, data, size, type, pass, flags);
+ free(data);
+
+ return ret;
}
/**
@@ -987,12 +971,13 @@ read_key_file (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
-gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_x509_crt_fmt_t type)
{
- return gnutls_certificate_set_x509_key_mem2(res, cert, key, type, NULL, 0);
+ return gnutls_certificate_set_x509_key_mem2(res, cert, key, type,
+ NULL, 0);
}
/**
@@ -1022,137 +1007,137 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
-gnutls_certificate_set_x509_key_mem2 (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_x509_crt_fmt_t type,
- const char* pass,
- unsigned int flags)
+gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_x509_crt_fmt_t type,
+ const char *pass, unsigned int flags)
{
- int ret;
+ int ret;
- /* this should be first
- */
- if ((ret = read_key_mem (res, key ? key->data : NULL,
- key ? key->size : 0, type, pass, flags)) < 0)
- return ret;
+ /* this should be first
+ */
+ if ((ret = read_key_mem(res, key ? key->data : NULL,
+ key ? key->size : 0, type, pass,
+ flags)) < 0)
+ return ret;
- if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0)
- return ret;
+ if ((ret = read_cert_mem(res, cert->data, cert->size, type)) < 0)
+ return ret;
- res->ncerts++;
+ res->ncerts++;
- if (key && (ret = _gnutls_check_key_cert_match (res)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (key && (ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
static int check_if_sorted(gnutls_pcert_st * crt, int nr)
{
-gnutls_x509_crt_t x509;
-char prev_dn[MAX_DN];
-char dn[MAX_DN];
-size_t prev_dn_size, dn_size;
-int i, ret;
-
- /* check if the X.509 list is ordered */
- if (nr > 1 && crt[0].type == GNUTLS_CRT_X509)
- {
-
- for (i=0;i<nr;i++)
- {
- ret = gnutls_x509_crt_init(&x509);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_crt_import(x509, &crt[i].cert, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- if (i>0)
- {
- dn_size = sizeof(dn);
- ret = gnutls_x509_crt_get_dn(x509, dn, &dn_size);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- if (dn_size != prev_dn_size || memcmp(dn, prev_dn, dn_size) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
- goto cleanup;
- }
- }
-
- prev_dn_size = sizeof(prev_dn);
- ret = gnutls_x509_crt_get_issuer_dn(x509, prev_dn, &prev_dn_size);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- gnutls_x509_crt_deinit(x509);
- }
- }
-
- return 0;
-
-cleanup:
- gnutls_x509_crt_deinit(x509);
- return ret;
+ gnutls_x509_crt_t x509;
+ char prev_dn[MAX_DN];
+ char dn[MAX_DN];
+ size_t prev_dn_size, dn_size;
+ int i, ret;
+
+ /* check if the X.509 list is ordered */
+ if (nr > 1 && crt[0].type == GNUTLS_CRT_X509) {
+
+ for (i = 0; i < nr; i++) {
+ ret = gnutls_x509_crt_init(&x509);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_crt_import(x509, &crt[i].cert,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ if (i > 0) {
+ dn_size = sizeof(dn);
+ ret =
+ gnutls_x509_crt_get_dn(x509, dn,
+ &dn_size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ if (dn_size != prev_dn_size
+ || memcmp(dn, prev_dn, dn_size) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
+ goto cleanup;
+ }
+ }
+
+ prev_dn_size = sizeof(prev_dn);
+ ret =
+ gnutls_x509_crt_get_issuer_dn(x509, prev_dn,
+ &prev_dn_size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ gnutls_x509_crt_deinit(x509);
+ }
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_x509_crt_deinit(x509);
+ return ret;
}
int
-certificate_credential_append_crt_list (gnutls_certificate_credentials_t res,
- gnutls_str_array_t names, gnutls_pcert_st * crt, int nr)
+certificate_credential_append_crt_list(gnutls_certificate_credentials_t
+ res, gnutls_str_array_t names,
+ gnutls_pcert_st * crt, int nr)
{
-int ret;
+ int ret;
- ret = check_if_sorted(crt, nr);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = check_if_sorted(crt, nr);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- res->certs = gnutls_realloc_fast (res->certs,
- (1 + res->ncerts) *
- sizeof (certs_st));
- if (res->certs == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ res->certs = gnutls_realloc_fast(res->certs,
+ (1 + res->ncerts) *
+ sizeof(certs_st));
+ if (res->certs == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- res->certs[res->ncerts].cert_list = crt;
- res->certs[res->ncerts].cert_list_length = nr;
- res->certs[res->ncerts].names = names;
+ res->certs[res->ncerts].cert_list = crt;
+ res->certs[res->ncerts].cert_list_length = nr;
+ res->certs[res->ncerts].names = names;
- return 0;
+ return 0;
}
int
-certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
- gnutls_privkey_t pkey)
+certificate_credentials_append_pkey(gnutls_certificate_credentials_t res,
+ gnutls_privkey_t pkey)
{
- res->pkey = gnutls_realloc_fast (res->pkey,
- (1 + res->ncerts) *
- sizeof (gnutls_privkey_t));
- if (res->pkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- res->pkey[res->ncerts] = pkey;
- return 0;
+ res->pkey = gnutls_realloc_fast(res->pkey,
+ (1 + res->ncerts) *
+ sizeof(gnutls_privkey_t));
+ if (res->pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ res->pkey[res->ncerts] = pkey;
+ return 0;
}
@@ -1175,86 +1160,84 @@ certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
* Since: 2.4.0
**/
int
-gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
- gnutls_x509_crt_t * cert_list,
- int cert_list_size,
- gnutls_x509_privkey_t key)
+gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key)
{
- int ret, i;
- gnutls_privkey_t pkey;
- gnutls_pcert_st *pcerts = NULL;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- /* this should be first
- */
- ret = gnutls_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (res->pin.cb)
- gnutls_privkey_set_pin_function(pkey, res->pin.cb, res->pin.data);
-
- ret = gnutls_privkey_import_x509 (pkey, key, GNUTLS_PRIVKEY_IMPORT_COPY);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = certificate_credentials_append_pkey (res, pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* load certificates */
- pcerts = gnutls_malloc (sizeof (gnutls_pcert_st) * cert_list_size);
- if (pcerts == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = get_x509_name(cert_list[0], &names);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < cert_list_size; i++)
- {
- ret = gnutls_pcert_import_x509 (&pcerts[i], cert_list[i], 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret = certificate_credential_append_crt_list (res, names, pcerts, cert_list_size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- res->ncerts++;
-
- if ((ret = _gnutls_check_key_cert_match (res)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-cleanup:
- _gnutls_str_array_clear(&names);
- return ret;
+ int ret, i;
+ gnutls_privkey_t pkey;
+ gnutls_pcert_st *pcerts = NULL;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ /* this should be first
+ */
+ ret = gnutls_privkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (res->pin.cb)
+ gnutls_privkey_set_pin_function(pkey, res->pin.cb,
+ res->pin.data);
+
+ ret =
+ gnutls_privkey_import_x509(pkey, key,
+ GNUTLS_PRIVKEY_IMPORT_COPY);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = certificate_credentials_append_pkey(res, pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* load certificates */
+ pcerts = gnutls_malloc(sizeof(gnutls_pcert_st) * cert_list_size);
+ if (pcerts == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = get_x509_name(cert_list[0], &names);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < cert_list_size; i++) {
+ ret =
+ gnutls_pcert_import_x509(&pcerts[i], cert_list[i], 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ certificate_credential_append_crt_list(res, names, pcerts,
+ cert_list_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ res->ncerts++;
+
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_str_array_clear(&names);
+ return ret;
}
/**
@@ -1282,61 +1265,60 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_certificate_set_key (gnutls_certificate_credentials_t res,
- const char** names,
- int names_size,
- gnutls_pcert_st * pcert_list,
- int pcert_list_size,
- gnutls_privkey_t key)
+gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
+ const char **names,
+ int names_size,
+ gnutls_pcert_st * pcert_list,
+ int pcert_list_size, gnutls_privkey_t key)
{
- int ret, i;
- gnutls_str_array_t str_names;
-
- _gnutls_str_array_init(&str_names);
-
- if (names != NULL && names_size > 0)
- {
- for (i=0;i<names_size;i++)
- {
- ret = _gnutls_str_array_append(&str_names, names[i], strlen(names[i]));
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
- }
- }
-
- if (res->pin.cb)
- gnutls_privkey_set_pin_function(key, res->pin.cb, res->pin.data);
-
- ret = certificate_credentials_append_pkey (res, key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credential_append_crt_list (res, str_names, pcert_list, pcert_list_size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- res->ncerts++;
-
- if ((ret = _gnutls_check_key_cert_match (res)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-cleanup:
- _gnutls_str_array_clear(&str_names);
- return ret;
+ int ret, i;
+ gnutls_str_array_t str_names;
+
+ _gnutls_str_array_init(&str_names);
+
+ if (names != NULL && names_size > 0) {
+ for (i = 0; i < names_size; i++) {
+ ret =
+ _gnutls_str_array_append(&str_names, names[i],
+ strlen(names[i]));
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ }
+ }
+
+ if (res->pin.cb)
+ gnutls_privkey_set_pin_function(key, res->pin.cb,
+ res->pin.data);
+
+ ret = certificate_credentials_append_pkey(res, key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ certificate_credential_append_crt_list(res, str_names,
+ pcert_list,
+ pcert_list_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ res->ncerts++;
+
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_str_array_clear(&str_names);
+ return ret;
}
/**
@@ -1356,13 +1338,13 @@ cleanup:
* Since: 3.2.2
**/
void
-gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res,
- gnutls_x509_trust_list_t tlist,
- unsigned flags)
+gnutls_certificate_set_trust_list(gnutls_certificate_credentials_t res,
+ gnutls_x509_trust_list_t tlist,
+ unsigned flags)
{
- gnutls_x509_trust_list_deinit(res->tlist, 1);
+ gnutls_x509_trust_list_deinit(res->tlist, 1);
- res->tlist = tlist;
+ res->tlist = tlist;
}
@@ -1392,12 +1374,14 @@ gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
-gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res,
- const char *certfile,
- const char *keyfile,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t res,
+ const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type)
{
- return gnutls_certificate_set_x509_key_file2(res, certfile, keyfile, type, NULL, 0);
+ return gnutls_certificate_set_x509_key_file2(res, certfile,
+ keyfile, type, NULL,
+ 0);
}
/**
@@ -1428,235 +1412,229 @@ gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
-gnutls_certificate_set_x509_key_file2 (gnutls_certificate_credentials_t res,
- const char *certfile,
- const char *keyfile,
- gnutls_x509_crt_fmt_t type,
- const char* pass,
- unsigned int flags)
+gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t res,
+ const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type,
+ const char *pass, unsigned int flags)
{
- int ret;
+ int ret;
- /* this should be first
- */
- if ((ret = read_key_file (res, keyfile, type, pass, flags)) < 0)
- return ret;
+ /* this should be first
+ */
+ if ((ret = read_key_file(res, keyfile, type, pass, flags)) < 0)
+ return ret;
- if ((ret = read_cert_file (res, certfile, type)) < 0)
- return ret;
+ if ((ret = read_cert_file(res, certfile, type)) < 0)
+ return ret;
- res->ncerts++;
+ res->ncerts++;
- if ((ret = _gnutls_check_key_cert_match (res)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
static int
-add_new_crt_to_rdn_seq (gnutls_certificate_credentials_t res, gnutls_x509_crt_t* crts,
- unsigned int crt_size)
+add_new_crt_to_rdn_seq(gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * crts, unsigned int crt_size)
{
- gnutls_datum_t tmp;
- int ret;
- size_t newsize;
- unsigned char *newdata, *p;
- unsigned i;
-
- /* Add DN of the last added CAs to the RDN sequence
- * This will be sent to clients when a certificate
- * request message is sent.
- */
-
- /* FIXME: in case of a client it is not needed
- * to do that. This would save time and memory.
- * However we don't have that information available
- * here.
- * Further, this function is now much more efficient,
- * so optimizing that is less important.
- */
-
- for (i = 0; i < crt_size; i++)
- {
- if ((ret = gnutls_x509_crt_get_raw_dn (crts[i], &tmp)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- newsize = res->x509_rdn_sequence.size + 2 + tmp.size;
- if (newsize < res->x509_rdn_sequence.size)
- {
- gnutls_assert ();
- _gnutls_free_datum (&tmp);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- newdata = gnutls_realloc_fast (res->x509_rdn_sequence.data, newsize);
- if (newdata == NULL)
- {
- gnutls_assert ();
- _gnutls_free_datum (&tmp);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p = newdata + res->x509_rdn_sequence.size;
- _gnutls_write_uint16 (tmp.size, p);
- if (tmp.data != NULL)
- memcpy (p+2, tmp.data, tmp.size);
-
- _gnutls_free_datum (&tmp);
-
- res->x509_rdn_sequence.size = newsize;
- res->x509_rdn_sequence.data = newdata;
- }
-
- return 0;
+ gnutls_datum_t tmp;
+ int ret;
+ size_t newsize;
+ unsigned char *newdata, *p;
+ unsigned i;
+
+ /* Add DN of the last added CAs to the RDN sequence
+ * This will be sent to clients when a certificate
+ * request message is sent.
+ */
+
+ /* FIXME: in case of a client it is not needed
+ * to do that. This would save time and memory.
+ * However we don't have that information available
+ * here.
+ * Further, this function is now much more efficient,
+ * so optimizing that is less important.
+ */
+
+ for (i = 0; i < crt_size; i++) {
+ if ((ret = gnutls_x509_crt_get_raw_dn(crts[i], &tmp)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ newsize = res->x509_rdn_sequence.size + 2 + tmp.size;
+ if (newsize < res->x509_rdn_sequence.size) {
+ gnutls_assert();
+ _gnutls_free_datum(&tmp);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ newdata =
+ gnutls_realloc_fast(res->x509_rdn_sequence.data,
+ newsize);
+ if (newdata == NULL) {
+ gnutls_assert();
+ _gnutls_free_datum(&tmp);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p = newdata + res->x509_rdn_sequence.size;
+ _gnutls_write_uint16(tmp.size, p);
+ if (tmp.data != NULL)
+ memcpy(p + 2, tmp.data, tmp.size);
+
+ _gnutls_free_datum(&tmp);
+
+ res->x509_rdn_sequence.size = newsize;
+ res->x509_rdn_sequence.data = newdata;
+ }
+
+ return 0;
}
/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this
* certificate (uses the KeyUsage field).
*/
int
-_gnutls_check_key_usage (const gnutls_pcert_st* cert, gnutls_kx_algorithm_t alg)
+_gnutls_check_key_usage(const gnutls_pcert_st * cert,
+ gnutls_kx_algorithm_t alg)
{
- unsigned int key_usage = 0;
- int encipher_type;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (_gnutls_map_kx_get_cred (alg, 1) == GNUTLS_CRD_CERTIFICATE ||
- _gnutls_map_kx_get_cred (alg, 0) == GNUTLS_CRD_CERTIFICATE)
- {
-
- gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
-
- encipher_type = _gnutls_kx_encipher_type (alg);
-
- if (key_usage != 0 && encipher_type != CIPHER_IGN)
- {
- /* If key_usage has been set in the certificate
- */
-
- if (encipher_type == CIPHER_ENCRYPT)
- {
- /* If the key exchange method requires an encipher
- * type algorithm, and key's usage does not permit
- * encipherment, then fail.
- */
- if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT))
- {
- gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
- }
-
- if (encipher_type == CIPHER_SIGN)
- {
- /* The same as above, but for sign only keys
- */
- if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
- {
- gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
- }
- }
- }
- return 0;
+ unsigned int key_usage = 0;
+ int encipher_type;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (_gnutls_map_kx_get_cred(alg, 1) == GNUTLS_CRD_CERTIFICATE ||
+ _gnutls_map_kx_get_cred(alg, 0) == GNUTLS_CRD_CERTIFICATE) {
+
+ gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
+
+ encipher_type = _gnutls_kx_encipher_type(alg);
+
+ if (key_usage != 0 && encipher_type != CIPHER_IGN) {
+ /* If key_usage has been set in the certificate
+ */
+
+ if (encipher_type == CIPHER_ENCRYPT) {
+ /* If the key exchange method requires an encipher
+ * type algorithm, and key's usage does not permit
+ * encipherment, then fail.
+ */
+ if (!
+ (key_usage &
+ GNUTLS_KEY_KEY_ENCIPHERMENT)) {
+ gnutls_assert();
+ return
+ GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
+
+ if (encipher_type == CIPHER_SIGN) {
+ /* The same as above, but for sign only keys
+ */
+ if (!
+ (key_usage &
+ GNUTLS_KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ return
+ GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
+ }
+ }
+ return 0;
}
static int
-parse_pem_ca_mem (gnutls_certificate_credentials_t res,
- const uint8_t * input_cert, int input_cert_size)
+parse_pem_ca_mem(gnutls_certificate_credentials_t res,
+ const uint8_t * input_cert, int input_cert_size)
{
- gnutls_x509_crt_t *x509_cert_list;
- unsigned int x509_ncerts;
- gnutls_datum_t tmp;
- int ret;
-
- tmp.data = (void*)input_cert;
- tmp.size = input_cert_size;
-
- ret = gnutls_x509_crt_list_import2( &x509_cert_list, &x509_ncerts, &tmp,
- GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- if ((ret = add_new_crt_to_rdn_seq (res, x509_cert_list, x509_ncerts)) < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(res->tlist, x509_cert_list, x509_ncerts, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
-cleanup:
- gnutls_free(x509_cert_list);
- return ret;
+ gnutls_x509_crt_t *x509_cert_list;
+ unsigned int x509_ncerts;
+ gnutls_datum_t tmp;
+ int ret;
+
+ tmp.data = (void *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret =
+ gnutls_x509_crt_list_import2(&x509_cert_list, &x509_ncerts,
+ &tmp, GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((ret =
+ add_new_crt_to_rdn_seq(res, x509_cert_list,
+ x509_ncerts)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_cas(res->tlist, x509_cert_list,
+ x509_ncerts, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cleanup:
+ gnutls_free(x509_cert_list);
+ return ret;
}
/* Reads a DER encoded certificate list from memory and stores it to a
* gnutls_cert structure. Returns the number of certificates parsed.
*/
static int
-parse_der_ca_mem (gnutls_certificate_credentials_t res,
- const void *input_cert, int input_cert_size)
+parse_der_ca_mem(gnutls_certificate_credentials_t res,
+ const void *input_cert, int input_cert_size)
{
- gnutls_x509_crt_t crt;
- gnutls_datum_t tmp;
- int ret;
-
- tmp.data = (void*)input_cert;
- tmp.size = input_cert_size;
-
- ret = gnutls_x509_crt_init( &crt);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_crt_import( crt, &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if ((ret = add_new_crt_to_rdn_seq (res, &crt, 1)) < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(res->tlist, &crt, 1, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- gnutls_x509_crt_deinit(crt);
- return ret;
+ gnutls_x509_crt_t crt;
+ gnutls_datum_t tmp;
+ int ret;
+
+ tmp.data = (void *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_import(crt, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret = add_new_crt_to_rdn_seq(res, &crt, 1)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_trust_list_add_cas(res->tlist, &crt, 1, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ gnutls_x509_crt_deinit(crt);
+ return ret;
}
/**
@@ -1679,23 +1657,21 @@ cleanup:
* on error.
**/
int
-gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * ca,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * ca,
+ gnutls_x509_crt_fmt_t type)
{
- int ret;
+ int ret;
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_ca_mem (res,
- ca->data, ca->size);
- else
- ret = parse_pem_ca_mem (res,
- ca->data, ca->size);
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_ca_mem(res, ca->data, ca->size);
+ else
+ ret = parse_pem_ca_mem(res, ca->data, ca->size);
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
- return 0;
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
+ return 0;
- return ret;
+ return ret;
}
/**
@@ -1720,50 +1696,48 @@ gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res,
* Since: 2.4.0
**/
int
-gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
- gnutls_x509_crt_t * ca_list,
- int ca_list_size)
+gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * ca_list,
+ int ca_list_size)
{
- int ret, i, j;
- gnutls_x509_crt_t new_list[ca_list_size];
-
- for (i = 0; i < ca_list_size; i++)
- {
- ret = gnutls_x509_crt_init (&new_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_x509_crt_cpy (new_list[i], ca_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- if ((ret = add_new_crt_to_rdn_seq (res, new_list, ca_list_size)) < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(res->tlist, new_list, ca_list_size, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- for (j=0;j<i;i++)
- gnutls_x509_crt_deinit(new_list[j]);
-
- return ret;
+ int ret, i, j;
+ gnutls_x509_crt_t new_list[ca_list_size];
+
+ for (i = 0; i < ca_list_size; i++) {
+ ret = gnutls_x509_crt_init(&new_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crt_cpy(new_list[i], ca_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ if ((ret =
+ add_new_crt_to_rdn_seq(res, new_list, ca_list_size)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_cas(res->tlist, new_list,
+ ca_list_size, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ for (j = 0; j < i; i++)
+ gnutls_x509_crt_deinit(new_list[j]);
+
+ return ret;
}
@@ -1791,39 +1765,36 @@ cleanup:
* error.
**/
int
-gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t cred,
- const char *cafile,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t
+ cred, const char *cafile,
+ gnutls_x509_crt_fmt_t type)
{
- int ret;
- gnutls_datum_t cas;
- size_t size;
+ int ret;
+ gnutls_datum_t cas;
+ size_t size;
- if (strncmp (cafile, "pkcs11:", 7) == 0)
- {
- return read_cas_url (cred, cafile);
- }
+ if (strncmp(cafile, "pkcs11:", 7) == 0) {
+ return read_cas_url(cred, cafile);
+ }
- cas.data = (void*)read_binary_file (cafile, &size);
- if (cas.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
+ cas.data = (void *) read_binary_file(cafile, &size);
+ if (cas.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
- cas.size = size;
+ cas.size = size;
- ret = gnutls_certificate_set_x509_trust_mem(cred, &cas, type);
+ ret = gnutls_certificate_set_x509_trust_mem(cred, &cas, type);
- free (cas.data);
+ free(cas.data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return ret;
+ return ret;
}
/**
@@ -1842,83 +1813,82 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t cred,
* Since: 3.0
**/
int
-gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred)
+gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t
+ cred)
{
- return gnutls_x509_trust_list_add_system_trust(cred->tlist, 0, 0);
+ return gnutls_x509_trust_list_add_system_trust(cred->tlist, 0, 0);
}
static int
-parse_pem_crl_mem (gnutls_x509_trust_list_t tlist,
- const char * input_crl, unsigned int input_crl_size)
+parse_pem_crl_mem(gnutls_x509_trust_list_t tlist,
+ const char *input_crl, unsigned int input_crl_size)
{
- gnutls_x509_crl_t *x509_crl_list;
- unsigned int x509_ncrls;
- gnutls_datum_t tmp;
- int ret;
-
- tmp.data = (void*)input_crl;
- tmp.size = input_crl_size;
-
- ret = gnutls_x509_crl_list_import2( &x509_crl_list, &x509_ncrls, &tmp,
- GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_trust_list_add_crls(tlist, x509_crl_list, x509_ncrls, 0, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
-cleanup:
- gnutls_free(x509_crl_list);
- return ret;
+ gnutls_x509_crl_t *x509_crl_list;
+ unsigned int x509_ncrls;
+ gnutls_datum_t tmp;
+ int ret;
+
+ tmp.data = (void *) input_crl;
+ tmp.size = input_crl_size;
+
+ ret =
+ gnutls_x509_crl_list_import2(&x509_crl_list, &x509_ncrls, &tmp,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_crls(tlist, x509_crl_list,
+ x509_ncrls, 0, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cleanup:
+ gnutls_free(x509_crl_list);
+ return ret;
}
/* Reads a DER encoded certificate list from memory and stores it to a
* gnutls_cert structure. Returns the number of certificates parsed.
*/
static int
-parse_der_crl_mem (gnutls_x509_trust_list_t tlist,
- const void *input_crl, unsigned int input_crl_size)
+parse_der_crl_mem(gnutls_x509_trust_list_t tlist,
+ const void *input_crl, unsigned int input_crl_size)
{
- gnutls_x509_crl_t crl;
- gnutls_datum_t tmp;
- int ret;
-
- tmp.data = (void*)input_crl;
- tmp.size = input_crl_size;
-
- ret = gnutls_x509_crl_init( &crl);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_crl_import( crl, &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_crls(tlist, &crl, 1, 0, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- gnutls_x509_crl_deinit(crl);
- return ret;
+ gnutls_x509_crl_t crl;
+ gnutls_datum_t tmp;
+ int ret;
+
+ tmp.data = (void *) input_crl;
+ tmp.size = input_crl_size;
+
+ ret = gnutls_x509_crl_init(&crl);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_x509_crl_import(crl, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_trust_list_add_crls(tlist, &crl, 1, 0, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ gnutls_x509_crl_deinit(crl);
+ return ret;
}
@@ -1926,22 +1896,21 @@ cleanup:
/* Reads a DER or PEM CRL from memory
*/
static int
-read_crl_mem (gnutls_certificate_credentials_t res, const void *crl,
- int crl_size, gnutls_x509_crt_fmt_t type)
+read_crl_mem(gnutls_certificate_credentials_t res, const void *crl,
+ int crl_size, gnutls_x509_crt_fmt_t type)
{
- int ret;
+ int ret;
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_crl_mem (res->tlist, crl, crl_size);
- else
- ret = parse_pem_crl_mem (res->tlist, crl, crl_size);
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_crl_mem(res->tlist, crl, crl_size);
+ else
+ ret = parse_pem_crl_mem(res->tlist, crl, crl_size);
- if (ret < 0)
- {
- gnutls_assert ();
- }
+ if (ret < 0) {
+ gnutls_assert();
+ }
- return ret;
+ return ret;
}
/**
@@ -1959,11 +1928,11 @@ read_crl_mem (gnutls_certificate_credentials_t res, const void *crl,
* Returns: number of CRLs processed, or a negative error code on error.
**/
int
-gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * CRL,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * CRL,
+ gnutls_x509_crt_fmt_t type)
{
- return read_crl_mem (res, CRL->data, CRL->size, type);
+ return read_crl_mem(res, CRL->data, CRL->size, type);
}
/**
@@ -1983,44 +1952,42 @@ gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res,
* Since: 2.4.0
**/
int
-gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
- gnutls_x509_crl_t * crl_list,
- int crl_list_size)
+gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res,
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size)
{
- int ret, i, j;
- gnutls_x509_crl_t new_crl[crl_list_size];
-
- for (i = 0; i < crl_list_size; i++)
- {
- ret = gnutls_x509_crl_init (&new_crl[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_x509_crl_cpy (new_crl[i], crl_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret = gnutls_x509_trust_list_add_crls(res->tlist, new_crl, crl_list_size, 0, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- for (j=0;j<i;j++)
- gnutls_x509_crl_deinit(new_crl[j]);
-
- return ret;
+ int ret, i, j;
+ gnutls_x509_crl_t new_crl[crl_list_size];
+
+ for (i = 0; i < crl_list_size; i++) {
+ ret = gnutls_x509_crl_init(&new_crl[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crl_cpy(new_crl[i], crl_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_crls(res->tlist, new_crl,
+ crl_list_size, 0, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ for (j = 0; j < i; j++)
+ gnutls_x509_crl_deinit(new_crl[j]);
+
+ return ret;
}
/**
@@ -2038,34 +2005,32 @@ cleanup:
* Returns: number of CRLs processed or a negative error code on error.
**/
int
-gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res,
- const char *crlfile,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t res,
+ const char *crlfile,
+ gnutls_x509_crt_fmt_t type)
{
- int ret;
- size_t size;
- char *data = (void*)read_binary_file (crlfile, &size);
-
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_crl_mem (res->tlist, data, size);
- else
- ret = parse_pem_crl_mem (res->tlist, data, size);
-
- free (data);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ int ret;
+ size_t size;
+ char *data = (void *) read_binary_file(crlfile, &size);
+
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_crl_mem(res->tlist, data, size);
+ else
+ ret = parse_pem_crl_mem(res->tlist, data, size);
+
+ free(data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
#include <gnutls/pkcs12.h>
@@ -2101,28 +2066,26 @@ gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
- gnutls_certificate_set_x509_simple_pkcs12_file
- (gnutls_certificate_credentials_t res, const char *pkcs12file,
- gnutls_x509_crt_fmt_t type, const char *password)
-{
- gnutls_datum_t p12blob;
- size_t size;
- int ret;
-
- p12blob.data = (void*)read_binary_file (pkcs12file, &size);
- p12blob.size = (unsigned int) size;
- if (p12blob.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- ret =
- gnutls_certificate_set_x509_simple_pkcs12_mem (res, &p12blob, type,
- password);
- free (p12blob.data);
-
- return ret;
+ gnutls_certificate_set_x509_simple_pkcs12_file
+ (gnutls_certificate_credentials_t res, const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type, const char *password) {
+ gnutls_datum_t p12blob;
+ size_t size;
+ int ret;
+
+ p12blob.data = (void *) read_binary_file(pkcs12file, &size);
+ p12blob.size = (unsigned int) size;
+ if (p12blob.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ret =
+ gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob,
+ type, password);
+ free(p12blob.data);
+
+ return ret;
}
/**
@@ -2156,93 +2119,83 @@ int
* Since: 2.8.0
**/
int
- gnutls_certificate_set_x509_simple_pkcs12_mem
- (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
- gnutls_x509_crt_fmt_t type, const char *password)
-{
- gnutls_pkcs12_t p12;
- gnutls_x509_privkey_t key = NULL;
- gnutls_x509_crt_t *chain = NULL;
- gnutls_x509_crl_t crl = NULL;
- unsigned int chain_size = 0, i;
- int ret;
-
- ret = gnutls_pkcs12_init (&p12);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_pkcs12_import (p12, p12blob, type, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_pkcs12_deinit (p12);
- return ret;
- }
-
- if (password)
- {
- ret = gnutls_pkcs12_verify_mac (p12, password);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_pkcs12_deinit (p12);
- return ret;
- }
- }
-
- ret = gnutls_pkcs12_simple_parse (p12, password, &key, &chain, &chain_size,
- NULL, NULL, &crl, 0);
- gnutls_pkcs12_deinit (p12);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (key && chain)
- {
- ret = gnutls_certificate_set_x509_key (res, chain, chain_size, key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto done;
- }
-
- if (crl)
- {
- ret = gnutls_certificate_set_x509_crl (res, &crl, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
-
- ret = 0;
-
-done:
- if (chain)
- {
- for (i=0;i<chain_size;i++)
- gnutls_x509_crt_deinit (chain[i]);
- gnutls_free(chain);
- }
- if (key)
- gnutls_x509_privkey_deinit (key);
- if (crl)
- gnutls_x509_crl_deinit (crl);
-
- return ret;
+ gnutls_certificate_set_x509_simple_pkcs12_mem
+ (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
+ gnutls_x509_crt_fmt_t type, const char *password) {
+ gnutls_pkcs12_t p12;
+ gnutls_x509_privkey_t key = NULL;
+ gnutls_x509_crt_t *chain = NULL;
+ gnutls_x509_crl_t crl = NULL;
+ unsigned int chain_size = 0, i;
+ int ret;
+
+ ret = gnutls_pkcs12_init(&p12);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_pkcs12_import(p12, p12blob, type, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_pkcs12_deinit(p12);
+ return ret;
+ }
+
+ if (password) {
+ ret = gnutls_pkcs12_verify_mac(p12, password);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_pkcs12_deinit(p12);
+ return ret;
+ }
+ }
+
+ ret =
+ gnutls_pkcs12_simple_parse(p12, password, &key, &chain,
+ &chain_size, NULL, NULL, &crl, 0);
+ gnutls_pkcs12_deinit(p12);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (key && chain) {
+ ret =
+ gnutls_certificate_set_x509_key(res, chain, chain_size,
+ key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto done;
+ }
+
+ if (crl) {
+ ret = gnutls_certificate_set_x509_crl(res, &crl, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ }
+
+ ret = 0;
+
+ done:
+ if (chain) {
+ for (i = 0; i < chain_size; i++)
+ gnutls_x509_crt_deinit(chain[i]);
+ gnutls_free(chain);
+ }
+ if (key)
+ gnutls_x509_privkey_deinit(key);
+ if (crl)
+ gnutls_x509_crl_deinit(crl);
+
+ return ret;
}
@@ -2254,11 +2207,10 @@ done:
* This function will delete all the CRLs associated
* with the given credentials.
**/
-void
-gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc)
+void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc)
{
- /* do nothing for now */
- return;
+ /* do nothing for now */
+ return;
}
/**
@@ -2276,11 +2228,12 @@ gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc)
*
* Since: 3.1.0
**/
-void gnutls_certificate_set_pin_function (gnutls_certificate_credentials_t cred,
- gnutls_pin_callback_t fn, void *userdata)
+void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t
+ cred, gnutls_pin_callback_t fn,
+ void *userdata)
{
- cred->pin.cb = fn;
- cred->pin.data = userdata;
+ cred->pin.cb = fn;
+ cred->pin.data = userdata;
}
/**
@@ -2295,28 +2248,25 @@ void gnutls_certificate_set_pin_function (gnutls_certificate_credentials_t cred,
*
* Since: 3.1.0
**/
-int
-gnutls_url_is_supported (const char* url)
+int gnutls_url_is_supported(const char *url)
{
#ifdef ENABLE_PKCS11
- if (strstr(url, "pkcs11:") != NULL)
- return 1;
+ if (strstr(url, "pkcs11:") != NULL)
+ return 1;
#endif
#ifdef HAVE_TROUSERS
- if (strstr(url, "tpmkey:") != NULL)
- return 1;
+ if (strstr(url, "tpmkey:") != NULL)
+ return 1;
#endif
- return 0;
+ return 0;
}
-int
-_gnutls_url_is_known (const char* url)
+int _gnutls_url_is_known(const char *url)
{
- if (strstr(url, "pkcs11:") != NULL)
- return 1;
- else if (strstr(url, "tpmkey:") != NULL)
- return 1;
- else
- return 0;
+ if (strstr(url, "pkcs11:") != NULL)
+ return 1;
+ else if (strstr(url, "tpmkey:") != NULL)
+ return 1;
+ else
+ return 0;
}
-
diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h
index b7c33debfd..ce56385f49 100644
--- a/lib/gnutls_x509.h
+++ b/lib/gnutls_x509.h
@@ -23,20 +23,20 @@
#include <libtasn1.h>
#include <gnutls/abstract.h>
-int _gnutls_x509_cert_verify_peers (gnutls_session_t session,
- const char* hostname,
- unsigned int *status);
+int _gnutls_x509_cert_verify_peers(gnutls_session_t session,
+ const char *hostname,
+ unsigned int *status);
#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE"
#define PEM_CERT_SEP "-----BEGIN CERTIFICATE"
#define PEM_CRL_SEP "-----BEGIN X509 CRL"
-int _gnutls_url_is_known (const char* url);
+int _gnutls_url_is_known(const char *url);
-int _gnutls_check_key_usage (const gnutls_pcert_st* cert,
- gnutls_kx_algorithm_t alg);
+int _gnutls_check_key_usage(const gnutls_pcert_st * cert,
+ gnutls_kx_algorithm_t alg);
-int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey_t * privkey,
- const gnutls_datum_t * raw_key,
- gnutls_x509_crt_fmt_t type);
+int _gnutls_x509_raw_privkey_to_gkey(gnutls_privkey_t * privkey,
+ const gnutls_datum_t * raw_key,
+ gnutls_x509_crt_fmt_t type);
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index d030f0cce5..33767bc249 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -30,8 +30,7 @@
#include <gnutls/tpm.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* Public key operations */
@@ -47,177 +46,209 @@ extern "C"
*
* Enumeration of different certificate import flags.
*/
- typedef enum gnutls_pubkey_flags
- {
- GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA = 1,
- GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1<<2,
- GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1<<3,
- } gnutls_pubkey_flags_t;
-
-typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
- void *userdata,
- const gnutls_datum_t * raw_data,
- gnutls_datum_t * signature);
-typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
- void *userdata,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
-
-typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
- void *userdata);
-
-int gnutls_pubkey_init (gnutls_pubkey_t * key);
-void gnutls_pubkey_deinit (gnutls_pubkey_t key);
-
-void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key,
- gnutls_pin_callback_t fn, void *userdata);
-
-int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits);
-
-int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
- unsigned int flags);
-int gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq,
- unsigned int flags);
-int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
- gnutls_pkcs11_obj_t obj, unsigned int flags);
-int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
- gnutls_openpgp_crt_t crt,
- unsigned int flags);
-
-int gnutls_pubkey_import_openpgp_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags);
-int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags);
-
-int
-gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
- unsigned int usage, unsigned int flags);
-
-int
-gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey,
- const char* url,
- const char *srk_password,
- unsigned int flags);
-
-int
-gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags);
-
-int
-gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- unsigned int flags);
-
-int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand);
-
-int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e);
-int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y);
-int gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
- gnutls_datum_t * x, gnutls_datum_t * y);
-int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* parameters,
- gnutls_datum_t * ecpoint);
-
-int gnutls_pubkey_export (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
-
-int gnutls_pubkey_export2 (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out);
-
-int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
-
-int
-gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size,
- unsigned int *subkey);
-
-int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage);
-int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage);
-
-int gnutls_pubkey_import (gnutls_pubkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
-
-
-int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y);
-int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e);
-
-int
-gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key,
- const gnutls_datum_t * parameters,
- const gnutls_datum_t * ecpoint);
-
-int
-gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y);
-
-int
-gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * plaintext,
- gnutls_datum_t * ciphertext);
-
-int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key);
-
-int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key);
-
-int
-gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature);
-
-int
-gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash);
-
-int
-gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature);
+ typedef enum gnutls_pubkey_flags {
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA = 1,
+ GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1 << 2,
+ GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1 << 3,
+ } gnutls_pubkey_flags_t;
+
+ typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
+ void *userdata,
+ const gnutls_datum_t *
+ raw_data,
+ gnutls_datum_t *
+ signature);
+ typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
+ void *userdata,
+ const gnutls_datum_t *
+ ciphertext,
+ gnutls_datum_t *
+ plaintext);
+
+ typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
+ void *userdata);
+
+ int gnutls_pubkey_init(gnutls_pubkey_t * key);
+ void gnutls_pubkey_deinit(gnutls_pubkey_t key);
+
+ void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata);
+
+ int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key,
+ unsigned int *bits);
+
+ int gnutls_pubkey_import_x509(gnutls_pubkey_t key,
+ gnutls_x509_crt_t crt,
+ unsigned int flags);
+ int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key,
+ gnutls_x509_crq_t crq,
+ unsigned int flags);
+ int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
+ gnutls_pkcs11_obj_t obj,
+ unsigned int flags);
+ int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key,
+ gnutls_openpgp_crt_t crt,
+ unsigned int flags);
+
+ int gnutls_pubkey_import_openpgp_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t
+ format,
+ const gnutls_openpgp_keyid_t
+ keyid, unsigned int flags);
+ int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+
+ int
+ gnutls_pubkey_import_privkey(gnutls_pubkey_t key,
+ gnutls_privkey_t pkey,
+ unsigned int usage,
+ unsigned int flags);
+
+ int
+ gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
+ const char *url,
+ const char *srk_password,
+ unsigned int flags);
+
+ int
+ gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url,
+ unsigned int flags);
+
+ int
+ gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password,
+ unsigned int flags);
+
+ int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int *mand);
+
+ int gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+ int gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+ int gnutls_pubkey_get_pk_ecc_raw(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t * curve,
+ gnutls_datum_t * x,
+ gnutls_datum_t * y);
+ int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key,
+ gnutls_datum_t * parameters,
+ gnutls_datum_t * ecpoint);
+
+ int gnutls_pubkey_export(gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+
+ int gnutls_pubkey_export2(gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_pubkey_get_key_id(gnutls_pubkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+ int
+ gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size,
+ unsigned int *subkey);
+
+ int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key,
+ unsigned int *usage);
+ int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key,
+ unsigned int usage);
+
+ int gnutls_pubkey_import(gnutls_pubkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+
+
+ int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key,
+ const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+ int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y);
+ int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
+
+ int
+ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
+ const gnutls_datum_t * parameters,
+ const gnutls_datum_t * ecpoint);
+
+ int
+ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t curve,
+ const gnutls_datum_t * x,
+ const gnutls_datum_t * y);
+
+ int
+ gnutls_pubkey_encrypt_data(gnutls_pubkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * plaintext,
+ gnutls_datum_t * ciphertext);
+
+ int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt,
+ gnutls_pubkey_t key);
+
+ int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq,
+ gnutls_pubkey_t key);
+
+ int
+ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
+ gnutls_sign_algorithm_t algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature);
+
+ int
+ gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key,
+ const gnutls_datum_t *
+ signature,
+ gnutls_digest_algorithm_t *
+ hash);
+
+ int
+ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
+ gnutls_sign_algorithm_t algo,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature);
/* Private key operations */
-int gnutls_privkey_init (gnutls_privkey_t * key);
-void gnutls_privkey_deinit (gnutls_privkey_t key);
+ int gnutls_privkey_init(gnutls_privkey_t * key);
+ void gnutls_privkey_deinit(gnutls_privkey_t key);
-void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
- gnutls_pin_callback_t fn, void *userdata);
+ void gnutls_privkey_set_pin_function(gnutls_privkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata);
-int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key,
- unsigned int *bits);
-gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
-int gnutls_privkey_status (gnutls_privkey_t key);
+ int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,
+ unsigned int *bits);
+ gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t
+ key);
+ int gnutls_privkey_status(gnutls_privkey_t key);
/**
* gnutls_privkey_flags:
@@ -230,102 +261,109 @@ int gnutls_privkey_status (gnutls_privkey_t key);
*
* Enumeration of different certificate import flags.
*/
- typedef enum gnutls_privkey_flags
- {
- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1,
- GNUTLS_PRIVKEY_IMPORT_COPY = 1<<1,
- GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1<<2,
- GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1<<4,
- } gnutls_privkey_flags_t;
-
-int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t key,
- unsigned int flags);
-int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
- gnutls_x509_privkey_t key,
- unsigned int flags);
-int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t key,
- unsigned int flags);
-
-int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const gnutls_openpgp_keyid_t keyid,
- const char* password);
-
-int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags);
-
-int
-gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- const char *key_password, unsigned int flags);
-
-int
-gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
- const char* url, const char *srk_password, const char *key_password,
- unsigned int flags);
-
-int gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned int flags);
-
-int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url);
-
-int
-gnutls_privkey_import_ext (gnutls_privkey_t pkey,
- gnutls_pk_algorithm_t pk,
- void* userdata,
- gnutls_privkey_sign_func sign_func,
- gnutls_privkey_decrypt_func decrypt_func,
- unsigned int flags);
-
-int
-gnutls_privkey_import_ext2 (gnutls_privkey_t pkey,
- gnutls_pk_algorithm_t pk,
- void* userdata,
- gnutls_privkey_sign_func sign_func,
- gnutls_privkey_decrypt_func decrypt_func,
- gnutls_privkey_deinit_func deinit_func,
- unsigned int flags);
-
-int gnutls_privkey_sign_data (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
-
-int gnutls_privkey_sign_hash (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature);
-
-
-int gnutls_privkey_decrypt_data (gnutls_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
-
-int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
-
-int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
-
-int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
- gnutls_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ typedef enum gnutls_privkey_flags {
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1,
+ GNUTLS_PRIVKEY_IMPORT_COPY = 1 << 1,
+ GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1 << 2,
+ GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1 << 4,
+ } gnutls_privkey_flags_t;
+
+ int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags);
+ int gnutls_privkey_import_x509(gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key,
+ unsigned int flags);
+ int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags);
+
+ int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t
+ format,
+ const gnutls_openpgp_keyid_t
+ keyid, const char *password);
+
+ int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+
+ int
+ gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password,
+ const char *key_password,
+ unsigned int flags);
+
+ int
+ gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
+ const char *url,
+ const char *srk_password,
+ const char *key_password,
+ unsigned int flags);
+
+ int gnutls_privkey_import_url(gnutls_privkey_t key,
+ const char *url, unsigned int flags);
+
+ int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key,
+ const char *url);
+
+ int
+ gnutls_privkey_import_ext(gnutls_privkey_t pkey,
+ gnutls_pk_algorithm_t pk,
+ void *userdata,
+ gnutls_privkey_sign_func sign_func,
+ gnutls_privkey_decrypt_func
+ decrypt_func, unsigned int flags);
+
+ int
+ gnutls_privkey_import_ext2(gnutls_privkey_t pkey,
+ gnutls_pk_algorithm_t pk,
+ void *userdata,
+ gnutls_privkey_sign_func sign_func,
+ gnutls_privkey_decrypt_func
+ decrypt_func,
+ gnutls_privkey_deinit_func deinit_func,
+ unsigned int flags);
+
+ int gnutls_privkey_sign_data(gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
+
+ int gnutls_privkey_sign_hash(gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature);
+
+
+ int gnutls_privkey_decrypt_data(gnutls_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
+
+ int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+ int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+ int gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq,
+ gnutls_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
/**
* gnutls_pcert_st:
@@ -335,88 +373,101 @@ int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
*
* A parsed certificate.
*/
-typedef struct gnutls_pcert_st
-{
- gnutls_pubkey_t pubkey;
- gnutls_datum_t cert;
- gnutls_certificate_type_t type;
-} gnutls_pcert_st;
+ typedef struct gnutls_pcert_st {
+ gnutls_pubkey_t pubkey;
+ gnutls_datum_t cert;
+ gnutls_certificate_type_t type;
+ } gnutls_pcert_st;
/* Do not initialize the "cert" element of
* the certificate */
#define GNUTLS_PCERT_NO_CERT 1
-int gnutls_pcert_import_x509 (gnutls_pcert_st* pcert,
- gnutls_x509_crt_t crt, unsigned int flags);
+ int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
+ gnutls_x509_crt_t crt,
+ unsigned int flags);
-int
-gnutls_pcert_list_import_x509_raw (gnutls_pcert_st * pcerts,
- unsigned int *pcert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
+ int
+ gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
+ unsigned int *pcert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
-int gnutls_pcert_import_x509_raw (gnutls_pcert_st* pcert,
- const gnutls_datum_t* cert,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
+ int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
+ const gnutls_datum_t * cert,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
-int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st* pcert,
- const gnutls_datum_t* cert,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_openpgp_keyid_t keyid, unsigned int flags);
+ int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert,
+ const gnutls_datum_t * cert,
+ gnutls_openpgp_crt_fmt_t
+ format,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flags);
-int gnutls_pcert_import_openpgp (gnutls_pcert_st* pcert,
- gnutls_openpgp_crt_t crt, unsigned int flags);
+ int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert,
+ gnutls_openpgp_crt_t crt,
+ unsigned int flags);
-void gnutls_pcert_deinit (gnutls_pcert_st* pcert);
+ void gnutls_pcert_deinit(gnutls_pcert_st * pcert);
/* For certificate credentials */
- /* This is the same as gnutls_certificate_retrieve_function()
- * but retrieves a gnutls_pcert_st which requires much less processing
- * within the library.
- */
- typedef int gnutls_certificate_retrieve_function2 (gnutls_session_t,
- const gnutls_datum_t *
- req_ca_rdn,
- int nreqs,
- const
- gnutls_pk_algorithm_t
- * pk_algos,
- int pk_algos_length,
- gnutls_pcert_st **,
- unsigned int *pcert_length,
- gnutls_privkey_t *privkey);
-
-
-void gnutls_certificate_set_retrieve_function2 (
- gnutls_certificate_credentials_t cred,
- gnutls_certificate_retrieve_function2 * func);
-
-int
-gnutls_certificate_set_key (gnutls_certificate_credentials_t res,
- const char** names,
- int names_size,
- gnutls_pcert_st * pcert_list,
- int pcert_list_size,
- gnutls_privkey_t key);
+ /* This is the same as gnutls_certificate_retrieve_function()
+ * but retrieves a gnutls_pcert_st which requires much less processing
+ * within the library.
+ */
+ typedef int gnutls_certificate_retrieve_function2(gnutls_session_t,
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs, const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_pcert_st
+ **,
+ unsigned int
+ *pcert_length,
+ gnutls_privkey_t
+ * privkey);
+
+
+ void gnutls_certificate_set_retrieve_function2
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_retrieve_function2 * func);
+
+ int
+ gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
+ const char **names,
+ int names_size,
+ gnutls_pcert_st * pcert_list,
+ int pcert_list_size,
+ gnutls_privkey_t key);
#include <gnutls/compat.h>
-int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
-
-int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
-
-int
-gnutls_pubkey_print (gnutls_pubkey_t pubkey,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
+ int gnutls_pubkey_verify_data(gnutls_pubkey_t pubkey,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t *
+ signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int gnutls_pubkey_verify_hash(gnutls_pubkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t *
+ signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int
+ gnutls_pubkey_print(gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
#ifdef __cplusplus
}
#endif
-
#endif
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 2e829fc9f3..4a330e5bfb 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -26,8 +26,7 @@
#define _GNUTLS_COMPAT_H
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#ifdef __GNUC__
@@ -40,50 +39,84 @@ extern "C"
#endif
#endif
-#endif /* __GNUC__ */
+#endif /* __GNUC__ */
#ifndef _GNUTLS_GCC_ATTR_DEPRECATED
#define _GNUTLS_GCC_ATTR_DEPRECATED
#endif
/* gnutls_connection_end_t was made redundant in 2.99.0 */
-typedef unsigned int gnutls_connection_end_t _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef unsigned int gnutls_connection_end_t
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* Stuff deprected in 2.x */
-typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_kx_algorithm_t gnutls_kx_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_mac_algorithm_t gnutls_mac_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_digest_algorithm_t gnutls_digest_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_compression_method_t gnutls_compression_method _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_connection_end_t gnutls_connection_end _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_crt_fmt_t gnutls_x509_crt_fmt _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_pk_algorithm_t gnutls_pk_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_sign_algorithm_t gnutls_sign_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_close_request_t gnutls_close_request _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_certificate_request_t gnutls_certificate_request _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_certificate_status_t gnutls_certificate_status _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_alert_level_t gnutls_alert_level _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_alert_description_t gnutls_alert_description _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_subject_alt_name_t gnutls_x509_subject_alt_name _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_openpgp_privkey_t gnutls_openpgp_privkey _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_openpgp_keyring_t gnutls_openpgp_keyring _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_privkey_t gnutls_x509_privkey _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_crl_t gnutls_x509_crl _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_crq_t gnutls_x509_crq _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_certificate_credentials_t gnutls_certificate_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_anon_server_credentials_t gnutls_anon_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_anon_client_credentials_t gnutls_anon_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_srp_client_credentials_t gnutls_srp_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_srp_server_credentials_t gnutls_srp_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_dh_params_t gnutls_dh_params _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_rsa_params_t gnutls_rsa_params _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_params_type_t gnutls_params_type _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_credentials_type_t gnutls_credentials_type _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_certificate_type_t gnutls_certificate_type _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_transport_ptr_t gnutls_transport_ptr _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_kx_algorithm_t gnutls_kx_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_mac_algorithm_t gnutls_mac_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_digest_algorithm_t gnutls_digest_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_compression_method_t gnutls_compression_method
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_connection_end_t gnutls_connection_end
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_crt_fmt_t gnutls_x509_crt_fmt
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_pk_algorithm_t gnutls_pk_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_sign_algorithm_t gnutls_sign_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_close_request_t gnutls_close_request
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_certificate_request_t gnutls_certificate_request
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_certificate_status_t gnutls_certificate_status
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_session_t gnutls_session
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_alert_level_t gnutls_alert_level
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_alert_description_t gnutls_alert_description
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_subject_alt_name_t gnutls_x509_subject_alt_name
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_openpgp_privkey_t gnutls_openpgp_privkey
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_openpgp_keyring_t gnutls_openpgp_keyring
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_crt_t gnutls_x509_crt
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_privkey_t gnutls_x509_privkey
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_crl_t gnutls_x509_crl
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_crq_t gnutls_x509_crq
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_certificate_credentials_t
+ gnutls_certificate_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_anon_server_credentials_t
+ gnutls_anon_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_anon_client_credentials_t
+ gnutls_anon_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_srp_client_credentials_t
+ gnutls_srp_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_srp_server_credentials_t
+ gnutls_srp_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_dh_params_t gnutls_dh_params
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_rsa_params_t gnutls_rsa_params
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_params_type_t gnutls_params_type
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_credentials_type_t gnutls_credentials_type
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_certificate_type_t gnutls_certificate_type
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_transport_ptr_t gnutls_transport_ptr
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
modified to use the PSK alert. */
@@ -94,8 +127,10 @@ typedef gnutls_transport_ptr_t gnutls_transport_ptr _GNUTLS_GCC_ATTR_DEPRECATED;
#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
#define gnutls_openpgp_send_key gnutls_openpgp_send_cert
-typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t
+ _GNUTLS_GCC_ATTR_DEPRECATED;
#define gnutls_openpgp_key_init gnutls_openpgp_crt_init
#define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
#define gnutls_openpgp_key_import gnutls_openpgp_crt_import
@@ -130,211 +165,239 @@ typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t _GNUTLS_GCC_ATTR_DEPRECATED;
/* The gnutls_retr_st was deprecated by gnutls_certificate_retrieve_function()
* and gnutls_retr2_st.
*/
-typedef struct gnutls_retr_st
-{
- gnutls_certificate_type_t type;
- union
- {
- gnutls_x509_crt_t *x509;
- gnutls_openpgp_crt_t pgp;
- } cert;
- unsigned int ncerts; /* one for pgp keys */
-
- union
- {
- gnutls_x509_privkey_t x509;
- gnutls_openpgp_privkey_t pgp;
- } key;
-
- unsigned int deinit_all; /* if non zero all keys will be deinited */
-} gnutls_retr_st;
-
-typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t,
- const
- gnutls_datum_t *
- req_ca_rdn,
- int nreqs,
- const
- gnutls_pk_algorithm_t
- * pk_algos,
- int
- pk_algos_length,
- gnutls_retr_st *);
-typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t,
- gnutls_retr_st *);
-
-void gnutls_certificate_client_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_client_retrieve_function *
- func) _GNUTLS_GCC_ATTR_DEPRECATED;
-void
- gnutls_certificate_server_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_server_retrieve_function *
- func) _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* External signing callback. No longer supported because it
- * was deprecated by the PKCS #11 API or gnutls_privkey_import_ext. */
-typedef int (*gnutls_sign_func) (gnutls_session_t session,
- void *userdata,
- gnutls_certificate_type_t cert_type,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
-
-void
-gnutls_sign_callback_set (gnutls_session_t session,
- gnutls_sign_func sign_func, void *userdata)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-gnutls_sign_func
-gnutls_sign_callback_get (gnutls_session_t session, void **userdata)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef struct gnutls_retr_st {
+ gnutls_certificate_type_t type;
+ union {
+ gnutls_x509_crt_t *x509;
+ gnutls_openpgp_crt_t pgp;
+ } cert;
+ unsigned int ncerts; /* one for pgp keys */
+
+ union {
+ gnutls_x509_privkey_t x509;
+ gnutls_openpgp_privkey_t pgp;
+ } key;
+
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
+ } gnutls_retr_st;
+
+ typedef int
+ gnutls_certificate_client_retrieve_function(gnutls_session_t,
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs, const
+ gnutls_pk_algorithm_t
+ * pk_algos, int
+ pk_algos_length,
+ gnutls_retr_st *);
+ typedef int
+ gnutls_certificate_server_retrieve_function(gnutls_session_t,
+ gnutls_retr_st *);
+
+ void gnutls_certificate_client_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_retrieve_function *
+ func) _GNUTLS_GCC_ATTR_DEPRECATED;
+ void
+ gnutls_certificate_server_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_server_retrieve_function *
+ func) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* External signing callback. No longer supported because it
+ * was deprecated by the PKCS #11 API or gnutls_privkey_import_ext. */
+ typedef int (*gnutls_sign_func) (gnutls_session_t session,
+ void *userdata,
+ gnutls_certificate_type_t
+ cert_type,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
+
+ void
+ gnutls_sign_callback_set(gnutls_session_t session,
+ gnutls_sign_func sign_func,
+ void *userdata)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ gnutls_sign_func
+ gnutls_sign_callback_get(gnutls_session_t session,
+ void **userdata)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* This is a very dangerous and error-prone function.
* Use gnutls_privkey_sign_hash() instead.
*/
- int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* we support the gnutls_privkey_sign_data() instead.
*/
- int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- void *signature,
- size_t * signature_size)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* gnutls_pubkey_verify_data() */
- int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
-
- /* gnutls_pubkey_verify_hash() */
- int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* gnutls_pubkey_get_verify_algorithm() */
- int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* gnutls_pubkey_get_preferred_hash_algorithm() */
- int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
- gnutls_digest_algorithm_t
- * hash,
- unsigned int *mand)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* gnutls_x509_crq_privkey_sign() */
- int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
-
-
- /* gnutls_x509_crl_privkey_sign */
- int gnutls_x509_crl_sign (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* functions to set priority of cipher suites
- */
- int gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_mac_set_priority (gnutls_session_t session, const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_compression_set_priority (gnutls_session_t session,
- const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_kx_set_priority (gnutls_session_t session, const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_protocol_set_priority (gnutls_session_t session,
- const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_certificate_type_set_priority (gnutls_session_t session,
- const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature,
+ size_t * signature_size)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_verify_data() */
+ int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+ /* gnutls_pubkey_verify_hash() */
+ int gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_get_verify_algorithm() */
+ int gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt,
+ const gnutls_datum_t *
+ signature,
+ gnutls_digest_algorithm_t
+ * hash)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_get_preferred_hash_algorithm() */
+ int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t
+ crt,
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int
+ *mand)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_x509_crq_privkey_sign() */
+ int gnutls_x509_crq_sign(gnutls_x509_crq_t crq,
+ gnutls_x509_privkey_t key)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+
+ /* gnutls_x509_crl_privkey_sign */
+ int gnutls_x509_crl_sign(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* functions to set priority of cipher suites
+ */
+ int gnutls_cipher_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_mac_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_compression_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_kx_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_protocol_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_certificate_type_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* RSA params
*/
- int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
- void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst,
- gnutls_rsa_params_t src) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u);
- int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params,
- unsigned int bits) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_export_raw (gnutls_rsa_params_t rsa,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- unsigned int *bits) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
- const gnutls_datum_t * pkcs1_params,
- gnutls_x509_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
-
- int gnutls_rsa_export_get_pubkey (gnutls_session_t session,
- gnutls_datum_t * exponent,
- gnutls_datum_t * modulus) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_set_default_export_priority (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-
- void
- gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
- res,
- gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag */
- int gnutls_privkey_sign_raw_data (gnutls_privkey_t key,
- unsigned flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_init(gnutls_rsa_params_t *
+ rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
+ void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_cpy(gnutls_rsa_params_t dst,
+ gnutls_rsa_params_t src)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
+ int gnutls_rsa_params_generate2(gnutls_rsa_params_t params,
+ unsigned int bits)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_export_raw(gnutls_rsa_params_t rsa,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u,
+ unsigned int *bits)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t *
+ params_data_size)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t params,
+ const gnutls_datum_t *
+ pkcs1_params,
+ gnutls_x509_crt_fmt_t format)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int gnutls_rsa_export_get_pubkey(gnutls_session_t session,
+ gnutls_datum_t * exponent,
+ gnutls_datum_t *
+ modulus)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_set_default_export_priority(gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ void
+ gnutls_certificate_set_rsa_export_params
+ (gnutls_certificate_credentials_t res,
+ gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag */
+ int gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
+ unsigned flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t *
+ signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
#ifdef _ISOC99_SOURCE
/* we provide older functions for compatibility as inline functions that
* depend on gnutls_session_get_random. */
-
-static inline const void *gnutls_session_get_server_random (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-static inline const void *gnutls_session_get_server_random (gnutls_session_t session)
-{
- gnutls_datum_t rnd;
- gnutls_session_get_random(session, NULL, &rnd);/*doc-skip*/
- return rnd.data;
-}
-static inline const void *gnutls_session_get_client_random (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-static inline const void *gnutls_session_get_client_random (gnutls_session_t session)
-{
- gnutls_datum_t rnd;
- gnutls_session_get_random(session, &rnd, NULL);/*doc-skip*/
- return rnd.data;
-}
+ static inline const void
+ *gnutls_session_get_server_random(gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ static inline const void
+ *gnutls_session_get_server_random(gnutls_session_t session) {
+ gnutls_datum_t rnd;
+ gnutls_session_get_random(session, NULL, &rnd); /*doc-skip */
+ return rnd.data;
+ } static inline const void
+ *gnutls_session_get_client_random(gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ static inline const void
+ *gnutls_session_get_client_random(gnutls_session_t session) {
+ gnutls_datum_t rnd;
+ gnutls_session_get_random(session, &rnd, NULL); /*doc-skip */
+ return rnd.data;
+ }
#endif
@@ -342,4 +405,4 @@ static inline const void *gnutls_session_get_client_random (gnutls_session_t ses
}
#endif
-#endif /* _GNUTLS_COMPAT_H */
+#endif /* _GNUTLS_COMPAT_H */
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 44d77f9339..6ab571472d 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -24,61 +24,71 @@
#define GNUTLS_CRYPTO_H
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
- typedef struct api_cipher_hd_st *gnutls_cipher_hd_t;
-
- int gnutls_cipher_init (gnutls_cipher_hd_t * handle,
- gnutls_cipher_algorithm_t cipher,
- const gnutls_datum_t * key,
- const gnutls_datum_t * iv);
- int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle,
- void *text, size_t textlen);
- int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle,
- void *ciphertext, size_t ciphertextlen);
- int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle,
- const void *ciphertext, size_t ciphertextlen,
- void *text, size_t textlen);
- int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, const void *text,
- size_t textlen, void *ciphertext,
- size_t ciphertextlen);
-
- void gnutls_cipher_set_iv (gnutls_cipher_hd_t handle, void *iv, size_t ivlen);
-
- int gnutls_cipher_tag( gnutls_cipher_hd_t handle, void* tag, size_t tag_size);
- int gnutls_cipher_add_auth( gnutls_cipher_hd_t handle, const void* text, size_t text_size);
-
- void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
- int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
- int gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm);
- int gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm);
-
- typedef struct hash_hd_st *gnutls_hash_hd_t;
- typedef struct hmac_hd_st *gnutls_hmac_hd_t;
-
- size_t gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm);
- int gnutls_hmac_init (gnutls_hmac_hd_t * dig,
- gnutls_mac_algorithm_t algorithm, const void *key,
- size_t keylen);
- void gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len);
- int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen);
- void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest);
- void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest);
- int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm);
- int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- size_t keylen, const void *text, size_t textlen,
- void *digest);
-
- int gnutls_hash_init (gnutls_hash_hd_t * dig,
- gnutls_digest_algorithm_t algorithm);
- int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen);
- void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
- void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
- int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm);
- int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest);
+ typedef struct api_cipher_hd_st *gnutls_cipher_hd_t;
+
+ int gnutls_cipher_init(gnutls_cipher_hd_t * handle,
+ gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv);
+ int gnutls_cipher_encrypt(const gnutls_cipher_hd_t handle,
+ void *text, size_t textlen);
+ int gnutls_cipher_decrypt(const gnutls_cipher_hd_t handle,
+ void *ciphertext, size_t ciphertextlen);
+ int gnutls_cipher_decrypt2(gnutls_cipher_hd_t handle,
+ const void *ciphertext,
+ size_t ciphertextlen, void *text,
+ size_t textlen);
+ int gnutls_cipher_encrypt2(gnutls_cipher_hd_t handle,
+ const void *text, size_t textlen,
+ void *ciphertext, size_t ciphertextlen);
+
+ void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv,
+ size_t ivlen);
+
+ int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag,
+ size_t tag_size);
+ int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle,
+ const void *text, size_t text_size);
+
+ void gnutls_cipher_deinit(gnutls_cipher_hd_t handle);
+ int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t
+ algorithm);
+ int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm);
+ int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t
+ algorithm);
+
+ typedef struct hash_hd_st *gnutls_hash_hd_t;
+ typedef struct hmac_hd_st *gnutls_hmac_hd_t;
+
+ size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm);
+ int gnutls_hmac_init(gnutls_hmac_hd_t * dig,
+ gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen);
+ void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle,
+ const void *nonce, size_t nonce_len);
+ int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text,
+ size_t textlen);
+ void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest);
+ void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest);
+ int gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm);
+ int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen,
+ const void *text, size_t textlen,
+ void *digest);
+
+ int gnutls_hash_init(gnutls_hash_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm);
+ int gnutls_hash(gnutls_hash_hd_t handle, const void *text,
+ size_t textlen);
+ void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest);
+ void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest);
+ int gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm);
+ int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen,
+ void *digest);
/* register ciphers */
@@ -93,19 +103,17 @@ extern "C"
*
* Enumeration of random quality levels.
*/
- typedef enum gnutls_rnd_level
- {
- GNUTLS_RND_NONCE = 0,
- GNUTLS_RND_RANDOM = 1,
- GNUTLS_RND_KEY = 2
- } gnutls_rnd_level_t;
+ typedef enum gnutls_rnd_level {
+ GNUTLS_RND_NONCE = 0,
+ GNUTLS_RND_RANDOM = 1,
+ GNUTLS_RND_KEY = 2
+ } gnutls_rnd_level_t;
- int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
+ int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len);
- void gnutls_rnd_refresh (void);
+ void gnutls_rnd_refresh(void);
#ifdef __cplusplus
}
#endif
-
#endif
diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h
index ec5782ab86..c773a664dd 100644
--- a/lib/includes/gnutls/dtls.h
+++ b/lib/includes/gnutls/dtls.h
@@ -30,23 +30,24 @@
#include <gnutls/gnutls.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define GNUTLS_COOKIE_KEY_SIZE 16
-void gnutls_dtls_set_timeouts (gnutls_session_t session,
- unsigned int retrans_timeout,
- unsigned int total_timeout);
+ void gnutls_dtls_set_timeouts(gnutls_session_t session,
+ unsigned int retrans_timeout,
+ unsigned int total_timeout);
-unsigned int gnutls_dtls_get_mtu (gnutls_session_t session);
-unsigned int gnutls_dtls_get_data_mtu (gnutls_session_t session);
+ unsigned int gnutls_dtls_get_mtu(gnutls_session_t session);
+ unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t session);
-void gnutls_dtls_set_mtu (gnutls_session_t session, unsigned int mtu);
-int gnutls_dtls_set_data_mtu (gnutls_session_t session, unsigned int mtu);
+ void gnutls_dtls_set_mtu(gnutls_session_t session,
+ unsigned int mtu);
+ int gnutls_dtls_set_data_mtu(gnutls_session_t session,
+ unsigned int mtu);
-unsigned int gnutls_dtls_get_timeout (gnutls_session_t session);
+ unsigned int gnutls_dtls_get_timeout(gnutls_session_t session);
/**
* gnutls_dtls_prestate_st:
@@ -59,31 +60,31 @@ unsigned int gnutls_dtls_get_timeout (gnutls_session_t session);
* gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
* gnutls_dtls_prestate_set().
*/
- typedef struct
- {
- unsigned int record_seq;
- unsigned int hsk_read_seq;
- unsigned int hsk_write_seq;
- } gnutls_dtls_prestate_st;
+ typedef struct {
+ unsigned int record_seq;
+ unsigned int hsk_read_seq;
+ unsigned int hsk_write_seq;
+ } gnutls_dtls_prestate_st;
- int gnutls_dtls_cookie_send (gnutls_datum_t* key,
- void* client_data, size_t client_data_size,
- gnutls_dtls_prestate_st* prestate,
- gnutls_transport_ptr_t ptr,
- gnutls_push_func push_func);
+ int gnutls_dtls_cookie_send(gnutls_datum_t * key,
+ void *client_data,
+ size_t client_data_size,
+ gnutls_dtls_prestate_st * prestate,
+ gnutls_transport_ptr_t ptr,
+ gnutls_push_func push_func);
- int gnutls_dtls_cookie_verify (gnutls_datum_t* key,
- void* client_data, size_t client_data_size,
- void* _msg, size_t msg_size,
- gnutls_dtls_prestate_st* prestate);
+ int gnutls_dtls_cookie_verify(gnutls_datum_t * key,
+ void *client_data,
+ size_t client_data_size, void *_msg,
+ size_t msg_size,
+ gnutls_dtls_prestate_st * prestate);
- void gnutls_dtls_prestate_set (gnutls_session_t session,
- gnutls_dtls_prestate_st* prestate);
+ void gnutls_dtls_prestate_set(gnutls_session_t session,
+ gnutls_dtls_prestate_st * prestate);
+
+ unsigned int gnutls_record_get_discarded(gnutls_session_t session);
- unsigned int gnutls_record_get_discarded (gnutls_session_t session);
-
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_DTLS_H */
+#endif /* GNUTLS_DTLS_H */
diff --git a/lib/includes/gnutls/gnutlsxx.h b/lib/includes/gnutls/gnutlsxx.h
index 2603b7dac6..1ed83fbd44 100644
--- a/lib/includes/gnutls/gnutlsxx.h
+++ b/lib/includes/gnutls/gnutlsxx.h
@@ -27,400 +27,400 @@
#include <vector>
#include <gnutls/gnutls.h>
-namespace gnutls
-{
-
- class noncopyable
- {
- protected:
- noncopyable ()
- {
- }
- ~noncopyable ()
- {
- }
-
- private:
- // These are non-implemented.
- noncopyable (const noncopyable &);
- noncopyable & operator= (const noncopyable &);
- };
-
-
- class exception:public std::exception
- {
- public:
- exception (int x);
- const char *what () const throw ();
- int get_code ();
- protected:
- int retcode;
- };
-
-
- class dh_params:private noncopyable
- {
- public:
- dh_params ();
- ~dh_params ();
- void import_raw (const gnutls_datum_t & prime,
- const gnutls_datum_t & generator);
- void import_pkcs3 (const gnutls_datum_t & pkcs3_params,
- gnutls_x509_crt_fmt_t format);
- void generate (unsigned int bits);
-
- void export_pkcs3 (gnutls_x509_crt_fmt_t format,
- unsigned char *params_data, size_t * params_data_size);
- void export_raw (gnutls_datum_t & prime, gnutls_datum_t & generator);
-
- gnutls_dh_params_t get_params_t () const;
- dh_params & operator= (const dh_params & src);
- protected:
- gnutls_dh_params_t params;
- };
-
-
- class rsa_params:private noncopyable
- {
- public:
- rsa_params ();
- ~rsa_params ();
- void import_raw (const gnutls_datum_t & m,
- const gnutls_datum_t & e,
- const gnutls_datum_t & d,
- const gnutls_datum_t & p,
- const gnutls_datum_t & q, const gnutls_datum_t & u);
- void import_pkcs1 (const gnutls_datum_t & pkcs1_params,
- gnutls_x509_crt_fmt_t format);
- void generate (unsigned int bits);
-
- void export_pkcs1 (gnutls_x509_crt_fmt_t format,
- unsigned char *params_data, size_t * params_data_size);
- void export_raw (gnutls_datum_t & m, gnutls_datum_t & e,
- gnutls_datum_t & d, gnutls_datum_t & p,
- gnutls_datum_t & q, gnutls_datum_t & u);
- gnutls_rsa_params_t get_params_t () const;
- rsa_params & operator= (const rsa_params & src);
-
- protected:
- gnutls_rsa_params_t params;
- };
-
- class session:private noncopyable
- {
- protected:
- gnutls_session_t s;
- public:
- session (unsigned int);
- virtual ~ session ();
-
- int bye (gnutls_close_request_t how);
- int handshake ();
-
- gnutls_alert_description_t get_alert () const;
-
- int send_alert (gnutls_alert_level_t level,
- gnutls_alert_description_t desc);
- int send_appropriate_alert (int err);
-
- gnutls_cipher_algorithm_t get_cipher () const;
- gnutls_kx_algorithm_t get_kx () const;
- gnutls_mac_algorithm_t get_mac () const;
- gnutls_compression_method_t get_compression () const;
- gnutls_certificate_type_t get_certificate_type () const;
-
- // for the handshake
- void set_private_extensions (bool allow);
-
- gnutls_handshake_description_t get_handshake_last_out () const;
- gnutls_handshake_description_t get_handshake_last_in () const;
-
- ssize_t send (const void *data, size_t sizeofdata);
- ssize_t recv (void *data, size_t sizeofdata);
-
- bool get_record_direction () const;
-
- // maximum packet size
- size_t get_max_size () const;
- void set_max_size (size_t size);
-
- size_t check_pending () const;
-
- void prf (size_t label_size, const char *label,
- int server_random_first,
- size_t extra_size, const char *extra,
- size_t outsize, char *out);
-
- void prf_raw (size_t label_size, const char *label,
- size_t seed_size, const char *seed,
- size_t outsize, char *out);
-
- /* if you just want some defaults, use the following.
- */
- void set_priority (const char *prio, const char **err_pos);
- void set_priority (gnutls_priority_t p);
-
- gnutls_protocol_t get_protocol_version () const;
-
- // for resuming sessions
- void set_data (const void *session_data, size_t session_data_size);
- void get_data (void *session_data, size_t * session_data_size) const;
- void get_data (gnutls_session_t session, gnutls_datum_t & data) const;
- void get_id (void *session_id, size_t * session_id_size) const;
-
- bool is_resumed () const;
-
- void set_max_handshake_packet_length (size_t max);
-
- void clear_credentials ();
- void set_credentials (class credentials & cred);
-
- void set_transport_ptr (gnutls_transport_ptr_t ptr);
- void set_transport_ptr (gnutls_transport_ptr_t recv_ptr,
- gnutls_transport_ptr_t send_ptr);
- gnutls_transport_ptr_t get_transport_ptr () const;
- void get_transport_ptr (gnutls_transport_ptr_t & recv_ptr,
- gnutls_transport_ptr_t & send_ptr) const;
-
- void set_transport_lowat (size_t num);
- void set_transport_push_function (gnutls_push_func push_func);
- void set_transport_vec_push_function (gnutls_vec_push_func vec_push_func);
- void set_transport_pull_function (gnutls_pull_func pull_func);
-
- void set_user_ptr (void *ptr);
- void *get_user_ptr () const;
-
- void send_openpgp_cert (gnutls_openpgp_crt_status_t status);
-
- gnutls_credentials_type_t get_auth_type () const;
- gnutls_credentials_type_t get_server_auth_type () const;
- gnutls_credentials_type_t get_client_auth_type () const;
-
- // informational stuff
- void set_dh_prime_bits (unsigned int bits);
- unsigned int get_dh_secret_bits () const;
- unsigned int get_dh_peers_public_bits () const;
- unsigned int get_dh_prime_bits () const;
- void get_dh_group (gnutls_datum_t & gen, gnutls_datum_t & prime) const;
- void get_dh_pubkey (gnutls_datum_t & raw_key) const;
- void get_rsa_export_pubkey (gnutls_datum_t & exponent,
- gnutls_datum_t & modulus) const;
- unsigned int get_rsa_export_modulus_bits () const;
-
- void get_our_certificate (gnutls_datum_t & cert) const;
- bool get_peers_certificate (std::vector < gnutls_datum_t >
- &out_certs) const;
- bool get_peers_certificate (const gnutls_datum_t ** certs,
- unsigned int *certs_size) const;
-
- time_t get_peers_certificate_activation_time () const;
- time_t get_peers_certificate_expiration_time () const;
- void verify_peers_certificate (unsigned int &status) const;
-
- };
+namespace gnutls {
+
+ class noncopyable {
+ protected:
+ noncopyable() {
+ } ~noncopyable() {
+ } private:
+ // These are non-implemented.
+ noncopyable(const noncopyable &);
+ noncopyable & operator=(const noncopyable &);
+ };
+
+
+ class exception:public std::exception {
+ public:
+ exception(int x);
+ const char *what() const throw();
+ int get_code();
+ protected:
+ int retcode;
+ };
+
+
+ class dh_params:private noncopyable {
+ public:
+ dh_params();
+ ~dh_params();
+ void import_raw(const gnutls_datum_t & prime,
+ const gnutls_datum_t & generator);
+ void import_pkcs3(const gnutls_datum_t & pkcs3_params,
+ gnutls_x509_crt_fmt_t format);
+ void generate(unsigned int bits);
+
+ void export_pkcs3(gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
+ void export_raw(gnutls_datum_t & prime,
+ gnutls_datum_t & generator);
+
+ gnutls_dh_params_t get_params_t() const;
+ dh_params & operator=(const dh_params & src);
+ protected:
+ gnutls_dh_params_t params;
+ };
+
+
+ class rsa_params:private noncopyable {
+ public:
+ rsa_params();
+ ~rsa_params();
+ void import_raw(const gnutls_datum_t & m,
+ const gnutls_datum_t & e,
+ const gnutls_datum_t & d,
+ const gnutls_datum_t & p,
+ const gnutls_datum_t & q,
+ const gnutls_datum_t & u);
+ void import_pkcs1(const gnutls_datum_t & pkcs1_params,
+ gnutls_x509_crt_fmt_t format);
+ void generate(unsigned int bits);
+
+ void export_pkcs1(gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
+ void export_raw(gnutls_datum_t & m, gnutls_datum_t & e,
+ gnutls_datum_t & d, gnutls_datum_t & p,
+ gnutls_datum_t & q, gnutls_datum_t & u);
+ gnutls_rsa_params_t get_params_t() const;
+ rsa_params & operator=(const rsa_params & src);
+
+ protected:
+ gnutls_rsa_params_t params;
+ };
+
+ class session:private noncopyable {
+ protected:
+ gnutls_session_t s;
+ public:
+ session(unsigned int);
+ virtual ~ session();
+
+ int bye(gnutls_close_request_t how);
+ int handshake();
+
+ gnutls_alert_description_t get_alert() const;
+
+ int send_alert(gnutls_alert_level_t level,
+ gnutls_alert_description_t desc);
+ int send_appropriate_alert(int err);
+
+ gnutls_cipher_algorithm_t get_cipher() const;
+ gnutls_kx_algorithm_t get_kx() const;
+ gnutls_mac_algorithm_t get_mac() const;
+ gnutls_compression_method_t get_compression() const;
+ gnutls_certificate_type_t get_certificate_type() const;
+
+ // for the handshake
+ void set_private_extensions(bool allow);
+
+ gnutls_handshake_description_t get_handshake_last_out()
+ const;
+ gnutls_handshake_description_t get_handshake_last_in()
+ const;
+
+ ssize_t send(const void *data, size_t sizeofdata);
+ ssize_t recv(void *data, size_t sizeofdata);
+
+ bool get_record_direction() const;
+
+ // maximum packet size
+ size_t get_max_size() const;
+ void set_max_size(size_t size);
+
+ size_t check_pending() const;
+
+ void prf(size_t label_size, const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra,
+ size_t outsize, char *out);
+
+ void prf_raw(size_t label_size, const char *label,
+ size_t seed_size, const char *seed,
+ size_t outsize, char *out);
+
+ /* if you just want some defaults, use the following.
+ */
+ void set_priority(const char *prio, const char **err_pos);
+ void set_priority(gnutls_priority_t p);
+
+ gnutls_protocol_t get_protocol_version() const;
+
+ // for resuming sessions
+ void set_data(const void *session_data,
+ size_t session_data_size);
+ void get_data(void *session_data,
+ size_t * session_data_size) const;
+ void get_data(gnutls_session_t session,
+ gnutls_datum_t & data) const;
+ void get_id(void *session_id,
+ size_t * session_id_size) const;
+
+ bool is_resumed() const;
+
+ void set_max_handshake_packet_length(size_t max);
+
+ void clear_credentials();
+ void set_credentials(class credentials & cred);
+
+ void set_transport_ptr(gnutls_transport_ptr_t ptr);
+ void set_transport_ptr(gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr);
+ gnutls_transport_ptr_t get_transport_ptr() const;
+ void get_transport_ptr(gnutls_transport_ptr_t & recv_ptr,
+ gnutls_transport_ptr_t & send_ptr)
+ const;
+
+ void set_transport_lowat(size_t num);
+ void set_transport_push_function(gnutls_push_func
+ push_func);
+ void set_transport_vec_push_function(gnutls_vec_push_func
+ vec_push_func);
+ void set_transport_pull_function(gnutls_pull_func
+ pull_func);
+
+ void set_user_ptr(void *ptr);
+ void *get_user_ptr() const;
+
+ void send_openpgp_cert(gnutls_openpgp_crt_status_t status);
+
+ gnutls_credentials_type_t get_auth_type() const;
+ gnutls_credentials_type_t get_server_auth_type() const;
+ gnutls_credentials_type_t get_client_auth_type() const;
+
+ // informational stuff
+ void set_dh_prime_bits(unsigned int bits);
+ unsigned int get_dh_secret_bits() const;
+ unsigned int get_dh_peers_public_bits() const;
+ unsigned int get_dh_prime_bits() const;
+ void get_dh_group(gnutls_datum_t & gen,
+ gnutls_datum_t & prime) const;
+ void get_dh_pubkey(gnutls_datum_t & raw_key) const;
+ void get_rsa_export_pubkey(gnutls_datum_t & exponent,
+ gnutls_datum_t & modulus) const;
+ unsigned int get_rsa_export_modulus_bits() const;
+
+ void get_our_certificate(gnutls_datum_t & cert) const;
+ bool get_peers_certificate(std::vector < gnutls_datum_t >
+ &out_certs) const;
+ bool get_peers_certificate(const gnutls_datum_t ** certs,
+ unsigned int *certs_size) const;
+
+ time_t get_peers_certificate_activation_time() const;
+ time_t get_peers_certificate_expiration_time() const;
+ void verify_peers_certificate(unsigned int &status) const;
+
+ };
// interface for databases
- class DB:private noncopyable
- {
- public:
- virtual ~ DB () = 0;
- virtual bool store (const gnutls_datum_t & key,
- const gnutls_datum_t & data) = 0;
- virtual bool retrieve (const gnutls_datum_t & key,
- gnutls_datum_t & data) = 0;
- virtual bool remove (const gnutls_datum_t & key) = 0;
- };
-
- class server_session:public session
- {
- public:
- server_session ();
- ~server_session ();
- void db_remove () const;
-
- void set_db_cache_expiration (unsigned int seconds);
- void set_db (const DB & db);
-
- // returns true if session is expired
- bool db_check_entry (gnutls_datum_t & session_data) const;
-
- // server side only
- const char *get_srp_username () const;
- const char *get_psk_username () const;
-
- void get_server_name (void *data, size_t * data_length,
- unsigned int *type, unsigned int indx) const;
-
- int rehandshake ();
- void set_certificate_request (gnutls_certificate_request_t);
- };
-
- class client_session:public session
- {
- public:
- client_session ();
- ~client_session ();
-
- void set_server_name (gnutls_server_name_type_t type,
- const void *name, size_t name_length);
-
- bool get_request_status ();
- };
-
-
- class credentials:private noncopyable
- {
- public:
- virtual ~ credentials ()
- {
- }
- gnutls_credentials_type_t get_type () const;
- protected:
- friend class session;
- credentials (gnutls_credentials_type_t t);
- void *ptr () const;
- void set_ptr (void *ptr);
- gnutls_credentials_type_t type;
- private:
- void *cred;
- };
-
- class certificate_credentials:public credentials
- {
- public:
- ~certificate_credentials ();
- certificate_credentials ();
-
- void free_keys ();
- void free_cas ();
- void free_ca_names ();
- void free_crls ();
-
- void set_dh_params (const dh_params & params);
- void set_rsa_export_params (const rsa_params & params);
- void set_verify_flags (unsigned int flags);
- void set_verify_limits (unsigned int max_bits, unsigned int max_depth);
-
- void set_x509_trust_file (const char *cafile, gnutls_x509_crt_fmt_t type);
- void set_x509_trust (const gnutls_datum_t & CA,
- gnutls_x509_crt_fmt_t type);
- // FIXME: use classes instead of gnutls_x509_crt_t
- void set_x509_trust (gnutls_x509_crt_t * ca_list, int ca_list_size);
-
- void set_x509_crl_file (const char *crlfile, gnutls_x509_crt_fmt_t type);
- void set_x509_crl (const gnutls_datum_t & CRL,
- gnutls_x509_crt_fmt_t type);
- void set_x509_crl (gnutls_x509_crl_t * crl_list, int crl_list_size);
-
- void set_x509_key_file (const char *certfile, const char *KEYFILE,
- gnutls_x509_crt_fmt_t type);
- void set_x509_key (const gnutls_datum_t & CERT,
- const gnutls_datum_t & KEY,
- gnutls_x509_crt_fmt_t type);
- // FIXME: use classes
- void set_x509_key (gnutls_x509_crt_t * cert_list, int cert_list_size,
- gnutls_x509_privkey_t key);
-
-
- void set_simple_pkcs12_file (const char *pkcs12file,
- gnutls_x509_crt_fmt_t type,
- const char *password);
-
- void set_retrieve_function (gnutls_certificate_retrieve_function * func);
-
- protected:
- gnutls_certificate_credentials_t cred;
- };
-
- class certificate_server_credentials:public certificate_credentials
- {
- public:
- void set_params_function (gnutls_params_function * func);
- };
-
- class certificate_client_credentials:public certificate_credentials
- {
- public:
- };
-
-
-
-
- class anon_server_credentials:public credentials
- {
- public:
- anon_server_credentials ();
- ~anon_server_credentials ();
- void set_dh_params (const dh_params & params);
- void set_params_function (gnutls_params_function * func);
- protected:
- gnutls_anon_server_credentials_t cred;
- };
-
- class anon_client_credentials:public credentials
- {
- public:
- anon_client_credentials ();
- ~anon_client_credentials ();
- protected:
- gnutls_anon_client_credentials_t cred;
- };
-
-
- class srp_server_credentials:public credentials
- {
- public:
- srp_server_credentials ();
- ~srp_server_credentials ();
- void set_credentials_file (const char *password_file,
- const char *password_conf_file);
- void set_credentials_function (gnutls_srp_server_credentials_function *
- func);
- protected:
- gnutls_srp_server_credentials_t cred;
- };
-
- class srp_client_credentials:public credentials
- {
- public:
- srp_client_credentials ();
- ~srp_client_credentials ();
- void set_credentials (const char *username, const char *password);
- void set_credentials_function (gnutls_srp_client_credentials_function *
- func);
- protected:
- gnutls_srp_client_credentials_t cred;
- };
-
-
- class psk_server_credentials:public credentials
- {
- public:
- psk_server_credentials ();
- ~psk_server_credentials ();
- void set_credentials_file (const char *password_file);
- void set_credentials_function (gnutls_psk_server_credentials_function *
- func);
- void set_dh_params (const dh_params & params);
- void set_params_function (gnutls_params_function * func);
- protected:
- gnutls_psk_server_credentials_t cred;
- };
-
- class psk_client_credentials:public credentials
- {
- public:
- psk_client_credentials ();
- ~psk_client_credentials ();
- void set_credentials (const char *username, const gnutls_datum_t & key,
- gnutls_psk_key_flags flags);
- void set_credentials_function (gnutls_psk_client_credentials_function *
- func);
- protected:
- gnutls_psk_client_credentials_t cred;
- };
-
-
-} /* namespace */
-
-#endif /* GNUTLSXX_H */
+ class DB:private noncopyable {
+ public:
+ virtual ~ DB() = 0;
+ virtual bool store(const gnutls_datum_t & key,
+ const gnutls_datum_t & data) = 0;
+ virtual bool retrieve(const gnutls_datum_t & key,
+ gnutls_datum_t & data) = 0;
+ virtual bool remove(const gnutls_datum_t & key) = 0;
+ };
+
+ class server_session:public session {
+ public:
+ server_session();
+ ~server_session();
+ void db_remove() const;
+
+ void set_db_cache_expiration(unsigned int seconds);
+ void set_db(const DB & db);
+
+ // returns true if session is expired
+ bool db_check_entry(gnutls_datum_t & session_data) const;
+
+ // server side only
+ const char *get_srp_username() const;
+ const char *get_psk_username() const;
+
+ void get_server_name(void *data, size_t * data_length,
+ unsigned int *type,
+ unsigned int indx) const;
+
+ int rehandshake();
+ void set_certificate_request(gnutls_certificate_request_t);
+ };
+
+ class client_session:public session {
+ public:
+ client_session();
+ ~client_session();
+
+ void set_server_name(gnutls_server_name_type_t type,
+ const void *name, size_t name_length);
+
+ bool get_request_status();
+ };
+
+
+ class credentials:private noncopyable {
+ public:
+ virtual ~ credentials() {
+ } gnutls_credentials_type_t get_type() const;
+ protected:
+ friend class session;
+ credentials(gnutls_credentials_type_t t);
+ void *ptr() const;
+ void set_ptr(void *ptr);
+ gnutls_credentials_type_t type;
+ private:
+ void *cred;
+ };
+
+ class certificate_credentials:public credentials {
+ public:
+ ~certificate_credentials();
+ certificate_credentials();
+
+ void free_keys();
+ void free_cas();
+ void free_ca_names();
+ void free_crls();
+
+ void set_dh_params(const dh_params & params);
+ void set_rsa_export_params(const rsa_params & params);
+ void set_verify_flags(unsigned int flags);
+ void set_verify_limits(unsigned int max_bits,
+ unsigned int max_depth);
+
+ void set_x509_trust_file(const char *cafile,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_trust(const gnutls_datum_t & CA,
+ gnutls_x509_crt_fmt_t type);
+ // FIXME: use classes instead of gnutls_x509_crt_t
+ void set_x509_trust(gnutls_x509_crt_t * ca_list,
+ int ca_list_size);
+
+ void set_x509_crl_file(const char *crlfile,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_crl(const gnutls_datum_t & CRL,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_crl(gnutls_x509_crl_t * crl_list,
+ int crl_list_size);
+
+ void set_x509_key_file(const char *certfile,
+ const char *KEYFILE,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_key(const gnutls_datum_t & CERT,
+ const gnutls_datum_t & KEY,
+ gnutls_x509_crt_fmt_t type);
+ // FIXME: use classes
+ void set_x509_key(gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key);
+
+
+ void set_simple_pkcs12_file(const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type,
+ const char *password);
+
+ void set_retrieve_function
+ (gnutls_certificate_retrieve_function * func);
+
+ protected:
+ gnutls_certificate_credentials_t cred;
+ };
+
+ class certificate_server_credentials:public certificate_credentials {
+ public:
+ void set_params_function(gnutls_params_function * func);
+ };
+
+ class certificate_client_credentials:public certificate_credentials {
+ public:
+ };
+
+
+
+
+ class anon_server_credentials:public credentials {
+ public:
+ anon_server_credentials();
+ ~anon_server_credentials();
+ void set_dh_params(const dh_params & params);
+ void set_params_function(gnutls_params_function * func);
+ protected:
+ gnutls_anon_server_credentials_t cred;
+ };
+
+ class anon_client_credentials:public credentials {
+ public:
+ anon_client_credentials();
+ ~anon_client_credentials();
+ protected:
+ gnutls_anon_client_credentials_t cred;
+ };
+
+
+ class srp_server_credentials:public credentials {
+ public:
+ srp_server_credentials();
+ ~srp_server_credentials();
+ void set_credentials_file(const char *password_file,
+ const char *password_conf_file);
+ void set_credentials_function
+ (gnutls_srp_server_credentials_function * func);
+ protected:
+ gnutls_srp_server_credentials_t cred;
+ };
+
+ class srp_client_credentials:public credentials {
+ public:
+ srp_client_credentials();
+ ~srp_client_credentials();
+ void set_credentials(const char *username,
+ const char *password);
+ void set_credentials_function
+ (gnutls_srp_client_credentials_function * func);
+ protected:
+ gnutls_srp_client_credentials_t cred;
+ };
+
+
+ class psk_server_credentials:public credentials {
+ public:
+ psk_server_credentials();
+ ~psk_server_credentials();
+ void set_credentials_file(const char *password_file);
+ void set_credentials_function
+ (gnutls_psk_server_credentials_function * func);
+ void set_dh_params(const dh_params & params);
+ void set_params_function(gnutls_params_function * func);
+ protected:
+ gnutls_psk_server_credentials_t cred;
+ };
+
+ class psk_client_credentials:public credentials {
+ public:
+ psk_client_credentials();
+ ~psk_client_credentials();
+ void set_credentials(const char *username,
+ const gnutls_datum_t & key,
+ gnutls_psk_key_flags flags);
+ void set_credentials_function
+ (gnutls_psk_client_credentials_function * func);
+ protected:
+ gnutls_psk_client_credentials_t cred;
+ };
+
+
+} /* namespace */
+
+#endif /* GNUTLSXX_H */
diff --git a/lib/includes/gnutls/ocsp.h b/lib/includes/gnutls/ocsp.h
index 99046ad276..e7f412251a 100644
--- a/lib/includes/gnutls/ocsp.h
+++ b/lib/includes/gnutls/ocsp.h
@@ -30,8 +30,7 @@
#include <gnutls/x509.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define GNUTLS_OCSP_NONCE "1.3.6.1.5.5.7.48.1.2"
@@ -43,11 +42,10 @@ extern "C"
*
* Enumeration of different OCSP printing variants.
*/
-typedef enum gnutls_ocsp_print_formats_t
- {
- GNUTLS_OCSP_PRINT_FULL = 0,
- GNUTLS_OCSP_PRINT_COMPACT = 1,
- } gnutls_ocsp_print_formats_t;
+ typedef enum gnutls_ocsp_print_formats_t {
+ GNUTLS_OCSP_PRINT_FULL = 0,
+ GNUTLS_OCSP_PRINT_COMPACT = 1,
+ } gnutls_ocsp_print_formats_t;
/**
* gnutls_ocsp_resp_status_t:
@@ -60,15 +58,14 @@ typedef enum gnutls_ocsp_print_formats_t
*
* Enumeration of different OCSP response status codes.
*/
-typedef enum gnutls_ocsp_resp_status_t
- {
- GNUTLS_OCSP_RESP_SUCCESSFUL = 0,
- GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1,
- GNUTLS_OCSP_RESP_INTERNALERROR = 2,
- GNUTLS_OCSP_RESP_TRYLATER = 3,
- GNUTLS_OCSP_RESP_SIGREQUIRED = 5,
- GNUTLS_OCSP_RESP_UNAUTHORIZED = 6
- } gnutls_ocsp_resp_status_t;
+ typedef enum gnutls_ocsp_resp_status_t {
+ GNUTLS_OCSP_RESP_SUCCESSFUL = 0,
+ GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1,
+ GNUTLS_OCSP_RESP_INTERNALERROR = 2,
+ GNUTLS_OCSP_RESP_TRYLATER = 3,
+ GNUTLS_OCSP_RESP_SIGREQUIRED = 5,
+ GNUTLS_OCSP_RESP_UNAUTHORIZED = 6
+ } gnutls_ocsp_resp_status_t;
/**
* gnutls_ocsp_cert_status_t:
@@ -79,12 +76,11 @@ typedef enum gnutls_ocsp_resp_status_t
*
* Enumeration of different OCSP response certificate status codes.
*/
-typedef enum gnutls_ocsp_cert_status_t
- {
- GNUTLS_OCSP_CERT_GOOD = 0,
- GNUTLS_OCSP_CERT_REVOKED = 1,
- GNUTLS_OCSP_CERT_UNKNOWN = 2
- } gnutls_ocsp_cert_status_t;
+ typedef enum gnutls_ocsp_cert_status_t {
+ GNUTLS_OCSP_CERT_GOOD = 0,
+ GNUTLS_OCSP_CERT_REVOKED = 1,
+ GNUTLS_OCSP_CERT_UNKNOWN = 2
+ } gnutls_ocsp_cert_status_t;
/**
* gnutls_x509_crl_reason_t:
@@ -103,19 +99,18 @@ typedef enum gnutls_ocsp_cert_status_t
* corresponds to the CRLReason ASN.1 enumeration type, and not the
* ReasonFlags ASN.1 bit string.
*/
-typedef enum gnutls_x509_crl_reason_t
- {
- GNUTLS_X509_CRLREASON_UNSPECIFIED = 0,
- GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1,
- GNUTLS_X509_CRLREASON_CACOMPROMISE = 2,
- GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3,
- GNUTLS_X509_CRLREASON_SUPERSEDED = 4,
- GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5,
- GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6,
- GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8,
- GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9,
- GNUTLS_X509_CRLREASON_AACOMPROMISE = 10
- } gnutls_x509_crl_reason_t;
+ typedef enum gnutls_x509_crl_reason_t {
+ GNUTLS_X509_CRLREASON_UNSPECIFIED = 0,
+ GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1,
+ GNUTLS_X509_CRLREASON_CACOMPROMISE = 2,
+ GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3,
+ GNUTLS_X509_CRLREASON_SUPERSEDED = 4,
+ GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5,
+ GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6,
+ GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8,
+ GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9,
+ GNUTLS_X509_CRLREASON_AACOMPROMISE = 10
+ } gnutls_x509_crl_reason_t;
/**
* gnutls_ocsp_verify_reason_t:
@@ -130,130 +125,134 @@ typedef enum gnutls_x509_crl_reason_t
* Enumeration of OCSP verify status codes, used by
* gnutls_ocsp_resp_verify() and gnutls_ocsp_resp_verify_direct().
*/
-typedef enum gnutls_ocsp_verify_reason_t
- {
- GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1,
- GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2,
- GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4,
- GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8,
- GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16,
- GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32,
- GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64
- } gnutls_ocsp_verify_reason_t;
+ typedef enum gnutls_ocsp_verify_reason_t {
+ GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1,
+ GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2,
+ GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4,
+ GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8,
+ GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16,
+ GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32,
+ GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64
+ } gnutls_ocsp_verify_reason_t;
- struct gnutls_ocsp_req_int;
- typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t;
+ struct gnutls_ocsp_req_int;
+ typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t;
- int gnutls_ocsp_req_init (gnutls_ocsp_req_t * req);
- void gnutls_ocsp_req_deinit (gnutls_ocsp_req_t req);
+ int gnutls_ocsp_req_init(gnutls_ocsp_req_t * req);
+ void gnutls_ocsp_req_deinit(gnutls_ocsp_req_t req);
- int gnutls_ocsp_req_import (gnutls_ocsp_req_t req,
- const gnutls_datum_t * data);
- int gnutls_ocsp_req_export (gnutls_ocsp_req_t req, gnutls_datum_t * data);
- int gnutls_ocsp_req_print (gnutls_ocsp_req_t req,
- gnutls_ocsp_print_formats_t format,
- gnutls_datum_t * out);
+ int gnutls_ocsp_req_import(gnutls_ocsp_req_t req,
+ const gnutls_datum_t * data);
+ int gnutls_ocsp_req_export(gnutls_ocsp_req_t req,
+ gnutls_datum_t * data);
+ int gnutls_ocsp_req_print(gnutls_ocsp_req_t req,
+ gnutls_ocsp_print_formats_t format,
+ gnutls_datum_t * out);
- int gnutls_ocsp_req_get_version (gnutls_ocsp_req_t req);
+ int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req);
- int gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req,
- unsigned indx,
- gnutls_digest_algorithm_t *digest,
- gnutls_datum_t *issuer_name_hash,
- gnutls_datum_t *issuer_key_hash,
- gnutls_datum_t *serial_number);
- int gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req,
- gnutls_digest_algorithm_t digest,
- const gnutls_datum_t *issuer_name_hash,
- const gnutls_datum_t *issuer_key_hash,
- const gnutls_datum_t *serial_number);
- int gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t req,
- gnutls_digest_algorithm_t digest,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crt_t cert);
+ int gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req,
+ unsigned indx,
+ gnutls_digest_algorithm_t * digest,
+ gnutls_datum_t * issuer_name_hash,
+ gnutls_datum_t * issuer_key_hash,
+ gnutls_datum_t * serial_number);
+ int gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req,
+ gnutls_digest_algorithm_t digest,
+ const gnutls_datum_t *
+ issuer_name_hash,
+ const gnutls_datum_t *
+ issuer_key_hash,
+ const gnutls_datum_t *
+ serial_number);
+ int gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req,
+ gnutls_digest_algorithm_t digest,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_crt_t cert);
- int gnutls_ocsp_req_get_extension (gnutls_ocsp_req_t req,
- unsigned indx,
- gnutls_datum_t *oid,
- unsigned int *critical,
- gnutls_datum_t *data);
- int gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
- const char *oid,
- unsigned int critical,
- const gnutls_datum_t *data);
+ int gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t req,
+ unsigned indx,
+ gnutls_datum_t * oid,
+ unsigned int *critical,
+ gnutls_datum_t * data);
+ int gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req,
+ const char *oid,
+ unsigned int critical,
+ const gnutls_datum_t * data);
- int gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req,
- unsigned int *critical,
- gnutls_datum_t *nonce);
- int gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req,
- unsigned int critical,
- const gnutls_datum_t *nonce);
- int gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req);
+ int gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t req,
+ unsigned int *critical,
+ gnutls_datum_t * nonce);
+ int gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req,
+ unsigned int critical,
+ const gnutls_datum_t * nonce);
+ int gnutls_ocsp_req_randomize_nonce(gnutls_ocsp_req_t req);
- struct gnutls_ocsp_resp_int;
- typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t;
+ struct gnutls_ocsp_resp_int;
+ typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t;
- int gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * resp);
- void gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t resp);
+ int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp);
+ void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_import (gnutls_ocsp_resp_t resp,
- const gnutls_datum_t * data);
- int gnutls_ocsp_resp_export (gnutls_ocsp_resp_t resp,
- gnutls_datum_t * data);
- int gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp,
- gnutls_ocsp_print_formats_t format,
- gnutls_datum_t * out);
+ int gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
+ const gnutls_datum_t * data);
+ int gnutls_ocsp_resp_export(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * data);
+ int gnutls_ocsp_resp_print(gnutls_ocsp_resp_t resp,
+ gnutls_ocsp_print_formats_t format,
+ gnutls_datum_t * out);
- int gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_get_response (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *response_type_oid,
- gnutls_datum_t *response);
+ int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp);
+ int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t *
+ response_type_oid,
+ gnutls_datum_t * response);
- int gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *dn);
- time_t gnutls_ocsp_resp_get_produced (gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
- unsigned indx,
- gnutls_digest_algorithm_t *digest,
- gnutls_datum_t *issuer_name_hash,
- gnutls_datum_t *issuer_key_hash,
- gnutls_datum_t *serial_number,
- unsigned int *cert_status,
- time_t *this_update,
- time_t *next_update,
- time_t *revocation_time,
- unsigned int *revocation_reason);
- int gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp,
- unsigned indx,
- gnutls_datum_t *oid,
- unsigned int *critical,
- gnutls_datum_t *data);
- int gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_t resp,
- unsigned int *critical,
- gnutls_datum_t *nonce);
- int gnutls_ocsp_resp_get_signature_algorithm (gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_get_signature (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *sig);
- int gnutls_ocsp_resp_get_certs (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t ** certs,
- size_t *ncerts);
+ int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp);
+ int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * dn);
+ time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp);
+ int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
+ unsigned indx,
+ gnutls_digest_algorithm_t * digest,
+ gnutls_datum_t * issuer_name_hash,
+ gnutls_datum_t * issuer_key_hash,
+ gnutls_datum_t * serial_number,
+ unsigned int *cert_status,
+ time_t * this_update,
+ time_t * next_update,
+ time_t * revocation_time,
+ unsigned int *revocation_reason);
+ int gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t resp,
+ unsigned indx,
+ gnutls_datum_t * oid,
+ unsigned int *critical,
+ gnutls_datum_t * data);
+ int gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t resp,
+ unsigned int *critical,
+ gnutls_datum_t * nonce);
+ int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_t
+ resp);
+ int gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * sig);
+ int gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t ** certs,
+ size_t * ncerts);
- int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t issuer,
- unsigned int *verify,
- unsigned int flags);
- int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
- gnutls_x509_trust_list_t trustlist,
- unsigned int *verify,
- unsigned int flags);
+ int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t issuer,
+ unsigned int *verify,
+ unsigned int flags);
+ int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp,
+ gnutls_x509_trust_list_t trustlist,
+ unsigned int *verify,
+ unsigned int flags);
- int gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_t resp,
- unsigned int indx,
- gnutls_x509_crt_t crt);
+ int gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+ unsigned int indx,
+ gnutls_x509_crt_t crt);
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_OCSP_H */
+#endif /* GNUTLS_OCSP_H */
diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h
index e87e2d307f..abb0ed348b 100644
--- a/lib/includes/gnutls/openpgp.h
+++ b/lib/includes/gnutls/openpgp.h
@@ -31,8 +31,7 @@
#include <limits.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* Openpgp certificate stuff
@@ -45,257 +44,270 @@ extern "C"
*
* Enumeration of different OpenPGP key formats.
*/
- typedef enum gnutls_openpgp_crt_fmt
- {
- GNUTLS_OPENPGP_FMT_RAW,
- GNUTLS_OPENPGP_FMT_BASE64
- } gnutls_openpgp_crt_fmt_t;
+ typedef enum gnutls_openpgp_crt_fmt {
+ GNUTLS_OPENPGP_FMT_RAW,
+ GNUTLS_OPENPGP_FMT_BASE64
+ } gnutls_openpgp_crt_fmt_t;
#define GNUTLS_OPENPGP_KEYID_SIZE 8
#define GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE 20
- typedef unsigned char gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
+ typedef unsigned char
+ gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
/* gnutls_openpgp_cert_t should be defined in gnutls.h
*/
- /* initializes the memory for gnutls_openpgp_crt_t struct */
- int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key);
- /* frees all memory */
- void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key);
-
- int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format);
- int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size);
- int gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_datum_t * out);
-
- int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
+ /* initializes the memory for gnutls_openpgp_crt_t struct */
+ int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key);
+ /* frees all memory */
+ void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key);
+
+ int gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format);
+ int gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_openpgp_crt_export2(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert,
+ gnutls_certificate_print_formats_t
+ format, gnutls_datum_t * out);
/* The key_usage flags are defined in gnutls.h. They are
* the GNUTLS_KEY_* definitions.
*/
#define GNUTLS_OPENPGP_MASTER_KEYID_IDX INT_MAX
- int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
- unsigned int *key_usage);
- int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr,
- size_t * fprlen);
- int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen);
-
- int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
- int idx, char *buf, size_t * sizeof_buf);
-
- gnutls_pk_algorithm_t
- gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int *bits);
-
- int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key);
-
- time_t gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key);
- time_t gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key);
-
- int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid);
-
- int gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
- const char *hostname);
-
- int gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key);
-
- int gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key);
- int gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid);
- int gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
- unsigned int idx);
- gnutls_pk_algorithm_t
- gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *bits);
- time_t gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t
- key, unsigned int idx);
- time_t gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t
- key,
- unsigned int idx);
- int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid);
- int gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *key_usage);
-
- int gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y);
- int gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
- int gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y);
- int gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
-
- int gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid);
- int
- gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t
- keyid);
+ int gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key,
+ unsigned int *key_usage);
+ int gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key,
+ void *fpr, size_t * fprlen);
+ int gnutls_openpgp_crt_get_subkey_fingerprint(gnutls_openpgp_crt_t
+ key,
+ unsigned int idx,
+ void *fpr,
+ size_t * fprlen);
+
+ int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key,
+ int idx, char *buf,
+ size_t * sizeof_buf);
+
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t key,
+ unsigned int *bits);
+
+ int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key);
+
+ time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t
+ key);
+ time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t
+ key);
+
+ int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid);
+
+ int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key,
+ const char *hostname);
+
+ int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t
+ key);
+
+ int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key);
+ int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t
+ keyid);
+ int gnutls_openpgp_crt_get_subkey_revoked_status
+ (gnutls_openpgp_crt_t key, unsigned int idx);
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t
+ key,
+ unsigned int idx,
+ unsigned int *bits);
+ time_t
+ gnutls_openpgp_crt_get_subkey_creation_time
+ (gnutls_openpgp_crt_t key, unsigned int idx);
+ time_t
+ gnutls_openpgp_crt_get_subkey_expiration_time
+ (gnutls_openpgp_crt_t key, unsigned int idx);
+ int gnutls_openpgp_crt_get_subkey_id(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid);
+ int gnutls_openpgp_crt_get_subkey_usage(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *key_usage);
+
+ int gnutls_openpgp_crt_get_subkey_pk_dsa_raw(gnutls_openpgp_crt_t
+ crt, unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+ int gnutls_openpgp_crt_get_subkey_pk_rsa_raw(gnutls_openpgp_crt_t
+ crt, unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+ int gnutls_openpgp_crt_get_pk_dsa_raw(gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+ int gnutls_openpgp_crt_get_pk_rsa_raw(gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+
+ int gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t
+ key,
+ gnutls_openpgp_keyid_t
+ keyid);
+ int
+ gnutls_openpgp_crt_set_preferred_key_id(gnutls_openpgp_crt_t key,
+ const
+ gnutls_openpgp_keyid_t
+ keyid);
/* privkey stuff.
*/
- int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key);
- void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key);
- gnutls_pk_algorithm_t
- gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int *bits);
-
- gnutls_sec_param_t
- gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key);
- int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const char *password,
- unsigned int flags);
-
- int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
- void *fpr, size_t * fprlen);
- int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t
- key, unsigned int idx,
- void *fpr,
- size_t * fprlen);
- int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid);
- int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
- int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid);
-
- int
- gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
- key, unsigned int idx);
-
- int gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t
- key);
-
- gnutls_pk_algorithm_t
- gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t
- key, unsigned int idx,
- unsigned int *bits);
-
- time_t
- gnutls_openpgp_privkey_get_subkey_expiration_time
- (gnutls_openpgp_privkey_t key, unsigned int idx);
-
- int gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid);
-
- time_t
- gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t
- key, unsigned int idx);
-
- int
- gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t
- pkey, unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
- int gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t
- pkey, unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
-
- int gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
- int gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
-
- int gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size);
- int gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- gnutls_datum_t * out);
-
- int
- gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid);
- int gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t
- key,
- gnutls_openpgp_keyid_t
- keyid);
-
- int gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flag);
+ int gnutls_openpgp_privkey_init(gnutls_openpgp_privkey_t * key);
+ void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t key);
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_privkey_get_pk_algorithm
+ (gnutls_openpgp_privkey_t key, unsigned int *bits);
+
+ gnutls_sec_param_t
+ gnutls_openpgp_privkey_sec_param(gnutls_openpgp_privkey_t key);
+ int gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+
+ int gnutls_openpgp_privkey_get_fingerprint(gnutls_openpgp_privkey_t
+ key, void *fpr,
+ size_t * fprlen);
+ int gnutls_openpgp_privkey_get_subkey_fingerprint
+ (gnutls_openpgp_privkey_t key, unsigned int idx, void *fpr,
+ size_t * fprlen);
+ int gnutls_openpgp_privkey_get_key_id(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t
+ keyid);
+ int gnutls_openpgp_privkey_get_subkey_count
+ (gnutls_openpgp_privkey_t key);
+ int gnutls_openpgp_privkey_get_subkey_idx(gnutls_openpgp_privkey_t
+ key,
+ const
+ gnutls_openpgp_keyid_t
+ keyid);
+
+ int
+ gnutls_openpgp_privkey_get_subkey_revoked_status
+ (gnutls_openpgp_privkey_t key, unsigned int idx);
+
+ int gnutls_openpgp_privkey_get_revoked_status
+ (gnutls_openpgp_privkey_t key);
+
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm
+ (gnutls_openpgp_privkey_t key, unsigned int idx,
+ unsigned int *bits);
+
+ time_t
+ gnutls_openpgp_privkey_get_subkey_expiration_time
+ (gnutls_openpgp_privkey_t key, unsigned int idx);
+
+ int gnutls_openpgp_privkey_get_subkey_id(gnutls_openpgp_privkey_t
+ key, unsigned int idx,
+ gnutls_openpgp_keyid_t
+ keyid);
+
+ time_t
+ gnutls_openpgp_privkey_get_subkey_creation_time
+ (gnutls_openpgp_privkey_t key, unsigned int idx);
+
+ int
+ gnutls_openpgp_privkey_export_subkey_dsa_raw
+ (gnutls_openpgp_privkey_t pkey, unsigned int idx,
+ gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g,
+ gnutls_datum_t * y, gnutls_datum_t * x);
+ int gnutls_openpgp_privkey_export_subkey_rsa_raw
+ (gnutls_openpgp_privkey_t pkey, unsigned int idx,
+ gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
+ gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u);
+
+ int gnutls_openpgp_privkey_export_dsa_raw(gnutls_openpgp_privkey_t
+ pkey, gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
+ int gnutls_openpgp_privkey_export_rsa_raw(gnutls_openpgp_privkey_t
+ pkey, gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
+
+ int gnutls_openpgp_privkey_export(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_openpgp_privkey_export2(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ gnutls_datum_t * out);
+
+ int
+ gnutls_openpgp_privkey_set_preferred_key_id
+ (gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t keyid);
+ int gnutls_openpgp_privkey_get_preferred_key_id
+ (gnutls_openpgp_privkey_t key, gnutls_openpgp_keyid_t keyid);
+
+ int gnutls_openpgp_crt_get_auth_subkey(gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t
+ keyid, unsigned int flag);
/* Keyring stuff.
*/
- int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring);
- void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring);
+ int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t *
+ keyring);
+ void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t
+ keyring);
- int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format);
+ int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format);
- int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags);
+ int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring,
+ const gnutls_openpgp_keyid_t
+ keyid, unsigned int flags);
- int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyring_t keyring,
- unsigned int flags, unsigned int *verify
- /* the output of the verification */ );
+ int gnutls_openpgp_crt_verify_ring(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyring_t
+ keyring, unsigned int flags,
+ unsigned int *verify
+ /* the output of the verification */
+ );
- int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
- unsigned int flags,
- unsigned int *verify);
+ int gnutls_openpgp_crt_verify_self(gnutls_openpgp_crt_t key,
+ unsigned int flags,
+ unsigned int *verify);
- int gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
- unsigned int idx,
- gnutls_openpgp_crt_t * cert);
+ int gnutls_openpgp_keyring_get_crt(gnutls_openpgp_keyring_t ring,
+ unsigned int idx,
+ gnutls_openpgp_crt_t * cert);
- int gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring);
+ int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t
+ ring);
@@ -316,59 +328,56 @@ extern "C"
* Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
* otherwise an error code is returned.
*/
- typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session,
- const unsigned char *keyfpr,
- unsigned int keyfpr_length,
- gnutls_datum_t * key);
+ typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t
+ session,
+ const unsigned char
+ *keyfpr,
+ unsigned int
+ keyfpr_length,
+ gnutls_datum_t * key);
- void
- gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
- gnutls_openpgp_recv_key_func func);
+ void
+ gnutls_openpgp_set_recv_key_function(gnutls_session_t session,
+ gnutls_openpgp_recv_key_func
+ func);
/* certificate authentication stuff.
*/
- int gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_privkey_t pkey);
-
- int
- gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- gnutls_openpgp_crt_fmt_t format);
- int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
- res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_openpgp_crt_fmt_t
- format);
-
- int
- gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t
- format);
- int
- gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t
- res, const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format);
-
- int gnutls_certificate_set_openpgp_keyring_mem (
- gnutls_certificate_credentials_t c, const unsigned char *data,
- size_t dlen, gnutls_openpgp_crt_fmt_t format);
-
- int gnutls_certificate_set_openpgp_keyring_file (
- gnutls_certificate_credentials_t c, const char *file,
- gnutls_openpgp_crt_fmt_t format);
+ int gnutls_certificate_set_openpgp_key
+ (gnutls_certificate_credentials_t res,
+ gnutls_openpgp_crt_t crt, gnutls_openpgp_privkey_t pkey);
+
+ int
+ gnutls_certificate_set_openpgp_key_file
+ (gnutls_certificate_credentials_t res, const char *certfile,
+ const char *keyfile, gnutls_openpgp_crt_fmt_t format);
+ int gnutls_certificate_set_openpgp_key_mem
+ (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert, const gnutls_datum_t * key,
+ gnutls_openpgp_crt_fmt_t format);
+
+ int
+ gnutls_certificate_set_openpgp_key_file2
+ (gnutls_certificate_credentials_t res, const char *certfile,
+ const char *keyfile, const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format);
+ int
+ gnutls_certificate_set_openpgp_key_mem2
+ (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert, const gnutls_datum_t * key,
+ const char *subkey_id, gnutls_openpgp_crt_fmt_t format);
+
+ int gnutls_certificate_set_openpgp_keyring_mem
+ (gnutls_certificate_credentials_t c, const unsigned char *data,
+ size_t dlen, gnutls_openpgp_crt_fmt_t format);
+
+ int gnutls_certificate_set_openpgp_keyring_file
+ (gnutls_certificate_credentials_t c, const char *file,
+ gnutls_openpgp_crt_fmt_t format);
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_OPENPGP_H */
+#endif /* GNUTLS_OPENPGP_H */
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index d3e641b7f1..13015c0bef 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -29,8 +29,7 @@
#include <gnutls/x509.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define GNUTLS_PKCS11_MAX_PIN_LEN 32
@@ -53,46 +52,51 @@ extern "C"
*
* Since: 2.12.0
**/
-typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata,
- const char *const label,
- unsigned retry);
+ typedef int (*gnutls_pkcs11_token_callback_t) (void *const
+ userdata,
+ const char *const
+ label,
+ unsigned retry);
-struct gnutls_pkcs11_obj_st;
-typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
+ struct gnutls_pkcs11_obj_st;
+ typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
-#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
-#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
+#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
+#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
/* pkcs11.conf format:
* load = /lib/xxx-pkcs11.so
* load = /lib/yyy-pkcs11.so
*/
-int gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file);
-int gnutls_pkcs11_reinit (void);
-void gnutls_pkcs11_deinit (void);
-void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
- void *userdata);
-
-void gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn,
- void *userdata);
-
-gnutls_pin_callback_t gnutls_pkcs11_get_pin_function (void **userdata);
-
-int gnutls_pkcs11_add_provider (const char *name, const char *params);
-int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj);
-void gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj,
- gnutls_pin_callback_t fn,
- void *userdata);
-
-#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
-#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a security officer in the token for the operation */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (requires PIN to access) */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not private */
+ int gnutls_pkcs11_init(unsigned int flags,
+ const char *deprecated_config_file);
+ int gnutls_pkcs11_reinit(void);
+ void gnutls_pkcs11_deinit(void);
+ void gnutls_pkcs11_set_token_function
+ (gnutls_pkcs11_token_callback_t fn, void *userdata);
+
+ void gnutls_pkcs11_set_pin_function(gnutls_pin_callback_t fn,
+ void *userdata);
+
+ gnutls_pin_callback_t gnutls_pkcs11_get_pin_function(void
+ **userdata);
+
+ int gnutls_pkcs11_add_provider(const char *name,
+ const char *params);
+ int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj);
+ void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj,
+ gnutls_pin_callback_t fn,
+ void *userdata);
+
+#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
+#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a security officer in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (requires PIN to access) */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not private */
/**
* gnutls_pkcs11_url_type_t:
@@ -102,41 +106,51 @@ void gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj,
*
* Enumeration of different URL extraction flags.
*/
-typedef enum
- {
- GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
- GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
- GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
- } gnutls_pkcs11_url_type_t;
-
-int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t obj,
- const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
-void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj);
-
-int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
- void *output_data, size_t * output_data_size);
-int gnutls_pkcs11_obj_export2 (gnutls_pkcs11_obj_t obj,
- gnutls_datum_t *out);
-
-int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt,
- const char *label, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t key,
- const char *label, unsigned int key_usage /*GNUTLS_KEY_* */, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-
-int gnutls_pkcs11_copy_secret_key (const char *token_url,
- gnutls_datum_t * key, const char *label,
- unsigned int key_usage /* GNUTLS_KEY_* */ ,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ typedef enum {
+ GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
+ GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
+ GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
+ } gnutls_pkcs11_url_type_t;
+
+ int gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj,
+ const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t obj,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+ void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t obj);
+
+ int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj,
+ gnutls_datum_t * out);
+
+ int gnutls_pkcs11_copy_x509_crt(const char *token_url,
+ gnutls_x509_crt_t crt,
+ const char *label,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage
+ /*GNUTLS_KEY_* */ ,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+ int gnutls_pkcs11_delete_url(const char *object_url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+ int gnutls_pkcs11_copy_secret_key(const char *token_url,
+ gnutls_datum_t * key,
+ const char *label,
+ unsigned int key_usage
+ /* GNUTLS_KEY_* */ ,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
/**
* gnutls_pkcs11_obj_info_t:
@@ -153,24 +167,23 @@ int gnutls_pkcs11_copy_secret_key (const char *token_url,
*
* Enumeration of several object information types.
*/
-typedef enum
- {
- GNUTLS_PKCS11_OBJ_ID_HEX = 1,
- GNUTLS_PKCS11_OBJ_LABEL,
- GNUTLS_PKCS11_OBJ_TOKEN_LABEL,
- GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
- GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER,
- GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
- GNUTLS_PKCS11_OBJ_ID,
- /* the pkcs11 provider library info */
- GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
- GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
- GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
- } gnutls_pkcs11_obj_info_t;
-
-int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size);
+ typedef enum {
+ GNUTLS_PKCS11_OBJ_ID_HEX = 1,
+ GNUTLS_PKCS11_OBJ_LABEL,
+ GNUTLS_PKCS11_OBJ_TOKEN_LABEL,
+ GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
+ GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER,
+ GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
+ GNUTLS_PKCS11_OBJ_ID,
+ /* the pkcs11 provider library info */
+ GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
+ GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
+ GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
+ } gnutls_pkcs11_obj_info_t;
+
+ int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size);
/**
* gnutls_pkcs11_obj_attr_t:
@@ -184,16 +197,15 @@ int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
*
* Enumeration of several attributes for object enumeration.
*/
-typedef enum
- {
- GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
- GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
- GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
- GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, /* CAs */
- } gnutls_pkcs11_obj_attr_t;
+ typedef enum {
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
+ GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
+ GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
+ GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, /* CAs */
+ } gnutls_pkcs11_obj_attr_t;
/**
* gnutls_pkcs11_token_info_t:
@@ -204,13 +216,12 @@ typedef enum
*
* Enumeration of types for retrieving token information.
*/
-typedef enum
- {
- GNUTLS_PKCS11_TOKEN_LABEL,
- GNUTLS_PKCS11_TOKEN_SERIAL,
- GNUTLS_PKCS11_TOKEN_MANUFACTURER,
- GNUTLS_PKCS11_TOKEN_MODEL
- } gnutls_pkcs11_token_info_t;
+ typedef enum {
+ GNUTLS_PKCS11_TOKEN_LABEL,
+ GNUTLS_PKCS11_TOKEN_SERIAL,
+ GNUTLS_PKCS11_TOKEN_MANUFACTURER,
+ GNUTLS_PKCS11_TOKEN_MODEL
+ } gnutls_pkcs11_token_info_t;
/**
* gnutls_pkcs11_obj_type_t:
@@ -223,108 +234,120 @@ typedef enum
*
* Enumeration of object types.
*/
-typedef enum
- {
- GNUTLS_PKCS11_OBJ_UNKNOWN,
- GNUTLS_PKCS11_OBJ_X509_CRT,
- GNUTLS_PKCS11_OBJ_PUBKEY,
- GNUTLS_PKCS11_OBJ_PRIVKEY,
- GNUTLS_PKCS11_OBJ_SECRET_KEY,
- GNUTLS_PKCS11_OBJ_DATA
- } gnutls_pkcs11_obj_type_t;
-
-int
-gnutls_pkcs11_token_init (const char *token_url,
- const char *so_pin, const char *label);
-
-int
-gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx,
- unsigned long *mechanism);
-
-int gnutls_pkcs11_token_set_pin (const char *token_url,
- const char *oldpin,
- const char *newpin,
- unsigned int flags /*gnutls_pin_flag_t */
- );
-
-int gnutls_pkcs11_token_get_url (unsigned int seq,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
-int gnutls_pkcs11_token_get_info (const char *url,
- gnutls_pkcs11_token_info_t ttype,
- void *output, size_t * output_size);
+ typedef enum {
+ GNUTLS_PKCS11_OBJ_UNKNOWN,
+ GNUTLS_PKCS11_OBJ_X509_CRT,
+ GNUTLS_PKCS11_OBJ_PUBKEY,
+ GNUTLS_PKCS11_OBJ_PRIVKEY,
+ GNUTLS_PKCS11_OBJ_SECRET_KEY,
+ GNUTLS_PKCS11_OBJ_DATA
+ } gnutls_pkcs11_obj_type_t;
+
+ int
+ gnutls_pkcs11_token_init(const char *token_url,
+ const char *so_pin, const char *label);
+
+ int
+ gnutls_pkcs11_token_get_mechanism(const char *url,
+ unsigned int idx,
+ unsigned long *mechanism);
+
+ int gnutls_pkcs11_token_set_pin(const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pin_flag_t */
+ );
+
+ int gnutls_pkcs11_token_get_url(unsigned int seq,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+ int gnutls_pkcs11_token_get_info(const char *url,
+ gnutls_pkcs11_token_info_t ttype,
+ void *output,
+ size_t * output_size);
#define GNUTLS_PKCS11_TOKEN_HW 1
-int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags);
-
-int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
- unsigned int *const n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-
-int
-gnutls_pkcs11_obj_list_import_url2 (gnutls_pkcs11_obj_t ** p_list,
- unsigned int *n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-
-int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
- gnutls_pkcs11_obj_t pkcs11_crt);
-int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-
-gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj);
-const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type);
-
-int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
- unsigned int cert_max,
- gnutls_pkcs11_obj_t * const objs,
- unsigned int flags /* must be zero */);
+ int gnutls_pkcs11_token_get_flags(const char *url,
+ unsigned int *flags);
+
+ int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
+ unsigned int *const n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t
+ attrs, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+
+ int
+ gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+
+ int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt,
+ gnutls_pkcs11_obj_t pkcs11_crt);
+ int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
+ const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+
+ gnutls_pkcs11_obj_type_t
+ gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t obj);
+ const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t
+ type);
+
+ int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs,
+ unsigned int cert_max,
+ gnutls_pkcs11_obj_t *
+ const objs,
+ unsigned int flags
+ /* must be zero */ );
/* private key functions...*/
-int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key);
-void gnutls_pkcs11_privkey_set_pin_function (gnutls_pkcs11_privkey_t key,
- gnutls_pin_callback_t fn,
- void *userdata);
-void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key);
-int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
- unsigned int *bits);
-int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size);
-
-int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
- const char *url, unsigned int flags);
-
-int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
-int gnutls_pkcs11_privkey_status (gnutls_pkcs11_privkey_t key);
-
-int gnutls_pkcs11_privkey_generate (const char* url,
- gnutls_pk_algorithm_t pk,
- unsigned int bits,
- const char* label, unsigned int flags);
-
-int
-gnutls_pkcs11_privkey_generate2 (const char* url, gnutls_pk_algorithm_t pk,
- unsigned int bits, const char* label,
- gnutls_x509_crt_fmt_t fmt,
- gnutls_datum_t * pubkey,
- unsigned int flags);
-
-int
-gnutls_pkcs11_token_get_random (const char* token_url,
- void* data,
- size_t len);
+ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key);
+ void gnutls_pkcs11_privkey_set_pin_function(gnutls_pkcs11_privkey_t
+ key,
+ gnutls_pin_callback_t
+ fn, void *userdata);
+ void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key);
+ int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t
+ key,
+ unsigned int *bits);
+ int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output,
+ size_t * output_size);
+
+ int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+ const char *url,
+ unsigned int flags);
+
+ int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
+ gnutls_pkcs11_url_type_t
+ detailed, char **url);
+ int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key);
+
+ int gnutls_pkcs11_privkey_generate(const char *url,
+ gnutls_pk_algorithm_t pk,
+ unsigned int bits,
+ const char *label,
+ unsigned int flags);
+
+ int
+ gnutls_pkcs11_privkey_generate2(const char *url,
+ gnutls_pk_algorithm_t pk,
+ unsigned int bits,
+ const char *label,
+ gnutls_x509_crt_fmt_t fmt,
+ gnutls_datum_t * pubkey,
+ unsigned int flags);
+
+ int
+ gnutls_pkcs11_token_get_random(const char *token_url,
+ void *data, size_t len);
#ifdef __cplusplus
}
#endif
-
#endif
diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index ef8f209679..ad1410d434 100644
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -26,51 +26,57 @@
#include <gnutls/x509.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
- /* PKCS12 structures handling
- */
- struct gnutls_pkcs12_int;
- typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
-
- struct gnutls_pkcs12_bag_int;
- typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
-
- int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
- void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
- int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
- int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_pkcs12_export2 (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t *out);
-
- int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
- int indx, gnutls_pkcs12_bag_t bag);
- int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
-
- int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass);
- int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass);
-
- int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass);
- int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
- unsigned int flags);
+ /* PKCS12 structures handling
+ */
+ struct gnutls_pkcs12_int;
+ typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
+
+ struct gnutls_pkcs12_bag_int;
+ typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
+
+ int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12);
+ void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12);
+ int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+ int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12,
+ int indx, gnutls_pkcs12_bag_t bag);
+ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12,
+ gnutls_pkcs12_bag_t bag);
+
+ int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12,
+ const char *pass);
+ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12,
+ const char *pass);
+
+ int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag,
+ const char *pass);
+ int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag,
+ const char *pass,
+ unsigned int flags);
#define GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED 1
- int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
- const char *password,
- gnutls_x509_privkey_t * key,
- gnutls_x509_crt_t ** chain,
- unsigned int * chain_len,
- gnutls_x509_crt_t ** extra_certs,
- unsigned int * extra_certs_len,
- gnutls_x509_crl_t * crl,
- unsigned int flags);
+ int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
+ const char *password,
+ gnutls_x509_privkey_t * key,
+ gnutls_x509_crt_t ** chain,
+ unsigned int *chain_len,
+ gnutls_x509_crt_t ** extra_certs,
+ unsigned int *extra_certs_len,
+ gnutls_x509_crl_t * crl,
+ unsigned int flags);
/**
* gnutls_pkcs12_bag_type_t:
@@ -85,50 +91,49 @@ extern "C"
*
* Enumeration of different PKCS 12 bag types.
*/
- typedef enum gnutls_pkcs12_bag_type_t
- {
- GNUTLS_BAG_EMPTY = 0,
- GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1,
- GNUTLS_BAG_PKCS8_KEY = 2,
- GNUTLS_BAG_CERTIFICATE = 3,
- GNUTLS_BAG_CRL = 4,
- GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
- * gnutls extension. We use the PKCS-9
- * random nonce ID 1.2.840.113549.1.9.25.3
- * to store randomly generated keys.
- */
- GNUTLS_BAG_ENCRYPTED = 10,
- GNUTLS_BAG_UNKNOWN = 20
- } gnutls_pkcs12_bag_type_t;
-
- gnutls_pkcs12_bag_type_t
- gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx);
- int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * data);
- int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
- gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * data);
- int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag,
- gnutls_x509_crl_t crl);
- int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag,
- gnutls_x509_crt_t crt);
-
- int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
- void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
- int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag);
-
- int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * id);
- int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
- const gnutls_datum_t * id);
-
- int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- char **name);
- int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- const char *name);
+ typedef enum gnutls_pkcs12_bag_type_t {
+ GNUTLS_BAG_EMPTY = 0,
+ GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1,
+ GNUTLS_BAG_PKCS8_KEY = 2,
+ GNUTLS_BAG_CERTIFICATE = 3,
+ GNUTLS_BAG_CRL = 4,
+ GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
+ * gnutls extension. We use the PKCS-9
+ * random nonce ID 1.2.840.113549.1.9.25.3
+ * to store randomly generated keys.
+ */
+ GNUTLS_BAG_ENCRYPTED = 10,
+ GNUTLS_BAG_UNKNOWN = 20
+ } gnutls_pkcs12_bag_type_t;
+
+ gnutls_pkcs12_bag_type_t
+ gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t bag, int indx);
+ int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * data);
+ int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag,
+ gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * data);
+ int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag,
+ gnutls_x509_crl_t crl);
+ int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag,
+ gnutls_x509_crt_t crt);
+
+ int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag);
+ void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag);
+ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag);
+
+ int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * id);
+ int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx,
+ const gnutls_datum_t * id);
+
+ int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag,
+ int indx, char **name);
+ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag,
+ int indx,
+ const char *name);
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_PKCS12_H */
+#endif /* GNUTLS_PKCS12_H */
diff --git a/lib/includes/gnutls/tpm.h b/lib/includes/gnutls/tpm.h
index 4d59d2e504..cf2c0dd566 100644
--- a/lib/includes/gnutls/tpm.h
+++ b/lib/includes/gnutls/tpm.h
@@ -27,12 +27,11 @@
#include <gnutls/x509.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
-struct tpm_key_list_st;
-typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
+ struct tpm_key_list_st;
+ typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
#define GNUTLS_TPM_KEY_SIGNING (1<<1)
#define GNUTLS_TPM_REGISTER_KEY (1<<2)
@@ -46,31 +45,33 @@ typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
*
* Enumeration of different certificate encoding formats.
*/
- typedef enum
- {
- GNUTLS_TPMKEY_FMT_RAW = 0,
- GNUTLS_TPMKEY_FMT_DER = GNUTLS_TPMKEY_FMT_RAW,
- GNUTLS_TPMKEY_FMT_CTK_PEM = 1
- } gnutls_tpmkey_fmt_t;
+ typedef enum {
+ GNUTLS_TPMKEY_FMT_RAW = 0,
+ GNUTLS_TPMKEY_FMT_DER = GNUTLS_TPMKEY_FMT_RAW,
+ GNUTLS_TPMKEY_FMT_CTK_PEM = 1
+ } gnutls_tpmkey_fmt_t;
-int
-gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
- const char* srk_password,
- const char* key_password,
- gnutls_tpmkey_fmt_t format,
- gnutls_x509_crt_fmt_t pub_format,
- gnutls_datum_t* privkey,
- gnutls_datum_t* pubkey,
- unsigned int flags);
+ int
+ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk,
+ unsigned int bits,
+ const char *srk_password,
+ const char *key_password,
+ gnutls_tpmkey_fmt_t format,
+ gnutls_x509_crt_fmt_t pub_format,
+ gnutls_datum_t * privkey,
+ gnutls_datum_t * pubkey,
+ unsigned int flags);
-void gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list);
-int gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char** url, unsigned int flags);
-int gnutls_tpm_get_registered (gnutls_tpm_key_list_t *list);
-int gnutls_tpm_privkey_delete (const char* url, const char* srk_password);
+ void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list);
+ int gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list,
+ unsigned int idx, char **url,
+ unsigned int flags);
+ int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list);
+ int gnutls_tpm_privkey_delete(const char *url,
+ const char *srk_password);
#ifdef __cplusplus
}
#endif
-
#endif
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 3e2bf2b570..c06ff4735e 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -30,8 +30,7 @@
#include <gnutls/gnutls.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* Some OIDs usually found in Distinguished names, or
@@ -100,94 +99,118 @@ extern "C"
*
* Enumeration of different certificate import flags.
*/
- typedef enum gnutls_certificate_import_flags
- {
- GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,
- GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2
- } gnutls_certificate_import_flags;
-
- int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
- void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
- int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
- int gnutls_x509_crt_list_import2 (gnutls_x509_crt_t ** certs,
- unsigned int * size,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
- int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
- unsigned int *cert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags);
- int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_x509_crt_export2 (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t* out);
- int gnutls_x509_crt_get_private_key_usage_period (gnutls_x509_crt_t cert, time_t* activation, time_t* expiration,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * buf_size);
- int gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);
- int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size);
- int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag,
- void *buf, size_t * buf_size);
- int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * buf_size);
- int gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);
- int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size);
- int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * buf_size);
- int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,
- const char *hostname);
-
- int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
- int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
- char *sig, size_t * sizeof_sig);
- int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
- int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
-
- int gnutls_x509_crt_set_private_key_usage_period (gnutls_x509_crt_t crt,
- time_t activation,
- time_t expiration);
- int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size);
- int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
- void *id, size_t * id_size,
- unsigned int *critical);
- int gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *alt,
- size_t * alt_size,
- unsigned int *alt_type,
- void* serial,
- size_t *serial_size,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
- void *ret, size_t * ret_size,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * buf_size);
-
- int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * buf_size);
-
- void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt,
- gnutls_pin_callback_t fn, void *userdata);
+ typedef enum gnutls_certificate_import_flags {
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,
+ GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2
+ } gnutls_certificate_import_flags;
+
+ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert);
+ void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_import(gnutls_x509_crt_t cert,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs,
+ unsigned int *size,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+ int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs,
+ unsigned int *cert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+ int gnutls_x509_crt_export(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crt_export2(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+ int gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t
+ cert,
+ time_t *
+ activation,
+ time_t *
+ expiration,
+ unsigned int
+ *critical);
+
+ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert,
+ char *buf, size_t * buf_size);
+ int gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert,
+ gnutls_datum_t * dn);
+ int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * oid_size);
+ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag,
+ void *buf,
+ size_t * buf_size);
+ int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf,
+ size_t * buf_size);
+ int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert,
+ gnutls_datum_t * dn);
+ int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * oid_size);
+ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * buf_size);
+ int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
+ const char *hostname);
+
+ int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t
+ cert);
+ int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
+ char *sig, size_t * sizeof_sig);
+ int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+ int gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t
+ crt,
+ time_t activation,
+ time_t
+ expiration);
+ int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert,
+ const void *id,
+ size_t id_size);
+ int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert,
+ void *id,
+ size_t * id_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t
+ cert,
+ unsigned int seq,
+ void *alt,
+ size_t * alt_size,
+ unsigned int
+ *alt_type,
+ void *serial,
+ size_t *
+ serial_size,
+ unsigned int
+ *critical);
+
+ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert,
+ void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt,
+ char *buf,
+ size_t * buf_size);
+
+ int gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt,
+ char *buf,
+ size_t * buf_size);
+
+ void gnutls_x509_crt_set_pin_function(gnutls_x509_crt_t crt,
+ gnutls_pin_callback_t fn,
+ void *userdata);
/**
* gnutls_info_access_what_t:
@@ -200,22 +223,24 @@ extern "C"
* Enumeration of types for the @what parameter of
* gnutls_x509_crt_get_authority_info_access().
*/
- typedef enum gnutls_info_access_what_t
- {
- GNUTLS_IA_ACCESSMETHOD_OID = 1,
- GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2,
- /* use 100-108 for the generalName types, populate as needed */
- GNUTLS_IA_URI = 106,
- /* quick-access variants that match both OID and name type. */
- GNUTLS_IA_OCSP_URI = 10006,
- GNUTLS_IA_CAISSUERS_URI = 10106
- } gnutls_info_access_what_t;
-
- int gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
- unsigned int seq,
- int what,
- gnutls_datum_t * data,
- unsigned int *critical);
+ typedef enum gnutls_info_access_what_t {
+ GNUTLS_IA_ACCESSMETHOD_OID = 1,
+ GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2,
+ /* use 100-108 for the generalName types, populate as needed */
+ GNUTLS_IA_URI = 106,
+ /* quick-access variants that match both OID and name type. */
+ GNUTLS_IA_OCSP_URI = 10006,
+ GNUTLS_IA_CAISSUERS_URI = 10106
+ } gnutls_info_access_what_t;
+
+ int gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t
+ crt,
+ unsigned int seq,
+ int what,
+ gnutls_datum_t *
+ data,
+ unsigned int
+ *critical);
#define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED,
/**
@@ -232,110 +257,125 @@ extern "C"
*
* Enumeration of types for the CRL revocation reasons.
*/
- typedef enum gnutls_x509_crl_reason_flags_t
- {
- GNUTLS_CRL_REASON_UNSPECIFIED=0,
- GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN=1,
- GNUTLS_CRL_REASON_CERTIFICATE_HOLD=2,
- GNUTLS_CRL_REASON_CESSATION_OF_OPERATION=4,
- GNUTLS_CRL_REASON_SUPERSEDED=8,
- GNUTLS_CRL_REASON_AFFILIATION_CHANGED=16,
- GNUTLS_CRL_REASON_CA_COMPROMISE=32,
- GNUTLS_CRL_REASON_KEY_COMPROMISE=64,
- GNUTLS_CRL_REASON_UNUSED=128,
- GNUTLS_CRL_REASON_AA_COMPROMISE=32768
- } gnutls_x509_crl_reason_flags_t;
-
- int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *reason_flags,
- unsigned int *critical);
- int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int reason_flags);
- int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data_string,
- unsigned int reason_flags);
- int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
- gnutls_x509_crt_t src);
-
- int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
-
- time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);
- time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);
- int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
- size_t * result_size);
-
- int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
- unsigned int *bits);
- int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e);
- int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y);
-
- int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *san,
- size_t * san_size,
- unsigned int *critical);
- int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *san,
- size_t * san_size,
- unsigned int *san_type,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *oid,
- size_t * oid_size);
-
- int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ian,
- size_t * ian_size,
- unsigned int *critical);
- int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ian,
- size_t * ian_size,
- unsigned int *ian_type,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size);
-
- int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
- unsigned int *critical);
- int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
- unsigned int *critical,
- unsigned int *ca, int *pathlen);
+ typedef enum gnutls_x509_crl_reason_flags_t {
+ GNUTLS_CRL_REASON_UNSPECIFIED = 0,
+ GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN = 1,
+ GNUTLS_CRL_REASON_CERTIFICATE_HOLD = 2,
+ GNUTLS_CRL_REASON_CESSATION_OF_OPERATION = 4,
+ GNUTLS_CRL_REASON_SUPERSEDED = 8,
+ GNUTLS_CRL_REASON_AFFILIATION_CHANGED = 16,
+ GNUTLS_CRL_REASON_CA_COMPROMISE = 32,
+ GNUTLS_CRL_REASON_KEY_COMPROMISE = 64,
+ GNUTLS_CRL_REASON_UNUSED = 128,
+ GNUTLS_CRL_REASON_AA_COMPROMISE = 32768
+ } gnutls_x509_crl_reason_flags_t;
+
+ int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int
+ reason_flags);
+ int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type,
+ const void *data_string,
+ unsigned int reason_flags);
+ int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst,
+ gnutls_x509_crt_t src);
+
+ int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert);
+ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert,
+ void *result, size_t * result_size);
+
+ int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
+ unsigned int *bits);
+ int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+ int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+
+ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *san,
+ size_t * san_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *san,
+ size_t * san_size,
+ unsigned int *san_type,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t
+ cert,
+ unsigned int seq,
+ void *oid,
+ size_t *
+ oid_size);
+
+ int gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ian,
+ size_t * ian_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ian,
+ size_t * ian_size,
+ unsigned int *ian_type,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t
+ cert,
+ unsigned int seq,
+ void *ret,
+ size_t *
+ ret_size);
+
+ int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ unsigned int *ca,
+ int *pathlen);
/* The key_usage flags are defined in gnutls.h. They are the
* GNUTLS_KEY_* definitions.
*/
- int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
- unsigned int *key_usage,
- unsigned int *critical);
- int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,
- unsigned int usage);
- int gnutls_x509_crt_set_authority_info_access (gnutls_x509_crt_t crt,
- int what,
- gnutls_datum_t * data);
-
- int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *pathlen,
- char **policyLanguage,
- char **policy, size_t * sizeof_policy);
+ int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert,
+ unsigned int *key_usage,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt,
+ unsigned int usage);
+ int gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t
+ crt, int what,
+ gnutls_datum_t *
+ data);
+
+ int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ int *pathlen,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy);
#define GNUTLS_MAX_QUALIFIERS 8
@@ -347,310 +387,349 @@ extern "C"
*
* Enumeration of types for the X.509 qualifiers, of the certificate policy extension.
*/
- typedef enum gnutls_x509_qualifier_t
- {
- GNUTLS_X509_QUALIFIER_UNKNOWN = 0, GNUTLS_X509_QUALIFIER_URI,
- GNUTLS_X509_QUALIFIER_NOTICE
- } gnutls_x509_qualifier_t;
-
- typedef struct gnutls_x509_policy_st
- {
- char* oid;
- unsigned int qualifiers;
- struct {
- gnutls_x509_qualifier_t type;
- char* data;
- unsigned int size;
- } qualifier[GNUTLS_MAX_QUALIFIERS];
- } gnutls_x509_policy_st;
-
- void gnutls_x509_policy_release(struct gnutls_x509_policy_st* policy);
- int gnutls_x509_crt_get_policy (gnutls_x509_crt_t crt, int indx,
- struct gnutls_x509_policy_st* policy,
- unsigned int * critical);
- int gnutls_x509_crt_set_policy (gnutls_x509_crt_t crt, struct gnutls_x509_policy_st* policy,
- unsigned int critical);
-
- int gnutls_x509_dn_oid_known (const char *oid);
+ typedef enum gnutls_x509_qualifier_t {
+ GNUTLS_X509_QUALIFIER_UNKNOWN =
+ 0, GNUTLS_X509_QUALIFIER_URI,
+ GNUTLS_X509_QUALIFIER_NOTICE
+ } gnutls_x509_qualifier_t;
+
+ typedef struct gnutls_x509_policy_st {
+ char *oid;
+ unsigned int qualifiers;
+ struct {
+ gnutls_x509_qualifier_t type;
+ char *data;
+ unsigned int size;
+ } qualifier[GNUTLS_MAX_QUALIFIERS];
+ } gnutls_x509_policy_st;
+
+ void gnutls_x509_policy_release(struct gnutls_x509_policy_st
+ *policy);
+ int gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx,
+ struct gnutls_x509_policy_st
+ *policy, unsigned int *critical);
+ int gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt,
+ struct gnutls_x509_policy_st
+ *policy, unsigned int critical);
+
+ int gnutls_x509_dn_oid_known(const char *oid);
#define GNUTLS_X509_DN_OID_RETURN_OID 1
- const char* gnutls_x509_dn_oid_name (const char *oid, unsigned int flags);
-
- /* Read extensions by OID. */
- int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size);
- int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- void *buf, size_t * buf_size,
- unsigned int *critical);
-
- /* Read extensions by sequence number. */
- int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size,
- unsigned int *critical);
- int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
- void *data, size_t * sizeof_data);
-
- int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- const void *buf,
- size_t sizeof_buf,
- unsigned int critical);
+ const char *gnutls_x509_dn_oid_name(const char *oid,
+ unsigned int flags);
+
+ /* Read extensions by OID. */
+ int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * oid_size);
+ int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ void *buf,
+ size_t * buf_size,
+ unsigned int *critical);
+
+ /* Read extensions by sequence number. */
+ int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * oid_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert,
+ int indx, void *data,
+ size_t * sizeof_data);
+
+ int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt,
+ const char *oid,
+ const void *buf,
+ size_t sizeof_buf,
+ unsigned int critical);
/* X.509 Certificate writing.
*/
- int gnutls_x509_crt_set_dn (gnutls_x509_crt_t crt, const char *dn, const char** err);
-
- int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
- int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
- int gnutls_x509_crt_set_issuer_dn (gnutls_x509_crt_t crt, const char *dn, const char** err);
-
- int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,
- unsigned int version);
- int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,
- gnutls_x509_privkey_t key);
- int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);
- int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
- unsigned int ca,
- int pathLenConstraint);
- int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type,
- const char *data_string);
- int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int flags);
- int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key);
- int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
- int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,
- time_t act_time);
- int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,
- time_t exp_time);
- int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
- size_t serial_size);
-
- int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size);
-
- int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t eecrt,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
- int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
- int pathLenConstraint,
- const char *policyLanguage,
- const char *policy, size_t sizeof_policy);
-
- int gnutls_x509_crt_print (gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
- int gnutls_x509_crl_print (gnutls_x509_crl_t crl,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
-
- /* Access to internal Certificate fields.
- */
- int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * start);
- int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * start);
+ int gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn,
+ const char **err);
+
+ int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt,
+ const char *dn,
+ const char **err);
+
+ int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt,
+ unsigned int version);
+ int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt,
+ gnutls_x509_privkey_t key);
+ int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt,
+ unsigned int ca);
+ int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt,
+ unsigned int ca,
+ int pathLenConstraint);
+ int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t
+ crt,
+ gnutls_x509_subject_alt_name_t
+ type,
+ const char
+ *data_string);
+ int gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int flags);
+ int gnutls_x509_crt_sign(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key);
+ int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+ int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert,
+ time_t act_time);
+ int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert,
+ time_t exp_time);
+ int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert,
+ const void *serial,
+ size_t serial_size);
+
+ int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert,
+ const void *id,
+ size_t id_size);
+
+ int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t eecrt,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt,
+ int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy);
+
+ int gnutls_x509_crt_print(gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t
+ format, gnutls_datum_t * out);
+ int gnutls_x509_crl_print(gnutls_x509_crl_t crl,
+ gnutls_certificate_print_formats_t
+ format, gnutls_datum_t * out);
+
+ /* Access to internal Certificate fields.
+ */
+ int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert,
+ gnutls_datum_t * start);
+ int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert,
+ gnutls_datum_t * start);
/* RDN handling.
*/
- int gnutls_x509_rdn_get (const gnutls_datum_t * idn,
- char *buf, size_t * sizeof_buf);
- int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
- int indx, void *buf, size_t * sizeof_buf);
+ int gnutls_x509_rdn_get(const gnutls_datum_t * idn,
+ char *buf, size_t * sizeof_buf);
+ int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn,
+ int indx, void *buf,
+ size_t * sizeof_buf);
- int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
+ int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
- typedef void *gnutls_x509_dn_t;
+ typedef void *gnutls_x509_dn_t;
- typedef struct gnutls_x509_ava_st
- {
- gnutls_datum_t oid;
- gnutls_datum_t value;
- unsigned long value_tag;
- } gnutls_x509_ava_st;
+ typedef struct gnutls_x509_ava_st {
+ gnutls_datum_t oid;
+ gnutls_datum_t value;
+ unsigned long value_tag;
+ } gnutls_x509_ava_st;
- int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
- gnutls_x509_dn_t * dn);
- int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_dn_t * dn);
- int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn,
- int iava, gnutls_x509_ava_st * ava);
+ int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert,
+ gnutls_x509_dn_t * dn);
+ int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert,
+ gnutls_x509_dn_t * dn);
+ int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, int irdn,
+ int iava, gnutls_x509_ava_st * ava);
- int gnutls_x509_dn_init (gnutls_x509_dn_t * dn);
+ int gnutls_x509_dn_init(gnutls_x509_dn_t * dn);
- int gnutls_x509_dn_import (gnutls_x509_dn_t dn,
- const gnutls_datum_t * data);
+ int gnutls_x509_dn_import(gnutls_x509_dn_t dn,
+ const gnutls_datum_t * data);
- int gnutls_x509_dn_export (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size);
- int gnutls_x509_dn_export2 (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out);
+ int gnutls_x509_dn_export(gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_dn_export2(gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
- void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn);
+ void gnutls_x509_dn_deinit(gnutls_x509_dn_t dn);
/* CRL handling functions.
*/
- int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
- void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
-
- int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
- int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t *out);
-
- int
- gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
- gnutls_datum_t * dn);
-
- int gnutls_x509_crl_get_issuer_dn (gnutls_x509_crl_t crl,
- char *buf, size_t * sizeof_buf);
- int gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t* dn);
- int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
- const char *oid, int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf);
- int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid);
-
- int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);
- int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
- char *sig, size_t * sizeof_sig);
- int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);
-
- time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);
- time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl);
-
- int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
- int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
- unsigned char *serial,
- size_t * serial_size, time_t * t);
+ int gnutls_x509_crl_init(gnutls_x509_crl_t * crl);
+ void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl);
+
+ int gnutls_x509_crl_import(gnutls_x509_crl_t crl,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_crl_export(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crl_export2(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int
+ gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn);
+
+ int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl,
+ char *buf, size_t * sizeof_buf);
+ int gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn);
+ int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl,
+ const char *oid, int indx,
+ unsigned int raw_flag,
+ void *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid);
+
+ int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl);
+ int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl,
+ char *sig, size_t * sizeof_sig);
+ int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl);
+
+ time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl);
+ time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl);
+
+ int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
+ int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx,
+ unsigned char *serial,
+ size_t * serial_size,
+ time_t * t);
#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
- int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer);
+ int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer);
- int gnutls_x509_crl_list_import2 (gnutls_x509_crl_t ** crls,
- unsigned int * size,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
+ int gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls,
+ unsigned int *size,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
- int gnutls_x509_crl_list_import (gnutls_x509_crl_t * crls,
- unsigned int *crl_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags);
+ int gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls,
+ unsigned int *crl_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
/* CRL writing.
*/
- int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,
- unsigned int version);
- int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,
- time_t act_time);
- int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,
- time_t exp_time);
- int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
- const void *serial,
- size_t serial_size,
- time_t revocation_time);
- int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t crt, time_t revocation_time);
-
- int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id,
- size_t * id_size,
- unsigned int *critical);
- int gnutls_x509_crl_get_authority_key_gn_serial (gnutls_x509_crl_t crl,
- unsigned int seq,
- void *alt,
- size_t * alt_size,
- unsigned int *alt_type,
- void* serial,
- size_t *serial_size,
- unsigned int *critical);
-
- int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size, unsigned int *critical);
-
- int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid);
-
- int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical);
-
- int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
- void *data, size_t * sizeof_data);
-
- int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
- const void *id, size_t id_size);
-
- int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
- const void *nr, size_t nr_size);
+ int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl,
+ unsigned int version);
+ int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl,
+ time_t act_time);
+ int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl,
+ time_t exp_time);
+ int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl,
+ const void *serial,
+ size_t serial_size,
+ time_t revocation_time);
+ int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t crt,
+ time_t revocation_time);
+
+ int gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl,
+ void *id,
+ size_t * id_size,
+ unsigned int *critical);
+ int gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t
+ crl,
+ unsigned int seq,
+ void *alt,
+ size_t * alt_size,
+ unsigned int
+ *alt_type,
+ void *serial,
+ size_t *
+ serial_size,
+ unsigned int
+ *critical);
+
+ int gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
+
+ int gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid);
+
+ int gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical);
+
+ int gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl,
+ int indx, void *data,
+ size_t * sizeof_data);
+
+ int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl,
+ const void *id,
+ size_t id_size);
+
+ int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
+ const void *nr, size_t nr_size);
/* PKCS7 structures handling
*/
- struct gnutls_pkcs7_int;
- typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
-
- int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);
- void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);
- int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
- int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_pkcs7_export2 (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t *out);
-
- int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
- int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx,
- void *certificate, size_t * certificate_size);
-
- int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * crt);
- int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
- int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);
-
- int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *crl, size_t * crl_size);
- int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);
-
- int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * crl);
- int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
- int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);
+ struct gnutls_pkcs7_int;
+ typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
+
+ int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7);
+ void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7);
+ int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7);
+ int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, int indx,
+ void *certificate,
+ size_t * certificate_size);
+
+ int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * crt);
+ int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_t crt);
+ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx);
+
+ int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
+ int indx, void *crl,
+ size_t * crl_size);
+ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7);
+
+ int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * crl);
+ int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crl_t crl);
+ int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx);
/* X.509 Certificate verification functions.
*/
@@ -694,57 +773,58 @@ extern "C"
*
* Enumeration of different certificate verify flags.
*/
- typedef enum gnutls_certificate_verify_flags
- {
- GNUTLS_VERIFY_DISABLE_CA_SIGN = 1<<0,
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1<<1,
- GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1<<2,
- GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1<<3,
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1<<4,
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1<<5,
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1<<6,
- GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1<<7,
- GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1<<8,
- GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1<<9,
- GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1<<10,
- GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1<<11,
- } gnutls_certificate_verify_flags;
-
- int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer);
-
- int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
- int cert_list_length,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length,
- const gnutls_x509_crl_t * CRL_list,
- int CRL_list_length,
- unsigned int flags, unsigned int *verify);
-
- int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify);
- int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify);
-
- int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t *
- crl_list, int crl_list_length);
-
- int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo,
- void *buf, size_t * buf_size);
-
- int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
- int indx, void *oid,
- size_t * oid_size,
- unsigned int *critical);
- int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
- const void *oid,
- unsigned int critical);
+ typedef enum gnutls_certificate_verify_flags {
+ GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1 << 1,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2,
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6,
+ GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8,
+ GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9,
+ GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11,
+ } gnutls_certificate_verify_flags;
+
+ int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer);
+
+ int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t *
+ cert_list, int cert_list_length,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length,
+ const gnutls_x509_crl_t * CRL_list,
+ int CRL_list_length,
+ unsigned int flags,
+ unsigned int *verify);
+
+ int gnutls_x509_crt_verify(gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify);
+ int gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify);
+
+ int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t *
+ crl_list,
+ int crl_list_length);
+
+ int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo,
+ void *buf, size_t * buf_size);
+
+ int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * oid_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
+ const void *oid,
+ unsigned int critical);
/* Private key handling.
*/
@@ -771,351 +851,398 @@ extern "C"
*
* Enumeration of different PKCS encryption flags.
*/
- typedef enum gnutls_pkcs_encrypt_flags_t
- {
- GNUTLS_PKCS_PLAIN = 1,
- GNUTLS_PKCS_USE_PKCS12_3DES = 2,
- GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
- GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
- GNUTLS_PKCS_USE_PBES2_3DES = 16,
- GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
- GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
- GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
- GNUTLS_PKCS_NULL_PASSWORD = 256
- } gnutls_pkcs_encrypt_flags_t;
-
- int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
- void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
- gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t
- key);
- int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
- gnutls_x509_privkey_t src);
- int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
- int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags);
- int gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key,
- const gnutls_datum_t *data,
- const char* password);
-
- int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags);
-
- int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u);
- int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u,
- const gnutls_datum_t * e1,
- const gnutls_datum_t * e2);
- int gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y,
- const gnutls_datum_t * k);
-
- int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
-
- int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
- int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y,
- const gnutls_datum_t * x);
-
- int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
- int gnutls_x509_privkey_get_pk_algorithm2 (gnutls_x509_privkey_t key, unsigned int *bits);
- int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
-
- int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
- gnutls_pk_algorithm_t algo,
- unsigned int bits, unsigned int flags);
- int gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key);
-
- int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size);
- int gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out);
- int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size);
- int gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- gnutls_datum_t * out);
- int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u,
- gnutls_datum_t * e1,
- gnutls_datum_t * e2);
- int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
- int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key,
- gnutls_ecc_curve_t *curve,
- gnutls_datum_t * x, gnutls_datum_t * y,
- gnutls_datum_t* k);
+ typedef enum gnutls_pkcs_encrypt_flags_t {
+ GNUTLS_PKCS_PLAIN = 1,
+ GNUTLS_PKCS_USE_PKCS12_3DES = 2,
+ GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
+ GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
+ GNUTLS_PKCS_USE_PBES2_3DES = 16,
+ GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
+ GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
+ GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
+ GNUTLS_PKCS_NULL_PASSWORD = 256
+ } gnutls_pkcs_encrypt_flags_t;
+
+ int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key);
+ void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key);
+ gnutls_sec_param_t
+ gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key);
+ int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst,
+ gnutls_x509_privkey_t src);
+ int gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+ int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ const char *password);
+
+ int gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+
+ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
+ int gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * e1,
+ const gnutls_datum_t * e2);
+ int gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key,
+ gnutls_ecc_curve_t curve,
+ const gnutls_datum_t * x,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * k);
+
+ int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key);
+
+ int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
+ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x);
+
+ int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t
+ key);
+ int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t
+ key, unsigned int *bits);
+ int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+ int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
+ gnutls_pk_algorithm_t algo,
+ unsigned int bits,
+ unsigned int flags);
+ int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key);
+
+ int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_privkey_export2(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+ int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ gnutls_datum_t * out);
+ int gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u,
+ gnutls_datum_t * e1,
+ gnutls_datum_t * e2);
+ int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
+ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key,
+ gnutls_ecc_curve_t * curve,
+ gnutls_datum_t * x,
+ gnutls_datum_t * y,
+ gnutls_datum_t * k);
/* Certificate request stuff.
*/
- int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,
- gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
-
- int gnutls_x509_crq_print (gnutls_x509_crq_t crq,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
-
- int gnutls_x509_crq_verify (gnutls_x509_crq_t crq, unsigned int flags);
-
- int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
- void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
- int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
-
- int gnutls_x509_crq_get_private_key_usage_period (gnutls_x509_crq_t cert, time_t* activation, time_t* expiration,
- unsigned int *critical);
-
- int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
- size_t * sizeof_buf);
- int gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t* dn);
- int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid);
- int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
- int gnutls_x509_crq_set_dn (gnutls_x509_crq_t crq, const char *dn, const char** err);
- int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,
- const char *oid,
- unsigned int raw_flag,
- const void *data,
- unsigned int sizeof_data);
- int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,
- unsigned int version);
- int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq);
- int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
- gnutls_x509_privkey_t key);
-
- int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
- const char *pass);
- int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
- char *pass,
- size_t * sizeof_pass);
-
- int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, void *buf,
- size_t sizeof_buf);
- int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf);
-
- int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out);
-
- int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
- int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq);
-
- int gnutls_x509_crq_set_private_key_usage_period (gnutls_x509_crq_t crq,
- time_t activation,
- time_t expiration);
- int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e);
- int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
- gnutls_x509_subject_alt_name_t nt,
- const void *data,
- unsigned int data_size,
- unsigned int flags);
-
- int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq,
- unsigned int usage);
- int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int ca,
- int pathLenConstraint);
- int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
- const void *oid,
- unsigned int critical);
- int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical);
-
- int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data);
- int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical);
- int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data);
- int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid);
- int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,
- unsigned int *bits);
-
- int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
- int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
-
- int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
- unsigned int *key_usage,
- unsigned int *critical);
- int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int *critical,
- unsigned int *ca, int *pathlen);
- int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical);
- int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
- unsigned int seq,
- void *ret,
- size_t * ret_size);
-
- int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf,
- unsigned int *critical);
-
- typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t;
-
- int
- gnutls_x509_trust_list_init (gnutls_x509_trust_list_t * list, unsigned int size);
-
- void
- gnutls_x509_trust_list_deinit (gnutls_x509_trust_list_t list, unsigned int all);
-
- int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags);
-
- int
- gnutls_x509_trust_list_add_cas (gnutls_x509_trust_list_t list,
- const gnutls_x509_crt_t * clist, int clist_size, unsigned int flags);
- int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list,
- const gnutls_x509_crt_t * clist,
- int clist_size);
-
- int gnutls_x509_trust_list_add_named_crt (gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert, const void* name, size_t name_size, unsigned int flags);
+ int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq,
+ gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+ int gnutls_x509_crq_print(gnutls_x509_crq_t crq,
+ gnutls_certificate_print_formats_t
+ format, gnutls_datum_t * out);
+
+ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq,
+ unsigned int flags);
+
+ int gnutls_x509_crq_init(gnutls_x509_crq_t * crq);
+ void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq);
+ int gnutls_x509_crq_import(gnutls_x509_crq_t crq,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+
+ int gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t
+ cert,
+ time_t *
+ activation,
+ time_t *
+ expiration,
+ unsigned int
+ *critical);
+
+ int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq,
+ gnutls_datum_t * dn);
+ int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid);
+ int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crq_set_dn(gnutls_x509_crq_t crq, const char *dn,
+ const char **err);
+ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *data,
+ unsigned int sizeof_data);
+ int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq,
+ unsigned int version);
+ int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq);
+ int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq,
+ gnutls_x509_privkey_t key);
+
+ int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq,
+ const char *pass);
+ int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq,
+ char *pass,
+ size_t * sizeof_pass);
+
+ int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq,
+ const char *oid,
+ void *buf,
+ size_t sizeof_buf);
+ int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf,
+ size_t * sizeof_buf);
+
+ int gnutls_x509_crq_export(gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crq_export2(gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt,
+ gnutls_x509_crq_t crq);
+ int gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
+ gnutls_x509_crq_t crq);
+
+ int gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t
+ crq,
+ time_t activation,
+ time_t
+ expiration);
+ int gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
+ int gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq,
+ gnutls_x509_subject_alt_name_t
+ nt, const void *data,
+ unsigned int data_size,
+ unsigned int flags);
+
+ int gnutls_x509_crq_set_key_usage(gnutls_x509_crq_t crq,
+ unsigned int usage);
+ int gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq,
+ unsigned int ca,
+ int pathLenConstraint);
+ int gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq,
+ const void *oid,
+ unsigned int critical);
+ int gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical);
+
+ int gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq,
+ int indx, void *data,
+ size_t * sizeof_data);
+ int gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical);
+ int gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq,
+ int indx, void *data,
+ size_t * sizeof_data);
+ int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq,
+ int indx, void *oid,
+ size_t * sizeof_oid);
+ int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq,
+ unsigned int *bits);
+
+ int gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+
+ int gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq,
+ unsigned int *key_usage,
+ unsigned int *critical);
+ int gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq,
+ unsigned int *critical,
+ unsigned int *ca,
+ int *pathlen);
+ int gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq,
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical);
+ int gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t
+ crq,
+ unsigned int seq,
+ void *ret,
+ size_t *
+ ret_size);
+
+ int gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf,
+ size_t * sizeof_buf,
+ unsigned int *critical);
+
+ typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t;
+
+ int
+ gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list,
+ unsigned int size);
+
+ void
+ gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
+ unsigned int all);
+
+ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t
+ list, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t * issuer,
+ unsigned int flags);
+
+ int
+ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
+ const gnutls_x509_crt_t * clist,
+ int clist_size,
+ unsigned int flags);
+ int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t
+ list,
+ const gnutls_x509_crt_t *
+ clist, int clist_size);
+
+ int gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t
+ list,
+ gnutls_x509_crt_t cert,
+ const void *name,
+ size_t name_size,
+ unsigned int flags);
#define GNUTLS_TL_VERIFY_CRL 1
- int
- gnutls_x509_trust_list_add_crls (gnutls_x509_trust_list_t list,
- const gnutls_x509_crl_t * crl_list, int crl_size, unsigned int flags,
- unsigned int verification_flags);
-
- typedef int gnutls_verify_output_function (
- gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer, /* The issuer if verification failed
- * because of him. might be null.
- */
- gnutls_x509_crl_t crl, /* The CRL that caused verification failure
- * if any. Might be null.
- */
- unsigned int verification_output);
-
- int gnutls_x509_trust_list_verify_named_crt (
- gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert,
- const void * name, size_t name_size,
- unsigned int flags,
- unsigned int *verify,
- gnutls_verify_output_function func);
-
- int
- gnutls_x509_trust_list_verify_crt (
- gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t *cert_list,
- unsigned int cert_list_size,
- unsigned int flags,
- unsigned int *verify,
- gnutls_verify_output_function func);
-
- /* trust list convenience functions */
-int
-gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list,
- const gnutls_datum_t * cas,
- const gnutls_datum_t * crls,
- gnutls_x509_crt_fmt_t type,
- unsigned int tl_flags,
- unsigned int tl_vflags);
-
-int
-gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
- const char* ca_file,
- const char* crl_file,
- gnutls_x509_crt_fmt_t type,
- unsigned int tl_flags,
- unsigned int tl_vflags);
-
-int
-gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list,
- const char* ca_file,
- gnutls_x509_crt_fmt_t type);
-
-int
-gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list,
- const gnutls_datum_t * cas,
- gnutls_x509_crt_fmt_t type);
-
-int
-gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags);
-
-void gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res,
- gnutls_x509_trust_list_t tlist, unsigned flags);
+ int
+ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
+ const gnutls_x509_crl_t *
+ crl_list, int crl_size,
+ unsigned int flags,
+ unsigned int verification_flags);
+
+ typedef int gnutls_verify_output_function(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, /* The issuer if verification failed
+ * because of him. might be null.
+ */
+ gnutls_x509_crl_t crl, /* The CRL that caused verification failure
+ * if any. Might be null.
+ */
+ unsigned int
+ verification_output);
+
+ int gnutls_x509_trust_list_verify_named_crt
+ (gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert,
+ const void *name, size_t name_size, unsigned int flags,
+ unsigned int *verify, gnutls_verify_output_function func);
+
+ int
+ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
+ gnutls_x509_crt_t * cert_list,
+ unsigned int cert_list_size,
+ unsigned int flags,
+ unsigned int *verify,
+ gnutls_verify_output_function
+ func);
+
+ /* trust list convenience functions */
+ int
+ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t
+ list,
+ const gnutls_datum_t * cas,
+ const gnutls_datum_t * crls,
+ gnutls_x509_crt_fmt_t type,
+ unsigned int tl_flags,
+ unsigned int tl_vflags);
+
+ int
+ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t
+ list, const char *ca_file,
+ const char *crl_file,
+ gnutls_x509_crt_fmt_t type,
+ unsigned int tl_flags,
+ unsigned int tl_vflags);
+
+ int
+ gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t
+ list,
+ const char *ca_file,
+ gnutls_x509_crt_fmt_t
+ type);
+
+ int
+ gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t
+ list,
+ const gnutls_datum_t *
+ cas,
+ gnutls_x509_crt_fmt_t
+ type);
+
+ int
+ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t
+ list,
+ unsigned int tl_flags,
+ unsigned int tl_vflags);
+
+ void gnutls_certificate_set_trust_list
+ (gnutls_certificate_credentials_t res,
+ gnutls_x509_trust_list_t tlist, unsigned flags);
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_X509_H */
+#endif /* GNUTLS_X509_H */
diff --git a/lib/includes/gnutls/xssl.h b/lib/includes/gnutls/xssl.h
index 0afe88dc26..578eca6e08 100644
--- a/lib/includes/gnutls/xssl.h
+++ b/lib/includes/gnutls/xssl.h
@@ -27,95 +27,87 @@
typedef struct xssl_st *xssl_t;
typedef struct xssl_cred_st *xssl_cred_t;
-ssize_t xssl_printf (xssl_t sb, const char *fmt, ...)
+ssize_t xssl_printf(xssl_t sb, const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 2, 3)))
+ __attribute__ ((format(printf, 2, 3)))
#endif
-;
+ ;
-ssize_t xssl_write (xssl_t sb, const void *data,
- size_t data_size);
+ssize_t xssl_write(xssl_t sb, const void *data, size_t data_size);
-ssize_t xssl_flush (xssl_t sb);
+ssize_t xssl_flush(xssl_t sb);
-ssize_t xssl_read(xssl_t sb, void* data, size_t data_size);
+ssize_t xssl_read(xssl_t sb, void *data, size_t data_size);
ssize_t
-xssl_getdelim (xssl_t sbuf, char **lineptr, size_t *n, int delimiter);
+xssl_getdelim(xssl_t sbuf, char **lineptr, size_t * n, int delimiter);
#define xssl_getline(sbuf, ptr, n) xssl_getdelim(sbuf, ptr, n, '\n')
void xssl_deinit(xssl_t sb);
#define GNUTLS_SBUF_WRITE_FLUSHES (1<<0)
-int xssl_sinit (xssl_t * isb, gnutls_session_t session,
- unsigned int flags);
+int xssl_sinit(xssl_t * isb, gnutls_session_t session, unsigned int flags);
gnutls_session_t xssl_get_session(xssl_t sb);
-int xssl_client_init (xssl_t * isb, const char* hostname,
- const char* service,
- gnutls_transport_ptr fd,
- const char* priority, xssl_cred_t cred,
- unsigned int *status,
- unsigned int flags);
+int xssl_client_init(xssl_t * isb, const char *hostname,
+ const char *service,
+ gnutls_transport_ptr fd,
+ const char *priority, xssl_cred_t cred,
+ unsigned int *status, unsigned int flags);
-int xssl_server_init (xssl_t * isb,
- gnutls_transport_ptr fd,
- const char* priority, xssl_cred_t cred,
- unsigned int *status,
- unsigned int flags);
+int xssl_server_init(xssl_t * isb,
+ gnutls_transport_ptr fd,
+ const char *priority, xssl_cred_t cred,
+ unsigned int *status, unsigned int flags);
/* High level credential structures */
-typedef enum
-{
- GNUTLS_VMETHOD_NO_AUTH = 0,
- GNUTLS_VMETHOD_TOFU = 1<<0,
- GNUTLS_VMETHOD_GIVEN_CAS = 1<<1,
- GNUTLS_VMETHOD_SYSTEM_CAS = 1<<2
+typedef enum {
+ GNUTLS_VMETHOD_NO_AUTH = 0,
+ GNUTLS_VMETHOD_TOFU = 1 << 0,
+ GNUTLS_VMETHOD_GIVEN_CAS = 1 << 1,
+ GNUTLS_VMETHOD_SYSTEM_CAS = 1 << 2
} gnutls_vmethod_t;
-typedef enum
-{
- GNUTLS_CINPUT_TYPE_FILE = 0,
- GNUTLS_CINPUT_TYPE_MEM = 1,
- GNUTLS_CINPUT_TYPE_PIN_FUNC = 2,
+typedef enum {
+ GNUTLS_CINPUT_TYPE_FILE = 0,
+ GNUTLS_CINPUT_TYPE_MEM = 1,
+ GNUTLS_CINPUT_TYPE_PIN_FUNC = 2,
} gnutls_cinput_type_t;
-typedef enum
-{
- GNUTLS_CINPUT_CAS = 1, /* i1 contains the CAs */
- GNUTLS_CINPUT_CRLS = 2,/* i1 contains the CRLs */
- GNUTLS_CINPUT_TOFU_DB = 3, /* i1 contains the DB filename */
- GNUTLS_CINPUT_KEYPAIR = 4, /* i1 contains the certificate, i2 the key
- * or i1.pin_fn contains the pin function,
- * and i2.udata the user pointer */
+typedef enum {
+ GNUTLS_CINPUT_CAS = 1, /* i1 contains the CAs */
+ GNUTLS_CINPUT_CRLS = 2, /* i1 contains the CRLs */
+ GNUTLS_CINPUT_TOFU_DB = 3, /* i1 contains the DB filename */
+ GNUTLS_CINPUT_KEYPAIR = 4, /* i1 contains the certificate, i2 the key
+ * or i1.pin_fn contains the pin function,
+ * and i2.udata the user pointer */
} gnutls_cinput_contents_t;
typedef struct gnutls_cinput_st {
- gnutls_cinput_type_t type;
- gnutls_cinput_contents_t contents;
- gnutls_x509_crt_fmt_t fmt; /* if applicable */
-
- union {
- gnutls_pin_callback_t pin_fn;
- const char* file;
- gnutls_datum_t mem;
- } i1;
-
- union {
- void* udata;
- const char* file;
- gnutls_datum_t mem;
- } i2;
-
- unsigned long future_pad[8];
+ gnutls_cinput_type_t type;
+ gnutls_cinput_contents_t contents;
+ gnutls_x509_crt_fmt_t fmt; /* if applicable */
+
+ union {
+ gnutls_pin_callback_t pin_fn;
+ const char *file;
+ gnutls_datum_t mem;
+ } i1;
+
+ union {
+ void *udata;
+ const char *file;
+ gnutls_datum_t mem;
+ } i2;
+
+ unsigned long future_pad[8];
} gnutls_cinput_st;
-int xssl_cred_init (xssl_cred_t *c, unsigned vflags,
- gnutls_cinput_st* aux,
- unsigned aux_size);
-void xssl_cred_deinit (xssl_cred_t cred);
+int xssl_cred_init(xssl_cred_t * c, unsigned vflags,
+ gnutls_cinput_st * aux, unsigned aux_size);
+void xssl_cred_deinit(xssl_cred_t cred);
-#endif /* GNUTLS_SBUF_H */
+#endif /* GNUTLS_SBUF_H */
diff --git a/lib/locks.c b/lib/locks.c
index 324aa29d14..a5f16e9e88 100644
--- a/lib/locks.c
+++ b/lib/locks.c
@@ -47,14 +47,15 @@
* Since: 2.12.0
**/
void
-gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
- mutex_lock_func lock, mutex_unlock_func unlock)
+gnutls_global_set_mutex(mutex_init_func init, mutex_deinit_func deinit,
+ mutex_lock_func lock, mutex_unlock_func unlock)
{
- if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL)
- return;
+ if (init == NULL || deinit == NULL || lock == NULL
+ || unlock == NULL)
+ return;
- gnutls_mutex_init = init;
- gnutls_mutex_deinit = deinit;
- gnutls_mutex_lock = lock;
- gnutls_mutex_unlock = unlock;
+ gnutls_mutex_init = init;
+ gnutls_mutex_deinit = deinit;
+ gnutls_mutex_lock = lock;
+ gnutls_mutex_unlock = unlock;
}
diff --git a/lib/minitasn1/coding.c b/lib/minitasn1/coding.c
index 5361b3f068..8e71683d24 100644
--- a/lib/minitasn1/coding.c
+++ b/lib/minitasn1/coding.c
@@ -44,17 +44,19 @@
/* Return: */
/******************************************************/
static void
-_asn1_error_description_value_not_found (asn1_node node,
- char *ErrorDescription)
+_asn1_error_description_value_not_found(asn1_node node,
+ char *ErrorDescription)
{
- if (ErrorDescription == NULL)
- return;
+ if (ErrorDescription == NULL)
+ return;
- Estrcpy (ErrorDescription, ":: value of element '");
- _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription),
- ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
- Estrcat (ErrorDescription, "' not found");
+ Estrcpy(ErrorDescription, ":: value of element '");
+ _asn1_hierarchical_name(node,
+ ErrorDescription +
+ strlen(ErrorDescription),
+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
+ Estrcat(ErrorDescription, "' not found");
}
@@ -71,38 +73,33 @@ _asn1_error_description_value_not_found (asn1_node node,
* To know the size of the DER encoding use a %NULL value for @der.
**/
void
-asn1_length_der (unsigned long int len, unsigned char *der, int *der_len)
+asn1_length_der(unsigned long int len, unsigned char *der, int *der_len)
{
- int k;
- unsigned char temp[ASN1_MAX_LENGTH_SIZE];
+ int k;
+ unsigned char temp[ASN1_MAX_LENGTH_SIZE];
#if SIZEOF_UNSIGNED_LONG_INT > 8
- len &= 0xFFFFFFFFFFFFFFFF;
+ len &= 0xFFFFFFFFFFFFFFFF;
#endif
- if (len < 128)
- {
- /* short form */
- if (der != NULL)
- der[0] = (unsigned char) len;
- *der_len = 1;
- }
- else
- {
- /* Long form */
- k = 0;
- while (len)
- {
- temp[k++] = len & 0xFF;
- len = len >> 8;
- }
- *der_len = k + 1;
- if (der != NULL)
- {
- der[0] = ((unsigned char) k & 0x7F) + 128;
- while (k--)
- der[*der_len - 1 - k] = temp[k];
+ if (len < 128) {
+ /* short form */
+ if (der != NULL)
+ der[0] = (unsigned char) len;
+ *der_len = 1;
+ } else {
+ /* Long form */
+ k = 0;
+ while (len) {
+ temp[k++] = len & 0xFF;
+ len = len >> 8;
+ }
+ *der_len = k + 1;
+ if (der != NULL) {
+ der[0] = ((unsigned char) k & 0x7F) + 128;
+ while (k--)
+ der[*der_len - 1 - k] = temp[k];
+ }
}
- }
}
/******************************************************/
@@ -119,36 +116,33 @@ asn1_length_der (unsigned long int len, unsigned char *der, int *der_len)
/* Return: */
/******************************************************/
static void
-_asn1_tag_der (unsigned char class, unsigned int tag_value,
- unsigned char *ans, int *ans_len)
+_asn1_tag_der(unsigned char class, unsigned int tag_value,
+ unsigned char *ans, int *ans_len)
{
- int k;
- unsigned char temp[ASN1_MAX_TAG_SIZE];
-
- if (tag_value < 31)
- {
- /* short form */
- ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F));
- *ans_len = 1;
- }
- else
- {
- /* Long form */
- ans[0] = (class & 0xE0) + 31;
- k = 0;
- while (tag_value != 0)
- {
- temp[k++] = tag_value & 0x7F;
- tag_value >>= 7;
-
- if (k > ASN1_MAX_TAG_SIZE-1)
- break; /* will not encode larger tags */
+ int k;
+ unsigned char temp[ASN1_MAX_TAG_SIZE];
+
+ if (tag_value < 31) {
+ /* short form */
+ ans[0] =
+ (class & 0xE0) + ((unsigned char) (tag_value & 0x1F));
+ *ans_len = 1;
+ } else {
+ /* Long form */
+ ans[0] = (class & 0xE0) + 31;
+ k = 0;
+ while (tag_value != 0) {
+ temp[k++] = tag_value & 0x7F;
+ tag_value >>= 7;
+
+ if (k > ASN1_MAX_TAG_SIZE - 1)
+ break; /* will not encode larger tags */
+ }
+ *ans_len = k + 1;
+ while (k--)
+ ans[*ans_len - 1 - k] = temp[k] + 128;
+ ans[*ans_len - 1] -= 128;
}
- *ans_len = k + 1;
- while (k--)
- ans[*ans_len - 1 - k] = temp[k] + 128;
- ans[*ans_len - 1] -= 128;
- }
}
/**
@@ -169,17 +163,17 @@ _asn1_tag_der (unsigned char class, unsigned int tag_value,
* asn1_length_der().
**/
void
-asn1_octet_der (const unsigned char *str, int str_len,
- unsigned char *der, int *der_len)
+asn1_octet_der(const unsigned char *str, int str_len,
+ unsigned char *der, int *der_len)
{
- int len_len;
+ int len_len;
- if (der == NULL || str_len < 0)
- return;
+ if (der == NULL || str_len < 0)
+ return;
- asn1_length_der (str_len, der, &len_len);
- memcpy (der + len_len, str, str_len);
- *der_len = str_len + len_len;
+ asn1_length_der(str_len, der, &len_len);
+ memcpy(der + len_len, str, str_len);
+ *der_len = str_len + len_len;
}
@@ -201,46 +195,47 @@ asn1_octet_der (const unsigned char *str, int str_len,
* Returns: %ASN1_SUCCESS if successful or an error value.
**/
int
-asn1_encode_simple_der (unsigned int etype, const unsigned char *str, unsigned int str_len,
- unsigned char *tl, unsigned int *tl_len)
+asn1_encode_simple_der(unsigned int etype, const unsigned char *str,
+ unsigned int str_len, unsigned char *tl,
+ unsigned int *tl_len)
{
- int tag_len, len_len;
- unsigned tlen;
- unsigned char der_tag[ASN1_MAX_TAG_SIZE];
- unsigned char der_length[ASN1_MAX_LENGTH_SIZE];
- unsigned char* p;
+ int tag_len, len_len;
+ unsigned tlen;
+ unsigned char der_tag[ASN1_MAX_TAG_SIZE];
+ unsigned char der_length[ASN1_MAX_LENGTH_SIZE];
+ unsigned char *p;
- if (str == NULL)
- return ASN1_VALUE_NOT_VALID;
+ if (str == NULL)
+ return ASN1_VALUE_NOT_VALID;
- if (ETYPE_OK(etype) == 0)
- return ASN1_VALUE_NOT_VALID;
+ if (ETYPE_OK(etype) == 0)
+ return ASN1_VALUE_NOT_VALID;
- /* doesn't handle constructed classes */
- if (ETYPE_CLASS(etype) != ASN1_CLASS_UNIVERSAL)
- return ASN1_VALUE_NOT_VALID;
+ /* doesn't handle constructed classes */
+ if (ETYPE_CLASS(etype) != ASN1_CLASS_UNIVERSAL)
+ return ASN1_VALUE_NOT_VALID;
- _asn1_tag_der (ETYPE_CLASS(etype), ETYPE_TAG(etype),
- der_tag, &tag_len);
+ _asn1_tag_der(ETYPE_CLASS(etype), ETYPE_TAG(etype),
+ der_tag, &tag_len);
- asn1_length_der(str_len, der_length, &len_len);
+ asn1_length_der(str_len, der_length, &len_len);
- if (tag_len <= 0 || len_len <= 0)
- return ASN1_VALUE_NOT_VALID;
-
- tlen = tag_len + len_len;
+ if (tag_len <= 0 || len_len <= 0)
+ return ASN1_VALUE_NOT_VALID;
- if (*tl_len < tlen)
- return ASN1_MEM_ERROR;
+ tlen = tag_len + len_len;
- p = tl;
- memcpy(p, der_tag, tag_len);
- p+=tag_len;
- memcpy(p, der_length, len_len);
-
- *tl_len = tlen;
+ if (*tl_len < tlen)
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ p = tl;
+ memcpy(p, der_tag, tag_len);
+ p += tag_len;
+ memcpy(p, der_length, len_len);
+
+ *tl_len = tlen;
+
+ return ASN1_SUCCESS;
}
/******************************************************/
@@ -258,23 +253,24 @@ asn1_encode_simple_der (unsigned int etype, const unsigned char *str, unsigned i
/* ASN1_SUCCESS otherwise */
/******************************************************/
static int
-_asn1_time_der (unsigned char *str, int str_len, unsigned char *der, int *der_len)
+_asn1_time_der(unsigned char *str, int str_len, unsigned char *der,
+ int *der_len)
{
- int len_len;
- int max_len;
+ int len_len;
+ int max_len;
- max_len = *der_len;
+ max_len = *der_len;
- asn1_length_der (str_len, (max_len > 0) ? der : NULL, &len_len);
+ asn1_length_der(str_len, (max_len > 0) ? der : NULL, &len_len);
- if ((len_len + str_len) <= max_len)
- memcpy (der + len_len, str, str_len);
- *der_len = len_len + str_len;
+ if ((len_len + str_len) <= max_len)
+ memcpy(der + len_len, str, str_len);
+ *der_len = len_len + str_len;
- if ((*der_len) > max_len)
- return ASN1_MEM_ERROR;
+ if ((*der_len) > max_len)
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -329,80 +325,73 @@ _asn1_get_utctime_der(unsigned char *der,int *der_len,unsigned char *str)
/* ASN1_SUCCESS otherwise */
/******************************************************/
static int
-_asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len)
+_asn1_objectid_der(unsigned char *str, unsigned char *der, int *der_len)
{
- int len_len, counter, k, first, max_len;
- char *temp, *n_end, *n_start;
- unsigned char bit7;
- unsigned long val, val1 = 0;
- int str_len = _asn1_strlen (str);
-
- max_len = *der_len;
-
- temp = malloc (str_len + 2);
- if (temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
-
- memcpy (temp, str, str_len);
- temp[str_len] = '.';
- temp[str_len + 1] = 0;
-
- counter = 0;
- n_start = temp;
- while ((n_end = strchr (n_start, '.')))
- {
- *n_end = 0;
- val = strtoul (n_start, NULL, 10);
- counter++;
-
- if (counter == 1)
- val1 = val;
- else if (counter == 2)
- {
- if (max_len > 0)
- der[0] = 40 * val1 + val;
- *der_len = 1;
- }
- else
- {
- first = 0;
- for (k = 4; k >= 0; k--)
- {
- bit7 = (val >> (k * 7)) & 0x7F;
- if (bit7 || first || !k)
- {
- if (k)
- bit7 |= 0x80;
- if (max_len > (*der_len))
- der[*der_len] = bit7;
- (*der_len)++;
- first = 1;
- }
- }
+ int len_len, counter, k, first, max_len;
+ char *temp, *n_end, *n_start;
+ unsigned char bit7;
+ unsigned long val, val1 = 0;
+ int str_len = _asn1_strlen(str);
+
+ max_len = *der_len;
+
+ temp = malloc(str_len + 2);
+ if (temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ memcpy(temp, str, str_len);
+ temp[str_len] = '.';
+ temp[str_len + 1] = 0;
+
+ counter = 0;
+ n_start = temp;
+ while ((n_end = strchr(n_start, '.'))) {
+ *n_end = 0;
+ val = strtoul(n_start, NULL, 10);
+ counter++;
+
+ if (counter == 1)
+ val1 = val;
+ else if (counter == 2) {
+ if (max_len > 0)
+ der[0] = 40 * val1 + val;
+ *der_len = 1;
+ } else {
+ first = 0;
+ for (k = 4; k >= 0; k--) {
+ bit7 = (val >> (k * 7)) & 0x7F;
+ if (bit7 || first || !k) {
+ if (k)
+ bit7 |= 0x80;
+ if (max_len > (*der_len))
+ der[*der_len] = bit7;
+ (*der_len)++;
+ first = 1;
+ }
+ }
+ }
+ n_start = n_end + 1;
}
- n_start = n_end + 1;
- }
- asn1_length_der (*der_len, NULL, &len_len);
- if (max_len >= (*der_len + len_len))
- {
- memmove (der + len_len, der, *der_len);
- asn1_length_der (*der_len, der, &len_len);
- }
- *der_len += len_len;
+ asn1_length_der(*der_len, NULL, &len_len);
+ if (max_len >= (*der_len + len_len)) {
+ memmove(der + len_len, der, *der_len);
+ asn1_length_der(*der_len, der, &len_len);
+ }
+ *der_len += len_len;
- free (temp);
+ free(temp);
- if (max_len < (*der_len))
- return ASN1_MEM_ERROR;
+ if (max_len < (*der_len))
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
static const unsigned char bit_mask[] =
- { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
+ { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
/**
* asn1_bit_der:
@@ -424,25 +413,25 @@ static const unsigned char bit_mask[] =
* asn1_length_der().
**/
void
-asn1_bit_der (const unsigned char *str, int bit_len,
- unsigned char *der, int *der_len)
+asn1_bit_der(const unsigned char *str, int bit_len,
+ unsigned char *der, int *der_len)
{
- int len_len, len_byte, len_pad;
+ int len_len, len_byte, len_pad;
- if (der == NULL)
- return;
+ if (der == NULL)
+ return;
- len_byte = bit_len >> 3;
- len_pad = 8 - (bit_len & 7);
- if (len_pad == 8)
- len_pad = 0;
- else
- len_byte++;
- asn1_length_der (len_byte + 1, der, &len_len);
- der[len_len] = len_pad;
- memcpy (der + len_len + 1, str, len_byte);
- der[len_len + len_byte] &= bit_mask[len_pad];
- *der_len = len_byte + len_len + 1;
+ len_byte = bit_len >> 3;
+ len_pad = 8 - (bit_len & 7);
+ if (len_pad == 8)
+ len_pad = 0;
+ else
+ len_byte++;
+ asn1_length_der(len_byte + 1, der, &len_len);
+ der[len_len] = len_pad;
+ memcpy(der + len_len + 1, str, len_byte);
+ der[len_len + len_byte] &= bit_mask[len_pad];
+ *der_len = len_byte + len_len + 1;
}
@@ -461,89 +450,117 @@ asn1_bit_der (const unsigned char *str, int bit_len,
/* otherwise ASN1_SUCCESS. */
/******************************************************/
static int
-_asn1_complete_explicit_tag (asn1_node node, unsigned char *der,
- int *counter, int *max_len)
+_asn1_complete_explicit_tag(asn1_node node, unsigned char *der,
+ int *counter, int *max_len)
{
- asn1_node p;
- int is_tag_implicit, len2, len3;
- unsigned char temp[SIZEOF_UNSIGNED_INT];
-
- is_tag_implicit = 0;
-
- if (node->type & CONST_TAG)
- {
- p = node->down;
- /* When there are nested tags we must complete them reverse to
- the order they were created. This is because completing a tag
- modifies all data within it, including the incomplete tags
- which store buffer positions -- simon@josefsson.org 2002-09-06
- */
- while (p->right)
- p = p->right;
- while (p && p != node->down->left)
- {
- if (type_field (p->type) == ASN1_ETYPE_TAG)
- {
- if (p->type & CONST_EXPLICIT)
- {
- len2 = strtol (p->name, NULL, 10);
- _asn1_set_name (p, NULL);
- asn1_length_der (*counter - len2, temp, &len3);
- if (len3 <= (*max_len))
- {
- memmove (der + len2 + len3, der + len2,
- *counter - len2);
- memcpy (der + len2, temp, len3);
- }
- *max_len -= len3;
- *counter += len3;
- is_tag_implicit = 0;
- }
- else
- { /* CONST_IMPLICIT */
- if (!is_tag_implicit)
- {
- is_tag_implicit = 1;
- }
+ asn1_node p;
+ int is_tag_implicit, len2, len3;
+ unsigned char temp[SIZEOF_UNSIGNED_INT];
+
+ is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG) {
+ p = node->down;
+ /* When there are nested tags we must complete them reverse to
+ the order they were created. This is because completing a tag
+ modifies all data within it, including the incomplete tags
+ which store buffer positions -- simon@josefsson.org 2002-09-06
+ */
+ while (p->right)
+ p = p->right;
+ while (p && p != node->down->left) {
+ if (type_field(p->type) == ASN1_ETYPE_TAG) {
+ if (p->type & CONST_EXPLICIT) {
+ len2 = strtol(p->name, NULL, 10);
+ _asn1_set_name(p, NULL);
+ asn1_length_der(*counter - len2,
+ temp, &len3);
+ if (len3 <= (*max_len)) {
+ memmove(der + len2 + len3,
+ der + len2,
+ *counter - len2);
+ memcpy(der + len2, temp,
+ len3);
+ }
+ *max_len -= len3;
+ *counter += len3;
+ is_tag_implicit = 0;
+ } else { /* CONST_IMPLICIT */
+ if (!is_tag_implicit) {
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->left;
}
- }
- p = p->left;
}
- }
- if (*max_len < 0)
- return ASN1_MEM_ERROR;
+ if (*max_len < 0)
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
-const tag_and_class_st _asn1_tags[] =
-{
- [ASN1_ETYPE_GENERALSTRING] = {ASN1_TAG_GENERALSTRING, ASN1_CLASS_UNIVERSAL, "type:GENERALSTRING"},
- [ASN1_ETYPE_NUMERIC_STRING] = {ASN1_TAG_NUMERIC_STRING, ASN1_CLASS_UNIVERSAL, "type:NUMERIC_STR"},
- [ASN1_ETYPE_IA5_STRING] = {ASN1_TAG_IA5_STRING, ASN1_CLASS_UNIVERSAL, "type:IA5_STR"},
- [ASN1_ETYPE_TELETEX_STRING] = {ASN1_TAG_TELETEX_STRING, ASN1_CLASS_UNIVERSAL, "type:TELETEX_STR"},
- [ASN1_ETYPE_PRINTABLE_STRING] = {ASN1_TAG_PRINTABLE_STRING, ASN1_CLASS_UNIVERSAL, "type:PRINTABLE_STR"},
- [ASN1_ETYPE_UNIVERSAL_STRING] = {ASN1_TAG_UNIVERSAL_STRING, ASN1_CLASS_UNIVERSAL, "type:UNIVERSAL_STR"},
- [ASN1_ETYPE_BMP_STRING] = {ASN1_TAG_BMP_STRING, ASN1_CLASS_UNIVERSAL, "type:BMP_STR"},
- [ASN1_ETYPE_UTF8_STRING] = {ASN1_TAG_UTF8_STRING, ASN1_CLASS_UNIVERSAL, "type:UTF8_STR"},
- [ASN1_ETYPE_VISIBLE_STRING] = {ASN1_TAG_VISIBLE_STRING, ASN1_CLASS_UNIVERSAL, "type:VISIBLE_STR"},
- [ASN1_ETYPE_OCTET_STRING] = {ASN1_TAG_OCTET_STRING, ASN1_CLASS_UNIVERSAL, "type:OCT_STR"},
- [ASN1_ETYPE_BIT_STRING] = {ASN1_TAG_BIT_STRING, ASN1_CLASS_UNIVERSAL, "type:BIT_STR"},
- [ASN1_ETYPE_OBJECT_ID] = {ASN1_TAG_OBJECT_ID, ASN1_CLASS_UNIVERSAL, "type:OBJ_ID"},
- [ASN1_ETYPE_NULL] = {ASN1_TAG_NULL, ASN1_CLASS_UNIVERSAL, "type:NULL"},
- [ASN1_ETYPE_BOOLEAN] = {ASN1_TAG_BOOLEAN, ASN1_CLASS_UNIVERSAL, "type:BOOLEAN"},
- [ASN1_ETYPE_INTEGER] = {ASN1_TAG_INTEGER, ASN1_CLASS_UNIVERSAL, "type:INTEGER"},
- [ASN1_ETYPE_ENUMERATED] = {ASN1_TAG_ENUMERATED, ASN1_CLASS_UNIVERSAL, "type:ENUMERATED"},
- [ASN1_ETYPE_SEQUENCE] = {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SEQUENCE"},
- [ASN1_ETYPE_SEQUENCE_OF] ={ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SEQ_OF"},
- [ASN1_ETYPE_SET] = {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SET"},
- [ASN1_ETYPE_SET_OF] = {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SET_OF"},
- [ASN1_ETYPE_GENERALIZED_TIME] = {ASN1_TAG_GENERALIZEDTime, ASN1_CLASS_UNIVERSAL, "type:GENERALIZED_TIME"},
- [ASN1_ETYPE_UTC_TIME] = {ASN1_TAG_UTCTime, ASN1_CLASS_UNIVERSAL, "type:UTC_TIME"},
+const tag_and_class_st _asn1_tags[] = {
+ [ASN1_ETYPE_GENERALSTRING] =
+ {ASN1_TAG_GENERALSTRING, ASN1_CLASS_UNIVERSAL,
+ "type:GENERALSTRING"},
+ [ASN1_ETYPE_NUMERIC_STRING] =
+ {ASN1_TAG_NUMERIC_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:NUMERIC_STR"},
+ [ASN1_ETYPE_IA5_STRING] =
+ {ASN1_TAG_IA5_STRING, ASN1_CLASS_UNIVERSAL, "type:IA5_STR"},
+ [ASN1_ETYPE_TELETEX_STRING] =
+ {ASN1_TAG_TELETEX_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:TELETEX_STR"},
+ [ASN1_ETYPE_PRINTABLE_STRING] =
+ {ASN1_TAG_PRINTABLE_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:PRINTABLE_STR"},
+ [ASN1_ETYPE_UNIVERSAL_STRING] =
+ {ASN1_TAG_UNIVERSAL_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:UNIVERSAL_STR"},
+ [ASN1_ETYPE_BMP_STRING] =
+ {ASN1_TAG_BMP_STRING, ASN1_CLASS_UNIVERSAL, "type:BMP_STR"},
+ [ASN1_ETYPE_UTF8_STRING] =
+ {ASN1_TAG_UTF8_STRING, ASN1_CLASS_UNIVERSAL, "type:UTF8_STR"},
+ [ASN1_ETYPE_VISIBLE_STRING] =
+ {ASN1_TAG_VISIBLE_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:VISIBLE_STR"},
+ [ASN1_ETYPE_OCTET_STRING] =
+ {ASN1_TAG_OCTET_STRING, ASN1_CLASS_UNIVERSAL, "type:OCT_STR"},
+ [ASN1_ETYPE_BIT_STRING] =
+ {ASN1_TAG_BIT_STRING, ASN1_CLASS_UNIVERSAL, "type:BIT_STR"},
+ [ASN1_ETYPE_OBJECT_ID] =
+ {ASN1_TAG_OBJECT_ID, ASN1_CLASS_UNIVERSAL, "type:OBJ_ID"},
+ [ASN1_ETYPE_NULL] =
+ {ASN1_TAG_NULL, ASN1_CLASS_UNIVERSAL, "type:NULL"},
+ [ASN1_ETYPE_BOOLEAN] =
+ {ASN1_TAG_BOOLEAN, ASN1_CLASS_UNIVERSAL, "type:BOOLEAN"},
+ [ASN1_ETYPE_INTEGER] =
+ {ASN1_TAG_INTEGER, ASN1_CLASS_UNIVERSAL, "type:INTEGER"},
+ [ASN1_ETYPE_ENUMERATED] =
+ {ASN1_TAG_ENUMERATED, ASN1_CLASS_UNIVERSAL, "type:ENUMERATED"},
+ [ASN1_ETYPE_SEQUENCE] =
+ {ASN1_TAG_SEQUENCE,
+ ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SEQUENCE"},
+ [ASN1_ETYPE_SEQUENCE_OF] =
+ {ASN1_TAG_SEQUENCE,
+ ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SEQ_OF"},
+ [ASN1_ETYPE_SET] =
+ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SET"},
+ [ASN1_ETYPE_SET_OF] =
+ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SET_OF"},
+ [ASN1_ETYPE_GENERALIZED_TIME] =
+ {ASN1_TAG_GENERALIZEDTime, ASN1_CLASS_UNIVERSAL,
+ "type:GENERALIZED_TIME"},
+ [ASN1_ETYPE_UTC_TIME] =
+ {ASN1_TAG_UTCTime, ASN1_CLASS_UNIVERSAL, "type:UTC_TIME"},
};
-unsigned int _asn1_tags_size = sizeof(_asn1_tags)/sizeof(_asn1_tags[0]);
+unsigned int _asn1_tags_size = sizeof(_asn1_tags) / sizeof(_asn1_tags[0]);
/******************************************************/
/* Function : _asn1_insert_tag_der */
@@ -561,104 +578,120 @@ unsigned int _asn1_tags_size = sizeof(_asn1_tags)/sizeof(_asn1_tags[0]);
/* otherwise ASN1_SUCCESS. */
/******************************************************/
static int
-_asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter,
- int *max_len)
+_asn1_insert_tag_der(asn1_node node, unsigned char *der, int *counter,
+ int *max_len)
{
- asn1_node p;
- int tag_len, is_tag_implicit;
- unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1];
- unsigned long tag_implicit = 0;
- unsigned char tag_der[MAX_TAG_LEN];
-
- is_tag_implicit = 0;
-
- if (node->type & CONST_TAG)
- {
- p = node->down;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_TAG)
- {
- if (p->type & CONST_APPLICATION)
- class = ASN1_CLASS_APPLICATION;
- else if (p->type & CONST_UNIVERSAL)
- class = ASN1_CLASS_UNIVERSAL;
- else if (p->type & CONST_PRIVATE)
- class = ASN1_CLASS_PRIVATE;
- else
- class = ASN1_CLASS_CONTEXT_SPECIFIC;
-
- if (p->type & CONST_EXPLICIT)
- {
- if (is_tag_implicit)
- _asn1_tag_der (class_implicit, tag_implicit, tag_der,
- &tag_len);
- else
- _asn1_tag_der (class | ASN1_CLASS_STRUCTURED,
- _asn1_strtoul (p->value, NULL, 10),
- tag_der, &tag_len);
-
- *max_len -= tag_len;
- if (*max_len >= 0)
- memcpy (der + *counter, tag_der, tag_len);
- *counter += tag_len;
-
- _asn1_ltostr (*counter, (char *) temp);
- _asn1_set_name (p, (const char *) temp);
-
- is_tag_implicit = 0;
- }
- else
- { /* CONST_IMPLICIT */
- if (!is_tag_implicit)
- {
- if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) ||
- (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) ||
- (type_field (node->type) == ASN1_ETYPE_SET) ||
- (type_field (node->type) == ASN1_ETYPE_SET_OF))
- class |= ASN1_CLASS_STRUCTURED;
- class_implicit = class;
- tag_implicit = _asn1_strtoul (p->value, NULL, 10);
- is_tag_implicit = 1;
- }
+ asn1_node p;
+ int tag_len, is_tag_implicit;
+ unsigned char class, class_implicit =
+ 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1];
+ unsigned long tag_implicit = 0;
+ unsigned char tag_der[MAX_TAG_LEN];
+
+ is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG) {
+ p = node->down;
+ while (p) {
+ if (type_field(p->type) == ASN1_ETYPE_TAG) {
+ if (p->type & CONST_APPLICATION)
+ class = ASN1_CLASS_APPLICATION;
+ else if (p->type & CONST_UNIVERSAL)
+ class = ASN1_CLASS_UNIVERSAL;
+ else if (p->type & CONST_PRIVATE)
+ class = ASN1_CLASS_PRIVATE;
+ else
+ class =
+ ASN1_CLASS_CONTEXT_SPECIFIC;
+
+ if (p->type & CONST_EXPLICIT) {
+ if (is_tag_implicit)
+ _asn1_tag_der
+ (class_implicit,
+ tag_implicit, tag_der,
+ &tag_len);
+ else
+ _asn1_tag_der(class |
+ ASN1_CLASS_STRUCTURED,
+ _asn1_strtoul
+ (p->value,
+ NULL, 10),
+ tag_der,
+ &tag_len);
+
+ *max_len -= tag_len;
+ if (*max_len >= 0)
+ memcpy(der + *counter,
+ tag_der, tag_len);
+ *counter += tag_len;
+
+ _asn1_ltostr(*counter,
+ (char *) temp);
+ _asn1_set_name(p,
+ (const char *)
+ temp);
+
+ is_tag_implicit = 0;
+ } else { /* CONST_IMPLICIT */
+ if (!is_tag_implicit) {
+ if ((type_field(node->type)
+ ==
+ ASN1_ETYPE_SEQUENCE)
+ ||
+ (type_field(node->type)
+ ==
+ ASN1_ETYPE_SEQUENCE_OF)
+ ||
+ (type_field(node->type)
+ == ASN1_ETYPE_SET)
+ ||
+ (type_field(node->type)
+ == ASN1_ETYPE_SET_OF))
+ class |=
+ ASN1_CLASS_STRUCTURED;
+ class_implicit = class;
+ tag_implicit =
+ _asn1_strtoul(p->value,
+ NULL,
+ 10);
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->right;
}
- }
- p = p->right;
}
- }
-
- if (is_tag_implicit)
- {
- _asn1_tag_der (class_implicit, tag_implicit, tag_der, &tag_len);
- }
- else
- {
- unsigned type = type_field (node->type);
- switch (type)
- {
- CASE_HANDLED_ETYPES:
- _asn1_tag_der (_asn1_tags[type].class, _asn1_tags[type].tag,
- tag_der, &tag_len);
- break;
- case ASN1_ETYPE_TAG:
- case ASN1_ETYPE_CHOICE:
- case ASN1_ETYPE_ANY:
- tag_len = 0;
- break;
- default:
- return ASN1_GENERIC_ERROR;
+
+ if (is_tag_implicit) {
+ _asn1_tag_der(class_implicit, tag_implicit, tag_der,
+ &tag_len);
+ } else {
+ unsigned type = type_field(node->type);
+ switch (type) {
+ CASE_HANDLED_ETYPES:
+ _asn1_tag_der(_asn1_tags[type].class,
+ _asn1_tags[type].tag, tag_der,
+ &tag_len);
+ break;
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_ANY:
+ tag_len = 0;
+ break;
+ default:
+ return ASN1_GENERIC_ERROR;
+ }
}
- }
- *max_len -= tag_len;
- if (*max_len >= 0)
- memcpy (der + *counter, tag_der, tag_len);
- *counter += tag_len;
+ *max_len -= tag_len;
+ if (*max_len >= 0)
+ memcpy(der + *counter, tag_der, tag_len);
+ *counter += tag_len;
- if (*max_len < 0)
- return ASN1_MEM_ERROR;
+ if (*max_len < 0)
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
/******************************************************/
@@ -671,108 +704,108 @@ _asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter,
/* Return: */
/******************************************************/
static void
-_asn1_ordering_set (unsigned char *der, int der_len, asn1_node node)
+_asn1_ordering_set(unsigned char *der, int der_len, asn1_node node)
{
- struct vet
- {
- int end;
- unsigned long value;
- struct vet *next, *prev;
- };
-
- int counter, len, len2;
- struct vet *first, *last, *p_vet, *p2_vet;
- asn1_node p;
- unsigned char class, *temp;
- unsigned long tag;
-
- counter = 0;
-
- if (type_field (node->type) != ASN1_ETYPE_SET)
- return;
+ struct vet {
+ int end;
+ unsigned long value;
+ struct vet *next, *prev;
+ };
- p = node->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
+ int counter, len, len2;
+ struct vet *first, *last, *p_vet, *p2_vet;
+ asn1_node p;
+ unsigned char class, *temp;
+ unsigned long tag;
- if ((p == NULL) || (p->right == NULL))
- return;
+ counter = 0;
- first = last = NULL;
- while (p)
- {
- p_vet = malloc (sizeof (struct vet));
- if (p_vet == NULL)
- return;
-
- p_vet->next = NULL;
- p_vet->prev = last;
- if (first == NULL)
- first = p_vet;
- else
- last->next = p_vet;
- last = p_vet;
-
- /* tag value calculation */
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return;
- p_vet->value = (class << 24) | tag;
- counter += len2;
-
- /* extraction and length */
- len2 = asn1_get_length_der (der + counter, der_len - counter, &len);
- if (len2 < 0)
- return;
- counter += len + len2;
-
- p_vet->end = counter;
- p = p->right;
- }
-
- p_vet = first;
-
- while (p_vet)
- {
- p2_vet = p_vet->next;
- counter = 0;
- while (p2_vet)
- {
- if (p_vet->value > p2_vet->value)
- {
- /* change position */
- temp = malloc (p_vet->end - counter);
- if (temp == NULL)
+ if (type_field(node->type) != ASN1_ETYPE_SET)
return;
- memcpy (temp, der + counter, p_vet->end - counter);
- memcpy (der + counter, der + p_vet->end,
- p2_vet->end - p_vet->end);
- memcpy (der + counter + p2_vet->end - p_vet->end, temp,
- p_vet->end - counter);
- free (temp);
-
- tag = p_vet->value;
- p_vet->value = p2_vet->value;
- p2_vet->value = tag;
+ p = node->down;
+ while ((type_field(p->type) == ASN1_ETYPE_TAG)
+ || (type_field(p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
- p_vet->end = counter + (p2_vet->end - p_vet->end);
- }
- counter = p_vet->end;
+ if ((p == NULL) || (p->right == NULL))
+ return;
- p2_vet = p2_vet->next;
- p_vet = p_vet->next;
+ first = last = NULL;
+ while (p) {
+ p_vet = malloc(sizeof(struct vet));
+ if (p_vet == NULL)
+ return;
+
+ p_vet->next = NULL;
+ p_vet->prev = last;
+ if (first == NULL)
+ first = p_vet;
+ else
+ last->next = p_vet;
+ last = p_vet;
+
+ /* tag value calculation */
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return;
+ p_vet->value = (class << 24) | tag;
+ counter += len2;
+
+ /* extraction and length */
+ len2 =
+ asn1_get_length_der(der + counter, der_len - counter,
+ &len);
+ if (len2 < 0)
+ return;
+ counter += len + len2;
+
+ p_vet->end = counter;
+ p = p->right;
}
- if (p_vet != first)
- p_vet->prev->next = NULL;
- else
- first = NULL;
- free (p_vet);
- p_vet = first;
- }
+ p_vet = first;
+
+ while (p_vet) {
+ p2_vet = p_vet->next;
+ counter = 0;
+ while (p2_vet) {
+ if (p_vet->value > p2_vet->value) {
+ /* change position */
+ temp = malloc(p_vet->end - counter);
+ if (temp == NULL)
+ return;
+
+ memcpy(temp, der + counter,
+ p_vet->end - counter);
+ memcpy(der + counter, der + p_vet->end,
+ p2_vet->end - p_vet->end);
+ memcpy(der + counter + p2_vet->end -
+ p_vet->end, temp,
+ p_vet->end - counter);
+ free(temp);
+
+ tag = p_vet->value;
+ p_vet->value = p2_vet->value;
+ p2_vet->value = tag;
+
+ p_vet->end =
+ counter + (p2_vet->end - p_vet->end);
+ }
+ counter = p_vet->end;
+
+ p2_vet = p2_vet->next;
+ p_vet = p_vet->next;
+ }
+
+ if (p_vet != first)
+ p_vet->prev->next = NULL;
+ else
+ first = NULL;
+ free(p_vet);
+ p_vet = first;
+ }
}
/******************************************************/
@@ -785,128 +818,127 @@ _asn1_ordering_set (unsigned char *der, int der_len, asn1_node node)
/* Return: */
/******************************************************/
static void
-_asn1_ordering_set_of (unsigned char *der, int der_len, asn1_node node)
+_asn1_ordering_set_of(unsigned char *der, int der_len, asn1_node node)
{
- struct vet
- {
- int end;
- struct vet *next, *prev;
- };
+ struct vet {
+ int end;
+ struct vet *next, *prev;
+ };
- int counter, len, len2, change;
- struct vet *first, *last, *p_vet, *p2_vet;
- asn1_node p;
- unsigned char *temp, class;
- unsigned long k, max;
+ int counter, len, len2, change;
+ struct vet *first, *last, *p_vet, *p2_vet;
+ asn1_node p;
+ unsigned char *temp, class;
+ unsigned long k, max;
- counter = 0;
+ counter = 0;
- if (type_field (node->type) != ASN1_ETYPE_SET_OF)
- return;
-
- p = node->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
- p = p->right;
-
- if ((p == NULL) || (p->right == NULL))
- return;
+ if (type_field(node->type) != ASN1_ETYPE_SET_OF)
+ return;
- first = last = NULL;
- while (p)
- {
- p_vet = malloc (sizeof (struct vet));
- if (p_vet == NULL)
- return;
-
- p_vet->next = NULL;
- p_vet->prev = last;
- if (first == NULL)
- first = p_vet;
- else
- last->next = p_vet;
- last = p_vet;
-
- /* extraction of tag and length */
- if (der_len - counter > 0)
- {
-
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len,
- NULL) != ASN1_SUCCESS)
- return;
- counter += len;
-
- len2 = asn1_get_length_der (der + counter, der_len - counter, &len);
- if (len2 < 0)
- return;
- counter += len + len2;
- }
+ p = node->down;
+ while ((type_field(p->type) == ASN1_ETYPE_TAG)
+ || (type_field(p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+ p = p->right;
- p_vet->end = counter;
- p = p->right;
- }
-
- p_vet = first;
-
- while (p_vet)
- {
- p2_vet = p_vet->next;
- counter = 0;
- while (p2_vet)
- {
- if ((p_vet->end - counter) > (p2_vet->end - p_vet->end))
- max = p_vet->end - counter;
- else
- max = p2_vet->end - p_vet->end;
-
- change = -1;
- for (k = 0; k < max; k++)
- if (der[counter + k] > der[p_vet->end + k])
- {
- change = 1;
- break;
- }
- else if (der[counter + k] < der[p_vet->end + k])
- {
- change = 0;
- break;
- }
-
- if ((change == -1)
- && ((p_vet->end - counter) > (p2_vet->end - p_vet->end)))
- change = 1;
-
- if (change == 1)
- {
- /* change position */
- temp = malloc (p_vet->end - counter);
- if (temp == NULL)
+ if ((p == NULL) || (p->right == NULL))
return;
- memcpy (temp, der + counter, (p_vet->end) - counter);
- memcpy (der + counter, der + (p_vet->end),
- (p2_vet->end) - (p_vet->end));
- memcpy (der + counter + (p2_vet->end) - (p_vet->end), temp,
- (p_vet->end) - counter);
- free (temp);
-
- p_vet->end = counter + (p2_vet->end - p_vet->end);
- }
- counter = p_vet->end;
+ first = last = NULL;
+ while (p) {
+ p_vet = malloc(sizeof(struct vet));
+ if (p_vet == NULL)
+ return;
+
+ p_vet->next = NULL;
+ p_vet->prev = last;
+ if (first == NULL)
+ first = p_vet;
+ else
+ last->next = p_vet;
+ last = p_vet;
+
+ /* extraction of tag and length */
+ if (der_len - counter > 0) {
+
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class,
+ &len, NULL) != ASN1_SUCCESS)
+ return;
+ counter += len;
+
+ len2 =
+ asn1_get_length_der(der + counter,
+ der_len - counter, &len);
+ if (len2 < 0)
+ return;
+ counter += len + len2;
+ }
- p2_vet = p2_vet->next;
- p_vet = p_vet->next;
+ p_vet->end = counter;
+ p = p->right;
}
- if (p_vet != first)
- p_vet->prev->next = NULL;
- else
- first = NULL;
- free (p_vet);
- p_vet = first;
- }
+ p_vet = first;
+
+ while (p_vet) {
+ p2_vet = p_vet->next;
+ counter = 0;
+ while (p2_vet) {
+ if ((p_vet->end - counter) >
+ (p2_vet->end - p_vet->end))
+ max = p_vet->end - counter;
+ else
+ max = p2_vet->end - p_vet->end;
+
+ change = -1;
+ for (k = 0; k < max; k++)
+ if (der[counter + k] > der[p_vet->end + k]) {
+ change = 1;
+ break;
+ } else if (der[counter + k] <
+ der[p_vet->end + k]) {
+ change = 0;
+ break;
+ }
+
+ if ((change == -1)
+ && ((p_vet->end - counter) >
+ (p2_vet->end - p_vet->end)))
+ change = 1;
+
+ if (change == 1) {
+ /* change position */
+ temp = malloc(p_vet->end - counter);
+ if (temp == NULL)
+ return;
+
+ memcpy(temp, der + counter,
+ (p_vet->end) - counter);
+ memcpy(der + counter, der + (p_vet->end),
+ (p2_vet->end) - (p_vet->end));
+ memcpy(der + counter + (p2_vet->end) -
+ (p_vet->end), temp,
+ (p_vet->end) - counter);
+ free(temp);
+
+ p_vet->end =
+ counter + (p2_vet->end - p_vet->end);
+ }
+ counter = p_vet->end;
+
+ p2_vet = p2_vet->next;
+ p_vet = p_vet->next;
+ }
+
+ if (p_vet != first)
+ p_vet->prev->next = NULL;
+ else
+ first = NULL;
+ free(p_vet);
+ p_vet = first;
+ }
}
/**
@@ -931,332 +963,334 @@ _asn1_ordering_set_of (unsigned char *der, int der_len, asn1_node node)
* length needed.
**/
int
-asn1_der_coding (asn1_node element, const char *name, void *ider, int *len,
- char *ErrorDescription)
+asn1_der_coding(asn1_node element, const char *name, void *ider, int *len,
+ char *ErrorDescription)
{
- asn1_node node, p, p2;
- unsigned char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
- int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old;
- int err;
- unsigned char *der = ider;
-
- node = asn1_find_node (element, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- /* Node is now a locally allocated variable.
- * That is because in some point we modify the
- * structure, and I don't know why! --nmav
- */
- node = _asn1_copy_structure3 (node);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- max_len = *len;
-
- counter = 0;
- move = DOWN;
- p = node;
- while (1)
- {
-
- counter_old = counter;
- max_len_old = max_len;
- if (move != UP)
- {
- err = _asn1_insert_tag_der (p, der, &counter, &max_len);
- if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
- goto error;
- }
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_NULL:
- max_len--;
- if (max_len >= 0)
- der[counter] = 0;
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_BOOLEAN:
- if ((p->type & CONST_DEFAULT) && (p->value == NULL))
- {
- counter = counter_old;
- max_len = max_len_old;
- }
- else
- {
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p,
- ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- max_len -= 2;
- if (max_len >= 0)
- {
- der[counter++] = 1;
- if (p->value[0] == 'F')
- der[counter++] = 0;
- else
- der[counter++] = 0xFF;
+ asn1_node node, p, p2;
+ unsigned char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
+ int counter, counter_old, len2, len3, tlen, move, max_len,
+ max_len_old;
+ int err;
+ unsigned char *der = ider;
+
+ node = asn1_find_node(element, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ /* Node is now a locally allocated variable.
+ * That is because in some point we modify the
+ * structure, and I don't know why! --nmav
+ */
+ node = _asn1_copy_structure3(node);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ max_len = *len;
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1) {
+
+ counter_old = counter;
+ max_len_old = max_len;
+ if (move != UP) {
+ err =
+ _asn1_insert_tag_der(p, der, &counter,
+ &max_len);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
}
- else
- counter += 2;
- }
- move = RIGHT;
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- if ((p->type & CONST_DEFAULT) && (p->value == NULL))
- {
- counter = counter_old;
- max_len = max_len_old;
- }
- else
- {
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p,
- ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_NULL:
+ max_len--;
+ if (max_len >= 0)
+ der[counter] = 0;
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if ((p->type & CONST_DEFAULT)
+ && (p->value == NULL)) {
+ counter = counter_old;
+ max_len = max_len_old;
+ } else {
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found
+ (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ max_len -= 2;
+ if (max_len >= 0) {
+ der[counter++] = 1;
+ if (p->value[0] == 'F')
+ der[counter++] = 0;
+ else
+ der[counter++] = 0xFF;
+ } else
+ counter += 2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if ((p->type & CONST_DEFAULT)
+ && (p->value == NULL)) {
+ counter = counter_old;
+ max_len = max_len_old;
+ } else {
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found
+ (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 =
+ asn1_get_length_der(p->value,
+ p->value_len,
+ &len3);
+ if (len2 < 0) {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (max_len >= 0)
+ memcpy(der + counter, p->value,
+ len3 + len2);
+ counter += len3 + len2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if ((p->type & CONST_DEFAULT)
+ && (p->value == NULL)) {
+ counter = counter_old;
+ max_len = max_len_old;
+ } else {
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found
+ (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = max_len;
+ err =
+ _asn1_objectid_der(p->value,
+ der + counter,
+ &len2);
+ if (err != ASN1_SUCCESS
+ && err != ASN1_MEM_ERROR)
+ goto error;
+
+ max_len -= len2;
+ counter += len2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found(p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = max_len;
+ err =
+ _asn1_time_der(p->value, p->value_len,
+ der + counter, &len2);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+
+ max_len -= len2;
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found(p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 =
+ asn1_get_length_der(p->value, p->value_len,
+ &len3);
+ if (len2 < 0) {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (max_len >= 0)
+ memcpy(der + counter, p->value,
+ len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move != UP) {
+ _asn1_ltostr(counter, (char *) temp);
+ tlen = _asn1_strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p, temp, tlen + 1);
+ if (p->down == NULL) {
+ move = UP;
+ continue;
+ } else {
+ p2 = p->down;
+ while (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_TAG))
+ p2 = p2->right;
+ if (p2) {
+ p = p2;
+ move = RIGHT;
+ continue;
+ }
+ move = UP;
+ continue;
+ }
+ } else { /* move==UP */
+ len2 = _asn1_strtol(p->value, NULL, 10);
+ _asn1_set_value(p, NULL, 0);
+ if ((type_field(p->type) == ASN1_ETYPE_SET)
+ && (max_len >= 0))
+ _asn1_ordering_set(der + len2,
+ max_len - len2,
+ p);
+ asn1_length_der(counter - len2, temp,
+ &len3);
+ max_len -= len3;
+ if (max_len >= 0) {
+ memmove(der + len2 + len3,
+ der + len2,
+ counter - len2);
+ memcpy(der + len2, temp, len3);
+ }
+ counter += len3;
+ move = RIGHT;
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move != UP) {
+ _asn1_ltostr(counter, (char *) temp);
+ tlen = _asn1_strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value(p, temp, tlen + 1);
+ p = p->down;
+ while ((type_field(p->type) ==
+ ASN1_ETYPE_TAG)
+ || (type_field(p->type) ==
+ ASN1_ETYPE_SIZE))
+ p = p->right;
+ if (p->right) {
+ p = p->right;
+ move = RIGHT;
+ continue;
+ } else
+ p = _asn1_find_up(p);
+ move = UP;
+ }
+ if (move == UP) {
+ len2 = _asn1_strtol(p->value, NULL, 10);
+ _asn1_set_value(p, NULL, 0);
+ if ((type_field(p->type) ==
+ ASN1_ETYPE_SET_OF)
+ && (max_len - len2 > 0)) {
+ _asn1_ordering_set_of(der + len2,
+ max_len -
+ len2, p);
+ }
+ asn1_length_der(counter - len2, temp,
+ &len3);
+ max_len -= len3;
+ if (max_len >= 0) {
+ memmove(der + len2 + len3,
+ der + len2,
+ counter - len2);
+ memcpy(der + len2, temp, len3);
+ }
+ counter += len3;
+ move = RIGHT;
+ }
+ break;
+ case ASN1_ETYPE_ANY:
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found(p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 =
+ asn1_get_length_der(p->value, p->value_len,
+ &len3);
+ if (len2 < 0) {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2;
+ if (max_len >= 0)
+ memcpy(der + counter, p->value + len3,
+ len2);
+ counter += len2;
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
}
- len2 = asn1_get_length_der (p->value, p->value_len, &len3);
- if (len2 < 0)
- {
- err = ASN1_DER_ERROR;
- goto error;
- }
- max_len -= len2 + len3;
- if (max_len >= 0)
- memcpy (der + counter, p->value, len3 + len2);
- counter += len3 + len2;
- }
- move = RIGHT;
- break;
- case ASN1_ETYPE_OBJECT_ID:
- if ((p->type & CONST_DEFAULT) && (p->value == NULL))
- {
- counter = counter_old;
- max_len = max_len_old;
- }
- else
- {
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p,
- ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- len2 = max_len;
- err = _asn1_objectid_der (p->value, der + counter, &len2);
- if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
- goto error;
- max_len -= len2;
- counter += len2;
- }
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p, ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- len2 = max_len;
- err = _asn1_time_der (p->value, p->value_len, der + counter, &len2);
- if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
- goto error;
-
- max_len -= len2;
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OCTET_STRING:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p, ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- len2 = asn1_get_length_der (p->value, p->value_len, &len3);
- if (len2 < 0)
- {
- err = ASN1_DER_ERROR;
- goto error;
- }
- max_len -= len2 + len3;
- if (max_len >= 0)
- memcpy (der + counter, p->value, len3 + len2);
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SET:
- if (move != UP)
- {
- _asn1_ltostr (counter, (char *) temp);
- tlen = _asn1_strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- if (p->down == NULL)
- {
- move = UP;
- continue;
- }
- else
- {
- p2 = p->down;
- while (p2 && (type_field (p2->type) == ASN1_ETYPE_TAG))
- p2 = p2->right;
- if (p2)
- {
- p = p2;
- move = RIGHT;
- continue;
- }
- move = UP;
- continue;
+ if ((move != DOWN) && (counter != counter_old)) {
+ err =
+ _asn1_complete_explicit_tag(p, der, &counter,
+ &max_len);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
}
- }
- else
- { /* move==UP */
- len2 = _asn1_strtol (p->value, NULL, 10);
- _asn1_set_value (p, NULL, 0);
- if ((type_field (p->type) == ASN1_ETYPE_SET) && (max_len >= 0))
- _asn1_ordering_set (der + len2, max_len - len2, p);
- asn1_length_der (counter - len2, temp, &len3);
- max_len -= len3;
- if (max_len >= 0)
- {
- memmove (der + len2 + len3, der + len2, counter - len2);
- memcpy (der + len2, temp, len3);
- }
- counter += len3;
- move = RIGHT;
- }
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (move != UP)
- {
- _asn1_ltostr (counter, (char *) temp);
- tlen = _asn1_strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- p = p->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
- if (p->right)
- {
- p = p->right;
- move = RIGHT;
- continue;
- }
- else
- p = _asn1_find_up (p);
- move = UP;
- }
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- _asn1_set_value (p, NULL, 0);
- if ((type_field (p->type) == ASN1_ETYPE_SET_OF)
- && (max_len - len2 > 0))
- {
- _asn1_ordering_set_of (der + len2, max_len - len2, p);
+
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- asn1_length_der (counter - len2, temp, &len3);
- max_len -= len3;
- if (max_len >= 0)
- {
- memmove (der + len2 + len3, der + len2, counter - len2);
- memcpy (der + len2, temp, len3);
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
}
- counter += len3;
- move = RIGHT;
- }
- break;
- case ASN1_ETYPE_ANY:
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p, ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- len2 = asn1_get_length_der (p->value, p->value_len, &len3);
- if (len2 < 0)
- {
- err = ASN1_DER_ERROR;
- goto error;
- }
- max_len -= len2;
- if (max_len >= 0)
- memcpy (der + counter, p->value + len3, len2);
- counter += len2;
- move = RIGHT;
- break;
- default:
- move = (move == UP) ? RIGHT : DOWN;
- break;
- }
-
- if ((move != DOWN) && (counter != counter_old))
- {
- err = _asn1_complete_explicit_tag (p, der, &counter, &max_len);
- if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
- goto error;
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (p == node && move != DOWN)
- break;
+ *len = counter;
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (max_len < 0) {
+ err = ASN1_MEM_ERROR;
+ goto error;
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
-
- *len = counter;
-
- if (max_len < 0)
- {
- err = ASN1_MEM_ERROR;
- goto error;
- }
- err = ASN1_SUCCESS;
+ err = ASN1_SUCCESS;
-error:
- asn1_delete_structure (&node);
- return err;
+ error:
+ asn1_delete_structure(&node);
+ return err;
}
diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c
index f02fe10686..40084d43b7 100644
--- a/lib/minitasn1/decoding.c
+++ b/lib/minitasn1/decoding.c
@@ -33,16 +33,18 @@
#include <limits.h>
static int
-_asn1_get_indefinite_length_string (const unsigned char *der, int *len);
+_asn1_get_indefinite_length_string(const unsigned char *der, int *len);
static void
-_asn1_error_description_tag_error (asn1_node node, char *ErrorDescription)
+_asn1_error_description_tag_error(asn1_node node, char *ErrorDescription)
{
- Estrcpy (ErrorDescription, ":: tag error near element '");
- _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription),
- ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
- Estrcat (ErrorDescription, "'");
+ Estrcpy(ErrorDescription, ":: tag error near element '");
+ _asn1_hierarchical_name(node,
+ ErrorDescription +
+ strlen(ErrorDescription),
+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
+ Estrcat(ErrorDescription, "'");
}
@@ -58,60 +60,52 @@ _asn1_error_description_tag_error (asn1_node node, char *ErrorDescription)
* length, or -2 when the value was too big to fit in a int, or -4
* when the decoded length value plus @len would exceed @der_len.
**/
-long
-asn1_get_length_der (const unsigned char *der, int der_len, int *len)
+long asn1_get_length_der(const unsigned char *der, int der_len, int *len)
{
- unsigned int ans, sum, last;
- int k, punt;
-
- *len = 0;
- if (der_len <= 0)
- return 0;
-
- if (!(der[0] & 128))
- {
- /* short form */
- *len = 1;
- ans = der[0];
- }
- else
- {
- /* Long form */
- k = der[0] & 0x7F;
- punt = 1;
- if (k)
- { /* definite length method */
- ans = 0;
- while (punt <= k && punt < der_len)
- {
- last = ans;
-
- ans = (ans*256) + der[punt++];
- if (ans < last)
- /* we wrapped around, no bignum support... */
- return -2;
- }
- }
- else
- { /* indefinite length method */
- *len = punt;
- return -1;
- }
+ unsigned int ans, sum, last;
+ int k, punt;
+
+ *len = 0;
+ if (der_len <= 0)
+ return 0;
+
+ if (!(der[0] & 128)) {
+ /* short form */
+ *len = 1;
+ ans = der[0];
+ } else {
+ /* Long form */
+ k = der[0] & 0x7F;
+ punt = 1;
+ if (k) { /* definite length method */
+ ans = 0;
+ while (punt <= k && punt < der_len) {
+ last = ans;
+
+ ans = (ans * 256) + der[punt++];
+ if (ans < last)
+ /* we wrapped around, no bignum support... */
+ return -2;
+ }
+ } else { /* indefinite length method */
+ *len = punt;
+ return -1;
+ }
- *len = punt;
- }
+ *len = punt;
+ }
- sum = ans + *len;
+ sum = ans + *len;
- /* check for overflow as well INT_MAX as a maximum upper
- * limit for length */
- if (sum >= INT_MAX || sum < ans)
- return -2;
+ /* check for overflow as well INT_MAX as a maximum upper
+ * limit for length */
+ if (sum >= INT_MAX || sum < ans)
+ return -2;
- if (((int) sum) > der_len)
- return -4;
+ if (((int) sum) > der_len)
+ return -4;
- return ans;
+ return ans;
}
/**
@@ -127,52 +121,48 @@ asn1_get_length_der (const unsigned char *der, int der_len, int *len)
* Returns: Returns %ASN1_SUCCESS on success, or an error.
**/
int
-asn1_get_tag_der (const unsigned char *der, int der_len,
- unsigned char *cls, int *len, unsigned long *tag)
+asn1_get_tag_der(const unsigned char *der, int der_len,
+ unsigned char *cls, int *len, unsigned long *tag)
{
- unsigned int ris;
- int punt;
- unsigned int last;
-
- if (der == NULL || der_len < 2 || len == NULL)
- return ASN1_DER_ERROR;
-
- *cls = der[0] & 0xE0;
- if ((der[0] & 0x1F) != 0x1F)
- {
- /* short form */
- *len = 1;
- ris = der[0] & 0x1F;
- }
- else
- {
- /* Long form */
- punt = 1;
- ris = 0;
- while (punt <= der_len && der[punt] & 128)
- {
- last = ris;
-
- ris = (ris * 128) + (der[punt++] & 0x7F);
- if (ris < last)
- /* wrapped around, and no bignums... */
- return ASN1_DER_ERROR;
- }
+ unsigned int ris;
+ int punt;
+ unsigned int last;
- if (punt >= der_len)
- return ASN1_DER_ERROR;
+ if (der == NULL || der_len < 2 || len == NULL)
+ return ASN1_DER_ERROR;
- last = ris;
+ *cls = der[0] & 0xE0;
+ if ((der[0] & 0x1F) != 0x1F) {
+ /* short form */
+ *len = 1;
+ ris = der[0] & 0x1F;
+ } else {
+ /* Long form */
+ punt = 1;
+ ris = 0;
+ while (punt <= der_len && der[punt] & 128) {
+ last = ris;
+
+ ris = (ris * 128) + (der[punt++] & 0x7F);
+ if (ris < last)
+ /* wrapped around, and no bignums... */
+ return ASN1_DER_ERROR;
+ }
+
+ if (punt >= der_len)
+ return ASN1_DER_ERROR;
- ris = (ris * 128) + (der[punt++] & 0x7F);
- if (ris < last)
- return ASN1_DER_ERROR;
+ last = ris;
- *len = punt;
- }
- if (tag)
- *tag = ris;
- return ASN1_SUCCESS;
+ ris = (ris * 128) + (der[punt++] & 0x7F);
+ if (ris < last)
+ return ASN1_DER_ERROR;
+
+ *len = punt;
+ }
+ if (tag)
+ *tag = ris;
+ return ASN1_SUCCESS;
}
/**
@@ -190,22 +180,20 @@ asn1_get_tag_der (const unsigned char *der, int der_len,
*
* Since: 2.0
**/
-long
-asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len)
+long asn1_get_length_ber(const unsigned char *ber, int ber_len, int *len)
{
- int ret;
- long err;
-
- ret = asn1_get_length_der (ber, ber_len, len);
- if (ret == -1)
- { /* indefinite length method */
- ret = ber_len;
- err = _asn1_get_indefinite_length_string (ber + 1, &ret);
- if (err != ASN1_SUCCESS)
- return -3;
- }
-
- return ret;
+ int ret;
+ long err;
+
+ ret = asn1_get_length_der(ber, ber_len, len);
+ if (ret == -1) { /* indefinite length method */
+ ret = ber_len;
+ err = _asn1_get_indefinite_length_string(ber + 1, &ret);
+ if (err != ASN1_SUCCESS)
+ return -3;
+ }
+
+ return ret;
}
/**
@@ -222,111 +210,109 @@ asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len)
* Returns: Returns %ASN1_SUCCESS on success, or an error.
**/
int
-asn1_get_octet_der (const unsigned char *der, int der_len,
- int *ret_len, unsigned char *str, int str_size,
- int *str_len)
+asn1_get_octet_der(const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str, int str_size,
+ int *str_len)
{
- int len_len;
+ int len_len;
- if (der_len <= 0)
- return ASN1_GENERIC_ERROR;
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
- /* if(str==NULL) return ASN1_SUCCESS; */
- *str_len = asn1_get_length_der (der, der_len, &len_len);
+ /* if(str==NULL) return ASN1_SUCCESS; */
+ *str_len = asn1_get_length_der(der, der_len, &len_len);
- if (*str_len < 0)
- return ASN1_DER_ERROR;
+ if (*str_len < 0)
+ return ASN1_DER_ERROR;
- *ret_len = *str_len + len_len;
- if (str_size >= *str_len)
- memcpy (str, der + len_len, *str_len);
- else
- {
- return ASN1_MEM_ERROR;
- }
+ *ret_len = *str_len + len_len;
+ if (str_size >= *str_len)
+ memcpy(str, der + len_len, *str_len);
+ else {
+ return ASN1_MEM_ERROR;
+ }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
/* Returns ASN1_SUCCESS on success or an error code on error.
*/
static int
-_asn1_get_time_der (const unsigned char *der, int der_len, int *ret_len,
- char *str, int str_size)
+_asn1_get_time_der(const unsigned char *der, int der_len, int *ret_len,
+ char *str, int str_size)
{
- int len_len, str_len;
-
- if (der_len <= 0 || str == NULL)
- return ASN1_DER_ERROR;
- str_len = asn1_get_length_der (der, der_len, &len_len);
- if (str_len < 0 || str_size < str_len)
- return ASN1_DER_ERROR;
- memcpy (str, der + len_len, str_len);
- str[str_len] = 0;
- *ret_len = str_len + len_len;
-
- return ASN1_SUCCESS;
+ int len_len, str_len;
+
+ if (der_len <= 0 || str == NULL)
+ return ASN1_DER_ERROR;
+ str_len = asn1_get_length_der(der, der_len, &len_len);
+ if (str_len < 0 || str_size < str_len)
+ return ASN1_DER_ERROR;
+ memcpy(str, der + len_len, str_len);
+ str[str_len] = 0;
+ *ret_len = str_len + len_len;
+
+ return ASN1_SUCCESS;
}
static int
-_asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len,
- char *str, int str_size)
+_asn1_get_objectid_der(const unsigned char *der, int der_len, int *ret_len,
+ char *str, int str_size)
{
- int len_len, len, k;
- int leading;
- char temp[20];
- unsigned long val, val1, prev_val;
-
- *ret_len = 0;
- if (str && str_size > 0)
- str[0] = 0; /* no oid */
-
- if (str == NULL || der_len <= 0)
- return ASN1_GENERIC_ERROR;
- len = asn1_get_length_der (der, der_len, &len_len);
-
- if (len < 0 || len > der_len || len_len > der_len)
- return ASN1_DER_ERROR;
-
- val1 = der[len_len] / 40;
- val = der[len_len] - val1 * 40;
-
- _asn1_str_cpy (str, str_size, _asn1_ltostr (val1, temp));
- _asn1_str_cat (str, str_size, ".");
- _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp));
-
- prev_val = 0;
- val = 0;
- leading = 1;
- for (k = 1; k < len; k++)
- {
- /* X.690 mandates that the leading byte must never be 0x80
- */
- if (leading != 0 && der[len_len + k] == 0x80)
- return ASN1_DER_ERROR;
- leading = 0;
-
- /* check for wrap around */
- val = val << 7;
- val |= der[len_len + k] & 0x7F;
-
- if (val < prev_val)
- return ASN1_DER_ERROR;
-
- prev_val = val;
-
- if (!(der[len_len + k] & 0x80))
- {
- _asn1_str_cat (str, str_size, ".");
- _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp));
- val = 0;
- prev_val = 0;
- leading = 1;
+ int len_len, len, k;
+ int leading;
+ char temp[20];
+ unsigned long val, val1, prev_val;
+
+ *ret_len = 0;
+ if (str && str_size > 0)
+ str[0] = 0; /* no oid */
+
+ if (str == NULL || der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+ len = asn1_get_length_der(der, der_len, &len_len);
+
+ if (len < 0 || len > der_len || len_len > der_len)
+ return ASN1_DER_ERROR;
+
+ val1 = der[len_len] / 40;
+ val = der[len_len] - val1 * 40;
+
+ _asn1_str_cpy(str, str_size, _asn1_ltostr(val1, temp));
+ _asn1_str_cat(str, str_size, ".");
+ _asn1_str_cat(str, str_size, _asn1_ltostr(val, temp));
+
+ prev_val = 0;
+ val = 0;
+ leading = 1;
+ for (k = 1; k < len; k++) {
+ /* X.690 mandates that the leading byte must never be 0x80
+ */
+ if (leading != 0 && der[len_len + k] == 0x80)
+ return ASN1_DER_ERROR;
+ leading = 0;
+
+ /* check for wrap around */
+ val = val << 7;
+ val |= der[len_len + k] & 0x7F;
+
+ if (val < prev_val)
+ return ASN1_DER_ERROR;
+
+ prev_val = val;
+
+ if (!(der[len_len + k] & 0x80)) {
+ _asn1_str_cat(str, str_size, ".");
+ _asn1_str_cat(str, str_size,
+ _asn1_ltostr(val, temp));
+ val = 0;
+ prev_val = 0;
+ leading = 1;
+ }
}
- }
- *ret_len = len + len_len;
+ *ret_len = len + len_len;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
/**
@@ -343,433 +329,429 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len,
* Returns: Return %ASN1_SUCCESS on success, or an error.
**/
int
-asn1_get_bit_der (const unsigned char *der, int der_len,
- int *ret_len, unsigned char *str, int str_size,
- int *bit_len)
+asn1_get_bit_der(const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str, int str_size,
+ int *bit_len)
{
- int len_len, len_byte;
+ int len_len, len_byte;
- if (der_len <= 0)
- return ASN1_GENERIC_ERROR;
- len_byte = asn1_get_length_der (der, der_len, &len_len) - 1;
- if (len_byte < 0)
- return ASN1_DER_ERROR;
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+ len_byte = asn1_get_length_der(der, der_len, &len_len) - 1;
+ if (len_byte < 0)
+ return ASN1_DER_ERROR;
- *ret_len = len_byte + len_len + 1;
- *bit_len = len_byte * 8 - der[len_len];
+ *ret_len = len_byte + len_len + 1;
+ *bit_len = len_byte * 8 - der[len_len];
- if (str_size >= len_byte)
- memcpy (str, der + len_len + 1, len_byte);
- else
- {
- return ASN1_MEM_ERROR;
- }
+ if (str_size >= len_byte)
+ memcpy(str, der + len_len + 1, len_byte);
+ else {
+ return ASN1_MEM_ERROR;
+ }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
static int
-_asn1_extract_tag_der (asn1_node node, const unsigned char *der, int der_len,
- int *ret_len)
+_asn1_extract_tag_der(asn1_node node, const unsigned char *der,
+ int der_len, int *ret_len)
{
- asn1_node p;
- int counter, len2, len3, is_tag_implicit;
- unsigned long tag, tag_implicit = 0;
- unsigned char class, class2, class_implicit = 0;
-
- if (der_len <= 0)
- return ASN1_GENERIC_ERROR;
-
- counter = is_tag_implicit = 0;
-
- if (node->type & CONST_TAG)
- {
- p = node->down;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_TAG)
- {
- if (p->type & CONST_APPLICATION)
- class2 = ASN1_CLASS_APPLICATION;
- else if (p->type & CONST_UNIVERSAL)
- class2 = ASN1_CLASS_UNIVERSAL;
- else if (p->type & CONST_PRIVATE)
- class2 = ASN1_CLASS_PRIVATE;
- else
- class2 = ASN1_CLASS_CONTEXT_SPECIFIC;
-
- if (p->type & CONST_EXPLICIT)
- {
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
-
- if (counter + len2 > der_len)
- return ASN1_DER_ERROR;
- counter += len2;
-
- len3 =
- asn1_get_length_ber (der + counter, der_len - counter,
- &len2);
- if (len3 < 0)
- return ASN1_DER_ERROR;
-
- counter += len2;
- if (counter > der_len)
- return ASN1_DER_ERROR;
-
- if (!is_tag_implicit)
- {
- if ((class != (class2 | ASN1_CLASS_STRUCTURED)) ||
- (tag != strtoul ((char *) p->value, NULL, 10)))
- return ASN1_TAG_ERROR;
- }
- else
- { /* ASN1_TAG_IMPLICIT */
- if ((class != class_implicit) || (tag != tag_implicit))
- return ASN1_TAG_ERROR;
- }
- is_tag_implicit = 0;
- }
- else
- { /* ASN1_TAG_IMPLICIT */
- if (!is_tag_implicit)
- {
- if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) ||
- (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) ||
- (type_field (node->type) == ASN1_ETYPE_SET) ||
- (type_field (node->type) == ASN1_ETYPE_SET_OF))
- class2 |= ASN1_CLASS_STRUCTURED;
- class_implicit = class2;
- tag_implicit = strtoul ((char *) p->value, NULL, 10);
- is_tag_implicit = 1;
- }
+ asn1_node p;
+ int counter, len2, len3, is_tag_implicit;
+ unsigned long tag, tag_implicit = 0;
+ unsigned char class, class2, class_implicit = 0;
+
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+ counter = is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG) {
+ p = node->down;
+ while (p) {
+ if (type_field(p->type) == ASN1_ETYPE_TAG) {
+ if (p->type & CONST_APPLICATION)
+ class2 = ASN1_CLASS_APPLICATION;
+ else if (p->type & CONST_UNIVERSAL)
+ class2 = ASN1_CLASS_UNIVERSAL;
+ else if (p->type & CONST_PRIVATE)
+ class2 = ASN1_CLASS_PRIVATE;
+ else
+ class2 =
+ ASN1_CLASS_CONTEXT_SPECIFIC;
+
+ if (p->type & CONST_EXPLICIT) {
+ if (asn1_get_tag_der
+ (der + counter,
+ der_len - counter, &class,
+ &len2, &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
+ counter += len2;
+
+ len3 =
+ asn1_get_length_ber(der +
+ counter,
+ der_len -
+ counter,
+ &len2);
+ if (len3 < 0)
+ return ASN1_DER_ERROR;
+
+ counter += len2;
+ if (counter > der_len)
+ return ASN1_DER_ERROR;
+
+ if (!is_tag_implicit) {
+ if ((class !=
+ (class2 |
+ ASN1_CLASS_STRUCTURED))
+ || (tag !=
+ strtoul((char *)
+ p->value,
+ NULL, 10)))
+ return
+ ASN1_TAG_ERROR;
+ } else { /* ASN1_TAG_IMPLICIT */
+ if ((class !=
+ class_implicit)
+ || (tag !=
+ tag_implicit))
+ return
+ ASN1_TAG_ERROR;
+ }
+ is_tag_implicit = 0;
+ } else { /* ASN1_TAG_IMPLICIT */
+ if (!is_tag_implicit) {
+ if ((type_field(node->type)
+ ==
+ ASN1_ETYPE_SEQUENCE)
+ ||
+ (type_field(node->type)
+ ==
+ ASN1_ETYPE_SEQUENCE_OF)
+ ||
+ (type_field(node->type)
+ == ASN1_ETYPE_SET)
+ ||
+ (type_field(node->type)
+ == ASN1_ETYPE_SET_OF))
+ class2 |=
+ ASN1_CLASS_STRUCTURED;
+ class_implicit = class2;
+ tag_implicit =
+ strtoul((char *) p->
+ value, NULL,
+ 10);
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->right;
}
- }
- p = p->right;
- }
- }
-
- if (is_tag_implicit)
- {
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
- if (counter + len2 > der_len)
- return ASN1_DER_ERROR;
-
- if ((class != class_implicit) || (tag != tag_implicit))
- {
- if (type_field (node->type) == ASN1_ETYPE_OCTET_STRING)
- {
- class_implicit |= ASN1_CLASS_STRUCTURED;
- if ((class != class_implicit) || (tag != tag_implicit))
- return ASN1_TAG_ERROR;
- }
- else
- return ASN1_TAG_ERROR;
- }
- }
- else
- {
- unsigned type = type_field (node->type);
- if (type == ASN1_ETYPE_TAG)
- {
- counter = 0;
- *ret_len = counter;
- return ASN1_SUCCESS;
}
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
-
- if (counter + len2 > der_len)
- return ASN1_DER_ERROR;
-
- switch (type)
- {
- case ASN1_ETYPE_NULL:
- case ASN1_ETYPE_BOOLEAN:
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- case ASN1_ETYPE_OBJECT_ID:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET:
- case ASN1_ETYPE_SET_OF:
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- if ((class != _asn1_tags[type].class) || (tag != _asn1_tags[type].tag))
- return ASN1_DER_ERROR;
- break;
-
- case ASN1_ETYPE_OCTET_STRING:
- /* OCTET STRING is handled differently to allow
- * BER encodings (structured class). */
- if (((class != ASN1_CLASS_UNIVERSAL)
- && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)))
- || (tag != ASN1_TAG_OCTET_STRING))
- return ASN1_DER_ERROR;
- break;
- case ASN1_ETYPE_ANY:
- counter -= len2;
- break;
- default:
- return ASN1_DER_ERROR;
- break;
- }
- }
+ if (is_tag_implicit) {
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
- counter += len2;
- *ret_len = counter;
- return ASN1_SUCCESS;
-}
+ if ((class != class_implicit) || (tag != tag_implicit)) {
+ if (type_field(node->type) ==
+ ASN1_ETYPE_OCTET_STRING) {
+ class_implicit |= ASN1_CLASS_STRUCTURED;
+ if ((class != class_implicit)
+ || (tag != tag_implicit))
+ return ASN1_TAG_ERROR;
+ } else
+ return ASN1_TAG_ERROR;
+ }
+ } else {
+ unsigned type = type_field(node->type);
+ if (type == ASN1_ETYPE_TAG) {
+ counter = 0;
+ *ret_len = counter;
+ return ASN1_SUCCESS;
+ }
+
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
-static int
-_asn1_delete_not_used (asn1_node node)
-{
- asn1_node p, p2;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- while (p)
- {
- if (p->type & CONST_NOT_USED)
- {
- p2 = NULL;
- if (p != node)
- {
- p2 = _asn1_find_left (p);
- if (!p2)
- p2 = _asn1_find_up (p);
- }
- asn1_delete_structure (&p);
- p = p2;
- }
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
- if (!p)
- break; /* reach node */
+ switch (type) {
+ case ASN1_ETYPE_NULL:
+ case ASN1_ETYPE_BOOLEAN:
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ case ASN1_ETYPE_OBJECT_ID:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET:
+ case ASN1_ETYPE_SET_OF:
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if ((class != _asn1_tags[type].class)
+ || (tag != _asn1_tags[type].tag))
+ return ASN1_DER_ERROR;
+ break;
- if (p->down)
- {
- p = p->down;
+ case ASN1_ETYPE_OCTET_STRING:
+ /* OCTET STRING is handled differently to allow
+ * BER encodings (structured class). */
+ if (((class != ASN1_CLASS_UNIVERSAL)
+ && (class !=
+ (ASN1_CLASS_UNIVERSAL |
+ ASN1_CLASS_STRUCTURED)))
+ || (tag != ASN1_TAG_OCTET_STRING))
+ return ASN1_DER_ERROR;
+ break;
+ case ASN1_ETYPE_ANY:
+ counter -= len2;
+ break;
+ default:
+ return ASN1_DER_ERROR;
+ break;
+ }
}
- else
- {
- if (p == node)
- p = NULL;
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == node)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
- }
+
+ counter += len2;
+ *ret_len = counter;
+ return ASN1_SUCCESS;
+}
+
+static int _asn1_delete_not_used(asn1_node node)
+{
+ asn1_node p, p2;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p) {
+ if (p->type & CONST_NOT_USED) {
+ p2 = NULL;
+ if (p != node) {
+ p2 = _asn1_find_left(p);
+ if (!p2)
+ p2 = _asn1_find_up(p);
+ }
+ asn1_delete_structure(&p);
+ p = p2;
+ }
+
+ if (!p)
+ break; /* reach node */
+
+ if (p->down) {
+ p = p->down;
+ } else {
+ if (p == node)
+ p = NULL;
+ else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == node) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
+ }
}
- }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
static int
-_asn1_extract_der_octet (asn1_node node, const unsigned char *der,
- int der_len)
+_asn1_extract_der_octet(asn1_node node, const unsigned char *der,
+ int der_len)
{
- int len2, len3;
- int counter2, counter_end;
+ int len2, len3;
+ int counter2, counter_end;
- len2 = asn1_get_length_der (der, der_len, &len3);
- if (len2 < -1)
- return ASN1_DER_ERROR;
+ len2 = asn1_get_length_der(der, der_len, &len3);
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
- counter2 = len3 + 1;
+ counter2 = len3 + 1;
- if (len2 == -1)
- counter_end = der_len - 2;
- else
- counter_end = der_len;
+ if (len2 == -1)
+ counter_end = der_len - 2;
+ else
+ counter_end = der_len;
- while (counter2 < counter_end)
- {
- len2 = asn1_get_length_der (der + counter2, der_len - counter2, &len3);
+ while (counter2 < counter_end) {
+ len2 =
+ asn1_get_length_der(der + counter2, der_len - counter2,
+ &len3);
- if (len2 < -1)
- return ASN1_DER_ERROR;
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
- if (len2 > 0)
- {
- _asn1_append_value (node, der + counter2 + len3, len2);
- }
- else
- { /* indefinite */
-
- len2 =
- _asn1_extract_der_octet (node, der + counter2 + len3,
- der_len - counter2 - len3);
- if (len2 < 0)
- return len2;
- }
+ if (len2 > 0) {
+ _asn1_append_value(node, der + counter2 + len3,
+ len2);
+ } else { /* indefinite */
- counter2 += len2 + len3 + 1;
- }
+ len2 =
+ _asn1_extract_der_octet(node,
+ der + counter2 + len3,
+ der_len - counter2 -
+ len3);
+ if (len2 < 0)
+ return len2;
+ }
- return ASN1_SUCCESS;
+ counter2 += len2 + len3 + 1;
+ }
+
+ return ASN1_SUCCESS;
}
static int
-_asn1_get_octet_string (const unsigned char *der, asn1_node node, int *len)
+_asn1_get_octet_string(const unsigned char *der, asn1_node node, int *len)
{
- int len2, len3, counter, tot_len, indefinite;
-
- counter = 0;
-
- if (*(der - 1) & ASN1_CLASS_STRUCTURED)
- {
- tot_len = 0;
- indefinite = asn1_get_length_der (der, *len, &len3);
- if (indefinite < -1)
- return ASN1_DER_ERROR;
-
- counter += len3;
- if (indefinite >= 0)
- indefinite += len3;
-
- while (1)
- {
- if (counter > (*len))
- return ASN1_DER_ERROR;
-
- if (indefinite == -1)
- {
- if ((der[counter] == 0) && (der[counter + 1] == 0))
- {
- counter += 2;
- break;
- }
- }
- else if (counter >= indefinite)
- break;
+ int len2, len3, counter, tot_len, indefinite;
+
+ counter = 0;
- if (der[counter] != ASN1_TAG_OCTET_STRING)
- return ASN1_DER_ERROR;
+ if (*(der - 1) & ASN1_CLASS_STRUCTURED) {
+ tot_len = 0;
+ indefinite = asn1_get_length_der(der, *len, &len3);
+ if (indefinite < -1)
+ return ASN1_DER_ERROR;
- counter++;
+ counter += len3;
+ if (indefinite >= 0)
+ indefinite += len3;
- len2 = asn1_get_length_der (der + counter, *len - counter, &len3);
- if (len2 <= 0)
- return ASN1_DER_ERROR;
+ while (1) {
+ if (counter > (*len))
+ return ASN1_DER_ERROR;
- counter += len3 + len2;
- tot_len += len2;
- }
+ if (indefinite == -1) {
+ if ((der[counter] == 0)
+ && (der[counter + 1] == 0)) {
+ counter += 2;
+ break;
+ }
+ } else if (counter >= indefinite)
+ break;
+
+ if (der[counter] != ASN1_TAG_OCTET_STRING)
+ return ASN1_DER_ERROR;
- /* copy */
- if (node)
- {
- unsigned char temp[DER_LEN];
- int ret;
+ counter++;
- len2 = sizeof (temp);
+ len2 =
+ asn1_get_length_der(der + counter,
+ *len - counter, &len3);
+ if (len2 <= 0)
+ return ASN1_DER_ERROR;
- asn1_length_der (tot_len, temp, &len2);
- _asn1_set_value (node, temp, len2);
+ counter += len3 + len2;
+ tot_len += len2;
+ }
- ret = _asn1_extract_der_octet (node, der, *len);
- if (ret != ASN1_SUCCESS)
- return ret;
+ /* copy */
+ if (node) {
+ unsigned char temp[DER_LEN];
+ int ret;
- }
- }
- else
- { /* NOT STRUCTURED */
- len2 = asn1_get_length_der (der, *len, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
+ len2 = sizeof(temp);
+
+ asn1_length_der(tot_len, temp, &len2);
+ _asn1_set_value(node, temp, len2);
+
+ ret = _asn1_extract_der_octet(node, der, *len);
+ if (ret != ASN1_SUCCESS)
+ return ret;
+
+ }
+ } else { /* NOT STRUCTURED */
+ len2 = asn1_get_length_der(der, *len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
- counter = len3 + len2;
- if (node)
- _asn1_set_value (node, der, counter);
- }
+ counter = len3 + len2;
+ if (node)
+ _asn1_set_value(node, der, counter);
+ }
- *len = counter;
- return ASN1_SUCCESS;
+ *len = counter;
+ return ASN1_SUCCESS;
}
static int
-_asn1_get_indefinite_length_string (const unsigned char *der, int *len)
+_asn1_get_indefinite_length_string(const unsigned char *der, int *len)
{
- int len2, len3, counter, indefinite;
- unsigned long tag;
- unsigned char class;
-
- counter = indefinite = 0;
-
- while (1)
- {
- if ((*len) < counter)
- return ASN1_DER_ERROR;
-
- if ((der[counter] == 0) && (der[counter + 1] == 0))
- {
- counter += 2;
- indefinite--;
- if (indefinite <= 0)
- break;
- else
- continue;
- }
+ int len2, len3, counter, indefinite;
+ unsigned long tag;
+ unsigned char class;
- if (asn1_get_tag_der
- (der + counter, *len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
- if (counter + len2 > *len)
- return ASN1_DER_ERROR;
- counter += len2;
- len2 = asn1_get_length_der (der + counter, *len - counter, &len3);
- if (len2 < -1)
- return ASN1_DER_ERROR;
- if (len2 == -1)
- {
- indefinite++;
- counter += 1;
- }
- else
- {
- counter += len2 + len3;
+ counter = indefinite = 0;
+
+ while (1) {
+ if ((*len) < counter)
+ return ASN1_DER_ERROR;
+
+ if ((der[counter] == 0) && (der[counter + 1] == 0)) {
+ counter += 2;
+ indefinite--;
+ if (indefinite <= 0)
+ break;
+ else
+ continue;
+ }
+
+ if (asn1_get_tag_der
+ (der + counter, *len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > *len)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ len2 =
+ asn1_get_length_der(der + counter, *len - counter,
+ &len3);
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
+ if (len2 == -1) {
+ indefinite++;
+ counter += 1;
+ } else {
+ counter += len2 + len3;
+ }
}
- }
- *len = counter;
- return ASN1_SUCCESS;
+ *len = counter;
+ return ASN1_SUCCESS;
}
@@ -793,555 +775,563 @@ _asn1_get_indefinite_length_string (const unsigned char *der, int *len)
* name (*@ELEMENT deleted).
**/
int
-asn1_der_decoding (asn1_node * element, const void *ider, int len,
- char *errorDescription)
+asn1_der_decoding(asn1_node * element, const void *ider, int len,
+ char *errorDescription)
{
- asn1_node node, p, p2, p3;
- char temp[128];
- int counter, len2, len3, len4, move, ris, tlen;
- unsigned char class;
- unsigned long tag;
- int indefinite, result;
- const unsigned char *der = ider;
-
- node = *element;
-
- if (errorDescription != NULL)
- errorDescription[0] = 0;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (node->type & CONST_OPTION)
- {
- result = ASN1_GENERIC_ERROR;
- goto cleanup;
- }
-
- counter = 0;
- move = DOWN;
- p = node;
- while (1)
- {
- ris = ASN1_SUCCESS;
- if (move != UP)
- {
- if (p->type & CONST_SET)
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (len2 == -1)
- {
- if (!der[counter] && !der[counter + 1])
- {
- p = p2;
- move = UP;
- counter += 2;
- continue;
- }
- }
- else if (counter == len2)
- {
- p = p2;
- move = UP;
- continue;
- }
- else if (counter > len2)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- p2 = p2->down;
- while (p2)
- {
- if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
- {
- if (type_field (p2->type) != ASN1_ETYPE_CHOICE)
- ris =
- _asn1_extract_tag_der (p2, der + counter,
- len - counter, &len2);
- else
- {
- p3 = p2->down;
- while (p3)
- {
- ris =
- _asn1_extract_tag_der (p3, der + counter,
- len - counter, &len2);
- if (ris == ASN1_SUCCESS)
- break;
- p3 = p3->right;
- }
- }
- if (ris == ASN1_SUCCESS)
- {
- p2->type &= ~CONST_NOT_USED;
- p = p2;
- break;
- }
- }
- p2 = p2->right;
- }
- if (p2 == NULL)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
-
- if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (counter == len2)
- {
- if (p->right)
- {
- p2 = p->right;
- move = RIGHT;
- }
- else
- move = UP;
-
- if (p->type & CONST_OPTION)
- asn1_delete_structure (&p);
-
- p = p2;
- continue;
- }
- }
-
- if (type_field (p->type) == ASN1_ETYPE_CHOICE)
- {
- while (p->down)
- {
- if (counter < len)
- ris =
- _asn1_extract_tag_der (p->down, der + counter,
- len - counter, &len2);
- else
- ris = ASN1_DER_ERROR;
- if (ris == ASN1_SUCCESS)
- {
- while (p->down->right)
- {
- p2 = p->down->right;
- asn1_delete_structure (&p2);
- }
- break;
- }
- else if (ris == ASN1_ERROR_TYPE_ANY)
- {
- result = ASN1_ERROR_TYPE_ANY;
- goto cleanup;
- }
- else
- {
- p2 = p->down;
- asn1_delete_structure (&p2);
- }
- }
+ asn1_node node, p, p2, p3;
+ char temp[128];
+ int counter, len2, len3, len4, move, ris, tlen;
+ unsigned char class;
+ unsigned long tag;
+ int indefinite, result;
+ const unsigned char *der = ider;
- if (p->down == NULL)
- {
- if (!(p->type & CONST_OPTION))
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- else
- p = p->down;
- }
-
- if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if ((len2 != -1) && (counter > len2))
- ris = ASN1_TAG_ERROR;
- }
-
- if (ris == ASN1_SUCCESS)
- ris =
- _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
- if (ris != ASN1_SUCCESS)
- {
- if (p->type & CONST_OPTION)
- {
- p->type |= CONST_NOT_USED;
- move = RIGHT;
- }
- else if (p->type & CONST_DEFAULT)
- {
- _asn1_set_value (p, NULL, 0);
- move = RIGHT;
- }
- else
- {
- if (errorDescription != NULL)
- _asn1_error_description_tag_error (p, errorDescription);
+ node = *element;
- result = ASN1_TAG_ERROR;
- goto cleanup;
- }
- }
- else
- counter += len2;
- }
+ if (errorDescription != NULL)
+ errorDescription[0] = 0;
- if (ris == ASN1_SUCCESS)
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_NULL:
- if (der[counter])
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_BOOLEAN:
- if (der[counter++] != 1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- if (der[counter++] == 0)
- _asn1_set_value (p, "F", 1);
- else
- _asn1_set_value (p, "T", 1);
- move = RIGHT;
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- _asn1_set_value (p, der + counter, len3 + len2);
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OBJECT_ID:
- result =
- _asn1_get_objectid_der (der + counter, len - counter, &len2,
- temp, sizeof (temp));
- if (result != ASN1_SUCCESS)
+ if (node->type & CONST_OPTION) {
+ result = ASN1_GENERIC_ERROR;
goto cleanup;
+ }
- tlen = strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- result =
- _asn1_get_time_der (der + counter, len - counter, &len2, temp,
- sizeof (temp) - 1);
- if (result != ASN1_SUCCESS)
- goto cleanup;
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1) {
+ ris = ASN1_SUCCESS;
+ if (move != UP) {
+ if (p->type & CONST_SET) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (len2 == -1) {
+ if (!der[counter]
+ && !der[counter + 1]) {
+ p = p2;
+ move = UP;
+ counter += 2;
+ continue;
+ }
+ } else if (counter == len2) {
+ p = p2;
+ move = UP;
+ continue;
+ } else if (counter > len2) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ p2 = p2->down;
+ while (p2) {
+ if ((p2->type & CONST_SET)
+ && (p2->
+ type & CONST_NOT_USED)) {
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der
+ (p2,
+ der + counter,
+ len - counter,
+ &len2);
+ else {
+ p3 = p2->down;
+ while (p3) {
+ ris =
+ _asn1_extract_tag_der
+ (p3,
+ der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (ris ==
+ ASN1_SUCCESS)
+ break;
+ p3 = p3->
+ right;
+ }
+ }
+ if (ris == ASN1_SUCCESS) {
+ p2->type &=
+ ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
- tlen = strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen);
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OCTET_STRING:
- len3 = len - counter;
- result = _asn1_get_octet_string (der + counter, p, &len3);
- if (result != ASN1_SUCCESS)
- goto cleanup;
+ if ((p->type & CONST_OPTION)
+ || (p->type & CONST_DEFAULT)) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (counter == len2) {
+ if (p->right) {
+ p2 = p->right;
+ move = RIGHT;
+ } else
+ move = UP;
+
+ if (p->type & CONST_OPTION)
+ asn1_delete_structure(&p);
+
+ p = p2;
+ continue;
+ }
+ }
- counter += len3;
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (type_field(p->type) == ASN1_ETYPE_CHOICE) {
+ while (p->down) {
+ if (counter < len)
+ ris =
+ _asn1_extract_tag_der
+ (p->down,
+ der + counter,
+ len - counter, &len2);
+ else
+ ris = ASN1_DER_ERROR;
+ if (ris == ASN1_SUCCESS) {
+ while (p->down->right) {
+ p2 = p->down->
+ right;
+ asn1_delete_structure
+ (&p2);
+ }
+ break;
+ } else if (ris ==
+ ASN1_ERROR_TYPE_ANY) {
+ result =
+ ASN1_ERROR_TYPE_ANY;
+ goto cleanup;
+ } else {
+ p2 = p->down;
+ asn1_delete_structure(&p2);
+ }
+ }
- _asn1_set_value (p, der + counter, len3 + len2);
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SET:
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- _asn1_set_value (p, NULL, 0);
- if (len2 == -1)
- { /* indefinite length method */
- if (len - counter + 1 > 0)
- {
- if ((der[counter]) || der[counter + 1])
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- else
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += 2;
- }
- else
- { /* definite length method */
- if (len2 != counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- move = RIGHT;
- }
- else
- { /* move==DOWN || move==RIGHT */
- len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
- if (len3 < -1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2;
- if (len3 > 0)
- {
- _asn1_ltostr (counter + len3, temp);
- tlen = strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- move = DOWN;
- }
- else if (len3 == 0)
- {
- p2 = p->down;
- while (p2)
- {
- if (type_field (p2->type) != ASN1_ETYPE_TAG)
- {
- p3 = p2->right;
- asn1_delete_structure (&p2);
- p2 = p3;
- }
- else
- p2 = p2->right;
- }
- move = RIGHT;
- }
- else
- { /* indefinite length method */
- _asn1_set_value (p, "-1", 3);
- move = DOWN;
- }
- }
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- if (len2 == -1)
- { /* indefinite length method */
- if ((counter + 2) > len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
+ if (p->down == NULL) {
+ if (!(p->type & CONST_OPTION)) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ } else
+ p = p->down;
}
- if ((der[counter]) || der[counter + 1])
- {
- _asn1_append_sequence_set (p);
- p = p->down;
- while (p->right)
- p = p->right;
- move = RIGHT;
- continue;
- }
- _asn1_set_value (p, NULL, 0);
- counter += 2;
- }
- else
- { /* definite length method */
- if (len2 > counter)
- {
- _asn1_append_sequence_set (p);
- p = p->down;
- while (p->right)
- p = p->right;
- move = RIGHT;
- continue;
- }
- _asn1_set_value (p, NULL, 0);
- if (len2 != counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
+ if ((p->type & CONST_OPTION)
+ || (p->type & CONST_DEFAULT)) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if ((len2 != -1) && (counter > len2))
+ ris = ASN1_TAG_ERROR;
}
- }
+
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der(p, der + counter,
+ len - counter,
+ &len2);
+ if (ris != ASN1_SUCCESS) {
+ if (p->type & CONST_OPTION) {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ } else if (p->type & CONST_DEFAULT) {
+ _asn1_set_value(p, NULL, 0);
+ move = RIGHT;
+ } else {
+ if (errorDescription != NULL)
+ _asn1_error_description_tag_error
+ (p, errorDescription);
+
+ result = ASN1_TAG_ERROR;
+ goto cleanup;
+ }
+ } else
+ counter += len2;
}
- else
- { /* move==DOWN || move==RIGHT */
- len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
- if (len3 < -1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2;
- if (len3)
- {
- if (len3 > 0)
- { /* definite length method */
- _asn1_ltostr (counter + len3, temp);
- tlen = strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- }
- else
- { /* indefinite length method */
- _asn1_set_value (p, "-1", 3);
+
+ if (ris == ASN1_SUCCESS) {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_NULL:
+ if (der[counter]) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (der[counter++] != 1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ if (der[counter++] == 0)
+ _asn1_set_value(p, "F", 1);
+ else
+ _asn1_set_value(p, "T", 1);
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ _asn1_set_value(p, der + counter,
+ len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ result =
+ _asn1_get_objectid_der(der + counter,
+ len - counter,
+ &len2, temp,
+ sizeof(temp));
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ tlen = strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p, temp, tlen + 1);
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ result =
+ _asn1_get_time_der(der + counter,
+ len - counter,
+ &len2, temp,
+ sizeof(temp) - 1);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ tlen = strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p, temp, tlen);
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ len3 = len - counter;
+ result =
+ _asn1_get_octet_string(der + counter,
+ p, &len3);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ counter += len3;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ _asn1_set_value(p, der + counter,
+ len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move == UP) {
+ len2 =
+ _asn1_strtol(p->value, NULL,
+ 10);
+ _asn1_set_value(p, NULL, 0);
+ if (len2 == -1) { /* indefinite length method */
+ if (len - counter + 1 > 0) {
+ if ((der[counter])
+ || der[counter
+ + 1]) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ } else {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += 2;
+ } else { /* definite length method */
+ if (len2 != counter) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ move = RIGHT;
+ } else { /* move==DOWN || move==RIGHT */
+ len3 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (len3 < -1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2;
+ if (len3 > 0) {
+ _asn1_ltostr(counter +
+ len3, temp);
+ tlen = strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p,
+ temp,
+ tlen
+ +
+ 1);
+ move = DOWN;
+ } else if (len3 == 0) {
+ p2 = p->down;
+ while (p2) {
+ if (type_field
+ (p2->type) !=
+ ASN1_ETYPE_TAG)
+ {
+ p3 = p2->
+ right;
+ asn1_delete_structure
+ (&p2);
+ p2 = p3;
+ } else
+ p2 = p2->
+ right;
+ }
+ move = RIGHT;
+ } else { /* indefinite length method */
+ _asn1_set_value(p, "-1",
+ 3);
+ move = DOWN;
+ }
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move == UP) {
+ len2 =
+ _asn1_strtol(p->value, NULL,
+ 10);
+ if (len2 == -1) { /* indefinite length method */
+ if ((counter + 2) > len) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if ((der[counter])
+ || der[counter + 1]) {
+ _asn1_append_sequence_set
+ (p);
+ p = p->down;
+ while (p->right)
+ p = p->
+ right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value(p, NULL,
+ 0);
+ counter += 2;
+ } else { /* definite length method */
+ if (len2 > counter) {
+ _asn1_append_sequence_set
+ (p);
+ p = p->down;
+ while (p->right)
+ p = p->
+ right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value(p, NULL,
+ 0);
+ if (len2 != counter) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ } else { /* move==DOWN || move==RIGHT */
+ len3 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (len3 < -1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2;
+ if (len3) {
+ if (len3 > 0) { /* definite length method */
+ _asn1_ltostr
+ (counter +
+ len3, temp);
+ tlen =
+ strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value
+ (p,
+ temp,
+ tlen +
+ 1);
+ } else { /* indefinite length method */
+ _asn1_set_value(p,
+ "-1",
+ 3);
+ }
+ p2 = p->down;
+ while ((type_field
+ (p2->type) ==
+ ASN1_ETYPE_TAG)
+ ||
+ (type_field
+ (p2->type) ==
+ ASN1_ETYPE_SIZE))
+ p2 = p2->right;
+ if (p2->right == NULL)
+ _asn1_append_sequence_set
+ (p);
+ p = p2;
+ }
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class,
+ &len2, &tag) != ASN1_SUCCESS) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if (counter + len2 > len) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ len4 =
+ asn1_get_length_der(der + counter +
+ len2,
+ len - counter -
+ len2, &len3);
+ if (len4 < -1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ if (len4 != -1) {
+ len2 += len4;
+ _asn1_set_value_lv(p,
+ der + counter,
+ len2 + len3);
+ counter += len2 + len3;
+ } else { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG)
+ && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ result =
+ _asn1_get_indefinite_length_string
+ (der + counter, &len2);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ _asn1_set_value_lv(p,
+ der + counter,
+ len2);
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite) {
+ if (!der[counter]
+ && !der[counter + 1]) {
+ counter += 2;
+ } else {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ }
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
}
- p2 = p->down;
- while ((type_field (p2->type) == ASN1_ETYPE_TAG)
- || (type_field (p2->type) == ASN1_ETYPE_SIZE))
- p2 = p2->right;
- if (p2->right == NULL)
- _asn1_append_sequence_set (p);
- p = p2;
- }
- }
- move = RIGHT;
- break;
- case ASN1_ETYPE_ANY:
- if (asn1_get_tag_der
- (der + counter, len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
}
- if (counter + len2 > len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- len4 =
- asn1_get_length_der (der + counter + len2,
- len - counter - len2, &len3);
- if (len4 < -1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- if (len4 != -1)
- {
- len2 += len4;
- _asn1_set_value_lv (p, der + counter, len2 + len3);
- counter += len2 + len3;
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- else
- { /* indefinite length */
- /* Check indefinite lenth method in an EXPLICIT TAG */
- if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
- indefinite = 1;
- else
- indefinite = 0;
-
- len2 = len - counter;
- result =
- _asn1_get_indefinite_length_string (der + counter, &len2);
- if (result != ASN1_SUCCESS)
- goto cleanup;
-
- _asn1_set_value_lv (p, der + counter, len2);
- counter += len2;
-
- /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
- an indefinite length method. */
- if (indefinite)
- {
- if (!der[counter] && !der[counter + 1])
- {
- counter += 2;
- }
- else
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
+ if ((move == RIGHT) && !(p->type & CONST_SET)) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
}
- move = RIGHT;
- break;
- default:
- move = (move == UP) ? RIGHT : DOWN;
- break;
- }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (p == node && move != DOWN)
- break;
+ _asn1_delete_not_used(*element);
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if ((move == RIGHT) && !(p->type & CONST_SET))
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (counter != len) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
-
- _asn1_delete_not_used (*element);
- if (counter != len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ return ASN1_SUCCESS;
- return ASN1_SUCCESS;
-
-cleanup:
- asn1_delete_structure (element);
- return result;
+ cleanup:
+ asn1_delete_structure(element);
+ return result;
}
#define FOUND 1
@@ -1371,779 +1361,796 @@ cleanup:
* match the structure @structure (*ELEMENT deleted).
**/
int
-asn1_der_decoding_element (asn1_node * structure, const char *elementName,
- const void *ider, int len, char *errorDescription)
+asn1_der_decoding_element(asn1_node * structure, const char *elementName,
+ const void *ider, int len,
+ char *errorDescription)
{
- asn1_node node, p, p2, p3, nodeFound = NULL;
- char temp[128], currentName[ASN1_MAX_NAME_SIZE * 10], *dot_p, *char_p;
- int nameLen = ASN1_MAX_NAME_SIZE * 10 - 1, state;
- int counter, len2, len3, len4, move, ris, tlen;
- unsigned char class;
- unsigned long tag;
- int indefinite, result;
- const unsigned char *der = ider;
-
- node = *structure;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (elementName == NULL)
- {
- result = ASN1_ELEMENT_NOT_FOUND;
- goto cleanup;
- }
-
- if (node->type & CONST_OPTION)
- {
- result = ASN1_GENERIC_ERROR;
- goto cleanup;
- }
-
- if ((*structure)->name[0] != 0)
- { /* Has *structure got a name? */
- nameLen -= strlen ((*structure)->name);
- if (nameLen > 0)
- strcpy (currentName, (*structure)->name);
- else
- {
- result = ASN1_MEM_ERROR;
- goto cleanup;
- }
- if (!(strcmp (currentName, elementName)))
- {
- state = FOUND;
- nodeFound = *structure;
- }
- else if (!memcmp (currentName, elementName, strlen (currentName)))
- state = SAME_BRANCH;
- else
- state = OTHER_BRANCH;
- }
- else
- { /* *structure doesn't have a name? */
- currentName[0] = 0;
- if (elementName[0] == 0)
- {
- state = FOUND;
- nodeFound = *structure;
+ asn1_node node, p, p2, p3, nodeFound = NULL;
+ char temp[128], currentName[ASN1_MAX_NAME_SIZE * 10], *dot_p,
+ *char_p;
+ int nameLen = ASN1_MAX_NAME_SIZE * 10 - 1, state;
+ int counter, len2, len3, len4, move, ris, tlen;
+ unsigned char class;
+ unsigned long tag;
+ int indefinite, result;
+ const unsigned char *der = ider;
+
+ node = *structure;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (elementName == NULL) {
+ result = ASN1_ELEMENT_NOT_FOUND;
+ goto cleanup;
}
- else
- {
- state = SAME_BRANCH;
+
+ if (node->type & CONST_OPTION) {
+ result = ASN1_GENERIC_ERROR;
+ goto cleanup;
}
- }
-
- counter = 0;
- move = DOWN;
- p = node;
- while (1)
- {
-
- ris = ASN1_SUCCESS;
-
- if (move != UP)
- {
- if (p->type & CONST_SET)
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (counter == len2)
- {
- p = p2;
- move = UP;
- continue;
- }
- else if (counter > len2)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
+
+ if ((*structure)->name[0] != 0) { /* Has *structure got a name? */
+ nameLen -= strlen((*structure)->name);
+ if (nameLen > 0)
+ strcpy(currentName, (*structure)->name);
+ else {
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
+ }
+ if (!(strcmp(currentName, elementName))) {
+ state = FOUND;
+ nodeFound = *structure;
+ } else
+ if (!memcmp
+ (currentName, elementName, strlen(currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ } else { /* *structure doesn't have a name? */
+ currentName[0] = 0;
+ if (elementName[0] == 0) {
+ state = FOUND;
+ nodeFound = *structure;
+ } else {
+ state = SAME_BRANCH;
}
- p2 = p2->down;
- while (p2)
- {
- if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
- {
- if (type_field (p2->type) != ASN1_ETYPE_CHOICE)
- ris =
- _asn1_extract_tag_der (p2, der + counter,
- len - counter, &len2);
- else
- {
- p3 = p2->down;
- while (p3)
- {
- ris =
- _asn1_extract_tag_der (p3, der + counter,
- len - counter, &len2);
- if (ris == ASN1_SUCCESS)
- break;
- p3 = p3->right;
- }
+ }
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1) {
+
+ ris = ASN1_SUCCESS;
+
+ if (move != UP) {
+ if (p->type & CONST_SET) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (counter == len2) {
+ p = p2;
+ move = UP;
+ continue;
+ } else if (counter > len2) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ p2 = p2->down;
+ while (p2) {
+ if ((p2->type & CONST_SET)
+ && (p2->
+ type & CONST_NOT_USED)) {
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der
+ (p2,
+ der + counter,
+ len - counter,
+ &len2);
+ else {
+ p3 = p2->down;
+ while (p3) {
+ ris =
+ _asn1_extract_tag_der
+ (p3,
+ der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (ris ==
+ ASN1_SUCCESS)
+ break;
+ p3 = p3->
+ right;
+ }
+ }
+ if (ris == ASN1_SUCCESS) {
+ p2->type &=
+ ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
}
- if (ris == ASN1_SUCCESS)
- {
- p2->type &= ~CONST_NOT_USED;
- p = p2;
- break;
+
+ if ((p->type & CONST_OPTION)
+ || (p->type & CONST_DEFAULT)) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (counter == len2) {
+ if (p->right) {
+ p2 = p->right;
+ move = RIGHT;
+ } else
+ move = UP;
+
+ if (p->type & CONST_OPTION)
+ asn1_delete_structure(&p);
+
+ p = p2;
+ continue;
+ }
}
- }
- p2 = p2->right;
- }
- if (p2 == NULL)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
-
- if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (counter == len2)
- {
- if (p->right)
- {
- p2 = p->right;
- move = RIGHT;
- }
- else
- move = UP;
-
- if (p->type & CONST_OPTION)
- asn1_delete_structure (&p);
-
- p = p2;
- continue;
- }
- }
-
- if (type_field (p->type) == ASN1_ETYPE_CHOICE)
- {
- while (p->down)
- {
- if (counter < len)
- ris =
- _asn1_extract_tag_der (p->down, der + counter,
- len - counter, &len2);
- else
- ris = ASN1_DER_ERROR;
- if (ris == ASN1_SUCCESS)
- {
- while (p->down->right)
- {
- p2 = p->down->right;
- asn1_delete_structure (&p2);
+
+ if (type_field(p->type) == ASN1_ETYPE_CHOICE) {
+ while (p->down) {
+ if (counter < len)
+ ris =
+ _asn1_extract_tag_der
+ (p->down,
+ der + counter,
+ len - counter, &len2);
+ else
+ ris = ASN1_DER_ERROR;
+ if (ris == ASN1_SUCCESS) {
+ while (p->down->right) {
+ p2 = p->down->
+ right;
+ asn1_delete_structure
+ (&p2);
+ }
+ break;
+ } else if (ris ==
+ ASN1_ERROR_TYPE_ANY) {
+ result =
+ ASN1_ERROR_TYPE_ANY;
+ goto cleanup;
+ } else {
+ p2 = p->down;
+ asn1_delete_structure(&p2);
+ }
+ }
+
+ if (p->down == NULL) {
+ if (!(p->type & CONST_OPTION)) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ } else
+ p = p->down;
}
- break;
- }
- else if (ris == ASN1_ERROR_TYPE_ANY)
- {
- result = ASN1_ERROR_TYPE_ANY;
- goto cleanup;
- }
- else
- {
- p2 = p->down;
- asn1_delete_structure (&p2);
- }
- }
- if (p->down == NULL)
- {
- if (!(p->type & CONST_OPTION))
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- else
- p = p->down;
- }
-
- if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (counter > len2)
- ris = ASN1_TAG_ERROR;
- }
-
- if (ris == ASN1_SUCCESS)
- ris =
- _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
- if (ris != ASN1_SUCCESS)
- {
- if (p->type & CONST_OPTION)
- {
- p->type |= CONST_NOT_USED;
- move = RIGHT;
- }
- else if (p->type & CONST_DEFAULT)
- {
- _asn1_set_value (p, NULL, 0);
- move = RIGHT;
- }
- else
- {
- if (errorDescription != NULL)
- _asn1_error_description_tag_error (p, errorDescription);
+ if ((p->type & CONST_OPTION)
+ || (p->type & CONST_DEFAULT)) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (counter > len2)
+ ris = ASN1_TAG_ERROR;
+ }
- result = ASN1_TAG_ERROR;
- goto cleanup;
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der(p, der + counter,
+ len - counter,
+ &len2);
+ if (ris != ASN1_SUCCESS) {
+ if (p->type & CONST_OPTION) {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ } else if (p->type & CONST_DEFAULT) {
+ _asn1_set_value(p, NULL, 0);
+ move = RIGHT;
+ } else {
+ if (errorDescription != NULL)
+ _asn1_error_description_tag_error
+ (p, errorDescription);
+
+ result = ASN1_TAG_ERROR;
+ goto cleanup;
+ }
+ } else
+ counter += len2;
}
- }
- else
- counter += len2;
- }
- if (ris == ASN1_SUCCESS)
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_NULL:
- if (der[counter])
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (ris == ASN1_SUCCESS) {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_NULL:
+ if (der[counter]) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- if (p == nodeFound)
- state = EXIT;
-
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_BOOLEAN:
- if (der[counter++] != 1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (p == nodeFound)
+ state = EXIT;
- if (state == FOUND)
- {
- if (der[counter++] == 0)
- _asn1_set_value (p, "F", 1);
- else
- _asn1_set_value (p, "T", 1);
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (der[counter++] != 1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- if (p == nodeFound)
- state = EXIT;
+ if (state == FOUND) {
+ if (der[counter++] == 0)
+ _asn1_set_value(p, "F", 1);
+ else
+ _asn1_set_value(p, "T", 1);
- }
- else
- counter++;
-
- move = RIGHT;
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (p == nodeFound)
+ state = EXIT;
- if (state == FOUND)
- {
- if (len3 + len2 > len - counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- _asn1_set_value (p, der + counter, len3 + len2);
-
- if (p == nodeFound)
- state = EXIT;
- }
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OBJECT_ID:
- if (state == FOUND)
- {
- result =
- _asn1_get_objectid_der (der + counter, len - counter,
- &len2, temp, sizeof (temp));
- if (result != ASN1_SUCCESS)
- goto cleanup;
-
- tlen = strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
-
- if (p == nodeFound)
- state = EXIT;
- }
- else
- {
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- len2 += len3;
- }
+ } else
+ counter++;
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- if (state == FOUND)
- {
- result =
- _asn1_get_time_der (der + counter, len - counter, &len2,
- temp, sizeof (temp) - 1);
- if (result != ASN1_SUCCESS)
- goto cleanup;
-
- tlen = strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
-
- if (p == nodeFound)
- state = EXIT;
- }
- else
- {
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- len2 += len3;
- }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OCTET_STRING:
- len3 = len - counter;
- if (state == FOUND)
- {
- result = _asn1_get_octet_string (der + counter, p, &len3);
- if (p == nodeFound)
- state = EXIT;
- }
- else
- result = _asn1_get_octet_string (der + counter, NULL, &len3);
+ if (state == FOUND) {
+ if (len3 + len2 > len - counter) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ _asn1_set_value(p, der + counter,
+ len3 + len2);
- if (result != ASN1_SUCCESS)
- goto cleanup;
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (state == FOUND) {
+ result =
+ _asn1_get_objectid_der(der +
+ counter,
+ len -
+ counter,
+ &len2,
+ temp,
+ sizeof
+ (temp));
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ tlen = strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value(p, temp,
+ tlen + 1);
+
+ if (p == nodeFound)
+ state = EXIT;
+ } else {
+ len2 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ len2 += len3;
+ }
- counter += len3;
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if (state == FOUND) {
+ result =
+ _asn1_get_time_der(der +
+ counter,
+ len -
+ counter,
+ &len2, temp,
+ sizeof(temp)
+ - 1);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ tlen = strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p, temp,
+ tlen + 1);
+
+ if (p == nodeFound)
+ state = EXIT;
+ } else {
+ len2 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ len2 += len3;
+ }
- if (state == FOUND)
- {
- if (len3 + len2 > len - counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- _asn1_set_value (p, der + counter, len3 + len2);
-
- if (p == nodeFound)
- state = EXIT;
- }
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SET:
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- _asn1_set_value (p, NULL, 0);
- if (len2 == -1)
- { /* indefinite length method */
- if ((der[counter]) || der[counter + 1])
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += 2;
- }
- else
- { /* definite length method */
- if (len2 != counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- if (p == nodeFound)
- state = EXIT;
- move = RIGHT;
- }
- else
- { /* move==DOWN || move==RIGHT */
- if (state == OTHER_BRANCH)
- {
- len3 =
- asn1_get_length_der (der + counter, len - counter,
- &len2);
- if (len3 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2 + len3;
- move = RIGHT;
- }
- else
- { /* state==SAME_BRANCH or state==FOUND */
- len3 =
- asn1_get_length_der (der + counter, len - counter,
- &len2);
- if (len3 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2;
- if (len3 > 0)
- {
- _asn1_ltostr (counter + len3, temp);
- tlen = strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- move = DOWN;
- }
- else if (len3 == 0)
- {
- p2 = p->down;
- while (p2)
- {
- if (type_field (p2->type) != ASN1_ETYPE_TAG)
- {
- p3 = p2->right;
- asn1_delete_structure (&p2);
- p2 = p3;
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ len3 = len - counter;
+ if (state == FOUND) {
+ result =
+ _asn1_get_octet_string(der +
+ counter,
+ p,
+ &len3);
+ if (p == nodeFound)
+ state = EXIT;
+ } else
+ result =
+ _asn1_get_octet_string(der +
+ counter,
+ NULL,
+ &len3);
+
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ counter += len3;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
- else
- p2 = p2->right;
- }
- move = RIGHT;
- }
- else
- { /* indefinite length method */
- _asn1_set_value (p, "-1", 3);
- move = DOWN;
- }
- }
- }
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- if (len2 > counter)
- {
- _asn1_append_sequence_set (p);
- p = p->down;
- while (p->right)
- p = p->right;
- move = RIGHT;
- continue;
- }
- _asn1_set_value (p, NULL, 0);
- if (len2 != counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
-
- if (p == nodeFound)
- state = EXIT;
- }
- else
- { /* move==DOWN || move==RIGHT */
- if (state == OTHER_BRANCH)
- {
- len3 =
- asn1_get_length_der (der + counter, len - counter,
- &len2);
- if (len3 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2 + len3;
- move = RIGHT;
- }
- else
- { /* state==FOUND or state==SAME_BRANCH */
- len3 =
- asn1_get_length_der (der + counter, len - counter,
- &len2);
- if (len3 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2;
- if (len3)
- {
- _asn1_ltostr (counter + len3, temp);
- tlen = strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- p2 = p->down;
- while ((type_field (p2->type) == ASN1_ETYPE_TAG)
- || (type_field (p2->type) == ASN1_ETYPE_SIZE))
- p2 = p2->right;
- if (p2->right == NULL)
- _asn1_append_sequence_set (p);
- p = p2;
- state = FOUND;
- }
- }
- }
- break;
- case ASN1_ETYPE_ANY:
- if (asn1_get_tag_der
- (der + counter, len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (state == FOUND) {
+ if (len3 + len2 > len - counter) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ _asn1_set_value(p, der + counter,
+ len3 + len2);
- if (counter + len2 > len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move == UP) {
+ len2 =
+ _asn1_strtol(p->value, NULL,
+ 10);
+ _asn1_set_value(p, NULL, 0);
+ if (len2 == -1) { /* indefinite length method */
+ if ((der[counter])
+ || der[counter + 1]) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += 2;
+ } else { /* definite length method */
+ if (len2 != counter) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ if (p == nodeFound)
+ state = EXIT;
+ move = RIGHT;
+ } else { /* move==DOWN || move==RIGHT */
+ if (state == OTHER_BRANCH) {
+ len3 =
+ asn1_get_length_der(der
+ +
+ counter,
+ len
+ -
+ counter,
+ &len2);
+ if (len3 < 0) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2 + len3;
+ move = RIGHT;
+ } else { /* state==SAME_BRANCH or state==FOUND */
+ len3 =
+ asn1_get_length_der(der
+ +
+ counter,
+ len
+ -
+ counter,
+ &len2);
+ if (len3 < 0) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2;
+ if (len3 > 0) {
+ _asn1_ltostr
+ (counter +
+ len3, temp);
+ tlen =
+ strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value
+ (p,
+ temp,
+ tlen +
+ 1);
+ move = DOWN;
+ } else if (len3 == 0) {
+ p2 = p->down;
+ while (p2) {
+ if (type_field(p2->type) != ASN1_ETYPE_TAG) {
+ p3 = p2->right;
+ asn1_delete_structure
+ (&p2);
+ p2 = p3;
+ } else
+ p2 = p2->right;
+ }
+ move = RIGHT;
+ } else { /* indefinite length method */
+ _asn1_set_value(p,
+ "-1",
+ 3);
+ move = DOWN;
+ }
+ }
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move == UP) {
+ len2 =
+ _asn1_strtol(p->value, NULL,
+ 10);
+ if (len2 > counter) {
+ _asn1_append_sequence_set
+ (p);
+ p = p->down;
+ while (p->right)
+ p = p->right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value(p, NULL, 0);
+ if (len2 != counter) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- len4 =
- asn1_get_length_der (der + counter + len2,
- len - counter - len2, &len3);
- if (len4 < -1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (p == nodeFound)
+ state = EXIT;
+ } else { /* move==DOWN || move==RIGHT */
+ if (state == OTHER_BRANCH) {
+ len3 =
+ asn1_get_length_der(der
+ +
+ counter,
+ len
+ -
+ counter,
+ &len2);
+ if (len3 < 0) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2 + len3;
+ move = RIGHT;
+ } else { /* state==FOUND or state==SAME_BRANCH */
+ len3 =
+ asn1_get_length_der(der
+ +
+ counter,
+ len
+ -
+ counter,
+ &len2);
+ if (len3 < 0) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2;
+ if (len3) {
+ _asn1_ltostr
+ (counter +
+ len3, temp);
+ tlen =
+ strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value
+ (p,
+ temp,
+ tlen +
+ 1);
+ p2 = p->down;
+ while ((type_field
+ (p2->
+ type) ==
+ ASN1_ETYPE_TAG)
+ ||
+ (type_field
+ (p2->
+ type) ==
+ ASN1_ETYPE_SIZE))
+ p2 = p2->
+ right;
+ if (p2->right ==
+ NULL)
+ _asn1_append_sequence_set
+ (p);
+ p = p2;
+ state = FOUND;
+ }
+ }
+ }
- if (len4 != -1)
- {
- len2 += len4;
- if (state == FOUND)
- {
- _asn1_set_value_lv (p, der + counter, len2 + len3);
-
- if (p == nodeFound)
- state = EXIT;
- }
- counter += len2 + len3;
- }
- else
- { /* indefinite length */
- /* Check indefinite lenth method in an EXPLICIT TAG */
- if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
- indefinite = 1;
- else
- indefinite = 0;
-
- len2 = len - counter;
- result =
- _asn1_get_indefinite_length_string (der + counter, &len2);
- if (result != ASN1_SUCCESS)
- goto cleanup;
-
- if (state == FOUND)
- {
- _asn1_set_value_lv (p, der + counter, len2);
-
- if (p == nodeFound)
- state = EXIT;
- }
-
- counter += len2;
-
- /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
- an indefinite length method. */
- if (indefinite)
- {
- if (!der[counter] && !der[counter + 1])
- {
- counter += 2;
- }
- else
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
+ break;
+ case ASN1_ETYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class,
+ &len2, &tag) != ASN1_SUCCESS) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if (counter + len2 > len) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ len4 =
+ asn1_get_length_der(der + counter +
+ len2,
+ len - counter -
+ len2, &len3);
+ if (len4 < -1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if (len4 != -1) {
+ len2 += len4;
+ if (state == FOUND) {
+ _asn1_set_value_lv(p,
+ der +
+ counter,
+ len2 +
+ len3);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len2 + len3;
+ } else { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG)
+ && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ result =
+ _asn1_get_indefinite_length_string
+ (der + counter, &len2);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ if (state == FOUND) {
+ _asn1_set_value_lv(p,
+ der +
+ counter,
+ len2);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite) {
+ if (!der[counter]
+ && !der[counter + 1]) {
+ counter += 2;
+ } else {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ }
+ move = RIGHT;
+ break;
+
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
}
- }
}
- move = RIGHT;
- break;
- default:
- move = (move == UP) ? RIGHT : DOWN;
- break;
- }
- }
+ if ((p == node && move != DOWN) || (state == EXIT))
+ break;
- if ((p == node && move != DOWN) || (state == EXIT))
- break;
-
- if (move == DOWN)
- {
- if (p->down)
- {
- p = p->down;
-
- if (state != FOUND)
- {
- nameLen -= strlen (p->name) + 1;
- if (nameLen > 0)
- {
- if (currentName[0])
- strcat (currentName, ".");
- strcat (currentName, p->name);
- }
- else
- {
- result = ASN1_MEM_ERROR;
- goto cleanup;
- }
- if (!(strcmp (currentName, elementName)))
- {
- state = FOUND;
- nodeFound = p;
- }
- else
- if (!memcmp
- (currentName, elementName, strlen (currentName)))
- state = SAME_BRANCH;
- else
- state = OTHER_BRANCH;
+ if (move == DOWN) {
+ if (p->down) {
+ p = p->down;
+
+ if (state != FOUND) {
+ nameLen -= strlen(p->name) + 1;
+ if (nameLen > 0) {
+ if (currentName[0])
+ strcat(currentName,
+ ".");
+ strcat(currentName,
+ p->name);
+ } else {
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
+ }
+ if (!
+ (strcmp
+ (currentName, elementName))) {
+ state = FOUND;
+ nodeFound = p;
+ } else
+ if (!memcmp
+ (currentName, elementName,
+ strlen(currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
+ } else
+ move = RIGHT;
}
- }
- else
- move = RIGHT;
- }
- if ((move == RIGHT) && !(p->type & CONST_SET))
- {
- if (p->right)
- {
- p = p->right;
-
- if (state != FOUND)
- {
- dot_p = char_p = currentName;
- while ((char_p = strchr (char_p, '.')))
- {
- dot_p = char_p++;
- dot_p++;
- }
-
- nameLen += strlen (currentName) - (dot_p - currentName);
- *dot_p = 0;
-
- nameLen -= strlen (p->name);
- if (nameLen > 0)
- strcat (currentName, p->name);
- else
- {
- result = ASN1_MEM_ERROR;
- goto cleanup;
- }
-
- if (!(strcmp (currentName, elementName)))
- {
- state = FOUND;
- nodeFound = p;
- }
- else
- if (!memcmp
- (currentName, elementName, strlen (currentName)))
- state = SAME_BRANCH;
- else
- state = OTHER_BRANCH;
- }
- }
- else
- move = UP;
- }
+ if ((move == RIGHT) && !(p->type & CONST_SET)) {
+ if (p->right) {
+ p = p->right;
+
+ if (state != FOUND) {
+ dot_p = char_p = currentName;
+ while ((char_p =
+ strchr(char_p, '.'))) {
+ dot_p = char_p++;
+ dot_p++;
+ }
- if (move == UP)
- {
- p = _asn1_find_up (p);
-
- if (state != FOUND)
- {
- dot_p = char_p = currentName;
- while ((char_p = strchr (char_p, '.')))
- {
- dot_p = char_p++;
- dot_p++;
+ nameLen +=
+ strlen(currentName) - (dot_p -
+ currentName);
+ *dot_p = 0;
+
+ nameLen -= strlen(p->name);
+ if (nameLen > 0)
+ strcat(currentName,
+ p->name);
+ else {
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
+ }
+
+ if (!
+ (strcmp
+ (currentName, elementName))) {
+ state = FOUND;
+ nodeFound = p;
+ } else
+ if (!memcmp
+ (currentName, elementName,
+ strlen(currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
+ } else
+ move = UP;
}
- nameLen += strlen (currentName) - (dot_p - currentName);
- *dot_p = 0;
+ if (move == UP) {
+ p = _asn1_find_up(p);
- if (!(strcmp (currentName, elementName)))
- {
- state = FOUND;
- nodeFound = p;
+ if (state != FOUND) {
+ dot_p = char_p = currentName;
+ while ((char_p = strchr(char_p, '.'))) {
+ dot_p = char_p++;
+ dot_p++;
+ }
+
+ nameLen +=
+ strlen(currentName) - (dot_p -
+ currentName);
+ *dot_p = 0;
+
+ if (!(strcmp(currentName, elementName))) {
+ state = FOUND;
+ nodeFound = p;
+ } else
+ if (!memcmp
+ (currentName, elementName,
+ strlen(currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
}
- else
- if (!memcmp (currentName, elementName, strlen (currentName)))
- state = SAME_BRANCH;
- else
- state = OTHER_BRANCH;
- }
}
- }
- _asn1_delete_not_used (*structure);
+ _asn1_delete_not_used(*structure);
- if (counter > len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (counter > len) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
-cleanup:
- asn1_delete_structure (structure);
- return result;
+ cleanup:
+ asn1_delete_structure(structure);
+ return result;
}
/**
@@ -2172,319 +2179,319 @@ cleanup:
* doesn't match the structure ELEMENT.
**/
int
-asn1_der_decoding_startEnd (asn1_node element, const void *ider, int len,
- const char *name_element, int *start, int *end)
+asn1_der_decoding_startEnd(asn1_node element, const void *ider, int len,
+ const char *name_element, int *start, int *end)
{
- asn1_node node, node_to_find, p, p2, p3;
- int counter, len2, len3, len4, move, ris;
- unsigned char class;
- unsigned long tag;
- int indefinite;
- const unsigned char *der = ider;
-
- node = element;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- node_to_find = asn1_find_node (node, name_element);
-
- if (node_to_find == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (node_to_find == node)
- {
- *start = 0;
- *end = len - 1;
- return ASN1_SUCCESS;
- }
-
- if (node->type & CONST_OPTION)
- return ASN1_GENERIC_ERROR;
-
- counter = 0;
- move = DOWN;
- p = node;
- while (1)
- {
- if (p == NULL)
- return ASN1_DER_ERROR;
-
- ris = ASN1_SUCCESS;
-
- if (move != UP)
- {
- if (p->type & CONST_SET)
- {
- p2 = _asn1_find_up (p);
- if (p2 == NULL)
- return ASN1_DER_ERROR;
-
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (len2 == -1)
- {
- if (!der[counter] && !der[counter + 1])
- {
- p = p2;
- move = UP;
- counter += 2;
- continue;
- }
- }
- else if (counter == len2)
- {
- p = p2;
- move = UP;
- continue;
- }
- else if (counter > len2)
- return ASN1_DER_ERROR;
+ asn1_node node, node_to_find, p, p2, p3;
+ int counter, len2, len3, len4, move, ris;
+ unsigned char class;
+ unsigned long tag;
+ int indefinite;
+ const unsigned char *der = ider;
+
+ node = element;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- p2 = p2->down;
-
- while (p2)
- {
- if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
- { /* CONTROLLARE */
- if (type_field (p2->type) != ASN1_ETYPE_CHOICE)
- ris =
- _asn1_extract_tag_der (p2, der + counter,
- len - counter, &len2);
- else
- {
- p3 = p2->down;
- if (p3 == NULL)
- return ASN1_DER_ERROR;
-
- ris =
- _asn1_extract_tag_der (p3, der + counter,
- len - counter, &len2);
+ node_to_find = asn1_find_node(node, name_element);
+
+ if (node_to_find == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (node_to_find == node) {
+ *start = 0;
+ *end = len - 1;
+ return ASN1_SUCCESS;
+ }
+
+ if (node->type & CONST_OPTION)
+ return ASN1_GENERIC_ERROR;
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1) {
+ if (p == NULL)
+ return ASN1_DER_ERROR;
+
+ ris = ASN1_SUCCESS;
+
+ if (move != UP) {
+ if (p->type & CONST_SET) {
+ p2 = _asn1_find_up(p);
+ if (p2 == NULL)
+ return ASN1_DER_ERROR;
+
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (len2 == -1) {
+ if (!der[counter]
+ && !der[counter + 1]) {
+ p = p2;
+ move = UP;
+ counter += 2;
+ continue;
+ }
+ } else if (counter == len2) {
+ p = p2;
+ move = UP;
+ continue;
+ } else if (counter > len2)
+ return ASN1_DER_ERROR;
+
+ p2 = p2->down;
+
+ while (p2) {
+ if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) { /* CONTROLLARE */
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der
+ (p2,
+ der + counter,
+ len - counter,
+ &len2);
+ else {
+ p3 = p2->down;
+ if (p3 == NULL)
+ return
+ ASN1_DER_ERROR;
+
+ ris =
+ _asn1_extract_tag_der
+ (p3,
+ der + counter,
+ len - counter,
+ &len2);
+ }
+ if (ris == ASN1_SUCCESS) {
+ p2->type &=
+ ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL)
+ return ASN1_DER_ERROR;
}
- if (ris == ASN1_SUCCESS)
- {
- p2->type &= ~CONST_NOT_USED;
- p = p2;
- break;
+
+ if (p == node_to_find)
+ *start = counter;
+
+ if (type_field(p->type) == ASN1_ETYPE_CHOICE) {
+ p = p->down;
+ if (p == NULL)
+ return ASN1_DER_ERROR;
+
+ ris =
+ _asn1_extract_tag_der(p, der + counter,
+ len - counter,
+ &len2);
+ if (p == node_to_find)
+ *start = counter;
}
- }
- p2 = p2->right;
- }
- if (p2 == NULL)
- return ASN1_DER_ERROR;
- }
-
- if (p == node_to_find)
- *start = counter;
-
- if (type_field (p->type) == ASN1_ETYPE_CHOICE)
- {
- p = p->down;
- if (p == NULL)
- return ASN1_DER_ERROR;
-
- ris =
- _asn1_extract_tag_der (p, der + counter, len - counter,
- &len2);
- if (p == node_to_find)
- *start = counter;
- }
-
- if (ris == ASN1_SUCCESS)
- ris =
- _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
- if (ris != ASN1_SUCCESS)
- {
- if (p->type & CONST_OPTION)
- {
- p->type |= CONST_NOT_USED;
- move = RIGHT;
- }
- else if (p->type & CONST_DEFAULT)
- {
- move = RIGHT;
- }
- else
- {
- return ASN1_TAG_ERROR;
- }
- }
- else
- counter += len2;
- }
- if (ris == ASN1_SUCCESS)
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_NULL:
- if (der[counter])
- return ASN1_DER_ERROR;
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_BOOLEAN:
- if (der[counter++] != 1)
- return ASN1_DER_ERROR;
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OCTET_STRING:
- len3 = len - counter;
- ris = _asn1_get_octet_string (der + counter, NULL, &len3);
- if (ris != ASN1_SUCCESS)
- return ris;
- counter += len3;
- move = RIGHT;
- break;
- case ASN1_ETYPE_UTC_TIME:
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_OBJECT_ID:
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SET:
- if (move != UP)
- {
- len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
- if (len3 < -1)
- return ASN1_DER_ERROR;
- counter += len2;
- if (len3 == 0)
- move = RIGHT;
- else
- move = DOWN;
- }
- else
- {
- if (!der[counter] && !der[counter + 1]) /* indefinite length method */
- counter += 2;
- move = RIGHT;
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der(p, der + counter,
+ len - counter,
+ &len2);
+ if (ris != ASN1_SUCCESS) {
+ if (p->type & CONST_OPTION) {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ } else if (p->type & CONST_DEFAULT) {
+ move = RIGHT;
+ } else {
+ return ASN1_TAG_ERROR;
+ }
+ } else
+ counter += len2;
}
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (move != UP)
- {
- len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
- if (len3 < -1)
- return ASN1_DER_ERROR;
- counter += len2;
- if ((len3 == -1) && !der[counter] && !der[counter + 1])
- counter += 2;
- else if (len3)
- {
- p2 = p->down;
- while ((type_field (p2->type) == ASN1_ETYPE_TAG) ||
- (type_field (p2->type) == ASN1_ETYPE_SIZE))
- p2 = p2->right;
- p = p2;
- }
+
+ if (ris == ASN1_SUCCESS) {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_NULL:
+ if (der[counter])
+ return ASN1_DER_ERROR;
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (der[counter++] != 1)
+ return ASN1_DER_ERROR;
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ len3 = len - counter;
+ ris =
+ _asn1_get_octet_string(der + counter,
+ NULL, &len3);
+ if (ris != ASN1_SUCCESS)
+ return ris;
+ counter += len3;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_UTC_TIME:
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_OBJECT_ID:
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move != UP) {
+ len3 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (len3 < -1)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if (len3 == 0)
+ move = RIGHT;
+ else
+ move = DOWN;
+ } else {
+ if (!der[counter] && !der[counter + 1]) /* indefinite length method */
+ counter += 2;
+ move = RIGHT;
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move != UP) {
+ len3 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (len3 < -1)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if ((len3 == -1) && !der[counter]
+ && !der[counter + 1])
+ counter += 2;
+ else if (len3) {
+ p2 = p->down;
+ while ((type_field
+ (p2->type) ==
+ ASN1_ETYPE_TAG)
+ ||
+ (type_field
+ (p2->type) ==
+ ASN1_ETYPE_SIZE))
+ p2 = p2->right;
+ p = p2;
+ }
+ } else {
+ if (!der[counter] && !der[counter + 1]) /* indefinite length method */
+ counter += 2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class,
+ &len2, &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > len)
+ return ASN1_DER_ERROR;
+
+ len4 =
+ asn1_get_length_der(der + counter +
+ len2,
+ len - counter -
+ len2, &len3);
+ if (len4 < -1)
+ return ASN1_DER_ERROR;
+
+ if (len4 != -1) {
+ counter += len2 + len4 + len3;
+ } else { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG)
+ && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ ris =
+ _asn1_get_indefinite_length_string
+ (der + counter, &len2);
+ if (ris != ASN1_SUCCESS)
+ return ris;
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite) {
+ if (!der[counter]
+ && !der[counter + 1])
+ counter += 2;
+ else
+ return
+ ASN1_DER_ERROR;
+ }
+ }
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
+ }
}
- else
- {
- if (!der[counter] && !der[counter + 1]) /* indefinite length method */
- counter += 2;
+
+ if ((p == node_to_find) && (move == RIGHT)) {
+ *end = counter - 1;
+ return ASN1_SUCCESS;
}
- move = RIGHT;
- break;
- case ASN1_ETYPE_ANY:
- if (asn1_get_tag_der
- (der + counter, len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
- if (counter + len2 > len)
- return ASN1_DER_ERROR;
- len4 =
- asn1_get_length_der (der + counter + len2,
- len - counter - len2, &len3);
- if (len4 < -1)
- return ASN1_DER_ERROR;
+ if (p == node && move != DOWN)
+ break;
- if (len4 != -1)
- {
- counter += len2 + len4 + len3;
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- else
- { /* indefinite length */
- /* Check indefinite lenth method in an EXPLICIT TAG */
- if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
- indefinite = 1;
- else
- indefinite = 0;
-
- len2 = len - counter;
- ris =
- _asn1_get_indefinite_length_string (der + counter, &len2);
- if (ris != ASN1_SUCCESS)
- return ris;
- counter += len2;
-
- /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
- an indefinite length method. */
- if (indefinite)
- {
- if (!der[counter] && !der[counter + 1])
- counter += 2;
- else
- return ASN1_DER_ERROR;
- }
+ if ((move == RIGHT) && !(p->type & CONST_SET)) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
}
- move = RIGHT;
- break;
- default:
- move = (move == UP) ? RIGHT : DOWN;
- break;
- }
- }
-
- if ((p == node_to_find) && (move == RIGHT))
- {
- *end = counter - 1;
- return ASN1_SUCCESS;
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (p == node && move != DOWN)
- break;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if ((move == RIGHT) && !(p->type & CONST_SET))
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
- }
- if (move == UP)
- p = _asn1_find_up (p);
- }
-
- return ASN1_ELEMENT_NOT_FOUND;
+ return ASN1_ELEMENT_NOT_FOUND;
}
/**
@@ -2503,216 +2510,236 @@ asn1_der_decoding_startEnd (asn1_node element, const void *ider, int len,
* problem in OBJECT_ID -> TYPE association, or other error codes
* depending on DER decoding.
**/
-int
-asn1_expand_any_defined_by (asn1_node definitions, asn1_node * element)
+int asn1_expand_any_defined_by(asn1_node definitions, asn1_node * element)
{
- char definitionsName[ASN1_MAX_NAME_SIZE], name[2 * ASN1_MAX_NAME_SIZE + 1],
- value[ASN1_MAX_NAME_SIZE];
- int retCode = ASN1_SUCCESS, result;
- int len, len2, len3;
- asn1_node p, p2, p3, aux = NULL;
- char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- if ((definitions == NULL) || (*element == NULL))
- return ASN1_ELEMENT_NOT_FOUND;
-
- strcpy (definitionsName, definitions->name);
- strcat (definitionsName, ".");
-
- p = *element;
- while (p)
- {
-
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_ANY:
- if ((p->type & CONST_DEFINED_BY) && (p->value))
- {
- /* search the "DEF_BY" element */
- p2 = p->down;
- while ((p2) && (type_field (p2->type) != ASN1_ETYPE_CONSTANT))
- p2 = p2->right;
-
- if (!p2)
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
+ char definitionsName[ASN1_MAX_NAME_SIZE],
+ name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
+ int retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ asn1_node p, p2, p3, aux = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ if ((definitions == NULL) || (*element == NULL))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ strcpy(definitionsName, definitions->name);
+ strcat(definitionsName, ".");
+
+ p = *element;
+ while (p) {
+
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_ANY:
+ if ((p->type & CONST_DEFINED_BY) && (p->value)) {
+ /* search the "DEF_BY" element */
+ p2 = p->down;
+ while ((p2)
+ && (type_field(p2->type) !=
+ ASN1_ETYPE_CONSTANT))
+ p2 = p2->right;
+
+ if (!p2) {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
- p3 = _asn1_find_up (p);
+ p3 = _asn1_find_up(p);
- if (!p3)
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
-
- p3 = p3->down;
- while (p3)
- {
- if (!(strcmp (p3->name, p2->name)))
- break;
- p3 = p3->right;
- }
+ if (!p3) {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
- if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
- (p3->value == NULL))
- {
+ p3 = p3->down;
+ while (p3) {
+ if (!(strcmp(p3->name, p2->name)))
+ break;
+ p3 = p3->right;
+ }
- p3 = _asn1_find_up (p);
- p3 = _asn1_find_up (p3);
+ if ((!p3)
+ || (type_field(p3->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || (p3->value == NULL)) {
- if (!p3)
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
+ p3 = _asn1_find_up(p);
+ p3 = _asn1_find_up(p3);
- p3 = p3->down;
+ if (!p3) {
+ retCode =
+ ASN1_ERROR_TYPE_ANY;
+ break;
+ }
- while (p3)
- {
- if (!(strcmp (p3->name, p2->name)))
- break;
- p3 = p3->right;
- }
-
- if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
- (p3->value == NULL))
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
- }
+ p3 = p3->down;
- /* search the OBJECT_ID into definitions */
- p2 = definitions->down;
- while (p2)
- {
- if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p2->type & CONST_ASSIGN))
- {
- strcpy (name, definitionsName);
- strcat (name, p2->name);
-
- len = ASN1_MAX_NAME_SIZE;
- result =
- asn1_read_value (definitions, name, value, &len);
-
- if ((result == ASN1_SUCCESS)
- && (!_asn1_strcmp (p3->value, value)))
- {
- p2 = p2->right; /* pointer to the structure to
- use for expansion */
- while ((p2) && (p2->type & CONST_ASSIGN))
- p2 = p2->right;
-
- if (p2)
- {
- strcpy (name, definitionsName);
- strcat (name, p2->name);
-
- result =
- asn1_create_element (definitions, name, &aux);
- if (result == ASN1_SUCCESS)
- {
- _asn1_cpy_name (aux, p);
- len2 =
- asn1_get_length_der (p->value,
- p->value_len, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
-
- result =
- asn1_der_decoding (&aux, p->value + len3,
- len2,
- errorDescription);
- if (result == ASN1_SUCCESS)
- {
-
- _asn1_set_right (aux, p->right);
- _asn1_set_right (p, aux);
-
- result = asn1_delete_structure (&p);
- if (result == ASN1_SUCCESS)
- {
- p = aux;
- aux = NULL;
- break;
+ while (p3) {
+ if (!
+ (strcmp
+ (p3->name, p2->name)))
+ break;
+ p3 = p3->right;
}
- else
- { /* error with asn1_delete_structure */
- asn1_delete_structure (&aux);
- retCode = result;
- break;
+
+ if ((!p3)
+ || (type_field(p3->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || (p3->value == NULL)) {
+ retCode =
+ ASN1_ERROR_TYPE_ANY;
+ break;
}
- }
- else
- { /* error with asn1_der_decoding */
- retCode = result;
- break;
- }
}
- else
- { /* error with asn1_create_element */
- retCode = result;
- break;
+
+ /* search the OBJECT_ID into definitions */
+ p2 = definitions->down;
+ while (p2) {
+ if ((type_field(p2->type) ==
+ ASN1_ETYPE_OBJECT_ID)
+ && (p2->type & CONST_ASSIGN)) {
+ strcpy(name,
+ definitionsName);
+ strcat(name, p2->name);
+
+ len = ASN1_MAX_NAME_SIZE;
+ result =
+ asn1_read_value
+ (definitions, name,
+ value, &len);
+
+ if ((result ==
+ ASN1_SUCCESS)
+ &&
+ (!_asn1_strcmp
+ (p3->value, value))) {
+ p2 = p2->right; /* pointer to the structure to
+ use for expansion */
+ while ((p2)
+ && (p2->
+ type &
+ CONST_ASSIGN))
+ p2 = p2->
+ right;
+
+ if (p2) {
+ strcpy
+ (name,
+ definitionsName);
+ strcat
+ (name,
+ p2->
+ name);
+
+ result =
+ asn1_create_element
+ (definitions,
+ name,
+ &aux);
+ if (result
+ ==
+ ASN1_SUCCESS)
+ {
+ _asn1_cpy_name
+ (aux,
+ p);
+ len2 = asn1_get_length_der(p->value, p->value_len, &len3);
+ if (len2 < 0)
+ return
+ ASN1_DER_ERROR;
+
+ result
+ =
+ asn1_der_decoding
+ (&aux,
+ p->
+ value
+ +
+ len3,
+ len2,
+ errorDescription);
+ if (result == ASN1_SUCCESS) {
+
+ _asn1_set_right
+ (aux,
+ p->
+ right);
+ _asn1_set_right
+ (p,
+ aux);
+
+ result
+ =
+ asn1_delete_structure
+ (&p);
+ if (result == ASN1_SUCCESS) {
+ p = aux;
+ aux = NULL;
+ break;
+ } else { /* error with asn1_delete_structure */
+ asn1_delete_structure
+ (&aux);
+ retCode
+ =
+ result;
+ break;
+ }
+ } else { /* error with asn1_der_decoding */
+ retCode
+ =
+ result;
+ break;
+ }
+ } else { /* error with asn1_create_element */
+ retCode
+ =
+ result;
+ break;
+ }
+ } else { /* error with the pointer to the structure to exapand */
+ retCode =
+ ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+ }
+ }
+ p2 = p2->right;
+ } /* end while */
+
+ if (!p2) {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
}
- }
- else
- { /* error with the pointer to the structure to exapand */
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
+
}
- }
- p2 = p2->right;
- } /* end while */
-
- if (!p2)
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
+ break;
+ default:
+ break;
}
- }
- break;
- default:
- break;
- }
-
- if (p->down)
- {
- p = p->down;
- }
- else if (p == *element)
- {
- p = NULL;
- break;
- }
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == *element)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
+ if (p->down) {
+ p = p->down;
+ } else if (p == *element) {
+ p = NULL;
+ break;
+ } else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == *element) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
- return retCode;
+ return retCode;
}
/**
@@ -2734,127 +2761,135 @@ asn1_expand_any_defined_by (asn1_node definitions, asn1_node * element)
* use for expansion, or other errors depending on DER decoding.
**/
int
-asn1_expand_octet_string (asn1_node definitions, asn1_node * element,
- const char *octetName, const char *objectName)
+asn1_expand_octet_string(asn1_node definitions, asn1_node * element,
+ const char *octetName, const char *objectName)
{
- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
- int retCode = ASN1_SUCCESS, result;
- int len, len2, len3;
- asn1_node p2, aux = NULL;
- asn1_node octetNode = NULL, objectNode = NULL;
- char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- if ((definitions == NULL) || (*element == NULL))
- return ASN1_ELEMENT_NOT_FOUND;
-
- octetNode = asn1_find_node (*element, octetName);
- if (octetNode == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
- if (type_field (octetNode->type) != ASN1_ETYPE_OCTET_STRING)
- return ASN1_ELEMENT_NOT_FOUND;
- if (octetNode->value == NULL)
- return ASN1_VALUE_NOT_FOUND;
-
- objectNode = asn1_find_node (*element, objectName);
- if (objectNode == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (type_field (objectNode->type) != ASN1_ETYPE_OBJECT_ID)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (objectNode->value == NULL)
- return ASN1_VALUE_NOT_FOUND;
-
-
- /* search the OBJECT_ID into definitions */
- p2 = definitions->down;
- while (p2)
- {
- if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p2->type & CONST_ASSIGN))
- {
- strcpy (name, definitions->name);
- strcat (name, ".");
- strcat (name, p2->name);
-
- len = sizeof (value);
- result = asn1_read_value (definitions, name, value, &len);
-
- if ((result == ASN1_SUCCESS)
- && (!_asn1_strcmp (objectNode->value, value)))
- {
-
- p2 = p2->right; /* pointer to the structure to
- use for expansion */
- while ((p2) && (p2->type & CONST_ASSIGN))
- p2 = p2->right;
-
- if (p2)
- {
- strcpy (name, definitions->name);
- strcat (name, ".");
- strcat (name, p2->name);
-
- result = asn1_create_element (definitions, name, &aux);
- if (result == ASN1_SUCCESS)
- {
- _asn1_cpy_name (aux, octetNode);
- len2 =
- asn1_get_length_der (octetNode->value,
- octetNode->value_len, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
-
- result =
- asn1_der_decoding (&aux, octetNode->value + len3,
- len2, errorDescription);
- if (result == ASN1_SUCCESS)
- {
-
- _asn1_set_right (aux, octetNode->right);
- _asn1_set_right (octetNode, aux);
-
- result = asn1_delete_structure (&octetNode);
- if (result == ASN1_SUCCESS)
- {
- aux = NULL;
- break;
- }
- else
- { /* error with asn1_delete_structure */
- asn1_delete_structure (&aux);
- retCode = result;
- break;
- }
- }
- else
- { /* error with asn1_der_decoding */
- retCode = result;
- break;
+ char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
+ int retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ asn1_node p2, aux = NULL;
+ asn1_node octetNode = NULL, objectNode = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ if ((definitions == NULL) || (*element == NULL))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ octetNode = asn1_find_node(*element, octetName);
+ if (octetNode == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+ if (type_field(octetNode->type) != ASN1_ETYPE_OCTET_STRING)
+ return ASN1_ELEMENT_NOT_FOUND;
+ if (octetNode->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+ objectNode = asn1_find_node(*element, objectName);
+ if (objectNode == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (type_field(objectNode->type) != ASN1_ETYPE_OBJECT_ID)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (objectNode->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+
+ /* search the OBJECT_ID into definitions */
+ p2 = definitions->down;
+ while (p2) {
+ if ((type_field(p2->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p2->type & CONST_ASSIGN)) {
+ strcpy(name, definitions->name);
+ strcat(name, ".");
+ strcat(name, p2->name);
+
+ len = sizeof(value);
+ result =
+ asn1_read_value(definitions, name, value,
+ &len);
+
+ if ((result == ASN1_SUCCESS)
+ && (!_asn1_strcmp(objectNode->value, value))) {
+
+ p2 = p2->right; /* pointer to the structure to
+ use for expansion */
+ while ((p2) && (p2->type & CONST_ASSIGN))
+ p2 = p2->right;
+
+ if (p2) {
+ strcpy(name, definitions->name);
+ strcat(name, ".");
+ strcat(name, p2->name);
+
+ result =
+ asn1_create_element
+ (definitions, name, &aux);
+ if (result == ASN1_SUCCESS) {
+ _asn1_cpy_name(aux,
+ octetNode);
+ len2 =
+ asn1_get_length_der
+ (octetNode->value,
+ octetNode->value_len,
+ &len3);
+ if (len2 < 0)
+ return
+ ASN1_DER_ERROR;
+
+ result =
+ asn1_der_decoding(&aux,
+ octetNode->
+ value
+ +
+ len3,
+ len2,
+ errorDescription);
+ if (result == ASN1_SUCCESS) {
+
+ _asn1_set_right
+ (aux,
+ octetNode->
+ right);
+ _asn1_set_right
+ (octetNode,
+ aux);
+
+ result =
+ asn1_delete_structure
+ (&octetNode);
+ if (result ==
+ ASN1_SUCCESS) {
+ aux = NULL;
+ break;
+ } else { /* error with asn1_delete_structure */
+ asn1_delete_structure
+ (&aux);
+ retCode =
+ result;
+ break;
+ }
+ } else { /* error with asn1_der_decoding */
+ retCode = result;
+ break;
+ }
+ } else { /* error with asn1_create_element */
+ retCode = result;
+ break;
+ }
+ } else { /* error with the pointer to the structure to exapand */
+ retCode = ASN1_VALUE_NOT_VALID;
+ break;
+ }
}
- }
- else
- { /* error with asn1_create_element */
- retCode = result;
- break;
- }
}
- else
- { /* error with the pointer to the structure to exapand */
- retCode = ASN1_VALUE_NOT_VALID;
- break;
- }
- }
- }
- p2 = p2->right;
+ p2 = p2->right;
- }
+ }
- if (!p2)
- retCode = ASN1_VALUE_NOT_VALID;
+ if (!p2)
+ retCode = ASN1_VALUE_NOT_VALID;
- return retCode;
+ return retCode;
}
/**
@@ -2871,45 +2906,46 @@ asn1_expand_octet_string (asn1_node definitions, asn1_node * element,
* Returns: %ASN1_SUCCESS if successful or an error value.
**/
int
-asn1_decode_simple_der (unsigned int etype, const unsigned char *der, unsigned int der_len,
- const unsigned char **str, unsigned int *str_len)
+asn1_decode_simple_der(unsigned int etype, const unsigned char *der,
+ unsigned int der_len, const unsigned char **str,
+ unsigned int *str_len)
{
- int tag_len, len_len;
- const unsigned char* p;
- unsigned char class;
- unsigned long tag;
- long ret;
-
- if (der == NULL || der_len == 0)
- return ASN1_VALUE_NOT_VALID;
-
- if (ETYPE_OK(etype) == 0)
- return ASN1_VALUE_NOT_VALID;
-
- /* doesn't handle constructed classes */
- if (ETYPE_CLASS(etype) != ASN1_CLASS_UNIVERSAL)
- return ASN1_VALUE_NOT_VALID;
-
- p = der;
- ret = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag);
- if (ret != ASN1_SUCCESS)
- return ret;
-
- if (class != ETYPE_CLASS(etype) || tag != ETYPE_TAG(etype))
- return ASN1_DER_ERROR;
-
- p += tag_len;
- der_len -= tag_len;
-
- ret = asn1_get_length_der (p, der_len, &len_len);
- if (ret < 0)
- return ASN1_DER_ERROR;
-
- p += len_len;
- der_len -= len_len;
-
- *str_len = ret;
- *str = p;
-
- return ASN1_SUCCESS;
+ int tag_len, len_len;
+ const unsigned char *p;
+ unsigned char class;
+ unsigned long tag;
+ long ret;
+
+ if (der == NULL || der_len == 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ if (ETYPE_OK(etype) == 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ /* doesn't handle constructed classes */
+ if (ETYPE_CLASS(etype) != ASN1_CLASS_UNIVERSAL)
+ return ASN1_VALUE_NOT_VALID;
+
+ p = der;
+ ret = asn1_get_tag_der(p, der_len, &class, &tag_len, &tag);
+ if (ret != ASN1_SUCCESS)
+ return ret;
+
+ if (class != ETYPE_CLASS(etype) || tag != ETYPE_TAG(etype))
+ return ASN1_DER_ERROR;
+
+ p += tag_len;
+ der_len -= tag_len;
+
+ ret = asn1_get_length_der(p, der_len, &len_len);
+ if (ret < 0)
+ return ASN1_DER_ERROR;
+
+ p += len_len;
+ der_len -= len_len;
+
+ *str_len = ret;
+ *str = p;
+
+ return ASN1_SUCCESS;
}
diff --git a/lib/minitasn1/element.c b/lib/minitasn1/element.c
index 763ac586b7..dd561802ad 100644
--- a/lib/minitasn1/element.c
+++ b/lib/minitasn1/element.c
@@ -33,30 +33,27 @@
#include "element.h"
-void
-_asn1_hierarchical_name (asn1_node node, char *name, int name_size)
+void _asn1_hierarchical_name(asn1_node node, char *name, int name_size)
{
- asn1_node p;
- char tmp_name[64];
+ asn1_node p;
+ char tmp_name[64];
- p = node;
+ p = node;
- name[0] = 0;
+ name[0] = 0;
- while (p != NULL)
- {
- if (p->name[0] != 0)
- {
- _asn1_str_cpy (tmp_name, sizeof (tmp_name), name),
- _asn1_str_cpy (name, name_size, p->name);
- _asn1_str_cat (name, name_size, ".");
- _asn1_str_cat (name, name_size, tmp_name);
+ while (p != NULL) {
+ if (p->name[0] != 0) {
+ _asn1_str_cpy(tmp_name, sizeof(tmp_name), name),
+ _asn1_str_cpy(name, name_size, p->name);
+ _asn1_str_cat(name, name_size, ".");
+ _asn1_str_cat(name, name_size, tmp_name);
+ }
+ p = _asn1_find_up(p);
}
- p = _asn1_find_up (p);
- }
- if (name[0] == 0)
- _asn1_str_cpy (name, name_size, "ROOT");
+ if (name[0] == 0)
+ _asn1_str_cpy(name, name_size, "ROOT");
}
@@ -75,89 +72,88 @@ _asn1_hierarchical_name (asn1_node node, char *name, int name_size)
/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */
/******************************************************************/
int
-_asn1_convert_integer (const unsigned char *value, unsigned char *value_out,
- int value_out_size, int *len)
+_asn1_convert_integer(const unsigned char *value, unsigned char *value_out,
+ int value_out_size, int *len)
{
- char negative;
- unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
- long valtmp;
- int k, k2;
+ char negative;
+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
+ long valtmp;
+ int k, k2;
- valtmp = _asn1_strtol (value, NULL, 10);
+ valtmp = _asn1_strtol(value, NULL, 10);
- for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
- {
- val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF;
- }
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) {
+ val[SIZEOF_UNSIGNED_LONG_INT - k - 1] =
+ (valtmp >> (8 * k)) & 0xFF;
+ }
- if (val[0] & 0x80)
- negative = 1;
- else
- negative = 0;
+ if (val[0] & 0x80)
+ negative = 1;
+ else
+ negative = 0;
- for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++)
- {
- if (negative && (val[k] != 0xFF))
- break;
- else if (!negative && val[k])
- break;
- }
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++) {
+ if (negative && (val[k] != 0xFF))
+ break;
+ else if (!negative && val[k])
+ break;
+ }
- if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80)))
- k--;
+ if ((negative && !(val[k] & 0x80))
+ || (!negative && (val[k] & 0x80)))
+ k--;
- *len = SIZEOF_UNSIGNED_LONG_INT - k;
+ *len = SIZEOF_UNSIGNED_LONG_INT - k;
- if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size)
- /* VALUE_OUT is too short to contain the value conversion */
- return ASN1_MEM_ERROR;
+ if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size)
+ /* VALUE_OUT is too short to contain the value conversion */
+ return ASN1_MEM_ERROR;
- for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
- value_out[k2 - k] = val[k2];
+ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
+ value_out[k2 - k] = val[k2];
#if 0
- printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
- for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
- printf (", vOut[%d]=%d", k, value_out[k]);
- printf ("\n");
+ printf("_asn1_convert_integer: valueIn=%s, lenOut=%d", value,
+ *len);
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
+ printf(", vOut[%d]=%d", k, value_out[k]);
+ printf("\n");
#endif
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
-int
-_asn1_append_sequence_set (asn1_node node)
+int _asn1_append_sequence_set(asn1_node node)
{
- asn1_node p, p2;
- char temp[10];
- long n;
-
- if (!node || !(node->down))
- return ASN1_GENERIC_ERROR;
-
- p = node->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
- p2 = _asn1_copy_structure3 (p);
- while (p->right)
- p = p->right;
- _asn1_set_right (p, p2);
-
- if (p->name[0] == 0)
- _asn1_str_cpy (temp, sizeof (temp), "?1");
- else
- {
- n = strtol (p->name + 1, NULL, 0);
- n++;
- temp[0] = '?';
- _asn1_ltostr (n, temp + 1);
- }
- _asn1_set_name (p2, temp);
- /* p2->type |= CONST_OPTION; */
-
- return ASN1_SUCCESS;
+ asn1_node p, p2;
+ char temp[10];
+ long n;
+
+ if (!node || !(node->down))
+ return ASN1_GENERIC_ERROR;
+
+ p = node->down;
+ while ((type_field(p->type) == ASN1_ETYPE_TAG)
+ || (type_field(p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+ p2 = _asn1_copy_structure3(p);
+ while (p->right)
+ p = p->right;
+ _asn1_set_right(p, p2);
+
+ if (p->name[0] == 0)
+ _asn1_str_cpy(temp, sizeof(temp), "?1");
+ else {
+ n = strtol(p->name + 1, NULL, 0);
+ n++;
+ temp[0] = '?';
+ _asn1_ltostr(n, temp + 1);
+ }
+ _asn1_set_name(p2, temp);
+ /* p2->type |= CONST_OPTION; */
+
+ return ASN1_SUCCESS;
}
@@ -268,346 +264,334 @@ _asn1_append_sequence_set (asn1_node node)
* %ASN1_VALUE_NOT_VALID if @ivalue has a wrong format.
**/
int
-asn1_write_value (asn1_node node_root, const char *name,
- const void *ivalue, int len)
+asn1_write_value(asn1_node node_root, const char *name,
+ const void *ivalue, int len)
{
- asn1_node node, p, p2;
- unsigned char *temp, *value_temp = NULL, *default_temp = NULL;
- int len2, k, k2, negative;
- size_t i;
- const unsigned char *value = ivalue;
- unsigned int type;
-
- node = asn1_find_node (node_root, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0))
- {
- asn1_delete_structure (&node);
- return ASN1_SUCCESS;
- }
-
- type = type_field(node->type);
-
- if ((type == ASN1_ETYPE_SEQUENCE_OF) && (value == NULL)
- && (len == 0))
- {
- p = node->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
-
- while (p->right)
- asn1_delete_structure (&p->right);
-
- return ASN1_SUCCESS;
- }
-
- switch (type)
- {
- case ASN1_ETYPE_BOOLEAN:
- if (!_asn1_strcmp (value, "TRUE"))
- {
- if (node->type & CONST_DEFAULT)
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if (p->type & CONST_TRUE)
- _asn1_set_value (node, NULL, 0);
- else
- _asn1_set_value (node, "T", 1);
- }
- else
- _asn1_set_value (node, "T", 1);
+ asn1_node node, p, p2;
+ unsigned char *temp, *value_temp = NULL, *default_temp = NULL;
+ int len2, k, k2, negative;
+ size_t i;
+ const unsigned char *value = ivalue;
+ unsigned int type;
+
+ node = asn1_find_node(node_root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0)) {
+ asn1_delete_structure(&node);
+ return ASN1_SUCCESS;
}
- else if (!_asn1_strcmp (value, "FALSE"))
- {
- if (node->type & CONST_DEFAULT)
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if (p->type & CONST_FALSE)
- _asn1_set_value (node, NULL, 0);
- else
- _asn1_set_value (node, "F", 1);
- }
- else
- _asn1_set_value (node, "F", 1);
+
+ type = type_field(node->type);
+
+ if ((type == ASN1_ETYPE_SEQUENCE_OF) && (value == NULL)
+ && (len == 0)) {
+ p = node->down;
+ while ((type_field(p->type) == ASN1_ETYPE_TAG)
+ || (type_field(p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+
+ while (p->right)
+ asn1_delete_structure(&p->right);
+
+ return ASN1_SUCCESS;
}
- else
- return ASN1_VALUE_NOT_VALID;
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- if (len == 0)
- {
- if ((isdigit (value[0])) || (value[0] == '-'))
- {
- value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
- if (value_temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
-
- _asn1_convert_integer (value, value_temp,
- SIZEOF_UNSIGNED_LONG_INT, &len);
- }
- else
- { /* is an identifier like v1 */
- if (!(node->type & CONST_LIST))
- return ASN1_VALUE_NOT_VALID;
- p = node->down;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_CONSTANT)
- {
- if (!_asn1_strcmp (p->name, value))
- {
- value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
- if (value_temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
-
- _asn1_convert_integer (p->value,
- value_temp,
- SIZEOF_UNSIGNED_LONG_INT,
- &len);
- break;
+
+ switch (type) {
+ case ASN1_ETYPE_BOOLEAN:
+ if (!_asn1_strcmp(value, "TRUE")) {
+ if (node->type & CONST_DEFAULT) {
+ p = node->down;
+ while (type_field(p->type) !=
+ ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_TRUE)
+ _asn1_set_value(node, NULL, 0);
+ else
+ _asn1_set_value(node, "T", 1);
+ } else
+ _asn1_set_value(node, "T", 1);
+ } else if (!_asn1_strcmp(value, "FALSE")) {
+ if (node->type & CONST_DEFAULT) {
+ p = node->down;
+ while (type_field(p->type) !=
+ ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_FALSE)
+ _asn1_set_value(node, NULL, 0);
+ else
+ _asn1_set_value(node, "F", 1);
+ } else
+ _asn1_set_value(node, "F", 1);
+ } else
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if (len == 0) {
+ if ((isdigit(value[0])) || (value[0] == '-')) {
+ value_temp =
+ malloc(SIZEOF_UNSIGNED_LONG_INT);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ _asn1_convert_integer(value, value_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len);
+ } else { /* is an identifier like v1 */
+ if (!(node->type & CONST_LIST))
+ return ASN1_VALUE_NOT_VALID;
+ p = node->down;
+ while (p) {
+ if (type_field(p->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ if (!_asn1_strcmp
+ (p->name, value)) {
+ value_temp =
+ malloc
+ (SIZEOF_UNSIGNED_LONG_INT);
+ if (value_temp ==
+ NULL)
+ return
+ ASN1_MEM_ALLOC_ERROR;
+
+ _asn1_convert_integer
+ (p->value,
+ value_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len);
+ break;
+ }
+ }
+ p = p->right;
+ }
+ if (p == NULL)
+ return ASN1_VALUE_NOT_VALID;
}
- }
- p = p->right;
+ } else { /* len != 0 */
+ value_temp = malloc(len);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+ memcpy(value_temp, value, len);
}
- if (p == NULL)
- return ASN1_VALUE_NOT_VALID;
- }
- }
- else
- { /* len != 0 */
- value_temp = malloc (len);
- if (value_temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
- memcpy (value_temp, value, len);
- }
-
- if (value_temp[0] & 0x80)
- negative = 1;
- else
- negative = 0;
- if (negative && (type_field (node->type) == ASN1_ETYPE_ENUMERATED))
- {
- free (value_temp);
- return ASN1_VALUE_NOT_VALID;
- }
+ if (value_temp[0] & 0x80)
+ negative = 1;
+ else
+ negative = 0;
- for (k = 0; k < len - 1; k++)
- if (negative && (value_temp[k] != 0xFF))
- break;
- else if (!negative && value_temp[k])
- break;
-
- if ((negative && !(value_temp[k] & 0x80)) ||
- (!negative && (value_temp[k] & 0x80)))
- k--;
-
- _asn1_set_value_lv (node, value_temp + k, len - k);
-
- if (node->type & CONST_DEFAULT)
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if ((isdigit (p->value[0])) || (p->value[0] == '-'))
- {
- default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
- if (default_temp == NULL)
- {
- free (value_temp);
- return ASN1_MEM_ALLOC_ERROR;
+ if (negative
+ && (type_field(node->type) == ASN1_ETYPE_ENUMERATED)) {
+ free(value_temp);
+ return ASN1_VALUE_NOT_VALID;
}
- _asn1_convert_integer (p->value, default_temp,
- SIZEOF_UNSIGNED_LONG_INT, &len2);
- }
- else
- { /* is an identifier like v1 */
- if (!(node->type & CONST_LIST))
- {
- free (value_temp);
- return ASN1_VALUE_NOT_VALID;
+ for (k = 0; k < len - 1; k++)
+ if (negative && (value_temp[k] != 0xFF))
+ break;
+ else if (!negative && value_temp[k])
+ break;
+
+ if ((negative && !(value_temp[k] & 0x80)) ||
+ (!negative && (value_temp[k] & 0x80)))
+ k--;
+
+ _asn1_set_value_lv(node, value_temp + k, len - k);
+
+ if (node->type & CONST_DEFAULT) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if ((isdigit(p->value[0])) || (p->value[0] == '-')) {
+ default_temp =
+ malloc(SIZEOF_UNSIGNED_LONG_INT);
+ if (default_temp == NULL) {
+ free(value_temp);
+ return ASN1_MEM_ALLOC_ERROR;
+ }
+
+ _asn1_convert_integer(p->value,
+ default_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len2);
+ } else { /* is an identifier like v1 */
+ if (!(node->type & CONST_LIST)) {
+ free(value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ p2 = node->down;
+ while (p2) {
+ if (type_field(p2->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ if (!_asn1_strcmp
+ (p2->name, p->value)) {
+ default_temp =
+ malloc
+ (SIZEOF_UNSIGNED_LONG_INT);
+ if (default_temp ==
+ NULL) {
+ free(value_temp);
+ return
+ ASN1_MEM_ALLOC_ERROR;
+ }
+
+ _asn1_convert_integer
+ (p2->value,
+ default_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len2);
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL) {
+ free(value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ }
+
+
+ if ((len - k) == len2) {
+ for (k2 = 0; k2 < len2; k2++)
+ if (value_temp[k + k2] !=
+ default_temp[k2]) {
+ break;
+ }
+ if (k2 == len2)
+ _asn1_set_value(node, NULL, 0);
+ }
+ free(default_temp);
}
- p2 = node->down;
- while (p2)
- {
- if (type_field (p2->type) == ASN1_ETYPE_CONSTANT)
- {
- if (!_asn1_strcmp (p2->name, p->value))
- {
- default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
- if (default_temp == NULL)
- {
- free (value_temp);
- return ASN1_MEM_ALLOC_ERROR;
- }
-
- _asn1_convert_integer (p2->value,
- default_temp,
- SIZEOF_UNSIGNED_LONG_INT,
- &len2);
- break;
+ free(value_temp);
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ for (i = 0; i < _asn1_strlen(value); i++)
+ if ((!isdigit(value[i])) && (value[i] != '.')
+ && (value[i] != '+'))
+ return ASN1_VALUE_NOT_VALID;
+ if (node->type & CONST_DEFAULT) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (!_asn1_strcmp(value, p->value)) {
+ _asn1_set_value(node, NULL, 0);
+ break;
}
- }
- p2 = p2->right;
}
- if (p2 == NULL)
+ _asn1_set_value(node, value, _asn1_strlen(value) + 1);
+ break;
+ case ASN1_ETYPE_UTC_TIME:
{
- free (value_temp);
- return ASN1_VALUE_NOT_VALID;
+ len = _asn1_strlen(value);
+ if (len < 11)
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 0; k < 10; k++)
+ if (!isdigit(value[k]))
+ return ASN1_VALUE_NOT_VALID;
+ switch (len) {
+ case 11:
+ if (value[10] != 'Z')
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 13:
+ if ((!isdigit(value[10]))
+ || (!isdigit(value[11]))
+ || (value[12] != 'Z'))
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 15:
+ if ((value[10] != '+')
+ && (value[10] != '-'))
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 11; k < 15; k++)
+ if (!isdigit(value[k]))
+ return
+ ASN1_VALUE_NOT_VALID;
+ break;
+ case 17:
+ if ((!isdigit(value[10]))
+ || (!isdigit(value[11])))
+ return ASN1_VALUE_NOT_VALID;
+ if ((value[12] != '+')
+ && (value[12] != '-'))
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 13; k < 17; k++)
+ if (!isdigit(value[k]))
+ return
+ ASN1_VALUE_NOT_VALID;
+ break;
+ default:
+ return ASN1_VALUE_NOT_FOUND;
+ }
+ _asn1_set_value(node, value, len);
}
- }
-
-
- if ((len - k) == len2)
- {
- for (k2 = 0; k2 < len2; k2++)
- if (value_temp[k + k2] != default_temp[k2])
- {
- break;
- }
- if (k2 == len2)
- _asn1_set_value (node, NULL, 0);
- }
- free (default_temp);
- }
- free (value_temp);
- break;
- case ASN1_ETYPE_OBJECT_ID:
- for (i = 0; i < _asn1_strlen (value); i++)
- if ((!isdigit (value[i])) && (value[i] != '.') && (value[i] != '+'))
- return ASN1_VALUE_NOT_VALID;
- if (node->type & CONST_DEFAULT)
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if (!_asn1_strcmp (value, p->value))
- {
- _asn1_set_value (node, NULL, 0);
- break;
- }
- }
- _asn1_set_value (node, value, _asn1_strlen (value) + 1);
- break;
- case ASN1_ETYPE_UTC_TIME:
- {
- len = _asn1_strlen(value);
- if (len < 11)
- return ASN1_VALUE_NOT_VALID;
- for (k = 0; k < 10; k++)
- if (!isdigit (value[k]))
- return ASN1_VALUE_NOT_VALID;
- switch (len)
- {
- case 11:
- if (value[10] != 'Z')
- return ASN1_VALUE_NOT_VALID;
- break;
- case 13:
- if ((!isdigit (value[10])) || (!isdigit (value[11])) ||
- (value[12] != 'Z'))
- return ASN1_VALUE_NOT_VALID;
- break;
- case 15:
- if ((value[10] != '+') && (value[10] != '-'))
- return ASN1_VALUE_NOT_VALID;
- for (k = 11; k < 15; k++)
- if (!isdigit (value[k]))
- return ASN1_VALUE_NOT_VALID;
- break;
- case 17:
- if ((!isdigit (value[10])) || (!isdigit (value[11])))
- return ASN1_VALUE_NOT_VALID;
- if ((value[12] != '+') && (value[12] != '-'))
- return ASN1_VALUE_NOT_VALID;
- for (k = 13; k < 17; k++)
- if (!isdigit (value[k]))
- return ASN1_VALUE_NOT_VALID;
- break;
- default:
- return ASN1_VALUE_NOT_FOUND;
- }
- _asn1_set_value (node, value, len);
- }
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- len = _asn1_strlen(value);
- _asn1_set_value (node, value, len);
- break;
- case ASN1_ETYPE_OCTET_STRING:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- if (len == 0)
- len = _asn1_strlen (value);
- _asn1_set_value_lv (node, value, len);
- break;
- case ASN1_ETYPE_BIT_STRING:
- if (len == 0)
- len = _asn1_strlen (value);
- asn1_length_der ((len >> 3) + 2, NULL, &len2);
- temp = malloc ((len >> 3) + 2 + len2);
- if (temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
-
- asn1_bit_der (value, len, temp, &len2);
- _asn1_set_value_m (node, temp, len2);
- temp = NULL;
- break;
- case ASN1_ETYPE_CHOICE:
- p = node->down;
- while (p)
- {
- if (!_asn1_strcmp (p->name, value))
- {
- p2 = node->down;
- while (p2)
- {
- if (p2 != p)
- {
- asn1_delete_structure (&p2);
- p2 = node->down;
- }
- else
- p2 = p2->right;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ len = _asn1_strlen(value);
+ _asn1_set_value(node, value, len);
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ if (len == 0)
+ len = _asn1_strlen(value);
+ _asn1_set_value_lv(node, value, len);
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ if (len == 0)
+ len = _asn1_strlen(value);
+ asn1_length_der((len >> 3) + 2, NULL, &len2);
+ temp = malloc((len >> 3) + 2 + len2);
+ if (temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ asn1_bit_der(value, len, temp, &len2);
+ _asn1_set_value_m(node, temp, len2);
+ temp = NULL;
+ break;
+ case ASN1_ETYPE_CHOICE:
+ p = node->down;
+ while (p) {
+ if (!_asn1_strcmp(p->name, value)) {
+ p2 = node->down;
+ while (p2) {
+ if (p2 != p) {
+ asn1_delete_structure(&p2);
+ p2 = node->down;
+ } else
+ p2 = p2->right;
+ }
+ break;
+ }
+ p = p->right;
}
- break;
- }
- p = p->right;
+ if (!p)
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
+ case ASN1_ETYPE_ANY:
+ _asn1_set_value_lv(node, value, len);
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (_asn1_strcmp(value, "NEW"))
+ return ASN1_VALUE_NOT_VALID;
+ _asn1_append_sequence_set(node);
+ break;
+ default:
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
}
- if (!p)
- return ASN1_ELEMENT_NOT_FOUND;
- break;
- case ASN1_ETYPE_ANY:
- _asn1_set_value_lv (node, value, len);
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (_asn1_strcmp (value, "NEW"))
- return ASN1_VALUE_NOT_VALID;
- _asn1_append_sequence_set (node);
- break;
- default:
- return ASN1_ELEMENT_NOT_FOUND;
- break;
- }
-
- return ASN1_SUCCESS;
+
+ return ASN1_SUCCESS;
}
@@ -709,9 +693,9 @@ asn1_write_value (asn1_node node_root, const char *name,
* bytes needed.
**/
int
-asn1_read_value (asn1_node root, const char *name, void *ivalue, int *len)
+asn1_read_value(asn1_node root, const char *name, void *ivalue, int *len)
{
- return asn1_read_value_type( root, name, ivalue, len, NULL);
+ return asn1_read_value_type(root, name, ivalue, len, NULL);
}
/**
@@ -777,174 +761,158 @@ asn1_read_value (asn1_node root, const char *name, void *ivalue, int *len)
* bytes needed.
**/
int
-asn1_read_value_type (asn1_node root, const char *name, void *ivalue, int *len,
- unsigned int *etype)
+asn1_read_value_type(asn1_node root, const char *name, void *ivalue,
+ int *len, unsigned int *etype)
{
- asn1_node node, p, p2;
- int len2, len3;
- int value_size = *len;
- unsigned char *value = ivalue;
- unsigned type;
-
- node = asn1_find_node (root, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- type = type_field (node->type);
-
- if ((type != ASN1_ETYPE_NULL) &&
- (type != ASN1_ETYPE_CHOICE) &&
- !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) &&
- (node->value == NULL))
- return ASN1_VALUE_NOT_FOUND;
-
- if (etype)
- *etype = type;
- switch (type)
- {
- case ASN1_ETYPE_NULL:
- PUT_STR_VALUE (value, value_size, "NULL");
- break;
- case ASN1_ETYPE_BOOLEAN:
- if ((node->type & CONST_DEFAULT) && (node->value == NULL))
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if (p->type & CONST_TRUE)
- {
- PUT_STR_VALUE (value, value_size, "TRUE");
- }
- else
- {
- PUT_STR_VALUE (value, value_size, "FALSE");
- }
- }
- else if (node->value[0] == 'T')
- {
- PUT_STR_VALUE (value, value_size, "TRUE");
- }
- else
- {
- PUT_STR_VALUE (value, value_size, "FALSE");
- }
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- if ((node->type & CONST_DEFAULT) && (node->value == NULL))
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if ((isdigit (p->value[0])) || (p->value[0] == '-')
- || (p->value[0] == '+'))
- {
- if (_asn1_convert_integer
- (p->value, value, value_size, len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- }
- else
- { /* is an identifier like v1 */
- p2 = node->down;
- while (p2)
- {
- if (type_field (p2->type) == ASN1_ETYPE_CONSTANT)
- {
- if (!_asn1_strcmp (p2->name, p->value))
- {
- if (_asn1_convert_integer
- (p2->value, value, value_size,
- len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- break;
+ asn1_node node, p, p2;
+ int len2, len3;
+ int value_size = *len;
+ unsigned char *value = ivalue;
+ unsigned type;
+
+ node = asn1_find_node(root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ type = type_field(node->type);
+
+ if ((type != ASN1_ETYPE_NULL) &&
+ (type != ASN1_ETYPE_CHOICE) &&
+ !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN)
+ && (node->value == NULL))
+ return ASN1_VALUE_NOT_FOUND;
+
+ if (etype)
+ *etype = type;
+ switch (type) {
+ case ASN1_ETYPE_NULL:
+ PUT_STR_VALUE(value, value_size, "NULL");
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if ((node->type & CONST_DEFAULT) && (node->value == NULL)) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_TRUE) {
+ PUT_STR_VALUE(value, value_size, "TRUE");
+ } else {
+ PUT_STR_VALUE(value, value_size, "FALSE");
}
- }
- p2 = p2->right;
+ } else if (node->value[0] == 'T') {
+ PUT_STR_VALUE(value, value_size, "TRUE");
+ } else {
+ PUT_STR_VALUE(value, value_size, "FALSE");
}
- }
- }
- else
- {
- len2 = -1;
- if (asn1_get_octet_der
- (node->value, node->value_len, &len2, value, value_size,
- len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- }
- break;
- case ASN1_ETYPE_OBJECT_ID:
- if (node->type & CONST_ASSIGN)
- {
- value[0] = 0;
- p = node->down;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_CONSTANT)
- {
- ADD_STR_VALUE (value, value_size, p->value);
- if (p->right)
- {
- ADD_STR_VALUE (value, value_size, ".");
- }
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if ((node->type & CONST_DEFAULT) && (node->value == NULL)) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if ((isdigit(p->value[0])) || (p->value[0] == '-')
+ || (p->value[0] == '+')) {
+ if (_asn1_convert_integer
+ (p->value, value, value_size,
+ len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ } else { /* is an identifier like v1 */
+ p2 = node->down;
+ while (p2) {
+ if (type_field(p2->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ if (!_asn1_strcmp
+ (p2->name, p->value)) {
+ if (_asn1_convert_integer(p2->value, value, value_size, len) != ASN1_SUCCESS)
+ return
+ ASN1_MEM_ERROR;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ }
+ } else {
+ len2 = -1;
+ if (asn1_get_octet_der
+ (node->value, node->value_len, &len2, value,
+ value_size, len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
}
- p = p->right;
- }
- *len = _asn1_strlen (value) + 1;
- }
- else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- PUT_STR_VALUE (value, value_size, p->value);
- }
- else
- {
- PUT_STR_VALUE (value, value_size, node->value);
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (node->type & CONST_ASSIGN) {
+ value[0] = 0;
+ p = node->down;
+ while (p) {
+ if (type_field(p->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ ADD_STR_VALUE(value, value_size,
+ p->value);
+ if (p->right) {
+ ADD_STR_VALUE(value,
+ value_size,
+ ".");
+ }
+ }
+ p = p->right;
+ }
+ *len = _asn1_strlen(value) + 1;
+ } else if ((node->type & CONST_DEFAULT)
+ && (node->value == NULL)) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ PUT_STR_VALUE(value, value_size, p->value);
+ } else {
+ PUT_STR_VALUE(value, value_size, node->value);
+ }
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ PUT_AS_STR_VALUE(value, value_size, node->value,
+ node->value_len);
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ len2 = -1;
+ if (asn1_get_octet_der
+ (node->value, node->value_len, &len2, value,
+ value_size, len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ len2 = -1;
+ if (asn1_get_bit_der
+ (node->value, node->value_len, &len2, value,
+ value_size, len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ break;
+ case ASN1_ETYPE_CHOICE:
+ PUT_STR_VALUE(value, value_size, node->down->name);
+ break;
+ case ASN1_ETYPE_ANY:
+ len3 = -1;
+ len2 =
+ asn1_get_length_der(node->value, node->value_len,
+ &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ PUT_VALUE(value, value_size, node->value + len3, len2);
+ break;
+ default:
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
}
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- PUT_AS_STR_VALUE (value, value_size, node->value, node->value_len);
- break;
- case ASN1_ETYPE_OCTET_STRING:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- len2 = -1;
- if (asn1_get_octet_der
- (node->value, node->value_len, &len2, value, value_size,
- len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- break;
- case ASN1_ETYPE_BIT_STRING:
- len2 = -1;
- if (asn1_get_bit_der
- (node->value, node->value_len, &len2, value, value_size,
- len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- break;
- case ASN1_ETYPE_CHOICE:
- PUT_STR_VALUE (value, value_size, node->down->name);
- break;
- case ASN1_ETYPE_ANY:
- len3 = -1;
- len2 = asn1_get_length_der (node->value, node->value_len, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
- PUT_VALUE (value, value_size, node->value + len3, len2);
- break;
- default:
- return ASN1_ELEMENT_NOT_FOUND;
- break;
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -964,68 +932,62 @@ asn1_read_value_type (asn1_node root, const char *name, void *ivalue, int *len,
* @name is not a valid element.
**/
int
-asn1_read_tag (asn1_node root, const char *name, int *tagValue,
- int *classValue)
+asn1_read_tag(asn1_node root, const char *name, int *tagValue,
+ int *classValue)
{
- asn1_node node, p, pTag;
-
- node = asn1_find_node (root, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node->down;
-
- /* pTag will points to the IMPLICIT TAG */
- pTag = NULL;
- if (node->type & CONST_TAG)
- {
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_TAG)
- {
- if ((p->type & CONST_IMPLICIT) && (pTag == NULL))
- pTag = p;
- else if (p->type & CONST_EXPLICIT)
- pTag = NULL;
- }
- p = p->right;
+ asn1_node node, p, pTag;
+
+ node = asn1_find_node(root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node->down;
+
+ /* pTag will points to the IMPLICIT TAG */
+ pTag = NULL;
+ if (node->type & CONST_TAG) {
+ while (p) {
+ if (type_field(p->type) == ASN1_ETYPE_TAG) {
+ if ((p->type & CONST_IMPLICIT)
+ && (pTag == NULL))
+ pTag = p;
+ else if (p->type & CONST_EXPLICIT)
+ pTag = NULL;
+ }
+ p = p->right;
+ }
}
- }
-
- if (pTag)
- {
- *tagValue = _asn1_strtoul (pTag->value, NULL, 10);
-
- if (pTag->type & CONST_APPLICATION)
- *classValue = ASN1_CLASS_APPLICATION;
- else if (pTag->type & CONST_UNIVERSAL)
- *classValue = ASN1_CLASS_UNIVERSAL;
- else if (pTag->type & CONST_PRIVATE)
- *classValue = ASN1_CLASS_PRIVATE;
- else
- *classValue = ASN1_CLASS_CONTEXT_SPECIFIC;
- }
- else
- {
- unsigned type = type_field (node->type);
- *classValue = ASN1_CLASS_UNIVERSAL;
-
- switch (type)
- {
- CASE_HANDLED_ETYPES:
- *tagValue = _asn1_tags[type].tag;
- break;
- case ASN1_ETYPE_TAG:
- case ASN1_ETYPE_CHOICE:
- case ASN1_ETYPE_ANY:
- *tagValue = -1;
- break;
- default:
- break;
+
+ if (pTag) {
+ *tagValue = _asn1_strtoul(pTag->value, NULL, 10);
+
+ if (pTag->type & CONST_APPLICATION)
+ *classValue = ASN1_CLASS_APPLICATION;
+ else if (pTag->type & CONST_UNIVERSAL)
+ *classValue = ASN1_CLASS_UNIVERSAL;
+ else if (pTag->type & CONST_PRIVATE)
+ *classValue = ASN1_CLASS_PRIVATE;
+ else
+ *classValue = ASN1_CLASS_CONTEXT_SPECIFIC;
+ } else {
+ unsigned type = type_field(node->type);
+ *classValue = ASN1_CLASS_UNIVERSAL;
+
+ switch (type) {
+ CASE_HANDLED_ETYPES:
+ *tagValue = _asn1_tags[type].tag;
+ break;
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_ANY:
+ *tagValue = -1;
+ break;
+ default:
+ break;
+ }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
/**
@@ -1038,12 +1000,12 @@ asn1_read_tag (asn1_node root, const char *name, int *tagValue,
*
* Returns: %ASN1_SUCCESS if the node exists.
**/
-int asn1_read_node_value (asn1_node node, asn1_data_node_st* data)
+int asn1_read_node_value(asn1_node node, asn1_data_node_st * data)
{
- data->name = node->name;
- data->value = node->value;
- data->value_len = node->value_len;
- data->type = type_field(node->type);
-
- return ASN1_SUCCESS;
+ data->name = node->name;
+ data->value = node->value;
+ data->value_len = node->value_len;
+ data->type = type_field(node->type);
+
+ return ASN1_SUCCESS;
}
diff --git a/lib/minitasn1/element.h b/lib/minitasn1/element.h
index 3bd38bb923..aca0238b42 100644
--- a/lib/minitasn1/element.h
+++ b/lib/minitasn1/element.h
@@ -23,12 +23,12 @@
#define _ELEMENT_H
-int _asn1_append_sequence_set (asn1_node node);
+int _asn1_append_sequence_set(asn1_node node);
-int _asn1_convert_integer (const unsigned char *value,
- unsigned char *value_out,
- int value_out_size, int *len);
+int _asn1_convert_integer(const unsigned char *value,
+ unsigned char *value_out,
+ int value_out_size, int *len);
-void _asn1_hierarchical_name (asn1_node node, char *name, int name_size);
+void _asn1_hierarchical_name(asn1_node node, char *name, int name_size);
#endif
diff --git a/lib/minitasn1/errors.c b/lib/minitasn1/errors.c
index e01c3ee9ea..db9f1fa051 100644
--- a/lib/minitasn1/errors.c
+++ b/lib/minitasn1/errors.c
@@ -26,33 +26,32 @@
#define LIBTASN1_ERROR_ENTRY(name) { #name, name }
-struct libtasn1_error_entry
-{
- const char *name;
- int number;
+struct libtasn1_error_entry {
+ const char *name;
+ int number;
};
typedef struct libtasn1_error_entry libtasn1_error_entry;
static const libtasn1_error_entry error_algorithms[] = {
- LIBTASN1_ERROR_ENTRY (ASN1_SUCCESS),
- LIBTASN1_ERROR_ENTRY (ASN1_FILE_NOT_FOUND),
- LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_FOUND),
- LIBTASN1_ERROR_ENTRY (ASN1_IDENTIFIER_NOT_FOUND),
- LIBTASN1_ERROR_ENTRY (ASN1_DER_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_FOUND),
- LIBTASN1_ERROR_ENTRY (ASN1_GENERIC_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_VALID),
- LIBTASN1_ERROR_ENTRY (ASN1_TAG_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_TAG_IMPLICIT),
- LIBTASN1_ERROR_ENTRY (ASN1_ERROR_TYPE_ANY),
- LIBTASN1_ERROR_ENTRY (ASN1_SYNTAX_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_MEM_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_MEM_ALLOC_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_DER_OVERFLOW),
- LIBTASN1_ERROR_ENTRY (ASN1_NAME_TOO_LONG),
- LIBTASN1_ERROR_ENTRY (ASN1_ARRAY_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_EMPTY),
- {0, 0}
+ LIBTASN1_ERROR_ENTRY(ASN1_SUCCESS),
+ LIBTASN1_ERROR_ENTRY(ASN1_FILE_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY(ASN1_ELEMENT_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY(ASN1_IDENTIFIER_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY(ASN1_DER_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_VALUE_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY(ASN1_GENERIC_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_VALUE_NOT_VALID),
+ LIBTASN1_ERROR_ENTRY(ASN1_TAG_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_TAG_IMPLICIT),
+ LIBTASN1_ERROR_ENTRY(ASN1_ERROR_TYPE_ANY),
+ LIBTASN1_ERROR_ENTRY(ASN1_SYNTAX_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_MEM_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_MEM_ALLOC_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_DER_OVERFLOW),
+ LIBTASN1_ERROR_ENTRY(ASN1_NAME_TOO_LONG),
+ LIBTASN1_ERROR_ENTRY(ASN1_ARRAY_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_ELEMENT_NOT_EMPTY),
+ {0, 0}
};
/**
@@ -67,11 +66,10 @@ static const libtasn1_error_entry error_algorithms[] = {
*
* Since: 1.6
**/
-void
-asn1_perror (int error)
+void asn1_perror(int error)
{
- const char *str = asn1_strerror (error);
- fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
+ const char *str = asn1_strerror(error);
+ fprintf(stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
}
/**
@@ -89,14 +87,13 @@ asn1_perror (int error)
*
* Since: 1.6
**/
-const char *
-asn1_strerror (int error)
+const char *asn1_strerror(int error)
{
- const libtasn1_error_entry *p;
+ const libtasn1_error_entry *p;
- for (p = error_algorithms; p->name != NULL; p++)
- if (p->number == error)
- return p->name + sizeof ("ASN1_") - 1;
+ for (p = error_algorithms; p->name != NULL; p++)
+ if (p->number == error)
+ return p->name + sizeof("ASN1_") - 1;
- return NULL;
+ return NULL;
}
diff --git a/lib/minitasn1/gstr.c b/lib/minitasn1/gstr.c
index 0558c77771..f10dd2ac3d 100644
--- a/lib/minitasn1/gstr.c
+++ b/lib/minitasn1/gstr.c
@@ -28,46 +28,38 @@
*
* They should be used only with null terminated strings.
*/
-void
-_asn1_str_cat (char *dest, size_t dest_tot_size, const char *src)
+void _asn1_str_cat(char *dest, size_t dest_tot_size, const char *src)
{
- size_t str_size = strlen (src);
- size_t dest_size = strlen (dest);
+ size_t str_size = strlen(src);
+ size_t dest_size = strlen(dest);
- if (dest_tot_size - dest_size > str_size)
- {
- strcat (dest, src);
- }
- else
- {
- if (dest_tot_size - dest_size > 0)
- {
- strncat (dest, src, (dest_tot_size - dest_size) - 1);
- dest[dest_tot_size - 1] = 0;
+ if (dest_tot_size - dest_size > str_size) {
+ strcat(dest, src);
+ } else {
+ if (dest_tot_size - dest_size > 0) {
+ strncat(dest, src,
+ (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
}
- }
}
/* Returns the bytes copied (not including the null terminator) */
unsigned int
-_asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src)
+_asn1_str_cpy(char *dest, size_t dest_tot_size, const char *src)
{
- size_t str_size = strlen (src);
+ size_t str_size = strlen(src);
- if (dest_tot_size > str_size)
- {
- strcpy (dest, src);
- return str_size;
- }
- else
- {
- if (dest_tot_size > 0)
- {
- str_size = dest_tot_size - 1;
- memcpy (dest, src, str_size);
- dest[str_size] = 0;
- return str_size;
+ if (dest_tot_size > str_size) {
+ strcpy(dest, src);
+ return str_size;
+ } else {
+ if (dest_tot_size > 0) {
+ str_size = dest_tot_size - 1;
+ memcpy(dest, src, str_size);
+ dest[str_size] = 0;
+ return str_size;
+ } else
+ return 0;
}
- else return 0;
- }
}
diff --git a/lib/minitasn1/gstr.h b/lib/minitasn1/gstr.h
index 672d59eb59..9b7176a4a1 100644
--- a/lib/minitasn1/gstr.h
+++ b/lib/minitasn1/gstr.h
@@ -19,8 +19,9 @@
* 02110-1301, USA
*/
-unsigned int _asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src);
-void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src);
+unsigned int _asn1_str_cpy(char *dest, size_t dest_tot_size,
+ const char *src);
+void _asn1_str_cat(char *dest, size_t dest_tot_size, const char *src);
#define Estrcpy(x,y) _asn1_str_cpy(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y)
#define Estrcat(x,y) _asn1_str_cat(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y)
diff --git a/lib/minitasn1/int.h b/lib/minitasn1/int.h
index 3163d50d14..d422a79c6b 100644
--- a/lib/minitasn1/int.h
+++ b/lib/minitasn1/int.h
@@ -43,25 +43,24 @@
/* This structure is also in libtasn1.h, but then contains less
fields. You cannot make any modifications to these first fields
without breaking ABI. */
-struct asn1_node_st
-{
- /* public fields: */
- char name[ASN1_MAX_NAME_SIZE+1]; /* Node name */
- unsigned int name_hash;
- unsigned int type; /* Node type */
- unsigned char *value; /* Node value */
- int value_len;
- asn1_node down; /* Pointer to the son node */
- asn1_node right; /* Pointer to the brother node */
- asn1_node left; /* Pointer to the next list element */
- /* private fields: */
- unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */
+struct asn1_node_st {
+ /* public fields: */
+ char name[ASN1_MAX_NAME_SIZE + 1]; /* Node name */
+ unsigned int name_hash;
+ unsigned int type; /* Node type */
+ unsigned char *value; /* Node value */
+ int value_len;
+ asn1_node down; /* Pointer to the son node */
+ asn1_node right; /* Pointer to the brother node */
+ asn1_node left; /* Pointer to the next list element */
+ /* private fields: */
+ unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */
};
typedef struct tag_and_class_st {
- unsigned tag;
- unsigned class;
- const char* desc;
+ unsigned tag;
+ unsigned class;
+ const char *desc;
} tag_and_class_st;
/* the types that are handled in _asn1_tags */
@@ -158,28 +157,26 @@ extern const tag_and_class_st _asn1_tags[];
/****************************************/
inline static unsigned int type_field(unsigned int ntype)
{
- return (ntype & 0xff);
+ return (ntype & 0xff);
}
/* To convert old types from a static structure */
inline static unsigned int convert_old_type(unsigned int ntype)
{
-unsigned int type = ntype & 0xff;
- if (type == ASN1_ETYPE_TIME)
- {
- if (ntype & CONST_UTC)
- type = ASN1_ETYPE_UTC_TIME;
- else
- type = ASN1_ETYPE_GENERALIZED_TIME;
-
- ntype &= ~(CONST_UTC|CONST_GENERALIZED);
- ntype &= 0xffffff00;
- ntype |= type;
-
- return ntype;
- }
- else
- return ntype;
+ unsigned int type = ntype & 0xff;
+ if (type == ASN1_ETYPE_TIME) {
+ if (ntype & CONST_UTC)
+ type = ASN1_ETYPE_UTC_TIME;
+ else
+ type = ASN1_ETYPE_GENERALIZED_TIME;
+
+ ntype &= ~(CONST_UTC | CONST_GENERALIZED);
+ ntype &= 0xffffff00;
+ ntype |= type;
+
+ return ntype;
+ } else
+ return ntype;
}
-#endif /* INT_H */
+#endif /* INT_H */
diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h
index 06474f3f33..37fd376c68 100644
--- a/lib/minitasn1/libtasn1.h
+++ b/lib/minitasn1/libtasn1.h
@@ -21,33 +21,32 @@
*/
#ifndef LIBTASN1_H
-# define LIBTASN1_H
-
-# ifndef ASN1_API
-# if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY
-# define ASN1_API __attribute__((__visibility__("default")))
-# elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC
-# define ASN1_API __declspec(dllexport)
-# elif defined _MSC_VER && ! defined ASN1_STATIC
-# define ASN1_API __declspec(dllimport)
-# else
-# define ASN1_API
-# endif
-# endif
+#define LIBTASN1_H
+
+#ifndef ASN1_API
+#if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY
+#define ASN1_API __attribute__((__visibility__("default")))
+#elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC
+#define ASN1_API __declspec(dllexport)
+#elif defined _MSC_VER && ! defined ASN1_STATIC
+#define ASN1_API __declspec(dllimport)
+#else
+#define ASN1_API
+#endif
+#endif
#include <stdio.h> /* for FILE* */
#include <sys/types.h>
#include <time.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define ASN1_VERSION "3.1"
/*****************************************/
- /* Errors returned by libtasn1 functions */
+ /* Errors returned by libtasn1 functions */
/*****************************************/
#define ASN1_SUCCESS 0
#define ASN1_FILE_NOT_FOUND 1
@@ -69,7 +68,7 @@ extern "C"
#define ASN1_ELEMENT_NOT_EMPTY 17
/*************************************/
- /* Constants used in asn1_visit_tree */
+ /* Constants used in asn1_visit_tree */
/*************************************/
#define ASN1_PRINT_NAME 1
#define ASN1_PRINT_NAME_TYPE 2
@@ -77,7 +76,7 @@ extern "C"
#define ASN1_PRINT_ALL 4
/*****************************************/
- /* Constants returned by asn1_read_tag */
+ /* Constants returned by asn1_read_tag */
/*****************************************/
#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */
#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */
@@ -86,7 +85,7 @@ extern "C"
#define ASN1_CLASS_STRUCTURED 0x20
/*****************************************/
- /* Constants returned by asn1_read_tag */
+ /* Constants returned by asn1_read_tag */
/*****************************************/
#define ASN1_TAG_BOOLEAN 0x01
#define ASN1_TAG_INTEGER 0x02
@@ -110,29 +109,28 @@ extern "C"
#define ASN1_TAG_VISIBLE_STRING 0x1A
/******************************************************/
- /* Structure definition used for the node of the tree */
- /* that represent an ASN.1 DEFINITION. */
+ /* Structure definition used for the node of the tree */
+ /* that represent an ASN.1 DEFINITION. */
/******************************************************/
- typedef struct asn1_node_st asn1_node_st;
+ typedef struct asn1_node_st asn1_node_st;
- typedef asn1_node_st *asn1_node;
+ typedef asn1_node_st *asn1_node;
- /* maximum number of characters of a name */
- /* inside a file with ASN1 definitons */
+ /* maximum number of characters of a name */
+ /* inside a file with ASN1 definitons */
#define ASN1_MAX_NAME_SIZE 64
/*****************************************/
- /* For the on-disk format of ASN.1 trees */
+ /* For the on-disk format of ASN.1 trees */
/*****************************************/
- struct asn1_static_node_st
- {
- const char *name; /* Node name */
- unsigned int type; /* Node type */
- const void *value; /* Node value */
- };
- typedef struct asn1_static_node_st asn1_static_node;
+ struct asn1_static_node_st {
+ const char *name; /* Node name */
+ unsigned int type; /* Node type */
+ const void *value; /* Node value */
+ };
+ typedef struct asn1_static_node_st asn1_static_node;
/* List of constants for field type of node_asn */
#define ASN1_ETYPE_INVALID 0
@@ -168,171 +166,185 @@ extern "C"
#define ASN1_ETYPE_UTC_TIME 36
#define ASN1_ETYPE_GENERALIZED_TIME 37
- struct asn1_data_node_st
- {
- const char *name; /* Node name */
- const void *value; /* Node value */
- unsigned int value_len; /* Node value size */
- unsigned int type; /* Node value type (ASN1_ETYPE_*) */
- };
- typedef struct asn1_data_node_st asn1_data_node_st;
+ struct asn1_data_node_st {
+ const char *name; /* Node name */
+ const void *value; /* Node value */
+ unsigned int value_len; /* Node value size */
+ unsigned int type; /* Node value type (ASN1_ETYPE_*) */
+ };
+ typedef struct asn1_data_node_st asn1_data_node_st;
/***********************************/
- /* Fixed constants */
+ /* Fixed constants */
/***********************************/
- /* maximum number of characters */
- /* of a description message */
- /* (null character included) */
+ /* maximum number of characters */
+ /* of a description message */
+ /* (null character included) */
#define ASN1_MAX_ERROR_DESCRIPTION_SIZE 128
/***********************************/
- /* Functions definitions */
+ /* Functions definitions */
/***********************************/
- extern ASN1_API int
- asn1_parser2tree (const char *file_name,
- asn1_node * definitions, char *errorDescription);
+ extern ASN1_API int
+ asn1_parser2tree(const char *file_name,
+ asn1_node * definitions, char *errorDescription);
- extern ASN1_API int
- asn1_parser2array (const char *inputFileName,
- const char *outputFileName,
- const char *vectorName, char *errorDescription);
+ extern ASN1_API int
+ asn1_parser2array(const char *inputFileName,
+ const char *outputFileName,
+ const char *vectorName, char *errorDescription);
- extern ASN1_API int
- asn1_array2tree (const asn1_static_node * array,
- asn1_node * definitions, char *errorDescription);
+ extern ASN1_API int
+ asn1_array2tree(const asn1_static_node * array,
+ asn1_node * definitions, char *errorDescription);
- extern ASN1_API void
- asn1_print_structure (FILE * out, asn1_node structure,
- const char *name, int mode);
+ extern ASN1_API void
+ asn1_print_structure(FILE * out, asn1_node structure,
+ const char *name, int mode);
- extern ASN1_API int
- asn1_create_element (asn1_node definitions,
- const char *source_name, asn1_node * element);
+ extern ASN1_API int
+ asn1_create_element(asn1_node definitions,
+ const char *source_name, asn1_node * element);
- extern ASN1_API int asn1_delete_structure (asn1_node * structure);
+ extern ASN1_API int asn1_delete_structure(asn1_node * structure);
- extern ASN1_API int
- asn1_delete_element (asn1_node structure, const char *element_name);
+ extern ASN1_API int
+ asn1_delete_element(asn1_node structure,
+ const char *element_name);
- extern ASN1_API int
- asn1_write_value (asn1_node node_root, const char *name,
- const void *ivalue, int len);
+ extern ASN1_API int
+ asn1_write_value(asn1_node node_root, const char *name,
+ const void *ivalue, int len);
- extern ASN1_API int
- asn1_read_value (asn1_node root, const char *name,
- void *ivalue, int *len);
+ extern ASN1_API int
+ asn1_read_value(asn1_node root, const char *name,
+ void *ivalue, int *len);
- extern ASN1_API int
- asn1_read_value_type (asn1_node root, const char *name,
- void *ivalue, int *len, unsigned int* etype);
+ extern ASN1_API int
+ asn1_read_value_type(asn1_node root, const char *name,
+ void *ivalue, int *len, unsigned int *etype);
- extern ASN1_API int
- asn1_read_node_value (asn1_node node, asn1_data_node_st* data);
+ extern ASN1_API int
+ asn1_read_node_value(asn1_node node, asn1_data_node_st * data);
- extern ASN1_API int
- asn1_number_of_elements (asn1_node element, const char *name, int *num);
+ extern ASN1_API int
+ asn1_number_of_elements(asn1_node element, const char *name,
+ int *num);
- extern ASN1_API int
- asn1_der_coding (asn1_node element, const char *name,
- void *ider, int *len, char *ErrorDescription);
+ extern ASN1_API int
+ asn1_der_coding(asn1_node element, const char *name,
+ void *ider, int *len, char *ErrorDescription);
- extern ASN1_API int
- asn1_der_decoding (asn1_node * element, const void *ider,
- int len, char *errorDescription);
+ extern ASN1_API int
+ asn1_der_decoding(asn1_node * element, const void *ider,
+ int len, char *errorDescription);
- extern ASN1_API int
- asn1_der_decoding_element (asn1_node * structure,
- const char *elementName,
- const void *ider, int len,
- char *errorDescription);
+ extern ASN1_API int
+ asn1_der_decoding_element(asn1_node * structure,
+ const char *elementName,
+ const void *ider, int len,
+ char *errorDescription);
- extern ASN1_API int
- asn1_der_decoding_startEnd (asn1_node element,
- const void *ider, int len,
- const char *name_element,
- int *start, int *end);
+ extern ASN1_API int
+ asn1_der_decoding_startEnd(asn1_node element,
+ const void *ider, int len,
+ const char *name_element,
+ int *start, int *end);
- extern ASN1_API int
- asn1_expand_any_defined_by (asn1_node definitions, asn1_node * element);
+ extern ASN1_API int
+ asn1_expand_any_defined_by(asn1_node definitions,
+ asn1_node * element);
- extern ASN1_API int
- asn1_expand_octet_string (asn1_node definitions,
- asn1_node * element,
- const char *octetName, const char *objectName);
+ extern ASN1_API int
+ asn1_expand_octet_string(asn1_node definitions,
+ asn1_node * element,
+ const char *octetName,
+ const char *objectName);
- extern ASN1_API int
- asn1_read_tag (asn1_node root, const char *name,
- int *tagValue, int *classValue);
+ extern ASN1_API int
+ asn1_read_tag(asn1_node root, const char *name,
+ int *tagValue, int *classValue);
- extern ASN1_API const char *asn1_find_structure_from_oid (asn1_node
- definitions,
- const char
- *oidValue);
+ extern ASN1_API const char *asn1_find_structure_from_oid(asn1_node
+ definitions,
+ const char
+ *oidValue);
- extern ASN1_API const char *asn1_check_version (const char *req_version);
+ extern ASN1_API const char *asn1_check_version(const char
+ *req_version);
- extern ASN1_API const char *asn1_strerror (int error);
+ extern ASN1_API const char *asn1_strerror(int error);
- extern ASN1_API void asn1_perror (int error);
+ extern ASN1_API void asn1_perror(int error);
#define ASN1_MAX_TAG_SIZE 4
#define ASN1_MAX_LENGTH_SIZE 9
#define ASN1_MAX_TL_SIZE (ASN1_MAX_TAG_SIZE+ASN1_MAX_LENGTH_SIZE)
- extern ASN1_API long
- asn1_get_length_der (const unsigned char *der, int der_len, int *len);
+ extern ASN1_API long
+ asn1_get_length_der(const unsigned char *der, int der_len,
+ int *len);
- extern ASN1_API long
- asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len);
+ extern ASN1_API long
+ asn1_get_length_ber(const unsigned char *ber, int ber_len,
+ int *len);
- extern ASN1_API void
- asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len);
+ extern ASN1_API void
+ asn1_length_der(unsigned long int len, unsigned char *ans,
+ int *ans_len);
- /* Other utility functions. */
+ /* Other utility functions. */
- extern ASN1_API
- int asn1_decode_simple_der (unsigned int etype, const unsigned char *der, unsigned int der_len,
- const unsigned char **str, unsigned int *str_len);
+ extern ASN1_API
+ int asn1_decode_simple_der(unsigned int etype,
+ const unsigned char *der,
+ unsigned int der_len,
+ const unsigned char **str,
+ unsigned int *str_len);
- extern ASN1_API int
- asn1_encode_simple_der (unsigned int etype, const unsigned char *str, unsigned int str_len,
- unsigned char *tl, unsigned int *tl_len);
+ extern ASN1_API int
+ asn1_encode_simple_der(unsigned int etype,
+ const unsigned char *str,
+ unsigned int str_len, unsigned char *tl,
+ unsigned int *tl_len);
- extern ASN1_API asn1_node
- asn1_find_node (asn1_node pointer, const char *name);
+ extern ASN1_API asn1_node
+ asn1_find_node(asn1_node pointer, const char *name);
- extern ASN1_API int
- asn1_copy_node (asn1_node dst, const char *dst_name,
- asn1_node src, const char *src_name);
+ extern ASN1_API int
+ asn1_copy_node(asn1_node dst, const char *dst_name,
+ asn1_node src, const char *src_name);
- /* Internal and low-level DER utility functions. */
+ /* Internal and low-level DER utility functions. */
- extern ASN1_API int
- asn1_get_tag_der (const unsigned char *der, int der_len,
- unsigned char *cls, int *len, unsigned long *tag);
+ extern ASN1_API int
+ asn1_get_tag_der(const unsigned char *der, int der_len,
+ unsigned char *cls, int *len,
+ unsigned long *tag);
- extern ASN1_API void
- asn1_octet_der (const unsigned char *str, int str_len,
- unsigned char *der, int *der_len);
+ extern ASN1_API void
+ asn1_octet_der(const unsigned char *str, int str_len,
+ unsigned char *der, int *der_len);
- extern ASN1_API int
- asn1_get_octet_der (const unsigned char *der, int der_len,
- int *ret_len, unsigned char *str,
- int str_size, int *str_len);
+ extern ASN1_API int
+ asn1_get_octet_der(const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str,
+ int str_size, int *str_len);
- extern ASN1_API void asn1_bit_der (const unsigned char *str, int bit_len,
- unsigned char *der, int *der_len);
+ extern ASN1_API void asn1_bit_der(const unsigned char *str,
+ int bit_len, unsigned char *der,
+ int *der_len);
- extern ASN1_API int
- asn1_get_bit_der (const unsigned char *der, int der_len,
- int *ret_len, unsigned char *str,
- int str_size, int *bit_len);
+ extern ASN1_API int
+ asn1_get_bit_der(const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str,
+ int str_size, int *bit_len);
/* Compatibility types */
-typedef int asn1_retCode; /* type returned by libtasn1 functions */
+ typedef int asn1_retCode; /* type returned by libtasn1 functions */
#define node_asn_struct asn1_node_st
#define node_asn asn1_node_st
@@ -349,5 +361,4 @@ typedef int asn1_retCode; /* type returned by libtasn1 functions */
#ifdef __cplusplus
}
#endif
-
#endif /* LIBTASN1_H */
diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c
index 50238d2c92..3413dab6f7 100644
--- a/lib/minitasn1/parser_aux.c
+++ b/lib/minitasn1/parser_aux.c
@@ -33,10 +33,9 @@ char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not fou
/* Description: type used in the list during */
/* the structure creation. */
/***********************************************/
-typedef struct list_struct
-{
- asn1_node node;
- struct list_struct *next;
+typedef struct list_struct {
+ asn1_node node;
+ struct list_struct *next;
} list_type;
@@ -52,30 +51,28 @@ list_type *firstElement = NULL;
/* and CONST_ constants). */
/* Return: pointer to the new element. */
/******************************************************/
-asn1_node
-_asn1_add_static_node (unsigned int type)
+asn1_node _asn1_add_static_node(unsigned int type)
{
- list_type *listElement;
- asn1_node punt;
+ list_type *listElement;
+ asn1_node punt;
- punt = calloc (1, sizeof (struct asn1_node_st));
- if (punt == NULL)
- return NULL;
+ punt = calloc(1, sizeof(struct asn1_node_st));
+ if (punt == NULL)
+ return NULL;
- listElement = malloc (sizeof (list_type));
- if (listElement == NULL)
- {
- free (punt);
- return NULL;
- }
+ listElement = malloc(sizeof(list_type));
+ if (listElement == NULL) {
+ free(punt);
+ return NULL;
+ }
- listElement->node = punt;
- listElement->next = firstElement;
- firstElement = listElement;
+ listElement->node = punt;
+ listElement->next = firstElement;
+ firstElement = listElement;
- punt->type = type;
+ punt->type = type;
- return punt;
+ return punt;
}
/**
@@ -90,111 +87,97 @@ _asn1_add_static_node (unsigned int type)
*
* Returns: the search result, or %NULL if not found.
**/
-asn1_node
-asn1_find_node (asn1_node pointer, const char *name)
+asn1_node asn1_find_node(asn1_node pointer, const char *name)
{
- asn1_node p;
- char *n_end, n[ASN1_MAX_NAME_SIZE + 1];
- const char *n_start;
- unsigned int nsize;
- unsigned int nhash;
-
- if (pointer == NULL)
- return NULL;
-
- if (name == NULL)
- return NULL;
-
- p = pointer;
- n_start = name;
-
- if (p->name[0] != 0)
- { /* has *pointer got a name ? */
- n_end = strchr (n_start, '.'); /* search the first dot */
- if (n_end)
- {
- nsize = n_end - n_start;
- memcpy (n, n_start, nsize);
- n[nsize] = 0;
- n_start = n_end;
- n_start++;
-
- nhash = hash_pjw_bare(n, nsize);
- }
- else
- {
- nsize = _asn1_str_cpy (n, sizeof (n), n_start);
- nhash = hash_pjw_bare(n, nsize);
+ asn1_node p;
+ char *n_end, n[ASN1_MAX_NAME_SIZE + 1];
+ const char *n_start;
+ unsigned int nsize;
+ unsigned int nhash;
+
+ if (pointer == NULL)
+ return NULL;
+
+ if (name == NULL)
+ return NULL;
+
+ p = pointer;
+ n_start = name;
+
+ if (p->name[0] != 0) { /* has *pointer got a name ? */
+ n_end = strchr(n_start, '.'); /* search the first dot */
+ if (n_end) {
+ nsize = n_end - n_start;
+ memcpy(n, n_start, nsize);
+ n[nsize] = 0;
+ n_start = n_end;
+ n_start++;
+
+ nhash = hash_pjw_bare(n, nsize);
+ } else {
+ nsize = _asn1_str_cpy(n, sizeof(n), n_start);
+ nhash = hash_pjw_bare(n, nsize);
+
+ n_start = NULL;
+ }
- n_start = NULL;
+ while (p) {
+ if ((p->name) && nhash == p->name_hash
+ && (!strcmp(p->name, n)))
+ break;
+ else
+ p = p->right;
+ } /* while */
+
+ if (p == NULL)
+ return NULL;
+ } else { /* *pointer doesn't have a name */
+ if (n_start[0] == 0)
+ return p;
}
- while (p)
- {
- if ((p->name) && nhash == p->name_hash && (!strcmp (p->name, n)))
- break;
- else
- p = p->right;
+ while (n_start) { /* Has the end of NAME been reached? */
+ n_end = strchr(n_start, '.'); /* search the next dot */
+ if (n_end) {
+ nsize = n_end - n_start;
+ memcpy(n, n_start, nsize);
+ n[nsize] = 0;
+ n_start = n_end;
+ n_start++;
+
+ nhash = hash_pjw_bare(n, nsize);
+ } else {
+ nsize = _asn1_str_cpy(n, sizeof(n), n_start);
+ nhash = hash_pjw_bare(n, nsize);
+ n_start = NULL;
+ }
+
+ if (p->down == NULL)
+ return NULL;
+
+ p = p->down;
+
+ /* The identifier "?LAST" indicates the last element
+ in the right chain. */
+ if (!strcmp(n, "?LAST")) {
+ if (p == NULL)
+ return NULL;
+ while (p->right)
+ p = p->right;
+ } else { /* no "?LAST" */
+ while (p) {
+ if (p->name_hash == nhash
+ && !strcmp(p->name, n))
+ break;
+ else
+ p = p->right;
+ }
+ if (p == NULL)
+ return NULL;
+ }
} /* while */
- if (p == NULL)
- return NULL;
- }
- else
- { /* *pointer doesn't have a name */
- if (n_start[0] == 0)
return p;
- }
-
- while (n_start)
- { /* Has the end of NAME been reached? */
- n_end = strchr (n_start, '.'); /* search the next dot */
- if (n_end)
- {
- nsize = n_end - n_start;
- memcpy (n, n_start, nsize);
- n[nsize] = 0;
- n_start = n_end;
- n_start++;
-
- nhash = hash_pjw_bare(n, nsize);
- }
- else
- {
- nsize = _asn1_str_cpy (n, sizeof (n), n_start);
- nhash = hash_pjw_bare(n, nsize);
- n_start = NULL;
- }
-
- if (p->down == NULL)
- return NULL;
-
- p = p->down;
-
- /* The identifier "?LAST" indicates the last element
- in the right chain. */
- if (!strcmp (n, "?LAST"))
- {
- if (p == NULL)
- return NULL;
- while (p->right)
- p = p->right;
- }
- else
- { /* no "?LAST" */
- while (p)
- {
- if (p->name_hash == nhash && !strcmp (p->name, n))
- break;
- else
- p = p->right;
- }
- if (p == NULL)
- return NULL;
- }
- } /* while */
-
- return p;
}
@@ -209,35 +192,31 @@ asn1_find_node (asn1_node pointer, const char *name)
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
asn1_node
-_asn1_set_value (asn1_node node, const void *value, unsigned int len)
+_asn1_set_value(asn1_node node, const void *value, unsigned int len)
{
- if (node == NULL)
- return node;
- if (node->value)
- {
- if (node->value != node->small_value)
- free (node->value);
- node->value = NULL;
- node->value_len = 0;
- }
-
- if (!len)
- return node;
-
- if (len < sizeof (node->small_value))
- {
- node->value = node->small_value;
- }
- else
- {
- node->value = malloc (len);
- if (node->value == NULL)
- return NULL;
- }
- node->value_len = len;
-
- memcpy (node->value, value, len);
- return node;
+ if (node == NULL)
+ return node;
+ if (node->value) {
+ if (node->value != node->small_value)
+ free(node->value);
+ node->value = NULL;
+ node->value_len = 0;
+ }
+
+ if (!len)
+ return node;
+
+ if (len < sizeof(node->small_value)) {
+ node->value = node->small_value;
+ } else {
+ node->value = malloc(len);
+ if (node->value == NULL)
+ return NULL;
+ }
+ node->value_len = len;
+
+ memcpy(node->value, value, len);
+ return node;
}
/******************************************************************/
@@ -252,47 +231,45 @@ _asn1_set_value (asn1_node node, const void *value, unsigned int len)
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
asn1_node
-_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len)
+_asn1_set_value_lv(asn1_node node, const void *value, unsigned int len)
{
- int len2;
- void *temp;
+ int len2;
+ void *temp;
- if (node == NULL)
- return node;
+ if (node == NULL)
+ return node;
- asn1_length_der (len, NULL, &len2);
- temp = malloc (len + len2);
- if (temp == NULL)
- return NULL;
+ asn1_length_der(len, NULL, &len2);
+ temp = malloc(len + len2);
+ if (temp == NULL)
+ return NULL;
- asn1_octet_der (value, len, temp, &len2);
- return _asn1_set_value_m (node, temp, len2);
+ asn1_octet_der(value, len, temp, &len2);
+ return _asn1_set_value_m(node, temp, len2);
}
/* the same as _asn1_set_value except that it sets an already malloc'ed
* value.
*/
-asn1_node
-_asn1_set_value_m (asn1_node node, void *value, unsigned int len)
+asn1_node _asn1_set_value_m(asn1_node node, void *value, unsigned int len)
{
- if (node == NULL)
- return node;
-
- if (node->value)
- {
- if (node->value != node->small_value)
- free (node->value);
- node->value = NULL;
- node->value_len = 0;
- }
+ if (node == NULL)
+ return node;
+
+ if (node->value) {
+ if (node->value != node->small_value)
+ free(node->value);
+ node->value = NULL;
+ node->value_len = 0;
+ }
- if (!len)
- return node;
+ if (!len)
+ return node;
- node->value = value;
- node->value_len = len;
+ node->value = value;
+ node->value_len = len;
- return node;
+ return node;
}
/******************************************************************/
@@ -306,43 +283,37 @@ _asn1_set_value_m (asn1_node node, void *value, unsigned int len)
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
asn1_node
-_asn1_append_value (asn1_node node, const void *value, unsigned int len)
+_asn1_append_value(asn1_node node, const void *value, unsigned int len)
{
- if (node == NULL)
- return node;
- if (node->value != NULL && node->value != node->small_value)
- {
- /* value is allocated */
- int prev_len = node->value_len;
- node->value_len += len;
- node->value = realloc (node->value, node->value_len);
- if (node->value == NULL)
- {
- node->value_len = 0;
- return NULL;
- }
- memcpy (&node->value[prev_len], value, len);
-
- return node;
- }
- else if (node->value == node->small_value)
- {
- /* value is in node */
- int prev_len = node->value_len;
- node->value_len += len;
- node->value = malloc (node->value_len);
- if (node->value == NULL)
- {
- node->value_len = 0;
- return NULL;
- }
- memcpy (node->value, node->small_value, prev_len);
- memcpy (&node->value[prev_len], value, len);
+ if (node == NULL)
+ return node;
+ if (node->value != NULL && node->value != node->small_value) {
+ /* value is allocated */
+ int prev_len = node->value_len;
+ node->value_len += len;
+ node->value = realloc(node->value, node->value_len);
+ if (node->value == NULL) {
+ node->value_len = 0;
+ return NULL;
+ }
+ memcpy(&node->value[prev_len], value, len);
+
+ return node;
+ } else if (node->value == node->small_value) {
+ /* value is in node */
+ int prev_len = node->value_len;
+ node->value_len += len;
+ node->value = malloc(node->value_len);
+ if (node->value == NULL) {
+ node->value_len = 0;
+ return NULL;
+ }
+ memcpy(node->value, node->small_value, prev_len);
+ memcpy(&node->value[prev_len], value, len);
- return node;
- }
- else /* node->value == NULL */
- return _asn1_set_value (node, value, len);
+ return node;
+ } else /* node->value == NULL */
+ return _asn1_set_value(node, value, len);
}
/******************************************************************/
@@ -355,25 +326,23 @@ _asn1_append_value (asn1_node node, const void *value, unsigned int len)
/* to set. */
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
-asn1_node
-_asn1_set_name (asn1_node node, const char *name)
+asn1_node _asn1_set_name(asn1_node node, const char *name)
{
-unsigned int nsize;
+ unsigned int nsize;
- if (node == NULL)
- return node;
+ if (node == NULL)
+ return node;
- if (name == NULL)
- {
- node->name[0] = 0;
- node->name_hash = hash_pjw_bare(node->name, 0);
- return node;
- }
+ if (name == NULL) {
+ node->name[0] = 0;
+ node->name_hash = hash_pjw_bare(node->name, 0);
+ return node;
+ }
- nsize = _asn1_str_cpy (node->name, sizeof (node->name), name);
- node->name_hash = hash_pjw_bare(node->name, nsize);
+ nsize = _asn1_str_cpy(node->name, sizeof(node->name), name);
+ node->name_hash = hash_pjw_bare(node->name, nsize);
- return node;
+ return node;
}
/******************************************************************/
@@ -384,23 +353,21 @@ unsigned int nsize;
/* src: a source element pointer. */
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
-asn1_node
-_asn1_cpy_name (asn1_node dst, asn1_node src)
+asn1_node _asn1_cpy_name(asn1_node dst, asn1_node src)
{
- if (dst == NULL)
- return dst;
+ if (dst == NULL)
+ return dst;
- if (src == NULL)
- {
- dst->name[0] = 0;
- dst->name_hash = hash_pjw_bare(dst->name, 0);
- return dst;
- }
+ if (src == NULL) {
+ dst->name[0] = 0;
+ dst->name_hash = hash_pjw_bare(dst->name, 0);
+ return dst;
+ }
- _asn1_str_cpy (dst->name, sizeof (dst->name), src->name);
- dst->name_hash = src->name_hash;
+ _asn1_str_cpy(dst->name, sizeof(dst->name), src->name);
+ dst->name_hash = src->name_hash;
- return dst;
+ return dst;
}
/******************************************************************/
@@ -412,15 +379,14 @@ _asn1_cpy_name (asn1_node dst, asn1_node src)
/* by NODE. */
/* Return: pointer to *NODE. */
/******************************************************************/
-asn1_node
-_asn1_set_right (asn1_node node, asn1_node right)
+asn1_node _asn1_set_right(asn1_node node, asn1_node right)
{
- if (node == NULL)
- return node;
- node->right = right;
- if (right)
- right->left = node;
- return node;
+ if (node == NULL)
+ return node;
+ node->right = right;
+ if (right)
+ right->left = node;
+ return node;
}
@@ -431,17 +397,16 @@ _asn1_set_right (asn1_node node, asn1_node right)
/* node: starting element pointer. */
/* Return: pointer to the last element along the right chain. */
/******************************************************************/
-asn1_node
-_asn1_get_last_right (asn1_node node)
+asn1_node _asn1_get_last_right(asn1_node node)
{
- asn1_node p;
-
- if (node == NULL)
- return NULL;
- p = node;
- while (p->right)
- p = p->right;
- return p;
+ asn1_node p;
+
+ if (node == NULL)
+ return NULL;
+ p = node;
+ while (p->right)
+ p = p->right;
+ return p;
}
/******************************************************************/
@@ -451,15 +416,14 @@ _asn1_get_last_right (asn1_node node)
/* Parameters: */
/* node: NODE_ASN element pointer. */
/******************************************************************/
-void
-_asn1_remove_node (asn1_node node)
+void _asn1_remove_node(asn1_node node)
{
- if (node == NULL)
- return;
+ if (node == NULL)
+ return;
- if (node->value != NULL && node->value != node->small_value)
- free (node->value);
- free (node);
+ if (node->value != NULL && node->value != node->small_value)
+ free(node->value);
+ free(node);
}
/******************************************************************/
@@ -469,20 +433,19 @@ _asn1_remove_node (asn1_node node)
/* node: NODE_ASN element pointer. */
/* Return: Null if not found. */
/******************************************************************/
-asn1_node
-_asn1_find_up (asn1_node node)
+asn1_node _asn1_find_up(asn1_node node)
{
- asn1_node p;
+ asn1_node p;
- if (node == NULL)
- return NULL;
+ if (node == NULL)
+ return NULL;
- p = node;
+ p = node;
- while ((p->left != NULL) && (p->left->right == p))
- p = p->left;
+ while ((p->left != NULL) && (p->left->right == p))
+ p = p->left;
- return p->left;
+ return p->left;
}
/******************************************************************/
@@ -490,17 +453,15 @@ _asn1_find_up (asn1_node node)
/* Description: deletes the list elements (not the elements */
/* pointed by them). */
/******************************************************************/
-void
-_asn1_delete_list (void)
+void _asn1_delete_list(void)
{
- list_type *listElement;
-
- while (firstElement)
- {
- listElement = firstElement;
- firstElement = firstElement->next;
- free (listElement);
- }
+ list_type *listElement;
+
+ while (firstElement) {
+ listElement = firstElement;
+ firstElement = firstElement->next;
+ free(listElement);
+ }
}
/******************************************************************/
@@ -508,52 +469,46 @@ _asn1_delete_list (void)
/* Description: deletes the list elements and the elements */
/* pointed by them. */
/******************************************************************/
-void
-_asn1_delete_list_and_nodes (void)
+void _asn1_delete_list_and_nodes(void)
{
- list_type *listElement;
-
- while (firstElement)
- {
- listElement = firstElement;
- firstElement = firstElement->next;
- _asn1_remove_node (listElement->node);
- free (listElement);
- }
+ list_type *listElement;
+
+ while (firstElement) {
+ listElement = firstElement;
+ firstElement = firstElement->next;
+ _asn1_remove_node(listElement->node);
+ free(listElement);
+ }
}
-char *
-_asn1_ltostr (long v, char *str)
+char *_asn1_ltostr(long v, char *str)
{
- long d, r;
- char temp[20];
- int count, k, start;
-
- if (v < 0)
- {
- str[0] = '-';
- start = 1;
- v = -v;
- }
- else
- start = 0;
-
- count = 0;
- do
- {
- d = v / 10;
- r = v - d * 10;
- temp[start + count] = '0' + (char) r;
- count++;
- v = d;
- }
- while (v);
-
- for (k = 0; k < count; k++)
- str[k + start] = temp[start + count - k - 1];
- str[count + start] = 0;
- return str;
+ long d, r;
+ char temp[20];
+ int count, k, start;
+
+ if (v < 0) {
+ str[0] = '-';
+ start = 1;
+ v = -v;
+ } else
+ start = 0;
+
+ count = 0;
+ do {
+ d = v / 10;
+ r = v - d * 10;
+ temp[start + count] = '0' + (char) r;
+ count++;
+ v = d;
+ }
+ while (v);
+
+ for (k = 0; k < count; k++)
+ str[k + start] = temp[start + count - k - 1];
+ str[count + start] = 0;
+ return str;
}
@@ -567,61 +522,52 @@ _asn1_ltostr (long v, char *str)
/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_change_integer_value (asn1_node node)
+int _asn1_change_integer_value(asn1_node node)
{
- asn1_node p;
- unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
- unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1];
- int len;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- while (p)
- {
- if ((type_field (p->type) == ASN1_ETYPE_INTEGER) && (p->type & CONST_ASSIGN))
- {
- if (p->value)
- {
- _asn1_convert_integer (p->value, val, sizeof (val), &len);
- asn1_octet_der (val, len, val2, &len);
- _asn1_set_value (p, val2, len);
- }
- }
+ asn1_node p;
+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
+ unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1];
+ int len;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p) {
+ if ((type_field(p->type) == ASN1_ETYPE_INTEGER)
+ && (p->type & CONST_ASSIGN)) {
+ if (p->value) {
+ _asn1_convert_integer(p->value, val,
+ sizeof(val), &len);
+ asn1_octet_der(val, len, val2, &len);
+ _asn1_set_value(p, val2, len);
+ }
+ }
- if (p->down)
- {
- p = p->down;
- }
- else
- {
- if (p == node)
- p = NULL;
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == node)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
- }
+ if (p->down) {
+ p = p->down;
+ } else {
+ if (p == node)
+ p = NULL;
+ else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == node) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
+ }
}
- }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -634,176 +580,217 @@ _asn1_change_integer_value (asn1_node node)
/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_expand_object_id (asn1_node node)
+int _asn1_expand_object_id(asn1_node node)
{
- asn1_node p, p2, p3, p4, p5;
- char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1];
- int move, tlen;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- _asn1_str_cpy (name_root, sizeof (name_root), node->name);
-
- p = node;
- move = DOWN;
-
- while (!((p == node) && (move == UP)))
- {
- if (move != UP)
- {
- if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID)
- && (p->type & CONST_ASSIGN))
- {
- p2 = p->down;
- if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT))
- {
- if (p2->value && !isdigit (p2->value[0]))
- {
- _asn1_str_cpy (name2, sizeof (name2), name_root);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2),
- (char *) p2->value);
- p3 = asn1_find_node (node, name2);
- if (!p3 || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
- !(p3->type & CONST_ASSIGN))
- return ASN1_ELEMENT_NOT_FOUND;
- _asn1_set_down (p, p2->right);
- _asn1_remove_node (p2);
- p2 = p;
- p4 = p3->down;
- while (p4)
- {
- if (type_field (p4->type) == ASN1_ETYPE_CONSTANT)
- {
- p5 = _asn1_add_single_node (ASN1_ETYPE_CONSTANT);
- _asn1_set_name (p5, p4->name);
- tlen = _asn1_strlen (p4->value);
- if (tlen > 0)
- _asn1_set_value (p5, p4->value, tlen + 1);
- if (p2 == p)
- {
- _asn1_set_right (p5, p->down);
- _asn1_set_down (p, p5);
- }
- else
- {
- _asn1_set_right (p5, p2->right);
- _asn1_set_right (p2, p5);
+ asn1_node p, p2, p3, p4, p5;
+ char name_root[ASN1_MAX_NAME_SIZE],
+ name2[2 * ASN1_MAX_NAME_SIZE + 1];
+ int move, tlen;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ _asn1_str_cpy(name_root, sizeof(name_root), node->name);
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP))) {
+ if (move != UP) {
+ if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID)
+ && (p->type & CONST_ASSIGN)) {
+ p2 = p->down;
+ if (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_CONSTANT)) {
+ if (p2->value
+ && !isdigit(p2->value[0])) {
+ _asn1_str_cpy(name2,
+ sizeof
+ (name2),
+ name_root);
+ _asn1_str_cat(name2,
+ sizeof
+ (name2),
+ ".");
+ _asn1_str_cat(name2,
+ sizeof
+ (name2),
+ (char *) p2->
+ value);
+ p3 = asn1_find_node(node,
+ name2);
+ if (!p3
+ ||
+ (type_field(p3->type)
+ !=
+ ASN1_ETYPE_OBJECT_ID)
+ || !(p3->
+ type &
+ CONST_ASSIGN))
+ return
+ ASN1_ELEMENT_NOT_FOUND;
+ _asn1_set_down(p,
+ p2->right);
+ _asn1_remove_node(p2);
+ p2 = p;
+ p4 = p3->down;
+ while (p4) {
+ if (type_field
+ (p4->type) ==
+ ASN1_ETYPE_CONSTANT)
+ {
+ p5 = _asn1_add_single_node(ASN1_ETYPE_CONSTANT);
+ _asn1_set_name
+ (p5,
+ p4->
+ name);
+ tlen =
+ _asn1_strlen
+ (p4->
+ value);
+ if (tlen >
+ 0)
+ _asn1_set_value
+ (p5,
+ p4->
+ value,
+ tlen
+ +
+ 1);
+ if (p2 ==
+ p) {
+ _asn1_set_right
+ (p5,
+ p->
+ down);
+ _asn1_set_down
+ (p,
+ p5);
+ } else {
+ _asn1_set_right
+ (p5,
+ p2->
+ right);
+ _asn1_set_right
+ (p2,
+ p5);
+ }
+ p2 = p5;
+ }
+ p4 = p4->right;
+ }
+ move = DOWN;
+ continue;
+ }
}
- p2 = p5;
- }
- p4 = p4->right;
}
- move = DOWN;
- continue;
- }
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (p == node)
- {
- move = UP;
- continue;
- }
+ if (p == node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
/*******************************/
- /* expand DEFAULT */
+ /* expand DEFAULT */
/*******************************/
- p = node;
- move = DOWN;
-
- while (!((p == node) && (move == UP)))
- {
- if (move != UP)
- {
- if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p->type & CONST_DEFAULT))
- {
- p2 = p->down;
- if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
- {
- _asn1_str_cpy (name2, sizeof (name2), name_root);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
- p3 = asn1_find_node (node, name2);
- if (!p3 || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
- !(p3->type & CONST_ASSIGN))
- return ASN1_ELEMENT_NOT_FOUND;
- p4 = p3->down;
- name2[0] = 0;
- while (p4)
- {
- if (type_field (p4->type) == ASN1_ETYPE_CONSTANT)
- {
- if (name2[0])
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2),
- (char *) p4->value);
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP))) {
+ if (move != UP) {
+ if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID)
+ && (p->type & CONST_DEFAULT)) {
+ p2 = p->down;
+ if (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_DEFAULT)) {
+ _asn1_str_cpy(name2, sizeof(name2),
+ name_root);
+ _asn1_str_cat(name2, sizeof(name2),
+ ".");
+ _asn1_str_cat(name2, sizeof(name2),
+ (char *) p2->value);
+ p3 = asn1_find_node(node, name2);
+ if (!p3
+ || (type_field(p3->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || !(p3->type & CONST_ASSIGN))
+ return
+ ASN1_ELEMENT_NOT_FOUND;
+ p4 = p3->down;
+ name2[0] = 0;
+ while (p4) {
+ if (type_field(p4->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ if (name2[0])
+ _asn1_str_cat
+ (name2,
+ sizeof
+ (name2),
+ ".");
+ _asn1_str_cat
+ (name2,
+ sizeof(name2),
+ (char *) p4->
+ value);
+ }
+ p4 = p4->right;
+ }
+ tlen = strlen(name2);
+ if (tlen > 0)
+ _asn1_set_value(p2, name2,
+ tlen + 1);
+ }
}
- p4 = p4->right;
- }
- tlen = strlen (name2);
- if (tlen > 0)
- _asn1_set_value (p2, name2, tlen + 1);
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (p == node)
- {
- move = UP;
- continue;
- }
+ if (p == node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -817,63 +804,57 @@ _asn1_expand_object_id (asn1_node node)
/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_type_set_config (asn1_node node)
+int _asn1_type_set_config(asn1_node node)
{
- asn1_node p, p2;
- int move;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- move = DOWN;
-
- while (!((p == node) && (move == UP)))
- {
- if (move != UP)
- {
- if (type_field (p->type) == ASN1_ETYPE_SET)
- {
- p2 = p->down;
- while (p2)
- {
- if (type_field (p2->type) != ASN1_ETYPE_TAG)
- p2->type |= CONST_SET | CONST_NOT_USED;
- p2 = p2->right;
+ asn1_node p, p2;
+ int move;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP))) {
+ if (move != UP) {
+ if (type_field(p->type) == ASN1_ETYPE_SET) {
+ p2 = p->down;
+ while (p2) {
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_TAG)
+ p2->type |=
+ CONST_SET |
+ CONST_NOT_USED;
+ p2 = p2->right;
+ }
+ }
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (p == node)
- {
- move = UP;
- continue;
- }
+ if (p == node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -890,99 +871,105 @@ _asn1_type_set_config (asn1_node node)
/* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_check_identifier (asn1_node node)
+int _asn1_check_identifier(asn1_node node)
{
- asn1_node p, p2;
- char name2[ASN1_MAX_NAME_SIZE * 2 + 2];
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_IDENTIFIER)
- {
- _asn1_str_cpy (name2, sizeof (name2), node->name);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p->value);
- p2 = asn1_find_node (node, name2);
- if (p2 == NULL)
- {
- if (p->value)
- _asn1_strcpy (_asn1_identifierMissing, p->value);
- else
- _asn1_strcpy (_asn1_identifierMissing, "(null)");
- return ASN1_IDENTIFIER_NOT_FOUND;
- }
- }
- else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p->type & CONST_DEFAULT))
- {
- p2 = p->down;
- if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
- {
- _asn1_str_cpy (name2, sizeof (name2), node->name);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
- _asn1_strcpy (_asn1_identifierMissing, p2->value);
- p2 = asn1_find_node (node, name2);
- if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
- !(p2->type & CONST_ASSIGN))
- return ASN1_IDENTIFIER_NOT_FOUND;
- else
- _asn1_identifierMissing[0] = 0;
- }
- }
- else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p->type & CONST_ASSIGN))
- {
- p2 = p->down;
- if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT))
- {
- if (p2->value && !isdigit (p2->value[0]))
- {
- _asn1_str_cpy (name2, sizeof (name2), node->name);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
- _asn1_strcpy (_asn1_identifierMissing, p2->value);
- p2 = asn1_find_node (node, name2);
- if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
- !(p2->type & CONST_ASSIGN))
- return ASN1_IDENTIFIER_NOT_FOUND;
- else
- _asn1_identifierMissing[0] = 0;
+ asn1_node p, p2;
+ char name2[ASN1_MAX_NAME_SIZE * 2 + 2];
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p) {
+ if (type_field(p->type) == ASN1_ETYPE_IDENTIFIER) {
+ _asn1_str_cpy(name2, sizeof(name2), node->name);
+ _asn1_str_cat(name2, sizeof(name2), ".");
+ _asn1_str_cat(name2, sizeof(name2),
+ (char *) p->value);
+ p2 = asn1_find_node(node, name2);
+ if (p2 == NULL) {
+ if (p->value)
+ _asn1_strcpy
+ (_asn1_identifierMissing,
+ p->value);
+ else
+ _asn1_strcpy
+ (_asn1_identifierMissing,
+ "(null)");
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ }
+ } else if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_DEFAULT)) {
+ p2 = p->down;
+ if (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_DEFAULT)) {
+ _asn1_str_cpy(name2, sizeof(name2),
+ node->name);
+ _asn1_str_cat(name2, sizeof(name2), ".");
+ _asn1_str_cat(name2, sizeof(name2),
+ (char *) p2->value);
+ _asn1_strcpy(_asn1_identifierMissing,
+ p2->value);
+ p2 = asn1_find_node(node, name2);
+ if (!p2
+ || (type_field(p2->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || !(p2->type & CONST_ASSIGN))
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ else
+ _asn1_identifierMissing[0] = 0;
+ }
+ } else if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_ASSIGN)) {
+ p2 = p->down;
+ if (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_CONSTANT)) {
+ if (p2->value && !isdigit(p2->value[0])) {
+ _asn1_str_cpy(name2, sizeof(name2),
+ node->name);
+ _asn1_str_cat(name2, sizeof(name2),
+ ".");
+ _asn1_str_cat(name2, sizeof(name2),
+ (char *) p2->value);
+ _asn1_strcpy
+ (_asn1_identifierMissing,
+ p2->value);
+ p2 = asn1_find_node(node, name2);
+ if (!p2
+ || (type_field(p2->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || !(p2->type & CONST_ASSIGN))
+ return
+ ASN1_IDENTIFIER_NOT_FOUND;
+ else
+ _asn1_identifierMissing[0]
+ = 0;
+ }
+ }
}
- }
- }
- if (p->down)
- {
- p = p->down;
- }
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == node)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
+ if (p->down) {
+ p = p->down;
+ } else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == node) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -997,50 +984,43 @@ _asn1_check_identifier (asn1_node node)
/* a DEFINITIONS element, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_set_default_tag (asn1_node node)
+int _asn1_set_default_tag(asn1_node node)
{
- asn1_node p;
-
- if ((node == NULL) || (type_field (node->type) != ASN1_ETYPE_DEFINITIONS))
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- while (p)
- {
- if ((type_field (p->type) == ASN1_ETYPE_TAG) &&
- !(p->type & CONST_EXPLICIT) && !(p->type & CONST_IMPLICIT))
- {
- if (node->type & CONST_EXPLICIT)
- p->type |= CONST_EXPLICIT;
- else
- p->type |= CONST_IMPLICIT;
- }
-
- if (p->down)
- {
- p = p->down;
- }
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == node)
- {
- p = NULL;
- break;
+ asn1_node p;
+
+ if ((node == NULL)
+ || (type_field(node->type) != ASN1_ETYPE_DEFINITIONS))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p) {
+ if ((type_field(p->type) == ASN1_ETYPE_TAG) &&
+ !(p->type & CONST_EXPLICIT)
+ && !(p->type & CONST_IMPLICIT)) {
+ if (node->type & CONST_EXPLICIT)
+ p->type |= CONST_EXPLICIT;
+ else
+ p->type |= CONST_IMPLICIT;
}
- if (p->right)
- {
- p = p->right;
- break;
+
+ if (p->down) {
+ p = p->down;
+ } else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == node) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
diff --git a/lib/minitasn1/parser_aux.h b/lib/minitasn1/parser_aux.h
index f270b73595..8b5e6c79bc 100644
--- a/lib/minitasn1/parser_aux.h
+++ b/lib/minitasn1/parser_aux.h
@@ -27,46 +27,46 @@
/***************************************/
/* Functions used by ASN.1 parser */
/***************************************/
-asn1_node _asn1_add_static_node (unsigned int type);
+asn1_node _asn1_add_static_node(unsigned int type);
asn1_node
-_asn1_set_value (asn1_node node, const void *value, unsigned int len);
+_asn1_set_value(asn1_node node, const void *value, unsigned int len);
-asn1_node _asn1_set_value_m (asn1_node node, void *value, unsigned int len);
+asn1_node _asn1_set_value_m(asn1_node node, void *value, unsigned int len);
asn1_node
-_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len);
+_asn1_set_value_lv(asn1_node node, const void *value, unsigned int len);
asn1_node
-_asn1_append_value (asn1_node node, const void *value, unsigned int len);
+_asn1_append_value(asn1_node node, const void *value, unsigned int len);
-asn1_node _asn1_set_name (asn1_node node, const char *name);
+asn1_node _asn1_set_name(asn1_node node, const char *name);
-asn1_node _asn1_cpy_name (asn1_node dst, asn1_node src);
+asn1_node _asn1_cpy_name(asn1_node dst, asn1_node src);
-asn1_node _asn1_set_right (asn1_node node, asn1_node right);
+asn1_node _asn1_set_right(asn1_node node, asn1_node right);
-asn1_node _asn1_get_last_right (asn1_node node);
+asn1_node _asn1_get_last_right(asn1_node node);
-void _asn1_remove_node (asn1_node node);
+void _asn1_remove_node(asn1_node node);
-void _asn1_delete_list (void);
+void _asn1_delete_list(void);
-void _asn1_delete_list_and_nodes (void);
+void _asn1_delete_list_and_nodes(void);
-char *_asn1_ltostr (long v, char *str);
+char *_asn1_ltostr(long v, char *str);
-asn1_node _asn1_find_up (asn1_node node);
+asn1_node _asn1_find_up(asn1_node node);
-int _asn1_change_integer_value (asn1_node node);
+int _asn1_change_integer_value(asn1_node node);
-int _asn1_expand_object_id (asn1_node node);
+int _asn1_expand_object_id(asn1_node node);
-int _asn1_type_set_config (asn1_node node);
+int _asn1_type_set_config(asn1_node node);
-int _asn1_check_identifier (asn1_node node);
+int _asn1_check_identifier(asn1_node node);
-int _asn1_set_default_tag (asn1_node node);
+int _asn1_set_default_tag(asn1_node node);
/******************************************************************/
/* Function : _asn1_get_right */
@@ -76,12 +76,11 @@ int _asn1_set_default_tag (asn1_node node);
/* node: NODE_ASN element pointer. */
/* Return: field RIGHT of NODE. */
/******************************************************************/
-inline static asn1_node
-_asn1_get_right (asn1_node node)
+inline static asn1_node _asn1_get_right(asn1_node node)
{
- if (node == NULL)
- return NULL;
- return node->right;
+ if (node == NULL)
+ return NULL;
+ return node->right;
}
/******************************************************************/
@@ -93,15 +92,14 @@ _asn1_get_right (asn1_node node)
/* by NODE. */
/* Return: pointer to *NODE. */
/******************************************************************/
-inline static asn1_node
-_asn1_set_down (asn1_node node, asn1_node down)
+inline static asn1_node _asn1_set_down(asn1_node node, asn1_node down)
{
- if (node == NULL)
- return node;
- node->down = down;
- if (down)
- down->left = node;
- return node;
+ if (node == NULL)
+ return node;
+ node->down = down;
+ if (down)
+ down->left = node;
+ return node;
}
/******************************************************************/
@@ -112,12 +110,11 @@ _asn1_set_down (asn1_node node, asn1_node down)
/* node: NODE_ASN element pointer. */
/* Return: field DOWN of NODE. */
/******************************************************************/
-inline static asn1_node
-_asn1_get_down (asn1_node node)
+inline static asn1_node _asn1_get_down(asn1_node node)
{
- if (node == NULL)
- return NULL;
- return node->down;
+ if (node == NULL)
+ return NULL;
+ return node->down;
}
/******************************************************************/
@@ -127,12 +124,11 @@ _asn1_get_down (asn1_node node)
/* node: NODE_ASN element pointer. */
/* Return: a null terminated string. */
/******************************************************************/
-inline static char *
-_asn1_get_name (asn1_node node)
+inline static char *_asn1_get_name(asn1_node node)
{
- if (node == NULL)
- return NULL;
- return node->name;
+ if (node == NULL)
+ return NULL;
+ return node->name;
}
/******************************************************************/
@@ -146,13 +142,12 @@ _asn1_get_name (asn1_node node)
/* value of field TYPE. */
/* Return: NODE pointer. */
/******************************************************************/
-inline static asn1_node
-_asn1_mod_type (asn1_node node, unsigned int value)
+inline static asn1_node _asn1_mod_type(asn1_node node, unsigned int value)
{
- if (node == NULL)
- return node;
- node->type |= value;
- return node;
+ if (node == NULL)
+ return node;
+ node->type |= value;
+ return node;
}
#endif
diff --git a/lib/minitasn1/structure.c b/lib/minitasn1/structure.c
index 31a5f654bb..567c5cec67 100644
--- a/lib/minitasn1/structure.c
+++ b/lib/minitasn1/structure.c
@@ -44,18 +44,17 @@ extern char _asn1_identifierMissing[];
/* and CONST_ constants). */
/* Return: pointer to the new element. */
/******************************************************/
-asn1_node
-_asn1_add_single_node (unsigned int type)
+asn1_node _asn1_add_single_node(unsigned int type)
{
- asn1_node punt;
+ asn1_node punt;
- punt = calloc (1, sizeof (struct asn1_node_st));
- if (punt == NULL)
- return NULL;
+ punt = calloc(1, sizeof(struct asn1_node_st));
+ if (punt == NULL)
+ return NULL;
- punt->type = type;
+ punt->type = type;
- return punt;
+ return punt;
}
@@ -67,93 +66,84 @@ _asn1_add_single_node (unsigned int type)
/* node: NODE_ASN element pointer. */
/* Return: NULL if not found. */
/******************************************************************/
-asn1_node
-_asn1_find_left (asn1_node node)
+asn1_node _asn1_find_left(asn1_node node)
{
- if ((node == NULL) || (node->left == NULL) || (node->left->down == node))
- return NULL;
+ if ((node == NULL) || (node->left == NULL)
+ || (node->left->down == node))
+ return NULL;
- return node->left;
+ return node->left;
}
int
-_asn1_create_static_structure (asn1_node pointer, char *output_file_name,
- char *vector_name)
+_asn1_create_static_structure(asn1_node pointer, char *output_file_name,
+ char *vector_name)
{
- FILE *file;
- asn1_node p;
- unsigned long t;
+ FILE *file;
+ asn1_node p;
+ unsigned long t;
- file = fopen (output_file_name, "w");
+ file = fopen(output_file_name, "w");
- if (file == NULL)
- return ASN1_FILE_NOT_FOUND;
+ if (file == NULL)
+ return ASN1_FILE_NOT_FOUND;
- fprintf (file, "#if HAVE_CONFIG_H\n");
- fprintf (file, "# include \"config.h\"\n");
- fprintf (file, "#endif\n\n");
+ fprintf(file, "#if HAVE_CONFIG_H\n");
+ fprintf(file, "# include \"config.h\"\n");
+ fprintf(file, "#endif\n\n");
- fprintf (file, "#include <libtasn1.h>\n\n");
+ fprintf(file, "#include <libtasn1.h>\n\n");
- fprintf (file, "const asn1_static_node %s[] = {\n", vector_name);
+ fprintf(file, "const asn1_static_node %s[] = {\n", vector_name);
- p = pointer;
+ p = pointer;
- while (p)
- {
- fprintf (file, " { ");
+ while (p) {
+ fprintf(file, " { ");
- if (p->name[0] != 0)
- fprintf (file, "\"%s\", ", p->name);
- else
- fprintf (file, "NULL, ");
+ if (p->name[0] != 0)
+ fprintf(file, "\"%s\", ", p->name);
+ else
+ fprintf(file, "NULL, ");
- t = p->type;
- if (p->down)
- t |= CONST_DOWN;
- if (p->right)
- t |= CONST_RIGHT;
+ t = p->type;
+ if (p->down)
+ t |= CONST_DOWN;
+ if (p->right)
+ t |= CONST_RIGHT;
- fprintf (file, "%lu, ", t);
+ fprintf(file, "%lu, ", t);
- if (p->value)
- fprintf (file, "\"%s\"},\n", p->value);
- else
- fprintf (file, "NULL },\n");
-
- if (p->down)
- {
- p = p->down;
- }
- else if (p->right)
- {
- p = p->right;
- }
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == pointer)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
+ if (p->value)
+ fprintf(file, "\"%s\"},\n", p->value);
+ else
+ fprintf(file, "NULL },\n");
+
+ if (p->down) {
+ p = p->down;
+ } else if (p->right) {
+ p = p->right;
+ } else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == pointer) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
- fprintf (file, " { NULL, 0, NULL }\n};\n");
+ fprintf(file, " { NULL, 0, NULL }\n};\n");
- fclose (file);
+ fclose(file);
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -174,104 +164,92 @@ _asn1_create_static_structure (asn1_node pointer, char *output_file_name,
* %ASN1_ARRAY_ERROR if the array pointed by @array is wrong.
**/
int
-asn1_array2tree (const asn1_static_node * array, asn1_node * definitions,
- char *errorDescription)
+asn1_array2tree(const asn1_static_node * array, asn1_node * definitions,
+ char *errorDescription)
{
- asn1_node p, p_last = NULL;
- unsigned long k;
- int move;
- int result;
- unsigned int type;
-
-
- if (*definitions != NULL)
- return ASN1_ELEMENT_NOT_EMPTY;
-
- move = UP;
-
- k = 0;
- while (array[k].value || array[k].type || array[k].name)
- {
- type = convert_old_type(array[k].type);
-
- p = _asn1_add_static_node (type & (~CONST_DOWN));
- if (array[k].name)
- _asn1_set_name (p, array[k].name);
- if (array[k].value)
- _asn1_set_value (p, array[k].value, strlen (array[k].value) + 1);
-
- if (*definitions == NULL)
- *definitions = p;
-
- if (move == DOWN)
- _asn1_set_down (p_last, p);
- else if (move == RIGHT)
- _asn1_set_right (p_last, p);
-
- p_last = p;
-
- if (type & CONST_DOWN)
- move = DOWN;
- else if (type & CONST_RIGHT)
- move = RIGHT;
- else
- {
- while (1)
- {
- if (p_last == *definitions)
- break;
-
- p_last = _asn1_find_up (p_last);
-
- if (p_last == NULL)
- break;
-
- if (p_last->type & CONST_RIGHT)
- {
- p_last->type &= ~CONST_RIGHT;
- move = RIGHT;
- break;
+ asn1_node p, p_last = NULL;
+ unsigned long k;
+ int move;
+ int result;
+ unsigned int type;
+
+
+ if (*definitions != NULL)
+ return ASN1_ELEMENT_NOT_EMPTY;
+
+ move = UP;
+
+ k = 0;
+ while (array[k].value || array[k].type || array[k].name) {
+ type = convert_old_type(array[k].type);
+
+ p = _asn1_add_static_node(type & (~CONST_DOWN));
+ if (array[k].name)
+ _asn1_set_name(p, array[k].name);
+ if (array[k].value)
+ _asn1_set_value(p, array[k].value,
+ strlen(array[k].value) + 1);
+
+ if (*definitions == NULL)
+ *definitions = p;
+
+ if (move == DOWN)
+ _asn1_set_down(p_last, p);
+ else if (move == RIGHT)
+ _asn1_set_right(p_last, p);
+
+ p_last = p;
+
+ if (type & CONST_DOWN)
+ move = DOWN;
+ else if (type & CONST_RIGHT)
+ move = RIGHT;
+ else {
+ while (1) {
+ if (p_last == *definitions)
+ break;
+
+ p_last = _asn1_find_up(p_last);
+
+ if (p_last == NULL)
+ break;
+
+ if (p_last->type & CONST_RIGHT) {
+ p_last->type &= ~CONST_RIGHT;
+ move = RIGHT;
+ break;
+ }
+ } /* while */
}
- } /* while */
- }
- k++;
- } /* while */
-
- if (p_last == *definitions)
- {
- result = _asn1_check_identifier (*definitions);
- if (result == ASN1_SUCCESS)
- {
- _asn1_change_integer_value (*definitions);
- _asn1_expand_object_id (*definitions);
+ k++;
+ } /* while */
+
+ if (p_last == *definitions) {
+ result = _asn1_check_identifier(*definitions);
+ if (result == ASN1_SUCCESS) {
+ _asn1_change_integer_value(*definitions);
+ _asn1_expand_object_id(*definitions);
+ }
+ } else {
+ result = ASN1_ARRAY_ERROR;
}
- }
- else
- {
- result = ASN1_ARRAY_ERROR;
- }
-
- if (errorDescription != NULL)
- {
- if (result == ASN1_IDENTIFIER_NOT_FOUND)
- {
- Estrcpy (errorDescription, ":: identifier '");
- Estrcat (errorDescription, _asn1_identifierMissing);
- Estrcat (errorDescription, "' not found");
+
+ if (errorDescription != NULL) {
+ if (result == ASN1_IDENTIFIER_NOT_FOUND) {
+ Estrcpy(errorDescription, ":: identifier '");
+ Estrcat(errorDescription, _asn1_identifierMissing);
+ Estrcat(errorDescription, "' not found");
+ } else
+ errorDescription[0] = 0;
}
- else
- errorDescription[0] = 0;
- }
-
- if (result != ASN1_SUCCESS)
- {
- _asn1_delete_list_and_nodes ();
- *definitions = NULL;
- }
- else
- _asn1_delete_list ();
-
- return result;
+
+ if (result != ASN1_SUCCESS) {
+ _asn1_delete_list_and_nodes();
+ *definitions = NULL;
+ } else
+ _asn1_delete_list();
+
+ return result;
}
/**
@@ -284,55 +262,45 @@ asn1_array2tree (const asn1_static_node * array, asn1_node * definitions,
* Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
* *@structure was NULL.
**/
-int
-asn1_delete_structure (asn1_node * structure)
+int asn1_delete_structure(asn1_node * structure)
{
- asn1_node p, p2, p3;
-
- if (*structure == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = *structure;
- while (p)
- {
- if (p->down)
- {
- p = p->down;
- }
- else
- { /* no down */
- p2 = p->right;
- if (p != *structure)
- {
- p3 = _asn1_find_up (p);
- _asn1_set_down (p3, p2);
- _asn1_remove_node (p);
- p = p3;
- }
- else
- { /* p==root */
- p3 = _asn1_find_left (p);
- if (!p3)
- {
- p3 = _asn1_find_up (p);
- if (p3)
- _asn1_set_down (p3, p2);
- else
- {
- if (p->right)
- p->right->left = NULL;
- }
+ asn1_node p, p2, p3;
+
+ if (*structure == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = *structure;
+ while (p) {
+ if (p->down) {
+ p = p->down;
+ } else { /* no down */
+ p2 = p->right;
+ if (p != *structure) {
+ p3 = _asn1_find_up(p);
+ _asn1_set_down(p3, p2);
+ _asn1_remove_node(p);
+ p = p3;
+ } else { /* p==root */
+ p3 = _asn1_find_left(p);
+ if (!p3) {
+ p3 = _asn1_find_up(p);
+ if (p3)
+ _asn1_set_down(p3, p2);
+ else {
+ if (p->right)
+ p->right->left =
+ NULL;
+ }
+ } else
+ _asn1_set_right(p3, p2);
+ _asn1_remove_node(p);
+ p = NULL;
+ }
}
- else
- _asn1_set_right (p3, p2);
- _asn1_remove_node (p);
- p = NULL;
- }
}
- }
- *structure = NULL;
- return ASN1_SUCCESS;
+ *structure = NULL;
+ return ASN1_SUCCESS;
}
@@ -348,291 +316,279 @@ asn1_delete_structure (asn1_node * structure)
* Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
* the @element_name was not found.
**/
-int
-asn1_delete_element (asn1_node structure, const char *element_name)
+int asn1_delete_element(asn1_node structure, const char *element_name)
{
- asn1_node p2, p3, source_node;
-
- source_node = asn1_find_node (structure, element_name);
-
- if (source_node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p2 = source_node->right;
- p3 = _asn1_find_left (source_node);
- if (!p3)
- {
- p3 = _asn1_find_up (source_node);
- if (p3)
- _asn1_set_down (p3, p2);
- else if (source_node->right)
- source_node->right->left = NULL;
- }
- else
- _asn1_set_right (p3, p2);
-
- return asn1_delete_structure (&source_node);
+ asn1_node p2, p3, source_node;
+
+ source_node = asn1_find_node(structure, element_name);
+
+ if (source_node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p2 = source_node->right;
+ p3 = _asn1_find_left(source_node);
+ if (!p3) {
+ p3 = _asn1_find_up(source_node);
+ if (p3)
+ _asn1_set_down(p3, p2);
+ else if (source_node->right)
+ source_node->right->left = NULL;
+ } else
+ _asn1_set_right(p3, p2);
+
+ return asn1_delete_structure(&source_node);
}
-asn1_node
-_asn1_copy_structure3 (asn1_node source_node)
+asn1_node _asn1_copy_structure3(asn1_node source_node)
{
- asn1_node dest_node, p_s, p_d, p_d_prev;
- int move;
-
- if (source_node == NULL)
- return NULL;
-
- dest_node = _asn1_add_single_node (source_node->type);
-
- p_s = source_node;
- p_d = dest_node;
-
- move = DOWN;
-
- do
- {
- if (move != UP)
- {
- if (p_s->name[0] != 0)
- _asn1_cpy_name (p_d, p_s);
- if (p_s->value)
- _asn1_set_value (p_d, p_s->value, p_s->value_len);
- if (p_s->down)
- {
- p_s = p_s->down;
- p_d_prev = p_d;
- p_d = _asn1_add_single_node (p_s->type);
- _asn1_set_down (p_d_prev, p_d);
- continue;
- }
+ asn1_node dest_node, p_s, p_d, p_d_prev;
+ int move;
+
+ if (source_node == NULL)
+ return NULL;
+
+ dest_node = _asn1_add_single_node(source_node->type);
+
+ p_s = source_node;
+ p_d = dest_node;
+
+ move = DOWN;
+
+ do {
+ if (move != UP) {
+ if (p_s->name[0] != 0)
+ _asn1_cpy_name(p_d, p_s);
+ if (p_s->value)
+ _asn1_set_value(p_d, p_s->value,
+ p_s->value_len);
+ if (p_s->down) {
+ p_s = p_s->down;
+ p_d_prev = p_d;
+ p_d = _asn1_add_single_node(p_s->type);
+ _asn1_set_down(p_d_prev, p_d);
+ continue;
+ }
+ }
+
+ if (p_s == source_node)
+ break;
+
+ if (p_s->right) {
+ move = RIGHT;
+ p_s = p_s->right;
+ p_d_prev = p_d;
+ p_d = _asn1_add_single_node(p_s->type);
+ _asn1_set_right(p_d_prev, p_d);
+ } else {
+ move = UP;
+ p_s = _asn1_find_up(p_s);
+ p_d = _asn1_find_up(p_d);
+ }
}
+ while (p_s != source_node);
- if (p_s == source_node)
- break;
-
- if (p_s->right)
- {
- move = RIGHT;
- p_s = p_s->right;
- p_d_prev = p_d;
- p_d = _asn1_add_single_node (p_s->type);
- _asn1_set_right (p_d_prev, p_d);
- }
- else
- {
- move = UP;
- p_s = _asn1_find_up (p_s);
- p_d = _asn1_find_up (p_d);
- }
- }
- while (p_s != source_node);
-
- return dest_node;
+ return dest_node;
}
static asn1_node
-_asn1_copy_structure2 (asn1_node root, const char *source_name)
+_asn1_copy_structure2(asn1_node root, const char *source_name)
{
- asn1_node source_node;
+ asn1_node source_node;
- source_node = asn1_find_node (root, source_name);
+ source_node = asn1_find_node(root, source_name);
- return _asn1_copy_structure3 (source_node);
+ return _asn1_copy_structure3(source_node);
}
-static int
-_asn1_type_choice_config (asn1_node node)
+static int _asn1_type_choice_config(asn1_node node)
{
- asn1_node p, p2, p3, p4;
- int move, tlen;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- move = DOWN;
-
- while (!((p == node) && (move == UP)))
- {
- if (move != UP)
- {
- if ((type_field (p->type) == ASN1_ETYPE_CHOICE) && (p->type & CONST_TAG))
- {
- p2 = p->down;
- while (p2)
- {
- if (type_field (p2->type) != ASN1_ETYPE_TAG)
- {
- p2->type |= CONST_TAG;
- p3 = _asn1_find_left (p2);
- while (p3)
- {
- if (type_field (p3->type) == ASN1_ETYPE_TAG)
- {
- p4 = _asn1_add_single_node (p3->type);
- tlen = _asn1_strlen (p3->value);
- if (tlen > 0)
- _asn1_set_value (p4, p3->value, tlen + 1);
- _asn1_set_right (p4, p2->down);
- _asn1_set_down (p2, p4);
- }
- p3 = _asn1_find_left (p3);
+ asn1_node p, p2, p3, p4;
+ int move, tlen;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP))) {
+ if (move != UP) {
+ if ((type_field(p->type) == ASN1_ETYPE_CHOICE)
+ && (p->type & CONST_TAG)) {
+ p2 = p->down;
+ while (p2) {
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_TAG) {
+ p2->type |= CONST_TAG;
+ p3 = _asn1_find_left(p2);
+ while (p3) {
+ if (type_field
+ (p3->type) ==
+ ASN1_ETYPE_TAG)
+ {
+ p4 = _asn1_add_single_node(p3->type);
+ tlen =
+ _asn1_strlen
+ (p3->
+ value);
+ if (tlen >
+ 0)
+ _asn1_set_value
+ (p4,
+ p3->
+ value,
+ tlen
+ +
+ 1);
+ _asn1_set_right
+ (p4,
+ p2->
+ down);
+ _asn1_set_down
+ (p2,
+ p4);
+ }
+ p3 = _asn1_find_left(p3);
+ }
+ }
+ p2 = p2->right;
+ }
+ p->type &= ~(CONST_TAG);
+ p2 = p->down;
+ while (p2) {
+ p3 = p2->right;
+ if (type_field(p2->type) ==
+ ASN1_ETYPE_TAG)
+ asn1_delete_structure(&p2);
+ p2 = p3;
+ }
}
- }
- p2 = p2->right;
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- p->type &= ~(CONST_TAG);
- p2 = p->down;
- while (p2)
- {
- p3 = p2->right;
- if (type_field (p2->type) == ASN1_ETYPE_TAG)
- asn1_delete_structure (&p2);
- p2 = p3;
- }
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (p == node)
- {
- move = UP;
- continue;
- }
+ if (p == node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
-static int
-_asn1_expand_identifier (asn1_node * node, asn1_node root)
+static int _asn1_expand_identifier(asn1_node * node, asn1_node root)
{
- asn1_node p, p2, p3;
- char name2[ASN1_MAX_NAME_SIZE + 2];
- int move;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = *node;
- move = DOWN;
-
- while (!((p == *node) && (move == UP)))
- {
- if (move != UP)
- {
- if (type_field (p->type) == ASN1_ETYPE_IDENTIFIER)
- {
- snprintf(name2, sizeof (name2), "%s.%s", root->name, p->value);
- p2 = _asn1_copy_structure2 (root, name2);
- if (p2 == NULL)
- {
- return ASN1_IDENTIFIER_NOT_FOUND;
- }
- _asn1_cpy_name (p2, p);
- p2->right = p->right;
- p2->left = p->left;
- if (p->right)
- p->right->left = p2;
- p3 = p->down;
- if (p3)
- {
- while (p3->right)
- p3 = p3->right;
- _asn1_set_right (p3, p2->down);
- _asn1_set_down (p2, p->down);
- }
+ asn1_node p, p2, p3;
+ char name2[ASN1_MAX_NAME_SIZE + 2];
+ int move;
- p3 = _asn1_find_left (p);
- if (p3)
- _asn1_set_right (p3, p2);
- else
- {
- p3 = _asn1_find_up (p);
- if (p3)
- _asn1_set_down (p3, p2);
- else
- {
- p2->left = NULL;
- }
- }
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- if (p->type & CONST_SIZE)
- p2->type |= CONST_SIZE;
- if (p->type & CONST_TAG)
- p2->type |= CONST_TAG;
- if (p->type & CONST_OPTION)
- p2->type |= CONST_OPTION;
- if (p->type & CONST_DEFAULT)
- p2->type |= CONST_DEFAULT;
- if (p->type & CONST_SET)
- p2->type |= CONST_SET;
- if (p->type & CONST_NOT_USED)
- p2->type |= CONST_NOT_USED;
-
- if (p == *node)
- *node = p2;
- _asn1_remove_node (p);
- p = p2;
- move = DOWN;
- continue;
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
+ p = *node;
+ move = DOWN;
- if (p == *node)
- {
- move = UP;
- continue;
- }
+ while (!((p == *node) && (move == UP))) {
+ if (move != UP) {
+ if (type_field(p->type) == ASN1_ETYPE_IDENTIFIER) {
+ snprintf(name2, sizeof(name2), "%s.%s",
+ root->name, p->value);
+ p2 = _asn1_copy_structure2(root, name2);
+ if (p2 == NULL) {
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ }
+ _asn1_cpy_name(p2, p);
+ p2->right = p->right;
+ p2->left = p->left;
+ if (p->right)
+ p->right->left = p2;
+ p3 = p->down;
+ if (p3) {
+ while (p3->right)
+ p3 = p3->right;
+ _asn1_set_right(p3, p2->down);
+ _asn1_set_down(p2, p->down);
+ }
+
+ p3 = _asn1_find_left(p);
+ if (p3)
+ _asn1_set_right(p3, p2);
+ else {
+ p3 = _asn1_find_up(p);
+ if (p3)
+ _asn1_set_down(p3, p2);
+ else {
+ p2->left = NULL;
+ }
+ }
+
+ if (p->type & CONST_SIZE)
+ p2->type |= CONST_SIZE;
+ if (p->type & CONST_TAG)
+ p2->type |= CONST_TAG;
+ if (p->type & CONST_OPTION)
+ p2->type |= CONST_OPTION;
+ if (p->type & CONST_DEFAULT)
+ p2->type |= CONST_DEFAULT;
+ if (p->type & CONST_SET)
+ p2->type |= CONST_SET;
+ if (p->type & CONST_NOT_USED)
+ p2->type |= CONST_NOT_USED;
+
+ if (p == *node)
+ *node = p2;
+ _asn1_remove_node(p);
+ p = p2;
+ move = DOWN;
+ continue;
+ }
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == *node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -652,25 +608,25 @@ _asn1_expand_identifier (asn1_node * node, asn1_node root)
* @source_name is not known.
**/
int
-asn1_create_element (asn1_node definitions, const char *source_name,
- asn1_node * element)
+asn1_create_element(asn1_node definitions, const char *source_name,
+ asn1_node * element)
{
- asn1_node dest_node;
- int res;
+ asn1_node dest_node;
+ int res;
- dest_node = _asn1_copy_structure2 (definitions, source_name);
+ dest_node = _asn1_copy_structure2(definitions, source_name);
- if (dest_node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
+ if (dest_node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- _asn1_set_name (dest_node, "");
+ _asn1_set_name(dest_node, "");
- res = _asn1_expand_identifier (&dest_node, definitions);
- _asn1_type_choice_config (dest_node);
+ res = _asn1_expand_identifier(&dest_node, definitions);
+ _asn1_type_choice_config(dest_node);
- *element = dest_node;
+ *element = dest_node;
- return res;
+ return res;
}
@@ -687,331 +643,358 @@ asn1_create_element (asn1_node definitions, const char *source_name,
* from the @name element inside the structure @structure.
**/
void
-asn1_print_structure (FILE * out, asn1_node structure, const char *name,
- int mode)
+asn1_print_structure(FILE * out, asn1_node structure, const char *name,
+ int mode)
{
- asn1_node p, root;
- int k, indent = 0, len, len2, len3;
-
- if (out == NULL)
- return;
-
- root = asn1_find_node (structure, name);
-
- if (root == NULL)
- return;
-
- p = root;
- while (p)
- {
- if (mode == ASN1_PRINT_ALL)
- {
- for (k = 0; k < indent; k++)
- fprintf (out, " ");
- fprintf (out, "name:");
- if (p->name[0] != 0)
- fprintf (out, "%s ", p->name);
- else
- fprintf (out, "NULL ");
- }
- else
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_CONSTANT:
- case ASN1_ETYPE_TAG:
- case ASN1_ETYPE_SIZE:
- break;
- default:
- for (k = 0; k < indent; k++)
- fprintf (out, " ");
- fprintf (out, "name:");
- if (p->name[0] != 0)
- fprintf (out, "%s ", p->name);
- else
- fprintf (out, "NULL ");
- }
- }
-
- if (mode != ASN1_PRINT_NAME)
- {
- unsigned type = type_field (p->type);
- switch (type)
- {
- case ASN1_ETYPE_CONSTANT:
- if (mode == ASN1_PRINT_ALL)
- fprintf (out, "type:CONST");
- break;
- case ASN1_ETYPE_TAG:
- if (mode == ASN1_PRINT_ALL)
- fprintf (out, "type:TAG");
- break;
- case ASN1_ETYPE_SIZE:
- if (mode == ASN1_PRINT_ALL)
- fprintf (out, "type:SIZE");
- break;
- case ASN1_ETYPE_DEFAULT:
- fprintf (out, "type:DEFAULT");
- break;
- case ASN1_ETYPE_IDENTIFIER:
- fprintf (out, "type:IDENTIFIER");
- break;
- case ASN1_ETYPE_ANY:
- fprintf (out, "type:ANY");
- break;
- case ASN1_ETYPE_CHOICE:
- fprintf (out, "type:CHOICE");
- break;
- case ASN1_ETYPE_DEFINITIONS:
- fprintf (out, "type:DEFINITIONS");
- break;
- CASE_HANDLED_ETYPES:
- fprintf (out, "%s", _asn1_tags[type].desc);
- break;
- default:
- break;
- }
- }
-
- if ((mode == ASN1_PRINT_NAME_TYPE_VALUE) || (mode == ASN1_PRINT_ALL))
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_CONSTANT:
- if (mode == ASN1_PRINT_ALL)
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_TAG:
- if (mode == ASN1_PRINT_ALL)
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_SIZE:
- if (mode == ASN1_PRINT_ALL)
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_DEFAULT:
- if (p->value)
- fprintf (out, " value:%s", p->value);
- else if (p->type & CONST_TRUE)
- fprintf (out, " value:TRUE");
- else if (p->type & CONST_FALSE)
- fprintf (out, " value:FALSE");
- break;
- case ASN1_ETYPE_IDENTIFIER:
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_INTEGER:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- fprintf (out, " value:0x");
- if (len > 0)
- for (k = 0; k < len; k++)
- fprintf (out, "%02x", (p->value)[k + len2]);
- }
- break;
- case ASN1_ETYPE_ENUMERATED:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- fprintf (out, " value:0x");
- if (len > 0)
- for (k = 0; k < len; k++)
- fprintf (out, "%02x", (p->value)[k + len2]);
- }
- break;
- case ASN1_ETYPE_BOOLEAN:
- if (p->value)
- {
- if (p->value[0] == 'T')
- fprintf (out, " value:TRUE");
- else if (p->value[0] == 'F')
- fprintf (out, " value:FALSE");
- }
- break;
- case ASN1_ETYPE_BIT_STRING:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- if (len > 0)
- {
- fprintf (out, " value(%i):",
- (len - 1) * 8 - (p->value[len2]));
- for (k = 1; k < len; k++)
- fprintf (out, "%02x", (p->value)[k + len2]);
- }
- }
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- if (p->value)
- {
- fprintf (out, " value:");
- for (k = 0; k < p->value_len; k++)
- fprintf (out, "%c", (p->value)[k]);
- }
- break;
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- fprintf (out, " value:");
- if (len > 0)
- for (k = 0; k < len; k++)
- fprintf (out, "%c", (p->value)[k + len2]);
- }
- break;
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_OCTET_STRING:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- fprintf (out, " value:");
- if (len > 0)
- for (k = 0; k < len; k++)
- fprintf (out, "%02x", (p->value)[k + len2]);
+ asn1_node p, root;
+ int k, indent = 0, len, len2, len3;
+
+ if (out == NULL)
+ return;
+
+ root = asn1_find_node(structure, name);
+
+ if (root == NULL)
+ return;
+
+ p = root;
+ while (p) {
+ if (mode == ASN1_PRINT_ALL) {
+ for (k = 0; k < indent; k++)
+ fprintf(out, " ");
+ fprintf(out, "name:");
+ if (p->name[0] != 0)
+ fprintf(out, "%s ", p->name);
+ else
+ fprintf(out, "NULL ");
+ } else {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_CONSTANT:
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_SIZE:
+ break;
+ default:
+ for (k = 0; k < indent; k++)
+ fprintf(out, " ");
+ fprintf(out, "name:");
+ if (p->name[0] != 0)
+ fprintf(out, "%s ", p->name);
+ else
+ fprintf(out, "NULL ");
+ }
}
- break;
- case ASN1_ETYPE_OBJECT_ID:
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_ANY:
- if (p->value)
- {
- len3 = -1;
- len2 = asn1_get_length_der (p->value, p->value_len, &len3);
- fprintf (out, " value:");
- if (len2 > 0)
- for (k = 0; k < len2; k++)
- fprintf (out, "%02x", (p->value)[k + len3]);
+
+ if (mode != ASN1_PRINT_NAME) {
+ unsigned type = type_field(p->type);
+ switch (type) {
+ case ASN1_ETYPE_CONSTANT:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf(out, "type:CONST");
+ break;
+ case ASN1_ETYPE_TAG:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf(out, "type:TAG");
+ break;
+ case ASN1_ETYPE_SIZE:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf(out, "type:SIZE");
+ break;
+ case ASN1_ETYPE_DEFAULT:
+ fprintf(out, "type:DEFAULT");
+ break;
+ case ASN1_ETYPE_IDENTIFIER:
+ fprintf(out, "type:IDENTIFIER");
+ break;
+ case ASN1_ETYPE_ANY:
+ fprintf(out, "type:ANY");
+ break;
+ case ASN1_ETYPE_CHOICE:
+ fprintf(out, "type:CHOICE");
+ break;
+ case ASN1_ETYPE_DEFINITIONS:
+ fprintf(out, "type:DEFINITIONS");
+ break;
+ CASE_HANDLED_ETYPES:
+ fprintf(out, "%s", _asn1_tags[type].desc);
+ break;
+ default:
+ break;
+ }
}
- break;
- case ASN1_ETYPE_SET:
- case ASN1_ETYPE_SET_OF:
- case ASN1_ETYPE_CHOICE:
- case ASN1_ETYPE_DEFINITIONS:
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_NULL:
- break;
- default:
- break;
- }
- }
- if (mode == ASN1_PRINT_ALL)
- {
- if (p->type & 0x1FFFFF00)
- {
- fprintf (out, " attr:");
- if (p->type & CONST_UNIVERSAL)
- fprintf (out, "UNIVERSAL,");
- if (p->type & CONST_PRIVATE)
- fprintf (out, "PRIVATE,");
- if (p->type & CONST_APPLICATION)
- fprintf (out, "APPLICATION,");
- if (p->type & CONST_EXPLICIT)
- fprintf (out, "EXPLICIT,");
- if (p->type & CONST_IMPLICIT)
- fprintf (out, "IMPLICIT,");
- if (p->type & CONST_TAG)
- fprintf (out, "TAG,");
- if (p->type & CONST_DEFAULT)
- fprintf (out, "DEFAULT,");
- if (p->type & CONST_TRUE)
- fprintf (out, "TRUE,");
- if (p->type & CONST_FALSE)
- fprintf (out, "FALSE,");
- if (p->type & CONST_LIST)
- fprintf (out, "LIST,");
- if (p->type & CONST_MIN_MAX)
- fprintf (out, "MIN_MAX,");
- if (p->type & CONST_OPTION)
- fprintf (out, "OPTION,");
- if (p->type & CONST_1_PARAM)
- fprintf (out, "1_PARAM,");
- if (p->type & CONST_SIZE)
- fprintf (out, "SIZE,");
- if (p->type & CONST_DEFINED_BY)
- fprintf (out, "DEF_BY,");
- if (p->type & CONST_GENERALIZED)
- fprintf (out, "GENERALIZED,");
- if (p->type & CONST_UTC)
- fprintf (out, "UTC,");
- if (p->type & CONST_SET)
- fprintf (out, "SET,");
- if (p->type & CONST_NOT_USED)
- fprintf (out, "NOT_USED,");
- if (p->type & CONST_ASSIGN)
- fprintf (out, "ASSIGNMENT,");
- }
- }
+ if ((mode == ASN1_PRINT_NAME_TYPE_VALUE)
+ || (mode == ASN1_PRINT_ALL)) {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_CONSTANT:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_TAG:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_SIZE:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_DEFAULT:
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ else if (p->type & CONST_TRUE)
+ fprintf(out, " value:TRUE");
+ else if (p->type & CONST_FALSE)
+ fprintf(out, " value:FALSE");
+ break;
+ case ASN1_ETYPE_IDENTIFIER:
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_INTEGER:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ fprintf(out, " value:0x");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len2]);
+ }
+ break;
+ case ASN1_ETYPE_ENUMERATED:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ fprintf(out, " value:0x");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len2]);
+ }
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (p->value) {
+ if (p->value[0] == 'T')
+ fprintf(out,
+ " value:TRUE");
+ else if (p->value[0] == 'F')
+ fprintf(out,
+ " value:FALSE");
+ }
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ if (len > 0) {
+ fprintf(out,
+ " value(%i):",
+ (len - 1) * 8 -
+ (p->value[len2]));
+ for (k = 1; k < len; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len2]);
+ }
+ }
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if (p->value) {
+ fprintf(out, " value:");
+ for (k = 0; k < p->value_len; k++)
+ fprintf(out, "%c",
+ (p->value)[k]);
+ }
+ break;
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ fprintf(out, " value:");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf(out, "%c",
+ (p->
+ value)[k +
+ len2]);
+ }
+ break;
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_OCTET_STRING:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ fprintf(out, " value:");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len2]);
+ }
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_ANY:
+ if (p->value) {
+ len3 = -1;
+ len2 =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len3);
+ fprintf(out, " value:");
+ if (len2 > 0)
+ for (k = 0; k < len2; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len3]);
+ }
+ break;
+ case ASN1_ETYPE_SET:
+ case ASN1_ETYPE_SET_OF:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_DEFINITIONS:
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_NULL:
+ break;
+ default:
+ break;
+ }
+ }
- if (mode == ASN1_PRINT_ALL)
- {
- fprintf (out, "\n");
- }
- else
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_CONSTANT:
- case ASN1_ETYPE_TAG:
- case ASN1_ETYPE_SIZE:
- break;
- default:
- fprintf (out, "\n");
- }
- }
+ if (mode == ASN1_PRINT_ALL) {
+ if (p->type & 0x1FFFFF00) {
+ fprintf(out, " attr:");
+ if (p->type & CONST_UNIVERSAL)
+ fprintf(out, "UNIVERSAL,");
+ if (p->type & CONST_PRIVATE)
+ fprintf(out, "PRIVATE,");
+ if (p->type & CONST_APPLICATION)
+ fprintf(out, "APPLICATION,");
+ if (p->type & CONST_EXPLICIT)
+ fprintf(out, "EXPLICIT,");
+ if (p->type & CONST_IMPLICIT)
+ fprintf(out, "IMPLICIT,");
+ if (p->type & CONST_TAG)
+ fprintf(out, "TAG,");
+ if (p->type & CONST_DEFAULT)
+ fprintf(out, "DEFAULT,");
+ if (p->type & CONST_TRUE)
+ fprintf(out, "TRUE,");
+ if (p->type & CONST_FALSE)
+ fprintf(out, "FALSE,");
+ if (p->type & CONST_LIST)
+ fprintf(out, "LIST,");
+ if (p->type & CONST_MIN_MAX)
+ fprintf(out, "MIN_MAX,");
+ if (p->type & CONST_OPTION)
+ fprintf(out, "OPTION,");
+ if (p->type & CONST_1_PARAM)
+ fprintf(out, "1_PARAM,");
+ if (p->type & CONST_SIZE)
+ fprintf(out, "SIZE,");
+ if (p->type & CONST_DEFINED_BY)
+ fprintf(out, "DEF_BY,");
+ if (p->type & CONST_GENERALIZED)
+ fprintf(out, "GENERALIZED,");
+ if (p->type & CONST_UTC)
+ fprintf(out, "UTC,");
+ if (p->type & CONST_SET)
+ fprintf(out, "SET,");
+ if (p->type & CONST_NOT_USED)
+ fprintf(out, "NOT_USED,");
+ if (p->type & CONST_ASSIGN)
+ fprintf(out, "ASSIGNMENT,");
+ }
+ }
- if (p->down)
- {
- p = p->down;
- indent += 2;
- }
- else if (p == root)
- {
- p = NULL;
- break;
- }
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == root)
- {
- p = NULL;
- break;
+ if (mode == ASN1_PRINT_ALL) {
+ fprintf(out, "\n");
+ } else {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_CONSTANT:
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_SIZE:
+ break;
+ default:
+ fprintf(out, "\n");
+ }
}
- indent -= 2;
- if (p->right)
- {
- p = p->right;
- break;
+
+ if (p->down) {
+ p = p->down;
+ indent += 2;
+ } else if (p == root) {
+ p = NULL;
+ break;
+ } else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == root) {
+ p = NULL;
+ break;
+ }
+ indent -= 2;
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
}
@@ -1028,30 +1011,28 @@ asn1_print_structure (FILE * out, asn1_node structure, const char *name,
* Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
* @name is not known, %ASN1_GENERIC_ERROR if pointer @num is %NULL.
**/
-int
-asn1_number_of_elements (asn1_node element, const char *name, int *num)
+int asn1_number_of_elements(asn1_node element, const char *name, int *num)
{
- asn1_node node, p;
+ asn1_node node, p;
- if (num == NULL)
- return ASN1_GENERIC_ERROR;
+ if (num == NULL)
+ return ASN1_GENERIC_ERROR;
- *num = 0;
+ *num = 0;
- node = asn1_find_node (element, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
+ node = asn1_find_node(element, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- p = node->down;
+ p = node->down;
- while (p)
- {
- if (p->name[0] == '?')
- (*num)++;
- p = p->right;
- }
+ while (p) {
+ if (p->name[0] == '?')
+ (*num)++;
+ p = p->right;
+ }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -1066,48 +1047,49 @@ asn1_number_of_elements (asn1_node element, const char *name, int *num)
* constant string that contains the element name defined just after
* the OID.
**/
-const char *
-asn1_find_structure_from_oid (asn1_node definitions, const char *oidValue)
+const char *asn1_find_structure_from_oid(asn1_node definitions,
+ const char *oidValue)
{
- char definitionsName[ASN1_MAX_NAME_SIZE], name[2 * ASN1_MAX_NAME_SIZE + 1];
- char value[ASN1_MAX_NAME_SIZE];
- asn1_node p;
- int len;
- int result;
-
- if ((definitions == NULL) || (oidValue == NULL))
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
-
-
- strcpy (definitionsName, definitions->name);
- strcat (definitionsName, ".");
-
- /* search the OBJECT_ID into definitions */
- p = definitions->down;
- while (p)
- {
- if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p->type & CONST_ASSIGN))
- {
- strcpy (name, definitionsName);
- strcat (name, p->name);
-
- len = ASN1_MAX_NAME_SIZE;
- result = asn1_read_value (definitions, name, value, &len);
-
- if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value)))
- {
- p = p->right;
- if (p == NULL) /* reach the end of ASN1 definitions */
+ char definitionsName[ASN1_MAX_NAME_SIZE],
+ name[2 * ASN1_MAX_NAME_SIZE + 1];
+ char value[ASN1_MAX_NAME_SIZE];
+ asn1_node p;
+ int len;
+ int result;
+
+ if ((definitions == NULL) || (oidValue == NULL))
return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
- return p->name;
- }
+
+ strcpy(definitionsName, definitions->name);
+ strcat(definitionsName, ".");
+
+ /* search the OBJECT_ID into definitions */
+ p = definitions->down;
+ while (p) {
+ if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_ASSIGN)) {
+ strcpy(name, definitionsName);
+ strcat(name, p->name);
+
+ len = ASN1_MAX_NAME_SIZE;
+ result =
+ asn1_read_value(definitions, name, value,
+ &len);
+
+ if ((result == ASN1_SUCCESS)
+ && (!strcmp(oidValue, value))) {
+ p = p->right;
+ if (p == NULL) /* reach the end of ASN1 definitions */
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+
+ return p->name;
+ }
+ }
+ p = p->right;
}
- p = p->right;
- }
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
}
/**
@@ -1122,42 +1104,40 @@ asn1_find_structure_from_oid (asn1_node definitions, const char *oidValue)
* Returns: Return %ASN1_SUCCESS on success.
**/
int
-asn1_copy_node (asn1_node dst, const char *dst_name,
- asn1_node src, const char *src_name)
+asn1_copy_node(asn1_node dst, const char *dst_name,
+ asn1_node src, const char *src_name)
{
/* FIXME: rewrite using copy_structure().
* It seems quite hard to do.
*/
- int result;
- asn1_node dst_node;
- void *data = NULL;
- int size = 0;
-
- result = asn1_der_coding (src, src_name, NULL, &size, NULL);
- if (result != ASN1_MEM_ERROR)
- return result;
-
- data = malloc (size);
- if (data == NULL)
- return ASN1_MEM_ERROR;
-
- result = asn1_der_coding (src, src_name, data, &size, NULL);
- if (result != ASN1_SUCCESS)
- {
- free (data);
- return result;
- }
-
- dst_node = asn1_find_node (dst, dst_name);
- if (dst_node == NULL)
- {
- free (data);
- return ASN1_ELEMENT_NOT_FOUND;
- }
-
- result = asn1_der_decoding (&dst_node, data, size, NULL);
-
- free (data);
-
- return result;
+ int result;
+ asn1_node dst_node;
+ void *data = NULL;
+ int size = 0;
+
+ result = asn1_der_coding(src, src_name, NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR)
+ return result;
+
+ data = malloc(size);
+ if (data == NULL)
+ return ASN1_MEM_ERROR;
+
+ result = asn1_der_coding(src, src_name, data, &size, NULL);
+ if (result != ASN1_SUCCESS) {
+ free(data);
+ return result;
+ }
+
+ dst_node = asn1_find_node(dst, dst_name);
+ if (dst_node == NULL) {
+ free(data);
+ return ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ result = asn1_der_decoding(&dst_node, data, size, NULL);
+
+ free(data);
+
+ return result;
}
diff --git a/lib/minitasn1/structure.h b/lib/minitasn1/structure.h
index 986e13a309..c56beb6413 100644
--- a/lib/minitasn1/structure.h
+++ b/lib/minitasn1/structure.h
@@ -28,14 +28,14 @@
#ifndef _STRUCTURE_H
#define _STRUCTURE_H
-int _asn1_create_static_structure (asn1_node pointer,
- char *output_file_name,
- char *vector_name);
+int _asn1_create_static_structure(asn1_node pointer,
+ char *output_file_name,
+ char *vector_name);
-asn1_node _asn1_copy_structure3 (asn1_node source_node);
+asn1_node _asn1_copy_structure3(asn1_node source_node);
-asn1_node _asn1_add_single_node (unsigned int type);
+asn1_node _asn1_add_single_node(unsigned int type);
-asn1_node _asn1_find_left (asn1_node node);
+asn1_node _asn1_find_left(asn1_node node);
#endif
diff --git a/lib/minitasn1/version.c b/lib/minitasn1/version.c
index 83d70c9623..2941af916a 100644
--- a/lib/minitasn1/version.c
+++ b/lib/minitasn1/version.c
@@ -41,11 +41,10 @@
* Returns: Version string of run-time library, or %NULL if the
* run-time library does not meet the required version number.
*/
-const char *
-asn1_check_version (const char *req_version)
+const char *asn1_check_version(const char *req_version)
{
- if (!req_version || strverscmp (req_version, ASN1_VERSION) <= 0)
- return ASN1_VERSION;
+ if (!req_version || strverscmp(req_version, ASN1_VERSION) <= 0)
+ return ASN1_VERSION;
- return NULL;
+ return NULL;
}
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 9522059186..e471ca2a14 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -42,10 +42,12 @@
#define MAX_BLOCK_SIZE 32
-typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
- unsigned, uint8_t *, const uint8_t *);
-typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
- unsigned, uint8_t *, const uint8_t *);
+typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned,
+ uint8_t *, unsigned, uint8_t *,
+ const uint8_t *);
+typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned,
+ uint8_t *, unsigned, uint8_t *,
+ const uint8_t *);
typedef void (*auth_func) (void *, unsigned, const uint8_t *);
typedef void (*tag_func) (void *, unsigned, uint8_t *);
@@ -53,395 +55,388 @@ typedef void (*tag_func) (void *, unsigned, uint8_t *);
typedef void (*setkey_func) (void *, unsigned, const uint8_t *);
static void
-stream_encrypt (void *ctx, nettle_crypt_func func, unsigned block_size,
- uint8_t * iv, unsigned length, uint8_t * dst,
- const uint8_t * src)
+stream_encrypt(void *ctx, nettle_crypt_func func, unsigned block_size,
+ uint8_t * iv, unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- func (ctx, length, dst, src);
+ func(ctx, length, dst, src);
}
-struct nettle_cipher_ctx
-{
- union
- {
- struct aes_ctx aes;
- struct camellia_ctx camellia;
- struct arcfour_ctx arcfour;
- struct arctwo_ctx arctwo;
- struct des3_ctx des3;
- struct des_ctx des;
- struct gcm_aes_ctx aes_gcm;
- struct _gcm_camellia_ctx camellia_gcm;
- struct salsa20_ctx salsa20;
- } ctx;
- void *ctx_ptr;
- uint8_t iv[MAX_BLOCK_SIZE];
- gnutls_cipher_algorithm_t algo;
- size_t block_size;
- nettle_crypt_func *i_encrypt;
- nettle_crypt_func *i_decrypt;
- encrypt_func encrypt;
- decrypt_func decrypt;
- auth_func auth;
- tag_func tag;
- int enc;
+struct nettle_cipher_ctx {
+ union {
+ struct aes_ctx aes;
+ struct camellia_ctx camellia;
+ struct arcfour_ctx arcfour;
+ struct arctwo_ctx arctwo;
+ struct des3_ctx des3;
+ struct des_ctx des;
+ struct gcm_aes_ctx aes_gcm;
+ struct _gcm_camellia_ctx camellia_gcm;
+ struct salsa20_ctx salsa20;
+ } ctx;
+ void *ctx_ptr;
+ uint8_t iv[MAX_BLOCK_SIZE];
+ gnutls_cipher_algorithm_t algo;
+ size_t block_size;
+ nettle_crypt_func *i_encrypt;
+ nettle_crypt_func *i_decrypt;
+ encrypt_func encrypt;
+ decrypt_func decrypt;
+ auth_func auth;
+ tag_func tag;
+ int enc;
};
#define GCM_DEFAULT_NONCE_SIZE 12
-static void _aes_gcm_encrypt(void *_ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+static void _aes_gcm_encrypt(void *_ctx, nettle_crypt_func f,
+ unsigned block_size, uint8_t * iv,
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- gcm_aes_encrypt(_ctx, length, dst, src);
+ gcm_aes_encrypt(_ctx, length, dst, src);
}
-static void _aes_gcm_decrypt(void *_ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+static void _aes_gcm_decrypt(void *_ctx, nettle_crypt_func f,
+ unsigned block_size, uint8_t * iv,
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- gcm_aes_decrypt(_ctx, length, dst, src);
+ gcm_aes_decrypt(_ctx, length, dst, src);
}
-static void _camellia_gcm_encrypt(void *_ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+static void _camellia_gcm_encrypt(void *_ctx, nettle_crypt_func f,
+ unsigned block_size, uint8_t * iv,
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- _gcm_camellia_encrypt(_ctx, length, dst, src);
+ _gcm_camellia_encrypt(_ctx, length, dst, src);
}
-static void _camellia_gcm_decrypt(void *_ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+static void _camellia_gcm_decrypt(void *_ctx, nettle_crypt_func f,
+ unsigned block_size, uint8_t * iv,
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- _gcm_camellia_decrypt(_ctx, length, dst, src);
+ _gcm_camellia_decrypt(_ctx, length, dst, src);
}
static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
{
- switch (algo)
- {
- case GNUTLS_CIPHER_AES_128_GCM:
- case GNUTLS_CIPHER_AES_256_GCM:
- case GNUTLS_CIPHER_CAMELLIA_128_GCM:
- case GNUTLS_CIPHER_CAMELLIA_256_GCM:
- case GNUTLS_CIPHER_CAMELLIA_128_CBC:
- case GNUTLS_CIPHER_CAMELLIA_192_CBC:
- case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- case GNUTLS_CIPHER_AES_128_CBC:
- case GNUTLS_CIPHER_AES_192_CBC:
- case GNUTLS_CIPHER_AES_256_CBC:
- case GNUTLS_CIPHER_3DES_CBC:
- case GNUTLS_CIPHER_DES_CBC:
- case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_SALSA20_256:
- case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
- case GNUTLS_CIPHER_ARCFOUR_40:
- case GNUTLS_CIPHER_RC2_40_CBC:
- return 1;
- default:
- return 0;
- }
+ switch (algo) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ case GNUTLS_CIPHER_3DES_CBC:
+ case GNUTLS_CIPHER_DES_CBC:
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_SALSA20_256:
+ case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ return 1;
+ default:
+ return 0;
+ }
}
static int
-wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc)
+wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
+ int enc)
{
- struct nettle_cipher_ctx *ctx;
-
- ctx = gnutls_calloc (1, sizeof (*ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ctx->algo = algo;
- ctx->enc = enc;
-
- switch (algo)
- {
- case GNUTLS_CIPHER_AES_128_GCM:
- case GNUTLS_CIPHER_AES_256_GCM:
- ctx->encrypt = _aes_gcm_encrypt;
- ctx->decrypt = _aes_gcm_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*) aes_encrypt;
- ctx->auth = (auth_func)gcm_aes_update;
- ctx->tag = (tag_func)gcm_aes_digest;
- ctx->ctx_ptr = &ctx->ctx.aes_gcm;
- ctx->block_size = AES_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_GCM:
- case GNUTLS_CIPHER_CAMELLIA_256_GCM:
- ctx->encrypt = _camellia_gcm_encrypt;
- ctx->decrypt = _camellia_gcm_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*) camellia_crypt;
- ctx->auth = (auth_func)_gcm_camellia_update;
- ctx->tag = (tag_func)_gcm_camellia_digest;
- ctx->ctx_ptr = &ctx->ctx.camellia_gcm;
- ctx->block_size = CAMELLIA_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_CBC:
- case GNUTLS_CIPHER_CAMELLIA_192_CBC:
- case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)camellia_crypt;
- ctx->i_decrypt = (nettle_crypt_func*)camellia_crypt;
- ctx->ctx_ptr = &ctx->ctx.camellia;
- ctx->block_size = CAMELLIA_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_AES_128_CBC:
- case GNUTLS_CIPHER_AES_192_CBC:
- case GNUTLS_CIPHER_AES_256_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)aes_encrypt;
- ctx->i_decrypt = (nettle_crypt_func*)aes_decrypt;
- ctx->ctx_ptr = &ctx->ctx.aes;
- ctx->block_size = AES_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func *) des3_encrypt;
- ctx->i_decrypt = (nettle_crypt_func *) des3_decrypt;
- ctx->ctx_ptr = &ctx->ctx.des3;
- ctx->block_size = DES3_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_DES_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func *) des_encrypt;
- ctx->i_decrypt = (nettle_crypt_func *) des_decrypt;
- ctx->ctx_ptr = &ctx->ctx.des;
- ctx->block_size = DES_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_ARCFOUR_40:
- ctx->encrypt = stream_encrypt;
- ctx->decrypt = stream_encrypt;
- ctx->i_encrypt = (nettle_crypt_func *) arcfour_crypt;
- ctx->i_decrypt = (nettle_crypt_func *) arcfour_crypt;
- ctx->ctx_ptr = &ctx->ctx.arcfour;
- ctx->block_size = 1;
- break;
- case GNUTLS_CIPHER_SALSA20_256:
- ctx->encrypt = stream_encrypt;
- ctx->decrypt = stream_encrypt;
- ctx->i_encrypt = (nettle_crypt_func *) salsa20_crypt;
- ctx->i_decrypt = (nettle_crypt_func *) salsa20_crypt;
- ctx->ctx_ptr = &ctx->ctx.salsa20;
- ctx->block_size = 1;
- break;
- case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
- ctx->encrypt = stream_encrypt;
- ctx->decrypt = stream_encrypt;
- ctx->i_encrypt = (nettle_crypt_func *) salsa20r12_crypt;
- ctx->i_decrypt = (nettle_crypt_func *) salsa20r12_crypt;
- ctx->ctx_ptr = &ctx->ctx.salsa20;
- ctx->block_size = 1;
- break;
- case GNUTLS_CIPHER_RC2_40_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func *) arctwo_encrypt;
- ctx->i_decrypt = (nettle_crypt_func *) arctwo_decrypt;
- ctx->ctx_ptr = &ctx->ctx.arctwo;
- ctx->block_size = ARCTWO_BLOCK_SIZE;
- break;
- default:
- gnutls_assert ();
- gnutls_free(ctx);
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- *_ctx = ctx;
-
- return 0;
+ struct nettle_cipher_ctx *ctx;
+
+ ctx = gnutls_calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx->algo = algo;
+ ctx->enc = enc;
+
+ switch (algo) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ ctx->encrypt = _aes_gcm_encrypt;
+ ctx->decrypt = _aes_gcm_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) aes_encrypt;
+ ctx->auth = (auth_func) gcm_aes_update;
+ ctx->tag = (tag_func) gcm_aes_digest;
+ ctx->ctx_ptr = &ctx->ctx.aes_gcm;
+ ctx->block_size = AES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ ctx->encrypt = _camellia_gcm_encrypt;
+ ctx->decrypt = _camellia_gcm_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) camellia_crypt;
+ ctx->auth = (auth_func) _gcm_camellia_update;
+ ctx->tag = (tag_func) _gcm_camellia_digest;
+ ctx->ctx_ptr = &ctx->ctx.camellia_gcm;
+ ctx->block_size = CAMELLIA_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) camellia_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) camellia_crypt;
+ ctx->ctx_ptr = &ctx->ctx.camellia;
+ ctx->block_size = CAMELLIA_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) aes_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) aes_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.aes;
+ ctx->block_size = AES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) des3_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) des3_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des3;
+ ctx->block_size = DES3_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) des_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) des_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des;
+ ctx->block_size = DES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) arcfour_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) arcfour_crypt;
+ ctx->ctx_ptr = &ctx->ctx.arcfour;
+ ctx->block_size = 1;
+ break;
+ case GNUTLS_CIPHER_SALSA20_256:
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) salsa20_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) salsa20_crypt;
+ ctx->ctx_ptr = &ctx->ctx.salsa20;
+ ctx->block_size = 1;
+ break;
+ case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) salsa20r12_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) salsa20r12_crypt;
+ ctx->ctx_ptr = &ctx->ctx.salsa20;
+ ctx->block_size = 1;
+ break;
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) arctwo_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) arctwo_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.arctwo;
+ ctx->block_size = ARCTWO_BLOCK_SIZE;
+ break;
+ default:
+ gnutls_assert();
+ gnutls_free(ctx);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *_ctx = ctx;
+
+ return 0;
}
static int
-wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
+wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
- uint8_t des_key[DES3_KEY_SIZE];
-
- switch (ctx->algo)
- {
- case GNUTLS_CIPHER_AES_128_GCM:
- case GNUTLS_CIPHER_AES_256_GCM:
- gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_GCM:
- case GNUTLS_CIPHER_CAMELLIA_256_GCM:
- _gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize, key);
- break;
- case GNUTLS_CIPHER_AES_128_CBC:
- case GNUTLS_CIPHER_AES_192_CBC:
- case GNUTLS_CIPHER_AES_256_CBC:
- if (ctx->enc)
- aes_set_encrypt_key (ctx->ctx_ptr, keysize, key);
- else
- aes_set_decrypt_key (ctx->ctx_ptr, keysize, key);
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_CBC:
- case GNUTLS_CIPHER_CAMELLIA_192_CBC:
- case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- if (ctx->enc)
- camellia_set_encrypt_key (ctx->ctx_ptr, keysize, key);
- else
- camellia_set_decrypt_key (ctx->ctx_ptr, keysize, key);
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- if (keysize != DES3_KEY_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- des_fix_parity (keysize, des_key, key);
-
- /* this fails on weak keys */
- if (des3_set_key (ctx->ctx_ptr, des_key) != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- break;
- case GNUTLS_CIPHER_DES_CBC:
- if (keysize != DES_KEY_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- des_fix_parity (keysize, des_key, key);
-
- if (des_set_key (ctx->ctx_ptr, des_key) != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- break;
- case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_ARCFOUR_40:
- arcfour_set_key (ctx->ctx_ptr, keysize, key);
- break;
- case GNUTLS_CIPHER_SALSA20_256:
- case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
- salsa20_set_key (ctx->ctx_ptr, keysize, key);
- break;
- case GNUTLS_CIPHER_RC2_40_CBC:
- arctwo_set_key (ctx->ctx_ptr, keysize, key);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ struct nettle_cipher_ctx *ctx = _ctx;
+ uint8_t des_key[DES3_KEY_SIZE];
+
+ switch (ctx->algo) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ _gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize,
+ key);
+ break;
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ if (ctx->enc)
+ aes_set_encrypt_key(ctx->ctx_ptr, keysize, key);
+ else
+ aes_set_decrypt_key(ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ if (ctx->enc)
+ camellia_set_encrypt_key(ctx->ctx_ptr, keysize,
+ key);
+ else
+ camellia_set_decrypt_key(ctx->ctx_ptr, keysize,
+ key);
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ if (keysize != DES3_KEY_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ des_fix_parity(keysize, des_key, key);
+
+ /* this fails on weak keys */
+ if (des3_set_key(ctx->ctx_ptr, des_key) != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ if (keysize != DES_KEY_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ des_fix_parity(keysize, des_key, key);
+
+ if (des_set_key(ctx->ctx_ptr, des_key) != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ break;
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ arcfour_set_key(ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_SALSA20_256:
+ case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
+ salsa20_set_key(ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ arctwo_set_key(ctx->ctx_ptr, keysize, key);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
static int
-wrap_nettle_cipher_setiv (void *_ctx, const void *iv, size_t ivsize)
+wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t ivsize)
{
-struct nettle_cipher_ctx *ctx = _ctx;
-
- switch (ctx->algo)
- {
- case GNUTLS_CIPHER_AES_128_GCM:
- case GNUTLS_CIPHER_AES_256_GCM:
- if (ivsize != GCM_DEFAULT_NONCE_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv);
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_GCM:
- case GNUTLS_CIPHER_CAMELLIA_256_GCM:
- if (ivsize != GCM_DEFAULT_NONCE_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- _gcm_camellia_set_iv(&ctx->ctx.camellia_gcm, GCM_DEFAULT_NONCE_SIZE, iv);
- break;
- case GNUTLS_CIPHER_SALSA20_256:
- case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
- if (ivsize != SALSA20_IV_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- salsa20_set_iv(&ctx->ctx.salsa20, iv);
- break;
- default:
- if (ivsize > ctx->block_size)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- memcpy (ctx->iv, iv, ivsize);
- }
-
- return 0;
+ struct nettle_cipher_ctx *ctx = _ctx;
+
+ switch (ctx->algo) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ if (ivsize != GCM_DEFAULT_NONCE_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE,
+ iv);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ if (ivsize != GCM_DEFAULT_NONCE_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ _gcm_camellia_set_iv(&ctx->ctx.camellia_gcm,
+ GCM_DEFAULT_NONCE_SIZE, iv);
+ break;
+ case GNUTLS_CIPHER_SALSA20_256:
+ case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
+ if (ivsize != SALSA20_IV_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ salsa20_set_iv(&ctx->ctx.salsa20, iv);
+ break;
+ default:
+ if (ivsize > ctx->block_size)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ memcpy(ctx->iv, iv, ivsize);
+ }
+
+ return 0;
}
static int
-wrap_nettle_cipher_decrypt (void *_ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize)
+wrap_nettle_cipher_decrypt(void *_ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- ctx->decrypt (ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv,
- encrsize, plain, encr);
+ ctx->decrypt(ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size,
+ ctx->iv, encrsize, plain, encr);
- return 0;
+ return 0;
}
static int
-wrap_nettle_cipher_encrypt (void *_ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize)
+wrap_nettle_cipher_encrypt(void *_ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- ctx->encrypt (ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv,
- plainsize, encr, plain);
+ ctx->encrypt(ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size,
+ ctx->iv, plainsize, encr, plain);
- return 0;
+ return 0;
}
static int
-wrap_nettle_cipher_auth (void *_ctx, const void *plain, size_t plainsize)
+wrap_nettle_cipher_auth(void *_ctx, const void *plain, size_t plainsize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- ctx->auth (ctx->ctx_ptr, plainsize, plain);
+ ctx->auth(ctx->ctx_ptr, plainsize, plain);
- return 0;
+ return 0;
}
-static void
-wrap_nettle_cipher_tag (void *_ctx, void *tag, size_t tagsize)
+static void wrap_nettle_cipher_tag(void *_ctx, void *tag, size_t tagsize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- ctx->tag (ctx->ctx_ptr, tagsize, tag);
+ ctx->tag(ctx->ctx_ptr, tagsize, tag);
}
-static void
-wrap_nettle_cipher_close (void *h)
+static void wrap_nettle_cipher_close(void *h)
{
- gnutls_free (h);
+ gnutls_free(h);
}
gnutls_crypto_cipher_st _gnutls_cipher_ops = {
- .init = wrap_nettle_cipher_init,
- .exists = wrap_nettle_cipher_exists,
- .setiv = wrap_nettle_cipher_setiv,
- .setkey = wrap_nettle_cipher_setkey,
- .encrypt = wrap_nettle_cipher_encrypt,
- .decrypt = wrap_nettle_cipher_decrypt,
- .deinit = wrap_nettle_cipher_close,
- .auth = wrap_nettle_cipher_auth,
- .tag = wrap_nettle_cipher_tag,
+ .init = wrap_nettle_cipher_init,
+ .exists = wrap_nettle_cipher_exists,
+ .setiv = wrap_nettle_cipher_setiv,
+ .setkey = wrap_nettle_cipher_setkey,
+ .encrypt = wrap_nettle_cipher_encrypt,
+ .decrypt = wrap_nettle_cipher_decrypt,
+ .deinit = wrap_nettle_cipher_close,
+ .auth = wrap_nettle_cipher_auth,
+ .tag = wrap_nettle_cipher_tag,
};
diff --git a/lib/nettle/egd.c b/lib/nettle/egd.c
index dc0bd2373e..19b0302f68 100644
--- a/lib/nettle/egd.c
+++ b/lib/nettle/egd.c
@@ -38,9 +38,9 @@
#include <gnutls_errors.h>
#ifdef AF_UNIX
-# define LOCAL_SOCKET_TYPE AF_UNIX
+#define LOCAL_SOCKET_TYPE AF_UNIX
#else
-# define LOCAL_SOCKET_TYPE AF_LOCAL
+#define LOCAL_SOCKET_TYPE AF_LOCAL
#endif
#ifndef offsetof
@@ -49,141 +49,125 @@
static int egd_socket = -1;
-static int
-do_write (int fd, void *buf, size_t nbytes)
+static int do_write(int fd, void *buf, size_t nbytes)
{
- size_t nleft = nbytes;
- int nwritten;
-
- while (nleft > 0)
- {
- nwritten = write (fd, buf, nleft);
- if (nwritten < 0)
- {
- if (errno == EINTR)
- continue;
- return -1;
- }
- nleft -= nwritten;
- buf = (char *) buf + nwritten;
- }
- return 0;
+ size_t nleft = nbytes;
+ int nwritten;
+
+ while (nleft > 0) {
+ nwritten = write(fd, buf, nleft);
+ if (nwritten < 0) {
+ if (errno == EINTR)
+ continue;
+ return -1;
+ }
+ nleft -= nwritten;
+ buf = (char *) buf + nwritten;
+ }
+ return 0;
}
-static int
-do_read (int fd, void *buf, size_t nbytes)
+static int do_read(int fd, void *buf, size_t nbytes)
{
- int n;
- size_t nread = 0;
-
- do
- {
- do
- {
- n = read (fd, (char *) buf + nread, nbytes);
- }
- while (n == -1 && errno == EINTR);
- if (n == -1)
- {
- if (nread > 0)
- return nread;
- else return -1;
- }
- if (n == 0)
- return -1;
- nread += n;
- nbytes -= n;
- }
- while (nread < nbytes);
- return nread;
+ int n;
+ size_t nread = 0;
+
+ do {
+ do {
+ n = read(fd, (char *) buf + nread, nbytes);
+ }
+ while (n == -1 && errno == EINTR);
+ if (n == -1) {
+ if (nread > 0)
+ return nread;
+ else
+ return -1;
+ }
+ if (n == 0)
+ return -1;
+ nread += n;
+ nbytes -= n;
+ }
+ while (nread < nbytes);
+ return nread;
}
static const char *egd_names[] = {
- "/var/run/egd-pool",
- "/dev/egd-pool",
- "/etc/egd-pool",
- "/etc/entropy",
- "/var/run/entropy",
- "/dev/entropy",
- NULL
+ "/var/run/egd-pool",
+ "/dev/egd-pool",
+ "/etc/egd-pool",
+ "/etc/entropy",
+ "/var/run/entropy",
+ "/dev/entropy",
+ NULL
};
-static const char *
-find_egd_name (void)
+static const char *find_egd_name(void)
{
- int i = 0;
- struct stat st;
+ int i = 0;
+ struct stat st;
- do
- {
- if (stat (egd_names[i], &st) != 0)
- continue;
+ do {
+ if (stat(egd_names[i], &st) != 0)
+ continue;
- if (st.st_mode & S_IFSOCK)
- { /* found */
- return egd_names[i];
- }
+ if (st.st_mode & S_IFSOCK) { /* found */
+ return egd_names[i];
+ }
- }
- while (egd_names[++i] != NULL);
+ }
+ while (egd_names[++i] != NULL);
- return NULL;
+ return NULL;
}
/* Connect to the EGD and return the file descriptor. Return -1 on
error. With NOFAIL set to true, silently fail and return the
error, otherwise print an error message and die. */
-int
-_rndegd_connect_socket (void)
+int _rndegd_connect_socket(void)
{
- int fd;
- const char *name;
- struct sockaddr_un addr;
- int addr_len;
-
- if (egd_socket != -1)
- {
- close (egd_socket);
- egd_socket = -1;
- }
-
- name = find_egd_name ();
- if (name == NULL)
- {
- _gnutls_debug_log ("Could not detect an egd device.\n");
- return -1;
- }
-
- if (strlen (name) + 1 >= sizeof addr.sun_path)
- {
- _gnutls_debug_log ("EGD socketname is too long\n");
- return -1;
- }
-
- memset (&addr, 0, sizeof addr);
- addr.sun_family = LOCAL_SOCKET_TYPE;
- _gnutls_str_cpy (addr.sun_path, sizeof(addr.sun_path), name);
- addr_len = (offsetof (struct sockaddr_un, sun_path)
- + strlen (addr.sun_path));
-
- fd = socket (LOCAL_SOCKET_TYPE, SOCK_STREAM, 0);
- if (fd == -1)
- {
- _gnutls_debug_log ("can't create unix domain socket: %s\n",
- strerror (errno));
- return -1;
- }
- else if (connect (fd, (struct sockaddr *) &addr, addr_len) == -1)
- {
- _gnutls_debug_log ("can't connect to EGD socket `%s': %s\n",
- name, strerror (errno));
- close (fd);
- fd = -1;
- }
-
- if (fd != -1)
- egd_socket = fd;
- return fd;
+ int fd;
+ const char *name;
+ struct sockaddr_un addr;
+ int addr_len;
+
+ if (egd_socket != -1) {
+ close(egd_socket);
+ egd_socket = -1;
+ }
+
+ name = find_egd_name();
+ if (name == NULL) {
+ _gnutls_debug_log("Could not detect an egd device.\n");
+ return -1;
+ }
+
+ if (strlen(name) + 1 >= sizeof addr.sun_path) {
+ _gnutls_debug_log("EGD socketname is too long\n");
+ return -1;
+ }
+
+ memset(&addr, 0, sizeof addr);
+ addr.sun_family = LOCAL_SOCKET_TYPE;
+ _gnutls_str_cpy(addr.sun_path, sizeof(addr.sun_path), name);
+ addr_len = (offsetof(struct sockaddr_un, sun_path)
+ + strlen(addr.sun_path));
+
+ fd = socket(LOCAL_SOCKET_TYPE, SOCK_STREAM, 0);
+ if (fd == -1) {
+ _gnutls_debug_log("can't create unix domain socket: %s\n",
+ strerror(errno));
+ return -1;
+ } else if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
+ _gnutls_debug_log("can't connect to EGD socket `%s': %s\n",
+ name, strerror(errno));
+ close(fd);
+ fd = -1;
+ }
+
+ if (fd != -1)
+ egd_socket = fd;
+ return fd;
}
/****************
@@ -194,91 +178,90 @@ _rndegd_connect_socket (void)
* Using a level of 0 should never block and better add nothing
* to the pool. So this is just a dummy for EGD.
*/
-int
-_rndegd_read (int *fd, void *_output, size_t _length)
+int _rndegd_read(int *fd, void *_output, size_t _length)
{
- ssize_t n;
- uint8_t buffer[256 + 2];
- int nbytes;
- int do_restart = 0;
- unsigned char *output = _output;
- ssize_t length = (ssize_t)_length;
-
- if (!length)
- return 0;
-
-restart:
- if (*fd == -1 || do_restart)
- *fd = _rndegd_connect_socket ();
-
- do_restart = 0;
-
- nbytes = length < 255 ? length : 255;
- /* First time we do it with a non blocking request */
- buffer[0] = 1; /* non blocking */
- buffer[1] = nbytes;
-
- if (do_write (*fd, buffer, 2) == -1)
- _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
-
- n = do_read (*fd, buffer, 1);
- if (n == -1)
- {
- _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
- do_restart = 1;
- goto restart;
- }
-
- n = buffer[0];
- if (n)
- {
- n = do_read (*fd, buffer, n);
- if (n == -1)
- {
- _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
- do_restart = 1;
- goto restart;
- }
-
- if (n > length)
- {
- _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
- n = length;
- }
-
- memcpy (output, buffer, n);
- output += n;
- length -= n;
- }
-
- while (length)
- {
- nbytes = length < 255 ? length : 255;
-
- buffer[0] = 2; /* blocking */
- buffer[1] = nbytes;
- if (do_write (*fd, buffer, 2) == -1)
- _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
- n = do_read (*fd, buffer, nbytes);
- if (n == -1)
- {
- _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
- do_restart = 1;
- goto restart;
- }
-
- if (n > length)
- {
- _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
- n = length;
- }
-
- memcpy (output, buffer, n);
- output += n;
- length -= n;
- }
-
- return _length; /* success */
+ ssize_t n;
+ uint8_t buffer[256 + 2];
+ int nbytes;
+ int do_restart = 0;
+ unsigned char *output = _output;
+ ssize_t length = (ssize_t) _length;
+
+ if (!length)
+ return 0;
+
+ restart:
+ if (*fd == -1 || do_restart)
+ *fd = _rndegd_connect_socket();
+
+ do_restart = 0;
+
+ nbytes = length < 255 ? length : 255;
+ /* First time we do it with a non blocking request */
+ buffer[0] = 1; /* non blocking */
+ buffer[1] = nbytes;
+
+ if (do_write(*fd, buffer, 2) == -1)
+ _gnutls_debug_log("can't write to the EGD: %s\n",
+ strerror(errno));
+
+ n = do_read(*fd, buffer, 1);
+ if (n == -1) {
+ _gnutls_debug_log("read error on EGD: %s\n",
+ strerror(errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ n = buffer[0];
+ if (n) {
+ n = do_read(*fd, buffer, n);
+ if (n == -1) {
+ _gnutls_debug_log("read error on EGD: %s\n",
+ strerror(errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ if (n > length) {
+ _gnutls_debug_log
+ ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
+
+ memcpy(output, buffer, n);
+ output += n;
+ length -= n;
+ }
+
+ while (length) {
+ nbytes = length < 255 ? length : 255;
+
+ buffer[0] = 2; /* blocking */
+ buffer[1] = nbytes;
+ if (do_write(*fd, buffer, 2) == -1)
+ _gnutls_debug_log("can't write to the EGD: %s\n",
+ strerror(errno));
+ n = do_read(*fd, buffer, nbytes);
+ if (n == -1) {
+ _gnutls_debug_log("read error on EGD: %s\n",
+ strerror(errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ if (n > length) {
+ _gnutls_debug_log
+ ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
+
+ memcpy(output, buffer, n);
+ output += n;
+ length -= n;
+ }
+
+ return _length; /* success */
}
#endif
diff --git a/lib/nettle/egd.h b/lib/nettle/egd.h
index d440852f70..2239143a3a 100644
--- a/lib/nettle/egd.h
+++ b/lib/nettle/egd.h
@@ -18,5 +18,5 @@
*
*/
-int _rndegd_read (int *fd, void *output, size_t length);
-int _rndegd_connect_socket (void);
+int _rndegd_read(int *fd, void *output, size_t length);
+int _rndegd_connect_socket(void);
diff --git a/lib/nettle/gcm-camellia.c b/lib/nettle/gcm-camellia.c
index 45d31fea6d..cebb476635 100644
--- a/lib/nettle/gcm-camellia.c
+++ b/lib/nettle/gcm-camellia.c
@@ -26,7 +26,7 @@
*/
#if HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <nettle/gcm.h>
@@ -34,42 +34,45 @@
#include <gcm-camellia.h>
void
-_gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length, const uint8_t *key)
+_gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * key)
{
- GCM_SET_KEY(ctx, camellia_set_encrypt_key, camellia_crypt, length, key);
+ GCM_SET_KEY(ctx, camellia_set_encrypt_key, camellia_crypt, length,
+ key);
}
void
_gcm_camellia_set_iv(struct _gcm_camellia_ctx *ctx,
- unsigned length, const uint8_t *iv)
+ unsigned length, const uint8_t * iv)
{
- GCM_SET_IV(ctx, length, iv);
+ GCM_SET_IV(ctx, length, iv);
}
void
-_gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length, const uint8_t *data)
+_gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * data)
{
- GCM_UPDATE(ctx, length, data);
+ GCM_UPDATE(ctx, length, data);
}
void
_gcm_camellia_encrypt(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src)
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- GCM_ENCRYPT(ctx, camellia_crypt, length, dst, src);
+ GCM_ENCRYPT(ctx, camellia_crypt, length, dst, src);
}
void
_gcm_camellia_decrypt(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src)
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- GCM_DECRYPT(ctx, camellia_crypt, length, dst, src);
+ GCM_DECRYPT(ctx, camellia_crypt, length, dst, src);
}
void
_gcm_camellia_digest(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *digest)
+ unsigned length, uint8_t * digest)
{
- GCM_DIGEST(ctx, camellia_crypt, length, digest);
-
+ GCM_DIGEST(ctx, camellia_crypt, length, digest);
+
}
diff --git a/lib/nettle/gcm-camellia.h b/lib/nettle/gcm-camellia.h
index 415562131d..0baabb1d95 100644
--- a/lib/nettle/gcm-camellia.h
+++ b/lib/nettle/gcm-camellia.h
@@ -24,13 +24,15 @@
struct _gcm_camellia_ctx GCM_CTX(struct camellia_ctx);
-void _gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length, const uint8_t *key);
-void _gcm_camellia_set_iv(struct _gcm_camellia_ctx *ctx,
- unsigned length, const uint8_t *iv);
-void _gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length, const uint8_t *data);
-void _gcm_camellia_encrypt(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src);
-void _gcm_camellia_decrypt(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src);
-void _gcm_camellia_digest(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *digest);
+void _gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * key);
+void _gcm_camellia_set_iv(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * iv);
+void _gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * data);
+void _gcm_camellia_encrypt(struct _gcm_camellia_ctx *ctx, unsigned length,
+ uint8_t * dst, const uint8_t * src);
+void _gcm_camellia_decrypt(struct _gcm_camellia_ctx *ctx, unsigned length,
+ uint8_t * dst, const uint8_t * src);
+void _gcm_camellia_digest(struct _gcm_camellia_ctx *ctx, unsigned length,
+ uint8_t * digest);
diff --git a/lib/nettle/init.c b/lib/nettle/init.c
index 0799d33bfc..4f75859403 100644
--- a/lib/nettle/init.c
+++ b/lib/nettle/init.c
@@ -28,16 +28,14 @@
/* Functions that refer to the initialization of the nettle library.
*/
-int
-gnutls_crypto_init (void)
+int gnutls_crypto_init(void)
{
- return 0;
+ return 0;
}
/* Functions that refer to the deinitialization of the nettle library.
*/
-void
-gnutls_crypto_deinit (void)
+void gnutls_crypto_deinit(void)
{
}
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index ae73256b1b..a2e68811fd 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -37,432 +37,418 @@ typedef void (*digest_func) (void *, unsigned, uint8_t *);
typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
typedef void (*set_nonce_func) (void *, unsigned, const uint8_t *);
-static int wrap_nettle_hash_init (gnutls_digest_algorithm_t algo, void **_ctx);
-
-struct nettle_hash_ctx
-{
- union
- {
- struct md5_ctx md5;
- struct md2_ctx md2;
- struct sha224_ctx sha224;
- struct sha256_ctx sha256;
- struct sha384_ctx sha384;
- struct sha512_ctx sha512;
- struct sha1_ctx sha1;
- } ctx;
- void *ctx_ptr;
- gnutls_digest_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
+static int wrap_nettle_hash_init(gnutls_digest_algorithm_t algo,
+ void **_ctx);
+
+struct nettle_hash_ctx {
+ union {
+ struct md5_ctx md5;
+ struct md2_ctx md2;
+ struct sha224_ctx sha224;
+ struct sha256_ctx sha256;
+ struct sha384_ctx sha384;
+ struct sha512_ctx sha512;
+ struct sha1_ctx sha1;
+ } ctx;
+ void *ctx_ptr;
+ gnutls_digest_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
};
-struct nettle_mac_ctx
-{
- union
- {
- struct hmac_md5_ctx md5;
- struct hmac_sha224_ctx sha224;
- struct hmac_sha256_ctx sha256;
- struct hmac_sha384_ctx sha384;
- struct hmac_sha512_ctx sha512;
- struct hmac_sha1_ctx sha1;
- struct umac96_ctx umac96;
- struct umac128_ctx umac128;
- } ctx;
-
- void *ctx_ptr;
- gnutls_mac_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
- set_key_func set_key;
- set_nonce_func set_nonce;
+struct nettle_mac_ctx {
+ union {
+ struct hmac_md5_ctx md5;
+ struct hmac_sha224_ctx sha224;
+ struct hmac_sha256_ctx sha256;
+ struct hmac_sha384_ctx sha384;
+ struct hmac_sha512_ctx sha512;
+ struct hmac_sha1_ctx sha1;
+ struct umac96_ctx umac96;
+ struct umac128_ctx umac128;
+ } ctx;
+
+ void *ctx_ptr;
+ gnutls_mac_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+ set_key_func set_key;
+ set_nonce_func set_nonce;
};
static void
-_wrap_umac96_set_key(void* ctx, unsigned len, const uint8_t* key)
+_wrap_umac96_set_key(void *ctx, unsigned len, const uint8_t * key)
{
if (unlikely(len != 16))
- abort();
+ abort();
umac96_set_key(ctx, key);
}
static void
-_wrap_umac128_set_key(void* ctx, unsigned len, const uint8_t* key)
+_wrap_umac128_set_key(void *ctx, unsigned len, const uint8_t * key)
{
if (unlikely(len != 16))
- abort();
+ abort();
umac128_set_key(ctx, key);
}
-static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx)
+static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
+ struct nettle_mac_ctx *ctx)
{
- ctx->set_nonce = NULL;
- switch (algo)
- {
- case GNUTLS_MAC_MD5:
- ctx->update = (update_func) hmac_md5_update;
- ctx->digest = (digest_func) hmac_md5_digest;
- ctx->set_key = (set_key_func) hmac_md5_set_key;
- ctx->ctx_ptr = &ctx->ctx.md5;
- ctx->length = MD5_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA1:
- ctx->update = (update_func) hmac_sha1_update;
- ctx->digest = (digest_func) hmac_sha1_digest;
- ctx->set_key = (set_key_func) hmac_sha1_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA224:
- ctx->update = (update_func) hmac_sha224_update;
- ctx->digest = (digest_func) hmac_sha224_digest;
- ctx->set_key = (set_key_func) hmac_sha224_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA256:
- ctx->update = (update_func) hmac_sha256_update;
- ctx->digest = (digest_func) hmac_sha256_digest;
- ctx->set_key = (set_key_func) hmac_sha256_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA384:
- ctx->update = (update_func) hmac_sha384_update;
- ctx->digest = (digest_func) hmac_sha384_digest;
- ctx->set_key = (set_key_func) hmac_sha384_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA512:
- ctx->update = (update_func) hmac_sha512_update;
- ctx->digest = (digest_func) hmac_sha512_digest;
- ctx->set_key = (set_key_func) hmac_sha512_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_UMAC_96:
- ctx->update = (update_func) umac96_update;
- ctx->digest = (digest_func) umac96_digest;
- ctx->set_key = _wrap_umac96_set_key;
- ctx->set_nonce = (set_nonce_func) umac96_set_nonce;
- ctx->ctx_ptr = &ctx->ctx.umac96;
- ctx->length = 12;
- break;
- case GNUTLS_MAC_UMAC_128:
- ctx->update = (update_func) umac128_update;
- ctx->digest = (digest_func) umac128_digest;
- ctx->set_key = _wrap_umac128_set_key;
- ctx->set_nonce = (set_nonce_func) umac128_set_nonce;
- ctx->ctx_ptr = &ctx->ctx.umac128;
- ctx->length = 16;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ ctx->set_nonce = NULL;
+ switch (algo) {
+ case GNUTLS_MAC_MD5:
+ ctx->update = (update_func) hmac_md5_update;
+ ctx->digest = (digest_func) hmac_md5_digest;
+ ctx->set_key = (set_key_func) hmac_md5_set_key;
+ ctx->ctx_ptr = &ctx->ctx.md5;
+ ctx->length = MD5_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA1:
+ ctx->update = (update_func) hmac_sha1_update;
+ ctx->digest = (digest_func) hmac_sha1_digest;
+ ctx->set_key = (set_key_func) hmac_sha1_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA224:
+ ctx->update = (update_func) hmac_sha224_update;
+ ctx->digest = (digest_func) hmac_sha224_digest;
+ ctx->set_key = (set_key_func) hmac_sha224_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA256:
+ ctx->update = (update_func) hmac_sha256_update;
+ ctx->digest = (digest_func) hmac_sha256_digest;
+ ctx->set_key = (set_key_func) hmac_sha256_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA384:
+ ctx->update = (update_func) hmac_sha384_update;
+ ctx->digest = (digest_func) hmac_sha384_digest;
+ ctx->set_key = (set_key_func) hmac_sha384_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA512:
+ ctx->update = (update_func) hmac_sha512_update;
+ ctx->digest = (digest_func) hmac_sha512_digest;
+ ctx->set_key = (set_key_func) hmac_sha512_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_UMAC_96:
+ ctx->update = (update_func) umac96_update;
+ ctx->digest = (digest_func) umac96_digest;
+ ctx->set_key = _wrap_umac96_set_key;
+ ctx->set_nonce = (set_nonce_func) umac96_set_nonce;
+ ctx->ctx_ptr = &ctx->ctx.umac96;
+ ctx->length = 12;
+ break;
+ case GNUTLS_MAC_UMAC_128:
+ ctx->update = (update_func) umac128_update;
+ ctx->digest = (digest_func) umac128_digest;
+ ctx->set_key = _wrap_umac128_set_key;
+ ctx->set_nonce = (set_nonce_func) umac128_set_nonce;
+ ctx->ctx_ptr = &ctx->ctx.umac128;
+ ctx->length = 16;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
-static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
- const void* nonce, size_t nonce_size,
- const void *key, size_t key_size,
- const void* text, size_t text_size,
- void* digest)
+static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
+ const void *nonce, size_t nonce_size,
+ const void *key, size_t key_size,
+ const void *text, size_t text_size,
+ void *digest)
{
- struct nettle_mac_ctx ctx;
- int ret;
-
- ret = _mac_ctx_init(algo, &ctx);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (ctx.set_nonce)
- ctx.set_nonce (&ctx, nonce_size, nonce);
- ctx.set_key (&ctx, key_size, key);
- ctx.update (&ctx, text_size, text);
- ctx.digest (&ctx, ctx.length, digest);
-
- return 0;
+ struct nettle_mac_ctx ctx;
+ int ret;
+
+ ret = _mac_ctx_init(algo, &ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (ctx.set_nonce)
+ ctx.set_nonce(&ctx, nonce_size, nonce);
+ ctx.set_key(&ctx, key_size, key);
+ ctx.update(&ctx, text_size, text);
+ ctx.digest(&ctx, ctx.length, digest);
+
+ return 0;
}
static int wrap_nettle_mac_exists(gnutls_mac_algorithm_t algo)
{
- switch (algo)
- {
- case GNUTLS_MAC_MD5:
- case GNUTLS_MAC_SHA1:
- case GNUTLS_MAC_SHA224:
- case GNUTLS_MAC_SHA256:
- case GNUTLS_MAC_SHA384:
- case GNUTLS_MAC_SHA512:
- case GNUTLS_MAC_UMAC_96:
- case GNUTLS_MAC_UMAC_128:
- return 1;
- default:
- return 0;
- }
+ switch (algo) {
+ case GNUTLS_MAC_MD5:
+ case GNUTLS_MAC_SHA1:
+ case GNUTLS_MAC_SHA224:
+ case GNUTLS_MAC_SHA256:
+ case GNUTLS_MAC_SHA384:
+ case GNUTLS_MAC_SHA512:
+ case GNUTLS_MAC_UMAC_96:
+ case GNUTLS_MAC_UMAC_128:
+ return 1;
+ default:
+ return 0;
+ }
}
-static int
-wrap_nettle_mac_init (gnutls_mac_algorithm_t algo, void **_ctx)
+static int wrap_nettle_mac_init(gnutls_mac_algorithm_t algo, void **_ctx)
{
- struct nettle_mac_ctx *ctx;
- int ret;
+ struct nettle_mac_ctx *ctx;
+ int ret;
- ctx = gnutls_calloc (1, sizeof (struct nettle_mac_ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ctx = gnutls_calloc(1, sizeof(struct nettle_mac_ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx->algo = algo;
+ ctx->algo = algo;
- ret = _mac_ctx_init(algo, ctx);
- if (ret < 0)
- {
- gnutls_free(ctx);
- return gnutls_assert_val(ret);
- }
+ ret = _mac_ctx_init(algo, ctx);
+ if (ret < 0) {
+ gnutls_free(ctx);
+ return gnutls_assert_val(ret);
+ }
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
static int
-wrap_nettle_mac_set_key (void *_ctx, const void *key, size_t keylen)
+wrap_nettle_mac_set_key(void *_ctx, const void *key, size_t keylen)
{
- struct nettle_mac_ctx *ctx = _ctx;
+ struct nettle_mac_ctx *ctx = _ctx;
- ctx->set_key (ctx->ctx_ptr, keylen, key);
- return 0;
+ ctx->set_key(ctx->ctx_ptr, keylen, key);
+ return 0;
}
static int
-wrap_nettle_mac_set_nonce (void *_ctx, const void *nonce, size_t noncelen)
+wrap_nettle_mac_set_nonce(void *_ctx, const void *nonce, size_t noncelen)
{
- struct nettle_mac_ctx *ctx = _ctx;
-
- if (ctx->set_nonce == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ struct nettle_mac_ctx *ctx = _ctx;
- ctx->set_nonce (ctx->ctx_ptr, noncelen, nonce);
+ if (ctx->set_nonce == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return GNUTLS_E_SUCCESS;
+ ctx->set_nonce(ctx->ctx_ptr, noncelen, nonce);
+
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_nettle_mac_update (void *_ctx, const void *text, size_t textsize)
+wrap_nettle_mac_update(void *_ctx, const void *text, size_t textsize)
{
- struct nettle_mac_ctx *ctx = _ctx;
+ struct nettle_mac_ctx *ctx = _ctx;
- ctx->update (ctx->ctx_ptr, textsize, text);
+ ctx->update(ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_nettle_mac_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_nettle_mac_output(void *src_ctx, void *digest, size_t digestsize)
{
- struct nettle_mac_ctx *ctx;
- ctx = src_ctx;
+ struct nettle_mac_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (digestsize < ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- ctx->digest (ctx->ctx_ptr, digestsize, digest);
+ ctx->digest(ctx->ctx_ptr, digestsize, digest);
- return 0;
+ return 0;
}
-static void
-wrap_nettle_mac_deinit (void *hd)
+static void wrap_nettle_mac_deinit(void *hd)
{
- gnutls_free (hd);
+ gnutls_free(hd);
}
/* Hash functions
*/
static int
-wrap_nettle_hash_update (void *_ctx, const void *text, size_t textsize)
+wrap_nettle_hash_update(void *_ctx, const void *text, size_t textsize)
{
- struct nettle_hash_ctx *ctx = _ctx;
+ struct nettle_hash_ctx *ctx = _ctx;
- ctx->update (ctx->ctx_ptr, textsize, text);
+ ctx->update(ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-static void
-wrap_nettle_hash_deinit (void *hd)
+static void wrap_nettle_hash_deinit(void *hd)
{
- gnutls_free (hd);
+ gnutls_free(hd);
}
static int wrap_nettle_hash_exists(gnutls_digest_algorithm_t algo)
{
- switch (algo)
- {
- case GNUTLS_DIG_MD5:
- case GNUTLS_DIG_SHA1:
- case GNUTLS_DIG_MD2:
- case GNUTLS_DIG_SHA224:
- case GNUTLS_DIG_SHA256:
- case GNUTLS_DIG_SHA384:
- case GNUTLS_DIG_SHA512:
- return 1;
- default:
- return 0;
- }
+ switch (algo) {
+ case GNUTLS_DIG_MD5:
+ case GNUTLS_DIG_SHA1:
+ case GNUTLS_DIG_MD2:
+ case GNUTLS_DIG_SHA224:
+ case GNUTLS_DIG_SHA256:
+ case GNUTLS_DIG_SHA384:
+ case GNUTLS_DIG_SHA512:
+ return 1;
+ default:
+ return 0;
+ }
}
-static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx *ctx)
+static int _ctx_init(gnutls_digest_algorithm_t algo,
+ struct nettle_hash_ctx *ctx)
{
- switch (algo)
- {
- case GNUTLS_DIG_MD5:
- md5_init (&ctx->ctx.md5);
- ctx->update = (update_func) md5_update;
- ctx->digest = (digest_func) md5_digest;
- ctx->ctx_ptr = &ctx->ctx.md5;
- ctx->length = MD5_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA1:
- sha1_init (&ctx->ctx.sha1);
- ctx->update = (update_func) sha1_update;
- ctx->digest = (digest_func) sha1_digest;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_MD2:
- md2_init (&ctx->ctx.md2);
- ctx->update = (update_func) md2_update;
- ctx->digest = (digest_func) md2_digest;
- ctx->ctx_ptr = &ctx->ctx.md2;
- ctx->length = MD2_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA224:
- sha224_init (&ctx->ctx.sha224);
- ctx->update = (update_func) sha224_update;
- ctx->digest = (digest_func) sha224_digest;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA256:
- sha256_init (&ctx->ctx.sha256);
- ctx->update = (update_func) sha256_update;
- ctx->digest = (digest_func) sha256_digest;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA384:
- sha384_init (&ctx->ctx.sha384);
- ctx->update = (update_func) sha384_update;
- ctx->digest = (digest_func) sha384_digest;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA512:
- sha512_init (&ctx->ctx.sha512);
- ctx->update = (update_func) sha512_update;
- ctx->digest = (digest_func) sha512_digest;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ switch (algo) {
+ case GNUTLS_DIG_MD5:
+ md5_init(&ctx->ctx.md5);
+ ctx->update = (update_func) md5_update;
+ ctx->digest = (digest_func) md5_digest;
+ ctx->ctx_ptr = &ctx->ctx.md5;
+ ctx->length = MD5_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA1:
+ sha1_init(&ctx->ctx.sha1);
+ ctx->update = (update_func) sha1_update;
+ ctx->digest = (digest_func) sha1_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_MD2:
+ md2_init(&ctx->ctx.md2);
+ ctx->update = (update_func) md2_update;
+ ctx->digest = (digest_func) md2_digest;
+ ctx->ctx_ptr = &ctx->ctx.md2;
+ ctx->length = MD2_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA224:
+ sha224_init(&ctx->ctx.sha224);
+ ctx->update = (update_func) sha224_update;
+ ctx->digest = (digest_func) sha224_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA256:
+ sha256_init(&ctx->ctx.sha256);
+ ctx->update = (update_func) sha256_update;
+ ctx->digest = (digest_func) sha256_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA384:
+ sha384_init(&ctx->ctx.sha384);
+ ctx->update = (update_func) sha384_update;
+ ctx->digest = (digest_func) sha384_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA512:
+ sha512_init(&ctx->ctx.sha512);
+ ctx->update = (update_func) sha512_update;
+ ctx->digest = (digest_func) sha512_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
-static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
- const void* text, size_t text_size,
- void* digest)
+static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
+ const void *text, size_t text_size,
+ void *digest)
{
- struct nettle_hash_ctx ctx;
- int ret;
-
- ret = _ctx_init(algo, &ctx);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ctx.update (&ctx, text_size, text);
- ctx.digest (&ctx, ctx.length, digest);
-
- return 0;
+ struct nettle_hash_ctx ctx;
+ int ret;
+
+ ret = _ctx_init(algo, &ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ctx.update(&ctx, text_size, text);
+ ctx.digest(&ctx, ctx.length, digest);
+
+ return 0;
}
static int
-wrap_nettle_hash_init (gnutls_digest_algorithm_t algo, void **_ctx)
+wrap_nettle_hash_init(gnutls_digest_algorithm_t algo, void **_ctx)
{
- struct nettle_hash_ctx *ctx;
- int ret;
+ struct nettle_hash_ctx *ctx;
+ int ret;
- ctx = gnutls_malloc (sizeof (struct nettle_hash_ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ctx = gnutls_malloc(sizeof(struct nettle_hash_ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx->algo = algo;
+ ctx->algo = algo;
- if ((ret=_ctx_init( algo, ctx)) < 0)
- {
- gnutls_assert ();
- gnutls_free(ctx);
- return ret;
- }
+ if ((ret = _ctx_init(algo, ctx)) < 0) {
+ gnutls_assert();
+ gnutls_free(ctx);
+ return ret;
+ }
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
static int
-wrap_nettle_hash_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_nettle_hash_output(void *src_ctx, void *digest, size_t digestsize)
{
- struct nettle_hash_ctx *ctx;
- ctx = src_ctx;
+ struct nettle_hash_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (digestsize < ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- ctx->digest (ctx->ctx_ptr, digestsize, digest);
+ ctx->digest(ctx->ctx_ptr, digestsize, digest);
- return 0;
+ return 0;
}
gnutls_crypto_mac_st _gnutls_mac_ops = {
- .init = wrap_nettle_mac_init,
- .setkey = wrap_nettle_mac_set_key,
- .setnonce = wrap_nettle_mac_set_nonce,
- .hash = wrap_nettle_mac_update,
- .output = wrap_nettle_mac_output,
- .deinit = wrap_nettle_mac_deinit,
- .fast = wrap_nettle_mac_fast,
- .exists = wrap_nettle_mac_exists,
+ .init = wrap_nettle_mac_init,
+ .setkey = wrap_nettle_mac_set_key,
+ .setnonce = wrap_nettle_mac_set_nonce,
+ .hash = wrap_nettle_mac_update,
+ .output = wrap_nettle_mac_output,
+ .deinit = wrap_nettle_mac_deinit,
+ .fast = wrap_nettle_mac_fast,
+ .exists = wrap_nettle_mac_exists,
};
gnutls_crypto_digest_st _gnutls_digest_ops = {
- .init = wrap_nettle_hash_init,
- .hash = wrap_nettle_hash_update,
- .output = wrap_nettle_hash_output,
- .deinit = wrap_nettle_hash_deinit,
- .fast = wrap_nettle_hash_fast,
- .exists = wrap_nettle_hash_exists,
+ .init = wrap_nettle_hash_init,
+ .hash = wrap_nettle_hash_update,
+ .output = wrap_nettle_hash_output,
+ .deinit = wrap_nettle_hash_deinit,
+ .fast = wrap_nettle_hash_fast,
+ .exists = wrap_nettle_hash_exists,
};
diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c
index 61729b94b6..994f84198c 100644
--- a/lib/nettle/mpi.c
+++ b/lib/nettle/mpi.c
@@ -36,379 +36,347 @@
#define TOMPZ(x) (*((mpz_t*)(x)))
static int
-wrap_nettle_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
- gnutls_bigint_format_t format)
+wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t * nbytes,
+ gnutls_bigint_format_t format)
{
- unsigned int size;
- mpz_t *p = (void *) a;
-
- if (format == GNUTLS_MPI_FORMAT_USG)
- {
- size = nettle_mpz_sizeinbase_256_u (*p);
- }
- else if (format == GNUTLS_MPI_FORMAT_STD)
- {
- size = nettle_mpz_sizeinbase_256_s (*p);
- }
- else if (format == GNUTLS_MPI_FORMAT_PGP)
- {
- size = nettle_mpz_sizeinbase_256_u (*p) + 2;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (buffer == NULL || size > *nbytes)
- {
- *nbytes = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (format == GNUTLS_MPI_FORMAT_PGP)
- {
- uint8_t *buf = buffer;
- unsigned int nbits = _gnutls_mpi_get_nbits (a);
- buf[0] = (nbits >> 8) & 0xff;
- buf[1] = (nbits) & 0xff;
- nettle_mpz_get_str_256 (size - 2, buf + 2, *p);
- }
- else
- {
- nettle_mpz_get_str_256 (size, buffer, *p);
- }
- *nbytes = size;
-
- return 0;
+ unsigned int size;
+ mpz_t *p = (void *) a;
+
+ if (format == GNUTLS_MPI_FORMAT_USG) {
+ size = nettle_mpz_sizeinbase_256_u(*p);
+ } else if (format == GNUTLS_MPI_FORMAT_STD) {
+ size = nettle_mpz_sizeinbase_256_s(*p);
+ } else if (format == GNUTLS_MPI_FORMAT_PGP) {
+ size = nettle_mpz_sizeinbase_256_u(*p) + 2;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (buffer == NULL || size > *nbytes) {
+ *nbytes = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (format == GNUTLS_MPI_FORMAT_PGP) {
+ uint8_t *buf = buffer;
+ unsigned int nbits = _gnutls_mpi_get_nbits(a);
+ buf[0] = (nbits >> 8) & 0xff;
+ buf[1] = (nbits) & 0xff;
+ nettle_mpz_get_str_256(size - 2, buf + 2, *p);
+ } else {
+ nettle_mpz_get_str_256(size, buffer, *p);
+ }
+ *nbytes = size;
+
+ return 0;
}
-static bigint_t
-wrap_nettle_mpi_new (int nbits)
+static bigint_t wrap_nettle_mpi_new(int nbits)
{
- mpz_t *p;
-
- p = gnutls_malloc (sizeof (*p));
- if (p == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
- if (nbits == 0)
- mpz_init(*p);
- else
- mpz_init2 (*p, nbits);
-
- return p;
+ mpz_t *p;
+
+ p = gnutls_malloc(sizeof(*p));
+ if (p == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+ if (nbits == 0)
+ mpz_init(*p);
+ else
+ mpz_init2(*p, nbits);
+
+ return p;
}
static bigint_t
-wrap_nettle_mpi_scan (const void *buffer, size_t nbytes,
- gnutls_bigint_format_t format)
+wrap_nettle_mpi_scan(const void *buffer, size_t nbytes,
+ gnutls_bigint_format_t format)
{
- bigint_t r = wrap_nettle_mpi_new (nbytes * 8);
-
- if (r == NULL)
- {
- gnutls_assert ();
- return r;
- }
-
- if (format == GNUTLS_MPI_FORMAT_USG)
- {
- nettle_mpz_set_str_256_u (TOMPZ (r), nbytes, buffer);
- }
- else if (format == GNUTLS_MPI_FORMAT_STD)
- {
- nettle_mpz_set_str_256_s (TOMPZ (r), nbytes, buffer);
- }
- else if (format == GNUTLS_MPI_FORMAT_PGP)
- {
- const uint8_t *buf = buffer;
- size_t size;
-
- if (nbytes < 3)
- {
- gnutls_assert ();
- goto fail;
- }
-
- size = (buf[0] << 8) | buf[1];
- size = (size + 7) / 8;
-
- if (size > nbytes - 2)
- {
- gnutls_assert ();
- goto fail;
- }
- nettle_mpz_set_str_256_u (TOMPZ (r), size, buf + 2);
- }
- else
- {
- gnutls_assert ();
- goto fail;
- }
-
- return r;
-fail:
- _gnutls_mpi_release (&r);
- return NULL;
+ bigint_t r = wrap_nettle_mpi_new(nbytes * 8);
+
+ if (r == NULL) {
+ gnutls_assert();
+ return r;
+ }
+
+ if (format == GNUTLS_MPI_FORMAT_USG) {
+ nettle_mpz_set_str_256_u(TOMPZ(r), nbytes, buffer);
+ } else if (format == GNUTLS_MPI_FORMAT_STD) {
+ nettle_mpz_set_str_256_s(TOMPZ(r), nbytes, buffer);
+ } else if (format == GNUTLS_MPI_FORMAT_PGP) {
+ const uint8_t *buf = buffer;
+ size_t size;
+
+ if (nbytes < 3) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ size = (buf[0] << 8) | buf[1];
+ size = (size + 7) / 8;
+
+ if (size > nbytes - 2) {
+ gnutls_assert();
+ goto fail;
+ }
+ nettle_mpz_set_str_256_u(TOMPZ(r), size, buf + 2);
+ } else {
+ gnutls_assert();
+ goto fail;
+ }
+
+ return r;
+ fail:
+ _gnutls_mpi_release(&r);
+ return NULL;
}
-static int
-wrap_nettle_mpi_cmp (const bigint_t u, const bigint_t v)
+static int wrap_nettle_mpi_cmp(const bigint_t u, const bigint_t v)
{
- mpz_t *i1 = u, *i2 = v;
+ mpz_t *i1 = u, *i2 = v;
- return mpz_cmp (*i1, *i2);
+ return mpz_cmp(*i1, *i2);
}
-static int
-wrap_nettle_mpi_cmp_ui (const bigint_t u, unsigned long v)
+static int wrap_nettle_mpi_cmp_ui(const bigint_t u, unsigned long v)
{
- mpz_t *i1 = u;
+ mpz_t *i1 = u;
- return mpz_cmp_ui (*i1, v);
+ return mpz_cmp_ui(*i1, v);
}
-static bigint_t
-wrap_nettle_mpi_set (bigint_t w, const bigint_t u)
+static bigint_t wrap_nettle_mpi_set(bigint_t w, const bigint_t u)
{
- mpz_t *i1, *i2 = u;
+ mpz_t *i1, *i2 = u;
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (u);
- i1 = w;
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like(u);
+ i1 = w;
- mpz_set (*i1, *i2);
+ mpz_set(*i1, *i2);
- return i1;
+ return i1;
}
-static bigint_t
-wrap_nettle_mpi_set_ui (bigint_t w, unsigned long u)
+static bigint_t wrap_nettle_mpi_set_ui(bigint_t w, unsigned long u)
{
- mpz_t *i1;
+ mpz_t *i1;
- if (w == NULL)
- w = wrap_nettle_mpi_new (32);
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(32);
- i1 = w;
+ i1 = w;
- mpz_set_ui (*i1, u);
+ mpz_set_ui(*i1, u);
- return i1;
+ return i1;
}
-static unsigned int
-wrap_nettle_mpi_get_nbits (bigint_t a)
+static unsigned int wrap_nettle_mpi_get_nbits(bigint_t a)
{
- return mpz_sizeinbase (TOMPZ( a), 2);
+ return mpz_sizeinbase(TOMPZ(a), 2);
}
-static void
-wrap_nettle_mpi_release (bigint_t a)
+static void wrap_nettle_mpi_release(bigint_t a)
{
- mpz_clear (TOMPZ( a));
- gnutls_free (a);
+ mpz_clear(TOMPZ(a));
+ gnutls_free(a);
}
-static void
-wrap_nettle_mpi_clear (bigint_t a)
+static void wrap_nettle_mpi_clear(bigint_t a)
{
- memset(TOMPZ(a)[0]._mp_d, 0, TOMPZ(a)[0]._mp_alloc*sizeof(mp_limb_t));
+ memset(TOMPZ(a)[0]._mp_d, 0,
+ TOMPZ(a)[0]._mp_alloc * sizeof(mp_limb_t));
}
-static bigint_t
-wrap_nettle_mpi_mod (const bigint_t a, const bigint_t b)
+static bigint_t wrap_nettle_mpi_mod(const bigint_t a, const bigint_t b)
{
- bigint_t r = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b));
+ bigint_t r = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(b));
- if (r == NULL)
- return NULL;
+ if (r == NULL)
+ return NULL;
- mpz_mod (TOMPZ( r), TOMPZ( a), TOMPZ( b));
+ mpz_mod(TOMPZ(r), TOMPZ(a), TOMPZ(b));
- return r;
+ return r;
}
static bigint_t
-wrap_nettle_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e,
- const bigint_t m)
+wrap_nettle_mpi_powm(bigint_t w, const bigint_t b, const bigint_t e,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(m));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_powm (TOMPZ( w), TOMPZ( b), TOMPZ( e), TOMPZ( m));
+ mpz_powm(TOMPZ(w), TOMPZ(b), TOMPZ(e), TOMPZ(m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_addm(bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add (TOMPZ( w), TOMPZ( b), TOMPZ( a));
- mpz_fdiv_r (TOMPZ( w), TOMPZ( w), TOMPZ( m));
+ mpz_add(TOMPZ(w), TOMPZ(b), TOMPZ(a));
+ mpz_fdiv_r(TOMPZ(w), TOMPZ(w), TOMPZ(m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_subm(bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub (TOMPZ( w), TOMPZ( a), TOMPZ( b));
- mpz_fdiv_r (TOMPZ( w), TOMPZ( w), TOMPZ( m));
+ mpz_sub(TOMPZ(w), TOMPZ(a), TOMPZ(b));
+ mpz_fdiv_r(TOMPZ(w), TOMPZ(w), TOMPZ(m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_mulm(bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(m));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul (TOMPZ( w), TOMPZ( a), TOMPZ( b));
- mpz_fdiv_r (TOMPZ( w), TOMPZ( w), TOMPZ( m));
+ mpz_mul(TOMPZ(w), TOMPZ(a), TOMPZ(b));
+ mpz_fdiv_r(TOMPZ(w), TOMPZ(w), TOMPZ(m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_add (bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_add(bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(b));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add (TOMPZ( w), TOMPZ( a), TOMPZ( b));
+ mpz_add(TOMPZ(w), TOMPZ(a), TOMPZ(b));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_sub (bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_sub(bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub (TOMPZ( w), TOMPZ( a), TOMPZ( b));
+ mpz_sub(TOMPZ(w), TOMPZ(a), TOMPZ(b));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mul (bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_mul(bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul (TOMPZ( w), TOMPZ( a), TOMPZ( b));
+ mpz_mul(TOMPZ(w), TOMPZ(a), TOMPZ(b));
- return w;
+ return w;
}
/* q = a / b */
static bigint_t
-wrap_nettle_mpi_div (bigint_t q, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_div(bigint_t q, const bigint_t a, const bigint_t b)
{
- if (q == NULL)
- q = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (q == NULL)
+ q = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (q == NULL)
- return NULL;
+ if (q == NULL)
+ return NULL;
- mpz_cdiv_q (TOMPZ( q), TOMPZ( a), TOMPZ( b));
+ mpz_cdiv_q(TOMPZ(q), TOMPZ(a), TOMPZ(b));
- return q;
+ return q;
}
static bigint_t
-wrap_nettle_mpi_add_ui (bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_add_ui(bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add_ui (TOMPZ( w), TOMPZ( a), b);
+ mpz_add_ui(TOMPZ(w), TOMPZ(a), b);
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_sub_ui (bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_sub_ui(bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub_ui (TOMPZ( w), TOMPZ( a), b);
+ mpz_sub_ui(TOMPZ(w), TOMPZ(a), b);
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_mul_ui(bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul_ui (TOMPZ( w), TOMPZ( a), b);
+ mpz_mul_ui(TOMPZ(w), TOMPZ(a), b);
- return w;
+ return w;
}
-static int
-wrap_nettle_prime_check (bigint_t pp)
+static int wrap_nettle_prime_check(bigint_t pp)
{
- int ret;
- ret = mpz_probab_prime_p (TOMPZ( pp), PRIME_CHECK_PARAM);
+ int ret;
+ ret = mpz_probab_prime_p(TOMPZ(pp), PRIME_CHECK_PARAM);
- if (ret > 0)
- {
- return 0;
- }
+ if (ret > 0) {
+ return 0;
+ }
- return GNUTLS_E_INTERNAL_ERROR; /* ignored */
+ return GNUTLS_E_INTERNAL_ERROR; /* ignored */
}
@@ -422,231 +390,219 @@ wrap_nettle_prime_check (bigint_t pp)
*
*/
inline static int
-gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits, unsigned int *q_bits)
+gen_group(mpz_t * prime, mpz_t * generator, unsigned int nbits,
+ unsigned int *q_bits)
{
- mpz_t q, w, r;
- unsigned int p_bytes = nbits / 8;
- uint8_t *buffer = NULL;
- unsigned int q_bytes, w_bytes, r_bytes, w_bits;
- int ret;
-
- /* security level enforcement.
- * Values for q are selected according to ECRYPT II recommendations.
- */
- q_bytes = _gnutls_pk_bits_to_subgroup_bits (nbits);
- q_bytes /= 8;
-
- if (q_bytes == 0 || q_bytes >= p_bytes)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (nbits % 8 != 0)
- p_bytes++;
-
- w_bits = nbits - q_bytes * 8;
- w_bytes = w_bits / 8;
- if (w_bits % 8 != 0)
- w_bytes++;
-
- _gnutls_debug_log
- ("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n",
- nbits, q_bytes * 8);
- buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */
- if (buffer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- mpz_init (q);
- mpz_init (w);
- mpz_init (r);
-
- /* search for a prime. We are not that unlucky so search
- * forever.
- */
- for (;;)
- {
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- nettle_mpz_set_str_256_u (w, w_bytes, buffer);
- /* always odd */
- mpz_setbit (w, 0);
-
- ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM);
- if (ret > 0)
- {
- break;
- }
- }
-
- /* now generate q of size p_bytes - w_bytes */
-
- _gnutls_debug_log
- ("Found prime w of %u bits. Will look for q of %u bits...\n",
- wrap_nettle_mpi_get_nbits (&w), q_bytes*8);
-
- for (;;)
- {
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- nettle_mpz_set_str_256_u (q, q_bytes, buffer);
- /* always odd */
- mpz_setbit (q, 0);
-
- ret = mpz_probab_prime_p (q, PRIME_CHECK_PARAM);
- if (ret == 0)
- {
- continue;
- }
-
- /* check if 2wq+1 is prime */
- mpz_mul_ui (*prime, w, 2);
- mpz_mul (*prime, *prime, q);
- mpz_add_ui (*prime, *prime, 1);
-
- ret = mpz_probab_prime_p (*prime, PRIME_CHECK_PARAM);
- if (ret > 0)
- {
- break;
- }
- }
-
- *q_bits = wrap_nettle_mpi_get_nbits (&q);
- _gnutls_debug_log ("Found prime q of %u bits. Looking for generator...\n",
- *q_bits);
-
- /* finally a prime! Let's calculate generator
- */
-
- /* c = r^((p-1)/q), r == random
- * c = r^(2w)
- * if c!=1 c is the generator for the subgroup of order q-1
- *
- */
- r_bytes = p_bytes;
-
- mpz_mul_ui (w, w, 2); /* w = w*2 */
- mpz_fdiv_r (w, w, *prime);
-
- for (;;)
- {
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, buffer, r_bytes);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- nettle_mpz_set_str_256_u (r, r_bytes, buffer);
- mpz_fdiv_r (r, r, *prime);
-
- /* check if r^w mod n != 1 mod n */
- mpz_powm (*generator, r, w, *prime);
-
- if (mpz_cmp_ui (*generator, 1) == 0)
- continue;
- else
- break;
- }
-
- _gnutls_debug_log ("Found generator g of %u bits\n",
- wrap_nettle_mpi_get_nbits (generator));
- _gnutls_debug_log ("Prime n is %u bits\n",
- wrap_nettle_mpi_get_nbits (prime));
-
- ret = 0;
- goto exit;
-
-fail:
- mpz_clear (*prime);
- mpz_clear (*generator);
-
-exit:
- mpz_clear (q);
- mpz_clear (w);
- mpz_clear (r);
- gnutls_free (buffer);
-
- return ret;
+ mpz_t q, w, r;
+ unsigned int p_bytes = nbits / 8;
+ uint8_t *buffer = NULL;
+ unsigned int q_bytes, w_bytes, r_bytes, w_bits;
+ int ret;
+
+ /* security level enforcement.
+ * Values for q are selected according to ECRYPT II recommendations.
+ */
+ q_bytes = _gnutls_pk_bits_to_subgroup_bits(nbits);
+ q_bytes /= 8;
+
+ if (q_bytes == 0 || q_bytes >= p_bytes) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (nbits % 8 != 0)
+ p_bytes++;
+
+ w_bits = nbits - q_bytes * 8;
+ w_bytes = w_bits / 8;
+ if (w_bits % 8 != 0)
+ w_bytes++;
+
+ _gnutls_debug_log
+ ("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n",
+ nbits, q_bytes * 8);
+ buffer = gnutls_malloc(p_bytes); /* p_bytes > q_bytes */
+ if (buffer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ mpz_init(q);
+ mpz_init(w);
+ mpz_init(r);
+
+ /* search for a prime. We are not that unlucky so search
+ * forever.
+ */
+ for (;;) {
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, w_bytes);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ nettle_mpz_set_str_256_u(w, w_bytes, buffer);
+ /* always odd */
+ mpz_setbit(w, 0);
+
+ ret = mpz_probab_prime_p(w, PRIME_CHECK_PARAM);
+ if (ret > 0) {
+ break;
+ }
+ }
+
+ /* now generate q of size p_bytes - w_bytes */
+
+ _gnutls_debug_log
+ ("Found prime w of %u bits. Will look for q of %u bits...\n",
+ wrap_nettle_mpi_get_nbits(&w), q_bytes * 8);
+
+ for (;;) {
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, q_bytes);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ nettle_mpz_set_str_256_u(q, q_bytes, buffer);
+ /* always odd */
+ mpz_setbit(q, 0);
+
+ ret = mpz_probab_prime_p(q, PRIME_CHECK_PARAM);
+ if (ret == 0) {
+ continue;
+ }
+
+ /* check if 2wq+1 is prime */
+ mpz_mul_ui(*prime, w, 2);
+ mpz_mul(*prime, *prime, q);
+ mpz_add_ui(*prime, *prime, 1);
+
+ ret = mpz_probab_prime_p(*prime, PRIME_CHECK_PARAM);
+ if (ret > 0) {
+ break;
+ }
+ }
+
+ *q_bits = wrap_nettle_mpi_get_nbits(&q);
+ _gnutls_debug_log
+ ("Found prime q of %u bits. Looking for generator...\n",
+ *q_bits);
+
+ /* finally a prime! Let's calculate generator
+ */
+
+ /* c = r^((p-1)/q), r == random
+ * c = r^(2w)
+ * if c!=1 c is the generator for the subgroup of order q-1
+ *
+ */
+ r_bytes = p_bytes;
+
+ mpz_mul_ui(w, w, 2); /* w = w*2 */
+ mpz_fdiv_r(w, w, *prime);
+
+ for (;;) {
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, buffer, r_bytes);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ nettle_mpz_set_str_256_u(r, r_bytes, buffer);
+ mpz_fdiv_r(r, r, *prime);
+
+ /* check if r^w mod n != 1 mod n */
+ mpz_powm(*generator, r, w, *prime);
+
+ if (mpz_cmp_ui(*generator, 1) == 0)
+ continue;
+ else
+ break;
+ }
+
+ _gnutls_debug_log("Found generator g of %u bits\n",
+ wrap_nettle_mpi_get_nbits(generator));
+ _gnutls_debug_log("Prime n is %u bits\n",
+ wrap_nettle_mpi_get_nbits(prime));
+
+ ret = 0;
+ goto exit;
+
+ fail:
+ mpz_clear(*prime);
+ mpz_clear(*generator);
+
+ exit:
+ mpz_clear(q);
+ mpz_clear(w);
+ mpz_clear(r);
+ gnutls_free(buffer);
+
+ return ret;
}
static int
-wrap_nettle_generate_group (gnutls_group_st * group, unsigned int bits)
+wrap_nettle_generate_group(gnutls_group_st * group, unsigned int bits)
{
- int ret;
- bigint_t p = wrap_nettle_mpi_new (bits);
- bigint_t g;
- unsigned int q_bits;
-
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- g = wrap_nettle_mpi_new (bits);
- if (g == NULL)
- {
- gnutls_assert ();
- _gnutls_mpi_release (&p);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gen_group (p, g, bits, &q_bits);
- if (ret < 0)
- {
- _gnutls_mpi_release (&g);
- _gnutls_mpi_release (&p);
- gnutls_assert ();
- return ret;
- }
-
- group->p = p;
- group->g = g;
- group->q_bits = q_bits;
-
- return 0;
+ int ret;
+ bigint_t p = wrap_nettle_mpi_new(bits);
+ bigint_t g;
+ unsigned int q_bits;
+
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ g = wrap_nettle_mpi_new(bits);
+ if (g == NULL) {
+ gnutls_assert();
+ _gnutls_mpi_release(&p);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gen_group(p, g, bits, &q_bits);
+ if (ret < 0) {
+ _gnutls_mpi_release(&g);
+ _gnutls_mpi_release(&p);
+ gnutls_assert();
+ return ret;
+ }
+
+ group->p = p;
+ group->g = g;
+ group->q_bits = q_bits;
+
+ return 0;
}
int crypto_bigint_prio = INT_MAX;
gnutls_crypto_bigint_st _gnutls_mpi_ops = {
- .bigint_new = wrap_nettle_mpi_new,
- .bigint_cmp = wrap_nettle_mpi_cmp,
- .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui,
- .bigint_mod = wrap_nettle_mpi_mod,
- .bigint_set = wrap_nettle_mpi_set,
- .bigint_set_ui = wrap_nettle_mpi_set_ui,
- .bigint_get_nbits = wrap_nettle_mpi_get_nbits,
- .bigint_powm = wrap_nettle_mpi_powm,
- .bigint_addm = wrap_nettle_mpi_addm,
- .bigint_subm = wrap_nettle_mpi_subm,
- .bigint_add = wrap_nettle_mpi_add,
- .bigint_sub = wrap_nettle_mpi_sub,
- .bigint_add_ui = wrap_nettle_mpi_add_ui,
- .bigint_sub_ui = wrap_nettle_mpi_sub_ui,
- .bigint_mul = wrap_nettle_mpi_mul,
- .bigint_mulm = wrap_nettle_mpi_mulm,
- .bigint_mul_ui = wrap_nettle_mpi_mul_ui,
- .bigint_div = wrap_nettle_mpi_div,
- .bigint_prime_check = wrap_nettle_prime_check,
- .bigint_release = wrap_nettle_mpi_release,
- .bigint_clear = wrap_nettle_mpi_clear,
- .bigint_print = wrap_nettle_mpi_print,
- .bigint_scan = wrap_nettle_mpi_scan,
- .bigint_generate_group = wrap_nettle_generate_group
+ .bigint_new = wrap_nettle_mpi_new,
+ .bigint_cmp = wrap_nettle_mpi_cmp,
+ .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui,
+ .bigint_mod = wrap_nettle_mpi_mod,
+ .bigint_set = wrap_nettle_mpi_set,
+ .bigint_set_ui = wrap_nettle_mpi_set_ui,
+ .bigint_get_nbits = wrap_nettle_mpi_get_nbits,
+ .bigint_powm = wrap_nettle_mpi_powm,
+ .bigint_addm = wrap_nettle_mpi_addm,
+ .bigint_subm = wrap_nettle_mpi_subm,
+ .bigint_add = wrap_nettle_mpi_add,
+ .bigint_sub = wrap_nettle_mpi_sub,
+ .bigint_add_ui = wrap_nettle_mpi_add_ui,
+ .bigint_sub_ui = wrap_nettle_mpi_sub_ui,
+ .bigint_mul = wrap_nettle_mpi_mul,
+ .bigint_mulm = wrap_nettle_mpi_mulm,
+ .bigint_mul_ui = wrap_nettle_mpi_mul_ui,
+ .bigint_div = wrap_nettle_mpi_div,
+ .bigint_prime_check = wrap_nettle_prime_check,
+ .bigint_release = wrap_nettle_mpi_release,
+ .bigint_clear = wrap_nettle_mpi_clear,
+ .bigint_print = wrap_nettle_mpi_print,
+ .bigint_scan = wrap_nettle_mpi_scan,
+ .bigint_generate_group = wrap_nettle_generate_group
};
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index de578054c3..673495dcf0 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -49,1025 +49,1094 @@
static inline const struct ecc_curve *get_supported_curve(int curve);
-static void
-rnd_func (void *_ctx, unsigned length, uint8_t * data)
+static void rnd_func(void *_ctx, unsigned length, uint8_t * data)
{
- _gnutls_rnd (GNUTLS_RND_RANDOM, data, length);
+ _gnutls_rnd(GNUTLS_RND_RANDOM, data, length);
}
static void
-_dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params,
- struct dsa_public_key *pub)
+_dsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
+ struct dsa_public_key *pub)
{
- memcpy (&pub->p, pk_params->params[0], sizeof (mpz_t));
- memcpy (&pub->q, pk_params->params[1], sizeof (mpz_t));
- memcpy (&pub->g, pk_params->params[2], sizeof (mpz_t));
- memcpy (&pub->y, pk_params->params[3], sizeof (mpz_t));
+ memcpy(&pub->p, pk_params->params[0], sizeof(mpz_t));
+ memcpy(&pub->q, pk_params->params[1], sizeof(mpz_t));
+ memcpy(&pub->g, pk_params->params[2], sizeof(mpz_t));
+ memcpy(&pub->y, pk_params->params[3], sizeof(mpz_t));
}
static void
-_dsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
- struct dsa_private_key *pub)
+_dsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
+ struct dsa_private_key *pub)
{
- memcpy (&pub->x, pk_params->params[4], sizeof (mpz_t));
+ memcpy(&pub->x, pk_params->params[4], sizeof(mpz_t));
}
static void
-_rsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
- struct rsa_private_key *priv)
+_rsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
+ struct rsa_private_key *priv)
{
- memcpy (&priv->d, pk_params->params[2], sizeof (mpz_t));
- memcpy (&priv->p, pk_params->params[3], sizeof (mpz_t));
- memcpy (&priv->q, pk_params->params[4], sizeof (mpz_t));
- memcpy (&priv->c, pk_params->params[5], sizeof (mpz_t));
- memcpy (&priv->a, pk_params->params[6], sizeof (mpz_t));
- memcpy (&priv->b, pk_params->params[7], sizeof (mpz_t));
- priv->size = nettle_mpz_sizeinbase_256_u(TOMPZ(pk_params->params[RSA_MODULUS]));
+ memcpy(&priv->d, pk_params->params[2], sizeof(mpz_t));
+ memcpy(&priv->p, pk_params->params[3], sizeof(mpz_t));
+ memcpy(&priv->q, pk_params->params[4], sizeof(mpz_t));
+ memcpy(&priv->c, pk_params->params[5], sizeof(mpz_t));
+ memcpy(&priv->a, pk_params->params[6], sizeof(mpz_t));
+ memcpy(&priv->b, pk_params->params[7], sizeof(mpz_t));
+ priv->size =
+ nettle_mpz_sizeinbase_256_u(TOMPZ
+ (pk_params->params[RSA_MODULUS]));
}
static void
-_rsa_params_to_pubkey (const gnutls_pk_params_st * pk_params,
- struct rsa_public_key *pub)
+_rsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
+ struct rsa_public_key *pub)
{
- memcpy (&pub->n, pk_params->params[RSA_MODULUS], sizeof (mpz_t));
- memcpy (&pub->e, pk_params->params[RSA_PUB], sizeof (mpz_t));
- pub->size = nettle_mpz_sizeinbase_256_u(pub->n);
+ memcpy(&pub->n, pk_params->params[RSA_MODULUS], sizeof(mpz_t));
+ memcpy(&pub->e, pk_params->params[RSA_PUB], sizeof(mpz_t));
+ pub->size = nettle_mpz_sizeinbase_256_u(pub->n);
}
static int
_ecc_params_to_privkey(const gnutls_pk_params_st * pk_params,
- struct ecc_scalar * priv, const struct ecc_curve *curve)
+ struct ecc_scalar *priv,
+ const struct ecc_curve *curve)
{
- ecc_scalar_init(priv, curve);
- if (ecc_scalar_set(priv, pk_params->params[ECC_K]) == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ ecc_scalar_init(priv, curve);
+ if (ecc_scalar_set(priv, pk_params->params[ECC_K]) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return 0;
+ return 0;
}
static int
_ecc_params_to_pubkey(const gnutls_pk_params_st * pk_params,
- struct ecc_point * pub, const struct ecc_curve *curve)
+ struct ecc_point *pub, const struct ecc_curve *curve)
{
- ecc_point_init(pub, curve);
- if (ecc_point_set(pub, pk_params->params[ECC_X], pk_params->params[ECC_Y]) == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ ecc_point_init(pub, curve);
+ if (ecc_point_set
+ (pub, pk_params->params[ECC_X], pk_params->params[ECC_Y]) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return 0;
+ return 0;
}
static void
-ecc_shared_secret (struct ecc_scalar * private_key,
- struct ecc_point * public_key,
- void *out, unsigned size)
+ecc_shared_secret(struct ecc_scalar *private_key,
+ struct ecc_point *public_key, void *out, unsigned size)
{
-struct ecc_point r;
-mpz_t x;
+ struct ecc_point r;
+ mpz_t x;
+
+ mpz_init(x);
+ ecc_point_init(&r, public_key->ecc);
+
+ ecc_point_mul(&r, private_key, public_key);
- mpz_init(x);
- ecc_point_init(&r, public_key->ecc);
+ ecc_point_get(&r, x, NULL);
+ nettle_mpz_get_str_256(size, out, x);
- ecc_point_mul(&r, private_key, public_key);
-
- ecc_point_get(&r, x, NULL);
- nettle_mpz_get_str_256(size, out, x);
+ mpz_clear(x);
+ ecc_point_clear(&r);
- mpz_clear(x);
- ecc_point_clear(&r);
-
- return;
+ return;
}
-static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * out,
- const gnutls_pk_params_st * priv,
- const gnutls_pk_params_st * pub)
+static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * out,
+ const gnutls_pk_params_st * priv,
+ const gnutls_pk_params_st * pub)
{
- int ret;
-
- switch (algo)
- {
- case GNUTLS_PK_EC:
- {
- struct ecc_scalar ecc_priv;
- struct ecc_point ecc_pub;
- const struct ecc_curve * curve;
-
- out->data = NULL;
-
- curve = get_supported_curve(priv->flags);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ret = _ecc_params_to_pubkey(pub, &ecc_pub, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _ecc_params_to_privkey(priv, &ecc_priv, curve);
- if (ret < 0)
- {
- ecc_point_clear(&ecc_pub);
- return gnutls_assert_val(ret);
- }
-
- out->size = gnutls_ecc_curve_get_size(priv->flags);
- /*ecc_size(curve)*sizeof(mp_limb_t);*/
- out->data = gnutls_malloc(out->size);
- if (out->data == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto ecc_cleanup;
- }
-
- ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, out->size);
-
-ecc_cleanup:
- ecc_point_clear(&ecc_pub);
- ecc_scalar_clear(&ecc_priv);
- if (ret < 0) goto cleanup;
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- return ret;
+ int ret;
+
+ switch (algo) {
+ case GNUTLS_PK_EC:
+ {
+ struct ecc_scalar ecc_priv;
+ struct ecc_point ecc_pub;
+ const struct ecc_curve *curve;
+
+ out->data = NULL;
+
+ curve = get_supported_curve(priv->flags);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ret = _ecc_params_to_pubkey(pub, &ecc_pub, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _ecc_params_to_privkey(priv, &ecc_priv, curve);
+ if (ret < 0) {
+ ecc_point_clear(&ecc_pub);
+ return gnutls_assert_val(ret);
+ }
+
+ out->size = gnutls_ecc_curve_get_size(priv->flags);
+ /*ecc_size(curve)*sizeof(mp_limb_t); */
+ out->data = gnutls_malloc(out->size);
+ if (out->data == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto ecc_cleanup;
+ }
+
+ ecc_shared_secret(&ecc_priv, &ecc_pub, out->data,
+ out->size);
+
+ ecc_cleanup:
+ ecc_point_clear(&ecc_pub);
+ ecc_scalar_clear(&ecc_priv);
+ if (ret < 0)
+ goto cleanup;
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ return ret;
}
static int
-_wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
- mpz_t p;
-
- mpz_init(p);
-
- switch (algo)
- {
- case GNUTLS_PK_RSA:
- {
- struct rsa_public_key pub;
-
- _rsa_params_to_pubkey (pk_params, &pub);
-
- ret = rsa_encrypt(&pub, NULL, rnd_func, plaintext->size, plaintext->data, p);
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint_size (p, ciphertext, pub.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- mpz_clear(p);
- return ret;
+ int ret;
+ mpz_t p;
+
+ mpz_init(p);
+
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_public_key pub;
+
+ _rsa_params_to_pubkey(pk_params, &pub);
+
+ ret =
+ rsa_encrypt(&pub, NULL, rnd_func,
+ plaintext->size, plaintext->data,
+ p);
+ if (ret == 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ENCRYPTION_FAILED);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_mpi_dprint_size(p, ciphertext,
+ pub.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ mpz_clear(p);
+ return ret;
}
static int
-_wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
-
- plaintext->data = NULL;
-
- /* make a sexp from pkey */
- switch (algo)
- {
- case GNUTLS_PK_RSA:
- {
- struct rsa_private_key priv;
- struct rsa_public_key pub;
- unsigned length;
- bigint_t c;
-
- _rsa_params_to_privkey (pk_params, &priv);
- _rsa_params_to_pubkey (pk_params, &pub);
-
- if (ciphertext->size != pub.size)
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
- goto cleanup;
- }
-
- length = pub.size;
- plaintext->data = gnutls_malloc(length);
- if (plaintext->data == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- ret = rsa_decrypt_tr(&pub, &priv, NULL, rnd_func, &length, plaintext->data,
- TOMPZ(c));
- _gnutls_mpi_release (&c);
- plaintext->size = length;
-
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- if (ret < 0)
- gnutls_free(plaintext->data);
-
- return ret;
+ int ret;
+
+ plaintext->data = NULL;
+
+ /* make a sexp from pkey */
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_private_key priv;
+ struct rsa_public_key pub;
+ unsigned length;
+ bigint_t c;
+
+ _rsa_params_to_privkey(pk_params, &priv);
+ _rsa_params_to_pubkey(pk_params, &pub);
+
+ if (ciphertext->size != pub.size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+
+ if (_gnutls_mpi_scan_nz
+ (&c, ciphertext->data,
+ ciphertext->size) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MPI_SCAN_FAILED);
+ goto cleanup;
+ }
+
+ length = pub.size;
+ plaintext->data = gnutls_malloc(length);
+ if (plaintext->data == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
+
+ ret =
+ rsa_decrypt_tr(&pub, &priv, NULL, rnd_func,
+ &length, plaintext->data,
+ TOMPZ(c));
+ _gnutls_mpi_release(&c);
+ plaintext->size = length;
+
+ if (ret == 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ if (ret < 0)
+ gnutls_free(plaintext->data);
+
+ return ret;
}
/* in case of DSA puts into data, r,s
*/
static int
-_wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * signature,
- const gnutls_datum_t * vdata,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * signature,
+ const gnutls_datum_t * vdata,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
- unsigned int hash_len;
- const mac_entry_st* me;
-
- switch (algo)
- {
- case GNUTLS_PK_EC: /* we do ECDSA */
- {
- struct ecc_scalar priv;
- struct dsa_signature sig;
- int curve_id = pk_params->flags;
- const struct ecc_curve * curve;
-
- curve = get_supported_curve(curve_id);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ret = _ecc_params_to_privkey(pk_params, &priv, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- dsa_signature_init (&sig);
-
- me = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
-
- if (hash_len > vdata->size)
- {
- gnutls_assert ();
- _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", _gnutls_mac_get_name(me), hash_len);
- hash_len = vdata->size;
- }
-
- ecdsa_sign(&priv, NULL, rnd_func, hash_len, vdata->data, &sig);
-
- ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
-
- dsa_signature_clear (&sig);
- ecc_scalar_clear( &priv);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
- }
- case GNUTLS_PK_DSA:
- {
- struct dsa_public_key pub;
- struct dsa_private_key priv;
- struct dsa_signature sig;
-
- memset(&priv, 0, sizeof(priv));
- memset(&pub, 0, sizeof(pub));
- _dsa_params_to_pubkey (pk_params, &pub);
- _dsa_params_to_privkey (pk_params, &priv);
-
- dsa_signature_init (&sig);
-
- me = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
-
- if (hash_len > vdata->size)
- {
- gnutls_assert ();
- _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", _gnutls_mac_get_name(me), hash_len);
- hash_len = vdata->size;
- }
-
- ret =
- _dsa_sign (&pub, &priv, NULL, rnd_func,
- hash_len, vdata->data, &sig);
- if (ret == 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto dsa_fail;
- }
-
- ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
-
- dsa_fail:
- dsa_signature_clear (&sig);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
- }
- case GNUTLS_PK_RSA:
- {
- struct rsa_private_key priv;
- struct rsa_public_key pub;
- mpz_t s;
-
- _rsa_params_to_privkey (pk_params, &priv);
- _rsa_params_to_pubkey (pk_params, &pub);
-
- mpz_init(s);
-
- ret = rsa_pkcs1_sign_tr(&pub, &priv, NULL, rnd_func,
- vdata->size, vdata->data, s);
- if (ret == 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto rsa_fail;
- }
-
- ret = _gnutls_mpi_dprint_size (s, signature, pub.size);
-
-rsa_fail:
- mpz_clear(s);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- return ret;
+ int ret;
+ unsigned int hash_len;
+ const mac_entry_st *me;
+
+ switch (algo) {
+ case GNUTLS_PK_EC: /* we do ECDSA */
+ {
+ struct ecc_scalar priv;
+ struct dsa_signature sig;
+ int curve_id = pk_params->flags;
+ const struct ecc_curve *curve;
+
+ curve = get_supported_curve(curve_id);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ret =
+ _ecc_params_to_privkey(pk_params, &priv,
+ curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ dsa_signature_init(&sig);
+
+ me = _gnutls_dsa_q_to_hash(algo, pk_params,
+ &hash_len);
+
+ if (hash_len > vdata->size) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Security level of algorithm requires hash %s(%d) or better\n",
+ _gnutls_mac_get_name(me), hash_len);
+ hash_len = vdata->size;
+ }
+
+ ecdsa_sign(&priv, NULL, rnd_func, hash_len,
+ vdata->data, &sig);
+
+ ret =
+ _gnutls_encode_ber_rs(signature, &sig.r,
+ &sig.s);
+
+ dsa_signature_clear(&sig);
+ ecc_scalar_clear(&priv);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+ struct dsa_signature sig;
+
+ memset(&priv, 0, sizeof(priv));
+ memset(&pub, 0, sizeof(pub));
+ _dsa_params_to_pubkey(pk_params, &pub);
+ _dsa_params_to_privkey(pk_params, &priv);
+
+ dsa_signature_init(&sig);
+
+ me = _gnutls_dsa_q_to_hash(algo, pk_params,
+ &hash_len);
+
+ if (hash_len > vdata->size) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Security level of algorithm requires hash %s(%d) or better\n",
+ _gnutls_mac_get_name(me), hash_len);
+ hash_len = vdata->size;
+ }
+
+ ret =
+ _dsa_sign(&pub, &priv, NULL, rnd_func,
+ hash_len, vdata->data, &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret =
+ _gnutls_encode_ber_rs(signature, &sig.r,
+ &sig.s);
+
+ dsa_fail:
+ dsa_signature_clear(&sig);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_private_key priv;
+ struct rsa_public_key pub;
+ mpz_t s;
+
+ _rsa_params_to_privkey(pk_params, &priv);
+ _rsa_params_to_pubkey(pk_params, &pub);
+
+ mpz_init(s);
+
+ ret =
+ rsa_pkcs1_sign_tr(&pub, &priv, NULL, rnd_func,
+ vdata->size, vdata->data, s);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto rsa_fail;
+ }
+
+ ret =
+ _gnutls_mpi_dprint_size(s, signature,
+ pub.size);
+
+ rsa_fail:
+ mpz_clear(s);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ return ret;
}
static int
-_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
- const gnutls_datum_t * vdata,
- const gnutls_datum_t * signature,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
+ const gnutls_datum_t * vdata,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
- unsigned int hash_len;
- bigint_t tmp[2] = { NULL, NULL };
-
- switch (algo)
- {
- case GNUTLS_PK_EC: /* ECDSA */
- {
- struct ecc_point pub;
- struct dsa_signature sig;
- int curve_id = pk_params->flags;
- const struct ecc_curve * curve;
-
- curve = get_supported_curve(curve_id);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _ecc_params_to_pubkey(pk_params, &pub, curve);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- memcpy (&sig.r, tmp[0], sizeof (sig.r));
- memcpy (&sig.s, tmp[1], sizeof (sig.s));
-
- _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
-
- if (hash_len > vdata->size)
- hash_len = vdata->size;
-
- ret = ecdsa_verify(&pub, hash_len, vdata->data, &sig);
- if (ret == 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
- else
- ret = 0;
-
- ecc_point_clear( &pub);
- break;
- }
- case GNUTLS_PK_DSA:
- {
- struct dsa_public_key pub;
- struct dsa_signature sig;
-
- ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- memset(&pub, 0, sizeof(pub));
- _dsa_params_to_pubkey (pk_params, &pub);
- memcpy (&sig.r, tmp[0], sizeof (sig.r));
- memcpy (&sig.s, tmp[1], sizeof (sig.s));
-
- _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
-
- if (hash_len > vdata->size)
- hash_len = vdata->size;
-
- ret = _dsa_verify (&pub, hash_len, vdata->data, &sig);
- if (ret == 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
- else
- ret = 0;
-
- break;
- }
- case GNUTLS_PK_RSA:
- {
- struct rsa_public_key pub;
-
- _rsa_params_to_pubkey (pk_params, &pub);
-
- if (signature->size != pub.size)
- return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
-
- ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = rsa_pkcs1_verify (&pub, vdata->size, vdata->data, TOMPZ(tmp[0]));
- if (ret == 0)
- ret = gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
- else ret = 0;
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
-cleanup:
-
- _gnutls_mpi_release (&tmp[0]);
- _gnutls_mpi_release (&tmp[1]);
- return ret;
+ int ret;
+ unsigned int hash_len;
+ bigint_t tmp[2] = { NULL, NULL };
+
+ switch (algo) {
+ case GNUTLS_PK_EC: /* ECDSA */
+ {
+ struct ecc_point pub;
+ struct dsa_signature sig;
+ int curve_id = pk_params->flags;
+ const struct ecc_curve *curve;
+
+ curve = get_supported_curve(curve_id);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ret =
+ _gnutls_decode_ber_rs(signature, &tmp[0],
+ &tmp[1]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _ecc_params_to_pubkey(pk_params, &pub, curve);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ memcpy(&sig.r, tmp[0], sizeof(sig.r));
+ memcpy(&sig.s, tmp[1], sizeof(sig.s));
+
+ _gnutls_dsa_q_to_hash(algo, pk_params, &hash_len);
+
+ if (hash_len > vdata->size)
+ hash_len = vdata->size;
+
+ ret =
+ ecdsa_verify(&pub, hash_len, vdata->data,
+ &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ } else
+ ret = 0;
+
+ ecc_point_clear(&pub);
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_signature sig;
+
+ ret =
+ _gnutls_decode_ber_rs(signature, &tmp[0],
+ &tmp[1]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ memset(&pub, 0, sizeof(pub));
+ _dsa_params_to_pubkey(pk_params, &pub);
+ memcpy(&sig.r, tmp[0], sizeof(sig.r));
+ memcpy(&sig.s, tmp[1], sizeof(sig.s));
+
+ _gnutls_dsa_q_to_hash(algo, pk_params, &hash_len);
+
+ if (hash_len > vdata->size)
+ hash_len = vdata->size;
+
+ ret =
+ _dsa_verify(&pub, hash_len, vdata->data, &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ } else
+ ret = 0;
+
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_public_key pub;
+
+ _rsa_params_to_pubkey(pk_params, &pub);
+
+ if (signature->size != pub.size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_PK_SIG_VERIFY_FAILED);
+
+ ret =
+ _gnutls_mpi_scan_nz(&tmp[0], signature->data,
+ signature->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ rsa_pkcs1_verify(&pub, vdata->size,
+ vdata->data, TOMPZ(tmp[0]));
+ if (ret == 0)
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_PK_SIG_VERIFY_FAILED);
+ else
+ ret = 0;
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ cleanup:
+
+ _gnutls_mpi_release(&tmp[0]);
+ _gnutls_mpi_release(&tmp[1]);
+ return ret;
}
static inline const struct ecc_curve *get_supported_curve(int curve)
{
- switch(curve)
- {
- case GNUTLS_ECC_CURVE_SECP192R1:
- return &nettle_secp_192r1;
- case GNUTLS_ECC_CURVE_SECP224R1:
- return &nettle_secp_224r1;
- case GNUTLS_ECC_CURVE_SECP256R1:
- return &nettle_secp_256r1;
- case GNUTLS_ECC_CURVE_SECP384R1:
- return &nettle_secp_384r1;
- case GNUTLS_ECC_CURVE_SECP521R1:
- return &nettle_secp_521r1;
- default:
- return NULL;
- }
+ switch (curve) {
+ case GNUTLS_ECC_CURVE_SECP192R1:
+ return &nettle_secp_192r1;
+ case GNUTLS_ECC_CURVE_SECP224R1:
+ return &nettle_secp_224r1;
+ case GNUTLS_ECC_CURVE_SECP256R1:
+ return &nettle_secp_256r1;
+ case GNUTLS_ECC_CURVE_SECP384R1:
+ return &nettle_secp_384r1;
+ case GNUTLS_ECC_CURVE_SECP521R1:
+ return &nettle_secp_521r1;
+ default:
+ return NULL;
+ }
}
static int
-wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
- unsigned int level /*bits */ ,
- gnutls_pk_params_st * params)
+wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
+ unsigned int level /*bits */ ,
+ gnutls_pk_params_st * params)
{
- int ret;
- unsigned int i, q_bits;
-
- memset(params, 0, sizeof(*params));
-
- switch (algo)
- {
-
- case GNUTLS_PK_DSA:
- {
- struct dsa_public_key pub;
- struct dsa_private_key priv;
-
- dsa_public_key_init (&pub);
- dsa_private_key_init (&priv);
-
- /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
- * but we do NIST DSA here */
- if (level <= 1024)
- q_bits = 160;
- else
- q_bits = 256;
-
- ret =
- dsa_generate_keypair (&pub, &priv, NULL,
- rnd_func, NULL, NULL, level, q_bits);
- if (ret != 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto dsa_fail;
- }
-
- params->params_nr = 0;
- for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
- {
- params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
- if (params->params[i] == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto dsa_fail;
- }
- params->params_nr++;
- }
-
- ret = 0;
- _gnutls_mpi_set (params->params[0], pub.p);
- _gnutls_mpi_set (params->params[1], pub.q);
- _gnutls_mpi_set (params->params[2], pub.g);
- _gnutls_mpi_set (params->params[3], pub.y);
- _gnutls_mpi_set (params->params[4], priv.x);
-
-dsa_fail:
- dsa_private_key_clear (&priv);
- dsa_public_key_clear (&pub);
-
- if (ret < 0)
- goto fail;
-
- break;
- }
- case GNUTLS_PK_RSA:
- {
- struct rsa_public_key pub;
- struct rsa_private_key priv;
-
- rsa_public_key_init (&pub);
- rsa_private_key_init (&priv);
-
- _gnutls_mpi_set_ui (&pub.e, 65537);
-
- ret =
- rsa_generate_keypair (&pub, &priv, NULL,
- rnd_func, NULL, NULL, level, 0);
- if (ret != 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto rsa_fail;
- }
-
- params->params_nr = 0;
- for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
- {
- params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
- if (params->params[i] == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto rsa_fail;
- }
- params->params_nr++;
-
- }
-
- ret = 0;
-
- _gnutls_mpi_set (params->params[0], pub.n);
- _gnutls_mpi_set (params->params[1], pub.e);
- _gnutls_mpi_set (params->params[2], priv.d);
- _gnutls_mpi_set (params->params[3], priv.p);
- _gnutls_mpi_set (params->params[4], priv.q);
- _gnutls_mpi_set (params->params[5], priv.c);
- _gnutls_mpi_set (params->params[6], priv.a);
- _gnutls_mpi_set (params->params[7], priv.b);
-
-rsa_fail:
- rsa_private_key_clear (&priv);
- rsa_public_key_clear (&pub);
-
- if (ret < 0)
- goto fail;
-
- break;
- }
- case GNUTLS_PK_EC:
- {
- struct ecc_scalar key;
- struct ecc_point pub;
- const struct ecc_curve* curve;
-
- curve = get_supported_curve(level);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ecc_scalar_init(&key, curve);
- ecc_point_init(&pub, curve);
-
- ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
-
- params->params[ECC_X] = _gnutls_mpi_new (0);
- params->params[ECC_Y] = _gnutls_mpi_new (0);
- params->params[ECC_K] = _gnutls_mpi_new (0);
-
- if (params->params[ECC_X] == NULL || params->params[ECC_Y] == NULL ||
- params->params[ECC_K] == NULL)
- {
- _gnutls_mpi_release(&params->params[ECC_X]);
- _gnutls_mpi_release(&params->params[ECC_Y]);
- _gnutls_mpi_release(&params->params[ECC_K]);
- goto ecc_cleanup;
- }
-
- params->flags = level;
- params->params_nr = ECC_PRIVATE_PARAMS;
-
- ecc_point_get(&pub, TOMPZ(params->params[ECC_X]), TOMPZ(params->params[ECC_Y]));
- ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
-
-ecc_cleanup:
- ecc_point_clear(&pub);
- ecc_scalar_clear(&key);
-
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-
-fail:
-
- for (i = 0; i < params->params_nr; i++)
- {
- _gnutls_mpi_release (&params->params[i]);
- }
- params->params_nr = 0;
-
- return ret;
+ int ret;
+ unsigned int i, q_bits;
+
+ memset(params, 0, sizeof(*params));
+
+ switch (algo) {
+
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+
+ dsa_public_key_init(&pub);
+ dsa_private_key_init(&priv);
+
+ /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
+ * but we do NIST DSA here */
+ if (level <= 1024)
+ q_bits = 160;
+ else
+ q_bits = 256;
+
+ ret =
+ dsa_generate_keypair(&pub, &priv, NULL,
+ rnd_func, NULL, NULL,
+ level, q_bits);
+ if (ret != 1) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto dsa_fail;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
+ params->params[i] =
+ _gnutls_mpi_alloc_like(&pub.p);
+ if (params->params[i] == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto dsa_fail;
+ }
+ params->params_nr++;
+ }
+
+ ret = 0;
+ _gnutls_mpi_set(params->params[0], pub.p);
+ _gnutls_mpi_set(params->params[1], pub.q);
+ _gnutls_mpi_set(params->params[2], pub.g);
+ _gnutls_mpi_set(params->params[3], pub.y);
+ _gnutls_mpi_set(params->params[4], priv.x);
+
+ dsa_fail:
+ dsa_private_key_clear(&priv);
+ dsa_public_key_clear(&pub);
+
+ if (ret < 0)
+ goto fail;
+
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_public_key pub;
+ struct rsa_private_key priv;
+
+ rsa_public_key_init(&pub);
+ rsa_private_key_init(&priv);
+
+ _gnutls_mpi_set_ui(&pub.e, 65537);
+
+ ret =
+ rsa_generate_keypair(&pub, &priv, NULL,
+ rnd_func, NULL, NULL,
+ level, 0);
+ if (ret != 1) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto rsa_fail;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
+ params->params[i] =
+ _gnutls_mpi_alloc_like(&pub.n);
+ if (params->params[i] == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto rsa_fail;
+ }
+ params->params_nr++;
+
+ }
+
+ ret = 0;
+
+ _gnutls_mpi_set(params->params[0], pub.n);
+ _gnutls_mpi_set(params->params[1], pub.e);
+ _gnutls_mpi_set(params->params[2], priv.d);
+ _gnutls_mpi_set(params->params[3], priv.p);
+ _gnutls_mpi_set(params->params[4], priv.q);
+ _gnutls_mpi_set(params->params[5], priv.c);
+ _gnutls_mpi_set(params->params[6], priv.a);
+ _gnutls_mpi_set(params->params[7], priv.b);
+
+ rsa_fail:
+ rsa_private_key_clear(&priv);
+ rsa_public_key_clear(&pub);
+
+ if (ret < 0)
+ goto fail;
+
+ break;
+ }
+ case GNUTLS_PK_EC:
+ {
+ struct ecc_scalar key;
+ struct ecc_point pub;
+ const struct ecc_curve *curve;
+
+ curve = get_supported_curve(level);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ecc_scalar_init(&key, curve);
+ ecc_point_init(&pub, curve);
+
+ ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
+
+ params->params[ECC_X] = _gnutls_mpi_new(0);
+ params->params[ECC_Y] = _gnutls_mpi_new(0);
+ params->params[ECC_K] = _gnutls_mpi_new(0);
+
+ if (params->params[ECC_X] == NULL
+ || params->params[ECC_Y] == NULL
+ || params->params[ECC_K] == NULL) {
+ _gnutls_mpi_release(&params->
+ params[ECC_X]);
+ _gnutls_mpi_release(&params->
+ params[ECC_Y]);
+ _gnutls_mpi_release(&params->
+ params[ECC_K]);
+ goto ecc_cleanup;
+ }
+
+ params->flags = level;
+ params->params_nr = ECC_PRIVATE_PARAMS;
+
+ ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
+ TOMPZ(params->params[ECC_Y]));
+ ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
+
+ ecc_cleanup:
+ ecc_point_clear(&pub);
+ ecc_scalar_clear(&key);
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+ fail:
+
+ for (i = 0; i < params->params_nr; i++) {
+ _gnutls_mpi_release(&params->params[i]);
+ }
+ params->params_nr = 0;
+
+ return ret;
}
static int
-wrap_nettle_pk_verify_params (gnutls_pk_algorithm_t algo,
- const gnutls_pk_params_st * params)
+wrap_nettle_pk_verify_params(gnutls_pk_algorithm_t algo,
+ const gnutls_pk_params_st * params)
{
- int ret;
-
- switch (algo)
- {
- case GNUTLS_PK_RSA:
- {
- bigint_t t1 = NULL, t2 = NULL;
-
- if (params->params_nr != RSA_PRIVATE_PARAMS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- t1 = _gnutls_mpi_new (256);
- if (t1 == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_mpi_mulm (t1, params->params[RSA_PRIME1], params->params[RSA_PRIME2], params->params[RSA_MODULUS]);
- if (_gnutls_mpi_cmp_ui(t1, 0) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto rsa_cleanup;
- }
-
- mpz_invert (TOMPZ(t1), TOMPZ (params->params[RSA_PRIME2]), TOMPZ (params->params[RSA_PRIME1]));
- if (_gnutls_mpi_cmp(t1, params->params[RSA_COEF]) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto rsa_cleanup;
- }
-
- /* [RSA_PRIME1] = d % p-1, [RSA_PRIME2] = d % q-1 */
- _gnutls_mpi_sub_ui (t1, params->params[RSA_PRIME1], 1);
- t2 = _gnutls_mpi_mod (params->params[RSA_PRIV], t1);
- if (t2 == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto rsa_cleanup;
- }
-
- if (_gnutls_mpi_cmp(params->params[RSA_E1], t2) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto rsa_cleanup;
- }
-
- _gnutls_mpi_sub_ui (t1, params->params[RSA_PRIME2], 1);
- _gnutls_mpi_release(&t2);
-
- t2 = _gnutls_mpi_mod (params->params[RSA_PRIV], t1);
- if (t2 == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto rsa_cleanup;
- }
-
- if (_gnutls_mpi_cmp(params->params[RSA_E2], t2) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto rsa_cleanup;
- }
-
- ret = 0;
-
-rsa_cleanup:
- _gnutls_mpi_release(&t1);
- _gnutls_mpi_release(&t2);
- }
-
- break;
- case GNUTLS_PK_DSA:
- {
- bigint_t t1 = NULL;
-
- if (params->params_nr != DSA_PRIVATE_PARAMS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- t1 = _gnutls_mpi_new (256);
- if (t1 == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_mpi_powm (t1, params->params[DSA_G], params->params[DSA_X], params->params[DSA_P]);
-
- if (_gnutls_mpi_cmp(t1, params->params[DSA_Y]) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto dsa_cleanup;
- }
-
- ret = 0;
-
-dsa_cleanup:
- _gnutls_mpi_release(&t1);
- }
-
- break;
- case GNUTLS_PK_EC:
- {
- struct ecc_point r, pub;
- struct ecc_scalar priv;
- mpz_t x1, y1, x2, y2;
- const struct ecc_curve * curve;
-
- if (params->params_nr != ECC_PRIVATE_PARAMS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- curve = get_supported_curve(params->flags);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ret = _ecc_params_to_pubkey(params, &pub, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _ecc_params_to_privkey(params, &priv, curve);
- if (ret < 0)
- {
- ecc_point_clear(&pub);
- return gnutls_assert_val(ret);
- }
-
- ecc_point_init(&r, curve);
- /* verify that x,y lie on the curve */
- ret = ecc_point_set(&r, TOMPZ(params->params[ECC_X]), TOMPZ(params->params[ECC_Y]));
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto ecc_cleanup;
- }
- ecc_point_clear(&r);
-
- ecc_point_init(&r, curve);
- ecc_point_mul_g(&r, &priv);
-
- mpz_init(x1);
- mpz_init(y1);
- ecc_point_get(&r, x1, y1);
- ecc_point_clear(&r);
-
- mpz_init(x2);
- mpz_init(y2);
- ecc_point_get(&pub, x2, y2);
-
- /* verify that k*(Gx,Gy)=(x,y) */
- if (mpz_cmp(x1, x2) != 0 || mpz_cmp(y1, y2) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto ecc_cleanup;
- }
-
- ret = 0;
-
-ecc_cleanup:
- ecc_scalar_clear(&priv);
- ecc_point_clear(&pub);
- }
- break;
- default:
- ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- }
-
- return ret;
+ int ret;
+
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ {
+ bigint_t t1 = NULL, t2 = NULL;
+
+ if (params->params_nr != RSA_PRIVATE_PARAMS)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ t1 = _gnutls_mpi_new(256);
+ if (t1 == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_mpi_mulm(t1, params->params[RSA_PRIME1],
+ params->params[RSA_PRIME2],
+ params->params[RSA_MODULUS]);
+ if (_gnutls_mpi_cmp_ui(t1, 0) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto rsa_cleanup;
+ }
+
+ mpz_invert(TOMPZ(t1),
+ TOMPZ(params->params[RSA_PRIME2]),
+ TOMPZ(params->params[RSA_PRIME1]));
+ if (_gnutls_mpi_cmp(t1, params->params[RSA_COEF])
+ != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto rsa_cleanup;
+ }
+
+ /* [RSA_PRIME1] = d % p-1, [RSA_PRIME2] = d % q-1 */
+ _gnutls_mpi_sub_ui(t1, params->params[RSA_PRIME1],
+ 1);
+ t2 = _gnutls_mpi_mod(params->params[RSA_PRIV], t1);
+ if (t2 == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto rsa_cleanup;
+ }
+
+ if (_gnutls_mpi_cmp(params->params[RSA_E1], t2) !=
+ 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto rsa_cleanup;
+ }
+
+ _gnutls_mpi_sub_ui(t1, params->params[RSA_PRIME2],
+ 1);
+ _gnutls_mpi_release(&t2);
+
+ t2 = _gnutls_mpi_mod(params->params[RSA_PRIV], t1);
+ if (t2 == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto rsa_cleanup;
+ }
+
+ if (_gnutls_mpi_cmp(params->params[RSA_E2], t2) !=
+ 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto rsa_cleanup;
+ }
+
+ ret = 0;
+
+ rsa_cleanup:
+ _gnutls_mpi_release(&t1);
+ _gnutls_mpi_release(&t2);
+ }
+
+ break;
+ case GNUTLS_PK_DSA:
+ {
+ bigint_t t1 = NULL;
+
+ if (params->params_nr != DSA_PRIVATE_PARAMS)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ t1 = _gnutls_mpi_new(256);
+ if (t1 == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_mpi_powm(t1, params->params[DSA_G],
+ params->params[DSA_X],
+ params->params[DSA_P]);
+
+ if (_gnutls_mpi_cmp(t1, params->params[DSA_Y]) !=
+ 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto dsa_cleanup;
+ }
+
+ ret = 0;
+
+ dsa_cleanup:
+ _gnutls_mpi_release(&t1);
+ }
+
+ break;
+ case GNUTLS_PK_EC:
+ {
+ struct ecc_point r, pub;
+ struct ecc_scalar priv;
+ mpz_t x1, y1, x2, y2;
+ const struct ecc_curve *curve;
+
+ if (params->params_nr != ECC_PRIVATE_PARAMS)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ curve = get_supported_curve(params->flags);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ret = _ecc_params_to_pubkey(params, &pub, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _ecc_params_to_privkey(params, &priv, curve);
+ if (ret < 0) {
+ ecc_point_clear(&pub);
+ return gnutls_assert_val(ret);
+ }
+
+ ecc_point_init(&r, curve);
+ /* verify that x,y lie on the curve */
+ ret =
+ ecc_point_set(&r, TOMPZ(params->params[ECC_X]),
+ TOMPZ(params->params[ECC_Y]));
+ if (ret == 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto ecc_cleanup;
+ }
+ ecc_point_clear(&r);
+
+ ecc_point_init(&r, curve);
+ ecc_point_mul_g(&r, &priv);
+
+ mpz_init(x1);
+ mpz_init(y1);
+ ecc_point_get(&r, x1, y1);
+ ecc_point_clear(&r);
+
+ mpz_init(x2);
+ mpz_init(y2);
+ ecc_point_get(&pub, x2, y2);
+
+ /* verify that k*(Gx,Gy)=(x,y) */
+ if (mpz_cmp(x1, x2) != 0 || mpz_cmp(y1, y2) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto ecc_cleanup;
+ }
+
+ ret = 0;
+
+ ecc_cleanup:
+ ecc_scalar_clear(&priv);
+ ecc_point_clear(&pub);
+ }
+ break;
+ default:
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ return ret;
}
-static int calc_rsa_exp (gnutls_pk_params_st* params)
+static int calc_rsa_exp(gnutls_pk_params_st * params)
{
- bigint_t tmp = _gnutls_mpi_alloc_like (params->params[0]);
+ bigint_t tmp = _gnutls_mpi_alloc_like(params->params[0]);
- if (params->params_nr < RSA_PRIVATE_PARAMS - 2)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (params->params_nr < RSA_PRIVATE_PARAMS - 2) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (tmp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (tmp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- /* [6] = d % p-1, [7] = d % q-1 */
- _gnutls_mpi_sub_ui (tmp, params->params[3], 1);
- params->params[6] = _gnutls_mpi_mod (params->params[2] /*d */ , tmp);
+ /* [6] = d % p-1, [7] = d % q-1 */
+ _gnutls_mpi_sub_ui(tmp, params->params[3], 1);
+ params->params[6] =
+ _gnutls_mpi_mod(params->params[2] /*d */ , tmp);
- _gnutls_mpi_sub_ui (tmp, params->params[4], 1);
- params->params[7] = _gnutls_mpi_mod (params->params[2] /*d */ , tmp);
+ _gnutls_mpi_sub_ui(tmp, params->params[4], 1);
+ params->params[7] =
+ _gnutls_mpi_mod(params->params[2] /*d */ , tmp);
- _gnutls_mpi_release (&tmp);
+ _gnutls_mpi_release(&tmp);
- if (params->params[7] == NULL || params->params[6] == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (params->params[7] == NULL || params->params[6] == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
static int
-wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo,
- gnutls_direction_t direction,
- gnutls_pk_params_st * params)
+wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
+ gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
{
- int result;
-
- if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA)
- {
- /* do not trust the generated values. Some old private keys
- * generated by us have mess on the values. Those were very
- * old but it seemed some of the shipped example private
- * keys were as old.
- */
- mpz_invert (TOMPZ (params->params[RSA_COEF]),
- TOMPZ (params->params[RSA_PRIME2]), TOMPZ (params->params[RSA_PRIME1]));
-
- /* calculate exp1 [6] and exp2 [7] */
- _gnutls_mpi_release (&params->params[RSA_E1]);
- _gnutls_mpi_release (&params->params[RSA_E2]);
-
- result = calc_rsa_exp (params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- params->params_nr = RSA_PRIVATE_PARAMS;
- }
-
- return 0;
+ int result;
+
+ if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA) {
+ /* do not trust the generated values. Some old private keys
+ * generated by us have mess on the values. Those were very
+ * old but it seemed some of the shipped example private
+ * keys were as old.
+ */
+ mpz_invert(TOMPZ(params->params[RSA_COEF]),
+ TOMPZ(params->params[RSA_PRIME2]),
+ TOMPZ(params->params[RSA_PRIME1]));
+
+ /* calculate exp1 [6] and exp2 [7] */
+ _gnutls_mpi_release(&params->params[RSA_E1]);
+ _gnutls_mpi_release(&params->params[RSA_E2]);
+
+ result = calc_rsa_exp(params);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ params->params_nr = RSA_PRIVATE_PARAMS;
+ }
+
+ return 0;
}
static int
extract_digest_info(const struct rsa_public_key *key,
- gnutls_datum_t *di, uint8_t** rdi,
- const mpz_t signature)
+ gnutls_datum_t * di, uint8_t ** rdi,
+ const mpz_t signature)
{
- unsigned i;
- int ret;
- mpz_t m;
- uint8_t *em;
-
- if (key->size == 0)
- return 0;
-
- em = gnutls_malloc(key->size);
- if (em == NULL)
- return 0;
-
- mpz_init (m);
-
- mpz_powm(m, signature, key->e, key->n);
-
- nettle_mpz_get_str_256(key->size, em, m);
- mpz_clear(m);
-
- if (em[0] != 0 || em[1] != 1)
- {
- ret = 0;
- goto cleanup;
- }
-
- for (i = 2; i < key->size; i++)
- {
- if (em[i] == 0 && i > 2)
- break;
-
- if (em[i] != 0xff)
- {
- ret = 0;
- goto cleanup;
- }
- }
-
- i++;
-
- *rdi = em;
-
- di->data = &em[i];
- di->size = key->size - i;
-
- return 1;
-
-cleanup:
- gnutls_free(em);
-
- return ret;
+ unsigned i;
+ int ret;
+ mpz_t m;
+ uint8_t *em;
+
+ if (key->size == 0)
+ return 0;
+
+ em = gnutls_malloc(key->size);
+ if (em == NULL)
+ return 0;
+
+ mpz_init(m);
+
+ mpz_powm(m, signature, key->e, key->n);
+
+ nettle_mpz_get_str_256(key->size, em, m);
+ mpz_clear(m);
+
+ if (em[0] != 0 || em[1] != 1) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ for (i = 2; i < key->size; i++) {
+ if (em[i] == 0 && i > 2)
+ break;
+
+ if (em[i] != 0xff) {
+ ret = 0;
+ goto cleanup;
+ }
+ }
+
+ i++;
+
+ *rdi = em;
+
+ di->data = &em[i];
+ di->size = key->size - i;
+
+ return 1;
+
+ cleanup:
+ gnutls_free(em);
+
+ return ret;
}
/* Given a signature and parameters, it should return
@@ -1075,82 +1144,80 @@ cleanup:
* but until we deprecate gnutls_pubkey_get_verify_algorithm()
* we depend on it.
*/
-static int wrap_nettle_hash_algorithm (gnutls_pk_algorithm_t pk,
- const gnutls_datum_t * sig, gnutls_pk_params_st * issuer_params,
- gnutls_digest_algorithm_t* hash_algo)
+static int wrap_nettle_hash_algorithm(gnutls_pk_algorithm_t pk,
+ const gnutls_datum_t * sig,
+ gnutls_pk_params_st * issuer_params,
+ gnutls_digest_algorithm_t *
+ hash_algo)
{
- uint8_t digest[MAX_HASH_SIZE];
- uint8_t* rdi = NULL;
- gnutls_datum_t di;
- unsigned digest_size;
- mpz_t s;
- struct rsa_public_key pub;
- const mac_entry_st* me;
- int ret;
-
- mpz_init(s);
-
- switch (pk)
- {
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
-
- me = _gnutls_dsa_q_to_hash (pk, issuer_params, NULL);
- if (hash_algo)
- *hash_algo = me->id;
-
- ret = 0;
- break;
- case GNUTLS_PK_RSA:
- if (sig == NULL)
- { /* return a sensible algorithm */
- if (hash_algo)
- *hash_algo = GNUTLS_DIG_SHA256;
- return 0;
- }
-
- _rsa_params_to_pubkey (issuer_params, &pub);
-
- digest_size = sizeof(digest);
-
- nettle_mpz_set_str_256_u(s, sig->size, sig->data);
-
- ret = extract_digest_info( &pub, &di, &rdi, s);
- if (ret == 0)
- {
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- gnutls_assert ();
- goto cleanup;
- }
-
- digest_size = sizeof(digest);
- if ((ret =
- decode_ber_digest_info (&di, hash_algo, digest,
- &digest_size)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (digest_size != _gnutls_hash_get_algo_len (mac_to_entry(*hash_algo)))
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- goto cleanup;
- }
-
- ret = 0;
- break;
-
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
-
-cleanup:
- mpz_clear(s);
- gnutls_free(rdi);
- return ret;
+ uint8_t digest[MAX_HASH_SIZE];
+ uint8_t *rdi = NULL;
+ gnutls_datum_t di;
+ unsigned digest_size;
+ mpz_t s;
+ struct rsa_public_key pub;
+ const mac_entry_st *me;
+ int ret;
+
+ mpz_init(s);
+
+ switch (pk) {
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+
+ me = _gnutls_dsa_q_to_hash(pk, issuer_params, NULL);
+ if (hash_algo)
+ *hash_algo = me->id;
+
+ ret = 0;
+ break;
+ case GNUTLS_PK_RSA:
+ if (sig == NULL) { /* return a sensible algorithm */
+ if (hash_algo)
+ *hash_algo = GNUTLS_DIG_SHA256;
+ return 0;
+ }
+
+ _rsa_params_to_pubkey(issuer_params, &pub);
+
+ digest_size = sizeof(digest);
+
+ nettle_mpz_set_str_256_u(s, sig->size, sig->data);
+
+ ret = extract_digest_info(&pub, &di, &rdi, s);
+ if (ret == 0) {
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ digest_size = sizeof(digest);
+ if ((ret =
+ decode_ber_digest_info(&di, hash_algo, digest,
+ &digest_size)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (digest_size !=
+ _gnutls_hash_get_algo_len(mac_to_entry(*hash_algo))) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ goto cleanup;
+ }
+
+ ret = 0;
+ break;
+
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ cleanup:
+ mpz_clear(s);
+ gnutls_free(rdi);
+ return ret;
}
@@ -1158,13 +1225,13 @@ cleanup:
int crypto_pk_prio = INT_MAX;
gnutls_crypto_pk_st _gnutls_pk_ops = {
- .hash_algorithm = wrap_nettle_hash_algorithm,
- .encrypt = _wrap_nettle_pk_encrypt,
- .decrypt = _wrap_nettle_pk_decrypt,
- .sign = _wrap_nettle_pk_sign,
- .verify = _wrap_nettle_pk_verify,
- .verify_params = wrap_nettle_pk_verify_params,
- .generate = wrap_nettle_pk_generate_params,
- .pk_fixup_private_params = wrap_nettle_pk_fixup,
- .derive = _wrap_nettle_pk_derive,
+ .hash_algorithm = wrap_nettle_hash_algorithm,
+ .encrypt = _wrap_nettle_pk_encrypt,
+ .decrypt = _wrap_nettle_pk_decrypt,
+ .sign = _wrap_nettle_pk_sign,
+ .verify = _wrap_nettle_pk_verify,
+ .verify_params = wrap_nettle_pk_verify_params,
+ .generate = wrap_nettle_pk_generate_params,
+ .pk_fixup_private_params = wrap_nettle_pk_fixup,
+ .derive = _wrap_nettle_pk_derive,
};
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index 46a76d4f4a..cd988c2be6 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -33,10 +33,10 @@
#include <gnutls_num.h>
#include <nettle/yarrow.h>
#ifdef HAVE_GETPID
-# include <unistd.h> /* getpid */
+#include <unistd.h> /* getpid */
#endif
#ifdef HAVE_GETRUSAGE
-# include <sys/resource.h>
+#include <sys/resource.h>
#endif
#include <errno.h>
@@ -45,10 +45,9 @@
#define RND_LOCK if (gnutls_mutex_lock(&rnd_mutex)!=0) abort()
#define RND_UNLOCK if (gnutls_mutex_unlock(&rnd_mutex)!=0) abort()
-enum
-{
- RANDOM_SOURCE_TRIVIA = 0,
- RANDOM_SOURCE_DEVICE,
+enum {
+ RANDOM_SOURCE_TRIVIA = 0,
+ RANDOM_SOURCE_DEVICE,
};
static struct yarrow256_ctx yctx;
@@ -60,73 +59,68 @@ static struct timespec current_time = { 0, 0 };
static time_t trivia_previous_time = 0;
static time_t trivia_time_count = 0;
#ifdef HAVE_GETPID
-static pid_t pid; /* detect fork() */
+static pid_t pid; /* detect fork() */
#endif
static void *rnd_mutex;
inline static unsigned int
-timespec_sub_sec (struct timespec *a, struct timespec *b)
+timespec_sub_sec(struct timespec *a, struct timespec *b)
{
- return (a->tv_sec - b->tv_sec);
+ return (a->tv_sec - b->tv_sec);
}
#define DEVICE_READ_INTERVAL (1200)
/* universal functions */
-static int
-do_trivia_source (int init)
+static int do_trivia_source(int init)
{
- static struct
- {
- struct timespec now;
+ static struct {
+ struct timespec now;
#ifdef HAVE_GETRUSAGE
- struct rusage rusage;
+ struct rusage rusage;
#endif
#ifdef HAVE_GETPID
- pid_t pid;
+ pid_t pid;
#endif
- unsigned count;
- } event;
- unsigned entropy = 0;
+ unsigned count;
+ } event;
+ unsigned entropy = 0;
- memcpy(&event.now, &current_time, sizeof(event.now));
+ memcpy(&event.now, &current_time, sizeof(event.now));
#ifdef HAVE_GETRUSAGE
- if (getrusage (RUSAGE_SELF, &event.rusage) < 0)
- {
- _gnutls_debug_log ("getrusage failed: %s\n", strerror (errno));
- abort ();
- }
+ if (getrusage(RUSAGE_SELF, &event.rusage) < 0) {
+ _gnutls_debug_log("getrusage failed: %s\n",
+ strerror(errno));
+ abort();
+ }
#endif
- event.count = 0;
- if (init)
- {
- trivia_time_count = 0;
- }
- else
- {
- event.count = trivia_time_count++;
-
- if (event.now.tv_sec != trivia_previous_time)
- {
- /* Count one bit of entropy if we either have more than two
- * invocations in one second, or more than two seconds
- * between invocations. */
- if ((trivia_time_count > 2)
- || ((event.now.tv_sec - trivia_previous_time) > 2))
- entropy++;
-
- trivia_time_count = 0;
- }
- }
- trivia_previous_time = event.now.tv_sec;
+ event.count = 0;
+ if (init) {
+ trivia_time_count = 0;
+ } else {
+ event.count = trivia_time_count++;
+
+ if (event.now.tv_sec != trivia_previous_time) {
+ /* Count one bit of entropy if we either have more than two
+ * invocations in one second, or more than two seconds
+ * between invocations. */
+ if ((trivia_time_count > 2)
+ || ((event.now.tv_sec - trivia_previous_time) >
+ 2))
+ entropy++;
+
+ trivia_time_count = 0;
+ }
+ }
+ trivia_previous_time = event.now.tv_sec;
#ifdef HAVE_GETPID
- event.pid = pid;
+ event.pid = pid;
#endif
-
- return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy,
- sizeof (event), (void *) &event);
+
+ return yarrow256_update(&yctx, RANDOM_SOURCE_TRIVIA, entropy,
+ sizeof(event), (void *) &event);
}
@@ -142,61 +136,60 @@ do_trivia_source (int init)
static HCRYPTPROV device_fd = 0;
-static int
-do_device_source (int init)
+static int do_device_source(int init)
{
- int read_size = DEVICE_READ_SIZE;
-
- if (init)
- {
- int old;
-
- if (!CryptAcquireContext
- (&device_fd, NULL, NULL, PROV_RSA_FULL,
- CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
- {
- _gnutls_debug_log ("error in CryptAcquireContext!\n");
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
- gettime(&device_last_read);
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
- }
-
- if ((device_fd != 0)
- && (init || timespec_sub_sec(&current_time, &device_last_read) > DEVICE_READ_INTERVAL))
- {
-
- /* More than 20 minutes since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
-
- if (!CryptGenRandom (device_fd, (DWORD) read_size, buf))
- {
- _gnutls_debug_log ("Error in CryptGenRandom: %s\n",
- GetLastError ());
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
-
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
- return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
- read_size * 8 /
- 2 /* we trust the system RNG */ ,
- read_size, buf);
- }
- return 0;
+ int read_size = DEVICE_READ_SIZE;
+
+ if (init) {
+ int old;
+
+ if (!CryptAcquireContext
+ (&device_fd, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
+ _gnutls_debug_log
+ ("error in CryptAcquireContext!\n");
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+ gettime(&device_last_read);
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((device_fd != 0)
+ && (init
+ || timespec_sub_sec(&current_time,
+ &device_last_read) >
+ DEVICE_READ_INTERVAL)) {
+
+ /* More than 20 minutes since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+
+ if (!CryptGenRandom(device_fd, (DWORD) read_size, buf)) {
+ _gnutls_debug_log("Error in CryptGenRandom: %s\n",
+ GetLastError());
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+ return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 /
+ 2 /* we trust the system RNG */ ,
+ read_size, buf);
+ }
+ return 0;
}
-static void
-wrap_nettle_rnd_deinit (void *ctx)
+static void wrap_nettle_rnd_deinit(void *ctx)
{
- RND_LOCK;
- CryptReleaseContext (device_fd, 0);
- RND_UNLOCK;
+ RND_LOCK;
+ CryptReleaseContext(device_fd, 0);
+ RND_UNLOCK;
- gnutls_mutex_deinit (&rnd_mutex);
- rnd_mutex = NULL;
+ gnutls_mutex_deinit(&rnd_mutex);
+ rnd_mutex = NULL;
}
-#else /* POSIX */
+#else /* POSIX */
#include <time.h>
#include <sys/types.h>
@@ -211,172 +204,167 @@ wrap_nettle_rnd_deinit (void *ctx)
static int device_fd;
-static int
-do_device_source_urandom (int init)
+static int do_device_source_urandom(int init)
{
- unsigned int read_size = DEVICE_READ_SIZE;
-
- if (init)
- {
- int old;
-
- device_fd = open ("/dev/urandom", O_RDONLY);
- if (device_fd < 0)
- {
- _gnutls_debug_log ("Cannot open urandom!\n");
- return GNUTLS_E_FILE_ERROR;
- }
-
- old = fcntl (device_fd, F_GETFD);
- if (old != -1)
- fcntl (device_fd, F_SETFD, old | FD_CLOEXEC);
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
-
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
- }
-
- if ((init || (timespec_sub_sec(&current_time, &device_last_read) > DEVICE_READ_INTERVAL)) && (device_fd > 0))
- {
- /* More than 20 minutes since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
- uint32_t done;
-
- for (done = 0; done < read_size;)
- {
- int res;
- do
- res = read (device_fd, buf + done, sizeof (buf) - done);
- while (res < 0 && errno == EINTR);
-
- if (res <= 0)
- {
- if (res < 0)
- {
- _gnutls_debug_log ("Failed to read /dev/urandom: %s\n",
- strerror (errno));
- }
- else
- {
- _gnutls_debug_log
- ("Failed to read /dev/urandom: end of file\n");
- }
-
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
-
- done += res;
- }
-
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
- return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
- read_size * 8 / 2 /* we trust the RNG */ ,
- read_size, buf);
- }
- return 0;
+ unsigned int read_size = DEVICE_READ_SIZE;
+
+ if (init) {
+ int old;
+
+ device_fd = open("/dev/urandom", O_RDONLY);
+ if (device_fd < 0) {
+ _gnutls_debug_log("Cannot open urandom!\n");
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ old = fcntl(device_fd, F_GETFD);
+ if (old != -1)
+ fcntl(device_fd, F_SETFD, old | FD_CLOEXEC);
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((init
+ || (timespec_sub_sec(&current_time, &device_last_read) >
+ DEVICE_READ_INTERVAL)) && (device_fd > 0)) {
+ /* More than 20 minutes since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+ uint32_t done;
+
+ for (done = 0; done < read_size;) {
+ int res;
+ do
+ res =
+ read(device_fd, buf + done,
+ sizeof(buf) - done);
+ while (res < 0 && errno == EINTR);
+
+ if (res <= 0) {
+ if (res < 0) {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: %s\n",
+ strerror(errno));
+ } else {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: end of file\n");
+ }
+
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+ done += res;
+ }
+
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+ return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 /
+ 2 /* we trust the RNG */ ,
+ read_size, buf);
+ }
+ return 0;
}
-static int
-do_device_source_egd (int init)
+static int do_device_source_egd(int init)
{
- unsigned int read_size = DEVICE_READ_SIZE;
-
- if (init)
- {
- device_fd = _rndegd_connect_socket ();
- if (device_fd < 0)
- {
- _gnutls_debug_log ("Cannot open egd socket!\n");
- return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
- }
-
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
-
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
- }
-
- if ((device_fd > 0)
- && (init || (timespec_sub_sec(&current_time, &device_last_read) > DEVICE_READ_INTERVAL)))
- {
-
- /* More than 20 minutes since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
- uint32_t done;
-
- for (done = 0; done < read_size;)
- {
- int res;
- res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done);
- if (res <= 0)
- {
- if (res < 0)
- {
- _gnutls_debug_log ("Failed to read egd.\n");
- }
- else
- {
- _gnutls_debug_log ("Failed to read egd: end of file\n");
- }
-
- return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
- }
- done += res;
- }
-
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
- return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, read_size * 8 / 2,
- read_size, buf);
- }
- return 0;
+ unsigned int read_size = DEVICE_READ_SIZE;
+
+ if (init) {
+ device_fd = _rndegd_connect_socket();
+ if (device_fd < 0) {
+ _gnutls_debug_log("Cannot open egd socket!\n");
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RANDOM_DEVICE_ERROR);
+ }
+
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((device_fd > 0)
+ && (init
+ || (timespec_sub_sec(&current_time, &device_last_read) >
+ DEVICE_READ_INTERVAL))) {
+
+ /* More than 20 minutes since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+ uint32_t done;
+
+ for (done = 0; done < read_size;) {
+ int res;
+ res =
+ _rndegd_read(&device_fd, buf + done,
+ sizeof(buf) - done);
+ if (res <= 0) {
+ if (res < 0) {
+ _gnutls_debug_log
+ ("Failed to read egd.\n");
+ } else {
+ _gnutls_debug_log
+ ("Failed to read egd: end of file\n");
+ }
+
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RANDOM_DEVICE_ERROR);
+ }
+ done += res;
+ }
+
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+ return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 / 2, read_size, buf);
+ }
+ return 0;
}
-static int
-do_device_source (int init)
+static int do_device_source(int init)
{
- int ret;
- static int (*do_source) (int init) = NULL;
+ int ret;
+ static int (*do_source) (int init) = NULL;
/* using static var here is ok since we are
* always called with mutexes down
*/
- if (init == 1)
- {
+ if (init == 1) {
#ifdef HAVE_GETPID
- pid = getpid();
+ pid = getpid();
#endif
- do_source = do_device_source_urandom;
- ret = do_source (init);
- if (ret < 0)
- {
- do_source = do_device_source_egd;
- ret = do_source (init);
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
- }
- else
- {
- ret = do_source (init);
-
- return ret;
- }
+ do_source = do_device_source_urandom;
+ ret = do_source(init);
+ if (ret < 0) {
+ do_source = do_device_source_egd;
+ ret = do_source(init);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
+ } else {
+ ret = do_source(init);
+
+ return ret;
+ }
}
-static void
-wrap_nettle_rnd_deinit (void *ctx)
+static void wrap_nettle_rnd_deinit(void *ctx)
{
- RND_LOCK;
- close (device_fd);
- RND_UNLOCK;
+ RND_LOCK;
+ close(device_fd);
+ RND_UNLOCK;
- gnutls_mutex_deinit (&rnd_mutex);
- rnd_mutex = NULL;
+ gnutls_mutex_deinit(&rnd_mutex);
+ rnd_mutex = NULL;
}
#endif
@@ -384,109 +372,100 @@ wrap_nettle_rnd_deinit (void *ctx)
/* API functions */
-static int
-wrap_nettle_rnd_init (void **ctx)
+static int wrap_nettle_rnd_init(void **ctx)
{
- int ret;
-
- ret = gnutls_mutex_init (&rnd_mutex);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- yarrow256_init (&yctx, SOURCES, ysources);
- gettime(&current_time);
-
- ret = do_device_source (1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = do_trivia_source (1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- yarrow256_slow_reseed (&yctx);
-
- return 0;
+ int ret;
+
+ ret = gnutls_mutex_init(&rnd_mutex);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ yarrow256_init(&yctx, SOURCES, ysources);
+ gettime(&current_time);
+
+ ret = do_device_source(1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = do_trivia_source(1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ yarrow256_slow_reseed(&yctx);
+
+ return 0;
}
static int
-wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize)
+wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize)
{
- int ret, reseed = 0;
+ int ret, reseed = 0;
- RND_LOCK;
+ RND_LOCK;
#ifdef HAVE_GETPID
- if (getpid() != pid)
- { /* fork() detected */
- memset(&device_last_read, 0, sizeof(device_last_read));
- pid = getpid();
- reseed = 1;
- }
+ if (getpid() != pid) { /* fork() detected */
+ memset(&device_last_read, 0, sizeof(device_last_read));
+ pid = getpid();
+ reseed = 1;
+ }
#endif
- /* update state only when having a non-nonce or if nonce
- * and nsecs%4096 == 0, i.e., one out of 4096 times called .
- *
- * The reason we do that is to avoid any delays when generating nonces.
- */
- if (level != GNUTLS_RND_NONCE || reseed != 0)
- {
- gettime(&current_time);
-
- ret = do_trivia_source (0);
- if (ret < 0)
- {
- RND_UNLOCK;
- gnutls_assert ();
- return ret;
- }
-
- ret = do_device_source (0);
- if (ret < 0)
- {
- RND_UNLOCK;
- gnutls_assert ();
- return ret;
- }
-
- if (reseed)
- yarrow256_slow_reseed (&yctx);
- }
-
- yarrow256_random (&yctx, datasize, data);
- RND_UNLOCK;
- return 0;
+ /* update state only when having a non-nonce or if nonce
+ * and nsecs%4096 == 0, i.e., one out of 4096 times called .
+ *
+ * The reason we do that is to avoid any delays when generating nonces.
+ */
+ if (level != GNUTLS_RND_NONCE || reseed != 0) {
+ gettime(&current_time);
+
+ ret = do_trivia_source(0);
+ if (ret < 0) {
+ RND_UNLOCK;
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = do_device_source(0);
+ if (ret < 0) {
+ RND_UNLOCK;
+ gnutls_assert();
+ return ret;
+ }
+
+ if (reseed)
+ yarrow256_slow_reseed(&yctx);
+ }
+
+ yarrow256_random(&yctx, datasize, data);
+ RND_UNLOCK;
+ return 0;
}
-static void
-wrap_nettle_rnd_refresh (void *_ctx)
+static void wrap_nettle_rnd_refresh(void *_ctx)
{
- RND_LOCK;
- gettime(&current_time);
+ RND_LOCK;
+ gettime(&current_time);
- do_trivia_source (0);
- do_device_source (0);
+ do_trivia_source(0);
+ do_device_source(0);
- RND_UNLOCK;
- return;
+ RND_UNLOCK;
+ return;
}
int crypto_rnd_prio = INT_MAX;
gnutls_crypto_rnd_st _gnutls_rnd_ops = {
- .init = wrap_nettle_rnd_init,
- .deinit = wrap_nettle_rnd_deinit,
- .rnd = wrap_nettle_rnd,
- .rnd_refresh = wrap_nettle_rnd_refresh,
+ .init = wrap_nettle_rnd_init,
+ .deinit = wrap_nettle_rnd_deinit,
+ .rnd = wrap_nettle_rnd,
+ .rnd_refresh = wrap_nettle_rnd_refresh,
};
diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c
index b8d232a25f..7a26c6b80f 100644
--- a/lib/opencdk/armor.c
+++ b/lib/opencdk/armor.c
@@ -43,431 +43,439 @@
#define CRCINIT 0xB704CE
static u32 crc_table[] = {
- 0x000000, 0x864CFB, 0x8AD50D, 0x0C99F6, 0x93E6E1, 0x15AA1A, 0x1933EC,
- 0x9F7F17, 0xA18139, 0x27CDC2, 0x2B5434, 0xAD18CF, 0x3267D8, 0xB42B23,
- 0xB8B2D5, 0x3EFE2E, 0xC54E89, 0x430272, 0x4F9B84, 0xC9D77F, 0x56A868,
- 0xD0E493, 0xDC7D65, 0x5A319E, 0x64CFB0, 0xE2834B, 0xEE1ABD, 0x685646,
- 0xF72951, 0x7165AA, 0x7DFC5C, 0xFBB0A7, 0x0CD1E9, 0x8A9D12, 0x8604E4,
- 0x00481F, 0x9F3708, 0x197BF3, 0x15E205, 0x93AEFE, 0xAD50D0, 0x2B1C2B,
- 0x2785DD, 0xA1C926, 0x3EB631, 0xB8FACA, 0xB4633C, 0x322FC7, 0xC99F60,
- 0x4FD39B, 0x434A6D, 0xC50696, 0x5A7981, 0xDC357A, 0xD0AC8C, 0x56E077,
- 0x681E59, 0xEE52A2, 0xE2CB54, 0x6487AF, 0xFBF8B8, 0x7DB443, 0x712DB5,
- 0xF7614E, 0x19A3D2, 0x9FEF29, 0x9376DF, 0x153A24, 0x8A4533, 0x0C09C8,
- 0x00903E, 0x86DCC5, 0xB822EB, 0x3E6E10, 0x32F7E6, 0xB4BB1D, 0x2BC40A,
- 0xAD88F1, 0xA11107, 0x275DFC, 0xDCED5B, 0x5AA1A0, 0x563856, 0xD074AD,
- 0x4F0BBA, 0xC94741, 0xC5DEB7, 0x43924C, 0x7D6C62, 0xFB2099, 0xF7B96F,
- 0x71F594, 0xEE8A83, 0x68C678, 0x645F8E, 0xE21375, 0x15723B, 0x933EC0,
- 0x9FA736, 0x19EBCD, 0x8694DA, 0x00D821, 0x0C41D7, 0x8A0D2C, 0xB4F302,
- 0x32BFF9, 0x3E260F, 0xB86AF4, 0x2715E3, 0xA15918, 0xADC0EE, 0x2B8C15,
- 0xD03CB2, 0x567049, 0x5AE9BF, 0xDCA544, 0x43DA53, 0xC596A8, 0xC90F5E,
- 0x4F43A5, 0x71BD8B, 0xF7F170, 0xFB6886, 0x7D247D, 0xE25B6A, 0x641791,
- 0x688E67, 0xEEC29C, 0x3347A4, 0xB50B5F, 0xB992A9, 0x3FDE52, 0xA0A145,
- 0x26EDBE, 0x2A7448, 0xAC38B3, 0x92C69D, 0x148A66, 0x181390, 0x9E5F6B,
- 0x01207C, 0x876C87, 0x8BF571, 0x0DB98A, 0xF6092D, 0x7045D6, 0x7CDC20,
- 0xFA90DB, 0x65EFCC, 0xE3A337, 0xEF3AC1, 0x69763A, 0x578814, 0xD1C4EF,
- 0xDD5D19, 0x5B11E2, 0xC46EF5, 0x42220E, 0x4EBBF8, 0xC8F703, 0x3F964D,
- 0xB9DAB6, 0xB54340, 0x330FBB, 0xAC70AC, 0x2A3C57, 0x26A5A1, 0xA0E95A,
- 0x9E1774, 0x185B8F, 0x14C279, 0x928E82, 0x0DF195, 0x8BBD6E, 0x872498,
- 0x016863, 0xFAD8C4, 0x7C943F, 0x700DC9, 0xF64132, 0x693E25, 0xEF72DE,
- 0xE3EB28, 0x65A7D3, 0x5B59FD, 0xDD1506, 0xD18CF0, 0x57C00B, 0xC8BF1C,
- 0x4EF3E7, 0x426A11, 0xC426EA, 0x2AE476, 0xACA88D, 0xA0317B, 0x267D80,
- 0xB90297, 0x3F4E6C, 0x33D79A, 0xB59B61, 0x8B654F, 0x0D29B4, 0x01B042,
- 0x87FCB9, 0x1883AE, 0x9ECF55, 0x9256A3, 0x141A58, 0xEFAAFF, 0x69E604,
- 0x657FF2, 0xE33309, 0x7C4C1E, 0xFA00E5, 0xF69913, 0x70D5E8, 0x4E2BC6,
- 0xC8673D, 0xC4FECB, 0x42B230, 0xDDCD27, 0x5B81DC, 0x57182A, 0xD154D1,
- 0x26359F, 0xA07964, 0xACE092, 0x2AAC69, 0xB5D37E, 0x339F85, 0x3F0673,
- 0xB94A88, 0x87B4A6, 0x01F85D, 0x0D61AB, 0x8B2D50, 0x145247, 0x921EBC,
- 0x9E874A, 0x18CBB1, 0xE37B16, 0x6537ED, 0x69AE1B, 0xEFE2E0, 0x709DF7,
- 0xF6D10C, 0xFA48FA, 0x7C0401, 0x42FA2F, 0xC4B6D4, 0xC82F22, 0x4E63D9,
- 0xD11CCE, 0x575035, 0x5BC9C3, 0xDD8538
+ 0x000000, 0x864CFB, 0x8AD50D, 0x0C99F6, 0x93E6E1, 0x15AA1A,
+ 0x1933EC,
+ 0x9F7F17, 0xA18139, 0x27CDC2, 0x2B5434, 0xAD18CF, 0x3267D8,
+ 0xB42B23,
+ 0xB8B2D5, 0x3EFE2E, 0xC54E89, 0x430272, 0x4F9B84, 0xC9D77F,
+ 0x56A868,
+ 0xD0E493, 0xDC7D65, 0x5A319E, 0x64CFB0, 0xE2834B, 0xEE1ABD,
+ 0x685646,
+ 0xF72951, 0x7165AA, 0x7DFC5C, 0xFBB0A7, 0x0CD1E9, 0x8A9D12,
+ 0x8604E4,
+ 0x00481F, 0x9F3708, 0x197BF3, 0x15E205, 0x93AEFE, 0xAD50D0,
+ 0x2B1C2B,
+ 0x2785DD, 0xA1C926, 0x3EB631, 0xB8FACA, 0xB4633C, 0x322FC7,
+ 0xC99F60,
+ 0x4FD39B, 0x434A6D, 0xC50696, 0x5A7981, 0xDC357A, 0xD0AC8C,
+ 0x56E077,
+ 0x681E59, 0xEE52A2, 0xE2CB54, 0x6487AF, 0xFBF8B8, 0x7DB443,
+ 0x712DB5,
+ 0xF7614E, 0x19A3D2, 0x9FEF29, 0x9376DF, 0x153A24, 0x8A4533,
+ 0x0C09C8,
+ 0x00903E, 0x86DCC5, 0xB822EB, 0x3E6E10, 0x32F7E6, 0xB4BB1D,
+ 0x2BC40A,
+ 0xAD88F1, 0xA11107, 0x275DFC, 0xDCED5B, 0x5AA1A0, 0x563856,
+ 0xD074AD,
+ 0x4F0BBA, 0xC94741, 0xC5DEB7, 0x43924C, 0x7D6C62, 0xFB2099,
+ 0xF7B96F,
+ 0x71F594, 0xEE8A83, 0x68C678, 0x645F8E, 0xE21375, 0x15723B,
+ 0x933EC0,
+ 0x9FA736, 0x19EBCD, 0x8694DA, 0x00D821, 0x0C41D7, 0x8A0D2C,
+ 0xB4F302,
+ 0x32BFF9, 0x3E260F, 0xB86AF4, 0x2715E3, 0xA15918, 0xADC0EE,
+ 0x2B8C15,
+ 0xD03CB2, 0x567049, 0x5AE9BF, 0xDCA544, 0x43DA53, 0xC596A8,
+ 0xC90F5E,
+ 0x4F43A5, 0x71BD8B, 0xF7F170, 0xFB6886, 0x7D247D, 0xE25B6A,
+ 0x641791,
+ 0x688E67, 0xEEC29C, 0x3347A4, 0xB50B5F, 0xB992A9, 0x3FDE52,
+ 0xA0A145,
+ 0x26EDBE, 0x2A7448, 0xAC38B3, 0x92C69D, 0x148A66, 0x181390,
+ 0x9E5F6B,
+ 0x01207C, 0x876C87, 0x8BF571, 0x0DB98A, 0xF6092D, 0x7045D6,
+ 0x7CDC20,
+ 0xFA90DB, 0x65EFCC, 0xE3A337, 0xEF3AC1, 0x69763A, 0x578814,
+ 0xD1C4EF,
+ 0xDD5D19, 0x5B11E2, 0xC46EF5, 0x42220E, 0x4EBBF8, 0xC8F703,
+ 0x3F964D,
+ 0xB9DAB6, 0xB54340, 0x330FBB, 0xAC70AC, 0x2A3C57, 0x26A5A1,
+ 0xA0E95A,
+ 0x9E1774, 0x185B8F, 0x14C279, 0x928E82, 0x0DF195, 0x8BBD6E,
+ 0x872498,
+ 0x016863, 0xFAD8C4, 0x7C943F, 0x700DC9, 0xF64132, 0x693E25,
+ 0xEF72DE,
+ 0xE3EB28, 0x65A7D3, 0x5B59FD, 0xDD1506, 0xD18CF0, 0x57C00B,
+ 0xC8BF1C,
+ 0x4EF3E7, 0x426A11, 0xC426EA, 0x2AE476, 0xACA88D, 0xA0317B,
+ 0x267D80,
+ 0xB90297, 0x3F4E6C, 0x33D79A, 0xB59B61, 0x8B654F, 0x0D29B4,
+ 0x01B042,
+ 0x87FCB9, 0x1883AE, 0x9ECF55, 0x9256A3, 0x141A58, 0xEFAAFF,
+ 0x69E604,
+ 0x657FF2, 0xE33309, 0x7C4C1E, 0xFA00E5, 0xF69913, 0x70D5E8,
+ 0x4E2BC6,
+ 0xC8673D, 0xC4FECB, 0x42B230, 0xDDCD27, 0x5B81DC, 0x57182A,
+ 0xD154D1,
+ 0x26359F, 0xA07964, 0xACE092, 0x2AAC69, 0xB5D37E, 0x339F85,
+ 0x3F0673,
+ 0xB94A88, 0x87B4A6, 0x01F85D, 0x0D61AB, 0x8B2D50, 0x145247,
+ 0x921EBC,
+ 0x9E874A, 0x18CBB1, 0xE37B16, 0x6537ED, 0x69AE1B, 0xEFE2E0,
+ 0x709DF7,
+ 0xF6D10C, 0xFA48FA, 0x7C0401, 0x42FA2F, 0xC4B6D4, 0xC82F22,
+ 0x4E63D9,
+ 0xD11CCE, 0x575035, 0x5BC9C3, 0xDD8538
};
static const char *armor_begin[] = {
- "BEGIN PGP MESSAGE",
- "BEGIN PGP PUBLIC KEY BLOCK",
- "BEGIN PGP PRIVATE KEY BLOCK",
- "BEGIN PGP SIGNATURE",
- NULL
+ "BEGIN PGP MESSAGE",
+ "BEGIN PGP PUBLIC KEY BLOCK",
+ "BEGIN PGP PRIVATE KEY BLOCK",
+ "BEGIN PGP SIGNATURE",
+ NULL
};
static const char *armor_end[] = {
- "END PGP MESSAGE",
- "END PGP PUBLIC KEY BLOCK",
- "END PGP PRIVATE KEY BLOCK",
- "END PGP SIGNATURE",
- NULL
+ "END PGP MESSAGE",
+ "END PGP PUBLIC KEY BLOCK",
+ "END PGP PRIVATE KEY BLOCK",
+ "END PGP SIGNATURE",
+ NULL
};
static const char *valid_headers[] = {
- "Comment",
- "Version",
- "MessageID",
- "Hash",
- "Charset",
- NULL
+ "Comment",
+ "Version",
+ "MessageID",
+ "Hash",
+ "Charset",
+ NULL
};
static char b64chars[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/* Return the compression algorithm in @r_zipalgo.
If the parameter is not set after execution,
the stream is not compressed. */
-static int
-compress_get_algo (cdk_stream_t inp, int *r_zipalgo)
+static int compress_get_algo(cdk_stream_t inp, int *r_zipalgo)
{
- byte plain[512];
- char buf[128];
- int nread, pkttype;
- size_t plain_size;
-
- *r_zipalgo = 0;
- cdk_stream_seek (inp, 0);
- while (!cdk_stream_eof (inp))
- {
- nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
- if (!nread || nread == -1)
- break;
- if (nread == 1 && !cdk_stream_eof (inp)
- && (nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1)) > 0)
- {
- plain_size = sizeof(plain);
- base64_decode (buf, nread, (char*)plain, &plain_size);
- if (!(*plain & 0x80))
- break;
- pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf);
- if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo)
- {
- _gnutls_buffers_log ("armor compressed (algo=%d)\n",
- *(plain + 1));
- *r_zipalgo = *(plain + 1);
- }
- break;
- }
- }
- return 0;
+ byte plain[512];
+ char buf[128];
+ int nread, pkttype;
+ size_t plain_size;
+
+ *r_zipalgo = 0;
+ cdk_stream_seek(inp, 0);
+ while (!cdk_stream_eof(inp)) {
+ nread = _cdk_stream_gets(inp, buf, DIM(buf) - 1);
+ if (!nread || nread == -1)
+ break;
+ if (nread == 1 && !cdk_stream_eof(inp)
+ && (nread =
+ _cdk_stream_gets(inp, buf, DIM(buf) - 1)) > 0) {
+ plain_size = sizeof(plain);
+ base64_decode(buf, nread, (char *) plain,
+ &plain_size);
+ if (!(*plain & 0x80))
+ break;
+ pkttype =
+ *plain & 0x40 ? (*plain & 0x3f)
+ : ((*plain >> 2) & 0xf);
+ if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo) {
+ _gnutls_buffers_log
+ ("armor compressed (algo=%d)\n",
+ *(plain + 1));
+ *r_zipalgo = *(plain + 1);
+ }
+ break;
+ }
+ }
+ return 0;
}
-static int
-check_armor (cdk_stream_t inp, int *r_zipalgo)
+static int check_armor(cdk_stream_t inp, int *r_zipalgo)
{
- char buf[4096];
- size_t nread;
- int check;
-
- check = 0;
- nread = cdk_stream_read (inp, buf, DIM (buf) - 1);
- if (nread > 0)
- {
- buf[nread] = '\0';
- if (strstr (buf, "-----BEGIN PGP"))
- {
- compress_get_algo (inp, r_zipalgo);
- check = 1;
- }
- cdk_stream_seek (inp, 0);
- }
- return check;
+ char buf[4096];
+ size_t nread;
+ int check;
+
+ check = 0;
+ nread = cdk_stream_read(inp, buf, DIM(buf) - 1);
+ if (nread > 0) {
+ buf[nread] = '\0';
+ if (strstr(buf, "-----BEGIN PGP")) {
+ compress_get_algo(inp, r_zipalgo);
+ check = 1;
+ }
+ cdk_stream_seek(inp, 0);
+ }
+ return check;
}
-static int
-is_armored (int ctb)
+static int is_armored(int ctb)
{
- int pkttype = 0;
-
- if (!(ctb & 0x80))
- {
- gnutls_assert ();
- return 1; /* invalid packet: assume it is armored */
- }
- pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb >> 2) & 0xf);
- switch (pkttype)
- {
- case CDK_PKT_MARKER:
- case CDK_PKT_ONEPASS_SIG:
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_PUBKEY_ENC:
- case CDK_PKT_SIGNATURE:
- case CDK_PKT_LITERAL:
- case CDK_PKT_COMPRESSED:
- return 0; /* seems to be a regular packet: not armored */
- }
- return 1;
+ int pkttype = 0;
+
+ if (!(ctb & 0x80)) {
+ gnutls_assert();
+ return 1; /* invalid packet: assume it is armored */
+ }
+ pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb >> 2) & 0xf);
+ switch (pkttype) {
+ case CDK_PKT_MARKER:
+ case CDK_PKT_ONEPASS_SIG:
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_PUBKEY_ENC:
+ case CDK_PKT_SIGNATURE:
+ case CDK_PKT_LITERAL:
+ case CDK_PKT_COMPRESSED:
+ return 0; /* seems to be a regular packet: not armored */
+ }
+ return 1;
}
-static u32
-update_crc (u32 crc, const byte * buf, size_t buflen)
+static u32 update_crc(u32 crc, const byte * buf, size_t buflen)
{
- unsigned int j;
+ unsigned int j;
- if (!crc)
- crc = CRCINIT;
+ if (!crc)
+ crc = CRCINIT;
- for (j = 0; j < buflen; j++)
- crc = (crc << 8) ^ crc_table[0xff & ((crc >> 16) ^ buf[j])];
- crc &= 0xffffff;
- return crc;
+ for (j = 0; j < buflen; j++)
+ crc =
+ (crc << 8) ^ crc_table[0xff & ((crc >> 16) ^ buf[j])];
+ crc &= 0xffffff;
+ return crc;
}
-static cdk_error_t
-armor_encode (void *data, FILE * in, FILE * out)
+static cdk_error_t armor_encode(void *data, FILE * in, FILE * out)
{
- armor_filter_t *afx = data;
- struct stat statbuf;
- char crcbuf[5], buf[128], raw[49];
- byte crcbuf2[3];
- size_t nread = 0;
- const char *lf;
-
- if (!afx)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (afx->idx < 0 || afx->idx > (int) DIM (armor_begin) ||
- afx->idx2 < 0 || afx->idx2 > (int) DIM (armor_end))
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- _gnutls_buffers_log ("armor filter: encode\n");
-
- memset (crcbuf, 0, sizeof (crcbuf));
-
- lf = afx->le ? afx->le : LF;
- fprintf (out, "-----%s-----%s", armor_begin[afx->idx], lf);
- fprintf (out, "Version: OpenPrivacy " PACKAGE_VERSION "%s", lf);
- if (afx->hdrlines)
- fwrite (afx->hdrlines, 1, strlen (afx->hdrlines), out);
- fprintf (out, "%s", lf);
-
- if (fstat (fileno (in), &statbuf))
- {
- gnutls_assert ();
- return CDK_General_Error;
- }
-
- while (!feof (in))
- {
- nread = fread (raw, 1, DIM (raw) - 1, in);
- if (!nread)
- break;
- if (ferror (in))
- {
- gnutls_assert ();
- return CDK_File_Error;
- }
- afx->crc = update_crc (afx->crc, (byte *) raw, nread);
- base64_encode (raw, nread, buf, DIM (buf) - 1);
- fprintf (out, "%s%s", buf, lf);
- }
-
- crcbuf2[0] = afx->crc >> 16;
- crcbuf2[1] = afx->crc >> 8;
- crcbuf2[2] = afx->crc;
- crcbuf[0] = b64chars[crcbuf2[0] >> 2];
- crcbuf[1] = b64chars[((crcbuf2[0] << 4) & 0x30) | (crcbuf2[1] >> 4)];
- crcbuf[2] = b64chars[((crcbuf2[1] << 2) & 0x3c) | (crcbuf2[2] >> 6)];
- crcbuf[3] = b64chars[crcbuf2[2] & 0x3f];
- fprintf (out, "=%s%s", crcbuf, lf);
- fprintf (out, "-----%s-----%s", armor_end[afx->idx2], lf);
-
- return 0;
+ armor_filter_t *afx = data;
+ struct stat statbuf;
+ char crcbuf[5], buf[128], raw[49];
+ byte crcbuf2[3];
+ size_t nread = 0;
+ const char *lf;
+
+ if (!afx) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (afx->idx < 0 || afx->idx > (int) DIM(armor_begin) ||
+ afx->idx2 < 0 || afx->idx2 > (int) DIM(armor_end)) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_buffers_log("armor filter: encode\n");
+
+ memset(crcbuf, 0, sizeof(crcbuf));
+
+ lf = afx->le ? afx->le : LF;
+ fprintf(out, "-----%s-----%s", armor_begin[afx->idx], lf);
+ fprintf(out, "Version: OpenPrivacy " PACKAGE_VERSION "%s", lf);
+ if (afx->hdrlines)
+ fwrite(afx->hdrlines, 1, strlen(afx->hdrlines), out);
+ fprintf(out, "%s", lf);
+
+ if (fstat(fileno(in), &statbuf)) {
+ gnutls_assert();
+ return CDK_General_Error;
+ }
+
+ while (!feof(in)) {
+ nread = fread(raw, 1, DIM(raw) - 1, in);
+ if (!nread)
+ break;
+ if (ferror(in)) {
+ gnutls_assert();
+ return CDK_File_Error;
+ }
+ afx->crc = update_crc(afx->crc, (byte *) raw, nread);
+ base64_encode(raw, nread, buf, DIM(buf) - 1);
+ fprintf(out, "%s%s", buf, lf);
+ }
+
+ crcbuf2[0] = afx->crc >> 16;
+ crcbuf2[1] = afx->crc >> 8;
+ crcbuf2[2] = afx->crc;
+ crcbuf[0] = b64chars[crcbuf2[0] >> 2];
+ crcbuf[1] =
+ b64chars[((crcbuf2[0] << 4) & 0x30) | (crcbuf2[1] >> 4)];
+ crcbuf[2] =
+ b64chars[((crcbuf2[1] << 2) & 0x3c) | (crcbuf2[2] >> 6)];
+ crcbuf[3] = b64chars[crcbuf2[2] & 0x3f];
+ fprintf(out, "=%s%s", crcbuf, lf);
+ fprintf(out, "-----%s-----%s", armor_end[afx->idx2], lf);
+
+ return 0;
}
-static int
-search_header (const char *buf, const char **array)
+static int search_header(const char *buf, const char **array)
{
- const char *s;
- int i;
-
- if (strlen (buf) < 5 || strncmp (buf, "-----", 5))
- {
- return -1;
- }
- for (i = 0; (s = array[i]); i++)
- {
- if (!strncmp (s, buf + 5, strlen (s)))
- return i;
- }
- return -1;
+ const char *s;
+ int i;
+
+ if (strlen(buf) < 5 || strncmp(buf, "-----", 5)) {
+ return -1;
+ }
+ for (i = 0; (s = array[i]); i++) {
+ if (!strncmp(s, buf + 5, strlen(s)))
+ return i;
+ }
+ return -1;
}
-static cdk_error_t
-armor_decode (void *data, FILE * in, FILE * out)
+static cdk_error_t armor_decode(void *data, FILE * in, FILE * out)
{
- armor_filter_t *afx = data;
- const char *s;
- char buf[127];
- byte raw[128], crcbuf[4];
- u32 crc2 = 0;
- ssize_t nread = 0;
- int i, pgp_data = 0;
- cdk_error_t rc = 0;
- int len;
- size_t raw_size, crcbuf_size;
-
- if (!afx)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- _gnutls_buffers_log ("armor filter: decode\n");
-
- fseek (in, 0, SEEK_SET);
- /* Search the begin of the message */
- while (!feof (in) && !pgp_data)
- {
- s = fgets (buf, DIM (buf) - 1, in);
- if (!s)
- break;
- afx->idx = search_header (buf, armor_begin);
- if (afx->idx >= 0)
- pgp_data = 1;
- }
-
- if (feof (in) || !pgp_data)
- {
- return CDK_Armor_Error; /* no data found */
- }
-
- /* Parse header until the empty line is reached */
- while (!feof (in))
- {
- s = fgets (buf, DIM (buf) - 1, in);
- if (!s)
- return CDK_EOF;
- if (strcmp (s, LF) == 0 || strcmp (s, ALTLF) == 0)
- {
- rc = 0;
- break; /* empty line */
- }
- /* From RFC2440: OpenPGP should consider improperly formatted Armor
- Headers to be corruption of the ASCII Armor. A colon and a single
- space separate the key and value. */
- if (!strstr (buf, ": "))
- {
- gnutls_assert ();
- return CDK_Armor_Error;
- }
- rc = CDK_General_Error;
- for (i = 0; (s = valid_headers[i]); i++)
- {
- if (!strncmp (s, buf, strlen (s)))
- rc = 0;
- }
- if (rc)
- {
- /* From RFC2440: Unknown keys should be reported to the user,
- but OpenPGP should continue to process the message. */
- _cdk_log_info ("unknown header: `%s'\n", buf);
- rc = 0;
- }
- }
-
- /* Read the data body */
- while (!feof (in))
- {
- s = fgets (buf, DIM (buf) - 1, in);
- if (!s)
- break;
-
- len = strlen(buf);
-
- if (len > 0 && buf[len - 1] == '\n')
- {
- len--;
- buf[len] = '\0';
- }
- if (len > 0 && buf[len - 1] == '\r')
- {
- len--;
- buf[len] = '\0';
- }
- if (buf[0] == '=' && strlen (s) == 5)
- { /* CRC */
- memset (crcbuf, 0, sizeof (crcbuf));
- crcbuf_size = sizeof(crcbuf);
- base64_decode (buf + 1, len-1, (char*)crcbuf, &crcbuf_size);
- crc2 = (crcbuf[0] << 16) | (crcbuf[1] << 8) | crcbuf[2];
- break; /* stop here */
- }
- else
- {
- raw_size = sizeof(raw);
- nread = base64_decode (buf, len, (char*)raw, &raw_size);
- if (nread == 0)
- break;
- afx->crc = update_crc (afx->crc, raw, raw_size);
- fwrite (raw, 1, raw_size, out);
- }
- }
-
- /* Search the tail of the message */
- s = fgets (buf, DIM (buf) - 1, in);
- if (s)
- {
- int len = strlen(buf);
- if (buf[len - 1] == '\n')
- {
- len--;
- buf[len] = '\0';
- }
- if (buf[len - 1] == '\r')
- {
- len--;
- buf[len] = '\0';
- }
- rc = CDK_General_Error;
- afx->idx2 = search_header (buf, armor_end);
- if (afx->idx2 >= 0)
- rc = 0;
- }
-
- /* This catches error when no tail was found or the header is
- different then the tail line. */
- if (rc || afx->idx != afx->idx2)
- rc = CDK_Armor_Error;
-
- afx->crc_okay = (afx->crc == crc2) ? 1 : 0;
- if (!afx->crc_okay && !rc)
- {
- _gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n",
- (unsigned int) crc2, (unsigned int) afx->crc);
- rc = CDK_Armor_CRC_Error;
- }
-
- return rc;
+ armor_filter_t *afx = data;
+ const char *s;
+ char buf[127];
+ byte raw[128], crcbuf[4];
+ u32 crc2 = 0;
+ ssize_t nread = 0;
+ int i, pgp_data = 0;
+ cdk_error_t rc = 0;
+ int len;
+ size_t raw_size, crcbuf_size;
+
+ if (!afx) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_buffers_log("armor filter: decode\n");
+
+ fseek(in, 0, SEEK_SET);
+ /* Search the begin of the message */
+ while (!feof(in) && !pgp_data) {
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (!s)
+ break;
+ afx->idx = search_header(buf, armor_begin);
+ if (afx->idx >= 0)
+ pgp_data = 1;
+ }
+
+ if (feof(in) || !pgp_data) {
+ return CDK_Armor_Error; /* no data found */
+ }
+
+ /* Parse header until the empty line is reached */
+ while (!feof(in)) {
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (!s)
+ return CDK_EOF;
+ if (strcmp(s, LF) == 0 || strcmp(s, ALTLF) == 0) {
+ rc = 0;
+ break; /* empty line */
+ }
+ /* From RFC2440: OpenPGP should consider improperly formatted Armor
+ Headers to be corruption of the ASCII Armor. A colon and a single
+ space separate the key and value. */
+ if (!strstr(buf, ": ")) {
+ gnutls_assert();
+ return CDK_Armor_Error;
+ }
+ rc = CDK_General_Error;
+ for (i = 0; (s = valid_headers[i]); i++) {
+ if (!strncmp(s, buf, strlen(s)))
+ rc = 0;
+ }
+ if (rc) {
+ /* From RFC2440: Unknown keys should be reported to the user,
+ but OpenPGP should continue to process the message. */
+ _cdk_log_info("unknown header: `%s'\n", buf);
+ rc = 0;
+ }
+ }
+
+ /* Read the data body */
+ while (!feof(in)) {
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (!s)
+ break;
+
+ len = strlen(buf);
+
+ if (len > 0 && buf[len - 1] == '\n') {
+ len--;
+ buf[len] = '\0';
+ }
+ if (len > 0 && buf[len - 1] == '\r') {
+ len--;
+ buf[len] = '\0';
+ }
+ if (buf[0] == '=' && strlen(s) == 5) { /* CRC */
+ memset(crcbuf, 0, sizeof(crcbuf));
+ crcbuf_size = sizeof(crcbuf);
+ base64_decode(buf + 1, len - 1, (char *) crcbuf,
+ &crcbuf_size);
+ crc2 =
+ (crcbuf[0] << 16) | (crcbuf[1] << 8) |
+ crcbuf[2];
+ break; /* stop here */
+ } else {
+ raw_size = sizeof(raw);
+ nread =
+ base64_decode(buf, len, (char *) raw,
+ &raw_size);
+ if (nread == 0)
+ break;
+ afx->crc = update_crc(afx->crc, raw, raw_size);
+ fwrite(raw, 1, raw_size, out);
+ }
+ }
+
+ /* Search the tail of the message */
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (s) {
+ int len = strlen(buf);
+ if (buf[len - 1] == '\n') {
+ len--;
+ buf[len] = '\0';
+ }
+ if (buf[len - 1] == '\r') {
+ len--;
+ buf[len] = '\0';
+ }
+ rc = CDK_General_Error;
+ afx->idx2 = search_header(buf, armor_end);
+ if (afx->idx2 >= 0)
+ rc = 0;
+ }
+
+ /* This catches error when no tail was found or the header is
+ different then the tail line. */
+ if (rc || afx->idx != afx->idx2)
+ rc = CDK_Armor_Error;
+
+ afx->crc_okay = (afx->crc == crc2) ? 1 : 0;
+ if (!afx->crc_okay && !rc) {
+ _gnutls_buffers_log("file crc=%08X afx_crc=%08X\n",
+ (unsigned int) crc2,
+ (unsigned int) afx->crc);
+ rc = CDK_Armor_CRC_Error;
+ }
+
+ return rc;
}
-int
-_cdk_filter_armor (void *data, int ctl, FILE * in, FILE * out)
+int _cdk_filter_armor(void *data, int ctl, FILE * in, FILE * out)
{
- if (ctl == STREAMCTL_READ)
- return armor_decode (data, in, out);
- else if (ctl == STREAMCTL_WRITE)
- return armor_encode (data, in, out);
- else if (ctl == STREAMCTL_FREE)
- {
- armor_filter_t *afx = data;
- if (afx)
- {
- _gnutls_buffers_log ("free armor filter\n");
- afx->idx = afx->idx2 = 0;
- afx->crc = afx->crc_okay = 0;
- return 0;
- }
- }
-
- gnutls_assert ();
- return CDK_Inv_Mode;
+ if (ctl == STREAMCTL_READ)
+ return armor_decode(data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return armor_encode(data, in, out);
+ else if (ctl == STREAMCTL_FREE) {
+ armor_filter_t *afx = data;
+ if (afx) {
+ _gnutls_buffers_log("free armor filter\n");
+ afx->idx = afx->idx2 = 0;
+ afx->crc = afx->crc_okay = 0;
+ return 0;
+ }
+ }
+
+ gnutls_assert();
+ return CDK_Inv_Mode;
}
@@ -485,90 +493,83 @@ _cdk_filter_armor (void *data, int ctl, FILE * in, FILE * out)
* not be contained in the size.
**/
cdk_error_t
-cdk_armor_encode_buffer (const byte * inbuf, size_t inlen,
- char *outbuf, size_t outlen,
- size_t * nwritten, int type)
+cdk_armor_encode_buffer(const byte * inbuf, size_t inlen,
+ char *outbuf, size_t outlen,
+ size_t * nwritten, int type)
{
- const char *head, *tail, *le;
- char tempbuf[48];
- char tempout[128];
- size_t pos, off, len, rest;
-
- if (!inbuf || !nwritten)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (type > CDK_ARMOR_SIGNATURE)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- head = armor_begin[type];
- tail = armor_end[type];
- le = LF;
- pos = strlen (head) + 10 + 2 + 2 + strlen (tail) + 10 + 2 + 5 + 2 + 1;
- /* The output data is 4/3 times larger, plus a line end for each line. */
- pos += (4 * inlen / 3) + 2 * (4 * inlen / 3 / 64) + 1;
-
- if (outbuf && outlen < pos)
- {
- gnutls_assert ();
- *nwritten = pos;
- return CDK_Too_Short;
- }
-
- /* Only return the size of the output. */
- if (!outbuf)
- {
- *nwritten = pos;
- return 0;
- }
-
- memset (outbuf, 0, outlen);
- memcpy (outbuf, "-----", 5);
- pos = 5;
- memcpy (outbuf + pos, head, strlen (head));
- pos += strlen (head);
- memcpy (outbuf + pos, "-----", 5);
- pos += 5;
- memcpy (outbuf + pos, le, strlen (le));
- pos += strlen (le);
- memcpy (outbuf + pos, le, strlen (le));
- pos += strlen (le);
- rest = inlen;
- for (off = 0; off < inlen;)
- {
- if (rest > 48)
- {
- memcpy (tempbuf, inbuf + off, 48);
- off += 48;
- len = 48;
- }
- else
- {
- memcpy (tempbuf, inbuf + off, rest);
- off += rest;
- len = rest;
- }
- rest -= len;
- base64_encode (tempbuf, len, tempout, DIM (tempout) - 1);
- memcpy (outbuf + pos, tempout, strlen (tempout));
- pos += strlen (tempout);
- memcpy (outbuf + pos, le, strlen (le));
- pos += strlen (le);
- }
-
- memcpy (outbuf + pos, "-----", 5);
- pos += 5;
- memcpy (outbuf + pos, tail, strlen (tail));
- pos += strlen (tail);
- memcpy (outbuf + pos, "-----", 5);
- pos += 5;
- memcpy (outbuf + pos, le, strlen (le));
- pos += strlen (le);
- outbuf[pos] = 0;
- *nwritten = pos - 1;
- return 0;
+ const char *head, *tail, *le;
+ char tempbuf[48];
+ char tempout[128];
+ size_t pos, off, len, rest;
+
+ if (!inbuf || !nwritten) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (type > CDK_ARMOR_SIGNATURE) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ head = armor_begin[type];
+ tail = armor_end[type];
+ le = LF;
+ pos =
+ strlen(head) + 10 + 2 + 2 + strlen(tail) + 10 + 2 + 5 + 2 + 1;
+ /* The output data is 4/3 times larger, plus a line end for each line. */
+ pos += (4 * inlen / 3) + 2 * (4 * inlen / 3 / 64) + 1;
+
+ if (outbuf && outlen < pos) {
+ gnutls_assert();
+ *nwritten = pos;
+ return CDK_Too_Short;
+ }
+
+ /* Only return the size of the output. */
+ if (!outbuf) {
+ *nwritten = pos;
+ return 0;
+ }
+
+ memset(outbuf, 0, outlen);
+ memcpy(outbuf, "-----", 5);
+ pos = 5;
+ memcpy(outbuf + pos, head, strlen(head));
+ pos += strlen(head);
+ memcpy(outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy(outbuf + pos, le, strlen(le));
+ pos += strlen(le);
+ memcpy(outbuf + pos, le, strlen(le));
+ pos += strlen(le);
+ rest = inlen;
+ for (off = 0; off < inlen;) {
+ if (rest > 48) {
+ memcpy(tempbuf, inbuf + off, 48);
+ off += 48;
+ len = 48;
+ } else {
+ memcpy(tempbuf, inbuf + off, rest);
+ off += rest;
+ len = rest;
+ }
+ rest -= len;
+ base64_encode(tempbuf, len, tempout, DIM(tempout) - 1);
+ memcpy(outbuf + pos, tempout, strlen(tempout));
+ pos += strlen(tempout);
+ memcpy(outbuf + pos, le, strlen(le));
+ pos += strlen(le);
+ }
+
+ memcpy(outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy(outbuf + pos, tail, strlen(tail));
+ pos += strlen(tail);
+ memcpy(outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy(outbuf + pos, le, strlen(le));
+ pos += strlen(le);
+ outbuf[pos] = 0;
+ *nwritten = pos - 1;
+ return 0;
}
diff --git a/lib/opencdk/context.h b/lib/opencdk/context.h
index e0b747cfe4..ba17d24d29 100644
--- a/lib/opencdk/context.h
+++ b/lib/opencdk/context.h
@@ -25,115 +25,99 @@
#include "types.h"
-struct cdk_listkey_s
-{
- unsigned init:1;
- cdk_stream_t inp;
- cdk_keydb_hd_t db;
- int type;
- union
- {
- char *patt;
- cdk_strlist_t fpatt;
- } u;
- cdk_strlist_t t;
+struct cdk_listkey_s {
+ unsigned init:1;
+ cdk_stream_t inp;
+ cdk_keydb_hd_t db;
+ int type;
+ union {
+ char *patt;
+ cdk_strlist_t fpatt;
+ } u;
+ cdk_strlist_t t;
};
-struct cdk_s2k_s
-{
- int mode;
- byte hash_algo;
- byte salt[8];
- u32 count;
+struct cdk_s2k_s {
+ int mode;
+ byte hash_algo;
+ byte salt[8];
+ u32 count;
};
-struct cdk_ctx_s
-{
- int cipher_algo;
- int digest_algo;
- struct
- {
- int algo;
- int level;
- } compress;
- struct
- {
- int mode;
- int digest_algo;
- } _s2k;
- struct
- {
- unsigned blockmode:1;
- unsigned armor:1;
- unsigned textmode:1;
- unsigned compress:1;
- unsigned mdc:1;
- unsigned overwrite;
- unsigned force_digest:1;
- } opt;
- struct
- {
- cdk_pkt_seckey_t sk;
- unsigned on:1;
- } cache;
- struct
- {
- cdk_keydb_hd_t sec;
- cdk_keydb_hd_t pub;
- unsigned int close_db:1;
- } db;
- char *(*passphrase_cb) (void *uint8_t, const char *prompt);
- void *passphrase_cb_value;
+struct cdk_ctx_s {
+ int cipher_algo;
+ int digest_algo;
+ struct {
+ int algo;
+ int level;
+ } compress;
+ struct {
+ int mode;
+ int digest_algo;
+ } _s2k;
+ struct {
+ unsigned blockmode:1;
+ unsigned armor:1;
+ unsigned textmode:1;
+ unsigned compress:1;
+ unsigned mdc:1;
+ unsigned overwrite;
+ unsigned force_digest:1;
+ } opt;
+ struct {
+ cdk_pkt_seckey_t sk;
+ unsigned on:1;
+ } cache;
+ struct {
+ cdk_keydb_hd_t sec;
+ cdk_keydb_hd_t pub;
+ unsigned int close_db:1;
+ } db;
+ char *(*passphrase_cb) (void *uint8_t, const char *prompt);
+ void *passphrase_cb_value;
};
-struct cdk_prefitem_s
-{
- byte type;
- byte value;
+struct cdk_prefitem_s {
+ byte type;
+ byte value;
};
-struct cdk_desig_revoker_s
-{
- struct cdk_desig_revoker_s *next;
- byte r_class;
- byte algid;
- byte fpr[KEY_FPR_LEN];
+struct cdk_desig_revoker_s {
+ struct cdk_desig_revoker_s *next;
+ byte r_class;
+ byte algid;
+ byte fpr[KEY_FPR_LEN];
};
-struct cdk_subpkt_s
-{
- struct cdk_subpkt_s *next;
- u32 size;
- byte type;
- byte *d;
+struct cdk_subpkt_s {
+ struct cdk_subpkt_s *next;
+ u32 size;
+ byte type;
+ byte *d;
};
-struct cdk_keylist_s
-{
- struct cdk_keylist_s *next;
- union
- {
- cdk_pkt_pubkey_t pk;
- cdk_pkt_seckey_t sk;
- } key;
- int version;
- int type;
+struct cdk_keylist_s {
+ struct cdk_keylist_s *next;
+ union {
+ cdk_pkt_pubkey_t pk;
+ cdk_pkt_seckey_t sk;
+ } key;
+ int version;
+ int type;
};
-struct cdk_dek_s
-{
- int algo;
- int keylen;
- int use_mdc;
- byte key[32]; /* 256-bit */
+struct cdk_dek_s {
+ int algo;
+ int keylen;
+ int use_mdc;
+ byte key[32]; /* 256-bit */
};
-struct cdk_strlist_s
-{
- struct cdk_strlist_s *next;
- char *d;
+struct cdk_strlist_s {
+ struct cdk_strlist_s *next;
+ char *d;
};
-#endif /* CDK_CONTEXT_H */
+#endif /* CDK_CONTEXT_H */
diff --git a/lib/opencdk/filters.h b/lib/opencdk/filters.h
index 4a26f7a85c..e5a96d54ad 100644
--- a/lib/opencdk/filters.h
+++ b/lib/opencdk/filters.h
@@ -23,87 +23,80 @@
#ifndef CDK_FILTERS_H
#define CDK_FILTERS_H
-enum
-{
- STREAMCTL_READ = 0,
- STREAMCTL_WRITE = 1,
- STREAMCTL_FREE = 2
+enum {
+ STREAMCTL_READ = 0,
+ STREAMCTL_WRITE = 1,
+ STREAMCTL_FREE = 2
};
-typedef struct
-{
- cipher_hd_st hd;
- digest_hd_st mdc;
- int mdc_method;
- u32 datalen;
- struct
- {
- size_t on;
- off_t size;
- off_t nleft;
- } blkmode;
- cdk_stream_t s;
+typedef struct {
+ cipher_hd_st hd;
+ digest_hd_st mdc;
+ int mdc_method;
+ u32 datalen;
+ struct {
+ size_t on;
+ off_t size;
+ off_t nleft;
+ } blkmode;
+ cdk_stream_t s;
} cipher_filter_t;
-typedef struct
-{
- int digest_algo;
- digest_hd_st md;
- int md_initialized;
+typedef struct {
+ int digest_algo;
+ digest_hd_st md;
+ int md_initialized;
} md_filter_t;
-typedef struct
-{
- const char *le; /* line endings */
- const char *hdrlines;
- u32 crc;
- int crc_okay;
- int idx, idx2;
+typedef struct {
+ const char *le; /* line endings */
+ const char *hdrlines;
+ u32 crc;
+ int crc_okay;
+ int idx, idx2;
} armor_filter_t;
-typedef struct
-{
- cdk_lit_format_t mode;
- char *orig_filename; /* This original name of the input file. */
- char *filename;
- digest_hd_st md;
- int md_initialized;
- struct
- {
- size_t on;
- off_t size;
- } blkmode;
+typedef struct {
+ cdk_lit_format_t mode;
+ char *orig_filename; /* This original name of the input file. */
+ char *filename;
+ digest_hd_st md;
+ int md_initialized;
+ struct {
+ size_t on;
+ off_t size;
+ } blkmode;
} literal_filter_t;
-typedef struct
-{
- size_t inbufsize;
- byte inbuf[8192];
- size_t outbufsize;
- byte outbuf[8192];
- int algo; /* compress algo */
- int level;
+typedef struct {
+ size_t inbufsize;
+ byte inbuf[8192];
+ size_t outbufsize;
+ byte outbuf[8192];
+ int algo; /* compress algo */
+ int level;
} compress_filter_t;
-typedef struct
-{
- const char *lf;
+typedef struct {
+ const char *lf;
} text_filter_t;
/*-- armor.c -*/
-int _cdk_filter_armor (void *uint8_t, int ctl, FILE * in, FILE * out);
+int _cdk_filter_armor(void *uint8_t, int ctl, FILE * in, FILE * out);
/*-- cipher.c --*/
-cdk_error_t _cdk_filter_hash (void *uint8_t, int ctl, FILE * in, FILE * out);
-cdk_error_t _cdk_filter_cipher (void *uint8_t, int ctl, FILE * in, FILE * out);
+cdk_error_t _cdk_filter_hash(void *uint8_t, int ctl, FILE * in,
+ FILE * out);
+cdk_error_t _cdk_filter_cipher(void *uint8_t, int ctl, FILE * in,
+ FILE * out);
/*-- literal.c --*/
-int _cdk_filter_literal (void *uint8_t, int ctl, FILE * in, FILE * out);
-int _cdk_filter_text (void *uint8_t, int ctl, FILE * in, FILE * out);
+int _cdk_filter_literal(void *uint8_t, int ctl, FILE * in, FILE * out);
+int _cdk_filter_text(void *uint8_t, int ctl, FILE * in, FILE * out);
/*-- compress.c --*/
-cdk_error_t _cdk_filter_compress (void *uint8_t, int ctl,
- FILE * in, FILE * out);
+cdk_error_t _cdk_filter_compress(void *uint8_t, int ctl,
+ FILE * in, FILE * out);
-#endif /* CDK_FILTERS_H */
+#endif /* CDK_FILTERS_H */
diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c
index 2b6f8bd20a..b09c64a804 100644
--- a/lib/opencdk/kbnode.c
+++ b/lib/opencdk/kbnode.c
@@ -38,26 +38,24 @@
*
* Allocates a new key node and adds a packet.
**/
-cdk_kbnode_t
-cdk_kbnode_new (cdk_packet_t pkt)
+cdk_kbnode_t cdk_kbnode_new(cdk_packet_t pkt)
{
- cdk_kbnode_t n;
+ cdk_kbnode_t n;
- n = cdk_calloc (1, sizeof *n);
- if (!n)
- return NULL;
- n->pkt = pkt;
- return n;
+ n = cdk_calloc(1, sizeof *n);
+ if (!n)
+ return NULL;
+ n->pkt = pkt;
+ return n;
}
-void
-_cdk_kbnode_clone (cdk_kbnode_t node)
+void _cdk_kbnode_clone(cdk_kbnode_t node)
{
- /* Mark the node as clone which means that the packet
- will not be freed, just the node itself. */
- if (node)
- node->is_cloned = 1;
+ /* Mark the node as clone which means that the packet
+ will not be freed, just the node itself. */
+ if (node)
+ node->is_cloned = 1;
}
@@ -67,19 +65,17 @@ _cdk_kbnode_clone (cdk_kbnode_t node)
*
* Releases the memory of the node.
**/
-void
-cdk_kbnode_release (cdk_kbnode_t node)
+void cdk_kbnode_release(cdk_kbnode_t node)
{
- cdk_kbnode_t n2;
-
- while (node)
- {
- n2 = node->next;
- if (!node->is_cloned)
- cdk_pkt_release (node->pkt);
- cdk_free (node);
- node = n2;
- }
+ cdk_kbnode_t n2;
+
+ while (node) {
+ n2 = node->next;
+ if (!node->is_cloned)
+ cdk_pkt_release(node->pkt);
+ cdk_free(node);
+ node = n2;
+ }
}
@@ -89,23 +85,20 @@ cdk_kbnode_release (cdk_kbnode_t node)
*
* Marks the given node as deleted.
**/
-void
-cdk_kbnode_delete (cdk_kbnode_t node)
+void cdk_kbnode_delete(cdk_kbnode_t node)
{
- if (node)
- node->is_deleted = 1;
+ if (node)
+ node->is_deleted = 1;
}
/* Append NODE to ROOT. ROOT must exist! */
-void
-_cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node)
+void _cdk_kbnode_add(cdk_kbnode_t root, cdk_kbnode_t node)
{
- cdk_kbnode_t n1;
+ cdk_kbnode_t n1;
- for (n1 = root; n1->next; n1 = n1->next)
- ;
- n1->next = node;
+ for (n1 = root; n1->next; n1 = n1->next);
+ n1->next = node;
}
@@ -119,29 +112,25 @@ _cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node)
* type @pkttype (only if @pkttype != 0).
**/
void
-cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype)
+cdk_kbnode_insert(cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype)
{
- if (!pkttype)
- {
- node->next = root->next;
- root->next = node;
- }
- else
- {
- cdk_kbnode_t n1;
-
- for (n1 = root; n1->next; n1 = n1->next)
- if (pkttype != n1->next->pkt->pkttype)
- {
- node->next = n1->next;
- n1->next = node;
- return;
- }
- /* No such packet, append */
- node->next = NULL;
- n1->next = node;
- }
+ if (!pkttype) {
+ node->next = root->next;
+ root->next = node;
+ } else {
+ cdk_kbnode_t n1;
+
+ for (n1 = root; n1->next; n1 = n1->next)
+ if (pkttype != n1->next->pkt->pkttype) {
+ node->next = n1->next;
+ n1->next = node;
+ return;
+ }
+ /* No such packet, append */
+ node->next = NULL;
+ n1->next = node;
+ }
}
@@ -155,17 +144,16 @@ cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
* with pkttype @pkttype in the list starting with @root of @node.
**/
cdk_kbnode_t
-cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype)
+cdk_kbnode_find_prev(cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype)
{
- cdk_kbnode_t n1;
-
- for (n1 = NULL; root && root != node; root = root->next)
- {
- if (!pkttype || root->pkt->pkttype == pkttype)
- n1 = root;
- }
- return n1;
+ cdk_kbnode_t n1;
+
+ for (n1 = NULL; root && root != node; root = root->next) {
+ if (!pkttype || root->pkt->pkttype == pkttype)
+ n1 = root;
+ }
+ return n1;
}
@@ -182,25 +170,24 @@ cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
* a user-id.
**/
cdk_kbnode_t
-cdk_kbnode_find_next (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+cdk_kbnode_find_next(cdk_kbnode_t node, cdk_packet_type_t pkttype)
{
- for (node = node->next; node; node = node->next)
- {
- if (!pkttype)
- return node;
- else if (pkttype == CDK_PKT_USER_ID &&
- (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY))
- return NULL;
- else if (pkttype == CDK_PKT_SIGNATURE &&
- (node->pkt->pkttype == CDK_PKT_USER_ID ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY))
- return NULL;
- else if (node->pkt->pkttype == pkttype)
- return node;
- }
- return NULL;
+ for (node = node->next; node; node = node->next) {
+ if (!pkttype)
+ return node;
+ else if (pkttype == CDK_PKT_USER_ID &&
+ (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY))
+ return NULL;
+ else if (pkttype == CDK_PKT_SIGNATURE &&
+ (node->pkt->pkttype == CDK_PKT_USER_ID ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY))
+ return NULL;
+ else if (node->pkt->pkttype == pkttype)
+ return node;
+ }
+ return NULL;
}
@@ -211,15 +198,13 @@ cdk_kbnode_find_next (cdk_kbnode_t node, cdk_packet_type_t pkttype)
*
* Tries to find the next node with the packettype @pkttype.
**/
-cdk_kbnode_t
-cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+cdk_kbnode_t cdk_kbnode_find(cdk_kbnode_t node, cdk_packet_type_t pkttype)
{
- for (; node; node = node->next)
- {
- if (node->pkt->pkttype == pkttype)
- return node;
- }
- return NULL;
+ for (; node; node = node->next) {
+ if (node->pkt->pkttype == pkttype)
+ return node;
+ }
+ return NULL;
}
@@ -231,12 +216,12 @@ cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype)
* Same as cdk_kbnode_find but it returns the packet instead of the node.
**/
cdk_packet_t
-cdk_kbnode_find_packet (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+cdk_kbnode_find_packet(cdk_kbnode_t node, cdk_packet_type_t pkttype)
{
- cdk_kbnode_t res;
+ cdk_kbnode_t res;
- res = cdk_kbnode_find (node, pkttype);
- return res ? res->pkt : NULL;
+ res = cdk_kbnode_find(node, pkttype);
+ return res ? res->pkt : NULL;
}
@@ -249,25 +234,21 @@ cdk_kbnode_find_packet (cdk_kbnode_t node, cdk_packet_type_t pkttype)
* to start with ROOT).
*/
cdk_kbnode_t
-cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx, int all)
+cdk_kbnode_walk(cdk_kbnode_t root, cdk_kbnode_t * ctx, int all)
{
- cdk_kbnode_t n;
-
- do
- {
- if (!*ctx)
- {
- *ctx = root;
- n = root;
- }
- else
- {
- n = (*ctx)->next;
- *ctx = n;
- }
- }
- while (!all && n && n->is_deleted);
- return n;
+ cdk_kbnode_t n;
+
+ do {
+ if (!*ctx) {
+ *ctx = root;
+ n = root;
+ } else {
+ n = (*ctx)->next;
+ *ctx = n;
+ }
+ }
+ while (!all && n && n->is_deleted);
+ return n;
}
@@ -281,29 +262,25 @@ cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx, int all)
*
* Returns: true if any node has been changed
*/
-int
-cdk_kbnode_commit (cdk_kbnode_t * root)
+int cdk_kbnode_commit(cdk_kbnode_t * root)
{
- cdk_kbnode_t n, nl;
- int changed = 0;
-
- for (n = *root, nl = NULL; n; n = nl->next)
- {
- if (n->is_deleted)
- {
- if (n == *root)
- *root = nl = n->next;
- else
- nl->next = n->next;
- if (!n->is_cloned)
- cdk_pkt_release (n->pkt);
- cdk_free (n);
- changed = 1;
- }
- else
- nl = n;
- }
- return changed;
+ cdk_kbnode_t n, nl;
+ int changed = 0;
+
+ for (n = *root, nl = NULL; n; n = nl->next) {
+ if (n->is_deleted) {
+ if (n == *root)
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if (!n->is_cloned)
+ cdk_pkt_release(n->pkt);
+ cdk_free(n);
+ changed = 1;
+ } else
+ nl = n;
+ }
+ return changed;
}
@@ -314,26 +291,22 @@ cdk_kbnode_commit (cdk_kbnode_t * root)
*
* Removes a node from the root node.
*/
-void
-cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node)
+void cdk_kbnode_remove(cdk_kbnode_t * root, cdk_kbnode_t node)
{
- cdk_kbnode_t n, nl;
-
- for (n = *root, nl = NULL; n; n = nl->next)
- {
- if (n == node)
- {
- if (n == *root)
- *root = nl = n->next;
- else
- nl->next = n->next;
- if (!n->is_cloned)
- cdk_pkt_release (n->pkt);
- cdk_free (n);
- }
- else
- nl = n;
- }
+ cdk_kbnode_t n, nl;
+
+ for (n = *root, nl = NULL; n; n = nl->next) {
+ if (n == node) {
+ if (n == *root)
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if (!n->is_cloned)
+ cdk_pkt_release(n->pkt);
+ cdk_free(n);
+ } else
+ nl = n;
+ }
}
@@ -347,32 +320,30 @@ cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node)
* Moves NODE behind right after WHERE or to the beginning if WHERE is NULL.
*/
void
-cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node, cdk_kbnode_t where)
+cdk_kbnode_move(cdk_kbnode_t * root, cdk_kbnode_t node, cdk_kbnode_t where)
{
- cdk_kbnode_t tmp, prev;
-
- if (!root || !*root || !node)
- return;
- for (prev = *root; prev && prev->next != node; prev = prev->next)
- ;
- if (!prev)
- return; /* Node is not in the list */
-
- if (!where)
- { /* Move node before root */
- if (node == *root)
- return;
- prev->next = node->next;
- node->next = *root;
- *root = node;
- return;
- }
- if (node == where) /* Move it after where. */
- return;
- tmp = node->next;
- node->next = where->next;
- where->next = node;
- prev->next = tmp;
+ cdk_kbnode_t tmp, prev;
+
+ if (!root || !*root || !node)
+ return;
+ for (prev = *root; prev && prev->next != node; prev = prev->next);
+ if (!prev)
+ return; /* Node is not in the list */
+
+ if (!where) { /* Move node before root */
+ if (node == *root)
+ return;
+ prev->next = node->next;
+ node->next = *root;
+ *root = node;
+ return;
+ }
+ if (node == where) /* Move it after where. */
+ return;
+ tmp = node->next;
+ node->next = where->next;
+ where->next = node;
+ prev->next = tmp;
}
@@ -384,12 +355,11 @@ cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node, cdk_kbnode_t where)
*
* Returns: the packet which is stored inside the node in @node.
**/
-cdk_packet_t
-cdk_kbnode_get_packet (cdk_kbnode_t node)
+cdk_packet_t cdk_kbnode_get_packet(cdk_kbnode_t node)
{
- if (node)
- return node->pkt;
- return NULL;
+ if (node)
+ return node->pkt;
+ return NULL;
}
@@ -403,32 +373,31 @@ cdk_kbnode_get_packet (cdk_kbnode_t node)
* Tries to read a key node from the memory buffer @buf.
**/
cdk_error_t
-cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
- int armor,
- const byte * buf, size_t buflen)
+cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+ int armor, const byte * buf, size_t buflen)
{
- cdk_stream_t inp;
- cdk_error_t rc;
-
- if (!ret_node || !buf)
- return CDK_Inv_Value;
-
- *ret_node = NULL;
- if (!buflen)
- return gnutls_assert_val(CDK_Too_Short);
-
- rc = cdk_stream_tmp_from_mem (buf, buflen, &inp);
- if (rc)
- return gnutls_assert_val(rc);
-
- if (armor)
- cdk_stream_set_armor_flag (inp, 0);
-
- rc = cdk_keydb_get_keyblock (inp, ret_node);
- if (rc)
- gnutls_assert ();
- cdk_stream_close (inp);
- return rc;
+ cdk_stream_t inp;
+ cdk_error_t rc;
+
+ if (!ret_node || !buf)
+ return CDK_Inv_Value;
+
+ *ret_node = NULL;
+ if (!buflen)
+ return gnutls_assert_val(CDK_Too_Short);
+
+ rc = cdk_stream_tmp_from_mem(buf, buflen, &inp);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ if (armor)
+ cdk_stream_set_armor_flag(inp, 0);
+
+ rc = cdk_keydb_get_keyblock(inp, ret_node);
+ if (rc)
+ gnutls_assert();
+ cdk_stream_close(inp);
+ return rc;
}
@@ -442,56 +411,52 @@ cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
* it allocates the buffer to avoid the lengthy second run.
*/
cdk_error_t
-cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
- byte ** r_buf, size_t * r_buflen)
+cdk_kbnode_write_to_mem_alloc(cdk_kbnode_t node,
+ byte ** r_buf, size_t * r_buflen)
{
- cdk_kbnode_t n;
- cdk_stream_t s;
- cdk_error_t rc;
- size_t len;
-
- if (!node || !r_buf || !r_buflen)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- *r_buf = NULL;
- *r_buflen = 0;
-
- rc = cdk_stream_tmp_new (&s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- for (n = node; n; n = n->next)
- {
- /* Skip all packets which cannot occur in a key composition. */
- if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
- n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SIGNATURE &&
- n->pkt->pkttype != CDK_PKT_USER_ID &&
- n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
- continue;
- rc = cdk_pkt_write (s, n->pkt);
- if (rc)
- {
- cdk_stream_close (s);
- gnutls_assert ();
- return rc;
- }
- }
-
- cdk_stream_seek (s, 0);
- len = cdk_stream_get_length (s);
- *r_buf = cdk_calloc (1, len);
- *r_buflen = cdk_stream_read (s, *r_buf, len);
- cdk_stream_close (s);
- return 0;
+ cdk_kbnode_t n;
+ cdk_stream_t s;
+ cdk_error_t rc;
+ size_t len;
+
+ if (!node || !r_buf || !r_buflen) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ *r_buf = NULL;
+ *r_buflen = 0;
+
+ rc = cdk_stream_tmp_new(&s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ for (n = node; n; n = n->next) {
+ /* Skip all packets which cannot occur in a key composition. */
+ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SIGNATURE &&
+ n->pkt->pkttype != CDK_PKT_USER_ID &&
+ n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
+ continue;
+ rc = cdk_pkt_write(s, n->pkt);
+ if (rc) {
+ cdk_stream_close(s);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ cdk_stream_seek(s, 0);
+ len = cdk_stream_get_length(s);
+ *r_buf = cdk_calloc(1, len);
+ *r_buflen = cdk_stream_read(s, *r_buf, len);
+ cdk_stream_close(s);
+ return 0;
}
@@ -507,65 +472,59 @@ cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
* Whenever it is possible, the cdk_kbnode_write_to_mem_alloc should be used.
**/
cdk_error_t
-cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
+cdk_kbnode_write_to_mem(cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
{
- cdk_kbnode_t n;
- cdk_stream_t s;
- cdk_error_t rc;
- size_t len;
-
- if (!node || !r_nbytes)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = cdk_stream_tmp_new (&s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- for (n = node; n; n = n->next)
- {
- /* Skip all packets which cannot occur in a key composition. */
- if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
- n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SIGNATURE &&
- n->pkt->pkttype != CDK_PKT_USER_ID &&
- n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
- continue;
- rc = cdk_pkt_write (s, n->pkt);
- if (rc)
- {
- cdk_stream_close (s);
- gnutls_assert ();
- return rc;
- }
- }
-
- cdk_stream_seek (s, 0);
- len = cdk_stream_get_length (s);
- if (!buf)
- {
- *r_nbytes = len; /* Only return the length of the buffer */
- cdk_stream_close (s);
- return 0;
- }
- if (*r_nbytes < len)
- {
- *r_nbytes = len;
- rc = CDK_Too_Short;
- }
- if (!rc)
- *r_nbytes = cdk_stream_read (s, buf, len);
- else
- gnutls_assert ();
- cdk_stream_close (s);
- return rc;
+ cdk_kbnode_t n;
+ cdk_stream_t s;
+ cdk_error_t rc;
+ size_t len;
+
+ if (!node || !r_nbytes) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_stream_tmp_new(&s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ for (n = node; n; n = n->next) {
+ /* Skip all packets which cannot occur in a key composition. */
+ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SIGNATURE &&
+ n->pkt->pkttype != CDK_PKT_USER_ID &&
+ n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
+ continue;
+ rc = cdk_pkt_write(s, n->pkt);
+ if (rc) {
+ cdk_stream_close(s);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ cdk_stream_seek(s, 0);
+ len = cdk_stream_get_length(s);
+ if (!buf) {
+ *r_nbytes = len; /* Only return the length of the buffer */
+ cdk_stream_close(s);
+ return 0;
+ }
+ if (*r_nbytes < len) {
+ *r_nbytes = len;
+ rc = CDK_Too_Short;
+ }
+ if (!rc)
+ *r_nbytes = cdk_stream_read(s, buf, len);
+ else
+ gnutls_assert();
+ cdk_stream_close(s);
+ return rc;
}
@@ -583,49 +542,43 @@ cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
* is extracted from it.
**/
cdk_error_t
-cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4,
- cdk_packet_type_t pkttype, int flags)
+cdk_kbnode_hash(cdk_kbnode_t node, digest_hd_st * md, int is_v4,
+ cdk_packet_type_t pkttype, int flags)
{
- cdk_packet_t pkt;
-
- if (!node || !md)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!pkttype)
- {
- pkt = cdk_kbnode_get_packet (node);
- pkttype = pkt->pkttype;
- }
- else
- {
- pkt = cdk_kbnode_find_packet (node, pkttype);
- if (!pkt)
- {
- gnutls_assert ();
- return CDK_Inv_Packet;
- }
- }
-
- switch (pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- _cdk_hash_pubkey (pkt->pkt.public_key, md, flags & 1);
- break;
-
- case CDK_PKT_USER_ID:
- _cdk_hash_userid (pkt->pkt.user_id, is_v4, md);
- break;
-
- case CDK_PKT_SIGNATURE:
- _cdk_hash_sig_data (pkt->pkt.signature, md);
- break;
-
- default:
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- return 0;
+ cdk_packet_t pkt;
+
+ if (!node || !md) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!pkttype) {
+ pkt = cdk_kbnode_get_packet(node);
+ pkttype = pkt->pkttype;
+ } else {
+ pkt = cdk_kbnode_find_packet(node, pkttype);
+ if (!pkt) {
+ gnutls_assert();
+ return CDK_Inv_Packet;
+ }
+ }
+
+ switch (pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ _cdk_hash_pubkey(pkt->pkt.public_key, md, flags & 1);
+ break;
+
+ case CDK_PKT_USER_ID:
+ _cdk_hash_userid(pkt->pkt.user_id, is_v4, md);
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ _cdk_hash_sig_data(pkt->pkt.signature, md);
+ break;
+
+ default:
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ return 0;
}
diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
index fd43982c66..9724e8ad46 100644
--- a/lib/opencdk/keydb.c
+++ b/lib/opencdk/keydb.c
@@ -39,23 +39,23 @@
#define KEYID_CMP(a, b) ((a[0]) == (b[0]) && (a[1]) == (b[1]))
#define KEYDB_CACHE_ENTRIES 8
-static void keydb_cache_free (key_table_t cache);
-static int classify_data (const byte * buf, size_t len);
-static cdk_kbnode_t find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk);
+static void keydb_cache_free(key_table_t cache);
+static int classify_data(const byte * buf, size_t len);
+static cdk_kbnode_t find_selfsig_node(cdk_kbnode_t key,
+ cdk_pkt_pubkey_t pk);
-static char *
-keydb_idx_mkname (const char *file)
+static char *keydb_idx_mkname(const char *file)
{
- static const char *fmt = "%s.idx";
- char *fname;
- size_t len = strlen (file) + strlen (fmt);
-
- fname = cdk_calloc (1, len + 1);
- if (!fname)
- return NULL;
- if (snprintf (fname, len, fmt, file) <= 0)
- return NULL;
- return fname;
+ static const char *fmt = "%s.idx";
+ char *fname;
+ size_t len = strlen(file) + strlen(fmt);
+
+ fname = cdk_calloc(1, len + 1);
+ if (!fname)
+ return NULL;
+ if (snprintf(fname, len, fmt, file) <= 0)
+ return NULL;
+ return fname;
}
@@ -70,76 +70,71 @@ keydb_idx_mkname (const char *file)
We store the keyid and the fingerprint due to the fact we can't get
the keyid from a v3 fingerprint directly.
*/
-static cdk_error_t
-keydb_idx_build (const char *file)
+static cdk_error_t keydb_idx_build(const char *file)
{
- cdk_packet_t pkt;
- cdk_stream_t inp, out = NULL;
- byte buf[4 + 8 + KEY_FPR_LEN];
- char *idx_name;
- u32 keyid[2];
- cdk_error_t rc;
-
- if (!file)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = cdk_stream_open (file, &inp);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- idx_name = keydb_idx_mkname (file);
- if (!idx_name)
- {
- cdk_stream_close (inp);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- rc = cdk_stream_create (idx_name, &out);
- cdk_free (idx_name);
- if (rc)
- {
- cdk_stream_close (inp);
- gnutls_assert ();
- return rc;
- }
-
- cdk_pkt_new (&pkt);
- while (!cdk_stream_eof (inp))
- {
- off_t pos = cdk_stream_tell (inp);
-
- rc = cdk_pkt_read (inp, pkt);
- if (rc)
- {
- _cdk_log_debug ("index build failed packet off=%lu\n", (unsigned long)pos);
- /* FIXME: The index is incomplete */
- break;
- }
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- {
- _cdk_u32tobuf (pos, buf);
- cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
- _cdk_u32tobuf (keyid[0], buf + 4);
- _cdk_u32tobuf (keyid[1], buf + 8);
- cdk_pk_get_fingerprint (pkt->pkt.public_key, buf + 12);
- cdk_stream_write (out, buf, 4 + 8 + KEY_FPR_LEN);
- }
- cdk_pkt_free (pkt);
- }
-
- cdk_pkt_release (pkt);
-
- cdk_stream_close (out);
- cdk_stream_close (inp);
- gnutls_assert ();
- return rc;
+ cdk_packet_t pkt;
+ cdk_stream_t inp, out = NULL;
+ byte buf[4 + 8 + KEY_FPR_LEN];
+ char *idx_name;
+ u32 keyid[2];
+ cdk_error_t rc;
+
+ if (!file) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_stream_open(file, &inp);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ idx_name = keydb_idx_mkname(file);
+ if (!idx_name) {
+ cdk_stream_close(inp);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ rc = cdk_stream_create(idx_name, &out);
+ cdk_free(idx_name);
+ if (rc) {
+ cdk_stream_close(inp);
+ gnutls_assert();
+ return rc;
+ }
+
+ cdk_pkt_new(&pkt);
+ while (!cdk_stream_eof(inp)) {
+ off_t pos = cdk_stream_tell(inp);
+
+ rc = cdk_pkt_read(inp, pkt);
+ if (rc) {
+ _cdk_log_debug
+ ("index build failed packet off=%lu\n",
+ (unsigned long) pos);
+ /* FIXME: The index is incomplete */
+ break;
+ }
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) {
+ _cdk_u32tobuf(pos, buf);
+ cdk_pk_get_keyid(pkt->pkt.public_key, keyid);
+ _cdk_u32tobuf(keyid[0], buf + 4);
+ _cdk_u32tobuf(keyid[1], buf + 8);
+ cdk_pk_get_fingerprint(pkt->pkt.public_key,
+ buf + 12);
+ cdk_stream_write(out, buf, 4 + 8 + KEY_FPR_LEN);
+ }
+ cdk_pkt_free(pkt);
+ }
+
+ cdk_pkt_release(pkt);
+
+ cdk_stream_close(out);
+ cdk_stream_close(inp);
+ gnutls_assert();
+ return rc;
}
@@ -150,127 +145,113 @@ keydb_idx_build (const char *file)
* Rebuild the key index files for the given key database.
**/
cdk_error_t
-cdk_keydb_idx_rebuild (cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
+cdk_keydb_idx_rebuild(cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
{
- struct stat stbuf;
- char *tmp_idx_name;
- cdk_error_t rc;
- int err;
-
- if (!db || !db->name || !dbs)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (db->secret)
- return 0;
-
- tmp_idx_name = keydb_idx_mkname (db->name);
- if (!tmp_idx_name)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- err = stat (tmp_idx_name, &stbuf);
- cdk_free (tmp_idx_name);
- /* This function expects an existing index which can be rebuild,
- if no index exists we do not build one and just return. */
- if (err)
- return 0;
-
- cdk_stream_close (dbs->idx);
- dbs->idx = NULL;
- if (!dbs->idx_name)
- {
- dbs->idx_name = keydb_idx_mkname (db->name);
- if (!dbs->idx_name)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- }
- rc = keydb_idx_build (db->name);
- if (!rc)
- rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
- else
- gnutls_assert ();
- return rc;
+ struct stat stbuf;
+ char *tmp_idx_name;
+ cdk_error_t rc;
+ int err;
+
+ if (!db || !db->name || !dbs) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (db->secret)
+ return 0;
+
+ tmp_idx_name = keydb_idx_mkname(db->name);
+ if (!tmp_idx_name) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ err = stat(tmp_idx_name, &stbuf);
+ cdk_free(tmp_idx_name);
+ /* This function expects an existing index which can be rebuild,
+ if no index exists we do not build one and just return. */
+ if (err)
+ return 0;
+
+ cdk_stream_close(dbs->idx);
+ dbs->idx = NULL;
+ if (!dbs->idx_name) {
+ dbs->idx_name = keydb_idx_mkname(db->name);
+ if (!dbs->idx_name) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ }
+ rc = keydb_idx_build(db->name);
+ if (!rc)
+ rc = cdk_stream_open(dbs->idx_name, &dbs->idx);
+ else
+ gnutls_assert();
+ return rc;
}
-static cdk_error_t
-keydb_idx_parse (cdk_stream_t inp, key_idx_t * r_idx)
+static cdk_error_t keydb_idx_parse(cdk_stream_t inp, key_idx_t * r_idx)
{
- key_idx_t idx;
- byte buf[4];
-
- if (!inp || !r_idx)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- idx = cdk_calloc (1, sizeof *idx);
- if (!idx)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
- while (!cdk_stream_eof (inp))
- {
- if (cdk_stream_read (inp, buf, 4) == CDK_EOF)
- break;
- idx->offset = _cdk_buftou32 (buf);
- cdk_stream_read (inp, buf, 4);
- idx->keyid[0] = _cdk_buftou32 (buf);
- cdk_stream_read (inp, buf, 4);
- idx->keyid[1] = _cdk_buftou32 (buf);
- cdk_stream_read (inp, idx->fpr, KEY_FPR_LEN);
- break;
- }
- *r_idx = idx;
- return cdk_stream_eof (inp) ? CDK_EOF : 0;
+ key_idx_t idx;
+ byte buf[4];
+
+ if (!inp || !r_idx) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ idx = cdk_calloc(1, sizeof *idx);
+ if (!idx) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+
+ while (!cdk_stream_eof(inp)) {
+ if (cdk_stream_read(inp, buf, 4) == CDK_EOF)
+ break;
+ idx->offset = _cdk_buftou32(buf);
+ cdk_stream_read(inp, buf, 4);
+ idx->keyid[0] = _cdk_buftou32(buf);
+ cdk_stream_read(inp, buf, 4);
+ idx->keyid[1] = _cdk_buftou32(buf);
+ cdk_stream_read(inp, idx->fpr, KEY_FPR_LEN);
+ break;
+ }
+ *r_idx = idx;
+ return cdk_stream_eof(inp) ? CDK_EOF : 0;
}
static cdk_error_t
-keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
- off_t * r_off)
+keydb_idx_search(cdk_stream_t inp, u32 * keyid, const byte * fpr,
+ off_t * r_off)
{
- key_idx_t idx;
-
- if (!inp || !r_off)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if ((keyid && fpr) || (!keyid && !fpr))
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- /* We need an initialize the offset var with a value
- because it might be possible the returned offset will
- be 0 and then we cannot differ between the begin and an EOF. */
- *r_off = 0xFFFFFFFF;
- cdk_stream_seek (inp, 0);
- while (keydb_idx_parse (inp, &idx) != CDK_EOF)
- {
- if (keyid && KEYID_CMP (keyid, idx->keyid))
- {
- *r_off = idx->offset;
- break;
- }
- else if (fpr && !memcmp (idx->fpr, fpr, KEY_FPR_LEN))
- {
- *r_off = idx->offset;
- break;
- }
- }
- cdk_free (idx);
- return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF;
+ key_idx_t idx;
+
+ if (!inp || !r_off) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if ((keyid && fpr) || (!keyid && !fpr)) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ /* We need an initialize the offset var with a value
+ because it might be possible the returned offset will
+ be 0 and then we cannot differ between the begin and an EOF. */
+ *r_off = 0xFFFFFFFF;
+ cdk_stream_seek(inp, 0);
+ while (keydb_idx_parse(inp, &idx) != CDK_EOF) {
+ if (keyid && KEYID_CMP(keyid, idx->keyid)) {
+ *r_off = idx->offset;
+ break;
+ } else if (fpr && !memcmp(idx->fpr, fpr, KEY_FPR_LEN)) {
+ *r_off = idx->offset;
+ break;
+ }
+ }
+ cdk_free(idx);
+ return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF;
}
@@ -285,33 +266,31 @@ keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
* Create a new keyring db handle from the contents of a buffer.
*/
cdk_error_t
-cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_db, int secret, int armor,
- const void *data, size_t datlen)
+cdk_keydb_new_from_mem(cdk_keydb_hd_t * r_db, int secret, int armor,
+ const void *data, size_t datlen)
{
- cdk_keydb_hd_t db;
- cdk_error_t rc;
-
- if (!r_db)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- *r_db = NULL;
- db = calloc (1, sizeof *db);
- rc = cdk_stream_tmp_from_mem (data, datlen, &db->fp);
- if (!db->fp)
- {
- cdk_free (db);
- gnutls_assert ();
- return rc;
- }
-
- if (armor)
- cdk_stream_set_armor_flag (db->fp, 0);
- db->type = CDK_DBTYPE_DATA;
- db->secret = secret;
- *r_db = db;
- return 0;
+ cdk_keydb_hd_t db;
+ cdk_error_t rc;
+
+ if (!r_db) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ *r_db = NULL;
+ db = calloc(1, sizeof *db);
+ rc = cdk_stream_tmp_from_mem(data, datlen, &db->fp);
+ if (!db->fp) {
+ cdk_free(db);
+ gnutls_assert();
+ return rc;
+ }
+
+ if (armor)
+ cdk_stream_set_armor_flag(db->fp, 0);
+ db->type = CDK_DBTYPE_DATA;
+ db->secret = secret;
+ *r_db = db;
+ return 0;
}
/**
@@ -320,294 +299,266 @@ cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_db, int secret, int armor,
*
* Free the keydb object.
**/
-void
-cdk_keydb_free (cdk_keydb_hd_t hd)
+void cdk_keydb_free(cdk_keydb_hd_t hd)
{
- if (!hd)
- return;
+ if (!hd)
+ return;
- if (hd->name)
- {
- cdk_free (hd->name);
- hd->name = NULL;
- }
+ if (hd->name) {
+ cdk_free(hd->name);
+ hd->name = NULL;
+ }
- if (hd->fp && !hd->fp_ref)
- {
- cdk_stream_close (hd->fp);
- hd->fp = NULL;
- }
+ if (hd->fp && !hd->fp_ref) {
+ cdk_stream_close(hd->fp);
+ hd->fp = NULL;
+ }
- hd->isopen = 0;
- hd->secret = 0;
- cdk_free (hd);
+ hd->isopen = 0;
+ hd->secret = 0;
+ cdk_free(hd);
}
static cdk_error_t
-_cdk_keydb_open (cdk_keydb_hd_t hd, cdk_stream_t * ret_kr)
+_cdk_keydb_open(cdk_keydb_hd_t hd, cdk_stream_t * ret_kr)
{
- cdk_error_t rc;
- cdk_stream_t kr;
-
- if (!hd || !ret_kr)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = 0;
- if ((hd->type == CDK_DBTYPE_DATA)
- && hd->fp)
- {
- kr = hd->fp;
- cdk_stream_seek (kr, 0);
- }
- else if (hd->type == CDK_DBTYPE_PK_KEYRING ||
- hd->type == CDK_DBTYPE_SK_KEYRING)
- {
- rc = cdk_stream_open (hd->name, &kr);
-
- if (rc)
- goto leave;
- }
- else
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
-leave:
-
- *ret_kr = kr;
- return rc;
+ cdk_error_t rc;
+ cdk_stream_t kr;
+
+ if (!hd || !ret_kr) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = 0;
+ if ((hd->type == CDK_DBTYPE_DATA)
+ && hd->fp) {
+ kr = hd->fp;
+ cdk_stream_seek(kr, 0);
+ } else if (hd->type == CDK_DBTYPE_PK_KEYRING ||
+ hd->type == CDK_DBTYPE_SK_KEYRING) {
+ rc = cdk_stream_open(hd->name, &kr);
+
+ if (rc)
+ goto leave;
+ } else {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ leave:
+
+ *ret_kr = kr;
+ return rc;
}
-static int
-find_by_keyid (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+static int find_by_keyid(cdk_kbnode_t knode, cdk_keydb_search_t ks)
{
- cdk_kbnode_t node;
- u32 keyid[2];
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- _cdk_pkt_get_keyid (node->pkt, keyid);
- switch (ks->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- if (keyid[1] == ks->u.keyid[1])
- return 1;
- break;
-
- case CDK_DBSEARCH_KEYID:
- if (KEYID_CMP (keyid, ks->u.keyid))
- return 1;
- break;
-
- default:
- _cdk_log_debug ("find_by_keyid: invalid mode = %d\n", ks->type);
- return 0;
- }
- }
- }
- return 0;
+ cdk_kbnode_t node;
+ u32 keyid[2];
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ _cdk_pkt_get_keyid(node->pkt, keyid);
+ switch (ks->type) {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ if (keyid[1] == ks->u.keyid[1])
+ return 1;
+ break;
+
+ case CDK_DBSEARCH_KEYID:
+ if (KEYID_CMP(keyid, ks->u.keyid))
+ return 1;
+ break;
+
+ default:
+ _cdk_log_debug
+ ("find_by_keyid: invalid mode = %d\n",
+ ks->type);
+ return 0;
+ }
+ }
+ }
+ return 0;
}
-static int
-find_by_fpr (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+static int find_by_fpr(cdk_kbnode_t knode, cdk_keydb_search_t ks)
{
- cdk_kbnode_t node;
- byte fpr[KEY_FPR_LEN];
-
- if (ks->type != CDK_DBSEARCH_FPR)
- return 0;
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- _cdk_pkt_get_fingerprint (node->pkt, fpr);
- if (!memcmp (ks->u.fpr, fpr, KEY_FPR_LEN))
- return 1;
- break;
- }
- }
-
- return 0;
+ cdk_kbnode_t node;
+ byte fpr[KEY_FPR_LEN];
+
+ if (ks->type != CDK_DBSEARCH_FPR)
+ return 0;
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ _cdk_pkt_get_fingerprint(node->pkt, fpr);
+ if (!memcmp(ks->u.fpr, fpr, KEY_FPR_LEN))
+ return 1;
+ break;
+ }
+ }
+
+ return 0;
}
-static int
-find_by_pattern (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+static int find_by_pattern(cdk_kbnode_t knode, cdk_keydb_search_t ks)
{
- cdk_kbnode_t node;
- size_t uidlen;
- char *name;
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype != CDK_PKT_USER_ID)
- continue;
- if (node->pkt->pkt.user_id->attrib_img != NULL)
- continue; /* Skip attribute packets. */
- uidlen = node->pkt->pkt.user_id->len;
- name = node->pkt->pkt.user_id->name;
- switch (ks->type)
- {
- case CDK_DBSEARCH_EXACT:
- if (name &&
- (strlen (ks->u.pattern) == uidlen &&
- !strncmp (ks->u.pattern, name, uidlen)))
- return 1;
- break;
-
- case CDK_DBSEARCH_SUBSTR:
- if (uidlen > 65536)
- break;
- if (name && strlen (ks->u.pattern) > uidlen)
- break;
- if (name && _cdk_memistr (name, uidlen, ks->u.pattern))
- return 1;
- break;
-
- default: /* Invalid mode */
- return 0;
- }
- }
- return 0;
+ cdk_kbnode_t node;
+ size_t uidlen;
+ char *name;
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype != CDK_PKT_USER_ID)
+ continue;
+ if (node->pkt->pkt.user_id->attrib_img != NULL)
+ continue; /* Skip attribute packets. */
+ uidlen = node->pkt->pkt.user_id->len;
+ name = node->pkt->pkt.user_id->name;
+ switch (ks->type) {
+ case CDK_DBSEARCH_EXACT:
+ if (name &&
+ (strlen(ks->u.pattern) == uidlen &&
+ !strncmp(ks->u.pattern, name, uidlen)))
+ return 1;
+ break;
+
+ case CDK_DBSEARCH_SUBSTR:
+ if (uidlen > 65536)
+ break;
+ if (name && strlen(ks->u.pattern) > uidlen)
+ break;
+ if (name
+ && _cdk_memistr(name, uidlen, ks->u.pattern))
+ return 1;
+ break;
+
+ default: /* Invalid mode */
+ return 0;
+ }
+ }
+ return 0;
}
-static void
-keydb_cache_free (key_table_t cache)
+static void keydb_cache_free(key_table_t cache)
{
- key_table_t c2;
-
- while (cache)
- {
- c2 = cache->next;
- cache->offset = 0;
- cdk_free (cache);
- cache = c2;
- }
+ key_table_t c2;
+
+ while (cache) {
+ c2 = cache->next;
+ cache->offset = 0;
+ cdk_free(cache);
+ cache = c2;
+ }
}
-static key_table_t
-keydb_cache_find (cdk_keydb_search_t desc)
+static key_table_t keydb_cache_find(cdk_keydb_search_t desc)
{
- key_table_t cache = desc->cache;
- key_table_t t;
-
- for (t = cache; t; t = t->next)
- {
- switch (desc->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- if (KEYID_CMP (desc->u.keyid, desc->u.keyid))
- return t;
- break;
-
- case CDK_DBSEARCH_EXACT:
- if (strlen (desc->u.pattern) == strlen (desc->u.pattern) &&
- !strcmp (desc->u.pattern, desc->u.pattern))
- return t;
- break;
-
- case CDK_DBSEARCH_SUBSTR:
- if (strstr (desc->u.pattern, desc->u.pattern))
- return t;
- break;
-
- case CDK_DBSEARCH_FPR:
- if (!memcmp (desc->u.fpr, desc->u.fpr, KEY_FPR_LEN))
- return t;
- break;
- }
- }
-
- return NULL;
+ key_table_t cache = desc->cache;
+ key_table_t t;
+
+ for (t = cache; t; t = t->next) {
+ switch (desc->type) {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ if (KEYID_CMP(desc->u.keyid, desc->u.keyid))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_EXACT:
+ if (strlen(desc->u.pattern) ==
+ strlen(desc->u.pattern)
+ && !strcmp(desc->u.pattern, desc->u.pattern))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_SUBSTR:
+ if (strstr(desc->u.pattern, desc->u.pattern))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ if (!memcmp(desc->u.fpr, desc->u.fpr, KEY_FPR_LEN))
+ return t;
+ break;
+ }
+ }
+
+ return NULL;
}
-static cdk_error_t
-keydb_cache_add (cdk_keydb_search_t dbs, off_t offset)
+static cdk_error_t keydb_cache_add(cdk_keydb_search_t dbs, off_t offset)
{
- key_table_t k;
-
- if (dbs->ncache > KEYDB_CACHE_ENTRIES)
- return 0; /* FIXME: we should replace the last entry. */
- k = cdk_calloc (1, sizeof *k);
- if (!k)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
- k->offset = offset;
-
- k->next = dbs->cache;
- dbs->cache = k;
- dbs->ncache++;
- _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int) offset,
- (int) dbs->type);
- return 0;
+ key_table_t k;
+
+ if (dbs->ncache > KEYDB_CACHE_ENTRIES)
+ return 0; /* FIXME: we should replace the last entry. */
+ k = cdk_calloc(1, sizeof *k);
+ if (!k) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+
+ k->offset = offset;
+
+ k->next = dbs->cache;
+ dbs->cache = k;
+ dbs->ncache++;
+ _cdk_log_debug("cache: add entry off=%d type=%d\n", (int) offset,
+ (int) dbs->type);
+ return 0;
}
-static cdk_error_t
-idx_init (cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
+static cdk_error_t idx_init(cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
{
- cdk_error_t ec, rc = 0;
-
- if (cdk_stream_get_length (db->fp) < 524288)
- {
- dbs->no_cache = 1;
- goto leave;
- }
-
- dbs->idx_name = keydb_idx_mkname (db->name);
- if (!dbs->idx_name)
- {
- rc = CDK_Out_Of_Core;
- goto leave;
- }
- ec = cdk_stream_open (dbs->idx_name, &dbs->idx);
-
- if (ec && !db->secret)
- {
- rc = keydb_idx_build (db->name);
- if (!rc)
- rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
- if (!rc)
- {
- _cdk_log_debug ("create key index table\n");
- }
- else
- {
- /* This is no real error, it just means we can't create
- the index at the given directory. maybe we've no write
- access. in this case, we simply disable the index. */
- _cdk_log_debug ("disable key index table err=%d\n", rc);
- rc = 0;
- dbs->no_cache = 1;
- }
- }
-
-leave:
-
- return rc;
+ cdk_error_t ec, rc = 0;
+
+ if (cdk_stream_get_length(db->fp) < 524288) {
+ dbs->no_cache = 1;
+ goto leave;
+ }
+
+ dbs->idx_name = keydb_idx_mkname(db->name);
+ if (!dbs->idx_name) {
+ rc = CDK_Out_Of_Core;
+ goto leave;
+ }
+ ec = cdk_stream_open(dbs->idx_name, &dbs->idx);
+
+ if (ec && !db->secret) {
+ rc = keydb_idx_build(db->name);
+ if (!rc)
+ rc = cdk_stream_open(dbs->idx_name, &dbs->idx);
+ if (!rc) {
+ _cdk_log_debug("create key index table\n");
+ } else {
+ /* This is no real error, it just means we can't create
+ the index at the given directory. maybe we've no write
+ access. in this case, we simply disable the index. */
+ _cdk_log_debug("disable key index table err=%d\n",
+ rc);
+ rc = 0;
+ dbs->no_cache = 1;
+ }
+ }
+
+ leave:
+
+ return rc;
}
/**
@@ -620,216 +571,199 @@ leave:
* Create a new keydb search object.
**/
cdk_error_t
-cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type,
- void *desc)
+cdk_keydb_search_start(cdk_keydb_search_t * st, cdk_keydb_hd_t db,
+ int type, void *desc)
{
- u32 *keyid;
- char *p, tmp[3];
- int i;
- cdk_error_t rc;
-
- if (!db)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (type != CDK_DBSEARCH_NEXT && !desc)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- *st = cdk_calloc (1, sizeof (cdk_keydb_search_s));
- if (!(*st))
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
- rc = idx_init (db, *st);
- if (rc != CDK_Success)
- {
- free (*st);
- gnutls_assert ();
- return rc;
- }
-
- (*st)->type = type;
- switch (type)
- {
- case CDK_DBSEARCH_EXACT:
- case CDK_DBSEARCH_SUBSTR:
- cdk_free ((*st)->u.pattern);
- (*st)->u.pattern = cdk_strdup (desc);
- if (!(*st)->u.pattern)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- break;
-
- case CDK_DBSEARCH_SHORT_KEYID:
- keyid = desc;
- (*st)->u.keyid[1] = keyid[0];
- break;
-
- case CDK_DBSEARCH_KEYID:
- keyid = desc;
- (*st)->u.keyid[0] = keyid[0];
- (*st)->u.keyid[1] = keyid[1];
- break;
-
- case CDK_DBSEARCH_FPR:
- memcpy ((*st)->u.fpr, desc, KEY_FPR_LEN);
- break;
-
- case CDK_DBSEARCH_NEXT:
- break;
-
- case CDK_DBSEARCH_AUTO:
- /* Override the type with the actual db search type. */
- (*st)->type = classify_data (desc, strlen (desc));
- switch ((*st)->type)
- {
- case CDK_DBSEARCH_SUBSTR:
- case CDK_DBSEARCH_EXACT:
- cdk_free ((*st)->u.pattern);
- p = (*st)->u.pattern = cdk_strdup (desc);
- if (!p)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- break;
-
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- p = desc;
- if (!strncmp (p, "0x", 2))
- p += 2;
- if (strlen (p) == 8)
- {
- (*st)->u.keyid[0] = 0;
- (*st)->u.keyid[1] = strtoul (p, NULL, 16);
- }
- else if (strlen (p) == 16)
- {
- (*st)->u.keyid[0] = strtoul (p, NULL, 16);
- (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16);
- }
- else
- { /* Invalid key ID object. */
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- break;
-
- case CDK_DBSEARCH_FPR:
- p = desc;
- if (strlen (p) != 2 * KEY_FPR_LEN)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- for (i = 0; i < KEY_FPR_LEN; i++)
- {
- tmp[0] = p[2 * i];
- tmp[1] = p[2 * i + 1];
- tmp[2] = 0x00;
- (*st)->u.fpr[i] = strtoul (tmp, NULL, 16);
- }
- break;
- }
- break;
-
- default:
- cdk_free (*st);
- _cdk_log_debug ("cdk_keydb_search_start: invalid mode = %d\n", type);
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- return 0;
+ u32 *keyid;
+ char *p, tmp[3];
+ int i;
+ cdk_error_t rc;
+
+ if (!db) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (type != CDK_DBSEARCH_NEXT && !desc) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ *st = cdk_calloc(1, sizeof(cdk_keydb_search_s));
+ if (!(*st)) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+
+ rc = idx_init(db, *st);
+ if (rc != CDK_Success) {
+ free(*st);
+ gnutls_assert();
+ return rc;
+ }
+
+ (*st)->type = type;
+ switch (type) {
+ case CDK_DBSEARCH_EXACT:
+ case CDK_DBSEARCH_SUBSTR:
+ cdk_free((*st)->u.pattern);
+ (*st)->u.pattern = cdk_strdup(desc);
+ if (!(*st)->u.pattern) {
+ cdk_free(*st);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ break;
+
+ case CDK_DBSEARCH_SHORT_KEYID:
+ keyid = desc;
+ (*st)->u.keyid[1] = keyid[0];
+ break;
+
+ case CDK_DBSEARCH_KEYID:
+ keyid = desc;
+ (*st)->u.keyid[0] = keyid[0];
+ (*st)->u.keyid[1] = keyid[1];
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ memcpy((*st)->u.fpr, desc, KEY_FPR_LEN);
+ break;
+
+ case CDK_DBSEARCH_NEXT:
+ break;
+
+ case CDK_DBSEARCH_AUTO:
+ /* Override the type with the actual db search type. */
+ (*st)->type = classify_data(desc, strlen(desc));
+ switch ((*st)->type) {
+ case CDK_DBSEARCH_SUBSTR:
+ case CDK_DBSEARCH_EXACT:
+ cdk_free((*st)->u.pattern);
+ p = (*st)->u.pattern = cdk_strdup(desc);
+ if (!p) {
+ cdk_free(*st);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ break;
+
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ p = desc;
+ if (!strncmp(p, "0x", 2))
+ p += 2;
+ if (strlen(p) == 8) {
+ (*st)->u.keyid[0] = 0;
+ (*st)->u.keyid[1] = strtoul(p, NULL, 16);
+ } else if (strlen(p) == 16) {
+ (*st)->u.keyid[0] = strtoul(p, NULL, 16);
+ (*st)->u.keyid[1] =
+ strtoul(p + 8, NULL, 16);
+ } else { /* Invalid key ID object. */
+ cdk_free(*st);
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ p = desc;
+ if (strlen(p) != 2 * KEY_FPR_LEN) {
+ cdk_free(*st);
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ for (i = 0; i < KEY_FPR_LEN; i++) {
+ tmp[0] = p[2 * i];
+ tmp[1] = p[2 * i + 1];
+ tmp[2] = 0x00;
+ (*st)->u.fpr[i] = strtoul(tmp, NULL, 16);
+ }
+ break;
+ }
+ break;
+
+ default:
+ cdk_free(*st);
+ _cdk_log_debug
+ ("cdk_keydb_search_start: invalid mode = %d\n", type);
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ return 0;
}
static cdk_error_t
-keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
- int *r_cache_hit, off_t * r_off)
+keydb_pos_from_cache(cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
+ int *r_cache_hit, off_t * r_off)
{
- key_table_t c;
-
- if (!hd || !r_cache_hit || !r_off)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- /* Reset the values. */
- *r_cache_hit = 0;
- *r_off = 0;
-
- c = keydb_cache_find (ks);
- if (c != NULL)
- {
- _cdk_log_debug ("cache: found entry in cache.\n");
- *r_cache_hit = 1;
- *r_off = c->offset;
- return 0;
- }
-
- /* No index cache available so we just return here. */
- if (!ks->idx)
- return 0;
-
- if (ks->idx)
- {
- if (ks->type == CDK_DBSEARCH_KEYID)
- {
- if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off))
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- _cdk_log_debug ("cache: found keyid entry in idx table.\n");
- *r_cache_hit = 1;
- }
- else if (ks->type == CDK_DBSEARCH_FPR)
- {
- if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off))
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- _cdk_log_debug ("cache: found fpr entry in idx table.\n");
- *r_cache_hit = 1;
- }
- }
-
- return 0;
+ key_table_t c;
+
+ if (!hd || !r_cache_hit || !r_off) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ /* Reset the values. */
+ *r_cache_hit = 0;
+ *r_off = 0;
+
+ c = keydb_cache_find(ks);
+ if (c != NULL) {
+ _cdk_log_debug("cache: found entry in cache.\n");
+ *r_cache_hit = 1;
+ *r_off = c->offset;
+ return 0;
+ }
+
+ /* No index cache available so we just return here. */
+ if (!ks->idx)
+ return 0;
+
+ if (ks->idx) {
+ if (ks->type == CDK_DBSEARCH_KEYID) {
+ if (keydb_idx_search
+ (ks->idx, ks->u.keyid, NULL, r_off)) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ _cdk_log_debug
+ ("cache: found keyid entry in idx table.\n");
+ *r_cache_hit = 1;
+ } else if (ks->type == CDK_DBSEARCH_FPR) {
+ if (keydb_idx_search
+ (ks->idx, NULL, ks->u.fpr, r_off)) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ _cdk_log_debug
+ ("cache: found fpr entry in idx table.\n");
+ *r_cache_hit = 1;
+ }
+ }
+
+ return 0;
}
-void
-cdk_keydb_search_release (cdk_keydb_search_t st)
+void cdk_keydb_search_release(cdk_keydb_search_t st)
{
- if (st == NULL)
- return;
+ if (st == NULL)
+ return;
- keydb_cache_free (st->cache);
+ keydb_cache_free(st->cache);
- if (st->idx)
- cdk_stream_close (st->idx);
+ if (st->idx)
+ cdk_stream_close(st->idx);
- if (!st)
- return;
- if (st->type == CDK_DBSEARCH_EXACT || st->type == CDK_DBSEARCH_SUBSTR)
- cdk_free (st->u.pattern);
+ if (!st)
+ return;
+ if (st->type == CDK_DBSEARCH_EXACT
+ || st->type == CDK_DBSEARCH_SUBSTR)
+ cdk_free(st->u.pattern);
- cdk_free (st);
+ cdk_free(st);
}
/**
@@ -842,446 +776,423 @@ cdk_keydb_search_release (cdk_keydb_search_t st)
* via @ks. If the key was found, @ret_key contains the key data.
**/
cdk_error_t
-cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
- cdk_kbnode_t * ret_key)
+cdk_keydb_search(cdk_keydb_search_t st, cdk_keydb_hd_t hd,
+ cdk_kbnode_t * ret_key)
{
- cdk_stream_t kr;
- cdk_kbnode_t knode;
- cdk_error_t rc = 0;
- off_t pos = 0, off = 0;
- int key_found = 0, cache_hit = 0;
-
- if (!hd || !ret_key || !st)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- *ret_key = NULL;
- kr = NULL;
-
- rc = _cdk_keydb_open (hd, &kr);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- if (!st->no_cache)
- {
- /* It is possible the index is not up-to-date and thus we do
- not find the requesed key. In this case, we reset cache hit
- and continue our normal search procedure. */
- rc = keydb_pos_from_cache (hd, st, &cache_hit, &off);
- if (rc)
- cache_hit = 0;
- }
-
- knode = NULL;
-
- while (!key_found && !rc)
- {
- if (cache_hit && st->type != CDK_DBSEARCH_NEXT)
- cdk_stream_seek (kr, off);
- else if (st->type == CDK_DBSEARCH_NEXT)
- cdk_stream_seek (kr, st->off);
-
- pos = cdk_stream_tell (kr);
-
- rc = cdk_keydb_get_keyblock (kr, &knode);
-
- if (rc)
- {
- if (rc == CDK_EOF)
- break;
- else
- {
- gnutls_assert ();
- return rc;
- }
- }
-
- switch (st->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- key_found = find_by_keyid (knode, st);
- break;
-
- case CDK_DBSEARCH_FPR:
- key_found = find_by_fpr (knode, st);
- break;
-
- case CDK_DBSEARCH_EXACT:
- case CDK_DBSEARCH_SUBSTR:
- key_found = find_by_pattern (knode, st);
- break;
-
- case CDK_DBSEARCH_NEXT:
- st->off = cdk_stream_tell (kr);
- key_found = knode ? 1 : 0;
- break;
- }
-
- if (key_found)
- {
- if (!keydb_cache_find (st))
- keydb_cache_add (st, pos);
- break;
- }
-
- cdk_kbnode_release (knode);
- knode = NULL;
- }
-
- if (key_found && rc == CDK_EOF)
- rc = 0;
- else if (rc == CDK_EOF && !key_found)
- {
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- }
- *ret_key = key_found ? knode : NULL;
- return rc;
+ cdk_stream_t kr;
+ cdk_kbnode_t knode;
+ cdk_error_t rc = 0;
+ off_t pos = 0, off = 0;
+ int key_found = 0, cache_hit = 0;
+
+ if (!hd || !ret_key || !st) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ *ret_key = NULL;
+ kr = NULL;
+
+ rc = _cdk_keydb_open(hd, &kr);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ if (!st->no_cache) {
+ /* It is possible the index is not up-to-date and thus we do
+ not find the requesed key. In this case, we reset cache hit
+ and continue our normal search procedure. */
+ rc = keydb_pos_from_cache(hd, st, &cache_hit, &off);
+ if (rc)
+ cache_hit = 0;
+ }
+
+ knode = NULL;
+
+ while (!key_found && !rc) {
+ if (cache_hit && st->type != CDK_DBSEARCH_NEXT)
+ cdk_stream_seek(kr, off);
+ else if (st->type == CDK_DBSEARCH_NEXT)
+ cdk_stream_seek(kr, st->off);
+
+ pos = cdk_stream_tell(kr);
+
+ rc = cdk_keydb_get_keyblock(kr, &knode);
+
+ if (rc) {
+ if (rc == CDK_EOF)
+ break;
+ else {
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ switch (st->type) {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ key_found = find_by_keyid(knode, st);
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ key_found = find_by_fpr(knode, st);
+ break;
+
+ case CDK_DBSEARCH_EXACT:
+ case CDK_DBSEARCH_SUBSTR:
+ key_found = find_by_pattern(knode, st);
+ break;
+
+ case CDK_DBSEARCH_NEXT:
+ st->off = cdk_stream_tell(kr);
+ key_found = knode ? 1 : 0;
+ break;
+ }
+
+ if (key_found) {
+ if (!keydb_cache_find(st))
+ keydb_cache_add(st, pos);
+ break;
+ }
+
+ cdk_kbnode_release(knode);
+ knode = NULL;
+ }
+
+ if (key_found && rc == CDK_EOF)
+ rc = 0;
+ else if (rc == CDK_EOF && !key_found) {
+ gnutls_assert();
+ rc = CDK_Error_No_Key;
+ }
+ *ret_key = key_found ? knode : NULL;
+ return rc;
}
cdk_error_t
-cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, u32 * keyid, cdk_kbnode_t * ret_key)
+cdk_keydb_get_bykeyid(cdk_keydb_hd_t hd, u32 * keyid,
+ cdk_kbnode_t * ret_key)
{
- cdk_error_t rc;
- cdk_keydb_search_t st;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
- if (!hd || !keyid || !ret_key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ if (!hd || !keyid || !ret_key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
- if (!rc)
- rc = cdk_keydb_search (st, hd, ret_key);
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (!rc)
+ rc = cdk_keydb_search(st, hd, ret_key);
- cdk_keydb_search_release (st);
- return rc;
+ cdk_keydb_search_release(st);
+ return rc;
}
cdk_error_t
-cdk_keydb_get_byfpr (cdk_keydb_hd_t hd, const byte * fpr,
- cdk_kbnode_t * r_key)
+cdk_keydb_get_byfpr(cdk_keydb_hd_t hd, const byte * fpr,
+ cdk_kbnode_t * r_key)
{
- cdk_error_t rc;
- cdk_keydb_search_t st;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
- if (!hd || !fpr || !r_key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ if (!hd || !fpr || !r_key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_FPR, (byte *) fpr);
- if (!rc)
- rc = cdk_keydb_search (st, hd, r_key);
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_FPR,
+ (byte *) fpr);
+ if (!rc)
+ rc = cdk_keydb_search(st, hd, r_key);
- cdk_keydb_search_release (st);
- return rc;
+ cdk_keydb_search_release(st);
+ return rc;
}
cdk_error_t
-cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
- cdk_kbnode_t * ret_key)
+cdk_keydb_get_bypattern(cdk_keydb_hd_t hd, const char *patt,
+ cdk_kbnode_t * ret_key)
{
- cdk_error_t rc;
- cdk_keydb_search_t st;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
- if (!hd || !patt || !ret_key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ if (!hd || !patt || !ret_key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_SUBSTR, (char *) patt);
- if (!rc)
- rc = cdk_keydb_search (st, hd, ret_key);
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_SUBSTR,
+ (char *) patt);
+ if (!rc)
+ rc = cdk_keydb_search(st, hd, ret_key);
- if (rc)
- gnutls_assert ();
+ if (rc)
+ gnutls_assert();
- cdk_keydb_search_release (st);
- return rc;
+ cdk_keydb_search_release(st);
+ return rc;
}
-static int
-keydb_check_key (cdk_packet_t pkt)
+static int keydb_check_key(cdk_packet_t pkt)
{
- cdk_pkt_pubkey_t pk;
- int is_sk, valid;
-
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- {
- pk = pkt->pkt.public_key;
- is_sk = 0;
- }
- else if (pkt->pkttype == CDK_PKT_SECRET_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- pk = pkt->pkt.secret_key->pk;
- is_sk = 1;
- }
- else /* No key object. */
- return 0;
- valid = !pk->is_revoked && !pk->has_expired;
- if (is_sk)
- return valid;
- return valid && !pk->is_invalid;
+ cdk_pkt_pubkey_t pk;
+ int is_sk, valid;
+
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) {
+ pk = pkt->pkt.public_key;
+ is_sk = 0;
+ } else if (pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ pk = pkt->pkt.secret_key->pk;
+ is_sk = 1;
+ } else /* No key object. */
+ return 0;
+ valid = !pk->is_revoked && !pk->has_expired;
+ if (is_sk)
+ return valid;
+ return valid && !pk->is_invalid;
}
/* Find the first kbnode with the requested packet type
that represents a valid key. */
static cdk_kbnode_t
-kbnode_find_valid (cdk_kbnode_t root, cdk_packet_type_t pkttype)
+kbnode_find_valid(cdk_kbnode_t root, cdk_packet_type_t pkttype)
{
- cdk_kbnode_t n;
+ cdk_kbnode_t n;
- for (n = root; n; n = n->next)
- {
- if (n->pkt->pkttype != pkttype)
- continue;
- if (keydb_check_key (n->pkt))
- return n;
- }
+ for (n = root; n; n = n->next) {
+ if (n->pkt->pkttype != pkttype)
+ continue;
+ if (keydb_check_key(n->pkt))
+ return n;
+ }
- return NULL;
+ return NULL;
}
static cdk_kbnode_t
-keydb_find_byusage (cdk_kbnode_t root, int req_usage, int is_pk)
+keydb_find_byusage(cdk_kbnode_t root, int req_usage, int is_pk)
{
- cdk_kbnode_t node, key;
- int req_type;
- long timestamp;
-
- req_type = is_pk ? CDK_PKT_PUBLIC_KEY : CDK_PKT_SECRET_KEY;
- if (!req_usage)
- return kbnode_find_valid (root, req_type);
-
- node = cdk_kbnode_find (root, req_type);
- if (node && !keydb_check_key (node->pkt))
- return NULL;
-
- key = NULL;
- timestamp = 0;
- /* We iteratre over the all nodes and search for keys or
- subkeys which match the usage and which are not invalid.
- A timestamp is used to figure out the newest valid key. */
- for (node = root; node; node = node->next)
- {
- if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- && keydb_check_key (node->pkt)
- && (node->pkt->pkt.public_key->pubkey_usage & req_usage))
- {
- if (node->pkt->pkt.public_key->timestamp > timestamp)
- key = node;
- }
- if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- && keydb_check_key (node->pkt)
- && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage))
- {
- if (node->pkt->pkt.secret_key->pk->timestamp > timestamp)
- key = node;
- }
-
- }
- return key;
+ cdk_kbnode_t node, key;
+ int req_type;
+ long timestamp;
+
+ req_type = is_pk ? CDK_PKT_PUBLIC_KEY : CDK_PKT_SECRET_KEY;
+ if (!req_usage)
+ return kbnode_find_valid(root, req_type);
+
+ node = cdk_kbnode_find(root, req_type);
+ if (node && !keydb_check_key(node->pkt))
+ return NULL;
+
+ key = NULL;
+ timestamp = 0;
+ /* We iteratre over the all nodes and search for keys or
+ subkeys which match the usage and which are not invalid.
+ A timestamp is used to figure out the newest valid key. */
+ for (node = root; node; node = node->next) {
+ if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ && keydb_check_key(node->pkt)
+ && (node->pkt->pkt.public_key->
+ pubkey_usage & req_usage)) {
+ if (node->pkt->pkt.public_key->timestamp >
+ timestamp)
+ key = node;
+ }
+ if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ && keydb_check_key(node->pkt)
+ && (node->pkt->pkt.secret_key->pk->
+ pubkey_usage & req_usage)) {
+ if (node->pkt->pkt.secret_key->pk->timestamp >
+ timestamp)
+ key = node;
+ }
+
+ }
+ return key;
}
static cdk_kbnode_t
-keydb_find_bykeyid (cdk_kbnode_t root, const u32 * keyid, int search_mode)
+keydb_find_bykeyid(cdk_kbnode_t root, const u32 * keyid, int search_mode)
{
- cdk_kbnode_t node;
- u32 kid[2];
-
- for (node = root; node; node = node->next)
- {
- if (!_cdk_pkt_get_keyid (node->pkt, kid))
- continue;
- if (search_mode == CDK_DBSEARCH_SHORT_KEYID && kid[1] == keyid[1])
- return node;
- else if (kid[0] == keyid[0] && kid[1] == keyid[1])
- return node;
- }
- return NULL;
+ cdk_kbnode_t node;
+ u32 kid[2];
+
+ for (node = root; node; node = node->next) {
+ if (!_cdk_pkt_get_keyid(node->pkt, kid))
+ continue;
+ if (search_mode == CDK_DBSEARCH_SHORT_KEYID
+ && kid[1] == keyid[1])
+ return node;
+ else if (kid[0] == keyid[0] && kid[1] == keyid[1])
+ return node;
+ }
+ return NULL;
}
cdk_error_t
-_cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_seckey_t * ret_sk, int usage)
+_cdk_keydb_get_sk_byusage(cdk_keydb_hd_t hd, const char *name,
+ cdk_seckey_t * ret_sk, int usage)
{
- cdk_kbnode_t knode = NULL;
- cdk_kbnode_t node, sk_node, pk_node;
- cdk_pkt_seckey_t sk;
- cdk_error_t rc;
- const char *s;
- int pkttype;
- cdk_keydb_search_t st;
-
- if (!ret_sk || !usage)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Error_No_Keyring;
- }
-
- *ret_sk = NULL;
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = cdk_keydb_search (st, hd, &knode);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- cdk_keydb_search_release (st);
-
- sk_node = keydb_find_byusage (knode, usage, 0);
- if (!sk_node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Unusable_Key;
- }
-
- /* We clone the node with the secret key to avoid that the
- packet will be released. */
- _cdk_kbnode_clone (sk_node);
- sk = sk_node->pkt->pkt.secret_key;
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_USER_ID)
- {
- s = node->pkt->pkt.user_id->name;
- if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name))
- {
- _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id);
- break;
- }
- }
- }
-
- /* To find the self signature, we need the primary public key because
- the selected secret key might be different from the primary key. */
- pk_node = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
- if (!pk_node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Unusable_Key;
- }
- node = find_selfsig_node (knode, pk_node->pkt->pkt.secret_key->pk);
- if (sk && sk->pk && sk->pk->uid && node)
- _cdk_copy_signature (&sk->pk->uid->selfsig, node->pkt->pkt.signature);
-
- /* We only release the outer packet. */
- _cdk_pkt_detach_free (sk_node->pkt, &pkttype, (void *) &sk);
- cdk_kbnode_release (knode);
- *ret_sk = sk;
- return rc;
+ cdk_kbnode_t knode = NULL;
+ cdk_kbnode_t node, sk_node, pk_node;
+ cdk_pkt_seckey_t sk;
+ cdk_error_t rc;
+ const char *s;
+ int pkttype;
+ cdk_keydb_search_t st;
+
+ if (!ret_sk || !usage) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_sk = NULL;
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_AUTO,
+ (char *) name);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = cdk_keydb_search(st, hd, &knode);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ cdk_keydb_search_release(st);
+
+ sk_node = keydb_find_byusage(knode, usage, 0);
+ if (!sk_node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Unusable_Key;
+ }
+
+ /* We clone the node with the secret key to avoid that the
+ packet will be released. */
+ _cdk_kbnode_clone(sk_node);
+ sk = sk_node->pkt->pkt.secret_key;
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID) {
+ s = node->pkt->pkt.user_id->name;
+ if (sk && !sk->pk->uid
+ && _cdk_memistr(s, strlen(s), name)) {
+ _cdk_copy_userid(&sk->pk->uid,
+ node->pkt->pkt.user_id);
+ break;
+ }
+ }
+ }
+
+ /* To find the self signature, we need the primary public key because
+ the selected secret key might be different from the primary key. */
+ pk_node = cdk_kbnode_find(knode, CDK_PKT_SECRET_KEY);
+ if (!pk_node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Unusable_Key;
+ }
+ node = find_selfsig_node(knode, pk_node->pkt->pkt.secret_key->pk);
+ if (sk && sk->pk && sk->pk->uid && node)
+ _cdk_copy_signature(&sk->pk->uid->selfsig,
+ node->pkt->pkt.signature);
+
+ /* We only release the outer packet. */
+ _cdk_pkt_detach_free(sk_node->pkt, &pkttype, (void *) &sk);
+ cdk_kbnode_release(knode);
+ *ret_sk = sk;
+ return rc;
}
cdk_error_t
-_cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pubkey_t * ret_pk, int usage)
+_cdk_keydb_get_pk_byusage(cdk_keydb_hd_t hd, const char *name,
+ cdk_pubkey_t * ret_pk, int usage)
{
- cdk_kbnode_t knode, node, pk_node;
- cdk_pkt_pubkey_t pk;
- const char *s;
- cdk_error_t rc;
- cdk_keydb_search_t st;
-
- if (!ret_pk || !usage)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Error_No_Keyring;
- }
-
- *ret_pk = NULL;
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
- if (!rc)
- rc = cdk_keydb_search (st, hd, &knode);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- cdk_keydb_search_release (st);
-
- node = keydb_find_byusage (knode, usage, 1);
- if (!node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Unusable_Key;
- }
-
- pk = NULL;
- _cdk_copy_pubkey (&pk, node->pkt->pkt.public_key);
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_USER_ID)
- {
- s = node->pkt->pkt.user_id->name;
- if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name))
- {
- _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id);
- break;
- }
- }
- }
-
- /* Same as in the sk code, the selected key can be a sub key
- and thus we need the primary key to find the self sig. */
- pk_node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (!pk_node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Unusable_Key;
- }
- node = find_selfsig_node (knode, pk_node->pkt->pkt.public_key);
- if (pk && pk->uid && node)
- _cdk_copy_signature (&pk->uid->selfsig, node->pkt->pkt.signature);
- cdk_kbnode_release (knode);
-
- *ret_pk = pk;
- return rc;
+ cdk_kbnode_t knode, node, pk_node;
+ cdk_pkt_pubkey_t pk;
+ const char *s;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
+
+ if (!ret_pk || !usage) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_pk = NULL;
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_AUTO,
+ (char *) name);
+ if (!rc)
+ rc = cdk_keydb_search(st, hd, &knode);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ cdk_keydb_search_release(st);
+
+ node = keydb_find_byusage(knode, usage, 1);
+ if (!node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Unusable_Key;
+ }
+
+ pk = NULL;
+ _cdk_copy_pubkey(&pk, node->pkt->pkt.public_key);
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID) {
+ s = node->pkt->pkt.user_id->name;
+ if (pk && !pk->uid
+ && _cdk_memistr(s, strlen(s), name)) {
+ _cdk_copy_userid(&pk->uid,
+ node->pkt->pkt.user_id);
+ break;
+ }
+ }
+ }
+
+ /* Same as in the sk code, the selected key can be a sub key
+ and thus we need the primary key to find the self sig. */
+ pk_node = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (!pk_node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Unusable_Key;
+ }
+ node = find_selfsig_node(knode, pk_node->pkt->pkt.public_key);
+ if (pk && pk->uid && node)
+ _cdk_copy_signature(&pk->uid->selfsig,
+ node->pkt->pkt.signature);
+ cdk_kbnode_release(knode);
+
+ *ret_pk = pk;
+ return rc;
}
@@ -1295,57 +1206,52 @@ _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
* key without any signatures or user id's.
**/
cdk_error_t
-cdk_keydb_get_pk (cdk_keydb_hd_t hd, u32 * keyid, cdk_pubkey_t * r_pk)
+cdk_keydb_get_pk(cdk_keydb_hd_t hd, u32 * keyid, cdk_pubkey_t * r_pk)
{
- cdk_kbnode_t knode = NULL, node;
- cdk_pubkey_t pk;
- cdk_error_t rc;
- size_t s_type;
- int pkttype;
- cdk_keydb_search_t st;
-
- if (!keyid || !r_pk)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Error_No_Keyring;
- }
-
- *r_pk = NULL;
- s_type = !keyid[0] ? CDK_DBSEARCH_SHORT_KEYID : CDK_DBSEARCH_KEYID;
- rc = cdk_keydb_search_start (&st, hd, s_type, keyid);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- rc = cdk_keydb_search (st, hd, &knode);
- cdk_keydb_search_release (st);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- node = keydb_find_bykeyid (knode, keyid, s_type);
- if (!node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
-
- /* See comment in cdk_keydb_get_sk() */
- _cdk_pkt_detach_free (node->pkt, &pkttype, (void *) &pk);
- *r_pk = pk;
- _cdk_kbnode_clone (node);
- cdk_kbnode_release (knode);
-
- return rc;
+ cdk_kbnode_t knode = NULL, node;
+ cdk_pubkey_t pk;
+ cdk_error_t rc;
+ size_t s_type;
+ int pkttype;
+ cdk_keydb_search_t st;
+
+ if (!keyid || !r_pk) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Error_No_Keyring;
+ }
+
+ *r_pk = NULL;
+ s_type = !keyid[0] ? CDK_DBSEARCH_SHORT_KEYID : CDK_DBSEARCH_KEYID;
+ rc = cdk_keydb_search_start(&st, hd, s_type, keyid);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ rc = cdk_keydb_search(st, hd, &knode);
+ cdk_keydb_search_release(st);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ node = keydb_find_bykeyid(knode, keyid, s_type);
+ if (!node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+
+ /* See comment in cdk_keydb_get_sk() */
+ _cdk_pkt_detach_free(node->pkt, &pkttype, (void *) &pk);
+ *r_pk = pk;
+ _cdk_kbnode_clone(node);
+ cdk_kbnode_release(knode);
+
+ return rc;
}
@@ -1360,612 +1266,583 @@ cdk_keydb_get_pk (cdk_keydb_hd_t hd, u32 * keyid, cdk_pubkey_t * r_pk)
* like the user id or the signatures.
**/
cdk_error_t
-cdk_keydb_get_sk (cdk_keydb_hd_t hd, u32 * keyid, cdk_seckey_t * ret_sk)
+cdk_keydb_get_sk(cdk_keydb_hd_t hd, u32 * keyid, cdk_seckey_t * ret_sk)
{
- cdk_kbnode_t snode, node;
- cdk_seckey_t sk;
- cdk_error_t rc;
- int pkttype;
-
- if (!keyid || !ret_sk)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Error_No_Keyring;
- }
-
- *ret_sk = NULL;
- rc = cdk_keydb_get_bykeyid (hd, keyid, &snode);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- node = keydb_find_bykeyid (snode, keyid, CDK_DBSEARCH_KEYID);
- if (!node)
- {
- cdk_kbnode_release (snode);
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
-
- /* We need to release the packet itself but not its contents
- and thus we detach the openpgp packet and release the structure. */
- _cdk_pkt_detach_free (node->pkt, &pkttype, (void *) &sk);
- _cdk_kbnode_clone (node);
- cdk_kbnode_release (snode);
-
- *ret_sk = sk;
- return 0;
+ cdk_kbnode_t snode, node;
+ cdk_seckey_t sk;
+ cdk_error_t rc;
+ int pkttype;
+
+ if (!keyid || !ret_sk) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_sk = NULL;
+ rc = cdk_keydb_get_bykeyid(hd, keyid, &snode);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ node = keydb_find_bykeyid(snode, keyid, CDK_DBSEARCH_KEYID);
+ if (!node) {
+ cdk_kbnode_release(snode);
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+
+ /* We need to release the packet itself but not its contents
+ and thus we detach the openpgp packet and release the structure. */
+ _cdk_pkt_detach_free(node->pkt, &pkttype, (void *) &sk);
+ _cdk_kbnode_clone(node);
+ cdk_kbnode_release(snode);
+
+ *ret_sk = sk;
+ return 0;
}
-static int
-is_selfsig (cdk_kbnode_t node, const u32 * keyid)
+static int is_selfsig(cdk_kbnode_t node, const u32 * keyid)
{
- cdk_pkt_signature_t sig;
+ cdk_pkt_signature_t sig;
- if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
- return 0;
- sig = node->pkt->pkt.signature;
- if ((sig->sig_class >= 0x10 && sig->sig_class <= 0x13) &&
- sig->keyid[0] == keyid[0] && sig->keyid[1] == keyid[1])
- return 1;
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ return 0;
+ sig = node->pkt->pkt.signature;
+ if ((sig->sig_class >= 0x10 && sig->sig_class <= 0x13) &&
+ sig->keyid[0] == keyid[0] && sig->keyid[1] == keyid[1])
+ return 1;
- return 0;
+ return 0;
}
/* Find the newest self signature for the public key @pk
and return the signature node. */
static cdk_kbnode_t
-find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk)
+find_selfsig_node(cdk_kbnode_t key, cdk_pkt_pubkey_t pk)
{
- cdk_kbnode_t n, sig;
- unsigned int ts;
- u32 keyid[2];
-
- cdk_pk_get_keyid (pk, keyid);
- sig = NULL;
- ts = 0;
- for (n = key; n; n = n->next)
- {
- if (is_selfsig (n, keyid) && n->pkt->pkt.signature->timestamp > ts)
- {
- ts = n->pkt->pkt.signature->timestamp;
- sig = n;
- }
- }
-
- return sig;
+ cdk_kbnode_t n, sig;
+ unsigned int ts;
+ u32 keyid[2];
+
+ cdk_pk_get_keyid(pk, keyid);
+ sig = NULL;
+ ts = 0;
+ for (n = key; n; n = n->next) {
+ if (is_selfsig(n, keyid)
+ && n->pkt->pkt.signature->timestamp > ts) {
+ ts = n->pkt->pkt.signature->timestamp;
+ sig = n;
+ }
+ }
+
+ return sig;
}
-static unsigned int
-key_usage_to_cdk_usage (unsigned int usage)
+static unsigned int key_usage_to_cdk_usage(unsigned int usage)
{
- unsigned key_usage = 0;
-
- if (usage & 0x01) /* cert + sign data */
- key_usage |= CDK_KEY_USG_CERT_SIGN;
- if (usage & 0x02) /* cert + sign data */
- key_usage |= CDK_KEY_USG_DATA_SIGN;
- if (usage & 0x04) /* encrypt comm. + storage */
- key_usage |= CDK_KEY_USG_COMM_ENCR;
- if (usage & 0x08) /* encrypt comm. + storage */
- key_usage |= CDK_KEY_USG_STORAGE_ENCR;
- if (usage & 0x10) /* encrypt comm. + storage */
- key_usage |= CDK_KEY_USG_SPLIT_KEY;
- if (usage & 0x20)
- key_usage |= CDK_KEY_USG_AUTH;
- if (usage & 0x80) /* encrypt comm. + storage */
- key_usage |= CDK_KEY_USG_SHARED_KEY;
-
- return key_usage;
+ unsigned key_usage = 0;
+
+ if (usage & 0x01) /* cert + sign data */
+ key_usage |= CDK_KEY_USG_CERT_SIGN;
+ if (usage & 0x02) /* cert + sign data */
+ key_usage |= CDK_KEY_USG_DATA_SIGN;
+ if (usage & 0x04) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_COMM_ENCR;
+ if (usage & 0x08) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_STORAGE_ENCR;
+ if (usage & 0x10) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_SPLIT_KEY;
+ if (usage & 0x20)
+ key_usage |= CDK_KEY_USG_AUTH;
+ if (usage & 0x80) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_SHARED_KEY;
+
+ return key_usage;
}
-static cdk_error_t
-keydb_merge_selfsig (cdk_kbnode_t key, u32 * keyid)
+static cdk_error_t keydb_merge_selfsig(cdk_kbnode_t key, u32 * keyid)
{
- cdk_kbnode_t node, kbnode, unode;
- cdk_subpkt_t s = NULL;
- cdk_pkt_signature_t sig = NULL;
- cdk_pkt_userid_t uid = NULL;
- const byte *symalg = NULL, *hashalg = NULL, *compalg = NULL;
- size_t nsymalg = 0, nhashalg = 0, ncompalg = 0, n = 0;
- size_t key_expire = 0;
-
- if (!key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- for (node = key; node; node = node->next)
- {
- if (!is_selfsig (node, keyid))
- continue;
- unode = cdk_kbnode_find_prev (key, node, CDK_PKT_USER_ID);
- if (!unode)
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- uid = unode->pkt->pkt.user_id;
- sig = node->pkt->pkt.signature;
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PRIMARY_UID);
- if (s)
- uid->is_primary = 1;
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_FEATURES);
- if (s && s->size == 1 && s->d[0] & 0x01)
- uid->mdc_feature = 1;
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE);
- if (s && s->size == 4)
- key_expire = _cdk_buftou32 (s->d);
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_SYM);
- if (s)
- {
- symalg = s->d;
- nsymalg = s->size;
- n += s->size + 1;
- }
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_HASH);
- if (s)
- {
- hashalg = s->d;
- nhashalg = s->size;
- n += s->size + 1;
- }
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP);
- if (s)
- {
- compalg = s->d;
- ncompalg = s->size;
- n += s->size + 1;
- }
- if (uid->prefs != NULL)
- cdk_free (uid->prefs);
- if (!n || !hashalg || !compalg || !symalg)
- uid->prefs = NULL;
- else
- {
- uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1));
- if (!uid->prefs)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- n = 0;
- for (; nsymalg; nsymalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_SYM;
- uid->prefs[n].value = *symalg++;
- }
- for (; nhashalg; nhashalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_HASH;
- uid->prefs[n].value = *hashalg++;
- }
- for (; ncompalg; ncompalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_ZIP;
- uid->prefs[n].value = *compalg++;
- }
-
- uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */
- uid->prefs[n].value = 0;
- uid->prefs_size = n;
- }
- }
-
- /* Now we add the extracted information to the primary key. */
- kbnode = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
- if (kbnode)
- {
- cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key;
- if (uid && uid->prefs && n)
- {
- if (pk->prefs != NULL)
- cdk_free (pk->prefs);
- pk->prefs = _cdk_copy_prefs (uid->prefs);
- pk->prefs_size = n;
- }
- if (key_expire)
- {
- pk->expiredate = pk->timestamp + key_expire;
- pk->has_expired = pk->expiredate > (u32) gnutls_time (NULL) ? 0 : 1;
- }
-
- pk->is_invalid = 0;
- }
-
- return 0;
+ cdk_kbnode_t node, kbnode, unode;
+ cdk_subpkt_t s = NULL;
+ cdk_pkt_signature_t sig = NULL;
+ cdk_pkt_userid_t uid = NULL;
+ const byte *symalg = NULL, *hashalg = NULL, *compalg = NULL;
+ size_t nsymalg = 0, nhashalg = 0, ncompalg = 0, n = 0;
+ size_t key_expire = 0;
+
+ if (!key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ for (node = key; node; node = node->next) {
+ if (!is_selfsig(node, keyid))
+ continue;
+ unode = cdk_kbnode_find_prev(key, node, CDK_PKT_USER_ID);
+ if (!unode) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ uid = unode->pkt->pkt.user_id;
+ sig = node->pkt->pkt.signature;
+ s = cdk_subpkt_find(sig->hashed,
+ CDK_SIGSUBPKT_PRIMARY_UID);
+ if (s)
+ uid->is_primary = 1;
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_FEATURES);
+ if (s && s->size == 1 && s->d[0] & 0x01)
+ uid->mdc_feature = 1;
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s && s->size == 4)
+ key_expire = _cdk_buftou32(s->d);
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_PREFS_SYM);
+ if (s) {
+ symalg = s->d;
+ nsymalg = s->size;
+ n += s->size + 1;
+ }
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_PREFS_HASH);
+ if (s) {
+ hashalg = s->d;
+ nhashalg = s->size;
+ n += s->size + 1;
+ }
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP);
+ if (s) {
+ compalg = s->d;
+ ncompalg = s->size;
+ n += s->size + 1;
+ }
+ if (uid->prefs != NULL)
+ cdk_free(uid->prefs);
+ if (!n || !hashalg || !compalg || !symalg)
+ uid->prefs = NULL;
+ else {
+ uid->prefs =
+ cdk_calloc(1, sizeof(*uid->prefs) * (n + 1));
+ if (!uid->prefs) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ n = 0;
+ for (; nsymalg; nsymalg--, n++) {
+ uid->prefs[n].type = CDK_PREFTYPE_SYM;
+ uid->prefs[n].value = *symalg++;
+ }
+ for (; nhashalg; nhashalg--, n++) {
+ uid->prefs[n].type = CDK_PREFTYPE_HASH;
+ uid->prefs[n].value = *hashalg++;
+ }
+ for (; ncompalg; ncompalg--, n++) {
+ uid->prefs[n].type = CDK_PREFTYPE_ZIP;
+ uid->prefs[n].value = *compalg++;
+ }
+
+ uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */
+ uid->prefs[n].value = 0;
+ uid->prefs_size = n;
+ }
+ }
+
+ /* Now we add the extracted information to the primary key. */
+ kbnode = cdk_kbnode_find(key, CDK_PKT_PUBLIC_KEY);
+ if (kbnode) {
+ cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key;
+ if (uid && uid->prefs && n) {
+ if (pk->prefs != NULL)
+ cdk_free(pk->prefs);
+ pk->prefs = _cdk_copy_prefs(uid->prefs);
+ pk->prefs_size = n;
+ }
+ if (key_expire) {
+ pk->expiredate = pk->timestamp + key_expire;
+ pk->has_expired =
+ pk->expiredate >
+ (u32) gnutls_time(NULL) ? 0 : 1;
+ }
+
+ pk->is_invalid = 0;
+ }
+
+ return 0;
}
static cdk_error_t
-keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
+keydb_parse_allsigs(cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
{
- cdk_kbnode_t node, kb;
- cdk_pkt_signature_t sig;
- cdk_pkt_pubkey_t pk;
- cdk_subpkt_t s = NULL;
- u32 expiredate = 0, curtime = (u32) gnutls_time (NULL);
- u32 keyid[2];
-
- if (!knode)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (check && !hd)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- kb = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
- if (kb)
- return 0;
-
- /* Reset */
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_USER_ID)
- node->pkt->pkt.user_id->is_revoked = 0;
- else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- node->pkt->pkt.public_key->is_revoked = 0;
- }
-
- kb = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (!kb)
- {
- gnutls_assert ();
- return CDK_Wrong_Format;
- }
- cdk_pk_get_keyid (kb->pkt->pkt.public_key, keyid);
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE)
- {
- sig = node->pkt->pkt.signature;
- /* Revocation certificates for primary keys */
- if (sig->sig_class == 0x20)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
- if (kb)
- {
- kb->pkt->pkt.public_key->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Revocation certificates for subkeys */
- else if (sig->sig_class == 0x28)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
- if (kb)
- {
- kb->pkt->pkt.public_key->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Revocation certifcates for user ID's */
- else if (sig->sig_class == 0x30)
- {
- if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1])
- continue; /* revokes an earlier signature, no userID. */
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID);
- if (kb)
- {
- kb->pkt->pkt.user_id->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Direct certificates for primary keys */
- else if (sig->sig_class == 0x1F)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
- if (kb)
- {
- pk = kb->pkt->pkt.public_key;
- pk->is_invalid = 0;
- s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_EXPIRE);
- if (s)
- {
- expiredate = _cdk_buftou32 (s->d);
- pk->expiredate = pk->timestamp + expiredate;
- pk->has_expired = pk->expiredate > curtime ? 0 : 1;
- }
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Direct certificates for subkeys */
- else if (sig->sig_class == 0x18)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
- if (kb)
- {
- pk = kb->pkt->pkt.public_key;
- pk->is_invalid = 0;
- s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_EXPIRE);
- if (s)
- {
- expiredate = _cdk_buftou32 (s->d);
- pk->expiredate = pk->timestamp + expiredate;
- pk->has_expired = pk->expiredate > curtime ? 0 : 1;
- }
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- }
- }
- node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (node && node->pkt->pkt.public_key->version == 3)
- {
- /* v3 public keys have no additonal signatures for the key directly.
- we say the key is valid when we have at least a self signature. */
- pk = node->pkt->pkt.public_key;
- for (node = knode; node; node = node->next)
- {
- if (is_selfsig (node, keyid))
- {
- pk->is_invalid = 0;
- break;
- }
- }
- }
- if (node && (node->pkt->pkt.public_key->is_revoked ||
- node->pkt->pkt.public_key->has_expired))
- {
- /* If the primary key has been revoked, mark all subkeys as invalid
- because without a primary key they are not useable */
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- node->pkt->pkt.public_key->is_invalid = 1;
- }
- }
-
- return 0;
+ cdk_kbnode_t node, kb;
+ cdk_pkt_signature_t sig;
+ cdk_pkt_pubkey_t pk;
+ cdk_subpkt_t s = NULL;
+ u32 expiredate = 0, curtime = (u32) gnutls_time(NULL);
+ u32 keyid[2];
+
+ if (!knode) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (check && !hd) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ kb = cdk_kbnode_find(knode, CDK_PKT_SECRET_KEY);
+ if (kb)
+ return 0;
+
+ /* Reset */
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID)
+ node->pkt->pkt.user_id->is_revoked = 0;
+ else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ node->pkt->pkt.public_key->is_revoked = 0;
+ }
+
+ kb = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (!kb) {
+ gnutls_assert();
+ return CDK_Wrong_Format;
+ }
+ cdk_pk_get_keyid(kb->pkt->pkt.public_key, keyid);
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE) {
+ sig = node->pkt->pkt.signature;
+ /* Revocation certificates for primary keys */
+ if (sig->sig_class == 0x20) {
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_PUBLIC_KEY);
+ if (kb) {
+ kb->pkt->pkt.public_key->
+ is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Revocation certificates for subkeys */
+ else if (sig->sig_class == 0x28) {
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_PUBLIC_SUBKEY);
+ if (kb) {
+ kb->pkt->pkt.public_key->
+ is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Revocation certifcates for user ID's */
+ else if (sig->sig_class == 0x30) {
+ if (sig->keyid[0] != keyid[0]
+ || sig->keyid[1] != keyid[1])
+ continue; /* revokes an earlier signature, no userID. */
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_USER_ID);
+ if (kb) {
+ kb->pkt->pkt.user_id->is_revoked =
+ 1;
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Direct certificates for primary keys */
+ else if (sig->sig_class == 0x1F) {
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_PUBLIC_KEY);
+ if (kb) {
+ pk = kb->pkt->pkt.public_key;
+ pk->is_invalid = 0;
+ s = cdk_subpkt_find(node->pkt->pkt.
+ signature->
+ hashed,
+ CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s) {
+ expiredate =
+ _cdk_buftou32(s->d);
+ pk->expiredate =
+ pk->timestamp +
+ expiredate;
+ pk->has_expired =
+ pk->expiredate >
+ curtime ? 0 : 1;
+ }
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Direct certificates for subkeys */
+ else if (sig->sig_class == 0x18) {
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_PUBLIC_SUBKEY);
+ if (kb) {
+ pk = kb->pkt->pkt.public_key;
+ pk->is_invalid = 0;
+ s = cdk_subpkt_find(node->pkt->pkt.
+ signature->
+ hashed,
+ CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s) {
+ expiredate =
+ _cdk_buftou32(s->d);
+ pk->expiredate =
+ pk->timestamp +
+ expiredate;
+ pk->has_expired =
+ pk->expiredate >
+ curtime ? 0 : 1;
+ }
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ }
+ }
+ node = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (node && node->pkt->pkt.public_key->version == 3) {
+ /* v3 public keys have no additonal signatures for the key directly.
+ we say the key is valid when we have at least a self signature. */
+ pk = node->pkt->pkt.public_key;
+ for (node = knode; node; node = node->next) {
+ if (is_selfsig(node, keyid)) {
+ pk->is_invalid = 0;
+ break;
+ }
+ }
+ }
+ if (node && (node->pkt->pkt.public_key->is_revoked ||
+ node->pkt->pkt.public_key->has_expired)) {
+ /* If the primary key has been revoked, mark all subkeys as invalid
+ because without a primary key they are not useable */
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ node->pkt->pkt.public_key->is_invalid = 1;
+ }
+ }
+
+ return 0;
}
static void
-add_key_usage (cdk_kbnode_t knode, u32 keyid[2], unsigned int usage)
+add_key_usage(cdk_kbnode_t knode, u32 keyid[2], unsigned int usage)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
-
- ctx = NULL;
- while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if ((pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
- || pkt->pkttype == CDK_PKT_PUBLIC_KEY)
- && pkt->pkt.public_key->keyid[0] == keyid[0]
- && pkt->pkt.public_key->keyid[1] == keyid[1])
- {
- pkt->pkt.public_key->pubkey_usage = usage;
- return;
- }
- }
- return;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk(knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if ((pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ || pkt->pkttype == CDK_PKT_PUBLIC_KEY)
+ && pkt->pkt.public_key->keyid[0] == keyid[0]
+ && pkt->pkt.public_key->keyid[1] == keyid[1]) {
+ pkt->pkt.public_key->pubkey_usage = usage;
+ return;
+ }
+ }
+ return;
}
cdk_error_t
-cdk_keydb_get_keyblock (cdk_stream_t inp, cdk_kbnode_t * r_knode)
+cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode)
{
- cdk_packet_t pkt;
- cdk_kbnode_t knode, node;
- cdk_desig_revoker_t revkeys;
- cdk_error_t rc;
- u32 keyid[2], main_keyid[2];
- off_t old_off;
- int key_seen, got_key;
-
- if (!inp || !r_knode)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- /* Reset all values. */
- keyid[0] = keyid[1] = 0;
- main_keyid[0] = main_keyid[1] = 0;
- revkeys = NULL;
- knode = NULL;
- key_seen = got_key = 0;
-
- *r_knode = NULL;
- rc = CDK_EOF;
- while (!cdk_stream_eof (inp))
- {
- cdk_pkt_new (&pkt);
- old_off = cdk_stream_tell (inp);
- rc = cdk_pkt_read (inp, pkt);
- if (rc)
- {
- cdk_pkt_release (pkt);
- if (rc == CDK_EOF)
- break;
- else
- { /* Release all packets we reached so far. */
- _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc);
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
- }
-
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY))
- {
- /* The next key starts here so set the file pointer
- and leave the loop. */
- cdk_stream_seek (inp, old_off);
- cdk_pkt_release (pkt);
- break;
- }
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY)
- {
- _cdk_pkt_get_keyid (pkt, main_keyid);
- key_seen = 1;
- }
- else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- {
- pkt->pkt.public_key->main_keyid[0] = main_keyid[0];
- pkt->pkt.public_key->main_keyid[1] = main_keyid[1];
- }
- else
- {
- pkt->pkt.secret_key->main_keyid[0] = main_keyid[0];
- pkt->pkt.secret_key->main_keyid[1] = main_keyid[1];
- }
- }
- /* We save this for the signature */
- _cdk_pkt_get_keyid (pkt, keyid);
- got_key = 1;
- }
- else if (pkt->pkttype == CDK_PKT_USER_ID)
- ;
- else if (pkt->pkttype == CDK_PKT_SIGNATURE)
- {
- cdk_subpkt_t s;
-
- pkt->pkt.signature->key[0] = keyid[0];
- pkt->pkt.signature->key[1] = keyid[1];
- if (pkt->pkt.signature->sig_class == 0x1F &&
- pkt->pkt.signature->revkeys)
- revkeys = pkt->pkt.signature->revkeys;
-
- s =
- cdk_subpkt_find (pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_FLAGS);
- if (s)
- {
- unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]);
- add_key_usage (knode, pkt->pkt.signature->key, key_usage);
- }
- }
- node = cdk_kbnode_new (pkt);
- if (!knode)
- knode = node;
- else
- _cdk_kbnode_add (knode, node);
- }
-
- if (got_key)
- {
- keydb_merge_selfsig (knode, main_keyid);
- rc = keydb_parse_allsigs (knode, NULL, 0);
- if (revkeys)
- {
- node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (node)
- node->pkt->pkt.public_key->revkeys = revkeys;
- }
- }
- else
- cdk_kbnode_release (knode);
- *r_knode = got_key ? knode : NULL;
-
- /* It is possible that we are in an EOF condition after we
- successfully read a keyblock. For example if the requested
- key is the last in the file. */
- if (rc == CDK_EOF && got_key)
- rc = 0;
- return rc;
+ cdk_packet_t pkt;
+ cdk_kbnode_t knode, node;
+ cdk_desig_revoker_t revkeys;
+ cdk_error_t rc;
+ u32 keyid[2], main_keyid[2];
+ off_t old_off;
+ int key_seen, got_key;
+
+ if (!inp || !r_knode) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ /* Reset all values. */
+ keyid[0] = keyid[1] = 0;
+ main_keyid[0] = main_keyid[1] = 0;
+ revkeys = NULL;
+ knode = NULL;
+ key_seen = got_key = 0;
+
+ *r_knode = NULL;
+ rc = CDK_EOF;
+ while (!cdk_stream_eof(inp)) {
+ cdk_pkt_new(&pkt);
+ old_off = cdk_stream_tell(inp);
+ rc = cdk_pkt_read(inp, pkt);
+ if (rc) {
+ cdk_pkt_release(pkt);
+ if (rc == CDK_EOF)
+ break;
+ else { /* Release all packets we reached so far. */
+ _cdk_log_debug
+ ("keydb_get_keyblock: error %d\n", rc);
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ if (key_seen
+ && (pkt->pkttype == CDK_PKT_PUBLIC_KEY
+ || pkt->pkttype == CDK_PKT_SECRET_KEY)) {
+ /* The next key starts here so set the file pointer
+ and leave the loop. */
+ cdk_stream_seek(inp, old_off);
+ cdk_pkt_release(pkt);
+ break;
+ }
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY) {
+ _cdk_pkt_get_keyid(pkt, main_keyid);
+ key_seen = 1;
+ } else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) {
+ pkt->pkt.public_key->
+ main_keyid[0] = main_keyid[0];
+ pkt->pkt.public_key->
+ main_keyid[1] = main_keyid[1];
+ } else {
+ pkt->pkt.secret_key->
+ main_keyid[0] = main_keyid[0];
+ pkt->pkt.secret_key->
+ main_keyid[1] = main_keyid[1];
+ }
+ }
+ /* We save this for the signature */
+ _cdk_pkt_get_keyid(pkt, keyid);
+ got_key = 1;
+ } else if (pkt->pkttype == CDK_PKT_USER_ID);
+ else if (pkt->pkttype == CDK_PKT_SIGNATURE) {
+ cdk_subpkt_t s;
+
+ pkt->pkt.signature->key[0] = keyid[0];
+ pkt->pkt.signature->key[1] = keyid[1];
+ if (pkt->pkt.signature->sig_class == 0x1F &&
+ pkt->pkt.signature->revkeys)
+ revkeys = pkt->pkt.signature->revkeys;
+
+ s = cdk_subpkt_find(pkt->pkt.signature->hashed,
+ CDK_SIGSUBPKT_KEY_FLAGS);
+ if (s) {
+ unsigned int key_usage =
+ key_usage_to_cdk_usage(s->d[0]);
+ add_key_usage(knode,
+ pkt->pkt.signature->key,
+ key_usage);
+ }
+ }
+ node = cdk_kbnode_new(pkt);
+ if (!knode)
+ knode = node;
+ else
+ _cdk_kbnode_add(knode, node);
+ }
+
+ if (got_key) {
+ keydb_merge_selfsig(knode, main_keyid);
+ rc = keydb_parse_allsigs(knode, NULL, 0);
+ if (revkeys) {
+ node = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (node)
+ node->pkt->pkt.public_key->revkeys =
+ revkeys;
+ }
+ } else
+ cdk_kbnode_release(knode);
+ *r_knode = got_key ? knode : NULL;
+
+ /* It is possible that we are in an EOF condition after we
+ successfully read a keyblock. For example if the requested
+ key is the last in the file. */
+ if (rc == CDK_EOF && got_key)
+ rc = 0;
+ return rc;
}
/* Return the type of the given data. In case it cannot be classified,
a substring search will be performed. */
-static int
-classify_data (const byte * buf, size_t len)
+static int classify_data(const byte * buf, size_t len)
{
- int type;
- unsigned int i;
-
- if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X'))
- { /* Skip hex prefix. */
- buf += 2;
- len -= 2;
- }
-
- /* The length of the data does not match either a keyid or a fingerprint. */
- if (len != 8 && len != 16 && len != 40)
- return CDK_DBSEARCH_SUBSTR;
-
- for (i = 0; i < len; i++)
- {
- if (!isxdigit (buf[i]))
- return CDK_DBSEARCH_SUBSTR;
- }
- if (i != len)
- return CDK_DBSEARCH_SUBSTR;
- switch (len)
- {
- case 8:
- type = CDK_DBSEARCH_SHORT_KEYID;
- break;
- case 16:
- type = CDK_DBSEARCH_KEYID;
- break;
- case 40:
- type = CDK_DBSEARCH_FPR;
- break;
- default:
- type = CDK_DBSEARCH_SUBSTR;
- break;
- }
-
- return type;
+ int type;
+ unsigned int i;
+
+ if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) { /* Skip hex prefix. */
+ buf += 2;
+ len -= 2;
+ }
+
+ /* The length of the data does not match either a keyid or a fingerprint. */
+ if (len != 8 && len != 16 && len != 40)
+ return CDK_DBSEARCH_SUBSTR;
+
+ for (i = 0; i < len; i++) {
+ if (!isxdigit(buf[i]))
+ return CDK_DBSEARCH_SUBSTR;
+ }
+ if (i != len)
+ return CDK_DBSEARCH_SUBSTR;
+ switch (len) {
+ case 8:
+ type = CDK_DBSEARCH_SHORT_KEYID;
+ break;
+ case 16:
+ type = CDK_DBSEARCH_KEYID;
+ break;
+ case 40:
+ type = CDK_DBSEARCH_FPR;
+ break;
+ default:
+ type = CDK_DBSEARCH_SUBSTR;
+ break;
+ }
+
+ return type;
}
@@ -1980,265 +1857,244 @@ classify_data (const byte * buf, size_t len)
* This procedure strips local signatures.
**/
cdk_error_t
-cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr)
+cdk_keydb_export(cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr)
{
- cdk_kbnode_t knode, node;
- cdk_strlist_t r;
- cdk_error_t rc;
- int old_ctb;
- cdk_keydb_search_t st;
-
- for (r = remusr; r; r = r->next)
- {
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, r->d);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- rc = cdk_keydb_search (st, hd, &knode);
- cdk_keydb_search_release (st);
-
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (!node)
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
-
- /* If the key is a version 3 key, use the old packet
- format for the output. */
- if (node->pkt->pkt.public_key->version == 3)
- old_ctb = 1;
- else
- old_ctb = 0;
-
- for (node = knode; node; node = node->next)
- {
- /* No specified format; skip them */
- if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
- continue;
- /* We never export local signed signatures */
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- !node->pkt->pkt.signature->flags.exportable)
- continue;
- /* Filter out invalid signatures */
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo)))
- continue;
-
- /* Adjust the ctb flag if needed. */
- node->pkt->old_ctb = old_ctb;
- rc = cdk_pkt_write (out, node->pkt);
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
- }
- cdk_kbnode_release (knode);
- knode = NULL;
- }
- return 0;
+ cdk_kbnode_t knode, node;
+ cdk_strlist_t r;
+ cdk_error_t rc;
+ int old_ctb;
+ cdk_keydb_search_t st;
+
+ for (r = remusr; r; r = r->next) {
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_AUTO,
+ r->d);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ rc = cdk_keydb_search(st, hd, &knode);
+ cdk_keydb_search_release(st);
+
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ node = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (!node) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+
+ /* If the key is a version 3 key, use the old packet
+ format for the output. */
+ if (node->pkt->pkt.public_key->version == 3)
+ old_ctb = 1;
+ else
+ old_ctb = 0;
+
+ for (node = knode; node; node = node->next) {
+ /* No specified format; skip them */
+ if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
+ continue;
+ /* We never export local signed signatures */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ !node->pkt->pkt.signature->flags.exportable)
+ continue;
+ /* Filter out invalid signatures */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ (!KEY_CAN_SIGN
+ (node->pkt->pkt.signature->pubkey_algo)))
+ continue;
+
+ /* Adjust the ctb flag if needed. */
+ node->pkt->old_ctb = old_ctb;
+ rc = cdk_pkt_write(out, node->pkt);
+ if (rc) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+ }
+ cdk_kbnode_release(knode);
+ knode = NULL;
+ }
+ return 0;
}
-static cdk_packet_t
-find_key_packet (cdk_kbnode_t knode, int *r_is_sk)
+static cdk_packet_t find_key_packet(cdk_kbnode_t knode, int *r_is_sk)
{
- cdk_packet_t pkt;
-
- pkt = cdk_kbnode_find_packet (knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- {
- pkt = cdk_kbnode_find_packet (knode, CDK_PKT_SECRET_KEY);
- if (r_is_sk)
- *r_is_sk = pkt ? 1 : 0;
- }
- return pkt;
+ cdk_packet_t pkt;
+
+ pkt = cdk_kbnode_find_packet(knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt) {
+ pkt = cdk_kbnode_find_packet(knode, CDK_PKT_SECRET_KEY);
+ if (r_is_sk)
+ *r_is_sk = pkt ? 1 : 0;
+ }
+ return pkt;
}
/* Return 1 if the is allowd in a key node. */
-static int
-is_key_node (cdk_kbnode_t node)
+static int is_key_node(cdk_kbnode_t node)
{
- switch (node->pkt->pkttype)
- {
- case CDK_PKT_SIGNATURE:
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- case CDK_PKT_USER_ID:
- case CDK_PKT_ATTRIBUTE:
- return 1;
-
- default:
- return 0;
- }
-
- return 0;
+ switch (node->pkt->pkttype) {
+ case CDK_PKT_SIGNATURE:
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ case CDK_PKT_USER_ID:
+ case CDK_PKT_ATTRIBUTE:
+ return 1;
+
+ default:
+ return 0;
+ }
+
+ return 0;
}
-cdk_error_t
-cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode)
+cdk_error_t cdk_keydb_import(cdk_keydb_hd_t hd, cdk_kbnode_t knode)
{
- cdk_kbnode_t node, chk;
- cdk_packet_t pkt;
- cdk_stream_t out;
- cdk_error_t rc;
- u32 keyid[2];
-
- if (!hd || !knode)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- pkt = find_key_packet (knode, NULL);
- if (!pkt)
- {
- gnutls_assert ();
- return CDK_Inv_Packet;
- }
-
- _cdk_pkt_get_keyid (pkt, keyid);
- chk = NULL;
- cdk_keydb_get_bykeyid (hd, keyid, &chk);
- if (chk)
- { /* FIXME: search for new signatures */
- cdk_kbnode_release (chk);
- return 0;
- }
-
- /* We append data to the stream so we need to close
- the stream here to re-open it later. */
- if (hd->fp)
- {
- cdk_stream_close (hd->fp);
- hd->fp = NULL;
- }
-
- rc = _cdk_stream_append (hd->name, &out);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
- continue; /* No uniformed syntax for this packet */
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- !node->pkt->pkt.signature->flags.exportable)
- {
- _cdk_log_debug ("key db import: skip local signature\n");
- continue;
- }
-
- if (!is_key_node (node))
- {
- _cdk_log_debug ("key db import: skip invalid node of type %d\n",
- node->pkt->pkttype);
- continue;
- }
-
- rc = cdk_pkt_write (out, node->pkt);
- if (rc)
- {
- cdk_stream_close (out);
- gnutls_assert ();
- return rc;
- }
- }
-
- cdk_stream_close (out);
- hd->stats.new_keys++;
-
- return 0;
+ cdk_kbnode_t node, chk;
+ cdk_packet_t pkt;
+ cdk_stream_t out;
+ cdk_error_t rc;
+ u32 keyid[2];
+
+ if (!hd || !knode) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ pkt = find_key_packet(knode, NULL);
+ if (!pkt) {
+ gnutls_assert();
+ return CDK_Inv_Packet;
+ }
+
+ _cdk_pkt_get_keyid(pkt, keyid);
+ chk = NULL;
+ cdk_keydb_get_bykeyid(hd, keyid, &chk);
+ if (chk) { /* FIXME: search for new signatures */
+ cdk_kbnode_release(chk);
+ return 0;
+ }
+
+ /* We append data to the stream so we need to close
+ the stream here to re-open it later. */
+ if (hd->fp) {
+ cdk_stream_close(hd->fp);
+ hd->fp = NULL;
+ }
+
+ rc = _cdk_stream_append(hd->name, &out);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
+ continue; /* No uniformed syntax for this packet */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ !node->pkt->pkt.signature->flags.exportable) {
+ _cdk_log_debug
+ ("key db import: skip local signature\n");
+ continue;
+ }
+
+ if (!is_key_node(node)) {
+ _cdk_log_debug
+ ("key db import: skip invalid node of type %d\n",
+ node->pkt->pkttype);
+ continue;
+ }
+
+ rc = cdk_pkt_write(out, node->pkt);
+ if (rc) {
+ cdk_stream_close(out);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ cdk_stream_close(out);
+ hd->stats.new_keys++;
+
+ return 0;
}
cdk_error_t
-_cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id)
+_cdk_keydb_check_userid(cdk_keydb_hd_t hd, u32 * keyid, const char *id)
{
- cdk_kbnode_t knode = NULL, unode = NULL;
- cdk_error_t rc;
- int check;
- cdk_keydb_search_t st;
-
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- rc = cdk_keydb_search (st, hd, &knode);
- cdk_keydb_search_release (st);
-
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
- if (!rc)
- {
- rc = cdk_keydb_search (st, hd, &unode);
- cdk_keydb_search_release (st);
- }
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
-
- check = 0;
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
-
- if (unode && find_by_keyid (unode, st))
- check++;
- cdk_keydb_search_release (st);
- cdk_kbnode_release (unode);
-
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
-
- if (knode && find_by_pattern (knode, st))
- check++;
- cdk_keydb_search_release (st);
- cdk_kbnode_release (knode);
-
- return check == 2 ? 0 : CDK_Inv_Value;
+ cdk_kbnode_t knode = NULL, unode = NULL;
+ cdk_error_t rc;
+ int check;
+ cdk_keydb_search_t st;
+
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ rc = cdk_keydb_search(st, hd, &knode);
+ cdk_keydb_search_release(st);
+
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_EXACT,
+ (char *) id);
+ if (!rc) {
+ rc = cdk_keydb_search(st, hd, &unode);
+ cdk_keydb_search_release(st);
+ }
+ if (rc) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+
+ check = 0;
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (rc) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+
+ if (unode && find_by_keyid(unode, st))
+ check++;
+ cdk_keydb_search_release(st);
+ cdk_kbnode_release(unode);
+
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_EXACT,
+ (char *) id);
+ if (rc) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+
+ if (knode && find_by_pattern(knode, st))
+ check++;
+ cdk_keydb_search_release(st);
+ cdk_kbnode_release(knode);
+
+ return check == 2 ? 0 : CDK_Inv_Value;
}
@@ -2250,51 +2106,44 @@ _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id)
* Check if a secret key with the given key ID is available
* in the key database.
**/
-cdk_error_t
-cdk_keydb_check_sk (cdk_keydb_hd_t hd, u32 * keyid)
+cdk_error_t cdk_keydb_check_sk(cdk_keydb_hd_t hd, u32 * keyid)
{
- cdk_stream_t db;
- cdk_packet_t pkt;
- cdk_error_t rc;
- u32 kid[2];
-
- if (!hd || !keyid)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!hd->secret)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- rc = _cdk_keydb_open (hd, &db);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- cdk_pkt_new (&pkt);
- while (!cdk_pkt_read (db, pkt))
- {
- if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
- pkt->pkttype != CDK_PKT_SECRET_SUBKEY)
- {
- cdk_pkt_free (pkt);
- continue;
- }
- cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
- if (KEYID_CMP (kid, keyid))
- {
- cdk_pkt_release (pkt);
- return 0;
- }
- cdk_pkt_free (pkt);
- }
- cdk_pkt_release (pkt);
- gnutls_assert ();
- return CDK_Error_No_Key;
+ cdk_stream_t db;
+ cdk_packet_t pkt;
+ cdk_error_t rc;
+ u32 kid[2];
+
+ if (!hd || !keyid) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!hd->secret) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ rc = _cdk_keydb_open(hd, &db);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ cdk_pkt_new(&pkt);
+ while (!cdk_pkt_read(db, pkt)) {
+ if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ pkt->pkttype != CDK_PKT_SECRET_SUBKEY) {
+ cdk_pkt_free(pkt);
+ continue;
+ }
+ cdk_sk_get_keyid(pkt->pkt.secret_key, kid);
+ if (KEYID_CMP(kid, keyid)) {
+ cdk_pkt_release(pkt);
+ return 0;
+ }
+ cdk_pkt_free(pkt);
+ }
+ cdk_pkt_release(pkt);
+ gnutls_assert();
+ return CDK_Error_No_Key;
}
@@ -2311,56 +2160,48 @@ cdk_keydb_check_sk (cdk_keydb_hd_t hd, u32 * keyid)
* which should be listed.
**/
cdk_error_t
-cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
- const char *patt, cdk_strlist_t fpatt)
+cdk_listkey_start(cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
+ const char *patt, cdk_strlist_t fpatt)
{
- cdk_listkey_t ctx;
- cdk_stream_t inp;
- cdk_error_t rc;
-
- if (!r_ctx || !db)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if ((patt && fpatt) || (!patt && !fpatt))
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- rc = _cdk_keydb_open (db, &inp);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- ctx = cdk_calloc (1, sizeof *ctx);
- if (!ctx)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- ctx->db = db;
- ctx->inp = inp;
- if (patt)
- {
- ctx->u.patt = cdk_strdup (patt);
- if (!ctx->u.patt)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- }
- else if (fpatt)
- {
- cdk_strlist_t l;
- for (l = fpatt; l; l = l->next)
- cdk_strlist_add (&ctx->u.fpatt, l->d);
- }
- ctx->type = patt ? 1 : 0;
- ctx->init = 1;
- *r_ctx = ctx;
- return 0;
+ cdk_listkey_t ctx;
+ cdk_stream_t inp;
+ cdk_error_t rc;
+
+ if (!r_ctx || !db) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if ((patt && fpatt) || (!patt && !fpatt)) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ rc = _cdk_keydb_open(db, &inp);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ ctx = cdk_calloc(1, sizeof *ctx);
+ if (!ctx) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ ctx->db = db;
+ ctx->inp = inp;
+ if (patt) {
+ ctx->u.patt = cdk_strdup(patt);
+ if (!ctx->u.patt) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ } else if (fpatt) {
+ cdk_strlist_t l;
+ for (l = fpatt; l; l = l->next)
+ cdk_strlist_add(&ctx->u.fpatt, l->d);
+ }
+ ctx->type = patt ? 1 : 0;
+ ctx->init = 1;
+ *r_ctx = ctx;
+ return 0;
}
@@ -2370,17 +2211,16 @@ cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
*
* Free the list key context.
**/
-void
-cdk_listkey_close (cdk_listkey_t ctx)
+void cdk_listkey_close(cdk_listkey_t ctx)
{
- if (!ctx)
- return;
-
- if (ctx->type)
- cdk_free (ctx->u.patt);
- else
- cdk_strlist_free (ctx->u.fpatt);
- cdk_free (ctx);
+ if (!ctx)
+ return;
+
+ if (ctx->type)
+ cdk_free(ctx->u.patt);
+ else
+ cdk_strlist_free(ctx->u.fpatt);
+ cdk_free(ctx);
}
@@ -2391,65 +2231,56 @@ cdk_listkey_close (cdk_listkey_t ctx)
*
* Retrieve the next key from the pattern of the key list context.
**/
-cdk_error_t
-cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
+cdk_error_t cdk_listkey_next(cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
{
- if (!ctx || !ret_key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!ctx->init)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- if (ctx->type && ctx->u.patt[0] == '*')
- return cdk_keydb_get_keyblock (ctx->inp, ret_key);
- else if (ctx->type)
- {
- cdk_kbnode_t node;
- struct cdk_keydb_search_s ks;
- cdk_error_t rc;
-
- for (;;)
- {
- rc = cdk_keydb_get_keyblock (ctx->inp, &node);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- memset (&ks, 0, sizeof (ks));
- ks.type = CDK_DBSEARCH_SUBSTR;
- ks.u.pattern = ctx->u.patt;
- if (find_by_pattern (node, &ks))
- {
- *ret_key = node;
- return 0;
- }
- cdk_kbnode_release (node);
- node = NULL;
- }
- }
- else
- {
- if (!ctx->t)
- ctx->t = ctx->u.fpatt;
- else if (ctx->t->next)
- ctx->t = ctx->t->next;
- else
- return CDK_EOF;
- return cdk_keydb_get_bypattern (ctx->db, ctx->t->d, ret_key);
- }
- gnutls_assert ();
- return CDK_General_Error;
+ if (!ctx || !ret_key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!ctx->init) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ if (ctx->type && ctx->u.patt[0] == '*')
+ return cdk_keydb_get_keyblock(ctx->inp, ret_key);
+ else if (ctx->type) {
+ cdk_kbnode_t node;
+ struct cdk_keydb_search_s ks;
+ cdk_error_t rc;
+
+ for (;;) {
+ rc = cdk_keydb_get_keyblock(ctx->inp, &node);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ memset(&ks, 0, sizeof(ks));
+ ks.type = CDK_DBSEARCH_SUBSTR;
+ ks.u.pattern = ctx->u.patt;
+ if (find_by_pattern(node, &ks)) {
+ *ret_key = node;
+ return 0;
+ }
+ cdk_kbnode_release(node);
+ node = NULL;
+ }
+ } else {
+ if (!ctx->t)
+ ctx->t = ctx->u.fpatt;
+ else if (ctx->t->next)
+ ctx->t = ctx->t->next;
+ else
+ return CDK_EOF;
+ return cdk_keydb_get_bypattern(ctx->db, ctx->t->d,
+ ret_key);
+ }
+ gnutls_assert();
+ return CDK_General_Error;
}
-int
-_cdk_keydb_is_secret (cdk_keydb_hd_t db)
+int _cdk_keydb_is_secret(cdk_keydb_hd_t db)
{
- return db->secret;
+ return db->secret;
}
diff --git a/lib/opencdk/keydb.h b/lib/opencdk/keydb.h
index 086bfa88d3..a7a12c1e85 100644
--- a/lib/opencdk/keydb.h
+++ b/lib/opencdk/keydb.h
@@ -21,54 +21,48 @@
*/
/* Internal key index structure. */
-struct key_idx_s
-{
- off_t offset;
- u32 keyid[2];
- byte fpr[KEY_FPR_LEN];
+struct key_idx_s {
+ off_t offset;
+ u32 keyid[2];
+ byte fpr[KEY_FPR_LEN];
};
typedef struct key_idx_s *key_idx_t;
/* Internal key cache to associate a key with an file offset. */
-struct key_table_s
-{
- struct key_table_s *next;
- off_t offset;
+struct key_table_s {
+ struct key_table_s *next;
+ off_t offset;
};
typedef struct key_table_s *key_table_t;
-typedef struct cdk_keydb_search_s
-{
- off_t off; /* last file offset */
- union
- {
- char *pattern; /* A search is performed by pattern. */
- u32 keyid[2]; /* A search by keyid. */
- byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */
- } u;
- int type;
- struct key_table_s *cache;
- size_t ncache;
- unsigned int no_cache:1; /* disable the index cache. */
+typedef struct cdk_keydb_search_s {
+ off_t off; /* last file offset */
+ union {
+ char *pattern; /* A search is performed by pattern. */
+ u32 keyid[2]; /* A search by keyid. */
+ byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */
+ } u;
+ int type;
+ struct key_table_s *cache;
+ size_t ncache;
+ unsigned int no_cache:1; /* disable the index cache. */
- cdk_stream_t idx;
- char *idx_name; /* name of the index file or NULL. */
+ cdk_stream_t idx;
+ char *idx_name; /* name of the index file or NULL. */
} cdk_keydb_search_s;
/* Internal key database handle. */
-struct cdk_keydb_hd_s
-{
- int type; /* type of the key db handle. */
- int fp_ref; /* 1=means it is a reference and shall not be closed. */
- cdk_stream_t fp;
- char *name; /* name of the underlying file or NULL. */
- unsigned int secret:1; /* contain secret keys. */
- unsigned int isopen:1; /* the underlying stream is opened. */
+struct cdk_keydb_hd_s {
+ int type; /* type of the key db handle. */
+ int fp_ref; /* 1=means it is a reference and shall not be closed. */
+ cdk_stream_t fp;
+ char *name; /* name of the underlying file or NULL. */
+ unsigned int secret:1; /* contain secret keys. */
+ unsigned int isopen:1; /* the underlying stream is opened. */
- /* structure to store some stats about the keydb. */
- struct
- {
- size_t new_keys; /* amount of new keys that were imported. */
- } stats;
+ /* structure to store some stats about the keydb. */
+ struct {
+ size_t new_keys; /* amount of new keys that were imported. */
+ } stats;
};
diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c
index bdfa8d6aa3..d7facdf78e 100644
--- a/lib/opencdk/literal.c
+++ b/lib/opencdk/literal.c
@@ -33,284 +33,261 @@
/* Duplicate the string @s but strip of possible
relative folder names of it. */
-static char *
-dup_trim_filename (const char *s)
+static char *dup_trim_filename(const char *s)
{
- char *p = NULL;
-
- p = strrchr (s, '/');
- if (!p)
- p = strrchr (s, '\\');
- if (!p)
- return cdk_strdup (s);
- return cdk_strdup (p + 1);
+ char *p = NULL;
+
+ p = strrchr(s, '/');
+ if (!p)
+ p = strrchr(s, '\\');
+ if (!p)
+ return cdk_strdup(s);
+ return cdk_strdup(p + 1);
}
-static cdk_error_t
-literal_decode (void *data, FILE * in, FILE * out)
+static cdk_error_t literal_decode(void *data, FILE * in, FILE * out)
{
- literal_filter_t *pfx = data;
- cdk_stream_t si, so;
- cdk_packet_t pkt;
- cdk_pkt_literal_t pt;
- byte buf[BUFSIZE];
- ssize_t nread;
- int bufsize;
- cdk_error_t rc;
-
- _cdk_log_debug ("literal filter: decode\n");
-
- if (!pfx || !in || !out)
- return CDK_Inv_Value;
-
- rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si);
- if (rc)
- return rc;
-
- cdk_pkt_new (&pkt);
- rc = cdk_pkt_read (si, pkt);
- if (rc || pkt->pkttype != CDK_PKT_LITERAL)
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- return !rc ? CDK_Inv_Packet : rc;
- }
-
- rc = _cdk_stream_fpopen (out, STREAMCTL_WRITE, &so);
- if (rc)
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- return rc;
- }
-
- pt = pkt->pkt.literal;
- pfx->mode = pt->mode;
-
- if (pfx->filename && pt->namelen > 0)
- {
- /* The name in the literal packet is more authorative. */
- cdk_free (pfx->filename);
- pfx->filename = dup_trim_filename (pt->name);
- }
- else if (!pfx->filename && pt->namelen > 0)
- pfx->filename = dup_trim_filename (pt->name);
- else if (!pt->namelen && !pfx->filename && pfx->orig_filename)
- {
- /* In this case, we need to derrive the output file name
- from the original name and cut off the OpenPGP extension.
- If this is not possible, we return an error. */
- if (!stristr (pfx->orig_filename, ".gpg") &&
- !stristr (pfx->orig_filename, ".pgp") &&
- !stristr (pfx->orig_filename, ".asc"))
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- cdk_stream_close (so);
- _cdk_log_debug
- ("literal filter: no file name and no PGP extension\n");
- return CDK_Inv_Mode;
- }
- _cdk_log_debug ("literal filter: derrive file name from original\n");
- pfx->filename = dup_trim_filename (pfx->orig_filename);
- pfx->filename[strlen (pfx->filename) - 4] = '\0';
- }
-
- while (!feof (in))
- {
- _cdk_log_debug ("literal_decode: part on %d size %lu\n",
- (int) pfx->blkmode.on, (unsigned long)pfx->blkmode.size);
- if (pfx->blkmode.on)
- bufsize = pfx->blkmode.size;
- else
- bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf);
- nread = cdk_stream_read (pt->buf, buf, bufsize);
- if (nread == EOF)
- {
- rc = CDK_File_Error;
- break;
- }
- if (pfx->md_initialized)
- _gnutls_hash (&pfx->md, buf, nread);
- cdk_stream_write (so, buf, nread);
- pt->len -= nread;
- if (pfx->blkmode.on)
- {
- pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on);
- if ((ssize_t) pfx->blkmode.size == EOF)
- return CDK_Inv_Packet;
- }
- if (pt->len <= 0 && !pfx->blkmode.on)
- break;
- }
-
- cdk_stream_close (si);
- cdk_stream_close (so);
- cdk_pkt_release (pkt);
- return rc;
+ literal_filter_t *pfx = data;
+ cdk_stream_t si, so;
+ cdk_packet_t pkt;
+ cdk_pkt_literal_t pt;
+ byte buf[BUFSIZE];
+ ssize_t nread;
+ int bufsize;
+ cdk_error_t rc;
+
+ _cdk_log_debug("literal filter: decode\n");
+
+ if (!pfx || !in || !out)
+ return CDK_Inv_Value;
+
+ rc = _cdk_stream_fpopen(in, STREAMCTL_READ, &si);
+ if (rc)
+ return rc;
+
+ cdk_pkt_new(&pkt);
+ rc = cdk_pkt_read(si, pkt);
+ if (rc || pkt->pkttype != CDK_PKT_LITERAL) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ return !rc ? CDK_Inv_Packet : rc;
+ }
+
+ rc = _cdk_stream_fpopen(out, STREAMCTL_WRITE, &so);
+ if (rc) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ return rc;
+ }
+
+ pt = pkt->pkt.literal;
+ pfx->mode = pt->mode;
+
+ if (pfx->filename && pt->namelen > 0) {
+ /* The name in the literal packet is more authorative. */
+ cdk_free(pfx->filename);
+ pfx->filename = dup_trim_filename(pt->name);
+ } else if (!pfx->filename && pt->namelen > 0)
+ pfx->filename = dup_trim_filename(pt->name);
+ else if (!pt->namelen && !pfx->filename && pfx->orig_filename) {
+ /* In this case, we need to derrive the output file name
+ from the original name and cut off the OpenPGP extension.
+ If this is not possible, we return an error. */
+ if (!stristr(pfx->orig_filename, ".gpg") &&
+ !stristr(pfx->orig_filename, ".pgp") &&
+ !stristr(pfx->orig_filename, ".asc")) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ cdk_stream_close(so);
+ _cdk_log_debug
+ ("literal filter: no file name and no PGP extension\n");
+ return CDK_Inv_Mode;
+ }
+ _cdk_log_debug
+ ("literal filter: derrive file name from original\n");
+ pfx->filename = dup_trim_filename(pfx->orig_filename);
+ pfx->filename[strlen(pfx->filename) - 4] = '\0';
+ }
+
+ while (!feof(in)) {
+ _cdk_log_debug("literal_decode: part on %d size %lu\n",
+ (int) pfx->blkmode.on,
+ (unsigned long) pfx->blkmode.size);
+ if (pfx->blkmode.on)
+ bufsize = pfx->blkmode.size;
+ else
+ bufsize = pt->len < DIM(buf) ? pt->len : DIM(buf);
+ nread = cdk_stream_read(pt->buf, buf, bufsize);
+ if (nread == EOF) {
+ rc = CDK_File_Error;
+ break;
+ }
+ if (pfx->md_initialized)
+ _gnutls_hash(&pfx->md, buf, nread);
+ cdk_stream_write(so, buf, nread);
+ pt->len -= nread;
+ if (pfx->blkmode.on) {
+ pfx->blkmode.size =
+ _cdk_pkt_read_len(in, &pfx->blkmode.on);
+ if ((ssize_t) pfx->blkmode.size == EOF)
+ return CDK_Inv_Packet;
+ }
+ if (pt->len <= 0 && !pfx->blkmode.on)
+ break;
+ }
+
+ cdk_stream_close(si);
+ cdk_stream_close(so);
+ cdk_pkt_release(pkt);
+ return rc;
}
-static char
-intmode_to_char (int mode)
+static char intmode_to_char(int mode)
{
- switch (mode)
- {
- case CDK_LITFMT_BINARY:
- return 'b';
- case CDK_LITFMT_TEXT:
- return 't';
- case CDK_LITFMT_UNICODE:
- return 'u';
- default:
- return 'b';
- }
-
- return 'b';
+ switch (mode) {
+ case CDK_LITFMT_BINARY:
+ return 'b';
+ case CDK_LITFMT_TEXT:
+ return 't';
+ case CDK_LITFMT_UNICODE:
+ return 'u';
+ default:
+ return 'b';
+ }
+
+ return 'b';
}
-static cdk_error_t
-literal_encode (void *data, FILE * in, FILE * out)
+static cdk_error_t literal_encode(void *data, FILE * in, FILE * out)
{
- literal_filter_t *pfx = data;
- cdk_pkt_literal_t pt;
- cdk_stream_t si;
- cdk_packet_t pkt;
- size_t filelen;
- cdk_error_t rc;
-
- _cdk_log_debug ("literal filter: encode\n");
-
- if (!pfx || !in || !out)
- return CDK_Inv_Value;
- if (!pfx->filename)
- {
- pfx->filename = cdk_strdup ("_CONSOLE");
- if (!pfx->filename)
- return CDK_Out_Of_Core;
- }
-
- rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si);
- if (rc)
- return rc;
-
- filelen = strlen (pfx->filename);
- cdk_pkt_new (&pkt);
- pt = pkt->pkt.literal = cdk_calloc (1, sizeof *pt + filelen);
- pt->name = (char *) pt + sizeof (*pt);
- if (!pt)
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- return CDK_Out_Of_Core;
- }
- memcpy (pt->name, pfx->filename, filelen);
- pt->namelen = filelen;
- pt->name[pt->namelen] = '\0';
- pt->timestamp = (u32) gnutls_time (NULL);
- pt->mode = intmode_to_char (pfx->mode);
- pt->len = cdk_stream_get_length (si);
- pt->buf = si;
- pkt->old_ctb = 1;
- pkt->pkttype = CDK_PKT_LITERAL;
- rc = _cdk_pkt_write_fp (out, pkt);
-
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- return rc;
+ literal_filter_t *pfx = data;
+ cdk_pkt_literal_t pt;
+ cdk_stream_t si;
+ cdk_packet_t pkt;
+ size_t filelen;
+ cdk_error_t rc;
+
+ _cdk_log_debug("literal filter: encode\n");
+
+ if (!pfx || !in || !out)
+ return CDK_Inv_Value;
+ if (!pfx->filename) {
+ pfx->filename = cdk_strdup("_CONSOLE");
+ if (!pfx->filename)
+ return CDK_Out_Of_Core;
+ }
+
+ rc = _cdk_stream_fpopen(in, STREAMCTL_READ, &si);
+ if (rc)
+ return rc;
+
+ filelen = strlen(pfx->filename);
+ cdk_pkt_new(&pkt);
+ pt = pkt->pkt.literal = cdk_calloc(1, sizeof *pt + filelen);
+ pt->name = (char *) pt + sizeof(*pt);
+ if (!pt) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ return CDK_Out_Of_Core;
+ }
+ memcpy(pt->name, pfx->filename, filelen);
+ pt->namelen = filelen;
+ pt->name[pt->namelen] = '\0';
+ pt->timestamp = (u32) gnutls_time(NULL);
+ pt->mode = intmode_to_char(pfx->mode);
+ pt->len = cdk_stream_get_length(si);
+ pt->buf = si;
+ pkt->old_ctb = 1;
+ pkt->pkttype = CDK_PKT_LITERAL;
+ rc = _cdk_pkt_write_fp(out, pkt);
+
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ return rc;
}
-int
-_cdk_filter_literal (void *data, int ctl, FILE * in, FILE * out)
+int _cdk_filter_literal(void *data, int ctl, FILE * in, FILE * out)
{
- if (ctl == STREAMCTL_READ)
- return literal_decode (data, in, out);
- else if (ctl == STREAMCTL_WRITE)
- return literal_encode (data, in, out);
- else if (ctl == STREAMCTL_FREE)
- {
- literal_filter_t *pfx = data;
- if (pfx)
- {
- _cdk_log_debug ("free literal filter\n");
- cdk_free (pfx->filename);
- pfx->filename = NULL;
- cdk_free (pfx->orig_filename);
- pfx->orig_filename = NULL;
- return 0;
- }
- }
- return CDK_Inv_Mode;
+ if (ctl == STREAMCTL_READ)
+ return literal_decode(data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return literal_encode(data, in, out);
+ else if (ctl == STREAMCTL_FREE) {
+ literal_filter_t *pfx = data;
+ if (pfx) {
+ _cdk_log_debug("free literal filter\n");
+ cdk_free(pfx->filename);
+ pfx->filename = NULL;
+ cdk_free(pfx->orig_filename);
+ pfx->orig_filename = NULL;
+ return 0;
+ }
+ }
+ return CDK_Inv_Mode;
}
-static int
-text_encode (void *data, FILE * in, FILE * out)
+static int text_encode(void *data, FILE * in, FILE * out)
{
- const char *s;
- char buf[2048];
-
- if (!in || !out)
- return CDK_Inv_Value;
-
- /* FIXME: This code does not work for very long lines. */
- while (!feof (in))
- {
- /* give space for trim_string \r\n */
- s = fgets (buf, DIM (buf) - 3, in);
- if (!s)
- break;
- _cdk_trim_string (buf);
- _gnutls_str_cat (buf, sizeof(buf), "\r\n");
- fwrite (buf, 1, strlen (buf), out);
- }
-
- return 0;
+ const char *s;
+ char buf[2048];
+
+ if (!in || !out)
+ return CDK_Inv_Value;
+
+ /* FIXME: This code does not work for very long lines. */
+ while (!feof(in)) {
+ /* give space for trim_string \r\n */
+ s = fgets(buf, DIM(buf) - 3, in);
+ if (!s)
+ break;
+ _cdk_trim_string(buf);
+ _gnutls_str_cat(buf, sizeof(buf), "\r\n");
+ fwrite(buf, 1, strlen(buf), out);
+ }
+
+ return 0;
}
-static int
-text_decode (void *data, FILE * in, FILE * out)
+static int text_decode(void *data, FILE * in, FILE * out)
{
- text_filter_t *tfx = data;
- const char *s;
- char buf[2048];
-
- if (!tfx || !in || !out)
- return CDK_Inv_Value;
-
- while (!feof (in))
- {
- s = fgets (buf, DIM (buf) - 1, in);
- if (!s)
- break;
- _cdk_trim_string (buf);
- fwrite (buf, 1, strlen (buf), out);
- fwrite (tfx->lf, 1, strlen (tfx->lf), out);
- }
-
- return 0;
+ text_filter_t *tfx = data;
+ const char *s;
+ char buf[2048];
+
+ if (!tfx || !in || !out)
+ return CDK_Inv_Value;
+
+ while (!feof(in)) {
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (!s)
+ break;
+ _cdk_trim_string(buf);
+ fwrite(buf, 1, strlen(buf), out);
+ fwrite(tfx->lf, 1, strlen(tfx->lf), out);
+ }
+
+ return 0;
}
-int
-_cdk_filter_text (void *data, int ctl, FILE * in, FILE * out)
+int _cdk_filter_text(void *data, int ctl, FILE * in, FILE * out)
{
- if (ctl == STREAMCTL_READ)
- return text_encode (data, in, out);
- else if (ctl == STREAMCTL_WRITE)
- return text_decode (data, in, out);
- else if (ctl == STREAMCTL_FREE)
- {
- text_filter_t *tfx = data;
- if (tfx)
- {
- _cdk_log_debug ("free text filter\n");
- tfx->lf = NULL;
- }
- }
- return CDK_Inv_Mode;
+ if (ctl == STREAMCTL_READ)
+ return text_encode(data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return text_decode(data, in, out);
+ else if (ctl == STREAMCTL_FREE) {
+ text_filter_t *tfx = data;
+ if (tfx) {
+ _cdk_log_debug("free text filter\n");
+ tfx->lf = NULL;
+ }
+ }
+ return CDK_Inv_Mode;
}
diff --git a/lib/opencdk/main.h b/lib/opencdk/main.h
index 13144dbcfc..eaf7589c1e 100644
--- a/lib/opencdk/main.h
+++ b/lib/opencdk/main.h
@@ -38,14 +38,14 @@
#define map_gnutls_error _cdk_map_gnutls_error
-cdk_error_t map_gnutls_error (int err);
+cdk_error_t map_gnutls_error(int err);
/* The general size of a buffer for the variou modules. */
#define BUFSIZE 8192
/* This is the default block size for the partial length packet mode. */
#define DEF_BLOCKSIZE 8192
-#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */
+#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */
/* For now SHA-1 is used to create fingerprint for keys.
But if this will ever change, it is a good idea to
@@ -76,100 +76,102 @@ cdk_error_t map_gnutls_error (int err);
#define DEBUG_PKT 0
/*-- main.c --*/
-char *_cdk_passphrase_get (cdk_ctx_t hd, const char *prompt);
+char *_cdk_passphrase_get(cdk_ctx_t hd, const char *prompt);
/*-- misc.c --*/
-int _cdk_check_args (int overwrite, const char *in, const char *out);
-u32 _cdk_buftou32 (const byte * buf);
-void _cdk_u32tobuf (u32 u, byte * buf);
-const char *_cdk_memistr (const char *buf, size_t buflen, const char *sub);
-FILE *_cdk_tmpfile (void);
+int _cdk_check_args(int overwrite, const char *in, const char *out);
+u32 _cdk_buftou32(const byte * buf);
+void _cdk_u32tobuf(u32 u, byte * buf);
+const char *_cdk_memistr(const char *buf, size_t buflen, const char *sub);
+FILE *_cdk_tmpfile(void);
/* Helper to provide case insentensive strstr version. */
#define stristr(haystack, needle) \
_cdk_memistr((haystack), strlen (haystack), (needle))
/*-- proc-packet.c --*/
-cdk_error_t _cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx);
+cdk_error_t _cdk_pkt_write2(cdk_stream_t out, int pkttype, void *pktctx);
/*-- pubkey.c --*/
-u32 _cdk_pkt_get_keyid (cdk_packet_t pkt, u32 * keyid);
-cdk_error_t _cdk_pkt_get_fingerprint (cdk_packet_t pkt, byte * fpr);
-int _cdk_pk_algo_usage (int algo);
-int _cdk_pk_test_algo (int algo, unsigned int usage);
-int _cdk_sk_get_csum (cdk_pkt_seckey_t sk);
+u32 _cdk_pkt_get_keyid(cdk_packet_t pkt, u32 * keyid);
+cdk_error_t _cdk_pkt_get_fingerprint(cdk_packet_t pkt, byte * fpr);
+int _cdk_pk_algo_usage(int algo);
+int _cdk_pk_test_algo(int algo, unsigned int usage);
+int _cdk_sk_get_csum(cdk_pkt_seckey_t sk);
/*-- new-packet.c --*/
-byte *_cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes);
-cdk_error_t _cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src);
-void _cdk_pkt_detach_free (cdk_packet_t pkt, int *r_pkttype, void **ctx);
+byte *_cdk_subpkt_get_array(cdk_subpkt_t s, int count, size_t * r_nbytes);
+cdk_error_t _cdk_subpkt_copy(cdk_subpkt_t * r_dst, cdk_subpkt_t src);
+void _cdk_pkt_detach_free(cdk_packet_t pkt, int *r_pkttype, void **ctx);
/*-- sig-check.c --*/
-cdk_error_t _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig,
- digest_hd_st * digest, int *r_expired);
-cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * hd);
-cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version,
- digest_hd_st * md);
-cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, digest_hd_st * md,
- int use_fpr);
-cdk_error_t _cdk_pk_check_sig (cdk_keydb_hd_t hd, cdk_kbnode_t knode,
- cdk_kbnode_t snode, int *is_selfsig,
- char **ret_uid);
+cdk_error_t _cdk_sig_check(cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig,
+ digest_hd_st * digest, int *r_expired);
+cdk_error_t _cdk_hash_sig_data(cdk_pkt_signature_t sig, digest_hd_st * hd);
+cdk_error_t _cdk_hash_userid(cdk_pkt_userid_t uid, int sig_version,
+ digest_hd_st * md);
+cdk_error_t _cdk_hash_pubkey(cdk_pkt_pubkey_t pk, digest_hd_st * md,
+ int use_fpr);
+cdk_error_t _cdk_pk_check_sig(cdk_keydb_hd_t hd, cdk_kbnode_t knode,
+ cdk_kbnode_t snode, int *is_selfsig,
+ char **ret_uid);
/*-- kbnode.c --*/
-void _cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node);
-void _cdk_kbnode_clone (cdk_kbnode_t node);
+void _cdk_kbnode_add(cdk_kbnode_t root, cdk_kbnode_t node);
+void _cdk_kbnode_clone(cdk_kbnode_t node);
/*-- sesskey.c --*/
-cdk_error_t _cdk_sk_unprotect_auto (cdk_ctx_t hd, cdk_pkt_seckey_t sk);
+cdk_error_t _cdk_sk_unprotect_auto(cdk_ctx_t hd, cdk_pkt_seckey_t sk);
/*-- keydb.c --*/
-int _cdk_keydb_is_secret (cdk_keydb_hd_t db);
-cdk_error_t _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pkt_pubkey_t * ret_pk, int usage);
-cdk_error_t _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pkt_seckey_t * ret_sk, int usage);
-cdk_error_t _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid,
- const char *id);
+int _cdk_keydb_is_secret(cdk_keydb_hd_t db);
+cdk_error_t _cdk_keydb_get_pk_byusage(cdk_keydb_hd_t hd, const char *name,
+ cdk_pkt_pubkey_t * ret_pk,
+ int usage);
+cdk_error_t _cdk_keydb_get_sk_byusage(cdk_keydb_hd_t hd, const char *name,
+ cdk_pkt_seckey_t * ret_sk,
+ int usage);
+cdk_error_t _cdk_keydb_check_userid(cdk_keydb_hd_t hd, u32 * keyid,
+ const char *id);
/*-- sign.c --*/
-int _cdk_sig_hash_for (cdk_pkt_pubkey_t pk);
-void _cdk_trim_string (char *s);
-cdk_error_t _cdk_sig_create (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig);
-cdk_error_t _cdk_sig_complete (cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk,
- digest_hd_st * hd);
+int _cdk_sig_hash_for(cdk_pkt_pubkey_t pk);
+void _cdk_trim_string(char *s);
+cdk_error_t _cdk_sig_create(cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig);
+cdk_error_t _cdk_sig_complete(cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk,
+ digest_hd_st * hd);
/*-- stream.c --*/
-void _cdk_stream_set_compress_algo (cdk_stream_t s, int algo);
-cdk_error_t _cdk_stream_open_mode (const char *file, const char *mode,
- cdk_stream_t * ret_s);
-void *_cdk_stream_get_uint8_t (cdk_stream_t s, int fid);
-const char *_cdk_stream_get_fname (cdk_stream_t s);
-FILE *_cdk_stream_get_fp (cdk_stream_t s);
-int _cdk_stream_gets (cdk_stream_t s, char *buf, size_t count);
-cdk_error_t _cdk_stream_append (const char *file, cdk_stream_t * ret_s);
-int _cdk_stream_get_errno (cdk_stream_t s);
-cdk_error_t _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes);
-int _cdk_stream_get_blockmode (cdk_stream_t s);
-int _cdk_stream_puts (cdk_stream_t s, const char *buf);
-cdk_error_t _cdk_stream_fpopen (FILE * fp, unsigned write_mode,
- cdk_stream_t * ret_out);
+void _cdk_stream_set_compress_algo(cdk_stream_t s, int algo);
+cdk_error_t _cdk_stream_open_mode(const char *file, const char *mode,
+ cdk_stream_t * ret_s);
+void *_cdk_stream_get_uint8_t(cdk_stream_t s, int fid);
+const char *_cdk_stream_get_fname(cdk_stream_t s);
+FILE *_cdk_stream_get_fp(cdk_stream_t s);
+int _cdk_stream_gets(cdk_stream_t s, char *buf, size_t count);
+cdk_error_t _cdk_stream_append(const char *file, cdk_stream_t * ret_s);
+int _cdk_stream_get_errno(cdk_stream_t s);
+cdk_error_t _cdk_stream_set_blockmode(cdk_stream_t s, size_t nbytes);
+int _cdk_stream_get_blockmode(cdk_stream_t s);
+int _cdk_stream_puts(cdk_stream_t s, const char *buf);
+cdk_error_t _cdk_stream_fpopen(FILE * fp, unsigned write_mode,
+ cdk_stream_t * ret_out);
/*-- read-packet.c --*/
-size_t _cdk_pkt_read_len (FILE * inp, size_t * ret_partial);
+size_t _cdk_pkt_read_len(FILE * inp, size_t * ret_partial);
/*-- write-packet.c --*/
-cdk_error_t _cdk_pkt_write_fp (FILE * out, cdk_packet_t pkt);
+cdk_error_t _cdk_pkt_write_fp(FILE * out, cdk_packet_t pkt);
/*-- seskey.c --*/
-cdk_error_t _cdk_s2k_copy (cdk_s2k_t * r_dst, cdk_s2k_t src);
+cdk_error_t _cdk_s2k_copy(cdk_s2k_t * r_dst, cdk_s2k_t src);
#define _cdk_pub_algo_to_pgp(algo) (algo)
#define _pgp_pub_algo_to_cdk(algo) (algo)
-int _gnutls_hash_algo_to_pgp (int algo);
-int _pgp_hash_algo_to_gnutls (int algo);
-int _gnutls_cipher_to_pgp (int cipher);
-int _pgp_cipher_to_gnutls (int cipher);
+int _gnutls_hash_algo_to_pgp(int algo);
+int _pgp_hash_algo_to_gnutls(int algo);
+int _gnutls_cipher_to_pgp(int cipher);
+int _pgp_cipher_to_gnutls(int cipher);
-#endif /* CDK_MAIN_H */
+#endif /* CDK_MAIN_H */
diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
index 58ad02eb9e..8ee74d7ded 100644
--- a/lib/opencdk/misc.c
+++ b/lib/opencdk/misc.c
@@ -35,30 +35,28 @@
#include <gnutls_str.h>
-u32
-_cdk_buftou32 (const byte * buf)
+u32 _cdk_buftou32(const byte * buf)
{
- u32 u;
+ u32 u;
- if (!buf)
- return 0;
- u = buf[0] << 24;
- u |= buf[1] << 16;
- u |= buf[2] << 8;
- u |= buf[3];
- return u;
+ if (!buf)
+ return 0;
+ u = buf[0] << 24;
+ u |= buf[1] << 16;
+ u |= buf[2] << 8;
+ u |= buf[3];
+ return u;
}
-void
-_cdk_u32tobuf (u32 u, byte * buf)
+void _cdk_u32tobuf(u32 u, byte * buf)
{
- if (!buf)
- return;
- buf[0] = u >> 24;
- buf[1] = u >> 16;
- buf[2] = u >> 8;
- buf[3] = u;
+ if (!buf)
+ return;
+ buf[0] = u >> 24;
+ buf[1] = u >> 16;
+ buf[2] = u >> 8;
+ buf[3] = u;
}
/**
@@ -67,16 +65,14 @@ _cdk_u32tobuf (u32 u, byte * buf)
*
* Release the string list object.
**/
-void
-cdk_strlist_free (cdk_strlist_t sl)
+void cdk_strlist_free(cdk_strlist_t sl)
{
- cdk_strlist_t sl2;
+ cdk_strlist_t sl2;
- for (; sl; sl = sl2)
- {
- sl2 = sl->next;
- cdk_free (sl);
- }
+ for (; sl; sl = sl2) {
+ sl2 = sl->next;
+ cdk_free(sl);
+ }
}
@@ -87,250 +83,231 @@ cdk_strlist_free (cdk_strlist_t sl)
*
* Add the given list to the string list.
**/
-cdk_strlist_t
-cdk_strlist_add (cdk_strlist_t * list, const char *string)
+cdk_strlist_t cdk_strlist_add(cdk_strlist_t * list, const char *string)
{
- cdk_strlist_t sl;
- int string_size = strlen(string);
+ cdk_strlist_t sl;
+ int string_size = strlen(string);
- if (!string)
- return NULL;
+ if (!string)
+ return NULL;
- sl = cdk_calloc (1, sizeof *sl + string_size + 2);
- if (!sl)
- return NULL;
- sl->d = (char *) sl + sizeof (*sl);
- memcpy (sl->d, string, string_size+1);
- sl->next = *list;
- *list = sl;
- return sl;
+ sl = cdk_calloc(1, sizeof *sl + string_size + 2);
+ if (!sl)
+ return NULL;
+ sl->d = (char *) sl + sizeof(*sl);
+ memcpy(sl->d, string, string_size + 1);
+ sl->next = *list;
+ *list = sl;
+ return sl;
}
-const char *
-_cdk_memistr (const char *buf, size_t buflen, const char *sub)
+const char *_cdk_memistr(const char *buf, size_t buflen, const char *sub)
{
- const byte *t, *s;
- size_t n;
+ const byte *t, *s;
+ size_t n;
- for (t = (byte *) buf, n = buflen, s = (byte *) sub; n; t++, n--)
- {
- if (c_toupper (*t) == c_toupper (*s))
- {
- for (buf = (char*)t++, buflen = n--, s++;
- n && c_toupper (*t) == c_toupper ((byte) * s); t++, s++, n--)
- ;
- if (!*s)
- return buf;
- t = (byte *) buf;
- n = buflen;
- s = (byte *) sub;
- }
- }
+ for (t = (byte *) buf, n = buflen, s = (byte *) sub; n; t++, n--) {
+ if (c_toupper(*t) == c_toupper(*s)) {
+ for (buf = (char *) t++, buflen = n--, s++;
+ n && c_toupper(*t) == c_toupper((byte) * s);
+ t++, s++, n--);
+ if (!*s)
+ return buf;
+ t = (byte *) buf;
+ n = buflen;
+ s = (byte *) sub;
+ }
+ }
- return NULL;
+ return NULL;
}
-cdk_error_t
-_cdk_map_gnutls_error (int err)
+cdk_error_t _cdk_map_gnutls_error(int err)
{
- switch (err)
- {
- case 0:
- return CDK_Success;
- case GNUTLS_E_INVALID_REQUEST:
- return CDK_Inv_Value;
- default:
- return CDK_General_Error;
- }
+ switch (err) {
+ case 0:
+ return CDK_Success;
+ case GNUTLS_E_INVALID_REQUEST:
+ return CDK_Inv_Value;
+ default:
+ return CDK_General_Error;
+ }
}
/* Remove all trailing white spaces from the string. */
-void
-_cdk_trim_string (char *s)
+void _cdk_trim_string(char *s)
{
-int len = strlen(s);
- while (s && *s &&
- (s[len - 1] == '\t' ||
- s[len - 1] == '\r' ||
- s[len - 1] == '\n' || s[len - 1] == ' '))
- s[len - 1] = '\0';
+ int len = strlen(s);
+ while (s && *s &&
+ (s[len - 1] == '\t' ||
+ s[len - 1] == '\r' ||
+ s[len - 1] == '\n' || s[len - 1] == ' '))
+ s[len - 1] = '\0';
}
-int
-_cdk_check_args (int overwrite, const char *in, const char *out)
+int _cdk_check_args(int overwrite, const char *in, const char *out)
{
- struct stat stbuf;
+ struct stat stbuf;
- if (!in || !out)
- return CDK_Inv_Value;
- if (strlen (in) == strlen (out) && strcmp (in, out) == 0)
- return CDK_Inv_Mode;
- if (!overwrite && !stat (out, &stbuf))
- return CDK_Inv_Mode;
- return 0;
+ if (!in || !out)
+ return CDK_Inv_Value;
+ if (strlen(in) == strlen(out) && strcmp(in, out) == 0)
+ return CDK_Inv_Mode;
+ if (!overwrite && !stat(out, &stbuf))
+ return CDK_Inv_Mode;
+ return 0;
}
#ifdef _WIN32
#include <io.h>
#include <fcntl.h>
-FILE *
-_cdk_tmpfile (void)
+FILE *_cdk_tmpfile(void)
{
- /* Because the tmpfile() version of wine is not really useful,
- we implement our own version to avoid problems with 'make check'. */
- static const char *letters = "abcdefghijklmnopqrstuvwxyz";
- unsigned char buf[512], rnd[24];
- FILE *fp;
- int fd, i;
+ /* Because the tmpfile() version of wine is not really useful,
+ we implement our own version to avoid problems with 'make check'. */
+ static const char *letters = "abcdefghijklmnopqrstuvwxyz";
+ unsigned char buf[512], rnd[24];
+ FILE *fp;
+ int fd, i;
- _gnutls_rnd (GNUTLS_RND_NONCE, rnd, DIM (rnd));
- for (i = 0; i < DIM (rnd) - 1; i++)
- {
- char c = letters[(unsigned char) rnd[i] % 26];
- rnd[i] = c;
- }
- rnd[DIM (rnd) - 1] = 0;
- if (!GetTempPath (464, buf))
- return NULL;
- _gnutls_str_cat (buf, sizeof(buf), "_cdk_");
- _gnutls_str_cat (buf, sizeof(buf), rnd);
+ _gnutls_rnd(GNUTLS_RND_NONCE, rnd, DIM(rnd));
+ for (i = 0; i < DIM(rnd) - 1; i++) {
+ char c = letters[(unsigned char) rnd[i] % 26];
+ rnd[i] = c;
+ }
+ rnd[DIM(rnd) - 1] = 0;
+ if (!GetTempPath(464, buf))
+ return NULL;
+ _gnutls_str_cat(buf, sizeof(buf), "_cdk_");
+ _gnutls_str_cat(buf, sizeof(buf), rnd);
- /* We need to make sure the file will be deleted when it is closed. */
- fd = _open (buf, _O_CREAT | _O_EXCL | _O_TEMPORARY |
- _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE);
- if (fd == -1)
- return NULL;
- fp = fdopen (fd, "w+b");
- if (fp != NULL)
- return fp;
- _close (fd);
- return NULL;
+ /* We need to make sure the file will be deleted when it is closed. */
+ fd = _open(buf, _O_CREAT | _O_EXCL | _O_TEMPORARY |
+ _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE);
+ if (fd == -1)
+ return NULL;
+ fp = fdopen(fd, "w+b");
+ if (fp != NULL)
+ return fp;
+ _close(fd);
+ return NULL;
}
#else
-FILE *
-_cdk_tmpfile (void)
+FILE *_cdk_tmpfile(void)
{
- return tmpfile ();
+ return tmpfile();
}
#endif
-int
-_gnutls_hash_algo_to_pgp (int algo)
+int _gnutls_hash_algo_to_pgp(int algo)
{
- switch (algo)
- {
- case GNUTLS_DIG_MD5:
- return 0x01;
- case GNUTLS_DIG_MD2:
- return 0x05;
- case GNUTLS_DIG_SHA1:
- return 0x02;
- case GNUTLS_DIG_RMD160:
- return 0x03;
- case GNUTLS_DIG_SHA256:
- return 0x08;
- case GNUTLS_DIG_SHA384:
- return 0x09;
- case GNUTLS_DIG_SHA512:
- return 0x0A;
- case GNUTLS_DIG_SHA224:
- return 0x0B;
- default:
- gnutls_assert ();
- return 0x00;
- }
+ switch (algo) {
+ case GNUTLS_DIG_MD5:
+ return 0x01;
+ case GNUTLS_DIG_MD2:
+ return 0x05;
+ case GNUTLS_DIG_SHA1:
+ return 0x02;
+ case GNUTLS_DIG_RMD160:
+ return 0x03;
+ case GNUTLS_DIG_SHA256:
+ return 0x08;
+ case GNUTLS_DIG_SHA384:
+ return 0x09;
+ case GNUTLS_DIG_SHA512:
+ return 0x0A;
+ case GNUTLS_DIG_SHA224:
+ return 0x0B;
+ default:
+ gnutls_assert();
+ return 0x00;
+ }
}
-int
-_pgp_hash_algo_to_gnutls (int algo)
+int _pgp_hash_algo_to_gnutls(int algo)
{
- switch (algo)
- {
- case 0x01:
- return GNUTLS_DIG_MD5;
- case 0x02:
- return GNUTLS_DIG_SHA1;
- case 0x03:
- return GNUTLS_DIG_RMD160;
- case 0x05:
- return GNUTLS_DIG_MD2;
- case 0x08:
- return GNUTLS_DIG_SHA256;
- case 0x09:
- return GNUTLS_DIG_SHA384;
- case 0x0A:
- return GNUTLS_DIG_SHA512;
- case 0x0B:
- return GNUTLS_DIG_SHA224;
- default:
- gnutls_assert ();
- return GNUTLS_DIG_NULL;
- }
+ switch (algo) {
+ case 0x01:
+ return GNUTLS_DIG_MD5;
+ case 0x02:
+ return GNUTLS_DIG_SHA1;
+ case 0x03:
+ return GNUTLS_DIG_RMD160;
+ case 0x05:
+ return GNUTLS_DIG_MD2;
+ case 0x08:
+ return GNUTLS_DIG_SHA256;
+ case 0x09:
+ return GNUTLS_DIG_SHA384;
+ case 0x0A:
+ return GNUTLS_DIG_SHA512;
+ case 0x0B:
+ return GNUTLS_DIG_SHA224;
+ default:
+ gnutls_assert();
+ return GNUTLS_DIG_NULL;
+ }
}
-int
-_pgp_cipher_to_gnutls (int cipher)
+int _pgp_cipher_to_gnutls(int cipher)
{
- switch (cipher)
- {
- case 0:
- return GNUTLS_CIPHER_NULL;
- case 1:
- return GNUTLS_CIPHER_IDEA_PGP_CFB;
- case 2:
- return GNUTLS_CIPHER_3DES_PGP_CFB;
- case 3:
- return GNUTLS_CIPHER_CAST5_PGP_CFB;
- case 4:
- return GNUTLS_CIPHER_BLOWFISH_PGP_CFB;
- case 5:
- return GNUTLS_CIPHER_SAFER_SK128_PGP_CFB;
- case 7:
- return GNUTLS_CIPHER_AES128_PGP_CFB;
- case 8:
- return GNUTLS_CIPHER_AES192_PGP_CFB;
- case 9:
- return GNUTLS_CIPHER_AES256_PGP_CFB;
- case 10:
- return GNUTLS_CIPHER_TWOFISH_PGP_CFB;
+ switch (cipher) {
+ case 0:
+ return GNUTLS_CIPHER_NULL;
+ case 1:
+ return GNUTLS_CIPHER_IDEA_PGP_CFB;
+ case 2:
+ return GNUTLS_CIPHER_3DES_PGP_CFB;
+ case 3:
+ return GNUTLS_CIPHER_CAST5_PGP_CFB;
+ case 4:
+ return GNUTLS_CIPHER_BLOWFISH_PGP_CFB;
+ case 5:
+ return GNUTLS_CIPHER_SAFER_SK128_PGP_CFB;
+ case 7:
+ return GNUTLS_CIPHER_AES128_PGP_CFB;
+ case 8:
+ return GNUTLS_CIPHER_AES192_PGP_CFB;
+ case 9:
+ return GNUTLS_CIPHER_AES256_PGP_CFB;
+ case 10:
+ return GNUTLS_CIPHER_TWOFISH_PGP_CFB;
- default:
- gnutls_assert ();
- _gnutls_debug_log("Unknown openpgp cipher %u\n", cipher);
- return GNUTLS_CIPHER_UNKNOWN;
- }
+ default:
+ gnutls_assert();
+ _gnutls_debug_log("Unknown openpgp cipher %u\n", cipher);
+ return GNUTLS_CIPHER_UNKNOWN;
+ }
}
-int
-_gnutls_cipher_to_pgp (int cipher)
+int _gnutls_cipher_to_pgp(int cipher)
{
- switch (cipher)
- {
- case GNUTLS_CIPHER_NULL:
- return 0;
- case GNUTLS_CIPHER_IDEA_PGP_CFB:
- return 1;
- case GNUTLS_CIPHER_3DES_PGP_CFB:
- return 2;
- case GNUTLS_CIPHER_CAST5_PGP_CFB:
- return 3;
- case GNUTLS_CIPHER_BLOWFISH_PGP_CFB:
- return 4;
- case GNUTLS_CIPHER_SAFER_SK128_PGP_CFB:
- return 5;
- case GNUTLS_CIPHER_AES128_PGP_CFB:
- return 7;
- case GNUTLS_CIPHER_AES192_PGP_CFB:
- return 8;
- case GNUTLS_CIPHER_AES256_PGP_CFB:
- return 9;
- case GNUTLS_CIPHER_TWOFISH_PGP_CFB:
- return 10;
- default:
- gnutls_assert ();
- return 0;
- }
+ switch (cipher) {
+ case GNUTLS_CIPHER_NULL:
+ return 0;
+ case GNUTLS_CIPHER_IDEA_PGP_CFB:
+ return 1;
+ case GNUTLS_CIPHER_3DES_PGP_CFB:
+ return 2;
+ case GNUTLS_CIPHER_CAST5_PGP_CFB:
+ return 3;
+ case GNUTLS_CIPHER_BLOWFISH_PGP_CFB:
+ return 4;
+ case GNUTLS_CIPHER_SAFER_SK128_PGP_CFB:
+ return 5;
+ case GNUTLS_CIPHER_AES128_PGP_CFB:
+ return 7;
+ case GNUTLS_CIPHER_AES192_PGP_CFB:
+ return 8;
+ case GNUTLS_CIPHER_AES256_PGP_CFB:
+ return 9;
+ case GNUTLS_CIPHER_TWOFISH_PGP_CFB:
+ return 10;
+ default:
+ gnutls_assert();
+ return 0;
+ }
}
diff --git a/lib/opencdk/new-packet.c b/lib/opencdk/new-packet.c
index acf2a7606d..7d61c2c415 100644
--- a/lib/opencdk/new-packet.c
+++ b/lib/opencdk/new-packet.c
@@ -32,13 +32,11 @@
/* Release an array of MPI values. */
-void
-_cdk_free_mpibuf (size_t n, bigint_t * array)
+void _cdk_free_mpibuf(size_t n, bigint_t * array)
{
- while (n--)
- {
- _gnutls_mpi_release (&array[n]);
- }
+ while (n--) {
+ _gnutls_mpi_release(&array[n]);
+ }
}
@@ -48,201 +46,189 @@ _cdk_free_mpibuf (size_t n, bigint_t * array)
*
* Allocate a new packet.
**/
-cdk_error_t
-cdk_pkt_new (cdk_packet_t * r_pkt)
+cdk_error_t cdk_pkt_new(cdk_packet_t * r_pkt)
{
- cdk_packet_t pkt;
-
- if (!r_pkt)
- return CDK_Inv_Value;
- pkt = cdk_calloc (1, sizeof *pkt);
- if (!pkt)
- return CDK_Out_Of_Core;
- *r_pkt = pkt;
- return 0;
+ cdk_packet_t pkt;
+
+ if (!r_pkt)
+ return CDK_Inv_Value;
+ pkt = cdk_calloc(1, sizeof *pkt);
+ if (!pkt)
+ return CDK_Out_Of_Core;
+ *r_pkt = pkt;
+ return 0;
}
-static void
-free_pubkey_enc (cdk_pkt_pubkey_enc_t enc)
+static void free_pubkey_enc(cdk_pkt_pubkey_enc_t enc)
{
- size_t nenc;
+ size_t nenc;
- if (!enc)
- return;
+ if (!enc)
+ return;
- nenc = cdk_pk_get_nenc (enc->pubkey_algo);
- _cdk_free_mpibuf (nenc, enc->mpi);
- cdk_free (enc);
+ nenc = cdk_pk_get_nenc(enc->pubkey_algo);
+ _cdk_free_mpibuf(nenc, enc->mpi);
+ cdk_free(enc);
}
-static void
-free_literal (cdk_pkt_literal_t pt)
+static void free_literal(cdk_pkt_literal_t pt)
{
- if (!pt)
- return;
- /* The buffer which is referenced in this packet is closed
- elsewhere. To close it here would cause a double close. */
- cdk_free (pt);
+ if (!pt)
+ return;
+ /* The buffer which is referenced in this packet is closed
+ elsewhere. To close it here would cause a double close. */
+ cdk_free(pt);
}
-void
-_cdk_free_userid (cdk_pkt_userid_t uid)
+void _cdk_free_userid(cdk_pkt_userid_t uid)
{
- if (!uid)
- return;
-
- cdk_free (uid->prefs);
- uid->prefs = NULL;
- cdk_free (uid->attrib_img);
- uid->attrib_img = NULL;
- cdk_free (uid);
+ if (!uid)
+ return;
+
+ cdk_free(uid->prefs);
+ uid->prefs = NULL;
+ cdk_free(uid->attrib_img);
+ uid->attrib_img = NULL;
+ cdk_free(uid);
}
-void
-_cdk_free_signature (cdk_pkt_signature_t sig)
+void _cdk_free_signature(cdk_pkt_signature_t sig)
{
- cdk_desig_revoker_t r;
- size_t nsig;
-
- if (!sig)
- return;
-
- nsig = cdk_pk_get_nsig (sig->pubkey_algo);
- _cdk_free_mpibuf (nsig, sig->mpi);
-
- cdk_subpkt_free (sig->hashed);
- sig->hashed = NULL;
- cdk_subpkt_free (sig->unhashed);
- sig->unhashed = NULL;
- while (sig->revkeys)
- {
- r = sig->revkeys->next;
- cdk_free (sig->revkeys);
- sig->revkeys = r;
- }
- cdk_free (sig);
+ cdk_desig_revoker_t r;
+ size_t nsig;
+
+ if (!sig)
+ return;
+
+ nsig = cdk_pk_get_nsig(sig->pubkey_algo);
+ _cdk_free_mpibuf(nsig, sig->mpi);
+
+ cdk_subpkt_free(sig->hashed);
+ sig->hashed = NULL;
+ cdk_subpkt_free(sig->unhashed);
+ sig->unhashed = NULL;
+ while (sig->revkeys) {
+ r = sig->revkeys->next;
+ cdk_free(sig->revkeys);
+ sig->revkeys = r;
+ }
+ cdk_free(sig);
}
-void
-cdk_pk_release (cdk_pubkey_t pk)
+void cdk_pk_release(cdk_pubkey_t pk)
{
- size_t npkey;
-
- if (!pk)
- return;
-
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- _cdk_free_userid (pk->uid);
- pk->uid = NULL;
- cdk_free (pk->prefs);
- pk->prefs = NULL;
- _cdk_free_mpibuf (npkey, pk->mpi);
- cdk_free (pk);
+ size_t npkey;
+
+ if (!pk)
+ return;
+
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ _cdk_free_userid(pk->uid);
+ pk->uid = NULL;
+ cdk_free(pk->prefs);
+ pk->prefs = NULL;
+ _cdk_free_mpibuf(npkey, pk->mpi);
+ cdk_free(pk);
}
-void
-cdk_sk_release (cdk_seckey_t sk)
+void cdk_sk_release(cdk_seckey_t sk)
{
- size_t nskey;
-
- if (!sk)
- return;
-
- nskey = cdk_pk_get_nskey (sk->pubkey_algo);
- _cdk_free_mpibuf (nskey, sk->mpi);
- cdk_free (sk->encdata);
- sk->encdata = NULL;
- cdk_pk_release (sk->pk);
- sk->pk = NULL;
- cdk_s2k_free (sk->protect.s2k);
- sk->protect.s2k = NULL;
- cdk_free (sk);
+ size_t nskey;
+
+ if (!sk)
+ return;
+
+ nskey = cdk_pk_get_nskey(sk->pubkey_algo);
+ _cdk_free_mpibuf(nskey, sk->mpi);
+ cdk_free(sk->encdata);
+ sk->encdata = NULL;
+ cdk_pk_release(sk->pk);
+ sk->pk = NULL;
+ cdk_s2k_free(sk->protect.s2k);
+ sk->protect.s2k = NULL;
+ cdk_free(sk);
}
/* Detach the openpgp packet from the packet structure
and release the packet structure itself. */
-void
-_cdk_pkt_detach_free (cdk_packet_t pkt, int *r_pkttype, void **ctx)
+void _cdk_pkt_detach_free(cdk_packet_t pkt, int *r_pkttype, void **ctx)
{
- /* For now we just allow this for keys. */
- switch (pkt->pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- *ctx = pkt->pkt.public_key;
- break;
-
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- *ctx = pkt->pkt.secret_key;
- break;
-
- default:
- *r_pkttype = 0;
- return;
- }
-
- /* The caller might expect a specific packet type and
- is not interested to store it for later use. */
- if (r_pkttype)
- *r_pkttype = pkt->pkttype;
-
- cdk_free (pkt);
+ /* For now we just allow this for keys. */
+ switch (pkt->pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ *ctx = pkt->pkt.public_key;
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ *ctx = pkt->pkt.secret_key;
+ break;
+
+ default:
+ *r_pkttype = 0;
+ return;
+ }
+
+ /* The caller might expect a specific packet type and
+ is not interested to store it for later use. */
+ if (r_pkttype)
+ *r_pkttype = pkt->pkttype;
+
+ cdk_free(pkt);
}
-void
-cdk_pkt_free (cdk_packet_t pkt)
+void cdk_pkt_free(cdk_packet_t pkt)
{
- if (!pkt)
- return;
-
- switch (pkt->pkttype)
- {
- case CDK_PKT_ATTRIBUTE:
- case CDK_PKT_USER_ID:
- _cdk_free_userid (pkt->pkt.user_id);
- break;
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- cdk_pk_release (pkt->pkt.public_key);
- break;
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- cdk_sk_release (pkt->pkt.secret_key);
- break;
- case CDK_PKT_SIGNATURE:
- _cdk_free_signature (pkt->pkt.signature);
- break;
- case CDK_PKT_PUBKEY_ENC:
- free_pubkey_enc (pkt->pkt.pubkey_enc);
- break;
- case CDK_PKT_MDC:
- cdk_free (pkt->pkt.mdc);
- break;
- case CDK_PKT_ONEPASS_SIG:
- cdk_free (pkt->pkt.onepass_sig);
- break;
- case CDK_PKT_LITERAL:
- free_literal (pkt->pkt.literal);
- break;
- case CDK_PKT_COMPRESSED:
- cdk_free (pkt->pkt.compressed);
- break;
- default:
- break;
- }
-
- /* Reset the packet type to avoid, when cdk_pkt_release() will be
- used, that the second cdk_pkt_free() call will double free the data. */
- pkt->pkttype = 0;
+ if (!pkt)
+ return;
+
+ switch (pkt->pkttype) {
+ case CDK_PKT_ATTRIBUTE:
+ case CDK_PKT_USER_ID:
+ _cdk_free_userid(pkt->pkt.user_id);
+ break;
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ cdk_pk_release(pkt->pkt.public_key);
+ break;
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ cdk_sk_release(pkt->pkt.secret_key);
+ break;
+ case CDK_PKT_SIGNATURE:
+ _cdk_free_signature(pkt->pkt.signature);
+ break;
+ case CDK_PKT_PUBKEY_ENC:
+ free_pubkey_enc(pkt->pkt.pubkey_enc);
+ break;
+ case CDK_PKT_MDC:
+ cdk_free(pkt->pkt.mdc);
+ break;
+ case CDK_PKT_ONEPASS_SIG:
+ cdk_free(pkt->pkt.onepass_sig);
+ break;
+ case CDK_PKT_LITERAL:
+ free_literal(pkt->pkt.literal);
+ break;
+ case CDK_PKT_COMPRESSED:
+ cdk_free(pkt->pkt.compressed);
+ break;
+ default:
+ break;
+ }
+
+ /* Reset the packet type to avoid, when cdk_pkt_release() will be
+ used, that the second cdk_pkt_free() call will double free the data. */
+ pkt->pkttype = 0;
}
@@ -253,13 +239,12 @@ cdk_pkt_free (cdk_packet_t pkt)
* Free the contents of the given package and
* release the memory of the structure.
**/
-void
-cdk_pkt_release (cdk_packet_t pkt)
+void cdk_pkt_release(cdk_packet_t pkt)
{
- if (!pkt)
- return;
- cdk_pkt_free (pkt);
- cdk_free (pkt);
+ if (!pkt)
+ return;
+ cdk_pkt_free(pkt);
+ cdk_free(pkt);
}
@@ -270,260 +255,253 @@ cdk_pkt_release (cdk_packet_t pkt)
*
* Allocate a new packet structure with the given packet type.
**/
-cdk_error_t
-cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype)
+cdk_error_t cdk_pkt_alloc(cdk_packet_t * r_pkt, cdk_packet_type_t pkttype)
{
- cdk_packet_t pkt;
- int rc;
-
- if (!r_pkt)
- return CDK_Inv_Value;
-
- rc = cdk_pkt_new (&pkt);
- if (rc)
- return rc;
-
- switch (pkttype)
- {
- case CDK_PKT_USER_ID:
- pkt->pkt.user_id = cdk_calloc (1, sizeof pkt->pkt.user_id);
- if (!pkt->pkt.user_id)
- return CDK_Out_Of_Core;
- pkt->pkt.user_id->name = NULL;
- break;
-
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
- if (!pkt->pkt.public_key)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
- pkt->pkt.secret_key->pk =
- cdk_calloc (1, sizeof *pkt->pkt.secret_key->pk);
- if (!pkt->pkt.secret_key || !pkt->pkt.secret_key->pk)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_SIGNATURE:
- pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
- if (!pkt->pkt.signature)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_PUBKEY_ENC:
- pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
- if (!pkt->pkt.pubkey_enc)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_MDC:
- pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
- if (!pkt->pkt.mdc)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_ONEPASS_SIG:
- pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
- if (!pkt->pkt.onepass_sig)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_LITERAL:
- /* FIXME: We would need the size of the file name to allocate extra
- bytes, otherwise the result would be useless. */
- pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
- if (!pkt->pkt.literal)
- return CDK_Out_Of_Core;
- pkt->pkt.literal->name = NULL;
- break;
-
- default:
- return CDK_Not_Implemented;
- }
- pkt->pkttype = pkttype;
- *r_pkt = pkt;
- return 0;
+ cdk_packet_t pkt;
+ int rc;
+
+ if (!r_pkt)
+ return CDK_Inv_Value;
+
+ rc = cdk_pkt_new(&pkt);
+ if (rc)
+ return rc;
+
+ switch (pkttype) {
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = cdk_calloc(1, sizeof pkt->pkt.user_id);
+ if (!pkt->pkt.user_id)
+ return CDK_Out_Of_Core;
+ pkt->pkt.user_id->name = NULL;
+ break;
+
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key =
+ cdk_calloc(1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ pkt->pkt.secret_key->pk =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key->pk);
+ if (!pkt->pkt.secret_key || !pkt->pkt.secret_key->pk)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature =
+ cdk_calloc(1, sizeof *pkt->pkt.signature);
+ if (!pkt->pkt.signature)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_PUBKEY_ENC:
+ pkt->pkt.pubkey_enc =
+ cdk_calloc(1, sizeof *pkt->pkt.pubkey_enc);
+ if (!pkt->pkt.pubkey_enc)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_MDC:
+ pkt->pkt.mdc = cdk_calloc(1, sizeof *pkt->pkt.mdc);
+ if (!pkt->pkt.mdc)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_ONEPASS_SIG:
+ pkt->pkt.onepass_sig =
+ cdk_calloc(1, sizeof *pkt->pkt.onepass_sig);
+ if (!pkt->pkt.onepass_sig)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_LITERAL:
+ /* FIXME: We would need the size of the file name to allocate extra
+ bytes, otherwise the result would be useless. */
+ pkt->pkt.literal = cdk_calloc(1, sizeof *pkt->pkt.literal);
+ if (!pkt->pkt.literal)
+ return CDK_Out_Of_Core;
+ pkt->pkt.literal->name = NULL;
+ break;
+
+ default:
+ return CDK_Not_Implemented;
+ }
+ pkt->pkttype = pkttype;
+ *r_pkt = pkt;
+ return 0;
}
-cdk_prefitem_t
-_cdk_copy_prefs (const cdk_prefitem_t prefs)
+cdk_prefitem_t _cdk_copy_prefs(const cdk_prefitem_t prefs)
{
- size_t n = 0;
- struct cdk_prefitem_s *new_prefs;
-
- if (!prefs)
- return NULL;
-
- for (n = 0; prefs[n].type; n++)
- ;
- new_prefs = cdk_calloc (1, sizeof *new_prefs * (n + 1));
- if (!new_prefs)
- return NULL;
- for (n = 0; prefs[n].type; n++)
- {
- new_prefs[n].type = prefs[n].type;
- new_prefs[n].value = prefs[n].value;
- }
- new_prefs[n].type = CDK_PREFTYPE_NONE;
- new_prefs[n].value = 0;
- return new_prefs;
+ size_t n = 0;
+ struct cdk_prefitem_s *new_prefs;
+
+ if (!prefs)
+ return NULL;
+
+ for (n = 0; prefs[n].type; n++);
+ new_prefs = cdk_calloc(1, sizeof *new_prefs * (n + 1));
+ if (!new_prefs)
+ return NULL;
+ for (n = 0; prefs[n].type; n++) {
+ new_prefs[n].type = prefs[n].type;
+ new_prefs[n].value = prefs[n].value;
+ }
+ new_prefs[n].type = CDK_PREFTYPE_NONE;
+ new_prefs[n].value = 0;
+ return new_prefs;
}
-cdk_error_t
-_cdk_copy_userid (cdk_pkt_userid_t * dst, cdk_pkt_userid_t src)
+cdk_error_t _cdk_copy_userid(cdk_pkt_userid_t * dst, cdk_pkt_userid_t src)
{
- cdk_pkt_userid_t u;
+ cdk_pkt_userid_t u;
- if (!dst || !src)
- return CDK_Inv_Value;
+ if (!dst || !src)
+ return CDK_Inv_Value;
- *dst = NULL;
- u = cdk_calloc (1, sizeof *u + strlen (src->name) + 2);
- if (!u)
- return CDK_Out_Of_Core;
- u->name = (char *) u + sizeof (*u);
+ *dst = NULL;
+ u = cdk_calloc(1, sizeof *u + strlen(src->name) + 2);
+ if (!u)
+ return CDK_Out_Of_Core;
+ u->name = (char *) u + sizeof(*u);
- memcpy (u, src, sizeof *u);
- memcpy (u->name, src->name, strlen (src->name));
- u->prefs = _cdk_copy_prefs (src->prefs);
- if (src->selfsig)
- _cdk_copy_signature (&u->selfsig, src->selfsig);
- *dst = u;
+ memcpy(u, src, sizeof *u);
+ memcpy(u->name, src->name, strlen(src->name));
+ u->prefs = _cdk_copy_prefs(src->prefs);
+ if (src->selfsig)
+ _cdk_copy_signature(&u->selfsig, src->selfsig);
+ *dst = u;
- return 0;
+ return 0;
}
-cdk_error_t
-_cdk_copy_pubkey (cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src)
+cdk_error_t _cdk_copy_pubkey(cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src)
{
- cdk_pkt_pubkey_t k;
- int i;
-
- if (!dst || !src)
- return CDK_Inv_Value;
-
- *dst = NULL;
- k = cdk_calloc (1, sizeof *k);
- if (!k)
- return CDK_Out_Of_Core;
- memcpy (k, src, sizeof *k);
- if (src->uid)
- _cdk_copy_userid (&k->uid, src->uid);
- if (src->prefs)
- k->prefs = _cdk_copy_prefs (src->prefs);
- for (i = 0; i < cdk_pk_get_npkey (src->pubkey_algo); i++)
- k->mpi[i] = _gnutls_mpi_copy (src->mpi[i]);
- *dst = k;
-
- return 0;
+ cdk_pkt_pubkey_t k;
+ int i;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ k = cdk_calloc(1, sizeof *k);
+ if (!k)
+ return CDK_Out_Of_Core;
+ memcpy(k, src, sizeof *k);
+ if (src->uid)
+ _cdk_copy_userid(&k->uid, src->uid);
+ if (src->prefs)
+ k->prefs = _cdk_copy_prefs(src->prefs);
+ for (i = 0; i < cdk_pk_get_npkey(src->pubkey_algo); i++)
+ k->mpi[i] = _gnutls_mpi_copy(src->mpi[i]);
+ *dst = k;
+
+ return 0;
}
-cdk_error_t
-_cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src)
+cdk_error_t _cdk_copy_seckey(cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src)
{
- cdk_pkt_seckey_t k;
- int i;
-
- if (!dst || !src)
- return CDK_Inv_Value;
-
- *dst = NULL;
- k = cdk_calloc (1, sizeof *k);
- if (!k)
- return CDK_Out_Of_Core;
- memcpy (k, src, sizeof *k);
- _cdk_copy_pubkey (&k->pk, src->pk);
-
- if (src->encdata)
- {
- k->encdata = cdk_calloc (1, src->enclen + 1);
- if (!k->encdata)
- return CDK_Out_Of_Core;
- memcpy (k->encdata, src->encdata, src->enclen);
- }
-
- _cdk_s2k_copy (&k->protect.s2k, src->protect.s2k);
- for (i = 0; i < cdk_pk_get_nskey (src->pubkey_algo); i++)
- {
- k->mpi[i] = _gnutls_mpi_copy (src->mpi[i]);
- }
-
- *dst = k;
- return 0;
+ cdk_pkt_seckey_t k;
+ int i;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ k = cdk_calloc(1, sizeof *k);
+ if (!k)
+ return CDK_Out_Of_Core;
+ memcpy(k, src, sizeof *k);
+ _cdk_copy_pubkey(&k->pk, src->pk);
+
+ if (src->encdata) {
+ k->encdata = cdk_calloc(1, src->enclen + 1);
+ if (!k->encdata)
+ return CDK_Out_Of_Core;
+ memcpy(k->encdata, src->encdata, src->enclen);
+ }
+
+ _cdk_s2k_copy(&k->protect.s2k, src->protect.s2k);
+ for (i = 0; i < cdk_pk_get_nskey(src->pubkey_algo); i++) {
+ k->mpi[i] = _gnutls_mpi_copy(src->mpi[i]);
+ }
+
+ *dst = k;
+ return 0;
}
-cdk_error_t
-_cdk_copy_pk_to_sk (cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk)
+cdk_error_t _cdk_copy_pk_to_sk(cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk)
{
- if (!pk || !sk)
- return CDK_Inv_Value;
-
- sk->version = pk->version;
- sk->expiredate = pk->expiredate;
- sk->pubkey_algo = _pgp_pub_algo_to_cdk (pk->pubkey_algo);
- sk->has_expired = pk->has_expired;
- sk->is_revoked = pk->is_revoked;
- sk->main_keyid[0] = pk->main_keyid[0];
- sk->main_keyid[1] = pk->main_keyid[1];
- sk->keyid[0] = pk->keyid[0];
- sk->keyid[1] = pk->keyid[1];
-
- return 0;
+ if (!pk || !sk)
+ return CDK_Inv_Value;
+
+ sk->version = pk->version;
+ sk->expiredate = pk->expiredate;
+ sk->pubkey_algo = _pgp_pub_algo_to_cdk(pk->pubkey_algo);
+ sk->has_expired = pk->has_expired;
+ sk->is_revoked = pk->is_revoked;
+ sk->main_keyid[0] = pk->main_keyid[0];
+ sk->main_keyid[1] = pk->main_keyid[1];
+ sk->keyid[0] = pk->keyid[0];
+ sk->keyid[1] = pk->keyid[1];
+
+ return 0;
}
cdk_error_t
-_cdk_copy_signature (cdk_pkt_signature_t * dst, cdk_pkt_signature_t src)
+_cdk_copy_signature(cdk_pkt_signature_t * dst, cdk_pkt_signature_t src)
{
- cdk_pkt_signature_t s;
-
- if (!dst || !src)
- return CDK_Inv_Value;
-
- *dst = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- return CDK_Out_Of_Core;
- memcpy (s, src, sizeof *src);
- _cdk_subpkt_copy (&s->hashed, src->hashed);
- _cdk_subpkt_copy (&s->unhashed, src->unhashed);
- /* FIXME: Copy MPI parts */
- *dst = s;
-
- return 0;
+ cdk_pkt_signature_t s;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s)
+ return CDK_Out_Of_Core;
+ memcpy(s, src, sizeof *src);
+ _cdk_subpkt_copy(&s->hashed, src->hashed);
+ _cdk_subpkt_copy(&s->unhashed, src->unhashed);
+ /* FIXME: Copy MPI parts */
+ *dst = s;
+
+ return 0;
}
-cdk_error_t
-_cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b)
+cdk_error_t _cdk_pubkey_compare(cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b)
{
- int na, nb, i;
-
- if (a->timestamp != b->timestamp || a->pubkey_algo != b->pubkey_algo)
- return -1;
- if (a->version < 4 && a->expiredate != b->expiredate)
- return -1;
- na = cdk_pk_get_npkey (a->pubkey_algo);
- nb = cdk_pk_get_npkey (b->pubkey_algo);
- if (na != nb)
- return -1;
-
- for (i = 0; i < na; i++)
- {
- if (_gnutls_mpi_cmp (a->mpi[i], b->mpi[i]))
- return -1;
- }
-
- return 0;
+ int na, nb, i;
+
+ if (a->timestamp != b->timestamp
+ || a->pubkey_algo != b->pubkey_algo)
+ return -1;
+ if (a->version < 4 && a->expiredate != b->expiredate)
+ return -1;
+ na = cdk_pk_get_npkey(a->pubkey_algo);
+ nb = cdk_pk_get_npkey(b->pubkey_algo);
+ if (na != nb)
+ return -1;
+
+ for (i = 0; i < na; i++) {
+ if (_gnutls_mpi_cmp(a->mpi[i], b->mpi[i]))
+ return -1;
+ }
+
+ return 0;
}
@@ -533,17 +511,15 @@ _cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b)
*
* Release the context.
**/
-void
-cdk_subpkt_free (cdk_subpkt_t ctx)
+void cdk_subpkt_free(cdk_subpkt_t ctx)
{
- cdk_subpkt_t s;
-
- while (ctx)
- {
- s = ctx->next;
- cdk_free (ctx);
- ctx = s;
- }
+ cdk_subpkt_t s;
+
+ while (ctx) {
+ s = ctx->next;
+ cdk_free(ctx);
+ ctx = s;
+ }
}
@@ -555,10 +531,9 @@ cdk_subpkt_free (cdk_subpkt_t ctx)
* Find the given packet type in the node. If no packet with this
* type was found, return null otherwise pointer to the node.
**/
-cdk_subpkt_t
-cdk_subpkt_find (cdk_subpkt_t ctx, size_t type)
+cdk_subpkt_t cdk_subpkt_find(cdk_subpkt_t ctx, size_t type)
{
- return cdk_subpkt_find_nth (ctx, type, 0);
+ return cdk_subpkt_find_nth(ctx, type, 0);
}
/**
@@ -568,20 +543,18 @@ cdk_subpkt_find (cdk_subpkt_t ctx, size_t type)
*
* Return the amount of sub packets with this type.
**/
-size_t
-cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type)
+size_t cdk_subpkt_type_count(cdk_subpkt_t ctx, size_t type)
{
- cdk_subpkt_t s;
- size_t count;
+ cdk_subpkt_t s;
+ size_t count;
- count = 0;
- for (s = ctx; s; s = s->next)
- {
- if (s->type == type)
- count++;
- }
+ count = 0;
+ for (s = ctx; s; s = s->next) {
+ if (s->type == type)
+ count++;
+ }
- return count;
+ return count;
}
@@ -593,20 +566,18 @@ cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type)
*
* Return the nth sub packet of the given type.
**/
-cdk_subpkt_t
-cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type, size_t idx)
+cdk_subpkt_t cdk_subpkt_find_nth(cdk_subpkt_t ctx, size_t type, size_t idx)
{
- cdk_subpkt_t s;
- size_t pos;
+ cdk_subpkt_t s;
+ size_t pos;
- pos = 0;
- for (s = ctx; s; s = s->next)
- {
- if (s->type == type && pos++ == idx)
- return s;
- }
+ pos = 0;
+ for (s = ctx; s; s = s->next) {
+ if (s->type == type && pos++ == idx)
+ return s;
+ }
- return NULL;
+ return NULL;
}
@@ -616,19 +587,18 @@ cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type, size_t idx)
*
* Create a new sub packet node with the size of @size.
**/
-cdk_subpkt_t
-cdk_subpkt_new (size_t size)
+cdk_subpkt_t cdk_subpkt_new(size_t size)
{
- cdk_subpkt_t s;
+ cdk_subpkt_t s;
- if (!size)
- return NULL;
- s = cdk_calloc (1, sizeof *s + size + 2);
- if (!s)
- return NULL;
- s->d = (byte*)s + sizeof (*s);
+ if (!size)
+ return NULL;
+ s = cdk_calloc(1, sizeof *s + size + 2);
+ if (!s)
+ return NULL;
+ s->d = (byte *) s + sizeof(*s);
- return s;
+ return s;
}
@@ -641,15 +611,15 @@ cdk_subpkt_new (size_t size)
* Extract the data from the given sub packet. The type is returned
* in @r_type and the size in @r_nbytes.
**/
-const byte *
-cdk_subpkt_get_data (cdk_subpkt_t ctx, size_t * r_type, size_t * r_nbytes)
+const byte *cdk_subpkt_get_data(cdk_subpkt_t ctx, size_t * r_type,
+ size_t * r_nbytes)
{
- if (!ctx || !r_nbytes)
- return NULL;
- if (r_type)
- *r_type = ctx->type;
- *r_nbytes = ctx->size;
- return ctx->d;
+ if (!ctx || !r_nbytes)
+ return NULL;
+ if (r_type)
+ *r_type = ctx->type;
+ *r_nbytes = ctx->size;
+ return ctx->d;
}
@@ -660,111 +630,98 @@ cdk_subpkt_get_data (cdk_subpkt_t ctx, size_t * r_type, size_t * r_nbytes)
*
* Add the node in @node to the root node @root.
**/
-cdk_error_t
-cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node)
+cdk_error_t cdk_subpkt_add(cdk_subpkt_t root, cdk_subpkt_t node)
{
- cdk_subpkt_t n1;
-
- if (!root)
- return CDK_Inv_Value;
- for (n1 = root; n1->next; n1 = n1->next)
- ;
- n1->next = node;
- return 0;
+ cdk_subpkt_t n1;
+
+ if (!root)
+ return CDK_Inv_Value;
+ for (n1 = root; n1->next; n1 = n1->next);
+ n1->next = node;
+ return 0;
}
-byte *
-_cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes)
+byte *_cdk_subpkt_get_array(cdk_subpkt_t s, int count, size_t * r_nbytes)
{
- cdk_subpkt_t list;
- byte *buf;
- size_t n, nbytes;
-
- if (!s)
- {
- if (r_nbytes)
- *r_nbytes = 0;
- return NULL;
- }
-
- for (n = 0, list = s; list; list = list->next)
- {
- n++; /* type */
- n += list->size;
- if (list->size < 192)
- n++;
- else if (list->size < 8384)
- n += 2;
- else
- n += 5;
- }
- buf = cdk_calloc (1, n + 1);
- if (!buf)
- return NULL;
-
- n = 0;
- for (list = s; list; list = list->next)
- {
- nbytes = 1 + list->size; /* type */
- if (nbytes < 192)
- buf[n++] = nbytes;
- else if (nbytes < 8384)
- {
- nbytes -= 192;
- buf[n++] = nbytes / 256 + 192;
- buf[n++] = nbytes & 0xff;
- }
- else
- {
- buf[n++] = 0xFF;
- buf[n++] = nbytes >> 24;
- buf[n++] = nbytes >> 16;
- buf[n++] = nbytes >> 8;
- buf[n++] = nbytes;
- }
-
- buf[n++] = list->type;
- memcpy (buf + n, list->d, list->size);
- n += list->size;
- }
-
- if (count)
- {
- cdk_free (buf);
- buf = NULL;
- }
- if (r_nbytes)
- *r_nbytes = n;
- return buf;
+ cdk_subpkt_t list;
+ byte *buf;
+ size_t n, nbytes;
+
+ if (!s) {
+ if (r_nbytes)
+ *r_nbytes = 0;
+ return NULL;
+ }
+
+ for (n = 0, list = s; list; list = list->next) {
+ n++; /* type */
+ n += list->size;
+ if (list->size < 192)
+ n++;
+ else if (list->size < 8384)
+ n += 2;
+ else
+ n += 5;
+ }
+ buf = cdk_calloc(1, n + 1);
+ if (!buf)
+ return NULL;
+
+ n = 0;
+ for (list = s; list; list = list->next) {
+ nbytes = 1 + list->size; /* type */
+ if (nbytes < 192)
+ buf[n++] = nbytes;
+ else if (nbytes < 8384) {
+ nbytes -= 192;
+ buf[n++] = nbytes / 256 + 192;
+ buf[n++] = nbytes & 0xff;
+ } else {
+ buf[n++] = 0xFF;
+ buf[n++] = nbytes >> 24;
+ buf[n++] = nbytes >> 16;
+ buf[n++] = nbytes >> 8;
+ buf[n++] = nbytes;
+ }
+
+ buf[n++] = list->type;
+ memcpy(buf + n, list->d, list->size);
+ n += list->size;
+ }
+
+ if (count) {
+ cdk_free(buf);
+ buf = NULL;
+ }
+ if (r_nbytes)
+ *r_nbytes = n;
+ return buf;
}
-cdk_error_t
-_cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src)
+cdk_error_t _cdk_subpkt_copy(cdk_subpkt_t * r_dst, cdk_subpkt_t src)
{
- cdk_subpkt_t root, p, node;
-
- if (!src || !r_dst)
- return CDK_Inv_Value;
-
- root = NULL;
- for (p = src; p; p = p->next)
- {
- node = cdk_subpkt_new (p->size);
- if (node)
- {
- memcpy (node->d, p->d, p->size);
- node->type = p->type;
- node->size = p->size;
- }
- if (!root)
- root = node;
- else
- cdk_subpkt_add (root, node);
- }
- *r_dst = root;
- return 0;
+ cdk_subpkt_t root, p, node;
+
+ if (!src || !r_dst)
+ return CDK_Inv_Value;
+
+ root = NULL;
+ for (p = src; p; p = p->next) {
+ node = cdk_subpkt_new(p->size);
+ if (node) {
+ memcpy(node->d, p->d, p->size);
+ node->type = p->type;
+ node->size = p->size;
+ }
+ if (!root)
+ root = node;
+ else
+ cdk_subpkt_add(root, node);
+ }
+ *r_dst = root;
+ return 0;
}
@@ -778,43 +735,38 @@ _cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src)
* Set the packet data of the given root and set the type of it.
**/
void
-cdk_subpkt_init (cdk_subpkt_t node, size_t type,
- const void *buf, size_t buflen)
+cdk_subpkt_init(cdk_subpkt_t node, size_t type,
+ const void *buf, size_t buflen)
{
- if (!node)
- return;
- node->type = type;
- node->size = buflen;
- memcpy (node->d, buf, buflen);
+ if (!node)
+ return;
+ node->type = type;
+ node->size = buflen;
+ memcpy(node->d, buf, buflen);
}
/* FIXME: We need to think of a public interface for it. */
-const byte *
-cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
- cdk_desig_revoker_t * ctx,
- int *r_class, int *r_algid)
+const byte *cdk_key_desig_revoker_walk(cdk_desig_revoker_t root,
+ cdk_desig_revoker_t * ctx,
+ int *r_class, int *r_algid)
{
- cdk_desig_revoker_t n;
-
- if (!*ctx)
- {
- *ctx = root;
- n = root;
- }
- else
- {
- n = (*ctx)->next;
- *ctx = n;
- }
-
- if (n && r_class && r_algid)
- {
- *r_class = n->r_class;
- *r_algid = n->algid;
- }
-
- return n ? n->fpr : NULL;
+ cdk_desig_revoker_t n;
+
+ if (!*ctx) {
+ *ctx = root;
+ n = root;
+ } else {
+ n = (*ctx)->next;
+ *ctx = n;
+ }
+
+ if (n && r_class && r_algid) {
+ *r_class = n->r_class;
+ *r_algid = n->algid;
+ }
+
+ return n ? n->fpr : NULL;
}
@@ -826,18 +778,16 @@ cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
* Try to find the next node after @root with type.
* If type is 0, the next node will be returned.
**/
-cdk_subpkt_t
-cdk_subpkt_find_next (cdk_subpkt_t root, size_t type)
+cdk_subpkt_t cdk_subpkt_find_next(cdk_subpkt_t root, size_t type)
{
- cdk_subpkt_t node;
+ cdk_subpkt_t node;
- for (node = root->next; node; node = node->next)
- {
- if (!type)
- return node;
- else if (node->type == type)
- return node;
- }
+ for (node = root->next; node; node = node->next) {
+ if (!type)
+ return node;
+ else if (node->type == type)
+ return node;
+ }
- return NULL;
+ return NULL;
}
diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h
index b8eef0e407..c06b749845 100644
--- a/lib/opencdk/opencdk.h
+++ b/lib/opencdk/opencdk.h
@@ -25,7 +25,7 @@
#include <config.h>
#include <gnutls_int.h>
-#include <stddef.h> /* for size_t */
+#include <stddef.h> /* for size_t */
#include <stdarg.h>
#include <gnutls_mem.h>
#include <gnutls/gnutls.h>
@@ -41,335 +41,316 @@
#define OPENCDK_VERSION_PATCH 6
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* General contexts */
/* 'Session' handle to support the various options and run-time
information. */
- struct cdk_ctx_s;
- typedef struct cdk_ctx_s *cdk_ctx_t;
+ struct cdk_ctx_s;
+ typedef struct cdk_ctx_s *cdk_ctx_t;
/* A generic context to store list of strings. */
- struct cdk_strlist_s;
- typedef struct cdk_strlist_s *cdk_strlist_t;
+ struct cdk_strlist_s;
+ typedef struct cdk_strlist_s *cdk_strlist_t;
/* Context used to list keys of a keyring. */
- struct cdk_listkey_s;
- typedef struct cdk_listkey_s *cdk_listkey_t;
+ struct cdk_listkey_s;
+ typedef struct cdk_listkey_s *cdk_listkey_t;
/* Opaque String to Key (S2K) handle. */
- struct cdk_s2k_s;
- typedef struct cdk_s2k_s *cdk_s2k_t;
+ struct cdk_s2k_s;
+ typedef struct cdk_s2k_s *cdk_s2k_t;
/* Abstract I/O object, a stream, which is used for most operations. */
- struct cdk_stream_s;
- typedef struct cdk_stream_s *cdk_stream_t;
+ struct cdk_stream_s;
+ typedef struct cdk_stream_s *cdk_stream_t;
/* Opaque handle for the user ID preferences. */
- struct cdk_prefitem_s;
- typedef struct cdk_prefitem_s *cdk_prefitem_t;
+ struct cdk_prefitem_s;
+ typedef struct cdk_prefitem_s *cdk_prefitem_t;
/* Node to store a single key node packet. */
- struct cdk_kbnode_s;
- typedef struct cdk_kbnode_s *cdk_kbnode_t;
+ struct cdk_kbnode_s;
+ typedef struct cdk_kbnode_s *cdk_kbnode_t;
/* Key database handle. */
- struct cdk_keydb_hd_s;
- typedef struct cdk_keydb_hd_s *cdk_keydb_hd_t;
+ struct cdk_keydb_hd_s;
+ typedef struct cdk_keydb_hd_s *cdk_keydb_hd_t;
- struct cdk_keydb_search_s;
- typedef struct cdk_keydb_search_s *cdk_keydb_search_t;
+ struct cdk_keydb_search_s;
+ typedef struct cdk_keydb_search_s *cdk_keydb_search_t;
/* Context to store a list of recipient keys. */
- struct cdk_keylist_s;
- typedef struct cdk_keylist_s *cdk_keylist_t;
+ struct cdk_keylist_s;
+ typedef struct cdk_keylist_s *cdk_keylist_t;
/* Context to encapsulate a single sub packet of a signature. */
- struct cdk_subpkt_s;
- typedef struct cdk_subpkt_s *cdk_subpkt_t;
+ struct cdk_subpkt_s;
+ typedef struct cdk_subpkt_s *cdk_subpkt_t;
/* Context used to generate key pairs. */
- struct cdk_keygen_ctx_s;
- typedef struct cdk_keygen_ctx_s *cdk_keygen_ctx_t;
+ struct cdk_keygen_ctx_s;
+ typedef struct cdk_keygen_ctx_s *cdk_keygen_ctx_t;
/* Handle for a single designated revoker. */
- struct cdk_desig_revoker_s;
- typedef struct cdk_desig_revoker_s *cdk_desig_revoker_t;
+ struct cdk_desig_revoker_s;
+ typedef struct cdk_desig_revoker_s *cdk_desig_revoker_t;
/* Alias for backward compatibility. */
- typedef bigint_t cdk_mpi_t;
+ typedef bigint_t cdk_mpi_t;
/* All valid error constants. */
- typedef enum
- {
- CDK_EOF = -1,
- CDK_Success = 0,
- CDK_General_Error = 1,
- CDK_File_Error = 2,
- CDK_Bad_Sig = 3,
- CDK_Inv_Packet = 4,
- CDK_Inv_Algo = 5,
- CDK_Not_Implemented = 6,
- CDK_Armor_Error = 8,
- CDK_Armor_CRC_Error = 9,
- CDK_MPI_Error = 10,
- CDK_Inv_Value = 11,
- CDK_Error_No_Key = 12,
- CDK_Chksum_Error = 13,
- CDK_Time_Conflict = 14,
- CDK_Zlib_Error = 15,
- CDK_Weak_Key = 16,
- CDK_Out_Of_Core = 17,
- CDK_Wrong_Seckey = 18,
- CDK_Bad_MDC = 19,
- CDK_Inv_Mode = 20,
- CDK_Error_No_Keyring = 21,
- CDK_Wrong_Format = 22,
- CDK_Inv_Packet_Ver = 23,
- CDK_Too_Short = 24,
- CDK_Unusable_Key = 25,
- CDK_No_Data = 26,
- CDK_No_Passphrase = 27,
- CDK_Network_Error = 28
- } cdk_error_t;
-
-
- enum cdk_control_flags
- {
- CDK_CTLF_SET = 0, /* Value to set an option */
- CDK_CTLF_GET = 1, /* Value to get an option */
- CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
- CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
- CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
- CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
- CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
- CDK_CTL_S2K = 16, /* Option to set S2K values. */
- CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
- CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
- };
+ typedef enum {
+ CDK_EOF = -1,
+ CDK_Success = 0,
+ CDK_General_Error = 1,
+ CDK_File_Error = 2,
+ CDK_Bad_Sig = 3,
+ CDK_Inv_Packet = 4,
+ CDK_Inv_Algo = 5,
+ CDK_Not_Implemented = 6,
+ CDK_Armor_Error = 8,
+ CDK_Armor_CRC_Error = 9,
+ CDK_MPI_Error = 10,
+ CDK_Inv_Value = 11,
+ CDK_Error_No_Key = 12,
+ CDK_Chksum_Error = 13,
+ CDK_Time_Conflict = 14,
+ CDK_Zlib_Error = 15,
+ CDK_Weak_Key = 16,
+ CDK_Out_Of_Core = 17,
+ CDK_Wrong_Seckey = 18,
+ CDK_Bad_MDC = 19,
+ CDK_Inv_Mode = 20,
+ CDK_Error_No_Keyring = 21,
+ CDK_Wrong_Format = 22,
+ CDK_Inv_Packet_Ver = 23,
+ CDK_Too_Short = 24,
+ CDK_Unusable_Key = 25,
+ CDK_No_Data = 26,
+ CDK_No_Passphrase = 27,
+ CDK_Network_Error = 28
+ } cdk_error_t;
+
+
+ enum cdk_control_flags {
+ CDK_CTLF_SET = 0, /* Value to set an option */
+ CDK_CTLF_GET = 1, /* Value to get an option */
+ CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
+ CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
+ CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
+ CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
+ CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
+ CDK_CTL_S2K = 16, /* Option to set S2K values. */
+ CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
+ CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
+ };
/* Specifies all valid log levels. */
- enum cdk_log_level_t
- {
- CDK_LOG_NONE = 0, /* No log message will be shown. */
- CDK_LOG_INFO = 1,
- CDK_LOG_DEBUG = 2,
- CDK_LOG_DEBUG_PKT = 3
- };
+ enum cdk_log_level_t {
+ CDK_LOG_NONE = 0, /* No log message will be shown. */
+ CDK_LOG_INFO = 1,
+ CDK_LOG_DEBUG = 2,
+ CDK_LOG_DEBUG_PKT = 3
+ };
/* All valid compression algorithms in OpenPGP */
- enum cdk_compress_algo_t
- {
- CDK_COMPRESS_NONE = 0,
- CDK_COMPRESS_ZIP = 1,
- CDK_COMPRESS_ZLIB = 2,
- CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
- };
+ enum cdk_compress_algo_t {
+ CDK_COMPRESS_NONE = 0,
+ CDK_COMPRESS_ZIP = 1,
+ CDK_COMPRESS_ZLIB = 2,
+ CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
+ };
/* All valid public key algorithms valid in OpenPGP */
- enum cdk_pubkey_algo_t
- {
- CDK_PK_UNKNOWN = 0,
- CDK_PK_RSA = 1,
- CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
- CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
- CDK_PK_ELG_E = 16,
- CDK_PK_DSA = 17
- };
+ enum cdk_pubkey_algo_t {
+ CDK_PK_UNKNOWN = 0,
+ CDK_PK_RSA = 1,
+ CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
+ CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
+ CDK_PK_ELG_E = 16,
+ CDK_PK_DSA = 17
+ };
/* The valid 'String-To-Key' modes */
- enum cdk_s2k_type_t
- {
- CDK_S2K_SIMPLE = 0,
- CDK_S2K_SALTED = 1,
- CDK_S2K_ITERSALTED = 3,
- CDK_S2K_GNU_EXT = 101
- /* GNU extensions: refer to DETAILS from GnuPG:
- http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
- */
- };
+ enum cdk_s2k_type_t {
+ CDK_S2K_SIMPLE = 0,
+ CDK_S2K_SALTED = 1,
+ CDK_S2K_ITERSALTED = 3,
+ CDK_S2K_GNU_EXT = 101
+ /* GNU extensions: refer to DETAILS from GnuPG:
+ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
+ */
+ };
/* The different kind of user ID preferences. */
- enum cdk_pref_type_t
- {
- CDK_PREFTYPE_NONE = 0,
- CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
- CDK_PREFTYPE_HASH = 2, /* Message digests */
- CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
- };
+ enum cdk_pref_type_t {
+ CDK_PREFTYPE_NONE = 0,
+ CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
+ CDK_PREFTYPE_HASH = 2, /* Message digests */
+ CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
+ };
/* All valid sub packet types. */
- enum cdk_sig_subpacket_t
- {
- CDK_SIGSUBPKT_NONE = 0,
- CDK_SIGSUBPKT_SIG_CREATED = 2,
- CDK_SIGSUBPKT_SIG_EXPIRE = 3,
- CDK_SIGSUBPKT_EXPORTABLE = 4,
- CDK_SIGSUBPKT_TRUST = 5,
- CDK_SIGSUBPKT_REGEXP = 6,
- CDK_SIGSUBPKT_REVOCABLE = 7,
- CDK_SIGSUBPKT_KEY_EXPIRE = 9,
- CDK_SIGSUBPKT_PREFS_SYM = 11,
- CDK_SIGSUBPKT_REV_KEY = 12,
- CDK_SIGSUBPKT_ISSUER = 16,
- CDK_SIGSUBPKT_NOTATION = 20,
- CDK_SIGSUBPKT_PREFS_HASH = 21,
- CDK_SIGSUBPKT_PREFS_ZIP = 22,
- CDK_SIGSUBPKT_KS_FLAGS = 23,
- CDK_SIGSUBPKT_PREF_KS = 24,
- CDK_SIGSUBPKT_PRIMARY_UID = 25,
- CDK_SIGSUBPKT_POLICY = 26,
- CDK_SIGSUBPKT_KEY_FLAGS = 27,
- CDK_SIGSUBPKT_SIGNERS_UID = 28,
- CDK_SIGSUBPKT_REVOC_REASON = 29,
- CDK_SIGSUBPKT_FEATURES = 30
- };
+ enum cdk_sig_subpacket_t {
+ CDK_SIGSUBPKT_NONE = 0,
+ CDK_SIGSUBPKT_SIG_CREATED = 2,
+ CDK_SIGSUBPKT_SIG_EXPIRE = 3,
+ CDK_SIGSUBPKT_EXPORTABLE = 4,
+ CDK_SIGSUBPKT_TRUST = 5,
+ CDK_SIGSUBPKT_REGEXP = 6,
+ CDK_SIGSUBPKT_REVOCABLE = 7,
+ CDK_SIGSUBPKT_KEY_EXPIRE = 9,
+ CDK_SIGSUBPKT_PREFS_SYM = 11,
+ CDK_SIGSUBPKT_REV_KEY = 12,
+ CDK_SIGSUBPKT_ISSUER = 16,
+ CDK_SIGSUBPKT_NOTATION = 20,
+ CDK_SIGSUBPKT_PREFS_HASH = 21,
+ CDK_SIGSUBPKT_PREFS_ZIP = 22,
+ CDK_SIGSUBPKT_KS_FLAGS = 23,
+ CDK_SIGSUBPKT_PREF_KS = 24,
+ CDK_SIGSUBPKT_PRIMARY_UID = 25,
+ CDK_SIGSUBPKT_POLICY = 26,
+ CDK_SIGSUBPKT_KEY_FLAGS = 27,
+ CDK_SIGSUBPKT_SIGNERS_UID = 28,
+ CDK_SIGSUBPKT_REVOC_REASON = 29,
+ CDK_SIGSUBPKT_FEATURES = 30
+ };
/* All valid armor types. */
- enum cdk_armor_type_t
- {
- CDK_ARMOR_MESSAGE = 0,
- CDK_ARMOR_PUBKEY = 1,
- CDK_ARMOR_SECKEY = 2,
- CDK_ARMOR_SIGNATURE = 3,
- CDK_ARMOR_CLEARSIG = 4
- };
-
- enum cdk_keydb_flag_t
- {
- /* Valid database search modes */
- CDK_DBSEARCH_EXACT = 1, /* Exact string search */
- CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
- CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
- CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
- CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
- CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
- CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
- /* Valid database types */
- CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
- CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
- CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
- };
+ enum cdk_armor_type_t {
+ CDK_ARMOR_MESSAGE = 0,
+ CDK_ARMOR_PUBKEY = 1,
+ CDK_ARMOR_SECKEY = 2,
+ CDK_ARMOR_SIGNATURE = 3,
+ CDK_ARMOR_CLEARSIG = 4
+ };
+
+ enum cdk_keydb_flag_t {
+ /* Valid database search modes */
+ CDK_DBSEARCH_EXACT = 1, /* Exact string search */
+ CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
+ CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
+ CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
+ CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
+ CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
+ CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
+ /* Valid database types */
+ CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
+ CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
+ CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
+ };
/* All valid modes for cdk_data_transform() */
- enum cdk_crypto_mode_t
- {
- CDK_CRYPTYPE_NONE = 0,
- CDK_CRYPTYPE_ENCRYPT = 1,
- CDK_CRYPTYPE_DECRYPT = 2,
- CDK_CRYPTYPE_SIGN = 3,
- CDK_CRYPTYPE_VERIFY = 4,
- CDK_CRYPTYPE_EXPORT = 5,
- CDK_CRYPTYPE_IMPORT = 6
- };
+ enum cdk_crypto_mode_t {
+ CDK_CRYPTYPE_NONE = 0,
+ CDK_CRYPTYPE_ENCRYPT = 1,
+ CDK_CRYPTYPE_DECRYPT = 2,
+ CDK_CRYPTYPE_SIGN = 3,
+ CDK_CRYPTYPE_VERIFY = 4,
+ CDK_CRYPTYPE_EXPORT = 5,
+ CDK_CRYPTYPE_IMPORT = 6
+ };
#define CDK_KEY_USG_ENCR (CDK_KEY_USG_COMM_ENCR | CDK_KEY_USG_STORAGE_ENCR)
#define CDK_KEY_USG_SIGN (CDK_KEY_USG_DATA_SIGN | CDK_KEY_USG_CERT_SIGN)
/* A list of valid public key usages. */
- enum cdk_key_usage_t
- {
- CDK_KEY_USG_CERT_SIGN = 1,
- CDK_KEY_USG_DATA_SIGN = 2,
- CDK_KEY_USG_COMM_ENCR = 4,
- CDK_KEY_USG_STORAGE_ENCR = 8,
- CDK_KEY_USG_SPLIT_KEY = 16,
- CDK_KEY_USG_AUTH = 32,
- CDK_KEY_USG_SHARED_KEY = 128
- };
+ enum cdk_key_usage_t {
+ CDK_KEY_USG_CERT_SIGN = 1,
+ CDK_KEY_USG_DATA_SIGN = 2,
+ CDK_KEY_USG_COMM_ENCR = 4,
+ CDK_KEY_USG_STORAGE_ENCR = 8,
+ CDK_KEY_USG_SPLIT_KEY = 16,
+ CDK_KEY_USG_AUTH = 32,
+ CDK_KEY_USG_SHARED_KEY = 128
+ };
/* Valid flags for keys. */
- enum cdk_key_flag_t
- {
- CDK_KEY_VALID = 0,
- CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
- CDK_KEY_EXPIRED = 2, /* Key is expired. */
- CDK_KEY_REVOKED = 4, /* Key has been revoked. */
- CDK_KEY_NOSIGNER = 8
- };
+ enum cdk_key_flag_t {
+ CDK_KEY_VALID = 0,
+ CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
+ CDK_KEY_EXPIRED = 2, /* Key is expired. */
+ CDK_KEY_REVOKED = 4, /* Key has been revoked. */
+ CDK_KEY_NOSIGNER = 8
+ };
/* Trust values and flags for keys and user IDs */
- enum cdk_trust_flag_t
- {
- CDK_TRUST_UNKNOWN = 0,
- CDK_TRUST_EXPIRED = 1,
- CDK_TRUST_UNDEFINED = 2,
- CDK_TRUST_NEVER = 3,
- CDK_TRUST_MARGINAL = 4,
- CDK_TRUST_FULLY = 5,
- CDK_TRUST_ULTIMATE = 6,
- /* trust flags */
- CDK_TFLAG_REVOKED = 32,
- CDK_TFLAG_SUB_REVOKED = 64,
- CDK_TFLAG_DISABLED = 128
- };
+ enum cdk_trust_flag_t {
+ CDK_TRUST_UNKNOWN = 0,
+ CDK_TRUST_EXPIRED = 1,
+ CDK_TRUST_UNDEFINED = 2,
+ CDK_TRUST_NEVER = 3,
+ CDK_TRUST_MARGINAL = 4,
+ CDK_TRUST_FULLY = 5,
+ CDK_TRUST_ULTIMATE = 6,
+ /* trust flags */
+ CDK_TFLAG_REVOKED = 32,
+ CDK_TFLAG_SUB_REVOKED = 64,
+ CDK_TFLAG_DISABLED = 128
+ };
/* Signature states and the signature modes. */
- enum cdk_signature_stat_t
- {
- /* Signature status */
- CDK_SIGSTAT_NONE = 0,
- CDK_SIGSTAT_GOOD = 1,
- CDK_SIGSTAT_BAD = 2,
- CDK_SIGSTAT_NOKEY = 3,
- CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
- /* FIXME: We need indicators for revoked/expires signatures. */
-
- /* Signature modes */
- CDK_SIGMODE_NORMAL = 100,
- CDK_SIGMODE_DETACHED = 101,
- CDK_SIGMODE_CLEAR = 102
- };
+ enum cdk_signature_stat_t {
+ /* Signature status */
+ CDK_SIGSTAT_NONE = 0,
+ CDK_SIGSTAT_GOOD = 1,
+ CDK_SIGSTAT_BAD = 2,
+ CDK_SIGSTAT_NOKEY = 3,
+ CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
+ /* FIXME: We need indicators for revoked/expires signatures. */
+
+ /* Signature modes */
+ CDK_SIGMODE_NORMAL = 100,
+ CDK_SIGMODE_DETACHED = 101,
+ CDK_SIGMODE_CLEAR = 102
+ };
/* Key flags. */
- typedef enum
- {
- CDK_FLAG_KEY_REVOKED = 256,
- CDK_FLAG_KEY_EXPIRED = 512,
- CDK_FLAG_SIG_EXPIRED = 1024
- } cdk_key_flags_t;
+ typedef enum {
+ CDK_FLAG_KEY_REVOKED = 256,
+ CDK_FLAG_KEY_EXPIRED = 512,
+ CDK_FLAG_SIG_EXPIRED = 1024
+ } cdk_key_flags_t;
/* Possible format for the literal data. */
- typedef enum
- {
- CDK_LITFMT_BINARY = 0,
- CDK_LITFMT_TEXT = 1,
- CDK_LITFMT_UNICODE = 2
- } cdk_lit_format_t;
+ typedef enum {
+ CDK_LITFMT_BINARY = 0,
+ CDK_LITFMT_TEXT = 1,
+ CDK_LITFMT_UNICODE = 2
+ } cdk_lit_format_t;
/* Valid OpenPGP packet types and their IDs */
- typedef enum
- {
- CDK_PKT_RESERVED = 0,
- CDK_PKT_PUBKEY_ENC = 1,
- CDK_PKT_SIGNATURE = 2,
- CDK_PKT_ONEPASS_SIG = 4,
- CDK_PKT_SECRET_KEY = 5,
- CDK_PKT_PUBLIC_KEY = 6,
- CDK_PKT_SECRET_SUBKEY = 7,
- CDK_PKT_COMPRESSED = 8,
- CDK_PKT_MARKER = 10,
- CDK_PKT_LITERAL = 11,
- CDK_PKT_RING_TRUST = 12,
- CDK_PKT_USER_ID = 13,
- CDK_PKT_PUBLIC_SUBKEY = 14,
- CDK_PKT_OLD_COMMENT = 16,
- CDK_PKT_ATTRIBUTE = 17,
- CDK_PKT_MDC = 19
- } cdk_packet_type_t;
+ typedef enum {
+ CDK_PKT_RESERVED = 0,
+ CDK_PKT_PUBKEY_ENC = 1,
+ CDK_PKT_SIGNATURE = 2,
+ CDK_PKT_ONEPASS_SIG = 4,
+ CDK_PKT_SECRET_KEY = 5,
+ CDK_PKT_PUBLIC_KEY = 6,
+ CDK_PKT_SECRET_SUBKEY = 7,
+ CDK_PKT_COMPRESSED = 8,
+ CDK_PKT_MARKER = 10,
+ CDK_PKT_LITERAL = 11,
+ CDK_PKT_RING_TRUST = 12,
+ CDK_PKT_USER_ID = 13,
+ CDK_PKT_PUBLIC_SUBKEY = 14,
+ CDK_PKT_OLD_COMMENT = 16,
+ CDK_PKT_ATTRIBUTE = 17,
+ CDK_PKT_MDC = 19
+ } cdk_packet_type_t;
/* Define the maximal number of multiprecion integers for
a public key. */
@@ -386,228 +367,217 @@ extern "C"
|| ((pkttype)==CDK_PKT_ENCRYPTED))
- struct cdk_pkt_signature_s
- {
- unsigned char version;
- unsigned char sig_class;
- unsigned int timestamp;
- unsigned int expiredate;
- unsigned int keyid[2];
- unsigned char pubkey_algo;
- unsigned char digest_algo;
- unsigned char digest_start[2];
- unsigned short hashed_size;
- cdk_subpkt_t hashed;
- unsigned short unhashed_size;
- cdk_subpkt_t unhashed;
- bigint_t mpi[MAX_CDK_DATA_PARTS];
- cdk_desig_revoker_t revkeys;
- struct
- {
- unsigned exportable:1;
- unsigned revocable:1;
- unsigned policy_url:1;
- unsigned notation:1;
- unsigned expired:1;
- unsigned checked:1;
- unsigned valid:1;
- unsigned missing_key:1;
- } flags;
- unsigned int key[2]; /* only valid for key signatures */
- };
- typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t;
-
-
- struct cdk_pkt_userid_s
- {
- unsigned int len;
- unsigned is_primary:1;
- unsigned is_revoked:1;
- unsigned mdc_feature:1;
- cdk_prefitem_t prefs;
- size_t prefs_size;
- unsigned char *attrib_img; /* Tag 17 if not null */
- size_t attrib_len;
- cdk_pkt_signature_t selfsig;
- char *name;
- };
- typedef struct cdk_pkt_userid_s *cdk_pkt_userid_t;
-
-
- struct cdk_pkt_pubkey_s
- {
- unsigned char version;
- unsigned char pubkey_algo;
- unsigned char fpr[20];
- unsigned int keyid[2];
- unsigned int main_keyid[2];
- unsigned int timestamp;
- unsigned int expiredate;
- bigint_t mpi[MAX_CDK_PK_PARTS];
- unsigned is_revoked:1;
- unsigned is_invalid:1;
- unsigned has_expired:1;
- int pubkey_usage;
- cdk_pkt_userid_t uid;
- cdk_prefitem_t prefs;
- size_t prefs_size;
- cdk_desig_revoker_t revkeys;
- };
- typedef struct cdk_pkt_pubkey_s *cdk_pkt_pubkey_t;
+ struct cdk_pkt_signature_s {
+ unsigned char version;
+ unsigned char sig_class;
+ unsigned int timestamp;
+ unsigned int expiredate;
+ unsigned int keyid[2];
+ unsigned char pubkey_algo;
+ unsigned char digest_algo;
+ unsigned char digest_start[2];
+ unsigned short hashed_size;
+ cdk_subpkt_t hashed;
+ unsigned short unhashed_size;
+ cdk_subpkt_t unhashed;
+ bigint_t mpi[MAX_CDK_DATA_PARTS];
+ cdk_desig_revoker_t revkeys;
+ struct {
+ unsigned exportable:1;
+ unsigned revocable:1;
+ unsigned policy_url:1;
+ unsigned notation:1;
+ unsigned expired:1;
+ unsigned checked:1;
+ unsigned valid:1;
+ unsigned missing_key:1;
+ } flags;
+ unsigned int key[2]; /* only valid for key signatures */
+ };
+ typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t;
+
+
+ struct cdk_pkt_userid_s {
+ unsigned int len;
+ unsigned is_primary:1;
+ unsigned is_revoked:1;
+ unsigned mdc_feature:1;
+ cdk_prefitem_t prefs;
+ size_t prefs_size;
+ unsigned char *attrib_img; /* Tag 17 if not null */
+ size_t attrib_len;
+ cdk_pkt_signature_t selfsig;
+ char *name;
+ };
+ typedef struct cdk_pkt_userid_s *cdk_pkt_userid_t;
+
+
+ struct cdk_pkt_pubkey_s {
+ unsigned char version;
+ unsigned char pubkey_algo;
+ unsigned char fpr[20];
+ unsigned int keyid[2];
+ unsigned int main_keyid[2];
+ unsigned int timestamp;
+ unsigned int expiredate;
+ bigint_t mpi[MAX_CDK_PK_PARTS];
+ unsigned is_revoked:1;
+ unsigned is_invalid:1;
+ unsigned has_expired:1;
+ int pubkey_usage;
+ cdk_pkt_userid_t uid;
+ cdk_prefitem_t prefs;
+ size_t prefs_size;
+ cdk_desig_revoker_t revkeys;
+ };
+ typedef struct cdk_pkt_pubkey_s *cdk_pkt_pubkey_t;
/* Alias to define a generic public key context. */
- typedef cdk_pkt_pubkey_t cdk_pubkey_t;
-
-
- struct cdk_pkt_seckey_s
- {
- cdk_pkt_pubkey_t pk;
- unsigned int expiredate;
- int version;
- int pubkey_algo;
- unsigned int keyid[2];
- unsigned int main_keyid[2];
- unsigned char s2k_usage;
- struct
- {
- unsigned char algo;
- unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
- cdk_s2k_t s2k;
- unsigned char iv[16];
- unsigned char ivlen;
- } protect;
- unsigned short csum;
- bigint_t mpi[MAX_CDK_PK_PARTS];
- unsigned char *encdata;
- size_t enclen;
- unsigned char is_protected;
- unsigned is_primary:1;
- unsigned has_expired:1;
- unsigned is_revoked:1;
- };
- typedef struct cdk_pkt_seckey_s *cdk_pkt_seckey_t;
+ typedef cdk_pkt_pubkey_t cdk_pubkey_t;
+
+
+ struct cdk_pkt_seckey_s {
+ cdk_pkt_pubkey_t pk;
+ unsigned int expiredate;
+ int version;
+ int pubkey_algo;
+ unsigned int keyid[2];
+ unsigned int main_keyid[2];
+ unsigned char s2k_usage;
+ struct {
+ unsigned char algo;
+ unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
+ cdk_s2k_t s2k;
+ unsigned char iv[16];
+ unsigned char ivlen;
+ } protect;
+ unsigned short csum;
+ bigint_t mpi[MAX_CDK_PK_PARTS];
+ unsigned char *encdata;
+ size_t enclen;
+ unsigned char is_protected;
+ unsigned is_primary:1;
+ unsigned has_expired:1;
+ unsigned is_revoked:1;
+ };
+ typedef struct cdk_pkt_seckey_s *cdk_pkt_seckey_t;
/* Alias to define a generic secret key context. */
- typedef cdk_pkt_seckey_t cdk_seckey_t;
-
-
- struct cdk_pkt_onepass_sig_s
- {
- unsigned char version;
- unsigned int keyid[2];
- unsigned char sig_class;
- unsigned char digest_algo;
- unsigned char pubkey_algo;
- unsigned char last;
- };
- typedef struct cdk_pkt_onepass_sig_s *cdk_pkt_onepass_sig_t;
-
-
- struct cdk_pkt_pubkey_enc_s
- {
- unsigned char version;
- unsigned int keyid[2];
- int throw_keyid;
- unsigned char pubkey_algo;
- bigint_t mpi[MAX_CDK_DATA_PARTS];
- };
- typedef struct cdk_pkt_pubkey_enc_s *cdk_pkt_pubkey_enc_t;
-
- struct cdk_pkt_encrypted_s
- {
- unsigned int len;
- int extralen;
- unsigned char mdc_method;
- cdk_stream_t buf;
- };
- typedef struct cdk_pkt_encrypted_s *cdk_pkt_encrypted_t;
-
-
- struct cdk_pkt_mdc_s
- {
- unsigned char hash[20];
- };
- typedef struct cdk_pkt_mdc_s *cdk_pkt_mdc_t;
-
-
- struct cdk_pkt_literal_s
- {
- unsigned int len;
- cdk_stream_t buf;
- int mode;
- unsigned int timestamp;
- int namelen;
- char *name;
- };
- typedef struct cdk_pkt_literal_s *cdk_pkt_literal_t;
-
-
- struct cdk_pkt_compressed_s
- {
- unsigned int len;
- int algorithm;
- cdk_stream_t buf;
- };
- typedef struct cdk_pkt_compressed_s *cdk_pkt_compressed_t;
+ typedef cdk_pkt_seckey_t cdk_seckey_t;
+
+
+ struct cdk_pkt_onepass_sig_s {
+ unsigned char version;
+ unsigned int keyid[2];
+ unsigned char sig_class;
+ unsigned char digest_algo;
+ unsigned char pubkey_algo;
+ unsigned char last;
+ };
+ typedef struct cdk_pkt_onepass_sig_s *cdk_pkt_onepass_sig_t;
+
+
+ struct cdk_pkt_pubkey_enc_s {
+ unsigned char version;
+ unsigned int keyid[2];
+ int throw_keyid;
+ unsigned char pubkey_algo;
+ bigint_t mpi[MAX_CDK_DATA_PARTS];
+ };
+ typedef struct cdk_pkt_pubkey_enc_s *cdk_pkt_pubkey_enc_t;
+
+ struct cdk_pkt_encrypted_s {
+ unsigned int len;
+ int extralen;
+ unsigned char mdc_method;
+ cdk_stream_t buf;
+ };
+ typedef struct cdk_pkt_encrypted_s *cdk_pkt_encrypted_t;
+
+
+ struct cdk_pkt_mdc_s {
+ unsigned char hash[20];
+ };
+ typedef struct cdk_pkt_mdc_s *cdk_pkt_mdc_t;
+
+
+ struct cdk_pkt_literal_s {
+ unsigned int len;
+ cdk_stream_t buf;
+ int mode;
+ unsigned int timestamp;
+ int namelen;
+ char *name;
+ };
+ typedef struct cdk_pkt_literal_s *cdk_pkt_literal_t;
+
+
+ struct cdk_pkt_compressed_s {
+ unsigned int len;
+ int algorithm;
+ cdk_stream_t buf;
+ };
+ typedef struct cdk_pkt_compressed_s *cdk_pkt_compressed_t;
/* Structure which represents a single OpenPGP packet. */
- struct cdk_packet_s
- {
- size_t pktlen; /* real packet length */
- size_t pktsize; /* length with all headers */
- int old_ctb; /* 1 if RFC1991 mode is used */
- cdk_packet_type_t pkttype;
- union
- {
- cdk_pkt_mdc_t mdc;
- cdk_pkt_userid_t user_id;
- cdk_pkt_pubkey_t public_key;
- cdk_pkt_seckey_t secret_key;
- cdk_pkt_signature_t signature;
- cdk_pkt_pubkey_enc_t pubkey_enc;
- cdk_pkt_compressed_t compressed;
- cdk_pkt_encrypted_t encrypted;
- cdk_pkt_literal_t literal;
- cdk_pkt_onepass_sig_t onepass_sig;
- } pkt;
- };
- typedef struct cdk_packet_s *cdk_packet_t;
+ struct cdk_packet_s {
+ size_t pktlen; /* real packet length */
+ size_t pktsize; /* length with all headers */
+ int old_ctb; /* 1 if RFC1991 mode is used */
+ cdk_packet_type_t pkttype;
+ union {
+ cdk_pkt_mdc_t mdc;
+ cdk_pkt_userid_t user_id;
+ cdk_pkt_pubkey_t public_key;
+ cdk_pkt_seckey_t secret_key;
+ cdk_pkt_signature_t signature;
+ cdk_pkt_pubkey_enc_t pubkey_enc;
+ cdk_pkt_compressed_t compressed;
+ cdk_pkt_encrypted_t encrypted;
+ cdk_pkt_literal_t literal;
+ cdk_pkt_onepass_sig_t onepass_sig;
+ } pkt;
+ };
+ typedef struct cdk_packet_s *cdk_packet_t;
/* Allocate a new packet or a new packet with the given packet type. */
- cdk_error_t cdk_pkt_new (cdk_packet_t * r_pkt);
- cdk_error_t cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype);
+ cdk_error_t cdk_pkt_new(cdk_packet_t * r_pkt);
+ cdk_error_t cdk_pkt_alloc(cdk_packet_t * r_pkt,
+ cdk_packet_type_t pkttype);
/* Only release the contents of the packet but not @PKT itself. */
- void cdk_pkt_free (cdk_packet_t pkt);
+ void cdk_pkt_free(cdk_packet_t pkt);
/* Release the packet contents and the packet structure @PKT itself. */
- void cdk_pkt_release (cdk_packet_t pkt);
+ void cdk_pkt_release(cdk_packet_t pkt);
/* Read or write the given output from or to the stream. */
- cdk_error_t cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt);
- cdk_error_t cdk_pkt_write (cdk_stream_t out, cdk_packet_t pkt);
+ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt);
+ cdk_error_t cdk_pkt_write(cdk_stream_t out, cdk_packet_t pkt);
/* Sub packet routines */
- cdk_subpkt_t cdk_subpkt_new (size_t size);
- void cdk_subpkt_free (cdk_subpkt_t ctx);
- cdk_subpkt_t cdk_subpkt_find (cdk_subpkt_t ctx, size_t type);
- cdk_subpkt_t cdk_subpkt_find_next (cdk_subpkt_t root, size_t type);
- size_t cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type);
- cdk_subpkt_t cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type,
- size_t index);
- cdk_error_t cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node);
- const unsigned char *cdk_subpkt_get_data (cdk_subpkt_t ctx,
- size_t * r_type,
- size_t * r_nbytes);
- void cdk_subpkt_init (cdk_subpkt_t node, size_t type, const void *buf,
- size_t buflen);
+ cdk_subpkt_t cdk_subpkt_new(size_t size);
+ void cdk_subpkt_free(cdk_subpkt_t ctx);
+ cdk_subpkt_t cdk_subpkt_find(cdk_subpkt_t ctx, size_t type);
+ cdk_subpkt_t cdk_subpkt_find_next(cdk_subpkt_t root, size_t type);
+ size_t cdk_subpkt_type_count(cdk_subpkt_t ctx, size_t type);
+ cdk_subpkt_t cdk_subpkt_find_nth(cdk_subpkt_t ctx, size_t type,
+ size_t index);
+ cdk_error_t cdk_subpkt_add(cdk_subpkt_t root, cdk_subpkt_t node);
+ const unsigned char *cdk_subpkt_get_data(cdk_subpkt_t ctx,
+ size_t * r_type,
+ size_t * r_nbytes);
+ void cdk_subpkt_init(cdk_subpkt_t node, size_t type,
+ const void *buf, size_t buflen);
/* Designated Revoker routines */
- const unsigned char *cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
- cdk_desig_revoker_t * ctx,
- int *r_class,
- int *r_algid);
+ const unsigned char *cdk_key_desig_revoker_walk(cdk_desig_revoker_t
+ root,
+ cdk_desig_revoker_t
+ * ctx,
+ int *r_class,
+ int *r_algid);
#define is_RSA(a) ((a) == CDK_PK_RSA \
|| (a) == CDK_PK_RSA_E \
@@ -617,23 +587,24 @@ extern "C"
/* Encrypt the given session key @SK with the public key @PK
and write the contents into the packet @PKE. */
- cdk_error_t cdk_pk_encrypt (cdk_pubkey_t pk, cdk_pkt_pubkey_enc_t pke,
- bigint_t sk);
+ cdk_error_t cdk_pk_encrypt(cdk_pubkey_t pk,
+ cdk_pkt_pubkey_enc_t pke, bigint_t sk);
/* Decrypt the given encrypted session key in @PKE with the secret key
@SK and store it in @R_SK. */
- cdk_error_t cdk_pk_decrypt (cdk_seckey_t sk, cdk_pkt_pubkey_enc_t pke,
- bigint_t * r_sk);
+ cdk_error_t cdk_pk_decrypt(cdk_seckey_t sk,
+ cdk_pkt_pubkey_enc_t pke,
+ bigint_t * r_sk);
/* Sign the given message digest @MD with the secret key @SK and
store the signature in the packet @SIG. */
- cdk_error_t cdk_pk_sign (cdk_seckey_t sk, cdk_pkt_signature_t sig,
- const unsigned char *md);
+ cdk_error_t cdk_pk_sign(cdk_seckey_t sk, cdk_pkt_signature_t sig,
+ const unsigned char *md);
/* Verify the given signature in @SIG with the public key @PK
and compare it against the message digest @MD. */
- cdk_error_t cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
- const unsigned char *md);
+ cdk_error_t cdk_pk_verify(cdk_pubkey_t pk, cdk_pkt_signature_t sig,
+ const unsigned char *md);
/* Use cdk_pk_get_npkey() and cdk_pk_get_nskey to find out how much
multiprecision integers a key consists of. */
@@ -641,316 +612,351 @@ extern "C"
/* Return a multi precision integer of the public key with the index @IDX
in the buffer @BUF. @R_NWRITTEN will contain the length in octets.
Optional @R_NBITS may contain the size in bits. */
- cdk_error_t cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
- unsigned char *buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits);
+ cdk_error_t cdk_pk_get_mpi(cdk_pubkey_t pk, size_t idx,
+ unsigned char *buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits);
/* Same as the function above but of the secret key. */
- cdk_error_t cdk_sk_get_mpi (cdk_seckey_t sk, size_t idx,
- unsigned char *buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits);
+ cdk_error_t cdk_sk_get_mpi(cdk_seckey_t sk, size_t idx,
+ unsigned char *buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits);
/* Helper to get the exact number of multi precision integers
for the given object. */
- int cdk_pk_get_nbits (cdk_pubkey_t pk);
- int cdk_pk_get_npkey (int algo);
- int cdk_pk_get_nskey (int algo);
- int cdk_pk_get_nsig (int algo);
- int cdk_pk_get_nenc (int algo);
+ int cdk_pk_get_nbits(cdk_pubkey_t pk);
+ int cdk_pk_get_npkey(int algo);
+ int cdk_pk_get_nskey(int algo);
+ int cdk_pk_get_nsig(int algo);
+ int cdk_pk_get_nenc(int algo);
/* Fingerprint and key ID routines. */
/* Calculate the fingerprint of the given public key.
the FPR parameter must be at least 20 octets to hold the SHA1 hash. */
- cdk_error_t cdk_pk_get_fingerprint (cdk_pubkey_t pk, unsigned char *fpr);
+ cdk_error_t cdk_pk_get_fingerprint(cdk_pubkey_t pk,
+ unsigned char *fpr);
/* Same as above, but with additional sanity checks of the buffer size. */
- cdk_error_t cdk_pk_to_fingerprint (cdk_pubkey_t pk,
- unsigned char *fpr, size_t fprlen,
- size_t * r_nout);
+ cdk_error_t cdk_pk_to_fingerprint(cdk_pubkey_t pk,
+ unsigned char *fpr,
+ size_t fprlen, size_t * r_nout);
/* Derive the keyid from the fingerprint. This is only possible for
modern, version 4 keys. */
- unsigned int cdk_pk_fingerprint_get_keyid (const unsigned char *fpr,
- size_t fprlen,
- unsigned int *keyid);
+ unsigned int cdk_pk_fingerprint_get_keyid(const unsigned char *fpr,
+ size_t fprlen,
+ unsigned int *keyid);
/* Various functions to get the keyid from the specific packet type. */
- unsigned int cdk_pk_get_keyid (cdk_pubkey_t pk, unsigned int *keyid);
- unsigned int cdk_sk_get_keyid (cdk_seckey_t sk, unsigned int *keyid);
- unsigned int cdk_sig_get_keyid (cdk_pkt_signature_t sig,
- unsigned int *keyid);
+ unsigned int cdk_pk_get_keyid(cdk_pubkey_t pk,
+ unsigned int *keyid);
+ unsigned int cdk_sk_get_keyid(cdk_seckey_t sk,
+ unsigned int *keyid);
+ unsigned int cdk_sig_get_keyid(cdk_pkt_signature_t sig,
+ unsigned int *keyid);
/* Key release functions. */
- void cdk_pk_release (cdk_pubkey_t pk);
- void cdk_sk_release (cdk_seckey_t sk);
+ void cdk_pk_release(cdk_pubkey_t pk);
+ void cdk_sk_release(cdk_seckey_t sk);
/* Create a public key with the data from the secret key @SK. */
- cdk_error_t cdk_pk_from_secret_key (cdk_seckey_t sk, cdk_pubkey_t * ret_pk);
+ cdk_error_t cdk_pk_from_secret_key(cdk_seckey_t sk,
+ cdk_pubkey_t * ret_pk);
/* Sexp conversion of keys. */
- cdk_error_t cdk_pubkey_to_sexp (cdk_pubkey_t pk, char **sexp, size_t * len);
- cdk_error_t cdk_seckey_to_sexp (cdk_seckey_t sk, char **sexp, size_t * len);
+ cdk_error_t cdk_pubkey_to_sexp(cdk_pubkey_t pk, char **sexp,
+ size_t * len);
+ cdk_error_t cdk_seckey_to_sexp(cdk_seckey_t sk, char **sexp,
+ size_t * len);
/* String to Key routines. */
- cdk_error_t cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
- const unsigned char *salt);
- void cdk_s2k_free (cdk_s2k_t s2k);
+ cdk_error_t cdk_s2k_new(cdk_s2k_t * ret_s2k, int mode,
+ int digest_algo,
+ const unsigned char *salt);
+ void cdk_s2k_free(cdk_s2k_t s2k);
/* Protect the inbuf with ASCII armor of the specified type.
If @outbuf and @outlen are NULL, the function returns the calculated
size of the base64 encoded data in @nwritten. */
- cdk_error_t cdk_armor_encode_buffer (const unsigned char *inbuf,
- size_t inlen, char *outbuf,
- size_t outlen, size_t * nwritten,
- int type);
+ cdk_error_t cdk_armor_encode_buffer(const unsigned char *inbuf,
+ size_t inlen, char *outbuf,
+ size_t outlen,
+ size_t * nwritten, int type);
/* This context contain user callbacks for different stream operations.
Some of these callbacks might be NULL to indicate that the callback
is not used. */
- struct cdk_stream_cbs_s
- {
- cdk_error_t (*open) (void *);
- cdk_error_t (*release) (void *);
- int (*read) (void *, void *buf, size_t);
- int (*write) (void *, const void *buf, size_t);
- int (*seek) (void *, off_t);
- };
- typedef struct cdk_stream_cbs_s *cdk_stream_cbs_t;
-
- int cdk_stream_is_compressed (cdk_stream_t s);
+ struct cdk_stream_cbs_s {
+ cdk_error_t(*open) (void *);
+ cdk_error_t(*release) (void *);
+ int (*read) (void *, void *buf, size_t);
+ int (*write) (void *, const void *buf, size_t);
+ int (*seek) (void *, off_t);
+ };
+ typedef struct cdk_stream_cbs_s *cdk_stream_cbs_t;
+
+ int cdk_stream_is_compressed(cdk_stream_t s);
/* Return a stream object which is associated to a socket. */
- cdk_error_t cdk_stream_sockopen (const char *host, unsigned short port,
- cdk_stream_t * ret_out);
+ cdk_error_t cdk_stream_sockopen(const char *host,
+ unsigned short port,
+ cdk_stream_t * ret_out);
/* Return a stream object which is associated to an existing file. */
- cdk_error_t cdk_stream_open (const char *file, cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_open(const char *file,
+ cdk_stream_t * ret_s);
/* Return a stream object which is associated to a file which will
be created when the stream is closed. */
- cdk_error_t cdk_stream_new (const char *file, cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_new(const char *file, cdk_stream_t * ret_s);
/* Return a stream object with custom callback functions for the
various core operations. */
- cdk_error_t cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
- cdk_stream_t * ret_s);
- cdk_error_t cdk_stream_create (const char *file, cdk_stream_t * ret_s);
- cdk_error_t cdk_stream_tmp_new (cdk_stream_t * r_out);
- cdk_error_t cdk_stream_tmp_from_mem (const void *buf, size_t buflen,
- cdk_stream_t * r_out);
- void cdk_stream_tmp_set_mode (cdk_stream_t s, int val);
- cdk_error_t cdk_stream_flush (cdk_stream_t s);
- cdk_error_t cdk_stream_enable_cache (cdk_stream_t s, int val);
- cdk_error_t cdk_stream_filter_disable (cdk_stream_t s, int type);
- cdk_error_t cdk_stream_close (cdk_stream_t s);
- off_t cdk_stream_get_length (cdk_stream_t s);
- int cdk_stream_read (cdk_stream_t s, void *buf, size_t count);
- int cdk_stream_write (cdk_stream_t s, const void *buf, size_t count);
- int cdk_stream_putc (cdk_stream_t s, int c);
- int cdk_stream_getc (cdk_stream_t s);
- int cdk_stream_eof (cdk_stream_t s);
- off_t cdk_stream_tell (cdk_stream_t s);
- cdk_error_t cdk_stream_seek (cdk_stream_t s, off_t offset);
- cdk_error_t cdk_stream_set_armor_flag (cdk_stream_t s, int type);
+ cdk_error_t cdk_stream_new_from_cbs(cdk_stream_cbs_t cbs,
+ void *opa,
+ cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_create(const char *file,
+ cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_tmp_new(cdk_stream_t * r_out);
+ cdk_error_t cdk_stream_tmp_from_mem(const void *buf, size_t buflen,
+ cdk_stream_t * r_out);
+ void cdk_stream_tmp_set_mode(cdk_stream_t s, int val);
+ cdk_error_t cdk_stream_flush(cdk_stream_t s);
+ cdk_error_t cdk_stream_enable_cache(cdk_stream_t s, int val);
+ cdk_error_t cdk_stream_filter_disable(cdk_stream_t s, int type);
+ cdk_error_t cdk_stream_close(cdk_stream_t s);
+ off_t cdk_stream_get_length(cdk_stream_t s);
+ int cdk_stream_read(cdk_stream_t s, void *buf, size_t count);
+ int cdk_stream_write(cdk_stream_t s, const void *buf,
+ size_t count);
+ int cdk_stream_putc(cdk_stream_t s, int c);
+ int cdk_stream_getc(cdk_stream_t s);
+ int cdk_stream_eof(cdk_stream_t s);
+ off_t cdk_stream_tell(cdk_stream_t s);
+ cdk_error_t cdk_stream_seek(cdk_stream_t s, off_t offset);
+ cdk_error_t cdk_stream_set_armor_flag(cdk_stream_t s, int type);
/* Push the literal filter for the given stream. */
- cdk_error_t cdk_stream_set_literal_flag (cdk_stream_t s,
- cdk_lit_format_t mode,
- const char *fname);
-
- cdk_error_t cdk_stream_set_compress_flag (cdk_stream_t s, int algo,
- int level);
- cdk_error_t cdk_stream_set_hash_flag (cdk_stream_t s, int algo);
- cdk_error_t cdk_stream_set_text_flag (cdk_stream_t s, const char *lf);
- cdk_error_t cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out);
- cdk_error_t cdk_stream_mmap (cdk_stream_t s, unsigned char **ret_buf,
- size_t * ret_buflen);
- cdk_error_t cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
- unsigned char **ret_buf,
- size_t * ret_buflen);
+ cdk_error_t cdk_stream_set_literal_flag(cdk_stream_t s,
+ cdk_lit_format_t mode,
+ const char *fname);
+
+ cdk_error_t cdk_stream_set_compress_flag(cdk_stream_t s, int algo,
+ int level);
+ cdk_error_t cdk_stream_set_hash_flag(cdk_stream_t s, int algo);
+ cdk_error_t cdk_stream_set_text_flag(cdk_stream_t s,
+ const char *lf);
+ cdk_error_t cdk_stream_kick_off(cdk_stream_t inp,
+ cdk_stream_t out);
+ cdk_error_t cdk_stream_mmap(cdk_stream_t s,
+ unsigned char **ret_buf,
+ size_t * ret_buflen);
+ cdk_error_t cdk_stream_mmap_part(cdk_stream_t s, off_t off,
+ size_t len,
+ unsigned char **ret_buf,
+ size_t * ret_buflen);
/* Read from the stream but restore the file pointer after reading
the requested amount of bytes. */
- int cdk_stream_peek (cdk_stream_t inp, unsigned char *buf, size_t buflen);
+ int cdk_stream_peek(cdk_stream_t inp, unsigned char *buf,
+ size_t buflen);
/* Create a new key db handle from a memory buffer. */
- cdk_error_t cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_hd, int secret,
- int armor,
- const void *data, size_t datlen);
+ cdk_error_t cdk_keydb_new_from_mem(cdk_keydb_hd_t * r_hd,
+ int secret, int armor,
+ const void *data,
+ size_t datlen);
/* Check that a secret key with the given key ID is available. */
- cdk_error_t cdk_keydb_check_sk (cdk_keydb_hd_t hd, unsigned int *keyid);
+ cdk_error_t cdk_keydb_check_sk(cdk_keydb_hd_t hd,
+ unsigned int *keyid);
/* Prepare the key db search. */
- cdk_error_t cdk_keydb_search_start (cdk_keydb_search_t * st,
- cdk_keydb_hd_t db, int type,
- void *desc);
+ cdk_error_t cdk_keydb_search_start(cdk_keydb_search_t * st,
+ cdk_keydb_hd_t db, int type,
+ void *desc);
- void cdk_keydb_search_release (cdk_keydb_search_t st);
+ void cdk_keydb_search_release(cdk_keydb_search_t st);
/* Return a key which matches a valid description given in
cdk_keydb_search_start(). */
- cdk_error_t cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
- cdk_kbnode_t * ret_key);
+ cdk_error_t cdk_keydb_search(cdk_keydb_search_t st,
+ cdk_keydb_hd_t hd,
+ cdk_kbnode_t * ret_key);
/* Release the key db handle and all its resources. */
- void cdk_keydb_free (cdk_keydb_hd_t hd);
+ void cdk_keydb_free(cdk_keydb_hd_t hd);
/* The following functions will try to find a key in the given key
db handle either by keyid, by fingerprint or by some pattern. */
- cdk_error_t cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, unsigned int *keyid,
- cdk_kbnode_t * ret_pk);
- cdk_error_t cdk_keydb_get_byfpr (cdk_keydb_hd_t hd,
- const unsigned char *fpr,
- cdk_kbnode_t * ret_pk);
- cdk_error_t cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
- cdk_kbnode_t * ret_pk);
+ cdk_error_t cdk_keydb_get_bykeyid(cdk_keydb_hd_t hd,
+ unsigned int *keyid,
+ cdk_kbnode_t * ret_pk);
+ cdk_error_t cdk_keydb_get_byfpr(cdk_keydb_hd_t hd,
+ const unsigned char *fpr,
+ cdk_kbnode_t * ret_pk);
+ cdk_error_t cdk_keydb_get_bypattern(cdk_keydb_hd_t hd,
+ const char *patt,
+ cdk_kbnode_t * ret_pk);
/* These function, in contrast to most other key db functions, only
return the public or secret key packet without the additional
signatures and user IDs. */
- cdk_error_t cdk_keydb_get_pk (cdk_keydb_hd_t khd, unsigned int *keyid,
- cdk_pubkey_t * ret_pk);
- cdk_error_t cdk_keydb_get_sk (cdk_keydb_hd_t khd, unsigned int *keyid,
- cdk_seckey_t * ret_sk);
+ cdk_error_t cdk_keydb_get_pk(cdk_keydb_hd_t khd,
+ unsigned int *keyid,
+ cdk_pubkey_t * ret_pk);
+ cdk_error_t cdk_keydb_get_sk(cdk_keydb_hd_t khd,
+ unsigned int *keyid,
+ cdk_seckey_t * ret_sk);
/* Try to read the next key block from the given input stream.
The key will be returned in @RET_KEY on success. */
- cdk_error_t cdk_keydb_get_keyblock (cdk_stream_t inp,
- cdk_kbnode_t * ret_key);
+ cdk_error_t cdk_keydb_get_keyblock(cdk_stream_t inp,
+ cdk_kbnode_t * ret_key);
/* Rebuild the key db index if possible. */
- cdk_error_t cdk_keydb_idx_rebuild (cdk_keydb_hd_t db,
- cdk_keydb_search_t dbs);
+ cdk_error_t cdk_keydb_idx_rebuild(cdk_keydb_hd_t db,
+ cdk_keydb_search_t dbs);
/* Export one or more keys from the given key db handle into
the stream @OUT. The export is done by substring search and
uses the string list @REMUSR for the pattern. */
- cdk_error_t cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out,
- cdk_strlist_t remusr);
+ cdk_error_t cdk_keydb_export(cdk_keydb_hd_t hd, cdk_stream_t out,
+ cdk_strlist_t remusr);
/* Import the given key node @knode into the key db. */
- cdk_error_t cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode);
+ cdk_error_t cdk_keydb_import(cdk_keydb_hd_t hd,
+ cdk_kbnode_t knode);
/* List or enumerate keys from a given key db handle. */
/* Start the key list process. Either use @PATT for a pattern search
or @FPATT for a list of pattern. */
- cdk_error_t cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
- const char *patt, cdk_strlist_t fpatt);
- void cdk_listkey_close (cdk_listkey_t ctx);
+ cdk_error_t cdk_listkey_start(cdk_listkey_t * r_ctx,
+ cdk_keydb_hd_t db, const char *patt,
+ cdk_strlist_t fpatt);
+ void cdk_listkey_close(cdk_listkey_t ctx);
/* Return the next key which matches the pattern. */
- cdk_error_t cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key);
-
- cdk_kbnode_t cdk_kbnode_new (cdk_packet_t pkt);
- cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
- int armor,
- const unsigned char *buf,
- size_t buflen);
- cdk_error_t cdk_kbnode_write_to_mem (cdk_kbnode_t node,
- unsigned char *buf, size_t * r_nbytes);
- cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
- unsigned char **r_buf,
- size_t * r_buflen);
-
- void cdk_kbnode_release (cdk_kbnode_t node);
- void cdk_kbnode_delete (cdk_kbnode_t node);
- void cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
- int cdk_kbnode_commit (cdk_kbnode_t * root);
- void cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node);
- void cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node,
- cdk_kbnode_t where);
- cdk_kbnode_t cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx,
- int all);
- cdk_packet_t cdk_kbnode_find_packet (cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
- cdk_packet_t cdk_kbnode_get_packet (cdk_kbnode_t node);
- cdk_kbnode_t cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype);
- cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
- cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
- cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md,
- int is_v4, cdk_packet_type_t pkttype,
- int flags);
+ cdk_error_t cdk_listkey_next(cdk_listkey_t ctx,
+ cdk_kbnode_t * ret_key);
+
+ cdk_kbnode_t cdk_kbnode_new(cdk_packet_t pkt);
+ cdk_error_t cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+ int armor,
+ const unsigned char *buf,
+ size_t buflen);
+ cdk_error_t cdk_kbnode_write_to_mem(cdk_kbnode_t node,
+ unsigned char *buf,
+ size_t * r_nbytes);
+ cdk_error_t cdk_kbnode_write_to_mem_alloc(cdk_kbnode_t node,
+ unsigned char **r_buf,
+ size_t * r_buflen);
+
+ void cdk_kbnode_release(cdk_kbnode_t node);
+ void cdk_kbnode_delete(cdk_kbnode_t node);
+ void cdk_kbnode_insert(cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ int cdk_kbnode_commit(cdk_kbnode_t * root);
+ void cdk_kbnode_remove(cdk_kbnode_t * root, cdk_kbnode_t node);
+ void cdk_kbnode_move(cdk_kbnode_t * root, cdk_kbnode_t node,
+ cdk_kbnode_t where);
+ cdk_kbnode_t cdk_kbnode_walk(cdk_kbnode_t root, cdk_kbnode_t * ctx,
+ int all);
+ cdk_packet_t cdk_kbnode_find_packet(cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_packet_t cdk_kbnode_get_packet(cdk_kbnode_t node);
+ cdk_kbnode_t cdk_kbnode_find(cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_kbnode_t cdk_kbnode_find_prev(cdk_kbnode_t root,
+ cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_kbnode_t cdk_kbnode_find_next(cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_error_t cdk_kbnode_hash(cdk_kbnode_t node, digest_hd_st * md,
+ int is_v4, cdk_packet_type_t pkttype,
+ int flags);
/* Check each signature in the key node and return a summary of the
key status in @r_status. Values of cdk_key_flag_t are used. */
- cdk_error_t cdk_pk_check_sigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd,
- int *r_status);
+ cdk_error_t cdk_pk_check_sigs(cdk_kbnode_t knode,
+ cdk_keydb_hd_t hd, int *r_status);
/* Check the self signature of the key to make sure it is valid. */
- cdk_error_t cdk_pk_check_self_sig (cdk_kbnode_t knode, int *r_status);
+ cdk_error_t cdk_pk_check_self_sig(cdk_kbnode_t knode,
+ int *r_status);
/* Return a matching algorithm from the given public key list.
@PREFTYPE can be either sym-cipher/compress/digest. */
- int cdk_pklist_select_algo (cdk_keylist_t pkl, int preftype);
+ int cdk_pklist_select_algo(cdk_keylist_t pkl, int preftype);
/* Return 0 or 1 if the given key list is able to understand the
MDC feature. */
- int cdk_pklist_use_mdc (cdk_keylist_t pkl);
- cdk_error_t cdk_pklist_build (cdk_keylist_t * ret_pkl, cdk_keydb_hd_t hd,
- cdk_strlist_t remusr, int use);
- void cdk_pklist_release (cdk_keylist_t pkl);
+ int cdk_pklist_use_mdc(cdk_keylist_t pkl);
+ cdk_error_t cdk_pklist_build(cdk_keylist_t * ret_pkl,
+ cdk_keydb_hd_t hd,
+ cdk_strlist_t remusr, int use);
+ void cdk_pklist_release(cdk_keylist_t pkl);
/* Secret key lists */
- cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl,
- cdk_keydb_hd_t db, cdk_ctx_t hd,
- cdk_strlist_t locusr,
- int unlock, unsigned int use);
- void cdk_sklist_release (cdk_keylist_t skl);
- cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp,
- digest_hd_st * mdctx, int sigclass,
- int sigver);
- cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp,
- int sigclass, int mdalgo);
+ cdk_error_t cdk_sklist_build(cdk_keylist_t * ret_skl,
+ cdk_keydb_hd_t db, cdk_ctx_t hd,
+ cdk_strlist_t locusr,
+ int unlock, unsigned int use);
+ void cdk_sklist_release(cdk_keylist_t skl);
+ cdk_error_t cdk_sklist_write(cdk_keylist_t skl, cdk_stream_t outp,
+ digest_hd_st * mdctx, int sigclass,
+ int sigver);
+ cdk_error_t cdk_sklist_write_onepass(cdk_keylist_t skl,
+ cdk_stream_t outp,
+ int sigclass, int mdalgo);
/* Encrypt the given stream @INP with the recipients given in @REMUSR.
If @REMUSR is NULL, symmetric encryption will be used. The output
will be written to @OUT. */
- cdk_error_t cdk_stream_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
- cdk_stream_t inp, cdk_stream_t out);
+ cdk_error_t cdk_stream_encrypt(cdk_ctx_t hd, cdk_strlist_t remusr,
+ cdk_stream_t inp, cdk_stream_t out);
/* Decrypt the @INP stream into @OUT. */
- cdk_error_t cdk_stream_decrypt (cdk_ctx_t hd, cdk_stream_t inp,
- cdk_stream_t out);
+ cdk_error_t cdk_stream_decrypt(cdk_ctx_t hd, cdk_stream_t inp,
+ cdk_stream_t out);
/* Same as the function above but it works on files. */
- cdk_error_t cdk_file_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
- const char *file, const char *output);
- cdk_error_t cdk_file_decrypt (cdk_ctx_t hd, const char *file,
- const char *output);
+ cdk_error_t cdk_file_encrypt(cdk_ctx_t hd, cdk_strlist_t remusr,
+ const char *file, const char *output);
+ cdk_error_t cdk_file_decrypt(cdk_ctx_t hd, const char *file,
+ const char *output);
/* Generic function to transform data. The mode can be either sign,
verify, encrypt, decrypt, import or export. The meanings of the
parameters are similar to the functions above.
@OUTBUF will contain the output and @OUTSIZE the length of it. */
- cdk_error_t cdk_data_transform (cdk_ctx_t hd, enum cdk_crypto_mode_t mode,
- cdk_strlist_t locusr, cdk_strlist_t remusr,
- const void *inbuf, size_t insize,
- unsigned char **outbuf, size_t * outsize,
- int modval);
-
- int cdk_trustdb_get_validity (cdk_stream_t inp, cdk_pkt_userid_t id,
- int *r_val);
- int cdk_trustdb_get_ownertrust (cdk_stream_t inp, cdk_pubkey_t pk,
- int *r_val, int *r_flags);
-
- void cdk_strlist_free (cdk_strlist_t sl);
- cdk_strlist_t cdk_strlist_add (cdk_strlist_t * list, const char *string);
- const char *cdk_check_version (const char *req_version);
+ cdk_error_t cdk_data_transform(cdk_ctx_t hd,
+ enum cdk_crypto_mode_t mode,
+ cdk_strlist_t locusr,
+ cdk_strlist_t remusr,
+ const void *inbuf, size_t insize,
+ unsigned char **outbuf,
+ size_t * outsize, int modval);
+
+ int cdk_trustdb_get_validity(cdk_stream_t inp, cdk_pkt_userid_t id,
+ int *r_val);
+ int cdk_trustdb_get_ownertrust(cdk_stream_t inp, cdk_pubkey_t pk,
+ int *r_val, int *r_flags);
+
+ void cdk_strlist_free(cdk_strlist_t sl);
+ cdk_strlist_t cdk_strlist_add(cdk_strlist_t * list,
+ const char *string);
+ const char *cdk_check_version(const char *req_version);
/* UTF8 */
- char *cdk_utf8_encode (const char *string);
- char *cdk_utf8_decode (const char *string, size_t length, int delim);
+ char *cdk_utf8_encode(const char *string);
+ char *cdk_utf8_decode(const char *string, size_t length,
+ int delim);
#ifdef __cplusplus
}
#endif
-
-#endif /* OPENCDK_H */
+#endif /* OPENCDK_H */
diff --git a/lib/opencdk/packet.h b/lib/opencdk/packet.h
index a7680134fd..a5629ec44b 100644
--- a/lib/opencdk/packet.h
+++ b/lib/opencdk/packet.h
@@ -23,25 +23,24 @@
#ifndef CDK_PACKET_H
#define CDK_PACKET_H
-struct cdk_kbnode_s
-{
- struct cdk_kbnode_s *next;
- cdk_packet_t pkt;
- unsigned int is_deleted:1;
- unsigned int is_cloned:1;
+struct cdk_kbnode_s {
+ struct cdk_kbnode_s *next;
+ cdk_packet_t pkt;
+ unsigned int is_deleted:1;
+ unsigned int is_cloned:1;
};
/*-- new-packet.c --*/
-void _cdk_free_mpibuf (size_t n, bigint_t * array);
-void _cdk_free_userid (cdk_pkt_userid_t uid);
-void _cdk_free_signature (cdk_pkt_signature_t sig);
-cdk_prefitem_t _cdk_copy_prefs (const cdk_prefitem_t prefs);
-cdk_error_t _cdk_copy_userid (cdk_pkt_userid_t * dst, cdk_pkt_userid_t src);
-cdk_error_t _cdk_copy_pubkey (cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src);
-cdk_error_t _cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src);
-cdk_error_t _cdk_copy_pk_to_sk (cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk);
-cdk_error_t _cdk_copy_signature (cdk_pkt_signature_t * dst,
- cdk_pkt_signature_t src);
-cdk_error_t _cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b);
+void _cdk_free_mpibuf(size_t n, bigint_t * array);
+void _cdk_free_userid(cdk_pkt_userid_t uid);
+void _cdk_free_signature(cdk_pkt_signature_t sig);
+cdk_prefitem_t _cdk_copy_prefs(const cdk_prefitem_t prefs);
+cdk_error_t _cdk_copy_userid(cdk_pkt_userid_t * dst, cdk_pkt_userid_t src);
+cdk_error_t _cdk_copy_pubkey(cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src);
+cdk_error_t _cdk_copy_seckey(cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src);
+cdk_error_t _cdk_copy_pk_to_sk(cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk);
+cdk_error_t _cdk_copy_signature(cdk_pkt_signature_t * dst,
+ cdk_pkt_signature_t src);
+cdk_error_t _cdk_pubkey_compare(cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b);
-#endif /* CDK_PACKET_H */
+#endif /* CDK_PACKET_H */
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
index 5a52db211f..14a7da58ce 100644
--- a/lib/opencdk/pubkey.c
+++ b/lib/opencdk/pubkey.c
@@ -36,30 +36,27 @@
* them into a way for _gnutls_pk_verify to use.
*/
static cdk_error_t
-sig_to_datum (gnutls_datum_t * r_sig, cdk_pkt_signature_t sig)
+sig_to_datum(gnutls_datum_t * r_sig, cdk_pkt_signature_t sig)
{
- int err;
- cdk_error_t rc;
-
- if (!r_sig || !sig)
- return CDK_Inv_Value;
-
- rc = 0;
- if (is_RSA (sig->pubkey_algo))
- {
- err = _gnutls_mpi_dprint (sig->mpi[0], r_sig);
- if (err < 0)
- rc = map_gnutls_error (err);
- }
- else if (is_DSA (sig->pubkey_algo))
- {
- err = _gnutls_encode_ber_rs (r_sig, sig->mpi[0], sig->mpi[1]);
- if (err < 0)
- rc = map_gnutls_error (err);
- }
- else
- rc = CDK_Inv_Algo;
- return rc;
+ int err;
+ cdk_error_t rc;
+
+ if (!r_sig || !sig)
+ return CDK_Inv_Value;
+
+ rc = 0;
+ if (is_RSA(sig->pubkey_algo)) {
+ err = _gnutls_mpi_dprint(sig->mpi[0], r_sig);
+ if (err < 0)
+ rc = map_gnutls_error(err);
+ } else if (is_DSA(sig->pubkey_algo)) {
+ err =
+ _gnutls_encode_ber_rs(r_sig, sig->mpi[0], sig->mpi[1]);
+ if (err < 0)
+ rc = map_gnutls_error(err);
+ } else
+ rc = CDK_Inv_Algo;
+ return rc;
}
/**
@@ -71,75 +68,70 @@ sig_to_datum (gnutls_datum_t * r_sig, cdk_pkt_signature_t sig)
* Verify the signature in @sig and compare it with the message digest in @md.
**/
cdk_error_t
-cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig, const byte * md)
+cdk_pk_verify(cdk_pubkey_t pk, cdk_pkt_signature_t sig, const byte * md)
{
- gnutls_datum_t s_sig = { NULL, 0}, di = {NULL, 0};
- byte *encmd = NULL;
- size_t enclen;
- cdk_error_t rc;
- int ret, algo;
- unsigned int i;
- gnutls_pk_params_st params;
- const mac_entry_st* me;
-
- if (!pk || !sig || !md)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (is_DSA (pk->pubkey_algo))
- algo = GNUTLS_PK_DSA;
- else if (is_RSA (pk->pubkey_algo))
- algo = GNUTLS_PK_RSA;
- else
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = sig_to_datum (&s_sig, sig);
- if (rc)
- {
- gnutls_assert ();
- goto leave;
- }
-
- me = mac_to_entry(sig->digest_algo);
- rc = _gnutls_set_datum (&di, md, _gnutls_hash_get_algo_len(me));
- if (rc < 0)
- {
- rc = gnutls_assert_val(CDK_Out_Of_Core);
- goto leave;
- }
-
- rc = pk_prepare_hash (algo, me, &di);
- if (rc < 0)
- {
- rc = gnutls_assert_val(CDK_General_Error);
- goto leave;
- }
-
- params.params_nr = cdk_pk_get_npkey (pk->pubkey_algo);
- for (i = 0; i < params.params_nr; i++)
- params.params[i] = pk->mpi[i];
- params.flags = 0;
- ret = _gnutls_pk_verify (algo, &di, &s_sig, &params);
-
- if (ret < 0)
- {
- gnutls_assert ();
- rc = map_gnutls_error (ret);
- goto leave;
- }
-
- rc = 0;
-
-leave:
- _gnutls_free_datum (&s_sig);
- _gnutls_free_datum (&di);
- cdk_free (encmd);
- return rc;
+ gnutls_datum_t s_sig = { NULL, 0 }, di = {
+ NULL, 0};
+ byte *encmd = NULL;
+ size_t enclen;
+ cdk_error_t rc;
+ int ret, algo;
+ unsigned int i;
+ gnutls_pk_params_st params;
+ const mac_entry_st *me;
+
+ if (!pk || !sig || !md) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (is_DSA(pk->pubkey_algo))
+ algo = GNUTLS_PK_DSA;
+ else if (is_RSA(pk->pubkey_algo))
+ algo = GNUTLS_PK_RSA;
+ else {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = sig_to_datum(&s_sig, sig);
+ if (rc) {
+ gnutls_assert();
+ goto leave;
+ }
+
+ me = mac_to_entry(sig->digest_algo);
+ rc = _gnutls_set_datum(&di, md, _gnutls_hash_get_algo_len(me));
+ if (rc < 0) {
+ rc = gnutls_assert_val(CDK_Out_Of_Core);
+ goto leave;
+ }
+
+ rc = pk_prepare_hash(algo, me, &di);
+ if (rc < 0) {
+ rc = gnutls_assert_val(CDK_General_Error);
+ goto leave;
+ }
+
+ params.params_nr = cdk_pk_get_npkey(pk->pubkey_algo);
+ for (i = 0; i < params.params_nr; i++)
+ params.params[i] = pk->mpi[i];
+ params.flags = 0;
+ ret = _gnutls_pk_verify(algo, &di, &s_sig, &params);
+
+ if (ret < 0) {
+ gnutls_assert();
+ rc = map_gnutls_error(ret);
+ goto leave;
+ }
+
+ rc = 0;
+
+ leave:
+ _gnutls_free_datum(&s_sig);
+ _gnutls_free_datum(&di);
+ cdk_free(encmd);
+ return rc;
}
@@ -152,12 +144,11 @@ leave:
* object in the key. For RSA keys the modulus, for ElG/DSA
* the size of the public prime.
**/
-int
-cdk_pk_get_nbits (cdk_pubkey_t pk)
+int cdk_pk_get_nbits(cdk_pubkey_t pk)
{
- if (!pk || !pk->mpi[0])
- return 0;
- return _gnutls_mpi_get_nbits (pk->mpi[0]);
+ if (!pk || !pk->mpi[0])
+ return 0;
+ return _gnutls_mpi_get_nbits(pk->mpi[0]);
}
@@ -168,20 +159,18 @@ cdk_pk_get_nbits (cdk_pubkey_t pk)
* Return the number of multiprecison integer forming an public
* key with the given algorithm.
*/
-int
-cdk_pk_get_npkey (int algo)
+int cdk_pk_get_npkey(int algo)
{
- if (is_RSA (algo))
- return RSA_PUBLIC_PARAMS;
- else if (is_DSA (algo))
- return DSA_PUBLIC_PARAMS;
- else if (is_ELG (algo))
- return 3;
- else
- {
- gnutls_assert ();
- return 0;
- }
+ if (is_RSA(algo))
+ return RSA_PUBLIC_PARAMS;
+ else if (is_DSA(algo))
+ return DSA_PUBLIC_PARAMS;
+ else if (is_ELG(algo))
+ return 3;
+ else {
+ gnutls_assert();
+ return 0;
+ }
}
@@ -192,25 +181,23 @@ cdk_pk_get_npkey (int algo)
* Return the number of multiprecision integers forming an
* secret key with the given algorithm.
**/
-int
-cdk_pk_get_nskey (int algo)
+int cdk_pk_get_nskey(int algo)
{
- int ret;
-
- if (is_RSA (algo))
- ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
- else if (is_DSA (algo))
- ret = DSA_PRIVATE_PARAMS;
- else if (is_ELG (algo))
- ret = 4;
- else
- {
- gnutls_assert ();
- return 0;
- }
-
- ret -= cdk_pk_get_npkey (algo);
- return ret;
+ int ret;
+
+ if (is_RSA(algo))
+ ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
+ else if (is_DSA(algo))
+ ret = DSA_PRIVATE_PARAMS;
+ else if (is_ELG(algo))
+ ret = 4;
+ else {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret -= cdk_pk_get_npkey(algo);
+ return ret;
}
@@ -220,15 +207,14 @@ cdk_pk_get_nskey (int algo)
*
* Return the number of MPIs a signature consists of.
**/
-int
-cdk_pk_get_nsig (int algo)
+int cdk_pk_get_nsig(int algo)
{
- if (is_RSA (algo))
- return 1;
- else if (is_DSA (algo))
- return 2;
- else
- return 0;
+ if (is_RSA(algo))
+ return 1;
+ else if (is_DSA(algo))
+ return 2;
+ else
+ return 0;
}
@@ -238,81 +224,76 @@ cdk_pk_get_nsig (int algo)
*
* Return the number of MPI's the encrypted data consists of.
**/
-int
-cdk_pk_get_nenc (int algo)
+int cdk_pk_get_nenc(int algo)
{
- if (is_RSA (algo))
- return 1;
- else if (is_ELG (algo))
- return 2;
- else
- return 0;
+ if (is_RSA(algo))
+ return 1;
+ else if (is_ELG(algo))
+ return 2;
+ else
+ return 0;
}
-int
-_cdk_pk_algo_usage (int algo)
+int _cdk_pk_algo_usage(int algo)
{
- int usage;
-
- /* The ElGamal sign+encrypt algorithm is not supported any longer. */
- switch (algo)
- {
- case CDK_PK_RSA:
- usage = CDK_KEY_USG_SIGN | CDK_KEY_USG_ENCR;
- break;
- case CDK_PK_RSA_E:
- usage = CDK_KEY_USG_ENCR;
- break;
- case CDK_PK_RSA_S:
- usage = CDK_KEY_USG_SIGN;
- break;
- case CDK_PK_ELG_E:
- usage = CDK_KEY_USG_ENCR;
- break;
- case CDK_PK_DSA:
- usage = CDK_KEY_USG_SIGN;
- break;
- default:
- usage = 0;
- }
- return usage;
+ int usage;
+
+ /* The ElGamal sign+encrypt algorithm is not supported any longer. */
+ switch (algo) {
+ case CDK_PK_RSA:
+ usage = CDK_KEY_USG_SIGN | CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_RSA_E:
+ usage = CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_RSA_S:
+ usage = CDK_KEY_USG_SIGN;
+ break;
+ case CDK_PK_ELG_E:
+ usage = CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_DSA:
+ usage = CDK_KEY_USG_SIGN;
+ break;
+ default:
+ usage = 0;
+ }
+ return usage;
}
/* You can use a NULL buf to get the output size only
*/
static cdk_error_t
-mpi_to_buffer (bigint_t a, byte * buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits)
+mpi_to_buffer(bigint_t a, byte * buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits)
{
- size_t nbits;
- int err;
-
- if (!a || !r_nwritten)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- nbits = _gnutls_mpi_get_nbits (a);
- if (r_nbits)
- *r_nbits = nbits;
-
- if (r_nwritten)
- *r_nwritten = (nbits + 7) / 8 + 2;
-
- if ((nbits + 7) / 8 + 2 > buflen)
- return CDK_Too_Short;
-
- *r_nwritten = buflen;
- err = _gnutls_mpi_print (a, buf, r_nwritten);
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
-
- return 0;
+ size_t nbits;
+ int err;
+
+ if (!a || !r_nwritten) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ nbits = _gnutls_mpi_get_nbits(a);
+ if (r_nbits)
+ *r_nbits = nbits;
+
+ if (r_nwritten)
+ *r_nwritten = (nbits + 7) / 8 + 2;
+
+ if ((nbits + 7) / 8 + 2 > buflen)
+ return CDK_Too_Short;
+
+ *r_nwritten = buflen;
+ err = _gnutls_mpi_print(a, buf, r_nwritten);
+ if (err < 0) {
+ gnutls_assert();
+ return map_gnutls_error(err);
+ }
+
+ return 0;
}
@@ -327,16 +308,17 @@ mpi_to_buffer (bigint_t a, byte * buf, size_t buflen,
* Return the MPI with the given index of the public key.
**/
cdk_error_t
-cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
- byte * buf, size_t buflen, size_t * r_nwritten,
- size_t * r_nbits)
+cdk_pk_get_mpi(cdk_pubkey_t pk, size_t idx,
+ byte * buf, size_t buflen, size_t * r_nwritten,
+ size_t * r_nbits)
{
- if (!pk || !r_nwritten)
- return CDK_Inv_Value;
+ if (!pk || !r_nwritten)
+ return CDK_Inv_Value;
- if ((ssize_t) idx > cdk_pk_get_npkey (pk->pubkey_algo))
- return CDK_Inv_Value;
- return mpi_to_buffer (pk->mpi[idx], buf, buflen, r_nwritten, r_nbits);
+ if ((ssize_t) idx > cdk_pk_get_npkey(pk->pubkey_algo))
+ return CDK_Inv_Value;
+ return mpi_to_buffer(pk->mpi[idx], buf, buflen, r_nwritten,
+ r_nbits);
}
@@ -353,35 +335,35 @@ cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
* is protected and thus no real MPI data will be returned then.
**/
cdk_error_t
-cdk_sk_get_mpi (cdk_pkt_seckey_t sk, size_t idx,
- byte * buf, size_t buflen, size_t * r_nwritten,
- size_t * r_nbits)
+cdk_sk_get_mpi(cdk_pkt_seckey_t sk, size_t idx,
+ byte * buf, size_t buflen, size_t * r_nwritten,
+ size_t * r_nbits)
{
- if (!sk || !r_nwritten)
- return CDK_Inv_Value;
+ if (!sk || !r_nwritten)
+ return CDK_Inv_Value;
- if ((ssize_t) idx > cdk_pk_get_nskey (sk->pubkey_algo))
- return CDK_Inv_Value;
- return mpi_to_buffer (sk->mpi[idx], buf, buflen, r_nwritten, r_nbits);
+ if ((ssize_t) idx > cdk_pk_get_nskey(sk->pubkey_algo))
+ return CDK_Inv_Value;
+ return mpi_to_buffer(sk->mpi[idx], buf, buflen, r_nwritten,
+ r_nbits);
}
-static u16
-checksum_mpi (bigint_t m)
+static u16 checksum_mpi(bigint_t m)
{
- byte buf[MAX_MPI_BYTES + 2];
- size_t nread;
- unsigned int i;
- u16 chksum = 0;
-
- if (!m)
- return 0;
- nread = DIM (buf);
- if (_gnutls_mpi_print_pgp (m, buf, &nread) < 0)
- return 0;
- for (i = 0; i < nread; i++)
- chksum += buf[i];
- return chksum;
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nread;
+ unsigned int i;
+ u16 chksum = 0;
+
+ if (!m)
+ return 0;
+ nread = DIM(buf);
+ if (_gnutls_mpi_print_pgp(m, buf, &nread) < 0)
+ return 0;
+ for (i = 0; i < nread; i++)
+ chksum += buf[i];
+ return chksum;
}
/**
@@ -392,24 +374,23 @@ checksum_mpi (bigint_t m)
* Create a new public key from a secret key.
**/
cdk_error_t
-cdk_pk_from_secret_key (cdk_pkt_seckey_t sk, cdk_pubkey_t * ret_pk)
+cdk_pk_from_secret_key(cdk_pkt_seckey_t sk, cdk_pubkey_t * ret_pk)
{
- if (!sk)
- return CDK_Inv_Value;
- return _cdk_copy_pubkey (ret_pk, sk->pk);
+ if (!sk)
+ return CDK_Inv_Value;
+ return _cdk_copy_pubkey(ret_pk, sk->pk);
}
-int
-_cdk_sk_get_csum (cdk_pkt_seckey_t sk)
+int _cdk_sk_get_csum(cdk_pkt_seckey_t sk)
{
- u16 csum = 0, i;
+ u16 csum = 0, i;
- if (!sk)
- return 0;
- for (i = 0; i < cdk_pk_get_nskey (sk->pubkey_algo); i++)
- csum += checksum_mpi (sk->mpi[i]);
- return csum;
+ if (!sk)
+ return 0;
+ for (i = 0; i < cdk_pk_get_nskey(sk->pubkey_algo); i++)
+ csum += checksum_mpi(sk->mpi[i]);
+ return csum;
}
@@ -424,37 +405,35 @@ _cdk_sk_get_csum (cdk_pkt_seckey_t sk)
* the new cdk_pk_to_fingerprint() should be used whenever
* possible to avoid overflows.
**/
-cdk_error_t
-cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
+cdk_error_t cdk_pk_get_fingerprint(cdk_pubkey_t pk, byte * fpr)
{
- digest_hd_st hd;
- int md_algo;
- int dlen = 0;
- int err;
- const mac_entry_st* me;
-
- if (!pk || !fpr)
- return CDK_Inv_Value;
-
- if (pk->version < 4 && is_RSA (pk->pubkey_algo))
- md_algo = GNUTLS_DIG_MD5; /* special */
- else
- md_algo = GNUTLS_DIG_SHA1;
-
- me = mac_to_entry(md_algo);
-
- dlen = _gnutls_hash_get_algo_len (me);
- err = _gnutls_hash_init (&hd, me);
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
- _cdk_hash_pubkey (pk, &hd, 1);
- _gnutls_hash_deinit (&hd, fpr);
- if (dlen == 16)
- memset (fpr + 16, 0, 4);
- return 0;
+ digest_hd_st hd;
+ int md_algo;
+ int dlen = 0;
+ int err;
+ const mac_entry_st *me;
+
+ if (!pk || !fpr)
+ return CDK_Inv_Value;
+
+ if (pk->version < 4 && is_RSA(pk->pubkey_algo))
+ md_algo = GNUTLS_DIG_MD5; /* special */
+ else
+ md_algo = GNUTLS_DIG_SHA1;
+
+ me = mac_to_entry(md_algo);
+
+ dlen = _gnutls_hash_get_algo_len(me);
+ err = _gnutls_hash_init(&hd, me);
+ if (err < 0) {
+ gnutls_assert();
+ return map_gnutls_error(err);
+ }
+ _cdk_hash_pubkey(pk, &hd, 1);
+ _gnutls_hash_deinit(&hd, fpr);
+ if (dlen == 16)
+ memset(fpr + 16, 0, 4);
+ return 0;
}
@@ -469,35 +448,34 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
* return it in the given byte array.
**/
cdk_error_t
-cdk_pk_to_fingerprint (cdk_pubkey_t pk,
- byte * fprbuf, size_t fprbuflen, size_t * r_nout)
+cdk_pk_to_fingerprint(cdk_pubkey_t pk,
+ byte * fprbuf, size_t fprbuflen, size_t * r_nout)
{
- size_t key_fprlen;
- cdk_error_t err;
+ size_t key_fprlen;
+ cdk_error_t err;
- if (!pk)
- return CDK_Inv_Value;
+ if (!pk)
+ return CDK_Inv_Value;
- if (pk->version < 4)
- key_fprlen = 16;
- else
- key_fprlen = 20;
+ if (pk->version < 4)
+ key_fprlen = 16;
+ else
+ key_fprlen = 20;
- /* Only return the required buffer size for the fingerprint. */
- if (!fprbuf && !fprbuflen && r_nout)
- {
- *r_nout = key_fprlen;
- return 0;
- }
+ /* Only return the required buffer size for the fingerprint. */
+ if (!fprbuf && !fprbuflen && r_nout) {
+ *r_nout = key_fprlen;
+ return 0;
+ }
- if (!fprbuf || key_fprlen > fprbuflen)
- return CDK_Too_Short;
+ if (!fprbuf || key_fprlen > fprbuflen)
+ return CDK_Too_Short;
- err = cdk_pk_get_fingerprint (pk, fprbuf);
- if (r_nout)
- *r_nout = key_fprlen;
+ err = cdk_pk_get_fingerprint(pk, fprbuf);
+ if (r_nout)
+ *r_nout = key_fprlen;
- return err;
+ return err;
}
@@ -510,27 +488,23 @@ cdk_pk_to_fingerprint (cdk_pubkey_t pk,
* For version 3 keys, this is not working.
**/
u32
-cdk_pk_fingerprint_get_keyid (const byte * fpr, size_t fprlen, u32 * keyid)
+cdk_pk_fingerprint_get_keyid(const byte * fpr, size_t fprlen, u32 * keyid)
{
- u32 lowbits = 0;
-
- /* In this case we say the key is a V3 RSA key and we can't
- use the fingerprint to get the keyid. */
- if (fpr && fprlen == 16)
- {
- keyid[0] = 0;
- keyid[1] = 0;
- return 0;
- }
- else if (keyid && fpr)
- {
- keyid[0] = _cdk_buftou32 (fpr + 12);
- keyid[1] = _cdk_buftou32 (fpr + 16);
- lowbits = keyid[1];
- }
- else if (fpr)
- lowbits = _cdk_buftou32 (fpr + 16);
- return lowbits;
+ u32 lowbits = 0;
+
+ /* In this case we say the key is a V3 RSA key and we can't
+ use the fingerprint to get the keyid. */
+ if (fpr && fprlen == 16) {
+ keyid[0] = 0;
+ keyid[1] = 0;
+ return 0;
+ } else if (keyid && fpr) {
+ keyid[0] = _cdk_buftou32(fpr + 12);
+ keyid[1] = _cdk_buftou32(fpr + 16);
+ lowbits = keyid[1];
+ } else if (fpr)
+ lowbits = _cdk_buftou32(fpr + 16);
+ return lowbits;
}
@@ -541,41 +515,39 @@ cdk_pk_fingerprint_get_keyid (const byte * fpr, size_t fprlen, u32 * keyid)
*
* Calculate the key ID of the given public key.
**/
-u32
-cdk_pk_get_keyid (cdk_pubkey_t pk, u32 * keyid)
+u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
{
- u32 lowbits = 0;
- byte buf[24];
-
- if (pk && (!pk->keyid[0] || !pk->keyid[1]))
- {
- if (pk->version < 4 && is_RSA (pk->pubkey_algo))
- {
- byte p[MAX_MPI_BYTES];
- size_t n;
-
- n = MAX_MPI_BYTES;
- _gnutls_mpi_print (pk->mpi[0], p, &n);
- pk->keyid[0] =
- p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5];
- pk->keyid[1] =
- p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1];
- }
- else if (pk->version == 4)
- {
- cdk_pk_get_fingerprint (pk, buf);
- pk->keyid[0] = _cdk_buftou32 (buf + 12);
- pk->keyid[1] = _cdk_buftou32 (buf + 16);
- }
- }
- lowbits = pk ? pk->keyid[1] : 0;
- if (keyid && pk)
- {
- keyid[0] = pk->keyid[0];
- keyid[1] = pk->keyid[1];
- }
-
- return lowbits;
+ u32 lowbits = 0;
+ byte buf[24];
+
+ if (pk && (!pk->keyid[0] || !pk->keyid[1])) {
+ if (pk->version < 4 && is_RSA(pk->pubkey_algo)) {
+ byte p[MAX_MPI_BYTES];
+ size_t n;
+
+ n = MAX_MPI_BYTES;
+ _gnutls_mpi_print(pk->mpi[0], p, &n);
+ pk->keyid[0] =
+ p[n - 8] << 24 | p[n - 7] << 16 | p[n -
+ 6] << 8 |
+ p[n - 5];
+ pk->keyid[1] =
+ p[n - 4] << 24 | p[n - 3] << 16 | p[n -
+ 2] << 8 |
+ p[n - 1];
+ } else if (pk->version == 4) {
+ cdk_pk_get_fingerprint(pk, buf);
+ pk->keyid[0] = _cdk_buftou32(buf + 12);
+ pk->keyid[1] = _cdk_buftou32(buf + 16);
+ }
+ }
+ lowbits = pk ? pk->keyid[1] : 0;
+ if (keyid && pk) {
+ keyid[0] = pk->keyid[0];
+ keyid[1] = pk->keyid[1];
+ }
+
+ return lowbits;
}
@@ -586,19 +558,17 @@ cdk_pk_get_keyid (cdk_pubkey_t pk, u32 * keyid)
*
* Calculate the key ID of the secret key, actually the public key.
**/
-u32
-cdk_sk_get_keyid (cdk_pkt_seckey_t sk, u32 * keyid)
+u32 cdk_sk_get_keyid(cdk_pkt_seckey_t sk, u32 * keyid)
{
- u32 lowbits = 0;
+ u32 lowbits = 0;
- if (sk && sk->pk)
- {
- lowbits = cdk_pk_get_keyid (sk->pk, keyid);
- sk->keyid[0] = sk->pk->keyid[0];
- sk->keyid[1] = sk->pk->keyid[1];
- }
+ if (sk && sk->pk) {
+ lowbits = cdk_pk_get_keyid(sk->pk, keyid);
+ sk->keyid[0] = sk->pk->keyid[0];
+ sk->keyid[1] = sk->pk->keyid[1];
+ }
- return lowbits;
+ return lowbits;
}
@@ -609,74 +579,69 @@ cdk_sk_get_keyid (cdk_pkt_seckey_t sk, u32 * keyid)
*
* Retrieve the key ID from the given signature.
**/
-u32
-cdk_sig_get_keyid (cdk_pkt_signature_t sig, u32 * keyid)
+u32 cdk_sig_get_keyid(cdk_pkt_signature_t sig, u32 * keyid)
{
- u32 lowbits = sig ? sig->keyid[1] : 0;
-
- if (keyid && sig)
- {
- keyid[0] = sig->keyid[0];
- keyid[1] = sig->keyid[1];
- }
- return lowbits;
+ u32 lowbits = sig ? sig->keyid[1] : 0;
+
+ if (keyid && sig) {
+ keyid[0] = sig->keyid[0];
+ keyid[1] = sig->keyid[1];
+ }
+ return lowbits;
}
/* Return the key ID from the given packet.
If this is not possible, 0 is returned */
-u32
-_cdk_pkt_get_keyid (cdk_packet_t pkt, u32 * keyid)
+u32 _cdk_pkt_get_keyid(cdk_packet_t pkt, u32 * keyid)
{
- u32 lowbits;
+ u32 lowbits;
- if (!pkt)
- return 0;
+ if (!pkt)
+ return 0;
- switch (pkt->pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- lowbits = cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
- break;
+ switch (pkt->pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ lowbits = cdk_pk_get_keyid(pkt->pkt.public_key, keyid);
+ break;
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- lowbits = cdk_sk_get_keyid (pkt->pkt.secret_key, keyid);
- break;
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ lowbits = cdk_sk_get_keyid(pkt->pkt.secret_key, keyid);
+ break;
- case CDK_PKT_SIGNATURE:
- lowbits = cdk_sig_get_keyid (pkt->pkt.signature, keyid);
- break;
+ case CDK_PKT_SIGNATURE:
+ lowbits = cdk_sig_get_keyid(pkt->pkt.signature, keyid);
+ break;
- default:
- lowbits = 0;
- break;
- }
+ default:
+ lowbits = 0;
+ break;
+ }
- return lowbits;
+ return lowbits;
}
/* Get the fingerprint of the packet if possible. */
-cdk_error_t
-_cdk_pkt_get_fingerprint (cdk_packet_t pkt, byte * fpr)
+cdk_error_t _cdk_pkt_get_fingerprint(cdk_packet_t pkt, byte * fpr)
{
- if (!pkt || !fpr)
- return CDK_Inv_Value;
-
- switch (pkt->pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- return cdk_pk_get_fingerprint (pkt->pkt.public_key, fpr);
-
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- return cdk_pk_get_fingerprint (pkt->pkt.secret_key->pk, fpr);
-
- default:
- return CDK_Inv_Mode;
- }
- return 0;
+ if (!pkt || !fpr)
+ return CDK_Inv_Value;
+
+ switch (pkt->pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ return cdk_pk_get_fingerprint(pkt->pkt.public_key, fpr);
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ return cdk_pk_get_fingerprint(pkt->pkt.secret_key->pk,
+ fpr);
+
+ default:
+ return CDK_Inv_Mode;
+ }
+ return 0;
}
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index 670f3de3a4..01b50057f9 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -40,902 +40,853 @@
#define MDC_PKT_VER 1
static int
-stream_read (cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
{
- *r_nread = cdk_stream_read (s, buf, buflen);
- return *r_nread > 0 ? 0 : _cdk_stream_get_errno (s);
+ *r_nread = cdk_stream_read(s, buf, buflen);
+ return *r_nread > 0 ? 0 : _cdk_stream_get_errno(s);
}
/* Try to read 4 octets from the stream. */
-static u32
-read_32 (cdk_stream_t s)
+static u32 read_32(cdk_stream_t s)
{
- byte buf[4];
- size_t nread;
+ byte buf[4];
+ size_t nread;
- assert (s != NULL);
+ assert(s != NULL);
- stream_read (s, buf, 4, &nread);
- if (nread != 4)
- return (u32) - 1;
- return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
+ stream_read(s, buf, 4, &nread);
+ if (nread != 4)
+ return (u32) - 1;
+ return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
}
/* Try to read 2 octets from a stream. */
-static u16
-read_16 (cdk_stream_t s)
+static u16 read_16(cdk_stream_t s)
{
- byte buf[2];
- size_t nread;
+ byte buf[2];
+ size_t nread;
- assert (s != NULL);
+ assert(s != NULL);
- stream_read (s, buf, 2, &nread);
- if (nread != 2)
- return (u16) - 1;
- return buf[0] << 8 | buf[1];
+ stream_read(s, buf, 2, &nread);
+ if (nread != 2)
+ return (u16) - 1;
+ return buf[0] << 8 | buf[1];
}
/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */
-static cdk_error_t
-read_s2k (cdk_stream_t inp, cdk_s2k_t s2k)
+static cdk_error_t read_s2k(cdk_stream_t inp, cdk_s2k_t s2k)
{
- size_t nread;
-
- s2k->mode = cdk_stream_getc (inp);
- s2k->hash_algo = cdk_stream_getc (inp);
- if (s2k->mode == CDK_S2K_SIMPLE)
- return 0;
- else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
- {
- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
- return CDK_Inv_Packet;
- if (nread != DIM (s2k->salt))
- return CDK_Inv_Packet;
-
- if (s2k->mode == CDK_S2K_ITERSALTED)
- s2k->count = cdk_stream_getc (inp);
- }
- else if (s2k->mode == CDK_S2K_GNU_EXT)
- {
- /* GNU extensions to the S2K : read DETAILS from gnupg */
- return 0;
- }
- else
- return CDK_Not_Implemented;
-
- return 0;
+ size_t nread;
+
+ s2k->mode = cdk_stream_getc(inp);
+ s2k->hash_algo = cdk_stream_getc(inp);
+ if (s2k->mode == CDK_S2K_SIMPLE)
+ return 0;
+ else if (s2k->mode == CDK_S2K_SALTED
+ || s2k->mode == CDK_S2K_ITERSALTED) {
+ if (stream_read(inp, s2k->salt, DIM(s2k->salt), &nread))
+ return CDK_Inv_Packet;
+ if (nread != DIM(s2k->salt))
+ return CDK_Inv_Packet;
+
+ if (s2k->mode == CDK_S2K_ITERSALTED)
+ s2k->count = cdk_stream_getc(inp);
+ } else if (s2k->mode == CDK_S2K_GNU_EXT) {
+ /* GNU extensions to the S2K : read DETAILS from gnupg */
+ return 0;
+ } else
+ return CDK_Not_Implemented;
+
+ return 0;
}
-static cdk_error_t
-read_mpi (cdk_stream_t inp, bigint_t * ret_m, int secure)
+static cdk_error_t read_mpi(cdk_stream_t inp, bigint_t * ret_m, int secure)
{
- bigint_t m;
- int err;
- byte buf[MAX_MPI_BYTES + 2];
- size_t nread, nbits;
- cdk_error_t rc;
-
- if (!inp || !ret_m)
- return CDK_Inv_Value;
-
- *ret_m = NULL;
- nbits = read_16 (inp);
- nread = (nbits + 7) / 8;
-
- if (nbits > MAX_MPI_BITS || nbits == 0)
- {
- _gnutls_write_log ("read_mpi: too large %d bits\n", (int) nbits);
- return gnutls_assert_val(CDK_MPI_Error); /* Sanity check */
- }
-
- rc = stream_read (inp, buf + 2, nread, &nread);
- if (!rc && nread != ((nbits + 7) / 8))
- {
- _gnutls_write_log ("read_mpi: too short %d < %d\n", (int) nread,
- (int) ((nbits + 7) / 8));
- return gnutls_assert_val(CDK_MPI_Error);
- }
-
- buf[0] = nbits >> 8;
- buf[1] = nbits >> 0;
- nread += 2;
- err = _gnutls_mpi_scan_pgp (&m, buf, nread);
- if (err < 0)
- return gnutls_assert_val(map_gnutls_error (err));
-
- *ret_m = m;
- return rc;
+ bigint_t m;
+ int err;
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nread, nbits;
+ cdk_error_t rc;
+
+ if (!inp || !ret_m)
+ return CDK_Inv_Value;
+
+ *ret_m = NULL;
+ nbits = read_16(inp);
+ nread = (nbits + 7) / 8;
+
+ if (nbits > MAX_MPI_BITS || nbits == 0) {
+ _gnutls_write_log("read_mpi: too large %d bits\n",
+ (int) nbits);
+ return gnutls_assert_val(CDK_MPI_Error); /* Sanity check */
+ }
+
+ rc = stream_read(inp, buf + 2, nread, &nread);
+ if (!rc && nread != ((nbits + 7) / 8)) {
+ _gnutls_write_log("read_mpi: too short %d < %d\n",
+ (int) nread, (int) ((nbits + 7) / 8));
+ return gnutls_assert_val(CDK_MPI_Error);
+ }
+
+ buf[0] = nbits >> 8;
+ buf[1] = nbits >> 0;
+ nread += 2;
+ err = _gnutls_mpi_scan_pgp(&m, buf, nread);
+ if (err < 0)
+ return gnutls_assert_val(map_gnutls_error(err));
+
+ *ret_m = m;
+ return rc;
}
/* Read the encoded packet length directly from the file
object INP and return it. Reset RET_PARTIAL if this is
the last packet in block mode. */
-size_t
-_cdk_pkt_read_len (FILE * inp, size_t * ret_partial)
+size_t _cdk_pkt_read_len(FILE * inp, size_t * ret_partial)
{
- int c1, c2;
- size_t pktlen;
-
- c1 = fgetc (inp);
- if (c1 == EOF)
- return (size_t) EOF;
- if (c1 < 224 || c1 == 255)
- *ret_partial = 0; /* End of partial data */
- if (c1 < 192)
- pktlen = c1;
- else if (c1 >= 192 && c1 <= 223)
- {
- c2 = fgetc (inp);
- if (c2 == EOF)
- return (size_t) EOF;
- pktlen = ((c1 - 192) << 8) + c2 + 192;
- }
- else if (c1 == 255)
- {
- pktlen = fgetc (inp) << 24;
- pktlen |= fgetc (inp) << 16;
- pktlen |= fgetc (inp) << 8;
- pktlen |= fgetc (inp) << 0;
- }
- else
- pktlen = 1 << (c1 & 0x1f);
- return pktlen;
+ int c1, c2;
+ size_t pktlen;
+
+ c1 = fgetc(inp);
+ if (c1 == EOF)
+ return (size_t) EOF;
+ if (c1 < 224 || c1 == 255)
+ *ret_partial = 0; /* End of partial data */
+ if (c1 < 192)
+ pktlen = c1;
+ else if (c1 >= 192 && c1 <= 223) {
+ c2 = fgetc(inp);
+ if (c2 == EOF)
+ return (size_t) EOF;
+ pktlen = ((c1 - 192) << 8) + c2 + 192;
+ } else if (c1 == 255) {
+ pktlen = fgetc(inp) << 24;
+ pktlen |= fgetc(inp) << 16;
+ pktlen |= fgetc(inp) << 8;
+ pktlen |= fgetc(inp) << 0;
+ } else
+ pktlen = 1 << (c1 & 0x1f);
+ return pktlen;
}
static cdk_error_t
-read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke)
+read_pubkey_enc(cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke)
{
- size_t i, nenc;
-
- if (!inp || !pke)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_pubkey_enc: %d octets\n", (int) pktlen);
-
- if (pktlen < 12)
- return CDK_Inv_Packet;
- pke->version = cdk_stream_getc (inp);
- if (pke->version < 2 || pke->version > 3)
- return CDK_Inv_Packet;
- pke->keyid[0] = read_32 (inp);
- pke->keyid[1] = read_32 (inp);
- if (!pke->keyid[0] && !pke->keyid[1])
- pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */
- pke->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- nenc = cdk_pk_get_nenc (pke->pubkey_algo);
- if (!nenc)
- return CDK_Inv_Algo;
- for (i = 0; i < nenc; i++)
- {
- cdk_error_t rc = read_mpi (inp, &pke->mpi[i], 0);
- if (rc)
- return gnutls_assert_val(rc);
- }
-
- return 0;
+ size_t i, nenc;
+
+ if (!inp || !pke)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_pubkey_enc: %d octets\n",
+ (int) pktlen);
+
+ if (pktlen < 12)
+ return CDK_Inv_Packet;
+ pke->version = cdk_stream_getc(inp);
+ if (pke->version < 2 || pke->version > 3)
+ return CDK_Inv_Packet;
+ pke->keyid[0] = read_32(inp);
+ pke->keyid[1] = read_32(inp);
+ if (!pke->keyid[0] && !pke->keyid[1])
+ pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */
+ pke->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ nenc = cdk_pk_get_nenc(pke->pubkey_algo);
+ if (!nenc)
+ return CDK_Inv_Algo;
+ for (i = 0; i < nenc; i++) {
+ cdk_error_t rc = read_mpi(inp, &pke->mpi[i], 0);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+
+ return 0;
}
-static cdk_error_t
-read_mdc (cdk_stream_t inp, cdk_pkt_mdc_t mdc)
+static cdk_error_t read_mdc(cdk_stream_t inp, cdk_pkt_mdc_t mdc)
{
- size_t n;
- cdk_error_t rc;
+ size_t n;
+ cdk_error_t rc;
- if (!inp || !mdc)
- return CDK_Inv_Value;
+ if (!inp || !mdc)
+ return CDK_Inv_Value;
- if (DEBUG_PKT)
- _gnutls_write_log ("read_mdc:\n");
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_mdc:\n");
- rc = stream_read (inp, mdc->hash, DIM (mdc->hash), &n);
- if (rc)
- return rc;
+ rc = stream_read(inp, mdc->hash, DIM(mdc->hash), &n);
+ if (rc)
+ return rc;
- return n != DIM (mdc->hash) ? CDK_Inv_Packet : 0;
+ return n != DIM(mdc->hash) ? CDK_Inv_Packet : 0;
}
static cdk_error_t
-read_compressed (cdk_stream_t inp, size_t pktlen, cdk_pkt_compressed_t c)
+read_compressed(cdk_stream_t inp, size_t pktlen, cdk_pkt_compressed_t c)
{
- if (!inp || !c)
- return CDK_Inv_Value;
+ if (!inp || !c)
+ return CDK_Inv_Value;
- if (DEBUG_PKT)
- _gnutls_write_log ("read_compressed: %d octets\n", (int) pktlen);
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_compressed: %d octets\n",
+ (int) pktlen);
- c->algorithm = cdk_stream_getc (inp);
- if (c->algorithm > 3)
- return CDK_Inv_Packet;
+ c->algorithm = cdk_stream_getc(inp);
+ if (c->algorithm > 3)
+ return CDK_Inv_Packet;
- /* don't know the size, so we read until EOF */
- if (!pktlen)
- {
- c->len = 0;
- c->buf = inp;
- }
+ /* don't know the size, so we read until EOF */
+ if (!pktlen) {
+ c->len = 0;
+ c->buf = inp;
+ }
- /* FIXME: Support partial bodies. */
- return 0;
+ /* FIXME: Support partial bodies. */
+ return 0;
}
static cdk_error_t
-read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
+read_public_key(cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
{
- size_t i, ndays, npkey;
-
- if (!inp || !pk)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_public_key: %d octets\n", (int) pktlen);
-
- pk->is_invalid = 1; /* default to detect missing self signatures */
- pk->is_revoked = 0;
- pk->has_expired = 0;
-
- pk->version = cdk_stream_getc (inp);
- if (pk->version < 2 || pk->version > 4)
- return CDK_Inv_Packet_Ver;
- pk->timestamp = read_32 (inp);
- if (pk->version < 4)
- {
- ndays = read_16 (inp);
- if (ndays)
- pk->expiredate = pk->timestamp + ndays * 86400L;
- }
-
- pk->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- if (!npkey)
- {
- gnutls_assert ();
- _gnutls_write_log ("invalid public key algorithm %d\n",
- pk->pubkey_algo);
- return CDK_Inv_Algo;
- }
- for (i = 0; i < npkey; i++)
- {
- cdk_error_t rc = read_mpi (inp, &pk->mpi[i], 0);
- if (rc)
- return gnutls_assert_val(rc);
- }
-
- /* This value is just for the first run and will be
- replaced with the actual key flags from the self signature. */
- pk->pubkey_usage = 0;
- return 0;
+ size_t i, ndays, npkey;
+
+ if (!inp || !pk)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_public_key: %d octets\n",
+ (int) pktlen);
+
+ pk->is_invalid = 1; /* default to detect missing self signatures */
+ pk->is_revoked = 0;
+ pk->has_expired = 0;
+
+ pk->version = cdk_stream_getc(inp);
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet_Ver;
+ pk->timestamp = read_32(inp);
+ if (pk->version < 4) {
+ ndays = read_16(inp);
+ if (ndays)
+ pk->expiredate = pk->timestamp + ndays * 86400L;
+ }
+
+ pk->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ if (!npkey) {
+ gnutls_assert();
+ _gnutls_write_log("invalid public key algorithm %d\n",
+ pk->pubkey_algo);
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < npkey; i++) {
+ cdk_error_t rc = read_mpi(inp, &pk->mpi[i], 0);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+
+ /* This value is just for the first run and will be
+ replaced with the actual key flags from the self signature. */
+ pk->pubkey_usage = 0;
+ return 0;
}
static cdk_error_t
-read_public_subkey (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
+read_public_subkey(cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
{
- if (!inp || !pk)
- return CDK_Inv_Value;
- return read_public_key (inp, pktlen, pk);
+ if (!inp || !pk)
+ return CDK_Inv_Value;
+ return read_public_key(inp, pktlen, pk);
}
static cdk_error_t
-read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
+read_secret_key(cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
{
- size_t p1, p2, nread;
- int i, nskey;
- int rc;
-
- if (!inp || !sk || !sk->pk)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_secret_key: %d octets\n", (int) pktlen);
-
- p1 = cdk_stream_tell (inp);
- rc = read_public_key (inp, pktlen, sk->pk);
- if (rc)
- return rc;
-
- sk->s2k_usage = cdk_stream_getc (inp);
- sk->protect.sha1chk = 0;
- if (sk->s2k_usage == 254 || sk->s2k_usage == 255)
- {
- sk->protect.sha1chk = (sk->s2k_usage == 254);
- sk->protect.algo = _pgp_cipher_to_gnutls (cdk_stream_getc (inp));
- if (sk->protect.algo == GNUTLS_CIPHER_UNKNOWN)
- return gnutls_assert_val(CDK_Inv_Algo);
-
- sk->protect.s2k = cdk_calloc (1, sizeof *sk->protect.s2k);
- if (!sk->protect.s2k)
- return CDK_Out_Of_Core;
- rc = read_s2k (inp, sk->protect.s2k);
- if (rc)
- return rc;
- /* refer to --export-secret-subkeys in gpg(1) */
- if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
- sk->protect.ivlen = 0;
- else
- {
- sk->protect.ivlen = gnutls_cipher_get_block_size (sk->protect.algo);
- if (!sk->protect.ivlen)
- return CDK_Inv_Packet;
- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
- if (rc)
- return rc;
- if (nread != sk->protect.ivlen)
- return CDK_Inv_Packet;
- }
- }
- else
- sk->protect.algo = _pgp_cipher_to_gnutls (sk->s2k_usage);
- if (sk->protect.algo == GNUTLS_CIPHER_UNKNOWN)
- return gnutls_assert_val(CDK_Inv_Algo);
- else if (sk->protect.algo == GNUTLS_CIPHER_NULL)
- {
- sk->csum = 0;
- nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
- if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
- for (i = 0; i < nskey; i++)
- {
- rc = read_mpi (inp, &sk->mpi[i], 1);
- if (rc)
- return gnutls_assert_val(rc);
- }
- sk->csum = read_16 (inp);
- sk->is_protected = 0;
- }
- else if (sk->pk->version < 4)
- {
- /* The length of each multiprecision integer is stored in plaintext. */
- nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
- if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
- for (i = 0; i < nskey; i++)
- {
- rc = read_mpi (inp, &sk->mpi[i], 1);
- if (rc)
- return gnutls_assert_val(rc);
- }
- sk->csum = read_16 (inp);
- sk->is_protected = 1;
- }
- else
- {
- /* We need to read the rest of the packet because we do not
- have any information how long the encrypted mpi's are */
- p2 = cdk_stream_tell (inp);
- p2 -= p1;
- sk->enclen = pktlen - p2;
- if (sk->enclen < 2)
- return CDK_Inv_Packet; /* at least 16 bits for the checksum! */
- sk->encdata = cdk_calloc (1, sk->enclen + 1);
- if (!sk->encdata)
- return CDK_Out_Of_Core;
- if (stream_read (inp, sk->encdata, sk->enclen, &nread))
- return CDK_Inv_Packet;
- /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
- if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
- {
- unsigned char gnumode;
- if ((sk->enclen < strlen ("GNU") + 1) ||
- (0 != memcmp ("GNU", sk->encdata, strlen ("GNU"))))
- return CDK_Inv_Packet;
- gnumode = sk->encdata[strlen ("GNU")];
- /* we only handle gnu-dummy (mode 1).
- mode 2 should refer to external smart cards.
- */
- if (gnumode != 1)
- return CDK_Inv_Packet;
- /* gnu-dummy should have no more data */
- if (sk->enclen != strlen ("GNU") + 1)
- return CDK_Inv_Packet;
- }
- nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
- if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
- /* We mark each MPI entry with NULL to indicate a protected key. */
- for (i = 0; i < nskey; i++)
- sk->mpi[i] = NULL;
- sk->is_protected = 1;
- }
-
- sk->is_primary = 1;
- _cdk_copy_pk_to_sk (sk->pk, sk);
- return 0;
+ size_t p1, p2, nread;
+ int i, nskey;
+ int rc;
+
+ if (!inp || !sk || !sk->pk)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_secret_key: %d octets\n",
+ (int) pktlen);
+
+ p1 = cdk_stream_tell(inp);
+ rc = read_public_key(inp, pktlen, sk->pk);
+ if (rc)
+ return rc;
+
+ sk->s2k_usage = cdk_stream_getc(inp);
+ sk->protect.sha1chk = 0;
+ if (sk->s2k_usage == 254 || sk->s2k_usage == 255) {
+ sk->protect.sha1chk = (sk->s2k_usage == 254);
+ sk->protect.algo =
+ _pgp_cipher_to_gnutls(cdk_stream_getc(inp));
+ if (sk->protect.algo == GNUTLS_CIPHER_UNKNOWN)
+ return gnutls_assert_val(CDK_Inv_Algo);
+
+ sk->protect.s2k = cdk_calloc(1, sizeof *sk->protect.s2k);
+ if (!sk->protect.s2k)
+ return CDK_Out_Of_Core;
+ rc = read_s2k(inp, sk->protect.s2k);
+ if (rc)
+ return rc;
+ /* refer to --export-secret-subkeys in gpg(1) */
+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
+ sk->protect.ivlen = 0;
+ else {
+ sk->protect.ivlen =
+ gnutls_cipher_get_block_size(sk->protect.algo);
+ if (!sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ rc = stream_read(inp, sk->protect.iv,
+ sk->protect.ivlen, &nread);
+ if (rc)
+ return rc;
+ if (nread != sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ }
+ } else
+ sk->protect.algo = _pgp_cipher_to_gnutls(sk->s2k_usage);
+ if (sk->protect.algo == GNUTLS_CIPHER_UNKNOWN)
+ return gnutls_assert_val(CDK_Inv_Algo);
+ else if (sk->protect.algo == GNUTLS_CIPHER_NULL) {
+ sk->csum = 0;
+ nskey = cdk_pk_get_nskey(sk->pk->pubkey_algo);
+ if (!nskey) {
+ gnutls_assert();
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < nskey; i++) {
+ rc = read_mpi(inp, &sk->mpi[i], 1);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+ sk->csum = read_16(inp);
+ sk->is_protected = 0;
+ } else if (sk->pk->version < 4) {
+ /* The length of each multiprecision integer is stored in plaintext. */
+ nskey = cdk_pk_get_nskey(sk->pk->pubkey_algo);
+ if (!nskey) {
+ gnutls_assert();
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < nskey; i++) {
+ rc = read_mpi(inp, &sk->mpi[i], 1);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+ sk->csum = read_16(inp);
+ sk->is_protected = 1;
+ } else {
+ /* We need to read the rest of the packet because we do not
+ have any information how long the encrypted mpi's are */
+ p2 = cdk_stream_tell(inp);
+ p2 -= p1;
+ sk->enclen = pktlen - p2;
+ if (sk->enclen < 2)
+ return CDK_Inv_Packet; /* at least 16 bits for the checksum! */
+ sk->encdata = cdk_calloc(1, sk->enclen + 1);
+ if (!sk->encdata)
+ return CDK_Out_Of_Core;
+ if (stream_read(inp, sk->encdata, sk->enclen, &nread))
+ return CDK_Inv_Packet;
+ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) {
+ unsigned char gnumode;
+ if ((sk->enclen < strlen("GNU") + 1) ||
+ (0 !=
+ memcmp("GNU", sk->encdata, strlen("GNU"))))
+ return CDK_Inv_Packet;
+ gnumode = sk->encdata[strlen("GNU")];
+ /* we only handle gnu-dummy (mode 1).
+ mode 2 should refer to external smart cards.
+ */
+ if (gnumode != 1)
+ return CDK_Inv_Packet;
+ /* gnu-dummy should have no more data */
+ if (sk->enclen != strlen("GNU") + 1)
+ return CDK_Inv_Packet;
+ }
+ nskey = cdk_pk_get_nskey(sk->pk->pubkey_algo);
+ if (!nskey) {
+ gnutls_assert();
+ return CDK_Inv_Algo;
+ }
+ /* We mark each MPI entry with NULL to indicate a protected key. */
+ for (i = 0; i < nskey; i++)
+ sk->mpi[i] = NULL;
+ sk->is_protected = 1;
+ }
+
+ sk->is_primary = 1;
+ _cdk_copy_pk_to_sk(sk->pk, sk);
+ return 0;
}
static cdk_error_t
-read_secret_subkey (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
+read_secret_subkey(cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
{
- cdk_error_t rc;
+ cdk_error_t rc;
- if (!inp || !sk || !sk->pk)
- return CDK_Inv_Value;
+ if (!inp || !sk || !sk->pk)
+ return CDK_Inv_Value;
- rc = read_secret_key (inp, pktlen, sk);
- sk->is_primary = 0;
- return rc;
+ rc = read_secret_key(inp, pktlen, sk);
+ sk->is_primary = 0;
+ return rc;
}
#define ATTRIBUTE "[attribute]"
static cdk_error_t
-read_attribute (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, int name_size)
+read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
+ int name_size)
{
- const byte *p;
- byte *buf;
- size_t len, nread;
- cdk_error_t rc;
-
- if (!inp || !attr || !pktlen)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_attribute: %d octets\n", (int) pktlen);
-
- _gnutls_str_cpy (attr->name, name_size, ATTRIBUTE);
- attr->len = MIN(name_size, sizeof(ATTRIBUTE)-1);
-
- buf = cdk_calloc (1, pktlen);
- if (!buf)
- return CDK_Out_Of_Core;
- rc = stream_read (inp, buf, pktlen, &nread);
- if (rc)
- {
- cdk_free (buf);
- return CDK_Inv_Packet;
- }
- p = buf;
- len = *p++;
- pktlen--;
- if (len == 255)
- {
- len = _cdk_buftou32 (p);
- p += 4;
- pktlen -= 4;
- }
- else if (len >= 192)
- {
- if (pktlen < 2)
- {
- cdk_free (buf);
- return CDK_Inv_Packet;
- }
- len = ((len - 192) << 8) + *p + 192;
- p++;
- pktlen--;
- }
-
- if (*p != 1) /* Currently only 1, meaning an image, is defined. */
- {
- cdk_free (buf);
- return CDK_Inv_Packet;
- }
- p++;
- len--;
-
- if (len >= pktlen)
- return CDK_Inv_Packet;
- attr->attrib_img = cdk_calloc (1, len);
- if (!attr->attrib_img)
- {
- cdk_free (buf);
- return CDK_Out_Of_Core;
- }
- attr->attrib_len = len;
- memcpy (attr->attrib_img, p, len);
- cdk_free (buf);
- return rc;
+ const byte *p;
+ byte *buf;
+ size_t len, nread;
+ cdk_error_t rc;
+
+ if (!inp || !attr || !pktlen)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_attribute: %d octets\n",
+ (int) pktlen);
+
+ _gnutls_str_cpy(attr->name, name_size, ATTRIBUTE);
+ attr->len = MIN(name_size, sizeof(ATTRIBUTE) - 1);
+
+ buf = cdk_calloc(1, pktlen);
+ if (!buf)
+ return CDK_Out_Of_Core;
+ rc = stream_read(inp, buf, pktlen, &nread);
+ if (rc) {
+ cdk_free(buf);
+ return CDK_Inv_Packet;
+ }
+ p = buf;
+ len = *p++;
+ pktlen--;
+ if (len == 255) {
+ len = _cdk_buftou32(p);
+ p += 4;
+ pktlen -= 4;
+ } else if (len >= 192) {
+ if (pktlen < 2) {
+ cdk_free(buf);
+ return CDK_Inv_Packet;
+ }
+ len = ((len - 192) << 8) + *p + 192;
+ p++;
+ pktlen--;
+ }
+
+ if (*p != 1) { /* Currently only 1, meaning an image, is defined. */
+ cdk_free(buf);
+ return CDK_Inv_Packet;
+ }
+ p++;
+ len--;
+
+ if (len >= pktlen)
+ return CDK_Inv_Packet;
+ attr->attrib_img = cdk_calloc(1, len);
+ if (!attr->attrib_img) {
+ cdk_free(buf);
+ return CDK_Out_Of_Core;
+ }
+ attr->attrib_len = len;
+ memcpy(attr->attrib_img, p, len);
+ cdk_free(buf);
+ return rc;
}
static cdk_error_t
-read_user_id (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
+read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
{
- size_t nread;
- cdk_error_t rc;
-
- if (!inp || !user_id)
- return CDK_Inv_Value;
- if (!pktlen)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_user_id: %lu octets\n", (unsigned long)pktlen);
-
- user_id->len = pktlen;
- rc = stream_read (inp, user_id->name, pktlen, &nread);
- if (rc)
- return rc;
- if (nread != pktlen)
- return CDK_Inv_Packet;
- user_id->name[nread] = '\0';
- return rc;
+ size_t nread;
+ cdk_error_t rc;
+
+ if (!inp || !user_id)
+ return CDK_Inv_Value;
+ if (!pktlen)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_user_id: %lu octets\n",
+ (unsigned long) pktlen);
+
+ user_id->len = pktlen;
+ rc = stream_read(inp, user_id->name, pktlen, &nread);
+ if (rc)
+ return rc;
+ if (nread != pktlen)
+ return CDK_Inv_Packet;
+ user_id->name[nread] = '\0';
+ return rc;
}
static cdk_error_t
-read_subpkt (cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
{
- byte c, c1;
- size_t size, nread, n;
- cdk_subpkt_t node;
- cdk_error_t rc;
-
- if (!inp || !r_nbytes)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_subpkt:\n");
-
- n = 0;
- *r_nbytes = 0;
- c = cdk_stream_getc (inp);
- n++;
- if (c == 255)
- {
- size = read_32 (inp);
- n += 4;
- }
- else if (c >= 192 && c < 255)
- {
- c1 = cdk_stream_getc (inp);
- n++;
- if (c1 == 0)
- return 0;
- size = ((c - 192) << 8) + c1 + 192;
- }
- else if (c < 192)
- size = c;
- else
- return CDK_Inv_Packet;
-
- node = cdk_subpkt_new (size);
- if (!node)
- return CDK_Out_Of_Core;
- node->size = size;
- node->type = cdk_stream_getc (inp);
- if (DEBUG_PKT)
- _gnutls_write_log (" %d octets %d type\n", node->size, node->type);
- n++;
- node->size--;
- rc = stream_read (inp, node->d, node->size, &nread);
- n += nread;
- if (rc)
- return rc;
- *r_nbytes = n;
- if (!*r_ctx)
- *r_ctx = node;
- else
- cdk_subpkt_add (*r_ctx, node);
- return rc;
+ byte c, c1;
+ size_t size, nread, n;
+ cdk_subpkt_t node;
+ cdk_error_t rc;
+
+ if (!inp || !r_nbytes)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_subpkt:\n");
+
+ n = 0;
+ *r_nbytes = 0;
+ c = cdk_stream_getc(inp);
+ n++;
+ if (c == 255) {
+ size = read_32(inp);
+ n += 4;
+ } else if (c >= 192 && c < 255) {
+ c1 = cdk_stream_getc(inp);
+ n++;
+ if (c1 == 0)
+ return 0;
+ size = ((c - 192) << 8) + c1 + 192;
+ } else if (c < 192)
+ size = c;
+ else
+ return CDK_Inv_Packet;
+
+ node = cdk_subpkt_new(size);
+ if (!node)
+ return CDK_Out_Of_Core;
+ node->size = size;
+ node->type = cdk_stream_getc(inp);
+ if (DEBUG_PKT)
+ _gnutls_write_log(" %d octets %d type\n", node->size,
+ node->type);
+ n++;
+ node->size--;
+ rc = stream_read(inp, node->d, node->size, &nread);
+ n += nread;
+ if (rc)
+ return rc;
+ *r_nbytes = n;
+ if (!*r_ctx)
+ *r_ctx = node;
+ else
+ cdk_subpkt_add(*r_ctx, node);
+ return rc;
}
static cdk_error_t
-read_onepass_sig (cdk_stream_t inp, size_t pktlen, cdk_pkt_onepass_sig_t sig)
+read_onepass_sig(cdk_stream_t inp, size_t pktlen,
+ cdk_pkt_onepass_sig_t sig)
{
- if (!inp || !sig)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_onepass_sig: %d octets\n", (int) pktlen);
-
- if (pktlen != 13)
- return CDK_Inv_Packet;
- sig->version = cdk_stream_getc (inp);
- if (sig->version != 3)
- return CDK_Inv_Packet_Ver;
- sig->sig_class = cdk_stream_getc (inp);
- sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
- sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- sig->keyid[0] = read_32 (inp);
- sig->keyid[1] = read_32 (inp);
- sig->last = cdk_stream_getc (inp);
- return 0;
+ if (!inp || !sig)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_onepass_sig: %d octets\n",
+ (int) pktlen);
+
+ if (pktlen != 13)
+ return CDK_Inv_Packet;
+ sig->version = cdk_stream_getc(inp);
+ if (sig->version != 3)
+ return CDK_Inv_Packet_Ver;
+ sig->sig_class = cdk_stream_getc(inp);
+ sig->digest_algo = _pgp_hash_algo_to_gnutls(cdk_stream_getc(inp));
+ sig->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ sig->keyid[0] = read_32(inp);
+ sig->keyid[1] = read_32(inp);
+ sig->last = cdk_stream_getc(inp);
+ return 0;
}
-static cdk_error_t
-parse_sig_subpackets (cdk_pkt_signature_t sig)
+static cdk_error_t parse_sig_subpackets(cdk_pkt_signature_t sig)
{
- cdk_subpkt_t node;
-
- /* Setup the standard packet entries, so we can use V4
- signatures similar to V3. */
- for (node = sig->unhashed; node; node = node->next)
- {
- if (node->type == CDK_SIGSUBPKT_ISSUER && node->size >= 8)
- {
- sig->keyid[0] = _cdk_buftou32 (node->d);
- sig->keyid[1] = _cdk_buftou32 (node->d + 4);
- }
- else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
- {
- /* Sometimes this packet might be placed in the unhashed area */
- sig->flags.exportable = 0;
- }
- }
- for (node = sig->hashed; node; node = node->next)
- {
- if (node->type == CDK_SIGSUBPKT_SIG_CREATED && node->size >= 4)
- sig->timestamp = _cdk_buftou32 (node->d);
- else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE && node->size >= 4)
- {
- sig->expiredate = _cdk_buftou32 (node->d);
- if (sig->expiredate > 0 && sig->expiredate < (u32) gnutls_time (NULL))
- sig->flags.expired = 1;
- }
- else if (node->type == CDK_SIGSUBPKT_POLICY)
- sig->flags.policy_url = 1;
- else if (node->type == CDK_SIGSUBPKT_NOTATION)
- sig->flags.notation = 1;
- else if (node->type == CDK_SIGSUBPKT_REVOCABLE && node->d[0] == 0)
- sig->flags.revocable = 0;
- else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
- sig->flags.exportable = 0;
- }
- if (sig->sig_class == 0x1F)
- {
- cdk_desig_revoker_t r, rnode;
-
- for (node = sig->hashed; node; node = node->next)
- {
- if (node->type == CDK_SIGSUBPKT_REV_KEY)
- {
- if (node->size < 22)
- continue;
- rnode = cdk_calloc (1, sizeof *rnode);
- if (!rnode)
- return CDK_Out_Of_Core;
- rnode->r_class = node->d[0];
- rnode->algid = node->d[1];
- memcpy (rnode->fpr, node->d + 2, KEY_FPR_LEN);
- if (!sig->revkeys)
- sig->revkeys = rnode;
- else
- {
- for (r = sig->revkeys; r->next; r = r->next)
- ;
- r->next = rnode;
- }
- }
- }
- }
-
- return 0;
+ cdk_subpkt_t node;
+
+ /* Setup the standard packet entries, so we can use V4
+ signatures similar to V3. */
+ for (node = sig->unhashed; node; node = node->next) {
+ if (node->type == CDK_SIGSUBPKT_ISSUER && node->size >= 8) {
+ sig->keyid[0] = _cdk_buftou32(node->d);
+ sig->keyid[1] = _cdk_buftou32(node->d + 4);
+ } else if (node->type == CDK_SIGSUBPKT_EXPORTABLE
+ && node->d[0] == 0) {
+ /* Sometimes this packet might be placed in the unhashed area */
+ sig->flags.exportable = 0;
+ }
+ }
+ for (node = sig->hashed; node; node = node->next) {
+ if (node->type == CDK_SIGSUBPKT_SIG_CREATED
+ && node->size >= 4)
+ sig->timestamp = _cdk_buftou32(node->d);
+ else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE
+ && node->size >= 4) {
+ sig->expiredate = _cdk_buftou32(node->d);
+ if (sig->expiredate > 0
+ && sig->expiredate < (u32) gnutls_time(NULL))
+ sig->flags.expired = 1;
+ } else if (node->type == CDK_SIGSUBPKT_POLICY)
+ sig->flags.policy_url = 1;
+ else if (node->type == CDK_SIGSUBPKT_NOTATION)
+ sig->flags.notation = 1;
+ else if (node->type == CDK_SIGSUBPKT_REVOCABLE
+ && node->d[0] == 0)
+ sig->flags.revocable = 0;
+ else if (node->type == CDK_SIGSUBPKT_EXPORTABLE
+ && node->d[0] == 0)
+ sig->flags.exportable = 0;
+ }
+ if (sig->sig_class == 0x1F) {
+ cdk_desig_revoker_t r, rnode;
+
+ for (node = sig->hashed; node; node = node->next) {
+ if (node->type == CDK_SIGSUBPKT_REV_KEY) {
+ if (node->size < 22)
+ continue;
+ rnode = cdk_calloc(1, sizeof *rnode);
+ if (!rnode)
+ return CDK_Out_Of_Core;
+ rnode->r_class = node->d[0];
+ rnode->algid = node->d[1];
+ memcpy(rnode->fpr, node->d + 2,
+ KEY_FPR_LEN);
+ if (!sig->revkeys)
+ sig->revkeys = rnode;
+ else {
+ for (r = sig->revkeys; r->next;
+ r = r->next);
+ r->next = rnode;
+ }
+ }
+ }
+ }
+
+ return 0;
}
static cdk_error_t
-read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig)
+read_signature(cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig)
{
- size_t nbytes;
- size_t i, nsig;
- ssize_t size;
- cdk_error_t rc;
-
- if (!inp || !sig)
- return gnutls_assert_val(CDK_Inv_Value);
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_signature: %d octets\n", (int) pktlen);
-
- if (pktlen < 16)
- return gnutls_assert_val(CDK_Inv_Packet);
- sig->version = cdk_stream_getc (inp);
- if (sig->version < 2 || sig->version > 4)
- return gnutls_assert_val(CDK_Inv_Packet_Ver);
-
- sig->flags.exportable = 1;
- sig->flags.revocable = 1;
-
- if (sig->version < 4)
- {
- if (cdk_stream_getc (inp) != 5)
- return gnutls_assert_val(CDK_Inv_Packet);
- sig->sig_class = cdk_stream_getc (inp);
- sig->timestamp = read_32 (inp);
- sig->keyid[0] = read_32 (inp);
- sig->keyid[1] = read_32 (inp);
- sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
- sig->digest_start[0] = cdk_stream_getc (inp);
- sig->digest_start[1] = cdk_stream_getc (inp);
- nsig = cdk_pk_get_nsig (sig->pubkey_algo);
- if (!nsig)
- return gnutls_assert_val(CDK_Inv_Algo);
- for (i = 0; i < nsig; i++)
- {
- rc = read_mpi (inp, &sig->mpi[i], 0);
- if (rc)
- return gnutls_assert_val(rc);
- }
- }
- else
- {
- sig->sig_class = cdk_stream_getc (inp);
- sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
- sig->hashed_size = read_16 (inp);
- size = sig->hashed_size;
- sig->hashed = NULL;
- while (size > 0)
- {
- rc = read_subpkt (inp, &sig->hashed, &nbytes);
- if (rc)
- return gnutls_assert_val(rc);
- size -= nbytes;
- }
- sig->unhashed_size = read_16 (inp);
- size = sig->unhashed_size;
- sig->unhashed = NULL;
- while (size > 0)
- {
- rc = read_subpkt (inp, &sig->unhashed, &nbytes);
- if (rc)
- return gnutls_assert_val(rc);
- size -= nbytes;
- }
-
- rc = parse_sig_subpackets (sig);
- if (rc)
- return gnutls_assert_val(rc);
-
- sig->digest_start[0] = cdk_stream_getc (inp);
- sig->digest_start[1] = cdk_stream_getc (inp);
- nsig = cdk_pk_get_nsig (sig->pubkey_algo);
- if (!nsig)
- return gnutls_assert_val(CDK_Inv_Algo);
- for (i = 0; i < nsig; i++)
- {
- rc = read_mpi (inp, &sig->mpi[i], 0);
- if (rc)
- return gnutls_assert_val(rc);
- }
- }
-
- return 0;
+ size_t nbytes;
+ size_t i, nsig;
+ ssize_t size;
+ cdk_error_t rc;
+
+ if (!inp || !sig)
+ return gnutls_assert_val(CDK_Inv_Value);
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_signature: %d octets\n",
+ (int) pktlen);
+
+ if (pktlen < 16)
+ return gnutls_assert_val(CDK_Inv_Packet);
+ sig->version = cdk_stream_getc(inp);
+ if (sig->version < 2 || sig->version > 4)
+ return gnutls_assert_val(CDK_Inv_Packet_Ver);
+
+ sig->flags.exportable = 1;
+ sig->flags.revocable = 1;
+
+ if (sig->version < 4) {
+ if (cdk_stream_getc(inp) != 5)
+ return gnutls_assert_val(CDK_Inv_Packet);
+ sig->sig_class = cdk_stream_getc(inp);
+ sig->timestamp = read_32(inp);
+ sig->keyid[0] = read_32(inp);
+ sig->keyid[1] = read_32(inp);
+ sig->pubkey_algo =
+ _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ sig->digest_algo =
+ _pgp_hash_algo_to_gnutls(cdk_stream_getc(inp));
+ sig->digest_start[0] = cdk_stream_getc(inp);
+ sig->digest_start[1] = cdk_stream_getc(inp);
+ nsig = cdk_pk_get_nsig(sig->pubkey_algo);
+ if (!nsig)
+ return gnutls_assert_val(CDK_Inv_Algo);
+ for (i = 0; i < nsig; i++) {
+ rc = read_mpi(inp, &sig->mpi[i], 0);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+ } else {
+ sig->sig_class = cdk_stream_getc(inp);
+ sig->pubkey_algo =
+ _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ sig->digest_algo =
+ _pgp_hash_algo_to_gnutls(cdk_stream_getc(inp));
+ sig->hashed_size = read_16(inp);
+ size = sig->hashed_size;
+ sig->hashed = NULL;
+ while (size > 0) {
+ rc = read_subpkt(inp, &sig->hashed, &nbytes);
+ if (rc)
+ return gnutls_assert_val(rc);
+ size -= nbytes;
+ }
+ sig->unhashed_size = read_16(inp);
+ size = sig->unhashed_size;
+ sig->unhashed = NULL;
+ while (size > 0) {
+ rc = read_subpkt(inp, &sig->unhashed, &nbytes);
+ if (rc)
+ return gnutls_assert_val(rc);
+ size -= nbytes;
+ }
+
+ rc = parse_sig_subpackets(sig);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ sig->digest_start[0] = cdk_stream_getc(inp);
+ sig->digest_start[1] = cdk_stream_getc(inp);
+ nsig = cdk_pk_get_nsig(sig->pubkey_algo);
+ if (!nsig)
+ return gnutls_assert_val(CDK_Inv_Algo);
+ for (i = 0; i < nsig; i++) {
+ rc = read_mpi(inp, &sig->mpi[i], 0);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+ }
+
+ return 0;
}
static cdk_error_t
-read_literal (cdk_stream_t inp, size_t pktlen,
- cdk_pkt_literal_t * ret_pt, int is_partial)
+read_literal(cdk_stream_t inp, size_t pktlen,
+ cdk_pkt_literal_t * ret_pt, int is_partial)
{
- cdk_pkt_literal_t pt = *ret_pt;
- size_t nread;
- cdk_error_t rc;
-
- if (!inp || !pt)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_literal: %d octets\n", (int) pktlen);
-
- pt->mode = cdk_stream_getc (inp);
- if (pt->mode != 0x62 && pt->mode != 0x74 && pt->mode != 0x75)
- return CDK_Inv_Packet;
- if (cdk_stream_eof (inp))
- return CDK_Inv_Packet;
-
- pt->namelen = cdk_stream_getc (inp);
- if (pt->namelen > 0)
- {
- *ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2);
- if (!pt)
- return CDK_Out_Of_Core;
- pt->name = (char *) pt + sizeof (*pt);
- rc = stream_read (inp, pt->name, pt->namelen, &nread);
- if (rc)
- return rc;
- if ((int) nread != pt->namelen)
- return CDK_Inv_Packet;
- pt->name[pt->namelen] = '\0';
- }
- pt->timestamp = read_32 (inp);
- pktlen = pktlen - 6 - pt->namelen;
- if (is_partial)
- _cdk_stream_set_blockmode (inp, pktlen);
- pt->buf = inp;
- pt->len = pktlen;
- return 0;
+ cdk_pkt_literal_t pt = *ret_pt;
+ size_t nread;
+ cdk_error_t rc;
+
+ if (!inp || !pt)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_literal: %d octets\n",
+ (int) pktlen);
+
+ pt->mode = cdk_stream_getc(inp);
+ if (pt->mode != 0x62 && pt->mode != 0x74 && pt->mode != 0x75)
+ return CDK_Inv_Packet;
+ if (cdk_stream_eof(inp))
+ return CDK_Inv_Packet;
+
+ pt->namelen = cdk_stream_getc(inp);
+ if (pt->namelen > 0) {
+ *ret_pt = pt =
+ cdk_realloc(pt, sizeof *pt + pt->namelen + 2);
+ if (!pt)
+ return CDK_Out_Of_Core;
+ pt->name = (char *) pt + sizeof(*pt);
+ rc = stream_read(inp, pt->name, pt->namelen, &nread);
+ if (rc)
+ return rc;
+ if ((int) nread != pt->namelen)
+ return CDK_Inv_Packet;
+ pt->name[pt->namelen] = '\0';
+ }
+ pt->timestamp = read_32(inp);
+ pktlen = pktlen - 6 - pt->namelen;
+ if (is_partial)
+ _cdk_stream_set_blockmode(inp, pktlen);
+ pt->buf = inp;
+ pt->len = pktlen;
+ return 0;
}
/* Read an old packet CTB and return the length of the body. */
static void
-read_old_length (cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size)
+read_old_length(cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size)
{
- int llen = ctb & 0x03;
-
- if (llen == 0)
- {
- *r_len = cdk_stream_getc (inp);
- (*r_size)++;
- }
- else if (llen == 1)
- {
- *r_len = read_16 (inp);
- (*r_size) += 2;
- }
- else if (llen == 2)
- {
- *r_len = read_32 (inp);
- (*r_size) += 4;
- }
- else
- {
- *r_len = 0;
- *r_size = 0;
- }
+ int llen = ctb & 0x03;
+
+ if (llen == 0) {
+ *r_len = cdk_stream_getc(inp);
+ (*r_size)++;
+ } else if (llen == 1) {
+ *r_len = read_16(inp);
+ (*r_size) += 2;
+ } else if (llen == 2) {
+ *r_len = read_32(inp);
+ (*r_size) += 4;
+ } else {
+ *r_len = 0;
+ *r_size = 0;
+ }
}
/* Read a new CTB and decode the body length. */
static void
-read_new_length (cdk_stream_t inp,
- size_t * r_len, size_t * r_size, size_t * r_partial)
+read_new_length(cdk_stream_t inp,
+ size_t * r_len, size_t * r_size, size_t * r_partial)
{
- int c, c1;
-
- c = cdk_stream_getc (inp);
- (*r_size)++;
- if (c < 192)
- *r_len = c;
- else if (c >= 192 && c <= 223)
- {
- c1 = cdk_stream_getc (inp);
- (*r_size)++;
- *r_len = ((c - 192) << 8) + c1 + 192;
- }
- else if (c == 255)
- {
- *r_len = read_32 (inp);
- (*r_size) += 4;
- }
- else
- {
- *r_len = 1 << (c & 0x1f);
- *r_partial = 1;
- }
+ int c, c1;
+
+ c = cdk_stream_getc(inp);
+ (*r_size)++;
+ if (c < 192)
+ *r_len = c;
+ else if (c >= 192 && c <= 223) {
+ c1 = cdk_stream_getc(inp);
+ (*r_size)++;
+ *r_len = ((c - 192) << 8) + c1 + 192;
+ } else if (c == 255) {
+ *r_len = read_32(inp);
+ (*r_size) += 4;
+ } else {
+ *r_len = 1 << (c & 0x1f);
+ *r_partial = 1;
+ }
}
/* Skip the current packet body. */
-static void
-skip_packet (cdk_stream_t inp, size_t pktlen)
+static void skip_packet(cdk_stream_t inp, size_t pktlen)
{
- byte buf[BUFSIZE];
- size_t nread, buflen = DIM (buf);
+ byte buf[BUFSIZE];
+ size_t nread, buflen = DIM(buf);
- while (pktlen > 0)
- {
- stream_read (inp, buf, pktlen > buflen ? buflen : pktlen, &nread);
- pktlen -= nread;
- }
+ while (pktlen > 0) {
+ stream_read(inp, buf, pktlen > buflen ? buflen : pktlen,
+ &nread);
+ pktlen -= nread;
+ }
- assert (pktlen == 0);
+ assert(pktlen == 0);
}
@@ -946,193 +897,199 @@ skip_packet (cdk_stream_t inp, size_t pktlen)
*
* Parse the next packet on the @inp stream and return its contents in @pkt.
**/
-cdk_error_t
-cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt)
+cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
{
- int ctb, is_newctb;
- int pkttype;
- size_t pktlen = 0, pktsize = 0, is_partial = 0;
- cdk_error_t rc;
-
- if (!inp || !pkt)
- return CDK_Inv_Value;
-
- ctb = cdk_stream_getc (inp);
- if (cdk_stream_eof (inp) || ctb == EOF)
- return CDK_EOF;
- else if (!ctb)
- return gnutls_assert_val(CDK_Inv_Packet);
-
- pktsize++;
- if (!(ctb & 0x80))
- {
- _cdk_log_info ("cdk_pkt_read: no openpgp data found. "
- "(ctb=%02X; fpos=%02X)\n", (int) ctb,
- (int) cdk_stream_tell (inp));
- return gnutls_assert_val(CDK_Inv_Packet);
- }
-
- if (ctb & 0x40) /* RFC2440 packet format. */
- {
- pkttype = ctb & 0x3f;
- is_newctb = 1;
- }
- else /* the old RFC1991 packet format. */
- {
- pkttype = ctb & 0x3f;
- pkttype >>= 2;
- is_newctb = 0;
- }
-
- if (pkttype > 63)
- {
- _cdk_log_info ("cdk_pkt_read: unknown type %d\n", pkttype);
- return gnutls_assert_val(CDK_Inv_Packet);
- }
-
- if (is_newctb)
- read_new_length (inp, &pktlen, &pktsize, &is_partial);
- else
- read_old_length (inp, ctb, &pktlen, &pktsize);
-
- pkt->pkttype = pkttype;
- pkt->pktlen = pktlen;
- pkt->pktsize = pktsize + pktlen;
- pkt->old_ctb = is_newctb ? 0 : 1;
-
- rc = 0;
- switch (pkt->pkttype)
- {
- case CDK_PKT_ATTRIBUTE:
+ int ctb, is_newctb;
+ int pkttype;
+ size_t pktlen = 0, pktsize = 0, is_partial = 0;
+ cdk_error_t rc;
+
+ if (!inp || !pkt)
+ return CDK_Inv_Value;
+
+ ctb = cdk_stream_getc(inp);
+ if (cdk_stream_eof(inp) || ctb == EOF)
+ return CDK_EOF;
+ else if (!ctb)
+ return gnutls_assert_val(CDK_Inv_Packet);
+
+ pktsize++;
+ if (!(ctb & 0x80)) {
+ _cdk_log_info("cdk_pkt_read: no openpgp data found. "
+ "(ctb=%02X; fpos=%02X)\n", (int) ctb,
+ (int) cdk_stream_tell(inp));
+ return gnutls_assert_val(CDK_Inv_Packet);
+ }
+
+ if (ctb & 0x40) { /* RFC2440 packet format. */
+ pkttype = ctb & 0x3f;
+ is_newctb = 1;
+ } else { /* the old RFC1991 packet format. */
+
+ pkttype = ctb & 0x3f;
+ pkttype >>= 2;
+ is_newctb = 0;
+ }
+
+ if (pkttype > 63) {
+ _cdk_log_info("cdk_pkt_read: unknown type %d\n", pkttype);
+ return gnutls_assert_val(CDK_Inv_Packet);
+ }
+
+ if (is_newctb)
+ read_new_length(inp, &pktlen, &pktsize, &is_partial);
+ else
+ read_old_length(inp, ctb, &pktlen, &pktsize);
+
+ pkt->pkttype = pkttype;
+ pkt->pktlen = pktlen;
+ pkt->pktsize = pktsize + pktlen;
+ pkt->old_ctb = is_newctb ? 0 : 1;
+
+ rc = 0;
+ switch (pkt->pkttype) {
+ case CDK_PKT_ATTRIBUTE:
#define NAME_SIZE (pkt->pktlen + 16 + 1)
- pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
- + NAME_SIZE);
- if (!pkt->pkt.user_id)
- return gnutls_assert_val(CDK_Out_Of_Core);
- pkt->pkt.user_id->name =
- (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
-
- rc = read_attribute (inp, pktlen, pkt->pkt.user_id, NAME_SIZE);
- pkt->pkttype = CDK_PKT_ATTRIBUTE;
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_USER_ID:
- pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
- + pkt->pktlen + 1);
- if (!pkt->pkt.user_id)
- return gnutls_assert_val(CDK_Out_Of_Core);
- pkt->pkt.user_id->name =
- (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
- rc = read_user_id (inp, pktlen, pkt->pkt.user_id);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_PUBLIC_KEY:
- pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
- if (!pkt->pkt.public_key)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_public_key (inp, pktlen, pkt->pkt.public_key);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_PUBLIC_SUBKEY:
- pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
- if (!pkt->pkt.public_key)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_public_subkey (inp, pktlen, pkt->pkt.public_key);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_SECRET_KEY:
- pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
- if (!pkt->pkt.secret_key)
- return gnutls_assert_val(CDK_Out_Of_Core);
- pkt->pkt.secret_key->pk = cdk_calloc (1,
- sizeof *pkt->pkt.secret_key->pk);
- if (!pkt->pkt.secret_key->pk)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_secret_key (inp, pktlen, pkt->pkt.secret_key);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_SECRET_SUBKEY:
- pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
- if (!pkt->pkt.secret_key)
- return gnutls_assert_val(CDK_Out_Of_Core);
- pkt->pkt.secret_key->pk = cdk_calloc (1,
- sizeof *pkt->pkt.secret_key->pk);
- if (!pkt->pkt.secret_key->pk)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_secret_subkey (inp, pktlen, pkt->pkt.secret_key);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_LITERAL:
- pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
- if (!pkt->pkt.literal)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_literal (inp, pktlen, &pkt->pkt.literal, is_partial);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_ONEPASS_SIG:
- pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
- if (!pkt->pkt.onepass_sig)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_onepass_sig (inp, pktlen, pkt->pkt.onepass_sig);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_SIGNATURE:
- pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
- if (!pkt->pkt.signature)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_signature (inp, pktlen, pkt->pkt.signature);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_PUBKEY_ENC:
- pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
- if (!pkt->pkt.pubkey_enc)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_pubkey_enc (inp, pktlen, pkt->pkt.pubkey_enc);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_COMPRESSED:
- pkt->pkt.compressed = cdk_calloc (1, sizeof *pkt->pkt.compressed);
- if (!pkt->pkt.compressed)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_compressed (inp, pktlen, pkt->pkt.compressed);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_MDC:
- pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
- if (!pkt->pkt.mdc)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_mdc (inp, pkt->pkt.mdc);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- default:
- /* Skip all packets we don't understand */
- skip_packet (inp, pktlen);
- break;
- }
-
- return rc;
+ pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id
+ + NAME_SIZE);
+ if (!pkt->pkt.user_id)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ pkt->pkt.user_id->name =
+ (char *) pkt->pkt.user_id + sizeof(*pkt->pkt.user_id);
+
+ rc = read_attribute(inp, pktlen, pkt->pkt.user_id,
+ NAME_SIZE);
+ pkt->pkttype = CDK_PKT_ATTRIBUTE;
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id
+ + pkt->pktlen + 1);
+ if (!pkt->pkt.user_id)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ pkt->pkt.user_id->name =
+ (char *) pkt->pkt.user_id + sizeof(*pkt->pkt.user_id);
+ rc = read_user_id(inp, pktlen, pkt->pkt.user_id);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_PUBLIC_KEY:
+ pkt->pkt.public_key =
+ cdk_calloc(1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_public_key(inp, pktlen, pkt->pkt.public_key);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key =
+ cdk_calloc(1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_public_subkey(inp, pktlen, pkt->pkt.public_key);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ pkt->pkt.secret_key =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ if (!pkt->pkt.secret_key)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ pkt->pkt.secret_key->pk = cdk_calloc(1,
+ sizeof *pkt->pkt.
+ secret_key->pk);
+ if (!pkt->pkt.secret_key->pk)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_secret_key(inp, pktlen, pkt->pkt.secret_key);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ if (!pkt->pkt.secret_key)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ pkt->pkt.secret_key->pk = cdk_calloc(1,
+ sizeof *pkt->pkt.
+ secret_key->pk);
+ if (!pkt->pkt.secret_key->pk)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_secret_subkey(inp, pktlen, pkt->pkt.secret_key);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_LITERAL:
+ pkt->pkt.literal = cdk_calloc(1, sizeof *pkt->pkt.literal);
+ if (!pkt->pkt.literal)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_literal(inp, pktlen, &pkt->pkt.literal,
+ is_partial);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_ONEPASS_SIG:
+ pkt->pkt.onepass_sig =
+ cdk_calloc(1, sizeof *pkt->pkt.onepass_sig);
+ if (!pkt->pkt.onepass_sig)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_onepass_sig(inp, pktlen, pkt->pkt.onepass_sig);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature =
+ cdk_calloc(1, sizeof *pkt->pkt.signature);
+ if (!pkt->pkt.signature)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_signature(inp, pktlen, pkt->pkt.signature);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_PUBKEY_ENC:
+ pkt->pkt.pubkey_enc =
+ cdk_calloc(1, sizeof *pkt->pkt.pubkey_enc);
+ if (!pkt->pkt.pubkey_enc)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_pubkey_enc(inp, pktlen, pkt->pkt.pubkey_enc);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_COMPRESSED:
+ pkt->pkt.compressed =
+ cdk_calloc(1, sizeof *pkt->pkt.compressed);
+ if (!pkt->pkt.compressed)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_compressed(inp, pktlen, pkt->pkt.compressed);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_MDC:
+ pkt->pkt.mdc = cdk_calloc(1, sizeof *pkt->pkt.mdc);
+ if (!pkt->pkt.mdc)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_mdc(inp, pkt->pkt.mdc);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ default:
+ /* Skip all packets we don't understand */
+ skip_packet(inp, pktlen);
+ break;
+ }
+
+ return rc;
}
diff --git a/lib/opencdk/seskey.c b/lib/opencdk/seskey.c
index 7ffeb1ad1c..77fbd1f9d6 100644
--- a/lib/opencdk/seskey.c
+++ b/lib/opencdk/seskey.c
@@ -41,29 +41,29 @@
* The @salt parameter must be always 8 octets.
**/
cdk_error_t
-cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
- const byte * salt)
+cdk_s2k_new(cdk_s2k_t * ret_s2k, int mode, int digest_algo,
+ const byte * salt)
{
- cdk_s2k_t s2k;
+ cdk_s2k_t s2k;
- if (!ret_s2k)
- return CDK_Inv_Value;
+ if (!ret_s2k)
+ return CDK_Inv_Value;
- if (mode != 0x00 && mode != 0x01 && mode != 0x03)
- return CDK_Inv_Mode;
+ if (mode != 0x00 && mode != 0x01 && mode != 0x03)
+ return CDK_Inv_Mode;
- if (_gnutls_hash_get_algo_len (mac_to_entry(digest_algo)) <= 0)
- return CDK_Inv_Algo;
+ if (_gnutls_hash_get_algo_len(mac_to_entry(digest_algo)) <= 0)
+ return CDK_Inv_Algo;
- s2k = cdk_calloc (1, sizeof *s2k);
- if (!s2k)
- return CDK_Out_Of_Core;
- s2k->mode = mode;
- s2k->hash_algo = digest_algo;
- if (salt)
- memcpy (s2k->salt, salt, 8);
- *ret_s2k = s2k;
- return 0;
+ s2k = cdk_calloc(1, sizeof *s2k);
+ if (!s2k)
+ return CDK_Out_Of_Core;
+ s2k->mode = mode;
+ s2k->hash_algo = digest_algo;
+ if (salt)
+ memcpy(s2k->salt, salt, 8);
+ *ret_s2k = s2k;
+ return 0;
}
@@ -73,25 +73,23 @@ cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
*
* Release the given S2K object.
**/
-void
-cdk_s2k_free (cdk_s2k_t s2k)
+void cdk_s2k_free(cdk_s2k_t s2k)
{
- cdk_free (s2k);
+ cdk_free(s2k);
}
/* Make a copy of the source s2k into R_DST. */
-cdk_error_t
-_cdk_s2k_copy (cdk_s2k_t * r_dst, cdk_s2k_t src)
+cdk_error_t _cdk_s2k_copy(cdk_s2k_t * r_dst, cdk_s2k_t src)
{
- cdk_s2k_t dst;
- cdk_error_t err;
+ cdk_s2k_t dst;
+ cdk_error_t err;
- err = cdk_s2k_new (&dst, src->mode, src->hash_algo, src->salt);
- if (err)
- return err;
- dst->count = src->count;
- *r_dst = dst;
+ err = cdk_s2k_new(&dst, src->mode, src->hash_algo, src->salt);
+ if (err)
+ return err;
+ dst->count = src->count;
+ *r_dst = dst;
- return 0;
+ return 0;
}
diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c
index 9083fb56d3..931bb138cb 100644
--- a/lib/opencdk/sig-check.c
+++ b/lib/opencdk/sig-check.c
@@ -33,35 +33,32 @@
/* Hash all multi precision integers of the key PK with the given
message digest context MD. */
-static int
-hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
+static int hash_mpibuf(cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
{
- byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
- size_t nbytes;
- size_t i, npkey;
- int err;
-
- /* We have to differ between two modes for v3 keys. To form the
- fingerprint, we hash the MPI values without the length prefix.
- But if we calculate the hash for verifying/signing we use all data. */
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- for (i = 0; i < npkey; i++)
- {
- nbytes = MAX_MPI_BYTES;
- err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes);
-
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
-
- if (!usefpr || pk->version == 4)
- _gnutls_hash (md, buf, nbytes);
- else /* without the prefix. */
- _gnutls_hash (md, buf + 2, nbytes - 2);
- }
- return 0;
+ byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
+ size_t nbytes;
+ size_t i, npkey;
+ int err;
+
+ /* We have to differ between two modes for v3 keys. To form the
+ fingerprint, we hash the MPI values without the length prefix.
+ But if we calculate the hash for verifying/signing we use all data. */
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ for (i = 0; i < npkey; i++) {
+ nbytes = MAX_MPI_BYTES;
+ err = _gnutls_mpi_print_pgp(pk->mpi[i], buf, &nbytes);
+
+ if (err < 0) {
+ gnutls_assert();
+ return map_gnutls_error(err);
+ }
+
+ if (!usefpr || pk->version == 4)
+ _gnutls_hash(md, buf, nbytes);
+ else /* without the prefix. */
+ _gnutls_hash(md, buf + 2, nbytes - 2);
+ }
+ return 0;
}
@@ -69,417 +66,378 @@ hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
MD. The @usefpr param is only valid for version 3 keys because of
the different way to calculate the fingerprint. */
cdk_error_t
-_cdk_hash_pubkey (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
+_cdk_hash_pubkey(cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
{
- byte buf[12];
- size_t i, n, npkey;
-
- if (!pk || !md)
- return CDK_Inv_Value;
-
- if (usefpr && pk->version < 4 && is_RSA (pk->pubkey_algo))
- return hash_mpibuf (pk, md, 1);
-
- /* The version 4 public key packet does not have the 2 octets for
- the expiration date. */
- n = pk->version < 4 ? 8 : 6;
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- for (i = 0; i < npkey; i++)
- n = n + (_gnutls_mpi_get_nbits (pk->mpi[i]) + 7) / 8 + 2;
-
- i = 0;
- buf[i++] = 0x99;
- buf[i++] = n >> 8;
- buf[i++] = n >> 0;
- buf[i++] = pk->version;
- buf[i++] = pk->timestamp >> 24;
- buf[i++] = pk->timestamp >> 16;
- buf[i++] = pk->timestamp >> 8;
- buf[i++] = pk->timestamp >> 0;
-
- if (pk->version < 4)
- {
- u16 a = 0;
-
- /* Convert the expiration date into days. */
- if (pk->expiredate)
- a = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
- buf[i++] = a >> 8;
- buf[i++] = a;
- }
- buf[i++] = pk->pubkey_algo;
- _gnutls_hash (md, buf, i);
- return hash_mpibuf (pk, md, 0);
+ byte buf[12];
+ size_t i, n, npkey;
+
+ if (!pk || !md)
+ return CDK_Inv_Value;
+
+ if (usefpr && pk->version < 4 && is_RSA(pk->pubkey_algo))
+ return hash_mpibuf(pk, md, 1);
+
+ /* The version 4 public key packet does not have the 2 octets for
+ the expiration date. */
+ n = pk->version < 4 ? 8 : 6;
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ for (i = 0; i < npkey; i++)
+ n = n + (_gnutls_mpi_get_nbits(pk->mpi[i]) + 7) / 8 + 2;
+
+ i = 0;
+ buf[i++] = 0x99;
+ buf[i++] = n >> 8;
+ buf[i++] = n >> 0;
+ buf[i++] = pk->version;
+ buf[i++] = pk->timestamp >> 24;
+ buf[i++] = pk->timestamp >> 16;
+ buf[i++] = pk->timestamp >> 8;
+ buf[i++] = pk->timestamp >> 0;
+
+ if (pk->version < 4) {
+ u16 a = 0;
+
+ /* Convert the expiration date into days. */
+ if (pk->expiredate)
+ a = (u16) ((pk->expiredate -
+ pk->timestamp) / 86400L);
+ buf[i++] = a >> 8;
+ buf[i++] = a;
+ }
+ buf[i++] = pk->pubkey_algo;
+ _gnutls_hash(md, buf, i);
+ return hash_mpibuf(pk, md, 0);
}
/* Hash the user ID @uid with the given message digest @md.
Use openpgp mode if @is_v4 is 1. */
cdk_error_t
-_cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4, digest_hd_st * md)
+_cdk_hash_userid(cdk_pkt_userid_t uid, int is_v4, digest_hd_st * md)
{
- const byte *data;
- byte buf[5];
- u32 dlen;
-
- if (!uid || !md)
- return CDK_Inv_Value;
-
- if (!is_v4)
- {
- _gnutls_hash (md, (byte *) uid->name, uid->len);
- return 0;
- }
-
- dlen = uid->attrib_img ? uid->attrib_len : uid->len;
- data = uid->attrib_img ? uid->attrib_img : (byte *) uid->name;
- buf[0] = uid->attrib_img ? 0xD1 : 0xB4;
- buf[1] = dlen >> 24;
- buf[2] = dlen >> 16;
- buf[3] = dlen >> 8;
- buf[4] = dlen >> 0;
- _gnutls_hash (md, buf, 5);
- _gnutls_hash (md, data, dlen);
- return 0;
+ const byte *data;
+ byte buf[5];
+ u32 dlen;
+
+ if (!uid || !md)
+ return CDK_Inv_Value;
+
+ if (!is_v4) {
+ _gnutls_hash(md, (byte *) uid->name, uid->len);
+ return 0;
+ }
+
+ dlen = uid->attrib_img ? uid->attrib_len : uid->len;
+ data = uid->attrib_img ? uid->attrib_img : (byte *) uid->name;
+ buf[0] = uid->attrib_img ? 0xD1 : 0xB4;
+ buf[1] = dlen >> 24;
+ buf[2] = dlen >> 16;
+ buf[3] = dlen >> 8;
+ buf[4] = dlen >> 0;
+ _gnutls_hash(md, buf, 5);
+ _gnutls_hash(md, data, dlen);
+ return 0;
}
/* Hash all parts of the signature which are needed to derive
the correct message digest to verify the sig. */
-cdk_error_t
-_cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * md)
+cdk_error_t _cdk_hash_sig_data(cdk_pkt_signature_t sig, digest_hd_st * md)
{
- byte buf[4];
- byte tmp;
-
- if (!sig || !md)
- return CDK_Inv_Value;
-
- if (sig->version == 4)
- _gnutls_hash (md, &sig->version, 1);
-
- _gnutls_hash (md, &sig->sig_class, 1);
- if (sig->version < 4)
- {
- buf[0] = sig->timestamp >> 24;
- buf[1] = sig->timestamp >> 16;
- buf[2] = sig->timestamp >> 8;
- buf[3] = sig->timestamp >> 0;
- _gnutls_hash (md, buf, 4);
- }
- else
- {
- size_t n;
-
- tmp = _cdk_pub_algo_to_pgp (sig->pubkey_algo);
- _gnutls_hash (md, &tmp, 1);
- tmp = _gnutls_hash_algo_to_pgp (sig->digest_algo);
- _gnutls_hash (md, &tmp, 1);
- if (sig->hashed != NULL)
- {
- byte *p = _cdk_subpkt_get_array (sig->hashed, 0, &n);
- if (p == NULL)
- return gnutls_assert_val(CDK_Inv_Value);
-
- buf[0] = n >> 8;
- buf[1] = n >> 0;
- _gnutls_hash (md, buf, 2);
- _gnutls_hash (md, p, n);
- cdk_free (p);
- sig->hashed_size = n;
- n = sig->hashed_size + 6;
- }
- else
- {
- tmp = 0x00;
- _gnutls_hash (md, &tmp, 1);
- _gnutls_hash (md, &tmp, 1);
- n = 6;
- }
- _gnutls_hash (md, &sig->version, 1);
- tmp = 0xff;
- _gnutls_hash (md, &tmp, 1);
- buf[0] = n >> 24;
- buf[1] = n >> 16;
- buf[2] = n >> 8;
- buf[3] = n >> 0;
- _gnutls_hash (md, buf, 4);
- }
- return 0;
+ byte buf[4];
+ byte tmp;
+
+ if (!sig || !md)
+ return CDK_Inv_Value;
+
+ if (sig->version == 4)
+ _gnutls_hash(md, &sig->version, 1);
+
+ _gnutls_hash(md, &sig->sig_class, 1);
+ if (sig->version < 4) {
+ buf[0] = sig->timestamp >> 24;
+ buf[1] = sig->timestamp >> 16;
+ buf[2] = sig->timestamp >> 8;
+ buf[3] = sig->timestamp >> 0;
+ _gnutls_hash(md, buf, 4);
+ } else {
+ size_t n;
+
+ tmp = _cdk_pub_algo_to_pgp(sig->pubkey_algo);
+ _gnutls_hash(md, &tmp, 1);
+ tmp = _gnutls_hash_algo_to_pgp(sig->digest_algo);
+ _gnutls_hash(md, &tmp, 1);
+ if (sig->hashed != NULL) {
+ byte *p =
+ _cdk_subpkt_get_array(sig->hashed, 0, &n);
+ if (p == NULL)
+ return gnutls_assert_val(CDK_Inv_Value);
+
+ buf[0] = n >> 8;
+ buf[1] = n >> 0;
+ _gnutls_hash(md, buf, 2);
+ _gnutls_hash(md, p, n);
+ cdk_free(p);
+ sig->hashed_size = n;
+ n = sig->hashed_size + 6;
+ } else {
+ tmp = 0x00;
+ _gnutls_hash(md, &tmp, 1);
+ _gnutls_hash(md, &tmp, 1);
+ n = 6;
+ }
+ _gnutls_hash(md, &sig->version, 1);
+ tmp = 0xff;
+ _gnutls_hash(md, &tmp, 1);
+ buf[0] = n >> 24;
+ buf[1] = n >> 16;
+ buf[2] = n >> 8;
+ buf[3] = n >> 0;
+ _gnutls_hash(md, buf, 4);
+ }
+ return 0;
}
/* Cache the signature result and store it inside the sig. */
-static void
-cache_sig_result (cdk_pkt_signature_t sig, int res)
+static void cache_sig_result(cdk_pkt_signature_t sig, int res)
{
- sig->flags.checked = 0;
- sig->flags.valid = 0;
- if (res == 0)
- {
- sig->flags.checked = 1;
- sig->flags.valid = 1;
- }
- else if (res == CDK_Bad_Sig)
- {
- sig->flags.checked = 1;
- sig->flags.valid = 0;
- }
+ sig->flags.checked = 0;
+ sig->flags.valid = 0;
+ if (res == 0) {
+ sig->flags.checked = 1;
+ sig->flags.valid = 1;
+ } else if (res == CDK_Bad_Sig) {
+ sig->flags.checked = 1;
+ sig->flags.valid = 0;
+ }
}
/* Check the given signature @sig with the public key @pk.
Use the digest handle @digest. */
cdk_error_t
-_cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
- digest_hd_st * digest, int *r_expired)
+_cdk_sig_check(cdk_pubkey_t pk, cdk_pkt_signature_t sig,
+ digest_hd_st * digest, int *r_expired)
{
- cdk_error_t rc;
- byte md[MAX_DIGEST_LEN];
- time_t cur_time = (u32) gnutls_time (NULL);
-
- if (!pk || !sig || !digest)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (sig->flags.checked)
- return sig->flags.valid ? 0 : CDK_Bad_Sig;
- if (!KEY_CAN_SIGN (pk->pubkey_algo))
- return CDK_Inv_Algo;
- if (pk->timestamp > sig->timestamp || pk->timestamp > cur_time)
- return CDK_Time_Conflict;
-
- if (r_expired && pk->expiredate
- && (pk->expiredate + pk->timestamp) > cur_time)
- *r_expired = 1;
-
- _cdk_hash_sig_data (sig, digest);
- _gnutls_hash_output (digest, md);
-
- if (md[0] != sig->digest_start[0] || md[1] != sig->digest_start[1])
- {
- gnutls_assert ();
- return CDK_Chksum_Error;
- }
-
- rc = cdk_pk_verify (pk, sig, md);
- cache_sig_result (sig, rc);
- return rc;
+ cdk_error_t rc;
+ byte md[MAX_DIGEST_LEN];
+ time_t cur_time = (u32) gnutls_time(NULL);
+
+ if (!pk || !sig || !digest) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (sig->flags.checked)
+ return sig->flags.valid ? 0 : CDK_Bad_Sig;
+ if (!KEY_CAN_SIGN(pk->pubkey_algo))
+ return CDK_Inv_Algo;
+ if (pk->timestamp > sig->timestamp || pk->timestamp > cur_time)
+ return CDK_Time_Conflict;
+
+ if (r_expired && pk->expiredate
+ && (pk->expiredate + pk->timestamp) > cur_time)
+ *r_expired = 1;
+
+ _cdk_hash_sig_data(sig, digest);
+ _gnutls_hash_output(digest, md);
+
+ if (md[0] != sig->digest_start[0] || md[1] != sig->digest_start[1]) {
+ gnutls_assert();
+ return CDK_Chksum_Error;
+ }
+
+ rc = cdk_pk_verify(pk, sig, md);
+ cache_sig_result(sig, rc);
+ return rc;
}
/* Check the given key signature.
@knode is the key node and @snode the signature node. */
cdk_error_t
-_cdk_pk_check_sig (cdk_keydb_hd_t keydb,
- cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
- char **ret_uid)
+_cdk_pk_check_sig(cdk_keydb_hd_t keydb,
+ cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
+ char **ret_uid)
{
- digest_hd_st md;
- int err;
- cdk_pubkey_t pk;
- cdk_pkt_signature_t sig;
- cdk_kbnode_t node;
- cdk_error_t rc = 0;
- int is_expired;
-
- if (!knode || !snode)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (is_selfsig)
- *is_selfsig = 0;
- if ((knode->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
- knode->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY) ||
- snode->pkt->pkttype != CDK_PKT_SIGNATURE)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- pk = knode->pkt->pkt.public_key;
- sig = snode->pkt->pkt.signature;
-
- err = _gnutls_hash_init (&md, mac_to_entry(sig->digest_algo));
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
-
- is_expired = 0;
- if (sig->sig_class == 0x20)
- { /* key revocation */
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- }
- else if (sig->sig_class == 0x28)
- { /* subkey revocation */
- node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
- if (!node)
- { /* no subkey for subkey revocation packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- cdk_kbnode_hash (node, &md, 0, 0, 0);
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- }
- else if (sig->sig_class == 0x18 || sig->sig_class == 0x19)
- { /* primary/secondary key binding */
- node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
- if (!node)
- { /* no subkey for subkey binding packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- cdk_kbnode_hash (node, &md, 0, 0, 0);
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- }
- else if (sig->sig_class == 0x1F)
- { /* direct key signature */
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- }
- else
- { /* all other classes */
- cdk_pkt_userid_t uid;
- node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_USER_ID);
- if (!node)
- { /* no user ID for key signature packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
-
- uid = node->pkt->pkt.user_id;
- if (ret_uid)
- {
- *ret_uid = uid->name;
- }
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- cdk_kbnode_hash (node, &md, sig->version == 4, 0, 0);
-
- if (pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1])
- {
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- if (is_selfsig)
- *is_selfsig = 1;
- }
- else if (keydb != NULL)
- {
- cdk_pubkey_t sig_pk;
- rc = cdk_keydb_get_pk (keydb, sig->keyid, &sig_pk);
- if (!rc)
- rc = _cdk_sig_check (sig_pk, sig, &md, &is_expired);
- cdk_pk_release (sig_pk);
- }
- }
-fail:
- _gnutls_hash_deinit (&md, NULL);
- return rc;
+ digest_hd_st md;
+ int err;
+ cdk_pubkey_t pk;
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc = 0;
+ int is_expired;
+
+ if (!knode || !snode) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (is_selfsig)
+ *is_selfsig = 0;
+ if ((knode->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ knode->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY) ||
+ snode->pkt->pkttype != CDK_PKT_SIGNATURE) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ pk = knode->pkt->pkt.public_key;
+ sig = snode->pkt->pkt.signature;
+
+ err = _gnutls_hash_init(&md, mac_to_entry(sig->digest_algo));
+ if (err < 0) {
+ gnutls_assert();
+ return map_gnutls_error(err);
+ }
+
+ is_expired = 0;
+ if (sig->sig_class == 0x20) { /* key revocation */
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ } else if (sig->sig_class == 0x28) { /* subkey revocation */
+ node =
+ cdk_kbnode_find_prev(knode, snode,
+ CDK_PKT_PUBLIC_SUBKEY);
+ if (!node) { /* no subkey for subkey revocation packet */
+ gnutls_assert();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ cdk_kbnode_hash(node, &md, 0, 0, 0);
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ } else if (sig->sig_class == 0x18 || sig->sig_class == 0x19) { /* primary/secondary key binding */
+ node =
+ cdk_kbnode_find_prev(knode, snode,
+ CDK_PKT_PUBLIC_SUBKEY);
+ if (!node) { /* no subkey for subkey binding packet */
+ gnutls_assert();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ cdk_kbnode_hash(node, &md, 0, 0, 0);
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ } else if (sig->sig_class == 0x1F) { /* direct key signature */
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ } else { /* all other classes */
+ cdk_pkt_userid_t uid;
+ node = cdk_kbnode_find_prev(knode, snode, CDK_PKT_USER_ID);
+ if (!node) { /* no user ID for key signature packet */
+ gnutls_assert();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+
+ uid = node->pkt->pkt.user_id;
+ if (ret_uid) {
+ *ret_uid = uid->name;
+ }
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ cdk_kbnode_hash(node, &md, sig->version == 4, 0, 0);
+
+ if (pk->keyid[0] == sig->keyid[0]
+ && pk->keyid[1] == sig->keyid[1]) {
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ if (is_selfsig)
+ *is_selfsig = 1;
+ } else if (keydb != NULL) {
+ cdk_pubkey_t sig_pk;
+ rc = cdk_keydb_get_pk(keydb, sig->keyid, &sig_pk);
+ if (!rc)
+ rc = _cdk_sig_check(sig_pk, sig, &md,
+ &is_expired);
+ cdk_pk_release(sig_pk);
+ }
+ }
+ fail:
+ _gnutls_hash_deinit(&md, NULL);
+ return rc;
}
-struct verify_uid
-{
- const char *name;
- int nsigs;
- struct verify_uid *next;
+struct verify_uid {
+ const char *name;
+ int nsigs;
+ struct verify_uid *next;
};
static int
-uid_list_add_sig (struct verify_uid **list, const char *uid,
- unsigned int flag)
+uid_list_add_sig(struct verify_uid **list, const char *uid,
+ unsigned int flag)
{
- if (*list == NULL)
- {
- *list = cdk_calloc (1, sizeof (struct verify_uid));
- if (*list == NULL)
- return CDK_Out_Of_Core;
- (*list)->name = uid;
-
- if (flag != 0)
- (*list)->nsigs++;
- }
- else
- {
- struct verify_uid *p, *prev_p = NULL;
- int found = 0;
-
- p = *list;
-
- while (p != NULL)
- {
- if (strcmp (uid, p->name) == 0)
- {
- found = 1;
- break;
- }
- prev_p = p;
- p = p->next;
- }
-
- if (found == 0)
- { /* not found add to the last */
- prev_p->next = cdk_calloc (1, sizeof (struct verify_uid));
- if (prev_p->next == NULL)
- return CDK_Out_Of_Core;
- prev_p->next->name = uid;
- if (flag != 0)
- prev_p->next->nsigs++;
- }
- else
- { /* found... increase sigs */
- if (flag != 0)
- p->nsigs++;
- }
- }
-
- return CDK_Success;
+ if (*list == NULL) {
+ *list = cdk_calloc(1, sizeof(struct verify_uid));
+ if (*list == NULL)
+ return CDK_Out_Of_Core;
+ (*list)->name = uid;
+
+ if (flag != 0)
+ (*list)->nsigs++;
+ } else {
+ struct verify_uid *p, *prev_p = NULL;
+ int found = 0;
+
+ p = *list;
+
+ while (p != NULL) {
+ if (strcmp(uid, p->name) == 0) {
+ found = 1;
+ break;
+ }
+ prev_p = p;
+ p = p->next;
+ }
+
+ if (found == 0) { /* not found add to the last */
+ prev_p->next =
+ cdk_calloc(1, sizeof(struct verify_uid));
+ if (prev_p->next == NULL)
+ return CDK_Out_Of_Core;
+ prev_p->next->name = uid;
+ if (flag != 0)
+ prev_p->next->nsigs++;
+ } else { /* found... increase sigs */
+ if (flag != 0)
+ p->nsigs++;
+ }
+ }
+
+ return CDK_Success;
}
-static void
-uid_list_free (struct verify_uid *list)
+static void uid_list_free(struct verify_uid *list)
{
- struct verify_uid *p, *p1;
-
- p = list;
- while (p != NULL)
- {
- p1 = p->next;
- cdk_free (p);
- p = p1;
- }
+ struct verify_uid *p, *p1;
+
+ p = list;
+ while (p != NULL) {
+ p1 = p->next;
+ cdk_free(p);
+ p = p1;
+ }
}
/* returns non (0) if all UIDs in the list have at least one
* signature. If the list is empty or no signatures are present
* a (0) value is returned.
*/
-static int
-uid_list_all_signed (struct verify_uid *list)
+static int uid_list_all_signed(struct verify_uid *list)
{
- struct verify_uid *p;
-
- if (list == NULL)
- return 0;
-
- p = list;
- while (p != NULL)
- {
- if (p->nsigs == 0)
- {
- return 0;
- }
- p = p->next;
- }
- return 1; /* all signed */
+ struct verify_uid *p;
+
+ if (list == NULL)
+ return 0;
+
+ p = list;
+ while (p != NULL) {
+ if (p->nsigs == 0) {
+ return 0;
+ }
+ p = p->next;
+ }
+ return 1; /* all signed */
}
/**
@@ -493,91 +451,87 @@ uid_list_all_signed (struct verify_uid *list)
* which are or-ed or (0) when there are no flags.
**/
cdk_error_t
-cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status)
+cdk_pk_check_sigs(cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status)
{
- cdk_pkt_signature_t sig;
- cdk_kbnode_t node;
- cdk_error_t rc;
- u32 keyid;
- int key_status, is_selfsig = 0;
- struct verify_uid *uid_list = NULL;
- char *uid_name = NULL;
-
- if (!key || !r_status)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- *r_status = 0;
- node = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
- if (!node)
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
-
- key_status = 0;
- /* Continue with the signature check but adjust the
- key status flags accordingly. */
- if (node->pkt->pkt.public_key->is_revoked)
- key_status |= CDK_KEY_REVOKED;
- if (node->pkt->pkt.public_key->has_expired)
- key_status |= CDK_KEY_EXPIRED;
- rc = 0;
-
- keyid = cdk_pk_get_keyid (node->pkt->pkt.public_key, NULL);
- for (node = key; node; node = node->next)
- {
- if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
- continue;
- sig = node->pkt->pkt.signature;
- rc = _cdk_pk_check_sig (keydb, key, node, &is_selfsig, &uid_name);
-
- if (rc && rc != CDK_Error_No_Key)
- {
- /* It might be possible that a single signature has been
- corrupted, thus we do not consider it a problem when
- one ore more signatures are bad. But at least the self
- signature has to be valid. */
- if (is_selfsig)
- {
- key_status |= CDK_KEY_INVALID;
- break;
- }
- }
-
- _cdk_log_debug ("signature %s: signer %08X keyid %08X\n",
- rc == CDK_Bad_Sig ? "BAD" : "good",
- (unsigned int) sig->keyid[1], (unsigned int) keyid);
-
- if (IS_UID_SIG (sig) && uid_name != NULL)
- {
- /* add every uid in the uid list. Only consider valid:
- * - verification was ok
- * - not a selfsig
- */
- rc =
- uid_list_add_sig (&uid_list, uid_name,
- (rc == CDK_Success && is_selfsig == 0) ? 1 : 0);
- if (rc != CDK_Success)
- {
- gnutls_assert ();
- goto exit;
- }
- }
-
- }
-
- if (uid_list_all_signed (uid_list) == 0)
- key_status |= CDK_KEY_NOSIGNER;
- *r_status = key_status;
- if (rc == CDK_Error_No_Key)
- rc = 0;
-
-exit:
- uid_list_free (uid_list);
- return rc;
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc;
+ u32 keyid;
+ int key_status, is_selfsig = 0;
+ struct verify_uid *uid_list = NULL;
+ char *uid_name = NULL;
+
+ if (!key || !r_status) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ *r_status = 0;
+ node = cdk_kbnode_find(key, CDK_PKT_PUBLIC_KEY);
+ if (!node) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+
+ key_status = 0;
+ /* Continue with the signature check but adjust the
+ key status flags accordingly. */
+ if (node->pkt->pkt.public_key->is_revoked)
+ key_status |= CDK_KEY_REVOKED;
+ if (node->pkt->pkt.public_key->has_expired)
+ key_status |= CDK_KEY_EXPIRED;
+ rc = 0;
+
+ keyid = cdk_pk_get_keyid(node->pkt->pkt.public_key, NULL);
+ for (node = key; node; node = node->next) {
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+ rc = _cdk_pk_check_sig(keydb, key, node, &is_selfsig,
+ &uid_name);
+
+ if (rc && rc != CDK_Error_No_Key) {
+ /* It might be possible that a single signature has been
+ corrupted, thus we do not consider it a problem when
+ one ore more signatures are bad. But at least the self
+ signature has to be valid. */
+ if (is_selfsig) {
+ key_status |= CDK_KEY_INVALID;
+ break;
+ }
+ }
+
+ _cdk_log_debug("signature %s: signer %08X keyid %08X\n",
+ rc == CDK_Bad_Sig ? "BAD" : "good",
+ (unsigned int) sig->keyid[1],
+ (unsigned int) keyid);
+
+ if (IS_UID_SIG(sig) && uid_name != NULL) {
+ /* add every uid in the uid list. Only consider valid:
+ * - verification was ok
+ * - not a selfsig
+ */
+ rc = uid_list_add_sig(&uid_list, uid_name,
+ (rc == CDK_Success
+ && is_selfsig ==
+ 0) ? 1 : 0);
+ if (rc != CDK_Success) {
+ gnutls_assert();
+ goto exit;
+ }
+ }
+
+ }
+
+ if (uid_list_all_signed(uid_list) == 0)
+ key_status |= CDK_KEY_NOSIGNER;
+ *r_status = key_status;
+ if (rc == CDK_Error_No_Key)
+ rc = 0;
+
+ exit:
+ uid_list_free(uid_list);
+ return rc;
}
@@ -589,64 +543,59 @@ exit:
* A convenient function to make sure the key is valid.
* Valid means the self signature is ok.
**/
-cdk_error_t
-cdk_pk_check_self_sig (cdk_kbnode_t key, int *r_status)
+cdk_error_t cdk_pk_check_self_sig(cdk_kbnode_t key, int *r_status)
{
- cdk_pkt_signature_t sig;
- cdk_kbnode_t node;
- cdk_error_t rc;
- u32 keyid[2], sigid[2];
- int is_selfsig, sig_ok;
- cdk_kbnode_t p, ctx = NULL;
- cdk_packet_t pkt;
-
- if (!key || !r_status)
- return CDK_Inv_Value;
-
- cdk_pk_get_keyid (key->pkt->pkt.public_key, keyid);
-
- while ((p = cdk_kbnode_walk (key, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY
- && pkt->pkttype != CDK_PKT_PUBLIC_KEY)
- continue;
-
- /* FIXME: we should set expire/revoke here also but callers
- expect CDK_KEY_VALID=0 if the key is okay. */
- sig_ok = 0;
- for (node = p; node; node = node->next)
- {
- if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
- continue;
- sig = node->pkt->pkt.signature;
-
- cdk_sig_get_keyid (sig, sigid);
- if (sigid[0] != keyid[0] || sigid[1] != keyid[1])
- continue;
- /* FIXME: Now we check all self signatures. */
- rc = _cdk_pk_check_sig (NULL, p, node, &is_selfsig, NULL);
- if (rc)
- {
- *r_status = CDK_KEY_INVALID;
- return rc;
- }
- else /* For each valid self sig we increase this counter. */
- sig_ok++;
- }
-
- /* A key without a self signature is not valid. At least one
- * signature for the given key has to be found.
- */
- if (!sig_ok)
- {
- *r_status = CDK_KEY_INVALID;
- return CDK_General_Error;
- }
- }
-
- /* No flags indicate a valid key. */
- *r_status = CDK_KEY_VALID;
-
- return 0;
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc;
+ u32 keyid[2], sigid[2];
+ int is_selfsig, sig_ok;
+ cdk_kbnode_t p, ctx = NULL;
+ cdk_packet_t pkt;
+
+ if (!key || !r_status)
+ return CDK_Inv_Value;
+
+ cdk_pk_get_keyid(key->pkt->pkt.public_key, keyid);
+
+ while ((p = cdk_kbnode_walk(key, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY
+ && pkt->pkttype != CDK_PKT_PUBLIC_KEY)
+ continue;
+
+ /* FIXME: we should set expire/revoke here also but callers
+ expect CDK_KEY_VALID=0 if the key is okay. */
+ sig_ok = 0;
+ for (node = p; node; node = node->next) {
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+
+ cdk_sig_get_keyid(sig, sigid);
+ if (sigid[0] != keyid[0] || sigid[1] != keyid[1])
+ continue;
+ /* FIXME: Now we check all self signatures. */
+ rc = _cdk_pk_check_sig(NULL, p, node, &is_selfsig,
+ NULL);
+ if (rc) {
+ *r_status = CDK_KEY_INVALID;
+ return rc;
+ } else /* For each valid self sig we increase this counter. */
+ sig_ok++;
+ }
+
+ /* A key without a self signature is not valid. At least one
+ * signature for the given key has to be found.
+ */
+ if (!sig_ok) {
+ *r_status = CDK_KEY_INVALID;
+ return CDK_General_Error;
+ }
+ }
+
+ /* No flags indicate a valid key. */
+ *r_status = CDK_KEY_VALID;
+
+ return 0;
}
diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c
index 2756fbbb7a..18da0f35c9 100644
--- a/lib/opencdk/stream.c
+++ b/lib/opencdk/stream.c
@@ -42,11 +42,11 @@
/* This is the maximal amount of bytes we map. */
#define MAX_MAP_SIZE 16777216
-static cdk_error_t stream_flush (cdk_stream_t s);
-static cdk_error_t stream_filter_write (cdk_stream_t s);
-static int stream_cache_flush (cdk_stream_t s, FILE * fp);
-struct stream_filter_s *filter_add (cdk_stream_t s, filter_fnct_t fnc,
- int type);
+static cdk_error_t stream_flush(cdk_stream_t s);
+static cdk_error_t stream_filter_write(cdk_stream_t s);
+static int stream_cache_flush(cdk_stream_t s, FILE * fp);
+struct stream_filter_s *filter_add(cdk_stream_t s, filter_fnct_t fnc,
+ int type);
/* FIXME: The read/write/putc/getc function cannot directly
@@ -62,57 +62,51 @@ struct stream_filter_s *filter_add (cdk_stream_t s, filter_fnct_t fnc,
* Creates a new stream based on an existing file. The stream is
* opened in read-only mode.
**/
-cdk_error_t
-cdk_stream_open (const char *file, cdk_stream_t * ret_s)
+cdk_error_t cdk_stream_open(const char *file, cdk_stream_t * ret_s)
{
- return _cdk_stream_open_mode (file, "rb", ret_s);
+ return _cdk_stream_open_mode(file, "rb", ret_s);
}
/* Helper function to allow to open a stream in different modes. */
cdk_error_t
-_cdk_stream_open_mode (const char *file, const char *mode,
- cdk_stream_t * ret_s)
+_cdk_stream_open_mode(const char *file, const char *mode,
+ cdk_stream_t * ret_s)
{
- cdk_stream_t s;
-
- if (!file || !ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ cdk_stream_t s;
+ if (!file || !ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("open stream `%s'\n", file);
+ _gnutls_read_log("open stream `%s'\n", file);
#endif
- *ret_s = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->fname = cdk_strdup (file);
- if (!s->fname)
- {
- cdk_free (s);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->fp = fopen (file, mode);
- if (!s->fp)
- {
- cdk_free (s->fname);
- cdk_free (s);
- gnutls_assert ();
- return CDK_File_Error;
- }
+ *ret_s = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->fname = cdk_strdup(file);
+ if (!s->fname) {
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->fp = fopen(file, mode);
+ if (!s->fp) {
+ cdk_free(s->fname);
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_File_Error;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("open stream fd=%d\n", fileno (s->fp));
+ _gnutls_read_log("open stream fd=%d\n", fileno(s->fp));
#endif
- s->flags.write = 0;
- *ret_s = s;
- return 0;
+ s->flags.write = 0;
+ *ret_s = s;
+ return 0;
}
@@ -126,38 +120,36 @@ _cdk_stream_open_mode (const char *file, const char *mode,
* for the core operations (open, close, read, write, seek).
*/
cdk_error_t
-cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
- cdk_stream_t * ret_s)
+cdk_stream_new_from_cbs(cdk_stream_cbs_t cbs, void *opa,
+ cdk_stream_t * ret_s)
{
- cdk_stream_t s;
-
- if (!cbs || !opa || !ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- *ret_s = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
- s->cbs.read = cbs->read;
- s->cbs.write = cbs->write;
- s->cbs.seek = cbs->seek;
- s->cbs.release = cbs->release;
- s->cbs.open = cbs->open;
- s->cbs_hd = opa;
- *ret_s = s;
-
- /* If there is a user callback for open, we need to call it
- here because read/write expects an open stream. */
- if (s->cbs.open)
- return s->cbs.open (s->cbs_hd);
- return 0;
+ cdk_stream_t s;
+
+ if (!cbs || !opa || !ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ *ret_s = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+
+ s->cbs.read = cbs->read;
+ s->cbs.write = cbs->write;
+ s->cbs.seek = cbs->seek;
+ s->cbs.release = cbs->release;
+ s->cbs.open = cbs->open;
+ s->cbs_hd = opa;
+ *ret_s = s;
+
+ /* If there is a user callback for open, we need to call it
+ here because read/write expects an open stream. */
+ if (s->cbs.open)
+ return s->cbs.open(s->cbs_hd);
+ return 0;
}
@@ -168,53 +160,46 @@ cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
*
* Create a new stream into the given file.
**/
-cdk_error_t
-cdk_stream_new (const char *file, cdk_stream_t * ret_s)
+cdk_error_t cdk_stream_new(const char *file, cdk_stream_t * ret_s)
{
- cdk_stream_t s;
-
- if (!ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ cdk_stream_t s;
+ if (!ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("new stream `%s'\n", file ? file : "[temp]");
+ _gnutls_read_log("new stream `%s'\n", file ? file : "[temp]");
#endif
- *ret_s = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->flags.write = 1;
- if (!file)
- s->flags.temp = 1;
- else
- {
- s->fname = cdk_strdup (file);
- if (!s->fname)
- {
- cdk_free (s);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- }
- s->fp = _cdk_tmpfile ();
- if (!s->fp)
- {
- cdk_free (s->fname);
- cdk_free (s);
- gnutls_assert ();
- return CDK_File_Error;
- }
+ *ret_s = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->flags.write = 1;
+ if (!file)
+ s->flags.temp = 1;
+ else {
+ s->fname = cdk_strdup(file);
+ if (!s->fname) {
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ }
+ s->fp = _cdk_tmpfile();
+ if (!s->fp) {
+ cdk_free(s->fname);
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_File_Error;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("new stream fd=%d\n", fileno (s->fp));
+ _gnutls_read_log("new stream fd=%d\n", fileno(s->fp));
#endif
- *ret_s = s;
- return 0;
+ *ret_s = s;
+ return 0;
}
/**
@@ -226,49 +211,43 @@ cdk_stream_new (const char *file, cdk_stream_t * ret_s)
* The difference to cdk_stream_new is, that no filtering can be used with
* this kind of stream and everything is written directly to the stream.
**/
-cdk_error_t
-cdk_stream_create (const char *file, cdk_stream_t * ret_s)
+cdk_error_t cdk_stream_create(const char *file, cdk_stream_t * ret_s)
{
- cdk_stream_t s;
-
- if (!file || !ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ cdk_stream_t s;
+ if (!file || !ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("create stream `%s'\n", file);
+ _gnutls_read_log("create stream `%s'\n", file);
#endif
- *ret_s = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->flags.write = 1;
- s->flags.filtrated = 1;
- s->fname = cdk_strdup (file);
- if (!s->fname)
- {
- cdk_free (s);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->fp = fopen (file, "w+b");
- if (!s->fp)
- {
- cdk_free (s->fname);
- cdk_free (s);
- gnutls_assert ();
- return CDK_File_Error;
- }
+ *ret_s = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->flags.write = 1;
+ s->flags.filtrated = 1;
+ s->fname = cdk_strdup(file);
+ if (!s->fname) {
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->fp = fopen(file, "w+b");
+ if (!s->fp) {
+ cdk_free(s->fname);
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_File_Error;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream create fd=%d\n", fileno (s->fp));
+ _gnutls_read_log("stream create fd=%d\n", fileno(s->fp));
#endif
- *ret_s = s;
- return 0;
+ *ret_s = s;
+ return 0;
}
@@ -278,10 +257,9 @@ cdk_stream_create (const char *file, cdk_stream_t * ret_s)
*
* Allocates a new tempory stream which is not associated with a file.
*/
-cdk_error_t
-cdk_stream_tmp_new (cdk_stream_t * r_out)
+cdk_error_t cdk_stream_tmp_new(cdk_stream_t * r_out)
{
- return cdk_stream_new (NULL, r_out);
+ return cdk_stream_new(NULL, r_out);
}
@@ -295,83 +273,77 @@ cdk_stream_tmp_new (cdk_stream_t * r_out)
* Creates a new tempory stream with the given contests.
*/
cdk_error_t
-cdk_stream_tmp_from_mem (const void *buf, size_t buflen, cdk_stream_t * r_out)
+cdk_stream_tmp_from_mem(const void *buf, size_t buflen,
+ cdk_stream_t * r_out)
{
- cdk_stream_t s;
- cdk_error_t rc;
- int nwritten;
-
- *r_out = NULL;
- rc = cdk_stream_tmp_new (&s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- nwritten = cdk_stream_write (s, buf, buflen);
- if (nwritten == EOF)
- {
- cdk_stream_close (s);
- gnutls_assert ();
- return s->error;
- }
- cdk_stream_seek (s, 0);
- *r_out = s;
- return 0;
+ cdk_stream_t s;
+ cdk_error_t rc;
+ int nwritten;
+
+ *r_out = NULL;
+ rc = cdk_stream_tmp_new(&s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ nwritten = cdk_stream_write(s, buf, buflen);
+ if (nwritten == EOF) {
+ cdk_stream_close(s);
+ gnutls_assert();
+ return s->error;
+ }
+ cdk_stream_seek(s, 0);
+ *r_out = s;
+ return 0;
}
cdk_error_t
-_cdk_stream_fpopen (FILE * fp, unsigned write_mode, cdk_stream_t * ret_out)
+_cdk_stream_fpopen(FILE * fp, unsigned write_mode, cdk_stream_t * ret_out)
{
- cdk_stream_t s;
-
- *ret_out = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
+ cdk_stream_t s;
+
+ *ret_out = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream ref fd=%d\n", fileno (fp));
+ _gnutls_read_log("stream ref fd=%d\n", fileno(fp));
#endif
- s->fp = fp;
- s->fp_ref = 1;
- s->flags.filtrated = 1;
- s->flags.write = write_mode;
+ s->fp = fp;
+ s->fp_ref = 1;
+ s->flags.filtrated = 1;
+ s->flags.write = write_mode;
- *ret_out = s;
- return 0;
+ *ret_out = s;
+ return 0;
}
-cdk_error_t
-_cdk_stream_append (const char *file, cdk_stream_t * ret_s)
+cdk_error_t _cdk_stream_append(const char *file, cdk_stream_t * ret_s)
{
- cdk_stream_t s;
- cdk_error_t rc;
-
- if (!ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- *ret_s = NULL;
-
- rc = _cdk_stream_open_mode (file, "a+b", &s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- /* In the append mode, we need to write to the flag. */
- s->flags.write = 1;
- *ret_s = s;
- return 0;
+ cdk_stream_t s;
+ cdk_error_t rc;
+
+ if (!ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ *ret_s = NULL;
+
+ rc = _cdk_stream_open_mode(file, "a+b", &s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ /* In the append mode, we need to write to the flag. */
+ s->flags.write = 1;
+ *ret_s = s;
+ return 0;
}
/**
@@ -383,68 +355,61 @@ _cdk_stream_append (const char *file, cdk_stream_t * ret_s)
* Returns: 0 if the stream is uncompressed, otherwise the compression
* algorithm.
*/
-int
-cdk_stream_is_compressed (cdk_stream_t s)
+int cdk_stream_is_compressed(cdk_stream_t s)
{
- if (!s)
- return 0;
- return s->flags.compressed;
+ if (!s)
+ return 0;
+ return s->flags.compressed;
}
-void
-_cdk_stream_set_compress_algo (cdk_stream_t s, int algo)
+void _cdk_stream_set_compress_algo(cdk_stream_t s, int algo)
{
- if (!s)
- return;
- s->flags.compressed = algo;
+ if (!s)
+ return;
+ s->flags.compressed = algo;
}
-cdk_error_t
-cdk_stream_flush (cdk_stream_t s)
+cdk_error_t cdk_stream_flush(cdk_stream_t s)
{
- cdk_error_t rc;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- /* The user callback does not support flush */
- if (s->cbs_hd)
- return 0;
-
- /* For read-only streams, no flush is needed. */
- if (!s->flags.write)
- return 0;
-
- if (!s->flags.filtrated)
- {
- if (!cdk_stream_get_length (s))
- return 0;
- rc = cdk_stream_seek (s, 0);
- if (!rc)
- rc = stream_flush (s);
- if (!rc)
- rc = stream_filter_write (s);
- s->flags.filtrated = 1;
- if (rc)
- {
- s->error = rc;
- gnutls_assert ();
- return rc;
- }
- }
- return 0;
+ cdk_error_t rc;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ /* The user callback does not support flush */
+ if (s->cbs_hd)
+ return 0;
+
+ /* For read-only streams, no flush is needed. */
+ if (!s->flags.write)
+ return 0;
+
+ if (!s->flags.filtrated) {
+ if (!cdk_stream_get_length(s))
+ return 0;
+ rc = cdk_stream_seek(s, 0);
+ if (!rc)
+ rc = stream_flush(s);
+ if (!rc)
+ rc = stream_filter_write(s);
+ s->flags.filtrated = 1;
+ if (rc) {
+ s->error = rc;
+ gnutls_assert();
+ return rc;
+ }
+ }
+ return 0;
}
-void
-cdk_stream_tmp_set_mode (cdk_stream_t s, int val)
+void cdk_stream_tmp_set_mode(cdk_stream_t s, int val)
{
- if (s && s->flags.temp)
- s->fmode = val;
+ if (s && s->flags.temp)
+ s->fmode = val;
}
@@ -459,80 +424,73 @@ cdk_stream_tmp_set_mode (cdk_stream_t s, int val)
* all registered filters now. The file is closed in the filter
* function and not here.
**/
-cdk_error_t
-cdk_stream_close (cdk_stream_t s)
+cdk_error_t cdk_stream_close(cdk_stream_t s)
{
- struct stream_filter_s *f, *f2;
- cdk_error_t rc;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ struct stream_filter_s *f, *f2;
+ cdk_error_t rc;
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("close stream ref=%d `%s'\n",
- s->fp_ref, s->fname ? s->fname : "[temp]");
+ _gnutls_read_log("close stream ref=%d `%s'\n",
+ s->fp_ref, s->fname ? s->fname : "[temp]");
#endif
- /* In the user callback mode, we call the release cb if possible
- and just free the stream. */
- if (s->cbs_hd)
- {
- if (s->cbs.release)
- rc = s->cbs.release (s->cbs_hd);
- else
- rc = 0;
- cdk_free (s);
- gnutls_assert ();
- return rc;
- }
-
-
- rc = 0;
- if (!s->flags.filtrated && !s->error)
- rc = cdk_stream_flush (s);
- if (!s->fp_ref && (s->fname || s->flags.temp))
- {
- int err;
+ /* In the user callback mode, we call the release cb if possible
+ and just free the stream. */
+ if (s->cbs_hd) {
+ if (s->cbs.release)
+ rc = s->cbs.release(s->cbs_hd);
+ else
+ rc = 0;
+ cdk_free(s);
+ gnutls_assert();
+ return rc;
+ }
+
+
+ rc = 0;
+ if (!s->flags.filtrated && !s->error)
+ rc = cdk_stream_flush(s);
+ if (!s->fp_ref && (s->fname || s->flags.temp)) {
+ int err;
#ifdef DEBUG_STREAM
- _gnutls_read_log ("close stream fd=%d\n", fileno (s->fp));
+ _gnutls_read_log("close stream fd=%d\n", fileno(s->fp));
#endif
- err = fclose (s->fp);
- s->fp = NULL;
- if (err)
- rc = CDK_File_Error;
- }
-
- /* Iterate over the filter list and use the cleanup flag to
- free the allocated internal structures. */
- f = s->filters;
- while (f)
- {
- f2 = f->next;
- if (f->fnct)
- f->fnct (f->uint8_t, STREAMCTL_FREE, NULL, NULL);
- cdk_free (f);
- f = f2;
- }
-
- if (s->fname)
- {
- cdk_free (s->fname);
- s->fname = NULL;
- }
-
- cdk_free (s->cache.buf);
- s->cache.alloced = 0;
-
- cdk_free (s);
-
- if (rc)
- gnutls_assert ();
-
- return rc;
+ err = fclose(s->fp);
+ s->fp = NULL;
+ if (err)
+ rc = CDK_File_Error;
+ }
+
+ /* Iterate over the filter list and use the cleanup flag to
+ free the allocated internal structures. */
+ f = s->filters;
+ while (f) {
+ f2 = f->next;
+ if (f->fnct)
+ f->fnct(f->uint8_t, STREAMCTL_FREE, NULL, NULL);
+ cdk_free(f);
+ f = f2;
+ }
+
+ if (s->fname) {
+ cdk_free(s->fname);
+ s->fname = NULL;
+ }
+
+ cdk_free(s->cache.buf);
+ s->cache.alloced = 0;
+
+ cdk_free(s);
+
+ if (rc)
+ gnutls_assert();
+
+ return rc;
}
@@ -543,37 +501,33 @@ cdk_stream_close (cdk_stream_t s)
* Return if the associated file handle was set to EOF. This
* function will only work with read streams.
**/
-int
-cdk_stream_eof (cdk_stream_t s)
+int cdk_stream_eof(cdk_stream_t s)
{
- return s ? s->flags.eof : -1;
+ return s ? s->flags.eof : -1;
}
-const char *
-_cdk_stream_get_fname (cdk_stream_t s)
+const char *_cdk_stream_get_fname(cdk_stream_t s)
{
- if (!s)
- return NULL;
- if (s->flags.temp)
- return NULL;
- return s->fname ? s->fname : NULL;
+ if (!s)
+ return NULL;
+ if (s->flags.temp)
+ return NULL;
+ return s->fname ? s->fname : NULL;
}
/* Return the underlying FP of the stream.
WARNING: This handle should not be closed. */
-FILE *
-_cdk_stream_get_fp (cdk_stream_t s)
+FILE *_cdk_stream_get_fp(cdk_stream_t s)
{
- return s ? s->fp : NULL;
+ return s ? s->fp : NULL;
}
-int
-_cdk_stream_get_errno (cdk_stream_t s)
+int _cdk_stream_get_errno(cdk_stream_t s)
{
- return s ? s->error : CDK_Inv_Value;
+ return s ? s->error : CDK_Inv_Value;
}
@@ -585,153 +539,142 @@ _cdk_stream_get_errno (cdk_stream_t s)
* should work for both read and write streams. For write streams an
* additional flush is used to write possible pending data.
**/
-off_t
-cdk_stream_get_length (cdk_stream_t s)
+off_t cdk_stream_get_length(cdk_stream_t s)
{
- struct stat statbuf;
- cdk_error_t rc;
-
- if (!s)
- {
- gnutls_assert ();
- return (off_t) - 1;
- }
-
- /* The user callback does not support stat. */
- if (s->cbs_hd)
- return 0;
-
- rc = stream_flush (s);
- if (rc)
- {
- s->error = rc;
- gnutls_assert ();
- return (off_t) - 1;
- }
-
- if (fstat (fileno (s->fp), &statbuf))
- {
- s->error = CDK_File_Error;
- gnutls_assert ();
- return (off_t) - 1;
- }
-
- return statbuf.st_size;
+ struct stat statbuf;
+ cdk_error_t rc;
+
+ if (!s) {
+ gnutls_assert();
+ return (off_t) - 1;
+ }
+
+ /* The user callback does not support stat. */
+ if (s->cbs_hd)
+ return 0;
+
+ rc = stream_flush(s);
+ if (rc) {
+ s->error = rc;
+ gnutls_assert();
+ return (off_t) - 1;
+ }
+
+ if (fstat(fileno(s->fp), &statbuf)) {
+ s->error = CDK_File_Error;
+ gnutls_assert();
+ return (off_t) - 1;
+ }
+
+ return statbuf.st_size;
}
-static struct stream_filter_s *
-filter_add2 (cdk_stream_t s)
+static struct stream_filter_s *filter_add2(cdk_stream_t s)
{
- struct stream_filter_s *f;
+ struct stream_filter_s *f;
- assert (s);
+ assert(s);
- f = cdk_calloc (1, sizeof *f);
- if (!f)
- return NULL;
- f->next = s->filters;
- s->filters = f;
- return f;
+ f = cdk_calloc(1, sizeof *f);
+ if (!f)
+ return NULL;
+ f->next = s->filters;
+ s->filters = f;
+ return f;
}
-static struct stream_filter_s *
-filter_search (cdk_stream_t s, filter_fnct_t fnc)
+static struct stream_filter_s *filter_search(cdk_stream_t s,
+ filter_fnct_t fnc)
{
- struct stream_filter_s *f;
+ struct stream_filter_s *f;
- assert (s);
+ assert(s);
- for (f = s->filters; f; f = f->next)
- {
- if (f->fnct == fnc)
- return f;
- }
+ for (f = s->filters; f; f = f->next) {
+ if (f->fnct == fnc)
+ return f;
+ }
- return NULL;
+ return NULL;
}
-static inline void
-set_uint8_t (struct stream_filter_s *f)
+static inline void set_uint8_t(struct stream_filter_s *f)
{
- switch (f->type)
- {
- case fARMOR:
- f->uint8_t = &f->u.afx;
- break;
- case fCIPHER:
- f->uint8_t = &f->u.cfx;
- break;
- case fLITERAL:
- f->uint8_t = &f->u.pfx;
- break;
- case fCOMPRESS:
- f->uint8_t = &f->u.zfx;
- break;
- case fHASH:
- f->uint8_t = &f->u.mfx;
- break;
- case fTEXT:
- f->uint8_t = &f->u.tfx;
- break;
- default:
- f->uint8_t = NULL;
- }
+ switch (f->type) {
+ case fARMOR:
+ f->uint8_t = &f->u.afx;
+ break;
+ case fCIPHER:
+ f->uint8_t = &f->u.cfx;
+ break;
+ case fLITERAL:
+ f->uint8_t = &f->u.pfx;
+ break;
+ case fCOMPRESS:
+ f->uint8_t = &f->u.zfx;
+ break;
+ case fHASH:
+ f->uint8_t = &f->u.mfx;
+ break;
+ case fTEXT:
+ f->uint8_t = &f->u.tfx;
+ break;
+ default:
+ f->uint8_t = NULL;
+ }
}
-struct stream_filter_s *
-filter_add (cdk_stream_t s, filter_fnct_t fnc, int type)
+struct stream_filter_s *filter_add(cdk_stream_t s, filter_fnct_t fnc,
+ int type)
{
- struct stream_filter_s *f;
+ struct stream_filter_s *f;
- assert (s);
+ assert(s);
- s->flags.filtrated = 0;
- f = filter_search (s, fnc);
- if (f)
- return f;
- f = filter_add2 (s);
- if (!f)
- return NULL;
- f->fnct = fnc;
- f->flags.enabled = 1;
- f->tmp = NULL;
- f->type = type;
+ s->flags.filtrated = 0;
+ f = filter_search(s, fnc);
+ if (f)
+ return f;
+ f = filter_add2(s);
+ if (!f)
+ return NULL;
+ f->fnct = fnc;
+ f->flags.enabled = 1;
+ f->tmp = NULL;
+ f->type = type;
- set_uint8_t (f);
+ set_uint8_t(f);
- return f;
+ return f;
}
-static int
-stream_get_mode (cdk_stream_t s)
+static int stream_get_mode(cdk_stream_t s)
{
- assert (s);
+ assert(s);
- if (s->flags.temp)
- return s->fmode;
- return s->flags.write;
+ if (s->flags.temp)
+ return s->fmode;
+ return s->flags.write;
}
-static filter_fnct_t
-stream_id_to_filter (int type)
+static filter_fnct_t stream_id_to_filter(int type)
{
- switch (type)
- {
- case fARMOR:
- return _cdk_filter_armor;
- case fLITERAL:
- return _cdk_filter_literal;
- case fTEXT:
- return _cdk_filter_text;
+ switch (type) {
+ case fARMOR:
+ return _cdk_filter_armor;
+ case fLITERAL:
+ return _cdk_filter_literal;
+ case fTEXT:
+ return _cdk_filter_text;
/* case fCIPHER : return _cdk_filter_cipher; */
/* case fCOMPRESS: return _cdk_filter_compress; */
- default:
- return NULL;
- }
+ default:
+ return NULL;
+ }
}
@@ -742,119 +685,111 @@ stream_id_to_filter (int type)
*
* Disables the filter with the type 'type'.
**/
-cdk_error_t
-cdk_stream_filter_disable (cdk_stream_t s, int type)
+cdk_error_t cdk_stream_filter_disable(cdk_stream_t s, int type)
{
- struct stream_filter_s *f;
- filter_fnct_t fnc;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- fnc = stream_id_to_filter (type);
- if (!fnc)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- f = filter_search (s, fnc);
- if (f)
- f->flags.enabled = 0;
- return 0;
+ struct stream_filter_s *f;
+ filter_fnct_t fnc;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ fnc = stream_id_to_filter(type);
+ if (!fnc) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ f = filter_search(s, fnc);
+ if (f)
+ f->flags.enabled = 0;
+ return 0;
}
/* WARNING: tmp should not be closed by the caller. */
-static cdk_error_t
-stream_fp_replace (cdk_stream_t s, FILE ** tmp)
+static cdk_error_t stream_fp_replace(cdk_stream_t s, FILE ** tmp)
{
- int rc;
+ int rc;
- assert (s);
+ assert(s);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("replace stream fd=%d with fd=%d\n",
- fileno (s->fp), fileno (*tmp));
+ _gnutls_read_log("replace stream fd=%d with fd=%d\n",
+ fileno(s->fp), fileno(*tmp));
#endif
- rc = fclose (s->fp);
- if (rc)
- {
- s->fp = NULL;
- gnutls_assert ();
- return CDK_File_Error;
- }
- s->fp = *tmp;
- *tmp = NULL;
- return 0;
+ rc = fclose(s->fp);
+ if (rc) {
+ s->fp = NULL;
+ gnutls_assert();
+ return CDK_File_Error;
+ }
+ s->fp = *tmp;
+ *tmp = NULL;
+ return 0;
}
/* This function is exactly like filter_read, except the fact that we can't
use tmpfile () all the time. That's why we open the real file when there
is no last filter. */
-static cdk_error_t
-stream_filter_write (cdk_stream_t s)
+static cdk_error_t stream_filter_write(cdk_stream_t s)
{
- struct stream_filter_s *f;
- cdk_error_t rc = 0;
-
- assert (s);
-
- if (s->flags.filtrated)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- for (f = s->filters; f; f = f->next)
- {
- if (!f->flags.enabled)
- continue;
- /* if there is no next filter, create the final output file */
+ struct stream_filter_s *f;
+ cdk_error_t rc = 0;
+
+ assert(s);
+
+ if (s->flags.filtrated) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ for (f = s->filters; f; f = f->next) {
+ if (!f->flags.enabled)
+ continue;
+ /* if there is no next filter, create the final output file */
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter [write]: last filter=%d fname=%s\n",
- f->next ? 1 : 0, s->fname);
+ _gnutls_read_log
+ ("filter [write]: last filter=%d fname=%s\n",
+ f->next ? 1 : 0, s->fname);
#endif
- if (!f->next && s->fname)
- f->tmp = fopen (s->fname, "w+b");
- else
- f->tmp = _cdk_tmpfile ();
- if (!f->tmp)
- {
- rc = CDK_File_Error;
- break;
- }
- /* If there is no next filter, flush the cache. We also do this
- when the next filter is the armor filter because this filter
- is special and before it starts, all data should be written. */
- if ((!f->next || f->next->type == fARMOR) && s->cache.size)
- {
- rc = stream_cache_flush (s, f->tmp);
- if (rc)
- break;
- }
- rc = f->fnct (f->uint8_t, f->ctl, s->fp, f->tmp);
+ if (!f->next && s->fname)
+ f->tmp = fopen(s->fname, "w+b");
+ else
+ f->tmp = _cdk_tmpfile();
+ if (!f->tmp) {
+ rc = CDK_File_Error;
+ break;
+ }
+ /* If there is no next filter, flush the cache. We also do this
+ when the next filter is the armor filter because this filter
+ is special and before it starts, all data should be written. */
+ if ((!f->next || f->next->type == fARMOR) && s->cache.size) {
+ rc = stream_cache_flush(s, f->tmp);
+ if (rc)
+ break;
+ }
+ rc = f->fnct(f->uint8_t, f->ctl, s->fp, f->tmp);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter [write]: type=%d rc=%d\n", f->type, rc);
+ _gnutls_read_log("filter [write]: type=%d rc=%d\n",
+ f->type, rc);
#endif
- if (!rc)
- rc = stream_fp_replace (s, &f->tmp);
- if (!rc)
- rc = cdk_stream_seek (s, 0);
- if (rc)
- {
+ if (!rc)
+ rc = stream_fp_replace(s, &f->tmp);
+ if (!rc)
+ rc = cdk_stream_seek(s, 0);
+ if (rc) {
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter [close]: fd=%d\n", fileno (f->tmp));
+ _gnutls_read_log("filter [close]: fd=%d\n",
+ fileno(f->tmp));
#endif
- fclose (f->tmp);
- f->tmp = NULL;
- break;
- }
- }
- return rc;
+ fclose(f->tmp);
+ f->tmp = NULL;
+ break;
+ }
+ }
+ return rc;
}
@@ -863,90 +798,82 @@ stream_filter_write (cdk_stream_t s)
Create a tempfile and use it for the output of the filter. Then the
original file handle will be closed and replace with the temp handle.
The file pointer will be set to the begin and the game starts again. */
-static cdk_error_t
-stream_filter_read (cdk_stream_t s)
+static cdk_error_t stream_filter_read(cdk_stream_t s)
{
- struct stream_filter_s *f;
- cdk_error_t rc = 0;
+ struct stream_filter_s *f;
+ cdk_error_t rc = 0;
- assert (s);
+ assert(s);
- if (s->flags.filtrated)
- return 0;
+ if (s->flags.filtrated)
+ return 0;
- for (f = s->filters; f; f = f->next)
- {
- if (!f->flags.enabled)
- continue;
- if (f->flags.error)
- {
+ for (f = s->filters; f; f = f->next) {
+ if (!f->flags.enabled)
+ continue;
+ if (f->flags.error) {
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter %s [read]: has the error flag; skipped\n",
- s->fname ? s->fname : "[temp]");
+ _gnutls_read_log
+ ("filter %s [read]: has the error flag; skipped\n",
+ s->fname ? s->fname : "[temp]");
#endif
- continue;
- }
-
- f->tmp = _cdk_tmpfile ();
- if (!f->tmp)
- {
- rc = CDK_File_Error;
- break;
- }
- rc = f->fnct (f->uint8_t, f->ctl, s->fp, f->tmp);
+ continue;
+ }
+
+ f->tmp = _cdk_tmpfile();
+ if (!f->tmp) {
+ rc = CDK_File_Error;
+ break;
+ }
+ rc = f->fnct(f->uint8_t, f->ctl, s->fp, f->tmp);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter %s [read]: type=%d rc=%d\n",
- s->fname ? s->fname : "[temp]", f->type, rc);
+ _gnutls_read_log("filter %s [read]: type=%d rc=%d\n",
+ s->fname ? s->fname : "[temp]", f->type,
+ rc);
#endif
- if (rc)
- {
- f->flags.error = 1;
- break;
- }
-
- f->flags.error = 0;
- /* If the filter is read-only, do not replace the FP because
- the contents were not altered in any way. */
- if (!f->flags.rdonly)
- {
- rc = stream_fp_replace (s, &f->tmp);
- if (rc)
- break;
- }
- else
- {
- fclose (f->tmp);
- f->tmp = NULL;
- }
- rc = cdk_stream_seek (s, 0);
- if (rc)
- break;
- /* Disable the filter after it was successfully used. The idea
- is the following: let's say the armor filter was pushed and
- later more filters were added. The second time the filter code
- will be executed, only the new filter should be started but
- not the old because we already used it. */
- f->flags.enabled = 0;
- }
-
- return rc;
+ if (rc) {
+ f->flags.error = 1;
+ break;
+ }
+
+ f->flags.error = 0;
+ /* If the filter is read-only, do not replace the FP because
+ the contents were not altered in any way. */
+ if (!f->flags.rdonly) {
+ rc = stream_fp_replace(s, &f->tmp);
+ if (rc)
+ break;
+ } else {
+ fclose(f->tmp);
+ f->tmp = NULL;
+ }
+ rc = cdk_stream_seek(s, 0);
+ if (rc)
+ break;
+ /* Disable the filter after it was successfully used. The idea
+ is the following: let's say the armor filter was pushed and
+ later more filters were added. The second time the filter code
+ will be executed, only the new filter should be started but
+ not the old because we already used it. */
+ f->flags.enabled = 0;
+ }
+
+ return rc;
}
-void *
-_cdk_stream_get_uint8_t (cdk_stream_t s, int fid)
+void *_cdk_stream_get_uint8_t(cdk_stream_t s, int fid)
{
- struct stream_filter_s *f;
+ struct stream_filter_s *f;
- if (!s)
- return NULL;
+ if (!s)
+ return NULL;
- for (f = s->filters; f; f = f->next)
- {
- if ((int) f->type == fid)
- return f->uint8_t;
- }
- return NULL;
+ for (f = s->filters; f; f = f->next) {
+ if ((int) f->type == fid)
+ return f->uint8_t;
+ }
+ return NULL;
}
@@ -961,81 +888,71 @@ _cdk_stream_get_uint8_t (cdk_stream_t s, int fid)
* because all filters need to be processed. Please remember that you
* need to add the filters in reserved order.
**/
-int
-cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen)
+int cdk_stream_read(cdk_stream_t s, void *buf, size_t buflen)
{
- int nread;
- int rc;
-
- if (!s)
- {
- gnutls_assert ();
- return EOF;
- }
-
- if (s->cbs_hd)
- {
- if (s->cbs.read)
- return s->cbs.read (s->cbs_hd, buf, buflen);
- return 0;
- }
-
- if (s->flags.write && !s->flags.temp)
- {
- s->error = CDK_Inv_Mode;
- gnutls_assert ();
- return EOF; /* This is a write stream */
- }
-
- if (!s->flags.no_filter && !s->cache.on && !s->flags.filtrated)
- {
- rc = stream_filter_read (s);
- if (rc)
- {
- s->error = rc;
- if (s->fp && feof (s->fp))
- s->flags.eof = 1;
- gnutls_assert ();
- return EOF;
- }
- s->flags.filtrated = 1;
- }
-
- if (!buf && !buflen)
- return 0;
-
- nread = fread (buf, 1, buflen, s->fp);
- if (!nread)
- nread = EOF;
-
- if (feof (s->fp))
- {
- s->error = 0;
- s->flags.eof = 1;
- }
- return nread;
+ int nread;
+ int rc;
+
+ if (!s) {
+ gnutls_assert();
+ return EOF;
+ }
+
+ if (s->cbs_hd) {
+ if (s->cbs.read)
+ return s->cbs.read(s->cbs_hd, buf, buflen);
+ return 0;
+ }
+
+ if (s->flags.write && !s->flags.temp) {
+ s->error = CDK_Inv_Mode;
+ gnutls_assert();
+ return EOF; /* This is a write stream */
+ }
+
+ if (!s->flags.no_filter && !s->cache.on && !s->flags.filtrated) {
+ rc = stream_filter_read(s);
+ if (rc) {
+ s->error = rc;
+ if (s->fp && feof(s->fp))
+ s->flags.eof = 1;
+ gnutls_assert();
+ return EOF;
+ }
+ s->flags.filtrated = 1;
+ }
+
+ if (!buf && !buflen)
+ return 0;
+
+ nread = fread(buf, 1, buflen, s->fp);
+ if (!nread)
+ nread = EOF;
+
+ if (feof(s->fp)) {
+ s->error = 0;
+ s->flags.eof = 1;
+ }
+ return nread;
}
-int
-cdk_stream_getc (cdk_stream_t s)
+int cdk_stream_getc(cdk_stream_t s)
{
- unsigned char buf[2];
- int nread;
-
- if (!s)
- {
- gnutls_assert ();
- return EOF;
- }
- nread = cdk_stream_read (s, buf, 1);
- if (nread == EOF)
- {
- s->error = CDK_File_Error;
- gnutls_assert ();
- return EOF;
- }
- return buf[0];
+ unsigned char buf[2];
+ int nread;
+
+ if (!s) {
+ gnutls_assert();
+ return EOF;
+ }
+ nread = cdk_stream_read(s, buf, 1);
+ if (nread == EOF) {
+ s->error = CDK_File_Error;
+ gnutls_assert();
+ return EOF;
+ }
+ return buf[0];
}
@@ -1050,143 +967,133 @@ cdk_stream_getc (cdk_stream_t s)
* use the filters here because it would mean they have to support
* partial flushing.
**/
-int
-cdk_stream_write (cdk_stream_t s, const void *buf, size_t count)
+int cdk_stream_write(cdk_stream_t s, const void *buf, size_t count)
{
- int nwritten;
-
- if (!s)
- {
- gnutls_assert ();
- return EOF;
- }
-
- if (s->cbs_hd)
- {
- if (s->cbs.write)
- return s->cbs.write (s->cbs_hd, buf, count);
- return 0;
- }
-
- if (!s->flags.write)
- {
- s->error = CDK_Inv_Mode; /* this is a read stream */
- gnutls_assert ();
- return EOF;
- }
-
- if (!buf || !count)
- return stream_flush (s);
-
- if (s->cache.on)
- {
+ int nwritten;
+
+ if (!s) {
+ gnutls_assert();
+ return EOF;
+ }
+
+ if (s->cbs_hd) {
+ if (s->cbs.write)
+ return s->cbs.write(s->cbs_hd, buf, count);
+ return 0;
+ }
+
+ if (!s->flags.write) {
+ s->error = CDK_Inv_Mode; /* this is a read stream */
+ gnutls_assert();
+ return EOF;
+ }
+
+ if (!buf || !count)
+ return stream_flush(s);
+
+ if (s->cache.on) {
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream[ref=%u]: written %d bytes\n", s->fp_ref, (int) count);
+ _gnutls_read_log("stream[ref=%u]: written %d bytes\n",
+ s->fp_ref, (int) count);
#endif
- /* We need to resize the buffer if the additional data wouldn't
- fit into it. We allocate more memory to avoid to resize it the
- next time the function is used. */
- if (s->cache.size + count > s->cache.alloced)
- {
- byte *old = s->cache.buf;
-
- s->cache.buf =
- cdk_calloc (1, s->cache.alloced + count + STREAM_BUFSIZE);
- s->cache.alloced += (count + STREAM_BUFSIZE);
- memcpy (s->cache.buf, old, s->cache.size);
- cdk_free (old);
+ /* We need to resize the buffer if the additional data wouldn't
+ fit into it. We allocate more memory to avoid to resize it the
+ next time the function is used. */
+ if (s->cache.size + count > s->cache.alloced) {
+ byte *old = s->cache.buf;
+
+ s->cache.buf =
+ cdk_calloc(1,
+ s->cache.alloced + count +
+ STREAM_BUFSIZE);
+ s->cache.alloced += (count + STREAM_BUFSIZE);
+ memcpy(s->cache.buf, old, s->cache.size);
+ cdk_free(old);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream: enlarge cache to %d octets\n",
- (int) s->cache.alloced);
+ _gnutls_read_log
+ ("stream: enlarge cache to %d octets\n",
+ (int) s->cache.alloced);
#endif
- }
-
- memcpy (s->cache.buf + s->cache.size, buf, count);
- s->cache.size += count;
- return count;
- }
+ }
+ memcpy(s->cache.buf + s->cache.size, buf, count);
+ s->cache.size += count;
+ return count;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream[fd=%u]: written %d bytes\n", fileno (s->fp), (int) count);
+ _gnutls_read_log("stream[fd=%u]: written %d bytes\n",
+ fileno(s->fp), (int) count);
#endif
- nwritten = fwrite (buf, 1, count, s->fp);
- if (!nwritten)
- nwritten = EOF;
- return nwritten;
+ nwritten = fwrite(buf, 1, count, s->fp);
+ if (!nwritten)
+ nwritten = EOF;
+ return nwritten;
}
-int
-cdk_stream_putc (cdk_stream_t s, int c)
+int cdk_stream_putc(cdk_stream_t s, int c)
{
- byte buf[2];
- int nwritten;
-
- if (!s)
- {
- gnutls_assert ();
- return EOF;
- }
- buf[0] = c;
- nwritten = cdk_stream_write (s, buf, 1);
- if (nwritten == EOF)
- return EOF;
- return 0;
+ byte buf[2];
+ int nwritten;
+
+ if (!s) {
+ gnutls_assert();
+ return EOF;
+ }
+ buf[0] = c;
+ nwritten = cdk_stream_write(s, buf, 1);
+ if (nwritten == EOF)
+ return EOF;
+ return 0;
}
-off_t
-cdk_stream_tell (cdk_stream_t s)
+off_t cdk_stream_tell(cdk_stream_t s)
{
- return s ? ftell (s->fp) : (off_t) - 1;
+ return s ? ftell(s->fp) : (off_t) - 1;
}
-cdk_error_t
-cdk_stream_seek (cdk_stream_t s, off_t offset)
+cdk_error_t cdk_stream_seek(cdk_stream_t s, off_t offset)
{
- off_t len;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (s->cbs_hd)
- {
- if (s->cbs.seek)
- return s->cbs.seek (s->cbs_hd, offset);
- return 0;
- }
-
- /* Set or reset the EOF flag. */
- len = cdk_stream_get_length (s);
- if (len == offset)
- s->flags.eof = 1;
- else
- s->flags.eof = 0;
-
- if (fseek (s->fp, offset, SEEK_SET))
- {
- gnutls_assert ();
- return CDK_File_Error;
- }
- return 0;
+ off_t len;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (s->cbs_hd) {
+ if (s->cbs.seek)
+ return s->cbs.seek(s->cbs_hd, offset);
+ return 0;
+ }
+
+ /* Set or reset the EOF flag. */
+ len = cdk_stream_get_length(s);
+ if (len == offset)
+ s->flags.eof = 1;
+ else
+ s->flags.eof = 0;
+
+ if (fseek(s->fp, offset, SEEK_SET)) {
+ gnutls_assert();
+ return CDK_File_Error;
+ }
+ return 0;
}
-static cdk_error_t
-stream_flush (cdk_stream_t s)
+static cdk_error_t stream_flush(cdk_stream_t s)
{
- assert (s);
+ assert(s);
- /* For some constellations it cannot be assured that the
- return value is defined, thus we ignore it for now. */
- (void) fflush (s->fp);
- return 0;
+ /* For some constellations it cannot be assured that the
+ return value is defined, thus we ignore it for now. */
+ (void) fflush(s->fp);
+ return 0;
}
@@ -1201,25 +1108,22 @@ stream_flush (cdk_stream_t s)
* For the write mode, @armor_type can be set to any valid
* armor type (message, key, sig).
**/
-cdk_error_t
-cdk_stream_set_armor_flag (cdk_stream_t s, int armor_type)
+cdk_error_t cdk_stream_set_armor_flag(cdk_stream_t s, int armor_type)
{
- struct stream_filter_s *f;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- f = filter_add (s, _cdk_filter_armor, fARMOR);
- if (!f)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- f->u.afx.idx = f->u.afx.idx2 = armor_type;
- f->ctl = stream_get_mode (s);
- return 0;
+ struct stream_filter_s *f;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ f = filter_add(s, _cdk_filter_armor, fARMOR);
+ if (!f) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ f->u.afx.idx = f->u.afx.idx2 = armor_type;
+ f->ctl = stream_get_mode(s);
+ return 0;
}
@@ -1235,39 +1139,37 @@ cdk_stream_set_armor_flag (cdk_stream_t s, int armor_type)
* into a literal packet with the given mode and file name.
**/
cdk_error_t
-cdk_stream_set_literal_flag (cdk_stream_t s, cdk_lit_format_t mode,
- const char *fname)
+cdk_stream_set_literal_flag(cdk_stream_t s, cdk_lit_format_t mode,
+ const char *fname)
{
- struct stream_filter_s *f;
- const char *orig_fname;
+ struct stream_filter_s *f;
+ const char *orig_fname;
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream: enable literal mode.\n");
+ _gnutls_read_log("stream: enable literal mode.\n");
#endif
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- orig_fname = _cdk_stream_get_fname (s);
- f = filter_add (s, _cdk_filter_literal, fLITERAL);
- if (!f)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- f->u.pfx.mode = mode;
- f->u.pfx.filename = fname ? cdk_strdup (fname) : NULL;
- f->u.pfx.orig_filename = orig_fname ? cdk_strdup (orig_fname) : NULL;
- f->ctl = stream_get_mode (s);
- if (s->blkmode > 0)
- {
- f->u.pfx.blkmode.on = 1;
- f->u.pfx.blkmode.size = s->blkmode;
- }
- return 0;
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ orig_fname = _cdk_stream_get_fname(s);
+ f = filter_add(s, _cdk_filter_literal, fLITERAL);
+ if (!f) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ f->u.pfx.mode = mode;
+ f->u.pfx.filename = fname ? cdk_strdup(fname) : NULL;
+ f->u.pfx.orig_filename =
+ orig_fname ? cdk_strdup(orig_fname) : NULL;
+ f->ctl = stream_get_mode(s);
+ if (s->blkmode > 0) {
+ f->u.pfx.blkmode.on = 1;
+ f->u.pfx.blkmode.size = s->blkmode;
+ }
+ return 0;
}
@@ -1283,11 +1185,11 @@ cdk_stream_set_literal_flag (cdk_stream_t s, cdk_lit_format_t mode,
* given algorithm at the given level.
**/
cdk_error_t
-cdk_stream_set_compress_flag (cdk_stream_t s, int algo, int level)
+cdk_stream_set_compress_flag(cdk_stream_t s, int algo, int level)
{
- gnutls_assert ();
- return CDK_Not_Implemented;
+ gnutls_assert();
+ return CDK_Not_Implemented;
}
@@ -1298,25 +1200,22 @@ cdk_stream_set_compress_flag (cdk_stream_t s, int algo, int level)
*
* Pushes the text filter to store the stream data in cannoncial format.
**/
-cdk_error_t
-cdk_stream_set_text_flag (cdk_stream_t s, const char *lf)
+cdk_error_t cdk_stream_set_text_flag(cdk_stream_t s, const char *lf)
{
- struct stream_filter_s *f;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- f = filter_add (s, _cdk_filter_text, fTEXT);
- if (!f)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- f->ctl = stream_get_mode (s);
- f->u.tfx.lf = lf;
- return 0;
+ struct stream_filter_s *f;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ f = filter_add(s, _cdk_filter_text, fTEXT);
+ if (!f) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ f->ctl = stream_get_mode(s);
+ f->u.tfx.lf = lf;
+ return 0;
}
/**
@@ -1326,54 +1225,47 @@ cdk_stream_set_text_flag (cdk_stream_t s, const char *lf)
*
* Enables or disable the cache section of a stream object.
**/
-cdk_error_t
-cdk_stream_enable_cache (cdk_stream_t s, int val)
+cdk_error_t cdk_stream_enable_cache(cdk_stream_t s, int val)
{
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!s->flags.write)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- s->cache.on = val;
- if (!s->cache.buf)
- {
- s->cache.buf = cdk_calloc (1, STREAM_BUFSIZE);
- s->cache.alloced = STREAM_BUFSIZE;
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!s->flags.write) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ s->cache.on = val;
+ if (!s->cache.buf) {
+ s->cache.buf = cdk_calloc(1, STREAM_BUFSIZE);
+ s->cache.alloced = STREAM_BUFSIZE;
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream: allocate cache of %d octets\n",
- STREAM_BUFSIZE);
+ _gnutls_read_log("stream: allocate cache of %d octets\n",
+ STREAM_BUFSIZE);
#endif
- }
- return 0;
+ }
+ return 0;
}
-static int
-stream_cache_flush (cdk_stream_t s, FILE * fp)
+static int stream_cache_flush(cdk_stream_t s, FILE * fp)
{
- int nwritten;
-
- assert (s);
-
- /* FIXME: We should find a way to use cdk_stream_write here. */
- if (s->cache.size > 0)
- {
- nwritten = fwrite (s->cache.buf, 1, s->cache.size, fp);
- if (!nwritten)
- {
- gnutls_assert ();
- return CDK_File_Error;
- }
- s->cache.size = 0;
- s->cache.on = 0;
- memset (s->cache.buf, 0, s->cache.alloced);
- }
- return 0;
+ int nwritten;
+
+ assert(s);
+
+ /* FIXME: We should find a way to use cdk_stream_write here. */
+ if (s->cache.size > 0) {
+ nwritten = fwrite(s->cache.buf, 1, s->cache.size, fp);
+ if (!nwritten) {
+ gnutls_assert();
+ return CDK_File_Error;
+ }
+ s->cache.size = 0;
+ s->cache.on = 0;
+ memset(s->cache.buf, 0, s->cache.alloced);
+ }
+ return 0;
}
@@ -1385,34 +1277,30 @@ stream_cache_flush (cdk_stream_t s, FILE * fp)
* Passes the entire data from @inp into the output stream @out
* with all the activated filters.
*/
-cdk_error_t
-cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out)
+cdk_error_t cdk_stream_kick_off(cdk_stream_t inp, cdk_stream_t out)
{
- byte buf[BUFSIZE];
- int nread, nwritten;
- cdk_error_t rc;
-
- if (!inp || !out)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- rc = CDK_Success;
- while (!cdk_stream_eof (inp))
- {
- nread = cdk_stream_read (inp, buf, DIM (buf));
- if (!nread || nread == EOF)
- break;
- nwritten = cdk_stream_write (out, buf, nread);
- if (!nwritten || nwritten == EOF)
- { /* In case of errors, we leave the loop. */
- rc = inp->error;
- break;
- }
- }
-
- memset (buf, 0, sizeof (buf));
- return rc;
+ byte buf[BUFSIZE];
+ int nread, nwritten;
+ cdk_error_t rc;
+
+ if (!inp || !out) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ rc = CDK_Success;
+ while (!cdk_stream_eof(inp)) {
+ nread = cdk_stream_read(inp, buf, DIM(buf));
+ if (!nread || nread == EOF)
+ break;
+ nwritten = cdk_stream_write(out, buf, nread);
+ if (!nwritten || nwritten == EOF) { /* In case of errors, we leave the loop. */
+ rc = inp->error;
+ break;
+ }
+ }
+
+ memset(buf, 0, sizeof(buf));
+ return rc;
}
@@ -1428,85 +1316,80 @@ cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out)
* contains the length of the buffer.
**/
cdk_error_t
-cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
- byte ** ret_buf, size_t * ret_buflen)
+cdk_stream_mmap_part(cdk_stream_t s, off_t off, size_t len,
+ byte ** ret_buf, size_t * ret_buflen)
{
- cdk_error_t rc;
- off_t oldpos;
- unsigned int n;
-
- if (!ret_buf || !ret_buflen)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- *ret_buf = NULL;
- *ret_buflen = 0;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- /* Memory mapping is not supported on custom I/O objects. */
- if (s->cbs_hd)
- {
+ cdk_error_t rc;
+ off_t oldpos;
+ unsigned int n;
+
+ if (!ret_buf || !ret_buflen) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ *ret_buf = NULL;
+ *ret_buflen = 0;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ /* Memory mapping is not supported on custom I/O objects. */
+ if (s->cbs_hd) {
#ifdef DEBUG_STREAM
- _gnutls_read_log ("cdk_stream_mmap_part: not supported on callbacks\n");
+ _gnutls_read_log
+ ("cdk_stream_mmap_part: not supported on callbacks\n");
#endif
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- oldpos = cdk_stream_tell (s);
- rc = cdk_stream_flush (s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- rc = cdk_stream_seek (s, off);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- if (!len)
- len = cdk_stream_get_length (s);
- if (!len)
- {
- _gnutls_read_log ("cdk_stream_mmap_part: invalid file size %lu\n", (unsigned long)len);
- gnutls_assert ();
- return s->error;
- }
- if (len > MAX_MAP_SIZE)
- {
- gnutls_assert ();
- return CDK_Too_Short;
- }
-
- *ret_buf = cdk_calloc (1, len + 1);
- *ret_buflen = len;
- n = cdk_stream_read (s, *ret_buf, len);
- if (n != len)
- *ret_buflen = n;
- rc = cdk_stream_seek (s, oldpos);
- if (rc)
- gnutls_assert ();
- return rc;
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ oldpos = cdk_stream_tell(s);
+ rc = cdk_stream_flush(s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ rc = cdk_stream_seek(s, off);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ if (!len)
+ len = cdk_stream_get_length(s);
+ if (!len) {
+ _gnutls_read_log
+ ("cdk_stream_mmap_part: invalid file size %lu\n",
+ (unsigned long) len);
+ gnutls_assert();
+ return s->error;
+ }
+ if (len > MAX_MAP_SIZE) {
+ gnutls_assert();
+ return CDK_Too_Short;
+ }
+
+ *ret_buf = cdk_calloc(1, len + 1);
+ *ret_buflen = len;
+ n = cdk_stream_read(s, *ret_buf, len);
+ if (n != len)
+ *ret_buflen = n;
+ rc = cdk_stream_seek(s, oldpos);
+ if (rc)
+ gnutls_assert();
+ return rc;
}
-cdk_error_t
-cdk_stream_mmap (cdk_stream_t inp, byte ** buf, size_t * buflen)
+cdk_error_t cdk_stream_mmap(cdk_stream_t inp, byte ** buf, size_t * buflen)
{
- off_t len;
+ off_t len;
- /* We need to make sure all data is flushed before we retrieve the size. */
- cdk_stream_flush (inp);
- len = cdk_stream_get_length (inp);
- return cdk_stream_mmap_part (inp, 0, len, buf, buflen);
+ /* We need to make sure all data is flushed before we retrieve the size. */
+ cdk_stream_flush(inp);
+ len = cdk_stream_get_length(inp);
+ return cdk_stream_mmap_part(inp, 0, len, buf, buflen);
}
@@ -1519,77 +1402,70 @@ cdk_stream_mmap (cdk_stream_t inp, byte ** buf, size_t * buflen)
* The function acts like cdk_stream_read with the difference that
* the file pointer is moved to the old position after the bytes were read.
**/
-int
-cdk_stream_peek (cdk_stream_t inp, byte * buf, size_t buflen)
+int cdk_stream_peek(cdk_stream_t inp, byte * buf, size_t buflen)
{
- off_t off;
- int nbytes;
-
- if (!inp || !buf)
- return 0;
- if (inp->cbs_hd)
- return 0;
-
- off = cdk_stream_tell (inp);
- nbytes = cdk_stream_read (inp, buf, buflen);
- if (nbytes == -1)
- return 0;
- if (cdk_stream_seek (inp, off))
- return 0;
- return nbytes;
+ off_t off;
+ int nbytes;
+
+ if (!inp || !buf)
+ return 0;
+ if (inp->cbs_hd)
+ return 0;
+
+ off = cdk_stream_tell(inp);
+ nbytes = cdk_stream_read(inp, buf, buflen);
+ if (nbytes == -1)
+ return 0;
+ if (cdk_stream_seek(inp, off))
+ return 0;
+ return nbytes;
}
/* Try to read a line from the given stream. */
-int
-_cdk_stream_gets (cdk_stream_t s, char *buf, size_t count)
+int _cdk_stream_gets(cdk_stream_t s, char *buf, size_t count)
{
- int c, i;
-
- assert (s);
-
- i = 0;
- while (!cdk_stream_eof (s) && count > 0)
- {
- c = cdk_stream_getc (s);
- if (c == EOF || c == '\r' || c == '\n')
- {
- buf[i++] = '\0';
- break;
- }
- buf[i++] = c;
- count--;
- }
- return i;
+ int c, i;
+
+ assert(s);
+
+ i = 0;
+ while (!cdk_stream_eof(s) && count > 0) {
+ c = cdk_stream_getc(s);
+ if (c == EOF || c == '\r' || c == '\n') {
+ buf[i++] = '\0';
+ break;
+ }
+ buf[i++] = c;
+ count--;
+ }
+ return i;
}
/* Try to write string into the stream @s. */
-int
-_cdk_stream_puts (cdk_stream_t s, const char *buf)
+int _cdk_stream_puts(cdk_stream_t s, const char *buf)
{
- return cdk_stream_write (s, buf, strlen (buf));
+ return cdk_stream_write(s, buf, strlen(buf));
}
/* Activate the block mode for the given stream. */
-cdk_error_t
-_cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes)
+cdk_error_t _cdk_stream_set_blockmode(cdk_stream_t s, size_t nbytes)
{
- assert (s);
+ assert(s);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream: activate block mode with blocksize %d\n",
- (int) nbytes);
+ _gnutls_read_log("stream: activate block mode with blocksize %d\n",
+ (int) nbytes);
#endif
- s->blkmode = nbytes;
- return 0;
+ s->blkmode = nbytes;
+ return 0;
}
/* Return the block mode state of the given stream. */
-int
-_cdk_stream_get_blockmode (cdk_stream_t s)
+int _cdk_stream_get_blockmode(cdk_stream_t s)
{
- return s ? s->blkmode : 0;
+ return s ? s->blkmode : 0;
}
diff --git a/lib/opencdk/stream.h b/lib/opencdk/stream.h
index be57fb2963..3a7b93495e 100644
--- a/lib/opencdk/stream.h
+++ b/lib/opencdk/stream.h
@@ -26,77 +26,70 @@
/* The default buffer size for the stream. */
#define STREAM_BUFSIZE 8192
-enum
-{
- fDUMMY = 0,
- fARMOR = 1,
- fCIPHER = 2,
- fLITERAL = 3,
- fCOMPRESS = 4,
- fHASH = 5,
- fTEXT = 6
+enum {
+ fDUMMY = 0,
+ fARMOR = 1,
+ fCIPHER = 2,
+ fLITERAL = 3,
+ fCOMPRESS = 4,
+ fHASH = 5,
+ fTEXT = 6
};
/* Type definition for the filter function. */
-typedef cdk_error_t (*filter_fnct_t) (void *uint8_t, int ctl, FILE * in,
- FILE * out);
+typedef cdk_error_t(*filter_fnct_t) (void *uint8_t, int ctl, FILE * in,
+ FILE * out);
/* The stream filter context structure. */
-struct stream_filter_s
-{
- struct stream_filter_s *next;
- filter_fnct_t fnct;
- void *uint8_t;
- FILE *tmp;
- union
- {
- armor_filter_t afx;
- cipher_filter_t cfx;
- literal_filter_t pfx;
- compress_filter_t zfx;
- text_filter_t tfx;
- md_filter_t mfx;
- } u;
- struct
- {
- unsigned enabled:1;
- unsigned rdonly:1;
- unsigned error:1;
- } flags;
- unsigned type;
- unsigned ctl;
+struct stream_filter_s {
+ struct stream_filter_s *next;
+ filter_fnct_t fnct;
+ void *uint8_t;
+ FILE *tmp;
+ union {
+ armor_filter_t afx;
+ cipher_filter_t cfx;
+ literal_filter_t pfx;
+ compress_filter_t zfx;
+ text_filter_t tfx;
+ md_filter_t mfx;
+ } u;
+ struct {
+ unsigned enabled:1;
+ unsigned rdonly:1;
+ unsigned error:1;
+ } flags;
+ unsigned type;
+ unsigned ctl;
};
/* The stream context structure. */
-struct cdk_stream_s
-{
- struct stream_filter_s *filters;
- int fmode;
- int error;
- size_t blkmode;
- struct
- {
- unsigned filtrated:1;
- unsigned eof:1;
- unsigned write:1;
- unsigned temp:1;
- unsigned reset:1;
- unsigned no_filter:1;
- unsigned compressed:3;
- } flags;
- struct
- {
- unsigned char *buf;
- unsigned on:1;
- size_t size;
- size_t alloced;
- } cache;
- char *fname;
- FILE *fp;
- unsigned int fp_ref:1;
- struct cdk_stream_cbs_s cbs;
- void *cbs_hd;
+struct cdk_stream_s {
+ struct stream_filter_s *filters;
+ int fmode;
+ int error;
+ size_t blkmode;
+ struct {
+ unsigned filtrated:1;
+ unsigned eof:1;
+ unsigned write:1;
+ unsigned temp:1;
+ unsigned reset:1;
+ unsigned no_filter:1;
+ unsigned compressed:3;
+ } flags;
+ struct {
+ unsigned char *buf;
+ unsigned on:1;
+ size_t size;
+ size_t alloced;
+ } cache;
+ char *fname;
+ FILE *fp;
+ unsigned int fp_ref:1;
+ struct cdk_stream_cbs_s cbs;
+ void *cbs_hd;
};
-#endif /* CDK_STREAM_H */
+#endif /* CDK_STREAM_H */
diff --git a/lib/opencdk/types.h b/lib/opencdk/types.h
index fb31c765d8..8fae6ce629 100644
--- a/lib/opencdk/types.h
+++ b/lib/opencdk/types.h
@@ -46,4 +46,4 @@ typedef unsigned int u32;
#define DIMof(type, member) DIM(((type *)0)->member)
#endif
-#endif /* CDK_TYPES_H */
+#endif /* CDK_TYPES_H */
diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c
index 6e76e7227b..b852e0e8d1 100644
--- a/lib/opencdk/write-packet.c
+++ b/lib/opencdk/write-packet.c
@@ -31,756 +31,750 @@
#include "main.h"
-static int
-stream_write (cdk_stream_t s, const void *buf, size_t buflen)
+static int stream_write(cdk_stream_t s, const void *buf, size_t buflen)
{
- int nwritten;
+ int nwritten;
- nwritten = cdk_stream_write (s, buf, buflen);
- if (nwritten == EOF)
- return _cdk_stream_get_errno (s);
- return 0;
+ nwritten = cdk_stream_write(s, buf, buflen);
+ if (nwritten == EOF)
+ return _cdk_stream_get_errno(s);
+ return 0;
}
static int
-stream_read (cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
{
- int nread;
+ int nread;
- assert (r_nread);
+ assert(r_nread);
- nread = cdk_stream_read (s, buf, buflen);
- if (nread == EOF)
- return _cdk_stream_get_errno (s);
- *r_nread = nread;
- return 0;
+ nread = cdk_stream_read(s, buf, buflen);
+ if (nread == EOF)
+ return _cdk_stream_get_errno(s);
+ *r_nread = nread;
+ return 0;
}
-static int
-stream_putc (cdk_stream_t s, int c)
+static int stream_putc(cdk_stream_t s, int c)
{
- int nwritten = cdk_stream_putc (s, c);
- if (nwritten == EOF)
- return _cdk_stream_get_errno (s);
- return 0;
+ int nwritten = cdk_stream_putc(s, c);
+ if (nwritten == EOF)
+ return _cdk_stream_get_errno(s);
+ return 0;
}
-static int
-write_32 (cdk_stream_t out, u32 u)
+static int write_32(cdk_stream_t out, u32 u)
{
- byte buf[4];
+ byte buf[4];
- buf[0] = u >> 24;
- buf[1] = u >> 16;
- buf[2] = u >> 8;
- buf[3] = u;
- return stream_write (out, buf, 4);
+ buf[0] = u >> 24;
+ buf[1] = u >> 16;
+ buf[2] = u >> 8;
+ buf[3] = u;
+ return stream_write(out, buf, 4);
}
-static int
-write_16 (cdk_stream_t out, u16 u)
+static int write_16(cdk_stream_t out, u16 u)
{
- byte buf[2];
+ byte buf[2];
- buf[0] = u >> 8;
- buf[1] = u;
- return stream_write (out, buf, 2);
+ buf[0] = u >> 8;
+ buf[1] = u;
+ return stream_write(out, buf, 2);
}
-static size_t
-calc_mpisize (bigint_t mpi[MAX_CDK_PK_PARTS], size_t ncount)
+static size_t calc_mpisize(bigint_t mpi[MAX_CDK_PK_PARTS], size_t ncount)
{
- size_t size, i;
+ size_t size, i;
- size = 0;
- for (i = 0; i < ncount; i++)
- size += (_gnutls_mpi_get_nbits (mpi[i]) + 7) / 8 + 2;
- return size;
+ size = 0;
+ for (i = 0; i < ncount; i++)
+ size += (_gnutls_mpi_get_nbits(mpi[i]) + 7) / 8 + 2;
+ return size;
}
-static int
-write_mpi (cdk_stream_t out, bigint_t m)
+static int write_mpi(cdk_stream_t out, bigint_t m)
{
- byte buf[MAX_MPI_BYTES + 2];
- size_t nbits, nread;
- int err;
-
- if (!out || !m)
- return CDK_Inv_Value;
- nbits = _gnutls_mpi_get_nbits (m);
- if (nbits > MAX_MPI_BITS || nbits < 1)
- return CDK_MPI_Error;
-
- nread = MAX_MPI_BYTES + 2;
- err = _gnutls_mpi_print_pgp (m, buf, &nread);
- if (err < 0)
- return map_gnutls_error (err);
- return stream_write (out, buf, nread);
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nbits, nread;
+ int err;
+
+ if (!out || !m)
+ return CDK_Inv_Value;
+ nbits = _gnutls_mpi_get_nbits(m);
+ if (nbits > MAX_MPI_BITS || nbits < 1)
+ return CDK_MPI_Error;
+
+ nread = MAX_MPI_BYTES + 2;
+ err = _gnutls_mpi_print_pgp(m, buf, &nread);
+ if (err < 0)
+ return map_gnutls_error(err);
+ return stream_write(out, buf, nread);
}
static cdk_error_t
-write_mpibuf (cdk_stream_t out, bigint_t mpi[MAX_CDK_PK_PARTS], size_t count)
+write_mpibuf(cdk_stream_t out, bigint_t mpi[MAX_CDK_PK_PARTS],
+ size_t count)
{
- size_t i;
- cdk_error_t rc;
-
- for (i = 0; i < count; i++)
- {
- rc = write_mpi (out, mpi[i]);
- if (rc)
- return rc;
- }
- return 0;
+ size_t i;
+ cdk_error_t rc;
+
+ for (i = 0; i < count; i++) {
+ rc = write_mpi(out, mpi[i]);
+ if (rc)
+ return rc;
+ }
+ return 0;
}
-static cdk_error_t
-pkt_encode_len (cdk_stream_t out, size_t pktlen)
+static cdk_error_t pkt_encode_len(cdk_stream_t out, size_t pktlen)
{
- cdk_error_t rc;
-
- if (!out)
- return CDK_Inv_Value;
-
- if (!pktlen)
- {
- /* Block mode, partial bodies, with 'DEF_BLOCKSIZE' from main.h */
- rc = stream_putc (out, (0xE0 | DEF_BLOCKBITS));
- }
- else if (pktlen < 192)
- rc = stream_putc (out, pktlen);
- else if (pktlen < 8384)
- {
- pktlen -= 192;
- rc = stream_putc (out, (pktlen >> 8) + 192);
- if (!rc)
- rc = stream_putc (out, (pktlen & 0xff));
- }
- else
- {
- rc = stream_putc (out, 255);
- if (!rc)
- rc = write_32 (out, pktlen);
- }
-
- return rc;
+ cdk_error_t rc;
+
+ if (!out)
+ return CDK_Inv_Value;
+
+ if (!pktlen) {
+ /* Block mode, partial bodies, with 'DEF_BLOCKSIZE' from main.h */
+ rc = stream_putc(out, (0xE0 | DEF_BLOCKBITS));
+ } else if (pktlen < 192)
+ rc = stream_putc(out, pktlen);
+ else if (pktlen < 8384) {
+ pktlen -= 192;
+ rc = stream_putc(out, (pktlen >> 8) + 192);
+ if (!rc)
+ rc = stream_putc(out, (pktlen & 0xff));
+ } else {
+ rc = stream_putc(out, 255);
+ if (!rc)
+ rc = write_32(out, pktlen);
+ }
+
+ return rc;
}
-static cdk_error_t
-write_head_new (cdk_stream_t out, size_t size, int type)
+static cdk_error_t write_head_new(cdk_stream_t out, size_t size, int type)
{
- cdk_error_t rc;
+ cdk_error_t rc;
- if (!out)
- return CDK_Inv_Value;
+ if (!out)
+ return CDK_Inv_Value;
- if (type < 0 || type > 63)
- return CDK_Inv_Packet;
- rc = stream_putc (out, (0xC0 | type));
- if (!rc)
- rc = pkt_encode_len (out, size);
- return rc;
+ if (type < 0 || type > 63)
+ return CDK_Inv_Packet;
+ rc = stream_putc(out, (0xC0 | type));
+ if (!rc)
+ rc = pkt_encode_len(out, size);
+ return rc;
}
-static cdk_error_t
-write_head_old (cdk_stream_t out, size_t size, int type)
+static cdk_error_t write_head_old(cdk_stream_t out, size_t size, int type)
{
- cdk_error_t rc;
- int ctb;
-
- if (!out)
- return CDK_Inv_Value;
-
- if (type < 0 || type > 16)
- return CDK_Inv_Packet;
- ctb = 0x80 | (type << 2);
- if (!size)
- ctb |= 3;
- else if (size < 256)
- ;
- else if (size < 65536)
- ctb |= 1;
- else
- ctb |= 2;
- rc = stream_putc (out, ctb);
- if (!size)
- return rc;
- if (!rc)
- {
- if (size < 256)
- rc = stream_putc (out, size);
- else if (size < 65536)
- rc = write_16 (out, size);
- else
- rc = write_32 (out, size);
- }
-
- return rc;
+ cdk_error_t rc;
+ int ctb;
+
+ if (!out)
+ return CDK_Inv_Value;
+
+ if (type < 0 || type > 16)
+ return CDK_Inv_Packet;
+ ctb = 0x80 | (type << 2);
+ if (!size)
+ ctb |= 3;
+ else if (size < 256);
+ else if (size < 65536)
+ ctb |= 1;
+ else
+ ctb |= 2;
+ rc = stream_putc(out, ctb);
+ if (!size)
+ return rc;
+ if (!rc) {
+ if (size < 256)
+ rc = stream_putc(out, size);
+ else if (size < 65536)
+ rc = write_16(out, size);
+ else
+ rc = write_32(out, size);
+ }
+
+ return rc;
}
/* Write special PGP2 packet header. PGP2 (wrongly) uses two byte header
length for signatures and keys even if the size is < 256. */
-static cdk_error_t
-pkt_write_head2 (cdk_stream_t out, size_t size, int type)
+static cdk_error_t pkt_write_head2(cdk_stream_t out, size_t size, int type)
{
- cdk_error_t rc;
-
- rc = cdk_stream_putc (out, 0x80 | (type << 2) | 1);
- if (!rc)
- rc = cdk_stream_putc (out, size >> 8);
- if (!rc)
- rc = cdk_stream_putc (out, size & 0xff);
- return rc;
+ cdk_error_t rc;
+
+ rc = cdk_stream_putc(out, 0x80 | (type << 2) | 1);
+ if (!rc)
+ rc = cdk_stream_putc(out, size >> 8);
+ if (!rc)
+ rc = cdk_stream_putc(out, size & 0xff);
+ return rc;
}
static int
-pkt_write_head (cdk_stream_t out, int old_ctb, size_t size, int type)
+pkt_write_head(cdk_stream_t out, int old_ctb, size_t size, int type)
{
- if (old_ctb)
- return write_head_old (out, size, type);
- return write_head_new (out, size, type);
+ if (old_ctb)
+ return write_head_old(out, size, type);
+ return write_head_new(out, size, type);
}
static int
-write_pubkey_enc (cdk_stream_t out, cdk_pkt_pubkey_enc_t pke, int old_ctb)
+write_pubkey_enc(cdk_stream_t out, cdk_pkt_pubkey_enc_t pke, int old_ctb)
{
- size_t size;
- int rc, nenc;
-
- if (!out || !pke)
- return CDK_Inv_Value;
-
- if (pke->version < 2 || pke->version > 3)
- return CDK_Inv_Packet;
- if (!KEY_CAN_ENCRYPT (pke->pubkey_algo))
- return CDK_Inv_Algo;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_pubkey_enc:\n");
-
- nenc = cdk_pk_get_nenc (pke->pubkey_algo);
- size = 10 + calc_mpisize (pke->mpi, nenc);
- rc = pkt_write_head (out, old_ctb, size, CDK_PKT_PUBKEY_ENC);
- if (rc)
- return rc;
-
- rc = stream_putc (out, pke->version);
- if (!rc)
- rc = write_32 (out, pke->keyid[0]);
- if (!rc)
- rc = write_32 (out, pke->keyid[1]);
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (pke->pubkey_algo));
- if (!rc)
- rc = write_mpibuf (out, pke->mpi, nenc);
- return rc;
+ size_t size;
+ int rc, nenc;
+
+ if (!out || !pke)
+ return CDK_Inv_Value;
+
+ if (pke->version < 2 || pke->version > 3)
+ return CDK_Inv_Packet;
+ if (!KEY_CAN_ENCRYPT(pke->pubkey_algo))
+ return CDK_Inv_Algo;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_pubkey_enc:\n");
+
+ nenc = cdk_pk_get_nenc(pke->pubkey_algo);
+ size = 10 + calc_mpisize(pke->mpi, nenc);
+ rc = pkt_write_head(out, old_ctb, size, CDK_PKT_PUBKEY_ENC);
+ if (rc)
+ return rc;
+
+ rc = stream_putc(out, pke->version);
+ if (!rc)
+ rc = write_32(out, pke->keyid[0]);
+ if (!rc)
+ rc = write_32(out, pke->keyid[1]);
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(pke->pubkey_algo));
+ if (!rc)
+ rc = write_mpibuf(out, pke->mpi, nenc);
+ return rc;
}
-static cdk_error_t
-write_mdc (cdk_stream_t out, cdk_pkt_mdc_t mdc)
+static cdk_error_t write_mdc(cdk_stream_t out, cdk_pkt_mdc_t mdc)
{
- cdk_error_t rc;
+ cdk_error_t rc;
- if (!out || !mdc)
- return CDK_Inv_Value;
+ if (!out || !mdc)
+ return CDK_Inv_Value;
- if (DEBUG_PKT)
- _gnutls_write_log ("write_mdc:\n");
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_mdc:\n");
- /* This packet requires a fixed header encoding */
- rc = stream_putc (out, 0xD3); /* packet ID and 1 byte length */
- if (!rc)
- rc = stream_putc (out, 0x14);
- if (!rc)
- rc = stream_write (out, mdc->hash, DIM (mdc->hash));
- return rc;
+ /* This packet requires a fixed header encoding */
+ rc = stream_putc(out, 0xD3); /* packet ID and 1 byte length */
+ if (!rc)
+ rc = stream_putc(out, 0x14);
+ if (!rc)
+ rc = stream_write(out, mdc->hash, DIM(mdc->hash));
+ return rc;
}
-static size_t
-calc_subpktsize (cdk_subpkt_t s)
+static size_t calc_subpktsize(cdk_subpkt_t s)
{
- size_t nbytes;
+ size_t nbytes;
- /* In the count mode, no buffer is returned. */
- _cdk_subpkt_get_array (s, 1, &nbytes);
- return nbytes;
+ /* In the count mode, no buffer is returned. */
+ _cdk_subpkt_get_array(s, 1, &nbytes);
+ return nbytes;
}
static cdk_error_t
-write_v3_sig (cdk_stream_t out, cdk_pkt_signature_t sig, int nsig)
+write_v3_sig(cdk_stream_t out, cdk_pkt_signature_t sig, int nsig)
{
- size_t size;
- cdk_error_t rc;
-
- size = 19 + calc_mpisize (sig->mpi, nsig);
- if (is_RSA (sig->pubkey_algo))
- rc = pkt_write_head2 (out, size, CDK_PKT_SIGNATURE);
- else
- rc = pkt_write_head (out, 1, size, CDK_PKT_SIGNATURE);
- if (!rc)
- rc = stream_putc (out, sig->version);
- if (!rc)
- rc = stream_putc (out, 5);
- if (!rc)
- rc = stream_putc (out, sig->sig_class);
- if (!rc)
- rc = write_32 (out, sig->timestamp);
- if (!rc)
- rc = write_32 (out, sig->keyid[0]);
- if (!rc)
- rc = write_32 (out, sig->keyid[1]);
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
- if (!rc)
- rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
- if (!rc)
- rc = stream_putc (out, sig->digest_start[0]);
- if (!rc)
- rc = stream_putc (out, sig->digest_start[1]);
- if (!rc)
- rc = write_mpibuf (out, sig->mpi, nsig);
- return rc;
+ size_t size;
+ cdk_error_t rc;
+
+ size = 19 + calc_mpisize(sig->mpi, nsig);
+ if (is_RSA(sig->pubkey_algo))
+ rc = pkt_write_head2(out, size, CDK_PKT_SIGNATURE);
+ else
+ rc = pkt_write_head(out, 1, size, CDK_PKT_SIGNATURE);
+ if (!rc)
+ rc = stream_putc(out, sig->version);
+ if (!rc)
+ rc = stream_putc(out, 5);
+ if (!rc)
+ rc = stream_putc(out, sig->sig_class);
+ if (!rc)
+ rc = write_32(out, sig->timestamp);
+ if (!rc)
+ rc = write_32(out, sig->keyid[0]);
+ if (!rc)
+ rc = write_32(out, sig->keyid[1]);
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(sig->pubkey_algo));
+ if (!rc)
+ rc = stream_putc(out,
+ _gnutls_hash_algo_to_pgp(sig->
+ digest_algo));
+ if (!rc)
+ rc = stream_putc(out, sig->digest_start[0]);
+ if (!rc)
+ rc = stream_putc(out, sig->digest_start[1]);
+ if (!rc)
+ rc = write_mpibuf(out, sig->mpi, nsig);
+ return rc;
}
static cdk_error_t
-write_signature (cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb)
+write_signature(cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb)
{
- byte *buf;
- size_t nbytes, size, nsig;
- cdk_error_t rc;
-
- if (!out || !sig)
- return CDK_Inv_Value;
-
- if (!KEY_CAN_SIGN (sig->pubkey_algo))
- return gnutls_assert_val(CDK_Inv_Algo);
- if (sig->version < 2 || sig->version > 4)
- return gnutls_assert_val(CDK_Inv_Packet);
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_signature:\n");
-
- nsig = cdk_pk_get_nsig (sig->pubkey_algo);
- if (!nsig)
- return gnutls_assert_val(CDK_Inv_Algo);
- if (sig->version < 4)
- return write_v3_sig (out, sig, nsig);
-
- size = 10 + calc_subpktsize (sig->hashed)
- + calc_subpktsize (sig->unhashed) + calc_mpisize (sig->mpi, nsig);
-
- rc = pkt_write_head (out, 0, size, CDK_PKT_SIGNATURE);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, 4);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, sig->sig_class);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = write_16 (out, sig->hashed_size);
- if (rc)
- return gnutls_assert_val(rc);
-
- buf = _cdk_subpkt_get_array (sig->hashed, 0, &nbytes);
- if (!buf)
- return gnutls_assert_val(CDK_Out_Of_Core);
-
- rc = stream_write (out, buf, nbytes);
- cdk_free (buf);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = write_16 (out, sig->unhashed_size);
- if (rc)
- return gnutls_assert_val(rc);
-
- buf = _cdk_subpkt_get_array (sig->unhashed, 0, &nbytes);
- if (!buf)
- return gnutls_assert_val(CDK_Out_Of_Core);
-
- rc = stream_write (out, buf, nbytes);
- cdk_free (buf);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, sig->digest_start[0]);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, sig->digest_start[1]);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = write_mpibuf (out, sig->mpi, nsig);
- if (rc)
- return gnutls_assert_val(rc);
-
- return 0;
+ byte *buf;
+ size_t nbytes, size, nsig;
+ cdk_error_t rc;
+
+ if (!out || !sig)
+ return CDK_Inv_Value;
+
+ if (!KEY_CAN_SIGN(sig->pubkey_algo))
+ return gnutls_assert_val(CDK_Inv_Algo);
+ if (sig->version < 2 || sig->version > 4)
+ return gnutls_assert_val(CDK_Inv_Packet);
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_signature:\n");
+
+ nsig = cdk_pk_get_nsig(sig->pubkey_algo);
+ if (!nsig)
+ return gnutls_assert_val(CDK_Inv_Algo);
+ if (sig->version < 4)
+ return write_v3_sig(out, sig, nsig);
+
+ size = 10 + calc_subpktsize(sig->hashed)
+ + calc_subpktsize(sig->unhashed) + calc_mpisize(sig->mpi,
+ nsig);
+
+ rc = pkt_write_head(out, 0, size, CDK_PKT_SIGNATURE);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, 4);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, sig->sig_class);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, _cdk_pub_algo_to_pgp(sig->pubkey_algo));
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, _gnutls_hash_algo_to_pgp(sig->digest_algo));
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = write_16(out, sig->hashed_size);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ buf = _cdk_subpkt_get_array(sig->hashed, 0, &nbytes);
+ if (!buf)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+
+ rc = stream_write(out, buf, nbytes);
+ cdk_free(buf);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = write_16(out, sig->unhashed_size);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ buf = _cdk_subpkt_get_array(sig->unhashed, 0, &nbytes);
+ if (!buf)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+
+ rc = stream_write(out, buf, nbytes);
+ cdk_free(buf);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, sig->digest_start[0]);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, sig->digest_start[1]);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = write_mpibuf(out, sig->mpi, nsig);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ return 0;
}
static cdk_error_t
-write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk,
- int is_subkey, int old_ctb)
+write_public_key(cdk_stream_t out, cdk_pkt_pubkey_t pk,
+ int is_subkey, int old_ctb)
{
- int pkttype, ndays = 0;
- size_t npkey = 0, size = 6;
- cdk_error_t rc;
-
- if (!out || !pk)
- return CDK_Inv_Value;
-
- if (pk->version < 2 || pk->version > 4)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_public_key: subkey=%d\n", is_subkey);
-
- pkttype = is_subkey ? CDK_PKT_PUBLIC_SUBKEY : CDK_PKT_PUBLIC_KEY;
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- if (!npkey)
- return CDK_Inv_Algo;
- if (pk->version < 4)
- size += 2; /* expire date */
- if (is_subkey)
- old_ctb = 0;
- size += calc_mpisize (pk->mpi, npkey);
- if (old_ctb)
- rc = pkt_write_head2 (out, size, pkttype);
- else
- rc = pkt_write_head (out, old_ctb, size, pkttype);
- if (!rc)
- rc = stream_putc (out, pk->version);
- if (!rc)
- rc = write_32 (out, pk->timestamp);
- if (!rc && pk->version < 4)
- {
- if (pk->expiredate)
- ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
- rc = write_16 (out, ndays);
- }
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
- if (!rc)
- rc = write_mpibuf (out, pk->mpi, npkey);
- return rc;
+ int pkttype, ndays = 0;
+ size_t npkey = 0, size = 6;
+ cdk_error_t rc;
+
+ if (!out || !pk)
+ return CDK_Inv_Value;
+
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_public_key: subkey=%d\n",
+ is_subkey);
+
+ pkttype = is_subkey ? CDK_PKT_PUBLIC_SUBKEY : CDK_PKT_PUBLIC_KEY;
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ if (!npkey)
+ return CDK_Inv_Algo;
+ if (pk->version < 4)
+ size += 2; /* expire date */
+ if (is_subkey)
+ old_ctb = 0;
+ size += calc_mpisize(pk->mpi, npkey);
+ if (old_ctb)
+ rc = pkt_write_head2(out, size, pkttype);
+ else
+ rc = pkt_write_head(out, old_ctb, size, pkttype);
+ if (!rc)
+ rc = stream_putc(out, pk->version);
+ if (!rc)
+ rc = write_32(out, pk->timestamp);
+ if (!rc && pk->version < 4) {
+ if (pk->expiredate)
+ ndays =
+ (u16) ((pk->expiredate -
+ pk->timestamp) / 86400L);
+ rc = write_16(out, ndays);
+ }
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(pk->pubkey_algo));
+ if (!rc)
+ rc = write_mpibuf(out, pk->mpi, npkey);
+ return rc;
}
-static int
-calc_s2ksize (cdk_pkt_seckey_t sk)
+static int calc_s2ksize(cdk_pkt_seckey_t sk)
{
- size_t nbytes = 0;
-
- if (!sk->is_protected)
- return 0;
- switch (sk->protect.s2k->mode)
- {
- case CDK_S2K_SIMPLE:
- nbytes = 2;
- break;
- case CDK_S2K_SALTED:
- nbytes = 10;
- break;
- case CDK_S2K_ITERSALTED:
- nbytes = 11;
- break;
- case CDK_S2K_GNU_EXT:
- nbytes = 2;
- break;
- }
- nbytes += sk->protect.ivlen;
- nbytes++; /* single cipher byte */
- return nbytes;
+ size_t nbytes = 0;
+
+ if (!sk->is_protected)
+ return 0;
+ switch (sk->protect.s2k->mode) {
+ case CDK_S2K_SIMPLE:
+ nbytes = 2;
+ break;
+ case CDK_S2K_SALTED:
+ nbytes = 10;
+ break;
+ case CDK_S2K_ITERSALTED:
+ nbytes = 11;
+ break;
+ case CDK_S2K_GNU_EXT:
+ nbytes = 2;
+ break;
+ }
+ nbytes += sk->protect.ivlen;
+ nbytes++; /* single cipher byte */
+ return nbytes;
}
static cdk_error_t
-write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk,
- int is_subkey, int old_ctb)
+write_secret_key(cdk_stream_t out, cdk_pkt_seckey_t sk,
+ int is_subkey, int old_ctb)
{
- cdk_pkt_pubkey_t pk = NULL;
- size_t size = 6, npkey, nskey;
- int pkttype, s2k_mode;
- cdk_error_t rc;
-
- if (!out || !sk)
- return CDK_Inv_Value;
-
- if (!sk->pk)
- return CDK_Inv_Value;
- pk = sk->pk;
- if (pk->version < 2 || pk->version > 4)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_secret_key:\n");
-
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- nskey = cdk_pk_get_nskey (pk->pubkey_algo);
- if (!npkey || !nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
- if (pk->version < 4)
- size += 2;
- /* If the key is unprotected, the 1 extra byte:
- 1 octet - cipher algorithm byte (0x00)
- the other bytes depend on the mode:
- a) simple checksum - 2 octets
- b) sha-1 checksum - 20 octets */
- size = !sk->is_protected ? size + 1 : size + 1 + calc_s2ksize (sk);
- size += calc_mpisize (pk->mpi, npkey);
- if (sk->version == 3 || !sk->is_protected)
- {
- if (sk->version == 3)
- {
- size += 2; /* force simple checksum */
- sk->protect.sha1chk = 0;
- }
- else
- size += sk->protect.sha1chk ? 20 : 2;
- size += calc_mpisize (sk->mpi, nskey);
- }
- else /* We do not know anything about the encrypted mpi's so we
- treat the data as uint8_t. */
- size += sk->enclen;
-
- pkttype = is_subkey ? CDK_PKT_SECRET_SUBKEY : CDK_PKT_SECRET_KEY;
- rc = pkt_write_head (out, old_ctb, size, pkttype);
- if (!rc)
- rc = stream_putc (out, pk->version);
- if (!rc)
- rc = write_32 (out, pk->timestamp);
- if (!rc && pk->version < 4)
- {
- u16 ndays = 0;
- if (pk->expiredate)
- ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
- rc = write_16 (out, ndays);
- }
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
-
- if (!rc)
- rc = write_mpibuf (out, pk->mpi, npkey);
-
- if (!rc)
- {
- if (sk->is_protected == 0)
- rc = stream_putc (out, 0x00);
- else
- {
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
- else if (sk->protect.s2k)
- {
- s2k_mode = sk->protect.s2k->mode;
- rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF);
- if (!rc)
- rc =
- stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
- if (!rc)
- rc = stream_putc (out, sk->protect.s2k->mode);
- if (!rc)
- rc = stream_putc (out, sk->protect.s2k->hash_algo);
- if (!rc && (s2k_mode == 1 || s2k_mode == 3))
- {
- rc = stream_write (out, sk->protect.s2k->salt, 8);
- if (!rc && s2k_mode == 3)
- rc = stream_putc (out, sk->protect.s2k->count);
- }
- }
- else
- return CDK_Inv_Value;
- if (!rc)
- rc = stream_write (out, sk->protect.iv, sk->protect.ivlen);
- }
- }
- if (!rc && sk->is_protected && pk->version == 4)
- {
- if (sk->encdata && sk->enclen)
- rc = stream_write (out, sk->encdata, sk->enclen);
- }
- else
- {
- if (!rc)
- rc = write_mpibuf (out, sk->mpi, nskey);
- if (!rc)
- {
- if (!sk->csum)
- sk->csum = _cdk_sk_get_csum (sk);
- rc = write_16 (out, sk->csum);
- }
- }
-
- return rc;
+ cdk_pkt_pubkey_t pk = NULL;
+ size_t size = 6, npkey, nskey;
+ int pkttype, s2k_mode;
+ cdk_error_t rc;
+
+ if (!out || !sk)
+ return CDK_Inv_Value;
+
+ if (!sk->pk)
+ return CDK_Inv_Value;
+ pk = sk->pk;
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_secret_key:\n");
+
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ nskey = cdk_pk_get_nskey(pk->pubkey_algo);
+ if (!npkey || !nskey) {
+ gnutls_assert();
+ return CDK_Inv_Algo;
+ }
+ if (pk->version < 4)
+ size += 2;
+ /* If the key is unprotected, the 1 extra byte:
+ 1 octet - cipher algorithm byte (0x00)
+ the other bytes depend on the mode:
+ a) simple checksum - 2 octets
+ b) sha-1 checksum - 20 octets */
+ size = !sk->is_protected ? size + 1 : size + 1 + calc_s2ksize(sk);
+ size += calc_mpisize(pk->mpi, npkey);
+ if (sk->version == 3 || !sk->is_protected) {
+ if (sk->version == 3) {
+ size += 2; /* force simple checksum */
+ sk->protect.sha1chk = 0;
+ } else
+ size += sk->protect.sha1chk ? 20 : 2;
+ size += calc_mpisize(sk->mpi, nskey);
+ } else /* We do not know anything about the encrypted mpi's so we
+ treat the data as uint8_t. */
+ size += sk->enclen;
+
+ pkttype = is_subkey ? CDK_PKT_SECRET_SUBKEY : CDK_PKT_SECRET_KEY;
+ rc = pkt_write_head(out, old_ctb, size, pkttype);
+ if (!rc)
+ rc = stream_putc(out, pk->version);
+ if (!rc)
+ rc = write_32(out, pk->timestamp);
+ if (!rc && pk->version < 4) {
+ u16 ndays = 0;
+ if (pk->expiredate)
+ ndays =
+ (u16) ((pk->expiredate -
+ pk->timestamp) / 86400L);
+ rc = write_16(out, ndays);
+ }
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(pk->pubkey_algo));
+
+ if (!rc)
+ rc = write_mpibuf(out, pk->mpi, npkey);
+
+ if (!rc) {
+ if (sk->is_protected == 0)
+ rc = stream_putc(out, 0x00);
+ else {
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ rc = stream_putc(out,
+ _gnutls_cipher_to_pgp(sk->
+ protect.
+ algo));
+ else if (sk->protect.s2k) {
+ s2k_mode = sk->protect.s2k->mode;
+ rc = stream_putc(out,
+ sk->protect.
+ sha1chk ? 0xFE : 0xFF);
+ if (!rc)
+ rc = stream_putc(out,
+ _gnutls_cipher_to_pgp
+ (sk->protect.
+ algo));
+ if (!rc)
+ rc = stream_putc(out,
+ sk->protect.s2k->
+ mode);
+ if (!rc)
+ rc = stream_putc(out,
+ sk->protect.s2k->
+ hash_algo);
+ if (!rc
+ && (s2k_mode == 1 || s2k_mode == 3)) {
+ rc = stream_write(out,
+ sk->protect.s2k->
+ salt, 8);
+ if (!rc && s2k_mode == 3)
+ rc = stream_putc(out,
+ sk->
+ protect.
+ s2k->
+ count);
+ }
+ } else
+ return CDK_Inv_Value;
+ if (!rc)
+ rc = stream_write(out, sk->protect.iv,
+ sk->protect.ivlen);
+ }
+ }
+ if (!rc && sk->is_protected && pk->version == 4) {
+ if (sk->encdata && sk->enclen)
+ rc = stream_write(out, sk->encdata, sk->enclen);
+ } else {
+ if (!rc)
+ rc = write_mpibuf(out, sk->mpi, nskey);
+ if (!rc) {
+ if (!sk->csum)
+ sk->csum = _cdk_sk_get_csum(sk);
+ rc = write_16(out, sk->csum);
+ }
+ }
+
+ return rc;
}
static cdk_error_t
-write_compressed (cdk_stream_t out, cdk_pkt_compressed_t cd)
+write_compressed(cdk_stream_t out, cdk_pkt_compressed_t cd)
{
- cdk_error_t rc;
+ cdk_error_t rc;
- if (!out || !cd)
- return CDK_Inv_Value;
+ if (!out || !cd)
+ return CDK_Inv_Value;
- if (DEBUG_PKT)
- _gnutls_write_log ("packet: write_compressed\n");
+ if (DEBUG_PKT)
+ _gnutls_write_log("packet: write_compressed\n");
- /* Use an old (RFC1991) header for this packet. */
- rc = pkt_write_head (out, 1, 0, CDK_PKT_COMPRESSED);
- if (!rc)
- rc = stream_putc (out, cd->algorithm);
- return rc;
+ /* Use an old (RFC1991) header for this packet. */
+ rc = pkt_write_head(out, 1, 0, CDK_PKT_COMPRESSED);
+ if (!rc)
+ rc = stream_putc(out, cd->algorithm);
+ return rc;
}
static cdk_error_t
-write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb)
+write_literal(cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb)
{
- byte buf[BUFSIZE];
- size_t size;
- cdk_error_t rc;
-
- if (!out || !pt)
- return CDK_Inv_Value;
-
- /* We consider a packet without a body as an invalid packet.
- At least one octet must be present. */
- if (!pt->len)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_literal:\n");
-
- size = 6 + pt->namelen + pt->len;
- rc = pkt_write_head (out, old_ctb, size, CDK_PKT_LITERAL);
- if (rc)
- return rc;
-
- rc = stream_putc (out, pt->mode);
- if (rc)
- return rc;
- rc = stream_putc (out, pt->namelen);
- if (rc)
- return rc;
-
- if (pt->namelen > 0)
- rc = stream_write (out, pt->name, pt->namelen);
- if (!rc)
- rc = write_32 (out, pt->timestamp);
- if (rc)
- return rc;
-
- while (!cdk_stream_eof (pt->buf) && !rc)
- {
- rc = stream_read (pt->buf, buf, DIM (buf), &size);
- if (!rc)
- rc = stream_write (out, buf, size);
- }
-
- memset (buf, 0, sizeof (buf));
- return rc;
+ byte buf[BUFSIZE];
+ size_t size;
+ cdk_error_t rc;
+
+ if (!out || !pt)
+ return CDK_Inv_Value;
+
+ /* We consider a packet without a body as an invalid packet.
+ At least one octet must be present. */
+ if (!pt->len)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_literal:\n");
+
+ size = 6 + pt->namelen + pt->len;
+ rc = pkt_write_head(out, old_ctb, size, CDK_PKT_LITERAL);
+ if (rc)
+ return rc;
+
+ rc = stream_putc(out, pt->mode);
+ if (rc)
+ return rc;
+ rc = stream_putc(out, pt->namelen);
+ if (rc)
+ return rc;
+
+ if (pt->namelen > 0)
+ rc = stream_write(out, pt->name, pt->namelen);
+ if (!rc)
+ rc = write_32(out, pt->timestamp);
+ if (rc)
+ return rc;
+
+ while (!cdk_stream_eof(pt->buf) && !rc) {
+ rc = stream_read(pt->buf, buf, DIM(buf), &size);
+ if (!rc)
+ rc = stream_write(out, buf, size);
+ }
+
+ memset(buf, 0, sizeof(buf));
+ return rc;
}
static cdk_error_t
-write_onepass_sig (cdk_stream_t out, cdk_pkt_onepass_sig_t sig)
+write_onepass_sig(cdk_stream_t out, cdk_pkt_onepass_sig_t sig)
{
- cdk_error_t rc;
-
- if (!out || !sig)
- return CDK_Inv_Value;
-
- if (sig->version != 3)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_onepass_sig:\n");
-
- rc = pkt_write_head (out, 0, 13, CDK_PKT_ONEPASS_SIG);
- if (!rc)
- rc = stream_putc (out, sig->version);
- if (!rc)
- rc = stream_putc (out, sig->sig_class);
- if (!rc)
- rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
- if (!rc)
- rc = write_32 (out, sig->keyid[0]);
- if (!rc)
- rc = write_32 (out, sig->keyid[1]);
- if (!rc)
- rc = stream_putc (out, sig->last);
- return rc;
+ cdk_error_t rc;
+
+ if (!out || !sig)
+ return CDK_Inv_Value;
+
+ if (sig->version != 3)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_onepass_sig:\n");
+
+ rc = pkt_write_head(out, 0, 13, CDK_PKT_ONEPASS_SIG);
+ if (!rc)
+ rc = stream_putc(out, sig->version);
+ if (!rc)
+ rc = stream_putc(out, sig->sig_class);
+ if (!rc)
+ rc = stream_putc(out,
+ _gnutls_hash_algo_to_pgp(sig->
+ digest_algo));
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(sig->pubkey_algo));
+ if (!rc)
+ rc = write_32(out, sig->keyid[0]);
+ if (!rc)
+ rc = write_32(out, sig->keyid[1]);
+ if (!rc)
+ rc = stream_putc(out, sig->last);
+ return rc;
}
static cdk_error_t
-write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb,
- int pkttype)
+write_user_id(cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb,
+ int pkttype)
{
- cdk_error_t rc;
-
- if (!out || !id)
- return CDK_Inv_Value;
-
- if (pkttype == CDK_PKT_ATTRIBUTE)
- {
- if (!id->attrib_img)
- return CDK_Inv_Value;
- rc =
- pkt_write_head (out, old_ctb, id->attrib_len + 6, CDK_PKT_ATTRIBUTE);
- if (rc)
- return rc;
- /* Write subpacket part. */
- stream_putc (out, 255);
- write_32 (out, id->attrib_len + 1);
- stream_putc (out, 1);
- rc = stream_write (out, id->attrib_img, id->attrib_len);
- }
- else
- {
- if (!id->name)
- return CDK_Inv_Value;
- rc = pkt_write_head (out, old_ctb, id->len, CDK_PKT_USER_ID);
- if (!rc)
- rc = stream_write (out, id->name, id->len);
- }
-
- return rc;
+ cdk_error_t rc;
+
+ if (!out || !id)
+ return CDK_Inv_Value;
+
+ if (pkttype == CDK_PKT_ATTRIBUTE) {
+ if (!id->attrib_img)
+ return CDK_Inv_Value;
+ rc = pkt_write_head(out, old_ctb, id->attrib_len + 6,
+ CDK_PKT_ATTRIBUTE);
+ if (rc)
+ return rc;
+ /* Write subpacket part. */
+ stream_putc(out, 255);
+ write_32(out, id->attrib_len + 1);
+ stream_putc(out, 1);
+ rc = stream_write(out, id->attrib_img, id->attrib_len);
+ } else {
+ if (!id->name)
+ return CDK_Inv_Value;
+ rc = pkt_write_head(out, old_ctb, id->len,
+ CDK_PKT_USER_ID);
+ if (!rc)
+ rc = stream_write(out, id->name, id->len);
+ }
+
+ return rc;
}
@@ -792,109 +786,113 @@ write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb,
* Write the contents of @pkt into the @out stream.
* Return 0 on success.
**/
-cdk_error_t
-cdk_pkt_write (cdk_stream_t out, cdk_packet_t pkt)
+cdk_error_t cdk_pkt_write(cdk_stream_t out, cdk_packet_t pkt)
{
- cdk_error_t rc;
-
- if (!out || !pkt)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write packet pkttype=%d\n", pkt->pkttype);
-
- switch (pkt->pkttype)
- {
- case CDK_PKT_LITERAL:
- rc = write_literal (out, pkt->pkt.literal, pkt->old_ctb);
- break;
- case CDK_PKT_ONEPASS_SIG:
- rc = write_onepass_sig (out, pkt->pkt.onepass_sig);
- break;
- case CDK_PKT_MDC:
- rc = write_mdc (out, pkt->pkt.mdc);
- break;
- case CDK_PKT_PUBKEY_ENC:
- rc = write_pubkey_enc (out, pkt->pkt.pubkey_enc, pkt->old_ctb);
- break;
- case CDK_PKT_SIGNATURE:
- rc = write_signature (out, pkt->pkt.signature, pkt->old_ctb);
- break;
- case CDK_PKT_PUBLIC_KEY:
- rc = write_public_key (out, pkt->pkt.public_key, 0, pkt->old_ctb);
- break;
- case CDK_PKT_PUBLIC_SUBKEY:
- rc = write_public_key (out, pkt->pkt.public_key, 1, pkt->old_ctb);
- break;
- case CDK_PKT_COMPRESSED:
- rc = write_compressed (out, pkt->pkt.compressed);
- break;
- case CDK_PKT_SECRET_KEY:
- rc = write_secret_key (out, pkt->pkt.secret_key, 0, pkt->old_ctb);
- break;
- case CDK_PKT_SECRET_SUBKEY:
- rc = write_secret_key (out, pkt->pkt.secret_key, 1, pkt->old_ctb);
- break;
- case CDK_PKT_USER_ID:
- case CDK_PKT_ATTRIBUTE:
- rc = write_user_id (out, pkt->pkt.user_id, pkt->old_ctb, pkt->pkttype);
- break;
- default:
- rc = CDK_Inv_Packet;
- break;
- }
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_packet rc=%d pkttype=%d\n", rc, pkt->pkttype);
- return rc;
+ cdk_error_t rc;
+
+ if (!out || !pkt)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write packet pkttype=%d\n",
+ pkt->pkttype);
+
+ switch (pkt->pkttype) {
+ case CDK_PKT_LITERAL:
+ rc = write_literal(out, pkt->pkt.literal, pkt->old_ctb);
+ break;
+ case CDK_PKT_ONEPASS_SIG:
+ rc = write_onepass_sig(out, pkt->pkt.onepass_sig);
+ break;
+ case CDK_PKT_MDC:
+ rc = write_mdc(out, pkt->pkt.mdc);
+ break;
+ case CDK_PKT_PUBKEY_ENC:
+ rc = write_pubkey_enc(out, pkt->pkt.pubkey_enc,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_SIGNATURE:
+ rc = write_signature(out, pkt->pkt.signature,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_PUBLIC_KEY:
+ rc = write_public_key(out, pkt->pkt.public_key, 0,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_PUBLIC_SUBKEY:
+ rc = write_public_key(out, pkt->pkt.public_key, 1,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_COMPRESSED:
+ rc = write_compressed(out, pkt->pkt.compressed);
+ break;
+ case CDK_PKT_SECRET_KEY:
+ rc = write_secret_key(out, pkt->pkt.secret_key, 0,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_SECRET_SUBKEY:
+ rc = write_secret_key(out, pkt->pkt.secret_key, 1,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_USER_ID:
+ case CDK_PKT_ATTRIBUTE:
+ rc = write_user_id(out, pkt->pkt.user_id, pkt->old_ctb,
+ pkt->pkttype);
+ break;
+ default:
+ rc = CDK_Inv_Packet;
+ break;
+ }
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_packet rc=%d pkttype=%d\n", rc,
+ pkt->pkttype);
+ return rc;
}
-cdk_error_t
-_cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx)
+cdk_error_t _cdk_pkt_write2(cdk_stream_t out, int pkttype, void *pktctx)
{
- cdk_packet_t pkt;
- cdk_error_t rc;
-
- rc = cdk_pkt_new (&pkt);
- if (rc)
- return rc;
-
- switch (pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- pkt->pkt.public_key = pktctx;
- break;
- case CDK_PKT_SIGNATURE:
- pkt->pkt.signature = pktctx;
- break;
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- pkt->pkt.secret_key = pktctx;
- break;
-
- case CDK_PKT_USER_ID:
- pkt->pkt.user_id = pktctx;
- break;
- }
- pkt->pkttype = pkttype;
- rc = cdk_pkt_write (out, pkt);
- cdk_free (pkt);
- return rc;
+ cdk_packet_t pkt;
+ cdk_error_t rc;
+
+ rc = cdk_pkt_new(&pkt);
+ if (rc)
+ return rc;
+
+ switch (pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key = pktctx;
+ break;
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature = pktctx;
+ break;
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key = pktctx;
+ break;
+
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = pktctx;
+ break;
+ }
+ pkt->pkttype = pkttype;
+ rc = cdk_pkt_write(out, pkt);
+ cdk_free(pkt);
+ return rc;
}
-cdk_error_t
-_cdk_pkt_write_fp (FILE * out, cdk_packet_t pkt)
+cdk_error_t _cdk_pkt_write_fp(FILE * out, cdk_packet_t pkt)
{
- cdk_stream_t so;
- cdk_error_t rc;
-
- rc = _cdk_stream_fpopen (out, 1, &so);
- if (rc)
- return rc;
- rc = cdk_pkt_write (so, pkt);
- cdk_stream_close (so);
- return rc;
+ cdk_stream_t so;
+ cdk_error_t rc;
+
+ rc = _cdk_stream_fpopen(out, 1, &so);
+ if (rc)
+ return rc;
+ rc = cdk_pkt_write(so, pkt);
+ cdk_stream_close(so);
+ return rc;
}
diff --git a/lib/openpgp/compat.c b/lib/openpgp/compat.c
index 56472967e3..7c7bd698e4 100644
--- a/lib/openpgp/compat.c
+++ b/lib/openpgp/compat.c
@@ -44,73 +44,69 @@
* may use GnuPG for that purpose, or any other external PGP application.
-*/
int
-_gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
- const char* hostname,
- const gnutls_datum_t * cert_list,
- int cert_list_length, unsigned int *status)
+_gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t cred,
+ const char *hostname,
+ const gnutls_datum_t * cert_list,
+ int cert_list_length, unsigned int *status)
{
- int ret = 0;
- gnutls_openpgp_crt_t key = NULL;
- unsigned int verify = 0, verify_self = 0;
-
- if (!cert_list || cert_list_length != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- ret = gnutls_openpgp_crt_init (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- gnutls_openpgp_crt_import (key, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert ();
- goto leave;
- }
-
- if (cred->keyring != NULL)
- {
- ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify);
- if (ret < 0)
- {
- gnutls_assert ();
- goto leave;
- }
- }
-
- /* Now try the self signature. */
- ret = gnutls_openpgp_crt_verify_self (key, 0, &verify_self);
- if (ret < 0)
- {
- gnutls_assert ();
- goto leave;
- }
-
- *status = verify_self | verify;
-
- /* If we only checked the self signature. */
- if (!cred->keyring)
- *status |= GNUTLS_CERT_SIGNER_NOT_FOUND;
-
- if (hostname)
- {
- ret = gnutls_openpgp_crt_check_hostname(key, hostname);
- if (ret == 0)
- *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
- }
-
- ret = 0;
-
-leave:
- gnutls_openpgp_crt_deinit (key);
-
- return ret;
+ int ret = 0;
+ gnutls_openpgp_crt_t key = NULL;
+ unsigned int verify = 0, verify_self = 0;
+
+ if (!cert_list || cert_list_length != 1) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ ret = gnutls_openpgp_crt_init(&key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_openpgp_crt_import(key, &cert_list[0],
+ GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ goto leave;
+ }
+
+ if (cred->keyring != NULL) {
+ ret =
+ gnutls_openpgp_crt_verify_ring(key, cred->keyring, 0,
+ &verify);
+ if (ret < 0) {
+ gnutls_assert();
+ goto leave;
+ }
+ }
+
+ /* Now try the self signature. */
+ ret = gnutls_openpgp_crt_verify_self(key, 0, &verify_self);
+ if (ret < 0) {
+ gnutls_assert();
+ goto leave;
+ }
+
+ *status = verify_self | verify;
+
+ /* If we only checked the self signature. */
+ if (!cred->keyring)
+ *status |= GNUTLS_CERT_SIGNER_NOT_FOUND;
+
+ if (hostname) {
+ ret = gnutls_openpgp_crt_check_hostname(key, hostname);
+ if (ret == 0)
+ *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
+ }
+
+ ret = 0;
+
+ leave:
+ gnutls_openpgp_crt_deinit(key);
+
+ return ret;
}
/*-
@@ -123,35 +119,32 @@ leave:
* the fingerprint can be 16 or 20 bytes.
-*/
int
-_gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
- unsigned char *fpr, size_t * fprlen)
+_gnutls_openpgp_fingerprint(const gnutls_datum_t * cert,
+ unsigned char *fpr, size_t * fprlen)
{
- gnutls_openpgp_crt_t key;
- int ret;
-
- ret = gnutls_openpgp_crt_init (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_openpgp_crt_get_fingerprint (key, fpr, fprlen);
- gnutls_openpgp_crt_deinit (key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ gnutls_openpgp_crt_t key;
+ int ret;
+
+ ret = gnutls_openpgp_crt_init(&key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_get_fingerprint(key, fpr, fprlen);
+ gnutls_openpgp_crt_deinit(key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/*-
@@ -161,31 +154,29 @@ _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
* Returns the timestamp when the OpenPGP key was created.
-*/
time_t
-_gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert)
+_gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t * cert)
{
- gnutls_openpgp_crt_t key;
- int ret;
- time_t tim;
+ gnutls_openpgp_crt_t key;
+ int ret;
+ time_t tim;
- ret = gnutls_openpgp_crt_init (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_init(&key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- tim = gnutls_openpgp_crt_get_creation_time (key);
+ tim = gnutls_openpgp_crt_get_creation_time(key);
- gnutls_openpgp_crt_deinit (key);
+ gnutls_openpgp_crt_deinit(key);
- return tim;
+ return tim;
}
@@ -197,29 +188,27 @@ _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert)
* that the key doesn't expire at all.
-*/
time_t
-_gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * cert)
+_gnutls_openpgp_get_raw_key_expiration_time(const gnutls_datum_t * cert)
{
- gnutls_openpgp_crt_t key;
- int ret;
- time_t tim;
+ gnutls_openpgp_crt_t key;
+ int ret;
+ time_t tim;
- ret = gnutls_openpgp_crt_init (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_init(&key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- tim = gnutls_openpgp_crt_get_expiration_time (key);
+ tim = gnutls_openpgp_crt_get_expiration_time(key);
- gnutls_openpgp_crt_deinit (key);
+ gnutls_openpgp_crt_deinit(key);
- return tim;
+ return tim;
}
diff --git a/lib/openpgp/extras.c b/lib/openpgp/extras.c
index d7b342c017..65bb488172 100644
--- a/lib/openpgp/extras.c
+++ b/lib/openpgp/extras.c
@@ -42,14 +42,13 @@
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring)
+int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * keyring)
{
- *keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int));
+ *keyring = gnutls_calloc(1, sizeof(gnutls_openpgp_keyring_int));
- if (*keyring)
- return 0; /* success */
- return GNUTLS_E_MEMORY_ERROR;
+ if (*keyring)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
}
@@ -59,19 +58,17 @@ gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring)
*
* This function will deinitialize a keyring structure.
**/
-void
-gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring)
+void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t keyring)
{
- if (!keyring)
- return;
+ if (!keyring)
+ return;
- if (keyring->db)
- {
- cdk_keydb_free (keyring->db);
- keyring->db = NULL;
- }
+ if (keyring->db) {
+ cdk_keydb_free(keyring->db);
+ keyring->db = NULL;
+ }
- gnutls_free (keyring);
+ gnutls_free(keyring);
}
/**
@@ -86,24 +83,24 @@ gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring)
* negative error code on failure.
**/
int
-gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring,
+ const gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
- cdk_pkt_pubkey_t pk;
- uint32_t id[2];
+ cdk_pkt_pubkey_t pk;
+ uint32_t id[2];
- id[0] = _gnutls_read_uint32 (keyid);
- id[1] = _gnutls_read_uint32 (&keyid[4]);
+ id[0] = _gnutls_read_uint32(keyid);
+ id[1] = _gnutls_read_uint32(&keyid[4]);
- if (!cdk_keydb_get_pk (ring->db, id, &pk))
- {
- cdk_pk_release (pk);
- return 0;
- }
+ if (!cdk_keydb_get_pk(ring->db, id, &pk)) {
+ cdk_pk_release(pk);
+ return 0;
+ }
- _gnutls_debug_log ("PGP: key not found %08lX\n", (unsigned long) id[1]);
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ _gnutls_debug_log("PGP: key not found %08lX\n",
+ (unsigned long) id[1]);
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
}
/**
@@ -119,87 +116,84 @@ gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format)
{
- cdk_error_t err;
- cdk_stream_t input = NULL;
- size_t raw_len = 0;
- uint8_t *raw_data = NULL;
-
- if (data->data == NULL || data->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- _gnutls_debug_log ("PGP: keyring import format '%s'\n",
- format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64");
-
- /* Create a new stream from the given data, decode it, and import
- * the raw database. This to avoid using opencdk streams which are
- * not thread safe.
- */
- if (format == GNUTLS_OPENPGP_FMT_BASE64)
- {
- size_t written = 0;
-
- err = cdk_stream_tmp_from_mem (data->data, data->size, &input);
- if (err == 0)
- err = cdk_stream_set_armor_flag (input, 0);
- if (err)
- {
- gnutls_assert ();
- err = _gnutls_map_cdk_rc (err);
- goto error;
- }
-
- raw_len = cdk_stream_get_length (input);
- if (raw_len == 0)
- {
- gnutls_assert ();
- err = GNUTLS_E_BASE64_DECODING_ERROR;
- goto error;
- }
-
- raw_data = gnutls_malloc (raw_len);
- if (raw_data == NULL)
- {
- gnutls_assert ();
- err = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- do
- {
- err =
- cdk_stream_read (input, raw_data + written, raw_len - written);
-
- if (err > 0)
- written += err;
- }
- while (written < raw_len && err != EOF && err > 0);
-
- raw_len = written;
- }
- else
- { /* RAW */
- raw_len = data->size;
- raw_data = data->data;
- }
-
- err = cdk_keydb_new_from_mem (&keyring->db, 0, 0, raw_data, raw_len);
- if (err)
- gnutls_assert ();
-
- return _gnutls_map_cdk_rc (err);
-
-error:
- gnutls_free (raw_data);
- cdk_stream_close (input);
-
- return err;
+ cdk_error_t err;
+ cdk_stream_t input = NULL;
+ size_t raw_len = 0;
+ uint8_t *raw_data = NULL;
+
+ if (data->data == NULL || data->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ _gnutls_debug_log("PGP: keyring import format '%s'\n",
+ format ==
+ GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64");
+
+ /* Create a new stream from the given data, decode it, and import
+ * the raw database. This to avoid using opencdk streams which are
+ * not thread safe.
+ */
+ if (format == GNUTLS_OPENPGP_FMT_BASE64) {
+ size_t written = 0;
+
+ err =
+ cdk_stream_tmp_from_mem(data->data, data->size,
+ &input);
+ if (err == 0)
+ err = cdk_stream_set_armor_flag(input, 0);
+ if (err) {
+ gnutls_assert();
+ err = _gnutls_map_cdk_rc(err);
+ goto error;
+ }
+
+ raw_len = cdk_stream_get_length(input);
+ if (raw_len == 0) {
+ gnutls_assert();
+ err = GNUTLS_E_BASE64_DECODING_ERROR;
+ goto error;
+ }
+
+ raw_data = gnutls_malloc(raw_len);
+ if (raw_data == NULL) {
+ gnutls_assert();
+ err = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ do {
+ err =
+ cdk_stream_read(input, raw_data + written,
+ raw_len - written);
+
+ if (err > 0)
+ written += err;
+ }
+ while (written < raw_len && err != EOF && err > 0);
+
+ raw_len = written;
+ } else { /* RAW */
+ raw_len = data->size;
+ raw_data = data->data;
+ }
+
+ err =
+ cdk_keydb_new_from_mem(&keyring->db, 0, 0, raw_data, raw_len);
+ if (err)
+ gnutls_assert();
+
+ return _gnutls_map_cdk_rc(err);
+
+ error:
+ gnutls_free(raw_data);
+ cdk_stream_close(input);
+
+ return err;
}
#define knode_is_pkey(node) \
@@ -214,41 +208,38 @@ error:
*
* Returns: the number of subkeys, or a negative error code on error.
**/
-int
-gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring)
+int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t ring)
{
- cdk_kbnode_t knode;
- cdk_error_t err;
- cdk_keydb_search_t st;
- int ret = 0;
-
- err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
- if (err != CDK_Success)
- {
- gnutls_assert ();
- return _gnutls_map_cdk_rc (err);
- }
-
- do
- {
- err = cdk_keydb_search (st, ring->db, &knode);
- if (err != CDK_Error_No_Key && err != CDK_Success)
- {
- gnutls_assert ();
- cdk_keydb_search_release (st);
- return _gnutls_map_cdk_rc (err);
- }
-
- if (knode_is_pkey (knode))
- ret++;
-
- cdk_kbnode_release (knode);
-
- }
- while (err != CDK_Error_No_Key);
-
- cdk_keydb_search_release (st);
- return ret;
+ cdk_kbnode_t knode;
+ cdk_error_t err;
+ cdk_keydb_search_t st;
+ int ret = 0;
+
+ err =
+ cdk_keydb_search_start(&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
+ if (err != CDK_Success) {
+ gnutls_assert();
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ do {
+ err = cdk_keydb_search(st, ring->db, &knode);
+ if (err != CDK_Error_No_Key && err != CDK_Success) {
+ gnutls_assert();
+ cdk_keydb_search_release(st);
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ if (knode_is_pkey(knode))
+ ret++;
+
+ cdk_kbnode_release(knode);
+
+ }
+ while (err != CDK_Error_No_Key);
+
+ cdk_keydb_search_release(st);
+ return ret;
}
/**
@@ -265,49 +256,47 @@ gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
- unsigned int idx, gnutls_openpgp_crt_t * cert)
+gnutls_openpgp_keyring_get_crt(gnutls_openpgp_keyring_t ring,
+ unsigned int idx,
+ gnutls_openpgp_crt_t * cert)
{
- cdk_kbnode_t knode;
- cdk_error_t err;
- int ret = 0;
- unsigned int count = 0;
- cdk_keydb_search_t st;
-
- err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
- if (err != CDK_Success)
- {
- gnutls_assert ();
- return _gnutls_map_cdk_rc (err);
- }
-
- do
- {
- err = cdk_keydb_search (st, ring->db, &knode);
- if (err != CDK_EOF && err != CDK_Success)
- {
- gnutls_assert ();
- cdk_keydb_search_release (st);
- return _gnutls_map_cdk_rc (err);
- }
-
- if (idx == count && err == CDK_Success)
- {
- ret = gnutls_openpgp_crt_init (cert);
- if (ret == 0)
- (*cert)->knode = knode;
- cdk_keydb_search_release (st);
- return ret;
- }
-
- if (knode_is_pkey (knode))
- count++;
-
- cdk_kbnode_release (knode);
-
- }
- while (err != CDK_EOF);
-
- cdk_keydb_search_release (st);
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ cdk_kbnode_t knode;
+ cdk_error_t err;
+ int ret = 0;
+ unsigned int count = 0;
+ cdk_keydb_search_t st;
+
+ err =
+ cdk_keydb_search_start(&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
+ if (err != CDK_Success) {
+ gnutls_assert();
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ do {
+ err = cdk_keydb_search(st, ring->db, &knode);
+ if (err != CDK_EOF && err != CDK_Success) {
+ gnutls_assert();
+ cdk_keydb_search_release(st);
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ if (idx == count && err == CDK_Success) {
+ ret = gnutls_openpgp_crt_init(cert);
+ if (ret == 0)
+ (*cert)->knode = knode;
+ cdk_keydb_search_release(st);
+ return ret;
+ }
+
+ if (knode_is_pkey(knode))
+ count++;
+
+ cdk_kbnode_release(knode);
+
+ }
+ while (err != CDK_EOF);
+
+ cdk_keydb_search_release(st);
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index cbc0da7a98..7c05e1fbfc 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -35,32 +35,30 @@
#include <sys/stat.h>
/* Map an OpenCDK error type to a GnuTLS error type. */
-int
-_gnutls_map_cdk_rc (int rc)
+int _gnutls_map_cdk_rc(int rc)
{
- switch (rc)
- {
- case CDK_Success:
- return 0;
- case CDK_EOF:
- return GNUTLS_E_PARSING_ERROR;
- case CDK_Too_Short:
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- case CDK_General_Error:
- return GNUTLS_E_INTERNAL_ERROR;
- case CDK_File_Error:
- return GNUTLS_E_FILE_ERROR;
- case CDK_MPI_Error:
- return GNUTLS_E_MPI_SCAN_FAILED;
- case CDK_Error_No_Key:
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- case CDK_Armor_Error:
- return GNUTLS_E_BASE64_DECODING_ERROR;
- case CDK_Inv_Value:
- return GNUTLS_E_INVALID_REQUEST;
- default:
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ switch (rc) {
+ case CDK_Success:
+ return 0;
+ case CDK_EOF:
+ return GNUTLS_E_PARSING_ERROR;
+ case CDK_Too_Short:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ case CDK_General_Error:
+ return GNUTLS_E_INTERNAL_ERROR;
+ case CDK_File_Error:
+ return GNUTLS_E_FILE_ERROR;
+ case CDK_MPI_Error:
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ case CDK_Error_No_Key:
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ case CDK_Armor_Error:
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ case CDK_Inv_Value:
+ return GNUTLS_E_INVALID_REQUEST;
+ default:
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
/**
@@ -82,95 +80,90 @@ _gnutls_map_cdk_rc (int rc)
* otherwise a negative error code is returned.
**/
int
-gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_privkey_t pkey)
+gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t res,
+ gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_privkey_t pkey)
{
- int ret, ret2, i;
- gnutls_privkey_t privkey;
- gnutls_pcert_st *ccert = NULL;
- char name[MAX_CN];
- size_t max_size;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- /* this should be first */
-
- ret = gnutls_privkey_init (&privkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- gnutls_privkey_import_openpgp (privkey, pkey,
- GNUTLS_PRIVKEY_IMPORT_COPY);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ccert = gnutls_calloc (1, sizeof (gnutls_pcert_st));
- if (ccert == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- max_size = sizeof(name);
- ret = 0;
- for (i = 0; !(ret < 0); i++)
- {
- ret = gnutls_openpgp_crt_get_name(crt, i, name, &max_size);
- if (ret >= 0)
- {
- ret2 = _gnutls_str_array_append(&names, name, max_size);
- if (ret2 < 0)
- {
- gnutls_assert();
- ret = ret2;
- goto cleanup;
- }
- }
- }
-
- ret = gnutls_pcert_import_openpgp (ccert, crt, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credentials_append_pkey (res, privkey);
- if (ret >= 0)
- ret = certificate_credential_append_crt_list (res, names, ccert, 1);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- res->ncerts++;
-
- ret = _gnutls_check_key_cert_match (res);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-cleanup:
- gnutls_privkey_deinit (privkey);
- gnutls_free (ccert);
- _gnutls_str_array_clear(&names);
- return ret;
+ int ret, ret2, i;
+ gnutls_privkey_t privkey;
+ gnutls_pcert_st *ccert = NULL;
+ char name[MAX_CN];
+ size_t max_size;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ /* this should be first */
+
+ ret = gnutls_privkey_init(&privkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_privkey_import_openpgp(privkey, pkey,
+ GNUTLS_PRIVKEY_IMPORT_COPY);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ccert = gnutls_calloc(1, sizeof(gnutls_pcert_st));
+ if (ccert == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ max_size = sizeof(name);
+ ret = 0;
+ for (i = 0; !(ret < 0); i++) {
+ ret = gnutls_openpgp_crt_get_name(crt, i, name, &max_size);
+ if (ret >= 0) {
+ ret2 =
+ _gnutls_str_array_append(&names, name,
+ max_size);
+ if (ret2 < 0) {
+ gnutls_assert();
+ ret = ret2;
+ goto cleanup;
+ }
+ }
+ }
+
+ ret = gnutls_pcert_import_openpgp(ccert, crt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = certificate_credentials_append_pkey(res, privkey);
+ if (ret >= 0)
+ ret =
+ certificate_credential_append_crt_list(res, names,
+ ccert, 1);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ res->ncerts++;
+
+ ret = _gnutls_check_key_cert_match(res);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_privkey_deinit(privkey);
+ gnutls_free(ccert);
+ _gnutls_str_array_clear(&names);
+ return ret;
}
/*-
@@ -184,67 +177,60 @@ cleanup:
* from a binary or a file keyring.
-*/
int
-gnutls_openpgp_get_key (gnutls_datum_t * key,
- gnutls_openpgp_keyring_t keyring, key_attr_t by,
- uint8_t * pattern)
+gnutls_openpgp_get_key(gnutls_datum_t * key,
+ gnutls_openpgp_keyring_t keyring, key_attr_t by,
+ uint8_t * pattern)
{
- cdk_kbnode_t knode = NULL;
- unsigned long keyid[2];
- unsigned char *buf;
- void *desc;
- size_t len;
- int rc = 0;
- cdk_keydb_search_t st;
-
- if (!key || !keyring || by == KEY_ATTR_NONE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- memset (key, 0, sizeof *key);
-
- if (by == KEY_ATTR_SHORT_KEYID)
- {
- keyid[0] = _gnutls_read_uint32 (pattern);
- desc = keyid;
- }
- else if (by == KEY_ATTR_KEYID)
- {
- keyid[0] = _gnutls_read_uint32 (pattern);
- keyid[1] = _gnutls_read_uint32 (pattern + 4);
- desc = keyid;
- }
- else
- desc = pattern;
- rc = cdk_keydb_search_start (&st, keyring->db, by, desc);
- if (!rc)
- rc = cdk_keydb_search (st, keyring->db, &knode);
-
- cdk_keydb_search_release (st);
-
- if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- goto leave;
- }
-
- if (!cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY))
- {
- rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
- goto leave;
- }
-
- /* We let the function allocate the buffer to avoid
- to call the function twice. */
- rc = cdk_kbnode_write_to_mem_alloc (knode, &buf, &len);
- if (!rc)
- _gnutls_datum_append (key, buf, len);
- gnutls_free (buf);
-
-leave:
- cdk_kbnode_release (knode);
- return rc;
+ cdk_kbnode_t knode = NULL;
+ unsigned long keyid[2];
+ unsigned char *buf;
+ void *desc;
+ size_t len;
+ int rc = 0;
+ cdk_keydb_search_t st;
+
+ if (!key || !keyring || by == KEY_ATTR_NONE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset(key, 0, sizeof *key);
+
+ if (by == KEY_ATTR_SHORT_KEYID) {
+ keyid[0] = _gnutls_read_uint32(pattern);
+ desc = keyid;
+ } else if (by == KEY_ATTR_KEYID) {
+ keyid[0] = _gnutls_read_uint32(pattern);
+ keyid[1] = _gnutls_read_uint32(pattern + 4);
+ desc = keyid;
+ } else
+ desc = pattern;
+ rc = cdk_keydb_search_start(&st, keyring->db, by, desc);
+ if (!rc)
+ rc = cdk_keydb_search(st, keyring->db, &knode);
+
+ cdk_keydb_search_release(st);
+
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ goto leave;
+ }
+
+ if (!cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY)) {
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ goto leave;
+ }
+
+ /* We let the function allocate the buffer to avoid
+ to call the function twice. */
+ rc = cdk_kbnode_write_to_mem_alloc(knode, &buf, &len);
+ if (!rc)
+ _gnutls_datum_append(key, buf, len);
+ gnutls_free(buf);
+
+ leave:
+ cdk_kbnode_release(knode);
+ return rc;
}
/**
@@ -261,13 +247,13 @@ leave:
* negative error value.
**/
int
-gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_key_mem(gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_openpgp_crt_fmt_t format)
{
- return gnutls_certificate_set_openpgp_key_mem2 (res, cert, key,
- NULL, format);
+ return gnutls_certificate_set_openpgp_key_mem2(res, cert, key,
+ NULL, format);
}
/**
@@ -284,34 +270,33 @@ gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res,
* negative error value.
**/
int
-gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t res,
- const char *certfile,
- const char *keyfile,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_key_file(gnutls_certificate_credentials_t
+ res, const char *certfile,
+ const char *keyfile,
+ gnutls_openpgp_crt_fmt_t format)
{
- return gnutls_certificate_set_openpgp_key_file2 (res, certfile,
- keyfile, NULL, format);
+ return gnutls_certificate_set_openpgp_key_file2(res, certfile,
+ keyfile, NULL,
+ format);
}
-static int
-get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
+static int get_keyid(gnutls_openpgp_keyid_t keyid, const char *str)
{
- size_t keyid_size = GNUTLS_OPENPGP_KEYID_SIZE;
-
- if (strlen (str) != 16)
- {
- _gnutls_debug_log
- ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (_gnutls_hex2bin (str, strlen (str), keyid, &keyid_size) < 0)
- {
- _gnutls_debug_log ("Error converting hex string: %s.\n", str);
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ size_t keyid_size = GNUTLS_OPENPGP_KEYID_SIZE;
+
+ if (strlen(str) != 16) {
+ _gnutls_debug_log
+ ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (_gnutls_hex2bin(str, strlen(str), keyid, &keyid_size) < 0) {
+ _gnutls_debug_log("Error converting hex string: %s.\n",
+ str);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
/**
@@ -335,81 +320,80 @@ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
* Since: 2.4.0
**/
int
-gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_key_mem2(gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format)
{
- gnutls_openpgp_privkey_t pkey;
- gnutls_openpgp_crt_t crt;
- int ret;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret = gnutls_openpgp_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- return ret;
- }
-
- ret = gnutls_openpgp_crt_init (&crt);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- return ret;
- }
-
- ret = gnutls_openpgp_crt_import (crt, cert, format);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- gnutls_openpgp_crt_deinit (crt);
- return ret;
- }
-
- if (subkey_id != NULL)
- {
- if (strcasecmp (subkey_id, "auto") == 0)
- ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
- else
- ret = get_keyid (keyid, subkey_id);
-
- if (ret < 0)
- gnutls_assert ();
-
- if (ret >= 0)
- {
- ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
- if (ret >= 0)
- ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- gnutls_openpgp_crt_deinit (crt);
- return ret;
- }
- }
-
- ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
-
- gnutls_openpgp_crt_deinit (crt);
- gnutls_openpgp_privkey_deinit (pkey);
-
- return ret;
+ gnutls_openpgp_privkey_t pkey;
+ gnutls_openpgp_crt_t crt;
+ int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret = gnutls_openpgp_privkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_privkey_import(pkey, key, format, NULL, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_openpgp_privkey_deinit(pkey);
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_openpgp_privkey_deinit(pkey);
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import(crt, cert, format);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_openpgp_privkey_deinit(pkey);
+ gnutls_openpgp_crt_deinit(crt);
+ return ret;
+ }
+
+ if (subkey_id != NULL) {
+ if (strcasecmp(subkey_id, "auto") == 0)
+ ret =
+ gnutls_openpgp_crt_get_auth_subkey(crt, keyid,
+ 1);
+ else
+ ret = get_keyid(keyid, subkey_id);
+
+ if (ret < 0)
+ gnutls_assert();
+
+ if (ret >= 0) {
+ ret =
+ gnutls_openpgp_crt_set_preferred_key_id(crt,
+ keyid);
+ if (ret >= 0)
+ ret =
+ gnutls_openpgp_privkey_set_preferred_key_id
+ (pkey, keyid);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_openpgp_privkey_deinit(pkey);
+ gnutls_openpgp_crt_deinit(crt);
+ return ret;
+ }
+ }
+
+ ret = gnutls_certificate_set_openpgp_key(res, crt, pkey);
+
+ gnutls_openpgp_crt_deinit(crt);
+ gnutls_openpgp_privkey_deinit(pkey);
+
+ return ret;
}
/**
@@ -433,95 +417,85 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
* Since: 2.4.0
**/
int
-gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_key_file2(gnutls_certificate_credentials_t
+ res, const char *certfile,
+ const char *keyfile,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format)
{
- struct stat statbuf;
- gnutls_datum_t key, cert;
- int rc;
- size_t size;
-
- if (!res || !keyfile || !certfile)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (stat (certfile, &statbuf) || stat (keyfile, &statbuf))
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- cert.data = (void*)read_binary_file (certfile, &size);
- cert.size = (unsigned int) size;
- if (cert.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- key.data = (void*)read_binary_file (keyfile, &size);
- key.size = (unsigned int) size;
- if (key.data == NULL)
- {
- gnutls_assert ();
- free (cert.data);
- return GNUTLS_E_FILE_ERROR;
- }
-
- rc =
- gnutls_certificate_set_openpgp_key_mem2 (res, &cert, &key, subkey_id,
- format);
-
- free (cert.data);
- free (key.data);
-
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- return 0;
+ struct stat statbuf;
+ gnutls_datum_t key, cert;
+ int rc;
+ size_t size;
+
+ if (!res || !keyfile || !certfile) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (stat(certfile, &statbuf) || stat(keyfile, &statbuf)) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ cert.data = (void *) read_binary_file(certfile, &size);
+ cert.size = (unsigned int) size;
+ if (cert.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ key.data = (void *) read_binary_file(keyfile, &size);
+ key.size = (unsigned int) size;
+ if (key.data == NULL) {
+ gnutls_assert();
+ free(cert.data);
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ rc = gnutls_certificate_set_openpgp_key_mem2(res, &cert, &key,
+ subkey_id, format);
+
+ free(cert.data);
+ free(key.data);
+
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ return 0;
}
-int
-gnutls_openpgp_count_key_names (const gnutls_datum_t * cert)
+int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert)
{
- cdk_kbnode_t knode, p, ctx;
- cdk_packet_t pkt;
- int nuids;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return 0;
- }
-
- if (cdk_kbnode_read_from_mem (&knode, 0, cert->data, cert->size))
- {
- gnutls_assert ();
- return 0;
- }
-
- ctx = NULL;
- for (nuids = 0;;)
- {
- p = cdk_kbnode_walk (knode, &ctx, 0);
- if (!p)
- break;
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_USER_ID)
- nuids++;
- }
-
- cdk_kbnode_release (knode);
- return nuids;
+ cdk_kbnode_t knode, p, ctx;
+ cdk_packet_t pkt;
+ int nuids;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return 0;
+ }
+
+ if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size)) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ctx = NULL;
+ for (nuids = 0;;) {
+ p = cdk_kbnode_walk(knode, &ctx, 0);
+ if (!p)
+ break;
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_USER_ID)
+ nuids++;
+ }
+
+ cdk_kbnode_release(knode);
+ return nuids;
}
/**
@@ -539,35 +513,32 @@ gnutls_openpgp_count_key_names (const gnutls_datum_t * cert)
* negative error value.
**/
int
-gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c,
- const char *file,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_keyring_file
+(gnutls_certificate_credentials_t c, const char *file,
+ gnutls_openpgp_crt_fmt_t format)
{
- gnutls_datum_t ring;
- size_t size;
- int rc;
-
- if (!c || !file)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ring.data = (void*)read_binary_file (file, &size);
- ring.size = (unsigned int) size;
- if (ring.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- rc =
- gnutls_certificate_set_openpgp_keyring_mem (c, ring.data, ring.size,
- format);
-
- free (ring.data);
-
- return rc;
+ gnutls_datum_t ring;
+ size_t size;
+ int rc;
+
+ if (!c || !file) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ring.data = (void *) read_binary_file(file, &size);
+ ring.size = (unsigned int) size;
+ if (ring.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ rc = gnutls_certificate_set_openpgp_keyring_mem(c, ring.data,
+ ring.size, format);
+
+ free(ring.data);
+
+ return rc;
}
/**
@@ -586,39 +557,36 @@ gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c,
* negative error value.
**/
int
-gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t
- c, const uint8_t * data,
- size_t dlen,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_keyring_mem(gnutls_certificate_credentials_t
+ c, const uint8_t * data,
+ size_t dlen,
+ gnutls_openpgp_crt_fmt_t format)
{
- gnutls_datum_t ddata;
- int rc;
-
- ddata.data = (void *) data;
- ddata.size = dlen;
-
- if (!c || !data || !dlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- rc = gnutls_openpgp_keyring_init (&c->keyring);
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = gnutls_openpgp_keyring_import (c->keyring, &ddata, format);
- if (rc < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_keyring_deinit (c->keyring);
- return rc;
- }
-
- return 0;
+ gnutls_datum_t ddata;
+ int rc;
+
+ ddata.data = (void *) data;
+ ddata.size = dlen;
+
+ if (!c || !data || !dlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ rc = gnutls_openpgp_keyring_init(&c->keyring);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = gnutls_openpgp_keyring_import(c->keyring, &ddata, format);
+ if (rc < 0) {
+ gnutls_assert();
+ gnutls_openpgp_keyring_deinit(c->keyring);
+ return rc;
+ }
+
+ return 0;
}
/*-
@@ -633,48 +601,45 @@ gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t
*
-*/
int
-_gnutls_openpgp_request_key (gnutls_session_t session, gnutls_datum_t * ret,
- const gnutls_certificate_credentials_t cred,
- uint8_t * key_fpr, int key_fpr_size)
+_gnutls_openpgp_request_key(gnutls_session_t session, gnutls_datum_t * ret,
+ const gnutls_certificate_credentials_t cred,
+ uint8_t * key_fpr, int key_fpr_size)
{
- int rc = 0;
-
- if (!ret || !cred || !key_fpr)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key_fpr_size != 16 && key_fpr_size != 20)
- return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
-
- rc = gnutls_openpgp_get_key (ret, cred->keyring, KEY_ATTR_FPR, key_fpr);
-
- if (rc >= 0) /* key was found */
- {
- rc = 0;
- goto error;
- }
- else
- rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
-
- /* If the callback function was set, then try this one. */
- if (session->internals.openpgp_recv_key_func != NULL)
- {
- rc = session->internals.openpgp_recv_key_func (session,
- key_fpr,
- key_fpr_size, ret);
- if (rc < 0)
- {
- gnutls_assert ();
- rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
- goto error;
- }
- }
-
-error:
-
- return rc;
+ int rc = 0;
+
+ if (!ret || !cred || !key_fpr) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key_fpr_size != 16 && key_fpr_size != 20)
+ return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
+
+ rc = gnutls_openpgp_get_key(ret, cred->keyring, KEY_ATTR_FPR,
+ key_fpr);
+
+ if (rc >= 0) { /* key was found */
+ rc = 0;
+ goto error;
+ } else
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ /* If the callback function was set, then try this one. */
+ if (session->internals.openpgp_recv_key_func != NULL) {
+ rc = session->internals.openpgp_recv_key_func(session,
+ key_fpr,
+ key_fpr_size,
+ ret);
+ if (rc < 0) {
+ gnutls_assert();
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ goto error;
+ }
+ }
+
+ error:
+
+ return rc;
}
/**
@@ -690,9 +655,8 @@ error:
*
**/
void
-gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
- gnutls_openpgp_recv_key_func func)
+gnutls_openpgp_set_recv_key_function(gnutls_session_t session,
+ gnutls_openpgp_recv_key_func func)
{
- session->internals.openpgp_recv_key_func = func;
+ session->internals.openpgp_recv_key_func = func;
}
-
diff --git a/lib/openpgp/gnutls_openpgp.h b/lib/openpgp/gnutls_openpgp.h
index 49027e3e5d..8bd04dd735 100644
--- a/lib/openpgp/gnutls_openpgp.h
+++ b/lib/openpgp/gnutls_openpgp.h
@@ -32,53 +32,53 @@
#include <gnutls/abstract.h>
/* OpenCDK compatible */
-typedef enum
-{
- KEY_ATTR_NONE = 0,
- KEY_ATTR_SHORT_KEYID = 3,
- KEY_ATTR_KEYID = 4,
- KEY_ATTR_FPR = 5
+typedef enum {
+ KEY_ATTR_NONE = 0,
+ KEY_ATTR_SHORT_KEYID = 3,
+ KEY_ATTR_KEYID = 4,
+ KEY_ATTR_FPR = 5
} key_attr_t;
-int gnutls_openpgp_count_key_names (const gnutls_datum_t * cert);
+int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert);
-int gnutls_openpgp_get_key (gnutls_datum_t * key,
- gnutls_openpgp_keyring_t keyring,
- key_attr_t by, uint8_t * pattern);
+int gnutls_openpgp_get_key(gnutls_datum_t * key,
+ gnutls_openpgp_keyring_t keyring,
+ key_attr_t by, uint8_t * pattern);
/* internal */
int
-_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src);
+_gnutls_openpgp_privkey_cpy(gnutls_openpgp_privkey_t dest,
+ gnutls_openpgp_privkey_t src);
int
-_gnutls_openpgp_request_key (gnutls_session_t,
- gnutls_datum_t * ret,
- const gnutls_certificate_credentials_t cred,
- uint8_t * key_fpr, int key_fpr_size);
+_gnutls_openpgp_request_key(gnutls_session_t,
+ gnutls_datum_t * ret,
+ const gnutls_certificate_credentials_t cred,
+ uint8_t * key_fpr, int key_fpr_size);
-int _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t,
- const char* hostname,
- const gnutls_datum_t * cert_list,
- int cert_list_length, unsigned int *status);
-int _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
- unsigned char *fpr, size_t * fprlen);
-time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t *
- cert);
-time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t *
- cert);
+int _gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t,
+ const char *hostname,
+ const gnutls_datum_t * cert_list,
+ int cert_list_length, unsigned int *status);
+int _gnutls_openpgp_fingerprint(const gnutls_datum_t * cert,
+ unsigned char *fpr, size_t * fprlen);
+time_t _gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t *
+ cert);
+time_t _gnutls_openpgp_get_raw_key_expiration_time(const gnutls_datum_t *
+ cert);
int
-_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+_gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
int
-_gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+_gnutls_openpgp_privkey_decrypt_data(gnutls_openpgp_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
-#endif /*GNUTLS_OPENPGP_LOCAL_H */
+#endif /*GNUTLS_OPENPGP_LOCAL_H */
-#endif /*ENABLE_OPENPGP */
+#endif /*ENABLE_OPENPGP */
diff --git a/lib/openpgp/openpgp_int.h b/lib/openpgp/openpgp_int.h
index 952e965591..fa55e3e28f 100644
--- a/lib/openpgp/openpgp_int.h
+++ b/lib/openpgp/openpgp_int.h
@@ -37,61 +37,60 @@
dst[1] = _gnutls_read_uint32( src+4); }
/* Internal context to store the OpenPGP key. */
-typedef struct gnutls_openpgp_crt_int
-{
- cdk_kbnode_t knode;
- uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int preferred_set;
+typedef struct gnutls_openpgp_crt_int {
+ cdk_kbnode_t knode;
+ uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int preferred_set;
} gnutls_openpgp_crt_int;
/* Internal context to store the private OpenPGP key. */
-typedef struct gnutls_openpgp_privkey_int
-{
- cdk_kbnode_t knode;
- uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int preferred_set;
+typedef struct gnutls_openpgp_privkey_int {
+ cdk_kbnode_t knode;
+ uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int preferred_set;
} gnutls_openpgp_privkey_int;
-typedef struct gnutls_openpgp_keyring_int
-{
- cdk_keydb_hd_t db;
+typedef struct gnutls_openpgp_keyring_int {
+ cdk_keydb_hd_t db;
} gnutls_openpgp_keyring_int;
-int _gnutls_map_cdk_rc (int rc);
+int _gnutls_map_cdk_rc(int rc);
-int _gnutls_openpgp_export (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data, size_t * output_data_size,
- int priv);
+int _gnutls_openpgp_export(cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data, size_t * output_data_size,
+ int priv);
-int _gnutls_openpgp_export2 (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_datum_t* out, int priv);
+int _gnutls_openpgp_export2(cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out, int priv);
-cdk_packet_t _gnutls_get_valid_subkey (cdk_kbnode_t knode, int key_type);
+cdk_packet_t _gnutls_get_valid_subkey(cdk_kbnode_t knode, int key_type);
-unsigned int _gnutls_get_pgp_key_usage (unsigned int pgp_usage);
+unsigned int _gnutls_get_pgp_key_usage(unsigned int pgp_usage);
int
-_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, uint32_t keyid[2],
- gnutls_pk_params_st * params);
+_gnutls_openpgp_crt_get_mpis(gnutls_openpgp_crt_t cert, uint32_t keyid[2],
+ gnutls_pk_params_st * params);
int
-_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
- uint32_t keyid[2], gnutls_pk_params_st* params);
+_gnutls_openpgp_privkey_get_mpis(gnutls_openpgp_privkey_t pkey,
+ uint32_t keyid[2],
+ gnutls_pk_params_st * params);
-cdk_packet_t _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv);
+cdk_packet_t _gnutls_openpgp_find_key(cdk_kbnode_t knode,
+ uint32_t keyid[2],
+ unsigned int priv);
-int _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
- bigint_t * m);
+int _gnutls_read_pgp_mpi(cdk_packet_t pkt, unsigned int priv, size_t idx,
+ bigint_t * m);
-int _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv);
+int _gnutls_openpgp_find_subkey_idx(cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv);
-int _gnutls_openpgp_get_algo (int cdk_algo);
+int _gnutls_openpgp_get_algo(int cdk_algo);
-#endif /* ENABLE_OPENPGP */
+#endif /* ENABLE_OPENPGP */
-#endif /* OPENPGP_LOCAL_H */
+#endif /* OPENPGP_LOCAL_H */
diff --git a/lib/openpgp/output.c b/lib/openpgp/output.c
index 9b0a16d259..5ac9031696 100644
--- a/lib/openpgp/output.c
+++ b/lib/openpgp/output.c
@@ -32,59 +32,60 @@
#define adds _gnutls_buffer_append_str
static void
-print_key_usage (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
- unsigned int idx)
+print_key_usage(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
+ unsigned int idx)
{
- unsigned int key_usage;
- int err;
-
- adds (str, _("\t\tKey Usage:\n"));
-
-
- if (idx == (unsigned int) -1)
- err = gnutls_openpgp_crt_get_key_usage (cert, &key_usage);
- else
- err = gnutls_openpgp_crt_get_subkey_usage (cert, idx, &key_usage);
- if (err < 0)
- {
- addf (str, _("error: get_key_usage: %s\n"), gnutls_strerror (err));
- return;
- }
-
- if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
- adds (str, _("\t\t\tDigital signatures.\n"));
- if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
- adds (str, _("\t\t\tCommunications encipherment.\n"));
- if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
- adds (str, _("\t\t\tStorage data encipherment.\n"));
- if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
- adds (str, _("\t\t\tAuthentication.\n"));
- if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
- adds (str, _("\t\t\tCertificate signing.\n"));
+ unsigned int key_usage;
+ int err;
+
+ adds(str, _("\t\tKey Usage:\n"));
+
+
+ if (idx == (unsigned int) -1)
+ err = gnutls_openpgp_crt_get_key_usage(cert, &key_usage);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_usage(cert, idx,
+ &key_usage);
+ if (err < 0) {
+ addf(str, _("error: get_key_usage: %s\n"),
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
+ adds(str, _("\t\t\tDigital signatures.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
+ adds(str, _("\t\t\tCommunications encipherment.\n"));
+ if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
+ adds(str, _("\t\t\tStorage data encipherment.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
+ adds(str, _("\t\t\tAuthentication.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
+ adds(str, _("\t\t\tCertificate signing.\n"));
}
/* idx == -1 indicates main key
* otherwise the subkey.
*/
static void
-print_key_id (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+print_key_id(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
- gnutls_openpgp_keyid_t id;
- int err;
-
- if (idx < 0)
- err = gnutls_openpgp_crt_get_key_id (cert, id);
- else
- err = gnutls_openpgp_crt_get_subkey_id (cert, idx, id);
-
- if (err < 0)
- addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
- else
- {
- adds (str, _("\tID (hex): "));
- _gnutls_buffer_hexprint (str, id, sizeof (id));
- addf (str, "\n");
- }
+ gnutls_openpgp_keyid_t id;
+ int err;
+
+ if (idx < 0)
+ err = gnutls_openpgp_crt_get_key_id(cert, id);
+ else
+ err = gnutls_openpgp_crt_get_subkey_id(cert, idx, id);
+
+ if (err < 0)
+ addf(str, "error: get_key_id: %s\n", gnutls_strerror(err));
+ else {
+ adds(str, _("\tID (hex): "));
+ _gnutls_buffer_hexprint(str, id, sizeof(id));
+ addf(str, "\n");
+ }
}
@@ -92,387 +93,451 @@ print_key_id (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
* otherwise the subkey.
*/
static void
-print_key_fingerprint (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+print_key_fingerprint(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
- uint8_t fpr[128];
- size_t fpr_size = sizeof (fpr);
- int err;
- const char* name;
- char* p;
- unsigned int bits;
-
- err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
- if (err < 0)
- addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
- else
- {
- adds (str, _("\tFingerprint (hex): "));
- _gnutls_buffer_hexprint (str, fpr, fpr_size);
- addf (str, "\n");
- }
-
- err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
- if (err < 0)
- return;
-
- name = gnutls_pk_get_name(err);
- if (name == NULL)
- return;
-
- p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits, "\t\t");
- if (p == NULL)
- return;
-
- adds (str, _("\tFingerprint's random art:\n"));
- adds (str, p);
- adds (str, "\n");
-
- gnutls_free(p);
+ uint8_t fpr[128];
+ size_t fpr_size = sizeof(fpr);
+ int err;
+ const char *name;
+ char *p;
+ unsigned int bits;
+
+ err = gnutls_openpgp_crt_get_fingerprint(cert, fpr, &fpr_size);
+ if (err < 0)
+ addf(str, "error: get_fingerprint: %s\n",
+ gnutls_strerror(err));
+ else {
+ adds(str, _("\tFingerprint (hex): "));
+ _gnutls_buffer_hexprint(str, fpr, fpr_size);
+ addf(str, "\n");
+ }
+
+ err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
+ if (err < 0)
+ return;
+
+ name = gnutls_pk_get_name(err);
+ if (name == NULL)
+ return;
+
+ p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits,
+ "\t\t");
+ if (p == NULL)
+ return;
+
+ adds(str, _("\tFingerprint's random art:\n"));
+ adds(str, p);
+ adds(str, "\n");
+
+ gnutls_free(p);
}
static void
-print_key_revoked (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+print_key_revoked(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
+ int idx)
{
- int err;
-
- if (idx < 0)
- err = gnutls_openpgp_crt_get_revoked_status (cert);
- else
- err = gnutls_openpgp_crt_get_subkey_revoked_status (cert, idx);
-
- if (err != 0)
- adds (str, _("\tRevoked: True\n"));
- else
- adds (str, _("\tRevoked: False\n"));
+ int err;
+
+ if (idx < 0)
+ err = gnutls_openpgp_crt_get_revoked_status(cert);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_revoked_status(cert,
+ idx);
+
+ if (err != 0)
+ adds(str, _("\tRevoked: True\n"));
+ else
+ adds(str, _("\tRevoked: False\n"));
}
static void
-print_key_times (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+print_key_times(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
- time_t tim;
-
- adds (str, _("\tTime stamps:\n"));
-
- if (idx == -1)
- tim = gnutls_openpgp_crt_get_creation_time (cert);
- else
- tim = gnutls_openpgp_crt_get_subkey_creation_time (cert, idx);
-
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tCreation: %s\n"), s);
- }
-
- if (idx == -1)
- tim = gnutls_openpgp_crt_get_expiration_time (cert);
- else
- tim = gnutls_openpgp_crt_get_subkey_expiration_time (cert, idx);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (tim == 0)
- {
- adds (str, _("\t\tExpiration: Never\n"));
- }
- else
- {
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tExpiration: %s\n"), s);
- }
- }
+ time_t tim;
+
+ adds(str, _("\tTime stamps:\n"));
+
+ if (idx == -1)
+ tim = gnutls_openpgp_crt_get_creation_time(cert);
+ else
+ tim =
+ gnutls_openpgp_crt_get_subkey_creation_time(cert, idx);
+
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t)
+ == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tCreation: %s\n"), s);
+ }
+
+ if (idx == -1)
+ tim = gnutls_openpgp_crt_get_expiration_time(cert);
+ else
+ tim =
+ gnutls_openpgp_crt_get_subkey_expiration_time(cert,
+ idx);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (tim == 0) {
+ adds(str, _("\t\tExpiration: Never\n"));
+ } else {
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tExpiration: %s\n"), s);
+ }
+ }
}
static void
-print_key_info (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+print_key_info(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
- int err;
- unsigned int bits;
-
- if (idx == -1)
- err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
- else
- err = gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, &bits);
-
- if (err < 0)
- addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
- else
- {
- const char *name = gnutls_pk_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
-
- addf (str, _("\tPublic Key Algorithm: %s\n"), name);
- addf (str, _("\tKey Security Level: %s\n"),
- gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
- (err, bits)));
-
- switch (err)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- if (idx == -1)
- err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e);
- else
- err =
- gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e);
-
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t");
- adds (str, _("\t\tExponent:\n"));
- _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t");
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- if (idx == -1)
- err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
- else
- err =
- gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q,
- &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
- adds (str, _("\t\tP:\n"));
- _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t");
- adds (str, _("\t\tQ:\n"));
- _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t");
- adds (str, _("\t\tG:\n"));
- _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t");
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
- }
- }
- break;
-
- default:
- break;
- }
- }
+ int err;
+ unsigned int bits;
+
+ if (idx == -1)
+ err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(cert, idx,
+ &bits);
+
+ if (err < 0)
+ addf(str, "error: get_pk_algorithm: %s\n",
+ gnutls_strerror(err));
+ else {
+ const char *name = gnutls_pk_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+
+ addf(str, _("\tPublic Key Algorithm: %s\n"), name);
+ addf(str, _("\tKey Security Level: %s\n"),
+ gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param
+ (err, bits)));
+
+ switch (err) {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ if (idx == -1)
+ err =
+ gnutls_openpgp_crt_get_pk_rsa_raw
+ (cert, &m, &e);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_rsa_raw
+ (cert, idx, &m, &e);
+
+ if (err < 0)
+ addf(str,
+ "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ addf(str,
+ _("\t\tModulus (bits %d):\n"),
+ bits);
+ _gnutls_buffer_hexdump(str, m.data,
+ m.size,
+ "\t\t\t");
+ adds(str, _("\t\tExponent:\n"));
+ _gnutls_buffer_hexdump(str, e.data,
+ e.size,
+ "\t\t\t");
+
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ if (idx == -1)
+ err =
+ gnutls_openpgp_crt_get_pk_dsa_raw
+ (cert, &p, &q, &g, &y);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_dsa_raw
+ (cert, idx, &p, &q, &g, &y);
+ if (err < 0)
+ addf(str,
+ "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ addf(str,
+ _
+ ("\t\tPublic key (bits %d):\n"),
+ bits);
+ _gnutls_buffer_hexdump(str, y.data,
+ y.size,
+ "\t\t\t");
+ adds(str, _("\t\tP:\n"));
+ _gnutls_buffer_hexdump(str, p.data,
+ p.size,
+ "\t\t\t");
+ adds(str, _("\t\tQ:\n"));
+ _gnutls_buffer_hexdump(str, q.data,
+ q.size,
+ "\t\t\t");
+ adds(str, _("\t\tG:\n"));
+ _gnutls_buffer_hexdump(str, g.data,
+ g.size,
+ "\t\t\t");
+
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+ }
}
-static void
-print_cert (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+static void print_cert(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
- int i, subkeys;
- int err;
-
- print_key_revoked (str, cert, -1);
-
- /* Version. */
- {
- int version = gnutls_openpgp_crt_get_version (cert);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* ID. */
- print_key_id (str, cert, -1);
-
- print_key_fingerprint (str, cert);
-
- /* Names. */
- i = 0;
- do
- {
- char *dn;
- size_t dn_size = 0;
-
- err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
- && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
- && err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "error: get_name: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
- if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
- err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "error: get_name: %s\n", gnutls_strerror (err));
- else if (err >= 0)
- addf (str, _("\tName[%d]: %s\n"), i, dn);
- else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn);
-
- gnutls_free (dn);
- }
- }
-
- i++;
- }
- while (err >= 0);
-
- print_key_times (str, cert, -1);
-
- print_key_info (str, cert, -1);
- print_key_usage (str, cert, -1);
-
- subkeys = gnutls_openpgp_crt_get_subkey_count (cert);
- if (subkeys < 0)
- return;
-
- for (i = 0; i < subkeys; i++)
- {
- addf (str, _("\n\tSubkey[%d]:\n"), i);
-
- print_key_revoked (str, cert, i);
- print_key_id (str, cert, i);
- print_key_times (str, cert, i);
- print_key_info (str, cert, i);
- print_key_usage (str, cert, i);
- }
+ int i, subkeys;
+ int err;
+
+ print_key_revoked(str, cert, -1);
+
+ /* Version. */
+ {
+ int version = gnutls_openpgp_crt_get_version(cert);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
+ }
+
+ /* ID. */
+ print_key_id(str, cert, -1);
+
+ print_key_fingerprint(str, cert);
+
+ /* Names. */
+ i = 0;
+ do {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
+ && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str, "error: get_name: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_openpgp_crt_get_name(cert, i,
+ dn,
+ &dn_size);
+ if (err < 0
+ && err !=
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str, "error: get_name: %s\n",
+ gnutls_strerror(err));
+ else if (err >= 0)
+ addf(str, _("\tName[%d]: %s\n"), i,
+ dn);
+ else if (err ==
+ GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str,
+ _("\tRevoked Name[%d]: %s\n"),
+ i, dn);
+
+ gnutls_free(dn);
+ }
+ }
+
+ i++;
+ }
+ while (err >= 0);
+
+ print_key_times(str, cert, -1);
+
+ print_key_info(str, cert, -1);
+ print_key_usage(str, cert, -1);
+
+ subkeys = gnutls_openpgp_crt_get_subkey_count(cert);
+ if (subkeys < 0)
+ return;
+
+ for (i = 0; i < subkeys; i++) {
+ addf(str, _("\n\tSubkey[%d]:\n"), i);
+
+ print_key_revoked(str, cert, i);
+ print_key_id(str, cert, i);
+ print_key_times(str, cert, i);
+ print_key_info(str, cert, i);
+ print_key_usage(str, cert, i);
+ }
}
static void
-print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+print_oneline(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
- int err, i;
-
- i = 0;
- do
- {
- char *dn;
- size_t dn_size = 0;
-
- err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
- && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
- && err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "unknown name (%s), ", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown name (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
- if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
- err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "unknown name (%s), ", gnutls_strerror (err));
- else if (err >= 0)
- addf (str, _("name[%d]: %s, "), i, dn);
- else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, _("revoked name[%d]: %s, "), i, dn);
-
- gnutls_free (dn);
- }
- }
-
- i++;
- }
- while (err >= 0);
-
- {
- char fpr[128];
- size_t fpr_size = sizeof (fpr);
- int err;
-
- err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
- if (err < 0)
- addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
- else
- {
- adds (str, _("fingerprint: "));
- _gnutls_buffer_hexprint (str, fpr, fpr_size);
- addf (str, ", ");
- }
- }
-
- {
- time_t tim;
-
- tim = gnutls_openpgp_crt_get_creation_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "error: strftime (%ld), ", (unsigned long) tim);
- else
- addf (str, _("created: %s, "), s);
- }
-
- tim = gnutls_openpgp_crt_get_expiration_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (tim == 0)
- adds (str, _("never expires, "));
- else
- {
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "error: strftime (%ld), ", (unsigned long) tim);
- else
- addf (str, _("expires: %s, "), s);
- }
- }
- }
-
- {
- unsigned int bits = 0;
- gnutls_pk_algorithm_t algo =
- gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
- const char *algostr = gnutls_pk_algorithm_get_name (algo);
-
- if (algostr)
- addf (str, _("key algorithm %s (%d bits)"), algostr, bits);
- else
- addf (str, _("unknown key algorithm (%d)"), algo);
- }
+ int err, i;
+
+ i = 0;
+ do {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
+ && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str, "unknown name (%s), ",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "unknown name (%s), ",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_openpgp_crt_get_name(cert, i,
+ dn,
+ &dn_size);
+ if (err < 0
+ && err !=
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str, "unknown name (%s), ",
+ gnutls_strerror(err));
+ else if (err >= 0)
+ addf(str, _("name[%d]: %s, "), i,
+ dn);
+ else if (err ==
+ GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str,
+ _("revoked name[%d]: %s, "),
+ i, dn);
+
+ gnutls_free(dn);
+ }
+ }
+
+ i++;
+ }
+ while (err >= 0);
+
+ {
+ char fpr[128];
+ size_t fpr_size = sizeof(fpr);
+ int err;
+
+ err =
+ gnutls_openpgp_crt_get_fingerprint(cert, fpr,
+ &fpr_size);
+ if (err < 0)
+ addf(str, "error: get_fingerprint: %s\n",
+ gnutls_strerror(err));
+ else {
+ adds(str, _("fingerprint: "));
+ _gnutls_buffer_hexprint(str, fpr, fpr_size);
+ addf(str, ", ");
+ }
+ }
+
+ {
+ time_t tim;
+
+ tim = gnutls_openpgp_crt_get_creation_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld), ",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%Y-%m-%d %H:%M:%S UTC",
+ &t) == 0)
+ addf(str, "error: strftime (%ld), ",
+ (unsigned long) tim);
+ else
+ addf(str, _("created: %s, "), s);
+ }
+
+ tim = gnutls_openpgp_crt_get_expiration_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (tim == 0)
+ adds(str, _("never expires, "));
+ else {
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str,
+ "error: gmtime_r (%ld), ",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%Y-%m-%d %H:%M:%S UTC",
+ &t) == 0)
+ addf(str,
+ "error: strftime (%ld), ",
+ (unsigned long) tim);
+ else
+ addf(str, _("expires: %s, "), s);
+ }
+ }
+ }
+
+ {
+ unsigned int bits = 0;
+ gnutls_pk_algorithm_t algo =
+ gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
+ const char *algostr = gnutls_pk_algorithm_get_name(algo);
+
+ if (algostr)
+ addf(str, _("key algorithm %s (%d bits)"), algostr,
+ bits);
+ else
+ addf(str, _("unknown key algorithm (%d)"), algo);
+ }
}
/**
@@ -491,35 +556,34 @@ print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
-
- _gnutls_buffer_init (&str);
-
- if (format == GNUTLS_CRT_PRINT_ONELINE)
- print_oneline (&str, cert);
- else if (format == GNUTLS_CRT_PRINT_COMPACT)
- {
- print_oneline (&str, cert);
-
- _gnutls_buffer_append_data (&str, "\n", 1);
- print_key_fingerprint (&str, cert);
- }
- else
- {
- _gnutls_buffer_append_str (&str,
- _("OpenPGP Certificate Information:\n"));
- print_cert (&str, cert);
- }
-
- _gnutls_buffer_append_data (&str, "\0", 1);
-
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
- return ret;
+ gnutls_buffer_st str;
+ int ret;
+
+ _gnutls_buffer_init(&str);
+
+ if (format == GNUTLS_CRT_PRINT_ONELINE)
+ print_oneline(&str, cert);
+ else if (format == GNUTLS_CRT_PRINT_COMPACT) {
+ print_oneline(&str, cert);
+
+ _gnutls_buffer_append_data(&str, "\n", 1);
+ print_key_fingerprint(&str, cert);
+ } else {
+ _gnutls_buffer_append_str(&str,
+ _
+ ("OpenPGP Certificate Information:\n"));
+ print_cert(&str, cert);
+ }
+
+ _gnutls_buffer_append_data(&str, "\0", 1);
+
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
+
+ return ret;
}
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 38cab4f417..0c714e8e4c 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -40,14 +40,13 @@
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key)
+int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key)
{
- *key = gnutls_calloc (1, sizeof (gnutls_openpgp_crt_int));
+ *key = gnutls_calloc(1, sizeof(gnutls_openpgp_crt_int));
- if (*key)
- return 0; /* success */
- return GNUTLS_E_MEMORY_ERROR;
+ if (*key)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -56,19 +55,17 @@ gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key)
*
* This function will deinitialize a key structure.
**/
-void
-gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key)
+void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key)
{
- if (!key)
- return;
+ if (!key)
+ return;
- if (key->knode)
- {
- cdk_kbnode_release (key->knode);
- key->knode = NULL;
- }
+ if (key->knode) {
+ cdk_kbnode_release(key->knode);
+ key->knode = NULL;
+ }
- gnutls_free (key);
+ gnutls_free(key);
}
/**
@@ -84,130 +81,125 @@ gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format)
{
- cdk_packet_t pkt;
- int rc, armor;
-
- if (data->data == NULL || data->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- if (format == GNUTLS_OPENPGP_FMT_RAW) armor = 0;
- else armor = 1;
-
- rc = cdk_kbnode_read_from_mem (&key->knode, armor, data->data, data->size);
- if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
-
- /* Test if the import was successful. */
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- return 0;
+ cdk_packet_t pkt;
+ int rc, armor;
+
+ if (data->data == NULL || data->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_RAW)
+ armor = 0;
+ else
+ armor = 1;
+
+ rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
+ data->size);
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+
+ /* Test if the import was successful. */
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ return 0;
}
-int _gnutls_openpgp_export2 (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_datum_t* out, int priv)
+int _gnutls_openpgp_export2(cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out, int priv)
{
-int ret;
-size_t size = 0;
-
- ret = _gnutls_openpgp_export(node, format, NULL, &size, priv);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- out->data = gnutls_malloc(size);
-
- ret = _gnutls_openpgp_export(node, format, out->data, &size, priv);
- if (ret < 0)
- {
- gnutls_free(out->data);
- return gnutls_assert_val(ret);
- }
- out->size = size;
- }
- else if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ int ret;
+ size_t size = 0;
+
+ ret = _gnutls_openpgp_export(node, format, NULL, &size, priv);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ out->data = gnutls_malloc(size);
+
+ ret =
+ _gnutls_openpgp_export(node, format, out->data, &size,
+ priv);
+ if (ret < 0) {
+ gnutls_free(out->data);
+ return gnutls_assert_val(ret);
+ }
+ out->size = size;
+ } else if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
/* internal version of export
*/
int
-_gnutls_openpgp_export (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size, int priv)
+_gnutls_openpgp_export(cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size, int priv)
{
- size_t input_data_size = *output_data_size;
- size_t calc_size;
- int rc;
-
- rc = cdk_kbnode_write_to_mem (node, output_data, output_data_size);
- if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
-
- /* If the caller uses output_data == NULL then return what he expects.
- */
- if (!output_data && format != GNUTLS_OPENPGP_FMT_BASE64)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (format == GNUTLS_OPENPGP_FMT_BASE64)
- {
- unsigned char *in = gnutls_calloc (1, *output_data_size);
- memcpy (in, output_data, *output_data_size);
-
- /* Calculate the size of the encoded data and check if the provided
- buffer is large enough. */
- rc = cdk_armor_encode_buffer (in, *output_data_size,
- NULL, 0, &calc_size,
- priv ? CDK_ARMOR_SECKEY :
- CDK_ARMOR_PUBKEY);
- if (rc || calc_size > input_data_size)
- {
- gnutls_free (in);
- *output_data_size = calc_size;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- rc = cdk_armor_encode_buffer (in, *output_data_size,
- output_data, input_data_size, &calc_size,
- priv ? CDK_ARMOR_SECKEY :
- CDK_ARMOR_PUBKEY);
- gnutls_free (in);
- *output_data_size = calc_size;
-
- if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
- }
-
- return 0;
+ size_t input_data_size = *output_data_size;
+ size_t calc_size;
+ int rc;
+
+ rc = cdk_kbnode_write_to_mem(node, output_data, output_data_size);
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+
+ /* If the caller uses output_data == NULL then return what he expects.
+ */
+ if (!output_data && format != GNUTLS_OPENPGP_FMT_BASE64) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_BASE64) {
+ unsigned char *in = gnutls_calloc(1, *output_data_size);
+ memcpy(in, output_data, *output_data_size);
+
+ /* Calculate the size of the encoded data and check if the provided
+ buffer is large enough. */
+ rc = cdk_armor_encode_buffer(in, *output_data_size,
+ NULL, 0, &calc_size,
+ priv ? CDK_ARMOR_SECKEY :
+ CDK_ARMOR_PUBKEY);
+ if (rc || calc_size > input_data_size) {
+ gnutls_free(in);
+ *output_data_size = calc_size;
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ rc = cdk_armor_encode_buffer(in, *output_data_size,
+ output_data, input_data_size,
+ &calc_size,
+ priv ? CDK_ARMOR_SECKEY :
+ CDK_ARMOR_PUBKEY);
+ gnutls_free(in);
+ *output_data_size = calc_size;
+
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ return 0;
}
@@ -226,12 +218,12 @@ _gnutls_openpgp_export (cdk_kbnode_t node,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data, size_t * output_data_size)
+gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data, size_t * output_data_size)
{
- return _gnutls_openpgp_export (key->knode, format, output_data,
- output_data_size, 0);
+ return _gnutls_openpgp_export(key->knode, format, output_data,
+ output_data_size, 0);
}
/**
@@ -248,11 +240,11 @@ gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
* Since: 3.1.3
**/
int
-gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_datum_t *out)
+gnutls_openpgp_crt_export2(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out)
{
- return _gnutls_openpgp_export2 (key->knode, format, out, 0);
+ return _gnutls_openpgp_export2(key->knode, format, out, 0);
}
/**
@@ -267,58 +259,54 @@ gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key,
* Returns: On success, 0 is returned. Otherwise, an error code.
**/
int
-gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key,
- void *fpr, size_t * fprlen)
+gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key,
+ void *fpr, size_t * fprlen)
{
- cdk_packet_t pkt;
- cdk_pkt_pubkey_t pk = NULL;
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
- if (!fpr || !fprlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!fpr || !fprlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- *fprlen = 0;
+ *fprlen = 0;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- pk = pkt->pkt.public_key;
- *fprlen = 20;
+ pk = pkt->pkt.public_key;
+ *fprlen = 20;
- /* FIXME: Check if the draft allows old PGP keys. */
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- *fprlen = 16;
- cdk_pk_get_fingerprint (pk, fpr);
+ /* FIXME: Check if the draft allows old PGP keys. */
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+ cdk_pk_get_fingerprint(pk, fpr);
- return 0;
+ return 0;
}
-static int
-_gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key)
+static int _gnutls_openpgp_count_key_names(gnutls_openpgp_crt_t key)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- int nuids;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return 0;
- }
-
- ctx = NULL;
- nuids = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_USER_ID)
- nuids++;
- }
-
- return nuids;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int nuids;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ctx = NULL;
+ nuids = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_USER_ID)
+ nuids++;
+ }
+
+ return nuids;
}
@@ -338,60 +326,54 @@ _gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key)
* error code.
**/
int
-gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
- int idx, char *buf, size_t * sizeof_buf)
+gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key,
+ int idx, char *buf, size_t * sizeof_buf)
{
- cdk_kbnode_t ctx = NULL, p;
- cdk_packet_t pkt = NULL;
- cdk_pkt_userid_t uid = NULL;
- int pos = 0;
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (idx < 0 || idx >= _gnutls_openpgp_count_key_names (key))
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- pos = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_USER_ID)
- {
- if (pos == idx)
- break;
- pos++;
- }
- }
-
- if (!pkt)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- uid = pkt->pkt.user_id;
- if (uid->len >= *sizeof_buf)
- {
- gnutls_assert ();
- *sizeof_buf = uid->len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (buf)
- {
- memcpy (buf, uid->name, uid->len);
- buf[uid->len] = '\0'; /* make sure it's a string */
- }
- *sizeof_buf = uid->len + 1;
-
- if (uid->is_revoked)
- return GNUTLS_E_OPENPGP_UID_REVOKED;
-
- return 0;
+ cdk_kbnode_t ctx = NULL, p;
+ cdk_packet_t pkt = NULL;
+ cdk_pkt_userid_t uid = NULL;
+ int pos = 0;
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (idx < 0 || idx >= _gnutls_openpgp_count_key_names(key))
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ pos = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_USER_ID) {
+ if (pos == idx)
+ break;
+ pos++;
+ }
+ }
+
+ if (!pkt) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ uid = pkt->pkt.user_id;
+ if (uid->len >= *sizeof_buf) {
+ gnutls_assert();
+ *sizeof_buf = uid->len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (buf) {
+ memcpy(buf, uid->name, uid->len);
+ buf[uid->len] = '\0'; /* make sure it's a string */
+ }
+ *sizeof_buf = uid->len + 1;
+
+ if (uid->is_revoked)
+ return GNUTLS_E_OPENPGP_UID_REVOKED;
+
+ return 0;
}
/**
@@ -410,42 +392,42 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
* success, or GNUTLS_PK_UNKNOWN on error.
**/
gnutls_pk_algorithm_t
-gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int *bits)
+gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t key,
+ unsigned int *bits)
{
- cdk_packet_t pkt;
- int algo = 0, ret;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_PK_UNKNOWN;
- }
-
- ret = gnutls_openpgp_crt_get_preferred_key_id (key, keyid);
- if (ret == 0)
- {
- int idx;
-
- idx = gnutls_openpgp_crt_get_subkey_idx (key, keyid);
- if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- {
- algo =
- gnutls_openpgp_crt_get_subkey_pk_algorithm (key, idx, bits);
- return algo;
- }
- }
-
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
- {
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
- algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
- }
-
- return algo;
+ cdk_packet_t pkt;
+ int algo = 0, ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ ret = gnutls_openpgp_crt_get_preferred_key_id(key, keyid);
+ if (ret == 0) {
+ int idx;
+
+ idx = gnutls_openpgp_crt_get_subkey_idx(key, keyid);
+ if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX) {
+ algo =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(key,
+ idx,
+ bits);
+ return algo;
+ }
+ }
+
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt) {
+ if (bits)
+ *bits = cdk_pk_get_nbits(pkt->pkt.public_key);
+ algo =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->
+ pubkey_algo);
+ }
+
+ return algo;
}
@@ -457,22 +439,21 @@ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
*
* Returns: the version number is returned, or a negative error code on errors.
**/
-int
-gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key)
+int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key)
{
- cdk_packet_t pkt;
- int version;
+ cdk_packet_t pkt;
+ int version;
- if (!key)
- return -1;
+ if (!key)
+ return -1;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
- version = pkt->pkt.public_key->version;
- else
- version = 0;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ version = pkt->pkt.public_key->version;
+ else
+ version = 0;
- return version;
+ return version;
}
@@ -484,22 +465,21 @@ gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key)
*
* Returns: the timestamp when the OpenPGP key was created.
**/
-time_t
-gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key)
+time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key)
{
- cdk_packet_t pkt;
- time_t timestamp;
+ cdk_packet_t pkt;
+ time_t timestamp;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
- timestamp = pkt->pkt.public_key->timestamp;
- else
- timestamp = 0;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ timestamp = pkt->pkt.public_key->timestamp;
+ else
+ timestamp = 0;
- return timestamp;
+ return timestamp;
}
@@ -512,22 +492,21 @@ gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key)
*
* Returns: the time when the OpenPGP key expires.
**/
-time_t
-gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key)
+time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key)
{
- cdk_packet_t pkt;
- time_t expiredate;
+ cdk_packet_t pkt;
+ time_t expiredate;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
- expiredate = pkt->pkt.public_key->expiredate;
- else
- expiredate = 0;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ expiredate = pkt->pkt.public_key->expiredate;
+ else
+ expiredate = 0;
- return expiredate;
+ return expiredate;
}
/**
@@ -542,27 +521,26 @@ gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key)
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid)
{
- cdk_packet_t pkt;
- uint32_t kid[2];
+ cdk_packet_t pkt;
+ uint32_t kid[2];
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- cdk_pk_get_keyid (pkt->pkt.public_key, kid);
- _gnutls_write_uint32 (kid[0], keyid);
- _gnutls_write_uint32 (kid[1], keyid + 4);
+ cdk_pk_get_keyid(pkt->pkt.public_key, kid);
+ _gnutls_write_uint32(kid[0], keyid);
+ _gnutls_write_uint32(kid[1], keyid + 4);
- return 0;
+ return 0;
}
/**
@@ -576,24 +554,22 @@ gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
*
* Since: 2.4.0
**/
-int
-gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key)
+int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t key)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- if (pkt->pkt.public_key->is_revoked != 0)
- return 1;
- return 0;
+ if (pkt->pkt.public_key->is_revoked != 0)
+ return 1;
+ return 0;
}
/**
@@ -608,52 +584,52 @@ gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key)
* Returns: non-zero for a successful match, and zero on failure.
**/
int
-gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
- const char *hostname)
+gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key,
+ const char *hostname)
{
- char dnsname[MAX_CN];
- size_t dnsnamesize;
- int ret = 0;
- int i;
-
- /* Check through all included names. */
- for (i = 0; !(ret < 0); i++)
- {
- dnsnamesize = sizeof (dnsname);
- ret = gnutls_openpgp_crt_get_name (key, i, dnsname, &dnsnamesize);
-
- if (ret == 0)
- {
- /* Length returned by gnutls_openpgp_crt_get_name includes
- the terminating (0). */
- dnsnamesize--;
-
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
- return 1;
- }
- }
-
- /* not found a matching name */
- return 0;
+ char dnsname[MAX_CN];
+ size_t dnsnamesize;
+ int ret = 0;
+ int i;
+
+ /* Check through all included names. */
+ for (i = 0; !(ret < 0); i++) {
+ dnsnamesize = sizeof(dnsname);
+ ret =
+ gnutls_openpgp_crt_get_name(key, i, dnsname,
+ &dnsnamesize);
+
+ if (ret == 0) {
+ /* Length returned by gnutls_openpgp_crt_get_name includes
+ the terminating (0). */
+ dnsnamesize--;
+
+ if (_gnutls_hostname_compare
+ (dnsname, dnsnamesize, hostname, 0))
+ return 1;
+ }
+ }
+
+ /* not found a matching name */
+ return 0;
}
-unsigned int
-_gnutls_get_pgp_key_usage (unsigned int cdk_usage)
+unsigned int _gnutls_get_pgp_key_usage(unsigned int cdk_usage)
{
- unsigned int usage = 0;
-
- if (cdk_usage & CDK_KEY_USG_CERT_SIGN)
- usage |= GNUTLS_KEY_KEY_CERT_SIGN;
- if (cdk_usage & CDK_KEY_USG_DATA_SIGN)
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
- if (cdk_usage & CDK_KEY_USG_COMM_ENCR)
- usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
- if (cdk_usage & CDK_KEY_USG_STORAGE_ENCR)
- usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
- if (cdk_usage & CDK_KEY_USG_AUTH)
- usage |= GNUTLS_KEY_KEY_AGREEMENT;
-
- return usage;
+ unsigned int usage = 0;
+
+ if (cdk_usage & CDK_KEY_USG_CERT_SIGN)
+ usage |= GNUTLS_KEY_KEY_CERT_SIGN;
+ if (cdk_usage & CDK_KEY_USG_DATA_SIGN)
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+ if (cdk_usage & CDK_KEY_USG_COMM_ENCR)
+ usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ if (cdk_usage & CDK_KEY_USG_STORAGE_ENCR)
+ usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
+ if (cdk_usage & CDK_KEY_USG_AUTH)
+ usage |= GNUTLS_KEY_KEY_AGREEMENT;
+
+ return usage;
}
/**
@@ -668,24 +644,24 @@ _gnutls_get_pgp_key_usage (unsigned int cdk_usage)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
*/
int
-gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
- unsigned int *key_usage)
+gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key,
+ unsigned int *key_usage)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- *key_usage = _gnutls_get_pgp_key_usage (pkt->pkt.public_key->pubkey_usage);
+ *key_usage =
+ _gnutls_get_pgp_key_usage(pkt->pkt.public_key->pubkey_usage);
- return 0;
+ return 0;
}
/**
@@ -699,55 +675,51 @@ gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
*
* Since: 2.4.0
**/
-int
-gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key)
+int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- int subkeys;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return 0;
- }
-
- ctx = NULL;
- subkeys = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- subkeys++;
- }
-
- return subkeys;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int subkeys;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ subkeys++;
+ }
+
+ return subkeys;
}
/* returns the subkey with the given index */
static cdk_packet_t
-_get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx)
+_get_public_subkey(gnutls_openpgp_crt_t key, unsigned int indx)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- unsigned int subkeys;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ctx = NULL;
- subkeys = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY && indx == subkeys++)
- return pkt;
- }
-
- return NULL;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ unsigned int subkeys;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ && indx == subkeys++)
+ return pkt;
+ }
+
+ return NULL;
}
/* returns the key with the given keyid. It can be either key or subkey.
@@ -756,41 +728,39 @@ _get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx)
* pkt->pkt.public_key;
*/
cdk_packet_t
-_gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv)
+_gnutls_openpgp_find_key(cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- uint32_t local_keyid[2];
-
- ctx = NULL;
- while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
-
- if ((priv == 0
- && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
- || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0
- && (pkt->pkttype ==
- CDK_PKT_SECRET_SUBKEY
- || pkt->pkttype
- ==
- CDK_PKT_SECRET_KEY)))
- {
- if (priv == 0)
- cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
- else
- cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
-
- if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
- {
- return pkt;
- }
- }
- }
-
- gnutls_assert ();
- return NULL;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ uint32_t local_keyid[2];
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk(knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+
+ if ((priv == 0
+ && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ || pkt->pkttype == CDK_PKT_PUBLIC_KEY))
+ || (priv != 0
+ && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY
+ || pkt->pkttype == CDK_PKT_SECRET_KEY))) {
+ if (priv == 0)
+ cdk_pk_get_keyid(pkt->pkt.public_key,
+ local_keyid);
+ else
+ cdk_pk_get_keyid(pkt->pkt.secret_key->pk,
+ local_keyid);
+
+ if (local_keyid[0] == keyid[0]
+ && local_keyid[1] == keyid[1]) {
+ return pkt;
+ }
+ }
+ }
+
+ gnutls_assert();
+ return NULL;
}
/* returns the key with the given keyid
@@ -799,41 +769,42 @@ _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
* pkt->pkt.public_key;
*/
int
-_gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv)
+_gnutls_openpgp_find_subkey_idx(cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- int i = 0;
- uint32_t local_keyid[2];
-
- _gnutls_hard_log ("Looking keyid: %x.%x\n", keyid[0], keyid[1]);
-
- ctx = NULL;
- while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
-
- if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)) ||
- (priv != 0 && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)))
- {
- if (priv == 0)
- cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
- else
- cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
-
- _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0],
- local_keyid[1]);
- if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
- {
- return i;
- }
- i++;
- }
- }
-
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int i = 0;
+ uint32_t local_keyid[2];
+
+ _gnutls_hard_log("Looking keyid: %x.%x\n", keyid[0], keyid[1]);
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk(knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+
+ if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY))
+ || (priv != 0
+ && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY))) {
+ if (priv == 0)
+ cdk_pk_get_keyid(pkt->pkt.public_key,
+ local_keyid);
+ else
+ cdk_pk_get_keyid(pkt->pkt.secret_key->pk,
+ local_keyid);
+
+ _gnutls_hard_log("Found keyid: %x.%x\n",
+ local_keyid[0], local_keyid[1]);
+ if (local_keyid[0] == keyid[0]
+ && local_keyid[1] == keyid[1]) {
+ return i;
+ }
+ i++;
+ }
+ }
+
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
}
/**
@@ -849,27 +820,26 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
- unsigned int idx)
+gnutls_openpgp_crt_get_subkey_revoked_status(gnutls_openpgp_crt_t key,
+ unsigned int idx)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_revoked_status(key);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_revoked_status(key);
- pkt = _get_public_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_public_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- if (pkt->pkt.public_key->is_revoked != 0)
- return 1;
- return 0;
+ if (pkt->pkt.public_key->is_revoked != 0)
+ return 1;
+ return 0;
}
/**
@@ -891,33 +861,33 @@ gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
gnutls_pk_algorithm_t
-gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *bits)
+gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *bits)
{
- cdk_packet_t pkt;
- int algo;
+ cdk_packet_t pkt;
+ int algo;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_PK_UNKNOWN;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_PK_UNKNOWN;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_pk_algorithm(key, bits);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_pk_algorithm(key, bits);
- pkt = _get_public_subkey (key, idx);
+ pkt = _get_public_subkey(key, idx);
- algo = 0;
- if (pkt)
- {
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
- algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
- }
+ algo = 0;
+ if (pkt) {
+ if (bits)
+ *bits = cdk_pk_get_nbits(pkt->pkt.public_key);
+ algo =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->
+ pubkey_algo);
+ }
- return algo;
+ return algo;
}
/**
@@ -932,25 +902,25 @@ gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
time_t
-gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key,
- unsigned int idx)
+gnutls_openpgp_crt_get_subkey_creation_time(gnutls_openpgp_crt_t key,
+ unsigned int idx)
{
- cdk_packet_t pkt;
- time_t timestamp;
+ cdk_packet_t pkt;
+ time_t timestamp;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_creation_time(key);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_creation_time(key);
- pkt = _get_public_subkey (key, idx);
- if (pkt)
- timestamp = pkt->pkt.public_key->timestamp;
- else
- timestamp = 0;
+ pkt = _get_public_subkey(key, idx);
+ if (pkt)
+ timestamp = pkt->pkt.public_key->timestamp;
+ else
+ timestamp = 0;
- return timestamp;
+ return timestamp;
}
@@ -967,25 +937,25 @@ gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
time_t
-gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key,
- unsigned int idx)
+gnutls_openpgp_crt_get_subkey_expiration_time(gnutls_openpgp_crt_t key,
+ unsigned int idx)
{
- cdk_packet_t pkt;
- time_t expiredate;
+ cdk_packet_t pkt;
+ time_t expiredate;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_expiration_time(key);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_expiration_time(key);
- pkt = _get_public_subkey (key, idx);
- if (pkt)
- expiredate = pkt->pkt.public_key->expiredate;
- else
- expiredate = 0;
+ pkt = _get_public_subkey(key, idx);
+ if (pkt)
+ expiredate = pkt->pkt.public_key->expiredate;
+ else
+ expiredate = 0;
- return expiredate;
+ return expiredate;
}
/**
@@ -999,31 +969,30 @@ gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key,
* Returns: the 64-bit keyID of the OpenPGP key.
**/
int
-gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_get_subkey_id(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid)
{
- cdk_packet_t pkt;
- uint32_t kid[2];
-
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_key_id(key, keyid);
-
- pkt = _get_public_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
-
- cdk_pk_get_keyid (pkt->pkt.public_key, kid);
- _gnutls_write_uint32 (kid[0], keyid);
- _gnutls_write_uint32 (kid[1], keyid + 4);
-
- return 0;
+ cdk_packet_t pkt;
+ uint32_t kid[2];
+
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_key_id(key, keyid);
+
+ pkt = _get_public_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ cdk_pk_get_keyid(pkt->pkt.public_key, kid);
+ _gnutls_write_uint32(kid[0], keyid);
+ _gnutls_write_uint32(kid[1], keyid + 4);
+
+ return 0;
}
/**
@@ -1041,37 +1010,37 @@ gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen)
+gnutls_openpgp_crt_get_subkey_fingerprint(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ void *fpr, size_t * fprlen)
{
- cdk_packet_t pkt;
- cdk_pkt_pubkey_t pk = NULL;
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
+
+ if (!fpr || !fprlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (!fpr || !fprlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_fingerprint(key, fpr, fprlen);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_fingerprint(key, fpr,
+ fprlen);
- *fprlen = 0;
+ *fprlen = 0;
- pkt = _get_public_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_public_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- pk = pkt->pkt.public_key;
- *fprlen = 20;
+ pk = pkt->pkt.public_key;
+ *fprlen = 20;
- /* FIXME: Check if the draft allows old PGP keys. */
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- *fprlen = 16;
- cdk_pk_get_fingerprint (pk, fpr);
+ /* FIXME: Check if the draft allows old PGP keys. */
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+ cdk_pk_get_fingerprint(pk, fpr);
- return 0;
+ return 0;
}
/**
@@ -1086,34 +1055,32 @@ gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t keyid)
{
- int ret;
- uint32_t kid[2];
- uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_openpgp_crt_get_key_id (key, master_id);
- if (ret < 0)
- return gnutls_assert_val(ret);
- if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE)==0)
- return GNUTLS_OPENPGP_MASTER_KEYID_IDX;
-
- KEYID_IMPORT (kid, keyid);
- ret = _gnutls_openpgp_find_subkey_idx (key->knode, kid, 0);
-
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ int ret;
+ uint32_t kid[2];
+ uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_openpgp_crt_get_key_id(key, master_id);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE) == 0)
+ return GNUTLS_OPENPGP_MASTER_KEYID_IDX;
+
+ KEYID_IMPORT(kid, keyid);
+ ret = _gnutls_openpgp_find_subkey_idx(key->knode, kid, 0);
+
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
/**
@@ -1133,326 +1100,310 @@ gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
* Since: 2.4.0
*/
int
-gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *key_usage)
+gnutls_openpgp_crt_get_subkey_usage(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *key_usage)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_key_usage(key, key_usage);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_key_usage(key, key_usage);
- pkt = _get_public_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+ pkt = _get_public_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
- *key_usage = _gnutls_get_pgp_key_usage (pkt->pkt.public_key->pubkey_usage);
+ *key_usage =
+ _gnutls_get_pgp_key_usage(pkt->pkt.public_key->pubkey_usage);
- return 0;
+ return 0;
}
int
-_gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
- bigint_t * m)
+_gnutls_read_pgp_mpi(cdk_packet_t pkt, unsigned int priv, size_t idx,
+ bigint_t * m)
{
- size_t buf_size = 512;
- uint8_t *buf = gnutls_malloc (buf_size);
- int err;
- unsigned int max_pub_params = 0;
-
- if (priv != 0)
- max_pub_params = cdk_pk_get_npkey (pkt->pkt.secret_key->pk->pubkey_algo);
-
- if (buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* FIXME: Note that opencdk doesn't like the buf to be NULL.
- */
- if (priv == 0)
- err =
- cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
- NULL);
- else
- {
- if (idx < max_pub_params)
- err =
- cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
- &buf_size, NULL);
- else
- {
- err =
- cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf,
- buf_size, &buf_size, NULL);
- }
- }
-
- if (err == CDK_Too_Short)
- {
- buf = gnutls_realloc_fast (buf, buf_size);
- if (buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (priv == 0)
- err =
- cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
- NULL);
- else
- {
- if (idx < max_pub_params)
- err =
- cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
- &buf_size, NULL);
- else
- {
- err =
- cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params,
- buf, buf_size, &buf_size, NULL);
- }
- }
- }
-
- if (err != CDK_Success)
- {
- gnutls_assert ();
- gnutls_free (buf);
- return _gnutls_map_cdk_rc (err);
- }
-
- err = _gnutls_mpi_scan (m, buf, buf_size);
- gnutls_free (buf);
-
- if (err < 0)
- {
- gnutls_assert ();
- return err;
- }
-
- return 0;
+ size_t buf_size = 512;
+ uint8_t *buf = gnutls_malloc(buf_size);
+ int err;
+ unsigned int max_pub_params = 0;
+
+ if (priv != 0)
+ max_pub_params =
+ cdk_pk_get_npkey(pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* FIXME: Note that opencdk doesn't like the buf to be NULL.
+ */
+ if (priv == 0)
+ err =
+ cdk_pk_get_mpi(pkt->pkt.public_key, idx, buf, buf_size,
+ &buf_size, NULL);
+ else {
+ if (idx < max_pub_params)
+ err =
+ cdk_pk_get_mpi(pkt->pkt.secret_key->pk, idx,
+ buf, buf_size, &buf_size, NULL);
+ else {
+ err =
+ cdk_sk_get_mpi(pkt->pkt.secret_key,
+ idx - max_pub_params, buf,
+ buf_size, &buf_size, NULL);
+ }
+ }
+
+ if (err == CDK_Too_Short) {
+ buf = gnutls_realloc_fast(buf, buf_size);
+ if (buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (priv == 0)
+ err =
+ cdk_pk_get_mpi(pkt->pkt.public_key, idx, buf,
+ buf_size, &buf_size, NULL);
+ else {
+ if (idx < max_pub_params)
+ err =
+ cdk_pk_get_mpi(pkt->pkt.secret_key->pk,
+ idx, buf, buf_size,
+ &buf_size, NULL);
+ else {
+ err =
+ cdk_sk_get_mpi(pkt->pkt.secret_key,
+ idx - max_pub_params,
+ buf, buf_size,
+ &buf_size, NULL);
+ }
+ }
+ }
+
+ if (err != CDK_Success) {
+ gnutls_assert();
+ gnutls_free(buf);
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ err = _gnutls_mpi_scan(m, buf, buf_size);
+ gnutls_free(buf);
+
+ if (err < 0) {
+ gnutls_assert();
+ return err;
+ }
+
+ return 0;
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert,
- uint32_t * keyid /* [2] */ ,
- gnutls_pk_params_st * params)
+_gnutls_openpgp_crt_get_mpis(gnutls_openpgp_crt_t cert,
+ uint32_t * keyid /* [2] */ ,
+ gnutls_pk_params_st * params)
{
- int result, i;
- int pk_algorithm, local_params;
- cdk_packet_t pkt;
-
- if (keyid == NULL)
- pkt = cdk_kbnode_find_packet (cert->knode, CDK_PKT_PUBLIC_KEY);
- else
- pkt = _gnutls_openpgp_find_key (cert->knode, keyid, 0);
-
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
-
- switch (pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- local_params = RSA_PUBLIC_PARAMS;
- break;
- case GNUTLS_PK_DSA:
- local_params = DSA_PUBLIC_PARAMS;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- gnutls_pk_params_init(params);
-
- for (i = 0; i < local_params; i++)
- {
- result = _gnutls_read_pgp_mpi (pkt, 0, i, &params->params[i]);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- params->params_nr++;
- }
-
- return 0;
-
-error:
- gnutls_pk_params_release(params);
-
- return result;
+ int result, i;
+ int pk_algorithm, local_params;
+ cdk_packet_t pkt;
+
+ if (keyid == NULL)
+ pkt =
+ cdk_kbnode_find_packet(cert->knode,
+ CDK_PKT_PUBLIC_KEY);
+ else
+ pkt = _gnutls_openpgp_find_key(cert->knode, keyid, 0);
+
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo);
+
+ switch (pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ local_params = RSA_PUBLIC_PARAMS;
+ break;
+ case GNUTLS_PK_DSA:
+ local_params = DSA_PUBLIC_PARAMS;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ gnutls_pk_params_init(params);
+
+ for (i = 0; i < local_params; i++) {
+ result =
+ _gnutls_read_pgp_mpi(pkt, 0, i, &params->params[i]);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ params->params_nr++;
+ }
+
+ return 0;
+
+ error:
+ gnutls_pk_params_release(params);
+
+ return result;
}
/* The internal version of export
*/
static int
-_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * m, gnutls_datum_t * e)
+_get_pk_rsa_raw(gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- int pk_algorithm, ret;
- cdk_packet_t pkt;
- uint32_t kid32[2];
- gnutls_pk_params_st params;
-
- gnutls_pk_params_init(&params);
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- KEYID_IMPORT (kid32, keyid);
-
- pkt = _gnutls_openpgp_find_key (crt->knode, kid32, 0);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
-
- if (pk_algorithm != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_openpgp_crt_get_mpis (crt, kid32, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint (params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+ int pk_algorithm, ret;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ gnutls_pk_params_st params;
+
+ gnutls_pk_params_init(&params);
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT(kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key(crt->knode, kid32, 0);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_crt_get_mpis(crt, kid32, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
static int
-_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+_get_pk_dsa_raw(gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
- int pk_algorithm, ret;
- cdk_packet_t pkt;
- uint32_t kid32[2];
- gnutls_pk_params_st params;
-
- gnutls_pk_params_init(&params);
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- KEYID_IMPORT (kid32, keyid);
-
- pkt = _gnutls_openpgp_find_key (crt->knode, kid32, 0);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
-
- if (pk_algorithm != GNUTLS_PK_DSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_openpgp_crt_get_mpis (crt, kid32, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint (params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint (params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint (params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint (params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+ int pk_algorithm, ret;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ gnutls_pk_params_st params;
+
+ gnutls_pk_params_init(&params);
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT(kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key(crt->knode, kid32, 0);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_crt_get_mpis(crt, kid32, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint(params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint(params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint(params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint(params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
@@ -1471,20 +1422,19 @@ cleanup:
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e)
+gnutls_openpgp_crt_get_pk_rsa_raw(gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- ret = gnutls_openpgp_crt_get_key_id (crt, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_get_key_id(crt, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_pk_rsa_raw (crt, keyid, m, e);
+ return _get_pk_rsa_raw(crt, keyid, m, e);
}
/**
@@ -1504,21 +1454,20 @@ gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+gnutls_openpgp_crt_get_pk_dsa_raw(gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- ret = gnutls_openpgp_crt_get_key_id (crt, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_get_key_id(crt, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_pk_dsa_raw (crt, keyid, p, q, g, y);
+ return _get_pk_dsa_raw(crt, keyid, p, q, g, y);
}
/**
@@ -1537,25 +1486,24 @@ gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e)
+gnutls_openpgp_crt_get_subkey_pk_rsa_raw(gnutls_openpgp_crt_t crt,
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_pk_rsa_raw(crt, m, e);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_pk_rsa_raw(crt, m, e);
- ret = gnutls_openpgp_crt_get_subkey_id (crt, idx, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_pk_rsa_raw (crt, keyid, m, e);
+ return _get_pk_rsa_raw(crt, keyid, m, e);
}
/**
@@ -1576,27 +1524,26 @@ gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y)
+gnutls_openpgp_crt_get_subkey_pk_dsa_raw(gnutls_openpgp_crt_t crt,
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_pk_dsa_raw(crt, p,q, g, y);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_pk_dsa_raw(crt, p, q, g, y);
- ret = gnutls_openpgp_crt_get_subkey_id (crt, idx, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_pk_dsa_raw (crt, keyid, p, q, g, y);
+ return _get_pk_dsa_raw(crt, keyid, p, q, g, y);
}
/**
@@ -1610,21 +1557,22 @@ gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
* Returns: the 64-bit preferred keyID of the OpenPGP key.
**/
int
-gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid)
{
- if (!key->preferred_set)
- return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+ if (!key->preferred_set)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+ memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
- return 0;
+ return 0;
}
/**
@@ -1642,44 +1590,42 @@ gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
* otherwise a negative error code is returned.
**/
int
-gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_set_preferred_key_id(gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t keyid)
{
- int ret;
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (keyid == NULL) /* set the master as preferred */
- {
- uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret = gnutls_openpgp_crt_get_key_id (key, tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- key->preferred_set = 1;
- memcpy (key->preferred_keyid, tmp, GNUTLS_OPENPGP_KEYID_SIZE);
-
- return 0;
- }
-
- /* check if the id is valid */
- ret = gnutls_openpgp_crt_get_subkey_idx (key, keyid);
- if (ret < 0)
- {
- _gnutls_debug_log ("the requested subkey does not exist\n");
- gnutls_assert ();
- return ret;
- }
-
- key->preferred_set = 1;
- memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
-
- return 0;
+ int ret;
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (keyid == NULL) { /* set the master as preferred */
+ uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret = gnutls_openpgp_crt_get_key_id(key, tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ key->preferred_set = 1;
+ memcpy(key->preferred_keyid, tmp,
+ GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+ }
+
+ /* check if the id is valid */
+ ret = gnutls_openpgp_crt_get_subkey_idx(key, keyid);
+ if (ret < 0) {
+ _gnutls_debug_log("the requested subkey does not exist\n");
+ gnutls_assert();
+ return ret;
+ }
+
+ key->preferred_set = 1;
+ memcpy(key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
}
/**
@@ -1696,67 +1642,66 @@ gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flag)
+gnutls_openpgp_crt_get_auth_subkey(gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flag)
{
- int ret, subkeys, i;
- unsigned int usage;
- unsigned int keyid_init = 0;
-
- subkeys = gnutls_openpgp_crt_get_subkey_count (crt);
- if (subkeys <= 0)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
- }
-
- /* Try to find a subkey with the authentication flag set.
- * if none exists use the last one found
- */
- for (i = 0; i < subkeys; i++)
- {
- ret = gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, i, NULL);
- if (ret == GNUTLS_PK_UNKNOWN)
- continue;
-
- ret = gnutls_openpgp_crt_get_subkey_revoked_status (crt, i);
- if (ret != 0) /* it is revoked. ignore it */
- continue;
-
- if (keyid_init == 0)
- { /* keep the first valid subkey */
- ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- keyid_init = 1;
- }
-
- ret = gnutls_openpgp_crt_get_subkey_usage (crt, i, &usage);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (usage & GNUTLS_KEY_KEY_AGREEMENT)
- {
- ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return 0;
- }
- }
-
- if (flag && keyid_init)
- return 0;
- else
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ int ret, subkeys, i;
+ unsigned int usage;
+ unsigned int keyid_init = 0;
+
+ subkeys = gnutls_openpgp_crt_get_subkey_count(crt);
+ if (subkeys <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+ }
+
+ /* Try to find a subkey with the authentication flag set.
+ * if none exists use the last one found
+ */
+ for (i = 0; i < subkeys; i++) {
+ ret =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, i,
+ NULL);
+ if (ret == GNUTLS_PK_UNKNOWN)
+ continue;
+
+ ret = gnutls_openpgp_crt_get_subkey_revoked_status(crt, i);
+ if (ret != 0) /* it is revoked. ignore it */
+ continue;
+
+ if (keyid_init == 0) { /* keep the first valid subkey */
+ ret =
+ gnutls_openpgp_crt_get_subkey_id(crt, i,
+ keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ keyid_init = 1;
+ }
+
+ ret = gnutls_openpgp_crt_get_subkey_usage(crt, i, &usage);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (usage & GNUTLS_KEY_KEY_AGREEMENT) {
+ ret =
+ gnutls_openpgp_crt_get_subkey_id(crt, i,
+ keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return 0;
+ }
+ }
+
+ if (flag && keyid_init)
+ return 0;
+ else
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
diff --git a/lib/openpgp/pgpverify.c b/lib/openpgp/pgpverify.c
index 1e48de4b0d..b1748daf7e 100644
--- a/lib/openpgp/pgpverify.c
+++ b/lib/openpgp/pgpverify.c
@@ -50,65 +50,59 @@
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyring_t keyring,
- unsigned int flags, unsigned int *verify)
+gnutls_openpgp_crt_verify_ring(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyring_t keyring,
+ unsigned int flags, unsigned int *verify)
{
- uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE];
- cdk_error_t rc;
- int status;
-
- if (!key || !keyring)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- *verify = 0;
-
- rc = cdk_pk_check_sigs (key->knode, keyring->db, &status);
- if (rc == CDK_Error_No_Key)
- {
- rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
- gnutls_assert ();
- return rc;
- }
- else if (rc != CDK_Success)
- {
- _gnutls_debug_log ("cdk_pk_check_sigs: error %d\n", rc);
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
- _gnutls_debug_log ("status: %x\n", status);
-
- if (status & CDK_KEY_INVALID)
- *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
- if (status & CDK_KEY_REVOKED)
- *verify |= GNUTLS_CERT_REVOKED;
- if (status & CDK_KEY_NOSIGNER)
- *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND;
-
- /* Check if the key is included in the ring. */
- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
- {
- rc = gnutls_openpgp_crt_get_key_id (key, id);
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = gnutls_openpgp_keyring_check_id (keyring, id, 0);
- /* If it exists in the keyring don't treat it as unknown. */
- if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
- *verify &= ~GNUTLS_CERT_SIGNER_NOT_FOUND;
- }
-
- if (*verify != 0)
- *verify |= GNUTLS_CERT_INVALID;
-
- return 0;
+ uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE];
+ cdk_error_t rc;
+ int status;
+
+ if (!key || !keyring) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ *verify = 0;
+
+ rc = cdk_pk_check_sigs(key->knode, keyring->db, &status);
+ if (rc == CDK_Error_No_Key) {
+ rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ gnutls_assert();
+ return rc;
+ } else if (rc != CDK_Success) {
+ _gnutls_debug_log("cdk_pk_check_sigs: error %d\n", rc);
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+ _gnutls_debug_log("status: %x\n", status);
+
+ if (status & CDK_KEY_INVALID)
+ *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
+ if (status & CDK_KEY_REVOKED)
+ *verify |= GNUTLS_CERT_REVOKED;
+ if (status & CDK_KEY_NOSIGNER)
+ *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND;
+
+ /* Check if the key is included in the ring. */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) {
+ rc = gnutls_openpgp_crt_get_key_id(key, id);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = gnutls_openpgp_keyring_check_id(keyring, id, 0);
+ /* If it exists in the keyring don't treat it as unknown. */
+ if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ *verify &= ~GNUTLS_CERT_SIGNER_NOT_FOUND;
+ }
+
+ if (*verify != 0)
+ *verify |= GNUTLS_CERT_INVALID;
+
+ return 0;
}
@@ -125,19 +119,20 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
- unsigned int flags, unsigned int *verify)
+gnutls_openpgp_crt_verify_self(gnutls_openpgp_crt_t key,
+ unsigned int flags, unsigned int *verify)
{
- int status;
- cdk_error_t rc;
+ int status;
+ cdk_error_t rc;
- *verify = 0;
+ *verify = 0;
- rc = cdk_pk_check_self_sig (key->knode, &status);
- if (rc || status != CDK_KEY_VALID)
- *verify |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
- else
- *verify = 0;
+ rc = cdk_pk_check_self_sig(key->knode, &status);
+ if (rc || status != CDK_KEY_VALID)
+ *verify |=
+ GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
+ else
+ *verify = 0;
- return 0;
+ return 0;
}
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 5318412180..58581128b4 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -41,14 +41,13 @@
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key)
+int gnutls_openpgp_privkey_init(gnutls_openpgp_privkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (gnutls_openpgp_privkey_int));
+ *key = gnutls_calloc(1, sizeof(gnutls_openpgp_privkey_int));
- if (*key)
- return 0; /* success */
- return GNUTLS_E_MEMORY_ERROR;
+ if (*key)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -57,19 +56,17 @@ gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key)
*
* This function will deinitialize a key structure.
**/
-void
-gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key)
+void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t key)
{
- if (!key)
- return;
+ if (!key)
+ return;
- if (key->knode)
- {
- cdk_kbnode_release (key->knode);
- key->knode = NULL;
- }
+ if (key->knode) {
+ cdk_kbnode_release(key->knode);
+ key->knode = NULL;
+ }
- gnutls_free (key);
+ gnutls_free(key);
}
/*-
@@ -83,42 +80,49 @@ gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key)
* negative error value.
-*/
int
-_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src)
+_gnutls_openpgp_privkey_cpy(gnutls_openpgp_privkey_t dest,
+ gnutls_openpgp_privkey_t src)
{
- int ret;
- size_t raw_size=0;
- uint8_t *der;
- gnutls_datum_t tmp;
-
- ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, NULL, &raw_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- return gnutls_assert_val(ret);
-
- der = gnutls_malloc (raw_size);
- if (der == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, der, &raw_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (der);
- return ret;
- }
-
- tmp.data = der;
- tmp.size = raw_size;
- ret = gnutls_openpgp_privkey_import (dest, &tmp, GNUTLS_OPENPGP_FMT_RAW, NULL, 0);
-
- gnutls_free (der);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- memcpy(dest->preferred_keyid, src->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
- dest->preferred_set = src->preferred_set;
-
- return 0;
+ int ret;
+ size_t raw_size = 0;
+ uint8_t *der;
+ gnutls_datum_t tmp;
+
+ ret =
+ gnutls_openpgp_privkey_export(src, GNUTLS_OPENPGP_FMT_RAW,
+ NULL, 0, NULL, &raw_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ return gnutls_assert_val(ret);
+
+ der = gnutls_malloc(raw_size);
+ if (der == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ gnutls_openpgp_privkey_export(src, GNUTLS_OPENPGP_FMT_RAW,
+ NULL, 0, der, &raw_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(der);
+ return ret;
+ }
+
+ tmp.data = der;
+ tmp.size = raw_size;
+ ret =
+ gnutls_openpgp_privkey_import(dest, &tmp,
+ GNUTLS_OPENPGP_FMT_RAW, NULL, 0);
+
+ gnutls_free(der);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ memcpy(dest->preferred_keyid, src->preferred_keyid,
+ GNUTLS_OPENPGP_KEYID_SIZE);
+ dest->preferred_set = src->preferred_set;
+
+ return 0;
}
/**
@@ -134,19 +138,18 @@ _gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privk
* Since: 2.12.0
**/
gnutls_sec_param_t
-gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key)
+gnutls_openpgp_privkey_sec_param(gnutls_openpgp_privkey_t key)
{
- gnutls_pk_algorithm_t algo;
- unsigned int bits;
+ gnutls_pk_algorithm_t algo;
+ unsigned int bits;
- algo = gnutls_openpgp_privkey_get_pk_algorithm (key, &bits);
- if (algo == GNUTLS_PK_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_SEC_PARAM_UNKNOWN;
- }
+ algo = gnutls_openpgp_privkey_get_pk_algorithm(key, &bits);
+ if (algo == GNUTLS_PK_UNKNOWN) {
+ gnutls_assert();
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+ }
- return gnutls_pk_bits_to_sec_param (algo, bits);
+ return gnutls_pk_bits_to_sec_param(algo, bits);
}
/**
@@ -164,41 +167,40 @@ gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const char *password, unsigned int flags)
+gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
- cdk_packet_t pkt;
- int rc, armor;
-
- if (data->data == NULL || data->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- if (format == GNUTLS_OPENPGP_FMT_RAW)
- armor = 0;
- else armor = 1;
-
- rc = cdk_kbnode_read_from_mem (&key->knode, armor, data->data, data->size);
- if (rc != 0)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
-
- /* Test if the import was successful. */
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- return 0;
+ cdk_packet_t pkt;
+ int rc, armor;
+
+ if (data->data == NULL || data->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_RAW)
+ armor = 0;
+ else
+ armor = 1;
+
+ rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
+ data->size);
+ if (rc != 0) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+
+ /* Test if the import was successful. */
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ return 0;
}
/**
@@ -220,14 +222,14 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password, unsigned int flags,
- void *output_data, size_t * output_data_size)
+gnutls_openpgp_privkey_export(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags,
+ void *output_data, size_t * output_data_size)
{
- /* FIXME for now we do not export encrypted keys */
- return _gnutls_openpgp_export (key->knode, format, output_data,
- output_data_size, 1);
+ /* FIXME for now we do not export encrypted keys */
+ return _gnutls_openpgp_export(key->knode, format, output_data,
+ output_data_size, 1);
}
/**
@@ -246,13 +248,13 @@ gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
* Since: 3.1.3
**/
int
-gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password, unsigned int flags,
- gnutls_datum_t *out)
+gnutls_openpgp_privkey_export2(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags,
+ gnutls_datum_t * out)
{
- /* FIXME for now we do not export encrypted keys */
- return _gnutls_openpgp_export2 (key->knode, format, out, 1);
+ /* FIXME for now we do not export encrypted keys */
+ return _gnutls_openpgp_export2(key->knode, format, out, 1);
}
@@ -274,60 +276,58 @@ gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
gnutls_pk_algorithm_t
-gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int *bits)
+gnutls_openpgp_privkey_get_pk_algorithm(gnutls_openpgp_privkey_t key,
+ unsigned int *bits)
{
- cdk_packet_t pkt;
- int algo = 0, ret;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_PK_UNKNOWN;
- }
-
- ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
- if (ret == 0)
- {
- int idx;
-
- idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
- if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- {
- algo =
- gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, bits);
- return algo;
- }
- }
-
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (pkt)
- {
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
- algo = _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
- }
-
- return algo;
+ cdk_packet_t pkt;
+ int algo = 0, ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ ret = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
+ if (ret == 0) {
+ int idx;
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+ if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX) {
+ algo =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm
+ (key, idx, bits);
+ return algo;
+ }
+ }
+
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (pkt) {
+ if (bits)
+ *bits = cdk_pk_get_nbits(pkt->pkt.secret_key->pk);
+ algo =
+ _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->
+ pubkey_algo);
+ }
+
+ return algo;
}
-int
-_gnutls_openpgp_get_algo (int cdk_algo)
+int _gnutls_openpgp_get_algo(int cdk_algo)
{
- int algo;
-
- if (is_RSA (cdk_algo))
- algo = GNUTLS_PK_RSA;
- else if (is_DSA (cdk_algo))
- algo = GNUTLS_PK_DSA;
- else
- {
- _gnutls_debug_log ("Unknown OpenPGP algorithm %d\n", cdk_algo);
- algo = GNUTLS_PK_UNKNOWN;
- }
-
- return algo;
+ int algo;
+
+ if (is_RSA(cdk_algo))
+ algo = GNUTLS_PK_RSA;
+ else if (is_DSA(cdk_algo))
+ algo = GNUTLS_PK_DSA;
+ else {
+ _gnutls_debug_log("Unknown OpenPGP algorithm %d\n",
+ cdk_algo);
+ algo = GNUTLS_PK_UNKNOWN;
+ }
+
+ return algo;
}
/**
@@ -341,24 +341,22 @@ _gnutls_openpgp_get_algo (int cdk_algo)
*
* Since: 2.4.0
**/
-int
-gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t key)
+int gnutls_openpgp_privkey_get_revoked_status(gnutls_openpgp_privkey_t key)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- if (pkt->pkt.secret_key->is_revoked != 0)
- return 1;
- return 0;
+ if (pkt->pkt.secret_key->is_revoked != 0)
+ return 1;
+ return 0;
}
/**
@@ -375,36 +373,34 @@ gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t key)
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
- void *fpr, size_t * fprlen)
+gnutls_openpgp_privkey_get_fingerprint(gnutls_openpgp_privkey_t key,
+ void *fpr, size_t * fprlen)
{
- cdk_packet_t pkt;
- cdk_pkt_pubkey_t pk = NULL;
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
- if (!fpr || !fprlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!fpr || !fprlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- *fprlen = 0;
+ *fprlen = 0;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (!pkt)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
- pk = pkt->pkt.secret_key->pk;
- *fprlen = 20;
+ pk = pkt->pkt.secret_key->pk;
+ *fprlen = 20;
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- *fprlen = 16;
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
- cdk_pk_get_fingerprint (pk, fpr);
+ cdk_pk_get_fingerprint(pk, fpr);
- return 0;
+ return 0;
}
/**
@@ -419,27 +415,26 @@ gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_privkey_get_key_id(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t keyid)
{
- cdk_packet_t pkt;
- uint32_t kid[2];
+ cdk_packet_t pkt;
+ uint32_t kid[2];
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
- _gnutls_write_uint32 (kid[0], keyid);
- _gnutls_write_uint32 (kid[1], keyid + 4);
+ cdk_sk_get_keyid(pkt->pkt.secret_key, kid);
+ _gnutls_write_uint32(kid[0], keyid);
+ _gnutls_write_uint32(kid[1], keyid + 4);
- return 0;
+ return 0;
}
/**
@@ -453,49 +448,46 @@ gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
*
* Since: 2.4.0
**/
-int
-gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key)
+int gnutls_openpgp_privkey_get_subkey_count(gnutls_openpgp_privkey_t key)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- int subkeys;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return 0;
- }
-
- ctx = NULL;
- subkeys = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- subkeys++;
- }
-
- return subkeys;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int subkeys;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ subkeys++;
+ }
+
+ return subkeys;
}
/* returns the subkey with the given index */
static cdk_packet_t
-_get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx)
+_get_secret_subkey(gnutls_openpgp_privkey_t key, unsigned int indx)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- unsigned int subkeys;
-
- ctx = NULL;
- subkeys = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY && indx == subkeys++)
- return pkt;
- }
-
- return NULL;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ unsigned int subkeys;
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY
+ && indx == subkeys++)
+ return pkt;
+ }
+
+ return NULL;
}
/**
@@ -511,27 +503,26 @@ _get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx)
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
- key, unsigned int idx)
+gnutls_openpgp_privkey_get_subkey_revoked_status(gnutls_openpgp_privkey_t
+ key, unsigned int idx)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_privkey_get_revoked_status(key);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_privkey_get_revoked_status(key);
- pkt = _get_secret_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_secret_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- if (pkt->pkt.secret_key->is_revoked != 0)
- return 1;
- return 0;
+ if (pkt->pkt.secret_key->is_revoked != 0)
+ return 1;
+ return 0;
}
/**
@@ -553,39 +544,37 @@ gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
* Since: 2.4.0
**/
gnutls_pk_algorithm_t
-gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- unsigned int *bits)
+gnutls_openpgp_privkey_get_subkey_pk_algorithm(gnutls_openpgp_privkey_t
+ key, unsigned int idx,
+ unsigned int *bits)
{
- cdk_packet_t pkt;
- int algo;
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_PK_UNKNOWN;
- }
-
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_privkey_get_pk_algorithm(key, bits);
-
- pkt = _get_secret_subkey (key, idx);
-
- algo = 0;
- if (pkt)
- {
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
- algo = pkt->pkt.secret_key->pubkey_algo;
- if (is_RSA (algo))
- algo = GNUTLS_PK_RSA;
- else if (is_DSA (algo))
- algo = GNUTLS_PK_DSA;
- else
- algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- return algo;
+ cdk_packet_t pkt;
+ int algo;
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_privkey_get_pk_algorithm(key, bits);
+
+ pkt = _get_secret_subkey(key, idx);
+
+ algo = 0;
+ if (pkt) {
+ if (bits)
+ *bits = cdk_pk_get_nbits(pkt->pkt.secret_key->pk);
+ algo = pkt->pkt.secret_key->pubkey_algo;
+ if (is_RSA(algo))
+ algo = GNUTLS_PK_RSA;
+ else if (is_DSA(algo))
+ algo = GNUTLS_PK_DSA;
+ else
+ algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ return algo;
}
/**
@@ -600,34 +589,32 @@ gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_privkey_get_subkey_idx(gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t keyid)
{
- int ret;
- uint32_t kid[2];
- uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_openpgp_privkey_get_key_id (key, master_id);
- if (ret < 0)
- return gnutls_assert_val(ret);
- if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE)==0)
- return GNUTLS_OPENPGP_MASTER_KEYID_IDX;
-
- KEYID_IMPORT (kid, keyid);
- ret = _gnutls_openpgp_find_subkey_idx (key->knode, kid, 1);
-
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ int ret;
+ uint32_t kid[2];
+ uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_openpgp_privkey_get_key_id(key, master_id);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE) == 0)
+ return GNUTLS_OPENPGP_MASTER_KEYID_IDX;
+
+ KEYID_IMPORT(kid, keyid);
+ ret = _gnutls_openpgp_find_subkey_idx(key->knode, kid, 1);
+
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
/**
@@ -642,26 +629,27 @@ gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
time_t
-gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key,
- unsigned int idx)
+gnutls_openpgp_privkey_get_subkey_creation_time(gnutls_openpgp_privkey_t
+ key, unsigned int idx)
{
- cdk_packet_t pkt;
- time_t timestamp;
+ cdk_packet_t pkt;
+ time_t timestamp;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- else
- pkt = _get_secret_subkey (key, idx);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ pkt =
+ cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ else
+ pkt = _get_secret_subkey(key, idx);
- if (pkt)
- timestamp = pkt->pkt.secret_key->pk->timestamp;
- else
- timestamp = 0;
+ if (pkt)
+ timestamp = pkt->pkt.secret_key->pk->timestamp;
+ else
+ timestamp = 0;
- return timestamp;
+ return timestamp;
}
/**
@@ -677,26 +665,27 @@ gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
time_t
-gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t
- key, unsigned int idx)
+gnutls_openpgp_privkey_get_subkey_expiration_time(gnutls_openpgp_privkey_t
+ key, unsigned int idx)
{
- cdk_packet_t pkt;
- time_t timestamp;
+ cdk_packet_t pkt;
+ time_t timestamp;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- else
- pkt = _get_secret_subkey (key, idx);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ pkt =
+ cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ else
+ pkt = _get_secret_subkey(key, idx);
- if (pkt)
- timestamp = pkt->pkt.secret_key->pk->expiredate;
- else
- timestamp = 0;
+ if (pkt)
+ timestamp = pkt->pkt.secret_key->pk->expiredate;
+ else
+ timestamp = 0;
- return timestamp;
+ return timestamp;
}
/**
@@ -712,31 +701,30 @@ gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_privkey_get_subkey_id(gnutls_openpgp_privkey_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid)
{
- cdk_packet_t pkt;
- uint32_t kid[2];
+ cdk_packet_t pkt;
+ uint32_t kid[2];
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_privkey_get_key_id(key, keyid);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_privkey_get_key_id(key, keyid);
- pkt = _get_secret_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_secret_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
- _gnutls_write_uint32 (kid[0], keyid);
- _gnutls_write_uint32 (kid[1], keyid + 4);
+ cdk_sk_get_keyid(pkt->pkt.secret_key, kid);
+ _gnutls_write_uint32(kid[0], keyid);
+ _gnutls_write_uint32(kid[1], keyid + 4);
- return 0;
+ return 0;
}
/**
@@ -754,320 +742,300 @@ gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen)
+gnutls_openpgp_privkey_get_subkey_fingerprint(gnutls_openpgp_privkey_t key,
+ unsigned int idx,
+ void *fpr, size_t * fprlen)
{
- cdk_packet_t pkt;
- cdk_pkt_pubkey_t pk = NULL;
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
- if (!fpr || !fprlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!fpr || !fprlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_privkey_get_fingerprint(key, fpr, fprlen);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_privkey_get_fingerprint(key, fpr,
+ fprlen);
- *fprlen = 0;
+ *fprlen = 0;
- pkt = _get_secret_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_secret_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- pk = pkt->pkt.secret_key->pk;
- *fprlen = 20;
+ pk = pkt->pkt.secret_key->pk;
+ *fprlen = 20;
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- *fprlen = 16;
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
- cdk_pk_get_fingerprint (pk, fpr);
+ cdk_pk_get_fingerprint(pk, fpr);
- return 0;
+ return 0;
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
- uint32_t * keyid /*[2] */ ,
- gnutls_pk_params_st * params)
+_gnutls_openpgp_privkey_get_mpis(gnutls_openpgp_privkey_t pkey,
+ uint32_t * keyid /*[2] */ ,
+ gnutls_pk_params_st * params)
{
- int result;
- unsigned int i, pk_algorithm;
- cdk_packet_t pkt;
- unsigned total;
-
- gnutls_pk_params_init(params);
-
- if (keyid == NULL)
- pkt = cdk_kbnode_find_packet (pkey->knode, CDK_PKT_SECRET_KEY);
- else
- pkt = _gnutls_openpgp_find_key (pkey->knode, keyid, 1);
-
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm =
- _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
-
- switch (pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- /* openpgp does not hold all parameters as in PKCS #1
- */
- total = RSA_PRIVATE_PARAMS - 2;
- break;
- case GNUTLS_PK_DSA:
- total = DSA_PRIVATE_PARAMS;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- for (i = 0; i < total; i++)
- {
- result = _gnutls_read_pgp_mpi (pkt, 1, i, &params->params[i]);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- params->params_nr++;
- }
-
- /* fixup will generate exp1 and exp2 that are not
- * available here.
- */
- result = _gnutls_pk_fixup (pk_algorithm, GNUTLS_IMPORT, params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- return 0;
-
-error:
- gnutls_pk_params_clear(params);
- gnutls_pk_params_release(params);
-
- return result;
+ int result;
+ unsigned int i, pk_algorithm;
+ cdk_packet_t pkt;
+ unsigned total;
+
+ gnutls_pk_params_init(params);
+
+ if (keyid == NULL)
+ pkt =
+ cdk_kbnode_find_packet(pkey->knode,
+ CDK_PKT_SECRET_KEY);
+ else
+ pkt = _gnutls_openpgp_find_key(pkey->knode, keyid, 1);
+
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo);
+
+ switch (pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ /* openpgp does not hold all parameters as in PKCS #1
+ */
+ total = RSA_PRIVATE_PARAMS - 2;
+ break;
+ case GNUTLS_PK_DSA:
+ total = DSA_PRIVATE_PARAMS;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ for (i = 0; i < total; i++) {
+ result =
+ _gnutls_read_pgp_mpi(pkt, 1, i, &params->params[i]);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ params->params_nr++;
+ }
+
+ /* fixup will generate exp1 and exp2 that are not
+ * available here.
+ */
+ result = _gnutls_pk_fixup(pk_algorithm, GNUTLS_IMPORT, params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ gnutls_pk_params_clear(params);
+ gnutls_pk_params_release(params);
+
+ return result;
}
/* The internal version of export
*/
static int
-_get_sk_rsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+_get_sk_rsa_raw(gnutls_openpgp_privkey_t pkey,
+ gnutls_openpgp_keyid_t keyid, gnutls_datum_t * m,
+ gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
{
- int pk_algorithm, ret;
- cdk_packet_t pkt;
- uint32_t kid32[2];
- gnutls_pk_params_st params;
-
- if (pkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- KEYID_IMPORT (kid32, keyid);
-
- pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm =
- _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
-
- if (pk_algorithm != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint (params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[2], d);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- _gnutls_free_datum (e);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[3], p);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- _gnutls_free_datum (e);
- _gnutls_free_datum (d);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[4], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- _gnutls_free_datum (e);
- _gnutls_free_datum (d);
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[5], u);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (q);
- _gnutls_free_datum (m);
- _gnutls_free_datum (e);
- _gnutls_free_datum (d);
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_clear(&params);
- gnutls_pk_params_release(&params);
- return ret;
+ int pk_algorithm, ret;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ gnutls_pk_params_st params;
+
+ if (pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT(kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key(pkey->knode, kid32, 1);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_privkey_get_mpis(pkey, kid32, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[2], d);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[3], p);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(d);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[4], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[5], u);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(q);
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&params);
+ gnutls_pk_params_release(&params);
+ return ret;
}
static int
-_get_sk_dsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x)
+_get_sk_dsa_raw(gnutls_openpgp_privkey_t pkey,
+ gnutls_openpgp_keyid_t keyid, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- int pk_algorithm, ret;
- cdk_packet_t pkt;
- uint32_t kid32[2];
- gnutls_pk_params_st params;
-
- if (pkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- KEYID_IMPORT (kid32, keyid);
-
- pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm =
- _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
-
- if (pk_algorithm != GNUTLS_PK_DSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint (params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint (params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint (params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint (params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[4], x);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (y);
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_clear(&params);
- gnutls_pk_params_release(&params);
- return ret;
+ int pk_algorithm, ret;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ gnutls_pk_params_st params;
+
+ if (pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT(kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key(pkey->knode, kid32, 1);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_privkey_get_mpis(pkey, kid32, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint(params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint(params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint(params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint(params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[4], x);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(y);
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&params);
+ gnutls_pk_params_release(&params);
+ return ret;
}
@@ -1090,22 +1058,24 @@ cleanup:
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+gnutls_openpgp_privkey_export_rsa_raw(gnutls_openpgp_privkey_t pkey,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_sk_rsa_raw (pkey, keyid, m, e, d, p, q, u);
+ return _get_sk_rsa_raw(pkey, keyid, m, e, d, p, q, u);
}
/**
@@ -1126,22 +1096,23 @@ gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y,
- gnutls_datum_t * x)
+gnutls_openpgp_privkey_export_dsa_raw(gnutls_openpgp_privkey_t pkey,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_sk_dsa_raw (pkey, keyid, p, q, g, y, x);
+ return _get_sk_dsa_raw(pkey, keyid, p, q, g, y, x);
}
/**
@@ -1164,29 +1135,29 @@ gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u)
+gnutls_openpgp_privkey_export_subkey_rsa_raw(gnutls_openpgp_privkey_t pkey,
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
-
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
- else
- ret = gnutls_openpgp_privkey_get_subkey_id (pkey, idx, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return _get_sk_rsa_raw (pkey, keyid, m, e, d, p, q, u);
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
+
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid);
+ else
+ ret =
+ gnutls_openpgp_privkey_get_subkey_id(pkey, idx, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return _get_sk_rsa_raw(pkey, keyid, m, e, d, p, q, u);
}
/**
@@ -1208,29 +1179,29 @@ gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x)
+gnutls_openpgp_privkey_export_subkey_dsa_raw(gnutls_openpgp_privkey_t pkey,
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
- else
- ret = gnutls_openpgp_privkey_get_subkey_id (pkey, idx, keyid);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid);
+ else
+ ret =
+ gnutls_openpgp_privkey_get_subkey_id(pkey, idx, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_sk_dsa_raw (pkey, keyid, p, q, g, y, x);
+ return _get_sk_dsa_raw(pkey, keyid, p, q, g, y, x);
}
/**
@@ -1244,21 +1215,22 @@ gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey,
* hasn't been set it returns %GNUTLS_E_INVALID_REQUEST.
**/
int
-gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_privkey_get_preferred_key_id(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t keyid)
{
- if (!key->preferred_set)
- return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+ if (!key->preferred_set)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+ memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
- return 0;
+ return 0;
}
/**
@@ -1276,45 +1248,43 @@ gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
* otherwise a negative error code is returned.
**/
int
-gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid)
+gnutls_openpgp_privkey_set_preferred_key_id(gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t
+ keyid)
{
- int ret;
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (keyid == NULL) /* set the master as preferred */
- {
- uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret = gnutls_openpgp_privkey_get_key_id (key, tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- key->preferred_set = 1;
- memcpy (key->preferred_keyid, tmp, GNUTLS_OPENPGP_KEYID_SIZE);
-
- return 0;
- }
-
- /* check if the id is valid */
- ret = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
- if (ret < 0)
- {
- _gnutls_debug_log ("the requested subkey does not exist\n");
- gnutls_assert ();
- return ret;
- }
-
- key->preferred_set = 1;
- memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
-
- return 0;
+ int ret;
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (keyid == NULL) { /* set the master as preferred */
+ uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret = gnutls_openpgp_privkey_get_key_id(key, tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ key->preferred_set = 1;
+ memcpy(key->preferred_keyid, tmp,
+ GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+ }
+
+ /* check if the id is valid */
+ ret = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+ if (ret < 0) {
+ _gnutls_debug_log("the requested subkey does not exist\n");
+ gnutls_assert();
+ return ret;
+ }
+
+ key->preferred_set = 1;
+ memcpy(key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
}
/**
@@ -1333,66 +1303,66 @@ gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
* Deprecated: Use gnutls_privkey_sign_hash() instead.
*/
int
-gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- int result;
- gnutls_pk_params_st params;
- int pk_algorithm;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
- if (result == 0)
- {
- uint32_t kid[2];
- int idx;
-
- KEYID_IMPORT (kid, keyid);
-
- _gnutls_hard_log("Signing using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL));
-
- idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
- pk_algorithm =
- gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
- result =
- _gnutls_openpgp_privkey_get_mpis (key, kid, &params);
- }
- else
- {
- _gnutls_hard_log("Signing using master PGP key\n");
-
- pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
- result = _gnutls_openpgp_privkey_get_mpis (key, NULL, &params);
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
-
- result =
- _gnutls_pk_sign (pk_algorithm, signature, hash, &params);
-
- gnutls_pk_params_clear(&params);
- gnutls_pk_params_release(&params);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_pk_params_st params;
+ int pk_algorithm;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ char buf[2 * GNUTLS_OPENPGP_KEYID_SIZE + 1];
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
+ if (result == 0) {
+ uint32_t kid[2];
+ int idx;
+
+ KEYID_IMPORT(kid, keyid);
+
+ _gnutls_hard_log("Signing using PGP key ID %s\n",
+ _gnutls_bin2hex(keyid,
+ GNUTLS_OPENPGP_KEYID_SIZE,
+ buf, sizeof(buf), NULL));
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm(key,
+ idx,
+ NULL);
+ result =
+ _gnutls_openpgp_privkey_get_mpis(key, kid, &params);
+ } else {
+ _gnutls_hard_log("Signing using master PGP key\n");
+
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ result =
+ _gnutls_openpgp_privkey_get_mpis(key, NULL, &params);
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+
+ result = _gnutls_pk_sign(pk_algorithm, signature, hash, &params);
+
+ gnutls_pk_params_clear(&params);
+ gnutls_pk_params_release(&params);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/*-
@@ -1410,61 +1380,66 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
* negative error value.
-*/
int
-_gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+_gnutls_openpgp_privkey_decrypt_data(gnutls_openpgp_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
- int result, i;
- gnutls_pk_params_st params;
- int pk_algorithm;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
+ int result, i;
+ gnutls_pk_params_st params;
+ int pk_algorithm;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ char buf[2 * GNUTLS_OPENPGP_KEYID_SIZE + 1];
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
- if (result == 0)
- {
- uint32_t kid[2];
+ result = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
+ if (result == 0) {
+ uint32_t kid[2];
- KEYID_IMPORT (kid, keyid);
+ KEYID_IMPORT(kid, keyid);
- _gnutls_hard_log("Decrypting using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL));
+ _gnutls_hard_log("Decrypting using PGP key ID %s\n",
+ _gnutls_bin2hex(keyid,
+ GNUTLS_OPENPGP_KEYID_SIZE,
+ buf, sizeof(buf), NULL));
- result = _gnutls_openpgp_privkey_get_mpis (key, kid, &params);
+ result =
+ _gnutls_openpgp_privkey_get_mpis(key, kid, &params);
- i = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+ i = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
- pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL);
- }
- else
- {
- _gnutls_hard_log("Decrypting using master PGP key\n");
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm(key, i,
+ NULL);
+ } else {
+ _gnutls_hard_log("Decrypting using master PGP key\n");
- pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
- result = _gnutls_openpgp_privkey_get_mpis (key, NULL, &params);
+ result =
+ _gnutls_openpgp_privkey_get_mpis(key, NULL, &params);
- }
+ }
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_pk_decrypt (pk_algorithm, plaintext, ciphertext, &params);
+ result =
+ _gnutls_pk_decrypt(pk_algorithm, plaintext, ciphertext,
+ &params);
- gnutls_pk_params_clear(&params);
- gnutls_pk_params_release(&params);
+ gnutls_pk_params_clear(&params);
+ gnutls_pk_params_release(&params);
- if (result < 0)
- return gnutls_assert_val(result);
+ if (result < 0)
+ return gnutls_assert_val(result);
- return 0;
+ return 0;
}
diff --git a/lib/pin.c b/lib/pin.c
index 4c900dfabe..f92332ad90 100644
--- a/lib/pin.c
+++ b/lib/pin.c
@@ -37,11 +37,10 @@ void *_gnutls_pin_data;
* Since: 2.12.0
**/
void
-gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn,
- void *userdata)
+gnutls_pkcs11_set_pin_function(gnutls_pin_callback_t fn, void *userdata)
{
- _gnutls_pin_func = fn;
- _gnutls_pin_data = userdata;
+ _gnutls_pin_func = fn;
+ _gnutls_pin_data = userdata;
}
/**
@@ -55,13 +54,11 @@ gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn,
*
* Since: 3.1.0
**/
-gnutls_pin_callback_t
-gnutls_pkcs11_get_pin_function (void **userdata)
+gnutls_pin_callback_t gnutls_pkcs11_get_pin_function(void **userdata)
{
- if (_gnutls_pin_func != NULL)
- {
- *userdata = _gnutls_pin_data;
- return _gnutls_pin_func;
- }
- return NULL;
+ if (_gnutls_pin_func != NULL) {
+ *userdata = _gnutls_pin_data;
+ return _gnutls_pin_func;
+ }
+ return NULL;
}
diff --git a/lib/pin.h b/lib/pin.h
index d75b0f6fc7..914197873c 100644
--- a/lib/pin.h
+++ b/lib/pin.h
@@ -4,4 +4,4 @@
extern gnutls_pin_callback_t _gnutls_pin_func;
extern void *_gnutls_pin_data;
-#endif /* PIN_H */
+#endif /* PIN_H */
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 3464bc8e6b..66b572d287 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -41,30 +41,26 @@
#define MAX_CERT_SIZE 8*1024
#define MAX_SLOTS 48
-struct gnutls_pkcs11_provider_s
-{
- struct ck_function_list *module;
- struct ck_info info;
+struct gnutls_pkcs11_provider_s {
+ struct ck_function_list *module;
+ struct ck_info info;
};
-struct flags_find_data_st
-{
- struct p11_kit_uri *info;
- unsigned int slot_flags;
+struct flags_find_data_st {
+ struct p11_kit_uri *info;
+ unsigned int slot_flags;
};
-struct url_find_data_st
-{
- gnutls_pkcs11_obj_t crt;
+struct url_find_data_st {
+ gnutls_pkcs11_obj_t crt;
};
-struct crt_find_data_st
-{
- gnutls_pkcs11_obj_t *p_list;
- unsigned int *n_list;
- unsigned int current;
- gnutls_pkcs11_obj_attr_t flags;
- struct p11_kit_uri *info;
+struct crt_find_data_st {
+ gnutls_pkcs11_obj_t *p_list;
+ unsigned int *n_list;
+ unsigned int current;
+ gnutls_pkcs11_obj_attr_t flags;
+ struct p11_kit_uri *info;
};
@@ -74,141 +70,135 @@ static unsigned int active_providers = 0;
gnutls_pkcs11_token_callback_t _gnutls_token_func;
void *_gnutls_token_data;
-int
-pkcs11_rv_to_err (ck_rv_t rv)
-{
- switch (rv)
- {
- case CKR_OK:
- return 0;
- case CKR_HOST_MEMORY:
- return GNUTLS_E_MEMORY_ERROR;
- case CKR_SLOT_ID_INVALID:
- return GNUTLS_E_PKCS11_SLOT_ERROR;
- case CKR_ARGUMENTS_BAD:
- case CKR_MECHANISM_PARAM_INVALID:
- return GNUTLS_E_INVALID_REQUEST;
- case CKR_NEED_TO_CREATE_THREADS:
- case CKR_CANT_LOCK:
- case CKR_FUNCTION_NOT_PARALLEL:
- case CKR_MUTEX_BAD:
- case CKR_MUTEX_NOT_LOCKED:
- return GNUTLS_E_LOCKING_ERROR;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR;
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- return GNUTLS_E_PKCS11_DEVICE_ERROR;
- case CKR_DATA_INVALID:
- case CKR_DATA_LEN_RANGE:
- case CKR_ENCRYPTED_DATA_INVALID:
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- case CKR_OBJECT_HANDLE_INVALID:
- return GNUTLS_E_PKCS11_DATA_ERROR;
- case CKR_FUNCTION_NOT_SUPPORTED:
- case CKR_MECHANISM_INVALID:
- return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR;
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_KEY_NOT_NEEDED:
- case CKR_KEY_CHANGED:
- case CKR_KEY_NEEDED:
- case CKR_KEY_INDIGESTIBLE:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_NOT_WRAPPABLE:
- case CKR_KEY_UNEXTRACTABLE:
- return GNUTLS_E_PKCS11_KEY_ERROR;
- case CKR_PIN_INCORRECT:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- return GNUTLS_E_PKCS11_PIN_ERROR;
- case CKR_PIN_EXPIRED:
- return GNUTLS_E_PKCS11_PIN_EXPIRED;
- case CKR_PIN_LOCKED:
- return GNUTLS_E_PKCS11_PIN_LOCKED;
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_COUNT:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
- case CKR_SESSION_READ_ONLY:
- case CKR_SESSION_EXISTS:
- case CKR_SESSION_READ_ONLY_EXISTS:
- case CKR_SESSION_READ_WRITE_SO_EXISTS:
- return GNUTLS_E_PKCS11_SESSION_ERROR;
- case CKR_SIGNATURE_INVALID:
- case CKR_SIGNATURE_LEN_RANGE:
- return GNUTLS_E_PKCS11_SIGNATURE_ERROR;
- case CKR_TOKEN_NOT_PRESENT:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- return GNUTLS_E_PKCS11_TOKEN_ERROR;
- case CKR_USER_ALREADY_LOGGED_IN:
- case CKR_USER_NOT_LOGGED_IN:
- case CKR_USER_PIN_NOT_INITIALIZED:
- case CKR_USER_TYPE_INVALID:
- case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
- case CKR_USER_TOO_MANY_TYPES:
- return GNUTLS_E_PKCS11_USER_ERROR;
- case CKR_BUFFER_TOO_SMALL:
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- default:
- return GNUTLS_E_PKCS11_ERROR;
- }
-}
-
-
-static int scan_slots(struct gnutls_pkcs11_provider_s * p, ck_slot_id_t *slots,
- unsigned long *nslots)
-{
-ck_rv_t rv;
-
- rv = pkcs11_get_slot_list(p->module, 1, slots, nslots);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err(rv);
- }
- return 0;
+int pkcs11_rv_to_err(ck_rv_t rv)
+{
+ switch (rv) {
+ case CKR_OK:
+ return 0;
+ case CKR_HOST_MEMORY:
+ return GNUTLS_E_MEMORY_ERROR;
+ case CKR_SLOT_ID_INVALID:
+ return GNUTLS_E_PKCS11_SLOT_ERROR;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_MECHANISM_PARAM_INVALID:
+ return GNUTLS_E_INVALID_REQUEST;
+ case CKR_NEED_TO_CREATE_THREADS:
+ case CKR_CANT_LOCK:
+ case CKR_FUNCTION_NOT_PARALLEL:
+ case CKR_MUTEX_BAD:
+ case CKR_MUTEX_NOT_LOCKED:
+ return GNUTLS_E_LOCKING_ERROR;
+ case CKR_ATTRIBUTE_READ_ONLY:
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR;
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_DEVICE_REMOVED:
+ return GNUTLS_E_PKCS11_DEVICE_ERROR;
+ case CKR_DATA_INVALID:
+ case CKR_DATA_LEN_RANGE:
+ case CKR_ENCRYPTED_DATA_INVALID:
+ case CKR_ENCRYPTED_DATA_LEN_RANGE:
+ case CKR_OBJECT_HANDLE_INVALID:
+ return GNUTLS_E_PKCS11_DATA_ERROR;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_MECHANISM_INVALID:
+ return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR;
+ case CKR_KEY_HANDLE_INVALID:
+ case CKR_KEY_SIZE_RANGE:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ case CKR_KEY_NOT_NEEDED:
+ case CKR_KEY_CHANGED:
+ case CKR_KEY_NEEDED:
+ case CKR_KEY_INDIGESTIBLE:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_NOT_WRAPPABLE:
+ case CKR_KEY_UNEXTRACTABLE:
+ return GNUTLS_E_PKCS11_KEY_ERROR;
+ case CKR_PIN_INCORRECT:
+ case CKR_PIN_INVALID:
+ case CKR_PIN_LEN_RANGE:
+ return GNUTLS_E_PKCS11_PIN_ERROR;
+ case CKR_PIN_EXPIRED:
+ return GNUTLS_E_PKCS11_PIN_EXPIRED;
+ case CKR_PIN_LOCKED:
+ return GNUTLS_E_PKCS11_PIN_LOCKED;
+ case CKR_SESSION_CLOSED:
+ case CKR_SESSION_COUNT:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_SESSION_EXISTS:
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ return GNUTLS_E_PKCS11_SESSION_ERROR;
+ case CKR_SIGNATURE_INVALID:
+ case CKR_SIGNATURE_LEN_RANGE:
+ return GNUTLS_E_PKCS11_SIGNATURE_ERROR;
+ case CKR_TOKEN_NOT_PRESENT:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ return GNUTLS_E_PKCS11_TOKEN_ERROR;
+ case CKR_USER_ALREADY_LOGGED_IN:
+ case CKR_USER_NOT_LOGGED_IN:
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ case CKR_USER_TYPE_INVALID:
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ case CKR_USER_TOO_MANY_TYPES:
+ return GNUTLS_E_PKCS11_USER_ERROR;
+ case CKR_BUFFER_TOO_SMALL:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ default:
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+}
+
+
+static int scan_slots(struct gnutls_pkcs11_provider_s *p,
+ ck_slot_id_t * slots, unsigned long *nslots)
+{
+ ck_rv_t rv;
+
+ rv = pkcs11_get_slot_list(p->module, 1, slots, nslots);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
+ return 0;
}
static int
-pkcs11_add_module (const char *name, struct ck_function_list *module)
+pkcs11_add_module(const char *name, struct ck_function_list *module)
{
- struct ck_info info;
- unsigned int i;
+ struct ck_info info;
+ unsigned int i;
- if (active_providers >= MAX_PROVIDERS)
- {
- gnutls_assert ();
- return GNUTLS_E_CONSTRAINT_ERROR;
- }
+ if (active_providers >= MAX_PROVIDERS) {
+ gnutls_assert();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
- /* initially check if this module is a duplicate */
- memset(&info, 0, sizeof(info));
- pkcs11_get_module_info (module, &info);
- for (i=0;i<active_providers;i++)
- {
- /* already loaded, skip the rest */
- if (memcmp(&info, &providers[i].info, sizeof(info)) == 0)
- {
- _gnutls_debug_log("%s is already loaded.\n", name);
- return GNUTLS_E_INT_RET_0;
- }
- }
+ /* initially check if this module is a duplicate */
+ memset(&info, 0, sizeof(info));
+ pkcs11_get_module_info(module, &info);
+ for (i = 0; i < active_providers; i++) {
+ /* already loaded, skip the rest */
+ if (memcmp(&info, &providers[i].info, sizeof(info)) == 0) {
+ _gnutls_debug_log("%s is already loaded.\n", name);
+ return GNUTLS_E_INT_RET_0;
+ }
+ }
- active_providers++;
- providers[active_providers - 1].module = module;
+ active_providers++;
+ providers[active_providers - 1].module = module;
- memcpy (&providers[active_providers - 1].info, &info, sizeof(info));
+ memcpy(&providers[active_providers - 1].info, &info, sizeof(info));
- _gnutls_debug_log ("p11: loaded provider '%s'\n", name);
+ _gnutls_debug_log("p11: loaded provider '%s'\n", name);
- return 0;
+ return 0;
}
@@ -226,38 +216,36 @@ pkcs11_add_module (const char *name, struct ck_function_list *module)
*
* Since: 2.12.0
**/
-int
-gnutls_pkcs11_add_provider (const char *name, const char *params)
+int gnutls_pkcs11_add_provider(const char *name, const char *params)
{
- struct ck_function_list *module;
- int ret;
+ struct ck_function_list *module;
+ int ret;
- module = p11_kit_module_load (name, P11_KIT_MODULE_CRITICAL);
- if (module == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("p11: Cannot load provider %s\n", name);
- return GNUTLS_E_PKCS11_LOAD_ERROR;
- }
+ module = p11_kit_module_load(name, P11_KIT_MODULE_CRITICAL);
+ if (module == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("p11: Cannot load provider %s\n", name);
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+ }
- if (p11_kit_module_initialize (module) != CKR_OK)
- {
- p11_kit_module_release (module);
- gnutls_assert ();
- _gnutls_debug_log ("p11: Cannot initialize provider %s\n", name);
- return GNUTLS_E_PKCS11_LOAD_ERROR;
- }
+ if (p11_kit_module_initialize(module) != CKR_OK) {
+ p11_kit_module_release(module);
+ gnutls_assert();
+ _gnutls_debug_log("p11: Cannot initialize provider %s\n",
+ name);
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+ }
- ret = pkcs11_add_module (name, module);
- if (ret != 0)
- {
- if (ret == GNUTLS_E_INT_RET_0) ret = 0;
- p11_kit_module_finalize (module);
- p11_kit_module_release (module);
- gnutls_assert ();
- }
+ ret = pkcs11_add_module(name, module);
+ if (ret != 0) {
+ if (ret == GNUTLS_E_INT_RET_0)
+ ret = 0;
+ p11_kit_module_finalize(module);
+ p11_kit_module_release(module);
+ gnutls_assert();
+ }
- return ret;
+ return ret;
}
@@ -278,217 +266,205 @@ gnutls_pkcs11_add_provider (const char *name, const char *params)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size)
+gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
{
- return pkcs11_get_info (crt->info, itype, output, output_size);
+ return pkcs11_get_info(crt->info, itype, output, output_size);
}
int
-pkcs11_get_info (struct p11_kit_uri *info,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size)
-{
- struct ck_attribute *attr = NULL;
- struct ck_version *version = NULL;
- const uint8_t *str = NULL;
- size_t str_max = 0;
- int terminate = 0;
- int hexify = 0;
- size_t length = 0;
- const char *data = NULL;
- char buf[32];
-
- /*
- * Either attr, str or version is valid by the time switch
- * finishes
- */
-
- switch (itype)
- {
- case GNUTLS_PKCS11_OBJ_ID:
- attr = p11_kit_uri_get_attribute (info, CKA_ID);
- break;
- case GNUTLS_PKCS11_OBJ_ID_HEX:
- attr = p11_kit_uri_get_attribute (info, CKA_ID);
- hexify = 1;
- terminate = 1;
- break;
- case GNUTLS_PKCS11_OBJ_LABEL:
- attr = p11_kit_uri_get_attribute (info, CKA_LABEL);
- terminate = 1;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_LABEL:
- str = p11_kit_uri_get_token_info (info)->label;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL:
- str = p11_kit_uri_get_token_info (info)->serial_number;
- str_max = 16;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER:
- str = p11_kit_uri_get_token_info (info)->manufacturer_id;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_MODEL:
- str = p11_kit_uri_get_token_info (info)->model;
- str_max = 16;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION:
- str = p11_kit_uri_get_module_info (info)->library_description;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION:
- version = &p11_kit_uri_get_module_info (info)->library_version;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER:
- str = p11_kit_uri_get_module_info (info)->manufacturer_id;
- str_max = 32;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (attr != NULL)
- {
- data = attr->value;
- length = attr->value_len;
- }
- else if (str != NULL)
- {
- data = (void*)str;
- length = p11_kit_space_strlen (str, str_max);
- terminate = 1;
- }
- else if (version != NULL)
- {
- data = buf;
- length = snprintf (buf, sizeof (buf), "%d.%d", (int)version->major,
- (int)version->minor);
- terminate = 1;
- }
- else
- {
- *output_size = 0;
- if (output) ((uint8_t*)output)[0] = 0;
- return 0;
- }
-
- if (hexify)
- {
- /* terminate is assumed with hexify */
- if (*output_size < length * 3)
- {
- *output_size = length * 3;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- if (output)
- _gnutls_bin2hex (data, length, output, *output_size, ":");
- *output_size = length * 3;
- return 0;
- }
- else
- {
- if (*output_size < length + terminate)
- {
- *output_size = length + terminate;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- if (output)
- {
- memcpy (output, data, length);
- if (terminate)
- ((unsigned char*)output)[length] = '\0';
- }
- *output_size = length + terminate;
- }
-
- return 0;
+pkcs11_get_info(struct p11_kit_uri *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size)
+{
+ struct ck_attribute *attr = NULL;
+ struct ck_version *version = NULL;
+ const uint8_t *str = NULL;
+ size_t str_max = 0;
+ int terminate = 0;
+ int hexify = 0;
+ size_t length = 0;
+ const char *data = NULL;
+ char buf[32];
+
+ /*
+ * Either attr, str or version is valid by the time switch
+ * finishes
+ */
+
+ switch (itype) {
+ case GNUTLS_PKCS11_OBJ_ID:
+ attr = p11_kit_uri_get_attribute(info, CKA_ID);
+ break;
+ case GNUTLS_PKCS11_OBJ_ID_HEX:
+ attr = p11_kit_uri_get_attribute(info, CKA_ID);
+ hexify = 1;
+ terminate = 1;
+ break;
+ case GNUTLS_PKCS11_OBJ_LABEL:
+ attr = p11_kit_uri_get_attribute(info, CKA_LABEL);
+ terminate = 1;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_LABEL:
+ str = p11_kit_uri_get_token_info(info)->label;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL:
+ str = p11_kit_uri_get_token_info(info)->serial_number;
+ str_max = 16;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER:
+ str = p11_kit_uri_get_token_info(info)->manufacturer_id;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_MODEL:
+ str = p11_kit_uri_get_token_info(info)->model;
+ str_max = 16;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION:
+ str =
+ p11_kit_uri_get_module_info(info)->library_description;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION:
+ version =
+ &p11_kit_uri_get_module_info(info)->library_version;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER:
+ str = p11_kit_uri_get_module_info(info)->manufacturer_id;
+ str_max = 32;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (attr != NULL) {
+ data = attr->value;
+ length = attr->value_len;
+ } else if (str != NULL) {
+ data = (void *) str;
+ length = p11_kit_space_strlen(str, str_max);
+ terminate = 1;
+ } else if (version != NULL) {
+ data = buf;
+ length =
+ snprintf(buf, sizeof(buf), "%d.%d",
+ (int) version->major, (int) version->minor);
+ terminate = 1;
+ } else {
+ *output_size = 0;
+ if (output)
+ ((uint8_t *) output)[0] = 0;
+ return 0;
+ }
+
+ if (hexify) {
+ /* terminate is assumed with hexify */
+ if (*output_size < length * 3) {
+ *output_size = length * 3;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ if (output)
+ _gnutls_bin2hex(data, length, output, *output_size,
+ ":");
+ *output_size = length * 3;
+ return 0;
+ } else {
+ if (*output_size < length + terminate) {
+ *output_size = length + terminate;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ if (output) {
+ memcpy(output, data, length);
+ if (terminate)
+ ((unsigned char *) output)[length] = '\0';
+ }
+ *output_size = length + terminate;
+ }
+
+ return 0;
}
static int init = 0;
/* tries to load modules from /etc/gnutls/pkcs11.conf if it exists
*/
-static void _pkcs11_compat_init(const char* configfile)
-{
-FILE *fp;
-int ret;
-char line[512];
-const char *library;
-
- if (configfile == NULL)
- configfile = "/etc/gnutls/pkcs11.conf";
-
- fp = fopen (configfile, "r");
- if (fp == NULL)
- {
- gnutls_assert ();
- return;
- }
-
- _gnutls_debug_log ("Loading PKCS #11 libraries from %s\n", configfile);
- while (fgets (line, sizeof (line), fp) != NULL)
- {
- if (strncmp (line, "load", sizeof ("load") - 1) == 0)
- {
- char *p;
- p = strchr (line, '=');
- if (p == NULL)
- continue;
-
- library = ++p;
- p = strchr (line, '\n');
- if (p != NULL)
- *p = 0;
-
- ret = gnutls_pkcs11_add_provider (library, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot load provider: %s\n", library);
- continue;
- }
- }
- }
- fclose(fp);
-
- return;
-}
-
-static int
-initialize_automatic_p11_kit (void)
-{
- struct ck_function_list **modules;
- char *name;
- int i, ret;
-
- modules = p11_kit_modules_load_and_initialize (0);
- if (modules == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot initialize registered modules: %s\n",
- p11_kit_message ());
- return GNUTLS_E_PKCS11_LOAD_ERROR;
- }
-
- for (i = 0; modules[i] != NULL; i++)
- {
- name = p11_kit_module_get_name (modules[i]);
- ret = pkcs11_add_module (name, modules[i]);
- if (ret != 0 && ret != GNUTLS_E_INT_RET_0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot add registered module: %s\n", name);
- }
- free(name);
- }
-
- /* Shallow free */
- free (modules);
- return 0;
+static void _pkcs11_compat_init(const char *configfile)
+{
+ FILE *fp;
+ int ret;
+ char line[512];
+ const char *library;
+
+ if (configfile == NULL)
+ configfile = "/etc/gnutls/pkcs11.conf";
+
+ fp = fopen(configfile, "r");
+ if (fp == NULL) {
+ gnutls_assert();
+ return;
+ }
+
+ _gnutls_debug_log("Loading PKCS #11 libraries from %s\n",
+ configfile);
+ while (fgets(line, sizeof(line), fp) != NULL) {
+ if (strncmp(line, "load", sizeof("load") - 1) == 0) {
+ char *p;
+ p = strchr(line, '=');
+ if (p == NULL)
+ continue;
+
+ library = ++p;
+ p = strchr(line, '\n');
+ if (p != NULL)
+ *p = 0;
+
+ ret = gnutls_pkcs11_add_provider(library, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot load provider: %s\n",
+ library);
+ continue;
+ }
+ }
+ }
+ fclose(fp);
+
+ return;
+}
+
+static int initialize_automatic_p11_kit(void)
+{
+ struct ck_function_list **modules;
+ char *name;
+ int i, ret;
+
+ modules = p11_kit_modules_load_and_initialize(0);
+ if (modules == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot initialize registered modules: %s\n",
+ p11_kit_message());
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+ }
+
+ for (i = 0; modules[i] != NULL; i++) {
+ name = p11_kit_module_get_name(modules[i]);
+ ret = pkcs11_add_module(name, modules[i]);
+ if (ret != 0 && ret != GNUTLS_E_INT_RET_0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot add registered module: %s\n", name);
+ }
+ free(name);
+ }
+
+ /* Shallow free */
+ free(modules);
+ return 0;
}
/**
@@ -512,33 +488,32 @@ initialize_automatic_p11_kit (void)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file)
+gnutls_pkcs11_init(unsigned int flags, const char *deprecated_config_file)
{
- int ret = 0;
+ int ret = 0;
- if (init != 0)
- {
- init++;
- return 0;
- }
- init++;
+ if (init != 0) {
+ init++;
+ return 0;
+ }
+ init++;
- p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- NULL, NULL);
+ p11_kit_pin_register_callback(P11_KIT_PIN_FALLBACK,
+ p11_kit_pin_file_callback, NULL,
+ NULL);
- if (flags == GNUTLS_PKCS11_FLAG_MANUAL)
- return 0;
- else if (flags == GNUTLS_PKCS11_FLAG_AUTO)
- {
- if (deprecated_config_file == NULL)
- ret = initialize_automatic_p11_kit ();
+ if (flags == GNUTLS_PKCS11_FLAG_MANUAL)
+ return 0;
+ else if (flags == GNUTLS_PKCS11_FLAG_AUTO) {
+ if (deprecated_config_file == NULL)
+ ret = initialize_automatic_p11_kit();
- _pkcs11_compat_init(deprecated_config_file);
+ _pkcs11_compat_init(deprecated_config_file);
- return ret;
- }
-
- return 0;
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -553,23 +528,24 @@ gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file)
*
* Since: 3.0
**/
-int gnutls_pkcs11_reinit (void)
+int gnutls_pkcs11_reinit(void)
{
- unsigned i;
- ck_rv_t rv;
+ unsigned i;
+ ck_rv_t rv;
- for (i = 0; i < active_providers; i++)
- {
- if (providers[i].module != NULL)
- {
- rv = p11_kit_module_initialize (providers[i].module);
- if (rv != CKR_OK)
- _gnutls_debug_log ("Cannot initialize registered module '%s': %s\n",
- providers[i].info.library_description, p11_kit_strerror (rv));
- }
- }
+ for (i = 0; i < active_providers; i++) {
+ if (providers[i].module != NULL) {
+ rv = p11_kit_module_initialize(providers[i].
+ module);
+ if (rv != CKR_OK)
+ _gnutls_debug_log
+ ("Cannot initialize registered module '%s': %s\n",
+ providers[i].info.library_description,
+ p11_kit_strerror(rv));
+ }
+ }
- return 0;
+ return 0;
}
/**
@@ -579,31 +555,28 @@ int gnutls_pkcs11_reinit (void)
*
* Since: 2.12.0
**/
-void
-gnutls_pkcs11_deinit (void)
-{
- unsigned int i;
-
- init--;
- if (init > 0)
- return;
- if (init < 0)
- {
- init = 0;
- return;
- }
-
- for (i = 0; i < active_providers; i++)
- {
- p11_kit_module_finalize (providers[i].module);
- p11_kit_module_release (providers[i].module);
- }
- active_providers = 0;
-
- gnutls_pkcs11_set_pin_function (NULL, NULL);
- gnutls_pkcs11_set_token_function (NULL, NULL);
- p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- NULL);
+void gnutls_pkcs11_deinit(void)
+{
+ unsigned int i;
+
+ init--;
+ if (init > 0)
+ return;
+ if (init < 0) {
+ init = 0;
+ return;
+ }
+
+ for (i = 0; i < active_providers; i++) {
+ p11_kit_module_finalize(providers[i].module);
+ p11_kit_module_release(providers[i].module);
+ }
+ active_providers = 0;
+
+ gnutls_pkcs11_set_pin_function(NULL, NULL);
+ gnutls_pkcs11_set_token_function(NULL, NULL);
+ p11_kit_pin_unregister_callback(P11_KIT_PIN_FALLBACK,
+ p11_kit_pin_file_callback, NULL);
}
/**
@@ -617,75 +590,70 @@ gnutls_pkcs11_deinit (void)
* Since: 2.12.0
**/
void
-gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
- void *userdata)
+gnutls_pkcs11_set_token_function(gnutls_pkcs11_token_callback_t fn,
+ void *userdata)
{
- _gnutls_token_func = fn;
- _gnutls_token_data = userdata;
+ _gnutls_token_func = fn;
+ _gnutls_token_data = userdata;
}
-int
-pkcs11_url_to_info (const char *url, struct p11_kit_uri **info)
-{
- int allocated = 0;
- int ret;
-
- if (*info == NULL)
- {
- *info = p11_kit_uri_new ();
- if (*info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- allocated = 1;
- }
-
- ret = p11_kit_uri_parse (url, P11_KIT_URI_FOR_ANY, *info);
- if (ret < 0)
- {
- if (allocated)
- {
- p11_kit_uri_free (*info);
- *info = NULL;
- }
- gnutls_assert ();
- return ret == P11_KIT_URI_NO_MEMORY ?
- GNUTLS_E_MEMORY_ERROR : GNUTLS_E_PARSING_ERROR;
- }
-
- return 0;
+int pkcs11_url_to_info(const char *url, struct p11_kit_uri **info)
+{
+ int allocated = 0;
+ int ret;
+
+ if (*info == NULL) {
+ *info = p11_kit_uri_new();
+ if (*info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ allocated = 1;
+ }
+
+ ret = p11_kit_uri_parse(url, P11_KIT_URI_FOR_ANY, *info);
+ if (ret < 0) {
+ if (allocated) {
+ p11_kit_uri_free(*info);
+ *info = NULL;
+ }
+ gnutls_assert();
+ return ret == P11_KIT_URI_NO_MEMORY ?
+ GNUTLS_E_MEMORY_ERROR : GNUTLS_E_PARSING_ERROR;
+ }
+
+ return 0;
}
int
-pkcs11_info_to_url (struct p11_kit_uri *info,
- gnutls_pkcs11_url_type_t detailed, char **url)
-{
- p11_kit_uri_type_t type = 0;
- int ret;
-
- switch (detailed)
- {
- case GNUTLS_PKCS11_URL_GENERIC:
- type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN;
- break;
- case GNUTLS_PKCS11_URL_LIB:
- type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE;
- break;
- case GNUTLS_PKCS11_URL_LIB_VERSION:
- type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE | P11_KIT_URI_FOR_MODULE_WITH_VERSION;
- break;
- }
-
- ret = p11_kit_uri_format (info, type, url);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret == P11_KIT_URI_NO_MEMORY ?
- GNUTLS_E_MEMORY_ERROR : GNUTLS_E_INTERNAL_ERROR;
- }
-
- return 0;
+pkcs11_info_to_url(struct p11_kit_uri *info,
+ gnutls_pkcs11_url_type_t detailed, char **url)
+{
+ p11_kit_uri_type_t type = 0;
+ int ret;
+
+ switch (detailed) {
+ case GNUTLS_PKCS11_URL_GENERIC:
+ type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN;
+ break;
+ case GNUTLS_PKCS11_URL_LIB:
+ type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE;
+ break;
+ case GNUTLS_PKCS11_URL_LIB_VERSION:
+ type =
+ P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE |
+ P11_KIT_URI_FOR_MODULE_WITH_VERSION;
+ break;
+ }
+
+ ret = p11_kit_uri_format(info, type, url);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret == P11_KIT_URI_NO_MEMORY ?
+ GNUTLS_E_MEMORY_ERROR : GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return 0;
}
/**
@@ -699,25 +667,22 @@ pkcs11_info_to_url (struct p11_kit_uri *info,
*
* Since: 2.12.0
**/
-int
-gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj)
+int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj)
{
- *obj = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_obj_st));
- if (*obj == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ *obj = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_obj_st));
+ if (*obj == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- (*obj)->info = p11_kit_uri_new ();
- if ((*obj)->info == NULL)
- {
- free (*obj);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ (*obj)->info = p11_kit_uri_new();
+ if ((*obj)->info == NULL) {
+ free(*obj);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
/**
@@ -733,12 +698,12 @@ gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj)
* Since: 3.1.0
**/
void
-gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj,
- gnutls_pin_callback_t fn,
- void *userdata)
+gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- obj->pin.cb = fn;
- obj->pin.data = userdata;
+ obj->pin.cb = fn;
+ obj->pin.data = userdata;
}
/**
@@ -749,12 +714,11 @@ gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj,
*
* Since: 2.12.0
**/
-void
-gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj)
+void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t obj)
{
- _gnutls_free_datum (&obj->raw);
- p11_kit_uri_free (obj->info);
- free (obj);
+ _gnutls_free_datum(&obj->raw);
+ p11_kit_uri_free(obj->info);
+ free(obj);
}
/**
@@ -778,25 +742,23 @@ gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
- void *output_data, size_t * output_data_size)
+gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
+ void *output_data, size_t * output_data_size)
{
- if (obj == NULL || obj->raw.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (obj == NULL || obj->raw.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (output_data == NULL || *output_data_size < obj->raw.size)
- {
- *output_data_size = obj->raw.size;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *output_data_size = obj->raw.size;
+ if (output_data == NULL || *output_data_size < obj->raw.size) {
+ *output_data_size = obj->raw.size;
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *output_data_size = obj->raw.size;
- memcpy (output_data, obj->raw.data, obj->raw.size);
- return 0;
+ memcpy(output_data, obj->raw.data, obj->raw.size);
+ return 0;
}
/**
@@ -816,740 +778,696 @@ gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
* Since: 3.1.3
**/
int
-gnutls_pkcs11_obj_export2 (gnutls_pkcs11_obj_t obj,
- gnutls_datum_t *out)
+gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj, gnutls_datum_t * out)
{
- if (obj == NULL || obj->raw.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (obj == NULL || obj->raw.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_set_datum(out, obj->raw.data, obj->raw.size);
+ return _gnutls_set_datum(out, obj->raw.data, obj->raw.size);
}
int
-pkcs11_find_slot (struct ck_function_list ** module, ck_slot_id_t * slot,
- struct p11_kit_uri *info, struct token_info *_tinfo)
-{
- unsigned int x, z;
- int ret;
- unsigned long nslots;
- ck_slot_id_t slots[MAX_SLOTS];
-
- for (x = 0; x < active_providers; x++)
- {
- nslots = sizeof(slots)/sizeof(slots[0]);
- ret = scan_slots(&providers[x], slots, &nslots);
- if (ret < 0)
- {
- gnutls_assert();
- continue;
- }
-
- for (z = 0; z < nslots; z++)
- {
- struct token_info tinfo;
-
- if (pkcs11_get_token_info
- (providers[x].module, slots[z], &tinfo.tinfo) != CKR_OK)
- {
- continue;
- }
- tinfo.sid = slots[z];
- tinfo.prov = &providers[x];
-
- if (pkcs11_get_slot_info
- (providers[x].module, slots[z],
- &tinfo.sinfo) != CKR_OK)
- {
- continue;
- }
-
- if (!p11_kit_uri_match_token_info (info, &tinfo.tinfo) ||
- !p11_kit_uri_match_module_info (info, &providers[x].info))
- {
- continue;
- }
-
- /* ok found */
- *module = providers[x].module;
- *slot = slots[z];
-
- if (_tinfo != NULL)
- memcpy (_tinfo, &tinfo, sizeof (tinfo));
-
- return 0;
- }
- }
-
- gnutls_assert ();
- return GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE;
+pkcs11_find_slot(struct ck_function_list **module, ck_slot_id_t * slot,
+ struct p11_kit_uri *info, struct token_info *_tinfo)
+{
+ unsigned int x, z;
+ int ret;
+ unsigned long nslots;
+ ck_slot_id_t slots[MAX_SLOTS];
+
+ for (x = 0; x < active_providers; x++) {
+ nslots = sizeof(slots) / sizeof(slots[0]);
+ ret = scan_slots(&providers[x], slots, &nslots);
+ if (ret < 0) {
+ gnutls_assert();
+ continue;
+ }
+
+ for (z = 0; z < nslots; z++) {
+ struct token_info tinfo;
+
+ if (pkcs11_get_token_info
+ (providers[x].module, slots[z],
+ &tinfo.tinfo) != CKR_OK) {
+ continue;
+ }
+ tinfo.sid = slots[z];
+ tinfo.prov = &providers[x];
+
+ if (pkcs11_get_slot_info
+ (providers[x].module, slots[z],
+ &tinfo.sinfo) != CKR_OK) {
+ continue;
+ }
+
+ if (!p11_kit_uri_match_token_info
+ (info, &tinfo.tinfo)
+ || !p11_kit_uri_match_module_info(info,
+ &providers
+ [x].info)) {
+ continue;
+ }
+
+ /* ok found */
+ *module = providers[x].module;
+ *slot = slots[z];
+
+ if (_tinfo != NULL)
+ memcpy(_tinfo, &tinfo, sizeof(tinfo));
+
+ return 0;
+ }
+ }
+
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE;
}
int
-pkcs11_open_session (struct pkcs11_session_info *sinfo,
- struct pin_info_st *pin_info,
- struct p11_kit_uri *info,
- unsigned int flags)
-{
- ck_rv_t rv;
- int ret;
- ck_session_handle_t pks = 0;
- struct ck_function_list *module;
- ck_slot_id_t slot;
- struct token_info tinfo;
-
- ret = pkcs11_find_slot (&module, &slot, info, &tinfo);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- rv = (module)->C_OpenSession (slot,
- ((flags & SESSION_WRITE)
- ? CKF_RW_SESSION : 0) |
- CKF_SERIAL_SESSION, NULL, NULL, &pks);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err (rv);
- }
-
- /* ok found */
- sinfo->pks = pks;
- sinfo->module = module;
- sinfo->init = 1;
- memcpy(&sinfo->tinfo, &tinfo.tinfo, sizeof(sinfo->tinfo));
-
- if (flags & SESSION_LOGIN)
- {
- ret = pkcs11_login (sinfo, pin_info, &tinfo, info, (flags & SESSION_SO) ? 1 : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- pkcs11_close_session (sinfo);
- return ret;
- }
- }
-
- return 0;
+pkcs11_open_session(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ struct p11_kit_uri *info, unsigned int flags)
+{
+ ck_rv_t rv;
+ int ret;
+ ck_session_handle_t pks = 0;
+ struct ck_function_list *module;
+ ck_slot_id_t slot;
+ struct token_info tinfo;
+
+ ret = pkcs11_find_slot(&module, &slot, info, &tinfo);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ rv = (module)->C_OpenSession(slot, ((flags & SESSION_WRITE)
+ ? CKF_RW_SESSION : 0) |
+ CKF_SERIAL_SESSION, NULL, NULL, &pks);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
+
+ /* ok found */
+ sinfo->pks = pks;
+ sinfo->module = module;
+ sinfo->init = 1;
+ memcpy(&sinfo->tinfo, &tinfo.tinfo, sizeof(sinfo->tinfo));
+
+ if (flags & SESSION_LOGIN) {
+ ret =
+ pkcs11_login(sinfo, pin_info, &tinfo, info,
+ (flags & SESSION_SO) ? 1 : 0);
+ if (ret < 0) {
+ gnutls_assert();
+ pkcs11_close_session(sinfo);
+ return ret;
+ }
+ }
+
+ return 0;
}
int
-_pkcs11_traverse_tokens (find_func_t find_func, void *input,
- struct p11_kit_uri *info,
- struct pin_info_st *pin_info,
- unsigned int flags)
-{
- ck_rv_t rv;
- unsigned int found = 0, x, z;
- int ret;
- ck_session_handle_t pks = 0;
- struct pkcs11_session_info sinfo;
- struct ck_function_list *module = NULL;
- unsigned long nslots;
- ck_slot_id_t slots[MAX_SLOTS];
-
- for (x = 0; x < active_providers; x++)
- {
- nslots = sizeof(slots)/sizeof(slots[0]);
- ret = scan_slots(&providers[x], slots, &nslots);
- if (ret < 0)
- {
- gnutls_assert();
- continue;
- }
-
- module = providers[x].module;
- for (z = 0; z < nslots; z++)
- {
- struct token_info tinfo;
-
- if (pkcs11_get_token_info (module, slots[z],
- &tinfo.tinfo) != CKR_OK)
- {
- continue;
- }
- tinfo.sid = slots[z];
- tinfo.prov = &providers[x];
-
- if (pkcs11_get_slot_info (module, slots[z],
- &tinfo.sinfo) != CKR_OK)
- {
- continue;
- }
-
- rv = (module)->C_OpenSession (slots[z],
- ((flags & SESSION_WRITE)
- ? CKF_RW_SESSION : 0) |
- CKF_SERIAL_SESSION, NULL, NULL, &pks);
- if (rv != CKR_OK)
- {
- continue;
- }
-
- sinfo.module = module;
- sinfo.pks = pks;
-
- if (flags & SESSION_LOGIN)
- {
- ret = pkcs11_login (&sinfo, pin_info, &tinfo, info, (flags & SESSION_SO) ? 1 : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = find_func (&sinfo, &tinfo, &providers[x].info, input);
-
- if (ret == 0)
- {
- found = 1;
- goto finish;
- }
- else
- {
- pkcs11_close_session (&sinfo);
- pks = 0;
- }
- }
- }
-
-finish:
- /* final call */
-
- if (found == 0)
- {
- if (module)
- {
- sinfo.module = module;
- sinfo.pks = pks;
- ret = find_func (&sinfo, NULL, NULL, input);
- }
- else
- ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- }
- else
- {
- ret = 0;
- }
-
- if (pks != 0 && module != NULL)
- {
- pkcs11_close_session (&sinfo);
- }
-
- return ret;
+_pkcs11_traverse_tokens(find_func_t find_func, void *input,
+ struct p11_kit_uri *info,
+ struct pin_info_st *pin_info, unsigned int flags)
+{
+ ck_rv_t rv;
+ unsigned int found = 0, x, z;
+ int ret;
+ ck_session_handle_t pks = 0;
+ struct pkcs11_session_info sinfo;
+ struct ck_function_list *module = NULL;
+ unsigned long nslots;
+ ck_slot_id_t slots[MAX_SLOTS];
+
+ for (x = 0; x < active_providers; x++) {
+ nslots = sizeof(slots) / sizeof(slots[0]);
+ ret = scan_slots(&providers[x], slots, &nslots);
+ if (ret < 0) {
+ gnutls_assert();
+ continue;
+ }
+
+ module = providers[x].module;
+ for (z = 0; z < nslots; z++) {
+ struct token_info tinfo;
+
+ if (pkcs11_get_token_info(module, slots[z],
+ &tinfo.tinfo) != CKR_OK)
+ {
+ continue;
+ }
+ tinfo.sid = slots[z];
+ tinfo.prov = &providers[x];
+
+ if (pkcs11_get_slot_info(module, slots[z],
+ &tinfo.sinfo) != CKR_OK) {
+ continue;
+ }
+
+ rv = (module)->C_OpenSession(slots[z],
+ ((flags &
+ SESSION_WRITE)
+ ? CKF_RW_SESSION : 0)
+ | CKF_SERIAL_SESSION,
+ NULL, NULL, &pks);
+ if (rv != CKR_OK) {
+ continue;
+ }
+
+ sinfo.module = module;
+ sinfo.pks = pks;
+
+ if (flags & SESSION_LOGIN) {
+ ret =
+ pkcs11_login(&sinfo, pin_info, &tinfo,
+ info,
+ (flags & SESSION_SO) ? 1 :
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ ret =
+ find_func(&sinfo, &tinfo, &providers[x].info,
+ input);
+
+ if (ret == 0) {
+ found = 1;
+ goto finish;
+ } else {
+ pkcs11_close_session(&sinfo);
+ pks = 0;
+ }
+ }
+ }
+
+ finish:
+ /* final call */
+
+ if (found == 0) {
+ if (module) {
+ sinfo.module = module;
+ sinfo.pks = pks;
+ ret = find_func(&sinfo, NULL, NULL, input);
+ } else
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ } else {
+ ret = 0;
+ }
+
+ if (pks != 0 && module != NULL) {
+ pkcs11_close_session(&sinfo);
+ }
+
+ return ret;
}
/* imports an object from a token to a pkcs11_obj_t structure.
*/
static int
-pkcs11_obj_import (ck_object_class_t class, gnutls_pkcs11_obj_t obj,
- const gnutls_datum_t * data,
- const gnutls_datum_t * id,
- const gnutls_datum_t * label,
- struct ck_token_info *tinfo, struct ck_info *lib_info)
-{
- struct ck_attribute attr;
- int ret;
-
- switch (class)
- {
- case CKO_CERTIFICATE:
- obj->type = GNUTLS_PKCS11_OBJ_X509_CRT;
- break;
- case CKO_PUBLIC_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
- break;
- case CKO_PRIVATE_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
- break;
- case CKO_SECRET_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
- break;
- case CKO_DATA:
- obj->type = GNUTLS_PKCS11_OBJ_DATA;
- break;
- default:
- obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
- }
-
- attr.type = CKA_CLASS;
- attr.value = &class;
- attr.value_len = sizeof (class);
- ret = p11_kit_uri_set_attribute (obj->info, &attr);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (data && data->data)
- {
- ret = _gnutls_set_datum (&obj->raw, data->data, data->size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- /* copy the token and library info into the uri */
- memcpy (p11_kit_uri_get_token_info (obj->info), tinfo, sizeof (struct ck_token_info));
- memcpy (p11_kit_uri_get_module_info (obj->info), lib_info, sizeof (struct ck_info));
-
- if (label && label->data)
- {
- attr.type = CKA_LABEL;
- attr.value = label->data;
- attr.value_len = label->size;
- ret = p11_kit_uri_set_attribute (obj->info, &attr);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
-
- if (id && id->data)
- {
- attr.type = CKA_ID;
- attr.value = id->data;
- attr.value_len = id->size;
- ret = p11_kit_uri_set_attribute (obj->info, &attr);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
-
- return 0;
+pkcs11_obj_import(ck_object_class_t class, gnutls_pkcs11_obj_t obj,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo, struct ck_info *lib_info)
+{
+ struct ck_attribute attr;
+ int ret;
+
+ switch (class) {
+ case CKO_CERTIFICATE:
+ obj->type = GNUTLS_PKCS11_OBJ_X509_CRT;
+ break;
+ case CKO_PUBLIC_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
+ break;
+ case CKO_PRIVATE_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
+ break;
+ case CKO_SECRET_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
+ break;
+ case CKO_DATA:
+ obj->type = GNUTLS_PKCS11_OBJ_DATA;
+ break;
+ default:
+ obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
+ }
+
+ attr.type = CKA_CLASS;
+ attr.value = &class;
+ attr.value_len = sizeof(class);
+ ret = p11_kit_uri_set_attribute(obj->info, &attr);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (data && data->data) {
+ ret = _gnutls_set_datum(&obj->raw, data->data, data->size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ /* copy the token and library info into the uri */
+ memcpy(p11_kit_uri_get_token_info(obj->info), tinfo,
+ sizeof(struct ck_token_info));
+ memcpy(p11_kit_uri_get_module_info(obj->info), lib_info,
+ sizeof(struct ck_info));
+
+ if (label && label->data) {
+ attr.type = CKA_LABEL;
+ attr.value = label->data;
+ attr.value_len = label->size;
+ ret = p11_kit_uri_set_attribute(obj->info, &attr);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+
+ if (id && id->data) {
+ attr.type = CKA_ID;
+ attr.value = id->data;
+ attr.value_len = id->size;
+ ret = p11_kit_uri_set_attribute(obj->info, &attr);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+
+ return 0;
}
int pkcs11_read_pubkey(struct ck_function_list *module,
- ck_session_handle_t pks, ck_object_handle_t obj,
- ck_key_type_t key_type, gnutls_datum_t * pubkey)
-{
- struct ck_attribute a[4];
- uint8_t tmp1[2048];
- uint8_t tmp2[2048];
- int ret;
-
- switch (key_type)
- {
- case CKK_RSA:
- a[0].type = CKA_MODULUS;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_PUBLIC_EXPONENT;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
- {
-
- ret =
- _gnutls_set_datum (&pubkey[0],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&pubkey
- [1], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&pubkey[1]);
- _gnutls_free_datum (&pubkey[0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
- break;
- case CKK_DSA:
- a[0].type = CKA_PRIME;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_SUBPRIME;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
- {
- ret =
- _gnutls_set_datum (&pubkey[0],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&pubkey
- [1], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&pubkey[1]);
- _gnutls_free_datum (&pubkey[0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
-
- a[0].type = CKA_BASE;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_VALUE;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
- {
- ret =
- _gnutls_set_datum (&pubkey[2],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&pubkey
- [3], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&pubkey[0]);
- _gnutls_free_datum (&pubkey[1]);
- _gnutls_free_datum (&pubkey[2]);
- _gnutls_free_datum (&pubkey[3]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
- break;
- case CKK_ECDSA:
- a[0].type = CKA_EC_PARAMS;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_EC_POINT;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
- {
- ret =
- _gnutls_set_datum (&pubkey[0],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&pubkey
- [1], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&pubkey[1]);
- _gnutls_free_datum (&pubkey[0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
-
- break;
- default:
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
-
- return 0;
+ ck_session_handle_t pks, ck_object_handle_t obj,
+ ck_key_type_t key_type, gnutls_datum_t * pubkey)
+{
+ struct ck_attribute a[4];
+ uint8_t tmp1[2048];
+ uint8_t tmp2[2048];
+ int ret;
+
+ switch (key_type) {
+ case CKK_RSA:
+ a[0].type = CKA_MODULUS;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof(tmp1);
+ a[1].type = CKA_PUBLIC_EXPONENT;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof(tmp2);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+ CKR_OK) {
+
+ ret =
+ _gnutls_set_datum(&pubkey[0],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum(&pubkey
+ [1], a[1].value,
+ a[1].value_len);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&pubkey[1]);
+ _gnutls_free_datum(&pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ break;
+ case CKK_DSA:
+ a[0].type = CKA_PRIME;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof(tmp1);
+ a[1].type = CKA_SUBPRIME;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof(tmp2);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+ CKR_OK) {
+ ret =
+ _gnutls_set_datum(&pubkey[0], a[0].value,
+ a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum(&pubkey
+ [1], a[1].value,
+ a[1].value_len);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&pubkey[1]);
+ _gnutls_free_datum(&pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ a[0].type = CKA_BASE;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof(tmp1);
+ a[1].type = CKA_VALUE;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof(tmp2);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+ CKR_OK) {
+ ret =
+ _gnutls_set_datum(&pubkey[2], a[0].value,
+ a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum(&pubkey
+ [3], a[1].value,
+ a[1].value_len);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&pubkey[0]);
+ _gnutls_free_datum(&pubkey[1]);
+ _gnutls_free_datum(&pubkey[2]);
+ _gnutls_free_datum(&pubkey[3]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ break;
+ case CKK_ECDSA:
+ a[0].type = CKA_EC_PARAMS;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof(tmp1);
+ a[1].type = CKA_EC_POINT;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof(tmp2);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+ CKR_OK) {
+ ret =
+ _gnutls_set_datum(&pubkey[0], a[0].value,
+ a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum(&pubkey
+ [1], a[1].value,
+ a[1].value_len);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&pubkey[1]);
+ _gnutls_free_datum(&pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ return 0;
}
static int
-pkcs11_obj_import_pubkey (struct ck_function_list *module,
- ck_session_handle_t pks,
- ck_object_handle_t obj,
- gnutls_pkcs11_obj_t crt,
- const gnutls_datum_t * id,
- const gnutls_datum_t * label,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info)
-{
- struct ck_attribute a[4];
- ck_key_type_t key_type;
- int ret;
- ck_bool_t tval;
-
- a[0].type = CKA_KEY_TYPE;
- a[0].value = &key_type;
- a[0].value_len = sizeof (key_type);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- crt->pk_algorithm = mech_to_pk(key_type);
-
- ret = pkcs11_read_pubkey(module, pks, obj, key_type, crt->pubkey);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- /* read key usage flags */
- a[0].type = CKA_ENCRYPT;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
- }
- }
-
- a[0].type = CKA_VERIFY;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
- GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
- | GNUTLS_KEY_NON_REPUDIATION;
- }
- }
-
- a[0].type = CKA_VERIFY_RECOVER;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
- GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
- | GNUTLS_KEY_NON_REPUDIATION;
- }
- }
-
- a[0].type = CKA_DERIVE;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
- }
- }
-
- a[0].type = CKA_WRAP;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
- }
- }
-
- return pkcs11_obj_import (CKO_PUBLIC_KEY, crt, NULL, id, label,
- tinfo, lib_info);
+pkcs11_obj_import_pubkey(struct ck_function_list *module,
+ ck_session_handle_t pks,
+ ck_object_handle_t obj,
+ gnutls_pkcs11_obj_t crt,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
+{
+ struct ck_attribute a[4];
+ ck_key_type_t key_type;
+ int ret;
+ ck_bool_t tval;
+
+ a[0].type = CKA_KEY_TYPE;
+ a[0].value = &key_type;
+ a[0].value_len = sizeof(key_type);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ crt->pk_algorithm = mech_to_pk(key_type);
+
+ ret =
+ pkcs11_read_pubkey(module, pks, obj, key_type,
+ crt->pubkey);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ /* read key usage flags */
+ a[0].type = CKA_ENCRYPT;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
+ }
+ }
+
+ a[0].type = CKA_VERIFY;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
+ }
+
+ a[0].type = CKA_VERIFY_RECOVER;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
+ }
+
+ a[0].type = CKA_DERIVE;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
+ }
+ }
+
+ a[0].type = CKA_WRAP;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ }
+ }
+
+ return pkcs11_obj_import(CKO_PUBLIC_KEY, crt, NULL, id, label,
+ tinfo, lib_info);
}
static int
-find_obj_url (struct pkcs11_session_info *sinfo,
- struct token_info *info, struct ck_info *lib_info, void *input)
-{
- struct url_find_data_st *find_data = input;
- struct ck_attribute a[4];
- struct ck_attribute *attr;
- ck_object_class_t class = -1;
- ck_certificate_type_t type = (ck_certificate_type_t)-1;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, a_vals;
- int found = 0, ret;
- uint8_t *cert_data = NULL;
- char label_tmp[PKCS11_LABEL_SIZE];
- char id_tmp[PKCS11_ID_SIZE];
-
- if (info == NULL)
- { /* we don't support multiple calls */
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (!p11_kit_uri_match_token_info (find_data->crt->info, &info->tinfo) ||
- !p11_kit_uri_match_module_info (find_data->crt->info, lib_info))
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- a_vals = 0;
- attr = p11_kit_uri_get_attribute (find_data->crt->info, CKA_ID);
- if (attr)
- {
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- attr = p11_kit_uri_get_attribute (find_data->crt->info, CKA_LABEL);
- if (attr)
- {
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- if (!a_vals)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* search the token for the id */
-
- cert_data = gnutls_malloc (MAX_CERT_SIZE);
- if (cert_data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Find objects with given class and type */
- attr = p11_kit_uri_get_attribute (find_data->crt->info, CKA_CLASS);
- if (attr)
- {
- if(attr->value && attr->value_len == sizeof (ck_object_class_t))
- class = *((ck_object_class_t*)attr->value);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- if (type != (ck_certificate_type_t)-1)
- {
- a[a_vals].type = CKA_CERTIFICATE_TYPE;
- a[a_vals].value = &type;
- a[a_vals].value_len = sizeof type;
- a_vals++;
- }
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, a_vals);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- a[0].type = CKA_VALUE;
- a[0].value = cert_data;
- a[0].value_len = MAX_CERT_SIZE;
- a[1].type = CKA_LABEL;
- a[1].value = label_tmp;
- a[1].value_len = sizeof (label_tmp);
- a[2].type = CKA_ID;
- a[2].value = id_tmp;
- a[2].value_len = sizeof(id_tmp);
-
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 3) == CKR_OK)
- {
- gnutls_datum_t id = { a[2].value, a[2].value_len };
- gnutls_datum_t data = { a[0].value, a[0].value_len };
- gnutls_datum_t label = { a[1].value, a[1].value_len };
-
- if (class == CKO_PUBLIC_KEY)
- {
- ret =
- pkcs11_obj_import_pubkey (sinfo->module, sinfo->pks, obj,
- find_data->crt,
- &id, &label,
- &info->tinfo, lib_info);
- }
- else
- {
- ret =
- pkcs11_obj_import (class,
- find_data->crt,
- &data, &id, &label,
- &info->tinfo, lib_info);
- }
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- found = 1;
- break;
- }
- else
- {
- _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n");
- }
- }
-
- if (found == 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- ret = 0;
- }
-
-cleanup:
- gnutls_free (cert_data);
- pkcs11_find_objects_final (sinfo);
-
- return ret;
-}
-
-unsigned int
-pkcs11_obj_flags_to_int (unsigned int flags)
-{
- unsigned int ret_flags = 0;
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN)
- ret_flags |= SESSION_LOGIN;
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)
- ret_flags |= SESSION_LOGIN|SESSION_SO;
-
- return ret_flags;
+find_obj_url(struct pkcs11_session_info *sinfo,
+ struct token_info *info, struct ck_info *lib_info,
+ void *input)
+{
+ struct url_find_data_st *find_data = input;
+ struct ck_attribute a[4];
+ struct ck_attribute *attr;
+ ck_object_class_t class = -1;
+ ck_certificate_type_t type = (ck_certificate_type_t) - 1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+ uint8_t *cert_data = NULL;
+ char label_tmp[PKCS11_LABEL_SIZE];
+ char id_tmp[PKCS11_ID_SIZE];
+
+ if (info == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (!p11_kit_uri_match_token_info
+ (find_data->crt->info, &info->tinfo)
+ || !p11_kit_uri_match_module_info(find_data->crt->info,
+ lib_info)) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ a_vals = 0;
+ attr = p11_kit_uri_get_attribute(find_data->crt->info, CKA_ID);
+ if (attr) {
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ attr = p11_kit_uri_get_attribute(find_data->crt->info, CKA_LABEL);
+ if (attr) {
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ if (!a_vals) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* search the token for the id */
+
+ cert_data = gnutls_malloc(MAX_CERT_SIZE);
+ if (cert_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Find objects with given class and type */
+ attr = p11_kit_uri_get_attribute(find_data->crt->info, CKA_CLASS);
+ if (attr) {
+ if (attr->value
+ && attr->value_len == sizeof(ck_object_class_t))
+ class = *((ck_object_class_t *) attr->value);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ if (type != (ck_certificate_type_t) - 1) {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
+ }
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a,
+ a_vals);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ a[0].type = CKA_VALUE;
+ a[0].value = cert_data;
+ a[0].value_len = MAX_CERT_SIZE;
+ a[1].type = CKA_LABEL;
+ a[1].value = label_tmp;
+ a[1].value_len = sizeof(label_tmp);
+ a[2].type = CKA_ID;
+ a[2].value = id_tmp;
+ a[2].value_len = sizeof(id_tmp);
+
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 3) == CKR_OK) {
+ gnutls_datum_t id = { a[2].value, a[2].value_len };
+ gnutls_datum_t data =
+ { a[0].value, a[0].value_len };
+ gnutls_datum_t label =
+ { a[1].value, a[1].value_len };
+
+ if (class == CKO_PUBLIC_KEY) {
+ ret =
+ pkcs11_obj_import_pubkey(sinfo->module,
+ sinfo->pks,
+ obj,
+ find_data->
+ crt, &id,
+ &label,
+ &info->tinfo,
+ lib_info);
+ } else {
+ ret =
+ pkcs11_obj_import(class,
+ find_data->crt,
+ &data, &id, &label,
+ &info->tinfo,
+ lib_info);
+ }
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ found = 1;
+ break;
+ } else {
+ _gnutls_debug_log
+ ("pk11: Skipped cert, missing attrs.\n");
+ }
+ }
+
+ if (found == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ ret = 0;
+ }
+
+ cleanup:
+ gnutls_free(cert_data);
+ pkcs11_find_objects_final(sinfo);
+
+ return ret;
+}
+
+unsigned int pkcs11_obj_flags_to_int(unsigned int flags)
+{
+ unsigned int ret_flags = 0;
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN)
+ ret_flags |= SESSION_LOGIN;
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)
+ ret_flags |= SESSION_LOGIN | SESSION_SO;
+
+ return ret_flags;
}
/**
@@ -1569,67 +1487,65 @@ pkcs11_obj_flags_to_int (unsigned int flags)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t obj, const char *url,
- unsigned int flags)
+gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj, const char *url,
+ unsigned int flags)
{
- int ret;
- struct url_find_data_st find_data;
+ int ret;
+ struct url_find_data_st find_data;
- /* fill in the find data structure */
- find_data.crt = obj;
+ /* fill in the find data structure */
+ find_data.crt = obj;
- ret = pkcs11_url_to_info (url, &obj->info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_url_to_info(url, &obj->info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret =
- _pkcs11_traverse_tokens (find_obj_url, &find_data, obj->info,
- &obj->pin, pkcs11_obj_flags_to_int (flags));
+ ret =
+ _pkcs11_traverse_tokens(find_obj_url, &find_data, obj->info,
+ &obj->pin,
+ pkcs11_obj_flags_to_int(flags));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
-struct token_num
-{
- struct p11_kit_uri *info;
- unsigned int seq; /* which one we are looking for */
- unsigned int current; /* which one are we now */
+struct token_num {
+ struct p11_kit_uri *info;
+ unsigned int seq; /* which one we are looking for */
+ unsigned int current; /* which one are we now */
};
static int
-find_token_num (struct pkcs11_session_info* sinfo,
- struct token_info *tinfo,
- struct ck_info *lib_info, void *input)
+find_token_num(struct pkcs11_session_info *sinfo,
+ struct token_info *tinfo,
+ struct ck_info *lib_info, void *input)
{
- struct token_num *find_data = input;
+ struct token_num *find_data = input;
- if (tinfo == NULL)
- { /* we don't support multiple calls */
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (tinfo == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (find_data->current == find_data->seq)
- {
- memcpy (p11_kit_uri_get_token_info (find_data->info), &tinfo->tinfo, sizeof (struct ck_token_info));
- memcpy (p11_kit_uri_get_module_info (find_data->info), lib_info, sizeof (struct ck_info));
- return 0;
- }
+ if (find_data->current == find_data->seq) {
+ memcpy(p11_kit_uri_get_token_info(find_data->info),
+ &tinfo->tinfo, sizeof(struct ck_token_info));
+ memcpy(p11_kit_uri_get_module_info(find_data->info),
+ lib_info, sizeof(struct ck_info));
+ return 0;
+ }
- find_data->current++;
- /* search the token for the id */
+ find_data->current++;
+ /* search the token for the id */
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
}
/**
@@ -1648,34 +1564,32 @@ find_token_num (struct pkcs11_session_info* sinfo,
* Since: 2.12.0
**/
int
-gnutls_pkcs11_token_get_url (unsigned int seq,
- gnutls_pkcs11_url_type_t detailed, char **url)
+gnutls_pkcs11_token_get_url(unsigned int seq,
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
- int ret;
- struct token_num tn;
+ int ret;
+ struct token_num tn;
- memset (&tn, 0, sizeof (tn));
- tn.seq = seq;
- tn.info = p11_kit_uri_new ();
+ memset(&tn, 0, sizeof(tn));
+ tn.seq = seq;
+ tn.info = p11_kit_uri_new();
- ret = _pkcs11_traverse_tokens (find_token_num, &tn, NULL, NULL, 0);
- if (ret < 0)
- {
- p11_kit_uri_free (tn.info);
- gnutls_assert ();
- return ret;
- }
+ ret = _pkcs11_traverse_tokens(find_token_num, &tn, NULL, NULL, 0);
+ if (ret < 0) {
+ p11_kit_uri_free(tn.info);
+ gnutls_assert();
+ return ret;
+ }
- ret = pkcs11_info_to_url (tn.info, detailed, url);
- p11_kit_uri_free (tn.info);
+ ret = pkcs11_info_to_url(tn.info, detailed, url);
+ p11_kit_uri_free(tn.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -1695,62 +1609,59 @@ gnutls_pkcs11_token_get_url (unsigned int seq,
* Since: 2.12.0
**/
int
-gnutls_pkcs11_token_get_info (const char *url,
- gnutls_pkcs11_token_info_t ttype,
- void *output, size_t * output_size)
-{
- struct p11_kit_uri *info = NULL;
- const uint8_t *str;
- size_t str_max;
- size_t len;
- int ret;
-
- ret = pkcs11_url_to_info (url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- switch (ttype)
- {
- case GNUTLS_PKCS11_TOKEN_LABEL:
- str = p11_kit_uri_get_token_info (info)->label;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_TOKEN_SERIAL:
- str = p11_kit_uri_get_token_info (info)->serial_number;
- str_max = 16;
- break;
- case GNUTLS_PKCS11_TOKEN_MANUFACTURER:
- str = p11_kit_uri_get_token_info (info)->manufacturer_id;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_TOKEN_MODEL:
- str = p11_kit_uri_get_token_info (info)->model;
- str_max = 16;
- break;
- default:
- p11_kit_uri_free (info);
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = p11_kit_space_strlen (str, str_max);
-
- if (len + 1 > *output_size)
- {
- *output_size = len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (output, str, len);
- ((char*)output)[len] = '\0';
-
- *output_size = len;
-
- p11_kit_uri_free (info);
- return 0;
+gnutls_pkcs11_token_get_info(const char *url,
+ gnutls_pkcs11_token_info_t ttype,
+ void *output, size_t * output_size)
+{
+ struct p11_kit_uri *info = NULL;
+ const uint8_t *str;
+ size_t str_max;
+ size_t len;
+ int ret;
+
+ ret = pkcs11_url_to_info(url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ switch (ttype) {
+ case GNUTLS_PKCS11_TOKEN_LABEL:
+ str = p11_kit_uri_get_token_info(info)->label;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_TOKEN_SERIAL:
+ str = p11_kit_uri_get_token_info(info)->serial_number;
+ str_max = 16;
+ break;
+ case GNUTLS_PKCS11_TOKEN_MANUFACTURER:
+ str = p11_kit_uri_get_token_info(info)->manufacturer_id;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_TOKEN_MODEL:
+ str = p11_kit_uri_get_token_info(info)->model;
+ str_max = 16;
+ break;
+ default:
+ p11_kit_uri_free(info);
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = p11_kit_space_strlen(str, str_max);
+
+ if (len + 1 > *output_size) {
+ *output_size = len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy(output, str, len);
+ ((char *) output)[len] = '\0';
+
+ *output_size = len;
+
+ p11_kit_uri_free(info);
+ return 0;
}
/**
@@ -1767,19 +1678,18 @@ gnutls_pkcs11_token_get_info (const char *url,
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
- gnutls_pkcs11_url_type_t detailed, char **url)
+gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t obj,
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
- int ret;
+ int ret;
- ret = pkcs11_info_to_url (obj->info, detailed, url);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_info_to_url(obj->info, detailed, url);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -1794,727 +1704,701 @@ gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
* Since: 2.12.0
**/
gnutls_pkcs11_obj_type_t
-gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj)
+gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t obj)
{
- return obj->type;
+ return obj->type;
}
-struct pkey_list
-{
- gnutls_buffer_st *key_ids;
- size_t key_ids_size;
+struct pkey_list {
+ gnutls_buffer_st *key_ids;
+ size_t key_ids_size;
};
static int
-retrieve_pin_from_source (const char *pinfile, struct ck_token_info *token_info,
- int attempts, ck_user_type_t user_type, struct p11_kit_pin **pin)
-{
- unsigned int flags = 0;
- struct p11_kit_uri *token_uri;
- struct p11_kit_pin *result;
- char *label;
-
- label = p11_kit_space_strdup (token_info->label, sizeof (token_info->label));
- if (label == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- token_uri = p11_kit_uri_new ();
- if (token_uri == NULL)
- {
- free (label);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (p11_kit_uri_get_token_info (token_uri), token_info,
- sizeof (struct ck_token_info));
-
- if (attempts)
- flags |= P11_KIT_PIN_FLAGS_RETRY;
- if (user_type == CKU_USER)
- {
- flags |= P11_KIT_PIN_FLAGS_USER_LOGIN;
- if (token_info->flags & CKF_USER_PIN_COUNT_LOW)
- flags |= P11_KIT_PIN_FLAGS_MANY_TRIES;
- if (token_info->flags & CKF_USER_PIN_FINAL_TRY)
- flags |= P11_KIT_PIN_FLAGS_FINAL_TRY;
- }
- else if (user_type == CKU_SO)
- {
- flags |= P11_KIT_PIN_FLAGS_SO_LOGIN;
- if (token_info->flags & CKF_SO_PIN_COUNT_LOW)
- flags |= P11_KIT_PIN_FLAGS_MANY_TRIES;
- if (token_info->flags & CKF_SO_PIN_FINAL_TRY)
- flags |= P11_KIT_PIN_FLAGS_FINAL_TRY;
- }
- else if (user_type == CKU_CONTEXT_SPECIFIC)
- {
- flags |= P11_KIT_PIN_FLAGS_CONTEXT_LOGIN;
- }
-
- result = p11_kit_pin_request (pinfile, token_uri, label, flags);
- p11_kit_uri_free (token_uri);
- free (label);
-
- if (result == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_PIN_ERROR;
- }
-
- *pin = result;
- return 0;
+retrieve_pin_from_source(const char *pinfile,
+ struct ck_token_info *token_info, int attempts,
+ ck_user_type_t user_type,
+ struct p11_kit_pin **pin)
+{
+ unsigned int flags = 0;
+ struct p11_kit_uri *token_uri;
+ struct p11_kit_pin *result;
+ char *label;
+
+ label =
+ p11_kit_space_strdup(token_info->label,
+ sizeof(token_info->label));
+ if (label == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ token_uri = p11_kit_uri_new();
+ if (token_uri == NULL) {
+ free(label);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(p11_kit_uri_get_token_info(token_uri), token_info,
+ sizeof(struct ck_token_info));
+
+ if (attempts)
+ flags |= P11_KIT_PIN_FLAGS_RETRY;
+ if (user_type == CKU_USER) {
+ flags |= P11_KIT_PIN_FLAGS_USER_LOGIN;
+ if (token_info->flags & CKF_USER_PIN_COUNT_LOW)
+ flags |= P11_KIT_PIN_FLAGS_MANY_TRIES;
+ if (token_info->flags & CKF_USER_PIN_FINAL_TRY)
+ flags |= P11_KIT_PIN_FLAGS_FINAL_TRY;
+ } else if (user_type == CKU_SO) {
+ flags |= P11_KIT_PIN_FLAGS_SO_LOGIN;
+ if (token_info->flags & CKF_SO_PIN_COUNT_LOW)
+ flags |= P11_KIT_PIN_FLAGS_MANY_TRIES;
+ if (token_info->flags & CKF_SO_PIN_FINAL_TRY)
+ flags |= P11_KIT_PIN_FLAGS_FINAL_TRY;
+ } else if (user_type == CKU_CONTEXT_SPECIFIC) {
+ flags |= P11_KIT_PIN_FLAGS_CONTEXT_LOGIN;
+ }
+
+ result = p11_kit_pin_request(pinfile, token_uri, label, flags);
+ p11_kit_uri_free(token_uri);
+ free(label);
+
+ if (result == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_PIN_ERROR;
+ }
+
+ *pin = result;
+ return 0;
}
static int
-retrieve_pin_from_callback (const struct pin_info_st *pin_info,
- struct ck_token_info *token_info,
- int attempts, ck_user_type_t user_type,
- struct p11_kit_pin **pin)
-{
- char pin_value[GNUTLS_PKCS11_MAX_PIN_LEN];
- unsigned int flags = 0;
- char *token_str;
- char *label;
- struct p11_kit_uri *token_uri;
- int ret = 0;
-
- label = p11_kit_space_strdup (token_info->label, sizeof (token_info->label));
- if (label == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- token_uri = p11_kit_uri_new ();
- if (token_uri == NULL)
- {
- free (label);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (p11_kit_uri_get_token_info (token_uri), token_info,
- sizeof (struct ck_token_info));
- ret = pkcs11_info_to_url (token_uri, 1, &token_str);
- p11_kit_uri_free (token_uri);
-
- if (ret < 0)
- {
- free (label);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (user_type == CKU_USER)
- {
- flags |= GNUTLS_PIN_USER;
- if (token_info->flags & CKF_USER_PIN_COUNT_LOW)
- flags |= GNUTLS_PIN_COUNT_LOW;
- if (token_info->flags & CKF_USER_PIN_FINAL_TRY)
- flags |= GNUTLS_PIN_FINAL_TRY;
- }
- else if (user_type == CKU_SO)
- {
- flags |= GNUTLS_PIN_SO;
- if (token_info->flags & CKF_SO_PIN_COUNT_LOW)
- flags |= GNUTLS_PIN_COUNT_LOW;
- if (token_info->flags & CKF_SO_PIN_FINAL_TRY)
- flags |= GNUTLS_PIN_FINAL_TRY;
- }
-
- if (attempts > 0)
- flags |= GNUTLS_PIN_WRONG;
-
- if (pin_info && pin_info->cb)
- ret = pin_info->cb (pin_info->data, attempts, (char*)token_str, label,
- flags, pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
- else if (_gnutls_pin_func)
- ret = _gnutls_pin_func (_gnutls_pin_data, attempts, (char*)token_str, label,
- flags, pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
- else
- ret = gnutls_assert_val(GNUTLS_E_PKCS11_PIN_ERROR);
-
- free (token_str);
- free (label);
-
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_PKCS11_PIN_ERROR);
-
- *pin = p11_kit_pin_new_for_string (pin_value);
-
- if (*pin == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- return 0;
+retrieve_pin_from_callback(const struct pin_info_st *pin_info,
+ struct ck_token_info *token_info,
+ int attempts, ck_user_type_t user_type,
+ struct p11_kit_pin **pin)
+{
+ char pin_value[GNUTLS_PKCS11_MAX_PIN_LEN];
+ unsigned int flags = 0;
+ char *token_str;
+ char *label;
+ struct p11_kit_uri *token_uri;
+ int ret = 0;
+
+ label =
+ p11_kit_space_strdup(token_info->label,
+ sizeof(token_info->label));
+ if (label == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ token_uri = p11_kit_uri_new();
+ if (token_uri == NULL) {
+ free(label);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(p11_kit_uri_get_token_info(token_uri), token_info,
+ sizeof(struct ck_token_info));
+ ret = pkcs11_info_to_url(token_uri, 1, &token_str);
+ p11_kit_uri_free(token_uri);
+
+ if (ret < 0) {
+ free(label);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (user_type == CKU_USER) {
+ flags |= GNUTLS_PIN_USER;
+ if (token_info->flags & CKF_USER_PIN_COUNT_LOW)
+ flags |= GNUTLS_PIN_COUNT_LOW;
+ if (token_info->flags & CKF_USER_PIN_FINAL_TRY)
+ flags |= GNUTLS_PIN_FINAL_TRY;
+ } else if (user_type == CKU_SO) {
+ flags |= GNUTLS_PIN_SO;
+ if (token_info->flags & CKF_SO_PIN_COUNT_LOW)
+ flags |= GNUTLS_PIN_COUNT_LOW;
+ if (token_info->flags & CKF_SO_PIN_FINAL_TRY)
+ flags |= GNUTLS_PIN_FINAL_TRY;
+ }
+
+ if (attempts > 0)
+ flags |= GNUTLS_PIN_WRONG;
+
+ if (pin_info && pin_info->cb)
+ ret =
+ pin_info->cb(pin_info->data, attempts,
+ (char *) token_str, label, flags,
+ pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
+ else if (_gnutls_pin_func)
+ ret =
+ _gnutls_pin_func(_gnutls_pin_data, attempts,
+ (char *) token_str, label, flags,
+ pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
+ else
+ ret = gnutls_assert_val(GNUTLS_E_PKCS11_PIN_ERROR);
+
+ free(token_str);
+ free(label);
+
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_PKCS11_PIN_ERROR);
+
+ *pin = p11_kit_pin_new_for_string(pin_value);
+
+ if (*pin == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ return 0;
}
static int
-retrieve_pin (struct pin_info_st* pin_info, struct p11_kit_uri *info,
- struct ck_token_info *token_info, int attempts,
- ck_user_type_t user_type, struct p11_kit_pin **pin)
-{
- const char *pinfile;
- int ret = GNUTLS_E_PKCS11_PIN_ERROR;
-
- *pin = NULL;
-
- /* Check if a pinfile is specified, and use that if possible */
- pinfile = p11_kit_uri_get_pinfile (info);
- if (pinfile != NULL)
- {
- _gnutls_debug_log("pk11: Using pinfile to retrieve PIN\n");
- ret = retrieve_pin_from_source (pinfile, token_info, attempts, user_type, pin);
- }
-
- /* The global gnutls pin callback */
- if (ret < 0)
- ret = retrieve_pin_from_callback (pin_info, token_info, attempts, user_type, pin);
-
- /* Otherwise, PIN entry is necessary for login, so fail if there's
- * no callback. */
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: No suitable pin callback but login required.\n");
- }
-
- return ret;
-}
+retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info,
+ struct ck_token_info *token_info, int attempts,
+ ck_user_type_t user_type, struct p11_kit_pin **pin)
+{
+ const char *pinfile;
+ int ret = GNUTLS_E_PKCS11_PIN_ERROR;
-int
-pkcs11_login (struct pkcs11_session_info * sinfo, struct pin_info_st * pin_info,
- const struct token_info *tokinfo, struct p11_kit_uri *info, int so)
-{
- struct ck_session_info session_info;
- int attempt = 0, ret;
- ck_user_type_t user_type;
- ck_rv_t rv;
-
- user_type = (so == 0) ? CKU_USER : CKU_SO;
- if (so == 0 && (tokinfo->tinfo.flags & CKF_LOGIN_REQUIRED) == 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: No login required.\n");
- return 0;
- }
-
- /* For a token with a "protected" (out-of-band) authentication
- * path, calling login with a NULL username is all that is
- * required. */
- if (tokinfo->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
- {
- rv = (sinfo->module)->C_Login (sinfo->pks, (so == 0) ? CKU_USER : CKU_SO, NULL, 0);
- if (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN)
- {
- return 0;
- }
- else
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: Protected login failed.\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
- }
-
- do
- {
- struct p11_kit_pin *pin;
- struct ck_token_info tinfo;
-
- memcpy (&tinfo, &tokinfo->tinfo, sizeof(tinfo));
-
- /* Check whether the session is already logged in, and if so, just skip */
- rv = (sinfo->module)->C_GetSessionInfo (sinfo->pks, &session_info);
- if (rv == CKR_OK && (session_info.state == CKS_RO_USER_FUNCTIONS ||
- session_info.state == CKS_RW_USER_FUNCTIONS))
- {
- ret = 0;
- goto cleanup;
- }
-
- /* If login has been attempted once already, check the token
- * status again, the flags might change. */
- if (attempt)
- {
- if (pkcs11_get_token_info
- (tokinfo->prov->module, tokinfo->sid, &tinfo) != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: GetTokenInfo failed\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
- }
-
- ret = retrieve_pin (pin_info, info, &tinfo, attempt++, user_type, &pin);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- rv = (sinfo->module)->C_Login (sinfo->pks, user_type,
- (unsigned char *)p11_kit_pin_get_value (pin, NULL),
- p11_kit_pin_get_length (pin));
-
- p11_kit_pin_unref (pin);
- }
- while (rv == CKR_PIN_INCORRECT);
-
- _gnutls_debug_log ("pk11: Login result = %lu\n", rv);
-
-
- ret = (rv == CKR_OK
- || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv);
-
-cleanup:
- return ret;
-}
+ *pin = NULL;
-int
-pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry)
-{
- struct ck_token_info *tinfo;
- char *label;
- int ret = 0;
+ /* Check if a pinfile is specified, and use that if possible */
+ pinfile = p11_kit_uri_get_pinfile(info);
+ if (pinfile != NULL) {
+ _gnutls_debug_log("pk11: Using pinfile to retrieve PIN\n");
+ ret =
+ retrieve_pin_from_source(pinfile, token_info, attempts,
+ user_type, pin);
+ }
+
+ /* The global gnutls pin callback */
+ if (ret < 0)
+ ret =
+ retrieve_pin_from_callback(pin_info, token_info,
+ attempts, user_type, pin);
+
+ /* Otherwise, PIN entry is necessary for login, so fail if there's
+ * no callback. */
- tinfo = p11_kit_uri_get_token_info (info);
- label = p11_kit_space_strdup (tinfo->label, sizeof (tinfo->label));
- ret = (_gnutls_token_func) (_gnutls_token_data, label, retry);
- free (label);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("pk11: No suitable pin callback but login required.\n");
+ }
+
+ return ret;
+}
- return ret;
+int
+pkcs11_login(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ const struct token_info *tokinfo, struct p11_kit_uri *info,
+ int so)
+{
+ struct ck_session_info session_info;
+ int attempt = 0, ret;
+ ck_user_type_t user_type;
+ ck_rv_t rv;
+
+ user_type = (so == 0) ? CKU_USER : CKU_SO;
+ if (so == 0 && (tokinfo->tinfo.flags & CKF_LOGIN_REQUIRED) == 0) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: No login required.\n");
+ return 0;
+ }
+
+ /* For a token with a "protected" (out-of-band) authentication
+ * path, calling login with a NULL username is all that is
+ * required. */
+ if (tokinfo->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
+ rv = (sinfo->module)->C_Login(sinfo->pks,
+ (so ==
+ 0) ? CKU_USER : CKU_SO,
+ NULL, 0);
+ if (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) {
+ return 0;
+ } else {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("pk11: Protected login failed.\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
+
+ do {
+ struct p11_kit_pin *pin;
+ struct ck_token_info tinfo;
+
+ memcpy(&tinfo, &tokinfo->tinfo, sizeof(tinfo));
+
+ /* Check whether the session is already logged in, and if so, just skip */
+ rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks,
+ &session_info);
+ if (rv == CKR_OK
+ && (session_info.state == CKS_RO_USER_FUNCTIONS
+ || session_info.state == CKS_RW_USER_FUNCTIONS)) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ /* If login has been attempted once already, check the token
+ * status again, the flags might change. */
+ if (attempt) {
+ if (pkcs11_get_token_info
+ (tokinfo->prov->module, tokinfo->sid,
+ &tinfo) != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("pk11: GetTokenInfo failed\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
+
+ ret =
+ retrieve_pin(pin_info, info, &tinfo, attempt++,
+ user_type, &pin);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rv = (sinfo->module)->C_Login(sinfo->pks, user_type,
+ (unsigned char *)
+ p11_kit_pin_get_value(pin,
+ NULL),
+ p11_kit_pin_get_length(pin));
+
+ p11_kit_pin_unref(pin);
+ }
+ while (rv == CKR_PIN_INCORRECT);
+
+ _gnutls_debug_log("pk11: Login result = %lu\n", rv);
+
+
+ ret = (rv == CKR_OK
+ || rv ==
+ CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err(rv);
+
+ cleanup:
+ return ret;
+}
+
+int pkcs11_call_token_func(struct p11_kit_uri *info, const unsigned retry)
+{
+ struct ck_token_info *tinfo;
+ char *label;
+ int ret = 0;
+
+ tinfo = p11_kit_uri_get_token_info(info);
+ label = p11_kit_space_strdup(tinfo->label, sizeof(tinfo->label));
+ ret = (_gnutls_token_func) (_gnutls_token_data, label, retry);
+ free(label);
+
+ return ret;
}
static int
-find_privkeys (struct pkcs11_session_info* sinfo,
- struct token_info *info, struct pkey_list *list)
-{
- struct ck_attribute a[3];
- ck_object_class_t class;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, current;
- char certid_tmp[PKCS11_ID_SIZE];
-
- class = CKO_PRIVATE_KEY;
-
- /* Find an object with private key class and a certificate ID
- * which matches the certificate. */
- /* FIXME: also match the cert subject. */
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, 1);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err (rv);
- }
-
- list->key_ids_size = 0;
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- list->key_ids_size++;
- }
-
- pkcs11_find_objects_final (sinfo);
-
- if (list->key_ids_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- list->key_ids =
- gnutls_malloc (sizeof (gnutls_buffer_st) * list->key_ids_size);
- if (list->key_ids == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* actual search */
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, 1);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err (rv);
- }
-
- current = 0;
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
-
- a[0].type = CKA_ID;
- a[0].value = certid_tmp;
- a[0].value_len = sizeof (certid_tmp);
-
- _gnutls_buffer_init (&list->key_ids[current]);
-
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
- {
- _gnutls_buffer_append_data (&list->key_ids[current],
- a[0].value, a[0].value_len);
- current++;
- }
-
- if (current > list->key_ids_size)
- break;
- }
-
- pkcs11_find_objects_final (sinfo);
-
- list->key_ids_size = current - 1;
-
- return 0;
+find_privkeys(struct pkcs11_session_info *sinfo,
+ struct token_info *info, struct pkey_list *list)
+{
+ struct ck_attribute a[3];
+ ck_object_class_t class;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, current;
+ char certid_tmp[PKCS11_ID_SIZE];
+
+ class = CKO_PRIVATE_KEY;
+
+ /* Find an object with private key class and a certificate ID
+ * which matches the certificate. */
+ /* FIXME: also match the cert subject. */
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a, 1);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
+
+ list->key_ids_size = 0;
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ list->key_ids_size++;
+ }
+
+ pkcs11_find_objects_final(sinfo);
+
+ if (list->key_ids_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ list->key_ids =
+ gnutls_malloc(sizeof(gnutls_buffer_st) * list->key_ids_size);
+ if (list->key_ids == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* actual search */
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a, 1);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
+
+ current = 0;
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+
+ a[0].type = CKA_ID;
+ a[0].value = certid_tmp;
+ a[0].value_len = sizeof(certid_tmp);
+
+ _gnutls_buffer_init(&list->key_ids[current]);
+
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK) {
+ _gnutls_buffer_append_data(&list->key_ids[current],
+ a[0].value,
+ a[0].value_len);
+ current++;
+ }
+
+ if (current > list->key_ids_size)
+ break;
+ }
+
+ pkcs11_find_objects_final(sinfo);
+
+ list->key_ids_size = current - 1;
+
+ return 0;
}
/* Recover certificate list from tokens */
static int
-find_objs (struct pkcs11_session_info* sinfo,
- struct token_info *info, struct ck_info *lib_info, void *input)
-{
- struct crt_find_data_st *find_data = input;
- struct ck_attribute a[6];
- struct ck_attribute *attr;
- ck_object_class_t class = (ck_object_class_t)-1;
- ck_certificate_type_t type = (ck_certificate_type_t)-1;
- unsigned char trusted;
- unsigned long category;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count;
- uint8_t *cert_data;
- char certid_tmp[PKCS11_ID_SIZE];
- char label_tmp[PKCS11_LABEL_SIZE];
- int ret;
- struct pkey_list plist; /* private key holder */
- unsigned int i, tot_values = 0;
-
- if (info == NULL)
- { /* final call */
- if (find_data->current <= *find_data->n_list)
- ret = 0;
- else
- ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- *find_data->n_list = find_data->current;
-
- return ret;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (!p11_kit_uri_match_token_info (find_data->info, &info->tinfo) ||
- !p11_kit_uri_match_module_info (find_data->info, lib_info))
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- memset (&plist, 0, sizeof (plist));
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
- {
- ret = find_privkeys (sinfo, info, &plist);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (plist.key_ids_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- }
-
- /* Find objects with given class and type */
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_CLASS);
- if (attr)
- {
- if(attr->value && attr->value_len == sizeof (ck_object_class_t))
- class = *((ck_object_class_t*)attr->value);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
- }
-
- cert_data = gnutls_malloc (MAX_CERT_SIZE);
- if (cert_data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Find objects with cert class and X.509 cert type. */
-
- tot_values = 0;
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL
- || find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
- {
- class = CKO_CERTIFICATE;
- type = CKC_X_509;
- trusted = 1;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
-
- a[tot_values].type = CKA_CERTIFICATE_TYPE;
- a[tot_values].value = &type;
- a[tot_values].value_len = sizeof type;
- tot_values++;
-
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED)
- {
- class = CKO_CERTIFICATE;
- type = CKC_X_509;
- trusted = 1;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
-
- a[tot_values].type = CKA_TRUSTED;
- a[tot_values].value = &trusted;
- a[tot_values].value_len = sizeof trusted;
- tot_values++;
-
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA)
- {
- class = CKO_CERTIFICATE;
- type = CKC_X_509;
- trusted = 1;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
-
- a[tot_values].type = CKA_TRUSTED;
- a[tot_values].value = &trusted;
- a[tot_values].value_len = sizeof trusted;
- tot_values++;
-
- category = 2;
- a[tot_values].type = CKA_CERTIFICATE_CATEGORY;
- a[tot_values].value = &category;
- a[tot_values].value_len = sizeof category;
- tot_values++;
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY)
- {
- class = CKO_PUBLIC_KEY;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
- {
- class = CKO_PRIVATE_KEY;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
- {
- if (class != (ck_object_class_t)-1)
- {
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- }
- if (type != (ck_certificate_type_t)-1)
- {
- a[tot_values].type = CKA_CERTIFICATE_TYPE;
- a[tot_values].value = &type;
- a[tot_values].value_len = sizeof type;
- tot_values++;
- }
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto fail;
- }
-
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_ID);
- if (attr != NULL)
- {
- memcpy (a + tot_values, attr, sizeof (struct ck_attribute));
- tot_values++;
- }
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, tot_values);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
- return pkcs11_rv_to_err (rv);
- }
-
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- gnutls_datum_t label, id, value;
-
- a[0].type = CKA_LABEL;
- a[0].value = label_tmp;
- a[0].value_len = sizeof label_tmp;
-
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
- {
- label.data = a[0].value;
- label.size = a[0].value_len;
- }
- else
- {
- label.data = NULL;
- label.size = 0;
- }
-
- a[0].type = CKA_ID;
- a[0].value = certid_tmp;
- a[0].value_len = sizeof certid_tmp;
-
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
- {
- id.data = a[0].value;
- id.size = a[0].value_len;
- }
- else
- {
- id.data = NULL;
- id.size = 0;
- }
-
- a[0].type = CKA_VALUE;
- a[0].value = cert_data;
- a[0].value_len = MAX_CERT_SIZE;
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
- {
- value.data = a[0].value;
- value.size = a[0].value_len;
- }
- else
- {
- value.data = NULL;
- value.size = 0;
- }
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
- {
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1);
- }
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
- {
- for (i = 0; i < plist.key_ids_size; i++)
- {
- if (plist.key_ids[i].length !=
- a[1].value_len
- || memcmp (plist.key_ids[i].data,
- a[1].value, a[1].value_len) != 0)
- {
- /* not found */
- continue;
- }
- }
- }
-
- if (find_data->current < *find_data->n_list)
- {
- ret =
- gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- if (class == CKO_PUBLIC_KEY)
- {
- ret =
- pkcs11_obj_import_pubkey (sinfo->module, sinfo->pks, obj,
- find_data->p_list
- [find_data->current],
- &id, &label,
- &info->tinfo, lib_info);
- }
- else
- {
- ret =
- pkcs11_obj_import (class,
- find_data->p_list
- [find_data->current],
- &value, &id, &label,
- &info->tinfo, lib_info);
- }
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- }
-
- find_data->current++;
-
- }
-
- gnutls_free (cert_data);
- pkcs11_find_objects_final (sinfo);
-
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
-
-fail:
- gnutls_free (cert_data);
- pkcs11_find_objects_final (sinfo);
- if (plist.key_ids != NULL)
- {
- for (i = 0; i < plist.key_ids_size; i++)
- {
- _gnutls_buffer_clear (&plist.key_ids[i]);
- }
- gnutls_free (plist.key_ids);
- }
- for (i = 0; i < find_data->current; i++)
- {
- gnutls_pkcs11_obj_deinit (find_data->p_list[i]);
- }
- find_data->current = 0;
-
- return ret;
+find_objs(struct pkcs11_session_info *sinfo,
+ struct token_info *info, struct ck_info *lib_info, void *input)
+{
+ struct crt_find_data_st *find_data = input;
+ struct ck_attribute a[6];
+ struct ck_attribute *attr;
+ ck_object_class_t class = (ck_object_class_t) - 1;
+ ck_certificate_type_t type = (ck_certificate_type_t) - 1;
+ unsigned char trusted;
+ unsigned long category;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count;
+ uint8_t *cert_data;
+ char certid_tmp[PKCS11_ID_SIZE];
+ char label_tmp[PKCS11_LABEL_SIZE];
+ int ret;
+ struct pkey_list plist; /* private key holder */
+ unsigned int i, tot_values = 0;
+
+ if (info == NULL) { /* final call */
+ if (find_data->current <= *find_data->n_list)
+ ret = 0;
+ else
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ *find_data->n_list = find_data->current;
+
+ return ret;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (!p11_kit_uri_match_token_info(find_data->info, &info->tinfo) ||
+ !p11_kit_uri_match_module_info(find_data->info, lib_info)) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ memset(&plist, 0, sizeof(plist));
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
+ ret = find_privkeys(sinfo, info, &plist);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (plist.key_ids_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ }
+
+ /* Find objects with given class and type */
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_CLASS);
+ if (attr) {
+ if (attr->value
+ && attr->value_len == sizeof(ck_object_class_t))
+ class = *((ck_object_class_t *) attr->value);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+ }
+
+ cert_data = gnutls_malloc(MAX_CERT_SIZE);
+ if (cert_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Find objects with cert class and X.509 cert type. */
+
+ tot_values = 0;
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL
+ || find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
+ {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED) {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_TRUSTED;
+ a[tot_values].value = &trusted;
+ a[tot_values].value_len = sizeof trusted;
+ tot_values++;
+
+ } else if (find_data->flags ==
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA) {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_TRUSTED;
+ a[tot_values].value = &trusted;
+ a[tot_values].value_len = sizeof trusted;
+ tot_values++;
+
+ category = 2;
+ a[tot_values].type = CKA_CERTIFICATE_CATEGORY;
+ a[tot_values].value = &category;
+ a[tot_values].value_len = sizeof category;
+ tot_values++;
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY) {
+ class = CKO_PUBLIC_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) {
+ class = CKO_PRIVATE_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) {
+ if (class != (ck_object_class_t) - 1) {
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
+ if (type != (ck_certificate_type_t) - 1) {
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto fail;
+ }
+
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_ID);
+ if (attr != NULL) {
+ memcpy(a + tot_values, attr, sizeof(struct ck_attribute));
+ tot_values++;
+ }
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a,
+ tot_values);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ return pkcs11_rv_to_err(rv);
+ }
+
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ gnutls_datum_t label, id, value;
+
+ a[0].type = CKA_LABEL;
+ a[0].value = label_tmp;
+ a[0].value_len = sizeof label_tmp;
+
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK) {
+ label.data = a[0].value;
+ label.size = a[0].value_len;
+ } else {
+ label.data = NULL;
+ label.size = 0;
+ }
+
+ a[0].type = CKA_ID;
+ a[0].value = certid_tmp;
+ a[0].value_len = sizeof certid_tmp;
+
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK) {
+ id.data = a[0].value;
+ id.size = a[0].value_len;
+ } else {
+ id.data = NULL;
+ id.size = 0;
+ }
+
+ a[0].type = CKA_VALUE;
+ a[0].value = cert_data;
+ a[0].value_len = MAX_CERT_SIZE;
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK) {
+ value.data = a[0].value;
+ value.size = a[0].value_len;
+ } else {
+ value.data = NULL;
+ value.size = 0;
+ }
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) {
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ pkcs11_get_attribute_value(sinfo->module,
+ sinfo->pks, obj, a, 1);
+ }
+
+ if (find_data->flags ==
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
+ for (i = 0; i < plist.key_ids_size; i++) {
+ if (plist.key_ids[i].length !=
+ a[1].value_len
+ || memcmp(plist.key_ids[i].data,
+ a[1].value,
+ a[1].value_len) != 0) {
+ /* not found */
+ continue;
+ }
+ }
+ }
+
+ if (find_data->current < *find_data->n_list) {
+ ret =
+ gnutls_pkcs11_obj_init(&find_data->
+ p_list[find_data->
+ current]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ if (class == CKO_PUBLIC_KEY) {
+ ret =
+ pkcs11_obj_import_pubkey(sinfo->module,
+ sinfo->pks,
+ obj,
+ find_data->
+ p_list
+ [find_data->
+ current],
+ &id, &label,
+ &info->tinfo,
+ lib_info);
+ } else {
+ ret =
+ pkcs11_obj_import(class,
+ find_data->p_list
+ [find_data->current],
+ &value, &id, &label,
+ &info->tinfo,
+ lib_info);
+ }
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ }
+
+ find_data->current++;
+
+ }
+
+ gnutls_free(cert_data);
+ pkcs11_find_objects_final(sinfo);
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
+
+ fail:
+ gnutls_free(cert_data);
+ pkcs11_find_objects_final(sinfo);
+ if (plist.key_ids != NULL) {
+ for (i = 0; i < plist.key_ids_size; i++) {
+ _gnutls_buffer_clear(&plist.key_ids[i]);
+ }
+ gnutls_free(plist.key_ids);
+ }
+ for (i = 0; i < find_data->current; i++) {
+ gnutls_pkcs11_obj_deinit(find_data->p_list[i]);
+ }
+ find_data->current = 0;
+
+ return ret;
}
/**
@@ -2534,53 +2418,48 @@ fail:
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
- unsigned int *n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags)
-{
- int ret;
- struct crt_find_data_st priv;
-
- memset (&priv, 0, sizeof (priv));
-
- /* fill in the find data structure */
- priv.p_list = p_list;
- priv.n_list = n_list;
- priv.flags = attrs;
- priv.current = 0;
-
- if (url == NULL || url[0] == 0)
- {
- url = "pkcs11:";
- }
-
- ret = pkcs11_url_to_info (url, &priv.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _pkcs11_traverse_tokens (find_objs, &priv, priv.info,
- NULL,
- pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (priv.info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- *n_list = 0;
- ret = 0;
- }
- return ret;
- }
-
- return 0;
+gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags)
+{
+ int ret;
+ struct crt_find_data_st priv;
+
+ memset(&priv, 0, sizeof(priv));
+
+ /* fill in the find data structure */
+ priv.p_list = p_list;
+ priv.n_list = n_list;
+ priv.flags = attrs;
+ priv.current = 0;
+
+ if (url == NULL || url[0] == 0) {
+ url = "pkcs11:";
+ }
+
+ ret = pkcs11_url_to_info(url, &priv.info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens(find_objs, &priv, priv.info,
+ NULL, pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(priv.info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ *n_list = 0;
+ ret = 0;
+ }
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -2601,42 +2480,46 @@ gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
* Since: 3.1.0
**/
int
-gnutls_pkcs11_obj_list_import_url2 (gnutls_pkcs11_obj_t ** p_list,
- unsigned int *n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags)
-{
-unsigned int init = 128;
-int ret;
-
- *p_list = gnutls_malloc(sizeof(gnutls_pkcs11_obj_t)*init);
- if (*p_list == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_pkcs11_obj_list_import_url( *p_list, &init, url, attrs, flags);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- *p_list = gnutls_realloc_fast(*p_list, sizeof(gnutls_pkcs11_obj_t)*init);
- if (*p_list == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = gnutls_pkcs11_obj_list_import_url( *p_list, &init, url, attrs, flags);
- }
-
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_free(*p_list);
- *p_list = NULL;
- return ret;
- }
-
- *n_list = init;
- return 0;
+gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags)
+{
+ unsigned int init = 128;
+ int ret;
+
+ *p_list = gnutls_malloc(sizeof(gnutls_pkcs11_obj_t) * init);
+ if (*p_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url(*p_list, &init, url, attrs,
+ flags);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ *p_list =
+ gnutls_realloc_fast(*p_list,
+ sizeof(gnutls_pkcs11_obj_t) *
+ init);
+ if (*p_list == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url(*p_list, &init, url,
+ attrs, flags);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(*p_list);
+ *p_list = NULL;
+ return ret;
+ }
+
+ *n_list = init;
+ return 0;
}
@@ -2656,42 +2539,40 @@ int ret;
* Since: 2.12.0
**/
int
-gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt,
- const char *url, unsigned int flags)
+gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
+ const char *url, unsigned int flags)
{
- gnutls_pkcs11_obj_t pcrt;
- int ret;
+ gnutls_pkcs11_obj_t pcrt;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_init(&pcrt);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs11_obj_init (&pcrt);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (crt->pin.cb)
- gnutls_pkcs11_obj_set_pin_function (pcrt, crt->pin.cb, crt->pin.data);
+ if (crt->pin.cb)
+ gnutls_pkcs11_obj_set_pin_function(pcrt, crt->pin.cb,
+ crt->pin.data);
- ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = gnutls_x509_crt_import (crt, &pcrt->raw, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ ret = gnutls_x509_crt_import(crt, &pcrt->raw, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = 0;
-cleanup:
+ ret = 0;
+ cleanup:
- gnutls_pkcs11_obj_deinit (pcrt);
+ gnutls_pkcs11_obj_deinit(pcrt);
- return ret;
+ return ret;
}
/**
@@ -2708,10 +2589,11 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
- gnutls_pkcs11_obj_t pkcs11_crt)
+gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt,
+ gnutls_pkcs11_obj_t pkcs11_crt)
{
- return gnutls_x509_crt_import (crt, &pkcs11_crt->raw, GNUTLS_X509_FMT_DER);
+ return gnutls_x509_crt_import(crt, &pkcs11_crt->raw,
+ GNUTLS_X509_FMT_DER);
}
/**
@@ -2730,68 +2612,62 @@ gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
* Since: 2.12.0
**/
int
-gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
- unsigned int cert_max,
- gnutls_pkcs11_obj_t * const objs,
- unsigned int flags)
-{
- unsigned int i, j;
- int ret;
-
- for (i = 0; i < cert_max; i++)
- {
- ret = gnutls_x509_crt_init (&certs[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import_pkcs11 (certs[i], objs[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- return 0;
-
-cleanup:
- for (j = 0; j < i; j++)
- {
- gnutls_x509_crt_deinit (certs[j]);
- }
-
- return ret;
+gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs,
+ unsigned int cert_max,
+ gnutls_pkcs11_obj_t * const objs,
+ unsigned int flags)
+{
+ unsigned int i, j;
+ int ret;
+
+ for (i = 0; i < cert_max; i++) {
+ ret = gnutls_x509_crt_init(&certs[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import_pkcs11(certs[i], objs[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ return 0;
+
+ cleanup:
+ for (j = 0; j < i; j++) {
+ gnutls_x509_crt_deinit(certs[j]);
+ }
+
+ return ret;
}
static int
-find_flags (struct pkcs11_session_info* sinfo,
- struct token_info *info, struct ck_info *lib_info, void *input)
+find_flags(struct pkcs11_session_info *sinfo,
+ struct token_info *info, struct ck_info *lib_info, void *input)
{
- struct flags_find_data_st *find_data = input;
+ struct flags_find_data_st *find_data = input;
- if (info == NULL)
- { /* we don't support multiple calls */
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- /* do not bother reading the token if basic fields do not match
- */
- if (!p11_kit_uri_match_token_info (find_data->info, &info->tinfo) ||
- !p11_kit_uri_match_module_info (find_data->info, lib_info))
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (!p11_kit_uri_match_token_info(find_data->info, &info->tinfo) ||
+ !p11_kit_uri_match_module_info(find_data->info, lib_info)) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- /* found token! */
+ /* found token! */
- find_data->slot_flags = info->sinfo.flags;
+ find_data->slot_flags = info->sinfo.flags;
- return 0;
+ return 0;
}
/**
@@ -2806,34 +2682,33 @@ find_flags (struct pkcs11_session_info* sinfo,
*
* Since: 2.12.0
**/
-int
-gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags)
+int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags)
{
- struct flags_find_data_st find_data;
- int ret;
+ struct flags_find_data_st find_data;
+ int ret;
- memset (&find_data, 0, sizeof (find_data));
- ret = pkcs11_url_to_info (url, &find_data.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ memset(&find_data, 0, sizeof(find_data));
+ ret = pkcs11_url_to_info(url, &find_data.info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _pkcs11_traverse_tokens (find_flags, &find_data, find_data.info, NULL, 0);
- p11_kit_uri_free (find_data.info);
+ ret =
+ _pkcs11_traverse_tokens(find_flags, &find_data, find_data.info,
+ NULL, 0);
+ p11_kit_uri_free(find_data.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- *flags = 0;
- if (find_data.slot_flags & CKF_HW_SLOT)
- *flags |= GNUTLS_PKCS11_TOKEN_HW;
+ *flags = 0;
+ if (find_data.slot_flags & CKF_HW_SLOT)
+ *flags |= GNUTLS_PKCS11_TOKEN_HW;
- return 0;
+ return 0;
}
@@ -2852,52 +2727,48 @@ gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx,
- unsigned long *mechanism)
+gnutls_pkcs11_token_get_mechanism(const char *url, unsigned int idx,
+ unsigned long *mechanism)
{
- int ret;
- ck_rv_t rv;
- struct ck_function_list *module;
- ck_slot_id_t slot;
- struct token_info tinfo;
- struct p11_kit_uri *info = NULL;
- unsigned long count;
- ck_mechanism_type_t mlist[400];
+ int ret;
+ ck_rv_t rv;
+ struct ck_function_list *module;
+ ck_slot_id_t slot;
+ struct token_info tinfo;
+ struct p11_kit_uri *info = NULL;
+ unsigned long count;
+ ck_mechanism_type_t mlist[400];
- ret = pkcs11_url_to_info (url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_url_to_info(url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = pkcs11_find_slot (&module, &slot, info, &tinfo);
- p11_kit_uri_free (info);
+ ret = pkcs11_find_slot(&module, &slot, info, &tinfo);
+ p11_kit_uri_free(info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- count = sizeof (mlist) / sizeof (mlist[0]);
- rv = pkcs11_get_mechanism_list (module, slot, mlist, &count);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err (rv);
- }
+ count = sizeof(mlist) / sizeof(mlist[0]);
+ rv = pkcs11_get_mechanism_list(module, slot, mlist, &count);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
- if (idx >= count)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (idx >= count) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- *mechanism = mlist[idx];
+ *mechanism = mlist[idx];
- return 0;
+ return 0;
}
@@ -2914,220 +2785,210 @@ gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx,
*
* Since: 2.12.0
**/
-const char *
-gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type)
-{
- switch (type)
- {
- case GNUTLS_PKCS11_OBJ_X509_CRT:
- return "X.509 Certificate";
- case GNUTLS_PKCS11_OBJ_PUBKEY:
- return "Public key";
- case GNUTLS_PKCS11_OBJ_PRIVKEY:
- return "Private key";
- case GNUTLS_PKCS11_OBJ_SECRET_KEY:
- return "Secret key";
- case GNUTLS_PKCS11_OBJ_DATA:
- return "Data";
- case GNUTLS_PKCS11_OBJ_UNKNOWN:
- default:
- return "Unknown";
- }
+const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t type)
+{
+ switch (type) {
+ case GNUTLS_PKCS11_OBJ_X509_CRT:
+ return "X.509 Certificate";
+ case GNUTLS_PKCS11_OBJ_PUBKEY:
+ return "Public key";
+ case GNUTLS_PKCS11_OBJ_PRIVKEY:
+ return "Private key";
+ case GNUTLS_PKCS11_OBJ_SECRET_KEY:
+ return "Secret key";
+ case GNUTLS_PKCS11_OBJ_DATA:
+ return "Data";
+ case GNUTLS_PKCS11_OBJ_UNKNOWN:
+ default:
+ return "Unknown";
+ }
}
ck_rv_t
-pkcs11_get_slot_list (struct ck_function_list * module, unsigned char token_present,
- ck_slot_id_t *slot_list, unsigned long *count)
+pkcs11_get_slot_list(struct ck_function_list * module,
+ unsigned char token_present, ck_slot_id_t * slot_list,
+ unsigned long *count)
{
- return (module)->C_GetSlotList (token_present, slot_list, count);
+ return (module)->C_GetSlotList(token_present, slot_list, count);
}
ck_rv_t
-pkcs11_get_module_info (struct ck_function_list * module,
- struct ck_info * info)
+pkcs11_get_module_info(struct ck_function_list * module,
+ struct ck_info * info)
{
- return (module)->C_GetInfo (info);
+ return (module)->C_GetInfo(info);
}
ck_rv_t
pkcs11_get_slot_info(struct ck_function_list * module,
- ck_slot_id_t slot_id,
- struct ck_slot_info *info)
+ ck_slot_id_t slot_id, struct ck_slot_info * info)
{
- return (module)->C_GetSlotInfo (slot_id, info);
+ return (module)->C_GetSlotInfo(slot_id, info);
}
ck_rv_t
-pkcs11_get_token_info (struct ck_function_list * module,
- ck_slot_id_t slot_id,
- struct ck_token_info *info)
+pkcs11_get_token_info(struct ck_function_list * module,
+ ck_slot_id_t slot_id, struct ck_token_info * info)
{
- return (module)->C_GetTokenInfo (slot_id, info);
+ return (module)->C_GetTokenInfo(slot_id, info);
}
ck_rv_t
-pkcs11_find_objects_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_attribute *templ,
- unsigned long count)
+pkcs11_find_objects_init(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_attribute * templ, unsigned long count)
{
- return (module)->C_FindObjectsInit (sess, templ, count);
+ return (module)->C_FindObjectsInit(sess, templ, count);
}
ck_rv_t
-pkcs11_find_objects (struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t *objects,
- unsigned long max_object_count,
- unsigned long *object_count)
+pkcs11_find_objects(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ ck_object_handle_t * objects,
+ unsigned long max_object_count,
+ unsigned long *object_count)
{
- return (module)->C_FindObjects (sess, objects, max_object_count, object_count);
+ return (module)->C_FindObjects(sess, objects, max_object_count,
+ object_count);
}
-ck_rv_t
-pkcs11_find_objects_final (struct pkcs11_session_info* sinfo)
+ck_rv_t pkcs11_find_objects_final(struct pkcs11_session_info * sinfo)
{
- return (sinfo->module)->C_FindObjectsFinal (sinfo->pks);
+ return (sinfo->module)->C_FindObjectsFinal(sinfo->pks);
}
-ck_rv_t
-pkcs11_close_session (struct pkcs11_session_info * sinfo)
+ck_rv_t pkcs11_close_session(struct pkcs11_session_info * sinfo)
{
- sinfo->init = 0;
- return (sinfo->module)->C_CloseSession (sinfo->pks);
+ sinfo->init = 0;
+ return (sinfo->module)->C_CloseSession(sinfo->pks);
}
ck_rv_t
-pkcs11_get_attribute_value(struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count)
+pkcs11_get_attribute_value(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count)
{
- return (module)->C_GetAttributeValue (sess, object, templ, count);
+ return (module)->C_GetAttributeValue(sess, object, templ, count);
}
ck_rv_t
-pkcs11_get_mechanism_list (struct ck_function_list *module,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t *mechanism_list,
- unsigned long *count)
+pkcs11_get_mechanism_list(struct ck_function_list * module,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count)
{
- return (module)->C_GetMechanismList (slot_id, mechanism_list, count);
+ return (module)->C_GetMechanismList(slot_id, mechanism_list,
+ count);
}
ck_rv_t
-pkcs11_sign_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key)
+pkcs11_sign_init(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_mechanism * mechanism, ck_object_handle_t key)
{
- return (module)->C_SignInit (sess, mechanism, key);
+ return (module)->C_SignInit(sess, mechanism, key);
}
ck_rv_t
-pkcs11_sign (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *data,
- unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len)
+pkcs11_sign(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ unsigned char *data,
+ unsigned long data_len,
+ unsigned char *signature, unsigned long *signature_len)
{
- return (module)->C_Sign (sess, data, data_len, signature, signature_len);
+ return (module)->C_Sign(sess, data, data_len, signature,
+ signature_len);
}
ck_rv_t
-pkcs11_generate_key_pair (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- struct ck_attribute *pub_templ,
- unsigned long pub_templ_count,
- struct ck_attribute *priv_templ,
- unsigned long priv_templ_count,
- ck_object_handle_t *pub,
- ck_object_handle_t *priv)
+pkcs11_generate_key_pair(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * pub_templ,
+ unsigned long pub_templ_count,
+ struct ck_attribute * priv_templ,
+ unsigned long priv_templ_count,
+ ck_object_handle_t * pub,
+ ck_object_handle_t * priv)
{
- return (module)->C_GenerateKeyPair (sess, mechanism, pub_templ, pub_templ_count,
- priv_templ, priv_templ_count, pub, priv);
+ return (module)->C_GenerateKeyPair(sess, mechanism, pub_templ,
+ pub_templ_count, priv_templ,
+ priv_templ_count, pub, priv);
}
ck_rv_t
-pkcs11_decrypt_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key)
+pkcs11_decrypt_init(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
- return (module)->C_DecryptInit (sess, mechanism, key);
+ return (module)->C_DecryptInit(sess, mechanism, key);
}
ck_rv_t
-pkcs11_decrypt (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len)
+pkcs11_decrypt(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len)
{
- return (module)->C_Decrypt (sess, encrypted_data, encrypted_data_len,
- data, data_len);
+ return (module)->C_Decrypt(sess, encrypted_data,
+ encrypted_data_len, data, data_len);
}
ck_rv_t
-pkcs11_create_object (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_attribute *templ,
- unsigned long count,
- ck_object_handle_t *object)
+pkcs11_create_object(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * object)
{
- return (module)->C_CreateObject (sess, templ, count, object);
+ return (module)->C_CreateObject(sess, templ, count, object);
}
ck_rv_t
-pkcs11_destroy_object (struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t object)
+pkcs11_destroy_object(struct ck_function_list * module,
+ ck_session_handle_t sess, ck_object_handle_t object)
{
- return (module)->C_DestroyObject (sess, object);
+ return (module)->C_DestroyObject(sess, object);
}
ck_rv_t
-pkcs11_init_token (struct ck_function_list *module,
- ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label)
+pkcs11_init_token(struct ck_function_list * module,
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label)
{
- return (module)->C_InitToken (slot_id, pin, pin_len, label);
+ return (module)->C_InitToken(slot_id, pin, pin_len, label);
}
ck_rv_t
-pkcs11_init_pin (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *pin,
- unsigned long pin_len)
+pkcs11_init_pin(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ unsigned char *pin, unsigned long pin_len)
{
- return (module)->C_InitPIN (sess, pin, pin_len);
+ return (module)->C_InitPIN(sess, pin, pin_len);
}
ck_rv_t
-pkcs11_set_pin (struct ck_function_list *module,
- ck_session_handle_t sess,
- const char *old_pin,
- unsigned long old_len,
- const char *new_pin,
- unsigned long new_len)
+pkcs11_set_pin(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ const char *old_pin,
+ unsigned long old_len,
+ const char *new_pin, unsigned long new_len)
{
- return (module)->C_SetPIN (sess, (uint8_t*)old_pin, old_len, (uint8_t*)new_pin, new_len);
+ return (module)->C_SetPIN(sess, (uint8_t *) old_pin, old_len,
+ (uint8_t *) new_pin, new_len);
}
ck_rv_t
-pkcs11_get_random (struct ck_function_list *module,
- ck_session_handle_t sess,
- void * data,
- size_t len)
+pkcs11_get_random(struct ck_function_list * module,
+ ck_session_handle_t sess, void *data, size_t len)
{
- return (module)->C_GenerateRandom (sess, data, len);
+ return (module)->C_GenerateRandom(sess, data, len);
}
-const char *
-pkcs11_strerror (ck_rv_t rv)
+const char *pkcs11_strerror(ck_rv_t rv)
{
- return p11_kit_strerror (rv);
+ return p11_kit_strerror(rv);
}
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 32d83cd250..1cdaee3d10 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -36,258 +36,244 @@ typedef unsigned char ck_bool_t;
struct pkcs11_session_info {
- struct ck_function_list * module;
- struct ck_token_info tinfo;
- ck_session_handle_t pks;
- unsigned int init;
+ struct ck_function_list *module;
+ struct ck_token_info tinfo;
+ ck_session_handle_t pks;
+ unsigned int init;
};
-struct token_info
-{
- struct ck_token_info tinfo;
- struct ck_slot_info sinfo;
- ck_slot_id_t sid;
- struct gnutls_pkcs11_provider_s *prov;
+struct token_info {
+ struct ck_token_info tinfo;
+ struct ck_slot_info sinfo;
+ ck_slot_id_t sid;
+ struct gnutls_pkcs11_provider_s *prov;
};
-struct gnutls_pkcs11_obj_st
-{
- gnutls_datum_t raw;
- gnutls_pkcs11_obj_type_t type;
- struct p11_kit_uri *info;
+struct gnutls_pkcs11_obj_st {
+ gnutls_datum_t raw;
+ gnutls_pkcs11_obj_type_t type;
+ struct p11_kit_uri *info;
- /* only when pubkey */
- gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
- gnutls_pk_algorithm_t pk_algorithm;
- unsigned int key_usage;
+ /* only when pubkey */
+ gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int key_usage;
- struct pin_info_st pin;
+ struct pin_info_st pin;
};
/* thus function is called for every token in the traverse_tokens
* function. Once everything is traversed it is called with NULL tinfo.
* It should return 0 if found what it was looking for.
*/
-typedef int (*find_func_t) (struct pkcs11_session_info*,
- struct token_info * tinfo, struct ck_info *,
- void *input);
+typedef int (*find_func_t) (struct pkcs11_session_info *,
+ struct token_info * tinfo, struct ck_info *,
+ void *input);
-int pkcs11_rv_to_err (ck_rv_t rv);
-int pkcs11_url_to_info (const char *url, struct p11_kit_uri **info);
+int pkcs11_rv_to_err(ck_rv_t rv);
+int pkcs11_url_to_info(const char *url, struct p11_kit_uri **info);
int
-pkcs11_find_slot (struct ck_function_list ** module, ck_slot_id_t * slot,
- struct p11_kit_uri *info, struct token_info *_tinfo);
+pkcs11_find_slot(struct ck_function_list **module, ck_slot_id_t * slot,
+ struct p11_kit_uri *info, struct token_info *_tinfo);
int pkcs11_read_pubkey(struct ck_function_list *module,
- ck_session_handle_t pks, ck_object_handle_t obj,
- ck_key_type_t key_type, gnutls_datum_t * pubkey);
+ ck_session_handle_t pks, ck_object_handle_t obj,
+ ck_key_type_t key_type, gnutls_datum_t * pubkey);
-int pkcs11_get_info (struct p11_kit_uri *info,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size);
-int pkcs11_login (struct pkcs11_session_info * sinfo, struct pin_info_st* pin_info,
- const struct token_info *tokinfo, struct p11_kit_uri *info, int so);
+int pkcs11_get_info(struct p11_kit_uri *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
+int pkcs11_login(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ const struct token_info *tokinfo,
+ struct p11_kit_uri *info, int so);
-int pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry);
+int pkcs11_call_token_func(struct p11_kit_uri *info, const unsigned retry);
extern gnutls_pkcs11_token_callback_t _gnutls_token_func;
extern void *_gnutls_token_data;
-void pkcs11_rescan_slots (void);
-int pkcs11_info_to_url (struct p11_kit_uri *info,
- gnutls_pkcs11_url_type_t detailed, char **url);
+void pkcs11_rescan_slots(void);
+int pkcs11_info_to_url(struct p11_kit_uri *info,
+ gnutls_pkcs11_url_type_t detailed, char **url);
#define SESSION_WRITE (1<<0)
#define SESSION_LOGIN (1<<1)
-#define SESSION_SO (1<<2) /* security officer session */
-int pkcs11_open_session (struct pkcs11_session_info* sinfo,
- struct pin_info_st* pin_info,
- struct p11_kit_uri *info, unsigned int flags);
-int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
- struct p11_kit_uri *info,
- struct pin_info_st* pin_info,
- unsigned int flags);
-ck_object_class_t pkcs11_strtype_to_class (const char *type);
-
-int pkcs11_token_matches_info (struct p11_kit_uri *info,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info);
-
-unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
+#define SESSION_SO (1<<2) /* security officer session */
+int pkcs11_open_session(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ struct p11_kit_uri *info, unsigned int flags);
+int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
+ struct p11_kit_uri *info,
+ struct pin_info_st *pin_info,
+ unsigned int flags);
+ck_object_class_t pkcs11_strtype_to_class(const char *type);
+
+int pkcs11_token_matches_info(struct p11_kit_uri *info,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info);
+
+unsigned int pkcs11_obj_flags_to_int(unsigned int flags);
int
-_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+_gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
int
-_gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+_gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
{
- if (pk == GNUTLS_PK_DSA)
- return CKM_DSA;
- else if (pk == GNUTLS_PK_EC)
- return CKM_ECDSA;
- else
- return CKM_RSA_PKCS;
+ if (pk == GNUTLS_PK_DSA)
+ return CKM_DSA;
+ else if (pk == GNUTLS_PK_EC)
+ return CKM_ECDSA;
+ else
+ return CKM_RSA_PKCS;
}
static inline gnutls_pk_algorithm_t mech_to_pk(ck_key_type_t m)
{
- if (m == CKK_RSA)
- return GNUTLS_PK_RSA;
- else if (m == CKK_DSA)
- return GNUTLS_PK_DSA;
- else if (m == CKK_ECDSA)
- return GNUTLS_PK_EC;
- else return GNUTLS_PK_UNKNOWN;
+ if (m == CKK_RSA)
+ return GNUTLS_PK_RSA;
+ else if (m == CKK_DSA)
+ return GNUTLS_PK_DSA;
+ else if (m == CKK_ECDSA)
+ return GNUTLS_PK_EC;
+ else
+ return GNUTLS_PK_UNKNOWN;
}
static inline int pk_to_genmech(gnutls_pk_algorithm_t pk)
{
- if (pk == GNUTLS_PK_DSA)
- return CKM_DSA_KEY_PAIR_GEN;
- else if (pk == GNUTLS_PK_EC)
- return CKM_ECDSA_KEY_PAIR_GEN;
- else
- return CKM_RSA_PKCS_KEY_PAIR_GEN;
+ if (pk == GNUTLS_PK_DSA)
+ return CKM_DSA_KEY_PAIR_GEN;
+ else if (pk == GNUTLS_PK_EC)
+ return CKM_ECDSA_KEY_PAIR_GEN;
+ else
+ return CKM_RSA_PKCS_KEY_PAIR_GEN;
}
ck_rv_t
-pkcs11_generate_key_pair (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- struct ck_attribute *pub_templ,
- unsigned long pub_templ_count,
- struct ck_attribute *priv_templ,
- unsigned long priv_templ_count,
- ck_object_handle_t *pub,
- ck_object_handle_t *priv);
+pkcs11_generate_key_pair(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * pub_templ,
+ unsigned long pub_templ_count,
+ struct ck_attribute * priv_templ,
+ unsigned long priv_templ_count,
+ ck_object_handle_t * pub,
+ ck_object_handle_t * priv);
ck_rv_t
-pkcs11_get_slot_list (struct ck_function_list * module,
- unsigned char token_present,
- ck_slot_id_t *slot_list,
- unsigned long *count);
+pkcs11_get_slot_list(struct ck_function_list *module,
+ unsigned char token_present,
+ ck_slot_id_t * slot_list, unsigned long *count);
ck_rv_t
-pkcs11_get_module_info (struct ck_function_list * module,
- struct ck_info * info);
+pkcs11_get_module_info(struct ck_function_list *module,
+ struct ck_info *info);
ck_rv_t
-pkcs11_get_slot_info(struct ck_function_list * module,
- ck_slot_id_t slot_id,
- struct ck_slot_info *info);
+pkcs11_get_slot_info(struct ck_function_list *module,
+ ck_slot_id_t slot_id, struct ck_slot_info *info);
ck_rv_t
-pkcs11_get_token_info (struct ck_function_list * module,
- ck_slot_id_t slot_id,
- struct ck_token_info *info);
+pkcs11_get_token_info(struct ck_function_list *module,
+ ck_slot_id_t slot_id, struct ck_token_info *info);
ck_rv_t
-pkcs11_find_objects_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_attribute *templ,
- unsigned long count);
+pkcs11_find_objects_init(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ struct ck_attribute *templ, unsigned long count);
ck_rv_t
-pkcs11_find_objects (struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t *objects,
- unsigned long max_object_count,
- unsigned long *object_count);
+pkcs11_find_objects(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ ck_object_handle_t * objects,
+ unsigned long max_object_count,
+ unsigned long *object_count);
-ck_rv_t
-pkcs11_find_objects_final (struct pkcs11_session_info*);
+ck_rv_t pkcs11_find_objects_final(struct pkcs11_session_info *);
-ck_rv_t
-pkcs11_close_session (struct pkcs11_session_info *);
+ck_rv_t pkcs11_close_session(struct pkcs11_session_info *);
ck_rv_t
pkcs11_get_attribute_value(struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count);
+ ck_session_handle_t sess,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count);
ck_rv_t
-pkcs11_get_mechanism_list (struct ck_function_list *module,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t *mechanism_list,
- unsigned long *count);
+pkcs11_get_mechanism_list(struct ck_function_list *module,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count);
ck_rv_t
-pkcs11_sign_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+pkcs11_sign_init(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ struct ck_mechanism *mechanism, ck_object_handle_t key);
ck_rv_t
-pkcs11_sign (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *data,
- unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len);
+pkcs11_sign(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ unsigned char *data,
+ unsigned long data_len,
+ unsigned char *signature, unsigned long *signature_len);
ck_rv_t
-pkcs11_decrypt_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+pkcs11_decrypt_init(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
ck_rv_t
-pkcs11_decrypt (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len);
+pkcs11_decrypt(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len);
ck_rv_t
-pkcs11_create_object (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_attribute *templ,
- unsigned long count,
- ck_object_handle_t *object);
+pkcs11_create_object(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t * object);
ck_rv_t
-pkcs11_destroy_object (struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t object);
+pkcs11_destroy_object(struct ck_function_list *module,
+ ck_session_handle_t sess, ck_object_handle_t object);
ck_rv_t
-pkcs11_init_token (struct ck_function_list *module,
- ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label);
+pkcs11_init_token(struct ck_function_list *module,
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label);
ck_rv_t
-pkcs11_init_pin (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *pin,
- unsigned long pin_len);
+pkcs11_init_pin(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ unsigned char *pin, unsigned long pin_len);
ck_rv_t
-pkcs11_set_pin (struct ck_function_list *module,
- ck_session_handle_t sess,
- const char *old_pin,
- unsigned long old_len,
- const char *new_pin,
- unsigned long new_len);
+pkcs11_set_pin(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ const char *old_pin,
+ unsigned long old_len,
+ const char *new_pin, unsigned long new_len);
ck_rv_t
-pkcs11_get_random (struct ck_function_list *module,
- ck_session_handle_t sess,
- void *data,
- size_t len);
-
+pkcs11_get_random(struct ck_function_list *module,
+ ck_session_handle_t sess, void *data, size_t len);
+
-const char *
-pkcs11_strerror (ck_rv_t rv);
+const char *pkcs11_strerror(ck_rv_t rv);
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
#endif
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index a6f73e1e7c..7a0aa38912 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -29,16 +29,15 @@
#include <gnutls_pk.h>
#include <p11-kit/uri.h>
-struct gnutls_pkcs11_privkey_st
-{
- gnutls_pk_algorithm_t pk_algorithm;
- unsigned int flags;
- struct p11_kit_uri *info;
-
- struct pkcs11_session_info sinfo;
- ck_object_handle_t obj; /* the key in the session */
-
- struct pin_info_st pin;
+struct gnutls_pkcs11_privkey_st {
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int flags;
+ struct p11_kit_uri *info;
+
+ struct pkcs11_session_info sinfo;
+ ck_object_handle_t obj; /* the key in the session */
+
+ struct pin_info_st pin;
};
/**
@@ -50,25 +49,22 @@ struct gnutls_pkcs11_privkey_st
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key)
+int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_privkey_st));
- if (*key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- (*key)->info = p11_kit_uri_new ();
- if ((*key)->info == NULL)
- {
- free (*key);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *key = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_privkey_st));
+ if (*key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ (*key)->info = p11_kit_uri_new();
+ if ((*key)->info == NULL) {
+ free(*key);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -77,13 +73,12 @@ gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key)
*
* This function will deinitialize a private key structure.
**/
-void
-gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key)
+void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key)
{
- p11_kit_uri_free (key->info);
- if (key->sinfo.init != 0)
- pkcs11_close_session (&key->sinfo);
- gnutls_free (key);
+ p11_kit_uri_free(key->info);
+ if (key->sinfo.init != 0)
+ pkcs11_close_session(&key->sinfo);
+ gnutls_free(key);
}
/**
@@ -98,12 +93,12 @@ gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key)
* success, or a negative error code on error.
**/
int
-gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
- unsigned int *bits)
+gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key,
+ unsigned int *bits)
{
- if (bits)
- *bits = 0; /* FIXME */
- return key->pk_algorithm;
+ if (bits)
+ *bits = 0; /* FIXME */
+ return key->pk_algorithm;
}
/**
@@ -121,56 +116,57 @@ gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
* Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
**/
int
-gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size)
+gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
{
- return pkcs11_get_info (pkey->info, itype, output, output_size);
+ return pkcs11_get_info(pkey->info, itype, output, output_size);
}
static int
-find_object (struct pkcs11_session_info* sinfo,
- struct pin_info_st * pin_info,
- ck_object_handle_t * _obj,
- struct p11_kit_uri *info, unsigned int flags)
+find_object(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ ck_object_handle_t * _obj,
+ struct p11_kit_uri *info, unsigned int flags)
{
- int ret;
- ck_object_handle_t obj;
- struct ck_attribute *attrs;
- unsigned long attr_count;
- unsigned long count;
- ck_rv_t rv;
-
- ret = pkcs11_open_session (sinfo, pin_info, info, flags & SESSION_LOGIN);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- attrs = p11_kit_uri_get_attributes (info, &attr_count);
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, attrs, attr_count);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err (rv);
- goto fail;
- }
-
- if (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- *_obj = obj;
- pkcs11_find_objects_final (sinfo);
- return 0;
- }
-
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- pkcs11_find_objects_final (sinfo);
-fail:
- pkcs11_close_session (sinfo);
-
- return ret;
+ int ret;
+ ck_object_handle_t obj;
+ struct ck_attribute *attrs;
+ unsigned long attr_count;
+ unsigned long count;
+ ck_rv_t rv;
+
+ ret =
+ pkcs11_open_session(sinfo, pin_info, info,
+ flags & SESSION_LOGIN);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ attrs = p11_kit_uri_get_attributes(info, &attr_count);
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, attrs,
+ attr_count);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err(rv);
+ goto fail;
+ }
+
+ if (pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count)
+ == CKR_OK && count == 1) {
+ *_obj = obj;
+ pkcs11_find_objects_final(sinfo);
+ return 0;
+ }
+
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ pkcs11_find_objects_final(sinfo);
+ fail:
+ pkcs11_close_session(sinfo);
+
+ return ret;
}
#define FIND_OBJECT(sinfo, pin_info, obj, key) \
@@ -206,109 +202,101 @@ fail:
* negative error value.
-*/
int
-_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+_gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- ck_rv_t rv;
- int ret;
- struct ck_mechanism mech;
- gnutls_datum_t tmp = {NULL, 0};
- unsigned long siglen;
- struct pkcs11_session_info _sinfo;
- struct pkcs11_session_info *sinfo;
- ck_object_handle_t obj;
-
- if (key->sinfo.init != 0)
- {
- sinfo = &key->sinfo;
- obj = key->obj;
- }
- else
- {
- sinfo = &_sinfo;
- memset(sinfo, 0, sizeof(*sinfo));
- FIND_OBJECT (sinfo, &key->pin, obj, key);
- }
-
- mech.mechanism = pk_to_mech(key->pk_algorithm);
- mech.parameter = NULL;
- mech.parameter_len = 0;
-
- /* Initialize signing operation; using the private key discovered
- * earlier. */
- rv = pkcs11_sign_init (sinfo->module, sinfo->pks, &mech, obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* Work out how long the signature must be: */
- rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size, NULL, &siglen);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- tmp.data = gnutls_malloc (siglen);
- tmp.size = siglen;
-
- rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size, tmp.data, &siglen);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
-
- if (key->pk_algorithm == GNUTLS_PK_EC || key->pk_algorithm == GNUTLS_PK_DSA)
- {
- unsigned int hlen = siglen / 2;
- gnutls_datum_t r, s;
-
- if (siglen % 2 != 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto cleanup;
- }
-
- r.data = tmp.data;
- r.size = hlen;
-
- s.data = &tmp.data[hlen];
- s.size = hlen;
-
- ret = _gnutls_encode_ber_rs_raw (signature, &r, &s);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- gnutls_free(tmp.data);
- tmp.data = NULL;
- }
- else
- {
- signature->size = siglen;
- signature->data = tmp.data;
- }
-
- ret = 0;
-
-cleanup:
- if (sinfo != &key->sinfo)
- pkcs11_close_session (sinfo);
- if (ret < 0)
- gnutls_free(tmp.data);
-
- return ret;
+ ck_rv_t rv;
+ int ret;
+ struct ck_mechanism mech;
+ gnutls_datum_t tmp = { NULL, 0 };
+ unsigned long siglen;
+ struct pkcs11_session_info _sinfo;
+ struct pkcs11_session_info *sinfo;
+ ck_object_handle_t obj;
+
+ if (key->sinfo.init != 0) {
+ sinfo = &key->sinfo;
+ obj = key->obj;
+ } else {
+ sinfo = &_sinfo;
+ memset(sinfo, 0, sizeof(*sinfo));
+ FIND_OBJECT(sinfo, &key->pin, obj, key);
+ }
+
+ mech.mechanism = pk_to_mech(key->pk_algorithm);
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+
+ /* Initialize signing operation; using the private key discovered
+ * earlier. */
+ rv = pkcs11_sign_init(sinfo->module, sinfo->pks, &mech, obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* Work out how long the signature must be: */
+ rv = pkcs11_sign(sinfo->module, sinfo->pks, hash->data, hash->size,
+ NULL, &siglen);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ tmp.data = gnutls_malloc(siglen);
+ tmp.size = siglen;
+
+ rv = pkcs11_sign(sinfo->module, sinfo->pks, hash->data, hash->size,
+ tmp.data, &siglen);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+
+ if (key->pk_algorithm == GNUTLS_PK_EC
+ || key->pk_algorithm == GNUTLS_PK_DSA) {
+ unsigned int hlen = siglen / 2;
+ gnutls_datum_t r, s;
+
+ if (siglen % 2 != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto cleanup;
+ }
+
+ r.data = tmp.data;
+ r.size = hlen;
+
+ s.data = &tmp.data[hlen];
+ s.size = hlen;
+
+ ret = _gnutls_encode_ber_rs_raw(signature, &r, &s);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ gnutls_free(tmp.data);
+ tmp.data = NULL;
+ } else {
+ signature->size = siglen;
+ signature->data = tmp.data;
+ }
+
+ ret = 0;
+
+ cleanup:
+ if (sinfo != &key->sinfo)
+ pkcs11_close_session(sinfo);
+ if (ret < 0)
+ gnutls_free(tmp.data);
+
+ return ret;
}
/**
@@ -323,41 +311,36 @@ cleanup:
* Since: 3.1.9
*
**/
-int
-gnutls_pkcs11_privkey_status (gnutls_pkcs11_privkey_t key)
+int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key)
{
- ck_rv_t rv;
- int ret;
- struct pkcs11_session_info _sinfo;
- struct pkcs11_session_info *sinfo;
- ck_object_handle_t obj;
- struct ck_session_info session_info;
-
- if (key->sinfo.init != 0)
- {
- sinfo = &key->sinfo;
- obj = key->obj;
- }
- else
- {
- sinfo = &_sinfo;
- memset(sinfo, 0, sizeof(*sinfo));
- FIND_OBJECT (sinfo, &key->pin, obj, key);
- }
-
- rv = (sinfo->module)->C_GetSessionInfo (sinfo->pks, &session_info);
- if (rv != CKR_OK)
- {
- ret = 0;
- goto cleanup;
- }
- ret = 1;
-
-cleanup:
- if (sinfo != &key->sinfo)
- pkcs11_close_session (sinfo);
-
- return ret;
+ ck_rv_t rv;
+ int ret;
+ struct pkcs11_session_info _sinfo;
+ struct pkcs11_session_info *sinfo;
+ ck_object_handle_t obj;
+ struct ck_session_info session_info;
+
+ if (key->sinfo.init != 0) {
+ sinfo = &key->sinfo;
+ obj = key->obj;
+ } else {
+ sinfo = &_sinfo;
+ memset(sinfo, 0, sizeof(*sinfo));
+ FIND_OBJECT(sinfo, &key->pin, obj, key);
+ }
+
+ rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks, &session_info);
+ if (rv != CKR_OK) {
+ ret = 0;
+ goto cleanup;
+ }
+ ret = 1;
+
+ cleanup:
+ if (sinfo != &key->sinfo)
+ pkcs11_close_session(sinfo);
+
+ return ret;
}
/**
@@ -375,82 +358,77 @@ cleanup:
* negative error value.
**/
int
-gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
- const char *url, unsigned int flags)
+gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+ const char *url, unsigned int flags)
{
- int ret;
- struct ck_attribute *attr;
- ck_object_handle_t obj;
- struct ck_attribute a[4];
- ck_key_type_t key_type;
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (url, &pkey->info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- pkey->flags = flags;
-
- attr = p11_kit_uri_get_attribute (pkey->info, CKA_CLASS);
- if (!attr || attr->value_len != sizeof (ck_object_class_t) ||
- *(ck_object_class_t*)attr->value != CKO_PRIVATE_KEY)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- attr = p11_kit_uri_get_attribute (pkey->info, CKA_ID);
- if (!attr || !attr->value_len)
- {
- attr = p11_kit_uri_get_attribute (pkey->info, CKA_LABEL);
- if (!attr || !attr->value_len)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- }
-
- FIND_OBJECT (&sinfo, &pkey->pin, obj, pkey);
-
- a[0].type = CKA_KEY_TYPE;
- a[0].value = &key_type;
- a[0].value_len = sizeof (key_type);
-
- if (pkcs11_get_attribute_value (sinfo.module, sinfo.pks, obj, a, 1) == CKR_OK)
- {
- pkey->pk_algorithm = mech_to_pk(key_type);
- if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN)
- {
- _gnutls_debug_log("Cannot determine PKCS #11 key algorithm\n");
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
- }
-
- ret = 0;
-
- if (pkey->sinfo.init)
- pkcs11_close_session (&pkey->sinfo);
-
- if (sinfo.tinfo.max_session_count != 1)
- {
- /* We do not keep the session open in tokens that can
- * only support a single session.
- */
- memcpy(&pkey->sinfo, &sinfo, sizeof(pkey->sinfo));
- pkey->obj = obj;
- return ret;
- }
-
-cleanup:
- pkcs11_close_session (&sinfo);
-
- return ret;
+ int ret;
+ struct ck_attribute *attr;
+ ck_object_handle_t obj;
+ struct ck_attribute a[4];
+ ck_key_type_t key_type;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(url, &pkey->info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ pkey->flags = flags;
+
+ attr = p11_kit_uri_get_attribute(pkey->info, CKA_CLASS);
+ if (!attr || attr->value_len != sizeof(ck_object_class_t) ||
+ *(ck_object_class_t *) attr->value != CKO_PRIVATE_KEY) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ attr = p11_kit_uri_get_attribute(pkey->info, CKA_ID);
+ if (!attr || !attr->value_len) {
+ attr = p11_kit_uri_get_attribute(pkey->info, CKA_LABEL);
+ if (!attr || !attr->value_len) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ }
+
+ FIND_OBJECT(&sinfo, &pkey->pin, obj, pkey);
+
+ a[0].type = CKA_KEY_TYPE;
+ a[0].value = &key_type;
+ a[0].value_len = sizeof(key_type);
+
+ if (pkcs11_get_attribute_value(sinfo.module, sinfo.pks, obj, a, 1)
+ == CKR_OK) {
+ pkey->pk_algorithm = mech_to_pk(key_type);
+ if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
+ _gnutls_debug_log
+ ("Cannot determine PKCS #11 key algorithm\n");
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+
+ if (pkey->sinfo.init)
+ pkcs11_close_session(&pkey->sinfo);
+
+ if (sinfo.tinfo.max_session_count != 1) {
+ /* We do not keep the session open in tokens that can
+ * only support a single session.
+ */
+ memcpy(&pkey->sinfo, &sinfo, sizeof(pkey->sinfo));
+ pkey->obj = obj;
+ return ret;
+ }
+
+ cleanup:
+ pkcs11_close_session(&sinfo);
+
+ return ret;
}
/*-
@@ -467,80 +445,74 @@ cleanup:
* negative error value.
-*/
int
-_gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+_gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
- ck_rv_t rv;
- int ret;
- struct ck_mechanism mech;
- unsigned long siglen;
- ck_object_handle_t obj;
- struct pkcs11_session_info _sinfo;
- struct pkcs11_session_info *sinfo;
-
- if (key->sinfo.init != 0)
- {
- sinfo = &key->sinfo;
- obj = key->obj;
- }
- else
- {
- sinfo = &_sinfo;
- memset(sinfo, 0, sizeof(*sinfo));
- FIND_OBJECT (sinfo, &key->pin, obj, key);
- }
-
- if (key->pk_algorithm != GNUTLS_PK_RSA)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- mech.mechanism = CKM_RSA_PKCS;
- mech.parameter = NULL;
- mech.parameter_len = 0;
-
- /* Initialize signing operation; using the private key discovered
- * earlier. */
- rv = pkcs11_decrypt_init (sinfo->module, sinfo->pks, &mech, obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* Work out how long the plaintext must be: */
- rv = pkcs11_decrypt (sinfo->module, sinfo->pks, ciphertext->data, ciphertext->size,
- NULL, &siglen);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- plaintext->data = gnutls_malloc (siglen);
- plaintext->size = siglen;
-
- rv = pkcs11_decrypt (sinfo->module, sinfo->pks, ciphertext->data, ciphertext->size,
- plaintext->data, &siglen);
- if (rv != CKR_OK)
- {
- gnutls_free (plaintext->data);
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- plaintext->size = siglen;
-
- ret = 0;
-
-cleanup:
- if (key->sinfo.init == 0)
- pkcs11_close_session (sinfo);
-
- return ret;
+ ck_rv_t rv;
+ int ret;
+ struct ck_mechanism mech;
+ unsigned long siglen;
+ ck_object_handle_t obj;
+ struct pkcs11_session_info _sinfo;
+ struct pkcs11_session_info *sinfo;
+
+ if (key->sinfo.init != 0) {
+ sinfo = &key->sinfo;
+ obj = key->obj;
+ } else {
+ sinfo = &_sinfo;
+ memset(sinfo, 0, sizeof(*sinfo));
+ FIND_OBJECT(sinfo, &key->pin, obj, key);
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ mech.mechanism = CKM_RSA_PKCS;
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+
+ /* Initialize signing operation; using the private key discovered
+ * earlier. */
+ rv = pkcs11_decrypt_init(sinfo->module, sinfo->pks, &mech, obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* Work out how long the plaintext must be: */
+ rv = pkcs11_decrypt(sinfo->module, sinfo->pks, ciphertext->data,
+ ciphertext->size, NULL, &siglen);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ plaintext->data = gnutls_malloc(siglen);
+ plaintext->size = siglen;
+
+ rv = pkcs11_decrypt(sinfo->module, sinfo->pks, ciphertext->data,
+ ciphertext->size, plaintext->data, &siglen);
+ if (rv != CKR_OK) {
+ gnutls_free(plaintext->data);
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ plaintext->size = siglen;
+
+ ret = 0;
+
+ cleanup:
+ if (key->sinfo.init == 0)
+ pkcs11_close_session(sinfo);
+
+ return ret;
}
/**
@@ -555,20 +527,19 @@ cleanup:
* negative error value.
**/
int
-gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
- gnutls_pkcs11_url_type_t detailed,
- char **url)
+gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url)
{
- int ret;
+ int ret;
- ret = pkcs11_info_to_url (key->info, detailed, url);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_info_to_url(key->info, detailed, url);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -590,11 +561,12 @@ gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
* Since: 3.0
**/
int
-gnutls_pkcs11_privkey_generate (const char* url, gnutls_pk_algorithm_t pk,
- unsigned int bits, const char* label,
- unsigned int flags)
+gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk,
+ unsigned int bits, const char *label,
+ unsigned int flags)
{
- return gnutls_pkcs11_privkey_generate2( url, pk, bits, label, 0, NULL, flags);
+ return gnutls_pkcs11_privkey_generate2(url, pk, bits, label, 0,
+ NULL, flags);
}
/**
@@ -619,229 +591,216 @@ gnutls_pkcs11_privkey_generate (const char* url, gnutls_pk_algorithm_t pk,
* Since: 3.1.5
**/
int
-gnutls_pkcs11_privkey_generate2 (const char* url, gnutls_pk_algorithm_t pk,
- unsigned int bits, const char* label,
- gnutls_x509_crt_fmt_t fmt,
- gnutls_datum_t * pubkey,
- unsigned int flags)
+gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
+ unsigned int bits, const char *label,
+ gnutls_x509_crt_fmt_t fmt,
+ gnutls_datum_t * pubkey,
+ unsigned int flags)
{
- int ret;
- const ck_bool_t tval = 1;
- const ck_bool_t fval = 0;
- struct pkcs11_session_info sinfo;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- struct ck_attribute a[10], p[10];
- ck_object_handle_t pub, priv;
- unsigned long _bits = bits;
- int a_val, p_val;
- struct ck_mechanism mech;
- gnutls_pubkey_t pkey = NULL;
- gnutls_pkcs11_obj_t obj = NULL;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pkcs11_open_session (&sinfo, NULL, info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* a holds the public key template
- * and p the private key */
- a_val = p_val = 0;
- mech.parameter = NULL;
- mech.parameter_len = 0;
- mech.mechanism = pk_to_genmech(pk);
-
- switch(pk)
- {
- case GNUTLS_PK_RSA:
- p[p_val].type = CKA_DECRYPT;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- p[p_val].type = CKA_SIGN;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- a[a_val].type = CKA_ENCRYPT;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_VERIFY;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_MODULUS_BITS;
- a[a_val].value = &_bits;
- a[a_val].value_len = sizeof (_bits);
- a_val++;
- break;
- case GNUTLS_PK_DSA:
- p[p_val].type = CKA_SIGN;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- a[a_val].type = CKA_VERIFY;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_MODULUS_BITS;
- a[a_val].value = &_bits;
- a[a_val].value_len = sizeof (_bits);
- a_val++;
- break;
- case GNUTLS_PK_EC:
- p[p_val].type = CKA_SIGN;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- a[a_val].type = CKA_VERIFY;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_MODULUS_BITS;
- a[a_val].value = &_bits;
- a[a_val].value_len = sizeof (_bits);
- a_val++;
- break;
- default:
- ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- goto cleanup;
- }
-
- /* a private key is set always as private unless
- * requested otherwise
- */
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
- {
- p[p_val].type = CKA_PRIVATE;
- p[p_val].value = (void*)&fval;
- p[p_val].value_len = sizeof(fval);
- p_val++;
- }
- else
- {
- p[p_val].type = CKA_PRIVATE;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
- }
-
- p[p_val].type = CKA_TOKEN;
- p[p_val].value = (void *)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- if (label)
- {
- p[p_val].type = CKA_LABEL;
- p[p_val].value = (void*)label;
- p[p_val].value_len = strlen (label);
- p_val++;
-
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void*)label;
- a[a_val].value_len = strlen (label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
- {
- p[p_val].type = CKA_SENSITIVE;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
- }
- else
- {
- p[p_val].type = CKA_SENSITIVE;
- p[p_val].value = (void*)&fval;
- p[p_val].value_len = sizeof (fval);
- p_val++;
- }
-
- rv = pkcs11_generate_key_pair( sinfo.module, sinfo.pks, &mech, a, a_val, p, p_val, &pub, &priv);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* extract the public key */
- if (pubkey)
- {
- ret = gnutls_pubkey_init(&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_pkcs11_obj_init(&obj);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- obj->pk_algorithm = pk;
- obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
- ret = pkcs11_read_pubkey(sinfo.module, sinfo.pks, pub, mech.mechanism, obj->pubkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_pkcs11 (pkey, obj, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export2 (pkey, fmt, pubkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
-
-cleanup:
- if (obj != NULL)
- gnutls_pkcs11_obj_deinit(obj);
- if (pkey != NULL)
- gnutls_pubkey_deinit(pkey);
- if (sinfo.pks != 0)
- pkcs11_close_session (&sinfo);
-
- return ret;
+ int ret;
+ const ck_bool_t tval = 1;
+ const ck_bool_t fval = 0;
+ struct pkcs11_session_info sinfo;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ struct ck_attribute a[10], p[10];
+ ck_object_handle_t pub, priv;
+ unsigned long _bits = bits;
+ int a_val, p_val;
+ struct ck_mechanism mech;
+ gnutls_pubkey_t pkey = NULL;
+ gnutls_pkcs11_obj_t obj = NULL;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session(&sinfo, NULL, info,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* a holds the public key template
+ * and p the private key */
+ a_val = p_val = 0;
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+ mech.mechanism = pk_to_genmech(pk);
+
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ p[p_val].type = CKA_DECRYPT;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ p[p_val].type = CKA_SIGN;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ a[a_val].type = CKA_ENCRYPT;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_VERIFY;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_MODULUS_BITS;
+ a[a_val].value = &_bits;
+ a[a_val].value_len = sizeof(_bits);
+ a_val++;
+ break;
+ case GNUTLS_PK_DSA:
+ p[p_val].type = CKA_SIGN;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ a[a_val].type = CKA_VERIFY;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_MODULUS_BITS;
+ a[a_val].value = &_bits;
+ a[a_val].value_len = sizeof(_bits);
+ a_val++;
+ break;
+ case GNUTLS_PK_EC:
+ p[p_val].type = CKA_SIGN;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ a[a_val].type = CKA_VERIFY;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_MODULUS_BITS;
+ a[a_val].value = &_bits;
+ a[a_val].value_len = sizeof(_bits);
+ a_val++;
+ break;
+ default:
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ goto cleanup;
+ }
+
+ /* a private key is set always as private unless
+ * requested otherwise
+ */
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) {
+ p[p_val].type = CKA_PRIVATE;
+ p[p_val].value = (void *) &fval;
+ p[p_val].value_len = sizeof(fval);
+ p_val++;
+ } else {
+ p[p_val].type = CKA_PRIVATE;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+ }
+
+ p[p_val].type = CKA_TOKEN;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ if (label) {
+ p[p_val].type = CKA_LABEL;
+ p[p_val].value = (void *) label;
+ p[p_val].value_len = strlen(label);
+ p_val++;
+
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen(label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) {
+ p[p_val].type = CKA_SENSITIVE;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+ } else {
+ p[p_val].type = CKA_SENSITIVE;
+ p[p_val].value = (void *) &fval;
+ p[p_val].value_len = sizeof(fval);
+ p_val++;
+ }
+
+ rv = pkcs11_generate_key_pair(sinfo.module, sinfo.pks, &mech, a,
+ a_val, p, p_val, &pub, &priv);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* extract the public key */
+ if (pubkey) {
+ ret = gnutls_pubkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pkcs11_obj_init(&obj);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ obj->pk_algorithm = pk;
+ obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
+ ret =
+ pkcs11_read_pubkey(sinfo.module, sinfo.pks, pub,
+ mech.mechanism, obj->pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_pkcs11(pkey, obj, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_export2(pkey, fmt, pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+
+ cleanup:
+ if (obj != NULL)
+ gnutls_pkcs11_obj_deinit(obj);
+ if (pkey != NULL)
+ gnutls_pubkey_deinit(pkey);
+ if (sinfo.pks != 0)
+ pkcs11_close_session(&sinfo);
+
+ return ret;
}
/**
@@ -858,10 +817,10 @@ cleanup:
*
**/
void
-gnutls_pkcs11_privkey_set_pin_function (gnutls_pkcs11_privkey_t key,
- gnutls_pin_callback_t fn,
- void *userdata)
+gnutls_pkcs11_privkey_set_pin_function(gnutls_pkcs11_privkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- key->pin.cb = fn;
- key->pin.data = userdata;
+ key->pin.cb = fn;
+ key->pin.data = userdata;
}
diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c
index eabcd95fc6..3d01912420 100644
--- a/lib/pkcs11_secret.c
+++ b/lib/pkcs11_secret.c
@@ -44,109 +44,105 @@
* Since: 2.12.0
**/
int
-gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key,
- const char *label,
- unsigned int key_usage, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
+gnutls_pkcs11_copy_secret_key(const char *token_url, gnutls_datum_t * key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- struct ck_attribute a[12];
- ck_object_class_t class = CKO_SECRET_KEY;
- ck_object_handle_t obj;
- ck_key_type_t keytype = CKK_GENERIC_SECRET;
- ck_bool_t tval = 1;
- int a_val;
- uint8_t id[16];
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* generate a unique ID */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof (id));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pkcs11_open_session (&sinfo, NULL, info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof (class);
- a[1].type = CKA_VALUE;
- a[1].value = key->data;
- a[1].value_len = key->size;
- a[2].type = CKA_TOKEN;
- a[2].value = &tval;
- a[2].value_len = sizeof (tval);
- a[3].type = CKA_PRIVATE;
- a[3].value = &tval;
- a[3].value_len = sizeof (tval);
- a[4].type = CKA_KEY_TYPE;
- a[4].value = &keytype;
- a[4].value_len = sizeof (keytype);
- a[5].type = CKA_ID;
- a[5].value = id;
- a[5].value_len = sizeof (id);
-
- a_val = 6;
-
- if (label)
- {
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void *) label;
- a[a_val].value_len = strlen (label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
- tval = 1;
- else
- tval = 0;
-
- a[a_val].type = CKA_SENSITIVE;
- a[a_val].value = &tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* generated!
- */
-
- ret = 0;
-
-cleanup:
- pkcs11_close_session (&sinfo);
-
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ struct ck_attribute a[12];
+ ck_object_class_t class = CKO_SECRET_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t keytype = CKK_GENERIC_SECRET;
+ ck_bool_t tval = 1;
+ int a_val;
+ uint8_t id[16];
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* generate a unique ID */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session(&sinfo, NULL, info,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof(class);
+ a[1].type = CKA_VALUE;
+ a[1].value = key->data;
+ a[1].value_len = key->size;
+ a[2].type = CKA_TOKEN;
+ a[2].value = &tval;
+ a[2].value_len = sizeof(tval);
+ a[3].type = CKA_PRIVATE;
+ a[3].value = &tval;
+ a[3].value_len = sizeof(tval);
+ a[4].type = CKA_KEY_TYPE;
+ a[4].value = &keytype;
+ a[4].value_len = sizeof(keytype);
+ a[5].type = CKA_ID;
+ a[5].value = id;
+ a[5].value_len = sizeof(id);
+
+ a_val = 6;
+
+ if (label) {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen(label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
+ tval = 1;
+ else
+ tval = 0;
+
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ rv = pkcs11_create_object(sinfo.module, sinfo.pks, a, a_val, &obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ ret = 0;
+
+ cleanup:
+ pkcs11_close_session(&sinfo);
+
+ return ret;
}
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 140147abd0..61971035e6 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -45,163 +45,153 @@ static const ck_bool_t fval = 0;
* Since: 2.12.0
**/
int
-gnutls_pkcs11_copy_x509_crt (const char *token_url,
- gnutls_x509_crt_t crt, const char *label,
- unsigned int flags)
+gnutls_pkcs11_copy_x509_crt(const char *token_url,
+ gnutls_x509_crt_t crt, const char *label,
+ unsigned int flags)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- size_t der_size, id_size;
- uint8_t *der = NULL;
- uint8_t id[20];
- struct ck_attribute a[16];
- ck_object_class_t class = CKO_CERTIFICATE;
- ck_certificate_type_t type = CKC_X_509;
- ck_object_handle_t obj;
- int a_val;
- gnutls_datum_t subject = { NULL, 0 };
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pkcs11_open_session (&sinfo, NULL, info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- der = gnutls_malloc (der_size);
- if (der == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- id_size = sizeof (id);
- ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_get_raw_dn (crt, &subject);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof (class);
- a[1].type = CKA_ID;
- a[1].value = id;
- a[1].value_len = id_size;
- a[2].type = CKA_VALUE;
- a[2].value = der;
- a[2].value_len = der_size;
- a[3].type = CKA_TOKEN;
- a[3].value = (void*)&tval;
- a[3].value_len = sizeof (tval);
- a[4].type = CKA_CERTIFICATE_TYPE;
- a[4].value = &type;
- a[4].value_len = sizeof (type);
-
- a_val = 5;
-
- a[a_val].type = CKA_SUBJECT;
- a[a_val].value = subject.data;
- a[a_val].value_len = subject.size;
- a_val++;
-
- if (label)
- {
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void *) label;
- a[a_val].value_len = strlen (label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
- {
- a[a_val].type = CKA_TRUSTED;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&fval;
- a[a_val].value_len = sizeof(fval);
- a_val++;
- }
- else
- {
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE)
- {
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof(tval);
- a_val++;
- }
- else if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
- {
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&fval;
- a[a_val].value_len = sizeof(fval);
- a_val++;
- }
- }
-
- rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* generated!
- */
-
- ret = 0;
-
-cleanup:
- gnutls_free (der);
- pkcs11_close_session (&sinfo);
- _gnutls_free_datum(&subject);
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ size_t der_size, id_size;
+ uint8_t *der = NULL;
+ uint8_t id[20];
+ struct ck_attribute a[16];
+ ck_object_class_t class = CKO_CERTIFICATE;
+ ck_certificate_type_t type = CKC_X_509;
+ ck_object_handle_t obj;
+ int a_val;
+ gnutls_datum_t subject = { NULL, 0 };
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session(&sinfo, NULL, info,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, NULL,
+ &der_size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ der = gnutls_malloc(der_size);
+ if (der == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, der,
+ &der_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ id_size = sizeof(id);
+ ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_get_raw_dn(crt, &subject);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof(class);
+ a[1].type = CKA_ID;
+ a[1].value = id;
+ a[1].value_len = id_size;
+ a[2].type = CKA_VALUE;
+ a[2].value = der;
+ a[2].value_len = der_size;
+ a[3].type = CKA_TOKEN;
+ a[3].value = (void *) &tval;
+ a[3].value_len = sizeof(tval);
+ a[4].type = CKA_CERTIFICATE_TYPE;
+ a[4].value = &type;
+ a[4].value_len = sizeof(type);
+
+ a_val = 5;
+
+ a[a_val].type = CKA_SUBJECT;
+ a[a_val].value = subject.data;
+ a[a_val].value_len = subject.size;
+ a_val++;
+
+ if (label) {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen(label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
+ a[a_val].type = CKA_TRUSTED;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ } else {
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE) {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ } else if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ }
+ }
+
+ rv = pkcs11_create_object(sinfo.module, sinfo.pks, a, a_val, &obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(der);
+ pkcs11_close_session(&sinfo);
+ _gnutls_free_datum(&subject);
+ return ret;
}
@@ -223,428 +213,410 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_pkcs11_copy_x509_privkey (const char *token_url,
- gnutls_x509_privkey_t key,
- const char *label,
- unsigned int key_usage, unsigned int flags)
+gnutls_pkcs11_copy_x509_privkey(const char *token_url,
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- size_t id_size;
- uint8_t id[20];
- struct ck_attribute a[16];
- ck_object_class_t class = CKO_PRIVATE_KEY;
- ck_object_handle_t obj;
- ck_key_type_t type;
- int a_val;
- gnutls_pk_algorithm_t pk;
- gnutls_datum_t p, q, g, y, x;
- gnutls_datum_t m, e, d, u, exp1, exp2;
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- memset(&p, 0, sizeof(p));
- memset(&q, 0, sizeof(q));
- memset(&g, 0, sizeof(g));
- memset(&y, 0, sizeof(y));
- memset(&x, 0, sizeof(x));
- memset(&m, 0, sizeof(m));
- memset(&e, 0, sizeof(e));
- memset(&d, 0, sizeof(d));
- memset(&u, 0, sizeof(u));
- memset(&exp1, 0, sizeof(exp1));
- memset(&exp2, 0, sizeof(exp2));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- id_size = sizeof (id);
- ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size);
- if (ret < 0)
- {
- p11_kit_uri_free (info);
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pkcs11_open_session (&sinfo, NULL, info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* FIXME: copy key usage flags */
- a_val = 0;
- a[a_val].type = CKA_CLASS;
- a[a_val].value = &class;
- a[a_val].value_len = sizeof (class);
- a_val++;
-
- a[a_val].type = CKA_ID;
- a[a_val].value = id;
- a[a_val].value_len = id_size;
- a_val++;
-
- a[a_val].type = CKA_KEY_TYPE;
- a[a_val].value = &type;
- a[a_val].value_len = sizeof (type);
- a_val++;
-
- a[a_val].type = CKA_TOKEN;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- /* a private key is set always as private unless
- * requested otherwise
- */
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
- {
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&fval;
- a[a_val].value_len = sizeof(fval);
- a_val++;
- }
- else
- {
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
- }
-
- if (label)
- {
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void *) label;
- a[a_val].value_len = strlen (label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
- {
- a[a_val].type = CKA_SENSITIVE;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
- }
- else
- {
- a[a_val].type = CKA_SENSITIVE;
- a[a_val].value = (void*)&fval;
- a[a_val].value_len = sizeof (fval);
- a_val++;
- }
-
- pk = gnutls_x509_privkey_get_pk_algorithm (key);
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- {
-
- ret =
- gnutls_x509_privkey_export_rsa_raw2 (key, &m,
- &e, &d, &p,
- &q, &u, &exp1, &exp2);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- type = CKK_RSA;
-
- a[a_val].type = CKA_MODULUS;
- a[a_val].value = m.data;
- a[a_val].value_len = m.size;
- a_val++;
-
- a[a_val].type = CKA_PUBLIC_EXPONENT;
- a[a_val].value = e.data;
- a[a_val].value_len = e.size;
- a_val++;
-
- a[a_val].type = CKA_PRIVATE_EXPONENT;
- a[a_val].value = d.data;
- a[a_val].value_len = d.size;
- a_val++;
-
- a[a_val].type = CKA_PRIME_1;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_PRIME_2;
- a[a_val].value = q.data;
- a[a_val].value_len = q.size;
- a_val++;
-
- a[a_val].type = CKA_COEFFICIENT;
- a[a_val].value = u.data;
- a[a_val].value_len = u.size;
- a_val++;
-
- a[a_val].type = CKA_EXPONENT_1;
- a[a_val].value = exp1.data;
- a[a_val].value_len = exp1.size;
- a_val++;
-
- a[a_val].type = CKA_EXPONENT_2;
- a[a_val].value = exp2.data;
- a[a_val].value_len = exp2.size;
- a_val++;
-
- break;
- }
- case GNUTLS_PK_DSA:
- {
- ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- type = CKK_DSA;
-
- a[a_val].type = CKA_PRIME;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_SUBPRIME;
- a[a_val].value = q.data;
- a[a_val].value_len = q.size;
- a_val++;
-
- a[a_val].type = CKA_BASE;
- a[a_val].value = g.data;
- a[a_val].value_len = g.size;
- a_val++;
-
- a[a_val].type = CKA_VALUE;
- a[a_val].value = x.data;
- a[a_val].value_len = x.size;
- a_val++;
-
- break;
- }
- case GNUTLS_PK_EC:
- {
- ret = _gnutls_x509_write_ecc_params(&key->params, &p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint_lz(&key->params.params[ECC_K], &x);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- type = CKK_ECDSA;
-
- a[a_val].type = CKA_EC_PARAMS;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_VALUE;
- a[a_val].value = x.data;
- a[a_val].value_len = x.size;
- a_val++;
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_free (m.data);
- gnutls_free (e.data);
- gnutls_free (d.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (u.data);
- gnutls_free (exp1.data);
- gnutls_free (exp2.data);
- break;
- }
- case GNUTLS_PK_DSA:
- {
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
- gnutls_free (x.data);
- break;
- }
- case GNUTLS_PK_EC:
- {
- gnutls_free (p.data);
- gnutls_free (x.data);
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- break;
- }
-
- if (sinfo.pks != 0)
- pkcs11_close_session (&sinfo);
-
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ size_t id_size;
+ uint8_t id[20];
+ struct ck_attribute a[16];
+ ck_object_class_t class = CKO_PRIVATE_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t type;
+ int a_val;
+ gnutls_pk_algorithm_t pk;
+ gnutls_datum_t p, q, g, y, x;
+ gnutls_datum_t m, e, d, u, exp1, exp2;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ memset(&p, 0, sizeof(p));
+ memset(&q, 0, sizeof(q));
+ memset(&g, 0, sizeof(g));
+ memset(&y, 0, sizeof(y));
+ memset(&x, 0, sizeof(x));
+ memset(&m, 0, sizeof(m));
+ memset(&e, 0, sizeof(e));
+ memset(&d, 0, sizeof(d));
+ memset(&u, 0, sizeof(u));
+ memset(&exp1, 0, sizeof(exp1));
+ memset(&exp2, 0, sizeof(exp2));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ id_size = sizeof(id);
+ ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size);
+ if (ret < 0) {
+ p11_kit_uri_free(info);
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session(&sinfo, NULL, info,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* FIXME: copy key usage flags */
+ a_val = 0;
+ a[a_val].type = CKA_CLASS;
+ a[a_val].value = &class;
+ a[a_val].value_len = sizeof(class);
+ a_val++;
+
+ a[a_val].type = CKA_ID;
+ a[a_val].value = id;
+ a[a_val].value_len = id_size;
+ a_val++;
+
+ a[a_val].type = CKA_KEY_TYPE;
+ a[a_val].value = &type;
+ a[a_val].value_len = sizeof(type);
+ a_val++;
+
+ a[a_val].type = CKA_TOKEN;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ /* a private key is set always as private unless
+ * requested otherwise
+ */
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ } else {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ }
+
+ if (label) {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen(label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) {
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ } else {
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = (void *) &fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ }
+
+ pk = gnutls_x509_privkey_get_pk_algorithm(key);
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ {
+
+ ret =
+ gnutls_x509_privkey_export_rsa_raw2(key, &m,
+ &e, &d, &p,
+ &q, &u,
+ &exp1,
+ &exp2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ type = CKK_RSA;
+
+ a[a_val].type = CKA_MODULUS;
+ a[a_val].value = m.data;
+ a[a_val].value_len = m.size;
+ a_val++;
+
+ a[a_val].type = CKA_PUBLIC_EXPONENT;
+ a[a_val].value = e.data;
+ a[a_val].value_len = e.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIVATE_EXPONENT;
+ a[a_val].value = d.data;
+ a[a_val].value_len = d.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIME_1;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIME_2;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
+
+ a[a_val].type = CKA_COEFFICIENT;
+ a[a_val].value = u.data;
+ a[a_val].value_len = u.size;
+ a_val++;
+
+ a[a_val].type = CKA_EXPONENT_1;
+ a[a_val].value = exp1.data;
+ a[a_val].value_len = exp1.size;
+ a_val++;
+
+ a[a_val].type = CKA_EXPONENT_2;
+ a[a_val].value = exp2.data;
+ a[a_val].value_len = exp2.size;
+ a_val++;
+
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ ret =
+ gnutls_x509_privkey_export_dsa_raw(key, &p, &q,
+ &g, &y, &x);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ type = CKK_DSA;
+
+ a[a_val].type = CKA_PRIME;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_SUBPRIME;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
+
+ a[a_val].type = CKA_BASE;
+ a[a_val].value = g.data;
+ a[a_val].value_len = g.size;
+ a_val++;
+
+ a[a_val].type = CKA_VALUE;
+ a[a_val].value = x.data;
+ a[a_val].value_len = x.size;
+ a_val++;
+
+ break;
+ }
+ case GNUTLS_PK_EC:
+ {
+ ret =
+ _gnutls_x509_write_ecc_params(&key->params,
+ &p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_mpi_dprint_lz(&key->params.
+ params[ECC_K], &x);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ type = CKK_ECDSA;
+
+ a[a_val].type = CKA_EC_PARAMS;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_VALUE;
+ a[a_val].value = x.data;
+ a[a_val].value_len = x.size;
+ a_val++;
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ rv = pkcs11_create_object(sinfo.module, sinfo.pks, a, a_val, &obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ gnutls_free(d.data);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(u.data);
+ gnutls_free(exp1.data);
+ gnutls_free(exp2.data);
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+ gnutls_free(x.data);
+ break;
+ }
+ case GNUTLS_PK_EC:
+ {
+ gnutls_free(p.data);
+ gnutls_free(x.data);
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ break;
+ }
+
+ if (sinfo.pks != 0)
+ pkcs11_close_session(&sinfo);
+
+ return ret;
}
-struct delete_data_st
-{
- struct p11_kit_uri *info;
- unsigned int deleted; /* how many */
+struct delete_data_st {
+ struct p11_kit_uri *info;
+ unsigned int deleted; /* how many */
};
static int
-delete_obj_url (struct pkcs11_session_info * sinfo,
- struct token_info *info,
- struct ck_info *lib_info, void *input)
+delete_obj_url(struct pkcs11_session_info *sinfo,
+ struct token_info *info,
+ struct ck_info *lib_info, void *input)
{
- struct delete_data_st *find_data = input;
- struct ck_attribute a[4];
- struct ck_attribute *attr;
- ck_object_class_t class;
- ck_certificate_type_t type = (ck_certificate_type_t)-1;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, a_vals;
- int found = 0, ret;
-
- if (info == NULL)
- { /* we don't support multiple calls */
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (!p11_kit_uri_match_module_info (find_data->info, lib_info) ||
- !p11_kit_uri_match_token_info (find_data->info, &info->tinfo))
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* Find objects with given class and type */
- class = CKO_CERTIFICATE; /* default */
- a_vals = 0;
-
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_CLASS);
- if (attr != NULL)
- {
- if(attr->value && attr->value_len == sizeof (ck_object_class_t))
- class = *((ck_object_class_t*)attr->value);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
- }
-
- a[a_vals].type = CKA_CLASS;
- a[a_vals].value = &class;
- a[a_vals].value_len = sizeof (class);
- a_vals++;
-
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_ID);
- if (attr != NULL)
- {
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- if (type != (ck_certificate_type_t)-1)
- {
- a[a_vals].type = CKA_CERTIFICATE_TYPE;
- a[a_vals].value = &type;
- a[a_vals].value_len = sizeof type;
- a_vals++;
- }
-
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_LABEL);
- if (attr != NULL)
- {
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, a_vals);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- rv = pkcs11_destroy_object (sinfo->module, sinfo->pks, obj);
- if (rv != CKR_OK)
- {
- _gnutls_debug_log
- ("pkcs11: Cannot destroy object: %s\n", pkcs11_strerror (rv));
- }
- else
- {
- find_data->deleted++;
- }
-
- found = 1;
- }
-
- if (found == 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- ret = 0;
- }
-
-cleanup:
- pkcs11_find_objects_final (sinfo);
-
- return ret;
+ struct delete_data_st *find_data = input;
+ struct ck_attribute a[4];
+ struct ck_attribute *attr;
+ ck_object_class_t class;
+ ck_certificate_type_t type = (ck_certificate_type_t) - 1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+
+ if (info == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (!p11_kit_uri_match_module_info(find_data->info, lib_info) ||
+ !p11_kit_uri_match_token_info(find_data->info, &info->tinfo)) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* Find objects with given class and type */
+ class = CKO_CERTIFICATE; /* default */
+ a_vals = 0;
+
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_CLASS);
+ if (attr != NULL) {
+ if (attr->value
+ && attr->value_len == sizeof(ck_object_class_t))
+ class = *((ck_object_class_t *) attr->value);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+ }
+
+ a[a_vals].type = CKA_CLASS;
+ a[a_vals].value = &class;
+ a[a_vals].value_len = sizeof(class);
+ a_vals++;
+
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_ID);
+ if (attr != NULL) {
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ if (type != (ck_certificate_type_t) - 1) {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
+ }
+
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_LABEL);
+ if (attr != NULL) {
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a,
+ a_vals);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ rv = pkcs11_destroy_object(sinfo->module, sinfo->pks, obj);
+ if (rv != CKR_OK) {
+ _gnutls_debug_log
+ ("pkcs11: Cannot destroy object: %s\n",
+ pkcs11_strerror(rv));
+ } else {
+ find_data->deleted++;
+ }
+
+ found = 1;
+ }
+
+ if (found == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ ret = 0;
+ }
+
+ cleanup:
+ pkcs11_find_objects_final(sinfo);
+
+ return ret;
}
@@ -661,33 +633,32 @@ cleanup:
*
* Since: 2.12.0
**/
-int
-gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags)
+int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags)
{
- int ret;
- struct delete_data_st find_data;
+ int ret;
+ struct delete_data_st find_data;
- memset (&find_data, 0, sizeof (find_data));
+ memset(&find_data, 0, sizeof(find_data));
- ret = pkcs11_url_to_info (object_url, &find_data.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_url_to_info(object_url, &find_data.info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret =
- _pkcs11_traverse_tokens (delete_obj_url, &find_data, find_data.info,
- NULL, SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (find_data.info);
+ ret =
+ _pkcs11_traverse_tokens(delete_obj_url, &find_data,
+ find_data.info, NULL,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(find_data.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return find_data.deleted;
+ return find_data.deleted;
}
@@ -705,48 +676,44 @@ gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags)
* negative error value.
**/
int
-gnutls_pkcs11_token_init (const char *token_url,
- const char *so_pin, const char *label)
+gnutls_pkcs11_token_init(const char *token_url,
+ const char *so_pin, const char *label)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- struct ck_function_list *module;
- ck_slot_id_t slot;
- char flabel[32];
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = pkcs11_find_slot (&module, &slot, info, NULL);
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* so it seems memset has other uses than zeroing! */
- memset (flabel, ' ', sizeof (flabel));
- if (label != NULL)
- memcpy (flabel, label, strlen (label));
-
- rv =
- pkcs11_init_token (module, slot, (uint8_t*)so_pin, strlen (so_pin),
- (uint8_t*)flabel);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- return pkcs11_rv_to_err (rv);
- }
-
- return 0;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ struct ck_function_list *module;
+ ck_slot_id_t slot;
+ char flabel[32];
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = pkcs11_find_slot(&module, &slot, info, NULL);
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* so it seems memset has other uses than zeroing! */
+ memset(flabel, ' ', sizeof(flabel));
+ if (label != NULL)
+ memcpy(flabel, label, strlen(label));
+
+ rv = pkcs11_init_token(module, slot, (uint8_t *) so_pin,
+ strlen(so_pin), (uint8_t *) flabel);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ return pkcs11_rv_to_err(rv);
+ }
+
+ return 0;
}
@@ -765,70 +732,66 @@ gnutls_pkcs11_token_init (const char *token_url,
* negative error value.
**/
int
-gnutls_pkcs11_token_set_pin (const char *token_url,
- const char *oldpin,
- const char *newpin, unsigned int flags)
+gnutls_pkcs11_token_set_pin(const char *token_url,
+ const char *oldpin,
+ const char *newpin, unsigned int flags)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- unsigned int ses_flags;
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (((flags & GNUTLS_PIN_USER) && oldpin == NULL) ||
- (flags & GNUTLS_PIN_SO))
- ses_flags = SESSION_WRITE | SESSION_LOGIN | SESSION_SO;
- else
- ses_flags = SESSION_WRITE | SESSION_LOGIN;
-
- ret = pkcs11_open_session (&sinfo, NULL, info, ses_flags);
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (oldpin == NULL)
- {
- rv = pkcs11_init_pin (sinfo.module, sinfo.pks, (uint8_t *) newpin, strlen (newpin));
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto finish;
- }
- }
- else
- {
- rv = pkcs11_set_pin (sinfo.module, sinfo.pks,
- oldpin, strlen (oldpin),
- newpin, strlen (newpin));
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto finish;
- }
- }
-
- ret = 0;
-
-finish:
- pkcs11_close_session (&sinfo);
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ unsigned int ses_flags;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (((flags & GNUTLS_PIN_USER) && oldpin == NULL) ||
+ (flags & GNUTLS_PIN_SO))
+ ses_flags = SESSION_WRITE | SESSION_LOGIN | SESSION_SO;
+ else
+ ses_flags = SESSION_WRITE | SESSION_LOGIN;
+
+ ret = pkcs11_open_session(&sinfo, NULL, info, ses_flags);
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (oldpin == NULL) {
+ rv = pkcs11_init_pin(sinfo.module, sinfo.pks,
+ (uint8_t *) newpin, strlen(newpin));
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n",
+ pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto finish;
+ }
+ } else {
+ rv = pkcs11_set_pin(sinfo.module, sinfo.pks,
+ oldpin, strlen(oldpin),
+ newpin, strlen(newpin));
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n",
+ pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto finish;
+ }
+ }
+
+ ret = 0;
+
+ finish:
+ pkcs11_close_session(&sinfo);
+ return ret;
}
@@ -846,47 +809,42 @@ finish:
* negative error value.
**/
int
-gnutls_pkcs11_token_get_random (const char *token_url,
- void *rnddata,
- size_t len)
+gnutls_pkcs11_token_get_random(const char *token_url,
+ void *rnddata, size_t len)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = pkcs11_open_session (&sinfo, NULL, info, 0);
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- rv = pkcs11_get_random(sinfo.module, sinfo.pks, rnddata, len);
- if (rv != CKR_OK)
- {
- gnutls_assert();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto finish;
- }
-
- ret = 0;
-
-finish:
- pkcs11_close_session (&sinfo);
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ struct pkcs11_session_info sinfo;
-}
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = pkcs11_open_session(&sinfo, NULL, info, 0);
+ p11_kit_uri_free(info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ rv = pkcs11_get_random(sinfo.module, sinfo.pks, rnddata, len);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto finish;
+ }
+
+ ret = 0;
+
+ finish:
+ pkcs11_close_session(&sinfo);
+ return ret;
+
+}
diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c
index daa5e4c263..ec4943db8d 100644
--- a/lib/pkix_asn1_tab.c
+++ b/lib/pkix_asn1_tab.c
@@ -1,503 +1,510 @@
#if HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <libtasn1.h>
const asn1_static_node pkix_asn1_tab[] = {
- { "PKIX1", 536875024, NULL },
- { NULL, 1073741836, NULL },
- { "id-pkix", 1879048204, NULL },
- { "iso", 1073741825, "1"},
- { "identified-organization", 1073741825, "3"},
- { "dod", 1073741825, "6"},
- { "internet", 1073741825, "1"},
- { "security", 1073741825, "5"},
- { "mechanisms", 1073741825, "5"},
- { "pkix", 1, "7"},
- { "PrivateKeyUsagePeriod", 1610612741, NULL },
- { "notBefore", 1610637349, NULL },
- { NULL, 4104, "0"},
- { "notAfter", 536895525, NULL },
- { NULL, 4104, "1"},
- { "AuthorityKeyIdentifier", 1610612741, NULL },
- { "keyIdentifier", 1610637314, "KeyIdentifier"},
- { NULL, 4104, "0"},
- { "authorityCertIssuer", 1610637314, "GeneralNames"},
- { NULL, 4104, "1"},
- { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"},
- { NULL, 4104, "2"},
- { "KeyIdentifier", 1073741831, NULL },
- { "SubjectKeyIdentifier", 1073741826, "KeyIdentifier"},
- { "KeyUsage", 1073741830, NULL },
- { "DirectoryString", 1610612754, NULL },
- { "teletexString", 1612709918, NULL },
- { "MAX", 524298, "1"},
- { "printableString", 1612709919, NULL },
- { "MAX", 524298, "1"},
- { "universalString", 1612709920, NULL },
- { "MAX", 524298, "1"},
- { "utf8String", 1612709922, NULL },
- { "MAX", 524298, "1"},
- { "bmpString", 1612709921, NULL },
- { "MAX", 524298, "1"},
- { "ia5String", 538968093, NULL },
- { "MAX", 524298, "1"},
- { "SubjectAltName", 1073741826, "GeneralNames"},
- { "GeneralNames", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "GeneralName"},
- { "GeneralName", 1610612754, NULL },
- { "otherName", 1610620930, "AnotherName"},
- { NULL, 4104, "0"},
- { "rfc822Name", 1610620957, NULL },
- { NULL, 4104, "1"},
- { "dNSName", 1610620957, NULL },
- { NULL, 4104, "2"},
- { "x400Address", 1610620941, NULL },
- { NULL, 4104, "3"},
- { "directoryName", 1610620930, "RDNSequence"},
- { NULL, 2056, "4"},
- { "ediPartyName", 1610620941, NULL },
- { NULL, 4104, "5"},
- { "uniformResourceIdentifier", 1610620957, NULL },
- { NULL, 4104, "6"},
- { "iPAddress", 1610620935, NULL },
- { NULL, 4104, "7"},
- { "registeredID", 536879116, NULL },
- { NULL, 4104, "8"},
- { "AnotherName", 1610612741, NULL },
- { "type-id", 1073741836, NULL },
- { "value", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "type-id", 1, NULL },
- { "IssuerAltName", 1073741826, "GeneralNames"},
- { "BasicConstraints", 1610612741, NULL },
- { "cA", 1610645508, NULL },
- { NULL, 131081, NULL },
- { "pathLenConstraint", 537411587, NULL },
- { "0", 10, "MAX"},
- { "CRLDistributionPoints", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "DistributionPoint"},
- { "DistributionPoint", 1610612741, NULL },
- { "distributionPoint", 1610637314, "DistributionPointName"},
- { NULL, 2056, "0"},
- { "reasons", 1610637314, "ReasonFlags"},
- { NULL, 4104, "1"},
- { "cRLIssuer", 536895490, "GeneralNames"},
- { NULL, 4104, "2"},
- { "DistributionPointName", 1610612754, NULL },
- { "fullName", 1610620930, "GeneralNames"},
- { NULL, 4104, "0"},
- { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"},
- { NULL, 4104, "1"},
- { "ReasonFlags", 1073741830, NULL },
- { "ExtKeyUsageSyntax", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "KeyPurposeId"},
- { "KeyPurposeId", 1073741836, NULL },
- { "AuthorityInfoAccessSyntax", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "AccessDescription"},
- { "AccessDescription", 1610612741, NULL },
- { "accessMethod", 1073741836, NULL },
- { "accessLocation", 2, "GeneralName"},
- { "Attribute", 1610612741, NULL },
- { "type", 1073741826, "AttributeType"},
- { "values", 536870927, NULL },
- { NULL, 2, "AttributeValue"},
- { "AttributeType", 1073741836, NULL },
- { "AttributeValue", 1614807053, NULL },
- { "type", 1, NULL },
- { "AttributeTypeAndValue", 1610612741, NULL },
- { "type", 1073741826, "AttributeType"},
- { "value", 2, "AttributeValue"},
- { "id-at", 1879048204, NULL },
- { "joint-iso-ccitt", 1073741825, "2"},
- { "ds", 1073741825, "5"},
- { NULL, 1, "4"},
- { "emailAddress", 1880096780, "AttributeType"},
- { "iso", 1073741825, "1"},
- { "member-body", 1073741825, "2"},
- { "us", 1073741825, "840"},
- { "rsadsi", 1073741825, "113549"},
- { "pkcs", 1073741825, "1"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "1"},
- { "Name", 1610612754, NULL },
- { "rdnSequence", 2, "RDNSequence"},
- { "RDNSequence", 1610612747, NULL },
- { NULL, 2, "RelativeDistinguishedName"},
- { "DistinguishedName", 1073741826, "RDNSequence"},
- { "RelativeDistinguishedName", 1612709903, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "AttributeTypeAndValue"},
- { "Certificate", 1610612741, NULL },
- { "tbsCertificate", 1073741826, "TBSCertificate"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "TBSCertificate", 1610612741, NULL },
- { "version", 1610653699, NULL },
- { NULL, 1073741833, "0"},
- { NULL, 2056, "0"},
- { "serialNumber", 1073741826, "CertificateSerialNumber"},
- { "signature", 1073741826, "AlgorithmIdentifier"},
- { "issuer", 1073741826, "Name"},
- { "validity", 1073741826, "Validity"},
- { "subject", 1073741826, "Name"},
- { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"},
- { "issuerUniqueID", 1610637314, "UniqueIdentifier"},
- { NULL, 4104, "1"},
- { "subjectUniqueID", 1610637314, "UniqueIdentifier"},
- { NULL, 4104, "2"},
- { "extensions", 536895490, "Extensions"},
- { NULL, 2056, "3"},
- { "CertificateSerialNumber", 1073741827, NULL },
- { "Validity", 1610612741, NULL },
- { "notBefore", 1073741826, "Time"},
- { "notAfter", 2, "Time"},
- { "Time", 1610612754, NULL },
- { "utcTime", 1073741860, NULL },
- { "generalTime", 37, NULL },
- { "UniqueIdentifier", 1073741830, NULL },
- { "SubjectPublicKeyInfo", 1610612741, NULL },
- { "algorithm", 1073741826, "AlgorithmIdentifier"},
- { "subjectPublicKey", 6, NULL },
- { "Extensions", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "Extension"},
- { "Extension", 1610612741, NULL },
- { "extnID", 1073741836, NULL },
- { "critical", 1610645508, NULL },
- { NULL, 131081, NULL },
- { "extnValue", 7, NULL },
- { "CertificateList", 1610612741, NULL },
- { "tbsCertList", 1073741826, "TBSCertList"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "TBSCertList", 1610612741, NULL },
- { "version", 1073758211, NULL },
- { "signature", 1073741826, "AlgorithmIdentifier"},
- { "issuer", 1073741826, "Name"},
- { "thisUpdate", 1073741826, "Time"},
- { "nextUpdate", 1073758210, "Time"},
- { "revokedCertificates", 1610629131, NULL },
- { NULL, 536870917, NULL },
- { "userCertificate", 1073741826, "CertificateSerialNumber"},
- { "revocationDate", 1073741826, "Time"},
- { "crlEntryExtensions", 16386, "Extensions"},
- { "crlExtensions", 536895490, "Extensions"},
- { NULL, 2056, "0"},
- { "AlgorithmIdentifier", 1610612741, NULL },
- { "algorithm", 1073741836, NULL },
- { "parameters", 541081613, NULL },
- { "algorithm", 1, NULL },
- { "Dss-Sig-Value", 1610612741, NULL },
- { "r", 1073741827, NULL },
- { "s", 3, NULL },
- { "DomainParameters", 1610612741, NULL },
- { "p", 1073741827, NULL },
- { "g", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "j", 1073758211, NULL },
- { "validationParms", 16386, "ValidationParms"},
- { "ValidationParms", 1610612741, NULL },
- { "seed", 1073741830, NULL },
- { "pgenCounter", 3, NULL },
- { "Dss-Parms", 1610612741, NULL },
- { "p", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "g", 3, NULL },
- { "CountryName", 1610620946, NULL },
- { NULL, 1073746952, "1"},
- { "x121-dcc-code", 1612709916, NULL },
- { NULL, 1048586, "ub-country-name-numeric-length"},
- { "iso-3166-alpha2-code", 538968095, NULL },
- { NULL, 1048586, "ub-country-name-alpha-length"},
- { "OrganizationName", 1612709919, NULL },
- { "ub-organization-name-length", 524298, "1"},
- { "NumericUserIdentifier", 1612709916, NULL },
- { "ub-numeric-user-id-length", 524298, "1"},
- { "OrganizationalUnitNames", 1612709899, NULL },
- { "ub-organizational-units", 1074266122, "1"},
- { NULL, 2, "OrganizationalUnitName"},
- { "OrganizationalUnitName", 1612709919, NULL },
- { "ub-organizational-unit-name-length", 524298, "1"},
- { "CommonName", 1073741855, NULL },
- { "pkcs-7-ContentInfo", 1610612741, NULL },
- { "contentType", 1073741826, "pkcs-7-ContentType"},
- { "content", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "contentType", 1, NULL },
- { "pkcs-7-DigestInfo", 1610612741, NULL },
- { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "digest", 7, NULL },
- { "pkcs-7-ContentType", 1073741836, NULL },
- { "pkcs-7-SignedData", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"},
- { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"},
- { "certificates", 1610637314, "pkcs-7-CertificateSet"},
- { NULL, 4104, "0"},
- { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"},
- { NULL, 4104, "1"},
- { "signerInfos", 2, "pkcs-7-SignerInfos"},
- { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL },
- { NULL, 2, "AlgorithmIdentifier"},
- { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL },
- { "eContentType", 1073741826, "pkcs-7-ContentType"},
- { "eContent", 536895495, NULL },
- { NULL, 2056, "0"},
- { "pkcs-7-CertificateRevocationLists", 1610612751, NULL },
- { NULL, 13, NULL },
- { "pkcs-7-CertificateChoices", 1610612754, NULL },
- { "certificate", 13, NULL },
- { "pkcs-7-CertificateSet", 1610612751, NULL },
- { NULL, 2, "pkcs-7-CertificateChoices"},
- { "pkcs-7-SignerInfos", 1610612751, NULL },
- { NULL, 13, NULL },
- { "pkcs-10-CertificationRequestInfo", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "subject", 1073741826, "Name"},
- { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"},
- { "attributes", 536879106, "Attributes"},
- { NULL, 4104, "0"},
- { "Attributes", 1610612751, NULL },
- { NULL, 2, "Attribute"},
- { "pkcs-10-CertificationRequest", 1610612741, NULL },
- { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "pkcs-9-at-challengePassword", 1879048204, NULL },
- { "iso", 1073741825, "1"},
- { "member-body", 1073741825, "2"},
- { "us", 1073741825, "840"},
- { "rsadsi", 1073741825, "113549"},
- { "pkcs", 1073741825, "1"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "7"},
- { "pkcs-9-challengePassword", 1610612754, NULL },
- { "printableString", 1073741855, NULL },
- { "utf8String", 34, NULL },
- { "pkcs-9-localKeyId", 1073741831, NULL },
- { "pkcs-8-PrivateKeyInfo", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "privateKey", 1073741831, NULL },
- { "attributes", 536895490, "Attributes"},
- { NULL, 4104, "0"},
- { "pkcs-8-Attributes", 1610612751, NULL },
- { NULL, 2, "Attribute"},
- { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL },
- { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "encryptedData", 2, "pkcs-8-EncryptedData"},
- { "pkcs-8-EncryptedData", 1073741831, NULL },
- { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "8"},
- { "pkcs-5-aes128-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-aes192-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-aes256-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-PBES2-params", 1610612741, NULL },
- { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"},
- { "encryptionScheme", 2, "AlgorithmIdentifier"},
- { "pkcs-5-PBKDF2-params", 1610612741, NULL },
- { "salt", 1610612754, NULL },
- { "specified", 1073741831, NULL },
- { "otherSource", 2, "AlgorithmIdentifier"},
- { "iterationCount", 1611137027, NULL },
- { "1", 10, "MAX"},
- { "keyLength", 1611153411, NULL },
- { "1", 10, "MAX"},
- { "prf", 16386, "AlgorithmIdentifier"},
- { "pkcs-12-PFX", 1610612741, NULL },
- { "version", 1610874883, NULL },
- { "v3", 1, "3"},
- { "authSafe", 1073741826, "pkcs-7-ContentInfo"},
- { "macData", 16386, "pkcs-12-MacData"},
- { "pkcs-12-PbeParams", 1610612741, NULL },
- { "salt", 1073741831, NULL },
- { "iterations", 3, NULL },
- { "pkcs-12-MacData", 1610612741, NULL },
- { "mac", 1073741826, "pkcs-7-DigestInfo"},
- { "macSalt", 1073741831, NULL },
- { "iterations", 536903683, NULL },
- { NULL, 9, "1"},
- { "pkcs-12-AuthenticatedSafe", 1610612747, NULL },
- { NULL, 2, "pkcs-7-ContentInfo"},
- { "pkcs-12-SafeContents", 1610612747, NULL },
- { NULL, 2, "pkcs-12-SafeBag"},
- { "pkcs-12-SafeBag", 1610612741, NULL },
- { "bagId", 1073741836, NULL },
- { "bagValue", 1614815245, NULL },
- { NULL, 1073743880, "0"},
- { "badId", 1, NULL },
- { "bagAttributes", 536887311, NULL },
- { NULL, 2, "Attribute"},
- { "pkcs-12-CertBag", 1610612741, NULL },
- { "certId", 1073741836, NULL },
- { "certValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "certId", 1, NULL },
- { "pkcs-12-CRLBag", 1610612741, NULL },
- { "crlId", 1073741836, NULL },
- { "crlValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "crlId", 1, NULL },
- { "pkcs-12-SecretBag", 1610612741, NULL },
- { "secretTypeId", 1073741836, NULL },
- { "secretValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "secretTypeId", 1, NULL },
- { "pkcs-7-Data", 1073741831, NULL },
- { "pkcs-7-EncryptedData", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"},
- { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"},
- { NULL, 4104, "1"},
- { "pkcs-7-EncryptedContentInfo", 1610612741, NULL },
- { "contentType", 1073741826, "pkcs-7-ContentType"},
- { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"},
- { "encryptedContent", 536895495, NULL },
- { NULL, 4104, "0"},
- { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
- { "pkcs-7-UnprotectedAttributes", 1612709903, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "Attribute"},
- { "ProxyCertInfo", 1610612741, NULL },
- { "pCPathLenConstraint", 1611153411, NULL },
- { "0", 10, "MAX"},
- { "proxyPolicy", 2, "ProxyPolicy"},
- { "ProxyPolicy", 1610612741, NULL },
- { "policyLanguage", 1073741836, NULL },
- { "policy", 16391, NULL },
- { "certificatePolicies", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "PolicyInformation"},
- { "PolicyInformation", 1610612741, NULL },
- { "policyIdentifier", 1073741836, NULL },
- { "policyQualifiers", 538984459, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "PolicyQualifierInfo"},
- { "PolicyQualifierInfo", 1610612741, NULL },
- { "policyQualifierId", 1073741836, NULL },
- { "qualifier", 541065229, NULL },
- { "policyQualifierId", 1, NULL },
- { "CPSuri", 1073741853, NULL },
- { "UserNotice", 1610612741, NULL },
- { "noticeRef", 1073758210, "NoticeReference"},
- { "explicitText", 16386, "DisplayText"},
- { "NoticeReference", 1610612741, NULL },
- { "organization", 1073741826, "DisplayText"},
- { "noticeNumbers", 536870923, NULL },
- { NULL, 3, NULL },
- { "DisplayText", 1610612754, NULL },
- { "ia5String", 1612709917, NULL },
- { "200", 524298, "1"},
- { "visibleString", 1612709923, NULL },
- { "200", 524298, "1"},
- { "bmpString", 1612709921, NULL },
- { "200", 524298, "1"},
- { "utf8String", 538968098, NULL },
- { "200", 524298, "1"},
- { "OCSPRequest", 1610612741, NULL },
- { "tbsRequest", 1073741826, "TBSRequest"},
- { "optionalSignature", 536895490, "Signature"},
- { NULL, 2056, "0"},
- { "TBSRequest", 1610612741, NULL },
- { "version", 1610653699, NULL },
- { NULL, 1073741833, "0"},
- { NULL, 2056, "0"},
- { "requestorName", 1610637314, "GeneralName"},
- { NULL, 2056, "1"},
- { "requestList", 1610612747, NULL },
- { NULL, 2, "Request"},
- { "requestExtensions", 536895490, "Extensions"},
- { NULL, 2056, "2"},
- { "Signature", 1610612741, NULL },
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 1073741830, NULL },
- { "certs", 536895499, NULL },
- { NULL, 1073743880, "0"},
- { NULL, 2, "Certificate"},
- { "Request", 1610612741, NULL },
- { "reqCert", 1073741826, "CertID"},
- { "singleRequestExtensions", 536895490, "Extensions"},
- { NULL, 2056, "0"},
- { "CertID", 1610612741, NULL },
- { "hashAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "issuerNameHash", 1073741831, NULL },
- { "issuerKeyHash", 1073741831, NULL },
- { "serialNumber", 2, "CertificateSerialNumber"},
- { "OCSPResponse", 1610612741, NULL },
- { "responseStatus", 1073741826, "OCSPResponseStatus"},
- { "responseBytes", 536895490, "ResponseBytes"},
- { NULL, 2056, "0"},
- { "OCSPResponseStatus", 1610874901, NULL },
- { "successful", 1073741825, "0"},
- { "malformedRequest", 1073741825, "1"},
- { "internalError", 1073741825, "2"},
- { "tryLater", 1073741825, "3"},
- { "sigRequired", 1073741825, "5"},
- { "unauthorized", 1, "6"},
- { "ResponseBytes", 1610612741, NULL },
- { "responseType", 1073741836, NULL },
- { "response", 7, NULL },
- { "BasicOCSPResponse", 1610612741, NULL },
- { "tbsResponseData", 1073741826, "ResponseData"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 1073741830, NULL },
- { "certs", 536895499, NULL },
- { NULL, 1073743880, "0"},
- { NULL, 2, "Certificate"},
- { "ResponseData", 1610612741, NULL },
- { "version", 1610653699, NULL },
- { NULL, 1073741833, "0"},
- { NULL, 2056, "0"},
- { "responderID", 1073741826, "ResponderID"},
- { "producedAt", 1073741861, NULL },
- { "responses", 1610612747, NULL },
- { NULL, 2, "SingleResponse"},
- { "responseExtensions", 536895490, "Extensions"},
- { NULL, 2056, "1"},
- { "ResponderID", 1610612754, NULL },
- { "byName", 1610620930, "RDNSequence"},
- { NULL, 2056, "1"},
- { "byKey", 536879111, NULL },
- { NULL, 4104, "2"},
- { "SingleResponse", 1610612741, NULL },
- { "certID", 1073741826, "CertID"},
- { "certStatus", 1073741826, "CertStatus"},
- { "thisUpdate", 1073741861, NULL },
- { "nextUpdate", 1610637349, NULL },
- { NULL, 2056, "0"},
- { "singleExtensions", 536895490, "Extensions"},
- { NULL, 2056, "1"},
- { "CertStatus", 1610612754, NULL },
- { "good", 1610620948, NULL },
- { NULL, 4104, "0"},
- { "revoked", 1610620930, "RevokedInfo"},
- { NULL, 4104, "1"},
- { "unknown", 536879106, "UnknownInfo"},
- { NULL, 4104, "2"},
- { "RevokedInfo", 1610612741, NULL },
- { "revocationTime", 1073741861, NULL },
- { "revocationReason", 536895490, "CRLReason"},
- { NULL, 2056, "0"},
- { "UnknownInfo", 1073741844, NULL },
- { "CRLReason", 537133077, NULL },
- { "unspecified", 1073741825, "0"},
- { "keyCompromise", 1073741825, "1"},
- { "cACompromise", 1073741825, "2"},
- { "affiliationChanged", 1073741825, "3"},
- { "superseded", 1073741825, "4"},
- { "cessationOfOperation", 1073741825, "5"},
- { "certificateHold", 1073741825, "6"},
- { "removeFromCRL", 1073741825, "8"},
- { "privilegeWithdrawn", 1073741825, "9"},
- { "aACompromise", 1, "10"},
- { NULL, 0, NULL }
+ {"PKIX1", 536875024, NULL},
+ {NULL, 1073741836, NULL},
+ {"id-pkix", 1879048204, NULL},
+ {"iso", 1073741825, "1"},
+ {"identified-organization", 1073741825, "3"},
+ {"dod", 1073741825, "6"},
+ {"internet", 1073741825, "1"},
+ {"security", 1073741825, "5"},
+ {"mechanisms", 1073741825, "5"},
+ {"pkix", 1, "7"},
+ {"PrivateKeyUsagePeriod", 1610612741, NULL},
+ {"notBefore", 1610637349, NULL},
+ {NULL, 4104, "0"},
+ {"notAfter", 536895525, NULL},
+ {NULL, 4104, "1"},
+ {"AuthorityKeyIdentifier", 1610612741, NULL},
+ {"keyIdentifier", 1610637314, "KeyIdentifier"},
+ {NULL, 4104, "0"},
+ {"authorityCertIssuer", 1610637314, "GeneralNames"},
+ {NULL, 4104, "1"},
+ {"authorityCertSerialNumber", 536895490,
+ "CertificateSerialNumber"},
+ {NULL, 4104, "2"},
+ {"KeyIdentifier", 1073741831, NULL},
+ {"SubjectKeyIdentifier", 1073741826, "KeyIdentifier"},
+ {"KeyUsage", 1073741830, NULL},
+ {"DirectoryString", 1610612754, NULL},
+ {"teletexString", 1612709918, NULL},
+ {"MAX", 524298, "1"},
+ {"printableString", 1612709919, NULL},
+ {"MAX", 524298, "1"},
+ {"universalString", 1612709920, NULL},
+ {"MAX", 524298, "1"},
+ {"utf8String", 1612709922, NULL},
+ {"MAX", 524298, "1"},
+ {"bmpString", 1612709921, NULL},
+ {"MAX", 524298, "1"},
+ {"ia5String", 538968093, NULL},
+ {"MAX", 524298, "1"},
+ {"SubjectAltName", 1073741826, "GeneralNames"},
+ {"GeneralNames", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "GeneralName"},
+ {"GeneralName", 1610612754, NULL},
+ {"otherName", 1610620930, "AnotherName"},
+ {NULL, 4104, "0"},
+ {"rfc822Name", 1610620957, NULL},
+ {NULL, 4104, "1"},
+ {"dNSName", 1610620957, NULL},
+ {NULL, 4104, "2"},
+ {"x400Address", 1610620941, NULL},
+ {NULL, 4104, "3"},
+ {"directoryName", 1610620930, "RDNSequence"},
+ {NULL, 2056, "4"},
+ {"ediPartyName", 1610620941, NULL},
+ {NULL, 4104, "5"},
+ {"uniformResourceIdentifier", 1610620957, NULL},
+ {NULL, 4104, "6"},
+ {"iPAddress", 1610620935, NULL},
+ {NULL, 4104, "7"},
+ {"registeredID", 536879116, NULL},
+ {NULL, 4104, "8"},
+ {"AnotherName", 1610612741, NULL},
+ {"type-id", 1073741836, NULL},
+ {"value", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"type-id", 1, NULL},
+ {"IssuerAltName", 1073741826, "GeneralNames"},
+ {"BasicConstraints", 1610612741, NULL},
+ {"cA", 1610645508, NULL},
+ {NULL, 131081, NULL},
+ {"pathLenConstraint", 537411587, NULL},
+ {"0", 10, "MAX"},
+ {"CRLDistributionPoints", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "DistributionPoint"},
+ {"DistributionPoint", 1610612741, NULL},
+ {"distributionPoint", 1610637314, "DistributionPointName"},
+ {NULL, 2056, "0"},
+ {"reasons", 1610637314, "ReasonFlags"},
+ {NULL, 4104, "1"},
+ {"cRLIssuer", 536895490, "GeneralNames"},
+ {NULL, 4104, "2"},
+ {"DistributionPointName", 1610612754, NULL},
+ {"fullName", 1610620930, "GeneralNames"},
+ {NULL, 4104, "0"},
+ {"nameRelativeToCRLIssuer", 536879106,
+ "RelativeDistinguishedName"},
+ {NULL, 4104, "1"},
+ {"ReasonFlags", 1073741830, NULL},
+ {"ExtKeyUsageSyntax", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "KeyPurposeId"},
+ {"KeyPurposeId", 1073741836, NULL},
+ {"AuthorityInfoAccessSyntax", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "AccessDescription"},
+ {"AccessDescription", 1610612741, NULL},
+ {"accessMethod", 1073741836, NULL},
+ {"accessLocation", 2, "GeneralName"},
+ {"Attribute", 1610612741, NULL},
+ {"type", 1073741826, "AttributeType"},
+ {"values", 536870927, NULL},
+ {NULL, 2, "AttributeValue"},
+ {"AttributeType", 1073741836, NULL},
+ {"AttributeValue", 1614807053, NULL},
+ {"type", 1, NULL},
+ {"AttributeTypeAndValue", 1610612741, NULL},
+ {"type", 1073741826, "AttributeType"},
+ {"value", 2, "AttributeValue"},
+ {"id-at", 1879048204, NULL},
+ {"joint-iso-ccitt", 1073741825, "2"},
+ {"ds", 1073741825, "5"},
+ {NULL, 1, "4"},
+ {"emailAddress", 1880096780, "AttributeType"},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"rsadsi", 1073741825, "113549"},
+ {"pkcs", 1073741825, "1"},
+ {NULL, 1073741825, "9"},
+ {NULL, 1, "1"},
+ {"Name", 1610612754, NULL},
+ {"rdnSequence", 2, "RDNSequence"},
+ {"RDNSequence", 1610612747, NULL},
+ {NULL, 2, "RelativeDistinguishedName"},
+ {"DistinguishedName", 1073741826, "RDNSequence"},
+ {"RelativeDistinguishedName", 1612709903, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "AttributeTypeAndValue"},
+ {"Certificate", 1610612741, NULL},
+ {"tbsCertificate", 1073741826, "TBSCertificate"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, NULL},
+ {"TBSCertificate", 1610612741, NULL},
+ {"version", 1610653699, NULL},
+ {NULL, 1073741833, "0"},
+ {NULL, 2056, "0"},
+ {"serialNumber", 1073741826, "CertificateSerialNumber"},
+ {"signature", 1073741826, "AlgorithmIdentifier"},
+ {"issuer", 1073741826, "Name"},
+ {"validity", 1073741826, "Validity"},
+ {"subject", 1073741826, "Name"},
+ {"subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"},
+ {"issuerUniqueID", 1610637314, "UniqueIdentifier"},
+ {NULL, 4104, "1"},
+ {"subjectUniqueID", 1610637314, "UniqueIdentifier"},
+ {NULL, 4104, "2"},
+ {"extensions", 536895490, "Extensions"},
+ {NULL, 2056, "3"},
+ {"CertificateSerialNumber", 1073741827, NULL},
+ {"Validity", 1610612741, NULL},
+ {"notBefore", 1073741826, "Time"},
+ {"notAfter", 2, "Time"},
+ {"Time", 1610612754, NULL},
+ {"utcTime", 1073741860, NULL},
+ {"generalTime", 37, NULL},
+ {"UniqueIdentifier", 1073741830, NULL},
+ {"SubjectPublicKeyInfo", 1610612741, NULL},
+ {"algorithm", 1073741826, "AlgorithmIdentifier"},
+ {"subjectPublicKey", 6, NULL},
+ {"Extensions", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "Extension"},
+ {"Extension", 1610612741, NULL},
+ {"extnID", 1073741836, NULL},
+ {"critical", 1610645508, NULL},
+ {NULL, 131081, NULL},
+ {"extnValue", 7, NULL},
+ {"CertificateList", 1610612741, NULL},
+ {"tbsCertList", 1073741826, "TBSCertList"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, NULL},
+ {"TBSCertList", 1610612741, NULL},
+ {"version", 1073758211, NULL},
+ {"signature", 1073741826, "AlgorithmIdentifier"},
+ {"issuer", 1073741826, "Name"},
+ {"thisUpdate", 1073741826, "Time"},
+ {"nextUpdate", 1073758210, "Time"},
+ {"revokedCertificates", 1610629131, NULL},
+ {NULL, 536870917, NULL},
+ {"userCertificate", 1073741826, "CertificateSerialNumber"},
+ {"revocationDate", 1073741826, "Time"},
+ {"crlEntryExtensions", 16386, "Extensions"},
+ {"crlExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "0"},
+ {"AlgorithmIdentifier", 1610612741, NULL},
+ {"algorithm", 1073741836, NULL},
+ {"parameters", 541081613, NULL},
+ {"algorithm", 1, NULL},
+ {"Dss-Sig-Value", 1610612741, NULL},
+ {"r", 1073741827, NULL},
+ {"s", 3, NULL},
+ {"DomainParameters", 1610612741, NULL},
+ {"p", 1073741827, NULL},
+ {"g", 1073741827, NULL},
+ {"q", 1073741827, NULL},
+ {"j", 1073758211, NULL},
+ {"validationParms", 16386, "ValidationParms"},
+ {"ValidationParms", 1610612741, NULL},
+ {"seed", 1073741830, NULL},
+ {"pgenCounter", 3, NULL},
+ {"Dss-Parms", 1610612741, NULL},
+ {"p", 1073741827, NULL},
+ {"q", 1073741827, NULL},
+ {"g", 3, NULL},
+ {"CountryName", 1610620946, NULL},
+ {NULL, 1073746952, "1"},
+ {"x121-dcc-code", 1612709916, NULL},
+ {NULL, 1048586, "ub-country-name-numeric-length"},
+ {"iso-3166-alpha2-code", 538968095, NULL},
+ {NULL, 1048586, "ub-country-name-alpha-length"},
+ {"OrganizationName", 1612709919, NULL},
+ {"ub-organization-name-length", 524298, "1"},
+ {"NumericUserIdentifier", 1612709916, NULL},
+ {"ub-numeric-user-id-length", 524298, "1"},
+ {"OrganizationalUnitNames", 1612709899, NULL},
+ {"ub-organizational-units", 1074266122, "1"},
+ {NULL, 2, "OrganizationalUnitName"},
+ {"OrganizationalUnitName", 1612709919, NULL},
+ {"ub-organizational-unit-name-length", 524298, "1"},
+ {"CommonName", 1073741855, NULL},
+ {"pkcs-7-ContentInfo", 1610612741, NULL},
+ {"contentType", 1073741826, "pkcs-7-ContentType"},
+ {"content", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"contentType", 1, NULL},
+ {"pkcs-7-DigestInfo", 1610612741, NULL},
+ {"digestAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"digest", 7, NULL},
+ {"pkcs-7-ContentType", 1073741836, NULL},
+ {"pkcs-7-SignedData", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"digestAlgorithms", 1073741826,
+ "pkcs-7-DigestAlgorithmIdentifiers"},
+ {"encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"},
+ {"certificates", 1610637314, "pkcs-7-CertificateSet"},
+ {NULL, 4104, "0"},
+ {"crls", 1610637314, "pkcs-7-CertificateRevocationLists"},
+ {NULL, 4104, "1"},
+ {"signerInfos", 2, "pkcs-7-SignerInfos"},
+ {"pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL},
+ {NULL, 2, "AlgorithmIdentifier"},
+ {"pkcs-7-EncapsulatedContentInfo", 1610612741, NULL},
+ {"eContentType", 1073741826, "pkcs-7-ContentType"},
+ {"eContent", 536895495, NULL},
+ {NULL, 2056, "0"},
+ {"pkcs-7-CertificateRevocationLists", 1610612751, NULL},
+ {NULL, 13, NULL},
+ {"pkcs-7-CertificateChoices", 1610612754, NULL},
+ {"certificate", 13, NULL},
+ {"pkcs-7-CertificateSet", 1610612751, NULL},
+ {NULL, 2, "pkcs-7-CertificateChoices"},
+ {"pkcs-7-SignerInfos", 1610612751, NULL},
+ {NULL, 13, NULL},
+ {"pkcs-10-CertificationRequestInfo", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"subject", 1073741826, "Name"},
+ {"subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"},
+ {"attributes", 536879106, "Attributes"},
+ {NULL, 4104, "0"},
+ {"Attributes", 1610612751, NULL},
+ {NULL, 2, "Attribute"},
+ {"pkcs-10-CertificationRequest", 1610612741, NULL},
+ {"certificationRequestInfo", 1073741826,
+ "pkcs-10-CertificationRequestInfo"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, NULL},
+ {"pkcs-9-at-challengePassword", 1879048204, NULL},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"rsadsi", 1073741825, "113549"},
+ {"pkcs", 1073741825, "1"},
+ {NULL, 1073741825, "9"},
+ {NULL, 1, "7"},
+ {"pkcs-9-challengePassword", 1610612754, NULL},
+ {"printableString", 1073741855, NULL},
+ {"utf8String", 34, NULL},
+ {"pkcs-9-localKeyId", 1073741831, NULL},
+ {"pkcs-8-PrivateKeyInfo", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"privateKey", 1073741831, NULL},
+ {"attributes", 536895490, "Attributes"},
+ {NULL, 4104, "0"},
+ {"pkcs-8-Attributes", 1610612751, NULL},
+ {NULL, 2, "Attribute"},
+ {"pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL},
+ {"encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"encryptedData", 2, "pkcs-8-EncryptedData"},
+ {"pkcs-8-EncryptedData", 1073741831, NULL},
+ {"pkcs-5-des-EDE3-CBC-params", 1612709895, NULL},
+ {NULL, 1048586, "8"},
+ {"pkcs-5-aes128-CBC-params", 1612709895, NULL},
+ {NULL, 1048586, "16"},
+ {"pkcs-5-aes192-CBC-params", 1612709895, NULL},
+ {NULL, 1048586, "16"},
+ {"pkcs-5-aes256-CBC-params", 1612709895, NULL},
+ {NULL, 1048586, "16"},
+ {"pkcs-5-PBES2-params", 1610612741, NULL},
+ {"keyDerivationFunc", 1073741826, "AlgorithmIdentifier"},
+ {"encryptionScheme", 2, "AlgorithmIdentifier"},
+ {"pkcs-5-PBKDF2-params", 1610612741, NULL},
+ {"salt", 1610612754, NULL},
+ {"specified", 1073741831, NULL},
+ {"otherSource", 2, "AlgorithmIdentifier"},
+ {"iterationCount", 1611137027, NULL},
+ {"1", 10, "MAX"},
+ {"keyLength", 1611153411, NULL},
+ {"1", 10, "MAX"},
+ {"prf", 16386, "AlgorithmIdentifier"},
+ {"pkcs-12-PFX", 1610612741, NULL},
+ {"version", 1610874883, NULL},
+ {"v3", 1, "3"},
+ {"authSafe", 1073741826, "pkcs-7-ContentInfo"},
+ {"macData", 16386, "pkcs-12-MacData"},
+ {"pkcs-12-PbeParams", 1610612741, NULL},
+ {"salt", 1073741831, NULL},
+ {"iterations", 3, NULL},
+ {"pkcs-12-MacData", 1610612741, NULL},
+ {"mac", 1073741826, "pkcs-7-DigestInfo"},
+ {"macSalt", 1073741831, NULL},
+ {"iterations", 536903683, NULL},
+ {NULL, 9, "1"},
+ {"pkcs-12-AuthenticatedSafe", 1610612747, NULL},
+ {NULL, 2, "pkcs-7-ContentInfo"},
+ {"pkcs-12-SafeContents", 1610612747, NULL},
+ {NULL, 2, "pkcs-12-SafeBag"},
+ {"pkcs-12-SafeBag", 1610612741, NULL},
+ {"bagId", 1073741836, NULL},
+ {"bagValue", 1614815245, NULL},
+ {NULL, 1073743880, "0"},
+ {"badId", 1, NULL},
+ {"bagAttributes", 536887311, NULL},
+ {NULL, 2, "Attribute"},
+ {"pkcs-12-CertBag", 1610612741, NULL},
+ {"certId", 1073741836, NULL},
+ {"certValue", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"certId", 1, NULL},
+ {"pkcs-12-CRLBag", 1610612741, NULL},
+ {"crlId", 1073741836, NULL},
+ {"crlValue", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"crlId", 1, NULL},
+ {"pkcs-12-SecretBag", 1610612741, NULL},
+ {"secretTypeId", 1073741836, NULL},
+ {"secretValue", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"secretTypeId", 1, NULL},
+ {"pkcs-7-Data", 1073741831, NULL},
+ {"pkcs-7-EncryptedData", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"encryptedContentInfo", 1073741826,
+ "pkcs-7-EncryptedContentInfo"},
+ {"unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"},
+ {NULL, 4104, "1"},
+ {"pkcs-7-EncryptedContentInfo", 1610612741, NULL},
+ {"contentType", 1073741826, "pkcs-7-ContentType"},
+ {"contentEncryptionAlgorithm", 1073741826,
+ "pkcs-7-ContentEncryptionAlgorithmIdentifier"},
+ {"encryptedContent", 536895495, NULL},
+ {NULL, 4104, "0"},
+ {"pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826,
+ "AlgorithmIdentifier"},
+ {"pkcs-7-UnprotectedAttributes", 1612709903, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "Attribute"},
+ {"ProxyCertInfo", 1610612741, NULL},
+ {"pCPathLenConstraint", 1611153411, NULL},
+ {"0", 10, "MAX"},
+ {"proxyPolicy", 2, "ProxyPolicy"},
+ {"ProxyPolicy", 1610612741, NULL},
+ {"policyLanguage", 1073741836, NULL},
+ {"policy", 16391, NULL},
+ {"certificatePolicies", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "PolicyInformation"},
+ {"PolicyInformation", 1610612741, NULL},
+ {"policyIdentifier", 1073741836, NULL},
+ {"policyQualifiers", 538984459, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "PolicyQualifierInfo"},
+ {"PolicyQualifierInfo", 1610612741, NULL},
+ {"policyQualifierId", 1073741836, NULL},
+ {"qualifier", 541065229, NULL},
+ {"policyQualifierId", 1, NULL},
+ {"CPSuri", 1073741853, NULL},
+ {"UserNotice", 1610612741, NULL},
+ {"noticeRef", 1073758210, "NoticeReference"},
+ {"explicitText", 16386, "DisplayText"},
+ {"NoticeReference", 1610612741, NULL},
+ {"organization", 1073741826, "DisplayText"},
+ {"noticeNumbers", 536870923, NULL},
+ {NULL, 3, NULL},
+ {"DisplayText", 1610612754, NULL},
+ {"ia5String", 1612709917, NULL},
+ {"200", 524298, "1"},
+ {"visibleString", 1612709923, NULL},
+ {"200", 524298, "1"},
+ {"bmpString", 1612709921, NULL},
+ {"200", 524298, "1"},
+ {"utf8String", 538968098, NULL},
+ {"200", 524298, "1"},
+ {"OCSPRequest", 1610612741, NULL},
+ {"tbsRequest", 1073741826, "TBSRequest"},
+ {"optionalSignature", 536895490, "Signature"},
+ {NULL, 2056, "0"},
+ {"TBSRequest", 1610612741, NULL},
+ {"version", 1610653699, NULL},
+ {NULL, 1073741833, "0"},
+ {NULL, 2056, "0"},
+ {"requestorName", 1610637314, "GeneralName"},
+ {NULL, 2056, "1"},
+ {"requestList", 1610612747, NULL},
+ {NULL, 2, "Request"},
+ {"requestExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "2"},
+ {"Signature", 1610612741, NULL},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 1073741830, NULL},
+ {"certs", 536895499, NULL},
+ {NULL, 1073743880, "0"},
+ {NULL, 2, "Certificate"},
+ {"Request", 1610612741, NULL},
+ {"reqCert", 1073741826, "CertID"},
+ {"singleRequestExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "0"},
+ {"CertID", 1610612741, NULL},
+ {"hashAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"issuerNameHash", 1073741831, NULL},
+ {"issuerKeyHash", 1073741831, NULL},
+ {"serialNumber", 2, "CertificateSerialNumber"},
+ {"OCSPResponse", 1610612741, NULL},
+ {"responseStatus", 1073741826, "OCSPResponseStatus"},
+ {"responseBytes", 536895490, "ResponseBytes"},
+ {NULL, 2056, "0"},
+ {"OCSPResponseStatus", 1610874901, NULL},
+ {"successful", 1073741825, "0"},
+ {"malformedRequest", 1073741825, "1"},
+ {"internalError", 1073741825, "2"},
+ {"tryLater", 1073741825, "3"},
+ {"sigRequired", 1073741825, "5"},
+ {"unauthorized", 1, "6"},
+ {"ResponseBytes", 1610612741, NULL},
+ {"responseType", 1073741836, NULL},
+ {"response", 7, NULL},
+ {"BasicOCSPResponse", 1610612741, NULL},
+ {"tbsResponseData", 1073741826, "ResponseData"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 1073741830, NULL},
+ {"certs", 536895499, NULL},
+ {NULL, 1073743880, "0"},
+ {NULL, 2, "Certificate"},
+ {"ResponseData", 1610612741, NULL},
+ {"version", 1610653699, NULL},
+ {NULL, 1073741833, "0"},
+ {NULL, 2056, "0"},
+ {"responderID", 1073741826, "ResponderID"},
+ {"producedAt", 1073741861, NULL},
+ {"responses", 1610612747, NULL},
+ {NULL, 2, "SingleResponse"},
+ {"responseExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "1"},
+ {"ResponderID", 1610612754, NULL},
+ {"byName", 1610620930, "RDNSequence"},
+ {NULL, 2056, "1"},
+ {"byKey", 536879111, NULL},
+ {NULL, 4104, "2"},
+ {"SingleResponse", 1610612741, NULL},
+ {"certID", 1073741826, "CertID"},
+ {"certStatus", 1073741826, "CertStatus"},
+ {"thisUpdate", 1073741861, NULL},
+ {"nextUpdate", 1610637349, NULL},
+ {NULL, 2056, "0"},
+ {"singleExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "1"},
+ {"CertStatus", 1610612754, NULL},
+ {"good", 1610620948, NULL},
+ {NULL, 4104, "0"},
+ {"revoked", 1610620930, "RevokedInfo"},
+ {NULL, 4104, "1"},
+ {"unknown", 536879106, "UnknownInfo"},
+ {NULL, 4104, "2"},
+ {"RevokedInfo", 1610612741, NULL},
+ {"revocationTime", 1073741861, NULL},
+ {"revocationReason", 536895490, "CRLReason"},
+ {NULL, 2056, "0"},
+ {"UnknownInfo", 1073741844, NULL},
+ {"CRLReason", 537133077, NULL},
+ {"unspecified", 1073741825, "0"},
+ {"keyCompromise", 1073741825, "1"},
+ {"cACompromise", 1073741825, "2"},
+ {"affiliationChanged", 1073741825, "3"},
+ {"superseded", 1073741825, "4"},
+ {"cessationOfOperation", 1073741825, "5"},
+ {"certificateHold", 1073741825, "6"},
+ {"removeFromCRL", 1073741825, "8"},
+ {"privilegeWithdrawn", 1073741825, "9"},
+ {"aACompromise", 1, "10"},
+ {NULL, 0, NULL}
};
diff --git a/lib/random.c b/lib/random.c
index ebfa21dc04..62fa785232 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -29,30 +29,25 @@
void *gnutls_rnd_ctx;
-int
-_gnutls_rnd_init (void)
+int _gnutls_rnd_init(void)
{
- if (_gnutls_rnd_ops.init != NULL)
- {
- if (_gnutls_rnd_ops.init (&gnutls_rnd_ctx) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RANDOM_FAILED;
- }
- }
+ if (_gnutls_rnd_ops.init != NULL) {
+ if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
+ }
- return 0;
+ return 0;
}
-void
-_gnutls_rnd_deinit (void)
+void _gnutls_rnd_deinit(void)
{
- if (_gnutls_rnd_ops.deinit != NULL)
- {
- _gnutls_rnd_ops.deinit (gnutls_rnd_ctx);
- }
+ if (_gnutls_rnd_ops.deinit != NULL) {
+ _gnutls_rnd_ops.deinit(gnutls_rnd_ctx);
+ }
- return;
+ return;
}
/**
@@ -68,10 +63,9 @@ _gnutls_rnd_deinit (void)
*
* Since: 2.12.0
**/
-int
-gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
+int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
{
- return _gnutls_rnd(level, data, len);
+ return _gnutls_rnd(level, data, len);
}
/**
@@ -85,8 +79,7 @@ gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
*
* Since: 3.1.7
**/
-void
-gnutls_rnd_refresh ()
+void gnutls_rnd_refresh()
{
- _gnutls_rnd_refresh();
+ _gnutls_rnd_refresh();
}
diff --git a/lib/random.h b/lib/random.h
index 5c0ea23555..0aa154527b 100644
--- a/lib/random.h
+++ b/lib/random.h
@@ -27,26 +27,25 @@
#include <crypto-backend.h>
extern int crypto_rnd_prio;
-extern void* gnutls_rnd_ctx;
+extern void *gnutls_rnd_ctx;
extern gnutls_crypto_rnd_st _gnutls_rnd_ops;
inline static int
-_gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
+_gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
{
- if (len > 0)
- {
- return _gnutls_rnd_ops.rnd (gnutls_rnd_ctx, level, data, len);
- }
- return 0;
+ if (len > 0) {
+ return _gnutls_rnd_ops.rnd(gnutls_rnd_ctx, level, data,
+ len);
+ }
+ return 0;
}
-inline static void
-_gnutls_rnd_refresh (void)
+inline static void _gnutls_rnd_refresh(void)
{
- _gnutls_rnd_ops.rnd_refresh (gnutls_rnd_ctx);
+ _gnutls_rnd_ops.rnd_refresh(gnutls_rnd_ctx);
}
-void _gnutls_rnd_deinit (void);
-int _gnutls_rnd_init (void);
+void _gnutls_rnd_deinit(void);
+int _gnutls_rnd_init(void);
#endif
diff --git a/lib/system.c b/lib/system.c
index 6dc604e404..ad91b24cf0 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -32,23 +32,26 @@
#define GNUTLS_PATH_MAX 1024
#ifdef _WIN32
-# include <windows.h>
-# include <wincrypt.h>
-# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
-typedef PCCRL_CONTEXT WINAPI (*Type_CertEnumCRLsInStore) (HCERTSTORE hCertStore, PCCRL_CONTEXT pPrevCrlContext);
+#include <windows.h>
+#include <wincrypt.h>
+#if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
+typedef PCCRL_CONTEXT WINAPI(*Type_CertEnumCRLsInStore) (HCERTSTORE
+ hCertStore,
+ PCCRL_CONTEXT
+ pPrevCrlContext);
static Type_CertEnumCRLsInStore Loaded_CertEnumCRLsInStore;
static HMODULE Crypt32_dll;
-# else
-# define Loaded_CertEnumCRLsInStore CertEnumCRLsInStore
-# endif
#else
-# ifdef HAVE_PTHREAD_LOCKS
-# include <pthread.h>
-# endif
+#define Loaded_CertEnumCRLsInStore CertEnumCRLsInStore
+#endif
+#else
+#ifdef HAVE_PTHREAD_LOCKS
+#include <pthread.h>
+#endif
-# if defined(HAVE_GETPWUID_R)
-# include <pwd.h>
-# endif
+#if defined(HAVE_GETPWUID_R)
+#include <pwd.h>
+#endif
#endif
/* We need to disable gnulib's replacement wrappers to get native
@@ -61,64 +64,62 @@ static HMODULE Crypt32_dll;
*/
#ifdef _WIN32
-int
-system_errno (gnutls_transport_ptr p)
+int system_errno(gnutls_transport_ptr p)
{
- int tmperr = WSAGetLastError ();
- int ret = 0;
- switch (tmperr)
- {
- case WSAEWOULDBLOCK:
- ret = EAGAIN;
- break;
- case NO_ERROR:
- ret = 0;
- break;
- case WSAEINTR:
- ret = EINTR;
- break;
- case WSAEMSGSIZE:
- ret = EMSGSIZE;
- break;
- default:
- ret = EIO;
- break;
- }
- WSASetLastError (tmperr);
-
- return ret;
+ int tmperr = WSAGetLastError();
+ int ret = 0;
+ switch (tmperr) {
+ case WSAEWOULDBLOCK:
+ ret = EAGAIN;
+ break;
+ case NO_ERROR:
+ ret = 0;
+ break;
+ case WSAEINTR:
+ ret = EINTR;
+ break;
+ case WSAEMSGSIZE:
+ ret = EMSGSIZE;
+ break;
+ default:
+ ret = EIO;
+ break;
+ }
+ WSASetLastError(tmperr);
+
+ return ret;
}
ssize_t
-system_write (gnutls_transport_ptr ptr, const void *data, size_t data_size)
+system_write(gnutls_transport_ptr ptr, const void *data, size_t data_size)
{
- return send (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
+ return send(GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
}
-#else /* POSIX */
-int
-system_errno (gnutls_transport_ptr_t ptr)
+#else /* POSIX */
+int system_errno(gnutls_transport_ptr_t ptr)
{
#if defined(_AIX) || defined(AIX)
- if (errno == 0) errno = EAGAIN;
+ if (errno == 0)
+ errno = EAGAIN;
#endif
- return errno;
+ return errno;
}
ssize_t
-system_writev (gnutls_transport_ptr_t ptr, const giovec_t * iovec,
- int iovec_cnt)
+system_writev(gnutls_transport_ptr_t ptr, const giovec_t * iovec,
+ int iovec_cnt)
{
- return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec,
- iovec_cnt);
+ return writev(GNUTLS_POINTER_TO_INT(ptr), (struct iovec *) iovec,
+ iovec_cnt);
}
#endif
ssize_t
-system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size)
+system_read(gnutls_transport_ptr_t ptr, void *data, size_t data_size)
{
- return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
+ return recv(GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
}
/* Wait for data to be received within a timeout period in milliseconds.
@@ -129,158 +130,142 @@ system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size)
*/
int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
{
-fd_set rfds;
-struct timeval tv;
-int ret;
-int fd = GNUTLS_POINTER_TO_INT(ptr);
-
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
-
- tv.tv_sec = 0;
- tv.tv_usec = ms * 1000;
-
- while(tv.tv_usec >= 1000000)
- {
- tv.tv_usec -= 1000000;
- tv.tv_sec++;
- }
-
- ret = select(fd+1, &rfds, NULL, NULL, &tv);
- if (ret <= 0)
- return ret;
-
- return ret;
+ fd_set rfds;
+ struct timeval tv;
+ int ret;
+ int fd = GNUTLS_POINTER_TO_INT(ptr);
+
+ FD_ZERO(&rfds);
+ FD_SET(fd, &rfds);
+
+ tv.tv_sec = 0;
+ tv.tv_usec = ms * 1000;
+
+ while (tv.tv_usec >= 1000000) {
+ tv.tv_usec -= 1000000;
+ tv.tv_sec++;
+ }
+
+ ret = select(fd + 1, &rfds, NULL, NULL, &tv);
+ if (ret <= 0)
+ return ret;
+
+ return ret;
}
/* Thread stuff */
#ifdef HAVE_WIN32_LOCKS
-static int
-gnutls_system_mutex_init (void **priv)
+static int gnutls_system_mutex_init(void **priv)
{
- CRITICAL_SECTION *lock = malloc (sizeof (CRITICAL_SECTION));
+ CRITICAL_SECTION *lock = malloc(sizeof(CRITICAL_SECTION));
- if (lock == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (lock == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- InitializeCriticalSection (lock);
+ InitializeCriticalSection(lock);
- *priv = lock;
+ *priv = lock;
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_deinit (void **priv)
+static int gnutls_system_mutex_deinit(void **priv)
{
- DeleteCriticalSection ((CRITICAL_SECTION *) * priv);
- free (*priv);
+ DeleteCriticalSection((CRITICAL_SECTION *) * priv);
+ free(*priv);
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_lock (void **priv)
+static int gnutls_system_mutex_lock(void **priv)
{
- EnterCriticalSection ((CRITICAL_SECTION *) * priv);
- return 0;
+ EnterCriticalSection((CRITICAL_SECTION *) * priv);
+ return 0;
}
-static int
-gnutls_system_mutex_unlock (void **priv)
+static int gnutls_system_mutex_unlock(void **priv)
{
- LeaveCriticalSection ((CRITICAL_SECTION *) * priv);
- return 0;
+ LeaveCriticalSection((CRITICAL_SECTION *) * priv);
+ return 0;
}
-#endif /* WIN32_LOCKS */
+#endif /* WIN32_LOCKS */
#ifdef HAVE_PTHREAD_LOCKS
-static int
-gnutls_system_mutex_init (void **priv)
+static int gnutls_system_mutex_init(void **priv)
{
- pthread_mutex_t *lock = malloc (sizeof (pthread_mutex_t));
- int ret;
+ pthread_mutex_t *lock = malloc(sizeof(pthread_mutex_t));
+ int ret;
- if (lock == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (lock == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- ret = pthread_mutex_init (lock, NULL);
- if (ret)
- {
- free (lock);
- gnutls_assert ();
- return GNUTLS_E_LOCKING_ERROR;
- }
+ ret = pthread_mutex_init(lock, NULL);
+ if (ret) {
+ free(lock);
+ gnutls_assert();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
- *priv = lock;
+ *priv = lock;
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_deinit (void **priv)
+static int gnutls_system_mutex_deinit(void **priv)
{
- pthread_mutex_destroy ((pthread_mutex_t *) * priv);
- free (*priv);
- return 0;
+ pthread_mutex_destroy((pthread_mutex_t *) * priv);
+ free(*priv);
+ return 0;
}
-static int
-gnutls_system_mutex_lock (void **priv)
+static int gnutls_system_mutex_lock(void **priv)
{
- if (pthread_mutex_lock ((pthread_mutex_t *) * priv))
- {
- gnutls_assert ();
- return GNUTLS_E_LOCKING_ERROR;
- }
+ if (pthread_mutex_lock((pthread_mutex_t *) * priv)) {
+ gnutls_assert();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_unlock (void **priv)
+static int gnutls_system_mutex_unlock(void **priv)
{
- if (pthread_mutex_unlock ((pthread_mutex_t *) * priv))
- {
- gnutls_assert ();
- return GNUTLS_E_LOCKING_ERROR;
- }
+ if (pthread_mutex_unlock((pthread_mutex_t *) * priv)) {
+ gnutls_assert();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
- return 0;
+ return 0;
}
-#endif /* PTHREAD_LOCKS */
+#endif /* PTHREAD_LOCKS */
#ifdef HAVE_NO_LOCKS
-static int
-gnutls_system_mutex_init (void **priv)
+static int gnutls_system_mutex_init(void **priv)
{
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_deinit (void **priv)
+static int gnutls_system_mutex_deinit(void **priv)
{
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_lock (void **priv)
+static int gnutls_system_mutex_lock(void **priv)
{
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_unlock (void **priv)
+static int gnutls_system_mutex_unlock(void **priv)
{
- return 0;
+ return 0;
}
-#endif /* NO_LOCKS */
+#endif /* NO_LOCKS */
gnutls_time_func gnutls_time = time;
mutex_init_func gnutls_mutex_init = gnutls_system_mutex_init;
@@ -288,37 +273,36 @@ mutex_deinit_func gnutls_mutex_deinit = gnutls_system_mutex_deinit;
mutex_lock_func gnutls_mutex_lock = gnutls_system_mutex_lock;
mutex_unlock_func gnutls_mutex_unlock = gnutls_system_mutex_unlock;
-int
-gnutls_system_global_init ()
+int gnutls_system_global_init()
{
#ifdef _WIN32
-# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
- HMODULE crypto;
- crypto = LoadLibraryA ("Crypt32.dll");
-
- if (crypto == NULL)
- return GNUTLS_E_CRYPTO_INIT_FAILED;
-
- Loaded_CertEnumCRLsInStore = (Type_CertEnumCRLsInStore) GetProcAddress (crypto, "CertEnumCRLsInStore");
- if (Loaded_CertEnumCRLsInStore == NULL)
- {
- FreeLibrary (crypto);
- return GNUTLS_E_CRYPTO_INIT_FAILED;
- }
-
- Crypt32_dll = crypto;
-# endif
+#if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
+ HMODULE crypto;
+ crypto = LoadLibraryA("Crypt32.dll");
+
+ if (crypto == NULL)
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+
+ Loaded_CertEnumCRLsInStore =
+ (Type_CertEnumCRLsInStore) GetProcAddress(crypto,
+ "CertEnumCRLsInStore");
+ if (Loaded_CertEnumCRLsInStore == NULL) {
+ FreeLibrary(crypto);
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+ }
+
+ Crypt32_dll = crypto;
+#endif
#endif
- return 0;
+ return 0;
}
-void
-gnutls_system_global_deinit ()
+void gnutls_system_global_deinit()
{
#ifdef _WIN32
-# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
- FreeLibrary (Crypt32_dll);
-# endif
+#if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
+ FreeLibrary(Crypt32_dll);
+#endif
#endif
}
@@ -328,227 +312,244 @@ gnutls_system_global_deinit ()
/* Returns a path to store user-specific configuration
* data.
*/
-int _gnutls_find_config_path(char* path, size_t max_size)
+int _gnutls_find_config_path(char *path, size_t max_size)
{
-char tmp_home_dir[GNUTLS_PATH_MAX];
-const char *home_dir = getenv ("HOME");
+ char tmp_home_dir[GNUTLS_PATH_MAX];
+ const char *home_dir = getenv("HOME");
#ifdef _WIN32
- if (home_dir == NULL || home_dir[0] == '\0')
- {
- const char *home_drive = getenv ("HOMEDRIVE");
- const char *home_path = getenv ("HOMEPATH");
-
- if (home_drive != NULL && home_path != NULL)
- {
- snprintf(tmp_home_dir, sizeof(tmp_home_dir), "%s%s", home_drive, home_path);
- }
- else
- {
- tmp_home_dir[0] = 0;
- }
-
- home_dir = tmp_home_dir;
- }
+ if (home_dir == NULL || home_dir[0] == '\0') {
+ const char *home_drive = getenv("HOMEDRIVE");
+ const char *home_path = getenv("HOMEPATH");
+
+ if (home_drive != NULL && home_path != NULL) {
+ snprintf(tmp_home_dir, sizeof(tmp_home_dir),
+ "%s%s", home_drive, home_path);
+ } else {
+ tmp_home_dir[0] = 0;
+ }
+
+ home_dir = tmp_home_dir;
+ }
#elif defined(HAVE_GETPWUID_R)
- if (home_dir == NULL || home_dir[0] == '\0')
- {
- struct passwd *pwd;
- struct passwd _pwd;
- char buf[1024];
-
- getpwuid_r(getuid(), &_pwd, buf, sizeof(buf), &pwd);
- if (pwd != NULL)
- {
- snprintf(tmp_home_dir, sizeof(tmp_home_dir), "%s", pwd->pw_dir);
- }
- else
- {
- tmp_home_dir[0] = 0;
- }
-
- home_dir = tmp_home_dir;
- }
+ if (home_dir == NULL || home_dir[0] == '\0') {
+ struct passwd *pwd;
+ struct passwd _pwd;
+ char buf[1024];
+
+ getpwuid_r(getuid(), &_pwd, buf, sizeof(buf), &pwd);
+ if (pwd != NULL) {
+ snprintf(tmp_home_dir, sizeof(tmp_home_dir), "%s",
+ pwd->pw_dir);
+ } else {
+ tmp_home_dir[0] = 0;
+ }
+
+ home_dir = tmp_home_dir;
+ }
#else
- if (home_dir == NULL || home_dir[0] == '\0')
- {
- tmp_home_dir[0] = 0;
- home_dir = tmp_home_dir;
- }
+ if (home_dir == NULL || home_dir[0] == '\0') {
+ tmp_home_dir[0] = 0;
+ home_dir = tmp_home_dir;
+ }
#endif
- if (home_dir == NULL || home_dir[0] == 0)
- path[0] = 0;
- else
- snprintf(path, max_size, "%s/"CONFIG_PATH, home_dir);
-
- return 0;
+ if (home_dir == NULL || home_dir[0] == 0)
+ path[0] = 0;
+ else
+ snprintf(path, max_size, "%s/" CONFIG_PATH, home_dir);
+
+ return 0;
}
#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11))
static
int
add_system_trust(gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags)
+ unsigned int tl_flags, unsigned int tl_vflags)
{
- int ret, r = 0;
- const char* crl_file =
-# ifdef DEFAULT_CRL_FILE
- DEFAULT_CRL_FILE;
-# else
- NULL;
-# endif
-
-# if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)
- ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_PKCS11, crl_file,
- GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
- if (ret > 0)
- r += ret;
-# endif
-
-# ifdef DEFAULT_TRUST_STORE_FILE
- ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_FILE, crl_file,
- GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags);
- if (ret > 0)
- r += ret;
-# endif
-
- return r;
+ int ret, r = 0;
+ const char *crl_file =
+#ifdef DEFAULT_CRL_FILE
+ DEFAULT_CRL_FILE;
+#else
+ NULL;
+#endif
+
+#if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)
+ ret =
+ gnutls_x509_trust_list_add_trust_file(list,
+ DEFAULT_TRUST_STORE_PKCS11,
+ crl_file,
+ GNUTLS_X509_FMT_DER,
+ tl_flags, tl_vflags);
+ if (ret > 0)
+ r += ret;
+#endif
+
+#ifdef DEFAULT_TRUST_STORE_FILE
+ ret =
+ gnutls_x509_trust_list_add_trust_file(list,
+ DEFAULT_TRUST_STORE_FILE,
+ crl_file,
+ GNUTLS_X509_FMT_PEM,
+ tl_flags, tl_vflags);
+ if (ret > 0)
+ r += ret;
+#endif
+
+ return r;
}
#elif defined(_WIN32)
static
-int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
+int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- char path[GNUTLS_PATH_MAX];
- unsigned int i;
- int r = 0;
-
- for (i=0;i<2;i++)
- {
- HCERTSTORE store;
- const CERT_CONTEXT *cert;
- const CRL_CONTEXT *crl;
- gnutls_datum_t data;
-
- if (i==0) store = CertOpenSystemStore(0, "ROOT");
- else store = CertOpenSystemStore(0, "CA");
-
- if (store == NULL) return GNUTLS_E_FILE_ERROR;
-
- cert = CertEnumCertificatesInStore(store, NULL);
- crl = Loaded_CertEnumCRLsInStore(store, NULL);
-
- while(cert != NULL)
- {
- if (cert->dwCertEncodingType == X509_ASN_ENCODING)
- {
- data.data = cert->pbCertEncoded;
- data.size = cert->cbCertEncoded;
- if (gnutls_x509_trust_list_add_trust_mem(list, &data, NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags) > 0)
- r++;
- }
- cert = CertEnumCertificatesInStore(store, cert);
- }
-
- while(crl != NULL)
- {
- if (crl->dwCertEncodingType == X509_ASN_ENCODING)
- {
- data.data = crl->pbCrlEncoded;
- data.size = crl->cbCrlEncoded;
- gnutls_x509_trust_list_add_trust_mem(list, NULL, &data, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
- }
- crl = Loaded_CertEnumCRLsInStore(store, crl);
- }
- CertCloseStore(store, 0);
- }
-
- return r;
+ char path[GNUTLS_PATH_MAX];
+ unsigned int i;
+ int r = 0;
+
+ for (i = 0; i < 2; i++) {
+ HCERTSTORE store;
+ const CERT_CONTEXT *cert;
+ const CRL_CONTEXT *crl;
+ gnutls_datum_t data;
+
+ if (i == 0)
+ store = CertOpenSystemStore(0, "ROOT");
+ else
+ store = CertOpenSystemStore(0, "CA");
+
+ if (store == NULL)
+ return GNUTLS_E_FILE_ERROR;
+
+ cert = CertEnumCertificatesInStore(store, NULL);
+ crl = Loaded_CertEnumCRLsInStore(store, NULL);
+
+ while (cert != NULL) {
+ if (cert->dwCertEncodingType == X509_ASN_ENCODING) {
+ data.data = cert->pbCertEncoded;
+ data.size = cert->cbCertEncoded;
+ if (gnutls_x509_trust_list_add_trust_mem
+ (list, &data, NULL,
+ GNUTLS_X509_FMT_DER, tl_flags,
+ tl_vflags) > 0)
+ r++;
+ }
+ cert = CertEnumCertificatesInStore(store, cert);
+ }
+
+ while (crl != NULL) {
+ if (crl->dwCertEncodingType == X509_ASN_ENCODING) {
+ data.data = crl->pbCrlEncoded;
+ data.size = crl->cbCrlEncoded;
+ gnutls_x509_trust_list_add_trust_mem(list,
+ NULL,
+ &data,
+ GNUTLS_X509_FMT_DER,
+ tl_flags,
+ tl_vflags);
+ }
+ crl = Loaded_CertEnumCRLsInStore(store, crl);
+ }
+ CertCloseStore(store, 0);
+ }
+
+ return r;
}
#elif defined(ANDROID) || defined(__ANDROID__)
-# include <dirent.h>
-# include <unistd.h>
-static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
+#include <dirent.h>
+#include <unistd.h>
+static int load_dir_certs(const char *dirname,
+ gnutls_x509_trust_list_t list,
+ unsigned int tl_flags, unsigned int tl_vflags,
+ unsigned type)
{
-DIR * dirp;
-struct dirent *d;
-int ret;
-int r = 0;
-char path[GNUTLS_PATH_MAX];
-
- dirp = opendir(dirname);
- if (dirp != NULL)
- {
- do
- {
- d = readdir(dirp);
- if (d != NULL && d->d_type == DT_REG)
- {
- snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name);
-
- ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags);
- if (ret >= 0)
- r += ret;
- }
- }
- while(d != NULL);
- closedir(dirp);
- }
-
- return r;
+ DIR *dirp;
+ struct dirent *d;
+ int ret;
+ int r = 0;
+ char path[GNUTLS_PATH_MAX];
+
+ dirp = opendir(dirname);
+ if (dirp != NULL) {
+ do {
+ d = readdir(dirp);
+ if (d != NULL && d->d_type == DT_REG) {
+ snprintf(path, sizeof(path), "%s/%s",
+ dirname, d->d_name);
+
+ ret =
+ gnutls_x509_trust_list_add_trust_file
+ (list, path, NULL, type, tl_flags,
+ tl_vflags);
+ if (ret >= 0)
+ r += ret;
+ }
+ }
+ while (d != NULL);
+ closedir(dirp);
+ }
+
+ return r;
}
static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
{
-DIR * dirp;
-struct dirent *d;
-int ret;
-int r = 0;
-char path[GNUTLS_PATH_MAX];
-
- dirp = opendir("/data/misc/keychain/cacerts-removed/");
- if (dirp != NULL)
- {
- do
- {
- d = readdir(dirp);
- if (d != NULL && d->d_type == DT_REG)
- {
- snprintf(path, sizeof(path), "/data/misc/keychain/cacerts-removed/%s", d->d_name);
-
- ret = gnutls_x509_trust_list_remove_trust_file(list, path, type);
- if (ret >= 0)
- r += ret;
- }
- }
- while(d != NULL);
- closedir(dirp);
- }
-
- return r;
+ DIR *dirp;
+ struct dirent *d;
+ int ret;
+ int r = 0;
+ char path[GNUTLS_PATH_MAX];
+
+ dirp = opendir("/data/misc/keychain/cacerts-removed/");
+ if (dirp != NULL) {
+ do {
+ d = readdir(dirp);
+ if (d != NULL && d->d_type == DT_REG) {
+ snprintf(path, sizeof(path),
+ "/data/misc/keychain/cacerts-removed/%s",
+ d->d_name);
+
+ ret =
+ gnutls_x509_trust_list_remove_trust_file
+ (list, path, type);
+ if (ret >= 0)
+ r += ret;
+ }
+ }
+ while (d != NULL);
+ closedir(dirp);
+ }
+
+ return r;
}
/* This works on android 4.x
*/
static
-int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
+int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- int r = 0, ret;
+ int r = 0, ret;
- ret = load_dir_certs("/system/etc/security/cacerts/", list, tl_flags, tl_vflags, GNUTLS_X509_FMT_PEM);
- if (ret >= 0)
- r += ret;
+ ret =
+ load_dir_certs("/system/etc/security/cacerts/", list, tl_flags,
+ tl_vflags, GNUTLS_X509_FMT_PEM);
+ if (ret >= 0)
+ r += ret;
- ret = load_revoked_certs(list, GNUTLS_X509_FMT_DER);
- if (ret >= 0)
- r -= ret;
+ ret = load_revoked_certs(list, GNUTLS_X509_FMT_DER);
+ if (ret >= 0)
+ r -= ret;
- ret = load_dir_certs("/data/misc/keychain/cacerts-added/", list, tl_flags, tl_vflags, GNUTLS_X509_FMT_DER);
- if (ret >= 0)
- r += ret;
+ ret =
+ load_dir_certs("/data/misc/keychain/cacerts-added/", list,
+ tl_flags, tl_vflags, GNUTLS_X509_FMT_DER);
+ if (ret >= 0)
+ r += ret;
- return r;
+ return r;
}
#else
@@ -572,154 +573,155 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsig
**/
int
gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags)
+ unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- return add_system_trust(list, tl_flags, tl_vflags);
+ return add_system_trust(list, tl_flags, tl_vflags);
}
#if defined(HAVE_ICONV) || defined(HAVE_LIBICONV)
-# include <iconv.h>
+#include <iconv.h>
-int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output)
+int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ gnutls_datum_t * output)
{
-iconv_t conv;
-int ret;
-size_t orig, dstlen = size*2;
-char* src = (void*)data;
-char* dst = NULL, *pdst;
-
- if (size == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- conv = iconv_open("UTF-8", "UTF-16BE");
- if (conv == (iconv_t)-1)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- /* Note that dstlen has enough size for every possible input characters.
- * (remember the in UTF-16 the characters in data are at most size/2,
- * and we allocate 4 bytes per character).
- */
- pdst = dst = gnutls_malloc(dstlen+1);
- if (dst == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
- }
-
- orig = dstlen;
- ret = iconv(conv, &src, &size, &pdst, &dstlen);
- if (ret == -1)
- {
- ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- goto fail;
- }
-
- output->data = (void*)dst;
- output->size = orig-dstlen;
- output->data[output->size] = 0;
-
- ret = 0;
- goto cleanup;
-
-fail:
- gnutls_free(dst);
-
-cleanup:
- iconv_close(conv);
-
- return ret;
+ iconv_t conv;
+ int ret;
+ size_t orig, dstlen = size * 2;
+ char *src = (void *) data;
+ char *dst = NULL, *pdst;
+
+ if (size == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ conv = iconv_open("UTF-8", "UTF-16BE");
+ if (conv == (iconv_t) - 1)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ /* Note that dstlen has enough size for every possible input characters.
+ * (remember the in UTF-16 the characters in data are at most size/2,
+ * and we allocate 4 bytes per character).
+ */
+ pdst = dst = gnutls_malloc(dstlen + 1);
+ if (dst == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+ }
+
+ orig = dstlen;
+ ret = iconv(conv, &src, &size, &pdst, &dstlen);
+ if (ret == -1) {
+ ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ goto fail;
+ }
+
+ output->data = (void *) dst;
+ output->size = orig - dstlen;
+ output->data[output->size] = 0;
+
+ ret = 0;
+ goto cleanup;
+
+ fail:
+ gnutls_free(dst);
+
+ cleanup:
+ iconv_close(conv);
+
+ return ret;
}
#elif defined(_WIN32)
#include <winnls.h>
/* Can convert only english */
-int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output)
+int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ gnutls_datum_t * output)
{
-int ret;
-unsigned i;
-int len = 0, src_len;
-char* dst = NULL;
-char* src = NULL;
-
- src_len = size/2;
-
- src = gnutls_malloc(size);
- if (src == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- /* convert to LE */
- for (i=0;i<size;i+=2)
- {
- src[i] = ((char*)data)[1+i];
- src[1+i] = ((char*)data)[i];
- }
-
- ret = WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS, (void*)src, src_len,
- NULL, 0, NULL, NULL);
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- goto fail;
- }
-
- len = ret+1;
- dst = gnutls_malloc(len);
- if (dst == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
- }
-
- ret = WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS, (void*)src, src_len,
- dst, len, NULL, NULL);
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- goto fail;
- }
-
- dst[len-1] = 0;
- output->data = dst;
- output->size = ret;
- ret = 0;
- goto cleanup;
-
-fail:
- gnutls_free(dst);
-
-cleanup:
- gnutls_free(src);
- return ret;
+ int ret;
+ unsigned i;
+ int len = 0, src_len;
+ char *dst = NULL;
+ char *src = NULL;
+
+ src_len = size / 2;
+
+ src = gnutls_malloc(size);
+ if (src == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ /* convert to LE */
+ for (i = 0; i < size; i += 2) {
+ src[i] = ((char *) data)[1 + i];
+ src[1 + i] = ((char *) data)[i];
+ }
+
+ ret =
+ WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS,
+ (void *) src, src_len, NULL, 0, NULL,
+ NULL);
+ if (ret == 0) {
+ ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ goto fail;
+ }
+
+ len = ret + 1;
+ dst = gnutls_malloc(len);
+ if (dst == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+ }
+
+ ret =
+ WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS,
+ (void *) src, src_len, dst, len, NULL,
+ NULL);
+ if (ret == 0) {
+ ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ goto fail;
+ }
+
+ dst[len - 1] = 0;
+ output->data = dst;
+ output->size = ret;
+ ret = 0;
+ goto cleanup;
+
+ fail:
+ gnutls_free(dst);
+
+ cleanup:
+ gnutls_free(src);
+ return ret;
}
#else
/* Can convert only english (ASCII) */
-int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output)
+int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ gnutls_datum_t * output)
{
-unsigned int i, j;
-char* dst;
-const char *src = data;
-
- if (size == 0 || size % 2 != 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- dst = gnutls_malloc(size+1);
- if (dst == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- for (i=j=0;i<size;i+=2,j++)
- {
- if (src[i] != 0 || !c_isascii(src[i+1]))
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- dst[j] = src[i+1];
- }
-
- output->data = (void*)dst;
- output->size = j;
- output->data[output->size] = 0;
-
- return 0;
+ unsigned int i, j;
+ char *dst;
+ const char *src = data;
+
+ if (size == 0 || size % 2 != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ dst = gnutls_malloc(size + 1);
+ if (dst == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ for (i = j = 0; i < size; i += 2, j++) {
+ if (src[i] != 0 || !c_isascii(src[i + 1]))
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ dst[j] = src[i + 1];
+ }
+
+ output->data = (void *) dst;
+ output->size = j;
+ output->data[output->size] = 0;
+
+ return 0;
}
#endif
diff --git a/lib/system.h b/lib/system.h
index d2bfa27a6e..b2a73e7677 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -28,23 +28,24 @@
#include <sys/time.h>
#ifndef _WIN32
-# include <sys/uio.h> /* for writev */
+#include <sys/uio.h> /* for writev */
#else
-# include <windows.h> /* for Sleep */
+#include <windows.h> /* for Sleep */
#endif
-int system_errno (gnutls_transport_ptr_t);
+int system_errno(gnutls_transport_ptr_t);
int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms);
#ifdef _WIN32
-ssize_t system_write (gnutls_transport_ptr_t ptr, const void *data,
- size_t data_size);
+ssize_t system_write(gnutls_transport_ptr_t ptr, const void *data,
+ size_t data_size);
#else
#define HAVE_WRITEV
-ssize_t system_writev (gnutls_transport_ptr_t ptr, const giovec_t * iovec,
- int iovec_cnt);
+ssize_t system_writev(gnutls_transport_ptr_t ptr, const giovec_t * iovec,
+ int iovec_cnt);
#endif
-ssize_t system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size);
+ssize_t system_read(gnutls_transport_ptr_t ptr, void *data,
+ size_t data_size);
#ifdef _WIN32
#define HAVE_WIN32_LOCKS
@@ -61,36 +62,36 @@ extern gnutls_time_func gnutls_time;
static inline void millisleep(unsigned int ms)
{
#ifdef _WIN32
- Sleep(ms);
+ Sleep(ms);
#else
- struct timespec ts;
+ struct timespec ts;
- ts.tv_sec = 0;
- ts.tv_nsec = ms*1000*1000;
-
- nanosleep(&ts, NULL);
+ ts.tv_sec = 0;
+ ts.tv_nsec = ms * 1000 * 1000;
+
+ nanosleep(&ts, NULL);
#endif
}
/* emulate gnulib's gettime using gettimeofday to avoid linking to
* librt */
-inline static void
-gettime (struct timespec *t)
+inline static void gettime(struct timespec *t)
{
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_REALTIME)
- clock_gettime (CLOCK_REALTIME, t);
+ clock_gettime(CLOCK_REALTIME, t);
#else
-struct timeval tv;
- gettimeofday (&tv, NULL);
- t->tv_sec = tv.tv_sec;
- t->tv_nsec = tv.tv_usec * 1000;
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ t->tv_sec = tv.tv_sec;
+ t->tv_nsec = tv.tv_usec * 1000;
#endif
}
-int _gnutls_find_config_path(char* path, size_t max_size);
-int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output);
+int _gnutls_find_config_path(char *path, size_t max_size);
+int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ gnutls_datum_t * output);
-int gnutls_system_global_init (void);
-void gnutls_system_global_deinit (void);
+int gnutls_system_global_init(void);
+void gnutls_system_global_deinit(void);
-#endif /* SYSTEM_H */
+#endif /* SYSTEM_H */
diff --git a/lib/system_override.c b/lib/system_override.c
index 2fa82df0b3..d673f2dd90 100644
--- a/lib/system_override.c
+++ b/lib/system_override.c
@@ -36,7 +36,7 @@
#include <errno.h>
#ifdef _WIN32
-# include <windows.h>
+#include <windows.h>
#endif
/**
@@ -56,10 +56,9 @@
* msvcr71.dll and gnutls is linked to msvcrt.dll).
*
**/
-void
-gnutls_transport_set_errno (gnutls_session_t session, int err)
+void gnutls_transport_set_errno(gnutls_session_t session, int err)
{
- session->internals.errnum = err;
+ session->internals.errnum = err;
}
/**
@@ -77,10 +76,10 @@ gnutls_transport_set_errno (gnutls_session_t session, int err)
* ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t);
**/
void
-gnutls_transport_set_pull_function (gnutls_session_t session,
- gnutls_pull_func pull_func)
+gnutls_transport_set_pull_function(gnutls_session_t session,
+ gnutls_pull_func pull_func)
{
- session->internals.pull_func = pull_func;
+ session->internals.pull_func = pull_func;
}
/**
@@ -104,10 +103,10 @@ gnutls_transport_set_pull_function (gnutls_session_t session,
* Since: 3.0
**/
void
-gnutls_transport_set_pull_timeout_function (gnutls_session_t session,
- gnutls_pull_timeout_func func)
+gnutls_transport_set_pull_timeout_function(gnutls_session_t session,
+ gnutls_pull_timeout_func func)
{
- session->internals.pull_timeout_func = func;
+ session->internals.pull_timeout_func = func;
}
/**
@@ -128,11 +127,11 @@ gnutls_transport_set_pull_timeout_function (gnutls_session_t session,
*
**/
void
-gnutls_transport_set_push_function (gnutls_session_t session,
- gnutls_push_func push_func)
+gnutls_transport_set_push_function(gnutls_session_t session,
+ gnutls_push_func push_func)
{
- session->internals.push_func = push_func;
- session->internals.vec_push_func = NULL;
+ session->internals.push_func = push_func;
+ session->internals.vec_push_func = NULL;
}
/**
@@ -151,11 +150,11 @@ gnutls_transport_set_push_function (gnutls_session_t session,
* Since: 2.12.0
**/
void
-gnutls_transport_set_vec_push_function (gnutls_session_t session,
- gnutls_vec_push_func vec_func)
+gnutls_transport_set_vec_push_function(gnutls_session_t session,
+ gnutls_vec_push_func vec_func)
{
- session->internals.push_func = NULL;
- session->internals.vec_push_func = vec_func;
+ session->internals.push_func = NULL;
+ session->internals.vec_push_func = vec_func;
}
/**
@@ -173,8 +172,8 @@ gnutls_transport_set_vec_push_function (gnutls_session_t session,
* Since: 2.12.0
**/
void
-gnutls_transport_set_errno_function (gnutls_session_t session,
- gnutls_errno_func errno_func)
+gnutls_transport_set_errno_function(gnutls_session_t session,
+ gnutls_errno_func errno_func)
{
- session->internals.errno_func = errno_func;
+ session->internals.errno_func = errno_func;
}
diff --git a/lib/tpm.c b/lib/tpm.c
index cc57012d2e..86b0047a9b 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -46,31 +46,30 @@
#include <trousers/tss.h>
#include <trousers/trousers.h>
-struct tpm_ctx_st
-{
- TSS_HCONTEXT tpm_ctx;
- TSS_HKEY tpm_key;
- TSS_HPOLICY tpm_key_policy;
- TSS_HKEY srk;
- TSS_HPOLICY srk_policy;
+struct tpm_ctx_st {
+ TSS_HCONTEXT tpm_ctx;
+ TSS_HKEY tpm_key;
+ TSS_HPOLICY tpm_key_policy;
+ TSS_HKEY srk;
+ TSS_HPOLICY srk_policy;
};
-struct tpm_key_list_st
-{
- UINT32 size;
- TSS_KM_KEYINFO2 * ki;
- TSS_HCONTEXT tpm_ctx;
+struct tpm_key_list_st {
+ UINT32 size;
+ TSS_KM_KEYINFO2 *ki;
+ TSS_HCONTEXT tpm_ctx;
};
static void tpm_close_session(struct tpm_ctx_st *s);
-static int import_tpm_key (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage_type,
- const char *srk_password,
- const char *key_password);
-static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, TSS_FLAG storage);
+static int import_tpm_key(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID * uuid,
+ TSS_FLAG storage_type,
+ const char *srk_password,
+ const char *key_password);
+static int encode_tpmkey_url(char **url, const TSS_UUID * uuid,
+ TSS_FLAG storage);
/* TPM URL format: (draft-mavrogiannopoulos-tpmuri-01)
*
@@ -83,488 +82,474 @@ static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, TSS_FLAG storage)
static int tss_err_pwd(TSS_RESULT err, int pwd_error)
{
- _gnutls_debug_log("TPM (%s) error: %s (%x)\n", Trspi_Error_Layer(err), Trspi_Error_String(err), (unsigned int)Trspi_Error_Code(err));
-
- switch(ERROR_LAYER(err))
- {
- case TSS_LAYER_TPM:
- switch(ERROR_CODE(err))
- {
- case TPM_E_AUTHFAIL:
- return pwd_error;
- case TPM_E_NOSRK:
- return GNUTLS_E_TPM_UNINITIALIZED;
- default:
- return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
- }
- case TSS_LAYER_TCS:
- case TSS_LAYER_TSP:
- switch(ERROR_CODE(err))
- {
- case TSS_E_COMM_FAILURE:
- case TSS_E_NO_CONNECTION:
- case TSS_E_CONNECTION_FAILED:
- case TSS_E_CONNECTION_BROKEN:
- return GNUTLS_E_TPM_SESSION_ERROR;
- case TSS_E_PS_KEY_NOTFOUND:
- return GNUTLS_E_TPM_KEY_NOT_FOUND;
- default:
- return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
- }
- default:
- return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
- }
+ _gnutls_debug_log("TPM (%s) error: %s (%x)\n",
+ Trspi_Error_Layer(err), Trspi_Error_String(err),
+ (unsigned int) Trspi_Error_Code(err));
+
+ switch (ERROR_LAYER(err)) {
+ case TSS_LAYER_TPM:
+ switch (ERROR_CODE(err)) {
+ case TPM_E_AUTHFAIL:
+ return pwd_error;
+ case TPM_E_NOSRK:
+ return GNUTLS_E_TPM_UNINITIALIZED;
+ default:
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
+ }
+ case TSS_LAYER_TCS:
+ case TSS_LAYER_TSP:
+ switch (ERROR_CODE(err)) {
+ case TSS_E_COMM_FAILURE:
+ case TSS_E_NO_CONNECTION:
+ case TSS_E_CONNECTION_FAILED:
+ case TSS_E_CONNECTION_BROKEN:
+ return GNUTLS_E_TPM_SESSION_ERROR;
+ case TSS_E_PS_KEY_NOTFOUND:
+ return GNUTLS_E_TPM_KEY_NOT_FOUND;
+ default:
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
+ }
+ default:
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
+ }
}
#define tss_err(x) tss_err_pwd(x, GNUTLS_E_TPM_SRK_PASSWORD_ERROR)
#define tss_err_key(x) tss_err_pwd(x, GNUTLS_E_TPM_KEY_PASSWORD_ERROR)
-static void
-tpm_deinit_fn (gnutls_privkey_t key, void *_s)
+static void tpm_deinit_fn(gnutls_privkey_t key, void *_s)
{
- struct tpm_ctx_st *s = _s;
+ struct tpm_ctx_st *s = _s;
- Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key_policy);
- Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key);
+ Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
+ Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
- tpm_close_session(s);
- gnutls_free (s);
+ tpm_close_session(s);
+ gnutls_free(s);
}
static int
-tpm_sign_fn (gnutls_privkey_t key, void *_s,
- const gnutls_datum_t * data, gnutls_datum_t * sig)
+tpm_sign_fn(gnutls_privkey_t key, void *_s,
+ const gnutls_datum_t * data, gnutls_datum_t * sig)
{
- struct tpm_ctx_st *s = _s;
- TSS_HHASH hash;
- int err;
-
- _gnutls_debug_log ("TPM sign function called for %u bytes.\n",
- data->size);
-
- err =
- Tspi_Context_CreateObject (s->tpm_ctx,
- TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER,
- &hash);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to create TPM hash object: %s\n",
- Trspi_Error_String (err));
- return GNUTLS_E_PK_SIGN_FAILED;
- }
- err = Tspi_Hash_SetHashValue (hash, data->size, data->data);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to set value in TPM hash object: %s\n",
- Trspi_Error_String (err));
- Tspi_Context_CloseObject (s->tpm_ctx, hash);
- return GNUTLS_E_PK_SIGN_FAILED;
- }
- err = Tspi_Hash_Sign (hash, s->tpm_key, &sig->size, &sig->data);
- Tspi_Context_CloseObject (s->tpm_ctx, hash);
- if (err)
- {
- if (s->tpm_key_policy || err != TPM_E_AUTHFAIL)
- _gnutls_debug_log ("TPM hash signature failed: %s\n",
- Trspi_Error_String (err));
- if (err == TPM_E_AUTHFAIL)
- return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
- else
- return GNUTLS_E_PK_SIGN_FAILED;
- }
- return 0;
+ struct tpm_ctx_st *s = _s;
+ TSS_HHASH hash;
+ int err;
+
+ _gnutls_debug_log("TPM sign function called for %u bytes.\n",
+ data->size);
+
+ err =
+ Tspi_Context_CreateObject(s->tpm_ctx,
+ TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER,
+ &hash);
+ if (err) {
+ gnutls_assert();
+ _gnutls_debug_log("Failed to create TPM hash object: %s\n",
+ Trspi_Error_String(err));
+ return GNUTLS_E_PK_SIGN_FAILED;
+ }
+ err = Tspi_Hash_SetHashValue(hash, data->size, data->data);
+ if (err) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Failed to set value in TPM hash object: %s\n",
+ Trspi_Error_String(err));
+ Tspi_Context_CloseObject(s->tpm_ctx, hash);
+ return GNUTLS_E_PK_SIGN_FAILED;
+ }
+ err = Tspi_Hash_Sign(hash, s->tpm_key, &sig->size, &sig->data);
+ Tspi_Context_CloseObject(s->tpm_ctx, hash);
+ if (err) {
+ if (s->tpm_key_policy || err != TPM_E_AUTHFAIL)
+ _gnutls_debug_log
+ ("TPM hash signature failed: %s\n",
+ Trspi_Error_String(err));
+ if (err == TPM_E_AUTHFAIL)
+ return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
+ else
+ return GNUTLS_E_PK_SIGN_FAILED;
+ }
+ return 0;
}
static const unsigned char nullpass[20];
-static const gnutls_datum_t nulldata = {(void*)nullpass, 20};
+static const gnutls_datum_t nulldata = { (void *) nullpass, 20 };
+
const TSS_UUID srk_uuid = TSS_UUID_SRK;
-static int tpm_pin(struct pin_info_st* pin_info, const TSS_UUID* uuid, TSS_FLAG storage,
- char* pin, unsigned int pin_size, unsigned int attempts)
+static int tpm_pin(struct pin_info_st *pin_info, const TSS_UUID * uuid,
+ TSS_FLAG storage, char *pin, unsigned int pin_size,
+ unsigned int attempts)
{
-unsigned int flags = 0;
-const char* label;
-char* url = NULL;
-int ret;
-
- if (attempts > 0)
- flags |= GNUTLS_PIN_WRONG;
-
- if (uuid)
- {
- if (memcmp(uuid, &srk_uuid, sizeof(TSS_UUID)) == 0)
- {
- label = "SRK";
-
- ret = encode_tpmkey_url(&url, uuid, storage);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- {
- label = "TPM";
-
- ret = encode_tpmkey_url(&url, uuid, storage);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- else
- label = "unknown";
-
- if (pin_info && pin_info->cb)
- ret = pin_info->cb(pin_info->data, attempts, url, label, flags, pin, pin_size);
- else if (_gnutls_pin_func)
- ret = _gnutls_pin_func(_gnutls_pin_data, attempts, url, label, flags, pin, pin_size);
- else
- ret = gnutls_assert_val(GNUTLS_E_TPM_KEY_PASSWORD_ERROR); /* doesn't really matter */
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-cleanup:
- gnutls_free(url);
- return ret;
+ unsigned int flags = 0;
+ const char *label;
+ char *url = NULL;
+ int ret;
+
+ if (attempts > 0)
+ flags |= GNUTLS_PIN_WRONG;
+
+ if (uuid) {
+ if (memcmp(uuid, &srk_uuid, sizeof(TSS_UUID)) == 0) {
+ label = "SRK";
+
+ ret = encode_tpmkey_url(&url, uuid, storage);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else {
+ label = "TPM";
+
+ ret = encode_tpmkey_url(&url, uuid, storage);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ } else
+ label = "unknown";
+
+ if (pin_info && pin_info->cb)
+ ret =
+ pin_info->cb(pin_info->data, attempts, url, label,
+ flags, pin, pin_size);
+ else if (_gnutls_pin_func)
+ ret =
+ _gnutls_pin_func(_gnutls_pin_data, attempts, url,
+ label, flags, pin, pin_size);
+ else
+ ret = gnutls_assert_val(GNUTLS_E_TPM_KEY_PASSWORD_ERROR); /* doesn't really matter */
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ gnutls_free(url);
+ return ret;
}
-static TSS_RESULT myTspi_Policy_SetSecret(TSS_HPOLICY hPolicy,
- UINT32 ulSecretLength, BYTE* rgbSecret)
+static TSS_RESULT myTspi_Policy_SetSecret(TSS_HPOLICY hPolicy,
+ UINT32 ulSecretLength,
+ BYTE * rgbSecret)
{
- if (rgbSecret == NULL)
- {
- /* Well known NULL key */
- return Tspi_Policy_SetSecret (hPolicy,
- TSS_SECRET_MODE_SHA1,
- sizeof (nullpass), (BYTE *) nullpass);
- }
- else /* key is given */
- {
- return Tspi_Policy_SetSecret (hPolicy, TSS_SECRET_MODE_PLAIN,
- ulSecretLength, rgbSecret);
- }
+ if (rgbSecret == NULL) {
+ /* Well known NULL key */
+ return Tspi_Policy_SetSecret(hPolicy,
+ TSS_SECRET_MODE_SHA1,
+ sizeof(nullpass),
+ (BYTE *) nullpass);
+ } else { /* key is given */
+
+ return Tspi_Policy_SetSecret(hPolicy,
+ TSS_SECRET_MODE_PLAIN,
+ ulSecretLength, rgbSecret);
+ }
}
#define SAFE_LEN(x) (x==NULL?0:strlen(x))
-static int tpm_open_session(struct tpm_ctx_st *s, const char* srk_password)
+static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
{
-int err, ret;
-
- err = Tspi_Context_Create (&s->tpm_ctx);
- if (err)
- {
- gnutls_assert ();
- return tss_err(err);
- }
-
- err = Tspi_Context_Connect (s->tpm_ctx, NULL);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_tspi_ctx;
- }
-
- err =
- Tspi_Context_LoadKeyByUUID (s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
- srk_uuid, &s->srk);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_tspi_ctx;
- }
-
- err = Tspi_GetPolicyObject (s->srk, TSS_POLICY_USAGE, &s->srk_policy);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_srk;
- }
-
- err = myTspi_Policy_SetSecret (s->srk_policy,
- SAFE_LEN (srk_password), (BYTE *) srk_password);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_srkpol;
- }
-
- return 0;
-
-out_srkpol:
- Tspi_Context_CloseObject (s->tpm_ctx, s->srk_policy);
- s->srk_policy = 0;
-out_srk:
- Tspi_Context_CloseObject (s->tpm_ctx, s->srk);
- s->srk = 0;
-out_tspi_ctx:
- Tspi_Context_Close (s->tpm_ctx);
- s->tpm_ctx = 0;
- return ret;
+ int err, ret;
+
+ err = Tspi_Context_Create(&s->tpm_ctx);
+ if (err) {
+ gnutls_assert();
+ return tss_err(err);
+ }
+
+ err = Tspi_Context_Connect(s->tpm_ctx, NULL);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_tspi_ctx;
+ }
+
+ err =
+ Tspi_Context_LoadKeyByUUID(s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
+ srk_uuid, &s->srk);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_tspi_ctx;
+ }
+
+ err =
+ Tspi_GetPolicyObject(s->srk, TSS_POLICY_USAGE, &s->srk_policy);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_srk;
+ }
+
+ err = myTspi_Policy_SetSecret(s->srk_policy,
+ SAFE_LEN(srk_password),
+ (BYTE *) srk_password);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_srkpol;
+ }
+
+ return 0;
+
+ out_srkpol:
+ Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
+ s->srk_policy = 0;
+ out_srk:
+ Tspi_Context_CloseObject(s->tpm_ctx, s->srk);
+ s->srk = 0;
+ out_tspi_ctx:
+ Tspi_Context_Close(s->tpm_ctx);
+ s->tpm_ctx = 0;
+ return ret;
}
static void tpm_close_session(struct tpm_ctx_st *s)
{
- Tspi_Context_CloseObject (s->tpm_ctx, s->srk_policy);
- s->srk_policy = 0;
- Tspi_Context_CloseObject (s->tpm_ctx, s->srk);
- s->srk = 0;
- Tspi_Context_Close (s->tpm_ctx);
- s->tpm_ctx = 0;
+ Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
+ s->srk_policy = 0;
+ Tspi_Context_CloseObject(s->tpm_ctx, s->srk);
+ s->srk = 0;
+ Tspi_Context_Close(s->tpm_ctx);
+ s->tpm_ctx = 0;
}
static int
-import_tpm_key_cb (gnutls_privkey_t pkey, const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format, TSS_UUID *uuid,
- TSS_FLAG storage, const char *srk_password,
- const char *key_password)
+import_tpm_key_cb(gnutls_privkey_t pkey, const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format, TSS_UUID * uuid,
+ TSS_FLAG storage, const char *srk_password,
+ const char *key_password)
{
-unsigned int attempts = 0;
-char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
-char pin2[GNUTLS_PKCS11_MAX_PIN_LEN];
-int ret, ret2;
-
- do
- {
- ret = import_tpm_key(pkey, fdata, format, uuid, storage, srk_password, key_password);
-
- if (attempts > 3)
- break;
-
- if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR)
- {
- ret2 = tpm_pin(&pkey->pin, &srk_uuid, storage, pin1, sizeof(pin1), attempts++);
- if (ret2 < 0)
- {
- gnutls_assert();
- return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
- }
- srk_password = pin1;
- }
-
- if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR)
- {
- ret2 = tpm_pin(&pkey->pin, uuid, storage, pin2, sizeof(pin2), attempts++);
- if (ret2 < 0)
- {
- gnutls_assert();
- return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
- }
- key_password = pin2;
- }
- }
- while(ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR || ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
-
- if (ret < 0)
- gnutls_assert();
- return ret;
+ unsigned int attempts = 0;
+ char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
+ char pin2[GNUTLS_PKCS11_MAX_PIN_LEN];
+ int ret, ret2;
+
+ do {
+ ret =
+ import_tpm_key(pkey, fdata, format, uuid, storage,
+ srk_password, key_password);
+
+ if (attempts > 3)
+ break;
+
+ if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR) {
+ ret2 =
+ tpm_pin(&pkey->pin, &srk_uuid, storage, pin1,
+ sizeof(pin1), attempts++);
+ if (ret2 < 0) {
+ gnutls_assert();
+ return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
+ }
+ srk_password = pin1;
+ }
+
+ if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR) {
+ ret2 =
+ tpm_pin(&pkey->pin, uuid, storage, pin2,
+ sizeof(pin2), attempts++);
+ if (ret2 < 0) {
+ gnutls_assert();
+ return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
+ }
+ key_password = pin2;
+ }
+ }
+ while (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR
+ || ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
+
+ if (ret < 0)
+ gnutls_assert();
+ return ret;
}
-static int load_key(TSS_HCONTEXT tpm_ctx, TSS_HKEY srk,
- const gnutls_datum_t * fdata, gnutls_tpmkey_fmt_t format,
- TSS_HKEY* tpm_key)
+static int load_key(TSS_HCONTEXT tpm_ctx, TSS_HKEY srk,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format, TSS_HKEY * tpm_key)
{
-int ret, err;
-gnutls_datum_t asn1 = { NULL, 0 };
-
- if (format == GNUTLS_TPMKEY_FMT_CTK_PEM)
- {
- gnutls_datum_t td;
-
- ret = gnutls_pem_base64_decode_alloc ("TSS KEY BLOB", fdata, &asn1);
- if (ret)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Error decoding TSS key blob: %s\n",
- gnutls_strerror (ret));
- return ret;
- }
-
- ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, asn1.data, asn1.size, &td);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- gnutls_free(asn1.data);
- asn1.data = td.data;
- asn1.size = td.size;
- }
- else /* DER */
- {
- UINT32 tint2;
- UINT32 type;
-
- asn1.size = fdata->size;
- asn1.data = gnutls_malloc(asn1.size);
- if (asn1.data == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- tint2 = asn1.size;
- err = Tspi_DecodeBER_TssBlob(fdata->size, fdata->data, &type,
- &tint2, asn1.data);
- if (err != 0)
- {
- gnutls_assert();
- ret = tss_err(err);
- goto cleanup;
- }
-
- asn1.size = tint2;
- }
-
- /* ... we get it here instead. */
- err = Tspi_Context_LoadKeyByBlob (tpm_ctx, srk,
- asn1.size, asn1.data, tpm_key);
- if (err != 0)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_free (asn1.data);
-
- return ret;
+ int ret, err;
+ gnutls_datum_t asn1 = { NULL, 0 };
+
+ if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) {
+ gnutls_datum_t td;
+
+ ret =
+ gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata,
+ &asn1);
+ if (ret) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Error decoding TSS key blob: %s\n",
+ gnutls_strerror(ret));
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
+ asn1.data, asn1.size, &td);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ gnutls_free(asn1.data);
+ asn1.data = td.data;
+ asn1.size = td.size;
+ } else { /* DER */
+
+ UINT32 tint2;
+ UINT32 type;
+
+ asn1.size = fdata->size;
+ asn1.data = gnutls_malloc(asn1.size);
+ if (asn1.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tint2 = asn1.size;
+ err =
+ Tspi_DecodeBER_TssBlob(fdata->size, fdata->data, &type,
+ &tint2, asn1.data);
+ if (err != 0) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto cleanup;
+ }
+
+ asn1.size = tint2;
+ }
+
+ /* ... we get it here instead. */
+ err = Tspi_Context_LoadKeyByBlob(tpm_ctx, srk,
+ asn1.size, asn1.data, tpm_key);
+ if (err != 0) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(asn1.data);
+
+ return ret;
}
static int
-import_tpm_key (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage,
- const char *srk_password,
- const char *key_password)
+import_tpm_key(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID * uuid,
+ TSS_FLAG storage,
+ const char *srk_password, const char *key_password)
{
- int err, ret;
- struct tpm_ctx_st *s;
- gnutls_datum_t tmp_sig;
-
- s = gnutls_malloc (sizeof (*s));
- if (s == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = tpm_open_session(s, srk_password);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_ctx;
- }
-
- if (fdata != NULL)
- {
- ret = load_key(s->tpm_ctx, s->srk, fdata, format, &s->tpm_key);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_session;
- }
- }
- else if (uuid)
- {
- err =
- Tspi_Context_LoadKeyByUUID (s->tpm_ctx, storage,
- *uuid, &s->tpm_key);
-
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_session;
- }
- }
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto out_session;
- }
-
- ret =
- gnutls_privkey_import_ext2 (pkey, GNUTLS_PK_RSA, s,
- tpm_sign_fn, NULL, tpm_deinit_fn, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto out_session;
- }
-
- ret =
- gnutls_privkey_sign_data (pkey, GNUTLS_DIG_SHA1, 0, &nulldata, &tmp_sig);
- if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR)
- {
- if (!s->tpm_key_policy)
- {
- err = Tspi_Context_CreateObject (s->tpm_ctx,
- TSS_OBJECT_TYPE_POLICY,
- TSS_POLICY_USAGE,
- &s->tpm_key_policy);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_key;
- }
-
- err = Tspi_Policy_AssignToObject (s->tpm_key_policy, s->tpm_key);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_key_policy;
- }
- }
-
- err = myTspi_Policy_SetSecret (s->tpm_key_policy,
- SAFE_LEN(key_password), (void *) key_password);
-
- if (err)
- {
- gnutls_assert ();
- ret = tss_err_key(err);
- goto out_key_policy;
- }
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- goto out_session;
- }
-
- return 0;
-out_key_policy:
- Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key_policy);
- s->tpm_key_policy = 0;
-out_key:
- Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key);
- s->tpm_key = 0;
-out_session:
- tpm_close_session(s);
-out_ctx:
- gnutls_free (s);
- return ret;
+ int err, ret;
+ struct tpm_ctx_st *s;
+ gnutls_datum_t tmp_sig;
+
+ s = gnutls_malloc(sizeof(*s));
+ if (s == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = tpm_open_session(s, srk_password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_ctx;
+ }
+
+ if (fdata != NULL) {
+ ret =
+ load_key(s->tpm_ctx, s->srk, fdata, format,
+ &s->tpm_key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+ } else if (uuid) {
+ err =
+ Tspi_Context_LoadKeyByUUID(s->tpm_ctx, storage,
+ *uuid, &s->tpm_key);
+
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_session;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto out_session;
+ }
+
+ ret =
+ gnutls_privkey_import_ext2(pkey, GNUTLS_PK_RSA, s,
+ tpm_sign_fn, NULL, tpm_deinit_fn,
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+
+ ret =
+ gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, &nulldata,
+ &tmp_sig);
+ if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR) {
+ if (!s->tpm_key_policy) {
+ err = Tspi_Context_CreateObject(s->tpm_ctx,
+ TSS_OBJECT_TYPE_POLICY,
+ TSS_POLICY_USAGE,
+ &s->
+ tpm_key_policy);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_key;
+ }
+
+ err =
+ Tspi_Policy_AssignToObject(s->tpm_key_policy,
+ s->tpm_key);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_key_policy;
+ }
+ }
+
+ err = myTspi_Policy_SetSecret(s->tpm_key_policy,
+ SAFE_LEN(key_password),
+ (void *) key_password);
+
+ if (err) {
+ gnutls_assert();
+ ret = tss_err_key(err);
+ goto out_key_policy;
+ }
+ } else if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+
+ return 0;
+ out_key_policy:
+ Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
+ s->tpm_key_policy = 0;
+ out_key:
+ Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
+ s->tpm_key = 0;
+ out_session:
+ tpm_close_session(s);
+ out_ctx:
+ gnutls_free(s);
+ return ret;
}
/**
@@ -588,245 +573,251 @@ out_ctx:
*
**/
int
-gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- const char *key_password,
- unsigned int flags)
+gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password,
+ const char *key_password, unsigned int flags)
{
- if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
- return import_tpm_key(pkey, fdata, format, NULL, 0, srk_password, key_password);
- else
- return import_tpm_key_cb(pkey, fdata, format, NULL, 0, srk_password, key_password);
+ if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
+ return import_tpm_key(pkey, fdata, format, NULL, 0,
+ srk_password, key_password);
+ else
+ return import_tpm_key_cb(pkey, fdata, format, NULL, 0,
+ srk_password, key_password);
}
-struct tpmkey_url_st
-{
- char* filename;
- TSS_UUID uuid;
- TSS_FLAG storage;
- unsigned int uuid_set;
+struct tpmkey_url_st {
+ char *filename;
+ TSS_UUID uuid;
+ TSS_FLAG storage;
+ unsigned int uuid_set;
};
static void clear_tpmkey_url(struct tpmkey_url_st *s)
{
- gnutls_free(s->filename);
- memset(s, 0, sizeof(*s));
+ gnutls_free(s->filename);
+ memset(s, 0, sizeof(*s));
}
static int
-unescape_string (char *output, const char *input, size_t * size,
- char terminator)
+unescape_string(char *output, const char *input, size_t * size,
+ char terminator)
{
- gnutls_buffer_st str;
- int ret = 0;
- char *p;
- int len;
-
- _gnutls_buffer_init (&str);
-
- /* find terminator */
- p = strchr (input, terminator);
- if (p != NULL)
- len = p - input;
- else
- len = strlen (input);
-
- ret = _gnutls_buffer_append_data (&str, input, len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_unescape (&str);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_append_data (&str, "", 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_buffer_pop_data (&str, output, size);
-
- _gnutls_buffer_clear (&str);
-
- return ret;
+ gnutls_buffer_st str;
+ int ret = 0;
+ char *p;
+ int len;
+
+ _gnutls_buffer_init(&str);
+
+ /* find terminator */
+ p = strchr(input, terminator);
+ if (p != NULL)
+ len = p - input;
+ else
+ len = strlen(input);
+
+ ret = _gnutls_buffer_append_data(&str, input, len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_unescape(&str);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_data(&str, "", 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_buffer_pop_data(&str, output, size);
+
+ _gnutls_buffer_clear(&str);
+
+ return ret;
}
#define UUID_SIZE 16
-static int randomize_uuid(TSS_UUID* uuid)
+static int randomize_uuid(TSS_UUID * uuid)
{
- uint8_t raw_uuid[16];
- int ret;
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* mark it as random uuid */
- raw_uuid[6] &= 0x0f;
- raw_uuid[6] |= 0x40;
- raw_uuid[8] &= 0x0f;
- raw_uuid[8] |= 0x80;
-
- memcpy(&uuid->ulTimeLow, raw_uuid, 4);
- memcpy(&uuid->usTimeMid, &raw_uuid[4], 2);
- memcpy(&uuid->usTimeHigh, &raw_uuid[6], 2);
- uuid->bClockSeqHigh = raw_uuid[8];
- uuid->bClockSeqLow = raw_uuid[9];
- memcpy(&uuid->rgbNode, &raw_uuid[10], 6);
-
- return 0;
+ uint8_t raw_uuid[16];
+ int ret;
+
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* mark it as random uuid */
+ raw_uuid[6] &= 0x0f;
+ raw_uuid[6] |= 0x40;
+ raw_uuid[8] &= 0x0f;
+ raw_uuid[8] |= 0x80;
+
+ memcpy(&uuid->ulTimeLow, raw_uuid, 4);
+ memcpy(&uuid->usTimeMid, &raw_uuid[4], 2);
+ memcpy(&uuid->usTimeHigh, &raw_uuid[6], 2);
+ uuid->bClockSeqHigh = raw_uuid[8];
+ uuid->bClockSeqLow = raw_uuid[9];
+ memcpy(&uuid->rgbNode, &raw_uuid[10], 6);
+
+ return 0;
}
-static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, TSS_FLAG storage)
+static int encode_tpmkey_url(char **url, const TSS_UUID * uuid,
+ TSS_FLAG storage)
{
-size_t size = (UUID_SIZE*2+4)*2+32;
-uint8_t u1[UUID_SIZE];
-gnutls_buffer_st buf;
-gnutls_datum_t dret;
-int ret;
-
- *url = gnutls_malloc(size);
- if (*url == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_buffer_init(&buf);
-
- memcpy(u1, &uuid->ulTimeLow, 4);
- memcpy(&u1[4], &uuid->usTimeMid, 2);
- memcpy(&u1[6], &uuid->usTimeHigh, 2);
- u1[8] = uuid->bClockSeqHigh;
- u1[9] = uuid->bClockSeqLow;
- memcpy(&u1[10], uuid->rgbNode, 6);
-
- ret = _gnutls_buffer_append_str(&buf, "tpmkey:uuid=");
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_printf(&buf, "%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
- (unsigned int)u1[0], (unsigned int)u1[1], (unsigned int)u1[2], (unsigned int)u1[3],
- (unsigned int)u1[4], (unsigned int)u1[5], (unsigned int)u1[6], (unsigned int)u1[7],
- (unsigned int)u1[8], (unsigned int)u1[9], (unsigned int)u1[10], (unsigned int)u1[11],
- (unsigned int)u1[12], (unsigned int)u1[13], (unsigned int)u1[14], (unsigned int)u1[15]);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_printf(&buf, ";storage=%s", (storage==TSS_PS_TYPE_USER)?"user":"system");
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_to_datum(&buf, &dret);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- *url = (char*)dret.data;
-
- return 0;
-cleanup:
- _gnutls_buffer_clear(&buf);
- return ret;
+ size_t size = (UUID_SIZE * 2 + 4) * 2 + 32;
+ uint8_t u1[UUID_SIZE];
+ gnutls_buffer_st buf;
+ gnutls_datum_t dret;
+ int ret;
+
+ *url = gnutls_malloc(size);
+ if (*url == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_buffer_init(&buf);
+
+ memcpy(u1, &uuid->ulTimeLow, 4);
+ memcpy(&u1[4], &uuid->usTimeMid, 2);
+ memcpy(&u1[6], &uuid->usTimeHigh, 2);
+ u1[8] = uuid->bClockSeqHigh;
+ u1[9] = uuid->bClockSeqLow;
+ memcpy(&u1[10], uuid->rgbNode, 6);
+
+ ret = _gnutls_buffer_append_str(&buf, "tpmkey:uuid=");
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_buffer_append_printf(&buf,
+ "%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
+ (unsigned int) u1[0],
+ (unsigned int) u1[1],
+ (unsigned int) u1[2],
+ (unsigned int) u1[3],
+ (unsigned int) u1[4],
+ (unsigned int) u1[5],
+ (unsigned int) u1[6],
+ (unsigned int) u1[7],
+ (unsigned int) u1[8],
+ (unsigned int) u1[9],
+ (unsigned int) u1[10],
+ (unsigned int) u1[11],
+ (unsigned int) u1[12],
+ (unsigned int) u1[13],
+ (unsigned int) u1[14],
+ (unsigned int) u1[15]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_buffer_append_printf(&buf, ";storage=%s",
+ (storage ==
+ TSS_PS_TYPE_USER) ? "user" :
+ "system");
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_to_datum(&buf, &dret);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ *url = (char *) dret.data;
+
+ return 0;
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+ return ret;
}
-static int decode_tpmkey_url(const char* url, struct tpmkey_url_st *s)
+static int decode_tpmkey_url(const char *url, struct tpmkey_url_st *s)
{
- char* p;
- size_t size;
- int ret;
- unsigned int i, j;
-
- if (strstr (url, "tpmkey:") == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- memset(s, 0, sizeof(*s));
-
- p = strstr(url, "file=");
- if (p != NULL)
- {
- p += sizeof ("file=") - 1;
- size = strlen(p);
- s->filename = gnutls_malloc(size+1);
- if (s->filename == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = unescape_string (s->filename, p, &size, ';');
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- s->filename[size] = 0;
- }
- else if ((p = strstr(url, "uuid=")) != NULL)
- {
- char tmp_uuid[33];
- uint8_t raw_uuid[16];
-
- p += sizeof ("uuid=") - 1;
- size = strlen(p);
-
- for (j=i=0;i<size;i++)
- {
- if (j==sizeof(tmp_uuid)-1)
- {
- break;
- }
- if (c_isalnum(p[i])) tmp_uuid[j++]=p[i];
- }
- tmp_uuid[j] = 0;
-
- size = sizeof(raw_uuid);
- ret = _gnutls_hex2bin(tmp_uuid, strlen(tmp_uuid), raw_uuid, &size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- memcpy(&s->uuid.ulTimeLow, raw_uuid, 4);
- memcpy(&s->uuid.usTimeMid, &raw_uuid[4], 2);
- memcpy(&s->uuid.usTimeHigh, &raw_uuid[6], 2);
- s->uuid.bClockSeqHigh = raw_uuid[8];
- s->uuid.bClockSeqLow = raw_uuid[9];
- memcpy(&s->uuid.rgbNode, &raw_uuid[10], 6);
- s->uuid_set = 1;
- }
- else
- {
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- }
-
- if ((p = strstr(url, "storage=user")) != NULL)
- s->storage = TSS_PS_TYPE_USER;
- else
- s->storage = TSS_PS_TYPE_SYSTEM;
-
- return 0;
-
-cleanup:
- clear_tpmkey_url(s);
- return ret;
+ char *p;
+ size_t size;
+ int ret;
+ unsigned int i, j;
+
+ if (strstr(url, "tpmkey:") == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ memset(s, 0, sizeof(*s));
+
+ p = strstr(url, "file=");
+ if (p != NULL) {
+ p += sizeof("file=") - 1;
+ size = strlen(p);
+ s->filename = gnutls_malloc(size + 1);
+ if (s->filename == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret = unescape_string(s->filename, p, &size, ';');
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ s->filename[size] = 0;
+ } else if ((p = strstr(url, "uuid=")) != NULL) {
+ char tmp_uuid[33];
+ uint8_t raw_uuid[16];
+
+ p += sizeof("uuid=") - 1;
+ size = strlen(p);
+
+ for (j = i = 0; i < size; i++) {
+ if (j == sizeof(tmp_uuid) - 1) {
+ break;
+ }
+ if (c_isalnum(p[i]))
+ tmp_uuid[j++] = p[i];
+ }
+ tmp_uuid[j] = 0;
+
+ size = sizeof(raw_uuid);
+ ret =
+ _gnutls_hex2bin(tmp_uuid, strlen(tmp_uuid), raw_uuid,
+ &size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ memcpy(&s->uuid.ulTimeLow, raw_uuid, 4);
+ memcpy(&s->uuid.usTimeMid, &raw_uuid[4], 2);
+ memcpy(&s->uuid.usTimeHigh, &raw_uuid[6], 2);
+ s->uuid.bClockSeqHigh = raw_uuid[8];
+ s->uuid.bClockSeqLow = raw_uuid[9];
+ memcpy(&s->uuid.rgbNode, &raw_uuid[10], 6);
+ s->uuid_set = 1;
+ } else {
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+
+ if ((p = strstr(url, "storage=user")) != NULL)
+ s->storage = TSS_PS_TYPE_USER;
+ else
+ s->storage = TSS_PS_TYPE_SYSTEM;
+
+ return 0;
+
+ cleanup:
+ clear_tpmkey_url(s);
+ return ret;
}
/**
@@ -855,206 +846,206 @@ cleanup:
*
**/
int
-gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
- const char* url,
- const char *srk_password,
- const char *key_password,
- unsigned int flags)
+gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
+ const char *url,
+ const char *srk_password,
+ const char *key_password, unsigned int flags)
{
-struct tpmkey_url_st durl;
-gnutls_datum_t fdata = { NULL, 0 };
-int ret;
-
- ret = decode_tpmkey_url(url, &durl);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (durl.filename)
- {
- ret = gnutls_load_file(durl.filename, &fdata);
- if (ret < 0)
- {
- gnutls_assert();
- _gnutls_debug_log("Error loading %s\n", durl.filename);
- goto cleanup;
- }
-
- ret = gnutls_privkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_CTK_PEM,
- srk_password, key_password, flags);
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- ret = gnutls_privkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_RAW,
- srk_password, key_password, flags);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else if (durl.uuid_set)
- {
- if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
- ret = import_tpm_key (pkey, NULL, 0, &durl.uuid, durl.storage, srk_password, key_password);
- else
- ret = import_tpm_key_cb (pkey, NULL, 0, &durl.uuid, durl.storage, srk_password, key_password);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = 0;
-cleanup:
- gnutls_free(fdata.data);
- clear_tpmkey_url(&durl);
- return ret;
+ struct tpmkey_url_st durl;
+ gnutls_datum_t fdata = { NULL, 0 };
+ int ret;
+
+ ret = decode_tpmkey_url(url, &durl);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (durl.filename) {
+ ret = gnutls_load_file(durl.filename, &fdata);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log("Error loading %s\n",
+ durl.filename);
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_import_tpm_raw(pkey, &fdata,
+ GNUTLS_TPMKEY_FMT_CTK_PEM,
+ srk_password,
+ key_password, flags);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ ret =
+ gnutls_privkey_import_tpm_raw(pkey, &fdata,
+ GNUTLS_TPMKEY_FMT_RAW,
+ srk_password,
+ key_password,
+ flags);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else if (durl.uuid_set) {
+ if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
+ ret =
+ import_tpm_key(pkey, NULL, 0, &durl.uuid,
+ durl.storage, srk_password,
+ key_password);
+ else
+ ret =
+ import_tpm_key_cb(pkey, NULL, 0, &durl.uuid,
+ durl.storage, srk_password,
+ key_password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+ cleanup:
+ gnutls_free(fdata.data);
+ clear_tpmkey_url(&durl);
+ return ret;
}
/* reads the RSA public key from the given TSS key.
* If psize is non-null it contains the total size of the parameters
* in bytes */
-static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx, size_t *psize)
+static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx,
+ size_t * psize)
{
-void* tdata;
-UINT32 tint;
-TSS_RESULT tssret;
-gnutls_datum_t m, e;
-int ret;
-
- /* read the public key */
-
- tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
- TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &tint, (void*)&tdata);
- if (tssret != 0)
- {
- gnutls_assert();
- return tss_err(tssret);
- }
-
- m.data = tdata;
- m.size = tint;
-
- tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
- TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &tint, (void*)&tdata);
- if (tssret != 0)
- {
- gnutls_assert();
- Tspi_Context_FreeMemory(key_ctx, m.data);
- return tss_err(tssret);
- }
-
- e.data = tdata;
- e.size = tint;
-
- ret = gnutls_pubkey_import_rsa_raw(pub, &m, &e);
-
- Tspi_Context_FreeMemory(key_ctx, m.data);
- Tspi_Context_FreeMemory(key_ctx, e.data);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (psize)
- *psize = e.size + m.size;
-
- return 0;
+ void *tdata;
+ UINT32 tint;
+ TSS_RESULT tssret;
+ gnutls_datum_t m, e;
+ int ret;
+
+ /* read the public key */
+
+ tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
+ TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
+ &tint, (void *) &tdata);
+ if (tssret != 0) {
+ gnutls_assert();
+ return tss_err(tssret);
+ }
+
+ m.data = tdata;
+ m.size = tint;
+
+ tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
+ TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT,
+ &tint, (void *) &tdata);
+ if (tssret != 0) {
+ gnutls_assert();
+ Tspi_Context_FreeMemory(key_ctx, m.data);
+ return tss_err(tssret);
+ }
+
+ e.data = tdata;
+ e.size = tint;
+
+ ret = gnutls_pubkey_import_rsa_raw(pub, &m, &e);
+
+ Tspi_Context_FreeMemory(key_ctx, m.data);
+ Tspi_Context_FreeMemory(key_ctx, e.data);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (psize)
+ *psize = e.size + m.size;
+
+ return 0;
}
static int
-import_tpm_pubkey (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage,
- const char *srk_password)
+import_tpm_pubkey(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID * uuid,
+ TSS_FLAG storage, const char *srk_password)
{
-int err, ret;
-struct tpm_ctx_st s;
-
- ret = tpm_open_session(&s, srk_password);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (fdata != NULL)
- {
- ret = load_key(s.tpm_ctx, s.srk, fdata, format, &s.tpm_key);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_session;
- }
- }
- else if (uuid)
- {
- err =
- Tspi_Context_LoadKeyByUUID (s.tpm_ctx, storage,
- *uuid, &s.tpm_key);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_session;
- }
- }
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto out_session;
- }
-
- ret = read_pubkey(pkey, s.tpm_key, NULL);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_session;
- }
-
- ret = 0;
-out_session:
- tpm_close_session(&s);
- return ret;
+ int err, ret;
+ struct tpm_ctx_st s;
+
+ ret = tpm_open_session(&s, srk_password);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (fdata != NULL) {
+ ret =
+ load_key(s.tpm_ctx, s.srk, fdata, format, &s.tpm_key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+ } else if (uuid) {
+ err =
+ Tspi_Context_LoadKeyByUUID(s.tpm_ctx, storage,
+ *uuid, &s.tpm_key);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_session;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto out_session;
+ }
+
+ ret = read_pubkey(pkey, s.tpm_key, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+
+ ret = 0;
+ out_session:
+ tpm_close_session(&s);
+ return ret;
}
static int
-import_tpm_pubkey_cb (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage,
- const char *srk_password)
+import_tpm_pubkey_cb(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID * uuid,
+ TSS_FLAG storage, const char *srk_password)
{
-unsigned int attempts = 0;
-char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
-int ret;
-
- do
- {
- ret = import_tpm_pubkey(pkey, fdata, format, uuid, storage, srk_password);
-
- if (attempts > 3)
- break;
-
- if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR)
- {
- ret = tpm_pin(&pkey->pin, &srk_uuid, storage, pin1, sizeof(pin1), attempts++);
- if (ret < 0)
- {
- gnutls_assert();
- return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
- }
- srk_password = pin1;
- }
- }
- while(ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
-
- if (ret < 0)
- gnutls_assert();
- return ret;
+ unsigned int attempts = 0;
+ char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
+ int ret;
+
+ do {
+ ret =
+ import_tpm_pubkey(pkey, fdata, format, uuid, storage,
+ srk_password);
+
+ if (attempts > 3)
+ break;
+
+ if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR) {
+ ret =
+ tpm_pin(&pkey->pin, &srk_uuid, storage, pin1,
+ sizeof(pin1), attempts++);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
+ }
+ srk_password = pin1;
+ }
+ }
+ while (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
+
+ if (ret < 0)
+ gnutls_assert();
+ return ret;
}
@@ -1078,16 +1069,17 @@ int ret;
* Since: 3.1.0
**/
int
-gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- unsigned int flags)
+gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password, unsigned int flags)
{
- if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
- return import_tpm_pubkey_cb(pkey, fdata, format, NULL, 0, srk_password);
- else
- return import_tpm_pubkey(pkey, fdata, format, NULL, 0, srk_password);
+ if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
+ return import_tpm_pubkey_cb(pkey, fdata, format, NULL, 0,
+ srk_password);
+ else
+ return import_tpm_pubkey(pkey, fdata, format, NULL, 0,
+ srk_password);
}
/**
@@ -1113,58 +1105,61 @@ gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
*
**/
int
-gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey,
- const char* url,
- const char *srk_password,
- unsigned int flags)
+gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
+ const char *url,
+ const char *srk_password, unsigned int flags)
{
-struct tpmkey_url_st durl;
-gnutls_datum_t fdata = { NULL, 0 };
-int ret;
-
- ret = decode_tpmkey_url(url, &durl);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (durl.filename)
- {
-
- ret = gnutls_load_file(durl.filename, &fdata);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_CTK_PEM,
- srk_password, flags);
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- ret = gnutls_pubkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_RAW,
- srk_password, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else if (durl.uuid_set)
- {
- if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
- ret = import_tpm_pubkey (pkey, NULL, 0, &durl.uuid, durl.storage, srk_password);
- else
- ret = import_tpm_pubkey_cb (pkey, NULL, 0, &durl.uuid, durl.storage, srk_password);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = 0;
-cleanup:
- gnutls_free(fdata.data);
- clear_tpmkey_url(&durl);
- return ret;
+ struct tpmkey_url_st durl;
+ gnutls_datum_t fdata = { NULL, 0 };
+ int ret;
+
+ ret = decode_tpmkey_url(url, &durl);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (durl.filename) {
+
+ ret = gnutls_load_file(durl.filename, &fdata);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_pubkey_import_tpm_raw(pkey, &fdata,
+ GNUTLS_TPMKEY_FMT_CTK_PEM,
+ srk_password, flags);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ ret =
+ gnutls_pubkey_import_tpm_raw(pkey, &fdata,
+ GNUTLS_TPMKEY_FMT_RAW,
+ srk_password,
+ flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else if (durl.uuid_set) {
+ if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
+ ret =
+ import_tpm_pubkey(pkey, NULL, 0, &durl.uuid,
+ durl.storage, srk_password);
+ else
+ ret =
+ import_tpm_pubkey_cb(pkey, NULL, 0, &durl.uuid,
+ durl.storage,
+ srk_password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+ cleanup:
+ gnutls_free(fdata.data);
+ clear_tpmkey_url(&durl);
+ return ret;
}
@@ -1203,274 +1198,270 @@ cleanup:
* Since: 3.1.0
**/
int
-gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
- const char* srk_password,
- const char* key_password,
- gnutls_tpmkey_fmt_t format,
- gnutls_x509_crt_fmt_t pub_format,
- gnutls_datum_t* privkey,
- gnutls_datum_t* pubkey,
- unsigned int flags)
+gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
+ const char *srk_password,
+ const char *key_password,
+ gnutls_tpmkey_fmt_t format,
+ gnutls_x509_crt_fmt_t pub_format,
+ gnutls_datum_t * privkey,
+ gnutls_datum_t * pubkey, unsigned int flags)
{
-TSS_FLAG tpm_flags = TSS_KEY_VOLATILE;
-TSS_HKEY key_ctx;
-TSS_RESULT tssret;
-int ret;
-void* tdata;
-UINT32 tint;
-gnutls_datum_t tmpkey = {NULL, 0};
-TSS_HPOLICY key_policy;
-gnutls_pubkey_t pub;
-struct tpm_ctx_st s;
-TSS_FLAG storage_type;
-TSS_HTPM htpm;
-uint8_t buf[32];
-
- if (flags & GNUTLS_TPM_KEY_SIGNING)
- tpm_flags |= TSS_KEY_TYPE_SIGNING;
- else
- tpm_flags |= TSS_KEY_TYPE_LEGACY;
-
- if (flags & GNUTLS_TPM_KEY_USER)
- storage_type = TSS_PS_TYPE_USER;
- else
- storage_type = TSS_PS_TYPE_SYSTEM;
-
- if (bits <= 512)
- tpm_flags |= TSS_KEY_SIZE_512;
- else if (bits <= 1024)
- tpm_flags |= TSS_KEY_SIZE_1024;
- else if (bits <= 2048)
- tpm_flags |= TSS_KEY_SIZE_2048;
- else if (bits <= 4096)
- tpm_flags |= TSS_KEY_SIZE_4096;
- else if (bits <= 8192)
- tpm_flags |= TSS_KEY_SIZE_8192;
- else
- tpm_flags |= TSS_KEY_SIZE_16384;
-
- ret = tpm_open_session(&s, srk_password);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* put some randomness into TPM.
- * Let's not trust it completely.
- */
- tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_cc;
- }
-
-
- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
- if (ret < 0)
- {
- gnutls_assert();
- goto err_cc;
- }
-
- tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
- if (tssret)
- {
- gnutls_assert();
- }
-
- tssret = Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY, tpm_flags, &key_ctx);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_cc;
- }
-
- tssret = Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
- TSS_SS_RSASSAPKCS1V15_DER);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
- /* set the password of the actual key */
- if (key_password)
- {
- tssret = Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE, &key_policy);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
- tssret = myTspi_Policy_SetSecret(key_policy,
- SAFE_LEN(key_password), (void*)key_password);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
- }
-
- tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
- if (flags & GNUTLS_TPM_REGISTER_KEY)
- {
- TSS_UUID key_uuid;
-
- ret = randomize_uuid(&key_uuid);
- if (ret < 0)
- {
- gnutls_assert();
- goto err_sa;
- }
-
- tssret = Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx, storage_type,
- key_uuid, TSS_PS_TYPE_SYSTEM, srk_uuid);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
- ret = encode_tpmkey_url((char**)&privkey->data, &key_uuid, storage_type);
- if (ret < 0)
- {
- TSS_HKEY tkey;
-
- Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type, key_uuid, &tkey);
- gnutls_assert();
- goto err_sa;
- }
- privkey->size = strlen((char*)privkey->data);
-
- }
- else /* get the key as blob */
- {
-
- tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
- TSS_TSPATTRIB_KEYBLOB_BLOB, &tint, (void*)&tdata);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
-
- if (format == GNUTLS_TPMKEY_FMT_CTK_PEM)
- {
- ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, tdata, tint, &tmpkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_fbase64_encode ("TSS KEY BLOB", tmpkey.data, tmpkey.size, privkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else
- {
- UINT32 tint2;
-
- tmpkey.size = tint + 32; /* spec says no more than 20 */
- tmpkey.data = gnutls_malloc(tmpkey.size);
- if (tmpkey.data == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- tint2 = tmpkey.size;
- tssret = Tspi_EncodeDER_TssBlob(tint, tdata, TSS_BLOB_TYPE_PRIVATEKEY,
- &tint2, tmpkey.data);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto cleanup;
- }
-
- tmpkey.size = tint2;
-
- privkey->data = tmpkey.data;
- privkey->size = tmpkey.size;
- tmpkey.data = NULL;
- }
- }
-
- /* read the public key */
- if (pubkey != NULL)
- {
- size_t psize;
-
- ret = gnutls_pubkey_init(&pub);
- if (ret < 0)
- {
- gnutls_assert();
- goto privkey_cleanup;
- }
-
- ret = read_pubkey(pub, key_ctx, &psize);
- if (ret < 0)
- {
- gnutls_assert();
- goto privkey_cleanup;
- }
- psize+=512;
-
- pubkey->data = gnutls_malloc(psize);
- if (pubkey->data == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto pubkey_cleanup;
- }
-
- ret = gnutls_pubkey_export(pub, pub_format, pubkey->data, &psize);
- if (ret < 0)
- {
- gnutls_assert();
- goto pubkey_cleanup;
- }
- pubkey->size = psize;
-
- gnutls_pubkey_deinit(pub);
- }
-
- ret = 0;
- goto cleanup;
-
-pubkey_cleanup:
- gnutls_pubkey_deinit(pub);
-privkey_cleanup:
- gnutls_free(privkey->data);
- privkey->data = NULL;
-cleanup:
- gnutls_free(tmpkey.data);
- tmpkey.data = NULL;
-err_sa:
- Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
-err_cc:
- tpm_close_session(&s);
- return ret;
+ TSS_FLAG tpm_flags = TSS_KEY_VOLATILE;
+ TSS_HKEY key_ctx;
+ TSS_RESULT tssret;
+ int ret;
+ void *tdata;
+ UINT32 tint;
+ gnutls_datum_t tmpkey = { NULL, 0 };
+ TSS_HPOLICY key_policy;
+ gnutls_pubkey_t pub;
+ struct tpm_ctx_st s;
+ TSS_FLAG storage_type;
+ TSS_HTPM htpm;
+ uint8_t buf[32];
+
+ if (flags & GNUTLS_TPM_KEY_SIGNING)
+ tpm_flags |= TSS_KEY_TYPE_SIGNING;
+ else
+ tpm_flags |= TSS_KEY_TYPE_LEGACY;
+
+ if (flags & GNUTLS_TPM_KEY_USER)
+ storage_type = TSS_PS_TYPE_USER;
+ else
+ storage_type = TSS_PS_TYPE_SYSTEM;
+
+ if (bits <= 512)
+ tpm_flags |= TSS_KEY_SIZE_512;
+ else if (bits <= 1024)
+ tpm_flags |= TSS_KEY_SIZE_1024;
+ else if (bits <= 2048)
+ tpm_flags |= TSS_KEY_SIZE_2048;
+ else if (bits <= 4096)
+ tpm_flags |= TSS_KEY_SIZE_4096;
+ else if (bits <= 8192)
+ tpm_flags |= TSS_KEY_SIZE_8192;
+ else
+ tpm_flags |= TSS_KEY_SIZE_16384;
+
+ ret = tpm_open_session(&s, srk_password);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* put some randomness into TPM.
+ * Let's not trust it completely.
+ */
+ tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_cc;
+ }
+
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
+ if (ret < 0) {
+ gnutls_assert();
+ goto err_cc;
+ }
+
+ tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
+ if (tssret) {
+ gnutls_assert();
+ }
+
+ tssret =
+ Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY,
+ tpm_flags, &key_ctx);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_cc;
+ }
+
+ tssret =
+ Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO,
+ TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
+ TSS_SS_RSASSAPKCS1V15_DER);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+ /* set the password of the actual key */
+ if (key_password) {
+ tssret =
+ Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE,
+ &key_policy);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+ tssret = myTspi_Policy_SetSecret(key_policy,
+ SAFE_LEN(key_password),
+ (void *) key_password);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+ }
+
+ tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+ if (flags & GNUTLS_TPM_REGISTER_KEY) {
+ TSS_UUID key_uuid;
+
+ ret = randomize_uuid(&key_uuid);
+ if (ret < 0) {
+ gnutls_assert();
+ goto err_sa;
+ }
+
+ tssret =
+ Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx,
+ storage_type, key_uuid,
+ TSS_PS_TYPE_SYSTEM, srk_uuid);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+ ret =
+ encode_tpmkey_url((char **) &privkey->data, &key_uuid,
+ storage_type);
+ if (ret < 0) {
+ TSS_HKEY tkey;
+
+ Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type,
+ key_uuid, &tkey);
+ gnutls_assert();
+ goto err_sa;
+ }
+ privkey->size = strlen((char *) privkey->data);
+
+ } else { /* get the key as blob */
+
+
+ tssret =
+ Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
+ TSS_TSPATTRIB_KEYBLOB_BLOB, &tint,
+ (void *) &tdata);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+
+ if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) {
+ ret =
+ _gnutls_x509_encode_string
+ (ASN1_ETYPE_OCTET_STRING, tdata, tint,
+ &tmpkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_fbase64_encode("TSS KEY BLOB",
+ tmpkey.data,
+ tmpkey.size, privkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
+ UINT32 tint2;
+
+ tmpkey.size = tint + 32; /* spec says no more than 20 */
+ tmpkey.data = gnutls_malloc(tmpkey.size);
+ if (tmpkey.data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ tint2 = tmpkey.size;
+ tssret =
+ Tspi_EncodeDER_TssBlob(tint, tdata,
+ TSS_BLOB_TYPE_PRIVATEKEY,
+ &tint2, tmpkey.data);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+
+ tmpkey.size = tint2;
+
+ privkey->data = tmpkey.data;
+ privkey->size = tmpkey.size;
+ tmpkey.data = NULL;
+ }
+ }
+
+ /* read the public key */
+ if (pubkey != NULL) {
+ size_t psize;
+
+ ret = gnutls_pubkey_init(&pub);
+ if (ret < 0) {
+ gnutls_assert();
+ goto privkey_cleanup;
+ }
+
+ ret = read_pubkey(pub, key_ctx, &psize);
+ if (ret < 0) {
+ gnutls_assert();
+ goto privkey_cleanup;
+ }
+ psize += 512;
+
+ pubkey->data = gnutls_malloc(psize);
+ if (pubkey->data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto pubkey_cleanup;
+ }
+
+ ret =
+ gnutls_pubkey_export(pub, pub_format, pubkey->data,
+ &psize);
+ if (ret < 0) {
+ gnutls_assert();
+ goto pubkey_cleanup;
+ }
+ pubkey->size = psize;
+
+ gnutls_pubkey_deinit(pub);
+ }
+
+ ret = 0;
+ goto cleanup;
+
+ pubkey_cleanup:
+ gnutls_pubkey_deinit(pub);
+ privkey_cleanup:
+ gnutls_free(privkey->data);
+ privkey->data = NULL;
+ cleanup:
+ gnutls_free(tmpkey.data);
+ tmpkey.data = NULL;
+ err_sa:
+ Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
+ err_cc:
+ tpm_close_session(&s);
+ return ret;
}
@@ -1482,11 +1473,11 @@ err_cc:
*
* Since: 3.1.0
**/
-void
-gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list)
+void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list)
{
- if (list->tpm_ctx != 0) Tspi_Context_Close (list->tpm_ctx);
- gnutls_free(list);
+ if (list->tpm_ctx != 0)
+ Tspi_Context_Close(list->tpm_ctx);
+ gnutls_free(list);
}
/**
@@ -1507,12 +1498,16 @@ gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list)
* Since: 3.1.0
**/
int
-gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char** url, unsigned int flags)
+gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list, unsigned int idx,
+ char **url, unsigned int flags)
{
- if (idx >= list->size)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ if (idx >= list->size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- return encode_tpmkey_url(url, &list->ki[idx].keyUUID, list->ki[idx].persistentStorageType);
+ return encode_tpmkey_url(url, &list->ki[idx].keyUUID,
+ list->ki[idx].persistentStorageType);
}
/**
@@ -1527,47 +1522,45 @@ gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char*
*
* Since: 3.1.0
**/
-int
-gnutls_tpm_get_registered (gnutls_tpm_key_list_t *list)
+int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list)
{
-TSS_RESULT tssret;
-int ret;
-
- *list = gnutls_calloc(1, sizeof(struct tpm_key_list_st));
- if (*list == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- tssret = Tspi_Context_Create (&(*list)->tpm_ctx);
- if (tssret)
- {
- gnutls_assert ();
- ret = tss_err(tssret);
- goto cleanup;
- }
-
- tssret = Tspi_Context_Connect ((*list)->tpm_ctx, NULL);
- if (tssret)
- {
- gnutls_assert ();
- ret = tss_err(tssret);
- goto cleanup;
- }
-
- tssret =
- Tspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx, TSS_PS_TYPE_SYSTEM,
- NULL, &(*list)->size, &(*list)->ki);
- if (tssret)
- {
- gnutls_assert ();
- ret = tss_err(tssret);
- goto cleanup;
- }
- return 0;
-
-cleanup:
- gnutls_tpm_key_list_deinit(*list);
-
- return ret;
+ TSS_RESULT tssret;
+ int ret;
+
+ *list = gnutls_calloc(1, sizeof(struct tpm_key_list_st));
+ if (*list == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ tssret = Tspi_Context_Create(&(*list)->tpm_ctx);
+ if (tssret) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+
+ tssret = Tspi_Context_Connect((*list)->tpm_ctx, NULL);
+ if (tssret) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+
+ tssret =
+ Tspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx,
+ TSS_PS_TYPE_SYSTEM, NULL,
+ &(*list)->size,
+ &(*list)->ki);
+ if (tssret) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+ return 0;
+
+ cleanup:
+ gnutls_tpm_key_list_deinit(*list);
+
+ return ret;
}
/**
@@ -1583,115 +1576,107 @@ cleanup:
*
* Since: 3.1.0
**/
-int
-gnutls_tpm_privkey_delete (const char* url, const char* srk_password)
+int gnutls_tpm_privkey_delete(const char *url, const char *srk_password)
{
-struct tpm_ctx_st s;
-struct tpmkey_url_st durl;
-TSS_RESULT tssret;
-TSS_HKEY tkey;
-int ret;
-
- ret = decode_tpmkey_url(url, &durl);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (durl.uuid_set == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = tpm_open_session(&s, srk_password);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- tssret = Tspi_Context_UnregisterKey(s.tpm_ctx, durl.storage, durl.uuid, &tkey);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_cc;
- }
-
- ret = 0;
-err_cc:
- tpm_close_session(&s);
- return ret;
+ struct tpm_ctx_st s;
+ struct tpmkey_url_st durl;
+ TSS_RESULT tssret;
+ TSS_HKEY tkey;
+ int ret;
+
+ ret = decode_tpmkey_url(url, &durl);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (durl.uuid_set == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = tpm_open_session(&s, srk_password);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ tssret =
+ Tspi_Context_UnregisterKey(s.tpm_ctx, durl.storage, durl.uuid,
+ &tkey);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_cc;
+ }
+
+ ret = 0;
+ err_cc:
+ tpm_close_session(&s);
+ return ret;
}
-#else /* HAVE_TROUSERS */
+#else /* HAVE_TROUSERS */
int
-gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- const char *key_password,
- unsigned int flags)
+gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password,
+ const char *key_password, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
-gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
- const char* url,
- const char *srk_password,
- const char *key_password,
- unsigned int flags)
+gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
+ const char *url,
+ const char *srk_password,
+ const char *key_password, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
-gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- unsigned int flags)
+gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
-gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey,
- const char* url,
- const char *srk_password,
- unsigned int flags)
+gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
+ const char *url,
+ const char *srk_password, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
-gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
- const char* srk_password,
- const char* key_password,
- gnutls_tpmkey_fmt_t format,
- gnutls_x509_crt_fmt_t pub_format,
- gnutls_datum_t* privkey,
- gnutls_datum_t* pubkey,
- unsigned int flags)
+gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
+ const char *srk_password,
+ const char *key_password,
+ gnutls_tpmkey_fmt_t format,
+ gnutls_x509_crt_fmt_t pub_format,
+ gnutls_datum_t * privkey,
+ gnutls_datum_t * pubkey, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
-void
-gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list)
+void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list)
{
- return;
+ return;
}
int
-gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char** url, unsigned int flags)
+gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list, unsigned int idx,
+ char **url, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
-int
-gnutls_tpm_get_registered (gnutls_tpm_key_list_t *list)
+int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
-int
-gnutls_tpm_privkey_delete (const char* url, const char* srk_password)
+int gnutls_tpm_privkey_delete(const char *url, const char *srk_password)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
-#endif /* HAVE_TROUSERS */
-
+#endif /* HAVE_TROUSERS */
diff --git a/lib/vasprintf.c b/lib/vasprintf.c
index dcc3061966..24e30d8731 100644
--- a/lib/vasprintf.c
+++ b/lib/vasprintf.c
@@ -9,24 +9,23 @@
int _gnutls_vasprintf(char **strp, const char *fmt, va_list ap)
{
-char * buf;
-int ret, max;
+ char *buf;
+ int ret, max;
- max = MAX_BSIZE/2;
+ max = MAX_BSIZE / 2;
- do
- {
- max *= 2;
+ do {
+ max *= 2;
- buf = malloc(max);
- if (buf == NULL)
- return -1;
-
- ret = vsnprintf(buf, max, fmt, ap);
- }
- while (ret > max && max < NO_MORE_MAX);
+ buf = malloc(max);
+ if (buf == NULL)
+ return -1;
- return ret;
+ ret = vsnprintf(buf, max, fmt, ap);
+ }
+ while (ret > max && max < NO_MORE_MAX);
+
+ return ret;
}
#endif
diff --git a/lib/vasprintf.h b/lib/vasprintf.h
index 6e0090c2d6..70574806bc 100644
--- a/lib/vasprintf.h
+++ b/lib/vasprintf.h
@@ -1,5 +1,5 @@
#ifndef VASPRINTF_H
-# define VASPRINTF_H
+#define VASPRINTF_H
#include <config.h>
#ifndef HAVE_VASPRINTF
diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c
index fd6b720204..e640a72031 100644
--- a/lib/verify-tofu.c
+++ b/lib/verify-tofu.c
@@ -24,7 +24,7 @@
#include <gnutls_errors.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
@@ -36,35 +36,38 @@
#include <locks.h>
struct gnutls_tdb_int {
- gnutls_tdb_store_func store;
- gnutls_tdb_store_commitment_func cstore;
- gnutls_tdb_verify_func verify;
+ gnutls_tdb_store_func store;
+ gnutls_tdb_store_commitment_func cstore;
+ gnutls_tdb_verify_func verify;
};
-static int raw_pubkey_to_base64(const gnutls_datum_t* raw, gnutls_datum_t * b64);
-static int x509_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t *rpubkey);
-static int pgp_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t *rpubkey);
-static int verify_pubkey(const char* file,
- const char* host, const char* service,
- const gnutls_datum_t* skey);
-
-static
-int store_commitment(const char* db_name, const char* host,
- const char* service, time_t expiration,
- gnutls_digest_algorithm_t hash_algo,
- const gnutls_datum_t* hash);
-static
-int store_pubkey(const char* db_name, const char* host,
- const char* service, time_t expiration, const gnutls_datum_t* pubkey);
-
-static int find_config_file(char* file, size_t max_size);
+static int raw_pubkey_to_base64(const gnutls_datum_t * raw,
+ gnutls_datum_t * b64);
+static int x509_crt_to_raw_pubkey(const gnutls_datum_t * cert,
+ gnutls_datum_t * rpubkey);
+static int pgp_crt_to_raw_pubkey(const gnutls_datum_t * cert,
+ gnutls_datum_t * rpubkey);
+static int verify_pubkey(const char *file, const char *host,
+ const char *service, const gnutls_datum_t * skey);
+
+static
+int store_commitment(const char *db_name, const char *host,
+ const char *service, time_t expiration,
+ gnutls_digest_algorithm_t hash_algo,
+ const gnutls_datum_t * hash);
+static
+int store_pubkey(const char *db_name, const char *host,
+ const char *service, time_t expiration,
+ const gnutls_datum_t * pubkey);
+
+static int find_config_file(char *file, size_t max_size);
extern void *_gnutls_file_mutex;
struct gnutls_tdb_int default_tdb = {
- store_pubkey,
- store_commitment,
- verify_pubkey
+ store_pubkey,
+ store_commitment,
+ verify_pubkey
};
@@ -103,477 +106,489 @@ struct gnutls_tdb_int default_tdb = {
* Since: 3.0
**/
int
-gnutls_verify_stored_pubkey(const char* db_name,
- gnutls_tdb_t tdb,
- const char* host,
- const char* service,
- gnutls_certificate_type_t cert_type,
- const gnutls_datum_t * cert, unsigned int flags)
+gnutls_verify_stored_pubkey(const char *db_name,
+ gnutls_tdb_t tdb,
+ const char *host,
+ const char *service,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t * cert,
+ unsigned int flags)
{
-gnutls_datum_t pubkey = { NULL, 0 };
-int ret;
-char local_file[MAX_FILENAME];
-
- if (cert_type != GNUTLS_CRT_X509 && cert_type != GNUTLS_CRT_OPENPGP)
- return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
-
- if (db_name == NULL && tdb == NULL)
- {
- ret = find_config_file(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
- db_name = local_file;
- }
-
- if (tdb == NULL)
- tdb = &default_tdb;
-
- if (cert_type == GNUTLS_CRT_X509)
- ret = x509_crt_to_raw_pubkey(cert, &pubkey);
- else
- ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = tdb->verify(db_name, host, service, &pubkey);
- if (ret < 0 && ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- ret = gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
-
-cleanup:
- gnutls_free(pubkey.data);
- return ret;
+ gnutls_datum_t pubkey = { NULL, 0 };
+ int ret;
+ char local_file[MAX_FILENAME];
+
+ if (cert_type != GNUTLS_CRT_X509
+ && cert_type != GNUTLS_CRT_OPENPGP)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
+
+ if (db_name == NULL && tdb == NULL) {
+ ret = find_config_file(local_file, sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ db_name = local_file;
+ }
+
+ if (tdb == NULL)
+ tdb = &default_tdb;
+
+ if (cert_type == GNUTLS_CRT_X509)
+ ret = x509_crt_to_raw_pubkey(cert, &pubkey);
+ else
+ ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = tdb->verify(db_name, host, service, &pubkey);
+ if (ret < 0 && ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
+ ret = gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
+
+ cleanup:
+ gnutls_free(pubkey.data);
+ return ret;
}
-static int parse_commitment_line(char* line,
- const char* host, size_t host_len,
- const char* service, size_t service_len,
- time_t now,
- const gnutls_datum_t *skey)
+static int parse_commitment_line(char *line,
+ const char *host, size_t host_len,
+ const char *service, size_t service_len,
+ time_t now, const gnutls_datum_t * skey)
{
-char* p, *kp;
-char* savep = NULL;
-size_t kp_len, phash_size;
-time_t expiration;
-int ret;
-const mac_entry_st* hash_algo;
-uint8_t phash[MAX_HASH_SIZE];
-uint8_t hphash[MAX_HASH_SIZE*2+1];
-
- /* read host */
- p = strtok_r(line, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (p[0] != '*' && strcmp(p, host) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read service */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (p[0] != '*' && strcmp(p, service) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read expiration */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- expiration = (time_t)atol(p);
- if (expiration > 0 && now > expiration)
- return gnutls_assert_val(GNUTLS_E_EXPIRED);
-
- /* read hash algorithm */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- hash_algo = mac_to_entry(atol(p));
- if (_gnutls_digest_get_name(hash_algo) == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read hash */
- kp = strtok_r(NULL, "|", &savep);
- if (kp == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- p = strpbrk(kp, "\n \r\t|");
- if (p != NULL) *p = 0;
-
- /* hash and hex encode */
- ret = _gnutls_hash_fast (hash_algo->id, skey->data, skey->size, phash);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- phash_size = _gnutls_hash_get_algo_len(hash_algo);
-
- p = _gnutls_bin2hex (phash, phash_size,(void*) hphash,
- sizeof(hphash), NULL);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- kp_len = strlen(kp);
- if (kp_len != phash_size*2)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
-
- if (memcmp(kp, hphash, kp_len) != 0)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
-
- /* key found and matches */
- return 0;
+ char *p, *kp;
+ char *savep = NULL;
+ size_t kp_len, phash_size;
+ time_t expiration;
+ int ret;
+ const mac_entry_st *hash_algo;
+ uint8_t phash[MAX_HASH_SIZE];
+ uint8_t hphash[MAX_HASH_SIZE * 2 + 1];
+
+ /* read host */
+ p = strtok_r(line, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (p[0] != '*' && strcmp(p, host) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read service */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (p[0] != '*' && strcmp(p, service) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read expiration */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ expiration = (time_t) atol(p);
+ if (expiration > 0 && now > expiration)
+ return gnutls_assert_val(GNUTLS_E_EXPIRED);
+
+ /* read hash algorithm */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ hash_algo = mac_to_entry(atol(p));
+ if (_gnutls_digest_get_name(hash_algo) == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read hash */
+ kp = strtok_r(NULL, "|", &savep);
+ if (kp == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ p = strpbrk(kp, "\n \r\t|");
+ if (p != NULL)
+ *p = 0;
+
+ /* hash and hex encode */
+ ret =
+ _gnutls_hash_fast(hash_algo->id, skey->data, skey->size,
+ phash);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ phash_size = _gnutls_hash_get_algo_len(hash_algo);
+
+ p = _gnutls_bin2hex(phash, phash_size, (void *) hphash,
+ sizeof(hphash), NULL);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ kp_len = strlen(kp);
+ if (kp_len != phash_size * 2)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
+
+ if (memcmp(kp, hphash, kp_len) != 0)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
+
+ /* key found and matches */
+ return 0;
}
-static int parse_line(char* line,
- const char* host, size_t host_len,
- const char* service, size_t service_len,
- time_t now,
- const gnutls_datum_t *rawkey,
- const gnutls_datum_t *b64key)
+static int parse_line(char *line,
+ const char *host, size_t host_len,
+ const char *service, size_t service_len,
+ time_t now,
+ const gnutls_datum_t * rawkey,
+ const gnutls_datum_t * b64key)
{
-char* p, *kp;
-char* savep = NULL;
-size_t kp_len;
-time_t expiration;
-
- /* read version */
- p = strtok_r(line, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (strncmp(p, "c0", 2) == 0)
- return parse_commitment_line(p+3, host, host_len, service, service_len, now, rawkey);
-
- if (strncmp(p, "g0", 2) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read host */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (p[0] != '*' && strcmp(p, host) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read service */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (p[0] != '*' && strcmp(p, service) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read expiration */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- expiration = (time_t)atol(p);
- if (expiration > 0 && now > expiration)
- return gnutls_assert_val(GNUTLS_E_EXPIRED);
-
- /* read key */
- kp = strtok_r(NULL, "|", &savep);
- if (kp == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- p = strpbrk(kp, "\n \r\t|");
- if (p != NULL) *p = 0;
-
- kp_len = strlen(kp);
- if (kp_len != b64key->size)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
-
- if (memcmp(kp, b64key->data, b64key->size) != 0)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
-
- /* key found and matches */
- return 0;
+ char *p, *kp;
+ char *savep = NULL;
+ size_t kp_len;
+ time_t expiration;
+
+ /* read version */
+ p = strtok_r(line, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (strncmp(p, "c0", 2) == 0)
+ return parse_commitment_line(p + 3, host, host_len,
+ service, service_len, now,
+ rawkey);
+
+ if (strncmp(p, "g0", 2) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read host */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (p[0] != '*' && strcmp(p, host) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read service */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (p[0] != '*' && strcmp(p, service) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read expiration */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ expiration = (time_t) atol(p);
+ if (expiration > 0 && now > expiration)
+ return gnutls_assert_val(GNUTLS_E_EXPIRED);
+
+ /* read key */
+ kp = strtok_r(NULL, "|", &savep);
+ if (kp == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ p = strpbrk(kp, "\n \r\t|");
+ if (p != NULL)
+ *p = 0;
+
+ kp_len = strlen(kp);
+ if (kp_len != b64key->size)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
+
+ if (memcmp(kp, b64key->data, b64key->size) != 0)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
+
+ /* key found and matches */
+ return 0;
}
/* Returns the base64 key if found
*/
-static int verify_pubkey(const char* file,
- const char* host, const char* service,
- const gnutls_datum_t* pubkey)
+static int verify_pubkey(const char *file,
+ const char *host, const char *service,
+ const gnutls_datum_t * pubkey)
{
-FILE* fd;
-char* line = NULL;
-size_t line_size = 0;
-int ret, l2, mismatch = 0;
-size_t host_len = 0, service_len = 0;
-time_t now = gnutls_time(0);
-gnutls_datum_t b64key = { NULL, 0 };
-
- ret = raw_pubkey_to_base64(pubkey, &b64key);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (host != NULL) host_len = strlen(host);
- if (service != NULL) service_len = strlen(service);
-
- fd = fopen(file, "rb");
- if (fd == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR);
- goto cleanup;
- }
-
- do
- {
- l2 = getline(&line, &line_size, fd);
- if (l2 > 0)
- {
- ret = parse_line(line, host, host_len, service, service_len, now, pubkey, &b64key);
- if (ret == 0) /* found */
- {
- goto cleanup;
- }
- else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- mismatch = 1;
- }
- }
- while(l2 >= 0);
-
- if (mismatch)
- ret = GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- else
- ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
-
-cleanup:
- free(line);
- if (fd != NULL)
- fclose(fd);
- gnutls_free(b64key.data);
-
- return ret;
+ FILE *fd;
+ char *line = NULL;
+ size_t line_size = 0;
+ int ret, l2, mismatch = 0;
+ size_t host_len = 0, service_len = 0;
+ time_t now = gnutls_time(0);
+ gnutls_datum_t b64key = { NULL, 0 };
+
+ ret = raw_pubkey_to_base64(pubkey, &b64key);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (host != NULL)
+ host_len = strlen(host);
+ if (service != NULL)
+ service_len = strlen(service);
+
+ fd = fopen(file, "rb");
+ if (fd == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+ goto cleanup;
+ }
+
+ do {
+ l2 = getline(&line, &line_size, fd);
+ if (l2 > 0) {
+ ret =
+ parse_line(line, host, host_len, service,
+ service_len, now, pubkey, &b64key);
+ if (ret == 0) { /* found */
+ goto cleanup;
+ } else if (ret ==
+ GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
+ mismatch = 1;
+ }
+ }
+ while (l2 >= 0);
+
+ if (mismatch)
+ ret = GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ else
+ ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ cleanup:
+ free(line);
+ if (fd != NULL)
+ fclose(fd);
+ gnutls_free(b64key.data);
+
+ return ret;
}
-static int raw_pubkey_to_base64(const gnutls_datum_t* raw, gnutls_datum_t * b64)
+static int raw_pubkey_to_base64(const gnutls_datum_t * raw,
+ gnutls_datum_t * b64)
{
- int ret;
- char* out;
-
- ret = base64_encode_alloc((void*)raw->data, raw->size, &out);
- if (ret == 0)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- b64->data = (void*)out;
- b64->size = ret;
-
- return 0;
+ int ret;
+ char *out;
+
+ ret = base64_encode_alloc((void *) raw->data, raw->size, &out);
+ if (ret == 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ b64->data = (void *) out;
+ b64->size = ret;
+
+ return 0;
}
-static int x509_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t *rpubkey)
+static int x509_crt_to_raw_pubkey(const gnutls_datum_t * cert,
+ gnutls_datum_t * rpubkey)
{
-gnutls_x509_crt_t crt = NULL;
-gnutls_pubkey_t pubkey = NULL;
-size_t size;
-int ret;
-
- ret = gnutls_x509_crt_init(&crt);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_pubkey_init(&pubkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- size = 0;
- ret = gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, NULL, &size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- rpubkey->data = gnutls_malloc(size);
- if (rpubkey->data == NULL)
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, rpubkey->data, &size);
- if (ret < 0)
- {
- gnutls_free(rpubkey->data);
- gnutls_assert();
- goto cleanup;
- }
-
- rpubkey->size = size;
- ret = 0;
-
-cleanup:
- gnutls_x509_crt_deinit(crt);
- gnutls_pubkey_deinit(pubkey);
-
- return ret;
+ gnutls_x509_crt_t crt = NULL;
+ gnutls_pubkey_t pubkey = NULL;
+ size_t size;
+ int ret;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ size = 0;
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, NULL, &size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rpubkey->data = gnutls_malloc(size);
+ if (rpubkey->data == NULL)
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER,
+ rpubkey->data, &size);
+ if (ret < 0) {
+ gnutls_free(rpubkey->data);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rpubkey->size = size;
+ ret = 0;
+
+ cleanup:
+ gnutls_x509_crt_deinit(crt);
+ gnutls_pubkey_deinit(pubkey);
+
+ return ret;
}
-static int pgp_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t *rpubkey)
+static int pgp_crt_to_raw_pubkey(const gnutls_datum_t * cert,
+ gnutls_datum_t * rpubkey)
{
#ifdef ENABLE_OPENPGP
-gnutls_openpgp_crt_t crt = NULL;
-gnutls_pubkey_t pubkey = NULL;
-size_t size;
-int ret;
-
- ret = gnutls_openpgp_crt_init(&crt);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_pubkey_init(&pubkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_openpgp_crt_import(crt, cert, GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_openpgp (pubkey, crt, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- size = 0;
- ret = gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, NULL, &size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- rpubkey->data = gnutls_malloc(size);
- if (rpubkey->data == NULL)
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, rpubkey->data, &size);
- if (ret < 0)
- {
- gnutls_free(rpubkey->data);
- gnutls_assert();
- goto cleanup;
- }
-
- rpubkey->size = size;
- ret = 0;
-
-cleanup:
- gnutls_openpgp_crt_deinit(crt);
- gnutls_pubkey_deinit(pubkey);
-
- return ret;
+ gnutls_openpgp_crt_t crt = NULL;
+ gnutls_pubkey_t pubkey = NULL;
+ size_t size;
+ int ret;
+
+ ret = gnutls_openpgp_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_openpgp_crt_import(crt, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_openpgp(pubkey, crt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ size = 0;
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, NULL, &size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rpubkey->data = gnutls_malloc(size);
+ if (rpubkey->data == NULL)
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER,
+ rpubkey->data, &size);
+ if (ret < 0) {
+ gnutls_free(rpubkey->data);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rpubkey->size = size;
+ ret = 0;
+
+ cleanup:
+ gnutls_openpgp_crt_deinit(crt);
+ gnutls_pubkey_deinit(pubkey);
+
+ return ret;
#else
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
#endif
}
-static
-int store_pubkey(const char* db_name, const char* host,
- const char* service, time_t expiration,
- const gnutls_datum_t* pubkey)
+static
+int store_pubkey(const char *db_name, const char *host,
+ const char *service, time_t expiration,
+ const gnutls_datum_t * pubkey)
{
-FILE* fd = NULL;
-gnutls_datum_t b64key = { NULL, 0 };
-int ret;
-
- ret = gnutls_mutex_lock(&_gnutls_file_mutex);
- if (ret != 0)
- return gnutls_assert_val(GNUTLS_E_LOCKING_ERROR);
-
- ret = raw_pubkey_to_base64(pubkey, &b64key);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- fd = fopen(db_name, "ab+");
- if (fd == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR);
- goto cleanup;
- }
-
- if (service == NULL) service = "*";
- if (host == NULL) host = "*";
-
- fprintf(fd, "|g0|%s|%s|%lu|%.*s\n", host, service, (unsigned long)expiration,
- b64key.size, b64key.data);
-
- ret = 0;
-
-cleanup:
- if (fd != NULL)
- fclose(fd);
-
- gnutls_mutex_unlock(&_gnutls_file_mutex);
- gnutls_free(b64key.data);
-
- return ret;
+ FILE *fd = NULL;
+ gnutls_datum_t b64key = { NULL, 0 };
+ int ret;
+
+ ret = gnutls_mutex_lock(&_gnutls_file_mutex);
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_LOCKING_ERROR);
+
+ ret = raw_pubkey_to_base64(pubkey, &b64key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ fd = fopen(db_name, "ab+");
+ if (fd == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+ goto cleanup;
+ }
+
+ if (service == NULL)
+ service = "*";
+ if (host == NULL)
+ host = "*";
+
+ fprintf(fd, "|g0|%s|%s|%lu|%.*s\n", host, service,
+ (unsigned long) expiration, b64key.size, b64key.data);
+
+ ret = 0;
+
+ cleanup:
+ if (fd != NULL)
+ fclose(fd);
+
+ gnutls_mutex_unlock(&_gnutls_file_mutex);
+ gnutls_free(b64key.data);
+
+ return ret;
}
-static
-int store_commitment(const char* db_name, const char* host,
- const char* service, time_t expiration,
- gnutls_digest_algorithm_t hash_algo,
- const gnutls_datum_t* hash)
+static
+int store_commitment(const char *db_name, const char *host,
+ const char *service, time_t expiration,
+ gnutls_digest_algorithm_t hash_algo,
+ const gnutls_datum_t * hash)
{
-FILE* fd;
-char buffer[MAX_HASH_SIZE*2+1];
-
- fd = fopen(db_name, "ab+");
- if (fd == NULL)
- return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
-
- if (service == NULL) service = "*";
- if (host == NULL) host = "*";
-
- fprintf(fd, "|c0|%s|%s|%lu|%u|%s\n", host, service, (unsigned long)expiration,
- (unsigned)hash_algo, _gnutls_bin2hex(hash->data, hash->size, buffer, sizeof(buffer), NULL));
-
- fclose(fd);
-
- return 0;
+ FILE *fd;
+ char buffer[MAX_HASH_SIZE * 2 + 1];
+
+ fd = fopen(db_name, "ab+");
+ if (fd == NULL)
+ return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+
+ if (service == NULL)
+ service = "*";
+ if (host == NULL)
+ host = "*";
+
+ fprintf(fd, "|c0|%s|%s|%lu|%u|%s\n", host, service,
+ (unsigned long) expiration, (unsigned) hash_algo,
+ _gnutls_bin2hex(hash->data, hash->size, buffer,
+ sizeof(buffer), NULL));
+
+ fclose(fd);
+
+ return 0;
}
/**
@@ -601,62 +616,65 @@ char buffer[MAX_HASH_SIZE*2+1];
* Since: 3.0
**/
int
-gnutls_store_pubkey(const char* db_name,
- gnutls_tdb_t tdb,
- const char* host,
- const char* service,
- gnutls_certificate_type_t cert_type,
- const gnutls_datum_t * cert,
- time_t expiration,
- unsigned int flags)
+gnutls_store_pubkey(const char *db_name,
+ gnutls_tdb_t tdb,
+ const char *host,
+ const char *service,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t * cert,
+ time_t expiration, unsigned int flags)
{
-FILE* fd = NULL;
-gnutls_datum_t pubkey = { NULL, 0 };
-int ret;
-char local_file[MAX_FILENAME];
-
- if (cert_type != GNUTLS_CRT_X509 && cert_type != GNUTLS_CRT_OPENPGP)
- return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
-
- if (db_name == NULL && tdb == NULL)
- {
- ret = _gnutls_find_config_path(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_debug_log("Configuration path: %s\n", local_file);
- mkdir(local_file, 0700);
-
- ret = find_config_file(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
- db_name = local_file;
- }
-
- if (tdb == NULL)
- tdb = &default_tdb;
-
- if (cert_type == GNUTLS_CRT_X509)
- ret = x509_crt_to_raw_pubkey(cert, &pubkey);
- else
- ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- _gnutls_debug_log("Configuration file: %s\n", db_name);
-
- tdb->store(db_name, host, service, expiration, &pubkey);
-
- ret = 0;
-
-cleanup:
- gnutls_free(pubkey.data);
- if (fd != NULL) fclose(fd);
-
- return ret;
+ FILE *fd = NULL;
+ gnutls_datum_t pubkey = { NULL, 0 };
+ int ret;
+ char local_file[MAX_FILENAME];
+
+ if (cert_type != GNUTLS_CRT_X509
+ && cert_type != GNUTLS_CRT_OPENPGP)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
+
+ if (db_name == NULL && tdb == NULL) {
+ ret =
+ _gnutls_find_config_path(local_file,
+ sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_debug_log("Configuration path: %s\n", local_file);
+ mkdir(local_file, 0700);
+
+ ret = find_config_file(local_file, sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ db_name = local_file;
+ }
+
+ if (tdb == NULL)
+ tdb = &default_tdb;
+
+ if (cert_type == GNUTLS_CRT_X509)
+ ret = x509_crt_to_raw_pubkey(cert, &pubkey);
+ else
+ ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_debug_log("Configuration file: %s\n", db_name);
+
+ tdb->store(db_name, host, service, expiration, &pubkey);
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(pubkey.data);
+ if (fd != NULL)
+ fclose(fd);
+
+ return ret;
}
/**
@@ -686,72 +704,73 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_store_commitment(const char* db_name,
- gnutls_tdb_t tdb,
- const char* host,
- const char* service,
- gnutls_digest_algorithm_t hash_algo,
- const gnutls_datum_t* hash,
- time_t expiration,
- unsigned int flags)
+gnutls_store_commitment(const char *db_name,
+ gnutls_tdb_t tdb,
+ const char *host,
+ const char *service,
+ gnutls_digest_algorithm_t hash_algo,
+ const gnutls_datum_t * hash,
+ time_t expiration, unsigned int flags)
{
-FILE* fd = NULL;
-int ret;
-char local_file[MAX_FILENAME];
-const mac_entry_st* me = mac_to_entry(hash_algo);
-
- if (_gnutls_digest_is_secure(me) == 0)
- return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
-
- if (_gnutls_hash_get_algo_len(me) != hash->size)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (db_name == NULL && tdb == NULL)
- {
- ret = _gnutls_find_config_path(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_debug_log("Configuration path: %s\n", local_file);
- mkdir(local_file, 0700);
-
- ret = find_config_file(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
- db_name = local_file;
- }
-
- if (tdb == NULL)
- tdb = &default_tdb;
-
- _gnutls_debug_log("Configuration file: %s\n", db_name);
-
- tdb->cstore(db_name, host, service, expiration, me->id, hash);
-
- ret = 0;
-
- if (fd != NULL) fclose(fd);
-
- return ret;
+ FILE *fd = NULL;
+ int ret;
+ char local_file[MAX_FILENAME];
+ const mac_entry_st *me = mac_to_entry(hash_algo);
+
+ if (_gnutls_digest_is_secure(me) == 0)
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+
+ if (_gnutls_hash_get_algo_len(me) != hash->size)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (db_name == NULL && tdb == NULL) {
+ ret =
+ _gnutls_find_config_path(local_file,
+ sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_debug_log("Configuration path: %s\n", local_file);
+ mkdir(local_file, 0700);
+
+ ret = find_config_file(local_file, sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ db_name = local_file;
+ }
+
+ if (tdb == NULL)
+ tdb = &default_tdb;
+
+ _gnutls_debug_log("Configuration file: %s\n", db_name);
+
+ tdb->cstore(db_name, host, service, expiration, me->id, hash);
+
+ ret = 0;
+
+ if (fd != NULL)
+ fclose(fd);
+
+ return ret;
}
#define CONFIG_FILE "known_hosts"
-static int find_config_file(char* file, size_t max_size)
+static int find_config_file(char *file, size_t max_size)
{
-char path[MAX_FILENAME];
-int ret;
-
- ret = _gnutls_find_config_path(path, sizeof(path));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (path[0] == 0)
- snprintf(file, max_size, "%s", CONFIG_FILE);
- else
- snprintf(file, max_size, "%s/%s", path, CONFIG_FILE);
-
- return 0;
+ char path[MAX_FILENAME];
+ int ret;
+
+ ret = _gnutls_find_config_path(path, sizeof(path));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (path[0] == 0)
+ snprintf(file, max_size, "%s", CONFIG_FILE);
+ else
+ snprintf(file, max_size, "%s/%s", path, CONFIG_FILE);
+
+ return 0;
}
/**
@@ -763,14 +782,14 @@ int ret;
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int gnutls_tdb_init(gnutls_tdb_t* tdb)
+int gnutls_tdb_init(gnutls_tdb_t * tdb)
{
- *tdb = gnutls_calloc (1, sizeof (struct gnutls_tdb_int));
+ *tdb = gnutls_calloc(1, sizeof(struct gnutls_tdb_int));
+
+ if (!*tdb)
+ return GNUTLS_E_MEMORY_ERROR;
- if (!*tdb)
- return GNUTLS_E_MEMORY_ERROR;
-
- return 0;
+ return 0;
}
/**
@@ -786,9 +805,10 @@ int gnutls_tdb_init(gnutls_tdb_t* tdb)
* const gnutls_datum_t* pubkey);
*
**/
-void gnutls_tdb_set_store_func(gnutls_tdb_t tdb, gnutls_tdb_store_func store)
+void gnutls_tdb_set_store_func(gnutls_tdb_t tdb,
+ gnutls_tdb_store_func store)
{
- tdb->store = store;
+ tdb->store = store;
}
/**
@@ -805,9 +825,10 @@ void gnutls_tdb_set_store_func(gnutls_tdb_t tdb, gnutls_tdb_store_func store)
*
**/
void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
- gnutls_tdb_store_commitment_func cstore)
+ gnutls_tdb_store_commitment_func
+ cstore)
{
- tdb->cstore = cstore;
+ tdb->cstore = cstore;
}
/**
@@ -822,9 +843,10 @@ void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
* const char* service, const gnutls_datum_t* pubkey);
*
**/
-void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb, gnutls_tdb_verify_func verify)
+void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb,
+ gnutls_tdb_verify_func verify)
{
- tdb->verify = verify;
+ tdb->verify = verify;
}
/**
@@ -835,7 +857,5 @@ void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb, gnutls_tdb_verify_func verify)
**/
void gnutls_tdb_deinit(gnutls_tdb_t tdb)
{
- gnutls_free(tdb);
+ gnutls_free(tdb);
}
-
-
diff --git a/lib/x509/common.c b/lib/x509/common.c
index ee8478dc99..53cae80c06 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -34,161 +34,172 @@
#include <c-ctype.h>
static int
-data2hex (const void * data, size_t data_size,
- void * _out, size_t * sizeof_out);
-
-struct oid_to_string
-{
- const char *oid;
- const char *ldap_desc;
- const char *asn_desc; /* description in the pkix file if complex type */
- unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID
- * if cannot be simply parsed */
+data2hex(const void *data, size_t data_size,
+ void *_out, size_t * sizeof_out);
+
+struct oid_to_string {
+ const char *oid;
+ const char *ldap_desc;
+ const char *asn_desc; /* description in the pkix file if complex type */
+ unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID
+ * if cannot be simply parsed */
};
/* This list contains all the OIDs that may be
* contained in a rdnSequence and are printable.
*/
static const struct oid_to_string _oid2str[] = {
- /* PKIX
- */
- {"1.3.6.1.5.5.7.9.2", "placeOfBirth", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"1.3.6.1.5.5.7.9.3", "gender", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"1.3.6.1.5.5.7.9.5", "countryOfResidence", NULL, ASN1_ETYPE_PRINTABLE_STRING},
-
- {"2.5.4.6", "C", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"2.5.4.9", "street", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.12", "title", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.10", "O", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.11", "OU", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.3", "CN", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.7", "L", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.8", "ST", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.13", "description", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
-
- {"2.5.4.5", "serialNumber", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"2.5.4.20", "telephoneNumber", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"2.5.4.4", "surName", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.43", "initials", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.44", "generationQualifier", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.42", "givenName", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.65", "pseudonym", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.46", "dnQualifier", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"2.5.4.17", "postalCode", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.41", "name", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.15", "businessCategory", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
-
- {"0.9.2342.19200300.100.1.25", "DC", NULL, ASN1_ETYPE_IA5_STRING},
- {"0.9.2342.19200300.100.1.1", "UID", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
-
- /* Extended validation
- */
- {"1.3.6.1.4.1.311.60.2.1.1", "jurisdictionOfIncorporationLocalityName",
- "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"1.3.6.1.4.1.311.60.2.1.2",
- "jurisdictionOfIncorporationStateOrProvinceName",
- "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName",
- NULL, ASN1_ETYPE_PRINTABLE_STRING},
-
- /* PKCS #9
- */
- {"1.2.840.113549.1.9.1", "EMAIL", NULL, ASN1_ETYPE_IA5_STRING},
- {"1.2.840.113549.1.9.7", NULL, "PKIX1.pkcs-9-challengePassword", ASN1_ETYPE_INVALID},
-
- /* friendly name */
- {"1.2.840.113549.1.9.20", NULL, NULL, ASN1_ETYPE_BMP_STRING},
- /* local key id */
- {"1.2.840.113549.1.9.21", NULL, NULL, ASN1_ETYPE_OCTET_STRING},
-
- /* rfc3920 section 5.1.1 */
- {"1.3.6.1.5.5.7.8.5", "XmppAddr", NULL, ASN1_ETYPE_UTF8_STRING},
-
- {NULL, NULL, NULL, 0}
+ /* PKIX
+ */
+ {"1.3.6.1.5.5.7.9.2", "placeOfBirth", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"1.3.6.1.5.5.7.9.3", "gender", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", NULL,
+ ASN1_ETYPE_PRINTABLE_STRING},
+ {"1.3.6.1.5.5.7.9.5", "countryOfResidence", NULL,
+ ASN1_ETYPE_PRINTABLE_STRING},
+
+ {"2.5.4.6", "C", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"2.5.4.9", "street", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.12", "title", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.10", "O", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.11", "OU", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.3", "CN", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.7", "L", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.8", "ST", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.13", "description", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+
+ {"2.5.4.5", "serialNumber", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"2.5.4.20", "telephoneNumber", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"2.5.4.4", "surName", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.43", "initials", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.44", "generationQualifier", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.42", "givenName", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.65", "pseudonym", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.46", "dnQualifier", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"2.5.4.17", "postalCode", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.41", "name", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.15", "businessCategory", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+
+ {"0.9.2342.19200300.100.1.25", "DC", NULL, ASN1_ETYPE_IA5_STRING},
+ {"0.9.2342.19200300.100.1.1", "UID", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+
+ /* Extended validation
+ */
+ {"1.3.6.1.4.1.311.60.2.1.1",
+ "jurisdictionOfIncorporationLocalityName",
+ "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"1.3.6.1.4.1.311.60.2.1.2",
+ "jurisdictionOfIncorporationStateOrProvinceName",
+ "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"1.3.6.1.4.1.311.60.2.1.3",
+ "jurisdictionOfIncorporationCountryName",
+ NULL, ASN1_ETYPE_PRINTABLE_STRING},
+
+ /* PKCS #9
+ */
+ {"1.2.840.113549.1.9.1", "EMAIL", NULL, ASN1_ETYPE_IA5_STRING},
+ {"1.2.840.113549.1.9.7", NULL, "PKIX1.pkcs-9-challengePassword",
+ ASN1_ETYPE_INVALID},
+
+ /* friendly name */
+ {"1.2.840.113549.1.9.20", NULL, NULL, ASN1_ETYPE_BMP_STRING},
+ /* local key id */
+ {"1.2.840.113549.1.9.21", NULL, NULL, ASN1_ETYPE_OCTET_STRING},
+
+ /* rfc3920 section 5.1.1 */
+ {"1.3.6.1.5.5.7.8.5", "XmppAddr", NULL, ASN1_ETYPE_UTF8_STRING},
+
+ {NULL, NULL, NULL, 0}
};
-static const struct oid_to_string* get_oid_entry (const char* oid)
+static const struct oid_to_string *get_oid_entry(const char *oid)
{
- unsigned int i = 0;
+ unsigned int i = 0;
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return &_oid2str[i];
- i++;
- }
- while (_oid2str[i].oid != NULL);
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return &_oid2str[i];
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
- return NULL;
+ return NULL;
}
-const char* _gnutls_ldap_string_to_oid (const char* str, unsigned str_len)
+const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len)
{
- unsigned int i = 0;
-
- do
- {
- if ((_oid2str[i].ldap_desc != NULL) &&
- (str_len == strlen(_oid2str[i].ldap_desc)) &&
- (strncasecmp (_oid2str[i].ldap_desc, str, str_len) == 0))
- return _oid2str[i].oid;
- i++;
- }
- while (_oid2str[i].oid != NULL);
-
- return NULL;
+ unsigned int i = 0;
+
+ do {
+ if ((_oid2str[i].ldap_desc != NULL) &&
+ (str_len == strlen(_oid2str[i].ldap_desc)) &&
+ (strncasecmp(_oid2str[i].ldap_desc, str, str_len) ==
+ 0))
+ return _oid2str[i].oid;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ return NULL;
}
/* Escapes a string following the rules from RFC4514.
*/
-static int
-str_escape (const gnutls_datum_t* str, gnutls_datum_t * escaped)
+static int str_escape(const gnutls_datum_t * str, gnutls_datum_t * escaped)
{
- unsigned int j, i;
- uint8_t *buffer = NULL;
- int ret;
-
- if (str == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* the string will be at most twice the original */
- buffer = gnutls_malloc(str->size*2+2);
- if (buffer == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- for (i = j = 0; i < str->size; i++)
- {
- if (str->data[i] == 0)
- {
- /* this is handled earlier */
- ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
- goto cleanup;
- }
-
- if (str->data[i] == ',' || str->data[i] == '+' || str->data[i] == '"'
- || str->data[i] == '\\' || str->data[i] == '<' || str->data[i] == '>'
- || str->data[i] == ';' || str->data[i] == 0)
- buffer[j++] = '\\';
- else if (i==0 && str->data[i] == '#')
- buffer[j++] = '\\';
- else if (i==0 && str->data[i] == ' ')
- buffer[j++] = '\\';
- else if (i==(str->size-1) && str->data[i] == ' ')
- buffer[j++] = '\\';
-
- buffer[j++] = str->data[i];
- }
-
- /* null terminate the string */
- buffer[j] = 0;
- escaped->data = buffer;
- escaped->size = j;
-
- return 0;
-cleanup:
- gnutls_free(buffer);
- return ret;
+ unsigned int j, i;
+ uint8_t *buffer = NULL;
+ int ret;
+
+ if (str == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* the string will be at most twice the original */
+ buffer = gnutls_malloc(str->size * 2 + 2);
+ if (buffer == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ for (i = j = 0; i < str->size; i++) {
+ if (str->data[i] == 0) {
+ /* this is handled earlier */
+ ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ goto cleanup;
+ }
+
+ if (str->data[i] == ',' || str->data[i] == '+'
+ || str->data[i] == '"' || str->data[i] == '\\'
+ || str->data[i] == '<' || str->data[i] == '>'
+ || str->data[i] == ';' || str->data[i] == 0)
+ buffer[j++] = '\\';
+ else if (i == 0 && str->data[i] == '#')
+ buffer[j++] = '\\';
+ else if (i == 0 && str->data[i] == ' ')
+ buffer[j++] = '\\';
+ else if (i == (str->size - 1) && str->data[i] == ' ')
+ buffer[j++] = '\\';
+
+ buffer[j++] = str->data[i];
+ }
+
+ /* null terminate the string */
+ buffer[j] = 0;
+ escaped->data = buffer;
+ escaped->size = j;
+
+ return 0;
+ cleanup:
+ gnutls_free(buffer);
+ return ret;
}
/**
@@ -205,20 +216,18 @@ cleanup:
*
* Returns: 1 on known OIDs and 0 otherwise.
**/
-int
-gnutls_x509_dn_oid_known (const char *oid)
+int gnutls_x509_dn_oid_known(const char *oid)
{
- unsigned int i = 0;
+ unsigned int i = 0;
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return 1;
- i++;
- }
- while (_oid2str[i].oid != NULL);
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return 1;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
- return 0;
+ return 0;
}
/**
@@ -235,182 +244,169 @@ gnutls_x509_dn_oid_known (const char *oid)
*
* Since: 3.0
**/
-const char*
-gnutls_x509_dn_oid_name (const char *oid, unsigned int flags)
+const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags)
{
- unsigned int i = 0;
-
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].ldap_desc;
- i++;
- }
- while (_oid2str[i].oid != NULL);
-
- if (flags & GNUTLS_X509_DN_OID_RETURN_OID) return oid;
- else return NULL;
+ unsigned int i = 0;
+
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].ldap_desc;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ if (flags & GNUTLS_X509_DN_OID_RETURN_OID)
+ return oid;
+ else
+ return NULL;
}
static int
-make_printable_string(unsigned etype, const gnutls_datum_t *input, gnutls_datum_t *out)
+make_printable_string(unsigned etype, const gnutls_datum_t * input,
+ gnutls_datum_t * out)
{
-int printable = 0;
-int ret;
-unsigned int i;
-size_t size;
-
- if (etype == ASN1_ETYPE_BMP_STRING)
- {
- ret = _gnutls_ucs2_to_utf8(input->data, input->size, out);
- if (ret < 0)
- {
- /* could not convert. Handle it as non-printable */
- printable = 0;
- }
- else
- printable = 1;
- }
- else if (etype == ASN1_ETYPE_TELETEX_STRING)
- {
- int ascii = 0;
- /* HACK: if the teletex string contains only ascii
- * characters then treat it as printable.
- */
- for (i = 0; i < input->size; i++)
- if (!c_isascii (input->data[i]))
- ascii = 1;
-
- if (ascii == 0)
- {
- out->data = gnutls_malloc(input->size+1);
- if (out->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(out->data, input->data, input->size);
- out->size = input->size;
-
- out->data[out->size] = 0;
-
- printable = 1;
- }
- }
- else if (etype != ASN1_ETYPE_UNIVERSAL_STRING) /* supported but not printable */
- return GNUTLS_E_INVALID_REQUEST;
-
- if (printable == 0)
- { /* need to allocate out */
- out->size = input->size*2+2;
- out->data = gnutls_malloc(out->size);
- if (out->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- size = out->size;
- ret = data2hex (input->data, input->size, out->data, &size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- out->size = size;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum(out);
- return ret;
+ int printable = 0;
+ int ret;
+ unsigned int i;
+ size_t size;
+
+ if (etype == ASN1_ETYPE_BMP_STRING) {
+ ret = _gnutls_ucs2_to_utf8(input->data, input->size, out);
+ if (ret < 0) {
+ /* could not convert. Handle it as non-printable */
+ printable = 0;
+ } else
+ printable = 1;
+ } else if (etype == ASN1_ETYPE_TELETEX_STRING) {
+ int ascii = 0;
+ /* HACK: if the teletex string contains only ascii
+ * characters then treat it as printable.
+ */
+ for (i = 0; i < input->size; i++)
+ if (!c_isascii(input->data[i]))
+ ascii = 1;
+
+ if (ascii == 0) {
+ out->data = gnutls_malloc(input->size + 1);
+ if (out->data == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(out->data, input->data, input->size);
+ out->size = input->size;
+
+ out->data[out->size] = 0;
+
+ printable = 1;
+ }
+ } else if (etype != ASN1_ETYPE_UNIVERSAL_STRING) /* supported but not printable */
+ return GNUTLS_E_INVALID_REQUEST;
+
+ if (printable == 0) { /* need to allocate out */
+ out->size = input->size * 2 + 2;
+ out->data = gnutls_malloc(out->size);
+ if (out->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ size = out->size;
+ ret = data2hex(input->data, input->size, out->data, &size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ out->size = size;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(out);
+ return ret;
}
static int
-decode_complex_string (const struct oid_to_string* oentry, void *value,
- int value_size, gnutls_datum_t* out)
+decode_complex_string(const struct oid_to_string *oentry, void *value,
+ int value_size, gnutls_datum_t * out)
{
- char str[MAX_STRING_LEN], tmpname[128];
- int len = -1, result;
- ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
- char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
- unsigned int etype;
- gnutls_datum_t td;
-
- if (oentry->asn_desc == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (), oentry->asn_desc,
- &tmpasn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if ((result =
- asn1_der_decoding (&tmpasn, value, value_size,
- asn1_err)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_debug_log ("asn1_der_decoding: %s\n", asn1_err);
- asn1_delete_structure (&tmpasn);
- return _gnutls_asn2err (result);
- }
-
- /* Read the type of choice.
- */
- len = sizeof (str) - 1;
- if ((result = asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS)
- { /* CHOICE */
- gnutls_assert ();
- asn1_delete_structure (&tmpasn);
- return _gnutls_asn2err (result);
- }
-
- str[len] = 0;
-
- /* We set the etype on the strings that may need
- * some conversion to UTF-8. The INVALID flag indicates
- * no conversion needed */
- if (strcmp (str, "teletexString") == 0)
- etype = ASN1_ETYPE_TELETEX_STRING;
- else if (strcmp (str, "bmpString") == 0)
- etype = ASN1_ETYPE_BMP_STRING;
- else if (strcmp (str, "universalString") == 0)
- etype = ASN1_ETYPE_UNIVERSAL_STRING;
- else etype = ASN1_ETYPE_INVALID;
-
- _gnutls_str_cpy (tmpname, sizeof (tmpname), str);
-
- result = _gnutls_x509_read_value(tmpasn, tmpname, &td);
- asn1_delete_structure (&tmpasn);
- if (result < 0)
- return gnutls_assert_val(result);
-
- if (etype != ASN1_ETYPE_INVALID)
- {
- result = make_printable_string(etype, &td, out);
-
- _gnutls_free_datum(&td);
-
- if (result < 0)
- return gnutls_assert_val(result);
- }
- else
- {
- out->data = td.data;
- out->size = td.size;
- out->data[out->size] = 0;
- }
-
- /* Refuse to deal with strings containing NULs. */
- if (strlen ((void*)out->data) != (size_t)out->size)
- {
- _gnutls_free_datum(out);
- return gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
- }
-
- return 0;
+ char str[MAX_STRING_LEN], tmpname[128];
+ int len = -1, result;
+ ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
+ char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
+ unsigned int etype;
+ gnutls_datum_t td;
+
+ if (oentry->asn_desc == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(), oentry->asn_desc,
+ &tmpasn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if ((result =
+ asn1_der_decoding(&tmpasn, value, value_size,
+ asn1_err)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_debug_log("asn1_der_decoding: %s\n", asn1_err);
+ asn1_delete_structure(&tmpasn);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Read the type of choice.
+ */
+ len = sizeof(str) - 1;
+ if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */
+ gnutls_assert();
+ asn1_delete_structure(&tmpasn);
+ return _gnutls_asn2err(result);
+ }
+
+ str[len] = 0;
+
+ /* We set the etype on the strings that may need
+ * some conversion to UTF-8. The INVALID flag indicates
+ * no conversion needed */
+ if (strcmp(str, "teletexString") == 0)
+ etype = ASN1_ETYPE_TELETEX_STRING;
+ else if (strcmp(str, "bmpString") == 0)
+ etype = ASN1_ETYPE_BMP_STRING;
+ else if (strcmp(str, "universalString") == 0)
+ etype = ASN1_ETYPE_UNIVERSAL_STRING;
+ else
+ etype = ASN1_ETYPE_INVALID;
+
+ _gnutls_str_cpy(tmpname, sizeof(tmpname), str);
+
+ result = _gnutls_x509_read_value(tmpasn, tmpname, &td);
+ asn1_delete_structure(&tmpasn);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ if (etype != ASN1_ETYPE_INVALID) {
+ result = make_printable_string(etype, &td, out);
+
+ _gnutls_free_datum(&td);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+ } else {
+ out->data = td.data;
+ out->size = td.size;
+ out->data[out->size] = 0;
+ }
+
+ /* Refuse to deal with strings containing NULs. */
+ if (strlen((void *) out->data) != (size_t) out->size) {
+ _gnutls_free_datum(out);
+ return gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ }
+
+ return 0;
}
@@ -421,105 +417,99 @@ decode_complex_string (const struct oid_to_string* oentry, void *value,
* hold the string.
*/
int
-_gnutls_x509_dn_to_string (const char *oid, void *value,
- int value_size, gnutls_datum_t *str)
+_gnutls_x509_dn_to_string(const char *oid, void *value,
+ int value_size, gnutls_datum_t * str)
{
- const struct oid_to_string* oentry;
- int ret;
- gnutls_datum_t tmp;
- size_t size;
-
- if (value == NULL || value_size <= 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- oentry = get_oid_entry(oid);
- if (oentry == NULL)
- { /* unknown OID -> hex */
- str->size = value_size*2+2;
- str->data = gnutls_malloc(str->size);
- if (str->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- size = str->size;
- ret = data2hex (value, value_size, str->data, &size);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_free(str->data);
- return ret;
- }
- str->size = size;
- return 0;
- }
-
- if (oentry->asn_desc != NULL)
- { /* complex */
- ret = decode_complex_string(oentry, value, value_size, &tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- {
- ret = _gnutls_x509_decode_string(oentry->etype, value, value_size,
- &tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- ret = str_escape(&tmp, str);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ const struct oid_to_string *oentry;
+ int ret;
+ gnutls_datum_t tmp;
+ size_t size;
+
+ if (value == NULL || value_size <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ oentry = get_oid_entry(oid);
+ if (oentry == NULL) { /* unknown OID -> hex */
+ str->size = value_size * 2 + 2;
+ str->data = gnutls_malloc(str->size);
+ if (str->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ size = str->size;
+ ret = data2hex(value, value_size, str->data, &size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(str->data);
+ return ret;
+ }
+ str->size = size;
+ return 0;
+ }
+
+ if (oentry->asn_desc != NULL) { /* complex */
+ ret =
+ decode_complex_string(oentry, value, value_size, &tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else {
+ ret =
+ _gnutls_x509_decode_string(oentry->etype, value,
+ value_size, &tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ ret = str_escape(&tmp, str);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
/* Converts a data string to an LDAP rfc2253 hex string
* something like '#01020304'
*/
static int
-data2hex (const void * data, size_t data_size,
- void * _out, size_t * sizeof_out)
+data2hex(const void *data, size_t data_size,
+ void *_out, size_t * sizeof_out)
{
- char *res;
- char escaped[MAX_STRING_LEN];
- unsigned int size, res_size;
- char* out = _out;
-
- if (2 * data_size + 1 > MAX_STRING_LEN)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- res = _gnutls_bin2hex (data, data_size, escaped, sizeof (escaped), NULL);
- if (!res)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- res_size = strlen(res);
- size = res_size + 1; /* +1 for the '#' */
- if (size + 1 > *sizeof_out)
- {
- *sizeof_out = size + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *sizeof_out = size; /* -1 for the null +1 for the '#' */
-
- if (out)
- {
- out[0] = '#';
- memcpy(&out[1], res, res_size);
- out[size] = 0;
- }
-
- return 0;
+ char *res;
+ char escaped[MAX_STRING_LEN];
+ unsigned int size, res_size;
+ char *out = _out;
+
+ if (2 * data_size + 1 > MAX_STRING_LEN) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ res =
+ _gnutls_bin2hex(data, data_size, escaped, sizeof(escaped),
+ NULL);
+ if (!res) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ res_size = strlen(res);
+ size = res_size + 1; /* +1 for the '#' */
+ if (size + 1 > *sizeof_out) {
+ *sizeof_out = size + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *sizeof_out = size; /* -1 for the null +1 for the '#' */
+
+ if (out) {
+ out[0] = '#';
+ memcpy(&out[1], res, res_size);
+ out[size] = 0;
+ }
+
+ return 0;
}
@@ -532,14 +522,13 @@ data2hex (const void * data, size_t data_size,
* Since we do not use libc's functions, we don't need to
* depend on the libc structure.
*/
-typedef struct fake_tm
-{
- int tm_mon;
- int tm_year; /* FULL year - ie 1971 */
- int tm_mday;
- int tm_hour;
- int tm_min;
- int tm_sec;
+typedef struct fake_tm {
+ int tm_mon;
+ int tm_year; /* FULL year - ie 1971 */
+ int tm_mday;
+ int tm_hour;
+ int tm_min;
+ int tm_sec;
} fake_tm;
/* The mktime_utc function is due to Russ Allbery (rra@stanford.edu),
@@ -549,7 +538,7 @@ typedef struct fake_tm
/* The number of days in each month.
*/
static const int MONTHDAYS[] = {
- 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
};
/* Whether a given year is a leap year. */
@@ -562,32 +551,31 @@ static const int MONTHDAYS[] = {
** convertable. Note that this function does not canonicalize the provided
** struct tm, nor does it allow out of range values or years before 1970.
*/
-static time_t
-mktime_utc (const struct fake_tm *tm)
+static time_t mktime_utc(const struct fake_tm *tm)
{
- time_t result = 0;
- int i;
+ time_t result = 0;
+ int i;
/* We do allow some ill-formed dates, but we don't do anything special
* with them and our callers really shouldn't pass them to us. Do
* explicitly disallow the ones that would cause invalid array accesses
* or other algorithm problems.
*/
- if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
- return (time_t) - 1;
+ if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
+ return (time_t) - 1;
/* Convert to a time_t.
*/
- for (i = 1970; i < tm->tm_year; i++)
- result += 365 + ISLEAP (i);
- for (i = 0; i < tm->tm_mon; i++)
- result += MONTHDAYS[i];
- if (tm->tm_mon > 1 && ISLEAP (tm->tm_year))
- result++;
- result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
- result = 60 * result + tm->tm_min;
- result = 60 * result + tm->tm_sec;
- return result;
+ for (i = 1970; i < tm->tm_year; i++)
+ result += 365 + ISLEAP(i);
+ for (i = 0; i < tm->tm_mon; i++)
+ result += MONTHDAYS[i];
+ if (tm->tm_mon > 1 && ISLEAP(tm->tm_year))
+ result++;
+ result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
+ result = 60 * result + tm->tm_min;
+ result = 60 * result + tm->tm_sec;
+ return result;
}
@@ -595,64 +583,60 @@ mktime_utc (const struct fake_tm *tm)
* month|day|hour|minute|sec* (2 chars each)
* and year is given. Returns a time_t date.
*/
-static time_t
-time2gtime (const char *ttime, int year)
+static time_t time2gtime(const char *ttime, int year)
{
- char xx[4];
- struct fake_tm etime;
+ char xx[4];
+ struct fake_tm etime;
- if (strlen (ttime) < 8)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (strlen(ttime) < 8) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- etime.tm_year = year;
+ etime.tm_year = year;
- /* In order to work with 32 bit
- * time_t.
- */
- if (sizeof (time_t) <= 4 && etime.tm_year >= 2038)
- return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
+ /* In order to work with 32 bit
+ * time_t.
+ */
+ if (sizeof(time_t) <= 4 && etime.tm_year >= 2038)
+ return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
- if (etime.tm_year < 1970)
- return (time_t) 0;
+ if (etime.tm_year < 1970)
+ return (time_t) 0;
- xx[2] = 0;
+ xx[2] = 0;
/* get the month
*/
- memcpy (xx, ttime, 2); /* month */
- etime.tm_mon = atoi (xx) - 1;
- ttime += 2;
+ memcpy(xx, ttime, 2); /* month */
+ etime.tm_mon = atoi(xx) - 1;
+ ttime += 2;
/* get the day
*/
- memcpy (xx, ttime, 2); /* day */
- etime.tm_mday = atoi (xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* day */
+ etime.tm_mday = atoi(xx);
+ ttime += 2;
/* get the hour
*/
- memcpy (xx, ttime, 2); /* hour */
- etime.tm_hour = atoi (xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* hour */
+ etime.tm_hour = atoi(xx);
+ ttime += 2;
/* get the minutes
*/
- memcpy (xx, ttime, 2); /* minutes */
- etime.tm_min = atoi (xx);
- ttime += 2;
-
- if (strlen (ttime) >= 2)
- {
- memcpy (xx, ttime, 2);
- etime.tm_sec = atoi (xx);
- }
- else
- etime.tm_sec = 0;
-
- return mktime_utc (&etime);
+ memcpy(xx, ttime, 2); /* minutes */
+ etime.tm_min = atoi(xx);
+ ttime += 2;
+
+ if (strlen(ttime) >= 2) {
+ memcpy(xx, ttime, 2);
+ etime.tm_sec = atoi(xx);
+ } else
+ etime.tm_sec = 0;
+
+ return mktime_utc(&etime);
}
@@ -662,87 +646,80 @@ time2gtime (const char *ttime, int year)
*
* (seconds are optional)
*/
-static time_t
-utcTime2gtime (const char *ttime)
+static time_t utcTime2gtime(const char *ttime)
{
- char xx[3];
- int year;
-
- if (strlen (ttime) < 10)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
- xx[2] = 0;
+ char xx[3];
+ int year;
+
+ if (strlen(ttime) < 10) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+ xx[2] = 0;
/* get the year
*/
- memcpy (xx, ttime, 2); /* year */
- year = atoi (xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* year */
+ year = atoi(xx);
+ ttime += 2;
- if (year > 49)
- year += 1900;
- else
- year += 2000;
+ if (year > 49)
+ year += 1900;
+ else
+ year += 2000;
- return time2gtime (ttime, year);
+ return time2gtime(ttime, year);
}
/* returns a time_t value that contains the given time.
* The given time is expressed as:
* YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
*/
-time_t
-_gnutls_x509_generalTime2gtime (const char *ttime)
+time_t _gnutls_x509_generalTime2gtime(const char *ttime)
{
- char xx[5];
- int year;
-
- if (strlen (ttime) < 12)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
-
- if (strchr (ttime, 'Z') == 0)
- {
- gnutls_assert ();
- /* sorry we don't support it yet
- */
- return (time_t) - 1;
- }
- xx[4] = 0;
+ char xx[5];
+ int year;
+
+ if (strlen(ttime) < 12) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+
+ if (strchr(ttime, 'Z') == 0) {
+ gnutls_assert();
+ /* sorry we don't support it yet
+ */
+ return (time_t) - 1;
+ }
+ xx[4] = 0;
/* get the year
*/
- memcpy (xx, ttime, 4); /* year */
- year = atoi (xx);
- ttime += 4;
+ memcpy(xx, ttime, 4); /* year */
+ year = atoi(xx);
+ ttime += 4;
- return time2gtime (ttime, year);
+ return time2gtime(ttime, year);
}
static int
-gtime2generalTime (time_t gtime, char *str_time, size_t str_time_size)
+gtime2generalTime(time_t gtime, char *str_time, size_t str_time_size)
{
- size_t ret;
- struct tm _tm;
+ size_t ret;
+ struct tm _tm;
- if (!gmtime_r (&gtime, &_tm))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (!gmtime_r(&gtime, &_tm)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- ret = strftime (str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm);
- if (!ret)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ ret = strftime(str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm);
+ if (!ret) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- return 0;
+ return 0;
}
@@ -750,212 +727,199 @@ gtime2generalTime (time_t gtime, char *str_time, size_t str_time_size)
* be something like "tbsCertList.thisUpdate".
*/
#define MAX_TIME 64
-time_t
-_gnutls_x509_get_time (ASN1_TYPE c2, const char *when, int nochoice)
+time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when, int nochoice)
{
- char ttime[MAX_TIME];
- char name[128];
- time_t c_time = (time_t) - 1;
- int len, result;
-
- len = sizeof (ttime) - 1;
- result = asn1_read_value (c2, when, ttime, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return (time_t) (-1);
- }
-
- if (nochoice != 0)
- {
- c_time = _gnutls_x509_generalTime2gtime (ttime);
- }
- else
- {
- _gnutls_str_cpy (name, sizeof (name), when);
-
- /* choice */
- if (strcmp (ttime, "generalTime") == 0)
- {
- _gnutls_str_cat (name, sizeof (name), ".generalTime");
- len = sizeof (ttime) - 1;
- result = asn1_read_value (c2, name, ttime, &len);
- if (result == ASN1_SUCCESS)
- c_time = _gnutls_x509_generalTime2gtime (ttime);
- }
- else
- { /* UTCTIME */
- _gnutls_str_cat (name, sizeof (name), ".utcTime");
- len = sizeof (ttime) - 1;
- result = asn1_read_value (c2, name, ttime, &len);
- if (result == ASN1_SUCCESS)
- c_time = utcTime2gtime (ttime);
- }
-
- /* We cannot handle dates after 2031 in 32 bit machines.
- * a time_t of 64bits has to be used.
- */
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return (time_t) (-1);
- }
- }
-
- return c_time;
+ char ttime[MAX_TIME];
+ char name[128];
+ time_t c_time = (time_t) - 1;
+ int len, result;
+
+ len = sizeof(ttime) - 1;
+ result = asn1_read_value(c2, when, ttime, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+
+ if (nochoice != 0) {
+ c_time = _gnutls_x509_generalTime2gtime(ttime);
+ } else {
+ _gnutls_str_cpy(name, sizeof(name), when);
+
+ /* choice */
+ if (strcmp(ttime, "generalTime") == 0) {
+ _gnutls_str_cat(name, sizeof(name),
+ ".generalTime");
+ len = sizeof(ttime) - 1;
+ result = asn1_read_value(c2, name, ttime, &len);
+ if (result == ASN1_SUCCESS)
+ c_time =
+ _gnutls_x509_generalTime2gtime(ttime);
+ } else { /* UTCTIME */
+ _gnutls_str_cat(name, sizeof(name), ".utcTime");
+ len = sizeof(ttime) - 1;
+ result = asn1_read_value(c2, name, ttime, &len);
+ if (result == ASN1_SUCCESS)
+ c_time = utcTime2gtime(ttime);
+ }
+
+ /* We cannot handle dates after 2031 in 32 bit machines.
+ * a time_t of 64bits has to be used.
+ */
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+ }
+
+ return c_time;
}
/* Sets the time in time_t in the ASN1_TYPE given. Where should
* be something like "tbsCertList.thisUpdate".
*/
int
-_gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim, int nochoice)
+_gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim,
+ int nochoice)
{
- char str_time[MAX_TIME];
- char name[128];
- int result, len;
-
- if (nochoice != 0)
- {
- result = gtime2generalTime( tim, str_time, sizeof(str_time));
- if (result < 0)
- return gnutls_assert_val(result);
-
- len = strlen (str_time);
- result = asn1_write_value(c2, where, str_time, len);
- if (result != ASN1_SUCCESS)
- return gnutls_assert_val(_gnutls_asn2err (result));
-
- return 0;
- }
-
- _gnutls_str_cpy (name, sizeof (name), where);
-
- if ((result = asn1_write_value (c2, name, "generalTime", 1)) < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = gtime2generalTime (tim, str_time, sizeof (str_time));
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- _gnutls_str_cat (name, sizeof (name), ".generalTime");
-
- len = strlen (str_time);
- result = asn1_write_value (c2, name, str_time, len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ char str_time[MAX_TIME];
+ char name[128];
+ int result, len;
+
+ if (nochoice != 0) {
+ result =
+ gtime2generalTime(tim, str_time, sizeof(str_time));
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ len = strlen(str_time);
+ result = asn1_write_value(c2, where, str_time, len);
+ if (result != ASN1_SUCCESS)
+ return gnutls_assert_val(_gnutls_asn2err(result));
+
+ return 0;
+ }
+
+ _gnutls_str_cpy(name, sizeof(name), where);
+
+ if ((result = asn1_write_value(c2, name, "generalTime", 1)) < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = gtime2generalTime(tim, str_time, sizeof(str_time));
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ _gnutls_str_cat(name, sizeof(name), ".generalTime");
+
+ len = strlen(str_time);
+ result = asn1_write_value(c2, name, str_time, len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
-gnutls_x509_subject_alt_name_t
-_gnutls_x509_san_find_type (char *str_type)
+gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type)
{
- if (strcmp (str_type, "dNSName") == 0)
- return GNUTLS_SAN_DNSNAME;
- if (strcmp (str_type, "rfc822Name") == 0)
- return GNUTLS_SAN_RFC822NAME;
- if (strcmp (str_type, "uniformResourceIdentifier") == 0)
- return GNUTLS_SAN_URI;
- if (strcmp (str_type, "iPAddress") == 0)
- return GNUTLS_SAN_IPADDRESS;
- if (strcmp (str_type, "otherName") == 0)
- return GNUTLS_SAN_OTHERNAME;
- if (strcmp (str_type, "directoryName") == 0)
- return GNUTLS_SAN_DN;
- return (gnutls_x509_subject_alt_name_t) - 1;
+ if (strcmp(str_type, "dNSName") == 0)
+ return GNUTLS_SAN_DNSNAME;
+ if (strcmp(str_type, "rfc822Name") == 0)
+ return GNUTLS_SAN_RFC822NAME;
+ if (strcmp(str_type, "uniformResourceIdentifier") == 0)
+ return GNUTLS_SAN_URI;
+ if (strcmp(str_type, "iPAddress") == 0)
+ return GNUTLS_SAN_IPADDRESS;
+ if (strcmp(str_type, "otherName") == 0)
+ return GNUTLS_SAN_OTHERNAME;
+ if (strcmp(str_type, "directoryName") == 0)
+ return GNUTLS_SAN_DN;
+ return (gnutls_x509_subject_alt_name_t) - 1;
}
/* A generic export function. Will export the given ASN.1 encoded data
* to PEM or DER raw data.
*/
int
-_gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size)
+_gnutls_x509_export_int_named(ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int ret;
- gnutls_datum_t out;
- size_t size;
-
- ret = _gnutls_x509_export_int_named2 (asn1_data, name,
- format, pem_header, &out);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (format == GNUTLS_X509_FMT_PEM)
- size = out.size+1;
- else
- size = out.size;
-
- if (*output_data_size < size)
- {
- *output_data_size = size;
- ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- goto cleanup;
- }
-
- *output_data_size = (size_t)out.size;
- if (output_data)
- {
- memcpy (output_data, out.data, (size_t)out.size);
- if (format == GNUTLS_X509_FMT_PEM)
- output_data[out.size] = 0;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_free (out.data);
-
- return ret;
+ int ret;
+ gnutls_datum_t out;
+ size_t size;
+
+ ret = _gnutls_x509_export_int_named2(asn1_data, name,
+ format, pem_header, &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (format == GNUTLS_X509_FMT_PEM)
+ size = out.size + 1;
+ else
+ size = out.size;
+
+ if (*output_data_size < size) {
+ *output_data_size = size;
+ ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ goto cleanup;
+ }
+
+ *output_data_size = (size_t) out.size;
+ if (output_data) {
+ memcpy(output_data, out.data, (size_t) out.size);
+ if (format == GNUTLS_X509_FMT_PEM)
+ output_data[out.size] = 0;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(out.data);
+
+ return ret;
}
/* A generic export function. Will export the given ASN.1 encoded data
* to PEM or DER raw data.
*/
int
-_gnutls_x509_export_int_named2 (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- gnutls_datum_t *out)
+_gnutls_x509_export_int_named2(ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ gnutls_datum_t * out)
{
- int ret;
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- ret = _gnutls_x509_der_encode(asn1_data, name, out, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- { /* PEM */
- gnutls_datum_t tmp;
-
- ret = _gnutls_x509_der_encode (asn1_data, name, &tmp, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, out);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- return 0;
+ int ret;
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ ret = _gnutls_x509_der_encode(asn1_data, name, out, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else { /* PEM */
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_der_encode(asn1_data, name, &tmp, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_fbase64_encode(pem_header, tmp.data, tmp.size,
+ out);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return 0;
}
/* Decodes an octet string. The etype specifies the string type.
@@ -963,59 +927,54 @@ _gnutls_x509_export_int_named2 (ASN1_TYPE asn1_data, const char *name,
* included in size).
*/
int
-_gnutls_x509_decode_string (unsigned int etype,
- const uint8_t * der, size_t der_size,
- gnutls_datum_t * output)
+_gnutls_x509_decode_string(unsigned int etype,
+ const uint8_t * der, size_t der_size,
+ gnutls_datum_t * output)
{
- int ret;
- const uint8_t *str;
- unsigned int str_size, len;
- gnutls_datum_t td;
-
- ret = asn1_decode_simple_der (etype, der, der_size, &str, &str_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- return ret;
- }
-
- td.size = str_size;
- td.data = gnutls_malloc(str_size+1);
- if (td.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(td.data, str, str_size);
- td.data[str_size] = 0;
-
- ret = make_printable_string(etype, &td, output);
- if (ret == GNUTLS_E_INVALID_REQUEST) /* unsupported etype */
- {
- output->data = td.data;
- output->size = td.size;
- ret = 0;
- }
- else if (ret <= 0)
- {
- _gnutls_free_datum(&td);
- }
-
- /* Refuse to deal with strings containing NULs. */
- if (etype != ASN1_ETYPE_OCTET_STRING)
- {
- if (output->data)
- len = strlen ((void*)output->data);
- else
- len = 0;
-
- if (len != (size_t)output->size)
- {
- _gnutls_free_datum(output);
- ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
- }
- }
-
- return ret;
+ int ret;
+ const uint8_t *str;
+ unsigned int str_size, len;
+ gnutls_datum_t td;
+
+ ret =
+ asn1_decode_simple_der(etype, der, der_size, &str, &str_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ return ret;
+ }
+
+ td.size = str_size;
+ td.data = gnutls_malloc(str_size + 1);
+ if (td.data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(td.data, str, str_size);
+ td.data[str_size] = 0;
+
+ ret = make_printable_string(etype, &td, output);
+ if (ret == GNUTLS_E_INVALID_REQUEST) { /* unsupported etype */
+ output->data = td.data;
+ output->size = td.size;
+ ret = 0;
+ } else if (ret <= 0) {
+ _gnutls_free_datum(&td);
+ }
+
+ /* Refuse to deal with strings containing NULs. */
+ if (etype != ASN1_ETYPE_OCTET_STRING) {
+ if (output->data)
+ len = strlen((void *) output->data);
+ else
+ len = 0;
+
+ if (len != (size_t) output->size) {
+ _gnutls_free_datum(output);
+ ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ }
+ }
+
+ return ret;
}
@@ -1026,58 +985,53 @@ _gnutls_x509_decode_string (unsigned int etype,
* the required data size (to allow for a null byte).
*/
int
-_gnutls_x509_read_value (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret)
+_gnutls_x509_read_value(ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret)
{
- int len = 0, result;
- uint8_t *tmp = NULL;
- unsigned int etype;
-
- result = asn1_read_value_type (c, root, NULL, &len, &etype);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- return result;
- }
-
- if (etype == ASN1_ETYPE_BIT_STRING)
- {
- len /= 8;
- len++;
- }
-
- tmp = gnutls_malloc ((size_t)len+1);
- if (tmp == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value (c, root, tmp, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (etype == ASN1_ETYPE_BIT_STRING)
- {
- ret->size = len / 8;
- if (len % 8 > 0)
- ret->size++;
- }
- else ret->size = (unsigned)len;
-
- ret->data = tmp;
-
- return 0;
-
-cleanup:
- gnutls_free (tmp);
- return result;
+ int len = 0, result;
+ uint8_t *tmp = NULL;
+ unsigned int etype;
+
+ result = asn1_read_value_type(c, root, NULL, &len, &etype);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ return result;
+ }
+
+ if (etype == ASN1_ETYPE_BIT_STRING) {
+ len /= 8;
+ len++;
+ }
+
+ tmp = gnutls_malloc((size_t) len + 1);
+ if (tmp == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value(c, root, tmp, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (etype == ASN1_ETYPE_BIT_STRING) {
+ ret->size = len / 8;
+ if (len % 8 > 0)
+ ret->size++;
+ } else
+ ret->size = (unsigned) len;
+
+ ret->data = tmp;
+
+ return 0;
+
+ cleanup:
+ gnutls_free(tmp);
+ return result;
}
/* Reads a value from an ASN1 tree, then interprets it as the provided
@@ -1087,92 +1041,89 @@ cleanup:
* at the end of a readable string value (which is not accounted into size)
*/
int
-_gnutls_x509_read_string (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret, unsigned int etype)
+_gnutls_x509_read_string(ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret, unsigned int etype)
{
- int len = 0, result;
- size_t slen;
- uint8_t *tmp = NULL;
- unsigned rtype;
-
- result = asn1_read_value_type (c, root, NULL, &len, &rtype);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- return result;
- }
-
- if (rtype == ASN1_ETYPE_BIT_STRING)
- len /= 8;
-
- tmp = gnutls_malloc ((size_t)len+1);
- if (tmp == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value (c, root, tmp, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (rtype == ASN1_ETYPE_BIT_STRING)
- len /= 8;
-
- /* Extract the STRING.
- */
- slen = (size_t)len;
-
- result = _gnutls_x509_decode_string (etype, tmp, slen, ret);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- gnutls_free(tmp);
-
- return 0;
-
-cleanup:
- gnutls_free (tmp);
- return result;
+ int len = 0, result;
+ size_t slen;
+ uint8_t *tmp = NULL;
+ unsigned rtype;
+
+ result = asn1_read_value_type(c, root, NULL, &len, &rtype);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ return result;
+ }
+
+ if (rtype == ASN1_ETYPE_BIT_STRING)
+ len /= 8;
+
+ tmp = gnutls_malloc((size_t) len + 1);
+ if (tmp == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value(c, root, tmp, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (rtype == ASN1_ETYPE_BIT_STRING)
+ len /= 8;
+
+ /* Extract the STRING.
+ */
+ slen = (size_t) len;
+
+ result = _gnutls_x509_decode_string(etype, tmp, slen, ret);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ gnutls_free(tmp);
+
+ return 0;
+
+ cleanup:
+ gnutls_free(tmp);
+ return result;
}
/* The string type should be IA5String, UTF8String etc. Leave
* null for octet string */
-int _gnutls_x509_encode_string(unsigned int etype,
- const void* input_data, size_t input_size,
- gnutls_datum_t* output)
+int _gnutls_x509_encode_string(unsigned int etype,
+ const void *input_data, size_t input_size,
+ gnutls_datum_t * output)
{
- uint8_t tl[ASN1_MAX_TL_SIZE];
- unsigned int tl_size;
- int ret;
-
- tl_size = sizeof(tl);
- ret = asn1_encode_simple_der (etype, input_data, input_size, tl, &tl_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- return ret;
- }
-
- output->data = gnutls_malloc(tl_size + input_size);
- if (output->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(output->data, tl, tl_size);
- memcpy(output->data+tl_size, input_data, input_size);
-
- output->size = tl_size + input_size;
-
- return 0;
+ uint8_t tl[ASN1_MAX_TL_SIZE];
+ unsigned int tl_size;
+ int ret;
+
+ tl_size = sizeof(tl);
+ ret =
+ asn1_encode_simple_der(etype, input_data, input_size, tl,
+ &tl_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ return ret;
+ }
+
+ output->data = gnutls_malloc(tl_size + input_size);
+ if (output->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(output->data, tl, tl_size);
+ memcpy(output->data + tl_size, input_data, input_size);
+
+ output->size = tl_size + input_size;
+
+ return 0;
}
/* DER Encodes the src ASN1_TYPE and stores it to
@@ -1180,85 +1131,79 @@ int _gnutls_x509_encode_string(unsigned int etype,
* an OCTET STRING.
*/
int
-_gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * res, int str)
+_gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * res, int str)
{
- int size, result;
- int asize;
- uint8_t *data = NULL;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- size = 0;
- result = asn1_der_coding (src, src_name, NULL, &size, NULL);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* allocate data for the der
- */
-
- if (str)
- size += 16; /* for later to include the octet tags */
- asize = size;
-
- data = gnutls_malloc ((size_t)size);
- if (data == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_der_coding (src, src_name, data, &size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (str)
- {
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "", data, size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_coding (c2, "", data, &asize, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- size = asize;
-
- asn1_delete_structure (&c2);
- }
-
- res->data = data;
- res->size = (unsigned)size;
- return 0;
-
-cleanup:
- gnutls_free (data);
- asn1_delete_structure (&c2);
- return result;
+ int size, result;
+ int asize;
+ uint8_t *data = NULL;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ size = 0;
+ result = asn1_der_coding(src, src_name, NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* allocate data for the der
+ */
+
+ if (str)
+ size += 16; /* for later to include the octet tags */
+ asize = size;
+
+ data = gnutls_malloc((size_t) size);
+ if (data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_der_coding(src, src_name, data, &size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (str) {
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(c2, "", data, size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_coding(c2, "", data, &asize, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ size = asize;
+
+ asn1_delete_structure(&c2);
+ }
+
+ res->data = data;
+ res->size = (unsigned) size;
+ return 0;
+
+ cleanup:
+ gnutls_free(data);
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -1268,97 +1213,96 @@ cleanup:
* an OCTET STRING.
*/
int
-_gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
- ASN1_TYPE dest, const char *dest_name,
- int str)
+_gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name,
+ ASN1_TYPE dest, const char *dest_name,
+ int str)
{
- int result;
- gnutls_datum_t encoded;
+ int result;
+ gnutls_datum_t encoded;
- result = _gnutls_x509_der_encode (src, src_name, &encoded, str);
+ result = _gnutls_x509_der_encode(src, src_name, &encoded, str);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Write the data.
- */
- result = asn1_write_value (dest, dest_name, encoded.data, (int)encoded.size);
+ /* Write the data.
+ */
+ result =
+ asn1_write_value(dest, dest_name, encoded.data,
+ (int) encoded.size);
- _gnutls_free_datum (&encoded);
+ _gnutls_free_datum(&encoded);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/* Writes the value of the datum in the given ASN1_TYPE.
*/
int
-_gnutls_x509_write_value (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data)
+_gnutls_x509_write_value(ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data)
{
- int ret;
-
- /* Write the data.
- */
- ret = asn1_write_value (c, root, data->data, data->size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+ int ret;
+
+ /* Write the data.
+ */
+ ret = asn1_write_value(c, root, data->data, data->size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/* Writes the value of the datum in the given ASN1_TYPE as a string.
*/
int
-_gnutls_x509_write_string (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data, unsigned int etype)
+_gnutls_x509_write_string(ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data, unsigned int etype)
{
- int ret;
- gnutls_datum_t val = { NULL, 0 };
-
- ret = _gnutls_x509_encode_string(etype, data->data, data->size, &val);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Write the data.
- */
- ret = asn1_write_value (c, root, val.data, val.size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&val);
- return ret;
+ int ret;
+ gnutls_datum_t val = { NULL, 0 };
+
+ ret =
+ _gnutls_x509_encode_string(etype, data->data, data->size,
+ &val);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Write the data.
+ */
+ ret = asn1_write_value(c, root, val.data, val.size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&val);
+ return ret;
}
void
-_asnstr_append_name (char *name, size_t name_size, const char *part1,
- const char *part2)
+_asnstr_append_name(char *name, size_t name_size, const char *part1,
+ const char *part2)
{
- if (part1[0] != 0)
- {
- _gnutls_str_cpy (name, name_size, part1);
- _gnutls_str_cat (name, name_size, part2);
- }
- else
- _gnutls_str_cpy (name, name_size, part2 + 1 /* remove initial dot */ );
+ if (part1[0] != 0) {
+ _gnutls_str_cpy(name, name_size, part1);
+ _gnutls_str_cat(name, name_size, part2);
+ } else
+ _gnutls_str_cpy(name, name_size,
+ part2 + 1 /* remove initial dot */ );
}
@@ -1368,206 +1312,203 @@ _asnstr_append_name (char *name, size_t name_size, const char *part1,
*
*/
int
-_gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
- const char *dst_name,
- gnutls_pk_algorithm_t
- pk_algorithm, gnutls_pk_params_st * params)
+_gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst,
+ const char *dst_name,
+ gnutls_pk_algorithm_t
+ pk_algorithm,
+ gnutls_pk_params_st * params)
{
- const char *pk;
- gnutls_datum_t der = { NULL, 0 };
- int result;
- char name[128];
-
- pk = _gnutls_x509_pk_to_oid (pk_algorithm);
- if (pk == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- /* write the OID
- */
- _asnstr_append_name (name, sizeof (name), dst_name, ".algorithm.algorithm");
-
- result = asn1_write_value (dst, name, pk, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_pubkey_params (pk_algorithm, params, &der);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- _asnstr_append_name (name, sizeof (name), dst_name,
- ".algorithm.parameters");
-
- result = asn1_write_value (dst, name, der.data, der.size);
-
- _gnutls_free_datum (&der);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_pubkey (pk_algorithm, params, &der);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Write the DER parameters. (in bits)
- */
- _asnstr_append_name (name, sizeof (name), dst_name,
- ".subjectPublicKey");
- result = asn1_write_value (dst, name, der.data, der.size * 8);
- _gnutls_free_datum (&der);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ const char *pk;
+ gnutls_datum_t der = { NULL, 0 };
+ int result;
+ char name[128];
+
+ pk = _gnutls_x509_pk_to_oid(pk_algorithm);
+ if (pk == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ /* write the OID
+ */
+ _asnstr_append_name(name, sizeof(name), dst_name,
+ ".algorithm.algorithm");
+
+ result = asn1_write_value(dst, name, pk, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_write_pubkey_params(pk_algorithm, params, &der);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ _asnstr_append_name(name, sizeof(name), dst_name,
+ ".algorithm.parameters");
+
+ result = asn1_write_value(dst, name, der.data, der.size);
+
+ _gnutls_free_datum(&der);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_pubkey(pk_algorithm, params, &der);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Write the DER parameters. (in bits)
+ */
+ _asnstr_append_name(name, sizeof(name), dst_name,
+ ".subjectPublicKey");
+ result = asn1_write_value(dst, name, der.data, der.size * 8);
+ _gnutls_free_datum(&der);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* Encodes and public key parameters into a
* subjectPublicKeyInfo structure and stores it in der.
*/
int
-_gnutls_x509_encode_PKI_params (gnutls_datum_t *der,
- gnutls_pk_algorithm_t
- pk_algorithm, gnutls_pk_params_st * params)
+_gnutls_x509_encode_PKI_params(gnutls_datum_t * der,
+ gnutls_pk_algorithm_t
+ pk_algorithm, gnutls_pk_params_st * params)
{
- int ret;
- ASN1_TYPE tmp;
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Certificate", &tmp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = _gnutls_x509_encode_and_copy_PKI_params (tmp,
- "tbsCertificate.subjectPublicKeyInfo",
- pk_algorithm, params);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_der_encode(tmp, "tbsCertificate.subjectPublicKeyInfo", der, 0);
-
-cleanup:
- asn1_delete_structure (&tmp);
-
- return ret;
+ int ret;
+ ASN1_TYPE tmp;
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Certificate", &tmp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = _gnutls_x509_encode_and_copy_PKI_params(tmp,
+ "tbsCertificate.subjectPublicKeyInfo",
+ pk_algorithm,
+ params);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_der_encode(tmp,
+ "tbsCertificate.subjectPublicKeyInfo",
+ der, 0);
+
+ cleanup:
+ asn1_delete_structure(&tmp);
+
+ return ret;
}
/* Reads and returns the PK algorithm of the given certificate-like
* ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo".
*/
int
-_gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
- unsigned int *bits)
+_gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name,
+ unsigned int *bits)
{
- int result;
- int algo;
- char oid[64];
- int len;
- gnutls_pk_params_st params;
- char name[128];
-
- gnutls_pk_params_init(&params);
-
- _asnstr_append_name (name, sizeof (name), src_name, ".algorithm.algorithm");
- len = sizeof (oid);
- result = asn1_read_value (src, name, oid, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- algo = _gnutls_x509_oid2pk_algorithm (oid);
- if (algo == GNUTLS_PK_UNKNOWN)
- {
- _gnutls_debug_log
- ("%s: unknown public key algorithm: %s\n", __func__, oid);
- }
-
- if (bits == NULL)
- {
- return algo;
- }
-
- /* Now read the parameters' bits
- */
- result = _gnutls_get_asn_mpis(src, src_name, &params);
- if (result < 0)
- return gnutls_assert_val(result);
-
- bits[0] = pubkey_to_bits(algo, &params);
-
- gnutls_pk_params_release(&params);
- return algo;
+ int result;
+ int algo;
+ char oid[64];
+ int len;
+ gnutls_pk_params_st params;
+ char name[128];
+
+ gnutls_pk_params_init(&params);
+
+ _asnstr_append_name(name, sizeof(name), src_name,
+ ".algorithm.algorithm");
+ len = sizeof(oid);
+ result = asn1_read_value(src, name, oid, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ algo = _gnutls_x509_oid2pk_algorithm(oid);
+ if (algo == GNUTLS_PK_UNKNOWN) {
+ _gnutls_debug_log
+ ("%s: unknown public key algorithm: %s\n", __func__,
+ oid);
+ }
+
+ if (bits == NULL) {
+ return algo;
+ }
+
+ /* Now read the parameters' bits
+ */
+ result = _gnutls_get_asn_mpis(src, src_name, &params);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ bits[0] = pubkey_to_bits(algo, &params);
+
+ gnutls_pk_params_release(&params);
+ return algo;
}
/* Reads the DER signed data from the certificate and allocates space and
* returns them into signed_data.
*/
int
-_gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signed_data)
+_gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signed_data)
{
- gnutls_datum_t der;
- int start, end, result;
-
- result = _gnutls_x509_der_encode (src, "", &der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Get the signed data
- */
- result = asn1_der_decoding_startEnd (src, der.data, der.size,
- src_name, &start, &end);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_set_datum (signed_data, &der.data[start], end - start + 1);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- _gnutls_free_datum (&der);
-
- return result;
+ gnutls_datum_t der;
+ int start, end, result;
+
+ result = _gnutls_x509_der_encode(src, "", &der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Get the signed data
+ */
+ result = asn1_der_decoding_startEnd(src, der.data, der.size,
+ src_name, &start, &end);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_set_datum(signed_data, &der.data[start],
+ end - start + 1);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&der);
+
+ return result;
}
/*-
@@ -1583,28 +1524,26 @@ cleanup:
* error.
-*/
int
-_gnutls_x509_get_signature_algorithm (ASN1_TYPE src, const char *src_name)
+_gnutls_x509_get_signature_algorithm(ASN1_TYPE src, const char *src_name)
{
- int result;
- gnutls_datum_t sa;
+ int result;
+ gnutls_datum_t sa;
- /* Read the signature algorithm. Note that parameters are not
- * read. They will be read from the issuer's certificate if needed.
- */
- result =
- _gnutls_x509_read_value (src, src_name, &sa);
+ /* Read the signature algorithm. Note that parameters are not
+ * read. They will be read from the issuer's certificate if needed.
+ */
+ result = _gnutls_x509_read_value(src, src_name, &sa);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_oid2sign_algorithm ( (char*)sa.data);
+ result = _gnutls_x509_oid2sign_algorithm((char *) sa.data);
- _gnutls_free_datum (&sa);
+ _gnutls_free_datum(&sa);
- return result;
+ return result;
}
@@ -1612,143 +1551,136 @@ _gnutls_x509_get_signature_algorithm (ASN1_TYPE src, const char *src_name)
* returns them into signed_data.
*/
int
-_gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signature)
+_gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signature)
{
- int result, len;
- unsigned int bits;
-
- signature->data = NULL;
- signature->size = 0;
-
- /* Read the signature
- */
- len = 0;
- result = asn1_read_value (src, src_name, NULL, &len);
-
- if (result != ASN1_MEM_ERROR)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- bits = len;
- if (bits % 8 != 0)
- {
- gnutls_assert ();
- result = GNUTLS_E_CERTIFICATE_ERROR;
- goto cleanup;
- }
-
- len = bits / 8;
-
- signature->data = gnutls_malloc (len);
- if (signature->data == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- return result;
- }
-
- /* read the bit string of the signature
- */
- bits = len;
- result = asn1_read_value (src, src_name, signature->data, (int*)&bits);
-
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- signature->size = len;
-
- return 0;
-
-cleanup:
- return result;
+ int result, len;
+ unsigned int bits;
+
+ signature->data = NULL;
+ signature->size = 0;
+
+ /* Read the signature
+ */
+ len = 0;
+ result = asn1_read_value(src, src_name, NULL, &len);
+
+ if (result != ASN1_MEM_ERROR) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ bits = len;
+ if (bits % 8 != 0) {
+ gnutls_assert();
+ result = GNUTLS_E_CERTIFICATE_ERROR;
+ goto cleanup;
+ }
+
+ len = bits / 8;
+
+ signature->data = gnutls_malloc(len);
+ if (signature->data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ return result;
+ }
+
+ /* read the bit string of the signature
+ */
+ bits = len;
+ result =
+ asn1_read_value(src, src_name, signature->data, (int *) &bits);
+
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ signature->size = len;
+
+ return 0;
+
+ cleanup:
+ return result;
}
/* ASN.1 PrintableString rules */
static int is_printable(char p)
{
- if ((p >= 'a' && p <= 'z') || (p >= 'A' && p <= 'Z') ||
- (p >= '0' && p <= '9') || p == ' ' || p == '(' || p == ')' ||
- p == '+' || p == ',' || p == '-' || p == '.' || p == '/' ||
- p == ':' || p == '=' || p == '?')
- return 1;
-
- return 0;
+ if ((p >= 'a' && p <= 'z') || (p >= 'A' && p <= 'Z') ||
+ (p >= '0' && p <= '9') || p == ' ' || p == '(' || p == ')' ||
+ p == '+' || p == ',' || p == '-' || p == '.' || p == '/' ||
+ p == ':' || p == '=' || p == '?')
+ return 1;
+
+ return 0;
}
-static int write_complex_string(ASN1_TYPE asn_struct, const char* where,
- const struct oid_to_string* oentry, const uint8_t *data,
- size_t data_size)
+static int write_complex_string(ASN1_TYPE asn_struct, const char *where,
+ const struct oid_to_string *oentry,
+ const uint8_t * data, size_t data_size)
{
- char tmp[128];
- ASN1_TYPE c2;
- int result;
- const char *string_type;
- unsigned int i;
-
- result = asn1_create_element (_gnutls_get_pkix (), oentry->asn_desc, &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- tmp[0] = 0;
-
- string_type = "printableString";
-
- /* Check if the data is ASN.1 printable, and use
- * the UTF8 string type if not.
- */
- for (i = 0; i < data_size; i++)
- {
- if (!is_printable (data[i]))
- {
- string_type = "utf8String";
- break;
- }
- }
-
- /* if the type is a CHOICE then write the
- * type we'll use.
- */
- result = asn1_write_value (c2, "", string_type, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- _gnutls_str_cpy (tmp, sizeof (tmp), string_type);
-
- result = asn1_write_value (c2, tmp, data, data_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy (c2, "", asn_struct, where, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = 0;
-
-error:
- asn1_delete_structure (&c2);
- return result;
+ char tmp[128];
+ ASN1_TYPE c2;
+ int result;
+ const char *string_type;
+ unsigned int i;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), oentry->asn_desc, &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmp[0] = 0;
+
+ string_type = "printableString";
+
+ /* Check if the data is ASN.1 printable, and use
+ * the UTF8 string type if not.
+ */
+ for (i = 0; i < data_size; i++) {
+ if (!is_printable(data[i])) {
+ string_type = "utf8String";
+ break;
+ }
+ }
+
+ /* if the type is a CHOICE then write the
+ * type we'll use.
+ */
+ result = asn1_write_value(c2, "", string_type, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_str_cpy(tmp, sizeof(tmp), string_type);
+
+ result = asn1_write_value(c2, tmp, data, data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", asn_struct, where, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -1757,83 +1689,80 @@ error:
* In all cases only one value is written.
*/
int
-_gnutls_x509_encode_and_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct,
- const char *where,
- const void *_data,
- int data_size, int multi)
+_gnutls_x509_encode_and_write_attribute(const char *given_oid,
+ ASN1_TYPE asn1_struct,
+ const char *where,
+ const void *_data,
+ int data_size, int multi)
{
- const uint8_t *data = _data;
- char tmp[128];
- int result;
- const struct oid_to_string* oentry;
-
- oentry = get_oid_entry(given_oid);
- if (oentry == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot find OID: %s\n", given_oid);
- return GNUTLS_E_X509_UNSUPPORTED_OID;
- }
-
- /* write the data (value)
- */
-
- _gnutls_str_cpy (tmp, sizeof (tmp), where);
- _gnutls_str_cat (tmp, sizeof (tmp), ".value");
-
- if (multi != 0)
- { /* if not writing an AttributeTypeAndValue, but an Attribute */
- _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */
-
- result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
- }
-
- if (oentry->asn_desc != NULL) /* write a complex string API */
- {
- result = write_complex_string(asn1_struct, tmp, oentry, data, data_size);
- if (result < 0)
- return gnutls_assert_val(result);
- }
- else /* write a simple string */
- {
- gnutls_datum_t td;
-
- td.data = (void*)data;
- td.size = data_size;
- result = _gnutls_x509_write_string (asn1_struct, tmp, &td, oentry->etype);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* write the type
- */
- _gnutls_str_cpy (tmp, sizeof (tmp), where);
- _gnutls_str_cat (tmp, sizeof (tmp), ".type");
-
- result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = 0;
-
-error:
- return result;
+ const uint8_t *data = _data;
+ char tmp[128];
+ int result;
+ const struct oid_to_string *oentry;
+
+ oentry = get_oid_entry(given_oid);
+ if (oentry == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Cannot find OID: %s\n", given_oid);
+ return GNUTLS_E_X509_UNSUPPORTED_OID;
+ }
+
+ /* write the data (value)
+ */
+
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".value");
+
+ if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */
+ _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */
+
+ result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
+ }
+
+ if (oentry->asn_desc != NULL) { /* write a complex string API */
+ result =
+ write_complex_string(asn1_struct, tmp, oentry, data,
+ data_size);
+ if (result < 0)
+ return gnutls_assert_val(result);
+ } else { /* write a simple string */
+
+ gnutls_datum_t td;
+
+ td.data = (void *) data;
+ td.size = data_size;
+ result =
+ _gnutls_x509_write_string(asn1_struct, tmp, &td,
+ oentry->etype);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* write the type
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".type");
+
+ result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = 0;
+
+ error:
+ return result;
}
/* copies a datum to a buffer. If it doesn't fit it returns
@@ -1842,57 +1771,55 @@ error:
*
* The buffer will always be null terminated.
*/
-int _gnutls_strdatum_to_buf (gnutls_datum_t * d, void* buf, size_t * buf_size)
+int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf,
+ size_t * buf_size)
{
-int ret;
-uint8_t *_buf = buf;
-
- if (buf == NULL || *buf_size < d->size+1)
- {
- *buf_size = d->size+1;
- ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- goto cleanup;
- }
- memcpy(buf, d->data, d->size);
- _buf[d->size] = 0;
-
- *buf_size = d->size;
- ret = 0;
-
-cleanup:
- _gnutls_free_datum(d);
-
- return ret;
+ int ret;
+ uint8_t *_buf = buf;
+
+ if (buf == NULL || *buf_size < d->size + 1) {
+ *buf_size = d->size + 1;
+ ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ goto cleanup;
+ }
+ memcpy(buf, d->data, d->size);
+ _buf[d->size] = 0;
+
+ *buf_size = d->size;
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(d);
+
+ return ret;
}
int
-_gnutls_x509_get_raw_dn2 (ASN1_TYPE c2, gnutls_datum_t* raw,
- const char *whom, gnutls_datum_t * dn)
+_gnutls_x509_get_raw_dn2(ASN1_TYPE c2, gnutls_datum_t * raw,
+ const char *whom, gnutls_datum_t * dn)
{
- int result, len1;
- int start1, end1;
- result =
- asn1_der_decoding_startEnd (c2, raw->data, raw->size,
- whom, &start1, &end1);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- len1 = end1 - start1 + 1;
-
- result = _gnutls_set_datum (dn, &raw->data[start1], len1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- return result;
+ int result, len1;
+ int start1, end1;
+ result =
+ asn1_der_decoding_startEnd(c2, raw->data, raw->size,
+ whom, &start1, &end1);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ len1 = end1 - start1 + 1;
+
+ result = _gnutls_set_datum(dn, &raw->data[start1], len1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ return result;
}
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 8eec73054a..ade1c9bc7b 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -67,115 +67,121 @@
#define ASN1_NULL "\x05\x00"
#define ASN1_NULL_SIZE 2
-int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim, int general);
+int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim,
+ int general);
-int _gnutls_x509_decode_string (unsigned int etype,
- const uint8_t * der, size_t der_size,
- gnutls_datum_t *output);
+int _gnutls_x509_decode_string(unsigned int etype,
+ const uint8_t * der, size_t der_size,
+ gnutls_datum_t * output);
int _gnutls_x509_encode_string(unsigned int etype,
- const void* input_data, size_t input_size,
- gnutls_datum_t* output);
+ const void *input_data, size_t input_size,
+ gnutls_datum_t * output);
-int _gnutls_x509_dn_to_string (const char *OID, void *value,
- int value_size, gnutls_datum_t* out);
-const char* _gnutls_ldap_string_to_oid (const char* str, unsigned str_len);
+int _gnutls_x509_dn_to_string(const char *OID, void *value,
+ int value_size, gnutls_datum_t * out);
+const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len);
-time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when, int general);
+time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when, int general);
-gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type);
+gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type);
-int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
- ASN1_TYPE dest, const char *dest_name,
- int str);
-int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * res, int str);
+int _gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name,
+ ASN1_TYPE dest, const char *dest_name,
+ int str);
+int _gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * res, int str);
#define _gnutls_x509_export_int(asn1, format, header, out, out_size) \
_gnutls_x509_export_int_named(asn1, "", format, header, out, out_size)
-int _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size);
+int _gnutls_x509_export_int_named(ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size);
#define _gnutls_x509_export_int2(asn1, format, header, out) \
_gnutls_x509_export_int_named2(asn1, "", format, header, out)
-int _gnutls_x509_export_int_named2 (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- gnutls_datum_t * out);
-
-int _gnutls_x509_read_value (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret);
-int _gnutls_x509_read_string (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret, unsigned int etype);
-int _gnutls_x509_write_value (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data);
-
-int _gnutls_x509_write_string (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data, unsigned int etype);
-
-int _gnutls_x509_encode_and_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct,
- const char *where,
- const void *data,
- int sizeof_data, int multi);
-int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
- const char *where, char *oid,
- int oid_size,
- gnutls_datum_t * value, int multi,
- int octet);
-
-int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
- unsigned int *bits);
+int _gnutls_x509_export_int_named2(ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ gnutls_datum_t * out);
+
+int _gnutls_x509_read_value(ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret);
+int _gnutls_x509_read_string(ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret, unsigned int etype);
+int _gnutls_x509_write_value(ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data);
+
+int _gnutls_x509_write_string(ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data,
+ unsigned int etype);
+
+int _gnutls_x509_encode_and_write_attribute(const char *given_oid,
+ ASN1_TYPE asn1_struct,
+ const char *where,
+ const void *data,
+ int sizeof_data, int multi);
+int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct,
+ const char *where, char *oid,
+ int oid_size,
+ gnutls_datum_t * value,
+ int multi, int octet);
+
+int _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name,
+ unsigned int *bits);
int
-_gnutls_x509_get_signature_algorithm (ASN1_TYPE src, const char *src_name);
+_gnutls_x509_get_signature_algorithm(ASN1_TYPE src, const char *src_name);
-int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
- const char *dst_name,
- gnutls_pk_algorithm_t
- pk_algorithm, gnutls_pk_params_st * params);
-int _gnutls_x509_encode_PKI_params(gnutls_datum_t* der,
- gnutls_pk_algorithm_t, gnutls_pk_params_st* params);
-int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
- ASN1_TYPE src, const char *src_name);
+int _gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst,
+ const char *dst_name,
+ gnutls_pk_algorithm_t
+ pk_algorithm,
+ gnutls_pk_params_st * params);
+int _gnutls_x509_encode_PKI_params(gnutls_datum_t * der,
+ gnutls_pk_algorithm_t,
+ gnutls_pk_params_st * params);
+int _gnutls_asn1_copy_node(ASN1_TYPE * dst, const char *dst_name,
+ ASN1_TYPE src, const char *src_name);
-int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signed_data);
-int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signature);
+int _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signed_data);
+int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signature);
-int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
- gnutls_pk_params_st * params);
+int _gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root,
+ gnutls_pk_params_st * params);
-int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, gnutls_pk_params_st*,
- unsigned char *output_data,
- size_t * output_data_size);
+int _gnutls_get_key_id(gnutls_pk_algorithm_t pk, gnutls_pk_params_st *,
+ unsigned char *output_data,
+ size_t * output_data_size);
-void _asnstr_append_name (char *name, size_t name_size, const char *part1,
- const char *part2);
+void _asnstr_append_name(char *name, size_t name_size, const char *part1,
+ const char *part2);
int
-_gnutls_x509_get_raw_dn2 (ASN1_TYPE c2, gnutls_datum_t* raw,
- const char *whom, gnutls_datum_t * dn);
+_gnutls_x509_get_raw_dn2(ASN1_TYPE c2, gnutls_datum_t * raw,
+ const char *whom, gnutls_datum_t * dn);
int
-_gnutls_check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
+_gnutls_check_if_same_cert(gnutls_x509_crt_t cert1,
+ gnutls_x509_crt_t cert2);
-time_t _gnutls_x509_generalTime2gtime (const char *ttime);
+time_t _gnutls_x509_generalTime2gtime(const char *ttime);
-int get_extension (ASN1_TYPE asn, const char *root,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical);
+int get_extension(ASN1_TYPE asn, const char *root,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical);
-int set_extension (ASN1_TYPE asn, const char *root,
- const char *ext_id,
- const gnutls_datum_t * ext_data, unsigned int critical);
+int set_extension(ASN1_TYPE asn, const char *root,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data, unsigned int critical);
-int _gnutls_strdatum_to_buf (gnutls_datum_t * d, void* buf, size_t * sizeof_buf);
+int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf,
+ size_t * sizeof_buf);
#endif
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 152ab33ba9..bd2560dc78 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -44,25 +44,22 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crl_init (gnutls_x509_crl_t * crl)
+int gnutls_x509_crl_init(gnutls_x509_crl_t * crl)
{
- *crl = gnutls_calloc (1, sizeof (gnutls_x509_crl_int));
-
- if (*crl)
- {
- int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.CertificateList",
- &(*crl)->crl);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*crl);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ *crl = gnutls_calloc(1, sizeof(gnutls_x509_crl_int));
+
+ if (*crl) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CertificateList",
+ &(*crl)->crl);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*crl);
+ return _gnutls_asn2err(result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -71,17 +68,16 @@ gnutls_x509_crl_init (gnutls_x509_crl_t * crl)
*
* This function will deinitialize a CRL structure.
**/
-void
-gnutls_x509_crl_deinit (gnutls_x509_crl_t crl)
+void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl)
{
- if (!crl)
- return;
+ if (!crl)
+ return;
- if (crl->crl)
- asn1_delete_structure (&crl->crl);
- gnutls_free(crl->raw_issuer_dn.data);
+ if (crl->crl)
+ asn1_delete_structure(&crl->crl);
+ gnutls_free(crl->raw_issuer_dn.data);
- gnutls_free (crl);
+ gnutls_free(crl);
}
/**
@@ -99,64 +95,62 @@ gnutls_x509_crl_deinit (gnutls_x509_crl_t crl)
* negative error value.
**/
int
-gnutls_x509_crl_import (gnutls_x509_crl_t crl,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_x509_crl_import(gnutls_x509_crl_t crl,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- _data.data = data->data;
- _data.size = data->size;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* If the CRL is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- result = _gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
-
- result = asn1_der_decoding (&crl->crl, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_raw_dn2 (crl->crl, &_data,
- "tbsCertList.issuer.rdnSequence",
- &crl->raw_issuer_dn);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- return 0;
-
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- _gnutls_free_datum (&crl->raw_issuer_dn);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* If the CRL is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ result =
+ _gnutls_fbase64_decode(PEM_CRL, data->data, data->size,
+ &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ }
+
+ result =
+ asn1_der_decoding(&crl->crl, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_get_raw_dn2(crl->crl, &_data,
+ "tbsCertList.issuer.rdnSequence",
+ &crl->raw_issuer_dn);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ _gnutls_free_datum(&crl->raw_issuer_dn);
+ return result;
}
@@ -179,18 +173,17 @@ cleanup:
*
**/
int
-gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf,
- size_t * sizeof_buf)
+gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, char *buf,
+ size_t * sizeof_buf)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn (crl->crl,
- "tbsCertList.issuer.rdnSequence",
- buf, sizeof_buf);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn(crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ buf, sizeof_buf);
}
/**
@@ -220,27 +213,26 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf,
* with the required size, and 0 on success.
**/
int
-gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf)
+gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf)
{
-gnutls_datum_t td;
-int ret;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_parse_dn_oid (crl->crl,
- "tbsCertList.issuer.rdnSequence",
- oid, indx, raw_flag, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, sizeof_buf);
+ gnutls_datum_t td;
+ int ret;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_parse_dn_oid(crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ oid, indx, raw_flag, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_strdatum_to_buf(&td, buf, sizeof_buf);
}
@@ -261,18 +253,17 @@ int ret;
* with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
- int indx, void *oid, size_t * sizeof_oid)
+gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid, size_t * sizeof_oid)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn_oid (crl->crl,
- "tbsCertList.issuer.rdnSequence", indx,
- oid, sizeof_oid);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid(crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ indx, oid, sizeof_oid);
}
/**
@@ -291,16 +282,15 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
* Since: 3.1.10
**/
int
-gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t * dn)
+gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl, gnutls_datum_t * dn)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn (crl->crl,
- "tbsCertList.issuer.rdnSequence", dn);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn(crl->crl,
+ "tbsCertList.issuer.rdnSequence", dn);
}
/**
@@ -313,37 +303,34 @@ gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t * dn)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl)
+int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl)
{
- int result;
- gnutls_datum_t sa;
+ int result;
+ gnutls_datum_t sa;
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* Read the signature algorithm. Note that parameters are not
- * read. They will be read from the issuer's certificate if needed.
- */
+ /* Read the signature algorithm. Note that parameters are not
+ * read. They will be read from the issuer's certificate if needed.
+ */
- result =
- _gnutls_x509_read_value (crl->crl, "signatureAlgorithm.algorithm",
- &sa);
+ result =
+ _gnutls_x509_read_value(crl->crl,
+ "signatureAlgorithm.algorithm", &sa);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_oid2sign_algorithm ((const char *) sa.data);
+ result = _gnutls_x509_oid2sign_algorithm((const char *) sa.data);
- _gnutls_free_datum (&sa);
+ _gnutls_free_datum(&sa);
- return result;
+ return result;
}
/**
@@ -358,51 +345,46 @@ gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl)
* negative error value. and a negative error code on error.
**/
int
-gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
- char *sig, size_t * sizeof_sig)
+gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl,
+ char *sig, size_t * sizeof_sig)
{
- int result;
- unsigned int bits;
- int len;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = 0;
- result = asn1_read_value (crl->crl, "signature", NULL, &len);
-
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- bits = len;
- if (bits % 8 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- len = bits / 8;
-
- if (*sizeof_sig < (unsigned)len)
- {
- *sizeof_sig = bits / 8;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- result = asn1_read_value (crl->crl, "signature", sig, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ unsigned int bits;
+ int len;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = 0;
+ result = asn1_read_value(crl->crl, "signature", NULL, &len);
+
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ bits = len;
+ if (bits % 8 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ len = bits / 8;
+
+ if (*sizeof_sig < (unsigned) len) {
+ *sizeof_sig = bits / 8;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ result = asn1_read_value(crl->crl, "signature", sig, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -413,28 +395,25 @@ gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
*
* Returns: The version number, or a negative error code on error.
**/
-int
-gnutls_x509_crl_get_version (gnutls_x509_crl_t crl)
+int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl)
{
- uint8_t version[8];
- int len, result;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- if ((result =
- asn1_read_value (crl->crl, "tbsCertList.version", version,
- &len)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return (int) version[0] + 1;
+ uint8_t version[8];
+ int len, result;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(crl->crl, "tbsCertList.version", version,
+ &len)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -445,16 +424,15 @@ gnutls_x509_crl_get_version (gnutls_x509_crl_t crl)
*
* Returns: when the CRL was issued, or (time_t)-1 on error.
**/
-time_t
-gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl)
+time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time (crl->crl, "tbsCertList.thisUpdate", 0);
+ return _gnutls_x509_get_time(crl->crl, "tbsCertList.thisUpdate",
+ 0);
}
/**
@@ -467,16 +445,15 @@ gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl)
*
* Returns: when the next CRL will be issued, or (time_t)-1 on error.
**/
-time_t
-gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl)
+time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time (crl->crl, "tbsCertList.nextUpdate", 0);
+ return _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate",
+ 0);
}
/**
@@ -488,29 +465,27 @@ gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl)
*
* Returns: number of certificates, a negative error code on failure.
**/
-int
-gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl)
+int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl)
{
- int count, result;
+ int count, result;
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result =
- asn1_number_of_elements (crl->crl,
- "tbsCertList.revokedCertificates", &count);
+ result =
+ asn1_number_of_elements(crl->crl,
+ "tbsCertList.revokedCertificates",
+ &count);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return 0; /* no certificates */
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no certificates */
+ }
- return count;
+ return count;
}
/**
@@ -528,44 +503,44 @@ gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl)
* negative error value. and a negative error code on error.
**/
int
-gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
- unsigned char *serial,
- size_t * serial_size, time_t * t)
+gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx,
+ unsigned char *serial,
+ size_t * serial_size, time_t * t)
{
- int result, _serial_size;
- char serial_name[ASN1_MAX_NAME_SIZE];
- char date_name[ASN1_MAX_NAME_SIZE];
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (serial_name, sizeof (serial_name),
- "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1);
- snprintf (date_name, sizeof (date_name),
- "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1);
-
- _serial_size = *serial_size;
- result = asn1_read_value (crl->crl, serial_name, serial, &_serial_size);
-
- *serial_size = _serial_size;
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- return _gnutls_asn2err (result);
- }
-
- if (t)
- {
- *t = _gnutls_x509_get_time (crl->crl, date_name, 0);
- }
-
- return 0;
+ int result, _serial_size;
+ char serial_name[ASN1_MAX_NAME_SIZE];
+ char date_name[ASN1_MAX_NAME_SIZE];
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(serial_name, sizeof(serial_name),
+ "tbsCertList.revokedCertificates.?%u.userCertificate",
+ indx + 1);
+ snprintf(date_name, sizeof(date_name),
+ "tbsCertList.revokedCertificates.?%u.revocationDate",
+ indx + 1);
+
+ _serial_size = *serial_size;
+ result =
+ asn1_read_value(crl->crl, serial_name, serial, &_serial_size);
+
+ *serial_size = _serial_size;
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return _gnutls_asn2err(result);
+ }
+
+ if (t) {
+ *t = _gnutls_x509_get_time(crl->crl, date_name, 0);
+ }
+
+ return 0;
}
/**
@@ -581,10 +556,11 @@ gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
* Since: 2.12.0
**/
int
-gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
- gnutls_datum_t * dn)
+gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn)
{
- return _gnutls_set_datum (dn, crl->raw_issuer_dn.data, crl->raw_issuer_dn.size);
+ return _gnutls_set_datum(dn, crl->raw_issuer_dn.data,
+ crl->raw_issuer_dn.size);
}
/**
@@ -607,18 +583,17 @@ gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
* negative error value. and a negative error code on failure.
**/
int
-gnutls_x509_crl_export (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_crl_export(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int (crl->crl, format, PEM_CRL,
- output_data, output_data_size);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(crl->crl, format, PEM_CRL,
+ output_data, output_data_size);
}
/**
@@ -640,16 +615,15 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl,
* Since 3.1.3
**/
int
-gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_x509_crl_export2(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int2 (crl->crl, format, PEM_CRL, out);
+ return _gnutls_x509_export_int2(crl->crl, format, PEM_CRL, out);
}
/*-
@@ -662,78 +636,71 @@ gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
-*/
-int
-_gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src)
+int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src)
{
- int ret;
- gnutls_datum_t tmp;
+ int ret;
+ gnutls_datum_t tmp;
- ret = gnutls_x509_crl_export2 (src, GNUTLS_X509_FMT_DER, &tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = gnutls_x509_crl_export2(src, GNUTLS_X509_FMT_DER, &tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = gnutls_x509_crl_import (dest, &tmp, GNUTLS_X509_FMT_DER);
+ ret = gnutls_x509_crl_import(dest, &tmp, GNUTLS_X509_FMT_DER);
- gnutls_free (tmp.data);
+ gnutls_free(tmp.data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
static int
-_get_authority_key_id (gnutls_x509_crl_t cert, ASN1_TYPE *c2,
- unsigned int *critical)
+_get_authority_key_id(gnutls_x509_crl_t cert, ASN1_TYPE * c2,
+ unsigned int *critical)
{
- int ret;
- gnutls_datum_t id;
-
- *c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((ret =
- _gnutls_x509_crl_get_extension (cert, "2.5.29.35", 0, &id,
- critical)) < 0)
- {
- return gnutls_assert_val(ret);
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- ret = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&id);
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (c2, id.data, id.size, NULL);
- _gnutls_free_datum (&id);
-
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (c2);
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+ int ret;
+ gnutls_datum_t id;
+
+ *c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((ret =
+ _gnutls_x509_crl_get_extension(cert, "2.5.29.35", 0, &id,
+ critical)) < 0) {
+ return gnutls_assert_val(ret);
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ ret = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_der_decoding(c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(c2);
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/**
@@ -760,52 +727,51 @@ _get_authority_key_id (gnutls_x509_crl_t cert, ASN1_TYPE *c2,
* Since: 3.0
**/
int
-gnutls_x509_crl_get_authority_key_gn_serial (gnutls_x509_crl_t crl,
- unsigned int seq,
- void *alt,
- size_t * alt_size,
- unsigned int *alt_type,
- void* serial,
- size_t *serial_size,
- unsigned int *critical)
+gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t crl,
+ unsigned int seq,
+ void *alt,
+ size_t * alt_size,
+ unsigned int *alt_type,
+ void *serial,
+ size_t * serial_size,
+ unsigned int *critical)
{
- int ret, result, len;
- ASN1_TYPE c2;
-
- ret = _get_authority_key_id(crl, &c2, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret =
- _gnutls_parse_general_name (c2, "authorityCertIssuer", seq, alt, alt_size, alt_type,
- 0);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto fail;
- }
-
- if (serial)
- {
- len = *serial_size;
- result = asn1_read_value (c2, "authorityCertSerialNumber", serial, &len);
-
- *serial_size = len;
-
- if (result < 0)
- {
- ret = _gnutls_asn2err(result);
- goto fail;
- }
-
- }
-
- ret = 0;
-
-fail:
- asn1_delete_structure (&c2);
-
- return ret;
+ int ret, result, len;
+ ASN1_TYPE c2;
+
+ ret = _get_authority_key_id(crl, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_parse_general_name(c2, "authorityCertIssuer", seq, alt,
+ alt_size, alt_type, 0);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto fail;
+ }
+
+ if (serial) {
+ len = *serial_size;
+ result =
+ asn1_read_value(c2, "authorityCertSerialNumber",
+ serial, &len);
+
+ *serial_size = len;
+
+ if (result < 0) {
+ ret = _gnutls_asn2err(result);
+ goto fail;
+ }
+
+ }
+
+ ret = 0;
+
+ fail:
+ asn1_delete_structure(&c2);
+
+ return ret;
}
@@ -831,33 +797,34 @@ fail:
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id,
- size_t * id_size,
- unsigned int *critical)
+gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl, void *id,
+ size_t * id_size,
+ unsigned int *critical)
{
- int result, len, ret;
- ASN1_TYPE c2;
+ int result, len, ret;
+ ASN1_TYPE c2;
- ret = _get_authority_key_id(crl, &c2, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _get_authority_key_id(crl, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- len = *id_size;
- result = asn1_read_value (c2, "keyIdentifier", id, &len);
+ len = *id_size;
+ result = asn1_read_value(c2, "keyIdentifier", id, &len);
- *id_size = len;
- asn1_delete_structure (&c2);
+ *id_size = len;
+ asn1_delete_structure(&c2);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND)
+ return
+ gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -877,48 +844,46 @@ gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size, unsigned int *critical)
+gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret,
+ size_t * ret_size, unsigned int *critical)
{
- int result;
- gnutls_datum_t id;
+ int result;
+ gnutls_datum_t id;
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
- if ((result =
- _gnutls_x509_crl_get_extension (crl, "2.5.29.20", 0, &id,
- critical)) < 0)
- {
- return result;
- }
+ if ((result =
+ _gnutls_x509_crl_get_extension(crl, "2.5.29.20", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- result = _gnutls_x509_ext_extract_number (ret, ret_size, id.data, id.size);
+ result =
+ _gnutls_x509_ext_extract_number(ret, ret_size, id.data,
+ id.size);
- _gnutls_free_datum (&id);
+ _gnutls_free_datum(&id);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -940,24 +905,23 @@ gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid)
+gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid)
{
- int result;
+ int result;
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_crl_get_extension_oid (crl, indx, oid, sizeof_oid);
- if (result < 0)
- {
- return result;
- }
+ result =
+ _gnutls_x509_crl_get_extension_oid(crl, indx, oid, sizeof_oid);
+ if (result < 0) {
+ return result;
+ }
- return 0;
+ return 0;
}
@@ -987,55 +951,51 @@ gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical)
+gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid,
+ unsigned int *critical)
{
- int result;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- int len;
-
- if (!crl)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnID",
- indx + 1);
-
- len = *sizeof_oid;
- result = asn1_read_value (crl->crl, name, oid, &len);
- *sizeof_oid = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- result = asn1_read_value (crl->crl, name, str_critical, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- return 0;
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!crl) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertList.crlExtensions.?%u.extnID", indx + 1);
+
+ len = *sizeof_oid;
+ result = asn1_read_value(crl->crl, name, oid, &len);
+ *sizeof_oid = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertList.crlExtensions.?%u.critical", indx + 1);
+ len = sizeof(str_critical);
+ result = asn1_read_value(crl->crl, name, str_critical, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ return 0;
}
@@ -1063,34 +1023,32 @@ gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
- void *data, size_t * sizeof_data)
+gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, int indx,
+ void *data, size_t * sizeof_data)
{
- int result, len;
- char name[ASN1_MAX_NAME_SIZE];
-
- if (!crl)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnValue",
- indx + 1);
-
- len = *sizeof_data;
- result = asn1_read_value (crl->crl, name, data, &len);
- *sizeof_data = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ if (!crl) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertList.crlExtensions.?%u.extnValue", indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value(crl->crl, name, data, &len);
+ *sizeof_data = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -1113,43 +1071,46 @@ gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
* Since: 3.0
**/
int
-gnutls_x509_crl_list_import2 (gnutls_x509_crl_t ** crls,
- unsigned int * size,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls,
+ unsigned int *size,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
-unsigned int init = 1024;
-int ret;
-
- *crls = gnutls_malloc(sizeof(gnutls_x509_crl_t)*init);
- if (*crls == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crl_list_import(*crls, &init, data, format, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- *crls = gnutls_realloc_fast(*crls, sizeof(gnutls_x509_crl_t)*init);
- if (*crls == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crl_list_import(*crls, &init, data, format, flags);
- }
-
- if (ret < 0)
- {
- gnutls_free(*crls);
- *crls = NULL;
- return ret;
- }
-
- *size = init;
- return 0;
+ unsigned int init = 1024;
+ int ret;
+
+ *crls = gnutls_malloc(sizeof(gnutls_x509_crl_t) * init);
+ if (*crls == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crl_list_import(*crls, &init, data, format,
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ *crls =
+ gnutls_realloc_fast(*crls,
+ sizeof(gnutls_x509_crl_t) * init);
+ if (*crls == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crl_list_import(*crls, &init, data, format,
+ flags);
+ }
+
+ if (ret < 0) {
+ gnutls_free(*crls);
+ *crls = NULL;
+ return ret;
+ }
+
+ *size = init;
+ return 0;
}
/**
@@ -1171,116 +1132,110 @@ int ret;
* Since: 3.0
**/
int
-gnutls_x509_crl_list_import (gnutls_x509_crl_t * crls,
- unsigned int *crl_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls,
+ unsigned int *crl_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
- int size;
- const char *ptr;
- gnutls_datum_t tmp;
- int ret, nocopy = 0;
- unsigned int count = 0, j;
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- if (*crl_max < 1)
- {
- *crl_max = 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- count = 1; /* import only the first one */
-
- ret = gnutls_x509_crl_init (&crls[0]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = gnutls_x509_crl_import (crls[0], data, format);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- *crl_max = 1;
- return 1;
- }
-
- /* move to the certificate
- */
- ptr = memmem (data->data, data->size,
- PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
- if (ptr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- count = 0;
-
- do
- {
- if (count >= *crl_max)
- {
- if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
- break;
- else
- nocopy = 1;
- }
-
- if (!nocopy)
- {
- ret = gnutls_x509_crl_init (&crls[count]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- tmp.data = (void *) ptr;
- tmp.size = data->size - (ptr - (char *) data->data);
-
- ret =
- gnutls_x509_crl_import (crls[count], &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
- size = data->size - (ptr - (char *) data->data);
-
- if (size > 0)
- {
- ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
- }
- else
- ptr = NULL;
-
- count++;
- }
- while (ptr != NULL);
-
- *crl_max = count;
-
- if (nocopy == 0)
- return count;
- else
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
-error:
- for (j = 0; j < count; j++)
- gnutls_x509_crl_deinit (crls[j]);
- return ret;
+ int size;
+ const char *ptr;
+ gnutls_datum_t tmp;
+ int ret, nocopy = 0;
+ unsigned int count = 0, j;
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ if (*crl_max < 1) {
+ *crl_max = 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ count = 1; /* import only the first one */
+
+ ret = gnutls_x509_crl_init(&crls[0]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = gnutls_x509_crl_import(crls[0], data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ *crl_max = 1;
+ return 1;
+ }
+
+ /* move to the certificate
+ */
+ ptr = memmem(data->data, data->size,
+ PEM_CRL_SEP, sizeof(PEM_CRL_SEP) - 1);
+ if (ptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ count = 0;
+
+ do {
+ if (count >= *crl_max) {
+ if (!
+ (flags &
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
+ break;
+ else
+ nocopy = 1;
+ }
+
+ if (!nocopy) {
+ ret = gnutls_x509_crl_init(&crls[count]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ tmp.data = (void *) ptr;
+ tmp.size =
+ data->size - (ptr - (char *) data->data);
+
+ ret =
+ gnutls_x509_crl_import(crls[count], &tmp,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = data->size - (ptr - (char *) data->data);
+
+ if (size > 0) {
+ ptr =
+ memmem(ptr, size, PEM_CRL_SEP,
+ sizeof(PEM_CRL_SEP) - 1);
+ } else
+ ptr = NULL;
+
+ count++;
+ }
+ while (ptr != NULL);
+
+ *crl_max = count;
+
+ if (nocopy == 0)
+ return count;
+ else
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ error:
+ for (j = 0; j < count; j++)
+ gnutls_x509_crl_deinit(crls[j]);
+ return ret;
}
-
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c
index 5b2210bf75..24d5bf029d 100644
--- a/lib/x509/crl_write.c
+++ b/lib/x509/crl_write.c
@@ -34,7 +34,7 @@
#include <x509_int.h>
#include <libtasn1.h>
-static void disable_optional_stuff (gnutls_x509_crl_t crl);
+static void disable_optional_stuff(gnutls_x509_crl_t crl);
/**
* gnutls_x509_crl_set_version:
@@ -49,28 +49,27 @@ static void disable_optional_stuff (gnutls_x509_crl_t crl);
* negative error value.
**/
int
-gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
+gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version)
{
- int result;
- uint8_t null = version & 0xFF;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (null > 0)
- null -= 1;
-
- result = asn1_write_value (crl->crl, "tbsCertList.version", &null, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ uint8_t null = version & 0xFF;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null -= 1;
+
+ result =
+ asn1_write_value(crl->crl, "tbsCertList.version", &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -92,46 +91,43 @@ gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
*
**/
int
-gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
- int result;
- gnutls_privkey_t privkey;
-
- if (crl == NULL || issuer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_privkey_init (&privkey);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_import_x509 (privkey, issuer_key, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = gnutls_x509_crl_privkey_sign (crl, issuer, privkey, dig, flags);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = 0;
-
-fail:
- gnutls_privkey_deinit (privkey);
-
- return result;
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crl == NULL || issuer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init(&privkey);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509(privkey, issuer_key, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result =
+ gnutls_x509_crl_privkey_sign(crl, issuer, privkey, dig, flags);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result = 0;
+
+ fail:
+ gnutls_privkey_deinit(privkey);
+
+ return result;
}
/**
@@ -149,10 +145,11 @@ fail:
* Deprecated: Use gnutls_x509_crl_privkey_sign().
*/
int
-gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key)
+gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
{
- return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, GNUTLS_DIG_SHA1, 0);
+ return gnutls_x509_crl_sign2(crl, issuer, issuer_key,
+ GNUTLS_DIG_SHA1, 0);
}
/**
@@ -165,16 +162,15 @@ gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
+int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, time_t act_time)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_set_time (crl->crl, "tbsCertList.thisUpdate", act_time, 0);
+ return _gnutls_x509_set_time(crl->crl, "tbsCertList.thisUpdate",
+ act_time, 0);
}
/**
@@ -187,15 +183,14 @@ gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
+int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, time_t exp_time)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- return _gnutls_x509_set_time (crl->crl, "tbsCertList.nextUpdate", exp_time, 0);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return _gnutls_x509_set_time(crl->crl, "tbsCertList.nextUpdate",
+ exp_time, 0);
}
/**
@@ -211,57 +206,53 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
* negative error value.
**/
int
-gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
- const void *serial, size_t serial_size,
- time_t revocation_time)
+gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl,
+ const void *serial, size_t serial_size,
+ time_t revocation_time)
{
- int ret;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- asn1_write_value (crl->crl, "tbsCertList.revokedCertificates", "NEW", 1);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret =
- asn1_write_value (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.userCertificate",
- serial, serial_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret =
- _gnutls_x509_set_time (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.revocationDate",
- revocation_time, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- asn1_write_value (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
- NULL, 0);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+ int ret;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ asn1_write_value(crl->crl, "tbsCertList.revokedCertificates",
+ "NEW", 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret =
+ asn1_write_value(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.userCertificate",
+ serial, serial_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret =
+ _gnutls_x509_set_time(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.revocationDate",
+ revocation_time, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ asn1_write_value(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
+ NULL, 0);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/**
@@ -276,53 +267,49 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
* negative error value.
**/
int
-gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
- time_t revocation_time)
+gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
+ time_t revocation_time)
{
- int ret;
- uint8_t serial[128];
- size_t serial_size;
-
- if (crl == NULL || crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- serial_size = sizeof (serial);
- ret = gnutls_x509_crt_get_serial (crt, serial, &serial_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- gnutls_x509_crl_set_crt_serial (crl, serial, serial_size,
- revocation_time);
- if (ret < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+ int ret;
+ uint8_t serial[128];
+ size_t serial_size;
+
+ if (crl == NULL || crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ serial_size = sizeof(serial);
+ ret = gnutls_x509_crt_get_serial(crt, serial, &serial_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crl_set_crt_serial(crl, serial, serial_size,
+ revocation_time);
+ if (ret < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
-static void
-disable_optional_stuff (gnutls_x509_crl_t crl)
+static void disable_optional_stuff(gnutls_x509_crl_t crl)
{
- if (crl->use_extensions == 0)
- {
- asn1_write_value (crl->crl, "tbsCertList.crlExtensions", NULL, 0);
- }
+ if (crl->use_extensions == 0) {
+ asn1_write_value(crl->crl, "tbsCertList.crlExtensions",
+ NULL, 0);
+ }
- return;
+ return;
}
/**
@@ -342,54 +329,52 @@ disable_optional_stuff (gnutls_x509_crl_t crl)
* Since: 2.8.0
**/
int
-gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
- const void *id, size_t id_size)
+gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl,
+ const void *id, size_t id_size)
{
- int result;
- gnutls_datum_t old_id, der_data;
- unsigned int critical;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crl_get_extension (crl, "2.5.29.35", 0, &old_id, &critical);
-
- if (result >= 0)
- _gnutls_free_datum (&old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_auth_key_id (id, id_size, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crl_set_extension (crl, "2.5.29.35", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crl->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crl_get_extension(crl, "2.5.29.35", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_auth_key_id(id, id_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crl_set_extension(crl, "2.5.29.35", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crl->use_extensions = 1;
+
+ return 0;
}
/**
@@ -408,54 +393,52 @@ gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
- const void *nr, size_t nr_size)
+gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
+ const void *nr, size_t nr_size)
{
- int result;
- gnutls_datum_t old_id, der_data;
- unsigned int critical;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crl_get_extension (crl, "2.5.29.20", 0, &old_id, &critical);
-
- if (result >= 0)
- _gnutls_free_datum (&old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_number (nr, nr_size, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crl_set_extension (crl, "2.5.29.20", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crl->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crl_get_extension(crl, "2.5.29.20", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_number(nr, nr_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crl_set_extension(crl, "2.5.29.20", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crl->use_extensions = 1;
+
+ return 0;
}
/**
@@ -478,31 +461,29 @@ gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
* Since 2.12.0
**/
int
-gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
- int result;
-
- if (crl == NULL || issuer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* disable all the unneeded OPTIONAL fields.
- */
- disable_optional_stuff (crl);
-
- result = _gnutls_x509_pkix_sign (crl->crl, "tbsCertList",
- dig, issuer, issuer_key);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
-}
+ int result;
+
+ if (crl == NULL || issuer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* disable all the unneeded OPTIONAL fields.
+ */
+ disable_optional_stuff(crl);
+ result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList",
+ dig, issuer, issuer_key);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
+}
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 01803c56b4..4e28fedd7c 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -46,26 +46,24 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crq_init (gnutls_x509_crq_t * crq)
+int gnutls_x509_crq_init(gnutls_x509_crq_t * crq)
{
- int result;
-
- *crq = gnutls_calloc (1, sizeof (gnutls_x509_crq_int));
- if (!*crq)
- return GNUTLS_E_MEMORY_ERROR;
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-10-CertificationRequest",
- &((*crq)->crq));
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*crq);
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+
+ *crq = gnutls_calloc(1, sizeof(gnutls_x509_crq_int));
+ if (!*crq)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-10-CertificationRequest",
+ &((*crq)->crq));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*crq);
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -75,16 +73,15 @@ gnutls_x509_crq_init (gnutls_x509_crq_t * crq)
* This function will deinitialize a PKCS#10 certificate request
* structure.
**/
-void
-gnutls_x509_crq_deinit (gnutls_x509_crq_t crq)
+void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq)
{
- if (!crq)
- return;
+ if (!crq)
+ return;
- if (crq->crq)
- asn1_delete_structure (&crq->crq);
+ if (crq->crq)
+ asn1_delete_structure(&crq->crq);
- gnutls_free (crq);
+ gnutls_free(crq);
}
#define PEM_CRQ "NEW CERTIFICATE REQUEST"
@@ -107,56 +104,56 @@ gnutls_x509_crq_deinit (gnutls_x509_crq_t crq)
* negative error value.
**/
int
-gnutls_x509_crq_import (gnutls_x509_crq_t crq,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_x509_crq_import(gnutls_x509_crq_t crq,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header */
- result = _gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &_data);
-
- if (result < 0) /* Go for the second header */
- result =
- _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
-
- result = asn1_der_decoding (&crq->crq, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PEM_CRQ, data->data, data->size,
+ &_data);
+
+ if (result < 0) /* Go for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_CRQ2, data->data,
+ data->size, &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ }
+
+ result =
+ asn1_der_decoding(&crq->crq, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/**
@@ -173,56 +170,54 @@ cleanup:
* if the extension is not present, otherwise a negative error value.
**/
int
-gnutls_x509_crq_get_private_key_usage_period (gnutls_x509_crq_t crq, time_t* activation, time_t* expiration,
- unsigned int *critical)
+gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t crq,
+ time_t * activation,
+ time_t * expiration,
+ unsigned int *critical)
{
- int result, ret;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- uint8_t buf[128];
- size_t buf_size = sizeof (buf);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.16", 0,
- buf, &buf_size, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&c2, buf, buf_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (activation)
- *activation = _gnutls_x509_get_time (c2,
- "notBefore", 1);
-
- if (expiration)
- *expiration = _gnutls_x509_get_time (c2,
- "notAfter", 1);
-
- ret = 0;
-
-cleanup:
- asn1_delete_structure (&c2);
-
- return ret;
+ int result, ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ uint8_t buf[128];
+ size_t buf_size = sizeof(buf);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.16", 0,
+ buf, &buf_size,
+ critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.PrivateKeyUsagePeriod", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding(&c2, buf, buf_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (activation)
+ *activation = _gnutls_x509_get_time(c2, "notBefore", 1);
+
+ if (expiration)
+ *expiration = _gnutls_x509_get_time(c2, "notAfter", 1);
+
+ ret = 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+
+ return ret;
}
@@ -243,17 +238,16 @@ cleanup:
* the required size. On success 0 is returned.
**/
int
-gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
+gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- buf, buf_size);
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ buf, buf_size);
}
/**
@@ -271,17 +265,16 @@ gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
*
* Since: 3.1.10
**/
-int
-gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t * dn)
+int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq, gnutls_datum_t * dn)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn (crq->crq,
- "certificationRequestInfo.subject.rdnSequence", dn);
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ dn);
}
/**
@@ -310,27 +303,26 @@ gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t * dn)
* updated with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * buf_size)
+gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * buf_size)
{
-gnutls_datum_t td;
-int ret;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_parse_dn_oid
- (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- oid, indx, raw_flag, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ gnutls_datum_t td;
+ int ret;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_parse_dn_oid
+ (crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ oid, indx, raw_flag, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -348,18 +340,17 @@ int ret;
* updated with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq,
- int indx, void *oid, size_t * sizeof_oid)
+gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq,
+ int indx, void *oid, size_t * sizeof_oid)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn_oid (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- indx, oid, sizeof_oid);
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ indx, oid, sizeof_oid);
}
/* Parses an Attribute list in the asn1_struct, and searches for the
@@ -373,116 +364,113 @@ gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq,
*
*/
static int
-parse_attribute (ASN1_TYPE asn1_struct,
- const char *attr_name, const char *given_oid, int indx,
- int raw, gnutls_datum_t * out)
+parse_attribute(ASN1_TYPE asn1_struct,
+ const char *attr_name, const char *given_oid, int indx,
+ int raw, gnutls_datum_t * out)
{
- int k1, result;
- char tmpbuffer1[ASN1_MAX_NAME_SIZE];
- char tmpbuffer3[ASN1_MAX_NAME_SIZE];
- char value[200];
- gnutls_datum_t td;
- char oid[MAX_OID_SIZE];
- int len;
-
- k1 = 0;
- do
- {
-
- k1++;
- /* create a string like "attribute.?1"
- */
- if (attr_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Move to the attibute type and values
- */
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (strcmp (oid, given_oid) == 0)
- { /* Found the OID */
-
- /* Read the Value
- */
- snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
- tmpbuffer1, indx + 1);
-
- len = sizeof (value) - 1;
- result = _gnutls_x509_read_value (asn1_struct, tmpbuffer3, &td);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (raw == 0)
- {
- result =
- _gnutls_x509_dn_to_string
- (oid, td.data, td.size, out);
-
- _gnutls_free_datum(&td);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- return 0;
- }
- else
- { /* raw!=0 */
- out->data = td.data;
- out->size = td.size;
-
- return 0;
- }
- }
-
- }
- while (1);
-
- gnutls_assert ();
-
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
-cleanup:
- return result;
+ int k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ char value[200];
+ gnutls_datum_t td;
+ char oid[MAX_OID_SIZE];
+ int len;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "attribute.?1"
+ */
+ if (attr_name[0] != 0)
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u",
+ attr_name, k1);
+ else
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u",
+ k1);
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Move to the attibute type and values
+ */
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer1);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type");
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (strcmp(oid, given_oid) == 0) { /* Found the OID */
+
+ /* Read the Value
+ */
+ snprintf(tmpbuffer3, sizeof(tmpbuffer3),
+ "%s.values.?%u", tmpbuffer1, indx + 1);
+
+ len = sizeof(value) - 1;
+ result =
+ _gnutls_x509_read_value(asn1_struct,
+ tmpbuffer3, &td);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw == 0) {
+ result =
+ _gnutls_x509_dn_to_string
+ (oid, td.data, td.size, out);
+
+ _gnutls_free_datum(&td);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ return 0;
+ } else { /* raw!=0 */
+ out->data = td.data;
+ out->size = td.size;
+
+ return 0;
+ }
+ }
+
+ }
+ while (1);
+
+ gnutls_assert();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
/**
@@ -499,24 +487,25 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
- char *pass, size_t * pass_size)
+gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq,
+ char *pass, size_t * pass_size)
{
-gnutls_datum_t td;
-int ret;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = parse_attribute (crq->crq, "certificationRequestInfo.attributes",
- "1.2.840.113549.1.9.7", 0, 0, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, pass, pass_size);
+ gnutls_datum_t td;
+ int ret;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ parse_attribute(crq->crq,
+ "certificationRequestInfo.attributes",
+ "1.2.840.113549.1.9.7", 0, 0, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_strdatum_to_buf(&td, pass, pass_size);
}
/* This function will attempt to set the requested attribute in
@@ -525,155 +514,141 @@ int ret;
* Critical will be either 0 or 1.
*/
static int
-add_attribute (ASN1_TYPE asn, const char *root, const char *attribute_id,
- const gnutls_datum_t * ext_data)
+add_attribute(ASN1_TYPE asn, const char *root, const char *attribute_id,
+ const gnutls_datum_t * ext_data)
{
- int result;
- char name[ASN1_MAX_NAME_SIZE];
-
- snprintf (name, sizeof (name), "%s", root);
-
- /* Add a new attribute in the list.
- */
- result = asn1_write_value (asn, name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "%s.?LAST.type", root);
-
- result = asn1_write_value (asn, name, attribute_id, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "%s.?LAST.values", root);
-
- result = asn1_write_value (asn, name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "%s.?LAST.values.?LAST", root);
-
- result = _gnutls_x509_write_value (asn, name, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf(name, sizeof(name), "%s", root);
+
+ /* Add a new attribute in the list.
+ */
+ result = asn1_write_value(asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name), "%s.?LAST.type", root);
+
+ result = asn1_write_value(asn, name, attribute_id, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name), "%s.?LAST.values", root);
+
+ result = asn1_write_value(asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name), "%s.?LAST.values.?LAST", root);
+
+ result = _gnutls_x509_write_value(asn, name, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* Overwrite the given attribute (using the index)
* index here starts from one.
*/
static int
-overwrite_attribute (ASN1_TYPE asn, const char *root, unsigned int indx,
- const gnutls_datum_t * ext_data)
+overwrite_attribute(ASN1_TYPE asn, const char *root, unsigned int indx,
+ const gnutls_datum_t * ext_data)
{
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- int result;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ int result;
- snprintf (name, sizeof (name), "%s.?%u", root, indx);
+ snprintf(name, sizeof(name), "%s.?%u", root, indx);
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".values.?LAST");
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".values.?LAST");
- result = _gnutls_x509_write_value (asn, name2, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result = _gnutls_x509_write_value(asn, name2, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
static int
-set_attribute (ASN1_TYPE asn, const char *root,
- const char *ext_id, const gnutls_datum_t * ext_data)
+set_attribute(ASN1_TYPE asn, const char *root,
+ const char *ext_id, const gnutls_datum_t * ext_data)
{
- int result;
- int k, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char extnID[MAX_OID_SIZE];
-
- /* Find the index of the given attribute.
- */
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "%s.?%u", root, k);
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name, extnID, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".type");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, ext_id) == 0)
- {
- /* attribute was found
- */
- return overwrite_attribute (asn, root, k, ext_data);
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return add_attribute (asn, root, ext_id, ext_data);
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- return 0;
+ int result;
+ int k, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char extnID[MAX_OID_SIZE];
+
+ /* Find the index of the given attribute.
+ */
+ k = 0;
+ do {
+ k++;
+
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name, extnID, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".type");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, ext_id) == 0) {
+ /* attribute was found
+ */
+ return overwrite_attribute(asn, root, k,
+ ext_data);
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return add_attribute(asn, root, ext_id, ext_data);
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ return 0;
}
/**
@@ -694,23 +669,23 @@ set_attribute (ASN1_TYPE asn, const char *root,
* negative error value.
**/
int
-gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, void *buf,
- size_t buf_size)
+gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, void *buf,
+ size_t buf_size)
{
- gnutls_datum_t data;
+ gnutls_datum_t data;
- data.data = buf;
- data.size = buf_size;
+ data.data = buf;
+ data.size = buf_size;
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return set_attribute (crq->crq, "certificationRequestInfo.attributes",
- oid, &data);
+ return set_attribute(crq->crq,
+ "certificationRequestInfo.attributes", oid,
+ &data);
}
/**
@@ -733,25 +708,26 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
* negative error value.
**/
int
-gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx, void *buf,
- size_t * buf_size)
+gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx, void *buf,
+ size_t * buf_size)
{
-int ret;
-gnutls_datum_t td;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = parse_attribute (crq->crq, "certificationRequestInfo.attributes",
- oid, indx, 1, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ int ret;
+ gnutls_datum_t td;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ parse_attribute(crq->crq,
+ "certificationRequestInfo.attributes", oid,
+ indx, 1, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -776,18 +752,17 @@ gnutls_datum_t td;
* negative error value.
**/
int
-gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
- unsigned int raw_flag, const void *data,
- unsigned int sizeof_data)
+gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, const char *oid,
+ unsigned int raw_flag, const void *data,
+ unsigned int sizeof_data)
{
- if (sizeof_data == 0 || data == NULL || crq == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_set_dn_oid (crq->crq,
- "certificationRequestInfo.subject", oid,
- raw_flag, data, sizeof_data);
+ if (sizeof_data == 0 || data == NULL || crq == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_dn_oid(crq->crq,
+ "certificationRequestInfo.subject",
+ oid, raw_flag, data, sizeof_data);
}
/**
@@ -802,29 +777,28 @@ gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
* negative error value.
**/
int
-gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version)
+gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, unsigned int version)
{
- int result;
- unsigned char null = version;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (null > 0)
- null--;
-
- result =
- asn1_write_value (crq->crq, "certificationRequestInfo.version", &null, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ unsigned char null = version;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null--;
+
+ result =
+ asn1_write_value(crq->crq, "certificationRequestInfo.version",
+ &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -837,31 +811,28 @@ gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version)
* Returns: version of certificate request, or a negative error code on
* error.
**/
-int
-gnutls_x509_crq_get_version (gnutls_x509_crq_t crq)
+int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq)
{
- uint8_t version[8];
- int len, result;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- if ((result =
- asn1_read_value (crq->crq, "certificationRequestInfo.version",
- version, &len)) != ASN1_SUCCESS)
- {
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return (int) version[0] + 1;
+ uint8_t version[8];
+ int len, result;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(crq->crq, "certificationRequestInfo.version",
+ version, &len)) != ASN1_SUCCESS) {
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -876,28 +847,26 @@ gnutls_x509_crq_get_version (gnutls_x509_crq_t crq)
* negative error value.
**/
int
-gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
+gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
{
- int result;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = _gnutls_x509_encode_and_copy_PKI_params
- (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- key->pk_algorithm, &key->params);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ key->pk_algorithm, &key->params);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -916,54 +885,49 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
- gnutls_datum_t * m, gnutls_datum_t * e)
+gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- int ret;
- gnutls_pk_params_st params;
-
- gnutls_pk_params_init(&params);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crq_get_pk_algorithm (crq, NULL);
- if (ret != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_crq_get_mpis (crq, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint (params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+ int ret;
+ gnutls_pk_params_st params;
+
+ gnutls_pk_params_init(&params);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crq_get_pk_algorithm(crq, NULL);
+ if (ret != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crq_get_mpis(crq, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
/**
@@ -981,59 +945,55 @@ cleanup:
* Since: 2.6.0
**/
int
-gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e)
+gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
{
- int result, ret;
- size_t siz = 0;
- gnutls_pk_params_st temp_params;
-
- gnutls_pk_params_init(&temp_params);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- memset (&temp_params, 0, sizeof (temp_params));
-
- siz = m->size;
- if (_gnutls_mpi_scan_nz (&temp_params.params[0], m->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto error;
- }
-
- siz = e->size;
- if (_gnutls_mpi_scan_nz (&temp_params.params[1], e->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto error;
- }
-
- temp_params.params_nr = RSA_PUBLIC_PARAMS;
-
- result = _gnutls_x509_encode_and_copy_PKI_params
- (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- GNUTLS_PK_RSA, &temp_params);
-
- if (result < 0)
- {
- gnutls_assert ();
- ret = result;
- goto error;
- }
-
- ret = 0;
-
-error:
- gnutls_pk_params_release(&temp_params);
- return ret;
+ int result, ret;
+ size_t siz = 0;
+ gnutls_pk_params_st temp_params;
+
+ gnutls_pk_params_init(&temp_params);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset(&temp_params, 0, sizeof(temp_params));
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz(&temp_params.params[0], m->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto error;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz(&temp_params.params[1], e->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto error;
+ }
+
+ temp_params.params_nr = RSA_PUBLIC_PARAMS;
+
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ GNUTLS_PK_RSA, &temp_params);
+
+ if (result < 0) {
+ gnutls_assert();
+ ret = result;
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ gnutls_pk_params_release(&temp_params);
+ return ret;
}
/**
@@ -1048,37 +1008,37 @@ error:
* negative error value.
**/
int
-gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
- const char *pass)
+gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq,
+ const char *pass)
{
- int result;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Add the attribute.
- */
- result = asn1_write_value (crq->crq, "certificationRequestInfo.attributes",
- "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_encode_and_write_attribute
- ("1.2.840.113549.1.9.7", crq->crq,
- "certificationRequestInfo.attributes.?LAST", pass, strlen (pass), 1);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Add the attribute.
+ */
+ result =
+ asn1_write_value(crq->crq,
+ "certificationRequestInfo.attributes", "NEW",
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_encode_and_write_attribute
+ ("1.2.840.113549.1.9.7", crq->crq,
+ "certificationRequestInfo.attributes.?LAST", pass,
+ strlen(pass), 1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -1103,45 +1063,41 @@ gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
*
**/
int
-gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
- int result;
- gnutls_privkey_t privkey;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_privkey_init (&privkey);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_import_x509 (privkey, key, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = gnutls_x509_crq_privkey_sign (crq, privkey, dig, flags);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = 0;
-
-fail:
- gnutls_privkey_deinit (privkey);
-
- return result;
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init(&privkey);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509(privkey, key, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result = gnutls_x509_crq_privkey_sign(crq, privkey, dig, flags);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result = 0;
+
+ fail:
+ gnutls_privkey_deinit(privkey);
+
+ return result;
}
/**
@@ -1157,10 +1113,9 @@ fail:
*
* Deprecated: Use gnutls_x509_crq_privkey_sign() instead.
*/
-int
-gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
+int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
{
- return gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0);
+ return gnutls_x509_crq_sign2(crq, key, GNUTLS_DIG_SHA1, 0);
}
/**
@@ -1185,18 +1140,17 @@ gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
* negative error value.
**/
int
-gnutls_x509_crq_export (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_crq_export(gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int (crq->crq, format, PEM_CRQ,
- output_data, output_data_size);
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(crq->crq, format, PEM_CRQ,
+ output_data, output_data_size);
}
/**
@@ -1219,16 +1173,15 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq,
* Since 3.1.3
**/
int
-gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_x509_crq_export2(gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int2 (crq->crq, format, PEM_CRQ, out);
+ return _gnutls_x509_export_int2(crq->crq, format, PEM_CRQ, out);
}
/**
@@ -1247,24 +1200,22 @@ gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
* success, or a negative error code on error.
**/
int
-gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, unsigned int *bits)
+gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, unsigned int *bits)
{
- int result;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = _gnutls_x509_get_pk_algorithm
- (crq->crq, "certificationRequestInfo.subjectPKInfo", bits);
- if (result < 0)
- {
- gnutls_assert ();
- }
-
- return result;
+ int result;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_get_pk_algorithm
+ (crq->crq, "certificationRequestInfo.subjectPKInfo", bits);
+ if (result < 0) {
+ gnutls_assert();
+ }
+
+ return result;
}
/**
@@ -1292,35 +1243,33 @@ gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, unsigned int *bits)
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid)
+gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid)
{
- int result;
- char name[ASN1_MAX_NAME_SIZE];
- int len;
+ int result;
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
- if (!crq)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!crq) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- snprintf (name, sizeof (name),
- "certificationRequestInfo.attributes.?%u.type", indx + 1);
+ snprintf(name, sizeof(name),
+ "certificationRequestInfo.attributes.?%u.type", indx + 1);
- len = *sizeof_oid;
- result = asn1_read_value (crq->crq, name, oid, &len);
- *sizeof_oid = len;
+ len = *sizeof_oid;
+ result = asn1_read_value(crq->crq, name, oid, &len);
+ *sizeof_oid = len;
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
@@ -1348,34 +1297,33 @@ gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data)
+gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq, int indx,
+ void *data, size_t * sizeof_data)
{
- int result, len;
- char name[ASN1_MAX_NAME_SIZE];
-
- if (!crq)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name),
- "certificationRequestInfo.attributes.?%u.values.?1", indx + 1);
-
- len = *sizeof_data;
- result = asn1_read_value (crq->crq, name, data, &len);
- *sizeof_data = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ if (!crq) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "certificationRequestInfo.attributes.?%u.values.?1",
+ indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value(crq->crq, name, data, &len);
+ *sizeof_data = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -1404,110 +1352,105 @@ gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical)
+gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid,
+ unsigned int *critical)
{
- int result;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- char *extensions = NULL;
- size_t extensions_size = 0;
- ASN1_TYPE c2;
- int len;
-
- if (!crq)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* read extensionRequest */
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
- if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq,
- "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
- }
- if (result < 0)
- {
- gnutls_assert ();
- goto out;
- }
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto out;
- }
-
- result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- result = _gnutls_asn2err (result);
- goto out;
- }
-
- snprintf (name, sizeof (name), "?%u.extnID", indx + 1);
-
- len = *sizeof_oid;
- result = asn1_read_value (c2, name, oid, &len);
- *sizeof_oid = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- asn1_delete_structure (&c2);
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto out;
- }
- else if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- result = _gnutls_asn2err (result);
- goto out;
- }
-
- snprintf (name, sizeof (name), "?%u.critical", indx + 1);
- len = sizeof (str_critical);
- result = asn1_read_value (c2, name, str_critical, &len);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto out;
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- result = 0;
-
-out:
- gnutls_free (extensions);
- return result;
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ char *extensions = NULL;
+ size_t extensions_size = 0;
+ ASN1_TYPE c2;
+ int len;
+
+ if (!crq) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read extensionRequest */
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, NULL,
+ &extensions_size);
+ if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0,
+ extensions,
+ &extensions_size);
+ }
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions",
+ &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto out;
+ }
+
+ result = asn1_der_decoding(&c2, extensions, extensions_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ result = _gnutls_asn2err(result);
+ goto out;
+ }
+
+ snprintf(name, sizeof(name), "?%u.extnID", indx + 1);
+
+ len = *sizeof_oid;
+ result = asn1_read_value(c2, name, oid, &len);
+ *sizeof_oid = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ asn1_delete_structure(&c2);
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto out;
+ } else if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ result = _gnutls_asn2err(result);
+ goto out;
+ }
+
+ snprintf(name, sizeof(name), "?%u.critical", indx + 1);
+ len = sizeof(str_critical);
+ result = asn1_read_value(c2, name, str_critical, &len);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto out;
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ result = 0;
+
+ out:
+ gnutls_free(extensions);
+ return result;
}
/**
@@ -1534,82 +1477,82 @@ out:
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data)
+gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq, int indx,
+ void *data, size_t * sizeof_data)
{
- int result, len;
- char name[ASN1_MAX_NAME_SIZE];
- unsigned char *extensions;
- size_t extensions_size = 0;
- ASN1_TYPE c2;
-
- if (!crq)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* read extensionRequest */
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
- if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- if (result == 0)
- return GNUTLS_E_INTERNAL_ERROR;
- return result;
- }
-
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
- gnutls_free (extensions);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "?%u.extnValue", indx + 1);
-
- len = *sizeof_data;
- result = asn1_read_value (c2, name, data, &len);
- *sizeof_data = len;
-
- asn1_delete_structure (&c2);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+ unsigned char *extensions;
+ size_t extensions_size = 0;
+ ASN1_TYPE c2;
+
+ if (!crq) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read extensionRequest */
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, NULL,
+ &extensions_size);
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ if (result == 0)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return result;
+ }
+
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, extensions,
+ &extensions_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions",
+ &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, extensions, extensions_size, NULL);
+ gnutls_free(extensions);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name), "?%u.extnValue", indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value(c2, name, data, &len);
+ *sizeof_data = len;
+
+ asn1_delete_structure(&c2);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -1634,40 +1577,38 @@ gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
- unsigned int *key_usage,
- unsigned int *critical)
+gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq,
+ unsigned int *key_usage,
+ unsigned int *critical)
{
- int result;
- uint16_t _usage;
- uint8_t buf[128];
- size_t buf_size = sizeof (buf);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.15", 0,
- buf, &buf_size, critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_ext_extract_keyUsage (&_usage, buf, buf_size);
-
- *key_usage = _usage;
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ uint16_t _usage;
+ uint8_t buf[128];
+ size_t buf_size = sizeof(buf);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.15", 0,
+ buf, &buf_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = _gnutls_x509_ext_extract_keyUsage(&_usage, buf, buf_size);
+
+ *key_usage = _usage;
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -1693,124 +1634,117 @@ gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int *critical,
- unsigned int *ca, int *pathlen)
+gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq,
+ unsigned int *critical,
+ unsigned int *ca, int *pathlen)
{
- int result;
- unsigned int tmp_ca;
- uint8_t buf[256];
- size_t buf_size = sizeof (buf);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.19", 0,
- buf, &buf_size, critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- _gnutls_x509_ext_extract_basicConstraints (&tmp_ca,
- pathlen, buf, buf_size);
- if (ca)
- *ca = tmp_ca;
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return tmp_ca;
+ int result;
+ unsigned int tmp_ca;
+ uint8_t buf[256];
+ size_t buf_size = sizeof(buf);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.19", 0,
+ buf, &buf_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_ext_extract_basicConstraints(&tmp_ca,
+ pathlen, buf,
+ buf_size);
+ if (ca)
+ *ca = tmp_ca;
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return tmp_ca;
}
static int
-get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size, unsigned int *ret_type,
- unsigned int *critical, int othername_oid)
+get_subject_alt_name(gnutls_x509_crq_t crq,
+ unsigned int seq, void *ret,
+ size_t * ret_size, unsigned int *ret_type,
+ unsigned int *critical, int othername_oid)
{
- int result;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- gnutls_x509_subject_alt_name_t type;
- gnutls_datum_t dnsname = { NULL, 0 };
- size_t dns_size = 0;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- /* Extract extension.
- */
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- NULL, &dns_size, critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- dnsname.size = dns_size;
- dnsname.data = gnutls_malloc (dnsname.size);
- if (dnsname.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- dnsname.data, &dns_size,
- critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (dnsname.data);
- return result;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectAltName", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (dnsname.data);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, dnsname.data, dnsname.size, NULL);
- gnutls_free (dnsname.data);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_parse_general_name (c2, "", seq, ret, ret_size,
- ret_type, othername_oid);
- asn1_delete_structure (&c2);
- if (result < 0)
- {
- return result;
- }
-
- type = result;
-
- return type;
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_x509_subject_alt_name_t type;
+ gnutls_datum_t dnsname = { NULL, 0 };
+ size_t dns_size = 0;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ /* Extract extension.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", 0,
+ NULL, &dns_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ dnsname.size = dns_size;
+ dnsname.data = gnutls_malloc(dnsname.size);
+ if (dnsname.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", 0,
+ dnsname.data,
+ &dns_size, critical);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(dnsname.data);
+ return result;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectAltName", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(dnsname.data);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL);
+ gnutls_free(dnsname.data);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_parse_general_name(c2, "", seq, ret, ret_size,
+ ret_type, othername_oid);
+ asn1_delete_structure(&c2);
+ if (result < 0) {
+ return result;
+ }
+
+ type = result;
+
+ return type;
}
/**
@@ -1842,14 +1776,14 @@ get_subject_alt_name (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical)
+gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical)
{
- return get_subject_alt_name (crq, seq, ret, ret_size, ret_type, critical,
- 0);
+ return get_subject_alt_name(crq, seq, ret, ret_size, ret_type,
+ critical, 0);
}
/**
@@ -1881,11 +1815,12 @@ gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
- unsigned int seq,
- void *ret, size_t * ret_size)
+gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t crq,
+ unsigned int seq,
+ void *ret, size_t * ret_size)
{
- return get_subject_alt_name (crq, seq, ret, ret_size, NULL, NULL, 1);
+ return get_subject_alt_name(crq, seq, ret, ret_size, NULL, NULL,
+ 1);
}
/**
@@ -1910,40 +1845,41 @@ gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * buf_size,
- unsigned int *critical)
+gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf, size_t * buf_size,
+ unsigned int *critical)
{
- int result;
- unsigned int i;
- char _oid[MAX_OID_SIZE];
- size_t oid_size;
-
- for (i = 0;; i++)
- {
- oid_size = sizeof (_oid);
- result =
- gnutls_x509_crq_get_extension_info (crq, i, _oid, &oid_size,
- critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (strcmp (oid, _oid) == 0)
- { /* found */
- if (indx == 0)
- return gnutls_x509_crq_get_extension_data (crq, i, buf,
- buf_size);
- else
- indx--;
- }
- }
-
-
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ int result;
+ unsigned int i;
+ char _oid[MAX_OID_SIZE];
+ size_t oid_size;
+
+ for (i = 0;; i++) {
+ oid_size = sizeof(_oid);
+ result =
+ gnutls_x509_crq_get_extension_info(crq, i, _oid,
+ &oid_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (strcmp(oid, _oid) == 0) { /* found */
+ if (indx == 0)
+ return
+ gnutls_x509_crq_get_extension_data(crq,
+ i,
+ buf,
+ buf_size);
+ else
+ indx--;
+ }
+ }
+
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
@@ -1975,91 +1911,93 @@ gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
- gnutls_x509_subject_alt_name_t nt,
- const void *data,
- unsigned int data_size,
- unsigned int flags)
+gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq,
+ gnutls_x509_subject_alt_name_t nt,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags)
{
- int result = 0;
- gnutls_datum_t der_data = { NULL, 0 };
- gnutls_datum_t prev_der_data = { NULL, 0 };
- unsigned int critical = 0;
- size_t prev_data_size = 0;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- if (flags == GNUTLS_FSAN_APPEND)
- {
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- NULL, &prev_data_size,
- &critical);
- prev_der_data.size = prev_data_size;
-
- switch (result)
- {
- case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
- /* Replacing non-existing data means the same as set data. */
- break;
-
- case GNUTLS_E_SUCCESS:
- prev_der_data.data = gnutls_malloc (prev_der_data.size);
- if (prev_der_data.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- prev_der_data.data,
- &prev_data_size,
- &critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (prev_der_data.data);
- return result;
- }
- break;
-
- default:
- gnutls_assert ();
- return result;
- }
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_subject_alt_name (nt, data, data_size,
- &prev_der_data, &der_data);
- gnutls_free (prev_der_data.data);
- if (result < 0)
- {
- gnutls_assert ();
- goto finish;
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.17", &der_data,
- critical);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
-
-finish:
- return result;
+ int result = 0;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t prev_der_data = { NULL, 0 };
+ unsigned int critical = 0;
+ size_t prev_data_size = 0;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ if (flags == GNUTLS_FSAN_APPEND) {
+ result =
+ gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17",
+ 0, NULL,
+ &prev_data_size,
+ &critical);
+ prev_der_data.size = prev_data_size;
+
+ switch (result) {
+ case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
+ /* Replacing non-existing data means the same as set data. */
+ break;
+
+ case GNUTLS_E_SUCCESS:
+ prev_der_data.data =
+ gnutls_malloc(prev_der_data.size);
+ if (prev_der_data.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ gnutls_x509_crq_get_extension_by_oid(crq,
+ "2.5.29.17",
+ 0,
+ prev_der_data.
+ data,
+ &prev_data_size,
+ &critical);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(prev_der_data.data);
+ return result;
+ }
+ break;
+
+ default:
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_subject_alt_name(nt, data, data_size,
+ &prev_der_data,
+ &der_data);
+ gnutls_free(prev_der_data.data);
+ if (result < 0) {
+ gnutls_assert();
+ goto finish;
+ }
+
+ result =
+ _gnutls_x509_crq_set_extension(crq, "2.5.29.17", &der_data,
+ critical);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
+
+ finish:
+ return result;
}
/**
@@ -2078,39 +2016,39 @@ finish:
* Since: 2.8.0
**/
int
-gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int ca, int pathLenConstraint)
+gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq,
+ unsigned int ca,
+ int pathLenConstraint)
{
- int result;
- gnutls_datum_t der_data;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint,
- &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.19", &der_data, 1);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_basicConstraints(ca, pathLenConstraint,
+ &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crq_set_extension(crq, "2.5.29.19", &der_data, 1);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -2126,37 +2064,36 @@ gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, unsigned int usage)
+gnutls_x509_crq_set_key_usage(gnutls_x509_crq_t crq, unsigned int usage)
{
- int result;
- gnutls_datum_t der_data;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_keyUsage ((uint16_t) usage, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.15", &der_data, 1);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_keyUsage((uint16_t) usage, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crq_set_extension(crq, "2.5.29.15", &der_data, 1);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -2179,92 +2116,89 @@ gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, unsigned int usage)
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq,
- int indx, void *oid, size_t * sizeof_oid,
- unsigned int *critical)
+gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical)
{
- char tmpstr[ASN1_MAX_NAME_SIZE];
- int result, len;
- gnutls_datum_t prev = { NULL, 0 };
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- size_t prev_size = 0;
-
- if (oid)
- memset (oid, 0, *sizeof_oid);
- else
- *sizeof_oid = 0;
-
- /* Extract extension.
- */
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- NULL, &prev_size, critical);
- prev.size = prev_size;
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- prev.data = gnutls_malloc (prev.size);
- if (prev.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- prev.data, &prev_size,
- critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return result;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, prev.data, prev.size, NULL);
- gnutls_free (prev.data);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- indx++;
- /* create a string like "?1"
- */
- snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
-
- len = *sizeof_oid;
- result = asn1_read_value (c2, tmpstr, oid, &len);
-
- *sizeof_oid = len;
- asn1_delete_structure (&c2);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ char tmpstr[ASN1_MAX_NAME_SIZE];
+ int result, len;
+ gnutls_datum_t prev = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ size_t prev_size = 0;
+
+ if (oid)
+ memset(oid, 0, *sizeof_oid);
+ else
+ *sizeof_oid = 0;
+
+ /* Extract extension.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0,
+ NULL, &prev_size,
+ critical);
+ prev.size = prev_size;
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ prev.data = gnutls_malloc(prev.size);
+ if (prev.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0,
+ prev.data,
+ &prev_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(prev.data);
+ return result;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(prev.data);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, prev.data, prev.size, NULL);
+ gnutls_free(prev.data);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ indx++;
+ /* create a string like "?1"
+ */
+ snprintf(tmpstr, sizeof(tmpstr), "?%u", indx);
+
+ len = *sizeof_oid;
+ result = asn1_read_value(c2, tmpstr, oid, &len);
+
+ *sizeof_oid = len;
+ asn1_delete_structure(&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -2285,114 +2219,108 @@ gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
- const void *oid, unsigned int critical)
+gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq,
+ const void *oid, unsigned int critical)
{
- int result;
- gnutls_datum_t prev = { NULL, 0 }, der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- size_t prev_size = 0;
-
- /* Read existing extension, if there is one.
- */
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- NULL, &prev_size, &critical);
- prev.size = prev_size;
-
- switch (result)
- {
- case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
- /* No existing extension, that's fine. */
- break;
-
- case GNUTLS_E_SUCCESS:
- prev.data = gnutls_malloc (prev.size);
- if (prev.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- prev.data, &prev_size,
- &critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return result;
- }
- break;
-
- default:
- gnutls_assert ();
- return result;
- }
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return _gnutls_asn2err (result);
- }
-
- if (prev.data)
- {
- /* decode it.
- */
- result = asn1_der_decoding (&c2, prev.data, prev.size, NULL);
- gnutls_free (prev.data);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
- }
-
- /* generate the extension.
- */
- /* 1. create a new element.
- */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* 2. Add the OID.
- */
- result = asn1_write_value (c2, "?LAST", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- asn1_delete_structure (&c2);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.37",
- &der_data, critical);
- _gnutls_free_datum (&der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t prev = { NULL, 0 }, der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ size_t prev_size = 0;
+
+ /* Read existing extension, if there is one.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0,
+ NULL, &prev_size,
+ &critical);
+ prev.size = prev_size;
+
+ switch (result) {
+ case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
+ /* No existing extension, that's fine. */
+ break;
+
+ case GNUTLS_E_SUCCESS:
+ prev.data = gnutls_malloc(prev.size);
+ if (prev.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37",
+ 0, prev.data,
+ &prev_size,
+ &critical);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(prev.data);
+ return result;
+ }
+ break;
+
+ default:
+ gnutls_assert();
+ return result;
+ }
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(prev.data);
+ return _gnutls_asn2err(result);
+ }
+
+ if (prev.data) {
+ /* decode it.
+ */
+ result =
+ asn1_der_decoding(&c2, prev.data, prev.size, NULL);
+ gnutls_free(prev.data);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value(c2, "?LAST", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ asn1_delete_structure(&c2);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_crq_set_extension(crq, "2.5.29.37",
+ &der_data, critical);
+ _gnutls_free_datum(&der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -2418,38 +2346,36 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int pk, ret = 0;
- gnutls_pk_params_st params;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- pk = gnutls_x509_crq_get_pk_algorithm (crq, NULL);
- if (pk < 0)
- {
- gnutls_assert ();
- return pk;
- }
-
- ret = _gnutls_x509_crq_get_mpis (crq, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_get_key_id(pk, &params, output_data, output_data_size);
-
- gnutls_pk_params_release(&params);
-
- return ret;
+ int pk, ret = 0;
+ gnutls_pk_params_st params;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pk = gnutls_x509_crq_get_pk_algorithm(crq, NULL);
+ if (pk < 0) {
+ gnutls_assert();
+ return pk;
+ }
+
+ ret = _gnutls_x509_crq_get_mpis(crq, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_get_key_id(pk, &params, output_data, output_data_size);
+
+ gnutls_pk_params_release(&params);
+
+ return ret;
}
/**
@@ -2475,76 +2401,73 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
* Since: 2.12.0
**/
int
-gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
- int result;
- gnutls_datum_t signature;
- gnutls_datum_t tbs;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Make sure version field is set. */
- if (gnutls_x509_crq_get_version (crq) == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- result = gnutls_x509_crq_set_version (crq, 1);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* Step 1. Self sign the request.
- */
- result = _gnutls_x509_get_tbs (crq->crq, "certificationRequestInfo", &tbs);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_sign_data (key, dig, 0, &tbs, &signature);
- gnutls_free (tbs.data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. write the signature (bits)
- */
- result =
- asn1_write_value (crq->crq, "signature", signature.data,
- signature.size * 8);
-
- _gnutls_free_datum (&signature);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Step 3. Write the signatureAlgorithm field.
- */
- result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm",
- gnutls_privkey_get_pk_algorithm
- (key, NULL), dig);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t signature;
+ gnutls_datum_t tbs;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Make sure version field is set. */
+ if (gnutls_x509_crq_get_version(crq) ==
+ GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ result = gnutls_x509_crq_set_version(crq, 1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 1. Self sign the request.
+ */
+ result =
+ _gnutls_x509_get_tbs(crq->crq, "certificationRequestInfo",
+ &tbs);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = gnutls_privkey_sign_data(key, dig, 0, &tbs, &signature);
+ gnutls_free(tbs.data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. write the signature (bits)
+ */
+ result =
+ asn1_write_value(crq->crq, "signature", signature.data,
+ signature.size * 8);
+
+ _gnutls_free_datum(&signature);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Step 3. Write the signatureAlgorithm field.
+ */
+ result =
+ _gnutls_x509_write_sig_params(crq->crq, "signatureAlgorithm",
+ gnutls_privkey_get_pk_algorithm
+ (key, NULL), dig);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
@@ -2561,67 +2484,65 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
*
* Since 2.12.0
**/
-int
-gnutls_x509_crq_verify (gnutls_x509_crq_t crq,
- unsigned int flags)
+int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags)
{
-gnutls_datum data = { NULL, 0 };
-gnutls_datum signature = { NULL, 0 };
-gnutls_pk_params_st params;
-gnutls_digest_algorithm_t algo;
-int ret;
-
- gnutls_pk_params_init(&params);
-
- ret =
- _gnutls_x509_get_signed_data (crq->crq, "certificationRequestInfo", &data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_get_signature_algorithm(crq->crq, "signatureAlgorithm.algorithm");
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- algo = gnutls_sign_get_hash_algorithm(ret);
-
- ret = _gnutls_x509_get_signature (crq->crq, "signature", &signature);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret =
- _gnutls_x509_crq_get_mpis(crq, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = pubkey_verify_data(gnutls_x509_crq_get_pk_algorithm (crq, NULL),
- mac_to_entry(algo),
- &data, &signature, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&data);
- _gnutls_free_datum (&signature);
- gnutls_pk_params_release(&params);
-
- return ret;
+ gnutls_datum data = { NULL, 0 };
+ gnutls_datum signature = { NULL, 0 };
+ gnutls_pk_params_st params;
+ gnutls_digest_algorithm_t algo;
+ int ret;
+
+ gnutls_pk_params_init(&params);
+
+ ret =
+ _gnutls_x509_get_signed_data(crq->crq,
+ "certificationRequestInfo",
+ &data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_get_signature_algorithm(crq->crq,
+ "signatureAlgorithm.algorithm");
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ algo = gnutls_sign_get_hash_algorithm(ret);
+
+ ret =
+ _gnutls_x509_get_signature(crq->crq, "signature", &signature);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crq_get_mpis(crq, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ pubkey_verify_data(gnutls_x509_crq_get_pk_algorithm(crq, NULL),
+ mac_to_entry(algo), &data, &signature,
+ &params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&data);
+ _gnutls_free_datum(&signature);
+ gnutls_pk_params_release(&params);
+
+ return ret;
}
/**
@@ -2636,60 +2557,52 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_crq_set_private_key_usage_period (gnutls_x509_crq_t crq,
- time_t activation,
- time_t expiration)
+gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t crq,
+ time_t activation,
+ time_t expiration)
{
- int result;
- gnutls_datum_t der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_set_time (c2,
- "notBefore",
- activation, 1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_set_time (c2,
- "notAfter",
- expiration, 1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.16",
- &der_data, 0);
-
- _gnutls_free_datum(&der_data);
-
-cleanup:
- asn1_delete_structure (&c2);
-
- return result;
+ int result;
+ gnutls_datum_t der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.PrivateKeyUsagePeriod", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_set_time(c2, "notBefore", activation, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_set_time(c2, "notAfter", expiration, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_crq_set_extension(crq, "2.5.29.16",
+ &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ cleanup:
+ asn1_delete_structure(&c2);
+
+ return result;
}
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 811ef155e0..f16b440a8e 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -34,107 +34,114 @@
*/
int
-_gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, gnutls_datum_t * dn)
+_gnutls_x509_get_dn(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, gnutls_datum_t * dn)
{
- gnutls_buffer_st out_str;
- int k2, k1, result;
- char tmpbuffer1[ASN1_MAX_NAME_SIZE];
- char tmpbuffer2[ASN1_MAX_NAME_SIZE];
- char tmpbuffer3[ASN1_MAX_NAME_SIZE];
- uint8_t value[MAX_STRING_LEN];
- gnutls_datum_t td = {NULL, 0}, tvd = {NULL, 0};
- const char *ldap_desc;
- char oid[MAX_OID_SIZE];
- int len;
-
- _gnutls_buffer_init (&out_str);
-
- k1 = 0;
- do
- {
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- k2 = 0;
-
- do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the Value
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
-
- len = 0;
-
- result = _gnutls_x509_read_value(asn1_struct, tmpbuffer3, &tvd);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ gnutls_buffer_st out_str;
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ uint8_t value[MAX_STRING_LEN];
+ gnutls_datum_t td = { NULL, 0 }, tvd = {
+ NULL, 0};
+ const char *ldap_desc;
+ char oid[MAX_OID_SIZE];
+ int len;
+
+ _gnutls_buffer_init(&out_str);
+
+ k1 = 0;
+ do {
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u",
+ asn1_rdn_name, k1);
+ else
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u",
+ k1);
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "%s.?%u", tmpbuffer1, k2);
+ else
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer2, value,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
+ ".type");
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, oid,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
+ ".value");
+
+ len = 0;
+
+ result =
+ _gnutls_x509_read_value(asn1_struct,
+ tmpbuffer3, &tvd);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
#define STR_APPEND(y) if ((result=_gnutls_buffer_append_str( &out_str, y)) < 0) { \
gnutls_assert(); \
goto cleanup; \
@@ -143,63 +150,65 @@ _gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
gnutls_assert(); \
goto cleanup; \
}
- /* The encodings of adjoining RelativeDistinguishedNames are separated
- * by a comma character (',' ASCII 44).
- */
-
- /* Where there is a multi-valued RDN, the outputs from adjoining
- * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
- * character.
- */
- if (k1 != 1)
- { /* the first time do not append a comma */
- if (k2 != 1)
- { /* adjoining multi-value RDN */
- STR_APPEND ("+");
- }
- else
- {
- STR_APPEND (",");
- }
- }
-
- ldap_desc = gnutls_x509_dn_oid_name (oid, GNUTLS_X509_DN_OID_RETURN_OID);
-
- STR_APPEND (ldap_desc);
- STR_APPEND ("=");
-
- result =
- _gnutls_x509_dn_to_string (oid, tvd.data, tvd.size, &td);
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Cannot parse OID: '%s' with value '%s'\n",
- oid, _gnutls_bin2hex (tvd.data, tvd.size, tmpbuffer3, sizeof(tmpbuffer3),
- NULL));
- goto cleanup;
- }
-
- DATA_APPEND (td.data, td.size);
- _gnutls_free_datum (&td);
- _gnutls_free_datum (&tvd);
- }
- while (1);
- }
- while (1);
-
- result = _gnutls_buffer_to_datum (&out_str, dn);
- if (result < 0)
- gnutls_assert();
-
- goto cleanup1;
-
-cleanup:
- _gnutls_buffer_clear (&out_str);
-cleanup1:
- _gnutls_free_datum (&td);
- _gnutls_free_datum (&tvd);
- return result;
+ /* The encodings of adjoining RelativeDistinguishedNames are separated
+ * by a comma character (',' ASCII 44).
+ */
+
+ /* Where there is a multi-valued RDN, the outputs from adjoining
+ * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
+ * character.
+ */
+ if (k1 != 1) { /* the first time do not append a comma */
+ if (k2 != 1) { /* adjoining multi-value RDN */
+ STR_APPEND("+");
+ } else {
+ STR_APPEND(",");
+ }
+ }
+
+ ldap_desc =
+ gnutls_x509_dn_oid_name(oid,
+ GNUTLS_X509_DN_OID_RETURN_OID);
+
+ STR_APPEND(ldap_desc);
+ STR_APPEND("=");
+
+ result =
+ _gnutls_x509_dn_to_string(oid, tvd.data,
+ tvd.size, &td);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot parse OID: '%s' with value '%s'\n",
+ oid, _gnutls_bin2hex(tvd.data,
+ tvd.size,
+ tmpbuffer3,
+ sizeof
+ (tmpbuffer3),
+ NULL));
+ goto cleanup;
+ }
+
+ DATA_APPEND(td.data, td.size);
+ _gnutls_free_datum(&td);
+ _gnutls_free_datum(&tvd);
+ }
+ while (1);
+ }
+ while (1);
+
+ result = _gnutls_buffer_to_datum(&out_str, dn);
+ if (result < 0)
+ gnutls_assert();
+
+ goto cleanup1;
+
+ cleanup:
+ _gnutls_buffer_clear(&out_str);
+ cleanup1:
+ _gnutls_free_datum(&td);
+ _gnutls_free_datum(&tvd);
+ return result;
}
@@ -211,50 +220,45 @@ cleanup1:
* That is to point in the rndSequence.
*/
int
-_gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, char *buf,
- size_t * buf_size)
+_gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, char *buf,
+ size_t * buf_size)
{
-int ret;
-gnutls_datum_t dn;
-
- if (buf_size == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (*buf_size > 0 && buf)
- buf[0] = 0;
- else
- *buf_size = 0;
-
- ret = _gnutls_x509_get_dn (asn1_struct, asn1_rdn_name,
- &dn);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (dn.size >= (unsigned int) *buf_size)
- {
- gnutls_assert ();
- *buf_size = dn.size + 1;
- ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
-
- if (buf)
- {
- memcpy(buf, dn.data, dn.size);
- buf[dn.size] = 0;
- *buf_size = dn.size;
- }
- else
- *buf_size = dn.size + 1;
-
- ret = 0;
-cleanup:
- _gnutls_free_datum (&dn);
- return ret;
+ int ret;
+ gnutls_datum_t dn;
+
+ if (buf_size == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*buf_size > 0 && buf)
+ buf[0] = 0;
+ else
+ *buf_size = 0;
+
+ ret = _gnutls_x509_get_dn(asn1_struct, asn1_rdn_name, &dn);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (dn.size >= (unsigned int) *buf_size) {
+ gnutls_assert();
+ *buf_size = dn.size + 1;
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (buf) {
+ memcpy(buf, dn.data, dn.size);
+ buf[dn.size] = 0;
+ *buf_size = dn.size;
+ } else
+ *buf_size = dn.size + 1;
+
+ ret = 0;
+ cleanup:
+ _gnutls_free_datum(&dn);
+ return ret;
}
/* Parses an X509 DN in the asn1_struct, and searches for the
@@ -270,148 +274,155 @@ cleanup:
* OID found, 1 the second etc.
*/
int
-_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- const char *given_oid, int indx,
- unsigned int raw_flag,
- gnutls_datum_t* out)
+_gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ const char *given_oid, int indx,
+ unsigned int raw_flag, gnutls_datum_t * out)
{
- int k2, k1, result;
- char tmpbuffer1[ASN1_MAX_NAME_SIZE];
- char tmpbuffer2[ASN1_MAX_NAME_SIZE];
- char tmpbuffer3[ASN1_MAX_NAME_SIZE];
- gnutls_datum_t td;
- uint8_t value[256];
- char oid[MAX_OID_SIZE];
- int len;
- int i = 0;
-
- k1 = 0;
- do
- {
-
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- k2 = 0;
-
- do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (strcmp (oid, given_oid) == 0 && indx == i++)
- { /* Found the OID */
-
- /* Read the Value
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
-
- result = _gnutls_x509_read_value(asn1_struct, tmpbuffer3, &td);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (raw_flag != 0)
- {
- out->data = td.data;
- out->size = td.size;
- return 0;
-
- }
- else
- { /* parse data. raw_flag == 0 */
- result =
- _gnutls_x509_dn_to_string (oid, td.data, td.size, out);
-
- _gnutls_free_datum(&td);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
- } /* raw_flag == 0 */
- }
- }
- while (1);
-
- }
- while (1);
-
- gnutls_assert ();
-
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
-cleanup:
- return result;
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ gnutls_datum_t td;
+ uint8_t value[256];
+ char oid[MAX_OID_SIZE];
+ int len;
+ int i = 0;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u",
+ asn1_rdn_name, k1);
+ else
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u",
+ k1);
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "%s.?%u", tmpbuffer1, k2);
+ else
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer2, value,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
+ ".type");
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, oid,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (strcmp(oid, given_oid) == 0 && indx == i++) { /* Found the OID */
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy(tmpbuffer3,
+ sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3,
+ sizeof(tmpbuffer3),
+ ".value");
+
+ result =
+ _gnutls_x509_read_value(asn1_struct,
+ tmpbuffer3,
+ &td);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (raw_flag != 0) {
+ out->data = td.data;
+ out->size = td.size;
+ return 0;
+
+ } else { /* parse data. raw_flag == 0 */
+ result =
+ _gnutls_x509_dn_to_string(oid,
+ td.
+ data,
+ td.
+ size,
+ out);
+
+ _gnutls_free_datum(&td);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ } /* raw_flag == 0 */
+ }
+ }
+ while (1);
+
+ }
+ while (1);
+
+ gnutls_assert();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
@@ -425,124 +436,125 @@ cleanup:
* OID found, 1 the second etc.
*/
int
-_gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid)
+_gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid)
{
- int k2, k1, result;
- char tmpbuffer1[ASN1_MAX_NAME_SIZE];
- char tmpbuffer2[ASN1_MAX_NAME_SIZE];
- char tmpbuffer3[ASN1_MAX_NAME_SIZE];
- char value[256];
- char oid[MAX_OID_SIZE];
- int len;
- int i = 0;
-
- k1 = 0;
- do
- {
-
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- k2 = 0;
-
- do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (indx == i++)
- { /* Found the OID */
-
- len = strlen (oid) + 1;
-
- if (*sizeof_oid < (unsigned) len)
- {
- *sizeof_oid = len;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (_oid, oid, len);
- *sizeof_oid = len - 1;
-
- return 0;
- }
- }
- while (1);
-
- }
- while (1);
-
- gnutls_assert ();
-
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
-cleanup:
- return result;
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ char value[256];
+ char oid[MAX_OID_SIZE];
+ int len;
+ int i = 0;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u",
+ asn1_rdn_name, k1);
+ else
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u",
+ k1);
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "%s.?%u", tmpbuffer1, k2);
+ else
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer2, value,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
+ ".type");
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, oid,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (indx == i++) { /* Found the OID */
+
+ len = strlen(oid) + 1;
+
+ if (*sizeof_oid < (unsigned) len) {
+ *sizeof_oid = len;
+ gnutls_assert();
+ return
+ GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy(_oid, oid, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+ }
+ while (1);
+
+ }
+ while (1);
+
+ gnutls_assert();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
@@ -550,39 +562,37 @@ cleanup:
* In all cases only one value is written.
*/
static int
-_gnutls_x509_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct, const char *where,
- const void *_data, int sizeof_data)
+_gnutls_x509_write_attribute(const char *given_oid,
+ ASN1_TYPE asn1_struct, const char *where,
+ const void *_data, int sizeof_data)
{
- char tmp[128];
- int result;
-
- /* write the data (value)
- */
-
- _gnutls_str_cpy (tmp, sizeof (tmp), where);
- _gnutls_str_cat (tmp, sizeof (tmp), ".value");
-
- result = asn1_write_value (asn1_struct, tmp, _data, sizeof_data);
- if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* write the type
- */
- _gnutls_str_cpy (tmp, sizeof (tmp), where);
- _gnutls_str_cat (tmp, sizeof (tmp), ".type");
-
- result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ char tmp[128];
+ int result;
+
+ /* write the data (value)
+ */
+
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".value");
+
+ result = asn1_write_value(asn1_struct, tmp, _data, sizeof_data);
+ if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* write the type
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".type");
+
+ result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
@@ -595,49 +605,51 @@ _gnutls_x509_write_attribute (const char *given_oid,
* The output is allocated and stored in value.
*/
int
-_gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
- const char *where, char *oid,
- int oid_size, gnutls_datum_t * value,
- int multi, int octet_string)
+_gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct,
+ const char *where, char *oid,
+ int oid_size,
+ gnutls_datum_t * value, int multi,
+ int octet_string)
{
- char tmpbuffer[128];
- int len, result;
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
- _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type");
-
- len = oid_size - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer, oid, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- return result;
- }
-
- /* Read the Value
- */
-
- _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
- _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
-
- if (multi)
- _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
-
- if (octet_string)
- result = _gnutls_x509_read_string (asn1_struct, tmpbuffer, value, ASN1_ETYPE_OCTET_STRING);
- else
- result = _gnutls_x509_read_value (asn1_struct, tmpbuffer, value);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ char tmpbuffer[128];
+ int len, result;
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".type");
+
+ len = oid_size - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer, oid, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ return result;
+ }
+
+ /* Read the Value
+ */
+
+ _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value");
+
+ if (multi)
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1"); /* .values.?1 */
+
+ if (octet_string)
+ result =
+ _gnutls_x509_read_string(asn1_struct, tmpbuffer, value,
+ ASN1_ETYPE_OCTET_STRING);
+ else
+ result =
+ _gnutls_x509_read_value(asn1_struct, tmpbuffer, value);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
@@ -649,79 +661,75 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
*
*/
int
-_gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_name, const char *given_oid,
- int raw_flag, const char *name, int sizeof_name)
+_gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_name, const char *given_oid,
+ int raw_flag, const char *name, int sizeof_name)
{
- int result;
- char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE];
-
- if (sizeof_name == 0 || name == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* create the rdnSequence
- */
- result = asn1_write_value (asn1_struct, asn1_name, "rdnSequence", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name);
- _gnutls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence");
-
- /* create a new element
- */
- result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name);
- _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
-
- /* create the set with only one element
- */
- result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- /* Encode and write the data
- */
- _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name);
- _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST.?LAST");
-
- if (!raw_flag)
- {
- result =
- _gnutls_x509_encode_and_write_attribute (given_oid,
- asn1_struct,
- tmp, name, sizeof_name, 0);
- }
- else
- {
- result =
- _gnutls_x509_write_attribute (given_oid, asn1_struct,
- tmp, name, sizeof_name);
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE];
+
+ if (sizeof_name == 0 || name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* create the rdnSequence
+ */
+ result =
+ asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name);
+ _gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name),
+ ".rdnSequence");
+
+ /* create a new element
+ */
+ result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
+
+ /* create the set with only one element
+ */
+ result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ /* Encode and write the data
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST");
+
+ if (!raw_flag) {
+ result =
+ _gnutls_x509_encode_and_write_attribute(given_oid,
+ asn1_struct,
+ tmp, name,
+ sizeof_name,
+ 0);
+ } else {
+ result =
+ _gnutls_x509_write_attribute(given_oid, asn1_struct,
+ tmp, name, sizeof_name);
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -738,23 +746,21 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
*
* Since: 2.4.0
**/
-int
-gnutls_x509_dn_init (gnutls_x509_dn_t * dn)
+int gnutls_x509_dn_init(gnutls_x509_dn_t * dn)
{
- int result;
- ASN1_TYPE tmpdn = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE tmpdn = ASN1_TYPE_EMPTY;
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- *dn = tmpdn;
+ *dn = tmpdn;
- return 0;
+ return 0;
}
/**
@@ -772,23 +778,21 @@ gnutls_x509_dn_init (gnutls_x509_dn_t * dn)
*
* Since: 2.4.0
**/
-int
-gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data)
+int gnutls_x509_dn_import(gnutls_x509_dn_t dn, const gnutls_datum_t * data)
{
- int result;
- char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- result = asn1_der_decoding ((ASN1_TYPE *) & dn,
- data->data, data->size, err);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- _gnutls_debug_log ("ASN.1 Decoding error: %s\n", err);
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ result = asn1_der_decoding((ASN1_TYPE *) & dn,
+ data->data, data->size, err);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ _gnutls_debug_log("ASN.1 Decoding error: %s\n", err);
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -800,10 +804,9 @@ gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data)
*
* Since: 2.4.0
**/
-void
-gnutls_x509_dn_deinit (gnutls_x509_dn_t dn)
+void gnutls_x509_dn_deinit(gnutls_x509_dn_t dn)
{
- asn1_delete_structure ((ASN1_TYPE *) & dn);
+ asn1_delete_structure((ASN1_TYPE *) & dn);
}
/**
@@ -822,43 +825,40 @@ gnutls_x509_dn_deinit (gnutls_x509_dn_t dn)
* negative error value.
**/
int
-gnutls_x509_rdn_get (const gnutls_datum_t * idn,
- char *buf, size_t * buf_size)
+gnutls_x509_rdn_get(const gnutls_datum_t * idn,
+ char *buf, size_t * buf_size)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- if (buf_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (buf_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (buf)
- buf[0] = 0;
+ if (buf)
+ buf[0] = 0;
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
- result = _gnutls_x509_parse_dn (dn, "rdnSequence", buf, buf_size);
+ result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, buf_size);
- asn1_delete_structure (&dn);
- return result;
+ asn1_delete_structure(&dn);
+ return result;
}
@@ -882,45 +882,42 @@ gnutls_x509_rdn_get (const gnutls_datum_t * idn,
* negative error value.
**/
int
-gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * buf_size)
+gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * buf_size)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- gnutls_datum_t td;
-
- if (buf_size == 0)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
-
- result =
- _gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx,
- raw_flag, &td);
-
- asn1_delete_structure (&dn);
- if (result < 0)
- return gnutls_assert_val(result);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+ gnutls_datum_t td;
+
+ if (buf_size == 0) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx,
+ raw_flag, &td);
+
+ asn1_delete_structure(&dn);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -941,38 +938,37 @@ gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid,
* Since: 2.4.0
**/
int
-gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
- int indx, void *buf, size_t * buf_size)
+gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn,
+ int indx, void *buf, size_t * buf_size)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
-
- if (buf_size == 0)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_get_dn_oid (dn, "rdnSequence", indx, buf, buf_size);
-
- asn1_delete_structure (&dn);
- return result;
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+
+ if (buf_size == 0) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx, buf,
+ buf_size);
+
+ asn1_delete_structure(&dn);
+ return result;
}
/*
@@ -982,21 +978,19 @@ gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
* a negative error code is returned to indicate error.
*/
int
-_gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
- const gnutls_datum_t * dn2)
+_gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
+ const gnutls_datum_t * dn2)
{
- if (dn1->size != dn2->size)
- {
- gnutls_assert ();
- return 0;
- }
- if (memcmp (dn1->data, dn2->data, dn2->size) != 0)
- {
- gnutls_assert ();
- return 0;
- }
- return 1; /* they match */
+ if (dn1->size != dn2->size) {
+ gnutls_assert();
+ return 0;
+ }
+ if (memcmp(dn1->data, dn2->data, dn2->size) != 0) {
+ gnutls_assert();
+ return 0;
+ }
+ return 1; /* they match */
}
/**
@@ -1020,21 +1014,21 @@ _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
* negative error value.
**/
int
-gnutls_x509_dn_export (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_dn_export(gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- ASN1_TYPE asn1 = dn;
+ ASN1_TYPE asn1 = dn;
- if (asn1 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (asn1 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int_named (asn1, "rdnSequence",
- format, "NAME",
- output_data, output_data_size);
+ return _gnutls_x509_export_int_named(asn1, "rdnSequence",
+ format, "NAME",
+ output_data,
+ output_data_size);
}
/**
@@ -1056,17 +1050,16 @@ gnutls_x509_dn_export (gnutls_x509_dn_t dn,
* Since: 3.1.3
**/
int
-gnutls_x509_dn_export2 (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_x509_dn_export2(gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- ASN1_TYPE asn1 = dn;
+ ASN1_TYPE asn1 = dn;
- if (asn1 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (asn1 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int_named2 (asn1, "rdnSequence",
- format, "NAME", out);
+ return _gnutls_x509_export_int_named2(asn1, "rdnSequence",
+ format, "NAME", out);
}
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 80ed7f2669..4777931802 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -32,127 +32,122 @@
#include <gnutls_datum.h>
int
-get_extension (ASN1_TYPE asn, const char *root,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+get_extension(ASN1_TYPE asn, const char *root,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
{
- int k, result, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char str[1024];
- char str_critical[10];
- int critical = 0;
- char extnID[128];
- gnutls_datum_t value;
- int indx_counter = 0;
-
- ret->data = NULL;
- ret->size = 0;
-
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "%s.?%u", root, k);
-
- len = sizeof (str) - 1;
- result = asn1_read_value (asn, name, str, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
- {
- /* extension was found
- */
-
- /* read the critical status.
- */
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".critical");
-
- len = sizeof (str_critical);
- result = asn1_read_value (asn, name2, str_critical, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (str_critical[0] == 'T')
- critical = 1;
- else
- critical = 0;
-
- /* read the value.
- */
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
-
- result = _gnutls_x509_read_value (asn, name2, &value);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- ret->data = value.data;
- ret->size = value.size;
-
- if (_critical)
- *_critical = critical;
-
- return 0;
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ int k, result, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char str[1024];
+ char str_critical[10];
+ int critical = 0;
+ char extnID[128];
+ gnutls_datum_t value;
+ int indx_counter = 0;
+
+ ret->data = NULL;
+ ret->size = 0;
+
+ k = 0;
+ do {
+ k++;
+
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+
+ len = sizeof(str) - 1;
+ result = asn1_read_value(asn, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, extension_id) == 0
+ && indx == indx_counter++) {
+ /* extension was found
+ */
+
+ /* read the critical status.
+ */
+ _gnutls_str_cpy(name2, sizeof(name2),
+ name);
+ _gnutls_str_cat(name2, sizeof(name2),
+ ".critical");
+
+ len = sizeof(str_critical);
+ result =
+ asn1_read_value(asn, name2,
+ str_critical, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (str_critical[0] == 'T')
+ critical = 1;
+ else
+ critical = 0;
+
+ /* read the value.
+ */
+ _gnutls_str_cpy(name2, sizeof(name2),
+ name);
+ _gnutls_str_cat(name2, sizeof(name2),
+ ".extnValue");
+
+ result =
+ _gnutls_x509_read_value(asn, name2,
+ &value);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ ret->data = value.data;
+ ret->size = value.size;
+
+ if (_critical)
+ *_critical = critical;
+
+ return 0;
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
}
/* This function will attempt to return the requested extension found in
@@ -165,21 +160,23 @@ get_extension (ASN1_TYPE asn, const char *root,
* be returned.
*/
int
-_gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+_gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical)
{
- return get_extension (cert->cert, "tbsCertificate.extensions", extension_id,
- indx, ret, _critical);
+ return get_extension(cert->cert, "tbsCertificate.extensions",
+ extension_id, indx, ret, _critical);
}
int
-_gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+_gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical)
{
- return get_extension (crl->crl, "tbsCertList.crlExtensions", extension_id,
- indx, ret, _critical);
+ return get_extension(crl->crl, "tbsCertList.crlExtensions",
+ extension_id, indx, ret, _critical);
}
@@ -190,87 +187,77 @@ _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
* be returned.
*/
static int
-get_extension_oid (ASN1_TYPE asn, const char *root,
- int indx, void *oid, size_t * sizeof_oid)
+get_extension_oid(ASN1_TYPE asn, const char *root,
+ int indx, void *oid, size_t * sizeof_oid)
{
- int k, result, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char str[1024];
- char extnID[128];
- int indx_counter = 0;
-
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "%s.?%u", root, k);
-
- len = sizeof (str) - 1;
- result = asn1_read_value (asn, name, str, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (indx == indx_counter++)
- {
- len = strlen (extnID) + 1;
-
- if (*sizeof_oid < (unsigned) len)
- {
- *sizeof_oid = len;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (oid, extnID, len);
- *sizeof_oid = len - 1;
-
- return 0;
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ int k, result, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char str[1024];
+ char extnID[128];
+ int indx_counter = 0;
+
+ k = 0;
+ do {
+ k++;
+
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+
+ len = sizeof(str) - 1;
+ result = asn1_read_value(asn, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (indx == indx_counter++) {
+ len = strlen(extnID) + 1;
+
+ if (*sizeof_oid < (unsigned) len) {
+ *sizeof_oid = len;
+ gnutls_assert();
+ return
+ GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy(oid, extnID, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
}
/* This function will attempt to return the requested extension OID found in
@@ -280,19 +267,21 @@ get_extension_oid (ASN1_TYPE asn, const char *root,
* be returned.
*/
int
-_gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+_gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * sizeof_oid)
{
- return get_extension_oid (cert->cert, "tbsCertificate.extensions", indx,
- oid, sizeof_oid);
+ return get_extension_oid(cert->cert, "tbsCertificate.extensions",
+ indx, oid, sizeof_oid);
}
int
-_gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
- int indx, void *oid, size_t * sizeof_oid)
+_gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid)
{
- return get_extension_oid (crl->crl, "tbsCertList.crlExtensions", indx, oid,
- sizeof_oid);
+ return get_extension_oid(crl->crl, "tbsCertList.crlExtensions",
+ indx, oid, sizeof_oid);
}
/* This function will attempt to set the requested extension in
@@ -301,192 +290,179 @@ _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
* Critical will be either 0 or 1.
*/
static int
-add_extension (ASN1_TYPE asn, const char *root, const char *extension_id,
- const gnutls_datum_t * ext_data, unsigned int critical)
+add_extension(ASN1_TYPE asn, const char *root, const char *extension_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- int result;
- const char *str;
- char name[ASN1_MAX_NAME_SIZE];
-
- snprintf (name, sizeof (name), "%s", root);
-
- /* Add a new extension in the list.
- */
- result = asn1_write_value (asn, name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.extnID", root);
- else
- snprintf (name, sizeof (name), "?LAST.extnID");
-
- result = asn1_write_value (asn, name, extension_id, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (critical == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.critical", root);
- else
- snprintf (name, sizeof (name), "?LAST.critical");
-
- result = asn1_write_value (asn, name, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.extnValue", root);
- else
- snprintf (name, sizeof (name), "?LAST.extnValue");
-
- result = _gnutls_x509_write_value (asn, name, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ const char *str;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf(name, sizeof(name), "%s", root);
+
+ /* Add a new extension in the list.
+ */
+ result = asn1_write_value(asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.extnID", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.extnID");
+
+ result = asn1_write_value(asn, name, extension_id, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.critical", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.critical");
+
+ result = asn1_write_value(asn, name, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.extnValue", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.extnValue");
+
+ result = _gnutls_x509_write_value(asn, name, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* Overwrite the given extension (using the index)
* index here starts from one.
*/
static int
-overwrite_extension (ASN1_TYPE asn, const char *root, unsigned int indx,
- const gnutls_datum_t * ext_data, unsigned int critical)
+overwrite_extension(ASN1_TYPE asn, const char *root, unsigned int indx,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- const char *str;
- int result;
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?%u", root, indx);
- else
- snprintf (name, sizeof (name), "?%u", indx);
-
- if (critical == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".critical");
-
- result = asn1_write_value (asn, name2, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
-
- result = _gnutls_x509_write_value (asn, name2, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ const char *str;
+ int result;
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?%u", root, indx);
+ else
+ snprintf(name, sizeof(name), "?%u", indx);
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".critical");
+
+ result = asn1_write_value(asn, name2, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnValue");
+
+ result = _gnutls_x509_write_value(asn, name2, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
int
-set_extension (ASN1_TYPE asn, const char *root,
- const char *ext_id,
- const gnutls_datum_t * ext_data, unsigned int critical)
+set_extension(ASN1_TYPE asn, const char *root,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- int result;
- int k, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char extnID[128];
-
- /* Find the index of the given extension.
- */
- k = 0;
- do
- {
- k++;
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?%u", root, k);
- else
- snprintf (name, sizeof (name), "?%u", k);
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name, extnID, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, ext_id) == 0)
- {
- /* extension was found
- */
- return overwrite_extension (asn, root, k, ext_data, critical);
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return add_extension (asn, root, ext_id, ext_data, critical);
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- return 0;
+ int result;
+ int k, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char extnID[128];
+
+ /* Find the index of the given extension.
+ */
+ k = 0;
+ do {
+ k++;
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+ else
+ snprintf(name, sizeof(name), "?%u", k);
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name, extnID, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, ext_id) == 0) {
+ /* extension was found
+ */
+ return overwrite_extension(asn, root, k,
+ ext_data,
+ critical);
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return add_extension(asn, root, ext_id, ext_data,
+ critical);
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ return 0;
}
/* This function will attempt to overwrite the requested extension with
@@ -495,217 +471,211 @@ set_extension (ASN1_TYPE asn, const char *root,
* Critical will be either 0 or 1.
*/
int
-_gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- return set_extension (cert->cert, "tbsCertificate.extensions", ext_id,
- ext_data, critical);
+ return set_extension(cert->cert, "tbsCertificate.extensions",
+ ext_id, ext_data, critical);
}
int
-_gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- return set_extension (crl->crl, "tbsCertList.crlExtensions", ext_id,
- ext_data, critical);
+ return set_extension(crl->crl, "tbsCertList.crlExtensions", ext_id,
+ ext_data, critical);
}
int
-_gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- unsigned char *extensions = NULL;
- size_t extensions_size = 0;
- gnutls_datum_t der;
- ASN1_TYPE c2;
- int result;
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
- if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq,
- "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
- }
- if (result < 0)
- {
- if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- extensions_size = 0;
- }
- else
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return result;
- }
- }
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return _gnutls_asn2err (result);
- }
-
- if (extensions_size > 0)
- {
- result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
- gnutls_free (extensions);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
- }
-
- result = set_extension (c2, "", ext_id, ext_data, critical);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return result;
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der, 0);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_x509_crq_set_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- der.data, der.size);
- gnutls_free (der.data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
-
- return 0;
+ unsigned char *extensions = NULL;
+ size_t extensions_size = 0;
+ gnutls_datum_t der;
+ ASN1_TYPE c2;
+ int result;
+
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, NULL,
+ &extensions_size);
+ if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0,
+ extensions,
+ &extensions_size);
+ }
+ if (result < 0) {
+ if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ extensions_size = 0;
+ } else {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return result;
+ }
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions",
+ &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return _gnutls_asn2err(result);
+ }
+
+ if (extensions_size > 0) {
+ result =
+ asn1_der_decoding(&c2, extensions, extensions_size,
+ NULL);
+ gnutls_free(extensions);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = set_extension(c2, "", ext_id, ext_data, critical);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der, 0);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ gnutls_x509_crq_set_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ der.data, der.size);
+ gnutls_free(der.data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+
+ return 0;
}
/* Here we only extract the KeyUsage field, from the DER encoded
* extension.
*/
int
-_gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_keyUsage(uint16_t * keyUsage,
+ uint8_t * extnValue, int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int len, result;
- uint8_t str[2];
-
- str[0] = str[1] = 0;
- *keyUsage = 0;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- len = sizeof (str);
- result = asn1_read_value (ext, "", str, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return 0;
- }
-
- *keyUsage = str[0] | (str[1] << 8);
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int len, result;
+ uint8_t str[2];
+
+ str[0] = str[1] = 0;
+ *keyUsage = 0;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS)
+ {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ len = sizeof(str);
+ result = asn1_read_value(ext, "", str, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return 0;
+ }
+
+ *keyUsage = str[0] | (str[1] << 8);
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* extract the basicConstraints from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
- int *pathLenConstraint,
- uint8_t * extnValue,
- int extnValueLen)
+_gnutls_x509_ext_extract_basicConstraints(unsigned int *CA,
+ int *pathLenConstraint,
+ uint8_t * extnValue,
+ int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- char str[128];
- int len, result;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint)
- {
- result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
- (unsigned int*)pathLenConstraint);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
- else if (result != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- /* the default value of cA is false.
- */
- len = sizeof (str) - 1;
- result = asn1_read_value (ext, "cA", str, &len);
- if (result == ASN1_SUCCESS && strcmp (str, "TRUE") == 0)
- *CA = 1;
- else
- *CA = 0;
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ char str[128];
+ int len, result;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.BasicConstraints",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint) {
+ result = _gnutls_x509_read_uint(ext, "pathLenConstraint",
+ (unsigned int *)
+ pathLenConstraint);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ *pathLenConstraint = -1;
+ else if (result != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ /* the default value of cA is false.
+ */
+ len = sizeof(str) - 1;
+ result = asn1_read_value(ext, "cA", str, &len);
+ if (result == ASN1_SUCCESS && strcmp(str, "TRUE") == 0)
+ *CA = 1;
+ else
+ *CA = 0;
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* generate the basicConstraints in a DER encoded extension
@@ -714,391 +684,364 @@ _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
* should not be present, >= 0 to indicate set values.
*/
int
-_gnutls_x509_ext_gen_basicConstraints (int CA,
- int pathLenConstraint,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_basicConstraints(int CA,
+ int pathLenConstraint,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- const char *str;
- int result;
-
- if (CA == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "cA", str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint < 0)
- {
- result = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
- if (result < 0)
- result = _gnutls_asn2err (result);
- }
- else
- result = _gnutls_x509_write_uint32 (ext, "pathLenConstraint",
- pathLenConstraint);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ const char *str;
+ int result;
+
+ if (CA == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.BasicConstraints", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "cA", str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint < 0) {
+ result =
+ asn1_write_value(ext, "pathLenConstraint", NULL, 0);
+ if (result < 0)
+ result = _gnutls_asn2err(result);
+ } else
+ result =
+ _gnutls_x509_write_uint32(ext, "pathLenConstraint",
+ pathLenConstraint);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* extract an INTEGER from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_number (uint8_t * number,
- size_t * _nr_size,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_number(uint8_t * number,
+ size_t * _nr_size,
+ uint8_t * extnValue, int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- int nr_size = *_nr_size;
-
- /* here it doesn't matter so much that we use CertificateSerialNumber. It is equal
- * to using INTEGER.
- */
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
- &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- /* the default value of cA is false.
- */
- result = asn1_read_value (ext, "", number, &nr_size);
- if (result != ASN1_SUCCESS)
- result = _gnutls_asn2err (result);
- else
- result = 0;
-
- *_nr_size = nr_size;
-
- asn1_delete_structure (&ext);
-
- return result;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ int nr_size = *_nr_size;
+
+ /* here it doesn't matter so much that we use CertificateSerialNumber. It is equal
+ * to using INTEGER.
+ */
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.CertificateSerialNumber",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ /* the default value of cA is false.
+ */
+ result = asn1_read_value(ext, "", number, &nr_size);
+ if (result != ASN1_SUCCESS)
+ result = _gnutls_asn2err(result);
+ else
+ result = 0;
+
+ *_nr_size = nr_size;
+
+ asn1_delete_structure(&ext);
+
+ return result;
}
/* generate an INTEGER in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_number (const uint8_t * number, size_t nr_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
- &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "", number, nr_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CertificateSerialNumber", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "", number, nr_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the keyUsage in a DER encoded extension
* Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
*/
-int
-_gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext)
+int _gnutls_x509_ext_gen_keyUsage(uint16_t usage, gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- uint8_t str[2];
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- str[0] = usage & 0xff;
- str[1] = usage >> 8;
-
- result = asn1_write_value (ext, "", str, 9);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ uint8_t str[2];
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.KeyUsage",
+ &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ str[0] = usage & 0xff;
+ str[1] = usage >> 8;
+
+ result = asn1_write_value(ext, "", str, 9);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
static int
-write_new_general_name (ASN1_TYPE ext, const char *ext_name,
- gnutls_x509_subject_alt_name_t type,
- const void *data, unsigned int data_size)
+write_new_general_name(ASN1_TYPE ext, const char *ext_name,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data, unsigned int data_size)
{
- const char *str;
- int result;
- char name[128];
-
- result = asn1_write_value (ext, ext_name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- switch (type)
- {
- case GNUTLS_SAN_DNSNAME:
- str = "dNSName";
- break;
- case GNUTLS_SAN_RFC822NAME:
- str = "rfc822Name";
- break;
- case GNUTLS_SAN_URI:
- str = "uniformResourceIdentifier";
- break;
- case GNUTLS_SAN_IPADDRESS:
- str = "iPAddress";
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (ext_name[0] == 0)
- { /* no dot */
- _gnutls_str_cpy (name, sizeof (name), "?LAST");
- }
- else
- {
- _gnutls_str_cpy (name, sizeof (name), ext_name);
- _gnutls_str_cat (name, sizeof (name), ".?LAST");
- }
-
- result = asn1_write_value (ext, name, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cat (name, sizeof (name), ".");
- _gnutls_str_cat (name, sizeof (name), str);
-
- result = asn1_write_value (ext, name, data, data_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ const char *str;
+ int result;
+ char name[128];
+
+ result = asn1_write_value(ext, ext_name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ switch (type) {
+ case GNUTLS_SAN_DNSNAME:
+ str = "dNSName";
+ break;
+ case GNUTLS_SAN_RFC822NAME:
+ str = "rfc822Name";
+ break;
+ case GNUTLS_SAN_URI:
+ str = "uniformResourceIdentifier";
+ break;
+ case GNUTLS_SAN_IPADDRESS:
+ str = "iPAddress";
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (ext_name[0] == 0) { /* no dot */
+ _gnutls_str_cpy(name, sizeof(name), "?LAST");
+ } else {
+ _gnutls_str_cpy(name, sizeof(name), ext_name);
+ _gnutls_str_cat(name, sizeof(name), ".?LAST");
+ }
+
+ result = asn1_write_value(ext, name, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cat(name, sizeof(name), ".");
+ _gnutls_str_cat(name, sizeof(name), str);
+
+ result = asn1_write_value(ext, name, data, data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* Convert the given name to GeneralNames in a DER encoded extension.
* This is the same as subject alternative name.
*/
int
-_gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- gnutls_datum_t * prev_der_ext,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.GeneralNames", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (prev_der_ext != NULL && prev_der_ext->data != NULL
- && prev_der_ext->size != 0)
- {
- result =
- asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
- NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- result = write_new_general_name (ext, "", type, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames",
+ &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (prev_der_ext != NULL && prev_der_ext->data != NULL
+ && prev_der_ext->size != 0) {
+ result =
+ asn1_der_decoding(&ext, prev_der_ext->data,
+ prev_der_ext->size, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = write_new_general_name(ext, "", type, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the SubjectKeyID in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.SubjectKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "", id, id_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "", id, id_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the AuthorityKeyID in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.AuthorityKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "keyIdentifier", id, id_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- asn1_write_value (ext, "authorityCertIssuer", NULL, 0);
- asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0);
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.AuthorityKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "keyIdentifier", id, id_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ asn1_write_value(ext, "authorityCertIssuer", NULL, 0);
+ asn1_write_value(ext, "authorityCertSerialNumber", NULL, 0);
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
@@ -1108,253 +1051,233 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
*
*/
int
-_gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int reason_flags,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- gnutls_datum_t gnames = { NULL, 0 };
- int result;
- uint8_t reasons[2];
-
- reasons[0] = reason_flags & 0xff;
- reasons[1] = reason_flags >> 8;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.CRLDistributionPoints", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (ext, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (reason_flags)
- {
- result = asn1_write_value (ext, "?LAST.reasons", reasons, 9);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
- else
- {
- result = asn1_write_value (ext, "?LAST.reasons", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
-
- result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* When used as type CHOICE.
- */
- result = asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ gnutls_datum_t gnames = { NULL, 0 };
+ int result;
+ uint8_t reasons[2];
+
+ reasons[0] = reason_flags & 0xff;
+ reasons[1] = reason_flags >> 8;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CRLDistributionPoints", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(ext, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (reason_flags) {
+ result =
+ asn1_write_value(ext, "?LAST.reasons", reasons, 9);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ } else {
+ result = asn1_write_value(ext, "?LAST.reasons", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ }
+
+ result = asn1_write_value(ext, "?LAST.cRLIssuer", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* When used as type CHOICE.
+ */
+ result =
+ asn1_write_value(ext, "?LAST.distributionPoint", "fullName",
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
#if 0
- /* only needed in old code (where defined as SEQUENCE OF) */
- asn1_write_value (ext,
- "?LAST.distributionPoint.nameRelativeToCRLIssuer",
- NULL, 0);
+ /* only needed in old code (where defined as SEQUENCE OF) */
+ asn1_write_value(ext,
+ "?LAST.distributionPoint.nameRelativeToCRLIssuer",
+ NULL, 0);
#endif
- result =
- write_new_general_name (ext, "?LAST.distributionPoint.fullName",
- type, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ result =
+ write_new_general_name(ext, "?LAST.distributionPoint.fullName",
+ type, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = 0;
+ result = 0;
-cleanup:
- _gnutls_free_datum (&gnames);
- asn1_delete_structure (&ext);
+ cleanup:
+ _gnutls_free_datum(&gnames);
+ asn1_delete_structure(&ext);
- return result;
+ return result;
}
/* extract the proxyCertInfo from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_proxyCertInfo(int *pathLenConstraint,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ uint8_t * extnValue,
+ int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- gnutls_datum_t value;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ProxyCertInfo", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint)
- {
- result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint",
- (unsigned int*)pathLenConstraint);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
- else if (result != GNUTLS_E_SUCCESS)
- {
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- result = _gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
- &value);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- if (policyLanguage)
- *policyLanguage = gnutls_strdup ((char*)value.data);
-
- result = _gnutls_x509_read_value (ext, "proxyPolicy.policy", &value);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- {
- if (policy)
- *policy = NULL;
- if (sizeof_policy)
- *sizeof_policy = 0;
- }
- else if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
- else
- {
- if (policy)
- *policy = (char*)value.data;
- if (sizeof_policy)
- *sizeof_policy = value.size;
- }
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ gnutls_datum_t value;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint) {
+ result = _gnutls_x509_read_uint(ext, "pCPathLenConstraint",
+ (unsigned int *)
+ pathLenConstraint);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ *pathLenConstraint = -1;
+ else if (result != GNUTLS_E_SUCCESS) {
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = _gnutls_x509_read_value(ext, "proxyPolicy.policyLanguage",
+ &value);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ if (policyLanguage)
+ *policyLanguage = gnutls_strdup((char *) value.data);
+
+ result =
+ _gnutls_x509_read_value(ext, "proxyPolicy.policy", &value);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
+ if (policy)
+ *policy = NULL;
+ if (sizeof_policy)
+ *sizeof_policy = 0;
+ } else if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ } else {
+ if (policy)
+ *policy = (char *) value.data;
+ if (sizeof_policy)
+ *sizeof_policy = value.size;
+ }
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* generate the proxyCertInfo in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_proxyCertInfo(int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.ProxyCertInfo", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint < 0)
- {
- result = asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
- if (result < 0)
- result = _gnutls_asn2err (result);
- }
- else
- result = _gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
- pathLenConstraint);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = asn1_write_value (ext, "proxyPolicy.policyLanguage",
- policyLanguage, 1);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "proxyPolicy.policy",
- policy, sizeof_policy);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.ProxyCertInfo", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint < 0) {
+ result =
+ asn1_write_value(ext, "pCPathLenConstraint", NULL, 0);
+ if (result < 0)
+ result = _gnutls_asn2err(result);
+ } else
+ result =
+ _gnutls_x509_write_uint32(ext, "pCPathLenConstraint",
+ pathLenConstraint);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = asn1_write_value(ext, "proxyPolicy.policyLanguage",
+ policyLanguage, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "proxyPolicy.policy",
+ policy, sizeof_policy);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index b2267af5da..0a5e753eb8 100644
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -30,15 +30,16 @@
#include <gnutls_num.h>
#include <gnutls_ecc.h>
-static int _gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize,
- gnutls_pk_params_st* params);
-static int _gnutls_x509_read_dsa_pubkey (uint8_t * der, int dersize,
- gnutls_pk_params_st * params);
-static int _gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize,
- gnutls_pk_params_st * params);
+static int _gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
+static int _gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
+static int _gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
static int
-_gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st * params);
+_gnutls_x509_read_dsa_params(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
/*
* some x509 certificate parsing functions that relate to MPI parameter
@@ -46,48 +47,47 @@ _gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st *
* Returns 2 parameters (m,e). It does not set params_nr.
*/
int
-_gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&spk, der, dersize, NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (result);
- }
-
-
- if ((result = _gnutls_x509_read_int (spk, "modulus", &params->params[0])) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- if ((result = _gnutls_x509_read_int (spk, "publicExponent",
- &params->params[1])) < 0)
- {
- gnutls_assert ();
- _gnutls_mpi_release (&params->params[0]);
- asn1_delete_structure (&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- asn1_delete_structure (&spk);
-
- return 0;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
+
+
+ if ((result =
+ _gnutls_x509_read_int(spk, "modulus",
+ &params->params[0])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ if ((result = _gnutls_x509_read_int(spk, "publicExponent",
+ &params->params[1])) < 0) {
+ gnutls_assert();
+ _gnutls_mpi_release(&params->params[0]);
+ asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ asn1_delete_structure(&spk);
+
+ return 0;
}
@@ -97,13 +97,15 @@ _gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st *
* Returns 2 parameters (m,e). It does not set params_nr.
*/
int
-_gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
/* Eventhough RFC5480 defines the public key to be an ECPoint (i.e. OCTET STRING),
* it is actually copied in raw there. Why do they use ASN.1 anyway?
*/
- return _gnutls_ecc_ansi_x963_import (der, dersize, &params->params[ECC_X],
- &params->params[ECC_Y]);
+ return _gnutls_ecc_ansi_x963_import(der, dersize,
+ &params->params[ECC_X],
+ &params->params[ECC_Y]);
}
@@ -112,65 +114,65 @@ _gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st *
* params[0-2]. It does NOT set params_nr.
*/
static int
-_gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_dsa_params(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&spk, der, dersize, NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (result);
- }
-
- /* FIXME: If the parameters are not included in the certificate
- * then the issuer's parameters should be used. This is not
- * done yet.
- */
-
- /* Read p */
-
- if ((result = _gnutls_x509_read_int (spk, "p", &params->params[0])) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- /* Read q */
-
- if ((result = _gnutls_x509_read_int (spk, "q", &params->params[1])) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- _gnutls_mpi_release (&params->params[0]);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- /* Read g */
-
- if ((result = _gnutls_x509_read_int (spk, "g", &params->params[2])) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- _gnutls_mpi_release (&params->params[0]);
- _gnutls_mpi_release (&params->params[1]);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- asn1_delete_structure (&spk);
-
- return 0;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.Dss-Parms",
+ &spk)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
+
+ /* FIXME: If the parameters are not included in the certificate
+ * then the issuer's parameters should be used. This is not
+ * done yet.
+ */
+
+ /* Read p */
+
+ if ((result =
+ _gnutls_x509_read_int(spk, "p", &params->params[0])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ /* Read q */
+
+ if ((result =
+ _gnutls_x509_read_int(spk, "q", &params->params[1])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ _gnutls_mpi_release(&params->params[0]);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ /* Read g */
+
+ if ((result =
+ _gnutls_x509_read_int(spk, "g", &params->params[2])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ _gnutls_mpi_release(&params->params[0]);
+ _gnutls_mpi_release(&params->params[1]);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ asn1_delete_structure(&spk);
+
+ return 0;
}
@@ -178,99 +180,99 @@ _gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st *
* params[0-4]. It does NOT set params_nr.
*/
int
-_gnutls_x509_read_ecc_params (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_ecc_params(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- int ret;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- char oid[MAX_OID_SIZE];
- int oid_size;
-
- if ((ret = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.ECParameters", &spk)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (&spk, der, dersize, NULL);
-
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- /* Read curve */
- /* read the curve */
- oid_size = sizeof(oid);
- ret = asn1_read_value(spk, "namedCurve", oid, &oid_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- params->flags = _gnutls_oid_to_ecc_curve(oid);
- if (params->flags == GNUTLS_ECC_CURVE_INVALID)
- {
- _gnutls_debug_log("Curve %s is not supported\n", oid);
- gnutls_assert();
- ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- asn1_delete_structure (&spk);
-
- return ret;
+ int ret;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+ char oid[MAX_OID_SIZE];
+ int oid_size;
+
+ if ((ret = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters",
+ &spk)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_der_decoding(&spk, der, dersize, NULL);
+
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ /* Read curve */
+ /* read the curve */
+ oid_size = sizeof(oid);
+ ret = asn1_read_value(spk, "namedCurve", oid, &oid_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ params->flags = _gnutls_oid_to_ecc_curve(oid);
+ if (params->flags == GNUTLS_ECC_CURVE_INVALID) {
+ _gnutls_debug_log("Curve %s is not supported\n", oid);
+ gnutls_assert();
+ ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ asn1_delete_structure(&spk);
+
+ return ret;
}
-int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t algo, uint8_t * der, int dersize,
- gnutls_pk_params_st * params)
+int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der,
+ int dersize, gnutls_pk_params_st * params)
{
-int ret;
-
- switch(algo)
- {
- case GNUTLS_PK_RSA:
- ret = _gnutls_x509_read_rsa_pubkey(der, dersize, params);
- if (ret >= 0) params->params_nr = RSA_PUBLIC_PARAMS;
- break;
- case GNUTLS_PK_DSA:
- ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params);
- if (ret >= 0) params->params_nr = DSA_PUBLIC_PARAMS;
- break;
- case GNUTLS_PK_EC:
- ret = _gnutls_x509_read_ecc_pubkey(der, dersize, params);
- if (ret >= 0) params->params_nr = ECC_PUBLIC_PARAMS;
- break;
- default:
- ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- break;
- }
- return ret;
+ int ret;
+
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_x509_read_rsa_pubkey(der, dersize, params);
+ if (ret >= 0)
+ params->params_nr = RSA_PUBLIC_PARAMS;
+ break;
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params);
+ if (ret >= 0)
+ params->params_nr = DSA_PUBLIC_PARAMS;
+ break;
+ case GNUTLS_PK_EC:
+ ret = _gnutls_x509_read_ecc_pubkey(der, dersize, params);
+ if (ret >= 0)
+ params->params_nr = ECC_PUBLIC_PARAMS;
+ break;
+ default:
+ ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ break;
+ }
+ return ret;
}
-int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t algo, uint8_t * der, int dersize,
- gnutls_pk_params_st * params)
+int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo,
+ uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- switch(algo)
- {
- case GNUTLS_PK_RSA:
- return 0;
- case GNUTLS_PK_DSA:
- return _gnutls_x509_read_dsa_params(der, dersize, params);
- case GNUTLS_PK_EC:
- return _gnutls_x509_read_ecc_params(der, dersize, params);
- default:
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ return 0;
+ case GNUTLS_PK_DSA:
+ return _gnutls_x509_read_dsa_params(der, dersize, params);
+ case GNUTLS_PK_EC:
+ return _gnutls_x509_read_ecc_params(der, dersize, params);
+ default:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
}
/* reads DSA's Y
@@ -278,10 +280,10 @@ int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t algo, uint8_t * der,
* only sets params[3]
*/
int
-_gnutls_x509_read_dsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- /* do not set a number */
- params->params_nr = 0;
- return _gnutls_x509_read_der_int (der, dersize, &params->params[3]);
+ /* do not set a number */
+ params->params_nr = 0;
+ return _gnutls_x509_read_der_int(der, dersize, &params->params[3]);
}
-
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 47141093d5..b22c1b860a 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -32,12 +32,12 @@
#include <gnutls_mpi.h>
#include <gnutls_ecc.h>
-static int _gnutls_x509_write_rsa_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
-static int _gnutls_x509_write_dsa_params (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
-static int _gnutls_x509_write_dsa_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
+static int _gnutls_x509_write_rsa_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
+static int _gnutls_x509_write_dsa_params(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
+static int _gnutls_x509_write_dsa_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
/*
* some x509 certificate functions that relate to MPI parameter
@@ -47,57 +47,55 @@ static int _gnutls_x509_write_dsa_pubkey (gnutls_pk_params_st * params,
* Allocates the space used to store the DER data.
*/
static int
-_gnutls_x509_write_rsa_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der)
+_gnutls_x509_write_rsa_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params->params_nr < RSA_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_int (spk, "modulus", params->params[0], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int (spk, "publicExponent", params->params[1], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
-
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params->params_nr < RSA_PUBLIC_PARAMS) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_write_int(spk, "modulus", params->params[0], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_write_int(spk, "publicExponent",
+ params->params[1], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ return result;
}
/*
@@ -107,64 +105,66 @@ cleanup:
* Allocates the space used to store the DER data.
*/
int
-_gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der)
+_gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
+ int result;
- der->data = NULL;
- der->size = 0;
+ der->data = NULL;
+ der->size = 0;
- if (params->params_nr < ECC_PUBLIC_PARAMS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (params->params_nr < ECC_PUBLIC_PARAMS)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- result = _gnutls_ecc_ansi_x963_export(params->flags, params->params[ECC_X], params->params[ECC_Y], /*&out*/der);
- if (result < 0)
- return gnutls_assert_val(result);
+ result =
+ _gnutls_ecc_ansi_x963_export(params->flags,
+ params->params[ECC_X],
+ params->params[ECC_Y], /*&out */
+ der);
+ if (result < 0)
+ return gnutls_assert_val(result);
- return 0;
+ return 0;
}
int
-_gnutls_x509_write_pubkey_params (gnutls_pk_algorithm_t algo,
- gnutls_pk_params_st* params,
- gnutls_datum_t * der)
+_gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo,
+ gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- switch(algo)
- {
- case GNUTLS_PK_DSA:
- return _gnutls_x509_write_dsa_params(params, der);
- case GNUTLS_PK_RSA:
- der->data = gnutls_malloc(ASN1_NULL_SIZE);
- if (der->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(der->data, ASN1_NULL, ASN1_NULL_SIZE);
- der->size = ASN1_NULL_SIZE;
- return 0;
- case GNUTLS_PK_EC:
- return _gnutls_x509_write_ecc_params(params, der);
- default:
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
+ switch (algo) {
+ case GNUTLS_PK_DSA:
+ return _gnutls_x509_write_dsa_params(params, der);
+ case GNUTLS_PK_RSA:
+ der->data = gnutls_malloc(ASN1_NULL_SIZE);
+ if (der->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(der->data, ASN1_NULL, ASN1_NULL_SIZE);
+ der->size = ASN1_NULL_SIZE;
+ return 0;
+ case GNUTLS_PK_EC:
+ return _gnutls_x509_write_ecc_params(params, der);
+ default:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
}
int
-_gnutls_x509_write_pubkey (gnutls_pk_algorithm_t algo,
- gnutls_pk_params_st* params,
- gnutls_datum_t * der)
+_gnutls_x509_write_pubkey(gnutls_pk_algorithm_t algo,
+ gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- switch(algo)
- {
- case GNUTLS_PK_DSA:
- return _gnutls_x509_write_dsa_pubkey(params, der);
- case GNUTLS_PK_RSA:
- return _gnutls_x509_write_rsa_pubkey(params, der);
- case GNUTLS_PK_EC:
- return _gnutls_x509_write_ecc_pubkey(params, der);
- default:
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
+ switch (algo) {
+ case GNUTLS_PK_DSA:
+ return _gnutls_x509_write_dsa_pubkey(params, der);
+ case GNUTLS_PK_RSA:
+ return _gnutls_x509_write_rsa_pubkey(params, der);
+ case GNUTLS_PK_EC:
+ return _gnutls_x509_write_ecc_pubkey(params, der);
+ default:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
}
/*
@@ -174,63 +174,57 @@ _gnutls_x509_write_pubkey (gnutls_pk_algorithm_t algo,
* Allocates the space used to store the DER data.
*/
static int
-_gnutls_x509_write_dsa_params (gnutls_pk_params_st* params,
- gnutls_datum_t * der)
+_gnutls_x509_write_dsa_params(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params->params_nr < DSA_PUBLIC_PARAMS-1)
- {
- gnutls_assert ();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAParameters", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_int (spk, "p", params->params[0], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int (spk, "q", params->params[1], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int (spk, "g", params->params[2], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params->params_nr < DSA_PUBLIC_PARAMS - 1) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAParameters", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(spk, "p", params->params[0], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int(spk, "q", params->params[1], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int(spk, "g", params->params[2], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+ return result;
}
/*
@@ -240,62 +234,60 @@ cleanup:
* Allocates the space used to store the DER data.
*/
int
-_gnutls_x509_write_ecc_params (gnutls_pk_params_st* params,
- gnutls_datum_t * der)
+_gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- const char* oid;
-
- der->data = NULL;
- der->size = 0;
-
- if (params->params_nr < ECC_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- oid = _gnutls_ecc_curve_get_oid(params->flags);
- if (oid == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.ECParameters", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if ((result = asn1_write_value (spk, "", "namedCurve", 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (spk, "namedCurve", oid, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+ const char *oid;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params->params_nr < ECC_PUBLIC_PARAMS) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ oid = _gnutls_ecc_curve_get_oid(params->flags);
+ if (oid == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if ((result =
+ asn1_write_value(spk, "", "namedCurve", 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(spk, "namedCurve", oid,
+ 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+ return result;
}
/*
@@ -305,484 +297,466 @@ cleanup:
* Allocates the space used to store the DER data.
*/
static int
-_gnutls_x509_write_dsa_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der)
+_gnutls_x509_write_dsa_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params->params_nr < DSA_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_int (spk, "", params->params[3], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params->params_nr < DSA_PUBLIC_PARAMS) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(spk, "", params->params[3], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+ return result;
}
/* Encodes the RSA parameters into an ASN.1 RSA private key structure.
*/
static int
-_gnutls_asn1_encode_rsa (ASN1_TYPE * c2, gnutls_pk_params_st * params)
+_gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params)
{
- int result;
- uint8_t null = '\0';
- gnutls_pk_params_st pk_params;
- gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
-
- gnutls_pk_params_init(&pk_params);
-
- memset (&m, 0, sizeof (m));
- memset (&p, 0, sizeof (p));
- memset (&q, 0, sizeof (q));
- memset (&p, 0, sizeof (p));
- memset (&u, 0, sizeof (u));
- memset (&e, 0, sizeof (e));
- memset (&d, 0, sizeof (d));
- memset (&exp1, 0, sizeof (exp1));
- memset (&exp2, 0, sizeof (exp2));
-
- result = _gnutls_pk_params_copy (&pk_params, params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* retrieve as data */
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[0], &m);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[1], &e);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[2], &d);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[3], &p);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[4], &q);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[5], &u);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[6], &exp1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[7], &exp2);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- /* first make sure that no previously allocated data are leaked */
- if (*c2 != ASN1_TYPE_EMPTY)
- {
- asn1_delete_structure (c2);
- *c2 = ASN1_TYPE_EMPTY;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value (*c2, "modulus",
- m.data, m.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "publicExponent",
- e.data, e.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "privateExponent",
- d.data, d.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "prime1",
- p.data, p.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "prime2",
- q.data, q.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "coefficient",
- u.data, u.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
-
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "exponent1",
- exp1.data, exp1.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "exponent2",
- exp2.data, exp2.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "otherPrimeInfos",
- NULL, 0)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- if (result != 0)
- asn1_delete_structure (c2);
-
- gnutls_pk_params_release (&pk_params);
-
- _gnutls_free_datum (&m);
- _gnutls_free_datum (&d);
- _gnutls_free_datum (&e);
- _gnutls_free_datum (&p);
- _gnutls_free_datum (&q);
- _gnutls_free_datum (&u);
- _gnutls_free_datum (&exp1);
- _gnutls_free_datum (&exp2);
-
- return result;
+ int result;
+ uint8_t null = '\0';
+ gnutls_pk_params_st pk_params;
+ gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
+
+ gnutls_pk_params_init(&pk_params);
+
+ memset(&m, 0, sizeof(m));
+ memset(&p, 0, sizeof(p));
+ memset(&q, 0, sizeof(q));
+ memset(&p, 0, sizeof(p));
+ memset(&u, 0, sizeof(u));
+ memset(&e, 0, sizeof(e));
+ memset(&d, 0, sizeof(d));
+ memset(&exp1, 0, sizeof(exp1));
+ memset(&exp2, 0, sizeof(exp2));
+
+ result = _gnutls_pk_params_copy(&pk_params, params);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* retrieve as data */
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[0], &m);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[1], &e);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[2], &d);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[3], &p);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[4], &q);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[5], &u);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[6], &exp1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[7], &exp2);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ /* first make sure that no previously allocated data are leaked */
+ if (*c2 != ASN1_TYPE_EMPTY) {
+ asn1_delete_structure(c2);
+ *c2 = ASN1_TYPE_EMPTY;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value(*c2, "modulus",
+ m.data, m.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "publicExponent",
+ e.data, e.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "privateExponent",
+ d.data, d.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "prime1",
+ p.data, p.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "prime2",
+ q.data, q.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "coefficient",
+ u.data, u.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "exponent1",
+ exp1.data,
+ exp1.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "exponent2",
+ exp2.data,
+ exp2.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "otherPrimeInfos",
+ NULL, 0)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(*c2, "version", &null, 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ if (result != 0)
+ asn1_delete_structure(c2);
+
+ gnutls_pk_params_release(&pk_params);
+
+ _gnutls_free_datum(&m);
+ _gnutls_free_datum(&d);
+ _gnutls_free_datum(&e);
+ _gnutls_free_datum(&p);
+ _gnutls_free_datum(&q);
+ _gnutls_free_datum(&u);
+ _gnutls_free_datum(&exp1);
+ _gnutls_free_datum(&exp2);
+
+ return result;
}
/* Encodes the ECC parameters into an ASN.1 ECPrivateKey structure.
*/
static int
-_gnutls_asn1_encode_ecc (ASN1_TYPE * c2, gnutls_pk_params_st * params)
+_gnutls_asn1_encode_ecc(ASN1_TYPE * c2, gnutls_pk_params_st * params)
{
- int ret;
- uint8_t one = '\x01';
- gnutls_datum pubkey = { NULL, 0 };
- const char *oid;
-
- oid = _gnutls_ecc_curve_get_oid(params->flags);
-
- if (params->params_nr != ECC_PRIVATE_PARAMS || oid == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = _gnutls_ecc_ansi_x963_export(params->flags, params->params[ECC_X], params->params[ECC_Y], &pubkey);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- /* first make sure that no previously allocated data are leaked */
- if (*c2 != ASN1_TYPE_EMPTY)
- {
- asn1_delete_structure (c2);
- *c2 = ASN1_TYPE_EMPTY;
- }
-
- if ((ret = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.ECPrivateKey", c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- if ((ret = asn1_write_value (*c2, "Version", &one, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_int (*c2, "privateKey", params->params[ECC_K], 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((ret = asn1_write_value (*c2, "publicKey", pubkey.data, pubkey.size*8)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- /* write our choice */
- if ((ret = asn1_write_value (*c2, "parameters", "namedCurve", 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- if ((ret = asn1_write_value (*c2, "parameters.namedCurve", oid, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- _gnutls_free_datum(&pubkey);
- return 0;
-
-cleanup:
- asn1_delete_structure (c2);
- _gnutls_free_datum(&pubkey);
-
- return ret;
+ int ret;
+ uint8_t one = '\x01';
+ gnutls_datum pubkey = { NULL, 0 };
+ const char *oid;
+
+ oid = _gnutls_ecc_curve_get_oid(params->flags);
+
+ if (params->params_nr != ECC_PRIVATE_PARAMS || oid == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret =
+ _gnutls_ecc_ansi_x963_export(params->flags,
+ params->params[ECC_X],
+ params->params[ECC_Y], &pubkey);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ /* first make sure that no previously allocated data are leaked */
+ if (*c2 != ASN1_TYPE_EMPTY) {
+ asn1_delete_structure(c2);
+ *c2 = ASN1_TYPE_EMPTY;
+ }
+
+ if ((ret = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.ECPrivateKey", c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ if ((ret =
+ asn1_write_value(*c2, "Version", &one, 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_write_int(*c2, "privateKey",
+ params->params[ECC_K], 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret =
+ asn1_write_value(*c2, "publicKey", pubkey.data,
+ pubkey.size * 8)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ /* write our choice */
+ if ((ret =
+ asn1_write_value(*c2, "parameters", "namedCurve",
+ 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ if ((ret =
+ asn1_write_value(*c2, "parameters.namedCurve", oid,
+ 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ _gnutls_free_datum(&pubkey);
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(c2);
+ _gnutls_free_datum(&pubkey);
+
+ return ret;
}
/* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
*/
static int
-_gnutls_asn1_encode_dsa (ASN1_TYPE * c2, gnutls_pk_params_st * params)
+_gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params)
{
- int result, i;
- size_t size[DSA_PRIVATE_PARAMS], total;
- uint8_t *p_data, *q_data, *g_data, *x_data, *y_data;
- uint8_t *all_data = NULL, *p;
- uint8_t null = '\0';
-
- /* Read all the sizes */
- total = 0;
- for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
- {
- _gnutls_mpi_print_lz (params->params[i], NULL, &size[i]);
- total += size[i];
- }
-
- /* Encoding phase.
- * allocate data enough to hold everything
- */
- all_data = gnutls_malloc (total);
- if (all_data == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- p = all_data;
- p_data = p;
- p += size[0];
- q_data = p;
- p += size[1];
- g_data = p;
- p += size[2];
- y_data = p;
- p += size[3];
- x_data = p;
-
- _gnutls_mpi_print_lz (params->params[0], p_data, &size[0]);
- _gnutls_mpi_print_lz (params->params[1], q_data, &size[1]);
- _gnutls_mpi_print_lz (params->params[2], g_data, &size[2]);
- _gnutls_mpi_print_lz (params->params[3], y_data, &size[3]);
- _gnutls_mpi_print_lz (params->params[4], x_data, &size[4]);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- /* first make sure that no previously allocated data are leaked */
- if (*c2 != ASN1_TYPE_EMPTY)
- {
- asn1_delete_structure (c2);
- *c2 = ASN1_TYPE_EMPTY;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPrivateKey", c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "q", q_data, size[1])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "g", g_data, size[2])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "Y", y_data, size[3])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "priv",
- x_data, size[4])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- gnutls_free (all_data);
-
- if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- asn1_delete_structure (c2);
- gnutls_free (all_data);
-
- return result;
+ int result, i;
+ size_t size[DSA_PRIVATE_PARAMS], total;
+ uint8_t *p_data, *q_data, *g_data, *x_data, *y_data;
+ uint8_t *all_data = NULL, *p;
+ uint8_t null = '\0';
+
+ /* Read all the sizes */
+ total = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
+ _gnutls_mpi_print_lz(params->params[i], NULL, &size[i]);
+ total += size[i];
+ }
+
+ /* Encoding phase.
+ * allocate data enough to hold everything
+ */
+ all_data = gnutls_malloc(total);
+ if (all_data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p = all_data;
+ p_data = p;
+ p += size[0];
+ q_data = p;
+ p += size[1];
+ g_data = p;
+ p += size[2];
+ y_data = p;
+ p += size[3];
+ x_data = p;
+
+ _gnutls_mpi_print_lz(params->params[0], p_data, &size[0]);
+ _gnutls_mpi_print_lz(params->params[1], q_data, &size[1]);
+ _gnutls_mpi_print_lz(params->params[2], g_data, &size[2]);
+ _gnutls_mpi_print_lz(params->params[3], y_data, &size[3]);
+ _gnutls_mpi_print_lz(params->params[4], x_data, &size[4]);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ /* first make sure that no previously allocated data are leaked */
+ if (*c2 != ASN1_TYPE_EMPTY) {
+ asn1_delete_structure(c2);
+ *c2 = ASN1_TYPE_EMPTY;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result =
+ asn1_write_value(*c2, "p", p_data,
+ size[0])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(*c2, "q", q_data,
+ size[1])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(*c2, "g", g_data,
+ size[2])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(*c2, "Y", y_data,
+ size[3])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "priv",
+ x_data, size[4])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ gnutls_free(all_data);
+
+ if ((result =
+ asn1_write_value(*c2, "version", &null, 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(c2);
+ gnutls_free(all_data);
+
+ return result;
}
-int _gnutls_asn1_encode_privkey (gnutls_pk_algorithm_t pk, ASN1_TYPE * c2, gnutls_pk_params_st * params)
+int _gnutls_asn1_encode_privkey(gnutls_pk_algorithm_t pk, ASN1_TYPE * c2,
+ gnutls_pk_params_st * params)
{
- switch(pk)
- {
- case GNUTLS_PK_RSA:
- return _gnutls_asn1_encode_rsa(c2, params);
- case GNUTLS_PK_DSA:
- return _gnutls_asn1_encode_dsa(c2, params);
- case GNUTLS_PK_EC:
- return _gnutls_asn1_encode_ecc(c2, params);
- default:
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ return _gnutls_asn1_encode_rsa(c2, params);
+ case GNUTLS_PK_DSA:
+ return _gnutls_asn1_encode_dsa(c2, params);
+ case GNUTLS_PK_EC:
+ return _gnutls_asn1_encode_ecc(c2, params);
+ default:
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
}
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index c737b10980..e5b9dddf8b 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -32,42 +32,38 @@
/* Reads an Integer from the DER encoded data
*/
-int
-_gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out)
+int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- /* == INTEGER */
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey",
- &spk)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ /* == INTEGER */
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey",
+ &spk)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding (&spk, der, dersize, NULL);
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
- /* Read Y */
+ /* Read Y */
- if ((result = _gnutls_x509_read_int (spk, "", out)) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (result);
- }
+ if ((result = _gnutls_x509_read_int(spk, "", out)) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
- asn1_delete_structure (&spk);
+ asn1_delete_structure(&spk);
- return 0;
+ return 0;
}
@@ -75,102 +71,100 @@ _gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out)
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
- gnutls_pk_params_st * params)
+_gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root,
+ gnutls_pk_params_st * params)
{
- int result;
- char name[256];
- gnutls_datum_t tmp = { NULL, 0 };
- gnutls_pk_algorithm_t pk_algorithm;
-
- gnutls_pk_params_init(params);
-
- result = _gnutls_x509_get_pk_algorithm (asn, root, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- pk_algorithm = result;
-
- /* Read the algorithm's parameters
- */
- _asnstr_append_name (name, sizeof (name), root, ".subjectPublicKey");
- result = _gnutls_x509_read_value (asn, name, &tmp);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if ((result =
- _gnutls_x509_read_pubkey (pk_algorithm, tmp.data, tmp.size, params)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Now read the parameters
- */
- _gnutls_free_datum (&tmp);
-
- _asnstr_append_name (name, sizeof (name), root,
- ".algorithm.parameters");
-
- /* FIXME: If the parameters are not included in the certificate
- * then the issuer's parameters should be used. This is not
- * done yet.
- */
-
- if (pk_algorithm != GNUTLS_PK_RSA) /* RSA doesn't use parameters */
- {
- result = _gnutls_x509_read_value (asn, name, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- if ((result =
- _gnutls_x509_read_pubkey_params (pk_algorithm, tmp.data, tmp.size, params)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- result = 0;
-
-error:
- _gnutls_free_datum (&tmp);
- return result;
+ int result;
+ char name[256];
+ gnutls_datum_t tmp = { NULL, 0 };
+ gnutls_pk_algorithm_t pk_algorithm;
+
+ gnutls_pk_params_init(params);
+
+ result = _gnutls_x509_get_pk_algorithm(asn, root, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ pk_algorithm = result;
+
+ /* Read the algorithm's parameters
+ */
+ _asnstr_append_name(name, sizeof(name), root, ".subjectPublicKey");
+ result = _gnutls_x509_read_value(asn, name, &tmp);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if ((result =
+ _gnutls_x509_read_pubkey(pk_algorithm, tmp.data, tmp.size,
+ params)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Now read the parameters
+ */
+ _gnutls_free_datum(&tmp);
+
+ _asnstr_append_name(name, sizeof(name), root,
+ ".algorithm.parameters");
+
+ /* FIXME: If the parameters are not included in the certificate
+ * then the issuer's parameters should be used. This is not
+ * done yet.
+ */
+
+ if (pk_algorithm != GNUTLS_PK_RSA) { /* RSA doesn't use parameters */
+ result = _gnutls_x509_read_value(asn, name, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_pubkey_params(pk_algorithm,
+ tmp.data, tmp.size,
+ params)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ result = 0;
+
+ error:
+ _gnutls_free_datum(&tmp);
+ return result;
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
- gnutls_pk_params_st * params)
+_gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert,
+ gnutls_pk_params_st * params)
{
- /* Read the algorithm's OID
- */
- return _gnutls_get_asn_mpis (cert->cert,
- "tbsCertificate.subjectPublicKeyInfo", params);
+ /* Read the algorithm's OID
+ */
+ return _gnutls_get_asn_mpis(cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ params);
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
- gnutls_pk_params_st* params)
+_gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert,
+ gnutls_pk_params_st * params)
{
- /* Read the algorithm's OID
- */
- return _gnutls_get_asn_mpis (cert->crq,
- "certificationRequestInfo.subjectPKInfo",
- params);
+ /* Read the algorithm's OID
+ */
+ return _gnutls_get_asn_mpis(cert->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ params);
}
/*
@@ -178,55 +172,53 @@ _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
* This is the "signatureAlgorithm" fields.
*/
int
-_gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
- gnutls_pk_algorithm_t pk_algorithm,
- gnutls_digest_algorithm_t dig)
+_gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name,
+ gnutls_pk_algorithm_t pk_algorithm,
+ gnutls_digest_algorithm_t dig)
{
- int result;
- char name[128];
- const char *pk;
-
- _gnutls_str_cpy (name, sizeof (name), dst_name);
- _gnutls_str_cat (name, sizeof (name), ".algorithm");
-
- pk = _gnutls_x509_sign_to_oid (pk_algorithm, dig);
- if (pk == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Cannot find OID for sign algorithm pk: %d dig: %d\n",
- (int) pk_algorithm, (int) dig);
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* write the OID.
- */
- result = asn1_write_value (dst, name, pk, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- _gnutls_str_cpy (name, sizeof (name), dst_name);
- _gnutls_str_cat (name, sizeof (name), ".parameters");
-
- if (pk_algorithm == GNUTLS_PK_RSA)
- result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
- else
- result = asn1_write_value (dst, name, NULL, 0);
-
- if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
- {
- /* Here we ignore the element not found error, since this
- * may have been disabled before.
- */
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ char name[128];
+ const char *pk;
+
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".algorithm");
+
+ pk = _gnutls_x509_sign_to_oid(pk_algorithm, dig);
+ if (pk == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot find OID for sign algorithm pk: %d dig: %d\n",
+ (int) pk_algorithm, (int) dig);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* write the OID.
+ */
+ result = asn1_write_value(dst, name, pk, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".parameters");
+
+ if (pk_algorithm == GNUTLS_PK_RSA)
+ result =
+ asn1_write_value(dst, name, ASN1_NULL, ASN1_NULL_SIZE);
+ else
+ result = asn1_write_value(dst, name, NULL, 0);
+
+ if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
+ /* Here we ignore the element not found error, since this
+ * may have been disabled before.
+ */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* this function reads a (small) unsigned integer
@@ -234,72 +226,68 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
* steps.
*/
int
-_gnutls_x509_read_uint (ASN1_TYPE node, const char *value, unsigned int *ret)
+_gnutls_x509_read_uint(ASN1_TYPE node, const char *value,
+ unsigned int *ret)
{
- int len, result;
- uint8_t *tmpstr;
-
- len = 0;
- result = asn1_read_value (node, value, NULL, &len);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- tmpstr = gnutls_malloc (len);
- if (tmpstr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_read_value (node, value, tmpstr, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmpstr);
- return _gnutls_asn2err (result);
- }
-
- if (len == 1)
- *ret = tmpstr[0];
- else if (len == 2)
- *ret = _gnutls_read_uint16 (tmpstr);
- else if (len == 3)
- *ret = _gnutls_read_uint24 (tmpstr);
- else if (len == 4)
- *ret = _gnutls_read_uint32 (tmpstr);
- else
- {
- gnutls_assert ();
- gnutls_free (tmpstr);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- gnutls_free (tmpstr);
-
- return 0;
+ int len, result;
+ uint8_t *tmpstr;
+
+ len = 0;
+ result = asn1_read_value(node, value, NULL, &len);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmpstr = gnutls_malloc(len);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(node, value, tmpstr, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmpstr);
+ return _gnutls_asn2err(result);
+ }
+
+ if (len == 1)
+ *ret = tmpstr[0];
+ else if (len == 2)
+ *ret = _gnutls_read_uint16(tmpstr);
+ else if (len == 3)
+ *ret = _gnutls_read_uint24(tmpstr);
+ else if (len == 4)
+ *ret = _gnutls_read_uint32(tmpstr);
+ else {
+ gnutls_assert();
+ gnutls_free(tmpstr);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ gnutls_free(tmpstr);
+
+ return 0;
}
/* Writes the specified integer into the specified node.
*/
int
-_gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, uint32_t num)
+_gnutls_x509_write_uint32(ASN1_TYPE node, const char *value, uint32_t num)
{
- uint8_t tmpstr[4];
- int result;
+ uint8_t tmpstr[4];
+ int result;
- _gnutls_write_uint32 (num, tmpstr);
+ _gnutls_write_uint32(num, tmpstr);
- result = asn1_write_value (node, value, tmpstr, 4);
+ result = asn1_write_value(node, value, tmpstr, 4);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index d7186b475c..4e6adf850c 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -33,16 +33,14 @@
#include <gnutls/ocsp.h>
#include <auth/cert.h>
-typedef struct gnutls_ocsp_req_int
-{
- ASN1_TYPE req;
+typedef struct gnutls_ocsp_req_int {
+ ASN1_TYPE req;
} gnutls_ocsp_req_int;
-typedef struct gnutls_ocsp_resp_int
-{
- ASN1_TYPE resp;
- gnutls_datum_t response_type_oid;
- ASN1_TYPE basicresp;
+typedef struct gnutls_ocsp_resp_int {
+ ASN1_TYPE resp;
+ gnutls_datum_t response_type_oid;
+ ASN1_TYPE basicresp;
} gnutls_ocsp_resp_int;
#define MAX_TIME 64
@@ -56,27 +54,26 @@ typedef struct gnutls_ocsp_resp_int
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_ocsp_req_init (gnutls_ocsp_req_t * req)
+int gnutls_ocsp_req_init(gnutls_ocsp_req_t * req)
{
- gnutls_ocsp_req_t tmp = gnutls_calloc (1, sizeof (gnutls_ocsp_req_int));
- int ret;
-
- if (!tmp)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.OCSPRequest",
- &tmp->req);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmp);
- return _gnutls_asn2err (ret);
- }
+ gnutls_ocsp_req_t tmp =
+ gnutls_calloc(1, sizeof(gnutls_ocsp_req_int));
+ int ret;
+
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = asn1_create_element(_gnutls_get_pkix(), "PKIX1.OCSPRequest",
+ &tmp->req);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ return _gnutls_asn2err(ret);
+ }
- *req = tmp;
+ *req = tmp;
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -85,18 +82,17 @@ gnutls_ocsp_req_init (gnutls_ocsp_req_t * req)
*
* This function will deinitialize a OCSP request structure.
**/
-void
-gnutls_ocsp_req_deinit (gnutls_ocsp_req_t req)
+void gnutls_ocsp_req_deinit(gnutls_ocsp_req_t req)
{
- if (!req)
- return;
+ if (!req)
+ return;
- if (req->req)
- asn1_delete_structure (&req->req);
+ if (req->req)
+ asn1_delete_structure(&req->req);
- req->req = NULL;
+ req->req = NULL;
- gnutls_free (req);
+ gnutls_free(req);
}
/**
@@ -108,37 +104,36 @@ gnutls_ocsp_req_deinit (gnutls_ocsp_req_t req)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * resp)
+int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp)
{
- gnutls_ocsp_resp_t tmp = gnutls_calloc (1, sizeof (gnutls_ocsp_resp_int));
- int ret;
-
- if (!tmp)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.OCSPResponse", &tmp->resp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmp);
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.BasicOCSPResponse", &tmp->basicresp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&tmp->resp);
- gnutls_free (tmp);
- return _gnutls_asn2err (ret);
- }
-
- *resp = tmp;
-
- return GNUTLS_E_SUCCESS;
+ gnutls_ocsp_resp_t tmp =
+ gnutls_calloc(1, sizeof(gnutls_ocsp_resp_int));
+ int ret;
+
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.OCSPResponse", &tmp->resp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.BasicOCSPResponse",
+ &tmp->basicresp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&tmp->resp);
+ gnutls_free(tmp);
+ return _gnutls_asn2err(ret);
+ }
+
+ *resp = tmp;
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -147,23 +142,22 @@ gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * resp)
*
* This function will deinitialize a OCSP response structure.
**/
-void
-gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t resp)
+void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp)
{
- if (!resp)
- return;
+ if (!resp)
+ return;
- if (resp->resp)
- asn1_delete_structure (&resp->resp);
- gnutls_free (resp->response_type_oid.data);
- if (resp->basicresp)
- asn1_delete_structure (&resp->basicresp);
+ if (resp->resp)
+ asn1_delete_structure(&resp->resp);
+ gnutls_free(resp->response_type_oid.data);
+ if (resp->basicresp)
+ asn1_delete_structure(&resp->basicresp);
- resp->resp = NULL;
- resp->response_type_oid.data = NULL;
- resp->basicresp = NULL;
+ resp->resp = NULL;
+ resp->response_type_oid.data = NULL;
+ resp->basicresp = NULL;
- gnutls_free (resp);
+ gnutls_free(resp);
}
/**
@@ -179,41 +173,36 @@ gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t resp)
* negative error value.
**/
int
-gnutls_ocsp_req_import (gnutls_ocsp_req_t req,
- const gnutls_datum_t * data)
+gnutls_ocsp_req_import(gnutls_ocsp_req_t req, const gnutls_datum_t * data)
{
- int ret = 0;
-
- if (req == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (req->req)
- {
- /* Any earlier asn1_der_decoding will modify the ASN.1
- structure, so we need to replace it with a fresh
- structure. */
- asn1_delete_structure (&req->req);
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.OCSPRequest", &req->req);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- }
-
- ret = asn1_der_decoding (&req->req, data->data, data->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret = 0;
+
+ if (req == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (req->req) {
+ /* Any earlier asn1_der_decoding will modify the ASN.1
+ structure, so we need to replace it with a fresh
+ structure. */
+ asn1_delete_structure(&req->req);
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.OCSPRequest", &req->req);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ }
+
+ ret = asn1_der_decoding(&req->req, data->data, data->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -229,118 +218,111 @@ gnutls_ocsp_req_import (gnutls_ocsp_req_t req,
* negative error value.
**/
int
-gnutls_ocsp_resp_import (gnutls_ocsp_resp_t resp,
- const gnutls_datum_t * data)
+gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
+ const gnutls_datum_t * data)
{
- int ret = 0;
-
- if (resp == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (resp->resp)
- {
- /* Any earlier asn1_der_decoding will modify the ASN.1
- structure, so we need to replace it with a fresh
- structure. */
- asn1_delete_structure (&resp->resp);
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.OCSPResponse", &resp->resp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- }
-
- ret = asn1_der_decoding (&resp->resp, data->data, data->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- if (gnutls_ocsp_resp_get_status (resp) != GNUTLS_OCSP_RESP_SUCCESSFUL)
- return GNUTLS_E_SUCCESS;
-
- ret = _gnutls_x509_read_value (resp->resp, "responseBytes.responseType",
- &resp->response_type_oid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ int ret = 0;
+ if (resp == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (resp->resp) {
+ /* Any earlier asn1_der_decoding will modify the ASN.1
+ structure, so we need to replace it with a fresh
+ structure. */
+ asn1_delete_structure(&resp->resp);
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.OCSPResponse",
+ &resp->resp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ }
+
+ ret = asn1_der_decoding(&resp->resp, data->data, data->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ if (gnutls_ocsp_resp_get_status(resp) !=
+ GNUTLS_OCSP_RESP_SUCCESSFUL)
+ return GNUTLS_E_SUCCESS;
+
+ ret =
+ _gnutls_x509_read_value(resp->resp,
+ "responseBytes.responseType",
+ &resp->response_type_oid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
- if (resp->response_type_oid.size == sizeof (OCSP_BASIC)
- && memcmp (resp->response_type_oid.data, OCSP_BASIC,
- resp->response_type_oid.size) == 0)
- {
- gnutls_datum_t d;
-
- if (resp->basicresp)
- {
- asn1_delete_structure (&resp->basicresp);
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.BasicOCSPResponse", &resp->basicresp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- }
-
- ret = _gnutls_x509_read_value (resp->resp, "responseBytes.response",
- &d);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = asn1_der_decoding (&resp->basicresp, d.data, d.size, NULL);
- gnutls_free (d.data);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- }
- else
- resp->basicresp = NULL;
-
- return GNUTLS_E_SUCCESS;
+ if (resp->response_type_oid.size == sizeof(OCSP_BASIC)
+ && memcmp(resp->response_type_oid.data, OCSP_BASIC,
+ resp->response_type_oid.size) == 0) {
+ gnutls_datum_t d;
+
+ if (resp->basicresp) {
+ asn1_delete_structure(&resp->basicresp);
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.BasicOCSPResponse",
+ &resp->basicresp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ }
+
+ ret =
+ _gnutls_x509_read_value(resp->resp,
+ "responseBytes.response", &d);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ asn1_der_decoding(&resp->basicresp, d.data, d.size,
+ NULL);
+ gnutls_free(d.data);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ } else
+ resp->basicresp = NULL;
+
+ return GNUTLS_E_SUCCESS;
}
-static int
-export (ASN1_TYPE node, const char *name, gnutls_datum_t * data)
+static int export(ASN1_TYPE node, const char *name, gnutls_datum_t * data)
{
- int ret;
- int len = 0;
-
- ret = asn1_der_coding (node, name, NULL, &len, NULL);
- if (ret != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- data->size = len;
- data->data = gnutls_malloc (len);
- if (data->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
- ret = asn1_der_coding (node, name, data->data, &len, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ int len = 0;
+
+ ret = asn1_der_coding(node, name, NULL, &len, NULL);
+ if (ret != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ data->size = len;
+ data->data = gnutls_malloc(len);
+ if (data->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+ ret = asn1_der_coding(node, name, data->data, &len, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -353,27 +335,26 @@ export (ASN1_TYPE node, const char *name, gnutls_datum_t * data)
* Returns: In case of failure a negative error code will be
* returned, and 0 on success.
**/
-int
-gnutls_ocsp_req_export (gnutls_ocsp_req_t req, gnutls_datum_t * data)
+int gnutls_ocsp_req_export(gnutls_ocsp_req_t req, gnutls_datum_t * data)
{
- int ret;
+ int ret;
- if (req == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (req == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* XXX remove when we support these fields */
- asn1_write_value (req->req, "tbsRequest.requestorName", NULL, 0);
- asn1_write_value (req->req, "optionalSignature", NULL, 0);
+ /* XXX remove when we support these fields */
+ asn1_write_value(req->req, "tbsRequest.requestorName", NULL, 0);
+ asn1_write_value(req->req, "optionalSignature", NULL, 0);
- /* prune extension field if we don't have any extension */
- ret = gnutls_ocsp_req_get_extension (req, 0, NULL, NULL, NULL);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- asn1_write_value (req->req, "tbsRequest.requestExtensions", NULL, 0);
+ /* prune extension field if we don't have any extension */
+ ret = gnutls_ocsp_req_get_extension(req, 0, NULL, NULL, NULL);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ asn1_write_value(req->req, "tbsRequest.requestExtensions",
+ NULL, 0);
- return export (req->req, "", data);
+ return export(req->req, "", data);
}
/**
@@ -386,16 +367,14 @@ gnutls_ocsp_req_export (gnutls_ocsp_req_t req, gnutls_datum_t * data)
* Returns: In case of failure a negative error code will be
* returned, and 0 on success.
**/
-int
-gnutls_ocsp_resp_export (gnutls_ocsp_resp_t resp, gnutls_datum_t * data)
+int gnutls_ocsp_resp_export(gnutls_ocsp_resp_t resp, gnutls_datum_t * data)
{
- if (resp == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (resp == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return export (resp->resp, "", data);
+ return export(resp->resp, "", data);
}
/**
@@ -407,29 +386,27 @@ gnutls_ocsp_resp_export (gnutls_ocsp_resp_t resp, gnutls_datum_t * data)
*
* Returns: version of OCSP request, or a negative error code on error.
**/
-int
-gnutls_ocsp_req_get_version (gnutls_ocsp_req_t req)
+int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req)
{
- uint8_t version[8];
- int len, ret;
-
- if (req == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- ret = asn1_read_value (req->req, "tbsRequest.version", version, &len);
- if (ret != ASN1_SUCCESS)
- {
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return (int) version[0] + 1;
+ uint8_t version[8];
+ int len, ret;
+
+ if (req == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ ret =
+ asn1_read_value(req->req, "tbsRequest.version", version, &len);
+ if (ret != ASN1_SUCCESS) {
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -462,89 +439,88 @@ gnutls_ocsp_req_get_version (gnutls_ocsp_req_t req)
* returned.
**/
int
-gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req,
- unsigned indx,
- gnutls_digest_algorithm_t *digest,
- gnutls_datum_t *issuer_name_hash,
- gnutls_datum_t *issuer_key_hash,
- gnutls_datum_t *serial_number)
+gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req,
+ unsigned indx,
+ gnutls_digest_algorithm_t * digest,
+ gnutls_datum_t * issuer_name_hash,
+ gnutls_datum_t * issuer_key_hash,
+ gnutls_datum_t * serial_number)
{
- gnutls_datum_t sa;
- char name[ASN1_MAX_NAME_SIZE];
- int ret;
-
- if (req == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name),
- "tbsRequest.requestList.?%u.reqCert.hashAlgorithm.algorithm",
- indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, &sa);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_oid_to_digest ((char*)sa.data);
- _gnutls_free_datum (&sa);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (digest)
- *digest = ret;
-
- if (issuer_name_hash)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestList.?%u.reqCert.issuerNameHash", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, issuer_name_hash);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (issuer_key_hash)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestList.?%u.reqCert.issuerKeyHash", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, issuer_key_hash);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (issuer_name_hash)
- gnutls_free (issuer_name_hash->data);
- return ret;
- }
- }
-
- if (serial_number)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestList.?%u.reqCert.serialNumber", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, serial_number);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (issuer_name_hash)
- gnutls_free (issuer_name_hash->data);
- if (issuer_key_hash)
- gnutls_free (issuer_key_hash->data);
- return ret;
- }
- }
-
- return GNUTLS_E_SUCCESS;
+ gnutls_datum_t sa;
+ char name[ASN1_MAX_NAME_SIZE];
+ int ret;
+
+ if (req == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestList.?%u.reqCert.hashAlgorithm.algorithm",
+ indx + 1);
+ ret = _gnutls_x509_read_value(req->req, name, &sa);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_x509_oid_to_digest((char *) sa.data);
+ _gnutls_free_datum(&sa);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (digest)
+ *digest = ret;
+
+ if (issuer_name_hash) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestList.?%u.reqCert.issuerNameHash",
+ indx + 1);
+ ret =
+ _gnutls_x509_read_value(req->req, name,
+ issuer_name_hash);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (issuer_key_hash) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestList.?%u.reqCert.issuerKeyHash",
+ indx + 1);
+ ret =
+ _gnutls_x509_read_value(req->req, name,
+ issuer_key_hash);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+ return ret;
+ }
+ }
+
+ if (serial_number) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestList.?%u.reqCert.serialNumber",
+ indx + 1);
+ ret =
+ _gnutls_x509_read_value(req->req, name, serial_number);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+ if (issuer_key_hash)
+ gnutls_free(issuer_key_hash->data);
+ return ret;
+ }
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -574,93 +550,90 @@ gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req,
- gnutls_digest_algorithm_t digest,
- const gnutls_datum_t *issuer_name_hash,
- const gnutls_datum_t *issuer_key_hash,
- const gnutls_datum_t *serial_number)
+gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req,
+ gnutls_digest_algorithm_t digest,
+ const gnutls_datum_t * issuer_name_hash,
+ const gnutls_datum_t * issuer_key_hash,
+ const gnutls_datum_t * serial_number)
{
- int result;
- const char *oid;
-
- if (req == NULL || issuer_name_hash == NULL
- || issuer_key_hash == NULL || serial_number == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- oid = _gnutls_x509_digest_to_oid (mac_to_entry(digest));
- if (oid == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = asn1_write_value (req->req, "tbsRequest.requestList", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.algorithm",
- oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* XXX we don't support any algorithm with parameters */
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.parameters",
- ASN1_NULL, ASN1_NULL_SIZE);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.issuerNameHash",
- issuer_name_hash->data, issuer_name_hash->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.issuerKeyHash",
- issuer_key_hash->data, issuer_key_hash->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.serialNumber",
- serial_number->data, serial_number->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* XXX add separate function that can add extensions too */
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.singleRequestExtensions",
- NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return GNUTLS_E_SUCCESS;
+ int result;
+ const char *oid;
+
+ if (req == NULL || issuer_name_hash == NULL
+ || issuer_key_hash == NULL || serial_number == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ oid = _gnutls_x509_digest_to_oid(mac_to_entry(digest));
+ if (oid == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_write_value(req->req, "tbsRequest.requestList", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.algorithm",
+ oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* XXX we don't support any algorithm with parameters */
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.parameters",
+ ASN1_NULL, ASN1_NULL_SIZE);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.reqCert.issuerNameHash",
+ issuer_name_hash->data, issuer_name_hash->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.reqCert.issuerKeyHash",
+ issuer_key_hash->data, issuer_key_hash->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value
+ (req->req, "tbsRequest.requestList.?LAST.reqCert.serialNumber",
+ serial_number->data, serial_number->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* XXX add separate function that can add extensions too */
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.singleRequestExtensions", NULL,
+ 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -681,79 +654,72 @@ gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t req,
- gnutls_digest_algorithm_t digest,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crt_t cert)
+gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req,
+ gnutls_digest_algorithm_t digest,
+ gnutls_x509_crt_t issuer, gnutls_x509_crt_t cert)
{
- int ret;
- gnutls_datum_t sn, tmp, inh, ikh;
- uint8_t inh_buf[MAX_HASH_SIZE];
- uint8_t ikh_buf[MAX_HASH_SIZE];
- size_t inhlen = MAX_HASH_SIZE;
- size_t ikhlen = MAX_HASH_SIZE;
-
- if (req == NULL || issuer == NULL || cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_der_encode (cert->cert,
- "tbsCertificate.issuer.rdnSequence",
- &tmp, 0);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_fingerprint (digest, &tmp, inh_buf, &inhlen);
- gnutls_free (tmp.data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- inh.size = inhlen;
- inh.data = inh_buf;
-
- ret = _gnutls_x509_read_value
- (issuer->cert, "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey",
- &tmp);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_fingerprint (digest, &tmp, ikh_buf, &ikhlen);
- gnutls_free (tmp.data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- ikh.size = ikhlen;
- ikh.data = ikh_buf;
-
- ret = _gnutls_x509_read_value (cert->cert, "tbsCertificate.serialNumber",
- &sn);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_ocsp_req_add_cert_id (req, digest, &inh, &ikh, &sn);
- gnutls_free (sn.data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ gnutls_datum_t sn, tmp, inh, ikh;
+ uint8_t inh_buf[MAX_HASH_SIZE];
+ uint8_t ikh_buf[MAX_HASH_SIZE];
+ size_t inhlen = MAX_HASH_SIZE;
+ size_t ikhlen = MAX_HASH_SIZE;
+
+ if (req == NULL || issuer == NULL || cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_der_encode(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ &tmp, 0);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_fingerprint(digest, &tmp, inh_buf, &inhlen);
+ gnutls_free(tmp.data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ inh.size = inhlen;
+ inh.data = inh_buf;
+
+ ret = _gnutls_x509_read_value
+ (issuer->cert,
+ "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", &tmp);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_fingerprint(digest, &tmp, ikh_buf, &ikhlen);
+ gnutls_free(tmp.data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ ikh.size = ikhlen;
+ ikh.data = ikh_buf;
+
+ ret =
+ _gnutls_x509_read_value(cert->cert,
+ "tbsCertificate.serialNumber", &sn);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_ocsp_req_add_cert_id(req, digest, &inh, &ikh, &sn);
+ gnutls_free(sn.data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -780,70 +746,65 @@ gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t req,
* be returned.
**/
int
-gnutls_ocsp_req_get_extension (gnutls_ocsp_req_t req,
- unsigned indx,
- gnutls_datum_t *oid,
- unsigned int *critical,
- gnutls_datum_t *data)
+gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t req,
+ unsigned indx,
+ gnutls_datum_t * oid,
+ unsigned int *critical,
+ gnutls_datum_t * data)
{
- int ret;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- int len;
-
- if (!req)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsRequest.requestExtensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- ret = asn1_read_value (req->req, name, str_critical, &len);
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- if (oid)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestExtensions.?%u.extnID", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, oid);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (data)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestExtensions.?%u.extnValue", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (oid)
- gnutls_free (oid->data);
- return ret;
- }
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!req) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestExtensions.?%u.critical", indx + 1);
+ len = sizeof(str_critical);
+ ret = asn1_read_value(req->req, name, str_critical, &len);
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ if (oid) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestExtensions.?%u.extnID",
+ indx + 1);
+ ret = _gnutls_x509_read_value(req->req, name, oid);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (data) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestExtensions.?%u.extnValue",
+ indx + 1);
+ ret = _gnutls_x509_read_value(req->req, name, data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (oid)
+ gnutls_free(oid->data);
+ return ret;
+ }
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -861,19 +822,18 @@ gnutls_ocsp_req_get_extension (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
- const char *oid,
- unsigned int critical,
- const gnutls_datum_t *data)
+gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req,
+ const char *oid,
+ unsigned int critical,
+ const gnutls_datum_t * data)
{
- if (req == NULL || oid == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return set_extension (req->req, "tbsRequest.requestExtensions", oid,
- data, critical);
+ if (req == NULL || oid == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return set_extension(req->req, "tbsRequest.requestExtensions", oid,
+ data, critical);
}
/**
@@ -891,40 +851,36 @@ gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req,
- unsigned int *critical,
- gnutls_datum_t *nonce)
+gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t req,
+ unsigned int *critical, gnutls_datum_t * nonce)
{
- int ret;
- gnutls_datum_t tmp;
-
- if (req == NULL || nonce == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = get_extension (req->req, "tbsRequest.requestExtensions",
- GNUTLS_OCSP_NONCE, 0,
- &tmp, critical);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_decode_string (ASN1_ETYPE_OCTET_STRING, tmp.data, (size_t) tmp.size,
- nonce);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (tmp.data);
- return ret;
- }
-
- gnutls_free (tmp.data);
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ gnutls_datum_t tmp;
+
+ if (req == NULL || nonce == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = get_extension(req->req, "tbsRequest.requestExtensions",
+ GNUTLS_OCSP_NONCE, 0, &tmp, critical);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data,
+ (size_t) tmp.size, nonce);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(tmp.data);
+ return ret;
+ }
+
+ gnutls_free(tmp.data);
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -941,45 +897,42 @@ gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req,
- unsigned int critical,
- const gnutls_datum_t *nonce)
+gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req,
+ unsigned int critical,
+ const gnutls_datum_t * nonce)
{
- int ret;
- gnutls_datum_t dernonce;
- unsigned char temp[SIZEOF_UNSIGNED_LONG_INT + 1];
- int len;
-
- if (req == NULL || nonce == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- asn1_length_der (nonce->size, temp, &len);
-
- dernonce.size = 1 + len + nonce->size;
- dernonce.data = gnutls_malloc (dernonce.size);
- if (dernonce.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- dernonce.data[0] = '\x04';
- memcpy (dernonce.data + 1, temp, len);
- memcpy (dernonce.data + 1 + len, nonce->data, nonce->size);
-
- ret = set_extension (req->req, "tbsRequest.requestExtensions",
- GNUTLS_OCSP_NONCE, &dernonce, critical);
- gnutls_free (dernonce.data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ int ret;
+ gnutls_datum_t dernonce;
+ unsigned char temp[SIZEOF_UNSIGNED_LONG_INT + 1];
+ int len;
+
+ if (req == NULL || nonce == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ asn1_length_der(nonce->size, temp, &len);
+
+ dernonce.size = 1 + len + nonce->size;
+ dernonce.data = gnutls_malloc(dernonce.size);
+ if (dernonce.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ dernonce.data[0] = '\x04';
+ memcpy(dernonce.data + 1, temp, len);
+ memcpy(dernonce.data + 1 + len, nonce->data, nonce->size);
+
+ ret = set_extension(req->req, "tbsRequest.requestExtensions",
+ GNUTLS_OCSP_NONCE, &dernonce, critical);
+ gnutls_free(dernonce.data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
/**
@@ -992,34 +945,30 @@ gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error code is returned.
**/
-int
-gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req)
+int gnutls_ocsp_req_randomize_nonce(gnutls_ocsp_req_t req)
{
- int ret;
- uint8_t rndbuf[23];
- gnutls_datum_t nonce = { rndbuf, sizeof (rndbuf) };
-
- if (req == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_rnd (GNUTLS_RND_NONCE, rndbuf, sizeof (rndbuf));
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_ocsp_req_set_nonce (req, 0, &nonce);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ uint8_t rndbuf[23];
+ gnutls_datum_t nonce = { rndbuf, sizeof(rndbuf) };
+
+ if (req == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_rnd(GNUTLS_RND_NONCE, rndbuf, sizeof(rndbuf));
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_ocsp_req_set_nonce(req, 0, &nonce);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1032,40 +981,36 @@ gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req)
* Returns: status of OCSP request as a #gnutls_ocsp_resp_status_t, or
* a negative error code on error.
**/
-int
-gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_t resp)
+int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp)
{
- uint8_t str[1];
- int len, ret;
-
- if (resp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (str);
- ret = asn1_read_value (resp->resp, "responseStatus", str, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- switch (str[0])
- {
- case GNUTLS_OCSP_RESP_SUCCESSFUL:
- case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
- case GNUTLS_OCSP_RESP_INTERNALERROR:
- case GNUTLS_OCSP_RESP_TRYLATER:
- case GNUTLS_OCSP_RESP_SIGREQUIRED:
- case GNUTLS_OCSP_RESP_UNAUTHORIZED:
- break;
- default:
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
-
- return (int) str[0];
+ uint8_t str[1];
+ int len, ret;
+
+ if (resp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(str);
+ ret = asn1_read_value(resp->resp, "responseStatus", str, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ switch (str[0]) {
+ case GNUTLS_OCSP_RESP_SUCCESSFUL:
+ case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
+ case GNUTLS_OCSP_RESP_INTERNALERROR:
+ case GNUTLS_OCSP_RESP_TRYLATER:
+ case GNUTLS_OCSP_RESP_SIGREQUIRED:
+ case GNUTLS_OCSP_RESP_UNAUTHORIZED:
+ break;
+ default:
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+ return (int) str[0];
}
/**
@@ -1089,41 +1034,40 @@ gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_t resp)
* negative error value.
**/
int
-gnutls_ocsp_resp_get_response (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *response_type_oid,
- gnutls_datum_t *response)
+gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * response_type_oid,
+ gnutls_datum_t * response)
{
- int ret;
-
- if (resp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (response_type_oid != NULL)
- {
- ret = _gnutls_x509_read_value (resp->resp, "responseBytes.responseType",
- response_type_oid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (response != NULL)
- {
- ret = _gnutls_x509_read_value (resp->resp, "responseBytes.response",
- response);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+
+ if (resp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (response_type_oid != NULL) {
+ ret =
+ _gnutls_x509_read_value(resp->resp,
+ "responseBytes.responseType",
+ response_type_oid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (response != NULL) {
+ ret =
+ _gnutls_x509_read_value(resp->resp,
+ "responseBytes.response",
+ response);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1136,29 +1080,28 @@ gnutls_ocsp_resp_get_response (gnutls_ocsp_resp_t resp,
* Returns: version of Basic OCSP response, or a negative error code
* on error.
**/
-int
-gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_t resp)
+int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp)
{
- uint8_t version[8];
- int len, ret;
-
- if (resp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- ret = asn1_read_value (resp->resp, "tbsResponseData.version", version, &len);
- if (ret != ASN1_SUCCESS)
- {
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return (int) version[0] + 1;
+ uint8_t version[8];
+ int len, ret;
+
+ if (resp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ ret =
+ asn1_read_value(resp->resp, "tbsResponseData.version", version,
+ &len);
+ if (ret != ASN1_SUCCESS) {
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -1178,46 +1121,42 @@ gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_t resp)
* negative error code is returned.
**/
int
-gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *dn)
+gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * dn)
{
- int ret;
- size_t l = 0;
-
- if (resp == NULL || dn == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_parse_dn
- (resp->basicresp, "tbsResponseData.responderID.byName",
- NULL, &l);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return ret;
- }
-
- dn->data = gnutls_malloc (l);
- if (dn->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_x509_parse_dn
- (resp->basicresp, "tbsResponseData.responderID.byName",
- (char*)dn->data, &l);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- dn->size = l;
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ size_t l = 0;
+
+ if (resp == NULL || dn == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_parse_dn
+ (resp->basicresp, "tbsResponseData.responderID.byName",
+ NULL, &l);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return ret;
+ }
+
+ dn->data = gnutls_malloc(l);
+ if (dn->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_x509_parse_dn
+ (resp->basicresp, "tbsResponseData.responderID.byName",
+ (char *) dn->data, &l);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ dn->size = l;
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1229,31 +1168,29 @@ gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp,
*
* Returns: signing time, or (time_t)-1 on error.
**/
-time_t
-gnutls_ocsp_resp_get_produced (gnutls_ocsp_resp_t resp)
+time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp)
{
- char ttime[MAX_TIME];
- int len, ret;
- time_t c_time;
-
- if (resp == NULL || resp->basicresp == NULL)
- {
- gnutls_assert ();
- return (time_t) (-1);
- }
-
- len = sizeof (ttime) - 1;
- ret = asn1_read_value (resp->basicresp, "tbsResponseData.producedAt",
- ttime, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return (time_t) (-1);
- }
-
- c_time = _gnutls_x509_generalTime2gtime (ttime);
-
- return c_time;
+ char ttime[MAX_TIME];
+ int len, ret;
+ time_t c_time;
+
+ if (resp == NULL || resp->basicresp == NULL) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+
+ len = sizeof(ttime) - 1;
+ ret =
+ asn1_read_value(resp->basicresp, "tbsResponseData.producedAt",
+ ttime, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+
+ c_time = _gnutls_x509_generalTime2gtime(ttime);
+
+ return c_time;
}
/**
@@ -1271,89 +1208,84 @@ gnutls_ocsp_resp_get_produced (gnutls_ocsp_resp_t resp)
* Since: 3.1.3
**/
int
-gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_t resp,
- unsigned int indx,
- gnutls_x509_crt_t crt)
+gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+ unsigned int indx, gnutls_x509_crt_t crt)
{
-int ret;
-gnutls_digest_algorithm_t digest;
-gnutls_datum_t rdn_hash = {NULL, 0}, rserial = {NULL, 0};
-gnutls_datum_t cserial = {NULL, 0};
-gnutls_datum_t dn = {NULL, 0};
-uint8_t cdn_hash[MAX_HASH_SIZE];
-size_t t, hash_len;
-
- ret = gnutls_ocsp_resp_get_single (resp, indx, &digest, &rdn_hash, NULL,
- &rserial, NULL, NULL, NULL, NULL, NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (rserial.size == 0 || digest == GNUTLS_DIG_UNKNOWN)
- {
- ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
- goto cleanup;
- }
-
- hash_len = _gnutls_hash_get_algo_len(mac_to_entry(digest));
- if (hash_len != rdn_hash.size)
- {
- ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
- goto cleanup;
- }
-
- cserial.size = rserial.size;
- cserial.data = gnutls_malloc(cserial.size);
- if (cserial.data == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- t = cserial.size;
- ret = gnutls_x509_crt_get_serial(crt, cserial.data, &t);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if (rserial.size != cserial.size || memcmp(cserial.data, rserial.data, rserial.size) != 0)
- {
- ret = GNUTLS_E_OCSP_RESPONSE_ERROR;
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &dn);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_hash_fast( digest, dn.data, dn.size, cdn_hash);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if (memcmp(cdn_hash, rdn_hash.data, hash_len) != 0)
- {
- ret = GNUTLS_E_OCSP_RESPONSE_ERROR;
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_free(rdn_hash.data);
- gnutls_free(rserial.data);
- gnutls_free(cserial.data);
- gnutls_free(dn.data);
-
- return ret;
+ int ret;
+ gnutls_digest_algorithm_t digest;
+ gnutls_datum_t rdn_hash = { NULL, 0 }, rserial = {
+ NULL, 0};
+ gnutls_datum_t cserial = { NULL, 0 };
+ gnutls_datum_t dn = { NULL, 0 };
+ uint8_t cdn_hash[MAX_HASH_SIZE];
+ size_t t, hash_len;
+
+ ret =
+ gnutls_ocsp_resp_get_single(resp, indx, &digest, &rdn_hash,
+ NULL, &rserial, NULL, NULL, NULL,
+ NULL, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (rserial.size == 0 || digest == GNUTLS_DIG_UNKNOWN) {
+ ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
+ goto cleanup;
+ }
+
+ hash_len = _gnutls_hash_get_algo_len(mac_to_entry(digest));
+ if (hash_len != rdn_hash.size) {
+ ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
+ goto cleanup;
+ }
+
+ cserial.size = rserial.size;
+ cserial.data = gnutls_malloc(cserial.size);
+ if (cserial.data == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
+
+ t = cserial.size;
+ ret = gnutls_x509_crt_get_serial(crt, cserial.data, &t);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (rserial.size != cserial.size
+ || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
+ ret = GNUTLS_E_OCSP_RESPONSE_ERROR;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &dn);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_hash_fast(digest, dn.data, dn.size, cdn_hash);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (memcmp(cdn_hash, rdn_hash.data, hash_len) != 0) {
+ ret = GNUTLS_E_OCSP_RESPONSE_ERROR;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(rdn_hash.data);
+ gnutls_free(rserial.data);
+ gnutls_free(cserial.data);
+ gnutls_free(dn.data);
+
+ return ret;
}
/**
@@ -1384,194 +1316,177 @@ cleanup:
* returned.
**/
int
-gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
- unsigned indx,
- gnutls_digest_algorithm_t *digest,
- gnutls_datum_t *issuer_name_hash,
- gnutls_datum_t *issuer_key_hash,
- gnutls_datum_t *serial_number,
- unsigned int *cert_status,
- time_t *this_update,
- time_t *next_update,
- time_t *revocation_time,
- unsigned int *revocation_reason)
+gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
+ unsigned indx,
+ gnutls_digest_algorithm_t * digest,
+ gnutls_datum_t * issuer_name_hash,
+ gnutls_datum_t * issuer_key_hash,
+ gnutls_datum_t * serial_number,
+ unsigned int *cert_status,
+ time_t * this_update,
+ time_t * next_update,
+ time_t * revocation_time,
+ unsigned int *revocation_reason)
{
- gnutls_datum_t sa;
- char name[ASN1_MAX_NAME_SIZE];
- int ret;
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certID.hashAlgorithm.algorithm",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name, &sa);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_oid_to_digest ((char*)sa.data);
- _gnutls_free_datum (&sa);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (digest)
- *digest = ret;
-
- if (issuer_name_hash)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certID.issuerNameHash",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name,
- issuer_name_hash);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (issuer_key_hash)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certID.issuerKeyHash",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name,
- issuer_key_hash);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (issuer_name_hash)
- gnutls_free (issuer_name_hash->data);
- return ret;
- }
- }
-
- if (serial_number)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certID.serialNumber",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name,
- serial_number);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (issuer_name_hash)
- gnutls_free (issuer_name_hash->data);
- if (issuer_key_hash)
- gnutls_free (issuer_key_hash->data);
- return ret;
- }
- }
-
- if (cert_status)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certStatus",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name, &sa);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- if (sa.size == 5 && memcmp (sa.data, "good", sa.size) == 0)
- *cert_status = GNUTLS_OCSP_CERT_GOOD;
- else if (sa.size == 8 && memcmp (sa.data, "revoked", sa.size) == 0)
- *cert_status = GNUTLS_OCSP_CERT_REVOKED;
- else if (sa.size == 8 && memcmp (sa.data, "unknown", sa.size) == 0)
- *cert_status = GNUTLS_OCSP_CERT_UNKNOWN;
- else
- {
- gnutls_assert ();
- gnutls_free (sa.data);
- return GNUTLS_E_ASN1_DER_ERROR;
- }
- gnutls_free (sa.data);
- }
-
- if (this_update)
- {
- char ttime[MAX_TIME];
- int len;
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.thisUpdate",
- indx + 1);
- len = sizeof (ttime) - 1;
- ret = asn1_read_value (resp->basicresp, name, ttime, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- *this_update = (time_t) (-1);
- }
- else
- *this_update = _gnutls_x509_generalTime2gtime (ttime);
- }
-
- if (next_update)
- {
- char ttime[MAX_TIME];
- int len;
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.nextUpdate",
- indx + 1);
- len = sizeof (ttime) - 1;
- ret = asn1_read_value (resp->basicresp, name, ttime, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- *next_update = (time_t) (-1);
- }
- else
- *next_update = _gnutls_x509_generalTime2gtime (ttime);
- }
-
- if (revocation_time)
- {
- char ttime[MAX_TIME];
- int len;
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certStatus."
- "revoked.revocationTime",
- indx + 1);
- len = sizeof (ttime) - 1;
- ret = asn1_read_value (resp->basicresp, name, ttime, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- *revocation_time = (time_t) (-1);
- }
- else
- *revocation_time = _gnutls_x509_generalTime2gtime (ttime);
- }
-
- /* revocation_reason */
- if (revocation_reason)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certStatus."
- "revoked.revocationReason",
- indx + 1);
-
- ret = _gnutls_x509_read_uint (resp->basicresp, name,
- revocation_reason);
- if (ret < 0)
- *revocation_reason = GNUTLS_X509_CRLREASON_UNSPECIFIED;
- }
-
- return GNUTLS_E_SUCCESS;
+ gnutls_datum_t sa;
+ char name[ASN1_MAX_NAME_SIZE];
+ int ret;
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certID.hashAlgorithm.algorithm",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name, &sa);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_x509_oid_to_digest((char *) sa.data);
+ _gnutls_free_datum(&sa);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (digest)
+ *digest = ret;
+
+ if (issuer_name_hash) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certID.issuerNameHash",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name,
+ issuer_name_hash);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (issuer_key_hash) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certID.issuerKeyHash",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name,
+ issuer_key_hash);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+ return ret;
+ }
+ }
+
+ if (serial_number) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certID.serialNumber",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name,
+ serial_number);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+ if (issuer_key_hash)
+ gnutls_free(issuer_key_hash->data);
+ return ret;
+ }
+ }
+
+ if (cert_status) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certStatus",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name, &sa);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ if (sa.size == 5 && memcmp(sa.data, "good", sa.size) == 0)
+ *cert_status = GNUTLS_OCSP_CERT_GOOD;
+ else if (sa.size == 8
+ && memcmp(sa.data, "revoked", sa.size) == 0)
+ *cert_status = GNUTLS_OCSP_CERT_REVOKED;
+ else if (sa.size == 8
+ && memcmp(sa.data, "unknown", sa.size) == 0)
+ *cert_status = GNUTLS_OCSP_CERT_UNKNOWN;
+ else {
+ gnutls_assert();
+ gnutls_free(sa.data);
+ return GNUTLS_E_ASN1_DER_ERROR;
+ }
+ gnutls_free(sa.data);
+ }
+
+ if (this_update) {
+ char ttime[MAX_TIME];
+ int len;
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.thisUpdate",
+ indx + 1);
+ len = sizeof(ttime) - 1;
+ ret = asn1_read_value(resp->basicresp, name, ttime, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ *this_update = (time_t) (-1);
+ } else
+ *this_update =
+ _gnutls_x509_generalTime2gtime(ttime);
+ }
+
+ if (next_update) {
+ char ttime[MAX_TIME];
+ int len;
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.nextUpdate",
+ indx + 1);
+ len = sizeof(ttime) - 1;
+ ret = asn1_read_value(resp->basicresp, name, ttime, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ *next_update = (time_t) (-1);
+ } else
+ *next_update =
+ _gnutls_x509_generalTime2gtime(ttime);
+ }
+
+ if (revocation_time) {
+ char ttime[MAX_TIME];
+ int len;
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certStatus."
+ "revoked.revocationTime", indx + 1);
+ len = sizeof(ttime) - 1;
+ ret = asn1_read_value(resp->basicresp, name, ttime, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ *revocation_time = (time_t) (-1);
+ } else
+ *revocation_time =
+ _gnutls_x509_generalTime2gtime(ttime);
+ }
+
+ /* revocation_reason */
+ if (revocation_reason) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certStatus."
+ "revoked.revocationReason", indx + 1);
+
+ ret = _gnutls_x509_read_uint(resp->basicresp, name,
+ revocation_reason);
+ if (ret < 0)
+ *revocation_reason =
+ GNUTLS_X509_CRLREASON_UNSPECIFIED;
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1598,71 +1513,66 @@ gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
* be returned.
**/
int
-gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp,
- unsigned indx,
- gnutls_datum_t *oid,
- unsigned int *critical,
- gnutls_datum_t *data)
+gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t resp,
+ unsigned indx,
+ gnutls_datum_t * oid,
+ unsigned int *critical,
+ gnutls_datum_t * data)
{
- int ret;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- int len;
-
- if (!resp)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responseExtensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- ret = asn1_read_value (resp->basicresp, name, str_critical, &len);
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- if (oid)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responseExtensions.?%u.extnID", indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name, oid);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (data)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responseExtensions.?%u.extnValue", indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name, data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (oid)
- gnutls_free (oid->data);
- return ret;
- }
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!resp) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responseExtensions.?%u.critical",
+ indx + 1);
+ len = sizeof(str_critical);
+ ret = asn1_read_value(resp->basicresp, name, str_critical, &len);
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ if (oid) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responseExtensions.?%u.extnID",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name, oid);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (data) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responseExtensions.?%u.extnValue",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name, data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (oid)
+ gnutls_free(oid->data);
+ return ret;
+ }
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1681,34 +1591,33 @@ gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp,
* negative error code is returned.
**/
int
-gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_t resp,
- unsigned int *critical,
- gnutls_datum_t *nonce)
+gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t resp,
+ unsigned int *critical, gnutls_datum_t * nonce)
{
- int ret;
- gnutls_datum_t tmp;
-
- ret = get_extension (resp->basicresp, "tbsResponseData.responseExtensions",
- GNUTLS_OCSP_NONCE, 0,
- &tmp, critical);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_decode_string (ASN1_ETYPE_OCTET_STRING, tmp.data, (size_t) tmp.size,
- nonce);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (tmp.data);
- return ret;
- }
-
- gnutls_free (tmp.data);
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret =
+ get_extension(resp->basicresp,
+ "tbsResponseData.responseExtensions",
+ GNUTLS_OCSP_NONCE, 0, &tmp, critical);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data,
+ (size_t) tmp.size, nonce);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(tmp.data);
+ return ret;
+ }
+
+ gnutls_free(tmp.data);
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1722,25 +1631,23 @@ gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_t resp,
* Returns: a #gnutls_sign_algorithm_t value, or a negative error code
* on error.
**/
-int
-gnutls_ocsp_resp_get_signature_algorithm (gnutls_ocsp_resp_t resp)
+int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_t resp)
{
- int ret;
- gnutls_datum_t sa;
-
- ret = _gnutls_x509_read_value (resp->basicresp,
- "signatureAlgorithm.algorithm", &sa);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ int ret;
+ gnutls_datum_t sa;
+
+ ret = _gnutls_x509_read_value(resp->basicresp,
+ "signatureAlgorithm.algorithm", &sa);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_x509_oid2sign_algorithm ((char*)sa.data);
+ ret = _gnutls_x509_oid2sign_algorithm((char *) sa.data);
- _gnutls_free_datum (&sa);
+ _gnutls_free_datum(&sa);
- return ret;
+ return ret;
}
/**
@@ -1754,25 +1661,23 @@ gnutls_ocsp_resp_get_signature_algorithm (gnutls_ocsp_resp_t resp)
* negative error value.
**/
int
-gnutls_ocsp_resp_get_signature (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *sig)
+gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * sig)
{
- int ret;
-
- if (resp == NULL || sig == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_read_value (resp->basicresp, "signature", sig);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+
+ if (resp == NULL || sig == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_read_value(resp->basicresp, "signature", sig);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1798,302 +1703,271 @@ gnutls_ocsp_resp_get_signature (gnutls_ocsp_resp_t resp,
* negative error value.
**/
int
-gnutls_ocsp_resp_get_certs (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t ** certs,
- size_t *ncerts)
+gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t ** certs, size_t * ncerts)
{
- int ret;
- size_t ctr = 0, i;
- gnutls_x509_crt_t *tmpcerts = NULL, *tmpcerts2;
- gnutls_datum_t c = { NULL, 0 };
-
- if (resp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- tmpcerts = gnutls_malloc (sizeof (*tmpcerts));
- if (tmpcerts == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (;;)
- {
- char name[ASN1_MAX_NAME_SIZE];
-
- snprintf (name, sizeof (name), "certs.?%u", (unsigned int)(ctr + 1));
- ret = _gnutls_x509_der_encode (resp->basicresp, name, &c, 0);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- break;
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- tmpcerts2 = gnutls_realloc_fast (tmpcerts, (ctr + 2) * sizeof (*tmpcerts));
- if (tmpcerts2 == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- tmpcerts = tmpcerts2;
-
- ret = gnutls_x509_crt_init (&tmpcerts[ctr]);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- ctr++;
-
- ret = gnutls_x509_crt_import (tmpcerts[ctr - 1], &c,
- GNUTLS_X509_FMT_DER);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- gnutls_free (c.data);
- c.data = NULL;
- }
-
- tmpcerts[ctr] = NULL;
-
- if (ncerts)
- *ncerts = ctr;
- if (certs)
- *certs = tmpcerts;
- else
- {
- /* clean up memory */
- ret = GNUTLS_E_SUCCESS;
- goto error;
- }
-
- return GNUTLS_E_SUCCESS;
-
- error:
- gnutls_free (c.data);
- for (i = 0; i < ctr; i++)
- gnutls_x509_crt_deinit (tmpcerts[i]);
- gnutls_free (tmpcerts);
- return ret;
+ int ret;
+ size_t ctr = 0, i;
+ gnutls_x509_crt_t *tmpcerts = NULL, *tmpcerts2;
+ gnutls_datum_t c = { NULL, 0 };
+
+ if (resp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ tmpcerts = gnutls_malloc(sizeof(*tmpcerts));
+ if (tmpcerts == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (;;) {
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf(name, sizeof(name), "certs.?%u",
+ (unsigned int) (ctr + 1));
+ ret =
+ _gnutls_x509_der_encode(resp->basicresp, name, &c, 0);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ break;
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ tmpcerts2 =
+ gnutls_realloc_fast(tmpcerts,
+ (ctr + 2) * sizeof(*tmpcerts));
+ if (tmpcerts2 == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ tmpcerts = tmpcerts2;
+
+ ret = gnutls_x509_crt_init(&tmpcerts[ctr]);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ ctr++;
+
+ ret = gnutls_x509_crt_import(tmpcerts[ctr - 1], &c,
+ GNUTLS_X509_FMT_DER);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ gnutls_free(c.data);
+ c.data = NULL;
+ }
+
+ tmpcerts[ctr] = NULL;
+
+ if (ncerts)
+ *ncerts = ctr;
+ if (certs)
+ *certs = tmpcerts;
+ else {
+ /* clean up memory */
+ ret = GNUTLS_E_SUCCESS;
+ goto error;
+ }
+
+ return GNUTLS_E_SUCCESS;
+
+ error:
+ gnutls_free(c.data);
+ for (i = 0; i < ctr; i++)
+ gnutls_x509_crt_deinit(tmpcerts[i]);
+ gnutls_free(tmpcerts);
+ return ret;
}
/* Search the OCSP response for a certificate matching the responderId
mentioned in the OCSP response. */
-static gnutls_x509_crt_t
-find_signercert (gnutls_ocsp_resp_t resp)
+static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_t resp)
{
- int rc;
- gnutls_x509_crt_t * certs;
- size_t ncerts = 0, i;
- gnutls_datum_t riddn;
- gnutls_x509_crt_t signercert = NULL;
-
- rc = gnutls_ocsp_resp_get_responder (resp, &riddn);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return NULL;
- }
-
- rc = gnutls_ocsp_resp_get_certs (resp, &certs, &ncerts);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (riddn.data);
- return NULL;
- }
-
- for (i = 0; i < ncerts; i++)
- {
- char *crtdn;
- size_t crtdnsize = 0;
- int cmpok;
-
- rc = gnutls_x509_crt_get_dn (certs[i], NULL, &crtdnsize);
- if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- goto quit;
- }
-
- crtdn = gnutls_malloc (crtdnsize);
- if (crtdn == NULL)
- {
- gnutls_assert ();
- goto quit;
- }
-
- rc = gnutls_x509_crt_get_dn (certs[i], crtdn, &crtdnsize);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (crtdn);
- goto quit;
- }
-
- cmpok = (crtdnsize == riddn.size)
- && memcmp (riddn.data, crtdn, crtdnsize);
-
- gnutls_free (crtdn);
-
- if (cmpok == 0)
- {
- signercert = certs[i];
- goto quit;
- }
- }
-
- gnutls_assert ();
- signercert = NULL;
-
- quit:
- gnutls_free (riddn.data);
- for (i = 0; i < ncerts; i++)
- if (certs[i] != signercert)
- gnutls_x509_crt_deinit (certs[i]);
- gnutls_free (certs);
- return signercert;
+ int rc;
+ gnutls_x509_crt_t *certs;
+ size_t ncerts = 0, i;
+ gnutls_datum_t riddn;
+ gnutls_x509_crt_t signercert = NULL;
+
+ rc = gnutls_ocsp_resp_get_responder(resp, &riddn);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ rc = gnutls_ocsp_resp_get_certs(resp, &certs, &ncerts);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(riddn.data);
+ return NULL;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ char *crtdn;
+ size_t crtdnsize = 0;
+ int cmpok;
+
+ rc = gnutls_x509_crt_get_dn(certs[i], NULL, &crtdnsize);
+ if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto quit;
+ }
+
+ crtdn = gnutls_malloc(crtdnsize);
+ if (crtdn == NULL) {
+ gnutls_assert();
+ goto quit;
+ }
+
+ rc = gnutls_x509_crt_get_dn(certs[i], crtdn, &crtdnsize);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(crtdn);
+ goto quit;
+ }
+
+ cmpok = (crtdnsize == riddn.size)
+ && memcmp(riddn.data, crtdn, crtdnsize);
+
+ gnutls_free(crtdn);
+
+ if (cmpok == 0) {
+ signercert = certs[i];
+ goto quit;
+ }
+ }
+
+ gnutls_assert();
+ signercert = NULL;
+
+ quit:
+ gnutls_free(riddn.data);
+ for (i = 0; i < ncerts; i++)
+ if (certs[i] != signercert)
+ gnutls_x509_crt_deinit(certs[i]);
+ gnutls_free(certs);
+ return signercert;
}
static int
-_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t signercert,
- unsigned int *verify,
- unsigned int flags)
+_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t signercert,
+ unsigned int *verify, unsigned int flags)
{
- gnutls_datum_t sig = { NULL };
- gnutls_datum_t data = { NULL };
- gnutls_pubkey_t pubkey = NULL;
- int sigalg;
- int rc;
-
- if (resp == NULL || signercert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- rc = gnutls_ocsp_resp_get_signature_algorithm (resp);
- if (rc < 0)
- {
- gnutls_assert ();
- goto done;
- }
- sigalg = rc;
-
- rc = export (resp->basicresp, "tbsResponseData", &data);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- rc = gnutls_pubkey_init (&pubkey);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- rc = gnutls_pubkey_import_x509 (pubkey, signercert, 0);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- rc = gnutls_ocsp_resp_get_signature (resp, &sig);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- rc = gnutls_pubkey_verify_data2 (pubkey, sigalg, 0, &data, &sig);
- if (rc == GNUTLS_E_PK_SIG_VERIFY_FAILED)
- {
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE;
- }
- else if (rc < 0)
- {
- gnutls_assert ();
- goto done;
- }
- else
- *verify = 0;
-
- rc = GNUTLS_E_SUCCESS;
-
- done:
- gnutls_free (data.data);
- gnutls_free (sig.data);
- gnutls_pubkey_deinit (pubkey);
-
- return rc;
+ gnutls_datum_t sig = { NULL };
+ gnutls_datum_t data = { NULL };
+ gnutls_pubkey_t pubkey = NULL;
+ int sigalg;
+ int rc;
+
+ if (resp == NULL || signercert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ rc = gnutls_ocsp_resp_get_signature_algorithm(resp);
+ if (rc < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ sigalg = rc;
+
+ rc = export(resp->basicresp, "tbsResponseData", &data);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ rc = gnutls_pubkey_init(&pubkey);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ rc = gnutls_pubkey_import_x509(pubkey, signercert, 0);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ rc = gnutls_ocsp_resp_get_signature(resp, &sig);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ rc = gnutls_pubkey_verify_data2(pubkey, sigalg, 0, &data, &sig);
+ if (rc == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE;
+ } else if (rc < 0) {
+ gnutls_assert();
+ goto done;
+ } else
+ *verify = 0;
+
+ rc = GNUTLS_E_SUCCESS;
+
+ done:
+ gnutls_free(data.data);
+ gnutls_free(sig.data);
+ gnutls_pubkey_deinit(pubkey);
+
+ return rc;
}
static inline unsigned int vstatus_to_ocsp_status(unsigned int status)
{
-unsigned int ostatus;
-
- if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
- ostatus = GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM;
- else if (status & GNUTLS_CERT_NOT_ACTIVATED)
- ostatus = GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED;
- else if (status & GNUTLS_CERT_EXPIRED)
- ostatus = GNUTLS_OCSP_VERIFY_CERT_EXPIRED;
- else
- ostatus = GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER;
-
- return ostatus;
+ unsigned int ostatus;
+
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ ostatus = GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM;
+ else if (status & GNUTLS_CERT_NOT_ACTIVATED)
+ ostatus = GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED;
+ else if (status & GNUTLS_CERT_EXPIRED)
+ ostatus = GNUTLS_OCSP_VERIFY_CERT_EXPIRED;
+ else
+ ostatus = GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER;
+
+ return ostatus;
}
static int check_ocsp_purpose(gnutls_x509_crt_t signercert)
{
-char oidtmp[sizeof (GNUTLS_KP_OCSP_SIGNING)];
-size_t oidsize;
-int indx, rc;
-
- for (indx = 0; ; indx++)
- {
- oidsize = sizeof (oidtmp);
- rc = gnutls_x509_crt_get_key_purpose_oid (signercert, indx,
- oidtmp, &oidsize,
- NULL);
- if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert();
- return rc;
- }
- else if (rc == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- continue;
- }
- else if (rc != GNUTLS_E_SUCCESS)
- {
- return gnutls_assert_val(rc);
- }
-
- if (memcmp (oidtmp, GNUTLS_KP_OCSP_SIGNING, oidsize) != 0)
- {
- gnutls_assert ();
- continue;
- }
- break;
- }
-
- return 0;
+ char oidtmp[sizeof(GNUTLS_KP_OCSP_SIGNING)];
+ size_t oidsize;
+ int indx, rc;
+
+ for (indx = 0;; indx++) {
+ oidsize = sizeof(oidtmp);
+ rc = gnutls_x509_crt_get_key_purpose_oid(signercert, indx,
+ oidtmp, &oidsize,
+ NULL);
+ if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return rc;
+ } else if (rc == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ continue;
+ } else if (rc != GNUTLS_E_SUCCESS) {
+ return gnutls_assert_val(rc);
+ }
+
+ if (memcmp(oidtmp, GNUTLS_KP_OCSP_SIGNING, oidsize) != 0) {
+ gnutls_assert();
+ continue;
+ }
+ break;
+ }
+
+ return 0;
}
/**
@@ -2121,61 +1995,55 @@ int indx, rc;
* negative error value.
**/
int
-gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t issuer,
- unsigned int *verify,
- unsigned int flags)
+gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t issuer,
+ unsigned int *verify, unsigned int flags)
{
- gnutls_x509_crt_t signercert;
- int rc;
-
- if (resp == NULL || issuer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- signercert = find_signercert (resp);
- if (!signercert)
- {
- signercert = issuer;
- }
- else /* response contains a signer. Verify him */
- {
- unsigned int vtmp;
-
- rc = gnutls_x509_crt_verify (signercert, &issuer, 1, 0, &vtmp);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- if (vtmp != 0)
- {
- *verify = vstatus_to_ocsp_status(vtmp);
- gnutls_assert ();
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
-
- rc = check_ocsp_purpose(signercert);
- if (rc < 0)
- {
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR;
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
- }
-
- rc = _ocsp_resp_verify_direct(resp, signercert, verify, flags);
-
- done:
- if (signercert != issuer)
- gnutls_x509_crt_deinit(signercert);
-
- return rc;
+ gnutls_x509_crt_t signercert;
+ int rc;
+
+ if (resp == NULL || issuer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ signercert = find_signercert(resp);
+ if (!signercert) {
+ signercert = issuer;
+ } else { /* response contains a signer. Verify him */
+
+ unsigned int vtmp;
+
+ rc = gnutls_x509_crt_verify(signercert, &issuer, 1, 0,
+ &vtmp);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ if (vtmp != 0) {
+ *verify = vstatus_to_ocsp_status(vtmp);
+ gnutls_assert();
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+
+ rc = check_ocsp_purpose(signercert);
+ if (rc < 0) {
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR;
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+ }
+
+ rc = _ocsp_resp_verify_direct(resp, signercert, verify, flags);
+
+ done:
+ if (signercert != issuer)
+ gnutls_x509_crt_deinit(signercert);
+
+ return rc;
}
/**
@@ -2209,85 +2077,80 @@ gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
* negative error value.
**/
int
-gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
- gnutls_x509_trust_list_t trustlist,
- unsigned int *verify,
- unsigned int flags)
+gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp,
+ gnutls_x509_trust_list_t trustlist,
+ unsigned int *verify, unsigned int flags)
{
- gnutls_x509_crt_t signercert = NULL;
- int rc;
-
- /* Algorithm:
- 1. Find signer cert.
- 1a. Search in OCSP response Certificate field for responderID.
- 1b. Verify that signer cert is trusted.
- 2a. It is in trustlist?
- 2b. It has OCSP key usage and directly signed by a CA in trustlist?
- 3. Verify signature of Basic Response using public key from signer cert.
- */
-
- signercert = find_signercert (resp);
- if (!signercert)
- {
- /* XXX Search in trustlist for certificate matching
- responderId as well? */
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND;
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
-
- /* Either the signer is directly trusted (i.e., in trustlist) or it
- is directly signed by something in trustlist and has proper OCSP
- extkeyusage. */
- rc = _gnutls_trustlist_inlist (trustlist, signercert);
- if (rc == 0)
- {
- /* not in trustlist, need to verify signature and bits */
- gnutls_x509_crt_t issuer;
- unsigned vtmp;
-
- gnutls_assert ();
-
- rc = gnutls_x509_trust_list_get_issuer (trustlist, signercert,
- &issuer, 0);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER;
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
-
- rc = gnutls_x509_crt_verify (signercert, &issuer, 1, 0, &vtmp);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- if (vtmp != 0)
- {
- *verify = vstatus_to_ocsp_status(vtmp);
- gnutls_assert ();
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
-
- rc = check_ocsp_purpose(signercert);
- if (rc < 0)
- {
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR;
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
- }
-
- rc = _ocsp_resp_verify_direct (resp, signercert, verify, flags);
-
- done:
- gnutls_x509_crt_deinit (signercert);
-
- return rc;
+ gnutls_x509_crt_t signercert = NULL;
+ int rc;
+
+ /* Algorithm:
+ 1. Find signer cert.
+ 1a. Search in OCSP response Certificate field for responderID.
+ 1b. Verify that signer cert is trusted.
+ 2a. It is in trustlist?
+ 2b. It has OCSP key usage and directly signed by a CA in trustlist?
+ 3. Verify signature of Basic Response using public key from signer cert.
+ */
+
+ signercert = find_signercert(resp);
+ if (!signercert) {
+ /* XXX Search in trustlist for certificate matching
+ responderId as well? */
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND;
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+
+ /* Either the signer is directly trusted (i.e., in trustlist) or it
+ is directly signed by something in trustlist and has proper OCSP
+ extkeyusage. */
+ rc = _gnutls_trustlist_inlist(trustlist, signercert);
+ if (rc == 0) {
+ /* not in trustlist, need to verify signature and bits */
+ gnutls_x509_crt_t issuer;
+ unsigned vtmp;
+
+ gnutls_assert();
+
+ rc = gnutls_x509_trust_list_get_issuer(trustlist,
+ signercert, &issuer,
+ 0);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER;
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+
+ rc = gnutls_x509_crt_verify(signercert, &issuer, 1, 0,
+ &vtmp);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ if (vtmp != 0) {
+ *verify = vstatus_to_ocsp_status(vtmp);
+ gnutls_assert();
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+
+ rc = check_ocsp_purpose(signercert);
+ if (rc < 0) {
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR;
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+ }
+
+ rc = _ocsp_resp_verify_direct(resp, signercert, verify, flags);
+
+ done:
+ gnutls_x509_crt_deinit(signercert);
+
+ return rc;
}
diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c
index a2752dbe76..8a2e0e4797 100644
--- a/lib/x509/ocsp_output.c
+++ b/lib/x509/ocsp_output.c
@@ -38,118 +38,119 @@
#define addf _gnutls_buffer_append_printf
#define adds _gnutls_buffer_append_str
-static void
-print_req (gnutls_buffer_st * str, gnutls_ocsp_req_t req)
+static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_t req)
{
- int ret;
- unsigned indx;
-
- /* Version. */
- {
- int version = gnutls_ocsp_req_get_version (req);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* XXX requestorName */
-
- /* requestList */
- addf (str, "\tRequest List:\n");
- for (indx = 0; ; indx++)
- {
- gnutls_digest_algorithm_t digest;
- gnutls_datum_t in, ik, sn;
-
- ret = gnutls_ocsp_req_get_cert_id (req, indx, &digest, &in, &ik, &sn);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "\t\tCertificate ID:\n");
- if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_cert_id: %s\n",
- gnutls_strerror (ret));
- continue;
- }
- addf (str, "\t\t\tHash Algorithm: %s\n",
- _gnutls_digest_get_name (mac_to_entry(digest)));
-
- adds (str, "\t\t\tIssuer Name Hash: ");
- _gnutls_buffer_hexprint (str, in.data, in.size);
- adds (str, "\n");
-
- adds (str, "\t\t\tIssuer Key Hash: ");
- _gnutls_buffer_hexprint (str, ik.data, ik.size);
- adds (str, "\n");
-
- adds (str, "\t\t\tSerial Number: ");
- _gnutls_buffer_hexprint (str, sn.data, sn.size);
- adds (str, "\n");
-
- gnutls_free (in.data);
- gnutls_free (ik.data);
- gnutls_free (sn.data);
-
- /* XXX singleRequestExtensions */
- }
-
- for (indx = 0; ; indx++)
- {
- gnutls_datum_t oid;
- unsigned int critical;
- gnutls_datum_t data;
-
- ret = gnutls_ocsp_req_get_extension (req, indx, &oid, &critical, &data);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- else if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_extension: %s\n",
- gnutls_strerror (ret));
- continue;
- }
- if (indx == 0)
- adds (str, "\tExtensions:\n");
+ int ret;
+ unsigned indx;
- if (memcmp (oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0)
+ /* Version. */
{
- gnutls_datum_t nonce;
- unsigned int critical;
-
- ret = gnutls_ocsp_req_get_nonce (req, &critical, &nonce);
- if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_nonce: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- addf (str, "\t\tNonce%s: ", critical ? " (critical)" : "");
- _gnutls_buffer_hexprint (str, nonce.data, nonce.size);
- adds (str, "\n");
- gnutls_free (nonce.data);
- }
+ int version = gnutls_ocsp_req_get_version(req);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
}
- else
- {
- addf (str, "\t\tUnknown extension %s (%s):\n", oid.data,
- critical ? "critical" : "not critical");
-
- adds (str, _("\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, (char*)data.data, data.size);
- addf (str, "\n");
- adds (str, _("\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, (char*)data.data, data.size);
- adds (str, "\n");
+ /* XXX requestorName */
+
+ /* requestList */
+ addf(str, "\tRequest List:\n");
+ for (indx = 0;; indx++) {
+ gnutls_digest_algorithm_t digest;
+ gnutls_datum_t in, ik, sn;
+
+ ret =
+ gnutls_ocsp_req_get_cert_id(req, indx, &digest, &in,
+ &ik, &sn);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str, "\t\tCertificate ID:\n");
+ if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_cert_id: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ addf(str, "\t\t\tHash Algorithm: %s\n",
+ _gnutls_digest_get_name(mac_to_entry(digest)));
+
+ adds(str, "\t\t\tIssuer Name Hash: ");
+ _gnutls_buffer_hexprint(str, in.data, in.size);
+ adds(str, "\n");
+
+ adds(str, "\t\t\tIssuer Key Hash: ");
+ _gnutls_buffer_hexprint(str, ik.data, ik.size);
+ adds(str, "\n");
+
+ adds(str, "\t\t\tSerial Number: ");
+ _gnutls_buffer_hexprint(str, sn.data, sn.size);
+ adds(str, "\n");
+
+ gnutls_free(in.data);
+ gnutls_free(ik.data);
+ gnutls_free(sn.data);
+
+ /* XXX singleRequestExtensions */
}
- gnutls_free (oid.data);
- gnutls_free (data.data);
- }
+ for (indx = 0;; indx++) {
+ gnutls_datum_t oid;
+ unsigned int critical;
+ gnutls_datum_t data;
+
+ ret =
+ gnutls_ocsp_req_get_extension(req, indx, &oid,
+ &critical, &data);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ else if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_extension: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ if (indx == 0)
+ adds(str, "\tExtensions:\n");
+
+ if (memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
+ gnutls_datum_t nonce;
+ unsigned int critical;
+
+ ret =
+ gnutls_ocsp_req_get_nonce(req, &critical,
+ &nonce);
+ if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_nonce: %s\n",
+ gnutls_strerror(ret));
+ } else {
+ addf(str, "\t\tNonce%s: ",
+ critical ? " (critical)" : "");
+ _gnutls_buffer_hexprint(str, nonce.data,
+ nonce.size);
+ adds(str, "\n");
+ gnutls_free(nonce.data);
+ }
+ } else {
+ addf(str, "\t\tUnknown extension %s (%s):\n",
+ oid.data,
+ critical ? "critical" : "not critical");
+
+ adds(str, _("\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, (char *) data.data,
+ data.size);
+ addf(str, "\n");
+
+ adds(str, _("\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, (char *) data.data,
+ data.size);
+ adds(str, "\n");
+ }
+
+ gnutls_free(oid.data);
+ gnutls_free(data.data);
+ }
- /* XXX Signature */
+ /* XXX Signature */
}
/**
@@ -170,423 +171,444 @@ print_req (gnutls_buffer_st * str, gnutls_ocsp_req_t req)
* negative error value.
**/
int
-gnutls_ocsp_req_print (gnutls_ocsp_req_t req,
- gnutls_ocsp_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_ocsp_req_print(gnutls_ocsp_req_t req,
+ gnutls_ocsp_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int rc;
+ gnutls_buffer_st str;
+ int rc;
- if (format != GNUTLS_OCSP_PRINT_FULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (format != GNUTLS_OCSP_PRINT_FULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str (&str, _("OCSP Request Information:\n"));
+ _gnutls_buffer_append_str(&str, _("OCSP Request Information:\n"));
- print_req (&str, req);
+ print_req(&str, req);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- rc = _gnutls_buffer_to_datum (&str, out);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return rc;
- }
+ rc = _gnutls_buffer_to_datum(&str, out);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return rc;
+ }
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static void
-print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
- gnutls_ocsp_print_formats_t format)
+print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
+ gnutls_ocsp_print_formats_t format)
{
- int ret;
- unsigned indx;
-
- ret = gnutls_ocsp_resp_get_status (resp);
- if (ret < 0)
- {
- addf (str, "error: ocsp_resp_get_status: %s\n",
- gnutls_strerror (ret));
- return;
- }
-
- adds (str, "\tResponse Status: ");
- switch (ret)
- {
- case GNUTLS_OCSP_RESP_SUCCESSFUL:
- adds (str, "Successful\n");
- break;
-
- case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
- adds (str, "malformedRequest\n");
- return;
-
- case GNUTLS_OCSP_RESP_INTERNALERROR:
- adds (str, "internalError\n");
- return;
-
- case GNUTLS_OCSP_RESP_TRYLATER:
- adds (str, "tryLater\n");
- return;
-
- case GNUTLS_OCSP_RESP_SIGREQUIRED:
- adds (str, "sigRequired\n");
- return;
-
- case GNUTLS_OCSP_RESP_UNAUTHORIZED:
- adds (str, "unauthorized\n");
- return;
-
- default:
- adds (str, "unknown\n");
- return;
- }
-
- {
- gnutls_datum_t oid;
-
- ret = gnutls_ocsp_resp_get_response (resp, &oid, NULL);
- if (ret < 0)
- {
- addf (str, "error: get_response: %s\n", gnutls_strerror (ret));
- return;
- }
-
- adds (str, "\tResponse Type: ");
-#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
-
- if (oid.size == sizeof (OCSP_BASIC)
- && memcmp (oid.data, OCSP_BASIC, oid.size) == 0)
- {
- adds (str, "Basic OCSP Response\n");
- gnutls_free (oid.data);
- }
- else
- {
- addf (str, "Unknown response type (%.*s)\n", oid.size, oid.data);
- gnutls_free (oid.data);
- return;
- }
- }
-
- /* Version. */
- {
- int version = gnutls_ocsp_resp_get_version (resp);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* responderID */
- {
- gnutls_datum_t dn;
-
- /* XXX byKey */
-
- ret = gnutls_ocsp_resp_get_responder (resp, &dn);
- if (ret < 0)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (ret));
- else
- {
- addf (str, _("\tResponder ID: %.*s\n"), dn.size, dn.data);
- gnutls_free (dn.data);
- }
- }
-
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
- time_t tim = gnutls_ocsp_resp_get_produced (resp);
-
- if (tim == (time_t) -1)
- addf (str, "error: ocsp_resp_get_produced\n");
- else if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\tProduced At: %s\n"), s);
- }
-
- addf (str, "\tResponses:\n");
- for (indx = 0; ; indx++)
- {
- gnutls_digest_algorithm_t digest;
- gnutls_datum_t in, ik, sn;
- unsigned int cert_status;
- time_t this_update;
- time_t next_update;
- time_t revocation_time;
- unsigned int revocation_reason;
-
- ret = gnutls_ocsp_resp_get_single (resp,
- indx,
- &digest, &in, &ik, &sn,
- &cert_status,
- &this_update,
- &next_update,
- &revocation_time,
- &revocation_reason);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "\t\tCertificate ID:\n");
- if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_singleresponse: %s\n",
- gnutls_strerror (ret));
- continue;
+ int ret;
+ unsigned indx;
+
+ ret = gnutls_ocsp_resp_get_status(resp);
+ if (ret < 0) {
+ addf(str, "error: ocsp_resp_get_status: %s\n",
+ gnutls_strerror(ret));
+ return;
}
- addf (str, "\t\t\tHash Algorithm: %s\n",
- _gnutls_digest_get_name (mac_to_entry(digest)));
- adds (str, "\t\t\tIssuer Name Hash: ");
- _gnutls_buffer_hexprint (str, in.data, in.size);
- adds (str, "\n");
+ adds(str, "\tResponse Status: ");
+ switch (ret) {
+ case GNUTLS_OCSP_RESP_SUCCESSFUL:
+ adds(str, "Successful\n");
+ break;
- adds (str, "\t\t\tIssuer Key Hash: ");
- _gnutls_buffer_hexprint (str, ik.data, ik.size);
- adds (str, "\n");
+ case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
+ adds(str, "malformedRequest\n");
+ return;
- adds (str, "\t\t\tSerial Number: ");
- _gnutls_buffer_hexprint (str, sn.data, sn.size);
- adds (str, "\n");
+ case GNUTLS_OCSP_RESP_INTERNALERROR:
+ adds(str, "internalError\n");
+ return;
- gnutls_free (in.data);
- gnutls_free (ik.data);
- gnutls_free (sn.data);
+ case GNUTLS_OCSP_RESP_TRYLATER:
+ adds(str, "tryLater\n");
+ return;
- {
- const char *p = NULL;
+ case GNUTLS_OCSP_RESP_SIGREQUIRED:
+ adds(str, "sigRequired\n");
+ return;
- switch (cert_status)
- {
- case GNUTLS_OCSP_CERT_GOOD:
- p = "good";
- break;
+ case GNUTLS_OCSP_RESP_UNAUTHORIZED:
+ adds(str, "unauthorized\n");
+ return;
- case GNUTLS_OCSP_CERT_REVOKED:
- p = "revoked";
- break;
+ default:
+ adds(str, "unknown\n");
+ return;
+ }
- case GNUTLS_OCSP_CERT_UNKNOWN:
- p = "unknown";
- break;
+ {
+ gnutls_datum_t oid;
- default:
- addf (str, "\t\tCertificate Status: unexpected value %d\n",
- cert_status);
- break;
- }
+ ret = gnutls_ocsp_resp_get_response(resp, &oid, NULL);
+ if (ret < 0) {
+ addf(str, "error: get_response: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
- if (p)
- addf (str, "\t\tCertificate Status: %s\n", p);
- }
+ adds(str, "\tResponse Type: ");
+#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
- /* XXX revocation reason */
+ if (oid.size == sizeof(OCSP_BASIC)
+ && memcmp(oid.data, OCSP_BASIC, oid.size) == 0) {
+ adds(str, "Basic OCSP Response\n");
+ gnutls_free(oid.data);
+ } else {
+ addf(str, "Unknown response type (%.*s)\n",
+ oid.size, oid.data);
+ gnutls_free(oid.data);
+ return;
+ }
+ }
- if (cert_status == GNUTLS_OCSP_CERT_REVOKED)
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (revocation_time == (time_t) -1)
- addf (str, "error: revocation_time\n");
- else if (gmtime_r (&revocation_time, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n",
- (unsigned long) revocation_time);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n",
- (unsigned long) revocation_time);
- else
- addf (str, _("\t\tRevocation time: %s\n"), s);
- }
-
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (this_update == (time_t) -1)
- addf (str, "error: this_update\n");
- else if (gmtime_r (&this_update, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) this_update);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) this_update);
- else
- addf (str, _("\t\tThis Update: %s\n"), s);
- }
-
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (next_update == (time_t) -1)
- addf (str, "error: next_update\n");
- else if (gmtime_r (&next_update, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) next_update);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) next_update);
- else
- addf (str, _("\t\tNext Update: %s\n"), s);
- }
-
- /* XXX singleRequestExtensions */
- }
-
- adds (str, "\tExtensions:\n");
- for (indx = 0; ; indx++)
- {
- gnutls_datum_t oid;
- unsigned int critical;
- gnutls_datum_t data;
-
- ret = gnutls_ocsp_resp_get_extension (resp, indx, &oid, &critical, &data);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- else if (ret != GNUTLS_E_SUCCESS)
+ /* Version. */
{
- addf (str, "error: get_extension: %s\n",
- gnutls_strerror (ret));
- continue;
+ int version = gnutls_ocsp_resp_get_version(resp);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
}
- if (memcmp (oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0)
+ /* responderID */
{
- gnutls_datum_t nonce;
- unsigned int critical;
-
- ret = gnutls_ocsp_resp_get_nonce (resp, &critical, &nonce);
- if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_nonce: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- addf (str, "\t\tNonce%s: ", critical ? " (critical)" : "");
- _gnutls_buffer_hexprint (str, nonce.data, nonce.size);
- adds (str, "\n");
- gnutls_free (nonce.data);
- }
+ gnutls_datum_t dn;
+
+ /* XXX byKey */
+
+ ret = gnutls_ocsp_resp_get_responder(resp, &dn);
+ if (ret < 0)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(ret));
+ else {
+ addf(str, _("\tResponder ID: %.*s\n"), dn.size,
+ dn.data);
+ gnutls_free(dn.data);
+ }
}
- else
+
{
- addf (str, "\t\tUnknown extension %s (%s):\n", oid.data,
- critical ? "critical" : "not critical");
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+ time_t tim = gnutls_ocsp_resp_get_produced(resp);
+
+ if (tim == (time_t) - 1)
+ addf(str, "error: ocsp_resp_get_produced\n");
+ else if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t)
+ == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\tProduced At: %s\n"), s);
+ }
- adds (str, _("\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, (char*)data.data, data.size);
- addf (str, "\n");
+ addf(str, "\tResponses:\n");
+ for (indx = 0;; indx++) {
+ gnutls_digest_algorithm_t digest;
+ gnutls_datum_t in, ik, sn;
+ unsigned int cert_status;
+ time_t this_update;
+ time_t next_update;
+ time_t revocation_time;
+ unsigned int revocation_reason;
+
+ ret = gnutls_ocsp_resp_get_single(resp,
+ indx,
+ &digest, &in, &ik, &sn,
+ &cert_status,
+ &this_update,
+ &next_update,
+ &revocation_time,
+ &revocation_reason);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str, "\t\tCertificate ID:\n");
+ if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_singleresponse: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ addf(str, "\t\t\tHash Algorithm: %s\n",
+ _gnutls_digest_get_name(mac_to_entry(digest)));
+
+ adds(str, "\t\t\tIssuer Name Hash: ");
+ _gnutls_buffer_hexprint(str, in.data, in.size);
+ adds(str, "\n");
+
+ adds(str, "\t\t\tIssuer Key Hash: ");
+ _gnutls_buffer_hexprint(str, ik.data, ik.size);
+ adds(str, "\n");
+
+ adds(str, "\t\t\tSerial Number: ");
+ _gnutls_buffer_hexprint(str, sn.data, sn.size);
+ adds(str, "\n");
+
+ gnutls_free(in.data);
+ gnutls_free(ik.data);
+ gnutls_free(sn.data);
+
+ {
+ const char *p = NULL;
+
+ switch (cert_status) {
+ case GNUTLS_OCSP_CERT_GOOD:
+ p = "good";
+ break;
+
+ case GNUTLS_OCSP_CERT_REVOKED:
+ p = "revoked";
+ break;
+
+ case GNUTLS_OCSP_CERT_UNKNOWN:
+ p = "unknown";
+ break;
+
+ default:
+ addf(str,
+ "\t\tCertificate Status: unexpected value %d\n",
+ cert_status);
+ break;
+ }
+
+ if (p)
+ addf(str, "\t\tCertificate Status: %s\n",
+ p);
+ }
+
+ /* XXX revocation reason */
+
+ if (cert_status == GNUTLS_OCSP_CERT_REVOKED) {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (revocation_time == (time_t) - 1)
+ addf(str, "error: revocation_time\n");
+ else if (gmtime_r(&revocation_time, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) revocation_time);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) revocation_time);
+ else
+ addf(str, _("\t\tRevocation time: %s\n"),
+ s);
+ }
+
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (this_update == (time_t) - 1)
+ addf(str, "error: this_update\n");
+ else if (gmtime_r(&this_update, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) this_update);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) this_update);
+ else
+ addf(str, _("\t\tThis Update: %s\n"), s);
+ }
+
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (next_update == (time_t) - 1)
+ addf(str, "error: next_update\n");
+ else if (gmtime_r(&next_update, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) next_update);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) next_update);
+ else
+ addf(str, _("\t\tNext Update: %s\n"), s);
+ }
+
+ /* XXX singleRequestExtensions */
+ }
- adds (str, _("\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, (char*)data.data, data.size);
- adds (str, "\n");
+ adds(str, "\tExtensions:\n");
+ for (indx = 0;; indx++) {
+ gnutls_datum_t oid;
+ unsigned int critical;
+ gnutls_datum_t data;
+
+ ret =
+ gnutls_ocsp_resp_get_extension(resp, indx, &oid,
+ &critical, &data);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ else if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_extension: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+
+ if (memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
+ gnutls_datum_t nonce;
+ unsigned int critical;
+
+ ret =
+ gnutls_ocsp_resp_get_nonce(resp, &critical,
+ &nonce);
+ if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_nonce: %s\n",
+ gnutls_strerror(ret));
+ } else {
+ addf(str, "\t\tNonce%s: ",
+ critical ? " (critical)" : "");
+ _gnutls_buffer_hexprint(str, nonce.data,
+ nonce.size);
+ adds(str, "\n");
+ gnutls_free(nonce.data);
+ }
+ } else {
+ addf(str, "\t\tUnknown extension %s (%s):\n",
+ oid.data,
+ critical ? "critical" : "not critical");
+
+ adds(str, _("\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, (char *) data.data,
+ data.size);
+ addf(str, "\n");
+
+ adds(str, _("\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, (char *) data.data,
+ data.size);
+ adds(str, "\n");
+ }
+
+ gnutls_free(oid.data);
+ gnutls_free(data.data);
}
- gnutls_free (oid.data);
- gnutls_free (data.data);
- }
-
- /* Signature. */
- if (format == GNUTLS_OCSP_PRINT_FULL)
- {
- gnutls_datum_t sig;
-
- ret = gnutls_ocsp_resp_get_signature_algorithm (resp);
- if (ret < 0)
- addf (str, "error: get_signature_algorithm: %s\n",
- gnutls_strerror (ret));
- else
- {
- const char *name = gnutls_sign_algorithm_get_name (ret);
- if (name == NULL)
- name = _("unknown");
- addf (str, _("\tSignature Algorithm: %s\n"), name);
- }
- if (gnutls_sign_is_secure(ret) == 0)
- {
- adds (str, _("warning: signed using a broken signature "
- "algorithm that can be forged.\n"));
- }
-
- ret = gnutls_ocsp_resp_get_signature (resp, &sig);
- if (ret < 0)
- addf (str, "error: get_signature: %s\n", gnutls_strerror (ret));
- else
- {
- adds (str, _("\tSignature:\n"));
- _gnutls_buffer_hexdump (str, sig.data, sig.size, "\t\t");
-
- gnutls_free (sig.data);
- }
- }
-
- /* certs */
- if (format == GNUTLS_OCSP_PRINT_FULL)
- {
- gnutls_x509_crt_t *certs;
- size_t ncerts, i;
- gnutls_datum_t out;
-
- ret = gnutls_ocsp_resp_get_certs (resp, &certs, &ncerts);
- if (ret < 0)
- addf (str, "error: get_certs: %s\n", gnutls_strerror (ret));
- else
- {
- for (i = 0; i < ncerts; i++)
- {
- size_t s = 0;
-
- ret = gnutls_x509_crt_print (certs[i], GNUTLS_CRT_PRINT_FULL,
- &out);
- if (ret < 0)
- addf (str, "error: crt_print: %s\n", gnutls_strerror (ret));
- else
- {
- addf (str, "%.*s", out.size, out.data);
- gnutls_free (out.data);
- }
-
- ret = gnutls_x509_crt_export (certs[i], GNUTLS_X509_FMT_PEM,
- NULL, &s);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: crt_export: %s\n", gnutls_strerror (ret));
- else
- {
- out.data = gnutls_malloc (s);
- if (out.data == NULL)
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- ret = gnutls_x509_crt_export (certs[i], GNUTLS_X509_FMT_PEM,
- out.data, &s);
- if (ret < 0)
- addf (str, "error: crt_export: %s\n", gnutls_strerror (ret));
- else
- {
- out.size = s;
- addf (str, "%.*s", out.size, out.data);
- }
- gnutls_free (out.data);
- }
- }
-
- gnutls_x509_crt_deinit (certs[i]);
- }
- gnutls_free (certs);
- }
- }
+ /* Signature. */
+ if (format == GNUTLS_OCSP_PRINT_FULL) {
+ gnutls_datum_t sig;
+
+ ret = gnutls_ocsp_resp_get_signature_algorithm(resp);
+ if (ret < 0)
+ addf(str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror(ret));
+ else {
+ const char *name =
+ gnutls_sign_algorithm_get_name(ret);
+ if (name == NULL)
+ name = _("unknown");
+ addf(str, _("\tSignature Algorithm: %s\n"), name);
+ }
+ if (gnutls_sign_is_secure(ret) == 0) {
+ adds(str,
+ _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
+
+ ret = gnutls_ocsp_resp_get_signature(resp, &sig);
+ if (ret < 0)
+ addf(str, "error: get_signature: %s\n",
+ gnutls_strerror(ret));
+ else {
+ adds(str, _("\tSignature:\n"));
+ _gnutls_buffer_hexdump(str, sig.data, sig.size,
+ "\t\t");
+
+ gnutls_free(sig.data);
+ }
+ }
+
+ /* certs */
+ if (format == GNUTLS_OCSP_PRINT_FULL) {
+ gnutls_x509_crt_t *certs;
+ size_t ncerts, i;
+ gnutls_datum_t out;
+
+ ret = gnutls_ocsp_resp_get_certs(resp, &certs, &ncerts);
+ if (ret < 0)
+ addf(str, "error: get_certs: %s\n",
+ gnutls_strerror(ret));
+ else {
+ for (i = 0; i < ncerts; i++) {
+ size_t s = 0;
+
+ ret =
+ gnutls_x509_crt_print(certs[i],
+ GNUTLS_CRT_PRINT_FULL,
+ &out);
+ if (ret < 0)
+ addf(str, "error: crt_print: %s\n",
+ gnutls_strerror(ret));
+ else {
+ addf(str, "%.*s", out.size,
+ out.data);
+ gnutls_free(out.data);
+ }
+
+ ret =
+ gnutls_x509_crt_export(certs[i],
+ GNUTLS_X509_FMT_PEM,
+ NULL, &s);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str,
+ "error: crt_export: %s\n",
+ gnutls_strerror(ret));
+ else {
+ out.data = gnutls_malloc(s);
+ if (out.data == NULL)
+ addf(str,
+ "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ ret =
+ gnutls_x509_crt_export
+ (certs[i],
+ GNUTLS_X509_FMT_PEM,
+ out.data, &s);
+ if (ret < 0)
+ addf(str,
+ "error: crt_export: %s\n",
+ gnutls_strerror
+ (ret));
+ else {
+ out.size = s;
+ addf(str, "%.*s",
+ out.size,
+ out.data);
+ }
+ gnutls_free(out.data);
+ }
+ }
+
+ gnutls_x509_crt_deinit(certs[i]);
+ }
+ gnutls_free(certs);
+ }
+ }
}
/**
@@ -607,27 +629,26 @@ print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
* negative error value.
**/
int
-gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp,
- gnutls_ocsp_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_ocsp_resp_print(gnutls_ocsp_resp_t resp,
+ gnutls_ocsp_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int rc;
+ gnutls_buffer_st str;
+ int rc;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str (&str, _("OCSP Response Information:\n"));
+ _gnutls_buffer_append_str(&str, _("OCSP Response Information:\n"));
- print_resp (&str, resp, format);
+ print_resp(&str, resp, format);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- rc = _gnutls_buffer_to_datum (&str, out);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return rc;
- }
+ rc = _gnutls_buffer_to_datum(&str, out);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return rc;
+ }
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 22cf6b02c1..048a307800 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -36,225 +36,222 @@
#define ERROR_STR (char*) "(error)"
-static char *
-ip_to_string (void *_ip, int ip_size, char *string, int string_size)
+static char *ip_to_string(void *_ip, int ip_size, char *string,
+ int string_size)
{
- uint8_t *ip;
-
- if (ip_size != 4 && ip_size != 16)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (ip_size == 4 && string_size < 16)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (ip_size == 16 && string_size < 48)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ip = _ip;
- switch (ip_size)
- {
- case 4:
- snprintf (string, string_size, "%u.%u.%u.%u", ip[0], ip[1], ip[2],
- ip[3]);
- break;
- case 16:
- snprintf (string, string_size, "%x:%x:%x:%x:%x:%x:%x:%x",
- (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
- (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
- (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
- (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
- break;
- }
-
- return string;
+ uint8_t *ip;
+
+ if (ip_size != 4 && ip_size != 16) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (ip_size == 4 && string_size < 16) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (ip_size == 16 && string_size < 48) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ip = _ip;
+ switch (ip_size) {
+ case 4:
+ snprintf(string, string_size, "%u.%u.%u.%u", ip[0], ip[1],
+ ip[2], ip[3]);
+ break;
+ case 16:
+ snprintf(string, string_size, "%x:%x:%x:%x:%x:%x:%x:%x",
+ (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
+ (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
+ (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
+ (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
+ break;
+ }
+
+ return string;
}
static void
-add_altname (gnutls_buffer_st * str, const char *prefix,
- unsigned int alt_type, char *name, size_t name_size)
+add_altname(gnutls_buffer_st * str, const char *prefix,
+ unsigned int alt_type, char *name, size_t name_size)
{
- char str_ip[64];
- char *p;
-
- if ((alt_type == GNUTLS_SAN_DNSNAME
- || alt_type == GNUTLS_SAN_RFC822NAME
- || alt_type == GNUTLS_SAN_URI) && strlen (name) != name_size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (name) < name_size)
- name[strlen (name)] = '!';
- }
-
- switch (alt_type)
- {
- case GNUTLS_SAN_DNSNAME:
- addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) name_size, name);
- break;
-
- case GNUTLS_SAN_RFC822NAME:
- addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) name_size, name);
- break;
-
- case GNUTLS_SAN_URI:
- addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size, name);
- break;
-
- case GNUTLS_SAN_IPADDRESS:
- p = ip_to_string (name, name_size, str_ip, sizeof (str_ip));
- if (p == NULL)
- p = ERROR_STR;
- addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
- break;
-
- case GNUTLS_SAN_DN:
- addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
- (int) name_size, name);
- break;
- default:
- addf (str, "error: unknown altname\n");
- break;
- }
+ char str_ip[64];
+ char *p;
+
+ if ((alt_type == GNUTLS_SAN_DNSNAME
+ || alt_type == GNUTLS_SAN_RFC822NAME
+ || alt_type == GNUTLS_SAN_URI) && strlen(name) != name_size) {
+ adds(str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen(name) < name_size)
+ name[strlen(name)] = '!';
+ }
+
+ switch (alt_type) {
+ case GNUTLS_SAN_DNSNAME:
+ addf(str, "%s\t\t\tDNSname: %.*s\n", prefix,
+ (int) name_size, name);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf(str, "%s\t\t\tRFC822name: %.*s\n", prefix,
+ (int) name_size, name);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf(str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size,
+ name);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string(name, name_size, str_ip, sizeof(str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf(str, "%s\t\t\tIPAddress: %s\n", prefix, p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf(str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
+ (int) name_size, name);
+ break;
+ default:
+ addf(str, "error: unknown altname\n");
+ break;
+ }
}
-static void
-print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_proxy(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- int pathlen;
- char *policyLanguage;
- char *policy;
- size_t npolicy;
- int err;
-
- err = gnutls_x509_crt_get_proxy (cert, NULL,
- &pathlen, &policyLanguage,
- &policy, &npolicy);
- if (err < 0)
- {
- addf (str, "error: get_proxy: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (pathlen >= 0)
- addf (str, _("\t\t\tPath Length Constraint: %d\n"), pathlen);
- addf (str, _("\t\t\tPolicy Language: %s"), policyLanguage);
- if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
- adds (str, " (id-ppl-inheritALL)\n");
- else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
- adds (str, " (id-ppl-independent)\n");
- else
- adds (str, "\n");
- if (npolicy)
- {
- adds (str, _("\t\t\tPolicy:\n\t\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, policy, npolicy);
- adds (str, _("\n\t\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, policy, npolicy);
- adds (str, "\n");
- }
+ int pathlen;
+ char *policyLanguage;
+ char *policy;
+ size_t npolicy;
+ int err;
+
+ err = gnutls_x509_crt_get_proxy(cert, NULL,
+ &pathlen, &policyLanguage,
+ &policy, &npolicy);
+ if (err < 0) {
+ addf(str, "error: get_proxy: %s\n", gnutls_strerror(err));
+ return;
+ }
+
+ if (pathlen >= 0)
+ addf(str, _("\t\t\tPath Length Constraint: %d\n"),
+ pathlen);
+ addf(str, _("\t\t\tPolicy Language: %s"), policyLanguage);
+ if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
+ adds(str, " (id-ppl-inheritALL)\n");
+ else if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
+ adds(str, " (id-ppl-independent)\n");
+ else
+ adds(str, "\n");
+ if (npolicy) {
+ adds(str, _("\t\t\tPolicy:\n\t\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, policy, npolicy);
+ adds(str, _("\n\t\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, policy, npolicy);
+ adds(str, "\n");
+ }
}
-static void
-print_aia (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_aia(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- int err;
- int seq = 0;
- gnutls_datum_t data;
-
- for (;;)
- {
- err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
- if (err < 0)
- {
- addf (str, "error: get_aia: %s\n", gnutls_strerror (err));
- return;
- }
-
- addf (str, _("\t\t\tAccess Method: %.*s"), data.size, data.data);
- if (data.size == sizeof (GNUTLS_OID_AD_OCSP) &&
- memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0)
- adds (str, " (id-ad-ocsp)\n");
- else if (data.size == sizeof (GNUTLS_OID_AD_CAISSUERS) &&
- memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0)
- adds (str, " (id-ad-caIssuers)\n");
- else
- adds (str, " (UNKNOWN)\n");
-
- err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL);
- if (err < 0)
- {
- addf (str, "error: get_aia type: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (data.size == sizeof ("uniformResourceIdentifier") &&
- memcmp (data.data, "uniformResourceIdentifier", data.size) == 0)
- {
- adds (str, "\t\t\tAccess Location URI: ");
- err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_URI, &data, NULL);
- if (err < 0)
- {
- addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err));
- return;
- }
- addf (str, "%.*s\n", data.size, data.data);
- }
- else
- adds (str, "\t\t\tUnsupported accessLocation type\n");
-
- seq++;
- }
+ int err;
+ int seq = 0;
+ gnutls_datum_t data;
+
+ for (;;) {
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err < 0) {
+ addf(str, "error: get_aia: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ addf(str, _("\t\t\tAccess Method: %.*s"), data.size,
+ data.data);
+ if (data.size == sizeof(GNUTLS_OID_AD_OCSP)
+ && memcmp(data.data, GNUTLS_OID_AD_OCSP,
+ data.size) == 0)
+ adds(str, " (id-ad-ocsp)\n");
+ else if (data.size == sizeof(GNUTLS_OID_AD_CAISSUERS) &&
+ memcmp(data.data, GNUTLS_OID_AD_CAISSUERS,
+ data.size) == 0)
+ adds(str, " (id-ad-caIssuers)\n");
+ else
+ adds(str, " (UNKNOWN)\n");
+
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE,
+ &data, NULL);
+ if (err < 0) {
+ addf(str, "error: get_aia type: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (data.size == sizeof("uniformResourceIdentifier") &&
+ memcmp(data.data, "uniformResourceIdentifier",
+ data.size) == 0) {
+ adds(str, "\t\t\tAccess Location URI: ");
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_URI, &data, NULL);
+ if (err < 0) {
+ addf(str, "error: get_aia uri: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+ addf(str, "%.*s\n", data.size, data.data);
+ } else
+ adds(str,
+ "\t\t\tUnsupported accessLocation type\n");
+
+ seq++;
+ }
}
-static void
-print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_ski(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- char *buffer = NULL;
- size_t size = 0;
- int err;
-
- err = gnutls_x509_crt_get_subject_key_id (cert, buffer, &size, NULL);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_subject_key_id: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crt_get_subject_key_id (cert, buffer, &size, NULL);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_subject_key_id2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, "\t\t\t");
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
-
- gnutls_free (buffer);
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ err =
+ gnutls_x509_crt_get_subject_key_id(cert, buffer, &size, NULL);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_subject_key_id: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err =
+ gnutls_x509_crt_get_subject_key_id(cert, buffer, &size, NULL);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_subject_key_id2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, "\t\t\t");
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
}
#define TYPE_CRL 1
@@ -266,1539 +263,1682 @@ print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
#define TYPE_CRQ_SAN TYPE_CRQ
#define TYPE_CRT_IAN 4
-typedef union
-{
- gnutls_x509_crt_t crt;
- gnutls_x509_crq_t crq;
- gnutls_x509_crl_t crl;
- gnutls_pubkey_t pubkey;
+typedef union {
+ gnutls_x509_crt_t crt;
+ gnutls_x509_crq_t crq;
+ gnutls_x509_crl_t crl;
+ gnutls_pubkey_t pubkey;
} cert_type_t;
static void
-print_aki_gn_serial (gnutls_buffer_st * str, int type, cert_type_t cert)
+print_aki_gn_serial(gnutls_buffer_st * str, int type, cert_type_t cert)
{
- char *buffer = NULL;
- char serial[128];
- size_t size = 0, serial_size = sizeof (serial);
- unsigned int alt_type;
- int err;
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_authority_key_gn_serial (cert.crt, 0, NULL, &size,
- &alt_type, serial,
- &serial_size, NULL);
- else if (type == TYPE_CRL)
- err =
- gnutls_x509_crl_get_authority_key_gn_serial (cert.crl, 0, NULL, &size,
- &alt_type, serial,
- &serial_size, NULL);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_authority_key_gn_serial: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_authority_key_gn_serial (cert.crt, 0, buffer, &size,
- &alt_type, serial,
- &serial_size, NULL);
- else
- err =
- gnutls_x509_crl_get_authority_key_gn_serial (cert.crl, 0, buffer, &size,
- &alt_type, serial,
- &serial_size, NULL);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_authority_key_gn_serial2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- add_altname (str, "", alt_type, buffer, size);
- adds (str, "\t\t\tserial: ");
- _gnutls_buffer_hexprint (str, serial, serial_size);
- adds (str, "\n");
-
- gnutls_free (buffer);
+ char *buffer = NULL;
+ char serial[128];
+ size_t size = 0, serial_size = sizeof(serial);
+ unsigned int alt_type;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_gn_serial(cert.crt,
+ 0, NULL,
+ &size,
+ &alt_type,
+ serial,
+ &serial_size,
+ NULL);
+ else if (type == TYPE_CRL)
+ err =
+ gnutls_x509_crl_get_authority_key_gn_serial(cert.crl,
+ 0, NULL,
+ &size,
+ &alt_type,
+ serial,
+ &serial_size,
+ NULL);
+ else {
+ gnutls_assert();
+ return;
+ }
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_authority_key_gn_serial: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_gn_serial(cert.crt,
+ 0, buffer,
+ &size,
+ &alt_type,
+ serial,
+ &serial_size,
+ NULL);
+ else
+ err =
+ gnutls_x509_crl_get_authority_key_gn_serial(cert.crl,
+ 0, buffer,
+ &size,
+ &alt_type,
+ serial,
+ &serial_size,
+ NULL);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_authority_key_gn_serial2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ add_altname(str, "", alt_type, buffer, size);
+ adds(str, "\t\t\tserial: ");
+ _gnutls_buffer_hexprint(str, serial, serial_size);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
}
-static void
-print_aki (gnutls_buffer_st * str, int type, cert_type_t cert)
+static void print_aki(gnutls_buffer_st * str, int type, cert_type_t cert)
{
- char *buffer = NULL;
- size_t size = 0;
- int err;
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_authority_key_id (cert.crt, buffer, &size, NULL);
- else if (type == TYPE_CRL)
- err =
- gnutls_x509_crl_get_authority_key_id (cert.crl, buffer, &size, NULL);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err == GNUTLS_E_X509_UNSUPPORTED_EXTENSION)
- {
- /* Check if an alternative name is there */
- print_aki_gn_serial (str, type, cert);
- return;
- }
-
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_authority_key_id: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_authority_key_id (cert.crt, buffer, &size, NULL);
- else
- err =
- gnutls_x509_crl_get_authority_key_id (cert.crl, buffer, &size, NULL);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_authority_key_id2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, "\t\t\t");
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
-
- gnutls_free (buffer);
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_id(cert.crt, buffer,
+ &size, NULL);
+ else if (type == TYPE_CRL)
+ err =
+ gnutls_x509_crl_get_authority_key_id(cert.crl, buffer,
+ &size, NULL);
+ else {
+ gnutls_assert();
+ return;
+ }
+
+ if (err == GNUTLS_E_X509_UNSUPPORTED_EXTENSION) {
+ /* Check if an alternative name is there */
+ print_aki_gn_serial(str, type, cert);
+ return;
+ }
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_authority_key_id: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_id(cert.crt, buffer,
+ &size, NULL);
+ else
+ err =
+ gnutls_x509_crl_get_authority_key_id(cert.crl, buffer,
+ &size, NULL);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_authority_key_id2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, "\t\t\t");
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
}
static void
-print_key_usage (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+print_key_usage(gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
{
- unsigned int key_usage;
- int err;
-
- if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_key_usage (cert.crt, &key_usage, NULL);
- else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_key_usage (cert.crq, &key_usage, NULL);
- else if (type == TYPE_PUBKEY)
- err = gnutls_pubkey_get_key_usage (cert.pubkey, &key_usage);
- else
- return;
-
- if (err < 0)
- {
- addf (str, "error: get_key_usage: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
- addf (str, _("%sDigital signature.\n"), prefix);
- if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
- addf (str, _("%sNon repudiation.\n"), prefix);
- if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
- addf (str, _("%sKey encipherment.\n"), prefix);
- if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
- addf (str, _("%sData encipherment.\n"), prefix);
- if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
- addf (str, _("%sKey agreement.\n"), prefix);
- if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
- addf (str, _("%sCertificate signing.\n"), prefix);
- if (key_usage & GNUTLS_KEY_CRL_SIGN)
- addf (str, _("%sCRL signing.\n"), prefix);
- if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
- addf (str, _("%sKey encipher only.\n"), prefix);
- if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
- addf (str, _("%sKey decipher only.\n"), prefix);
+ unsigned int key_usage;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_key_usage(cert.crt, &key_usage,
+ NULL);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_key_usage(cert.crq, &key_usage,
+ NULL);
+ else if (type == TYPE_PUBKEY)
+ err = gnutls_pubkey_get_key_usage(cert.pubkey, &key_usage);
+ else
+ return;
+
+ if (err < 0) {
+ addf(str, "error: get_key_usage: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
+ addf(str, _("%sDigital signature.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
+ addf(str, _("%sNon repudiation.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
+ addf(str, _("%sKey encipherment.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
+ addf(str, _("%sData encipherment.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
+ addf(str, _("%sKey agreement.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
+ addf(str, _("%sCertificate signing.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_CRL_SIGN)
+ addf(str, _("%sCRL signing.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
+ addf(str, _("%sKey encipher only.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
+ addf(str, _("%sKey decipher only.\n"), prefix);
}
static void
-print_private_key_usage_period (gnutls_buffer_st * str, const char *prefix,
- int type, cert_type_t cert)
+print_private_key_usage_period(gnutls_buffer_st * str, const char *prefix,
+ int type, cert_type_t cert)
{
- time_t activation, expiration;
- int err;
- char s[42];
- struct tm t;
- size_t max;
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_private_key_usage_period (cert.crt, &activation,
- &expiration, NULL);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_private_key_usage_period (cert.crq, &activation,
- &expiration, NULL);
- else
- return;
-
- if (err < 0)
- {
- addf (str, "error: get_private_key_usage_period: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- max = sizeof (s);
-
- if (gmtime_r (&activation, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) activation);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) activation);
- else
- addf (str, _("\t\t\tNot Before: %s\n"), s);
-
- if (gmtime_r (&expiration, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) expiration);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) expiration);
- else
- addf (str, _("\t\t\tNot After: %s\n"), s);
+ time_t activation, expiration;
+ int err;
+ char s[42];
+ struct tm t;
+ size_t max;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_private_key_usage_period(cert.crt,
+ &activation,
+ &expiration,
+ NULL);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_private_key_usage_period(cert.crq,
+ &activation,
+ &expiration,
+ NULL);
+ else
+ return;
+
+ if (err < 0) {
+ addf(str, "error: get_private_key_usage_period: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ max = sizeof(s);
+
+ if (gmtime_r(&activation, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) activation);
+ else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) activation);
+ else
+ addf(str, _("\t\t\tNot Before: %s\n"), s);
+
+ if (gmtime_r(&expiration, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) expiration);
+ else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) expiration);
+ else
+ addf(str, _("\t\t\tNot After: %s\n"), s);
}
-static void
-print_crldist (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_crldist(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- char *buffer = NULL;
- size_t size;
- char str_ip[64];
- char *p;
- int err;
- int indx;
-
- for (indx = 0;; indx++)
- {
- size = 0;
- err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
- NULL, NULL);
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_crl_dist_points: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
- NULL, NULL);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_crl_dist_points2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- if ((err == GNUTLS_SAN_DNSNAME
- || err == GNUTLS_SAN_RFC822NAME
- || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
- {
- adds (str, _("warning: distributionPoint contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
-
- switch (err)
- {
- case GNUTLS_SAN_DNSNAME:
- addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_RFC822NAME:
- addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_URI:
- addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_IPADDRESS:
- p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
- if (p == NULL)
- p = ERROR_STR;
- addf (str, "\t\t\tIPAddress: %s\n", p);
- break;
-
- case GNUTLS_SAN_DN:
- addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer);
- break;
-
- default:
- addf (str, "error: unknown SAN\n");
- break;
- }
- gnutls_free (buffer);
- }
+ char *buffer = NULL;
+ size_t size;
+ char str_ip[64];
+ char *p;
+ int err;
+ int indx;
+
+ for (indx = 0;; indx++) {
+ size = 0;
+ err =
+ gnutls_x509_crt_get_crl_dist_points(cert, indx, buffer,
+ &size, NULL, NULL);
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_crl_dist_points: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err =
+ gnutls_x509_crt_get_crl_dist_points(cert, indx, buffer,
+ &size, NULL, NULL);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_crl_dist_points2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if ((err == GNUTLS_SAN_DNSNAME
+ || err == GNUTLS_SAN_RFC822NAME
+ || err == GNUTLS_SAN_URI) && strlen(buffer) != size) {
+ adds(str,
+ _
+ ("warning: distributionPoint contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen(buffer) < size)
+ buffer[strlen(buffer)] = '!';
+ }
+
+ switch (err) {
+ case GNUTLS_SAN_DNSNAME:
+ addf(str, "\t\t\tDNSname: %.*s\n", (int) size,
+ buffer);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf(str, "\t\t\tRFC822name: %.*s\n", (int) size,
+ buffer);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf(str, "\t\t\tURI: %.*s\n", (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string(buffer, size, str_ip,
+ sizeof(str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf(str, "\t\t\tIPAddress: %s\n", p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf(str, "\t\t\tdirectoryName: %.*s\n",
+ (int) size, buffer);
+ break;
+
+ default:
+ addf(str, "error: unknown SAN\n");
+ break;
+ }
+ gnutls_free(buffer);
+ }
}
static void
-print_key_purpose (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+print_key_purpose(gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
{
- int indx;
- char *buffer = NULL;
- size_t size;
- int err;
-
- for (indx = 0;; indx++)
- {
- size = 0;
- if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
- &size, NULL);
- else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
- &size, NULL);
- else
- return;
-
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_key_purpose_oid: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
- &size, NULL);
- else
- err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
- &size, NULL);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_key_purpose_oid2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- if (strcmp (buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0)
- addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
- addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_CODE_SIGNING) == 0)
- addf (str, _("%s\t\t\tCode signing.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0)
- addf (str, _("%s\t\t\tEmail protection.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_TIME_STAMPING) == 0)
- addf (str, _("%s\t\t\tTime stamping.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_OCSP_SIGNING) == 0)
- addf (str, _("%s\t\t\tOCSP signing.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_IPSEC_IKE) == 0)
- addf (str, _("%s\t\t\tIpsec IKE.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_ANY) == 0)
- addf (str, _("%s\t\t\tAny purpose.\n"), prefix);
- else
- addf (str, "%s\t\t\t%s\n", prefix, buffer);
-
- gnutls_free (buffer);
- }
+ int indx;
+ char *buffer = NULL;
+ size_t size;
+ int err;
+
+ for (indx = 0;; indx++) {
+ size = 0;
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_key_purpose_oid(cert.crt,
+ indx,
+ buffer,
+ &size,
+ NULL);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_key_purpose_oid(cert.crq,
+ indx,
+ buffer,
+ &size,
+ NULL);
+ else
+ return;
+
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_key_purpose_oid: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_key_purpose_oid(cert.crt,
+ indx,
+ buffer,
+ &size,
+ NULL);
+ else
+ err =
+ gnutls_x509_crq_get_key_purpose_oid(cert.crq,
+ indx,
+ buffer,
+ &size,
+ NULL);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_key_purpose_oid2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (strcmp(buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0)
+ addf(str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
+ addf(str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_CODE_SIGNING) == 0)
+ addf(str, _("%s\t\t\tCode signing.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0)
+ addf(str, _("%s\t\t\tEmail protection.\n"),
+ prefix);
+ else if (strcmp(buffer, GNUTLS_KP_TIME_STAMPING) == 0)
+ addf(str, _("%s\t\t\tTime stamping.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_OCSP_SIGNING) == 0)
+ addf(str, _("%s\t\t\tOCSP signing.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_IPSEC_IKE) == 0)
+ addf(str, _("%s\t\t\tIpsec IKE.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_ANY) == 0)
+ addf(str, _("%s\t\t\tAny purpose.\n"), prefix);
+ else
+ addf(str, "%s\t\t\t%s\n", prefix, buffer);
+
+ gnutls_free(buffer);
+ }
}
static void
-print_basic (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+print_basic(gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
{
- int pathlen;
- int err;
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_basic_constraints (cert.crt, NULL, NULL, &pathlen);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_basic_constraints (cert.crq, NULL, NULL, &pathlen);
- else
- return;
-
- if (err < 0)
- {
- addf (str, "error: get_basic_constraints: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (err == 0)
- addf (str, _("%s\t\t\tCertificate Authority (CA): FALSE\n"), prefix);
- else
- addf (str, _("%s\t\t\tCertificate Authority (CA): TRUE\n"), prefix);
-
- if (pathlen >= 0)
- addf (str, _("%s\t\t\tPath Length Constraint: %d\n"), prefix, pathlen);
+ int pathlen;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_basic_constraints(cert.crt, NULL,
+ NULL, &pathlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_basic_constraints(cert.crq, NULL,
+ NULL, &pathlen);
+ else
+ return;
+
+ if (err < 0) {
+ addf(str, "error: get_basic_constraints: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (err == 0)
+ addf(str, _("%s\t\t\tCertificate Authority (CA): FALSE\n"),
+ prefix);
+ else
+ addf(str, _("%s\t\t\tCertificate Authority (CA): TRUE\n"),
+ prefix);
+
+ if (pathlen >= 0)
+ addf(str, _("%s\t\t\tPath Length Constraint: %d\n"),
+ prefix, pathlen);
}
static void
-print_altname (gnutls_buffer_st * str, const char *prefix,
- unsigned int altname_type, cert_type_t cert)
+print_altname(gnutls_buffer_st * str, const char *prefix,
+ unsigned int altname_type, cert_type_t cert)
{
- unsigned int altname_idx;
-
- for (altname_idx = 0;; altname_idx++)
- {
- char *buffer = NULL;
- size_t size = 0;
- int err;
-
- if (altname_type == TYPE_CRT_SAN)
- err =
- gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
- else if (altname_type == TYPE_CRQ_SAN)
- err =
- gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
- &size, NULL, NULL);
- else if (altname_type == TYPE_CRT_IAN)
- err =
- gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
- else
- return;
-
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_subject/issuer_alt_name: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (altname_type == TYPE_CRT_SAN)
- err =
- gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
- else if (altname_type == TYPE_CRQ_SAN)
- err =
- gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
- &size, NULL, NULL);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx,
- buffer, &size, NULL);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_subject/issuer_alt_name2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
-
- if (err == GNUTLS_SAN_OTHERNAME)
- {
- char *oid = NULL;
- size_t oidsize;
-
- oidsize = 0;
- if (altname_type == TYPE_CRT_SAN)
- err = gnutls_x509_crt_get_subject_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRQ_SAN)
- err = gnutls_x509_crq_get_subject_alt_othername_oid
- (cert.crq, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
-
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_free (buffer);
- addf (str,
- "error: get_subject/issuer_alt_othername_oid: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- oid = gnutls_malloc (oidsize);
- if (!oid)
- {
- gnutls_free (buffer);
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (altname_type == TYPE_CRT_SAN)
- err = gnutls_x509_crt_get_subject_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRQ_SAN)
- err = gnutls_x509_crq_get_subject_alt_othername_oid
- (cert.crq, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- gnutls_free (oid);
- addf (str, "error: get_subject_alt_othername_oid2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- if (err == GNUTLS_SAN_OTHERNAME_XMPP)
- {
- if (strlen (buffer) != size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
-
- addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
- (int) size, buffer);
- }
- else
- {
- addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
- (int) oidsize, oid);
- addf (str, _("%s\t\t\totherName DER: "), prefix);
- _gnutls_buffer_hexprint (str, buffer, size);
- addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
- _gnutls_buffer_asciiprint (str, buffer, size);
- addf (str, "\n");
- }
- gnutls_free (oid);
- }
- else
- add_altname (str, prefix, err, buffer, size);
-
- gnutls_free (buffer);
- }
+ unsigned int altname_idx;
+
+ for (altname_idx = 0;; altname_idx++) {
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_name(cert.crt,
+ altname_idx,
+ buffer,
+ &size,
+ NULL);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_name(cert.crq,
+ altname_idx,
+ buffer,
+ &size,
+ NULL,
+ NULL);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_name(cert.crt,
+ altname_idx,
+ buffer,
+ &size,
+ NULL);
+ else
+ return;
+
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str,
+ "error: get_subject/issuer_alt_name: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_name(cert.crt,
+ altname_idx,
+ buffer,
+ &size,
+ NULL);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_name(cert.crq,
+ altname_idx,
+ buffer,
+ &size,
+ NULL,
+ NULL);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_name(cert.crt,
+ altname_idx,
+ buffer,
+ &size,
+ NULL);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_subject/issuer_alt_name2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+
+ if (err == GNUTLS_SAN_OTHERNAME) {
+ char *oid = NULL;
+ size_t oidsize;
+
+ oidsize = 0;
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_subject/issuer_alt_othername_oid: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ oid = gnutls_malloc(oidsize);
+ if (!oid) {
+ gnutls_free(buffer);
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ gnutls_free(oid);
+ addf(str,
+ "error: get_subject_alt_othername_oid2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (err == GNUTLS_SAN_OTHERNAME_XMPP) {
+ if (strlen(buffer) != size) {
+ adds(str,
+ _
+ ("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen(buffer) < size)
+ buffer[strlen(buffer)] =
+ '!';
+ }
+
+ addf(str,
+ _("%s\t\t\tXMPP Address: %.*s\n"),
+ prefix, (int) size, buffer);
+ } else {
+ addf(str,
+ _("%s\t\t\totherName OID: %.*s\n"),
+ prefix, (int) oidsize, oid);
+ addf(str, _("%s\t\t\totherName DER: "),
+ prefix);
+ _gnutls_buffer_hexprint(str, buffer, size);
+ addf(str, _("\n%s\t\t\totherName ASCII: "),
+ prefix);
+ _gnutls_buffer_asciiprint(str, buffer,
+ size);
+ addf(str, "\n");
+ }
+ gnutls_free(oid);
+ } else
+ add_altname(str, prefix, err, buffer, size);
+
+ gnutls_free(buffer);
+ }
}
static void
-guiddump (gnutls_buffer_st * str, const char *data, size_t len,
- const char *spc)
+guiddump(gnutls_buffer_st * str, const char *data, size_t len,
+ const char *spc)
{
- size_t j;
-
- if (spc)
- adds (str, spc);
- addf (str, "{");
- addf (str, "%.2X", (unsigned char) data[3]);
- addf (str, "%.2X", (unsigned char) data[2]);
- addf (str, "%.2X", (unsigned char) data[1]);
- addf (str, "%.2X", (unsigned char) data[0]);
- addf (str, "-");
- addf (str, "%.2X", (unsigned char) data[5]);
- addf (str, "%.2X", (unsigned char) data[4]);
- addf (str, "-");
- addf (str, "%.2X", (unsigned char) data[7]);
- addf (str, "%.2X", (unsigned char) data[6]);
- addf (str, "-");
- addf (str, "%.2X", (unsigned char) data[8]);
- addf (str, "%.2X", (unsigned char) data[9]);
- addf (str, "-");
- for (j = 10; j < 16; j++)
- {
- addf (str, "%.2X", (unsigned char) data[j]);
- }
- addf (str, "}\n");
+ size_t j;
+
+ if (spc)
+ adds(str, spc);
+ addf(str, "{");
+ addf(str, "%.2X", (unsigned char) data[3]);
+ addf(str, "%.2X", (unsigned char) data[2]);
+ addf(str, "%.2X", (unsigned char) data[1]);
+ addf(str, "%.2X", (unsigned char) data[0]);
+ addf(str, "-");
+ addf(str, "%.2X", (unsigned char) data[5]);
+ addf(str, "%.2X", (unsigned char) data[4]);
+ addf(str, "-");
+ addf(str, "%.2X", (unsigned char) data[7]);
+ addf(str, "%.2X", (unsigned char) data[6]);
+ addf(str, "-");
+ addf(str, "%.2X", (unsigned char) data[8]);
+ addf(str, "%.2X", (unsigned char) data[9]);
+ addf(str, "-");
+ for (j = 10; j < 16; j++) {
+ addf(str, "%.2X", (unsigned char) data[j]);
+ }
+ addf(str, "}\n");
}
static void
-print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
+print_unique_ids(gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
{
- int result;
- char buf[256]; /* if its longer, we won't bother to print it */
- size_t buf_size = 256;
-
- result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
- if (result >= 0)
- {
- addf (str, ("\t\tIssuer Unique ID:\n"));
- _gnutls_buffer_hexdump (str, buf, buf_size, "\t\t\t");
- if (buf_size == 16)
- { /* this could be a GUID */
- guiddump (str, buf, buf_size, "\t\t\t");
- }
- }
-
- buf_size = 256;
- result = gnutls_x509_crt_get_subject_unique_id (cert, buf, &buf_size);
- if (result >= 0)
- {
- addf (str, ("\t\tSubject Unique ID:\n"));
- _gnutls_buffer_hexdump (str, buf, buf_size, "\t\t\t");
- if (buf_size == 16)
- { /* this could be a GUID */
- guiddump (str, buf, buf_size, "\t\t\t");
- }
- }
+ int result;
+ char buf[256]; /* if its longer, we won't bother to print it */
+ size_t buf_size = 256;
+
+ result =
+ gnutls_x509_crt_get_issuer_unique_id(cert, buf, &buf_size);
+ if (result >= 0) {
+ addf(str, ("\t\tIssuer Unique ID:\n"));
+ _gnutls_buffer_hexdump(str, buf, buf_size, "\t\t\t");
+ if (buf_size == 16) { /* this could be a GUID */
+ guiddump(str, buf, buf_size, "\t\t\t");
+ }
+ }
+
+ buf_size = 256;
+ result =
+ gnutls_x509_crt_get_subject_unique_id(cert, buf, &buf_size);
+ if (result >= 0) {
+ addf(str, ("\t\tSubject Unique ID:\n"));
+ _gnutls_buffer_hexdump(str, buf, buf_size, "\t\t\t");
+ if (buf_size == 16) { /* this could be a GUID */
+ guiddump(str, buf, buf_size, "\t\t\t");
+ }
+ }
}
static void
-print_extensions (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+print_extensions(gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
{
- unsigned i, j;
- int err;
- int san_idx = 0;
- int ian_idx = 0;
- int proxy_idx = 0;
- int basic_idx = 0;
- int keyusage_idx = 0;
- int keypurpose_idx = 0;
- int ski_idx = 0;
- int aki_idx = 0;
- int crldist_idx = 0, pkey_usage_period_idx = 0;
- char pfx[16];
-
- for (i = 0;; i++)
- {
- char oid[MAX_OID_SIZE] = "";
- size_t sizeof_oid = sizeof (oid);
- unsigned int critical;
-
- if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_extension_info (cert.crt, i,
- oid, &sizeof_oid,
- &critical);
-
- else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_extension_info (cert.crq, i,
- oid, &sizeof_oid,
- &critical);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- if (i == 0)
- addf (str, _("%s\tExtensions:\n"), prefix);
-
- if (strcmp (oid, "2.5.29.19") == 0)
- {
- if (basic_idx)
- {
- addf (str, "error: more than one basic constraint\n");
- continue;
- }
-
- addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_basic (str, prefix, type, cert);
-
- basic_idx++;
- }
- else if (strcmp (oid, "2.5.29.14") == 0)
- {
- if (ski_idx)
- {
- addf (str, "error: more than one SKI extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_ski (str, cert.crt);
-
- ski_idx++;
- }
- else if (strcmp (oid, "2.5.29.32") == 0)
- {
- struct gnutls_x509_policy_st policy;
- const char *name;
- int x;
-
- for (x = 0;; x++)
- {
- err =
- gnutls_x509_crt_get_policy (cert.crt, x, &policy, &critical);
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
-
- if (err < 0)
- {
- addf (str, "error: certificate policy: %s\n",
- gnutls_strerror (err));
- break;
- }
-
- if (x == 0)
- addf (str, "%s\t\tCertificate Policies (%s):\n", prefix,
- critical ? _("critical") : _("not critical"));
-
- addf (str, "%s\t\t\t%s\n", prefix, policy.oid);
- for (j = 0; j < policy.qualifiers; j++)
- {
- if (policy.qualifier[j].type == GNUTLS_X509_QUALIFIER_URI)
- name = "URI";
- else if (policy.qualifier[j].type ==
- GNUTLS_X509_QUALIFIER_NOTICE)
- name = "Note";
- else
- name = "Unknown qualifier";
- addf (str, "%s\t\t\t\t%s: %s\n", prefix, name,
- policy.qualifier[j].data);
- }
-
- gnutls_x509_policy_release (&policy);
- }
- }
- else if (strcmp (oid, "2.5.29.35") == 0)
- {
-
- if (aki_idx)
- {
- addf (str, "error: more than one AKI extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_aki (str, TYPE_CRT, cert);
-
- aki_idx++;
- }
- else if (strcmp (oid, "2.5.29.15") == 0)
- {
- if (keyusage_idx)
- {
- addf (str, "error: more than one key usage extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tKey Usage (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix);
- print_key_usage (str, pfx, type, cert);
-
- keyusage_idx++;
- }
- else if (strcmp (oid, "2.5.29.16") == 0)
- {
- if (pkey_usage_period_idx)
- {
- addf (str,
- "error: more than one private key usage period extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tPrivate Key Usage Period (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_private_key_usage_period (str, prefix, type, cert);
-
- pkey_usage_period_idx++;
- }
- else if (strcmp (oid, "2.5.29.37") == 0)
- {
- if (keypurpose_idx)
- {
- addf (str, "error: more than one key purpose extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_key_purpose (str, prefix, type, cert);
- keypurpose_idx++;
- }
- else if (strcmp (oid, "2.5.29.17") == 0)
- {
- if (san_idx)
- {
- addf (str, "error: more than one SKI extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_altname (str, prefix, type, cert);
-
- san_idx++;
- }
- else if (strcmp (oid, "2.5.29.18") == 0)
- {
- if (ian_idx)
- {
- addf (str, "error: more than one Issuer AltName extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_altname (str, prefix, TYPE_CRT_IAN, cert);
-
- ian_idx++;
- }
- else if (strcmp (oid, "2.5.29.31") == 0)
- {
- if (crldist_idx)
- {
- addf (str, "error: more than one CRL distribution point\n");
- continue;
- }
-
- addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_crldist (str, cert.crt);
- crldist_idx++;
- }
- else if (strcmp (oid, "1.3.6.1.5.5.7.1.14") == 0)
- {
- if (proxy_idx)
- {
- addf (str, "error: more than one proxy extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_proxy (str, cert.crt);
-
- proxy_idx++;
- }
- else if (strcmp (oid, "1.3.6.1.5.5.7.1.1") == 0)
- {
- addf (str, _("%s\t\tAuthority Information "
- "Access (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_aia (str, cert.crt);
- }
- else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err < 0)
- {
- addf (str, "error: get_extension_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_extension_data (cert.crt, i, buffer,
- &extlen);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_extension_data (cert.crq, i, buffer,
- &extlen);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_extension_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- addf (str, _("%s\t\t\tASCII: "), prefix);
- _gnutls_buffer_asciiprint (str, buffer, extlen);
- addf (str, "\n");
-
- addf (str, _("%s\t\t\tHexdump: "), prefix);
- _gnutls_buffer_hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
- }
+ unsigned i, j;
+ int err;
+ int san_idx = 0;
+ int ian_idx = 0;
+ int proxy_idx = 0;
+ int basic_idx = 0;
+ int keyusage_idx = 0;
+ int keypurpose_idx = 0;
+ int ski_idx = 0;
+ int aki_idx = 0;
+ int crldist_idx = 0, pkey_usage_period_idx = 0;
+ char pfx[16];
+
+ for (i = 0;; i++) {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof(oid);
+ unsigned int critical;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_info(cert.crt, i,
+ oid,
+ &sizeof_oid,
+ &critical);
+
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_info(cert.crq, i,
+ oid,
+ &sizeof_oid,
+ &critical);
+ else {
+ gnutls_assert();
+ return;
+ }
+
+ if (err < 0) {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str, "error: get_extension_info: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ if (i == 0)
+ addf(str, _("%s\tExtensions:\n"), prefix);
+
+ if (strcmp(oid, "2.5.29.19") == 0) {
+ if (basic_idx) {
+ addf(str,
+ "error: more than one basic constraint\n");
+ continue;
+ }
+
+ addf(str, _("%s\t\tBasic Constraints (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_basic(str, prefix, type, cert);
+
+ basic_idx++;
+ } else if (strcmp(oid, "2.5.29.14") == 0) {
+ if (ski_idx) {
+ addf(str,
+ "error: more than one SKI extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tSubject Key Identifier (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_ski(str, cert.crt);
+
+ ski_idx++;
+ } else if (strcmp(oid, "2.5.29.32") == 0) {
+ struct gnutls_x509_policy_st policy;
+ const char *name;
+ int x;
+
+ for (x = 0;; x++) {
+ err =
+ gnutls_x509_crt_get_policy(cert.crt, x,
+ &policy,
+ &critical);
+ if (err ==
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ if (err < 0) {
+ addf(str,
+ "error: certificate policy: %s\n",
+ gnutls_strerror(err));
+ break;
+ }
+
+ if (x == 0)
+ addf(str,
+ "%s\t\tCertificate Policies (%s):\n",
+ prefix,
+ critical ? _("critical") :
+ _("not critical"));
+
+ addf(str, "%s\t\t\t%s\n", prefix,
+ policy.oid);
+ for (j = 0; j < policy.qualifiers; j++) {
+ if (policy.qualifier[j].type ==
+ GNUTLS_X509_QUALIFIER_URI)
+ name = "URI";
+ else if (policy.qualifier[j].
+ type ==
+ GNUTLS_X509_QUALIFIER_NOTICE)
+ name = "Note";
+ else
+ name = "Unknown qualifier";
+ addf(str, "%s\t\t\t\t%s: %s\n",
+ prefix, name,
+ policy.qualifier[j].data);
+ }
+
+ gnutls_x509_policy_release(&policy);
+ }
+ } else if (strcmp(oid, "2.5.29.35") == 0) {
+
+ if (aki_idx) {
+ addf(str,
+ "error: more than one AKI extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tAuthority Key Identifier (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_aki(str, TYPE_CRT, cert);
+
+ aki_idx++;
+ } else if (strcmp(oid, "2.5.29.15") == 0) {
+ if (keyusage_idx) {
+ addf(str,
+ "error: more than one key usage extension\n");
+ continue;
+ }
+
+ addf(str, _("%s\t\tKey Usage (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix);
+ print_key_usage(str, pfx, type, cert);
+
+ keyusage_idx++;
+ } else if (strcmp(oid, "2.5.29.16") == 0) {
+ if (pkey_usage_period_idx) {
+ addf(str,
+ "error: more than one private key usage period extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tPrivate Key Usage Period (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_private_key_usage_period(str, prefix, type,
+ cert);
+
+ pkey_usage_period_idx++;
+ } else if (strcmp(oid, "2.5.29.37") == 0) {
+ if (keypurpose_idx) {
+ addf(str,
+ "error: more than one key purpose extension\n");
+ continue;
+ }
+
+ addf(str, _("%s\t\tKey Purpose (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_key_purpose(str, prefix, type, cert);
+ keypurpose_idx++;
+ } else if (strcmp(oid, "2.5.29.17") == 0) {
+ if (san_idx) {
+ addf(str,
+ "error: more than one SKI extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tSubject Alternative Name (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_altname(str, prefix, type, cert);
+
+ san_idx++;
+ } else if (strcmp(oid, "2.5.29.18") == 0) {
+ if (ian_idx) {
+ addf(str,
+ "error: more than one Issuer AltName extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tIssuer Alternative Name (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_altname(str, prefix, TYPE_CRT_IAN, cert);
+
+ ian_idx++;
+ } else if (strcmp(oid, "2.5.29.31") == 0) {
+ if (crldist_idx) {
+ addf(str,
+ "error: more than one CRL distribution point\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tCRL Distribution points (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_crldist(str, cert.crt);
+ crldist_idx++;
+ } else if (strcmp(oid, "1.3.6.1.5.5.7.1.14") == 0) {
+ if (proxy_idx) {
+ addf(str,
+ "error: more than one proxy extension\n");
+ continue;
+ }
+
+ addf(str,
+ _
+ ("%s\t\tProxy Certificate Information (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_proxy(str, cert.crt);
+
+ proxy_idx++;
+ } else if (strcmp(oid, "1.3.6.1.5.5.7.1.1") == 0) {
+ addf(str, _("%s\t\tAuthority Information "
+ "Access (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_aia(str, cert.crt);
+ } else {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf(str, _("%s\t\tUnknown extension %s (%s):\n"),
+ prefix, oid,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_data
+ (cert.crt, i, NULL, &extlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_data
+ (cert.crq, i, NULL, &extlen);
+ else {
+ gnutls_assert();
+ return;
+ }
+
+ if (err < 0) {
+ addf(str,
+ "error: get_extension_data: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ buffer = gnutls_malloc(extlen);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_data
+ (cert.crt, i, buffer, &extlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_data
+ (cert.crq, i, buffer, &extlen);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_extension_data2: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ addf(str, _("%s\t\t\tASCII: "), prefix);
+ _gnutls_buffer_asciiprint(str, buffer, extlen);
+ addf(str, "\n");
+
+ addf(str, _("%s\t\t\tHexdump: "), prefix);
+ _gnutls_buffer_hexprint(str, buffer, extlen);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
+ }
+ }
}
static void
-print_pubkey (gnutls_buffer_st * str, const char* key_name, gnutls_pubkey_t pubkey, gnutls_certificate_print_formats_t format)
+print_pubkey(gnutls_buffer_st * str, const char *key_name,
+ gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format)
{
- int err, pk;
- const char *name;
- unsigned bits;
-
- err = gnutls_pubkey_get_pk_algorithm (pubkey, &bits);
- if (err < 0)
- {
- addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
- return;
- }
-
- name = gnutls_pk_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
-
- pk = err;
-
- addf (str, _("\t%sPublic Key Algorithm: %s\n"), key_name, name);
- addf (str, _("\tAlgorithm Security Level: %s (%d bits)\n"),
- gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
- (err, bits)), bits);
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- err = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e);
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n", gnutls_strerror (err));
- else
- {
- if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
- {
- addf (str, _("\t\tModulus (bits %d): "), bits);
- _gnutls_buffer_hexprint (str, m.data, m.size);
- adds (str, "\n");
- addf (str, _("\t\tExponent (bits %d): "), e.size * 8);
- _gnutls_buffer_hexprint (str, e.data, e.size);
- adds (str, "\n");
- }
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t");
- addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
- _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t");
- }
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-
- case GNUTLS_PK_EC:
- {
- gnutls_datum_t x, y;
- gnutls_ecc_curve_t curve;
-
- err = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y);
- if (err < 0)
- addf (str, "error: get_pk_ecc_raw: %s\n", gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tCurve:\t%s\n"),
- gnutls_ecc_curve_get_name (curve));
- if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
- {
- adds (str, _("\t\tX: "));
- _gnutls_buffer_hexprint (str, x.data, x.size);
- adds (str, "\n");
- adds (str, _("\t\tY: "));
- _gnutls_buffer_hexprint (str, y.data, y.size);
- adds (str, "\n");
- }
- else
- {
- adds (str, _("\t\tX:\n"));
- _gnutls_buffer_hexdump (str, x.data, x.size, "\t\t\t");
- adds (str, _("\t\tY:\n"));
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
- }
-
- gnutls_free (x.data);
- gnutls_free (y.data);
-
- }
- }
- break;
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- err = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n", gnutls_strerror (err));
- else
- {
- if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
- {
- addf (str, _("\t\tPublic key (bits %d): "), bits);
- _gnutls_buffer_hexprint (str, y.data, y.size);
- adds (str, "\n");
- addf (str, _("\t\tP: "));
- _gnutls_buffer_hexprint (str, p.data, p.size);
- adds (str, "\n");
- addf (str, _("\t\tQ: "));
- _gnutls_buffer_hexprint (str, q.data, q.size);
- adds (str, "\n");
- addf (str, _("\t\tG: "));
- _gnutls_buffer_hexprint (str, g.data, g.size);
- adds (str, "\n");
- }
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
- adds (str, _("\t\tP:\n"));
- _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t");
- adds (str, _("\t\tQ:\n"));
- _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t");
- adds (str, _("\t\tG:\n"));
- _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t");
- }
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
-
- }
- }
- break;
-
- default:
- break;
- }
+ int err, pk;
+ const char *name;
+ unsigned bits;
+
+ err = gnutls_pubkey_get_pk_algorithm(pubkey, &bits);
+ if (err < 0) {
+ addf(str, "error: get_pk_algorithm: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ name = gnutls_pk_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+
+ pk = err;
+
+ addf(str, _("\t%sPublic Key Algorithm: %s\n"), key_name, name);
+ addf(str, _("\tAlgorithm Security Level: %s (%d bits)\n"),
+ gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param
+ (err, bits)), bits);
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ err = gnutls_pubkey_get_pk_rsa_raw(pubkey, &m, &e);
+ if (err < 0)
+ addf(str, "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ if (format ==
+ GNUTLS_CRT_PRINT_FULL_NUMBERS) {
+ addf(str,
+ _("\t\tModulus (bits %d): "),
+ bits);
+ _gnutls_buffer_hexprint(str,
+ m.data,
+ m.size);
+ adds(str, "\n");
+ addf(str,
+ _("\t\tExponent (bits %d): "),
+ e.size * 8);
+ _gnutls_buffer_hexprint(str,
+ e.data,
+ e.size);
+ adds(str, "\n");
+ } else {
+ addf(str,
+ _("\t\tModulus (bits %d):\n"),
+ bits);
+ _gnutls_buffer_hexdump(str, m.data,
+ m.size,
+ "\t\t\t");
+ addf(str,
+ _
+ ("\t\tExponent (bits %d):\n"),
+ e.size * 8);
+ _gnutls_buffer_hexdump(str, e.data,
+ e.size,
+ "\t\t\t");
+ }
+
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_EC:
+ {
+ gnutls_datum_t x, y;
+ gnutls_ecc_curve_t curve;
+
+ err =
+ gnutls_pubkey_get_pk_ecc_raw(pubkey, &curve,
+ &x, &y);
+ if (err < 0)
+ addf(str, "error: get_pk_ecc_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ addf(str, _("\t\tCurve:\t%s\n"),
+ gnutls_ecc_curve_get_name(curve));
+ if (format ==
+ GNUTLS_CRT_PRINT_FULL_NUMBERS) {
+ adds(str, _("\t\tX: "));
+ _gnutls_buffer_hexprint(str,
+ x.data,
+ x.size);
+ adds(str, "\n");
+ adds(str, _("\t\tY: "));
+ _gnutls_buffer_hexprint(str,
+ y.data,
+ y.size);
+ adds(str, "\n");
+ } else {
+ adds(str, _("\t\tX:\n"));
+ _gnutls_buffer_hexdump(str, x.data,
+ x.size,
+ "\t\t\t");
+ adds(str, _("\t\tY:\n"));
+ _gnutls_buffer_hexdump(str, y.data,
+ y.size,
+ "\t\t\t");
+ }
+
+ gnutls_free(x.data);
+ gnutls_free(y.data);
+
+ }
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ err =
+ gnutls_pubkey_get_pk_dsa_raw(pubkey, &p, &q,
+ &g, &y);
+ if (err < 0)
+ addf(str, "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ if (format ==
+ GNUTLS_CRT_PRINT_FULL_NUMBERS) {
+ addf(str,
+ _
+ ("\t\tPublic key (bits %d): "),
+ bits);
+ _gnutls_buffer_hexprint(str,
+ y.data,
+ y.size);
+ adds(str, "\n");
+ addf(str, _("\t\tP: "));
+ _gnutls_buffer_hexprint(str,
+ p.data,
+ p.size);
+ adds(str, "\n");
+ addf(str, _("\t\tQ: "));
+ _gnutls_buffer_hexprint(str,
+ q.data,
+ q.size);
+ adds(str, "\n");
+ addf(str, _("\t\tG: "));
+ _gnutls_buffer_hexprint(str,
+ g.data,
+ g.size);
+ adds(str, "\n");
+ } else {
+ addf(str,
+ _
+ ("\t\tPublic key (bits %d):\n"),
+ bits);
+ _gnutls_buffer_hexdump(str, y.data,
+ y.size,
+ "\t\t\t");
+ adds(str, _("\t\tP:\n"));
+ _gnutls_buffer_hexdump(str, p.data,
+ p.size,
+ "\t\t\t");
+ adds(str, _("\t\tQ:\n"));
+ _gnutls_buffer_hexdump(str, q.data,
+ q.size,
+ "\t\t\t");
+ adds(str, _("\t\tG:\n"));
+ _gnutls_buffer_hexdump(str, g.data,
+ g.size,
+ "\t\t\t");
+ }
+
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
}
static void
-print_crt_pubkey (gnutls_buffer_st * str, gnutls_x509_crt_t crt, gnutls_certificate_print_formats_t format)
+print_crt_pubkey(gnutls_buffer_st * str, gnutls_x509_crt_t crt,
+ gnutls_certificate_print_formats_t format)
{
- gnutls_pubkey_t pubkey;
- int ret;
+ gnutls_pubkey_t pubkey;
+ int ret;
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- return;
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0)
+ return;
- ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- goto cleanup;
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0)
+ goto cleanup;
- print_pubkey (str, _("Subject "), pubkey, format);
+ print_pubkey(str, _("Subject "), pubkey, format);
-cleanup:
- gnutls_pubkey_deinit (pubkey);
- return;
+ cleanup:
+ gnutls_pubkey_deinit(pubkey);
+ return;
}
static void
-print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format)
+print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format)
{
- /* Version. */
- {
- int version = gnutls_x509_crt_get_version (cert);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* Serial. */
- {
- char serial[128];
- size_t serial_size = sizeof (serial);
- int err;
-
- err = gnutls_x509_crt_get_serial (cert, serial, &serial_size);
- if (err < 0)
- addf (str, "error: get_serial: %s\n", gnutls_strerror (err));
- else
- {
- adds (str, _("\tSerial Number (hex): "));
- _gnutls_buffer_hexprint (str, serial, serial_size);
- adds (str, "\n");
- }
- }
-
- /* Issuer. */
- if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
- {
- char *dn;
- size_t dn_size = 0;
- int err;
-
- err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_issuer_dn: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\tIssuer: %s\n"), dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* Validity. */
- {
- time_t tim;
-
- adds (str, _("\tValidity:\n"));
-
- tim = gnutls_x509_crt_get_activation_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tNot Before: %s\n"), s);
- }
-
- tim = gnutls_x509_crt_get_expiration_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tNot After: %s\n"), s);
- }
- }
-
- /* Subject. */
- {
- char *dn;
- size_t dn_size = 0;
- int err;
-
- err = gnutls_x509_crt_get_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- addf (str, _("\tSubject: %s\n"), dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* SubjectPublicKeyInfo. */
- print_crt_pubkey(str, cert, format);
-
- print_unique_ids (str, cert);
-
- /* Extensions. */
- if (gnutls_x509_crt_get_version (cert) >= 3)
- {
- cert_type_t ccert;
-
- ccert.crt = cert;
- print_extensions (str, "", TYPE_CRT, ccert);
- }
-
- /* Signature. */
- if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
- {
- int err;
- size_t size = 0;
- char *buffer = NULL;
-
- err = gnutls_x509_crt_get_signature_algorithm (cert);
- if (err < 0)
- addf (str, "error: get_signature_algorithm: %s\n",
- gnutls_strerror (err));
- else
- {
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- addf (str, _("\tSignature Algorithm: %s\n"), name);
- }
- if (gnutls_sign_is_secure (err) == 0)
- {
- adds (str, _("warning: signed using a broken signature "
- "algorithm that can be forged.\n"));
- }
-
- err = gnutls_x509_crt_get_signature (cert, buffer, &size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crt_get_signature (cert, buffer, &size);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, _("\tSignature:\n"));
- _gnutls_buffer_hexdump (str, buffer, size, "\t\t");
-
- gnutls_free (buffer);
- }
+ /* Version. */
+ {
+ int version = gnutls_x509_crt_get_version(cert);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Serial. */
+ {
+ char serial[128];
+ size_t serial_size = sizeof(serial);
+ int err;
+
+ err =
+ gnutls_x509_crt_get_serial(cert, serial, &serial_size);
+ if (err < 0)
+ addf(str, "error: get_serial: %s\n",
+ gnutls_strerror(err));
+ else {
+ adds(str, _("\tSerial Number (hex): "));
+ _gnutls_buffer_hexprint(str, serial, serial_size);
+ adds(str, "\n");
+ }
+ }
+
+ /* Issuer. */
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "error: get_issuer_dn: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crt_get_issuer_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str,
+ "error: get_issuer_dn: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str, _("\tIssuer: %s\n"), dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ adds(str, _("\tValidity:\n"));
+
+ tim = gnutls_x509_crt_get_activation_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tNot Before: %s\n"), s);
+ }
+
+ tim = gnutls_x509_crt_get_expiration_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tNot After: %s\n"), s);
+ }
+ }
+
+ /* Subject. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crt_get_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str, _("\tSubject: %s\n"),
+ dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* SubjectPublicKeyInfo. */
+ print_crt_pubkey(str, cert, format);
+
+ print_unique_ids(str, cert);
+
+ /* Extensions. */
+ if (gnutls_x509_crt_get_version(cert) >= 3) {
+ cert_type_t ccert;
+
+ ccert.crt = cert;
+ print_extensions(str, "", TYPE_CRT, ccert);
+ }
+
+ /* Signature. */
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
+ int err;
+ size_t size = 0;
+ char *buffer = NULL;
+
+ err = gnutls_x509_crt_get_signature_algorithm(cert);
+ if (err < 0)
+ addf(str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror(err));
+ else {
+ const char *name =
+ gnutls_sign_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+ addf(str, _("\tSignature Algorithm: %s\n"), name);
+ }
+ if (gnutls_sign_is_secure(err) == 0) {
+ adds(str,
+ _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
+
+ err = gnutls_x509_crt_get_signature(cert, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_signature: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crt_get_signature(cert, buffer, &size);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_signature2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, _("\tSignature:\n"));
+ _gnutls_buffer_hexdump(str, buffer, size, "\t\t");
+
+ gnutls_free(buffer);
+ }
}
static void
-print_fingerprint (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo)
+print_fingerprint(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo)
{
- int err;
- char buffer[MAX_HASH_SIZE];
- size_t size = sizeof (buffer);
-
- err = gnutls_x509_crt_get_fingerprint (cert, algo, buffer, &size);
- if (err < 0)
- {
- addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (algo == GNUTLS_DIG_MD5)
- adds (str, _("\tMD5 fingerprint:\n\t\t"));
- else
- adds (str, _("\tSHA-1 fingerprint:\n\t\t"));
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
+ int err;
+ char buffer[MAX_HASH_SIZE];
+ size_t size = sizeof(buffer);
+
+ err = gnutls_x509_crt_get_fingerprint(cert, algo, buffer, &size);
+ if (err < 0) {
+ addf(str, "error: get_fingerprint: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (algo == GNUTLS_DIG_MD5)
+ adds(str, _("\tMD5 fingerprint:\n\t\t"));
+ else
+ adds(str, _("\tSHA-1 fingerprint:\n\t\t"));
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
}
-static void
-print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_keyid(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- int err;
- unsigned char buffer[32];
- size_t size = sizeof (buffer);
- const char *name;
- char *p;
- unsigned int bits;
-
- err = gnutls_x509_crt_get_key_id (cert, 0, buffer, &size);
- if (err < 0)
- {
- addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, _("\tPublic Key ID:\n\t\t"));
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
-
- err = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
- if (err < 0)
- return;
-
- name = gnutls_pk_get_name (err);
- if (name == NULL)
- return;
-
- p = _gnutls_key_fingerprint_randomart (buffer, size, name, bits, "\t\t");
- if (p == NULL)
- return;
-
- adds (str, _("\tPublic key's random art:\n"));
- adds (str, p);
- adds (str, "\n");
-
- gnutls_free (p);
+ int err;
+ unsigned char buffer[32];
+ size_t size = sizeof(buffer);
+ const char *name;
+ char *p;
+ unsigned int bits;
+
+ err = gnutls_x509_crt_get_key_id(cert, 0, buffer, &size);
+ if (err < 0) {
+ addf(str, "error: get_key_id: %s\n", gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, _("\tPublic Key ID:\n\t\t"));
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
+
+ err = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
+ if (err < 0)
+ return;
+
+ name = gnutls_pk_get_name(err);
+ if (name == NULL)
+ return;
+
+ p = _gnutls_key_fingerprint_randomart(buffer, size, name, bits,
+ "\t\t");
+ if (p == NULL)
+ return;
+
+ adds(str, _("\tPublic key's random art:\n"));
+ adds(str, p);
+ adds(str, "\n");
+
+ gnutls_free(p);
}
static void
-print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format)
+print_other(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format)
{
- if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
- {
- print_fingerprint (str, cert, GNUTLS_DIG_SHA1);
- }
- print_keyid (str, cert);
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
+ print_fingerprint(str, cert, GNUTLS_DIG_SHA1);
+ }
+ print_keyid(str, cert);
}
-static void
-print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- int err;
-
- /* Subject. */
- {
- char *dn;
- size_t dn_size = 0;
-
- err = gnutls_x509_crt_get_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "unknown subject (%s), ", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown subject (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "unknown subject (%s), ", gnutls_strerror (err));
- else
- addf (str, "subject `%s', ", dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* Issuer. */
- {
- char *dn;
- size_t dn_size = 0;
-
- err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown issuer (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
- else
- addf (str, "issuer `%s', ", dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* Key algorithm and size. */
- {
- unsigned int bits;
- const char *name = gnutls_pk_algorithm_get_name
- (gnutls_x509_crt_get_pk_algorithm (cert, &bits));
- if (name == NULL)
- name = "Unknown";
- addf (str, "%s key %d bits, ", name, bits);
- }
-
- /* Signature Algorithm. */
- {
- err = gnutls_x509_crt_get_signature_algorithm (cert);
- if (err < 0)
- addf (str, "unknown signature algorithm (%s), ", gnutls_strerror (err));
- else
- {
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- if (gnutls_sign_is_secure (err) == 0)
- addf (str, _("signed using %s (broken!), "), name);
- else
- addf (str, _("signed using %s, "), name);
- }
- }
-
- /* Validity. */
- {
- time_t tim;
-
- tim = gnutls_x509_crt_get_activation_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "unknown activation (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "failed activation (%ld), ", (unsigned long) tim);
- else
- addf (str, "activated `%s', ", s);
- }
-
- tim = gnutls_x509_crt_get_expiration_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "unknown expiry (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "failed expiry (%ld), ", (unsigned long) tim);
- else
- addf (str, "expires `%s', ", s);
- }
- }
-
- {
- int pathlen;
- char *policyLanguage;
-
- err = gnutls_x509_crt_get_proxy (cert, NULL,
- &pathlen, &policyLanguage, NULL, NULL);
- if (err == 0)
- {
- addf (str, "proxy certificate (policy=");
- if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
- addf (str, "id-ppl-inheritALL");
- else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
- addf (str, "id-ppl-independent");
- else
- addf (str, "%s", policyLanguage);
- if (pathlen >= 0)
- addf (str, ", pathlen=%d), ", pathlen);
- else
- addf (str, "), ");
- gnutls_free (policyLanguage);
- }
- }
-
- {
- char buffer[20];
- size_t size = sizeof (buffer);
-
- err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
- buffer, &size);
- if (err < 0)
- {
- addf (str, "unknown fingerprint (%s)", gnutls_strerror (err));
- }
- else
- {
- addf (str, "SHA-1 fingerprint `");
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "'");
- }
- }
+ int err;
+
+ /* Subject. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_x509_crt_get_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "unknown subject (%s), ",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "unknown subject (%s), ",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crt_get_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str, "unknown subject (%s), ",
+ gnutls_strerror(err));
+ else
+ addf(str, "subject `%s', ", dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* Issuer. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "unknown issuer (%s), ",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "unknown issuer (%s), ",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crt_get_issuer_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str, "unknown issuer (%s), ",
+ gnutls_strerror(err));
+ else
+ addf(str, "issuer `%s', ", dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* Key algorithm and size. */
+ {
+ unsigned int bits;
+ const char *name = gnutls_pk_algorithm_get_name
+ (gnutls_x509_crt_get_pk_algorithm(cert, &bits));
+ if (name == NULL)
+ name = "Unknown";
+ addf(str, "%s key %d bits, ", name, bits);
+ }
+
+ /* Signature Algorithm. */
+ {
+ err = gnutls_x509_crt_get_signature_algorithm(cert);
+ if (err < 0)
+ addf(str, "unknown signature algorithm (%s), ",
+ gnutls_strerror(err));
+ else {
+ const char *name =
+ gnutls_sign_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+ if (gnutls_sign_is_secure(err) == 0)
+ addf(str, _("signed using %s (broken!), "),
+ name);
+ else
+ addf(str, _("signed using %s, "), name);
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ tim = gnutls_x509_crt_get_activation_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "unknown activation (%ld), ",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%Y-%m-%d %H:%M:%S UTC",
+ &t) == 0)
+ addf(str, "failed activation (%ld), ",
+ (unsigned long) tim);
+ else
+ addf(str, "activated `%s', ", s);
+ }
+
+ tim = gnutls_x509_crt_get_expiration_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "unknown expiry (%ld), ",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%Y-%m-%d %H:%M:%S UTC",
+ &t) == 0)
+ addf(str, "failed expiry (%ld), ",
+ (unsigned long) tim);
+ else
+ addf(str, "expires `%s', ", s);
+ }
+ }
+
+ {
+ int pathlen;
+ char *policyLanguage;
+
+ err = gnutls_x509_crt_get_proxy(cert, NULL,
+ &pathlen, &policyLanguage,
+ NULL, NULL);
+ if (err == 0) {
+ addf(str, "proxy certificate (policy=");
+ if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.1") ==
+ 0)
+ addf(str, "id-ppl-inheritALL");
+ else if (strcmp
+ (policyLanguage,
+ "1.3.6.1.5.5.7.21.2") == 0)
+ addf(str, "id-ppl-independent");
+ else
+ addf(str, "%s", policyLanguage);
+ if (pathlen >= 0)
+ addf(str, ", pathlen=%d), ", pathlen);
+ else
+ addf(str, "), ");
+ gnutls_free(policyLanguage);
+ }
+ }
+
+ {
+ char buffer[20];
+ size_t size = sizeof(buffer);
+
+ err =
+ gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1,
+ buffer, &size);
+ if (err < 0) {
+ addf(str, "unknown fingerprint (%s)",
+ gnutls_strerror(err));
+ } else {
+ addf(str, "SHA-1 fingerprint `");
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "'");
+ }
+ }
}
@@ -1822,361 +1962,394 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
* negative error value.
**/
int
-gnutls_x509_crt_print (gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_x509_crt_print(gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- if (format == GNUTLS_CRT_PRINT_COMPACT)
- {
- _gnutls_buffer_init (&str);
+ if (format == GNUTLS_CRT_PRINT_COMPACT) {
+ _gnutls_buffer_init(&str);
- print_oneline (&str, cert);
+ print_oneline(&str, cert);
- _gnutls_buffer_append_data (&str, "\n", 1);
- print_keyid (&str, cert);
+ _gnutls_buffer_append_data(&str, "\n", 1);
+ print_keyid(&str, cert);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
- }
- else if (format == GNUTLS_CRT_PRINT_ONELINE)
- {
- _gnutls_buffer_init (&str);
+ return ret;
+ } else if (format == GNUTLS_CRT_PRINT_ONELINE) {
+ _gnutls_buffer_init(&str);
- print_oneline (&str, cert);
+ print_oneline(&str, cert);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
- }
- else
- {
- _gnutls_buffer_init (&str);
+ return ret;
+ } else {
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str (&str, _("X.509 Certificate Information:\n"));
+ _gnutls_buffer_append_str(&str,
+ _
+ ("X.509 Certificate Information:\n"));
- print_cert (&str, cert, format);
+ print_cert(&str, cert, format);
- _gnutls_buffer_append_str (&str, _("Other Information:\n"));
+ _gnutls_buffer_append_str(&str, _("Other Information:\n"));
- print_other (&str, cert, format);
+ print_other(&str, cert, format);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
- }
+ return ret;
+ }
}
static void
-print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
+print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
{
- /* Version. */
- {
- int version = gnutls_x509_crl_get_version (crl);
- if (version == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- adds (str, _("\tVersion: 1 (default)\n"));
- else if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* Issuer. */
- if (!notsigned)
- {
- char *dn;
- size_t dn_size = 0;
- int err;
-
- err = gnutls_x509_crl_get_issuer_dn (crl, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_issuer_dn: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\tIssuer: %s\n"), dn);
- }
- gnutls_free (dn);
- }
- }
-
- /* Validity. */
- {
- time_t tim;
-
- adds (str, _("\tUpdate dates:\n"));
-
- tim = gnutls_x509_crl_get_this_update (crl);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tIssued: %s\n"), s);
- }
-
- tim = gnutls_x509_crl_get_next_update (crl);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (tim == -1)
- addf (str, "\t\tNo next update time.\n");
- else if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tNext at: %s\n"), s);
- }
- }
-
- /* Extensions. */
- if (gnutls_x509_crl_get_version (crl) >= 2)
- {
- size_t i;
- int err = 0;
- int aki_idx = 0;
- int crl_nr = 0;
-
- for (i = 0;; i++)
- {
- char oid[MAX_OID_SIZE] = "";
- size_t sizeof_oid = sizeof (oid);
- unsigned int critical;
-
- err = gnutls_x509_crl_get_extension_info (crl, i,
- oid, &sizeof_oid,
- &critical);
- if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- if (i == 0)
- adds (str, _("\tExtensions:\n"));
-
- if (strcmp (oid, "2.5.29.20") == 0)
- {
- char nr[128];
- size_t nr_size = sizeof (nr);
-
- if (crl_nr)
- {
- addf (str, "error: more than one CRL number\n");
- continue;
- }
-
- err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical);
-
- addf (str, _("\t\tCRL Number (%s): "),
- critical ? _("critical") : _("not critical"));
-
- if (err < 0)
- addf (str, "error: get_number: %s\n", gnutls_strerror (err));
- else
- {
- _gnutls_buffer_hexprint (str, nr, nr_size);
- addf (str, "\n");
- }
-
- crl_nr++;
- }
- else if (strcmp (oid, "2.5.29.35") == 0)
- {
- cert_type_t ccert;
-
- if (aki_idx)
- {
- addf (str, "error: more than one AKI extension\n");
- continue;
- }
-
- addf (str, _("\t\tAuthority Key Identifier (%s):\n"),
- critical ? _("critical") : _("not critical"));
-
- ccert.crl = crl;
- print_aki (str, TYPE_CRL, ccert);
-
- aki_idx++;
- }
- else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("\t\tUnknown extension %s (%s):\n"), oid,
- critical ? _("critical") : _("not critical"));
-
- err = gnutls_x509_crl_get_extension_data (crl, i,
- NULL, &extlen);
- if (err < 0)
- {
- addf (str, "error: get_extension_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crl_get_extension_data (crl, i,
- buffer, &extlen);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_extension_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- adds (str, _("\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, buffer, extlen);
- adds (str, "\n");
-
- adds (str, _("\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
- }
- }
-
-
- /* Revoked certificates. */
- {
- int num = gnutls_x509_crl_get_crt_count (crl);
- int j;
-
- if (num)
- addf (str, _("\tRevoked certificates (%d):\n"), num);
- else
- adds (str, _("\tNo revoked certificates.\n"));
-
- for (j = 0; j < num; j++)
- {
- unsigned char serial[128];
- size_t serial_size = sizeof (serial);
- int err;
- time_t tim;
-
- err = gnutls_x509_crl_get_crt_serial (crl, j, serial,
- &serial_size, &tim);
- if (err < 0)
- addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err));
- else
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- adds (str, _("\t\tSerial Number (hex): "));
- _gnutls_buffer_hexprint (str, serial, serial_size);
- adds (str, "\n");
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tRevoked at: %s\n"), s);
- }
- }
- }
-
- /* Signature. */
- if (!notsigned)
- {
- int err;
- size_t size = 0;
- char *buffer = NULL;
-
- err = gnutls_x509_crl_get_signature_algorithm (crl);
- if (err < 0)
- addf (str, "error: get_signature_algorithm: %s\n",
- gnutls_strerror (err));
- else
- {
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- addf (str, _("\tSignature Algorithm: %s\n"), name);
- }
- if (gnutls_sign_is_secure (err) == 0)
- {
- adds (str, _("warning: signed using a broken signature "
- "algorithm that can be forged.\n"));
- }
-
- err = gnutls_x509_crl_get_signature (crl, buffer, &size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crl_get_signature (crl, buffer, &size);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, _("\tSignature:\n"));
- _gnutls_buffer_hexdump (str, buffer, size, "\t\t");
-
- gnutls_free (buffer);
- }
+ /* Version. */
+ {
+ int version = gnutls_x509_crl_get_version(crl);
+ if (version == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ adds(str, _("\tVersion: 1 (default)\n"));
+ else if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Issuer. */
+ if (!notsigned) {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crl_get_issuer_dn(crl, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "error: get_issuer_dn: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crl_get_issuer_dn(crl, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str,
+ "error: get_issuer_dn: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str, _("\tIssuer: %s\n"), dn);
+ }
+ gnutls_free(dn);
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ adds(str, _("\tUpdate dates:\n"));
+
+ tim = gnutls_x509_crl_get_this_update(crl);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tIssued: %s\n"), s);
+ }
+
+ tim = gnutls_x509_crl_get_next_update(crl);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (tim == -1)
+ addf(str, "\t\tNo next update time.\n");
+ else if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tNext at: %s\n"), s);
+ }
+ }
+
+ /* Extensions. */
+ if (gnutls_x509_crl_get_version(crl) >= 2) {
+ size_t i;
+ int err = 0;
+ int aki_idx = 0;
+ int crl_nr = 0;
+
+ for (i = 0;; i++) {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof(oid);
+ unsigned int critical;
+
+ err = gnutls_x509_crl_get_extension_info(crl, i,
+ oid,
+ &sizeof_oid,
+ &critical);
+ if (err < 0) {
+ if (err ==
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str,
+ "error: get_extension_info: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ if (i == 0)
+ adds(str, _("\tExtensions:\n"));
+
+ if (strcmp(oid, "2.5.29.20") == 0) {
+ char nr[128];
+ size_t nr_size = sizeof(nr);
+
+ if (crl_nr) {
+ addf(str,
+ "error: more than one CRL number\n");
+ continue;
+ }
+
+ err =
+ gnutls_x509_crl_get_number(crl, nr,
+ &nr_size,
+ &critical);
+
+ addf(str, _("\t\tCRL Number (%s): "),
+ critical ? _("critical") :
+ _("not critical"));
+
+ if (err < 0)
+ addf(str,
+ "error: get_number: %s\n",
+ gnutls_strerror(err));
+ else {
+ _gnutls_buffer_hexprint(str, nr,
+ nr_size);
+ addf(str, "\n");
+ }
+
+ crl_nr++;
+ } else if (strcmp(oid, "2.5.29.35") == 0) {
+ cert_type_t ccert;
+
+ if (aki_idx) {
+ addf(str,
+ "error: more than one AKI extension\n");
+ continue;
+ }
+
+ addf(str,
+ _
+ ("\t\tAuthority Key Identifier (%s):\n"),
+ critical ? _("critical") :
+ _("not critical"));
+
+ ccert.crl = crl;
+ print_aki(str, TYPE_CRL, ccert);
+
+ aki_idx++;
+ } else {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf(str,
+ _("\t\tUnknown extension %s (%s):\n"),
+ oid,
+ critical ? _("critical") :
+ _("not critical"));
+
+ err =
+ gnutls_x509_crl_get_extension_data(crl,
+ i,
+ NULL,
+ &extlen);
+ if (err < 0) {
+ addf(str,
+ "error: get_extension_data: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ buffer = gnutls_malloc(extlen);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err =
+ gnutls_x509_crl_get_extension_data(crl,
+ i,
+ buffer,
+ &extlen);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_extension_data2: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ adds(str, _("\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, buffer,
+ extlen);
+ adds(str, "\n");
+
+ adds(str, _("\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, buffer,
+ extlen);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
+ }
+ }
+ }
+
+
+ /* Revoked certificates. */
+ {
+ int num = gnutls_x509_crl_get_crt_count(crl);
+ int j;
+
+ if (num)
+ addf(str, _("\tRevoked certificates (%d):\n"),
+ num);
+ else
+ adds(str, _("\tNo revoked certificates.\n"));
+
+ for (j = 0; j < num; j++) {
+ unsigned char serial[128];
+ size_t serial_size = sizeof(serial);
+ int err;
+ time_t tim;
+
+ err =
+ gnutls_x509_crl_get_crt_serial(crl, j, serial,
+ &serial_size,
+ &tim);
+ if (err < 0)
+ addf(str, "error: get_crt_serial: %s\n",
+ gnutls_strerror(err));
+ else {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ adds(str, _("\t\tSerial Number (hex): "));
+ _gnutls_buffer_hexprint(str, serial,
+ serial_size);
+ adds(str, "\n");
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str,
+ "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max,
+ "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str,
+ "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str,
+ _("\t\tRevoked at: %s\n"), s);
+ }
+ }
+ }
+
+ /* Signature. */
+ if (!notsigned) {
+ int err;
+ size_t size = 0;
+ char *buffer = NULL;
+
+ err = gnutls_x509_crl_get_signature_algorithm(crl);
+ if (err < 0)
+ addf(str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror(err));
+ else {
+ const char *name =
+ gnutls_sign_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+ addf(str, _("\tSignature Algorithm: %s\n"), name);
+ }
+ if (gnutls_sign_is_secure(err) == 0) {
+ adds(str,
+ _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
+
+ err = gnutls_x509_crl_get_signature(crl, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_signature: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crl_get_signature(crl, buffer, &size);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_signature2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, _("\tSignature:\n"));
+ _gnutls_buffer_hexdump(str, buffer, size, "\t\t");
+
+ gnutls_free(buffer);
+ }
}
/**
@@ -2194,264 +2367,285 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
* negative error value.
**/
int
-gnutls_x509_crl_print (gnutls_x509_crl_t crl,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_x509_crl_print(gnutls_x509_crl_t crl,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str
- (&str, _("X.509 Certificate Revocation List Information:\n"));
+ _gnutls_buffer_append_str
+ (&str, _("X.509 Certificate Revocation List Information:\n"));
- print_crl (&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
+ print_crl(&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
+ return ret;
}
static void
-print_crq_pubkey (gnutls_buffer_st * str, gnutls_x509_crq_t crq, gnutls_certificate_print_formats_t format)
+print_crq_pubkey(gnutls_buffer_st * str, gnutls_x509_crq_t crq,
+ gnutls_certificate_print_formats_t format)
{
- gnutls_pubkey_t pubkey;
- int ret;
+ gnutls_pubkey_t pubkey;
+ int ret;
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- return;
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0)
+ return;
- ret = gnutls_pubkey_import_x509_crq (pubkey, crq, 0);
- if (ret < 0)
- goto cleanup;
+ ret = gnutls_pubkey_import_x509_crq(pubkey, crq, 0);
+ if (ret < 0)
+ goto cleanup;
- print_pubkey (str, _("Subject "), pubkey, format);
+ print_pubkey(str, _("Subject "), pubkey, format);
-cleanup:
- gnutls_pubkey_deinit (pubkey);
- return;
+ cleanup:
+ gnutls_pubkey_deinit(pubkey);
+ return;
}
static void
-print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert, gnutls_certificate_print_formats_t format)
+print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert,
+ gnutls_certificate_print_formats_t format)
{
- /* Version. */
- {
- int version = gnutls_x509_crq_get_version (cert);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* Subject */
- {
- char *dn;
- size_t dn_size = 0;
- int err;
-
- err = gnutls_x509_crq_get_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crq_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- addf (str, _("\tSubject: %s\n"), dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* SubjectPublicKeyInfo. */
- {
- int err;
- unsigned int bits;
-
- err = gnutls_x509_crq_get_pk_algorithm (cert, &bits);
- if (err < 0)
- addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
- else
- print_crq_pubkey (str, cert, format);
- }
-
- /* parse attributes */
- {
- size_t i;
- int err = 0;
- int extensions = 0;
- int challenge = 0;
-
- for (i = 0;; i++)
- {
- char oid[MAX_OID_SIZE] = "";
- size_t sizeof_oid = sizeof (oid);
-
- err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid);
- if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- if (i == 0)
- adds (str, _("\tAttributes:\n"));
-
- if (strcmp (oid, "1.2.840.113549.1.9.14") == 0)
- {
- cert_type_t ccert;
-
- if (extensions)
- {
- addf (str, "error: more than one extensionsRequest\n");
- continue;
- }
-
- ccert.crq = cert;
- print_extensions (str, "\t", TYPE_CRQ, ccert);
-
- extensions++;
- }
- else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0)
- {
- char *pass;
- size_t size;
-
- if (challenge)
- {
- adds (str,
- "error: more than one Challenge password attribute\n");
- continue;
- }
-
- err = gnutls_x509_crq_get_challenge_password (cert, NULL, &size);
- if (err < 0 && err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_challenge_password: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- size++;
-
- pass = gnutls_malloc (size);
- if (!pass)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crq_get_challenge_password (cert, pass, &size);
- if (err < 0)
- addf (str, "error: get_challenge_password: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\t\tChallenge password: %s\n"), pass);
-
- gnutls_free (pass);
-
- challenge++;
- }
- else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("\t\tUnknown attribute %s:\n"), oid);
-
- err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen);
- if (err < 0)
- {
- addf (str, "error: get_attribute_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crq_get_attribute_data (cert, i,
- buffer, &extlen);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_attribute_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- adds (str, _("\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, buffer, extlen);
- adds (str, "\n");
-
- adds (str, _("\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
- }
- }
+ /* Version. */
+ {
+ int version = gnutls_x509_crq_get_version(cert);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Subject */
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crq_get_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crq_get_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str, _("\tSubject: %s\n"),
+ dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* SubjectPublicKeyInfo. */
+ {
+ int err;
+ unsigned int bits;
+
+ err = gnutls_x509_crq_get_pk_algorithm(cert, &bits);
+ if (err < 0)
+ addf(str, "error: get_pk_algorithm: %s\n",
+ gnutls_strerror(err));
+ else
+ print_crq_pubkey(str, cert, format);
+ }
+
+ /* parse attributes */
+ {
+ size_t i;
+ int err = 0;
+ int extensions = 0;
+ int challenge = 0;
+
+ for (i = 0;; i++) {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof(oid);
+
+ err =
+ gnutls_x509_crq_get_attribute_info(cert, i,
+ oid,
+ &sizeof_oid);
+ if (err < 0) {
+ if (err ==
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str,
+ "error: get_extension_info: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ if (i == 0)
+ adds(str, _("\tAttributes:\n"));
+
+ if (strcmp(oid, "1.2.840.113549.1.9.14") == 0) {
+ cert_type_t ccert;
+
+ if (extensions) {
+ addf(str,
+ "error: more than one extensionsRequest\n");
+ continue;
+ }
+
+ ccert.crq = cert;
+ print_extensions(str, "\t", TYPE_CRQ,
+ ccert);
+
+ extensions++;
+ } else if (strcmp(oid, "1.2.840.113549.1.9.7") ==
+ 0) {
+ char *pass;
+ size_t size;
+
+ if (challenge) {
+ adds(str,
+ "error: more than one Challenge password attribute\n");
+ continue;
+ }
+
+ err =
+ gnutls_x509_crq_get_challenge_password
+ (cert, NULL, &size);
+ if (err < 0
+ && err !=
+ GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str,
+ "error: get_challenge_password: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ size++;
+
+ pass = gnutls_malloc(size);
+ if (!pass) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err =
+ gnutls_x509_crq_get_challenge_password
+ (cert, pass, &size);
+ if (err < 0)
+ addf(str,
+ "error: get_challenge_password: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str,
+ _
+ ("\t\tChallenge password: %s\n"),
+ pass);
+
+ gnutls_free(pass);
+
+ challenge++;
+ } else {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf(str, _("\t\tUnknown attribute %s:\n"),
+ oid);
+
+ err =
+ gnutls_x509_crq_get_attribute_data
+ (cert, i, NULL, &extlen);
+ if (err < 0) {
+ addf(str,
+ "error: get_attribute_data: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ buffer = gnutls_malloc(extlen);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err =
+ gnutls_x509_crq_get_attribute_data
+ (cert, i, buffer, &extlen);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_attribute_data2: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ adds(str, _("\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, buffer,
+ extlen);
+ adds(str, "\n");
+
+ adds(str, _("\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, buffer,
+ extlen);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
+ }
+ }
+ }
}
-static void
-print_crq_other (gnutls_buffer_st * str, gnutls_x509_crq_t crq)
+static void print_crq_other(gnutls_buffer_st * str, gnutls_x509_crq_t crq)
{
- int err;
- size_t size = 0;
- unsigned char *buffer = NULL;
-
- err = gnutls_x509_crq_get_key_id (crq, 0, buffer, &size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crq_get_key_id (crq, 0, buffer, &size);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_key_id2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, _("\tPublic Key ID:\n\t\t"));
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
-
- gnutls_free (buffer);
+ int err;
+ size_t size = 0;
+ unsigned char *buffer = NULL;
+
+ err = gnutls_x509_crq_get_key_id(crq, 0, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_key_id: %s\n", gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crq_get_key_id(crq, 0, buffer, &size);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_key_id2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, _("\tPublic Key ID:\n\t\t"));
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
}
/**
@@ -2471,66 +2665,66 @@ print_crq_other (gnutls_buffer_st * str, gnutls_x509_crq_t crq)
* Since: 2.8.0
**/
int
-gnutls_x509_crq_print (gnutls_x509_crq_t crq,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_x509_crq_print(gnutls_x509_crq_t crq,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str
- (&str, _("PKCS #10 Certificate Request Information:\n"));
+ _gnutls_buffer_append_str
+ (&str, _("PKCS #10 Certificate Request Information:\n"));
- print_crq (&str, crq, format);
+ print_crq(&str, crq, format);
- _gnutls_buffer_append_str (&str, _("Other Information:\n"));
+ _gnutls_buffer_append_str(&str, _("Other Information:\n"));
- print_crq_other (&str, crq);
+ print_crq_other(&str, crq);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
+ return ret;
}
static void
-print_pubkey_other (gnutls_buffer_st * str, gnutls_pubkey_t pubkey, gnutls_certificate_print_formats_t format)
+print_pubkey_other(gnutls_buffer_st * str, gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format)
{
- uint8_t buffer[MAX_HASH_SIZE];
- size_t size = sizeof(buffer);
- int ret;
- unsigned int usage;
- cert_type_t ccert;
-
- ccert.pubkey = pubkey;
-
- ret = gnutls_pubkey_get_key_usage (pubkey, &usage);
- if (ret < 0)
- {
- addf (str, "error: get_key_usage: %s\n", gnutls_strerror (ret));
- return;
- }
-
- adds (str, "\n");
- adds (str, _("Public Key Usage:\n"));
- print_key_usage (str, "\t", TYPE_PUBKEY, ccert);
-
- ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size);
- if (ret < 0)
- {
- addf (str, "error: get_key_id: %s\n", gnutls_strerror (ret));
- return;
- }
-
- adds (str, "\n");
- adds (str, _("Public Key ID: "));
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
+ uint8_t buffer[MAX_HASH_SIZE];
+ size_t size = sizeof(buffer);
+ int ret;
+ unsigned int usage;
+ cert_type_t ccert;
+
+ ccert.pubkey = pubkey;
+
+ ret = gnutls_pubkey_get_key_usage(pubkey, &usage);
+ if (ret < 0) {
+ addf(str, "error: get_key_usage: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
+
+ adds(str, "\n");
+ adds(str, _("Public Key Usage:\n"));
+ print_key_usage(str, "\t", TYPE_PUBKEY, ccert);
+
+ ret = gnutls_pubkey_get_key_id(pubkey, 0, buffer, &size);
+ if (ret < 0) {
+ addf(str, "error: get_key_id: %s\n", gnutls_strerror(ret));
+ return;
+ }
+
+ adds(str, "\n");
+ adds(str, _("Public Key ID: "));
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
}
/**
@@ -2553,25 +2747,25 @@ print_pubkey_other (gnutls_buffer_st * str, gnutls_pubkey_t pubkey, gnutls_certi
* Since: 3.1.5
**/
int
-gnutls_pubkey_print (gnutls_pubkey_t pubkey,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_pubkey_print(gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str (&str, _("Public Key Information:\n"));
+ _gnutls_buffer_append_str(&str, _("Public Key Information:\n"));
- print_pubkey (&str, "", pubkey, format);
- print_pubkey_other (&str, pubkey, format);
+ print_pubkey(&str, "", pubkey, format);
+ print_pubkey_other(&str, pubkey, format);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
+ return ret;
}
diff --git a/lib/x509/pbkdf2-sha1.c b/lib/x509/pbkdf2-sha1.c
index b43ce5963c..5cb1ea858f 100644
--- a/lib/x509/pbkdf2-sha1.c
+++ b/lib/x509/pbkdf2-sha1.c
@@ -52,146 +52,139 @@
*/
int
-_gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
- const unsigned char *S, size_t Slen,
- unsigned int c, unsigned char *DK, size_t dkLen)
+_gnutls_pbkdf2_sha1(const char *P, size_t Plen,
+ const unsigned char *S, size_t Slen,
+ unsigned int c, unsigned char *DK, size_t dkLen)
{
- unsigned int hLen = 20;
- char U[20];
- char T[20];
- unsigned int u;
- unsigned int l;
- unsigned int r;
- unsigned int i;
- unsigned int k;
- int rc;
- char *tmp;
- size_t tmplen = Slen + 4;
-
- if (c == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (dkLen == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- /*
- *
- * Steps:
- *
- * 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
- * stop.
- */
-
- if (dkLen > 4294967295U)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /*
- * 2. Let l be the number of hLen-octet blocks in the derived key,
- * rounding up, and let r be the number of octets in the last
- * block:
- *
- * l = CEIL (dkLen / hLen) ,
- * r = dkLen - (l - 1) * hLen .
- *
- * Here, CEIL (x) is the "ceiling" function, i.e. the smallest
- * integer greater than, or equal to, x.
- */
-
- l = ((dkLen - 1) / hLen) + 1;
- r = dkLen - (l - 1) * hLen;
-
- /*
- * 3. For each block of the derived key apply the function F defined
- * below to the password P, the salt S, the iteration count c, and
- * the block index to compute the block:
- *
- * T_1 = F (P, S, c, 1) ,
- * T_2 = F (P, S, c, 2) ,
- * ...
- * T_l = F (P, S, c, l) ,
- *
- * where the function F is defined as the exclusive-or sum of the
- * first c iterates of the underlying pseudorandom function PRF
- * applied to the password P and the concatenation of the salt S
- * and the block index i:
- *
- * F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
- *
- * where
- *
- * U_1 = PRF (P, S || INT (i)) ,
- * U_2 = PRF (P, U_1) ,
- * ...
- * U_c = PRF (P, U_{c-1}) .
- *
- * Here, INT (i) is a four-octet encoding of the integer i, most
- * significant octet first.
- *
- * 4. Concatenate the blocks and extract the first dkLen octets to
- * produce a derived key DK:
- *
- * DK = T_1 || T_2 || ... || T_l<0..r-1>
- *
- * 5. Output the derived key DK.
- *
- * Note. The construction of the function F follows a "belt-and-
- * suspenders" approach. The iterates U_i are computed recursively to
- * remove a degree of parallelism from an opponent; they are exclusive-
- * ored together to reduce concerns about the recursion degenerating
- * into a small set of values.
- *
- */
-
- tmp = gnutls_malloc (tmplen);
- if (tmp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (tmp, S, Slen);
-
- for (i = 1; i <= l; i++)
- {
- memset (T, 0, hLen);
-
- for (u = 1; u <= c; u++)
- {
- if (u == 1)
- {
- tmp[Slen + 0] = (i & 0xff000000) >> 24;
- tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
- tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
- tmp[Slen + 3] = (i & 0x000000ff) >> 0;
-
- rc =
- _gnutls_mac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
- }
- else
- rc = _gnutls_mac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
-
- if (rc < 0)
- {
- gnutls_free (tmp);
- return rc;
- }
-
- for (k = 0; k < hLen; k++)
- T[k] ^= U[k];
- }
-
- memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
- }
-
- gnutls_free (tmp);
-
- return 0;
+ unsigned int hLen = 20;
+ char U[20];
+ char T[20];
+ unsigned int u;
+ unsigned int l;
+ unsigned int r;
+ unsigned int i;
+ unsigned int k;
+ int rc;
+ char *tmp;
+ size_t tmplen = Slen + 4;
+
+ if (c == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (dkLen == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ /*
+ *
+ * Steps:
+ *
+ * 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
+ * stop.
+ */
+
+ if (dkLen > 4294967295U) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /*
+ * 2. Let l be the number of hLen-octet blocks in the derived key,
+ * rounding up, and let r be the number of octets in the last
+ * block:
+ *
+ * l = CEIL (dkLen / hLen) ,
+ * r = dkLen - (l - 1) * hLen .
+ *
+ * Here, CEIL (x) is the "ceiling" function, i.e. the smallest
+ * integer greater than, or equal to, x.
+ */
+
+ l = ((dkLen - 1) / hLen) + 1;
+ r = dkLen - (l - 1) * hLen;
+
+ /*
+ * 3. For each block of the derived key apply the function F defined
+ * below to the password P, the salt S, the iteration count c, and
+ * the block index to compute the block:
+ *
+ * T_1 = F (P, S, c, 1) ,
+ * T_2 = F (P, S, c, 2) ,
+ * ...
+ * T_l = F (P, S, c, l) ,
+ *
+ * where the function F is defined as the exclusive-or sum of the
+ * first c iterates of the underlying pseudorandom function PRF
+ * applied to the password P and the concatenation of the salt S
+ * and the block index i:
+ *
+ * F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
+ *
+ * where
+ *
+ * U_1 = PRF (P, S || INT (i)) ,
+ * U_2 = PRF (P, U_1) ,
+ * ...
+ * U_c = PRF (P, U_{c-1}) .
+ *
+ * Here, INT (i) is a four-octet encoding of the integer i, most
+ * significant octet first.
+ *
+ * 4. Concatenate the blocks and extract the first dkLen octets to
+ * produce a derived key DK:
+ *
+ * DK = T_1 || T_2 || ... || T_l<0..r-1>
+ *
+ * 5. Output the derived key DK.
+ *
+ * Note. The construction of the function F follows a "belt-and-
+ * suspenders" approach. The iterates U_i are computed recursively to
+ * remove a degree of parallelism from an opponent; they are exclusive-
+ * ored together to reduce concerns about the recursion degenerating
+ * into a small set of values.
+ *
+ */
+
+ tmp = gnutls_malloc(tmplen);
+ if (tmp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(tmp, S, Slen);
+
+ for (i = 1; i <= l; i++) {
+ memset(T, 0, hLen);
+
+ for (u = 1; u <= c; u++) {
+ if (u == 1) {
+ tmp[Slen + 0] = (i & 0xff000000) >> 24;
+ tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
+ tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
+ tmp[Slen + 3] = (i & 0x000000ff) >> 0;
+
+ rc = _gnutls_mac_fast(GNUTLS_MAC_SHA1, P,
+ Plen, tmp, tmplen,
+ U);
+ } else
+ rc = _gnutls_mac_fast(GNUTLS_MAC_SHA1, P,
+ Plen, U, hLen, U);
+
+ if (rc < 0) {
+ gnutls_free(tmp);
+ return rc;
+ }
+
+ for (k = 0; k < hLen; k++)
+ T[k] ^= U[k];
+ }
+
+ memcpy(DK + (i - 1) * hLen, T, i == l ? r : hLen);
+ }
+
+ gnutls_free(tmp);
+
+ return 0;
}
diff --git a/lib/x509/pbkdf2-sha1.h b/lib/x509/pbkdf2-sha1.h
index 8ea3f18558..a874392f5f 100644
--- a/lib/x509/pbkdf2-sha1.h
+++ b/lib/x509/pbkdf2-sha1.h
@@ -16,6 +16,6 @@
*/
-int _gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
- const unsigned char *S, size_t Slen,
- unsigned int c, unsigned char *DK, size_t dkLen);
+int _gnutls_pbkdf2_sha1(const char *P, size_t Plen,
+ const unsigned char *S, size_t Slen,
+ unsigned int c, unsigned char *DK, size_t dkLen);
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index f169afeb81..7ccdcc23bc 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -41,84 +41,81 @@
* which holds them. Returns an ASN1_TYPE of authenticatedSafe.
*/
static int
-_decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
- gnutls_datum_t * raw)
+_decode_pkcs12_auth_safe(ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
+ gnutls_datum_t * raw)
{
- char oid[MAX_OID_SIZE];
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- gnutls_datum_t auth_safe = { NULL, 0 };
- int len, result;
- char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (pkcs12, "authSafe.contentType", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (strcmp (oid, DATA_OID) != 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Unknown PKCS12 Content OID '%s'\n", oid);
- return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
- }
-
- /* Step 1. Read the content data
- */
-
- result =
- _gnutls_x509_read_string (pkcs12, "authSafe.content", &auth_safe, ASN1_ETYPE_OCTET_STRING);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Step 2. Extract the authenticatedSafe.
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&c2, auth_safe.data, auth_safe.size, error_str);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_debug_log ("DER error: %s\n", error_str);
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (raw == NULL)
- {
- _gnutls_free_datum (&auth_safe);
- }
- else
- {
- raw->data = auth_safe.data;
- raw->size = auth_safe.size;
- }
-
- if (authen_safe)
- *authen_safe = c2;
- else
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- _gnutls_free_datum (&auth_safe);
- return result;
+ char oid[MAX_OID_SIZE];
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_datum_t auth_safe = { NULL, 0 };
+ int len, result;
+ char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(pkcs12, "authSafe.contentType", oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (strcmp(oid, DATA_OID) != 0) {
+ gnutls_assert();
+ _gnutls_debug_log("Unknown PKCS12 Content OID '%s'\n",
+ oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
+ /* Step 1. Read the content data
+ */
+
+ result =
+ _gnutls_x509_read_string(pkcs12, "authSafe.content",
+ &auth_safe, ASN1_ETYPE_OCTET_STRING);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Step 2. Extract the authenticatedSafe.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding(&c2, auth_safe.data, auth_safe.size,
+ error_str);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_debug_log("DER error: %s\n", error_str);
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw == NULL) {
+ _gnutls_free_datum(&auth_safe);
+ } else {
+ raw->data = auth_safe.data;
+ raw->size = auth_safe.size;
+ }
+
+ if (authen_safe)
+ *authen_safe = c2;
+ else
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ _gnutls_free_datum(&auth_safe);
+ return result;
}
/**
@@ -132,25 +129,22 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12)
+int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12)
{
- *pkcs12 = gnutls_calloc (1, sizeof (gnutls_pkcs12_int));
-
- if (*pkcs12)
- {
- int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PFX",
- &(*pkcs12)->pkcs12);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*pkcs12);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ *pkcs12 = gnutls_calloc(1, sizeof(gnutls_pkcs12_int));
+
+ if (*pkcs12) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-PFX",
+ &(*pkcs12)->pkcs12);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*pkcs12);
+ return _gnutls_asn2err(result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -159,16 +153,15 @@ gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12)
*
* This function will deinitialize a PKCS12 structure.
**/
-void
-gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12)
+void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12)
{
- if (!pkcs12)
- return;
+ if (!pkcs12)
+ return;
- if (pkcs12->pkcs12)
- asn1_delete_structure (&pkcs12->pkcs12);
+ if (pkcs12->pkcs12)
+ asn1_delete_structure(&pkcs12->pkcs12);
- gnutls_free (pkcs12);
+ gnutls_free(pkcs12);
}
/**
@@ -187,58 +180,56 @@ gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12)
* negative error value.
**/
int
-gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format, unsigned int flags)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
- char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- _data.data = data->data;
- _data.size = data->size;
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* If the PKCS12 is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- result = _gnutls_fbase64_decode (PEM_PKCS12, data->data, data->size,
- &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
-
- result =
- asn1_der_decoding (&pkcs12->pkcs12, _data.data, _data.size, error_str);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- _gnutls_debug_log ("DER error: %s\n", error_str);
- gnutls_assert ();
- goto cleanup;
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- return 0;
-
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+ char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* If the PKCS12 is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ result =
+ _gnutls_fbase64_decode(PEM_PKCS12, data->data,
+ data->size, &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ }
+
+ result =
+ asn1_der_decoding(&pkcs12->pkcs12, _data.data, _data.size,
+ error_str);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ _gnutls_debug_log("DER error: %s\n", error_str);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
@@ -263,18 +254,17 @@ cleanup:
* returned, and 0 on success.
**/
int
-gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int (pkcs12->pkcs12, format, PEM_PKCS12,
- output_data, output_data_size);
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(pkcs12->pkcs12, format, PEM_PKCS12,
+ output_data, output_data_size);
}
/**
@@ -296,281 +286,276 @@ gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
* Since: 3.1.3
**/
int
-gnutls_pkcs12_export2 (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int2 (pkcs12->pkcs12, format, PEM_PKCS12, out);
+ return _gnutls_x509_export_int2(pkcs12->pkcs12, format, PEM_PKCS12,
+ out);
}
-static int
-oid2bag (const char *oid)
+static int oid2bag(const char *oid)
{
- if (strcmp (oid, BAG_PKCS8_KEY) == 0)
- return GNUTLS_BAG_PKCS8_KEY;
- if (strcmp (oid, BAG_PKCS8_ENCRYPTED_KEY) == 0)
- return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY;
- if (strcmp (oid, BAG_CERTIFICATE) == 0)
- return GNUTLS_BAG_CERTIFICATE;
- if (strcmp (oid, BAG_CRL) == 0)
- return GNUTLS_BAG_CRL;
- if (strcmp (oid, BAG_SECRET) == 0)
- return GNUTLS_BAG_SECRET;
-
- return GNUTLS_BAG_UNKNOWN;
+ if (strcmp(oid, BAG_PKCS8_KEY) == 0)
+ return GNUTLS_BAG_PKCS8_KEY;
+ if (strcmp(oid, BAG_PKCS8_ENCRYPTED_KEY) == 0)
+ return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY;
+ if (strcmp(oid, BAG_CERTIFICATE) == 0)
+ return GNUTLS_BAG_CERTIFICATE;
+ if (strcmp(oid, BAG_CRL) == 0)
+ return GNUTLS_BAG_CRL;
+ if (strcmp(oid, BAG_SECRET) == 0)
+ return GNUTLS_BAG_SECRET;
+
+ return GNUTLS_BAG_UNKNOWN;
}
-static const char *
-bag_to_oid (int bag)
+static const char *bag_to_oid(int bag)
{
- switch (bag)
- {
- case GNUTLS_BAG_PKCS8_KEY:
- return BAG_PKCS8_KEY;
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- return BAG_PKCS8_ENCRYPTED_KEY;
- case GNUTLS_BAG_CERTIFICATE:
- return BAG_CERTIFICATE;
- case GNUTLS_BAG_CRL:
- return BAG_CRL;
- case GNUTLS_BAG_SECRET:
- return BAG_SECRET;
- }
- return NULL;
+ switch (bag) {
+ case GNUTLS_BAG_PKCS8_KEY:
+ return BAG_PKCS8_KEY;
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ return BAG_PKCS8_ENCRYPTED_KEY;
+ case GNUTLS_BAG_CERTIFICATE:
+ return BAG_CERTIFICATE;
+ case GNUTLS_BAG_CRL:
+ return BAG_CRL;
+ case GNUTLS_BAG_SECRET:
+ return BAG_SECRET;
+ }
+ return NULL;
}
/* Decodes the SafeContents, and puts the output in
* the given bag.
*/
int
-_pkcs12_decode_safe_contents (const gnutls_datum_t * content,
- gnutls_pkcs12_bag_t bag)
+_pkcs12_decode_safe_contents(const gnutls_datum_t * content,
+ gnutls_pkcs12_bag_t bag)
{
- char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE];
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int len, result;
- int bag_type;
- gnutls_datum_t attr_val;
- gnutls_datum_t t;
- int count = 0, i, attributes, j;
-
- /* Step 1. Extract the SEQUENCE.
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&c2, content->data, content->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Count the number of bags
- */
- result = asn1_number_of_elements (c2, "", &count);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- bag->bag_elements = MIN (MAX_BAG_ELEMENTS, count);
-
- for (i = 0; i < bag->bag_elements; i++)
- {
-
- snprintf (root, sizeof (root), "?%u.bagId", i + 1);
-
- len = sizeof (oid);
- result = asn1_read_value (c2, root, oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the Bag type
- */
- bag_type = oid2bag (oid);
-
- if (bag_type < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Read the Bag Value
- */
-
- snprintf (root, sizeof (root), "?%u.bagValue", i + 1);
-
- result = _gnutls_x509_read_value (c2, root, &bag->element[i].data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL
- || bag_type == GNUTLS_BAG_SECRET)
- {
- gnutls_datum_t tmp = bag->element[i].data;
-
- result =
- _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_free_datum (&tmp);
- }
-
- /* read the bag attributes
- */
- snprintf (root, sizeof (root), "?%u.bagAttributes", i + 1);
-
- result = asn1_number_of_elements (c2, root, &attributes);
- if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (attributes < 0)
- attributes = 1;
-
- if (result != ASN1_ELEMENT_NOT_FOUND)
- for (j = 0; j < attributes; j++)
- {
-
- snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1,
- j + 1);
-
- result =
- _gnutls_x509_decode_and_read_attribute (c2, root, oid,
- sizeof (oid), &attr_val,
- 1, 0);
-
- if (result < 0)
- {
- gnutls_assert ();
- continue; /* continue in case we find some known attributes */
- }
-
- if (strcmp (oid, KEY_ID_OID) == 0)
- {
- result =
- _gnutls_x509_decode_string (ASN1_ETYPE_OCTET_STRING, attr_val.data,
- attr_val.size, &t);
- _gnutls_free_datum (&attr_val);
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
- continue;
- }
-
- attr_val.data = t.data;
- attr_val.size = t.size;
-
- bag->element[i].local_key_id = attr_val;
- }
- else if (strcmp (oid, FRIENDLY_NAME_OID) == 0)
- {
- result =
- _gnutls_x509_decode_string (ASN1_ETYPE_BMP_STRING,
- attr_val.data, attr_val.size, &t);
- _gnutls_free_datum (&attr_val);
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
- continue;
- }
-
- attr_val.data = t.data;
- attr_val.size = t.size;
-
- bag->element[i].friendly_name = (char*)t.data;
- }
- else
- {
- _gnutls_free_datum (&attr_val);
- _gnutls_debug_log
- ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
- }
- }
-
-
- bag->element[i].type = bag_type;
-
- }
-
- asn1_delete_structure (&c2);
-
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE];
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int len, result;
+ int bag_type;
+ gnutls_datum_t attr_val;
+ gnutls_datum_t t;
+ int count = 0, i, attributes, j;
+
+ /* Step 1. Extract the SEQUENCE.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding(&c2, content->data, content->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Count the number of bags
+ */
+ result = asn1_number_of_elements(c2, "", &count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ bag->bag_elements = MIN(MAX_BAG_ELEMENTS, count);
+
+ for (i = 0; i < bag->bag_elements; i++) {
+
+ snprintf(root, sizeof(root), "?%u.bagId", i + 1);
+
+ len = sizeof(oid);
+ result = asn1_read_value(c2, root, oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the Bag type
+ */
+ bag_type = oid2bag(oid);
+
+ if (bag_type < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Read the Bag Value
+ */
+
+ snprintf(root, sizeof(root), "?%u.bagValue", i + 1);
+
+ result =
+ _gnutls_x509_read_value(c2, root,
+ &bag->element[i].data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (bag_type == GNUTLS_BAG_CERTIFICATE
+ || bag_type == GNUTLS_BAG_CRL
+ || bag_type == GNUTLS_BAG_SECRET) {
+ gnutls_datum_t tmp = bag->element[i].data;
+
+ result =
+ _pkcs12_decode_crt_bag(bag_type, &tmp,
+ &bag->element[i].data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum(&tmp);
+ }
+
+ /* read the bag attributes
+ */
+ snprintf(root, sizeof(root), "?%u.bagAttributes", i + 1);
+
+ result = asn1_number_of_elements(c2, root, &attributes);
+ if (result != ASN1_SUCCESS
+ && result != ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (attributes < 0)
+ attributes = 1;
+
+ if (result != ASN1_ELEMENT_NOT_FOUND)
+ for (j = 0; j < attributes; j++) {
+
+ snprintf(root, sizeof(root),
+ "?%u.bagAttributes.?%u", i + 1,
+ j + 1);
+
+ result =
+ _gnutls_x509_decode_and_read_attribute
+ (c2, root, oid, sizeof(oid), &attr_val,
+ 1, 0);
+
+ if (result < 0) {
+ gnutls_assert();
+ continue; /* continue in case we find some known attributes */
+ }
+
+ if (strcmp(oid, KEY_ID_OID) == 0) {
+ result =
+ _gnutls_x509_decode_string
+ (ASN1_ETYPE_OCTET_STRING,
+ attr_val.data, attr_val.size,
+ &t);
+ _gnutls_free_datum(&attr_val);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Error decoding PKCS12 Bag Attribute OID '%s'\n",
+ oid);
+ continue;
+ }
+
+ attr_val.data = t.data;
+ attr_val.size = t.size;
+
+ bag->element[i].local_key_id =
+ attr_val;
+ } else if (strcmp(oid, FRIENDLY_NAME_OID)
+ == 0) {
+ result =
+ _gnutls_x509_decode_string
+ (ASN1_ETYPE_BMP_STRING,
+ attr_val.data, attr_val.size,
+ &t);
+ _gnutls_free_datum(&attr_val);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Error decoding PKCS12 Bag Attribute OID '%s'\n",
+ oid);
+ continue;
+ }
+
+ attr_val.data = t.data;
+ attr_val.size = t.size;
+
+ bag->element[i].friendly_name =
+ (char *) t.data;
+ } else {
+ _gnutls_free_datum(&attr_val);
+ _gnutls_debug_log
+ ("Unknown PKCS12 Bag Attribute OID '%s'\n",
+ oid);
+ }
+ }
+
+
+ bag->element[i].type = bag_type;
+
+ }
+
+ asn1_delete_structure(&c2);
+
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
static int
-_parse_safe_contents (ASN1_TYPE sc, const char *sc_name,
- gnutls_pkcs12_bag_t bag)
+_parse_safe_contents(ASN1_TYPE sc, const char *sc_name,
+ gnutls_pkcs12_bag_t bag)
{
- gnutls_datum_t content = { NULL, 0 };
- int result;
+ gnutls_datum_t content = { NULL, 0 };
+ int result;
- /* Step 1. Extract the content.
- */
+ /* Step 1. Extract the content.
+ */
- result = _gnutls_x509_read_string (sc, sc_name, &content, ASN1_ETYPE_OCTET_STRING);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ result =
+ _gnutls_x509_read_string(sc, sc_name, &content,
+ ASN1_ETYPE_OCTET_STRING);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _pkcs12_decode_safe_contents (&content, bag);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ result = _pkcs12_decode_safe_contents(&content, bag);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- _gnutls_free_datum (&content);
+ _gnutls_free_datum(&content);
- return 0;
+ return 0;
-cleanup:
- _gnutls_free_datum (&content);
- return result;
+ cleanup:
+ _gnutls_free_datum(&content);
+ return result;
}
@@ -589,137 +574,128 @@ cleanup:
* negative error value.
**/
int
-gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
- int indx, gnutls_pkcs12_bag_t bag)
+gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12,
+ int indx, gnutls_pkcs12_bag_t bag)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len;
- char root2[ASN1_MAX_NAME_SIZE];
- char oid[MAX_OID_SIZE];
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Step 1. decode the data.
- */
- result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Parse the AuthenticatedSafe
- */
-
- snprintf (root2, sizeof (root2), "?%u.contentType", indx + 1);
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (c2, root2, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto cleanup;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Not encrypted Bag
- */
-
- snprintf (root2, sizeof (root2), "?%u.content", indx + 1);
-
- if (strcmp (oid, DATA_OID) == 0)
- {
- result = _parse_safe_contents (c2, root2, bag);
- goto cleanup;
- }
-
- /* ENC_DATA_OID needs decryption */
-
- bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
- bag->bag_elements = 1;
-
- result = _gnutls_x509_read_value (c2, root2, &bag->element[0].data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len;
+ char root2[ASN1_MAX_NAME_SIZE];
+ char oid[MAX_OID_SIZE];
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Step 1. decode the data.
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Parse the AuthenticatedSafe
+ */
+
+ snprintf(root2, sizeof(root2), "?%u.contentType", indx + 1);
+
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(c2, root2, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto cleanup;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Not encrypted Bag
+ */
+
+ snprintf(root2, sizeof(root2), "?%u.content", indx + 1);
+
+ if (strcmp(oid, DATA_OID) == 0) {
+ result = _parse_safe_contents(c2, root2, bag);
+ goto cleanup;
+ }
+
+ /* ENC_DATA_OID needs decryption */
+
+ bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+ bag->bag_elements = 1;
+
+ result = _gnutls_x509_read_value(c2, root2, &bag->element[0].data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/* Creates an empty PFX structure for the PKCS12 structure.
*/
-static int
-create_empty_pfx (ASN1_TYPE pkcs12)
+static int create_empty_pfx(ASN1_TYPE pkcs12)
{
- uint8_t three = 3;
- int result;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- /* Use version 3
- */
- result = asn1_write_value (pkcs12, "version", &three, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Write the content type of the data
- */
- result = asn1_write_value (pkcs12, "authSafe.contentType", DATA_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Check if the authenticatedSafe content is empty, and encode a
- * null one in that case.
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs12, "authSafe.content", 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- asn1_delete_structure (&c2);
- return result;
+ uint8_t three = 3;
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ /* Use version 3
+ */
+ result = asn1_write_value(pkcs12, "version", &three, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write the content type of the data
+ */
+ result =
+ asn1_write_value(pkcs12, "authSafe.contentType", DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Check if the authenticatedSafe content is empty, and encode a
+ * null one in that case.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs12,
+ "authSafe.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -733,126 +709,117 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag)
+int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
- int result;
- int enc = 0, dum = 1;
- char null;
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Step 1. Check if the pkcs12 structure is empty. In that
- * case generate an empty PFX.
- */
- result = asn1_read_value (pkcs12->pkcs12, "authSafe.content", &null, &dum);
- if (result == ASN1_VALUE_NOT_FOUND)
- {
- result = create_empty_pfx (pkcs12->pkcs12);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* Step 2. decode the authenticatedSafe.
- */
- result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 3. Encode the bag elements into a SafeContents
- * structure.
- */
- result = _pkcs12_encode_safe_contents (bag, &safe_cont, &enc);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
- * structure.
- */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (enc)
- result = asn1_write_value (c2, "?LAST.contentType", ENC_DATA_OID, 1);
- else
- result = asn1_write_value (c2, "?LAST.contentType", DATA_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (enc)
- {
- /* Encrypted packets are written directly.
- */
- result =
- asn1_write_value (c2, "?LAST.content",
- bag->element[0].data.data,
- bag->element[0].data.size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
- else
- {
- result =
- _gnutls_x509_der_encode_and_copy (safe_cont, "", c2,
- "?LAST.content", 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- asn1_delete_structure (&safe_cont);
-
-
- /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
- * structure.
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs12->pkcs12,
- "authSafe.content", 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- asn1_delete_structure (&c2);
- asn1_delete_structure (&safe_cont);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
+ int result;
+ int enc = 0, dum = 1;
+ char null;
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Step 1. Check if the pkcs12 structure is empty. In that
+ * case generate an empty PFX.
+ */
+ result =
+ asn1_read_value(pkcs12->pkcs12, "authSafe.content", &null,
+ &dum);
+ if (result == ASN1_VALUE_NOT_FOUND) {
+ result = create_empty_pfx(pkcs12->pkcs12);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 2. decode the authenticatedSafe.
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 3. Encode the bag elements into a SafeContents
+ * structure.
+ */
+ result = _pkcs12_encode_safe_contents(bag, &safe_cont, &enc);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
+ * structure.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (enc)
+ result =
+ asn1_write_value(c2, "?LAST.contentType", ENC_DATA_OID,
+ 1);
+ else
+ result =
+ asn1_write_value(c2, "?LAST.contentType", DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (enc) {
+ /* Encrypted packets are written directly.
+ */
+ result =
+ asn1_write_value(c2, "?LAST.content",
+ bag->element[0].data.data,
+ bag->element[0].data.size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ } else {
+ result =
+ _gnutls_x509_der_encode_and_copy(safe_cont, "", c2,
+ "?LAST.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ asn1_delete_structure(&safe_cont);
+
+
+ /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
+ * structure.
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs12->pkcs12,
+ "authSafe.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ asn1_delete_structure(&safe_cont);
+ return result;
}
/**
@@ -865,128 +832,119 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
+int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass)
{
- uint8_t salt[8], key[20];
- int result;
- const int iter = 1;
- mac_hd_st td1;
- gnutls_datum_t tmp = { NULL, 0 };
- uint8_t sha_mac[20];
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Generate the salt.
- */
- result = _gnutls_rnd (GNUTLS_RND_NONCE, salt, sizeof (salt));
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Write the salt into the structure.
- */
- result =
- asn1_write_value (pkcs12->pkcs12, "macData.macSalt", salt, sizeof (salt));
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* write the iterations
- */
-
- if (iter > 1)
- {
- result =
- _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations",
- iter);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- /* Generate the key.
- */
- result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt),
- iter, pass, sizeof (key), key);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Get the data to be MACed
- */
- result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* MAC the data
- */
- result = _gnutls_mac_init (&td1, mac_to_entry(GNUTLS_MAC_SHA1),
- key, sizeof (key));
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_mac (&td1, tmp.data, tmp.size);
- _gnutls_free_datum (&tmp);
-
- _gnutls_mac_deinit (&td1, sha_mac);
-
-
- result =
- asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac,
- sizeof (sha_mac));
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result =
- asn1_write_value (pkcs12->pkcs12,
- "macData.mac.digestAlgorithm.parameters", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result =
- asn1_write_value (pkcs12->pkcs12,
- "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1,
- 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum (&tmp);
- return result;
+ uint8_t salt[8], key[20];
+ int result;
+ const int iter = 1;
+ mac_hd_st td1;
+ gnutls_datum_t tmp = { NULL, 0 };
+ uint8_t sha_mac[20];
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Generate the salt.
+ */
+ result = _gnutls_rnd(GNUTLS_RND_NONCE, salt, sizeof(salt));
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Write the salt into the structure.
+ */
+ result =
+ asn1_write_value(pkcs12->pkcs12, "macData.macSalt", salt,
+ sizeof(salt));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* write the iterations
+ */
+
+ if (iter > 1) {
+ result =
+ _gnutls_x509_write_uint32(pkcs12->pkcs12,
+ "macData.iterations", iter);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ /* Generate the key.
+ */
+ result =
+ _gnutls_pkcs12_string_to_key(3 /*MAC*/, salt, sizeof(salt),
+ iter, pass, sizeof(key), key);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Get the data to be MACed
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, NULL, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* MAC the data
+ */
+ result = _gnutls_mac_init(&td1, mac_to_entry(GNUTLS_MAC_SHA1),
+ key, sizeof(key));
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_mac(&td1, tmp.data, tmp.size);
+ _gnutls_free_datum(&tmp);
+
+ _gnutls_mac_deinit(&td1, sha_mac);
+
+
+ result =
+ asn1_write_value(pkcs12->pkcs12, "macData.mac.digest", sha_mac,
+ sizeof(sha_mac));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(pkcs12->pkcs12,
+ "macData.mac.digestAlgorithm.parameters",
+ NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(pkcs12->pkcs12,
+ "macData.mac.digestAlgorithm.algorithm",
+ HASH_OID_SHA1, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ return result;
}
/**
@@ -999,216 +957,201 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
+int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass)
{
- uint8_t key[20];
- int result;
- unsigned int iter;
- int len;
- mac_hd_st td1;
- gnutls_datum_t tmp = { NULL, 0 }, salt =
- {
- NULL, 0};
- uint8_t sha_mac[20];
- uint8_t sha_mac_orig[20];
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* read the iterations
- */
-
- result =
- _gnutls_x509_read_uint (pkcs12->pkcs12, "macData.iterations", &iter);
- if (result < 0)
- {
- iter = 1; /* the default */
- }
-
-
- /* Read the salt from the structure.
- */
- result =
- _gnutls_x509_read_value (pkcs12->pkcs12, "macData.macSalt", &salt);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Generate the key.
- */
- result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt.data, salt.size,
- iter, pass, sizeof (key), key);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_free_datum (&salt);
-
- /* Get the data to be MACed
- */
- result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* MAC the data
- */
- result = _gnutls_mac_init (&td1, mac_to_entry(GNUTLS_MAC_SHA1),
- key, sizeof (key));
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_mac (&td1, tmp.data, tmp.size);
- _gnutls_free_datum (&tmp);
-
- _gnutls_mac_deinit (&td1, sha_mac);
-
- len = sizeof (sha_mac_orig);
- result =
- asn1_read_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig,
- &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (memcmp (sha_mac_orig, sha_mac, sizeof (sha_mac)) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MAC_VERIFY_FAILED;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum (&tmp);
- _gnutls_free_datum (&salt);
- return result;
+ uint8_t key[20];
+ int result;
+ unsigned int iter;
+ int len;
+ mac_hd_st td1;
+ gnutls_datum_t tmp = { NULL, 0 }, salt = {
+ NULL, 0};
+ uint8_t sha_mac[20];
+ uint8_t sha_mac_orig[20];
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read the iterations
+ */
+
+ result =
+ _gnutls_x509_read_uint(pkcs12->pkcs12, "macData.iterations",
+ &iter);
+ if (result < 0) {
+ iter = 1; /* the default */
+ }
+
+
+ /* Read the salt from the structure.
+ */
+ result =
+ _gnutls_x509_read_value(pkcs12->pkcs12, "macData.macSalt",
+ &salt);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Generate the key.
+ */
+ result =
+ _gnutls_pkcs12_string_to_key(3 /*MAC*/, salt.data, salt.size,
+ iter, pass, sizeof(key), key);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum(&salt);
+
+ /* Get the data to be MACed
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, NULL, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* MAC the data
+ */
+ result = _gnutls_mac_init(&td1, mac_to_entry(GNUTLS_MAC_SHA1),
+ key, sizeof(key));
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_mac(&td1, tmp.data, tmp.size);
+ _gnutls_free_datum(&tmp);
+
+ _gnutls_mac_deinit(&td1, sha_mac);
+
+ len = sizeof(sha_mac_orig);
+ result =
+ asn1_read_value(pkcs12->pkcs12, "macData.mac.digest",
+ sha_mac_orig, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (memcmp(sha_mac_orig, sha_mac, sizeof(sha_mac)) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MAC_VERIFY_FAILED;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&salt);
+ return result;
}
static int
-write_attributes (gnutls_pkcs12_bag_t bag, int elem,
- ASN1_TYPE c2, const char *where)
+write_attributes(gnutls_pkcs12_bag_t bag, int elem,
+ ASN1_TYPE c2, const char *where)
{
- int result;
- char root[128];
-
- /* If the bag attributes are empty, then write
- * nothing to the attribute field.
- */
- if (bag->element[elem].friendly_name == NULL &&
- bag->element[elem].local_key_id.data == NULL)
- {
- /* no attributes
- */
- result = asn1_write_value (c2, where, NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
- }
-
- if (bag->element[elem].local_key_id.data != NULL)
- {
-
- /* Add a new Attribute
- */
- result = asn1_write_value (c2, where, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (root, sizeof (root), where);
- _gnutls_str_cat (root, sizeof (root), ".?LAST");
-
- result =
- _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root,
- bag->
- element[elem].local_key_id.
- data,
- bag->
- element[elem].local_key_id.
- size, 1);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- if (bag->element[elem].friendly_name != NULL)
- {
- uint8_t *name;
- int size, i;
- const char *p;
-
- /* Add a new Attribute
- */
- result = asn1_write_value (c2, where, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* convert name to BMPString
- */
- size = strlen (bag->element[elem].friendly_name) * 2;
- name = gnutls_malloc (size);
-
- if (name == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p = bag->element[elem].friendly_name;
- for (i = 0; i < size; i += 2)
- {
- name[i] = 0;
- name[i + 1] = *p;
- p++;
- }
-
- _gnutls_str_cpy (root, sizeof (root), where);
- _gnutls_str_cat (root, sizeof (root), ".?LAST");
-
- result =
- _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2,
- root, name, size, 1);
-
- gnutls_free (name);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- return 0;
+ int result;
+ char root[128];
+
+ /* If the bag attributes are empty, then write
+ * nothing to the attribute field.
+ */
+ if (bag->element[elem].friendly_name == NULL &&
+ bag->element[elem].local_key_id.data == NULL) {
+ /* no attributes
+ */
+ result = asn1_write_value(c2, where, NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
+ }
+
+ if (bag->element[elem].local_key_id.data != NULL) {
+
+ /* Add a new Attribute
+ */
+ result = asn1_write_value(c2, where, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(root, sizeof(root), where);
+ _gnutls_str_cat(root, sizeof(root), ".?LAST");
+
+ result =
+ _gnutls_x509_encode_and_write_attribute(KEY_ID_OID, c2,
+ root,
+ bag->element
+ [elem].
+ local_key_id.data,
+ bag->element
+ [elem].
+ local_key_id.size,
+ 1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ if (bag->element[elem].friendly_name != NULL) {
+ uint8_t *name;
+ int size, i;
+ const char *p;
+
+ /* Add a new Attribute
+ */
+ result = asn1_write_value(c2, where, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* convert name to BMPString
+ */
+ size = strlen(bag->element[elem].friendly_name) * 2;
+ name = gnutls_malloc(size);
+
+ if (name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p = bag->element[elem].friendly_name;
+ for (i = 0; i < size; i += 2) {
+ name[i] = 0;
+ name[i + 1] = *p;
+ p++;
+ }
+
+ _gnutls_str_cpy(root, sizeof(root), where);
+ _gnutls_str_cat(root, sizeof(root), ".?LAST");
+
+ result =
+ _gnutls_x509_encode_and_write_attribute
+ (FRIENDLY_NAME_OID, c2, root, name, size, 1);
+
+ gnutls_free(name);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ return 0;
}
@@ -1216,125 +1159,118 @@ write_attributes (gnutls_pkcs12_bag_t bag, int elem,
* the given datum. Enc is set to non-zero if the data are encrypted;
*/
int
-_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents,
- int *enc)
+_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents,
+ int *enc)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- int i;
- const char *oid;
-
- if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc)
- {
- *enc = 1;
- return 0; /* ENCRYPTED BAG, do nothing. */
- }
- else if (enc)
- *enc = 0;
-
- /* Step 1. Create the SEQUENCE.
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- for (i = 0; i < bag->bag_elements; i++)
- {
-
- oid = bag_to_oid (bag->element[i].type);
- if (oid == NULL)
- {
- gnutls_assert ();
- continue;
- }
-
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Copy the bag type.
- */
- result = asn1_write_value (c2, "?LAST.bagId", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Set empty attributes
- */
- result = write_attributes (bag, i, c2, "?LAST.bagAttributes");
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
-
- /* Copy the Bag Value
- */
-
- if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
- bag->element[i].type == GNUTLS_BAG_SECRET ||
- bag->element[i].type == GNUTLS_BAG_CRL)
- {
- gnutls_datum_t tmp;
-
- /* in that case encode it to a CertBag or
- * a CrlBag.
- */
-
- result =
- _pkcs12_encode_crt_bag (bag->element[i].type,
- &bag->element[i].data, &tmp);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp);
-
- _gnutls_free_datum (&tmp);
-
- }
- else
- {
-
- result = _gnutls_x509_write_value (c2, "?LAST.bagValue",
- &bag->element[i].data);
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- }
-
- /* Encode the data and copy them into the datum
- */
- *contents = c2;
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ int i;
+ const char *oid;
+
+ if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc) {
+ *enc = 1;
+ return 0; /* ENCRYPTED BAG, do nothing. */
+ } else if (enc)
+ *enc = 0;
+
+ /* Step 1. Create the SEQUENCE.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ for (i = 0; i < bag->bag_elements; i++) {
+
+ oid = bag_to_oid(bag->element[i].type);
+ if (oid == NULL) {
+ gnutls_assert();
+ continue;
+ }
+
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Copy the bag type.
+ */
+ result = asn1_write_value(c2, "?LAST.bagId", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Set empty attributes
+ */
+ result =
+ write_attributes(bag, i, c2, "?LAST.bagAttributes");
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+
+ /* Copy the Bag Value
+ */
+
+ if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
+ bag->element[i].type == GNUTLS_BAG_SECRET ||
+ bag->element[i].type == GNUTLS_BAG_CRL) {
+ gnutls_datum_t tmp;
+
+ /* in that case encode it to a CertBag or
+ * a CrlBag.
+ */
+
+ result =
+ _pkcs12_encode_crt_bag(bag->element[i].type,
+ &bag->element[i].data,
+ &tmp);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_write_value(c2, "?LAST.bagValue",
+ &tmp);
+
+ _gnutls_free_datum(&tmp);
+
+ } else {
+
+ result =
+ _gnutls_x509_write_value(c2, "?LAST.bagValue",
+ &bag->element[i].
+ data);
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ }
+
+ /* Encode the data and copy them into the datum
+ */
+ *contents = c2;
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -1342,45 +1278,49 @@ cleanup:
* with the first certificate in chain (it is expected that chain_len==1)
* and appends those in the chain.
*/
-static int make_chain(gnutls_x509_crt_t **chain, unsigned int *chain_len,
- gnutls_x509_crt_t **extra_certs, unsigned int *extra_certs_len,
- unsigned int flags)
+static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len,
+ gnutls_x509_crt_t ** extra_certs,
+ unsigned int *extra_certs_len, unsigned int flags)
{
-unsigned int i;
-
- if (*chain_len != 1)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- i = 0;
- while(i<*extra_certs_len)
- {
- /* if it is an issuer but not a self-signed one */
- if (gnutls_x509_crt_check_issuer((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0)
- {
- if (!(flags & GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED) &&
- gnutls_x509_crt_check_issuer((*extra_certs)[i], (*extra_certs)[i]) != 0)
- goto skip;
-
- *chain = gnutls_realloc_fast (*chain, sizeof((*chain)[0]) *
- ++(*chain_len));
- if (*chain == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- (*chain)[*chain_len - 1] = (*extra_certs)[i];
-
- (*extra_certs)[i] = (*extra_certs)[*extra_certs_len-1];
- (*extra_certs_len)--;
-
- i=0;
- continue;
- }
-
-skip:
- i++;
- }
- return 0;
+ unsigned int i;
+
+ if (*chain_len != 1)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ i = 0;
+ while (i < *extra_certs_len) {
+ /* if it is an issuer but not a self-signed one */
+ if (gnutls_x509_crt_check_issuer
+ ((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0) {
+ if (!(flags & GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED)
+ &&
+ gnutls_x509_crt_check_issuer((*extra_certs)[i],
+ (*extra_certs)[i])
+ != 0)
+ goto skip;
+
+ *chain =
+ gnutls_realloc_fast(*chain,
+ sizeof((*chain)[0]) *
+ ++(*chain_len));
+ if (*chain == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ (*chain)[*chain_len - 1] = (*extra_certs)[i];
+
+ (*extra_certs)[i] =
+ (*extra_certs)[*extra_certs_len - 1];
+ (*extra_certs_len)--;
+
+ i = 0;
+ continue;
+ }
+
+ skip:
+ i++;
+ }
+ return 0;
}
/**
@@ -1433,413 +1373,385 @@ skip:
* Since: 3.1
**/
int
-gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
- const char *password,
- gnutls_x509_privkey_t * key,
- gnutls_x509_crt_t ** chain,
- unsigned int * chain_len,
- gnutls_x509_crt_t ** extra_certs,
- unsigned int * extra_certs_len,
- gnutls_x509_crl_t * crl,
- unsigned int flags)
+gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
+ const char *password,
+ gnutls_x509_privkey_t * key,
+ gnutls_x509_crt_t ** chain,
+ unsigned int *chain_len,
+ gnutls_x509_crt_t ** extra_certs,
+ unsigned int *extra_certs_len,
+ gnutls_x509_crl_t * crl, unsigned int flags)
{
- gnutls_pkcs12_bag_t bag = NULL;
- gnutls_x509_crt_t *_extra_certs = NULL;
- unsigned int _extra_certs_len = 0;
- gnutls_x509_crt_t *_chain = NULL;
- unsigned int _chain_len = 0;
- int idx = 0;
- int ret;
- size_t cert_id_size = 0;
- size_t key_id_size = 0;
- uint8_t cert_id[20];
- uint8_t key_id[20];
- int privkey_ok = 0;
- unsigned int i;
-
- *key = NULL;
-
- if (crl)
- *crl = NULL;
-
- /* find the first private key */
- for (;;)
- {
- int elements_in_bag;
- int i;
-
- ret = gnutls_pkcs12_bag_init (&bag);
- if (ret < 0)
- {
- bag = NULL;
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_get_bag (p12, idx, bag);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_type (bag, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- if (ret == GNUTLS_BAG_ENCRYPTED)
- {
- if (password == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_decrypt (bag, password);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
-
- elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
- if (elements_in_bag < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- for (i = 0; i < elements_in_bag; i++)
- {
- int type;
- gnutls_datum_t data;
-
- type = gnutls_pkcs12_bag_get_type (bag, i);
- if (type < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- switch (type)
- {
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- if (password == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- goto done;
- }
-
- case GNUTLS_BAG_PKCS8_KEY:
- if (*key != NULL) /* too simple to continue */
- {
- gnutls_assert ();
- break;
- }
-
- ret = gnutls_x509_privkey_init (key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_x509_privkey_import_pkcs8
- (*key, &data, GNUTLS_X509_FMT_DER, password,
- type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_privkey_deinit (*key);
- goto done;
- }
-
- key_id_size = sizeof (key_id);
- ret =
- gnutls_x509_privkey_get_key_id (*key, 0, key_id,
- &key_id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_privkey_deinit (*key);
- goto done;
- }
-
- privkey_ok = 1; /* break */
- break;
- default:
- break;
- }
- }
-
- idx++;
- gnutls_pkcs12_bag_deinit (bag);
-
- if (privkey_ok != 0) /* private key was found */
- break;
- }
-
- if (privkey_ok == 0) /* no private key */
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* now find the corresponding certificate
- */
- idx = 0;
- bag = NULL;
- for (;;)
- {
- int elements_in_bag;
- int i;
-
- ret = gnutls_pkcs12_bag_init (&bag);
- if (ret < 0)
- {
- bag = NULL;
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_get_bag (p12, idx, bag);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_type (bag, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- if (ret == GNUTLS_BAG_ENCRYPTED)
- {
- ret = gnutls_pkcs12_bag_decrypt (bag, password);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
-
- elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
- if (elements_in_bag < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- for (i = 0; i < elements_in_bag; i++)
- {
- int type;
- gnutls_datum_t data;
- gnutls_x509_crt_t this_cert;
-
- type = gnutls_pkcs12_bag_get_type (bag, i);
- if (type < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- switch (type)
- {
- case GNUTLS_BAG_CERTIFICATE:
- ret = gnutls_x509_crt_init (&this_cert);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret =
- gnutls_x509_crt_import (this_cert, &data, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (this_cert);
- goto done;
- }
-
- /* check if the key id match */
- cert_id_size = sizeof (cert_id);
- ret =
- gnutls_x509_crt_get_key_id (this_cert, 0, cert_id, &cert_id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (this_cert);
- goto done;
- }
-
- if (memcmp (cert_id, key_id, cert_id_size) != 0)
- { /* they don't match - skip the certificate */
- if (extra_certs)
- {
- _extra_certs = gnutls_realloc_fast (_extra_certs,
- sizeof(_extra_certs[0]) *
- ++_extra_certs_len);
- if (!_extra_certs)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto done;
- }
- _extra_certs[_extra_certs_len - 1] = this_cert;
- this_cert = NULL;
- }
- else
- {
- gnutls_x509_crt_deinit (this_cert);
- }
- }
- else
- {
- if (chain && _chain_len == 0)
- {
- _chain = gnutls_malloc (sizeof(_chain[0]) * (++_chain_len));
- if (!_chain)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto done;
- }
- _chain[_chain_len - 1] = this_cert;
- this_cert = NULL;
- }
- else
- {
- gnutls_x509_crt_deinit (this_cert);
- }
- }
- break;
-
- case GNUTLS_BAG_CRL:
- if (crl == NULL || *crl != NULL)
- {
- gnutls_assert ();
- break;
- }
-
- ret = gnutls_x509_crl_init (crl);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_x509_crl_import (*crl, &data, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crl_deinit (*crl);
- goto done;
- }
- break;
-
- case GNUTLS_BAG_ENCRYPTED:
- /* XXX Bother to recurse one level down? Unlikely to
- use the same password anyway. */
- case GNUTLS_BAG_EMPTY:
- default:
- break;
- }
- }
-
- idx++;
- gnutls_pkcs12_bag_deinit (bag);
- }
-
- if (chain != NULL)
- {
- if (_chain_len != 1)
- {
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto done;
- }
-
- ret = make_chain(&_chain, &_chain_len, &_extra_certs, &_extra_certs_len, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto done;
- }
- }
-
- ret = 0;
-
-done:
- if (bag)
- gnutls_pkcs12_bag_deinit (bag);
-
- if (ret < 0)
- {
- if (*key)
- gnutls_x509_privkey_deinit(*key);
- if (_extra_certs_len && _extra_certs != NULL)
- {
- for (i = 0; i < _extra_certs_len; i++)
- gnutls_x509_crt_deinit(_extra_certs[i]);
- gnutls_free(_extra_certs);
- }
- if (_chain_len && _chain != NULL)
- {
- for (i = 0; i < _chain_len; i++)
- gnutls_x509_crt_deinit(_chain[i]);
- gnutls_free(_chain);
- }
-
- return ret;
- }
-
- if (extra_certs && _extra_certs_len > 0)
- {
- *extra_certs = _extra_certs;
- *extra_certs_len = _extra_certs_len;
- }
- else
- {
- if (extra_certs)
- {
- *extra_certs = NULL;
- *extra_certs_len = 0;
- }
- for (i = 0; i < _extra_certs_len; i++)
- gnutls_x509_crt_deinit(_extra_certs[i]);
- gnutls_free(_extra_certs);
- }
-
- if (chain != NULL)
- {
- *chain = _chain;
- *chain_len = _chain_len;
- }
-
- return ret;
+ gnutls_pkcs12_bag_t bag = NULL;
+ gnutls_x509_crt_t *_extra_certs = NULL;
+ unsigned int _extra_certs_len = 0;
+ gnutls_x509_crt_t *_chain = NULL;
+ unsigned int _chain_len = 0;
+ int idx = 0;
+ int ret;
+ size_t cert_id_size = 0;
+ size_t key_id_size = 0;
+ uint8_t cert_id[20];
+ uint8_t key_id[20];
+ int privkey_ok = 0;
+ unsigned int i;
+
+ *key = NULL;
+
+ if (crl)
+ *crl = NULL;
+
+ /* find the first private key */
+ for (;;) {
+ int elements_in_bag;
+ int i;
+
+ ret = gnutls_pkcs12_bag_init(&bag);
+ if (ret < 0) {
+ bag = NULL;
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_get_bag(p12, idx, bag);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_type(bag, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ if (ret == GNUTLS_BAG_ENCRYPTED) {
+ if (password == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_decrypt(bag, password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ }
+
+ elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
+ if (elements_in_bag < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ for (i = 0; i < elements_in_bag; i++) {
+ int type;
+ gnutls_datum_t data;
+
+ type = gnutls_pkcs12_bag_get_type(bag, i);
+ if (type < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_data(bag, i, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ switch (type) {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ if (password == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+ goto done;
+ }
+
+ case GNUTLS_BAG_PKCS8_KEY:
+ if (*key != NULL) { /* too simple to continue */
+ gnutls_assert();
+ break;
+ }
+
+ ret = gnutls_x509_privkey_init(key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_x509_privkey_import_pkcs8
+ (*key, &data, GNUTLS_X509_FMT_DER,
+ password,
+ type ==
+ GNUTLS_BAG_PKCS8_KEY ?
+ GNUTLS_PKCS_PLAIN : 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_privkey_deinit(*key);
+ goto done;
+ }
+
+ key_id_size = sizeof(key_id);
+ ret =
+ gnutls_x509_privkey_get_key_id(*key, 0,
+ key_id,
+ &key_id_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_privkey_deinit(*key);
+ goto done;
+ }
+
+ privkey_ok = 1; /* break */
+ break;
+ default:
+ break;
+ }
+ }
+
+ idx++;
+ gnutls_pkcs12_bag_deinit(bag);
+
+ if (privkey_ok != 0) /* private key was found */
+ break;
+ }
+
+ if (privkey_ok == 0) { /* no private key */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* now find the corresponding certificate
+ */
+ idx = 0;
+ bag = NULL;
+ for (;;) {
+ int elements_in_bag;
+ int i;
+
+ ret = gnutls_pkcs12_bag_init(&bag);
+ if (ret < 0) {
+ bag = NULL;
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_get_bag(p12, idx, bag);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_type(bag, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ if (ret == GNUTLS_BAG_ENCRYPTED) {
+ ret = gnutls_pkcs12_bag_decrypt(bag, password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ }
+
+ elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
+ if (elements_in_bag < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ for (i = 0; i < elements_in_bag; i++) {
+ int type;
+ gnutls_datum_t data;
+ gnutls_x509_crt_t this_cert;
+
+ type = gnutls_pkcs12_bag_get_type(bag, i);
+ if (type < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_data(bag, i, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ switch (type) {
+ case GNUTLS_BAG_CERTIFICATE:
+ ret = gnutls_x509_crt_init(&this_cert);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret =
+ gnutls_x509_crt_import(this_cert,
+ &data,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(this_cert);
+ goto done;
+ }
+
+ /* check if the key id match */
+ cert_id_size = sizeof(cert_id);
+ ret =
+ gnutls_x509_crt_get_key_id(this_cert,
+ 0, cert_id,
+ &cert_id_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(this_cert);
+ goto done;
+ }
+
+ if (memcmp(cert_id, key_id, cert_id_size) != 0) { /* they don't match - skip the certificate */
+ if (extra_certs) {
+ _extra_certs =
+ gnutls_realloc_fast
+ (_extra_certs,
+ sizeof(_extra_certs
+ [0]) *
+ ++_extra_certs_len);
+ if (!_extra_certs) {
+ gnutls_assert();
+ ret =
+ GNUTLS_E_MEMORY_ERROR;
+ goto done;
+ }
+ _extra_certs
+ [_extra_certs_len -
+ 1] = this_cert;
+ this_cert = NULL;
+ } else {
+ gnutls_x509_crt_deinit
+ (this_cert);
+ }
+ } else {
+ if (chain && _chain_len == 0) {
+ _chain =
+ gnutls_malloc(sizeof
+ (_chain
+ [0]) *
+ (++_chain_len));
+ if (!_chain) {
+ gnutls_assert();
+ ret =
+ GNUTLS_E_MEMORY_ERROR;
+ goto done;
+ }
+ _chain[_chain_len - 1] =
+ this_cert;
+ this_cert = NULL;
+ } else {
+ gnutls_x509_crt_deinit
+ (this_cert);
+ }
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if (crl == NULL || *crl != NULL) {
+ gnutls_assert();
+ break;
+ }
+
+ ret = gnutls_x509_crl_init(crl);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret =
+ gnutls_x509_crl_import(*crl, &data,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crl_deinit(*crl);
+ goto done;
+ }
+ break;
+
+ case GNUTLS_BAG_ENCRYPTED:
+ /* XXX Bother to recurse one level down? Unlikely to
+ use the same password anyway. */
+ case GNUTLS_BAG_EMPTY:
+ default:
+ break;
+ }
+ }
+
+ idx++;
+ gnutls_pkcs12_bag_deinit(bag);
+ }
+
+ if (chain != NULL) {
+ if (_chain_len != 1) {
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto done;
+ }
+
+ ret =
+ make_chain(&_chain, &_chain_len, &_extra_certs,
+ &_extra_certs_len, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ }
+
+ ret = 0;
+
+ done:
+ if (bag)
+ gnutls_pkcs12_bag_deinit(bag);
+
+ if (ret < 0) {
+ if (*key)
+ gnutls_x509_privkey_deinit(*key);
+ if (_extra_certs_len && _extra_certs != NULL) {
+ for (i = 0; i < _extra_certs_len; i++)
+ gnutls_x509_crt_deinit(_extra_certs[i]);
+ gnutls_free(_extra_certs);
+ }
+ if (_chain_len && _chain != NULL) {
+ for (i = 0; i < _chain_len; i++)
+ gnutls_x509_crt_deinit(_chain[i]);
+ gnutls_free(_chain);
+ }
+
+ return ret;
+ }
+
+ if (extra_certs && _extra_certs_len > 0) {
+ *extra_certs = _extra_certs;
+ *extra_certs_len = _extra_certs_len;
+ } else {
+ if (extra_certs) {
+ *extra_certs = NULL;
+ *extra_certs_len = 0;
+ }
+ for (i = 0; i < _extra_certs_len; i++)
+ gnutls_x509_crt_deinit(_extra_certs[i]);
+ gnutls_free(_extra_certs);
+ }
+
+ if (chain != NULL) {
+ *chain = _chain;
+ *chain_len = _chain_len;
+ }
+
+ return ret;
}
diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
index a3a5149364..b77ea46cf4 100644
--- a/lib/x509/pkcs12_bag.c
+++ b/lib/x509/pkcs12_bag.c
@@ -42,31 +42,27 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag)
+int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag)
{
- *bag = gnutls_calloc (1, sizeof (gnutls_pkcs12_bag_int));
+ *bag = gnutls_calloc(1, sizeof(gnutls_pkcs12_bag_int));
- if (*bag)
- {
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ if (*bag) {
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
-static inline void
-_pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag)
+static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag)
{
- int i;
+ int i;
- for (i = 0; i < bag->bag_elements; i++)
- {
- _gnutls_free_datum (&bag->element[i].data);
- _gnutls_free_datum (&bag->element[i].local_key_id);
- gnutls_free (bag->element[i].friendly_name);
- bag->element[i].friendly_name = NULL;
- bag->element[i].type = 0;
- }
+ for (i = 0; i < bag->bag_elements; i++) {
+ _gnutls_free_datum(&bag->element[i].data);
+ _gnutls_free_datum(&bag->element[i].local_key_id);
+ gnutls_free(bag->element[i].friendly_name);
+ bag->element[i].friendly_name = NULL;
+ bag->element[i].type = 0;
+ }
}
@@ -77,15 +73,14 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag)
*
* This function will deinitialize a PKCS12 Bag structure.
**/
-void
-gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag)
+void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag)
{
- if (!bag)
- return;
+ if (!bag)
+ return;
- _pkcs12_bag_free_data (bag);
+ _pkcs12_bag_free_data(bag);
- gnutls_free (bag);
+ gnutls_free(bag);
}
/**
@@ -98,17 +93,16 @@ gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag)
* Returns: One of the #gnutls_pkcs12_bag_type_t enumerations.
**/
gnutls_pkcs12_bag_type_t
-gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx)
+gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t bag, int indx)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (indx >= bag->bag_elements)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- return bag->element[indx].type;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx >= bag->bag_elements)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return bag->element[indx].type;
}
/**
@@ -120,16 +114,14 @@ gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx)
* Returns: Number of elements in bag, or an negative error code on
* error.
**/
-int
-gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag)
+int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return bag->bag_elements;
+ return bag->bag_elements;
}
/**
@@ -146,22 +138,21 @@ gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag)
* negative error value.
**/
int
-gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * data)
+gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * data)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx >= bag->bag_elements)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ if (indx >= bag->bag_elements)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- data->data = bag->element[indx].data.data;
- data->size = bag->element[indx].data.size;
+ data->data = bag->element[indx].data.data;
+ data->size = bag->element[indx].data.size;
- return 0;
+ return 0;
}
#define X509_CERT_OID "1.2.840.113549.1.9.22.1"
@@ -169,220 +160,213 @@ gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
#define RANDOM_NONCE_OID "1.2.840.113549.1.9.25.3"
int
-_pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * in, gnutls_datum_t * out)
+_pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * in, gnutls_datum_t * out)
{
- int ret;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- switch (type)
- {
- case GNUTLS_BAG_CERTIFICATE:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CertBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_read_string (c2, "certValue", out, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- case GNUTLS_BAG_CRL:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CRLBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_read_string (c2, "crlValue", out, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- case GNUTLS_BAG_SECRET:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-SecretBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_read_string (c2, "secretValue", out, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- default:
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-
-cleanup:
-
- asn1_delete_structure (&c2);
- return ret;
+ int ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ switch (type) {
+ case GNUTLS_BAG_CERTIFICATE:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_read_string(c2, "certValue", out,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_read_string(c2, "crlValue", out,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_SECRET:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-SecretBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_read_string(c2, "secretValue", out,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ default:
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+
+ cleanup:
+
+ asn1_delete_structure(&c2);
+ return ret;
}
int
-_pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * raw, gnutls_datum_t * out)
+_pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * raw, gnutls_datum_t * out)
{
- int ret;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- switch (type)
- {
- case GNUTLS_BAG_CERTIFICATE:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CertBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_string (c2, "certValue", raw, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- case GNUTLS_BAG_CRL:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CRLBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_string (c2, "crlValue", raw, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- case GNUTLS_BAG_SECRET:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-SecretBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_string (c2, "secretValue", raw, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- default:
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- ret = _gnutls_x509_der_encode (c2, "", out, 0);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-
-cleanup:
-
- asn1_delete_structure (&c2);
- return ret;
+ int ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ switch (type) {
+ case GNUTLS_BAG_CERTIFICATE:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_write_value(c2, "certId", X509_CERT_OID, 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_write_string(c2, "certValue", raw,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_write_value(c2, "crlId", X509_CRL_OID, 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_write_string(c2, "crlValue", raw,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_SECRET:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-SecretBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ asn1_write_value(c2, "secretTypeId", RANDOM_NONCE_OID,
+ 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_write_string(c2, "secretValue", raw,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ default:
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ ret = _gnutls_x509_der_encode(c2, "", out, 0);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+
+ cleanup:
+
+ asn1_delete_structure(&c2);
+ return ret;
}
@@ -399,54 +383,49 @@ cleanup:
* value on error.
**/
int
-gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
- gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * data)
+gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag,
+ gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * data)
{
- int ret;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bag->bag_elements == MAX_BAG_ELEMENTS - 1)
- {
- gnutls_assert ();
- /* bag is full */
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (bag->bag_elements == 1)
- {
- /* A bag with a key or an encrypted bag, must have
- * only one element.
- */
-
- if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY ||
- bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY ||
- bag->element[0].type == GNUTLS_BAG_ENCRYPTED)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
-
- ret =
- _gnutls_set_datum (&bag->element[bag->bag_elements].data,
- data->data, data->size);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- bag->element[bag->bag_elements].type = type;
-
- bag->bag_elements++;
-
- return bag->bag_elements - 1;
+ int ret;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->bag_elements == MAX_BAG_ELEMENTS - 1) {
+ gnutls_assert();
+ /* bag is full */
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (bag->bag_elements == 1) {
+ /* A bag with a key or an encrypted bag, must have
+ * only one element.
+ */
+
+ if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY ||
+ bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY
+ || bag->element[0].type == GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+ ret =
+ _gnutls_set_datum(&bag->element[bag->bag_elements].data,
+ data->data, data->size);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ bag->element[bag->bag_elements].type = type;
+
+ bag->bag_elements++;
+
+ return bag->bag_elements - 1;
}
/**
@@ -461,29 +440,28 @@ gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
* value on failure.
**/
int
-gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt)
+gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt)
{
- int ret;
- gnutls_datum_t data;
+ int ret;
+ gnutls_datum_t data;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_der_encode (crt->cert, "", &data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CERTIFICATE, &data);
+ ret =
+ gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, &data);
- _gnutls_free_datum (&data);
+ _gnutls_free_datum(&data);
- return ret;
+ return ret;
}
/**
@@ -498,30 +476,28 @@ gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt)
* on failure.
**/
int
-gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
+gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
{
- int ret;
- gnutls_datum_t data;
+ int ret;
+ gnutls_datum_t data;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_der_encode (crl->crl, "", &data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CRL, &data);
+ ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CRL, &data);
- _gnutls_free_datum (&data);
+ _gnutls_free_datum(&data);
- return ret;
+ return ret;
}
/**
@@ -539,34 +515,31 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
* negative error value. or a negative error code on error.
**/
int
-gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
- const gnutls_datum_t * id)
+gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx,
+ const gnutls_datum_t * id)
{
- int ret;
+ int ret;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx > bag->bag_elements - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_set_datum (&bag->element[indx].local_key_id,
- id->data, id->size);
+ ret = _gnutls_set_datum(&bag->element[indx].local_key_id,
+ id->data, id->size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -583,25 +556,23 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
* negative error value. or a negative error code on error.
**/
int
-gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * id)
+gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * id)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (indx > bag->bag_elements - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- id->data = bag->element[indx].local_key_id.data;
- id->size = bag->element[indx].local_key_id.size;
-
- return 0;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ id->data = bag->element[indx].local_key_id.data;
+ id->size = bag->element[indx].local_key_id.size;
+
+ return 0;
}
/**
@@ -618,24 +589,22 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
* negative error value. or a negative error code on error.
**/
int
-gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- char **name)
+gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, int indx,
+ char **name)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx > bag->bag_elements - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- *name = bag->element[indx].friendly_name;
+ *name = bag->element[indx].friendly_name;
- return 0;
+ return 0;
}
@@ -654,30 +623,27 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
* negative error value. or a negative error code on error.
**/
int
-gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- const char *name)
+gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, int indx,
+ const char *name)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (indx > bag->bag_elements - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- bag->element[indx].friendly_name = gnutls_strdup (name);
-
- if (name == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ bag->element[indx].friendly_name = gnutls_strdup(name);
+
+ if (name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
@@ -692,49 +658,45 @@ gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-int
-gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass)
+int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass)
{
- int ret;
- gnutls_datum_t dec;
+ int ret;
+ gnutls_datum_t dec;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_pkcs7_decrypt_data (&bag->element[0].data, pass, &dec);
+ ret =
+ _gnutls_pkcs7_decrypt_data(&bag->element[0].data, pass, &dec);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* decryption succeeded. Now decode the SafeContents
- * stuff, and parse it.
- */
+ /* decryption succeeded. Now decode the SafeContents
+ * stuff, and parse it.
+ */
- _gnutls_free_datum (&bag->element[0].data);
+ _gnutls_free_datum(&bag->element[0].data);
- ret = _pkcs12_decode_safe_contents (&dec, bag);
+ ret = _pkcs12_decode_safe_contents(&dec, bag);
- _gnutls_free_datum (&dec);
+ _gnutls_free_datum(&dec);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -749,79 +711,73 @@ gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass)
* otherwise a negative error code is returned.
**/
int
-gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
- unsigned int flags)
+gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, const char *pass,
+ unsigned int flags)
{
- int ret;
- ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
- gnutls_datum_t der = { NULL, 0 };
- gnutls_datum_t enc = { NULL, 0 };
- schema_id id;
-
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Encode the whole bag to a safe contents
- * structure.
- */
- ret = _pkcs12_encode_safe_contents (bag, &safe_cont, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* DER encode the SafeContents.
- */
- ret = _gnutls_x509_der_encode (safe_cont, "", &der, 0);
-
- asn1_delete_structure (&safe_cont);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (flags & GNUTLS_PKCS_PLAIN)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- id = _gnutls_pkcs_flags_to_schema (flags);
-
- /* Now encrypt them.
- */
- ret = _gnutls_pkcs7_encrypt_data (id, &der, pass, &enc);
-
- _gnutls_free_datum (&der);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* encryption succeeded.
- */
-
- _pkcs12_bag_free_data (bag);
-
- bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
- bag->element[0].data = enc;
-
- bag->bag_elements = 1;
-
-
- return 0;
+ int ret;
+ ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
+ gnutls_datum_t der = { NULL, 0 };
+ gnutls_datum_t enc = { NULL, 0 };
+ schema_id id;
+
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Encode the whole bag to a safe contents
+ * structure.
+ */
+ ret = _pkcs12_encode_safe_contents(bag, &safe_cont, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* DER encode the SafeContents.
+ */
+ ret = _gnutls_x509_der_encode(safe_cont, "", &der, 0);
+
+ asn1_delete_structure(&safe_cont);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (flags & GNUTLS_PKCS_PLAIN) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ id = _gnutls_pkcs_flags_to_schema(flags);
+
+ /* Now encrypt them.
+ */
+ ret = _gnutls_pkcs7_encrypt_data(id, &der, pass, &enc);
+
+ _gnutls_free_datum(&der);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* encryption succeeded.
+ */
+
+ _pkcs12_bag_free_data(bag);
+
+ bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+ bag->element[0].data = enc;
+
+ bag->bag_elements = 1;
+
+
+ return 0;
}
diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
index c90c8dd8d3..e194ca4884 100644
--- a/lib/x509/pkcs12_encr.c
+++ b/lib/x509/pkcs12_encr.c
@@ -30,19 +30,17 @@
/* Returns 0 if the password is ok, or a negative error
* code instead.
*/
-static int
-_pkcs12_check_pass (const char *pass, size_t plen)
+static int _pkcs12_check_pass(const char *pass, size_t plen)
{
- unsigned int i;
+ unsigned int i;
- for (i = 0; i < plen; i++)
- {
- if (c_isascii (pass[i]))
- continue;
- return GNUTLS_E_INVALID_PASSWORD;
- }
+ for (i = 0; i < plen; i++) {
+ if (c_isascii(pass[i]))
+ continue;
+ return GNUTLS_E_INVALID_PASSWORD;
+ }
- return 0;
+ return 0;
}
#define MAX_PASS_LEN 128
@@ -56,152 +54,138 @@ _pkcs12_check_pass (const char *pass, size_t plen)
* NULL password, and for the password with zero length.
*/
int
-_gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
- unsigned int salt_size, unsigned int iter,
- const char *pw, unsigned int req_keylen,
- uint8_t * keybuf)
+_gnutls_pkcs12_string_to_key(unsigned int id, const uint8_t * salt,
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ uint8_t * keybuf)
{
- int rc;
- unsigned int i, j;
- digest_hd_st md;
- bigint_t num_b1 = NULL, num_ij = NULL;
- bigint_t mpi512 = NULL;
- unsigned int pwlen;
- uint8_t hash[20], buf_b[64], buf_i[MAX_PASS_LEN*2+64], *p;
- uint8_t d[64];
- size_t cur_keylen;
- size_t n, m, p_size, i_size;
- const uint8_t buf_512[] = /* 2^64 */
- { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00
- };
-
- cur_keylen = 0;
-
- if (pw == NULL)
- pwlen = 0;
- else
- pwlen = strlen (pw);
-
- if (pwlen > MAX_PASS_LEN)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((rc = _pkcs12_check_pass (pw, pwlen)) < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = _gnutls_mpi_scan (&mpi512, buf_512, sizeof (buf_512));
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- /* Store salt and password in BUF_I */
- p_size = ((pwlen/64)*64) + 64;
-
- if (p_size > sizeof(buf_i)-64)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- p = buf_i;
- for (i = 0; i < 64; i++)
- *p++ = salt[i % salt_size];
- if (pw)
- {
- for (i = j = 0; i < p_size; i += 2)
- {
- *p++ = 0;
- *p++ = pw[j];
- if (++j > pwlen) /* Note, that we include the trailing (0) */
- j = 0;
- }
- }
- else
- memset (p, 0, p_size);
-
- i_size = 64+p_size;
-
- for (;;)
- {
- rc = _gnutls_hash_init (&md, mac_to_entry(GNUTLS_MAC_SHA1));
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- memset(d, id & 0xff, 64);
- _gnutls_hash (&md, d, 64);
- _gnutls_hash (&md, buf_i, pw ? i_size : 64);
- _gnutls_hash_deinit (&md, hash);
- for (i = 1; i < iter; i++)
- {
- rc = _gnutls_hash_fast (GNUTLS_MAC_SHA1, hash, 20, hash);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
- keybuf[cur_keylen++] = hash[i];
- if (cur_keylen == req_keylen)
- {
- rc = 0; /* ready */
- goto cleanup;
- }
-
- /* need more bytes. */
- for (i = 0; i < 64; i++)
- buf_b[i] = hash[i % 20];
- n = 64;
- rc = _gnutls_mpi_scan (&num_b1, buf_b, n);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_mpi_add_ui (num_b1, num_b1, 1);
- for (i = 0; i < 128; i += 64)
- {
- n = 64;
- rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512);
- n = 64;
+ int rc;
+ unsigned int i, j;
+ digest_hd_st md;
+ bigint_t num_b1 = NULL, num_ij = NULL;
+ bigint_t mpi512 = NULL;
+ unsigned int pwlen;
+ uint8_t hash[20], buf_b[64], buf_i[MAX_PASS_LEN * 2 + 64], *p;
+ uint8_t d[64];
+ size_t cur_keylen;
+ size_t n, m, p_size, i_size;
+ const uint8_t buf_512[] = /* 2^64 */
+ { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+
+ cur_keylen = 0;
+
+ if (pw == NULL)
+ pwlen = 0;
+ else
+ pwlen = strlen(pw);
+
+ if (pwlen > MAX_PASS_LEN) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((rc = _pkcs12_check_pass(pw, pwlen)) < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = _gnutls_mpi_scan(&mpi512, buf_512, sizeof(buf_512));
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ /* Store salt and password in BUF_I */
+ p_size = ((pwlen / 64) * 64) + 64;
+
+ if (p_size > sizeof(buf_i) - 64)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ p = buf_i;
+ for (i = 0; i < 64; i++)
+ *p++ = salt[i % salt_size];
+ if (pw) {
+ for (i = j = 0; i < p_size; i += 2) {
+ *p++ = 0;
+ *p++ = pw[j];
+ if (++j > pwlen) /* Note, that we include the trailing (0) */
+ j = 0;
+ }
+ } else
+ memset(p, 0, p_size);
+
+ i_size = 64 + p_size;
+
+ for (;;) {
+ rc = _gnutls_hash_init(&md, mac_to_entry(GNUTLS_MAC_SHA1));
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ memset(d, id & 0xff, 64);
+ _gnutls_hash(&md, d, 64);
+ _gnutls_hash(&md, buf_i, pw ? i_size : 64);
+ _gnutls_hash_deinit(&md, hash);
+ for (i = 1; i < iter; i++) {
+ rc = _gnutls_hash_fast(GNUTLS_MAC_SHA1, hash, 20,
+ hash);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
+ keybuf[cur_keylen++] = hash[i];
+ if (cur_keylen == req_keylen) {
+ rc = 0; /* ready */
+ goto cleanup;
+ }
+
+ /* need more bytes. */
+ for (i = 0; i < 64; i++)
+ buf_b[i] = hash[i % 20];
+ n = 64;
+ rc = _gnutls_mpi_scan(&num_b1, buf_b, n);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ _gnutls_mpi_add_ui(num_b1, num_b1, 1);
+ for (i = 0; i < 128; i += 64) {
+ n = 64;
+ rc = _gnutls_mpi_scan(&num_ij, buf_i + i, n);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ _gnutls_mpi_addm(num_ij, num_ij, num_b1, mpi512);
+ n = 64;
#ifndef PKCS12_BROKEN_KEYGEN
- m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8;
+ m = (_gnutls_mpi_get_nbits(num_ij) + 7) / 8;
#else
- m = n;
+ m = n;
#endif
- memset (buf_i + i, 0, n - m);
- rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_mpi_release (&num_ij);
- }
- }
-cleanup:
- _gnutls_mpi_release (&num_ij);
- _gnutls_mpi_release (&num_b1);
- _gnutls_mpi_release (&mpi512);
-
- return rc;
+ memset(buf_i + i, 0, n - m);
+ rc = _gnutls_mpi_print(num_ij, buf_i + i + n - m,
+ &n);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ _gnutls_mpi_release(&num_ij);
+ }
+ }
+ cleanup:
+ _gnutls_mpi_release(&num_ij);
+ _gnutls_mpi_release(&num_b1);
+ _gnutls_mpi_release(&mpi512);
+
+ return rc;
}
-
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index a02b4f3999..50b384f46e 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -39,98 +39,89 @@
* data are copied (they are locally allocated) there.
*/
static int
-_decode_pkcs7_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata,
- gnutls_datum_t * raw)
+_decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata,
+ gnutls_datum_t * raw)
{
- char oid[MAX_OID_SIZE];
- ASN1_TYPE c2;
- uint8_t *tmp = NULL;
- int tmp_size, len, result;
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (pkcs7, "contentType", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (strcmp (oid, SIGNED_DATA_OID) != 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Unknown PKCS7 Content OID '%s'\n", oid);
- return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData", &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* the Signed-data has been created, so
- * decode them.
- */
- tmp_size = 0;
- result = asn1_read_value (pkcs7, "content", NULL, &tmp_size);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- tmp = gnutls_malloc (tmp_size);
- if (tmp == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value (pkcs7, "content", tmp, &tmp_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* tmp, tmp_size hold the data and the size of the CertificateSet structure
- * actually the ANY stuff.
- */
-
- /* Step 1. In case of a signed structure extract certificate set.
- */
-
- result = asn1_der_decoding (&c2, tmp, tmp_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (raw == NULL)
- {
- gnutls_free (tmp);
- }
- else
- {
- raw->data = tmp;
- raw->size = tmp_size;
- }
-
- *sdata = c2;
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- gnutls_free (tmp);
- return result;
+ char oid[MAX_OID_SIZE];
+ ASN1_TYPE c2;
+ uint8_t *tmp = NULL;
+ int tmp_size, len, result;
+
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(pkcs7, "contentType", oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (strcmp(oid, SIGNED_DATA_OID) != 0) {
+ gnutls_assert();
+ _gnutls_debug_log("Unknown PKCS7 Content OID '%s'\n", oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* the Signed-data has been created, so
+ * decode them.
+ */
+ tmp_size = 0;
+ result = asn1_read_value(pkcs7, "content", NULL, &tmp_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ tmp = gnutls_malloc(tmp_size);
+ if (tmp == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value(pkcs7, "content", tmp, &tmp_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* tmp, tmp_size hold the data and the size of the CertificateSet structure
+ * actually the ANY stuff.
+ */
+
+ /* Step 1. In case of a signed structure extract certificate set.
+ */
+
+ result = asn1_der_decoding(&c2, tmp, tmp_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw == NULL) {
+ gnutls_free(tmp);
+ } else {
+ raw->data = tmp;
+ raw->size = tmp_size;
+ }
+
+ *sdata = c2;
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ gnutls_free(tmp);
+ return result;
}
/**
@@ -144,25 +135,22 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7)
+int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7)
{
- *pkcs7 = gnutls_calloc (1, sizeof (gnutls_pkcs7_int));
-
- if (*pkcs7)
- {
- int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-ContentInfo",
- &(*pkcs7)->pkcs7);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*pkcs7);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ *pkcs7 = gnutls_calloc(1, sizeof(gnutls_pkcs7_int));
+
+ if (*pkcs7) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-ContentInfo",
+ &(*pkcs7)->pkcs7);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*pkcs7);
+ return _gnutls_asn2err(result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -171,16 +159,15 @@ gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7)
*
* This function will deinitialize a PKCS7 structure.
**/
-void
-gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7)
+void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7)
{
- if (!pkcs7)
- return;
+ if (!pkcs7)
+ return;
- if (pkcs7->pkcs7)
- asn1_delete_structure (&pkcs7->pkcs7);
+ if (pkcs7->pkcs7)
+ asn1_delete_structure(&pkcs7->pkcs7);
- gnutls_free (pkcs7);
+ gnutls_free(pkcs7);
}
/**
@@ -199,52 +186,51 @@ gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7)
* negative error value.
**/
int
-gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- _data.data = data->data;
- _data.size = data->size;
+ _data.data = data->data;
+ _data.size = data->size;
- /* If the PKCS7 is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- result = _gnutls_fbase64_decode (PEM_PKCS7, data->data, data->size,
- &_data);
+ /* If the PKCS7 is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ result =
+ _gnutls_fbase64_decode(PEM_PKCS7, data->data,
+ data->size, &_data);
- if (result <= 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result <= 0) {
+ gnutls_assert();
+ return result;
+ }
- need_free = 1;
- }
+ need_free = 1;
+ }
- result = asn1_der_decoding (&pkcs7->pkcs7, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
+ result =
+ asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
- if (need_free)
- _gnutls_free_datum (&_data);
+ if (need_free)
+ _gnutls_free_datum(&_data);
- return 0;
+ return 0;
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/**
@@ -267,93 +253,85 @@ cleanup:
* %GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
**/
int
-gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *certificate,
- size_t * certificate_size)
+gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7,
+ int indx, void *certificate,
+ size_t * certificate_size)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len;
- char root2[ASN1_MAX_NAME_SIZE];
- char oid[MAX_OID_SIZE];
- gnutls_datum_t tmp = { NULL, 0 };
-
- if (certificate_size == NULL || pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Parse the CertificateSet
- */
-
- snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
-
- len = sizeof (oid) - 1;
-
- result = asn1_read_value (c2, root2, oid, &len);
-
- if (result == ASN1_VALUE_NOT_FOUND)
- {
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto cleanup;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* if 'Certificate' is the choice found:
- */
- if (strcmp (oid, "certificate") == 0)
- {
- int start, end;
-
- result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
- root2, &start, &end);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- end = end - start + 1;
-
- if ((unsigned) end > *certificate_size)
- {
- *certificate_size = end;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
-
- if (certificate)
- memcpy (certificate, &tmp.data[start], end);
-
- *certificate_size = end;
-
- result = 0;
-
- }
- else
- {
- result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
-cleanup:
- _gnutls_free_datum (&tmp);
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len;
+ char root2[ASN1_MAX_NAME_SIZE];
+ char oid[MAX_OID_SIZE];
+ gnutls_datum_t tmp = { NULL, 0 };
+
+ if (certificate_size == NULL || pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Parse the CertificateSet
+ */
+
+ snprintf(root2, sizeof(root2), "certificates.?%u", indx + 1);
+
+ len = sizeof(oid) - 1;
+
+ result = asn1_read_value(c2, root2, oid, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND) {
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto cleanup;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* if 'Certificate' is the choice found:
+ */
+ if (strcmp(oid, "certificate") == 0) {
+ int start, end;
+
+ result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size,
+ root2, &start, &end);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ end = end - start + 1;
+
+ if ((unsigned) end > *certificate_size) {
+ *certificate_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (certificate)
+ memcpy(certificate, &tmp.data[start], end);
+
+ *certificate_size = end;
+
+ result = 0;
+
+ } else {
+ result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -366,37 +344,34 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7)
+int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, count;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, count;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 2. Count the CertificateSet */
+ /* Step 2. Count the CertificateSet */
- result = asn1_number_of_elements (c2, "certificates", &count);
+ result = asn1_number_of_elements(c2, "certificates", &count);
- asn1_delete_structure (&c2);
+ asn1_delete_structure(&c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return 0; /* no certificates */
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no certificates */
+ }
- return count;
+ return count;
}
@@ -421,15 +396,15 @@ gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7)
* negative error value.
**/
int
-gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- return _gnutls_x509_export_int (pkcs7->pkcs7, format, PEM_PKCS7,
- output_data, output_data_size);
+ return _gnutls_x509_export_int(pkcs7->pkcs7, format, PEM_PKCS7,
+ output_data, output_data_size);
}
/**
@@ -451,91 +426,88 @@ gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
* Since: 3.1.3
**/
int
-gnutls_pkcs7_export2 (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- return _gnutls_x509_export_int2 (pkcs7->pkcs7, format, PEM_PKCS7, out);
+ return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7,
+ out);
}
/* Creates an empty signed data structure in the pkcs7
* structure and returns a handle to the signed data.
*/
-static int
-create_empty_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
+static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
{
- uint8_t one = 1;
- int result;
-
- *sdata = ASN1_TYPE_EMPTY;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData",
- sdata)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Use version 1
- */
- result = asn1_write_value (*sdata, "version", &one, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Use no digest algorithms
- */
-
- /* id-data */
- result =
- asn1_write_value (*sdata, "encapContentInfo.eContentType",
- "1.2.840.113549.1.7.5", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (*sdata, "encapContentInfo.eContent", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Add no certificates.
- */
-
- /* Add no crls.
- */
-
- /* Add no signerInfos.
- */
-
- /* Write the content type of the signed data
- */
- result = asn1_write_value (pkcs7, "contentType", SIGNED_DATA_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- asn1_delete_structure (sdata);
- return result;
+ uint8_t one = 1;
+ int result;
+
+ *sdata = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData",
+ sdata)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Use version 1
+ */
+ result = asn1_write_value(*sdata, "version", &one, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Use no digest algorithms
+ */
+
+ /* id-data */
+ result =
+ asn1_write_value(*sdata, "encapContentInfo.eContentType",
+ "1.2.840.113549.1.7.5", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Add no certificates.
+ */
+
+ /* Add no crls.
+ */
+
+ /* Add no signerInfos.
+ */
+
+ /* Write the content type of the signed data
+ */
+ result =
+ asn1_write_value(pkcs7, "contentType", SIGNED_DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(sdata);
+ return result;
}
@@ -551,86 +523,81 @@ cleanup:
* negative error value.
**/
int
-gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
+gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- return result;
- }
-
- /* If the signed data are uninitialized
- * then create them.
- */
- if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- /* The pkcs7 structure is new, so create the
- * signedData.
- */
- result = create_empty_signed_data (pkcs7->pkcs7, &c2);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* Step 2. Append the new certificate.
- */
-
- result = asn1_write_value (c2, "certificates", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "certificates.?LAST", "certificate", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result =
- asn1_write_value (c2, "certificates.?LAST.certificate", crt->data,
- crt->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* If the signed data are uninitialized
+ * then create them.
+ */
+ if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ /* The pkcs7 structure is new, so create the
+ * signedData.
+ */
+ result = create_empty_signed_data(pkcs7->pkcs7, &c2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 2. Append the new certificate.
+ */
+
+ result = asn1_write_value(c2, "certificates", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2, "certificates.?LAST", "certificate", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2, "certificates.?LAST.certificate",
+ crt->data, crt->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7,
+ "content", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -645,33 +612,30 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
+int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
{
- int ret;
- gnutls_datum_t data;
+ int ret;
+ gnutls_datum_t data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = _gnutls_x509_der_encode (crt->cert, "", &data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs7_set_crt_raw (pkcs7, &data);
+ ret = gnutls_pkcs7_set_crt_raw(pkcs7, &data);
- _gnutls_free_datum (&data);
+ _gnutls_free_datum(&data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -686,56 +650,53 @@ gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx)
+int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char root2[ASN1_MAX_NAME_SIZE];
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. Decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Delete the certificate.
- */
-
- snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
-
- result = asn1_write_value (c2, root2, NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. Decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Delete the certificate.
+ */
+
+ snprintf(root2, sizeof(root2), "certificates.?%u", indx + 1);
+
+ result = asn1_write_value(c2, root2, NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7,
+ "content", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/* Read and write CRLs
@@ -757,65 +718,62 @@ cleanup:
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
int
-gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *crl, size_t * crl_size)
+gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
+ int indx, void *crl, size_t * crl_size)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char root2[ASN1_MAX_NAME_SIZE];
- gnutls_datum_t tmp = { NULL, 0 };
- int start, end;
-
- if (pkcs7 == NULL || crl_size == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Parse the CertificateSet
- */
-
- snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
-
- /* Get the raw CRL
- */
- result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
- root2, &start, &end);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- end = end - start + 1;
-
- if ((unsigned) end > *crl_size)
- {
- *crl_size = end;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
-
- if (crl)
- memcpy (crl, &tmp.data[start], end);
-
- *crl_size = end;
-
- result = 0;
-
-cleanup:
- _gnutls_free_datum (&tmp);
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+ gnutls_datum_t tmp = { NULL, 0 };
+ int start, end;
+
+ if (pkcs7 == NULL || crl_size == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Parse the CertificateSet
+ */
+
+ snprintf(root2, sizeof(root2), "crls.?%u", indx + 1);
+
+ /* Get the raw CRL
+ */
+ result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size,
+ root2, &start, &end);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ end = end - start + 1;
+
+ if ((unsigned) end > *crl_size) {
+ *crl_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (crl)
+ memcpy(crl, &tmp.data[start], end);
+
+ *crl_size = end;
+
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -828,37 +786,34 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7)
+int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, count;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, count;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 2. Count the CertificateSet */
+ /* Step 2. Count the CertificateSet */
- result = asn1_number_of_elements (c2, "crls", &count);
+ result = asn1_number_of_elements(c2, "crls", &count);
- asn1_delete_structure (&c2);
+ asn1_delete_structure(&c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return 0; /* no crls */
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no crls */
+ }
- return count;
+ return count;
}
@@ -873,76 +828,71 @@ gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7)
* negative error value.
**/
int
-gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
+gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- return result;
- }
-
- /* If the signed data are uninitialized
- * then create them.
- */
- if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- /* The pkcs7 structure is new, so create the
- * signedData.
- */
- result = create_empty_signed_data (pkcs7->pkcs7, &c2);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* Step 2. Append the new crl.
- */
-
- result = asn1_write_value (c2, "crls", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "crls.?LAST", crl->data, crl->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* If the signed data are uninitialized
+ * then create them.
+ */
+ if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ /* The pkcs7 structure is new, so create the
+ * signedData.
+ */
+ result = create_empty_signed_data(pkcs7->pkcs7, &c2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 2. Append the new crl.
+ */
+
+ result = asn1_write_value(c2, "crls", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(c2, "crls.?LAST", crl->data, crl->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7,
+ "content", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -956,33 +906,30 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl)
+int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl)
{
- int ret;
- gnutls_datum_t data;
+ int ret;
+ gnutls_datum_t data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = _gnutls_x509_der_encode (crl->crl, "", &data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs7_set_crl_raw (pkcs7, &data);
+ ret = gnutls_pkcs7_set_crl_raw(pkcs7, &data);
- _gnutls_free_datum (&data);
+ _gnutls_free_datum(&data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -996,54 +943,51 @@ gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx)
+int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char root2[ASN1_MAX_NAME_SIZE];
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. Decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Delete the crl.
- */
-
- snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
-
- result = asn1_write_value (c2, root2, NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. Decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Delete the crl.
+ */
+
+ snprintf(root2, sizeof(root2), "crls.?%u", indx + 1);
+
+ result = asn1_write_value(c2, root2, NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7,
+ "content", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index af55d907e7..1a779772bc 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -42,19 +42,17 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
+int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (gnutls_x509_privkey_int));
+ *key = gnutls_calloc(1, sizeof(gnutls_x509_privkey_int));
- if (*key)
- {
- (*key)->key = ASN1_TYPE_EMPTY;
- (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
- return 0; /* success */
- }
+ if (*key) {
+ (*key)->key = ASN1_TYPE_EMPTY;
+ (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ return 0; /* success */
+ }
- return GNUTLS_E_MEMORY_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -63,16 +61,15 @@ gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
*
* This function will deinitialize a private key structure.
**/
-void
-gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key)
+void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key)
{
- if (!key)
- return;
+ if (!key)
+ return;
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
- asn1_delete_structure (&key->key);
- gnutls_free (key);
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+ asn1_delete_structure(&key->key);
+ gnutls_free(key);
}
/**
@@ -87,146 +84,146 @@ gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key)
* negative error value.
**/
int
-gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src)
+gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst,
+ gnutls_x509_privkey_t src)
{
- unsigned int i;
- int ret;
+ unsigned int i;
+ int ret;
- if (!src || !dst)
- return GNUTLS_E_INVALID_REQUEST;
+ if (!src || !dst)
+ return GNUTLS_E_INVALID_REQUEST;
- for (i = 0; i < src->params.params_nr; i++)
- {
- dst->params.params[i] = _gnutls_mpi_copy (src->params.params[i]);
- if (dst->params.params[i] == NULL)
- return GNUTLS_E_MEMORY_ERROR;
- }
+ for (i = 0; i < src->params.params_nr; i++) {
+ dst->params.params[i] =
+ _gnutls_mpi_copy(src->params.params[i]);
+ if (dst->params.params[i] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- dst->params.params_nr = src->params.params_nr;
- dst->params.flags = src->params.flags;
+ dst->params.params_nr = src->params.params_nr;
+ dst->params.flags = src->params.flags;
- dst->pk_algorithm = src->pk_algorithm;
+ dst->pk_algorithm = src->pk_algorithm;
- ret = _gnutls_asn1_encode_privkey (dst->pk_algorithm, &dst->key, &dst->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret =
+ _gnutls_asn1_encode_privkey(dst->pk_algorithm, &dst->key,
+ &dst->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/* Converts an RSA PKCS#1 key to
* an internal structure (gnutls_private_key)
*/
ASN1_TYPE
-_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key,
- gnutls_x509_privkey_t pkey)
+_gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key,
+ gnutls_x509_privkey_t pkey)
{
- int result;
- ASN1_TYPE pkey_asn;
-
- gnutls_pk_params_init(&pkey->params);
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.RSAPrivateKey",
- &pkey_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return NULL;
- }
-
- result = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "modulus",
- &pkey->params.params[0])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result =
- _gnutls_x509_read_int (pkey_asn, "publicExponent",
- &pkey->params.params[1])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result =
- _gnutls_x509_read_int (pkey_asn, "privateExponent",
- &pkey->params.params[2])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "prime1",
- &pkey->params.params[3])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "prime2",
- &pkey->params.params[4])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient",
- &pkey->params.params[5])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "exponent1",
- &pkey->params.params[6])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "exponent2",
- &pkey->params.params[7])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pkey->params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->params.params_nr = RSA_PRIVATE_PARAMS;
-
- return pkey_asn;
-
-error:
- asn1_delete_structure (&pkey_asn);
- gnutls_pk_params_clear (&pkey->params);
- gnutls_pk_params_release (&pkey->params);
- return NULL;
+ int result;
+ ASN1_TYPE pkey_asn;
+
+ gnutls_pk_params_init(&pkey->params);
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.RSAPrivateKey",
+ &pkey_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ result =
+ asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size,
+ NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "modulus",
+ &pkey->params.params[0])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(pkey_asn, "publicExponent",
+ &pkey->params.params[1])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(pkey_asn, "privateExponent",
+ &pkey->params.params[2])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "prime1",
+ &pkey->params.params[3])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "prime2",
+ &pkey->params.params[4])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "coefficient",
+ &pkey->params.params[5])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "exponent1",
+ &pkey->params.params[6])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "exponent2",
+ &pkey->params.params[7])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ result =
+ _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_IMPORT, &pkey->params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->params.params_nr = RSA_PRIVATE_PARAMS;
+
+ return pkey_asn;
+
+ error:
+ asn1_delete_structure(&pkey_asn);
+ gnutls_pk_params_clear(&pkey->params);
+ gnutls_pk_params_release(&pkey->params);
+ return NULL;
}
@@ -234,171 +231,176 @@ error:
* an internal structure (gnutls_private_key)
*/
ASN1_TYPE
-_gnutls_privkey_decode_ecc_key (const gnutls_datum_t * raw_key,
- gnutls_x509_privkey_t pkey)
+_gnutls_privkey_decode_ecc_key(const gnutls_datum_t * raw_key,
+ gnutls_x509_privkey_t pkey)
{
- int ret;
- ASN1_TYPE pkey_asn;
- unsigned int version;
- char oid[MAX_OID_SIZE];
- int oid_size;
- gnutls_datum out;
-
- gnutls_pk_params_init(&pkey->params);
-
- if ((ret =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.ECPrivateKey",
- &pkey_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_x509_read_uint (pkey_asn, "Version", &version);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
-
- if (version != 1)
- {
- _gnutls_debug_log("ECC private key version %u is not supported\n", version);
- gnutls_assert();
- goto error;
- }
-
- /* read the curve */
- oid_size = sizeof(oid);
- ret = asn1_read_value(pkey_asn, "parameters.namedCurve", oid, &oid_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->params.flags = _gnutls_oid_to_ecc_curve(oid);
- if (pkey->params.flags == GNUTLS_ECC_CURVE_INVALID)
- {
- _gnutls_debug_log("Curve %s is not supported\n", oid);
- gnutls_assert();
- goto error;
- }
-
- /* read the public key */
- ret = _gnutls_x509_read_value (pkey_asn, "publicKey", &out);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
-
- ret = _gnutls_ecc_ansi_x963_import (out.data, out.size, &pkey->params.params[ECC_X],
- &pkey->params.params[ECC_Y]);
-
- _gnutls_free_datum(&out);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
- pkey->params.params_nr += 2;
-
- /* read the private key */
- ret = _gnutls_x509_read_int (pkey_asn, "privateKey", &pkey->params.params[ECC_K]);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
- pkey->params.params_nr ++;
-
- return pkey_asn;
-
-error:
- asn1_delete_structure (&pkey_asn);
- gnutls_pk_params_clear (&pkey->params);
- gnutls_pk_params_release (&pkey->params);
- return NULL;
+ int ret;
+ ASN1_TYPE pkey_asn;
+ unsigned int version;
+ char oid[MAX_OID_SIZE];
+ int oid_size;
+ gnutls_datum out;
+
+ gnutls_pk_params_init(&pkey->params);
+
+ if ((ret =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.ECPrivateKey",
+ &pkey_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret =
+ asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size,
+ NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = _gnutls_x509_read_uint(pkey_asn, "Version", &version);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if (version != 1) {
+ _gnutls_debug_log
+ ("ECC private key version %u is not supported\n",
+ version);
+ gnutls_assert();
+ goto error;
+ }
+
+ /* read the curve */
+ oid_size = sizeof(oid);
+ ret =
+ asn1_read_value(pkey_asn, "parameters.namedCurve", oid,
+ &oid_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->params.flags = _gnutls_oid_to_ecc_curve(oid);
+ if (pkey->params.flags == GNUTLS_ECC_CURVE_INVALID) {
+ _gnutls_debug_log("Curve %s is not supported\n", oid);
+ gnutls_assert();
+ goto error;
+ }
+
+ /* read the public key */
+ ret = _gnutls_x509_read_value(pkey_asn, "publicKey", &out);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_ecc_ansi_x963_import(out.data, out.size,
+ &pkey->params.params[ECC_X],
+ &pkey->params.params[ECC_Y]);
+
+ _gnutls_free_datum(&out);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr += 2;
+
+ /* read the private key */
+ ret =
+ _gnutls_x509_read_int(pkey_asn, "privateKey",
+ &pkey->params.params[ECC_K]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ return pkey_asn;
+
+ error:
+ asn1_delete_structure(&pkey_asn);
+ gnutls_pk_params_clear(&pkey->params);
+ gnutls_pk_params_release(&pkey->params);
+ return NULL;
}
static ASN1_TYPE
-decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
+decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
{
- int result;
- ASN1_TYPE dsa_asn;
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSAPrivateKey",
- &dsa_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return NULL;
- }
-
- pkey->params.params_nr = 0;
-
- result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params.params[0])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params.params[1])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params.params[2])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params.params[3])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "priv",
- &pkey->params.params[4])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- return dsa_asn;
-
-error:
- asn1_delete_structure (&dsa_asn);
- gnutls_pk_params_clear(&pkey->params);
- gnutls_pk_params_release(&pkey->params);
- return NULL;
+ int result;
+ ASN1_TYPE dsa_asn;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSAPrivateKey",
+ &dsa_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ pkey->params.params_nr = 0;
+
+ result =
+ asn1_der_decoding(&dsa_asn, raw_key->data, raw_key->size,
+ NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_int(dsa_asn, "p",
+ &pkey->params.params[0])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(dsa_asn, "q",
+ &pkey->params.params[1])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(dsa_asn, "g",
+ &pkey->params.params[2])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(dsa_asn, "Y",
+ &pkey->params.params[3])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(dsa_asn, "priv",
+ &pkey->params.params[4])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ return dsa_asn;
+
+ error:
+ asn1_delete_structure(&dsa_asn);
+ gnutls_pk_params_clear(&pkey->params);
+ gnutls_pk_params_release(&pkey->params);
+ return NULL;
}
@@ -425,176 +427,170 @@ error:
* negative error value.
**/
int
-gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header */
- result =
- _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &_data);
-
- if (result >= 0)
- key->pk_algorithm = GNUTLS_PK_RSA;
-
- if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
- &_data);
-
- if (result >= 0)
- key->pk_algorithm = GNUTLS_PK_DSA;
-
- if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode (PEM_KEY_ECC, data->data, data->size,
- &_data);
- if (result >= 0)
- key->pk_algorithm = GNUTLS_PK_EC;
- }
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- goto failover;
- }
-
- need_free = 1;
- }
-
- if (key->pk_algorithm == GNUTLS_PK_RSA)
- {
- key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
- else if (key->pk_algorithm == GNUTLS_PK_DSA)
- {
- key->key = decode_dsa_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
- else if (key->pk_algorithm == GNUTLS_PK_EC)
- {
- key->key = _gnutls_privkey_decode_ecc_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
- else
- {
- /* Try decoding with both, and accept the one that
- * succeeds.
- */
- key->pk_algorithm = GNUTLS_PK_RSA;
- key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
-
- if (key->key == NULL)
- {
- key->pk_algorithm = GNUTLS_PK_DSA;
- key->key = decode_dsa_key (&_data, key);
- if (key->key == NULL)
- {
- key->pk_algorithm = GNUTLS_PK_EC;
- key->key = _gnutls_privkey_decode_ecc_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
- }
- }
-
- if (key->key == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_ASN1_DER_ERROR;
- goto failover;
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- /* The key has now been decoded.
- */
-
- return 0;
-
-failover:
- /* Try PKCS #8 */
- if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- _gnutls_debug_log ("Falling back to PKCS #8 key decoding\n");
- result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
- NULL, GNUTLS_PKCS_PLAIN);
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PEM_KEY_RSA, data->data,
+ data->size, &_data);
+
+ if (result >= 0)
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_KEY_DSA, data->data,
+ data->size, &_data);
+
+ if (result >= 0)
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ if (result ==
+ GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_KEY_ECC,
+ data->data,
+ data->size,
+ &_data);
+ if (result >= 0)
+ key->pk_algorithm = GNUTLS_PK_EC;
+ }
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ goto failover;
+ }
+
+ need_free = 1;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA) {
+ key->key =
+ _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key);
+ if (key->key == NULL)
+ gnutls_assert();
+ } else if (key->pk_algorithm == GNUTLS_PK_DSA) {
+ key->key = decode_dsa_key(&_data, key);
+ if (key->key == NULL)
+ gnutls_assert();
+ } else if (key->pk_algorithm == GNUTLS_PK_EC) {
+ key->key = _gnutls_privkey_decode_ecc_key(&_data, key);
+ if (key->key == NULL)
+ gnutls_assert();
+ } else {
+ /* Try decoding with both, and accept the one that
+ * succeeds.
+ */
+ key->pk_algorithm = GNUTLS_PK_RSA;
+ key->key =
+ _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key);
+
+ if (key->key == NULL) {
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->key = decode_dsa_key(&_data, key);
+ if (key->key == NULL) {
+ key->pk_algorithm = GNUTLS_PK_EC;
+ key->key =
+ _gnutls_privkey_decode_ecc_key(&_data,
+ key);
+ if (key->key == NULL)
+ gnutls_assert();
+ }
+ }
+ }
+
+ if (key->key == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto failover;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ /* The key has now been decoded.
+ */
+
+ return 0;
+
+ failover:
+ /* Try PKCS #8 */
+ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ _gnutls_debug_log
+ ("Falling back to PKCS #8 key decoding\n");
+ result =
+ gnutls_x509_privkey_import_pkcs8(key, data, format,
+ NULL,
+ GNUTLS_PKCS_PLAIN);
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return result;
}
-static int import_pkcs12_privkey (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags)
+static int import_pkcs12_privkey(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
-int ret;
-gnutls_pkcs12_t p12;
-gnutls_x509_privkey_t newkey;
-
- ret = gnutls_pkcs12_init(&p12);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_pkcs12_import(p12, data, format, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail;
- }
-
- ret = gnutls_pkcs12_simple_parse (p12, password, &newkey, NULL, NULL, NULL, NULL, NULL, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail;
- }
-
- ret = gnutls_x509_privkey_cpy (key, newkey);
- gnutls_x509_privkey_deinit (newkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail;
- }
-
- ret = 0;
-fail:
-
- gnutls_pkcs12_deinit(p12);
-
- return ret;
+ int ret;
+ gnutls_pkcs12_t p12;
+ gnutls_x509_privkey_t newkey;
+
+ ret = gnutls_pkcs12_init(&p12);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_pkcs12_import(p12, data, format, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ ret =
+ gnutls_pkcs12_simple_parse(p12, password, &newkey, NULL, NULL,
+ NULL, NULL, NULL, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ ret = gnutls_x509_privkey_cpy(key, newkey);
+ gnutls_x509_privkey_deinit(newkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ ret = 0;
+ fail:
+
+ gnutls_pkcs12_deinit(p12);
+
+ return ret;
}
/**
@@ -619,52 +615,54 @@ fail:
* negative error value.
**/
int
-gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags)
+gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
- int ret = 0;
-
- if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
- {
- ret = gnutls_x509_privkey_import(key, data, format);
- if (ret < 0)
- {
- gnutls_assert();
- }
- }
-
- if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || ret < 0)
- {
- ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, flags);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup;
- ret = import_pkcs12_privkey(key, data, format, password, flags);
- if (ret < 0 && format == GNUTLS_X509_FMT_PEM)
- {
- if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup;
-
- ret = gnutls_x509_privkey_import_openssl(key, data, password);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- }
-
- ret = 0;
-
-cleanup:
- return ret;
+ int ret = 0;
+
+ if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
+ ret = gnutls_x509_privkey_import(key, data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ }
+
+ if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD))
+ || ret < 0) {
+ ret =
+ gnutls_x509_privkey_import_pkcs8(key, data, format,
+ password, flags);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_DECRYPTION_FAILED)
+ goto cleanup;
+ ret =
+ import_pkcs12_privkey(key, data, format,
+ password, flags);
+ if (ret < 0 && format == GNUTLS_X509_FMT_PEM) {
+ if (ret == GNUTLS_E_DECRYPTION_FAILED)
+ goto cleanup;
+
+ ret =
+ gnutls_x509_privkey_import_openssl(key,
+ data,
+ password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ }
+
+ ret = 0;
+
+ cleanup:
+ return ret;
}
@@ -686,16 +684,16 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u)
+gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
{
- return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL,
- NULL);
+ return gnutls_x509_privkey_import_rsa_raw2(key, m, e, d, p, q, u,
+ NULL, NULL);
}
/**
@@ -718,125 +716,117 @@ gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
* negative error value.
**/
int
-gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u,
- const gnutls_datum_t * e1,
- const gnutls_datum_t * e2)
+gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * e1,
+ const gnutls_datum_t * e2)
{
- int ret;
- size_t siz = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- gnutls_pk_params_init(&key->params);
-
- siz = m->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[0], m->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = e->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[1], e->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = d->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[2], d->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = p->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[3], p->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = q->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[4], q->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = u->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[5], u->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- if (e1 && e2)
- {
- siz = e1->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[6], e1->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = e2->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[7], e2->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
- }
-
- ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_RSA, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- key->params.params_nr = RSA_PRIVATE_PARAMS;
- key->pk_algorithm = GNUTLS_PK_RSA;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ gnutls_pk_params_init(&key->params);
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[0], m->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[1], e->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = d->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[2], d->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[3], p->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[4], q->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = u->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[5], u->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ if (e1 && e2) {
+ siz = e1->size;
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[6], e1->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = e2->size;
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[7], e2->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+ }
+
+ ret = _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_IMPORT, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_asn1_encode_privkey(GNUTLS_PK_RSA, &key->key,
+ &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ key->params.params_nr = RSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
@@ -857,78 +847,73 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y,
- const gnutls_datum_t * x)
+gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x)
{
- int ret;
- size_t siz = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- siz = p->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[0], p->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- siz = q->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[1], q->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- siz = g->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[2], g->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- siz = y->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[3], y->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- siz = x->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[4], x->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- key->params.params_nr = DSA_PRIVATE_PARAMS;
- key->pk_algorithm = GNUTLS_PK_DSA;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[0], p->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[1], q->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[2], g->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[3], y->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ siz = x->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[4], x->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_asn1_encode_privkey(GNUTLS_PK_DSA, &key->key,
+ &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ key->params.params_nr = DSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
@@ -950,54 +935,53 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y,
- const gnutls_datum_t * k)
+gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key,
+ gnutls_ecc_curve_t curve,
+ const gnutls_datum_t * x,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * k)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- key->params.flags = curve;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_X], x->data, x->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_Y], y->data, y->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_K], k->data, k->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- key->pk_algorithm = GNUTLS_PK_EC;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->params.flags = curve;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_X], x->data, x->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_Y], y->data, y->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_K], k->data, k->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ key->pk_algorithm = GNUTLS_PK_EC;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
@@ -1012,16 +996,14 @@ cleanup:
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative error code on error.
**/
-int
-gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key)
+int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return key->pk_algorithm;
+ return key->pk_algorithm;
}
/**
@@ -1036,36 +1018,36 @@ gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key)
* success, or a negative error code on error.
**/
int
-gnutls_x509_privkey_get_pk_algorithm2 (gnutls_x509_privkey_t key, unsigned int *bits)
+gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key,
+ unsigned int *bits)
{
-int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bits)
- {
- ret = pubkey_to_bits(key->pk_algorithm, &key->params);
- if (ret < 0) ret = 0;
- *bits = ret;
- }
-
- return key->pk_algorithm;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bits) {
+ ret = pubkey_to_bits(key->pk_algorithm, &key->params);
+ if (ret < 0)
+ ret = 0;
+ *bits = ret;
+ }
+
+ return key->pk_algorithm;
}
-static const char* set_msg(gnutls_x509_privkey_t key)
+static const char *set_msg(gnutls_x509_privkey_t key)
{
- if (key->pk_algorithm == GNUTLS_PK_RSA)
- return PEM_KEY_RSA;
- else if (key->pk_algorithm == GNUTLS_PK_DSA)
- return PEM_KEY_DSA;
- else if (key->pk_algorithm == GNUTLS_PK_EC)
- return PEM_KEY_ECC;
- else
- return "UNKNOWN";
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ return PEM_KEY_RSA;
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ return PEM_KEY_DSA;
+ else if (key->pk_algorithm == GNUTLS_PK_EC)
+ return PEM_KEY_ECC;
+ else
+ return "UNKNOWN";
}
/**
@@ -1091,22 +1073,21 @@ static const char* set_msg(gnutls_x509_privkey_t key)
* negative error value.
**/
int
-gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- const char *msg;
+ const char *msg;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- msg = set_msg(key);
+ msg = set_msg(key);
- return _gnutls_x509_export_int (key->key, format, msg,
- output_data, output_data_size);
+ return _gnutls_x509_export_int(key->key, format, msg,
+ output_data, output_data_size);
}
/**
@@ -1130,21 +1111,20 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
* Since 3.1.3
**/
int
-gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out)
+gnutls_x509_privkey_export2(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out)
{
- const char *msg;
+ const char *msg;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- msg = set_msg(key);
+ msg = set_msg(key);
- return _gnutls_x509_export_int2 (key->key, format, msg, out);
+ return _gnutls_x509_export_int2(key->key, format, msg, out);
}
/**
@@ -1159,16 +1139,15 @@ gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
*
* Since: 2.12.0
**/
-gnutls_sec_param_t
-gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key)
+gnutls_sec_param_t gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key)
{
- int bits;
+ int bits;
- bits = pubkey_to_bits(key->pk_algorithm, &key->params);
- if (bits <= 0)
- return GNUTLS_SEC_PARAM_UNKNOWN;
-
- return gnutls_pk_bits_to_sec_param(key->pk_algorithm, bits);
+ bits = pubkey_to_bits(key->pk_algorithm, &key->params);
+ if (bits <= 0)
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+
+ return gnutls_pk_bits_to_sec_param(key->pk_algorithm, bits);
}
/**
@@ -1188,50 +1167,47 @@ gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key)
*
* Since: 3.0
**/
-int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key,
- gnutls_ecc_curve_t *curve,
- gnutls_datum_t * x, gnutls_datum_t * y,
- gnutls_datum_t* k)
+int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key,
+ gnutls_ecc_curve_t * curve,
+ gnutls_datum_t * x,
+ gnutls_datum_t * y,
+ gnutls_datum_t * k)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- *curve = key->params.flags;
-
- /* X */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X], x);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (x);
- return ret;
- }
-
-
- /* K */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_K], k);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (x);
- _gnutls_free_datum (y);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *curve = key->params.flags;
+
+ /* X */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_X], x);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_Y], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(x);
+ return ret;
+ }
+
+
+ /* K */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_K], k);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(x);
+ _gnutls_free_datum(y);
+ return ret;
+ }
+
+ return 0;
}
@@ -1253,14 +1229,14 @@ int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key,
* negative error value.
**/
int
-gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
{
- return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL,
- NULL);
+ return gnutls_x509_privkey_export_rsa_raw2(key, m, e, d, p, q, u,
+ NULL, NULL);
}
/**
@@ -1285,124 +1261,112 @@ gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
* Since: 2.12.0
**/
int
-gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- gnutls_datum_t * e1, gnutls_datum_t * e2)
+gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ gnutls_datum_t * e1,
+ gnutls_datum_t * e2)
{
- int ret;
- gnutls_pk_params_st pk_params;
-
- gnutls_pk_params_init(&pk_params);
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- m->data = e->data = d->data = p->data = q->data = u->data = NULL;
- m->size = e->size = d->size = p->size = q->size = u->size = 0;
-
- ret = _gnutls_pk_params_copy (&pk_params, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_mpi_dprint_lz (pk_params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* E */
- ret = _gnutls_mpi_dprint_lz (pk_params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* D */
- ret = _gnutls_mpi_dprint_lz (pk_params.params[2], d);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint_lz (pk_params.params[3], p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint_lz (pk_params.params[4], q);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* U */
- ret = _gnutls_mpi_dprint_lz (key->params.params[5], u);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* E1 */
- if (e1)
- {
- ret = _gnutls_mpi_dprint_lz (key->params.params[6], e1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* E2 */
- if (e2)
- {
- ret = _gnutls_mpi_dprint_lz (key->params.params[7], e2);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- gnutls_pk_params_clear(&pk_params);
- gnutls_pk_params_release (&pk_params);
-
- return 0;
-
-error:
- _gnutls_free_datum (m);
- _gnutls_free_datum (d);
- _gnutls_free_datum (e);
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- gnutls_pk_params_clear(&pk_params);
- gnutls_pk_params_release (&pk_params);
-
- return ret;
+ int ret;
+ gnutls_pk_params_st pk_params;
+
+ gnutls_pk_params_init(&pk_params);
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ m->data = e->data = d->data = p->data = q->data = u->data = NULL;
+ m->size = e->size = d->size = p->size = q->size = u->size = 0;
+
+ ret = _gnutls_pk_params_copy(&pk_params, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* E */
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* D */
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[2], d);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[3], p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[4], q);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* U */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[5], u);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* E1 */
+ if (e1) {
+ ret = _gnutls_mpi_dprint_lz(key->params.params[6], e1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* E2 */
+ if (e2) {
+ ret = _gnutls_mpi_dprint_lz(key->params.params[7], e2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ gnutls_pk_params_clear(&pk_params);
+ gnutls_pk_params_release(&pk_params);
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ gnutls_pk_params_clear(&pk_params);
+ gnutls_pk_params_release(&pk_params);
+
+ return ret;
}
/**
@@ -1422,72 +1386,66 @@ error:
* negative error value.
**/
int
-gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y,
- gnutls_datum_t * x)
+gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint_lz (key->params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint_lz (key->params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- return ret;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint_lz (key->params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- return ret;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- return ret;
- }
-
- /* X */
- ret = _gnutls_mpi_dprint_lz (key->params.params[4], x);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (y);
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ return ret;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+ /* X */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[4], x);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(y);
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -1510,51 +1468,47 @@ gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
* negative error value.
**/
int
-gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
- gnutls_pk_algorithm_t algo, unsigned int bits,
- unsigned int flags)
+gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
+ gnutls_pk_algorithm_t algo, unsigned int bits,
+ unsigned int flags)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- gnutls_pk_params_init(&key->params);
-
- if (algo == GNUTLS_PK_EC)
- {
- if (GNUTLS_BITS_ARE_CURVE(bits))
- bits = GNUTLS_BITS_TO_CURVE(bits);
- else
- bits = _gnutls_ecc_bits_to_curve(bits);
- }
-
- ret = _gnutls_pk_generate (algo, bits, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_asn1_encode_privkey (algo, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- key->pk_algorithm = algo;
-
- return 0;
-
-cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
-
- return ret;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ gnutls_pk_params_init(&key->params);
+
+ if (algo == GNUTLS_PK_EC) {
+ if (GNUTLS_BITS_ARE_CURVE(bits))
+ bits = GNUTLS_BITS_TO_CURVE(bits);
+ else
+ bits = _gnutls_ecc_bits_to_curve(bits);
+ }
+
+ ret = _gnutls_pk_generate(algo, bits, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_asn1_encode_privkey(algo, &key->key, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ key->pk_algorithm = algo;
+
+ return 0;
+
+ cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+
+ return ret;
}
/**
@@ -1566,19 +1520,17 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key)
+int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key)
{
- int ret;
+ int ret;
- ret = _gnutls_pk_verify_params (key->pk_algorithm, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_pk_verify_params(key->pk_algorithm, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -1602,26 +1554,26 @@ gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key)
* negative error value.
**/
int
-gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_get_key_id(key->pk_algorithm, &key->params, output_data, output_data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- }
+ ret =
+ _gnutls_get_key_id(key->pk_algorithm, &key->params,
+ output_data, output_data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ }
- return ret;
+ return ret;
}
@@ -1648,44 +1600,43 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
* negative error value.
-*/
static int
-_gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
- const mac_entry_st *me,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature)
+_gnutls_x509_privkey_sign_hash2(gnutls_x509_privkey_t signer,
+ const mac_entry_st * me,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
{
- int ret;
- gnutls_datum_t digest;
-
- digest.data = gnutls_malloc (hash_data->size);
- if (digest.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- digest.size = hash_data->size;
- memcpy (digest.data, hash_data->data, digest.size);
-
- ret = pk_prepare_hash (signer->pk_algorithm, me, &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_pk_sign (signer->pk_algorithm, signature, &digest, &signer->params);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&digest);
- return ret;
+ int ret;
+ gnutls_datum_t digest;
+
+ digest.data = gnutls_malloc(hash_data->size);
+ if (digest.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ digest.size = hash_data->size;
+ memcpy(digest.data, hash_data->data, digest.size);
+
+ ret = pk_prepare_hash(signer->pk_algorithm, me, &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_pk_sign(signer->pk_algorithm, signature, &digest,
+ &signer->params);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&digest);
+ return ret;
}
/**
@@ -1705,27 +1656,27 @@ cleanup:
* Deprecated in: 2.12.0
*/
int
-gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- int result;
+ int result;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_pk_sign (key->pk_algorithm, signature, hash, &key->params);
+ result =
+ _gnutls_pk_sign(key->pk_algorithm, signature, hash,
+ &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -1756,55 +1707,51 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
* Deprecated: Use gnutls_privkey_sign_data().
*/
int
-gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- void *signature, size_t * signature_size)
+gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature, size_t * signature_size)
{
- int result;
- gnutls_datum_t sig = { NULL, 0 };
- gnutls_datum_t hash;
- const mac_entry_st *me = mac_to_entry(digest);
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result =
- pk_hash_data (key->pk_algorithm, me, &key->params, data, &hash);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- _gnutls_x509_privkey_sign_hash2 (key, me, flags, &hash, &sig);
-
- _gnutls_free_datum(&hash);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (*signature_size < sig.size)
- {
- *signature_size = sig.size;
- _gnutls_free_datum (&sig);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *signature_size = sig.size;
- memcpy (signature, sig.data, sig.size);
-
- _gnutls_free_datum (&sig);
-
- return 0;
+ int result;
+ gnutls_datum_t sig = { NULL, 0 };
+ gnutls_datum_t hash;
+ const mac_entry_st *me = mac_to_entry(digest);
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ pk_hash_data(key->pk_algorithm, me, &key->params, data, &hash);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_privkey_sign_hash2(key, me, flags, &hash, &sig);
+
+ _gnutls_free_datum(&hash);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (*signature_size < sig.size) {
+ *signature_size = sig.size;
+ _gnutls_free_datum(&sig);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *signature_size = sig.size;
+ memcpy(signature, sig.data, sig.size);
+
+ _gnutls_free_datum(&sig);
+
+ return 0;
}
@@ -1818,26 +1765,24 @@ gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_privkey_fix (gnutls_x509_privkey_t key)
+int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- asn1_delete_structure (&key->key);
+ asn1_delete_structure(&key->key);
- ret = _gnutls_asn1_encode_privkey (key->pk_algorithm, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret =
+ _gnutls_asn1_encode_privkey(key->pk_algorithm, &key->key,
+ &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
-
diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c
index 396020e1af..9c0db45a55 100644
--- a/lib/x509/privkey_openssl.c
+++ b/lib/x509/privkey_openssl.c
@@ -35,76 +35,69 @@
#include <pbkdf2-sha1.h>
static int
-openssl_hash_password (const char *pass, gnutls_datum_t * key, gnutls_datum_t * salt)
+openssl_hash_password(const char *pass, gnutls_datum_t * key,
+ gnutls_datum_t * salt)
{
- unsigned char md5[16];
- gnutls_hash_hd_t hash;
- unsigned int count = 0;
- int err;
-
- while (count < key->size)
- {
- err = gnutls_hash_init (&hash, GNUTLS_DIG_MD5);
- if (err)
- {
- gnutls_assert ();
- return err;
- }
- if (count)
- {
- err = gnutls_hash (hash, md5, sizeof (md5));
- if (err)
- {
- hash_err:
- gnutls_hash_deinit (hash, NULL);
- gnutls_assert();
- return err;
- }
- }
- if (pass)
- {
- err = gnutls_hash (hash, pass, strlen (pass));
- if (err)
- {
- gnutls_assert();
- goto hash_err;
- }
- }
- err = gnutls_hash (hash, salt->data, 8);
- if (err)
- {
- gnutls_assert();
- goto hash_err;
- }
-
- gnutls_hash_deinit (hash, md5);
-
- if (key->size - count <= sizeof (md5))
- {
- memcpy (&key->data[count], md5, key->size - count);
- break;
- }
-
- memcpy (&key->data[count], md5, sizeof (md5));
- count += sizeof (md5);
- }
-
- return 0;
+ unsigned char md5[16];
+ gnutls_hash_hd_t hash;
+ unsigned int count = 0;
+ int err;
+
+ while (count < key->size) {
+ err = gnutls_hash_init(&hash, GNUTLS_DIG_MD5);
+ if (err) {
+ gnutls_assert();
+ return err;
+ }
+ if (count) {
+ err = gnutls_hash(hash, md5, sizeof(md5));
+ if (err) {
+ hash_err:
+ gnutls_hash_deinit(hash, NULL);
+ gnutls_assert();
+ return err;
+ }
+ }
+ if (pass) {
+ err = gnutls_hash(hash, pass, strlen(pass));
+ if (err) {
+ gnutls_assert();
+ goto hash_err;
+ }
+ }
+ err = gnutls_hash(hash, salt->data, 8);
+ if (err) {
+ gnutls_assert();
+ goto hash_err;
+ }
+
+ gnutls_hash_deinit(hash, md5);
+
+ if (key->size - count <= sizeof(md5)) {
+ memcpy(&key->data[count], md5, key->size - count);
+ break;
+ }
+
+ memcpy(&key->data[count], md5, sizeof(md5));
+ count += sizeof(md5);
+ }
+
+ return 0;
}
static const struct pem_cipher {
- const char *name;
- gnutls_cipher_algorithm_t cipher;
+ const char *name;
+ gnutls_cipher_algorithm_t cipher;
} pem_ciphers[] = {
- { "DES-CBC", GNUTLS_CIPHER_DES_CBC },
- { "DES-EDE3-CBC", GNUTLS_CIPHER_3DES_CBC },
- { "AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC },
- { "AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC },
- { "AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC },
- { "CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC },
- { "CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC },
- { "CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC },
-};
+ {
+ "DES-CBC", GNUTLS_CIPHER_DES_CBC}, {
+ "DES-EDE3-CBC", GNUTLS_CIPHER_3DES_CBC}, {
+ "AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC}, {
+ "AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC}, {
+ "AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC}, {
+ "CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC}, {
+ "CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC}, {
+"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC},};
/**
* gnutls_x509_privkey_import_openssl:
@@ -126,224 +119,211 @@ static const struct pem_cipher {
* negative error value.
**/
int
-gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key,
- const gnutls_datum_t *data, const char* password)
+gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ const char *password)
{
- gnutls_cipher_hd_t handle;
- gnutls_cipher_algorithm_t cipher = GNUTLS_CIPHER_UNKNOWN;
- gnutls_datum_t b64_data;
- gnutls_datum_t salt, enc_key;
- unsigned char *key_data;
- const char *pem_header = (void*)data->data;
- const char *pem_header_start = (void*)data->data;
- ssize_t pem_header_size;
- int ret;
- unsigned int i, iv_size, l;
-
- pem_header_size = data->size;
-
- pem_header = memmem(pem_header, pem_header_size, "PRIVATE KEY---", 14);
- if (pem_header == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_PARSING_ERROR;
- }
-
- pem_header_size -= (ptrdiff_t)(pem_header-pem_header_start);
-
- pem_header = memmem(pem_header, pem_header_size, "DEK-Info: ", 10);
- if (pem_header == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_PARSING_ERROR;
- }
-
- pem_header_size = data->size - (ptrdiff_t)(pem_header-pem_header_start) - 10;
- pem_header += 10;
-
- for (i = 0; i < sizeof(pem_ciphers)/sizeof(pem_ciphers[0]); i++)
- {
- l = strlen(pem_ciphers[i].name);
- if (!strncmp(pem_header, pem_ciphers[i].name, l) &&
- pem_header[l] == ',')
- {
- pem_header += l + 1;
- cipher = pem_ciphers[i].cipher;
- break;
- }
- }
-
- if (cipher == GNUTLS_CIPHER_UNKNOWN)
- {
- _gnutls_debug_log ("Unsupported PEM encryption type: %.10s\n", pem_header);
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- iv_size = gnutls_cipher_get_iv_size(cipher);
- salt.size = iv_size;
- salt.data = gnutls_malloc (salt.size);
- if (!salt.data)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- for (i = 0; i < salt.size * 2; i++)
- {
- unsigned char x;
- const char *c = &pem_header[i];
-
- if (*c >= '0' && *c <= '9')
- x = (*c) - '0';
- else if (*c >= 'A' && *c <= 'F')
- x = (*c) - 'A' + 10;
- else
- {
- gnutls_assert();
- /* Invalid salt in encrypted PEM file */
- ret = GNUTLS_E_INVALID_REQUEST;
- goto out_salt;
- }
- if (i & 1)
- salt.data[i / 2] |= x;
- else
- salt.data[i / 2] = x << 4;
- }
-
- pem_header += salt.size * 2;
- if (*pem_header != '\r' && *pem_header != '\n')
- {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto out_salt;
- }
- while (*pem_header == '\n' || *pem_header == '\r')
- pem_header++;
-
- ret = _gnutls_base64_decode((const void*)pem_header, pem_header_size, &b64_data);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_salt;
- }
-
- if (b64_data.size < 16)
- {
- /* Just to be sure our parsing is OK */
- gnutls_assert();
- ret = GNUTLS_E_PARSING_ERROR;
- goto out_b64;
- }
-
- ret = GNUTLS_E_MEMORY_ERROR;
- enc_key.size = gnutls_cipher_get_key_size (cipher);
- enc_key.data = gnutls_malloc (enc_key.size);
- if (!enc_key.data)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto out_b64;
- }
-
- key_data = gnutls_malloc (b64_data.size);
- if (!key_data)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto out_enc_key;
- }
-
- while (1)
- {
- memcpy (key_data, b64_data.data, b64_data.size);
-
- ret = openssl_hash_password (password, &enc_key, &salt);
- if (ret < 0)
- {
- gnutls_assert();
- goto out;
- }
-
- ret = gnutls_cipher_init (&handle, cipher, &enc_key, &salt);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_cipher_deinit (handle);
- goto out;
- }
-
- ret = gnutls_cipher_decrypt (handle, key_data, b64_data.size);
- gnutls_cipher_deinit (handle);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto out;
- }
-
- /* We have to strip any padding to accept it.
- So a bit more ASN.1 parsing for us.*/
- if (key_data[0] == 0x30)
- {
- gnutls_datum_t key_datum;
- unsigned int blocksize = gnutls_cipher_get_block_size (cipher);
- unsigned int keylen = key_data[1];
- unsigned int ofs = 2;
-
- if (keylen & 0x80)
- {
- int lenlen = keylen & 0x7f;
- keylen = 0;
-
- if (lenlen > 3)
- {
- gnutls_assert();
- goto fail;
- }
-
- while (lenlen)
- {
- keylen <<= 8;
- keylen |= key_data[ofs++];
- lenlen--;
- }
- }
- keylen += ofs;
-
- /* If there appears to be more padding than required, fail */
- if (b64_data.size - keylen > blocksize)
- {
- gnutls_assert();
- goto fail;
- }
-
- /* If the padding bytes aren't all equal to the amount of padding, fail */
- ofs = keylen;
- while (ofs < b64_data.size)
- {
- if (key_data[ofs] != b64_data.size - keylen)
- {
- gnutls_assert();
- goto fail;
- }
- ofs++;
- }
-
- key_datum.data = key_data;
- key_datum.size = keylen;
- ret =
- gnutls_x509_privkey_import (key, &key_datum,
- GNUTLS_X509_FMT_DER);
- if (ret == 0)
- goto out;
- }
- fail:
- ret = GNUTLS_E_DECRYPTION_FAILED;
- goto out;
- }
-out:
- gnutls_free (key_data);
-out_enc_key:
- gnutls_free (enc_key.data);
-out_b64:
- gnutls_free (b64_data.data);
-out_salt:
- gnutls_free (salt.data);
- return ret;
+ gnutls_cipher_hd_t handle;
+ gnutls_cipher_algorithm_t cipher = GNUTLS_CIPHER_UNKNOWN;
+ gnutls_datum_t b64_data;
+ gnutls_datum_t salt, enc_key;
+ unsigned char *key_data;
+ const char *pem_header = (void *) data->data;
+ const char *pem_header_start = (void *) data->data;
+ ssize_t pem_header_size;
+ int ret;
+ unsigned int i, iv_size, l;
+
+ pem_header_size = data->size;
+
+ pem_header =
+ memmem(pem_header, pem_header_size, "PRIVATE KEY---", 14);
+ if (pem_header == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ pem_header_size -= (ptrdiff_t) (pem_header - pem_header_start);
+
+ pem_header = memmem(pem_header, pem_header_size, "DEK-Info: ", 10);
+ if (pem_header == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ pem_header_size =
+ data->size - (ptrdiff_t) (pem_header - pem_header_start) - 10;
+ pem_header += 10;
+
+ for (i = 0; i < sizeof(pem_ciphers) / sizeof(pem_ciphers[0]); i++) {
+ l = strlen(pem_ciphers[i].name);
+ if (!strncmp(pem_header, pem_ciphers[i].name, l) &&
+ pem_header[l] == ',') {
+ pem_header += l + 1;
+ cipher = pem_ciphers[i].cipher;
+ break;
+ }
+ }
+
+ if (cipher == GNUTLS_CIPHER_UNKNOWN) {
+ _gnutls_debug_log
+ ("Unsupported PEM encryption type: %.10s\n",
+ pem_header);
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ iv_size = gnutls_cipher_get_iv_size(cipher);
+ salt.size = iv_size;
+ salt.data = gnutls_malloc(salt.size);
+ if (!salt.data)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ for (i = 0; i < salt.size * 2; i++) {
+ unsigned char x;
+ const char *c = &pem_header[i];
+
+ if (*c >= '0' && *c <= '9')
+ x = (*c) - '0';
+ else if (*c >= 'A' && *c <= 'F')
+ x = (*c) - 'A' + 10;
+ else {
+ gnutls_assert();
+ /* Invalid salt in encrypted PEM file */
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto out_salt;
+ }
+ if (i & 1)
+ salt.data[i / 2] |= x;
+ else
+ salt.data[i / 2] = x << 4;
+ }
+
+ pem_header += salt.size * 2;
+ if (*pem_header != '\r' && *pem_header != '\n') {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto out_salt;
+ }
+ while (*pem_header == '\n' || *pem_header == '\r')
+ pem_header++;
+
+ ret =
+ _gnutls_base64_decode((const void *) pem_header,
+ pem_header_size, &b64_data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_salt;
+ }
+
+ if (b64_data.size < 16) {
+ /* Just to be sure our parsing is OK */
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto out_b64;
+ }
+
+ ret = GNUTLS_E_MEMORY_ERROR;
+ enc_key.size = gnutls_cipher_get_key_size(cipher);
+ enc_key.data = gnutls_malloc(enc_key.size);
+ if (!enc_key.data) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto out_b64;
+ }
+
+ key_data = gnutls_malloc(b64_data.size);
+ if (!key_data) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto out_enc_key;
+ }
+
+ while (1) {
+ memcpy(key_data, b64_data.data, b64_data.size);
+
+ ret = openssl_hash_password(password, &enc_key, &salt);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ ret = gnutls_cipher_init(&handle, cipher, &enc_key, &salt);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_cipher_deinit(handle);
+ goto out;
+ }
+
+ ret =
+ gnutls_cipher_decrypt(handle, key_data, b64_data.size);
+ gnutls_cipher_deinit(handle);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ /* We have to strip any padding to accept it.
+ So a bit more ASN.1 parsing for us. */
+ if (key_data[0] == 0x30) {
+ gnutls_datum_t key_datum;
+ unsigned int blocksize =
+ gnutls_cipher_get_block_size(cipher);
+ unsigned int keylen = key_data[1];
+ unsigned int ofs = 2;
+
+ if (keylen & 0x80) {
+ int lenlen = keylen & 0x7f;
+ keylen = 0;
+
+ if (lenlen > 3) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ while (lenlen) {
+ keylen <<= 8;
+ keylen |= key_data[ofs++];
+ lenlen--;
+ }
+ }
+ keylen += ofs;
+
+ /* If there appears to be more padding than required, fail */
+ if (b64_data.size - keylen > blocksize) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ /* If the padding bytes aren't all equal to the amount of padding, fail */
+ ofs = keylen;
+ while (ofs < b64_data.size) {
+ if (key_data[ofs] !=
+ b64_data.size - keylen) {
+ gnutls_assert();
+ goto fail;
+ }
+ ofs++;
+ }
+
+ key_datum.data = key_data;
+ key_datum.size = keylen;
+ ret =
+ gnutls_x509_privkey_import(key, &key_datum,
+ GNUTLS_X509_FMT_DER);
+ if (ret == 0)
+ goto out;
+ }
+ fail:
+ ret = GNUTLS_E_DECRYPTION_FAILED;
+ goto out;
+ }
+ out:
+ gnutls_free(key_data);
+ out_enc_key:
+ gnutls_free(enc_key.data);
+ out_b64:
+ gnutls_free(b64_data.data);
+ out_salt:
+ gnutls_free(salt.data);
+ return ret;
}
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index c861264721..252742ea2e 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -34,7 +34,8 @@
#include <random.h>
#include <pbkdf2-sha1.h>
-static int _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey);
+static int _decode_pkcs8_ecc_key(ASN1_TYPE pkcs8_asn,
+ gnutls_x509_privkey_t pkey);
#define PBES2_OID "1.2.840.113549.1.5.13"
#define PBKDF2_OID "1.2.840.113549.1.5.12"
@@ -49,50 +50,48 @@ static int _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pke
#define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
-struct pbkdf2_params
-{
- uint8_t salt[32];
- int salt_size;
- unsigned int iter_count;
- unsigned int key_size;
+struct pbkdf2_params {
+ uint8_t salt[32];
+ int salt_size;
+ unsigned int iter_count;
+ unsigned int key_size;
};
-struct pbe_enc_params
-{
- gnutls_cipher_algorithm_t cipher;
- uint8_t iv[MAX_CIPHER_BLOCK_SIZE];
- int iv_size;
+struct pbe_enc_params {
+ gnutls_cipher_algorithm_t cipher;
+ uint8_t iv[MAX_CIPHER_BLOCK_SIZE];
+ int iv_size;
};
-static int generate_key (schema_id schema, const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params,
- gnutls_datum_t * key);
-static int read_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbkdf2_params *params);
-static int read_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params);
-static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root,
- const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * decrypted_data);
-static int decode_private_key_info (const gnutls_datum_t * der,
- gnutls_x509_privkey_t pkey);
-static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params);
-static int encrypt_data (const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted);
-
-static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- struct pbkdf2_params *params);
-static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *params);
+static int generate_key(schema_id schema, const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key);
+static int read_pbkdf2_params(ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbkdf2_params *params);
+static int read_pbe_enc_params(ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbe_enc_params *params);
+static int decrypt_data(schema_id, ASN1_TYPE pkcs8_asn, const char *root,
+ const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data);
+static int decode_private_key_info(const gnutls_datum_t * der,
+ gnutls_x509_privkey_t pkey);
+static int write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params);
+static int encrypt_data(const gnutls_datum_t * plain,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted);
+
+static int read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
+ struct pbkdf2_params *params);
+static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *params);
#define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
#define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
@@ -100,25 +99,25 @@ static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
/* Returns a negative error code if the encryption schema in
* the OID is not supported. The schema ID is returned.
*/
-static int
-check_schema (const char *oid)
+static int check_schema(const char *oid)
{
- if (strcmp (oid, PBES2_OID) == 0)
- return PBES2_GENERIC; /* ok */
+ if (strcmp(oid, PBES2_OID) == 0)
+ return PBES2_GENERIC; /* ok */
- if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
- return PKCS12_3DES_SHA1;
+ if (strcmp(oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
+ return PKCS12_3DES_SHA1;
- if (strcmp (oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
- return PKCS12_ARCFOUR_SHA1;
+ if (strcmp(oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
+ return PKCS12_ARCFOUR_SHA1;
- if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
- return PKCS12_RC2_40_SHA1;
+ if (strcmp(oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
+ return PKCS12_RC2_40_SHA1;
- _gnutls_debug_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
+ _gnutls_debug_log
+ ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
/* Encodes a private key to the raw format PKCS #8 needs.
@@ -126,82 +125,80 @@ check_schema (const char *oid)
* an ASN.1 INTEGER of the x value.
*/
inline static int
-_encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
+_encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
{
- size_t size = 0;
- uint8_t *data = NULL;
- int ret;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- switch (pkey->pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- case GNUTLS_PK_EC:
- ret =
- gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- goto error;
- }
-
- data = gnutls_malloc (size);
- if (data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
-
- ret =
- gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- raw->data = data;
- raw->size = size;
- break;
- case GNUTLS_PK_DSA:
- /* DSAPublicKey == INTEGER */
- if ((ret = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = _gnutls_x509_write_int (spk, "", pkey->params.params[4], 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- ret = _gnutls_x509_der_encode (spk, "", raw, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&spk);
- break;
-
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-
-error:
- gnutls_free (data);
- asn1_delete_structure (&spk);
- return ret;
+ size_t size = 0;
+ uint8_t *data = NULL;
+ int ret;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ switch (pkey->pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ case GNUTLS_PK_EC:
+ ret =
+ gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER,
+ NULL, &size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto error;
+ }
+
+ data = gnutls_malloc(size);
+ if (data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+
+ ret =
+ gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER,
+ data, &size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ raw->data = data;
+ raw->size = size;
+ break;
+ case GNUTLS_PK_DSA:
+ /* DSAPublicKey == INTEGER */
+ if ((ret = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey",
+ &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret =
+ _gnutls_x509_write_int(spk, "", pkey->params.params[4],
+ 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ ret = _gnutls_x509_der_encode(spk, "", raw, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&spk);
+ break;
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+ error:
+ gnutls_free(data);
+ asn1_delete_structure(&spk);
+ return ret;
}
@@ -211,357 +208,336 @@ error:
* the ASN1_TYPE of private key info will be returned.
*/
static int
-encode_to_private_key_info (gnutls_x509_privkey_t pkey,
- gnutls_datum_t * der, ASN1_TYPE * pkey_info)
+encode_to_private_key_info(gnutls_x509_privkey_t pkey,
+ gnutls_datum_t * der, ASN1_TYPE * pkey_info)
{
- int result, len;
- uint8_t null = 0;
- const char *oid;
- gnutls_datum_t algo_params = { NULL, 0 };
- gnutls_datum_t algo_privkey = { NULL, 0 };
-
- oid = _gnutls_x509_pk_to_oid(pkey->pk_algorithm);
- if (oid == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- result =
- _gnutls_x509_write_pubkey_params (pkey->pk_algorithm, &pkey->params, &algo_params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-PrivateKeyInfo",
- pkey_info)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Write the version.
- */
- result = asn1_write_value (*pkey_info, "version", &null, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* write the privateKeyAlgorithm
- * fields. (OID+NULL data)
- */
- result =
- asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result =
- asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters",
- algo_params.data, algo_params.size);
- _gnutls_free_datum (&algo_params);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
-
- /* Write the raw private key
- */
- result = _encode_privkey (pkey, &algo_privkey);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result =
- asn1_write_value (*pkey_info, "privateKey", algo_privkey.data,
- algo_privkey.size);
- _gnutls_free_datum (&algo_privkey);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Append an empty Attributes field.
- */
- result = asn1_write_value (*pkey_info, "attributes", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* DER Encode the generated private key info.
- */
- len = 0;
- result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* allocate data for the der
- */
- der->size = len;
- der->data = gnutls_malloc (len);
- if (der->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- return 0;
-
-error:
- asn1_delete_structure (pkey_info);
- _gnutls_free_datum (&algo_params);
- _gnutls_free_datum (&algo_privkey);
- return result;
+ int result, len;
+ uint8_t null = 0;
+ const char *oid;
+ gnutls_datum_t algo_params = { NULL, 0 };
+ gnutls_datum_t algo_privkey = { NULL, 0 };
+
+ oid = _gnutls_x509_pk_to_oid(pkey->pk_algorithm);
+ if (oid == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ result =
+ _gnutls_x509_write_pubkey_params(pkey->pk_algorithm,
+ &pkey->params, &algo_params);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ pkey_info)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the version.
+ */
+ result = asn1_write_value(*pkey_info, "version", &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* write the privateKeyAlgorithm
+ * fields. (OID+NULL data)
+ */
+ result =
+ asn1_write_value(*pkey_info, "privateKeyAlgorithm.algorithm",
+ oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters",
+ algo_params.data, algo_params.size);
+ _gnutls_free_datum(&algo_params);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+
+ /* Write the raw private key
+ */
+ result = _encode_privkey(pkey, &algo_privkey);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ asn1_write_value(*pkey_info, "privateKey", algo_privkey.data,
+ algo_privkey.size);
+ _gnutls_free_datum(&algo_privkey);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Append an empty Attributes field.
+ */
+ result = asn1_write_value(*pkey_info, "attributes", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* DER Encode the generated private key info.
+ */
+ len = 0;
+ result = asn1_der_coding(*pkey_info, "", NULL, &len, NULL);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* allocate data for the der
+ */
+ der->size = len;
+ der->data = gnutls_malloc(len);
+ if (der->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding(*pkey_info, "", der->data, &len, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(pkey_info);
+ _gnutls_free_datum(&algo_params);
+ _gnutls_free_datum(&algo_privkey);
+ return result;
}
-static const char *
-cipher_to_pkcs_params (int cipher, const char **oid)
+static const char *cipher_to_pkcs_params(int cipher, const char **oid)
{
- switch (cipher)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- if (oid)
- *oid = AES_128_CBC_OID;
- return "PKIX1.pkcs-5-aes128-CBC-params";
- break;
- case GNUTLS_CIPHER_AES_192_CBC:
- if (oid)
- *oid = AES_192_CBC_OID;
- return "PKIX1.pkcs-5-aes192-CBC-params";
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- if (oid)
- *oid = AES_256_CBC_OID;
- return "PKIX1.pkcs-5-aes256-CBC-params";
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- if (oid)
- *oid = DES_EDE3_CBC_OID;
- return "PKIX1.pkcs-5-des-EDE3-CBC-params";
- break;
- default:
- return NULL;
- break;
- }
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ if (oid)
+ *oid = AES_128_CBC_OID;
+ return "PKIX1.pkcs-5-aes128-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ if (oid)
+ *oid = AES_192_CBC_OID;
+ return "PKIX1.pkcs-5-aes192-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ if (oid)
+ *oid = AES_256_CBC_OID;
+ return "PKIX1.pkcs-5-aes256-CBC-params";
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ if (oid)
+ *oid = DES_EDE3_CBC_OID;
+ return "PKIX1.pkcs-5-des-EDE3-CBC-params";
+ break;
+ default:
+ return NULL;
+ break;
+ }
}
-static int
-cipher_to_schema (int cipher)
+static int cipher_to_schema(int cipher)
{
- switch (cipher)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- return PBES2_AES_128;
- break;
- case GNUTLS_CIPHER_AES_192_CBC:
- return PBES2_AES_192;
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- return PBES2_AES_256;
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- return PBES2_3DES;
- break;
- default:
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
- break;
- }
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ return PBES2_AES_128;
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ return PBES2_AES_192;
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ return PBES2_AES_256;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ return PBES2_3DES;
+ break;
+ default:
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ break;
+ }
}
-int
-_gnutls_pkcs_flags_to_schema (unsigned int flags)
+int _gnutls_pkcs_flags_to_schema(unsigned int flags)
{
- int schema;
-
- if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
- schema = PKCS12_ARCFOUR_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
- schema = PKCS12_RC2_40_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
- schema = PBES2_3DES;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
- schema = PBES2_AES_128;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
- schema = PBES2_AES_192;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
- schema = PBES2_AES_256;
- else
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
- flags);
- schema = PKCS12_3DES_SHA1;
- }
-
- return schema;
+ int schema;
+
+ if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
+ schema = PKCS12_ARCFOUR_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
+ schema = PKCS12_RC2_40_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
+ schema = PBES2_3DES;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
+ schema = PBES2_AES_128;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
+ schema = PBES2_AES_192;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
+ schema = PBES2_AES_256;
+ else {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
+ flags);
+ schema = PKCS12_3DES_SHA1;
+ }
+
+ return schema;
}
/* returns the OID corresponding to given schema
*/
-static int
-schema_to_oid (schema_id schema, const char **str_oid)
+static int schema_to_oid(schema_id schema, const char **str_oid)
{
- int result = 0;
-
- switch (schema)
- {
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
- *str_oid = PBES2_OID;
- break;
- case PKCS12_3DES_SHA1:
- *str_oid = PKCS12_PBE_3DES_SHA1_OID;
- break;
- case PKCS12_ARCFOUR_SHA1:
- *str_oid = PKCS12_PBE_ARCFOUR_SHA1_OID;
- break;
- case PKCS12_RC2_40_SHA1:
- *str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
- break;
- default:
- gnutls_assert ();
- result = GNUTLS_E_INTERNAL_ERROR;
- }
-
- return result;
+ int result = 0;
+
+ switch (schema) {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+ *str_oid = PBES2_OID;
+ break;
+ case PKCS12_3DES_SHA1:
+ *str_oid = PKCS12_PBE_3DES_SHA1_OID;
+ break;
+ case PKCS12_ARCFOUR_SHA1:
+ *str_oid = PKCS12_PBE_ARCFOUR_SHA1_OID;
+ break;
+ case PKCS12_RC2_40_SHA1:
+ *str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
+ break;
+ default:
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return result;
}
/* Converts a PKCS #8 private key info to
* a PKCS #8 EncryptedPrivateKeyInfo.
*/
static int
-encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key,
- const char *password, ASN1_TYPE * out)
+encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key,
+ const char *password, ASN1_TYPE * out)
{
- int result;
- gnutls_datum_t key = { NULL, 0 };
- gnutls_datum_t tmp = { NULL, 0 };
- ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- const char *str_oid;
-
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Write the encryption schema OID
- */
- result = schema_to_oid (schema, &str_oid);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", str_oid, 1);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Generate a symmetric key.
- */
-
- result = generate_key (schema, password, &kdf_params, &enc_params, &key);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result =
- write_schema_params (schema, pkcs8_asn,
- "encryptionAlgorithm.parameters", &kdf_params,
- &enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Parameters have been encoded. Now
- * encrypt the Data.
- */
- result = encrypt_data (der_key, &enc_params, &key, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* write the encrypted data.
- */
- result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- _gnutls_free_datum (&tmp);
- _gnutls_free_datum (&key);
-
- *out = pkcs8_asn;
-
- return 0;
-
-error:
- _gnutls_free_datum (&key);
- _gnutls_free_datum (&tmp);
- asn1_delete_structure (&pkcs8_asn);
- return result;
+ int result;
+ gnutls_datum_t key = { NULL, 0 };
+ gnutls_datum_t tmp = { NULL, 0 };
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ const char *str_oid;
+
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the encryption schema OID
+ */
+ result = schema_to_oid(schema, &str_oid);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ str_oid, 1);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Generate a symmetric key.
+ */
+
+ result =
+ generate_key(schema, password, &kdf_params, &enc_params, &key);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ write_schema_params(schema, pkcs8_asn,
+ "encryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Parameters have been encoded. Now
+ * encrypt the Data.
+ */
+ result = encrypt_data(der_key, &enc_params, &key, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* write the encrypted data.
+ */
+ result =
+ asn1_write_value(pkcs8_asn, "encryptedData", tmp.data,
+ tmp.size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&key);
+
+ *out = pkcs8_asn;
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(&key);
+ _gnutls_free_datum(&tmp);
+ asn1_delete_structure(&pkcs8_asn);
+ return result;
}
@@ -595,68 +571,65 @@ error:
* returned, and 0 on success.
**/
int
-gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size)
+gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size)
{
- ASN1_TYPE pkcs8_asn, pkey_info;
- int ret;
- gnutls_datum_t tmp;
- schema_id schema;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Get the private key info
- * tmp holds the DER encoding.
- */
- ret = encode_to_private_key_info (key, &tmp, &pkey_info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- schema = _gnutls_pkcs_flags_to_schema (flags);
-
- if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
- {
- _gnutls_free_datum (&tmp);
-
- ret =
- _gnutls_x509_export_int (pkey_info, format,
- PEM_UNENCRYPTED_PKCS8,
- output_data, output_data_size);
-
- asn1_delete_structure (&pkey_info);
- }
- else
- {
- asn1_delete_structure (&pkey_info); /* we don't need it */
-
- ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8,
- output_data, output_data_size);
-
- asn1_delete_structure (&pkcs8_asn);
- }
-
- return ret;
+ ASN1_TYPE pkcs8_asn, pkey_info;
+ int ret;
+ gnutls_datum_t tmp;
+ schema_id schema;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Get the private key info
+ * tmp holds the DER encoding.
+ */
+ ret = encode_to_private_key_info(key, &tmp, &pkey_info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ schema = _gnutls_pkcs_flags_to_schema(flags);
+
+ if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
+ && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
+ _gnutls_free_datum(&tmp);
+
+ ret =
+ _gnutls_x509_export_int(pkey_info, format,
+ PEM_UNENCRYPTED_PKCS8,
+ output_data, output_data_size);
+
+ asn1_delete_structure(&pkey_info);
+ } else {
+ asn1_delete_structure(&pkey_info); /* we don't need it */
+
+ ret =
+ encode_to_pkcs8_key(schema, &tmp, password,
+ &pkcs8_asn);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8,
+ output_data, output_data_size);
+
+ asn1_delete_structure(&pkcs8_asn);
+ }
+
+ return ret;
}
/**
@@ -687,65 +660,62 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
* Since 3.1.3
**/
int
-gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- gnutls_datum_t *out)
+gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags, gnutls_datum_t * out)
{
- ASN1_TYPE pkcs8_asn, pkey_info;
- int ret;
- gnutls_datum_t tmp;
- schema_id schema;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Get the private key info
- * tmp holds the DER encoding.
- */
- ret = encode_to_private_key_info (key, &tmp, &pkey_info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- schema = _gnutls_pkcs_flags_to_schema (flags);
-
- if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
- {
- _gnutls_free_datum (&tmp);
-
- ret =
- _gnutls_x509_export_int2 (pkey_info, format,
- PEM_UNENCRYPTED_PKCS8, out);
-
- asn1_delete_structure (&pkey_info);
- }
- else
- {
- asn1_delete_structure (&pkey_info); /* we don't need it */
-
- ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_x509_export_int2 (pkcs8_asn, format, PEM_PKCS8, out);
-
- asn1_delete_structure (&pkcs8_asn);
- }
-
- return ret;
+ ASN1_TYPE pkcs8_asn, pkey_info;
+ int ret;
+ gnutls_datum_t tmp;
+ schema_id schema;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Get the private key info
+ * tmp holds the DER encoding.
+ */
+ ret = encode_to_private_key_info(key, &tmp, &pkey_info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ schema = _gnutls_pkcs_flags_to_schema(flags);
+
+ if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
+ && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
+ _gnutls_free_datum(&tmp);
+
+ ret =
+ _gnutls_x509_export_int2(pkey_info, format,
+ PEM_UNENCRYPTED_PKCS8, out);
+
+ asn1_delete_structure(&pkey_info);
+ } else {
+ asn1_delete_structure(&pkey_info); /* we don't need it */
+
+ ret =
+ encode_to_pkcs8_key(schema, &tmp, password,
+ &pkcs8_asn);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_export_int2(pkcs8_asn, format, PEM_PKCS8,
+ out);
+
+ asn1_delete_structure(&pkcs8_asn);
+ }
+
+ return ret;
}
@@ -753,256 +723,240 @@ gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
* schema ID.
*/
static int
-read_pkcs_schema_params (schema_id * schema, const char *password,
- const uint8_t * data, int data_size,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params)
+read_pkcs_schema_params(schema_id * schema, const char *password,
+ const uint8_t * data, int data_size,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params)
{
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
- int result;
- gnutls_datum_t tmp;
-
- switch (*schema)
- {
-
- case PBES2_GENERIC:
-
- /* Now check the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBES2-params",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Decode the parameters.
- */
- result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- tmp.data = (uint8_t *) data;
- tmp.size = data_size;
-
- result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- asn1_delete_structure (&pbes2_asn);
-
- result = cipher_to_schema (enc_params->cipher);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- *schema = result;
- return 0;
-
- case PKCS12_3DES_SHA1:
- case PKCS12_ARCFOUR_SHA1:
- case PKCS12_RC2_40_SHA1:
-
- if ((*schema) == PKCS12_3DES_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- enc_params->iv_size = 8;
- }
- else if ((*schema) == PKCS12_ARCFOUR_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
- enc_params->iv_size = 0;
- }
- else if ((*schema) == PKCS12_RC2_40_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
- enc_params->iv_size = 8;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PbeParams",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Decode the parameters.
- */
- result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = read_pkcs12_kdf_params (pbes2_asn, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- if (enc_params->iv_size)
- {
- result =
- _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- enc_params->iv_size,
- enc_params->iv);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- }
-
- asn1_delete_structure (&pbes2_asn);
-
- return 0;
-
- default:
- gnutls_assert ();
- } /* switch */
-
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
-
-error:
- asn1_delete_structure (&pbes2_asn);
- return result;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+ int result;
+ gnutls_datum_t tmp;
+
+ switch (*schema) {
+
+ case PBES2_GENERIC:
+
+ /* Now check the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Decode the parameters.
+ */
+ result =
+ asn1_der_decoding(&pbes2_asn, data, data_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ tmp.data = (uint8_t *) data;
+ tmp.size = data_size;
+
+ result = read_pbkdf2_params(pbes2_asn, &tmp, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = read_pbe_enc_params(pbes2_asn, &tmp, enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ asn1_delete_structure(&pbes2_asn);
+
+ result = cipher_to_schema(enc_params->cipher);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ *schema = result;
+ return 0;
+
+ case PKCS12_3DES_SHA1:
+ case PKCS12_ARCFOUR_SHA1:
+ case PKCS12_RC2_40_SHA1:
+
+ if ((*schema) == PKCS12_3DES_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ enc_params->iv_size = 8;
+ } else if ((*schema) == PKCS12_ARCFOUR_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ enc_params->iv_size = 0;
+ } else if ((*schema) == PKCS12_RC2_40_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ enc_params->iv_size = 8;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Decode the parameters.
+ */
+ result =
+ asn1_der_decoding(&pbes2_asn, data, data_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = read_pkcs12_kdf_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if (enc_params->iv_size) {
+ result =
+ _gnutls_pkcs12_string_to_key(2 /*IV*/,
+ kdf_params->salt,
+ kdf_params->
+ salt_size,
+ kdf_params->
+ iter_count,
+ password,
+ enc_params->
+ iv_size,
+ enc_params->iv);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ }
+
+ asn1_delete_structure(&pbes2_asn);
+
+ return 0;
+
+ default:
+ gnutls_assert();
+ } /* switch */
+
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ return result;
}
static int decrypt_pkcs8_key(const gnutls_datum_t * raw_key,
- ASN1_TYPE pkcs8_asn, const char *password,
- gnutls_x509_privkey_t pkey)
+ ASN1_TYPE pkcs8_asn, const char *password,
+ gnutls_x509_privkey_t pkey)
{
- int result, len;
- char enc_oid[64];
- gnutls_datum_t tmp;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
- int params_start, params_end, params_len;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- schema_id schema;
-
- /* Check the encryption schema OID
- */
- len = sizeof (enc_oid);
- result =
- asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
- enc_oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- if ((result = check_schema (enc_oid)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- schema = result;
-
- /* Get the DER encoding of the parameters.
- */
- result =
- asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data,
- raw_key->size,
- "encryptionAlgorithm.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- params_len = params_end - params_start + 1;
-
- result =
- read_pkcs_schema_params (&schema, password,
- &raw_key->data[params_start],
- params_len, &kdf_params, &enc_params);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Parameters have been decoded. Now
- * decrypt the EncryptedData.
- */
- result =
- decrypt_data (schema, pkcs8_asn, "encryptedData", password,
- &kdf_params, &enc_params, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = decode_private_key_info (&tmp, pkey);
- _gnutls_free_datum (&tmp);
-
- if (result < 0)
- {
- /* We've gotten this far. In the real world it's almost certain
- * that we're dealing with a good file, but wrong password.
- * Sadly like 90% of random data is somehow valid DER for the
- * a first small number of bytes, so no easy way to guarantee. */
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
- result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
- result == GNUTLS_E_ASN1_DER_ERROR ||
- result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
- result == GNUTLS_E_ASN1_GENERIC_ERROR ||
- result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
- result == GNUTLS_E_ASN1_TAG_ERROR ||
- result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
- result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
- result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
- result == GNUTLS_E_ASN1_DER_OVERFLOW)
- {
- result = GNUTLS_E_DECRYPTION_FAILED;
- }
-
- gnutls_assert ();
- goto error;
- }
-
- return 0;
-
-error:
- asn1_delete_structure (&pbes2_asn);
- return result;
+ int result, len;
+ char enc_oid[64];
+ gnutls_datum_t tmp;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+ int params_start, params_end, params_len;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ schema_id schema;
+
+ /* Check the encryption schema OID
+ */
+ len = sizeof(enc_oid);
+ result =
+ asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ enc_oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = check_schema(enc_oid)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ schema = result;
+
+ /* Get the DER encoding of the parameters.
+ */
+ result =
+ asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data,
+ raw_key->size,
+ "encryptionAlgorithm.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ params_len = params_end - params_start + 1;
+
+ result =
+ read_pkcs_schema_params(&schema, password,
+ &raw_key->data[params_start],
+ params_len, &kdf_params, &enc_params);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Parameters have been decoded. Now
+ * decrypt the EncryptedData.
+ */
+ result =
+ decrypt_data(schema, pkcs8_asn, "encryptedData", password,
+ &kdf_params, &enc_params, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = decode_private_key_info(&tmp, pkey);
+ _gnutls_free_datum(&tmp);
+
+ if (result < 0) {
+ /* We've gotten this far. In the real world it's almost certain
+ * that we're dealing with a good file, but wrong password.
+ * Sadly like 90% of random data is somehow valid DER for the
+ * a first small number of bytes, so no easy way to guarantee. */
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_DER_ERROR ||
+ result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_GENERIC_ERROR ||
+ result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
+ result == GNUTLS_E_ASN1_TAG_ERROR ||
+ result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
+ result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
+ result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
+ result == GNUTLS_E_ASN1_DER_OVERFLOW) {
+ result = GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ return result;
}
/* Converts a PKCS #8 key to
@@ -1010,244 +964,241 @@ error:
* (normally a PKCS #1 encoded RSA key)
*/
static int
-decode_pkcs8_key (const gnutls_datum_t * raw_key,
- const char *password, gnutls_x509_privkey_t pkey,
- unsigned int decrypt)
+decode_pkcs8_key(const gnutls_datum_t * raw_key,
+ const char *password, gnutls_x509_privkey_t pkey,
+ unsigned int decrypt)
{
- int result;
- ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- if (decrypt)
- result = decrypt_pkcs8_key(raw_key, pkcs8_asn, password, pkey);
- else
- result = 0;
-
-error:
- asn1_delete_structure (&pkcs8_asn);
- return result;
+ int result;
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding(&pkcs8_asn, raw_key->data, raw_key->size,
+ NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ if (decrypt)
+ result =
+ decrypt_pkcs8_key(raw_key, pkcs8_asn, password, pkey);
+ else
+ result = 0;
+
+ error:
+ asn1_delete_structure(&pkcs8_asn);
+ return result;
}
/* Decodes an RSA privateKey from a PKCS8 structure.
*/
static int
-_decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
+_decode_pkcs8_rsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
{
- int ret;
- gnutls_datum_t tmp;
-
- ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key (&tmp, pkey);
- _gnutls_free_datum (&tmp);
- if (pkey->key == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = 0;
-
-error:
- return ret;
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_read_value(pkcs8_asn, "privateKey", &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key(&tmp, pkey);
+ _gnutls_free_datum(&tmp);
+ if (pkey->key == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ return ret;
}
/* Decodes an ECC privateKey from a PKCS8 structure.
*/
static int
-_decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
+_decode_pkcs8_ecc_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
{
- int ret;
- gnutls_datum_t tmp;
-
- ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->key = _gnutls_privkey_decode_ecc_key (&tmp, pkey);
- _gnutls_free_datum (&tmp);
- if (pkey->key == NULL)
- {
- ret = GNUTLS_E_PARSING_ERROR;
- gnutls_assert ();
- goto error;
- }
-
- ret = 0;
-
-error:
- return ret;
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_read_value(pkcs8_asn, "privateKey", &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->key = _gnutls_privkey_decode_ecc_key(&tmp, pkey);
+ _gnutls_free_datum(&tmp);
+ if (pkey->key == NULL) {
+ ret = GNUTLS_E_PARSING_ERROR;
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ return ret;
}
/* Decodes an DSA privateKey and params from a PKCS8 structure.
*/
static int
-_decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
+_decode_pkcs8_dsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
{
- int ret;
- gnutls_datum_t tmp;
-
- ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_x509_read_der_int (tmp.data, tmp.size, &pkey->params.params[4]);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret =
- _gnutls_x509_read_value (pkcs8_asn, "privateKeyAlgorithm.parameters",
- &tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_x509_read_pubkey_params (GNUTLS_PK_DSA, tmp.data, tmp.size, &pkey->params);
- _gnutls_free_datum (&tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* the public key can be generated as g^x mod p */
- pkey->params.params[3] = _gnutls_mpi_alloc_like (pkey->params.params[0]);
- if (pkey->params.params[3] == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- _gnutls_mpi_powm (pkey->params.params[3], pkey->params.params[2], pkey->params.params[4],
- pkey->params.params[0]);
-
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &pkey->key, &pkey->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->params.params_nr = DSA_PRIVATE_PARAMS;
-
- ret = 0;
-
-error:
- return ret;
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_read_value(pkcs8_asn, "privateKey", &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_x509_read_der_int(tmp.data, tmp.size,
+ &pkey->params.params[4]);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_x509_read_value(pkcs8_asn,
+ "privateKeyAlgorithm.parameters",
+ &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_x509_read_pubkey_params(GNUTLS_PK_DSA, tmp.data,
+ tmp.size, &pkey->params);
+ _gnutls_free_datum(&tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* the public key can be generated as g^x mod p */
+ pkey->params.params[3] =
+ _gnutls_mpi_alloc_like(pkey->params.params[0]);
+ if (pkey->params.params[3] == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ _gnutls_mpi_powm(pkey->params.params[3], pkey->params.params[2],
+ pkey->params.params[4], pkey->params.params[0]);
+
+ ret =
+ _gnutls_asn1_encode_privkey(GNUTLS_PK_DSA, &pkey->key,
+ &pkey->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->params.params_nr = DSA_PRIVATE_PARAMS;
+
+ ret = 0;
+
+ error:
+ return ret;
}
static int
-decode_private_key_info (const gnutls_datum_t * der,
- gnutls_x509_privkey_t pkey)
+decode_private_key_info(const gnutls_datum_t * der,
+ gnutls_x509_privkey_t pkey)
{
- int result, len;
- char oid[64];
- ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
-
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-PrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = asn1_der_decoding (&pkcs8_asn, der->data, der->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Check the private key algorithm OID
- */
- len = sizeof (oid);
- result =
- asn1_read_value (pkcs8_asn, "privateKeyAlgorithm.algorithm", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* we only support RSA and DSA private keys.
- */
-
- pkey->pk_algorithm = _gnutls_x509_oid2pk_algorithm(oid);
- if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("PKCS #8 private key OID '%s' is unsupported.\n", oid);
- result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- goto error;
- }
-
- /* Get the DER encoding of the actual private key.
- */
-
- if (pkey->pk_algorithm == GNUTLS_PK_RSA)
- result = _decode_pkcs8_rsa_key (pkcs8_asn, pkey);
- else if (pkey->pk_algorithm == GNUTLS_PK_DSA)
- result = _decode_pkcs8_dsa_key (pkcs8_asn, pkey);
- else if (pkey->pk_algorithm == GNUTLS_PK_EC)
- result = _decode_pkcs8_ecc_key (pkcs8_asn, pkey);
- else return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = 0;
-
-error:
- asn1_delete_structure (&pkcs8_asn);
-
- return result;
+ int result, len;
+ char oid[64];
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_der_decoding(&pkcs8_asn, der->data, der->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Check the private key algorithm OID
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.algorithm",
+ oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* we only support RSA and DSA private keys.
+ */
+
+ pkey->pk_algorithm = _gnutls_x509_oid2pk_algorithm(oid);
+ if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("PKCS #8 private key OID '%s' is unsupported.\n",
+ oid);
+ result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ goto error;
+ }
+
+ /* Get the DER encoding of the actual private key.
+ */
+
+ if (pkey->pk_algorithm == GNUTLS_PK_RSA)
+ result = _decode_pkcs8_rsa_key(pkcs8_asn, pkey);
+ else if (pkey->pk_algorithm == GNUTLS_PK_DSA)
+ result = _decode_pkcs8_dsa_key(pkcs8_asn, pkey);
+ else if (pkey->pk_algorithm == GNUTLS_PK_EC)
+ result = _decode_pkcs8_ecc_key(pkcs8_asn, pkey);
+ else
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&pkcs8_asn);
+
+ return result;
}
@@ -1280,282 +1231,267 @@ error:
* negative error value.
**/
int
-gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char *password, unsigned int flags)
+gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header
- */
- result =
- _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8,
- data->data, data->size, &_data);
-
- if (result < 0)
- { /* Try the encrypted header
- */
- result =
- _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
- else if (flags == 0)
- flags |= GNUTLS_PKCS_PLAIN;
-
- need_free = 1;
- }
-
- /* Here we don't check for password == NULL to maintain a backwards
- * compatibility behavior, with old versions that were encrypting using
- * a NULL password.
- */
- if (flags & GNUTLS_PKCS_PLAIN)
- {
- result = decode_private_key_info (&_data, key);
- if (result < 0)
- { /* check if it is encrypted */
- if (decode_pkcs8_key(&_data, "", key, 0) == 0)
- result = GNUTLS_E_DECRYPTION_FAILED;
- }
- }
- else
- { /* encrypted. */
- result = decode_pkcs8_key (&_data, password, key, 1);
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- /* The key has now been decoded.
- */
-
- return 0;
-
-cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header
+ */
+ result =
+ _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8,
+ data->data, data->size, &_data);
+
+ if (result < 0) { /* Try the encrypted header
+ */
+ result =
+ _gnutls_fbase64_decode(PEM_PKCS8, data->data,
+ data->size, &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ } else if (flags == 0)
+ flags |= GNUTLS_PKCS_PLAIN;
+
+ need_free = 1;
+ }
+
+ /* Here we don't check for password == NULL to maintain a backwards
+ * compatibility behavior, with old versions that were encrypting using
+ * a NULL password.
+ */
+ if (flags & GNUTLS_PKCS_PLAIN) {
+ result = decode_private_key_info(&_data, key);
+ if (result < 0) { /* check if it is encrypted */
+ if (decode_pkcs8_key(&_data, "", key, 0) == 0)
+ result = GNUTLS_E_DECRYPTION_FAILED;
+ }
+ } else { /* encrypted. */
+ result = decode_pkcs8_key(&_data, password, key, 1);
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ /* The key has now been decoded.
+ */
+
+ return 0;
+
+ cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/* Reads the PBKDF2 parameters.
*/
static int
-read_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der, struct pbkdf2_params *params)
+read_pbkdf2_params(ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbkdf2_params *params)
{
- int params_start, params_end;
- int params_len, len, result;
- ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
- char oid[64];
-
- memset (params, 0, sizeof (*params));
-
- /* Check the key derivation algorithm
- */
- len = sizeof (oid);
- result =
- asn1_read_value (pbes2_asn, "keyDerivationFunc.algorithm", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid);
-
- if (strcmp (oid, PBKDF2_OID) != 0)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
- return _gnutls_asn2err (result);
- }
-
- result =
- asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
- "keyDerivationFunc.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- params_len = params_end - params_start + 1;
-
- /* Now check the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBKDF2-params",
- &pbkdf2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- asn1_der_decoding (&pbkdf2_asn, &der->data[params_start],
- params_len, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* read the salt */
- params->salt_size = sizeof (params->salt);
- result =
- asn1_read_value (pbkdf2_asn, "salt.specified", params->salt,
- &params->salt_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("salt.specified.size: %d\n", params->salt_size);
-
- /* read the iteration count
- */
- result =
- _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount",
- &params->iter_count);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
-
- /* read the keylength, if it is set.
- */
- result =
- _gnutls_x509_read_uint (pbkdf2_asn, "keyLength", &params->key_size);
- if (result < 0)
- {
- params->key_size = 0;
- }
- _gnutls_hard_log ("keyLength: %d\n", params->key_size);
-
- /* We don't read the PRF. We only use the default.
- */
-
- result = 0;
-
-error:
- asn1_delete_structure (&pbkdf2_asn);
- return result;
+ int params_start, params_end;
+ int params_len, len, result;
+ ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
+ char oid[64];
+
+ memset(params, 0, sizeof(*params));
+
+ /* Check the key derivation algorithm
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pbes2_asn, "keyDerivationFunc.algorithm", oid,
+ &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ _gnutls_hard_log("keyDerivationFunc.algorithm: %s\n", oid);
+
+ if (strcmp(oid, PBKDF2_OID) != 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("PKCS #8 key derivation OID '%s' is unsupported.\n",
+ oid);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size,
+ "keyDerivationFunc.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ params_len = params_end - params_start + 1;
+
+ /* Now check the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&pbkdf2_asn, &der->data[params_start],
+ params_len, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* read the salt */
+ params->salt_size = sizeof(params->salt);
+ result =
+ asn1_read_value(pbkdf2_asn, "salt.specified", params->salt,
+ &params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.specified.size: %d\n", params->salt_size);
+
+ /* read the iteration count
+ */
+ result =
+ _gnutls_x509_read_uint(pbkdf2_asn, "iterationCount",
+ &params->iter_count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", params->iter_count);
+
+ /* read the keylength, if it is set.
+ */
+ result =
+ _gnutls_x509_read_uint(pbkdf2_asn, "keyLength",
+ &params->key_size);
+ if (result < 0) {
+ params->key_size = 0;
+ }
+ _gnutls_hard_log("keyLength: %d\n", params->key_size);
+
+ /* We don't read the PRF. We only use the default.
+ */
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&pbkdf2_asn);
+ return result;
}
/* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
*/
static int
-read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, struct pbkdf2_params *params)
+read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, struct pbkdf2_params *params)
{
- int result;
-
- memset (params, 0, sizeof (*params));
-
- /* read the salt */
- params->salt_size = sizeof (params->salt);
- result =
- asn1_read_value (pbes2_asn, "salt", params->salt, &params->salt_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("salt.size: %d\n", params->salt_size);
-
- /* read the iteration count
- */
- result =
- _gnutls_x509_read_uint (pbes2_asn, "iterations", &params->iter_count);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
-
- params->key_size = 0;
-
- return 0;
-
-error:
- return result;
+ int result;
+
+ memset(params, 0, sizeof(*params));
+
+ /* read the salt */
+ params->salt_size = sizeof(params->salt);
+ result =
+ asn1_read_value(pbes2_asn, "salt", params->salt,
+ &params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.size: %d\n", params->salt_size);
+
+ /* read the iteration count
+ */
+ result =
+ _gnutls_x509_read_uint(pbes2_asn, "iterations",
+ &params->iter_count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", params->iter_count);
+
+ params->key_size = 0;
+
+ return 0;
+
+ error:
+ return result;
}
/* Writes the PBE parameters for PKCS-12 schemas.
*/
static int
-write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *kdf_params)
+write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *kdf_params)
{
- int result;
-
- /* write the salt
- */
- result =
- asn1_write_value (pbes2_asn, "salt",
- kdf_params->salt, kdf_params->salt_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("salt.size: %d\n", kdf_params->salt_size);
-
- /* write the iteration count
- */
- result =
- _gnutls_x509_write_uint32 (pbes2_asn, "iterations",
- kdf_params->iter_count);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
-
- return 0;
-
-error:
- return result;
+ int result;
+
+ /* write the salt
+ */
+ result =
+ asn1_write_value(pbes2_asn, "salt",
+ kdf_params->salt, kdf_params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.size: %d\n", kdf_params->salt_size);
+
+ /* write the iteration count
+ */
+ result =
+ _gnutls_x509_write_uint32(pbes2_asn, "iterations",
+ kdf_params->iter_count);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count);
+
+ return 0;
+
+ error:
+ return result;
}
@@ -1563,584 +1499,557 @@ error:
/* Converts an OID to a gnutls cipher type.
*/
inline static int
-oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo)
+oid2cipher(const char *oid, gnutls_cipher_algorithm_t * algo)
{
- *algo = 0;
-
- if (strcmp (oid, DES_EDE3_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_3DES_CBC;
- return 0;
- }
- else if (strcmp (oid, DES_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_DES_CBC;
- return 0;
- }
- else if (strcmp (oid, AES_128_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_AES_128_CBC;
- return 0;
- }
- else if (strcmp (oid, AES_192_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_AES_192_CBC;
- return 0;
- }
- else if (strcmp (oid, AES_256_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_AES_256_CBC;
- return 0;
- }
-
- _gnutls_debug_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ *algo = 0;
+
+ if (strcmp(oid, DES_EDE3_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_3DES_CBC;
+ return 0;
+ } else if (strcmp(oid, DES_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_DES_CBC;
+ return 0;
+ } else if (strcmp(oid, AES_128_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_AES_128_CBC;
+ return 0;
+ } else if (strcmp(oid, AES_192_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_AES_192_CBC;
+ return 0;
+ } else if (strcmp(oid, AES_256_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_AES_256_CBC;
+ return 0;
+ }
+
+ _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n",
+ oid);
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
static int
-read_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params)
+read_pbe_enc_params(ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbe_enc_params *params)
{
- int params_start, params_end;
- int params_len, len, result;
- ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
- char oid[64];
- const char *eparams;
-
- memset (params, 0, sizeof (*params));
-
- /* Check the encryption algorithm
- */
- len = sizeof (oid);
- result =
- asn1_read_value (pbes2_asn, "encryptionScheme.algorithm", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
-
- if ((result = oid2cipher (oid, &params->cipher)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result =
- asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
- "encryptionScheme.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- params_len = params_end - params_start + 1;
-
- /* Now check the encryption parameters.
- */
- eparams = cipher_to_pkcs_params (params->cipher, NULL);
- if (eparams == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- eparams, &pbe_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- asn1_der_decoding (&pbe_asn, &der->data[params_start], params_len, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* read the IV */
- params->iv_size = sizeof (params->iv);
- result = asn1_read_value (pbe_asn, "", params->iv, &params->iv_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
-
- result = 0;
-
-error:
- asn1_delete_structure (&pbe_asn);
- return result;
+ int params_start, params_end;
+ int params_len, len, result;
+ ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
+ char oid[64];
+ const char *eparams;
+
+ memset(params, 0, sizeof(*params));
+
+ /* Check the encryption algorithm
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pbes2_asn, "encryptionScheme.algorithm", oid,
+ &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("encryptionScheme.algorithm: %s\n", oid);
+
+ if ((result = oid2cipher(oid, &params->cipher)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size,
+ "encryptionScheme.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ params_len = params_end - params_start + 1;
+
+ /* Now check the encryption parameters.
+ */
+ eparams = cipher_to_pkcs_params(params->cipher, NULL);
+ if (eparams == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ eparams, &pbe_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&pbe_asn, &der->data[params_start],
+ params_len, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* read the IV */
+ params->iv_size = sizeof(params->iv);
+ result =
+ asn1_read_value(pbe_asn, "", params->iv, &params->iv_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("IV.size: %d\n", params->iv_size);
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&pbe_asn);
+ return result;
}
static int
-decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *root, const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * decrypted_data)
+decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *root, const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data)
{
- int result;
- int data_size;
- uint8_t *data = NULL, *key = NULL;
- gnutls_datum_t dkey, d_iv;
- cipher_hd_st ch;
- int ch_init = 0;
- int key_size;
- unsigned int pass_len = 0;
-
- if (password)
- pass_len = strlen(password);
-
- data_size = 0;
- result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- data = gnutls_malloc (data_size);
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_read_value (pkcs8_asn, root, data, &data_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- if (kdf_params->key_size == 0)
- {
- key_size = gnutls_cipher_get_key_size (enc_params->cipher);
- }
- else
- key_size = kdf_params->key_size;
-
- key = gnutls_malloc (key_size);
- if (key == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* generate the key
- */
- switch (schema)
- {
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
-
- result = _gnutls_pbkdf2_sha1 (password, pass_len,
- kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count, key, key_size);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
- default:
- result =
- _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- key_size, key);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* do the decryption.
- */
- dkey.data = key;
- dkey.size = key_size;
-
- d_iv.data = (uint8_t *) enc_params->iv;
- d_iv.size = enc_params->iv_size;
- result = _gnutls_cipher_init (&ch, cipher_to_entry(enc_params->cipher), &dkey, &d_iv, 0);
-
- gnutls_free (key);
- key = NULL;
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ch_init = 1;
-
- result = _gnutls_cipher_decrypt (&ch, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- decrypted_data->data = data;
-
- if (gnutls_cipher_get_block_size (enc_params->cipher) != 1)
- decrypted_data->size = data_size - data[data_size - 1];
- else
- decrypted_data->size = data_size;
-
- _gnutls_cipher_deinit (&ch);
-
- return 0;
-
-error:
- gnutls_free (data);
- gnutls_free (key);
- if (ch_init != 0)
- _gnutls_cipher_deinit (&ch);
- return result;
+ int result;
+ int data_size;
+ uint8_t *data = NULL, *key = NULL;
+ gnutls_datum_t dkey, d_iv;
+ cipher_hd_st ch;
+ int ch_init = 0;
+ int key_size;
+ unsigned int pass_len = 0;
+
+ if (password)
+ pass_len = strlen(password);
+
+ data_size = 0;
+ result = asn1_read_value(pkcs8_asn, root, NULL, &data_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ data = gnutls_malloc(data_size);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(pkcs8_asn, root, data, &data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ if (kdf_params->key_size == 0) {
+ key_size = gnutls_cipher_get_key_size(enc_params->cipher);
+ } else
+ key_size = kdf_params->key_size;
+
+ key = gnutls_malloc(key_size);
+ if (key == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* generate the key
+ */
+ switch (schema) {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+ result = _gnutls_pbkdf2_sha1(password, pass_len,
+ kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, key,
+ key_size);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ break;
+ default:
+ result =
+ _gnutls_pkcs12_string_to_key(1 /*KEY*/,
+ kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
+ password, key_size, key);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* do the decryption.
+ */
+ dkey.data = key;
+ dkey.size = key_size;
+
+ d_iv.data = (uint8_t *) enc_params->iv;
+ d_iv.size = enc_params->iv_size;
+ result =
+ _gnutls_cipher_init(&ch, cipher_to_entry(enc_params->cipher),
+ &dkey, &d_iv, 0);
+
+ gnutls_free(key);
+ key = NULL;
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ch_init = 1;
+
+ result = _gnutls_cipher_decrypt(&ch, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ decrypted_data->data = data;
+
+ if (gnutls_cipher_get_block_size(enc_params->cipher) != 1)
+ decrypted_data->size = data_size - data[data_size - 1];
+ else
+ decrypted_data->size = data_size;
+
+ _gnutls_cipher_deinit(&ch);
+
+ return 0;
+
+ error:
+ gnutls_free(data);
+ gnutls_free(key);
+ if (ch_init != 0)
+ _gnutls_cipher_deinit(&ch);
+ return result;
}
/* Writes the PBKDF2 parameters.
*/
static int
-write_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *kdf_params)
+write_pbkdf2_params(ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *kdf_params)
{
- int result;
- ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
- uint8_t tmp[64];
-
- /* Write the key derivation algorithm
- */
- result =
- asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm",
- PBKDF2_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Now write the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBKDF2-params",
- &pbkdf2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (pbkdf2_asn, "salt", "specified", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* write the salt
- */
- result =
- asn1_write_value (pbkdf2_asn, "salt.specified",
- kdf_params->salt, kdf_params->salt_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params->salt_size);
-
- /* write the iteration count
- */
- _gnutls_write_uint32 (kdf_params->iter_count, tmp);
-
- result = asn1_write_value (pbkdf2_asn, "iterationCount", tmp, 4);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
-
- /* write the keylength, if it is set.
- */
- result = asn1_write_value (pbkdf2_asn, "keyLength", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* We write an emptry prf.
- */
- result = asn1_write_value (pbkdf2_asn, "prf", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* now encode them an put the DER output
- * in the keyDerivationFunc.parameters
- */
- result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "",
- pbes2_asn,
- "keyDerivationFunc.parameters",
- 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- return 0;
-
-error:
- asn1_delete_structure (&pbkdf2_asn);
- return result;
+ int result;
+ ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
+ uint8_t tmp[64];
+
+ /* Write the key derivation algorithm
+ */
+ result =
+ asn1_write_value(pbes2_asn, "keyDerivationFunc.algorithm",
+ PBKDF2_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Now write the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(pbkdf2_asn, "salt", "specified", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* write the salt
+ */
+ result =
+ asn1_write_value(pbkdf2_asn, "salt.specified",
+ kdf_params->salt, kdf_params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.specified.size: %d\n",
+ kdf_params->salt_size);
+
+ /* write the iteration count
+ */
+ _gnutls_write_uint32(kdf_params->iter_count, tmp);
+
+ result = asn1_write_value(pbkdf2_asn, "iterationCount", tmp, 4);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count);
+
+ /* write the keylength, if it is set.
+ */
+ result = asn1_write_value(pbkdf2_asn, "keyLength", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* We write an emptry prf.
+ */
+ result = asn1_write_value(pbkdf2_asn, "prf", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* now encode them an put the DER output
+ * in the keyDerivationFunc.parameters
+ */
+ result = _gnutls_x509_der_encode_and_copy(pbkdf2_asn, "",
+ pbes2_asn,
+ "keyDerivationFunc.parameters",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbkdf2_asn);
+ return result;
}
static int
-write_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const struct pbe_enc_params *params)
+write_pbe_enc_params(ASN1_TYPE pbes2_asn,
+ const struct pbe_enc_params *params)
{
- int result;
- ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
- const char *oid, *eparams;
-
- /* Write the encryption algorithm
- */
- eparams = cipher_to_pkcs_params (params->cipher, &oid);
- if (eparams == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
-
- /* Now check the encryption parameters.
- */
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- eparams, &pbe_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* read the salt */
- result = asn1_write_value (pbe_asn, "", params->iv, params->iv_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
-
- /* now encode them an put the DER output
- * in the encryptionScheme.parameters
- */
- result = _gnutls_x509_der_encode_and_copy (pbe_asn, "",
- pbes2_asn,
- "encryptionScheme.parameters",
- 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- return 0;
-
-error:
- asn1_delete_structure (&pbe_asn);
- return result;
+ int result;
+ ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
+ const char *oid, *eparams;
+
+ /* Write the encryption algorithm
+ */
+ eparams = cipher_to_pkcs_params(params->cipher, &oid);
+ if (eparams == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_write_value(pbes2_asn, "encryptionScheme.algorithm", oid,
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("encryptionScheme.algorithm: %s\n", oid);
+
+ /* Now check the encryption parameters.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ eparams, &pbe_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* read the salt */
+ result =
+ asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("IV.size: %d\n", params->iv_size);
+
+ /* now encode them an put the DER output
+ * in the encryptionScheme.parameters
+ */
+ result = _gnutls_x509_der_encode_and_copy(pbe_asn, "",
+ pbes2_asn,
+ "encryptionScheme.parameters",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbe_asn);
+ return result;
}
/* Generates a key and also stores the key parameters.
*/
static int
-generate_key (schema_id schema,
- const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params, gnutls_datum_t * key)
+generate_key(schema_id schema,
+ const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params, gnutls_datum_t * key)
{
- unsigned char rnd[2];
- unsigned int pass_len = 0;
- int ret;
-
- if (password)
- pass_len = strlen(password);
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* generate salt */
- kdf_params->salt_size =
- MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
-
- switch (schema)
- {
- case PBES2_3DES:
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- break;
- case PBES2_AES_128:
- enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
- break;
- case PBES2_AES_192:
- enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
- break;
- case PBES2_AES_256:
- enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
- break;
- /* non PBES2 algorithms */
- case PKCS12_ARCFOUR_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
- kdf_params->salt_size = 8;
- break;
- case PKCS12_3DES_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- kdf_params->salt_size = 8;
- break;
- case PKCS12_RC2_40_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
- kdf_params->salt_size = 8;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt,
- kdf_params->salt_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RANDOM_FAILED;
- }
-
- kdf_params->iter_count = 256 + rnd[0];
- key->size = kdf_params->key_size =
- gnutls_cipher_get_key_size (enc_params->cipher);
-
- enc_params->iv_size = gnutls_cipher_get_iv_size (enc_params->cipher);
- key->data = gnutls_malloc (key->size);
- if (key->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* now generate the key.
- */
-
- switch (schema)
- {
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
-
- ret = _gnutls_pbkdf2_sha1 (password, pass_len,
- kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count,
- key->data, kdf_params->key_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (enc_params->iv_size)
- {
- ret = _gnutls_rnd (GNUTLS_RND_NONCE,
- enc_params->iv, enc_params->iv_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- break;
-
- default:
- ret =
- _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- kdf_params->key_size, key->data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Now generate the IV
- */
- if (enc_params->iv_size)
- {
- ret =
- _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- enc_params->iv_size,
- enc_params->iv);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- }
-
-
- return 0;
+ unsigned char rnd[2];
+ unsigned int pass_len = 0;
+ int ret;
+
+ if (password)
+ pass_len = strlen(password);
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, rnd, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* generate salt */
+ kdf_params->salt_size =
+ MIN(sizeof(kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
+
+ switch (schema) {
+ case PBES2_3DES:
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ break;
+ case PBES2_AES_128:
+ enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
+ break;
+ case PBES2_AES_192:
+ enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
+ break;
+ case PBES2_AES_256:
+ enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
+ break;
+ /* non PBES2 algorithms */
+ case PKCS12_ARCFOUR_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ kdf_params->salt_size = 8;
+ break;
+ case PKCS12_3DES_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ kdf_params->salt_size = 8;
+ break;
+ case PKCS12_RC2_40_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ kdf_params->salt_size = 8;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, kdf_params->salt,
+ kdf_params->salt_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
+
+ kdf_params->iter_count = 256 + rnd[0];
+ key->size = kdf_params->key_size =
+ gnutls_cipher_get_key_size(enc_params->cipher);
+
+ enc_params->iv_size =
+ gnutls_cipher_get_iv_size(enc_params->cipher);
+ key->data = gnutls_malloc(key->size);
+ if (key->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* now generate the key.
+ */
+
+ switch (schema) {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+ ret = _gnutls_pbkdf2_sha1(password, pass_len,
+ kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
+ key->data, kdf_params->key_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (enc_params->iv_size) {
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE,
+ enc_params->iv,
+ enc_params->iv_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ break;
+
+ default:
+ ret =
+ _gnutls_pkcs12_string_to_key(1 /*KEY*/,
+ kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
+ password,
+ kdf_params->key_size,
+ key->data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Now generate the IV
+ */
+ if (enc_params->iv_size) {
+ ret =
+ _gnutls_pkcs12_string_to_key(2 /*IV*/,
+ kdf_params->salt,
+ kdf_params->
+ salt_size,
+ kdf_params->
+ iter_count,
+ password,
+ enc_params->
+ iv_size,
+ enc_params->iv);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ }
+
+
+ return 0;
}
@@ -2148,408 +2057,382 @@ generate_key (schema_id schema,
* part.
*/
static int
-write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params)
+write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params)
{
- int result;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
-
- switch (schema)
- {
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBES2-params",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = write_pbkdf2_params (pbes2_asn, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = write_pbe_enc_params (pbes2_asn, enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
- pkcs8_asn, where, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&pbes2_asn);
- break;
-
- default:
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PbeParams",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = write_pkcs12_kdf_params (pbes2_asn, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
- pkcs8_asn, where, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&pbes2_asn);
-
- }
-
- return 0;
-
-error:
- asn1_delete_structure (&pbes2_asn);
- return result;
+ int result;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+
+ switch (schema) {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = write_pbkdf2_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = write_pbe_enc_params(pbes2_asn, enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "",
+ pkcs8_asn, where,
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&pbes2_asn);
+ break;
+
+ default:
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = write_pkcs12_kdf_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "",
+ pkcs8_asn, where,
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&pbes2_asn);
+
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ return result;
}
static int
-encrypt_data (const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted)
+encrypt_data(const gnutls_datum_t * plain,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted)
{
- int result;
- int data_size;
- uint8_t *data = NULL;
- gnutls_datum_t d_iv;
- cipher_hd_st ch;
- int ch_init = 0;
- uint8_t pad, pad_size;
-
- pad_size = gnutls_cipher_get_block_size (enc_params->cipher);
-
- if (pad_size == 1) /* stream */
- pad_size = 0;
-
- data = gnutls_malloc (plain->size + pad_size);
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (data, plain->data, plain->size);
-
- if (pad_size > 0)
- {
- pad = pad_size - (plain->size % pad_size);
- if (pad == 0)
- pad = pad_size;
- memset (&data[plain->size], pad, pad);
- }
- else
- pad = 0;
-
- data_size = plain->size + pad;
-
- d_iv.data = (uint8_t *) enc_params->iv;
- d_iv.size = enc_params->iv_size;
- result = _gnutls_cipher_init (&ch, cipher_to_entry(enc_params->cipher), key, &d_iv, 1);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ch_init = 1;
-
- result = _gnutls_cipher_encrypt (&ch, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- encrypted->data = data;
- encrypted->size = data_size;
-
- _gnutls_cipher_deinit (&ch);
-
- return 0;
-
-error:
- gnutls_free (data);
- if (ch_init != 0)
- _gnutls_cipher_deinit (&ch);
- return result;
+ int result;
+ int data_size;
+ uint8_t *data = NULL;
+ gnutls_datum_t d_iv;
+ cipher_hd_st ch;
+ int ch_init = 0;
+ uint8_t pad, pad_size;
+
+ pad_size = gnutls_cipher_get_block_size(enc_params->cipher);
+
+ if (pad_size == 1) /* stream */
+ pad_size = 0;
+
+ data = gnutls_malloc(plain->size + pad_size);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(data, plain->data, plain->size);
+
+ if (pad_size > 0) {
+ pad = pad_size - (plain->size % pad_size);
+ if (pad == 0)
+ pad = pad_size;
+ memset(&data[plain->size], pad, pad);
+ } else
+ pad = 0;
+
+ data_size = plain->size + pad;
+
+ d_iv.data = (uint8_t *) enc_params->iv;
+ d_iv.size = enc_params->iv_size;
+ result =
+ _gnutls_cipher_init(&ch, cipher_to_entry(enc_params->cipher),
+ key, &d_iv, 1);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ch_init = 1;
+
+ result = _gnutls_cipher_encrypt(&ch, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ encrypted->data = data;
+ encrypted->size = data_size;
+
+ _gnutls_cipher_deinit(&ch);
+
+ return 0;
+
+ error:
+ gnutls_free(data);
+ if (ch_init != 0)
+ _gnutls_cipher_deinit(&ch);
+ return result;
}
/* Decrypts a PKCS #7 encryptedData. The output is allocated
* and stored in dec.
*/
int
-_gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * dec)
+_gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * dec)
{
- int result, len;
- char enc_oid[64];
- gnutls_datum_t tmp;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
- int params_start, params_end, params_len;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- schema_id schema;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-EncryptedData",
- &pkcs7_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = asn1_der_decoding (&pkcs7_asn, data->data, data->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Check the encryption schema OID
- */
- len = sizeof (enc_oid);
- result =
- asn1_read_value (pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- enc_oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- if ((result = check_schema (enc_oid)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- schema = result;
-
- /* Get the DER encoding of the parameters.
- */
- result =
- asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- params_len = params_end - params_start + 1;
-
- result =
- read_pkcs_schema_params (&schema, password,
- &data->data[params_start],
- params_len, &kdf_params, &enc_params);
- if (result < ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Parameters have been decoded. Now
- * decrypt the EncryptedData.
- */
-
- result =
- decrypt_data (schema, pkcs7_asn,
- "encryptedContentInfo.encryptedContent", password,
- &kdf_params, &enc_params, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&pkcs7_asn);
-
- *dec = tmp;
-
- return 0;
-
-error:
- asn1_delete_structure (&pbes2_asn);
- asn1_delete_structure (&pkcs7_asn);
- return result;
+ int result, len;
+ char enc_oid[64];
+ gnutls_datum_t tmp;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
+ int params_start, params_end, params_len;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ schema_id schema;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Check the encryption schema OID
+ */
+ len = sizeof(enc_oid);
+ result =
+ asn1_read_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ enc_oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ if ((result = check_schema(enc_oid)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ schema = result;
+
+ /* Get the DER encoding of the parameters.
+ */
+ result =
+ asn1_der_decoding_startEnd(pkcs7_asn, data->data, data->size,
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ params_len = params_end - params_start + 1;
+
+ result =
+ read_pkcs_schema_params(&schema, password,
+ &data->data[params_start],
+ params_len, &kdf_params, &enc_params);
+ if (result < ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Parameters have been decoded. Now
+ * decrypt the EncryptedData.
+ */
+
+ result =
+ decrypt_data(schema, pkcs7_asn,
+ "encryptedContentInfo.encryptedContent", password,
+ &kdf_params, &enc_params, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&pkcs7_asn);
+
+ *dec = tmp;
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ asn1_delete_structure(&pkcs7_asn);
+ return result;
}
/* Encrypts to a PKCS #7 encryptedData. The output is allocated
* and stored in enc.
*/
int
-_gnutls_pkcs7_encrypt_data (schema_id schema,
- const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * enc)
+_gnutls_pkcs7_encrypt_data(schema_id schema,
+ const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * enc)
{
- int result;
- gnutls_datum_t key = { NULL, 0 };
- gnutls_datum_t tmp = { NULL, 0 };
- ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- const char *str_oid;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-EncryptedData",
- &pkcs7_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Write the encryption schema OID
- */
- result = schema_to_oid (schema, &str_oid);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- asn1_write_value (pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- str_oid, 1);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Generate a symmetric key.
- */
-
- result = generate_key (schema, password, &kdf_params, &enc_params, &key);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = write_schema_params (schema, pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &kdf_params, &enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Parameters have been encoded. Now
- * encrypt the Data.
- */
- result = encrypt_data (data, &enc_params, &key, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* write the encrypted data.
- */
- result =
- asn1_write_value (pkcs7_asn,
- "encryptedContentInfo.encryptedContent", tmp.data,
- tmp.size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- _gnutls_free_datum (&tmp);
- _gnutls_free_datum (&key);
-
- /* Now write the rest of the pkcs-7 stuff.
- */
-
- result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result =
- asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType",
- DATA_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Now encode and copy the DER stuff.
- */
- result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0);
-
- asn1_delete_structure (&pkcs7_asn);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
-
-error:
- _gnutls_free_datum (&key);
- _gnutls_free_datum (&tmp);
- asn1_delete_structure (&pkcs7_asn);
- return result;
+ int result;
+ gnutls_datum_t key = { NULL, 0 };
+ gnutls_datum_t tmp = { NULL, 0 };
+ ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ const char *str_oid;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the encryption schema OID
+ */
+ result = schema_to_oid(schema, &str_oid);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ str_oid, 1);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Generate a symmetric key.
+ */
+
+ result =
+ generate_key(schema, password, &kdf_params, &enc_params, &key);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = write_schema_params(schema, pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Parameters have been encoded. Now
+ * encrypt the Data.
+ */
+ result = encrypt_data(data, &enc_params, &key, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* write the encrypted data.
+ */
+ result =
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.encryptedContent",
+ tmp.data, tmp.size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&key);
+
+ /* Now write the rest of the pkcs-7 stuff.
+ */
+
+ result = _gnutls_x509_write_uint32(pkcs7_asn, "version", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentType",
+ DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_write_value(pkcs7_asn, "unprotectedAttrs", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Now encode and copy the DER stuff.
+ */
+ result = _gnutls_x509_der_encode(pkcs7_asn, "", enc, 0);
+
+ asn1_delete_structure(&pkcs7_asn);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+
+ error:
+ _gnutls_free_datum(&key);
+ _gnutls_free_datum(&tmp);
+ asn1_delete_structure(&pkcs7_asn);
+ return result;
}
-
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
index 52fd1db35b..6876d1ef53 100644
--- a/lib/x509/rfc2818_hostname.c
+++ b/lib/x509/rfc2818_hostname.c
@@ -38,67 +38,66 @@
* Returns: non-zero for a successful match, and zero on failure.
**/
int
-gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname)
+gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
+ const char *hostname)
{
- char dnsname[MAX_CN];
- size_t dnsnamesize;
- int found_dnsname = 0;
- int ret = 0;
- int i = 0;
+ char dnsname[MAX_CN];
+ size_t dnsnamesize;
+ int found_dnsname = 0;
+ int ret = 0;
+ int i = 0;
- /* try matching against:
- * 1) a DNS name as an alternative name (subjectAltName) extension
- * in the certificate
- * 2) the common name (CN) in the certificate
- *
- * either of these may be of the form: *.domain.tld
- *
- * only try (2) if there is no subjectAltName extension of
- * type dNSName
- */
+ /* try matching against:
+ * 1) a DNS name as an alternative name (subjectAltName) extension
+ * in the certificate
+ * 2) the common name (CN) in the certificate
+ *
+ * either of these may be of the form: *.domain.tld
+ *
+ * only try (2) if there is no subjectAltName extension of
+ * type dNSName
+ */
- /* Check through all included subjectAltName extensions, comparing
- * against all those of type dNSName.
- */
- for (i = 0; !(ret < 0); i++)
- {
+ /* Check through all included subjectAltName extensions, comparing
+ * against all those of type dNSName.
+ */
+ for (i = 0; !(ret < 0); i++) {
- dnsnamesize = sizeof (dnsname);
- ret = gnutls_x509_crt_get_subject_alt_name (cert, i,
- dnsname, &dnsnamesize,
- NULL);
+ dnsnamesize = sizeof(dnsname);
+ ret = gnutls_x509_crt_get_subject_alt_name(cert, i,
+ dnsname,
+ &dnsnamesize,
+ NULL);
- if (ret == GNUTLS_SAN_DNSNAME)
- {
- found_dnsname = 1;
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
- {
- return 1;
- }
- }
- }
+ if (ret == GNUTLS_SAN_DNSNAME) {
+ found_dnsname = 1;
+ if (_gnutls_hostname_compare
+ (dnsname, dnsnamesize, hostname, 0)) {
+ return 1;
+ }
+ }
+ }
- if (!found_dnsname)
- {
- /* not got the necessary extension, use CN instead
- */
- dnsnamesize = sizeof (dnsname);
- if (gnutls_x509_crt_get_dn_by_oid (cert, OID_X520_COMMON_NAME, 0,
- 0, dnsname, &dnsnamesize) < 0)
- {
- /* got an error, can't find a name
- */
- return 0;
- }
+ if (!found_dnsname) {
+ /* not got the necessary extension, use CN instead
+ */
+ dnsnamesize = sizeof(dnsname);
+ if (gnutls_x509_crt_get_dn_by_oid
+ (cert, OID_X520_COMMON_NAME, 0, 0, dnsname,
+ &dnsnamesize) < 0) {
+ /* got an error, can't find a name
+ */
+ return 0;
+ }
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
- {
- return 1;
- }
- }
+ if (_gnutls_hostname_compare
+ (dnsname, dnsnamesize, hostname, 0)) {
+ return 1;
+ }
+ }
- /* not found a matching name
- */
- return 0;
+ /* not found a matching name
+ */
+ return 0;
}
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 4bc092dbe4..d924ad4209 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -29,7 +29,7 @@
#include <gnutls_errors.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
@@ -42,36 +42,34 @@
* of the TBS and sign it on the fly.
*/
int
-_gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
- gnutls_datum_t * tbs)
+_gnutls_x509_get_tbs(ASN1_TYPE cert, const char *tbs_name,
+ gnutls_datum_t * tbs)
{
- int result;
- uint8_t *buf;
- int buf_size;
+ int result;
+ uint8_t *buf;
+ int buf_size;
- buf_size = 0;
- asn1_der_coding (cert, tbs_name, NULL, &buf_size, NULL);
+ buf_size = 0;
+ asn1_der_coding(cert, tbs_name, NULL, &buf_size, NULL);
- buf = gnutls_malloc (buf_size);
- if (buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ buf = gnutls_malloc(buf_size);
+ if (buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- result = asn1_der_coding (cert, tbs_name, buf, &buf_size, NULL);
+ result = asn1_der_coding(cert, tbs_name, buf, &buf_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (buf);
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(buf);
+ return _gnutls_asn2err(result);
+ }
- tbs->data = buf;
- tbs->size = buf_size;
+ tbs->data = buf;
+ tbs->size = buf_size;
- return 0;
+ return 0;
}
/*-
@@ -87,86 +85,84 @@ _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
* negative error value.
-*/
int
-_gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
- gnutls_digest_algorithm_t dig,
- gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key)
+_gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
+ gnutls_digest_algorithm_t dig,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key)
{
- int result;
- gnutls_datum_t signature;
- gnutls_datum_t tbs;
- char name[128];
-
- /* Step 1. Copy the issuer's name into the certificate.
- */
- _gnutls_str_cpy (name, sizeof (name), src_name);
- _gnutls_str_cat (name, sizeof (name), ".issuer");
-
- result = asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject");
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Step 1.5. Write the signature stuff in the tbsCertificate.
- */
- _gnutls_str_cpy (name, sizeof (name), src_name);
- _gnutls_str_cat (name, sizeof (name), ".signature");
-
- result = _gnutls_x509_write_sig_params (src, name,
- gnutls_privkey_get_pk_algorithm
- (issuer_key, NULL), dig);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Sign the certificate.
- */
- result = _gnutls_x509_get_tbs (src, src_name, &tbs);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_sign_data (issuer_key, dig, 0, &tbs, &signature);
- gnutls_free (tbs.data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* write the signature (bits)
- */
- result =
- asn1_write_value (src, "signature", signature.data, signature.size * 8);
-
- _gnutls_free_datum (&signature);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Step 3. Move up and write the AlgorithmIdentifier, which is also
- * the same.
- */
-
- result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm",
- gnutls_privkey_get_pk_algorithm
- (issuer_key, NULL), dig);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t signature;
+ gnutls_datum_t tbs;
+ char name[128];
+
+ /* Step 1. Copy the issuer's name into the certificate.
+ */
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".issuer");
+
+ result =
+ asn1_copy_node(src, name, issuer->cert,
+ "tbsCertificate.subject");
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Step 1.5. Write the signature stuff in the tbsCertificate.
+ */
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".signature");
+
+ result = _gnutls_x509_write_sig_params(src, name,
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Sign the certificate.
+ */
+ result = _gnutls_x509_get_tbs(src, src_name, &tbs);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ gnutls_privkey_sign_data(issuer_key, dig, 0, &tbs, &signature);
+ gnutls_free(tbs.data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* write the signature (bits)
+ */
+ result =
+ asn1_write_value(src, "signature", signature.data,
+ signature.size * 8);
+
+ _gnutls_free_datum(&signature);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Step 3. Move up and write the AlgorithmIdentifier, which is also
+ * the same.
+ */
+
+ result = _gnutls_x509_write_sig_params(src, "signatureAlgorithm",
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
-
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 71abe45d11..72e6656519 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -24,7 +24,7 @@
#include <gnutls_errors.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
@@ -34,27 +34,27 @@
#include "verify-high.h"
struct named_cert_st {
- gnutls_x509_crt_t cert;
- uint8_t name[MAX_SERVER_NAME_SIZE];
- unsigned int name_size;
+ gnutls_x509_crt_t cert;
+ uint8_t name[MAX_SERVER_NAME_SIZE];
+ unsigned int name_size;
};
struct node_st {
- /* The trusted certificates */
- gnutls_x509_crt_t *trusted_cas;
- unsigned int trusted_ca_size;
+ /* The trusted certificates */
+ gnutls_x509_crt_t *trusted_cas;
+ unsigned int trusted_ca_size;
- struct named_cert_st *named_certs;
- unsigned int named_cert_size;
+ struct named_cert_st *named_certs;
+ unsigned int named_cert_size;
- /* The trusted CRLs */
- gnutls_x509_crl_t *crls;
- unsigned int crl_size;
+ /* The trusted CRLs */
+ gnutls_x509_crl_t *crls;
+ unsigned int crl_size;
};
struct gnutls_x509_trust_list_st {
- unsigned int size;
- struct node_st *node;
+ unsigned int size;
+ struct node_st *node;
};
#define DEFAULT_SIZE 127
@@ -73,28 +73,28 @@ struct gnutls_x509_trust_list_st {
**/
int
gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list,
- unsigned int size)
+ unsigned int size)
{
- gnutls_x509_trust_list_t tmp =
- gnutls_calloc(1, sizeof(struct gnutls_x509_trust_list_st));
+ gnutls_x509_trust_list_t tmp =
+ gnutls_calloc(1, sizeof(struct gnutls_x509_trust_list_st));
- if (!tmp)
- return GNUTLS_E_MEMORY_ERROR;
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
- if (size == 0)
- size = DEFAULT_SIZE;
- tmp->size = size;
+ if (size == 0)
+ size = DEFAULT_SIZE;
+ tmp->size = size;
- tmp->node = gnutls_calloc(1, tmp->size * sizeof(tmp->node[0]));
- if (tmp->node == NULL) {
- gnutls_assert();
- gnutls_free(tmp);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ tmp->node = gnutls_calloc(1, tmp->size * sizeof(tmp->node[0]));
+ if (tmp->node == NULL) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- *list = tmp;
+ *list = tmp;
- return 0; /* success */
+ return 0; /* success */
}
/**
@@ -108,35 +108,39 @@ gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list,
**/
void
gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
- unsigned int all)
+ unsigned int all)
{
- unsigned int i, j;
-
- if (!list)
- return;
-
- for (i = 0; i < list->size; i++) {
- if (all)
- for (j = 0; j < list->node[i].trusted_ca_size; j++) {
- gnutls_x509_crt_deinit(list->node[i].trusted_cas[j]);
- }
- gnutls_free(list->node[i].trusted_cas);
-
- if (all)
- for (j = 0; j < list->node[i].crl_size; j++) {
- gnutls_x509_crl_deinit(list->node[i].crls[j]);
- }
- gnutls_free(list->node[i].crls);
-
- if (all)
- for (j = 0; j < list->node[i].named_cert_size; j++) {
- gnutls_x509_crt_deinit(list->node[i].named_certs[j].cert);
- }
- gnutls_free(list->node[i].named_certs);
- }
-
- gnutls_free(list->node);
- gnutls_free(list);
+ unsigned int i, j;
+
+ if (!list)
+ return;
+
+ for (i = 0; i < list->size; i++) {
+ if (all)
+ for (j = 0; j < list->node[i].trusted_ca_size; j++) {
+ gnutls_x509_crt_deinit(list->node[i].
+ trusted_cas[j]);
+ }
+ gnutls_free(list->node[i].trusted_cas);
+
+ if (all)
+ for (j = 0; j < list->node[i].crl_size; j++) {
+ gnutls_x509_crl_deinit(list->node[i].
+ crls[j]);
+ }
+ gnutls_free(list->node[i].crls);
+
+ if (all)
+ for (j = 0; j < list->node[i].named_cert_size; j++) {
+ gnutls_x509_crt_deinit(list->node[i].
+ named_certs[j].
+ cert);
+ }
+ gnutls_free(list->node[i].named_certs);
+ }
+
+ gnutls_free(list->node);
+ gnutls_free(list);
}
/**
@@ -156,32 +160,35 @@ gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
- const gnutls_x509_crt_t * clist,
- int clist_size, unsigned int flags)
+ const gnutls_x509_crt_t * clist,
+ int clist_size, unsigned int flags)
{
- int i;
- uint32_t hash;
-
- for (i = 0; i < clist_size; i++) {
- hash = hash_pjw_bare(clist[i]->raw_dn.data, clist[i]->raw_dn.size);
- hash %= list->size;
-
- list->node[hash].trusted_cas =
- gnutls_realloc_fast(list->node[hash].trusted_cas,
- (list->node[hash].trusted_ca_size +
- 1) *
- sizeof(list->node[hash].trusted_cas[0]));
- if (list->node[hash].trusted_cas == NULL) {
- gnutls_assert();
- return i;
- }
-
- list->node[hash].trusted_cas[list->node[hash].trusted_ca_size] =
- clist[i];
- list->node[hash].trusted_ca_size++;
- }
-
- return i;
+ int i;
+ uint32_t hash;
+
+ for (i = 0; i < clist_size; i++) {
+ hash =
+ hash_pjw_bare(clist[i]->raw_dn.data,
+ clist[i]->raw_dn.size);
+ hash %= list->size;
+
+ list->node[hash].trusted_cas =
+ gnutls_realloc_fast(list->node[hash].trusted_cas,
+ (list->node[hash].trusted_ca_size +
+ 1) *
+ sizeof(list->node[hash].
+ trusted_cas[0]));
+ if (list->node[hash].trusted_cas == NULL) {
+ gnutls_assert();
+ return i;
+ }
+
+ list->node[hash].trusted_cas[list->node[hash].
+ trusted_ca_size] = clist[i];
+ list->node[hash].trusted_ca_size++;
+ }
+
+ return i;
}
/**
@@ -199,32 +206,38 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list,
- const gnutls_x509_crt_t * clist,
- int clist_size)
+ const gnutls_x509_crt_t * clist,
+ int clist_size)
{
- int i, r = 0;
- unsigned j;
- uint32_t hash;
-
- for (i = 0; i < clist_size; i++)
- {
- hash = hash_pjw_bare(clist[i]->raw_dn.data, clist[i]->raw_dn.size);
- hash %= list->size;
-
- for (j=0;j<list->node[hash].trusted_ca_size;j++)
- {
- if (_gnutls_check_if_same_cert(clist[i], list->node[hash].trusted_cas[j]) != 0)
- {
- gnutls_x509_crt_deinit(list->node[hash].trusted_cas[j]);
- list->node[hash].trusted_cas[j] =
- list->node[hash].trusted_cas[list->node[hash].trusted_ca_size-1];
- list->node[hash].trusted_ca_size--;
- r++;
- }
- }
- }
-
- return r;
+ int i, r = 0;
+ unsigned j;
+ uint32_t hash;
+
+ for (i = 0; i < clist_size; i++) {
+ hash =
+ hash_pjw_bare(clist[i]->raw_dn.data,
+ clist[i]->raw_dn.size);
+ hash %= list->size;
+
+ for (j = 0; j < list->node[hash].trusted_ca_size; j++) {
+ if (_gnutls_check_if_same_cert
+ (clist[i],
+ list->node[hash].trusted_cas[j]) != 0) {
+ gnutls_x509_crt_deinit(list->node[hash].
+ trusted_cas[j]);
+ list->node[hash].trusted_cas[j] =
+ list->node[hash].trusted_cas[list->
+ node
+ [hash].
+ trusted_ca_size
+ - 1];
+ list->node[hash].trusted_ca_size--;
+ r++;
+ }
+ }
+ }
+
+ return r;
}
/**
@@ -254,35 +267,40 @@ gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert,
- const void *name, size_t name_size,
- unsigned int flags)
+ gnutls_x509_crt_t cert,
+ const void *name, size_t name_size,
+ unsigned int flags)
{
- uint32_t hash;
-
- if (name_size >= MAX_SERVER_NAME_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
- hash %= list->size;
-
- list->node[hash].named_certs =
- gnutls_realloc_fast(list->node[hash].named_certs,
- (list->node[hash].named_cert_size +
- 1) * sizeof(list->node[hash].named_certs[0]));
- if (list->node[hash].named_certs == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- list->node[hash].named_certs[list->node[hash].named_cert_size].cert =
- cert;
- memcpy(list->node[hash].named_certs[list->node[hash].named_cert_size].
- name, name, name_size);
- list->node[hash].named_certs[list->node[hash].named_cert_size].
- name_size = name_size;
-
- list->node[hash].named_cert_size++;
-
- return 0;
+ uint32_t hash;
+
+ if (name_size >= MAX_SERVER_NAME_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ hash =
+ hash_pjw_bare(cert->raw_issuer_dn.data,
+ cert->raw_issuer_dn.size);
+ hash %= list->size;
+
+ list->node[hash].named_certs =
+ gnutls_realloc_fast(list->node[hash].named_certs,
+ (list->node[hash].named_cert_size +
+ 1) *
+ sizeof(list->node[hash].named_certs[0]));
+ if (list->node[hash].named_certs == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ list->node[hash].named_certs[list->node[hash].named_cert_size].
+ cert = cert;
+ memcpy(list->node[hash].
+ named_certs[list->node[hash].named_cert_size].name, name,
+ name_size);
+ list->node[hash].named_certs[list->node[hash].
+ named_cert_size].name_size =
+ name_size;
+
+ list->node[hash].named_cert_size++;
+
+ return 0;
}
/**
@@ -306,51 +324,58 @@ gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
- const gnutls_x509_crl_t * crl_list,
- int crl_size, unsigned int flags,
- unsigned int verification_flags)
+ const gnutls_x509_crl_t * crl_list,
+ int crl_size, unsigned int flags,
+ unsigned int verification_flags)
{
- int ret, i, j = 0;
- unsigned int vret = 0;
- uint32_t hash;
-
- /* Probably we can optimize things such as removing duplicates
- * etc.
- */
- if (crl_size == 0 || crl_list == NULL)
- return 0;
-
- for (i = 0; i < crl_size; i++) {
- hash = hash_pjw_bare(crl_list[i]->raw_issuer_dn.data, crl_list[i]->raw_issuer_dn.size);
- hash %= list->size;
-
- if (flags & GNUTLS_TL_VERIFY_CRL) {
-
- ret =
- gnutls_x509_crl_verify(crl_list[i],
- list->node[hash].trusted_cas,
- list->node[hash].trusted_ca_size,
- verification_flags, &vret);
- if (ret < 0 || vret != 0)
- continue;
- }
-
- list->node[hash].crls =
- gnutls_realloc_fast(list->node[hash].crls,
- (list->node[hash].crl_size +
- 1) *
- sizeof(list->node[hash].trusted_cas[0]));
- if (list->node[hash].crls == NULL) {
- gnutls_assert();
- return i;
- }
-
- list->node[hash].crls[list->node[hash].crl_size] = crl_list[i];
- list->node[hash].crl_size++;
- j++;
- }
-
- return j;
+ int ret, i, j = 0;
+ unsigned int vret = 0;
+ uint32_t hash;
+
+ /* Probably we can optimize things such as removing duplicates
+ * etc.
+ */
+ if (crl_size == 0 || crl_list == NULL)
+ return 0;
+
+ for (i = 0; i < crl_size; i++) {
+ hash =
+ hash_pjw_bare(crl_list[i]->raw_issuer_dn.data,
+ crl_list[i]->raw_issuer_dn.size);
+ hash %= list->size;
+
+ if (flags & GNUTLS_TL_VERIFY_CRL) {
+
+ ret =
+ gnutls_x509_crl_verify(crl_list[i],
+ list->node[hash].
+ trusted_cas,
+ list->node[hash].
+ trusted_ca_size,
+ verification_flags,
+ &vret);
+ if (ret < 0 || vret != 0)
+ continue;
+ }
+
+ list->node[hash].crls =
+ gnutls_realloc_fast(list->node[hash].crls,
+ (list->node[hash].crl_size +
+ 1) *
+ sizeof(list->node[hash].
+ trusted_cas[0]));
+ if (list->node[hash].crls == NULL) {
+ gnutls_assert();
+ return i;
+ }
+
+ list->node[hash].crls[list->node[hash].crl_size] =
+ crl_list[i];
+ list->node[hash].crl_size++;
+ j++;
+ }
+
+ return j;
}
/* Takes a certificate list and shortens it if there are
@@ -361,51 +386,53 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
* Returns the new size of the list or a negative number on error.
*/
static int shorten_clist(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t * certificate_list,
- unsigned int clist_size)
+ gnutls_x509_crt_t * certificate_list,
+ unsigned int clist_size)
{
- unsigned int j, i;
- uint32_t hash;
-
- if (clist_size > 1) {
- /* Check if the last certificate in the path is self signed.
- * In that case ignore it (a certificate is trusted only if it
- * leads to a trusted party by us, not the server's).
- *
- * This prevents from verifying self signed certificates against
- * themselves. This (although not bad) caused verification
- * failures on some root self signed certificates that use the
- * MD2 algorithm.
- */
- if (gnutls_x509_crt_check_issuer(certificate_list[clist_size - 1],
- certificate_list[clist_size -
- 1]) != 0) {
- clist_size--;
- }
- }
-
- /* We want to shorten the chain by removing the cert that matches
- * one of the certs we trust and all the certs after that i.e. if
- * cert chain is A signed-by B signed-by C signed-by D (signed-by
- * self-signed E but already removed above), and we trust B, remove
- * B, C and D. */
- for (i = 1; i < clist_size; i++) {
- hash = hash_pjw_bare(certificate_list[i]->raw_issuer_dn.data, certificate_list[i]->raw_issuer_dn.size);
- hash %= list->size;
-
- for (j = 0; j < list->node[hash].trusted_ca_size; j++) {
- if (_gnutls_check_if_same_cert
- (certificate_list[i],
- list->node[hash].trusted_cas[j]) != 0) {
- /* cut the list at the point of first the trusted certificate */
- clist_size = i + 1;
- break;
- }
- }
- /* clist_size may have been changed which gets out of loop */
- }
-
- return clist_size;
+ unsigned int j, i;
+ uint32_t hash;
+
+ if (clist_size > 1) {
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ *
+ * This prevents from verifying self signed certificates against
+ * themselves. This (although not bad) caused verification
+ * failures on some root self signed certificates that use the
+ * MD2 algorithm.
+ */
+ if (gnutls_x509_crt_check_issuer
+ (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) != 0) {
+ clist_size--;
+ }
+ }
+
+ /* We want to shorten the chain by removing the cert that matches
+ * one of the certs we trust and all the certs after that i.e. if
+ * cert chain is A signed-by B signed-by C signed-by D (signed-by
+ * self-signed E but already removed above), and we trust B, remove
+ * B, C and D. */
+ for (i = 1; i < clist_size; i++) {
+ hash =
+ hash_pjw_bare(certificate_list[i]->raw_issuer_dn.data,
+ certificate_list[i]->raw_issuer_dn.size);
+ hash %= list->size;
+
+ for (j = 0; j < list->node[hash].trusted_ca_size; j++) {
+ if (_gnutls_check_if_same_cert
+ (certificate_list[i],
+ list->node[hash].trusted_cas[j]) != 0) {
+ /* cut the list at the point of first the trusted certificate */
+ clist_size = i + 1;
+ break;
+ }
+ }
+ /* clist_size may have been changed which gets out of loop */
+ }
+
+ return clist_size;
}
/* Takes a certificate list and orders it with subject, issuer order.
@@ -415,61 +442,57 @@ static int shorten_clist(gnutls_x509_trust_list_t list,
*
* Returns the sorted list which may be the original clist.
*/
-static gnutls_x509_crt_t* sort_clist(gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH],
- gnutls_x509_crt_t * clist,
- unsigned int *clist_size)
+static gnutls_x509_crt_t *sort_clist(gnutls_x509_crt_t
+ sorted[DEFAULT_MAX_VERIFY_DEPTH],
+ gnutls_x509_crt_t * clist,
+ unsigned int *clist_size)
{
- int prev;
- unsigned int j, i;
- int issuer[DEFAULT_MAX_VERIFY_DEPTH]; /* contain the index of the issuers */
-
- /* Do not bother sorting if too many certificates are given.
- * Prevent any DoS attacks.
- */
- if (*clist_size > DEFAULT_MAX_VERIFY_DEPTH)
- return clist;
-
- for (i=0;i<DEFAULT_MAX_VERIFY_DEPTH;i++)
- issuer[i] = -1;
-
- /* Find the issuer of each certificate and store it
- * in issuer array.
- */
- for(i=0;i<*clist_size;i++)
- {
- for (j=1;j<*clist_size;j++)
- {
- if (i==j) continue;
-
- if (gnutls_x509_crt_check_issuer(clist[i],
- clist[j]) != 0)
- {
- issuer[i] = j;
- break;
- }
- }
- }
-
- if (issuer[0] == -1)
- {
- *clist_size = 1;
- return clist;
- }
-
- prev = 0;
- sorted[0] = clist[0];
- for (i=1;i<*clist_size;i++)
- {
- prev = issuer[prev];
- if (prev == -1) /* no issuer */
- {
- *clist_size = i;
- break;
- }
- sorted[i] = clist[prev];
- }
-
- return sorted;
+ int prev;
+ unsigned int j, i;
+ int issuer[DEFAULT_MAX_VERIFY_DEPTH]; /* contain the index of the issuers */
+
+ /* Do not bother sorting if too many certificates are given.
+ * Prevent any DoS attacks.
+ */
+ if (*clist_size > DEFAULT_MAX_VERIFY_DEPTH)
+ return clist;
+
+ for (i = 0; i < DEFAULT_MAX_VERIFY_DEPTH; i++)
+ issuer[i] = -1;
+
+ /* Find the issuer of each certificate and store it
+ * in issuer array.
+ */
+ for (i = 0; i < *clist_size; i++) {
+ for (j = 1; j < *clist_size; j++) {
+ if (i == j)
+ continue;
+
+ if (gnutls_x509_crt_check_issuer(clist[i],
+ clist[j]) != 0) {
+ issuer[i] = j;
+ break;
+ }
+ }
+ }
+
+ if (issuer[0] == -1) {
+ *clist_size = 1;
+ return clist;
+ }
+
+ prev = 0;
+ sorted[0] = clist[0];
+ for (i = 1; i < *clist_size; i++) {
+ prev = issuer[prev];
+ if (prev == -1) { /* no issuer */
+ *clist_size = i;
+ break;
+ }
+ sorted[i] = clist[prev];
+ }
+
+ return sorted;
}
/**
@@ -488,28 +511,31 @@ static gnutls_x509_crt_t* sort_clist(gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY
* Since: 3.0
**/
int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert,
- gnutls_x509_crt_t * issuer,
- unsigned int flags)
+ gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t * issuer,
+ unsigned int flags)
{
- int ret;
- unsigned int i;
- uint32_t hash;
-
- hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
- hash %= list->size;
-
- for (i = 0; i < list->node[hash].trusted_ca_size; i++) {
- ret =
- gnutls_x509_crt_check_issuer(cert,
- list->node[hash].trusted_cas[i]);
- if (ret != 0) {
- *issuer = list->node[hash].trusted_cas[i];
- return 0;
- }
- }
-
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ int ret;
+ unsigned int i;
+ uint32_t hash;
+
+ hash =
+ hash_pjw_bare(cert->raw_issuer_dn.data,
+ cert->raw_issuer_dn.size);
+ hash %= list->size;
+
+ for (i = 0; i < list->node[hash].trusted_ca_size; i++) {
+ ret =
+ gnutls_x509_crt_check_issuer(cert,
+ list->node[hash].
+ trusted_cas[i]);
+ if (ret != 0) {
+ *issuer = list->node[hash].trusted_cas[i];
+ return 0;
+ }
+ }
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
/**
@@ -532,69 +558,78 @@ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t * cert_list,
- unsigned int cert_list_size,
- unsigned int flags,
- unsigned int *verify,
- gnutls_verify_output_function func)
+ gnutls_x509_crt_t * cert_list,
+ unsigned int cert_list_size,
+ unsigned int flags,
+ unsigned int *verify,
+ gnutls_verify_output_function func)
{
- int ret;
- unsigned int i;
- uint32_t hash;
- gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
-
- if (cert_list == NULL || cert_list_size < 1)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN))
- cert_list = sort_clist(sorted, cert_list, &cert_list_size);
-
- cert_list_size = shorten_clist(list, cert_list, cert_list_size);
- if (cert_list_size <= 0)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- hash = hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.data,
- cert_list[cert_list_size - 1]->raw_issuer_dn.size);
- hash %= list->size;
-
- *verify = _gnutls_x509_verify_certificate(cert_list, cert_list_size,
- list->node[hash].trusted_cas,
- list->node[hash].
- trusted_ca_size, flags,
- func);
-
- if (*verify != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS))
- return 0;
-
- /* Check revocation of individual certificates.
- * start with the last one that we already have its hash
- */
- ret = _gnutls_x509_crt_check_revocation(cert_list[cert_list_size - 1],
- list->node[hash].crls,
- list->node[hash].crl_size,
- func);
- if (ret == 1) { /* revoked */
- *verify |= GNUTLS_CERT_REVOKED;
- *verify |= GNUTLS_CERT_INVALID;
- return 0;
- }
-
- for (i = 0; i < cert_list_size - 1; i++) {
- hash = hash_pjw_bare(cert_list[i]->raw_issuer_dn.data, cert_list[i]->raw_issuer_dn.size);
- hash %= list->size;
-
- ret = _gnutls_x509_crt_check_revocation(cert_list[i],
- list->node[hash].crls,
- list->node[hash].crl_size,
- func);
- if (ret == 1) { /* revoked */
- *verify |= GNUTLS_CERT_REVOKED;
- *verify |= GNUTLS_CERT_INVALID;
- return 0;
- }
- }
-
- return 0;
+ int ret;
+ unsigned int i;
+ uint32_t hash;
+ gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
+
+ if (cert_list == NULL || cert_list_size < 1)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN))
+ cert_list = sort_clist(sorted, cert_list, &cert_list_size);
+
+ cert_list_size = shorten_clist(list, cert_list, cert_list_size);
+ if (cert_list_size <= 0)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ hash =
+ hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.
+ data,
+ cert_list[cert_list_size -
+ 1]->raw_issuer_dn.size);
+ hash %= list->size;
+
+ *verify =
+ _gnutls_x509_verify_certificate(cert_list, cert_list_size,
+ list->node[hash].trusted_cas,
+ list->
+ node[hash].trusted_ca_size,
+ flags, func);
+
+ if (*verify != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS))
+ return 0;
+
+ /* Check revocation of individual certificates.
+ * start with the last one that we already have its hash
+ */
+ ret =
+ _gnutls_x509_crt_check_revocation(cert_list
+ [cert_list_size - 1],
+ list->node[hash].crls,
+ list->node[hash].crl_size,
+ func);
+ if (ret == 1) { /* revoked */
+ *verify |= GNUTLS_CERT_REVOKED;
+ *verify |= GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ for (i = 0; i < cert_list_size - 1; i++) {
+ hash =
+ hash_pjw_bare(cert_list[i]->raw_issuer_dn.data,
+ cert_list[i]->raw_issuer_dn.size);
+ hash %= list->size;
+
+ ret = _gnutls_x509_crt_check_revocation(cert_list[i],
+ list->node[hash].
+ crls,
+ list->node[hash].
+ crl_size, func);
+ if (ret == 1) { /* revoked */
+ *verify |= GNUTLS_CERT_REVOKED;
+ *verify |= GNUTLS_CERT_INVALID;
+ return 0;
+ }
+ }
+
+ return 0;
}
/**
@@ -619,70 +654,75 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert,
- const void *name,
- size_t name_size,
- unsigned int flags,
- unsigned int *verify,
- gnutls_verify_output_function func)
+ gnutls_x509_crt_t cert,
+ const void *name,
+ size_t name_size,
+ unsigned int flags,
+ unsigned int *verify,
+ gnutls_verify_output_function func)
{
- int ret;
- unsigned int i;
- uint32_t hash;
-
- hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
- hash %= list->size;
-
- *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND;
-
- for (i = 0; i < list->node[hash].named_cert_size; i++) {
- if (_gnutls_check_if_same_cert(cert, list->node[hash].named_certs[i].cert) != 0) { /* check if name matches */
- if (list->node[hash].named_certs[i].name_size == name_size &&
- memcmp(list->node[hash].named_certs[i].name, name,
- name_size) == 0) {
- *verify = 0;
- break;
- }
- }
- }
-
- if (*verify != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS))
- return 0;
-
- /* Check revocation of individual certificates.
- * start with the last one that we already have its hash
- */
- ret = _gnutls_x509_crt_check_revocation(cert,
- list->node[hash].crls,
- list->node[hash].crl_size,
- func);
- if (ret == 1) { /* revoked */
- *verify |= GNUTLS_CERT_REVOKED;
- *verify |= GNUTLS_CERT_INVALID;
- return 0;
- }
-
- return 0;
+ int ret;
+ unsigned int i;
+ uint32_t hash;
+
+ hash =
+ hash_pjw_bare(cert->raw_issuer_dn.data,
+ cert->raw_issuer_dn.size);
+ hash %= list->size;
+
+ *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND;
+
+ for (i = 0; i < list->node[hash].named_cert_size; i++) {
+ if (_gnutls_check_if_same_cert(cert, list->node[hash].named_certs[i].cert) != 0) { /* check if name matches */
+ if (list->node[hash].named_certs[i].name_size ==
+ name_size
+ && memcmp(list->node[hash].named_certs[i].name,
+ name, name_size) == 0) {
+ *verify = 0;
+ break;
+ }
+ }
+ }
+
+ if (*verify != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS))
+ return 0;
+
+ /* Check revocation of individual certificates.
+ * start with the last one that we already have its hash
+ */
+ ret = _gnutls_x509_crt_check_revocation(cert,
+ list->node[hash].crls,
+ list->node[hash].crl_size,
+ func);
+ if (ret == 1) { /* revoked */
+ *verify |= GNUTLS_CERT_REVOKED;
+ *verify |= GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ return 0;
}
/* return 1 if @cert is in @list, 0 if not */
int
-_gnutls_trustlist_inlist (gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert)
+_gnutls_trustlist_inlist(gnutls_x509_trust_list_t list,
+ gnutls_x509_crt_t cert)
{
- int ret;
- unsigned int i;
- uint32_t hash;
-
- hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size);
- hash %= list->size;
-
- for (i = 0; i < list->node[hash].trusted_ca_size; i++)
- {
- ret = _gnutls_check_if_same_cert (cert, list->node[hash].trusted_cas[i]);
- if (ret != 0)
- return 1;
- }
-
- return 0;
+ int ret;
+ unsigned int i;
+ uint32_t hash;
+
+ hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size);
+ hash %= list->size;
+
+ for (i = 0; i < list->node[hash].trusted_ca_size; i++) {
+ ret =
+ _gnutls_check_if_same_cert(cert,
+ list->node[hash].
+ trusted_cas[i]);
+ if (ret != 0)
+ return 1;
+ }
+
+ return 0;
}
diff --git a/lib/x509/verify-high.h b/lib/x509/verify-high.h
index 3315a871f3..ba45f6ee55 100644
--- a/lib/x509/verify-high.h
+++ b/lib/x509/verify-high.h
@@ -20,5 +20,5 @@
*
*/
-int _gnutls_trustlist_inlist (gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert);
+int _gnutls_trustlist_inlist(gnutls_x509_trust_list_t list,
+ gnutls_x509_crt_t cert);
diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
index 7408e54f39..5af5e67cdc 100644
--- a/lib/x509/verify-high2.c
+++ b/lib/x509/verify-high2.c
@@ -54,49 +54,57 @@
**/
int
gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list,
- const gnutls_datum_t * cas,
- const gnutls_datum_t * crls,
- gnutls_x509_crt_fmt_t type,
- unsigned int tl_flags,
- unsigned int tl_vflags)
+ const gnutls_datum_t * cas,
+ const gnutls_datum_t * crls,
+ gnutls_x509_crt_fmt_t type,
+ unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- int ret;
- gnutls_x509_crt_t *x509_ca_list = NULL;
- gnutls_x509_crl_t *x509_crl_list = NULL;
- unsigned int x509_ncas, x509_ncrls;
- unsigned int r = 0;
-
- if (cas != NULL && cas->data != NULL)
- {
- ret = gnutls_x509_crt_list_import2( &x509_ca_list, &x509_ncas, cas, type, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_trust_list_add_cas(list, x509_ca_list, x509_ncas, tl_flags);
- gnutls_free(x509_ca_list);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
- else
- r += ret;
- }
-
- if (crls != NULL && crls->data != NULL)
- {
- ret = gnutls_x509_crl_list_import2( &x509_crl_list, &x509_ncrls, crls, type, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_trust_list_add_crls(list, x509_crl_list, x509_ncrls, tl_flags, tl_vflags);
- gnutls_free(x509_crl_list);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
- else
- r += ret;
- }
-
- return r;
+ int ret;
+ gnutls_x509_crt_t *x509_ca_list = NULL;
+ gnutls_x509_crl_t *x509_crl_list = NULL;
+ unsigned int x509_ncas, x509_ncrls;
+ unsigned int r = 0;
+
+ if (cas != NULL && cas->data != NULL) {
+ ret =
+ gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
+ cas, type, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_trust_list_add_cas(list, x509_ca_list,
+ x509_ncas, tl_flags);
+ gnutls_free(x509_ca_list);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ else
+ r += ret;
+ }
+
+ if (crls != NULL && crls->data != NULL) {
+ ret =
+ gnutls_x509_crl_list_import2(&x509_crl_list,
+ &x509_ncrls, crls, type,
+ 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_trust_list_add_crls(list, x509_crl_list,
+ x509_ncrls, tl_flags,
+ tl_vflags);
+ gnutls_free(x509_crl_list);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ else
+ r += ret;
+ }
+
+ return r;
}
/**
@@ -114,125 +122,139 @@ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list,
- const gnutls_datum_t * cas,
- gnutls_x509_crt_fmt_t type)
+ const gnutls_datum_t * cas,
+ gnutls_x509_crt_fmt_t type)
{
- int ret;
- gnutls_x509_crt_t *x509_ca_list = NULL;
- unsigned int x509_ncas;
- unsigned int r = 0, i;
-
- if (cas != NULL && cas->data != NULL)
- {
- ret = gnutls_x509_crt_list_import2( &x509_ca_list, &x509_ncas, cas, type, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_trust_list_remove_cas(list, x509_ca_list, x509_ncas);
-
- for (i=0;i<x509_ncas;i++)
- gnutls_x509_crt_deinit(x509_ca_list[i]);
- gnutls_free(x509_ca_list);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
- else
- r += ret;
- }
-
- return r;
+ int ret;
+ gnutls_x509_crt_t *x509_ca_list = NULL;
+ unsigned int x509_ncas;
+ unsigned int r = 0, i;
+
+ if (cas != NULL && cas->data != NULL) {
+ ret =
+ gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
+ cas, type, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_trust_list_remove_cas(list, x509_ca_list,
+ x509_ncas);
+
+ for (i = 0; i < x509_ncas; i++)
+ gnutls_x509_crt_deinit(x509_ca_list[i]);
+ gnutls_free(x509_ca_list);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ else
+ r += ret;
+ }
+
+ return r;
}
#ifdef ENABLE_PKCS11
-static
-int import_pkcs11_url(gnutls_x509_trust_list_t list, const char* ca_file, unsigned int flags)
+static
+int import_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file,
+ unsigned int flags)
{
-gnutls_x509_crt_t *xcrt_list = NULL;
-gnutls_pkcs11_obj_t *pcrt_list = NULL;
-unsigned int pcrt_list_size = 0, i;
-int ret;
-
- ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, ca_file,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (pcrt_list_size == 0)
- {
- ret = 0;
- goto cleanup;
- }
-
- xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t)*pcrt_list_size);
- if (xcrt_list == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_list_import_pkcs11( xcrt_list, pcrt_list_size, pcrt_list, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(list, xcrt_list, pcrt_list_size, flags);
-
-cleanup:
- for (i=0;i<pcrt_list_size;i++)
- gnutls_pkcs11_obj_deinit(pcrt_list[i]);
- gnutls_free(pcrt_list);
- gnutls_free(xcrt_list);
-
- return ret;
+ gnutls_x509_crt_t *xcrt_list = NULL;
+ gnutls_pkcs11_obj_t *pcrt_list = NULL;
+ unsigned int pcrt_list_size = 0, i;
+ int ret;
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
+ ca_file,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
+ 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (pcrt_list_size == 0) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ xcrt_list =
+ gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size);
+ if (xcrt_list == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size,
+ pcrt_list, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_cas(list, xcrt_list, pcrt_list_size,
+ flags);
+
+ cleanup:
+ for (i = 0; i < pcrt_list_size; i++)
+ gnutls_pkcs11_obj_deinit(pcrt_list[i]);
+ gnutls_free(pcrt_list);
+ gnutls_free(xcrt_list);
+
+ return ret;
}
-static
-int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char* ca_file)
+static
+int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file)
{
-gnutls_x509_crt_t *xcrt_list = NULL;
-gnutls_pkcs11_obj_t *pcrt_list = NULL;
-unsigned int pcrt_list_size = 0, i;
-int ret;
-
- ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, ca_file,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (pcrt_list_size == 0)
- {
- ret = 0;
- goto cleanup;
- }
-
- xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t)*pcrt_list_size);
- if (xcrt_list == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_list_import_pkcs11( xcrt_list, pcrt_list_size, pcrt_list, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_remove_cas(list, xcrt_list, pcrt_list_size);
-
-cleanup:
- for (i=0;i<pcrt_list_size;i++)
- {
- gnutls_pkcs11_obj_deinit(pcrt_list[i]);
- if (xcrt_list) gnutls_x509_crt_deinit(xcrt_list[i]);
- }
- gnutls_free(pcrt_list);
- gnutls_free(xcrt_list);
-
- return ret;
+ gnutls_x509_crt_t *xcrt_list = NULL;
+ gnutls_pkcs11_obj_t *pcrt_list = NULL;
+ unsigned int pcrt_list_size = 0, i;
+ int ret;
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
+ ca_file,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
+ 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (pcrt_list_size == 0) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ xcrt_list =
+ gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size);
+ if (xcrt_list == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size,
+ pcrt_list, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_remove_cas(list, xcrt_list,
+ pcrt_list_size);
+
+ cleanup:
+ for (i = 0; i < pcrt_list_size; i++) {
+ gnutls_pkcs11_obj_deinit(pcrt_list[i]);
+ if (xcrt_list)
+ gnutls_x509_crt_deinit(xcrt_list[i]);
+ }
+ gnutls_free(pcrt_list);
+ gnutls_free(xcrt_list);
+
+ return ret;
}
#endif
@@ -256,52 +278,49 @@ cleanup:
**/
int
gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
- const char* ca_file,
- const char* crl_file,
- gnutls_x509_crt_fmt_t type,
- unsigned int tl_flags,
- unsigned int tl_vflags)
+ const char *ca_file,
+ const char *crl_file,
+ gnutls_x509_crt_fmt_t type,
+ unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- gnutls_datum_t cas = { NULL, 0 };
- gnutls_datum_t crls = { NULL, 0 };
- size_t size;
- int ret;
+ gnutls_datum_t cas = { NULL, 0 };
+ gnutls_datum_t crls = { NULL, 0 };
+ size_t size;
+ int ret;
#ifdef ENABLE_PKCS11
- if (strncmp (ca_file, "pkcs11:", 7) == 0)
- {
- ret = import_pkcs11_url(list, ca_file, tl_flags);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
+ if (strncmp(ca_file, "pkcs11:", 7) == 0) {
+ ret = import_pkcs11_url(list, ca_file, tl_flags);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
#endif
- {
- cas.data = (void*)read_binary_file (ca_file, &size);
- if (cas.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
- cas.size = size;
- }
-
- if (crl_file)
- {
- crls.data = (void*)read_binary_file (crl_file, &size);
- if (crls.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
- crls.size = size;
- }
-
- ret = gnutls_x509_trust_list_add_trust_mem(list, &cas, &crls, type, tl_flags, tl_vflags);
- free(crls.data);
- free(cas.data);
-
- return ret;
+ {
+ cas.data = (void *) read_binary_file(ca_file, &size);
+ if (cas.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+ cas.size = size;
+ }
+
+ if (crl_file) {
+ crls.data = (void *) read_binary_file(crl_file, &size);
+ if (crls.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+ crls.size = size;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_trust_mem(list, &cas, &crls, type,
+ tl_flags, tl_vflags);
+ free(crls.data);
+ free(cas.data);
+
+ return ret;
}
/**
@@ -320,35 +339,31 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list,
- const char* ca_file,
- gnutls_x509_crt_fmt_t type)
+ const char *ca_file,
+ gnutls_x509_crt_fmt_t type)
{
- gnutls_datum_t cas = { NULL, 0 };
- size_t size;
- int ret;
+ gnutls_datum_t cas = { NULL, 0 };
+ size_t size;
+ int ret;
#ifdef ENABLE_PKCS11
- if (strncmp (ca_file, "pkcs11:", 7) == 0)
- {
- ret = remove_pkcs11_url(list, ca_file);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
+ if (strncmp(ca_file, "pkcs11:", 7) == 0) {
+ ret = remove_pkcs11_url(list, ca_file);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
#endif
- {
- cas.data = (void*)read_binary_file (ca_file, &size);
- if (cas.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
- cas.size = size;
- }
-
- ret = gnutls_x509_trust_list_remove_trust_mem(list, &cas, type);
- free(cas.data);
-
- return ret;
-}
+ {
+ cas.data = (void *) read_binary_file(ca_file, &size);
+ if (cas.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+ cas.size = size;
+ }
+ ret = gnutls_x509_trust_list_remove_trust_mem(list, &cas, type);
+ free(cas.data);
+
+ return ret;
+}
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 30758f88f8..f7390dcccc 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -28,7 +28,7 @@
#include <gnutls_errors.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
@@ -38,42 +38,41 @@
/* Checks if two certs are identical. Return 1 on match. */
int
-_gnutls_check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
+_gnutls_check_if_same_cert(gnutls_x509_crt_t cert1,
+ gnutls_x509_crt_t cert2)
{
- gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin =
- { NULL, 0};
- int result;
-
- result = _gnutls_is_same_dn (cert1, cert2);
- if (result == 0)
- return 0;
-
- result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0);
- if (result < 0)
- {
- result = 0;
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (cert2->cert, "", &cert2bin, 0);
- if (result < 0)
- {
- result = 0;
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((cert1bin.size == cert2bin.size) &&
- (memcmp (cert1bin.data, cert2bin.data, cert1bin.size) == 0))
- result = 1;
- else
- result = 0;
-
-cleanup:
- _gnutls_free_datum (&cert1bin);
- _gnutls_free_datum (&cert2bin);
- return result;
+ gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = {
+ NULL, 0};
+ int result;
+
+ result = _gnutls_is_same_dn(cert1, cert2);
+ if (result == 0)
+ return 0;
+
+ result = _gnutls_x509_der_encode(cert1->cert, "", &cert1bin, 0);
+ if (result < 0) {
+ result = 0;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(cert2->cert, "", &cert2bin, 0);
+ if (result < 0) {
+ result = 0;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((cert1bin.size == cert2bin.size) &&
+ (memcmp(cert1bin.data, cert2bin.data, cert1bin.size) == 0))
+ result = 1;
+ else
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&cert1bin);
+ _gnutls_free_datum(&cert2bin);
+ return result;
}
/* Checks if the issuer of a certificate is a
@@ -84,113 +83,110 @@ cleanup:
* or not.
*/
static int
-check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- unsigned int *max_path,
- unsigned int flags)
+check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ unsigned int *max_path, unsigned int flags)
{
- gnutls_datum_t cert_signed_data = { NULL, 0 };
- gnutls_datum_t issuer_signed_data = { NULL, 0 };
- gnutls_datum_t cert_signature = { NULL, 0 };
- gnutls_datum_t issuer_signature = { NULL, 0 };
- int pathlen, result;
- unsigned int ca_status;
-
- /* Check if the issuer is the same with the
- * certificate. This is added in order for trusted
- * certificates to be able to verify themselves.
- */
-
- result =
- _gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate",
- &issuer_signed_data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result =
- _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &cert_signed_data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result =
- _gnutls_x509_get_signature (issuer->cert, "signature", &issuer_signature);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result =
- _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* If the subject certificate is the same as the issuer
- * return true.
- */
- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
- if (cert_signed_data.size == issuer_signed_data.size)
- {
- if ((memcmp (cert_signed_data.data, issuer_signed_data.data,
- cert_signed_data.size) == 0) &&
- (cert_signature.size == issuer_signature.size) &&
- (memcmp (cert_signature.data, issuer_signature.data,
- cert_signature.size) == 0))
- {
- result = 1;
- goto cleanup;
- }
- }
-
- result = gnutls_x509_crt_get_basic_constraints( issuer, NULL, &ca_status, &pathlen);
- if (result < 0)
- {
- ca_status = 0;
- pathlen = -1;
- }
-
- if (ca_status != 0 && pathlen != -1)
- {
- if ((unsigned)pathlen < *max_path)
- *max_path = pathlen;
- }
-
- if (ca_status != 0)
- {
- result = 1;
- goto cleanup;
- }
- /* Handle V1 CAs that do not have a basicConstraint, but accept
- these certs only if the appropriate flags are set. */
- else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
- ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
- (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
- (gnutls_x509_crt_check_issuer (issuer, issuer) != 0))))
- {
- gnutls_assert ();
- result = 1;
- goto cleanup;
- }
- else
- gnutls_assert ();
-
- result = 0;
-
-cleanup:
- _gnutls_free_datum (&cert_signed_data);
- _gnutls_free_datum (&issuer_signed_data);
- _gnutls_free_datum (&cert_signature);
- _gnutls_free_datum (&issuer_signature);
- return result;
+ gnutls_datum_t cert_signed_data = { NULL, 0 };
+ gnutls_datum_t issuer_signed_data = { NULL, 0 };
+ gnutls_datum_t cert_signature = { NULL, 0 };
+ gnutls_datum_t issuer_signature = { NULL, 0 };
+ int pathlen, result;
+ unsigned int ca_status;
+
+ /* Check if the issuer is the same with the
+ * certificate. This is added in order for trusted
+ * certificates to be able to verify themselves.
+ */
+
+ result =
+ _gnutls_x509_get_signed_data(issuer->cert, "tbsCertificate",
+ &issuer_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate",
+ &cert_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(issuer->cert, "signature",
+ &issuer_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(cert->cert, "signature",
+ &cert_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* If the subject certificate is the same as the issuer
+ * return true.
+ */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ if (cert_signed_data.size == issuer_signed_data.size) {
+ if ((memcmp
+ (cert_signed_data.data,
+ issuer_signed_data.data,
+ cert_signed_data.size) == 0)
+ && (cert_signature.size ==
+ issuer_signature.size)
+ &&
+ (memcmp
+ (cert_signature.data, issuer_signature.data,
+ cert_signature.size) == 0)) {
+ result = 1;
+ goto cleanup;
+ }
+ }
+
+ result =
+ gnutls_x509_crt_get_basic_constraints(issuer, NULL, &ca_status,
+ &pathlen);
+ if (result < 0) {
+ ca_status = 0;
+ pathlen = -1;
+ }
+
+ if (ca_status != 0 && pathlen != -1) {
+ if ((unsigned) pathlen < *max_path)
+ *max_path = pathlen;
+ }
+
+ if (ca_status != 0) {
+ result = 1;
+ goto cleanup;
+ }
+ /* Handle V1 CAs that do not have a basicConstraint, but accept
+ these certs only if the appropriate flags are set. */
+ else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
+ ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
+ (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
+ (gnutls_x509_crt_check_issuer(issuer, issuer) != 0)))) {
+ gnutls_assert();
+ result = 1;
+ goto cleanup;
+ } else
+ gnutls_assert();
+
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&cert_signed_data);
+ _gnutls_free_datum(&issuer_signed_data);
+ _gnutls_free_datum(&cert_signature);
+ _gnutls_free_datum(&issuer_signature);
+ return result;
}
@@ -200,147 +196,146 @@ cleanup:
*
* Returns 1 if they match and (0) if they don't match.
*/
-static int
-is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
+static int is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
{
- uint8_t id1[512];
- uint8_t id2[512];
- size_t id1_size;
- size_t id2_size;
- int ret;
-
- if (_gnutls_x509_compare_raw_dn(&cert->raw_issuer_dn, &issuer->raw_dn) != 0)
- ret = 1;
- else
- ret = 0;
-
- if (ret != 0)
- {
- /* check if the authority key identifier matches the subject key identifier
- * of the issuer */
- id1_size = sizeof(id1);
-
- ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL);
- if (ret < 0)
- {
- ret = 1;
- goto cleanup;
- }
-
- id2_size = sizeof(id2);
- ret = gnutls_x509_crt_get_subject_key_id(issuer, id2, &id2_size, NULL);
- if (ret < 0)
- {
- ret = 1;
- gnutls_assert();
- goto cleanup;
- }
-
- if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0)
- ret = 1;
- else
- ret = 0;
- }
-
-cleanup:
- return ret;
+ uint8_t id1[512];
+ uint8_t id2[512];
+ size_t id1_size;
+ size_t id2_size;
+ int ret;
+
+ if (_gnutls_x509_compare_raw_dn
+ (&cert->raw_issuer_dn, &issuer->raw_dn) != 0)
+ ret = 1;
+ else
+ ret = 0;
+
+ if (ret != 0) {
+ /* check if the authority key identifier matches the subject key identifier
+ * of the issuer */
+ id1_size = sizeof(id1);
+
+ ret =
+ gnutls_x509_crt_get_authority_key_id(cert, id1,
+ &id1_size, NULL);
+ if (ret < 0) {
+ ret = 1;
+ goto cleanup;
+ }
+
+ id2_size = sizeof(id2);
+ ret =
+ gnutls_x509_crt_get_subject_key_id(issuer, id2,
+ &id2_size, NULL);
+ if (ret < 0) {
+ ret = 1;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (id1_size == id2_size
+ && memcmp(id1, id2, id1_size) == 0)
+ ret = 1;
+ else
+ ret = 0;
+ }
+
+ cleanup:
+ return ret;
}
/* Check if the given certificate is the issuer of the CRL.
* Returns 1 on success and 0 otherwise.
*/
-static int
-is_crl_issuer (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer)
+static int is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer)
{
- if (_gnutls_x509_compare_raw_dn(&crl->raw_issuer_dn, &issuer->raw_dn) != 0)
- return 1;
- else
- return 0;
+ if (_gnutls_x509_compare_raw_dn
+ (&crl->raw_issuer_dn, &issuer->raw_dn) != 0)
+ return 1;
+ else
+ return 0;
}
/* Checks if the DN of two certificates is the same.
* Returns 1 if they match and (0) if they don't match. Otherwise
* a negative error code is returned to indicate error.
*/
-int
-_gnutls_is_same_dn (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
+int _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
{
- if (_gnutls_x509_compare_raw_dn(&cert1->raw_dn, &cert2->raw_dn) != 0)
- return 1;
- else
- return 0;
+ if (_gnutls_x509_compare_raw_dn(&cert1->raw_dn, &cert2->raw_dn) !=
+ 0)
+ return 1;
+ else
+ return 0;
}
/* Finds an issuer of the certificate. If multiple issuers
* are present, returns one that is activated and not expired.
*/
static inline gnutls_x509_crt_t
-find_issuer (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * trusted_cas, int tcas_size)
+find_issuer(gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * trusted_cas, int tcas_size)
{
-int i;
-gnutls_x509_crt_t issuer = NULL;
-
- /* this is serial search.
- */
-
- for (i = 0; i < tcas_size; i++)
- {
- if (is_issuer (cert, trusted_cas[i]) != 0)
- {
- if (issuer == NULL)
- {
- issuer = trusted_cas[i];
- }
- else
- {
- time_t now = gnutls_time(0);
-
- if (now < gnutls_x509_crt_get_expiration_time(trusted_cas[i]) &&
- now >= gnutls_x509_crt_get_activation_time(trusted_cas[i]))
- {
- issuer = trusted_cas[i];
- }
- }
- }
- }
-
- return issuer;
+ int i;
+ gnutls_x509_crt_t issuer = NULL;
+
+ /* this is serial search.
+ */
+
+ for (i = 0; i < tcas_size; i++) {
+ if (is_issuer(cert, trusted_cas[i]) != 0) {
+ if (issuer == NULL) {
+ issuer = trusted_cas[i];
+ } else {
+ time_t now = gnutls_time(0);
+
+ if (now <
+ gnutls_x509_crt_get_expiration_time
+ (trusted_cas[i])
+ && now >=
+ gnutls_x509_crt_get_activation_time
+ (trusted_cas[i])) {
+ issuer = trusted_cas[i];
+ }
+ }
+ }
+ }
+
+ return issuer;
}
-static unsigned int
-check_time (gnutls_x509_crt_t crt, time_t now)
+static unsigned int check_time(gnutls_x509_crt_t crt, time_t now)
{
- int status = 0;
- time_t t;
-
- t = gnutls_x509_crt_get_activation_time (crt);
- if (t == (time_t) - 1 || now < t)
- {
- status |= GNUTLS_CERT_NOT_ACTIVATED;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
-
- t = gnutls_x509_crt_get_expiration_time (crt);
- if (t == (time_t) - 1 || now > t)
- {
- status |= GNUTLS_CERT_EXPIRED;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
-
- return 0;
+ int status = 0;
+ time_t t;
+
+ t = gnutls_x509_crt_get_activation_time(crt);
+ if (t == (time_t) - 1 || now < t) {
+ status |= GNUTLS_CERT_NOT_ACTIVATED;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ t = gnutls_x509_crt_get_expiration_time(crt);
+ if (t == (time_t) - 1 || now > t) {
+ status |= GNUTLS_CERT_EXPIRED;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ return 0;
}
static
-int is_broken_allowed( gnutls_sign_algorithm_t sig, unsigned int flags)
+int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags)
{
- if ((sig == GNUTLS_SIGN_RSA_MD2) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2))
- return 1;
- if ((sig == GNUTLS_SIGN_RSA_MD5) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))
- return 1;
- return 0;
+ if ((sig == GNUTLS_SIGN_RSA_MD2)
+ && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2))
+ return 1;
+ if ((sig == GNUTLS_SIGN_RSA_MD5)
+ && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))
+ return 1;
+ return 0;
}
/*
@@ -356,182 +351,180 @@ int is_broken_allowed( gnutls_sign_algorithm_t sig, unsigned int flags)
* procedure. Issuer will hold the actual issuer from the trusted list.
*/
static int
-_gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size, unsigned int flags,
- unsigned int *output,
- gnutls_x509_crt_t * _issuer,
- time_t now,
- unsigned int *max_path,
- gnutls_verify_output_function func)
+_gnutls_verify_certificate2(gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output,
+ gnutls_x509_crt_t * _issuer,
+ time_t now,
+ unsigned int *max_path,
+ gnutls_verify_output_function func)
{
- gnutls_datum_t cert_signed_data = { NULL, 0 };
- gnutls_datum_t cert_signature = { NULL, 0 };
- gnutls_x509_crt_t issuer = NULL;
- int issuer_version, result, hash_algo;
- unsigned int out = 0, usage;
-
- if (output)
- *output = 0;
-
- if (*max_path == 0)
- {
- out = GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- gnutls_assert ();
- result = 0;
- goto cleanup;
- }
- (*max_path)--;
-
- if (tcas_size >= 1)
- issuer = find_issuer (cert, trusted_cas, tcas_size);
-
- /* issuer is not in trusted certificate
- * authorities.
- */
- if (issuer == NULL)
- {
- out = GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- gnutls_assert ();
- result = 0;
- goto cleanup;
- }
-
- if (_issuer != NULL)
- *_issuer = issuer;
-
- issuer_version = gnutls_x509_crt_get_version (issuer);
- if (issuer_version < 0)
- {
- gnutls_assert ();
- return issuer_version;
- }
-
- if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
- ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
- || issuer_version != 1))
- {
- if (check_if_ca (cert, issuer, max_path, flags) == 0)
- {
- gnutls_assert ();
- out = GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- result = 0;
- goto cleanup;
- }
-
- result = gnutls_x509_crt_get_key_usage(issuer, &usage, NULL);
- if (result >= 0)
- {
- if (!(usage & GNUTLS_KEY_KEY_CERT_SIGN))
- {
- gnutls_assert();
- out = GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- result = 0;
- goto cleanup;
- }
- }
- }
-
- result =
- _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &cert_signed_data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result =
- _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signature_algorithm(cert->cert, "signatureAlgorithm.algorithm");
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- hash_algo = gnutls_sign_get_hash_algorithm(result);
-
- result =
- _gnutls_x509_verify_data (mac_to_entry(hash_algo), &cert_signed_data, &cert_signature,
- issuer);
- if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
- {
- gnutls_assert ();
- out |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
- /* error. ignore it */
- if (output)
- *output |= out;
- result = 0;
- }
- else if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* If the certificate is not self signed check if the algorithms
- * used are secure. If the certificate is self signed it doesn't
- * really matter.
- */
- if (is_issuer (cert, cert) == 0)
- {
- int sigalg;
-
- sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
-
- if (gnutls_sign_is_secure(sigalg) == 0 && is_broken_allowed(sigalg, flags) == 0)
- {
- out = GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- result = 0;
- }
- }
-
- /* Check activation/expiration times
- */
- if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
- {
- /* check the time of the issuer first */
- if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS))
- {
- out |= check_time (issuer, now);
- if (out != 0)
- {
- result = 0;
- if (output) *output |= out;
- }
- }
-
- out |= check_time (cert, now);
- if (out != 0)
- {
- result = 0;
- if (output) *output |= out;
- }
- }
-
-cleanup:
- if (result >= 0 && func) func(cert, issuer, NULL, out);
- _gnutls_free_datum (&cert_signed_data);
- _gnutls_free_datum (&cert_signature);
-
- return result;
+ gnutls_datum_t cert_signed_data = { NULL, 0 };
+ gnutls_datum_t cert_signature = { NULL, 0 };
+ gnutls_x509_crt_t issuer = NULL;
+ int issuer_version, result, hash_algo;
+ unsigned int out = 0, usage;
+
+ if (output)
+ *output = 0;
+
+ if (*max_path == 0) {
+ out =
+ GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE |
+ GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ gnutls_assert();
+ result = 0;
+ goto cleanup;
+ }
+ (*max_path)--;
+
+ if (tcas_size >= 1)
+ issuer = find_issuer(cert, trusted_cas, tcas_size);
+
+ /* issuer is not in trusted certificate
+ * authorities.
+ */
+ if (issuer == NULL) {
+ out = GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ gnutls_assert();
+ result = 0;
+ goto cleanup;
+ }
+
+ if (_issuer != NULL)
+ *_issuer = issuer;
+
+ issuer_version = gnutls_x509_crt_get_version(issuer);
+ if (issuer_version < 0) {
+ gnutls_assert();
+ return issuer_version;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
+ ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
+ || issuer_version != 1)) {
+ if (check_if_ca(cert, issuer, max_path, flags) == 0) {
+ gnutls_assert();
+ out =
+ GNUTLS_CERT_SIGNER_NOT_CA |
+ GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ result = 0;
+ goto cleanup;
+ }
+
+ result =
+ gnutls_x509_crt_get_key_usage(issuer, &usage, NULL);
+ if (result >= 0) {
+ if (!(usage & GNUTLS_KEY_KEY_CERT_SIGN)) {
+ gnutls_assert();
+ out =
+ GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE
+ | GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ result = 0;
+ goto cleanup;
+ }
+ }
+ }
+
+ result =
+ _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate",
+ &cert_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(cert->cert, "signature",
+ &cert_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature_algorithm(cert->cert,
+ "signatureAlgorithm.algorithm");
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ hash_algo = gnutls_sign_get_hash_algorithm(result);
+
+ result =
+ _gnutls_x509_verify_data(mac_to_entry(hash_algo),
+ &cert_signed_data, &cert_signature,
+ issuer);
+ if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
+ gnutls_assert();
+ out |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
+ /* error. ignore it */
+ if (output)
+ *output |= out;
+ result = 0;
+ } else if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* If the certificate is not self signed check if the algorithms
+ * used are secure. If the certificate is self signed it doesn't
+ * really matter.
+ */
+ if (is_issuer(cert, cert) == 0) {
+ int sigalg;
+
+ sigalg = gnutls_x509_crt_get_signature_algorithm(cert);
+
+ if (gnutls_sign_is_secure(sigalg) == 0
+ && is_broken_allowed(sigalg, flags) == 0) {
+ out =
+ GNUTLS_CERT_INSECURE_ALGORITHM |
+ GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ result = 0;
+ }
+ }
+
+ /* Check activation/expiration times
+ */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) {
+ /* check the time of the issuer first */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)) {
+ out |= check_time(issuer, now);
+ if (out != 0) {
+ result = 0;
+ if (output)
+ *output |= out;
+ }
+ }
+
+ out |= check_time(cert, now);
+ if (out != 0) {
+ result = 0;
+ if (output)
+ *output |= out;
+ }
+ }
+
+ cleanup:
+ if (result >= 0 && func)
+ func(cert, issuer, NULL, out);
+ _gnutls_free_datum(&cert_signed_data);
+ _gnutls_free_datum(&cert_signature);
+
+ return result;
}
/**
@@ -547,10 +540,10 @@ cleanup:
* by the given issuer, and false (0) if not.
**/
int
-gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer)
+gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer)
{
- return is_issuer (cert, issuer);
+ return is_issuer(cert, issuer);
}
/* Verify X.509 certificate chain.
@@ -561,132 +554,132 @@ gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
* list should lead to a trusted certificate in order to be trusted.
*/
unsigned int
-_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
- int clist_size,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size,
- unsigned int flags,
- gnutls_verify_output_function func)
+_gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list,
+ int clist_size,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size,
+ unsigned int flags,
+ gnutls_verify_output_function func)
{
- int i = 0, ret;
- unsigned int status = 0, output;
- time_t now = gnutls_time (0);
- gnutls_x509_crt_t issuer = NULL;
- unsigned int max_path;
-
- if (clist_size > 1)
- {
- /* Check if the last certificate in the path is self signed.
- * In that case ignore it (a certificate is trusted only if it
- * leads to a trusted party by us, not the server's).
- *
- * This prevents from verifying self signed certificates against
- * themselves. This (although not bad) caused verification
- * failures on some root self signed certificates that use the
- * MD2 algorithm.
- */
- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
- certificate_list[clist_size - 1]) != 0)
- {
- clist_size--;
- }
- }
-
- /* We want to shorten the chain by removing the cert that matches
- * one of the certs we trust and all the certs after that i.e. if
- * cert chain is A signed-by B signed-by C signed-by D (signed-by
- * self-signed E but already removed above), and we trust B, remove
- * B, C and D. */
- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
- i = 0; /* also replace the first one */
- else
- i = 1; /* do not replace the first one */
-
- for (; i < clist_size; i++)
- {
- int j;
-
- for (j = 0; j < tcas_size; j++)
- {
- if (_gnutls_check_if_same_cert (certificate_list[i], trusted_cas[j]) != 0)
- {
- /* explicity time check for trusted CA that we remove from
- * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
- */
- if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
- && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
- {
- status |= check_time (trusted_cas[j], now);
- if (status != 0)
- {
- if (func) func(certificate_list[i], trusted_cas[j], NULL, status);
- return status;
- }
- }
-
- if (func) func(certificate_list[i], trusted_cas[j], NULL, status);
- clist_size = i;
- break;
- }
- }
- /* clist_size may have been changed which gets out of loop */
- }
-
- if (clist_size == 0)
- {
- /* The certificate is already present in the trusted certificate list.
- * Nothing to verify. */
- return status;
- }
-
- /* Verify the last certificate in the certificate path
- * against the trusted CA certificate list.
- *
- * If no CAs are present returns CERT_INVALID. Thus works
- * in self signed etc certificates.
- */
- output = 0;
- max_path = MAX_VERIFY_DEPTH;
- ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
- trusted_cas, tcas_size, flags, &output,
- &issuer, now, &max_path, func);
- if (ret == 0)
- {
- /* if the last certificate in the certificate
- * list is invalid, then the certificate is not
- * trusted.
- */
- gnutls_assert ();
- status |= output;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
-
- /* Verify the certificate path (chain)
- */
- for (i = clist_size - 1; i > 0; i--)
- {
- output = 0;
- if (i - 1 < 0)
- break;
-
- /* note that here we disable this V1 CA flag. So that no version 1
- * certificates can exist in a supplied chain.
- */
- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
- flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
- if ((ret =
- _gnutls_verify_certificate2 (certificate_list[i - 1],
- &certificate_list[i], 1, flags,
- &output, NULL, now, &max_path, func)) == 0)
- {
- status |= output;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
- }
-
- return 0;
+ int i = 0, ret;
+ unsigned int status = 0, output;
+ time_t now = gnutls_time(0);
+ gnutls_x509_crt_t issuer = NULL;
+ unsigned int max_path;
+
+ if (clist_size > 1) {
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ *
+ * This prevents from verifying self signed certificates against
+ * themselves. This (although not bad) caused verification
+ * failures on some root self signed certificates that use the
+ * MD2 algorithm.
+ */
+ if (gnutls_x509_crt_check_issuer
+ (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) != 0) {
+ clist_size--;
+ }
+ }
+
+ /* We want to shorten the chain by removing the cert that matches
+ * one of the certs we trust and all the certs after that i.e. if
+ * cert chain is A signed-by B signed-by C signed-by D (signed-by
+ * self-signed E but already removed above), and we trust B, remove
+ * B, C and D. */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ i = 0; /* also replace the first one */
+ else
+ i = 1; /* do not replace the first one */
+
+ for (; i < clist_size; i++) {
+ int j;
+
+ for (j = 0; j < tcas_size; j++) {
+ if (_gnutls_check_if_same_cert
+ (certificate_list[i], trusted_cas[j]) != 0) {
+ /* explicity time check for trusted CA that we remove from
+ * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
+ */
+ if (!
+ (flags &
+ GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
+&& !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) {
+ status |=
+ check_time(trusted_cas[j],
+ now);
+ if (status != 0) {
+ if (func)
+ func(certificate_list[i], trusted_cas[j], NULL, status);
+ return status;
+ }
+ }
+
+ if (func)
+ func(certificate_list[i],
+ trusted_cas[j], NULL, status);
+ clist_size = i;
+ break;
+ }
+ }
+ /* clist_size may have been changed which gets out of loop */
+ }
+
+ if (clist_size == 0) {
+ /* The certificate is already present in the trusted certificate list.
+ * Nothing to verify. */
+ return status;
+ }
+
+ /* Verify the last certificate in the certificate path
+ * against the trusted CA certificate list.
+ *
+ * If no CAs are present returns CERT_INVALID. Thus works
+ * in self signed etc certificates.
+ */
+ output = 0;
+ max_path = MAX_VERIFY_DEPTH;
+ ret = _gnutls_verify_certificate2(certificate_list[clist_size - 1],
+ trusted_cas, tcas_size, flags,
+ &output, &issuer, now, &max_path,
+ func);
+ if (ret == 0) {
+ /* if the last certificate in the certificate
+ * list is invalid, then the certificate is not
+ * trusted.
+ */
+ gnutls_assert();
+ status |= output;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ /* Verify the certificate path (chain)
+ */
+ for (i = clist_size - 1; i > 0; i--) {
+ output = 0;
+ if (i - 1 < 0)
+ break;
+
+ /* note that here we disable this V1 CA flag. So that no version 1
+ * certificates can exist in a supplied chain.
+ */
+ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
+ flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+ if ((ret =
+ _gnutls_verify_certificate2(certificate_list[i - 1],
+ &certificate_list[i], 1,
+ flags, &output, NULL, now,
+ &max_path, func)) == 0) {
+ status |= output;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+ }
+
+ return 0;
}
/* This will return the appropriate hash to verify the given signature.
@@ -694,12 +687,13 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
* the given parameters.
*/
int
-_gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk,
- gnutls_pk_params_st * issuer_params)
+_gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk,
+ gnutls_pk_params_st * issuer_params)
{
- return _gnutls_pk_hash_algorithm(pk, signature, issuer_params, hash);
+ return _gnutls_pk_hash_algorithm(pk, signature, issuer_params,
+ hash);
}
/* verifies if the certificate is properly signed.
@@ -709,37 +703,35 @@ _gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
* 'signature' is the signature!
*/
int
-_gnutls_x509_verify_data (const mac_entry_st* me,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_x509_crt_t issuer)
+_gnutls_x509_verify_data(const mac_entry_st * me,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_x509_crt_t issuer)
{
- gnutls_pk_params_st issuer_params;
- int ret;
-
- /* Read the MPI parameters from the issuer's certificate.
- */
- ret =
- _gnutls_x509_crt_get_mpis (issuer, &issuer_params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pubkey_verify_data (gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
- me, data, signature, &issuer_params);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- /* release all allocated MPIs
- */
- gnutls_pk_params_release(&issuer_params);
-
- return ret;
+ gnutls_pk_params_st issuer_params;
+ int ret;
+
+ /* Read the MPI parameters from the issuer's certificate.
+ */
+ ret = _gnutls_x509_crt_get_mpis(issuer, &issuer_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pubkey_verify_data(gnutls_x509_crt_get_pk_algorithm
+ (issuer, NULL), me, data, signature,
+ &issuer_params);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ /* release all allocated MPIs
+ */
+ gnutls_pk_params_release(&issuer_params);
+
+ return ret;
}
/**
@@ -771,40 +763,39 @@ _gnutls_x509_verify_data (const mac_entry_st* me,
* negative error value.
**/
int
-gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
- int cert_list_length,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length,
- const gnutls_x509_crl_t * CRL_list,
- int CRL_list_length, unsigned int flags,
- unsigned int *verify)
+gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list,
+ int cert_list_length,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length,
+ const gnutls_x509_crl_t * CRL_list,
+ int CRL_list_length, unsigned int flags,
+ unsigned int *verify)
{
-int i, ret;
-
- if (cert_list == NULL || cert_list_length == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- /* Verify certificate
- */
- *verify =
- _gnutls_x509_verify_certificate (cert_list, cert_list_length,
- CA_list, CA_list_length,
- flags, NULL);
-
- /* Check for revoked certificates in the chain.
- */
- for (i = 0; i < cert_list_length; i++)
- {
- ret = gnutls_x509_crt_check_revocation (cert_list[i],
- CRL_list, CRL_list_length);
- if (ret == 1)
- { /* revoked */
- *verify |= GNUTLS_CERT_REVOKED;
- *verify |= GNUTLS_CERT_INVALID;
- }
- }
-
- return 0;
+ int i, ret;
+
+ if (cert_list == NULL || cert_list_length == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ /* Verify certificate
+ */
+ *verify =
+ _gnutls_x509_verify_certificate(cert_list, cert_list_length,
+ CA_list, CA_list_length,
+ flags, NULL);
+
+ /* Check for revoked certificates in the chain.
+ */
+ for (i = 0; i < cert_list_length; i++) {
+ ret = gnutls_x509_crt_check_revocation(cert_list[i],
+ CRL_list,
+ CRL_list_length);
+ if (ret == 1) { /* revoked */
+ *verify |= GNUTLS_CERT_REVOKED;
+ *verify |= GNUTLS_CERT_INVALID;
+ }
+ }
+
+ return 0;
}
/**
@@ -823,18 +814,18 @@ int i, ret;
* negative error value.
**/
int
-gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify)
+gnutls_x509_crt_verify(gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify)
{
- /* Verify certificate
- */
- *verify =
- _gnutls_x509_verify_certificate (&cert, 1,
- CA_list, CA_list_length,
- flags, NULL);
- return 0;
+ /* Verify certificate
+ */
+ *verify =
+ _gnutls_x509_verify_certificate(&cert, 1,
+ CA_list, CA_list_length,
+ flags, NULL);
+ return 0;
}
/**
@@ -849,29 +840,28 @@ gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
* and false (0) if not.
**/
int
-gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer)
+gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer)
{
- return is_crl_issuer (crl, issuer);
+ return is_crl_issuer(crl, issuer);
}
static inline gnutls_x509_crt_t
-find_crl_issuer (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * trusted_cas, int tcas_size)
+find_crl_issuer(gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * trusted_cas, int tcas_size)
{
- int i;
+ int i;
- /* this is serial search.
- */
+ /* this is serial search.
+ */
- for (i = 0; i < tcas_size; i++)
- {
- if (is_crl_issuer (crl, trusted_cas[i]) != 0)
- return trusted_cas[i];
- }
+ for (i = 0; i < tcas_size; i++) {
+ if (is_crl_issuer(crl, trusted_cas[i]) != 0)
+ return trusted_cas[i];
+ }
- gnutls_assert ();
- return NULL;
+ gnutls_assert();
+ return NULL;
}
/**
@@ -895,127 +885,130 @@ find_crl_issuer (gnutls_x509_crl_t crl,
* negative error value.
**/
int
-gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size, unsigned int flags, unsigned int *verify)
+gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *verify)
{
/* CRL is ignored for now */
- gnutls_datum_t crl_signed_data = { NULL, 0 };
- gnutls_datum_t crl_signature = { NULL, 0 };
- gnutls_x509_crt_t issuer = NULL;
- int result, hash_algo;
- time_t now = gnutls_time(0);
- unsigned int usage;
-
- if (verify)
- *verify = 0;
-
- if (tcas_size >= 1)
- issuer = find_crl_issuer (crl, trusted_cas, tcas_size);
-
- /* issuer is not in trusted certificate
- * authorities.
- */
- if (issuer == NULL)
- {
- gnutls_assert ();
- if (verify)
- *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
- return 0;
- }
-
- if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN))
- {
- if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1)
- {
- gnutls_assert ();
- if (verify)
- *verify |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
- return 0;
- }
-
- result = gnutls_x509_crt_get_key_usage(issuer, &usage, NULL);
- if (result >= 0)
- {
- if (!(usage & GNUTLS_KEY_CRL_SIGN))
- {
- gnutls_assert();
- if (verify)
- *verify |= GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE | GNUTLS_CERT_INVALID;
- return 0;
- }
- }
- }
-
- result =
- _gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signature (crl->crl, "signature", &crl_signature);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signature_algorithm(crl->crl, "signatureAlgorithm.algorithm");
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- hash_algo = gnutls_sign_get_hash_algorithm(result);
-
- result =
- _gnutls_x509_verify_data (mac_to_entry(hash_algo), &crl_signed_data, &crl_signature,
- issuer);
- if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
- {
- gnutls_assert ();
- /* error. ignore it */
- if (verify)
- *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
- result = 0;
- }
- else if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- {
- int sigalg;
-
- sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
-
- if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
- ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
- {
- if (verify)
- *verify |= GNUTLS_CERT_INSECURE_ALGORITHM;
- result = 0;
- }
- }
-
- if (gnutls_x509_crl_get_this_update (crl) > now && verify)
- *verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE;
-
- if (gnutls_x509_crl_get_next_update (crl) < now && verify)
- *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED;
-
-
-cleanup:
- if (verify) *verify |= GNUTLS_CERT_INVALID;
-
- _gnutls_free_datum (&crl_signed_data);
- _gnutls_free_datum (&crl_signature);
-
- return result;
+ gnutls_datum_t crl_signed_data = { NULL, 0 };
+ gnutls_datum_t crl_signature = { NULL, 0 };
+ gnutls_x509_crt_t issuer = NULL;
+ int result, hash_algo;
+ time_t now = gnutls_time(0);
+ unsigned int usage;
+
+ if (verify)
+ *verify = 0;
+
+ if (tcas_size >= 1)
+ issuer = find_crl_issuer(crl, trusted_cas, tcas_size);
+
+ /* issuer is not in trusted certificate
+ * authorities.
+ */
+ if (issuer == NULL) {
+ gnutls_assert();
+ if (verify)
+ *verify |=
+ GNUTLS_CERT_SIGNER_NOT_FOUND |
+ GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN)) {
+ if (gnutls_x509_crt_get_ca_status(issuer, NULL) != 1) {
+ gnutls_assert();
+ if (verify)
+ *verify |=
+ GNUTLS_CERT_SIGNER_NOT_CA |
+ GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ result =
+ gnutls_x509_crt_get_key_usage(issuer, &usage, NULL);
+ if (result >= 0) {
+ if (!(usage & GNUTLS_KEY_CRL_SIGN)) {
+ gnutls_assert();
+ if (verify)
+ *verify |=
+ GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE
+ | GNUTLS_CERT_INVALID;
+ return 0;
+ }
+ }
+ }
+
+ result =
+ _gnutls_x509_get_signed_data(crl->crl, "tbsCertList",
+ &crl_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(crl->crl, "signature",
+ &crl_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature_algorithm(crl->crl,
+ "signatureAlgorithm.algorithm");
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ hash_algo = gnutls_sign_get_hash_algorithm(result);
+
+ result =
+ _gnutls_x509_verify_data(mac_to_entry(hash_algo),
+ &crl_signed_data, &crl_signature,
+ issuer);
+ if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
+ gnutls_assert();
+ /* error. ignore it */
+ if (verify)
+ *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
+ result = 0;
+ } else if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ {
+ int sigalg;
+
+ sigalg = gnutls_x509_crl_get_signature_algorithm(crl);
+
+ if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
+ ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) {
+ if (verify)
+ *verify |= GNUTLS_CERT_INSECURE_ALGORITHM;
+ result = 0;
+ }
+ }
+
+ if (gnutls_x509_crl_get_this_update(crl) > now && verify)
+ *verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE;
+
+ if (gnutls_x509_crl_get_next_update(crl) < now && verify)
+ *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED;
+
+
+ cleanup:
+ if (verify)
+ *verify |= GNUTLS_CERT_INVALID;
+
+ _gnutls_free_datum(&crl_signed_data);
+ _gnutls_free_datum(&crl_signature);
+
+ return result;
}
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index a0ec602c2e..164864b668 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -42,30 +42,29 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
+int gnutls_x509_crt_init(gnutls_x509_crt_t * cert)
{
- gnutls_x509_crt_t tmp = gnutls_calloc (1, sizeof (gnutls_x509_crt_int));
- int result;
+ gnutls_x509_crt_t tmp =
+ gnutls_calloc(1, sizeof(gnutls_x509_crt_int));
+ int result;
- if (!tmp)
- return GNUTLS_E_MEMORY_ERROR;
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Certificate", &tmp->cert);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmp);
- return _gnutls_asn2err (result);
- }
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Certificate", &tmp->cert);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ return _gnutls_asn2err(result);
+ }
- /* If you add anything here, be sure to check if it has to be added
- to gnutls_x509_crt_import as well. */
+ /* If you add anything here, be sure to check if it has to be added
+ to gnutls_x509_crt_import as well. */
- *cert = tmp;
+ *cert = tmp;
- return 0; /* success */
+ return 0; /* success */
}
/*-
@@ -78,49 +77,48 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
-*/
-int
-_gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
-{
- int ret;
- size_t der_size=0;
- uint8_t *der;
- gnutls_datum_t tmp;
-
- ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return ret;
- }
-
- der = gnutls_malloc (der_size);
- if (der == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (der);
- return ret;
- }
-
- tmp.data = der;
- tmp.size = der_size;
- ret = gnutls_x509_crt_import (dest, &tmp, GNUTLS_X509_FMT_DER);
-
- gnutls_free (der);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
+{
+ int ret;
+ size_t der_size = 0;
+ uint8_t *der;
+ gnutls_datum_t tmp;
+
+ ret =
+ gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL,
+ &der_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return ret;
+ }
+
+ der = gnutls_malloc(der_size);
+ if (der == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, der,
+ &der_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(der);
+ return ret;
+ }
+
+ tmp.data = der;
+ tmp.size = der_size;
+ ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER);
+
+ gnutls_free(der);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -129,17 +127,16 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
*
* This function will deinitialize a certificate structure.
**/
-void
-gnutls_x509_crt_deinit (gnutls_x509_crt_t cert)
+void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert)
{
- if (!cert)
- return;
+ if (!cert)
+ return;
- if (cert->cert)
- asn1_delete_structure (&cert->cert);
- gnutls_free(cert->raw_dn.data);
- gnutls_free(cert->raw_issuer_dn.data);
- gnutls_free (cert);
+ if (cert->cert)
+ asn1_delete_structure(&cert->cert);
+ gnutls_free(cert->raw_dn.data);
+ gnutls_free(cert->raw_issuer_dn.data);
+ gnutls_free(cert);
}
/**
@@ -159,108 +156,103 @@ gnutls_x509_crt_deinit (gnutls_x509_crt_t cert)
* negative error value.
**/
int
-gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
-{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header */
- result =
- _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &_data);
-
- if (result <= 0)
- {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode (PEM_X509_CERT, data->data,
- data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- need_free = 1;
- }
-
- if (cert->expanded)
- {
- /* Any earlier asn1_der_decoding will modify the ASN.1
- structure, so we need to replace it with a fresh
- structure. */
- asn1_delete_structure (&cert->cert);
- _gnutls_free_datum(&cert->raw_dn);
- _gnutls_free_datum(&cert->raw_issuer_dn);
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Certificate", &cert->cert);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_raw_dn2 (cert->cert, &_data,
- "tbsCertificate.issuer.rdnSequence",
- &cert->raw_issuer_dn);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_raw_dn2 (cert->cert, &_data,
- "tbsCertificate.subject.rdnSequence",
- &cert->raw_dn);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- cert->expanded = 1;
-
- /* Since we do not want to disable any extension
- */
- cert->use_extensions = 1;
- if (need_free)
- _gnutls_free_datum (&_data);
-
- return 0;
-
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- _gnutls_free_datum (&cert->raw_dn);
- _gnutls_free_datum (&cert->raw_issuer_dn);
- return result;
+gnutls_x509_crt_import(gnutls_x509_crt_t cert,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PEM_X509_CERT2, data->data,
+ data->size, &_data);
+
+ if (result <= 0) {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_X509_CERT,
+ data->data, data->size,
+ &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ need_free = 1;
+ }
+
+ if (cert->expanded) {
+ /* Any earlier asn1_der_decoding will modify the ASN.1
+ structure, so we need to replace it with a fresh
+ structure. */
+ asn1_delete_structure(&cert->cert);
+ _gnutls_free_datum(&cert->raw_dn);
+ _gnutls_free_datum(&cert->raw_issuer_dn);
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Certificate",
+ &cert->cert);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ result =
+ asn1_der_decoding(&cert->cert, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_get_raw_dn2(cert->cert, &_data,
+ "tbsCertificate.issuer.rdnSequence",
+ &cert->raw_issuer_dn);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_get_raw_dn2(cert->cert, &_data,
+ "tbsCertificate.subject.rdnSequence",
+ &cert->raw_dn);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cert->expanded = 1;
+
+ /* Since we do not want to disable any extension
+ */
+ cert->use_extensions = 1;
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ _gnutls_free_datum(&cert->raw_dn);
+ _gnutls_free_datum(&cert->raw_issuer_dn);
+ return result;
}
@@ -282,18 +274,17 @@ cleanup:
* the required size. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf,
+ size_t * buf_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_parse_dn (cert->cert,
- "tbsCertificate.issuer.rdnSequence", buf,
- buf_size);
+ return _gnutls_x509_parse_dn(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ buf, buf_size);
}
/**
@@ -312,16 +303,16 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
* Since: 3.1.10
**/
int
-gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn (cert->cert,
- "tbsCertificate.issuer.rdnSequence", dn);
+ return _gnutls_x509_get_dn(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ dn);
}
/**
@@ -354,27 +345,26 @@ gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
* are no data in the current index. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * buf_size)
{
-gnutls_datum_t td;
-int ret;
+ gnutls_datum_t td;
+ int ret;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ ret = _gnutls_x509_parse_dn_oid(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ oid, indx, raw_flag, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_x509_parse_dn_oid (cert->cert,
- "tbsCertificate.issuer.rdnSequence",
- oid, indx, raw_flag, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -397,18 +387,17 @@ int ret;
* are no data in the current index. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * oid_size)
+gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * oid_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn_oid (cert->cert,
- "tbsCertificate.issuer.rdnSequence",
- indx, oid, oid_size);
+ return _gnutls_x509_get_dn_oid(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ indx, oid, oid_size);
}
/**
@@ -429,18 +418,17 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
* with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf,
+ size_t * buf_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_parse_dn (cert->cert,
- "tbsCertificate.subject.rdnSequence", buf,
- buf_size);
+ return _gnutls_x509_parse_dn(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ buf, buf_size);
}
/**
@@ -458,17 +446,16 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
*
* Since: 3.1.10
**/
-int
-gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn (cert->cert,
- "tbsCertificate.subject.rdnSequence", dn);
+ return _gnutls_x509_get_dn(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ dn);
}
/**
@@ -501,26 +488,25 @@ gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
* are no data in the current index. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * buf_size)
+gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * buf_size)
{
-gnutls_datum_t td;
-int ret;
+ gnutls_datum_t td;
+ int ret;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ ret = _gnutls_x509_parse_dn_oid(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ oid, indx, raw_flag, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_x509_parse_dn_oid (cert->cert,
- "tbsCertificate.subject.rdnSequence",
- oid, indx, raw_flag, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -543,18 +529,17 @@ int ret;
* are no data in the current index. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * oid_size)
+gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * oid_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn_oid (cert->cert,
- "tbsCertificate.subject.rdnSequence",
- indx, oid, oid_size);
+ return _gnutls_x509_get_dn_oid(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ indx, oid, oid_size);
}
/**
@@ -568,10 +553,10 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
* Returns: a #gnutls_sign_algorithm_t value, or a negative error code on
* error.
**/
-int
-gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert)
+int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert)
{
- return _gnutls_x509_get_signature_algorithm(cert->cert, "signatureAlgorithm.algorithm");
+ return _gnutls_x509_get_signature_algorithm(cert->cert,
+ "signatureAlgorithm.algorithm");
}
/**
@@ -586,50 +571,45 @@ gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert)
* negative error value. and a negative error code on error.
**/
int
-gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
- char *sig, size_t * sizeof_sig)
-{
- int result;
- unsigned int bits;
- int len;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = 0;
- result = asn1_read_value (cert->cert, "signature", NULL, &len);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- bits = len;
- if (bits % 8 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- len = bits / 8;
-
- if (*sizeof_sig < (unsigned int) len)
- {
- *sizeof_sig = len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- result = asn1_read_value (cert->cert, "signature", sig, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
+ char *sig, size_t * sizeof_sig)
+{
+ int result;
+ unsigned int bits;
+ int len;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = 0;
+ result = asn1_read_value(cert->cert, "signature", NULL, &len);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ bits = len;
+ if (bits % 8 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ len = bits / 8;
+
+ if (*sizeof_sig < (unsigned int) len) {
+ *sizeof_sig = len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ result = asn1_read_value(cert->cert, "signature", sig, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -640,31 +620,28 @@ gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
*
* Returns: version of certificate, or a negative error code on error.
**/
-int
-gnutls_x509_crt_get_version (gnutls_x509_crt_t cert)
+int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert)
{
- uint8_t version[8];
- int len, result;
+ uint8_t version[8];
+ int len, result;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- len = sizeof (version);
- if ((result =
- asn1_read_value (cert->cert, "tbsCertificate.version", version,
- &len)) != ASN1_SUCCESS)
- {
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(cert->cert, "tbsCertificate.version", version,
+ &len)) != ASN1_SUCCESS) {
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return (int) version[0] + 1;
+ return (int) version[0] + 1;
}
/**
@@ -676,17 +653,16 @@ gnutls_x509_crt_get_version (gnutls_x509_crt_t cert)
*
* Returns: activation time, or (time_t)-1 on error.
**/
-time_t
-gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert)
+time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time (cert->cert,
- "tbsCertificate.validity.notBefore", 0);
+ return _gnutls_x509_get_time(cert->cert,
+ "tbsCertificate.validity.notBefore",
+ 0);
}
/**
@@ -698,17 +674,16 @@ gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert)
*
* Returns: expiration time, or (time_t)-1 on error.
**/
-time_t
-gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
+time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time (cert->cert,
- "tbsCertificate.validity.notAfter", 0);
+ return _gnutls_x509_get_time(cert->cert,
+ "tbsCertificate.validity.notAfter",
+ 0);
}
/**
@@ -726,60 +701,59 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
* if the extension is not present, otherwise a negative error value.
**/
int
-gnutls_x509_crt_get_private_key_usage_period (gnutls_x509_crt_t cert, time_t* activation, time_t* expiration,
- unsigned int *critical)
-{
- int result, ret;
- gnutls_datum_t der = {NULL, 0};
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.16", 0, &der,
- critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (der.size == 0 || der.data == NULL)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&c2, der.data, der.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (activation)
- *activation = _gnutls_x509_get_time (c2,
- "notBefore", 1);
-
- if (expiration)
- *expiration = _gnutls_x509_get_time (c2,
- "notAfter", 1);
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum(&der);
- asn1_delete_structure (&c2);
-
- return ret;
+gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t cert,
+ time_t * activation,
+ time_t * expiration,
+ unsigned int *critical)
+{
+ int result, ret;
+ gnutls_datum_t der = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.16", 0, &der,
+ critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (der.size == 0 || der.data == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.PrivateKeyUsagePeriod", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding(&c2, der.data, der.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (activation)
+ *activation = _gnutls_x509_get_time(c2, "notBefore", 1);
+
+ if (expiration)
+ *expiration = _gnutls_x509_get_time(c2, "notAfter", 1);
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&der);
+ asn1_delete_structure(&c2);
+
+ return ret;
}
@@ -798,29 +772,28 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
- size_t * result_size)
+gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result,
+ size_t * result_size)
{
- int ret, len;
+ int ret, len;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- len = *result_size;
- ret =
- asn1_read_value (cert->cert, "tbsCertificate.serialNumber", result, &len);
- *result_size = len;
+ len = *result_size;
+ ret =
+ asn1_read_value(cert->cert, "tbsCertificate.serialNumber",
+ result, &len);
+ *result_size = len;
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
- return 0;
+ return 0;
}
/**
@@ -838,126 +811,116 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
* if the extension is not present, otherwise a negative error value.
**/
int
-gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret,
- size_t * ret_size, unsigned int *critical)
-{
- int result, len;
- gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id,
- critical)) < 0)
- {
- return result;
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&id);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, id.data, id.size, NULL);
- _gnutls_free_datum (&id);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- len = *ret_size;
- result = asn1_read_value (c2, "", ret, &len);
-
- *ret_size = len;
- asn1_delete_structure (&c2);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
+{
+ int result, len;
+ gnutls_datum_t id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectKeyIdentifier", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ len = *ret_size;
+ result = asn1_read_value(c2, "", ret, &len);
+
+ *ret_size = len;
+ asn1_delete_structure(&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
static int
-_get_authority_key_id (gnutls_x509_crt_t cert, ASN1_TYPE *c2,
- unsigned int *critical)
-{
- int ret;
- gnutls_datum_t id;
-
- *c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((ret =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id,
- critical)) < 0)
- {
- return gnutls_assert_val(ret);
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- ret = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&id);
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (c2, id.data, id.size, NULL);
- _gnutls_free_datum (&id);
-
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (c2);
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+_get_authority_key_id(gnutls_x509_crt_t cert, ASN1_TYPE * c2,
+ unsigned int *critical)
+{
+ int ret;
+ gnutls_datum_t id;
+
+ *c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((ret =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &id,
+ critical)) < 0) {
+ return gnutls_assert_val(ret);
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ ret = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_der_decoding(c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(c2);
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/**
@@ -985,48 +948,50 @@ _get_authority_key_id (gnutls_x509_crt_t cert, ASN1_TYPE *c2,
* Since: 3.0
**/
int
-gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert, unsigned int seq, void *alt,
- size_t * alt_size, unsigned int *alt_type,
- void* serial, size_t *serial_size,
- unsigned int *critical)
-{
-int ret, result, len;
-ASN1_TYPE c2;
-
- ret = _get_authority_key_id(cert, &c2, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret =
- _gnutls_parse_general_name (c2, "authorityCertIssuer", seq, alt, alt_size, alt_type,
- 0);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto fail;
- }
-
- if (serial)
- {
- len = *serial_size;
- result = asn1_read_value (c2, "authorityCertSerialNumber", serial, &len);
-
- *serial_size = len;
-
- if (result < 0)
- {
- ret = _gnutls_asn2err(result);
- goto fail;
- }
-
- }
-
- ret = 0;
-
-fail:
- asn1_delete_structure (&c2);
-
- return ret;
+gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert,
+ unsigned int seq, void *alt,
+ size_t * alt_size,
+ unsigned int *alt_type,
+ void *serial,
+ size_t * serial_size,
+ unsigned int *critical)
+{
+ int ret, result, len;
+ ASN1_TYPE c2;
+
+ ret = _get_authority_key_id(cert, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_parse_general_name(c2, "authorityCertIssuer", seq, alt,
+ alt_size, alt_type, 0);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto fail;
+ }
+
+ if (serial) {
+ len = *serial_size;
+ result =
+ asn1_read_value(c2, "authorityCertSerialNumber",
+ serial, &len);
+
+ *serial_size = len;
+
+ if (result < 0) {
+ ret = _gnutls_asn2err(result);
+ goto fail;
+ }
+
+ }
+
+ ret = 0;
+
+ fail:
+ asn1_delete_structure(&c2);
+
+ return ret;
}
/**
@@ -1048,34 +1013,35 @@ fail:
* if the extension is not present, otherwise a negative error value.
**/
int
-gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *id,
- size_t * id_size,
- unsigned int *critical)
+gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id,
+ size_t * id_size,
+ unsigned int *critical)
{
- int ret, result, len;
- ASN1_TYPE c2;
+ int ret, result, len;
+ ASN1_TYPE c2;
- ret = _get_authority_key_id(cert, &c2, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _get_authority_key_id(cert, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- len = *id_size;
- result = asn1_read_value (c2, "keyIdentifier", id, &len);
+ len = *id_size;
+ result = asn1_read_value(c2, "keyIdentifier", id, &len);
- *id_size = len;
- asn1_delete_structure (&c2);
+ *id_size = len;
+ asn1_delete_structure(&c2);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND)
+ return
+ gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
- if (result != ASN1_SUCCESS)
- {
- if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -1095,42 +1061,40 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *id,
* success, or a negative error code on error.
**/
int
-gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits)
+gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
+ unsigned int *bits)
{
- int result;
+ int result;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bits)
- *bits = 0;
+ if (bits)
+ *bits = 0;
- result =
- _gnutls_x509_get_pk_algorithm (cert->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- bits);
+ result =
+ _gnutls_x509_get_pk_algorithm(cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ bits);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return result;
+ return result;
}
-inline static int
-is_type_printable (int type)
+inline static int is_type_printable(int type)
{
- if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME ||
- type == GNUTLS_SAN_URI)
- return 1;
- else
- return 0;
+ if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME ||
+ type == GNUTLS_SAN_URI)
+ return 1;
+ else
+ return 0;
}
#define XMPP_OID "1.3.6.1.5.5.7.8.5"
@@ -1139,251 +1103,233 @@ is_type_printable (int type)
* Type is also returned as a parameter in case of an error.
*/
int
-_gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
- int seq, void *name, size_t * name_size,
- unsigned int *ret_type, int othername_oid)
-{
- int len;
- char nptr[ASN1_MAX_NAME_SIZE];
- int result;
- char choice_type[128];
- gnutls_x509_subject_alt_name_t type;
-
- seq++; /* 0->1, 1->2 etc */
-
- if (src_name[0] != 0)
- snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq);
- else
- snprintf (nptr, sizeof (nptr), "?%u", seq);
-
- len = sizeof (choice_type);
- result = asn1_read_value (src, nptr, choice_type, &len);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- type = _gnutls_x509_san_find_type (choice_type);
- if (type == (gnutls_x509_subject_alt_name_t) - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_X509_UNKNOWN_SAN;
- }
-
- if (ret_type)
- *ret_type = type;
-
- if (type == GNUTLS_SAN_OTHERNAME)
- {
- if (othername_oid)
- _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id");
- else
- _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value");
-
- len = *name_size;
- result = asn1_read_value (src, nptr, name, &len);
- *name_size = len;
-
- if (result == ASN1_MEM_ERROR)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (othername_oid)
- {
- if ((unsigned)len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0)
- type = GNUTLS_SAN_OTHERNAME_XMPP;
- }
- else
- {
- char oid[42];
-
- if (src_name[0] != 0)
- snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id",
- src_name, seq);
- else
- snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq);
-
- len = sizeof (oid);
- result = asn1_read_value (src, nptr, oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if ((unsigned)len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0)
- {
- gnutls_datum_t out;
-
- result = _gnutls_x509_decode_string(ASN1_ETYPE_UTF8_STRING,
- name, *name_size, &out);
- if (result < 0)
- {
- gnutls_assert();
- return result;
- }
-
- if (*name_size <= out.size)
- {
- gnutls_assert ();
- gnutls_free(out.data);
- *name_size = len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *name_size = out.size;
- memcpy(name, out.data, out.size);
- /* null terminate it */
- ((char *) name)[*name_size] = 0;
- gnutls_free(out.data);
- }
- }
- }
- else if (type == GNUTLS_SAN_DN)
- {
- _gnutls_str_cat (nptr, sizeof (nptr), ".directoryName");
- result = _gnutls_x509_parse_dn (src, nptr, name, name_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
- else if (othername_oid)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else
- {
- size_t orig_name_size = *name_size;
-
- _gnutls_str_cat (nptr, sizeof (nptr), ".");
- _gnutls_str_cat (nptr, sizeof (nptr), choice_type);
-
- len = *name_size;
- result = asn1_read_value (src, nptr, name, &len);
- *name_size = len;
-
- if (result == ASN1_MEM_ERROR)
- {
- if (is_type_printable (type))
- (*name_size)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (is_type_printable (type))
- {
-
- if ((unsigned)len + 1 > orig_name_size)
- {
- gnutls_assert ();
- (*name_size)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- /* null terminate it */
- if (name)
- ((char *) name)[*name_size] = 0;
- }
-
- }
-
- return type;
+_gnutls_parse_general_name(ASN1_TYPE src, const char *src_name,
+ int seq, void *name, size_t * name_size,
+ unsigned int *ret_type, int othername_oid)
+{
+ int len;
+ char nptr[ASN1_MAX_NAME_SIZE];
+ int result;
+ char choice_type[128];
+ gnutls_x509_subject_alt_name_t type;
+
+ seq++; /* 0->1, 1->2 etc */
+
+ if (src_name[0] != 0)
+ snprintf(nptr, sizeof(nptr), "%s.?%u", src_name, seq);
+ else
+ snprintf(nptr, sizeof(nptr), "?%u", seq);
+
+ len = sizeof(choice_type);
+ result = asn1_read_value(src, nptr, choice_type, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ type = _gnutls_x509_san_find_type(choice_type);
+ if (type == (gnutls_x509_subject_alt_name_t) - 1) {
+ gnutls_assert();
+ return GNUTLS_E_X509_UNKNOWN_SAN;
+ }
+
+ if (ret_type)
+ *ret_type = type;
+
+ if (type == GNUTLS_SAN_OTHERNAME) {
+ if (othername_oid)
+ _gnutls_str_cat(nptr, sizeof(nptr),
+ ".otherName.type-id");
+ else
+ _gnutls_str_cat(nptr, sizeof(nptr),
+ ".otherName.value");
+
+ len = *name_size;
+ result = asn1_read_value(src, nptr, name, &len);
+ *name_size = len;
+
+ if (result == ASN1_MEM_ERROR)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (othername_oid) {
+ if ((unsigned) len > strlen(XMPP_OID)
+ && strcmp(name, XMPP_OID) == 0)
+ type = GNUTLS_SAN_OTHERNAME_XMPP;
+ } else {
+ char oid[42];
+
+ if (src_name[0] != 0)
+ snprintf(nptr, sizeof(nptr),
+ "%s.?%u.otherName.type-id",
+ src_name, seq);
+ else
+ snprintf(nptr, sizeof(nptr),
+ "?%u.otherName.type-id", seq);
+
+ len = sizeof(oid);
+ result = asn1_read_value(src, nptr, oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if ((unsigned) len > strlen(XMPP_OID)
+ && strcmp(oid, XMPP_OID) == 0) {
+ gnutls_datum_t out;
+
+ result =
+ _gnutls_x509_decode_string
+ (ASN1_ETYPE_UTF8_STRING, name,
+ *name_size, &out);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (*name_size <= out.size) {
+ gnutls_assert();
+ gnutls_free(out.data);
+ *name_size = len + 1;
+ return
+ GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *name_size = out.size;
+ memcpy(name, out.data, out.size);
+ /* null terminate it */
+ ((char *) name)[*name_size] = 0;
+ gnutls_free(out.data);
+ }
+ }
+ } else if (type == GNUTLS_SAN_DN) {
+ _gnutls_str_cat(nptr, sizeof(nptr), ".directoryName");
+ result = _gnutls_x509_parse_dn(src, nptr, name, name_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ } else if (othername_oid)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else {
+ size_t orig_name_size = *name_size;
+
+ _gnutls_str_cat(nptr, sizeof(nptr), ".");
+ _gnutls_str_cat(nptr, sizeof(nptr), choice_type);
+
+ len = *name_size;
+ result = asn1_read_value(src, nptr, name, &len);
+ *name_size = len;
+
+ if (result == ASN1_MEM_ERROR) {
+ if (is_type_printable(type))
+ (*name_size)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (is_type_printable(type)) {
+
+ if ((unsigned) len + 1 > orig_name_size) {
+ gnutls_assert();
+ (*name_size)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ /* null terminate it */
+ if (name)
+ ((char *) name)[*name_size] = 0;
+ }
+
+ }
+
+ return type;
}
static int
-get_alt_name (gnutls_x509_crt_t cert, const char *extension_id,
- unsigned int seq, void *alt,
- size_t * alt_size, unsigned int *alt_type,
- unsigned int *critical, int othername_oid)
-{
- int result;
- gnutls_datum_t dnsname;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (alt)
- memset (alt, 0, *alt_size);
- else
- *alt_size = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, extension_id, 0, &dnsname,
- critical)) < 0)
- {
- return result;
- }
-
- if (dnsname.size == 0 || dnsname.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (strcmp ("2.5.29.17", extension_id) == 0)
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.SubjectAltName", &c2);
- else if (strcmp ("2.5.29.18", extension_id) == 0)
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.IssuerAltName", &c2);
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&dnsname);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, dnsname.data, dnsname.size, NULL);
- _gnutls_free_datum (&dnsname);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- result =
- _gnutls_parse_general_name (c2, "", seq, alt, alt_size, alt_type,
- othername_oid);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return result;
+get_alt_name(gnutls_x509_crt_t cert, const char *extension_id,
+ unsigned int seq, void *alt,
+ size_t * alt_size, unsigned int *alt_type,
+ unsigned int *critical, int othername_oid)
+{
+ int result;
+ gnutls_datum_t dnsname;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (alt)
+ memset(alt, 0, *alt_size);
+ else
+ *alt_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, extension_id, 0,
+ &dnsname, critical)) < 0) {
+ return result;
+ }
+
+ if (dnsname.size == 0 || dnsname.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (strcmp("2.5.29.17", extension_id) == 0)
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectAltName", &c2);
+ else if (strcmp("2.5.29.18", extension_id) == 0)
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.IssuerAltName", &c2);
+ else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&dnsname);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL);
+ _gnutls_free_datum(&dnsname);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_parse_general_name(c2, "", seq, alt, alt_size,
+ alt_type, othername_oid);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return result;
}
/**
@@ -1417,13 +1363,13 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id,
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
**/
int
-gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *san,
- size_t * san_size,
- unsigned int *critical)
+gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert,
+ unsigned int seq, void *san,
+ size_t * san_size,
+ unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.17", seq, san, san_size, NULL, critical,
- 0);
+ return get_alt_name(cert, "2.5.29.17", seq, san, san_size, NULL,
+ critical, 0);
}
/**
@@ -1460,13 +1406,13 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
* Since: 2.10.0
**/
int
-gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ian,
- size_t * ian_size,
- unsigned int *critical)
+gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert,
+ unsigned int seq, void *ian,
+ size_t * ian_size,
+ unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.18", seq, ian, ian_size, NULL, critical,
- 0);
+ return get_alt_name(cert, "2.5.29.18", seq, ian, ian_size, NULL,
+ critical, 0);
}
/**
@@ -1494,14 +1440,14 @@ gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
**/
int
-gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *san,
- size_t * san_size,
- unsigned int *san_type,
- unsigned int *critical)
+gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert,
+ unsigned int seq, void *san,
+ size_t * san_size,
+ unsigned int *san_type,
+ unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.17", seq, san, san_size, san_type,
- critical, 0);
+ return get_alt_name(cert, "2.5.29.17", seq, san, san_size,
+ san_type, critical, 0);
}
/**
@@ -1532,14 +1478,14 @@ gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
*
**/
int
-gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ian,
- size_t * ian_size,
- unsigned int *ian_type,
- unsigned int *critical)
+gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert,
+ unsigned int seq, void *ian,
+ size_t * ian_size,
+ unsigned int *ian_type,
+ unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.18", seq, ian, ian_size, ian_type,
- critical, 0);
+ return get_alt_name(cert, "2.5.29.18", seq, ian, ian_size,
+ ian_type, critical, 0);
}
/**
@@ -1573,11 +1519,12 @@ gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
**/
int
-gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *oid, size_t * oid_size)
+gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *oid, size_t * oid_size)
{
- return get_alt_name (cert, "2.5.29.17", seq, oid, oid_size, NULL, NULL, 1);
+ return get_alt_name(cert, "2.5.29.17", seq, oid, oid_size, NULL,
+ NULL, 1);
}
/**
@@ -1613,11 +1560,12 @@ gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
* Since: 2.10.0
**/
int
-gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret, size_t * ret_size)
+gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ret, size_t * ret_size)
{
- return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, NULL, 1);
+ return get_alt_name(cert, "2.5.29.18", seq, ret, ret_size, NULL,
+ NULL, 1);
}
/**
@@ -1641,49 +1589,48 @@ gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
int
-gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
- unsigned int *critical,
- unsigned int *ca, int *pathlen)
-{
- int result;
- gnutls_datum_t basicConstraints;
- unsigned int tmp_ca;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.19", 0,
- &basicConstraints, critical)) < 0)
- {
- return result;
- }
-
- if (basicConstraints.size == 0 || basicConstraints.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result =
- _gnutls_x509_ext_extract_basicConstraints (&tmp_ca,
- pathlen,
- basicConstraints.data,
- basicConstraints.size);
- if (ca)
- *ca = tmp_ca;
- _gnutls_free_datum (&basicConstraints);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return tmp_ca;
+gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ unsigned int *ca, int *pathlen)
+{
+ int result;
+ gnutls_datum_t basicConstraints;
+ unsigned int tmp_ca;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0,
+ &basicConstraints,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (basicConstraints.size == 0 || basicConstraints.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result =
+ _gnutls_x509_ext_extract_basicConstraints(&tmp_ca,
+ pathlen,
+ basicConstraints.
+ data,
+ basicConstraints.
+ size);
+ if (ca)
+ *ca = tmp_ca;
+ _gnutls_free_datum(&basicConstraints);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return tmp_ca;
}
/**
@@ -1704,12 +1651,13 @@ gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
int
-gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
+gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
+ unsigned int *critical)
{
- int pathlen;
- unsigned int ca;
- return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca,
- &pathlen);
+ int pathlen;
+ unsigned int ca;
+ return gnutls_x509_crt_get_basic_constraints(cert, critical, &ca,
+ &pathlen);
}
/**
@@ -1732,46 +1680,42 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
* returned.
**/
int
-gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
- unsigned int *key_usage,
- unsigned int *critical)
+gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert,
+ unsigned int *key_usage,
+ unsigned int *critical)
{
- int result;
- gnutls_datum_t keyUsage;
- uint16_t _usage;
+ int result;
+ gnutls_datum_t keyUsage;
+ uint16_t _usage;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage,
- critical)) < 0)
- {
- return result;
- }
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0,
+ &keyUsage, critical)) < 0) {
+ return result;
+ }
- if (keyUsage.size == 0 || keyUsage.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (keyUsage.size == 0 || keyUsage.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- result = _gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data,
- keyUsage.size);
- _gnutls_free_datum (&keyUsage);
+ result = _gnutls_x509_ext_extract_keyUsage(&_usage, keyUsage.data,
+ keyUsage.size);
+ _gnutls_free_datum(&keyUsage);
- *key_usage = _usage;
+ *key_usage = _usage;
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -1792,48 +1736,46 @@ gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
* otherwise a negative error code is returned.
**/
int
-gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *pathlen,
- char **policyLanguage,
- char **policy, size_t * sizeof_policy)
-{
- int result;
- gnutls_datum_t proxyCertInfo;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0,
- &proxyCertInfo, critical)) < 0)
- {
- return result;
- }
-
- if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = _gnutls_x509_ext_extract_proxyCertInfo (pathlen,
- policyLanguage,
- policy,
- sizeof_policy,
- proxyCertInfo.data,
- proxyCertInfo.size);
- _gnutls_free_datum (&proxyCertInfo);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ int *pathlen,
+ char **policyLanguage,
+ char **policy, size_t * sizeof_policy)
+{
+ int result;
+ gnutls_datum_t proxyCertInfo;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "1.3.6.1.5.5.7.1.14", 0,
+ &proxyCertInfo, critical)) < 0)
+ {
+ return result;
+ }
+
+ if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = _gnutls_x509_ext_extract_proxyCertInfo(pathlen,
+ policyLanguage,
+ policy,
+ sizeof_policy,
+ proxyCertInfo.data,
+ proxyCertInfo.
+ size);
+ _gnutls_free_datum(&proxyCertInfo);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -1845,92 +1787,86 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
*
* Since: 3.1.5
**/
-void gnutls_x509_policy_release(struct gnutls_x509_policy_st* policy)
-{
-unsigned i;
-
- gnutls_free(policy->oid);
- for (i=0;i<policy->qualifiers;i++)
- gnutls_free(policy->qualifier[i].data);
-}
-
-static int decode_user_notice(const void* data, size_t size, gnutls_datum_t *txt)
-{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int ret, len;
- char choice_type[64];
- char name[128];
- gnutls_datum_t td, utd;
-
- ret = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.UserNotice", &c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, data, size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
-
- len = sizeof(choice_type);
- ret = asn1_read_value(c2, "explicitText", choice_type, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
-
- if (strcmp(choice_type, "utf8String") != 0 && strcmp(choice_type, "IA5String") != 0 &&
- strcmp(choice_type, "bmpString") != 0 && strcmp(choice_type, "visibleString") != 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
-
- snprintf (name, sizeof (name), "explicitText.%s", choice_type);
-
- ret = _gnutls_x509_read_value(c2, name, &td);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (strcmp(choice_type, "bmpString") == 0)
- { /* convert to UTF-8 */
- ret = _gnutls_ucs2_to_utf8(td.data, td.size, &utd);
- _gnutls_free_datum(&td);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- td.data = utd.data;
- td.size = utd.size;
- }
- else
- {
- /* _gnutls_x509_read_value allows that */
- td.data[td.size] = 0;
- }
-
- txt->data = (void*)td.data;
- txt->size = td.size;
- ret = 0;
-
-cleanup:
- asn1_delete_structure (&c2);
- return ret;
+void gnutls_x509_policy_release(struct gnutls_x509_policy_st *policy)
+{
+ unsigned i;
+
+ gnutls_free(policy->oid);
+ for (i = 0; i < policy->qualifiers; i++)
+ gnutls_free(policy->qualifier[i].data);
+}
+
+static int decode_user_notice(const void *data, size_t size,
+ gnutls_datum_t * txt)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int ret, len;
+ char choice_type[64];
+ char name[128];
+ gnutls_datum_t td, utd;
+
+ ret = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.UserNotice", &c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, data, size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ len = sizeof(choice_type);
+ ret = asn1_read_value(c2, "explicitText", choice_type, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ if (strcmp(choice_type, "utf8String") != 0
+ && strcmp(choice_type, "IA5String") != 0
+ && strcmp(choice_type, "bmpString") != 0
+ && strcmp(choice_type, "visibleString") != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ snprintf(name, sizeof(name), "explicitText.%s", choice_type);
+
+ ret = _gnutls_x509_read_value(c2, name, &td);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (strcmp(choice_type, "bmpString") == 0) { /* convert to UTF-8 */
+ ret = _gnutls_ucs2_to_utf8(td.data, td.size, &utd);
+ _gnutls_free_datum(&td);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ td.data = utd.data;
+ td.size = utd.size;
+ } else {
+ /* _gnutls_x509_read_value allows that */
+ td.data[td.size] = 0;
+ }
+
+ txt->data = (void *) td.data;
+ txt->size = td.size;
+ ret = 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ return ret;
}
@@ -1953,153 +1889,149 @@ cleanup:
* Since: 3.1.5
**/
int
-gnutls_x509_crt_get_policy (gnutls_x509_crt_t crt, int indx,
- struct gnutls_x509_policy_st* policy,
- unsigned int *critical)
-{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- char tmpstr[128];
- char tmpoid[MAX_OID_SIZE];
- gnutls_datum_t tmpd = {NULL, 0};
- int ret, len;
- unsigned i;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- memset(policy, 0, sizeof(*policy));
-
- if ((ret =
- _gnutls_x509_crt_get_extension (crt, "2.5.29.32", 0, &tmpd,
- critical)) < 0)
- {
- return ret;
- }
-
- if (tmpd.size == 0 || tmpd .data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- ret = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.certificatePolicies", &c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, tmpd.data, tmpd.size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
- _gnutls_free_datum (&tmpd);
-
- indx++;
- /* create a string like "?1"
- */
- snprintf (tmpstr, sizeof (tmpstr), "?%u.policyIdentifier", indx);
-
- ret = _gnutls_x509_read_value(c2, tmpstr, &tmpd);
-
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- policy->oid = (void*)tmpd.data;
- tmpd.data = NULL;
-
- for (i=0;i<GNUTLS_MAX_QUALIFIERS;i++)
- {
- gnutls_datum_t td;
-
- snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.policyQualifierId", indx, i+1);
-
- len = sizeof(tmpoid);
- ret = asn1_read_value(c2, tmpstr, tmpoid, &len);
-
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- break; /* finished */
-
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.1") == 0)
- {
- snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.qualifier", indx, i+1);
-
- ret = _gnutls_x509_read_string(c2, tmpstr, &td, ASN1_ETYPE_IA5_STRING);
- if (ret < 0)
- {
- gnutls_assert();
- goto full_cleanup;
- }
-
- policy->qualifier[i].data = (void*)td.data;
- policy->qualifier[i].size = td.size;
- td.data = NULL;
- policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_URI;
- }
- else if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.2") == 0)
- {
- gnutls_datum_t txt;
-
- snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.qualifier", indx, i+1);
-
- ret = _gnutls_x509_read_value(c2, tmpstr, &td);
- if (ret < 0)
- {
- gnutls_assert();
- goto full_cleanup;
- }
-
- ret = decode_user_notice(td.data, td.size, &txt);
- gnutls_free(td.data);
- td.data = NULL;
-
- if (ret < 0)
- {
- gnutls_assert();
- goto full_cleanup;
- }
-
- policy->qualifier[i].data = (void*)txt.data;
- policy->qualifier[i].size = txt.size;
- policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_NOTICE;
- }
- else
- policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_UNKNOWN;
-
- policy->qualifiers++;
-
- }
-
- ret = 0;
- goto cleanup;
-
-full_cleanup:
- gnutls_x509_policy_release(policy);
-
-cleanup:
- _gnutls_free_datum (&tmpd);
- asn1_delete_structure (&c2);
- return ret;
+gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx,
+ struct gnutls_x509_policy_st *policy,
+ unsigned int *critical)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ char tmpstr[128];
+ char tmpoid[MAX_OID_SIZE];
+ gnutls_datum_t tmpd = { NULL, 0 };
+ int ret, len;
+ unsigned i;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset(policy, 0, sizeof(*policy));
+
+ if ((ret =
+ _gnutls_x509_crt_get_extension(crt, "2.5.29.32", 0, &tmpd,
+ critical)) < 0) {
+ return ret;
+ }
+
+ if (tmpd.size == 0 || tmpd.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ ret = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.certificatePolicies", &c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, tmpd.data, tmpd.size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+ _gnutls_free_datum(&tmpd);
+
+ indx++;
+ /* create a string like "?1"
+ */
+ snprintf(tmpstr, sizeof(tmpstr), "?%u.policyIdentifier", indx);
+
+ ret = _gnutls_x509_read_value(c2, tmpstr, &tmpd);
+
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ policy->oid = (void *) tmpd.data;
+ tmpd.data = NULL;
+
+ for (i = 0; i < GNUTLS_MAX_QUALIFIERS; i++) {
+ gnutls_datum_t td;
+
+ snprintf(tmpstr, sizeof(tmpstr),
+ "?%u.policyQualifiers.?%u.policyQualifierId",
+ indx, i + 1);
+
+ len = sizeof(tmpoid);
+ ret = asn1_read_value(c2, tmpstr, tmpoid, &len);
+
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ break; /* finished */
+
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.1") == 0) {
+ snprintf(tmpstr, sizeof(tmpstr),
+ "?%u.policyQualifiers.?%u.qualifier",
+ indx, i + 1);
+
+ ret =
+ _gnutls_x509_read_string(c2, tmpstr, &td,
+ ASN1_ETYPE_IA5_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto full_cleanup;
+ }
+
+ policy->qualifier[i].data = (void *) td.data;
+ policy->qualifier[i].size = td.size;
+ td.data = NULL;
+ policy->qualifier[i].type =
+ GNUTLS_X509_QUALIFIER_URI;
+ } else if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.2") == 0) {
+ gnutls_datum_t txt;
+
+ snprintf(tmpstr, sizeof(tmpstr),
+ "?%u.policyQualifiers.?%u.qualifier",
+ indx, i + 1);
+
+ ret = _gnutls_x509_read_value(c2, tmpstr, &td);
+ if (ret < 0) {
+ gnutls_assert();
+ goto full_cleanup;
+ }
+
+ ret = decode_user_notice(td.data, td.size, &txt);
+ gnutls_free(td.data);
+ td.data = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto full_cleanup;
+ }
+
+ policy->qualifier[i].data = (void *) txt.data;
+ policy->qualifier[i].size = txt.size;
+ policy->qualifier[i].type =
+ GNUTLS_X509_QUALIFIER_NOTICE;
+ } else
+ policy->qualifier[i].type =
+ GNUTLS_X509_QUALIFIER_UNKNOWN;
+
+ policy->qualifiers++;
+
+ }
+
+ ret = 0;
+ goto cleanup;
+
+ full_cleanup:
+ gnutls_x509_policy_release(policy);
+
+ cleanup:
+ _gnutls_free_datum(&tmpd);
+ asn1_delete_structure(&c2);
+ return ret;
}
@@ -2122,49 +2054,45 @@ cleanup:
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
int
-gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- void *buf, size_t * buf_size,
- unsigned int *critical)
+gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ void *buf, size_t * buf_size,
+ unsigned int *critical)
{
- int result;
- gnutls_datum_t output;
+ int result;
+ gnutls_datum_t output;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if ((result =
- _gnutls_x509_crt_get_extension (cert, oid, indx, &output,
- critical)) < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, oid, indx, &output,
+ critical)) < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (output.size == 0 || output.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (output.size == 0 || output.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (output.size > (unsigned int) *buf_size)
- {
- *buf_size = output.size;
- _gnutls_free_datum (&output);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (output.size > (unsigned int) *buf_size) {
+ *buf_size = output.size;
+ _gnutls_free_datum(&output);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- *buf_size = output.size;
+ *buf_size = output.size;
- if (buf)
- memcpy (buf, output.data, output.size);
+ if (buf)
+ memcpy(buf, output.data, output.size);
- _gnutls_free_datum (&output);
+ _gnutls_free_datum(&output);
- return 0;
+ return 0;
}
@@ -2187,24 +2115,23 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
* will be returned.
**/
int
-gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size)
+gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * oid_size)
{
- int result;
+ int result;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_crt_get_extension_oid (cert, indx, oid, oid_size);
- if (result < 0)
- {
- return result;
- }
+ result =
+ _gnutls_x509_crt_get_extension_oid(cert, indx, oid, oid_size);
+ if (result < 0) {
+ return result;
+ }
- return 0;
+ return 0;
}
@@ -2233,55 +2160,51 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
* will be returned.
**/
int
-gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size,
- unsigned int *critical)
-{
- int result;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- int len;
-
- if (!cert)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID",
- indx + 1);
-
- len = *oid_size;
- result = asn1_read_value (cert->cert, name, oid, &len);
- *oid_size = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- result = asn1_read_value (cert->cert, name, str_critical, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- return 0;
+gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * oid_size,
+ unsigned int *critical)
+{
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!cert) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertificate.extensions.?%u.extnID", indx + 1);
+
+ len = *oid_size;
+ result = asn1_read_value(cert->cert, name, oid, &len);
+ *oid_size = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertificate.extensions.?%u.critical", indx + 1);
+ len = sizeof(str_critical);
+ result = asn1_read_value(cert->cert, name, str_critical, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ return 0;
}
@@ -2307,34 +2230,32 @@ gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
* will be returned.
**/
int
-gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
- void *data, size_t * sizeof_data)
+gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, int indx,
+ void *data, size_t * sizeof_data)
{
- int result, len;
- char name[ASN1_MAX_NAME_SIZE];
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
- if (!cert)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!cert) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue",
- indx + 1);
+ snprintf(name, sizeof(name),
+ "tbsCertificate.extensions.?%u.extnValue", indx + 1);
- len = *sizeof_data;
- result = asn1_read_value (cert->cert, name, data, &len);
- *sizeof_data = len;
+ len = *sizeof_data;
+ result = asn1_read_value(cert->cert, name, data, &len);
+ *sizeof_data = len;
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -2350,10 +2271,11 @@ gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
*
**/
int
-gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * dn)
+gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert,
+ gnutls_datum_t * dn)
{
- return _gnutls_set_datum (dn, cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
+ return _gnutls_set_datum(dn, cert->raw_issuer_dn.data,
+ cert->raw_issuer_dn.size);
}
/**
@@ -2368,19 +2290,18 @@ gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
* negative error value. or a negative error code on error.
*
**/
-int
-gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, gnutls_datum_t * dn)
{
- return _gnutls_set_datum (dn, cert->raw_dn.data, cert->raw_dn.size);
+ return _gnutls_set_datum(dn, cert->raw_dn.data, cert->raw_dn.size);
}
static int
-get_dn (gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn)
+get_dn(gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn)
{
- *dn = asn1_find_node (cert->cert, whom);
- if (!*dn)
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- return 0;
+ *dn = asn1_find_node(cert->cert, whom);
+ if (!*dn)
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ return 0;
}
/**
@@ -2398,9 +2319,9 @@ get_dn (gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn)
* Returns: Returns 0 on success, or an error code.
**/
int
-gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
+gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
{
- return get_dn (cert, "tbsCertificate.subject.rdnSequence", dn);
+ return get_dn(cert, "tbsCertificate.subject.rdnSequence", dn);
}
/**
@@ -2418,9 +2339,9 @@ gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
* Returns: Returns 0 on success, or an error code.
**/
int
-gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
+gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
{
- return get_dn (cert, "tbsCertificate.issuer.rdnSequence", dn);
+ return get_dn(cert, "tbsCertificate.issuer.rdnSequence", dn);
}
/**
@@ -2452,99 +2373,92 @@ gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
* Returns: Returns 0 on success, or an error code.
**/
int
-gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
- int irdn, int iava, gnutls_x509_ava_st * ava)
-{
- ASN1_TYPE rdn, elem;
- ASN1_DATA_NODE vnode;
- long len;
- int lenlen, remlen, ret;
- char rbuf[ASN1_MAX_NAME_SIZE];
- unsigned char cls;
- const unsigned char *ptr;
-
- iava++;
- irdn++; /* 0->1, 1->2 etc */
-
- snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava);
- rdn = asn1_find_node (dn, rbuf);
- if (!rdn)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- snprintf (rbuf, sizeof (rbuf), "?%d.type", iava);
- elem = asn1_find_node (rdn, rbuf);
- if (!elem)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- ret = asn1_read_node_value(elem, &vnode);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- ava->oid.data = (void*)vnode.value;
- ava->oid.size = vnode.value_len;
-
- snprintf (rbuf, sizeof (rbuf), "?%d.value", iava);
- elem = asn1_find_node (rdn, rbuf);
- if (!elem)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- ret = asn1_read_node_value(elem, &vnode);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
- /* The value still has the previous tag's length bytes, plus the
- * current value's tag and length bytes. Decode them.
- */
-
- ptr = vnode.value;
- remlen = vnode.value_len;
- len = asn1_get_length_der (ptr, remlen, &lenlen);
- if (len < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_DER_ERROR;
- }
-
- ptr += lenlen;
- remlen -= lenlen;
- ret = asn1_get_tag_der (ptr, remlen, &cls, &lenlen, &ava->value_tag);
- if (ret)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ptr += lenlen;
- remlen -= lenlen;
-
- {
- signed long tmp;
-
- tmp = asn1_get_length_der (ptr, remlen, &lenlen);
- if (tmp < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_DER_ERROR;
- }
- ava->value.size = tmp;
- }
- ava->value.data = (void*)(ptr + lenlen);
-
- return 0;
+gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn,
+ int irdn, int iava, gnutls_x509_ava_st * ava)
+{
+ ASN1_TYPE rdn, elem;
+ ASN1_DATA_NODE vnode;
+ long len;
+ int lenlen, remlen, ret;
+ char rbuf[ASN1_MAX_NAME_SIZE];
+ unsigned char cls;
+ const unsigned char *ptr;
+
+ iava++;
+ irdn++; /* 0->1, 1->2 etc */
+
+ snprintf(rbuf, sizeof(rbuf), "rdnSequence.?%d.?%d", irdn, iava);
+ rdn = asn1_find_node(dn, rbuf);
+ if (!rdn) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ snprintf(rbuf, sizeof(rbuf), "?%d.type", iava);
+ elem = asn1_find_node(rdn, rbuf);
+ if (!elem) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ ret = asn1_read_node_value(elem, &vnode);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ ava->oid.data = (void *) vnode.value;
+ ava->oid.size = vnode.value_len;
+
+ snprintf(rbuf, sizeof(rbuf), "?%d.value", iava);
+ elem = asn1_find_node(rdn, rbuf);
+ if (!elem) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ ret = asn1_read_node_value(elem, &vnode);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+ /* The value still has the previous tag's length bytes, plus the
+ * current value's tag and length bytes. Decode them.
+ */
+
+ ptr = vnode.value;
+ remlen = vnode.value_len;
+ len = asn1_get_length_der(ptr, remlen, &lenlen);
+ if (len < 0) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_DER_ERROR;
+ }
+
+ ptr += lenlen;
+ remlen -= lenlen;
+ ret =
+ asn1_get_tag_der(ptr, remlen, &cls, &lenlen, &ava->value_tag);
+ if (ret) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ptr += lenlen;
+ remlen -= lenlen;
+
+ {
+ signed long tmp;
+
+ tmp = asn1_get_length_der(ptr, remlen, &lenlen);
+ if (tmp < 0) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_DER_ERROR;
+ }
+ ava->value.size = tmp;
+ }
+ ava->value.data = (void *) (ptr + lenlen);
+
+ return 0;
}
/**
@@ -2564,46 +2478,45 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
* with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo,
- void *buf, size_t * buf_size)
+gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo,
+ void *buf, size_t * buf_size)
{
- uint8_t *cert_buf;
- int cert_buf_size;
- int result;
- gnutls_datum_t tmp;
+ uint8_t *cert_buf;
+ int cert_buf_size;
+ int result;
+ gnutls_datum_t tmp;
- if (buf_size == 0 || cert == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (buf_size == 0 || cert == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- cert_buf_size = 0;
- asn1_der_coding (cert->cert, "", NULL, &cert_buf_size, NULL);
+ cert_buf_size = 0;
+ asn1_der_coding(cert->cert, "", NULL, &cert_buf_size, NULL);
- cert_buf = gnutls_malloc (cert_buf_size);
- if (cert_buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ cert_buf = gnutls_malloc(cert_buf_size);
+ if (cert_buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- result = asn1_der_coding (cert->cert, "", cert_buf, &cert_buf_size, NULL);
+ result =
+ asn1_der_coding(cert->cert, "", cert_buf, &cert_buf_size,
+ NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (cert_buf);
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(cert_buf);
+ return _gnutls_asn2err(result);
+ }
- tmp.data = cert_buf;
- tmp.size = cert_buf_size;
+ tmp.data = cert_buf;
+ tmp.size = cert_buf_size;
- result = gnutls_fingerprint (algo, &tmp, buf, buf_size);
- gnutls_free (cert_buf);
+ result = gnutls_fingerprint(algo, &tmp, buf, buf_size);
+ gnutls_free(cert_buf);
- return result;
+ return result;
}
/**
@@ -2627,18 +2540,17 @@ gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
* returned, and 0 on success.
**/
int
-gnutls_x509_crt_export (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_crt_export(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int (cert->cert, format, "CERTIFICATE",
- output_data, output_data_size);
+ return _gnutls_x509_export_int(cert->cert, format, "CERTIFICATE",
+ output_data, output_data_size);
}
/**
@@ -2659,53 +2571,51 @@ gnutls_x509_crt_export (gnutls_x509_crt_t cert,
* Since: 3.1.3
**/
int
-gnutls_x509_crt_export2 (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
+gnutls_x509_crt_export2(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int2 (cert->cert, format, "CERTIFICATE", out);
+ return _gnutls_x509_export_int2(cert->cert, format, "CERTIFICATE",
+ out);
}
int
-_gnutls_get_key_id (gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params,
- unsigned char *output_data,
- size_t * output_data_size)
+_gnutls_get_key_id(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params,
+ unsigned char *output_data, size_t * output_data_size)
{
- int ret = 0;
- gnutls_datum_t der = { NULL, 0 };
- const gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1;
- unsigned int digest_len = _gnutls_hash_get_algo_len(mac_to_entry(hash));
+ int ret = 0;
+ gnutls_datum_t der = { NULL, 0 };
+ const gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1;
+ unsigned int digest_len =
+ _gnutls_hash_get_algo_len(mac_to_entry(hash));
- if (output_data == NULL || *output_data_size < digest_len)
- {
- gnutls_assert ();
- *output_data_size = digest_len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (output_data == NULL || *output_data_size < digest_len) {
+ gnutls_assert();
+ *output_data_size = digest_len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- ret = _gnutls_x509_encode_PKI_params(&der, pk, params);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_x509_encode_PKI_params(&der, pk, params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_hash_fast(hash, der.data, der.size, output_data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- *output_data_size = digest_len;
+ ret = _gnutls_hash_fast(hash, der.data, der.size, output_data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ *output_data_size = digest_len;
- ret = 0;
+ ret = 0;
-cleanup:
+ cleanup:
- _gnutls_free_datum (&der);
- return ret;
+ _gnutls_free_datum(&der);
+ return ret;
}
/**
@@ -2729,132 +2639,133 @@ cleanup:
* returned, and 0 on success.
**/
int
-gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int pk, ret = 0;
- gnutls_pk_params_st params;
+ int pk, ret = 0;
+ gnutls_pk_params_st params;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ pk = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+ if (pk < 0) {
+ gnutls_assert();
+ return pk;
+ }
- pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
- if (pk < 0)
- {
- gnutls_assert ();
- return pk;
- }
+ ret = _gnutls_x509_crt_get_mpis(crt, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_x509_crt_get_mpis (crt, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_get_key_id(pk, &params, output_data, output_data_size);
+ ret =
+ _gnutls_get_key_id(pk, &params, output_data, output_data_size);
- gnutls_pk_params_release(&params);
+ gnutls_pk_params_release(&params);
- return ret;
+ return ret;
}
static int
-crl_issuer_matches (gnutls_x509_crl_t crl, gnutls_x509_crt_t cert)
+crl_issuer_matches(gnutls_x509_crl_t crl, gnutls_x509_crt_t cert)
{
- if (_gnutls_x509_compare_raw_dn(&crl->raw_issuer_dn, &cert->raw_issuer_dn) != 0)
- return 1;
- else
- return 0;
+ if (_gnutls_x509_compare_raw_dn
+ (&crl->raw_issuer_dn, &cert->raw_issuer_dn) != 0)
+ return 1;
+ else
+ return 0;
}
/* This is exactly as gnutls_x509_crt_check_revocation() except that
* it calls func.
*/
int
-_gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t * crl_list,
- int crl_list_length,
- gnutls_verify_output_function func)
-{
- uint8_t serial[128];
- uint8_t cert_serial[128];
- size_t serial_size, cert_serial_size;
- int ncerts, ret, i, j;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (j = 0; j < crl_list_length; j++)
- { /* do for all the crls */
-
- /* Step 1. check if issuer's DN match
- */
- ret = crl_issuer_matches(crl_list[j], cert);
- if (ret == 0)
- {
- /* issuers do not match so don't even
- * bother checking.
- */
- gnutls_assert();
- continue;
- }
-
- /* Step 2. Read the certificate's serial number
- */
- cert_serial_size = sizeof (cert_serial);
- ret = gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Step 3. cycle through the CRL serials and compare with
- * certificate serial we have.
- */
-
- ncerts = gnutls_x509_crl_get_crt_count (crl_list[j]);
- if (ncerts < 0)
- {
- gnutls_assert ();
- return ncerts;
- }
-
- for (i = 0; i < ncerts; i++)
- {
- serial_size = sizeof (serial);
- ret =
- gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial,
- &serial_size, NULL);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (serial_size == cert_serial_size)
- {
- if (memcmp (serial, cert_serial, serial_size) == 0)
- {
- /* serials match */
- if (func) func(cert, NULL, crl_list[j], GNUTLS_CERT_REVOKED|GNUTLS_CERT_INVALID);
- return 1; /* revoked! */
- }
- }
- }
- if (func) func(cert, NULL, crl_list[j], 0);
-
- }
- return 0; /* not revoked. */
+_gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t * crl_list,
+ int crl_list_length,
+ gnutls_verify_output_function func)
+{
+ uint8_t serial[128];
+ uint8_t cert_serial[128];
+ size_t serial_size, cert_serial_size;
+ int ncerts, ret, i, j;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (j = 0; j < crl_list_length; j++) { /* do for all the crls */
+
+ /* Step 1. check if issuer's DN match
+ */
+ ret = crl_issuer_matches(crl_list[j], cert);
+ if (ret == 0) {
+ /* issuers do not match so don't even
+ * bother checking.
+ */
+ gnutls_assert();
+ continue;
+ }
+
+ /* Step 2. Read the certificate's serial number
+ */
+ cert_serial_size = sizeof(cert_serial);
+ ret =
+ gnutls_x509_crt_get_serial(cert, cert_serial,
+ &cert_serial_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Step 3. cycle through the CRL serials and compare with
+ * certificate serial we have.
+ */
+
+ ncerts = gnutls_x509_crl_get_crt_count(crl_list[j]);
+ if (ncerts < 0) {
+ gnutls_assert();
+ return ncerts;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ serial_size = sizeof(serial);
+ ret =
+ gnutls_x509_crl_get_crt_serial(crl_list[j], i,
+ serial,
+ &serial_size,
+ NULL);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (serial_size == cert_serial_size) {
+ if (memcmp
+ (serial, cert_serial,
+ serial_size) == 0) {
+ /* serials match */
+ if (func)
+ func(cert, NULL,
+ crl_list[j],
+ GNUTLS_CERT_REVOKED |
+ GNUTLS_CERT_INVALID);
+ return 1; /* revoked! */
+ }
+ }
+ }
+ if (func)
+ func(cert, NULL, crl_list[j], 0);
+
+ }
+ return 0; /* not revoked. */
}
@@ -2871,11 +2782,12 @@ _gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
* negative error code is returned on error.
**/
int
-gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t * crl_list,
- int crl_list_length)
+gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t * crl_list,
+ int crl_list_length)
{
- return _gnutls_x509_crt_check_revocation(cert, crl_list, crl_list_length, NULL);
+ return _gnutls_x509_crt_check_revocation(cert, crl_list,
+ crl_list_length, NULL);
}
/**
@@ -2895,36 +2807,33 @@ gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
* Since: 2.8.0
**/
int
-gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
- gnutls_pk_params_st issuer_params;
- int ret;
+ gnutls_pk_params_st issuer_params;
+ int ret;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_crt_get_mpis (crt, &issuer_params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_crt_get_mpis(crt, &issuer_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_x509_verify_algorithm (hash,
- signature,
- gnutls_x509_crt_get_pk_algorithm (crt,
- NULL),
- &issuer_params);
+ ret = _gnutls_x509_verify_algorithm(hash,
+ signature,
+ gnutls_x509_crt_get_pk_algorithm
+ (crt, NULL), &issuer_params);
- /* release allocated mpis */
- gnutls_pk_params_release(&issuer_params);
+ /* release allocated mpis */
+ gnutls_pk_params_release(&issuer_params);
- return ret;
+ return ret;
}
@@ -2947,35 +2856,33 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
* Since: 2.12.0
**/
int
-gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
- gnutls_pk_params_st issuer_params;
- int ret;
+ gnutls_pk_params_st issuer_params;
+ int ret;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_crt_get_mpis (crt, &issuer_params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_crt_get_mpis(crt, &issuer_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret =
- _gnutls_pk_get_hash_algorithm (gnutls_x509_crt_get_pk_algorithm
- (crt, NULL), &issuer_params,
- hash, mand);
+ ret =
+ _gnutls_pk_get_hash_algorithm(gnutls_x509_crt_get_pk_algorithm
+ (crt, NULL), &issuer_params,
+ hash, mand);
- /* release allocated mpis */
- gnutls_pk_params_release(&issuer_params);
+ /* release allocated mpis */
+ gnutls_pk_params_release(&issuer_params);
- return ret;
+ return ret;
}
/**
@@ -2995,26 +2902,26 @@ gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
* is returned, and zero or positive code on success.
**/
int
-gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
- int result;
+ int result;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_verify_data (GNUTLS_DIG_UNKNOWN, data, signature, crt);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result =
+ _gnutls_x509_verify_data(GNUTLS_DIG_UNKNOWN, data, signature,
+ crt);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return result;
+ return result;
}
/**
@@ -3034,48 +2941,44 @@ gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags,
* is returned, and zero or positive code on success.
**/
int
-gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
-{
- gnutls_pk_params_st params;
- gnutls_digest_algorithm_t algo;
- int ret;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crt_get_verify_algorithm (crt, signature, &algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Read the MPI parameters from the issuer's certificate.
- */
- ret =
- _gnutls_x509_crt_get_mpis (crt, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pubkey_verify_hashed_data (gnutls_x509_crt_get_pk_algorithm (crt, NULL),
- mac_to_entry(algo),
- hash, signature, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- /* release all allocated MPIs
- */
- gnutls_pk_params_release(&params);
-
- return ret;
+gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
+{
+ gnutls_pk_params_st params;
+ gnutls_digest_algorithm_t algo;
+ int ret;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_verify_algorithm(crt, signature, &algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Read the MPI parameters from the issuer's certificate.
+ */
+ ret = _gnutls_x509_crt_get_mpis(crt, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pubkey_verify_hashed_data(gnutls_x509_crt_get_pk_algorithm
+ (crt, NULL), mac_to_entry(algo),
+ hash, signature, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ /* release all allocated MPIs
+ */
+ gnutls_pk_params_release(&params);
+
+ return ret;
}
/**
@@ -3100,106 +3003,104 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags,
* returned.
**/
int
-gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *reason_flags,
- unsigned int *critical)
-{
- int result;
- gnutls_datum_t dist_points = { NULL, 0 };
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- char name[ASN1_MAX_NAME_SIZE];
- int len;
- gnutls_x509_subject_alt_name_t type;
- uint8_t reasons[2];
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (*ret_size > 0 && ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- if (reason_flags)
- *reason_flags = 0;
-
- result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points,
- critical);
- if (result < 0)
- {
- return result;
- }
-
- if (dist_points.size == 0 || dist_points.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.CRLDistributionPoints", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&dist_points);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL);
- _gnutls_free_datum (&dist_points);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* Return the different names from the first CRLDistr. point.
- * The whole thing is a mess.
- */
- _gnutls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName");
-
- result = _gnutls_parse_general_name (c2, name, seq, ret, ret_size, NULL, 0);
- if (result < 0)
- {
- asn1_delete_structure (&c2);
- return result;
- }
-
- type = result;
-
-
- /* Read the CRL reasons.
- */
- if (reason_flags)
- {
- _gnutls_str_cpy (name, sizeof (name), "?1.reasons");
-
- reasons[0] = reasons[1] = 0;
-
- len = sizeof (reasons);
- result = asn1_read_value (c2, name, reasons, &len);
-
- if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- *reason_flags = reasons[0] | (reasons[1] << 8);
- }
-
- asn1_delete_structure (&c2);
-
- return type;
+gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical)
+{
+ int result;
+ gnutls_datum_t dist_points = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+ gnutls_x509_subject_alt_name_t type;
+ uint8_t reasons[2];
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*ret_size > 0 && ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if (reason_flags)
+ *reason_flags = 0;
+
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.31", 0,
+ &dist_points, critical);
+ if (result < 0) {
+ return result;
+ }
+
+ if (dist_points.size == 0 || dist_points.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.CRLDistributionPoints", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&dist_points);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&c2, dist_points.data, dist_points.size,
+ NULL);
+ _gnutls_free_datum(&dist_points);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Return the different names from the first CRLDistr. point.
+ * The whole thing is a mess.
+ */
+ _gnutls_str_cpy(name, sizeof(name),
+ "?1.distributionPoint.fullName");
+
+ result =
+ _gnutls_parse_general_name(c2, name, seq, ret, ret_size, NULL,
+ 0);
+ if (result < 0) {
+ asn1_delete_structure(&c2);
+ return result;
+ }
+
+ type = result;
+
+
+ /* Read the CRL reasons.
+ */
+ if (reason_flags) {
+ _gnutls_str_cpy(name, sizeof(name), "?1.reasons");
+
+ reasons[0] = reasons[1] = 0;
+
+ len = sizeof(reasons);
+ result = asn1_read_value(c2, name, reasons, &len);
+
+ if (result != ASN1_VALUE_NOT_FOUND
+ && result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ *reason_flags = reasons[0] | (reasons[1] << 8);
+ }
+
+ asn1_delete_structure(&c2);
+
+ return type;
}
/**
@@ -3224,81 +3125,75 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
* with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * oid_size,
- unsigned int *critical)
-{
- char tmpstr[ASN1_MAX_NAME_SIZE];
- int result, len;
- gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (oid)
- memset (oid, 0, *oid_size);
- else
- *oid_size = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id,
- critical)) < 0)
- {
- return result;
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&id);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, id.data, id.size, NULL);
- _gnutls_free_datum (&id);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- indx++;
- /* create a string like "?1"
- */
- snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
-
- len = *oid_size;
- result = asn1_read_value (c2, tmpstr, oid, &len);
-
- *oid_size = len;
- asn1_delete_structure (&c2);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * oid_size,
+ unsigned int *critical)
+{
+ char tmpstr[ASN1_MAX_NAME_SIZE];
+ int result, len;
+ gnutls_datum_t id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (oid)
+ memset(oid, 0, *oid_size);
+ else
+ *oid_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ indx++;
+ /* create a string like "?1"
+ */
+ snprintf(tmpstr, sizeof(tmpstr), "?%u", indx);
+
+ len = *oid_size;
+ result = asn1_read_value(c2, tmpstr, oid, &len);
+
+ *oid_size = len;
+ asn1_delete_structure(&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
@@ -3315,52 +3210,47 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
int
-gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e)
-{
- int ret;
- gnutls_pk_params_st params;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
- if (ret != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_crt_get_mpis (crt, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint_lz (params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint_lz (params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt,
+ gnutls_datum_t * m, gnutls_datum_t * e)
+{
+ int ret;
+ gnutls_pk_params_st params;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+ if (ret != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crt_get_mpis(crt, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
/**
@@ -3378,79 +3268,72 @@ cleanup:
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
int
-gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
-{
- int ret;
- gnutls_pk_params_st params;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
- if (ret != GNUTLS_PK_DSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_crt_get_mpis (crt, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
-
- /* P */
- ret = _gnutls_mpi_dprint_lz (params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint_lz (params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint_lz (params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
+{
+ int ret;
+ gnutls_pk_params_st params;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+ if (ret != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crt_get_mpis(crt, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz(params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz(params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint_lz(params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
@@ -3474,89 +3357,93 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_x509_crt_list_import2 (gnutls_x509_crt_t ** certs,
- unsigned int * size,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
-{
-unsigned int init = 1024;
-int ret;
-
- *certs = gnutls_malloc(sizeof(gnutls_x509_crt_t)*init);
- if (*certs == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_list_import(*certs, &init, data, format, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- *certs = gnutls_realloc_fast(*certs, sizeof(gnutls_x509_crt_t)*init);
- if (*certs == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_list_import(*certs, &init, data, format, flags);
- }
-
- if (ret < 0)
- {
- gnutls_free(*certs);
- *certs = NULL;
- return ret;
- }
-
- *size = init;
- return 0;
+gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs,
+ unsigned int *size,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
+{
+ unsigned int init = 1024;
+ int ret;
+
+ *certs = gnutls_malloc(sizeof(gnutls_x509_crt_t) * init);
+ if (*certs == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import(*certs, &init, data, format,
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ *certs =
+ gnutls_realloc_fast(*certs,
+ sizeof(gnutls_x509_crt_t) * init);
+ if (*certs == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import(*certs, &init, data,
+ format, flags);
+ }
+
+ if (ret < 0) {
+ gnutls_free(*certs);
+ *certs = NULL;
+ return ret;
+ }
+
+ *size = init;
+ return 0;
}
static int check_if_sorted(gnutls_x509_crt_t * crt, int nr)
{
-char prev_dn[MAX_DN];
-char dn[MAX_DN];
-size_t prev_dn_size, dn_size;
-int i, ret;
-
- /* check if the X.509 list is ordered */
- if (nr > 1)
- {
-
- for (i=0;i<nr;i++)
- {
- if (i>0)
- {
- dn_size = sizeof(dn);
- ret = gnutls_x509_crt_get_dn(crt[i], dn, &dn_size);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- if (dn_size != prev_dn_size || memcmp(dn, prev_dn, dn_size) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
- goto cleanup;
- }
- }
-
- prev_dn_size = sizeof(prev_dn);
- ret = gnutls_x509_crt_get_issuer_dn(crt[i], prev_dn, &prev_dn_size);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
- }
- }
-
- ret = 0;
-
-cleanup:
- return ret;
+ char prev_dn[MAX_DN];
+ char dn[MAX_DN];
+ size_t prev_dn_size, dn_size;
+ int i, ret;
+
+ /* check if the X.509 list is ordered */
+ if (nr > 1) {
+
+ for (i = 0; i < nr; i++) {
+ if (i > 0) {
+ dn_size = sizeof(dn);
+ ret =
+ gnutls_x509_crt_get_dn(crt[i], dn,
+ &dn_size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ if (dn_size != prev_dn_size
+ || memcmp(dn, prev_dn, dn_size) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
+ goto cleanup;
+ }
+ }
+
+ prev_dn_size = sizeof(prev_dn);
+ ret =
+ gnutls_x509_crt_get_issuer_dn(crt[i], prev_dn,
+ &prev_dn_size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ }
+ }
+
+ ret = 0;
+
+ cleanup:
+ return ret;
}
@@ -3584,135 +3471,129 @@ cleanup:
* Returns: the number of certificates read or a negative error value.
**/
int
-gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
- unsigned int *cert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
-{
- int size;
- const char *ptr;
- gnutls_datum_t tmp;
- int ret, nocopy = 0;
- unsigned int count = 0, j;
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- if (*cert_max < 1)
- {
- *cert_max = 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- count = 1; /* import only the first one */
-
- ret = gnutls_x509_crt_init (&certs[0]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = gnutls_x509_crt_import (certs[0], data, format);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- *cert_max = 1;
- return 1;
- }
-
- /* move to the certificate
- */
- ptr = memmem (data->data, data->size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr == NULL)
- ptr = memmem (data->data, data->size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- if (ptr == NULL)
- return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
-
- count = 0;
-
- do
- {
- if (count >= *cert_max)
- {
- if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
- break;
- else
- nocopy = 1;
- }
-
- if (!nocopy)
- {
- ret = gnutls_x509_crt_init (&certs[count]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- tmp.data = (void *) ptr;
- tmp.size = data->size - (ptr - (char *) data->data);
-
- ret =
- gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
- size = data->size - (ptr - (char *) data->data);
-
- if (size > 0)
- {
- char *ptr2;
-
- ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr2 == NULL)
- ptr2 = memmem (ptr, size, PEM_CERT_SEP2,
- sizeof (PEM_CERT_SEP2) - 1);
-
- ptr = ptr2;
- }
- else
- ptr = NULL;
-
- count++;
- }
- while (ptr != NULL);
-
- *cert_max = count;
-
- if (flags & GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED)
- {
- ret = check_if_sorted(certs, *cert_max);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
- }
-
- if (nocopy == 0)
- return count;
- else
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
-error:
- for (j = 0; j < count; j++)
- gnutls_x509_crt_deinit (certs[j]);
- return ret;
+gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs,
+ unsigned int *cert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
+{
+ int size;
+ const char *ptr;
+ gnutls_datum_t tmp;
+ int ret, nocopy = 0;
+ unsigned int count = 0, j;
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ if (*cert_max < 1) {
+ *cert_max = 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ count = 1; /* import only the first one */
+
+ ret = gnutls_x509_crt_init(&certs[0]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = gnutls_x509_crt_import(certs[0], data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ *cert_max = 1;
+ return 1;
+ }
+
+ /* move to the certificate
+ */
+ ptr = memmem(data->data, data->size,
+ PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1);
+ if (ptr == NULL)
+ ptr = memmem(data->data, data->size,
+ PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1);
+
+ if (ptr == NULL)
+ return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
+
+ count = 0;
+
+ do {
+ if (count >= *cert_max) {
+ if (!
+ (flags &
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
+ break;
+ else
+ nocopy = 1;
+ }
+
+ if (!nocopy) {
+ ret = gnutls_x509_crt_init(&certs[count]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ tmp.data = (void *) ptr;
+ tmp.size =
+ data->size - (ptr - (char *) data->data);
+
+ ret =
+ gnutls_x509_crt_import(certs[count], &tmp,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = data->size - (ptr - (char *) data->data);
+
+ if (size > 0) {
+ char *ptr2;
+
+ ptr2 =
+ memmem(ptr, size, PEM_CERT_SEP,
+ sizeof(PEM_CERT_SEP) - 1);
+ if (ptr2 == NULL)
+ ptr2 = memmem(ptr, size, PEM_CERT_SEP2,
+ sizeof(PEM_CERT_SEP2) - 1);
+
+ ptr = ptr2;
+ } else
+ ptr = NULL;
+
+ count++;
+ }
+ while (ptr != NULL);
+
+ *cert_max = count;
+
+ if (flags & GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED) {
+ ret = check_if_sorted(certs, *cert_max);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ if (nocopy == 0)
+ return count;
+ else
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ error:
+ for (j = 0; j < count; j++)
+ gnutls_x509_crt_deinit(certs[j]);
+ return ret;
}
/**
@@ -3732,31 +3613,29 @@ error:
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
int
-gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt, char *buf,
+ size_t * buf_size)
{
- int result;
- gnutls_datum_t datum = { NULL, 0 };
+ int result;
+ gnutls_datum_t datum = { NULL, 0 };
- result =
- _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID",
- &datum);
+ result =
+ _gnutls_x509_read_value(crt->cert,
+ "tbsCertificate.subjectUniqueID",
+ &datum);
- if (datum.size > *buf_size)
- { /* then we're not going to fit */
- *buf_size = datum.size;
- buf[0] = '\0';
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- *buf_size = datum.size;
- memcpy (buf, datum.data, datum.size);
- }
+ if (datum.size > *buf_size) { /* then we're not going to fit */
+ *buf_size = datum.size;
+ buf[0] = '\0';
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ *buf_size = datum.size;
+ memcpy(buf, datum.data, datum.size);
+ }
- _gnutls_free_datum (&datum);
+ _gnutls_free_datum(&datum);
- return result;
+ return result;
}
/**
@@ -3778,125 +3657,126 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
* Since: 2.12.0
**/
int
-gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt, char *buf,
+ size_t * buf_size)
{
- int result;
- gnutls_datum_t datum = { NULL, 0 };
+ int result;
+ gnutls_datum_t datum = { NULL, 0 };
- result =
- _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID",
- &datum);
+ result =
+ _gnutls_x509_read_value(crt->cert,
+ "tbsCertificate.issuerUniqueID",
+ &datum);
- if (datum.size > *buf_size)
- { /* then we're not going to fit */
- *buf_size = datum.size;
- buf[0] = '\0';
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- *buf_size = datum.size;
- memcpy (buf, datum.data, datum.size);
- }
+ if (datum.size > *buf_size) { /* then we're not going to fit */
+ *buf_size = datum.size;
+ buf[0] = '\0';
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ *buf_size = datum.size;
+ memcpy(buf, datum.data, datum.size);
+ }
- _gnutls_free_datum (&datum);
+ _gnutls_free_datum(&datum);
- return result;
+ return result;
}
static int
-_gnutls_parse_aia (ASN1_TYPE src,
- unsigned int seq,
- int what,
- gnutls_datum_t * data)
-{
- int len;
- char nptr[ASN1_MAX_NAME_SIZE];
- int result;
- gnutls_datum_t d;
- const char *oid = NULL;
-
- seq++; /* 0->1, 1->2 etc */
- switch (what)
- {
- case GNUTLS_IA_ACCESSMETHOD_OID:
- snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq);
- break;
-
- case GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE:
- snprintf (nptr, sizeof (nptr), "?%u.accessLocation", seq);
- break;
-
- case GNUTLS_IA_CAISSUERS_URI:
- oid = GNUTLS_OID_AD_CAISSUERS;
- /* fall through */
-
- case GNUTLS_IA_OCSP_URI:
- if (oid == NULL)
- oid = GNUTLS_OID_AD_OCSP;
- {
- char tmpoid[20];
- snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq);
- len = sizeof (tmpoid);
- result = asn1_read_value (src, nptr, tmpoid, &len);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- if ((unsigned)len != strlen (oid) + 1 || memcmp (tmpoid, oid, len) != 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
- }
- /* fall through */
-
- case GNUTLS_IA_URI:
- snprintf (nptr, sizeof (nptr),
- "?%u.accessLocation.uniformResourceIdentifier", seq);
- break;
-
- default:
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- }
-
- len = 0;
- result = asn1_read_value (src, nptr, NULL, &len);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- d.size = len;
-
- d.data = gnutls_malloc (d.size);
- if (d.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- result = asn1_read_value (src, nptr, d.data, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (d.data);
- return _gnutls_asn2err (result);
- }
-
- if (data)
- {
- data->data = d.data;
- data->size = d.size;
- }
- else
- gnutls_free (d.data);
-
- return 0;
+_gnutls_parse_aia(ASN1_TYPE src,
+ unsigned int seq, int what, gnutls_datum_t * data)
+{
+ int len;
+ char nptr[ASN1_MAX_NAME_SIZE];
+ int result;
+ gnutls_datum_t d;
+ const char *oid = NULL;
+
+ seq++; /* 0->1, 1->2 etc */
+ switch (what) {
+ case GNUTLS_IA_ACCESSMETHOD_OID:
+ snprintf(nptr, sizeof(nptr), "?%u.accessMethod", seq);
+ break;
+
+ case GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE:
+ snprintf(nptr, sizeof(nptr), "?%u.accessLocation", seq);
+ break;
+
+ case GNUTLS_IA_CAISSUERS_URI:
+ oid = GNUTLS_OID_AD_CAISSUERS;
+ /* fall through */
+
+ case GNUTLS_IA_OCSP_URI:
+ if (oid == NULL)
+ oid = GNUTLS_OID_AD_OCSP;
+ {
+ char tmpoid[20];
+ snprintf(nptr, sizeof(nptr), "?%u.accessMethod",
+ seq);
+ len = sizeof(tmpoid);
+ result = asn1_read_value(src, nptr, tmpoid, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ if ((unsigned) len != strlen(oid) + 1
+ || memcmp(tmpoid, oid, len) != 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_ALGORITHM);
+ }
+ /* fall through */
+
+ case GNUTLS_IA_URI:
+ snprintf(nptr, sizeof(nptr),
+ "?%u.accessLocation.uniformResourceIdentifier",
+ seq);
+ break;
+
+ default:
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ len = 0;
+ result = asn1_read_value(src, nptr, NULL, &len);
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ d.size = len;
+
+ d.data = gnutls_malloc(d.size);
+ if (d.data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ result = asn1_read_value(src, nptr, d.data, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(d.data);
+ return _gnutls_asn2err(result);
+ }
+
+ if (data) {
+ data->data = d.data;
+ data->size = d.size;
+ } else
+ gnutls_free(d.data);
+
+ return 0;
}
/**
@@ -3969,61 +3849,58 @@ _gnutls_parse_aia (ASN1_TYPE src,
* Since: 3.0
**/
int
-gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
- unsigned int seq,
- int what,
- gnutls_datum_t * data,
- unsigned int *critical)
-{
- int ret;
- gnutls_datum_t aia;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((ret = _gnutls_x509_crt_get_extension (crt, GNUTLS_OID_AIA, 0, &aia,
- critical)) < 0)
- return ret;
-
- if (aia.size == 0 || aia.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (critical && *critical)
- return GNUTLS_E_CONSTRAINT_ERROR;
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.AuthorityInfoAccessSyntax", &c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&aia);
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (&c2, aia.data, aia.size, NULL);
- /* asn1_print_structure (stdout, c2, "", ASN1_PRINT_ALL); */
- _gnutls_free_datum (&aia);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (ret);
- }
-
- ret = _gnutls_parse_aia (c2, seq, what, data);
-
- asn1_delete_structure (&c2);
- if (ret < 0)
- gnutls_assert ();
-
- return ret;
+gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t crt,
+ unsigned int seq,
+ int what,
+ gnutls_datum_t * data,
+ unsigned int *critical)
+{
+ int ret;
+ gnutls_datum_t aia;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((ret =
+ _gnutls_x509_crt_get_extension(crt, GNUTLS_OID_AIA, 0, &aia,
+ critical)) < 0)
+ return ret;
+
+ if (aia.size == 0 || aia.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (critical && *critical)
+ return GNUTLS_E_CONSTRAINT_ERROR;
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.AuthorityInfoAccessSyntax", &c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&aia);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_der_decoding(&c2, aia.data, aia.size, NULL);
+ /* asn1_print_structure (stdout, c2, "", ASN1_PRINT_ALL); */
+ _gnutls_free_datum(&aia);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = _gnutls_parse_aia(c2, seq, what, data);
+
+ asn1_delete_structure(&c2);
+ if (ret < 0)
+ gnutls_assert();
+
+ return ret;
}
/**
@@ -4042,9 +3919,10 @@ gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
* Since: 3.1.0
*
**/
-void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt,
- gnutls_pin_callback_t fn, void *userdata)
+void gnutls_x509_crt_set_pin_function(gnutls_x509_crt_t crt,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- crt->pin.cb = fn;
- crt->pin.data = userdata;
+ crt->pin.cb = fn;
+ crt->pin.data = userdata;
}
diff --git a/lib/x509/x509_dn.c b/lib/x509/x509_dn.c
index 384ad87422..0131de04ad 100644
--- a/lib/x509/x509_dn.c
+++ b/lib/x509/x509_dn.c
@@ -31,136 +31,135 @@
#include <x509_b64.h>
#include <c-ctype.h>
-typedef int (*set_dn_func) (void*, const char *oid, unsigned int raw_flag, const void *name, unsigned int name_size);
-
+typedef int (*set_dn_func) (void *, const char *oid, unsigned int raw_flag,
+ const void *name, unsigned int name_size);
+
static
-int dn_attr_crt_set( set_dn_func f, void* crt, const gnutls_datum_t * name,
- const gnutls_datum_t * val)
+int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t * name,
+ const gnutls_datum_t * val)
{
- char _oid[MAX_OID_SIZE];
- const char *oid;
- int ret;
-
- if (name->size == 0 || val->size == 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (c_isdigit(name->data[0]) != 0)
- {
- if (name->size >= sizeof(_oid))
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- memcpy(_oid, name->data, name->size);
- _oid[name->size] = 0;
-
- oid = _oid;
-
- if (gnutls_x509_dn_oid_known(oid) == 0)
- {
- _gnutls_debug_log("Unknown OID: '%s'\n", oid);
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- }
- }
- else
- {
- oid = _gnutls_ldap_string_to_oid((char*)name->data, name->size);
- }
-
- if (oid == NULL)
- {
- _gnutls_debug_log("Unknown DN attribute: '%.*s'\n", (int)name->size, name->data);
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- }
-
- if (val->data[0] == '#')
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- ret = f(crt, oid, 0, val->data, val->size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ char _oid[MAX_OID_SIZE];
+ const char *oid;
+ int ret;
+
+ if (name->size == 0 || val->size == 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (c_isdigit(name->data[0]) != 0) {
+ if (name->size >= sizeof(_oid))
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ memcpy(_oid, name->data, name->size);
+ _oid[name->size] = 0;
+
+ oid = _oid;
+
+ if (gnutls_x509_dn_oid_known(oid) == 0) {
+ _gnutls_debug_log("Unknown OID: '%s'\n", oid);
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+ } else {
+ oid =
+ _gnutls_ldap_string_to_oid((char *) name->data,
+ name->size);
+ }
+
+ if (oid == NULL) {
+ _gnutls_debug_log("Unknown DN attribute: '%.*s'\n",
+ (int) name->size, name->data);
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+
+ if (val->data[0] == '#')
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ ret = f(crt, oid, 0, val->data, val->size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
-static int read_attr_and_val(const char** ptr,
- gnutls_datum_t * name,
- gnutls_datum_t * val)
+static int read_attr_and_val(const char **ptr,
+ gnutls_datum_t * name, gnutls_datum_t * val)
{
-const unsigned char* p = (void*)*ptr;
-
- /* skip any space */
- while (c_isspace(*p))
- p++;
-
- /* Read the name */
- name->data = (void*)p;
- while (*p != '=' && *p != 0 && !c_isspace(*p))
- p++;
-
- name->size = p - name->data;
-
- /* skip any space */
- while (c_isspace(*p))
- p++;
-
- if (*p != '=')
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- p++;
-
- while (c_isspace(*p))
- p++;
-
- /* Read value */
- val->data = (void*)p;
- while (*p != 0 && !c_isspace(*p) && (*p != ',' || (*p == ',' && *(p-1) == '\\')) && *p != '\n')
- p++;
- val->size = p - (val->data);
-
- if (val->size == 0 || name->size == 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- *ptr = (void*)p;
-
- return 0;
+ const unsigned char *p = (void *) *ptr;
+
+ /* skip any space */
+ while (c_isspace(*p))
+ p++;
+
+ /* Read the name */
+ name->data = (void *) p;
+ while (*p != '=' && *p != 0 && !c_isspace(*p))
+ p++;
+
+ name->size = p - name->data;
+
+ /* skip any space */
+ while (c_isspace(*p))
+ p++;
+
+ if (*p != '=')
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ p++;
+
+ while (c_isspace(*p))
+ p++;
+
+ /* Read value */
+ val->data = (void *) p;
+ while (*p != 0 && !c_isspace(*p)
+ && (*p != ',' || (*p == ',' && *(p - 1) == '\\'))
+ && *p != '\n')
+ p++;
+ val->size = p - (val->data);
+
+ if (val->size == 0 || name->size == 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ *ptr = (void *) p;
+
+ return 0;
}
static int
-crt_set_dn (set_dn_func f, void* crt, const char *dn, const char** err)
+crt_set_dn(set_dn_func f, void *crt, const char *dn, const char **err)
{
-const char *p = dn;
-int ret;
-gnutls_datum_t name, val;
-
- if (crt == NULL || dn == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* For each element */
- while (*p != 0 && *p != '\n')
- {
- if (err)
- *err = p;
-
- ret = read_attr_and_val(&p, &name, &val);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* skip spaces and look for comma */
- while (c_isspace(*p))
- p++;
-
- ret = dn_attr_crt_set(f, crt, &name, &val);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (err)
- *err = p;
-
- if (*p != ',' && *p != 0 && *p != '\n')
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- if (*p == ',')
- p++;
- }
-
- return 0;
+ const char *p = dn;
+ int ret;
+ gnutls_datum_t name, val;
+
+ if (crt == NULL || dn == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* For each element */
+ while (*p != 0 && *p != '\n') {
+ if (err)
+ *err = p;
+
+ ret = read_attr_and_val(&p, &name, &val);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* skip spaces and look for comma */
+ while (c_isspace(*p))
+ p++;
+
+ ret = dn_attr_crt_set(f, crt, &name, &val);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (err)
+ *err = p;
+
+ if (*p != ',' && *p != 0 && *p != '\n')
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ if (*p == ',')
+ p++;
+ }
+
+ return 0;
}
@@ -177,9 +176,11 @@ gnutls_datum_t name, val;
* negative error value.
**/
int
-gnutls_x509_crt_set_dn (gnutls_x509_crt_t crt, const char *dn, const char** err)
+gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn,
+ const char **err)
{
- return crt_set_dn( (set_dn_func)gnutls_x509_crt_set_dn_by_oid, crt, dn, err);
+ return crt_set_dn((set_dn_func) gnutls_x509_crt_set_dn_by_oid, crt,
+ dn, err);
}
/**
@@ -195,9 +196,12 @@ gnutls_x509_crt_set_dn (gnutls_x509_crt_t crt, const char *dn, const char** err)
* negative error value.
**/
int
-gnutls_x509_crt_set_issuer_dn (gnutls_x509_crt_t crt, const char *dn, const char** err)
+gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt, const char *dn,
+ const char **err)
{
- return crt_set_dn( (set_dn_func)gnutls_x509_crt_set_issuer_dn_by_oid, crt, dn, err);
+ return crt_set_dn((set_dn_func)
+ gnutls_x509_crt_set_issuer_dn_by_oid, crt, dn,
+ err);
}
/**
@@ -213,7 +217,9 @@ gnutls_x509_crt_set_issuer_dn (gnutls_x509_crt_t crt, const char *dn, const char
* negative error value.
**/
int
-gnutls_x509_crq_set_dn (gnutls_x509_crq_t crq, const char *dn, const char** err)
+gnutls_x509_crq_set_dn(gnutls_x509_crq_t crq, const char *dn,
+ const char **err)
{
- return crt_set_dn( (set_dn_func)gnutls_x509_crq_set_dn_by_oid, crq, dn, err);
+ return crt_set_dn((set_dn_func) gnutls_x509_crq_set_dn_by_oid, crq,
+ dn, err);
}
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 10cf0c5c57..8fa86e705c 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -40,65 +40,60 @@
#define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
-typedef struct gnutls_x509_crl_int
-{
- ASN1_TYPE crl;
- int use_extensions;
- gnutls_datum_t raw_issuer_dn;
+typedef struct gnutls_x509_crl_int {
+ ASN1_TYPE crl;
+ int use_extensions;
+ gnutls_datum_t raw_issuer_dn;
} gnutls_x509_crl_int;
-typedef struct gnutls_x509_crt_int
-{
- ASN1_TYPE cert;
- int use_extensions;
- int expanded; /* a certificate has been expanded */
-
- /* These two cached values allow fast calls to
- * get_raw_*_dn(). */
- gnutls_datum_t raw_dn;
- gnutls_datum_t raw_issuer_dn;
-
- struct pin_info_st pin;
+typedef struct gnutls_x509_crt_int {
+ ASN1_TYPE cert;
+ int use_extensions;
+ int expanded; /* a certificate has been expanded */
+
+ /* These two cached values allow fast calls to
+ * get_raw_*_dn(). */
+ gnutls_datum_t raw_dn;
+ gnutls_datum_t raw_issuer_dn;
+
+ struct pin_info_st pin;
} gnutls_x509_crt_int;
-typedef struct gnutls_x509_crq_int
-{
- ASN1_TYPE crq;
+typedef struct gnutls_x509_crq_int {
+ ASN1_TYPE crq;
} gnutls_x509_crq_int;
-typedef struct gnutls_pkcs7_int
-{
- ASN1_TYPE pkcs7;
+typedef struct gnutls_pkcs7_int {
+ ASN1_TYPE pkcs7;
} gnutls_pkcs7_int;
-typedef struct gnutls_x509_privkey_int
-{
- /* the size of params depends on the public
- * key algorithm
- */
- gnutls_pk_params_st params;
+typedef struct gnutls_x509_privkey_int {
+ /* the size of params depends on the public
+ * key algorithm
+ */
+ gnutls_pk_params_st params;
- gnutls_pk_algorithm_t pk_algorithm;
+ gnutls_pk_algorithm_t pk_algorithm;
- ASN1_TYPE key;
+ ASN1_TYPE key;
} gnutls_x509_privkey_int;
-int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
+int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
-int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
- const gnutls_datum_t * dn2);
+int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
+ const gnutls_datum_t * dn2);
-int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
-int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
- gnutls_datum_t * dn);
+int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
+int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn);
/* sign.c */
-int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
- gnutls_datum_t * tbs);
-int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
- gnutls_digest_algorithm_t,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key);
+int _gnutls_x509_get_tbs(ASN1_TYPE cert, const char *tbs_name,
+ gnutls_datum_t * tbs);
+int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
+ gnutls_digest_algorithm_t,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key);
/* dn.c */
#define OID_X520_COUNTRY_NAME "2.5.4.6"
@@ -111,198 +106,201 @@ int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
#define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
-int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, char *buf,
- size_t * sizeof_buf);
+int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, char *buf,
+ size_t * sizeof_buf);
int
-_gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, gnutls_datum_t * dn);
+_gnutls_x509_get_dn(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, gnutls_datum_t * dn);
int
-_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- const char *given_oid, int indx,
- unsigned int raw_flag,
- gnutls_datum_t* out);
+_gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ const char *given_oid, int indx,
+ unsigned int raw_flag, gnutls_datum_t * out);
-int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, const char *oid,
- int raw_flag, const char *name, int sizeof_name);
+int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, const char *oid,
+ int raw_flag, const char *name,
+ int sizeof_name);
-int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid);
+int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid);
-int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
- int seq, void *name, size_t * name_size,
- unsigned int *ret_type, int othername_oid);
+int _gnutls_parse_general_name(ASN1_TYPE src, const char *src_name,
+ int seq, void *name, size_t * name_size,
+ unsigned int *ret_type, int othername_oid);
/* dsa.c */
/* verify.c */
-int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer);
+int gnutls_x509_crt_is_issuer(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer);
int
-_gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk,
- gnutls_pk_params_st * issuer_params);
+_gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk,
+ gnutls_pk_params_st * issuer_params);
-int _gnutls_x509_verify_data (const mac_entry_st* me,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_x509_crt_t issuer);
+int _gnutls_x509_verify_data(const mac_entry_st * me,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_x509_crt_t issuer);
/* privkey.h */
-ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
- raw_key,
- gnutls_x509_privkey_t pkey);
-ASN1_TYPE _gnutls_privkey_decode_ecc_key (const gnutls_datum_t *
- raw_key,
- gnutls_x509_privkey_t pkey);
+ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t *
+ raw_key,
+ gnutls_x509_privkey_t pkey);
+ASN1_TYPE _gnutls_privkey_decode_ecc_key(const gnutls_datum_t *
+ raw_key,
+ gnutls_x509_privkey_t pkey);
int
-_gnutls_x509_read_ecc_params (uint8_t * der, int dersize, gnutls_pk_params_st * params);
+_gnutls_x509_read_ecc_params(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
-int _gnutls_asn1_encode_privkey (gnutls_pk_algorithm_t pk, ASN1_TYPE * c2, gnutls_pk_params_st * params);
+int _gnutls_asn1_encode_privkey(gnutls_pk_algorithm_t pk, ASN1_TYPE * c2,
+ gnutls_pk_params_st * params);
/* extensions.c */
-int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
- const char *extension_id, int indx,
- gnutls_datum_t * ret,
- unsigned int *_critical);
-
-int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
- int indx, void *oid,
- size_t * sizeof_oid);
-
-int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
-
-int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
- const char *extension_id, int indx,
- gnutls_datum_t * ret,
- unsigned int *critical);
-int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
- int indx, void *ret,
- size_t * ret_size);
-int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
- uint8_t * extnValue, int extnValueLen);
-int _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
- int *pathLenConstraint,
- uint8_t * extnValue,
- int extnValueLen);
-int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
- const char *extension_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
+int _gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical);
+
+int _gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid);
+
+int _gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
+
+int _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *critical);
+int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
+ int indx, void *ret,
+ size_t * ret_size);
+int _gnutls_x509_ext_extract_keyUsage(uint16_t * keyUsage,
+ uint8_t * extnValue,
+ int extnValueLen);
+int _gnutls_x509_ext_extract_basicConstraints(unsigned int *CA,
+ int *pathLenConstraint,
+ uint8_t * extnValue,
+ int extnValueLen);
+int _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert,
+ const char *extension_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
int
-_gnutls_x509_ext_extract_number (uint8_t * number,
- size_t * nr_size,
- uint8_t * extnValue, int extnValueLen);
+_gnutls_x509_ext_extract_number(uint8_t * number,
+ size_t * nr_size,
+ uint8_t * extnValue, int extnValueLen);
int
-_gnutls_x509_ext_gen_number (const uint8_t * nuber, size_t nr_size,
- gnutls_datum_t * der_ext);
-
-
-int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
- gnutls_datum_t * der_ext);
-int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
-int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- gnutls_datum_t * prev_der_ext,
- gnutls_datum_t * der_ext);
-int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int reason_flags,
- gnutls_datum_t * der_ext);
-int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_data);
-int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_data);
-int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- uint8_t * extnValue,
- int extnValueLen);
-int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- gnutls_datum_t * der_ext);
+_gnutls_x509_ext_gen_number(const uint8_t * nuber, size_t nr_size,
+ gnutls_datum_t * der_ext);
+
+
+int _gnutls_x509_ext_gen_basicConstraints(int CA, int pathLenConstraint,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_keyUsage(uint16_t usage,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_data);
+int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_data);
+int _gnutls_x509_ext_extract_proxyCertInfo(int *pathLenConstraint,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ uint8_t * extnValue,
+ int extnValueLen);
+int _gnutls_x509_ext_gen_proxyCertInfo(int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext);
/* mpi.c */
-int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
- gnutls_pk_params_st*);
+int _gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert,
+ gnutls_pk_params_st *);
-int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
- gnutls_pk_params_st * params);
+int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert,
+ gnutls_pk_params_st * params);
-int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
- gnutls_pk_params_st * params);
+int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der,
+ int dersize,
+ gnutls_pk_params_st * params);
-int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
- gnutls_pk_params_st * params);
+int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der,
+ int dersize, gnutls_pk_params_st * params);
-int _gnutls_x509_write_ecc_params (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
-int _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
+int _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
+int _gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
int
-_gnutls_x509_write_pubkey_params (gnutls_pk_algorithm_t algo,
- gnutls_pk_params_st* params,
- gnutls_datum_t * der);
-int _gnutls_x509_write_pubkey (gnutls_pk_algorithm_t, gnutls_pk_params_st * params,
- gnutls_datum_t * der);
+_gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo,
+ gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
+int _gnutls_x509_write_pubkey(gnutls_pk_algorithm_t,
+ gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
-int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
- unsigned int *ret);
+int _gnutls_x509_read_uint(ASN1_TYPE node, const char *value,
+ unsigned int *ret);
-int _gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out);
+int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out);
-int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
- bigint_t * ret_mpi);
-int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
- int lz);
-int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
- uint32_t num);
+int _gnutls_x509_read_int(ASN1_TYPE node, const char *value,
+ bigint_t * ret_mpi);
+int _gnutls_x509_write_int(ASN1_TYPE node, const char *value, bigint_t mpi,
+ int lz);
+int _gnutls_x509_write_uint32(ASN1_TYPE node, const char *value,
+ uint32_t num);
-int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
- gnutls_pk_algorithm_t pk_algorithm,
- gnutls_digest_algorithm_t);
+int _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name,
+ gnutls_pk_algorithm_t pk_algorithm,
+ gnutls_digest_algorithm_t);
/* pkcs12.h */
#include <gnutls/pkcs12.h>
-typedef struct gnutls_pkcs12_int
-{
- ASN1_TYPE pkcs12;
+typedef struct gnutls_pkcs12_int {
+ ASN1_TYPE pkcs12;
} gnutls_pkcs12_int;
#define MAX_BAG_ELEMENTS 32
-struct bag_element
-{
- gnutls_datum_t data;
- gnutls_pkcs12_bag_type_t type;
- gnutls_datum_t local_key_id;
- char *friendly_name;
+struct bag_element {
+ gnutls_datum_t data;
+ gnutls_pkcs12_bag_type_t type;
+ gnutls_datum_t local_key_id;
+ char *friendly_name;
};
-typedef struct gnutls_pkcs12_bag_int
-{
- struct bag_element element[MAX_BAG_ELEMENTS];
- int bag_elements;
+typedef struct gnutls_pkcs12_bag_int {
+ struct bag_element element[MAX_BAG_ELEMENTS];
+ int bag_elements;
} gnutls_pkcs12_bag_int;
#define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
@@ -322,63 +320,63 @@ typedef struct gnutls_pkcs12_bag_int
#define KEY_ID_OID "1.2.840.113549.1.9.21"
int
-_gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
- unsigned int salt_size, unsigned int iter,
- const char *pw, unsigned int req_keylen,
- uint8_t * keybuf);
-
-int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * dec);
-
-typedef enum schema_id
-{
- PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
- PBES2_3DES, /* the stuff in PKCS #5 */
- PBES2_AES_128,
- PBES2_AES_192,
- PBES2_AES_256,
- PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
- PKCS12_ARCFOUR_SHA1,
- PKCS12_RC2_40_SHA1
+_gnutls_pkcs12_string_to_key(unsigned int id, const uint8_t * salt,
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ uint8_t * keybuf);
+
+int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * dec);
+
+typedef enum schema_id {
+ PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
+ PBES2_3DES, /* the stuff in PKCS #5 */
+ PBES2_AES_128,
+ PBES2_AES_192,
+ PBES2_AES_256,
+ PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
+ PKCS12_ARCFOUR_SHA1,
+ PKCS12_RC2_40_SHA1
} schema_id;
-int _gnutls_pkcs_flags_to_schema (unsigned int flags);
-int _gnutls_pkcs7_encrypt_data (schema_id schema,
- const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * enc);
-int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
- gnutls_pkcs12_bag_t bag);
+int _gnutls_pkcs_flags_to_schema(unsigned int flags);
+int _gnutls_pkcs7_encrypt_data(schema_id schema,
+ const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * enc);
+int _pkcs12_decode_safe_contents(const gnutls_datum_t * content,
+ gnutls_pkcs12_bag_t bag);
int
-_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
- int *enc);
+_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
+ int *enc);
-int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * in, gnutls_datum_t * out);
-int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * raw, gnutls_datum_t * out);
+int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * in,
+ gnutls_datum_t * out);
+int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * raw,
+ gnutls_datum_t * out);
/* crq */
-int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
+int _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
unsigned int
-_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
- int clist_size,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size,
- unsigned int flags,
- gnutls_verify_output_function func);
+_gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list,
+ int clist_size,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size,
+ unsigned int flags,
+ gnutls_verify_output_function func);
-int
-_gnutls_is_same_dn (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
+int _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
int
-_gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t * crl_list,
- int crl_list_length,
- gnutls_verify_output_function func);
+_gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t * crl_list,
+ int crl_list_length,
+ gnutls_verify_output_function func);
#endif
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index c5e854e71c..71f5a5d0d4 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -34,7 +34,7 @@
#include "x509_int.h"
#include <libtasn1.h>
-static void disable_optional_stuff (gnutls_x509_crt_t cert);
+static void disable_optional_stuff(gnutls_x509_crt_t cert);
/**
* gnutls_x509_crt_set_dn_by_oid:
@@ -58,17 +58,16 @@ static void disable_optional_stuff (gnutls_x509_crt_t cert);
* negative error value.
**/
int
-gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid,
- unsigned int raw_flag, const void *name,
- unsigned int sizeof_name)
+gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char *oid,
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
{
- if (sizeof_name == 0 || name == NULL || crt == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_name == 0 || name == NULL || crt == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject",
- oid, raw_flag, name, sizeof_name);
+ return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.subject",
+ oid, raw_flag, name, sizeof_name);
}
/**
@@ -97,19 +96,18 @@ gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid,
* negative error value.
**/
int
-gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name)
+gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name)
{
- if (sizeof_name == 0 || name == NULL || crt == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_name == 0 || name == NULL || crt == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.issuer", oid,
- raw_flag, name, sizeof_name);
+ return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.issuer",
+ oid, raw_flag, name, sizeof_name);
}
/**
@@ -130,33 +128,33 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt,
- unsigned int raw_flag, const void *name,
- unsigned int sizeof_name)
+gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t eecrt,
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
{
- int result;
-
- if (crt == NULL || eecrt == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
- eecrt->cert, "tbsCertificate.subject");
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (name && sizeof_name)
- {
- return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject",
- GNUTLS_OID_X520_COMMON_NAME,
- raw_flag, name, sizeof_name);
- }
-
- return 0;
+ int result;
+
+ if (crt == NULL || eecrt == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_copy_node(crt->cert, "tbsCertificate.subject",
+ eecrt->cert, "tbsCertificate.subject");
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (name && sizeof_name) {
+ return _gnutls_x509_set_dn_oid(crt->cert,
+ "tbsCertificate.subject",
+ GNUTLS_OID_X520_COMMON_NAME,
+ raw_flag, name,
+ sizeof_name);
+ }
+
+ return 0;
}
/**
@@ -177,28 +175,28 @@ gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt,
* negative error value.
**/
int
-gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version)
+gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, unsigned int version)
{
- int result;
- unsigned char null = version;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (null > 0)
- null--;
-
- result = asn1_write_value (crt->cert, "tbsCertificate.version", &null, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ unsigned char null = version;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null--;
+
+ result =
+ asn1_write_value(crt->cert, "tbsCertificate.version", &null,
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -215,28 +213,26 @@ gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version)
*
**/
int
-gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key)
+gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, gnutls_x509_privkey_t key)
{
- int result;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- key->pk_algorithm,
- &key->params);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ &key->params);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -251,39 +247,37 @@ gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
+int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
{
- int result;
-
- if (crt == NULL || crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_x509_crq_verify(crq, 0);
- if (result < 0)
- return gnutls_assert_val(result);
-
- result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
- crq->crq, "certificationRequestInfo.subject");
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- asn1_copy_node (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- crq->crq, "certificationRequestInfo.subjectPKInfo");
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+
+ if (crt == NULL || crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_x509_crq_verify(crq, 0);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ result = asn1_copy_node(crt->cert, "tbsCertificate.subject",
+ crq->crq,
+ "certificationRequestInfo.subject");
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_copy_node(crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo", crq->crq,
+ "certificationRequestInfo.subjectPKInfo");
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -300,80 +294,78 @@ gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
* Since: 2.8.0
**/
int
-gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq)
+gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
+ gnutls_x509_crq_t crq)
{
- size_t i;
-
- if (crt == NULL || crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (i = 0;; i++)
- {
- int result;
- char oid[MAX_OID_SIZE];
- size_t oid_size;
- uint8_t *extensions;
- size_t extensions_size;
- unsigned int critical;
- gnutls_datum_t ext;
-
- oid_size = sizeof (oid);
- result = gnutls_x509_crq_get_extension_info (crq, i, oid,
- &oid_size, &critical);
- if (result < 0)
- {
- if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
-
- gnutls_assert ();
- return result;
- }
-
- extensions_size = 0;
- result = gnutls_x509_crq_get_extension_data (crq, i, NULL,
- &extensions_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_data (crq, i, extensions,
- &extensions_size);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return result;
- }
-
- ext.data = extensions;
- ext.size = extensions_size;
-
- result = _gnutls_x509_crt_set_extension (crt, oid, &ext, critical);
- gnutls_free (extensions);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- if (i > 0)
- crt->use_extensions = 1;
-
- return 0;
+ size_t i;
+
+ if (crt == NULL || crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (i = 0;; i++) {
+ int result;
+ char oid[MAX_OID_SIZE];
+ size_t oid_size;
+ uint8_t *extensions;
+ size_t extensions_size;
+ unsigned int critical;
+ gnutls_datum_t ext;
+
+ oid_size = sizeof(oid);
+ result = gnutls_x509_crq_get_extension_info(crq, i, oid,
+ &oid_size,
+ &critical);
+ if (result < 0) {
+ if (result ==
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ gnutls_assert();
+ return result;
+ }
+
+ extensions_size = 0;
+ result = gnutls_x509_crq_get_extension_data(crq, i, NULL,
+ &extensions_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ gnutls_x509_crq_get_extension_data(crq, i, extensions,
+ &extensions_size);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return result;
+ }
+
+ ext.data = extensions;
+ ext.size = extensions_size;
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, oid, &ext,
+ critical);
+ gnutls_free(extensions);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ if (i > 0)
+ crt->use_extensions = 1;
+
+ return 0;
}
/**
@@ -392,33 +384,32 @@ gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
- const char *oid, const void *buf,
- size_t sizeof_buf,
- unsigned int critical)
+gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt,
+ const char *oid, const void *buf,
+ size_t sizeof_buf,
+ unsigned int critical)
{
- int result;
- gnutls_datum_t der_data;
+ int result;
+ gnutls_datum_t der_data;
- der_data.data = (void *) buf;
- der_data.size = sizeof_buf;
+ der_data.data = (void *) buf;
+ der_data.size = sizeof_buf;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_crt_set_extension (crt, oid, &der_data, critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result =
+ _gnutls_x509_crt_set_extension(crt, oid, &der_data, critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- crt->use_extensions = 1;
+ crt->use_extensions = 1;
- return 0;
+ return 0;
}
@@ -436,41 +427,41 @@ gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
- unsigned int ca, int pathLenConstraint)
+gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt,
+ unsigned int ca,
+ int pathLenConstraint)
{
- int result;
- gnutls_datum_t der_data;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint,
- &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.19", &der_data, 1);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_basicConstraints(ca, pathLenConstraint,
+ &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.19", &der_data, 1);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
}
/**
@@ -485,10 +476,9 @@ gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca)
+int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca)
{
- return gnutls_x509_crt_set_basic_constraints (crt, ca, -1);
+ return gnutls_x509_crt_set_basic_constraints(crt, ca, -1);
}
/**
@@ -502,39 +492,38 @@ gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca)
* negative error value.
**/
int
-gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage)
+gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, unsigned int usage)
{
- int result;
- gnutls_datum_t der_data;
+ int result;
+ gnutls_datum_t der_data;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_keyUsage ((uint16_t) usage, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_keyUsage((uint16_t) usage, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.15", &der_data, 1);
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.15", &der_data, 1);
- _gnutls_free_datum (&der_data);
+ _gnutls_free_datum(&der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- crt->use_extensions = 1;
+ crt->use_extensions = 1;
- return 0;
+ return 0;
}
/**
@@ -554,27 +543,25 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage)
* negative error value.
**/
int
-gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const char *data_string)
+gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const char *data_string)
{
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* only handle text extensions */
- if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
- type != GNUTLS_SAN_URI)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return gnutls_x509_crt_set_subject_alt_name (crt, type, data_string,
- strlen (data_string),
- GNUTLS_FSAN_SET);
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* only handle text extensions */
+ if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
+ type != GNUTLS_SAN_URI) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return gnutls_x509_crt_set_subject_alt_name(crt, type, data_string,
+ strlen(data_string),
+ GNUTLS_FSAN_SET);
}
/**
@@ -604,69 +591,70 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
* Since: 2.6.0
**/
int
-gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int flags)
+gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags)
{
- int result;
- gnutls_datum_t der_data = { NULL, 0 };
- gnutls_datum_t prev_der_data = { NULL, 0 };
- unsigned int critical = 0;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
-
- if (flags == GNUTLS_FSAN_APPEND)
- {
- result = _gnutls_x509_crt_get_extension (crt, "2.5.29.17", 0,
- &prev_der_data, &critical);
- if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_subject_alt_name (type, data, data_size,
- &prev_der_data, &der_data);
-
- if (flags == GNUTLS_FSAN_APPEND)
- _gnutls_free_datum (&prev_der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto finish;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.17", &der_data,
- critical);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
-
-finish:
- _gnutls_free_datum (&prev_der_data);
- return result;
+ int result;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t prev_der_data = { NULL, 0 };
+ unsigned int critical = 0;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+
+ if (flags == GNUTLS_FSAN_APPEND) {
+ result =
+ _gnutls_x509_crt_get_extension(crt, "2.5.29.17", 0,
+ &prev_der_data,
+ &critical);
+ if (result < 0
+ && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_subject_alt_name(type, data, data_size,
+ &prev_der_data,
+ &der_data);
+
+ if (flags == GNUTLS_FSAN_APPEND)
+ _gnutls_free_datum(&prev_der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto finish;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.17", &der_data,
+ critical);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
+
+ finish:
+ _gnutls_free_datum(&prev_der_data);
+ return result;
}
/**
@@ -685,46 +673,43 @@ finish:
* negative error value.
**/
int
-gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
- int pathLenConstraint,
- const char *policyLanguage,
- const char *policy, size_t sizeof_policy)
+gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt,
+ int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy, size_t sizeof_policy)
{
- int result;
- gnutls_datum_t der_data;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_proxyCertInfo (pathLenConstraint,
- policyLanguage,
- policy, sizeof_policy,
- &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "1.3.6.1.5.5.7.1.14",
- &der_data, 1);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_proxyCertInfo(pathLenConstraint,
+ policyLanguage,
+ policy, sizeof_policy,
+ &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = _gnutls_x509_crt_set_extension(crt, "1.3.6.1.5.5.7.1.14",
+ &der_data, 1);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
}
/**
@@ -739,64 +724,56 @@ gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_set_private_key_usage_period (gnutls_x509_crt_t crt,
- time_t activation,
- time_t expiration)
+gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt,
+ time_t activation,
+ time_t expiration)
{
- int result;
- gnutls_datum_t der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_set_time (c2,
- "notBefore",
- activation, 1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_set_time (c2,
- "notAfter",
- expiration, 1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.16",
- &der_data, 0);
-
- _gnutls_free_datum(&der_data);
-
- crt->use_extensions = 1;
-
-cleanup:
- asn1_delete_structure (&c2);
-
- return result;
+ int result;
+ gnutls_datum_t der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.PrivateKeyUsagePeriod", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_set_time(c2, "notBefore", activation, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_set_time(c2, "notAfter", expiration, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_crt_set_extension(crt, "2.5.29.16",
+ &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ crt->use_extensions = 1;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+
+ return result;
}
/**
@@ -817,46 +794,43 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
- int result;
- gnutls_privkey_t privkey;
-
- if (crt == NULL || issuer == NULL || issuer_key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_privkey_init (&privkey);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_import_x509 (privkey, issuer_key, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = gnutls_x509_crt_privkey_sign (crt, issuer, privkey, dig, flags);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = 0;
-
-fail:
- gnutls_privkey_deinit (privkey);
-
- return result;
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crt == NULL || issuer == NULL || issuer_key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init(&privkey);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509(privkey, issuer_key, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result =
+ gnutls_x509_crt_privkey_sign(crt, issuer, privkey, dig, flags);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result = 0;
+
+ fail:
+ gnutls_privkey_deinit(privkey);
+
+ return result;
}
/**
@@ -872,10 +846,11 @@ fail:
* negative error value.
**/
int
-gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key)
+gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
{
- return gnutls_x509_crt_sign2 (crt, issuer, issuer_key, GNUTLS_DIG_SHA1, 0);
+ return gnutls_x509_crt_sign2(crt, issuer, issuer_key,
+ GNUTLS_DIG_SHA1, 0);
}
/**
@@ -890,17 +865,17 @@ gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
* negative error value.
**/
int
-gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, time_t act_time)
+gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert,
+ time_t act_time)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_set_time (cert->cert,
- "tbsCertificate.validity.notBefore",
- act_time, 0);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_time(cert->cert,
+ "tbsCertificate.validity.notBefore",
+ act_time, 0);
}
/**
@@ -914,15 +889,16 @@ gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, time_t act_time)
* negative error value.
**/
int
-gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time)
+gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert,
+ time_t exp_time)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- return _gnutls_x509_set_time (cert->cert,
- "tbsCertificate.validity.notAfter", exp_time, 0);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return _gnutls_x509_set_time(cert->cert,
+ "tbsCertificate.validity.notAfter",
+ exp_time, 0);
}
/**
@@ -942,48 +918,47 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time)
* negative error value.
**/
int
-gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
- size_t serial_size)
+gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial,
+ size_t serial_size)
{
- int ret;
+ int ret;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret =
- asn1_write_value (cert->cert, "tbsCertificate.serialNumber", serial,
- serial_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
+ ret =
+ asn1_write_value(cert->cert, "tbsCertificate.serialNumber",
+ serial, serial_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
- return 0;
+ return 0;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
-static void
-disable_optional_stuff (gnutls_x509_crt_t cert)
+static void disable_optional_stuff(gnutls_x509_crt_t cert)
{
- asn1_write_value (cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0);
+ asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL,
+ 0);
- asn1_write_value (cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0);
+ asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID",
+ NULL, 0);
- if (cert->use_extensions == 0)
- {
- _gnutls_debug_log ("Disabling X.509 extensions.\n");
- asn1_write_value (cert->cert, "tbsCertificate.extensions", NULL, 0);
- }
+ if (cert->use_extensions == 0) {
+ _gnutls_debug_log("Disabling X.509 extensions.\n");
+ asn1_write_value(cert->cert, "tbsCertificate.extensions",
+ NULL, 0);
+ }
- return;
+ return;
}
/**
@@ -999,14 +974,14 @@ disable_optional_stuff (gnutls_x509_crt_t cert)
* negative error value.
**/
int
-gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data_string,
- unsigned int reason_flags)
+gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data_string,
+ unsigned int reason_flags)
{
- return gnutls_x509_crt_set_crl_dist_points2 (crt, type, data_string,
- strlen (data_string),
- reason_flags);
+ return gnutls_x509_crt_set_crl_dist_points2(crt, type, data_string,
+ strlen(data_string),
+ reason_flags);
}
/**
@@ -1025,60 +1000,58 @@ gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
* Since: 2.6.0
**/
int
-gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int reason_flags)
+gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags)
{
- int result;
- gnutls_datum_t der_data = { NULL, 0 };
- gnutls_datum_t oldname = { NULL, 0 };
- unsigned int critical;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (crt, "2.5.29.31", 0, &oldname, &critical);
-
- _gnutls_free_datum (&oldname);
-
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result =
- _gnutls_x509_ext_gen_crl_dist_points (type, data, data_size,
- reason_flags, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.31", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t oldname = { NULL, 0 };
+ unsigned int critical;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(crt, "2.5.29.31", 0, &oldname,
+ &critical);
+
+ _gnutls_free_datum(&oldname);
+
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_crl_dist_points(type, data, data_size,
+ reason_flags, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.31", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
}
@@ -1095,43 +1068,41 @@ gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
- gnutls_x509_crt_t src)
+gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst,
+ gnutls_x509_crt_t src)
{
- int result;
- gnutls_datum_t der_data;
- unsigned int critical;
-
- if (dst == NULL || src == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (src, "2.5.29.31", 0, &der_data,
- &critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- _gnutls_x509_crt_set_extension (dst, "2.5.29.31", &der_data, critical);
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- dst->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+ unsigned int critical;
+
+ if (dst == NULL || src == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(src, "2.5.29.31", 0, &der_data,
+ &critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(dst, "2.5.29.31", &der_data,
+ critical);
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ dst->use_extensions = 1;
+
+ return 0;
}
/**
@@ -1147,54 +1118,53 @@ gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
* negative error value.
**/
int
-gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size)
+gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert,
+ const void *id, size_t id_size)
{
- int result;
- gnutls_datum_t old_id, der_data;
- unsigned int critical;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &old_id, &critical);
-
- if (result >= 0)
- _gnutls_free_datum (&old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_key_id (id, id_size, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (cert, "2.5.29.14", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- cert->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_key_id(id, id_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(cert, "2.5.29.14", &der_data,
+ 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
}
/**
@@ -1210,54 +1180,53 @@ gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
* negative error value.
**/
int
-gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size)
+gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert,
+ const void *id, size_t id_size)
{
- int result;
- gnutls_datum_t old_id, der_data;
- unsigned int critical;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &old_id, &critical);
-
- if (result >= 0)
- _gnutls_free_datum (&old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_auth_key_id (id, id_size, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (cert, "2.5.29.35", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- cert->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_auth_key_id(id, id_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(cert, "2.5.29.35", &der_data,
+ 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
}
/**
@@ -1276,93 +1245,87 @@ gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
* otherwise a negative error code is returned.
**/
int
-gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
- const void *oid, unsigned int critical)
+gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
+ const void *oid, unsigned int critical)
{
- int result;
- gnutls_datum_t old_id, der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &old_id, NULL);
-
- if (result >= 0)
- {
- /* decode it.
- */
- result = asn1_der_decoding (&c2, old_id.data, old_id.size, NULL);
- _gnutls_free_datum (&old_id);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- }
-
- /* generate the extension.
- */
- /* 1. create a new element.
- */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* 2. Add the OID.
- */
- result = asn1_write_value (c2, "?LAST", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- asn1_delete_structure (&c2);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_crt_set_extension (cert, "2.5.29.37",
- &der_data, critical);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- cert->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &old_id,
+ NULL);
+
+ if (result >= 0) {
+ /* decode it.
+ */
+ result =
+ asn1_der_decoding(&c2, old_id.data, old_id.size, NULL);
+ _gnutls_free_datum(&old_id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ }
+
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value(c2, "?LAST", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ asn1_delete_structure(&c2);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_crt_set_extension(cert, "2.5.29.37",
+ &der_data, critical);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
}
@@ -1384,45 +1347,43 @@ gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
* negative error value.
**/
int
-gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
- int result;
-
- if (crt == NULL || issuer == NULL || issuer_key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* disable all the unneeded OPTIONAL fields.
- */
- disable_optional_stuff (crt);
-
- result = _gnutls_x509_pkix_sign (crt->cert, "tbsCertificate",
- dig, issuer, issuer_key);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crt == NULL || issuer == NULL || issuer_key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* disable all the unneeded OPTIONAL fields.
+ */
+ disable_optional_stuff(crt);
+
+ result = _gnutls_x509_pkix_sign(crt->cert, "tbsCertificate",
+ dig, issuer, issuer_key);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
-static const char* what_to_oid(int what)
+static const char *what_to_oid(int what)
{
- switch(what)
- {
- case GNUTLS_IA_OCSP_URI:
- return GNUTLS_OID_AD_OCSP;
- case GNUTLS_IA_CAISSUERS_URI:
- return GNUTLS_OID_AD_CAISSUERS;
- default:
- return NULL;
- }
+ switch (what) {
+ case GNUTLS_IA_OCSP_URI:
+ return GNUTLS_OID_AD_OCSP;
+ case GNUTLS_IA_CAISSUERS_URI:
+ return GNUTLS_OID_AD_CAISSUERS;
+ default:
+ return NULL;
+ }
}
/**
@@ -1447,161 +1408,152 @@ static const char* what_to_oid(int what)
* Since: 3.0
**/
int
-gnutls_x509_crt_set_authority_info_access (gnutls_x509_crt_t crt,
- int what,
- gnutls_datum_t * data)
+gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt,
+ int what, gnutls_datum_t * data)
{
- int ret, result;
- gnutls_datum_t aia = { NULL, 0 };
- gnutls_datum_t der_data = { NULL, 0 };
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- const char* oid;
- unsigned int c;
-
- if (crt == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- oid = what_to_oid(what);
- if (oid == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.AuthorityInfoAccessSyntax", &c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = _gnutls_x509_crt_get_extension (crt, GNUTLS_OID_AIA, 0, &aia,
- &c);
- if (ret >= 0) /* decode it */
- {
- ret = asn1_der_decoding (&c2, aia.data, aia.size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
- }
-
- /* generate the extension.
- */
- /* 1. create a new element.
- */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* 2. Add the OID.
- */
- result = asn1_write_value (c2, "?LAST.accessMethod", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* accessLocation is a choice */
- result = asn1_write_value (c2, "?LAST.accessLocation", "uniformResourceIdentifier", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "?LAST.accessLocation.uniformResourceIdentifier", data->data, data->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- ret = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_x509_crt_set_extension (crt, GNUTLS_OID_AIA,
- &der_data, 0);
- if (ret < 0)
- gnutls_assert ();
-
- crt->use_extensions = 1;
-
-cleanup:
- _gnutls_free_datum (&der_data);
- _gnutls_free_datum(&aia);
- asn1_delete_structure (&c2);
-
- return ret;
+ int ret, result;
+ gnutls_datum_t aia = { NULL, 0 };
+ gnutls_datum_t der_data = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ const char *oid;
+ unsigned int c;
+
+ if (crt == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ oid = what_to_oid(what);
+ if (oid == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.AuthorityInfoAccessSyntax", &c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = _gnutls_x509_crt_get_extension(crt, GNUTLS_OID_AIA, 0, &aia,
+ &c);
+ if (ret >= 0) { /* decode it */
+ ret = asn1_der_decoding(&c2, aia.data, aia.size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+ }
+
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value(c2, "?LAST.accessMethod", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* accessLocation is a choice */
+ result =
+ asn1_write_value(c2, "?LAST.accessLocation",
+ "uniformResourceIdentifier", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2,
+ "?LAST.accessLocation.uniformResourceIdentifier",
+ data->data, data->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crt_set_extension(crt, GNUTLS_OID_AIA,
+ &der_data, 0);
+ if (ret < 0)
+ gnutls_assert();
+
+ crt->use_extensions = 1;
+
+ cleanup:
+ _gnutls_free_datum(&der_data);
+ _gnutls_free_datum(&aia);
+ asn1_delete_structure(&c2);
+
+ return ret;
}
-static int encode_user_notice(const gnutls_datum_t* txt, gnutls_datum_t *der_data)
+static int encode_user_notice(const gnutls_datum_t * txt,
+ gnutls_datum_t * der_data)
{
- int result;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.UserNotice",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* delete noticeRef */
- result =
- asn1_write_value (c2, "noticeRef", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result =
- asn1_write_value (c2, "explicitText", "utf8String", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result =
- asn1_write_value (c2, "explicitText.utf8String", txt->data, txt->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = _gnutls_x509_der_encode(c2, "", der_data, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = 0;
-
-error:
- asn1_delete_structure (&c2);
- return result;
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.UserNotice",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* delete noticeRef */
+ result = asn1_write_value(c2, "noticeRef", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_write_value(c2, "explicitText", "utf8String", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_write_value(c2, "explicitText.utf8String", txt->data,
+ txt->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", der_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -1624,159 +1576,157 @@ error:
* Since: 3.1.5
**/
int
-gnutls_x509_crt_set_policy (gnutls_x509_crt_t crt, struct gnutls_x509_policy_st* policy,
- unsigned int critical)
+gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt,
+ struct gnutls_x509_policy_st *policy,
+ unsigned int critical)
{
- int result;
- unsigned i;
- gnutls_datum_t der_data, tmpd, prev_der_data = {NULL, 0};
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- const char* oid;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = _gnutls_x509_crt_get_extension (crt, "2.5.29.32", 0,
- &prev_der_data, NULL);
- if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.certificatePolicies", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (prev_der_data.data != NULL)
- {
- result =
- asn1_der_decoding (&c2, prev_der_data.data, prev_der_data.size,
- NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
-
- /* 1. write a new policy */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* 2. Add the OID.
- */
- result = asn1_write_value (c2, "?LAST.policyIdentifier", policy->oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- for (i=0;i<MIN(policy->qualifiers,GNUTLS_MAX_QUALIFIERS);i++)
- {
- result = asn1_write_value (c2, "?LAST.policyQualifiers", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_URI)
- oid = "1.3.6.1.5.5.7.2.1";
- else if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_NOTICE)
- oid = "1.3.6.1.5.5.7.2.2";
- else
- {
- result = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "?LAST.policyQualifiers.?LAST.policyQualifierId", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_URI)
- {
- tmpd.data = (void*)policy->qualifier[i].data;
- tmpd.size = policy->qualifier[i].size;
-
- result = _gnutls_x509_write_string(c2, "?LAST.policyQualifiers.?LAST.qualifier",
- &tmpd, ASN1_ETYPE_IA5_STRING);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_NOTICE)
- {
- tmpd.data = (void*)policy->qualifier[i].data;
- tmpd.size = policy->qualifier[i].size;
-
- if (tmpd.size > 200)
- {
- gnutls_assert();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- result = encode_user_notice(&tmpd, &der_data);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_value(c2, "?LAST.policyQualifiers.?LAST.qualifier",
- &der_data);
- _gnutls_free_datum(&der_data);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.32",
- &der_data, 0);
-
- _gnutls_free_datum(&der_data);
-
- crt->use_extensions = 1;
-
-cleanup:
- asn1_delete_structure (&c2);
- _gnutls_free_datum(&prev_der_data);
-
- return result;
+ int result;
+ unsigned i;
+ gnutls_datum_t der_data, tmpd, prev_der_data = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ const char *oid;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_crt_get_extension(crt, "2.5.29.32", 0,
+ &prev_der_data, NULL);
+ if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.certificatePolicies", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (prev_der_data.data != NULL) {
+ result =
+ asn1_der_decoding(&c2, prev_der_data.data,
+ prev_der_data.size, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ }
+
+ /* 1. write a new policy */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* 2. Add the OID.
+ */
+ result =
+ asn1_write_value(c2, "?LAST.policyIdentifier", policy->oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ for (i = 0; i < MIN(policy->qualifiers, GNUTLS_MAX_QUALIFIERS);
+ i++) {
+ result =
+ asn1_write_value(c2, "?LAST.policyQualifiers", "NEW",
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_URI)
+ oid = "1.3.6.1.5.5.7.2.1";
+ else if (policy->qualifier[i].type ==
+ GNUTLS_X509_QUALIFIER_NOTICE)
+ oid = "1.3.6.1.5.5.7.2.2";
+ else {
+ result =
+ gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2,
+ "?LAST.policyQualifiers.?LAST.policyQualifierId",
+ oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_URI) {
+ tmpd.data = (void *) policy->qualifier[i].data;
+ tmpd.size = policy->qualifier[i].size;
+
+ result =
+ _gnutls_x509_write_string(c2,
+ "?LAST.policyQualifiers.?LAST.qualifier",
+ &tmpd,
+ ASN1_ETYPE_IA5_STRING);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else if (policy->qualifier[i].type ==
+ GNUTLS_X509_QUALIFIER_NOTICE) {
+ tmpd.data = (void *) policy->qualifier[i].data;
+ tmpd.size = policy->qualifier[i].size;
+
+ if (tmpd.size > 200) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ result = encode_user_notice(&tmpd, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_write_value(c2,
+ "?LAST.policyQualifiers.?LAST.qualifier",
+ &der_data);
+ _gnutls_free_datum(&der_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_crt_set_extension(crt, "2.5.29.32",
+ &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ crt->use_extensions = 1;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ _gnutls_free_datum(&prev_der_data);
+
+ return result;
}
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index 9e727b5f51..7702916ca6 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -43,77 +43,75 @@
* The result_size (including the null terminator) is the return value.
*/
int
-_gnutls_fbase64_encode (const char *msg, const uint8_t * data,
- size_t data_size, gnutls_datum_t * result)
+_gnutls_fbase64_encode(const char *msg, const uint8_t * data,
+ size_t data_size, gnutls_datum_t * result)
{
- int tmp;
- unsigned int i;
- char tmpres[66];
- uint8_t *ptr;
- char top[80];
- char bottom[80];
- size_t size, max, bytes;
- int pos, top_len, bottom_len;
-
- if (msg == NULL || strlen(msg) > 50)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_ENCODING_ERROR;
- }
-
- _gnutls_str_cpy (top, sizeof(top), "-----BEGIN ");
- _gnutls_str_cat (top, sizeof(top), msg);
- _gnutls_str_cat (top, sizeof(top), "-----\n");
-
- _gnutls_str_cpy (bottom, sizeof(bottom), "-----END ");
- _gnutls_str_cat (bottom, sizeof(bottom), msg);
- _gnutls_str_cat (bottom, sizeof(bottom), "-----\n");
-
- top_len = strlen (top);
- bottom_len = strlen (bottom);
-
- max = B64FSIZE (top_len+bottom_len, data_size);
-
- result->data = gnutls_malloc (max + 1);
- if (result->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- bytes = pos = 0;
- INCR (bytes, top_len, max);
- pos = top_len;
-
- memcpy (result->data, top, top_len);
-
- for (i = 0; i < data_size; i += 48)
- {
- if (data_size - i < 48)
- tmp = data_size - i;
- else
- tmp = 48;
-
- base64_encode ((void*)&data[i], tmp, tmpres, sizeof(tmpres));
- size = strlen(tmpres);
-
- INCR (bytes, size+1, max);
- ptr = &result->data[pos];
-
- memcpy(ptr, tmpres, size);
- ptr += size;
- *ptr++ = '\n';
-
- pos += size + 1;
- }
-
- INCR (bytes, bottom_len, max);
-
- memcpy (&result->data[bytes - bottom_len], bottom, bottom_len);
- result->data[bytes] = 0;
- result->size = bytes;
-
- return max + 1;
+ int tmp;
+ unsigned int i;
+ char tmpres[66];
+ uint8_t *ptr;
+ char top[80];
+ char bottom[80];
+ size_t size, max, bytes;
+ int pos, top_len, bottom_len;
+
+ if (msg == NULL || strlen(msg) > 50) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_ENCODING_ERROR;
+ }
+
+ _gnutls_str_cpy(top, sizeof(top), "-----BEGIN ");
+ _gnutls_str_cat(top, sizeof(top), msg);
+ _gnutls_str_cat(top, sizeof(top), "-----\n");
+
+ _gnutls_str_cpy(bottom, sizeof(bottom), "-----END ");
+ _gnutls_str_cat(bottom, sizeof(bottom), msg);
+ _gnutls_str_cat(bottom, sizeof(bottom), "-----\n");
+
+ top_len = strlen(top);
+ bottom_len = strlen(bottom);
+
+ max = B64FSIZE(top_len + bottom_len, data_size);
+
+ result->data = gnutls_malloc(max + 1);
+ if (result->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ bytes = pos = 0;
+ INCR(bytes, top_len, max);
+ pos = top_len;
+
+ memcpy(result->data, top, top_len);
+
+ for (i = 0; i < data_size; i += 48) {
+ if (data_size - i < 48)
+ tmp = data_size - i;
+ else
+ tmp = 48;
+
+ base64_encode((void *) &data[i], tmp, tmpres,
+ sizeof(tmpres));
+ size = strlen(tmpres);
+
+ INCR(bytes, size + 1, max);
+ ptr = &result->data[pos];
+
+ memcpy(ptr, tmpres, size);
+ ptr += size;
+ *ptr++ = '\n';
+
+ pos += size + 1;
+ }
+
+ INCR(bytes, bottom_len, max);
+
+ memcpy(&result->data[bytes - bottom_len], bottom, bottom_len);
+ result->data[bytes] = 0;
+ result->size = bytes;
+
+ return max + 1;
}
/**
@@ -134,30 +132,27 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data,
* not long enough, or 0 on success.
**/
int
-gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
- char *result, size_t * result_size)
+gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data,
+ char *result, size_t * result_size)
{
- gnutls_datum_t res;
- int ret;
-
- ret = _gnutls_fbase64_encode (msg, data->data, data->size, &res);
- if (ret < 0)
- return ret;
-
- if (result == NULL || *result_size < (unsigned) res.size)
- {
- gnutls_free (res.data);
- *result_size = res.size + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- memcpy (result, res.data, res.size);
- gnutls_free (res.data);
- *result_size = res.size;
- }
-
- return 0;
+ gnutls_datum_t res;
+ int ret;
+
+ ret = _gnutls_fbase64_encode(msg, data->data, data->size, &res);
+ if (ret < 0)
+ return ret;
+
+ if (result == NULL || *result_size < (unsigned) res.size) {
+ gnutls_free(res.data);
+ *result_size = res.size + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, res.data, res.size);
+ gnutls_free(res.data);
+ *result_size = res.size;
+ }
+
+ return 0;
}
/**
@@ -177,104 +172,103 @@ gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
* an error code is returned.
**/
int
-gnutls_pem_base64_encode_alloc (const char *msg,
- const gnutls_datum_t * data,
- gnutls_datum_t * result)
+gnutls_pem_base64_encode_alloc(const char *msg,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * result)
{
- int ret;
+ int ret;
- if (result == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (result == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret = _gnutls_fbase64_encode (msg, data->data, data->size, result);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_fbase64_encode(msg, data->data, data->size, result);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
/* copies data to result but removes newlines and <CR>
* returns the size of the data copied.
*/
inline static int
-cpydata (const uint8_t * data, int data_size, gnutls_datum_t *result)
+cpydata(const uint8_t * data, int data_size, gnutls_datum_t * result)
{
- int i, j;
-
- result->data = gnutls_malloc (data_size+1);
- if (result->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- for (j = i = 0; i < data_size; i++)
- {
- if (data[i] == '\n' || data[i] == '\r' || data[i] == ' '
- || data[i] == '\t')
- continue;
- else if (data[i] == '-') break;
- result->data[j] = data[i];
- j++;
- }
-
- result->size = j;
- result->data[j] = 0;
- return j;
+ int i, j;
+
+ result->data = gnutls_malloc(data_size + 1);
+ if (result->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ for (j = i = 0; i < data_size; i++) {
+ if (data[i] == '\n' || data[i] == '\r' || data[i] == ' '
+ || data[i] == '\t')
+ continue;
+ else if (data[i] == '-')
+ break;
+ result->data[j] = data[i];
+ j++;
+ }
+
+ result->size = j;
+ result->data[j] = 0;
+ return j;
}
/* decodes data and puts the result into result (locally allocated)
* The result_size is the return value
*/
int
-_gnutls_base64_decode (const uint8_t * data, size_t data_size,
- gnutls_datum_t * result)
+_gnutls_base64_decode(const uint8_t * data, size_t data_size,
+ gnutls_datum_t * result)
{
- unsigned int i;
- int pos, tmp, est, ret;
- uint8_t tmpres[48];
- size_t tmpres_size, decode_size;
- gnutls_datum_t pdata;
-
- ret = cpydata(data, data_size, &pdata);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- est = ((data_size * 3) / 4) + 1;
-
- result->data = gnutls_malloc (est);
- if (result->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- pos = 0;
- for (i = 0; i < pdata.size; i += 64)
- {
- if (pdata.size - i < 64)
- decode_size = pdata.size - i;
- else
- decode_size = 64;
-
- tmpres_size = sizeof(tmpres);
- tmp = base64_decode ((void*)&pdata.data[i], decode_size, (void*)tmpres, &tmpres_size);
- if (tmp == 0)
- {
- gnutls_assert();
- gnutls_free (result->data);
- result->data = NULL;
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
- memcpy (&result->data[pos], tmpres, tmpres_size);
- pos += tmpres_size;
- }
-
- result->size = pos;
-
- ret = pos;
-
-cleanup:
- gnutls_free (pdata.data);
- return ret;
+ unsigned int i;
+ int pos, tmp, est, ret;
+ uint8_t tmpres[48];
+ size_t tmpres_size, decode_size;
+ gnutls_datum_t pdata;
+
+ ret = cpydata(data, data_size, &pdata);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ est = ((data_size * 3) / 4) + 1;
+
+ result->data = gnutls_malloc(est);
+ if (result->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos = 0;
+ for (i = 0; i < pdata.size; i += 64) {
+ if (pdata.size - i < 64)
+ decode_size = pdata.size - i;
+ else
+ decode_size = 64;
+
+ tmpres_size = sizeof(tmpres);
+ tmp =
+ base64_decode((void *) &pdata.data[i], decode_size,
+ (void *) tmpres, &tmpres_size);
+ if (tmp == 0) {
+ gnutls_assert();
+ gnutls_free(result->data);
+ result->data = NULL;
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+ memcpy(&result->data[pos], tmpres, tmpres_size);
+ pos += tmpres_size;
+ }
+
+ result->size = pos;
+
+ ret = pos;
+
+ cleanup:
+ gnutls_free(pdata.data);
+ return ret;
}
@@ -285,77 +279,72 @@ cleanup:
*/
#define ENDSTR "-----"
int
-_gnutls_fbase64_decode (const char *header, const uint8_t * data,
- size_t data_size, gnutls_datum_t* result)
+_gnutls_fbase64_decode(const char *header, const uint8_t * data,
+ size_t data_size, gnutls_datum_t * result)
{
- int ret;
- static const char top[] = "-----BEGIN ";
- static const char bottom[] = "-----END ";
- uint8_t *rdata, *kdata;
- int rdata_size;
- char pem_header[128];
-
- _gnutls_str_cpy (pem_header, sizeof (pem_header), top);
- if (header != NULL)
- _gnutls_str_cat (pem_header, sizeof (pem_header), header);
-
- rdata = memmem (data, data_size, pem_header, strlen (pem_header));
-
- if (rdata == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Could not find '%s'\n", pem_header);
- return GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR;
- }
-
- data_size -= (unsigned long int) rdata - (unsigned long int) data;
-
- if (data_size < 4 + strlen (bottom))
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- kdata = memmem (rdata + 1, data_size - 1, ENDSTR, sizeof (ENDSTR) - 1);
- /* allow CR as well.
- */
- if (kdata == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Could not find '%s'\n", ENDSTR);
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
- data_size -= strlen (ENDSTR);
- data_size -= (unsigned long int) kdata - (unsigned long int) rdata;
-
- rdata = kdata + strlen (ENDSTR);
-
- /* position is now after the ---BEGIN--- headers */
-
- kdata = memmem (rdata, data_size, bottom, strlen (bottom));
- if (kdata == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- /* position of kdata is before the ----END--- footer
- */
- rdata_size = (unsigned long int) kdata - (unsigned long int) rdata;
-
- if (rdata_size < 4)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- if ((ret = _gnutls_base64_decode (rdata, rdata_size, result)) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- return ret;
+ int ret;
+ static const char top[] = "-----BEGIN ";
+ static const char bottom[] = "-----END ";
+ uint8_t *rdata, *kdata;
+ int rdata_size;
+ char pem_header[128];
+
+ _gnutls_str_cpy(pem_header, sizeof(pem_header), top);
+ if (header != NULL)
+ _gnutls_str_cat(pem_header, sizeof(pem_header), header);
+
+ rdata = memmem(data, data_size, pem_header, strlen(pem_header));
+
+ if (rdata == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Could not find '%s'\n", pem_header);
+ return GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR;
+ }
+
+ data_size -= (unsigned long int) rdata - (unsigned long int) data;
+
+ if (data_size < 4 + strlen(bottom)) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ kdata =
+ memmem(rdata + 1, data_size - 1, ENDSTR, sizeof(ENDSTR) - 1);
+ /* allow CR as well.
+ */
+ if (kdata == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Could not find '%s'\n", ENDSTR);
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ data_size -= strlen(ENDSTR);
+ data_size -= (unsigned long int) kdata - (unsigned long int) rdata;
+
+ rdata = kdata + strlen(ENDSTR);
+
+ /* position is now after the ---BEGIN--- headers */
+
+ kdata = memmem(rdata, data_size, bottom, strlen(bottom));
+ if (kdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ /* position of kdata is before the ----END--- footer
+ */
+ rdata_size = (unsigned long int) kdata - (unsigned long int) rdata;
+
+ if (rdata_size < 4) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ if ((ret = _gnutls_base64_decode(rdata, rdata_size, result)) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ return ret;
}
/**
@@ -375,32 +364,30 @@ _gnutls_fbase64_decode (const char *header, const uint8_t * data,
* not long enough, or 0 on success.
**/
int
-gnutls_pem_base64_decode (const char *header,
- const gnutls_datum_t * b64_data,
- unsigned char *result, size_t * result_size)
+gnutls_pem_base64_decode(const char *header,
+ const gnutls_datum_t * b64_data,
+ unsigned char *result, size_t * result_size)
{
- gnutls_datum_t res;
- int ret;
-
- ret =
- _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &res);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (result == NULL || *result_size < (unsigned) res.size)
- {
- gnutls_free (res.data);
- *result_size = res.size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- memcpy (result, res.data, res.size);
- gnutls_free (res.data);
- *result_size = res.size;
- }
-
- return 0;
+ gnutls_datum_t res;
+ int ret;
+
+ ret =
+ _gnutls_fbase64_decode(header, b64_data->data, b64_data->size,
+ &res);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (result == NULL || *result_size < (unsigned) res.size) {
+ gnutls_free(res.data);
+ *result_size = res.size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, res.data, res.size);
+ gnutls_free(res.data);
+ *result_size = res.size;
+ }
+
+ return 0;
}
/**
@@ -421,19 +408,20 @@ gnutls_pem_base64_decode (const char *header,
* an error code is returned.
**/
int
-gnutls_pem_base64_decode_alloc (const char *header,
- const gnutls_datum_t * b64_data,
- gnutls_datum_t * result)
+gnutls_pem_base64_decode_alloc(const char *header,
+ const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result)
{
- int ret;
+ int ret;
- if (result == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (result == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret =
- _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, result);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_fbase64_decode(header, b64_data->data, b64_data->size,
+ result);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
diff --git a/lib/x509_b64.h b/lib/x509_b64.h
index c9c2f80ed1..be3482934e 100644
--- a/lib/x509_b64.h
+++ b/lib/x509_b64.h
@@ -20,14 +20,14 @@
*
*/
-int _gnutls_fbase64_encode (const char *msg, const uint8_t * data,
- size_t data_size, gnutls_datum_t* result);
-int _gnutls_fbase64_decode (const char *header, const uint8_t * data,
- size_t data_size, gnutls_datum_t* result);
+int _gnutls_fbase64_encode(const char *msg, const uint8_t * data,
+ size_t data_size, gnutls_datum_t * result);
+int _gnutls_fbase64_decode(const char *header, const uint8_t * data,
+ size_t data_size, gnutls_datum_t * result);
int
-_gnutls_base64_decode (const uint8_t * data, size_t data_size,
- gnutls_datum_t * result);
+_gnutls_base64_decode(const uint8_t * data, size_t data_size,
+ gnutls_datum_t * result);
#define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4)))
diff --git a/lib/xssl.c b/lib/xssl.c
index ca2f2530be..7b9e198d94 100644
--- a/lib/xssl.c
+++ b/lib/xssl.c
@@ -39,94 +39,93 @@
*
* Since: 3.1.7
**/
-void xssl_cred_deinit (xssl_cred_t cred)
+void xssl_cred_deinit(xssl_cred_t cred)
{
- if (cred->xcred)
- gnutls_certificate_free_credentials(cred->xcred);
- gnutls_free(cred);
+ if (cred->xcred)
+ gnutls_certificate_free_credentials(cred->xcred);
+ gnutls_free(cred);
}
-static int
-_verify_certificate_callback (gnutls_session_t session)
+static int _verify_certificate_callback(gnutls_session_t session)
{
- unsigned int status;
- xssl_t sb;
- int ret, type;
- const char *hostname = NULL;
- const char *service = NULL;
- const char *tofu_file = NULL;
-
- sb = gnutls_session_get_ptr(session);
- if (sb == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (sb->cred == NULL)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- if (sb->server_name[0] != 0)
- hostname = sb->server_name;
-
- if (sb->service_name[0] != 0)
- service = sb->service_name;
-
- if (sb->cred->tofu_file[0] != 0)
- tofu_file = sb->cred->tofu_file;
-
- /* This verification function uses the trusted CAs in the credentials
- * structure. So you must have installed one or more CA certificates.
- */
- sb->vstatus = 0;
- if (sb->cred->vflags & GNUTLS_VMETHOD_SYSTEM_CAS || sb->cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS)
- {
- ret = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
-
- sb->vstatus = status;
-
- if (status != 0) /* Certificate is not trusted */
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
- }
-
- if (hostname && sb->cred->vflags & GNUTLS_VMETHOD_TOFU)
- {
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size;
-
- type = gnutls_certificate_type_get (session);
-
- /* Do SSH verification */
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list == NULL)
- {
- sb->vstatus |= GNUTLS_CERT_INVALID;
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
- }
-
- /* service may be obtained alternatively using getservbyport() */
- ret = gnutls_verify_stored_pubkey(tofu_file, NULL, hostname, service,
- type, &cert_list[0], 0);
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- /* host was not seen before. Store the key */
- gnutls_store_pubkey(tofu_file, NULL, hostname, service,
- type, &cert_list[0], 0, 0);
- }
- else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- {
- sb->vstatus |= GNUTLS_CERT_MISMATCH;
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
- }
- else if (ret < 0)
- {
- sb->vstatus |= GNUTLS_CERT_INVALID;
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
- }
- }
-
- /* notify gnutls to continue handshake normally */
- return 0;
+ unsigned int status;
+ xssl_t sb;
+ int ret, type;
+ const char *hostname = NULL;
+ const char *service = NULL;
+ const char *tofu_file = NULL;
+
+ sb = gnutls_session_get_ptr(session);
+ if (sb == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (sb->cred == NULL)
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ if (sb->server_name[0] != 0)
+ hostname = sb->server_name;
+
+ if (sb->service_name[0] != 0)
+ service = sb->service_name;
+
+ if (sb->cred->tofu_file[0] != 0)
+ tofu_file = sb->cred->tofu_file;
+
+ /* This verification function uses the trusted CAs in the credentials
+ * structure. So you must have installed one or more CA certificates.
+ */
+ sb->vstatus = 0;
+ if (sb->cred->vflags & GNUTLS_VMETHOD_SYSTEM_CAS
+ || sb->cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS) {
+ ret =
+ gnutls_certificate_verify_peers3(session, hostname,
+ &status);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+
+ sb->vstatus = status;
+
+ if (status != 0) /* Certificate is not trusted */
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+ }
+
+ if (hostname && sb->cred->vflags & GNUTLS_VMETHOD_TOFU) {
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size;
+
+ type = gnutls_certificate_type_get(session);
+
+ /* Do SSH verification */
+ cert_list =
+ gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list == NULL) {
+ sb->vstatus |= GNUTLS_CERT_INVALID;
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+ }
+
+ /* service may be obtained alternatively using getservbyport() */
+ ret =
+ gnutls_verify_stored_pubkey(tofu_file, NULL, hostname,
+ service, type,
+ &cert_list[0], 0);
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ /* host was not seen before. Store the key */
+ gnutls_store_pubkey(tofu_file, NULL, hostname,
+ service, type, &cert_list[0],
+ 0, 0);
+ } else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
+ sb->vstatus |= GNUTLS_CERT_MISMATCH;
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+ } else if (ret < 0) {
+ sb->vstatus |= GNUTLS_CERT_INVALID;
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+ }
+ }
+
+ /* notify gnutls to continue handshake normally */
+ return 0;
}
/**
@@ -147,122 +146,141 @@ _verify_certificate_callback (gnutls_session_t session)
*
* Since: 3.1.7
**/
-int xssl_cred_init (xssl_cred_t *c, unsigned vflags,
- gnutls_cinput_st* aux,
- unsigned aux_size)
+int xssl_cred_init(xssl_cred_t * c, unsigned vflags,
+ gnutls_cinput_st * aux, unsigned aux_size)
{
-int ret;
-unsigned len, i;
-xssl_cred_t cred;
-
- *c = gnutls_calloc(1, sizeof(*cred));
- if (*c == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- cred = *c;
- cred->vflags = vflags;
-
- if (cred->xcred == NULL)
- {
- ret = gnutls_certificate_allocate_credentials(&cred->xcred);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- if (vflags & GNUTLS_VMETHOD_SYSTEM_CAS)
- {
- ret = gnutls_certificate_set_x509_system_trust(cred->xcred);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- for (i=0;i<aux_size;i++)
- {
- if (aux[i].contents == GNUTLS_CINPUT_KEYPAIR)
- {
- if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
- ret = gnutls_certificate_set_x509_key_file(cred->xcred, aux[i].i1.file, aux[i].i2.file, aux[i].fmt);
- else if (aux[i].type == GNUTLS_CINPUT_TYPE_MEM)
- ret = gnutls_certificate_set_x509_key_mem(cred->xcred, &aux[i].i1.mem, &aux[i].i2.mem, aux[i].fmt);
- else if (aux[i].type == GNUTLS_CINPUT_TYPE_PIN_FUNC)
- {
- ret = 0;
- gnutls_certificate_set_pin_function(cred->xcred, aux[i].i1.pin_fn,
- aux[i].i2.udata);
- }
- else ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (aux[i].contents == GNUTLS_CINPUT_CAS && (vflags & GNUTLS_VMETHOD_GIVEN_CAS))
- {
- if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
- ret = gnutls_certificate_set_x509_trust_file(cred->xcred, aux[i].i1.file, aux[i].fmt);
- else
- ret = gnutls_certificate_set_x509_trust_mem(cred->xcred, &aux[i].i1.mem, aux[i].fmt);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (aux[i].contents == GNUTLS_CINPUT_CRLS && (vflags & GNUTLS_VMETHOD_GIVEN_CAS))
- {
- if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
- ret = gnutls_certificate_set_x509_crl_file(cred->xcred, aux[i].i1.file, aux[i].fmt);
- else
- ret = gnutls_certificate_set_x509_crl_mem(cred->xcred, &aux[i].i1.mem, aux[i].fmt);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (aux[i].contents == GNUTLS_CINPUT_TOFU_DB && (vflags & GNUTLS_VMETHOD_TOFU))
- {
- if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
- {
- len = strlen(aux[i].i1.file);
- if (len >= sizeof(cred->tofu_file))
- {
- ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- goto fail1;
- }
- memcpy(cred->tofu_file, aux[i].i1.file, len+1);
- ret = 0;
- }
- else
- ret = GNUTLS_E_INVALID_REQUEST;
-
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
- }
-
- gnutls_certificate_set_verify_function (cred->xcred, _verify_certificate_callback);
-
- return 0;
-fail1:
- gnutls_certificate_free_credentials(cred->xcred);
- cred->xcred = NULL;
- gnutls_free(*c);
-
- return ret;
+ int ret;
+ unsigned len, i;
+ xssl_cred_t cred;
+
+ *c = gnutls_calloc(1, sizeof(*cred));
+ if (*c == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ cred = *c;
+ cred->vflags = vflags;
+
+ if (cred->xcred == NULL) {
+ ret =
+ gnutls_certificate_allocate_credentials(&cred->xcred);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ if (vflags & GNUTLS_VMETHOD_SYSTEM_CAS) {
+ ret =
+ gnutls_certificate_set_x509_system_trust(cred->xcred);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ for (i = 0; i < aux_size; i++) {
+ if (aux[i].contents == GNUTLS_CINPUT_KEYPAIR) {
+ if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
+ ret =
+ gnutls_certificate_set_x509_key_file
+ (cred->xcred, aux[i].i1.file,
+ aux[i].i2.file, aux[i].fmt);
+ else if (aux[i].type == GNUTLS_CINPUT_TYPE_MEM)
+ ret =
+ gnutls_certificate_set_x509_key_mem
+ (cred->xcred, &aux[i].i1.mem,
+ &aux[i].i2.mem, aux[i].fmt);
+ else if (aux[i].type ==
+ GNUTLS_CINPUT_TYPE_PIN_FUNC) {
+ ret = 0;
+ gnutls_certificate_set_pin_function(cred->
+ xcred,
+ aux[i].
+ i1.
+ pin_fn,
+ aux[i].
+ i2.
+ udata);
+ } else
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (aux[i].contents == GNUTLS_CINPUT_CAS
+ && (vflags & GNUTLS_VMETHOD_GIVEN_CAS)) {
+ if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
+ ret =
+ gnutls_certificate_set_x509_trust_file
+ (cred->xcred, aux[i].i1.file,
+ aux[i].fmt);
+ else
+ ret =
+ gnutls_certificate_set_x509_trust_mem
+ (cred->xcred, &aux[i].i1.mem,
+ aux[i].fmt);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (aux[i].contents == GNUTLS_CINPUT_CRLS
+ && (vflags & GNUTLS_VMETHOD_GIVEN_CAS)) {
+ if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
+ ret =
+ gnutls_certificate_set_x509_crl_file
+ (cred->xcred, aux[i].i1.file,
+ aux[i].fmt);
+ else
+ ret =
+ gnutls_certificate_set_x509_crl_mem
+ (cred->xcred, &aux[i].i1.mem,
+ aux[i].fmt);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (aux[i].contents == GNUTLS_CINPUT_TOFU_DB
+ && (vflags & GNUTLS_VMETHOD_TOFU)) {
+ if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE) {
+ len = strlen(aux[i].i1.file);
+ if (len >= sizeof(cred->tofu_file)) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+ goto fail1;
+ }
+ memcpy(cred->tofu_file, aux[i].i1.file,
+ len + 1);
+ ret = 0;
+ } else
+ ret = GNUTLS_E_INVALID_REQUEST;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+ }
+
+ gnutls_certificate_set_verify_function(cred->xcred,
+ _verify_certificate_callback);
+
+ return 0;
+ fail1:
+ gnutls_certificate_free_credentials(cred->xcred);
+ cred->xcred = NULL;
+ gnutls_free(*c);
+
+ return ret;
}
/**
@@ -280,22 +298,21 @@ fail1:
*
* Since: 3.1.7
**/
-int xssl_sinit (xssl_t * isb, gnutls_session_t session,
- unsigned int flags)
+int xssl_sinit(xssl_t * isb, gnutls_session_t session, unsigned int flags)
{
-struct xssl_st* sb;
-
- sb = gnutls_calloc(1, sizeof(*sb));
- if (sb == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_buffer_init(&sb->buf);
- sb->session = session;
- sb->flags = flags;
-
- *isb = sb;
-
- return 0;
+ struct xssl_st *sb;
+
+ sb = gnutls_calloc(1, sizeof(*sb));
+ if (sb == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_buffer_init(&sb->buf);
+ sb->session = session;
+ sb->flags = flags;
+
+ *isb = sb;
+
+ return 0;
}
/**
@@ -320,115 +337,113 @@ struct xssl_st* sb;
*
* Since: 3.1.7
**/
-int xssl_client_init (xssl_t * isb, const char* hostname,
- const char* service,
- gnutls_transport_ptr fd,
- const char* priority, xssl_cred_t cred,
- unsigned int *status,
- unsigned int flags)
+int xssl_client_init(xssl_t * isb, const char *hostname,
+ const char *service,
+ gnutls_transport_ptr fd,
+ const char *priority, xssl_cred_t cred,
+ unsigned int *status, unsigned int flags)
{
-struct xssl_st* sb;
-gnutls_session_t session;
-int ret;
-unsigned len;
-
- ret = gnutls_init(&session, GNUTLS_CLIENT);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- sb = gnutls_calloc(1, sizeof(*sb));
- if (sb == NULL)
- {
- gnutls_deinit(session);
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail1;
- }
- _gnutls_buffer_init(&sb->buf);
- sb->session = session;
- sb->flags = flags;
- sb->cred = cred;
-
- /* set session/handshake info
- */
- gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- if (priority == NULL) priority = "NORMAL:%COMPAT";
- ret = gnutls_priority_set_direct(session, priority, NULL);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
-
- if (cred->xcred)
- {
- ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred->xcred);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (hostname)
- {
- len = strlen(hostname);
-
- if (len >= sizeof(sb->server_name))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- memcpy(sb->server_name, hostname, len+1);
-
- ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname, len);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (service)
- {
- len = strlen(service);
-
- if (len >= sizeof(sb->service_name))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- memcpy(sb->service_name, service, len+1);
- }
-
- gnutls_transport_set_ptr (session, fd);
- gnutls_session_set_ptr( session, sb);
-
- do
- {
- ret = gnutls_handshake(session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (status) *status = sb->vstatus;
-
- if (ret < 0)
- {
- int ret2;
- do
- {
- ret2 = gnutls_alert_send_appropriate(sb->session, ret);
- }
- while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
-
- return gnutls_assert_val(ret);
-
- gnutls_assert();
- goto fail1;
- }
-
- *isb = sb;
-
- return 0;
-
-fail1:
- if (sb)
- xssl_deinit(sb);
-
- return ret;
+ struct xssl_st *sb;
+ gnutls_session_t session;
+ int ret;
+ unsigned len;
+
+ ret = gnutls_init(&session, GNUTLS_CLIENT);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ sb = gnutls_calloc(1, sizeof(*sb));
+ if (sb == NULL) {
+ gnutls_deinit(session);
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail1;
+ }
+ _gnutls_buffer_init(&sb->buf);
+ sb->session = session;
+ sb->flags = flags;
+ sb->cred = cred;
+
+ /* set session/handshake info
+ */
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ if (priority == NULL)
+ priority = "NORMAL:%COMPAT";
+ ret = gnutls_priority_set_direct(session, priority, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+
+ if (cred->xcred) {
+ ret =
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cred->xcred);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (hostname) {
+ len = strlen(hostname);
+
+ if (len >= sizeof(sb->server_name))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ memcpy(sb->server_name, hostname, len + 1);
+
+ ret =
+ gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+ hostname, len);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (service) {
+ len = strlen(service);
+
+ if (len >= sizeof(sb->service_name))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ memcpy(sb->service_name, service, len + 1);
+ }
+
+ gnutls_transport_set_ptr(session, fd);
+ gnutls_session_set_ptr(session, sb);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (status)
+ *status = sb->vstatus;
+
+ if (ret < 0) {
+ int ret2;
+ do {
+ ret2 =
+ gnutls_alert_send_appropriate(sb->session,
+ ret);
+ }
+ while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
+
+ return gnutls_assert_val(ret);
+
+ gnutls_assert();
+ goto fail1;
+ }
+
+ *isb = sb;
+
+ return 0;
+
+ fail1:
+ if (sb)
+ xssl_deinit(sb);
+
+ return ret;
}
/**
@@ -449,98 +464,100 @@ fail1:
*
* Since: 3.1.7
**/
-int xssl_server_init (xssl_t * isb,
- gnutls_transport_ptr fd,
- const char* priority, xssl_cred_t cred,
- unsigned int *status,
- unsigned int flags)
+int xssl_server_init(xssl_t * isb,
+ gnutls_transport_ptr fd,
+ const char *priority, xssl_cred_t cred,
+ unsigned int *status, unsigned int flags)
{
-struct xssl_st* sb;
-gnutls_session_t session;
-int ret;
-
- ret = gnutls_init(&session, GNUTLS_SERVER);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- sb = gnutls_calloc(1, sizeof(*sb));
- if (sb == NULL)
- {
- gnutls_deinit(session);
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail1;
- }
- _gnutls_buffer_init(&sb->buf);
- sb->session = session;
- sb->flags = flags;
- sb->cred = cred;
-
- /* set session/handshake info
- */
- gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- if (priority == NULL) priority = "NORMAL:%COMPAT";
- ret = gnutls_priority_set_direct(session, priority, NULL);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
-
- if (cred->xcred)
- {
- if (cred->xcred->ncerts == 0 && cred->xcred->get_cert_callback2 == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
- goto fail1;
- }
-
- ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred->xcred);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
-
- }
-
- if (cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS)
- gnutls_certificate_server_set_request( session, GNUTLS_CERT_REQUIRE);
-
- gnutls_transport_set_ptr( session, fd);
- gnutls_session_set_ptr( session, sb);
-
- do
- {
- ret = gnutls_handshake(session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (status) *status = sb->vstatus;
-
- if (ret < 0)
- {
- int ret2;
- do
- {
- ret2 = gnutls_alert_send_appropriate(sb->session, ret);
- }
- while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
-
- return gnutls_assert_val(ret);
-
- gnutls_assert();
- goto fail1;
- }
-
- *isb = sb;
-
- return 0;
-
-fail1:
- if (sb)
- xssl_deinit(sb);
-
- return ret;
+ struct xssl_st *sb;
+ gnutls_session_t session;
+ int ret;
+
+ ret = gnutls_init(&session, GNUTLS_SERVER);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ sb = gnutls_calloc(1, sizeof(*sb));
+ if (sb == NULL) {
+ gnutls_deinit(session);
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail1;
+ }
+ _gnutls_buffer_init(&sb->buf);
+ sb->session = session;
+ sb->flags = flags;
+ sb->cred = cred;
+
+ /* set session/handshake info
+ */
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ if (priority == NULL)
+ priority = "NORMAL:%COMPAT";
+ ret = gnutls_priority_set_direct(session, priority, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+
+ if (cred->xcred) {
+ if (cred->xcred->ncerts == 0
+ && cred->xcred->get_cert_callback2 == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+ goto fail1;
+ }
+
+ ret =
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cred->xcred);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+
+ }
+
+ if (cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS)
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUIRE);
+
+ gnutls_transport_set_ptr(session, fd);
+ gnutls_session_set_ptr(session, sb);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (status)
+ *status = sb->vstatus;
+
+ if (ret < 0) {
+ int ret2;
+ do {
+ ret2 =
+ gnutls_alert_send_appropriate(sb->session,
+ ret);
+ }
+ while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
+
+ return gnutls_assert_val(ret);
+
+ gnutls_assert();
+ goto fail1;
+ }
+
+ *isb = sb;
+
+ return 0;
+
+ fail1:
+ if (sb)
+ xssl_deinit(sb);
+
+ return ret;
}
/**
@@ -555,13 +572,12 @@ fail1:
**/
void xssl_deinit(xssl_t sb)
{
- if (sb->session)
- {
- gnutls_bye(sb->session, GNUTLS_SHUT_WR);
- gnutls_deinit(sb->session);
- }
- _gnutls_buffer_clear(&sb->buf);
- gnutls_free(sb);
+ if (sb->session) {
+ gnutls_bye(sb->session, GNUTLS_SHUT_WR);
+ gnutls_deinit(sb->session);
+ }
+ _gnutls_buffer_clear(&sb->buf);
+ gnutls_free(sb);
}
/**
@@ -582,31 +598,30 @@ void xssl_deinit(xssl_t sb)
*
* Since: 3.1.7
**/
-ssize_t xssl_write (xssl_t sb, const void *data,
- size_t data_size)
+ssize_t xssl_write(xssl_t sb, const void *data, size_t data_size)
{
-int ret;
-
- ret = _gnutls_buffer_append_data(&sb->buf, data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- while ((sb->flags & GNUTLS_SBUF_WRITE_FLUSHES) &&
- sb->buf.length >= MAX_RECORD_SEND_SIZE(sb->session))
- {
- do
- {
- ret = gnutls_record_send(sb->session, sb->buf.data, sb->buf.length);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- sb->buf.data += ret;
- sb->buf.length -= ret;
- }
-
- return data_size;
+ int ret;
+
+ ret = _gnutls_buffer_append_data(&sb->buf, data, data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ while ((sb->flags & GNUTLS_SBUF_WRITE_FLUSHES) &&
+ sb->buf.length >= MAX_RECORD_SEND_SIZE(sb->session)) {
+ do {
+ ret =
+ gnutls_record_send(sb->session, sb->buf.data,
+ sb->buf.length);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ sb->buf.data += ret;
+ sb->buf.length -= ret;
+ }
+
+ return data_size;
}
/**
@@ -624,25 +639,25 @@ int ret;
*
* Since: 3.1.7
**/
-ssize_t xssl_printf (xssl_t sb, const char *fmt, ...)
+ssize_t xssl_printf(xssl_t sb, const char *fmt, ...)
{
-int ret;
-va_list args;
-int len;
-char* str;
-
- va_start(args, fmt);
- len = vasprintf(&str, fmt, args);
- va_end(args);
-
- if (len < 0 || !str)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = xssl_write (sb, str, len);
-
- gnutls_free(str);
-
- return ret;
+ int ret;
+ va_list args;
+ int len;
+ char *str;
+
+ va_start(args, fmt);
+ len = vasprintf(&str, fmt, args);
+ va_end(args);
+
+ if (len < 0 || !str)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret = xssl_write(sb, str, len);
+
+ gnutls_free(str);
+
+ return ret;
}
/**
@@ -657,27 +672,27 @@ char* str;
*
* Since: 3.1.7
**/
-ssize_t xssl_flush (xssl_t sb)
+ssize_t xssl_flush(xssl_t sb)
{
-int ret;
-ssize_t total = 0;
-
- while(sb->buf.length > 0)
- {
- do
- {
- ret = gnutls_record_send(sb->session, sb->buf.data, sb->buf.length);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- sb->buf.data += ret;
- sb->buf.length -= ret;
- total += ret;
- }
-
- return total;
+ int ret;
+ ssize_t total = 0;
+
+ while (sb->buf.length > 0) {
+ do {
+ ret =
+ gnutls_record_send(sb->session, sb->buf.data,
+ sb->buf.length);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ sb->buf.data += ret;
+ sb->buf.length -= ret;
+ total += ret;
+ }
+
+ return total;
}
/**
@@ -694,20 +709,19 @@ ssize_t total = 0;
*
* Since: 3.1.7
**/
-ssize_t xssl_read(xssl_t sb, void* data, size_t data_size)
+ssize_t xssl_read(xssl_t sb, void *data, size_t data_size)
{
-int ret;
+ int ret;
- do
- {
- ret = gnutls_record_recv(sb->session, data, data_size);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ do {
+ ret = gnutls_record_recv(sb->session, data, data_size);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
/**
@@ -720,5 +734,5 @@ int ret;
**/
gnutls_session_t xssl_get_session(xssl_t sb)
{
- return sb->session;
+ return sb->session;
}
diff --git a/lib/xssl.h b/lib/xssl.h
index 416c36992f..aac26a9755 100644
--- a/lib/xssl.h
+++ b/lib/xssl.h
@@ -1,26 +1,26 @@
#ifndef SBUF_H
-# define SBUF_H
+#define SBUF_H
#include <gnutls_str.h>
#include <gnutls/gnutls.h>
struct xssl_cred_st {
- gnutls_certificate_credentials_t xcred;
- char tofu_file[MAX_FILENAME];
- unsigned vflags;
+ gnutls_certificate_credentials_t xcred;
+ char tofu_file[MAX_FILENAME];
+ unsigned vflags;
};
struct xssl_st {
- gnutls_session_t session;
- gnutls_buffer_st buf;
+ gnutls_session_t session;
+ gnutls_buffer_st buf;
- char server_name[MAX_SERVER_NAME_SIZE];
- char service_name[MAX_SERVER_NAME_SIZE];
+ char server_name[MAX_SERVER_NAME_SIZE];
+ char service_name[MAX_SERVER_NAME_SIZE];
- xssl_cred_t cred;
+ xssl_cred_t cred;
- unsigned int vstatus; /* the verification status reason */
- unsigned int flags;
+ unsigned int vstatus; /* the verification status reason */
+ unsigned int flags;
};
#endif
diff --git a/lib/xssl_getline.c b/lib/xssl_getline.c
index 0a9f19605c..aa5677f7fd 100644
--- a/lib/xssl_getline.c
+++ b/lib/xssl_getline.c
@@ -26,7 +26,7 @@
#include <xssl.h>
#ifndef SSIZE_MAX
-# define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2))
+#define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2))
#endif
/**
@@ -49,79 +49,77 @@
* Since: 3.1.7
**/
ssize_t
-xssl_getdelim (xssl_t sbuf, char **lineptr, size_t *n, int delimiter)
+xssl_getdelim(xssl_t sbuf, char **lineptr, size_t * n, int delimiter)
{
- ssize_t result;
- size_t cur_len = 0;
-
- if (lineptr == NULL || n == NULL || sbuf == NULL)
- {
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- }
-
- if (*lineptr == NULL || *n == 0)
- {
- char *new_lineptr;
- *n = 120;
- new_lineptr = (char *) gnutls_realloc_fast (*lineptr, *n);
- if (new_lineptr == NULL)
- {
- result = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
- }
- *lineptr = new_lineptr;
- }
-
- for (;;)
- {
- char c;
-
- result = xssl_read(sbuf, &c, 1);
- if (result < 0)
- {
- gnutls_assert();
- break;
- }
-
- /* Make enough space for len+1 (for final NUL) bytes. */
- if (cur_len + 1 >= *n)
- {
- size_t needed_max =
- SSIZE_MAX < SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX;
- size_t needed = 2 * *n + 1; /* Be generous. */
- char *new_lineptr;
-
- if (needed_max < needed)
- needed = needed_max;
- if (cur_len + 1 >= needed)
- {
- result = gnutls_assert_val(GNUTLS_E_LARGE_PACKET);
- goto fail;
- }
-
- new_lineptr = (char *) gnutls_realloc_fast (*lineptr, needed);
- if (new_lineptr == NULL)
- {
- result = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
- }
-
- *lineptr = new_lineptr;
- *n = needed;
- }
-
- (*lineptr)[cur_len] = c;
- cur_len++;
-
- if (c == delimiter)
- break;
- }
- (*lineptr)[cur_len] = '\0';
-
- if (cur_len != 0)
- result = cur_len;
-
-fail:
-
- return result;
+ ssize_t result;
+ size_t cur_len = 0;
+
+ if (lineptr == NULL || n == NULL || sbuf == NULL) {
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ if (*lineptr == NULL || *n == 0) {
+ char *new_lineptr;
+ *n = 120;
+ new_lineptr = (char *) gnutls_realloc_fast(*lineptr, *n);
+ if (new_lineptr == NULL) {
+ result = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+ }
+ *lineptr = new_lineptr;
+ }
+
+ for (;;) {
+ char c;
+
+ result = xssl_read(sbuf, &c, 1);
+ if (result < 0) {
+ gnutls_assert();
+ break;
+ }
+
+ /* Make enough space for len+1 (for final NUL) bytes. */
+ if (cur_len + 1 >= *n) {
+ size_t needed_max =
+ SSIZE_MAX <
+ SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX;
+ size_t needed = 2 * *n + 1; /* Be generous. */
+ char *new_lineptr;
+
+ if (needed_max < needed)
+ needed = needed_max;
+ if (cur_len + 1 >= needed) {
+ result =
+ gnutls_assert_val
+ (GNUTLS_E_LARGE_PACKET);
+ goto fail;
+ }
+
+ new_lineptr =
+ (char *) gnutls_realloc_fast(*lineptr, needed);
+ if (new_lineptr == NULL) {
+ result =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+ }
+
+ *lineptr = new_lineptr;
+ *n = needed;
+ }
+
+ (*lineptr)[cur_len] = c;
+ cur_len++;
+
+ if (c == delimiter)
+ break;
+ }
+ (*lineptr)[cur_len] = '\0';
+
+ if (cur_len != 0)
+ result = cur_len;
+
+ fail:
+
+ return result;
}
diff --git a/libdane/dane-params.c b/libdane/dane-params.c
index 86b4d27519..eff3548cb2 100644
--- a/libdane/dane-params.c
+++ b/libdane/dane-params.c
@@ -32,46 +32,40 @@
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
-typedef struct cert_type_entry
-{
- const char* name;
- dane_cert_type_t type;
+typedef struct cert_type_entry {
+ const char *name;
+ dane_cert_type_t type;
} cert_type_entry;
-static const cert_type_entry dane_cert_types[] =
-{
- {"X.509", DANE_CERT_X509},
- {"SubjectPublicKeyInfo", DANE_CERT_PK},
- {NULL, 0}
+static const cert_type_entry dane_cert_types[] = {
+ {"X.509", DANE_CERT_X509},
+ {"SubjectPublicKeyInfo", DANE_CERT_PK},
+ {NULL, 0}
};
-typedef struct match_type_entry
-{
- const char* name;
- dane_match_type_t type;
+typedef struct match_type_entry {
+ const char *name;
+ dane_match_type_t type;
} match_type_entry;
-static const match_type_entry dane_match_types[] =
-{
- {"Exact match", DANE_MATCH_EXACT},
- {"SHA2-256 hash", DANE_MATCH_SHA2_256},
- {"SHA2-512 hash", DANE_MATCH_SHA2_512},
- {NULL, 0}
+static const match_type_entry dane_match_types[] = {
+ {"Exact match", DANE_MATCH_EXACT},
+ {"SHA2-256 hash", DANE_MATCH_SHA2_256},
+ {"SHA2-512 hash", DANE_MATCH_SHA2_512},
+ {NULL, 0}
};
-typedef struct cert_usage_entry
-{
- const char* name;
- dane_cert_usage_t usage;
+typedef struct cert_usage_entry {
+ const char *name;
+ dane_cert_usage_t usage;
} cert_usage_entry;
-static const cert_usage_entry dane_cert_usages[] =
-{
- {"CA", DANE_CERT_USAGE_CA},
- {"End-entity", DANE_CERT_USAGE_EE},
- {"Local CA", DANE_CERT_USAGE_LOCAL_CA},
- {"Local end-entity", DANE_CERT_USAGE_LOCAL_EE},
- {NULL, 0}
+static const cert_usage_entry dane_cert_usages[] = {
+ {"CA", DANE_CERT_USAGE_CA},
+ {"End-entity", DANE_CERT_USAGE_EE},
+ {"Local CA", DANE_CERT_USAGE_LOCAL_CA},
+ {"Local end-entity", DANE_CERT_USAGE_LOCAL_EE},
+ {NULL, 0}
};
@@ -85,18 +79,17 @@ static const cert_usage_entry dane_cert_usages[] =
* Returns: a string that contains the name of the specified
* type, or %NULL.
**/
-const char* dane_cert_type_name(dane_cert_type_t type)
+const char *dane_cert_type_name(dane_cert_type_t type)
{
-const cert_type_entry* e = dane_cert_types;
-
- while(e->name != NULL)
- {
- if (e->type == type)
- return e->name;
- e++;
- }
-
- return NULL;
+ const cert_type_entry *e = dane_cert_types;
+
+ while (e->name != NULL) {
+ if (e->type == type)
+ return e->name;
+ e++;
+ }
+
+ return NULL;
}
/**
@@ -108,18 +101,17 @@ const cert_type_entry* e = dane_cert_types;
* Returns: a string that contains the name of the specified
* type, or %NULL.
**/
-const char* dane_match_type_name(dane_match_type_t type)
+const char *dane_match_type_name(dane_match_type_t type)
{
-const match_type_entry* e = dane_match_types;
-
- while(e->name != NULL)
- {
- if (e->type == type)
- return e->name;
- e++;
- }
-
- return NULL;
+ const match_type_entry *e = dane_match_types;
+
+ while (e->name != NULL) {
+ if (e->type == type)
+ return e->name;
+ e++;
+ }
+
+ return NULL;
}
/**
@@ -131,17 +123,16 @@ const match_type_entry* e = dane_match_types;
* Returns: a string that contains the name of the specified
* type, or %NULL.
**/
-const char* dane_cert_usage_name(dane_cert_usage_t usage)
+const char *dane_cert_usage_name(dane_cert_usage_t usage)
{
-const cert_usage_entry* e = dane_cert_usages;
-
- while(e->name != NULL)
- {
- if (e->usage == usage)
- return e->name;
- e++;
- }
-
- return NULL;
+ const cert_usage_entry *e = dane_cert_usages;
+
+ while (e->name != NULL) {
+ if (e->usage == usage)
+ return e->name;
+ e++;
+ }
+
+ return NULL;
}
diff --git a/libdane/dane.c b/libdane/dane.c
index b9d9ba293c..26b9a86eeb 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -41,33 +41,30 @@
#ifdef DEBUG
#define gnutls_assert() fprintf(stderr, "ASSERT: %s: %d\n", __FILE__, __LINE__);
#define gnutls_assert_val(x) gnutls_assert_val_int(x, __FILE__, __LINE__)
-static int
-gnutls_assert_val_int (int val, const char *file, int line)
+static int gnutls_assert_val_int(int val, const char *file, int line)
{
- fprintf (stderr, "ASSERT: %s: %d\n", file, line);
- return val;
+ fprintf(stderr, "ASSERT: %s: %d\n", file, line);
+ return val;
}
#else
#define gnutls_assert()
#define gnutls_assert_val(x) (x)
#endif
-struct dane_state_st
-{
- struct ub_ctx *ctx;
- unsigned int flags;
+struct dane_state_st {
+ struct ub_ctx *ctx;
+ unsigned int flags;
};
-struct dane_query_st
-{
- struct ub_result *result;
- unsigned int data_entries;
- dane_cert_usage_t usage[MAX_DATA_ENTRIES];
- dane_cert_type_t type[MAX_DATA_ENTRIES];
- dane_match_type_t match[MAX_DATA_ENTRIES];
- gnutls_datum_t data[MAX_DATA_ENTRIES];
- unsigned int flags;
- dane_query_status_t status;
+struct dane_query_st {
+ struct ub_result *result;
+ unsigned int data_entries;
+ dane_cert_usage_t usage[MAX_DATA_ENTRIES];
+ dane_cert_type_t type[MAX_DATA_ENTRIES];
+ dane_match_type_t match[MAX_DATA_ENTRIES];
+ gnutls_datum_t data[MAX_DATA_ENTRIES];
+ unsigned int flags;
+ dane_query_status_t status;
};
/**
@@ -79,10 +76,9 @@ struct dane_query_st
*
* Returns: The status type.
**/
-dane_query_status_t
-dane_query_status (dane_query_t q)
+dane_query_status_t dane_query_status(dane_query_t q)
{
- return q->status;
+ return q->status;
}
/**
@@ -93,10 +89,9 @@ dane_query_status (dane_query_t q)
*
* Returns: The number of entries.
**/
-unsigned int
-dane_query_entries (dane_query_t q)
+unsigned int dane_query_entries(dane_query_t q)
{
- return q->data_entries;
+ return q->data_entries;
}
/**
@@ -115,26 +110,26 @@ dane_query_entries (dane_query_t q)
* negative error value.
**/
int
-dane_query_data (dane_query_t q, unsigned int idx,
- unsigned int *usage, unsigned int *type,
- unsigned int *match, gnutls_datum_t * data)
+dane_query_data(dane_query_t q, unsigned int idx,
+ unsigned int *usage, unsigned int *type,
+ unsigned int *match, gnutls_datum_t * data)
{
- if (idx >= q->data_entries)
- return gnutls_assert_val (DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- if (usage)
- *usage = q->usage[idx];
- if (type)
- *type = q->type[idx];
- if (match)
- *match = q->match[idx];
- if (data)
- {
- data->data = q->data[idx].data;
- data->size = q->data[idx].size;
- }
-
- return DANE_E_SUCCESS;
+ if (idx >= q->data_entries)
+ return
+ gnutls_assert_val(DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ if (usage)
+ *usage = q->usage[idx];
+ if (type)
+ *type = q->type[idx];
+ if (match)
+ *match = q->match[idx];
+ if (data) {
+ data->data = q->data[idx].data;
+ data->size = q->data[idx].size;
+ }
+
+ return DANE_E_SUCCESS;
}
/**
@@ -147,65 +142,60 @@ dane_query_data (dane_query_t q, unsigned int idx,
* Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-dane_state_init (dane_state_t * s, unsigned int flags)
+int dane_state_init(dane_state_t * s, unsigned int flags)
{
- struct ub_ctx *ctx;
- int ret;
-
- *s = calloc (1, sizeof (struct dane_state_st));
- if (*s == NULL)
- return gnutls_assert_val (DANE_E_MEMORY_ERROR);
-
- ctx = ub_ctx_create ();
- if (!ctx)
- {
- gnutls_assert ();
- ret = DANE_E_INITIALIZATION_ERROR;
- goto cleanup;
- }
- ub_ctx_debugout (ctx, stderr);
-
- if (!(flags & DANE_F_IGNORE_LOCAL_RESOLVER))
- {
- if ((ret = ub_ctx_resolvconf (ctx, NULL)) != 0)
- {
- gnutls_assert ();
- ret = DANE_E_INITIALIZATION_ERROR;
- goto cleanup;
- }
-
- if ((ret = ub_ctx_hosts (ctx, NULL)) != 0)
- {
- gnutls_assert ();
- ret = DANE_E_INITIALIZATION_ERROR;
- goto cleanup;
- }
- }
-
- /* read public keys for DNSSEC verification */
- if (!(flags & DANE_F_IGNORE_DNSSEC))
- {
- if ((ret =
- ub_ctx_add_ta_file (ctx, (char *) UNBOUND_ROOT_KEY_FILE)) != 0)
- {
- gnutls_assert ();
- ret = DANE_E_INITIALIZATION_ERROR;
- goto cleanup;
- }
- }
-
- (*s)->ctx = ctx;
- (*s)->flags = flags;
-
- return DANE_E_SUCCESS;
-cleanup:
-
- if (ctx)
- ub_ctx_delete (ctx);
- free (*s);
-
- return ret;
+ struct ub_ctx *ctx;
+ int ret;
+
+ *s = calloc(1, sizeof(struct dane_state_st));
+ if (*s == NULL)
+ return gnutls_assert_val(DANE_E_MEMORY_ERROR);
+
+ ctx = ub_ctx_create();
+ if (!ctx) {
+ gnutls_assert();
+ ret = DANE_E_INITIALIZATION_ERROR;
+ goto cleanup;
+ }
+ ub_ctx_debugout(ctx, stderr);
+
+ if (!(flags & DANE_F_IGNORE_LOCAL_RESOLVER)) {
+ if ((ret = ub_ctx_resolvconf(ctx, NULL)) != 0) {
+ gnutls_assert();
+ ret = DANE_E_INITIALIZATION_ERROR;
+ goto cleanup;
+ }
+
+ if ((ret = ub_ctx_hosts(ctx, NULL)) != 0) {
+ gnutls_assert();
+ ret = DANE_E_INITIALIZATION_ERROR;
+ goto cleanup;
+ }
+ }
+
+ /* read public keys for DNSSEC verification */
+ if (!(flags & DANE_F_IGNORE_DNSSEC)) {
+ if ((ret =
+ ub_ctx_add_ta_file(ctx,
+ (char *) UNBOUND_ROOT_KEY_FILE)) !=
+ 0) {
+ gnutls_assert();
+ ret = DANE_E_INITIALIZATION_ERROR;
+ goto cleanup;
+ }
+ }
+
+ (*s)->ctx = ctx;
+ (*s)->flags = flags;
+
+ return DANE_E_SUCCESS;
+ cleanup:
+
+ if (ctx)
+ ub_ctx_delete(ctx);
+ free(*s);
+
+ return ret;
}
/**
@@ -215,11 +205,10 @@ cleanup:
* This function will deinitialize a DANE query structure.
*
**/
-void
-dane_state_deinit (dane_state_t s)
+void dane_state_deinit(dane_state_t s)
{
- ub_ctx_delete (s->ctx);
- free (s);
+ ub_ctx_delete(s->ctx);
+ free(s);
}
/**
@@ -231,17 +220,17 @@ dane_state_deinit (dane_state_t s)
* for DLV (DNSSEC Lookaside Validation).
*
**/
-int
-dane_state_set_dlv_file (dane_state_t s, const char *file)
+int dane_state_set_dlv_file(dane_state_t s, const char *file)
{
- int ret;
+ int ret;
- ret =
- ub_ctx_set_option (s->ctx, (char *) "dlv-anchor-file:", (void *) file);
- if (ret != 0)
- return gnutls_assert_val (DANE_E_FILE_ERROR);
+ ret =
+ ub_ctx_set_option(s->ctx, (char *) "dlv-anchor-file:",
+ (void *) file);
+ if (ret != 0)
+ return gnutls_assert_val(DANE_E_FILE_ERROR);
- return 0;
+ return 0;
}
/**
@@ -251,12 +240,11 @@ dane_state_set_dlv_file (dane_state_t s, const char *file)
* This function will deinitialize a DANE query result structure.
*
**/
-void
-dane_query_deinit (dane_query_t q)
+void dane_query_deinit(dane_query_t q)
{
- if (q->result)
- ub_resolve_free (q->result);
- free (q);
+ if (q->result)
+ ub_resolve_free(q->result);
+ free(q);
}
@@ -280,59 +268,54 @@ dane_query_deinit (dane_query_t q)
* negative error value.
**/
int
-dane_raw_tlsa (dane_state_t s, dane_query_t * r, char *const *dane_data,
- const int *dane_data_len, int secure, int bogus)
+dane_raw_tlsa(dane_state_t s, dane_query_t * r, char *const *dane_data,
+ const int *dane_data_len, int secure, int bogus)
{
- int ret = DANE_E_SUCCESS;
- unsigned int i;
-
- *r = calloc (1, sizeof (struct dane_query_st));
- if (*r == NULL)
- return gnutls_assert_val (DANE_E_MEMORY_ERROR);
-
- (*r)->data_entries = 0;
-
- for (i = 0; i < MAX_DATA_ENTRIES; i++)
- {
- if (dane_data[i] == NULL)
- break;
-
- if (dane_data_len[i] <= 3)
- return gnutls_assert_val (DANE_E_RECEIVED_CORRUPT_DATA);
-
- (*r)->usage[i] = dane_data[i][0];
- (*r)->type[i] = dane_data[i][1];
- (*r)->match[i] = dane_data[i][2];
- (*r)->data[i].data = (void *) &dane_data[i][3];
- (*r)->data[i].size = dane_data_len[i] - 3;
- (*r)->data_entries++;
- }
-
- if (!(s->flags & DANE_F_INSECURE) && !secure)
- {
- if (bogus)
- ret = gnutls_assert_val (DANE_E_INVALID_DNSSEC_SIG);
- else
- ret = gnutls_assert_val (DANE_E_NO_DNSSEC_SIG);
- }
-
- /* show security status */
- if (secure)
- {
- (*r)->status = DANE_QUERY_DNSSEC_VERIFIED;
- }
- else if (bogus)
- {
- gnutls_assert ();
- (*r)->status = DANE_QUERY_BOGUS;
- }
- else
- {
- gnutls_assert ();
- (*r)->status = DANE_QUERY_NO_DNSSEC;
- }
-
- return ret;
+ int ret = DANE_E_SUCCESS;
+ unsigned int i;
+
+ *r = calloc(1, sizeof(struct dane_query_st));
+ if (*r == NULL)
+ return gnutls_assert_val(DANE_E_MEMORY_ERROR);
+
+ (*r)->data_entries = 0;
+
+ for (i = 0; i < MAX_DATA_ENTRIES; i++) {
+ if (dane_data[i] == NULL)
+ break;
+
+ if (dane_data_len[i] <= 3)
+ return
+ gnutls_assert_val
+ (DANE_E_RECEIVED_CORRUPT_DATA);
+
+ (*r)->usage[i] = dane_data[i][0];
+ (*r)->type[i] = dane_data[i][1];
+ (*r)->match[i] = dane_data[i][2];
+ (*r)->data[i].data = (void *) &dane_data[i][3];
+ (*r)->data[i].size = dane_data_len[i] - 3;
+ (*r)->data_entries++;
+ }
+
+ if (!(s->flags & DANE_F_INSECURE) && !secure) {
+ if (bogus)
+ ret = gnutls_assert_val(DANE_E_INVALID_DNSSEC_SIG);
+ else
+ ret = gnutls_assert_val(DANE_E_NO_DNSSEC_SIG);
+ }
+
+ /* show security status */
+ if (secure) {
+ (*r)->status = DANE_QUERY_DNSSEC_VERIFIED;
+ } else if (bogus) {
+ gnutls_assert();
+ (*r)->status = DANE_QUERY_BOGUS;
+ } else {
+ gnutls_assert();
+ (*r)->status = DANE_QUERY_NO_DNSSEC;
+ }
+
+ return ret;
}
@@ -351,299 +334,269 @@ dane_raw_tlsa (dane_state_t s, dane_query_t * r, char *const *dane_data,
* negative error value.
**/
int
-dane_query_tlsa (dane_state_t s, dane_query_t * r, const char *host,
- const char *proto, unsigned int port)
+dane_query_tlsa(dane_state_t s, dane_query_t * r, const char *host,
+ const char *proto, unsigned int port)
{
- char ns[1024];
- int ret;
- struct ub_result *result;
+ char ns[1024];
+ int ret;
+ struct ub_result *result;
- snprintf (ns, sizeof (ns), "_%u._%s.%s", port, proto, host);
+ snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host);
- /* query for webserver */
- ret = ub_resolve (s->ctx, ns, 52, 1, &result);
- if (ret != 0)
- {
- return gnutls_assert_val (DANE_E_RESOLVING_ERROR);
- }
+ /* query for webserver */
+ ret = ub_resolve(s->ctx, ns, 52, 1, &result);
+ if (ret != 0) {
+ return gnutls_assert_val(DANE_E_RESOLVING_ERROR);
+ }
/* show first result */
- if (!result->havedata)
- {
- ub_resolve_free (result);
- return gnutls_assert_val (DANE_E_NO_DANE_DATA);
- }
-
- ret =
- dane_raw_tlsa (s, r, result->data, result->len, result->secure,
- result->bogus);
- if (*r == NULL)
- {
- ub_resolve_free (result);
- return ret;
- }
- (*r)->result = result;
- return ret;
+ if (!result->havedata) {
+ ub_resolve_free(result);
+ return gnutls_assert_val(DANE_E_NO_DANE_DATA);
+ }
+
+ ret =
+ dane_raw_tlsa(s, r, result->data, result->len, result->secure,
+ result->bogus);
+ if (*r == NULL) {
+ ub_resolve_free(result);
+ return ret;
+ }
+ (*r)->result = result;
+ return ret;
}
static unsigned int
-matches (const gnutls_datum_t * raw1, const gnutls_datum_t * raw2,
- dane_match_type_t match)
+matches(const gnutls_datum_t * raw1, const gnutls_datum_t * raw2,
+ dane_match_type_t match)
{
- uint8_t digest[64];
- int ret;
+ uint8_t digest[64];
+ int ret;
- if (match == DANE_MATCH_EXACT)
- {
- if (raw1->size != raw2->size)
- return gnutls_assert_val (0);
+ if (match == DANE_MATCH_EXACT) {
+ if (raw1->size != raw2->size)
+ return gnutls_assert_val(0);
- if (memcmp (raw1->data, raw2->data, raw1->size) != 0)
- return gnutls_assert_val (0);
+ if (memcmp(raw1->data, raw2->data, raw1->size) != 0)
+ return gnutls_assert_val(0);
- return 1;
- }
- else if (match == DANE_MATCH_SHA2_256)
- {
+ return 1;
+ } else if (match == DANE_MATCH_SHA2_256) {
- if (raw2->size != 32)
- return gnutls_assert_val (0);
+ if (raw2->size != 32)
+ return gnutls_assert_val(0);
- ret =
- gnutls_hash_fast (GNUTLS_DIG_SHA256, raw1->data, raw1->size, digest);
- if (ret < 0)
- return gnutls_assert_val (0);
+ ret =
+ gnutls_hash_fast(GNUTLS_DIG_SHA256, raw1->data,
+ raw1->size, digest);
+ if (ret < 0)
+ return gnutls_assert_val(0);
- if (memcmp (digest, raw2->data, 32) != 0)
- return gnutls_assert_val (0);
+ if (memcmp(digest, raw2->data, 32) != 0)
+ return gnutls_assert_val(0);
- return 1;
- }
- else if (match == DANE_MATCH_SHA2_512)
- {
- if (raw2->size != 64)
- return gnutls_assert_val (0);
+ return 1;
+ } else if (match == DANE_MATCH_SHA2_512) {
+ if (raw2->size != 64)
+ return gnutls_assert_val(0);
- ret =
- gnutls_hash_fast (GNUTLS_DIG_SHA512, raw1->data, raw1->size, digest);
- if (ret < 0)
- return gnutls_assert_val (0);
+ ret =
+ gnutls_hash_fast(GNUTLS_DIG_SHA512, raw1->data,
+ raw1->size, digest);
+ if (ret < 0)
+ return gnutls_assert_val(0);
- if (memcmp (digest, raw2->data, 64) != 0)
- return gnutls_assert_val (0);
+ if (memcmp(digest, raw2->data, 64) != 0)
+ return gnutls_assert_val(0);
- return 1;
- }
+ return 1;
+ }
- return gnutls_assert_val (0);
+ return gnutls_assert_val(0);
}
static int
-crt_to_pubkey (const gnutls_datum_t * raw_crt, gnutls_datum_t * out)
+crt_to_pubkey(const gnutls_datum_t * raw_crt, gnutls_datum_t * out)
{
- gnutls_pubkey_t pub = NULL;
- gnutls_x509_crt_t crt = NULL;
- int ret;
-
- out->data = NULL;
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- return gnutls_assert_val (DANE_E_PUBKEY_ERROR);
-
- ret = gnutls_pubkey_init (&pub);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import (crt, raw_crt, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_x509 (pub, crt, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export2 (pub, GNUTLS_X509_FMT_DER, out);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- ret = 0;
- goto clean_certs;
-
-cleanup:
- free (out->data);
- out->data = NULL;
-clean_certs:
- if (pub)
- gnutls_pubkey_deinit (pub);
- if (crt)
- gnutls_x509_crt_deinit (crt);
-
- return ret;
+ gnutls_pubkey_t pub = NULL;
+ gnutls_x509_crt_t crt = NULL;
+ int ret;
+
+ out->data = NULL;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(DANE_E_PUBKEY_ERROR);
+
+ ret = gnutls_pubkey_init(&pub);
+ if (ret < 0) {
+ gnutls_assert();
+ ret = DANE_E_PUBKEY_ERROR;
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import(crt, raw_crt, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ ret = DANE_E_PUBKEY_ERROR;
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_x509(pub, crt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ ret = DANE_E_PUBKEY_ERROR;
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_export2(pub, GNUTLS_X509_FMT_DER, out);
+ if (ret < 0) {
+ gnutls_assert();
+ ret = DANE_E_PUBKEY_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+ goto clean_certs;
+
+ cleanup:
+ free(out->data);
+ out->data = NULL;
+ clean_certs:
+ if (pub)
+ gnutls_pubkey_deinit(pub);
+ if (crt)
+ gnutls_x509_crt_deinit(crt);
+
+ return ret;
}
static int
-verify_ca (const gnutls_datum_t * raw_crt, unsigned raw_crt_size,
- gnutls_certificate_type_t crt_type,
- dane_cert_type_t ctype,
- dane_match_type_t match, gnutls_datum_t * data,
- unsigned int *verify)
+verify_ca(const gnutls_datum_t * raw_crt, unsigned raw_crt_size,
+ gnutls_certificate_type_t crt_type,
+ dane_cert_type_t ctype,
+ dane_match_type_t match, gnutls_datum_t * data,
+ unsigned int *verify)
{
- gnutls_datum_t pubkey = { NULL, 0 };
- int ret;
- unsigned int vstatus;
- gnutls_x509_crt_t crt = NULL, ca = NULL;
-
- if (raw_crt_size < 2)
- return gnutls_assert_val (DANE_E_INVALID_REQUEST);
-
- if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509)
- {
-
- if (!matches (&raw_crt[1], data, match))
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
- }
-
- }
- else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509)
- {
- ret = crt_to_pubkey (&raw_crt[1], &pubkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (!matches (&pubkey, data, match))
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
- }
- }
- else
- {
- ret = gnutls_assert_val (DANE_E_UNKNOWN_DANE_DATA);
- goto cleanup;
- }
-
- /* check if the certificate chain is actually a chain */
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_init (&ca);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import (crt, &raw_crt[0], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import (ca, &raw_crt[1], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_check_issuer (crt, ca);
- if (ret == 0)
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
- }
-
- ret = gnutls_x509_crt_verify (crt, &ca, 1, 0, &vstatus);
- if (ret < 0)
- {
- ret = gnutls_assert_val (DANE_E_CERT_ERROR);
- goto cleanup;
- }
- if (vstatus != 0)
- *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
-
- ret = 0;
-cleanup:
- free (pubkey.data);
- if (crt != NULL)
- gnutls_x509_crt_deinit (crt);
- if (ca != NULL)
- gnutls_x509_crt_deinit (ca);
- return ret;
+ gnutls_datum_t pubkey = { NULL, 0 };
+ int ret;
+ unsigned int vstatus;
+ gnutls_x509_crt_t crt = NULL, ca = NULL;
+
+ if (raw_crt_size < 2)
+ return gnutls_assert_val(DANE_E_INVALID_REQUEST);
+
+ if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509) {
+
+ if (!matches(&raw_crt[1], data, match)) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
+ }
+
+ } else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509) {
+ ret = crt_to_pubkey(&raw_crt[1], &pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (!matches(&pubkey, data, match)) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
+ }
+ } else {
+ ret = gnutls_assert_val(DANE_E_UNKNOWN_DANE_DATA);
+ goto cleanup;
+ }
+
+ /* check if the certificate chain is actually a chain */
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_init(&ca);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_import(crt, &raw_crt[0], GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import(ca, &raw_crt[1], GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_check_issuer(crt, ca);
+ if (ret == 0) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
+ }
+
+ ret = gnutls_x509_crt_verify(crt, &ca, 1, 0, &vstatus);
+ if (ret < 0) {
+ ret = gnutls_assert_val(DANE_E_CERT_ERROR);
+ goto cleanup;
+ }
+ if (vstatus != 0)
+ *verify |= DANE_VERIFY_CA_CONSTRAINTS_VIOLATED;
+
+ ret = 0;
+ cleanup:
+ free(pubkey.data);
+ if (crt != NULL)
+ gnutls_x509_crt_deinit(crt);
+ if (ca != NULL)
+ gnutls_x509_crt_deinit(ca);
+ return ret;
}
static int
-verify_ee (const gnutls_datum_t * raw_crt, gnutls_certificate_type_t crt_type,
- dane_cert_type_t ctype, dane_match_type_t match,
- gnutls_datum_t * data, unsigned int *verify)
+verify_ee(const gnutls_datum_t * raw_crt,
+ gnutls_certificate_type_t crt_type, dane_cert_type_t ctype,
+ dane_match_type_t match, gnutls_datum_t * data,
+ unsigned int *verify)
{
- gnutls_datum_t pubkey = { NULL, 0 };
- int ret;
-
- if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509)
- {
-
- if (!matches (raw_crt, data, match))
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CERT_DIFFERS;
- }
-
- }
- else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509)
- {
-
- ret = crt_to_pubkey (raw_crt, &pubkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (!matches (&pubkey, data, match))
- {
- gnutls_assert ();
- *verify |= DANE_VERIFY_CERT_DIFFERS;
- }
- }
- else
- {
- ret = gnutls_assert_val (DANE_E_UNKNOWN_DANE_DATA);
- goto cleanup;
- }
-
- ret = 0;
-cleanup:
- free (pubkey.data);
- return ret;
+ gnutls_datum_t pubkey = { NULL, 0 };
+ int ret;
+
+ if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509) {
+
+ if (!matches(raw_crt, data, match)) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CERT_DIFFERS;
+ }
+
+ } else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509) {
+
+ ret = crt_to_pubkey(raw_crt, &pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (!matches(&pubkey, data, match)) {
+ gnutls_assert();
+ *verify |= DANE_VERIFY_CERT_DIFFERS;
+ }
+ } else {
+ ret = gnutls_assert_val(DANE_E_UNKNOWN_DANE_DATA);
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ free(pubkey.data);
+ return ret;
}
/**
@@ -678,71 +631,69 @@ cleanup:
*
**/
int
-dane_verify_crt_raw (dane_state_t s,
- const gnutls_datum_t * chain, unsigned chain_size,
- gnutls_certificate_type_t chain_type,
- dane_query_t r,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify)
+dane_verify_crt_raw(dane_state_t s,
+ const gnutls_datum_t * chain, unsigned chain_size,
+ gnutls_certificate_type_t chain_type,
+ dane_query_t r,
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify)
{
- int ret;
- unsigned checked = 0;
- unsigned int usage, type, match, idx;
- gnutls_datum_t data;
-
- if (chain_type != GNUTLS_CRT_X509)
- return gnutls_assert_val (DANE_E_INVALID_REQUEST);
-
- *verify = 0;
- idx = 0;
- do
- {
- ret = dane_query_data (r, idx++, &usage, &type, &match, &data);
- if (ret == DANE_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (!(vflags & DANE_VFLAG_ONLY_CHECK_EE_USAGE)
- && (usage == DANE_CERT_USAGE_LOCAL_CA
- || usage == DANE_CERT_USAGE_CA))
- {
- ret =
- verify_ca (chain, chain_size, chain_type, type, match, &data,
- verify);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- checked = 1;
- }
- else if (!(vflags & DANE_VFLAG_ONLY_CHECK_CA_USAGE)
- && (usage == DANE_CERT_USAGE_LOCAL_EE
- || usage == DANE_CERT_USAGE_EE))
- {
- ret = verify_ee (&chain[0], chain_type, type, match, &data, verify);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- checked = 1;
- }
- }
- while (1);
-
- if ((vflags & DANE_VFLAG_FAIL_IF_NOT_CHECKED) && checked == 0)
- ret = gnutls_assert_val (DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
- else
- ret = 0;
-
-cleanup:
- return ret;
+ int ret;
+ unsigned checked = 0;
+ unsigned int usage, type, match, idx;
+ gnutls_datum_t data;
+
+ if (chain_type != GNUTLS_CRT_X509)
+ return gnutls_assert_val(DANE_E_INVALID_REQUEST);
+
+ *verify = 0;
+ idx = 0;
+ do {
+ ret =
+ dane_query_data(r, idx++, &usage, &type, &match,
+ &data);
+ if (ret == DANE_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (!(vflags & DANE_VFLAG_ONLY_CHECK_EE_USAGE)
+ && (usage == DANE_CERT_USAGE_LOCAL_CA
+ || usage == DANE_CERT_USAGE_CA)) {
+ ret =
+ verify_ca(chain, chain_size, chain_type, type,
+ match, &data, verify);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ checked = 1;
+ } else if (!(vflags & DANE_VFLAG_ONLY_CHECK_CA_USAGE)
+ && (usage == DANE_CERT_USAGE_LOCAL_EE
+ || usage == DANE_CERT_USAGE_EE)) {
+ ret =
+ verify_ee(&chain[0], chain_type, type, match,
+ &data, verify);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ checked = 1;
+ }
+ }
+ while (1);
+
+ if ((vflags & DANE_VFLAG_FAIL_IF_NOT_CHECKED) && checked == 0)
+ ret =
+ gnutls_assert_val(DANE_E_REQUESTED_DATA_NOT_AVAILABLE);
+ else
+ ret = 0;
+
+ cleanup:
+ return ret;
}
@@ -780,44 +731,40 @@ cleanup:
*
**/
int
-dane_verify_crt (dane_state_t s,
- const gnutls_datum_t * chain, unsigned chain_size,
- gnutls_certificate_type_t chain_type,
- const char *hostname, const char *proto, unsigned int port,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify)
+dane_verify_crt(dane_state_t s,
+ const gnutls_datum_t * chain, unsigned chain_size,
+ gnutls_certificate_type_t chain_type,
+ const char *hostname, const char *proto, unsigned int port,
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify)
{
- dane_state_t _s = NULL;
- dane_query_t r = NULL;
- int ret;
-
- *verify = 0;
- if (s == NULL)
- {
- ret = dane_state_init (&_s, sflags);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- else
- _s = s;
-
- ret = dane_query_tlsa (_s, &r, hostname, proto, port);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- ret = dane_verify_crt_raw (s, chain, chain_size, chain_type,
- r, sflags, vflags, verify);
-cleanup:
- if (s == NULL)
- dane_state_deinit (_s);
- if (r != NULL)
- dane_query_deinit (r);
- return ret;
+ dane_state_t _s = NULL;
+ dane_query_t r = NULL;
+ int ret;
+
+ *verify = 0;
+ if (s == NULL) {
+ ret = dane_state_init(&_s, sflags);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ } else
+ _s = s;
+
+ ret = dane_query_tlsa(_s, &r, hostname, proto, port);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ ret = dane_verify_crt_raw(s, chain, chain_size, chain_type,
+ r, sflags, vflags, verify);
+ cleanup:
+ if (s == NULL)
+ dane_state_deinit(_s);
+ if (r != NULL)
+ dane_query_deinit(r);
+ return ret;
}
/**
@@ -840,26 +787,26 @@ cleanup:
*
**/
int
-dane_verify_session_crt (dane_state_t s,
- gnutls_session_t session,
- const char *hostname, const char *proto,
- unsigned int port, unsigned int sflags,
- unsigned int vflags, unsigned int *verify)
+dane_verify_session_crt(dane_state_t s,
+ gnutls_session_t session,
+ const char *hostname, const char *proto,
+ unsigned int port, unsigned int sflags,
+ unsigned int vflags, unsigned int *verify)
{
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- unsigned int type;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ unsigned int type;
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size == 0)
- {
- return gnutls_assert_val (DANE_E_NO_CERT);
- }
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list_size == 0) {
+ return gnutls_assert_val(DANE_E_NO_CERT);
+ }
- type = gnutls_certificate_type_get (session);
+ type = gnutls_certificate_type_get(session);
- return dane_verify_crt (s, cert_list, cert_list_size, type, hostname, proto,
- port, sflags, vflags, verify);
+ return dane_verify_crt(s, cert_list, cert_list_size, type,
+ hostname, proto, port, sflags, vflags,
+ verify);
}
/**
@@ -878,31 +825,38 @@ dane_verify_session_crt (dane_state_t s,
* negative error value.
**/
int
-dane_verification_status_print (unsigned int status,
- gnutls_datum_t * out, unsigned int flags)
+dane_verification_status_print(unsigned int status,
+ gnutls_datum_t * out, unsigned int flags)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- if (status == 0)
- _gnutls_buffer_append_str (&str, _("Certificate matches. "));
- else
- _gnutls_buffer_append_str (&str, _("Verification failed. "));
+ if (status == 0)
+ _gnutls_buffer_append_str(&str,
+ _("Certificate matches. "));
+ else
+ _gnutls_buffer_append_str(&str,
+ _("Verification failed. "));
- if (status & DANE_VERIFY_CA_CONSTRAINTS_VIOLATED)
- _gnutls_buffer_append_str (&str, _("CA constrains were violated. "));
+ if (status & DANE_VERIFY_CA_CONSTRAINTS_VIOLATED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("CA constrains were violated. "));
- if (status & DANE_VERIFY_CERT_DIFFERS)
- _gnutls_buffer_append_str (&str, _("The certificate differs. "));
+ if (status & DANE_VERIFY_CERT_DIFFERS)
+ _gnutls_buffer_append_str(&str,
+ _("The certificate differs. "));
- if (status & DANE_VERIFY_NO_DANE_INFO)
- _gnutls_buffer_append_str (&str, _("There were no DANE information. "));
+ if (status & DANE_VERIFY_NO_DANE_INFO)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("There were no DANE information. "));
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
+ return ret;
}
diff --git a/libdane/errors.c b/libdane/errors.c
index 2e345ad20f..84be88499e 100644
--- a/libdane/errors.c
+++ b/libdane/errors.c
@@ -31,45 +31,44 @@
#define ERROR_ENTRY(desc, name) \
{ desc, #name, name}
-struct error_entry
-{
- const char *desc;
- const char *_name;
- int number;
+struct error_entry {
+ const char *desc;
+ const char *_name;
+ int number;
};
typedef struct error_entry error_entry;
static const error_entry error_algorithms[] = {
- ERROR_ENTRY (N_("Success."), DANE_E_SUCCESS),
- ERROR_ENTRY (N_("There was error initializing the DNS query."),
- DANE_E_INITIALIZATION_ERROR),
- ERROR_ENTRY (N_("There was an error while resolving."),
- DANE_E_RESOLVING_ERROR),
- ERROR_ENTRY (N_("No DANE data were found."),
- DANE_E_NO_DANE_DATA),
- ERROR_ENTRY (N_("Unknown DANE data were found."),
- DANE_E_UNKNOWN_DANE_DATA),
- ERROR_ENTRY (N_("No DNSSEC signature was found."),
- DANE_E_NO_DNSSEC_SIG),
- ERROR_ENTRY (N_("Received corrupt data."),
- DANE_E_RECEIVED_CORRUPT_DATA),
- ERROR_ENTRY (N_("The DNSSEC signature is invalid."),
- DANE_E_INVALID_DNSSEC_SIG),
- ERROR_ENTRY (N_("There was a memory error."),
- DANE_E_MEMORY_ERROR),
- ERROR_ENTRY (N_("There requested data are not available."),
- DANE_E_REQUESTED_DATA_NOT_AVAILABLE),
- ERROR_ENTRY (N_("There request is invalid."),
- DANE_E_INVALID_REQUEST),
- ERROR_ENTRY (N_("There was an error in the certificate."),
- DANE_E_CERT_ERROR),
- ERROR_ENTRY (N_("There was an error in the public key."),
- DANE_E_PUBKEY_ERROR),
- ERROR_ENTRY (N_("No certificate was found."),
- DANE_E_NO_CERT),
- ERROR_ENTRY (N_("Error in file."),
- DANE_E_FILE_ERROR),
- {NULL, NULL, 0}
+ ERROR_ENTRY(N_("Success."), DANE_E_SUCCESS),
+ ERROR_ENTRY(N_("There was error initializing the DNS query."),
+ DANE_E_INITIALIZATION_ERROR),
+ ERROR_ENTRY(N_("There was an error while resolving."),
+ DANE_E_RESOLVING_ERROR),
+ ERROR_ENTRY(N_("No DANE data were found."),
+ DANE_E_NO_DANE_DATA),
+ ERROR_ENTRY(N_("Unknown DANE data were found."),
+ DANE_E_UNKNOWN_DANE_DATA),
+ ERROR_ENTRY(N_("No DNSSEC signature was found."),
+ DANE_E_NO_DNSSEC_SIG),
+ ERROR_ENTRY(N_("Received corrupt data."),
+ DANE_E_RECEIVED_CORRUPT_DATA),
+ ERROR_ENTRY(N_("The DNSSEC signature is invalid."),
+ DANE_E_INVALID_DNSSEC_SIG),
+ ERROR_ENTRY(N_("There was a memory error."),
+ DANE_E_MEMORY_ERROR),
+ ERROR_ENTRY(N_("There requested data are not available."),
+ DANE_E_REQUESTED_DATA_NOT_AVAILABLE),
+ ERROR_ENTRY(N_("There request is invalid."),
+ DANE_E_INVALID_REQUEST),
+ ERROR_ENTRY(N_("There was an error in the certificate."),
+ DANE_E_CERT_ERROR),
+ ERROR_ENTRY(N_("There was an error in the public key."),
+ DANE_E_PUBKEY_ERROR),
+ ERROR_ENTRY(N_("No certificate was found."),
+ DANE_E_NO_CERT),
+ ERROR_ENTRY(N_("Error in file."),
+ DANE_E_FILE_ERROR),
+ {NULL, NULL, 0}
};
/**
@@ -84,24 +83,21 @@ static const error_entry error_algorithms[] = {
*
* Returns: A string explaining the DANE error message.
**/
-const char *
-dane_strerror (int error)
+const char *dane_strerror(int error)
{
- const char *ret = NULL;
- const error_entry *p;
+ const char *ret = NULL;
+ const error_entry *p;
- for (p = error_algorithms; p->desc != NULL; p++)
- {
- if (p->number == error)
- {
- ret = p->desc;
- break;
- }
- }
+ for (p = error_algorithms; p->desc != NULL; p++) {
+ if (p->number == error) {
+ ret = p->desc;
+ break;
+ }
+ }
- /* avoid prefix */
- if (ret == NULL)
- return _("(unknown error code)");
+ /* avoid prefix */
+ if (ret == NULL)
+ return _("(unknown error code)");
- return _(ret);
+ return _(ret);
}
diff --git a/libdane/includes/gnutls/dane.h b/libdane/includes/gnutls/dane.h
index 3ce56fb808..9fd807793e 100644
--- a/libdane/includes/gnutls/dane.h
+++ b/libdane/includes/gnutls/dane.h
@@ -21,7 +21,7 @@
*/
-#include <gnutls/gnutls.h> /* for gnutls_datum_t */
+#include <gnutls/gnutls.h> /* for gnutls_datum_t */
/**
* dane_cert_usage_t:
@@ -36,12 +36,11 @@
*
* Enumeration of different certificate usage types.
*/
-typedef enum dane_cert_usage_t
-{
- DANE_CERT_USAGE_CA = 0,
- DANE_CERT_USAGE_EE = 1,
- DANE_CERT_USAGE_LOCAL_CA = 2,
- DANE_CERT_USAGE_LOCAL_EE = 3
+typedef enum dane_cert_usage_t {
+ DANE_CERT_USAGE_CA = 0,
+ DANE_CERT_USAGE_EE = 1,
+ DANE_CERT_USAGE_LOCAL_CA = 2,
+ DANE_CERT_USAGE_LOCAL_EE = 3
} dane_cert_usage_t;
/**
@@ -51,10 +50,9 @@ typedef enum dane_cert_usage_t
*
* Enumeration of different certificate types.
*/
-typedef enum dane_cert_type_t
-{
- DANE_CERT_X509 = 0,
- DANE_CERT_PK = 1
+typedef enum dane_cert_type_t {
+ DANE_CERT_X509 = 0,
+ DANE_CERT_PK = 1
} dane_cert_type_t;
/**
@@ -65,11 +63,10 @@ typedef enum dane_cert_type_t
*
* Enumeration of different content matching types.
*/
-typedef enum dane_match_type_t
-{
- DANE_MATCH_EXACT = 0,
- DANE_MATCH_SHA2_256 = 1,
- DANE_MATCH_SHA2_512 = 2
+typedef enum dane_match_type_t {
+ DANE_MATCH_EXACT = 0,
+ DANE_MATCH_SHA2_256 = 1,
+ DANE_MATCH_SHA2_512 = 2
} dane_match_type_t;
/**
@@ -81,12 +78,11 @@ typedef enum dane_match_type_t
*
* Enumeration of different certificate types.
*/
-typedef enum dane_query_status_t
-{
- DANE_QUERY_UNKNOWN = 0,
- DANE_QUERY_DNSSEC_VERIFIED,
- DANE_QUERY_BOGUS,
- DANE_QUERY_NO_DNSSEC
+typedef enum dane_query_status_t {
+ DANE_QUERY_UNKNOWN = 0,
+ DANE_QUERY_DNSSEC_VERIFIED,
+ DANE_QUERY_BOGUS,
+ DANE_QUERY_NO_DNSSEC
} dane_query_status_t;
typedef struct dane_state_st *dane_state_t;
@@ -100,32 +96,33 @@ typedef struct dane_query_st *dane_query_t;
*
* Enumeration of different verification flags.
*/
-typedef enum dane_state_flags_t
-{
- DANE_F_IGNORE_LOCAL_RESOLVER = 1,
- DANE_F_INSECURE=2,
- DANE_F_IGNORE_DNSSEC=4
+typedef enum dane_state_flags_t {
+ DANE_F_IGNORE_LOCAL_RESOLVER = 1,
+ DANE_F_INSECURE = 2,
+ DANE_F_IGNORE_DNSSEC = 4
} dane_state_flags_t;
-int dane_state_init (dane_state_t* s, unsigned int flags);
-int dane_state_set_dlv_file(dane_state_t s, const char* file);
-void dane_state_deinit (dane_state_t s);
+int dane_state_init(dane_state_t * s, unsigned int flags);
+int dane_state_set_dlv_file(dane_state_t s, const char *file);
+void dane_state_deinit(dane_state_t s);
-int dane_raw_tlsa(dane_state_t s, dane_query_t *r, char *const*dane_data, const int *dane_data_len, int secure, int bogus);
+int dane_raw_tlsa(dane_state_t s, dane_query_t * r, char *const *dane_data,
+ const int *dane_data_len, int secure, int bogus);
-int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const char* proto, unsigned int port);
+int dane_query_tlsa(dane_state_t s, dane_query_t * r, const char *host,
+ const char *proto, unsigned int port);
dane_query_status_t dane_query_status(dane_query_t q);
unsigned int dane_query_entries(dane_query_t q);
int dane_query_data(dane_query_t q, unsigned int idx,
- unsigned int *usage, unsigned int *type,
- unsigned int *match, gnutls_datum_t * data);
+ unsigned int *usage, unsigned int *type,
+ unsigned int *match, gnutls_datum_t * data);
void dane_query_deinit(dane_query_t q);
-const char* dane_cert_type_name(dane_cert_type_t type);
-const char* dane_match_type_name(dane_match_type_t type);
-const char* dane_cert_usage_name(dane_cert_usage_t usage);
+const char *dane_cert_type_name(dane_cert_type_t type);
+const char *dane_match_type_name(dane_match_type_t type);
+const char *dane_cert_usage_name(dane_cert_usage_t usage);
/**
* dane_verify_flags_t:
@@ -135,11 +132,10 @@ const char* dane_cert_usage_name(dane_cert_usage_t usage);
*
* Enumeration of different verification status flags.
*/
-typedef enum dane_verify_flags_t
-{
- DANE_VFLAG_FAIL_IF_NOT_CHECKED = 1,
- DANE_VFLAG_ONLY_CHECK_EE_USAGE = 1<<1,
- DANE_VFLAG_ONLY_CHECK_CA_USAGE = 1<<2,
+typedef enum dane_verify_flags_t {
+ DANE_VFLAG_FAIL_IF_NOT_CHECKED = 1,
+ DANE_VFLAG_ONLY_CHECK_EE_USAGE = 1 << 1,
+ DANE_VFLAG_ONLY_CHECK_CA_USAGE = 1 << 2,
} dane_verify_flags_t;
/**
@@ -150,41 +146,39 @@ typedef enum dane_verify_flags_t
*
* Enumeration of different verification status flags.
*/
-typedef enum dane_verify_status_t
-{
- DANE_VERIFY_CA_CONSTRAINTS_VIOLATED = 1,
- DANE_VERIFY_CERT_DIFFERS = 1<<1,
- DANE_VERIFY_NO_DANE_INFO = 1<<2,
+typedef enum dane_verify_status_t {
+ DANE_VERIFY_CA_CONSTRAINTS_VIOLATED = 1,
+ DANE_VERIFY_CERT_DIFFERS = 1 << 1,
+ DANE_VERIFY_NO_DANE_INFO = 1 << 2,
} dane_verify_status_t;
#define DANE_VERIFY_CA_CONSTRAINS_VIOLATED DANE_VERIFY_CA_CONSTRAINTS_VIOLATED
int
-dane_verification_status_print (unsigned int status,
- gnutls_datum_t * out, unsigned int flags);
-
-int dane_verify_crt_raw (dane_state_t s,
- const gnutls_datum_t *chain, unsigned chain_size,
- gnutls_certificate_type_t chain_type,
- dane_query_t r,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify);
-
-int dane_verify_crt (dane_state_t s,
- const gnutls_datum_t *chain, unsigned chain_size,
- gnutls_certificate_type_t chain_type,
- const char * hostname, const char* proto, unsigned int port,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify);
-
-int dane_verify_session_crt (
- dane_state_t s,
- gnutls_session_t session,
- const char * hostname, const char* proto, unsigned int port,
- unsigned int sflags, unsigned int vflags,
- unsigned int *verify);
-
-const char * dane_strerror (int error);
+dane_verification_status_print(unsigned int status,
+ gnutls_datum_t * out, unsigned int flags);
+
+int dane_verify_crt_raw(dane_state_t s,
+ const gnutls_datum_t * chain, unsigned chain_size,
+ gnutls_certificate_type_t chain_type,
+ dane_query_t r,
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify);
+
+int dane_verify_crt(dane_state_t s,
+ const gnutls_datum_t * chain, unsigned chain_size,
+ gnutls_certificate_type_t chain_type,
+ const char *hostname, const char *proto,
+ unsigned int port, unsigned int sflags,
+ unsigned int vflags, unsigned int *verify);
+
+int dane_verify_session_crt(dane_state_t s,
+ gnutls_session_t session,
+ const char *hostname, const char *proto,
+ unsigned int port, unsigned int sflags,
+ unsigned int vflags, unsigned int *verify);
+
+const char *dane_strerror(int error);
#define DANE_E_SUCCESS 0
#define DANE_E_INITIALIZATION_ERROR -1
@@ -201,4 +195,3 @@ const char * dane_strerror (int error);
#define DANE_E_FILE_ERROR -12
#define DANE_E_CERT_ERROR -13
#define DANE_E_UNKNOWN_DANE_DATA -14
-
diff --git a/src/benchmark-cipher.c b/src/benchmark-cipher.c
index 95e6806230..6f4983bb8b 100644
--- a/src/benchmark-cipher.c
+++ b/src/benchmark-cipher.c
@@ -33,201 +33,193 @@
static unsigned char data[64 * 1024];
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-static void
-cipher_mac_bench (int algo, int mac_algo, int size)
+static void cipher_mac_bench(int algo, int mac_algo, int size)
{
- int ret;
- gnutls_cipher_hd_t ctx;
- gnutls_hmac_hd_t mac_ctx;
- void *_key, *_iv;
- gnutls_datum_t key, iv;
- int ivsize = gnutls_cipher_get_iv_size(algo);
- int keysize = gnutls_cipher_get_key_size (algo);
- int step = size*1024;
- struct benchmark_st st;
-
- _key = malloc (keysize);
- if (_key == NULL)
- return;
- memset (_key, 0xf0, keysize);
-
- _iv = malloc (ivsize);
- if (_iv == NULL)
- return;
- memset (_iv, 0xf0, ivsize);
-
- iv.data = _iv;
- iv.size = ivsize;
-
- key.data = _key;
- key.size = keysize;
-
- printf ("%16s-%s ", gnutls_cipher_get_name (algo),
- gnutls_mac_get_name(mac_algo));
- fflush (stdout);
-
- start_benchmark(&st);
-
- ret = gnutls_hmac_init(&mac_ctx, mac_algo, key.data, key.size);
- if (ret < 0)
- {
- fprintf (stderr, "error: %s\n", gnutls_strerror (ret));
- goto leave;
- }
-
- ret = gnutls_cipher_init (&ctx, algo, &key, &iv);
- if (ret < 0)
- {
- fprintf (stderr, "error: %s\n", gnutls_strerror (ret));
- goto leave;
- }
-
- gnutls_hmac(mac_ctx, data, 1024);
-
- do
- {
- gnutls_hmac(mac_ctx, data, step);
- gnutls_cipher_encrypt2 (ctx, data, step, data, step+64);
- st.size += step;
- }
- while (benchmark_must_finish == 0);
-
- gnutls_cipher_deinit (ctx);
- gnutls_hmac_deinit(mac_ctx, NULL);
-
- stop_benchmark (&st, NULL, 1);
-
-leave:
- free (_key);
- free (_iv);
+ int ret;
+ gnutls_cipher_hd_t ctx;
+ gnutls_hmac_hd_t mac_ctx;
+ void *_key, *_iv;
+ gnutls_datum_t key, iv;
+ int ivsize = gnutls_cipher_get_iv_size(algo);
+ int keysize = gnutls_cipher_get_key_size(algo);
+ int step = size * 1024;
+ struct benchmark_st st;
+
+ _key = malloc(keysize);
+ if (_key == NULL)
+ return;
+ memset(_key, 0xf0, keysize);
+
+ _iv = malloc(ivsize);
+ if (_iv == NULL)
+ return;
+ memset(_iv, 0xf0, ivsize);
+
+ iv.data = _iv;
+ iv.size = ivsize;
+
+ key.data = _key;
+ key.size = keysize;
+
+ printf("%16s-%s ", gnutls_cipher_get_name(algo),
+ gnutls_mac_get_name(mac_algo));
+ fflush(stdout);
+
+ start_benchmark(&st);
+
+ ret = gnutls_hmac_init(&mac_ctx, mac_algo, key.data, key.size);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ goto leave;
+ }
+
+ ret = gnutls_cipher_init(&ctx, algo, &key, &iv);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ goto leave;
+ }
+
+ gnutls_hmac(mac_ctx, data, 1024);
+
+ do {
+ gnutls_hmac(mac_ctx, data, step);
+ gnutls_cipher_encrypt2(ctx, data, step, data, step + 64);
+ st.size += step;
+ }
+ while (benchmark_must_finish == 0);
+
+ gnutls_cipher_deinit(ctx);
+ gnutls_hmac_deinit(mac_ctx, NULL);
+
+ stop_benchmark(&st, NULL, 1);
+
+ leave:
+ free(_key);
+ free(_iv);
}
-static void
-cipher_bench (int algo, int size, int aead)
+static void cipher_bench(int algo, int size, int aead)
{
- int ret;
- gnutls_cipher_hd_t ctx;
- void *_key, *_iv;
- gnutls_datum_t key, iv;
- int ivsize = gnutls_cipher_get_iv_size(algo);
- int keysize = gnutls_cipher_get_key_size (algo);
- int step = size*1024;
- struct benchmark_st st;
-
- _key = malloc (keysize);
- if (_key == NULL)
- return;
- memset (_key, 0xf0, keysize);
-
- _iv = malloc (ivsize);
- if (_iv == NULL)
- return;
- memset (_iv, 0xf0, ivsize);
-
- iv.data = _iv;
- if (aead) iv.size = 12;
- else iv.size = ivsize;
-
- key.data = _key;
- key.size = keysize;
-
- printf ("%16s ", gnutls_cipher_get_name (algo));
- fflush (stdout);
-
- start_benchmark(&st);
-
- ret = gnutls_cipher_init (&ctx, algo, &key, &iv);
- if (ret < 0)
- {
- fprintf (stderr, "error: %s\n", gnutls_strerror (ret));
- goto leave;
- }
-
- if (aead)
- gnutls_cipher_add_auth (ctx, data, 1024);
-
- do
- {
- gnutls_cipher_encrypt2 (ctx, data, step, data, step+64);
- st.size += step;
- }
- while (benchmark_must_finish == 0);
-
- gnutls_cipher_deinit (ctx);
-
- stop_benchmark(&st, NULL, 1);
-
-leave:
- free (_key);
- free (_iv);
+ int ret;
+ gnutls_cipher_hd_t ctx;
+ void *_key, *_iv;
+ gnutls_datum_t key, iv;
+ int ivsize = gnutls_cipher_get_iv_size(algo);
+ int keysize = gnutls_cipher_get_key_size(algo);
+ int step = size * 1024;
+ struct benchmark_st st;
+
+ _key = malloc(keysize);
+ if (_key == NULL)
+ return;
+ memset(_key, 0xf0, keysize);
+
+ _iv = malloc(ivsize);
+ if (_iv == NULL)
+ return;
+ memset(_iv, 0xf0, ivsize);
+
+ iv.data = _iv;
+ if (aead)
+ iv.size = 12;
+ else
+ iv.size = ivsize;
+
+ key.data = _key;
+ key.size = keysize;
+
+ printf("%16s ", gnutls_cipher_get_name(algo));
+ fflush(stdout);
+
+ start_benchmark(&st);
+
+ ret = gnutls_cipher_init(&ctx, algo, &key, &iv);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ goto leave;
+ }
+
+ if (aead)
+ gnutls_cipher_add_auth(ctx, data, 1024);
+
+ do {
+ gnutls_cipher_encrypt2(ctx, data, step, data, step + 64);
+ st.size += step;
+ }
+ while (benchmark_must_finish == 0);
+
+ gnutls_cipher_deinit(ctx);
+
+ stop_benchmark(&st, NULL, 1);
+
+ leave:
+ free(_key);
+ free(_iv);
}
-static void
-mac_bench (int algo, int size)
+static void mac_bench(int algo, int size)
{
- void *_key;
- int blocksize = gnutls_hmac_get_len (algo);
- int step = size*1024;
- struct benchmark_st st;
-
- _key = malloc (blocksize);
- if (_key == NULL)
- return;
- memset (_key, 0xf0, blocksize);
-
- printf ("%16s ", gnutls_mac_get_name (algo));
- fflush (stdout);
-
- start_benchmark(&st);
-
- do
- {
- gnutls_hmac_fast (algo, _key, blocksize, data, step, _key);
- st.size += step;
- }
- while (benchmark_must_finish == 0);
-
- stop_benchmark(&st, NULL, 1);
-
- free (_key);
+ void *_key;
+ int blocksize = gnutls_hmac_get_len(algo);
+ int step = size * 1024;
+ struct benchmark_st st;
+
+ _key = malloc(blocksize);
+ if (_key == NULL)
+ return;
+ memset(_key, 0xf0, blocksize);
+
+ printf("%16s ", gnutls_mac_get_name(algo));
+ fflush(stdout);
+
+ start_benchmark(&st);
+
+ do {
+ gnutls_hmac_fast(algo, _key, blocksize, data, step, _key);
+ st.size += step;
+ }
+ while (benchmark_must_finish == 0);
+
+ stop_benchmark(&st, NULL, 1);
+
+ free(_key);
}
-void benchmark_cipher (int init, int debug_level)
+void benchmark_cipher(int init, int debug_level)
{
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (debug_level);
- int size = 16;
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(debug_level);
+ int size = 16;
- if (init)
- {
- gnutls_global_init ();
- gnutls_rnd( GNUTLS_RND_NONCE, data, sizeof(data));
- }
+ if (init) {
+ gnutls_global_init();
+ gnutls_rnd(GNUTLS_RND_NONCE, data, sizeof(data));
+ }
- printf("Checking ciphers, payload size: %u\n", size*1024);
- cipher_mac_bench ( GNUTLS_CIPHER_SALSA20_256, GNUTLS_MAC_SHA1, size);
- cipher_mac_bench ( GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, size);
- cipher_mac_bench ( GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256, size);
- cipher_bench ( GNUTLS_CIPHER_AES_128_GCM, size, 1);
+ printf("Checking ciphers, payload size: %u\n", size * 1024);
+ cipher_mac_bench(GNUTLS_CIPHER_SALSA20_256, GNUTLS_MAC_SHA1, size);
+ cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, size);
+ cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256,
+ size);
+ cipher_bench(GNUTLS_CIPHER_AES_128_GCM, size, 1);
- mac_bench (GNUTLS_MAC_SHA1, size);
- mac_bench (GNUTLS_MAC_SHA256, size);
- mac_bench (GNUTLS_MAC_SHA512, size);
+ mac_bench(GNUTLS_MAC_SHA1, size);
+ mac_bench(GNUTLS_MAC_SHA256, size);
+ mac_bench(GNUTLS_MAC_SHA512, size);
- cipher_bench (GNUTLS_CIPHER_3DES_CBC, size, 0);
+ cipher_bench(GNUTLS_CIPHER_3DES_CBC, size, 0);
- cipher_bench (GNUTLS_CIPHER_AES_128_CBC, size, 0);
+ cipher_bench(GNUTLS_CIPHER_AES_128_CBC, size, 0);
- cipher_bench (GNUTLS_CIPHER_ARCFOUR, size, 0);
+ cipher_bench(GNUTLS_CIPHER_ARCFOUR, size, 0);
- cipher_bench ( GNUTLS_CIPHER_SALSA20_256, size, 0);
+ cipher_bench(GNUTLS_CIPHER_SALSA20_256, size, 0);
- gnutls_global_deinit();
+ gnutls_global_deinit();
}
diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c
index 644fa12404..204c494227 100644
--- a/src/benchmark-tls.c
+++ b/src/benchmark-tls.c
@@ -41,7 +41,7 @@
#include "../tests/eagain-common.h"
#include "benchmark.h"
-const char* side = "";
+const char *side = "";
#define PRIO_DH "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+DHE-RSA"
#define PRIO_ECDH "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-SECP192R1"
@@ -64,414 +64,437 @@ static const int rsa_bits = 1776, ec_bits = 192;
/* DH of 1840 bits that is pretty close equivalent to 192 bits of ECDH.
*/
const char *pkcs3 =
-"-----BEGIN DH PARAMETERS-----\n"
-"MIIBxgKB3gNZMD2odqYk7HGnT+kh72vcnGrDhFMad1m4VlYZoLClkRUOH05W9gKF\n"
-"hjBzlg5zO1Pp14hpSNWdfXcd2glWE2wzkxxxztzt23gdXK1GjfupnALyPS2Q0Oj7\n"
-"UiLDfos46vXOSzqO3vBElM2HJQ6N1TRU+EqD5t/6aTAV6iAD+yz2Fyv4Xs+rgJC2\n"
-"IbpunLzM2IhH2u9tLUXGkBzHPW/6Q+fJRhn88OLBC9vwOHPQvw779+FB0NPue1Qs\n"
-"vb+4HSywpOr4BtNLWST2MzhCYBApvV1dKcZLI5k5Cfmp5ryV+wKB3gEUe9uAk+5I\n"
-"ENkTLC7XLLNGjPEKwQhBzE7Nh7RKWlZRX+B/cX5/iT7ZF9+N83O/wf2AxEV6CRWV\n"
-"WiCjvML/wbskpGoGmrPyef7bLHI62x4/nNacGGWEichPW8Sn/qaT80FHyYM0m7Ha\n"
-"+Q9kYUSx0u1CW//3nGvma5dh/c2iiq8r7J9w2PSYynHts4bYMrRRx2PVeGhvU8+X\n"
-"nRkYOqptEqoB6NG5kPRL8b5jJSp7J2hN7shDjQB/s9/N8rvF8tRmMUTJpk3Fwr9F\n"
-"LVdX3640cbukwFTKlkqZ1evymVzx0wICAL0=\n"
-"-----END DH PARAMETERS-----\n";
+ "-----BEGIN DH PARAMETERS-----\n"
+ "MIIBxgKB3gNZMD2odqYk7HGnT+kh72vcnGrDhFMad1m4VlYZoLClkRUOH05W9gKF\n"
+ "hjBzlg5zO1Pp14hpSNWdfXcd2glWE2wzkxxxztzt23gdXK1GjfupnALyPS2Q0Oj7\n"
+ "UiLDfos46vXOSzqO3vBElM2HJQ6N1TRU+EqD5t/6aTAV6iAD+yz2Fyv4Xs+rgJC2\n"
+ "IbpunLzM2IhH2u9tLUXGkBzHPW/6Q+fJRhn88OLBC9vwOHPQvw779+FB0NPue1Qs\n"
+ "vb+4HSywpOr4BtNLWST2MzhCYBApvV1dKcZLI5k5Cfmp5ryV+wKB3gEUe9uAk+5I\n"
+ "ENkTLC7XLLNGjPEKwQhBzE7Nh7RKWlZRX+B/cX5/iT7ZF9+N83O/wf2AxEV6CRWV\n"
+ "WiCjvML/wbskpGoGmrPyef7bLHI62x4/nNacGGWEichPW8Sn/qaT80FHyYM0m7Ha\n"
+ "+Q9kYUSx0u1CW//3nGvma5dh/c2iiq8r7J9w2PSYynHts4bYMrRRx2PVeGhvU8+X\n"
+ "nRkYOqptEqoB6NG5kPRL8b5jJSp7J2hN7shDjQB/s9/N8rvF8tRmMUTJpk3Fwr9F\n"
+ "LVdX3640cbukwFTKlkqZ1evymVzx0wICAL0=\n"
+ "-----END DH PARAMETERS-----\n";
static unsigned char server_cert_pem[] =
-"-----BEGIN CERTIFICATE-----\n"
-"MIIEEzCCAx6gAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix\n"
-"EjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzAN\n"
-"BgNVBAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy\n"
-"LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa\n"
-"BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIhgPMjAxMjA2MDYxOTAxMjdaGA8y\n"
-"MDE5MDcxMDE5MDEyN1owgbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGlu\n"
-"Yy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTAT\n"
-"BgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAK\n"
-"BgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25l\n"
-"QG5vbmUub3JnMIH9MA0GCSqGSIb3DQEBAQUAA4HrADCB5wKB3wC/VSBHG5adM0r0\n"
-"E80dgVvt+oVnnDcKYcm9q2WbknTL6dFgjjcEbiHDKmnr1hgyT9jfQVE/ve2XnZqA\n"
-"kbpYMNrQbdieclNycjoXCj3BJSJXXz3Ra6O4DLNh0/XwsxbVd/tMSQvwAK0MR60K\n"
-"/yfruL2oxe8j7uDmS5oY8b5O9nP/EVW2u7P1KVhrNxC2rGoaK6iRpgkAX3oP2YVM\n"
-"hLfPONpDgYGxBvrO0tlpHCYL+miWdRzIDPMYtdcU1v1zVSKAsvJ2dgEwP6FoSiWP\n"
-"nkw3U41i4oe+T7kVEk1F9QLCnXsCAwEAAaNrMGkwDAYDVR0TAQH/BAIwADAUBgNV\n"
-"HREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/\n"
-"BAUDAwegADAdBgNVHQ4EFgQUMwvofEmn5CtM4GygipfIuebOssgwDQYJKoZIhvcN\n"
-"AQELBQADgd8AdP87xzJGv3ddODGoCaVNipkO96HDwt1fC4Jtp1VTn1V4JRaL4e4D\n"
-"0dlFMq30kmrLTxNSET7MJ5l2m0XZS7jhbl5UW9jLCv1GurMaVuYK4v0LGGezODoH\n"
-"8naZkxWYGS16kssPu0SDE0V9gWF31IXs2qs0PHvvpI5WFmjrOPX3RfFeVNhmc5sv\n"
-"1cy+hnM9wxcT2r+jpKn3mYVVcnG7ANZyLKzLwN/PGkYB+tv8sS0ojxMKZLQjr9xs\n"
-"z1plHeDzm0/t7gsAkrL8ynSkBBJ1SLqaKMmlP1DmgU/zTlMTyKrG\n"
-"-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEEzCCAx6gAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix\n"
+ "EjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzAN\n"
+ "BgNVBAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy\n"
+ "LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa\n"
+ "BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIhgPMjAxMjA2MDYxOTAxMjdaGA8y\n"
+ "MDE5MDcxMDE5MDEyN1owgbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGlu\n"
+ "Yy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTAT\n"
+ "BgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAK\n"
+ "BgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25l\n"
+ "QG5vbmUub3JnMIH9MA0GCSqGSIb3DQEBAQUAA4HrADCB5wKB3wC/VSBHG5adM0r0\n"
+ "E80dgVvt+oVnnDcKYcm9q2WbknTL6dFgjjcEbiHDKmnr1hgyT9jfQVE/ve2XnZqA\n"
+ "kbpYMNrQbdieclNycjoXCj3BJSJXXz3Ra6O4DLNh0/XwsxbVd/tMSQvwAK0MR60K\n"
+ "/yfruL2oxe8j7uDmS5oY8b5O9nP/EVW2u7P1KVhrNxC2rGoaK6iRpgkAX3oP2YVM\n"
+ "hLfPONpDgYGxBvrO0tlpHCYL+miWdRzIDPMYtdcU1v1zVSKAsvJ2dgEwP6FoSiWP\n"
+ "nkw3U41i4oe+T7kVEk1F9QLCnXsCAwEAAaNrMGkwDAYDVR0TAQH/BAIwADAUBgNV\n"
+ "HREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/\n"
+ "BAUDAwegADAdBgNVHQ4EFgQUMwvofEmn5CtM4GygipfIuebOssgwDQYJKoZIhvcN\n"
+ "AQELBQADgd8AdP87xzJGv3ddODGoCaVNipkO96HDwt1fC4Jtp1VTn1V4JRaL4e4D\n"
+ "0dlFMq30kmrLTxNSET7MJ5l2m0XZS7jhbl5UW9jLCv1GurMaVuYK4v0LGGezODoH\n"
+ "8naZkxWYGS16kssPu0SDE0V9gWF31IXs2qs0PHvvpI5WFmjrOPX3RfFeVNhmc5sv\n"
+ "1cy+hnM9wxcT2r+jpKn3mYVVcnG7ANZyLKzLwN/PGkYB+tv8sS0ojxMKZLQjr9xs\n"
+ "z1plHeDzm0/t7gsAkrL8ynSkBBJ1SLqaKMmlP1DmgU/zTlMTyKrG\n"
+ "-----END CERTIFICATE-----\n";
static unsigned char server_key_pem[] =
-"-----BEGIN RSA PRIVATE KEY-----\n"
-"MIIEBAIBAAKB3wC/VSBHG5adM0r0E80dgVvt+oVnnDcKYcm9q2WbknTL6dFgjjcE\n"
-"biHDKmnr1hgyT9jfQVE/ve2XnZqAkbpYMNrQbdieclNycjoXCj3BJSJXXz3Ra6O4\n"
-"DLNh0/XwsxbVd/tMSQvwAK0MR60K/yfruL2oxe8j7uDmS5oY8b5O9nP/EVW2u7P1\n"
-"KVhrNxC2rGoaK6iRpgkAX3oP2YVMhLfPONpDgYGxBvrO0tlpHCYL+miWdRzIDPMY\n"
-"tdcU1v1zVSKAsvJ2dgEwP6FoSiWPnkw3U41i4oe+T7kVEk1F9QLCnXsCAwEAAQKB\n"
-"3iYR2gpMAvvkaNWH2xgz1QbVAhZLjugR7QJASEdcLMEmFPMRWQEYqL8cgVbbkpTw\n"
-"Lka9yFzWfZ/dTBCo7lr93Yv7T063kMME12oeL4tuyBZ6bOJueHT2kfq1Igpyl+iB\n"
-"pw7WuflXKRd4a4X0nwzYBQxYWH7bKkQRZDlViKuOXKVzgT7GqD6cbTZbc/8wUTi7\n"
-"HoyMlz4d+YH/XL5Zt6SM7cMuJ/VOGGUcBiXqlixzulloihkPwJeg6zxx0e1dVy4q\n"
-"jvVhb+hmypWajjBDPUwIGFih0lZJ6rqIDyls/ZK2AQJwAPFeAMubo1KWcFU+nHoK\n"
-"Q/jdOjpuAt7fwczkqhb6uOrJtS4RUtF3x3jfESFYf6Btnt6Slj1HpNKHbud2Weyw\n"
-"i3lIkkmQq4+8uRjZXlNtp2Sd33NFeYE1D8ll3V2wiwiCOPJxYWpOOwHs7pkcOsAD\n"
-"ywJwAMruluGFAUhoCxXOGzbJeXOC0U+LbwU72Xgk9zhEX6chaklKgdSnJ8DlHnYe\n"
-"R+wc2vXRfSGlT1OH0X8ezn82QV8UmYo6cNpMTNarW0rzpFir51owvYSBPnPB+DLX\n"
-"0JausRZoI6fyZSw4Vxt9PN13EQJwANnEX2FUfcmQs68le1ZclrEdIGEBSpO9PARZ\n"
-"tuBeu6IR9OaoeJlGwXDbiYAVcajT3oefp++ICTxtNvGchUuYiW4WvO2kmjVoJ3Q1\n"
-"Afaxs1qDWcyNvS+HKUQjJNNX6kj1/N040JRyGqkFFMyNfLArewJwAL/KfLkJjmvT\n"
-"QV7LW3cNNYbRRWdLXZLxvJfLQAdiv5BiiWRZUZkcnfq10HNMLSdfIiYfZocNCIrm\n"
-"mz3sbLdYHLJy8qXsk8oNQLXGX9LXsCTJ2y6nUAZSbCbVVPEgfRhcZCvMIp7Q/YOs\n"
-"f88QLx0UMQJvYsEnYagLe9EfC0d8fXTKJr143FMxas7j3eftxLEBnx7ZsqCbJD1o\n"
-"UsvWkp5I3kqIABEqY1ZJV/gU41MceuWURSVADpuuRDLzv8WPdeffad9o2hX/bkI6\n"
-"2INKeuq1nILiEHAZLloH6/fdjpWZYF0D\n"
-"-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIEBAIBAAKB3wC/VSBHG5adM0r0E80dgVvt+oVnnDcKYcm9q2WbknTL6dFgjjcE\n"
+ "biHDKmnr1hgyT9jfQVE/ve2XnZqAkbpYMNrQbdieclNycjoXCj3BJSJXXz3Ra6O4\n"
+ "DLNh0/XwsxbVd/tMSQvwAK0MR60K/yfruL2oxe8j7uDmS5oY8b5O9nP/EVW2u7P1\n"
+ "KVhrNxC2rGoaK6iRpgkAX3oP2YVMhLfPONpDgYGxBvrO0tlpHCYL+miWdRzIDPMY\n"
+ "tdcU1v1zVSKAsvJ2dgEwP6FoSiWPnkw3U41i4oe+T7kVEk1F9QLCnXsCAwEAAQKB\n"
+ "3iYR2gpMAvvkaNWH2xgz1QbVAhZLjugR7QJASEdcLMEmFPMRWQEYqL8cgVbbkpTw\n"
+ "Lka9yFzWfZ/dTBCo7lr93Yv7T063kMME12oeL4tuyBZ6bOJueHT2kfq1Igpyl+iB\n"
+ "pw7WuflXKRd4a4X0nwzYBQxYWH7bKkQRZDlViKuOXKVzgT7GqD6cbTZbc/8wUTi7\n"
+ "HoyMlz4d+YH/XL5Zt6SM7cMuJ/VOGGUcBiXqlixzulloihkPwJeg6zxx0e1dVy4q\n"
+ "jvVhb+hmypWajjBDPUwIGFih0lZJ6rqIDyls/ZK2AQJwAPFeAMubo1KWcFU+nHoK\n"
+ "Q/jdOjpuAt7fwczkqhb6uOrJtS4RUtF3x3jfESFYf6Btnt6Slj1HpNKHbud2Weyw\n"
+ "i3lIkkmQq4+8uRjZXlNtp2Sd33NFeYE1D8ll3V2wiwiCOPJxYWpOOwHs7pkcOsAD\n"
+ "ywJwAMruluGFAUhoCxXOGzbJeXOC0U+LbwU72Xgk9zhEX6chaklKgdSnJ8DlHnYe\n"
+ "R+wc2vXRfSGlT1OH0X8ezn82QV8UmYo6cNpMTNarW0rzpFir51owvYSBPnPB+DLX\n"
+ "0JausRZoI6fyZSw4Vxt9PN13EQJwANnEX2FUfcmQs68le1ZclrEdIGEBSpO9PARZ\n"
+ "tuBeu6IR9OaoeJlGwXDbiYAVcajT3oefp++ICTxtNvGchUuYiW4WvO2kmjVoJ3Q1\n"
+ "Afaxs1qDWcyNvS+HKUQjJNNX6kj1/N040JRyGqkFFMyNfLArewJwAL/KfLkJjmvT\n"
+ "QV7LW3cNNYbRRWdLXZLxvJfLQAdiv5BiiWRZUZkcnfq10HNMLSdfIiYfZocNCIrm\n"
+ "mz3sbLdYHLJy8qXsk8oNQLXGX9LXsCTJ2y6nUAZSbCbVVPEgfRhcZCvMIp7Q/YOs\n"
+ "f88QLx0UMQJvYsEnYagLe9EfC0d8fXTKJr143FMxas7j3eftxLEBnx7ZsqCbJD1o\n"
+ "UsvWkp5I3kqIABEqY1ZJV/gU41MceuWURSVADpuuRDLzv8WPdeffad9o2hX/bkI6\n"
+ "2INKeuq1nILiEHAZLloH6/fdjpWZYF0D\n" "-----END RSA PRIVATE KEY-----\n";
static unsigned char server_ecc_key_pem[] =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MGACAQEEGQCovzs4UsfRncfJXO3WOZUe/Zf+usKzEcWgCgYIKoZIzj0DAQGhNAMy\n"
- "AAREwuCcUHKNWyetsymkAaqA0GCgksI2AjewpOWsraGrfea3GPw1uuyOQRMR7kka\n"
- "v6s=\n"
- "-----END EC PRIVATE KEY-----\n";
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MGACAQEEGQCovzs4UsfRncfJXO3WOZUe/Zf+usKzEcWgCgYIKoZIzj0DAQGhNAMy\n"
+ "AAREwuCcUHKNWyetsymkAaqA0GCgksI2AjewpOWsraGrfea3GPw1uuyOQRMR7kka\n"
+ "v6s=\n" "-----END EC PRIVATE KEY-----\n";
static unsigned char server_ecc_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIBYDCCARWgAwIBAgIETuILrDAKBggqhkjOPQQDAjAcMQswCQYDVQQGEwJCRTEN\n"
- "MAsGA1UEChMEVGVzdDAeFw0xMTEyMDkxMzIyNTJaFw0xNzA4MTExMzIyNTlaMBwx\n"
- "CzAJBgNVBAYTAkJFMQ0wCwYDVQQKEwRUZXN0MEkwEwYHKoZIzj0CAQYIKoZIzj0D\n"
- "AQEDMgAERMLgnFByjVsnrbMppAGqgNBgoJLCNgI3sKTlrK2hq33mtxj8NbrsjkET\n"
- "Ee5JGr+ro1UwUzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G\n"
- "A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKeR27mtYWFaH43U2zEvjd28Zf+CMAoG\n"
- "CCqGSM49BAMCAzkAMDYCGQD7WWWiFV+ddI7tIyMFepKFA1dX4nlc/+ICGQCCPdHc\n"
- "gMyHv2XyfOGHLhq0HmDTOOiwfC4=\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBYDCCARWgAwIBAgIETuILrDAKBggqhkjOPQQDAjAcMQswCQYDVQQGEwJCRTEN\n"
+ "MAsGA1UEChMEVGVzdDAeFw0xMTEyMDkxMzIyNTJaFw0xNzA4MTExMzIyNTlaMBwx\n"
+ "CzAJBgNVBAYTAkJFMQ0wCwYDVQQKEwRUZXN0MEkwEwYHKoZIzj0CAQYIKoZIzj0D\n"
+ "AQEDMgAERMLgnFByjVsnrbMppAGqgNBgoJLCNgI3sKTlrK2hq33mtxj8NbrsjkET\n"
+ "Ee5JGr+ro1UwUzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G\n"
+ "A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKeR27mtYWFaH43U2zEvjd28Zf+CMAoG\n"
+ "CCqGSM49BAMCAzkAMDYCGQD7WWWiFV+ddI7tIyMFepKFA1dX4nlc/+ICGQCCPdHc\n"
+ "gMyHv2XyfOGHLhq0HmDTOOiwfC4=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
const gnutls_datum_t server_ecc_cert = { server_ecc_cert_pem,
- sizeof (server_ecc_cert_pem)
+ sizeof(server_ecc_cert_pem)
};
const gnutls_datum_t server_ecc_key = { server_ecc_key_pem,
- sizeof (server_ecc_key_pem)
+ sizeof(server_ecc_key_pem)
};
char buffer[64 * 1024];
static void tls_log_func(int level, const char *str)
{
- fprintf(stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static void test_ciphersuite(const char *cipher_prio, int size)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- gnutls_certificate_credentials_t c_certcred, s_certcred;
- const gnutls_datum_t p3 = { (void*) pkcs3, strlen(pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret, cret;
- const char *str;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- /* Need to enable anonymous KX specifically. */
- int ret;
- struct benchmark_st st;
-
- /* Init server */
- gnutls_anon_allocate_server_credentials(&s_anoncred);
- gnutls_dh_params_init(&dh_params);
- gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
-
- gnutls_certificate_allocate_credentials(&s_certcred);
- gnutls_certificate_set_dh_params(s_certcred, dh_params);
-
- gnutls_certificate_set_x509_key_mem (s_certcred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_x509_key_mem (s_certcred, &server_ecc_cert, &server_ecc_key,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_init(&server, GNUTLS_SERVER);
- ret = gnutls_priority_set_direct(server, cipher_prio, &str);
- if (ret < 0) {
- fprintf(stderr, "Error in %s\n", str);
- exit(1);
- }
- gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred);
- gnutls_transport_set_push_function(server, server_push);
- gnutls_transport_set_pull_function(server, server_pull);
- gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
- reset_buffers();
-
- /* Init client */
- gnutls_anon_allocate_client_credentials(&c_anoncred);
- gnutls_certificate_allocate_credentials(&c_certcred);
- gnutls_init(&client, GNUTLS_CLIENT);
-
- ret = gnutls_priority_set_direct(client, cipher_prio, &str);
- if (ret < 0) {
- fprintf(stderr, "Error in %s\n", str);
- exit(1);
- }
- gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred);
- gnutls_transport_set_push_function(client, client_push);
- gnutls_transport_set_pull_function(client, client_pull);
- gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
-
- HANDSHAKE(client, server);
-
- fprintf(stdout, "%38s ",
- gnutls_cipher_suite_get_name(gnutls_kx_get(server),
- gnutls_cipher_get(server),
- gnutls_mac_get(server)));
- fflush(stdout);
-
- gnutls_rnd(GNUTLS_RND_NONCE, buffer, sizeof(buffer));
-
- start_benchmark(&st);
-
- do {
- do {
- ret = gnutls_record_send(client, buffer, size);
- }
- while (ret == GNUTLS_E_AGAIN);
-
- if (ret < 0) {
- fprintf(stderr, "Failed sending to server\n");
- exit(1);
- }
-
- do {
- ret = gnutls_record_recv(server, buffer, sizeof(buffer));
- }
- while (ret == GNUTLS_E_AGAIN);
-
- if (ret < 0) {
- fprintf(stderr, "Failed receiving from client\n");
- exit(1);
- }
-
- st.size += size;
- }
- while (benchmark_must_finish == 0);
-
- stop_benchmark(&st, NULL, 1);
-
- gnutls_bye(client, GNUTLS_SHUT_WR);
- gnutls_bye(server, GNUTLS_SHUT_WR);
-
- gnutls_deinit(client);
- gnutls_deinit(server);
-
- gnutls_anon_free_client_credentials(c_anoncred);
- gnutls_anon_free_server_credentials(s_anoncred);
-
- gnutls_dh_params_deinit(dh_params);
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ gnutls_certificate_credentials_t c_certcred, s_certcred;
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret, cret;
+ const char *str;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ /* Need to enable anonymous KX specifically. */
+ int ret;
+ struct benchmark_st st;
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+
+ gnutls_certificate_allocate_credentials(&s_certcred);
+ gnutls_certificate_set_dh_params(s_certcred, dh_params);
+
+ gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert,
+ &server_ecc_key,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_init(&server, GNUTLS_SERVER);
+ ret = gnutls_priority_set_direct(server, cipher_prio, &str);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s\n", str);
+ exit(1);
+ }
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
+ reset_buffers();
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_certificate_allocate_credentials(&c_certcred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+
+ ret = gnutls_priority_set_direct(client, cipher_prio, &str);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s\n", str);
+ exit(1);
+ }
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
+
+ HANDSHAKE(client, server);
+
+ fprintf(stdout, "%38s ",
+ gnutls_cipher_suite_get_name(gnutls_kx_get(server),
+ gnutls_cipher_get(server),
+ gnutls_mac_get(server)));
+ fflush(stdout);
+
+ gnutls_rnd(GNUTLS_RND_NONCE, buffer, sizeof(buffer));
+
+ start_benchmark(&st);
+
+ do {
+ do {
+ ret = gnutls_record_send(client, buffer, size);
+ }
+ while (ret == GNUTLS_E_AGAIN);
+
+ if (ret < 0) {
+ fprintf(stderr, "Failed sending to server\n");
+ exit(1);
+ }
+
+ do {
+ ret =
+ gnutls_record_recv(server, buffer,
+ sizeof(buffer));
+ }
+ while (ret == GNUTLS_E_AGAIN);
+
+ if (ret < 0) {
+ fprintf(stderr, "Failed receiving from client\n");
+ exit(1);
+ }
+
+ st.size += size;
+ }
+ while (benchmark_must_finish == 0);
+
+ stop_benchmark(&st, NULL, 1);
+
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
}
static
double calc_avg(unsigned int *diffs, unsigned int diffs_size)
{
-double avg = 0;
-unsigned int i;
+ double avg = 0;
+ unsigned int i;
+
+ for (i = 0; i < diffs_size; i++)
+ avg += diffs[i];
- for(i=0;i<diffs_size;i++)
- avg += diffs[i];
-
- avg /= diffs_size;
+ avg /= diffs_size;
- return avg;
+ return avg;
}
static
-double calc_sstdev(unsigned int *diffs, unsigned int diffs_size, double avg)
+double calc_sstdev(unsigned int *diffs, unsigned int diffs_size,
+ double avg)
{
-double sum = 0, d;
-unsigned int i;
-
- for (i=0;i<diffs_size;i++) {
- d = ((double)diffs[i] - avg);
- d *= d;
-
- sum += d;
- }
- sum /= diffs_size - 1;
-
- return sum;
+ double sum = 0, d;
+ unsigned int i;
+
+ for (i = 0; i < diffs_size; i++) {
+ d = ((double) diffs[i] - avg);
+ d *= d;
+
+ sum += d;
+ }
+ sum /= diffs_size - 1;
+
+ return sum;
}
-unsigned int diffs[32*1024];
+unsigned int diffs[32 * 1024];
unsigned int diffs_size = 0;
static void test_ciphersuite_kx(const char *cipher_prio)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (void*) pkcs3, strlen(pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret, cret;
- const char *str;
- const char *suite = NULL;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_certificate_credentials_t c_certcred, s_certcred;
- gnutls_session_t client;
- /* Need to enable anonymous KX specifically. */
- int ret;
- struct benchmark_st st;
- struct timespec tr_start, tr_stop;
- double avg, sstddev;
-
- diffs_size = 0;
-
- /* Init server */
- gnutls_certificate_allocate_credentials(&s_certcred);
- gnutls_anon_allocate_server_credentials(&s_anoncred);
- gnutls_dh_params_init(&dh_params);
- if ((ret=gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM)) < 0) {
- fprintf(stderr, "Error importing the PKCS #3 params: %s\n", gnutls_strerror(ret));
- exit(1);
- }
- gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
- gnutls_certificate_set_dh_params(s_certcred, dh_params);
-
- gnutls_certificate_set_x509_key_mem (s_certcred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_x509_key_mem (s_certcred, &server_ecc_cert, &server_ecc_key,
- GNUTLS_X509_FMT_PEM);
-
- /* Init client */
- gnutls_anon_allocate_client_credentials(&c_anoncred);
- gnutls_certificate_allocate_credentials(&c_certcred);
-
- start_benchmark(&st);
-
- do {
-
- gnutls_init(&server, GNUTLS_SERVER);
- ret = gnutls_priority_set_direct(server, cipher_prio, &str);
- if (ret < 0) {
- fprintf(stderr, "Error in %s\n", str);
- exit(1);
- }
- gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred);
- gnutls_transport_set_push_function(server, server_push);
- gnutls_transport_set_pull_function(server, server_pull);
- gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
- reset_buffers();
-
- gnutls_init(&client, GNUTLS_CLIENT);
-
- ret = gnutls_priority_set_direct(client, cipher_prio, &str);
- if (ret < 0) {
- fprintf(stderr, "Error in %s\n", str);
- exit(1);
- }
- gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred);
-
- gnutls_transport_set_push_function(client, client_push);
- gnutls_transport_set_pull_function(client, client_pull);
- gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
-
- gettime(&tr_start);
-
- HANDSHAKE(client, server);
-
- gettime(&tr_stop);
-
- if (suite == NULL)
- suite = gnutls_cipher_suite_get_name(gnutls_kx_get(server),
- gnutls_cipher_get(server),
- gnutls_mac_get(server));
-
- gnutls_deinit(client);
- gnutls_deinit(server);
-
- diffs[diffs_size++] = timespec_sub_ms(&tr_stop, &tr_start);
- if (diffs_size > sizeof(diffs))
- abort();
-
- st.size += 1;
- }
- while (benchmark_must_finish == 0);
-
- fprintf(stdout, "%38s ", suite);
- stop_benchmark(&st, "transactions", 1);
-
- avg = calc_avg(diffs, diffs_size);
- sstddev = calc_sstdev(diffs, diffs_size, avg);
-
- printf("%32s %.2f ms, sample variance: %.2f)\n", "(avg. handshake time:", avg, sstddev);
-
- gnutls_anon_free_client_credentials(c_anoncred);
- gnutls_anon_free_server_credentials(s_anoncred);
-
- gnutls_dh_params_deinit(dh_params);
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret, cret;
+ const char *str;
+ const char *suite = NULL;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_certificate_credentials_t c_certcred, s_certcred;
+ gnutls_session_t client;
+ /* Need to enable anonymous KX specifically. */
+ int ret;
+ struct benchmark_st st;
+ struct timespec tr_start, tr_stop;
+ double avg, sstddev;
+
+ diffs_size = 0;
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&s_certcred);
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ if ((ret =
+ gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM)) < 0) {
+ fprintf(stderr, "Error importing the PKCS #3 params: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+ gnutls_certificate_set_dh_params(s_certcred, dh_params);
+
+ gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert,
+ &server_ecc_key,
+ GNUTLS_X509_FMT_PEM);
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_certificate_allocate_credentials(&c_certcred);
+
+ start_benchmark(&st);
+
+ do {
+
+ gnutls_init(&server, GNUTLS_SERVER);
+ ret =
+ gnutls_priority_set_direct(server, cipher_prio, &str);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s\n", str);
+ exit(1);
+ }
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON,
+ s_anoncred);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ s_certcred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server,
+ (gnutls_transport_ptr_t) server);
+ reset_buffers();
+
+ gnutls_init(&client, GNUTLS_CLIENT);
+
+ ret =
+ gnutls_priority_set_direct(client, cipher_prio, &str);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s\n", str);
+ exit(1);
+ }
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON,
+ c_anoncred);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ c_certcred);
+
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client,
+ (gnutls_transport_ptr_t) client);
+
+ gettime(&tr_start);
+
+ HANDSHAKE(client, server);
+
+ gettime(&tr_stop);
+
+ if (suite == NULL)
+ suite =
+ gnutls_cipher_suite_get_name(gnutls_kx_get
+ (server),
+ gnutls_cipher_get
+ (server),
+ gnutls_mac_get
+ (server));
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ diffs[diffs_size++] = timespec_sub_ms(&tr_stop, &tr_start);
+ if (diffs_size > sizeof(diffs))
+ abort();
+
+ st.size += 1;
+ }
+ while (benchmark_must_finish == 0);
+
+ fprintf(stdout, "%38s ", suite);
+ stop_benchmark(&st, "transactions", 1);
+
+ avg = calc_avg(diffs, diffs_size);
+ sstddev = calc_sstdev(diffs, diffs_size, avg);
+
+ printf("%32s %.2f ms, sample variance: %.2f)\n",
+ "(avg. handshake time:", avg, sstddev);
+
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
}
void benchmark_tls(int debug_level, int ciphers)
{
- int size;
-
- gnutls_global_set_log_function(tls_log_func);
- gnutls_global_set_log_level(debug_level);
- gnutls_global_init();
-
- if (ciphers != 0)
- {
- size = 1400;
- printf("Testing throughput in cipher/MAC combinations (payload: %d bytes)\n", size);
-
- test_ciphersuite(PRIO_SALSA20_256_UMAC_96, size);
- test_ciphersuite(PRIO_SALSA20_256_SHA1, size);
- test_ciphersuite(PRIO_ESTREAM_SALSA20_256_UMAC_96, size);
- test_ciphersuite(PRIO_ESTREAM_SALSA20_256_SHA1, size);
- test_ciphersuite(PRIO_ARCFOUR_128_SHA1, size);
- test_ciphersuite(PRIO_ARCFOUR_128_MD5, size);
- test_ciphersuite(PRIO_AES_GCM, size);
- test_ciphersuite(PRIO_AES_CBC_SHA1, size);
- test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size);
-
- size = 15*1024;
- printf("\nTesting throughput in cipher/MAC combinations (payload: %d bytes)\n", size);
- test_ciphersuite(PRIO_SALSA20_256_UMAC_96, size);
- test_ciphersuite(PRIO_SALSA20_256_SHA1, size);
- test_ciphersuite(PRIO_ESTREAM_SALSA20_256_UMAC_96, size);
- test_ciphersuite(PRIO_ESTREAM_SALSA20_256_SHA1, size);
- test_ciphersuite(PRIO_ARCFOUR_128_SHA1, size);
- test_ciphersuite(PRIO_ARCFOUR_128_MD5, size);
- test_ciphersuite(PRIO_AES_GCM, size);
- test_ciphersuite(PRIO_AES_CBC_SHA1, size);
- test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size);
- }
- else
- {
- printf("Testing key exchanges (RSA/DH bits: %d, EC bits: %d)\n", rsa_bits, ec_bits);
- test_ciphersuite_kx(PRIO_DH);
- test_ciphersuite_kx(PRIO_ECDH);
- test_ciphersuite_kx(PRIO_ECDHE_ECDSA);
- test_ciphersuite_kx(PRIO_RSA);
- }
-
- gnutls_global_deinit();
-
+ int size;
+
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(debug_level);
+ gnutls_global_init();
+
+ if (ciphers != 0) {
+ size = 1400;
+ printf
+ ("Testing throughput in cipher/MAC combinations (payload: %d bytes)\n",
+ size);
+
+ test_ciphersuite(PRIO_SALSA20_256_UMAC_96, size);
+ test_ciphersuite(PRIO_SALSA20_256_SHA1, size);
+ test_ciphersuite(PRIO_ESTREAM_SALSA20_256_UMAC_96, size);
+ test_ciphersuite(PRIO_ESTREAM_SALSA20_256_SHA1, size);
+ test_ciphersuite(PRIO_ARCFOUR_128_SHA1, size);
+ test_ciphersuite(PRIO_ARCFOUR_128_MD5, size);
+ test_ciphersuite(PRIO_AES_GCM, size);
+ test_ciphersuite(PRIO_AES_CBC_SHA1, size);
+ test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size);
+
+ size = 15 * 1024;
+ printf
+ ("\nTesting throughput in cipher/MAC combinations (payload: %d bytes)\n",
+ size);
+ test_ciphersuite(PRIO_SALSA20_256_UMAC_96, size);
+ test_ciphersuite(PRIO_SALSA20_256_SHA1, size);
+ test_ciphersuite(PRIO_ESTREAM_SALSA20_256_UMAC_96, size);
+ test_ciphersuite(PRIO_ESTREAM_SALSA20_256_SHA1, size);
+ test_ciphersuite(PRIO_ARCFOUR_128_SHA1, size);
+ test_ciphersuite(PRIO_ARCFOUR_128_MD5, size);
+ test_ciphersuite(PRIO_AES_GCM, size);
+ test_ciphersuite(PRIO_AES_CBC_SHA1, size);
+ test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size);
+ } else {
+ printf
+ ("Testing key exchanges (RSA/DH bits: %d, EC bits: %d)\n",
+ rsa_bits, ec_bits);
+ test_ciphersuite_kx(PRIO_DH);
+ test_ciphersuite_kx(PRIO_ECDH);
+ test_ciphersuite_kx(PRIO_ECDHE_ECDSA);
+ test_ciphersuite_kx(PRIO_RSA);
+ }
+
+ gnutls_global_deinit();
+
}
diff --git a/src/benchmark.c b/src/benchmark.c
index 6cc79e2404..f8a9562529 100644
--- a/src/benchmark.c
+++ b/src/benchmark.c
@@ -32,130 +32,124 @@ int benchmark_must_finish = 0;
#if defined(_WIN32)
#include <windows.h>
-DWORD WINAPI
-alarm_handler (LPVOID lpParameter)
+DWORD WINAPI alarm_handler(LPVOID lpParameter)
{
- HANDLE wtimer = *((HANDLE *) lpParameter);
- WaitForSingleObject (wtimer, INFINITE);
- benchmark_must_finish = 1;
- return 0;
+ HANDLE wtimer = *((HANDLE *) lpParameter);
+ WaitForSingleObject(wtimer, INFINITE);
+ benchmark_must_finish = 1;
+ return 0;
}
#else
-static void
-alarm_handler (int signo)
+static void alarm_handler(int signo)
{
- benchmark_must_finish = 1;
+ benchmark_must_finish = 1;
}
#endif
static void
-value2human (unsigned long bytes, double time, double *data, double *speed,
- char *metric)
+value2human(unsigned long bytes, double time, double *data, double *speed,
+ char *metric)
{
- if (bytes > 1000 && bytes < 1000 * 1000)
- {
- *data = ((double) bytes) / 1000;
- *speed = *data / time;
- strcpy (metric, "KB");
- return;
- }
- else if (bytes >= 1000 * 1000 && bytes < 1000 * 1000 * 1000)
- {
- *data = ((double) bytes) / (1000 * 1000);
- *speed = *data / time;
- strcpy (metric, "MB");
- return;
- }
- else if (bytes >= 1000 * 1000 * 1000)
- {
- *data = ((double) bytes) / (1000 * 1000 * 1000);
- *speed = *data / time;
- strcpy (metric, "GB");
- return;
- }
- else
- {
- *data = (double) bytes;
- *speed = *data / time;
- strcpy (metric, "bytes");
- return;
- }
+ if (bytes > 1000 && bytes < 1000 * 1000) {
+ *data = ((double) bytes) / 1000;
+ *speed = *data / time;
+ strcpy(metric, "KB");
+ return;
+ } else if (bytes >= 1000 * 1000 && bytes < 1000 * 1000 * 1000) {
+ *data = ((double) bytes) / (1000 * 1000);
+ *speed = *data / time;
+ strcpy(metric, "MB");
+ return;
+ } else if (bytes >= 1000 * 1000 * 1000) {
+ *data = ((double) bytes) / (1000 * 1000 * 1000);
+ *speed = *data / time;
+ strcpy(metric, "GB");
+ return;
+ } else {
+ *data = (double) bytes;
+ *speed = *data / time;
+ strcpy(metric, "bytes");
+ return;
+ }
}
-void start_benchmark(struct benchmark_st * st)
+void start_benchmark(struct benchmark_st *st)
{
- memset(st, 0, sizeof(*st));
+ memset(st, 0, sizeof(*st));
#ifndef _WIN32
- st->old_handler = signal (SIGALRM, alarm_handler);
+ st->old_handler = signal(SIGALRM, alarm_handler);
#endif
- gettime (&st->start);
- benchmark_must_finish = 0;
+ gettime(&st->start);
+ benchmark_must_finish = 0;
#if defined(_WIN32)
- st->wtimer = CreateWaitableTimer (NULL, TRUE, NULL);
- if (st->wtimer == NULL)
- {
- fprintf (stderr, "error: CreateWaitableTimer %u\n", GetLastError ());
- exit(1);
- }
- st->wthread = CreateThread (NULL, 0, alarm_handler, &st->wtimer, 0, NULL);
- if (st->wthread == NULL)
- {
- fprintf (stderr, "error: CreateThread %u\n", GetLastError ());
- exit(1);
- }
- st->alarm_timeout.QuadPart = (BSECS) * 10000000;
- if (SetWaitableTimer (st->wtimer, &st->alarm_timeout, 0, NULL, NULL, FALSE) == 0)
- {
- fprintf (stderr, "error: SetWaitableTimer %u\n", GetLastError ());
- exit(1);
- }
+ st->wtimer = CreateWaitableTimer(NULL, TRUE, NULL);
+ if (st->wtimer == NULL) {
+ fprintf(stderr, "error: CreateWaitableTimer %u\n",
+ GetLastError());
+ exit(1);
+ }
+ st->wthread =
+ CreateThread(NULL, 0, alarm_handler, &st->wtimer, 0, NULL);
+ if (st->wthread == NULL) {
+ fprintf(stderr, "error: CreateThread %u\n",
+ GetLastError());
+ exit(1);
+ }
+ st->alarm_timeout.QuadPart = (BSECS) * 10000000;
+ if (SetWaitableTimer
+ (st->wtimer, &st->alarm_timeout, 0, NULL, NULL, FALSE) == 0) {
+ fprintf(stderr, "error: SetWaitableTimer %u\n",
+ GetLastError());
+ exit(1);
+ }
#else
- alarm (BSECS);
+ alarm(BSECS);
#endif
-
+
}
/* returns the elapsed time */
-double stop_benchmark(struct benchmark_st * st, const char* metric, int quiet)
+double stop_benchmark(struct benchmark_st *st, const char *metric,
+ int quiet)
{
- double secs;
- unsigned long lsecs;
- struct timespec stop;
- double dspeed, ddata;
- char imetric[16];
+ double secs;
+ unsigned long lsecs;
+ struct timespec stop;
+ double dspeed, ddata;
+ char imetric[16];
#if defined(_WIN32)
- if (st->wtimer != NULL)
- CloseHandle (st->wtimer);
- if (st->wthread != NULL)
- CloseHandle (st->wthread);
+ if (st->wtimer != NULL)
+ CloseHandle(st->wtimer);
+ if (st->wthread != NULL)
+ CloseHandle(st->wthread);
#else
- signal(SIGALRM, st->old_handler);
+ signal(SIGALRM, st->old_handler);
#endif
- gettime (&stop);
+ gettime(&stop);
- lsecs = (stop.tv_sec * 1000 + stop.tv_nsec / (1000 * 1000) -
- (st->start.tv_sec * 1000 + st->start.tv_nsec / (1000 * 1000)));
- secs = lsecs;
- secs /= 1000;
+ lsecs = (stop.tv_sec * 1000 + stop.tv_nsec / (1000 * 1000) -
+ (st->start.tv_sec * 1000 +
+ st->start.tv_nsec / (1000 * 1000)));
+ secs = lsecs;
+ secs /= 1000;
- if (metric == NULL)
- { /* assume bytes/sec */
- value2human (st->size, secs, &ddata, &dspeed, imetric);
- if (quiet == 0)
- printf (" Processed %.2f %s in %.2f secs: ", ddata, imetric, secs);
- printf ("%.2f %s/sec\n", dspeed, imetric);
- }
- else
- {
- ddata = (double) st->size;
- dspeed = ddata / secs;
- if (quiet == 0)
- printf (" Processed %.2f %s in %.2f secs: ", ddata, metric, secs);
- printf ("%.2f %s/sec\n", dspeed, metric);
- }
+ if (metric == NULL) { /* assume bytes/sec */
+ value2human(st->size, secs, &ddata, &dspeed, imetric);
+ if (quiet == 0)
+ printf(" Processed %.2f %s in %.2f secs: ", ddata,
+ imetric, secs);
+ printf("%.2f %s/sec\n", dspeed, imetric);
+ } else {
+ ddata = (double) st->size;
+ dspeed = ddata / secs;
+ if (quiet == 0)
+ printf(" Processed %.2f %s in %.2f secs: ", ddata,
+ metric, secs);
+ printf("%.2f %s/sec\n", dspeed, metric);
+ }
- return secs;
+ return secs;
}
diff --git a/src/benchmark.h b/src/benchmark.h
index 4f2619c96e..cadd0d2615 100644
--- a/src/benchmark.h
+++ b/src/benchmark.h
@@ -21,48 +21,47 @@
#include <time.h>
#include <signal.h>
#if defined(_WIN32)
-# include <windows.h>
+#include <windows.h>
#endif
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
-# undef gettime
-# define gettime(x) clock_gettime(CLOCK_PROCESS_CPUTIME_ID, x)
+#undef gettime
+#define gettime(x) clock_gettime(CLOCK_PROCESS_CPUTIME_ID, x)
#else
-inline static void
-gettime (struct timespec *ts)
+inline static void gettime(struct timespec *ts)
{
-struct timeval tv;
- gettimeofday (&tv, NULL);
- ts->tv_sec = tv.tv_sec;
- ts->tv_nsec = tv.tv_usec * 1000;
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ ts->tv_sec = tv.tv_sec;
+ ts->tv_nsec = tv.tv_usec * 1000;
}
#endif
-typedef void (*sighandler_t)(int);
+typedef void (*sighandler_t) (int);
-void benchmark_cipher (int init, int debug_level);
-void benchmark_tls (int debug_level, int ciphers);
+void benchmark_cipher(int init, int debug_level);
+void benchmark_tls(int debug_level, int ciphers);
-struct benchmark_st
-{
- struct timespec start;
- unsigned long size;
- sighandler_t old_handler;
+struct benchmark_st {
+ struct timespec start;
+ unsigned long size;
+ sighandler_t old_handler;
#if defined(_WIN32)
- HANDLE wtimer;
- HANDLE wthread;
- LARGE_INTEGER alarm_timeout;
+ HANDLE wtimer;
+ HANDLE wthread;
+ LARGE_INTEGER alarm_timeout;
#endif
};
extern int benchmark_must_finish;
-void start_benchmark(struct benchmark_st * st);
-double stop_benchmark(struct benchmark_st * st, const char* metric, int quiet);
+void start_benchmark(struct benchmark_st *st);
+double stop_benchmark(struct benchmark_st *st, const char *metric,
+ int quiet);
inline static unsigned int
-timespec_sub_ms (struct timespec *a, struct timespec *b)
+timespec_sub_ms(struct timespec *a, struct timespec *b)
{
- return (a->tv_sec * 1000 + a->tv_nsec / (1000 * 1000) -
- (b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
+ return (a->tv_sec * 1000 + a->tv_nsec / (1000 * 1000) -
+ (b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
}
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 6e7211ce82..da95738d96 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -36,9 +36,9 @@
#include <sys/types.h>
#if HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#include <sys/socket.h>
#elif HAVE_WS2TCPIP_H
-# include <ws2tcpip.h>
+#include <ws2tcpip.h>
#endif
#include <arpa/inet.h>
@@ -51,61 +51,59 @@ extern int batch;
#define MAX_ENTRIES 128
#define MAX_POLICIES 8
-typedef struct _cfg_ctx
-{
- char *organization;
- char *unit;
- char *locality;
- char *state;
- char *dn;
- char *cn;
- char *uid;
- char *challenge_password;
- char *pkcs9_email;
- char *country;
- char *policy_oid[MAX_POLICIES];
- char *policy_txt[MAX_POLICIES];
- char *policy_url[MAX_POLICIES];
- char **dc;
- char **dns_name;
- char **uri;
- char **ip_addr;
- char **email;
- char **dn_oid;
- char *crl_dist_points;
- char *password;
- char *pkcs12_key_name;
- int serial;
- int expiration_days;
- int ca;
- int path_len;
- int tls_www_client;
- int tls_www_server;
- int signing_key;
- int encryption_key;
- int cert_sign_key;
- int crl_sign_key;
- int code_sign_key;
- int ocsp_sign_key;
- int time_stamping_key;
- int ipsec_ike_key;
- char **key_purpose_oids;
- int crl_next_update;
- int crl_number;
- int crq_extensions;
- char *proxy_policy_language;
- char **ocsp_uris;
- char **ca_issuers_uris;
+typedef struct _cfg_ctx {
+ char *organization;
+ char *unit;
+ char *locality;
+ char *state;
+ char *dn;
+ char *cn;
+ char *uid;
+ char *challenge_password;
+ char *pkcs9_email;
+ char *country;
+ char *policy_oid[MAX_POLICIES];
+ char *policy_txt[MAX_POLICIES];
+ char *policy_url[MAX_POLICIES];
+ char **dc;
+ char **dns_name;
+ char **uri;
+ char **ip_addr;
+ char **email;
+ char **dn_oid;
+ char *crl_dist_points;
+ char *password;
+ char *pkcs12_key_name;
+ int serial;
+ int expiration_days;
+ int ca;
+ int path_len;
+ int tls_www_client;
+ int tls_www_server;
+ int signing_key;
+ int encryption_key;
+ int cert_sign_key;
+ int crl_sign_key;
+ int code_sign_key;
+ int ocsp_sign_key;
+ int time_stamping_key;
+ int ipsec_ike_key;
+ char **key_purpose_oids;
+ int crl_next_update;
+ int crl_number;
+ int crq_extensions;
+ char *proxy_policy_language;
+ char **ocsp_uris;
+ char **ca_issuers_uris;
} cfg_ctx;
cfg_ctx cfg;
-void
-cfg_init (void)
+void cfg_init(void)
{
- memset (&cfg, 0, sizeof (cfg));
- cfg.path_len = -1;
- cfg.serial = -1;
+ memset(&cfg, 0, sizeof(cfg));
+ cfg.path_len = -1;
+ cfg.serial = -1;
}
#define READ_MULTI_LINE(name, s_name) \
@@ -179,1624 +177,1518 @@ cfg_init (void)
s_name = atoi(val->v.strVal); \
}
-int
-template_parse (const char *template)
+int template_parse(const char *template)
{
- /* Parsing return code */
- int ret;
- unsigned int i;
- tOptionValue const * pov;
- const tOptionValue* val;
- char tmpstr[256];
-
- pov = configFileLoad(template);
- if (pov == NULL)
- {
- perror("configFileLoad");
- fprintf(stderr, "Error loading template: %s\n", template);
- exit(1);
- }
-
- /* Option variables */
- val = optionGetValue(pov, "organization");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.organization = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "unit");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.unit = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "locality");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.locality = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "state");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.state = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "dn");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.dn = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "cn");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.cn = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "uid");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.uid = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "challenge_password");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.challenge_password = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "password");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.password = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "pkcs9_email");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.pkcs9_email = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "country");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.country = strdup(val->v.strVal);
-
- for (i=0;i<MAX_POLICIES;i++)
- {
- snprintf(tmpstr, sizeof(tmpstr), "policy%d", i+1);
- val = optionGetValue(pov, tmpstr);
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.policy_oid[i] = strdup(val->v.strVal);
-
- if (cfg.policy_oid[i] != NULL)
- {
- snprintf(tmpstr, sizeof(tmpstr), "policy%d_url", i+1);
- val = optionGetValue(pov, tmpstr);
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.policy_url[i] = strdup(val->v.strVal);
-
- snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt", i+1);
- val = optionGetValue(pov, tmpstr);
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- {
- cfg.policy_txt[i] = strdup(val->v.strVal);
- }
- }
- }
-
- READ_MULTI_LINE("dc", cfg.dc);
- READ_MULTI_LINE("dns_name", cfg.dns_name);
- READ_MULTI_LINE("uri", cfg.uri);
-
- READ_MULTI_LINE("ip_address", cfg.ip_addr);
- READ_MULTI_LINE("email", cfg.email);
- READ_MULTI_LINE("key_purpose_oid", cfg.key_purpose_oids);
-
- READ_MULTI_LINE_TOKENIZED("dn_oid", cfg.dn_oid);
-
- val = optionGetValue(pov, "crl_dist_points");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.crl_dist_points = strdup(val->v.strVal);
-
- val = optionGetValue(pov, "pkcs12_key_name");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.pkcs12_key_name = strdup(val->v.strVal);
-
-
- READ_NUMERIC("serial", cfg.serial);
- READ_NUMERIC("expiration_days", cfg.expiration_days);
- READ_NUMERIC("crl_next_update", cfg.crl_next_update);
- READ_NUMERIC("crl_number", cfg.crl_number);
- READ_NUMERIC("path_len", cfg.path_len);
-
- val = optionGetValue(pov, "proxy_policy_language");
- if (val != NULL && val->valType == OPARG_TYPE_STRING)
- cfg.proxy_policy_language = strdup(val->v.strVal);
-
- READ_MULTI_LINE("ocsp_uri", cfg.ocsp_uris);
- READ_MULTI_LINE("ca_issuers_uri", cfg.ca_issuers_uris);
-
- READ_BOOLEAN("ca", cfg.ca);
- READ_BOOLEAN("honor_crq_extensions", cfg.crq_extensions);
- READ_BOOLEAN("tls_www_client", cfg.tls_www_client);
- READ_BOOLEAN("tls_www_server", cfg.tls_www_server);
- READ_BOOLEAN("signing_key", cfg.signing_key);
- READ_BOOLEAN("encryption_key", cfg.encryption_key);
- READ_BOOLEAN("cert_signing_key", cfg.cert_sign_key);
- READ_BOOLEAN("crl_signing_key", cfg.crl_sign_key);
- READ_BOOLEAN("code_signing_key", cfg.code_sign_key);
- READ_BOOLEAN("ocsp_signing_key", cfg.ocsp_sign_key);
- READ_BOOLEAN("time_stamping_key", cfg.time_stamping_key);
- READ_BOOLEAN("ipsec_ike_key", cfg.ipsec_ike_key);
-
- optionUnloadNested(pov);
-
- return 0;
+ /* Parsing return code */
+ int ret;
+ unsigned int i;
+ tOptionValue const *pov;
+ const tOptionValue *val;
+ char tmpstr[256];
+
+ pov = configFileLoad(template);
+ if (pov == NULL) {
+ perror("configFileLoad");
+ fprintf(stderr, "Error loading template: %s\n", template);
+ exit(1);
+ }
+
+ /* Option variables */
+ val = optionGetValue(pov, "organization");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.organization = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "unit");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.unit = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "locality");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.locality = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "state");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.state = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "dn");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.dn = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "cn");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.cn = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "uid");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.uid = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "challenge_password");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.challenge_password = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "password");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.password = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "pkcs9_email");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.pkcs9_email = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "country");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.country = strdup(val->v.strVal);
+
+ for (i = 0; i < MAX_POLICIES; i++) {
+ snprintf(tmpstr, sizeof(tmpstr), "policy%d", i + 1);
+ val = optionGetValue(pov, tmpstr);
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.policy_oid[i] = strdup(val->v.strVal);
+
+ if (cfg.policy_oid[i] != NULL) {
+ snprintf(tmpstr, sizeof(tmpstr), "policy%d_url",
+ i + 1);
+ val = optionGetValue(pov, tmpstr);
+ if (val != NULL
+ && val->valType == OPARG_TYPE_STRING)
+ cfg.policy_url[i] = strdup(val->v.strVal);
+
+ snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt",
+ i + 1);
+ val = optionGetValue(pov, tmpstr);
+ if (val != NULL
+ && val->valType == OPARG_TYPE_STRING) {
+ cfg.policy_txt[i] = strdup(val->v.strVal);
+ }
+ }
+ }
+
+ READ_MULTI_LINE("dc", cfg.dc);
+ READ_MULTI_LINE("dns_name", cfg.dns_name);
+ READ_MULTI_LINE("uri", cfg.uri);
+
+ READ_MULTI_LINE("ip_address", cfg.ip_addr);
+ READ_MULTI_LINE("email", cfg.email);
+ READ_MULTI_LINE("key_purpose_oid", cfg.key_purpose_oids);
+
+ READ_MULTI_LINE_TOKENIZED("dn_oid", cfg.dn_oid);
+
+ val = optionGetValue(pov, "crl_dist_points");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.crl_dist_points = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "pkcs12_key_name");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.pkcs12_key_name = strdup(val->v.strVal);
+
+
+ READ_NUMERIC("serial", cfg.serial);
+ READ_NUMERIC("expiration_days", cfg.expiration_days);
+ READ_NUMERIC("crl_next_update", cfg.crl_next_update);
+ READ_NUMERIC("crl_number", cfg.crl_number);
+ READ_NUMERIC("path_len", cfg.path_len);
+
+ val = optionGetValue(pov, "proxy_policy_language");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.proxy_policy_language = strdup(val->v.strVal);
+
+ READ_MULTI_LINE("ocsp_uri", cfg.ocsp_uris);
+ READ_MULTI_LINE("ca_issuers_uri", cfg.ca_issuers_uris);
+
+ READ_BOOLEAN("ca", cfg.ca);
+ READ_BOOLEAN("honor_crq_extensions", cfg.crq_extensions);
+ READ_BOOLEAN("tls_www_client", cfg.tls_www_client);
+ READ_BOOLEAN("tls_www_server", cfg.tls_www_server);
+ READ_BOOLEAN("signing_key", cfg.signing_key);
+ READ_BOOLEAN("encryption_key", cfg.encryption_key);
+ READ_BOOLEAN("cert_signing_key", cfg.cert_sign_key);
+ READ_BOOLEAN("crl_signing_key", cfg.crl_sign_key);
+ READ_BOOLEAN("code_signing_key", cfg.code_sign_key);
+ READ_BOOLEAN("ocsp_signing_key", cfg.ocsp_sign_key);
+ READ_BOOLEAN("time_stamping_key", cfg.time_stamping_key);
+ READ_BOOLEAN("ipsec_ike_key", cfg.ipsec_ike_key);
+
+ optionUnloadNested(pov);
+
+ return 0;
}
#define IS_NEWLINE(x) ((x[0] == '\n') || (x[0] == '\r'))
void
-read_crt_set (gnutls_x509_crt_t crt, const char *input_str, const char *oid)
+read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
{
- char input[128];
- int ret;
-
- fputs (input_str, stderr);
- if (fgets (input, sizeof (input), stdin) == NULL)
- return;
-
- if (IS_NEWLINE(input))
- return;
-
- ret =
- gnutls_x509_crt_set_dn_by_oid (crt, oid, 0, input, strlen (input) - 1);
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ char input[128];
+ int ret;
+
+ fputs(input_str, stderr);
+ if (fgets(input, sizeof(input), stdin) == NULL)
+ return;
+
+ if (IS_NEWLINE(input))
+ return;
+
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt, oid, 0, input,
+ strlen(input) - 1);
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
}
void
-read_crq_set (gnutls_x509_crq_t crq, const char *input_str, const char *oid)
+read_crq_set(gnutls_x509_crq_t crq, const char *input_str, const char *oid)
{
- char input[128];
- int ret;
-
- fputs (input_str, stderr);
- if (fgets (input, sizeof (input), stdin) == NULL)
- return;
-
- if (IS_NEWLINE(input))
- return;
-
- ret =
- gnutls_x509_crq_set_dn_by_oid (crq, oid, 0, input, strlen (input) - 1);
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ char input[128];
+ int ret;
+
+ fputs(input_str, stderr);
+ if (fgets(input, sizeof(input), stdin) == NULL)
+ return;
+
+ if (IS_NEWLINE(input))
+ return;
+
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq, oid, 0, input,
+ strlen(input) - 1);
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
}
/* The input_str should contain %d or %u to print the default.
*/
-static int
-read_int_with_default (const char *input_str, int def)
+static int read_int_with_default(const char *input_str, int def)
{
- char *endptr;
- long l, len;
- static char input[128];
+ char *endptr;
+ long l, len;
+ static char input[128];
- fprintf (stderr, input_str, def);
- if (fgets (input, sizeof (input), stdin) == NULL)
- return def;
+ fprintf(stderr, input_str, def);
+ if (fgets(input, sizeof(input), stdin) == NULL)
+ return def;
- if (IS_NEWLINE(input))
- return def;
+ if (IS_NEWLINE(input))
+ return def;
- len = strlen (input);
+ len = strlen(input);
- l = strtol (input, &endptr, 0);
+ l = strtol(input, &endptr, 0);
- if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n')
- {
- fprintf (stderr, "Trailing garbage ignored: `%s'\n", endptr);
- return 0;
- }
+ if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n') {
+ fprintf(stderr, "Trailing garbage ignored: `%s'\n",
+ endptr);
+ return 0;
+ }
- if (l <= INT_MIN || l >= INT_MAX)
- {
- fprintf (stderr, "Integer out of range: `%s'\n", input);
- return 0;
- }
+ if (l <= INT_MIN || l >= INT_MAX) {
+ fprintf(stderr, "Integer out of range: `%s'\n", input);
+ return 0;
+ }
- if (input == endptr)
- l = def;
+ if (input == endptr)
+ l = def;
- return (int) l;
+ return (int) l;
}
-int
-read_int (const char *input_str)
+int read_int(const char *input_str)
{
- return read_int_with_default (input_str, 0);
+ return read_int_with_default(input_str, 0);
}
-const char *
-read_str (const char *input_str)
+const char *read_str(const char *input_str)
{
- static char input[128];
- int len;
+ static char input[128];
+ int len;
- fputs (input_str, stderr);
- if (fgets (input, sizeof (input), stdin) == NULL)
- return NULL;
+ fputs(input_str, stderr);
+ if (fgets(input, sizeof(input), stdin) == NULL)
+ return NULL;
- if (IS_NEWLINE(input))
- return NULL;
+ if (IS_NEWLINE(input))
+ return NULL;
- len = strlen (input);
- if ((len > 0) && (input[len - 1] == '\n'))
- input[len - 1] = 0;
- if (input[0] == 0)
- return NULL;
+ len = strlen(input);
+ if ((len > 0) && (input[len - 1] == '\n'))
+ input[len - 1] = 0;
+ if (input[0] == 0)
+ return NULL;
- return input;
+ return input;
}
/* Default is:
* def: 0 -> no
* def: 1 -> yes
*/
-int
-read_yesno (const char *input_str, int def)
+int read_yesno(const char *input_str, int def)
{
- char input[128];
-
-restart:
- fputs (input_str, stderr);
- if (fgets (input, sizeof (input), stdin) == NULL)
- return def;
-
- if (IS_NEWLINE(input))
- return def;
-
- if (input[0] == 'y' || input[0] == 'Y')
- return 1;
- else if (input[0] == 'n' || input[0] == 'N')
- return 0;
- else
- goto restart;
+ char input[128];
+
+ restart:
+ fputs(input_str, stderr);
+ if (fgets(input, sizeof(input), stdin) == NULL)
+ return def;
+
+ if (IS_NEWLINE(input))
+ return def;
+
+ if (input[0] == 'y' || input[0] == 'Y')
+ return 1;
+ else if (input[0] == 'n' || input[0] == 'N')
+ return 0;
+ else
+ goto restart;
}
/* Wrapper functions for non-interactive mode.
*/
-const char *
-get_pass (void)
+const char *get_pass(void)
{
- if (batch)
- return cfg.password;
- else
- return getpass ("Enter password: ");
+ if (batch)
+ return cfg.password;
+ else
+ return getpass("Enter password: ");
}
-const char *
-get_confirmed_pass (bool empty_ok)
+const char *get_confirmed_pass(bool empty_ok)
{
- if (batch)
- return cfg.password;
- else
- {
- const char *pass = NULL;
- char *copy = NULL;
-
- do
- {
- if (pass)
- fprintf (stderr, "Password missmatch, try again.\n");
-
- free (copy);
-
- pass = getpass ("Enter password: ");
- copy = strdup (pass);
- pass = getpass ("Confirm password: ");
- }
- while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0'));
-
- free (copy);
-
- return pass;
- }
+ if (batch)
+ return cfg.password;
+ else {
+ const char *pass = NULL;
+ char *copy = NULL;
+
+ do {
+ if (pass)
+ fprintf(stderr,
+ "Password missmatch, try again.\n");
+
+ free(copy);
+
+ pass = getpass("Enter password: ");
+ copy = strdup(pass);
+ pass = getpass("Confirm password: ");
+ }
+ while (strcmp(pass, copy) != 0
+ && !(empty_ok && *pass == '\0'));
+
+ free(copy);
+
+ return pass;
+ }
}
-const char *
-get_challenge_pass (void)
+const char *get_challenge_pass(void)
{
- if (batch)
- return cfg.challenge_password;
- else
- return getpass ("Enter a challenge password: ");
+ if (batch)
+ return cfg.challenge_password;
+ else
+ return getpass("Enter a challenge password: ");
}
-const char *
-get_crl_dist_point_url (void)
+const char *get_crl_dist_point_url(void)
{
- if (batch)
- return cfg.crl_dist_points;
- else
- return read_str ("Enter the URI of the CRL distribution point: ");
+ if (batch)
+ return cfg.crl_dist_points;
+ else
+ return
+ read_str
+ ("Enter the URI of the CRL distribution point: ");
}
-void
-get_country_crt_set (gnutls_x509_crt_t crt)
+void get_country_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.country)
- return;
- ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_COUNTRY_NAME, 0,
- cfg.country, strlen (cfg.country));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crt_set (crt, "Country name (2 chars): ",
- GNUTLS_OID_X520_COUNTRY_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.country)
+ return;
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_X520_COUNTRY_NAME,
+ 0, cfg.country,
+ strlen(cfg.country));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crt_set(crt, "Country name (2 chars): ",
+ GNUTLS_OID_X520_COUNTRY_NAME);
+ }
}
-void
-get_organization_crt_set (gnutls_x509_crt_t crt)
+void get_organization_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.organization)
- return;
-
- ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, cfg.organization,
- strlen (cfg.organization));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crt_set (crt, "Organization name: ",
- GNUTLS_OID_X520_ORGANIZATION_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.organization)
+ return;
+
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_X520_ORGANIZATION_NAME,
+ 0, cfg.organization,
+ strlen(cfg.
+ organization));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crt_set(crt, "Organization name: ",
+ GNUTLS_OID_X520_ORGANIZATION_NAME);
+ }
}
-void
-get_unit_crt_set (gnutls_x509_crt_t crt)
+void get_unit_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.unit)
- return;
-
- ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, cfg.unit, strlen (cfg.unit));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crt_set (crt, "Organizational unit name: ",
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.unit)
+ return;
+
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, cfg.unit,
+ strlen(cfg.unit));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crt_set(crt, "Organizational unit name: ",
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
+ }
}
-void
-get_state_crt_set (gnutls_x509_crt_t crt)
+void get_state_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.state)
- return;
- ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
- 0, cfg.state, strlen (cfg.state));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crt_set (crt, "State or province name: ",
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.state)
+ return;
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+ 0, cfg.state,
+ strlen(cfg.state));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crt_set(crt, "State or province name: ",
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
+ }
}
-void
-get_locality_crt_set (gnutls_x509_crt_t crt)
+void get_locality_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.locality)
- return;
- ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_LOCALITY_NAME, 0,
- cfg.locality, strlen (cfg.locality));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crt_set (crt, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.locality)
+ return;
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_X520_LOCALITY_NAME,
+ 0, cfg.locality,
+ strlen(cfg.locality));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crt_set(crt, "Locality name: ",
+ GNUTLS_OID_X520_LOCALITY_NAME);
+ }
}
-void
-get_cn_crt_set (gnutls_x509_crt_t crt)
+void get_cn_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.cn)
- return;
- ret =
- gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
- 0, cfg.cn, strlen (cfg.cn));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn_by_oid: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crt_set (crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.cn)
+ return;
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_X520_COMMON_NAME,
+ 0, cfg.cn,
+ strlen(cfg.cn));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn_by_oid: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crt_set(crt, "Common name: ",
+ GNUTLS_OID_X520_COMMON_NAME);
+ }
}
-void
-get_dn_crt_set (gnutls_x509_crt_t crt)
+void get_dn_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
- const char* err;
-
- if (batch)
- {
- if (!cfg.dn)
- return;
- ret =
- gnutls_x509_crt_set_dn (crt, cfg.dn, &err);
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s at: %s\n", gnutls_strerror (ret), err);
- exit (1);
- }
- }
+ int ret;
+ const char *err;
+
+ if (batch) {
+ if (!cfg.dn)
+ return;
+ ret = gnutls_x509_crt_set_dn(crt, cfg.dn, &err);
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s at: %s\n",
+ gnutls_strerror(ret), err);
+ exit(1);
+ }
+ }
}
-void
-get_uid_crt_set (gnutls_x509_crt_t crt)
+void get_uid_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.uid)
- return;
- ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_UID, 0,
- cfg.uid, strlen (cfg.uid));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crt_set (crt, "UID: ", GNUTLS_OID_LDAP_UID);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.uid)
+ return;
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_LDAP_UID,
+ 0, cfg.uid,
+ strlen(cfg.uid));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crt_set(crt, "UID: ", GNUTLS_OID_LDAP_UID);
+ }
}
-void
-get_oid_crt_set (gnutls_x509_crt_t crt)
+void get_oid_crt_set(gnutls_x509_crt_t crt)
{
- int ret, i;
-
- if (batch)
- {
- if (!cfg.dn_oid)
- return;
- for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
- {
- if (cfg.dn_oid[i + 1] == NULL)
- {
- fprintf (stderr, "dn_oid: %s does not have an argument.\n",
- cfg.dn_oid[i]);
- exit (1);
- }
- ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0,
- cfg.dn_oid[i + 1],
- strlen (cfg.dn_oid[i + 1]));
-
- if (ret < 0)
- {
- fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- }
+ int ret, i;
+
+ if (batch) {
+ if (!cfg.dn_oid)
+ return;
+ for (i = 0; cfg.dn_oid[i] != NULL; i += 2) {
+ if (cfg.dn_oid[i + 1] == NULL) {
+ fprintf(stderr,
+ "dn_oid: %s does not have an argument.\n",
+ cfg.dn_oid[i]);
+ exit(1);
+ }
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ cfg.dn_oid[i], 0,
+ cfg.dn_oid[i +
+ 1],
+ strlen(cfg.
+ dn_oid[i +
+ 1]));
+
+ if (ret < 0) {
+ fprintf(stderr, "set_dn_oid: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ }
}
-void
-get_key_purpose_set (int type, void *crt)
+void get_key_purpose_set(int type, void *crt)
{
- int ret, i;
-
- if (batch)
- {
- if (!cfg.key_purpose_oids)
- return;
- for (i = 0; cfg.key_purpose_oids[i] != NULL; i++)
- {
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i], 0);
- else
- ret =
- gnutls_x509_crq_set_key_purpose_oid (crt, cfg.key_purpose_oids[i], 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "set_key_purpose_oid (%s): %s\n",
- cfg.key_purpose_oids[i], gnutls_strerror (ret));
- exit (1);
- }
- }
- }
+ int ret, i;
+
+ if (batch) {
+ if (!cfg.key_purpose_oids)
+ return;
+ for (i = 0; cfg.key_purpose_oids[i] != NULL; i++) {
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_key_purpose_oid
+ (crt, cfg.key_purpose_oids[i], 0);
+ else
+ ret =
+ gnutls_x509_crq_set_key_purpose_oid
+ (crt, cfg.key_purpose_oids[i], 0);
+
+ if (ret < 0) {
+ fprintf(stderr,
+ "set_key_purpose_oid (%s): %s\n",
+ cfg.key_purpose_oids[i],
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ }
}
-void
-get_ocsp_issuer_set (gnutls_x509_crt_t crt)
+void get_ocsp_issuer_set(gnutls_x509_crt_t crt)
{
- int ret, i;
- gnutls_datum_t uri;
-
- if (batch)
- {
- if (!cfg.ocsp_uris)
- return;
- for (i = 0; cfg.ocsp_uris[i] != NULL; i++)
- {
- uri.data = cfg.ocsp_uris[i];
- uri.size = strlen(cfg.ocsp_uris[i]);
- ret =
- gnutls_x509_crt_set_authority_info_access (crt, GNUTLS_IA_OCSP_URI,
- &uri);
- if (ret < 0)
- {
- fprintf (stderr, "set OCSP URI (%s): %s\n",
- cfg.ocsp_uris[i], gnutls_strerror (ret));
- exit (1);
- }
- }
- }
+ int ret, i;
+ gnutls_datum_t uri;
+
+ if (batch) {
+ if (!cfg.ocsp_uris)
+ return;
+ for (i = 0; cfg.ocsp_uris[i] != NULL; i++) {
+ uri.data = cfg.ocsp_uris[i];
+ uri.size = strlen(cfg.ocsp_uris[i]);
+ ret =
+ gnutls_x509_crt_set_authority_info_access(crt,
+ GNUTLS_IA_OCSP_URI,
+ &uri);
+ if (ret < 0) {
+ fprintf(stderr, "set OCSP URI (%s): %s\n",
+ cfg.ocsp_uris[i],
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ }
}
-void
-get_ca_issuers_set (gnutls_x509_crt_t crt)
+void get_ca_issuers_set(gnutls_x509_crt_t crt)
{
- int ret, i;
- gnutls_datum_t uri;
-
- if (batch)
- {
- if (!cfg.ca_issuers_uris)
- return;
- for (i = 0; cfg.ca_issuers_uris[i] != NULL; i++)
- {
- uri.data = cfg.ca_issuers_uris[i];
- uri.size = strlen(cfg.ca_issuers_uris[i]);
- ret =
- gnutls_x509_crt_set_authority_info_access (crt, GNUTLS_IA_CAISSUERS_URI,
- &uri);
- if (ret < 0)
- {
- fprintf (stderr, "set CA ISSUERS URI (%s): %s\n",
- cfg.ca_issuers_uris[i], gnutls_strerror (ret));
- exit (1);
- }
- }
- }
+ int ret, i;
+ gnutls_datum_t uri;
+
+ if (batch) {
+ if (!cfg.ca_issuers_uris)
+ return;
+ for (i = 0; cfg.ca_issuers_uris[i] != NULL; i++) {
+ uri.data = cfg.ca_issuers_uris[i];
+ uri.size = strlen(cfg.ca_issuers_uris[i]);
+ ret =
+ gnutls_x509_crt_set_authority_info_access(crt,
+ GNUTLS_IA_CAISSUERS_URI,
+ &uri);
+ if (ret < 0) {
+ fprintf(stderr,
+ "set CA ISSUERS URI (%s): %s\n",
+ cfg.ca_issuers_uris[i],
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ }
}
-void
-get_pkcs9_email_crt_set (gnutls_x509_crt_t crt)
+void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.pkcs9_email)
- return;
- ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_PKCS9_EMAIL, 0,
- cfg.pkcs9_email,
- strlen (cfg.pkcs9_email));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crt_set (crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.pkcs9_email)
+ return;
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_PKCS9_EMAIL,
+ 0, cfg.pkcs9_email,
+ strlen(cfg.pkcs9_email));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crt_set(crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL);
+ }
}
-int
-get_serial (void)
+int get_serial(void)
{
- int default_serial = time (NULL);
-
- if (batch)
- {
- if (cfg.serial < 0)
- return default_serial;
- return cfg.serial;
- }
- else
- {
- return read_int_with_default
- ("Enter the certificate's serial number in decimal (default: %u): ",
- default_serial);
- }
+ int default_serial = time(NULL);
+
+ if (batch) {
+ if (cfg.serial < 0)
+ return default_serial;
+ return cfg.serial;
+ } else {
+ return read_int_with_default
+ ("Enter the certificate's serial number in decimal (default: %u): ",
+ default_serial);
+ }
}
-int
-get_days (void)
+int get_days(void)
{
- int days;
-
- if (batch)
- {
- if (cfg.expiration_days <= 0)
- return 365;
- else
- return cfg.expiration_days;
- }
- else
- {
- do
- {
- days = read_int ("The certificate will expire in (days): ");
- }
- while (days == 0);
- return days;
- }
+ int days;
+
+ if (batch) {
+ if (cfg.expiration_days <= 0)
+ return 365;
+ else
+ return cfg.expiration_days;
+ } else {
+ do {
+ days =
+ read_int
+ ("The certificate will expire in (days): ");
+ }
+ while (days == 0);
+ return days;
+ }
}
-int
-get_ca_status (void)
+int get_ca_status(void)
{
- if (batch)
- {
- return cfg.ca;
- }
- else
- {
- return
- read_yesno ("Does the certificate belong to an authority? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.ca;
+ } else {
+ return
+ read_yesno
+ ("Does the certificate belong to an authority? (y/N): ",
+ 0);
+ }
}
-int
-get_crq_extensions_status (void)
+int get_crq_extensions_status(void)
{
- if (batch)
- {
- return cfg.crq_extensions;
- }
- else
- {
- return
- read_yesno
- ("Do you want to honour the extensions from the request? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.crq_extensions;
+ } else {
+ return
+ read_yesno
+ ("Do you want to honour the extensions from the request? (y/N): ",
+ 0);
+ }
}
-int
-get_crl_number (void)
+int get_crl_number(void)
{
- if (batch)
- {
- return cfg.crl_number;
- }
- else
- {
- return read_int_with_default ("CRL Number: ", 1);
- }
+ if (batch) {
+ return cfg.crl_number;
+ } else {
+ return read_int_with_default("CRL Number: ", 1);
+ }
}
-int
-get_path_len (void)
+int get_path_len(void)
{
- if (batch)
- {
- return cfg.path_len;
- }
- else
- {
- return read_int_with_default
- ("Path length constraint (decimal, %d for no constraint): ", -1);
- }
+ if (batch) {
+ return cfg.path_len;
+ } else {
+ return read_int_with_default
+ ("Path length constraint (decimal, %d for no constraint): ",
+ -1);
+ }
}
-const char *
-get_pkcs12_key_name (void)
+const char *get_pkcs12_key_name(void)
{
- const char *name;
-
- if (batch)
- {
- if (!cfg.pkcs12_key_name)
- return "Anonymous";
- return cfg.pkcs12_key_name;
- }
- else
- {
- do
- {
- name = read_str ("Enter a name for the key: ");
- }
- while (name == NULL);
- }
- return name;
+ const char *name;
+
+ if (batch) {
+ if (!cfg.pkcs12_key_name)
+ return "Anonymous";
+ return cfg.pkcs12_key_name;
+ } else {
+ do {
+ name = read_str("Enter a name for the key: ");
+ }
+ while (name == NULL);
+ }
+ return name;
}
-int
-get_tls_client_status (void)
+int get_tls_client_status(void)
{
- if (batch)
- {
- return cfg.tls_www_client;
- }
- else
- {
- return read_yesno ("Is this a TLS web client certificate? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.tls_www_client;
+ } else {
+ return
+ read_yesno
+ ("Is this a TLS web client certificate? (y/N): ", 0);
+ }
}
-int
-get_tls_server_status (void)
+int get_tls_server_status(void)
{
- if (batch)
- {
- return cfg.tls_www_server;
- }
- else
- {
- return
- read_yesno ("Is this a TLS web server certificate? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.tls_www_server;
+ } else {
+ return
+ read_yesno
+ ("Is this a TLS web server certificate? (y/N): ", 0);
+ }
}
/* convert a printable IP to binary */
-static int
-string_to_ip (unsigned char *ip, const char *str)
+static int string_to_ip(unsigned char *ip, const char *str)
{
- int len = strlen (str);
- int ret;
+ int len = strlen(str);
+ int ret;
#if HAVE_IPV6
- if (strchr (str, ':') != NULL || len > 16)
- { /* IPv6 */
- ret = inet_pton (AF_INET6, str, ip);
- if (ret <= 0)
- {
- fprintf (stderr, "Error in IPv6 address %s\n", str);
- exit (1);
- }
-
- /* To be done */
- return 16;
- }
- else
+ if (strchr(str, ':') != NULL || len > 16) { /* IPv6 */
+ ret = inet_pton(AF_INET6, str, ip);
+ if (ret <= 0) {
+ fprintf(stderr, "Error in IPv6 address %s\n", str);
+ exit(1);
+ }
+
+ /* To be done */
+ return 16;
+ } else
#endif
- { /* IPv4 */
- ret = inet_pton (AF_INET, str, ip);
- if (ret <= 0)
- {
- fprintf (stderr, "Error in IPv4 address %s\n", str);
- exit (1);
- }
-
- return 4;
- }
+ { /* IPv4 */
+ ret = inet_pton(AF_INET, str, ip);
+ if (ret <= 0) {
+ fprintf(stderr, "Error in IPv4 address %s\n", str);
+ exit(1);
+ }
+
+ return 4;
+ }
}
-void
-get_ip_addr_set (int type, void *crt)
+void get_ip_addr_set(int type, void *crt)
{
- int ret = 0, i;
- unsigned char ip[16];
- int len;
-
- if (batch)
- {
- if (!cfg.ip_addr)
- return;
-
- for (i = 0; cfg.ip_addr[i] != NULL; i++)
- {
- len = string_to_ip (ip, cfg.ip_addr[i]);
- if (len <= 0)
- {
- fprintf (stderr, "Error parsing address: %s\n", cfg.ip_addr[i]);
- exit (1);
- }
-
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
- ip, len,
- GNUTLS_FSAN_APPEND);
- else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
- ip, len,
- GNUTLS_FSAN_APPEND);
-
- if (ret < 0)
- break;
- }
- }
- else
- {
- const char *p;
-
- p =
- read_str ("Enter the IP address of the subject of the certificate: ");
- if (!p)
- return;
-
- len = string_to_ip (ip, p);
- if (len <= 0)
- {
- fprintf (stderr, "Error parsing address: %s\n", p);
- exit (1);
- }
-
- if (type == TYPE_CRT)
- ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
- ip, len,
- GNUTLS_FSAN_APPEND);
- else
- ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
- ip, len,
- GNUTLS_FSAN_APPEND);
- }
-
- if (ret < 0)
- {
- fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ int ret = 0, i;
+ unsigned char ip[16];
+ int len;
+
+ if (batch) {
+ if (!cfg.ip_addr)
+ return;
+
+ for (i = 0; cfg.ip_addr[i] != NULL; i++) {
+ len = string_to_ip(ip, cfg.ip_addr[i]);
+ if (len <= 0) {
+ fprintf(stderr,
+ "Error parsing address: %s\n",
+ cfg.ip_addr[i]);
+ exit(1);
+ }
+
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name
+ (crt, GNUTLS_SAN_IPADDRESS, ip, len,
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name
+ (crt, GNUTLS_SAN_IPADDRESS, ip, len,
+ GNUTLS_FSAN_APPEND);
+
+ if (ret < 0)
+ break;
+ }
+ } else {
+ const char *p;
+
+ p = read_str
+ ("Enter the IP address of the subject of the certificate: ");
+ if (!p)
+ return;
+
+ len = string_to_ip(ip, p);
+ if (len <= 0) {
+ fprintf(stderr, "Error parsing address: %s\n", p);
+ exit(1);
+ }
+
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name(crt,
+ GNUTLS_SAN_IPADDRESS,
+ ip, len,
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name(crt,
+ GNUTLS_SAN_IPADDRESS,
+ ip, len,
+ GNUTLS_FSAN_APPEND);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "set_subject_alt_name: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
}
-void
-get_email_set (int type, void *crt)
+void get_email_set(int type, void *crt)
{
- int ret = 0, i;
-
- if (batch)
- {
- if (!cfg.email)
- return;
-
- for (i = 0; cfg.email[i] != NULL; i++)
- {
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt,
- GNUTLS_SAN_RFC822NAME,
- cfg.email[i],
- strlen (cfg.email[i]),
- GNUTLS_FSAN_APPEND);
- else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt,
- GNUTLS_SAN_RFC822NAME,
- cfg.email[i],
- strlen (cfg.email[i]),
- GNUTLS_FSAN_APPEND);
-
- if (ret < 0)
- break;
- }
- }
- else
- {
- const char *p;
-
- p = read_str ("Enter the e-mail of the subject of the certificate: ");
- if (!p)
- return;
-
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
- strlen (p),
- GNUTLS_FSAN_APPEND);
- else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
- strlen (p),
- GNUTLS_FSAN_APPEND);
- }
-
- if (ret < 0)
- {
- fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ int ret = 0, i;
+
+ if (batch) {
+ if (!cfg.email)
+ return;
+
+ for (i = 0; cfg.email[i] != NULL; i++) {
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name
+ (crt, GNUTLS_SAN_RFC822NAME,
+ cfg.email[i], strlen(cfg.email[i]),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name
+ (crt, GNUTLS_SAN_RFC822NAME,
+ cfg.email[i], strlen(cfg.email[i]),
+ GNUTLS_FSAN_APPEND);
+
+ if (ret < 0)
+ break;
+ }
+ } else {
+ const char *p;
+
+ p = read_str
+ ("Enter the e-mail of the subject of the certificate: ");
+ if (!p)
+ return;
+
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name(crt,
+ GNUTLS_SAN_RFC822NAME,
+ p,
+ strlen(p),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name(crt,
+ GNUTLS_SAN_RFC822NAME,
+ p,
+ strlen(p),
+ GNUTLS_FSAN_APPEND);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "set_subject_alt_name: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
}
-void
-get_dc_set (int type, void *crt)
+void get_dc_set(int type, void *crt)
{
- int ret = 0, i;
-
- if (batch)
- {
- if (!cfg.dc)
- return;
-
- for (i = 0; cfg.dc[i] != NULL; i++)
- {
- if (type == TYPE_CRT)
- ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
- 0, cfg.dc[i], strlen (cfg.dc[i]));
- else
- ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
- 0, cfg.dc[i], strlen (cfg.dc[i]));
-
- if (ret < 0)
- break;
- }
- }
- else
- {
- const char *p;
-
- do
- {
- p = read_str ("Enter the subject's domain component (DC): ");
- if (!p)
- return;
-
- if (type == TYPE_CRT)
- ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
- 0, p, strlen (p));
- else
- ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
- 0, p, strlen (p));
- }
- while(p != NULL);
- }
-
- if (ret < 0)
- {
- fprintf (stderr, "set_dn_by_oid: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ int ret = 0, i;
+
+ if (batch) {
+ if (!cfg.dc)
+ return;
+
+ for (i = 0; cfg.dc[i] != NULL; i++) {
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_LDAP_DC,
+ 0,
+ cfg.
+ dc[i],
+ strlen
+ (cfg.
+ dc[i]));
+ else
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crt,
+ GNUTLS_OID_LDAP_DC,
+ 0,
+ cfg.
+ dc[i],
+ strlen
+ (cfg.
+ dc[i]));
+
+ if (ret < 0)
+ break;
+ }
+ } else {
+ const char *p;
+
+ do {
+ p = read_str
+ ("Enter the subject's domain component (DC): ");
+ if (!p)
+ return;
+
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_dn_by_oid(crt,
+ GNUTLS_OID_LDAP_DC,
+ 0, p,
+ strlen
+ (p));
+ else
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crt,
+ GNUTLS_OID_LDAP_DC,
+ 0, p,
+ strlen
+ (p));
+ }
+ while (p != NULL);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "set_dn_by_oid: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
}
-void
-get_dns_name_set (int type, void *crt)
+void get_dns_name_set(int type, void *crt)
{
- int ret = 0, i;
-
- if (batch)
- {
- if (!cfg.dns_name)
- return;
-
- for (i = 0; cfg.dns_name[i] != NULL; i++)
- {
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
- cfg.dns_name[i],
- strlen (cfg.dns_name[i]),
- GNUTLS_FSAN_APPEND);
- else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
- cfg.dns_name[i],
- strlen (cfg.dns_name[i]),
- GNUTLS_FSAN_APPEND);
-
- if (ret < 0)
- break;
- }
- }
- else
- {
- const char *p;
-
- do
- {
- p =
- read_str ("Enter a dnsName of the subject of the certificate: ");
- if (!p)
- return;
-
- if (type == TYPE_CRT)
- ret = gnutls_x509_crt_set_subject_alt_name
- (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
- else
- ret = gnutls_x509_crq_set_subject_alt_name
- (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
- }
- while (p);
- }
-
- if (ret < 0)
- {
- fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ int ret = 0, i;
+
+ if (batch) {
+ if (!cfg.dns_name)
+ return;
+
+ for (i = 0; cfg.dns_name[i] != NULL; i++) {
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name
+ (crt, GNUTLS_SAN_DNSNAME,
+ cfg.dns_name[i],
+ strlen(cfg.dns_name[i]),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name
+ (crt, GNUTLS_SAN_DNSNAME,
+ cfg.dns_name[i],
+ strlen(cfg.dns_name[i]),
+ GNUTLS_FSAN_APPEND);
+
+ if (ret < 0)
+ break;
+ }
+ } else {
+ const char *p;
+
+ do {
+ p = read_str
+ ("Enter a dnsName of the subject of the certificate: ");
+ if (!p)
+ return;
+
+ if (type == TYPE_CRT)
+ ret = gnutls_x509_crt_set_subject_alt_name
+ (crt, GNUTLS_SAN_DNSNAME, p, strlen(p),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret = gnutls_x509_crq_set_subject_alt_name
+ (crt, GNUTLS_SAN_DNSNAME, p, strlen(p),
+ GNUTLS_FSAN_APPEND);
+ }
+ while (p);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "set_subject_alt_name: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
}
-void
-get_policy_set (gnutls_x509_crt_t crt)
+void get_policy_set(gnutls_x509_crt_t crt)
{
- int ret = 0, i;
- gnutls_x509_policy_st policy;
-
- if (batch)
- {
- if (!cfg.policy_oid)
- return;
-
- for (i = 0; cfg.policy_oid[i] != NULL; i++)
- {
- memset(&policy, 0, sizeof(policy));
- policy.oid = cfg.policy_oid[i];
-
- if (cfg.policy_txt[i] != NULL)
- {
- policy.qualifier[policy.qualifiers].type = GNUTLS_X509_QUALIFIER_NOTICE;
- policy.qualifier[policy.qualifiers].data = cfg.policy_txt[i];
- policy.qualifier[policy.qualifiers].size = strlen(cfg.policy_txt[i]);
- policy.qualifiers++;
- }
-
- if (cfg.policy_url[i] != NULL)
- {
- policy.qualifier[policy.qualifiers].type = GNUTLS_X509_QUALIFIER_URI;
- policy.qualifier[policy.qualifiers].data = cfg.policy_url[i];
- policy.qualifier[policy.qualifiers].size = strlen(cfg.policy_url[i]);
- policy.qualifiers++;
- }
-
- ret =
- gnutls_x509_crt_set_policy (crt, &policy, 0);
- if (ret < 0)
- break;
- }
- }
-
- if (ret < 0)
- {
- fprintf (stderr, "set_policy: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ int ret = 0, i;
+ gnutls_x509_policy_st policy;
+
+ if (batch) {
+ if (!cfg.policy_oid)
+ return;
+
+ for (i = 0; cfg.policy_oid[i] != NULL; i++) {
+ memset(&policy, 0, sizeof(policy));
+ policy.oid = cfg.policy_oid[i];
+
+ if (cfg.policy_txt[i] != NULL) {
+ policy.qualifier[policy.qualifiers].type =
+ GNUTLS_X509_QUALIFIER_NOTICE;
+ policy.qualifier[policy.qualifiers].data =
+ cfg.policy_txt[i];
+ policy.qualifier[policy.qualifiers].size =
+ strlen(cfg.policy_txt[i]);
+ policy.qualifiers++;
+ }
+
+ if (cfg.policy_url[i] != NULL) {
+ policy.qualifier[policy.qualifiers].type =
+ GNUTLS_X509_QUALIFIER_URI;
+ policy.qualifier[policy.qualifiers].data =
+ cfg.policy_url[i];
+ policy.qualifier[policy.qualifiers].size =
+ strlen(cfg.policy_url[i]);
+ policy.qualifiers++;
+ }
+
+ ret = gnutls_x509_crt_set_policy(crt, &policy, 0);
+ if (ret < 0)
+ break;
+ }
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "set_policy: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
}
-void
-get_uri_set (int type, void *crt)
+void get_uri_set(int type, void *crt)
{
- int ret = 0, i;
-
- if (batch)
- {
- if (!cfg.uri)
- return;
-
- for (i = 0; cfg.uri[i] != NULL; i++)
- {
- if (type == TYPE_CRT)
- ret =
- gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_URI,
- cfg.uri[i],
- strlen (cfg.uri[i]),
- GNUTLS_FSAN_APPEND);
- else
- ret =
- gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_URI,
- cfg.uri[i],
- strlen (cfg.uri[i]),
- GNUTLS_FSAN_APPEND);
-
- if (ret < 0)
- break;
- }
- }
- else
- {
- const char *p;
-
- do
- {
- p =
- read_str ("Enter a URI of the subject of the certificate: ");
- if (!p)
- return;
-
- if (type == TYPE_CRT)
- ret = gnutls_x509_crt_set_subject_alt_name
- (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
- else
- ret = gnutls_x509_crq_set_subject_alt_name
- (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
- }
- while (p);
- }
-
- if (ret < 0)
- {
- fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ int ret = 0, i;
+
+ if (batch) {
+ if (!cfg.uri)
+ return;
+
+ for (i = 0; cfg.uri[i] != NULL; i++) {
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name
+ (crt, GNUTLS_SAN_URI, cfg.uri[i],
+ strlen(cfg.uri[i]),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name
+ (crt, GNUTLS_SAN_URI, cfg.uri[i],
+ strlen(cfg.uri[i]),
+ GNUTLS_FSAN_APPEND);
+
+ if (ret < 0)
+ break;
+ }
+ } else {
+ const char *p;
+
+ do {
+ p = read_str
+ ("Enter a URI of the subject of the certificate: ");
+ if (!p)
+ return;
+
+ if (type == TYPE_CRT)
+ ret = gnutls_x509_crt_set_subject_alt_name
+ (crt, GNUTLS_SAN_URI, p, strlen(p),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret = gnutls_x509_crq_set_subject_alt_name
+ (crt, GNUTLS_SAN_URI, p, strlen(p),
+ GNUTLS_FSAN_APPEND);
+ }
+ while (p);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "set_subject_alt_name: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
}
-int
-get_sign_status (int server)
+int get_sign_status(int server)
{
- const char *msg;
-
- if (batch)
- {
- return cfg.signing_key;
- }
- else
- {
- if (server)
- msg =
- "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): ";
- else
- msg =
- "Will the certificate be used for signing (required for TLS)? (Y/n): ";
- return read_yesno (msg, 1);
- }
+ const char *msg;
+
+ if (batch) {
+ return cfg.signing_key;
+ } else {
+ if (server)
+ msg =
+ "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): ";
+ else
+ msg =
+ "Will the certificate be used for signing (required for TLS)? (Y/n): ";
+ return read_yesno(msg, 1);
+ }
}
-int
-get_encrypt_status (int server)
+int get_encrypt_status(int server)
{
- const char *msg;
-
- if (batch)
- {
- return cfg.encryption_key;
- }
- else
- {
- if (server)
- msg =
- "Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): ";
- else
- msg =
- "Will the certificate be used for encryption (not required for TLS)? (Y/n): ";
- return read_yesno (msg, 1);
- }
+ const char *msg;
+
+ if (batch) {
+ return cfg.encryption_key;
+ } else {
+ if (server)
+ msg =
+ "Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): ";
+ else
+ msg =
+ "Will the certificate be used for encryption (not required for TLS)? (Y/n): ";
+ return read_yesno(msg, 1);
+ }
}
-int
-get_cert_sign_status (void)
+int get_cert_sign_status(void)
{
- if (batch)
- {
- return cfg.cert_sign_key;
- }
- else
- {
- return
- read_yesno
- ("Will the certificate be used to sign other certificates? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.cert_sign_key;
+ } else {
+ return
+ read_yesno
+ ("Will the certificate be used to sign other certificates? (y/N): ",
+ 0);
+ }
}
-int
-get_crl_sign_status (void)
+int get_crl_sign_status(void)
{
- if (batch)
- {
- return cfg.crl_sign_key;
- }
- else
- {
- return
- read_yesno ("Will the certificate be used to sign CRLs? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.crl_sign_key;
+ } else {
+ return
+ read_yesno
+ ("Will the certificate be used to sign CRLs? (y/N): ",
+ 0);
+ }
}
-int
-get_code_sign_status (void)
+int get_code_sign_status(void)
{
- if (batch)
- {
- return cfg.code_sign_key;
- }
- else
- {
- return
- read_yesno ("Will the certificate be used to sign code? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.code_sign_key;
+ } else {
+ return
+ read_yesno
+ ("Will the certificate be used to sign code? (y/N): ",
+ 0);
+ }
}
-int
-get_ocsp_sign_status (void)
+int get_ocsp_sign_status(void)
{
- if (batch)
- {
- return cfg.ocsp_sign_key;
- }
- else
- {
- return
- read_yesno
- ("Will the certificate be used to sign OCSP requests? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.ocsp_sign_key;
+ } else {
+ return
+ read_yesno
+ ("Will the certificate be used to sign OCSP requests? (y/N): ",
+ 0);
+ }
}
-int
-get_time_stamp_status (void)
+int get_time_stamp_status(void)
{
- if (batch)
- {
- return cfg.time_stamping_key;
- }
- else
- {
- return
- read_yesno
- ("Will the certificate be used for time stamping? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.time_stamping_key;
+ } else {
+ return
+ read_yesno
+ ("Will the certificate be used for time stamping? (y/N): ",
+ 0);
+ }
}
-int
-get_ipsec_ike_status (void)
+int get_ipsec_ike_status(void)
{
- if (batch)
- {
- return cfg.ipsec_ike_key;
- }
- else
- {
- return
- read_yesno
- ("Will the certificate be used for IPsec IKE operations? (y/N): ", 0);
- }
+ if (batch) {
+ return cfg.ipsec_ike_key;
+ } else {
+ return
+ read_yesno
+ ("Will the certificate be used for IPsec IKE operations? (y/N): ",
+ 0);
+ }
}
-int
-get_crl_next_update (void)
+int get_crl_next_update(void)
{
- int days;
-
- if (batch)
- {
- if (cfg.crl_next_update <= 0)
- return 365;
- else
- return cfg.crl_next_update;
- }
- else
- {
- do
- {
- days = read_int ("The next CRL will be issued in (days): ");
- }
- while (days == 0);
- return days;
- }
+ int days;
+
+ if (batch) {
+ if (cfg.crl_next_update <= 0)
+ return 365;
+ else
+ return cfg.crl_next_update;
+ } else {
+ do {
+ days =
+ read_int
+ ("The next CRL will be issued in (days): ");
+ }
+ while (days == 0);
+ return days;
+ }
}
-const char *
-get_proxy_policy (char **policy, size_t * policylen)
+const char *get_proxy_policy(char **policy, size_t * policylen)
{
- const char *ret;
-
- if (batch)
- {
- ret = cfg.proxy_policy_language;
- if (!ret)
- ret = "1.3.6.1.5.5.7.21.1";
- }
- else
- {
- do
- {
- ret = read_str ("Enter the OID of the proxy policy language: ");
- }
- while (ret == NULL);
- }
-
- *policy = NULL;
- *policylen = 0;
-
- if (strcmp (ret, "1.3.6.1.5.5.7.21.1") != 0 &&
- strcmp (ret, "1.3.6.1.5.5.7.21.2") != 0)
- {
- fprintf (stderr, "Reading non-standard proxy policy not supported.\n");
- }
-
- return ret;
+ const char *ret;
+
+ if (batch) {
+ ret = cfg.proxy_policy_language;
+ if (!ret)
+ ret = "1.3.6.1.5.5.7.21.1";
+ } else {
+ do {
+ ret =
+ read_str
+ ("Enter the OID of the proxy policy language: ");
+ }
+ while (ret == NULL);
+ }
+
+ *policy = NULL;
+ *policylen = 0;
+
+ if (strcmp(ret, "1.3.6.1.5.5.7.21.1") != 0 &&
+ strcmp(ret, "1.3.6.1.5.5.7.21.2") != 0) {
+ fprintf(stderr,
+ "Reading non-standard proxy policy not supported.\n");
+ }
+
+ return ret;
}
/* CRQ stuff.
*/
-void
-get_country_crq_set (gnutls_x509_crq_t crq)
+void get_country_crq_set(gnutls_x509_crq_t crq)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.country)
- return;
- ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_COUNTRY_NAME, 0,
- cfg.country, strlen (cfg.country));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crq_set (crq, "Country name (2 chars): ",
- GNUTLS_OID_X520_COUNTRY_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.country)
+ return;
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq,
+ GNUTLS_OID_X520_COUNTRY_NAME,
+ 0, cfg.country,
+ strlen(cfg.country));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crq_set(crq, "Country name (2 chars): ",
+ GNUTLS_OID_X520_COUNTRY_NAME);
+ }
}
-void
-get_organization_crq_set (gnutls_x509_crq_t crq)
+void get_organization_crq_set(gnutls_x509_crq_t crq)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.organization)
- return;
-
- ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, cfg.organization,
- strlen (cfg.organization));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crq_set (crq, "Organization name: ",
- GNUTLS_OID_X520_ORGANIZATION_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.organization)
+ return;
+
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq,
+ GNUTLS_OID_X520_ORGANIZATION_NAME,
+ 0, cfg.organization,
+ strlen(cfg.
+ organization));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crq_set(crq, "Organization name: ",
+ GNUTLS_OID_X520_ORGANIZATION_NAME);
+ }
}
-void
-get_unit_crq_set (gnutls_x509_crq_t crq)
+void get_unit_crq_set(gnutls_x509_crq_t crq)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.unit)
- return;
-
- ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, cfg.unit, strlen (cfg.unit));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crq_set (crq, "Organizational unit name: ",
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.unit)
+ return;
+
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq,
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, cfg.unit,
+ strlen(cfg.unit));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crq_set(crq, "Organizational unit name: ",
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
+ }
}
-void
-get_state_crq_set (gnutls_x509_crq_t crq)
+void get_state_crq_set(gnutls_x509_crq_t crq)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.state)
- return;
- ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
- 0, cfg.state, strlen (cfg.state));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crq_set (crq, "State or province name: ",
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.state)
+ return;
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq,
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+ 0, cfg.state,
+ strlen(cfg.state));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crq_set(crq, "State or province name: ",
+ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
+ }
}
-void
-get_locality_crq_set (gnutls_x509_crq_t crq)
+void get_locality_crq_set(gnutls_x509_crq_t crq)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.locality)
- return;
- ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_LOCALITY_NAME, 0,
- cfg.locality, strlen (cfg.locality));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crq_set (crq, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.locality)
+ return;
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq,
+ GNUTLS_OID_X520_LOCALITY_NAME,
+ 0, cfg.locality,
+ strlen(cfg.locality));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crq_set(crq, "Locality name: ",
+ GNUTLS_OID_X520_LOCALITY_NAME);
+ }
}
-void
-get_dn_crq_set (gnutls_x509_crq_t crq)
+void get_dn_crq_set(gnutls_x509_crq_t crq)
{
- int ret;
- const char* err;
-
- if (batch)
- {
- if (!cfg.dn)
- return;
- ret =
- gnutls_x509_crq_set_dn (crq, cfg.dn, &err);
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s at: %s\n", gnutls_strerror (ret), err);
- exit (1);
- }
- }
+ int ret;
+ const char *err;
+
+ if (batch) {
+ if (!cfg.dn)
+ return;
+ ret = gnutls_x509_crq_set_dn(crq, cfg.dn, &err);
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s at: %s\n",
+ gnutls_strerror(ret), err);
+ exit(1);
+ }
+ }
}
-void
-get_cn_crq_set (gnutls_x509_crq_t crq)
+void get_cn_crq_set(gnutls_x509_crq_t crq)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.cn)
- return;
- ret =
- gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
- 0, cfg.cn, strlen (cfg.cn));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crq_set (crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.cn)
+ return;
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq,
+ GNUTLS_OID_X520_COMMON_NAME,
+ 0, cfg.cn,
+ strlen(cfg.cn));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crq_set(crq, "Common name: ",
+ GNUTLS_OID_X520_COMMON_NAME);
+ }
}
-void
-get_uid_crq_set (gnutls_x509_crq_t crq)
+void get_uid_crq_set(gnutls_x509_crq_t crq)
{
- int ret;
-
- if (batch)
- {
- if (!cfg.uid)
- return;
- ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_LDAP_UID, 0,
- cfg.uid, strlen (cfg.uid));
- if (ret < 0)
- {
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- read_crq_set (crq, "UID: ", GNUTLS_OID_LDAP_UID);
- }
+ int ret;
+
+ if (batch) {
+ if (!cfg.uid)
+ return;
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_LDAP_UID,
+ 0, cfg.uid,
+ strlen(cfg.uid));
+ if (ret < 0) {
+ fprintf(stderr, "set_dn: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ read_crq_set(crq, "UID: ", GNUTLS_OID_LDAP_UID);
+ }
}
-void
-get_oid_crq_set (gnutls_x509_crq_t crq)
+void get_oid_crq_set(gnutls_x509_crq_t crq)
{
- int ret, i;
-
- if (batch)
- {
- if (!cfg.dn_oid)
- return;
- for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
- {
- if (cfg.dn_oid[i + 1] == NULL)
- {
- fprintf (stderr, "dn_oid: %s does not have an argument.\n",
- cfg.dn_oid[i]);
- exit (1);
- }
- ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0,
- cfg.dn_oid[i + 1],
- strlen (cfg.dn_oid[i + 1]));
-
- if (ret < 0)
- {
- fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
- exit (1);
- }
- }
- }
+ int ret, i;
+
+ if (batch) {
+ if (!cfg.dn_oid)
+ return;
+ for (i = 0; cfg.dn_oid[i] != NULL; i += 2) {
+ if (cfg.dn_oid[i + 1] == NULL) {
+ fprintf(stderr,
+ "dn_oid: %s does not have an argument.\n",
+ cfg.dn_oid[i]);
+ exit(1);
+ }
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq,
+ cfg.dn_oid[i], 0,
+ cfg.dn_oid[i +
+ 1],
+ strlen(cfg.
+ dn_oid[i +
+ 1]));
+
+ if (ret < 0) {
+ fprintf(stderr, "set_dn_oid: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ }
}
diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h
index 98f42993d2..7617900002 100644
--- a/src/certtool-cfg.h
+++ b/src/certtool-cfg.h
@@ -23,66 +23,66 @@
#include <stdbool.h>
#include <gnutls/x509.h>
-void cfg_init (void);
-int template_parse (const char *template);
+void cfg_init(void);
+int template_parse(const char *template);
-void read_crt_set (gnutls_x509_crt_t crt, const char *input_str,
- const char *oid);
-void read_crq_set (gnutls_x509_crq_t crq, const char *input_str,
- const char *oid);
-int read_int (const char *input_str);
-const char *read_str (const char *input_str);
-int read_yesno (const char *input_str, int def);
+void read_crt_set(gnutls_x509_crt_t crt, const char *input_str,
+ const char *oid);
+void read_crq_set(gnutls_x509_crq_t crq, const char *input_str,
+ const char *oid);
+int read_int(const char *input_str);
+const char *read_str(const char *input_str);
+int read_yesno(const char *input_str, int def);
-const char *get_pass (void);
-const char *get_confirmed_pass (bool empty_ok);
-const char *get_challenge_pass (void);
-const char *get_crl_dist_point_url (void);
-void get_country_crt_set (gnutls_x509_crt_t crt);
-void get_organization_crt_set (gnutls_x509_crt_t crt);
-void get_unit_crt_set (gnutls_x509_crt_t crt);
-void get_state_crt_set (gnutls_x509_crt_t crt);
-void get_locality_crt_set (gnutls_x509_crt_t crt);
-void get_cn_crt_set (gnutls_x509_crt_t crt);
-void get_dn_crt_set (gnutls_x509_crt_t crt);
-void get_dn_crq_set (gnutls_x509_crq_t crt);
-void get_uid_crt_set (gnutls_x509_crt_t crt);
-void get_pkcs9_email_crt_set (gnutls_x509_crt_t crt);
-void get_oid_crt_set (gnutls_x509_crt_t crt);
-void get_key_purpose_set (int type, void *crt);
-int get_serial (void);
-int get_days (void);
-int get_ca_status (void);
-int get_crl_number (void);
-int get_path_len (void);
-int get_crq_extensions_status (void);
-const char *get_pkcs12_key_name (void);
-int get_tls_client_status (void);
-int get_tls_server_status (void);
-int get_crl_next_update (void);
-int get_time_stamp_status (void);
-int get_ocsp_sign_status (void);
-int get_code_sign_status (void);
-int get_crl_sign_status (void);
-int get_cert_sign_status (void);
-int get_encrypt_status (int server);
-int get_sign_status (int server);
-void get_ip_addr_set (int type, void *crt);
-void get_dns_name_set (int type, void *crt);
-void get_policy_set (gnutls_x509_crt_t);
-void get_uri_set (int type, void *crt);
-void get_email_set (int type, void *crt);
-int get_ipsec_ike_status (void);
-void get_dc_set (int type, void *crt);
-void get_ca_issuers_set (gnutls_x509_crt_t crt);
-void get_ocsp_issuer_set (gnutls_x509_crt_t crt);
+const char *get_pass(void);
+const char *get_confirmed_pass(bool empty_ok);
+const char *get_challenge_pass(void);
+const char *get_crl_dist_point_url(void);
+void get_country_crt_set(gnutls_x509_crt_t crt);
+void get_organization_crt_set(gnutls_x509_crt_t crt);
+void get_unit_crt_set(gnutls_x509_crt_t crt);
+void get_state_crt_set(gnutls_x509_crt_t crt);
+void get_locality_crt_set(gnutls_x509_crt_t crt);
+void get_cn_crt_set(gnutls_x509_crt_t crt);
+void get_dn_crt_set(gnutls_x509_crt_t crt);
+void get_dn_crq_set(gnutls_x509_crq_t crt);
+void get_uid_crt_set(gnutls_x509_crt_t crt);
+void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt);
+void get_oid_crt_set(gnutls_x509_crt_t crt);
+void get_key_purpose_set(int type, void *crt);
+int get_serial(void);
+int get_days(void);
+int get_ca_status(void);
+int get_crl_number(void);
+int get_path_len(void);
+int get_crq_extensions_status(void);
+const char *get_pkcs12_key_name(void);
+int get_tls_client_status(void);
+int get_tls_server_status(void);
+int get_crl_next_update(void);
+int get_time_stamp_status(void);
+int get_ocsp_sign_status(void);
+int get_code_sign_status(void);
+int get_crl_sign_status(void);
+int get_cert_sign_status(void);
+int get_encrypt_status(int server);
+int get_sign_status(int server);
+void get_ip_addr_set(int type, void *crt);
+void get_dns_name_set(int type, void *crt);
+void get_policy_set(gnutls_x509_crt_t);
+void get_uri_set(int type, void *crt);
+void get_email_set(int type, void *crt);
+int get_ipsec_ike_status(void);
+void get_dc_set(int type, void *crt);
+void get_ca_issuers_set(gnutls_x509_crt_t crt);
+void get_ocsp_issuer_set(gnutls_x509_crt_t crt);
-void get_cn_crq_set (gnutls_x509_crq_t crq);
-void get_uid_crq_set (gnutls_x509_crq_t crq);
-void get_locality_crq_set (gnutls_x509_crq_t crq);
-void get_state_crq_set (gnutls_x509_crq_t crq);
-void get_unit_crq_set (gnutls_x509_crq_t crq);
-void get_organization_crq_set (gnutls_x509_crq_t crq);
-void get_country_crq_set (gnutls_x509_crq_t crq);
-void get_oid_crq_set (gnutls_x509_crq_t crq);
-const char *get_proxy_policy (char **policy, size_t * policylen);
+void get_cn_crq_set(gnutls_x509_crq_t crq);
+void get_uid_crq_set(gnutls_x509_crq_t crq);
+void get_locality_crq_set(gnutls_x509_crq_t crq);
+void get_state_crq_set(gnutls_x509_crq_t crq);
+void get_unit_crq_set(gnutls_x509_crq_t crq);
+void get_organization_crq_set(gnutls_x509_crq_t crq);
+void get_country_crq_set(gnutls_x509_crq_t crq);
+void get_oid_crq_set(gnutls_x509_crq_t crq);
+const char *get_proxy_policy(char **policy, size_t * policylen);
diff --git a/src/certtool-common.c b/src/certtool-common.c
index 2b0c4c744d..48455065b3 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -46,289 +46,274 @@
#include <read-file.h>
unsigned char buffer[64 * 1024];
-const int buffer_size = sizeof (buffer);
+const int buffer_size = sizeof(buffer);
-FILE *
-safe_open_rw (const char *file, int privkey_op)
+FILE *safe_open_rw(const char *file, int privkey_op)
{
- mode_t omask = 0;
- FILE *fh;
+ mode_t omask = 0;
+ FILE *fh;
- if (privkey_op != 0)
- {
- omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
- }
+ if (privkey_op != 0) {
+ omask = umask(S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+ }
- fh = fopen (file, "wb");
+ fh = fopen(file, "wb");
- if (privkey_op != 0)
- {
- umask (omask);
- }
+ if (privkey_op != 0) {
+ umask(omask);
+ }
- return fh;
+ return fh;
}
-gnutls_datum_t *
-load_secret_key (int mand, common_info_st * info)
+gnutls_datum_t *load_secret_key(int mand, common_info_st * info)
{
- char raw_key[64];
- size_t raw_key_size = sizeof (raw_key);
- static gnutls_datum_t key;
- gnutls_datum_t hex_key;
- int ret;
-
- if (info->verbose)
- fprintf (stderr, "Loading secret key...\n");
-
- if (info->secret_key == NULL)
- {
- if (mand)
- {
- fprintf (stderr, "missing --secret-key");
- exit(1);
- }
- else
- return NULL;
- }
-
- hex_key.data = (void *) info->secret_key;
- hex_key.size = strlen (info->secret_key);
-
- ret = gnutls_hex_decode (&hex_key, raw_key, &raw_key_size);
- if (ret < 0)
- {
- fprintf (stderr, "hex_decode: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- key.data = (void*)raw_key;
- key.size = raw_key_size;
-
- return &key;
+ char raw_key[64];
+ size_t raw_key_size = sizeof(raw_key);
+ static gnutls_datum_t key;
+ gnutls_datum_t hex_key;
+ int ret;
+
+ if (info->verbose)
+ fprintf(stderr, "Loading secret key...\n");
+
+ if (info->secret_key == NULL) {
+ if (mand) {
+ fprintf(stderr, "missing --secret-key");
+ exit(1);
+ } else
+ return NULL;
+ }
+
+ hex_key.data = (void *) info->secret_key;
+ hex_key.size = strlen(info->secret_key);
+
+ ret = gnutls_hex_decode(&hex_key, raw_key, &raw_key_size);
+ if (ret < 0) {
+ fprintf(stderr, "hex_decode: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ key.data = (void *) raw_key;
+ key.size = raw_key_size;
+
+ return &key;
}
-const char* get_password(common_info_st * cinfo, unsigned int *flags, int confirm)
+const char *get_password(common_info_st * cinfo, unsigned int *flags,
+ int confirm)
{
- if (cinfo->null_password)
- {
- if (flags) *flags |= GNUTLS_PKCS_NULL_PASSWORD;
- return NULL;
- }
- else if (cinfo->password)
- {
- if (cinfo->password[0] == 0 && flags)
- *flags |= GNUTLS_PKCS_PLAIN;
- return cinfo->password;
- }
- else
- {
- if (confirm)
- return get_confirmed_pass (true);
- else
- return get_pass ();
- }
+ if (cinfo->null_password) {
+ if (flags)
+ *flags |= GNUTLS_PKCS_NULL_PASSWORD;
+ return NULL;
+ } else if (cinfo->password) {
+ if (cinfo->password[0] == 0 && flags)
+ *flags |= GNUTLS_PKCS_PLAIN;
+ return cinfo->password;
+ } else {
+ if (confirm)
+ return get_confirmed_pass(true);
+ else
+ return get_pass();
+ }
}
-static gnutls_privkey_t _load_privkey(gnutls_datum_t *dat, common_info_st * info)
+static gnutls_privkey_t _load_privkey(gnutls_datum_t * dat,
+ common_info_st * info)
{
-int ret;
-gnutls_privkey_t key;
-unsigned int flags = 0;
-const char* pass;
-
- ret = gnutls_privkey_init (&key);
- if (ret < 0)
- {
- fprintf (stderr, "privkey_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_privkey_import_x509_raw (key, dat, info->incert_format, NULL, 0);
- if (ret == GNUTLS_E_DECRYPTION_FAILED)
- {
- pass = get_password (info, &flags, 0);
- ret = gnutls_privkey_import_x509_raw (key, dat, info->incert_format, pass, flags);
- }
-
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- fprintf (stderr,
- "import error: could not find a valid PEM header; "
- "check if your key is PKCS #12 encoded");
- exit(1);
- }
-
- if (ret < 0)
- {
- fprintf (stderr, "importing --load-privkey: %s: %s",
- info->privkey, gnutls_strerror (ret));
- exit(1);
- }
-
- return key;
+ int ret;
+ gnutls_privkey_t key;
+ unsigned int flags = 0;
+ const char *pass;
+
+ ret = gnutls_privkey_init(&key);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_privkey_import_x509_raw(key, dat, info->incert_format,
+ NULL, 0);
+ if (ret == GNUTLS_E_DECRYPTION_FAILED) {
+ pass = get_password(info, &flags, 0);
+ ret =
+ gnutls_privkey_import_x509_raw(key, dat,
+ info->incert_format,
+ pass, flags);
+ }
+
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ fprintf(stderr,
+ "import error: could not find a valid PEM header; "
+ "check if your key is PKCS #12 encoded");
+ exit(1);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-privkey: %s: %s",
+ info->privkey, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return key;
}
-static gnutls_privkey_t _load_url_privkey(const char* url)
+static gnutls_privkey_t _load_url_privkey(const char *url)
{
-int ret;
-gnutls_privkey_t key;
-
- ret = gnutls_privkey_init (&key);
- if (ret < 0)
- {
- fprintf (stderr, "privkey_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_privkey_import_url(key, url, 0);
- if (ret < 0)
- {
- fprintf (stderr, "importing key: %s: %s",
- url, gnutls_strerror (ret));
- exit(1);
- }
-
- return key;
+ int ret;
+ gnutls_privkey_t key;
+
+ ret = gnutls_privkey_init(&key);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_privkey_import_url(key, url, 0);
+ if (ret < 0) {
+ fprintf(stderr, "importing key: %s: %s",
+ url, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return key;
}
-static gnutls_pubkey_t _load_url_pubkey(const char* url)
+static gnutls_pubkey_t _load_url_pubkey(const char *url)
{
-int ret;
-gnutls_pubkey_t pubkey;
-unsigned int obj_flags = 0;
-
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_pubkey_import_url (pubkey, url, obj_flags);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s: %s\n", __func__, __LINE__,
- gnutls_strerror (ret), url);
- exit (1);
- }
-
- return pubkey;
+ int ret;
+ gnutls_pubkey_t pubkey;
+ unsigned int obj_flags = 0;
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_pubkey_import_url(pubkey, url, obj_flags);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret), url);
+ exit(1);
+ }
+
+ return pubkey;
}
/* Load the private key.
* @mand should be non zero if it is required to read a private key.
*/
-gnutls_privkey_t
-load_private_key (int mand, common_info_st * info)
+gnutls_privkey_t load_private_key(int mand, common_info_st * info)
{
- gnutls_privkey_t key;
- gnutls_datum_t dat;
- size_t size;
+ gnutls_privkey_t key;
+ gnutls_datum_t dat;
+ size_t size;
- if (!info->privkey && !mand)
- return NULL;
+ if (!info->privkey && !mand)
+ return NULL;
- if (info->privkey == NULL)
- {
- fprintf (stderr, "missing --load-privkey");
- exit(1);
- }
+ if (info->privkey == NULL) {
+ fprintf(stderr, "missing --load-privkey");
+ exit(1);
+ }
- if (gnutls_url_is_supported(info->privkey) != 0)
- return _load_url_privkey(info->privkey);
+ if (gnutls_url_is_supported(info->privkey) != 0)
+ return _load_url_privkey(info->privkey);
- dat.data = (void*)read_binary_file (info->privkey, &size);
- dat.size = size;
+ dat.data = (void *) read_binary_file(info->privkey, &size);
+ dat.size = size;
- if (!dat.data)
- {
- fprintf (stderr, "reading --load-privkey: %s", info->privkey);
- exit(1);
- }
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-privkey: %s",
+ info->privkey);
+ exit(1);
+ }
- key = _load_privkey(&dat, info);
+ key = _load_privkey(&dat, info);
- free (dat.data);
+ free(dat.data);
- return key;
+ return key;
}
/* Load the private key.
* @mand should be non zero if it is required to read a private key.
*/
gnutls_x509_privkey_t
-load_x509_private_key (int mand, common_info_st * info)
+load_x509_private_key(int mand, common_info_st * info)
{
- gnutls_x509_privkey_t key;
- int ret;
- gnutls_datum_t dat;
- size_t size;
- unsigned int flags = 0;
- const char* pass;
-
- if (!info->privkey && !mand)
- return NULL;
-
- if (info->privkey == NULL)
- {
- fprintf (stderr, "missing --load-privkey");
- exit(1);
- }
-
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- {
- fprintf( stderr, "privkey_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- dat.data = (void*)read_binary_file (info->privkey, &size);
- dat.size = size;
-
- if (!dat.data)
- {
- fprintf (stderr, "reading --load-privkey: %s", info->privkey);
- exit(1);
- }
-
- if (info->pkcs8)
- {
- pass = get_password (info, &flags, 0);
- ret =
- gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
- pass, flags);
- }
- else
- {
- ret = gnutls_x509_privkey_import2 (key, &dat, info->incert_format, NULL, 0);
- if (ret == GNUTLS_E_DECRYPTION_FAILED)
- {
- pass = get_password (info, &flags, 0);
- ret = gnutls_x509_privkey_import2 (key, &dat, info->incert_format, pass, flags);
- }
- }
-
- free (dat.data);
-
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- fprintf (stderr,
- "import error: could not find a valid PEM header; "
- "check if your key is PEM encoded");
- exit(1);
- }
-
- if (ret < 0)
- {
- fprintf( stderr, "importing --load-privkey: %s: %s",
- info->privkey, gnutls_strerror (ret));
- exit(1);
- }
-
- return key;
+ gnutls_x509_privkey_t key;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+ unsigned int flags = 0;
+ const char *pass;
+
+ if (!info->privkey && !mand)
+ return NULL;
+
+ if (info->privkey == NULL) {
+ fprintf(stderr, "missing --load-privkey");
+ exit(1);
+ }
+
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) read_binary_file(info->privkey, &size);
+ dat.size = size;
+
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-privkey: %s",
+ info->privkey);
+ exit(1);
+ }
+
+ if (info->pkcs8) {
+ pass = get_password(info, &flags, 0);
+ ret =
+ gnutls_x509_privkey_import_pkcs8(key, &dat,
+ info->incert_format,
+ pass, flags);
+ } else {
+ ret =
+ gnutls_x509_privkey_import2(key, &dat,
+ info->incert_format, NULL,
+ 0);
+ if (ret == GNUTLS_E_DECRYPTION_FAILED) {
+ pass = get_password(info, &flags, 0);
+ ret =
+ gnutls_x509_privkey_import2(key, &dat,
+ info->
+ incert_format,
+ pass, flags);
+ }
+ }
+
+ free(dat.data);
+
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ fprintf(stderr,
+ "import error: could not find a valid PEM header; "
+ "check if your key is PEM encoded");
+ exit(1);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-privkey: %s: %s",
+ info->privkey, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return key;
}
@@ -336,720 +321,676 @@ load_x509_private_key (int mand, common_info_st * info)
* If mand is non zero then a certificate is mandatory. Otherwise
* null will be returned if the certificate loading fails.
*/
-gnutls_x509_crt_t
-load_cert (int mand, common_info_st * info)
+gnutls_x509_crt_t load_cert(int mand, common_info_st * info)
{
- gnutls_x509_crt_t *crt;
- size_t size;
+ gnutls_x509_crt_t *crt;
+ size_t size;
- crt = load_cert_list (mand, &size, info);
+ crt = load_cert_list(mand, &size, info);
- return crt ? crt[0] : NULL;
+ return crt ? crt[0] : NULL;
}
#define MAX_CERTS 256
/* Loads a certificate list
*/
-gnutls_x509_crt_t *
-load_cert_list (int mand, size_t * crt_size, common_info_st * info)
+gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size,
+ common_info_st * info)
{
- FILE *fd;
- static gnutls_x509_crt_t crt[MAX_CERTS];
- char *ptr;
- int ret, i;
- gnutls_datum_t dat;
- size_t size;
- int ptr_size;
-
- *crt_size = 0;
- if (info->verbose)
- fprintf (stderr, "Loading certificate list...\n");
-
- if (info->cert == NULL)
- {
- if (mand)
- {
- fprintf (stderr, "missing --load-certificate");
- exit(1);
- }
- else
- return NULL;
- }
-
- fd = fopen (info->cert, "r");
- if (fd == NULL)
- {
- fprintf (stderr, "%s", info->cert);
- exit(1);
- }
-
- size = fread (buffer, 1, sizeof (buffer) - 1, fd);
- buffer[size] = 0;
-
- fclose (fd);
-
- ptr = (void*)buffer;
- ptr_size = size;
-
- for (i = 0; i < MAX_CERTS; i++)
- {
- ret = gnutls_x509_crt_init (&crt[i]);
- if (ret < 0)
- {
- fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- dat.data = (void*)ptr;
- dat.size = ptr_size;
-
- ret = gnutls_x509_crt_import (crt[i], &dat, info->incert_format);
- if (ret < 0 && *crt_size > 0)
- break;
- if (ret < 0)
- {
- fprintf(stderr, "crt_import: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ptr = strstr (ptr, "---END");
- if (ptr == NULL)
- break;
- ptr++;
-
- ptr_size = size;
- ptr_size -=
- (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
-
- if (ptr_size < 0)
- break;
-
- (*crt_size)++;
- }
- if (info->verbose)
- fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
-
- return crt;
+ FILE *fd;
+ static gnutls_x509_crt_t crt[MAX_CERTS];
+ char *ptr;
+ int ret, i;
+ gnutls_datum_t dat;
+ size_t size;
+ int ptr_size;
+
+ *crt_size = 0;
+ if (info->verbose)
+ fprintf(stderr, "Loading certificate list...\n");
+
+ if (info->cert == NULL) {
+ if (mand) {
+ fprintf(stderr, "missing --load-certificate");
+ exit(1);
+ } else
+ return NULL;
+ }
+
+ fd = fopen(info->cert, "r");
+ if (fd == NULL) {
+ fprintf(stderr, "%s", info->cert);
+ exit(1);
+ }
+
+ size = fread(buffer, 1, sizeof(buffer) - 1, fd);
+ buffer[size] = 0;
+
+ fclose(fd);
+
+ ptr = (void *) buffer;
+ ptr_size = size;
+
+ for (i = 0; i < MAX_CERTS; i++) {
+ ret = gnutls_x509_crt_init(&crt[i]);
+ if (ret < 0) {
+ fprintf(stderr, "crt_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) ptr;
+ dat.size = ptr_size;
+
+ ret =
+ gnutls_x509_crt_import(crt[i], &dat,
+ info->incert_format);
+ if (ret < 0 && *crt_size > 0)
+ break;
+ if (ret < 0) {
+ fprintf(stderr, "crt_import: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ptr = strstr(ptr, "---END");
+ if (ptr == NULL)
+ break;
+ ptr++;
+
+ ptr_size = size;
+ ptr_size -=
+ (unsigned int) ((unsigned char *) ptr -
+ (unsigned char *) buffer);
+
+ if (ptr_size < 0)
+ break;
+
+ (*crt_size)++;
+ }
+ if (info->verbose)
+ fprintf(stderr, "Loaded %d certificates.\n",
+ (int) *crt_size);
+
+ return crt;
}
/* Load the Certificate Request.
*/
-gnutls_x509_crq_t
-load_request (common_info_st * info)
+gnutls_x509_crq_t load_request(common_info_st * info)
{
- gnutls_x509_crq_t crq;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!info->request)
- return NULL;
-
- ret = gnutls_x509_crq_init (&crq);
- if (ret < 0)
- {
- fprintf(stderr, "crq_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- dat.data = (void*)read_binary_file (info->request, &size);
- dat.size = size;
-
- if (!dat.data)
- {
- fprintf (stderr, "reading --load-request: %s", info->request);
- exit(1);
- }
-
- ret = gnutls_x509_crq_import (crq, &dat, info->incert_format);
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- fprintf(stderr,
- "import error: could not find a valid PEM header");
- exit(1);
- }
-
- free (dat.data);
- if (ret < 0)
- {
- fprintf(stderr, "importing --load-request: %s: %s",
- info->request, gnutls_strerror (ret));
- exit(1);
- }
- return crq;
+ gnutls_x509_crq_t crq;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!info->request)
+ return NULL;
+
+ ret = gnutls_x509_crq_init(&crq);
+ if (ret < 0) {
+ fprintf(stderr, "crq_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) read_binary_file(info->request, &size);
+ dat.size = size;
+
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-request: %s",
+ info->request);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crq_import(crq, &dat, info->incert_format);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ fprintf(stderr,
+ "import error: could not find a valid PEM header");
+ exit(1);
+ }
+
+ free(dat.data);
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-request: %s: %s",
+ info->request, gnutls_strerror(ret));
+ exit(1);
+ }
+ return crq;
}
/* Load the CA's private key.
*/
-gnutls_privkey_t
-load_ca_private_key (common_info_st * info)
+gnutls_privkey_t load_ca_private_key(common_info_st * info)
{
- gnutls_privkey_t key;
- gnutls_datum_t dat;
- size_t size;
+ gnutls_privkey_t key;
+ gnutls_datum_t dat;
+ size_t size;
- if (info->ca_privkey == NULL)
- {
- fprintf(stderr, "missing --load-ca-privkey");
- exit(1);
- }
+ if (info->ca_privkey == NULL) {
+ fprintf(stderr, "missing --load-ca-privkey");
+ exit(1);
+ }
- if (gnutls_url_is_supported(info->ca_privkey) != 0)
- return _load_url_privkey(info->ca_privkey);
+ if (gnutls_url_is_supported(info->ca_privkey) != 0)
+ return _load_url_privkey(info->ca_privkey);
- dat.data = (void*)read_binary_file (info->ca_privkey, &size);
- dat.size = size;
+ dat.data = (void *) read_binary_file(info->ca_privkey, &size);
+ dat.size = size;
- if (!dat.data)
- {
- fprintf (stderr, "reading --load-ca-privkey: %s",
- info->ca_privkey);
- exit(1);
- }
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-ca-privkey: %s",
+ info->ca_privkey);
+ exit(1);
+ }
- key = _load_privkey(&dat, info);
+ key = _load_privkey(&dat, info);
- free (dat.data);
+ free(dat.data);
- return key;
+ return key;
}
/* Loads the CA's certificate
*/
-gnutls_x509_crt_t
-load_ca_cert (common_info_st * info)
+gnutls_x509_crt_t load_ca_cert(common_info_st * info)
{
- gnutls_x509_crt_t crt;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (info->ca == NULL)
- {
- fprintf(stderr, "missing --load-ca-certificate");
- exit(1);
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- dat.data = (void*)read_binary_file (info->ca, &size);
- dat.size = size;
-
- if (!dat.data)
- {
- fprintf( stderr, "reading --load-ca-certificate: %s",
- info->ca);
- exit(1);
- }
-
- ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
- free (dat.data);
- if (ret < 0)
- {
- fprintf(stderr, "importing --load-ca-certificate: %s: %s",
- info->ca, gnutls_strerror (ret));
- exit(1);
- }
-
- return crt;
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (info->ca == NULL) {
+ fprintf(stderr, "missing --load-ca-certificate");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) read_binary_file(info->ca, &size);
+ dat.size = size;
+
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-ca-certificate: %s",
+ info->ca);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(crt, &dat, info->incert_format);
+ free(dat.data);
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-ca-certificate: %s: %s",
+ info->ca, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return crt;
}
/* Load a public key.
* @mand should be non zero if it is required to read a public key.
*/
-gnutls_pubkey_t
-load_pubkey (int mand, common_info_st * info)
+gnutls_pubkey_t load_pubkey(int mand, common_info_st * info)
{
- gnutls_pubkey_t key;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!info->pubkey && !mand)
- return NULL;
-
- if (info->pubkey == NULL)
- {
- fprintf(stderr, "missing --load-pubkey");
- exit(1);
- }
-
- if (gnutls_url_is_supported(info->pubkey) != 0)
- return _load_url_pubkey(info->pubkey);
-
- ret = gnutls_pubkey_init (&key);
- if (ret < 0)
- {
- fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- dat.data = (void*)read_binary_file (info->pubkey, &size);
- dat.size = size;
-
- if (!dat.data)
- {
- fprintf( stderr, "reading --load-pubkey: %s", info->pubkey);
- exit(1);
- }
-
- ret = gnutls_pubkey_import (key, &dat, info->incert_format);
-
- free (dat.data);
-
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- fprintf(stderr,
- "import error: could not find a valid PEM header; "
- "check if your key has the PUBLIC KEY header");
- exit(1);
- }
-
- if (ret < 0)
- {
- fprintf(stderr, "importing --load-pubkey: %s: %s",
- info->pubkey, gnutls_strerror (ret));
- exit(1);
- }
-
- return key;
+ gnutls_pubkey_t key;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!info->pubkey && !mand)
+ return NULL;
+
+ if (info->pubkey == NULL) {
+ fprintf(stderr, "missing --load-pubkey");
+ exit(1);
+ }
+
+ if (gnutls_url_is_supported(info->pubkey) != 0)
+ return _load_url_pubkey(info->pubkey);
+
+ ret = gnutls_pubkey_init(&key);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) read_binary_file(info->pubkey, &size);
+ dat.size = size;
+
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-pubkey: %s", info->pubkey);
+ exit(1);
+ }
+
+ ret = gnutls_pubkey_import(key, &dat, info->incert_format);
+
+ free(dat.data);
+
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ fprintf(stderr,
+ "import error: could not find a valid PEM header; "
+ "check if your key has the PUBLIC KEY header");
+ exit(1);
+ }
+
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-pubkey: %s: %s",
+ info->pubkey, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return key;
}
-gnutls_pubkey_t load_public_key_or_import(int mand, gnutls_privkey_t privkey, common_info_st * info)
+gnutls_pubkey_t load_public_key_or_import(int mand,
+ gnutls_privkey_t privkey,
+ common_info_st * info)
{
-gnutls_pubkey_t pubkey;
-int ret;
-
- ret = gnutls_pubkey_init(&pubkey);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_pubkey_init: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- if (!privkey || (ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0)) < 0)
- { /* could not get (e.g. on PKCS #11 */
- gnutls_pubkey_deinit(pubkey);
- return load_pubkey(mand, info);
- }
-
- return pubkey;
+ gnutls_pubkey_t pubkey;
+ int ret;
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_pubkey_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (!privkey || (ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0)) < 0) { /* could not get (e.g. on PKCS #11 */
+ gnutls_pubkey_deinit(pubkey);
+ return load_pubkey(mand, info);
+ }
+
+ return pubkey;
}
int
-get_bits (gnutls_pk_algorithm_t key_type, int info_bits, const char* info_sec_param, int warn)
+get_bits(gnutls_pk_algorithm_t key_type, int info_bits,
+ const char *info_sec_param, int warn)
{
- int bits;
-
- if (info_bits != 0)
- {
- static int warned = 0;
-
- if (warned == 0 && warn != 0)
- {
- warned = 1;
- fprintf (stderr,
- "** Note: Please use the --sec-param instead of --bits\n");
- }
- bits = info_bits;
- }
- else
- {
- if (info_sec_param)
- {
- bits =
- gnutls_sec_param_to_pk_bits (key_type,
- str_to_sec_param (info_sec_param));
- }
- else
- bits =
- gnutls_sec_param_to_pk_bits (key_type, GNUTLS_SEC_PARAM_NORMAL);
- }
-
- return bits;
+ int bits;
+
+ if (info_bits != 0) {
+ static int warned = 0;
+
+ if (warned == 0 && warn != 0) {
+ warned = 1;
+ fprintf(stderr,
+ "** Note: Please use the --sec-param instead of --bits\n");
+ }
+ bits = info_bits;
+ } else {
+ if (info_sec_param) {
+ bits =
+ gnutls_sec_param_to_pk_bits(key_type,
+ str_to_sec_param
+ (info_sec_param));
+ } else
+ bits =
+ gnutls_sec_param_to_pk_bits(key_type,
+ GNUTLS_SEC_PARAM_NORMAL);
+ }
+
+ return bits;
}
-gnutls_sec_param_t str_to_sec_param (const char *str)
+gnutls_sec_param_t str_to_sec_param(const char *str)
{
- if (strcasecmp (str, "low") == 0)
- {
- return GNUTLS_SEC_PARAM_LOW;
- }
- else if (strcasecmp (str, "legacy") == 0)
- {
- return GNUTLS_SEC_PARAM_LEGACY;
- }
- else if (strcasecmp (str, "normal") == 0)
- {
- return GNUTLS_SEC_PARAM_NORMAL;
- }
- else if (strcasecmp (str, "high") == 0)
- {
- return GNUTLS_SEC_PARAM_HIGH;
- }
- else if (strcasecmp (str, "ultra") == 0)
- {
- return GNUTLS_SEC_PARAM_ULTRA;
- }
- else
- {
- fprintf (stderr, "Unknown security parameter string: %s\n", str);
- exit (1);
- }
+ if (strcasecmp(str, "low") == 0) {
+ return GNUTLS_SEC_PARAM_LOW;
+ } else if (strcasecmp(str, "legacy") == 0) {
+ return GNUTLS_SEC_PARAM_LEGACY;
+ } else if (strcasecmp(str, "normal") == 0) {
+ return GNUTLS_SEC_PARAM_NORMAL;
+ } else if (strcasecmp(str, "high") == 0) {
+ return GNUTLS_SEC_PARAM_HIGH;
+ } else if (strcasecmp(str, "ultra") == 0) {
+ return GNUTLS_SEC_PARAM_ULTRA;
+ } else {
+ fprintf(stderr, "Unknown security parameter string: %s\n",
+ str);
+ exit(1);
+ }
}
#define SPACE "\t"
static void
-print_hex_datum (FILE* outfile, gnutls_datum_t * dat, int cprint)
+print_hex_datum(FILE * outfile, gnutls_datum_t * dat, int cprint)
{
- unsigned int j;
-
- if (cprint != 0)
- {
- fprintf (outfile, "\n" SPACE"\"");
- for (j = 0; j < dat->size; j++)
- {
- fprintf (outfile, "\\x%.2x", (unsigned char) dat->data[j]);
- if ((j + 1) % 15 == 0)
- fprintf (outfile, "\"\n" SPACE"\"");
- }
- fprintf (outfile, "\";\n\n");
-
- return;
- }
-
- fprintf (outfile, "\n" SPACE);
- for (j = 0; j < dat->size; j++)
- {
- fprintf (outfile, "%.2x:", (unsigned char) dat->data[j]);
- if ((j + 1) % 15 == 0)
- fprintf (outfile, "\n" SPACE);
- }
- fprintf (outfile, "\n\n");
+ unsigned int j;
+
+ if (cprint != 0) {
+ fprintf(outfile, "\n" SPACE "\"");
+ for (j = 0; j < dat->size; j++) {
+ fprintf(outfile, "\\x%.2x",
+ (unsigned char) dat->data[j]);
+ if ((j + 1) % 15 == 0)
+ fprintf(outfile, "\"\n" SPACE "\"");
+ }
+ fprintf(outfile, "\";\n\n");
+
+ return;
+ }
+
+ fprintf(outfile, "\n" SPACE);
+ for (j = 0; j < dat->size; j++) {
+ fprintf(outfile, "%.2x:", (unsigned char) dat->data[j]);
+ if ((j + 1) % 15 == 0)
+ fprintf(outfile, "\n" SPACE);
+ }
+ fprintf(outfile, "\n\n");
}
-static void print_head(FILE* out, const char* txt, unsigned int size, int cprint)
+static void print_head(FILE * out, const char *txt, unsigned int size,
+ int cprint)
{
-unsigned i;
-char* p, * ntxt;
-
- if (cprint != 0)
- {
- if (size > 0)
- asprintf(&ntxt, "const unsigned char %s[%u] =", txt, size);
- else
- asprintf(&ntxt, "const unsigned char %s[] =\n", txt);
-
- p = strstr(ntxt, "char");
- p += 5;
-
- for (i=0;i<strlen(txt);i++)
- if (p[i] == ' ') p[i] = '_';
-
- fprintf(out, "%s", ntxt);
- free(ntxt);
-
- return;
- }
- fprintf(out, "%s:", txt);
+ unsigned i;
+ char *p, *ntxt;
+
+ if (cprint != 0) {
+ if (size > 0)
+ asprintf(&ntxt, "const unsigned char %s[%u] =",
+ txt, size);
+ else
+ asprintf(&ntxt, "const unsigned char %s[] =\n",
+ txt);
+
+ p = strstr(ntxt, "char");
+ p += 5;
+
+ for (i = 0; i < strlen(txt); i++)
+ if (p[i] == ' ')
+ p[i] = '_';
+
+ fprintf(out, "%s", ntxt);
+ free(ntxt);
+
+ return;
+ }
+ fprintf(out, "%s:", txt);
}
void
-print_dsa_pkey (FILE* outfile, gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * g, int cprint)
+print_dsa_pkey(FILE * outfile, gnutls_datum_t * x, gnutls_datum_t * y,
+ gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g,
+ int cprint)
{
- if (x)
- {
- print_head (outfile, "private key", x->size, cprint);
- print_hex_datum (outfile, x, cprint);
- }
- print_head (outfile, "public key", y->size, cprint);
- print_hex_datum (outfile, y, cprint);
- print_head (outfile, "p", p->size, cprint);
- print_hex_datum (outfile, p, cprint);
- print_head (outfile, "q", q->size, cprint);
- print_hex_datum (outfile, q, cprint);
- print_head (outfile, "g", g->size, cprint);
- print_hex_datum (outfile, g, cprint);
+ if (x) {
+ print_head(outfile, "private key", x->size, cprint);
+ print_hex_datum(outfile, x, cprint);
+ }
+ print_head(outfile, "public key", y->size, cprint);
+ print_hex_datum(outfile, y, cprint);
+ print_head(outfile, "p", p->size, cprint);
+ print_hex_datum(outfile, p, cprint);
+ print_head(outfile, "q", q->size, cprint);
+ print_hex_datum(outfile, q, cprint);
+ print_head(outfile, "g", g->size, cprint);
+ print_hex_datum(outfile, g, cprint);
}
void
-print_ecc_pkey (FILE* outfile, gnutls_ecc_curve_t curve, gnutls_datum_t* k,
- gnutls_datum_t * x, gnutls_datum_t * y, int cprint)
+print_ecc_pkey(FILE * outfile, gnutls_ecc_curve_t curve,
+ gnutls_datum_t * k, gnutls_datum_t * x, gnutls_datum_t * y,
+ int cprint)
{
- if (cprint != 0)
- fprintf (outfile, "/* curve: %s */\n", gnutls_ecc_curve_get_name(curve));
- else
- fprintf (outfile, "curve:\t%s\n", gnutls_ecc_curve_get_name(curve));
-
- if (k)
- {
- print_head (outfile, "private key", k->size, cprint);
- print_hex_datum (outfile, k, cprint);
- }
- print_head (outfile, "x", x->size, cprint);
- print_hex_datum (outfile, x, cprint);
- print_head (outfile, "y", y->size, cprint);
- print_hex_datum (outfile, y, cprint);
+ if (cprint != 0)
+ fprintf(outfile, "/* curve: %s */\n",
+ gnutls_ecc_curve_get_name(curve));
+ else
+ fprintf(outfile, "curve:\t%s\n",
+ gnutls_ecc_curve_get_name(curve));
+
+ if (k) {
+ print_head(outfile, "private key", k->size, cprint);
+ print_hex_datum(outfile, k, cprint);
+ }
+ print_head(outfile, "x", x->size, cprint);
+ print_hex_datum(outfile, x, cprint);
+ print_head(outfile, "y", y->size, cprint);
+ print_hex_datum(outfile, y, cprint);
}
void
-print_rsa_pkey (FILE* outfile, gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
- gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u,
- gnutls_datum_t * exp1, gnutls_datum_t * exp2, int cprint)
+print_rsa_pkey(FILE * outfile, gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * u, gnutls_datum_t * exp1,
+ gnutls_datum_t * exp2, int cprint)
{
- print_head (outfile, "modulus", m->size, cprint);
- print_hex_datum (outfile, m, cprint);
- print_head (outfile, "public exponent", e->size, cprint);
- print_hex_datum (outfile, e, cprint);
- if (d)
- {
- print_head (outfile, "private exponent", d->size, cprint);
- print_hex_datum (outfile, d, cprint);
- print_head (outfile, "prime1", p->size, cprint);
- print_hex_datum (outfile, p, cprint);
- print_head (outfile, "prime2", q->size, cprint);
- print_hex_datum (outfile, q, cprint);
- print_head (outfile, "coefficient", u->size, cprint);
- print_hex_datum (outfile, u, cprint);
- if (exp1 && exp2)
- {
- print_head (outfile, "exp1", exp1->size, cprint);
- print_hex_datum (outfile, exp1, cprint);
- print_head (outfile, "exp2", exp2->size, cprint);
- print_hex_datum (outfile, exp2, cprint);
- }
- }
+ print_head(outfile, "modulus", m->size, cprint);
+ print_hex_datum(outfile, m, cprint);
+ print_head(outfile, "public exponent", e->size, cprint);
+ print_hex_datum(outfile, e, cprint);
+ if (d) {
+ print_head(outfile, "private exponent", d->size, cprint);
+ print_hex_datum(outfile, d, cprint);
+ print_head(outfile, "prime1", p->size, cprint);
+ print_hex_datum(outfile, p, cprint);
+ print_head(outfile, "prime2", q->size, cprint);
+ print_hex_datum(outfile, q, cprint);
+ print_head(outfile, "coefficient", u->size, cprint);
+ print_hex_datum(outfile, u, cprint);
+ if (exp1 && exp2) {
+ print_head(outfile, "exp1", exp1->size, cprint);
+ print_hex_datum(outfile, exp1, cprint);
+ print_head(outfile, "exp2", exp2->size, cprint);
+ print_hex_datum(outfile, exp2, cprint);
+ }
+ }
}
-void _pubkey_info(FILE* outfile, gnutls_certificate_print_formats_t format, gnutls_pubkey_t pubkey)
+void _pubkey_info(FILE * outfile,
+ gnutls_certificate_print_formats_t format,
+ gnutls_pubkey_t pubkey)
{
-gnutls_datum_t data;
-int ret;
-size_t size;
-
- ret = gnutls_pubkey_print(pubkey, format, &data);
- if (ret < 0)
- {
- fprintf(stderr, "pubkey_print error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "%s\n", data.data);
- gnutls_free (data.data);
-
- size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "export error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "\n%s\n", buffer);
+ gnutls_datum_t data;
+ int ret;
+ size_t size;
+
+ ret = gnutls_pubkey_print(pubkey, format, &data);
+ if (ret < 0) {
+ fprintf(stderr, "pubkey_print error: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "%s\n", data.data);
+ gnutls_free(data.data);
+
+ size = buffer_size;
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_PEM, buffer,
+ &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\n%s\n", buffer);
}
static void
-print_dh_info (FILE* outfile, gnutls_datum_t * p, gnutls_datum_t * g, unsigned int q_bits, int cprint)
+print_dh_info(FILE * outfile, gnutls_datum_t * p, gnutls_datum_t * g,
+ unsigned int q_bits, int cprint)
{
- if (q_bits > 0)
- {
- if (cprint != 0)
- fprintf (outfile, "\n /* recommended key length: %d bytes */\n\n", (7+q_bits)/8);
- else
- fprintf (outfile, "\nRecommended key length: %d bits\n\n", q_bits);
- }
+ if (q_bits > 0) {
+ if (cprint != 0)
+ fprintf(outfile,
+ "\n /* recommended key length: %d bytes */\n\n",
+ (7 + q_bits) / 8);
+ else
+ fprintf(outfile,
+ "\nRecommended key length: %d bits\n\n",
+ q_bits);
+ }
- print_head (outfile, "generator", g->size, cprint);
- print_hex_datum (outfile, g, cprint);
+ print_head(outfile, "generator", g->size, cprint);
+ print_hex_datum(outfile, g, cprint);
- print_head (outfile, "prime", p->size, cprint);
- print_hex_datum (outfile, p, cprint);
+ print_head(outfile, "prime", p->size, cprint);
+ print_hex_datum(outfile, p, cprint);
}
-void dh_info (FILE* infile, FILE* outfile, common_info_st * ci)
+void dh_info(FILE * infile, FILE * outfile, common_info_st * ci)
{
- gnutls_datum_t params;
- size_t size;
- int ret;
- gnutls_dh_params_t dh_params;
- gnutls_datum_t p, g;
- unsigned int q_bits = 0;
-
- if (gnutls_dh_params_init (&dh_params) < 0)
- {
- fprintf (stderr, "Error in dh parameter initialization\n");
- exit (1);
- }
-
- params.data = (void*)fread_file (infile, &size);
- params.size = size;
-
- ret =
- gnutls_dh_params_import_pkcs3 (dh_params, &params, ci->incert_format);
- if (ret < 0)
- {
- fprintf (stderr, "Error parsing dh params: %s\n", gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_dh_params_export_raw (dh_params, &p, &g, &q_bits);
- if (ret < 0)
- {
- fprintf (stderr, "Error exporting parameters: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- if (ci->outcert_format == GNUTLS_X509_FMT_PEM)
- print_dh_info (outfile, &p, &g, q_bits, ci->cprint);
-
- if (!ci->cprint)
- { /* generate a PKCS#3 structure */
- size_t len = buffer_size;
-
- ret = gnutls_dh_params_export_pkcs3 (dh_params, ci->outcert_format,
- buffer, &len);
-
- if (ret == 0)
- {
- if (ci->outcert_format == GNUTLS_X509_FMT_PEM)
- {
- fprintf (outfile, "\n%s", buffer);
- }
- else
- {
- fwrite (buffer, 1, len, outfile);
- }
- }
- else
- {
- fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
- }
- }
-
- gnutls_dh_params_deinit(dh_params);
+ gnutls_datum_t params;
+ size_t size;
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_datum_t p, g;
+ unsigned int q_bits = 0;
+
+ if (gnutls_dh_params_init(&dh_params) < 0) {
+ fprintf(stderr, "Error in dh parameter initialization\n");
+ exit(1);
+ }
+
+ params.data = (void *) fread_file(infile, &size);
+ params.size = size;
+
+ ret =
+ gnutls_dh_params_import_pkcs3(dh_params, &params,
+ ci->incert_format);
+ if (ret < 0) {
+ fprintf(stderr, "Error parsing dh params: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits);
+ if (ret < 0) {
+ fprintf(stderr, "Error exporting parameters: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (ci->outcert_format == GNUTLS_X509_FMT_PEM)
+ print_dh_info(outfile, &p, &g, q_bits, ci->cprint);
+
+ if (!ci->cprint) { /* generate a PKCS#3 structure */
+ size_t len = buffer_size;
+
+ ret =
+ gnutls_dh_params_export_pkcs3(dh_params,
+ ci->outcert_format,
+ buffer, &len);
+
+ if (ret == 0) {
+ if (ci->outcert_format == GNUTLS_X509_FMT_PEM) {
+ fprintf(outfile, "\n%s", buffer);
+ } else {
+ fwrite(buffer, 1, len, outfile);
+ }
+ } else {
+ fprintf(stderr, "Error: %s\n",
+ gnutls_strerror(ret));
+ }
+ }
+
+ gnutls_dh_params_deinit(dh_params);
}
/* If how is zero then the included parameters are used.
*/
-int
-generate_prime (FILE* outfile, int how, common_info_st * info)
+int generate_prime(FILE * outfile, int how, common_info_st * info)
{
- int ret;
- gnutls_dh_params_t dh_params;
- gnutls_datum_t p, g;
- int bits = get_bits (GNUTLS_PK_DH, info->bits, info->sec_param, 1);
- unsigned int q_bits = 0;
-
- gnutls_dh_params_init (&dh_params);
-
- if (how != 0)
- {
- fprintf (stderr, "Generating DH parameters (%d bits)...\n", bits);
- fprintf (stderr, "(might take long time)\n");
- }
- else
- fprintf (stderr, "Retrieving DH parameters...\n");
-
- if (how != 0)
- {
- ret = gnutls_dh_params_generate2 (dh_params, bits);
- if (ret < 0)
- {
- fprintf (stderr, "Error generating parameters: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_dh_params_export_raw (dh_params, &p, &g, &q_bits);
- if (ret < 0)
- {
- fprintf (stderr, "Error exporting parameters: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_datum_t p, g;
+ int bits = get_bits(GNUTLS_PK_DH, info->bits, info->sec_param, 1);
+ unsigned int q_bits = 0;
+
+ gnutls_dh_params_init(&dh_params);
+
+ if (how != 0) {
+ fprintf(stderr, "Generating DH parameters (%d bits)...\n",
+ bits);
+ fprintf(stderr, "(might take long time)\n");
+ } else
+ fprintf(stderr, "Retrieving DH parameters...\n");
+
+ if (how != 0) {
+ ret = gnutls_dh_params_generate2(dh_params, bits);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error generating parameters: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_dh_params_export_raw(dh_params, &p, &g,
+ &q_bits);
+ if (ret < 0) {
+ fprintf(stderr, "Error exporting parameters: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
#ifdef ENABLE_SRP
- if (bits <= 1024)
- {
- p = gnutls_srp_1024_group_prime;
- g = gnutls_srp_1024_group_generator;
- bits = 1024;
- }
- else if (bits <= 1536)
- {
- p = gnutls_srp_1536_group_prime;
- g = gnutls_srp_1536_group_generator;
- bits = 1536;
- }
- else if (bits <= 2048)
- {
- p = gnutls_srp_2048_group_prime;
- g = gnutls_srp_2048_group_generator;
- bits = 2048;
- }
- else if (bits <= 3072)
- {
- p = gnutls_srp_3072_group_prime;
- g = gnutls_srp_3072_group_generator;
- bits = 3072;
- }
- else
- {
- p = gnutls_srp_4096_group_prime;
- g = gnutls_srp_4096_group_generator;
- bits = 4096;
- }
-
- ret = gnutls_dh_params_import_raw (dh_params, &p, &g);
- if (ret < 0)
- {
- fprintf (stderr, "Error exporting parameters: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
+ if (bits <= 1024) {
+ p = gnutls_srp_1024_group_prime;
+ g = gnutls_srp_1024_group_generator;
+ bits = 1024;
+ } else if (bits <= 1536) {
+ p = gnutls_srp_1536_group_prime;
+ g = gnutls_srp_1536_group_generator;
+ bits = 1536;
+ } else if (bits <= 2048) {
+ p = gnutls_srp_2048_group_prime;
+ g = gnutls_srp_2048_group_generator;
+ bits = 2048;
+ } else if (bits <= 3072) {
+ p = gnutls_srp_3072_group_prime;
+ g = gnutls_srp_3072_group_generator;
+ bits = 3072;
+ } else {
+ p = gnutls_srp_4096_group_prime;
+ g = gnutls_srp_4096_group_generator;
+ bits = 4096;
+ }
+
+ ret = gnutls_dh_params_import_raw(dh_params, &p, &g);
+ if (ret < 0) {
+ fprintf(stderr, "Error exporting parameters: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
#else
- fprintf (stderr, "Parameters unavailable as SRP is disabled.\n");
- exit (1);
+ fprintf(stderr,
+ "Parameters unavailable as SRP is disabled.\n");
+ exit(1);
#endif
- }
+ }
- print_dh_info (outfile, &p, &g, q_bits, info->cprint);
+ print_dh_info(outfile, &p, &g, q_bits, info->cprint);
- if (!info->cprint)
- { /* generate a PKCS#3 structure */
- size_t len = buffer_size;
+ if (!info->cprint) { /* generate a PKCS#3 structure */
+ size_t len = buffer_size;
- ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
- buffer, &len);
+ ret =
+ gnutls_dh_params_export_pkcs3(dh_params,
+ GNUTLS_X509_FMT_PEM,
+ buffer, &len);
- if (ret == 0)
- {
- fprintf (outfile, "\n%s", buffer);
- }
- else
- {
- fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
- }
+ if (ret == 0) {
+ fprintf(outfile, "\n%s", buffer);
+ } else {
+ fprintf(stderr, "Error: %s\n",
+ gnutls_strerror(ret));
+ }
- }
+ }
- gnutls_dh_params_deinit(dh_params);
+ gnutls_dh_params_deinit(dh_params);
- return 0;
+ return 0;
}
-
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 35d1c2fbd2..b300988487 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -27,75 +27,82 @@
#define TYPE_CRT 1
#define TYPE_CRQ 2
-void certtool_version (void);
+void certtool_version(void);
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
-typedef struct common_info
-{
- const char *secret_key;
- const char *privkey;
- const char *pubkey;
- int pkcs8;
- int incert_format;
- int outcert_format;
- const char *cert;
-
- const char *request;
- const char *ca;
- const char *ca_privkey;
- int bits;
- const char* sec_param;
- const char* pkcs_cipher;
- const char* password;
- int null_password;
- unsigned int crq_extensions;
- unsigned int v1_cert;
-
- int cprint;
-
- unsigned int verbose;
+typedef struct common_info {
+ const char *secret_key;
+ const char *privkey;
+ const char *pubkey;
+ int pkcs8;
+ int incert_format;
+ int outcert_format;
+ const char *cert;
+
+ const char *request;
+ const char *ca;
+ const char *ca_privkey;
+ int bits;
+ const char *sec_param;
+ const char *pkcs_cipher;
+ const char *password;
+ int null_password;
+ unsigned int crq_extensions;
+ unsigned int v1_cert;
+
+ int cprint;
+
+ unsigned int verbose;
} common_info_st;
-gnutls_pubkey_t load_public_key_or_import(int mand, gnutls_privkey_t privkey, common_info_st * info);
-gnutls_privkey_t load_private_key (int mand, common_info_st * info);
-gnutls_x509_privkey_t load_x509_private_key (int mand, common_info_st * info);
-gnutls_x509_privkey_t *load_privkey_list (int mand, size_t * privkey_size,
- common_info_st * info);
-gnutls_x509_crq_t load_request (common_info_st * info);
-gnutls_privkey_t load_ca_private_key (common_info_st * info);
-gnutls_x509_crt_t load_ca_cert (common_info_st * info);
-gnutls_x509_crt_t load_cert (int mand, common_info_st * info);
-gnutls_datum_t *load_secret_key (int mand, common_info_st * info);
-gnutls_pubkey_t load_pubkey (int mand, common_info_st * info);
-gnutls_x509_crt_t *load_cert_list (int mand, size_t * size,
- common_info_st * info);
-int get_bits (gnutls_pk_algorithm_t key_type, int info_bits, const char* info_sec_param, int warn);
-
-gnutls_sec_param_t str_to_sec_param (const char *str);
+gnutls_pubkey_t load_public_key_or_import(int mand,
+ gnutls_privkey_t privkey,
+ common_info_st * info);
+gnutls_privkey_t load_private_key(int mand, common_info_st * info);
+gnutls_x509_privkey_t load_x509_private_key(int mand,
+ common_info_st * info);
+gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
+ common_info_st * info);
+gnutls_x509_crq_t load_request(common_info_st * info);
+gnutls_privkey_t load_ca_private_key(common_info_st * info);
+gnutls_x509_crt_t load_ca_cert(common_info_st * info);
+gnutls_x509_crt_t load_cert(int mand, common_info_st * info);
+gnutls_datum_t *load_secret_key(int mand, common_info_st * info);
+gnutls_pubkey_t load_pubkey(int mand, common_info_st * info);
+gnutls_x509_crt_t *load_cert_list(int mand, size_t * size,
+ common_info_st * info);
+int get_bits(gnutls_pk_algorithm_t key_type, int info_bits,
+ const char *info_sec_param, int warn);
+
+gnutls_sec_param_t str_to_sec_param(const char *str);
/* prime.c */
-int generate_prime (FILE* outfile, int how, common_info_st * info);
-void dh_info (FILE* infile, FILE* outfile, common_info_st * ci);
-
-gnutls_x509_privkey_t * load_privkey_list (int mand, size_t * privkey_size, common_info_st * info);
-
-void _pubkey_info(FILE* outfile, gnutls_certificate_print_formats_t, gnutls_pubkey_t pubkey);
-void
-print_ecc_pkey (FILE* outfile, gnutls_ecc_curve_t curve, gnutls_datum_t* k, gnutls_datum_t * x,
- gnutls_datum_t * y, int cprint);
-void
-print_rsa_pkey (FILE* outfile, gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
- gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u,
- gnutls_datum_t * exp1, gnutls_datum_t * exp2, int cprint);
-void
-print_dsa_pkey (FILE* outfile, gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * g, int cprint);
-
-FILE *safe_open_rw (const char *file, int privkey_op);
-
-const char* get_password(common_info_st * cinfo, unsigned int *flags, int confirm);
+int generate_prime(FILE * outfile, int how, common_info_st * info);
+void dh_info(FILE * infile, FILE * outfile, common_info_st * ci);
+
+gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
+ common_info_st * info);
+
+void _pubkey_info(FILE * outfile, gnutls_certificate_print_formats_t,
+ gnutls_pubkey_t pubkey);
+void print_ecc_pkey(FILE * outfile, gnutls_ecc_curve_t curve,
+ gnutls_datum_t * k, gnutls_datum_t * x,
+ gnutls_datum_t * y, int cprint);
+void print_rsa_pkey(FILE * outfile, gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ gnutls_datum_t * exp1, gnutls_datum_t * exp2,
+ int cprint);
+void print_dsa_pkey(FILE * outfile, gnutls_datum_t * x, gnutls_datum_t * y,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, int cprint);
+
+FILE *safe_open_rw(const char *file, int privkey_op);
+
+const char *get_password(common_info_st * cinfo, unsigned int *flags,
+ int confirm);
extern unsigned char buffer[];
extern const int buffer_size;
diff --git a/src/certtool-extras.c b/src/certtool-extras.c
index ee89434f7f..649b5eb668 100644
--- a/src/certtool-extras.c
+++ b/src/certtool-extras.c
@@ -46,89 +46,91 @@
/* Loads a x509 private key list
*/
-gnutls_x509_privkey_t *
-load_privkey_list (int mand, size_t * privkey_size, common_info_st * info)
+gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
+ common_info_st * info)
{
- static gnutls_x509_privkey_t key[MAX_KEYS];
- char *ptr;
- int ret, i;
- gnutls_datum_t dat, file_data;
- int ptr_size;
- unsigned int flags = 0;
- const char* pass;
-
- *privkey_size = 0;
- fprintf (stderr, "Loading private key list...\n");
-
- if (info->privkey == NULL)
- {
- if (mand)
- {
- fprintf( stderr, "missing --load-privkey");
- exit(1);
- }
- else
- return NULL;
- }
-
- ret = gnutls_load_file(info->privkey, &file_data);
- if (ret < 0)
- {
- fprintf (stderr, "%s", info->privkey);
- exit(1);
- }
-
- ptr = (void*)file_data.data;
- ptr_size = file_data.size;
-
- for (i = 0; i < MAX_KEYS; i++)
- {
- ret = gnutls_x509_privkey_init (&key[i]);
- if (ret < 0)
- {
- fprintf( stderr, "privkey_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- dat.data = (void*)ptr;
- dat.size = ptr_size;
-
- ret = gnutls_x509_privkey_import2 (key[i], &dat, info->incert_format, NULL, 0);
- if (ret == GNUTLS_E_DECRYPTION_FAILED)
- {
- pass = get_password (info, &flags, 0);
- ret = gnutls_x509_privkey_import2 (key[i], &dat, info->incert_format, pass, flags);
- }
-
- if (ret < 0 && *privkey_size > 0)
- break;
- if (ret < 0)
- {
- fprintf( stderr, "privkey_import: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- (*privkey_size)++;
-
- if (info->incert_format != GNUTLS_X509_FMT_PEM)
- break;
-
- ptr = strstr (ptr, "---END");
- if (ptr == NULL)
- break;
- ptr++;
-
- ptr_size = file_data.size;
- ptr_size -=
- (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
-
- if (ptr_size < 0)
- break;
-
- }
-
- gnutls_free(file_data.data);
- fprintf (stderr, "Loaded %d private keys.\n", (int) *privkey_size);
-
- return key;
+ static gnutls_x509_privkey_t key[MAX_KEYS];
+ char *ptr;
+ int ret, i;
+ gnutls_datum_t dat, file_data;
+ int ptr_size;
+ unsigned int flags = 0;
+ const char *pass;
+
+ *privkey_size = 0;
+ fprintf(stderr, "Loading private key list...\n");
+
+ if (info->privkey == NULL) {
+ if (mand) {
+ fprintf(stderr, "missing --load-privkey");
+ exit(1);
+ } else
+ return NULL;
+ }
+
+ ret = gnutls_load_file(info->privkey, &file_data);
+ if (ret < 0) {
+ fprintf(stderr, "%s", info->privkey);
+ exit(1);
+ }
+
+ ptr = (void *) file_data.data;
+ ptr_size = file_data.size;
+
+ for (i = 0; i < MAX_KEYS; i++) {
+ ret = gnutls_x509_privkey_init(&key[i]);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) ptr;
+ dat.size = ptr_size;
+
+ ret =
+ gnutls_x509_privkey_import2(key[i], &dat,
+ info->incert_format, NULL,
+ 0);
+ if (ret == GNUTLS_E_DECRYPTION_FAILED) {
+ pass = get_password(info, &flags, 0);
+ ret =
+ gnutls_x509_privkey_import2(key[i], &dat,
+ info->
+ incert_format,
+ pass, flags);
+ }
+
+ if (ret < 0 && *privkey_size > 0)
+ break;
+ if (ret < 0) {
+ fprintf(stderr, "privkey_import: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ (*privkey_size)++;
+
+ if (info->incert_format != GNUTLS_X509_FMT_PEM)
+ break;
+
+ ptr = strstr(ptr, "---END");
+ if (ptr == NULL)
+ break;
+ ptr++;
+
+ ptr_size = file_data.size;
+ ptr_size -=
+ (unsigned int) ((unsigned char *) ptr -
+ (unsigned char *) buffer);
+
+ if (ptr_size < 0)
+ break;
+
+ }
+
+ gnutls_free(file_data.data);
+ fprintf(stderr, "Loaded %d private keys.\n", (int) *privkey_size);
+
+ return key;
}
diff --git a/src/certtool.c b/src/certtool.c
index 1e0aab2aee..9f0c74443f 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -47,29 +47,29 @@
#include "certtool-args.h"
#include "certtool-common.h"
-static void privkey_info_int (common_info_st*, gnutls_x509_privkey_t key);
-static void print_crl_info (gnutls_x509_crl_t crl, FILE * out);
-void pkcs7_info (void);
-void crq_info (void);
-void smime_to_pkcs7 (void);
-void pkcs12_info (common_info_st*);
-void generate_pkcs12 (common_info_st *);
-void generate_pkcs8 (common_info_st *);
-static void verify_chain (void);
-void verify_crl (common_info_st * cinfo);
-void pubkey_info (gnutls_x509_crt_t crt, common_info_st *);
-void pgp_privkey_info (void);
-void pgp_ring_info (void);
-void certificate_info (int, common_info_st *);
-void pgp_certificate_info (void);
-void crl_info (void);
-void privkey_info (common_info_st*);
-static void cmd_parser (int argc, char **argv);
-void generate_self_signed (common_info_st *);
-void generate_request (common_info_st *);
-static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out,
- unsigned int all);
-static void verify_certificate (common_info_st * cinfo);
+static void privkey_info_int(common_info_st *, gnutls_x509_privkey_t key);
+static void print_crl_info(gnutls_x509_crl_t crl, FILE * out);
+void pkcs7_info(void);
+void crq_info(void);
+void smime_to_pkcs7(void);
+void pkcs12_info(common_info_st *);
+void generate_pkcs12(common_info_st *);
+void generate_pkcs8(common_info_st *);
+static void verify_chain(void);
+void verify_crl(common_info_st * cinfo);
+void pubkey_info(gnutls_x509_crt_t crt, common_info_st *);
+void pgp_privkey_info(void);
+void pgp_ring_info(void);
+void certificate_info(int, common_info_st *);
+void pgp_certificate_info(void);
+void crl_info(void);
+void privkey_info(common_info_st *);
+static void cmd_parser(int argc, char **argv);
+void generate_self_signed(common_info_st *);
+void generate_request(common_info_st *);
+static void print_certificate_info(gnutls_x509_crt_t crt, FILE * out,
+ unsigned int all);
+static void verify_certificate(common_info_st * cinfo);
FILE *outfile;
FILE *infile;
@@ -83,1546 +83,1488 @@ gnutls_certificate_print_formats_t full_format = GNUTLS_CRT_PRINT_FULL;
int batch;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- cfg_init ();
- cmd_parser (argc, argv);
+ cfg_init();
+ cmd_parser(argc, argv);
- return 0;
+ return 0;
}
static gnutls_x509_privkey_t
-generate_private_key_int (common_info_st * cinfo)
+generate_private_key_int(common_info_st * cinfo)
{
- gnutls_x509_privkey_t key;
- int ret, key_type, bits;
-
- key_type = req_key_type;
-
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- {
- fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- bits = get_bits (key_type, cinfo->bits, cinfo->sec_param, 1);
-
- fprintf (stderr, "Generating a %d bit %s private key...\n",
- bits, gnutls_pk_algorithm_get_name (key_type));
-
- if (bits > 1024 && key_type == GNUTLS_PK_DSA)
- fprintf (stderr,
- "Note that DSA keys with size over 1024 may cause incompatibility problems when used with earlier than TLS 1.2 versions.\n\n");
-
- ret = gnutls_x509_privkey_generate (key, key_type, bits, 0);
- if (ret < 0)
- {
- fprintf(stderr, "privkey_generate: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_x509_privkey_verify_params (key);
- if (ret < 0)
- {
- fprintf(stderr, "privkey_verify_params: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- return key;
+ gnutls_x509_privkey_t key;
+ int ret, key_type, bits;
+
+ key_type = req_key_type;
+
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ bits = get_bits(key_type, cinfo->bits, cinfo->sec_param, 1);
+
+ fprintf(stderr, "Generating a %d bit %s private key...\n",
+ bits, gnutls_pk_algorithm_get_name(key_type));
+
+ if (bits > 1024 && key_type == GNUTLS_PK_DSA)
+ fprintf(stderr,
+ "Note that DSA keys with size over 1024 may cause incompatibility problems when used with earlier than TLS 1.2 versions.\n\n");
+
+ ret = gnutls_x509_privkey_generate(key, key_type, bits, 0);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_generate: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_x509_privkey_verify_params(key);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_verify_params: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return key;
}
-static int
-cipher_to_flags (const char *cipher)
+static int cipher_to_flags(const char *cipher)
{
- if (cipher == NULL)
- {
- return GNUTLS_PKCS_USE_PKCS12_ARCFOUR;
- }
- else if (strcasecmp (cipher, "3des") == 0)
- {
- return GNUTLS_PKCS_USE_PBES2_3DES;
- }
- else if (strcasecmp (cipher, "3des-pkcs12") == 0)
- {
- return GNUTLS_PKCS_USE_PKCS12_3DES;
- }
- else if (strcasecmp (cipher, "arcfour") == 0)
- {
- return GNUTLS_PKCS_USE_PKCS12_ARCFOUR;
- }
- else if (strcasecmp (cipher, "aes-128") == 0)
- {
- return GNUTLS_PKCS_USE_PBES2_AES_128;
- }
- else if (strcasecmp (cipher, "aes-192") == 0)
- {
- return GNUTLS_PKCS_USE_PBES2_AES_192;
- }
- else if (strcasecmp (cipher, "aes-256") == 0)
- {
- return GNUTLS_PKCS_USE_PBES2_AES_256;
- }
- else if (strcasecmp (cipher, "rc2-40") == 0)
- {
- return GNUTLS_PKCS_USE_PKCS12_RC2_40;
- }
-
- fprintf(stderr, "unknown cipher %s\n", cipher);
- exit(1);
+ if (cipher == NULL) {
+ return GNUTLS_PKCS_USE_PKCS12_ARCFOUR;
+ } else if (strcasecmp(cipher, "3des") == 0) {
+ return GNUTLS_PKCS_USE_PBES2_3DES;
+ } else if (strcasecmp(cipher, "3des-pkcs12") == 0) {
+ return GNUTLS_PKCS_USE_PKCS12_3DES;
+ } else if (strcasecmp(cipher, "arcfour") == 0) {
+ return GNUTLS_PKCS_USE_PKCS12_ARCFOUR;
+ } else if (strcasecmp(cipher, "aes-128") == 0) {
+ return GNUTLS_PKCS_USE_PBES2_AES_128;
+ } else if (strcasecmp(cipher, "aes-192") == 0) {
+ return GNUTLS_PKCS_USE_PBES2_AES_192;
+ } else if (strcasecmp(cipher, "aes-256") == 0) {
+ return GNUTLS_PKCS_USE_PBES2_AES_256;
+ } else if (strcasecmp(cipher, "rc2-40") == 0) {
+ return GNUTLS_PKCS_USE_PKCS12_RC2_40;
+ }
+
+ fprintf(stderr, "unknown cipher %s\n", cipher);
+ exit(1);
}
static void
-print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key)
+print_private_key(common_info_st * cinfo, gnutls_x509_privkey_t key)
{
- int ret;
- size_t size;
-
- if (!key)
- return;
-
-
- if (!cinfo->pkcs8)
- {
- /* Only print private key parameters when an unencrypted
- * format is used */
- if (outcert_format == GNUTLS_X509_FMT_PEM)
- privkey_info_int(cinfo, key);
-
- size = buffer_size;
- ret = gnutls_x509_privkey_export (key, outcert_format,
- buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "privkey_export: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
- else
- {
- unsigned int flags = 0;
- const char *pass;
-
- pass = get_password(cinfo, &flags, 0);
- flags |= cipher_to_flags (cinfo->pkcs_cipher);
-
- size = buffer_size;
- ret =
- gnutls_x509_privkey_export_pkcs8 (key, outcert_format, pass,
- flags, buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "privkey_export_pkcs8: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
-
- fwrite (buffer, 1, size, outfile);
+ int ret;
+ size_t size;
+
+ if (!key)
+ return;
+
+
+ if (!cinfo->pkcs8) {
+ /* Only print private key parameters when an unencrypted
+ * format is used */
+ if (outcert_format == GNUTLS_X509_FMT_PEM)
+ privkey_info_int(cinfo, key);
+
+ size = buffer_size;
+ ret = gnutls_x509_privkey_export(key, outcert_format,
+ buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_export: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ unsigned int flags = 0;
+ const char *pass;
+
+ pass = get_password(cinfo, &flags, 0);
+ flags |= cipher_to_flags(cinfo->pkcs_cipher);
+
+ size = buffer_size;
+ ret =
+ gnutls_x509_privkey_export_pkcs8(key, outcert_format,
+ pass, flags, buffer,
+ &size);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_export_pkcs8: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ fwrite(buffer, 1, size, outfile);
}
-static void
-generate_private_key (common_info_st* cinfo)
+static void generate_private_key(common_info_st * cinfo)
{
- gnutls_x509_privkey_t key;
+ gnutls_x509_privkey_t key;
- key = generate_private_key_int (cinfo);
+ key = generate_private_key_int(cinfo);
- print_private_key (cinfo, key);
+ print_private_key(cinfo, key);
- gnutls_x509_privkey_deinit (key);
+ gnutls_x509_privkey_deinit(key);
}
static gnutls_x509_crt_t
-generate_certificate (gnutls_privkey_t * ret_key,
- gnutls_x509_crt_t ca_crt, int proxy,
- common_info_st * cinfo)
+generate_certificate(gnutls_privkey_t * ret_key,
+ gnutls_x509_crt_t ca_crt, int proxy,
+ common_info_st * cinfo)
{
- gnutls_x509_crt_t crt;
- gnutls_privkey_t key = NULL;
- gnutls_pubkey_t pubkey;
- size_t size;
- int ret;
- int client;
- int days, result, ca_status = 0, is_ike = 0, path_len;
- time_t secs, now;
- int vers;
- unsigned int usage = 0, server;
- gnutls_x509_crq_t crq; /* request */
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- crq = load_request (cinfo);
-
- if (crq == NULL)
- {
-
- key = load_private_key (0, cinfo);
-
- pubkey = load_public_key_or_import (1, key, cinfo);
-
- if (!batch)
- fprintf (stderr,
- "Please enter the details of the certificate's distinguished name. "
- "Just press enter to ignore a field.\n");
-
- /* set the DN.
- */
- if (proxy)
- {
- result = gnutls_x509_crt_set_proxy_dn (crt, ca_crt, 0, NULL, 0);
- if (result < 0)
- {
- fprintf(stderr, "set_proxy_dn: %s",
- gnutls_strerror (result));
- exit(1);
- }
-
- get_dn_crt_set (crt);
- get_cn_crt_set (crt);
- }
- else
- {
- get_dn_crt_set (crt);
-
- get_cn_crt_set (crt);
- get_uid_crt_set (crt);
- get_unit_crt_set (crt);
- get_organization_crt_set (crt);
- get_locality_crt_set (crt);
- get_state_crt_set (crt);
- get_country_crt_set (crt);
- get_dc_set (TYPE_CRT, crt);
-
- get_oid_crt_set (crt);
- get_key_purpose_set (TYPE_CRT, crt);
-
- if (!batch)
- fprintf (stderr,
- "This field should not be used in new certificates.\n");
-
- get_pkcs9_email_crt_set (crt);
- }
-
- result = gnutls_x509_crt_set_pubkey (crt, pubkey);
- if (result < 0)
- {
- fprintf(stderr, "set_key: %s", gnutls_strerror (result));
- exit(1);
- }
- }
- else
- {
- result = gnutls_x509_crt_set_crq (crt, crq);
- if (result < 0)
- {
- fprintf(stderr, "set_crq: %s", gnutls_strerror (result));
- exit(1);
- }
- }
-
-
- {
- int serial = get_serial ();
- char bin_serial[5];
-
- bin_serial[4] = serial & 0xff;
- bin_serial[3] = (serial >> 8) & 0xff;
- bin_serial[2] = (serial >> 16) & 0xff;
- bin_serial[1] = (serial >> 24) & 0xff;
- bin_serial[0] = 0;
-
- result = gnutls_x509_crt_set_serial (crt, bin_serial, 5);
- if (result < 0)
- {
- fprintf(stderr, "serial: %s", gnutls_strerror (result));
- exit(1);
- }
- }
-
- if (!batch)
- fprintf (stderr, "\n\nActivation/Expiration time.\n");
-
- gnutls_x509_crt_set_activation_time (crt, time (NULL));
-
- now = time(NULL);
-
- do
- {
- days = get_days ();
- secs = days * 24 * 60 * 60 + now;
- }
- while (secs < now || (unsigned)(secs-now)/(24*60*60) != (unsigned)days);
-
- result =
- gnutls_x509_crt_set_expiration_time (crt, secs);
- if (result < 0)
- {
- fprintf(stderr, "set_expiration: %s", gnutls_strerror (result));
- exit(1);
- }
-
- if (!batch)
- fprintf (stderr, "\n\nExtensions.\n");
-
- /* do not allow extensions on a v1 certificate */
- if (crq && get_crq_extensions_status () != 0)
- {
- result = gnutls_x509_crt_set_crq_extensions (crt, crq);
- if (result < 0)
- {
- fprintf(stderr, "set_crq: %s", gnutls_strerror (result));
- exit(1);
- }
- }
-
- /* append additional extensions */
- if (cinfo->v1_cert == 0)
- {
-
- if (proxy)
- {
- const char *policylanguage;
- char *policy;
- size_t policylen;
- int proxypathlen = get_path_len ();
-
- if (!batch)
- {
- printf ("1.3.6.1.5.5.7.21.1 ::= id-ppl-inheritALL\n");
- printf ("1.3.6.1.5.5.7.21.2 ::= id-ppl-independent\n");
- }
-
- policylanguage = get_proxy_policy (&policy, &policylen);
-
- result =
- gnutls_x509_crt_set_proxy (crt, proxypathlen, policylanguage,
- policy, policylen);
- if (result < 0)
- {
- fprintf(stderr, "set_proxy: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- if (!proxy)
- ca_status = get_ca_status ();
- if (ca_status)
- path_len = get_path_len ();
- else
- path_len = -1;
-
- result =
- gnutls_x509_crt_set_basic_constraints (crt, ca_status, path_len);
- if (result < 0)
- {
- fprintf(stderr, "basic_constraints: %s",
- gnutls_strerror (result));
- exit(1);
- }
-
- client = get_tls_client_status ();
- if (client != 0)
- {
- result = gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_TLS_WWW_CLIENT,
- 0);
- if (result < 0)
- {
- fprintf(stderr, "key_kp: %s", gnutls_strerror (result));
- exit(1);
- }
- }
-
- is_ike = get_ipsec_ike_status ();
- server = get_tls_server_status ();
-
- get_dns_name_set (TYPE_CRT, crt);
- get_uri_set (TYPE_CRT, crt);
- get_ip_addr_set (TYPE_CRT, crt);
- get_policy_set (crt);
-
- if (server != 0)
- {
- result = 0;
-
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_TLS_WWW_SERVER, 0);
- if (result < 0)
- {
- fprintf(stderr, "key_kp: %s", gnutls_strerror (result));
- exit(1);
- }
- }
- else if (!proxy)
- {
- get_email_set (TYPE_CRT, crt);
- }
-
- if (!ca_status || server)
- {
- int pk;
-
-
- pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
-
- if (pk == GNUTLS_PK_RSA)
- { /* DSA and ECDSA keys can only sign. */
- result = get_sign_status (server);
- if (result)
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
-
- result = get_encrypt_status (server);
- if (result)
- usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
- }
- else
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
-
- if (is_ike)
- {
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_IPSEC_IKE, 0);
- if (result < 0)
- {
- fprintf(stderr, "key_kp: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
- }
-
-
- if (ca_status)
- {
- result = get_cert_sign_status ();
- if (result)
- usage |= GNUTLS_KEY_KEY_CERT_SIGN;
-
- result = get_crl_sign_status ();
- if (result)
- usage |= GNUTLS_KEY_CRL_SIGN;
-
- result = get_code_sign_status ();
- if (result)
- {
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_CODE_SIGNING,
- 0);
- if (result < 0)
- {
- fprintf(stderr, "key_kp: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- result = get_ocsp_sign_status ();
- if (result)
- {
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_OCSP_SIGNING,
- 0);
- if (result < 0)
- {
- fprintf(stderr, "key_kp: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- result = get_time_stamp_status ();
- if (result)
- {
- result =
- gnutls_x509_crt_set_key_purpose_oid (crt,
- GNUTLS_KP_TIME_STAMPING,
- 0);
- if (result < 0)
- {
- fprintf(stderr, "key_kp: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
- }
- get_ocsp_issuer_set(crt);
- get_ca_issuers_set(crt);
-
- if (usage != 0)
- {
- /* http://tools.ietf.org/html/rfc4945#section-5.1.3.2: if any KU is
- set, then either digitalSignature or the nonRepudiation bits in the
- KeyUsage extension MUST for all IKE certs */
- if (is_ike && (get_sign_status (server) != 1))
- usage |= GNUTLS_KEY_NON_REPUDIATION;
- result = gnutls_x509_crt_set_key_usage (crt, usage);
- if (result < 0)
- {
- fprintf(stderr, "key_usage: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- /* Subject Key ID.
- */
- size = buffer_size;
- result = gnutls_x509_crt_get_key_id (crt, 0, buffer, &size);
- if (result >= 0)
- {
- result = gnutls_x509_crt_set_subject_key_id (crt, buffer, size);
- if (result < 0)
- {
- fprintf(stderr, "set_subject_key_id: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- /* Authority Key ID.
- */
- if (ca_crt != NULL)
- {
- size = buffer_size;
- result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
- &size, NULL);
- if (result < 0)
- {
- size = buffer_size;
- result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
- }
- if (result >= 0)
- {
- result =
- gnutls_x509_crt_set_authority_key_id (crt, buffer, size);
- if (result < 0)
- {
- fprintf(stderr, "set_authority_key_id: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
- }
- }
-
- /* Version.
- */
- if (cinfo->v1_cert != 0)
- vers = 1;
- else
- vers = 3;
- result = gnutls_x509_crt_set_version (crt, vers);
- if (result < 0)
- {
- fprintf(stderr, "set_version: %s", gnutls_strerror (result));
- exit(1);
- }
-
- *ret_key = key;
- return crt;
+ gnutls_x509_crt_t crt;
+ gnutls_privkey_t key = NULL;
+ gnutls_pubkey_t pubkey;
+ size_t size;
+ int ret;
+ int client;
+ int days, result, ca_status = 0, is_ike = 0, path_len;
+ time_t secs, now;
+ int vers;
+ unsigned int usage = 0, server;
+ gnutls_x509_crq_t crq; /* request */
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ crq = load_request(cinfo);
+
+ if (crq == NULL) {
+
+ key = load_private_key(0, cinfo);
+
+ pubkey = load_public_key_or_import(1, key, cinfo);
+
+ if (!batch)
+ fprintf(stderr,
+ "Please enter the details of the certificate's distinguished name. "
+ "Just press enter to ignore a field.\n");
+
+ /* set the DN.
+ */
+ if (proxy) {
+ result =
+ gnutls_x509_crt_set_proxy_dn(crt, ca_crt, 0,
+ NULL, 0);
+ if (result < 0) {
+ fprintf(stderr, "set_proxy_dn: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ get_dn_crt_set(crt);
+ get_cn_crt_set(crt);
+ } else {
+ get_dn_crt_set(crt);
+
+ get_cn_crt_set(crt);
+ get_uid_crt_set(crt);
+ get_unit_crt_set(crt);
+ get_organization_crt_set(crt);
+ get_locality_crt_set(crt);
+ get_state_crt_set(crt);
+ get_country_crt_set(crt);
+ get_dc_set(TYPE_CRT, crt);
+
+ get_oid_crt_set(crt);
+ get_key_purpose_set(TYPE_CRT, crt);
+
+ if (!batch)
+ fprintf(stderr,
+ "This field should not be used in new certificates.\n");
+
+ get_pkcs9_email_crt_set(crt);
+ }
+
+ result = gnutls_x509_crt_set_pubkey(crt, pubkey);
+ if (result < 0) {
+ fprintf(stderr, "set_key: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ } else {
+ result = gnutls_x509_crt_set_crq(crt, crq);
+ if (result < 0) {
+ fprintf(stderr, "set_crq: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+
+ {
+ int serial = get_serial();
+ char bin_serial[5];
+
+ bin_serial[4] = serial & 0xff;
+ bin_serial[3] = (serial >> 8) & 0xff;
+ bin_serial[2] = (serial >> 16) & 0xff;
+ bin_serial[1] = (serial >> 24) & 0xff;
+ bin_serial[0] = 0;
+
+ result = gnutls_x509_crt_set_serial(crt, bin_serial, 5);
+ if (result < 0) {
+ fprintf(stderr, "serial: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ if (!batch)
+ fprintf(stderr, "\n\nActivation/Expiration time.\n");
+
+ gnutls_x509_crt_set_activation_time(crt, time(NULL));
+
+ now = time(NULL);
+
+ do {
+ days = get_days();
+ secs = days * 24 * 60 * 60 + now;
+ }
+ while (secs < now
+ || (unsigned) (secs - now) / (24 * 60 * 60) !=
+ (unsigned) days);
+
+ result = gnutls_x509_crt_set_expiration_time(crt, secs);
+ if (result < 0) {
+ fprintf(stderr, "set_expiration: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ if (!batch)
+ fprintf(stderr, "\n\nExtensions.\n");
+
+ /* do not allow extensions on a v1 certificate */
+ if (crq && get_crq_extensions_status() != 0) {
+ result = gnutls_x509_crt_set_crq_extensions(crt, crq);
+ if (result < 0) {
+ fprintf(stderr, "set_crq: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ /* append additional extensions */
+ if (cinfo->v1_cert == 0) {
+
+ if (proxy) {
+ const char *policylanguage;
+ char *policy;
+ size_t policylen;
+ int proxypathlen = get_path_len();
+
+ if (!batch) {
+ printf
+ ("1.3.6.1.5.5.7.21.1 ::= id-ppl-inheritALL\n");
+ printf
+ ("1.3.6.1.5.5.7.21.2 ::= id-ppl-independent\n");
+ }
+
+ policylanguage =
+ get_proxy_policy(&policy, &policylen);
+
+ result =
+ gnutls_x509_crt_set_proxy(crt, proxypathlen,
+ policylanguage,
+ policy, policylen);
+ if (result < 0) {
+ fprintf(stderr, "set_proxy: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ if (!proxy)
+ ca_status = get_ca_status();
+ if (ca_status)
+ path_len = get_path_len();
+ else
+ path_len = -1;
+
+ result =
+ gnutls_x509_crt_set_basic_constraints(crt, ca_status,
+ path_len);
+ if (result < 0) {
+ fprintf(stderr, "basic_constraints: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ client = get_tls_client_status();
+ if (client != 0) {
+ result = gnutls_x509_crt_set_key_purpose_oid(crt,
+ GNUTLS_KP_TLS_WWW_CLIENT,
+ 0);
+ if (result < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ is_ike = get_ipsec_ike_status();
+ server = get_tls_server_status();
+
+ get_dns_name_set(TYPE_CRT, crt);
+ get_uri_set(TYPE_CRT, crt);
+ get_ip_addr_set(TYPE_CRT, crt);
+ get_policy_set(crt);
+
+ if (server != 0) {
+ result = 0;
+
+ result =
+ gnutls_x509_crt_set_key_purpose_oid(crt,
+ GNUTLS_KP_TLS_WWW_SERVER,
+ 0);
+ if (result < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ } else if (!proxy) {
+ get_email_set(TYPE_CRT, crt);
+ }
+
+ if (!ca_status || server) {
+ int pk;
+
+
+ pk = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+
+ if (pk == GNUTLS_PK_RSA) { /* DSA and ECDSA keys can only sign. */
+ result = get_sign_status(server);
+ if (result)
+ usage |=
+ GNUTLS_KEY_DIGITAL_SIGNATURE;
+
+ result = get_encrypt_status(server);
+ if (result)
+ usage |=
+ GNUTLS_KEY_KEY_ENCIPHERMENT;
+ } else
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+
+ if (is_ike) {
+ result =
+ gnutls_x509_crt_set_key_purpose_oid
+ (crt, GNUTLS_KP_IPSEC_IKE, 0);
+ if (result < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+ }
+
+
+ if (ca_status) {
+ result = get_cert_sign_status();
+ if (result)
+ usage |= GNUTLS_KEY_KEY_CERT_SIGN;
+
+ result = get_crl_sign_status();
+ if (result)
+ usage |= GNUTLS_KEY_CRL_SIGN;
+
+ result = get_code_sign_status();
+ if (result) {
+ result =
+ gnutls_x509_crt_set_key_purpose_oid
+ (crt, GNUTLS_KP_CODE_SIGNING, 0);
+ if (result < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ result = get_ocsp_sign_status();
+ if (result) {
+ result =
+ gnutls_x509_crt_set_key_purpose_oid
+ (crt, GNUTLS_KP_OCSP_SIGNING, 0);
+ if (result < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ result = get_time_stamp_status();
+ if (result) {
+ result =
+ gnutls_x509_crt_set_key_purpose_oid
+ (crt, GNUTLS_KP_TIME_STAMPING, 0);
+ if (result < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+ }
+ get_ocsp_issuer_set(crt);
+ get_ca_issuers_set(crt);
+
+ if (usage != 0) {
+ /* http://tools.ietf.org/html/rfc4945#section-5.1.3.2: if any KU is
+ set, then either digitalSignature or the nonRepudiation bits in the
+ KeyUsage extension MUST for all IKE certs */
+ if (is_ike && (get_sign_status(server) != 1))
+ usage |= GNUTLS_KEY_NON_REPUDIATION;
+ result = gnutls_x509_crt_set_key_usage(crt, usage);
+ if (result < 0) {
+ fprintf(stderr, "key_usage: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ /* Subject Key ID.
+ */
+ size = buffer_size;
+ result = gnutls_x509_crt_get_key_id(crt, 0, buffer, &size);
+ if (result >= 0) {
+ result =
+ gnutls_x509_crt_set_subject_key_id(crt, buffer,
+ size);
+ if (result < 0) {
+ fprintf(stderr, "set_subject_key_id: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ /* Authority Key ID.
+ */
+ if (ca_crt != NULL) {
+ size = buffer_size;
+ result =
+ gnutls_x509_crt_get_subject_key_id(ca_crt,
+ buffer,
+ &size,
+ NULL);
+ if (result < 0) {
+ size = buffer_size;
+ result =
+ gnutls_x509_crt_get_key_id(ca_crt, 0,
+ buffer,
+ &size);
+ }
+ if (result >= 0) {
+ result =
+ gnutls_x509_crt_set_authority_key_id
+ (crt, buffer, size);
+ if (result < 0) {
+ fprintf(stderr,
+ "set_authority_key_id: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+ }
+ }
+
+ /* Version.
+ */
+ if (cinfo->v1_cert != 0)
+ vers = 1;
+ else
+ vers = 3;
+ result = gnutls_x509_crt_set_version(crt, vers);
+ if (result < 0) {
+ fprintf(stderr, "set_version: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ *ret_key = key;
+ return crt;
}
static gnutls_x509_crl_t
-generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
+generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
{
- gnutls_x509_crl_t crl;
- gnutls_x509_crt_t *crts;
- size_t size;
- int days, result;
- unsigned int i;
- time_t now = time (NULL);
-
- result = gnutls_x509_crl_init (&crl);
- if (result < 0)
- {
- fprintf(stderr, "crl_init: %s", gnutls_strerror (result));
- exit(1);
- }
-
- crts = load_cert_list (0, &size, cinfo);
-
- for (i = 0; i < size; i++)
- {
- result = gnutls_x509_crl_set_crt (crl, crts[i], now);
- if (result < 0)
- {
- fprintf(stderr, "crl_set_crt: %s", gnutls_strerror (result));
- exit(1);
- }
- }
-
- result = gnutls_x509_crl_set_this_update (crl, now);
- if (result < 0)
- {
- fprintf(stderr, "this_update: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fprintf (stderr, "Update times.\n");
- days = get_crl_next_update ();
-
- result = gnutls_x509_crl_set_next_update (crl, now + days * 24 * 60 * 60);
- if (result < 0)
- {
- fprintf(stderr, "next_update: %s", gnutls_strerror (result));
- exit(1);
- }
-
- result = gnutls_x509_crl_set_version (crl, 2);
- if (result < 0)
- {
- fprintf(stderr, "set_version: %s", gnutls_strerror (result));
- exit(1);
- }
-
- /* Authority Key ID.
- */
- if (ca_crt != NULL)
- {
- size = buffer_size;
- result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
- &size, NULL);
- if (result < 0)
- {
- size = buffer_size;
- result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
- }
- if (result >= 0)
- {
- result = gnutls_x509_crl_set_authority_key_id (crl, buffer, size);
- if (result < 0)
- {
- fprintf(stderr, "set_authority_key_id: %s",
- gnutls_strerror (result));
- exit(1);
- }
-
- }
- }
-
- {
- unsigned int number = get_crl_number ();
- char bin_number[5];
-
- bin_number[4] = number & 0xff;
- bin_number[3] = (number >> 8) & 0xff;
- bin_number[2] = (number >> 16) & 0xff;
- bin_number[1] = (number >> 24) & 0xff;
- bin_number[0] = 0;
-
- result = gnutls_x509_crl_set_number (crl, bin_number, 5);
- if (result < 0)
- {
- fprintf(stderr, "set_number: %s", gnutls_strerror (result));
- exit(1);
- }
- }
-
- return crl;
+ gnutls_x509_crl_t crl;
+ gnutls_x509_crt_t *crts;
+ size_t size;
+ int days, result;
+ unsigned int i;
+ time_t now = time(NULL);
+
+ result = gnutls_x509_crl_init(&crl);
+ if (result < 0) {
+ fprintf(stderr, "crl_init: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ crts = load_cert_list(0, &size, cinfo);
+
+ for (i = 0; i < size; i++) {
+ result = gnutls_x509_crl_set_crt(crl, crts[i], now);
+ if (result < 0) {
+ fprintf(stderr, "crl_set_crt: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ result = gnutls_x509_crl_set_this_update(crl, now);
+ if (result < 0) {
+ fprintf(stderr, "this_update: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ fprintf(stderr, "Update times.\n");
+ days = get_crl_next_update();
+
+ result =
+ gnutls_x509_crl_set_next_update(crl,
+ now + days * 24 * 60 * 60);
+ if (result < 0) {
+ fprintf(stderr, "next_update: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_x509_crl_set_version(crl, 2);
+ if (result < 0) {
+ fprintf(stderr, "set_version: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ /* Authority Key ID.
+ */
+ if (ca_crt != NULL) {
+ size = buffer_size;
+ result = gnutls_x509_crt_get_subject_key_id(ca_crt, buffer,
+ &size, NULL);
+ if (result < 0) {
+ size = buffer_size;
+ result =
+ gnutls_x509_crt_get_key_id(ca_crt, 0, buffer,
+ &size);
+ }
+ if (result >= 0) {
+ result =
+ gnutls_x509_crl_set_authority_key_id(crl,
+ buffer,
+ size);
+ if (result < 0) {
+ fprintf(stderr, "set_authority_key_id: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ }
+ }
+
+ {
+ unsigned int number = get_crl_number();
+ char bin_number[5];
+
+ bin_number[4] = number & 0xff;
+ bin_number[3] = (number >> 8) & 0xff;
+ bin_number[2] = (number >> 16) & 0xff;
+ bin_number[1] = (number >> 24) & 0xff;
+ bin_number[0] = 0;
+
+ result = gnutls_x509_crl_set_number(crl, bin_number, 5);
+ if (result < 0) {
+ fprintf(stderr, "set_number: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ return crl;
}
-static gnutls_digest_algorithm_t
-get_dig_for_pub (gnutls_pubkey_t pubkey)
+static gnutls_digest_algorithm_t get_dig_for_pub(gnutls_pubkey_t pubkey)
{
- gnutls_digest_algorithm_t dig;
- int result;
- unsigned int mand;
-
- result = gnutls_pubkey_get_preferred_hash_algorithm (pubkey, &dig, &mand);
- if (result < 0)
- {
- {
- fprintf(stderr, "crt_get_preferred_hash_algorithm: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- /* if algorithm allows alternatives */
- if (mand == 0 && default_dig != GNUTLS_DIG_UNKNOWN)
- dig = default_dig;
-
- return dig;
+ gnutls_digest_algorithm_t dig;
+ int result;
+ unsigned int mand;
+
+ result =
+ gnutls_pubkey_get_preferred_hash_algorithm(pubkey, &dig,
+ &mand);
+ if (result < 0) {
+ {
+ fprintf(stderr,
+ "crt_get_preferred_hash_algorithm: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ /* if algorithm allows alternatives */
+ if (mand == 0 && default_dig != GNUTLS_DIG_UNKNOWN)
+ dig = default_dig;
+
+ return dig;
}
-static gnutls_digest_algorithm_t
-get_dig (gnutls_x509_crt_t crt)
+static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt)
{
- gnutls_digest_algorithm_t dig;
- gnutls_pubkey_t pubkey;
- int result;
+ gnutls_digest_algorithm_t dig;
+ gnutls_pubkey_t pubkey;
+ int result;
- gnutls_pubkey_init(&pubkey);
+ gnutls_pubkey_init(&pubkey);
- result = gnutls_pubkey_import_x509(pubkey, crt, 0);
- if (result < 0)
- {
- {
- fprintf(stderr, "gnutls_pubkey_import_x509: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
+ result = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (result < 0) {
+ {
+ fprintf(stderr, "gnutls_pubkey_import_x509: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
- dig = get_dig_for_pub (pubkey);
+ dig = get_dig_for_pub(pubkey);
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
- return dig;
+ return dig;
}
-void
-generate_self_signed (common_info_st * cinfo)
+void generate_self_signed(common_info_st * cinfo)
{
- gnutls_x509_crt_t crt;
- gnutls_privkey_t key;
- size_t size;
- int result;
- const char *uri;
-
- fprintf (stderr, "Generating a self signed certificate...\n");
-
- crt = generate_certificate (&key, NULL, 0, cinfo);
-
- if (!key)
- key = load_private_key (1, cinfo);
-
- uri = get_crl_dist_point_url ();
- if (uri)
- {
- result = gnutls_x509_crt_set_crl_dist_points (crt, GNUTLS_SAN_URI,
- uri,
- 0 /* all reasons */ );
- if (result < 0)
- {
- fprintf(stderr, "crl_dist_points: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- print_certificate_info (crt, stderr, 0);
-
- fprintf (stderr, "\n\nSigning certificate...\n");
-
- result = gnutls_x509_crt_privkey_sign (crt, crt, key, get_dig (crt), 0);
- if (result < 0)
- {
- fprintf(stderr, "crt_sign: %s", gnutls_strerror (result));
- exit(1);
- }
-
- size = buffer_size;
- result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
- if (result < 0)
- {
- fprintf(stderr, "crt_export: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
-
- gnutls_x509_crt_deinit (crt);
- gnutls_privkey_deinit (key);
+ gnutls_x509_crt_t crt;
+ gnutls_privkey_t key;
+ size_t size;
+ int result;
+ const char *uri;
+
+ fprintf(stderr, "Generating a self signed certificate...\n");
+
+ crt = generate_certificate(&key, NULL, 0, cinfo);
+
+ if (!key)
+ key = load_private_key(1, cinfo);
+
+ uri = get_crl_dist_point_url();
+ if (uri) {
+ result =
+ gnutls_x509_crt_set_crl_dist_points(crt,
+ GNUTLS_SAN_URI,
+ uri,
+ 0 /* all reasons */
+ );
+ if (result < 0) {
+ fprintf(stderr, "crl_dist_points: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ print_certificate_info(crt, stderr, 0);
+
+ fprintf(stderr, "\n\nSigning certificate...\n");
+
+ result =
+ gnutls_x509_crt_privkey_sign(crt, crt, key, get_dig(crt), 0);
+ if (result < 0) {
+ fprintf(stderr, "crt_sign: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ size = buffer_size;
+ result =
+ gnutls_x509_crt_export(crt, outcert_format, buffer, &size);
+ if (result < 0) {
+ fprintf(stderr, "crt_export: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
+
+ gnutls_x509_crt_deinit(crt);
+ gnutls_privkey_deinit(key);
}
-static void
-generate_signed_certificate (common_info_st * cinfo)
+static void generate_signed_certificate(common_info_st * cinfo)
{
- gnutls_x509_crt_t crt;
- gnutls_privkey_t key;
- size_t size;
- int result;
- gnutls_privkey_t ca_key;
- gnutls_x509_crt_t ca_crt;
-
- fprintf (stderr, "Generating a signed certificate...\n");
-
- ca_key = load_ca_private_key (cinfo);
- ca_crt = load_ca_cert (cinfo);
-
- crt = generate_certificate (&key, ca_crt, 0, cinfo);
-
- /* Copy the CRL distribution points.
- */
- gnutls_x509_crt_cpy_crl_dist_points (crt, ca_crt);
- /* it doesn't matter if we couldn't copy the CRL dist points.
- */
-
- print_certificate_info (crt, stderr, 0);
-
- fprintf (stderr, "\n\nSigning certificate...\n");
-
- result = gnutls_x509_crt_privkey_sign (crt, ca_crt, ca_key, get_dig (ca_crt), 0);
- if (result < 0)
- {
- fprintf(stderr, "crt_sign: %s", gnutls_strerror (result));
- exit(1);
- }
-
- size = buffer_size;
- result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
- if (result < 0)
- {
- fprintf(stderr, "crt_export: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
-
- gnutls_x509_crt_deinit (crt);
- gnutls_privkey_deinit (key);
- gnutls_privkey_deinit(ca_key);
+ gnutls_x509_crt_t crt;
+ gnutls_privkey_t key;
+ size_t size;
+ int result;
+ gnutls_privkey_t ca_key;
+ gnutls_x509_crt_t ca_crt;
+
+ fprintf(stderr, "Generating a signed certificate...\n");
+
+ ca_key = load_ca_private_key(cinfo);
+ ca_crt = load_ca_cert(cinfo);
+
+ crt = generate_certificate(&key, ca_crt, 0, cinfo);
+
+ /* Copy the CRL distribution points.
+ */
+ gnutls_x509_crt_cpy_crl_dist_points(crt, ca_crt);
+ /* it doesn't matter if we couldn't copy the CRL dist points.
+ */
+
+ print_certificate_info(crt, stderr, 0);
+
+ fprintf(stderr, "\n\nSigning certificate...\n");
+
+ result =
+ gnutls_x509_crt_privkey_sign(crt, ca_crt, ca_key,
+ get_dig(ca_crt), 0);
+ if (result < 0) {
+ fprintf(stderr, "crt_sign: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ size = buffer_size;
+ result =
+ gnutls_x509_crt_export(crt, outcert_format, buffer, &size);
+ if (result < 0) {
+ fprintf(stderr, "crt_export: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
+
+ gnutls_x509_crt_deinit(crt);
+ gnutls_privkey_deinit(key);
+ gnutls_privkey_deinit(ca_key);
}
-static void
-generate_proxy_certificate (common_info_st * cinfo)
+static void generate_proxy_certificate(common_info_st * cinfo)
{
- gnutls_x509_crt_t crt, eecrt;
- gnutls_privkey_t key, eekey;
- size_t size;
- int result;
+ gnutls_x509_crt_t crt, eecrt;
+ gnutls_privkey_t key, eekey;
+ size_t size;
+ int result;
- fprintf (stderr, "Generating a proxy certificate...\n");
+ fprintf(stderr, "Generating a proxy certificate...\n");
- eekey = load_ca_private_key (cinfo);
- eecrt = load_cert (1, cinfo);
+ eekey = load_ca_private_key(cinfo);
+ eecrt = load_cert(1, cinfo);
- crt = generate_certificate (&key, eecrt, 1, cinfo);
+ crt = generate_certificate(&key, eecrt, 1, cinfo);
- print_certificate_info (crt, stderr, 0);
+ print_certificate_info(crt, stderr, 0);
- fprintf (stderr, "\n\nSigning certificate...\n");
+ fprintf(stderr, "\n\nSigning certificate...\n");
- result = gnutls_x509_crt_privkey_sign (crt, eecrt, eekey, get_dig (eecrt), 0);
- if (result < 0)
- {
- fprintf(stderr, "crt_sign: %s", gnutls_strerror (result));
- exit(1);
- }
+ result =
+ gnutls_x509_crt_privkey_sign(crt, eecrt, eekey, get_dig(eecrt),
+ 0);
+ if (result < 0) {
+ fprintf(stderr, "crt_sign: %s", gnutls_strerror(result));
+ exit(1);
+ }
- size = buffer_size;
- result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
- if (result < 0)
- {
- fprintf(stderr, "crt_export: %s", gnutls_strerror (result));
- exit(1);
- }
+ size = buffer_size;
+ result =
+ gnutls_x509_crt_export(crt, outcert_format, buffer, &size);
+ if (result < 0) {
+ fprintf(stderr, "crt_export: %s", gnutls_strerror(result));
+ exit(1);
+ }
- fwrite (buffer, 1, size, outfile);
+ fwrite(buffer, 1, size, outfile);
- gnutls_x509_crt_deinit (eecrt);
- gnutls_x509_crt_deinit (crt);
- gnutls_privkey_deinit (key);
- gnutls_privkey_deinit (eekey);
+ gnutls_x509_crt_deinit(eecrt);
+ gnutls_x509_crt_deinit(crt);
+ gnutls_privkey_deinit(key);
+ gnutls_privkey_deinit(eekey);
}
-static void
-generate_signed_crl (common_info_st * cinfo)
+static void generate_signed_crl(common_info_st * cinfo)
{
- gnutls_x509_crl_t crl;
- int result;
- gnutls_privkey_t ca_key;
- gnutls_x509_crt_t ca_crt;
-
- fprintf (stderr, "Generating a signed CRL...\n");
-
- ca_key = load_ca_private_key (cinfo);
- ca_crt = load_ca_cert (cinfo);
- crl = generate_crl (ca_crt, cinfo);
-
- fprintf (stderr, "\n");
- result = gnutls_x509_crl_privkey_sign(crl, ca_crt, ca_key, get_dig (ca_crt), 0);
- if (result < 0)
- {
- fprintf(stderr, "crl_privkey_sign: %s", gnutls_strerror (result));
- exit(1);
- }
-
- print_crl_info (crl, stderr);
-
- gnutls_privkey_deinit( ca_key);
- gnutls_x509_crl_deinit (crl);
+ gnutls_x509_crl_t crl;
+ int result;
+ gnutls_privkey_t ca_key;
+ gnutls_x509_crt_t ca_crt;
+
+ fprintf(stderr, "Generating a signed CRL...\n");
+
+ ca_key = load_ca_private_key(cinfo);
+ ca_crt = load_ca_cert(cinfo);
+ crl = generate_crl(ca_crt, cinfo);
+
+ fprintf(stderr, "\n");
+ result =
+ gnutls_x509_crl_privkey_sign(crl, ca_crt, ca_key,
+ get_dig(ca_crt), 0);
+ if (result < 0) {
+ fprintf(stderr, "crl_privkey_sign: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ print_crl_info(crl, stderr);
+
+ gnutls_privkey_deinit(ca_key);
+ gnutls_x509_crl_deinit(crl);
}
-static void
-update_signed_certificate (common_info_st * cinfo)
+static void update_signed_certificate(common_info_st * cinfo)
{
- gnutls_x509_crt_t crt;
- size_t size;
- int result;
- gnutls_privkey_t ca_key;
- gnutls_x509_crt_t ca_crt;
- int days;
- time_t tim = time (NULL);
-
- fprintf (stderr, "Generating a signed certificate...\n");
-
- ca_key = load_ca_private_key (cinfo);
- ca_crt = load_ca_cert (cinfo);
- crt = load_cert (1, cinfo);
-
- fprintf (stderr, "Activation/Expiration time.\n");
- gnutls_x509_crt_set_activation_time (crt, tim);
-
- days = get_days ();
-
- result =
- gnutls_x509_crt_set_expiration_time (crt, tim + ((time_t) days) * 24 * 60 * 60);
- if (result < 0)
- {
- fprintf(stderr, "set_expiration: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fprintf (stderr, "\n\nSigning certificate...\n");
-
- result = gnutls_x509_crt_privkey_sign (crt, ca_crt, ca_key, get_dig (ca_crt), 0);
- if (result < 0)
- {
- fprintf(stderr, "crt_sign: %s", gnutls_strerror (result));
- exit(1);
- }
-
- size = buffer_size;
- result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
- if (result < 0)
- {
- fprintf(stderr, "crt_export: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
-
- gnutls_x509_crt_deinit (crt);
+ gnutls_x509_crt_t crt;
+ size_t size;
+ int result;
+ gnutls_privkey_t ca_key;
+ gnutls_x509_crt_t ca_crt;
+ int days;
+ time_t tim = time(NULL);
+
+ fprintf(stderr, "Generating a signed certificate...\n");
+
+ ca_key = load_ca_private_key(cinfo);
+ ca_crt = load_ca_cert(cinfo);
+ crt = load_cert(1, cinfo);
+
+ fprintf(stderr, "Activation/Expiration time.\n");
+ gnutls_x509_crt_set_activation_time(crt, tim);
+
+ days = get_days();
+
+ result =
+ gnutls_x509_crt_set_expiration_time(crt,
+ tim +
+ ((time_t) days) * 24 * 60 *
+ 60);
+ if (result < 0) {
+ fprintf(stderr, "set_expiration: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ fprintf(stderr, "\n\nSigning certificate...\n");
+
+ result =
+ gnutls_x509_crt_privkey_sign(crt, ca_crt, ca_key,
+ get_dig(ca_crt), 0);
+ if (result < 0) {
+ fprintf(stderr, "crt_sign: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ size = buffer_size;
+ result =
+ gnutls_x509_crt_export(crt, outcert_format, buffer, &size);
+ if (result < 0) {
+ fprintf(stderr, "crt_export: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
+
+ gnutls_x509_crt_deinit(crt);
}
-static void
-cmd_parser (int argc, char **argv)
+static void cmd_parser(int argc, char **argv)
{
- int ret, privkey_op = 0;
- common_info_st cinfo;
-
- optionProcess( &certtoolOptions, argc, argv);
-
- if (HAVE_OPT(GENERATE_PRIVKEY) || HAVE_OPT(GENERATE_REQUEST) ||
- HAVE_OPT(KEY_INFO) || HAVE_OPT(PGP_KEY_INFO))
- privkey_op = 1;
-
- if (HAVE_OPT(HEX_NUMBERS))
- full_format = GNUTLS_CRT_PRINT_FULL_NUMBERS;
-
- if (HAVE_OPT(OUTFILE))
- {
- outfile = safe_open_rw (OPT_ARG(OUTFILE), privkey_op);
- if (outfile == NULL)
- {
- fprintf(stderr, "%s", OPT_ARG(OUTFILE));
- exit(1);
- }
- }
- else
- outfile = stdout;
-
- if (HAVE_OPT(INFILE))
- {
- infile = fopen (OPT_ARG(INFILE), "rb");
- if (infile == NULL)
- {
- fprintf(stderr, "%s", OPT_ARG(INFILE));
- exit(1);
- }
- }
- else
- infile = stdin;
-
- if (HAVE_OPT(INDER) || HAVE_OPT(INRAW))
- incert_format = GNUTLS_X509_FMT_DER;
- else
- incert_format = GNUTLS_X509_FMT_PEM;
-
- if (HAVE_OPT(OUTDER) || HAVE_OPT(OUTRAW))
- outcert_format = GNUTLS_X509_FMT_DER;
- else
- outcert_format = GNUTLS_X509_FMT_PEM;
-
- if (HAVE_OPT(DSA))
- req_key_type = GNUTLS_PK_DSA;
- else if (HAVE_OPT(ECC))
- req_key_type = GNUTLS_PK_ECC;
- else
- req_key_type = GNUTLS_PK_RSA;
-
- default_dig = GNUTLS_DIG_UNKNOWN;
- if (HAVE_OPT(HASH))
- {
- if (strcasecmp (OPT_ARG(HASH), "md5") == 0)
- {
- fprintf (stderr,
- "Warning: MD5 is broken, and should not be used any more for digital signatures.\n");
- default_dig = GNUTLS_DIG_MD5;
- }
- else if (strcasecmp (OPT_ARG(HASH), "sha1") == 0)
- default_dig = GNUTLS_DIG_SHA1;
- else if (strcasecmp (OPT_ARG(HASH), "sha256") == 0)
- default_dig = GNUTLS_DIG_SHA256;
- else if (strcasecmp (OPT_ARG(HASH), "sha224") == 0)
- default_dig = GNUTLS_DIG_SHA224;
- else if (strcasecmp (OPT_ARG(HASH), "sha384") == 0)
- default_dig = GNUTLS_DIG_SHA384;
- else if (strcasecmp (OPT_ARG(HASH), "sha512") == 0)
- default_dig = GNUTLS_DIG_SHA512;
- else if (strcasecmp (OPT_ARG(HASH), "rmd160") == 0)
- default_dig = GNUTLS_DIG_RMD160;
- else
- {
- fprintf(stderr, "invalid hash: %s", OPT_ARG(HASH));
- exit(1);
- }
- }
-
- batch = 0;
- if (HAVE_OPT(TEMPLATE))
- {
- batch = 1;
- template_parse (OPT_ARG(TEMPLATE));
- }
-
- gnutls_global_set_log_function (tls_log_func);
-
- if (HAVE_OPT(DEBUG))
- {
- gnutls_global_set_log_level (OPT_VALUE_DEBUG);
- printf ("Setting log level to %d\n", (int)OPT_VALUE_DEBUG);
- }
-
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf(stderr, "global_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
+ int ret, privkey_op = 0;
+ common_info_st cinfo;
+
+ optionProcess(&certtoolOptions, argc, argv);
+
+ if (HAVE_OPT(GENERATE_PRIVKEY) || HAVE_OPT(GENERATE_REQUEST) ||
+ HAVE_OPT(KEY_INFO) || HAVE_OPT(PGP_KEY_INFO))
+ privkey_op = 1;
+
+ if (HAVE_OPT(HEX_NUMBERS))
+ full_format = GNUTLS_CRT_PRINT_FULL_NUMBERS;
+
+ if (HAVE_OPT(OUTFILE)) {
+ outfile = safe_open_rw(OPT_ARG(OUTFILE), privkey_op);
+ if (outfile == NULL) {
+ fprintf(stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
+ } else
+ outfile = stdout;
+
+ if (HAVE_OPT(INFILE)) {
+ infile = fopen(OPT_ARG(INFILE), "rb");
+ if (infile == NULL) {
+ fprintf(stderr, "%s", OPT_ARG(INFILE));
+ exit(1);
+ }
+ } else
+ infile = stdin;
+
+ if (HAVE_OPT(INDER) || HAVE_OPT(INRAW))
+ incert_format = GNUTLS_X509_FMT_DER;
+ else
+ incert_format = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(OUTDER) || HAVE_OPT(OUTRAW))
+ outcert_format = GNUTLS_X509_FMT_DER;
+ else
+ outcert_format = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(DSA))
+ req_key_type = GNUTLS_PK_DSA;
+ else if (HAVE_OPT(ECC))
+ req_key_type = GNUTLS_PK_ECC;
+ else
+ req_key_type = GNUTLS_PK_RSA;
+
+ default_dig = GNUTLS_DIG_UNKNOWN;
+ if (HAVE_OPT(HASH)) {
+ if (strcasecmp(OPT_ARG(HASH), "md5") == 0) {
+ fprintf(stderr,
+ "Warning: MD5 is broken, and should not be used any more for digital signatures.\n");
+ default_dig = GNUTLS_DIG_MD5;
+ } else if (strcasecmp(OPT_ARG(HASH), "sha1") == 0)
+ default_dig = GNUTLS_DIG_SHA1;
+ else if (strcasecmp(OPT_ARG(HASH), "sha256") == 0)
+ default_dig = GNUTLS_DIG_SHA256;
+ else if (strcasecmp(OPT_ARG(HASH), "sha224") == 0)
+ default_dig = GNUTLS_DIG_SHA224;
+ else if (strcasecmp(OPT_ARG(HASH), "sha384") == 0)
+ default_dig = GNUTLS_DIG_SHA384;
+ else if (strcasecmp(OPT_ARG(HASH), "sha512") == 0)
+ default_dig = GNUTLS_DIG_SHA512;
+ else if (strcasecmp(OPT_ARG(HASH), "rmd160") == 0)
+ default_dig = GNUTLS_DIG_RMD160;
+ else {
+ fprintf(stderr, "invalid hash: %s", OPT_ARG(HASH));
+ exit(1);
+ }
+ }
+
+ batch = 0;
+ if (HAVE_OPT(TEMPLATE)) {
+ batch = 1;
+ template_parse(OPT_ARG(TEMPLATE));
+ }
+
+ gnutls_global_set_log_function(tls_log_func);
+
+ if (HAVE_OPT(DEBUG)) {
+ gnutls_global_set_log_level(OPT_VALUE_DEBUG);
+ printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG);
+ }
+
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
#ifdef ENABLE_PKCS11
- pkcs11_common();
+ pkcs11_common();
#endif
- memset (&cinfo, 0, sizeof (cinfo));
-
- if (HAVE_OPT(VERBOSE))
- cinfo.verbose = 1;
-
- cinfo.cprint = HAVE_OPT(CPRINT);
-
- if (HAVE_OPT(LOAD_PRIVKEY))
- cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
-
- cinfo.v1_cert = HAVE_OPT(V1);
- if (HAVE_OPT(NO_CRQ_EXTENSIONS))
- cinfo.crq_extensions = 0;
- else cinfo.crq_extensions = 1;
-
- if (HAVE_OPT(LOAD_PUBKEY))
- cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
-
- cinfo.pkcs8 = HAVE_OPT(PKCS8);
- cinfo.incert_format = incert_format;
- cinfo.outcert_format = outcert_format;
-
- if (HAVE_OPT(LOAD_CERTIFICATE))
- cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
-
- if (HAVE_OPT(LOAD_REQUEST))
- cinfo.request = OPT_ARG(LOAD_REQUEST);
-
- if (HAVE_OPT(LOAD_CA_CERTIFICATE))
- cinfo.ca = OPT_ARG(LOAD_CA_CERTIFICATE);
-
- if (HAVE_OPT(LOAD_CA_PRIVKEY))
- cinfo.ca_privkey = OPT_ARG(LOAD_CA_PRIVKEY);
-
- if (HAVE_OPT(BITS))
- cinfo.bits = OPT_VALUE_BITS;
-
- if (HAVE_OPT(SEC_PARAM))
- cinfo.sec_param = OPT_ARG(SEC_PARAM);
-
- if (HAVE_OPT(PKCS_CIPHER))
- cinfo.pkcs_cipher = OPT_ARG(PKCS_CIPHER);
-
- if (HAVE_OPT(PASSWORD))
- {
- cinfo.password = OPT_ARG(PASSWORD);
- if (HAVE_OPT(GENERATE_PRIVKEY) && cinfo.pkcs8 == 0)
- {
- fprintf(stderr, "Assuming PKCS #8 format...\n");
- cinfo.pkcs8 = 1;
- }
- }
-
- if (HAVE_OPT(NULL_PASSWORD))
- {
- cinfo.null_password = 1;
- cinfo.password = "";
- }
-
- if (HAVE_OPT(GENERATE_SELF_SIGNED))
- generate_self_signed (&cinfo);
- else if (HAVE_OPT(GENERATE_CERTIFICATE))
- generate_signed_certificate (&cinfo);
- else if (HAVE_OPT(GENERATE_PROXY))
- generate_proxy_certificate (&cinfo);
- else if (HAVE_OPT(GENERATE_CRL))
- generate_signed_crl (&cinfo);
- else if (HAVE_OPT(UPDATE_CERTIFICATE))
- update_signed_certificate (&cinfo);
- else if (HAVE_OPT(GENERATE_PRIVKEY))
- generate_private_key (&cinfo);
- else if (HAVE_OPT(GENERATE_REQUEST))
- generate_request (&cinfo);
- else if (HAVE_OPT(VERIFY_CHAIN))
- verify_chain ();
- else if (HAVE_OPT(VERIFY))
- verify_certificate (&cinfo);
- else if (HAVE_OPT(VERIFY_CRL))
- verify_crl (&cinfo);
- else if (HAVE_OPT(CERTIFICATE_INFO))
- certificate_info (0, &cinfo);
- else if (HAVE_OPT(DH_INFO))
- dh_info (infile, outfile, &cinfo);
- else if (HAVE_OPT(CERTIFICATE_PUBKEY))
- certificate_info (1, &cinfo);
- else if (HAVE_OPT(KEY_INFO))
- privkey_info (&cinfo);
- else if (HAVE_OPT(PUBKEY_INFO))
- pubkey_info (NULL, &cinfo);
- else if (HAVE_OPT(TO_P12))
- generate_pkcs12 (&cinfo);
- else if (HAVE_OPT(P12_INFO))
- pkcs12_info (&cinfo);
- else if (HAVE_OPT(GENERATE_DH_PARAMS))
- generate_prime (outfile, 1, &cinfo);
- else if (HAVE_OPT(GET_DH_PARAMS))
- generate_prime (outfile, 0, &cinfo);
- else if (HAVE_OPT(CRL_INFO))
- crl_info ();
- else if (HAVE_OPT(P7_INFO))
- pkcs7_info ();
- else if (HAVE_OPT(SMIME_TO_P7))
- smime_to_pkcs7 ();
- else if (HAVE_OPT(TO_P8))
- generate_pkcs8 (&cinfo);
+ memset(&cinfo, 0, sizeof(cinfo));
+
+ if (HAVE_OPT(VERBOSE))
+ cinfo.verbose = 1;
+
+ cinfo.cprint = HAVE_OPT(CPRINT);
+
+ if (HAVE_OPT(LOAD_PRIVKEY))
+ cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
+
+ cinfo.v1_cert = HAVE_OPT(V1);
+ if (HAVE_OPT(NO_CRQ_EXTENSIONS))
+ cinfo.crq_extensions = 0;
+ else
+ cinfo.crq_extensions = 1;
+
+ if (HAVE_OPT(LOAD_PUBKEY))
+ cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
+
+ cinfo.pkcs8 = HAVE_OPT(PKCS8);
+ cinfo.incert_format = incert_format;
+ cinfo.outcert_format = outcert_format;
+
+ if (HAVE_OPT(LOAD_CERTIFICATE))
+ cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
+
+ if (HAVE_OPT(LOAD_REQUEST))
+ cinfo.request = OPT_ARG(LOAD_REQUEST);
+
+ if (HAVE_OPT(LOAD_CA_CERTIFICATE))
+ cinfo.ca = OPT_ARG(LOAD_CA_CERTIFICATE);
+
+ if (HAVE_OPT(LOAD_CA_PRIVKEY))
+ cinfo.ca_privkey = OPT_ARG(LOAD_CA_PRIVKEY);
+
+ if (HAVE_OPT(BITS))
+ cinfo.bits = OPT_VALUE_BITS;
+
+ if (HAVE_OPT(SEC_PARAM))
+ cinfo.sec_param = OPT_ARG(SEC_PARAM);
+
+ if (HAVE_OPT(PKCS_CIPHER))
+ cinfo.pkcs_cipher = OPT_ARG(PKCS_CIPHER);
+
+ if (HAVE_OPT(PASSWORD)) {
+ cinfo.password = OPT_ARG(PASSWORD);
+ if (HAVE_OPT(GENERATE_PRIVKEY) && cinfo.pkcs8 == 0) {
+ fprintf(stderr, "Assuming PKCS #8 format...\n");
+ cinfo.pkcs8 = 1;
+ }
+ }
+
+ if (HAVE_OPT(NULL_PASSWORD)) {
+ cinfo.null_password = 1;
+ cinfo.password = "";
+ }
+
+ if (HAVE_OPT(GENERATE_SELF_SIGNED))
+ generate_self_signed(&cinfo);
+ else if (HAVE_OPT(GENERATE_CERTIFICATE))
+ generate_signed_certificate(&cinfo);
+ else if (HAVE_OPT(GENERATE_PROXY))
+ generate_proxy_certificate(&cinfo);
+ else if (HAVE_OPT(GENERATE_CRL))
+ generate_signed_crl(&cinfo);
+ else if (HAVE_OPT(UPDATE_CERTIFICATE))
+ update_signed_certificate(&cinfo);
+ else if (HAVE_OPT(GENERATE_PRIVKEY))
+ generate_private_key(&cinfo);
+ else if (HAVE_OPT(GENERATE_REQUEST))
+ generate_request(&cinfo);
+ else if (HAVE_OPT(VERIFY_CHAIN))
+ verify_chain();
+ else if (HAVE_OPT(VERIFY))
+ verify_certificate(&cinfo);
+ else if (HAVE_OPT(VERIFY_CRL))
+ verify_crl(&cinfo);
+ else if (HAVE_OPT(CERTIFICATE_INFO))
+ certificate_info(0, &cinfo);
+ else if (HAVE_OPT(DH_INFO))
+ dh_info(infile, outfile, &cinfo);
+ else if (HAVE_OPT(CERTIFICATE_PUBKEY))
+ certificate_info(1, &cinfo);
+ else if (HAVE_OPT(KEY_INFO))
+ privkey_info(&cinfo);
+ else if (HAVE_OPT(PUBKEY_INFO))
+ pubkey_info(NULL, &cinfo);
+ else if (HAVE_OPT(TO_P12))
+ generate_pkcs12(&cinfo);
+ else if (HAVE_OPT(P12_INFO))
+ pkcs12_info(&cinfo);
+ else if (HAVE_OPT(GENERATE_DH_PARAMS))
+ generate_prime(outfile, 1, &cinfo);
+ else if (HAVE_OPT(GET_DH_PARAMS))
+ generate_prime(outfile, 0, &cinfo);
+ else if (HAVE_OPT(CRL_INFO))
+ crl_info();
+ else if (HAVE_OPT(P7_INFO))
+ pkcs7_info();
+ else if (HAVE_OPT(SMIME_TO_P7))
+ smime_to_pkcs7();
+ else if (HAVE_OPT(TO_P8))
+ generate_pkcs8(&cinfo);
#ifdef ENABLE_OPENPGP
- else if (HAVE_OPT(PGP_CERTIFICATE_INFO))
- pgp_certificate_info ();
- else if (HAVE_OPT(PGP_KEY_INFO))
- pgp_privkey_info ();
- else if (HAVE_OPT(PGP_RING_INFO))
- pgp_ring_info ();
+ else if (HAVE_OPT(PGP_CERTIFICATE_INFO))
+ pgp_certificate_info();
+ else if (HAVE_OPT(PGP_KEY_INFO))
+ pgp_privkey_info();
+ else if (HAVE_OPT(PGP_RING_INFO))
+ pgp_ring_info();
#endif
- else if (HAVE_OPT(CRQ_INFO))
- crq_info ();
- else
- USAGE(1);
+ else if (HAVE_OPT(CRQ_INFO))
+ crq_info();
+ else
+ USAGE(1);
- fclose (outfile);
+ fclose(outfile);
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_deinit ();
+ gnutls_pkcs11_deinit();
#endif
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
#define MAX_CRTS 500
-void
-certificate_info (int pubkey, common_info_st * cinfo)
+void certificate_info(int pubkey, common_info_st * cinfo)
{
- gnutls_x509_crt_t crt[MAX_CRTS];
- size_t size;
- int ret, i, count;
- gnutls_datum_t pem;
- unsigned int crt_num;
-
- pem.data = (void*)fread_file (infile, &size);
- pem.size = size;
-
- crt_num = MAX_CRTS;
- ret =
- gnutls_x509_crt_list_import (crt, &crt_num, &pem, incert_format,
- GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fprintf( stderr, "too many certificates (%d); "
- "will only read the first %d", crt_num, MAX_CRTS);
- crt_num = MAX_CRTS;
- ret = gnutls_x509_crt_list_import (crt, &crt_num, &pem,
- incert_format, 0);
- }
- if (ret < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- free (pem.data);
-
- count = ret;
-
- if (count > 1 && outcert_format == GNUTLS_X509_FMT_DER)
- {
- fprintf( stderr, "cannot output multiple certificates in DER format; "
- "using PEM instead");
- outcert_format = GNUTLS_X509_FMT_PEM;
- }
-
- for (i = 0; i < count; i++)
- {
- if (i > 0)
- fprintf (outfile, "\n");
-
- if (outcert_format == GNUTLS_X509_FMT_PEM)
- print_certificate_info (crt[i], outfile, 1);
-
- if (pubkey)
- pubkey_info (crt[i], cinfo);
- else
- {
- size = buffer_size;
- ret = gnutls_x509_crt_export (crt[i], outcert_format, buffer,
- &size);
- if (ret < 0)
- {
- fprintf(stderr, "export error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
- }
-
- gnutls_x509_crt_deinit (crt[i]);
- }
+ gnutls_x509_crt_t crt[MAX_CRTS];
+ size_t size;
+ int ret, i, count;
+ gnutls_datum_t pem;
+ unsigned int crt_num;
+
+ pem.data = (void *) fread_file(infile, &size);
+ pem.size = size;
+
+ crt_num = MAX_CRTS;
+ ret =
+ gnutls_x509_crt_list_import(crt, &crt_num, &pem, incert_format,
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ fprintf(stderr, "too many certificates (%d); "
+ "will only read the first %d", crt_num, MAX_CRTS);
+ crt_num = MAX_CRTS;
+ ret = gnutls_x509_crt_list_import(crt, &crt_num, &pem,
+ incert_format, 0);
+ }
+ if (ret < 0) {
+ fprintf(stderr, "import error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ free(pem.data);
+
+ count = ret;
+
+ if (count > 1 && outcert_format == GNUTLS_X509_FMT_DER) {
+ fprintf(stderr,
+ "cannot output multiple certificates in DER format; "
+ "using PEM instead");
+ outcert_format = GNUTLS_X509_FMT_PEM;
+ }
+
+ for (i = 0; i < count; i++) {
+ if (i > 0)
+ fprintf(outfile, "\n");
+
+ if (outcert_format == GNUTLS_X509_FMT_PEM)
+ print_certificate_info(crt[i], outfile, 1);
+
+ if (pubkey)
+ pubkey_info(crt[i], cinfo);
+ else {
+ size = buffer_size;
+ ret =
+ gnutls_x509_crt_export(crt[i], outcert_format,
+ buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
+ }
+
+ gnutls_x509_crt_deinit(crt[i]);
+ }
}
#ifdef ENABLE_OPENPGP
-void
-pgp_certificate_info (void)
+void pgp_certificate_info(void)
{
- gnutls_openpgp_crt_t crt;
- size_t size;
- int ret;
- gnutls_datum_t pem, out_data;
- unsigned int verify_status;
-
- pem.data = (void*)fread_file (infile, &size);
- pem.size = size;
-
- ret = gnutls_openpgp_crt_init (&crt);
- if (ret < 0)
- {
- fprintf(stderr, "openpgp_crt_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_openpgp_crt_import (crt, &pem, incert_format);
-
- if (ret < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- free (pem.data);
-
- if (outcert_format == GNUTLS_OPENPGP_FMT_BASE64)
- {
- ret = gnutls_openpgp_crt_print (crt, 0, &out_data);
-
- if (ret == 0)
- {
- fprintf (outfile, "%s\n", out_data.data);
- gnutls_free (out_data.data);
- }
- }
-
-
- ret = gnutls_openpgp_crt_verify_self (crt, 0, &verify_status);
- if (ret < 0)
- {
- {
- fprintf(stderr, "verify signature error: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
-
- if (verify_status & GNUTLS_CERT_INVALID)
- {
- fprintf (outfile, "Self Signature verification: failed\n\n");
- }
- else
- {
- fprintf (outfile, "Self Signature verification: ok (%x)\n\n",
- verify_status);
- }
-
- size = buffer_size;
- ret = gnutls_openpgp_crt_export (crt, outcert_format, buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "export error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "%s\n", buffer);
- gnutls_openpgp_crt_deinit (crt);
+ gnutls_openpgp_crt_t crt;
+ size_t size;
+ int ret;
+ gnutls_datum_t pem, out_data;
+ unsigned int verify_status;
+
+ pem.data = (void *) fread_file(infile, &size);
+ pem.size = size;
+
+ ret = gnutls_openpgp_crt_init(&crt);
+ if (ret < 0) {
+ fprintf(stderr, "openpgp_crt_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_openpgp_crt_import(crt, &pem, incert_format);
+
+ if (ret < 0) {
+ fprintf(stderr, "import error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ free(pem.data);
+
+ if (outcert_format == GNUTLS_OPENPGP_FMT_BASE64) {
+ ret = gnutls_openpgp_crt_print(crt, 0, &out_data);
+
+ if (ret == 0) {
+ fprintf(outfile, "%s\n", out_data.data);
+ gnutls_free(out_data.data);
+ }
+ }
+
+
+ ret = gnutls_openpgp_crt_verify_self(crt, 0, &verify_status);
+ if (ret < 0) {
+ {
+ fprintf(stderr, "verify signature error: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ if (verify_status & GNUTLS_CERT_INVALID) {
+ fprintf(outfile,
+ "Self Signature verification: failed\n\n");
+ } else {
+ fprintf(outfile,
+ "Self Signature verification: ok (%x)\n\n",
+ verify_status);
+ }
+
+ size = buffer_size;
+ ret =
+ gnutls_openpgp_crt_export(crt, outcert_format, buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "%s\n", buffer);
+ gnutls_openpgp_crt_deinit(crt);
}
-void
-pgp_privkey_info (void)
+void pgp_privkey_info(void)
{
- gnutls_openpgp_privkey_t key;
- unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- size_t size;
- int ret, i, subkeys, bits = 0;
- gnutls_datum_t pem;
- const char *cprint;
-
- size = fread (buffer, 1, buffer_size - 1, infile);
- buffer[size] = 0;
-
- gnutls_openpgp_privkey_init (&key);
-
- pem.data = buffer;
- pem.size = size;
-
- ret = gnutls_openpgp_privkey_import (key, &pem, incert_format,
- NULL, 0);
-
- if (ret < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- /* Public key algorithm
- */
- subkeys = gnutls_openpgp_privkey_get_subkey_count (key);
- if (subkeys < 0)
- {
- fprintf(stderr, "privkey_get_subkey_count: %s",
- gnutls_strerror (subkeys));
- exit(1);
- }
-
- for (i = -1; i < subkeys; i++)
- {
-
- if (i != -1)
- fprintf (outfile, "Subkey[%d]:\n", i);
-
- fprintf (outfile, "Public Key Info:\n");
-
- if (i == -1)
- ret = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
- else
- ret = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL);
-
- fprintf (outfile, "\tPublic Key Algorithm: ");
- cprint = gnutls_pk_algorithm_get_name (ret);
- fprintf (outfile, "%s\n", cprint ? cprint : "Unknown");
- fprintf (outfile, "\tKey Security Level: %s\n",
- gnutls_sec_param_get_name (gnutls_openpgp_privkey_sec_param
- (key)));
-
- /* Print the raw public and private keys
- */
-
- if (ret == GNUTLS_PK_RSA)
- {
- gnutls_datum_t m, e, d, p, q, u;
-
- if (i == -1)
- ret =
- gnutls_openpgp_privkey_export_rsa_raw (key, &m, &e, &d, &p,
- &q, &u);
- else
- ret =
- gnutls_openpgp_privkey_export_subkey_rsa_raw (key, i, &m,
- &e, &d, &p,
- &q, &u);
- if (ret < 0)
- fprintf (stderr, "Error in key RSA data export: %s\n",
- gnutls_strerror (ret));
- else
- print_rsa_pkey (outfile, &m, &e, &d, &p, &q, &u, NULL, NULL, HAVE_OPT(CPRINT));
-
- bits = m.size * 8;
- }
- else if (ret == GNUTLS_PK_DSA)
- {
- gnutls_datum_t p, q, g, y, x;
-
- if (i == -1)
- ret =
- gnutls_openpgp_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
- else
- ret =
- gnutls_openpgp_privkey_export_subkey_dsa_raw (key, i, &p,
- &q, &g, &y, &x);
- if (ret < 0)
- fprintf (stderr, "Error in key DSA data export: %s\n",
- gnutls_strerror (ret));
- else
- print_dsa_pkey (outfile, &x, &y, &p, &q, &g, HAVE_OPT(CPRINT));
-
- bits = y.size * 8;
- }
-
- fprintf (outfile, "\n");
-
- size = buffer_size;
- if (i == -1)
- ret = gnutls_openpgp_privkey_get_key_id (key, keyid);
- else
- ret = gnutls_openpgp_privkey_get_subkey_id (key, i, keyid);
-
- if (ret < 0)
- {
- fprintf (stderr, "Error in key id calculation: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- fprintf (outfile, "Public key ID: %s\n", raw_to_string (keyid, 8));
- }
-
- size = buffer_size;
- if (i == -1)
- ret = gnutls_openpgp_privkey_get_fingerprint (key, buffer, &size);
- else
- ret = gnutls_openpgp_privkey_get_subkey_fingerprint (key, i, buffer, &size);
-
- if (ret < 0)
- {
- fprintf (stderr, "Error in fingerprint calculation: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- gnutls_datum_t art;
-
- fprintf (outfile, "Fingerprint: %s\n", raw_to_string (buffer, size));
-
- ret = gnutls_random_art(GNUTLS_RANDOM_ART_OPENSSH, cprint, bits, buffer, size, &art);
- if (ret >= 0)
- {
- fprintf (outfile, "Fingerprint's random art:\n%s\n\n", art.data);
- gnutls_free(art.data);
- }
- }
- }
-
- size = buffer_size;
- ret = gnutls_openpgp_privkey_export (key, GNUTLS_OPENPGP_FMT_BASE64,
- NULL, 0, buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "export error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "\n%s\n", buffer);
-
- gnutls_openpgp_privkey_deinit (key);
+ gnutls_openpgp_privkey_t key;
+ unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ size_t size;
+ int ret, i, subkeys, bits = 0;
+ gnutls_datum_t pem;
+ const char *cprint;
+
+ size = fread(buffer, 1, buffer_size - 1, infile);
+ buffer[size] = 0;
+
+ gnutls_openpgp_privkey_init(&key);
+
+ pem.data = buffer;
+ pem.size = size;
+
+ ret = gnutls_openpgp_privkey_import(key, &pem, incert_format,
+ NULL, 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "import error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* Public key algorithm
+ */
+ subkeys = gnutls_openpgp_privkey_get_subkey_count(key);
+ if (subkeys < 0) {
+ fprintf(stderr, "privkey_get_subkey_count: %s",
+ gnutls_strerror(subkeys));
+ exit(1);
+ }
+
+ for (i = -1; i < subkeys; i++) {
+
+ if (i != -1)
+ fprintf(outfile, "Subkey[%d]:\n", i);
+
+ fprintf(outfile, "Public Key Info:\n");
+
+ if (i == -1)
+ ret =
+ gnutls_openpgp_privkey_get_pk_algorithm(key,
+ NULL);
+ else
+ ret =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm
+ (key, i, NULL);
+
+ fprintf(outfile, "\tPublic Key Algorithm: ");
+ cprint = gnutls_pk_algorithm_get_name(ret);
+ fprintf(outfile, "%s\n", cprint ? cprint : "Unknown");
+ fprintf(outfile, "\tKey Security Level: %s\n",
+ gnutls_sec_param_get_name
+ (gnutls_openpgp_privkey_sec_param(key)));
+
+ /* Print the raw public and private keys
+ */
+
+ if (ret == GNUTLS_PK_RSA) {
+ gnutls_datum_t m, e, d, p, q, u;
+
+ if (i == -1)
+ ret =
+ gnutls_openpgp_privkey_export_rsa_raw
+ (key, &m, &e, &d, &p, &q, &u);
+ else
+ ret =
+ gnutls_openpgp_privkey_export_subkey_rsa_raw
+ (key, i, &m, &e, &d, &p, &q, &u);
+ if (ret < 0)
+ fprintf(stderr,
+ "Error in key RSA data export: %s\n",
+ gnutls_strerror(ret));
+ else
+ print_rsa_pkey(outfile, &m, &e, &d, &p, &q,
+ &u, NULL, NULL,
+ HAVE_OPT(CPRINT));
+
+ bits = m.size * 8;
+ } else if (ret == GNUTLS_PK_DSA) {
+ gnutls_datum_t p, q, g, y, x;
+
+ if (i == -1)
+ ret =
+ gnutls_openpgp_privkey_export_dsa_raw
+ (key, &p, &q, &g, &y, &x);
+ else
+ ret =
+ gnutls_openpgp_privkey_export_subkey_dsa_raw
+ (key, i, &p, &q, &g, &y, &x);
+ if (ret < 0)
+ fprintf(stderr,
+ "Error in key DSA data export: %s\n",
+ gnutls_strerror(ret));
+ else
+ print_dsa_pkey(outfile, &x, &y, &p, &q, &g,
+ HAVE_OPT(CPRINT));
+
+ bits = y.size * 8;
+ }
+
+ fprintf(outfile, "\n");
+
+ size = buffer_size;
+ if (i == -1)
+ ret =
+ gnutls_openpgp_privkey_get_key_id(key, keyid);
+ else
+ ret =
+ gnutls_openpgp_privkey_get_subkey_id(key, i,
+ keyid);
+
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error in key id calculation: %s\n",
+ gnutls_strerror(ret));
+ } else {
+ fprintf(outfile, "Public key ID: %s\n",
+ raw_to_string(keyid, 8));
+ }
+
+ size = buffer_size;
+ if (i == -1)
+ ret =
+ gnutls_openpgp_privkey_get_fingerprint(key,
+ buffer,
+ &size);
+ else
+ ret =
+ gnutls_openpgp_privkey_get_subkey_fingerprint
+ (key, i, buffer, &size);
+
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error in fingerprint calculation: %s\n",
+ gnutls_strerror(ret));
+ } else {
+ gnutls_datum_t art;
+
+ fprintf(outfile, "Fingerprint: %s\n",
+ raw_to_string(buffer, size));
+
+ ret =
+ gnutls_random_art(GNUTLS_RANDOM_ART_OPENSSH,
+ cprint, bits, buffer, size,
+ &art);
+ if (ret >= 0) {
+ fprintf(outfile,
+ "Fingerprint's random art:\n%s\n\n",
+ art.data);
+ gnutls_free(art.data);
+ }
+ }
+ }
+
+ size = buffer_size;
+ ret = gnutls_openpgp_privkey_export(key, GNUTLS_OPENPGP_FMT_BASE64,
+ NULL, 0, buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\n%s\n", buffer);
+
+ gnutls_openpgp_privkey_deinit(key);
}
-void
-pgp_ring_info (void)
+void pgp_ring_info(void)
{
- gnutls_openpgp_keyring_t ring;
- gnutls_openpgp_crt_t crt;
- size_t size;
- int ret, i, count;
- gnutls_datum_t pem;
-
- pem.data = (void*)fread_file (infile, &size);
- pem.size = size;
-
- ret = gnutls_openpgp_keyring_init (&ring);
- if (ret < 0)
- {
- fprintf(stderr, "openpgp_keyring_init: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_openpgp_keyring_import (ring, &pem, incert_format);
-
- if (ret < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- free (pem.data);
-
- count = gnutls_openpgp_keyring_get_crt_count (ring);
- if (count >= 0)
- fprintf (outfile, "Keyring contains %d OpenPGP certificates\n\n", count);
- else
- {
- fprintf(stderr, "keyring error: %s", gnutls_strerror (count));
- exit(1);
- }
-
- for (i = 0; i < count; i++)
- {
- ret = gnutls_openpgp_keyring_get_crt (ring, i, &crt);
- if (ret < 0)
- {
- fprintf(stderr, "export error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- size = buffer_size;
- ret = gnutls_openpgp_crt_export (crt, outcert_format,
- buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "export error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
- fprintf (outfile, "\n\n");
-
- gnutls_openpgp_crt_deinit (crt);
-
-
- }
-
- gnutls_openpgp_keyring_deinit (ring);
+ gnutls_openpgp_keyring_t ring;
+ gnutls_openpgp_crt_t crt;
+ size_t size;
+ int ret, i, count;
+ gnutls_datum_t pem;
+
+ pem.data = (void *) fread_file(infile, &size);
+ pem.size = size;
+
+ ret = gnutls_openpgp_keyring_init(&ring);
+ if (ret < 0) {
+ fprintf(stderr, "openpgp_keyring_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_openpgp_keyring_import(ring, &pem, incert_format);
+
+ if (ret < 0) {
+ fprintf(stderr, "import error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ free(pem.data);
+
+ count = gnutls_openpgp_keyring_get_crt_count(ring);
+ if (count >= 0)
+ fprintf(outfile,
+ "Keyring contains %d OpenPGP certificates\n\n",
+ count);
+ else {
+ fprintf(stderr, "keyring error: %s",
+ gnutls_strerror(count));
+ exit(1);
+ }
+
+ for (i = 0; i < count; i++) {
+ ret = gnutls_openpgp_keyring_get_crt(ring, i, &crt);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ size = buffer_size;
+ ret = gnutls_openpgp_crt_export(crt, outcert_format,
+ buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
+ fprintf(outfile, "\n\n");
+
+ gnutls_openpgp_crt_deinit(crt);
+
+
+ }
+
+ gnutls_openpgp_keyring_deinit(ring);
}
@@ -1631,660 +1573,644 @@ pgp_ring_info (void)
static void
-print_certificate_info (gnutls_x509_crt_t crt, FILE * out, unsigned int all)
+print_certificate_info(gnutls_x509_crt_t crt, FILE * out, unsigned int all)
{
- gnutls_datum_t data;
- int ret;
-
- if (all)
- ret = gnutls_x509_crt_print (crt, full_format, &data);
- else
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_UNSIGNED_FULL, &data);
- if (ret == 0)
- {
- fprintf (out, "%s\n", data.data);
- gnutls_free (data.data);
- }
-
- if (out == stderr && batch == 0) /* interactive */
- if (read_yesno ("Is the above information ok? (y/N): ", 0) == 0)
- {
- exit (1);
- }
+ gnutls_datum_t data;
+ int ret;
+
+ if (all)
+ ret = gnutls_x509_crt_print(crt, full_format, &data);
+ else
+ ret =
+ gnutls_x509_crt_print(crt,
+ GNUTLS_CRT_PRINT_UNSIGNED_FULL,
+ &data);
+ if (ret == 0) {
+ fprintf(out, "%s\n", data.data);
+ gnutls_free(data.data);
+ }
+
+ if (out == stderr && batch == 0) /* interactive */
+ if (read_yesno("Is the above information ok? (y/N): ", 0)
+ == 0) {
+ exit(1);
+ }
}
-static void
-print_crl_info (gnutls_x509_crl_t crl, FILE * out)
+static void print_crl_info(gnutls_x509_crl_t crl, FILE * out)
{
- gnutls_datum_t data;
- int ret;
- size_t size;
-
- ret = gnutls_x509_crl_print (crl, full_format, &data);
- if (ret < 0)
- {
- fprintf(stderr, "crl_print: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (out, "%s\n", data.data);
-
- gnutls_free (data.data);
-
- size = buffer_size;
- ret = gnutls_x509_crl_export (crl, GNUTLS_X509_FMT_PEM, buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "crl_export: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
+ gnutls_datum_t data;
+ int ret;
+ size_t size;
+
+ ret = gnutls_x509_crl_print(crl, full_format, &data);
+ if (ret < 0) {
+ fprintf(stderr, "crl_print: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(out, "%s\n", data.data);
+
+ gnutls_free(data.data);
+
+ size = buffer_size;
+ ret =
+ gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_PEM, buffer,
+ &size);
+ if (ret < 0) {
+ fprintf(stderr, "crl_export: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
}
-void
-crl_info (void)
+void crl_info(void)
{
- gnutls_x509_crl_t crl;
- int ret;
- size_t size;
- gnutls_datum_t pem;
-
- ret = gnutls_x509_crl_init (&crl);
- if (ret < 0)
- {
- fprintf(stderr, "crl_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- pem.data = (void*)fread_file (infile, &size);
- pem.size = size;
-
- if (!pem.data)
- {
- fprintf(stderr, "%s", infile ? "file" :
- "standard input");
- exit(1);
- }
-
- ret = gnutls_x509_crl_import (crl, &pem, incert_format);
-
- free (pem.data);
- if (ret < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- print_crl_info (crl, outfile);
-
- gnutls_x509_crl_deinit (crl);
+ gnutls_x509_crl_t crl;
+ int ret;
+ size_t size;
+ gnutls_datum_t pem;
+
+ ret = gnutls_x509_crl_init(&crl);
+ if (ret < 0) {
+ fprintf(stderr, "crl_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ pem.data = (void *) fread_file(infile, &size);
+ pem.size = size;
+
+ if (!pem.data) {
+ fprintf(stderr, "%s", infile ? "file" : "standard input");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crl_import(crl, &pem, incert_format);
+
+ free(pem.data);
+ if (ret < 0) {
+ fprintf(stderr, "import error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ print_crl_info(crl, outfile);
+
+ gnutls_x509_crl_deinit(crl);
}
-static void
-print_crq_info (gnutls_x509_crq_t crq, FILE * out)
+static void print_crq_info(gnutls_x509_crq_t crq, FILE * out)
{
- gnutls_datum_t data;
- int ret;
- size_t size;
-
- if (outcert_format == GNUTLS_X509_FMT_PEM)
- {
- ret = gnutls_x509_crq_print (crq, full_format, &data);
- if (ret < 0)
- {
- fprintf(stderr, "crq_print: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (out, "%s\n", data.data);
-
- gnutls_free (data.data);
- }
-
- ret = gnutls_x509_crq_verify(crq, 0);
- if (ret < 0)
- {
- fprintf(out, "Self signature: FAILED\n\n");
- }
- else
- {
- fprintf(out, "Self signature: verified\n\n");
- }
-
- size = buffer_size;
- ret = gnutls_x509_crq_export (crq, outcert_format, buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "crq_export: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
+ gnutls_datum_t data;
+ int ret;
+ size_t size;
+
+ if (outcert_format == GNUTLS_X509_FMT_PEM) {
+ ret = gnutls_x509_crq_print(crq, full_format, &data);
+ if (ret < 0) {
+ fprintf(stderr, "crq_print: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(out, "%s\n", data.data);
+
+ gnutls_free(data.data);
+ }
+
+ ret = gnutls_x509_crq_verify(crq, 0);
+ if (ret < 0) {
+ fprintf(out, "Self signature: FAILED\n\n");
+ } else {
+ fprintf(out, "Self signature: verified\n\n");
+ }
+
+ size = buffer_size;
+ ret = gnutls_x509_crq_export(crq, outcert_format, buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "crq_export: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
}
-void
-crq_info (void)
+void crq_info(void)
{
- gnutls_x509_crq_t crq;
- int ret;
- size_t size;
- gnutls_datum_t pem;
-
- ret = gnutls_x509_crq_init (&crq);
- if (ret < 0)
- {
- fprintf(stderr, "crq_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- pem.data = (void*)fread_file (infile, &size);
- pem.size = size;
-
- if (!pem.data)
- {
- fprintf(stderr, "%s", infile ? "file" :
- "standard input");
- exit(1);
- }
-
- ret = gnutls_x509_crq_import (crq, &pem, incert_format);
-
- free (pem.data);
- if (ret < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- print_crq_info (crq, outfile);
-
- gnutls_x509_crq_deinit (crq);
+ gnutls_x509_crq_t crq;
+ int ret;
+ size_t size;
+ gnutls_datum_t pem;
+
+ ret = gnutls_x509_crq_init(&crq);
+ if (ret < 0) {
+ fprintf(stderr, "crq_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ pem.data = (void *) fread_file(infile, &size);
+ pem.size = size;
+
+ if (!pem.data) {
+ fprintf(stderr, "%s", infile ? "file" : "standard input");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crq_import(crq, &pem, incert_format);
+
+ free(pem.data);
+ if (ret < 0) {
+ fprintf(stderr, "import error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ print_crq_info(crq, outfile);
+
+ gnutls_x509_crq_deinit(crq);
}
-static void privkey_info_int (common_info_st* cinfo, gnutls_x509_privkey_t key)
+static void privkey_info_int(common_info_st * cinfo,
+ gnutls_x509_privkey_t key)
{
-int ret, key_type;
-unsigned int bits = 0;
-size_t size;
-const char *cprint;
-
- /* Public key algorithm
- */
- fprintf (outfile, "Public Key Info:\n");
- ret = gnutls_x509_privkey_get_pk_algorithm2 (key, &bits);
- fprintf (outfile, "\tPublic Key Algorithm: ");
-
- key_type = ret;
-
- cprint = gnutls_pk_algorithm_get_name (key_type);
- fprintf (outfile, "%s\n", cprint ? cprint : "Unknown");
- fprintf (outfile, "\tKey Security Level: %s (%u bits)\n\n",
- gnutls_sec_param_get_name (gnutls_x509_privkey_sec_param (key)), bits);
-
- /* Print the raw public and private keys
- */
- if (key_type == GNUTLS_PK_RSA)
- {
- gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
-
- ret =
- gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u,
- &exp1, &exp2);
- if (ret < 0)
- fprintf (stderr, "Error in key RSA data export: %s\n",
- gnutls_strerror (ret));
- else
- {
- print_rsa_pkey (outfile, &m, &e, &d, &p, &q, &u, &exp1, &exp2, HAVE_OPT(CPRINT));
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- gnutls_free (d.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (u.data);
- gnutls_free (exp1.data);
- gnutls_free (exp2.data);
- }
- }
- else if (key_type == GNUTLS_PK_DSA)
- {
- gnutls_datum_t p, q, g, y, x;
-
- ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
- if (ret < 0)
- fprintf (stderr, "Error in key DSA data export: %s\n",
- gnutls_strerror (ret));
- else
- {
- print_dsa_pkey (outfile, &x, &y, &p, &q, &g, HAVE_OPT(CPRINT));
-
- gnutls_free (x.data);
- gnutls_free (y.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- }
- }
- else if (key_type == GNUTLS_PK_EC)
- {
- gnutls_datum_t y, x, k;
- gnutls_ecc_curve_t curve;
-
- ret = gnutls_x509_privkey_export_ecc_raw (key, &curve, &x, &y, &k);
- if (ret < 0)
- fprintf (stderr, "Error in key ECC data export: %s\n",
- gnutls_strerror (ret));
- else
- {
- print_ecc_pkey (outfile, curve, &k, &x, &y, HAVE_OPT(CPRINT));
-
- gnutls_free (x.data);
- gnutls_free (y.data);
- gnutls_free (k.data);
- }
- }
-
- fprintf (outfile, "\n");
-
- size = buffer_size;
- if ((ret = gnutls_x509_privkey_get_key_id (key, 0, buffer, &size)) < 0)
- {
- fprintf (stderr, "Error in key id calculation: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- gnutls_datum_t art;
-
- fprintf (outfile, "Public Key ID: %s\n", raw_to_string (buffer, size));
-
- ret = gnutls_random_art(GNUTLS_RANDOM_ART_OPENSSH, cprint, bits, buffer, size, &art);
- if (ret >= 0)
- {
- fprintf (outfile, "Public key's random art:\n%s\n", art.data);
- gnutls_free(art.data);
- }
- }
- fprintf (outfile, "\n");
+ int ret, key_type;
+ unsigned int bits = 0;
+ size_t size;
+ const char *cprint;
+
+ /* Public key algorithm
+ */
+ fprintf(outfile, "Public Key Info:\n");
+ ret = gnutls_x509_privkey_get_pk_algorithm2(key, &bits);
+ fprintf(outfile, "\tPublic Key Algorithm: ");
+
+ key_type = ret;
+
+ cprint = gnutls_pk_algorithm_get_name(key_type);
+ fprintf(outfile, "%s\n", cprint ? cprint : "Unknown");
+ fprintf(outfile, "\tKey Security Level: %s (%u bits)\n\n",
+ gnutls_sec_param_get_name(gnutls_x509_privkey_sec_param
+ (key)), bits);
+
+ /* Print the raw public and private keys
+ */
+ if (key_type == GNUTLS_PK_RSA) {
+ gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
+
+ ret =
+ gnutls_x509_privkey_export_rsa_raw2(key, &m, &e, &d,
+ &p, &q, &u, &exp1,
+ &exp2);
+ if (ret < 0)
+ fprintf(stderr,
+ "Error in key RSA data export: %s\n",
+ gnutls_strerror(ret));
+ else {
+ print_rsa_pkey(outfile, &m, &e, &d, &p, &q, &u,
+ &exp1, &exp2, HAVE_OPT(CPRINT));
+
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ gnutls_free(d.data);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(u.data);
+ gnutls_free(exp1.data);
+ gnutls_free(exp2.data);
+ }
+ } else if (key_type == GNUTLS_PK_DSA) {
+ gnutls_datum_t p, q, g, y, x;
+
+ ret =
+ gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y,
+ &x);
+ if (ret < 0)
+ fprintf(stderr,
+ "Error in key DSA data export: %s\n",
+ gnutls_strerror(ret));
+ else {
+ print_dsa_pkey(outfile, &x, &y, &p, &q, &g,
+ HAVE_OPT(CPRINT));
+
+ gnutls_free(x.data);
+ gnutls_free(y.data);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ }
+ } else if (key_type == GNUTLS_PK_EC) {
+ gnutls_datum_t y, x, k;
+ gnutls_ecc_curve_t curve;
+
+ ret =
+ gnutls_x509_privkey_export_ecc_raw(key, &curve, &x, &y,
+ &k);
+ if (ret < 0)
+ fprintf(stderr,
+ "Error in key ECC data export: %s\n",
+ gnutls_strerror(ret));
+ else {
+ print_ecc_pkey(outfile, curve, &k, &x, &y,
+ HAVE_OPT(CPRINT));
+
+ gnutls_free(x.data);
+ gnutls_free(y.data);
+ gnutls_free(k.data);
+ }
+ }
+
+ fprintf(outfile, "\n");
+
+ size = buffer_size;
+ if ((ret =
+ gnutls_x509_privkey_get_key_id(key, 0, buffer, &size)) < 0) {
+ fprintf(stderr, "Error in key id calculation: %s\n",
+ gnutls_strerror(ret));
+ } else {
+ gnutls_datum_t art;
+
+ fprintf(outfile, "Public Key ID: %s\n",
+ raw_to_string(buffer, size));
+
+ ret =
+ gnutls_random_art(GNUTLS_RANDOM_ART_OPENSSH, cprint,
+ bits, buffer, size, &art);
+ if (ret >= 0) {
+ fprintf(outfile, "Public key's random art:\n%s\n",
+ art.data);
+ gnutls_free(art.data);
+ }
+ }
+ fprintf(outfile, "\n");
}
-void
-privkey_info (common_info_st* cinfo)
+void privkey_info(common_info_st * cinfo)
{
- gnutls_x509_privkey_t key;
- size_t size;
- int ret;
- gnutls_datum_t pem;
- const char *pass;
- unsigned int flags = 0;
-
- size = fread (buffer, 1, buffer_size - 1, infile);
- buffer[size] = 0;
-
- gnutls_x509_privkey_init (&key);
-
- pem.data = buffer;
- pem.size = size;
-
- ret = gnutls_x509_privkey_import2 (key, &pem, incert_format, NULL, 0);
-
- /* If we failed to import the certificate previously try PKCS #8 */
- if (ret == GNUTLS_E_DECRYPTION_FAILED)
- {
- fprintf(stderr, "Encrypted structure detected...\n");
- pass = get_password(cinfo, &flags, 0);
-
- ret = gnutls_x509_privkey_import2 (key, &pem,
- incert_format, pass, flags);
- }
- if (ret < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (outcert_format == GNUTLS_X509_FMT_PEM)
- privkey_info_int (cinfo, key);
-
- ret = gnutls_x509_privkey_verify_params (key);
- if (ret < 0)
- fprintf (outfile, "\n** Private key parameters validation failed **\n\n");
-
- size = buffer_size;
- ret = gnutls_x509_privkey_export (key, outcert_format, buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "export error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
-
- gnutls_x509_privkey_deinit (key);
+ gnutls_x509_privkey_t key;
+ size_t size;
+ int ret;
+ gnutls_datum_t pem;
+ const char *pass;
+ unsigned int flags = 0;
+
+ size = fread(buffer, 1, buffer_size - 1, infile);
+ buffer[size] = 0;
+
+ gnutls_x509_privkey_init(&key);
+
+ pem.data = buffer;
+ pem.size = size;
+
+ ret =
+ gnutls_x509_privkey_import2(key, &pem, incert_format, NULL, 0);
+
+ /* If we failed to import the certificate previously try PKCS #8 */
+ if (ret == GNUTLS_E_DECRYPTION_FAILED) {
+ fprintf(stderr, "Encrypted structure detected...\n");
+ pass = get_password(cinfo, &flags, 0);
+
+ ret = gnutls_x509_privkey_import2(key, &pem,
+ incert_format, pass,
+ flags);
+ }
+ if (ret < 0) {
+ fprintf(stderr, "import error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (outcert_format == GNUTLS_X509_FMT_PEM)
+ privkey_info_int(cinfo, key);
+
+ ret = gnutls_x509_privkey_verify_params(key);
+ if (ret < 0)
+ fprintf(outfile,
+ "\n** Private key parameters validation failed **\n\n");
+
+ size = buffer_size;
+ ret =
+ gnutls_x509_privkey_export(key, outcert_format, buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
+
+ gnutls_x509_privkey_deinit(key);
}
/* Generate a PKCS #10 certificate request.
*/
-void
-generate_request (common_info_st * cinfo)
+void generate_request(common_info_st * cinfo)
{
- gnutls_x509_crq_t crq;
- gnutls_x509_privkey_t xkey;
- gnutls_pubkey_t pubkey;
- gnutls_privkey_t pkey;
- int ret, ca_status, path_len, pk;
- const char *pass;
- unsigned int usage = 0;
-
- fprintf (stderr, "Generating a PKCS #10 certificate request...\n");
-
- ret = gnutls_x509_crq_init (&crq);
- if (ret < 0)
- {
- fprintf(stderr, "crq_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
-
- /* Load the private key.
- */
- pkey = load_private_key (0, cinfo);
- if (!pkey)
- {
- ret = gnutls_privkey_init (&pkey);
- if (ret < 0)
- {
- fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- xkey = generate_private_key_int (cinfo);
-
- print_private_key (cinfo, xkey);
-
- ret = gnutls_privkey_import_x509(pkey, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
- if (ret < 0)
- {
- fprintf(stderr, "privkey_import_x509: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- pubkey = load_public_key_or_import (1, pkey, cinfo);
-
- pk = gnutls_pubkey_get_pk_algorithm (pubkey, NULL);
-
- /* Set the DN.
- */
- get_dn_crq_set (crq);
-
- get_cn_crq_set (crq);
- get_unit_crq_set (crq);
- get_organization_crq_set (crq);
- get_locality_crq_set (crq);
- get_state_crq_set (crq);
- get_country_crq_set (crq);
-
- get_dc_set (TYPE_CRQ, crq);
- get_uid_crq_set (crq);
- get_oid_crq_set (crq);
-
- get_dns_name_set (TYPE_CRQ, crq);
- get_uri_set (TYPE_CRQ, crq);
- get_ip_addr_set (TYPE_CRQ, crq);
- get_email_set (TYPE_CRQ, crq);
-
- pass = get_challenge_pass ();
-
- if (pass != NULL && pass[0] != 0)
- {
- ret = gnutls_x509_crq_set_challenge_password (crq, pass);
- if (ret < 0)
- {
- fprintf(stderr, "set_pass: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- if (cinfo->crq_extensions != 0)
- {
- ca_status = get_ca_status ();
- if (ca_status)
- path_len = get_path_len ();
- else
- path_len = -1;
-
- ret = gnutls_x509_crq_set_basic_constraints (crq, ca_status, path_len);
- if (ret < 0)
- {
- fprintf(stderr, "set_basic_constraints: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- if (pk == GNUTLS_PK_RSA)
- {
- ret = get_sign_status (1);
- if (ret)
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
-
- /* Only ask for an encryption certificate
- * if it is an RSA one */
- ret = get_encrypt_status (1);
- if (ret)
- usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
- else
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
- }
- else /* DSA and ECDSA are always signing */
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
-
- if (ca_status)
- {
- ret = get_cert_sign_status ();
- if (ret)
- usage |= GNUTLS_KEY_KEY_CERT_SIGN;
-
- ret = get_crl_sign_status ();
- if (ret)
- usage |= GNUTLS_KEY_CRL_SIGN;
-
- ret = get_code_sign_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_CODE_SIGNING, 0);
- if (ret < 0)
- {
- fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- ret = get_ocsp_sign_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_OCSP_SIGNING, 0);
- if (ret < 0)
- {
- fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- ret = get_time_stamp_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_TIME_STAMPING, 0);
- if (ret < 0)
- {
- fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- ret = get_ipsec_ike_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_IPSEC_IKE, 0);
- if (ret < 0)
- {
- fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
- }
-
- ret = gnutls_x509_crq_set_key_usage (crq, usage);
- if (ret < 0)
- {
- fprintf(stderr, "key_usage: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = get_tls_client_status ();
- if (ret != 0)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_TLS_WWW_CLIENT, 0);
- if (ret < 0)
- {
- fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- ret = get_tls_server_status ();
- if (ret != 0)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
- if (ret < 0)
- {
- fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- get_key_purpose_set (TYPE_CRQ, crq);
- }
-
- ret = gnutls_x509_crq_set_pubkey (crq, pubkey);
- if (ret < 0)
- {
- fprintf(stderr, "set_key: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_x509_crq_privkey_sign (crq, pkey, get_dig_for_pub (pubkey), 0);
- if (ret < 0)
- {
- fprintf(stderr, "sign: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- print_crq_info (crq, outfile);
-
- gnutls_x509_crq_deinit (crq);
- gnutls_privkey_deinit( pkey);
- gnutls_pubkey_deinit( pubkey);
+ gnutls_x509_crq_t crq;
+ gnutls_x509_privkey_t xkey;
+ gnutls_pubkey_t pubkey;
+ gnutls_privkey_t pkey;
+ int ret, ca_status, path_len, pk;
+ const char *pass;
+ unsigned int usage = 0;
+
+ fprintf(stderr, "Generating a PKCS #10 certificate request...\n");
+
+ ret = gnutls_x509_crq_init(&crq);
+ if (ret < 0) {
+ fprintf(stderr, "crq_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+
+ /* Load the private key.
+ */
+ pkey = load_private_key(0, cinfo);
+ if (!pkey) {
+ ret = gnutls_privkey_init(&pkey);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ xkey = generate_private_key_int(cinfo);
+
+ print_private_key(cinfo, xkey);
+
+ ret =
+ gnutls_privkey_import_x509(pkey, xkey,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0) {
+ fprintf(stderr, "privkey_import_x509: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ pubkey = load_public_key_or_import(1, pkey, cinfo);
+
+ pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL);
+
+ /* Set the DN.
+ */
+ get_dn_crq_set(crq);
+
+ get_cn_crq_set(crq);
+ get_unit_crq_set(crq);
+ get_organization_crq_set(crq);
+ get_locality_crq_set(crq);
+ get_state_crq_set(crq);
+ get_country_crq_set(crq);
+
+ get_dc_set(TYPE_CRQ, crq);
+ get_uid_crq_set(crq);
+ get_oid_crq_set(crq);
+
+ get_dns_name_set(TYPE_CRQ, crq);
+ get_uri_set(TYPE_CRQ, crq);
+ get_ip_addr_set(TYPE_CRQ, crq);
+ get_email_set(TYPE_CRQ, crq);
+
+ pass = get_challenge_pass();
+
+ if (pass != NULL && pass[0] != 0) {
+ ret = gnutls_x509_crq_set_challenge_password(crq, pass);
+ if (ret < 0) {
+ fprintf(stderr, "set_pass: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ if (cinfo->crq_extensions != 0) {
+ ca_status = get_ca_status();
+ if (ca_status)
+ path_len = get_path_len();
+ else
+ path_len = -1;
+
+ ret =
+ gnutls_x509_crq_set_basic_constraints(crq, ca_status,
+ path_len);
+ if (ret < 0) {
+ fprintf(stderr, "set_basic_constraints: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (pk == GNUTLS_PK_RSA) {
+ ret = get_sign_status(1);
+ if (ret)
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+
+ /* Only ask for an encryption certificate
+ * if it is an RSA one */
+ ret = get_encrypt_status(1);
+ if (ret)
+ usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ else
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+ } else /* DSA and ECDSA are always signing */
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+
+ if (ca_status) {
+ ret = get_cert_sign_status();
+ if (ret)
+ usage |= GNUTLS_KEY_KEY_CERT_SIGN;
+
+ ret = get_crl_sign_status();
+ if (ret)
+ usage |= GNUTLS_KEY_CRL_SIGN;
+
+ ret = get_code_sign_status();
+ if (ret) {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_CODE_SIGNING, 0);
+ if (ret < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ ret = get_ocsp_sign_status();
+ if (ret) {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_OCSP_SIGNING, 0);
+ if (ret < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ ret = get_time_stamp_status();
+ if (ret) {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_TIME_STAMPING, 0);
+ if (ret < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ ret = get_ipsec_ike_status();
+ if (ret) {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_IPSEC_IKE, 0);
+ if (ret < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ }
+
+ ret = gnutls_x509_crq_set_key_usage(crq, usage);
+ if (ret < 0) {
+ fprintf(stderr, "key_usage: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = get_tls_client_status();
+ if (ret != 0) {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_TLS_WWW_CLIENT, 0);
+ if (ret < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ ret = get_tls_server_status();
+ if (ret != 0) {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
+ if (ret < 0) {
+ fprintf(stderr, "key_kp: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ get_key_purpose_set(TYPE_CRQ, crq);
+ }
+
+ ret = gnutls_x509_crq_set_pubkey(crq, pubkey);
+ if (ret < 0) {
+ fprintf(stderr, "set_key: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crq_privkey_sign(crq, pkey,
+ get_dig_for_pub(pubkey), 0);
+ if (ret < 0) {
+ fprintf(stderr, "sign: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ print_crq_info(crq, outfile);
+
+ gnutls_x509_crq_deinit(crq);
+ gnutls_privkey_deinit(pkey);
+ gnutls_pubkey_deinit(pubkey);
}
-static void print_verification_res (FILE* outfile, unsigned int output);
+static void print_verification_res(FILE * outfile, unsigned int output);
static int detailed_verification(gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl,
- unsigned int verification_output)
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_crl_t crl,
+ unsigned int verification_output)
{
- char name[512];
- char tmp[255];
- char issuer_name[512];
- size_t name_size;
- size_t issuer_name_size;
- int ret;
-
- issuer_name_size = sizeof (issuer_name);
- ret =
- gnutls_x509_crt_get_issuer_dn (cert, issuer_name, &issuer_name_size);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- name_size = sizeof (name);
- ret =
- gnutls_x509_crt_get_dn (cert, name, &name_size);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_crt_get_dn: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "\tSubject: %s\n", name);
- fprintf (outfile, "\tIssuer: %s\n", issuer_name);
-
- if (issuer != NULL)
- {
- issuer_name_size = sizeof (issuer_name);
- ret =
- gnutls_x509_crt_get_dn (issuer, issuer_name, &issuer_name_size);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "\tChecked against: %s\n", issuer_name);
- }
-
- if (crl != NULL)
- {
- gnutls_datum_t data;
-
- issuer_name_size = sizeof (issuer_name);
- ret =
- gnutls_x509_crl_get_issuer_dn (crl, issuer_name, &issuer_name_size);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_crl_get_issuer_dn: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- name_size = sizeof(tmp);
- ret = gnutls_x509_crl_get_number(crl, tmp, &name_size, NULL);
- if (ret < 0)
- strcpy(name, "unnumbered");
- else
- {
- data.data = (void*)tmp;
- data.size = name_size;
-
- name_size = sizeof(name);
- ret = gnutls_hex_encode(&data, name, &name_size);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_hex_encode: %s", gnutls_strerror (ret));
- exit(1);
- }
- }
- fprintf (outfile, "\tChecked against CRL[%s] of: %s\n", name, issuer_name);
- }
-
- fprintf (outfile, "\tOutput: ");
- print_verification_res(outfile, verification_output);
-
- fputs("\n\n", outfile);
-
- return 0;
+ char name[512];
+ char tmp[255];
+ char issuer_name[512];
+ size_t name_size;
+ size_t issuer_name_size;
+ int ret;
+
+ issuer_name_size = sizeof(issuer_name);
+ ret =
+ gnutls_x509_crt_get_issuer_dn(cert, issuer_name,
+ &issuer_name_size);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ name_size = sizeof(name);
+ ret = gnutls_x509_crt_get_dn(cert, name, &name_size);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_get_dn: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\tSubject: %s\n", name);
+ fprintf(outfile, "\tIssuer: %s\n", issuer_name);
+
+ if (issuer != NULL) {
+ issuer_name_size = sizeof(issuer_name);
+ ret =
+ gnutls_x509_crt_get_dn(issuer, issuer_name,
+ &issuer_name_size);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_get_issuer_dn: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\tChecked against: %s\n", issuer_name);
+ }
+
+ if (crl != NULL) {
+ gnutls_datum_t data;
+
+ issuer_name_size = sizeof(issuer_name);
+ ret =
+ gnutls_x509_crl_get_issuer_dn(crl, issuer_name,
+ &issuer_name_size);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crl_get_issuer_dn: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ name_size = sizeof(tmp);
+ ret =
+ gnutls_x509_crl_get_number(crl, tmp, &name_size, NULL);
+ if (ret < 0)
+ strcpy(name, "unnumbered");
+ else {
+ data.data = (void *) tmp;
+ data.size = name_size;
+
+ name_size = sizeof(name);
+ ret = gnutls_hex_encode(&data, name, &name_size);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_hex_encode: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ fprintf(outfile, "\tChecked against CRL[%s] of: %s\n",
+ name, issuer_name);
+ }
+
+ fprintf(outfile, "\tOutput: ");
+ print_verification_res(outfile, verification_output);
+
+ fputs("\n\n", outfile);
+
+ return 0;
}
/* Will verify a certificate chain. If no CA certificates
@@ -2292,307 +2218,296 @@ static int detailed_verification(gnutls_x509_crt_t cert,
* chain is used as a CA.
*/
static int
-_verify_x509_mem (const void *cert, int cert_size, const void* ca, int ca_size)
+_verify_x509_mem(const void *cert, int cert_size, const void *ca,
+ int ca_size)
{
- int ret;
- gnutls_datum_t tmp;
- gnutls_x509_crt_t *x509_cert_list = NULL;
- gnutls_x509_crt_t *x509_ca_list = NULL;
- gnutls_x509_crl_t *x509_crl_list = NULL;
- unsigned int x509_ncerts, x509_ncrls = 0, x509_ncas = 0;
- gnutls_x509_trust_list_t list;
- unsigned int output;
-
- ret = gnutls_x509_trust_list_init(&list, 0);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_trust_list_init: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- if (ca == NULL)
- {
- tmp.data = (void*)cert;
- tmp.size = cert_size;
- }
- else
- {
- tmp.data = (void*)ca;
- tmp.size = ca_size;
-
- /* Load CAs */
- ret = gnutls_x509_crt_list_import2( &x509_ca_list, &x509_ncas, &tmp,
- GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0 || x509_ncas < 1)
- {
- fprintf(stderr, "error parsing CAs: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
-
- ret = gnutls_x509_crl_list_import2( &x509_crl_list, &x509_ncrls, &tmp,
- GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- x509_crl_list = NULL;
- x509_ncrls = 0;
- }
-
- tmp.data = (void*)cert;
- tmp.size = cert_size;
-
- /* ignore errors. CRLs might not be given */
- ret = gnutls_x509_crt_list_import2( &x509_cert_list, &x509_ncerts, &tmp,
- GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0 || x509_ncerts < 1)
- {
- fprintf(stderr, "error parsing CRTs: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- if (ca == NULL)
- {
- x509_ca_list = &x509_cert_list[x509_ncerts - 1];
- x509_ncas = 1;
- }
-
- fprintf(stdout, "Loaded %d certificates, %d CAs and %d CRLs\n\n",
- x509_ncerts, x509_ncas, x509_ncrls);
-
- ret = gnutls_x509_trust_list_add_cas(list, x509_ca_list, x509_ncas, 0);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_trust_add_cas: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_x509_trust_list_add_crls(list, x509_crl_list, x509_ncrls, 0, 0);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_trust_add_crls: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- gnutls_free(x509_crl_list);
-
- ret = gnutls_x509_trust_list_verify_crt (list, x509_cert_list, x509_ncerts,
- GNUTLS_VERIFY_DO_NOT_ALLOW_SAME|GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, &output,
- detailed_verification);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_trusted_list_verify_crt: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "Chain verification output: ");
- print_verification_res(outfile, output);
-
- fprintf (outfile, "\n\n");
-
- gnutls_free(x509_cert_list);
- gnutls_x509_trust_list_deinit(list, 1);
-
- if (output != 0)
- exit(EXIT_FAILURE);
-
- return 0;
+ int ret;
+ gnutls_datum_t tmp;
+ gnutls_x509_crt_t *x509_cert_list = NULL;
+ gnutls_x509_crt_t *x509_ca_list = NULL;
+ gnutls_x509_crl_t *x509_crl_list = NULL;
+ unsigned int x509_ncerts, x509_ncrls = 0, x509_ncas = 0;
+ gnutls_x509_trust_list_t list;
+ unsigned int output;
+
+ ret = gnutls_x509_trust_list_init(&list, 0);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_trust_list_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (ca == NULL) {
+ tmp.data = (void *) cert;
+ tmp.size = cert_size;
+ } else {
+ tmp.data = (void *) ca;
+ tmp.size = ca_size;
+
+ /* Load CAs */
+ ret =
+ gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
+ &tmp, GNUTLS_X509_FMT_PEM,
+ 0);
+ if (ret < 0 || x509_ncas < 1) {
+ fprintf(stderr, "error parsing CAs: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ ret =
+ gnutls_x509_crl_list_import2(&x509_crl_list, &x509_ncrls, &tmp,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ x509_crl_list = NULL;
+ x509_ncrls = 0;
+ }
+
+ tmp.data = (void *) cert;
+ tmp.size = cert_size;
+
+ /* ignore errors. CRLs might not be given */
+ ret =
+ gnutls_x509_crt_list_import2(&x509_cert_list, &x509_ncerts,
+ &tmp, GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0 || x509_ncerts < 1) {
+ fprintf(stderr, "error parsing CRTs: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (ca == NULL) {
+ x509_ca_list = &x509_cert_list[x509_ncerts - 1];
+ x509_ncas = 1;
+ }
+
+ fprintf(stdout, "Loaded %d certificates, %d CAs and %d CRLs\n\n",
+ x509_ncerts, x509_ncas, x509_ncrls);
+
+ ret =
+ gnutls_x509_trust_list_add_cas(list, x509_ca_list, x509_ncas,
+ 0);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_trust_add_cas: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_crls(list, x509_crl_list,
+ x509_ncrls, 0, 0);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_trust_add_crls: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(x509_crl_list);
+
+ ret =
+ gnutls_x509_trust_list_verify_crt(list, x509_cert_list,
+ x509_ncerts,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
+ |
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ &output,
+ detailed_verification);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_trusted_list_verify_crt: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "Chain verification output: ");
+ print_verification_res(outfile, output);
+
+ fprintf(outfile, "\n\n");
+
+ gnutls_free(x509_cert_list);
+ gnutls_x509_trust_list_deinit(list, 1);
+
+ if (output != 0)
+ exit(EXIT_FAILURE);
+
+ return 0;
}
-static void
-print_verification_res (FILE* outfile, unsigned int output)
+static void print_verification_res(FILE * outfile, unsigned int output)
{
- gnutls_datum_t pout;
- int ret;
-
- if (output)
- {
- fprintf (outfile, "Not verified.");
- }
- else
- {
- fprintf (outfile, "Verified.");
- }
-
- ret = gnutls_certificate_verification_status_print( output, GNUTLS_CRT_X509, &pout, 0);
- if (ret < 0)
- {
- fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
- exit(EXIT_FAILURE);
- }
-
- fprintf (outfile, " %s", pout.data);
- gnutls_free(pout.data);
+ gnutls_datum_t pout;
+ int ret;
+
+ if (output) {
+ fprintf(outfile, "Not verified.");
+ } else {
+ fprintf(outfile, "Verified.");
+ }
+
+ ret =
+ gnutls_certificate_verification_status_print(output,
+ GNUTLS_CRT_X509,
+ &pout, 0);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ exit(EXIT_FAILURE);
+ }
+
+ fprintf(outfile, " %s", pout.data);
+ gnutls_free(pout.data);
}
-static void
-verify_chain (void)
+static void verify_chain(void)
{
- char *buf;
- size_t size;
+ char *buf;
+ size_t size;
- buf = (void*)fread_file (infile, &size);
- if (buf == NULL)
- {
- fprintf(stderr, "reading chain");
- exit(1);
- }
+ buf = (void *) fread_file(infile, &size);
+ if (buf == NULL) {
+ fprintf(stderr, "reading chain");
+ exit(1);
+ }
- buf[size] = 0;
+ buf[size] = 0;
- _verify_x509_mem (buf, size, NULL, 0);
+ _verify_x509_mem(buf, size, NULL, 0);
}
-static void
-verify_certificate (common_info_st * cinfo)
+static void verify_certificate(common_info_st * cinfo)
{
- char *cert;
- char *cas;
- size_t cert_size, ca_size;
- FILE * ca_file = fopen(cinfo->ca, "r");
-
- if (ca_file == NULL)
- {
- fprintf(stderr, "opening CA file");
- exit(1);
- }
-
- cert = (void*)fread_file (infile, &cert_size);
- if (cert == NULL)
- {
- fprintf(stderr, "reading certificate chain");
- exit(1);
- }
-
- cert[cert_size] = 0;
-
- cas = (void*)fread_file (ca_file, &ca_size);
- if (cas == NULL)
- {
- fprintf(stderr, "reading CA list");
- exit(1);
- }
-
- cas[ca_size] = 0;
- fclose(ca_file);
-
- _verify_x509_mem (cert, cert_size, cas, ca_size);
+ char *cert;
+ char *cas;
+ size_t cert_size, ca_size;
+ FILE *ca_file = fopen(cinfo->ca, "r");
+
+ if (ca_file == NULL) {
+ fprintf(stderr, "opening CA file");
+ exit(1);
+ }
+
+ cert = (void *) fread_file(infile, &cert_size);
+ if (cert == NULL) {
+ fprintf(stderr, "reading certificate chain");
+ exit(1);
+ }
+
+ cert[cert_size] = 0;
+
+ cas = (void *) fread_file(ca_file, &ca_size);
+ if (cas == NULL) {
+ fprintf(stderr, "reading CA list");
+ exit(1);
+ }
+
+ cas[ca_size] = 0;
+ fclose(ca_file);
+
+ _verify_x509_mem(cert, cert_size, cas, ca_size);
}
-void
-verify_crl (common_info_st * cinfo)
+void verify_crl(common_info_st * cinfo)
{
- size_t size, dn_size;
- char dn[128];
- unsigned int output;
- int ret;
- gnutls_datum_t pem, pout;
- gnutls_x509_crl_t crl;
- gnutls_x509_crt_t issuer;
-
- issuer = load_ca_cert (cinfo);
-
- fprintf (outfile, "\nCA certificate:\n");
-
- dn_size = sizeof (dn);
- ret = gnutls_x509_crt_get_dn (issuer, dn, &dn_size);
- if (ret < 0)
- {
- fprintf(stderr, "crt_get_dn: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "\tSubject: %s\n\n", dn);
-
- ret = gnutls_x509_crl_init (&crl);
- if (ret < 0)
- {
- fprintf(stderr, "crl_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- pem.data = (void*)fread_file (infile, &size);
- pem.size = size;
-
- ret = gnutls_x509_crl_import (crl, &pem, incert_format);
- free (pem.data);
- if (ret < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- print_crl_info (crl, outfile);
-
- fprintf (outfile, "Verification output: ");
- ret = gnutls_x509_crl_verify (crl, &issuer, 1, 0, &output);
- if (ret < 0)
- {
- fprintf(stderr, "verification error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (output)
- {
- fprintf (outfile, "Not verified. ");
- }
- else
- {
- fprintf (outfile, "Verified.");
- }
-
- ret = gnutls_certificate_verification_status_print( output, GNUTLS_CRT_X509, &pout, 0);
- if (ret < 0)
- {
- fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
- exit(EXIT_FAILURE);
- }
-
- fprintf (outfile, " %s", pout.data);
- gnutls_free(pout.data);
-
- fprintf (outfile, "\n");
+ size_t size, dn_size;
+ char dn[128];
+ unsigned int output;
+ int ret;
+ gnutls_datum_t pem, pout;
+ gnutls_x509_crl_t crl;
+ gnutls_x509_crt_t issuer;
+
+ issuer = load_ca_cert(cinfo);
+
+ fprintf(outfile, "\nCA certificate:\n");
+
+ dn_size = sizeof(dn);
+ ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size);
+ if (ret < 0) {
+ fprintf(stderr, "crt_get_dn: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\tSubject: %s\n\n", dn);
+
+ ret = gnutls_x509_crl_init(&crl);
+ if (ret < 0) {
+ fprintf(stderr, "crl_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ pem.data = (void *) fread_file(infile, &size);
+ pem.size = size;
+
+ ret = gnutls_x509_crl_import(crl, &pem, incert_format);
+ free(pem.data);
+ if (ret < 0) {
+ fprintf(stderr, "import error: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ print_crl_info(crl, outfile);
+
+ fprintf(outfile, "Verification output: ");
+ ret = gnutls_x509_crl_verify(crl, &issuer, 1, 0, &output);
+ if (ret < 0) {
+ fprintf(stderr, "verification error: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (output) {
+ fprintf(outfile, "Not verified. ");
+ } else {
+ fprintf(outfile, "Verified.");
+ }
+
+ ret =
+ gnutls_certificate_verification_status_print(output,
+ GNUTLS_CRT_X509,
+ &pout, 0);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ exit(EXIT_FAILURE);
+ }
+
+ fprintf(outfile, " %s", pout.data);
+ gnutls_free(pout.data);
+
+ fprintf(outfile, "\n");
}
-void
-generate_pkcs8 (common_info_st * cinfo)
+void generate_pkcs8(common_info_st * cinfo)
{
- gnutls_x509_privkey_t key;
- int result;
- size_t size;
- unsigned int flags = 0;
- const char *password;
+ gnutls_x509_privkey_t key;
+ int result;
+ size_t size;
+ unsigned int flags = 0;
+ const char *password;
- fprintf (stderr, "Generating a PKCS #8 key structure...\n");
+ fprintf(stderr, "Generating a PKCS #8 key structure...\n");
- key = load_x509_private_key (1, cinfo);
+ key = load_x509_private_key(1, cinfo);
- password = get_password(cinfo, &flags, 1);
+ password = get_password(cinfo, &flags, 1);
- flags |= cipher_to_flags (cinfo->pkcs_cipher);
+ flags |= cipher_to_flags(cinfo->pkcs_cipher);
- size = buffer_size;
- result =
- gnutls_x509_privkey_export_pkcs8 (key, outcert_format,
- password, flags, buffer, &size);
+ size = buffer_size;
+ result =
+ gnutls_x509_privkey_export_pkcs8(key, outcert_format,
+ password, flags, buffer,
+ &size);
- if (result < 0)
- {
- fprintf(stderr, "key_export: %s", gnutls_strerror (result));
- exit(1);
- }
+ if (result < 0) {
+ fprintf(stderr, "key_export: %s", gnutls_strerror(result));
+ exit(1);
+ }
- fwrite (buffer, 1, size, outfile);
+ fwrite(buffer, 1, size, outfile);
}
@@ -2600,651 +2515,628 @@ generate_pkcs8 (common_info_st * cinfo)
#include <gnutls/pkcs12.h>
#include <unistd.h>
-void
-generate_pkcs12 (common_info_st * cinfo)
+void generate_pkcs12(common_info_st * cinfo)
{
- gnutls_pkcs12_t pkcs12;
- gnutls_x509_crt_t *crts;
- gnutls_x509_privkey_t *keys;
- int result;
- size_t size;
- gnutls_datum_t data;
- const char *pass;
- const char *name;
- unsigned int flags = 0, i;
- gnutls_datum_t key_id;
- unsigned char _key_id[32];
- int indx;
- size_t ncrts;
- size_t nkeys;
-
- fprintf (stderr, "Generating a PKCS #12 structure...\n");
-
- keys = load_privkey_list (0, &nkeys, cinfo);
- crts = load_cert_list (0, &ncrts, cinfo);
-
- name = get_pkcs12_key_name ();
-
- result = gnutls_pkcs12_init (&pkcs12);
- if (result < 0)
- {
- fprintf(stderr, "pkcs12_init: %s", gnutls_strerror (result));
- exit(1);
- }
-
- pass = get_password(cinfo, &flags, 1);
- flags |= cipher_to_flags (cinfo->pkcs_cipher);
-
- for (i = 0; i < ncrts; i++)
- {
- gnutls_pkcs12_bag_t bag;
-
- result = gnutls_pkcs12_bag_init (&bag);
- if (result < 0)
- {
- fprintf(stderr, "bag_init: %s", gnutls_strerror (result));
- exit(1);
- }
-
- result = gnutls_pkcs12_bag_set_crt (bag, crts[i]);
- if (result < 0)
- {
- fprintf(stderr, "set_crt[%d]: %s", i,
- gnutls_strerror (result));
- exit(1);
- }
-
- indx = result;
-
- if (i==0) /* only the first certificate gets the friendly name */
- {
- result = gnutls_pkcs12_bag_set_friendly_name (bag, indx, name);
- if (result < 0)
- {
- fprintf(stderr, "bag_set_friendly_name: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- size = sizeof (_key_id);
- result = gnutls_x509_crt_get_key_id (crts[i], 0, _key_id, &size);
- if (result < 0)
- {
- fprintf(stderr, "key_id[%d]: %s", i,
- gnutls_strerror (result));
- exit(1);
- }
-
- key_id.data = _key_id;
- key_id.size = size;
-
- result = gnutls_pkcs12_bag_set_key_id (bag, indx, &key_id);
- if (result < 0)
- {
- fprintf(stderr, "bag_set_key_id: %s",
- gnutls_strerror (result));
- exit(1);
- }
-
- result = gnutls_pkcs12_bag_encrypt (bag, pass, flags);
- if (result < 0)
- {
- fprintf(stderr, "bag_encrypt: %s", gnutls_strerror (result));
- exit(1);
- }
-
- result = gnutls_pkcs12_set_bag (pkcs12, bag);
- if (result < 0)
- {
- fprintf(stderr, "set_bag: %s", gnutls_strerror (result));
- exit(1);
- }
- }
-
- for (i = 0; i < nkeys; i++)
- {
- gnutls_pkcs12_bag_t kbag;
-
- result = gnutls_pkcs12_bag_init (&kbag);
- if (result < 0)
- {
- fprintf(stderr, "bag_init: %s", gnutls_strerror (result));
- exit(1);
- }
-
- size = buffer_size;
- result =
- gnutls_x509_privkey_export_pkcs8 (keys[i], GNUTLS_X509_FMT_DER,
- pass, flags, buffer, &size);
- if (result < 0)
- {
- fprintf(stderr, "key_export[%d]: %s", i, gnutls_strerror (result));
- exit(1);
- }
-
- data.data = buffer;
- data.size = size;
- result =
- gnutls_pkcs12_bag_set_data (kbag,
- GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data);
- if (result < 0)
- {
- fprintf(stderr, "bag_set_data: %s", gnutls_strerror (result));
- exit(1);
- }
-
- indx = result;
-
- result = gnutls_pkcs12_bag_set_friendly_name (kbag, indx, name);
- if (result < 0)
- {
- fprintf(stderr, "bag_set_friendly_name: %s",
- gnutls_strerror (result));
- exit(1);
- }
-
- size = sizeof (_key_id);
- result = gnutls_x509_privkey_get_key_id (keys[i], 0, _key_id, &size);
- if (result < 0)
- {
- fprintf(stderr, "key_id[%d]: %s", i, gnutls_strerror (result));
- exit(1);
- }
-
- key_id.data = _key_id;
- key_id.size = size;
-
- result = gnutls_pkcs12_bag_set_key_id (kbag, indx, &key_id);
- if (result < 0)
- {
- fprintf(stderr, "bag_set_key_id: %s",
- gnutls_strerror (result));
- exit(1);
- }
-
- result = gnutls_pkcs12_set_bag (pkcs12, kbag);
- if (result < 0)
- {
- fprintf(stderr, "set_bag: %s", gnutls_strerror (result));
- exit(1);
- }
- }
-
- result = gnutls_pkcs12_generate_mac (pkcs12, pass);
- if (result < 0)
- {
- fprintf(stderr, "generate_mac: %s", gnutls_strerror (result));
- exit(1);
- }
-
- size = buffer_size;
- result = gnutls_pkcs12_export (pkcs12, outcert_format, buffer, &size);
- if (result < 0)
- {
- fprintf(stderr, "pkcs12_export: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
+ gnutls_pkcs12_t pkcs12;
+ gnutls_x509_crt_t *crts;
+ gnutls_x509_privkey_t *keys;
+ int result;
+ size_t size;
+ gnutls_datum_t data;
+ const char *pass;
+ const char *name;
+ unsigned int flags = 0, i;
+ gnutls_datum_t key_id;
+ unsigned char _key_id[32];
+ int indx;
+ size_t ncrts;
+ size_t nkeys;
+
+ fprintf(stderr, "Generating a PKCS #12 structure...\n");
+
+ keys = load_privkey_list(0, &nkeys, cinfo);
+ crts = load_cert_list(0, &ncrts, cinfo);
+
+ name = get_pkcs12_key_name();
+
+ result = gnutls_pkcs12_init(&pkcs12);
+ if (result < 0) {
+ fprintf(stderr, "pkcs12_init: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ pass = get_password(cinfo, &flags, 1);
+ flags |= cipher_to_flags(cinfo->pkcs_cipher);
+
+ for (i = 0; i < ncrts; i++) {
+ gnutls_pkcs12_bag_t bag;
+
+ result = gnutls_pkcs12_bag_init(&bag);
+ if (result < 0) {
+ fprintf(stderr, "bag_init: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_pkcs12_bag_set_crt(bag, crts[i]);
+ if (result < 0) {
+ fprintf(stderr, "set_crt[%d]: %s", i,
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ indx = result;
+
+ if (i == 0) { /* only the first certificate gets the friendly name */
+ result =
+ gnutls_pkcs12_bag_set_friendly_name(bag, indx,
+ name);
+ if (result < 0) {
+ fprintf(stderr,
+ "bag_set_friendly_name: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ size = sizeof(_key_id);
+ result =
+ gnutls_x509_crt_get_key_id(crts[i], 0, _key_id, &size);
+ if (result < 0) {
+ fprintf(stderr, "key_id[%d]: %s", i,
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ key_id.data = _key_id;
+ key_id.size = size;
+
+ result = gnutls_pkcs12_bag_set_key_id(bag, indx, &key_id);
+ if (result < 0) {
+ fprintf(stderr, "bag_set_key_id: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_pkcs12_bag_encrypt(bag, pass, flags);
+ if (result < 0) {
+ fprintf(stderr, "bag_encrypt: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_pkcs12_set_bag(pkcs12, bag);
+ if (result < 0) {
+ fprintf(stderr, "set_bag: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ for (i = 0; i < nkeys; i++) {
+ gnutls_pkcs12_bag_t kbag;
+
+ result = gnutls_pkcs12_bag_init(&kbag);
+ if (result < 0) {
+ fprintf(stderr, "bag_init: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ size = buffer_size;
+ result =
+ gnutls_x509_privkey_export_pkcs8(keys[i],
+ GNUTLS_X509_FMT_DER,
+ pass, flags, buffer,
+ &size);
+ if (result < 0) {
+ fprintf(stderr, "key_export[%d]: %s", i,
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ data.data = buffer;
+ data.size = size;
+ result =
+ gnutls_pkcs12_bag_set_data(kbag,
+ GNUTLS_BAG_PKCS8_ENCRYPTED_KEY,
+ &data);
+ if (result < 0) {
+ fprintf(stderr, "bag_set_data: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ indx = result;
+
+ result =
+ gnutls_pkcs12_bag_set_friendly_name(kbag, indx, name);
+ if (result < 0) {
+ fprintf(stderr, "bag_set_friendly_name: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ size = sizeof(_key_id);
+ result =
+ gnutls_x509_privkey_get_key_id(keys[i], 0, _key_id,
+ &size);
+ if (result < 0) {
+ fprintf(stderr, "key_id[%d]: %s", i,
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ key_id.data = _key_id;
+ key_id.size = size;
+
+ result = gnutls_pkcs12_bag_set_key_id(kbag, indx, &key_id);
+ if (result < 0) {
+ fprintf(stderr, "bag_set_key_id: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_pkcs12_set_bag(pkcs12, kbag);
+ if (result < 0) {
+ fprintf(stderr, "set_bag: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ result = gnutls_pkcs12_generate_mac(pkcs12, pass);
+ if (result < 0) {
+ fprintf(stderr, "generate_mac: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ size = buffer_size;
+ result =
+ gnutls_pkcs12_export(pkcs12, outcert_format, buffer, &size);
+ if (result < 0) {
+ fprintf(stderr, "pkcs12_export: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
}
-static const char *
-BAGTYPE (gnutls_pkcs12_bag_type_t x)
+static const char *BAGTYPE(gnutls_pkcs12_bag_type_t x)
{
- switch (x)
- {
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- return "PKCS #8 Encrypted key";
- case GNUTLS_BAG_EMPTY:
- return "Empty";
- case GNUTLS_BAG_PKCS8_KEY:
- return "PKCS #8 Key";
- case GNUTLS_BAG_CERTIFICATE:
- return "Certificate";
- case GNUTLS_BAG_ENCRYPTED:
- return "Encrypted";
- case GNUTLS_BAG_CRL:
- return "CRL";
- case GNUTLS_BAG_SECRET:
- return "Secret";
- default:
- return "Unknown";
- }
+ switch (x) {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ return "PKCS #8 Encrypted key";
+ case GNUTLS_BAG_EMPTY:
+ return "Empty";
+ case GNUTLS_BAG_PKCS8_KEY:
+ return "PKCS #8 Key";
+ case GNUTLS_BAG_CERTIFICATE:
+ return "Certificate";
+ case GNUTLS_BAG_ENCRYPTED:
+ return "Encrypted";
+ case GNUTLS_BAG_CRL:
+ return "CRL";
+ case GNUTLS_BAG_SECRET:
+ return "Secret";
+ default:
+ return "Unknown";
+ }
}
-static void
-print_bag_data (gnutls_pkcs12_bag_t bag)
+static void print_bag_data(gnutls_pkcs12_bag_t bag)
{
- int result;
- int count, i, type;
- gnutls_datum_t cdata, id;
- const char *str, *name;
- gnutls_datum_t out;
-
- count = gnutls_pkcs12_bag_get_count (bag);
- if (count < 0)
- {
- fprintf(stderr, "get_count: %s", gnutls_strerror (count));
- exit(1);
- }
-
- fprintf (outfile, "\tElements: %d\n", count);
-
- for (i = 0; i < count; i++)
- {
- type = gnutls_pkcs12_bag_get_type (bag, i);
- if (type < 0)
- {
- fprintf(stderr, "get_type: %s", gnutls_strerror (type));
- exit(1);
- }
-
- fprintf (stderr, "\tType: %s\n", BAGTYPE (type));
-
- name = NULL;
- result = gnutls_pkcs12_bag_get_friendly_name (bag, i, (char **) &name);
- if (result < 0)
- {
- fprintf(stderr, "get_friendly_name: %s",
- gnutls_strerror (type));
- exit(1);
- }
-
- if (name)
- fprintf (outfile, "\tFriendly name: %s\n", name);
-
- id.data = NULL;
- id.size = 0;
- result = gnutls_pkcs12_bag_get_key_id (bag, i, &id);
- if (result < 0)
- {
- fprintf(stderr, "get_key_id: %s", gnutls_strerror (type));
- exit(1);
- }
-
- if (id.size > 0)
- fprintf (outfile, "\tKey ID: %s\n", raw_to_string (id.data, id.size));
-
- result = gnutls_pkcs12_bag_get_data (bag, i, &cdata);
- if (result < 0)
- {
- fprintf(stderr, "get_data: %s", gnutls_strerror (result));
- exit(1);
- }
-
- switch (type)
- {
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- str = "ENCRYPTED PRIVATE KEY";
- break;
- case GNUTLS_BAG_PKCS8_KEY:
- str = "PRIVATE KEY";
- break;
- case GNUTLS_BAG_CERTIFICATE:
- str = "CERTIFICATE";
- break;
- case GNUTLS_BAG_CRL:
- str = "CRL";
- break;
- case GNUTLS_BAG_ENCRYPTED:
- case GNUTLS_BAG_EMPTY:
- default:
- str = NULL;
- }
-
- if (str != NULL)
- {
- gnutls_pem_base64_encode_alloc (str, &cdata, &out);
- fprintf (outfile, "%s\n", out.data);
-
- gnutls_free (out.data);
- }
-
- }
+ int result;
+ int count, i, type;
+ gnutls_datum_t cdata, id;
+ const char *str, *name;
+ gnutls_datum_t out;
+
+ count = gnutls_pkcs12_bag_get_count(bag);
+ if (count < 0) {
+ fprintf(stderr, "get_count: %s", gnutls_strerror(count));
+ exit(1);
+ }
+
+ fprintf(outfile, "\tElements: %d\n", count);
+
+ for (i = 0; i < count; i++) {
+ type = gnutls_pkcs12_bag_get_type(bag, i);
+ if (type < 0) {
+ fprintf(stderr, "get_type: %s",
+ gnutls_strerror(type));
+ exit(1);
+ }
+
+ fprintf(stderr, "\tType: %s\n", BAGTYPE(type));
+
+ name = NULL;
+ result =
+ gnutls_pkcs12_bag_get_friendly_name(bag, i,
+ (char **) &name);
+ if (result < 0) {
+ fprintf(stderr, "get_friendly_name: %s",
+ gnutls_strerror(type));
+ exit(1);
+ }
+
+ if (name)
+ fprintf(outfile, "\tFriendly name: %s\n", name);
+
+ id.data = NULL;
+ id.size = 0;
+ result = gnutls_pkcs12_bag_get_key_id(bag, i, &id);
+ if (result < 0) {
+ fprintf(stderr, "get_key_id: %s",
+ gnutls_strerror(type));
+ exit(1);
+ }
+
+ if (id.size > 0)
+ fprintf(outfile, "\tKey ID: %s\n",
+ raw_to_string(id.data, id.size));
+
+ result = gnutls_pkcs12_bag_get_data(bag, i, &cdata);
+ if (result < 0) {
+ fprintf(stderr, "get_data: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ switch (type) {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ str = "ENCRYPTED PRIVATE KEY";
+ break;
+ case GNUTLS_BAG_PKCS8_KEY:
+ str = "PRIVATE KEY";
+ break;
+ case GNUTLS_BAG_CERTIFICATE:
+ str = "CERTIFICATE";
+ break;
+ case GNUTLS_BAG_CRL:
+ str = "CRL";
+ break;
+ case GNUTLS_BAG_ENCRYPTED:
+ case GNUTLS_BAG_EMPTY:
+ default:
+ str = NULL;
+ }
+
+ if (str != NULL) {
+ gnutls_pem_base64_encode_alloc(str, &cdata, &out);
+ fprintf(outfile, "%s\n", out.data);
+
+ gnutls_free(out.data);
+ }
+
+ }
}
-void
-pkcs12_info (common_info_st* cinfo)
+void pkcs12_info(common_info_st * cinfo)
{
- gnutls_pkcs12_t pkcs12;
- gnutls_pkcs12_bag_t bag;
- int result;
- size_t size;
- gnutls_datum_t data;
- const char *pass;
- int indx, fail = 0;
-
- result = gnutls_pkcs12_init (&pkcs12);
- if (result < 0)
- {
- fprintf(stderr, "p12_init: %s", gnutls_strerror (result));
- exit(1);
- }
-
- data.data = (void*)fread_file (infile, &size);
- data.size = size;
-
- result = gnutls_pkcs12_import (pkcs12, &data, incert_format, 0);
- free (data.data);
- if (result < 0)
- {
- fprintf(stderr, "p12_import: %s", gnutls_strerror (result));
- exit(1);
- }
-
- pass = get_password(cinfo, NULL, 0);
-
- result = gnutls_pkcs12_verify_mac (pkcs12, pass);
- if (result < 0)
- {
- fail = 1;
- fprintf (stderr, "verify_mac: %s", gnutls_strerror (result));
- }
-
- for (indx = 0;; indx++)
- {
- result = gnutls_pkcs12_bag_init (&bag);
- if (result < 0)
- {
- fprintf(stderr, "bag_init: %s", gnutls_strerror (result));
- exit(1);
- }
-
- result = gnutls_pkcs12_get_bag (pkcs12, indx, bag);
- if (result < 0)
- break;
-
- result = gnutls_pkcs12_bag_get_count (bag);
- if (result < 0)
- {
- fprintf(stderr, "bag_count: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fprintf (outfile, "BAG #%d\n", indx);
-
- result = gnutls_pkcs12_bag_get_type (bag, 0);
- if (result < 0)
- {
- fprintf(stderr, "bag_init: %s", gnutls_strerror (result));
- exit(1);
- }
-
- if (result == GNUTLS_BAG_ENCRYPTED)
- {
- fprintf (stderr, "\tType: %s\n", BAGTYPE (result));
- fprintf (stderr, "\n\tDecrypting...\n");
-
- result = gnutls_pkcs12_bag_decrypt (bag, pass);
-
- if (result < 0)
- {
- fail = 1;
- fprintf(stderr, "bag_decrypt: %s", gnutls_strerror (result));
- continue;
- }
-
- result = gnutls_pkcs12_bag_get_count (bag);
- if (result < 0)
- {
- fprintf(stderr, "encrypted bag_count: %s",
- gnutls_strerror (result));
- exit(1);
- }
- }
-
- print_bag_data (bag);
-
- gnutls_pkcs12_bag_deinit (bag);
- }
-
- if (fail)
- {
- fprintf(stderr, "There were errors parsing the structure\n");
- exit(1);
- }
+ gnutls_pkcs12_t pkcs12;
+ gnutls_pkcs12_bag_t bag;
+ int result;
+ size_t size;
+ gnutls_datum_t data;
+ const char *pass;
+ int indx, fail = 0;
+
+ result = gnutls_pkcs12_init(&pkcs12);
+ if (result < 0) {
+ fprintf(stderr, "p12_init: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ data.data = (void *) fread_file(infile, &size);
+ data.size = size;
+
+ result = gnutls_pkcs12_import(pkcs12, &data, incert_format, 0);
+ free(data.data);
+ if (result < 0) {
+ fprintf(stderr, "p12_import: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ pass = get_password(cinfo, NULL, 0);
+
+ result = gnutls_pkcs12_verify_mac(pkcs12, pass);
+ if (result < 0) {
+ fail = 1;
+ fprintf(stderr, "verify_mac: %s", gnutls_strerror(result));
+ }
+
+ for (indx = 0;; indx++) {
+ result = gnutls_pkcs12_bag_init(&bag);
+ if (result < 0) {
+ fprintf(stderr, "bag_init: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_pkcs12_get_bag(pkcs12, indx, bag);
+ if (result < 0)
+ break;
+
+ result = gnutls_pkcs12_bag_get_count(bag);
+ if (result < 0) {
+ fprintf(stderr, "bag_count: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ fprintf(outfile, "BAG #%d\n", indx);
+
+ result = gnutls_pkcs12_bag_get_type(bag, 0);
+ if (result < 0) {
+ fprintf(stderr, "bag_init: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ if (result == GNUTLS_BAG_ENCRYPTED) {
+ fprintf(stderr, "\tType: %s\n", BAGTYPE(result));
+ fprintf(stderr, "\n\tDecrypting...\n");
+
+ result = gnutls_pkcs12_bag_decrypt(bag, pass);
+
+ if (result < 0) {
+ fail = 1;
+ fprintf(stderr, "bag_decrypt: %s",
+ gnutls_strerror(result));
+ continue;
+ }
+
+ result = gnutls_pkcs12_bag_get_count(bag);
+ if (result < 0) {
+ fprintf(stderr, "encrypted bag_count: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ }
+
+ print_bag_data(bag);
+
+ gnutls_pkcs12_bag_deinit(bag);
+ }
+
+ if (fail) {
+ fprintf(stderr,
+ "There were errors parsing the structure\n");
+ exit(1);
+ }
}
-void
-pkcs7_info (void)
+void pkcs7_info(void)
{
- gnutls_pkcs7_t pkcs7;
- int result;
- size_t size;
- gnutls_datum_t data, b64;
- int indx, count;
-
- result = gnutls_pkcs7_init (&pkcs7);
- if (result < 0)
- {
- fprintf(stderr, "p7_init: %s", gnutls_strerror (result));
- exit(1);
- }
-
- data.data = (void*)fread_file (infile, &size);
- data.size = size;
-
- result = gnutls_pkcs7_import (pkcs7, &data, incert_format);
- free (data.data);
- if (result < 0)
- {
- fprintf(stderr, "import error: %s", gnutls_strerror (result));
- exit(1);
- }
-
- /* Read and print the certificates.
- */
- result = gnutls_pkcs7_get_crt_count (pkcs7);
- if (result < 0)
- {
- fprintf(stderr, "p7_crt_count: %s", gnutls_strerror (result));
- exit(1);
- }
-
- count = result;
-
- if (count > 0)
- fprintf (outfile, "Number of certificates: %u\n", count);
-
- for (indx = 0; indx < count; indx++)
- {
- fputs ("\n", outfile);
-
- size = buffer_size;
- result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, buffer, &size);
- if (result < 0)
- break;
-
- data.data = buffer;
- data.size = size;
-
- result = gnutls_pem_base64_encode_alloc ("CERTIFICATE", &data, &b64);
- if (result < 0)
- {
- fprintf(stderr, "encoding: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fputs ((void*)b64.data, outfile);
- gnutls_free (b64.data);
- }
-
- /* Read the CRLs now.
- */
- result = gnutls_pkcs7_get_crl_count (pkcs7);
- if (result < 0)
- {
- fprintf(stderr, "p7_crl_count: %s", gnutls_strerror (result));
- exit(1);
- }
-
- count = result;
-
- if (count > 0)
- fprintf (outfile, "\nNumber of CRLs: %u\n", count);
-
- for (indx = 0; indx < count; indx++)
- {
- fputs ("\n", outfile);
-
- size = buffer_size;
- result = gnutls_pkcs7_get_crl_raw (pkcs7, indx, buffer, &size);
- if (result < 0)
- break;
-
- data.data = buffer;
- data.size = size;
-
- result = gnutls_pem_base64_encode_alloc ("X509 CRL", &data, &b64);
- if (result < 0)
- {
- fprintf(stderr, "encoding: %s", gnutls_strerror (result));
- exit(1);
- }
-
- fputs ((void*)b64.data, outfile);
- gnutls_free (b64.data);
- }
+ gnutls_pkcs7_t pkcs7;
+ int result;
+ size_t size;
+ gnutls_datum_t data, b64;
+ int indx, count;
+
+ result = gnutls_pkcs7_init(&pkcs7);
+ if (result < 0) {
+ fprintf(stderr, "p7_init: %s", gnutls_strerror(result));
+ exit(1);
+ }
+
+ data.data = (void *) fread_file(infile, &size);
+ data.size = size;
+
+ result = gnutls_pkcs7_import(pkcs7, &data, incert_format);
+ free(data.data);
+ if (result < 0) {
+ fprintf(stderr, "import error: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ /* Read and print the certificates.
+ */
+ result = gnutls_pkcs7_get_crt_count(pkcs7);
+ if (result < 0) {
+ fprintf(stderr, "p7_crt_count: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ count = result;
+
+ if (count > 0)
+ fprintf(outfile, "Number of certificates: %u\n", count);
+
+ for (indx = 0; indx < count; indx++) {
+ fputs("\n", outfile);
+
+ size = buffer_size;
+ result =
+ gnutls_pkcs7_get_crt_raw(pkcs7, indx, buffer, &size);
+ if (result < 0)
+ break;
+
+ data.data = buffer;
+ data.size = size;
+
+ result =
+ gnutls_pem_base64_encode_alloc("CERTIFICATE", &data,
+ &b64);
+ if (result < 0) {
+ fprintf(stderr, "encoding: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ fputs((void *) b64.data, outfile);
+ gnutls_free(b64.data);
+ }
+
+ /* Read the CRLs now.
+ */
+ result = gnutls_pkcs7_get_crl_count(pkcs7);
+ if (result < 0) {
+ fprintf(stderr, "p7_crl_count: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ count = result;
+
+ if (count > 0)
+ fprintf(outfile, "\nNumber of CRLs: %u\n", count);
+
+ for (indx = 0; indx < count; indx++) {
+ fputs("\n", outfile);
+
+ size = buffer_size;
+ result =
+ gnutls_pkcs7_get_crl_raw(pkcs7, indx, buffer, &size);
+ if (result < 0)
+ break;
+
+ data.data = buffer;
+ data.size = size;
+
+ result =
+ gnutls_pem_base64_encode_alloc("X509 CRL", &data,
+ &b64);
+ if (result < 0) {
+ fprintf(stderr, "encoding: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ fputs((void *) b64.data, outfile);
+ gnutls_free(b64.data);
+ }
}
-void
-smime_to_pkcs7 (void)
+void smime_to_pkcs7(void)
{
- size_t linesize = 0;
- char *lineptr = NULL;
- ssize_t len;
-
- /* Find body. FIXME: Handle non-b64 Content-Transfer-Encoding.
- Reject non-S/MIME tagged Content-Type's? */
- do
- {
- len = getline (&lineptr, &linesize, infile);
- if (len == -1)
- {
- fprintf(stderr, "cannot find RFC 2822 header/body separator");
- exit(1);
- }
- }
- while (strcmp (lineptr, "\r\n") != 0 && strcmp (lineptr, "\n") != 0);
-
- do
- {
- len = getline (&lineptr, &linesize, infile);
- if (len == -1)
- {
- fprintf(stderr, "message has RFC 2822 header but no body");
- exit(1);
- }
- }
- while (strcmp (lineptr, "\r\n") == 0 && strcmp (lineptr, "\n") == 0);
-
- fprintf (outfile, "%s", "-----BEGIN PKCS7-----\n");
-
- do
- {
- while (len > 0
- && (lineptr[len - 1] == '\r' || lineptr[len - 1] == '\n'))
- lineptr[--len] = '\0';
- if (strcmp (lineptr, "") != 0)
- fprintf (outfile, "%s\n", lineptr);
- len = getline (&lineptr, &linesize, infile);
- }
- while (len != -1);
-
- fprintf (outfile, "%s", "-----END PKCS7-----\n");
-
- free (lineptr);
+ size_t linesize = 0;
+ char *lineptr = NULL;
+ ssize_t len;
+
+ /* Find body. FIXME: Handle non-b64 Content-Transfer-Encoding.
+ Reject non-S/MIME tagged Content-Type's? */
+ do {
+ len = getline(&lineptr, &linesize, infile);
+ if (len == -1) {
+ fprintf(stderr,
+ "cannot find RFC 2822 header/body separator");
+ exit(1);
+ }
+ }
+ while (strcmp(lineptr, "\r\n") != 0 && strcmp(lineptr, "\n") != 0);
+
+ do {
+ len = getline(&lineptr, &linesize, infile);
+ if (len == -1) {
+ fprintf(stderr,
+ "message has RFC 2822 header but no body");
+ exit(1);
+ }
+ }
+ while (strcmp(lineptr, "\r\n") == 0 && strcmp(lineptr, "\n") == 0);
+
+ fprintf(outfile, "%s", "-----BEGIN PKCS7-----\n");
+
+ do {
+ while (len > 0
+ && (lineptr[len - 1] == '\r'
+ || lineptr[len - 1] == '\n'))
+ lineptr[--len] = '\0';
+ if (strcmp(lineptr, "") != 0)
+ fprintf(outfile, "%s\n", lineptr);
+ len = getline(&lineptr, &linesize, infile);
+ }
+ while (len != -1);
+
+ fprintf(outfile, "%s", "-----END PKCS7-----\n");
+
+ free(lineptr);
}
-void
-pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo)
+void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo)
{
- gnutls_pubkey_t pubkey;
- gnutls_privkey_t privkey = NULL;
- gnutls_x509_crq_t crq = NULL;
- int ret;
- size_t size;
-
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- {
- fprintf(stderr, "pubkey_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (crt == NULL)
- {
- crt = load_cert (0, cinfo);
- }
-
- if (crq == NULL)
- {
- crq = load_request (cinfo);
- }
-
- if (crt != NULL)
- {
- ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- {
- fprintf(stderr, "pubkey_import_x509: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
- else if (crq != NULL)
- {
- ret = gnutls_pubkey_import_x509_crq (pubkey, crq, 0);
- if (ret < 0)
- {
- fprintf(stderr, "pubkey_import_x509_crq: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
- else
- {
- privkey = load_private_key (0, cinfo);
-
- if (privkey != NULL)
- {
- ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0);
- if (ret < 0)
- {
- fprintf(stderr, "pubkey_import_privkey: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
- else
- {
- gnutls_pubkey_deinit(pubkey);
- pubkey = load_pubkey (1, cinfo);
- }
- }
-
- if (outcert_format == GNUTLS_X509_FMT_DER)
- {
- size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, outcert_format, buffer, &size);
- if (ret < 0)
- {
- fprintf(stderr, "export error: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fwrite (buffer, 1, size, outfile);
-
- gnutls_pubkey_deinit (pubkey);
-
- return;
- }
-
- /* PEM */
-
- _pubkey_info(outfile, full_format, pubkey);
- gnutls_pubkey_deinit (pubkey);
+ gnutls_pubkey_t pubkey;
+ gnutls_privkey_t privkey = NULL;
+ gnutls_x509_crq_t crq = NULL;
+ int ret;
+ size_t size;
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ fprintf(stderr, "pubkey_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (crt == NULL) {
+ crt = load_cert(0, cinfo);
+ }
+
+ if (crq == NULL) {
+ crq = load_request(cinfo);
+ }
+
+ if (crt != NULL) {
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0) {
+ fprintf(stderr, "pubkey_import_x509: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else if (crq != NULL) {
+ ret = gnutls_pubkey_import_x509_crq(pubkey, crq, 0);
+ if (ret < 0) {
+ fprintf(stderr, "pubkey_import_x509_crq: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ privkey = load_private_key(0, cinfo);
+
+ if (privkey != NULL) {
+ ret =
+ gnutls_pubkey_import_privkey(pubkey, privkey,
+ 0, 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "pubkey_import_privkey: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ gnutls_pubkey_deinit(pubkey);
+ pubkey = load_pubkey(1, cinfo);
+ }
+ }
+
+ if (outcert_format == GNUTLS_X509_FMT_DER) {
+ size = buffer_size;
+ ret =
+ gnutls_pubkey_export(pubkey, outcert_format, buffer,
+ &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(buffer, 1, size, outfile);
+
+ gnutls_pubkey_deinit(pubkey);
+
+ return;
+ }
+
+ /* PEM */
+
+ _pubkey_info(outfile, full_format, pubkey);
+ gnutls_pubkey_deinit(pubkey);
}
diff --git a/src/cli-debug.c b/src/cli-debug.c
index a32a75519b..ab09f971e8 100644
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -27,9 +27,9 @@
#include <gnutls/gnutls.h>
#include <sys/time.h>
#if HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#include <sys/socket.h>
#elif HAVE_WS2TCPIP_H
-# include <ws2tcpip.h>
+#include <ws2tcpip.h>
#endif
#include <tests.h>
#include <common.h>
@@ -40,7 +40,7 @@
/* Gnulib portability files. */
#include "sockets.h"
-static void cmd_parser (int argc, char **argv);
+static void cmd_parser(int argc, char **argv);
#define ERR(err,s) if (err==-1) {perror(s);return(1);}
#define MAX_BUF 4096
@@ -65,293 +65,296 @@ extern int tls1_ok;
extern int tls1_1_ok;
extern int ssl3_ok;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-typedef test_code_t (*TEST_FUNC) (gnutls_session_t);
+typedef test_code_t(*TEST_FUNC) (gnutls_session_t);
-typedef struct
-{
- const char *test_name;
- TEST_FUNC func;
- const char *suc_str;
- const char *fail_str;
- const char *unsure_str;
+typedef struct {
+ const char *test_name;
+ TEST_FUNC func;
+ const char *suc_str;
+ const char *fail_str;
+ const char *unsure_str;
} TLS_TEST;
static const TLS_TEST tls_tests[] = {
- {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
- {"whether \%COMPAT is required", test_record_padding, "no", "yes", "dunno"},
- {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
- {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
- {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
- "SSL 3.0"},
- {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
- /* The following tests will disable TLS 1.x if the server is
- * buggy */
- {"whether we need to disable TLS 1.2", test_tls_disable2, "no", "yes",
- "dunno"},
- {"whether we need to disable TLS 1.1", test_tls_disable1, "no", "yes",
- "dunno"},
- {"whether we need to disable TLS 1.0", test_tls_disable0, "no", "yes",
- "dunno"},
- {"for Safe renegotiation support", test_safe_renegotiation, "yes", "no",
- "dunno"},
- {"for Safe renegotiation support (SCSV)", test_safe_renegotiation_scsv,
- "yes", "no", "dunno"},
- {"for HTTPS server name", test_server, "", "failed", "not checked"},
- {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
- "dunno"},
- {"for version rollback bug in Client Hello", test_version_rollback,
- "no", "yes", "dunno"},
-
-
- {"whether the server ignores the RSA PMS version",
- test_rsa_pms_version_check, "yes", "no", "dunno"},
- {"whether the server can accept Hello Extensions",
- test_hello_extension, "yes", "no", "dunno"},
- {"whether the server can accept HeartBeat Extension", test_heartbeat_extension, "yes", "no", "dunno"},
- {"whether the server can accept small records (512 bytes)",
- test_small_records, "yes", "no", "dunno"},
- {"whether the server can accept cipher suites not in SSL 3.0 spec",
- test_unknown_ciphersuites, "yes", "no", "dunno"},
- {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"},
- {"for certificate information", test_certificate, "", "", ""},
- {"for trusted CAs", test_server_cas, "", "", ""},
- {"whether the server understands TLS closure alerts", test_bye, "yes",
- "no", "partially"},
- /* the fact that is after the closure alert test does matter.
- */
- {"whether the server supports session resumption",
- test_session_resume2, "yes", "no", "dunno"},
+ {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
+ {"whether \%COMPAT is required", test_record_padding, "no", "yes",
+ "dunno"},
+ {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
+ {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
+ {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0",
+ "failed",
+ "SSL 3.0"},
+ {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
+ /* The following tests will disable TLS 1.x if the server is
+ * buggy */
+ {"whether we need to disable TLS 1.2", test_tls_disable2, "no",
+ "yes",
+ "dunno"},
+ {"whether we need to disable TLS 1.1", test_tls_disable1, "no",
+ "yes",
+ "dunno"},
+ {"whether we need to disable TLS 1.0", test_tls_disable0, "no",
+ "yes",
+ "dunno"},
+ {"for Safe renegotiation support", test_safe_renegotiation, "yes",
+ "no",
+ "dunno"},
+ {"for Safe renegotiation support (SCSV)",
+ test_safe_renegotiation_scsv,
+ "yes", "no", "dunno"},
+ {"for HTTPS server name", test_server, "", "failed",
+ "not checked"},
+ {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
+ "dunno"},
+ {"for version rollback bug in Client Hello", test_version_rollback,
+ "no", "yes", "dunno"},
+
+
+ {"whether the server ignores the RSA PMS version",
+ test_rsa_pms_version_check, "yes", "no", "dunno"},
+ {"whether the server can accept Hello Extensions",
+ test_hello_extension, "yes", "no", "dunno"},
+ {"whether the server can accept HeartBeat Extension",
+ test_heartbeat_extension, "yes", "no", "dunno"},
+ {"whether the server can accept small records (512 bytes)",
+ test_small_records, "yes", "no", "dunno"},
+ {"whether the server can accept cipher suites not in SSL 3.0 spec",
+ test_unknown_ciphersuites, "yes", "no", "dunno"},
+ {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"},
+ {"for certificate information", test_certificate, "", "", ""},
+ {"for trusted CAs", test_server_cas, "", "", ""},
+ {"whether the server understands TLS closure alerts", test_bye,
+ "yes",
+ "no", "partially"},
+ /* the fact that is after the closure alert test does matter.
+ */
+ {"whether the server supports session resumption",
+ test_session_resume2, "yes", "no", "dunno"},
#ifdef ENABLE_ANON
- {"for anonymous authentication support", test_anonymous, "yes", "no",
- "dunno"},
- {"anonymous Diffie-Hellman group info", test_dhe_group, "", "N/A",
- "N/A"},
+ {"for anonymous authentication support", test_anonymous, "yes",
+ "no",
+ "dunno"},
+ {"anonymous Diffie-Hellman group info", test_dhe_group, "", "N/A",
+ "N/A"},
#endif
- {"for ephemeral Diffie-Hellman support", test_dhe, "yes", "no",
- "dunno"},
- {"ephemeral Diffie-Hellman group info", test_dhe_group, "", "N/A",
- "N/A"},
- {"for ephemeral EC Diffie-Hellman support", test_ecdhe, "yes", "no",
- "dunno"},
- {"ephemeral EC Diffie-Hellman group info", test_ecdhe_curve, "", "N/A",
- "N/A"},
- {"for AES-GCM cipher support", test_aes_gcm, "yes", "no",
- "dunno"},
- {"for AES-CBC cipher support", test_aes, "yes", "no",
- "dunno"},
- {"for CAMELLIA cipher support", test_camellia, "yes", "no",
- "dunno"},
- {"for 3DES-CBC cipher support", test_3des, "yes", "no", "dunno"},
- {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"},
- {"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
- {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
- {"for SHA256 MAC support", test_sha256, "yes", "no", "dunno"},
+ {"for ephemeral Diffie-Hellman support", test_dhe, "yes", "no",
+ "dunno"},
+ {"ephemeral Diffie-Hellman group info", test_dhe_group, "", "N/A",
+ "N/A"},
+ {"for ephemeral EC Diffie-Hellman support", test_ecdhe, "yes",
+ "no",
+ "dunno"},
+ {"ephemeral EC Diffie-Hellman group info", test_ecdhe_curve, "",
+ "N/A",
+ "N/A"},
+ {"for AES-GCM cipher support", test_aes_gcm, "yes", "no",
+ "dunno"},
+ {"for AES-CBC cipher support", test_aes, "yes", "no",
+ "dunno"},
+ {"for CAMELLIA cipher support", test_camellia, "yes", "no",
+ "dunno"},
+ {"for 3DES-CBC cipher support", test_3des, "yes", "no", "dunno"},
+ {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no",
+ "dunno"},
+ {"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
+ {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
+ {"for SHA256 MAC support", test_sha256, "yes", "no", "dunno"},
#ifdef HAVE_LIBZ
- {"for ZLIB compression support", test_zlib, "yes",
- "no", "dunno"},
+ {"for ZLIB compression support", test_zlib, "yes",
+ "no", "dunno"},
#endif
- {"for max record size", test_max_record_size, "yes",
- "no", "dunno"},
- {"for OpenPGP authentication support", test_openpgp1,
- "yes", "no", "dunno"},
- {NULL, NULL, NULL, NULL, NULL}
+ {"for max record size", test_max_record_size, "yes",
+ "no", "dunno"},
+ {"for OpenPGP authentication support", test_openpgp1,
+ "yes", "no", "dunno"},
+ {NULL, NULL, NULL, NULL, NULL}
};
static int tt = 0;
const char *ip;
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- int err, ret;
- int sd, i;
- gnutls_session_t state;
- char buffer[MAX_BUF + 1];
- char portname[6];
- struct addrinfo hints, *res, *ptr;
+ int err, ret;
+ int sd, i;
+ gnutls_session_t state;
+ char buffer[MAX_BUF + 1];
+ char portname[6];
+ struct addrinfo hints, *res, *ptr;
- cmd_parser(argc, argv);
+ cmd_parser(argc, argv);
#ifndef _WIN32
- signal (SIGPIPE, SIG_IGN);
+ signal(SIGPIPE, SIG_IGN);
#endif
- sockets_init ();
-
- if (gnutls_global_init () < 0)
- {
- fprintf (stderr, "global state initialization error\n");
- exit (1);
- }
-
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (debug);
-
- printf ("Resolving '%s'...\n", hostname);
- /* get server name */
- memset (&hints, 0, sizeof (hints));
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = 0;
- snprintf (portname, sizeof (portname), "%d", port);
- if ((err = getaddrinfo (hostname, portname, &hints, &res)) != 0)
- {
- fprintf (stderr, "Cannot resolve %s: %s\n", hostname,
- gai_strerror (err));
- exit (1);
- }
-
- /* X509 stuff */
- if (gnutls_certificate_allocate_credentials (&xcred) < 0)
- { /* space for 2 certificates */
- fprintf (stderr, "memory error\n");
- exit (1);
- }
-
- /* SRP stuff */
+ sockets_init();
+
+ if (gnutls_global_init() < 0) {
+ fprintf(stderr, "global state initialization error\n");
+ exit(1);
+ }
+
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(debug);
+
+ printf("Resolving '%s'...\n", hostname);
+ /* get server name */
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = 0;
+ snprintf(portname, sizeof(portname), "%d", port);
+ if ((err = getaddrinfo(hostname, portname, &hints, &res)) != 0) {
+ fprintf(stderr, "Cannot resolve %s: %s\n", hostname,
+ gai_strerror(err));
+ exit(1);
+ }
+
+ /* X509 stuff */
+ if (gnutls_certificate_allocate_credentials(&xcred) < 0) { /* space for 2 certificates */
+ fprintf(stderr, "memory error\n");
+ exit(1);
+ }
+
+ /* SRP stuff */
#ifdef ENABLE_SRP
- if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
- {
- fprintf (stderr, "memory error\n");
- exit (1);
- }
+ if (gnutls_srp_allocate_client_credentials(&srp_cred) < 0) {
+ fprintf(stderr, "memory error\n");
+ exit(1);
+ }
#endif
#ifdef ENABLE_ANON
- /* ANON stuff */
- if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
- {
- fprintf (stderr, "memory error\n");
- exit (1);
- }
+ /* ANON stuff */
+ if (gnutls_anon_allocate_client_credentials(&anon_cred) < 0) {
+ fprintf(stderr, "memory error\n");
+ exit(1);
+ }
#endif
- i = 0;
-
- do
- {
-
- if (tls_tests[i].test_name == NULL)
- break; /* finished */
-
- /* if neither of SSL3 and TLSv1 are supported, exit
- */
- if (i > 6 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
- {
- fprintf (stderr,
- "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
- break;
- }
-
- sd = -1;
- for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
- {
- sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
- if (sd == -1)
- {
- continue;
- }
-
- getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
- NULL, 0, NI_NUMERICHOST);
- if (tt == 0)
- {
- printf ("Connecting to '%s:%d'...\n", buffer, port);
- tt = 1;
- }
- if ((err = connect (sd, ptr->ai_addr, ptr->ai_addrlen)) != 0)
- {
- close (sd);
- sd = -1;
- continue;
- }
- else
- break;
- }
- ERR (err, "connect");
-
- gnutls_init (&state, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS);
-
- gnutls_transport_set_ptr (state, (gnutls_transport_ptr_t)
- gl_fd_to_handle (sd));
- if (hostname && !isdigit(hostname[0]) && strchr(hostname, ':') == 0)
- gnutls_server_name_set (state, GNUTLS_NAME_DNS, hostname,
- strlen (hostname));
-
- do
- {
- printf ("Checking %s...", tls_tests[i].test_name);
- fflush(stdout);
-
- ret = tls_tests[i].func (state);
-
- if (ret == TEST_SUCCEED)
- printf (" %s\n", tls_tests[i].suc_str);
- else if (ret == TEST_FAILED)
- printf (" %s\n", tls_tests[i].fail_str);
- else if (ret == TEST_UNSURE)
- printf (" %s\n", tls_tests[i].unsure_str);
- else if (ret == TEST_IGNORE)
- {
- printf (" N/A\n");
- i++;
- }
- }
- while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL);
-
- gnutls_deinit (state);
-
- shutdown (sd, SHUT_RDWR); /* no more receptions */
- close (sd);
-
- i++;
- }
- while (1);
-
- freeaddrinfo (res);
+ i = 0;
+
+ do {
+
+ if (tls_tests[i].test_name == NULL)
+ break; /* finished */
+
+ /* if neither of SSL3 and TLSv1 are supported, exit
+ */
+ if (i > 6 && tls1_1_ok == 0 && tls1_ok == 0
+ && ssl3_ok == 0) {
+ fprintf(stderr,
+ "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
+ break;
+ }
+
+ sd = -1;
+ for (ptr = res; ptr != NULL; ptr = ptr->ai_next) {
+ sd = socket(ptr->ai_family, ptr->ai_socktype,
+ ptr->ai_protocol);
+ if (sd == -1) {
+ continue;
+ }
+
+ getnameinfo(ptr->ai_addr, ptr->ai_addrlen, buffer,
+ MAX_BUF, NULL, 0, NI_NUMERICHOST);
+ if (tt == 0) {
+ printf("Connecting to '%s:%d'...\n",
+ buffer, port);
+ tt = 1;
+ }
+ if ((err =
+ connect(sd, ptr->ai_addr,
+ ptr->ai_addrlen)) != 0) {
+ close(sd);
+ sd = -1;
+ continue;
+ } else
+ break;
+ }
+ ERR(err, "connect");
+
+ gnutls_init(&state, GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS);
+
+ gnutls_transport_set_ptr(state, (gnutls_transport_ptr_t)
+ gl_fd_to_handle(sd));
+ if (hostname && !isdigit(hostname[0])
+ && strchr(hostname, ':') == 0)
+ gnutls_server_name_set(state, GNUTLS_NAME_DNS,
+ hostname, strlen(hostname));
+
+ do {
+ printf("Checking %s...", tls_tests[i].test_name);
+ fflush(stdout);
+
+ ret = tls_tests[i].func(state);
+
+ if (ret == TEST_SUCCEED)
+ printf(" %s\n", tls_tests[i].suc_str);
+ else if (ret == TEST_FAILED)
+ printf(" %s\n", tls_tests[i].fail_str);
+ else if (ret == TEST_UNSURE)
+ printf(" %s\n", tls_tests[i].unsure_str);
+ else if (ret == TEST_IGNORE) {
+ printf(" N/A\n");
+ i++;
+ }
+ }
+ while (ret == TEST_IGNORE
+ && tls_tests[i].test_name != NULL);
+
+ gnutls_deinit(state);
+
+ shutdown(sd, SHUT_RDWR); /* no more receptions */
+ close(sd);
+
+ i++;
+ }
+ while (1);
+
+ freeaddrinfo(res);
#ifdef ENABLE_SRP
- gnutls_srp_free_client_credentials (srp_cred);
+ gnutls_srp_free_client_credentials(srp_cred);
#endif
- gnutls_certificate_free_credentials (xcred);
+ gnutls_certificate_free_credentials(xcred);
#ifdef ENABLE_ANON
- gnutls_anon_free_client_credentials (anon_cred);
+ gnutls_anon_free_client_credentials(anon_cred);
#endif
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
-static void cmd_parser (int argc, char **argv)
+static void cmd_parser(int argc, char **argv)
{
- const char* rest = NULL;
- int optct = optionProcess( &gnutls_cli_debugOptions, argc, argv);
- argc -= optct;
- argv += optct;
-
- if (rest == NULL && argc > 0)
- rest = argv[0];
-
- if (HAVE_OPT(PORT))
- port = OPT_VALUE_PORT;
- else
- port = 443;
-
- if (rest == NULL)
- hostname = "localhost";
- else
- hostname = rest;
-
- if (HAVE_OPT(DEBUG))
- debug = OPT_VALUE_DEBUG;
-
- if (HAVE_OPT(VERBOSE))
- verbose++;
+ const char *rest = NULL;
+ int optct = optionProcess(&gnutls_cli_debugOptions, argc, argv);
+ argc -= optct;
+ argv += optct;
-}
+ if (rest == NULL && argc > 0)
+ rest = argv[0];
+
+ if (HAVE_OPT(PORT))
+ port = OPT_VALUE_PORT;
+ else
+ port = 443;
+
+ if (rest == NULL)
+ hostname = "localhost";
+ else
+ hostname = rest;
+ if (HAVE_OPT(DEBUG))
+ debug = OPT_VALUE_DEBUG;
+
+ if (HAVE_OPT(VERBOSE))
+ verbose++;
+
+}
diff --git a/src/cli.c b/src/cli.c
index 3d5c1f6e8a..cb30e5b337 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -27,9 +27,9 @@
#include <sys/time.h>
#include <sys/stat.h>
#if HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#include <sys/socket.h>
#elif HAVE_WS2TCPIP_H
-# include <ws2tcpip.h>
+#include <ws2tcpip.h>
#endif
#include <sys/select.h>
#include <unistd.h>
@@ -68,7 +68,8 @@
#define MAX_BUF 4096
/* global stuff here */
-int resume, starttls, insecure, ranges, rehandshake, udp, mtu, inline_commands;
+int resume, starttls, insecure, ranges, rehandshake, udp, mtu,
+ inline_commands;
const char *hostname = NULL;
const char *service = NULL;
int record_max_size;
@@ -90,8 +91,8 @@ static int x509ctype;
static int disable_extensions;
static int disable_sni;
static unsigned int init_flags = GNUTLS_CLIENT;
-static const char * priorities = NULL;
-static const char * inline_commands_prefix;
+static const char *priorities = NULL;
+static const char *inline_commands_prefix;
const char *psk_username = NULL;
gnutls_datum_t psk_key = { NULL, 0 };
@@ -105,10 +106,10 @@ static gnutls_certificate_credentials_t xcred;
/* prototypes */
-static void check_rehandshake (socket_st * socket, int ret);
-static int do_handshake (socket_st * socket);
-static void init_global_tls_stuff (void);
-static int cert_verify_ocsp (gnutls_session_t session);
+static void check_rehandshake(socket_st * socket, int ret);
+static int do_handshake(socket_st * socket);
+static void init_global_tls_stuff(void);
+static int cert_verify_ocsp(gnutls_session_t session);
#define MAX_CRT 6
static unsigned int x509_crt_size;
@@ -118,427 +119,435 @@ static gnutls_privkey_t x509_key = NULL;
static gnutls_pcert_st pgp_crt;
static gnutls_privkey_t pgp_key = NULL;
-static void
-get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
+static void get_keyid(gnutls_openpgp_keyid_t keyid, const char *str)
{
- size_t keyid_size = sizeof (keyid);
-
- if (strlen (str) != 16)
- {
- fprintf (stderr,
- "The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
- exit (1);
- }
-
- if (gnutls_hex2bin (str, strlen (str), keyid, &keyid_size) < 0)
- {
- fprintf (stderr, "Error converting hex string: %s.\n", str);
- exit (1);
- }
-
- return;
+ size_t keyid_size = sizeof(keyid);
+
+ if (strlen(str) != 16) {
+ fprintf(stderr,
+ "The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
+ exit(1);
+ }
+
+ if (gnutls_hex2bin(str, strlen(str), keyid, &keyid_size) < 0) {
+ fprintf(stderr, "Error converting hex string: %s.\n", str);
+ exit(1);
+ }
+
+ return;
}
/* Load the certificate and the private key.
*/
-static void
-load_keys (void)
+static void load_keys(void)
{
- unsigned int crt_num;
- int ret;
- unsigned int i;
- gnutls_datum_t data = { NULL, 0 };
- gnutls_x509_crt_t crt_list[MAX_CRT];
- unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (x509_certfile != NULL && x509_keyfile != NULL)
- {
+ unsigned int crt_num;
+ int ret;
+ unsigned int i;
+ gnutls_datum_t data = { NULL, 0 };
+ gnutls_x509_crt_t crt_list[MAX_CRT];
+ unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (x509_certfile != NULL && x509_keyfile != NULL) {
#ifdef ENABLE_PKCS11
- if (strncmp (x509_certfile, "pkcs11:", 7) == 0)
- {
- crt_num = 1;
- gnutls_x509_crt_init (&crt_list[0]);
- gnutls_x509_crt_set_pin_function(crt_list[0], pin_callback, NULL);
-
- ret =
- gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile, 0);
-
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- ret =
- gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile,
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading cert file.\n");
- exit (1);
- }
- x509_crt_size = 1;
- }
- else
-#endif /* ENABLE_PKCS11 */
- {
-
- ret = gnutls_load_file (x509_certfile, &data);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading cert file.\n");
- exit (1);
- }
-
- crt_num = MAX_CRT;
- ret =
- gnutls_x509_crt_list_import (crt_list, &crt_num, &data,
- x509ctype,
- GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fprintf (stderr,
- "*** Error loading cert file: Too many certs %d\n",
- crt_num);
-
- }
- else
- {
- fprintf (stderr,
- "*** Error loading cert file: %s\n",
- gnutls_strerror (ret));
- }
- exit (1);
- }
- x509_crt_size = ret;
- }
-
- for (i=0;i<x509_crt_size;i++)
- {
- ret = gnutls_pcert_import_x509(&x509_crt[i], crt_list[i], 0);
- if (ret < 0)
- {
- fprintf(stderr, "*** Error importing crt to pcert: %s\n",
- gnutls_strerror(ret));
- exit(1);
- }
- gnutls_x509_crt_deinit(crt_list[i]);
- }
-
- gnutls_free (data.data);
-
- ret = gnutls_privkey_init(&x509_key);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error initializing key: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_privkey_set_pin_function(x509_key, pin_callback, NULL);
-
- if (gnutls_url_is_supported(x509_keyfile) != 0)
- {
- ret =
- gnutls_privkey_import_url (x509_key, x509_keyfile, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- ret = gnutls_load_file (x509_keyfile, &data);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading key file.\n");
- exit (1);
- }
-
- ret = gnutls_privkey_import_x509_raw( x509_key, &data, x509ctype, NULL, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_free(data.data);
- }
-
- fprintf (stdout, "Processed %d client X.509 certificates...\n",
- x509_crt_size);
- }
-
+ if (strncmp(x509_certfile, "pkcs11:", 7) == 0) {
+ crt_num = 1;
+ gnutls_x509_crt_init(&crt_list[0]);
+ gnutls_x509_crt_set_pin_function(crt_list[0],
+ pin_callback,
+ NULL);
+
+ ret =
+ gnutls_x509_crt_import_pkcs11_url(crt_list[0],
+ x509_certfile,
+ 0);
+
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ ret =
+ gnutls_x509_crt_import_pkcs11_url
+ (crt_list[0], x509_certfile,
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
+
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading cert file.\n");
+ exit(1);
+ }
+ x509_crt_size = 1;
+ } else
+#endif /* ENABLE_PKCS11 */
+ {
+
+ ret = gnutls_load_file(x509_certfile, &data);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading cert file.\n");
+ exit(1);
+ }
+
+ crt_num = MAX_CRT;
+ ret =
+ gnutls_x509_crt_list_import(crt_list, &crt_num,
+ &data, x509ctype,
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ fprintf(stderr,
+ "*** Error loading cert file: Too many certs %d\n",
+ crt_num);
+
+ } else {
+ fprintf(stderr,
+ "*** Error loading cert file: %s\n",
+ gnutls_strerror(ret));
+ }
+ exit(1);
+ }
+ x509_crt_size = ret;
+ }
+
+ for (i = 0; i < x509_crt_size; i++) {
+ ret =
+ gnutls_pcert_import_x509(&x509_crt[i],
+ crt_list[i], 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error importing crt to pcert: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ gnutls_x509_crt_deinit(crt_list[i]);
+ }
+
+ gnutls_free(data.data);
+
+ ret = gnutls_privkey_init(&x509_key);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error initializing key: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_privkey_set_pin_function(x509_key, pin_callback,
+ NULL);
+
+ if (gnutls_url_is_supported(x509_keyfile) != 0) {
+ ret =
+ gnutls_privkey_import_url(x509_key,
+ x509_keyfile, 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading url: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ ret = gnutls_load_file(x509_keyfile, &data);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading key file.\n");
+ exit(1);
+ }
+
+ ret =
+ gnutls_privkey_import_x509_raw(x509_key, &data,
+ x509ctype, NULL,
+ 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading url: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(data.data);
+ }
+
+ fprintf(stdout,
+ "Processed %d client X.509 certificates...\n",
+ x509_crt_size);
+ }
#ifdef ENABLE_OPENPGP
- if (HAVE_OPT(PGPSUBKEY))
- {
- get_keyid (keyid, OPT_ARG(PGPSUBKEY));
- }
-
- if (pgp_certfile != NULL && pgp_keyfile != NULL)
- {
- gnutls_openpgp_crt_t tmp_pgp_crt;
-
- ret = gnutls_load_file (pgp_certfile, &data);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading PGP cert file.\n");
- exit (1);
- }
-
- gnutls_openpgp_crt_init (&tmp_pgp_crt);
-
- ret =
- gnutls_pcert_import_openpgp_raw (&pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64, HAVE_OPT(PGPSUBKEY)?keyid:NULL, 0);
- if (ret < 0)
- {
- fprintf (stderr,
- "*** Error loading PGP cert file: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_free (data.data);
-
- ret = gnutls_privkey_init(&pgp_key);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error initializing key: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_privkey_set_pin_function(pgp_key, pin_callback, NULL);
-
- if (gnutls_url_is_supported (pgp_keyfile))
- {
- ret = gnutls_privkey_import_url( pgp_key, pgp_keyfile, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
- }
- else
- {
- ret = gnutls_load_file (pgp_keyfile, &data);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading key file.\n");
- exit (1);
- }
-
- if (HAVE_OPT(PGPSUBKEY))
- ret = gnutls_privkey_import_openpgp_raw( pgp_key, &data, x509ctype, keyid, NULL);
- else
- ret = gnutls_privkey_import_openpgp_raw( pgp_key, &data, x509ctype, NULL, NULL);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_free(data.data);
- }
-
-
- fprintf (stdout, "Processed 1 client PGP certificate...\n");
- }
+ if (HAVE_OPT(PGPSUBKEY)) {
+ get_keyid(keyid, OPT_ARG(PGPSUBKEY));
+ }
+
+ if (pgp_certfile != NULL && pgp_keyfile != NULL) {
+ gnutls_openpgp_crt_t tmp_pgp_crt;
+
+ ret = gnutls_load_file(pgp_certfile, &data);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading PGP cert file.\n");
+ exit(1);
+ }
+
+ gnutls_openpgp_crt_init(&tmp_pgp_crt);
+
+ ret =
+ gnutls_pcert_import_openpgp_raw(&pgp_crt, &data,
+ GNUTLS_OPENPGP_FMT_BASE64,
+ HAVE_OPT(PGPSUBKEY) ?
+ keyid : NULL, 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading PGP cert file: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(data.data);
+
+ ret = gnutls_privkey_init(&pgp_key);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error initializing key: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_privkey_set_pin_function(pgp_key, pin_callback,
+ NULL);
+
+ if (gnutls_url_is_supported(pgp_keyfile)) {
+ ret =
+ gnutls_privkey_import_url(pgp_key, pgp_keyfile,
+ 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading url: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ ret = gnutls_load_file(pgp_keyfile, &data);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading key file.\n");
+ exit(1);
+ }
+
+ if (HAVE_OPT(PGPSUBKEY))
+ ret =
+ gnutls_privkey_import_openpgp_raw
+ (pgp_key, &data, x509ctype, keyid,
+ NULL);
+ else
+ ret =
+ gnutls_privkey_import_openpgp_raw
+ (pgp_key, &data, x509ctype, NULL,
+ NULL);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Error loading url: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(data.data);
+ }
+
+
+ fprintf(stdout, "Processed 1 client PGP certificate...\n");
+ }
#endif
}
#define IS_NEWLINE(x) ((x[0] == '\n') || (x[0] == '\r'))
-static int
-read_yesno (const char *input_str)
+static int read_yesno(const char *input_str)
{
- char input[128];
+ char input[128];
- fputs (input_str, stderr);
- if (fgets (input, sizeof (input), stdin) == NULL)
- return 0;
+ fputs(input_str, stderr);
+ if (fgets(input, sizeof(input), stdin) == NULL)
+ return 0;
- if (IS_NEWLINE(input))
- return 0;
+ if (IS_NEWLINE(input))
+ return 0;
- if (input[0] == 'y' || input[0] == 'Y')
- return 1;
+ if (input[0] == 'y' || input[0] == 'Y')
+ return 1;
- return 0;
+ return 0;
}
/* converts a textual service or port to
* a service.
*/
-static const char* port_to_service(const char* sport)
+static const char *port_to_service(const char *sport)
{
-unsigned int port;
-struct servent * sr;
-
- port = atoi(sport);
- if (port == 0) return sport;
-
- port = htons(port);
-
- sr = getservbyport(port, udp?"udp":"tcp");
- if (sr == NULL)
- {
- fprintf(stderr, "Warning: getservbyport() failed. Using port number as service.\n");
- return sport;
- }
-
- return sr->s_name;
+ unsigned int port;
+ struct servent *sr;
+
+ port = atoi(sport);
+ if (port == 0)
+ return sport;
+
+ port = htons(port);
+
+ sr = getservbyport(port, udp ? "udp" : "tcp");
+ if (sr == NULL) {
+ fprintf(stderr,
+ "Warning: getservbyport() failed. Using port number as service.\n");
+ return sport;
+ }
+
+ return sr->s_name;
}
-static int service_to_port(const char* service)
+static int service_to_port(const char *service)
{
-unsigned int port;
-struct servent * sr;
-
- port = atoi(service);
- if (port != 0) return port;
-
- sr = getservbyname(service, udp?"udp":"tcp");
- if (sr == NULL)
- {
- fprintf(stderr, "Warning: getservbyname() failed.\n");
- exit(1);
- }
-
- return ntohs(sr->s_port);
+ unsigned int port;
+ struct servent *sr;
+
+ port = atoi(service);
+ if (port != 0)
+ return port;
+
+ sr = getservbyname(service, udp ? "udp" : "tcp");
+ if (sr == NULL) {
+ fprintf(stderr, "Warning: getservbyname() failed.\n");
+ exit(1);
+ }
+
+ return ntohs(sr->s_port);
}
-static int
-cert_verify_callback (gnutls_session_t session)
+static int cert_verify_callback(gnutls_session_t session)
{
- int rc;
- unsigned int status = 0;
- int ssh = ENABLED_OPT(TOFU);
+ int rc;
+ unsigned int status = 0;
+ int ssh = ENABLED_OPT(TOFU);
#ifdef HAVE_DANE
- int dane = ENABLED_OPT(DANE);
+ int dane = ENABLED_OPT(DANE);
#endif
- int ca_verify = ENABLED_OPT(CA_VERIFICATION);
- const char* txt_service;
-
- print_cert_info (session, verbose, print_cert);
-
- if (ca_verify)
- {
- rc = cert_verify(session, hostname);
- if (rc == 0)
- {
- printf ("*** Verifying server certificate failed...\n");
- if (!insecure && !ssh)
- return -1;
- }
- else if (ENABLED_OPT(OCSP) && gnutls_ocsp_status_request_is_checked(session, 0) == 0)
- { /* off-line verification succeeded. Try OCSP */
- rc = cert_verify_ocsp(session);
- if (rc == 0)
- {
- printf ("*** Verifying (with OCSP) server certificate failed...\n");
- if (!insecure && !ssh)
- return -1;
- }
- else if (rc == -1)
- printf("*** OCSP response ignored\n");
- }
- }
-
- if (ssh) /* try ssh auth */
- {
- unsigned int list_size;
- const gnutls_datum_t * cert;
-
- cert = gnutls_certificate_get_peers(session, &list_size);
- if (cert == NULL)
- {
- fprintf(stderr, "Cannot obtain peer's certificate!\n");
- return -1;
- }
-
- txt_service = port_to_service(service);
-
- rc = gnutls_verify_stored_pubkey(NULL, NULL, hostname, txt_service,
- GNUTLS_CRT_X509, cert, 0);
- if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- print_cert_info_compact(session);
- fprintf(stderr, "Host %s (%s) has never been contacted before.\n", hostname, txt_service);
- if (status == 0)
- fprintf(stderr, "Its certificate is valid for %s.\n", hostname);
-
- rc = read_yesno("Are you sure you want to trust it? (y/N): ");
- if (rc == 0)
- return -1;
- }
- else if (rc == GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- {
- print_cert_info_compact(session);
- fprintf(stderr, "Warning: host %s is known and it is associated with a different key.\n", hostname);
- fprintf(stderr, "It might be that the server has multiple keys, or an attacker replaced the key to eavesdrop this connection .\n");
- if (status == 0)
- fprintf(stderr, "Its certificate is valid for %s.\n", hostname);
-
- rc = read_yesno("Do you trust the received key? (y/N): ");
- if (rc == 0)
- return -1;
- }
- else if (rc < 0)
- {
- fprintf(stderr, "gnutls_verify_stored_pubkey: %s\n", gnutls_strerror(rc));
- return -1;
- }
-
- if (rc != 0)
- {
- rc = gnutls_store_pubkey(NULL, NULL, hostname, txt_service,
- GNUTLS_CRT_X509, cert, 0, 0);
- if (rc < 0)
- fprintf(stderr, "Could not store key: %s\n", gnutls_strerror(rc));
- }
- }
-
+ int ca_verify = ENABLED_OPT(CA_VERIFICATION);
+ const char *txt_service;
+
+ print_cert_info(session, verbose, print_cert);
+
+ if (ca_verify) {
+ rc = cert_verify(session, hostname);
+ if (rc == 0) {
+ printf
+ ("*** Verifying server certificate failed...\n");
+ if (!insecure && !ssh)
+ return -1;
+ } else if (ENABLED_OPT(OCSP) && gnutls_ocsp_status_request_is_checked(session, 0) == 0) { /* off-line verification succeeded. Try OCSP */
+ rc = cert_verify_ocsp(session);
+ if (rc == 0) {
+ printf
+ ("*** Verifying (with OCSP) server certificate failed...\n");
+ if (!insecure && !ssh)
+ return -1;
+ } else if (rc == -1)
+ printf("*** OCSP response ignored\n");
+ }
+ }
+
+ if (ssh) { /* try ssh auth */
+ unsigned int list_size;
+ const gnutls_datum_t *cert;
+
+ cert = gnutls_certificate_get_peers(session, &list_size);
+ if (cert == NULL) {
+ fprintf(stderr,
+ "Cannot obtain peer's certificate!\n");
+ return -1;
+ }
+
+ txt_service = port_to_service(service);
+
+ rc = gnutls_verify_stored_pubkey(NULL, NULL, hostname,
+ txt_service,
+ GNUTLS_CRT_X509, cert, 0);
+ if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ print_cert_info_compact(session);
+ fprintf(stderr,
+ "Host %s (%s) has never been contacted before.\n",
+ hostname, txt_service);
+ if (status == 0)
+ fprintf(stderr,
+ "Its certificate is valid for %s.\n",
+ hostname);
+
+ rc = read_yesno
+ ("Are you sure you want to trust it? (y/N): ");
+ if (rc == 0)
+ return -1;
+ } else if (rc == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
+ print_cert_info_compact(session);
+ fprintf(stderr,
+ "Warning: host %s is known and it is associated with a different key.\n",
+ hostname);
+ fprintf(stderr,
+ "It might be that the server has multiple keys, or an attacker replaced the key to eavesdrop this connection .\n");
+ if (status == 0)
+ fprintf(stderr,
+ "Its certificate is valid for %s.\n",
+ hostname);
+
+ rc = read_yesno
+ ("Do you trust the received key? (y/N): ");
+ if (rc == 0)
+ return -1;
+ } else if (rc < 0) {
+ fprintf(stderr,
+ "gnutls_verify_stored_pubkey: %s\n",
+ gnutls_strerror(rc));
+ return -1;
+ }
+
+ if (rc != 0) {
+ rc = gnutls_store_pubkey(NULL, NULL, hostname,
+ txt_service,
+ GNUTLS_CRT_X509, cert, 0,
+ 0);
+ if (rc < 0)
+ fprintf(stderr,
+ "Could not store key: %s\n",
+ gnutls_strerror(rc));
+ }
+ }
#ifdef HAVE_DANE
- if (dane) /* try DANE auth */
- {
- int port;
- unsigned int sflags = ENABLED_OPT(LOCAL_DNS)?0:DANE_F_IGNORE_LOCAL_RESOLVER;
-
- port = service_to_port(service);
- rc = dane_verify_session_crt( NULL, session, hostname, udp?"udp":"tcp", port,
- sflags, 0, &status);
- if (rc < 0)
- {
- fprintf(stderr, "*** DANE verification error: %s\n", dane_strerror(rc));
- if (!insecure)
- return -1;
- }
- else
- {
- gnutls_datum_t out;
-
- rc = dane_verification_status_print( status, &out, 0);
- if (rc < 0)
- {
- fprintf(stderr, "*** DANE error: %s\n", dane_strerror(rc));
- if (!insecure)
- return -1;
- }
-
- fprintf(stderr, "- DANE: %s\n", out.data);
- gnutls_free(out.data);
- }
-
- }
+ if (dane) { /* try DANE auth */
+ int port;
+ unsigned int sflags =
+ ENABLED_OPT(LOCAL_DNS) ? 0 :
+ DANE_F_IGNORE_LOCAL_RESOLVER;
+
+ port = service_to_port(service);
+ rc = dane_verify_session_crt(NULL, session, hostname,
+ udp ? "udp" : "tcp", port,
+ sflags, 0, &status);
+ if (rc < 0) {
+ fprintf(stderr,
+ "*** DANE verification error: %s\n",
+ dane_strerror(rc));
+ if (!insecure)
+ return -1;
+ } else {
+ gnutls_datum_t out;
+
+ rc = dane_verification_status_print(status, &out,
+ 0);
+ if (rc < 0) {
+ fprintf(stderr, "*** DANE error: %s\n",
+ dane_strerror(rc));
+ if (!insecure)
+ return -1;
+ }
+
+ fprintf(stderr, "- DANE: %s\n", out.data);
+ gnutls_free(out.data);
+ }
+
+ }
#endif
- return 0;
+ return 0;
}
/* This callback should be associated with a session by calling
@@ -547,242 +556,233 @@ cert_verify_callback (gnutls_session_t session)
*/
static int
-cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_pcert_st **pcert,
- unsigned int *pcert_length, gnutls_privkey_t * pkey)
+cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_pcert_st ** pcert,
+ unsigned int *pcert_length, gnutls_privkey_t * pkey)
{
- char issuer_dn[256];
- int i, ret, cert_type;
- size_t len;
-
- if (verbose)
- {
- /* Print the server's trusted CAs
- */
- if (nreqs > 0)
- printf ("- Server's trusted authorities:\n");
- else
- printf ("- Server did not send us any trusted authorities names.\n");
-
- /* print the names (if any) */
- for (i = 0; i < nreqs; i++)
- {
- len = sizeof (issuer_dn);
- ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
- if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
- }
- }
- }
-
- /* Select a certificate and return it.
- * The certificate must be of any of the "sign algorithms"
- * supported by the server.
- */
-
- cert_type = gnutls_certificate_type_get (session);
-
- *pcert_length = 0;
-
- if (cert_type == GNUTLS_CRT_X509)
- {
- if (x509_crt_size > 0)
- {
- if (x509_key != NULL)
- {
- *pkey = x509_key;
- }
- else
- {
- printf ("- Could not find a suitable key to send to server\n");
- return -1;
- }
-
- *pcert_length = x509_crt_size;
- *pcert = x509_crt;
- }
-
- }
- else if (cert_type == GNUTLS_CRT_OPENPGP)
- {
- if (pgp_key != NULL)
- {
- *pkey = pgp_key;
-
- *pcert_length = 1;
- *pcert = &pgp_crt;
- }
- }
-
- printf ("- Successfully sent %u certificate(s) to server.\n", *pcert_length);
- return 0;
+ char issuer_dn[256];
+ int i, ret, cert_type;
+ size_t len;
+
+ if (verbose) {
+ /* Print the server's trusted CAs
+ */
+ if (nreqs > 0)
+ printf("- Server's trusted authorities:\n");
+ else
+ printf
+ ("- Server did not send us any trusted authorities names.\n");
+
+ /* print the names (if any) */
+ for (i = 0; i < nreqs; i++) {
+ len = sizeof(issuer_dn);
+ ret =
+ gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn,
+ &len);
+ if (ret >= 0) {
+ printf(" [%d]: ", i);
+ printf("%s\n", issuer_dn);
+ }
+ }
+ }
+
+ /* Select a certificate and return it.
+ * The certificate must be of any of the "sign algorithms"
+ * supported by the server.
+ */
+
+ cert_type = gnutls_certificate_type_get(session);
+
+ *pcert_length = 0;
+
+ if (cert_type == GNUTLS_CRT_X509) {
+ if (x509_crt_size > 0) {
+ if (x509_key != NULL) {
+ *pkey = x509_key;
+ } else {
+ printf
+ ("- Could not find a suitable key to send to server\n");
+ return -1;
+ }
+
+ *pcert_length = x509_crt_size;
+ *pcert = x509_crt;
+ }
+
+ } else if (cert_type == GNUTLS_CRT_OPENPGP) {
+ if (pgp_key != NULL) {
+ *pkey = pgp_key;
+
+ *pcert_length = 1;
+ *pcert = &pgp_crt;
+ }
+ }
+
+ printf("- Successfully sent %u certificate(s) to server.\n",
+ *pcert_length);
+ return 0;
}
/* initializes a gnutls_session_t with some defaults.
*/
-static gnutls_session_t
-init_tls_session (const char *hostname)
+static gnutls_session_t init_tls_session(const char *hostname)
{
- const char *err;
- int ret;
- unsigned i;
- gnutls_session_t session;
-
- if (priorities == NULL)
- priorities = "NORMAL";
-
- if (udp)
- {
- gnutls_init (&session, GNUTLS_DATAGRAM|init_flags);
- if (mtu)
- gnutls_dtls_set_mtu(session, mtu);
- }
- else
- gnutls_init (&session, init_flags);
-
- if ((ret = gnutls_priority_set_direct (session, priorities, &err)) < 0)
- {
- if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at: %s\n", err);
- else
- fprintf(stderr, "Error in priorities: %s\n", gnutls_strerror(ret));
- exit (1);
- }
-
- /* allow the use of private ciphersuites.
- */
- if (disable_extensions == 0 && disable_sni == 0)
- {
- if (!isdigit(hostname[0]) && strchr(hostname, ':') == 0)
- gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
- strlen (hostname));
- }
-
- if (HAVE_OPT(DH_BITS))
- gnutls_dh_set_prime_bits( session, OPT_VALUE_DH_BITS);
-
- if (HAVE_OPT(ALPN))
- {
- unsigned proto_n = STACKCT_OPT(ALPN);
- char** protos = (void*)STACKLST_OPT(ALPN);
- gnutls_datum_t p[proto_n];
-
- for (i=0;i<proto_n;i++)
- {
- p[i].data = (void*)protos[i];
- p[i].size = strlen(protos[i]);
- }
- gnutls_alpn_set_protocols( session, p, proto_n, 0);
- }
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
- if (srp_cred)
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
- if (psk_cred)
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- gnutls_certificate_set_retrieve_function2 (xcred, cert_callback);
- gnutls_certificate_set_verify_function (xcred, cert_verify_callback);
-
- /* send the fingerprint */
+ const char *err;
+ int ret;
+ unsigned i;
+ gnutls_session_t session;
+
+ if (priorities == NULL)
+ priorities = "NORMAL";
+
+ if (udp) {
+ gnutls_init(&session, GNUTLS_DATAGRAM | init_flags);
+ if (mtu)
+ gnutls_dtls_set_mtu(session, mtu);
+ } else
+ gnutls_init(&session, init_flags);
+
+ if ((ret =
+ gnutls_priority_set_direct(session, priorities, &err)) < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ else
+ fprintf(stderr, "Error in priorities: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* allow the use of private ciphersuites.
+ */
+ if (disable_extensions == 0 && disable_sni == 0) {
+ if (!isdigit(hostname[0]) && strchr(hostname, ':') == 0)
+ gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+ hostname, strlen(hostname));
+ }
+
+ if (HAVE_OPT(DH_BITS))
+ gnutls_dh_set_prime_bits(session, OPT_VALUE_DH_BITS);
+
+ if (HAVE_OPT(ALPN)) {
+ unsigned proto_n = STACKCT_OPT(ALPN);
+ char **protos = (void *) STACKLST_OPT(ALPN);
+ gnutls_datum_t p[proto_n];
+
+ for (i = 0; i < proto_n; i++) {
+ p[i].data = (void *) protos[i];
+ p[i].size = strlen(protos[i]);
+ }
+ gnutls_alpn_set_protocols(session, p, proto_n, 0);
+ }
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
+ if (srp_cred)
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred);
+ if (psk_cred)
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, psk_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ gnutls_certificate_set_retrieve_function2(xcred, cert_callback);
+ gnutls_certificate_set_verify_function(xcred,
+ cert_verify_callback);
+
+ /* send the fingerprint */
#ifdef ENABLE_OPENPGP
- if (fingerprint != 0)
- gnutls_openpgp_send_cert (session, GNUTLS_OPENPGP_CERT_FINGERPRINT);
+ if (fingerprint != 0)
+ gnutls_openpgp_send_cert(session,
+ GNUTLS_OPENPGP_CERT_FINGERPRINT);
#endif
- /* use the max record size extension */
- if (record_max_size > 0 && disable_extensions == 0)
- {
- if (gnutls_record_set_max_size (session, record_max_size) < 0)
- {
- fprintf (stderr,
- "Cannot set the maximum record size to %d.\n",
- record_max_size);
- fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n");
- exit (1);
- }
- }
-
- if (HAVE_OPT(HEARTBEAT))
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ /* use the max record size extension */
+ if (record_max_size > 0 && disable_extensions == 0) {
+ if (gnutls_record_set_max_size(session, record_max_size) <
+ 0) {
+ fprintf(stderr,
+ "Cannot set the maximum record size to %d.\n",
+ record_max_size);
+ fprintf(stderr,
+ "Possible values: 512, 1024, 2048, 4096.\n");
+ exit(1);
+ }
+ }
+
+ if (HAVE_OPT(HEARTBEAT))
+ gnutls_heartbeat_enable(session,
+ GNUTLS_HB_PEER_ALLOWED_TO_SEND);
#ifdef ENABLE_DTLS_SRTP
- if (HAVE_OPT(SRTP_PROFILES))
- {
- ret = gnutls_srtp_set_profile_direct (session, OPT_ARG(SRTP_PROFILES), &err);
- if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at: %s\n", err);
- else
- fprintf(stderr, "Error in profiles: %s\n", gnutls_strerror(ret));
- exit (1);
- }
+ if (HAVE_OPT(SRTP_PROFILES)) {
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ OPT_ARG(SRTP_PROFILES),
+ &err);
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ else
+ fprintf(stderr, "Error in profiles: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
#endif
- return session;
+ return session;
}
-static void cmd_parser (int argc, char **argv);
+static void cmd_parser(int argc, char **argv);
/* Returns zero if the error code was successfully handled.
*/
-static int
-handle_error (socket_st * hd, int err)
+static int handle_error(socket_st * hd, int err)
{
- int alert, ret;
- const char *err_type, *str;
-
- if (err >= 0 || err == GNUTLS_E_AGAIN || err == GNUTLS_E_INTERRUPTED)
- return 0;
-
- if (gnutls_error_is_fatal (err) == 0)
- {
- ret = 0;
- err_type = "Non fatal";
- }
- else
- {
- ret = err;
- err_type = "Fatal";
- }
-
- str = gnutls_strerror (err);
- if (str == NULL)
- str = str_unknown;
- fprintf (stderr, "*** %s error: %s\n", err_type, str);
-
- if (err == GNUTLS_E_WARNING_ALERT_RECEIVED
- || err == GNUTLS_E_FATAL_ALERT_RECEIVED)
- {
- alert = gnutls_alert_get (hd->session);
- str = gnutls_alert_get_name (alert);
- if (str == NULL)
- str = str_unknown;
- printf ("*** Received alert [%d]: %s\n", alert, str);
- }
-
- check_rehandshake (hd, err);
-
- return ret;
+ int alert, ret;
+ const char *err_type, *str;
+
+ if (err >= 0 || err == GNUTLS_E_AGAIN
+ || err == GNUTLS_E_INTERRUPTED)
+ return 0;
+
+ if (gnutls_error_is_fatal(err) == 0) {
+ ret = 0;
+ err_type = "Non fatal";
+ } else {
+ ret = err;
+ err_type = "Fatal";
+ }
+
+ str = gnutls_strerror(err);
+ if (str == NULL)
+ str = str_unknown;
+ fprintf(stderr, "*** %s error: %s\n", err_type, str);
+
+ if (err == GNUTLS_E_WARNING_ALERT_RECEIVED
+ || err == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+ alert = gnutls_alert_get(hd->session);
+ str = gnutls_alert_get_name(alert);
+ if (str == NULL)
+ str = str_unknown;
+ printf("*** Received alert [%d]: %s\n", alert, str);
+ }
+
+ check_rehandshake(hd, err);
+
+ return ret;
}
int starttls_alarmed = 0;
#ifndef _WIN32
-static void
-starttls_alarm (int signum)
+static void starttls_alarm(int signum)
{
- starttls_alarmed = 1;
+ starttls_alarmed = 1;
}
#endif
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
#define IN_KEYBOARD 1
@@ -790,960 +790,906 @@ tls_log_func (int level, const char *str)
#define IN_NONE 0
/* returns IN_KEYBOARD for keyboard input and IN_NET for network input
*/
-static int check_net_or_keyboard_input(socket_st* hd)
+static int check_net_or_keyboard_input(socket_st * hd)
{
- int maxfd;
- fd_set rset;
- int err;
- struct timeval tv;
+ int maxfd;
+ fd_set rset;
+ int err;
+ struct timeval tv;
- do
- {
- FD_ZERO (&rset);
- FD_SET (hd->fd, &rset);
+ do {
+ FD_ZERO(&rset);
+ FD_SET(hd->fd, &rset);
#ifndef _WIN32
- FD_SET (fileno (stdin), &rset);
- maxfd = MAX (fileno (stdin), hd->fd);
+ FD_SET(fileno(stdin), &rset);
+ maxfd = MAX(fileno(stdin), hd->fd);
#else
- maxfd = hd->fd;
+ maxfd = hd->fd;
#endif
- tv.tv_sec = 0;
- tv.tv_usec = 50 * 1000;
+ tv.tv_sec = 0;
+ tv.tv_usec = 50 * 1000;
- if (hd->secure == 1)
- if (gnutls_record_check_pending(hd->session))
- return IN_NET;
+ if (hd->secure == 1)
+ if (gnutls_record_check_pending(hd->session))
+ return IN_NET;
- err = select (maxfd + 1, &rset, NULL, NULL, &tv);
- if (err < 0)
- continue;
+ err = select(maxfd + 1, &rset, NULL, NULL, &tv);
+ if (err < 0)
+ continue;
- if (FD_ISSET (hd->fd, &rset))
- return IN_NET;
+ if (FD_ISSET(hd->fd, &rset))
+ return IN_NET;
#ifdef _WIN32
- {
- int state;
- state = WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 200);
-
- if (state == WAIT_OBJECT_0)
- return IN_KEYBOARD;
- }
+ {
+ int state;
+ state =
+ WaitForSingleObject(GetStdHandle
+ (STD_INPUT_HANDLE), 200);
+
+ if (state == WAIT_OBJECT_0)
+ return IN_KEYBOARD;
+ }
#else
- if (FD_ISSET (fileno (stdin), &rset))
- return IN_KEYBOARD;
+ if (FD_ISSET(fileno(stdin), &rset))
+ return IN_KEYBOARD;
#endif
- }
- while(err == 0);
-
- return IN_NONE;
+ }
+ while (err == 0);
+
+ return IN_NONE;
}
-static int try_rehandshake(socket_st *hd)
+static int try_rehandshake(socket_st * hd)
{
- int ret;
-
- ret = do_handshake (hd);
- if (ret < 0)
- {
- fprintf (stderr, "*** ReHandshake has failed\n");
- gnutls_perror (ret);
- return ret;
- }
- else
- {
- printf ("- ReHandshake was completed\n");
- return 0;
- }
+ int ret;
+
+ ret = do_handshake(hd);
+ if (ret < 0) {
+ fprintf(stderr, "*** ReHandshake has failed\n");
+ gnutls_perror(ret);
+ return ret;
+ } else {
+ printf("- ReHandshake was completed\n");
+ return 0;
+ }
}
-static int try_resume (socket_st *hd)
+static int try_resume(socket_st * hd)
{
- int ret;
-
- char *session_data;
- size_t session_data_size = 0;
-
- gnutls_session_get_data (hd->session, NULL, &session_data_size);
- session_data = (char *) malloc (session_data_size);
- if (session_data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- gnutls_session_get_data (hd->session, session_data,
- &session_data_size);
-
- printf ("- Disconnecting\n");
- socket_bye (hd);
-
- printf ("\n\n- Connecting again- trying to resume previous session\n");
- socket_open (hd, hostname, service, udp);
-
- hd->session = init_tls_session (hostname);
- gnutls_session_set_data (hd->session, session_data, session_data_size);
- free (session_data);
-
- ret = do_handshake (hd);
- if (ret < 0)
- {
- fprintf (stderr, "*** Resume handshake has failed\n");
- gnutls_perror (ret);
- return ret;
- }
-
- printf ("- Resume Handshake was completed\n");
- if (gnutls_session_is_resumed (hd->session) != 0)
- printf ("*** This is a resumed session\n");
-
- return 0;
+ int ret;
+
+ char *session_data;
+ size_t session_data_size = 0;
+
+ gnutls_session_get_data(hd->session, NULL, &session_data_size);
+ session_data = (char *) malloc(session_data_size);
+ if (session_data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ gnutls_session_get_data(hd->session, session_data,
+ &session_data_size);
+
+ printf("- Disconnecting\n");
+ socket_bye(hd);
+
+ printf
+ ("\n\n- Connecting again- trying to resume previous session\n");
+ socket_open(hd, hostname, service, udp);
+
+ hd->session = init_tls_session(hostname);
+ gnutls_session_set_data(hd->session, session_data,
+ session_data_size);
+ free(session_data);
+
+ ret = do_handshake(hd);
+ if (ret < 0) {
+ fprintf(stderr, "*** Resume handshake has failed\n");
+ gnutls_perror(ret);
+ return ret;
+ }
+
+ printf("- Resume Handshake was completed\n");
+ if (gnutls_session_is_resumed(hd->session) != 0)
+ printf("*** This is a resumed session\n");
+
+ return 0;
}
-static
-bool parse_for_inline_commands_in_buffer (char *buffer, size_t bytes,
- inline_cmds_st *inline_cmds)
+static
+bool parse_for_inline_commands_in_buffer(char *buffer, size_t bytes,
+ inline_cmds_st * inline_cmds)
{
- ssize_t local_bytes, match_bytes, prev_bytes_copied, ii, jj;
- char *local_buffer_ptr, *ptr;
- char inline_command_string[MAX_INLINE_COMMAND_BYTES];
- ssize_t l;
-
- inline_cmds->bytes_to_flush = 0;
- inline_cmds->cmd_found = INLINE_COMMAND_NONE;
-
- if (inline_cmds->bytes_copied)
- {
- local_buffer_ptr =
- &inline_cmds->inline_cmd_buffer[inline_cmds->bytes_copied];
-
- local_bytes =
- ((inline_cmds->bytes_copied + bytes) <= MAX_INLINE_COMMAND_BYTES) ?
- (ssize_t)bytes : (MAX_INLINE_COMMAND_BYTES - inline_cmds->bytes_copied);
-
- memcpy (local_buffer_ptr, buffer, local_bytes);
- prev_bytes_copied = inline_cmds->bytes_copied;
- inline_cmds->new_buffer_ptr = buffer + local_bytes;
- inline_cmds->bytes_copied += local_bytes;
- local_buffer_ptr = inline_cmds->inline_cmd_buffer;
- local_bytes = inline_cmds->bytes_copied;
- }
- else
- {
- prev_bytes_copied = 0;
- local_buffer_ptr = buffer;
- local_bytes = bytes;
- inline_cmds->new_buffer_ptr = buffer + bytes;
- }
-
- inline_cmds->current_ptr = local_buffer_ptr;
-
- if (local_buffer_ptr[0] == inline_commands_prefix[0] && inline_cmds->lf_found)
- {
- for (jj = 0; jj < NUM_INLINE_COMMANDS; jj ++)
- {
- if (inline_commands_prefix[0] != '^') /* refer inline_cmds.h for usage of ^ */
- {
- strcpy (inline_command_string, inline_commands_def[jj].string);
- inline_command_string[strlen(inline_commands_def[jj].string)] = '\0';
- inline_command_string[0] = inline_commands_prefix[0];
- /* Inline commands are delimited by the inline_commands_prefix[0] (default is ^).
- The inline_commands_def[].string includes a trailing LF */
- inline_command_string[strlen(inline_commands_def[jj].string) - 2] = inline_commands_prefix[0];
- ptr = inline_command_string;
- }
- else
- ptr = inline_commands_def[jj].string;
-
- l = strlen(ptr);
- match_bytes = (local_bytes <= l) ? local_bytes : l;
- if (strncmp (ptr, local_buffer_ptr, match_bytes) == 0)
- {
- if (match_bytes == (ssize_t)strlen (ptr))
- {
- inline_cmds->new_buffer_ptr = buffer + match_bytes - prev_bytes_copied;
- inline_cmds->cmd_found = inline_commands_def[jj].command;
- inline_cmds->bytes_copied = 0; /* reset it */
- }
- else
- {
- /* partial command */
- memcpy (&inline_cmds->inline_cmd_buffer[inline_cmds->bytes_copied],
- buffer, bytes);
- inline_cmds->bytes_copied += bytes;
- }
- return true;
- }
- /* else - if not a match, do nothing here */
- } /* for */
- }
-
- for (ii = prev_bytes_copied; ii < local_bytes; ii ++)
- {
- if (ii && local_buffer_ptr[ii] == inline_commands_prefix[0] && inline_cmds->lf_found)
- {
- /* possible inline command. First, let's flush bytes up to ^ */
- inline_cmds->new_buffer_ptr = buffer + ii - prev_bytes_copied;
- inline_cmds->bytes_to_flush = ii;
- inline_cmds->lf_found = true;
-
- /* bytes to flush starts at inline_cmds->current_ptr */
- return true;
- }
- else if (local_buffer_ptr[ii] == '\n')
- {
- inline_cmds->lf_found = true;
- }
- else
- {
- inline_cmds->lf_found = false;
- }
- } /* for */
-
- inline_cmds->bytes_copied = 0; /* reset it */
- return false; /* not an inline command */
+ ssize_t local_bytes, match_bytes, prev_bytes_copied, ii, jj;
+ char *local_buffer_ptr, *ptr;
+ char inline_command_string[MAX_INLINE_COMMAND_BYTES];
+ ssize_t l;
+
+ inline_cmds->bytes_to_flush = 0;
+ inline_cmds->cmd_found = INLINE_COMMAND_NONE;
+
+ if (inline_cmds->bytes_copied) {
+ local_buffer_ptr =
+ &inline_cmds->inline_cmd_buffer[inline_cmds->
+ bytes_copied];
+
+ local_bytes =
+ ((inline_cmds->bytes_copied + bytes) <=
+ MAX_INLINE_COMMAND_BYTES) ? (ssize_t) bytes
+ : (MAX_INLINE_COMMAND_BYTES -
+ inline_cmds->bytes_copied);
+
+ memcpy(local_buffer_ptr, buffer, local_bytes);
+ prev_bytes_copied = inline_cmds->bytes_copied;
+ inline_cmds->new_buffer_ptr = buffer + local_bytes;
+ inline_cmds->bytes_copied += local_bytes;
+ local_buffer_ptr = inline_cmds->inline_cmd_buffer;
+ local_bytes = inline_cmds->bytes_copied;
+ } else {
+ prev_bytes_copied = 0;
+ local_buffer_ptr = buffer;
+ local_bytes = bytes;
+ inline_cmds->new_buffer_ptr = buffer + bytes;
+ }
+
+ inline_cmds->current_ptr = local_buffer_ptr;
+
+ if (local_buffer_ptr[0] == inline_commands_prefix[0]
+ && inline_cmds->lf_found) {
+ for (jj = 0; jj < NUM_INLINE_COMMANDS; jj++) {
+ if (inline_commands_prefix[0] != '^') { /* refer inline_cmds.h for usage of ^ */
+ strcpy(inline_command_string,
+ inline_commands_def[jj].string);
+ inline_command_string[strlen
+ (inline_commands_def
+ [jj].string)] =
+ '\0';
+ inline_command_string[0] =
+ inline_commands_prefix[0];
+ /* Inline commands are delimited by the inline_commands_prefix[0] (default is ^).
+ The inline_commands_def[].string includes a trailing LF */
+ inline_command_string[strlen
+ (inline_commands_def
+ [jj].string) - 2] =
+ inline_commands_prefix[0];
+ ptr = inline_command_string;
+ } else
+ ptr = inline_commands_def[jj].string;
+
+ l = strlen(ptr);
+ match_bytes = (local_bytes <= l) ? local_bytes : l;
+ if (strncmp(ptr, local_buffer_ptr, match_bytes) ==
+ 0) {
+ if (match_bytes == (ssize_t) strlen(ptr)) {
+ inline_cmds->new_buffer_ptr =
+ buffer + match_bytes -
+ prev_bytes_copied;
+ inline_cmds->cmd_found =
+ inline_commands_def[jj].
+ command;
+ inline_cmds->bytes_copied = 0; /* reset it */
+ } else {
+ /* partial command */
+ memcpy(&inline_cmds->
+ inline_cmd_buffer
+ [inline_cmds->bytes_copied],
+ buffer, bytes);
+ inline_cmds->bytes_copied += bytes;
+ }
+ return true;
+ }
+ /* else - if not a match, do nothing here */
+ } /* for */
+ }
+
+ for (ii = prev_bytes_copied; ii < local_bytes; ii++) {
+ if (ii && local_buffer_ptr[ii] == inline_commands_prefix[0]
+ && inline_cmds->lf_found) {
+ /* possible inline command. First, let's flush bytes up to ^ */
+ inline_cmds->new_buffer_ptr =
+ buffer + ii - prev_bytes_copied;
+ inline_cmds->bytes_to_flush = ii;
+ inline_cmds->lf_found = true;
+
+ /* bytes to flush starts at inline_cmds->current_ptr */
+ return true;
+ } else if (local_buffer_ptr[ii] == '\n') {
+ inline_cmds->lf_found = true;
+ } else {
+ inline_cmds->lf_found = false;
+ }
+ } /* for */
+
+ inline_cmds->bytes_copied = 0; /* reset it */
+ return false; /* not an inline command */
}
static
-int run_inline_command (inline_cmds_st *cmd, socket_st * hd)
+int run_inline_command(inline_cmds_st * cmd, socket_st * hd)
{
- switch (cmd->cmd_found)
- {
- case INLINE_COMMAND_RESUME:
- return try_resume (hd);
- case INLINE_COMMAND_RENEGOTIATE:
- return try_rehandshake (hd);
- default:
- return -1;
- }
+ switch (cmd->cmd_found) {
+ case INLINE_COMMAND_RESUME:
+ return try_resume(hd);
+ case INLINE_COMMAND_RENEGOTIATE:
+ return try_rehandshake(hd);
+ default:
+ return -1;
+ }
}
static
-int do_inline_command_processing (char *buffer_ptr, size_t curr_bytes, socket_st * hd, inline_cmds_st *inline_cmds)
+int do_inline_command_processing(char *buffer_ptr, size_t curr_bytes,
+ socket_st * hd,
+ inline_cmds_st * inline_cmds)
{
- int skip_bytes, bytes;
- bool inline_cmd_start_found;
-
- bytes = curr_bytes;
-
-continue_inline_processing:
- /* parse_for_inline_commands_in_buffer hunts for start of an inline command
- * sequence. The function maintains state information in inline_cmds.
- */
- inline_cmd_start_found = parse_for_inline_commands_in_buffer (buffer_ptr,
- bytes, inline_cmds);
- if (!inline_cmd_start_found)
- return bytes;
-
- /* inline_cmd_start_found is set */
-
- if (inline_cmds->bytes_to_flush)
- {
- /* start of an inline command sequence found, but is not
- * at the beginning of buffer. So, we flush all preceding bytes.
- */
- return inline_cmds->bytes_to_flush;
- }
- else if (inline_cmds->cmd_found == INLINE_COMMAND_NONE)
- {
- /* partial command found */
- return 0;
- }
- else
- {
- /* complete inline command found and is at the start */
- if (run_inline_command (inline_cmds, hd))
- return -1;
-
- inline_cmds->cmd_found = INLINE_COMMAND_NONE;
- skip_bytes = inline_cmds->new_buffer_ptr - buffer_ptr;
-
- if (skip_bytes >= bytes)
- return 0;
- else
- {
- buffer_ptr = inline_cmds->new_buffer_ptr;
- bytes -= skip_bytes;
- goto continue_inline_processing;
- }
- }
+ int skip_bytes, bytes;
+ bool inline_cmd_start_found;
+
+ bytes = curr_bytes;
+
+ continue_inline_processing:
+ /* parse_for_inline_commands_in_buffer hunts for start of an inline command
+ * sequence. The function maintains state information in inline_cmds.
+ */
+ inline_cmd_start_found =
+ parse_for_inline_commands_in_buffer(buffer_ptr, bytes,
+ inline_cmds);
+ if (!inline_cmd_start_found)
+ return bytes;
+
+ /* inline_cmd_start_found is set */
+
+ if (inline_cmds->bytes_to_flush) {
+ /* start of an inline command sequence found, but is not
+ * at the beginning of buffer. So, we flush all preceding bytes.
+ */
+ return inline_cmds->bytes_to_flush;
+ } else if (inline_cmds->cmd_found == INLINE_COMMAND_NONE) {
+ /* partial command found */
+ return 0;
+ } else {
+ /* complete inline command found and is at the start */
+ if (run_inline_command(inline_cmds, hd))
+ return -1;
+
+ inline_cmds->cmd_found = INLINE_COMMAND_NONE;
+ skip_bytes = inline_cmds->new_buffer_ptr - buffer_ptr;
+
+ if (skip_bytes >= bytes)
+ return 0;
+ else {
+ buffer_ptr = inline_cmds->new_buffer_ptr;
+ bytes -= skip_bytes;
+ goto continue_inline_processing;
+ }
+ }
}
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- int ret;
- int ii, inp;
- char buffer[MAX_BUF + 1];
- int user_term = 0, retval = 0;
- socket_st hd;
- ssize_t bytes, keyboard_bytes;
- char *keyboard_buffer_ptr;
- inline_cmds_st inline_cmds;
+ int ret;
+ int ii, inp;
+ char buffer[MAX_BUF + 1];
+ int user_term = 0, retval = 0;
+ socket_st hd;
+ ssize_t bytes, keyboard_bytes;
+ char *keyboard_buffer_ptr;
+ inline_cmds_st inline_cmds;
#ifndef _WIN32
- struct sigaction new_action;
+ struct sigaction new_action;
#endif
- cmd_parser (argc, argv);
+ cmd_parser(argc, argv);
+
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(OPT_VALUE_DEBUG);
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (OPT_VALUE_DEBUG);
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ if (hostname == NULL) {
+ fprintf(stderr, "No hostname given\n");
+ exit(1);
+ }
- if (hostname == NULL)
- {
- fprintf (stderr, "No hostname given\n");
- exit (1);
- }
+ sockets_init();
- sockets_init ();
+ init_global_tls_stuff();
- init_global_tls_stuff ();
+ socket_open(&hd, hostname, service, udp);
- socket_open (&hd, hostname, service, udp);
+ hd.session = init_tls_session(hostname);
+ if (starttls)
+ goto after_handshake;
- hd.session = init_tls_session (hostname);
- if (starttls)
- goto after_handshake;
+ ret = do_handshake(&hd);
- ret = do_handshake (&hd);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake has failed\n");
- gnutls_perror (ret);
- gnutls_deinit (hd.session);
- return 1;
- }
- else
- printf ("- Handshake was completed\n");
-
- if (resume != 0)
- if (try_resume (&hd))
- return 1;
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake has failed\n");
+ gnutls_perror(ret);
+ gnutls_deinit(hd.session);
+ return 1;
+ } else
+ printf("- Handshake was completed\n");
-after_handshake:
+ if (resume != 0)
+ if (try_resume(&hd))
+ return 1;
- /* Warning! Do not touch this text string, it is used by external
- programs to search for when gnutls-cli has reached this point. */
- printf ("\n- Simple Client Mode:\n\n");
+ after_handshake:
- if (rehandshake)
- if (try_rehandshake (&hd))
- return 1;
+ /* Warning! Do not touch this text string, it is used by external
+ programs to search for when gnutls-cli has reached this point. */
+ printf("\n- Simple Client Mode:\n\n");
+
+ if (rehandshake)
+ if (try_rehandshake(&hd))
+ return 1;
#ifndef _WIN32
- new_action.sa_handler = starttls_alarm;
- sigemptyset (&new_action.sa_mask);
- new_action.sa_flags = 0;
+ new_action.sa_handler = starttls_alarm;
+ sigemptyset(&new_action.sa_mask);
+ new_action.sa_flags = 0;
- sigaction (SIGALRM, &new_action, NULL);
+ sigaction(SIGALRM, &new_action, NULL);
#endif
- fflush (stdout);
- fflush (stderr);
+ fflush(stdout);
+ fflush(stderr);
- /* do not buffer */
+ /* do not buffer */
#ifndef _WIN32
- setbuf (stdin, NULL);
+ setbuf(stdin, NULL);
#endif
- setbuf (stdout, NULL);
- setbuf (stderr, NULL);
-
- if (inline_commands)
- {
- memset (&inline_cmds, 0, sizeof (inline_cmds_st));
- inline_cmds.lf_found = true; /* initially, at start of line */
- }
-
- for (;;)
- {
- if (starttls_alarmed && !hd.secure)
- {
- /* Warning! Do not touch this text string, it is used by
- external programs to search for when gnutls-cli has
- reached this point. */
- fprintf (stderr, "*** Starting TLS handshake\n");
- ret = do_handshake (&hd);
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake has failed\n");
- user_term = 1;
- retval = 1;
- break;
- }
- }
-
- inp = check_net_or_keyboard_input(&hd);
-
- if (inp == IN_NET)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = socket_recv (&hd, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (handle_error (&hd, ret) < 0 && user_term == 0)
- {
- fprintf (stderr,
- "*** Server has terminated the connection abnormally.\n");
- retval = 1;
- break;
- }
- else if (ret > 0)
- {
- if (verbose != 0)
- printf ("- Received[%d]: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fflush (stdout);
- }
-
- if (user_term != 0)
- break;
- }
-
- if (inp == IN_KEYBOARD)
- {
- if ((bytes = read (fileno (stdin), buffer, MAX_BUF - 1)) <= 0)
- {
- if (hd.secure == 0)
- {
- /* Warning! Do not touch this text string, it is
- used by external programs to search for when
- gnutls-cli has reached this point. */
- fprintf (stderr, "*** Starting TLS handshake\n");
- ret = do_handshake (&hd);
- clearerr (stdin);
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake has failed\n");
- user_term = 1;
- retval = 1;
- break;
- }
- }
- else
- {
- user_term = 1;
- break;
- }
- continue;
- }
-
- buffer[bytes] = 0;
- if (crlf != 0)
- {
- char *b = strchr (buffer, '\n');
- if (b != NULL)
- {
- strcpy (b, "\r\n");
- bytes++;
- }
- }
-
- keyboard_bytes = bytes;
- keyboard_buffer_ptr = buffer;
-
-inline_command_processing:
-
- if (inline_commands)
- {
- keyboard_bytes = do_inline_command_processing (
- keyboard_buffer_ptr, keyboard_bytes,
- &hd, &inline_cmds);
- if (keyboard_bytes == 0)
- continue;
- else if (keyboard_bytes < 0)
- { /* error processing an inline command */
- retval = 1;
- break;
- }
- else
- {
- /* current_ptr could point to either an inline_cmd_buffer
- * or may point to start or an offset into buffer.
- */
- keyboard_buffer_ptr = inline_cmds.current_ptr;
- }
- }
-
- if (ranges && gnutls_record_can_use_length_hiding(hd.session))
- {
- gnutls_range_st range;
- range.low = 0;
- range.high = MAX_BUF;
- ret = socket_send_range (&hd, keyboard_buffer_ptr, keyboard_bytes, &range);
- }
- else
- {
- ret = socket_send(&hd, keyboard_buffer_ptr, keyboard_bytes);
- }
-
- if (ret > 0)
- {
- if (verbose != 0)
- printf ("- Sent: %d bytes\n", ret);
- }
- else
- handle_error (&hd, ret);
-
- if (inline_commands &&
- inline_cmds.new_buffer_ptr < (buffer + bytes))
- {
- keyboard_buffer_ptr = inline_cmds.new_buffer_ptr;
- keyboard_bytes = (buffer + bytes) - keyboard_buffer_ptr;
- goto inline_command_processing;
- }
- }
- }
-
- if (user_term != 0)
- socket_bye (&hd);
- else
- gnutls_deinit (hd.session);
+ setbuf(stdout, NULL);
+ setbuf(stderr, NULL);
+
+ if (inline_commands) {
+ memset(&inline_cmds, 0, sizeof(inline_cmds_st));
+ inline_cmds.lf_found = true; /* initially, at start of line */
+ }
+
+ for (;;) {
+ if (starttls_alarmed && !hd.secure) {
+ /* Warning! Do not touch this text string, it is used by
+ external programs to search for when gnutls-cli has
+ reached this point. */
+ fprintf(stderr, "*** Starting TLS handshake\n");
+ ret = do_handshake(&hd);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Handshake has failed\n");
+ user_term = 1;
+ retval = 1;
+ break;
+ }
+ }
+
+ inp = check_net_or_keyboard_input(&hd);
+
+ if (inp == IN_NET) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = socket_recv(&hd, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (handle_error(&hd, ret) < 0
+ && user_term == 0) {
+ fprintf(stderr,
+ "*** Server has terminated the connection abnormally.\n");
+ retval = 1;
+ break;
+ } else if (ret > 0) {
+ if (verbose != 0)
+ printf("- Received[%d]: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fflush(stdout);
+ }
+
+ if (user_term != 0)
+ break;
+ }
+
+ if (inp == IN_KEYBOARD) {
+ if ((bytes =
+ read(fileno(stdin), buffer,
+ MAX_BUF - 1)) <= 0) {
+ if (hd.secure == 0) {
+ /* Warning! Do not touch this text string, it is
+ used by external programs to search for when
+ gnutls-cli has reached this point. */
+ fprintf(stderr,
+ "*** Starting TLS handshake\n");
+ ret = do_handshake(&hd);
+ clearerr(stdin);
+ if (ret < 0) {
+ fprintf(stderr,
+ "*** Handshake has failed\n");
+ user_term = 1;
+ retval = 1;
+ break;
+ }
+ } else {
+ user_term = 1;
+ break;
+ }
+ continue;
+ }
+
+ buffer[bytes] = 0;
+ if (crlf != 0) {
+ char *b = strchr(buffer, '\n');
+ if (b != NULL) {
+ strcpy(b, "\r\n");
+ bytes++;
+ }
+ }
+
+ keyboard_bytes = bytes;
+ keyboard_buffer_ptr = buffer;
+
+ inline_command_processing:
+
+ if (inline_commands) {
+ keyboard_bytes =
+ do_inline_command_processing
+ (keyboard_buffer_ptr, keyboard_bytes,
+ &hd, &inline_cmds);
+ if (keyboard_bytes == 0)
+ continue;
+ else if (keyboard_bytes < 0) { /* error processing an inline command */
+ retval = 1;
+ break;
+ } else {
+ /* current_ptr could point to either an inline_cmd_buffer
+ * or may point to start or an offset into buffer.
+ */
+ keyboard_buffer_ptr =
+ inline_cmds.current_ptr;
+ }
+ }
+
+ if (ranges
+ && gnutls_record_can_use_length_hiding(hd.
+ session))
+ {
+ gnutls_range_st range;
+ range.low = 0;
+ range.high = MAX_BUF;
+ ret =
+ socket_send_range(&hd,
+ keyboard_buffer_ptr,
+ keyboard_bytes,
+ &range);
+ } else {
+ ret =
+ socket_send(&hd, keyboard_buffer_ptr,
+ keyboard_bytes);
+ }
+
+ if (ret > 0) {
+ if (verbose != 0)
+ printf("- Sent: %d bytes\n", ret);
+ } else
+ handle_error(&hd, ret);
+
+ if (inline_commands &&
+ inline_cmds.new_buffer_ptr < (buffer + bytes))
+ {
+ keyboard_buffer_ptr =
+ inline_cmds.new_buffer_ptr;
+ keyboard_bytes =
+ (buffer + bytes) - keyboard_buffer_ptr;
+ goto inline_command_processing;
+ }
+ }
+ }
+
+ if (user_term != 0)
+ socket_bye(&hd);
+ else
+ gnutls_deinit(hd.session);
#ifdef ENABLE_SRP
- if (srp_cred)
- gnutls_srp_free_client_credentials (srp_cred);
+ if (srp_cred)
+ gnutls_srp_free_client_credentials(srp_cred);
#endif
#ifdef ENABLE_PSK
- if (psk_cred)
- gnutls_psk_free_client_credentials (psk_cred);
+ if (psk_cred)
+ gnutls_psk_free_client_credentials(psk_cred);
#endif
- gnutls_certificate_free_credentials (xcred);
+ gnutls_certificate_free_credentials(xcred);
#ifdef ENABLE_ANON
- gnutls_anon_free_client_credentials (anon_cred);
+ gnutls_anon_free_client_credentials(anon_cred);
#endif
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return retval;
+ return retval;
}
-static void
-cmd_parser (int argc, char **argv)
+static void cmd_parser(int argc, char **argv)
{
-const char* rest = NULL;
-
- int optct = optionProcess( &gnutls_cliOptions, argc, argv);
- argc -= optct;
- argv += optct;
-
- if (rest == NULL && argc > 0)
- rest = argv[0];
-
- if (HAVE_OPT(BENCHMARK_CIPHERS))
- {
- benchmark_cipher(1, OPT_VALUE_DEBUG);
- exit(0);
- }
-
- if (HAVE_OPT(BENCHMARK_SOFT_CIPHERS))
- {
- benchmark_cipher(0, OPT_VALUE_DEBUG);
- exit(0);
- }
-
- if (HAVE_OPT(BENCHMARK_TLS_CIPHERS))
- {
- benchmark_tls(OPT_VALUE_DEBUG, 1);
- exit(0);
- }
-
- if (HAVE_OPT(BENCHMARK_TLS_KX))
- {
- benchmark_tls(OPT_VALUE_DEBUG, 0);
- exit(0);
- }
-
- if (HAVE_OPT(PRIORITY))
- {
- priorities = OPT_ARG(PRIORITY);
- }
- verbose = HAVE_OPT( VERBOSE);
- if (verbose)
- print_cert = 1;
- else
- print_cert = HAVE_OPT( PRINT_CERT);
-
- if (HAVE_OPT(LIST))
- {
- print_list(priorities, verbose);
- exit(0);
- }
-
- disable_sni = HAVE_OPT(DISABLE_SNI);
- disable_extensions = HAVE_OPT( DISABLE_EXTENSIONS);
- if (disable_extensions)
- init_flags |= GNUTLS_NO_EXTENSIONS;
-
- inline_commands = HAVE_OPT(INLINE_COMMANDS);
- if (HAVE_OPT(INLINE_COMMANDS_PREFIX))
- {
- if (strlen(OPT_ARG(INLINE_COMMANDS_PREFIX)) > 1)
- {
- fprintf(stderr, "inline-commands-prefix value is a single US-ASCII character (octets 0 - 127)\n");
- exit(1);
- }
- inline_commands_prefix = (char *) OPT_ARG(INLINE_COMMANDS_PREFIX);
- if (!isascii(inline_commands_prefix[0]))
- {
- fprintf(stderr, "inline-commands-prefix value is a single US-ASCII character (octets 0 - 127)\n");
- exit(1);
- }
- }
- else
- inline_commands_prefix = "^";
-
- starttls = HAVE_OPT(STARTTLS);
- resume = HAVE_OPT(RESUME);
- rehandshake = HAVE_OPT(REHANDSHAKE);
- insecure = HAVE_OPT(INSECURE);
- ranges = HAVE_OPT(RANGES);
-
- udp = HAVE_OPT(UDP);
- mtu = OPT_VALUE_MTU;
-
- if (HAVE_OPT(PORT))
- {
- service = OPT_ARG(PORT);
- }
- else
- {
- service = "443";
- }
-
- record_max_size = OPT_VALUE_RECORDSIZE;
-
- fingerprint = HAVE_OPT(FINGERPRINT);
-
- if (HAVE_OPT(X509FMTDER))
- x509ctype = GNUTLS_X509_FMT_DER;
- else
- x509ctype = GNUTLS_X509_FMT_PEM;
-
- if (HAVE_OPT(SRPUSERNAME))
- srp_username = OPT_ARG(SRPUSERNAME);
-
- if (HAVE_OPT(SRPPASSWD))
- srp_passwd = OPT_ARG(SRPPASSWD);
-
- if (HAVE_OPT(X509CAFILE))
- x509_cafile = OPT_ARG(X509CAFILE);
-
- if (HAVE_OPT(X509CRLFILE))
- x509_crlfile = OPT_ARG(X509CRLFILE);
-
- if (HAVE_OPT(X509KEYFILE))
- x509_keyfile = OPT_ARG(X509KEYFILE);
-
- if (HAVE_OPT(X509CERTFILE))
- x509_certfile = OPT_ARG(X509CERTFILE);
-
- if (HAVE_OPT(PGPKEYFILE))
- pgp_keyfile = OPT_ARG(PGPKEYFILE);
-
- if (HAVE_OPT(PGPCERTFILE))
- pgp_certfile = OPT_ARG(PGPCERTFILE);
-
- if (HAVE_OPT(PSKUSERNAME))
- psk_username = OPT_ARG(PSKUSERNAME);
-
- if (HAVE_OPT(PSKKEY))
- {
- psk_key.data = (unsigned char *) OPT_ARG(PSKKEY);
- psk_key.size = strlen (OPT_ARG(PSKKEY));
- }
- else
- psk_key.size = 0;
-
- if (HAVE_OPT(PGPKEYRING))
- pgp_keyring = OPT_ARG(PGPKEYRING);
-
- crlf = HAVE_OPT(CRLF);
-
- if (rest != NULL)
- hostname = rest;
-
- if (hostname == NULL)
- {
- fprintf(stderr, "No hostname specified\n");
- exit(1);
- }
+ const char *rest = NULL;
+
+ int optct = optionProcess(&gnutls_cliOptions, argc, argv);
+ argc -= optct;
+ argv += optct;
+
+ if (rest == NULL && argc > 0)
+ rest = argv[0];
+
+ if (HAVE_OPT(BENCHMARK_CIPHERS)) {
+ benchmark_cipher(1, OPT_VALUE_DEBUG);
+ exit(0);
+ }
+
+ if (HAVE_OPT(BENCHMARK_SOFT_CIPHERS)) {
+ benchmark_cipher(0, OPT_VALUE_DEBUG);
+ exit(0);
+ }
+
+ if (HAVE_OPT(BENCHMARK_TLS_CIPHERS)) {
+ benchmark_tls(OPT_VALUE_DEBUG, 1);
+ exit(0);
+ }
+
+ if (HAVE_OPT(BENCHMARK_TLS_KX)) {
+ benchmark_tls(OPT_VALUE_DEBUG, 0);
+ exit(0);
+ }
+
+ if (HAVE_OPT(PRIORITY)) {
+ priorities = OPT_ARG(PRIORITY);
+ }
+ verbose = HAVE_OPT(VERBOSE);
+ if (verbose)
+ print_cert = 1;
+ else
+ print_cert = HAVE_OPT(PRINT_CERT);
+
+ if (HAVE_OPT(LIST)) {
+ print_list(priorities, verbose);
+ exit(0);
+ }
+
+ disable_sni = HAVE_OPT(DISABLE_SNI);
+ disable_extensions = HAVE_OPT(DISABLE_EXTENSIONS);
+ if (disable_extensions)
+ init_flags |= GNUTLS_NO_EXTENSIONS;
+
+ inline_commands = HAVE_OPT(INLINE_COMMANDS);
+ if (HAVE_OPT(INLINE_COMMANDS_PREFIX)) {
+ if (strlen(OPT_ARG(INLINE_COMMANDS_PREFIX)) > 1) {
+ fprintf(stderr,
+ "inline-commands-prefix value is a single US-ASCII character (octets 0 - 127)\n");
+ exit(1);
+ }
+ inline_commands_prefix =
+ (char *) OPT_ARG(INLINE_COMMANDS_PREFIX);
+ if (!isascii(inline_commands_prefix[0])) {
+ fprintf(stderr,
+ "inline-commands-prefix value is a single US-ASCII character (octets 0 - 127)\n");
+ exit(1);
+ }
+ } else
+ inline_commands_prefix = "^";
+
+ starttls = HAVE_OPT(STARTTLS);
+ resume = HAVE_OPT(RESUME);
+ rehandshake = HAVE_OPT(REHANDSHAKE);
+ insecure = HAVE_OPT(INSECURE);
+ ranges = HAVE_OPT(RANGES);
+
+ udp = HAVE_OPT(UDP);
+ mtu = OPT_VALUE_MTU;
+
+ if (HAVE_OPT(PORT)) {
+ service = OPT_ARG(PORT);
+ } else {
+ service = "443";
+ }
+
+ record_max_size = OPT_VALUE_RECORDSIZE;
+
+ fingerprint = HAVE_OPT(FINGERPRINT);
+
+ if (HAVE_OPT(X509FMTDER))
+ x509ctype = GNUTLS_X509_FMT_DER;
+ else
+ x509ctype = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(SRPUSERNAME))
+ srp_username = OPT_ARG(SRPUSERNAME);
+
+ if (HAVE_OPT(SRPPASSWD))
+ srp_passwd = OPT_ARG(SRPPASSWD);
+
+ if (HAVE_OPT(X509CAFILE))
+ x509_cafile = OPT_ARG(X509CAFILE);
+
+ if (HAVE_OPT(X509CRLFILE))
+ x509_crlfile = OPT_ARG(X509CRLFILE);
+
+ if (HAVE_OPT(X509KEYFILE))
+ x509_keyfile = OPT_ARG(X509KEYFILE);
+
+ if (HAVE_OPT(X509CERTFILE))
+ x509_certfile = OPT_ARG(X509CERTFILE);
+
+ if (HAVE_OPT(PGPKEYFILE))
+ pgp_keyfile = OPT_ARG(PGPKEYFILE);
+
+ if (HAVE_OPT(PGPCERTFILE))
+ pgp_certfile = OPT_ARG(PGPCERTFILE);
+
+ if (HAVE_OPT(PSKUSERNAME))
+ psk_username = OPT_ARG(PSKUSERNAME);
+
+ if (HAVE_OPT(PSKKEY)) {
+ psk_key.data = (unsigned char *) OPT_ARG(PSKKEY);
+ psk_key.size = strlen(OPT_ARG(PSKKEY));
+ } else
+ psk_key.size = 0;
+
+ if (HAVE_OPT(PGPKEYRING))
+ pgp_keyring = OPT_ARG(PGPKEYRING);
+
+ crlf = HAVE_OPT(CRLF);
+
+ if (rest != NULL)
+ hostname = rest;
+
+ if (hostname == NULL) {
+ fprintf(stderr, "No hostname specified\n");
+ exit(1);
+ }
}
-static void
-check_rehandshake (socket_st * socket, int ret)
+static void check_rehandshake(socket_st * socket, int ret)
{
- if (socket->secure && ret == GNUTLS_E_REHANDSHAKE)
- {
- /* There is a race condition here. If application
- * data is sent after the rehandshake request,
- * the server thinks we ignored his request.
- * This is a bad design of this client.
- */
- printf ("*** Received rehandshake request\n");
- /* gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); */
-
- ret = do_handshake (socket);
-
- if (ret == 0)
- {
- printf ("*** Rehandshake was performed.\n");
- }
- else
- {
- printf ("*** Rehandshake Failed.\n");
- }
- }
+ if (socket->secure && ret == GNUTLS_E_REHANDSHAKE) {
+ /* There is a race condition here. If application
+ * data is sent after the rehandshake request,
+ * the server thinks we ignored his request.
+ * This is a bad design of this client.
+ */
+ printf("*** Received rehandshake request\n");
+ /* gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); */
+
+ ret = do_handshake(socket);
+
+ if (ret == 0) {
+ printf("*** Rehandshake was performed.\n");
+ } else {
+ printf("*** Rehandshake Failed.\n");
+ }
+ }
}
-static int
-do_handshake (socket_st * socket)
+static int do_handshake(socket_st * socket)
{
- int ret;
-
- gnutls_transport_set_int (socket->session, socket->fd);
- do
- {
- gnutls_handshake_set_timeout( socket->session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
- ret = gnutls_handshake (socket->session);
-
- if (ret < 0)
- {
- handle_error (socket, ret);
- }
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret == 0)
- {
- /* print some information */
- print_info (socket->session, verbose, 0);
- socket->secure = 1;
- }
- else
- {
- gnutls_alert_send_appropriate (socket->session, ret);
- shutdown (socket->fd, SHUT_RDWR);
- }
- return ret;
+ int ret;
+
+ gnutls_transport_set_int(socket->session, socket->fd);
+ do {
+ gnutls_handshake_set_timeout(socket->session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+ ret = gnutls_handshake(socket->session);
+
+ if (ret < 0) {
+ handle_error(socket, ret);
+ }
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret == 0) {
+ /* print some information */
+ print_info(socket->session, verbose, 0);
+ socket->secure = 1;
+ } else {
+ gnutls_alert_send_appropriate(socket->session, ret);
+ shutdown(socket->fd, SHUT_RDWR);
+ }
+ return ret;
}
static int
-srp_username_callback (gnutls_session_t session,
- char **username, char **password)
+srp_username_callback(gnutls_session_t session,
+ char **username, char **password)
{
- if (srp_username == NULL || srp_passwd == NULL)
- {
- return -1;
- }
+ if (srp_username == NULL || srp_passwd == NULL) {
+ return -1;
+ }
- *username = gnutls_strdup (srp_username);
- *password = gnutls_strdup (srp_passwd);
+ *username = gnutls_strdup(srp_username);
+ *password = gnutls_strdup(srp_passwd);
- return 0;
+ return 0;
}
static int
-psk_callback (gnutls_session_t session, char **username, gnutls_datum_t * key)
+psk_callback(gnutls_session_t session, char **username,
+ gnutls_datum_t * key)
{
- const char *hint = gnutls_psk_client_get_hint (session);
- char *rawkey;
- char *passwd;
- int ret;
- size_t res_size;
- gnutls_datum_t tmp;
-
- printf ("- PSK client callback. ");
- if (hint)
- printf ("PSK hint '%s'\n", hint);
- else
- printf ("No PSK hint\n");
-
- if (HAVE_OPT(PSKUSERNAME))
- *username = gnutls_strdup (OPT_ARG(PSKUSERNAME));
- else
- {
- char *tmp = NULL;
- size_t n;
-
- printf ("Enter PSK identity: ");
- fflush (stdout);
- getline (&tmp, &n, stdin);
-
- if (tmp == NULL)
- {
- fprintf (stderr, "No username given, aborting...\n");
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (tmp[strlen (tmp) - 1] == '\n')
- tmp[strlen (tmp) - 1] = '\0';
- if (tmp[strlen (tmp) - 1] == '\r')
- tmp[strlen (tmp) - 1] = '\0';
-
- *username = gnutls_strdup (tmp);
- free (tmp);
- }
- if (!*username)
- return GNUTLS_E_MEMORY_ERROR;
-
- passwd = getpass ("Enter key: ");
- if (passwd == NULL)
- {
- fprintf (stderr, "No key given, aborting...\n");
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- tmp.data = (void*)passwd;
- tmp.size = strlen (passwd);
-
- res_size = tmp.size / 2 + 1;
- rawkey = gnutls_malloc (res_size);
- if (rawkey == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = gnutls_hex_decode (&tmp, rawkey, &res_size);
- if (ret < 0)
- {
- fprintf (stderr, "Error deriving password: %s\n",
- gnutls_strerror (ret));
- gnutls_free (*username);
- return ret;
- }
-
- key->data = (void*)rawkey;
- key->size = res_size;
-
- if (HAVE_OPT(DEBUG))
- {
- char hexkey[41];
- res_size = sizeof (hexkey);
- gnutls_hex_encode (key, hexkey, &res_size);
- fprintf (stderr, "PSK username: %s\n", *username);
- fprintf (stderr, "PSK hint: %s\n", hint);
- fprintf (stderr, "PSK key: %s\n", hexkey);
- }
-
- return 0;
+ const char *hint = gnutls_psk_client_get_hint(session);
+ char *rawkey;
+ char *passwd;
+ int ret;
+ size_t res_size;
+ gnutls_datum_t tmp;
+
+ printf("- PSK client callback. ");
+ if (hint)
+ printf("PSK hint '%s'\n", hint);
+ else
+ printf("No PSK hint\n");
+
+ if (HAVE_OPT(PSKUSERNAME))
+ *username = gnutls_strdup(OPT_ARG(PSKUSERNAME));
+ else {
+ char *tmp = NULL;
+ size_t n;
+
+ printf("Enter PSK identity: ");
+ fflush(stdout);
+ getline(&tmp, &n, stdin);
+
+ if (tmp == NULL) {
+ fprintf(stderr,
+ "No username given, aborting...\n");
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (tmp[strlen(tmp) - 1] == '\n')
+ tmp[strlen(tmp) - 1] = '\0';
+ if (tmp[strlen(tmp) - 1] == '\r')
+ tmp[strlen(tmp) - 1] = '\0';
+
+ *username = gnutls_strdup(tmp);
+ free(tmp);
+ }
+ if (!*username)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ passwd = getpass("Enter key: ");
+ if (passwd == NULL) {
+ fprintf(stderr, "No key given, aborting...\n");
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ tmp.data = (void *) passwd;
+ tmp.size = strlen(passwd);
+
+ res_size = tmp.size / 2 + 1;
+ rawkey = gnutls_malloc(res_size);
+ if (rawkey == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = gnutls_hex_decode(&tmp, rawkey, &res_size);
+ if (ret < 0) {
+ fprintf(stderr, "Error deriving password: %s\n",
+ gnutls_strerror(ret));
+ gnutls_free(*username);
+ return ret;
+ }
+
+ key->data = (void *) rawkey;
+ key->size = res_size;
+
+ if (HAVE_OPT(DEBUG)) {
+ char hexkey[41];
+ res_size = sizeof(hexkey);
+ gnutls_hex_encode(key, hexkey, &res_size);
+ fprintf(stderr, "PSK username: %s\n", *username);
+ fprintf(stderr, "PSK hint: %s\n", hint);
+ fprintf(stderr, "PSK key: %s\n", hexkey);
+ }
+
+ return 0;
}
-static void
-init_global_tls_stuff (void)
+static void init_global_tls_stuff(void)
{
- int ret;
-
- /* X509 stuff */
- if (gnutls_certificate_allocate_credentials (&xcred) < 0)
- {
- fprintf (stderr, "Certificate allocation memory error\n");
- exit (1);
- }
- gnutls_certificate_set_pin_function(xcred, pin_callback, NULL);
-
- if (x509_cafile != NULL)
- {
- ret = gnutls_certificate_set_x509_trust_file (xcred,
- x509_cafile, x509ctype);
- }
- else
- {
- ret = gnutls_certificate_set_x509_system_trust (xcred);
- }
- if (ret < 0)
- {
- fprintf (stderr, "Error setting the x509 trust file\n");
- }
- else
- {
- printf ("Processed %d CA certificate(s).\n", ret);
- }
-
- if (x509_crlfile != NULL)
- {
- ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile,
- x509ctype);
- if (ret < 0)
- {
- fprintf (stderr, "Error setting the x509 CRL file\n");
- }
- else
- {
- printf ("Processed %d CRL(s).\n", ret);
- }
- }
-
- load_keys ();
+ int ret;
+
+ /* X509 stuff */
+ if (gnutls_certificate_allocate_credentials(&xcred) < 0) {
+ fprintf(stderr, "Certificate allocation memory error\n");
+ exit(1);
+ }
+ gnutls_certificate_set_pin_function(xcred, pin_callback, NULL);
+
+ if (x509_cafile != NULL) {
+ ret = gnutls_certificate_set_x509_trust_file(xcred,
+ x509_cafile,
+ x509ctype);
+ } else {
+ ret = gnutls_certificate_set_x509_system_trust(xcred);
+ }
+ if (ret < 0) {
+ fprintf(stderr, "Error setting the x509 trust file\n");
+ } else {
+ printf("Processed %d CA certificate(s).\n", ret);
+ }
+
+ if (x509_crlfile != NULL) {
+ ret =
+ gnutls_certificate_set_x509_crl_file(xcred,
+ x509_crlfile,
+ x509ctype);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error setting the x509 CRL file\n");
+ } else {
+ printf("Processed %d CRL(s).\n", ret);
+ }
+ }
+
+ load_keys();
#ifdef ENABLE_OPENPGP
- if (pgp_keyring != NULL)
- {
- ret =
- gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (ret < 0)
- {
- fprintf (stderr, "Error setting the OpenPGP keyring file\n");
- }
- }
+ if (pgp_keyring != NULL) {
+ ret =
+ gnutls_certificate_set_openpgp_keyring_file(xcred,
+ pgp_keyring,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error setting the OpenPGP keyring file\n");
+ }
+ }
#endif
#ifdef ENABLE_SRP
- if (srp_username && srp_passwd)
- {
- /* SRP stuff */
- if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
- {
- fprintf (stderr, "SRP authentication error\n");
- }
-
- gnutls_srp_set_client_credentials_function (srp_cred,
- srp_username_callback);
- }
+ if (srp_username && srp_passwd) {
+ /* SRP stuff */
+ if (gnutls_srp_allocate_client_credentials(&srp_cred) < 0) {
+ fprintf(stderr, "SRP authentication error\n");
+ }
+
+ gnutls_srp_set_client_credentials_function(srp_cred,
+ srp_username_callback);
+ }
#endif
#ifdef ENABLE_PSK
- /* PSK stuff */
- if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0)
- {
- fprintf (stderr, "PSK authentication error\n");
- }
-
- if (psk_username && psk_key.data)
- {
- ret = gnutls_psk_set_client_credentials (psk_cred,
- psk_username, &psk_key,
- GNUTLS_PSK_KEY_HEX);
- if (ret < 0)
- {
- fprintf (stderr, "Error setting the PSK credentials: %s\n",
- gnutls_strerror (ret));
- }
- }
- else
- gnutls_psk_set_client_credentials_function (psk_cred, psk_callback);
+ /* PSK stuff */
+ if (gnutls_psk_allocate_client_credentials(&psk_cred) < 0) {
+ fprintf(stderr, "PSK authentication error\n");
+ }
+
+ if (psk_username && psk_key.data) {
+ ret = gnutls_psk_set_client_credentials(psk_cred,
+ psk_username,
+ &psk_key,
+ GNUTLS_PSK_KEY_HEX);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error setting the PSK credentials: %s\n",
+ gnutls_strerror(ret));
+ }
+ } else
+ gnutls_psk_set_client_credentials_function(psk_cred,
+ psk_callback);
#endif
#ifdef ENABLE_ANON
- /* ANON stuff */
- if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
- {
- fprintf (stderr, "Anonymous authentication error\n");
- }
+ /* ANON stuff */
+ if (gnutls_anon_allocate_client_credentials(&anon_cred) < 0) {
+ fprintf(stderr, "Anonymous authentication error\n");
+ }
#endif
}
@@ -1755,69 +1701,63 @@ init_global_tls_stuff (void)
* 1: certificate is ok
* -1: dunno
*/
-static int
-cert_verify_ocsp (gnutls_session_t session)
+static int cert_verify_ocsp(gnutls_session_t session)
{
- gnutls_x509_crt_t crt, issuer;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- int deinit_issuer = 0;
- gnutls_datum_t resp;
- int ret;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size == 0)
- {
- fprintf (stderr, "No certificates found!\n");
- return -1;
- }
-
- gnutls_x509_crt_init (&crt);
- ret =
- gnutls_x509_crt_import (crt, &cert_list[0],
- GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n",
- gnutls_strerror (ret));
- return -1;
- }
-
- ret = gnutls_certificate_get_issuer(xcred, crt, &issuer, 0);
- if (ret < 0 && cert_list_size > 1)
- {
- gnutls_x509_crt_init(&issuer);
- ret = gnutls_x509_crt_import(issuer, &cert_list[1], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n",
- gnutls_strerror (ret));
- return -1;
- }
- deinit_issuer = 1;
- }
- else if (ret < 0)
- {
- fprintf(stderr, "Cannot find issuer\n");
- ret = -1;
- goto cleanup;
- }
-
- ret = send_ocsp_request(NULL, crt, issuer, &resp, 1);
- if (ret < 0)
- {
- fprintf(stderr, "Cannot contact OCSP server\n");
- ret = -1;
- goto cleanup;
- }
-
- /* verify and check the response for revoked cert */
- ret = check_ocsp_response(crt, issuer, &resp);
-
-cleanup:
- if (deinit_issuer)
- gnutls_x509_crt_deinit (issuer);
- gnutls_x509_crt_deinit (crt);
-
- return ret;
+ gnutls_x509_crt_t crt, issuer;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ int deinit_issuer = 0;
+ gnutls_datum_t resp;
+ int ret;
+
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list_size == 0) {
+ fprintf(stderr, "No certificates found!\n");
+ return -1;
+ }
+
+ gnutls_x509_crt_init(&crt);
+ ret =
+ gnutls_x509_crt_import(crt, &cert_list[0],
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ fprintf(stderr, "Decoding error: %s\n",
+ gnutls_strerror(ret));
+ return -1;
+ }
+
+ ret = gnutls_certificate_get_issuer(xcred, crt, &issuer, 0);
+ if (ret < 0 && cert_list_size > 1) {
+ gnutls_x509_crt_init(&issuer);
+ ret =
+ gnutls_x509_crt_import(issuer, &cert_list[1],
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ fprintf(stderr, "Decoding error: %s\n",
+ gnutls_strerror(ret));
+ return -1;
+ }
+ deinit_issuer = 1;
+ } else if (ret < 0) {
+ fprintf(stderr, "Cannot find issuer\n");
+ ret = -1;
+ goto cleanup;
+ }
+
+ ret = send_ocsp_request(NULL, crt, issuer, &resp, 1);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot contact OCSP server\n");
+ ret = -1;
+ goto cleanup;
+ }
+
+ /* verify and check the response for revoked cert */
+ ret = check_ocsp_response(crt, issuer, &resp);
+
+ cleanup:
+ if (deinit_issuer)
+ gnutls_x509_crt_deinit(issuer);
+ gnutls_x509_crt_deinit(crt);
+
+ return ret;
}
diff --git a/src/common.c b/src/common.c
index e3e614864e..75728985d7 100644
--- a/src/common.c
+++ b/src/common.c
@@ -39,7 +39,7 @@
#include <common.h>
#ifdef ENABLE_PKCS11
-# include <gnutls/pkcs11.h>
+#include <gnutls/pkcs11.h>
#endif
#define SU(x) (x!=NULL?x:"Unknown")
@@ -48,1054 +48,1017 @@ const char str_unknown[] = "(unknown)";
/* Hex encodes the given data.
*/
-const char *
-raw_to_string (const unsigned char *raw, size_t raw_size)
+const char *raw_to_string(const unsigned char *raw, size_t raw_size)
{
- static char buf[1024];
- size_t i;
- if (raw_size == 0)
- return "(empty)";
-
- if (raw_size * 3 + 1 >= sizeof (buf))
- return "(too large)";
-
- for (i = 0; i < raw_size; i++)
- {
- sprintf (&(buf[i * 3]), "%02X%s", raw[i],
- (i == raw_size - 1) ? "" : ":");
- }
- buf[sizeof (buf) - 1] = '\0';
-
- return buf;
+ static char buf[1024];
+ size_t i;
+ if (raw_size == 0)
+ return "(empty)";
+
+ if (raw_size * 3 + 1 >= sizeof(buf))
+ return "(too large)";
+
+ for (i = 0; i < raw_size; i++) {
+ sprintf(&(buf[i * 3]), "%02X%s", raw[i],
+ (i == raw_size - 1) ? "" : ":");
+ }
+ buf[sizeof(buf) - 1] = '\0';
+
+ return buf;
}
-static void
-print_x509_info_compact (gnutls_session_t session)
+static void print_x509_info_compact(gnutls_session_t session)
{
- gnutls_x509_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- int ret;
- gnutls_datum_t cinfo;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size == 0)
- {
- fprintf (stderr, "No certificates found!\n");
- return;
- }
-
- gnutls_x509_crt_init (&crt);
- ret =
- gnutls_x509_crt_import (crt, &cert_list[0],
- GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n",
- gnutls_strerror (ret));
- return;
- }
-
- ret =
- gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
- if (ret == 0)
- {
- printf ("- X.509 cert: %s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
-
- gnutls_x509_crt_deinit (crt);
+ gnutls_x509_crt_t crt;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ int ret;
+ gnutls_datum_t cinfo;
+
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list_size == 0) {
+ fprintf(stderr, "No certificates found!\n");
+ return;
+ }
+
+ gnutls_x509_crt_init(&crt);
+ ret =
+ gnutls_x509_crt_import(crt, &cert_list[0],
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ fprintf(stderr, "Decoding error: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
+
+ ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
+ if (ret == 0) {
+ printf("- X.509 cert: %s\n", cinfo.data);
+ gnutls_free(cinfo.data);
+ }
+
+ gnutls_x509_crt_deinit(crt);
}
static void
-print_x509_info (gnutls_session_t session, int flag, int print_cert)
+print_x509_info(gnutls_session_t session, int flag, int print_cert)
{
- gnutls_x509_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0, j;
- int ret;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size == 0)
- {
- fprintf (stderr, "No certificates found!\n");
- return;
- }
-
- printf ("- Certificate type: X.509\n");
- printf ("- Got a certificate list of %d certificates.\n",
- cert_list_size);
-
- for (j = 0; j < cert_list_size; j++)
- {
- gnutls_datum_t cinfo;
-
- gnutls_x509_crt_init (&crt);
- ret =
- gnutls_x509_crt_import (crt, &cert_list[j],
- GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n",
- gnutls_strerror (ret));
- return;
- }
-
- printf ("- Certificate[%d] info:\n - ", j);
- if (flag == GNUTLS_CRT_PRINT_COMPACT && j > 0) flag = GNUTLS_CRT_PRINT_ONELINE;
-
- ret =
- gnutls_x509_crt_print (crt, flag, &cinfo);
- if (ret == 0)
- {
- printf ("%s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
-
- if (print_cert)
- {
- size_t size = 0;
- char *p = NULL;
-
- ret =
- gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p,
- &size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- p = malloc (size+1);
- if (!p)
- {
- fprintf (stderr, "gnutls_malloc\n");
- exit (1);
- }
-
- ret =
- gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
- p, &size);
- }
- if (ret < 0)
- {
- fprintf (stderr, "Encoding error: %s\n",
- gnutls_strerror (ret));
- return;
- }
-
- p[size] = 0;
- fputs ("\n", stdout);
- fputs (p, stdout);
- fputs ("\n", stdout);
-
- gnutls_free (p);
- }
-
- gnutls_x509_crt_deinit (crt);
- }
+ gnutls_x509_crt_t crt;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0, j;
+ int ret;
+
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list_size == 0) {
+ fprintf(stderr, "No certificates found!\n");
+ return;
+ }
+
+ printf("- Certificate type: X.509\n");
+ printf("- Got a certificate list of %d certificates.\n",
+ cert_list_size);
+
+ for (j = 0; j < cert_list_size; j++) {
+ gnutls_datum_t cinfo;
+
+ gnutls_x509_crt_init(&crt);
+ ret =
+ gnutls_x509_crt_import(crt, &cert_list[j],
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ fprintf(stderr, "Decoding error: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
+
+ printf("- Certificate[%d] info:\n - ", j);
+ if (flag == GNUTLS_CRT_PRINT_COMPACT && j > 0)
+ flag = GNUTLS_CRT_PRINT_ONELINE;
+
+ ret = gnutls_x509_crt_print(crt, flag, &cinfo);
+ if (ret == 0) {
+ printf("%s\n", cinfo.data);
+ gnutls_free(cinfo.data);
+ }
+
+ if (print_cert) {
+ size_t size = 0;
+ char *p = NULL;
+
+ ret =
+ gnutls_x509_crt_export(crt,
+ GNUTLS_X509_FMT_PEM, p,
+ &size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ p = malloc(size + 1);
+ if (!p) {
+ fprintf(stderr, "gnutls_malloc\n");
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_export(crt,
+ GNUTLS_X509_FMT_PEM,
+ p, &size);
+ }
+ if (ret < 0) {
+ fprintf(stderr, "Encoding error: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
+
+ p[size] = 0;
+ fputs("\n", stdout);
+ fputs(p, stdout);
+ fputs("\n", stdout);
+
+ gnutls_free(p);
+ }
+
+ gnutls_x509_crt_deinit(crt);
+ }
}
#ifdef ENABLE_OPENPGP
-static void
-print_openpgp_info_compact (gnutls_session_t session)
+static void print_openpgp_info_compact(gnutls_session_t session)
{
- gnutls_openpgp_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- int ret;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
-
- if (cert_list_size > 0)
- {
- gnutls_datum_t cinfo;
-
- gnutls_openpgp_crt_init (&crt);
- ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
- GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n",
- gnutls_strerror (ret));
- return;
- }
-
- ret =
- gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
- if (ret == 0)
- {
- printf ("- OpenPGP cert: %s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
-
- gnutls_openpgp_crt_deinit (crt);
- }
+ gnutls_openpgp_crt_t crt;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ int ret;
+
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+
+ if (cert_list_size > 0) {
+ gnutls_datum_t cinfo;
+
+ gnutls_openpgp_crt_init(&crt);
+ ret = gnutls_openpgp_crt_import(crt, &cert_list[0],
+ GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ fprintf(stderr, "Decoding error: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
+
+ ret =
+ gnutls_openpgp_crt_print(crt, GNUTLS_CRT_PRINT_COMPACT,
+ &cinfo);
+ if (ret == 0) {
+ printf("- OpenPGP cert: %s\n", cinfo.data);
+ gnutls_free(cinfo.data);
+ }
+
+ gnutls_openpgp_crt_deinit(crt);
+ }
}
static void
-print_openpgp_info (gnutls_session_t session, int flag, int print_cert)
+print_openpgp_info(gnutls_session_t session, int flag, int print_cert)
{
- gnutls_openpgp_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- int ret;
-
- printf ("- Certificate type: OpenPGP\n");
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
-
- if (cert_list_size > 0)
- {
- gnutls_datum_t cinfo;
-
- gnutls_openpgp_crt_init (&crt);
- ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
- GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n",
- gnutls_strerror (ret));
- return;
- }
-
- ret =
- gnutls_openpgp_crt_print (crt, flag, &cinfo);
- if (ret == 0)
- {
- printf ("- %s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
-
- if (print_cert)
- {
- size_t size = 0;
- char *p = NULL;
-
- ret =
- gnutls_openpgp_crt_export (crt,
- GNUTLS_OPENPGP_FMT_BASE64,
- p, &size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- p = malloc (size);
- if (!p)
- {
- fprintf (stderr, "gnutls_malloc\n");
- exit (1);
- }
-
- ret =
- gnutls_openpgp_crt_export (crt,
- GNUTLS_OPENPGP_FMT_BASE64,
- p, &size);
- }
- if (ret < 0)
- {
- fprintf (stderr, "Encoding error: %s\n",
- gnutls_strerror (ret));
- return;
- }
-
- fputs (p, stdout);
- fputs ("\n", stdout);
-
- gnutls_free (p);
- }
-
- gnutls_openpgp_crt_deinit (crt);
- }
+ gnutls_openpgp_crt_t crt;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ int ret;
+
+ printf("- Certificate type: OpenPGP\n");
+
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+
+ if (cert_list_size > 0) {
+ gnutls_datum_t cinfo;
+
+ gnutls_openpgp_crt_init(&crt);
+ ret = gnutls_openpgp_crt_import(crt, &cert_list[0],
+ GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ fprintf(stderr, "Decoding error: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
+
+ ret = gnutls_openpgp_crt_print(crt, flag, &cinfo);
+ if (ret == 0) {
+ printf("- %s\n", cinfo.data);
+ gnutls_free(cinfo.data);
+ }
+
+ if (print_cert) {
+ size_t size = 0;
+ char *p = NULL;
+
+ ret =
+ gnutls_openpgp_crt_export(crt,
+ GNUTLS_OPENPGP_FMT_BASE64,
+ p, &size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ p = malloc(size);
+ if (!p) {
+ fprintf(stderr, "gnutls_malloc\n");
+ exit(1);
+ }
+
+ ret =
+ gnutls_openpgp_crt_export(crt,
+ GNUTLS_OPENPGP_FMT_BASE64,
+ p, &size);
+ }
+ if (ret < 0) {
+ fprintf(stderr, "Encoding error: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
+
+ fputs(p, stdout);
+ fputs("\n", stdout);
+
+ gnutls_free(p);
+ }
+
+ gnutls_openpgp_crt_deinit(crt);
+ }
}
#endif
/* returns false (0) if not verified, or true (1) otherwise
*/
-int
-cert_verify (gnutls_session_t session, const char* hostname)
+int cert_verify(gnutls_session_t session, const char *hostname)
{
- int rc;
- unsigned int status = 0;
- gnutls_datum_t out;
- int type;
-
- rc = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- printf ("- Peer did not send any certificate.\n");
- return 0;
- }
-
- if (rc < 0)
- {
- printf ("- Could not verify certificate (err: %s)\n",
- gnutls_strerror (rc));
- return 0;
- }
-
- type = gnutls_certificate_type_get (session);
- rc = gnutls_certificate_verification_status_print( status, type, &out, 0);
- if (rc < 0)
- {
- printf ("- Could not print verification flags (err: %s)\n",
- gnutls_strerror (rc));
- return 0;
- }
-
- printf ("- Status: %s\n", out.data);
-
- gnutls_free(out.data);
-
- if (status)
- return 0;
-
- return 1;
+ int rc;
+ unsigned int status = 0;
+ gnutls_datum_t out;
+ int type;
+
+ rc = gnutls_certificate_verify_peers3(session, hostname, &status);
+ if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ printf("- Peer did not send any certificate.\n");
+ return 0;
+ }
+
+ if (rc < 0) {
+ printf("- Could not verify certificate (err: %s)\n",
+ gnutls_strerror(rc));
+ return 0;
+ }
+
+ type = gnutls_certificate_type_get(session);
+ rc = gnutls_certificate_verification_status_print(status, type,
+ &out, 0);
+ if (rc < 0) {
+ printf("- Could not print verification flags (err: %s)\n",
+ gnutls_strerror(rc));
+ return 0;
+ }
+
+ printf("- Status: %s\n", out.data);
+
+ gnutls_free(out.data);
+
+ if (status)
+ return 0;
+
+ return 1;
}
static void
-print_dh_info (gnutls_session_t session, const char *str, int print)
+print_dh_info(gnutls_session_t session, const char *str, int print)
{
- printf ("- %sDiffie-Hellman parameters\n", str);
- printf (" - Using prime: %d bits\n",
- gnutls_dh_get_prime_bits (session));
- printf (" - Secret key: %d bits\n",
- gnutls_dh_get_secret_bits (session));
- printf (" - Peer's public key: %d bits\n",
- gnutls_dh_get_peers_public_bits (session));
-
- if (print)
- {
- int ret;
- gnutls_datum_t raw_gen = { NULL, 0 };
- gnutls_datum_t raw_prime = { NULL, 0 };
- gnutls_dh_params_t dh_params = NULL;
- unsigned char *params_data = NULL;
- size_t params_data_size = 0;
-
- ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_init (&dh_params);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
- goto out;
- }
-
- ret =
- gnutls_dh_params_import_raw (dh_params, &raw_prime,
- &raw_gen);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_export_pkcs3 (dh_params,
- GNUTLS_X509_FMT_PEM,
- params_data,
- &params_data_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n",
- ret);
- goto out;
- }
-
- params_data = gnutls_malloc (params_data_size);
- if (!params_data)
- {
- fprintf (stderr, "gnutls_malloc %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_export_pkcs3 (dh_params,
- GNUTLS_X509_FMT_PEM,
- params_data,
- &params_data_size);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n",
- ret);
- goto out;
- }
-
- printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
- params_data);
-
- out:
- gnutls_free (params_data);
- gnutls_free (raw_prime.data);
- gnutls_free (raw_gen.data);
- gnutls_dh_params_deinit (dh_params);
- }
+ printf("- %sDiffie-Hellman parameters\n", str);
+ printf(" - Using prime: %d bits\n",
+ gnutls_dh_get_prime_bits(session));
+ printf(" - Secret key: %d bits\n",
+ gnutls_dh_get_secret_bits(session));
+ printf(" - Peer's public key: %d bits\n",
+ gnutls_dh_get_peers_public_bits(session));
+
+ if (print) {
+ int ret;
+ gnutls_datum_t raw_gen = { NULL, 0 };
+ gnutls_datum_t raw_prime = { NULL, 0 };
+ gnutls_dh_params_t dh_params = NULL;
+ unsigned char *params_data = NULL;
+ size_t params_data_size = 0;
+
+ ret = gnutls_dh_get_group(session, &raw_gen, &raw_prime);
+ if (ret) {
+ fprintf(stderr, "gnutls_dh_get_group %d\n", ret);
+ goto out;
+ }
+
+ ret = gnutls_dh_params_init(&dh_params);
+ if (ret) {
+ fprintf(stderr, "gnutls_dh_params_init %d\n", ret);
+ goto out;
+ }
+
+ ret =
+ gnutls_dh_params_import_raw(dh_params, &raw_prime,
+ &raw_gen);
+ if (ret) {
+ fprintf(stderr, "gnutls_dh_params_import_raw %d\n",
+ ret);
+ goto out;
+ }
+
+ ret = gnutls_dh_params_export_pkcs3(dh_params,
+ GNUTLS_X509_FMT_PEM,
+ params_data,
+ &params_data_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ fprintf(stderr,
+ "gnutls_dh_params_export_pkcs3 %d\n", ret);
+ goto out;
+ }
+
+ params_data = gnutls_malloc(params_data_size);
+ if (!params_data) {
+ fprintf(stderr, "gnutls_malloc %d\n", ret);
+ goto out;
+ }
+
+ ret = gnutls_dh_params_export_pkcs3(dh_params,
+ GNUTLS_X509_FMT_PEM,
+ params_data,
+ &params_data_size);
+ if (ret) {
+ fprintf(stderr,
+ "gnutls_dh_params_export_pkcs3-2 %d\n",
+ ret);
+ goto out;
+ }
+
+ printf(" - PKCS#3 format:\n\n%.*s\n",
+ (int) params_data_size, params_data);
+
+ out:
+ gnutls_free(params_data);
+ gnutls_free(raw_prime.data);
+ gnutls_free(raw_gen.data);
+ gnutls_dh_params_deinit(dh_params);
+ }
}
-static void
-print_ecdh_info (gnutls_session_t session, const char *str)
+static void print_ecdh_info(gnutls_session_t session, const char *str)
{
- int curve;
+ int curve;
- printf ("- %sEC Diffie-Hellman parameters\n", str);
+ printf("- %sEC Diffie-Hellman parameters\n", str);
- curve = gnutls_ecc_curve_get (session);
+ curve = gnutls_ecc_curve_get(session);
- printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
- printf (" - Curve size: %d bits\n",
- gnutls_ecc_curve_get_size (curve) * 8);
+ printf(" - Using curve: %s\n", gnutls_ecc_curve_get_name(curve));
+ printf(" - Curve size: %d bits\n",
+ gnutls_ecc_curve_get_size(curve) * 8);
}
-int
-print_info (gnutls_session_t session, int verbose, int print_cert)
+int print_info(gnutls_session_t session, int verbose, int print_cert)
{
- const char *tmp;
- gnutls_credentials_type_t cred;
- gnutls_kx_algorithm_t kx;
- unsigned char session_id[33];
- size_t session_id_size = sizeof (session_id);
- gnutls_srtp_profile_t srtp_profile;
- gnutls_datum_t p;
- char *desc;
- int rc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Description: %s\n", desc);
- gnutls_free(desc);
-
- /* print session ID */
- gnutls_session_get_id (session, session_id, &session_id_size);
- printf ("- Session ID: %s\n",
- raw_to_string (session_id, session_id_size));
-
- /* print the key exchange's algorithm name
- */
- kx = gnutls_kx_get (session);
-
- cred = gnutls_auth_get_type (session);
- switch (cred)
- {
+ const char *tmp;
+ gnutls_credentials_type_t cred;
+ gnutls_kx_algorithm_t kx;
+ unsigned char session_id[33];
+ size_t session_id_size = sizeof(session_id);
+ gnutls_srtp_profile_t srtp_profile;
+ gnutls_datum_t p;
+ char *desc;
+ int rc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Description: %s\n", desc);
+ gnutls_free(desc);
+
+ /* print session ID */
+ gnutls_session_get_id(session, session_id, &session_id_size);
+ printf("- Session ID: %s\n",
+ raw_to_string(session_id, session_id_size));
+
+ /* print the key exchange's algorithm name
+ */
+ kx = gnutls_kx_get(session);
+
+ cred = gnutls_auth_get_type(session);
+ switch (cred) {
#ifdef ENABLE_ANON
- case GNUTLS_CRD_ANON:
- if (kx == GNUTLS_KX_ANON_ECDH)
- print_ecdh_info (session, "Anonymous ");
- else
- print_dh_info (session, "Anonymous ", verbose);
- break;
+ case GNUTLS_CRD_ANON:
+ if (kx == GNUTLS_KX_ANON_ECDH)
+ print_ecdh_info(session, "Anonymous ");
+ else
+ print_dh_info(session, "Anonymous ", verbose);
+ break;
#endif
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- /* This should be only called in server
- * side.
- */
- if (gnutls_srp_server_get_username (session) != NULL)
- printf ("- SRP authentication. Connected as '%s'\n",
- gnutls_srp_server_get_username (session));
- break;
+ case GNUTLS_CRD_SRP:
+ /* This should be only called in server
+ * side.
+ */
+ if (gnutls_srp_server_get_username(session) != NULL)
+ printf("- SRP authentication. Connected as '%s'\n",
+ gnutls_srp_server_get_username(session));
+ break;
#endif
#ifdef ENABLE_PSK
- case GNUTLS_CRD_PSK:
- /* This returns NULL in server side.
- */
- if (gnutls_psk_client_get_hint (session) != NULL)
- printf ("- PSK authentication. PSK hint '%s'\n",
- gnutls_psk_client_get_hint (session));
- /* This returns NULL in client side.
- */
- if (gnutls_psk_server_get_username (session) != NULL)
- printf ("- PSK authentication. Connected as '%s'\n",
- gnutls_psk_server_get_username (session));
- if (kx == GNUTLS_KX_DHE_PSK)
- print_dh_info (session, "Ephemeral ", verbose);
- if (kx == GNUTLS_KX_ECDHE_PSK)
- print_ecdh_info (session, "Ephemeral ");
- break;
+ case GNUTLS_CRD_PSK:
+ /* This returns NULL in server side.
+ */
+ if (gnutls_psk_client_get_hint(session) != NULL)
+ printf("- PSK authentication. PSK hint '%s'\n",
+ gnutls_psk_client_get_hint(session));
+ /* This returns NULL in client side.
+ */
+ if (gnutls_psk_server_get_username(session) != NULL)
+ printf("- PSK authentication. Connected as '%s'\n",
+ gnutls_psk_server_get_username(session));
+ if (kx == GNUTLS_KX_DHE_PSK)
+ print_dh_info(session, "Ephemeral ", verbose);
+ if (kx == GNUTLS_KX_ECDHE_PSK)
+ print_ecdh_info(session, "Ephemeral ");
+ break;
#endif
- case GNUTLS_CRD_IA:
- printf ("- TLS/IA authentication\n");
- break;
- case GNUTLS_CRD_CERTIFICATE:
- {
- char dns[256];
- size_t dns_size = sizeof (dns);
- unsigned int type;
-
- /* This fails in client side */
- if (gnutls_server_name_get
- (session, dns, &dns_size, &type, 0) == 0)
- {
- printf ("- Given server name[%d]: %s\n", type, dns);
- }
- }
-
- if (print_cert)
- print_cert_info (session, verbose, print_cert);
-
- if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- print_dh_info (session, "Ephemeral ", verbose);
- else if (kx == GNUTLS_KX_ECDHE_RSA
- || kx == GNUTLS_KX_ECDHE_ECDSA)
- print_ecdh_info (session, "Ephemeral ");
- }
-
- tmp =
- SU (gnutls_protocol_get_name
- (gnutls_protocol_get_version (session)));
- printf ("- Version: %s\n", tmp);
-
- tmp = SU (gnutls_kx_get_name (kx));
- printf ("- Key Exchange: %s\n", tmp);
-
- if (gnutls_sign_algorithm_get(session) != GNUTLS_SIGN_UNKNOWN)
- {
- tmp = SU (gnutls_sign_get_name (gnutls_sign_algorithm_get (session)));
- printf ("- Server Signature: %s\n", tmp);
- }
-
- if (gnutls_sign_algorithm_get_client(session) != GNUTLS_SIGN_UNKNOWN)
- {
- tmp = SU (gnutls_sign_get_name (gnutls_sign_algorithm_get_client (session)));
- printf ("- Client Signature: %s\n", tmp);
- }
-
- tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
- printf ("- Cipher: %s\n", tmp);
-
- tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
- printf ("- MAC: %s\n", tmp);
-
- tmp =
- SU (gnutls_compression_get_name
- (gnutls_compression_get (session)));
- printf ("- Compression: %s\n", tmp);
+ case GNUTLS_CRD_IA:
+ printf("- TLS/IA authentication\n");
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ char dns[256];
+ size_t dns_size = sizeof(dns);
+ unsigned int type;
+
+ /* This fails in client side */
+ if (gnutls_server_name_get
+ (session, dns, &dns_size, &type, 0) == 0) {
+ printf("- Given server name[%d]: %s\n",
+ type, dns);
+ }
+ }
+
+ if (print_cert)
+ print_cert_info(session, verbose, print_cert);
+
+ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
+ print_dh_info(session, "Ephemeral ", verbose);
+ else if (kx == GNUTLS_KX_ECDHE_RSA
+ || kx == GNUTLS_KX_ECDHE_ECDSA)
+ print_ecdh_info(session, "Ephemeral ");
+ }
+
+ tmp =
+ SU(gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+ printf("- Version: %s\n", tmp);
+
+ tmp = SU(gnutls_kx_get_name(kx));
+ printf("- Key Exchange: %s\n", tmp);
+
+ if (gnutls_sign_algorithm_get(session) != GNUTLS_SIGN_UNKNOWN) {
+ tmp =
+ SU(gnutls_sign_get_name
+ (gnutls_sign_algorithm_get(session)));
+ printf("- Server Signature: %s\n", tmp);
+ }
+
+ if (gnutls_sign_algorithm_get_client(session) !=
+ GNUTLS_SIGN_UNKNOWN) {
+ tmp =
+ SU(gnutls_sign_get_name
+ (gnutls_sign_algorithm_get_client(session)));
+ printf("- Client Signature: %s\n", tmp);
+ }
+
+ tmp = SU(gnutls_cipher_get_name(gnutls_cipher_get(session)));
+ printf("- Cipher: %s\n", tmp);
+
+ tmp = SU(gnutls_mac_get_name(gnutls_mac_get(session)));
+ printf("- MAC: %s\n", tmp);
+
+ tmp =
+ SU(gnutls_compression_get_name
+ (gnutls_compression_get(session)));
+ printf("- Compression: %s\n", tmp);
#ifdef ENABLE_DTLS_SRTP
- rc = gnutls_srtp_get_selected_profile (session, &srtp_profile);
- if (rc == 0)
- printf ("- SRTP profile: %s\n", gnutls_srtp_get_profile_name (srtp_profile));
+ rc = gnutls_srtp_get_selected_profile(session, &srtp_profile);
+ if (rc == 0)
+ printf("- SRTP profile: %s\n",
+ gnutls_srtp_get_profile_name(srtp_profile));
#endif
#ifdef ENABLE_ALPN
- rc = gnutls_alpn_get_selected_protocol (session, &p);
- if (rc == 0)
- printf ("- Application protocol: %.*s\n", p.size, p.data);
+ rc = gnutls_alpn_get_selected_protocol(session, &p);
+ if (rc == 0)
+ printf("- Application protocol: %.*s\n", p.size, p.data);
#endif
- if (verbose)
- {
- gnutls_datum_t cb;
-
- rc = gnutls_session_channel_binding (session,
- GNUTLS_CB_TLS_UNIQUE, &cb);
- if (rc)
- fprintf (stderr, "Channel binding error: %s\n",
- gnutls_strerror (rc));
- else
- {
- size_t i;
-
- printf ("- Channel binding 'tls-unique': ");
- for (i = 0; i < cb.size; i++)
- printf ("%02x", cb.data[i]);
- printf ("\n");
- }
- }
-
- /* Warning: Do not print anything more here. The 'Compression:'
- output MUST be the last non-verbose output. This is used by
- Emacs starttls.el code. */
-
- fflush (stdout);
-
- return 0;
+ if (verbose) {
+ gnutls_datum_t cb;
+
+ rc = gnutls_session_channel_binding(session,
+ GNUTLS_CB_TLS_UNIQUE,
+ &cb);
+ if (rc)
+ fprintf(stderr, "Channel binding error: %s\n",
+ gnutls_strerror(rc));
+ else {
+ size_t i;
+
+ printf("- Channel binding 'tls-unique': ");
+ for (i = 0; i < cb.size; i++)
+ printf("%02x", cb.data[i]);
+ printf("\n");
+ }
+ }
+
+ /* Warning: Do not print anything more here. The 'Compression:'
+ output MUST be the last non-verbose output. This is used by
+ Emacs starttls.el code. */
+
+ fflush(stdout);
+
+ return 0;
}
-void
-print_cert_info (gnutls_session_t session, int verbose, int print_cert)
+void print_cert_info(gnutls_session_t session, int verbose, int print_cert)
{
-int flag;
+ int flag;
- if (verbose) flag = GNUTLS_CRT_PRINT_FULL;
- else flag = GNUTLS_CRT_PRINT_COMPACT;
+ if (verbose)
+ flag = GNUTLS_CRT_PRINT_FULL;
+ else
+ flag = GNUTLS_CRT_PRINT_COMPACT;
- if (gnutls_certificate_client_get_request_status (session) != 0)
- printf ("- Server has requested a certificate.\n");
+ if (gnutls_certificate_client_get_request_status(session) != 0)
+ printf("- Server has requested a certificate.\n");
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- print_x509_info (session, flag, print_cert);
- break;
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ print_x509_info(session, flag, print_cert);
+ break;
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- print_openpgp_info (session, flag, print_cert);
- break;
+ case GNUTLS_CRT_OPENPGP:
+ print_openpgp_info(session, flag, print_cert);
+ break;
#endif
- default:
- printf ("Unknown type\n");
- break;
- }
+ default:
+ printf("Unknown type\n");
+ break;
+ }
}
-void
-print_cert_info_compact (gnutls_session_t session)
+void print_cert_info_compact(gnutls_session_t session)
{
- if (gnutls_certificate_client_get_request_status (session) != 0)
- printf ("- Server has requested a certificate.\n");
+ if (gnutls_certificate_client_get_request_status(session) != 0)
+ printf("- Server has requested a certificate.\n");
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- print_x509_info_compact (session);
- break;
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ print_x509_info_compact(session);
+ break;
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- print_openpgp_info_compact (session);
- break;
+ case GNUTLS_CRT_OPENPGP:
+ print_openpgp_info_compact(session);
+ break;
#endif
- default:
- printf ("Unknown type\n");
- break;
- }
+ default:
+ printf("Unknown type\n");
+ break;
+ }
}
-void
-print_list (const char *priorities, int verbose)
+void print_list(const char *priorities, int verbose)
{
- size_t i;
- int ret;
- unsigned int idx;
- const char *name;
- const char *err;
- unsigned char id[2];
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
- gnutls_priority_t pcache;
- const unsigned int *list;
-
- if (priorities != NULL)
- {
- printf ("Cipher suites for %s\n", priorities);
-
- ret = gnutls_priority_init (&pcache, priorities, &err);
- if (ret < 0)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
- exit (1);
- }
-
- for (i = 0;; i++)
- {
- ret =
- gnutls_priority_get_cipher_suite_index (pcache, i,
- &idx);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
- continue;
-
- name =
- gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL,
- &version);
-
- if (name != NULL)
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name, (unsigned char) id[0],
- (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- }
-
- printf("\n");
- {
- ret = gnutls_priority_certificate_type_list (pcache, &list);
-
- printf ("Certificate types: ");
- if (ret == 0) printf("none\n");
- for (i = 0; i < (unsigned)ret; i++)
- {
- printf ("CTYPE-%s",
- gnutls_certificate_type_get_name (list[i]));
- if (i+1!=(unsigned)ret)
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- ret = gnutls_priority_protocol_list (pcache, &list);
-
- printf ("Protocols: ");
- if (ret == 0) printf("none\n");
- for (i = 0; i < (unsigned)ret; i++)
- {
- printf ("VERS-%s", gnutls_protocol_get_name (list[i]));
- if (i+1!=(unsigned)ret)
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- ret = gnutls_priority_compression_list (pcache, &list);
-
- printf ("Compression: ");
- if (ret == 0) printf("none\n");
- for (i = 0; i < (unsigned)ret; i++)
- {
- printf ("COMP-%s",
- gnutls_compression_get_name (list[i]));
- if (i+1!=(unsigned)ret)
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- ret = gnutls_priority_ecc_curve_list (pcache, &list);
-
- printf ("Elliptic curves: ");
- if (ret == 0) printf("none\n");
- for (i = 0; i < (unsigned)ret; i++)
- {
- printf ("CURVE-%s",
- gnutls_ecc_curve_get_name (list[i]));
- if (i+1!=(unsigned)ret)
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- ret = gnutls_priority_sign_list (pcache, &list);
-
- printf ("PK-signatures: ");
- if (ret == 0) printf("none\n");
- for (i = 0; i < (unsigned)ret; i++)
- {
- printf ("SIGN-%s",
- gnutls_sign_algorithm_get_name (list[i]));
- if (i+1!=(unsigned)ret)
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- return;
- }
-
- printf ("Cipher suites:\n");
- for (i = 0; (name = gnutls_cipher_suite_info
- (i, id, &kx, &cipher, &mac, &version)); i++)
- {
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name,
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- if (verbose)
- printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
- gnutls_kx_get_name (kx),
- gnutls_cipher_get_name (cipher),
- gnutls_mac_get_name (mac));
- }
-
- printf("\n");
- {
- const gnutls_certificate_type_t *p =
- gnutls_certificate_type_list ();
-
- printf ("Certificate types: ");
- for (; *p; p++)
- {
- printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_protocol_t *p = gnutls_protocol_list ();
-
- printf ("Protocols: ");
- for (; *p; p++)
- {
- printf ("VERS-%s", gnutls_protocol_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
-
- printf ("Ciphers: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_cipher_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
-
- printf ("MACs: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_mac_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_digest_algorithm_t *p = gnutls_digest_list ();
-
- printf ("Digests: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_digest_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
-
- printf ("Key exchange algorithms: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_kx_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_compression_method_t *p = gnutls_compression_list ();
-
- printf ("Compression: ");
- for (; *p; p++)
- {
- printf ("COMP-%s", gnutls_compression_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
-
- printf ("Elliptic curves: ");
- for (; *p; p++)
- {
- printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
-
- printf ("Public Key Systems: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_pk_algorithm_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
-
- printf ("PK-signatures: ");
- for (; *p; p++)
- {
- printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ size_t i;
+ int ret;
+ unsigned int idx;
+ const char *name;
+ const char *err;
+ unsigned char id[2];
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+ gnutls_priority_t pcache;
+ const unsigned int *list;
+
+ if (priorities != NULL) {
+ printf("Cipher suites for %s\n", priorities);
+
+ ret = gnutls_priority_init(&pcache, priorities, &err);
+ if (ret < 0) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ exit(1);
+ }
+
+ for (i = 0;; i++) {
+ ret =
+ gnutls_priority_get_cipher_suite_index(pcache,
+ i,
+ &idx);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
+ continue;
+
+ name =
+ gnutls_cipher_suite_info(idx, id, NULL, NULL,
+ NULL, &version);
+
+ if (name != NULL)
+ printf("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name, (unsigned char) id[0],
+ (unsigned char) id[1],
+ gnutls_protocol_get_name(version));
+ }
+
+ printf("\n");
+ {
+ ret =
+ gnutls_priority_certificate_type_list(pcache,
+ &list);
+
+ printf("Certificate types: ");
+ if (ret == 0)
+ printf("none\n");
+ for (i = 0; i < (unsigned) ret; i++) {
+ printf("CTYPE-%s",
+ gnutls_certificate_type_get_name
+ (list[i]));
+ if (i + 1 != (unsigned) ret)
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ ret = gnutls_priority_protocol_list(pcache, &list);
+
+ printf("Protocols: ");
+ if (ret == 0)
+ printf("none\n");
+ for (i = 0; i < (unsigned) ret; i++) {
+ printf("VERS-%s",
+ gnutls_protocol_get_name(list[i]));
+ if (i + 1 != (unsigned) ret)
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ ret =
+ gnutls_priority_compression_list(pcache,
+ &list);
+
+ printf("Compression: ");
+ if (ret == 0)
+ printf("none\n");
+ for (i = 0; i < (unsigned) ret; i++) {
+ printf("COMP-%s",
+ gnutls_compression_get_name(list
+ [i]));
+ if (i + 1 != (unsigned) ret)
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ ret =
+ gnutls_priority_ecc_curve_list(pcache, &list);
+
+ printf("Elliptic curves: ");
+ if (ret == 0)
+ printf("none\n");
+ for (i = 0; i < (unsigned) ret; i++) {
+ printf("CURVE-%s",
+ gnutls_ecc_curve_get_name(list[i]));
+ if (i + 1 != (unsigned) ret)
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ ret = gnutls_priority_sign_list(pcache, &list);
+
+ printf("PK-signatures: ");
+ if (ret == 0)
+ printf("none\n");
+ for (i = 0; i < (unsigned) ret; i++) {
+ printf("SIGN-%s",
+ gnutls_sign_algorithm_get_name(list
+ [i]));
+ if (i + 1 != (unsigned) ret)
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ return;
+ }
+
+ printf("Cipher suites:\n");
+ for (i = 0; (name = gnutls_cipher_suite_info
+ (i, id, &kx, &cipher, &mac, &version)); i++) {
+ printf("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name,
+ (unsigned char) id[0], (unsigned char) id[1],
+ gnutls_protocol_get_name(version));
+ if (verbose)
+ printf
+ ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
+ gnutls_kx_get_name(kx),
+ gnutls_cipher_get_name(cipher),
+ gnutls_mac_get_name(mac));
+ }
+
+ printf("\n");
+ {
+ const gnutls_certificate_type_t *p =
+ gnutls_certificate_type_list();
+
+ printf("Certificate types: ");
+ for (; *p; p++) {
+ printf("CTYPE-%s",
+ gnutls_certificate_type_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_protocol_t *p = gnutls_protocol_list();
+
+ printf("Protocols: ");
+ for (; *p; p++) {
+ printf("VERS-%s", gnutls_protocol_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_cipher_algorithm_t *p = gnutls_cipher_list();
+
+ printf("Ciphers: ");
+ for (; *p; p++) {
+ printf("%s", gnutls_cipher_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_mac_algorithm_t *p = gnutls_mac_list();
+
+ printf("MACs: ");
+ for (; *p; p++) {
+ printf("%s", gnutls_mac_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_digest_algorithm_t *p = gnutls_digest_list();
+
+ printf("Digests: ");
+ for (; *p; p++) {
+ printf("%s", gnutls_digest_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_kx_algorithm_t *p = gnutls_kx_list();
+
+ printf("Key exchange algorithms: ");
+ for (; *p; p++) {
+ printf("%s", gnutls_kx_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_compression_method_t *p =
+ gnutls_compression_list();
+
+ printf("Compression: ");
+ for (; *p; p++) {
+ printf("COMP-%s", gnutls_compression_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list();
+
+ printf("Elliptic curves: ");
+ for (; *p; p++) {
+ printf("CURVE-%s", gnutls_ecc_curve_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_pk_algorithm_t *p = gnutls_pk_list();
+
+ printf("Public Key Systems: ");
+ for (; *p; p++) {
+ printf("%s", gnutls_pk_algorithm_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
+
+ {
+ const gnutls_sign_algorithm_t *p = gnutls_sign_list();
+
+ printf("PK-signatures: ");
+ for (; *p; p++) {
+ printf("SIGN-%s",
+ gnutls_sign_algorithm_get_name(*p));
+ if (*(p + 1))
+ printf(", ");
+ else
+ printf("\n");
+ }
+ }
}
-int check_command(gnutls_session_t session, const char* str)
+int check_command(gnutls_session_t session, const char *str)
{
- size_t len = strnlen(str, 128);
- int ret;
-
- fprintf (stderr, "*** Processing %zu bytes command: %s\n", len, str);
- if (len > 2 && str[0] == str[1] && str[0] == '*')
- {
- if (strncmp(str, "**REHANDSHAKE**", sizeof ("**REHANDSHAKE**") - 1) == 0)
- {
- fprintf (stderr, "*** Sending rehandshake request\n");
- gnutls_rehandshake (session);
- return 1;
- } else if (strncmp(str, "**HEARTBEAT**", sizeof ("**HEARTBEAT**") - 1) == 0) {
- ret = gnutls_heartbeat_ping (session, 300, 5, GNUTLS_HEARTBEAT_WAIT);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf(stderr, "No heartbeat in this session\n");
- }
- else
- {
- fprintf(stderr, "ping: %s\n", gnutls_strerror(ret));
- exit(1);
- }
- }
- return 2;
- }
- }
- return 0;
+ size_t len = strnlen(str, 128);
+ int ret;
+
+ fprintf(stderr, "*** Processing %zu bytes command: %s\n", len,
+ str);
+ if (len > 2 && str[0] == str[1] && str[0] == '*') {
+ if (strncmp
+ (str, "**REHANDSHAKE**",
+ sizeof("**REHANDSHAKE**") - 1) == 0) {
+ fprintf(stderr,
+ "*** Sending rehandshake request\n");
+ gnutls_rehandshake(session);
+ return 1;
+ } else
+ if (strncmp
+ (str, "**HEARTBEAT**",
+ sizeof("**HEARTBEAT**") - 1) == 0) {
+ ret =
+ gnutls_heartbeat_ping(session, 300, 5,
+ GNUTLS_HEARTBEAT_WAIT);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST) {
+ fprintf(stderr,
+ "No heartbeat in this session\n");
+ } else {
+ fprintf(stderr, "ping: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ return 2;
+ }
+ }
+ return 0;
}
#define MIN(x,y) ((x)<(y))?(x):(y)
#define MAX_CACHE_TRIES 5
int
-pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max)
+pin_callback(void *user, int attempt, const char *token_url,
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max)
{
- const char *password;
- const char * desc;
- int cache = MAX_CACHE_TRIES;
- unsigned len;
+ const char *password;
+ const char *desc;
+ int cache = MAX_CACHE_TRIES;
+ unsigned len;
/* allow caching of PIN */
- static char *cached_url = NULL;
- static char cached_pin[32] = "";
-
- if (flags & GNUTLS_PIN_SO)
- desc = "security officer";
- else
- desc = "user";
-
- if (flags & GNUTLS_PIN_FINAL_TRY)
- {
- cache = 0;
- printf ("*** This is the final try before locking!\n");
- }
- if (flags & GNUTLS_PIN_COUNT_LOW)
- {
- cache = 0;
- printf ("*** Only few tries left before locking!\n");
- }
-
- if (flags & GNUTLS_PIN_WRONG)
- {
- cache = 0;
- printf ("*** Wrong PIN has been provided!\n");
- }
-
- if (cache > 0 && cached_url != NULL)
- {
- if (token_url != NULL && strcmp (cached_url, token_url) == 0)
- {
- if (strlen(pin) >= sizeof(cached_pin))
- {
- fprintf (stderr, "Too long PIN given\n");
- exit (1);
- }
-
- fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label);
- strcpy (pin, cached_pin);
- cache--;
- return 0;
- }
- }
-
- printf ("Token '%s' with URL '%s' ", token_label, token_url);
- printf ("requires %s PIN\n", desc);
-
- password = getpass ("Enter PIN: ");
- if (password == NULL || password[0] == 0)
- {
- fprintf (stderr, "No password given\n");
- exit (1);
- }
-
- len = MIN (pin_max-1, strlen (password));
- memcpy (pin, password, len);
- pin[len] = 0;
-
- /* cache */
- if (len < sizeof(cached_pin))
- {
- memcpy (cached_pin, pin, len);
- cached_pin[len] = 0;
- }
- else
- cached_pin[0] = 0;
-
- free (cached_url);
- if (token_url)
- cached_url = strdup (token_url);
- else
- cached_url = NULL;
-
- cache = MAX_CACHE_TRIES;
-
- return 0;
+ static char *cached_url = NULL;
+ static char cached_pin[32] = "";
+
+ if (flags & GNUTLS_PIN_SO)
+ desc = "security officer";
+ else
+ desc = "user";
+
+ if (flags & GNUTLS_PIN_FINAL_TRY) {
+ cache = 0;
+ printf("*** This is the final try before locking!\n");
+ }
+ if (flags & GNUTLS_PIN_COUNT_LOW) {
+ cache = 0;
+ printf("*** Only few tries left before locking!\n");
+ }
+
+ if (flags & GNUTLS_PIN_WRONG) {
+ cache = 0;
+ printf("*** Wrong PIN has been provided!\n");
+ }
+
+ if (cache > 0 && cached_url != NULL) {
+ if (token_url != NULL
+ && strcmp(cached_url, token_url) == 0) {
+ if (strlen(pin) >= sizeof(cached_pin)) {
+ fprintf(stderr, "Too long PIN given\n");
+ exit(1);
+ }
+
+ fprintf(stderr,
+ "Re-using cached PIN for token '%s'\n",
+ token_label);
+ strcpy(pin, cached_pin);
+ cache--;
+ return 0;
+ }
+ }
+
+ printf("Token '%s' with URL '%s' ", token_label, token_url);
+ printf("requires %s PIN\n", desc);
+
+ password = getpass("Enter PIN: ");
+ if (password == NULL || password[0] == 0) {
+ fprintf(stderr, "No password given\n");
+ exit(1);
+ }
+
+ len = MIN(pin_max - 1, strlen(password));
+ memcpy(pin, password, len);
+ pin[len] = 0;
+
+ /* cache */
+ if (len < sizeof(cached_pin)) {
+ memcpy(cached_pin, pin, len);
+ cached_pin[len] = 0;
+ } else
+ cached_pin[0] = 0;
+
+ free(cached_url);
+ if (token_url)
+ cached_url = strdup(token_url);
+ else
+ cached_url = NULL;
+
+ cache = MAX_CACHE_TRIES;
+
+ return 0;
}
#ifdef ENABLE_PKCS11
static int
-token_callback (void *user, const char *label, const unsigned retry)
+token_callback(void *user, const char *label, const unsigned retry)
{
- char buf[32];
+ char buf[32];
- if (retry > 0)
- {
- fprintf (stderr, "Could not find token %s\n", label);
- return -1;
- }
- printf ("Please insert token '%s' in slot and press enter\n", label);
- fgets (buf, sizeof (buf), stdin);
+ if (retry > 0) {
+ fprintf(stderr, "Could not find token %s\n", label);
+ return -1;
+ }
+ printf("Please insert token '%s' in slot and press enter\n",
+ label);
+ fgets(buf, sizeof(buf), stdin);
- return 0;
+ return 0;
}
-void
-pkcs11_common (void)
+void pkcs11_common(void)
{
- gnutls_pkcs11_set_pin_function (pin_callback, NULL);
- gnutls_pkcs11_set_token_function (token_callback, NULL);
+ gnutls_pkcs11_set_pin_function(pin_callback, NULL);
+ gnutls_pkcs11_set_token_function(token_callback, NULL);
}
diff --git a/src/common.h b/src/common.h
index 2f705f1dd0..577dc5b873 100644
--- a/src/common.h
+++ b/src/common.h
@@ -27,7 +27,7 @@
#include <netdb.h>
#include <unistd.h>
#ifndef _WIN32
-# include <netinet/in.h>
+#include <netinet/in.h>
#endif
#include <signal.h>
@@ -39,7 +39,7 @@
#ifndef __attribute__
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#define __attribute__(Spec) /* empty */
+#define __attribute__(Spec) /* empty */
#endif
#endif
@@ -49,20 +49,20 @@
extern const char str_unknown[];
-int print_info (gnutls_session_t state, int verbose, int print_cert);
-void print_cert_info (gnutls_session_t, int flag, int print_cert);
-void print_cert_info_compact (gnutls_session_t session);
+int print_info(gnutls_session_t state, int verbose, int print_cert);
+void print_cert_info(gnutls_session_t, int flag, int print_cert);
+void print_cert_info_compact(gnutls_session_t session);
-void print_list (const char* priorities, int verbose);
-int cert_verify (gnutls_session_t session, const char* hostname);
+void print_list(const char *priorities, int verbose);
+int cert_verify(gnutls_session_t session, const char *hostname);
-const char *raw_to_string (const unsigned char *raw, size_t raw_size);
-void pkcs11_common (void);
-int check_command(gnutls_session_t session, const char* str);
+const char *raw_to_string(const unsigned char *raw, size_t raw_size);
+void pkcs11_common(void);
+int check_command(gnutls_session_t session, const char *str);
int
-pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max);
+pin_callback(void *user, int attempt, const char *token_url,
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max);
-void pkcs11_common (void);
+void pkcs11_common(void);
diff --git a/src/crywrap/crywrap.c b/src/crywrap/crywrap.c
index b0b0799a22..f1b822cb6d 100644
--- a/src/crywrap/crywrap.c
+++ b/src/crywrap/crywrap.c
@@ -52,53 +52,52 @@
#include "crywrap.h"
#include "primes.h"
-static int system_log(const char* fmt, ...)
+static int system_log(const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 1, 2)))
+ __attribute__ ((format(printf, 1, 2)))
#endif
-;
+ ;
-static int system_log_error(const char* fmt, ...)
+static int system_log_error(const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 1, 2)))
+ __attribute__ ((format(printf, 1, 2)))
#endif
-;
+ ;
-static int debug_log(const char* fmt, ...)
+static int debug_log(const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 1, 2)))
+ __attribute__ ((format(printf, 1, 2)))
#endif
-;
+ ;
-typedef int (*cry_log_func)(const char *format, ...)
+typedef int (*cry_log_func) (const char *format, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 1, 2)))
+ __attribute__ ((format(printf, 1, 2)))
#endif
-;
+ ;
static cry_log_func cry_log = system_log;
static cry_log_func cry_error = system_log_error;
-static void
-tls_audit_log_func (gnutls_session_t session, const char *str)
+static void tls_audit_log_func(gnutls_session_t session, const char *str)
{
- char peer_name[NI_MAXHOST] = "Unknown";
- gnutls_transport_ptr_t r, s;
- struct sockaddr_storage faddr;
- socklen_t socklen = sizeof (struct sockaddr_storage);
-
- if (session != NULL)
- {
- gnutls_transport_get_ptr2(session, &r, &s);
-
- /* Log the connection */
- if (getpeername ((int)(long)r, (struct sockaddr *)&faddr, &socklen) != 0)
- cry_error ("getpeername(): %s", strerror (errno));
-
- cry_log ("Peer %s: %s", peer_name, str);
- }
- else
- cry_log ("%s", str);
+ char peer_name[NI_MAXHOST] = "Unknown";
+ gnutls_transport_ptr_t r, s;
+ struct sockaddr_storage faddr;
+ socklen_t socklen = sizeof(struct sockaddr_storage);
+
+ if (session != NULL) {
+ gnutls_transport_get_ptr2(session, &r, &s);
+
+ /* Log the connection */
+ if (getpeername
+ ((int) (long) r, (struct sockaddr *) &faddr,
+ &socklen) != 0)
+ cry_error("getpeername(): %s", strerror(errno));
+
+ cry_log("Peer %s: %s", peer_name, str);
+ } else
+ cry_log("%s", str);
}
@@ -118,7 +117,8 @@ static const char *pidfile = _CRYWRAP_PIDFILE; /**< File to log our PID
*/
static gnutls_certificate_server_credentials cred;
static gnutls_dh_params dh_params; /**< GNUTLS DH parameters. */
-static gnutls_datum dh_file = { (void*)_crywrap_prime_dh_1024, sizeof(_crywrap_prime_dh_1024) }; /**< Diffie Hellman parameters */
+static gnutls_datum dh_file = { (void *) _crywrap_prime_dh_1024, sizeof(_crywrap_prime_dh_1024) };
+ /**< Diffie Hellman parameters */
/** Bugreport address.
* Used by the argp suite.
@@ -138,36 +138,41 @@ static char *pem_key = NULL;
* Used by the argp suite.
*/
static const struct argp_option _crywrap_options[] = {
- {NULL, 0, NULL, 0, "Mandatory options:", 1},
- {"destination", 'd', "IP/PORT", 0, "IP and port to connect to", 1},
- {"listen", 'l', "IP/PORT", 0, "IP and port to listen on", 1},
- {NULL, 0, NULL, 0, "TLS certificates:", 2},
- {"key", 'k', "FILE", 0, "Server key", 2},
- {"cert", 'c', "FILE", 0, "Server certificate", 2},
- {"ca", 'z', "FILE", 0, "CA certificate", 2},
- {"anon", 'a', NULL, 0, "Enable anonymous authentication (no certificates)", 2},
- {"verify", 'v', "LEVEL", OPTION_ARG_OPTIONAL,
- "Verify clients certificate (1: verify if exists, 2: require)", 2},
- {NULL, 0, NULL, 0, "Other options:", 3},
- {"dhparams", 'r', "FILE", 0, "Diffie Hellman (PKCS #3) parameters file", 3},
- {"user", 'u', "UID", 0, "User ID to run as", 3},
- {"pidfile", 'P', "PATH", 0, "File to log the PID into", 3},
- {"priority", 'p', "STRING", 0, "GnuTLS ciphersuite priority string", 3},
- {"inetd", 'i', NULL, 0, "Enable inetd mode", 3},
- {"debug", 'D', NULL, 0, "Run the server into foreground", 3},
- {0, 0, 0, 0, NULL, 0}
+ {NULL, 0, NULL, 0, "Mandatory options:", 1},
+ {"destination", 'd', "IP/PORT", 0, "IP and port to connect to", 1},
+ {"listen", 'l', "IP/PORT", 0, "IP and port to listen on", 1},
+ {NULL, 0, NULL, 0, "TLS certificates:", 2},
+ {"key", 'k', "FILE", 0, "Server key", 2},
+ {"cert", 'c', "FILE", 0, "Server certificate", 2},
+ {"ca", 'z', "FILE", 0, "CA certificate", 2},
+ {"anon", 'a', NULL, 0,
+ "Enable anonymous authentication (no certificates)", 2},
+ {"verify", 'v', "LEVEL", OPTION_ARG_OPTIONAL,
+ "Verify clients certificate (1: verify if exists, 2: require)",
+ 2},
+ {NULL, 0, NULL, 0, "Other options:", 3},
+ {"dhparams", 'r', "FILE", 0,
+ "Diffie Hellman (PKCS #3) parameters file", 3},
+ {"user", 'u', "UID", 0, "User ID to run as", 3},
+ {"pidfile", 'P', "PATH", 0, "File to log the PID into", 3},
+ {"priority", 'p', "STRING", 0,
+ "GnuTLS ciphersuite priority string", 3},
+ {"inetd", 'i', NULL, 0, "Enable inetd mode", 3},
+ {"debug", 'D', NULL, 0, "Run the server into foreground", 3},
+ {0, 0, 0, 0, NULL, 0}
};
-static error_t _crywrap_config_parse_opt (int key, char *arg,
- struct argp_state *state);
+static error_t _crywrap_config_parse_opt(int key, char *arg,
+ struct argp_state *state);
/** The main argp structure for Crywrap.
*/
static const struct argp _crywrap_argp =
- {_crywrap_options, _crywrap_config_parse_opt, 0,
- __CRYWRAP__ " -- Security for the masses\v"
- "The --destination option is mandatory, as is --listen if --inetd "
- "was not used.",
- NULL, NULL, NULL};
+ { _crywrap_options, _crywrap_config_parse_opt, 0,
+ __CRYWRAP__ " -- Security for the masses\v"
+ "The --destination option is mandatory, as is --listen if --inetd "
+ "was not used.",
+ NULL, NULL, NULL
+};
/** @} */
@@ -177,44 +182,41 @@ static const struct argp _crywrap_argp =
/** SIGCHLD handler
*/
-static void
-_crywrap_sigchld_handler (int sig)
+static void _crywrap_sigchld_handler(int sig)
{
-pid_t child;
-int status;
+ pid_t child;
+ int status;
- while ((child = waitpid (-1, &status, WNOHANG)) > (pid_t) 0)
- signal (sig, _crywrap_sigchld_handler);
+ while ((child = waitpid(-1, &status, WNOHANG)) > (pid_t) 0)
+ signal(sig, _crywrap_sigchld_handler);
}
/* Helper functions to load a certificate and key
* files into memory.
*/
-static gnutls_datum_t
-load_file (const char *file)
+static gnutls_datum_t load_file(const char *file)
{
- gnutls_datum_t loaded_file = { NULL, 0 };
+ gnutls_datum_t loaded_file = { NULL, 0 };
- gnutls_load_file(file, &loaded_file);
+ gnutls_load_file(file, &loaded_file);
- return loaded_file;
+ return loaded_file;
}
/** Generic signal handler.
* This one removes the #pidfile, if necessary.
*/
-static void
-_crywrap_sighandler (int sig)
+static void _crywrap_sighandler(int sig)
{
- if (getpid () == main_pid)
- {
- cry_log ("Exiting on signal %d", sig);
- if (pidfile && *pidfile)
- unlink (pidfile);
- closelog ();
- exit (0);
- }
+ if (getpid() == main_pid) {
+ cry_log("Exiting on signal %d", sig);
+ if (pidfile && *pidfile)
+ unlink(pidfile);
+ closelog();
+ exit(0);
+ }
}
+
/** @} */
/** @defgroup parsing Option parsing
@@ -228,22 +230,21 @@ _crywrap_sighandler (int sig)
*
* @returns The purt number, or -1 on error.
*/
-static int
-_crywrap_port_get (const char *serv)
+static int _crywrap_port_get(const char *serv)
{
- int port;
- struct servent *se;
+ int port;
+ struct servent *se;
- if (!serv)
- return -1;
+ if (!serv)
+ return -1;
- se = getservbyname (serv, "tcp");
- if (!se)
- port = atoi (serv);
- else
- port = ntohs (se->s_port);
+ se = getservbyname(serv, "tcp");
+ if (!se)
+ port = atoi(serv);
+ else
+ port = ntohs(se->s_port);
- return port;
+ return port;
}
/** Address resolver.
@@ -255,58 +256,54 @@ _crywrap_port_get (const char *serv)
* @returns Zero on success, -1 on error.
*/
static int
-_crywrap_addr_get (const char *hostname, struct sockaddr_storage **addr)
+_crywrap_addr_get(const char *hostname, struct sockaddr_storage **addr)
{
- struct addrinfo *res;
- struct addrinfo hints;
- ssize_t len;
- char *lz = NULL;
-
- if (idna_to_ascii_lz (hostname, &lz, 0) != IDNA_SUCCESS)
- return -1;
-
- memset (&hints, 0, sizeof (hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_protocol = IPPROTO_IP;
- *addr = calloc (1, sizeof (struct sockaddr_storage));
- if (*addr == NULL)
- {
- free(lz);
- return -1;
- }
-
- if (getaddrinfo (lz, NULL, &hints, &res) != 0)
- {
- free (lz);
- return -1;
- }
-
- free (lz);
-
- switch (res->ai_addr->sa_family)
- {
- case AF_INET:
- len = sizeof (struct sockaddr_in);
- break;
- case AF_INET6:
- len = sizeof (struct sockaddr_in6);
- break;
- default:
- freeaddrinfo (res);
- return -1;
- }
-
- if (len < (ssize_t)res->ai_addrlen)
- {
- freeaddrinfo (res);
- return -1;
- }
-
- memcpy (*addr, res->ai_addr, res->ai_addrlen);
- freeaddrinfo (res);
-
- return 0;
+ struct addrinfo *res;
+ struct addrinfo hints;
+ ssize_t len;
+ char *lz = NULL;
+
+ if (idna_to_ascii_lz(hostname, &lz, 0) != IDNA_SUCCESS)
+ return -1;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_IP;
+ *addr = calloc(1, sizeof(struct sockaddr_storage));
+ if (*addr == NULL) {
+ free(lz);
+ return -1;
+ }
+
+ if (getaddrinfo(lz, NULL, &hints, &res) != 0) {
+ free(lz);
+ return -1;
+ }
+
+ free(lz);
+
+ switch (res->ai_addr->sa_family) {
+ case AF_INET:
+ len = sizeof(struct sockaddr_in);
+ break;
+ case AF_INET6:
+ len = sizeof(struct sockaddr_in6);
+ break;
+ default:
+ freeaddrinfo(res);
+ return -1;
+ }
+
+ if (len < (ssize_t) res->ai_addrlen) {
+ freeaddrinfo(res);
+ return -1;
+ }
+
+ memcpy(*addr, res->ai_addr, res->ai_addrlen);
+ freeaddrinfo(res);
+
+ return 0;
}
/** Parse a HOST/IP pair.
@@ -321,151 +318,166 @@ _crywrap_addr_get (const char *hostname, struct sockaddr_storage **addr)
* @returns Zero on success, -1 on error.
*/
static int
-_crywrap_parse_ip (const char *ip, in_port_t *port,
- struct sockaddr_storage **addr, char **host)
+_crywrap_parse_ip(const char *ip, in_port_t * port,
+ struct sockaddr_storage **addr, char **host)
{
- char *s_ip;
- char *tmp;
+ char *s_ip;
+ char *tmp;
- tmp = strchr (ip, '/');
+ tmp = strchr(ip, '/');
- if (!tmp)
- return -1;
+ if (!tmp)
+ return -1;
- if (tmp == ip)
- {
- s_ip = strdup ("0.0.0.0");
- *port = (in_port_t)_crywrap_port_get (&ip[1]);
- }
- else
- {
- *port = (in_port_t)_crywrap_port_get (&tmp[1]);
- s_ip = strndup (ip, tmp - ip);
- }
+ if (tmp == ip) {
+ s_ip = strdup("0.0.0.0");
+ *port = (in_port_t) _crywrap_port_get(&ip[1]);
+ } else {
+ *port = (in_port_t) _crywrap_port_get(&tmp[1]);
+ s_ip = strndup(ip, tmp - ip);
+ }
- if (!*port)
- return -1;
+ if (!*port)
+ return -1;
- if (host)
- *host = strdup (s_ip);
+ if (host)
+ *host = strdup(s_ip);
- return _crywrap_addr_get (s_ip, addr);
+ return _crywrap_addr_get(s_ip, addr);
}
/** Argument parsing routine.
* Used by the argp suite.
*/
static error_t
-_crywrap_config_parse_opt (int key, char *arg, struct argp_state *state)
+_crywrap_config_parse_opt(int key, char *arg, struct argp_state *state)
{
- crywrap_config_t *cfg = (crywrap_config_t *)state->input;
- int ret;
-
- switch (key)
- {
- case 'D':
- cfg->debug = 1;
- cry_log = debug_log;
- cry_error = debug_log;
- break;
- case 'd':
- if (_crywrap_parse_ip (arg, &cfg->dest.port, &cfg->dest.addr,
- &cfg->dest.host) < 0)
- argp_error (state, "Could not resolve address: `%s'", arg);
- break;
- case 'l':
- if (_crywrap_parse_ip (arg, &cfg->listen.port,
- &cfg->listen.addr, NULL) < 0)
- argp_error (state, "Could not resolve address: `%s'", arg);
- break;
- case 'u':
- cfg->uid = atoi (arg);
- break;
- case 'P':
- if (arg && *arg)
- cfg->pidfile = strdup (arg);
- else
- cfg->pidfile = NULL;
- break;
- case 'r':
- if (arg && *arg)
- {
- dh_file = load_file(arg);
- if (dh_file.data == NULL)
- argp_error (state, "error loading Diffie Hellman parameters file: %s.", arg);
- }
- break;
- case 'p':
- if (arg && *arg)
- {
- const char* pos;
- ret = gnutls_priority_init(&cfg->priority, arg, &pos);
- if (ret < 0)
- argp_error (state, "error in priority string at: %s.", pos);
- }
- break;
- case 'c':
- if (arg && *arg)
- pem_cert = strdup (arg);
- break;
- case 'k':
- if (arg && *arg)
- pem_key = strdup (arg);
- break;
-
- break;
- case 'i':
- cfg->inetd = 1;
- break;
- case 'a':
- {
- const char* pos;
- ret = gnutls_priority_init(&cfg->priority, "NORMAL:+ANON-ECDH:+ANON-DH", &pos);
- if (ret < 0)
- argp_error (state, "error in priority string at: %s.", pos);
- }
- cfg->verify = 0;
- cfg->anon = 1;
- break;
- case 'v':
- cfg->verify = (arg) ? atoi (arg) : 1;
- break;
- case 'z':
- ret = gnutls_certificate_set_x509_trust_file (cred, arg,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- argp_error (state, "error reading X.509 CA file: %s.", gnutls_strerror(ret));
- break;
-
- case ARGP_KEY_END:
- if (!cfg->inetd)
- {
- if (!cfg->listen.addr || !cfg->dest.addr)
- argp_error
- (state,
- "a listening and a destination address must be set!");
+ crywrap_config_t *cfg = (crywrap_config_t *) state->input;
+ int ret;
+
+ switch (key) {
+ case 'D':
+ cfg->debug = 1;
+ cry_log = debug_log;
+ cry_error = debug_log;
+ break;
+ case 'd':
+ if (_crywrap_parse_ip
+ (arg, &cfg->dest.port, &cfg->dest.addr,
+ &cfg->dest.host) < 0)
+ argp_error(state,
+ "Could not resolve address: `%s'", arg);
+ break;
+ case 'l':
+ if (_crywrap_parse_ip(arg, &cfg->listen.port,
+ &cfg->listen.addr, NULL) < 0)
+ argp_error(state,
+ "Could not resolve address: `%s'", arg);
+ break;
+ case 'u':
+ cfg->uid = atoi(arg);
+ break;
+ case 'P':
+ if (arg && *arg)
+ cfg->pidfile = strdup(arg);
+ else
+ cfg->pidfile = NULL;
+ break;
+ case 'r':
+ if (arg && *arg) {
+ dh_file = load_file(arg);
+ if (dh_file.data == NULL)
+ argp_error(state,
+ "error loading Diffie Hellman parameters file: %s.",
+ arg);
+ }
+ break;
+ case 'p':
+ if (arg && *arg) {
+ const char *pos;
+ ret =
+ gnutls_priority_init(&cfg->priority, arg,
+ &pos);
+ if (ret < 0)
+ argp_error(state,
+ "error in priority string at: %s.",
+ pos);
+ }
+ break;
+ case 'c':
+ if (arg && *arg)
+ pem_cert = strdup(arg);
+ break;
+ case 'k':
+ if (arg && *arg)
+ pem_key = strdup(arg);
+ break;
+
+ break;
+ case 'i':
+ cfg->inetd = 1;
+ break;
+ case 'a':
+ {
+ const char *pos;
+ ret =
+ gnutls_priority_init(&cfg->priority,
+ "NORMAL:+ANON-ECDH:+ANON-DH",
+ &pos);
+ if (ret < 0)
+ argp_error(state,
+ "error in priority string at: %s.",
+ pos);
+ }
+ cfg->verify = 0;
+ cfg->anon = 1;
+ break;
+ case 'v':
+ cfg->verify = (arg) ? atoi(arg) : 1;
+ break;
+ case 'z':
+ ret = gnutls_certificate_set_x509_trust_file(cred, arg,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ argp_error(state,
+ "error reading X.509 CA file: %s.",
+ gnutls_strerror(ret));
+ break;
+
+ case ARGP_KEY_END:
+ if (!cfg->inetd) {
+ if (!cfg->listen.addr || !cfg->dest.addr)
+ argp_error
+ (state,
+ "a listening and a destination address must be set!");
+ } else if (!cfg->dest.addr)
+ argp_error(state,
+ "a destination address must be set!");
+ if (cfg->anon)
+ break;
+ if (pem_cert == NULL || pem_key == NULL)
+ ret =
+ gnutls_certificate_set_x509_key_file(cred,
+ _CRYWRAP_PEMFILE,
+ _CRYWRAP_PEMFILE,
+ GNUTLS_X509_FMT_PEM);
+ else
+ ret =
+ gnutls_certificate_set_x509_key_file(cred,
+ pem_cert,
+ pem_key,
+ GNUTLS_X509_FMT_PEM);
+
+ if (ret < 0)
+ argp_error(state,
+ "Error reading X.509 key or certificate file: %s",
+ gnutls_strerror(ret));
+ break;
+ default:
+ return ARGP_ERR_UNKNOWN;
}
- else
- if (!cfg->dest.addr)
- argp_error (state, "a destination address must be set!");
- if (cfg->anon)
- break;
- if (pem_cert == NULL || pem_key == NULL)
- ret = gnutls_certificate_set_x509_key_file (cred, _CRYWRAP_PEMFILE,
- _CRYWRAP_PEMFILE,
- GNUTLS_X509_FMT_PEM);
- else
- ret = gnutls_certificate_set_x509_key_file (cred, pem_cert, pem_key,
- GNUTLS_X509_FMT_PEM);
-
- if (ret < 0)
- argp_error (state, "Error reading X.509 key or certificate file: %s", gnutls_strerror(ret));
- break;
- default:
- return ARGP_ERR_UNKNOWN;
- }
-
- return 0;
+
+ return 0;
}
/** Configuration parsing.
@@ -474,33 +486,33 @@ _crywrap_config_parse_opt (int key, char *arg, struct argp_state *state)
*
* @note Does not return if an error occurred.
*/
-static crywrap_config_t *
-_crywrap_config_parse (int argc, char **argv)
+static crywrap_config_t *_crywrap_config_parse(int argc, char **argv)
{
- crywrap_config_t *config =
- (crywrap_config_t *)malloc (sizeof (crywrap_config_t));
+ crywrap_config_t *config =
+ (crywrap_config_t *) malloc(sizeof(crywrap_config_t));
- if (config == NULL)
- return NULL;
+ if (config == NULL)
+ return NULL;
- config->listen.port = 0;
- config->listen.addr = NULL;
- config->dest.port = 0;
- config->dest.addr = NULL;
- config->priority = NULL;
- config->uid = _CRYWRAP_UID;
- config->pidfile = _CRYWRAP_PIDFILE;
- config->inetd = 0;
- config->anon = 0;
- config->verify = 0;
+ config->listen.port = 0;
+ config->listen.addr = NULL;
+ config->dest.port = 0;
+ config->dest.addr = NULL;
+ config->priority = NULL;
+ config->uid = _CRYWRAP_UID;
+ config->pidfile = _CRYWRAP_PIDFILE;
+ config->inetd = 0;
+ config->anon = 0;
+ config->verify = 0;
- argp_parse (&_crywrap_argp, argc, argv, 0, 0, config);
+ argp_parse(&_crywrap_argp, argc, argv, 0, 0, config);
- if (config->priority == NULL)
- gnutls_priority_init(&config->priority, "NORMAL", NULL);
+ if (config->priority == NULL)
+ gnutls_priority_init(&config->priority, "NORMAL", NULL);
- return config;
+ return config;
}
+
/** @} */
/** @defgroup tls Lower-level TLS routines.
@@ -514,46 +526,50 @@ _crywrap_config_parse (int argc, char **argv)
* @returns The newly created TLS session.
*/
static gnutls_session_t
-_crywrap_tls_session_create (const crywrap_config_t *config)
+_crywrap_tls_session_create(const crywrap_config_t * config)
{
- gnutls_session_t session;
- int ret;
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- if (config->anon) {
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, cred);
- } else {
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- }
-
- ret = gnutls_priority_set(session, config->priority);
- if (ret < 0)
- {
- cry_error ("Error setting priority %s: ", gnutls_strerror(ret));
- exit (4);
- }
-
- if (config->verify==1)
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
- else if (config->verify==2)
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
-
- return session;
+ gnutls_session_t session;
+ int ret;
+
+ gnutls_init(&session, GNUTLS_SERVER);
+
+ if (config->anon) {
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, cred);
+ } else {
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cred);
+ }
+
+ ret = gnutls_priority_set(session, config->priority);
+ if (ret < 0) {
+ cry_error("Error setting priority %s: ",
+ gnutls_strerror(ret));
+ exit(4);
+ }
+
+ if (config->verify == 1)
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
+ else if (config->verify == 2)
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUIRE);
+
+ return session;
}
/** Generate initial DH and RSA params.
* Loads the pre-generated DH primes.
*/
-static void
-_crywrap_tls_init (void)
+static void _crywrap_tls_init(void)
{
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &dh_file, GNUTLS_X509_FMT_PEM);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &dh_file,
+ GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_dh_params (cred, dh_params);
+ gnutls_certificate_set_dh_params(cred, dh_params);
}
+
/** @} */
/** @defgroup networking Networking
@@ -569,59 +585,59 @@ _crywrap_tls_init (void)
*
* @returns The bound filedescriptor, or -1 on error.
*/
-static int
-_crywrap_bind (const struct addrinfo *ai, int listen_port)
+static int _crywrap_bind(const struct addrinfo *ai, int listen_port)
{
- int ret;
- const int one = 1;
- int listenfd;
- char sock_name[NI_MAXHOST];
-
- listenfd = socket (ai->ai_family, SOCK_STREAM, IPPROTO_IP);
- if (listenfd == -1)
- {
- cry_error ("socket: %s", strerror (errno));
- return -1;
- }
-
- memset (sock_name, 0, sizeof (sock_name));
- getnameinfo ((struct sockaddr *)ai->ai_addr, ai->ai_addrlen, sock_name,
- sizeof (sock_name), NULL, 0, NI_NUMERICHOST);
-
- switch (ai->ai_family)
- {
- case AF_INET6:
- ((struct sockaddr_in6 *)(ai->ai_addr))->sin6_port = listen_port;
- break;
- case AF_INET:
- ((struct sockaddr_in *)(ai->ai_addr))->sin_port = listen_port;
- break;
- }
-
- ret = setsockopt (listenfd, SOL_SOCKET, SO_REUSEADDR,
- &one, sizeof (one));
- if (ret != 0)
- {
- cry_error ("setsockopt: %s (%s)", strerror (errno), sock_name);
- return -1;
- }
-
- ret = bind (listenfd, ai->ai_addr, ai->ai_addrlen);
- if (ret != 0)
- {
- cry_error ("bind to %s failed: %s", sock_name, strerror (errno));
- return -1;
- }
-
- if (listen (listenfd, _CRYWRAP_MAXCONN) != 0)
- {
- cry_error ("listen on %s failed: %s", sock_name, strerror (errno));
- return -1;
- }
-
- cry_log ("Socket bound to port %d on %s.", ntohs (listen_port), sock_name);
-
- return listenfd;
+ int ret;
+ const int one = 1;
+ int listenfd;
+ char sock_name[NI_MAXHOST];
+
+ listenfd = socket(ai->ai_family, SOCK_STREAM, IPPROTO_IP);
+ if (listenfd == -1) {
+ cry_error("socket: %s", strerror(errno));
+ return -1;
+ }
+
+ memset(sock_name, 0, sizeof(sock_name));
+ getnameinfo((struct sockaddr *) ai->ai_addr, ai->ai_addrlen,
+ sock_name, sizeof(sock_name), NULL, 0, NI_NUMERICHOST);
+
+ switch (ai->ai_family) {
+ case AF_INET6:
+ ((struct sockaddr_in6 *) (ai->ai_addr))->sin6_port =
+ listen_port;
+ break;
+ case AF_INET:
+ ((struct sockaddr_in *) (ai->ai_addr))->sin_port =
+ listen_port;
+ break;
+ }
+
+ ret = setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR,
+ &one, sizeof(one));
+ if (ret != 0) {
+ cry_error("setsockopt: %s (%s)", strerror(errno),
+ sock_name);
+ return -1;
+ }
+
+ ret = bind(listenfd, ai->ai_addr, ai->ai_addrlen);
+ if (ret != 0) {
+ cry_error("bind to %s failed: %s", sock_name,
+ strerror(errno));
+ return -1;
+ }
+
+ if (listen(listenfd, _CRYWRAP_MAXCONN) != 0) {
+ cry_error("listen on %s failed: %s", sock_name,
+ strerror(errno));
+ return -1;
+ }
+
+ cry_log("Socket bound to port %d on %s.", ntohs(listen_port),
+ sock_name);
+
+ return listenfd;
}
/** Set up a listening socket.
@@ -632,39 +648,37 @@ _crywrap_bind (const struct addrinfo *ai, int listen_port)
*
* @returns The listening FD on success, -1 on error.
*/
-static int
-_crywrap_listen (const crywrap_config_t *config)
+static int _crywrap_listen(const crywrap_config_t * config)
{
- struct addrinfo *cur;
- int ret;
-
- cur = calloc (1, sizeof (struct addrinfo));
- if (cur == NULL)
- return -1;
-
- cur->ai_family = config->listen.addr->ss_family;
-
- switch (cur->ai_family)
- {
- case AF_INET6:
- cur->ai_addrlen = sizeof (struct sockaddr_in6);
- break;
- case AF_INET:
- cur->ai_addrlen = sizeof (struct sockaddr_in);
- break;
- }
-
- cur->ai_addr = malloc (cur->ai_addrlen);
- if (cur->ai_addr == NULL)
- return -1;
-
- memcpy (cur->ai_addr, config->listen.addr, cur->ai_addrlen);
-
- ret = _crywrap_bind (cur, htons (config->listen.port));
- free (cur->ai_addr);
- free (cur);
-
- return ret;
+ struct addrinfo *cur;
+ int ret;
+
+ cur = calloc(1, sizeof(struct addrinfo));
+ if (cur == NULL)
+ return -1;
+
+ cur->ai_family = config->listen.addr->ss_family;
+
+ switch (cur->ai_family) {
+ case AF_INET6:
+ cur->ai_addrlen = sizeof(struct sockaddr_in6);
+ break;
+ case AF_INET:
+ cur->ai_addrlen = sizeof(struct sockaddr_in);
+ break;
+ }
+
+ cur->ai_addr = malloc(cur->ai_addrlen);
+ if (cur->ai_addr == NULL)
+ return -1;
+
+ memcpy(cur->ai_addr, config->listen.addr, cur->ai_addrlen);
+
+ ret = _crywrap_bind(cur, htons(config->listen.port));
+ free(cur->ai_addr);
+ free(cur);
+
+ return ret;
}
/** Connect to a remote server.
@@ -677,60 +691,56 @@ _crywrap_listen (const crywrap_config_t *config)
* @returns the connected socket on success, otherwise it exits.
*/
static int
-_crywrap_remote_connect (const struct sockaddr_storage *addr, int port)
+_crywrap_remote_connect(const struct sockaddr_storage *addr, int port)
{
- struct addrinfo *cur;
- int sock;
-
- cur = calloc (1, sizeof (struct addrinfo));
- if (cur == NULL)
- return -1;
-
- cur->ai_family = addr->ss_family;
-
- switch (cur->ai_family)
- {
- case AF_INET6:
- cur->ai_addrlen = sizeof (struct sockaddr_in6);
- break;
- case AF_INET:
- cur->ai_addrlen = sizeof (struct sockaddr_in);
- break;
- }
-
- cur->ai_addr = malloc (cur->ai_addrlen);
- if (cur->ai_addr == NULL)
- return -1;
-
- memcpy (cur->ai_addr, addr, cur->ai_addrlen);
-
- switch (cur->ai_family)
- {
- case AF_INET6:
- ((struct sockaddr_in6 *)(cur->ai_addr))->sin6_port = port;
- break;
- case AF_INET:
- ((struct sockaddr_in *)(cur->ai_addr))->sin_port = port;
- break;
- }
-
- sock = socket (cur->ai_family, SOCK_STREAM, IPPROTO_IP);
- if (sock < 0)
- {
- cry_error ("socket(): %s", strerror (errno));
- exit (1);
- }
-
- if (connect (sock, cur->ai_addr, cur->ai_addrlen) < 0)
- {
- cry_error ("connect(): %s", strerror (errno));
- exit (1);
- }
-
- free (cur->ai_addr);
- free (cur);
-
- return sock;
+ struct addrinfo *cur;
+ int sock;
+
+ cur = calloc(1, sizeof(struct addrinfo));
+ if (cur == NULL)
+ return -1;
+
+ cur->ai_family = addr->ss_family;
+
+ switch (cur->ai_family) {
+ case AF_INET6:
+ cur->ai_addrlen = sizeof(struct sockaddr_in6);
+ break;
+ case AF_INET:
+ cur->ai_addrlen = sizeof(struct sockaddr_in);
+ break;
+ }
+
+ cur->ai_addr = malloc(cur->ai_addrlen);
+ if (cur->ai_addr == NULL)
+ return -1;
+
+ memcpy(cur->ai_addr, addr, cur->ai_addrlen);
+
+ switch (cur->ai_family) {
+ case AF_INET6:
+ ((struct sockaddr_in6 *) (cur->ai_addr))->sin6_port = port;
+ break;
+ case AF_INET:
+ ((struct sockaddr_in *) (cur->ai_addr))->sin_port = port;
+ break;
+ }
+
+ sock = socket(cur->ai_family, SOCK_STREAM, IPPROTO_IP);
+ if (sock < 0) {
+ cry_error("socket(): %s", strerror(errno));
+ exit(1);
+ }
+
+ if (connect(sock, cur->ai_addr, cur->ai_addrlen) < 0) {
+ cry_error("connect(): %s", strerror(errno));
+ exit(1);
+ }
+
+ free(cur->ai_addr);
+ free(cur);
+
+ return sock;
}
/** @} */
@@ -743,40 +753,35 @@ _crywrap_remote_connect (const struct sockaddr_storage *addr, int port)
* Drop privileges, if running as root.
* Upon failure, it will make CryWrap exit.
*/
-static void
-_crywrap_privs_drop (const crywrap_config_t *config)
+static void _crywrap_privs_drop(const crywrap_config_t * config)
{
- struct passwd *pwd;
-
- if (getuid () != 0)
- {
- cry_log ("%s", "Not running as root, not dropping privileges.");
- return;
- }
-
- if ((pwd = getpwuid (config->uid)) == NULL)
- {
- cry_error ("getpwuid(): %s", strerror (errno));
- exit (1);
- }
-
- if (initgroups (pwd->pw_name, pwd->pw_gid) == -1)
- {
- cry_error ("initgroups(): %s", strerror (errno));
- exit (1);
- }
-
- if (setgid (pwd->pw_gid) == -1)
- {
- cry_error ("setgid(): %s", strerror (errno));
- exit (1);
- }
-
- if (setuid (config->uid))
- {
- cry_error ("setuid(): %s", strerror (errno));
- exit (1);
- }
+ struct passwd *pwd;
+
+ if (getuid() != 0) {
+ cry_log("%s",
+ "Not running as root, not dropping privileges.");
+ return;
+ }
+
+ if ((pwd = getpwuid(config->uid)) == NULL) {
+ cry_error("getpwuid(): %s", strerror(errno));
+ exit(1);
+ }
+
+ if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
+ cry_error("initgroups(): %s", strerror(errno));
+ exit(1);
+ }
+
+ if (setgid(pwd->pw_gid) == -1) {
+ cry_error("setgid(): %s", strerror(errno));
+ exit(1);
+ }
+
+ if (setuid(config->uid)) {
+ cry_error("setuid(): %s", strerror(errno));
+ exit(1);
+ }
}
/** Set up the PID file.
@@ -785,34 +790,32 @@ _crywrap_privs_drop (const crywrap_config_t *config)
*
* @note Exits upon error.
*/
-static void
-_crywrap_setup_pidfile (const crywrap_config_t *config)
+static void _crywrap_setup_pidfile(const crywrap_config_t * config)
{
- char mypid[128];
- int pidfilefd;
-
- if (!config->pidfile || !*(config->pidfile))
- return;
-
- if (!access (config->pidfile, F_OK))
- {
- cry_error ("Pidfile (%s) already exists. Exiting.", config->pidfile);
- exit (1);
- }
- if ((pidfilefd = open (config->pidfile,
- O_WRONLY | O_CREAT | O_TRUNC, 0644)) == -1)
- {
- cry_error ("Cannot create pidfile (%s): %s.\n", config->pidfile,
- strerror (errno));
- exit (1);
- }
- fchown (pidfilefd, config->uid, (gid_t)-1);
-
- main_pid = getpid ();
- snprintf (mypid, sizeof (mypid), "%d\n", main_pid);
- write (pidfilefd, mypid, strlen (mypid));
- close (pidfilefd);
- pidfile = config->pidfile;
+ char mypid[128];
+ int pidfilefd;
+
+ if (!config->pidfile || !*(config->pidfile))
+ return;
+
+ if (!access(config->pidfile, F_OK)) {
+ cry_error("Pidfile (%s) already exists. Exiting.",
+ config->pidfile);
+ exit(1);
+ }
+ if ((pidfilefd = open(config->pidfile,
+ O_WRONLY | O_CREAT | O_TRUNC, 0644)) == -1) {
+ cry_error("Cannot create pidfile (%s): %s.\n",
+ config->pidfile, strerror(errno));
+ exit(1);
+ }
+ fchown(pidfilefd, config->uid, (gid_t) - 1);
+
+ main_pid = getpid();
+ snprintf(mypid, sizeof(mypid), "%d\n", main_pid);
+ write(pidfilefd, mypid, strlen(mypid));
+ close(pidfilefd);
+ pidfile = config->pidfile;
}
@@ -827,273 +830,258 @@ _crywrap_setup_pidfile (const crywrap_config_t *config)
* @note Exits on error.
*/
static int
-_crywrap_do_one (const crywrap_config_t *config, int insock, int outsock)
+_crywrap_do_one(const crywrap_config_t * config, int insock, int outsock)
{
- int sock, ret, tls_pending;
- gnutls_session_t session;
- char buffer[_CRYWRAP_MAXBUF + 2];
- fd_set fdset;
- unsigned int status = 0;
- struct sockaddr_storage faddr;
- socklen_t socklen = sizeof (struct sockaddr_storage);
- char peer_name[NI_MAXHOST];
-
- /* Log the connection */
- if (getpeername (insock, (struct sockaddr *)&faddr, &socklen) != 0)
- cry_error ("getpeername(): %s", strerror (errno));
- else
- {
- getnameinfo ((struct sockaddr *)&faddr,
- sizeof (struct sockaddr_storage), peer_name,
- sizeof (peer_name), NULL, 0, NI_NUMERICHOST);
- cry_log ("Accepted connection from %s on %d to %s/%d",
- peer_name, insock, config->dest.host,
- config->dest.port);
- }
-
- /* Do the handshake with our peer */
- session = _crywrap_tls_session_create (config);
- gnutls_transport_set_ptr2 (session,
- (gnutls_transport_ptr_t)insock,
- (gnutls_transport_ptr_t)outsock);
-
- do
- {
- ret = gnutls_handshake(session);
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- cry_error ("Handshake failed: %s", gnutls_strerror (ret));
- gnutls_alert_send_appropriate(session, ret);
- goto error;
- }
-
- /* Verify the client's certificate, if any. */
- if (config->verify)
- {
- ret = gnutls_certificate_verify_peers2 (session, &status);
- if (ret < 0)
- cry_log ("Error getting certificate from client: %s",
- gnutls_strerror (ret));
-
- if (ret == 0 && status != 0)
- {
- if (status & GNUTLS_CERT_INVALID)
- cry_log ("%s", "Client certificate not trusted or invalid");
- }
-
- if (config->verify > 0 && status != 0)
- {
- ret = -1;
- gnutls_alert_send( session, GNUTLS_AL_FATAL, GNUTLS_A_INSUFFICIENT_SECURITY);
- goto error;
- }
- }
-
- /* Connect to the remote host */
- sock = _crywrap_remote_connect (config->dest.addr,
- htons (config->dest.port));
-
- for (;;)
- {
- FD_ZERO (&fdset);
- FD_SET (insock, &fdset);
- FD_SET (sock, &fdset);
-
- memset (buffer, 0, _CRYWRAP_MAXBUF + 1);
-
- tls_pending = 0;
-
- if (gnutls_record_check_pending(session) > 0)
- tls_pending = 1;
- else
- {
- select (sock + 1, &fdset, NULL, NULL, NULL);
- if (FD_ISSET (insock, &fdset))
- tls_pending = 1;
- }
- /* TLS client */
- if (tls_pending != 0)
- {
- ret = gnutls_record_recv (session, buffer, _CRYWRAP_MAXBUF);
- if (ret == 0)
- {
- cry_log ("%s", "Peer has closed the GNUTLS connection");
- break;
- }
- else if (ret < 0)
- {
- cry_log ("Received corrupted data: %s.",
- gnutls_strerror (ret));
- break;
- }
- else
- send (sock, buffer, ret, 0);
+ int sock, ret, tls_pending;
+ gnutls_session_t session;
+ char buffer[_CRYWRAP_MAXBUF + 2];
+ fd_set fdset;
+ unsigned int status = 0;
+ struct sockaddr_storage faddr;
+ socklen_t socklen = sizeof(struct sockaddr_storage);
+ char peer_name[NI_MAXHOST];
+
+ /* Log the connection */
+ if (getpeername(insock, (struct sockaddr *) &faddr, &socklen) != 0)
+ cry_error("getpeername(): %s", strerror(errno));
+ else {
+ getnameinfo((struct sockaddr *) &faddr,
+ sizeof(struct sockaddr_storage), peer_name,
+ sizeof(peer_name), NULL, 0, NI_NUMERICHOST);
+ cry_log("Accepted connection from %s on %d to %s/%d",
+ peer_name, insock, config->dest.host,
+ config->dest.port);
}
- /* Remote server */
- if (FD_ISSET (sock, &fdset))
- {
- ret = recv (sock, buffer, _CRYWRAP_MAXBUF, 0);
- if (ret == 0)
- {
- cry_log ("%s", "Server has closed the connection");
- break;
- }
- else if (ret < 0)
- {
- cry_log ("Received corrupted data: %s.", strerror (errno));
- break;
- }
- else
- {
- int r, o = 0;
-
- do
- {
- r = gnutls_record_send (session, &buffer[o], ret - o);
- o += r;
- } while (r > 0 && ret > o);
+ /* Do the handshake with our peer */
+ session = _crywrap_tls_session_create(config);
+ gnutls_transport_set_ptr2(session,
+ (gnutls_transport_ptr_t) insock,
+ (gnutls_transport_ptr_t) outsock);
- if (r < 0)
- cry_log ("Received corrupt data: %s", gnutls_strerror (r));
- }
+ do {
+ ret = gnutls_handshake(session);
}
- }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-error:
- gnutls_bye (session, GNUTLS_SHUT_WR);
- gnutls_deinit (session);
- close (insock);
- close (outsock);
+ if (ret < 0) {
+ cry_error("Handshake failed: %s", gnutls_strerror(ret));
+ gnutls_alert_send_appropriate(session, ret);
+ goto error;
+ }
- return (ret == 0) ? 0 : 1;
+ /* Verify the client's certificate, if any. */
+ if (config->verify) {
+ ret = gnutls_certificate_verify_peers2(session, &status);
+ if (ret < 0)
+ cry_log
+ ("Error getting certificate from client: %s",
+ gnutls_strerror(ret));
+
+ if (ret == 0 && status != 0) {
+ if (status & GNUTLS_CERT_INVALID)
+ cry_log("%s",
+ "Client certificate not trusted or invalid");
+ }
+
+ if (config->verify > 0 && status != 0) {
+ ret = -1;
+ gnutls_alert_send(session, GNUTLS_AL_FATAL,
+ GNUTLS_A_INSUFFICIENT_SECURITY);
+ goto error;
+ }
+ }
+
+ /* Connect to the remote host */
+ sock = _crywrap_remote_connect(config->dest.addr,
+ htons(config->dest.port));
+
+ for (;;) {
+ FD_ZERO(&fdset);
+ FD_SET(insock, &fdset);
+ FD_SET(sock, &fdset);
+
+ memset(buffer, 0, _CRYWRAP_MAXBUF + 1);
+
+ tls_pending = 0;
+
+ if (gnutls_record_check_pending(session) > 0)
+ tls_pending = 1;
+ else {
+ select(sock + 1, &fdset, NULL, NULL, NULL);
+ if (FD_ISSET(insock, &fdset))
+ tls_pending = 1;
+ }
+ /* TLS client */
+ if (tls_pending != 0) {
+ ret =
+ gnutls_record_recv(session, buffer,
+ _CRYWRAP_MAXBUF);
+ if (ret == 0) {
+ cry_log("%s",
+ "Peer has closed the GNUTLS connection");
+ break;
+ } else if (ret < 0) {
+ cry_log("Received corrupted data: %s.",
+ gnutls_strerror(ret));
+ break;
+ } else
+ send(sock, buffer, ret, 0);
+ }
+
+ /* Remote server */
+ if (FD_ISSET(sock, &fdset)) {
+ ret = recv(sock, buffer, _CRYWRAP_MAXBUF, 0);
+ if (ret == 0) {
+ cry_log("%s",
+ "Server has closed the connection");
+ break;
+ } else if (ret < 0) {
+ cry_log("Received corrupted data: %s.",
+ strerror(errno));
+ break;
+ } else {
+ int r, o = 0;
+
+ do {
+ r = gnutls_record_send(session,
+ &buffer[o],
+ ret - o);
+ o += r;
+ } while (r > 0 && ret > o);
+
+ if (r < 0)
+ cry_log
+ ("Received corrupt data: %s",
+ gnutls_strerror(r));
+ }
+ }
+ }
+
+ error:
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+ gnutls_deinit(session);
+ close(insock);
+ close(outsock);
+
+ return (ret == 0) ? 0 : 1;
}
/** CryWrap entry point.
* This is the main entry point - controls the whole program and so
* on...
*/
-int
-main (int argc, char **argv, char **envp)
+int main(int argc, char **argv, char **envp)
{
- crywrap_config_t *config;
- int server_socket;
-
- openlog (__CRYWRAP__, LOG_PID, LOG_DAEMON);
-
- gnutls_global_set_audit_log_function (tls_audit_log_func);
-
- if (gnutls_global_init () < 0)
- {
- cry_error ("%s", "Global TLS state initialisation failed.");
- exit (1);
- }
- if (gnutls_certificate_allocate_credentials (&cred) < 0)
- {
- cry_error ("%s", "Couldn't allocate credentials.");
- exit (1);
- }
-
- stringprep_locale_charset ();
-
- config = _crywrap_config_parse (argc, argv);
-
- _crywrap_tls_init ();
-
- if (config->inetd)
- {
- _crywrap_privs_drop (config);
- exit (_crywrap_do_one (config, 0, 1));
- }
-
- if (!config->debug)
- if (daemon (0, 0))
- {
- cry_error ("daemon: %s", strerror (errno));
- exit (1);
- }
-
- cry_log ("%s", "Crywrap starting...");
-
- server_socket = _crywrap_listen (config);
- if (server_socket < 0)
- exit (1);
-
- if (!config->debug) _crywrap_setup_pidfile (config);
- _crywrap_privs_drop (config);
-
- signal (SIGTERM, _crywrap_sighandler);
- signal (SIGQUIT, _crywrap_sighandler);
- signal (SIGSEGV, _crywrap_sighandler);
- signal (SIGPIPE, SIG_IGN);
- signal (SIGHUP, SIG_IGN);
- signal (SIGCHLD, _crywrap_sigchld_handler);
-
- cry_log ("%s", "Accepting connections");
-
-
- for (;;)
- {
- int csock;
- int child;
-
- csock = accept (server_socket, NULL, NULL);
- if (csock < 0)
- continue;
-
- child = fork ();
- switch (child)
- {
- case 0:
- exit (_crywrap_do_one (config, csock, csock));
- break;
- case -1:
- cry_error ("%s", "Forking error.");
- exit (1);
- break;
+ crywrap_config_t *config;
+ int server_socket;
+
+ openlog(__CRYWRAP__, LOG_PID, LOG_DAEMON);
+
+ gnutls_global_set_audit_log_function(tls_audit_log_func);
+
+ if (gnutls_global_init() < 0) {
+ cry_error("%s", "Global TLS state initialisation failed.");
+ exit(1);
+ }
+ if (gnutls_certificate_allocate_credentials(&cred) < 0) {
+ cry_error("%s", "Couldn't allocate credentials.");
+ exit(1);
}
- close(csock);
- }
- return 0;
+ stringprep_locale_charset();
+
+ config = _crywrap_config_parse(argc, argv);
+
+ _crywrap_tls_init();
+
+ if (config->inetd) {
+ _crywrap_privs_drop(config);
+ exit(_crywrap_do_one(config, 0, 1));
+ }
+
+ if (!config->debug)
+ if (daemon(0, 0)) {
+ cry_error("daemon: %s", strerror(errno));
+ exit(1);
+ }
+
+ cry_log("%s", "Crywrap starting...");
+
+ server_socket = _crywrap_listen(config);
+ if (server_socket < 0)
+ exit(1);
+
+ if (!config->debug)
+ _crywrap_setup_pidfile(config);
+ _crywrap_privs_drop(config);
+
+ signal(SIGTERM, _crywrap_sighandler);
+ signal(SIGQUIT, _crywrap_sighandler);
+ signal(SIGSEGV, _crywrap_sighandler);
+ signal(SIGPIPE, SIG_IGN);
+ signal(SIGHUP, SIG_IGN);
+ signal(SIGCHLD, _crywrap_sigchld_handler);
+
+ cry_log("%s", "Accepting connections");
+
+
+ for (;;) {
+ int csock;
+ int child;
+
+ csock = accept(server_socket, NULL, NULL);
+ if (csock < 0)
+ continue;
+
+ child = fork();
+ switch (child) {
+ case 0:
+ exit(_crywrap_do_one(config, csock, csock));
+ break;
+ case -1:
+ cry_error("%s", "Forking error.");
+ exit(1);
+ break;
+ }
+ close(csock);
+ }
+
+ return 0;
}
-static int system_log(const char* fmt, ...)
+static int system_log(const char *fmt, ...)
{
- va_list args;
+ va_list args;
- va_start (args, fmt);
- vsyslog(LOG_NOTICE, fmt, args);
- va_end (args);
+ va_start(args, fmt);
+ vsyslog(LOG_NOTICE, fmt, args);
+ va_end(args);
- return 0;
+ return 0;
}
-static int system_log_error(const char* fmt, ...)
+static int system_log_error(const char *fmt, ...)
{
- va_list args;
+ va_list args;
- va_start (args, fmt);
- vsyslog(LOG_ERR, fmt, args);
- va_end (args);
+ va_start(args, fmt);
+ vsyslog(LOG_ERR, fmt, args);
+ va_end(args);
- return 0;
+ return 0;
}
-static int debug_log(const char* fmt, ...)
+static int debug_log(const char *fmt, ...)
{
- va_list args;
+ va_list args;
- va_start (args, fmt);
- vprintf(fmt, args);
- puts("");
- va_end (args);
+ va_start(args, fmt);
+ vprintf(fmt, args);
+ puts("");
+ va_end(args);
- return 0;
+ return 0;
}
/** @} */
-
diff --git a/src/crywrap/crywrap.h b/src/crywrap/crywrap.h
index e246e27a44..a41990f4a0 100644
--- a/src/crywrap/crywrap.h
+++ b/src/crywrap/crywrap.h
@@ -57,35 +57,37 @@
* Most of the CryWrap configuration - those options that are settable
* via the command-line are stored in a variable of this type.
*/
-typedef struct
-{
+typedef struct {
/** Properties of the listening socket.
*/
- struct
- {
- in_port_t port;
- struct sockaddr_storage *addr;
- } listen;
+ struct {
+ in_port_t port;
+ struct sockaddr_storage *addr;
+ } listen;
/** Properties of the destination socket.
*/
- struct
- {
- in_port_t port;
- char *host;
- struct sockaddr_storage *addr;
- } dest;
+ struct {
+ in_port_t port;
+ char *host;
+ struct sockaddr_storage *addr;
+ } dest;
- gnutls_priority_t priority; /**< GnuTLS priority string. */
- const char *pidfile; /**< File to store our PID in. */
- uid_t uid; /**< User ID to run as. */
- int inetd; /**< InetD-mode toggle. */
- int anon; /**< Anon-DH toggle. */
- int verify; /**< Client certificate verify level. */
- int debug;
+ gnutls_priority_t priority;
+ /**< GnuTLS priority string. */
+ const char *pidfile;
+ /**< File to store our PID in. */
+ uid_t uid;
+ /**< User ID to run as. */
+ int inetd;
+ /**< InetD-mode toggle. */
+ int anon;
+ /**< Anon-DH toggle. */
+ int verify;
+ /**< Client certificate verify level. */
+ int debug;
} crywrap_config_t;
-/** @} *//* End of the Options group */
-
-#endif /* !_CRYWRAP_H */
+ /** @} *//* End of the Options group */
+#endif /* !_CRYWRAP_H */
diff --git a/src/crywrap/primes.h b/src/crywrap/primes.h
index 50c331d39d..2ca1e1ad86 100644
--- a/src/crywrap/primes.h
+++ b/src/crywrap/primes.h
@@ -33,10 +33,9 @@
/** Initial DH primes, 1024 bits.
*/
static char _crywrap_prime_dh_1024[] = "-----BEGIN DH PARAMETERS-----\n"
-"MIGHAoGBAO6vCrmts43WnDP4CvqPxehgcmGHdf88C56iMUycJWV21nTfdJbqgdM4\n"
-"O0gT1pLG4ODV2OJQuYvkjklcHWCJ2tFdx9e0YVTWts6O9K1psV1JglWbKXvPGIXF\n"
-"KfVmZg5X7GjtvDwFcmzAL9TL9Jduqpr9UTj+g3ZDW5/GHS/A6wbjAgEC\n"
-"-----END DH PARAMETERS-----\n";
+ "MIGHAoGBAO6vCrmts43WnDP4CvqPxehgcmGHdf88C56iMUycJWV21nTfdJbqgdM4\n"
+ "O0gT1pLG4ODV2OJQuYvkjklcHWCJ2tFdx9e0YVTWts6O9K1psV1JglWbKXvPGIXF\n"
+ "KfVmZg5X7GjtvDwFcmzAL9TL9Jduqpr9UTj+g3ZDW5/GHS/A6wbjAgEC\n"
+ "-----END DH PARAMETERS-----\n";
#endif
-
diff --git a/src/danetool.c b/src/danetool.c
index 436de5413f..1f2c8e27e4 100644
--- a/src/danetool.c
+++ b/src/danetool.c
@@ -29,7 +29,7 @@
#include <gnutls/crypto.h>
#ifdef HAVE_DANE
-# include <gnutls/dane.h>
+#include <gnutls/dane.h>
#endif
#include <stdio.h>
@@ -50,12 +50,13 @@
#include "danetool-args.h"
#include "certtool-common.h"
-static void cmd_parser (int argc, char **argv);
-static void dane_info(const char* host, const char* proto, unsigned int port,
- unsigned int ca, unsigned int domain, common_info_st * cinfo);
+static void cmd_parser(int argc, char **argv);
+static void dane_info(const char *host, const char *proto,
+ unsigned int port, unsigned int ca,
+ unsigned int domain, common_info_st * cinfo);
-static void dane_check(const char* host, const char* proto, unsigned int port,
- common_info_st * cinfo);
+static void dane_check(const char *host, const char *proto,
+ unsigned int port, common_info_st * cinfo);
FILE *outfile;
static gnutls_digest_algorithm_t default_dig;
@@ -65,406 +66,420 @@ static gnutls_digest_algorithm_t default_dig;
int batch;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- cmd_parser (argc, argv);
+ cmd_parser(argc, argv);
- return 0;
+ return 0;
}
-static void
-cmd_parser (int argc, char **argv)
+static void cmd_parser(int argc, char **argv)
{
- int ret, privkey_op = 0;
- common_info_st cinfo;
- const char* proto = "tcp";
- unsigned int port = 443;
-
- optionProcess( &danetoolOptions, argc, argv);
-
- if (HAVE_OPT(OUTFILE))
- {
- outfile = safe_open_rw (OPT_ARG(OUTFILE), privkey_op);
- if (outfile == NULL)
- {
- fprintf (stderr, "%s", OPT_ARG(OUTFILE));
- exit(1);
- }
- }
- else
- outfile = stdout;
-
- default_dig = GNUTLS_DIG_UNKNOWN;
- if (HAVE_OPT(HASH))
- {
- if (strcasecmp (OPT_ARG(HASH), "md5") == 0)
- {
- fprintf (stderr,
- "Warning: MD5 is broken, and should not be used any more for digital signatures.\n");
- default_dig = GNUTLS_DIG_MD5;
- }
- else if (strcasecmp (OPT_ARG(HASH), "sha1") == 0)
- default_dig = GNUTLS_DIG_SHA1;
- else if (strcasecmp (OPT_ARG(HASH), "sha256") == 0)
- default_dig = GNUTLS_DIG_SHA256;
- else if (strcasecmp (OPT_ARG(HASH), "sha224") == 0)
- default_dig = GNUTLS_DIG_SHA224;
- else if (strcasecmp (OPT_ARG(HASH), "sha384") == 0)
- default_dig = GNUTLS_DIG_SHA384;
- else if (strcasecmp (OPT_ARG(HASH), "sha512") == 0)
- default_dig = GNUTLS_DIG_SHA512;
- else if (strcasecmp (OPT_ARG(HASH), "rmd160") == 0)
- default_dig = GNUTLS_DIG_RMD160;
- else
- {
- fprintf (stderr, "invalid hash: %s", OPT_ARG(HASH));
- exit(1);
- }
- }
-
- gnutls_global_set_log_function (tls_log_func);
-
- if (HAVE_OPT(DEBUG))
- {
- gnutls_global_set_log_level (OPT_VALUE_DEBUG);
- printf ("Setting log level to %d\n", (int)OPT_VALUE_DEBUG);
- }
-
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
+ int ret, privkey_op = 0;
+ common_info_st cinfo;
+ const char *proto = "tcp";
+ unsigned int port = 443;
+
+ optionProcess(&danetoolOptions, argc, argv);
+
+ if (HAVE_OPT(OUTFILE)) {
+ outfile = safe_open_rw(OPT_ARG(OUTFILE), privkey_op);
+ if (outfile == NULL) {
+ fprintf(stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
+ } else
+ outfile = stdout;
+
+ default_dig = GNUTLS_DIG_UNKNOWN;
+ if (HAVE_OPT(HASH)) {
+ if (strcasecmp(OPT_ARG(HASH), "md5") == 0) {
+ fprintf(stderr,
+ "Warning: MD5 is broken, and should not be used any more for digital signatures.\n");
+ default_dig = GNUTLS_DIG_MD5;
+ } else if (strcasecmp(OPT_ARG(HASH), "sha1") == 0)
+ default_dig = GNUTLS_DIG_SHA1;
+ else if (strcasecmp(OPT_ARG(HASH), "sha256") == 0)
+ default_dig = GNUTLS_DIG_SHA256;
+ else if (strcasecmp(OPT_ARG(HASH), "sha224") == 0)
+ default_dig = GNUTLS_DIG_SHA224;
+ else if (strcasecmp(OPT_ARG(HASH), "sha384") == 0)
+ default_dig = GNUTLS_DIG_SHA384;
+ else if (strcasecmp(OPT_ARG(HASH), "sha512") == 0)
+ default_dig = GNUTLS_DIG_SHA512;
+ else if (strcasecmp(OPT_ARG(HASH), "rmd160") == 0)
+ default_dig = GNUTLS_DIG_RMD160;
+ else {
+ fprintf(stderr, "invalid hash: %s", OPT_ARG(HASH));
+ exit(1);
+ }
+ }
+
+ gnutls_global_set_log_function(tls_log_func);
+
+ if (HAVE_OPT(DEBUG)) {
+ gnutls_global_set_log_level(OPT_VALUE_DEBUG);
+ printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG);
+ }
+
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
#ifdef ENABLE_PKCS11
- pkcs11_common();
+ pkcs11_common();
#endif
- memset (&cinfo, 0, sizeof (cinfo));
-
- if (HAVE_OPT(INDER) || HAVE_OPT(INRAW))
- cinfo.incert_format = GNUTLS_X509_FMT_DER;
- else
- cinfo.incert_format = GNUTLS_X509_FMT_PEM;
-
- if (HAVE_OPT(VERBOSE))
- cinfo.verbose = 1;
-
- if (HAVE_OPT(LOAD_PUBKEY))
- cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
-
- if (HAVE_OPT(LOAD_CERTIFICATE))
- cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
-
- if (HAVE_OPT(PORT))
- port = OPT_VALUE_PORT;
- if (HAVE_OPT(PROTO))
- proto = OPT_ARG(PROTO);
-
- if (HAVE_OPT(TLSA_RR))
- dane_info (OPT_ARG(HOST), proto, port,
- HAVE_OPT(CA), ENABLED_OPT(DOMAIN), &cinfo);
- else if (HAVE_OPT(CHECK))
- dane_check (OPT_ARG(CHECK), proto, port,
- &cinfo);
- else
- USAGE(1);
-
- fclose (outfile);
+ memset(&cinfo, 0, sizeof(cinfo));
+
+ if (HAVE_OPT(INDER) || HAVE_OPT(INRAW))
+ cinfo.incert_format = GNUTLS_X509_FMT_DER;
+ else
+ cinfo.incert_format = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(VERBOSE))
+ cinfo.verbose = 1;
+
+ if (HAVE_OPT(LOAD_PUBKEY))
+ cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
+
+ if (HAVE_OPT(LOAD_CERTIFICATE))
+ cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
+
+ if (HAVE_OPT(PORT))
+ port = OPT_VALUE_PORT;
+ if (HAVE_OPT(PROTO))
+ proto = OPT_ARG(PROTO);
+
+ if (HAVE_OPT(TLSA_RR))
+ dane_info(OPT_ARG(HOST), proto, port,
+ HAVE_OPT(CA), ENABLED_OPT(DOMAIN), &cinfo);
+ else if (HAVE_OPT(CHECK))
+ dane_check(OPT_ARG(CHECK), proto, port, &cinfo);
+ else
+ USAGE(1);
+
+ fclose(outfile);
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_deinit ();
+ gnutls_pkcs11_deinit();
#endif
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
-static void dane_check(const char* host, const char* proto, unsigned int port,
- common_info_st * cinfo)
+static void dane_check(const char *host, const char *proto,
+ unsigned int port, common_info_st * cinfo)
{
#ifdef HAVE_DANE
-dane_state_t s;
-dane_query_t q;
-int ret, retcode = 0;
-unsigned entries;
-unsigned int flags = DANE_F_IGNORE_LOCAL_RESOLVER, i;
-unsigned int usage, type, match;
-gnutls_datum_t data, file;
-size_t size;
-unsigned vflags = DANE_VFLAG_FAIL_IF_NOT_CHECKED;
-
- if (ENABLED_OPT(LOCAL_DNS))
- flags = 0;
-
- if (HAVE_OPT(INSECURE))
- flags |= DANE_F_INSECURE;
-
- if (HAVE_OPT(CHECK_EE))
- vflags |= DANE_VFLAG_ONLY_CHECK_EE_USAGE;
-
- if (HAVE_OPT(CHECK_CA))
- vflags |= DANE_VFLAG_ONLY_CHECK_CA_USAGE;
-
- printf("Querying %s (%s:%d)...\n", host, proto, port);
- ret = dane_state_init(&s, flags);
- if (ret < 0)
- {
- fprintf (stderr, "dane_state_init: %s\n", dane_strerror (ret));
- exit(1);
- }
-
- if (HAVE_OPT(DLV))
- {
- ret = dane_state_set_dlv_file(s, OPT_ARG(DLV));
- if (ret < 0)
- {
- fprintf (stderr, "dane_state_set_dlv_file: %s\n", dane_strerror (ret));
- exit(1);
- }
- }
-
- ret = dane_query_tlsa(s, &q, host, proto, port);
- if (ret < 0)
- {
- fprintf (stderr, "dane_query_tlsa: %s\n", dane_strerror (ret));
- exit(1);
- }
-
- entries = dane_query_entries(q);
- for (i=0;i<entries;i++)
- {
- ret = dane_query_data(q, i, &usage, &type, &match, &data);
- if (ret < 0)
- {
- fprintf (stderr, "dane_query_data: %s\n", dane_strerror (ret));
- exit(1);
- }
-
-
- size = buffer_size;
- ret = gnutls_hex_encode(&data, (void*)buffer, &size);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_hex_encode: %s\n", dane_strerror (ret));
- exit(1);
- }
-
- if (entries > 1) printf("\nEntry %d:\n", i+1);
-
- fprintf(outfile, "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n", port, proto, host, usage, type, match, buffer);
- printf("Certificate usage: %s (%.2x)\n", dane_cert_usage_name(usage), usage);
- printf("Certificate type: %s (%.2x)\n", dane_cert_type_name(type), type);
- printf("Contents: %s (%.2x)\n", dane_match_type_name(match), match);
- printf("Data: %s\n", buffer);
-
- /* Verify the DANE data */
- if (cinfo->cert)
- {
- gnutls_x509_crt_t *clist;
- unsigned int clist_size, status;
-
- ret = gnutls_load_file(cinfo->cert, &file);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_load_file: %s\n", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_x509_crt_list_import2( &clist, &clist_size, &file, cinfo->incert_format, 0);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_list_import2: %s\n", gnutls_strerror (ret));
- exit(1);
- }
-
- if (clist_size > 0)
- {
- gnutls_datum_t certs[clist_size];
- gnutls_datum_t out;
- unsigned int i;
-
- for (i=0;i<clist_size;i++)
- {
- ret = gnutls_x509_crt_export2( clist[i], GNUTLS_X509_FMT_DER, &certs[i]);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_export2: %s\n", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- ret = dane_verify_crt( s, certs, clist_size, GNUTLS_CRT_X509,
- host, proto, port, 0, vflags, &status);
- if (ret < 0)
- {
- fprintf (stderr, "dane_verify_crt: %s\n", dane_strerror (ret));
- exit(1);
- }
-
- ret = dane_verification_status_print(status, &out, 0);
- if (ret < 0)
- {
- fprintf( stderr, "dane_verification_status_print: %s\n", dane_strerror (ret));
- exit(1);
- }
-
- printf("\nVerification: %s\n", out.data);
- gnutls_free(out.data);
-
- if (status != 0) retcode = 1;
-
- for (i=0;i<clist_size;i++)
- {
- gnutls_free(certs[i].data);
- gnutls_x509_crt_deinit(clist[i]);
- }
- gnutls_free(clist);
- }
- }
- else
- {
- fprintf(stderr, "\nCertificate was not verified. Use --load-certificate.\n");
- }
- }
-
-
- dane_query_deinit(q);
- dane_state_deinit(s);
-
- exit(retcode);
+ dane_state_t s;
+ dane_query_t q;
+ int ret, retcode = 0;
+ unsigned entries;
+ unsigned int flags = DANE_F_IGNORE_LOCAL_RESOLVER, i;
+ unsigned int usage, type, match;
+ gnutls_datum_t data, file;
+ size_t size;
+ unsigned vflags = DANE_VFLAG_FAIL_IF_NOT_CHECKED;
+
+ if (ENABLED_OPT(LOCAL_DNS))
+ flags = 0;
+
+ if (HAVE_OPT(INSECURE))
+ flags |= DANE_F_INSECURE;
+
+ if (HAVE_OPT(CHECK_EE))
+ vflags |= DANE_VFLAG_ONLY_CHECK_EE_USAGE;
+
+ if (HAVE_OPT(CHECK_CA))
+ vflags |= DANE_VFLAG_ONLY_CHECK_CA_USAGE;
+
+ printf("Querying %s (%s:%d)...\n", host, proto, port);
+ ret = dane_state_init(&s, flags);
+ if (ret < 0) {
+ fprintf(stderr, "dane_state_init: %s\n",
+ dane_strerror(ret));
+ exit(1);
+ }
+
+ if (HAVE_OPT(DLV)) {
+ ret = dane_state_set_dlv_file(s, OPT_ARG(DLV));
+ if (ret < 0) {
+ fprintf(stderr, "dane_state_set_dlv_file: %s\n",
+ dane_strerror(ret));
+ exit(1);
+ }
+ }
+
+ ret = dane_query_tlsa(s, &q, host, proto, port);
+ if (ret < 0) {
+ fprintf(stderr, "dane_query_tlsa: %s\n",
+ dane_strerror(ret));
+ exit(1);
+ }
+
+ entries = dane_query_entries(q);
+ for (i = 0; i < entries; i++) {
+ ret = dane_query_data(q, i, &usage, &type, &match, &data);
+ if (ret < 0) {
+ fprintf(stderr, "dane_query_data: %s\n",
+ dane_strerror(ret));
+ exit(1);
+ }
+
+
+ size = buffer_size;
+ ret = gnutls_hex_encode(&data, (void *) buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_hex_encode: %s\n",
+ dane_strerror(ret));
+ exit(1);
+ }
+
+ if (entries > 1)
+ printf("\nEntry %d:\n", i + 1);
+
+ fprintf(outfile,
+ "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n",
+ port, proto, host, usage, type, match, buffer);
+ printf("Certificate usage: %s (%.2x)\n",
+ dane_cert_usage_name(usage), usage);
+ printf("Certificate type: %s (%.2x)\n",
+ dane_cert_type_name(type), type);
+ printf("Contents: %s (%.2x)\n",
+ dane_match_type_name(match), match);
+ printf("Data: %s\n", buffer);
+
+ /* Verify the DANE data */
+ if (cinfo->cert) {
+ gnutls_x509_crt_t *clist;
+ unsigned int clist_size, status;
+
+ ret = gnutls_load_file(cinfo->cert, &file);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_load_file: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_list_import2(&clist,
+ &clist_size,
+ &file,
+ cinfo->
+ incert_format, 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_list_import2: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (clist_size > 0) {
+ gnutls_datum_t certs[clist_size];
+ gnutls_datum_t out;
+ unsigned int i;
+
+ for (i = 0; i < clist_size; i++) {
+ ret =
+ gnutls_x509_crt_export2(clist
+ [i],
+ GNUTLS_X509_FMT_DER,
+ &certs
+ [i]);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_export2: %s\n",
+ gnutls_strerror
+ (ret));
+ exit(1);
+ }
+ }
+
+ ret =
+ dane_verify_crt(s, certs, clist_size,
+ GNUTLS_CRT_X509, host,
+ proto, port, 0, vflags,
+ &status);
+ if (ret < 0) {
+ fprintf(stderr,
+ "dane_verify_crt: %s\n",
+ dane_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ dane_verification_status_print(status,
+ &out,
+ 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "dane_verification_status_print: %s\n",
+ dane_strerror(ret));
+ exit(1);
+ }
+
+ printf("\nVerification: %s\n", out.data);
+ gnutls_free(out.data);
+
+ if (status != 0)
+ retcode = 1;
+
+ for (i = 0; i < clist_size; i++) {
+ gnutls_free(certs[i].data);
+ gnutls_x509_crt_deinit(clist[i]);
+ }
+ gnutls_free(clist);
+ }
+ } else {
+ fprintf(stderr,
+ "\nCertificate was not verified. Use --load-certificate.\n");
+ }
+ }
+
+
+ dane_query_deinit(q);
+ dane_state_deinit(s);
+
+ exit(retcode);
#else
- fprintf(stderr, "This functionality was disabled (GnuTLS was not compiled with support for DANE).\n");
- return;
+ fprintf(stderr,
+ "This functionality was disabled (GnuTLS was not compiled with support for DANE).\n");
+ return;
#endif
}
-static void dane_info(const char* host, const char* proto, unsigned int port,
- unsigned int ca, unsigned int domain, common_info_st * cinfo)
+static void dane_info(const char *host, const char *proto,
+ unsigned int port, unsigned int ca,
+ unsigned int domain, common_info_st * cinfo)
{
- gnutls_pubkey_t pubkey;
- gnutls_x509_crt_t crt;
- unsigned char digest[64];
- gnutls_datum_t t;
- int ret;
- unsigned int usage, selector, type;
- size_t size;
-
- if (proto == NULL)
- proto = "tcp";
- if (port == 0)
- port = 443;
-
- crt = load_cert (0, cinfo);
- if (crt != NULL && HAVE_OPT(X509))
- {
- selector = 0; /* X.509 */
-
- size = buffer_size;
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, buffer, &size);
- if (ret < 0)
- {
- fprintf( stderr, "export error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
-
- gnutls_x509_crt_deinit (crt);
- }
- else /* use public key only */
- {
- selector = 1;
-
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- {
- fprintf (stderr, "pubkey_init: %s\n", gnutls_strerror (ret));
- exit(1);
- }
-
- if (crt != NULL)
- {
-
- ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- {
- fprintf (stderr, "pubkey_import_x509: %s\n",
- gnutls_strerror (ret));
- exit(1);
- }
-
- size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
- if (ret < 0)
- {
- fprintf( stderr, "pubkey_export: %s\n",
- gnutls_strerror (ret));
- exit(1);
- }
-
- gnutls_x509_crt_deinit(crt);
- }
- else
- {
- pubkey = load_pubkey (1, cinfo);
-
- size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
- if (ret < 0)
- {
- fprintf (stderr, "export error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- gnutls_pubkey_deinit (pubkey);
- }
-
- if (default_dig != GNUTLS_DIG_SHA256 && default_dig != GNUTLS_DIG_SHA512)
- {
- if (default_dig != GNUTLS_DIG_UNKNOWN) fprintf(stderr, "Unsupported digest. Assuming SHA256.\n");
- default_dig = GNUTLS_DIG_SHA256;
- }
-
- ret = gnutls_hash_fast(default_dig, buffer, size, digest);
- if (ret < 0)
- {
- fprintf( stderr, "hash error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
-
- if (default_dig == GNUTLS_DIG_SHA256)
- type = 1;
- else type = 2;
-
- /* DANE certificate classification crap */
- if (domain==0)
- {
- if (ca) usage = 0;
- else usage = 1;
- }
- else
- {
- if (ca) usage = 2;
- else usage = 3;
- }
-
- t.data = digest;
- t.size = gnutls_hash_get_len(default_dig);
-
- size = buffer_size;
- ret = gnutls_hex_encode(&t, (void*)buffer, &size);
- if (ret < 0)
- {
- fprintf (stderr, "hex encode error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf(outfile, "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n", port, proto, host, usage, selector, type, buffer);
+ gnutls_pubkey_t pubkey;
+ gnutls_x509_crt_t crt;
+ unsigned char digest[64];
+ gnutls_datum_t t;
+ int ret;
+ unsigned int usage, selector, type;
+ size_t size;
+
+ if (proto == NULL)
+ proto = "tcp";
+ if (port == 0)
+ port = 443;
+
+ crt = load_cert(0, cinfo);
+ if (crt != NULL && HAVE_OPT(X509)) {
+ selector = 0; /* X.509 */
+
+ size = buffer_size;
+ ret =
+ gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER,
+ buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_x509_crt_deinit(crt);
+ } else { /* use public key only */
+
+ selector = 1;
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ fprintf(stderr, "pubkey_init: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (crt != NULL) {
+
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0) {
+ fprintf(stderr, "pubkey_import_x509: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ size = buffer_size;
+ ret =
+ gnutls_pubkey_export(pubkey,
+ GNUTLS_X509_FMT_DER,
+ buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "pubkey_export: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_x509_crt_deinit(crt);
+ } else {
+ pubkey = load_pubkey(1, cinfo);
+
+ size = buffer_size;
+ ret =
+ gnutls_pubkey_export(pubkey,
+ GNUTLS_X509_FMT_DER,
+ buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "export error: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ gnutls_pubkey_deinit(pubkey);
+ }
+
+ if (default_dig != GNUTLS_DIG_SHA256
+ && default_dig != GNUTLS_DIG_SHA512) {
+ if (default_dig != GNUTLS_DIG_UNKNOWN)
+ fprintf(stderr,
+ "Unsupported digest. Assuming SHA256.\n");
+ default_dig = GNUTLS_DIG_SHA256;
+ }
+
+ ret = gnutls_hash_fast(default_dig, buffer, size, digest);
+ if (ret < 0) {
+ fprintf(stderr, "hash error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (default_dig == GNUTLS_DIG_SHA256)
+ type = 1;
+ else
+ type = 2;
+
+ /* DANE certificate classification crap */
+ if (domain == 0) {
+ if (ca)
+ usage = 0;
+ else
+ usage = 1;
+ } else {
+ if (ca)
+ usage = 2;
+ else
+ usage = 3;
+ }
+
+ t.data = digest;
+ t.size = gnutls_hash_get_len(default_dig);
+
+ size = buffer_size;
+ ret = gnutls_hex_encode(&t, (void *) buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "hex encode error: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n",
+ port, proto, host, usage, selector, type, buffer);
}
diff --git a/src/inline_cmds.h b/src/inline_cmds.h
index 49bc5dd120..5cff93362a 100755
--- a/src/inline_cmds.h
+++ b/src/inline_cmds.h
@@ -38,37 +38,33 @@
* For ex: if --inline-commands-prefix=@, the inline commands will be
* @resume@, @renegotiate@, etc...
*/
-typedef enum INLINE_COMMAND
-{ INLINE_COMMAND_NONE,
- INLINE_COMMAND_RESUME,
- INLINE_COMMAND_RENEGOTIATE
+typedef enum INLINE_COMMAND { INLINE_COMMAND_NONE,
+ INLINE_COMMAND_RESUME,
+ INLINE_COMMAND_RENEGOTIATE
} inline_command_t;
#define NUM_INLINE_COMMANDS 2
#define MAX_INLINE_COMMAND_BYTES 20
-typedef struct inline_cmds
-{
- char *current_ptr; /* points to the start of the current buffer being processed */
- char *new_buffer_ptr; /* points to start or offset within the caller's buffer,
- * and refers to bytes yet to be processed. */
- inline_command_t cmd_found;
- int lf_found;
- int bytes_to_flush;
- ssize_t bytes_copied;
- char inline_cmd_buffer[MAX_INLINE_COMMAND_BYTES];
+typedef struct inline_cmds {
+ char *current_ptr; /* points to the start of the current buffer being processed */
+ char *new_buffer_ptr; /* points to start or offset within the caller's buffer,
+ * and refers to bytes yet to be processed. */
+ inline_command_t cmd_found;
+ int lf_found;
+ int bytes_to_flush;
+ ssize_t bytes_copied;
+ char inline_cmd_buffer[MAX_INLINE_COMMAND_BYTES];
} inline_cmds_st;
-struct inline_command_definitions
-{
- int command;
- char string[MAX_INLINE_COMMAND_BYTES];
+struct inline_command_definitions {
+ int command;
+ char string[MAX_INLINE_COMMAND_BYTES];
};
/* All inline commands will contain a trailing LF */
-struct inline_command_definitions inline_commands_def[] =
-{
- {INLINE_COMMAND_RESUME, "^resume^\n"},
- {INLINE_COMMAND_RENEGOTIATE, "^renegotiate^\n"},
+struct inline_command_definitions inline_commands_def[] = {
+ {INLINE_COMMAND_RESUME, "^resume^\n"},
+ {INLINE_COMMAND_RENEGOTIATE, "^renegotiate^\n"},
};
diff --git a/src/list.h b/src/list.h
index 17a7aa1ce1..0cccd25857 100644
--- a/src/list.h
+++ b/src/list.h
@@ -132,17 +132,15 @@ int main (int argc, char **argv)
the consecutive list-item, or the pre-consecutive list-item.
this obviates the need for a hash table for 99% of
cercumstances the time */
-struct list
-{
- long length;
- long item_size;
- struct list_item
- {
- struct list_item *next;
- struct list_item *prev;
- char data[1];
- } *head, *tail, *search;
- void (*free_func) (struct list_item *);
+struct list {
+ long length;
+ long item_size;
+ struct list_item {
+ struct list_item *next;
+ struct list_item *prev;
+ char data[1];
+ } *head, *tail, *search;
+ void (*free_func) (struct list_item *);
};
/* declare a list of type `x', also called `x' having members `typelist' */
@@ -446,4 +444,4 @@ struct list
free (__t); \
} \
-#endif /* _LIST_H */
+#endif /* _LIST_H */
diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c
index 4bc3f59341..42ca2fee96 100644
--- a/src/ocsptool-common.c
+++ b/src/ocsptool-common.c
@@ -46,271 +46,259 @@
static char buffer[MAX_BUF + 1];
/* returns the host part of a URL */
-static const char* host_from_url(const char* url, unsigned int* port)
+static const char *host_from_url(const char *url, unsigned int *port)
{
-static char hostname[512];
-char * p;
-
- *port = 0;
-
- if ((p=strstr(url, "http://")) != NULL)
- {
- snprintf(hostname, sizeof(hostname), "%s", p+7);
- p = strchr(hostname, '/');
- if (p != NULL) *p = 0;
-
- p = strchr(hostname, ':');
- if (p != NULL) {
- *p = 0;
- *port = atoi(p+1);
- }
-
- return hostname;
- }
- else
- {
- return url;
- }
+ static char hostname[512];
+ char *p;
+
+ *port = 0;
+
+ if ((p = strstr(url, "http://")) != NULL) {
+ snprintf(hostname, sizeof(hostname), "%s", p + 7);
+ p = strchr(hostname, '/');
+ if (p != NULL)
+ *p = 0;
+
+ p = strchr(hostname, ':');
+ if (p != NULL) {
+ *p = 0;
+ *port = atoi(p + 1);
+ }
+
+ return hostname;
+ } else {
+ return url;
+ }
}
void
-_generate_request (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- gnutls_datum_t * rdata, int nonce)
+_generate_request(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ gnutls_datum_t * rdata, int nonce)
{
- gnutls_ocsp_req_t req;
- int ret;
-
- ret = gnutls_ocsp_req_init (&req);
- if (ret < 0)
- {
- fprintf( stderr, "ocsp_req_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_ocsp_req_add_cert (req, GNUTLS_DIG_SHA1,
- issuer, cert);
- if (ret < 0)
- {
- fprintf( stderr, "ocsp_req_add_cert: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (nonce)
- {
- unsigned char noncebuf[23];
- gnutls_datum_t nonce = { noncebuf, sizeof (noncebuf) };
-
- ret = gnutls_rnd (GNUTLS_RND_RANDOM, nonce.data, nonce.size);
- if (ret < 0)
- {
- fprintf( stderr, "gnutls_rnd: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_ocsp_req_set_nonce (req, 0, &nonce);
- if (ret < 0)
- {
- fprintf( stderr, "ocsp_req_set_nonce: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
-
- ret = gnutls_ocsp_req_export (req, rdata);
- if (ret != 0)
- {
- fprintf( stderr, "ocsp_req_export: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- gnutls_ocsp_req_deinit (req);
- return;
+ gnutls_ocsp_req_t req;
+ int ret;
+
+ ret = gnutls_ocsp_req_init(&req);
+ if (ret < 0) {
+ fprintf(stderr, "ocsp_req_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1, issuer, cert);
+ if (ret < 0) {
+ fprintf(stderr, "ocsp_req_add_cert: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (nonce) {
+ unsigned char noncebuf[23];
+ gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) };
+
+ ret =
+ gnutls_rnd(GNUTLS_RND_RANDOM, nonce.data, nonce.size);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_rnd: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_set_nonce(req, 0, &nonce);
+ if (ret < 0) {
+ fprintf(stderr, "ocsp_req_set_nonce: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ ret = gnutls_ocsp_req_export(req, rdata);
+ if (ret != 0) {
+ fprintf(stderr, "ocsp_req_export: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_ocsp_req_deinit(req);
+ return;
}
-static size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp)
+static size_t get_data(void *buffer, size_t size, size_t nmemb,
+ void *userp)
{
-gnutls_datum_t *ud = userp;
-
- size *= nmemb;
-
- ud->data = realloc(ud->data, size+ud->size);
- if (ud->data == NULL)
- {
- fprintf(stderr, "Not enough memory for the request\n");
- exit(1);
- }
-
- memcpy(&ud->data[ud->size], buffer, size);
- ud->size += size;
-
- return size;
+ gnutls_datum_t *ud = userp;
+
+ size *= nmemb;
+
+ ud->data = realloc(ud->data, size + ud->size);
+ if (ud->data == NULL) {
+ fprintf(stderr, "Not enough memory for the request\n");
+ exit(1);
+ }
+
+ memcpy(&ud->data[ud->size], buffer, size);
+ ud->size += size;
+
+ return size;
}
/* Returns 0 on ok, and -1 on error */
-int send_ocsp_request(const char* server,
- gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- gnutls_datum_t * resp_data, int nonce)
+int send_ocsp_request(const char *server,
+ gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ gnutls_datum_t * resp_data, int nonce)
{
-gnutls_datum_t ud;
-int ret;
-gnutls_datum_t req;
-char* url = (void*)server;
-char headers[1024];
-char service[16];
-unsigned char * p;
-const char *hostname;
-unsigned int headers_size = 0, port;
-socket_st hd;
-
- sockets_init ();
-
- if (url == NULL)
- {
- /* try to read URL from issuer certificate */
- gnutls_datum_t data;
-
- ret = gnutls_x509_crt_get_authority_info_access(cert, 0,
- GNUTLS_IA_OCSP_URI, &data, NULL);
-
- if (ret < 0)
- ret = gnutls_x509_crt_get_authority_info_access(issuer, 0,
- GNUTLS_IA_OCSP_URI, &data, NULL);
- if (ret < 0)
- {
- fprintf(stderr, "Cannot find URL from issuer: %s\n", gnutls_strerror(ret));
- return -1;
- }
-
- url = malloc(data.size+1);
- memcpy(url, data.data, data.size);
- url[data.size] = 0;
-
- gnutls_free(data.data);
- }
-
- hostname = host_from_url(url, &port);
- if (port != 0)
- snprintf(service, sizeof(service), "%u", port);
- else strcpy(service, "80");
-
- fprintf(stderr, "Connecting to OCSP server: %s...\n", hostname);
-
- memset(&ud, 0, sizeof(ud));
-
- _generate_request(cert, issuer, &req, nonce);
-
- snprintf(headers, sizeof(headers), HEADER_PATTERN, hostname, (unsigned int)req.size);
- headers_size = strlen(headers);
-
- socket_open(&hd, hostname, service, 0);
-
- socket_send(&hd, headers, headers_size);
- socket_send(&hd, req.data, req.size);
-
- do {
- ret = socket_recv(&hd, buffer, sizeof(buffer));
- if (ret > 0) get_data(buffer, ret, 1, &ud);
- } while(ret > 0);
-
- if (ret < 0 || ud.size == 0)
- {
- perror("recv");
- return -1;
- }
-
- socket_bye(&hd);
-
- p = memmem(ud.data, ud.size, "\r\n\r\n", 4);
- if (p == NULL)
- {
- fprintf(stderr, "Cannot interpret HTTP response\n");
- return -1;
- }
-
- p += 4;
- resp_data->size = ud.size - (p - ud.data);
- resp_data->data = malloc(resp_data->size);
- if (resp_data->data == NULL)
- return -1;
-
- memcpy(resp_data->data, p, resp_data->size);
-
- free(ud.data);
-
- return 0;
+ gnutls_datum_t ud;
+ int ret;
+ gnutls_datum_t req;
+ char *url = (void *) server;
+ char headers[1024];
+ char service[16];
+ unsigned char *p;
+ const char *hostname;
+ unsigned int headers_size = 0, port;
+ socket_st hd;
+
+ sockets_init();
+
+ if (url == NULL) {
+ /* try to read URL from issuer certificate */
+ gnutls_datum_t data;
+
+ ret = gnutls_x509_crt_get_authority_info_access(cert, 0,
+ GNUTLS_IA_OCSP_URI,
+ &data,
+ NULL);
+
+ if (ret < 0)
+ ret =
+ gnutls_x509_crt_get_authority_info_access
+ (issuer, 0, GNUTLS_IA_OCSP_URI, &data, NULL);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Cannot find URL from issuer: %s\n",
+ gnutls_strerror(ret));
+ return -1;
+ }
+
+ url = malloc(data.size + 1);
+ memcpy(url, data.data, data.size);
+ url[data.size] = 0;
+
+ gnutls_free(data.data);
+ }
+
+ hostname = host_from_url(url, &port);
+ if (port != 0)
+ snprintf(service, sizeof(service), "%u", port);
+ else
+ strcpy(service, "80");
+
+ fprintf(stderr, "Connecting to OCSP server: %s...\n", hostname);
+
+ memset(&ud, 0, sizeof(ud));
+
+ _generate_request(cert, issuer, &req, nonce);
+
+ snprintf(headers, sizeof(headers), HEADER_PATTERN, hostname,
+ (unsigned int) req.size);
+ headers_size = strlen(headers);
+
+ socket_open(&hd, hostname, service, 0);
+
+ socket_send(&hd, headers, headers_size);
+ socket_send(&hd, req.data, req.size);
+
+ do {
+ ret = socket_recv(&hd, buffer, sizeof(buffer));
+ if (ret > 0)
+ get_data(buffer, ret, 1, &ud);
+ } while (ret > 0);
+
+ if (ret < 0 || ud.size == 0) {
+ perror("recv");
+ return -1;
+ }
+
+ socket_bye(&hd);
+
+ p = memmem(ud.data, ud.size, "\r\n\r\n", 4);
+ if (p == NULL) {
+ fprintf(stderr, "Cannot interpret HTTP response\n");
+ return -1;
+ }
+
+ p += 4;
+ resp_data->size = ud.size - (p - ud.data);
+ resp_data->data = malloc(resp_data->size);
+ if (resp_data->data == NULL)
+ return -1;
+
+ memcpy(resp_data->data, p, resp_data->size);
+
+ free(ud.data);
+
+ return 0;
}
-void
-print_ocsp_verify_res (unsigned int output)
+void print_ocsp_verify_res(unsigned int output)
{
- int comma = 0;
-
- if (output)
- {
- printf ("Failure");
- comma = 1;
- }
- else
- {
- printf ("Success");
- comma = 1;
- }
-
- if (output & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND)
- {
- if (comma)
- printf (", ");
- printf ("Signer cert not found");
- comma = 1;
- }
-
- if (output & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR)
- {
- if (comma)
- printf (", ");
- printf ("Signer cert keyusage error");
- comma = 1;
- }
-
- if (output & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER)
- {
- if (comma)
- printf (", ");
- printf ("Signer cert is not trusted");
- comma = 1;
- }
-
- if (output & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM)
- {
- if (comma)
- printf (", ");
- printf ("Insecure algorithm");
- comma = 1;
- }
-
- if (output & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE)
- {
- if (comma)
- printf (", ");
- printf ("Signature failure");
- comma = 1;
- }
-
- if (output & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED)
- {
- if (comma)
- printf (", ");
- printf ("Signer cert not yet activated");
- comma = 1;
- }
-
- if (output & GNUTLS_OCSP_VERIFY_CERT_EXPIRED)
- {
- if (comma)
- printf (", ");
- printf ("Signer cert expired");
- comma = 1;
- }
+ int comma = 0;
+
+ if (output) {
+ printf("Failure");
+ comma = 1;
+ } else {
+ printf("Success");
+ comma = 1;
+ }
+
+ if (output & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND) {
+ if (comma)
+ printf(", ");
+ printf("Signer cert not found");
+ comma = 1;
+ }
+
+ if (output & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR) {
+ if (comma)
+ printf(", ");
+ printf("Signer cert keyusage error");
+ comma = 1;
+ }
+
+ if (output & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) {
+ if (comma)
+ printf(", ");
+ printf("Signer cert is not trusted");
+ comma = 1;
+ }
+
+ if (output & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) {
+ if (comma)
+ printf(", ");
+ printf("Insecure algorithm");
+ comma = 1;
+ }
+
+ if (output & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE) {
+ if (comma)
+ printf(", ");
+ printf("Signature failure");
+ comma = 1;
+ }
+
+ if (output & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED) {
+ if (comma)
+ printf(", ");
+ printf("Signer cert not yet activated");
+ comma = 1;
+ }
+
+ if (output & GNUTLS_OCSP_VERIFY_CERT_EXPIRED) {
+ if (comma)
+ printf(", ");
+ printf("Signer cert expired");
+ comma = 1;
+ }
}
/* three days */
@@ -322,101 +310,96 @@ print_ocsp_verify_res (unsigned int output)
* -1: dunno
*/
int
-check_ocsp_response (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer,
- gnutls_datum_t *data)
+check_ocsp_response(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer, gnutls_datum_t * data)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- unsigned int status, cert_status;
- time_t rtime, vtime, ntime, now;
-
- now = time(0);
-
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- {
- fprintf(stderr, "ocsp_resp_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- {
- fprintf(stderr, "importing response: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
- if (ret < 0)
- {
- printf ("*** Got OCSP response on an unrelated certificate (ignoring)\n");
- ret = -1;
- goto cleanup;
- }
-
- ret = gnutls_ocsp_resp_verify_direct( resp, issuer, &status, 0);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_ocsp_resp_verify_direct: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- if (status != 0)
- {
- printf ("*** Verifying OCSP Response: ");
- print_ocsp_verify_res (status);
- printf (".\n");
- }
-
- /* do not print revocation data if response was not verified */
- if (status != 0)
- {
- ret = -1;
- goto cleanup;
- }
-
- ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
- &cert_status, &vtime, &ntime, &rtime, NULL);
- if (ret < 0)
- {
- fprintf(stderr, "reading response: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (cert_status == GNUTLS_OCSP_CERT_REVOKED)
- {
- printf("*** Certificate was revoked at %s", ctime(&rtime));
- ret = 0;
- goto cleanup;
- }
-
- if (ntime == -1)
- {
- if (now - vtime > OCSP_VALIDITY_SECS)
- {
- printf("*** The OCSP response is old (was issued at: %s) ignoring", ctime(&vtime));
- ret = -1;
- goto cleanup;
- }
- }
- else
- {
- /* there is a newer OCSP answer, don't trust this one */
- if (ntime < now)
- {
- printf("*** The OCSP response was issued at: %s, but there is a newer issue at %s", ctime(&vtime), ctime(&ntime));
- ret = -1;
- goto cleanup;
- }
- }
-
- printf("- OCSP server flags certificate not revoked as of %s", ctime(&vtime));
- ret = 1;
-cleanup:
- gnutls_ocsp_resp_deinit (resp);
-
- return ret;
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ unsigned int status, cert_status;
+ time_t rtime, vtime, ntime, now;
+
+ now = time(0);
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0) {
+ fprintf(stderr, "ocsp_resp_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0) {
+ fprintf(stderr, "importing response: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
+ if (ret < 0) {
+ printf
+ ("*** Got OCSP response on an unrelated certificate (ignoring)\n");
+ ret = -1;
+ goto cleanup;
+ }
+
+ ret = gnutls_ocsp_resp_verify_direct(resp, issuer, &status, 0);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_ocsp_resp_verify_direct: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (status != 0) {
+ printf("*** Verifying OCSP Response: ");
+ print_ocsp_verify_res(status);
+ printf(".\n");
+ }
+
+ /* do not print revocation data if response was not verified */
+ if (status != 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
+ ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
+ &cert_status, &vtime, &ntime,
+ &rtime, NULL);
+ if (ret < 0) {
+ fprintf(stderr, "reading response: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (cert_status == GNUTLS_OCSP_CERT_REVOKED) {
+ printf("*** Certificate was revoked at %s", ctime(&rtime));
+ ret = 0;
+ goto cleanup;
+ }
+
+ if (ntime == -1) {
+ if (now - vtime > OCSP_VALIDITY_SECS) {
+ printf
+ ("*** The OCSP response is old (was issued at: %s) ignoring",
+ ctime(&vtime));
+ ret = -1;
+ goto cleanup;
+ }
+ } else {
+ /* there is a newer OCSP answer, don't trust this one */
+ if (ntime < now) {
+ printf
+ ("*** The OCSP response was issued at: %s, but there is a newer issue at %s",
+ ctime(&vtime), ctime(&ntime));
+ ret = -1;
+ goto cleanup;
+ }
+ }
+
+ printf("- OCSP server flags certificate not revoked as of %s",
+ ctime(&vtime));
+ ret = 1;
+ cleanup:
+ gnutls_ocsp_resp_deinit(resp);
+
+ return ret;
}
-
diff --git a/src/ocsptool-common.h b/src/ocsptool-common.h
index 1158b61f40..67d255eae3 100644
--- a/src/ocsptool-common.h
+++ b/src/ocsptool-common.h
@@ -23,26 +23,25 @@
#include <gnutls/ocsp.h>
-enum
- {
- ACTION_NONE,
- ACTION_REQ_INFO,
- ACTION_RESP_INFO,
- ACTION_VERIFY_RESP,
- ACTION_GEN_REQ
- };
+enum {
+ ACTION_NONE,
+ ACTION_REQ_INFO,
+ ACTION_RESP_INFO,
+ ACTION_VERIFY_RESP,
+ ACTION_GEN_REQ
+};
-extern void ocsptool_version (void);
+extern void ocsptool_version(void);
void
-_generate_request (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- gnutls_datum_t * rdata, int nonce);
-int send_ocsp_request(const char* server,
- gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- gnutls_datum_t * resp_data, int nonce);
-void
-print_ocsp_verify_res (unsigned int output);
+_generate_request(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ gnutls_datum_t * rdata, int nonce);
+int send_ocsp_request(const char *server,
+ gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ gnutls_datum_t * resp_data, int nonce);
+void print_ocsp_verify_res(unsigned int output);
int
-check_ocsp_response (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, gnutls_datum_t *data);
+check_ocsp_response(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ gnutls_datum_t * data);
#endif
diff --git a/src/ocsptool.c b/src/ocsptool.c
index cd92c1d23c..a8dcfc34e5 100644
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -42,491 +42,474 @@ FILE *infile;
static unsigned int encoding;
unsigned int verbose = 0;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-static void
-request_info (void)
+static void request_info(void)
{
- gnutls_ocsp_req_t req;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- ret = gnutls_ocsp_req_init (&req);
- if (ret < 0)
- {
- fprintf (stderr, "ocsp_req_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (HAVE_OPT(LOAD_REQUEST))
- dat.data = (void*)read_binary_file (OPT_ARG(LOAD_REQUEST), &size);
- else
- dat.data = (void*)fread_file (infile, &size);
- if (dat.data == NULL)
- {
- fprintf (stderr, "reading request");
- exit(1);
- }
- dat.size = size;
-
- ret = gnutls_ocsp_req_import (req, &dat);
- free (dat.data);
- if (ret < 0)
- {
- fprintf (stderr, "importing request: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_ocsp_req_print (req, GNUTLS_OCSP_PRINT_FULL, &dat);
- if (ret != 0)
- {
- fprintf (stderr, "ocsp_req_print: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- printf ("%.*s", dat.size, dat.data);
- gnutls_free (dat.data);
-
- gnutls_ocsp_req_deinit (req);
+ gnutls_ocsp_req_t req;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ ret = gnutls_ocsp_req_init(&req);
+ if (ret < 0) {
+ fprintf(stderr, "ocsp_req_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (HAVE_OPT(LOAD_REQUEST))
+ dat.data =
+ (void *) read_binary_file(OPT_ARG(LOAD_REQUEST),
+ &size);
+ else
+ dat.data = (void *) fread_file(infile, &size);
+ if (dat.data == NULL) {
+ fprintf(stderr, "reading request");
+ exit(1);
+ }
+ dat.size = size;
+
+ ret = gnutls_ocsp_req_import(req, &dat);
+ free(dat.data);
+ if (ret < 0) {
+ fprintf(stderr, "importing request: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &dat);
+ if (ret != 0) {
+ fprintf(stderr, "ocsp_req_print: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ printf("%.*s", dat.size, dat.data);
+ gnutls_free(dat.data);
+
+ gnutls_ocsp_req_deinit(req);
}
-static void
-_response_info (const gnutls_datum_t* data)
+static void _response_info(const gnutls_datum_t * data)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- gnutls_datum buf;
-
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- {
- fprintf (stderr, "ocsp_resp_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- {
- fprintf (stderr, "importing response: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (ENABLED_OPT(VERBOSE))
- ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_FULL, &buf);
- else
- ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_COMPACT, &buf);
- if (ret != 0)
- {
- fprintf (stderr, "ocsp_resp_print: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- printf ("%.*s", buf.size, buf.data);
- gnutls_free (buf.data);
-
- gnutls_ocsp_resp_deinit (resp);
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ gnutls_datum buf;
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0) {
+ fprintf(stderr, "ocsp_resp_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0) {
+ fprintf(stderr, "importing response: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (ENABLED_OPT(VERBOSE))
+ ret =
+ gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL,
+ &buf);
+ else
+ ret =
+ gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT,
+ &buf);
+ if (ret != 0) {
+ fprintf(stderr, "ocsp_resp_print: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ printf("%.*s", buf.size, buf.data);
+ gnutls_free(buf.data);
+
+ gnutls_ocsp_resp_deinit(resp);
}
-static void
-response_info (void)
+static void response_info(void)
{
- gnutls_datum_t dat;
- size_t size;
-
- if (HAVE_OPT(LOAD_RESPONSE))
- dat.data = (void*)read_binary_file (OPT_ARG(LOAD_RESPONSE), &size);
- else
- dat.data = (void*)fread_file (infile, &size);
- if (dat.data == NULL)
- {
- fprintf (stderr, "reading response");
- exit(1);
- }
- dat.size = size;
-
- _response_info(&dat);
- gnutls_free (dat.data);
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (HAVE_OPT(LOAD_RESPONSE))
+ dat.data =
+ (void *) read_binary_file(OPT_ARG(LOAD_RESPONSE),
+ &size);
+ else
+ dat.data = (void *) fread_file(infile, &size);
+ if (dat.data == NULL) {
+ fprintf(stderr, "reading response");
+ exit(1);
+ }
+ dat.size = size;
+
+ _response_info(&dat);
+ gnutls_free(dat.data);
}
-static gnutls_x509_crt_t
-load_issuer (void)
+static gnutls_x509_crt_t load_issuer(void)
{
- gnutls_x509_crt_t crt;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!HAVE_OPT(LOAD_ISSUER))
- {
- fprintf( stderr, "missing --load-issuer");
- exit(1);
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- dat.data = (void*)read_binary_file (OPT_ARG(LOAD_ISSUER), &size);
- dat.size = size;
-
- if (!dat.data)
- {
- fprintf (stderr, "reading --load-issuer: %s", OPT_ARG(LOAD_ISSUER));
- exit(1);
- }
-
- ret = gnutls_x509_crt_import (crt, &dat, encoding);
- free (dat.data);
- if (ret < 0)
- {
- fprintf (stderr, "importing --load-issuer: %s: %s",
- OPT_ARG(LOAD_ISSUER), gnutls_strerror (ret));
- exit(1);
- }
-
- return crt;
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!HAVE_OPT(LOAD_ISSUER)) {
+ fprintf(stderr, "missing --load-issuer");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) read_binary_file(OPT_ARG(LOAD_ISSUER), &size);
+ dat.size = size;
+
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-issuer: %s",
+ OPT_ARG(LOAD_ISSUER));
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(crt, &dat, encoding);
+ free(dat.data);
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-issuer: %s: %s",
+ OPT_ARG(LOAD_ISSUER), gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return crt;
}
-static gnutls_x509_crt_t
-load_cert (void)
+static gnutls_x509_crt_t load_cert(void)
{
- gnutls_x509_crt_t crt;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!HAVE_OPT(LOAD_CERT))
- {
- fprintf (stderr, "missing --load-cert");
- exit(1);
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- dat.data = (void*)read_binary_file (OPT_ARG(LOAD_CERT), &size);
- dat.size = size;
-
- if (!dat.data)
- {
- fprintf (stderr, "reading --load-cert: %s", OPT_ARG(LOAD_CERT));
- exit(1);
- }
-
- ret = gnutls_x509_crt_import (crt, &dat, encoding);
- free (dat.data);
- if (ret < 0)
- {
- fprintf (stderr, "importing --load-cert: %s: %s",
- OPT_ARG(LOAD_CERT), gnutls_strerror (ret));
- exit(1);
- }
-
- return crt;
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!HAVE_OPT(LOAD_CERT)) {
+ fprintf(stderr, "missing --load-cert");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data = (void *) read_binary_file(OPT_ARG(LOAD_CERT), &size);
+ dat.size = size;
+
+ if (!dat.data) {
+ fprintf(stderr, "reading --load-cert: %s",
+ OPT_ARG(LOAD_CERT));
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(crt, &dat, encoding);
+ free(dat.data);
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-cert: %s: %s",
+ OPT_ARG(LOAD_CERT), gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return crt;
}
-static void
-generate_request (void)
+static void generate_request(void)
{
- gnutls_datum_t dat;
-
- _generate_request(load_cert(), load_issuer(), &dat, ENABLED_OPT(NONCE));
+ gnutls_datum_t dat;
- fwrite (dat.data, 1, dat.size, outfile);
+ _generate_request(load_cert(), load_issuer(), &dat,
+ ENABLED_OPT(NONCE));
- gnutls_free (dat.data);
+ fwrite(dat.data, 1, dat.size, outfile);
+
+ gnutls_free(dat.data);
}
-static int
-_verify_response (gnutls_datum_t *data)
+static int _verify_response(gnutls_datum_t * data)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- size_t size;
- gnutls_x509_crt_t *x509_ca_list = NULL;
- unsigned int x509_ncas = 0;
- gnutls_x509_trust_list_t list;
- gnutls_x509_crt_t signer;
- unsigned verify;
- gnutls_datum_t dat;
-
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- {
- fprintf (stderr, "ocsp_resp_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- {
- fprintf (stderr, "importing response: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (HAVE_OPT(LOAD_TRUST))
- {
- dat.data = (void*)read_binary_file (OPT_ARG(LOAD_TRUST), &size);
- if (dat.data == NULL)
- {
- fprintf (stderr, "reading --load-trust: %s", OPT_ARG(LOAD_TRUST));
- exit(1);
- }
- dat.size = size;
-
- ret = gnutls_x509_trust_list_init (&list, 0);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_trust_list_init: %s",
- gnutls_strerror (ret));
- exit(1);
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ size_t size;
+ gnutls_x509_crt_t *x509_ca_list = NULL;
+ unsigned int x509_ncas = 0;
+ gnutls_x509_trust_list_t list;
+ gnutls_x509_crt_t signer;
+ unsigned verify;
+ gnutls_datum_t dat;
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0) {
+ fprintf(stderr, "ocsp_resp_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
}
- ret = gnutls_x509_crt_list_import2 (&x509_ca_list, &x509_ncas, &dat,
- GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0 || x509_ncas < 1)
- {
- fprintf (stderr, "error parsing CAs: %s",
- gnutls_strerror (ret));
- exit(1);
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0) {
+ fprintf(stderr, "importing response: %s",
+ gnutls_strerror(ret));
+ exit(1);
}
- if (HAVE_OPT(VERBOSE))
- {
- unsigned int i;
- printf ("Trust anchors:\n");
- for (i = 0; i < x509_ncas; i++)
- {
- gnutls_datum_t out;
-
- ret = gnutls_x509_crt_print (x509_ca_list[i],
- GNUTLS_CRT_PRINT_ONELINE, &out);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_print: %s",
- gnutls_strerror (ret));
- exit(1);
+ if (HAVE_OPT(LOAD_TRUST)) {
+ dat.data =
+ (void *) read_binary_file(OPT_ARG(LOAD_TRUST), &size);
+ if (dat.data == NULL) {
+ fprintf(stderr, "reading --load-trust: %s",
+ OPT_ARG(LOAD_TRUST));
+ exit(1);
}
+ dat.size = size;
- printf ("%d: %.*s\n", i, out.size, out.data);
- gnutls_free (out.data);
- }
- printf("\n");
- }
+ ret = gnutls_x509_trust_list_init(&list, 0);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_trust_list_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
- ret = gnutls_x509_trust_list_add_cas (list, x509_ca_list, x509_ncas, 0);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_trust_add_cas: %s",
- gnutls_strerror (ret));
- exit(1);
- }
+ ret =
+ gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
+ &dat, GNUTLS_X509_FMT_PEM,
+ 0);
+ if (ret < 0 || x509_ncas < 1) {
+ fprintf(stderr, "error parsing CAs: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
- if (HAVE_OPT(VERBOSE))
- fprintf (stdout, "Loaded %d trust anchors\n", x509_ncas);
+ if (HAVE_OPT(VERBOSE)) {
+ unsigned int i;
+ printf("Trust anchors:\n");
+ for (i = 0; i < x509_ncas; i++) {
+ gnutls_datum_t out;
+
+ ret =
+ gnutls_x509_crt_print(x509_ca_list[i],
+ GNUTLS_CRT_PRINT_ONELINE,
+ &out);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_print: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ printf("%d: %.*s\n", i, out.size,
+ out.data);
+ gnutls_free(out.data);
+ }
+ printf("\n");
+ }
- ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_ocsp_resp_verify: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
- else if (HAVE_OPT(LOAD_SIGNER))
- {
- ret = gnutls_x509_crt_init (&signer);
- if (ret < 0)
- {
- fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
- exit(1);
+ ret =
+ gnutls_x509_trust_list_add_cas(list, x509_ca_list,
+ x509_ncas, 0);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_trust_add_cas: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (HAVE_OPT(VERBOSE))
+ fprintf(stdout, "Loaded %d trust anchors\n",
+ x509_ncas);
+
+ ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_ocsp_resp_verify: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else if (HAVE_OPT(LOAD_SIGNER)) {
+ ret = gnutls_x509_crt_init(&signer);
+ if (ret < 0) {
+ fprintf(stderr, "crt_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ dat.data =
+ (void *) read_binary_file(OPT_ARG(LOAD_SIGNER), &size);
+ if (dat.data == NULL) {
+ fprintf(stderr, "reading --load-signer: %s",
+ OPT_ARG(LOAD_SIGNER));
+ exit(1);
+ }
+ dat.size = size;
+
+ ret = gnutls_x509_crt_import(signer, &dat, encoding);
+ free(dat.data);
+ if (ret < 0) {
+ fprintf(stderr, "importing --load-signer: %s: %s",
+ OPT_ARG(LOAD_SIGNER),
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (HAVE_OPT(VERBOSE)) {
+ gnutls_datum_t out;
+
+ ret =
+ gnutls_x509_crt_print(signer,
+ GNUTLS_CRT_PRINT_ONELINE,
+ &out);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_print: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ printf("Signer: %.*s\n", out.size, out.data);
+ gnutls_free(out.data);
+ printf("\n");
+ }
+
+ ret =
+ gnutls_ocsp_resp_verify_direct(resp, signer, &verify,
+ 0);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_ocsp_resp_verify_direct: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ } else {
+ fprintf(stderr, "missing --load-trust or --load-signer");
+ exit(1);
}
- dat.data = (void*)read_binary_file (OPT_ARG(LOAD_SIGNER), &size);
- if (dat.data == NULL)
- {
- fprintf (stderr, "reading --load-signer: %s", OPT_ARG(LOAD_SIGNER));
- exit(1);
+ printf("Verifying OCSP Response: ");
+ print_ocsp_verify_res(verify);
+ printf(".\n");
+
+ gnutls_ocsp_resp_deinit(resp);
+
+ return verify;
+}
+
+static void verify_response(void)
+{
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (HAVE_OPT(LOAD_RESPONSE))
+ dat.data =
+ (void *) read_binary_file(OPT_ARG(LOAD_RESPONSE),
+ &size);
+ else
+ dat.data = (void *) fread_file(infile, &size);
+ if (dat.data == NULL) {
+ fprintf(stderr, "reading response");
+ exit(1);
}
- dat.size = size;
-
- ret = gnutls_x509_crt_import (signer, &dat, encoding);
- free (dat.data);
- if (ret < 0)
- {
- fprintf (stderr, "importing --load-signer: %s: %s",
- OPT_ARG(LOAD_SIGNER), gnutls_strerror (ret));
- exit(1);
+ dat.size = size;
+
+ _verify_response(&dat);
+}
+
+static void ask_server(const char *url)
+{
+ gnutls_datum_t resp_data;
+ int ret, v;
+ gnutls_x509_crt_t cert, issuer;
+
+ cert = load_cert();
+ issuer = load_issuer();
+
+ ret =
+ send_ocsp_request(url, cert, issuer, &resp_data,
+ ENABLED_OPT(NONCE));
+ if (ret < 0) {
+ fprintf(stderr, "Cannot send OCSP request\n");
+ exit(1);
}
- if (HAVE_OPT(VERBOSE))
- {
- gnutls_datum_t out;
-
- ret = gnutls_x509_crt_print (signer, GNUTLS_CRT_PRINT_ONELINE, &out);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_print: %s",
- gnutls_strerror (ret));
- exit(1);
- }
-
- printf ("Signer: %.*s\n", out.size, out.data);
- gnutls_free (out.data);
- printf("\n");
+ _response_info(&resp_data);
+
+ if (HAVE_OPT(LOAD_SIGNER) || HAVE_OPT(LOAD_TRUST)) {
+ fprintf(outfile, "\n");
+ v = _verify_response(&resp_data);
+ } else {
+ fprintf(stderr,
+ "\nResponse could not be verified (use --load-signer).\n");
+ v = 0;
}
- ret = gnutls_ocsp_resp_verify_direct (resp, signer, &verify, 0);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_ocsp_resp_verify_direct: %s",
- gnutls_strerror (ret));
- exit(1);
+ if (HAVE_OPT(OUTFILE) && v == 0) {
+ fwrite(resp_data.data, 1, resp_data.size, outfile);
}
- }
- else
- {
- fprintf (stderr, "missing --load-trust or --load-signer");
- exit(1);
- }
-
- printf ("Verifying OCSP Response: ");
- print_ocsp_verify_res (verify);
- printf (".\n");
-
- gnutls_ocsp_resp_deinit (resp);
-
- return verify;
}
-static void
-verify_response (void)
+int main(int argc, char **argv)
{
- gnutls_datum_t dat;
- size_t size;
-
- if (HAVE_OPT(LOAD_RESPONSE))
- dat.data = (void*)read_binary_file (OPT_ARG(LOAD_RESPONSE), &size);
- else
- dat.data = (void*)fread_file (infile, &size);
- if (dat.data == NULL)
- {
- fprintf (stderr, "reading response");
- exit(1);
- }
- dat.size = size;
-
- _verify_response(&dat);
-}
+ int ret;
-static void ask_server(const char* url)
-{
-gnutls_datum_t resp_data;
-int ret, v;
-gnutls_x509_crt_t cert, issuer;
-
- cert = load_cert();
- issuer = load_issuer();
-
- ret = send_ocsp_request(url, cert, issuer, &resp_data, ENABLED_OPT(NONCE));
- if (ret < 0)
- {
- fprintf(stderr, "Cannot send OCSP request\n");
- exit(1);
- }
-
- _response_info (&resp_data);
-
- if (HAVE_OPT(LOAD_SIGNER) || HAVE_OPT(LOAD_TRUST))
- {
- fprintf(outfile, "\n");
- v = _verify_response(&resp_data);
- }
- else
- {
- fprintf(stderr, "\nResponse could not be verified (use --load-signer).\n");
- v = 0;
- }
-
- if (HAVE_OPT(OUTFILE) && v == 0)
- {
- fwrite(resp_data.data, 1, resp_data.size, outfile);
- }
-}
-
-int
-main (int argc, char **argv)
-{
- int ret;
-
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf( stderr, "global_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- optionProcess( &ocsptoolOptions, argc, argv);
-
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (OPT_VALUE_DEBUG);
-
- if (HAVE_OPT(OUTFILE))
- {
- outfile = fopen (OPT_ARG(OUTFILE), "wb");
- if (outfile == NULL)
- {
- fprintf( stderr, "%s", OPT_ARG(OUTFILE));
- exit(1);
- }
- }
- else
- outfile = stdout;
-
- if (HAVE_OPT(INFILE))
- {
- infile = fopen (OPT_ARG(INFILE), "rb");
- if (infile == NULL)
- {
- fprintf( stderr, "%s", OPT_ARG(INFILE));
- exit(1);
- }
- }
- else
- infile = stdin;
-
- if (ENABLED_OPT(INDER))
- encoding = GNUTLS_X509_FMT_DER;
- else
- encoding = GNUTLS_X509_FMT_PEM;
-
- if (HAVE_OPT(REQUEST_INFO))
- request_info ();
- else if (HAVE_OPT(RESPONSE_INFO))
- response_info ();
- else if (HAVE_OPT(GENERATE_REQUEST))
- generate_request ();
- else if (HAVE_OPT(VERIFY_RESPONSE))
- verify_response ();
- else if (HAVE_OPT(ASK))
- ask_server(OPT_ARG(ASK));
- else
- {
- USAGE(1);
- }
-
- return 0;
-}
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ optionProcess(&ocsptoolOptions, argc, argv);
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(OPT_VALUE_DEBUG);
+
+ if (HAVE_OPT(OUTFILE)) {
+ outfile = fopen(OPT_ARG(OUTFILE), "wb");
+ if (outfile == NULL) {
+ fprintf(stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
+ } else
+ outfile = stdout;
+
+ if (HAVE_OPT(INFILE)) {
+ infile = fopen(OPT_ARG(INFILE), "rb");
+ if (infile == NULL) {
+ fprintf(stderr, "%s", OPT_ARG(INFILE));
+ exit(1);
+ }
+ } else
+ infile = stdin;
+
+ if (ENABLED_OPT(INDER))
+ encoding = GNUTLS_X509_FMT_DER;
+ else
+ encoding = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(REQUEST_INFO))
+ request_info();
+ else if (HAVE_OPT(RESPONSE_INFO))
+ response_info();
+ else if (HAVE_OPT(GENERATE_REQUEST))
+ generate_request();
+ else if (HAVE_OPT(VERIFY_RESPONSE))
+ verify_response();
+ else if (HAVE_OPT(ASK))
+ ask_server(OPT_ARG(ASK));
+ else {
+ USAGE(1);
+ }
+
+ return 0;
+}
diff --git a/src/p11tool.c b/src/p11tool.c
index 10988829d2..93c4200434 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -47,234 +47,210 @@
#include "p11tool.h"
#include "certtool-common.h"
-static void cmd_parser (int argc, char **argv);
+static void cmd_parser(int argc, char **argv);
static FILE *outfile;
int batch = 0;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- cmd_parser (argc, argv);
+ cmd_parser(argc, argv);
- return 0;
+ return 0;
}
-static void
-cmd_parser (int argc, char **argv)
+static void cmd_parser(int argc, char **argv)
{
- int ret, debug = 0;
- common_info_st cinfo;
- unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
- const char* url = NULL;
- unsigned int detailed_url = 0, optct;
- unsigned int login = 0, bits = 0;
- const char* label = NULL, *sec_param = NULL;
-
- optct = optionProcess( &p11toolOptions, argc, argv);
- argc += optct;
- argv += optct;
-
- if (url == NULL && argc > 0)
- url = argv[0];
- else
- url = "pkcs11:";
-
- if (HAVE_OPT(DEBUG))
- debug = OPT_VALUE_DEBUG;
-
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (debug);
- if (debug > 1)
- printf ("Setting log level to %d\n", debug);
-
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (HAVE_OPT(PROVIDER))
- {
- ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
- if (ret < 0)
- fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
- else
- {
- ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL);
- if (ret < 0)
- {
- fprintf (stderr, "pkcs11_add_provider: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- }
- }
- else
- {
- ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
- if (ret < 0)
- fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
- }
-
- if (HAVE_OPT(OUTFILE))
- {
- outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
- if (outfile == NULL)
- {
- fprintf (stderr, "%s", OPT_ARG(OUTFILE));
- exit(1);
- }
- }
- else
- outfile = stdout;
-
- memset (&cinfo, 0, sizeof (cinfo));
-
- if (HAVE_OPT(SECRET_KEY))
- cinfo.secret_key = OPT_ARG(SECRET_KEY);
-
- if (HAVE_OPT(LOAD_PRIVKEY))
- cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
-
- if (HAVE_OPT(PKCS8))
- cinfo.pkcs8 = 1;
-
- if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
- cinfo.incert_format = GNUTLS_X509_FMT_DER;
- else
- cinfo.incert_format = GNUTLS_X509_FMT_PEM;
-
- if (HAVE_OPT(LOAD_CERTIFICATE))
- cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
-
- if (HAVE_OPT(LOAD_PUBKEY))
- cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
-
- if (ENABLED_OPT(DETAILED_URL))
- detailed_url = 1;
-
- if (ENABLED_OPT(LOGIN))
- login = 1;
-
- if (HAVE_OPT(LABEL))
- {
- label = OPT_ARG(LABEL);
- }
-
- if (HAVE_OPT(BITS))
- {
- bits = OPT_VALUE_BITS;
- }
-
- if (HAVE_OPT(SEC_PARAM))
- {
- sec_param = OPT_ARG(SEC_PARAM);
- }
-
- if (debug > 0)
- {
- if (HAVE_OPT(PRIVATE)) fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no");
- fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no");
- fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no");
- fprintf(stderr, "Detailed URLs: %s\n", ENABLED_OPT(DETAILED_URL)?"yes":"no");
- fprintf(stderr, "\n");
- }
-
- /* handle actions
- */
- if (HAVE_OPT(LIST_TOKENS))
- pkcs11_token_list (outfile, detailed_url, &cinfo);
- else if (HAVE_OPT(LIST_MECHANISMS))
- pkcs11_mechanism_list (outfile, url, login,
- &cinfo);
- else if (HAVE_OPT(GENERATE_RANDOM))
- pkcs11_get_random (outfile, url, OPT_VALUE_GENERATE_RANDOM, &cinfo);
- else if (HAVE_OPT(LIST_ALL))
- {
- pkcs11_type = PKCS11_TYPE_ALL;
- pkcs11_list (outfile, url, pkcs11_type,
- login, detailed_url, &cinfo);
- }
- else if (HAVE_OPT(LIST_ALL_CERTS))
- {
- pkcs11_type = PKCS11_TYPE_CRT_ALL;
- pkcs11_list (outfile, url, pkcs11_type,
- login, detailed_url, &cinfo);
- }
- else if (HAVE_OPT(LIST_CERTS))
- {
- pkcs11_type = PKCS11_TYPE_PK;
- pkcs11_list (outfile, url, pkcs11_type,
- login, detailed_url, &cinfo);
- }
- else if (HAVE_OPT(LIST_ALL_PRIVKEYS))
- {
- pkcs11_type = PKCS11_TYPE_PRIVKEY;
- pkcs11_list (outfile, url, pkcs11_type,
- login, detailed_url, &cinfo);
- }
- else if (HAVE_OPT(LIST_ALL_TRUSTED))
- {
- pkcs11_type = PKCS11_TYPE_TRUSTED;
- pkcs11_list (outfile, url, pkcs11_type,
- login, detailed_url, &cinfo);
- }
- else if (HAVE_OPT(EXPORT))
- {
- pkcs11_export (outfile, url, login, &cinfo);
- }
- else if (HAVE_OPT(WRITE))
- {
- int priv;
-
- if (HAVE_OPT(PRIVATE))
- priv = ENABLED_OPT(PRIVATE);
- else priv = -1;
- pkcs11_write (outfile, url, label,
- ENABLED_OPT(TRUSTED), priv, login, &cinfo);
- }
- else if (HAVE_OPT(INITIALIZE))
- pkcs11_init (outfile, url, label, &cinfo);
- else if (HAVE_OPT(DELETE))
- pkcs11_delete (outfile, url, 0, login, &cinfo);
- else if (HAVE_OPT(GENERATE_ECC))
- {
- key_type = GNUTLS_PK_EC;
- pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param, 0),
- label, ENABLED_OPT(PRIVATE), detailed_url, login,
- &cinfo);
- }
- else if (HAVE_OPT(GENERATE_RSA))
- {
- key_type = GNUTLS_PK_RSA;
- pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param, 0),
- label, ENABLED_OPT(PRIVATE), detailed_url, login,
- &cinfo);
- }
- else if (HAVE_OPT(GENERATE_DSA))
- {
- key_type = GNUTLS_PK_DSA;
- pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param, 0),
- label, ENABLED_OPT(PRIVATE), detailed_url, login,
- &cinfo);
- }
- else
- {
- USAGE(1);
- }
-
- fclose (outfile);
+ int ret, debug = 0;
+ common_info_st cinfo;
+ unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
+ const char *url = NULL;
+ unsigned int detailed_url = 0, optct;
+ unsigned int login = 0, bits = 0;
+ const char *label = NULL, *sec_param = NULL;
+
+ optct = optionProcess(&p11toolOptions, argc, argv);
+ argc += optct;
+ argv += optct;
+
+ if (url == NULL && argc > 0)
+ url = argv[0];
+ else
+ url = "pkcs11:";
+
+ if (HAVE_OPT(DEBUG))
+ debug = OPT_VALUE_DEBUG;
+
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(debug);
+ if (debug > 1)
+ printf("Setting log level to %d\n", debug);
+
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (HAVE_OPT(PROVIDER)) {
+ ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+ if (ret < 0)
+ fprintf(stderr, "pkcs11_init: %s",
+ gnutls_strerror(ret));
+ else {
+ ret =
+ gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER),
+ NULL);
+ if (ret < 0) {
+ fprintf(stderr, "pkcs11_add_provider: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+ } else {
+ ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
+ if (ret < 0)
+ fprintf(stderr, "pkcs11_init: %s",
+ gnutls_strerror(ret));
+ }
+
+ if (HAVE_OPT(OUTFILE)) {
+ outfile = safe_open_rw(OPT_ARG(OUTFILE), 0);
+ if (outfile == NULL) {
+ fprintf(stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
+ } else
+ outfile = stdout;
+
+ memset(&cinfo, 0, sizeof(cinfo));
+
+ if (HAVE_OPT(SECRET_KEY))
+ cinfo.secret_key = OPT_ARG(SECRET_KEY);
+
+ if (HAVE_OPT(LOAD_PRIVKEY))
+ cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
+
+ if (HAVE_OPT(PKCS8))
+ cinfo.pkcs8 = 1;
+
+ if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
+ cinfo.incert_format = GNUTLS_X509_FMT_DER;
+ else
+ cinfo.incert_format = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(LOAD_CERTIFICATE))
+ cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
+
+ if (HAVE_OPT(LOAD_PUBKEY))
+ cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
+
+ if (ENABLED_OPT(DETAILED_URL))
+ detailed_url = 1;
+
+ if (ENABLED_OPT(LOGIN))
+ login = 1;
+
+ if (HAVE_OPT(LABEL)) {
+ label = OPT_ARG(LABEL);
+ }
+
+ if (HAVE_OPT(BITS)) {
+ bits = OPT_VALUE_BITS;
+ }
+
+ if (HAVE_OPT(SEC_PARAM)) {
+ sec_param = OPT_ARG(SEC_PARAM);
+ }
+
+ if (debug > 0) {
+ if (HAVE_OPT(PRIVATE))
+ fprintf(stderr, "Private: %s\n",
+ ENABLED_OPT(PRIVATE) ? "yes" : "no");
+ fprintf(stderr, "Trusted: %s\n",
+ ENABLED_OPT(TRUSTED) ? "yes" : "no");
+ fprintf(stderr, "Login: %s\n",
+ ENABLED_OPT(LOGIN) ? "yes" : "no");
+ fprintf(stderr, "Detailed URLs: %s\n",
+ ENABLED_OPT(DETAILED_URL) ? "yes" : "no");
+ fprintf(stderr, "\n");
+ }
+
+ /* handle actions
+ */
+ if (HAVE_OPT(LIST_TOKENS))
+ pkcs11_token_list(outfile, detailed_url, &cinfo);
+ else if (HAVE_OPT(LIST_MECHANISMS))
+ pkcs11_mechanism_list(outfile, url, login, &cinfo);
+ else if (HAVE_OPT(GENERATE_RANDOM))
+ pkcs11_get_random(outfile, url, OPT_VALUE_GENERATE_RANDOM,
+ &cinfo);
+ else if (HAVE_OPT(LIST_ALL)) {
+ pkcs11_type = PKCS11_TYPE_ALL;
+ pkcs11_list(outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
+ } else if (HAVE_OPT(LIST_ALL_CERTS)) {
+ pkcs11_type = PKCS11_TYPE_CRT_ALL;
+ pkcs11_list(outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
+ } else if (HAVE_OPT(LIST_CERTS)) {
+ pkcs11_type = PKCS11_TYPE_PK;
+ pkcs11_list(outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
+ } else if (HAVE_OPT(LIST_ALL_PRIVKEYS)) {
+ pkcs11_type = PKCS11_TYPE_PRIVKEY;
+ pkcs11_list(outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
+ } else if (HAVE_OPT(LIST_ALL_TRUSTED)) {
+ pkcs11_type = PKCS11_TYPE_TRUSTED;
+ pkcs11_list(outfile, url, pkcs11_type,
+ login, detailed_url, &cinfo);
+ } else if (HAVE_OPT(EXPORT)) {
+ pkcs11_export(outfile, url, login, &cinfo);
+ } else if (HAVE_OPT(WRITE)) {
+ int priv;
+
+ if (HAVE_OPT(PRIVATE))
+ priv = ENABLED_OPT(PRIVATE);
+ else
+ priv = -1;
+ pkcs11_write(outfile, url, label,
+ ENABLED_OPT(TRUSTED), priv, login, &cinfo);
+ } else if (HAVE_OPT(INITIALIZE))
+ pkcs11_init(outfile, url, label, &cinfo);
+ else if (HAVE_OPT(DELETE))
+ pkcs11_delete(outfile, url, 0, login, &cinfo);
+ else if (HAVE_OPT(GENERATE_ECC)) {
+ key_type = GNUTLS_PK_EC;
+ pkcs11_generate(outfile, url, key_type,
+ get_bits(key_type, bits, sec_param, 0),
+ label, ENABLED_OPT(PRIVATE), detailed_url,
+ login, &cinfo);
+ } else if (HAVE_OPT(GENERATE_RSA)) {
+ key_type = GNUTLS_PK_RSA;
+ pkcs11_generate(outfile, url, key_type,
+ get_bits(key_type, bits, sec_param, 0),
+ label, ENABLED_OPT(PRIVATE), detailed_url,
+ login, &cinfo);
+ } else if (HAVE_OPT(GENERATE_DSA)) {
+ key_type = GNUTLS_PK_DSA;
+ pkcs11_generate(outfile, url, key_type,
+ get_bits(key_type, bits, sec_param, 0),
+ label, ENABLED_OPT(PRIVATE), detailed_url,
+ login, &cinfo);
+ } else {
+ USAGE(1);
+ }
+
+ fclose(outfile);
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_deinit ();
+ gnutls_pkcs11_deinit();
#endif
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
diff --git a/src/p11tool.h b/src/p11tool.h
index f7ea73bfdb..7adb7108fd 100644
--- a/src/p11tool.h
+++ b/src/p11tool.h
@@ -25,28 +25,28 @@
#include "certtool-common.h"
-void pkcs11_list (FILE * outfile, const char *url, int type,
- unsigned int login, unsigned int detailed,
- common_info_st *);
-void pkcs11_mechanism_list (FILE * outfile, const char *url,
- unsigned int login, common_info_st *);
-void pkcs11_get_random (FILE * outfile, const char *url,
- unsigned bytes, common_info_st *);
-void pkcs11_export (FILE * outfile, const char *pkcs11_url,
- unsigned int login, common_info_st *);
-void pkcs11_token_list (FILE * outfile, unsigned int detailed,
- common_info_st *);
-void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
- int trusted, int private, unsigned int login, common_info_st *);
-void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
- unsigned int login, common_info_st *);
-void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char *label,
- common_info_st *);
-void
-pkcs11_generate (FILE * outfile, const char *url, gnutls_pk_algorithm_t type,
- unsigned int bits,
- const char *label, int private, int detailed,
- unsigned int login, common_info_st * info);
+void pkcs11_list(FILE * outfile, const char *url, int type,
+ unsigned int login, unsigned int detailed,
+ common_info_st *);
+void pkcs11_mechanism_list(FILE * outfile, const char *url,
+ unsigned int login, common_info_st *);
+void pkcs11_get_random(FILE * outfile, const char *url,
+ unsigned bytes, common_info_st *);
+void pkcs11_export(FILE * outfile, const char *pkcs11_url,
+ unsigned int login, common_info_st *);
+void pkcs11_token_list(FILE * outfile, unsigned int detailed,
+ common_info_st *);
+void pkcs11_write(FILE * outfile, const char *pkcs11_url,
+ const char *label, int trusted, int private,
+ unsigned int login, common_info_st *);
+void pkcs11_delete(FILE * outfile, const char *pkcs11_url, int batch,
+ unsigned int login, common_info_st *);
+void pkcs11_init(FILE * outfile, const char *pkcs11_url, const char *label,
+ common_info_st *);
+void pkcs11_generate(FILE * outfile, const char *url,
+ gnutls_pk_algorithm_t type, unsigned int bits,
+ const char *label, int private, int detailed,
+ unsigned int login, common_info_st * info);
#define PKCS11_TYPE_CRT_ALL 1
#define PKCS11_TYPE_TRUSTED 2
diff --git a/src/pkcs11.c b/src/pkcs11.c
index c5dc1979c0..68a4ca5689 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -35,811 +35,792 @@
#include <common.h>
void
-pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login,
- common_info_st * info)
+pkcs11_delete(FILE * outfile, const char *url, int batch,
+ unsigned int login, common_info_st * info)
{
- int ret;
- unsigned int obj_flags = 0;
-
- if (login)
- obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
-
- if (!batch)
- {
- pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login,
- GNUTLS_PKCS11_URL_LIB, info);
- ret =
- read_yesno ("Are you sure you want to delete those objects? (y/N): ", 0);
- if (ret == 0)
- {
- exit (1);
- }
- }
-
- ret = gnutls_pkcs11_delete_url (url, obj_flags);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fprintf (outfile, "\n%d objects deleted\n", ret);
-
- return;
+ int ret;
+ unsigned int obj_flags = 0;
+
+ if (login)
+ obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+
+ if (!batch) {
+ pkcs11_list(outfile, url, PKCS11_TYPE_ALL, login,
+ GNUTLS_PKCS11_URL_LIB, info);
+ ret =
+ read_yesno
+ ("Are you sure you want to delete those objects? (y/N): ",
+ 0);
+ if (ret == 0) {
+ exit(1);
+ }
+ }
+
+ ret = gnutls_pkcs11_delete_url(url, obj_flags);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\n%d objects deleted\n", ret);
+
+ return;
}
/* lists certificates from a token
*/
void
-pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
- unsigned int detailed, common_info_st * info)
+pkcs11_list(FILE * outfile, const char *url, int type, unsigned int login,
+ unsigned int detailed, common_info_st * info)
{
- gnutls_pkcs11_obj_t *crt_list;
- unsigned int crt_list_size = 0, i;
- int ret, otype;
- char *output;
- int attrs;
- unsigned int obj_flags = 0;
-
- if (login)
- obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
-
- pkcs11_common ();
-
- if (url == NULL)
- url = "pkcs11:";
-
- if (type == PKCS11_TYPE_TRUSTED)
- {
- attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED;
- }
- else if (type == PKCS11_TYPE_PK)
- {
- attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY;
- }
- else if (type == PKCS11_TYPE_CRT_ALL)
- {
- attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL;
- }
- else if (type == PKCS11_TYPE_PRIVKEY)
- {
- attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY;
- }
- else
- {
- attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL;
- }
-
- /* give some initial value to avoid asking for the pkcs11 pin twice.
- */
- ret = gnutls_pkcs11_obj_list_import_url2 (&crt_list, &crt_list_size, url,
- attrs, obj_flags);
- if (ret < 0)
- {
- fprintf (stderr, "Error in crt_list_import (1): %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- if (crt_list_size == 0)
- {
- fprintf (stderr, "No matching objects found\n");
- exit (0);
- }
-
- for (i = 0; i < crt_list_size; i++)
- {
- char buf[128];
- size_t size;
-
- ret = gnutls_pkcs11_obj_export_url (crt_list[i], detailed, &output);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fprintf (outfile, "Object %d:\n\tURL: %s\n", i, output);
-
- otype = gnutls_pkcs11_obj_get_type(crt_list[i]);
- fprintf (outfile, "\tType: %s\n",
- gnutls_pkcs11_type_get_name (otype));
-
- size = sizeof (buf);
- ret =
- gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf,
- &size);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
- fprintf (outfile, "\tLabel: %s\n", buf);
-
- size = sizeof (buf);
- ret =
- gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX,
- buf, &size);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
- fprintf (outfile, "\tID: %s\n\n", buf);
- }
-
- return;
+ gnutls_pkcs11_obj_t *crt_list;
+ unsigned int crt_list_size = 0, i;
+ int ret, otype;
+ char *output;
+ int attrs;
+ unsigned int obj_flags = 0;
+
+ if (login)
+ obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+
+ pkcs11_common();
+
+ if (url == NULL)
+ url = "pkcs11:";
+
+ if (type == PKCS11_TYPE_TRUSTED) {
+ attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED;
+ } else if (type == PKCS11_TYPE_PK) {
+ attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY;
+ } else if (type == PKCS11_TYPE_CRT_ALL) {
+ attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL;
+ } else if (type == PKCS11_TYPE_PRIVKEY) {
+ attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY;
+ } else {
+ attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL;
+ }
+
+ /* give some initial value to avoid asking for the pkcs11 pin twice.
+ */
+ ret =
+ gnutls_pkcs11_obj_list_import_url2(&crt_list, &crt_list_size,
+ url, attrs, obj_flags);
+ if (ret < 0) {
+ fprintf(stderr, "Error in crt_list_import (1): %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (crt_list_size == 0) {
+ fprintf(stderr, "No matching objects found\n");
+ exit(0);
+ }
+
+ for (i = 0; i < crt_list_size; i++) {
+ char buf[128];
+ size_t size;
+
+ ret =
+ gnutls_pkcs11_obj_export_url(crt_list[i], detailed,
+ &output);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "Object %d:\n\tURL: %s\n", i, output);
+
+ otype = gnutls_pkcs11_obj_get_type(crt_list[i]);
+ fprintf(outfile, "\tType: %s\n",
+ gnutls_pkcs11_type_get_name(otype));
+
+ size = sizeof(buf);
+ ret =
+ gnutls_pkcs11_obj_get_info(crt_list[i],
+ GNUTLS_PKCS11_OBJ_LABEL,
+ buf, &size);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+ fprintf(outfile, "\tLabel: %s\n", buf);
+
+ size = sizeof(buf);
+ ret =
+ gnutls_pkcs11_obj_get_info(crt_list[i],
+ GNUTLS_PKCS11_OBJ_ID_HEX,
+ buf, &size);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+ fprintf(outfile, "\tID: %s\n\n", buf);
+ }
+
+ return;
}
void
-pkcs11_export (FILE * outfile, const char *url, unsigned int login,
- common_info_st * info)
+pkcs11_export(FILE * outfile, const char *url, unsigned int login,
+ common_info_st * info)
{
- gnutls_pkcs11_obj_t crt;
- gnutls_x509_crt_t xcrt;
- gnutls_pubkey_t pubkey;
- int ret;
- size_t size;
- unsigned int obj_flags = 0;
-
- if (login)
- obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
-
- pkcs11_common ();
-
- if (url == NULL)
- url = "pkcs11:";
-
- ret = gnutls_pkcs11_obj_init (&crt);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_pkcs11_obj_import_url (crt, url, obj_flags);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- switch (gnutls_pkcs11_obj_get_type (crt))
- {
- case GNUTLS_PKCS11_OBJ_X509_CRT:
- ret = gnutls_x509_crt_init (&xcrt);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- size = buffer_size;
- ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
- fwrite (buffer, 1, size, outfile);
-
- gnutls_x509_crt_deinit (xcrt);
- break;
- case GNUTLS_PKCS11_OBJ_PUBKEY:
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_pubkey_import_pkcs11 (pubkey, crt, 0);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
- fwrite (buffer, 1, size, outfile);
-
- gnutls_pubkey_deinit (pubkey);
- break;
- default:
- {
- gnutls_datum_t data, enc;
-
- size = buffer_size;
- ret = gnutls_pkcs11_obj_export (crt, buffer, &size);
- if (ret < 0)
- {
- break;
- }
-
- data.data = buffer;
- data.size = size;
-
- ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fwrite (enc.data, 1, enc.size, outfile);
-
- gnutls_free (enc.data);
- break;
- }
- }
- fputs ("\n\n", outfile);
-
-
- gnutls_pkcs11_obj_deinit (crt);
-
- return;
+ gnutls_pkcs11_obj_t crt;
+ gnutls_x509_crt_t xcrt;
+ gnutls_pubkey_t pubkey;
+ int ret;
+ size_t size;
+ unsigned int obj_flags = 0;
+
+ if (login)
+ obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+
+ pkcs11_common();
+
+ if (url == NULL)
+ url = "pkcs11:";
+
+ ret = gnutls_pkcs11_obj_init(&crt);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_pkcs11_obj_import_url(crt, url, obj_flags);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ switch (gnutls_pkcs11_obj_get_type(crt)) {
+ case GNUTLS_PKCS11_OBJ_X509_CRT:
+ ret = gnutls_x509_crt_init(&xcrt);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import_pkcs11(xcrt, crt);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ size = buffer_size;
+ ret =
+ gnutls_x509_crt_export(xcrt, GNUTLS_X509_FMT_PEM,
+ buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+ fwrite(buffer, 1, size, outfile);
+
+ gnutls_x509_crt_deinit(xcrt);
+ break;
+ case GNUTLS_PKCS11_OBJ_PUBKEY:
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_pubkey_import_pkcs11(pubkey, crt, 0);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ size = buffer_size;
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_PEM,
+ buffer, &size);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+ fwrite(buffer, 1, size, outfile);
+
+ gnutls_pubkey_deinit(pubkey);
+ break;
+ default:
+ {
+ gnutls_datum_t data, enc;
+
+ size = buffer_size;
+ ret = gnutls_pkcs11_obj_export(crt, buffer, &size);
+ if (ret < 0) {
+ break;
+ }
+
+ data.data = buffer;
+ data.size = size;
+
+ ret =
+ gnutls_pem_base64_encode_alloc("DATA", &data,
+ &enc);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n",
+ __func__, __LINE__,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fwrite(enc.data, 1, enc.size, outfile);
+
+ gnutls_free(enc.data);
+ break;
+ }
+ }
+ fputs("\n\n", outfile);
+
+
+ gnutls_pkcs11_obj_deinit(crt);
+
+ return;
}
void
-pkcs11_token_list (FILE * outfile, unsigned int detailed,
- common_info_st * info)
+pkcs11_token_list(FILE * outfile, unsigned int detailed,
+ common_info_st * info)
{
- int ret;
- int i;
- char *url;
- char buf[128];
- size_t size;
-
- pkcs11_common ();
-
- for (i = 0;; i++)
- {
- ret = gnutls_pkcs11_token_get_url (i, detailed, &url);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
-
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fprintf (outfile, "Token %d:\n\tURL: %s\n", i, url);
-
- size = sizeof (buf);
- ret =
- gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf,
- &size);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fprintf (outfile, "\tLabel: %s\n", buf);
-
- size = sizeof (buf);
- ret =
- gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER,
- buf, &size);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fprintf (outfile, "\tManufacturer: %s\n", buf);
-
- size = sizeof (buf);
- ret =
- gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf,
- &size);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fprintf (outfile, "\tModel: %s\n", buf);
-
- size = sizeof (buf);
- ret =
- gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf,
- &size);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- fprintf (outfile, "\tSerial: %s\n", buf);
- fprintf (outfile, "\n\n");
-
- gnutls_free (url);
-
- }
-
- return;
+ int ret;
+ int i;
+ char *url;
+ char buf[128];
+ size_t size;
+
+ pkcs11_common();
+
+ for (i = 0;; i++) {
+ ret = gnutls_pkcs11_token_get_url(i, detailed, &url);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "Token %d:\n\tURL: %s\n", i, url);
+
+ size = sizeof(buf);
+ ret =
+ gnutls_pkcs11_token_get_info(url,
+ GNUTLS_PKCS11_TOKEN_LABEL,
+ buf, &size);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\tLabel: %s\n", buf);
+
+ size = sizeof(buf);
+ ret =
+ gnutls_pkcs11_token_get_info(url,
+ GNUTLS_PKCS11_TOKEN_MANUFACTURER,
+ buf, &size);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\tManufacturer: %s\n", buf);
+
+ size = sizeof(buf);
+ ret =
+ gnutls_pkcs11_token_get_info(url,
+ GNUTLS_PKCS11_TOKEN_MODEL,
+ buf, &size);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\tModel: %s\n", buf);
+
+ size = sizeof(buf);
+ ret =
+ gnutls_pkcs11_token_get_info(url,
+ GNUTLS_PKCS11_TOKEN_SERIAL,
+ buf, &size);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\tSerial: %s\n", buf);
+ fprintf(outfile, "\n\n");
+
+ gnutls_free(url);
+
+ }
+
+ return;
}
void
-pkcs11_write (FILE * outfile, const char *url, const char *label,
- int trusted, int private,
- unsigned int login, common_info_st * info)
+pkcs11_write(FILE * outfile, const char *url, const char *label,
+ int trusted, int private,
+ unsigned int login, common_info_st * info)
{
- gnutls_x509_crt_t xcrt;
- gnutls_x509_privkey_t xkey;
- int ret;
- unsigned int flags = 0;
- unsigned int key_usage = 0;
- gnutls_datum_t *secret_key;
-
- if (login)
- flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
-
- pkcs11_common ();
-
- if (url == NULL)
- url = "pkcs11:";
-
- secret_key = load_secret_key (0, info);
- if (secret_key != NULL)
- {
- ret =
- gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage,
- flags |
- GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
- }
-
- if (private == 1)
- flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
- else if (private == 0)
- flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
-
- xcrt = load_cert (0, info);
- if (xcrt != NULL)
- {
- if (trusted)
- flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
-
- ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL);
- }
-
- xkey = load_x509_private_key (0, info);
- if (xkey != NULL)
- {
- ret =
- gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage,
- flags |
- GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
- }
-
- if (xkey == NULL && xcrt == NULL && secret_key == NULL)
- {
- fprintf (stderr,
- "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n");
- exit (1);
- }
-
- return;
+ gnutls_x509_crt_t xcrt;
+ gnutls_x509_privkey_t xkey;
+ int ret;
+ unsigned int flags = 0;
+ unsigned int key_usage = 0;
+ gnutls_datum_t *secret_key;
+
+ if (login)
+ flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+
+ pkcs11_common();
+
+ if (url == NULL)
+ url = "pkcs11:";
+
+ secret_key = load_secret_key(0, info);
+ if (secret_key != NULL) {
+ ret =
+ gnutls_pkcs11_copy_secret_key(url, secret_key, label,
+ key_usage,
+ flags |
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ if (private == 1)
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
+ else if (private == 0)
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
+
+ xcrt = load_cert(0, info);
+ if (xcrt != NULL) {
+ if (trusted)
+ flags |=
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED |
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
+
+ ret = gnutls_pkcs11_copy_x509_crt(url, xcrt, label, flags);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_x509_crt_get_key_usage(xcrt, &key_usage, NULL);
+ }
+
+ xkey = load_x509_private_key(0, info);
+ if (xkey != NULL) {
+ ret =
+ gnutls_pkcs11_copy_x509_privkey(url, xkey, label,
+ key_usage,
+ flags |
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__,
+ __LINE__, gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ if (xkey == NULL && xcrt == NULL && secret_key == NULL) {
+ fprintf(stderr,
+ "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n");
+ exit(1);
+ }
+
+ return;
}
void
-pkcs11_generate (FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
- unsigned int bits,
- const char *label, int private, int detailed,
- unsigned int login, common_info_st * info)
+pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
+ unsigned int bits,
+ const char *label, int private, int detailed,
+ unsigned int login, common_info_st * info)
{
- int ret;
- unsigned int flags = 0;
- gnutls_datum_t pubkey;
-
- if (login)
- flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
-
- pkcs11_common ();
-
- if (url == NULL)
- url = "pkcs11:";
-
- if (private == 1)
- flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
- else if (private == 0)
- flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
-
- ret = gnutls_pkcs11_privkey_generate2(url, pk, bits, label, GNUTLS_X509_FMT_PEM,
- &pubkey, flags);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- if (login == 0)
- fprintf(stderr, "Note that --login was not specified and it may be required for generation.\n");
- else if (bits != 1024)
- fprintf (stderr, "Note that several smart cards do not support arbitrary size keys.\nTry --bits 1024 or 2048.\n");
- exit(1);
- }
-
- fwrite (pubkey.data, 1, pubkey.size, outfile);
- gnutls_free(pubkey.data);
-
- return;
+ int ret;
+ unsigned int flags = 0;
+ gnutls_datum_t pubkey;
+
+ if (login)
+ flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+
+ pkcs11_common();
+
+ if (url == NULL)
+ url = "pkcs11:";
+
+ if (private == 1)
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
+ else if (private == 0)
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
+
+ ret =
+ gnutls_pkcs11_privkey_generate2(url, pk, bits, label,
+ GNUTLS_X509_FMT_PEM, &pubkey,
+ flags);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror(ret));
+ if (login == 0)
+ fprintf(stderr,
+ "Note that --login was not specified and it may be required for generation.\n");
+ else if (bits != 1024)
+ fprintf(stderr,
+ "Note that several smart cards do not support arbitrary size keys.\nTry --bits 1024 or 2048.\n");
+ exit(1);
+ }
+
+ fwrite(pubkey.data, 1, pubkey.size, outfile);
+ gnutls_free(pubkey.data);
+
+ return;
}
void
-pkcs11_init (FILE * outfile, const char *url, const char *label,
- common_info_st * info)
+pkcs11_init(FILE * outfile, const char *url, const char *label,
+ common_info_st * info)
{
- int ret;
- char *pin;
- char so_pin[32];
-
- pkcs11_common ();
-
- if (url == NULL)
- {
- fprintf (stderr, "No token URL given to initialize!\n");
- exit (1);
- }
-
- pin = getpass ("Enter Security Officer's PIN: ");
- if (pin == NULL)
- exit (1);
-
- if (strlen(pin) >= sizeof(so_pin))
- exit (1);
-
- strcpy (so_pin, pin);
-
- pin = getpass ("Enter new User's PIN: ");
- if (pin == NULL)
- exit (1);
-
- ret = gnutls_pkcs11_token_init (url, so_pin, label);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_pkcs11_token_set_pin (url, NULL, pin, GNUTLS_PIN_USER);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
- gnutls_strerror (ret));
- exit (1);
- }
-
- return;
+ int ret;
+ char *pin;
+ char so_pin[32];
+
+ pkcs11_common();
+
+ if (url == NULL) {
+ fprintf(stderr, "No token URL given to initialize!\n");
+ exit(1);
+ }
+
+ pin = getpass("Enter Security Officer's PIN: ");
+ if (pin == NULL)
+ exit(1);
+
+ if (strlen(pin) >= sizeof(so_pin))
+ exit(1);
+
+ strcpy(so_pin, pin);
+
+ pin = getpass("Enter new User's PIN: ");
+ if (pin == NULL)
+ exit(1);
+
+ ret = gnutls_pkcs11_token_init(url, so_pin, label);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_pkcs11_token_set_pin(url, NULL, pin, GNUTLS_PIN_USER);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return;
}
const char *mech_list[] = {
- [0] = "CKM_RSA_PKCS_KEY_PAIR_GEN",
- [1] = "CKM_RSA_PKCS",
- [2] = "CKM_RSA_9796",
- [3] = "CKM_RSA_X_509",
- [4] = "CKM_MD2_RSA_PKCS",
- [5] = "CKM_MD5_RSA_PKCS",
- [6] = "CKM_SHA1_RSA_PKCS",
- [7] = "CKM_RIPEMD128_RSA_PKCS",
- [8] = "CKM_RIPEMD160_RSA_PKCS",
- [9] = "CKM_RSA_PKCS_OAEP",
- [0xa] = "CKM_RSA_X9_31_KEY_PAIR_GEN",
- [0xb] = "CKM_RSA_X9_31",
- [0xc] = "CKM_SHA1_RSA_X9_31",
- [0xd] = "CKM_RSA_PKCS_PSS",
- [0xe] = "CKM_SHA1_RSA_PKCS_PSS",
- [0x10] = "CKM_DSA_KEY_PAIR_GEN",
- [0x11] = "CKM_DSA",
- [0x12] = "CKM_DSA_SHA1",
- [0x20] = "CKM_DH_PKCS_KEY_PAIR_GEN",
- [0x21] = "CKM_DH_PKCS_DERIVE",
- [0x30] = "CKM_X9_42_DH_KEY_PAIR_GEN",
- [0x31] = "CKM_X9_42_DH_DERIVE",
- [0x32] = "CKM_X9_42_DH_HYBRID_DERIVE",
- [0x33] = "CKM_X9_42_MQV_DERIVE",
- [0x40] = "CKM_SHA256_RSA_PKCS",
- [0x41] = "CKM_SHA384_RSA_PKCS",
- [0x42] = "CKM_SHA512_RSA_PKCS",
- [0x43] = "CKM_SHA256_RSA_PKCS_PSS",
- [0x44] = "CKM_SHA384_RSA_PKCS_PSS",
- [0x45] = "CKM_SHA512_RSA_PKCS_PSS",
- [0x100] = "CKM_RC2_KEY_GEN",
- [0x101] = "CKM_RC2_ECB",
- [0x102] = "CKM_RC2_CBC",
- [0x103] = "CKM_RC2_MAC",
- [0x104] = "CKM_RC2_MAC_GENERAL",
- [0x105] = "CKM_RC2_CBC_PAD",
- [0x110] = "CKM_RC4_KEY_GEN",
- [0x111] = "CKM_RC4",
- [0x120] = "CKM_DES_KEY_GEN",
- [0x121] = "CKM_DES_ECB",
- [0x122] = "CKM_DES_CBC",
- [0x123] = "CKM_DES_MAC",
- [0x124] = "CKM_DES_MAC_GENERAL",
- [0x125] = "CKM_DES_CBC_PAD",
- [0x130] = "CKM_DES2_KEY_GEN",
- [0x131] = "CKM_DES3_KEY_GEN",
- [0x132] = "CKM_DES3_ECB",
- [0x133] = "CKM_DES3_CBC",
- [0x134] = "CKM_DES3_MAC",
- [0x135] = "CKM_DES3_MAC_GENERAL",
- [0x136] = "CKM_DES3_CBC_PAD",
- [0x140] = "CKM_CDMF_KEY_GEN",
- [0x141] = "CKM_CDMF_ECB",
- [0x142] = "CKM_CDMF_CBC",
- [0x143] = "CKM_CDMF_MAC",
- [0x144] = "CKM_CDMF_MAC_GENERAL",
- [0x145] = "CKM_CDMF_CBC_PAD",
- [0x200] = "CKM_MD2",
- [0x201] = "CKM_MD2_HMAC",
- [0x202] = "CKM_MD2_HMAC_GENERAL",
- [0x210] = "CKM_MD5",
- [0x211] = "CKM_MD5_HMAC",
- [0x212] = "CKM_MD5_HMAC_GENERAL",
- [0x220] = "CKM_SHA_1",
- [0x221] = "CKM_SHA_1_HMAC",
- [0x222] = "CKM_SHA_1_HMAC_GENERAL",
- [0x230] = "CKM_RIPEMD128",
- [0x231] = "CKM_RIPEMD128_HMAC",
- [0x232] = "CKM_RIPEMD128_HMAC_GENERAL",
- [0x240] = "CKM_RIPEMD160",
- [0x241] = "CKM_RIPEMD160_HMAC",
- [0x242] = "CKM_RIPEMD160_HMAC_GENERAL",
- [0x250] = "CKM_SHA256",
- [0x251] = "CKM_SHA256_HMAC",
- [0x252] = "CKM_SHA256_HMAC_GENERAL",
- [0x260] = "CKM_SHA384",
- [0x261] = "CKM_SHA384_HMAC",
- [0x262] = "CKM_SHA384_HMAC_GENERAL",
- [0x270] = "CKM_SHA512",
- [0x271] = "CKM_SHA512_HMAC",
- [0x272] = "CKM_SHA512_HMAC_GENERAL",
- [0x300] = "CKM_CAST_KEY_GEN",
- [0x301] = "CKM_CAST_ECB",
- [0x302] = "CKM_CAST_CBC",
- [0x303] = "CKM_CAST_MAC",
- [0x304] = "CKM_CAST_MAC_GENERAL",
- [0x305] = "CKM_CAST_CBC_PAD",
- [0x310] = "CKM_CAST3_KEY_GEN",
- [0x311] = "CKM_CAST3_ECB",
- [0x312] = "CKM_CAST3_CBC",
- [0x313] = "CKM_CAST3_MAC",
- [0x314] = "CKM_CAST3_MAC_GENERAL",
- [0x315] = "CKM_CAST3_CBC_PAD",
- [0x320] = "CKM_CAST128_KEY_GEN",
- [0x321] = "CKM_CAST128_ECB",
- [0x322] = "CKM_CAST128_CBC",
- [0x323] = "CKM_CAST128_MAC",
- [0x324] = "CKM_CAST128_MAC_GENERAL",
- [0x325] = "CKM_CAST128_CBC_PAD",
- [0x330] = "CKM_RC5_KEY_GEN",
- [0x331] = "CKM_RC5_ECB",
- [0x332] = "CKM_RC5_CBC",
- [0x333] = "CKM_RC5_MAC",
- [0x334] = "CKM_RC5_MAC_GENERAL",
- [0x335] = "CKM_RC5_CBC_PAD",
- [0x340] = "CKM_IDEA_KEY_GEN",
- [0x341] = "CKM_IDEA_ECB",
- [0x342] = "CKM_IDEA_CBC",
- [0x343] = "CKM_IDEA_MAC",
- [0x344] = "CKM_IDEA_MAC_GENERAL",
- [0x345] = "CKM_IDEA_CBC_PAD",
- [0x350] = "CKM_GENERIC_SECRET_KEY_GEN",
- [0x360] = "CKM_CONCATENATE_BASE_AND_KEY",
- [0x362] = "CKM_CONCATENATE_BASE_AND_DATA",
- [0x363] = "CKM_CONCATENATE_DATA_AND_BASE",
- [0x364] = "CKM_XOR_BASE_AND_DATA",
- [0x365] = "CKM_EXTRACT_KEY_FROM_KEY",
- [0x370] = "CKM_SSL3_PRE_MASTER_KEY_GEN",
- [0x371] = "CKM_SSL3_MASTER_KEY_DERIVE",
- [0x372] = "CKM_SSL3_KEY_AND_MAC_DERIVE",
- [0x373] = "CKM_SSL3_MASTER_KEY_DERIVE_DH",
- [0x374] = "CKM_TLS_PRE_MASTER_KEY_GEN",
- [0x375] = "CKM_TLS_MASTER_KEY_DERIVE",
- [0x376] = "CKM_TLS_KEY_AND_MAC_DERIVE",
- [0x377] = "CKM_TLS_MASTER_KEY_DERIVE_DH",
- [0x380] = "CKM_SSL3_MD5_MAC",
- [0x381] = "CKM_SSL3_SHA1_MAC",
- [0x390] = "CKM_MD5_KEY_DERIVATION",
- [0x391] = "CKM_MD2_KEY_DERIVATION",
- [0x392] = "CKM_SHA1_KEY_DERIVATION",
- [0x3a0] = "CKM_PBE_MD2_DES_CBC",
- [0x3a1] = "CKM_PBE_MD5_DES_CBC",
- [0x3a2] = "CKM_PBE_MD5_CAST_CBC",
- [0x3a3] = "CKM_PBE_MD5_CAST3_CBC",
- [0x3a4] = "CKM_PBE_MD5_CAST128_CBC",
- [0x3a5] = "CKM_PBE_SHA1_CAST128_CBC",
- [0x3a6] = "CKM_PBE_SHA1_RC4_128",
- [0x3a7] = "CKM_PBE_SHA1_RC4_40",
- [0x3a8] = "CKM_PBE_SHA1_DES3_EDE_CBC",
- [0x3a9] = "CKM_PBE_SHA1_DES2_EDE_CBC",
- [0x3aa] = "CKM_PBE_SHA1_RC2_128_CBC",
- [0x3ab] = "CKM_PBE_SHA1_RC2_40_CBC",
- [0x3b0] = "CKM_PKCS5_PBKD2",
- [0x3c0] = "CKM_PBA_SHA1_WITH_SHA1_HMAC",
- [0x400] = "CKM_KEY_WRAP_LYNKS",
- [0x401] = "CKM_KEY_WRAP_SET_OAEP",
- [0x1000] = "CKM_SKIPJACK_KEY_GEN",
- [0x1001] = "CKM_SKIPJACK_ECB64",
- [0x1002] = "CKM_SKIPJACK_CBC64",
- [0x1003] = "CKM_SKIPJACK_OFB64",
- [0x1004] = "CKM_SKIPJACK_CFB64",
- [0x1005] = "CKM_SKIPJACK_CFB32",
- [0x1006] = "CKM_SKIPJACK_CFB16",
- [0x1007] = "CKM_SKIPJACK_CFB8",
- [0x1008] = "CKM_SKIPJACK_WRAP",
- [0x1009] = "CKM_SKIPJACK_PRIVATE_WRAP",
- [0x100a] = "CKM_SKIPJACK_RELAYX",
- [0x1010] = "CKM_KEA_KEY_PAIR_GEN",
- [0x1011] = "CKM_KEA_KEY_DERIVE",
- [0x1020] = "CKM_FORTEZZA_TIMESTAMP",
- [0x1030] = "CKM_BATON_KEY_GEN",
- [0x1031] = "CKM_BATON_ECB128",
- [0x1032] = "CKM_BATON_ECB96",
- [0x1033] = "CKM_BATON_CBC128",
- [0x1034] = "CKM_BATON_COUNTER",
- [0x1035] = "CKM_BATON_SHUFFLE",
- [0x1036] = "CKM_BATON_WRAP",
- [0x1040] = "CKM_ECDSA_KEY_PAIR_GEN",
- [0x1041] = "CKM_ECDSA",
- [0x1042] = "CKM_ECDSA_SHA1",
- [0x1050] = "CKM_ECDH1_DERIVE",
- [0x1051] = "CKM_ECDH1_COFACTOR_DERIVE",
- [0x1052] = "CKM_ECMQV_DERIVE",
- [0x1060] = "CKM_JUNIPER_KEY_GEN",
- [0x1061] = "CKM_JUNIPER_ECB128",
- [0x1062] = "CKM_JUNIPER_CBC128",
- [0x1063] = "CKM_JUNIPER_COUNTER",
- [0x1064] = "CKM_JUNIPER_SHUFFLE",
- [0x1065] = "CKM_JUNIPER_WRAP",
- [0x1070] = "CKM_FASTHASH",
- [0x1080] = "CKM_AES_KEY_GEN",
- [0x1081] = "CKM_AES_ECB",
- [0x1082] = "CKM_AES_CBC",
- [0x1083] = "CKM_AES_MAC",
- [0x1084] = "CKM_AES_MAC_GENERAL",
- [0x1085] = "CKM_AES_CBC_PAD",
- [0x2000] = "CKM_DSA_PARAMETER_GEN",
- [0x2001] = "CKM_DH_PKCS_PARAMETER_GEN",
- [0x2002] = "CKM_X9_42_DH_PARAMETER_GEN",
- [0x1200] = "CKM_GOSTR3410_KEY_PAIR_GEN",
- [0x1201] = "CKM_GOSTR3410",
- [0x1202] = "CKM_GOSTR3410_WITH_GOSTR3411",
- [0x1203] = "CKM_GOSTR3410_KEY_WRAP",
- [0x1204] = "CKM_GOSTR3410_DERIVE",
- [0x1210] = "CKM_GOSTR3411",
- [0x1211] = "CKM_GOSTR3411_HMAC",
- [0x255] = "CKM_SHA224",
- [0x256] = "CKM_SHA224_HMAC",
- [0x257] = "CKM_SHA224_HMAC_GENERAL",
- [0x46] = "CKM_SHA224_RSA_PKCS",
- [0x47] = "CKM_SHA224_RSA_PKCS_PSS",
- [0x396] = "CKM_SHA224_KEY_DERIVATION",
- [0x550] = "CKM_CAMELLIA_KEY_GEN",
- [0x551] = "CKM_CAMELLIA_ECB",
- [0x552] = "CKM_CAMELLIA_CBC",
- [0x553] = "CKM_CAMELLIA_MAC",
- [0x554] = "CKM_CAMELLIA_MAC_GENERAL",
- [0x555] = "CKM_CAMELLIA_CBC_PAD",
- [0x556] = "CKM_CAMELLIA_ECB_ENCRYPT_DATA",
- [0x557] = "CKM_CAMELLIA_CBC_ENCRYPT_DATA"
+ [0] = "CKM_RSA_PKCS_KEY_PAIR_GEN",
+ [1] = "CKM_RSA_PKCS",
+ [2] = "CKM_RSA_9796",
+ [3] = "CKM_RSA_X_509",
+ [4] = "CKM_MD2_RSA_PKCS",
+ [5] = "CKM_MD5_RSA_PKCS",
+ [6] = "CKM_SHA1_RSA_PKCS",
+ [7] = "CKM_RIPEMD128_RSA_PKCS",
+ [8] = "CKM_RIPEMD160_RSA_PKCS",
+ [9] = "CKM_RSA_PKCS_OAEP",
+ [0xa] = "CKM_RSA_X9_31_KEY_PAIR_GEN",
+ [0xb] = "CKM_RSA_X9_31",
+ [0xc] = "CKM_SHA1_RSA_X9_31",
+ [0xd] = "CKM_RSA_PKCS_PSS",
+ [0xe] = "CKM_SHA1_RSA_PKCS_PSS",
+ [0x10] = "CKM_DSA_KEY_PAIR_GEN",
+ [0x11] = "CKM_DSA",
+ [0x12] = "CKM_DSA_SHA1",
+ [0x20] = "CKM_DH_PKCS_KEY_PAIR_GEN",
+ [0x21] = "CKM_DH_PKCS_DERIVE",
+ [0x30] = "CKM_X9_42_DH_KEY_PAIR_GEN",
+ [0x31] = "CKM_X9_42_DH_DERIVE",
+ [0x32] = "CKM_X9_42_DH_HYBRID_DERIVE",
+ [0x33] = "CKM_X9_42_MQV_DERIVE",
+ [0x40] = "CKM_SHA256_RSA_PKCS",
+ [0x41] = "CKM_SHA384_RSA_PKCS",
+ [0x42] = "CKM_SHA512_RSA_PKCS",
+ [0x43] = "CKM_SHA256_RSA_PKCS_PSS",
+ [0x44] = "CKM_SHA384_RSA_PKCS_PSS",
+ [0x45] = "CKM_SHA512_RSA_PKCS_PSS",
+ [0x100] = "CKM_RC2_KEY_GEN",
+ [0x101] = "CKM_RC2_ECB",
+ [0x102] = "CKM_RC2_CBC",
+ [0x103] = "CKM_RC2_MAC",
+ [0x104] = "CKM_RC2_MAC_GENERAL",
+ [0x105] = "CKM_RC2_CBC_PAD",
+ [0x110] = "CKM_RC4_KEY_GEN",
+ [0x111] = "CKM_RC4",
+ [0x120] = "CKM_DES_KEY_GEN",
+ [0x121] = "CKM_DES_ECB",
+ [0x122] = "CKM_DES_CBC",
+ [0x123] = "CKM_DES_MAC",
+ [0x124] = "CKM_DES_MAC_GENERAL",
+ [0x125] = "CKM_DES_CBC_PAD",
+ [0x130] = "CKM_DES2_KEY_GEN",
+ [0x131] = "CKM_DES3_KEY_GEN",
+ [0x132] = "CKM_DES3_ECB",
+ [0x133] = "CKM_DES3_CBC",
+ [0x134] = "CKM_DES3_MAC",
+ [0x135] = "CKM_DES3_MAC_GENERAL",
+ [0x136] = "CKM_DES3_CBC_PAD",
+ [0x140] = "CKM_CDMF_KEY_GEN",
+ [0x141] = "CKM_CDMF_ECB",
+ [0x142] = "CKM_CDMF_CBC",
+ [0x143] = "CKM_CDMF_MAC",
+ [0x144] = "CKM_CDMF_MAC_GENERAL",
+ [0x145] = "CKM_CDMF_CBC_PAD",
+ [0x200] = "CKM_MD2",
+ [0x201] = "CKM_MD2_HMAC",
+ [0x202] = "CKM_MD2_HMAC_GENERAL",
+ [0x210] = "CKM_MD5",
+ [0x211] = "CKM_MD5_HMAC",
+ [0x212] = "CKM_MD5_HMAC_GENERAL",
+ [0x220] = "CKM_SHA_1",
+ [0x221] = "CKM_SHA_1_HMAC",
+ [0x222] = "CKM_SHA_1_HMAC_GENERAL",
+ [0x230] = "CKM_RIPEMD128",
+ [0x231] = "CKM_RIPEMD128_HMAC",
+ [0x232] = "CKM_RIPEMD128_HMAC_GENERAL",
+ [0x240] = "CKM_RIPEMD160",
+ [0x241] = "CKM_RIPEMD160_HMAC",
+ [0x242] = "CKM_RIPEMD160_HMAC_GENERAL",
+ [0x250] = "CKM_SHA256",
+ [0x251] = "CKM_SHA256_HMAC",
+ [0x252] = "CKM_SHA256_HMAC_GENERAL",
+ [0x260] = "CKM_SHA384",
+ [0x261] = "CKM_SHA384_HMAC",
+ [0x262] = "CKM_SHA384_HMAC_GENERAL",
+ [0x270] = "CKM_SHA512",
+ [0x271] = "CKM_SHA512_HMAC",
+ [0x272] = "CKM_SHA512_HMAC_GENERAL",
+ [0x300] = "CKM_CAST_KEY_GEN",
+ [0x301] = "CKM_CAST_ECB",
+ [0x302] = "CKM_CAST_CBC",
+ [0x303] = "CKM_CAST_MAC",
+ [0x304] = "CKM_CAST_MAC_GENERAL",
+ [0x305] = "CKM_CAST_CBC_PAD",
+ [0x310] = "CKM_CAST3_KEY_GEN",
+ [0x311] = "CKM_CAST3_ECB",
+ [0x312] = "CKM_CAST3_CBC",
+ [0x313] = "CKM_CAST3_MAC",
+ [0x314] = "CKM_CAST3_MAC_GENERAL",
+ [0x315] = "CKM_CAST3_CBC_PAD",
+ [0x320] = "CKM_CAST128_KEY_GEN",
+ [0x321] = "CKM_CAST128_ECB",
+ [0x322] = "CKM_CAST128_CBC",
+ [0x323] = "CKM_CAST128_MAC",
+ [0x324] = "CKM_CAST128_MAC_GENERAL",
+ [0x325] = "CKM_CAST128_CBC_PAD",
+ [0x330] = "CKM_RC5_KEY_GEN",
+ [0x331] = "CKM_RC5_ECB",
+ [0x332] = "CKM_RC5_CBC",
+ [0x333] = "CKM_RC5_MAC",
+ [0x334] = "CKM_RC5_MAC_GENERAL",
+ [0x335] = "CKM_RC5_CBC_PAD",
+ [0x340] = "CKM_IDEA_KEY_GEN",
+ [0x341] = "CKM_IDEA_ECB",
+ [0x342] = "CKM_IDEA_CBC",
+ [0x343] = "CKM_IDEA_MAC",
+ [0x344] = "CKM_IDEA_MAC_GENERAL",
+ [0x345] = "CKM_IDEA_CBC_PAD",
+ [0x350] = "CKM_GENERIC_SECRET_KEY_GEN",
+ [0x360] = "CKM_CONCATENATE_BASE_AND_KEY",
+ [0x362] = "CKM_CONCATENATE_BASE_AND_DATA",
+ [0x363] = "CKM_CONCATENATE_DATA_AND_BASE",
+ [0x364] = "CKM_XOR_BASE_AND_DATA",
+ [0x365] = "CKM_EXTRACT_KEY_FROM_KEY",
+ [0x370] = "CKM_SSL3_PRE_MASTER_KEY_GEN",
+ [0x371] = "CKM_SSL3_MASTER_KEY_DERIVE",
+ [0x372] = "CKM_SSL3_KEY_AND_MAC_DERIVE",
+ [0x373] = "CKM_SSL3_MASTER_KEY_DERIVE_DH",
+ [0x374] = "CKM_TLS_PRE_MASTER_KEY_GEN",
+ [0x375] = "CKM_TLS_MASTER_KEY_DERIVE",
+ [0x376] = "CKM_TLS_KEY_AND_MAC_DERIVE",
+ [0x377] = "CKM_TLS_MASTER_KEY_DERIVE_DH",
+ [0x380] = "CKM_SSL3_MD5_MAC",
+ [0x381] = "CKM_SSL3_SHA1_MAC",
+ [0x390] = "CKM_MD5_KEY_DERIVATION",
+ [0x391] = "CKM_MD2_KEY_DERIVATION",
+ [0x392] = "CKM_SHA1_KEY_DERIVATION",
+ [0x3a0] = "CKM_PBE_MD2_DES_CBC",
+ [0x3a1] = "CKM_PBE_MD5_DES_CBC",
+ [0x3a2] = "CKM_PBE_MD5_CAST_CBC",
+ [0x3a3] = "CKM_PBE_MD5_CAST3_CBC",
+ [0x3a4] = "CKM_PBE_MD5_CAST128_CBC",
+ [0x3a5] = "CKM_PBE_SHA1_CAST128_CBC",
+ [0x3a6] = "CKM_PBE_SHA1_RC4_128",
+ [0x3a7] = "CKM_PBE_SHA1_RC4_40",
+ [0x3a8] = "CKM_PBE_SHA1_DES3_EDE_CBC",
+ [0x3a9] = "CKM_PBE_SHA1_DES2_EDE_CBC",
+ [0x3aa] = "CKM_PBE_SHA1_RC2_128_CBC",
+ [0x3ab] = "CKM_PBE_SHA1_RC2_40_CBC",
+ [0x3b0] = "CKM_PKCS5_PBKD2",
+ [0x3c0] = "CKM_PBA_SHA1_WITH_SHA1_HMAC",
+ [0x400] = "CKM_KEY_WRAP_LYNKS",
+ [0x401] = "CKM_KEY_WRAP_SET_OAEP",
+ [0x1000] = "CKM_SKIPJACK_KEY_GEN",
+ [0x1001] = "CKM_SKIPJACK_ECB64",
+ [0x1002] = "CKM_SKIPJACK_CBC64",
+ [0x1003] = "CKM_SKIPJACK_OFB64",
+ [0x1004] = "CKM_SKIPJACK_CFB64",
+ [0x1005] = "CKM_SKIPJACK_CFB32",
+ [0x1006] = "CKM_SKIPJACK_CFB16",
+ [0x1007] = "CKM_SKIPJACK_CFB8",
+ [0x1008] = "CKM_SKIPJACK_WRAP",
+ [0x1009] = "CKM_SKIPJACK_PRIVATE_WRAP",
+ [0x100a] = "CKM_SKIPJACK_RELAYX",
+ [0x1010] = "CKM_KEA_KEY_PAIR_GEN",
+ [0x1011] = "CKM_KEA_KEY_DERIVE",
+ [0x1020] = "CKM_FORTEZZA_TIMESTAMP",
+ [0x1030] = "CKM_BATON_KEY_GEN",
+ [0x1031] = "CKM_BATON_ECB128",
+ [0x1032] = "CKM_BATON_ECB96",
+ [0x1033] = "CKM_BATON_CBC128",
+ [0x1034] = "CKM_BATON_COUNTER",
+ [0x1035] = "CKM_BATON_SHUFFLE",
+ [0x1036] = "CKM_BATON_WRAP",
+ [0x1040] = "CKM_ECDSA_KEY_PAIR_GEN",
+ [0x1041] = "CKM_ECDSA",
+ [0x1042] = "CKM_ECDSA_SHA1",
+ [0x1050] = "CKM_ECDH1_DERIVE",
+ [0x1051] = "CKM_ECDH1_COFACTOR_DERIVE",
+ [0x1052] = "CKM_ECMQV_DERIVE",
+ [0x1060] = "CKM_JUNIPER_KEY_GEN",
+ [0x1061] = "CKM_JUNIPER_ECB128",
+ [0x1062] = "CKM_JUNIPER_CBC128",
+ [0x1063] = "CKM_JUNIPER_COUNTER",
+ [0x1064] = "CKM_JUNIPER_SHUFFLE",
+ [0x1065] = "CKM_JUNIPER_WRAP",
+ [0x1070] = "CKM_FASTHASH",
+ [0x1080] = "CKM_AES_KEY_GEN",
+ [0x1081] = "CKM_AES_ECB",
+ [0x1082] = "CKM_AES_CBC",
+ [0x1083] = "CKM_AES_MAC",
+ [0x1084] = "CKM_AES_MAC_GENERAL",
+ [0x1085] = "CKM_AES_CBC_PAD",
+ [0x2000] = "CKM_DSA_PARAMETER_GEN",
+ [0x2001] = "CKM_DH_PKCS_PARAMETER_GEN",
+ [0x2002] = "CKM_X9_42_DH_PARAMETER_GEN",
+ [0x1200] = "CKM_GOSTR3410_KEY_PAIR_GEN",
+ [0x1201] = "CKM_GOSTR3410",
+ [0x1202] = "CKM_GOSTR3410_WITH_GOSTR3411",
+ [0x1203] = "CKM_GOSTR3410_KEY_WRAP",
+ [0x1204] = "CKM_GOSTR3410_DERIVE",
+ [0x1210] = "CKM_GOSTR3411",
+ [0x1211] = "CKM_GOSTR3411_HMAC",
+ [0x255] = "CKM_SHA224",
+ [0x256] = "CKM_SHA224_HMAC",
+ [0x257] = "CKM_SHA224_HMAC_GENERAL",
+ [0x46] = "CKM_SHA224_RSA_PKCS",
+ [0x47] = "CKM_SHA224_RSA_PKCS_PSS",
+ [0x396] = "CKM_SHA224_KEY_DERIVATION",
+ [0x550] = "CKM_CAMELLIA_KEY_GEN",
+ [0x551] = "CKM_CAMELLIA_ECB",
+ [0x552] = "CKM_CAMELLIA_CBC",
+ [0x553] = "CKM_CAMELLIA_MAC",
+ [0x554] = "CKM_CAMELLIA_MAC_GENERAL",
+ [0x555] = "CKM_CAMELLIA_CBC_PAD",
+ [0x556] = "CKM_CAMELLIA_ECB_ENCRYPT_DATA",
+ [0x557] = "CKM_CAMELLIA_CBC_ENCRYPT_DATA"
};
void
-pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login,
- common_info_st * info)
+pkcs11_mechanism_list(FILE * outfile, const char *url, unsigned int login,
+ common_info_st * info)
{
- int ret;
- int idx;
- unsigned long mechanism;
- const char *str;
-
- pkcs11_common ();
-
- if (url == NULL)
- url = "pkcs11:";
-
- idx = 0;
- do
- {
- ret = gnutls_pkcs11_token_get_mechanism (url, idx++, &mechanism);
- if (ret >= 0)
- {
- str = NULL;
- if (mechanism <= sizeof (mech_list) / sizeof (mech_list[0]))
- str = mech_list[mechanism];
- if (str == NULL)
- str = "UNKNOWN";
-
- fprintf (outfile, "[0x%.4lx] %s\n", mechanism, str);
- }
- }
- while (ret >= 0);
-
-
- return;
+ int ret;
+ int idx;
+ unsigned long mechanism;
+ const char *str;
+
+ pkcs11_common();
+
+ if (url == NULL)
+ url = "pkcs11:";
+
+ idx = 0;
+ do {
+ ret =
+ gnutls_pkcs11_token_get_mechanism(url, idx++,
+ &mechanism);
+ if (ret >= 0) {
+ str = NULL;
+ if (mechanism <=
+ sizeof(mech_list) / sizeof(mech_list[0]))
+ str = mech_list[mechanism];
+ if (str == NULL)
+ str = "UNKNOWN";
+
+ fprintf(outfile, "[0x%.4lx] %s\n", mechanism, str);
+ }
+ }
+ while (ret >= 0);
+
+
+ return;
}
void
-pkcs11_get_random (FILE * outfile, const char *url, unsigned bytes, common_info_st * info)
+pkcs11_get_random(FILE * outfile, const char *url, unsigned bytes,
+ common_info_st * info)
{
- int ret;
- uint8_t* output;
+ int ret;
+ uint8_t *output;
- pkcs11_common ();
+ pkcs11_common();
- if (url == NULL)
- url = "pkcs11:";
+ if (url == NULL)
+ url = "pkcs11:";
- output = malloc(bytes);
- if (output == NULL)
- {
- fprintf(stderr, "Memory error\n");
- exit(1);
- }
+ output = malloc(bytes);
+ if (output == NULL) {
+ fprintf(stderr, "Memory error\n");
+ exit(1);
+ }
- ret = gnutls_pkcs11_token_get_random (url, output, bytes);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_pkcs11_token_get_random: %s\n", gnutls_strerror(ret));
- exit(1);
- }
+ ret = gnutls_pkcs11_token_get_random(url, output, bytes);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_pkcs11_token_get_random: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
- fwrite(output, 1, bytes, outfile);
+ fwrite(output, 1, bytes, outfile);
- return;
+ return;
}
diff --git a/src/psk.c b/src/psk.c
index 51bba1c086..7bf7ae7524 100644
--- a/src/psk.c
+++ b/src/psk.c
@@ -26,11 +26,10 @@
#include <stdio.h>
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- printf ("\nPSK not supported. This program is a dummy.\n\n");
- return 1;
+ printf("\nPSK not supported. This program is a dummy.\n\n");
+ return 1;
};
#else
@@ -41,7 +40,7 @@ main (int argc, char **argv)
#include <gnutls/gnutls.h>
#include <psk-args.h>
-#include <gnutls/crypto.h> /* for random */
+#include <gnutls/crypto.h> /* for random */
#include <sys/types.h>
#include <sys/stat.h>
@@ -57,226 +56,206 @@ main (int argc, char **argv)
#include <minmax.h>
#include "getpass.h"
-static int write_key (const char *username, const char *key, int key_size,
- const char *passwd_file);
+static int write_key(const char *username, const char *key, int key_size,
+ const char *passwd_file);
#define KPASSWD "/etc/passwd.psk"
#define MAX_KEY_SIZE 64
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- int ret;
+ int ret;
#ifndef _WIN32
- struct passwd *pwd;
+ struct passwd *pwd;
#endif
- unsigned char key[MAX_KEY_SIZE];
- char hex_key[MAX_KEY_SIZE * 2 + 1];
- int optct, key_size;
- gnutls_datum_t dkey;
- const char* passwd, *username;
- size_t hex_key_size = sizeof (hex_key);
-
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret));
- exit (1);
- }
-
- umask (066);
-
- optct = optionProcess( &psktoolOptions, argc, argv);
- argc -= optct;
- argv += optct;
-
- if (!HAVE_OPT(PASSWD))
- passwd = (char *) KPASSWD;
- else
- passwd = OPT_ARG(PASSWD);
-
- if (!HAVE_OPT(USERNAME))
- {
+ unsigned char key[MAX_KEY_SIZE];
+ char hex_key[MAX_KEY_SIZE * 2 + 1];
+ int optct, key_size;
+ gnutls_datum_t dkey;
+ const char *passwd, *username;
+ size_t hex_key_size = sizeof(hex_key);
+
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ umask(066);
+
+ optct = optionProcess(&psktoolOptions, argc, argv);
+ argc -= optct;
+ argv += optct;
+
+ if (!HAVE_OPT(PASSWD))
+ passwd = (char *) KPASSWD;
+ else
+ passwd = OPT_ARG(PASSWD);
+
+ if (!HAVE_OPT(USERNAME)) {
#ifndef _WIN32
- pwd = getpwuid (getuid ());
+ pwd = getpwuid(getuid());
- if (pwd == NULL)
- {
- fprintf (stderr, "No such user\n");
- return -1;
- }
+ if (pwd == NULL) {
+ fprintf(stderr, "No such user\n");
+ return -1;
+ }
- username = pwd->pw_name;
+ username = pwd->pw_name;
#else
- fprintf (stderr, "Please specify a user\n");
- return -1;
+ fprintf(stderr, "Please specify a user\n");
+ return -1;
#endif
- }
- else
- username = OPT_ARG(USERNAME);
-
- if (HAVE_OPT(KEYSIZE) && OPT_VALUE_KEYSIZE > MAX_KEY_SIZE)
- {
- fprintf (stderr, "Key size is too long\n");
- exit (1);
- }
-
- if (!HAVE_OPT(KEYSIZE) || OPT_VALUE_KEYSIZE < 1)
- key_size = 16;
- else
- key_size = OPT_VALUE_KEYSIZE;
-
- printf ("Generating a random key for user '%s'\n", username);
-
- ret = gnutls_rnd (GNUTLS_RND_RANDOM, (char *) key, key_size);
- if (ret < 0)
- {
- fprintf (stderr, "Not enough randomness\n");
- exit (1);
- }
-
- dkey.data = key;
- dkey.size = key_size;
-
- ret = gnutls_hex_encode (&dkey, hex_key, &hex_key_size);
- if (ret < 0)
- {
- fprintf (stderr, "HEX encoding error\n");
- exit (1);
- }
-
- ret = write_key (username, hex_key, hex_key_size, passwd);
- if (ret == 0)
- printf ("Key stored to %s\n", passwd);
-
- return ret;
+ } else
+ username = OPT_ARG(USERNAME);
+
+ if (HAVE_OPT(KEYSIZE) && OPT_VALUE_KEYSIZE > MAX_KEY_SIZE) {
+ fprintf(stderr, "Key size is too long\n");
+ exit(1);
+ }
+
+ if (!HAVE_OPT(KEYSIZE) || OPT_VALUE_KEYSIZE < 1)
+ key_size = 16;
+ else
+ key_size = OPT_VALUE_KEYSIZE;
+
+ printf("Generating a random key for user '%s'\n", username);
+
+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, (char *) key, key_size);
+ if (ret < 0) {
+ fprintf(stderr, "Not enough randomness\n");
+ exit(1);
+ }
+
+ dkey.data = key;
+ dkey.size = key_size;
+
+ ret = gnutls_hex_encode(&dkey, hex_key, &hex_key_size);
+ if (ret < 0) {
+ fprintf(stderr, "HEX encoding error\n");
+ exit(1);
+ }
+
+ ret = write_key(username, hex_key, hex_key_size, passwd);
+ if (ret == 0)
+ printf("Key stored to %s\n", passwd);
+
+ return ret;
}
-static int
-filecopy (const char *src, const char *dst)
+static int filecopy(const char *src, const char *dst)
{
- FILE *fd, *fd2;
- char line[5 * 1024];
- char *p;
-
- fd = fopen (dst, "w");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot open '%s' for write\n", dst);
- return -1;
- }
-
- fd2 = fopen (src, "r");
- if (fd2 == NULL)
- {
- /* empty file */
- fclose (fd);
- return 0;
- }
-
- line[sizeof (line) - 1] = 0;
- do
- {
- p = fgets (line, sizeof (line) - 1, fd2);
- if (p == NULL)
- break;
-
- fputs (line, fd);
- }
- while (1);
-
- fclose (fd);
- fclose (fd2);
-
- return 0;
+ FILE *fd, *fd2;
+ char line[5 * 1024];
+ char *p;
+
+ fd = fopen(dst, "w");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot open '%s' for write\n", dst);
+ return -1;
+ }
+
+ fd2 = fopen(src, "r");
+ if (fd2 == NULL) {
+ /* empty file */
+ fclose(fd);
+ return 0;
+ }
+
+ line[sizeof(line) - 1] = 0;
+ do {
+ p = fgets(line, sizeof(line) - 1, fd2);
+ if (p == NULL)
+ break;
+
+ fputs(line, fd);
+ }
+ while (1);
+
+ fclose(fd);
+ fclose(fd2);
+
+ return 0;
}
static int
-write_key (const char *username, const char *key, int key_size,
- const char *passwd_file)
+write_key(const char *username, const char *key, int key_size,
+ const char *passwd_file)
{
- FILE *fd;
- char line[5 * 1024];
- char *p, *pp;
- char tmpname[1024];
-
-
- /* delete previous entry */
- struct stat st;
- FILE *fd2;
- int put;
-
- if (strlen (passwd_file) + 5 > sizeof (tmpname))
- {
- fprintf (stderr, "file '%s' is tooooo long\n", passwd_file);
- return -1;
- }
-
- snprintf (tmpname, sizeof(tmpname), "%s.tmp", passwd_file);
-
- if (stat (tmpname, &st) != -1)
- {
- fprintf (stderr, "file '%s' is locked\n", tmpname);
- return -1;
- }
-
- if (filecopy (passwd_file, tmpname) != 0)
- {
- fprintf (stderr, "Cannot copy '%s' to '%s'\n", passwd_file, tmpname);
- return -1;
- }
-
- fd = fopen (passwd_file, "w");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot open '%s' for write\n", passwd_file);
- remove (tmpname);
- return -1;
- }
-
- fd2 = fopen (tmpname, "r");
- if (fd2 == NULL)
- {
- fprintf (stderr, "Cannot open '%s' for read\n", tmpname);
- remove (tmpname);
- return -1;
- }
-
- put = 0;
- do
- {
- p = fgets (line, sizeof (line) - 1, fd2);
- if (p == NULL)
- break;
-
- pp = strchr (line, ':');
- if (pp == NULL)
- continue;
-
- if (strncmp (p, username,
- MAX (strlen (username), (unsigned int) (pp - p))) == 0)
- {
- put = 1;
- fprintf (fd, "%s:%s\n", username, key);
- }
- else
- {
- fputs (line, fd);
- }
- }
- while (1);
-
- if (put == 0)
- {
- fprintf (fd, "%s:%s\n", username, key);
- }
-
- fclose (fd);
- fclose (fd2);
-
- remove (tmpname);
-
-
- return 0;
+ FILE *fd;
+ char line[5 * 1024];
+ char *p, *pp;
+ char tmpname[1024];
+
+
+ /* delete previous entry */
+ struct stat st;
+ FILE *fd2;
+ int put;
+
+ if (strlen(passwd_file) + 5 > sizeof(tmpname)) {
+ fprintf(stderr, "file '%s' is tooooo long\n", passwd_file);
+ return -1;
+ }
+
+ snprintf(tmpname, sizeof(tmpname), "%s.tmp", passwd_file);
+
+ if (stat(tmpname, &st) != -1) {
+ fprintf(stderr, "file '%s' is locked\n", tmpname);
+ return -1;
+ }
+
+ if (filecopy(passwd_file, tmpname) != 0) {
+ fprintf(stderr, "Cannot copy '%s' to '%s'\n", passwd_file,
+ tmpname);
+ return -1;
+ }
+
+ fd = fopen(passwd_file, "w");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot open '%s' for write\n",
+ passwd_file);
+ remove(tmpname);
+ return -1;
+ }
+
+ fd2 = fopen(tmpname, "r");
+ if (fd2 == NULL) {
+ fprintf(stderr, "Cannot open '%s' for read\n", tmpname);
+ remove(tmpname);
+ return -1;
+ }
+
+ put = 0;
+ do {
+ p = fgets(line, sizeof(line) - 1, fd2);
+ if (p == NULL)
+ break;
+
+ pp = strchr(line, ':');
+ if (pp == NULL)
+ continue;
+
+ if (strncmp(p, username,
+ MAX(strlen(username),
+ (unsigned int) (pp - p))) == 0) {
+ put = 1;
+ fprintf(fd, "%s:%s\n", username, key);
+ } else {
+ fputs(line, fd);
+ }
+ }
+ while (1);
+
+ if (put == 0) {
+ fprintf(fd, "%s:%s\n", username, key);
+ }
+
+ fclose(fd);
+ fclose(fd2);
+
+ remove(tmpname);
+
+
+ return 0;
}
-#endif /* ENABLE_PSK */
-
+#endif /* ENABLE_PSK */
diff --git a/src/serv.c b/src/serv.c
index d420cb8bec..61abf4e411 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -79,11 +79,11 @@ const char *x509_ecccertfile = NULL;
const char *x509_cafile = NULL;
const char *dh_params_file = NULL;
const char *x509_crlfile = NULL;
-const char * priorities = NULL;
-const char * status_response_ocsp = NULL;
+const char *priorities = NULL;
+const char *status_response_ocsp = NULL;
gnutls_datum_t session_ticket_key;
-static void tcp_server (const char *name, int port);
+static void tcp_server(const char *name, int port);
/* end of globals */
@@ -115,47 +115,47 @@ gnutls_certificate_credentials_t cert_cred = NULL;
const int ssl_session_cache = 128;
-static void wrap_db_init (void);
-static void wrap_db_deinit (void);
-static int wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data);
-static gnutls_datum_t wrap_db_fetch (void *dbf, gnutls_datum_t key);
-static int wrap_db_delete (void *dbf, gnutls_datum_t key);
+static void wrap_db_init(void);
+static void wrap_db_deinit(void);
+static int wrap_db_store(void *dbf, gnutls_datum_t key,
+ gnutls_datum_t data);
+static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key);
+static int wrap_db_delete(void *dbf, gnutls_datum_t key);
-static void cmd_parser (int argc, char **argv);
+static void cmd_parser(int argc, char **argv);
#define HTTP_STATE_REQUEST 1
#define HTTP_STATE_RESPONSE 2
#define HTTP_STATE_CLOSING 3
-LIST_TYPE_DECLARE (listener_item, char *http_request;
- char *http_response; int request_length;
- int response_length; int response_written;
- int http_state; int listen_socket;
- int fd; gnutls_session_t tls_session; int handshake_ok;);
+LIST_TYPE_DECLARE(listener_item, char *http_request; char *http_response;
+ int request_length; int response_length;
+ int response_written; int http_state;
+ int listen_socket; int fd;
+ gnutls_session_t tls_session;
+ int handshake_ok;
+ );
-static const char *
-safe_strerror (int value)
+static const char *safe_strerror(int value)
{
- const char *ret = gnutls_strerror (value);
- if (ret == NULL)
- ret = str_unknown;
- return ret;
+ const char *ret = gnutls_strerror(value);
+ if (ret == NULL)
+ ret = str_unknown;
+ return ret;
}
-static void
-listener_free (listener_item * j)
+static void listener_free(listener_item * j)
{
- free (j->http_request);
- free (j->http_response);
- if (j->fd >= 0)
- {
- gnutls_bye (j->tls_session, GNUTLS_SHUT_WR);
- shutdown (j->fd, 2);
- close (j->fd);
- gnutls_deinit (j->tls_session);
- }
+ free(j->http_request);
+ free(j->http_response);
+ if (j->fd >= 0) {
+ gnutls_bye(j->tls_session, GNUTLS_SHUT_WR);
+ shutdown(j->fd, 2);
+ close(j->fd);
+ gnutls_deinit(j->tls_session);
+ }
}
@@ -166,1538 +166,1550 @@ listener_free (listener_item * j)
gnutls_dh_params_t dh_params = NULL;
gnutls_rsa_params_t rsa_params = NULL;
-static int
-generate_dh_primes (void)
+static int generate_dh_primes(void)
{
- int prime_bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL);
-
- if (gnutls_dh_params_init (&dh_params) < 0)
- {
- fprintf (stderr, "Error in dh parameter initialization\n");
- exit (1);
- }
-
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a week or once a month. Depends on the
- * security requirements.
- */
- printf
- ("Generating Diffie-Hellman parameters [%d]. Please wait...\n",
- prime_bits);
- fflush (stdout);
-
- if (gnutls_dh_params_generate2 (dh_params, prime_bits) < 0)
- {
- fprintf (stderr, "Error in prime generation\n");
- exit (1);
- }
-
- return 0;
+ int prime_bits =
+ gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_NORMAL);
+
+ if (gnutls_dh_params_init(&dh_params) < 0) {
+ fprintf(stderr, "Error in dh parameter initialization\n");
+ exit(1);
+ }
+
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a week or once a month. Depends on the
+ * security requirements.
+ */
+ printf
+ ("Generating Diffie-Hellman parameters [%d]. Please wait...\n",
+ prime_bits);
+ fflush(stdout);
+
+ if (gnutls_dh_params_generate2(dh_params, prime_bits) < 0) {
+ fprintf(stderr, "Error in prime generation\n");
+ exit(1);
+ }
+
+ return 0;
}
-static void
-read_dh_params (void)
+static void read_dh_params(void)
{
- char tmpdata[2048];
- int size;
- gnutls_datum_t params;
- FILE *fd;
-
- if (gnutls_dh_params_init (&dh_params) < 0)
- {
- fprintf (stderr, "Error in dh parameter initialization\n");
- exit (1);
- }
-
- /* read the params file
- */
- fd = fopen (dh_params_file, "r");
- if (fd == NULL)
- {
- fprintf (stderr, "Could not open %s\n", dh_params_file);
- exit (1);
- }
-
- size = fread (tmpdata, 1, sizeof (tmpdata) - 1, fd);
- tmpdata[size] = 0;
- fclose (fd);
-
- params.data = (unsigned char *) tmpdata;
- params.size = size;
-
- size =
- gnutls_dh_params_import_pkcs3 (dh_params, &params, GNUTLS_X509_FMT_PEM);
-
- if (size < 0)
- {
- fprintf (stderr, "Error parsing dh params: %s\n", safe_strerror (size));
- exit (1);
- }
-
- printf ("Read Diffie-Hellman parameters.\n");
- fflush (stdout);
+ char tmpdata[2048];
+ int size;
+ gnutls_datum_t params;
+ FILE *fd;
+
+ if (gnutls_dh_params_init(&dh_params) < 0) {
+ fprintf(stderr, "Error in dh parameter initialization\n");
+ exit(1);
+ }
+
+ /* read the params file
+ */
+ fd = fopen(dh_params_file, "r");
+ if (fd == NULL) {
+ fprintf(stderr, "Could not open %s\n", dh_params_file);
+ exit(1);
+ }
+
+ size = fread(tmpdata, 1, sizeof(tmpdata) - 1, fd);
+ tmpdata[size] = 0;
+ fclose(fd);
+
+ params.data = (unsigned char *) tmpdata;
+ params.size = size;
+
+ size =
+ gnutls_dh_params_import_pkcs3(dh_params, &params,
+ GNUTLS_X509_FMT_PEM);
+
+ if (size < 0) {
+ fprintf(stderr, "Error parsing dh params: %s\n",
+ safe_strerror(size));
+ exit(1);
+ }
+
+ printf("Read Diffie-Hellman parameters.\n");
+ fflush(stdout);
}
static char pkcs3[] =
- "-----BEGIN DH PARAMETERS-----\n"
- "MIGGAoGAtkxw2jlsVCsrfLqxrN+IrF/3W8vVFvDzYbLmxi2GQv9s/PQGWP1d9i22\n"
- "P2DprfcJknWt7KhCI1SaYseOQIIIAYP78CfyIpGScW/vS8khrw0rlQiyeCvQgF3O\n"
- "GeGOEywcw+oQT4SmFOD7H0smJe2CNyjYpexBXQ/A0mbTF9QKm1cCAQU=\n"
- "-----END DH PARAMETERS-----\n";
+ "-----BEGIN DH PARAMETERS-----\n"
+ "MIGGAoGAtkxw2jlsVCsrfLqxrN+IrF/3W8vVFvDzYbLmxi2GQv9s/PQGWP1d9i22\n"
+ "P2DprfcJknWt7KhCI1SaYseOQIIIAYP78CfyIpGScW/vS8khrw0rlQiyeCvQgF3O\n"
+ "GeGOEywcw+oQT4SmFOD7H0smJe2CNyjYpexBXQ/A0mbTF9QKm1cCAQU=\n"
+ "-----END DH PARAMETERS-----\n";
-static int
-static_dh_params (void)
+static int static_dh_params(void)
{
- gnutls_datum_t params = { (void *) pkcs3, sizeof (pkcs3) };
- int ret;
+ gnutls_datum_t params = { (void *) pkcs3, sizeof(pkcs3) };
+ int ret;
- if (gnutls_dh_params_init (&dh_params) < 0)
- {
- fprintf (stderr, "Error in dh parameter initialization\n");
- exit (1);
- }
+ if (gnutls_dh_params_init(&dh_params) < 0) {
+ fprintf(stderr, "Error in dh parameter initialization\n");
+ exit(1);
+ }
- ret = gnutls_dh_params_import_pkcs3 (dh_params, &params,
- GNUTLS_X509_FMT_PEM);
+ ret = gnutls_dh_params_import_pkcs3(dh_params, &params,
+ GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf (stderr, "Error parsing dh params: %s\n", safe_strerror (ret));
- exit (1);
- }
+ if (ret < 0) {
+ fprintf(stderr, "Error parsing dh params: %s\n",
+ safe_strerror(ret));
+ exit(1);
+ }
- printf ("Set static Diffie-Hellman parameters, consider --dhparams.\n");
+ printf
+ ("Set static Diffie-Hellman parameters, consider --dhparams.\n");
- return 0;
+ return 0;
}
static int
-get_params (gnutls_session_t session, gnutls_params_type_t type,
- gnutls_params_st * st)
+get_params(gnutls_session_t session, gnutls_params_type_t type,
+ gnutls_params_st * st)
{
- if (type == GNUTLS_PARAMS_RSA_EXPORT)
- {
- if (rsa_params == NULL)
- return -1;
- st->params.rsa_export = rsa_params;
- }
- else if (type == GNUTLS_PARAMS_DH)
- {
- if (dh_params == NULL)
- return -1;
- st->params.dh = dh_params;
- }
- else
- return -1;
-
- st->type = type;
- st->deinit = 0;
-
- return 0;
+ if (type == GNUTLS_PARAMS_RSA_EXPORT) {
+ if (rsa_params == NULL)
+ return -1;
+ st->params.rsa_export = rsa_params;
+ } else if (type == GNUTLS_PARAMS_DH) {
+ if (dh_params == NULL)
+ return -1;
+ st->params.dh = dh_params;
+ } else
+ return -1;
+
+ st->type = type;
+ st->deinit = 0;
+
+ return 0;
}
#ifdef ENABLE_RSA_EXPORT
-static int
-generate_rsa_params (void)
+static int generate_rsa_params(void)
{
- if (gnutls_rsa_params_init (&rsa_params) < 0)
- {
- fprintf (stderr, "Error in rsa parameter initialization\n");
- exit (1);
- }
-
- /* Generate RSA parameters - for use with RSA-export
- * cipher suites. These should be discarded and regenerated
- * once a day, once every 500 transactions etc. Depends on the
- * security requirements.
- */
- printf ("Generating temporary RSA parameters. Please wait...\n");
- fflush (stdout);
-
- if (gnutls_rsa_params_generate2 (rsa_params, 512) < 0)
- {
- fprintf (stderr, "Error in rsa parameter generation\n");
- exit (1);
- }
-
- return 0;
+ if (gnutls_rsa_params_init(&rsa_params) < 0) {
+ fprintf(stderr, "Error in rsa parameter initialization\n");
+ exit(1);
+ }
+
+ /* Generate RSA parameters - for use with RSA-export
+ * cipher suites. These should be discarded and regenerated
+ * once a day, once every 500 transactions etc. Depends on the
+ * security requirements.
+ */
+ printf("Generating temporary RSA parameters. Please wait...\n");
+ fflush(stdout);
+
+ if (gnutls_rsa_params_generate2(rsa_params, 512) < 0) {
+ fprintf(stderr, "Error in rsa parameter generation\n");
+ exit(1);
+ }
+
+ return 0;
}
#else
-static int
-generate_rsa_params (void)
+static int generate_rsa_params(void)
{
- return 0;
+ return 0;
}
#endif
-LIST_DECLARE_INIT (listener_list, listener_item, listener_free);
+LIST_DECLARE_INIT(listener_list, listener_item, listener_free);
-gnutls_session_t initialize_session (int dtls)
+gnutls_session_t initialize_session(int dtls)
{
- gnutls_session_t session;
- int ret;
- const char *err;
-
- if (priorities == NULL)
- priorities = "NORMAL";
-
- if (dtls)
- gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- else
- gnutls_init (&session, GNUTLS_SERVER);
-
- /* allow the use of private ciphersuites.
- */
- gnutls_handshake_set_private_extensions (session, 1);
-
- if (nodb == 0)
- {
- gnutls_db_set_retrieve_function (session, wrap_db_fetch);
- gnutls_db_set_remove_function (session, wrap_db_delete);
- gnutls_db_set_store_function (session, wrap_db_store);
- gnutls_db_set_ptr (session, NULL);
- }
-
- if (noticket == 0)
- gnutls_session_ticket_enable_server (session, &session_ticket_key);
-
- if (gnutls_priority_set_direct (session, priorities, &err) < 0)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
- exit (1);
- }
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, dh_cred);
-
- if (srp_cred != NULL)
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
-
- if (psk_cred != NULL)
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
-
- if (cert_cred != NULL)
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
-
- if (disable_client_cert)
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
- else
- {
- if (require_cert)
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
- else
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
- }
-
- if (HAVE_OPT (HEARTBEAT))
- gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_session_t session;
+ int ret;
+ const char *err;
+
+ if (priorities == NULL)
+ priorities = "NORMAL";
+
+ if (dtls)
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ else
+ gnutls_init(&session, GNUTLS_SERVER);
+
+ /* allow the use of private ciphersuites.
+ */
+ gnutls_handshake_set_private_extensions(session, 1);
+
+ if (nodb == 0) {
+ gnutls_db_set_retrieve_function(session, wrap_db_fetch);
+ gnutls_db_set_remove_function(session, wrap_db_delete);
+ gnutls_db_set_store_function(session, wrap_db_store);
+ gnutls_db_set_ptr(session, NULL);
+ }
+
+ if (noticket == 0)
+ gnutls_session_ticket_enable_server(session,
+ &session_ticket_key);
+
+ if (gnutls_priority_set_direct(session, priorities, &err) < 0) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ exit(1);
+ }
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, dh_cred);
+
+ if (srp_cred != NULL)
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred);
+
+ if (psk_cred != NULL)
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, psk_cred);
+
+ if (cert_cred != NULL)
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cert_cred);
+
+ if (disable_client_cert)
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_IGNORE);
+ else {
+ if (require_cert)
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUIRE);
+ else
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
+ }
+
+ if (HAVE_OPT(HEARTBEAT))
+ gnutls_heartbeat_enable(session,
+ GNUTLS_HB_PEER_ALLOWED_TO_SEND);
#ifdef ENABLE_DTLS_SRTP
- if (HAVE_OPT (SRTP_PROFILES))
- {
- ret = gnutls_srtp_set_profile_direct (session, OPT_ARG(SRTP_PROFILES), &err);
- if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at: %s\n", err);
- else
- fprintf(stderr, "Error in profiles: %s\n", gnutls_strerror(ret));
- exit (1);
- }
+ if (HAVE_OPT(SRTP_PROFILES)) {
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ OPT_ARG(SRTP_PROFILES),
+ &err);
+ if (ret == GNUTLS_E_INVALID_REQUEST)
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ else
+ fprintf(stderr, "Error in profiles: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
#endif
- return session;
+ return session;
}
#include <gnutls/x509.h>
static const char DEFAULT_DATA[] =
- "This is the default message reported by the GnuTLS implementation. "
- "For more information please visit "
- "<a href=\"http://www.gnutls.org/\">http://www.gnutls.org/</a>.";
+ "This is the default message reported by the GnuTLS implementation. "
+ "For more information please visit "
+ "<a href=\"http://www.gnutls.org/\">http://www.gnutls.org/</a>.";
/* Creates html with the current session information.
*/
#define tmp_buffer &http_buffer[strlen(http_buffer)]
#define tmp_buffer_size len-strlen(http_buffer)
-static char *
-peer_print_info (gnutls_session_t session, int *ret_length,
- const char *header)
+static char *peer_print_info(gnutls_session_t session, int *ret_length,
+ const char *header)
{
- const char *tmp;
- unsigned char sesid[32];
- size_t i, sesid_size;
- char *http_buffer;
- gnutls_kx_algorithm_t kx_alg;
- size_t len = 20 * 1024 + strlen (header);
- char *crtinfo = NULL;
- size_t ncrtinfo = 0;
-
- if (verbose == 0)
- {
- http_buffer = malloc (len);
- if (http_buffer == NULL)
- return NULL;
-
- strcpy (http_buffer, HTTP_BEGIN);
- strcpy (&http_buffer[sizeof (HTTP_BEGIN) - 1], DEFAULT_DATA);
- strcpy (&http_buffer[sizeof (HTTP_BEGIN) + sizeof (DEFAULT_DATA) - 2],
- HTTP_END);
- *ret_length =
- sizeof (DEFAULT_DATA) + sizeof (HTTP_BEGIN) + sizeof (HTTP_END) - 3;
- return http_buffer;
- }
-
- if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
- {
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
-
- for (i = 0; i < cert_list_size; i++)
- {
- gnutls_x509_crt_t cert;
- gnutls_datum_t info;
-
- if (gnutls_x509_crt_init (&cert) == 0 &&
- gnutls_x509_crt_import (cert, &cert_list[i],
- GNUTLS_X509_FMT_DER) == 0 &&
- gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_FULL, &info) == 0)
- {
- const char *post = "</PRE><P><PRE>";
-
- crtinfo = realloc (crtinfo, ncrtinfo + info.size +
- strlen (post) + 1);
- if (crtinfo == NULL)
- return NULL;
- memcpy (crtinfo + ncrtinfo, info.data, info.size);
- ncrtinfo += info.size;
- memcpy (crtinfo + ncrtinfo, post, strlen (post));
- ncrtinfo += strlen (post);
- crtinfo[ncrtinfo] = '\0';
- gnutls_free (info.data);
- }
- }
- }
-
- http_buffer = malloc (len);
- if (http_buffer == NULL)
- {
- free (crtinfo);
- return NULL;
- }
-
- strcpy (http_buffer, HTTP_BEGIN);
-
- /* print session_id */
- sesid_size = sizeof(sesid);
- gnutls_session_get_id (session, sesid, &sesid_size);
- snprintf (tmp_buffer, tmp_buffer_size, "\n<p>Session ID: <i>");
- for (i = 0; i < sesid_size; i++)
- snprintf (tmp_buffer, tmp_buffer_size, "%.2X", sesid[i]);
- snprintf (tmp_buffer, tmp_buffer_size, "</i></p>\n");
- snprintf (tmp_buffer, tmp_buffer_size,
- "<h5>If your browser supports session resuming, then you should see the "
- "same session ID, when you press the <b>reload</b> button.</h5>\n");
-
- /* Here unlike print_info() we use the kx algorithm to distinguish
- * the functions to call.
- */
- {
- char dns[256];
- size_t dns_size = sizeof (dns);
- unsigned int type;
-
- if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
- {
- snprintf (tmp_buffer, tmp_buffer_size, "\n<p>Server Name: %s</p>\n",
- dns);
- }
-
- }
-
- kx_alg = gnutls_kx_get (session);
-
- /* print srp specific data */
+ const char *tmp;
+ unsigned char sesid[32];
+ size_t i, sesid_size;
+ char *http_buffer;
+ gnutls_kx_algorithm_t kx_alg;
+ size_t len = 20 * 1024 + strlen(header);
+ char *crtinfo = NULL;
+ size_t ncrtinfo = 0;
+
+ if (verbose == 0) {
+ http_buffer = malloc(len);
+ if (http_buffer == NULL)
+ return NULL;
+
+ strcpy(http_buffer, HTTP_BEGIN);
+ strcpy(&http_buffer[sizeof(HTTP_BEGIN) - 1], DEFAULT_DATA);
+ strcpy(&http_buffer
+ [sizeof(HTTP_BEGIN) + sizeof(DEFAULT_DATA) - 2],
+ HTTP_END);
+ *ret_length =
+ sizeof(DEFAULT_DATA) + sizeof(HTTP_BEGIN) +
+ sizeof(HTTP_END) - 3;
+ return http_buffer;
+ }
+
+ if (gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) {
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+
+ cert_list =
+ gnutls_certificate_get_peers(session, &cert_list_size);
+
+ for (i = 0; i < cert_list_size; i++) {
+ gnutls_x509_crt_t cert;
+ gnutls_datum_t info;
+
+ if (gnutls_x509_crt_init(&cert) == 0 &&
+ gnutls_x509_crt_import(cert, &cert_list[i],
+ GNUTLS_X509_FMT_DER) ==
+ 0
+ && gnutls_x509_crt_print(cert,
+ GNUTLS_CRT_PRINT_FULL,
+ &info) == 0) {
+ const char *post = "</PRE><P><PRE>";
+
+ crtinfo =
+ realloc(crtinfo,
+ ncrtinfo + info.size +
+ strlen(post) + 1);
+ if (crtinfo == NULL)
+ return NULL;
+ memcpy(crtinfo + ncrtinfo, info.data,
+ info.size);
+ ncrtinfo += info.size;
+ memcpy(crtinfo + ncrtinfo, post,
+ strlen(post));
+ ncrtinfo += strlen(post);
+ crtinfo[ncrtinfo] = '\0';
+ gnutls_free(info.data);
+ }
+ }
+ }
+
+ http_buffer = malloc(len);
+ if (http_buffer == NULL) {
+ free(crtinfo);
+ return NULL;
+ }
+
+ strcpy(http_buffer, HTTP_BEGIN);
+
+ /* print session_id */
+ sesid_size = sizeof(sesid);
+ gnutls_session_get_id(session, sesid, &sesid_size);
+ snprintf(tmp_buffer, tmp_buffer_size, "\n<p>Session ID: <i>");
+ for (i = 0; i < sesid_size; i++)
+ snprintf(tmp_buffer, tmp_buffer_size, "%.2X", sesid[i]);
+ snprintf(tmp_buffer, tmp_buffer_size, "</i></p>\n");
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<h5>If your browser supports session resuming, then you should see the "
+ "same session ID, when you press the <b>reload</b> button.</h5>\n");
+
+ /* Here unlike print_info() we use the kx algorithm to distinguish
+ * the functions to call.
+ */
+ {
+ char dns[256];
+ size_t dns_size = sizeof(dns);
+ unsigned int type;
+
+ if (gnutls_server_name_get
+ (session, dns, &dns_size, &type, 0) == 0) {
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "\n<p>Server Name: %s</p>\n", dns);
+ }
+
+ }
+
+ kx_alg = gnutls_kx_get(session);
+
+ /* print srp specific data */
#ifdef ENABLE_SRP
- if (kx_alg == GNUTLS_KX_SRP)
- {
- snprintf (tmp_buffer, tmp_buffer_size,
- "<p>Connected as user '%s'.</p>\n",
- gnutls_srp_server_get_username (session));
- }
+ if (kx_alg == GNUTLS_KX_SRP) {
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<p>Connected as user '%s'.</p>\n",
+ gnutls_srp_server_get_username(session));
+ }
#endif
#ifdef ENABLE_PSK
- if (kx_alg == GNUTLS_KX_PSK)
- {
- snprintf (tmp_buffer, tmp_buffer_size,
- "<p>Connected as user '%s'.</p>\n",
- gnutls_psk_server_get_username (session));
- }
+ if (kx_alg == GNUTLS_KX_PSK) {
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<p>Connected as user '%s'.</p>\n",
+ gnutls_psk_server_get_username(session));
+ }
#endif
#ifdef ENABLE_ANON
- if (kx_alg == GNUTLS_KX_ANON_DH)
- {
- snprintf (tmp_buffer, tmp_buffer_size,
- "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
- gnutls_dh_get_prime_bits (session));
- }
+ if (kx_alg == GNUTLS_KX_ANON_DH) {
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
+ gnutls_dh_get_prime_bits(session));
+ }
#endif
- if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS)
- {
- snprintf (tmp_buffer, tmp_buffer_size,
- "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
- gnutls_dh_get_prime_bits (session));
- }
-
- /* print session information */
- strcat (http_buffer, "<P>\n");
-
- tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
- if (tmp == NULL)
- tmp = str_unknown;
- snprintf (tmp_buffer, tmp_buffer_size,
- "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n",
- tmp);
-
- if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE)
- {
- tmp =
- gnutls_certificate_type_get_name (gnutls_certificate_type_get
- (session));
- if (tmp == NULL)
- tmp = str_unknown;
- snprintf (tmp_buffer, tmp_buffer_size,
- "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n", tmp);
- }
-
- tmp = gnutls_kx_get_name (kx_alg);
- if (tmp == NULL)
- tmp = str_unknown;
- snprintf (tmp_buffer, tmp_buffer_size,
- "<TR><TD>Key Exchange:</TD><TD>%s</TD></TR>\n", tmp);
-
- tmp = gnutls_compression_get_name (gnutls_compression_get (session));
- if (tmp == NULL)
- tmp = str_unknown;
- snprintf (tmp_buffer, tmp_buffer_size,
- "<TR><TD>Compression</TD><TD>%s</TD></TR>\n", tmp);
-
- tmp = gnutls_cipher_get_name (gnutls_cipher_get (session));
- if (tmp == NULL)
- tmp = str_unknown;
- snprintf (tmp_buffer, tmp_buffer_size,
- "<TR><TD>Cipher</TD><TD>%s</TD></TR>\n", tmp);
-
- tmp = gnutls_mac_get_name (gnutls_mac_get (session));
- if (tmp == NULL)
- tmp = str_unknown;
- snprintf (tmp_buffer, tmp_buffer_size, "<TR><TD>MAC</TD><TD>%s</TD></TR>\n",
- tmp);
-
- tmp = gnutls_cipher_suite_get_name (kx_alg,
- gnutls_cipher_get (session),
- gnutls_mac_get (session));
- if (tmp == NULL)
- tmp = str_unknown;
- snprintf (tmp_buffer, tmp_buffer_size,
- "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n", tmp);
-
- if (crtinfo)
- {
- snprintf (tmp_buffer, tmp_buffer_size, "<hr><PRE>%s\n</PRE>\n",
- crtinfo);
- free (crtinfo);
- }
-
- snprintf (tmp_buffer, tmp_buffer_size,
- "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n" HTTP_END,
- header);
-
- *ret_length = strlen (http_buffer);
-
- return http_buffer;
+ if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS) {
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
+ gnutls_dh_get_prime_bits(session));
+ }
+
+ /* print session information */
+ strcat(http_buffer, "<P>\n");
+
+ tmp =
+ gnutls_protocol_get_name(gnutls_protocol_get_version(session));
+ if (tmp == NULL)
+ tmp = str_unknown;
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n",
+ tmp);
+
+ if (gnutls_auth_get_type(session) == GNUTLS_CRD_CERTIFICATE) {
+ tmp =
+ gnutls_certificate_type_get_name
+ (gnutls_certificate_type_get(session));
+ if (tmp == NULL)
+ tmp = str_unknown;
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n",
+ tmp);
+ }
+
+ tmp = gnutls_kx_get_name(kx_alg);
+ if (tmp == NULL)
+ tmp = str_unknown;
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<TR><TD>Key Exchange:</TD><TD>%s</TD></TR>\n", tmp);
+
+ tmp = gnutls_compression_get_name(gnutls_compression_get(session));
+ if (tmp == NULL)
+ tmp = str_unknown;
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<TR><TD>Compression</TD><TD>%s</TD></TR>\n", tmp);
+
+ tmp = gnutls_cipher_get_name(gnutls_cipher_get(session));
+ if (tmp == NULL)
+ tmp = str_unknown;
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<TR><TD>Cipher</TD><TD>%s</TD></TR>\n", tmp);
+
+ tmp = gnutls_mac_get_name(gnutls_mac_get(session));
+ if (tmp == NULL)
+ tmp = str_unknown;
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp);
+
+ tmp = gnutls_cipher_suite_get_name(kx_alg,
+ gnutls_cipher_get(session),
+ gnutls_mac_get(session));
+ if (tmp == NULL)
+ tmp = str_unknown;
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n",
+ tmp);
+
+ if (crtinfo) {
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<hr><PRE>%s\n</PRE>\n", crtinfo);
+ free(crtinfo);
+ }
+
+ snprintf(tmp_buffer, tmp_buffer_size,
+ "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n"
+ HTTP_END, header);
+
+ *ret_length = strlen(http_buffer);
+
+ return http_buffer;
}
-const char *
-human_addr (const struct sockaddr *sa, socklen_t salen,
- char *buf, size_t buflen)
+const char *human_addr(const struct sockaddr *sa, socklen_t salen,
+ char *buf, size_t buflen)
{
- const char *save_buf = buf;
- size_t l;
+ const char *save_buf = buf;
+ size_t l;
- if (!buf || !buflen)
- return NULL;
+ if (!buf || !buflen)
+ return NULL;
- *buf = '\0';
+ *buf = '\0';
- switch (sa->sa_family)
- {
+ switch (sa->sa_family) {
#if HAVE_IPV6
- case AF_INET6:
- snprintf (buf, buflen, "IPv6 ");
- break;
+ case AF_INET6:
+ snprintf(buf, buflen, "IPv6 ");
+ break;
#endif
- case AF_INET:
- snprintf (buf, buflen, "IPv4 ");
- break;
- }
+ case AF_INET:
+ snprintf(buf, buflen, "IPv4 ");
+ break;
+ }
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- if (getnameinfo (sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) != 0)
- return NULL;
+ if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) !=
+ 0)
+ return NULL;
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- strncat (buf, " port ", buflen);
+ strncat(buf, " port ", buflen);
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- if (getnameinfo (sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) != 0)
- return NULL;
+ if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) !=
+ 0)
+ return NULL;
- return save_buf;
+ return save_buf;
}
-int
-wait_for_connection (void)
+int wait_for_connection(void)
{
- listener_item *j;
- fd_set rd, wr;
- int n, sock = -1;
-
- FD_ZERO (&rd);
- FD_ZERO (&wr);
- n = 0;
-
- lloopstart (listener_list, j)
- {
- if (j->listen_socket)
- {
- FD_SET (j->fd, &rd);
- n = MAX (n, j->fd);
- }
- }
- lloopend (listener_list, j);
-
- /* waiting part */
- n = select (n + 1, &rd, &wr, NULL, NULL);
- if (n == -1 && errno == EINTR)
- return -1;
- if (n < 0)
- {
- perror ("select()");
- exit (1);
- }
-
- /* find which one is ready */
- lloopstart (listener_list, j)
- {
- /* a new connection has arrived */
- if (FD_ISSET (j->fd, &rd) && j->listen_socket)
- {
- sock = j->fd;
- break;
- }
- }
- lloopend (listener_list, j);
- return sock;
+ listener_item *j;
+ fd_set rd, wr;
+ int n, sock = -1;
+
+ FD_ZERO(&rd);
+ FD_ZERO(&wr);
+ n = 0;
+
+ lloopstart(listener_list, j) {
+ if (j->listen_socket) {
+ FD_SET(j->fd, &rd);
+ n = MAX(n, j->fd);
+ }
+ }
+ lloopend(listener_list, j);
+
+ /* waiting part */
+ n = select(n + 1, &rd, &wr, NULL, NULL);
+ if (n == -1 && errno == EINTR)
+ return -1;
+ if (n < 0) {
+ perror("select()");
+ exit(1);
+ }
+
+ /* find which one is ready */
+ lloopstart(listener_list, j) {
+ /* a new connection has arrived */
+ if (FD_ISSET(j->fd, &rd) && j->listen_socket) {
+ sock = j->fd;
+ break;
+ }
+ }
+ lloopend(listener_list, j);
+ return sock;
}
-int
-listen_socket (const char *name, int listen_port, int socktype)
+int listen_socket(const char *name, int listen_port, int socktype)
{
- struct addrinfo hints, *res, *ptr;
- char portname[6];
- int s;
- int yes;
- listener_item *j = NULL;
-
- snprintf (portname, sizeof (portname), "%d", listen_port);
- memset (&hints, 0, sizeof (hints));
- hints.ai_socktype = socktype;
- hints.ai_flags = AI_PASSIVE
+ struct addrinfo hints, *res, *ptr;
+ char portname[6];
+ int s;
+ int yes;
+ listener_item *j = NULL;
+
+ snprintf(portname, sizeof(portname), "%d", listen_port);
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = socktype;
+ hints.ai_flags = AI_PASSIVE
#ifdef AI_ADDRCONFIG
- | AI_ADDRCONFIG
+ | AI_ADDRCONFIG
#endif
- ;
+ ;
- if ((s = getaddrinfo (NULL, portname, &hints, &res)) != 0)
- {
- fprintf (stderr, "getaddrinfo() failed: %s\n", gai_strerror (s));
- return -1;
- }
+ if ((s = getaddrinfo(NULL, portname, &hints, &res)) != 0) {
+ fprintf(stderr, "getaddrinfo() failed: %s\n",
+ gai_strerror(s));
+ return -1;
+ }
- for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
- {
+ for (ptr = res; ptr != NULL; ptr = ptr->ai_next) {
#ifndef HAVE_IPV6
- if (ptr->ai_family != AF_INET)
- continue;
+ if (ptr->ai_family != AF_INET)
+ continue;
#endif
- /* Print what we are doing. */
- {
- char topbuf[512];
-
- fprintf (stderr, "%s listening on %s...",
- name, human_addr (ptr->ai_addr, ptr->ai_addrlen,
- topbuf, sizeof (topbuf)));
- }
-
- if ((s = socket (ptr->ai_family, ptr->ai_socktype,
- ptr->ai_protocol)) < 0)
- {
- perror ("socket() failed");
- continue;
- }
-
+ /* Print what we are doing. */
+ {
+ char topbuf[512];
+
+ fprintf(stderr, "%s listening on %s...",
+ name, human_addr(ptr->ai_addr,
+ ptr->ai_addrlen, topbuf,
+ sizeof(topbuf)));
+ }
+
+ if ((s = socket(ptr->ai_family, ptr->ai_socktype,
+ ptr->ai_protocol)) < 0) {
+ perror("socket() failed");
+ continue;
+ }
#if defined(HAVE_IPV6) && !defined(_WIN32)
- if (ptr->ai_family == AF_INET6)
- {
- yes = 1;
- /* avoid listen on ipv6 addresses failing
- * because already listening on ipv4 addresses: */
- setsockopt (s, IPPROTO_IPV6, IPV6_V6ONLY,
- (const void *) &yes, sizeof (yes));
- }
+ if (ptr->ai_family == AF_INET6) {
+ yes = 1;
+ /* avoid listen on ipv6 addresses failing
+ * because already listening on ipv4 addresses: */
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
+ (const void *) &yes, sizeof(yes));
+ }
#endif
- if (socktype == SOCK_STREAM)
- {
- yes = 1;
- if (setsockopt (s, SOL_SOCKET, SO_REUSEADDR,
- (const void *) &yes, sizeof (yes)) < 0)
- {
- perror ("setsockopt() failed");
- close (s);
- continue;
- }
- }
- else
- {
+ if (socktype == SOCK_STREAM) {
+ yes = 1;
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+ (const void *) &yes,
+ sizeof(yes)) < 0) {
+ perror("setsockopt() failed");
+ close(s);
+ continue;
+ }
+ } else {
#if defined(IP_DONTFRAG)
- yes = 1;
- if (setsockopt (s, IPPROTO_IP, IP_DONTFRAG,
- (const void *) &yes, sizeof (yes)) < 0)
- perror ("setsockopt(IP_DF) failed");
+ yes = 1;
+ if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG,
+ (const void *) &yes,
+ sizeof(yes)) < 0)
+ perror("setsockopt(IP_DF) failed");
#elif defined(IP_MTU_DISCOVER)
- yes = IP_PMTUDISC_DO;
- if (setsockopt (s, IPPROTO_IP, IP_MTU_DISCOVER,
- (const void *) &yes, sizeof (yes)) < 0)
- perror ("setsockopt(IP_DF) failed");
+ yes = IP_PMTUDISC_DO;
+ if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
+ (const void *) &yes,
+ sizeof(yes)) < 0)
+ perror("setsockopt(IP_DF) failed");
#endif
- }
-
- if (bind (s, ptr->ai_addr, ptr->ai_addrlen) < 0)
- {
- perror ("bind() failed");
- close (s);
- continue;
- }
-
- if (socktype == SOCK_STREAM)
- {
- if (listen (s, 10) < 0)
- {
- perror ("listen() failed");
- exit (1);
- }
- }
-
- /* new list entry for the connection */
- lappend (listener_list);
- j = listener_list.tail;
- j->listen_socket = 1;
- j->fd = s;
-
- /* Complete earlier message. */
- fprintf (stderr, "done\n");
- }
-
- fflush (stderr);
-
- freeaddrinfo (res);
-
- return s;
+ }
+
+ if (bind(s, ptr->ai_addr, ptr->ai_addrlen) < 0) {
+ perror("bind() failed");
+ close(s);
+ continue;
+ }
+
+ if (socktype == SOCK_STREAM) {
+ if (listen(s, 10) < 0) {
+ perror("listen() failed");
+ exit(1);
+ }
+ }
+
+ /* new list entry for the connection */
+ lappend(listener_list);
+ j = listener_list.tail;
+ j->listen_socket = 1;
+ j->fd = s;
+
+ /* Complete earlier message. */
+ fprintf(stderr, "done\n");
+ }
+
+ fflush(stderr);
+
+ freeaddrinfo(res);
+
+ return s;
}
/* strips \r\n from the end of the string
*/
-static void
-strip (char *data)
+static void strip(char *data)
{
- int i;
- int len = strlen (data);
-
- for (i = 0; i < len; i++)
- {
- if (data[i] == '\r' && data[i + 1] == '\n' && data[i + 1] == 0)
- {
- data[i] = '\n';
- data[i + 1] = 0;
- break;
- }
- }
+ int i;
+ int len = strlen(data);
+
+ for (i = 0; i < len; i++) {
+ if (data[i] == '\r' && data[i + 1] == '\n'
+ && data[i + 1] == 0) {
+ data[i] = '\n';
+ data[i + 1] = 0;
+ break;
+ }
+ }
}
static void
-get_response (gnutls_session_t session, char *request,
- char **response, int *response_length)
+get_response(gnutls_session_t session, char *request,
+ char **response, int *response_length)
{
- char *p, *h;
+ char *p, *h;
- if (http != 0)
- {
- if (strncmp (request, "GET ", 4))
- goto unimplemented;
+ if (http != 0) {
+ if (strncmp(request, "GET ", 4))
+ goto unimplemented;
- if (!(h = strchr (request, '\n')))
- goto unimplemented;
+ if (!(h = strchr(request, '\n')))
+ goto unimplemented;
- *h++ = '\0';
- while (*h == '\r' || *h == '\n')
- h++;
+ *h++ = '\0';
+ while (*h == '\r' || *h == '\n')
+ h++;
- if (!(p = strchr (request + 4, ' ')))
- goto unimplemented;
- *p = '\0';
- }
+ if (!(p = strchr(request + 4, ' ')))
+ goto unimplemented;
+ *p = '\0';
+ }
/* *response = peer_print_info(session, request+4, h, response_length); */
- if (http != 0)
- {
- *response = peer_print_info (session, response_length, h);
- }
- else
- {
- strip (request);
- fprintf (stderr, "received: %s\n", request);
- if (check_command (session, request))
- {
- *response = NULL;
- *response_length = 0;
- return;
- }
- *response = strdup (request);
- *response_length = ((*response) ? strlen (*response) : 0);
- }
-
- return;
-
-unimplemented:
- *response = strdup (HTTP_UNIMPLEMENTED);
- *response_length = ((*response) ? strlen (*response) : 0);
+ if (http != 0) {
+ *response = peer_print_info(session, response_length, h);
+ } else {
+ strip(request);
+ fprintf(stderr, "received: %s\n", request);
+ if (check_command(session, request)) {
+ *response = NULL;
+ *response_length = 0;
+ return;
+ }
+ *response = strdup(request);
+ *response_length = ((*response) ? strlen(*response) : 0);
+ }
+
+ return;
+
+ unimplemented:
+ *response = strdup(HTTP_UNIMPLEMENTED);
+ *response_length = ((*response) ? strlen(*response) : 0);
}
-static void terminate (int sig) __attribute__ ((noreturn));
+static void terminate(int sig) __attribute__ ((noreturn));
-static void
-terminate (int sig)
+static void terminate(int sig)
{
- fprintf (stderr, "Exiting via signal %d\n", sig);
- exit (1);
+ fprintf(stderr, "Exiting via signal %d\n", sig);
+ exit(1);
}
-static void
-check_alert (gnutls_session_t session, int ret)
+static void check_alert(gnutls_session_t session, int ret)
{
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
- || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- {
- int last_alert = gnutls_alert_get (session);
- if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
- ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
- printf
- ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n");
- else
- printf ("* Received alert '%d': %s.\n", last_alert,
- gnutls_alert_get_name (last_alert));
- }
+ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+ || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+ int last_alert = gnutls_alert_get(session);
+ if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
+ printf
+ ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n");
+ else
+ printf("* Received alert '%d': %s.\n", last_alert,
+ gnutls_alert_get_name(last_alert));
+ }
}
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-static void
-tls_audit_log_func (gnutls_session_t session, const char *str)
+static void tls_audit_log_func(gnutls_session_t session, const char *str)
{
- fprintf (stderr, "|<%p>| %s", session, str);
+ fprintf(stderr, "|<%p>| %s", session, str);
}
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- int ret, mtu, port;
- char name[256];
- int cert_set = 0;
+ int ret, mtu, port;
+ char name[256];
+ int cert_set = 0;
- cmd_parser (argc, argv);
+ cmd_parser(argc, argv);
#ifndef _WIN32
- signal (SIGHUP, SIG_IGN);
- signal (SIGTERM, terminate);
- if (signal (SIGINT, terminate) == SIG_IGN)
- signal (SIGINT, SIG_IGN); /* e.g. background process */
+ signal(SIGHUP, SIG_IGN);
+ signal(SIGTERM, terminate);
+ if (signal(SIGINT, terminate) == SIG_IGN)
+ signal(SIGINT, SIG_IGN); /* e.g. background process */
#endif
- sockets_init ();
-
- if (nodb == 0)
- wrap_db_init ();
+ sockets_init();
- if (HAVE_OPT (UDP))
- strcpy (name, "UDP ");
- else
- name[0] = 0;
+ if (nodb == 0)
+ wrap_db_init();
- if (http == 1)
- {
- strcat (name, "HTTP Server");
- }
- else
- {
- strcat (name, "Echo Server");
- }
+ if (HAVE_OPT(UDP))
+ strcpy(name, "UDP ");
+ else
+ name[0] = 0;
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_audit_log_function (tls_audit_log_func);
- gnutls_global_set_log_level (debug);
+ if (http == 1) {
+ strcat(name, "HTTP Server");
+ } else {
+ strcat(name, "Echo Server");
+ }
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_audit_log_function(tls_audit_log_func);
+ gnutls_global_set_log_level(debug);
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
#ifdef ENABLE_PKCS11
- pkcs11_common ();
+ pkcs11_common();
#endif
- /* Note that servers must generate parameters for
- * Diffie-Hellman. See gnutls_dh_params_generate(), and
- * gnutls_dh_params_set().
- */
- if (generate != 0)
- {
- generate_rsa_params ();
- generate_dh_primes ();
- }
- else if (dh_params_file)
- {
- read_dh_params ();
- }
- else
- {
- static_dh_params ();
- }
-
- if (gnutls_certificate_allocate_credentials (&cert_cred) < 0)
- {
- fprintf (stderr, "memory error\n");
- exit (1);
- }
-
- if (x509_cafile != NULL)
- {
- if ((ret = gnutls_certificate_set_x509_trust_file
- (cert_cred, x509_cafile, x509ctype)) < 0)
- {
- fprintf (stderr, "Error reading '%s'\n", x509_cafile);
- GERR (ret);
- exit (1);
- }
- else
- {
- printf ("Processed %d CA certificate(s).\n", ret);
- }
- }
- if (x509_crlfile != NULL)
- {
- if ((ret = gnutls_certificate_set_x509_crl_file
- (cert_cred, x509_crlfile, x509ctype)) < 0)
- {
- fprintf (stderr, "Error reading '%s'\n", x509_crlfile);
- GERR (ret);
- exit (1);
- }
- else
- {
- printf ("Processed %d CRL(s).\n", ret);
- }
- }
+ /* Note that servers must generate parameters for
+ * Diffie-Hellman. See gnutls_dh_params_generate(), and
+ * gnutls_dh_params_set().
+ */
+ if (generate != 0) {
+ generate_rsa_params();
+ generate_dh_primes();
+ } else if (dh_params_file) {
+ read_dh_params();
+ } else {
+ static_dh_params();
+ }
+
+ if (gnutls_certificate_allocate_credentials(&cert_cred) < 0) {
+ fprintf(stderr, "memory error\n");
+ exit(1);
+ }
+ if (x509_cafile != NULL) {
+ if ((ret = gnutls_certificate_set_x509_trust_file
+ (cert_cred, x509_cafile, x509ctype)) < 0) {
+ fprintf(stderr, "Error reading '%s'\n",
+ x509_cafile);
+ GERR(ret);
+ exit(1);
+ } else {
+ printf("Processed %d CA certificate(s).\n", ret);
+ }
+ }
+ if (x509_crlfile != NULL) {
+ if ((ret = gnutls_certificate_set_x509_crl_file
+ (cert_cred, x509_crlfile, x509ctype)) < 0) {
+ fprintf(stderr, "Error reading '%s'\n",
+ x509_crlfile);
+ GERR(ret);
+ exit(1);
+ } else {
+ printf("Processed %d CRL(s).\n", ret);
+ }
+ }
#ifdef ENABLE_OPENPGP
- if (pgp_keyring != NULL)
- {
- ret =
- gnutls_certificate_set_openpgp_keyring_file (cert_cred, pgp_keyring,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (ret < 0)
- {
- fprintf (stderr, "Error setting the OpenPGP keyring file\n");
- GERR (ret);
- }
- }
-
- if (pgp_certfile != NULL && pgp_keyfile != NULL)
- {
- if (HAVE_OPT (PGPSUBKEY))
- ret = gnutls_certificate_set_openpgp_key_file2
- (cert_cred, pgp_certfile, pgp_keyfile, OPT_ARG (PGPSUBKEY),
- GNUTLS_OPENPGP_FMT_BASE64);
- else
- ret = gnutls_certificate_set_openpgp_key_file
- (cert_cred, pgp_certfile, pgp_keyfile, GNUTLS_OPENPGP_FMT_BASE64);
-
- if (ret < 0)
- {
- fprintf (stderr,
- "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
- ret, pgp_certfile, pgp_keyfile);
- GERR (ret);
- }
- else
- cert_set = 1;
- }
+ if (pgp_keyring != NULL) {
+ ret =
+ gnutls_certificate_set_openpgp_keyring_file(cert_cred,
+ pgp_keyring,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error setting the OpenPGP keyring file\n");
+ GERR(ret);
+ }
+ }
+
+ if (pgp_certfile != NULL && pgp_keyfile != NULL) {
+ if (HAVE_OPT(PGPSUBKEY))
+ ret = gnutls_certificate_set_openpgp_key_file2
+ (cert_cred, pgp_certfile, pgp_keyfile,
+ OPT_ARG(PGPSUBKEY),
+ GNUTLS_OPENPGP_FMT_BASE64);
+ else
+ ret = gnutls_certificate_set_openpgp_key_file
+ (cert_cred, pgp_certfile, pgp_keyfile,
+ GNUTLS_OPENPGP_FMT_BASE64);
+
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
+ ret, pgp_certfile, pgp_keyfile);
+ GERR(ret);
+ } else
+ cert_set = 1;
+ }
#endif
- if (x509_certfile != NULL && x509_keyfile != NULL)
- {
- ret = gnutls_certificate_set_x509_key_file
- (cert_cred, x509_certfile, x509_keyfile, x509ctype);
- if (ret < 0)
- {
- fprintf (stderr,
- "Error reading '%s' or '%s'\n", x509_certfile, x509_keyfile);
- GERR (ret);
- exit (1);
- }
- else
- cert_set = 1;
- }
-
- if (x509_dsacertfile != NULL && x509_dsakeyfile != NULL)
- {
- ret = gnutls_certificate_set_x509_key_file
- (cert_cred, x509_dsacertfile, x509_dsakeyfile, x509ctype);
- if (ret < 0)
- {
- fprintf (stderr,
- "Error reading '%s' or '%s'\n", x509_dsacertfile, x509_dsakeyfile);
- GERR (ret);
- exit (1);
- }
- else
- cert_set = 1;
- }
-
- if (x509_ecccertfile != NULL && x509_ecckeyfile != NULL)
- {
- ret = gnutls_certificate_set_x509_key_file
- (cert_cred, x509_ecccertfile, x509_ecckeyfile, x509ctype);
- if (ret < 0)
- {
- fprintf (stderr,
- "Error reading '%s' or '%s'\n", x509_ecccertfile, x509_ecckeyfile);
- GERR (ret);
- exit (1);
- }
- else
- cert_set = 1;
- }
-
- if (cert_set == 0)
- {
- fprintf(stderr, "Warning: no private key and certificate pairs were set.\n");
- }
-
- /* OCSP status-request TLS extension */
- if (status_response_ocsp)
- {
- if (gnutls_certificate_set_ocsp_status_request_file (cert_cred, status_response_ocsp, 0) < 0)
- {
- fprintf (stderr, "Cannot set OCSP status request file: %s\n", gnutls_strerror(ret));
- exit (1);
+ if (x509_certfile != NULL && x509_keyfile != NULL) {
+ ret = gnutls_certificate_set_x509_key_file
+ (cert_cred, x509_certfile, x509_keyfile, x509ctype);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error reading '%s' or '%s'\n",
+ x509_certfile, x509_keyfile);
+ GERR(ret);
+ exit(1);
+ } else
+ cert_set = 1;
+ }
+
+ if (x509_dsacertfile != NULL && x509_dsakeyfile != NULL) {
+ ret = gnutls_certificate_set_x509_key_file
+ (cert_cred, x509_dsacertfile, x509_dsakeyfile,
+ x509ctype);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error reading '%s' or '%s'\n",
+ x509_dsacertfile, x509_dsakeyfile);
+ GERR(ret);
+ exit(1);
+ } else
+ cert_set = 1;
}
- }
- gnutls_certificate_set_params_function (cert_cred, get_params);
+ if (x509_ecccertfile != NULL && x509_ecckeyfile != NULL) {
+ ret = gnutls_certificate_set_x509_key_file
+ (cert_cred, x509_ecccertfile, x509_ecckeyfile,
+ x509ctype);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error reading '%s' or '%s'\n",
+ x509_ecccertfile, x509_ecckeyfile);
+ GERR(ret);
+ exit(1);
+ } else
+ cert_set = 1;
+ }
+
+ if (cert_set == 0) {
+ fprintf(stderr,
+ "Warning: no private key and certificate pairs were set.\n");
+ }
+
+ /* OCSP status-request TLS extension */
+ if (status_response_ocsp) {
+ if (gnutls_certificate_set_ocsp_status_request_file
+ (cert_cred, status_response_ocsp, 0) < 0) {
+ fprintf(stderr,
+ "Cannot set OCSP status request file: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ gnutls_certificate_set_params_function(cert_cred, get_params);
/* gnutls_certificate_set_dh_params(cert_cred, dh_params);
* gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
*/
- /* this is a password file (created with the included srpcrypt utility)
- * Read README.crypt prior to using SRP.
- */
+ /* this is a password file (created with the included srpcrypt utility)
+ * Read README.crypt prior to using SRP.
+ */
#ifdef ENABLE_SRP
- if (srp_passwd != NULL)
- {
- gnutls_srp_allocate_server_credentials (&srp_cred);
-
- if ((ret =
- gnutls_srp_set_server_credentials_file (srp_cred, srp_passwd,
- srp_passwd_conf)) < 0)
- {
- /* only exit is this function is not disabled
- */
- fprintf (stderr, "Error while setting SRP parameters\n");
- GERR (ret);
- }
- }
+ if (srp_passwd != NULL) {
+ gnutls_srp_allocate_server_credentials(&srp_cred);
+
+ if ((ret =
+ gnutls_srp_set_server_credentials_file(srp_cred,
+ srp_passwd,
+ srp_passwd_conf))
+ < 0) {
+ /* only exit is this function is not disabled
+ */
+ fprintf(stderr,
+ "Error while setting SRP parameters\n");
+ GERR(ret);
+ }
+ }
#endif
- /* this is a password file
- */
+ /* this is a password file
+ */
#ifdef ENABLE_PSK
- if (psk_passwd != NULL)
- {
- gnutls_psk_allocate_server_credentials (&psk_cred);
-
- if ((ret =
- gnutls_psk_set_server_credentials_file (psk_cred, psk_passwd)) < 0)
- {
- /* only exit is this function is not disabled
- */
- fprintf (stderr, "Error while setting PSK parameters\n");
- GERR (ret);
- }
-
- if (HAVE_OPT (PSKHINT))
- {
- ret = gnutls_psk_set_server_credentials_hint (psk_cred,
- OPT_ARG (PSKHINT));
- if (ret)
- {
- fprintf (stderr, "Error setting PSK identity hint.\n");
- GERR (ret);
- }
- }
-
- gnutls_psk_set_server_params_function (psk_cred, get_params);
- }
+ if (psk_passwd != NULL) {
+ gnutls_psk_allocate_server_credentials(&psk_cred);
+
+ if ((ret =
+ gnutls_psk_set_server_credentials_file(psk_cred,
+ psk_passwd)) <
+ 0) {
+ /* only exit is this function is not disabled
+ */
+ fprintf(stderr,
+ "Error while setting PSK parameters\n");
+ GERR(ret);
+ }
+
+ if (HAVE_OPT(PSKHINT)) {
+ ret =
+ gnutls_psk_set_server_credentials_hint
+ (psk_cred, OPT_ARG(PSKHINT));
+ if (ret) {
+ fprintf(stderr,
+ "Error setting PSK identity hint.\n");
+ GERR(ret);
+ }
+ }
+
+ gnutls_psk_set_server_params_function(psk_cred,
+ get_params);
+ }
#endif
#ifdef ENABLE_ANON
- gnutls_anon_allocate_server_credentials (&dh_cred);
- gnutls_anon_set_server_params_function (dh_cred, get_params);
+ gnutls_anon_allocate_server_credentials(&dh_cred);
+ gnutls_anon_set_server_params_function(dh_cred, get_params);
/* gnutls_anon_set_server_dh_params(dh_cred, dh_params); */
#endif
- if (noticket == 0)
- gnutls_session_ticket_key_generate (&session_ticket_key);
-
- if (HAVE_OPT (MTU))
- mtu = OPT_VALUE_MTU;
- else
- mtu = 1300;
-
- if (HAVE_OPT (PORT))
- port = OPT_VALUE_PORT;
- else
- port = 5556;
-
- if (HAVE_OPT (UDP))
- udp_server (name, port, mtu);
- else
- tcp_server (name, port);
-
- return 0;
+ if (noticket == 0)
+ gnutls_session_ticket_key_generate(&session_ticket_key);
+
+ if (HAVE_OPT(MTU))
+ mtu = OPT_VALUE_MTU;
+ else
+ mtu = 1300;
+
+ if (HAVE_OPT(PORT))
+ port = OPT_VALUE_PORT;
+ else
+ port = 5556;
+
+ if (HAVE_OPT(UDP))
+ udp_server(name, port, mtu);
+ else
+ tcp_server(name, port);
+
+ return 0;
}
-static void
-tcp_server (const char *name, int port)
+static void tcp_server(const char *name, int port)
{
- int n, s;
- char topbuf[512];
- int accept_fd;
- struct sockaddr_storage client_address;
- socklen_t calen;
-
- s = listen_socket (name, port, SOCK_STREAM);
- if (s < 0)
- exit (1);
-
- for (;;)
- {
- listener_item *j;
- fd_set rd, wr;
+ int n, s;
+ char topbuf[512];
+ int accept_fd;
+ struct sockaddr_storage client_address;
+ socklen_t calen;
+
+ s = listen_socket(name, port, SOCK_STREAM);
+ if (s < 0)
+ exit(1);
+
+ for (;;) {
+ listener_item *j;
+ fd_set rd, wr;
#ifndef _WIN32
- int val;
+ int val;
#endif
- FD_ZERO (&rd);
- FD_ZERO (&wr);
- n = 0;
+ FD_ZERO(&rd);
+ FD_ZERO(&wr);
+ n = 0;
/* flag which connections we are reading or writing to within the fd sets */
- lloopstart (listener_list, j)
- {
+ lloopstart(listener_list, j) {
#ifndef _WIN32
- val = fcntl (j->fd, F_GETFL, 0);
- if ((val == -1) || (fcntl (j->fd, F_SETFL, val | O_NONBLOCK) < 0))
- {
- perror ("fcntl()");
- exit (1);
- }
+ val = fcntl(j->fd, F_GETFL, 0);
+ if ((val == -1)
+ || (fcntl(j->fd, F_SETFL, val | O_NONBLOCK) <
+ 0)) {
+ perror("fcntl()");
+ exit(1);
+ }
#endif
- if (j->listen_socket)
- {
- FD_SET (j->fd, &rd);
- n = MAX (n, j->fd);
- }
- if (j->http_state == HTTP_STATE_REQUEST)
- {
- FD_SET (j->fd, &rd);
- n = MAX (n, j->fd);
- }
- if (j->http_state == HTTP_STATE_RESPONSE)
- {
- FD_SET (j->fd, &wr);
- n = MAX (n, j->fd);
- }
- }
- lloopend (listener_list, j);
+ if (j->listen_socket) {
+ FD_SET(j->fd, &rd);
+ n = MAX(n, j->fd);
+ }
+ if (j->http_state == HTTP_STATE_REQUEST) {
+ FD_SET(j->fd, &rd);
+ n = MAX(n, j->fd);
+ }
+ if (j->http_state == HTTP_STATE_RESPONSE) {
+ FD_SET(j->fd, &wr);
+ n = MAX(n, j->fd);
+ }
+ }
+ lloopend(listener_list, j);
/* core operation */
- n = select (n + 1, &rd, &wr, NULL, NULL);
- if (n == -1 && errno == EINTR)
- continue;
- if (n < 0)
- {
- perror ("select()");
- exit (1);
- }
+ n = select(n + 1, &rd, &wr, NULL, NULL);
+ if (n == -1 && errno == EINTR)
+ continue;
+ if (n < 0) {
+ perror("select()");
+ exit(1);
+ }
/* read or write to each connection as indicated by select()'s return argument */
- lloopstart (listener_list, j)
- {
-
- /* a new connection has arrived */
- if (FD_ISSET (j->fd, &rd) && j->listen_socket)
- {
- gnutls_session_t tls_session;
-
- tls_session = initialize_session (0);
-
- calen = sizeof (client_address);
- memset (&client_address, 0, calen);
- accept_fd = accept (j->fd, (struct sockaddr *) &client_address,
- &calen);
-
- if (accept_fd < 0)
- {
- perror ("accept()");
- }
- else
- {
- time_t tt;
- char *ctt;
-
- /* new list entry for the connection */
- lappend (listener_list);
- j = listener_list.tail;
- j->http_request = (char *) strdup ("");
- j->http_state = HTTP_STATE_REQUEST;
- j->fd = accept_fd;
-
- j->tls_session = tls_session;
- gnutls_transport_set_int (tls_session, accept_fd);
- j->handshake_ok = 0;
-
- if (verbose != 0)
- {
- tt = time (0);
- ctt = ctime (&tt);
- ctt[strlen (ctt) - 1] = 0;
-
- printf ("\n* Accepted connection from %s on %s\n",
- human_addr ((struct sockaddr *)
- &client_address, calen, topbuf,
- sizeof (topbuf)), ctt);
- }
- }
- }
-
- if (FD_ISSET (j->fd, &rd) && !j->listen_socket)
- {
+ lloopstart(listener_list, j) {
+
+ /* a new connection has arrived */
+ if (FD_ISSET(j->fd, &rd) && j->listen_socket) {
+ gnutls_session_t tls_session;
+
+ tls_session = initialize_session(0);
+
+ calen = sizeof(client_address);
+ memset(&client_address, 0, calen);
+ accept_fd =
+ accept(j->fd,
+ (struct sockaddr *)
+ &client_address, &calen);
+
+ if (accept_fd < 0) {
+ perror("accept()");
+ } else {
+ time_t tt;
+ char *ctt;
+
+ /* new list entry for the connection */
+ lappend(listener_list);
+ j = listener_list.tail;
+ j->http_request =
+ (char *) strdup("");
+ j->http_state = HTTP_STATE_REQUEST;
+ j->fd = accept_fd;
+
+ j->tls_session = tls_session;
+ gnutls_transport_set_int
+ (tls_session, accept_fd);
+ j->handshake_ok = 0;
+
+ if (verbose != 0) {
+ tt = time(0);
+ ctt = ctime(&tt);
+ ctt[strlen(ctt) - 1] = 0;
+
+ printf
+ ("\n* Accepted connection from %s on %s\n",
+ human_addr((struct
+ sockaddr
+ *)
+ &client_address,
+ calen,
+ topbuf,
+ sizeof
+ (topbuf)),
+ ctt);
+ }
+ }
+ }
+
+ if (FD_ISSET(j->fd, &rd) && !j->listen_socket) {
/* read partial GET request */
- char buf[1024];
- int r, ret;
-
- if (j->handshake_ok == 0)
- {
- r = gnutls_handshake (j->tls_session);
- if (r < 0 && gnutls_error_is_fatal (r) == 0)
- {
- check_alert (j->tls_session, r);
- /* nothing */
- }
- else if (r < 0 && gnutls_error_is_fatal (r) == 1)
- {
- check_alert (j->tls_session, r);
- fprintf (stderr, "Error in handshake\n");
- GERR (r);
-
- do
- {
- ret =
- gnutls_alert_send_appropriate (j->tls_session, r);
- }
- while (ret == GNUTLS_E_AGAIN
- || ret == GNUTLS_E_INTERRUPTED);
- j->http_state = HTTP_STATE_CLOSING;
- }
- else if (r == 0)
- {
- if (gnutls_session_is_resumed (j->tls_session) != 0
- && verbose != 0)
- printf ("*** This is a resumed session\n");
-
- if (verbose != 0)
- {
- printf ("\n* Successful handshake from %s\n",
- human_addr ((struct sockaddr *)
- &client_address, calen, topbuf,
- sizeof (topbuf)));
- print_info (j->tls_session, verbose, verbose);
- if (gnutls_auth_get_type (j->tls_session) ==
- GNUTLS_CRD_CERTIFICATE)
- cert_verify (j->tls_session, NULL);
- }
- j->handshake_ok = 1;
- }
- }
-
- if (j->handshake_ok == 1)
- {
- r = gnutls_record_recv (j->tls_session, buf,
- MIN (1024, SMALL_READ_TEST));
- if (r == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
- {
- gnutls_heartbeat_pong(j->tls_session, 0);
- }
- if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
- {
- /* do nothing */
- }
- else if (r <= 0)
- {
- if (r == GNUTLS_E_REHANDSHAKE)
- {
- fprintf (stderr, "*** Received hello message\n");
- do
- {
- r = gnutls_handshake (j->tls_session);
- }
- while (r == GNUTLS_E_INTERRUPTED
- || r == GNUTLS_E_AGAIN);
-
- if (r < 0)
- {
- do
- {
- ret = gnutls_alert_send_appropriate
- (j->tls_session, r);
- }
- while (ret == GNUTLS_E_AGAIN
- || ret == GNUTLS_E_INTERRUPTED);
-
- GERR (r);
- j->http_state = HTTP_STATE_CLOSING;
- }
- }
- else
- {
- if (r < 0)
- {
- if (r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
- {
- j->http_state = HTTP_STATE_CLOSING;
- check_alert (j->tls_session, r);
- fprintf (stderr,
- "Error while receiving data\n");
- GERR (r);
- }
- }
- }
- }
- else
- {
- j->http_request =
- realloc (j->http_request, j->request_length + r + 1);
- if (j->http_request != NULL)
- {
- memcpy (j->http_request + j->request_length, buf, r);
- j->request_length += r;
- j->http_request[j->request_length] = '\0';
- }
- else
- j->http_state = HTTP_STATE_CLOSING;
-
- }
+ char buf[1024];
+ int r, ret;
+
+ if (j->handshake_ok == 0) {
+ r = gnutls_handshake(j->
+ tls_session);
+ if (r < 0
+ && gnutls_error_is_fatal(r) ==
+ 0) {
+ check_alert(j->tls_session,
+ r);
+ /* nothing */
+ } else if (r < 0
+ &&
+ gnutls_error_is_fatal(r)
+ == 1) {
+ check_alert(j->tls_session,
+ r);
+ fprintf(stderr,
+ "Error in handshake\n");
+ GERR(r);
+
+ do {
+ ret =
+ gnutls_alert_send_appropriate
+ (j->
+ tls_session,
+ r);
+ }
+ while (ret ==
+ GNUTLS_E_AGAIN
+ || ret ==
+ GNUTLS_E_INTERRUPTED);
+ j->http_state =
+ HTTP_STATE_CLOSING;
+ } else if (r == 0) {
+ if (gnutls_session_is_resumed(j->tls_session) != 0 && verbose != 0)
+ printf
+ ("*** This is a resumed session\n");
+
+ if (verbose != 0) {
+ printf
+ ("\n* Successful handshake from %s\n",
+ human_addr((struct sockaddr *)
+ &client_address,
+ calen,
+ topbuf,
+ sizeof
+ (topbuf)));
+ print_info(j->
+ tls_session,
+ verbose,
+ verbose);
+ if (gnutls_auth_get_type(j->tls_session) == GNUTLS_CRD_CERTIFICATE)
+ cert_verify
+ (j->
+ tls_session,
+ NULL);
+ }
+ j->handshake_ok = 1;
+ }
+ }
+
+ if (j->handshake_ok == 1) {
+ r = gnutls_record_recv(j->
+ tls_session,
+ buf,
+ MIN(1024,
+ SMALL_READ_TEST));
+ if (r ==
+ GNUTLS_E_HEARTBEAT_PING_RECEIVED)
+ {
+ gnutls_heartbeat_pong(j->
+ tls_session,
+ 0);
+ }
+ if (r == GNUTLS_E_INTERRUPTED
+ || r == GNUTLS_E_AGAIN) {
+ /* do nothing */
+ } else if (r <= 0) {
+ if (r ==
+ GNUTLS_E_REHANDSHAKE) {
+ fprintf(stderr,
+ "*** Received hello message\n");
+ do {
+ r = gnutls_handshake(j->tls_session);
+ }
+ while (r ==
+ GNUTLS_E_INTERRUPTED
+ || r ==
+ GNUTLS_E_AGAIN);
+
+ if (r < 0) {
+ do {
+ ret = gnutls_alert_send_appropriate(j->tls_session, r);
+ }
+ while (ret
+ ==
+ GNUTLS_E_AGAIN
+ ||
+ ret
+ ==
+ GNUTLS_E_INTERRUPTED);
+
+ GERR(r);
+ j->http_state = HTTP_STATE_CLOSING;
+ }
+ } else {
+ if (r < 0) {
+ if (r !=
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
+ {
+ j->http_state = HTTP_STATE_CLOSING;
+ check_alert
+ (j->
+ tls_session,
+ r);
+ fprintf
+ (stderr,
+ "Error while receiving data\n");
+ GERR(r);
+ }
+ }
+ }
+ } else {
+ j->http_request =
+ realloc(j->
+ http_request,
+ j->
+ request_length
+ + r + 1);
+ if (j->http_request !=
+ NULL) {
+ memcpy(j->
+ http_request
+ +
+ j->
+ request_length,
+ buf, r);
+ j->request_length
+ += r;
+ j->http_request[j->
+ request_length]
+ = '\0';
+ } else
+ j->http_state =
+ HTTP_STATE_CLOSING;
+
+ }
/* check if we have a full HTTP header */
- j->http_response = NULL;
- if (j->http_request != NULL)
- {
- if ((http == 0 && strchr (j->http_request, '\n'))
- || strstr (j->http_request, "\r\n\r\n")
- || strstr (j->http_request, "\n\n"))
- {
- get_response (j->tls_session, j->http_request,
- &j->http_response, &j->response_length);
- j->http_state = HTTP_STATE_RESPONSE;
- j->response_written = 0;
- }
- }
- }
- }
- if (FD_ISSET (j->fd, &wr))
- {
+ j->http_response = NULL;
+ if (j->http_request != NULL) {
+ if ((http == 0
+ && strchr(j->
+ http_request,
+ '\n'))
+ || strstr(j->
+ http_request,
+ "\r\n\r\n")
+ || strstr(j->
+ http_request,
+ "\n\n")) {
+ get_response(j->
+ tls_session,
+ j->
+ http_request,
+ &j->
+ http_response,
+ &j->
+ response_length);
+ j->http_state =
+ HTTP_STATE_RESPONSE;
+ j->response_written
+ = 0;
+ }
+ }
+ }
+ }
+ if (FD_ISSET(j->fd, &wr)) {
/* write partial response request */
- int r;
-
- if (j->handshake_ok == 0)
- {
- r = gnutls_handshake (j->tls_session);
- if (r < 0 && gnutls_error_is_fatal (r) == 0)
- {
- check_alert (j->tls_session, r);
- /* nothing */
- }
- else if (r < 0 && gnutls_error_is_fatal (r) == 1)
- {
- int ret;
-
- j->http_state = HTTP_STATE_CLOSING;
- check_alert (j->tls_session, r);
- fprintf (stderr, "Error in handshake\n");
- GERR (r);
-
- do
- {
- ret =
- gnutls_alert_send_appropriate (j->tls_session, r);
- }
- while (ret == GNUTLS_E_AGAIN);
- }
- else if (r == 0)
- {
- if (gnutls_session_is_resumed (j->tls_session) != 0
- && verbose != 0)
- printf ("*** This is a resumed session\n");
- if (verbose != 0)
- {
- printf ("- connection from %s\n",
- human_addr ((struct sockaddr *)
- &client_address, calen, topbuf,
- sizeof (topbuf)));
-
- print_info (j->tls_session, verbose, verbose);
- if (gnutls_auth_get_type (j->tls_session) ==
- GNUTLS_CRD_CERTIFICATE)
- cert_verify (j->tls_session, NULL);
- }
- j->handshake_ok = 1;
- }
- }
-
- if (j->handshake_ok == 1 && j->http_response != NULL)
- {
- /* FIXME if j->http_response == NULL? */
- r = gnutls_record_send (j->tls_session,
- j->http_response +
- j->response_written,
- MIN (j->response_length -
- j->response_written,
- SMALL_READ_TEST));
- if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
- {
- /* do nothing */
- }
- else if (r <= 0)
- {
- if (http != 0)
- j->http_state = HTTP_STATE_CLOSING;
- else
- {
- j->http_state = HTTP_STATE_REQUEST;
- free (j->http_response);
- j->response_length = 0;
- j->request_length = 0;
- j->http_request[0] = 0;
- }
-
- if (r < 0)
- {
- fprintf (stderr, "Error while sending data\n");
- GERR (r);
- }
- check_alert (j->tls_session, r);
- }
- else
- {
- j->response_written += r;
+ int r;
+
+ if (j->handshake_ok == 0) {
+ r = gnutls_handshake(j->
+ tls_session);
+ if (r < 0
+ && gnutls_error_is_fatal(r) ==
+ 0) {
+ check_alert(j->tls_session,
+ r);
+ /* nothing */
+ } else if (r < 0
+ &&
+ gnutls_error_is_fatal(r)
+ == 1) {
+ int ret;
+
+ j->http_state =
+ HTTP_STATE_CLOSING;
+ check_alert(j->tls_session,
+ r);
+ fprintf(stderr,
+ "Error in handshake\n");
+ GERR(r);
+
+ do {
+ ret =
+ gnutls_alert_send_appropriate
+ (j->
+ tls_session,
+ r);
+ }
+ while (ret ==
+ GNUTLS_E_AGAIN);
+ } else if (r == 0) {
+ if (gnutls_session_is_resumed(j->tls_session) != 0 && verbose != 0)
+ printf
+ ("*** This is a resumed session\n");
+ if (verbose != 0) {
+ printf
+ ("- connection from %s\n",
+ human_addr((struct sockaddr *)
+ &client_address,
+ calen,
+ topbuf,
+ sizeof
+ (topbuf)));
+
+ print_info(j->
+ tls_session,
+ verbose,
+ verbose);
+ if (gnutls_auth_get_type(j->tls_session) == GNUTLS_CRD_CERTIFICATE)
+ cert_verify
+ (j->
+ tls_session,
+ NULL);
+ }
+ j->handshake_ok = 1;
+ }
+ }
+
+ if (j->handshake_ok == 1
+ && j->http_response != NULL) {
+ /* FIXME if j->http_response == NULL? */
+ r = gnutls_record_send(j->
+ tls_session,
+ j->
+ http_response
+ +
+ j->
+ response_written,
+ MIN(j->
+ response_length
+ -
+ j->
+ response_written,
+ SMALL_READ_TEST));
+ if (r == GNUTLS_E_INTERRUPTED
+ || r == GNUTLS_E_AGAIN) {
+ /* do nothing */
+ } else if (r <= 0) {
+ if (http != 0)
+ j->http_state =
+ HTTP_STATE_CLOSING;
+ else {
+ j->http_state =
+ HTTP_STATE_REQUEST;
+ free(j->
+ http_response);
+ j->response_length
+ = 0;
+ j->request_length =
+ 0;
+ j->http_request[0]
+ = 0;
+ }
+
+ if (r < 0) {
+ fprintf(stderr,
+ "Error while sending data\n");
+ GERR(r);
+ }
+ check_alert(j->tls_session,
+ r);
+ } else {
+ j->response_written += r;
/* check if we have written a complete response */
- if (j->response_written == j->response_length)
- {
- if (http != 0)
- j->http_state = HTTP_STATE_CLOSING;
- else
- {
- j->http_state = HTTP_STATE_REQUEST;
- free (j->http_response);
- j->response_length = 0;
- j->request_length = 0;
- j->http_request[0] = 0;
- }
- }
- }
- }
- else
- {
- j->request_length = 0;
- j->http_request[0] = 0;
- j->http_state = HTTP_STATE_REQUEST;
- }
- }
- }
- lloopend (listener_list, j);
+ if (j->response_written ==
+ j->response_length) {
+ if (http != 0)
+ j->http_state = HTTP_STATE_CLOSING;
+ else {
+ j->http_state = HTTP_STATE_REQUEST;
+ free(j->
+ http_response);
+ j->response_length = 0;
+ j->request_length = 0;
+ j->http_request[0] = 0;
+ }
+ }
+ }
+ } else {
+ j->request_length = 0;
+ j->http_request[0] = 0;
+ j->http_state = HTTP_STATE_REQUEST;
+ }
+ }
+ }
+ lloopend(listener_list, j);
/* loop through all connections, closing those that are in error */
- lloopstart (listener_list, j)
- {
- if (j->http_state == HTTP_STATE_CLOSING)
- {
- ldeleteinc (listener_list, j);
- }
- }
- lloopend (listener_list, j);
- }
+ lloopstart(listener_list, j) {
+ if (j->http_state == HTTP_STATE_CLOSING) {
+ ldeleteinc(listener_list, j);
+ }
+ }
+ lloopend(listener_list, j);
+ }
- gnutls_certificate_free_credentials (cert_cred);
+ gnutls_certificate_free_credentials(cert_cred);
#ifdef ENABLE_SRP
- if (srp_cred)
- gnutls_srp_free_server_credentials (srp_cred);
+ if (srp_cred)
+ gnutls_srp_free_server_credentials(srp_cred);
#endif
#ifdef ENABLE_PSK
- if (psk_cred)
- gnutls_psk_free_server_credentials (psk_cred);
+ if (psk_cred)
+ gnutls_psk_free_server_credentials(psk_cred);
#endif
#ifdef ENABLE_ANON
- gnutls_anon_free_server_credentials (dh_cred);
+ gnutls_anon_free_server_credentials(dh_cred);
#endif
- if (noticket == 0)
- gnutls_free (session_ticket_key.data);
+ if (noticket == 0)
+ gnutls_free(session_ticket_key.data);
- if (nodb == 0)
- wrap_db_deinit ();
- gnutls_global_deinit ();
+ if (nodb == 0)
+ wrap_db_deinit();
+ gnutls_global_deinit();
}
-static void
-cmd_parser (int argc, char **argv)
+static void cmd_parser(int argc, char **argv)
{
- optionProcess (&gnutls_servOptions, argc, argv);
+ optionProcess(&gnutls_servOptions, argc, argv);
- disable_client_cert = HAVE_OPT (DISABLE_CLIENT_CERT);
- require_cert = HAVE_OPT (REQUIRE_CLIENT_CERT);
- if (HAVE_OPT (DEBUG))
- debug = OPT_VALUE_DEBUG;
+ disable_client_cert = HAVE_OPT(DISABLE_CLIENT_CERT);
+ require_cert = HAVE_OPT(REQUIRE_CLIENT_CERT);
+ if (HAVE_OPT(DEBUG))
+ debug = OPT_VALUE_DEBUG;
- if (HAVE_OPT (QUIET))
- verbose = 0;
+ if (HAVE_OPT(QUIET))
+ verbose = 0;
- if (HAVE_OPT (PRIORITY))
- priorities = OPT_ARG (PRIORITY);
+ if (HAVE_OPT(PRIORITY))
+ priorities = OPT_ARG(PRIORITY);
- if (HAVE_OPT (LIST))
- {
- print_list (priorities, verbose);
- exit (0);
- }
+ if (HAVE_OPT(LIST)) {
+ print_list(priorities, verbose);
+ exit(0);
+ }
- nodb = HAVE_OPT (NODB);
- noticket = HAVE_OPT (NOTICKET);
+ nodb = HAVE_OPT(NODB);
+ noticket = HAVE_OPT(NOTICKET);
- if (HAVE_OPT (ECHO))
- http = 0;
- else
- http = 1;
+ if (HAVE_OPT(ECHO))
+ http = 0;
+ else
+ http = 1;
- if (HAVE_OPT (X509FMTDER))
- x509ctype = GNUTLS_X509_FMT_DER;
- else
- x509ctype = GNUTLS_X509_FMT_PEM;
+ if (HAVE_OPT(X509FMTDER))
+ x509ctype = GNUTLS_X509_FMT_DER;
+ else
+ x509ctype = GNUTLS_X509_FMT_PEM;
- generate = HAVE_OPT (GENERATE);
+ generate = HAVE_OPT(GENERATE);
- if (HAVE_OPT (DHPARAMS))
- dh_params_file = OPT_ARG (DHPARAMS);
+ if (HAVE_OPT(DHPARAMS))
+ dh_params_file = OPT_ARG(DHPARAMS);
- if (HAVE_OPT (X509KEYFILE))
- x509_keyfile = OPT_ARG (X509KEYFILE);
- if (HAVE_OPT (X509CERTFILE))
- x509_certfile = OPT_ARG (X509CERTFILE);
+ if (HAVE_OPT(X509KEYFILE))
+ x509_keyfile = OPT_ARG(X509KEYFILE);
+ if (HAVE_OPT(X509CERTFILE))
+ x509_certfile = OPT_ARG(X509CERTFILE);
- if (HAVE_OPT (X509DSAKEYFILE))
- x509_dsakeyfile = OPT_ARG (X509DSAKEYFILE);
- if (HAVE_OPT (X509DSACERTFILE))
- x509_dsacertfile = OPT_ARG (X509DSACERTFILE);
+ if (HAVE_OPT(X509DSAKEYFILE))
+ x509_dsakeyfile = OPT_ARG(X509DSAKEYFILE);
+ if (HAVE_OPT(X509DSACERTFILE))
+ x509_dsacertfile = OPT_ARG(X509DSACERTFILE);
- if (HAVE_OPT (X509ECCKEYFILE))
- x509_ecckeyfile = OPT_ARG (X509ECCKEYFILE);
- if (HAVE_OPT (X509ECCCERTFILE))
- x509_ecccertfile = OPT_ARG (X509ECCCERTFILE);
+ if (HAVE_OPT(X509ECCKEYFILE))
+ x509_ecckeyfile = OPT_ARG(X509ECCKEYFILE);
+ if (HAVE_OPT(X509ECCCERTFILE))
+ x509_ecccertfile = OPT_ARG(X509ECCCERTFILE);
- if (HAVE_OPT (X509CAFILE))
- x509_cafile = OPT_ARG (X509CAFILE);
- if (HAVE_OPT (X509CRLFILE))
- x509_crlfile = OPT_ARG (X509CRLFILE);
+ if (HAVE_OPT(X509CAFILE))
+ x509_cafile = OPT_ARG(X509CAFILE);
+ if (HAVE_OPT(X509CRLFILE))
+ x509_crlfile = OPT_ARG(X509CRLFILE);
- if (HAVE_OPT (PGPKEYFILE))
- pgp_keyfile = OPT_ARG (PGPKEYFILE);
- if (HAVE_OPT (PGPCERTFILE))
- pgp_certfile = OPT_ARG (PGPCERTFILE);
+ if (HAVE_OPT(PGPKEYFILE))
+ pgp_keyfile = OPT_ARG(PGPKEYFILE);
+ if (HAVE_OPT(PGPCERTFILE))
+ pgp_certfile = OPT_ARG(PGPCERTFILE);
- if (HAVE_OPT (PGPKEYRING))
- pgp_keyring = OPT_ARG (PGPKEYRING);
+ if (HAVE_OPT(PGPKEYRING))
+ pgp_keyring = OPT_ARG(PGPKEYRING);
- if (HAVE_OPT (SRPPASSWD))
- srp_passwd = OPT_ARG (SRPPASSWD);
- if (HAVE_OPT (SRPPASSWDCONF))
- srp_passwd_conf = OPT_ARG (SRPPASSWDCONF);
+ if (HAVE_OPT(SRPPASSWD))
+ srp_passwd = OPT_ARG(SRPPASSWD);
+ if (HAVE_OPT(SRPPASSWDCONF))
+ srp_passwd_conf = OPT_ARG(SRPPASSWDCONF);
- if (HAVE_OPT (PSKPASSWD))
- psk_passwd = OPT_ARG (PSKPASSWD);
+ if (HAVE_OPT(PSKPASSWD))
+ psk_passwd = OPT_ARG(PSKPASSWD);
- if (HAVE_OPT(OCSP_RESPONSE))
- status_response_ocsp = OPT_ARG(OCSP_RESPONSE);
+ if (HAVE_OPT(OCSP_RESPONSE))
+ status_response_ocsp = OPT_ARG(OCSP_RESPONSE);
}
@@ -1706,102 +1718,96 @@ cmd_parser (int argc, char **argv)
#define SESSION_ID_SIZE 32
#define SESSION_DATA_SIZE 1024
-typedef struct
-{
- char session_id[SESSION_ID_SIZE];
- unsigned int session_id_size;
+typedef struct {
+ char session_id[SESSION_ID_SIZE];
+ unsigned int session_id_size;
- char session_data[SESSION_DATA_SIZE];
- unsigned int session_data_size;
+ char session_data[SESSION_DATA_SIZE];
+ unsigned int session_data_size;
} CACHE;
static CACHE *cache_db;
int cache_db_ptr = 0;
-static void
-wrap_db_init (void)
+static void wrap_db_init(void)
{
- /* allocate cache_db */
- cache_db = calloc (1, ssl_session_cache * sizeof (CACHE));
+ /* allocate cache_db */
+ cache_db = calloc(1, ssl_session_cache * sizeof(CACHE));
}
-static void
-wrap_db_deinit (void)
+static void wrap_db_deinit(void)
{
}
static int
-wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data)
+wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data)
{
- if (cache_db == NULL)
- return -1;
+ if (cache_db == NULL)
+ return -1;
- if (key.size > SESSION_ID_SIZE)
- return -1;
- if (data.size > SESSION_DATA_SIZE)
- return -1;
+ if (key.size > SESSION_ID_SIZE)
+ return -1;
+ if (data.size > SESSION_DATA_SIZE)
+ return -1;
- memcpy (cache_db[cache_db_ptr].session_id, key.data, key.size);
- cache_db[cache_db_ptr].session_id_size = key.size;
+ memcpy(cache_db[cache_db_ptr].session_id, key.data, key.size);
+ cache_db[cache_db_ptr].session_id_size = key.size;
- memcpy (cache_db[cache_db_ptr].session_data, data.data, data.size);
- cache_db[cache_db_ptr].session_data_size = data.size;
+ memcpy(cache_db[cache_db_ptr].session_data, data.data, data.size);
+ cache_db[cache_db_ptr].session_data_size = data.size;
- cache_db_ptr++;
- cache_db_ptr %= ssl_session_cache;
+ cache_db_ptr++;
+ cache_db_ptr %= ssl_session_cache;
- return 0;
+ return 0;
}
-static gnutls_datum_t
-wrap_db_fetch (void *dbf, gnutls_datum_t key)
+static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key)
{
- gnutls_datum_t res = { NULL, 0 };
- int i;
+ gnutls_datum_t res = { NULL, 0 };
+ int i;
- if (cache_db == NULL)
- return res;
+ if (cache_db == NULL)
+ return res;
- for (i = 0; i < ssl_session_cache; i++)
- {
- if (key.size == cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
- res.size = cache_db[i].session_data_size;
+ for (i = 0; i < ssl_session_cache; i++) {
+ if (key.size == cache_db[i].session_id_size &&
+ memcmp(key.data, cache_db[i].session_id,
+ key.size) == 0) {
+ res.size = cache_db[i].session_data_size;
- res.data = gnutls_malloc (res.size);
- if (res.data == NULL)
- return res;
+ res.data = gnutls_malloc(res.size);
+ if (res.data == NULL)
+ return res;
- memcpy (res.data, cache_db[i].session_data, res.size);
+ memcpy(res.data, cache_db[i].session_data,
+ res.size);
- return res;
- }
- }
- return res;
+ return res;
+ }
+ }
+ return res;
}
-static int
-wrap_db_delete (void *dbf, gnutls_datum_t key)
+static int wrap_db_delete(void *dbf, gnutls_datum_t key)
{
- int i;
+ int i;
- if (cache_db == NULL)
- return -1;
+ if (cache_db == NULL)
+ return -1;
- for (i = 0; i < ssl_session_cache; i++)
- {
- if (key.size == (unsigned int) cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
+ for (i = 0; i < ssl_session_cache; i++) {
+ if (key.size == (unsigned int) cache_db[i].session_id_size
+ && memcmp(key.data, cache_db[i].session_id,
+ key.size) == 0) {
- cache_db[i].session_id_size = 0;
- cache_db[i].session_data_size = 0;
+ cache_db[i].session_id_size = 0;
+ cache_db[i].session_data_size = 0;
- return 0;
- }
- }
+ return 0;
+ }
+ }
- return -1;
+ return -1;
}
diff --git a/src/socket.c b/src/socket.c
index c8606a0958..79c5eaeb51 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -20,9 +20,9 @@
#include <config.h>
#if HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#include <sys/socket.h>
#elif HAVE_WS2TCPIP_H
-# include <ws2tcpip.h>
+#include <ws2tcpip.h>
#endif
#include <netdb.h>
#include <string.h>
@@ -33,7 +33,7 @@
#include <stdlib.h>
#include <unistd.h>
#ifndef _WIN32
-# include <signal.h>
+#include <signal.h>
#endif
#include <socket.h>
#include "sockets.h"
@@ -45,192 +45,197 @@ extern unsigned int verbose;
*/
ssize_t
-socket_recv (const socket_st * socket, void *buffer, int buffer_size)
+socket_recv(const socket_st * socket, void *buffer, int buffer_size)
{
- int ret;
-
- if (socket->secure)
- {
- do
- {
- ret = gnutls_record_recv (socket->session, buffer, buffer_size);
- if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
- gnutls_heartbeat_pong(socket->session, 0);
- }
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
-
- }
- else
- do
- {
- ret = recv (socket->fd, buffer, buffer_size, 0);
- }
- while (ret == -1 && errno == EINTR);
-
- return ret;
+ int ret;
+
+ if (socket->secure) {
+ do {
+ ret =
+ gnutls_record_recv(socket->session, buffer,
+ buffer_size);
+ if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
+ gnutls_heartbeat_pong(socket->session, 0);
+ }
+ while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+
+ } else
+ do {
+ ret = recv(socket->fd, buffer, buffer_size, 0);
+ }
+ while (ret == -1 && errno == EINTR);
+
+ return ret;
}
ssize_t
-socket_send (const socket_st * socket, const void *buffer, int buffer_size)
+socket_send(const socket_st * socket, const void *buffer, int buffer_size)
{
- return socket_send_range(socket, buffer, buffer_size, NULL);
+ return socket_send_range(socket, buffer, buffer_size, NULL);
}
ssize_t
-socket_send_range (const socket_st * socket, const void *buffer, int buffer_size, gnutls_range_st *range)
+socket_send_range(const socket_st * socket, const void *buffer,
+ int buffer_size, gnutls_range_st * range)
{
- int ret;
-
- if (socket->secure)
- do
- {
- if (range == NULL)
- ret = gnutls_record_send (socket->session, buffer, buffer_size);
- else
- ret = gnutls_record_send_range(socket->session, buffer, buffer_size, range);
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- else
- do
- {
- ret = send (socket->fd, buffer, buffer_size, 0);
- }
- while (ret == -1 && errno == EINTR);
-
- if (ret > 0 && ret != buffer_size && verbose)
- fprintf (stderr,
- "*** Only sent %d bytes instead of %d.\n", ret, buffer_size);
-
- return ret;
+ int ret;
+
+ if (socket->secure)
+ do {
+ if (range == NULL)
+ ret =
+ gnutls_record_send(socket->session,
+ buffer,
+ buffer_size);
+ else
+ ret =
+ gnutls_record_send_range(socket->
+ session,
+ buffer,
+ buffer_size,
+ range);
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+ else
+ do {
+ ret = send(socket->fd, buffer, buffer_size, 0);
+ }
+ while (ret == -1 && errno == EINTR);
+
+ if (ret > 0 && ret != buffer_size && verbose)
+ fprintf(stderr,
+ "*** Only sent %d bytes instead of %d.\n", ret,
+ buffer_size);
+
+ return ret;
}
-void
-socket_bye (socket_st * socket)
+void socket_bye(socket_st * socket)
{
- int ret;
- if (socket->secure)
- {
- do
- ret = gnutls_bye (socket->session, GNUTLS_SHUT_WR);
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
- if (ret < 0)
- fprintf (stderr, "*** gnutls_bye() error: %s\n",
- gnutls_strerror (ret));
- gnutls_deinit (socket->session);
- socket->session = NULL;
- }
-
- freeaddrinfo (socket->addr_info);
- socket->addr_info = socket->ptr = NULL;
-
- free (socket->ip);
- free (socket->hostname);
- free (socket->service);
-
- shutdown (socket->fd, SHUT_RDWR); /* no more receptions */
- close (socket->fd);
-
- socket->fd = -1;
- socket->secure = 0;
+ int ret;
+ if (socket->secure) {
+ do
+ ret = gnutls_bye(socket->session, GNUTLS_SHUT_WR);
+ while (ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_AGAIN);
+ if (ret < 0)
+ fprintf(stderr, "*** gnutls_bye() error: %s\n",
+ gnutls_strerror(ret));
+ gnutls_deinit(socket->session);
+ socket->session = NULL;
+ }
+
+ freeaddrinfo(socket->addr_info);
+ socket->addr_info = socket->ptr = NULL;
+
+ free(socket->ip);
+ free(socket->hostname);
+ free(socket->service);
+
+ shutdown(socket->fd, SHUT_RDWR); /* no more receptions */
+ close(socket->fd);
+
+ socket->fd = -1;
+ socket->secure = 0;
}
void
-socket_open (socket_st * hd, const char *hostname, const char *service, int udp)
+socket_open(socket_st * hd, const char *hostname, const char *service,
+ int udp)
{
- struct addrinfo hints, *res, *ptr;
- int sd, err;
- char buffer[MAX_BUF + 1];
- char portname[16] = { 0 };
-
- printf ("Resolving '%s'...\n", hostname);
- /* get server name */
- memset (&hints, 0, sizeof (hints));
- hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
- if ((err = getaddrinfo (hostname, service, &hints, &res)))
- {
- fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service,
- gai_strerror (err));
- exit (1);
- }
-
- sd = -1;
- for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
- {
- sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
- if (sd == -1)
- continue;
-
- if ((err = getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
- portname, sizeof (portname),
- NI_NUMERICHOST | NI_NUMERICSERV)) != 0)
- {
- fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err));
- continue;
- }
-
- if (hints.ai_socktype == SOCK_DGRAM)
- {
+ struct addrinfo hints, *res, *ptr;
+ int sd, err;
+ char buffer[MAX_BUF + 1];
+ char portname[16] = { 0 };
+
+ printf("Resolving '%s'...\n", hostname);
+ /* get server name */
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
+ if ((err = getaddrinfo(hostname, service, &hints, &res))) {
+ fprintf(stderr, "Cannot resolve %s:%s: %s\n", hostname,
+ service, gai_strerror(err));
+ exit(1);
+ }
+
+ sd = -1;
+ for (ptr = res; ptr != NULL; ptr = ptr->ai_next) {
+ sd = socket(ptr->ai_family, ptr->ai_socktype,
+ ptr->ai_protocol);
+ if (sd == -1)
+ continue;
+
+ if ((err =
+ getnameinfo(ptr->ai_addr, ptr->ai_addrlen, buffer,
+ MAX_BUF, portname, sizeof(portname),
+ NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
+ fprintf(stderr, "getnameinfo(): %s\n",
+ gai_strerror(err));
+ continue;
+ }
+
+ if (hints.ai_socktype == SOCK_DGRAM) {
#if defined(IP_DONTFRAG)
- int yes = 1;
- if (setsockopt (sd, IPPROTO_IP, IP_DONTFRAG,
- (const void *) &yes, sizeof (yes)) < 0)
- perror ("setsockopt(IP_DF) failed");
+ int yes = 1;
+ if (setsockopt(sd, IPPROTO_IP, IP_DONTFRAG,
+ (const void *) &yes,
+ sizeof(yes)) < 0)
+ perror("setsockopt(IP_DF) failed");
#elif defined(IP_MTU_DISCOVER)
- int yes = IP_PMTUDISC_DO;
- if (setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER,
- (const void*) &yes, sizeof (yes)) < 0)
- perror ("setsockopt(IP_DF) failed");
+ int yes = IP_PMTUDISC_DO;
+ if (setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER,
+ (const void *) &yes,
+ sizeof(yes)) < 0)
+ perror("setsockopt(IP_DF) failed");
#endif
- }
-
-
- printf ("Connecting to '%s:%s'...\n", buffer, portname);
-
- err = connect (sd, ptr->ai_addr, ptr->ai_addrlen);
- if (err < 0)
- {
- fprintf (stderr, "Cannot connect to %s:%s: %s\n", buffer,
- portname, strerror (errno));
- continue;
- }
- break;
- }
-
- if (err != 0)
- exit(1);
-
- if (sd == -1)
- {
- fprintf (stderr, "Could not find a supported socket\n");
- exit (1);
- }
-
- hd->secure = 0;
- hd->fd = sd;
- hd->hostname = strdup (hostname);
- hd->ip = strdup (buffer);
- hd->service = strdup (portname);
- hd->ptr = ptr;
- hd->addr_info = res;
-
- return;
+ }
+
+
+ printf("Connecting to '%s:%s'...\n", buffer, portname);
+
+ err = connect(sd, ptr->ai_addr, ptr->ai_addrlen);
+ if (err < 0) {
+ fprintf(stderr, "Cannot connect to %s:%s: %s\n",
+ buffer, portname, strerror(errno));
+ continue;
+ }
+ break;
+ }
+
+ if (err != 0)
+ exit(1);
+
+ if (sd == -1) {
+ fprintf(stderr, "Could not find a supported socket\n");
+ exit(1);
+ }
+
+ hd->secure = 0;
+ hd->fd = sd;
+ hd->hostname = strdup(hostname);
+ hd->ip = strdup(buffer);
+ hd->service = strdup(portname);
+ hd->ptr = ptr;
+ hd->addr_info = res;
+
+ return;
}
-void
-sockets_init (void)
+void sockets_init(void)
{
#ifdef _WIN32
- WORD wVersionRequested;
- WSADATA wsaData;
-
- wVersionRequested = MAKEWORD (1, 1);
- if (WSAStartup (wVersionRequested, &wsaData) != 0)
- {
- perror ("WSA_STARTUP_ERROR");
- }
+ WORD wVersionRequested;
+ WSADATA wsaData;
+
+ wVersionRequested = MAKEWORD(1, 1);
+ if (WSAStartup(wVersionRequested, &wsaData) != 0) {
+ perror("WSA_STARTUP_ERROR");
+ }
#else
- signal (SIGPIPE, SIG_IGN);
+ signal(SIGPIPE, SIG_IGN);
#endif
}
diff --git a/src/socket.h b/src/socket.h
index c503aff705..00ec616378 100644
--- a/src/socket.h
+++ b/src/socket.h
@@ -1,23 +1,24 @@
#include <gnutls/gnutls.h>
-typedef struct
-{
- int fd;
- gnutls_session_t session;
- int secure;
- char *hostname;
- char *ip;
- char *service;
- struct addrinfo *ptr;
- struct addrinfo *addr_info;
+typedef struct {
+ int fd;
+ gnutls_session_t session;
+ int secure;
+ char *hostname;
+ char *ip;
+ char *service;
+ struct addrinfo *ptr;
+ struct addrinfo *addr_info;
} socket_st;
-ssize_t socket_recv (const socket_st * socket, void *buffer, int buffer_size);
-ssize_t socket_send (const socket_st * socket, const void *buffer,
- int buffer_size);
+ssize_t socket_recv(const socket_st * socket, void *buffer,
+ int buffer_size);
+ssize_t socket_send(const socket_st * socket, const void *buffer,
+ int buffer_size);
ssize_t socket_send_range(const socket_st * socket, const void *buffer,
- int buffer_size, gnutls_range_st *range);
-void socket_open (socket_st * hd, const char *hostname, const char *service, int udp);
-void socket_bye (socket_st * socket);
+ int buffer_size, gnutls_range_st * range);
+void socket_open(socket_st * hd, const char *hostname, const char *service,
+ int udp);
+void socket_bye(socket_st * socket);
-void sockets_init (void);
+void sockets_init(void);
diff --git a/src/srptool.c b/src/srptool.c
index 5fcd17eaab..5d60cde0f7 100644
--- a/src/srptool.c
+++ b/src/srptool.c
@@ -24,7 +24,7 @@
#include <string.h>
#include <stdlib.h>
#include <gnutls/gnutls.h>
-#include <gnutls/crypto.h> /* for random */
+#include <gnutls/crypto.h> /* for random */
#include <sys/types.h>
#include <sys/stat.h>
@@ -46,112 +46,94 @@
* are in the library, which is not good.
*/
-int crypt_int (const char *username, const char *passwd, int salt,
- const char *tpasswd_conf, const char *tpasswd, int uindex);
-static int read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n,
- char *str);
-static int _verify_passwd_int (const char *username, const char *passwd,
- char *verifier, const char *salt,
- const gnutls_datum_t * g,
- const gnutls_datum_t * n);
-
-static void
-print_num (const char *msg, const gnutls_datum_t * num)
+int crypt_int(const char *username, const char *passwd, int salt,
+ const char *tpasswd_conf, const char *tpasswd, int uindex);
+static int read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n,
+ char *str);
+static int _verify_passwd_int(const char *username, const char *passwd,
+ char *verifier, const char *salt,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * n);
+
+static void print_num(const char *msg, const gnutls_datum_t * num)
{
- unsigned int i;
+ unsigned int i;
- printf ("%s:\t", msg);
+ printf("%s:\t", msg);
- for (i = 0; i < num->size; i++)
- {
- if (i != 0 && i % 12 == 0)
- printf ("\n\t");
- else if (i != 0 && i != num->size)
- printf (":");
- printf ("%.2x", num->data[i]);
- }
- printf ("\n\n");
+ for (i = 0; i < num->size; i++) {
+ if (i != 0 && i % 12 == 0)
+ printf("\n\t");
+ else if (i != 0 && i != num->size)
+ printf(":");
+ printf("%.2x", num->data[i]);
+ }
+ printf("\n\n");
}
-static int
-generate_create_conf (const char *tpasswd_conf)
+static int generate_create_conf(const char *tpasswd_conf)
{
- FILE *fd;
- char line[5 * 1024];
- int index = 1;
- gnutls_datum_t g, n;
- gnutls_datum_t str_g, str_n;
-
- fd = fopen (tpasswd_conf, "w");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot open file '%s'\n", tpasswd_conf);
- return -1;
- }
-
- for (index = 1; index <= 5; index++)
- {
-
- if (index == 1)
- {
- n = gnutls_srp_1024_group_prime;
- g = gnutls_srp_1024_group_generator;
- }
- else if (index == 2)
- {
- n = gnutls_srp_1536_group_prime;
- g = gnutls_srp_1536_group_generator;
- }
- else if (index == 3)
- {
- n = gnutls_srp_2048_group_prime;
- g = gnutls_srp_2048_group_generator;
- }
- else if (index == 4)
- {
- n = gnutls_srp_3072_group_prime;
- g = gnutls_srp_3072_group_generator;
- }
- else if (index == 5)
- {
- n = gnutls_srp_4096_group_prime;
- g = gnutls_srp_4096_group_generator;
- }
- else
- {
- fprintf(stderr, "Unknown index: %d\n", index);
- return -1;
- }
-
- printf ("\nGroup %d, of %d bits:\n", index, n.size * 8);
- print_num ("Generator", &g);
- print_num ("Prime", &n);
-
- if (gnutls_srp_base64_encode_alloc (&n, &str_n) < 0)
- {
- fprintf (stderr, "Could not encode\n");
- return -1;
- }
-
- if (gnutls_srp_base64_encode_alloc (&g, &str_g) < 0)
- {
- fprintf (stderr, "Could not encode\n");
- return -1;
- }
-
- sprintf (line, "%d:%s:%s\n", index, str_n.data, str_g.data);
-
- gnutls_free (str_n.data);
- gnutls_free (str_g.data);
-
- fwrite (line, 1, strlen (line), fd);
-
- }
-
- fclose (fd);
-
- return 0;
+ FILE *fd;
+ char line[5 * 1024];
+ int index = 1;
+ gnutls_datum_t g, n;
+ gnutls_datum_t str_g, str_n;
+
+ fd = fopen(tpasswd_conf, "w");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot open file '%s'\n", tpasswd_conf);
+ return -1;
+ }
+
+ for (index = 1; index <= 5; index++) {
+
+ if (index == 1) {
+ n = gnutls_srp_1024_group_prime;
+ g = gnutls_srp_1024_group_generator;
+ } else if (index == 2) {
+ n = gnutls_srp_1536_group_prime;
+ g = gnutls_srp_1536_group_generator;
+ } else if (index == 3) {
+ n = gnutls_srp_2048_group_prime;
+ g = gnutls_srp_2048_group_generator;
+ } else if (index == 4) {
+ n = gnutls_srp_3072_group_prime;
+ g = gnutls_srp_3072_group_generator;
+ } else if (index == 5) {
+ n = gnutls_srp_4096_group_prime;
+ g = gnutls_srp_4096_group_generator;
+ } else {
+ fprintf(stderr, "Unknown index: %d\n", index);
+ return -1;
+ }
+
+ printf("\nGroup %d, of %d bits:\n", index, n.size * 8);
+ print_num("Generator", &g);
+ print_num("Prime", &n);
+
+ if (gnutls_srp_base64_encode_alloc(&n, &str_n) < 0) {
+ fprintf(stderr, "Could not encode\n");
+ return -1;
+ }
+
+ if (gnutls_srp_base64_encode_alloc(&g, &str_g) < 0) {
+ fprintf(stderr, "Could not encode\n");
+ return -1;
+ }
+
+ sprintf(line, "%d:%s:%s\n", index, str_n.data, str_g.data);
+
+ gnutls_free(str_n.data);
+ gnutls_free(str_g.data);
+
+ fwrite(line, 1, strlen(line), fd);
+
+ }
+
+ fclose(fd);
+
+ return 0;
}
@@ -161,521 +143,482 @@ generate_create_conf (const char *tpasswd_conf)
* index is the index of the prime-generator pair in tpasswd.conf
*/
static int
-_verify_passwd_int (const char *username, const char *passwd,
- char *verifier, const char *salt,
- const gnutls_datum_t * g, const gnutls_datum_t * n)
+_verify_passwd_int(const char *username, const char *passwd,
+ char *verifier, const char *salt,
+ const gnutls_datum_t * g, const gnutls_datum_t * n)
{
- char _salt[1024];
- gnutls_datum_t tmp, raw_salt, new_verifier;
- size_t salt_size;
- char *pos;
-
- if (salt == NULL || verifier == NULL)
- return -1;
-
- if (strlen(salt) >= sizeof(_salt))
- {
- fprintf (stderr, "Too long salt.\n");
- return -1;
- }
-
- /* copy salt, and null terminate after the ':' */
- strcpy (_salt, salt);
- pos = strchr (_salt, ':');
- if (pos != NULL)
- *pos = 0;
-
- /* convert salt to binary. */
- tmp.data = (void*)_salt;
- tmp.size = strlen (_salt);
-
- if (gnutls_srp_base64_decode_alloc (&tmp, &raw_salt) < 0)
- {
- fprintf (stderr, "Could not decode salt.\n");
- return -1;
- }
-
- if (gnutls_srp_verifier
- (username, passwd, &raw_salt, g, n, &new_verifier) < 0)
- {
- fprintf (stderr, "Could not make the verifier\n");
- return -1;
- }
-
- free (raw_salt.data);
-
- /* encode the verifier into _salt */
- salt_size = sizeof (_salt);
- memset (_salt, 0, salt_size);
- if (gnutls_srp_base64_encode (&new_verifier, _salt, &salt_size) < 0)
- {
- fprintf (stderr, "Encoding error\n");
- return -1;
- }
-
- free (new_verifier.data);
-
- if (strncmp (verifier, _salt, strlen (_salt)) == 0)
- {
- fprintf (stderr, "Password verified\n");
- return 0;
- }
- else
- {
- fprintf (stderr, "Password does NOT match\n");
- }
- return -1;
+ char _salt[1024];
+ gnutls_datum_t tmp, raw_salt, new_verifier;
+ size_t salt_size;
+ char *pos;
+
+ if (salt == NULL || verifier == NULL)
+ return -1;
+
+ if (strlen(salt) >= sizeof(_salt)) {
+ fprintf(stderr, "Too long salt.\n");
+ return -1;
+ }
+
+ /* copy salt, and null terminate after the ':' */
+ strcpy(_salt, salt);
+ pos = strchr(_salt, ':');
+ if (pos != NULL)
+ *pos = 0;
+
+ /* convert salt to binary. */
+ tmp.data = (void *) _salt;
+ tmp.size = strlen(_salt);
+
+ if (gnutls_srp_base64_decode_alloc(&tmp, &raw_salt) < 0) {
+ fprintf(stderr, "Could not decode salt.\n");
+ return -1;
+ }
+
+ if (gnutls_srp_verifier
+ (username, passwd, &raw_salt, g, n, &new_verifier) < 0) {
+ fprintf(stderr, "Could not make the verifier\n");
+ return -1;
+ }
+
+ free(raw_salt.data);
+
+ /* encode the verifier into _salt */
+ salt_size = sizeof(_salt);
+ memset(_salt, 0, salt_size);
+ if (gnutls_srp_base64_encode(&new_verifier, _salt, &salt_size) < 0) {
+ fprintf(stderr, "Encoding error\n");
+ return -1;
+ }
+
+ free(new_verifier.data);
+
+ if (strncmp(verifier, _salt, strlen(_salt)) == 0) {
+ fprintf(stderr, "Password verified\n");
+ return 0;
+ } else {
+ fprintf(stderr, "Password does NOT match\n");
+ }
+ return -1;
}
-static int
-filecopy (const char *src, const char *dst)
+static int filecopy(const char *src, const char *dst)
{
- FILE *fd, *fd2;
- char line[5 * 1024];
- char *p;
-
- fd = fopen (dst, "w");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot open '%s' for write\n", dst);
- return -1;
- }
-
- fd2 = fopen (src, "r");
- if (fd2 == NULL)
- {
- /* empty file */
- fclose (fd);
- return 0;
- }
-
- line[sizeof (line) - 1] = 0;
- do
- {
- p = fgets (line, sizeof (line) - 1, fd2);
- if (p == NULL)
- break;
-
- fputs (line, fd);
- }
- while (1);
-
- fclose (fd);
- fclose (fd2);
-
- return 0;
+ FILE *fd, *fd2;
+ char line[5 * 1024];
+ char *p;
+
+ fd = fopen(dst, "w");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot open '%s' for write\n", dst);
+ return -1;
+ }
+
+ fd2 = fopen(src, "r");
+ if (fd2 == NULL) {
+ /* empty file */
+ fclose(fd);
+ return 0;
+ }
+
+ line[sizeof(line) - 1] = 0;
+ do {
+ p = fgets(line, sizeof(line) - 1, fd2);
+ if (p == NULL)
+ break;
+
+ fputs(line, fd);
+ }
+ while (1);
+
+ fclose(fd);
+ fclose(fd2);
+
+ return 0;
}
/* accepts password file */
-static int
-find_strchr (const char *username, const char *file)
+static int find_strchr(const char *username, const char *file)
{
- FILE *fd;
- char *pos;
- char line[5 * 1024];
- unsigned int i;
-
- fd = fopen (file, "r");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot open file '%s'\n", file);
- return -1;
- }
-
- while (fgets (line, sizeof (line), fd) != NULL)
- {
- /* move to first ':' */
- i = 0;
- while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
- if (strncmp (username, line, MAX (i, strlen (username))) == 0)
- {
- /* find the index */
- pos = strrchr (line, ':');
- pos++;
- fclose (fd);
- return atoi (pos);
- }
- }
-
- fclose (fd);
- return -1;
+ FILE *fd;
+ char *pos;
+ char line[5 * 1024];
+ unsigned int i;
+
+ fd = fopen(file, "r");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot open file '%s'\n", file);
+ return -1;
+ }
+
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0')
+ && (i < sizeof(line))) {
+ i++;
+ }
+ if (strncmp(username, line, MAX(i, strlen(username))) == 0) {
+ /* find the index */
+ pos = strrchr(line, ':');
+ pos++;
+ fclose(fd);
+ return atoi(pos);
+ }
+ }
+
+ fclose(fd);
+ return -1;
}
/* Parses the tpasswd files, in order to verify the given
* username/password pair.
*/
static int
-verify_passwd (const char *conffile, const char *tpasswd,
- const char *username, const char *passwd)
+verify_passwd(const char *conffile, const char *tpasswd,
+ const char *username, const char *passwd)
{
- FILE *fd;
- char line[5 * 1024];
- unsigned int i;
- gnutls_datum_t g, n;
- int iindex;
- char *p, *pos;
-
- iindex = find_strchr (username, tpasswd);
- if (iindex == -1)
- {
- fprintf (stderr, "Cannot find '%s' in %s\n", username, tpasswd);
- return -1;
- }
-
- fd = fopen (conffile, "r");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot find %s\n", conffile);
- return -1;
- }
-
- do
- {
- p = fgets (line, sizeof (line) - 1, fd);
- }
- while (p != NULL && atoi (p) != iindex);
-
- if (p == NULL)
- {
- fprintf (stderr, "Cannot find entry in %s\n", conffile);
- return -1;
- }
- line[sizeof (line) - 1] = 0;
-
- fclose (fd);
-
- if ((iindex = read_conf_values (&g, &n, line)) < 0)
- {
- fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
- return -1;
- }
-
- fd = fopen (tpasswd, "r");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot open file '%s'\n", tpasswd);
- return -1;
- }
-
- while (fgets (line, sizeof (line), fd) != NULL)
- {
- /* move to first ':'
- * This is the actual verifier.
- */
- i = 0;
- while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
- if (strncmp (username, line, MAX (i, strlen (username))) == 0)
- {
- char *verifier_pos, *salt_pos;
-
- pos = strchr (line, ':');
- fclose (fd);
- if (pos == NULL)
- {
- fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
- return -1;
- }
- pos++;
- verifier_pos = pos;
-
- /* Move to the salt */
- pos = strchr (pos, ':');
- if (pos == NULL)
- {
- fprintf (stderr, "Cannot parse conf file '%s'\n", conffile);
- return -1;
- }
- pos++;
- salt_pos = pos;
-
- return _verify_passwd_int (username, passwd,
- verifier_pos, salt_pos, &g, &n);
- }
- }
-
- fclose (fd);
- return -1;
+ FILE *fd;
+ char line[5 * 1024];
+ unsigned int i;
+ gnutls_datum_t g, n;
+ int iindex;
+ char *p, *pos;
+
+ iindex = find_strchr(username, tpasswd);
+ if (iindex == -1) {
+ fprintf(stderr, "Cannot find '%s' in %s\n", username,
+ tpasswd);
+ return -1;
+ }
+
+ fd = fopen(conffile, "r");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot find %s\n", conffile);
+ return -1;
+ }
+
+ do {
+ p = fgets(line, sizeof(line) - 1, fd);
+ }
+ while (p != NULL && atoi(p) != iindex);
+
+ if (p == NULL) {
+ fprintf(stderr, "Cannot find entry in %s\n", conffile);
+ return -1;
+ }
+ line[sizeof(line) - 1] = 0;
+
+ fclose(fd);
+
+ if ((iindex = read_conf_values(&g, &n, line)) < 0) {
+ fprintf(stderr, "Cannot parse conf file '%s'\n", conffile);
+ return -1;
+ }
+
+ fd = fopen(tpasswd, "r");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot open file '%s'\n", tpasswd);
+ return -1;
+ }
+
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ /* move to first ':'
+ * This is the actual verifier.
+ */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0')
+ && (i < sizeof(line))) {
+ i++;
+ }
+ if (strncmp(username, line, MAX(i, strlen(username))) == 0) {
+ char *verifier_pos, *salt_pos;
+
+ pos = strchr(line, ':');
+ fclose(fd);
+ if (pos == NULL) {
+ fprintf(stderr,
+ "Cannot parse conf file '%s'\n",
+ conffile);
+ return -1;
+ }
+ pos++;
+ verifier_pos = pos;
+
+ /* Move to the salt */
+ pos = strchr(pos, ':');
+ if (pos == NULL) {
+ fprintf(stderr,
+ "Cannot parse conf file '%s'\n",
+ conffile);
+ return -1;
+ }
+ pos++;
+ salt_pos = pos;
+
+ return _verify_passwd_int(username, passwd,
+ verifier_pos, salt_pos,
+ &g, &n);
+ }
+ }
+
+ fclose(fd);
+ return -1;
}
#define KPASSWD "/etc/tpasswd"
#define KPASSWD_CONF "/etc/tpasswd.conf"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-int main (int argc, char **argv)
+int main(int argc, char **argv)
{
- const char *passwd;
- int salt_size, ret;
- int optct;
- const char* fpasswd, *fpasswd_conf;
- const char* username;
+ const char *passwd;
+ int salt_size, ret;
+ int optct;
+ const char *fpasswd, *fpasswd_conf;
+ const char *username;
#ifndef _WIN32
- struct passwd *pwd;
+ struct passwd *pwd;
#endif
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret));
- exit (1);
- }
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
- umask (066);
+ umask(066);
- optct = optionProcess( &srptoolOptions, argc, argv);
- argc -= optct;
- argv += optct;
+ optct = optionProcess(&srptoolOptions, argc, argv);
+ argc -= optct;
+ argv += optct;
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (OPT_VALUE_DEBUG);
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(OPT_VALUE_DEBUG);
- if (HAVE_OPT(CREATE_CONF))
- {
- return generate_create_conf (OPT_ARG(CREATE_CONF));
- }
+ if (HAVE_OPT(CREATE_CONF)) {
+ return generate_create_conf(OPT_ARG(CREATE_CONF));
+ }
- if (HAVE_OPT(PASSWD))
- fpasswd = OPT_ARG(PASSWD);
- else
- fpasswd = (char *) KPASSWD;
+ if (HAVE_OPT(PASSWD))
+ fpasswd = OPT_ARG(PASSWD);
+ else
+ fpasswd = (char *) KPASSWD;
- if (HAVE_OPT(PASSWD_CONF))
- fpasswd_conf = OPT_ARG(PASSWD_CONF);
- else
- fpasswd_conf = (char *) KPASSWD_CONF;
+ if (HAVE_OPT(PASSWD_CONF))
+ fpasswd_conf = OPT_ARG(PASSWD_CONF);
+ else
+ fpasswd_conf = (char *) KPASSWD_CONF;
- if (HAVE_OPT(USERNAME))
- username = OPT_ARG(USERNAME);
- else
- {
+ if (HAVE_OPT(USERNAME))
+ username = OPT_ARG(USERNAME);
+ else {
#ifndef _WIN32
- pwd = getpwuid (getuid ());
+ pwd = getpwuid(getuid());
- if (pwd == NULL)
- {
- fprintf (stderr, "No such user\n");
- return -1;
- }
+ if (pwd == NULL) {
+ fprintf(stderr, "No such user\n");
+ return -1;
+ }
- username = pwd->pw_name;
+ username = pwd->pw_name;
#else
- fprintf (stderr, "Please specify a user\n");
- return -1;
+ fprintf(stderr, "Please specify a user\n");
+ return -1;
#endif
- }
+ }
- salt_size = 16;
+ salt_size = 16;
- passwd = getpass ("Enter password: ");
- if (passwd == NULL)
- {
- fprintf (stderr, "Please specify a password\n");
- return -1;
- }
+ passwd = getpass("Enter password: ");
+ if (passwd == NULL) {
+ fprintf(stderr, "Please specify a password\n");
+ return -1;
+ }
/* not ready yet */
- if (HAVE_OPT(VERIFY))
- {
- return verify_passwd (fpasswd_conf, fpasswd,
- username, passwd);
- }
+ if (HAVE_OPT(VERIFY)) {
+ return verify_passwd(fpasswd_conf, fpasswd,
+ username, passwd);
+ }
- return crypt_int (username, passwd, salt_size,
- fpasswd_conf, fpasswd, OPT_VALUE_INDEX);
+ return crypt_int(username, passwd, salt_size,
+ fpasswd_conf, fpasswd, OPT_VALUE_INDEX);
}
-static char *
-_srp_crypt (const char *username, const char *passwd, int salt_size,
- const gnutls_datum_t * g, const gnutls_datum_t * n)
+static char *_srp_crypt(const char *username, const char *passwd,
+ int salt_size, const gnutls_datum_t * g,
+ const gnutls_datum_t * n)
{
- unsigned char salt[128];
- static char result[1024];
- gnutls_datum_t dat_salt, txt_salt;
- gnutls_datum_t verifier, txt_verifier;
-
- if ((unsigned) salt_size > sizeof (salt))
- return NULL;
-
- /* generate the salt
- */
- if (gnutls_rnd (GNUTLS_RND_NONCE, salt, salt_size) < 0)
- {
- fprintf (stderr, "Could not create nonce\n");
- return NULL;
- }
-
- dat_salt.data = salt;
- dat_salt.size = salt_size;
-
- if (gnutls_srp_verifier (username, passwd, &dat_salt, g, n, &verifier) < 0)
- {
- fprintf (stderr, "Error getting verifier\n");
- return NULL;
- }
-
- /* base64 encode the verifier */
- if (gnutls_srp_base64_encode_alloc (&verifier, &txt_verifier) < 0)
- {
- fprintf (stderr, "Error encoding\n");
- free (verifier.data);
- return NULL;
- }
-
- free (verifier.data);
-
- if (gnutls_srp_base64_encode_alloc (&dat_salt, &txt_salt) < 0)
- {
- fprintf (stderr, "Error encoding\n");
- return NULL;
- }
-
- sprintf (result, "%s:%s", txt_verifier.data, txt_salt.data);
- free (txt_salt.data);
- free (txt_verifier.data);
-
- return result;
+ unsigned char salt[128];
+ static char result[1024];
+ gnutls_datum_t dat_salt, txt_salt;
+ gnutls_datum_t verifier, txt_verifier;
+
+ if ((unsigned) salt_size > sizeof(salt))
+ return NULL;
+
+ /* generate the salt
+ */
+ if (gnutls_rnd(GNUTLS_RND_NONCE, salt, salt_size) < 0) {
+ fprintf(stderr, "Could not create nonce\n");
+ return NULL;
+ }
+
+ dat_salt.data = salt;
+ dat_salt.size = salt_size;
+
+ if (gnutls_srp_verifier
+ (username, passwd, &dat_salt, g, n, &verifier) < 0) {
+ fprintf(stderr, "Error getting verifier\n");
+ return NULL;
+ }
+
+ /* base64 encode the verifier */
+ if (gnutls_srp_base64_encode_alloc(&verifier, &txt_verifier) < 0) {
+ fprintf(stderr, "Error encoding\n");
+ free(verifier.data);
+ return NULL;
+ }
+
+ free(verifier.data);
+
+ if (gnutls_srp_base64_encode_alloc(&dat_salt, &txt_salt) < 0) {
+ fprintf(stderr, "Error encoding\n");
+ return NULL;
+ }
+
+ sprintf(result, "%s:%s", txt_verifier.data, txt_salt.data);
+ free(txt_salt.data);
+ free(txt_verifier.data);
+
+ return result;
}
int
-crypt_int (const char *username, const char *passwd, int salt_size,
- const char *tpasswd_conf, const char *tpasswd, int uindex)
+crypt_int(const char *username, const char *passwd, int salt_size,
+ const char *tpasswd_conf, const char *tpasswd, int uindex)
{
- FILE *fd;
- char *cr;
- gnutls_datum_t g, n;
- char line[5 * 1024];
- char *p, *pp;
- int iindex;
- char tmpname[1024];
-
- fd = fopen (tpasswd_conf, "r");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot find %s\n", tpasswd_conf);
- return -1;
- }
-
- do
- { /* find the specified uindex in file */
- p = fgets (line, sizeof (line) - 1, fd);
- }
- while (p != NULL && (iindex = atoi (p)) != uindex);
-
- if (p == NULL)
- {
- fprintf (stderr, "Cannot find entry in %s\n", tpasswd_conf);
- return -1;
- }
- line[sizeof (line) - 1] = 0;
-
- fclose (fd);
- if ((iindex = read_conf_values (&g, &n, line)) < 0)
- {
- fprintf (stderr, "Cannot parse conf file '%s'\n", tpasswd_conf);
- return -1;
- }
-
- cr = _srp_crypt (username, passwd, salt_size, &g, &n);
- if (cr == NULL)
- {
- fprintf (stderr, "Cannot _srp_crypt()...\n");
- return -1;
- }
- else
- {
- /* delete previous entry */
- struct stat st;
- FILE *fd2;
- int put;
-
- if (strlen (tpasswd) + 5 > sizeof (tmpname))
- {
- fprintf (stderr, "file '%s' is tooooo long\n", tpasswd);
- return -1;
- }
-
- snprintf(tmpname, sizeof(tmpname), "%s.tmp", tpasswd);
-
- if (stat (tmpname, &st) != -1)
- {
- fprintf (stderr, "file '%s' is locked\n", tpasswd);
- return -1;
- }
-
- if (filecopy (tpasswd, tmpname) != 0)
- {
- fprintf (stderr, "Cannot copy '%s' to '%s'\n", tpasswd, tmpname);
- return -1;
- }
-
- fd = fopen (tpasswd, "w");
- if (fd == NULL)
- {
- fprintf (stderr, "Cannot open '%s' for write\n", tpasswd);
- remove (tmpname);
- return -1;
- }
-
- fd2 = fopen (tmpname, "r");
- if (fd2 == NULL)
- {
- fprintf (stderr, "Cannot open '%s' for read\n", tmpname);
- remove (tmpname);
- return -1;
- }
-
- put = 0;
- do
- {
- p = fgets (line, sizeof (line) - 1, fd2);
- if (p == NULL)
- break;
-
- pp = strchr (line, ':');
- if (pp == NULL)
- continue;
-
- if (strncmp (p, username,
- MAX (strlen (username), (unsigned int) (pp - p))) == 0)
- {
- put = 1;
- fprintf (fd, "%s:%s:%u\n", username, cr, iindex);
- }
- else
- {
- fputs (line, fd);
- }
- }
- while (1);
-
- if (put == 0)
- {
- fprintf (fd, "%s:%s:%u\n", username, cr, iindex);
- }
-
- fclose (fd);
- fclose (fd2);
-
- remove (tmpname);
-
- }
-
-
- return 0;
+ FILE *fd;
+ char *cr;
+ gnutls_datum_t g, n;
+ char line[5 * 1024];
+ char *p, *pp;
+ int iindex;
+ char tmpname[1024];
+
+ fd = fopen(tpasswd_conf, "r");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot find %s\n", tpasswd_conf);
+ return -1;
+ }
+
+ do { /* find the specified uindex in file */
+ p = fgets(line, sizeof(line) - 1, fd);
+ }
+ while (p != NULL && (iindex = atoi(p)) != uindex);
+
+ if (p == NULL) {
+ fprintf(stderr, "Cannot find entry in %s\n", tpasswd_conf);
+ return -1;
+ }
+ line[sizeof(line) - 1] = 0;
+
+ fclose(fd);
+ if ((iindex = read_conf_values(&g, &n, line)) < 0) {
+ fprintf(stderr, "Cannot parse conf file '%s'\n",
+ tpasswd_conf);
+ return -1;
+ }
+
+ cr = _srp_crypt(username, passwd, salt_size, &g, &n);
+ if (cr == NULL) {
+ fprintf(stderr, "Cannot _srp_crypt()...\n");
+ return -1;
+ } else {
+ /* delete previous entry */
+ struct stat st;
+ FILE *fd2;
+ int put;
+
+ if (strlen(tpasswd) + 5 > sizeof(tmpname)) {
+ fprintf(stderr, "file '%s' is tooooo long\n",
+ tpasswd);
+ return -1;
+ }
+
+ snprintf(tmpname, sizeof(tmpname), "%s.tmp", tpasswd);
+
+ if (stat(tmpname, &st) != -1) {
+ fprintf(stderr, "file '%s' is locked\n", tpasswd);
+ return -1;
+ }
+
+ if (filecopy(tpasswd, tmpname) != 0) {
+ fprintf(stderr, "Cannot copy '%s' to '%s'\n",
+ tpasswd, tmpname);
+ return -1;
+ }
+
+ fd = fopen(tpasswd, "w");
+ if (fd == NULL) {
+ fprintf(stderr, "Cannot open '%s' for write\n",
+ tpasswd);
+ remove(tmpname);
+ return -1;
+ }
+
+ fd2 = fopen(tmpname, "r");
+ if (fd2 == NULL) {
+ fprintf(stderr, "Cannot open '%s' for read\n",
+ tmpname);
+ remove(tmpname);
+ return -1;
+ }
+
+ put = 0;
+ do {
+ p = fgets(line, sizeof(line) - 1, fd2);
+ if (p == NULL)
+ break;
+
+ pp = strchr(line, ':');
+ if (pp == NULL)
+ continue;
+
+ if (strncmp(p, username,
+ MAX(strlen(username),
+ (unsigned int) (pp - p))) == 0) {
+ put = 1;
+ fprintf(fd, "%s:%s:%u\n", username, cr,
+ iindex);
+ } else {
+ fputs(line, fd);
+ }
+ }
+ while (1);
+
+ if (put == 0) {
+ fprintf(fd, "%s:%s:%u\n", username, cr, iindex);
+ }
+
+ fclose(fd);
+ fclose(fd2);
+
+ remove(tmpname);
+
+ }
+
+
+ return 0;
}
@@ -684,61 +627,56 @@ crypt_int (const char *username, const char *passwd, int salt_size,
* int(index):base64(n):base64(g)
*/
static int
-read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, char *str)
+read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n, char *str)
{
- char *p;
- int len;
- int index, ret;
- gnutls_datum_t dat;
-
- index = atoi (str);
-
- p = strrchr (str, ':'); /* we have g */
- if (p == NULL)
- {
- return -1;
- }
-
- *p = '\0';
- p++;
-
- /* read the generator */
- len = strlen (p);
- if (p[len - 1] == '\n')
- len--;
-
- dat.data = (void*)p;
- dat.size = len;
- ret = gnutls_srp_base64_decode_alloc (&dat, g);
-
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error\n");
- return -1;
- }
-
- /* now go for n - modulo */
- p = strrchr (str, ':'); /* we have n */
- if (p == NULL)
- {
- return -1;
- }
-
- *p = '\0';
- p++;
-
- dat.data = (void*)p;
- dat.size = strlen (p);
-
- ret = gnutls_srp_base64_decode_alloc (&dat, n);
-
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error\n");
- free (g->data);
- return -1;
- }
-
- return index;
-}
+ char *p;
+ int len;
+ int index, ret;
+ gnutls_datum_t dat;
+
+ index = atoi(str);
+
+ p = strrchr(str, ':'); /* we have g */
+ if (p == NULL) {
+ return -1;
+ }
+
+ *p = '\0';
+ p++;
+
+ /* read the generator */
+ len = strlen(p);
+ if (p[len - 1] == '\n')
+ len--;
+ dat.data = (void *) p;
+ dat.size = len;
+ ret = gnutls_srp_base64_decode_alloc(&dat, g);
+
+ if (ret < 0) {
+ fprintf(stderr, "Decoding error\n");
+ return -1;
+ }
+
+ /* now go for n - modulo */
+ p = strrchr(str, ':'); /* we have n */
+ if (p == NULL) {
+ return -1;
+ }
+
+ *p = '\0';
+ p++;
+
+ dat.data = (void *) p;
+ dat.size = strlen(p);
+
+ ret = gnutls_srp_base64_decode_alloc(&dat, n);
+
+ if (ret < 0) {
+ fprintf(stderr, "Decoding error\n");
+ free(g->data);
+ return -1;
+ }
+
+ return index;
+}
diff --git a/src/tests.c b/src/tests.c
index 4aeaa0f3ed..6f8ccdd427 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -53,57 +53,53 @@ static size_t session_data_size = 0, session_id_size = 0;
static int sfree = 0;
static int handshake_output = 0;
-static int
-do_handshake (gnutls_session_t session)
+static int do_handshake(gnutls_session_t session)
{
- int ret, alert;
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- handshake_output = ret;
-
- if (ret < 0 && verbose > 1)
- {
- if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- {
- alert = gnutls_alert_get (session);
- printf ("\n");
- printf ("*** Received alert [%d]: %s\n",
- alert, gnutls_alert_get_name (alert));
- }
- }
-
- if (ret < 0)
- return TEST_FAILED;
-
- gnutls_session_get_data (session, NULL, &session_data_size);
-
- if (sfree != 0)
- {
- free (session_data);
- sfree = 0;
- }
- session_data = malloc (session_data_size);
- sfree = 1;
- if (session_data == NULL)
- {
- fprintf (stderr, "Memory error\n");
- exit (1);
- }
- gnutls_session_get_data (session, session_data, &session_data_size);
-
- session_id_size = sizeof (session_id);
- gnutls_session_get_id (session, session_id, &session_id_size);
-
- return TEST_SUCCEED;
+ int ret, alert;
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ handshake_output = ret;
+
+ if (ret < 0 && verbose > 1) {
+ if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+ alert = gnutls_alert_get(session);
+ printf("\n");
+ printf("*** Received alert [%d]: %s\n",
+ alert, gnutls_alert_get_name(alert));
+ }
+ }
+
+ if (ret < 0)
+ return TEST_FAILED;
+
+ gnutls_session_get_data(session, NULL, &session_data_size);
+
+ if (sfree != 0) {
+ free(session_data);
+ sfree = 0;
+ }
+ session_data = malloc(session_data_size);
+ sfree = 1;
+ if (session_data == NULL) {
+ fprintf(stderr, "Memory error\n");
+ exit(1);
+ }
+ gnutls_session_get_data(session, session_data, &session_data_size);
+
+ session_id_size = sizeof(session_id);
+ gnutls_session_get_id(session, session_id, &session_id_size);
+
+ return TEST_SUCCEED;
}
-char protocol_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
-char protocol_all_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
+char protocol_str[] =
+ "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
+char protocol_all_str[] =
+ "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
char prio_str[512] = "";
#define ALL_CIPHERS "+3DES-CBC:+ARCFOUR-128:+ARCFOUR-40"
@@ -116,1019 +112,978 @@ char prio_str[512] = "";
char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+CURVE-ALL";
static inline void
-_gnutls_priority_set_direct (gnutls_session_t session, const char *str)
+_gnutls_priority_set_direct(gnutls_session_t session, const char *str)
{
- const char *err;
- int ret = gnutls_priority_set_direct (session, str, &err);
-
- if (ret < 0)
- {
- fprintf (stderr, "Error with string %s\n", str);
- fprintf (stderr, "Error at %s: %s\n", err, gnutls_strerror (ret));
- exit (1);
- }
+ const char *err;
+ int ret = gnutls_priority_set_direct(session, str, &err);
+
+ if (ret < 0) {
+ fprintf(stderr, "Error with string %s\n", str);
+ fprintf(stderr, "Error at %s: %s\n", err,
+ gnutls_strerror(ret));
+ exit(1);
+ }
}
-test_code_t
-test_server (gnutls_session_t session)
+test_code_t test_server(gnutls_session_t session)
{
- int ret, i = 0;
- char buf[5 * 1024];
- char *p;
- const char snd_buf[] = "GET / HTTP/1.0\n\n";
-
- if (verbose == 0)
- return TEST_UNSURE;
-
- buf[sizeof (buf) - 1] = 0;
-
- sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
- ALL_KX ":" "%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret != TEST_SUCCEED)
- return TEST_FAILED;
-
- gnutls_record_send (session, snd_buf, sizeof (snd_buf) - 1);
- ret = gnutls_record_recv (session, buf, sizeof (buf) - 1);
- if (ret < 0)
- return TEST_FAILED;
-
- p = strstr (buf, "Server:");
- if (p != NULL)
- p = strchr (p, ':');
- if (p != NULL)
- {
- p++;
- while (*p != 0 && *p != '\r' && *p != '\n')
- {
- putc (*p, stdout);
- p++;
- i++;
- if (i > 128)
- break;
- }
- }
-
- return TEST_SUCCEED;
+ int ret, i = 0;
+ char buf[5 * 1024];
+ char *p;
+ const char snd_buf[] = "GET / HTTP/1.0\n\n";
+
+ if (verbose == 0)
+ return TEST_UNSURE;
+
+ buf[sizeof(buf) - 1] = 0;
+
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":" "%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake(session);
+ if (ret != TEST_SUCCEED)
+ return TEST_FAILED;
+
+ gnutls_record_send(session, snd_buf, sizeof(snd_buf) - 1);
+ ret = gnutls_record_recv(session, buf, sizeof(buf) - 1);
+ if (ret < 0)
+ return TEST_FAILED;
+
+ p = strstr(buf, "Server:");
+ if (p != NULL)
+ p = strchr(p, ':');
+ if (p != NULL) {
+ p++;
+ while (*p != 0 && *p != '\r' && *p != '\n') {
+ putc(*p, stdout);
+ p++;
+ i++;
+ if (i > 128)
+ break;
+ }
+ }
+
+ return TEST_SUCCEED;
}
static gnutls_datum_t pubkey = { NULL, 0 };
+
static gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
-test_code_t
-test_dhe (gnutls_session_t session)
+test_code_t test_dhe(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
+ ret = do_handshake(session);
- gnutls_dh_get_pubkey (session, &pubkey);
+ gnutls_dh_get_pubkey(session, &pubkey);
- return ret;
+ return ret;
}
-test_code_t test_ecdhe (gnutls_session_t session)
+test_code_t test_ecdhe(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str,
+ rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
+ ret = do_handshake(session);
- curve = gnutls_ecc_curve_get(session);
+ curve = gnutls_ecc_curve_get(session);
- return ret;
+ return ret;
}
-test_code_t
-test_safe_renegotiation (gnutls_session_t session)
+test_code_t test_safe_renegotiation(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
- ALL_KX ":%%SAFE_RENEGOTIATION", protocol_str);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%%SAFE_RENEGOTIATION", protocol_str);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
+ ret = do_handshake(session);
- return ret;
+ return ret;
}
-test_code_t
-test_safe_renegotiation_scsv (gnutls_session_t session)
+test_code_t test_safe_renegotiation_scsv(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
- ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION");
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
+ ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION");
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
+ ret = do_handshake(session);
- return ret;
+ return ret;
}
-test_code_t
-test_dhe_group (gnutls_session_t session)
+test_code_t test_dhe_group(gnutls_session_t session)
{
- int ret, ret2;
- gnutls_datum_t gen, prime, pubkey2;
- const char *print;
-
- if (verbose == 0 || pubkey.data == NULL)
- return TEST_IGNORE;
-
- sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
-
- ret2 = gnutls_dh_get_group (session, &gen, &prime);
- if (ret2 >= 0)
- {
- printf ("\n");
-
- print = raw_to_string (gen.data, gen.size);
- if (print)
- printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
-
- print = raw_to_string (prime.data, prime.size);
- if (print)
- printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
-
- gnutls_dh_get_pubkey (session, &pubkey2);
- print = raw_to_string (pubkey2.data, pubkey2.size);
- if (print)
- printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
-
- if (pubkey2.data && pubkey2.size == pubkey.size &&
- memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
- {
- printf (" (public key seems to be static among sessions)\n");
- }
- }
- return ret;
+ int ret, ret2;
+ gnutls_datum_t gen, prime, pubkey2;
+ const char *print;
+
+ if (verbose == 0 || pubkey.data == NULL)
+ return TEST_IGNORE;
+
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake(session);
+
+ ret2 = gnutls_dh_get_group(session, &gen, &prime);
+ if (ret2 >= 0) {
+ printf("\n");
+
+ print = raw_to_string(gen.data, gen.size);
+ if (print)
+ printf(" Generator [%d bits]: %s\n", gen.size * 8,
+ print);
+
+ print = raw_to_string(prime.data, prime.size);
+ if (print)
+ printf(" Prime [%d bits]: %s\n", prime.size * 8,
+ print);
+
+ gnutls_dh_get_pubkey(session, &pubkey2);
+ print = raw_to_string(pubkey2.data, pubkey2.size);
+ if (print)
+ printf(" Pubkey [%d bits]: %s\n", pubkey2.size * 8,
+ print);
+
+ if (pubkey2.data && pubkey2.size == pubkey.size &&
+ memcmp(pubkey.data, pubkey2.data, pubkey.size) == 0) {
+ printf
+ (" (public key seems to be static among sessions)\n");
+ }
+ }
+ return ret;
}
-test_code_t
-test_ecdhe_curve (gnutls_session_t session)
+test_code_t test_ecdhe_curve(gnutls_session_t session)
{
- if (curve == GNUTLS_ECC_CURVE_INVALID)
- return TEST_IGNORE;
+ if (curve == GNUTLS_ECC_CURVE_INVALID)
+ return TEST_IGNORE;
- printf ("\n Curve %s", gnutls_ecc_curve_get_name(curve));
+ printf("\n Curve %s", gnutls_ecc_curve_get_name(curve));
- return TEST_SUCCEED;
+ return TEST_SUCCEED;
}
-test_code_t
-test_ssl3 (gnutls_session_t session)
+test_code_t test_ssl3(gnutls_session_t session)
{
- int ret;
- sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
- ALL_MACS ":" ALL_KX ":%s", rest);
- _gnutls_priority_set_direct (session, prio_str);
+ int ret;
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
+ ALL_MACS ":" ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret == TEST_SUCCEED)
- ssl3_ok = 1;
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED)
+ ssl3_ok = 1;
- return ret;
+ return ret;
}
static int alrm = 0;
-static void
-got_alarm (int k)
+static void got_alarm(int k)
{
- alrm = 1;
+ alrm = 1;
}
-test_code_t
-test_bye (gnutls_session_t session)
+test_code_t test_bye(gnutls_session_t session)
{
- int ret;
- char data[20];
- int secs = 6;
+ int ret;
+ char data[20];
+ int secs = 6;
#ifndef _WIN32
- int old;
+ int old;
- signal (SIGALRM, got_alarm);
+ signal(SIGALRM, got_alarm);
#endif
- sprintf (prio_str, INIT_STR
- ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
- ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED)
+ return ret;
- ret = gnutls_bye (session, GNUTLS_SHUT_WR);
- if (ret < 0)
- return TEST_FAILED;
+ ret = gnutls_bye(session, GNUTLS_SHUT_WR);
+ if (ret < 0)
+ return TEST_FAILED;
#ifndef _WIN32
- old = siginterrupt (SIGALRM, 1);
- alarm (secs);
+ old = siginterrupt(SIGALRM, 1);
+ alarm(secs);
#else
- setsockopt ((int) gnutls_transport_get_ptr (session), SOL_SOCKET,
- SO_RCVTIMEO, (char *) &secs, sizeof (int));
+ setsockopt((int) gnutls_transport_get_ptr(session), SOL_SOCKET,
+ SO_RCVTIMEO, (char *) &secs, sizeof(int));
#endif
- do
- {
- ret = gnutls_record_recv (session, data, sizeof (data));
- }
- while (ret > 0);
+ do {
+ ret = gnutls_record_recv(session, data, sizeof(data));
+ }
+ while (ret > 0);
#ifndef _WIN32
- siginterrupt (SIGALRM, old);
+ siginterrupt(SIGALRM, old);
#else
- if (WSAGetLastError () == WSAETIMEDOUT ||
- WSAGetLastError () == WSAECONNABORTED)
- alrm = 1;
+ if (WSAGetLastError() == WSAETIMEDOUT ||
+ WSAGetLastError() == WSAECONNABORTED)
+ alrm = 1;
#endif
- if (ret == 0)
- return TEST_SUCCEED;
+ if (ret == 0)
+ return TEST_SUCCEED;
- if (alrm == 0)
- return TEST_UNSURE;
+ if (alrm == 0)
+ return TEST_UNSURE;
- return TEST_FAILED;
+ return TEST_FAILED;
}
-test_code_t
-test_aes (gnutls_session_t session)
+test_code_t test_aes(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str, INIT_STR
- "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str, INIT_STR
+ "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-test_code_t test_aes_gcm (gnutls_session_t session)
+test_code_t test_aes_gcm(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str, INIT_STR
- "+AES-128-GCM:+AES-256-GCM:+AEAD:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_all_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str, INIT_STR
+ "+AES-128-GCM:+AES-256-GCM:+AEAD:" ALL_COMP ":"
+ ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s",
+ protocol_all_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-test_code_t
-test_camellia (gnutls_session_t session)
+test_code_t test_camellia(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
- ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES
+ ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-test_code_t
-test_openpgp1 (gnutls_session_t session)
+test_code_t test_openpgp1(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED)
+ return ret;
- if (gnutls_certificate_type_get (session) == GNUTLS_CRT_OPENPGP)
- return TEST_SUCCEED;
+ if (gnutls_certificate_type_get(session) == GNUTLS_CRT_OPENPGP)
+ return TEST_SUCCEED;
- return TEST_FAILED;
+ return TEST_FAILED;
}
-test_code_t
-test_unknown_ciphersuites (gnutls_session_t session)
+test_code_t test_unknown_ciphersuites(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":"
+ ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s",
+ protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-test_code_t
-test_md5 (gnutls_session_t session)
+test_code_t test_md5(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:+MD5:" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":"
+ ALL_CERTTYPES ":%s:+MD5:" ALL_KX ":%s", protocol_str,
+ rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
#ifdef HAVE_LIBZ
-test_code_t
-test_zlib (gnutls_session_t session)
+test_code_t test_zlib(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":+COMP-DEFLATE:" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":+COMP-DEFLATE:" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
#endif
-test_code_t
-test_sha (gnutls_session_t session)
+test_code_t test_sha(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:+SHA1:" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ sprintf(prio_str,
+ INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":"
+ ALL_CERTTYPES ":%s:+SHA1:" ALL_KX ":%s", protocol_str,
+ rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-test_code_t
-test_sha256 (gnutls_session_t session)
+test_code_t test_sha256(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:+SHA256:" ALL_KX ":%s", protocol_all_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ sprintf(prio_str,
+ INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":"
+ ALL_CERTTYPES ":%s:+SHA256:" ALL_KX ":%s",
+ protocol_all_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-test_code_t
-test_3des (gnutls_session_t session)
+test_code_t test_3des(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ sprintf(prio_str,
+ INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-test_code_t
-test_arcfour (gnutls_session_t session)
+test_code_t test_arcfour(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ sprintf(prio_str,
+ INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-test_code_t
-test_tls1 (gnutls_session_t session)
+test_code_t test_tls1(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret == TEST_SUCCEED)
- tls1_ok = 1;
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED)
+ tls1_ok = 1;
- return ret;
+ return ret;
}
-test_code_t
-test_record_padding (gnutls_session_t session)
+test_code_t test_record_padding(gnutls_session_t session)
{
- int ret;
-
- sprintf (prio_str,
- INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
- _gnutls_priority_set_direct (session, prio_str);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret == TEST_SUCCEED)
- {
- tls1_ok = 1;
- }
- else
- {
- strcat (rest, ":%COMPAT");
- }
-
- return ret;
+ int ret;
+
+ sprintf(prio_str,
+ INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED) {
+ tls1_ok = 1;
+ } else {
+ strcat(rest, ":%COMPAT");
+ }
+
+ return ret;
}
-test_code_t
-test_tls1_2 (gnutls_session_t session)
+test_code_t test_tls1_2(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret == TEST_SUCCEED)
- tls1_2_ok = 1;
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED)
+ tls1_2_ok = 1;
- return ret;
+ return ret;
}
-test_code_t
-test_tls1_1 (gnutls_session_t session)
+test_code_t test_tls1_1(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret == TEST_SUCCEED)
- tls1_1_ok = 1;
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED)
+ tls1_1_ok = 1;
- return ret;
+ return ret;
}
-test_code_t
-test_tls1_1_fallback (gnutls_session_t session)
+test_code_t test_tls1_1_fallback(gnutls_session_t session)
{
- int ret;
- if (tls1_1_ok)
- return TEST_IGNORE;
+ int ret;
+ if (tls1_1_ok)
+ return TEST_IGNORE;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX
- ":%s", rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":"
+ ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret != TEST_SUCCEED)
- return TEST_FAILED;
+ ret = do_handshake(session);
+ if (ret != TEST_SUCCEED)
+ return TEST_FAILED;
- if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
- return TEST_SUCCEED;
- else if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
- return TEST_UNSURE;
+ if (gnutls_protocol_get_version(session) == GNUTLS_TLS1)
+ return TEST_SUCCEED;
+ else if (gnutls_protocol_get_version(session) == GNUTLS_SSL3)
+ return TEST_UNSURE;
- return TEST_FAILED;
+ return TEST_FAILED;
}
/* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
* but the previous SSL 3.0 test succeeded then disable TLS 1.0.
*/
-test_code_t
-test_tls_disable0 (gnutls_session_t session)
+test_code_t test_tls_disable0(gnutls_session_t session)
{
- int ret;
- if (tls1_ok != 0)
- return TEST_IGNORE;
-
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- {
- /* disable TLS 1.0 */
- if (ssl3_ok != 0)
- {
- strcpy (protocol_str, "+VERS-SSL3.0");
- }
- }
- return ret;
+ int ret;
+ if (tls1_ok != 0)
+ return TEST_IGNORE;
+
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED) {
+ /* disable TLS 1.0 */
+ if (ssl3_ok != 0) {
+ strcpy(protocol_str, "+VERS-SSL3.0");
+ }
+ }
+ return ret;
}
-test_code_t
-test_tls_disable1 (gnutls_session_t session)
+test_code_t test_tls_disable1(gnutls_session_t session)
{
- int ret;
-
- if (tls1_1_ok != 0)
- return TEST_IGNORE;
-
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- {
- protocol_str[0] = 0;
- /* disable TLS 1.1 */
- if (tls1_ok != 0)
- {
- strcat (protocol_str, "+VERS-TLS1.0");
- }
- if (ssl3_ok != 0)
- {
- if (protocol_str[0] != 0)
- strcat (protocol_str, ":+VERS-SSL3.0");
- else
- strcat (protocol_str, "+VERS-SSL3.0");
- }
- }
- return ret;
+ int ret;
+
+ if (tls1_1_ok != 0)
+ return TEST_IGNORE;
+
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED) {
+ protocol_str[0] = 0;
+ /* disable TLS 1.1 */
+ if (tls1_ok != 0) {
+ strcat(protocol_str, "+VERS-TLS1.0");
+ }
+ if (ssl3_ok != 0) {
+ if (protocol_str[0] != 0)
+ strcat(protocol_str, ":+VERS-SSL3.0");
+ else
+ strcat(protocol_str, "+VERS-SSL3.0");
+ }
+ }
+ return ret;
}
-test_code_t
-test_tls_disable2 (gnutls_session_t session)
+test_code_t test_tls_disable2(gnutls_session_t session)
{
- int ret;
-
- if (tls1_2_ok != 0)
- return TEST_IGNORE;
-
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- {
- /* disable TLS 1.2 */
- protocol_str[0] = 0;
- if (tls1_1_ok != 0)
- {
- strcat (protocol_str, "+VERS-TLS1.1");
- }
- if (tls1_ok != 0)
- {
- if (protocol_str[0] != 0)
- strcat (protocol_str, ":+VERS-TLS1.0");
- else
- strcat (protocol_str, "+VERS-TLS1.0");
- }
- if (ssl3_ok != 0)
- {
- if (protocol_str[0] != 0)
- strcat (protocol_str, ":+VERS-SSL3.0");
- else
- strcat (protocol_str, "+VERS-SSL3.0");
- }
- }
- return ret;
+ int ret;
+
+ if (tls1_2_ok != 0)
+ return TEST_IGNORE;
+
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED) {
+ /* disable TLS 1.2 */
+ protocol_str[0] = 0;
+ if (tls1_1_ok != 0) {
+ strcat(protocol_str, "+VERS-TLS1.1");
+ }
+ if (tls1_ok != 0) {
+ if (protocol_str[0] != 0)
+ strcat(protocol_str, ":+VERS-TLS1.0");
+ else
+ strcat(protocol_str, "+VERS-TLS1.0");
+ }
+ if (ssl3_ok != 0) {
+ if (protocol_str[0] != 0)
+ strcat(protocol_str, ":+VERS-SSL3.0");
+ else
+ strcat(protocol_str, "+VERS-SSL3.0");
+ }
+ }
+ return ret;
}
-test_code_t
-test_rsa_pms (gnutls_session_t session)
+test_code_t test_rsa_pms(gnutls_session_t session)
{
- int ret;
-
- /* here we enable both SSL 3.0 and TLS 1.0
- * and try to connect and use rsa authentication.
- * If the server is old, buggy and only supports
- * SSL 3.0 then the handshake will fail.
- */
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+RSA:%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return TEST_FAILED;
-
- if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
- return TEST_SUCCEED;
- return TEST_UNSURE;
+ int ret;
+
+ /* here we enable both SSL 3.0 and TLS 1.0
+ * and try to connect and use rsa authentication.
+ * If the server is old, buggy and only supports
+ * SSL 3.0 then the handshake will fail.
+ */
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":+RSA:%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ if (gnutls_protocol_get_version(session) == GNUTLS_TLS1)
+ return TEST_SUCCEED;
+ return TEST_UNSURE;
}
-test_code_t
-test_max_record_size (gnutls_session_t session)
+test_code_t test_max_record_size(gnutls_session_t session)
{
- int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_record_set_max_size (session, 512);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
-
- ret = gnutls_record_get_max_size (session);
- if (ret == 512)
- return TEST_SUCCEED;
-
- return TEST_FAILED;
+ int ret;
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_record_set_max_size(session, 512);
+
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED)
+ return ret;
+
+ ret = gnutls_record_get_max_size(session);
+ if (ret == 512)
+ return TEST_SUCCEED;
+
+ return TEST_FAILED;
}
-test_code_t
-test_hello_extension (gnutls_session_t session)
+test_code_t test_hello_extension(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_record_set_max_size (session, 4096);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_record_set_max_size(session, 4096);
- ret = do_handshake (session);
+ ret = do_handshake(session);
- return ret;
+ return ret;
}
-test_code_t
-test_heartbeat_extension (gnutls_session_t session)
+test_code_t test_heartbeat_extension(gnutls_session_t session)
{
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_record_set_max_size (session, 4096);
-
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
- do_handshake (session);
-
- switch (gnutls_heartbeat_allowed (session, 1)) {
- case 1: return TEST_SUCCEED;
- case 0: return TEST_FAILED;
- default: return TEST_UNSURE;
- }
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_record_set_max_size(session, 4096);
+
+ gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ do_handshake(session);
+
+ switch (gnutls_heartbeat_allowed(session, 1)) {
+ case 1:
+ return TEST_SUCCEED;
+ case 0:
+ return TEST_FAILED;
+ default:
+ return TEST_UNSURE;
+ }
}
-test_code_t
-test_small_records (gnutls_session_t session)
+test_code_t test_small_records(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_record_set_max_size (session, 512);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_record_set_max_size(session, 512);
- ret = do_handshake (session);
- return ret;
+ ret = do_handshake(session);
+ return ret;
}
-void _gnutls_record_set_default_version (gnutls_session_t session,
- unsigned char major,
- unsigned char minor);
+void _gnutls_record_set_default_version(gnutls_session_t session,
+ unsigned char major,
+ unsigned char minor);
-test_code_t
-test_version_rollback (gnutls_session_t session)
+test_code_t test_version_rollback(gnutls_session_t session)
{
- int ret;
- if (tls1_ok == 0)
- return TEST_IGNORE;
-
- /* here we enable both SSL 3.0 and TLS 1.0
- * and we connect using a 3.1 client hello version,
- * and a 3.0 record version. Some implementations
- * are buggy (and vulnerable to man in the middle
- * attacks which allow a version downgrade) and this
- * connection will fail.
- */
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- _gnutls_record_set_default_version (session, 3, 0);
-
- ret = do_handshake (session);
- if (ret != TEST_SUCCEED)
- return ret;
-
- if (tls1_ok != 0 && gnutls_protocol_get_version (session) == GNUTLS_SSL3)
- return TEST_FAILED;
-
- return TEST_SUCCEED;
+ int ret;
+ if (tls1_ok == 0)
+ return TEST_IGNORE;
+
+ /* here we enable both SSL 3.0 and TLS 1.0
+ * and we connect using a 3.1 client hello version,
+ * and a 3.0 record version. Some implementations
+ * are buggy (and vulnerable to man in the middle
+ * attacks which allow a version downgrade) and this
+ * connection will fail.
+ */
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ _gnutls_record_set_default_version(session, 3, 0);
+
+ ret = do_handshake(session);
+ if (ret != TEST_SUCCEED)
+ return ret;
+
+ if (tls1_ok != 0
+ && gnutls_protocol_get_version(session) == GNUTLS_SSL3)
+ return TEST_FAILED;
+
+ return TEST_SUCCEED;
}
/* See if the server tolerates out of bounds
* record layer versions in the first client hello
* message.
*/
-test_code_t
-test_version_oob (gnutls_session_t session)
+test_code_t test_version_oob(gnutls_session_t session)
{
- int ret;
- /* here we enable both SSL 3.0 and TLS 1.0
- * and we connect using a 5.5 record version.
- */
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- _gnutls_record_set_default_version (session, 5, 5);
-
- ret = do_handshake (session);
- return ret;
+ int ret;
+ /* here we enable both SSL 3.0 and TLS 1.0
+ * and we connect using a 5.5 record version.
+ */
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ _gnutls_record_set_default_version(session, 5, 5);
+
+ ret = do_handshake(session);
+ return ret;
}
-void _gnutls_rsa_pms_set_version (gnutls_session_t session,
- unsigned char major, unsigned char minor);
+void _gnutls_rsa_pms_set_version(gnutls_session_t session,
+ unsigned char major, unsigned char minor);
-test_code_t
-test_rsa_pms_version_check (gnutls_session_t session)
+test_code_t test_rsa_pms_version_check(gnutls_session_t session)
{
- int ret;
- /* here we use an arbitary version in the RSA PMS
- * to see whether to server will check this version.
- *
- * A normal server would abort this handshake.
- */
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
-
- ret = do_handshake (session);
- return ret;
+ int ret;
+ /* here we use an arbitary version in the RSA PMS
+ * to see whether to server will check this version.
+ *
+ * A normal server would abort this handshake.
+ */
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ _gnutls_rsa_pms_set_version(session, 5, 5); /* use SSL 5.5 version */
+
+ ret = do_handshake(session);
+ return ret;
}
#ifdef ENABLE_ANON
-test_code_t
-test_anonymous (gnutls_session_t session)
+test_code_t test_anonymous(gnutls_session_t session)
{
- int ret;
+ int ret;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+ANON-DH:+ANON-ECDH:+CURVE-ALL:%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":+ANON-DH:+ANON-ECDH:+CURVE-ALL:%s",
+ protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
- ret = do_handshake (session);
+ ret = do_handshake(session);
- if (ret == TEST_SUCCEED)
- gnutls_dh_get_pubkey (session, &pubkey);
+ if (ret == TEST_SUCCEED)
+ gnutls_dh_get_pubkey(session, &pubkey);
- return ret;
+ return ret;
}
#endif
-test_code_t
-test_session_resume2 (gnutls_session_t session)
+test_code_t test_session_resume2(gnutls_session_t session)
{
- int ret;
- char tmp_session_id[32];
- size_t tmp_session_id_size;
+ int ret;
+ char tmp_session_id[32];
+ size_t tmp_session_id_size;
- if (session == NULL)
- return TEST_IGNORE;
+ if (session == NULL)
+ return TEST_IGNORE;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
- gnutls_session_set_data (session, session_data, session_data_size);
+ gnutls_session_set_data(session, session_data, session_data_size);
- memcpy (tmp_session_id, session_id, session_id_size);
- tmp_session_id_size = session_id_size;
+ memcpy(tmp_session_id, session_id, session_id_size);
+ tmp_session_id_size = session_id_size;
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED)
+ return ret;
- /* check if we actually resumed the previous session */
+ /* check if we actually resumed the previous session */
- session_id_size = sizeof (session_id);
- gnutls_session_get_id (session, session_id, &session_id_size);
+ session_id_size = sizeof(session_id);
+ gnutls_session_get_id(session, session_id, &session_id_size);
- if (session_id_size == 0)
- return TEST_FAILED;
+ if (session_id_size == 0)
+ return TEST_FAILED;
- if (gnutls_session_is_resumed (session))
- return TEST_SUCCEED;
+ if (gnutls_session_is_resumed(session))
+ return TEST_SUCCEED;
- if (tmp_session_id_size == session_id_size &&
- memcmp (tmp_session_id, session_id, tmp_session_id_size) == 0)
- return TEST_SUCCEED;
- else
- return TEST_FAILED;
+ if (tmp_session_id_size == session_id_size &&
+ memcmp(tmp_session_id, session_id, tmp_session_id_size) == 0)
+ return TEST_SUCCEED;
+ else
+ return TEST_FAILED;
}
extern char *hostname;
-test_code_t
-test_certificate (gnutls_session_t session)
+test_code_t test_certificate(gnutls_session_t session)
{
- int ret;
+ int ret;
- if (verbose == 0)
- return TEST_IGNORE;
+ if (verbose == 0)
+ return TEST_IGNORE;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
+ ret = do_handshake(session);
+ if (ret == TEST_FAILED)
+ return ret;
- printf ("\n");
- print_cert_info (session, GNUTLS_CRT_PRINT_FULL, verbose);
+ printf("\n");
+ print_cert_info(session, GNUTLS_CRT_PRINT_FULL, verbose);
- return TEST_SUCCEED;
+ return TEST_SUCCEED;
}
/* A callback function to be used at the certificate selection time.
*/
static int
-cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr2_st * st)
+cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_retr2_st * st)
{
- char issuer_dn[256];
- int i, ret;
- size_t len;
-
- if (verbose == 0)
- return -1;
-
- /* Print the server's trusted CAs
- */
- printf ("\n");
- if (nreqs > 0)
- printf ("- Server's trusted authorities:\n");
- else
- printf ("- Server did not send us any trusted authorities names.\n");
-
- /* print the names (if any) */
- for (i = 0; i < nreqs; i++)
- {
- len = sizeof (issuer_dn);
- ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
- if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
- }
- }
-
- return -1;
+ char issuer_dn[256];
+ int i, ret;
+ size_t len;
+
+ if (verbose == 0)
+ return -1;
+
+ /* Print the server's trusted CAs
+ */
+ printf("\n");
+ if (nreqs > 0)
+ printf("- Server's trusted authorities:\n");
+ else
+ printf
+ ("- Server did not send us any trusted authorities names.\n");
+
+ /* print the names (if any) */
+ for (i = 0; i < nreqs; i++) {
+ len = sizeof(issuer_dn);
+ ret = gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn, &len);
+ if (ret >= 0) {
+ printf(" [%d]: ", i);
+ printf("%s\n", issuer_dn);
+ }
+ }
+
+ return -1;
}
/* Prints the trusted server's CAs. This is only
* if the server sends a certificate request packet.
*/
-test_code_t
-test_server_cas (gnutls_session_t session)
+test_code_t test_server_cas(gnutls_session_t session)
{
- int ret;
+ int ret;
- if (verbose == 0)
- return TEST_IGNORE;
+ if (verbose == 0)
+ return TEST_IGNORE;
- sprintf (prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct (session, prio_str);
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_certificate_set_retrieve_function (xcred, cert_callback);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_certificate_set_retrieve_function(xcred, cert_callback);
- ret = do_handshake (session);
- gnutls_certificate_set_retrieve_function (xcred, NULL);
+ ret = do_handshake(session);
+ gnutls_certificate_set_retrieve_function(xcred, NULL);
- if (ret == TEST_FAILED)
- return ret;
- return TEST_SUCCEED;
+ if (ret == TEST_FAILED)
+ return ret;
+ return TEST_SUCCEED;
}
diff --git a/src/tests.h b/src/tests.h
index 6119a24d8f..9f0e348f50 100644
--- a/src/tests.h
+++ b/src/tests.h
@@ -18,51 +18,50 @@
* <http://www.gnu.org/licenses/>.
*/
-typedef enum
-{
- TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE
+typedef enum {
+ TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE
} test_code_t;
-test_code_t test_server (gnutls_session_t state);
-test_code_t test_record_padding (gnutls_session_t state);
-test_code_t test_hello_extension (gnutls_session_t state);
-test_code_t test_heartbeat_extension (gnutls_session_t state);
-test_code_t test_small_records (gnutls_session_t state);
-test_code_t test_dhe (gnutls_session_t state);
-test_code_t test_dhe_group (gnutls_session_t state);
-test_code_t test_ssl3 (gnutls_session_t state);
-test_code_t test_aes (gnutls_session_t state);
-test_code_t test_camellia (gnutls_session_t state);
-test_code_t test_md5 (gnutls_session_t state);
-test_code_t test_sha (gnutls_session_t state);
-test_code_t test_3des (gnutls_session_t state);
-test_code_t test_arcfour (gnutls_session_t state);
-test_code_t test_tls1 (gnutls_session_t state);
-test_code_t test_safe_renegotiation (gnutls_session_t state);
-test_code_t test_safe_renegotiation_scsv (gnutls_session_t state);
-test_code_t test_tls1_1 (gnutls_session_t state);
-test_code_t test_tls1_2 (gnutls_session_t state);
-test_code_t test_tls1_1_fallback (gnutls_session_t state);
-test_code_t test_tls_disable0 (gnutls_session_t state);
-test_code_t test_tls_disable1 (gnutls_session_t state);
-test_code_t test_tls_disable2 (gnutls_session_t state);
-test_code_t test_rsa_pms (gnutls_session_t state);
-test_code_t test_max_record_size (gnutls_session_t state);
-test_code_t test_version_rollback (gnutls_session_t state);
-test_code_t test_anonymous (gnutls_session_t state);
-test_code_t test_unknown_ciphersuites (gnutls_session_t state);
-test_code_t test_openpgp1 (gnutls_session_t state);
-test_code_t test_bye (gnutls_session_t state);
-test_code_t test_certificate (gnutls_session_t state);
-test_code_t test_server_cas (gnutls_session_t state);
-test_code_t test_session_resume2 (gnutls_session_t state);
-test_code_t test_rsa_pms_version_check (gnutls_session_t session);
-test_code_t test_version_oob (gnutls_session_t session);
-test_code_t test_zlib (gnutls_session_t session);
-int _test_srp_username_callback (gnutls_session_t session,
- char **username, char **password);
+test_code_t test_server(gnutls_session_t state);
+test_code_t test_record_padding(gnutls_session_t state);
+test_code_t test_hello_extension(gnutls_session_t state);
+test_code_t test_heartbeat_extension(gnutls_session_t state);
+test_code_t test_small_records(gnutls_session_t state);
+test_code_t test_dhe(gnutls_session_t state);
+test_code_t test_dhe_group(gnutls_session_t state);
+test_code_t test_ssl3(gnutls_session_t state);
+test_code_t test_aes(gnutls_session_t state);
+test_code_t test_camellia(gnutls_session_t state);
+test_code_t test_md5(gnutls_session_t state);
+test_code_t test_sha(gnutls_session_t state);
+test_code_t test_3des(gnutls_session_t state);
+test_code_t test_arcfour(gnutls_session_t state);
+test_code_t test_tls1(gnutls_session_t state);
+test_code_t test_safe_renegotiation(gnutls_session_t state);
+test_code_t test_safe_renegotiation_scsv(gnutls_session_t state);
+test_code_t test_tls1_1(gnutls_session_t state);
+test_code_t test_tls1_2(gnutls_session_t state);
+test_code_t test_tls1_1_fallback(gnutls_session_t state);
+test_code_t test_tls_disable0(gnutls_session_t state);
+test_code_t test_tls_disable1(gnutls_session_t state);
+test_code_t test_tls_disable2(gnutls_session_t state);
+test_code_t test_rsa_pms(gnutls_session_t state);
+test_code_t test_max_record_size(gnutls_session_t state);
+test_code_t test_version_rollback(gnutls_session_t state);
+test_code_t test_anonymous(gnutls_session_t state);
+test_code_t test_unknown_ciphersuites(gnutls_session_t state);
+test_code_t test_openpgp1(gnutls_session_t state);
+test_code_t test_bye(gnutls_session_t state);
+test_code_t test_certificate(gnutls_session_t state);
+test_code_t test_server_cas(gnutls_session_t state);
+test_code_t test_session_resume2(gnutls_session_t state);
+test_code_t test_rsa_pms_version_check(gnutls_session_t session);
+test_code_t test_version_oob(gnutls_session_t session);
+test_code_t test_zlib(gnutls_session_t session);
+int _test_srp_username_callback(gnutls_session_t session,
+ char **username, char **password);
-test_code_t test_ecdhe_curve (gnutls_session_t session);
-test_code_t test_ecdhe (gnutls_session_t session);
-test_code_t test_aes_gcm (gnutls_session_t session);
-test_code_t test_sha256 (gnutls_session_t session);
+test_code_t test_ecdhe_curve(gnutls_session_t session);
+test_code_t test_ecdhe(gnutls_session_t session);
+test_code_t test_aes_gcm(gnutls_session_t session);
+test_code_t test_sha256(gnutls_session_t session);
diff --git a/src/tpmtool.c b/src/tpmtool.c
index 9b2168e349..0ce6bfb4b4 100644
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -46,11 +46,12 @@
#include "certtool-common.h"
#include "tpmtool-args.h"
-static void cmd_parser (int argc, char **argv);
-static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int bits, unsigned int flags);
-static void tpm_pubkey(const char* url, FILE* outfile);
-static void tpm_delete(const char* url, FILE* outfile);
-static void tpm_list(FILE* outfile);
+static void cmd_parser(int argc, char **argv);
+static void tpm_generate(FILE * outfile, unsigned int key_type,
+ unsigned int bits, unsigned int flags);
+static void tpm_pubkey(const char *url, FILE * outfile);
+static void tpm_delete(const char *url, FILE * outfile);
+static void tpm_list(FILE * outfile);
static gnutls_x509_crt_fmt_t incert_format, outcert_format;
static gnutls_tpmkey_fmt_t inkey_format, outkey_format;
@@ -59,252 +60,226 @@ static FILE *outfile;
static FILE *infile;
int batch = 0;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- cmd_parser (argc, argv);
+ cmd_parser(argc, argv);
- return 0;
+ return 0;
}
-static void
-cmd_parser (int argc, char **argv)
+static void cmd_parser(int argc, char **argv)
{
- int ret, debug = 0;
- unsigned int optct;
- unsigned int key_type = GNUTLS_PK_UNKNOWN;
- unsigned int bits = 0;
- unsigned int genflags = 0;
- /* Note that the default sec-param is legacy because several TPMs
- * cannot handle larger keys.
- */
- const char* sec_param = "legacy";
-
- optct = optionProcess( &tpmtoolOptions, argc, argv);
- argc += optct;
- argv += optct;
-
- if (HAVE_OPT(DEBUG))
- debug = OPT_VALUE_DEBUG;
-
- if (HAVE_OPT(INDER))
- {
- incert_format = GNUTLS_X509_FMT_DER;
- inkey_format = GNUTLS_TPMKEY_FMT_DER;
- }
- else
- {
- incert_format = GNUTLS_X509_FMT_PEM;
- inkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM;
- }
-
- if (HAVE_OPT(OUTDER))
- {
- outcert_format = GNUTLS_X509_FMT_DER;
- outkey_format = GNUTLS_TPMKEY_FMT_DER;
- }
- else
- {
- outcert_format = GNUTLS_X509_FMT_PEM;
- outkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM;
- }
-
- if (HAVE_OPT(REGISTER))
- genflags |= GNUTLS_TPM_REGISTER_KEY;
- if (!HAVE_OPT(LEGACY))
- genflags |= GNUTLS_TPM_KEY_SIGNING;
- if (HAVE_OPT(USER))
- genflags |= GNUTLS_TPM_KEY_USER;
-
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (debug);
- if (debug > 1)
- printf ("Setting log level to %d\n", debug);
-
- if ((ret = gnutls_global_init ()) < 0)
- {
- fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- if (HAVE_OPT(OUTFILE))
- {
- outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
- if (outfile == NULL)
- {
- fprintf (stderr, "%s", OPT_ARG(OUTFILE));
- exit(1);
- }
- }
- else
- outfile = stdout;
-
- if (HAVE_OPT(INFILE))
- {
- infile = fopen (OPT_ARG(INFILE), "rb");
- if (infile == NULL)
- {
- fprintf (stderr, "%s", OPT_ARG(INFILE));
- exit(1);
- }
- }
- else
- infile = stdin;
-
- if (HAVE_OPT(SEC_PARAM))
- sec_param = OPT_ARG(SEC_PARAM);
- if (HAVE_OPT(BITS))
- bits = OPT_VALUE_BITS;
-
-
- if (HAVE_OPT(GENERATE_RSA))
- {
- key_type = GNUTLS_PK_RSA;
- bits = get_bits (key_type, bits, sec_param, 0);
- tpm_generate (outfile, key_type, bits, genflags);
- }
- else if (HAVE_OPT(PUBKEY))
- {
- tpm_pubkey (OPT_ARG(PUBKEY), outfile);
- }
- else if (HAVE_OPT(DELETE))
- {
- tpm_delete (OPT_ARG(DELETE), outfile);
- }
- else if (HAVE_OPT(LIST))
- {
- tpm_list (outfile);
- }
- else
- {
- USAGE(1);
- }
-
- fclose (outfile);
-
- gnutls_global_deinit ();
+ int ret, debug = 0;
+ unsigned int optct;
+ unsigned int key_type = GNUTLS_PK_UNKNOWN;
+ unsigned int bits = 0;
+ unsigned int genflags = 0;
+ /* Note that the default sec-param is legacy because several TPMs
+ * cannot handle larger keys.
+ */
+ const char *sec_param = "legacy";
+
+ optct = optionProcess(&tpmtoolOptions, argc, argv);
+ argc += optct;
+ argv += optct;
+
+ if (HAVE_OPT(DEBUG))
+ debug = OPT_VALUE_DEBUG;
+
+ if (HAVE_OPT(INDER)) {
+ incert_format = GNUTLS_X509_FMT_DER;
+ inkey_format = GNUTLS_TPMKEY_FMT_DER;
+ } else {
+ incert_format = GNUTLS_X509_FMT_PEM;
+ inkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM;
+ }
+
+ if (HAVE_OPT(OUTDER)) {
+ outcert_format = GNUTLS_X509_FMT_DER;
+ outkey_format = GNUTLS_TPMKEY_FMT_DER;
+ } else {
+ outcert_format = GNUTLS_X509_FMT_PEM;
+ outkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM;
+ }
+
+ if (HAVE_OPT(REGISTER))
+ genflags |= GNUTLS_TPM_REGISTER_KEY;
+ if (!HAVE_OPT(LEGACY))
+ genflags |= GNUTLS_TPM_KEY_SIGNING;
+ if (HAVE_OPT(USER))
+ genflags |= GNUTLS_TPM_KEY_USER;
+
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(debug);
+ if (debug > 1)
+ printf("Setting log level to %d\n", debug);
+
+ if ((ret = gnutls_global_init()) < 0) {
+ fprintf(stderr, "global_init: %s", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (HAVE_OPT(OUTFILE)) {
+ outfile = safe_open_rw(OPT_ARG(OUTFILE), 0);
+ if (outfile == NULL) {
+ fprintf(stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
+ } else
+ outfile = stdout;
+
+ if (HAVE_OPT(INFILE)) {
+ infile = fopen(OPT_ARG(INFILE), "rb");
+ if (infile == NULL) {
+ fprintf(stderr, "%s", OPT_ARG(INFILE));
+ exit(1);
+ }
+ } else
+ infile = stdin;
+
+ if (HAVE_OPT(SEC_PARAM))
+ sec_param = OPT_ARG(SEC_PARAM);
+ if (HAVE_OPT(BITS))
+ bits = OPT_VALUE_BITS;
+
+
+ if (HAVE_OPT(GENERATE_RSA)) {
+ key_type = GNUTLS_PK_RSA;
+ bits = get_bits(key_type, bits, sec_param, 0);
+ tpm_generate(outfile, key_type, bits, genflags);
+ } else if (HAVE_OPT(PUBKEY)) {
+ tpm_pubkey(OPT_ARG(PUBKEY), outfile);
+ } else if (HAVE_OPT(DELETE)) {
+ tpm_delete(OPT_ARG(DELETE), outfile);
+ } else if (HAVE_OPT(LIST)) {
+ tpm_list(outfile);
+ } else {
+ USAGE(1);
+ }
+
+ fclose(outfile);
+
+ gnutls_global_deinit();
}
-static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int bits, unsigned int flags)
+static void tpm_generate(FILE * outfile, unsigned int key_type,
+ unsigned int bits, unsigned int flags)
{
- int ret;
- char* srk_pass, *key_pass = NULL;
- gnutls_datum_t privkey, pubkey;
-
- srk_pass = getpass ("Enter SRK password: ");
- if (srk_pass != NULL)
- srk_pass = strdup(srk_pass);
-
- if (!(flags & GNUTLS_TPM_REGISTER_KEY))
- {
- key_pass = getpass ("Enter key password: ");
- if (key_pass != NULL)
- key_pass = strdup(srk_pass);
- }
-
- ret = gnutls_tpm_privkey_generate(key_type, bits, srk_pass, key_pass,
- outkey_format, outcert_format,
- &privkey, &pubkey,
- flags);
-
- free(key_pass);
- free(srk_pass);
-
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_tpm_privkey_generate: %s", gnutls_strerror (ret));
- exit(1);
- }
+ int ret;
+ char *srk_pass, *key_pass = NULL;
+ gnutls_datum_t privkey, pubkey;
+
+ srk_pass = getpass("Enter SRK password: ");
+ if (srk_pass != NULL)
+ srk_pass = strdup(srk_pass);
+
+ if (!(flags & GNUTLS_TPM_REGISTER_KEY)) {
+ key_pass = getpass("Enter key password: ");
+ if (key_pass != NULL)
+ key_pass = strdup(srk_pass);
+ }
+
+ ret =
+ gnutls_tpm_privkey_generate(key_type, bits, srk_pass, key_pass,
+ outkey_format, outcert_format,
+ &privkey, &pubkey, flags);
+
+ free(key_pass);
+ free(srk_pass);
+
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_tpm_privkey_generate: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
/* fwrite (pubkey.data, 1, pubkey.size, outfile);
fputs ("\n", outfile);*/
- fwrite (privkey.data, 1, privkey.size, outfile);
- fputs ("\n", outfile);
-
- gnutls_free(privkey.data);
- gnutls_free(pubkey.data);
+ fwrite(privkey.data, 1, privkey.size, outfile);
+ fputs("\n", outfile);
+
+ gnutls_free(privkey.data);
+ gnutls_free(pubkey.data);
}
-static void tpm_delete(const char* url, FILE* outfile)
+static void tpm_delete(const char *url, FILE * outfile)
{
- int ret;
- char* srk_pass;
-
- srk_pass = getpass ("Enter SRK password: ");
-
- ret = gnutls_tpm_privkey_delete(url, srk_pass);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_tpm_privkey_delete: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf (outfile, "Key %s deleted\n", url);
+ int ret;
+ char *srk_pass;
+
+ srk_pass = getpass("Enter SRK password: ");
+
+ ret = gnutls_tpm_privkey_delete(url, srk_pass);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_tpm_privkey_delete: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "Key %s deleted\n", url);
}
-static void tpm_list(FILE* outfile)
+static void tpm_list(FILE * outfile)
{
- int ret;
- gnutls_tpm_key_list_t list;
- unsigned int i;
- char* url;
-
- ret = gnutls_tpm_get_registered (&list);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_tpm_get_registered: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf(outfile, "Available keys:\n");
- for (i=0;;i++)
- {
- ret = gnutls_tpm_key_list_get_url(list, i, &url, 0);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- else if (ret < 0)
- {
- fprintf (stderr, "gnutls_tpm_key_list_get_url: %s", gnutls_strerror (ret));
- exit(1);
- }
-
- fprintf(outfile, "\t%u: %s\n", i, url);
- gnutls_free(url);
- }
-
- fputs ("\n", outfile);
+ int ret;
+ gnutls_tpm_key_list_t list;
+ unsigned int i;
+ char *url;
+
+ ret = gnutls_tpm_get_registered(&list);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_tpm_get_registered: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "Available keys:\n");
+ for (i = 0;; i++) {
+ ret = gnutls_tpm_key_list_get_url(list, i, &url, 0);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ else if (ret < 0) {
+ fprintf(stderr, "gnutls_tpm_key_list_get_url: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ fprintf(outfile, "\t%u: %s\n", i, url);
+ gnutls_free(url);
+ }
+
+ fputs("\n", outfile);
}
-static void tpm_pubkey(const char* url, FILE* outfile)
+static void tpm_pubkey(const char *url, FILE * outfile)
{
- int ret;
- char* srk_pass;
- gnutls_pubkey_t pubkey;
-
- srk_pass = getpass ("Enter SRK password: ");
- if (srk_pass != NULL)
- srk_pass = strdup(srk_pass);
+ int ret;
+ char *srk_pass;
+ gnutls_pubkey_t pubkey;
+
+ srk_pass = getpass("Enter SRK password: ");
+ if (srk_pass != NULL)
+ srk_pass = strdup(srk_pass);
- gnutls_pubkey_init(&pubkey);
+ gnutls_pubkey_init(&pubkey);
- ret = gnutls_pubkey_import_tpm_url(pubkey, url, srk_pass, 0);
+ ret = gnutls_pubkey_import_tpm_url(pubkey, url, srk_pass, 0);
- free(srk_pass);
+ free(srk_pass);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_pubkey_import_tpm_url: %s", gnutls_strerror (ret));
- exit(1);
- }
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_pubkey_import_tpm_url: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
- _pubkey_info(outfile, GNUTLS_CRT_PRINT_FULL, pubkey);
+ _pubkey_info(outfile, GNUTLS_CRT_PRINT_FULL, pubkey);
- gnutls_pubkey_deinit(pubkey);
+ gnutls_pubkey_deinit(pubkey);
}
diff --git a/src/udp-serv.c b/src/udp-serv.c
index 08d2677a88..f9cb420ffe 100644
--- a/src/udp-serv.c
+++ b/src/udp-serv.c
@@ -21,13 +21,13 @@
#include <stdio.h>
#if HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#include <sys/socket.h>
#elif HAVE_WS2TCPIP_H
-# include <ws2tcpip.h>
+#include <ws2tcpip.h>
#endif
#include <arpa/inet.h>
#ifndef _WIN32
-# include <netinet/in.h>
+#include <netinet/in.h>
#endif
#include <sys/select.h>
#include <stdlib.h>
@@ -39,232 +39,264 @@
#include "list.h"
typedef struct {
- gnutls_session_t session;
- int fd;
- struct sockaddr * cli_addr;
- socklen_t cli_addr_size;
+ gnutls_session_t session;
+ int fd;
+ struct sockaddr *cli_addr;
+ socklen_t cli_addr_size;
} priv_data_st;
static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms);
-static ssize_t push_func (gnutls_transport_ptr_t p, const void * data, size_t size);
-static ssize_t pull_func(gnutls_transport_ptr_t p, void * data, size_t size);
+static ssize_t push_func(gnutls_transport_ptr_t p, const void *data,
+ size_t size);
+static ssize_t pull_func(gnutls_transport_ptr_t p, void *data,
+ size_t size);
-#define MAX_BUFFER 255 /* Longest string to echo */
+#define MAX_BUFFER 255 /* Longest string to echo */
-void udp_server(const char* name, int port, int mtu)
+void udp_server(const char *name, int port, int mtu)
{
- int sock, ret;
- struct sockaddr_in cli_addr;
- socklen_t cli_addr_size;
- char buffer[MAX_BUFFER];
- priv_data_st priv;
- gnutls_session_t session;
- gnutls_datum_t cookie_key;
- gnutls_dtls_prestate_st prestate;
- unsigned char sequence[8];
-
- ret = gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
- if (ret < 0)
- {
- fprintf(stderr, "Cannot generate key\n");
- exit(1);
- }
-
- ret = listen_socket (name, port, SOCK_DGRAM);
- if (ret < 0)
- {
- fprintf(stderr, "Cannot listen\n");
- exit (1);
- }
-
- for (;;)
- {
- printf("Waiting for connection...\n");
- sock = wait_for_connection();
- if (sock < 0)
- continue;
-
- cli_addr_size = sizeof(cli_addr);
- ret = recvfrom(sock, buffer, sizeof(buffer), MSG_PEEK, (struct sockaddr*)&cli_addr, &cli_addr_size);
- if (ret > 0)
- {
- memset(&prestate, 0, sizeof(prestate));
- ret = gnutls_dtls_cookie_verify(&cookie_key, &cli_addr, sizeof(cli_addr), buffer, ret, &prestate);
- if (ret < 0) /* cookie not valid */
- {
- priv_data_st s;
-
- memset(&s,0,sizeof(s));
- s.fd = sock;
- s.cli_addr = (void*)&cli_addr;
- s.cli_addr_size = sizeof(cli_addr);
-
- printf("Sending hello verify request to %s\n", human_addr ((struct sockaddr *)
- &cli_addr, sizeof(cli_addr), buffer, sizeof(buffer)));
- gnutls_dtls_cookie_send(&cookie_key, &cli_addr, sizeof(cli_addr), &prestate, (gnutls_transport_ptr_t)&s, push_func);
-
- /* discard peeked data*/
- recvfrom(sock, buffer, sizeof(buffer), 0, (struct sockaddr*)&cli_addr, &cli_addr_size);
- continue;
- }
- printf ("Accepted connection from %s\n",
- human_addr ((struct sockaddr *)
- &cli_addr, sizeof(cli_addr), buffer,
- sizeof (buffer)));
- }
- else
- continue;
-
- session = initialize_session(1);
- gnutls_dtls_prestate_set(session, &prestate);
- if (mtu) gnutls_dtls_set_mtu(session, mtu);
-
- priv.session = session;
- priv.fd = sock;
- priv.cli_addr = (struct sockaddr *)&cli_addr;
- priv.cli_addr_size = sizeof(cli_addr);
-
- gnutls_transport_set_ptr (session, &priv);
- gnutls_transport_set_push_function (session, push_func);
- gnutls_transport_set_pull_function (session, pull_func);
- gnutls_transport_set_pull_timeout_function (session, pull_timeout_func);
-
- do
- {
- ret = gnutls_handshake(session);
- }
- while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- fprintf(stderr, "Error in handshake(): %s\n", gnutls_strerror(ret));
- gnutls_deinit(session);
- continue;
- }
-
- for(;;)
- {
- do
- {
- ret = gnutls_record_recv_seq(session, buffer, MAX_BUFFER, sequence);
- if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
- gnutls_heartbeat_pong(session, 0);
- }
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
-
- if (ret == GNUTLS_E_REHANDSHAKE)
- {
- fprintf (stderr, "*** Received hello message\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret == GNUTLS_E_INTERRUPTED ||
- ret == GNUTLS_E_AGAIN);
-
- if (ret == 0) continue;
- }
- if (ret < 0)
- {
- fprintf(stderr, "Error in recv(): %s\n", gnutls_strerror(ret));
- break;
- }
- if (ret == 0)
- {
- printf("EOF\n\n");
- break;
- }
-
- buffer[ret] = 0;
- printf("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n", sequence[0], sequence[1], sequence[2],
- sequence[3], sequence[4], sequence[5], sequence[6], sequence[7], buffer);
-
- if (check_command(session, buffer) == 0)
- {
- /* reply back */
- ret = gnutls_record_send(session, buffer, ret);
- if (ret < 0)
- {
- fprintf(stderr, "Error in send(): %s\n", gnutls_strerror(ret));
- break;
- }
- }
- }
- }
- gnutls_deinit(session);
+ int sock, ret;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ char buffer[MAX_BUFFER];
+ priv_data_st priv;
+ gnutls_session_t session;
+ gnutls_datum_t cookie_key;
+ gnutls_dtls_prestate_st prestate;
+ unsigned char sequence[8];
+
+ ret = gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot generate key\n");
+ exit(1);
+ }
+
+ ret = listen_socket(name, port, SOCK_DGRAM);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot listen\n");
+ exit(1);
+ }
+
+ for (;;) {
+ printf("Waiting for connection...\n");
+ sock = wait_for_connection();
+ if (sock < 0)
+ continue;
+
+ cli_addr_size = sizeof(cli_addr);
+ ret =
+ recvfrom(sock, buffer, sizeof(buffer), MSG_PEEK,
+ (struct sockaddr *) &cli_addr,
+ &cli_addr_size);
+ if (ret > 0) {
+ memset(&prestate, 0, sizeof(prestate));
+ ret =
+ gnutls_dtls_cookie_verify(&cookie_key,
+ &cli_addr,
+ sizeof(cli_addr),
+ buffer, ret,
+ &prestate);
+ if (ret < 0) { /* cookie not valid */
+ priv_data_st s;
+
+ memset(&s, 0, sizeof(s));
+ s.fd = sock;
+ s.cli_addr = (void *) &cli_addr;
+ s.cli_addr_size = sizeof(cli_addr);
+
+ printf
+ ("Sending hello verify request to %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr,
+ sizeof(cli_addr), buffer,
+ sizeof(buffer)));
+ gnutls_dtls_cookie_send(&cookie_key,
+ &cli_addr,
+ sizeof(cli_addr),
+ &prestate,
+ (gnutls_transport_ptr_t)
+ & s, push_func);
+
+ /* discard peeked data */
+ recvfrom(sock, buffer, sizeof(buffer), 0,
+ (struct sockaddr *) &cli_addr,
+ &cli_addr_size);
+ continue;
+ }
+ printf("Accepted connection from %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr, sizeof(cli_addr),
+ buffer, sizeof(buffer)));
+ } else
+ continue;
+
+ session = initialize_session(1);
+ gnutls_dtls_prestate_set(session, &prestate);
+ if (mtu)
+ gnutls_dtls_set_mtu(session, mtu);
+
+ priv.session = session;
+ priv.fd = sock;
+ priv.cli_addr = (struct sockaddr *) &cli_addr;
+ priv.cli_addr_size = sizeof(cli_addr);
+
+ gnutls_transport_set_ptr(session, &priv);
+ gnutls_transport_set_push_function(session, push_func);
+ gnutls_transport_set_pull_function(session, pull_func);
+ gnutls_transport_set_pull_timeout_function(session,
+ pull_timeout_func);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fprintf(stderr, "Error in handshake(): %s\n",
+ gnutls_strerror(ret));
+ gnutls_deinit(session);
+ continue;
+ }
+
+ for (;;) {
+ do {
+ ret =
+ gnutls_record_recv_seq(session, buffer,
+ MAX_BUFFER,
+ sequence);
+ if (ret ==
+ GNUTLS_E_HEARTBEAT_PING_RECEIVED)
+ gnutls_heartbeat_pong(session, 0);
+ }
+ while (ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+
+ if (ret == GNUTLS_E_REHANDSHAKE) {
+ fprintf(stderr,
+ "*** Received hello message\n");
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret == GNUTLS_E_INTERRUPTED ||
+ ret == GNUTLS_E_AGAIN);
+
+ if (ret == 0)
+ continue;
+ }
+ if (ret < 0) {
+ fprintf(stderr, "Error in recv(): %s\n",
+ gnutls_strerror(ret));
+ break;
+ }
+ if (ret == 0) {
+ printf("EOF\n\n");
+ break;
+ }
+
+ buffer[ret] = 0;
+ printf
+ ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n",
+ sequence[0], sequence[1], sequence[2],
+ sequence[3], sequence[4], sequence[5],
+ sequence[6], sequence[7], buffer);
+
+ if (check_command(session, buffer) == 0) {
+ /* reply back */
+ ret =
+ gnutls_record_send(session, buffer,
+ ret);
+ if (ret < 0) {
+ fprintf(stderr,
+ "Error in send(): %s\n",
+ gnutls_strerror(ret));
+ break;
+ }
+ }
+ }
+ }
+ gnutls_deinit(session);
}
/* Wait for data to be received within a timeout period in milliseconds
*/
static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms)
{
-fd_set rfds;
-struct timeval tv;
-priv_data_st *priv = ptr;
-struct sockaddr_in cli_addr;
-socklen_t cli_addr_size;
-int ret;
-char c;
-
- FD_ZERO(&rfds);
- FD_SET(priv->fd, &rfds);
-
- tv.tv_sec = 0;
- tv.tv_usec = ms * 1000;
-
- while(tv.tv_usec >= 1000000)
- {
- tv.tv_usec -= 1000000;
- tv.tv_sec++;
- }
-
- ret = select(priv->fd+1, &rfds, NULL, NULL, &tv);
-
- if (ret <= 0)
- return ret;
-
- /* only report ok if the next message is from the peer we expect
- * from
- */
- cli_addr_size = sizeof(cli_addr);
- ret = recvfrom(priv->fd, &c, 1, MSG_PEEK, (struct sockaddr*)&cli_addr, &cli_addr_size);
- if (ret > 0)
- {
- if (cli_addr_size == priv->cli_addr_size && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr))==0)
- return 1;
- }
-
- return 0;
+ fd_set rfds;
+ struct timeval tv;
+ priv_data_st *priv = ptr;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ int ret;
+ char c;
+
+ FD_ZERO(&rfds);
+ FD_SET(priv->fd, &rfds);
+
+ tv.tv_sec = 0;
+ tv.tv_usec = ms * 1000;
+
+ while (tv.tv_usec >= 1000000) {
+ tv.tv_usec -= 1000000;
+ tv.tv_sec++;
+ }
+
+ ret = select(priv->fd + 1, &rfds, NULL, NULL, &tv);
+
+ if (ret <= 0)
+ return ret;
+
+ /* only report ok if the next message is from the peer we expect
+ * from
+ */
+ cli_addr_size = sizeof(cli_addr);
+ ret =
+ recvfrom(priv->fd, &c, 1, MSG_PEEK,
+ (struct sockaddr *) &cli_addr, &cli_addr_size);
+ if (ret > 0) {
+ if (cli_addr_size == priv->cli_addr_size
+ && memcmp(&cli_addr, priv->cli_addr,
+ sizeof(cli_addr)) == 0)
+ return 1;
+ }
+
+ return 0;
}
-static ssize_t push_func (gnutls_transport_ptr_t p, const void * data, size_t size)
+static ssize_t push_func(gnutls_transport_ptr_t p, const void *data,
+ size_t size)
{
-priv_data_st *priv = p;
+ priv_data_st *priv = p;
- return sendto(priv->fd, data, size, 0, priv->cli_addr, priv->cli_addr_size);
+ return sendto(priv->fd, data, size, 0, priv->cli_addr,
+ priv->cli_addr_size);
}
-static ssize_t pull_func(gnutls_transport_ptr_t p, void * data, size_t size)
+static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size)
{
-priv_data_st *priv = p;
-struct sockaddr_in cli_addr;
-socklen_t cli_addr_size;
-char buffer[64];
-int ret;
-
- cli_addr_size = sizeof(cli_addr);
- ret = recvfrom(priv->fd, data, size, 0, (struct sockaddr*)&cli_addr, &cli_addr_size);
- if (ret == -1)
- return ret;
-
- if (cli_addr_size == priv->cli_addr_size && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr))==0)
- return ret;
-
- printf ("Denied connection from %s\n",
- human_addr ((struct sockaddr *)
- &cli_addr, sizeof(cli_addr), buffer,
- sizeof (buffer)));
-
- gnutls_transport_set_errno(priv->session, EAGAIN);
- return -1;
+ priv_data_st *priv = p;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ char buffer[64];
+ int ret;
+
+ cli_addr_size = sizeof(cli_addr);
+ ret =
+ recvfrom(priv->fd, data, size, 0,
+ (struct sockaddr *) &cli_addr, &cli_addr_size);
+ if (ret == -1)
+ return ret;
+
+ if (cli_addr_size == priv->cli_addr_size
+ && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr)) == 0)
+ return ret;
+
+ printf("Denied connection from %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr, sizeof(cli_addr), buffer,
+ sizeof(buffer)));
+
+ gnutls_transport_set_errno(priv->session, EAGAIN);
+ return -1;
}
diff --git a/src/udp-serv.h b/src/udp-serv.h
index ae0b39503b..d956f87789 100644
--- a/src/udp-serv.h
+++ b/src/udp-serv.h
@@ -19,9 +19,9 @@
#include <gnutls/dtls.h>
-void udp_server(const char* name, int port, int mtu);
-gnutls_session_t initialize_session (int dtls);
-const char * human_addr (const struct sockaddr *sa, socklen_t salen,
- char *buf, size_t buflen);
+void udp_server(const char *name, int port, int mtu);
+gnutls_session_t initialize_session(int dtls);
+const char *human_addr(const struct sockaddr *sa, socklen_t salen,
+ char *buf, size_t buflen);
int wait_for_connection(void);
-int listen_socket (const char *name, int listen_port, int socktype);
+int listen_socket(const char *name, int listen_port, int socktype);
diff --git a/tests/anonself.c b/tests/anonself.c
index 9cdaaf576c..ac6df9fa3e 100644
--- a/tests/anonself.c
+++ b/tests/anonself.c
@@ -33,10 +33,9 @@
#if defined(_WIN32)
/* socketpair isn't supported on Win32. */
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -53,10 +52,9 @@ main (int argc, char** argv)
#include "utils.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
/* A very basic TLS client, with anonymous authentication.
@@ -65,93 +63,87 @@ tls_log_func (int level, const char *str)
#define MAX_BUF 1024
#define MSG "Hello TLS"
-static void
-client (int sd)
+static void client(int sd)
{
- int ret, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
-end:
-
- close (sd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
-
- gnutls_global_deinit ();
+ int ret, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ close(sd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+
+ gnutls_global_deinit();
}
/* This is a sample TLS 1.0 echo server, for anonymous authentication only.
@@ -163,38 +155,39 @@ end:
/* These are global */
gnutls_anon_server_credentials_t anoncred;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
- gnutls_dh_set_prime_bits (session, DH_BITS);
+ gnutls_dh_set_prime_bits(session, DH_BITS);
- return session;
+ return session;
}
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ return gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
}
int err, ret;
@@ -203,119 +196,109 @@ gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
-static void
-server (int sd)
+static void server(int sd)
{
- /* this must be called once in the program
- */
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- if (debug)
- success ("Launched, generating DH parameters...\n");
-
- generate_dh_params ();
-
- gnutls_anon_set_server_dh_params (anoncred, dh_params);
-
- session = initialize_tls_session ();
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- return;
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ /* this must be called once in the program
+ */
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ if (debug)
+ success("Launched, generating DH parameters...\n");
+
+ generate_dh_params();
+
+ gnutls_anon_set_server_dh_params(anoncred, dh_params);
+
+ session = initialize_tls_session();
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ return;
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- pid_t child;
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (sockets[0]);
- wait (&status);
- }
- else
- client (sockets[1]);
+ pid_t child;
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(sockets[0]);
+ wait(&status);
+ } else
+ client(sockets[1]);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/certder.c b/tests/certder.c
index 9a902b03c2..a794991761 100644
--- a/tests/certder.c
+++ b/tests/certder.c
@@ -28,307 +28,389 @@
#include <gnutls/x509.h>
#include "utils.h"
-void
-doit (void)
+void doit(void)
{
- int ret;
- unsigned char der[] = {
- 0x30, 0x82, 0x04, 0x10, 0x30, 0x82, 0x03, 0x79,
- 0xa0, 0x07, 0x02, 0x84, 0x90, 0x00, 0x00, 0x00,
- 0x02, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x04, 0x05, 0x00, 0x30, 0x81, 0xbb, 0x31, 0x0b,
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
- 0x02, 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10, 0x06,
- 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x53, 0x6f,
- 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31,
- 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07,
- 0x13, 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69,
- 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03,
- 0x55, 0x04, 0x0a, 0x13, 0x10, 0x53, 0x6f, 0x6d,
- 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
- 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30,
- 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16,
- 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61,
- 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
- 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x1e,
- 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
- 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
- 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
- 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29,
- 0x30, 0x27, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
- 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x1a, 0x72,
- 0x6f, 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61,
- 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f,
- 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69,
- 0x6e, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x34, 0x30,
- 0x32, 0x31, 0x38, 0x32, 0x30, 0x30, 0x32, 0x33,
- 0x34, 0x5a, 0x17, 0x0d, 0x30, 0x35, 0x31, 0x31,
- 0x31, 0x37, 0x32, 0x30, 0x30, 0x32, 0x33, 0x34,
- 0x5a, 0x30, 0x81, 0xbb, 0x31, 0x0b, 0x30, 0x09,
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x2d,
- 0x2d, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
- 0x04, 0x08, 0x13, 0x09, 0x53, 0x6f, 0x6d, 0x65,
- 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30,
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08,
- 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69, 0x74, 0x79,
- 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04,
- 0x0a, 0x13, 0x10, 0x53, 0x6f, 0x6d, 0x65, 0x4f,
- 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06,
- 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x53, 0x6f,
- 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
- 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
- 0x55, 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30, 0x1c,
- 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x6c,
- 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
- 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64, 0x6f,
- 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29, 0x30, 0x27,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x01, 0x09, 0x01, 0x16, 0x1a, 0x72, 0x6f, 0x6f,
- 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68,
- 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
- 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x30,
- 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
- 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
- 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89,
- 0x02, 0x81, 0x81, 0x00, 0xda, 0x3d, 0xb7, 0x66,
- 0x9a, 0x41, 0x4f, 0xca, 0x1d, 0xd1, 0xc4, 0x1f,
- 0xc9, 0x4c, 0xc6, 0x76, 0x45, 0xc5, 0x8e, 0x2f,
- 0x3d, 0x45, 0xf5, 0x16, 0x9f, 0xb5, 0x22, 0x0b,
- 0x61, 0x60, 0xa4, 0x42, 0x42, 0x98, 0xae, 0x45,
- 0xe1, 0x4a, 0x17, 0x0b, 0x6e, 0xf7, 0x4e, 0xc0,
- 0x1e, 0xe7, 0x78, 0xd0, 0x80, 0xfc, 0xde, 0x0a,
- 0x96, 0x43, 0x13, 0xe4, 0xb5, 0xef, 0x47, 0xca,
- 0x8f, 0xb3, 0x13, 0x92, 0x10, 0xc4, 0x02, 0x7b,
- 0xbb, 0x6c, 0x9f, 0x2b, 0x63, 0x65, 0xfa, 0xac,
- 0xcb, 0xc9, 0x14, 0x68, 0x53, 0xd9, 0xe2, 0x9c,
- 0x57, 0x52, 0x23, 0xb9, 0x4f, 0x92, 0xc0, 0xa0,
- 0xe3, 0xf5, 0x50, 0xb3, 0xc4, 0x5f, 0x4e, 0x73,
- 0x9d, 0x0e, 0xfd, 0x9c, 0x57, 0x8e, 0x4c, 0x13,
- 0xe0, 0x7a, 0x16, 0x6b, 0x27, 0xc9, 0xac, 0xb3,
- 0x47, 0xb2, 0x3f, 0x8f, 0xe6, 0x1d, 0x00, 0xc8,
- 0xaa, 0x6f, 0xdf, 0xcb, 0x02, 0x03, 0x01, 0x00,
- 0x01, 0xa3, 0x82, 0x01, 0x1c, 0x30, 0x82, 0x01,
- 0x18, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
- 0x04, 0x16, 0x04, 0x14, 0xe6, 0x30, 0x79, 0x2b,
- 0xe2, 0xcf, 0x4f, 0xa7, 0x40, 0xa4, 0xb9, 0xa4,
- 0x1e, 0x95, 0x56, 0xe8, 0x94, 0xda, 0xd9, 0x15,
- 0x30, 0x81, 0xe8, 0x06, 0x03, 0x55, 0x1d, 0x23,
- 0x04, 0x81, 0xe0, 0x30, 0x81, 0xdd, 0x80, 0x14,
- 0xe6, 0x30, 0x79, 0x2b, 0xe2, 0xcf, 0x4f, 0xa7,
- 0x40, 0xa4, 0xb9, 0xa4, 0x1e, 0x95, 0x56, 0xe8,
- 0x94, 0xda, 0xd9, 0x15, 0xa1, 0x81, 0xc1, 0xa4,
- 0x81, 0xbe, 0x30, 0x81, 0xbb, 0x31, 0x0b, 0x30,
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
- 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
- 0x55, 0x04, 0x08, 0x13, 0x09, 0x53, 0x6f, 0x6d,
- 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11,
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13,
- 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69, 0x74,
- 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
- 0x04, 0x0a, 0x13, 0x10, 0x53, 0x6f, 0x6d, 0x65,
- 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d,
- 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x53,
- 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e,
- 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61,
- 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30,
- 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15,
- 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73,
- 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64,
- 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29, 0x30,
- 0x27, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x09, 0x01, 0x16, 0x1a, 0x72, 0x6f,
- 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
- 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63,
- 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
- 0x82, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x03, 0x55,
- 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
- 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
- 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00,
- 0x03, 0x81, 0x81, 0x00, 0xcd, 0xc9, 0x30, 0x6d,
- 0x02, 0x65, 0x41, 0xea, 0x0e, 0x46, 0x08, 0x6c,
- 0x2f, 0xd5, 0xa7, 0xe4, 0x29, 0xd7, 0x3f, 0x18,
- 0x16, 0xd7, 0x4b, 0x6f, 0x9d, 0xc0, 0x5b, 0xbf,
- 0x68, 0x7b, 0x2e, 0x66, 0xa5, 0x1b, 0xfd, 0xff,
- 0x09, 0x25, 0xa5, 0x56, 0x37, 0x41, 0xd8, 0xaf,
- 0x07, 0xa6, 0x12, 0xa8, 0x58, 0xc4, 0x42, 0x9c,
- 0xce, 0x90, 0x6a, 0x9e, 0x7e, 0x04, 0x27, 0xe3,
- 0xfa, 0x8e, 0xe5, 0xdc, 0xa8, 0x5a, 0xf7, 0xc9,
- 0x0d, 0x23, 0x56, 0x8e, 0x46, 0x84, 0xe8, 0x34,
- 0x83, 0x86, 0xca, 0xc1, 0xcd, 0xfe, 0x68, 0x00,
- 0x67, 0x3f, 0x24, 0x3b, 0x50, 0x63, 0x21, 0x7f,
- 0xba, 0xc6, 0xdb, 0xff, 0xf4, 0x3a, 0x10, 0xb6,
- 0xb5, 0x09, 0x4d, 0x41, 0xff, 0xef, 0xc0, 0x84,
- 0x48, 0x1b, 0x51, 0x87, 0xe6, 0x85, 0xf0, 0x1e,
- 0xbd, 0x99, 0x0d, 0xd3, 0x98, 0xd0, 0xab, 0xd8,
- 0x30, 0x2a, 0xd5, 0x74
- };
+ int ret;
+ unsigned char der[] = {
+ 0x30, 0x82, 0x04, 0x10, 0x30, 0x82, 0x03, 0x79,
+ 0xa0, 0x07, 0x02, 0x84, 0x90, 0x00, 0x00, 0x00,
+ 0x02, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+ 0x04, 0x05, 0x00, 0x30, 0x81, 0xbb, 0x31, 0x0b,
+ 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x53, 0x6f,
+ 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31,
+ 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07,
+ 0x13, 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69,
+ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03,
+ 0x55, 0x04, 0x0a, 0x13, 0x10, 0x53, 0x6f, 0x6d,
+ 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30,
+ 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16,
+ 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61,
+ 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+ 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x1e,
+ 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+ 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
+ 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+ 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29,
+ 0x30, 0x27, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x1a, 0x72,
+ 0x6f, 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61,
+ 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f,
+ 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69,
+ 0x6e, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x34, 0x30,
+ 0x32, 0x31, 0x38, 0x32, 0x30, 0x30, 0x32, 0x33,
+ 0x34, 0x5a, 0x17, 0x0d, 0x30, 0x35, 0x31, 0x31,
+ 0x31, 0x37, 0x32, 0x30, 0x30, 0x32, 0x33, 0x34,
+ 0x5a, 0x30, 0x81, 0xbb, 0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x2d,
+ 0x2d, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
+ 0x04, 0x08, 0x13, 0x09, 0x53, 0x6f, 0x6d, 0x65,
+ 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30,
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08,
+ 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69, 0x74, 0x79,
+ 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04,
+ 0x0a, 0x13, 0x10, 0x53, 0x6f, 0x6d, 0x65, 0x4f,
+ 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
+ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06,
+ 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x53, 0x6f,
+ 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+ 0x55, 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30, 0x1c,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x6c,
+ 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
+ 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64, 0x6f,
+ 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29, 0x30, 0x27,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x09, 0x01, 0x16, 0x1a, 0x72, 0x6f, 0x6f,
+ 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68,
+ 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
+ 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x30,
+ 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+ 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89,
+ 0x02, 0x81, 0x81, 0x00, 0xda, 0x3d, 0xb7, 0x66,
+ 0x9a, 0x41, 0x4f, 0xca, 0x1d, 0xd1, 0xc4, 0x1f,
+ 0xc9, 0x4c, 0xc6, 0x76, 0x45, 0xc5, 0x8e, 0x2f,
+ 0x3d, 0x45, 0xf5, 0x16, 0x9f, 0xb5, 0x22, 0x0b,
+ 0x61, 0x60, 0xa4, 0x42, 0x42, 0x98, 0xae, 0x45,
+ 0xe1, 0x4a, 0x17, 0x0b, 0x6e, 0xf7, 0x4e, 0xc0,
+ 0x1e, 0xe7, 0x78, 0xd0, 0x80, 0xfc, 0xde, 0x0a,
+ 0x96, 0x43, 0x13, 0xe4, 0xb5, 0xef, 0x47, 0xca,
+ 0x8f, 0xb3, 0x13, 0x92, 0x10, 0xc4, 0x02, 0x7b,
+ 0xbb, 0x6c, 0x9f, 0x2b, 0x63, 0x65, 0xfa, 0xac,
+ 0xcb, 0xc9, 0x14, 0x68, 0x53, 0xd9, 0xe2, 0x9c,
+ 0x57, 0x52, 0x23, 0xb9, 0x4f, 0x92, 0xc0, 0xa0,
+ 0xe3, 0xf5, 0x50, 0xb3, 0xc4, 0x5f, 0x4e, 0x73,
+ 0x9d, 0x0e, 0xfd, 0x9c, 0x57, 0x8e, 0x4c, 0x13,
+ 0xe0, 0x7a, 0x16, 0x6b, 0x27, 0xc9, 0xac, 0xb3,
+ 0x47, 0xb2, 0x3f, 0x8f, 0xe6, 0x1d, 0x00, 0xc8,
+ 0xaa, 0x6f, 0xdf, 0xcb, 0x02, 0x03, 0x01, 0x00,
+ 0x01, 0xa3, 0x82, 0x01, 0x1c, 0x30, 0x82, 0x01,
+ 0x18, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
+ 0x04, 0x16, 0x04, 0x14, 0xe6, 0x30, 0x79, 0x2b,
+ 0xe2, 0xcf, 0x4f, 0xa7, 0x40, 0xa4, 0xb9, 0xa4,
+ 0x1e, 0x95, 0x56, 0xe8, 0x94, 0xda, 0xd9, 0x15,
+ 0x30, 0x81, 0xe8, 0x06, 0x03, 0x55, 0x1d, 0x23,
+ 0x04, 0x81, 0xe0, 0x30, 0x81, 0xdd, 0x80, 0x14,
+ 0xe6, 0x30, 0x79, 0x2b, 0xe2, 0xcf, 0x4f, 0xa7,
+ 0x40, 0xa4, 0xb9, 0xa4, 0x1e, 0x95, 0x56, 0xe8,
+ 0x94, 0xda, 0xd9, 0x15, 0xa1, 0x81, 0xc1, 0xa4,
+ 0x81, 0xbe, 0x30, 0x81, 0xbb, 0x31, 0x0b, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
+ 0x55, 0x04, 0x08, 0x13, 0x09, 0x53, 0x6f, 0x6d,
+ 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11,
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13,
+ 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69, 0x74,
+ 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
+ 0x04, 0x0a, 0x13, 0x10, 0x53, 0x6f, 0x6d, 0x65,
+ 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d,
+ 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x16, 0x53,
+ 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e,
+ 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61,
+ 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30,
+ 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15,
+ 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73,
+ 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64,
+ 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29, 0x30,
+ 0x27, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x09, 0x01, 0x16, 0x1a, 0x72, 0x6f,
+ 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+ 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63,
+ 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
+ 0x82, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x03, 0x55,
+ 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+ 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00,
+ 0x03, 0x81, 0x81, 0x00, 0xcd, 0xc9, 0x30, 0x6d,
+ 0x02, 0x65, 0x41, 0xea, 0x0e, 0x46, 0x08, 0x6c,
+ 0x2f, 0xd5, 0xa7, 0xe4, 0x29, 0xd7, 0x3f, 0x18,
+ 0x16, 0xd7, 0x4b, 0x6f, 0x9d, 0xc0, 0x5b, 0xbf,
+ 0x68, 0x7b, 0x2e, 0x66, 0xa5, 0x1b, 0xfd, 0xff,
+ 0x09, 0x25, 0xa5, 0x56, 0x37, 0x41, 0xd8, 0xaf,
+ 0x07, 0xa6, 0x12, 0xa8, 0x58, 0xc4, 0x42, 0x9c,
+ 0xce, 0x90, 0x6a, 0x9e, 0x7e, 0x04, 0x27, 0xe3,
+ 0xfa, 0x8e, 0xe5, 0xdc, 0xa8, 0x5a, 0xf7, 0xc9,
+ 0x0d, 0x23, 0x56, 0x8e, 0x46, 0x84, 0xe8, 0x34,
+ 0x83, 0x86, 0xca, 0xc1, 0xcd, 0xfe, 0x68, 0x00,
+ 0x67, 0x3f, 0x24, 0x3b, 0x50, 0x63, 0x21, 0x7f,
+ 0xba, 0xc6, 0xdb, 0xff, 0xf4, 0x3a, 0x10, 0xb6,
+ 0xb5, 0x09, 0x4d, 0x41, 0xff, 0xef, 0xc0, 0x84,
+ 0x48, 0x1b, 0x51, 0x87, 0xe6, 0x85, 0xf0, 0x1e,
+ 0xbd, 0x99, 0x0d, 0xd3, 0x98, 0xd0, 0xab, 0xd8,
+ 0x30, 0x2a, 0xd5, 0x74
+ };
- /* Triggers crash in _asn1_get_objectid_der. */
- unsigned char der2[] = {
- 0x30, 0x82, 0x04, 0x10, 0x30, 0x82, 0x03, 0x79,
- 0xa0, 0x3, 0x2, 0x1, 0x2, 0x2, 0x1, 0x0, 0x30,
- 0x11, 0x6, 0x84, 0x10, 0x0, 0x0, 0x0, 0x2a,
- 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x4,
- 0x5, 0x0, 0x30, 0x81, 0xbb, 0x31, 0xb, 0x30,
- 0x9, 0x6, 0x3, 0x55, 0x4, 0x6, 0x13, 0x2,
- 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10, 0x6,
- 0x3, 0x55, 0x4, 0x8, 0x13, 0x9, 0x53,
- 0x6f, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74,
- 0x65, 0x31, 0x11, 0x30, 0xf, 0x6, 0x3,
- 0x55, 0x4, 0x7, 0x13, 0x8, 0x53, 0x6f,
- 0x6d, 0x65, 0x43, 0x69, 0x74, 0x79,
- 0x31, 0x19, 0x30, 0x17, 0x6, 0x3, 0x55,
- 0x4, 0xa, 0x13, 0x10, 0x53, 0x6f, 0x6d,
- 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
- 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
- 0x1f, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x4, 0xb,
- 0x13, 0x16, 0x53, 0x6f, 0x6d, 0x65, 0x4f,
- 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55,
- 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30, 0x1c,
- 0x6, 0x3, 0x55, 0x4, 0x3, 0x13, 0x15, 0x6c,
- 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73,
- 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
- 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31,
- 0x29, 0x30, 0x27, 0x6, 0x9, 0x2a, 0x86,
- 0x48, 0x86, 0xf7, 0xd, 0x1, 0x9, 0x1, 0x16,
- 0x1a, 0x72
- };
+ /* Triggers crash in _asn1_get_objectid_der. */
+ unsigned char der2[] = {
+ 0x30, 0x82, 0x04, 0x10, 0x30, 0x82, 0x03, 0x79,
+ 0xa0, 0x3, 0x2, 0x1, 0x2, 0x2, 0x1, 0x0, 0x30,
+ 0x11, 0x6, 0x84, 0x10, 0x0, 0x0, 0x0, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x4,
+ 0x5, 0x0, 0x30, 0x81, 0xbb, 0x31, 0xb, 0x30,
+ 0x9, 0x6, 0x3, 0x55, 0x4, 0x6, 0x13, 0x2,
+ 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10, 0x6,
+ 0x3, 0x55, 0x4, 0x8, 0x13, 0x9, 0x53,
+ 0x6f, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74,
+ 0x65, 0x31, 0x11, 0x30, 0xf, 0x6, 0x3,
+ 0x55, 0x4, 0x7, 0x13, 0x8, 0x53, 0x6f,
+ 0x6d, 0x65, 0x43, 0x69, 0x74, 0x79,
+ 0x31, 0x19, 0x30, 0x17, 0x6, 0x3, 0x55,
+ 0x4, 0xa, 0x13, 0x10, 0x53, 0x6f, 0x6d,
+ 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
+ 0x1f, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x4, 0xb,
+ 0x13, 0x16, 0x53, 0x6f, 0x6d, 0x65, 0x4f,
+ 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55,
+ 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30, 0x1c,
+ 0x6, 0x3, 0x55, 0x4, 0x3, 0x13, 0x15, 0x6c,
+ 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73,
+ 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+ 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31,
+ 0x29, 0x30, 0x27, 0x6, 0x9, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0xd, 0x1, 0x9, 0x1, 0x16,
+ 0x1a, 0x72
+ };
- /* Triggers crash in asn1_der_decoding. */
- unsigned char der3[] = {
- 0x30, 0x82, 0x4, 0x10, 0x30, 0x82, 0x3, 0x79,
- 0xa0, 0x3, 0x2, 0x1, 0x2, 0x2, 0x1, 0x0,
- 0x30, 0x11, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd,
- 0x1, 0x1, 0x4, 0x5, 0x84, 0x10, 0x0, 0x0, 0x0, 0x30, 0x81, 0xbb, 0x31,
- 0xb, 0x30, 0x9, 0x6, 0x3, 0x55, 0x4, 0x6, 0x13, 0x2, 0x2d, 0x2d, 0x31,
- 0x12, 0x30, 0x10, 0x6, 0x3, 0x55, 0x4, 0x8, 0x13, 0x9, 0x53, 0x6f, 0x6d,
- 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0xf, 0x6, 0x3,
- 0x55, 0x4, 0x7, 0x13, 0x8, 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69, 0x74,
- 0x79, 0x31, 0x19, 0x30, 0x17, 0x6, 0x3, 0x55, 0x4, 0xa, 0x13, 0x10,
- 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x4,
- 0xb, 0x13, 0x16, 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e,
- 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69,
- 0x74, 0x31, 0x1e, 0x30, 0x1c, 0x6, 0x3, 0x55, 0x4, 0x3, 0x13, 0x15,
- 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f,
- 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29, 0x30,
- 0x27, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x9, 0x1, 0x16,
- 0x1a, 0x72, 0x6f, 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68,
- 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d,
- 0x61, 0x69, 0x6e, 0x30, 0x1e, 0x17, 0xd, 0x30, 0x34, 0x30, 0x32, 0x31,
- 0x38, 0x32, 0x30, 0x30, 0x32, 0x33, 0x34, 0x5a, 0x17, 0xd, 0x30, 0x35,
- 0x31, 0x31, 0x31, 0x37, 0x32, 0x30, 0x30, 0x32, 0x33, 0x34, 0x5a, 0x30,
- 0x81, 0xbb, 0x31, 0xb, 0x30, 0x9, 0x6, 0x3, 0x55, 0x4, 0x6, 0x13, 0x2,
- 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10, 0x6, 0x3, 0x55, 0x4, 0x8, 0x13, 0x9,
- 0x53, 0x6f, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30,
- 0xf, 0x6, 0x3, 0x55, 0x4, 0x7, 0x13, 0x8, 0x53, 0x6f, 0x6d, 0x65, 0x43,
- 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x6, 0x3, 0x55, 0x4, 0xa,
- 0x13, 0x10, 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
- 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x6, 0x3,
- 0x55, 0x4, 0xb, 0x13, 0x16, 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67,
- 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55,
- 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30, 0x1c, 0x6, 0x3, 0x55, 0x4, 0x3,
- 0x13, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e,
- 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31,
- 0x29, 0x30, 0x27, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x9,
- 0x1, 0x16, 0x1a, 0x72, 0x6f, 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61,
- 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64,
- 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x30, 0x81, 0x9f, 0x30, 0xd, 0x6, 0x9,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0, 0x3, 0x81,
- 0x8d, 0x0, 0x30, 0x81, 0x89, 0x2, 0x81, 0x81, 0x0, 0xda, 0x3d, 0xb7,
- 0x66, 0x9a, 0x41, 0x4f, 0xca, 0x1d, 0xd1, 0xc4, 0x1f, 0xc9, 0x4c, 0xc6,
- 0x76, 0x45, 0xc5, 0x8e, 0x2f, 0x3d, 0x45, 0xf5, 0x16, 0x9f, 0xb5, 0x22,
- 0xb, 0x61, 0x60, 0xa4, 0x42, 0x42, 0x98, 0xae, 0x45, 0xe1, 0x4a, 0x17,
- 0xb, 0x6e, 0xf7, 0x4e, 0xc0, 0x1e, 0xe7, 0x78, 0xd0, 0x80, 0xfc, 0xde,
- 0xa, 0x96, 0x43, 0x13, 0xe4, 0xb5, 0xef, 0x47, 0xca, 0x8f, 0xb3, 0x13,
- 0x92, 0x10, 0xc4, 0x2, 0x7b, 0xbb, 0x6c, 0x9f, 0x2b, 0x63, 0x65, 0xfa,
- 0xac, 0xcb, 0xc9, 0x14, 0x68, 0x53, 0xd9, 0xe2, 0x9c, 0x57, 0x52, 0x23,
- 0xb9, 0x4f, 0x92, 0xc0, 0xa0, 0xe3, 0xf5, 0x50, 0xb3, 0xc4, 0x5f, 0x4e,
- 0x73, 0x9d, 0xe, 0xfd, 0x9c, 0x57, 0x8e, 0x4c, 0x13, 0xe0, 0x7a, 0x16,
- 0x6b, 0x27, 0xc9, 0xac, 0xb3, 0x47, 0xb2, 0x3f, 0x8f, 0xe6, 0x1d, 0x0,
- 0xc8, 0xaa, 0x6f, 0xdf, 0xcb, 0x2, 0x3, 0x1, 0x0, 0x1, 0xa3, 0x82, 0x1,
- 0x1c, 0x30, 0x82, 0x1, 0x18, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x1d, 0xe, 0x4,
- 0x16, 0x4, 0x14, 0xe6, 0x30, 0x79, 0x2b, 0xe2, 0xcf, 0x4f, 0xa7, 0x40,
- 0xa4, 0xb9, 0xa4, 0x1e, 0x95, 0x56, 0xe8, 0x94, 0xda, 0xd9, 0x15, 0x30,
- 0x81, 0xe8, 0x6, 0x3, 0x55, 0x1d, 0x23, 0x4, 0x81, 0xe0, 0x30, 0x81,
- 0xdd, 0x80, 0x14, 0xe6, 0x30, 0x79, 0x2b, 0xe2, 0xcf, 0x4f, 0xa7, 0x40,
- 0xa4, 0xb9, 0xa4, 0x1e, 0x95, 0x56, 0xe8, 0x94, 0xda, 0xd9, 0x15, 0xa1,
- 0x81, 0xc1, 0xa4, 0x81, 0xbe, 0x30, 0x81, 0xbb, 0x31, 0xb, 0x30, 0x9,
- 0x6, 0x3, 0x55, 0x4, 0x6, 0x13, 0x2, 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10,
- 0x6, 0x3, 0x55, 0x4, 0x8, 0x13, 0x9, 0x53, 0x6f, 0x6d, 0x65, 0x53, 0x74,
- 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0xf, 0x6, 0x3, 0x55, 0x4, 0x7, 0x13,
- 0x8, 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30,
- 0x17, 0x6, 0x3, 0x55, 0x4, 0xa, 0x13, 0x10, 0x53, 0x6f, 0x6d, 0x65,
- 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
- 0x31, 0x1f, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x4, 0xb, 0x13, 0x16, 0x53,
- 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30,
- 0x1c, 0x6, 0x3, 0x55, 0x4, 0x3, 0x13, 0x15, 0x6c, 0x6f, 0x63, 0x61,
- 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64,
- 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29, 0x30, 0x27, 0x6, 0x9, 0x2a,
- 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x9, 0x1, 0x16, 0x1a, 0x72, 0x6f,
- 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
- 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
- 0x82, 0x1, 0x0, 0x30, 0xc, 0x6, 0x3, 0x55, 0x1d, 0x13, 0x4, 0x5, 0x30,
- 0x3, 0x1, 0x1, 0xff, 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0xd, 0x1, 0x1, 0x4, 0x5, 0x0, 0x3, 0x81, 0x81, 0x0, 0xcd, 0xc9, 0x30,
- 0x6d, 0x2, 0x65, 0x41, 0xea, 0xe, 0x46, 0x8, 0x6c, 0x2f, 0xd5, 0xa7,
- 0xe4, 0x29, 0xd7, 0x3f, 0x18, 0x16, 0xd7, 0x4b, 0x6f, 0x9d, 0xc0, 0x5b,
- 0xbf, 0x68, 0x7b, 0x2e, 0x66, 0xa5, 0x1b, 0xfd, 0xff, 0x9, 0x25, 0xa5,
- 0x56, 0x37, 0x41, 0xd8, 0xaf, 0x7, 0xa6, 0x12, 0xa8, 0x58, 0xc4, 0x42,
- 0x9c, 0xce, 0x90, 0x6a, 0x9e, 0x7e, 0x4, 0x27, 0xe3, 0xfa, 0x8e, 0xe5,
- 0xdc, 0xa8, 0x5a, 0xf7, 0xc9, 0xd, 0x23, 0x56, 0x8e, 0x46, 0x84, 0xe8,
- 0x34, 0x83, 0x86, 0xca, 0xc1, 0xcd, 0xfe, 0x68, 0x0, 0x67, 0x3f, 0x24,
- 0x3b, 0x50, 0x63, 0x21, 0x7f, 0xba, 0xc6, 0xdb, 0xff, 0xf4, 0x3a, 0x10,
- 0xb6, 0xb5, 0x9, 0x4d, 0x41, 0xff, 0xef, 0xc0, 0x84, 0x48, 0x1b, 0x51,
- 0x87, 0xe6, 0x85, 0xf0, 0x1e, 0xbd, 0x99, 0xd, 0xd3, 0x98, 0xd0, 0xab,
- 0xd8, 0x30, 0x2a, 0xd5, 0x74
- };
- gnutls_datum_t derCert = { der, sizeof (der) };
- gnutls_datum_t der2Cert = { der2, sizeof (der2) };
- gnutls_datum_t der3Cert = { der3, sizeof (der3) };
- gnutls_x509_crt_t cert;
+ /* Triggers crash in asn1_der_decoding. */
+ unsigned char der3[] = {
+ 0x30, 0x82, 0x4, 0x10, 0x30, 0x82, 0x3, 0x79,
+ 0xa0, 0x3, 0x2, 0x1, 0x2, 0x2, 0x1, 0x0,
+ 0x30, 0x11, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd,
+ 0x1, 0x1, 0x4, 0x5, 0x84, 0x10, 0x0, 0x0, 0x0, 0x30, 0x81,
+ 0xbb, 0x31,
+ 0xb, 0x30, 0x9, 0x6, 0x3, 0x55, 0x4, 0x6, 0x13, 0x2, 0x2d,
+ 0x2d, 0x31,
+ 0x12, 0x30, 0x10, 0x6, 0x3, 0x55, 0x4, 0x8, 0x13, 0x9,
+ 0x53, 0x6f, 0x6d,
+ 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0xf,
+ 0x6, 0x3,
+ 0x55, 0x4, 0x7, 0x13, 0x8, 0x53, 0x6f, 0x6d, 0x65, 0x43,
+ 0x69, 0x74,
+ 0x79, 0x31, 0x19, 0x30, 0x17, 0x6, 0x3, 0x55, 0x4, 0xa,
+ 0x13, 0x10,
+ 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
+ 0x7a, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x6, 0x3,
+ 0x55, 0x4,
+ 0xb, 0x13, 0x16, 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67,
+ 0x61, 0x6e,
+ 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55,
+ 0x6e, 0x69,
+ 0x74, 0x31, 0x1e, 0x30, 0x1c, 0x6, 0x3, 0x55, 0x4, 0x3,
+ 0x13, 0x15,
+ 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e,
+ 0x6c, 0x6f,
+ 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31,
+ 0x29, 0x30,
+ 0x27, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1,
+ 0x9, 0x1, 0x16,
+ 0x1a, 0x72, 0x6f, 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61,
+ 0x6c, 0x68,
+ 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64,
+ 0x6f, 0x6d,
+ 0x61, 0x69, 0x6e, 0x30, 0x1e, 0x17, 0xd, 0x30, 0x34, 0x30,
+ 0x32, 0x31,
+ 0x38, 0x32, 0x30, 0x30, 0x32, 0x33, 0x34, 0x5a, 0x17, 0xd,
+ 0x30, 0x35,
+ 0x31, 0x31, 0x31, 0x37, 0x32, 0x30, 0x30, 0x32, 0x33, 0x34,
+ 0x5a, 0x30,
+ 0x81, 0xbb, 0x31, 0xb, 0x30, 0x9, 0x6, 0x3, 0x55, 0x4, 0x6,
+ 0x13, 0x2,
+ 0x2d, 0x2d, 0x31, 0x12, 0x30, 0x10, 0x6, 0x3, 0x55, 0x4,
+ 0x8, 0x13, 0x9,
+ 0x53, 0x6f, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31,
+ 0x11, 0x30,
+ 0xf, 0x6, 0x3, 0x55, 0x4, 0x7, 0x13, 0x8, 0x53, 0x6f, 0x6d,
+ 0x65, 0x43,
+ 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x6, 0x3, 0x55,
+ 0x4, 0xa,
+ 0x13, 0x10, 0x53, 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61,
+ 0x6e, 0x69,
+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d,
+ 0x6, 0x3,
+ 0x55, 0x4, 0xb, 0x13, 0x16, 0x53, 0x6f, 0x6d, 0x65, 0x4f,
+ 0x72, 0x67,
+ 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61,
+ 0x6c, 0x55,
+ 0x6e, 0x69, 0x74, 0x31, 0x1e, 0x30, 0x1c, 0x6, 0x3, 0x55,
+ 0x4, 0x3,
+ 0x13, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73,
+ 0x74, 0x2e,
+ 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69,
+ 0x6e, 0x31,
+ 0x29, 0x30, 0x27, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0xd, 0x1, 0x9,
+ 0x1, 0x16, 0x1a, 0x72, 0x6f, 0x6f, 0x74, 0x40, 0x6c, 0x6f,
+ 0x63, 0x61,
+ 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
+ 0x6c, 0x64,
+ 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x30, 0x81, 0x9f, 0x30, 0xd,
+ 0x6, 0x9,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0,
+ 0x3, 0x81,
+ 0x8d, 0x0, 0x30, 0x81, 0x89, 0x2, 0x81, 0x81, 0x0, 0xda,
+ 0x3d, 0xb7,
+ 0x66, 0x9a, 0x41, 0x4f, 0xca, 0x1d, 0xd1, 0xc4, 0x1f, 0xc9,
+ 0x4c, 0xc6,
+ 0x76, 0x45, 0xc5, 0x8e, 0x2f, 0x3d, 0x45, 0xf5, 0x16, 0x9f,
+ 0xb5, 0x22,
+ 0xb, 0x61, 0x60, 0xa4, 0x42, 0x42, 0x98, 0xae, 0x45, 0xe1,
+ 0x4a, 0x17,
+ 0xb, 0x6e, 0xf7, 0x4e, 0xc0, 0x1e, 0xe7, 0x78, 0xd0, 0x80,
+ 0xfc, 0xde,
+ 0xa, 0x96, 0x43, 0x13, 0xe4, 0xb5, 0xef, 0x47, 0xca, 0x8f,
+ 0xb3, 0x13,
+ 0x92, 0x10, 0xc4, 0x2, 0x7b, 0xbb, 0x6c, 0x9f, 0x2b, 0x63,
+ 0x65, 0xfa,
+ 0xac, 0xcb, 0xc9, 0x14, 0x68, 0x53, 0xd9, 0xe2, 0x9c, 0x57,
+ 0x52, 0x23,
+ 0xb9, 0x4f, 0x92, 0xc0, 0xa0, 0xe3, 0xf5, 0x50, 0xb3, 0xc4,
+ 0x5f, 0x4e,
+ 0x73, 0x9d, 0xe, 0xfd, 0x9c, 0x57, 0x8e, 0x4c, 0x13, 0xe0,
+ 0x7a, 0x16,
+ 0x6b, 0x27, 0xc9, 0xac, 0xb3, 0x47, 0xb2, 0x3f, 0x8f, 0xe6,
+ 0x1d, 0x0,
+ 0xc8, 0xaa, 0x6f, 0xdf, 0xcb, 0x2, 0x3, 0x1, 0x0, 0x1,
+ 0xa3, 0x82, 0x1,
+ 0x1c, 0x30, 0x82, 0x1, 0x18, 0x30, 0x1d, 0x6, 0x3, 0x55,
+ 0x1d, 0xe, 0x4,
+ 0x16, 0x4, 0x14, 0xe6, 0x30, 0x79, 0x2b, 0xe2, 0xcf, 0x4f,
+ 0xa7, 0x40,
+ 0xa4, 0xb9, 0xa4, 0x1e, 0x95, 0x56, 0xe8, 0x94, 0xda, 0xd9,
+ 0x15, 0x30,
+ 0x81, 0xe8, 0x6, 0x3, 0x55, 0x1d, 0x23, 0x4, 0x81, 0xe0,
+ 0x30, 0x81,
+ 0xdd, 0x80, 0x14, 0xe6, 0x30, 0x79, 0x2b, 0xe2, 0xcf, 0x4f,
+ 0xa7, 0x40,
+ 0xa4, 0xb9, 0xa4, 0x1e, 0x95, 0x56, 0xe8, 0x94, 0xda, 0xd9,
+ 0x15, 0xa1,
+ 0x81, 0xc1, 0xa4, 0x81, 0xbe, 0x30, 0x81, 0xbb, 0x31, 0xb,
+ 0x30, 0x9,
+ 0x6, 0x3, 0x55, 0x4, 0x6, 0x13, 0x2, 0x2d, 0x2d, 0x31,
+ 0x12, 0x30, 0x10,
+ 0x6, 0x3, 0x55, 0x4, 0x8, 0x13, 0x9, 0x53, 0x6f, 0x6d,
+ 0x65, 0x53, 0x74,
+ 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0xf, 0x6, 0x3, 0x55,
+ 0x4, 0x7, 0x13,
+ 0x8, 0x53, 0x6f, 0x6d, 0x65, 0x43, 0x69, 0x74, 0x79, 0x31,
+ 0x19, 0x30,
+ 0x17, 0x6, 0x3, 0x55, 0x4, 0xa, 0x13, 0x10, 0x53, 0x6f,
+ 0x6d, 0x65,
+ 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69,
+ 0x6f, 0x6e,
+ 0x31, 0x1f, 0x30, 0x1d, 0x6, 0x3, 0x55, 0x4, 0xb, 0x13,
+ 0x16, 0x53,
+ 0x6f, 0x6d, 0x65, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
+ 0x61, 0x74,
+ 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31,
+ 0x1e, 0x30,
+ 0x1c, 0x6, 0x3, 0x55, 0x4, 0x3, 0x13, 0x15, 0x6c, 0x6f,
+ 0x63, 0x61,
+ 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
+ 0x6c, 0x64,
+ 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x31, 0x29, 0x30, 0x27, 0x6,
+ 0x9, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x9, 0x1, 0x16, 0x1a,
+ 0x72, 0x6f,
+ 0x6f, 0x74, 0x40, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
+ 0x73, 0x74,
+ 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x64, 0x6f, 0x6d, 0x61,
+ 0x69, 0x6e,
+ 0x82, 0x1, 0x0, 0x30, 0xc, 0x6, 0x3, 0x55, 0x1d, 0x13, 0x4,
+ 0x5, 0x30,
+ 0x3, 0x1, 0x1, 0xff, 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48,
+ 0x86, 0xf7,
+ 0xd, 0x1, 0x1, 0x4, 0x5, 0x0, 0x3, 0x81, 0x81, 0x0, 0xcd,
+ 0xc9, 0x30,
+ 0x6d, 0x2, 0x65, 0x41, 0xea, 0xe, 0x46, 0x8, 0x6c, 0x2f,
+ 0xd5, 0xa7,
+ 0xe4, 0x29, 0xd7, 0x3f, 0x18, 0x16, 0xd7, 0x4b, 0x6f, 0x9d,
+ 0xc0, 0x5b,
+ 0xbf, 0x68, 0x7b, 0x2e, 0x66, 0xa5, 0x1b, 0xfd, 0xff, 0x9,
+ 0x25, 0xa5,
+ 0x56, 0x37, 0x41, 0xd8, 0xaf, 0x7, 0xa6, 0x12, 0xa8, 0x58,
+ 0xc4, 0x42,
+ 0x9c, 0xce, 0x90, 0x6a, 0x9e, 0x7e, 0x4, 0x27, 0xe3, 0xfa,
+ 0x8e, 0xe5,
+ 0xdc, 0xa8, 0x5a, 0xf7, 0xc9, 0xd, 0x23, 0x56, 0x8e, 0x46,
+ 0x84, 0xe8,
+ 0x34, 0x83, 0x86, 0xca, 0xc1, 0xcd, 0xfe, 0x68, 0x0, 0x67,
+ 0x3f, 0x24,
+ 0x3b, 0x50, 0x63, 0x21, 0x7f, 0xba, 0xc6, 0xdb, 0xff, 0xf4,
+ 0x3a, 0x10,
+ 0xb6, 0xb5, 0x9, 0x4d, 0x41, 0xff, 0xef, 0xc0, 0x84, 0x48,
+ 0x1b, 0x51,
+ 0x87, 0xe6, 0x85, 0xf0, 0x1e, 0xbd, 0x99, 0xd, 0xd3, 0x98,
+ 0xd0, 0xab,
+ 0xd8, 0x30, 0x2a, 0xd5, 0x74
+ };
+ gnutls_datum_t derCert = { der, sizeof(der) };
+ gnutls_datum_t der2Cert = { der2, sizeof(der2) };
+ gnutls_datum_t der3Cert = { der3, sizeof(der3) };
+ gnutls_x509_crt_t cert;
- ret = global_init ();
- if (ret < 0)
- fail ("init %d\n", ret);
+ ret = global_init();
+ if (ret < 0)
+ fail("init %d\n", ret);
- ret = gnutls_x509_crt_init (&cert);
- if (ret < 0)
- fail ("crt_init %d\n", ret);
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0)
+ fail("crt_init %d\n", ret);
- ret = gnutls_x509_crt_import (cert, &derCert, GNUTLS_X509_FMT_DER);
- if (ret != GNUTLS_E_ASN1_DER_ERROR)
- fail ("crt_import %d\n", ret);
+ ret = gnutls_x509_crt_import(cert, &derCert, GNUTLS_X509_FMT_DER);
+ if (ret != GNUTLS_E_ASN1_DER_ERROR)
+ fail("crt_import %d\n", ret);
- gnutls_x509_crt_deinit (cert);
+ gnutls_x509_crt_deinit(cert);
- ret = gnutls_x509_crt_init (&cert);
- if (ret < 0)
- fail ("crt_init %d\n", ret);
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0)
+ fail("crt_init %d\n", ret);
- ret = gnutls_x509_crt_import (cert, &der2Cert, GNUTLS_X509_FMT_DER);
- if (ret != GNUTLS_E_ASN1_DER_ERROR)
- fail ("crt2_import %d\n", ret);
+ ret = gnutls_x509_crt_import(cert, &der2Cert, GNUTLS_X509_FMT_DER);
+ if (ret != GNUTLS_E_ASN1_DER_ERROR)
+ fail("crt2_import %d\n", ret);
- gnutls_x509_crt_deinit (cert);
+ gnutls_x509_crt_deinit(cert);
- ret = gnutls_x509_crt_init (&cert);
- if (ret < 0)
- fail ("crt_init %d\n", ret);
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0)
+ fail("crt_init %d\n", ret);
- ret = gnutls_x509_crt_import (cert, &der3Cert, GNUTLS_X509_FMT_DER);
- if (ret != GNUTLS_E_ASN1_DER_ERROR)
- fail ("crt3_import %d\n", ret);
+ ret = gnutls_x509_crt_import(cert, &der3Cert, GNUTLS_X509_FMT_DER);
+ if (ret != GNUTLS_E_ASN1_DER_ERROR)
+ fail("crt3_import %d\n", ret);
- if (debug)
- success ("done\n");
+ if (debug)
+ success("done\n");
- gnutls_x509_crt_deinit (cert);
+ gnutls_x509_crt_deinit(cert);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
diff --git a/tests/certificate_set_x509_crl.c b/tests/certificate_set_x509_crl.c
index 5e76e79706..7aa19581cc 100644
--- a/tests/certificate_set_x509_crl.c
+++ b/tests/certificate_set_x509_crl.c
@@ -33,81 +33,77 @@
#include <gnutls/x509.h>
static char crl[] =
- "-----BEGIN X509 CRL-----\n"
- "MIIB9DCCAV8CAQEwCwYJKoZIhvcNAQEFMIIBCDEXMBUGA1UEChMOVmVyaVNpZ24s\n"
- "IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsT\n"
- "PXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYu\n"
- "LExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEm\n"
- "MCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxGDAWBgNVBAMU\n"
- "D1NpbW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3DQEJARYTc2ltb25Aam9zZWZzc29u\n"
- "Lm9yZxcNMDYxMjI3MDgwMjM0WhcNMDcwMjA3MDgwMjM1WjAjMCECEC4QNwPfRoWd\n"
- "elUNpllhhTgXDTA2MTIyNzA4MDIzNFowCwYJKoZIhvcNAQEFA4GBAD0zX+J2hkcc\n"
- "Nbrq1Dn5IKL8nXLgPGcHv1I/le1MNo9t1ohGQxB5HnFUkRPAY82fR6Epor4aHgVy\n"
- "b+5y+neKN9Kn2mPF4iiun+a4o26CjJ0pArojCL1p8T0yyi9Xxvyc/ezaZ98HiIyP\n"
- "c3DGMNR+oUmSjKZ0jIhAYmeLxaPHfQwR\n" "-----END X509 CRL-----\n";
+ "-----BEGIN X509 CRL-----\n"
+ "MIIB9DCCAV8CAQEwCwYJKoZIhvcNAQEFMIIBCDEXMBUGA1UEChMOVmVyaVNpZ24s\n"
+ "IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsT\n"
+ "PXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYu\n"
+ "LExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEm\n"
+ "MCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxGDAWBgNVBAMU\n"
+ "D1NpbW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3DQEJARYTc2ltb25Aam9zZWZzc29u\n"
+ "Lm9yZxcNMDYxMjI3MDgwMjM0WhcNMDcwMjA3MDgwMjM1WjAjMCECEC4QNwPfRoWd\n"
+ "elUNpllhhTgXDTA2MTIyNzA4MDIzNFowCwYJKoZIhvcNAQEFA4GBAD0zX+J2hkcc\n"
+ "Nbrq1Dn5IKL8nXLgPGcHv1I/le1MNo9t1ohGQxB5HnFUkRPAY82fR6Epor4aHgVy\n"
+ "b+5y+neKN9Kn2mPF4iiun+a4o26CjJ0pArojCL1p8T0yyi9Xxvyc/ezaZ98HiIyP\n"
+ "c3DGMNR+oUmSjKZ0jIhAYmeLxaPHfQwR\n" "-----END X509 CRL-----\n";
/* Test regression of bug reported by Max Kellermann <max@duempel.org>
in Message-ID: <20061211075202.GA1517@roonstrasse.net> to the
gnutls-dev@gnupg.org list. */
-int
-main (void)
+int main(void)
{
- int rc;
- gnutls_certificate_credentials_t crt;
- gnutls_datum_t crldatum = { (uint8_t*)crl, strlen (crl) };
- gnutls_x509_crl_t crl;
+ int rc;
+ gnutls_certificate_credentials_t crt;
+ gnutls_datum_t crldatum = { (uint8_t *) crl, strlen(crl) };
+ gnutls_x509_crl_t crl;
- rc = global_init ();
- if (rc)
- {
- printf ("global_init rc %d: %s\n", rc, gnutls_strerror (rc));
- return 1;
- }
+ rc = global_init();
+ if (rc) {
+ printf("global_init rc %d: %s\n", rc, gnutls_strerror(rc));
+ return 1;
+ }
- rc = gnutls_certificate_allocate_credentials (&crt);
- if (rc)
- {
- printf ("gnutls_certificate_allocate_credentials rc %d: %s\n",
- rc, gnutls_strerror (rc));
- return 1;
- }
+ rc = gnutls_certificate_allocate_credentials(&crt);
+ if (rc) {
+ printf
+ ("gnutls_certificate_allocate_credentials rc %d: %s\n",
+ rc, gnutls_strerror(rc));
+ return 1;
+ }
- rc = gnutls_certificate_set_x509_crl_mem (crt, &crldatum,
- GNUTLS_X509_FMT_PEM);
- if (rc != 1)
- {
- printf ("gnutls_certificate_set_x509_crl_mem num %d\n", rc);
- return 1;
- }
+ rc = gnutls_certificate_set_x509_crl_mem(crt, &crldatum,
+ GNUTLS_X509_FMT_PEM);
+ if (rc != 1) {
+ printf("gnutls_certificate_set_x509_crl_mem num %d\n", rc);
+ return 1;
+ }
- rc = gnutls_x509_crl_init (&crl);
- if (rc)
- {
- printf ("gnutls_x509_crl_init rc %d: %s\n", rc, gnutls_strerror (rc));
- return 1;
- }
+ rc = gnutls_x509_crl_init(&crl);
+ if (rc) {
+ printf("gnutls_x509_crl_init rc %d: %s\n", rc,
+ gnutls_strerror(rc));
+ return 1;
+ }
- rc = gnutls_x509_crl_import (crl, &crldatum, GNUTLS_X509_FMT_PEM);
- if (rc)
- {
- printf ("gnutls_x509_crl_import rc %d: %s\n", rc, gnutls_strerror (rc));
- return 1;
- }
+ rc = gnutls_x509_crl_import(crl, &crldatum, GNUTLS_X509_FMT_PEM);
+ if (rc) {
+ printf("gnutls_x509_crl_import rc %d: %s\n", rc,
+ gnutls_strerror(rc));
+ return 1;
+ }
- rc = gnutls_certificate_set_x509_crl (crt, &crl, 1);
- if (rc < 0)
- {
- printf ("gnutls_certificate_set_x509_crl rc %d: %s\n",
- rc, gnutls_strerror (rc));
- return 1;
- }
+ rc = gnutls_certificate_set_x509_crl(crt, &crl, 1);
+ if (rc < 0) {
+ printf("gnutls_certificate_set_x509_crl rc %d: %s\n",
+ rc, gnutls_strerror(rc));
+ return 1;
+ }
- gnutls_x509_crl_deinit (crl);
+ gnutls_x509_crl_deinit(crl);
- gnutls_certificate_free_credentials (crt);
+ gnutls_certificate_free_credentials(crt);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/tests/certuniqueid.c b/tests/certuniqueid.c
index 536ab0f849..38fc9b37f0 100644
--- a/tests/certuniqueid.c
+++ b/tests/certuniqueid.c
@@ -30,164 +30,216 @@
#include "gnutls/x509.h"
#include "utils.h"
-void
-doit (void)
+void doit(void)
{
- int ret;
- unsigned char der[] = {
- 0x30, 0x82, 0x03, 0x00, 0x30, 0x82, 0x01, 0xec, 0xa0, 0x03, 0x02, 0x01,
- 0x02, 0x02, 0x10, 0xbd,
- 0x76, 0xdf, 0x42, 0x47, 0x0a, 0x00, 0x8d, 0x47, 0x3e, 0x74, 0x3f, 0xa1,
- 0xdc, 0x8b, 0xbd, 0x30,
- 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x2d,
- 0x31, 0x2b, 0x30, 0x29,
- 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, 0x6b,
- 0x00, 0x38, 0x00, 0x72,
- 0x00, 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, 0x77,
- 0x00, 0x73, 0x00, 0x2e,
- 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x1e, 0x17,
- 0x0d, 0x31, 0x30, 0x30,
- 0x34, 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x17, 0x0d,
- 0x31, 0x31, 0x30, 0x34,
- 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x30, 0x2d, 0x31,
- 0x2b, 0x30, 0x29, 0x06,
- 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
- 0x38, 0x00, 0x72, 0x00,
- 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, 0x77, 0x00,
- 0x73, 0x00, 0x2e, 0x00,
- 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x82, 0x01, 0x22,
- 0x30, 0x0d, 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
- 0x82, 0x01, 0x0f, 0x00,
- 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaa, 0xd7, 0x32,
- 0x26, 0xd7, 0xfc, 0x69,
- 0x57, 0x4a, 0x55, 0x08, 0x2b, 0x97, 0xc1, 0x5b, 0x90, 0xfd, 0xe8, 0xf5,
- 0xf7, 0x9e, 0x7d, 0x34,
- 0xce, 0xe9, 0xbb, 0x38, 0xa0, 0x9f, 0xec, 0x84, 0x86, 0x3e, 0x47, 0x2e,
- 0x71, 0xd7, 0xc3, 0xbf,
- 0x89, 0xf3, 0x80, 0xb5, 0x77, 0x80, 0xd3, 0xb0, 0x56, 0x6b, 0x9c, 0xf4,
- 0xd3, 0x42, 0x2b, 0x26,
- 0x01, 0x5c, 0x42, 0xef, 0xf6, 0x51, 0x5a, 0xaa, 0x55, 0x6b, 0x30, 0xd3,
- 0x2c, 0xdc, 0xde, 0x36,
- 0x4d, 0xdd, 0xf3, 0x5f, 0x59, 0xba, 0x57, 0xd8, 0x39, 0x0f, 0x5b, 0xd3,
- 0xe1, 0x34, 0x39, 0x22,
- 0xaa, 0x71, 0x10, 0x59, 0x7a, 0xec, 0x9f, 0x1a, 0xf5, 0xa9, 0x40, 0xd6,
- 0x7b, 0x32, 0x5f, 0x19,
- 0x85, 0xc0, 0xfd, 0xa6, 0x6c, 0x32, 0x58, 0xdc, 0x7c, 0x07, 0x42, 0x36,
- 0xd0, 0x57, 0x78, 0x63,
- 0x60, 0x92, 0x1d, 0x1f, 0x9d, 0xbd, 0xcc, 0xd7, 0xe3, 0x1a, 0x57, 0xdb,
- 0x70, 0x80, 0x89, 0x36,
- 0x39, 0x01, 0x71, 0x5a, 0x2a, 0x05, 0x25, 0x13, 0x80, 0xf8, 0x49, 0x48,
- 0x5f, 0x06, 0xd0, 0xcb,
- 0x2c, 0x58, 0x9a, 0xe7, 0x8b, 0x6d, 0x17, 0x2c, 0xb2, 0x97, 0x2c, 0x15,
- 0xc9, 0x73, 0x6d, 0x8f,
- 0x4f, 0xf3, 0xf1, 0xb9, 0x70, 0x3f, 0xcb, 0x5f, 0x80, 0x85, 0x8b, 0xdf,
- 0xd2, 0x05, 0x95, 0x1c,
- 0xe4, 0x37, 0xee, 0xd2, 0x62, 0x49, 0x08, 0xdf, 0xf6, 0x02, 0xec, 0xe6,
- 0x9a, 0x37, 0xfc, 0x21,
- 0x7a, 0x98, 0x12, 0x1d, 0x79, 0xbf, 0xc7, 0x0f, 0x0a, 0x20, 0xf8, 0xef,
- 0xa5, 0xc6, 0x0e, 0x94,
- 0x5e, 0x17, 0x94, 0x12, 0x42, 0xfe, 0xd7, 0x22, 0xbd, 0x31, 0x27, 0xc7,
- 0xdb, 0x4a, 0x4e, 0x95,
- 0xe2, 0xc1, 0xdd, 0xe8, 0x0f, 0x7d, 0x1d, 0xe4, 0xfd, 0xb1, 0x27, 0x7b,
- 0xc1, 0x71, 0xfe, 0x27,
- 0x47, 0x89, 0xf4, 0xfc, 0x84, 0xa5, 0x57, 0x5d, 0x21, 0x02, 0x03, 0x01,
- 0x00, 0x01, 0x81, 0x11,
- 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a,
- 0x47, 0x42, 0xdf, 0x76,
- 0xbd, 0x82, 0x11, 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47,
- 0x8d, 0x00, 0x0a, 0x47,
- 0x42, 0xdf, 0x76, 0xbd, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
- 0x1d, 0x05, 0x00, 0x03,
- 0x82, 0x01, 0x01, 0x00, 0xa7, 0xb0, 0x66, 0x75, 0x14, 0x7e, 0x7d, 0xb5,
- 0x31, 0xec, 0xb2, 0xeb,
- 0x90, 0x80, 0x95, 0x25, 0x59, 0x0f, 0xe4, 0x15, 0x86, 0x2d, 0x9d, 0xd7,
- 0x35, 0xe9, 0x22, 0x74,
- 0xe7, 0x85, 0x36, 0x19, 0x4f, 0x27, 0x5c, 0x17, 0x63, 0x7b, 0x2a, 0xfe,
- 0x59, 0xe9, 0x76, 0x77,
- 0xd0, 0xc9, 0x40, 0x78, 0x7c, 0x31, 0x62, 0x1e, 0x87, 0x1b, 0xc1, 0x19,
- 0xef, 0x6f, 0x15, 0xe6,
- 0xce, 0x74, 0x84, 0x6d, 0xd6, 0x3b, 0x57, 0xd9, 0xa9, 0x13, 0xf6, 0x7d,
- 0x84, 0xe7, 0x8f, 0xc6,
- 0x01, 0x5f, 0xcf, 0xc4, 0x95, 0xc9, 0xde, 0x97, 0x17, 0x43, 0x12, 0x70,
- 0x27, 0xf9, 0xc4, 0xd7,
- 0xe1, 0x05, 0xbb, 0x63, 0x87, 0x5f, 0xdc, 0x20, 0xbd, 0xd1, 0xde, 0xd6,
- 0x2d, 0x9f, 0x3f, 0x5d,
- 0x0a, 0x27, 0x40, 0x11, 0x5f, 0x5d, 0x54, 0xa7, 0x28, 0xf9, 0x03, 0x2e,
- 0x84, 0x8d, 0x48, 0x60,
- 0xa1, 0x71, 0xa3, 0x46, 0x69, 0xdb, 0x88, 0x7b, 0xc1, 0xb6, 0x08, 0x2d,
- 0xdf, 0x25, 0x9d, 0x32,
- 0x76, 0x49, 0x0b, 0xba, 0xab, 0xdd, 0xc3, 0x00, 0x76, 0x8a, 0x94, 0xd2,
- 0x25, 0x43, 0xf0, 0xa9,
- 0x98, 0x65, 0x94, 0xc7, 0xdd, 0x7c, 0xd4, 0xe2, 0xe8, 0x33, 0xe2, 0x9a,
- 0xe9, 0x75, 0xf0, 0x0f,
- 0x61, 0x86, 0xee, 0x0e, 0xf7, 0x39, 0x6b, 0x30, 0x63, 0xe5, 0x46, 0xd4,
- 0x1c, 0x83, 0xa1, 0x28,
- 0x79, 0x76, 0x81, 0x48, 0x38, 0x72, 0xbc, 0x3f, 0x25, 0x53, 0x31, 0xaa,
- 0x02, 0xd1, 0x9b, 0x03,
- 0xa2, 0x5c, 0x94, 0x21, 0xb3, 0x8e, 0xdf, 0x2a, 0xa5, 0x4c, 0x65, 0xa2,
- 0xf9, 0xac, 0x38, 0x7a,
- 0xf9, 0x45, 0xb3, 0xd5, 0xda, 0xe5, 0xb9, 0x56, 0x9e, 0x47, 0xd5, 0x06,
- 0xe6, 0xca, 0xd7, 0x6e,
- 0x06, 0xdb, 0x6e, 0xa7, 0x7b, 0x4b, 0x13, 0x40, 0x3c, 0x12, 0x76, 0x99,
- 0x65, 0xb4, 0x54, 0xa1,
- 0xd8, 0x21, 0x5c, 0x27
- };
-
- gnutls_datum_t derCert = { der, sizeof (der) };
-
- gnutls_x509_crt_t cert;
-
- int result;
- unsigned char expectedId[] =
- { 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, 0x0a, 0x47,
- 0x42, 0xdf, 0x76, 0xbd
- };
-
- char buf[17];
- size_t buf_size;
-
- ret = global_init ();
- if (ret < 0)
- fail ("init %d\n", ret);
-
- ret = gnutls_x509_crt_init (&cert);
- if (ret < 0)
- fail ("crt_init %d\n", ret);
-
- ret = gnutls_x509_crt_import (cert, &derCert, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- fail ("crt_import %d\n", ret);
-
- buf_size = 15;
- result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
- if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
- fail ("get_issuer_unique_id short error %d\n", result);
- if (buf_size != 16)
- fail ("get_issuer_unique_id buf size %zd\n", buf_size);
-
- buf_size = 16;
- result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
- if (result < 0)
- fail ("get_issuer_unique_id %d\n", result);
- if (memcmp (buf, expectedId, buf_size) != 0)
- fail ("expected id mismatch for issuer\n");
-
- buf_size = 15;
- result = gnutls_x509_crt_get_subject_unique_id (cert, buf, &buf_size);
- if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
- fail ("get_subject_unique_id short error %d\n", result);
- if (buf_size != 16)
- fail ("get_subject_unique_id buf size %zd\n", buf_size);
-
- buf_size = 16;
- result = gnutls_x509_crt_get_subject_unique_id (cert, buf, &buf_size);
- if (result < 0)
- fail ("get_subject_unique_id %d\n", result);
- if (memcmp (buf, expectedId, buf_size) != 0)
- fail ("expected id mismatch for subject\n");
-
- gnutls_x509_crt_deinit (cert);
-
- gnutls_global_deinit ();
+ int ret;
+ unsigned char der[] = {
+ 0x30, 0x82, 0x03, 0x00, 0x30, 0x82, 0x01, 0xec, 0xa0, 0x03,
+ 0x02, 0x01,
+ 0x02, 0x02, 0x10, 0xbd,
+ 0x76, 0xdf, 0x42, 0x47, 0x0a, 0x00, 0x8d, 0x47, 0x3e, 0x74,
+ 0x3f, 0xa1,
+ 0xdc, 0x8b, 0xbd, 0x30,
+ 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00,
+ 0x30, 0x2d,
+ 0x31, 0x2b, 0x30, 0x29,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32,
+ 0x00, 0x6b,
+ 0x00, 0x38, 0x00, 0x72,
+ 0x00, 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74,
+ 0x00, 0x77,
+ 0x00, 0x73, 0x00, 0x2e,
+ 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30,
+ 0x1e, 0x17,
+ 0x0d, 0x31, 0x30, 0x30,
+ 0x34, 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a,
+ 0x17, 0x0d,
+ 0x31, 0x31, 0x30, 0x34,
+ 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x30,
+ 0x2d, 0x31,
+ 0x2b, 0x30, 0x29, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00,
+ 0x6b, 0x00,
+ 0x38, 0x00, 0x72, 0x00,
+ 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00,
+ 0x77, 0x00,
+ 0x73, 0x00, 0x2e, 0x00,
+ 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x82,
+ 0x01, 0x22,
+ 0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+ 0x00, 0x03,
+ 0x82, 0x01, 0x0f, 0x00,
+ 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaa,
+ 0xd7, 0x32,
+ 0x26, 0xd7, 0xfc, 0x69,
+ 0x57, 0x4a, 0x55, 0x08, 0x2b, 0x97, 0xc1, 0x5b, 0x90, 0xfd,
+ 0xe8, 0xf5,
+ 0xf7, 0x9e, 0x7d, 0x34,
+ 0xce, 0xe9, 0xbb, 0x38, 0xa0, 0x9f, 0xec, 0x84, 0x86, 0x3e,
+ 0x47, 0x2e,
+ 0x71, 0xd7, 0xc3, 0xbf,
+ 0x89, 0xf3, 0x80, 0xb5, 0x77, 0x80, 0xd3, 0xb0, 0x56, 0x6b,
+ 0x9c, 0xf4,
+ 0xd3, 0x42, 0x2b, 0x26,
+ 0x01, 0x5c, 0x42, 0xef, 0xf6, 0x51, 0x5a, 0xaa, 0x55, 0x6b,
+ 0x30, 0xd3,
+ 0x2c, 0xdc, 0xde, 0x36,
+ 0x4d, 0xdd, 0xf3, 0x5f, 0x59, 0xba, 0x57, 0xd8, 0x39, 0x0f,
+ 0x5b, 0xd3,
+ 0xe1, 0x34, 0x39, 0x22,
+ 0xaa, 0x71, 0x10, 0x59, 0x7a, 0xec, 0x9f, 0x1a, 0xf5, 0xa9,
+ 0x40, 0xd6,
+ 0x7b, 0x32, 0x5f, 0x19,
+ 0x85, 0xc0, 0xfd, 0xa6, 0x6c, 0x32, 0x58, 0xdc, 0x7c, 0x07,
+ 0x42, 0x36,
+ 0xd0, 0x57, 0x78, 0x63,
+ 0x60, 0x92, 0x1d, 0x1f, 0x9d, 0xbd, 0xcc, 0xd7, 0xe3, 0x1a,
+ 0x57, 0xdb,
+ 0x70, 0x80, 0x89, 0x36,
+ 0x39, 0x01, 0x71, 0x5a, 0x2a, 0x05, 0x25, 0x13, 0x80, 0xf8,
+ 0x49, 0x48,
+ 0x5f, 0x06, 0xd0, 0xcb,
+ 0x2c, 0x58, 0x9a, 0xe7, 0x8b, 0x6d, 0x17, 0x2c, 0xb2, 0x97,
+ 0x2c, 0x15,
+ 0xc9, 0x73, 0x6d, 0x8f,
+ 0x4f, 0xf3, 0xf1, 0xb9, 0x70, 0x3f, 0xcb, 0x5f, 0x80, 0x85,
+ 0x8b, 0xdf,
+ 0xd2, 0x05, 0x95, 0x1c,
+ 0xe4, 0x37, 0xee, 0xd2, 0x62, 0x49, 0x08, 0xdf, 0xf6, 0x02,
+ 0xec, 0xe6,
+ 0x9a, 0x37, 0xfc, 0x21,
+ 0x7a, 0x98, 0x12, 0x1d, 0x79, 0xbf, 0xc7, 0x0f, 0x0a, 0x20,
+ 0xf8, 0xef,
+ 0xa5, 0xc6, 0x0e, 0x94,
+ 0x5e, 0x17, 0x94, 0x12, 0x42, 0xfe, 0xd7, 0x22, 0xbd, 0x31,
+ 0x27, 0xc7,
+ 0xdb, 0x4a, 0x4e, 0x95,
+ 0xe2, 0xc1, 0xdd, 0xe8, 0x0f, 0x7d, 0x1d, 0xe4, 0xfd, 0xb1,
+ 0x27, 0x7b,
+ 0xc1, 0x71, 0xfe, 0x27,
+ 0x47, 0x89, 0xf4, 0xfc, 0x84, 0xa5, 0x57, 0x5d, 0x21, 0x02,
+ 0x03, 0x01,
+ 0x00, 0x01, 0x81, 0x11,
+ 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d,
+ 0x00, 0x0a,
+ 0x47, 0x42, 0xdf, 0x76,
+ 0xbd, 0x82, 0x11, 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74,
+ 0x3e, 0x47,
+ 0x8d, 0x00, 0x0a, 0x47,
+ 0x42, 0xdf, 0x76, 0xbd, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
+ 0x03, 0x02,
+ 0x1d, 0x05, 0x00, 0x03,
+ 0x82, 0x01, 0x01, 0x00, 0xa7, 0xb0, 0x66, 0x75, 0x14, 0x7e,
+ 0x7d, 0xb5,
+ 0x31, 0xec, 0xb2, 0xeb,
+ 0x90, 0x80, 0x95, 0x25, 0x59, 0x0f, 0xe4, 0x15, 0x86, 0x2d,
+ 0x9d, 0xd7,
+ 0x35, 0xe9, 0x22, 0x74,
+ 0xe7, 0x85, 0x36, 0x19, 0x4f, 0x27, 0x5c, 0x17, 0x63, 0x7b,
+ 0x2a, 0xfe,
+ 0x59, 0xe9, 0x76, 0x77,
+ 0xd0, 0xc9, 0x40, 0x78, 0x7c, 0x31, 0x62, 0x1e, 0x87, 0x1b,
+ 0xc1, 0x19,
+ 0xef, 0x6f, 0x15, 0xe6,
+ 0xce, 0x74, 0x84, 0x6d, 0xd6, 0x3b, 0x57, 0xd9, 0xa9, 0x13,
+ 0xf6, 0x7d,
+ 0x84, 0xe7, 0x8f, 0xc6,
+ 0x01, 0x5f, 0xcf, 0xc4, 0x95, 0xc9, 0xde, 0x97, 0x17, 0x43,
+ 0x12, 0x70,
+ 0x27, 0xf9, 0xc4, 0xd7,
+ 0xe1, 0x05, 0xbb, 0x63, 0x87, 0x5f, 0xdc, 0x20, 0xbd, 0xd1,
+ 0xde, 0xd6,
+ 0x2d, 0x9f, 0x3f, 0x5d,
+ 0x0a, 0x27, 0x40, 0x11, 0x5f, 0x5d, 0x54, 0xa7, 0x28, 0xf9,
+ 0x03, 0x2e,
+ 0x84, 0x8d, 0x48, 0x60,
+ 0xa1, 0x71, 0xa3, 0x46, 0x69, 0xdb, 0x88, 0x7b, 0xc1, 0xb6,
+ 0x08, 0x2d,
+ 0xdf, 0x25, 0x9d, 0x32,
+ 0x76, 0x49, 0x0b, 0xba, 0xab, 0xdd, 0xc3, 0x00, 0x76, 0x8a,
+ 0x94, 0xd2,
+ 0x25, 0x43, 0xf0, 0xa9,
+ 0x98, 0x65, 0x94, 0xc7, 0xdd, 0x7c, 0xd4, 0xe2, 0xe8, 0x33,
+ 0xe2, 0x9a,
+ 0xe9, 0x75, 0xf0, 0x0f,
+ 0x61, 0x86, 0xee, 0x0e, 0xf7, 0x39, 0x6b, 0x30, 0x63, 0xe5,
+ 0x46, 0xd4,
+ 0x1c, 0x83, 0xa1, 0x28,
+ 0x79, 0x76, 0x81, 0x48, 0x38, 0x72, 0xbc, 0x3f, 0x25, 0x53,
+ 0x31, 0xaa,
+ 0x02, 0xd1, 0x9b, 0x03,
+ 0xa2, 0x5c, 0x94, 0x21, 0xb3, 0x8e, 0xdf, 0x2a, 0xa5, 0x4c,
+ 0x65, 0xa2,
+ 0xf9, 0xac, 0x38, 0x7a,
+ 0xf9, 0x45, 0xb3, 0xd5, 0xda, 0xe5, 0xb9, 0x56, 0x9e, 0x47,
+ 0xd5, 0x06,
+ 0xe6, 0xca, 0xd7, 0x6e,
+ 0x06, 0xdb, 0x6e, 0xa7, 0x7b, 0x4b, 0x13, 0x40, 0x3c, 0x12,
+ 0x76, 0x99,
+ 0x65, 0xb4, 0x54, 0xa1,
+ 0xd8, 0x21, 0x5c, 0x27
+ };
+
+ gnutls_datum_t derCert = { der, sizeof(der) };
+
+ gnutls_x509_crt_t cert;
+
+ int result;
+ unsigned char expectedId[] =
+ { 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00,
+0x0a, 0x47,
+ 0x42, 0xdf, 0x76, 0xbd
+ };
+
+ char buf[17];
+ size_t buf_size;
+
+ ret = global_init();
+ if (ret < 0)
+ fail("init %d\n", ret);
+
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0)
+ fail("crt_init %d\n", ret);
+
+ ret = gnutls_x509_crt_import(cert, &derCert, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ fail("crt_import %d\n", ret);
+
+ buf_size = 15;
+ result =
+ gnutls_x509_crt_get_issuer_unique_id(cert, buf, &buf_size);
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ fail("get_issuer_unique_id short error %d\n", result);
+ if (buf_size != 16)
+ fail("get_issuer_unique_id buf size %zd\n", buf_size);
+
+ buf_size = 16;
+ result =
+ gnutls_x509_crt_get_issuer_unique_id(cert, buf, &buf_size);
+ if (result < 0)
+ fail("get_issuer_unique_id %d\n", result);
+ if (memcmp(buf, expectedId, buf_size) != 0)
+ fail("expected id mismatch for issuer\n");
+
+ buf_size = 15;
+ result =
+ gnutls_x509_crt_get_subject_unique_id(cert, buf, &buf_size);
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ fail("get_subject_unique_id short error %d\n", result);
+ if (buf_size != 16)
+ fail("get_subject_unique_id buf size %zd\n", buf_size);
+
+ buf_size = 16;
+ result =
+ gnutls_x509_crt_get_subject_unique_id(cert, buf, &buf_size);
+ if (result < 0)
+ fail("get_subject_unique_id %d\n", result);
+ if (memcmp(buf, expectedId, buf_size) != 0)
+ fail("expected id mismatch for subject\n");
+
+ gnutls_x509_crt_deinit(cert);
+
+ gnutls_global_deinit();
}
diff --git a/tests/chainverify-unsorted.c b/tests/chainverify-unsorted.c
index 0c793f67eb..829b13636f 100644
--- a/tests/chainverify-unsorted.c
+++ b/tests/chainverify-unsorted.c
@@ -39,710 +39,718 @@
/* gnutls_trust_list_*().
*/
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "<%d>| %s", level, str);
+ fprintf(stderr, "<%d>| %s", level, str);
}
-const char ca_str[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
- "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
- "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
- "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
- "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
- "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
- "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
- "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
- "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
- "-----END CERTIFICATE-----\n";
-const gnutls_datum_t ca = { (void*)ca_str, sizeof(ca_str) };
+const char ca_str[] =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
+ "-----END CERTIFICATE-----\n";
+const gnutls_datum_t ca = { (void *) ca_str, sizeof(ca_str) };
/* Chain1 is sorted */
static const char chain1[] = {
- /* chain[0] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
- "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
- "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
- "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
- "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
- "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
- "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
- "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
- "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
- "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
- "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
- "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
- "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
- "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
- "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
- "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
- "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
- "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
- "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
- "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
- "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
- "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
- "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
- "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
- "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
- "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
- "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
- "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
- "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
- "nKMfhbyFQYPQ6J9g\n"
- "-----END CERTIFICATE-----\n"
- /* chain[1] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
- "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
- "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
- "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
- "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
- "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
- "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
- "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
- "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
- "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
- "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
- "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
- "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
- "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
- "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
- "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
- "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
- "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
- "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
- "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
- "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
- "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
- "Gh/aWKfkT8Fhrryi/ks=\n"
- "-----END CERTIFICATE-----\n"
- /* chain[2] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
- "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
- "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
- "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
- "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
- "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
- "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
- "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
- "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
- "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
- "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
- "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
- "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
- "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
- "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
- "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
- "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
- "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
- "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
- "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
- "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
- "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
- "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
- "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
- "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
- "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
- "-----END CERTIFICATE-----\n"
- /* chain[3] (CA) */
- "-----BEGIN CERTIFICATE-----\n"
- "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
- "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
- "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
- "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
- "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
- "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
- "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
- "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
- "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
- "-----END CERTIFICATE-----\n"
+ /* chain[0] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
+ "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
+ "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
+ "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
+ "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
+ "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
+ "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
+ "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
+ "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
+ "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
+ "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
+ "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
+ "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
+ "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
+ "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
+ "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
+ "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
+ "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
+ "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
+ "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
+ "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
+ "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
+ "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
+ "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
+ "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
+ "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
+ "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
+ "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
+ "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
+ "nKMfhbyFQYPQ6J9g\n" "-----END CERTIFICATE-----\n"
+ /* chain[1] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
+ "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
+ "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
+ "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
+ "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
+ "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
+ "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
+ "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
+ "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
+ "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
+ "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
+ "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
+ "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
+ "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
+ "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
+ "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
+ "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
+ "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
+ "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
+ "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
+ "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
+ "Gh/aWKfkT8Fhrryi/ks=\n" "-----END CERTIFICATE-----\n"
+ /* chain[2] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
+ "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
+ "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
+ "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
+ "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
+ "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
+ "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
+ "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
+ "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
+ "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
+ "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
+ "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
+ "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
+ "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
+ "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
+ "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
+ "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
+ "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
+ "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
+ "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
+ "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
+ "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
+ "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
+ "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
+ "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
+ "-----END CERTIFICATE-----\n"
+ /* chain[3] (CA) */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
+ "-----END CERTIFICATE-----\n"
};
/* Chain2 is unsorted - reverse order */
static const char chain2[] = {
- /* chain[0] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
- "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
- "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
- "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
- "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
- "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
- "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
- "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
- "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
- "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
- "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
- "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
- "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
- "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
- "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
- "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
- "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
- "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
- "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
- "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
- "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
- "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
- "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
- "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
- "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
- "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
- "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
- "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
- "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
- "nKMfhbyFQYPQ6J9g\n"
- "-----END CERTIFICATE-----\n"
- /* chain[3] (CA) */
- "-----BEGIN CERTIFICATE-----\n"
- "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
- "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
- "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
- "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
- "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
- "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
- "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
- "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
- "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
- "-----END CERTIFICATE-----\n"
- /* chain[2] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
- "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
- "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
- "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
- "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
- "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
- "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
- "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
- "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
- "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
- "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
- "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
- "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
- "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
- "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
- "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
- "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
- "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
- "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
- "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
- "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
- "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
- "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
- "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
- "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
- "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
- "-----END CERTIFICATE-----\n"
- /* chain[1] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
- "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
- "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
- "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
- "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
- "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
- "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
- "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
- "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
- "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
- "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
- "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
- "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
- "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
- "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
- "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
- "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
- "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
- "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
- "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
- "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
- "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
- "Gh/aWKfkT8Fhrryi/ks=\n"
- "-----END CERTIFICATE-----\n"
+ /* chain[0] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
+ "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
+ "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
+ "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
+ "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
+ "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
+ "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
+ "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
+ "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
+ "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
+ "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
+ "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
+ "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
+ "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
+ "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
+ "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
+ "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
+ "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
+ "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
+ "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
+ "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
+ "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
+ "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
+ "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
+ "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
+ "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
+ "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
+ "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
+ "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
+ "nKMfhbyFQYPQ6J9g\n" "-----END CERTIFICATE-----\n"
+ /* chain[3] (CA) */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
+ "-----END CERTIFICATE-----\n"
+ /* chain[2] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
+ "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
+ "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
+ "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
+ "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
+ "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
+ "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
+ "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
+ "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
+ "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
+ "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
+ "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
+ "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
+ "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
+ "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
+ "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
+ "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
+ "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
+ "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
+ "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
+ "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
+ "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
+ "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
+ "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
+ "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
+ "-----END CERTIFICATE-----\n"
+ /* chain[1] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
+ "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
+ "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
+ "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
+ "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
+ "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
+ "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
+ "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
+ "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
+ "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
+ "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
+ "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
+ "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
+ "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
+ "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
+ "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
+ "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
+ "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
+ "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
+ "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
+ "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
+ "Gh/aWKfkT8Fhrryi/ks=\n" "-----END CERTIFICATE-----\n"
};
/* Chain3 is unsorted - random order */
static const char chain3[] = {
- /* chain[0] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
- "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
- "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
- "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
- "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
- "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
- "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
- "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
- "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
- "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
- "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
- "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
- "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
- "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
- "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
- "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
- "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
- "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
- "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
- "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
- "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
- "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
- "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
- "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
- "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
- "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
- "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
- "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
- "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
- "nKMfhbyFQYPQ6J9g\n"
- "-----END CERTIFICATE-----\n"
- /* chain[2] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
- "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
- "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
- "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
- "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
- "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
- "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
- "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
- "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
- "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
- "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
- "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
- "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
- "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
- "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
- "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
- "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
- "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
- "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
- "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
- "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
- "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
- "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
- "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
- "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
- "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
- "-----END CERTIFICATE-----\n"
- /* chain[3] (CA) */
- "-----BEGIN CERTIFICATE-----\n"
- "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
- "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
- "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
- "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
- "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
- "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
- "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
- "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
- "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
- "-----END CERTIFICATE-----\n"
- /* chain[1] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
- "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
- "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
- "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
- "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
- "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
- "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
- "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
- "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
- "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
- "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
- "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
- "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
- "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
- "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
- "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
- "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
- "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
- "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
- "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
- "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
- "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
- "Gh/aWKfkT8Fhrryi/ks=\n"
- "-----END CERTIFICATE-----\n"
+ /* chain[0] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
+ "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
+ "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
+ "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
+ "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
+ "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
+ "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
+ "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
+ "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
+ "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
+ "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
+ "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
+ "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
+ "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
+ "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
+ "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
+ "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
+ "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
+ "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
+ "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
+ "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
+ "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
+ "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
+ "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
+ "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
+ "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
+ "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
+ "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
+ "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
+ "nKMfhbyFQYPQ6J9g\n" "-----END CERTIFICATE-----\n"
+ /* chain[2] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
+ "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
+ "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
+ "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
+ "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
+ "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
+ "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
+ "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
+ "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
+ "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
+ "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
+ "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
+ "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
+ "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
+ "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
+ "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
+ "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
+ "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
+ "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
+ "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
+ "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
+ "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
+ "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
+ "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
+ "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
+ "-----END CERTIFICATE-----\n"
+ /* chain[3] (CA) */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
+ "-----END CERTIFICATE-----\n"
+ /* chain[1] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
+ "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
+ "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
+ "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
+ "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
+ "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
+ "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
+ "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
+ "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
+ "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
+ "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
+ "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
+ "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
+ "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
+ "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
+ "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
+ "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
+ "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
+ "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
+ "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
+ "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
+ "Gh/aWKfkT8Fhrryi/ks=\n" "-----END CERTIFICATE-----\n"
};
/* Chain4 is unsorted - random order and includes random certs */
static const char chain4[] = {
- /* chain[0] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
- "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
- "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
- "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
- "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
- "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
- "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
- "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
- "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
- "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
- "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
- "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
- "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
- "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
- "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
- "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
- "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
- "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
- "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
- "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
- "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
- "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
- "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
- "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
- "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
- "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
- "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
- "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
- "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
- "nKMfhbyFQYPQ6J9g\n"
- "-----END CERTIFICATE-----\n"
- /* chain[2] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
- "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
- "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
- "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
- "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
- "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
- "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
- "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
- "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
- "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
- "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
- "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
- "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
- "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
- "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
- "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
- "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
- "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
- "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
- "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
- "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
- "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
- "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
- "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
- "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
- "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
- "-----END CERTIFICATE-----\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEczCCA9ygAwIBAgIQeODCPg2RbK2r7/1KoWjWZzANBgkqhkiG9w0BAQUFADCB\n"
- "ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy\n"
- "aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy\n"
- "dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg\n"
- "SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w\n"
- "ODA2MTAwMDAwMDBaFw0wOTA3MzAyMzU5NTlaMIG2MQswCQYDVQQGEwJERTEPMA0G\n"
- "A1UECBMGSGVzc2VuMRowGAYDVQQHFBFGcmFua2Z1cnQgYW0gTWFpbjEsMCoGA1UE\n"
- "ChQjU3Bhcmthc3NlbiBJbmZvcm1hdGlrIEdtYkggJiBDby4gS0cxKTAnBgNVBAsU\n"
- "IFRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tMSEwHwYDVQQDFBhoYmNp\n"
- "LXBpbnRhbi1ycC5zLWhiY2kuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\n"
- "AK1CdQ9lqmChZWaRAInimuK7I36VImTuAVU0N6BIS4a2BbblkiekbVf15GVHGb6e\n"
- "QV06ANN6Nd8XIdfoxi3LoAs8sa+Ku7eoEsRFi/XIU96GgtFlxf3EsVA9RbGdtfer\n"
- "9iJGIBae2mJTlk+5LVg2EQr50PJlBuTgiYFc41xs9O2RAgMBAAGjggF6MIIBdjAJ\n"
- "BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8v\n"
- "Y3JsLnZlcmlzaWduLmNvbS9DbGFzczNJbnRlcm5hdGlvbmFsU2VydmVyLmNybDBE\n"
- "BgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\n"
- "d3d3LnZlcmlzaWduLmNvbS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEF\n"
- "BQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw\n"
- "Oi8vb2NzcC52ZXJpc2lnbi5jb20wbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJ\n"
- "aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYk\n"
- "aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEB\n"
- "BQUAA4GBAJ03R0YAjYzlWm54gMSn6MqJi0mHdLCO2lk3CARwjbg7TEYAZvDsKqTd\n"
- "cRuhNk079BqrQ3QapffeN55SAVrc3mzHO54Nla4n5y6x3XIQXVvRjbJGwmWXsdvr\n"
- "W899F/pBEN30Tgdbmn7JR/iZlGhIJpY9Us1i7rwQhKYir9ZQBdj3\n"
- "-----END CERTIFICATE-----\n"
- /* chain[1] */
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
- "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
- "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
- "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
- "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
- "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
- "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
- "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
- "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
- "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
- "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
- "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
- "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
- "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
- "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
- "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
- "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
- "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
- "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
- "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
- "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
- "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
- "Gh/aWKfkT8Fhrryi/ks=\n"
- "-----END CERTIFICATE-----\n"
- /* chain[3] (CA) */
- "-----BEGIN CERTIFICATE-----\n"
- "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
- "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
- "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
- "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
- "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
- "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
- "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
- "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
- "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
- "-----END CERTIFICATE-----\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf\n"
- "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
- "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
- "HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy\n"
- "aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx\n"
- "BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg\n"
- "MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g\n"
- "TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB\n"
- "jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx\n"
- "veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O\n"
- "OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB\n"
- "4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw\n"
- "KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV\n"
- "HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI\n"
- "ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk\n"
- "oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB\n"
- "BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv\n"
- "1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw\n"
- "E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa\n"
- "-----END CERTIFICATE-----\n"
+ /* chain[0] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
+ "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
+ "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
+ "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
+ "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
+ "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
+ "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
+ "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
+ "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
+ "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
+ "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
+ "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
+ "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
+ "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
+ "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
+ "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
+ "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
+ "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
+ "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
+ "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
+ "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
+ "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
+ "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
+ "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
+ "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
+ "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
+ "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
+ "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
+ "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
+ "nKMfhbyFQYPQ6J9g\n" "-----END CERTIFICATE-----\n"
+ /* chain[2] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
+ "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
+ "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
+ "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
+ "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
+ "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
+ "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
+ "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
+ "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
+ "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
+ "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
+ "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
+ "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
+ "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
+ "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
+ "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
+ "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
+ "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
+ "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
+ "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
+ "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
+ "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
+ "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
+ "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
+ "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
+ "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEczCCA9ygAwIBAgIQeODCPg2RbK2r7/1KoWjWZzANBgkqhkiG9w0BAQUFADCB\n"
+ "ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy\n"
+ "aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy\n"
+ "dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg\n"
+ "SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w\n"
+ "ODA2MTAwMDAwMDBaFw0wOTA3MzAyMzU5NTlaMIG2MQswCQYDVQQGEwJERTEPMA0G\n"
+ "A1UECBMGSGVzc2VuMRowGAYDVQQHFBFGcmFua2Z1cnQgYW0gTWFpbjEsMCoGA1UE\n"
+ "ChQjU3Bhcmthc3NlbiBJbmZvcm1hdGlrIEdtYkggJiBDby4gS0cxKTAnBgNVBAsU\n"
+ "IFRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tMSEwHwYDVQQDFBhoYmNp\n"
+ "LXBpbnRhbi1ycC5zLWhiY2kuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\n"
+ "AK1CdQ9lqmChZWaRAInimuK7I36VImTuAVU0N6BIS4a2BbblkiekbVf15GVHGb6e\n"
+ "QV06ANN6Nd8XIdfoxi3LoAs8sa+Ku7eoEsRFi/XIU96GgtFlxf3EsVA9RbGdtfer\n"
+ "9iJGIBae2mJTlk+5LVg2EQr50PJlBuTgiYFc41xs9O2RAgMBAAGjggF6MIIBdjAJ\n"
+ "BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8v\n"
+ "Y3JsLnZlcmlzaWduLmNvbS9DbGFzczNJbnRlcm5hdGlvbmFsU2VydmVyLmNybDBE\n"
+ "BgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\n"
+ "d3d3LnZlcmlzaWduLmNvbS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEF\n"
+ "BQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw\n"
+ "Oi8vb2NzcC52ZXJpc2lnbi5jb20wbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJ\n"
+ "aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYk\n"
+ "aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEB\n"
+ "BQUAA4GBAJ03R0YAjYzlWm54gMSn6MqJi0mHdLCO2lk3CARwjbg7TEYAZvDsKqTd\n"
+ "cRuhNk079BqrQ3QapffeN55SAVrc3mzHO54Nla4n5y6x3XIQXVvRjbJGwmWXsdvr\n"
+ "W899F/pBEN30Tgdbmn7JR/iZlGhIJpY9Us1i7rwQhKYir9ZQBdj3\n"
+ "-----END CERTIFICATE-----\n"
+ /* chain[1] */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
+ "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
+ "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
+ "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
+ "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
+ "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
+ "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
+ "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
+ "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
+ "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
+ "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
+ "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
+ "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
+ "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
+ "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
+ "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
+ "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
+ "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
+ "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
+ "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
+ "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
+ "Gh/aWKfkT8Fhrryi/ks=\n" "-----END CERTIFICATE-----\n"
+ /* chain[3] (CA) */
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
+ "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf\n"
+ "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
+ "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
+ "HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy\n"
+ "aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx\n"
+ "BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg\n"
+ "MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g\n"
+ "TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB\n"
+ "jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx\n"
+ "veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O\n"
+ "OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB\n"
+ "4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw\n"
+ "KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV\n"
+ "HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI\n"
+ "ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk\n"
+ "oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB\n"
+ "BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv\n"
+ "1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw\n"
+ "E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa\n"
+ "-----END CERTIFICATE-----\n"
};
-static time_t mytime (time_t * t)
+static time_t mytime(time_t * t)
{
- time_t then = 1207000800;
+ time_t then = 1207000800;
- if (t)
- *t = then;
+ if (t)
+ *t = then;
- return then;
+ return then;
}
-void
-doit (void)
+void doit(void)
{
- int ret;
- gnutls_datum_t data;
- gnutls_x509_crt_t *crts;
- unsigned int crts_size, i;
- gnutls_x509_trust_list_t tl;
- unsigned int status, flags = GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN;
- unsigned int not_flags = GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN;
-
- /* this must be called once in the program
- */
- global_init ();
-
- gnutls_global_set_time_function (mytime);
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (6);
-
- /* test for gnutls_certificate_get_issuer() */
- gnutls_x509_trust_list_init(&tl, 0);
-
- ret = gnutls_x509_trust_list_add_trust_mem(tl, &ca, NULL, GNUTLS_X509_FMT_PEM, 0, 0);
- if (ret < 0)
- {
- fail("gnutls_x509_trust_list_add_trust_mem\n");
- exit(1);
- }
-
- /* Chain 1 */
- data.data = (void*) chain1;
- data.size = sizeof(chain1);
- ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &data, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- fail("gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, &status, NULL);
- if (ret < 0 || status != 0)
- {
- fail("gnutls_x509_trust_list_verify_crt - 1\n");
- exit(1);
- }
-
- for (i=0;i<crts_size;i++)
- gnutls_x509_crt_deinit(crts[i]);
- gnutls_free(crts);
-
- /* Chain 2 */
- data.data = (void*) chain2;
- data.size = sizeof(chain2);
- ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &data, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- fail("gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, &status, NULL);
- if (ret < 0 || status != 0)
- {
- fail("gnutls_x509_trust_list_verify_crt - 2\n");
- exit(1);
- }
-
- for (i=0;i<crts_size;i++)
- gnutls_x509_crt_deinit(crts[i]);
- gnutls_free(crts);
-
- /* Chain 3 */
- data.data = (void*) chain3;
- data.size = sizeof(chain3);
- ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &data, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- fail("gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, &status, NULL);
- if (ret < 0 || status != 0)
- {
- fail("gnutls_x509_trust_list_verify_crt - 3\n");
- exit(1);
- }
-
- for (i=0;i<crts_size;i++)
- gnutls_x509_crt_deinit(crts[i]);
- gnutls_free(crts);
-
- /* Chain 4 */
- data.data = (void*) chain4;
- data.size = sizeof(chain4);
- ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &data, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- fail("gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, &status, NULL);
- if (ret < 0 || status != 0)
- {
- fail("gnutls_x509_trust_list_verify_crt - 4\n");
- exit(1);
- }
-
- for (i=0;i<crts_size;i++)
- gnutls_x509_crt_deinit(crts[i]);
- gnutls_free(crts);
-
- /* Check if an unsorted list would fail if the unsorted flag is not given */
- data.data = (void*) chain2;
- data.size = sizeof(chain2);
- ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &data, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- fail("gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, not_flags, &status, NULL);
- if (ret < 0 || status == 0)
- {
- fail("gnutls_x509_trust_list_verify_crt - 5\n");
- exit(1);
- }
-
- for (i=0;i<crts_size;i++)
- gnutls_x509_crt_deinit(crts[i]);
- gnutls_free(crts);
-
- gnutls_x509_trust_list_deinit(tl, 1);
-
- gnutls_global_deinit();
-
- if (debug) success("success");
+ int ret;
+ gnutls_datum_t data;
+ gnutls_x509_crt_t *crts;
+ unsigned int crts_size, i;
+ gnutls_x509_trust_list_t tl;
+ unsigned int status, flags = GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN;
+ unsigned int not_flags = GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN;
+
+ /* this must be called once in the program
+ */
+ global_init();
+
+ gnutls_global_set_time_function(mytime);
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(6);
+
+ /* test for gnutls_certificate_get_issuer() */
+ gnutls_x509_trust_list_init(&tl, 0);
+
+ ret =
+ gnutls_x509_trust_list_add_trust_mem(tl, &ca, NULL,
+ GNUTLS_X509_FMT_PEM, 0,
+ 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_add_trust_mem\n");
+ exit(1);
+ }
+
+ /* Chain 1 */
+ data.data = (void *) chain1;
+ data.size = sizeof(chain1);
+ ret =
+ gnutls_x509_crt_list_import2(&crts, &crts_size, &data,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_list_import2: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags,
+ &status, NULL);
+ if (ret < 0 || status != 0) {
+ fail("gnutls_x509_trust_list_verify_crt - 1\n");
+ exit(1);
+ }
+
+ for (i = 0; i < crts_size; i++)
+ gnutls_x509_crt_deinit(crts[i]);
+ gnutls_free(crts);
+
+ /* Chain 2 */
+ data.data = (void *) chain2;
+ data.size = sizeof(chain2);
+ ret =
+ gnutls_x509_crt_list_import2(&crts, &crts_size, &data,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_list_import2: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags,
+ &status, NULL);
+ if (ret < 0 || status != 0) {
+ fail("gnutls_x509_trust_list_verify_crt - 2\n");
+ exit(1);
+ }
+
+ for (i = 0; i < crts_size; i++)
+ gnutls_x509_crt_deinit(crts[i]);
+ gnutls_free(crts);
+
+ /* Chain 3 */
+ data.data = (void *) chain3;
+ data.size = sizeof(chain3);
+ ret =
+ gnutls_x509_crt_list_import2(&crts, &crts_size, &data,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_list_import2: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags,
+ &status, NULL);
+ if (ret < 0 || status != 0) {
+ fail("gnutls_x509_trust_list_verify_crt - 3\n");
+ exit(1);
+ }
+
+ for (i = 0; i < crts_size; i++)
+ gnutls_x509_crt_deinit(crts[i]);
+ gnutls_free(crts);
+
+ /* Chain 4 */
+ data.data = (void *) chain4;
+ data.size = sizeof(chain4);
+ ret =
+ gnutls_x509_crt_list_import2(&crts, &crts_size, &data,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_list_import2: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags,
+ &status, NULL);
+ if (ret < 0 || status != 0) {
+ fail("gnutls_x509_trust_list_verify_crt - 4\n");
+ exit(1);
+ }
+
+ for (i = 0; i < crts_size; i++)
+ gnutls_x509_crt_deinit(crts[i]);
+ gnutls_free(crts);
+
+ /* Check if an unsorted list would fail if the unsorted flag is not given */
+ data.data = (void *) chain2;
+ data.size = sizeof(chain2);
+ ret =
+ gnutls_x509_crt_list_import2(&crts, &crts_size, &data,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_list_import2: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_trust_list_verify_crt(tl, crts, crts_size,
+ not_flags, &status, NULL);
+ if (ret < 0 || status == 0) {
+ fail("gnutls_x509_trust_list_verify_crt - 5\n");
+ exit(1);
+ }
+
+ for (i = 0; i < crts_size; i++)
+ gnutls_x509_crt_deinit(crts[i]);
+ gnutls_free(crts);
+
+ gnutls_x509_trust_list_deinit(tl, 1);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("success");
}
diff --git a/tests/chainverify.c b/tests/chainverify.c
index 8f6d78466b..45596e65c6 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -37,14 +37,14 @@
verifying certificates. To avoid a time bomb, we hard code the
current time. This should work fine on systems where the library
call to time is resolved at run-time. */
-static time_t mytime (time_t * t)
+static time_t mytime(time_t * t)
{
- time_t then = 1256803113;
+ time_t then = 1256803113;
- if (t)
- *t = then;
+ if (t)
+ *t = then;
- return then;
+ return then;
}
/* *INDENT-OFF* */
@@ -785,164 +785,171 @@ static struct
};
/* *INDENT-ON* */
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-void
-doit (void)
+void doit(void)
{
- int exit_val = 0;
- size_t i;
- int ret;
+ int exit_val = 0;
+ size_t i;
+ int ret;
- /* The overloading of time() seems to work in linux (ELF?)
- * systems only. Disable it on windows.
- */
+ /* The overloading of time() seems to work in linux (ELF?)
+ * systems only. Disable it on windows.
+ */
#ifdef _WIN32
- exit(77);
+ exit(77);
#endif
- ret = global_init ();
- if (ret != 0)
- {
- fail ("%d: %s\n", ret, gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_global_set_time_function (mytime);
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- for (i = 0; chains[i].chain; i++)
- {
- unsigned int verify_status;
- gnutls_x509_crt_t certs[4];
- gnutls_x509_crt_t ca;
- gnutls_datum_t tmp;
- size_t j;
-
- if (debug)
- printf ("Chain '%s' (%d)...\n", chains[i].name, (int) i);
-
- for (j = 0; chains[i].chain[j]; j++)
- {
- if (debug > 2)
- printf ("\tAdding certificate %d...", (int) j);
-
- ret = gnutls_x509_crt_init (&certs[j]);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_init[%d,%d]: %s",
- (int) i, (int) j, gnutls_strerror (ret));
- exit (1);
- }
-
- tmp.data = (unsigned char *) chains[i].chain[j];
- tmp.size = strlen (chains[i].chain[j]);
-
- ret = gnutls_x509_crt_import (certs[j], &tmp, GNUTLS_X509_FMT_PEM);
- if (debug > 2)
- printf ("done\n");
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_import[%d,%d]: %s",
- (int) i, (int) j, gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_x509_crt_print (certs[j], GNUTLS_CRT_PRINT_ONELINE, &tmp);
- if (debug)
- printf ("\tCertificate %d: %.*s\n", (int) j, tmp.size, tmp.data);
- gnutls_free (tmp.data);
- }
-
- if (debug > 2)
- printf ("\tAdding CA certificate...");
-
- ret = gnutls_x509_crt_init (&ca);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_init: %s",
- gnutls_strerror (ret));
- exit (1);
- }
-
- tmp.data = (unsigned char *) *chains[i].ca;
- tmp.size = strlen (*chains[i].ca);
-
- ret = gnutls_x509_crt_import (ca, &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_import: %s",
- gnutls_strerror (ret));
- exit (1);
+ ret = global_init();
+ if (ret != 0) {
+ fail("%d: %s\n", ret, gnutls_strerror(ret));
+ exit(1);
}
- if (debug > 2)
- printf ("done\n");
-
- gnutls_x509_crt_print (ca, GNUTLS_CRT_PRINT_ONELINE, &tmp);
- if (debug)
- printf ("\tCA Certificate: %.*s\n", tmp.size, tmp.data);
- gnutls_free (tmp.data);
-
- if (debug)
- printf ("\tVerifying...");
-
- ret = gnutls_x509_crt_list_verify (certs, j,
- &ca, 1, NULL, 0,
- chains[i].verify_flags,
- &verify_status);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_list_verify[%d,%d]: %s",
- (int) i, (int) j, gnutls_strerror (ret));
- exit (1);
- }
-
- if (verify_status != chains[i].expected_verify_result)
- {
- gnutls_datum_t out1, out2;
- gnutls_certificate_verification_status_print(verify_status, GNUTLS_CRT_X509, &out1, 0);
- gnutls_certificate_verification_status_print(chains[i].expected_verify_result, GNUTLS_CRT_X509, &out2, 0);
- fail ("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", chains[i].name,
- verify_status, out1.data, chains[i].expected_verify_result, out2.data);
- gnutls_free(out1.data);
- gnutls_free(out2.data);
+ gnutls_global_set_time_function(mytime);
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ for (i = 0; chains[i].chain; i++) {
+ unsigned int verify_status;
+ gnutls_x509_crt_t certs[4];
+ gnutls_x509_crt_t ca;
+ gnutls_datum_t tmp;
+ size_t j;
+
+ if (debug)
+ printf("Chain '%s' (%d)...\n", chains[i].name,
+ (int) i);
+
+ for (j = 0; chains[i].chain[j]; j++) {
+ if (debug > 2)
+ printf("\tAdding certificate %d...",
+ (int) j);
+
+ ret = gnutls_x509_crt_init(&certs[j]);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_init[%d,%d]: %s",
+ (int) i, (int) j,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ tmp.data = (unsigned char *) chains[i].chain[j];
+ tmp.size = strlen(chains[i].chain[j]);
+
+ ret =
+ gnutls_x509_crt_import(certs[j], &tmp,
+ GNUTLS_X509_FMT_PEM);
+ if (debug > 2)
+ printf("done\n");
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_import[%d,%d]: %s",
+ (int) i, (int) j,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_x509_crt_print(certs[j],
+ GNUTLS_CRT_PRINT_ONELINE,
+ &tmp);
+ if (debug)
+ printf("\tCertificate %d: %.*s\n", (int) j,
+ tmp.size, tmp.data);
+ gnutls_free(tmp.data);
+ }
+
+ if (debug > 2)
+ printf("\tAdding CA certificate...");
+
+ ret = gnutls_x509_crt_init(&ca);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ tmp.data = (unsigned char *) *chains[i].ca;
+ tmp.size = strlen(*chains[i].ca);
+
+ ret =
+ gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_import: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (debug > 2)
+ printf("done\n");
+
+ gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp);
+ if (debug)
+ printf("\tCA Certificate: %.*s\n", tmp.size,
+ tmp.data);
+ gnutls_free(tmp.data);
+
+ if (debug)
+ printf("\tVerifying...");
+
+ ret = gnutls_x509_crt_list_verify(certs, j,
+ &ca, 1, NULL, 0,
+ chains[i].verify_flags,
+ &verify_status);
+ if (ret < 0) {
+ fprintf(stderr,
+ "gnutls_x509_crt_list_verify[%d,%d]: %s",
+ (int) i, (int) j, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (verify_status != chains[i].expected_verify_result) {
+ gnutls_datum_t out1, out2;
+ gnutls_certificate_verification_status_print
+ (verify_status, GNUTLS_CRT_X509, &out1, 0);
+ gnutls_certificate_verification_status_print(chains
+ [i].
+ expected_verify_result,
+ GNUTLS_CRT_X509,
+ &out2,
+ 0);
+ fail("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", chains[i].name, verify_status, out1.data, chains[i].expected_verify_result, out2.data);
+ gnutls_free(out1.data);
+ gnutls_free(out2.data);
#if 0
- j = 0;
- do
- {
- fprintf (stderr, "%s\n", chains[i].chain[j]);
- }
- while (chains[i].chain[++j] != NULL);
+ j = 0;
+ do {
+ fprintf(stderr, "%s\n",
+ chains[i].chain[j]);
+ }
+ while (chains[i].chain[++j] != NULL);
#endif
- if (!debug)
- exit (1);
- }
- else if (debug)
- printf ("done\n");
- if (debug)
- printf ("\tCleanup...");
+ if (!debug)
+ exit(1);
+ } else if (debug)
+ printf("done\n");
+ if (debug)
+ printf("\tCleanup...");
- gnutls_x509_crt_deinit (ca);
- for (j = 0; chains[i].chain[j]; j++)
- gnutls_x509_crt_deinit (certs[j]);
+ gnutls_x509_crt_deinit(ca);
+ for (j = 0; chains[i].chain[j]; j++)
+ gnutls_x509_crt_deinit(certs[j]);
- if (debug)
- printf ("done\n\n\n");
- }
+ if (debug)
+ printf("done\n\n\n");
+ }
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- if (debug)
- printf ("Exit status...%d\n", exit_val);
+ if (debug)
+ printf("Exit status...%d\n", exit_val);
- exit (exit_val);
+ exit(exit_val);
}
diff --git a/tests/crq_apis.c b/tests/crq_apis.c
index 38233d7395..daf8d89e18 100644
--- a/tests/crq_apis.c
+++ b/tests/crq_apis.c
@@ -32,186 +32,188 @@
#include "utils.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", "crq_key_id", level, str);
+ fprintf(stderr, "%s |<%d>| %s", "crq_key_id", level, str);
}
static unsigned char key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
- "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
- "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
- "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
- "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
- "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
- "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
- "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
- "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
- "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
- "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
- "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
- "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
- "-----END RSA PRIVATE KEY-----\n";
-const gnutls_datum_t key = { key_pem, sizeof (key_pem) };
-
-void
-doit (void)
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
+ "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
+ "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
+ "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
+ "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
+ "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
+ "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
+ "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
+ "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
+ "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
+ "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
+ "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
+ "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
+ "-----END RSA PRIVATE KEY-----\n";
+const gnutls_datum_t key = { key_pem, sizeof(key_pem) };
+
+void doit(void)
{
- gnutls_x509_privkey_t pkey;
- gnutls_x509_crt_t crt;
- gnutls_x509_crq_t crq;
-
- gnutls_datum_t out;
+ gnutls_x509_privkey_t pkey;
+ gnutls_x509_crt_t crt;
+ gnutls_x509_crq_t crq;
+
+ gnutls_datum_t out;
- size_t s = 0;
-
- char smallbuf[10];
-
- int ret;
-
- ret = global_init ();
- if (ret < 0)
- fail ("global_init\n");
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- ret = gnutls_x509_crq_init (&crq);
- if (ret != 0)
- fail ("gnutls_x509_crq_init\n");
-
- ret = gnutls_x509_privkey_init (&pkey);
- if (ret != 0)
- fail ("gnutls_x509_privkey_init\n");
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret != 0)
- fail ("gnutls_x509_crt_init\n");
-
- ret = gnutls_x509_privkey_import (pkey, &key, GNUTLS_X509_FMT_PEM);
- if (ret != 0)
- fail ("gnutls_x509_privkey_import\n");
-
- ret = gnutls_x509_crq_set_version (crq, 0);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_version\n");
-
- ret = gnutls_x509_crq_set_key (crq, pkey);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_key\n");
-
- s = 0;
- ret = gnutls_x509_crq_get_extension_info (crq, 0, NULL, &s, NULL);
- if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- fail ("gnutls_x509_crq_get_extension_info\n");
-
- ret = gnutls_x509_crq_set_basic_constraints (crq, 0, 0);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_basic_constraints %d\n", ret);
-
- ret = gnutls_x509_crq_set_key_usage (crq, 0);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_key_usage %d\n", ret);
-
- ret = gnutls_x509_crq_get_challenge_password (crq, NULL, &s);
- if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- fail ("%d: gnutls_x509_crq_get_challenge_password %d: %s\n", __LINE__, ret, gnutls_strerror(ret));
-
- ret = gnutls_x509_crq_set_challenge_password (crq, "foo");
- if (ret != 0)
- fail ("gnutls_x509_crq_set_challenge_password %d\n", ret);
-
- s = 0;
- ret = gnutls_x509_crq_get_challenge_password (crq, NULL, &s);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER || s != 4)
- fail ("%d: gnutls_x509_crq_get_challenge_password %d: %s (passlen: %d)\n", __LINE__, ret, gnutls_strerror(ret), (int)s);
-
- s = 10;
- ret = gnutls_x509_crq_get_challenge_password (crq, smallbuf, &s);
- if (ret != 0 || s != 3 || strcmp (smallbuf, "foo") != 0)
- fail ("%d: gnutls_x509_crq_get_challenge_password3 %d/%d/%s\n",
- __LINE__, ret, (int) s, smallbuf);
-
- s = 0;
- ret = gnutls_x509_crq_get_extension_info (crq, 0, NULL, &s, NULL);
- if (ret != 0)
- fail ("gnutls_x509_crq_get_extension_info2\n");
-
- s = 0;
- ret = gnutls_x509_crq_get_extension_data (crq, 0, NULL, &s);
- if (ret != 0)
- fail ("gnutls_x509_crq_get_extension_data\n");
-
- ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
- "foo", 3, 1);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_subject_alt_name\n");
-
- ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
- "bar", 3, 1);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_subject_alt_name\n");
-
- ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
- "apa", 3, 0);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_subject_alt_name\n");
-
- ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
- "foo", 3, 1);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_subject_alt_name\n");
-
- s = 0;
- ret = gnutls_x509_crq_get_key_purpose_oid (crq, 0, NULL, &s, NULL);
- if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- fail ("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
-
- s = 0;
- ret =
- gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_key_purpose_oid %d\n", ret);
-
- s = 0;
- ret = gnutls_x509_crq_get_key_purpose_oid (crq, 0, NULL, &s, NULL);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- fail ("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
-
- s = 0;
- ret =
- gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_CLIENT, 1);
- if (ret != 0)
- fail ("gnutls_x509_crq_set_key_purpose_oid2 %d\n", ret);
-
- ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &out);
- if (ret != 0)
- fail ("gnutls_x509_crq_print\n");
- if (debug)
- printf ("crq: %.*s\n", out.size, out.data);
- gnutls_free (out.data);
-
- ret = gnutls_x509_crt_set_version (crt, 3);
- if (ret != 0)
- fail ("gnutls_x509_crt_set_version\n");
-
- ret = gnutls_x509_crt_set_crq_extensions (crt, crq);
- if (ret != 0)
- fail ("gnutls_x509_crt_set_crq_extensions\n");
-
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &out);
- if (ret != 0)
- fail ("gnutls_x509_crt_print\n");
- if (debug)
- printf ("crt: %.*s\n", out.size, out.data);
- gnutls_free (out.data);
-
- gnutls_x509_crq_deinit (crq);
- gnutls_x509_crt_deinit (crt);
- gnutls_x509_privkey_deinit (pkey);
-
- gnutls_global_deinit ();
+ size_t s = 0;
+
+ char smallbuf[10];
+
+ int ret;
+
+ ret = global_init();
+ if (ret < 0)
+ fail("global_init\n");
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ ret = gnutls_x509_crq_init(&crq);
+ if (ret != 0)
+ fail("gnutls_x509_crq_init\n");
+
+ ret = gnutls_x509_privkey_init(&pkey);
+ if (ret != 0)
+ fail("gnutls_x509_privkey_init\n");
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret != 0)
+ fail("gnutls_x509_crt_init\n");
+
+ ret = gnutls_x509_privkey_import(pkey, &key, GNUTLS_X509_FMT_PEM);
+ if (ret != 0)
+ fail("gnutls_x509_privkey_import\n");
+
+ ret = gnutls_x509_crq_set_version(crq, 0);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_version\n");
+
+ ret = gnutls_x509_crq_set_key(crq, pkey);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_key\n");
+
+ s = 0;
+ ret = gnutls_x509_crq_get_extension_info(crq, 0, NULL, &s, NULL);
+ if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ fail("gnutls_x509_crq_get_extension_info\n");
+
+ ret = gnutls_x509_crq_set_basic_constraints(crq, 0, 0);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_basic_constraints %d\n", ret);
+
+ ret = gnutls_x509_crq_set_key_usage(crq, 0);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_key_usage %d\n", ret);
+
+ ret = gnutls_x509_crq_get_challenge_password(crq, NULL, &s);
+ if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ fail("%d: gnutls_x509_crq_get_challenge_password %d: %s\n",
+ __LINE__, ret, gnutls_strerror(ret));
+
+ ret = gnutls_x509_crq_set_challenge_password(crq, "foo");
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_challenge_password %d\n", ret);
+
+ s = 0;
+ ret = gnutls_x509_crq_get_challenge_password(crq, NULL, &s);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER || s != 4)
+ fail("%d: gnutls_x509_crq_get_challenge_password %d: %s (passlen: %d)\n", __LINE__, ret, gnutls_strerror(ret), (int) s);
+
+ s = 10;
+ ret = gnutls_x509_crq_get_challenge_password(crq, smallbuf, &s);
+ if (ret != 0 || s != 3 || strcmp(smallbuf, "foo") != 0)
+ fail("%d: gnutls_x509_crq_get_challenge_password3 %d/%d/%s\n", __LINE__, ret, (int) s, smallbuf);
+
+ s = 0;
+ ret = gnutls_x509_crq_get_extension_info(crq, 0, NULL, &s, NULL);
+ if (ret != 0)
+ fail("gnutls_x509_crq_get_extension_info2\n");
+
+ s = 0;
+ ret = gnutls_x509_crq_get_extension_data(crq, 0, NULL, &s);
+ if (ret != 0)
+ fail("gnutls_x509_crq_get_extension_data\n");
+
+ ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
+ "foo", 3, 1);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_subject_alt_name\n");
+
+ ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
+ "bar", 3, 1);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_subject_alt_name\n");
+
+ ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
+ "apa", 3, 0);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_subject_alt_name\n");
+
+ ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
+ "foo", 3, 1);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_subject_alt_name\n");
+
+ s = 0;
+ ret = gnutls_x509_crq_get_key_purpose_oid(crq, 0, NULL, &s, NULL);
+ if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ fail("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
+
+ s = 0;
+ ret =
+ gnutls_x509_crq_set_key_purpose_oid(crq,
+ GNUTLS_KP_TLS_WWW_SERVER,
+ 0);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_key_purpose_oid %d\n", ret);
+
+ s = 0;
+ ret = gnutls_x509_crq_get_key_purpose_oid(crq, 0, NULL, &s, NULL);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ fail("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
+
+ s = 0;
+ ret =
+ gnutls_x509_crq_set_key_purpose_oid(crq,
+ GNUTLS_KP_TLS_WWW_CLIENT,
+ 1);
+ if (ret != 0)
+ fail("gnutls_x509_crq_set_key_purpose_oid2 %d\n", ret);
+
+ ret = gnutls_x509_crq_print(crq, GNUTLS_CRT_PRINT_FULL, &out);
+ if (ret != 0)
+ fail("gnutls_x509_crq_print\n");
+ if (debug)
+ printf("crq: %.*s\n", out.size, out.data);
+ gnutls_free(out.data);
+
+ ret = gnutls_x509_crt_set_version(crt, 3);
+ if (ret != 0)
+ fail("gnutls_x509_crt_set_version\n");
+
+ ret = gnutls_x509_crt_set_crq_extensions(crt, crq);
+ if (ret != 0)
+ fail("gnutls_x509_crt_set_crq_extensions\n");
+
+ ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out);
+ if (ret != 0)
+ fail("gnutls_x509_crt_print\n");
+ if (debug)
+ printf("crt: %.*s\n", out.size, out.data);
+ gnutls_free(out.data);
+
+ gnutls_x509_crq_deinit(crq);
+ gnutls_x509_crt_deinit(crt);
+ gnutls_x509_privkey_deinit(pkey);
+
+ gnutls_global_deinit();
}
diff --git a/tests/crq_key_id.c b/tests/crq_key_id.c
index 5fb14fd80b..c9c4fd7a9a 100644
--- a/tests/crq_key_id.c
+++ b/tests/crq_key_id.c
@@ -33,171 +33,161 @@
#include "utils.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", "crq_key_id", level, str);
+ fprintf(stderr, "%s |<%d>| %s", "crq_key_id", level, str);
}
-void
-doit (void)
+void doit(void)
{
- gnutls_x509_privkey_t pkey;
- gnutls_privkey_t abs_pkey;
- gnutls_x509_crq_t crq;
-
- size_t pkey_key_id_len;
- unsigned char *pkey_key_id = NULL;
-
- size_t crq_key_id_len;
- unsigned char *crq_key_id = NULL;
-
- gnutls_pk_algorithm_t algorithm;
-
- int ret;
-
- ret = global_init ();
- if (ret < 0)
- fail ("global_init: %d\n", ret);
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_DSA; algorithm++)
- {
- ret = gnutls_x509_crq_init (&crq);
- if (ret < 0)
- fail ("gnutls_x509_crq_init: %d\n", ret);
-
- ret = gnutls_x509_privkey_init (&pkey);
- if (ret < 0)
- {
- fail ("gnutls_x509_privkey_init: %d\n", ret);
- }
-
- ret = gnutls_privkey_init (&abs_pkey);
- if (ret < 0)
- {
- fail ("gnutls_privkey_init: %d\n", ret);
- }
-
- ret = gnutls_x509_privkey_generate (pkey, algorithm, 1024, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_privkey_generate (rsa): %d\n", ret);
- }
- else if (debug)
- {
- success ("Key[%s] generation ok: %d\n",
- gnutls_pk_algorithm_get_name (algorithm), ret);
- }
-
- pkey_key_id_len = 0;
- ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id,
- &pkey_key_id_len);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n",
- ret);
- }
-
- pkey_key_id = malloc (sizeof (unsigned char) * pkey_key_id_len);
- ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id,
- &pkey_key_id_len);
- if (ret != GNUTLS_E_SUCCESS)
- {
- fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n",
- ret);
- }
-
- ret = gnutls_x509_crq_set_version (crq, 1);
- if (ret < 0)
- {
- fail ("gnutls_x509_crq_set_version: %d\n", ret);
- }
-
- ret = gnutls_x509_crq_set_key (crq, pkey);
- if (ret < 0)
- {
- fail ("gnutls_x509_crq_set_key: %d\n", ret);
- }
-
- ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
- 0, "CN-Test", 7);
- if (ret < 0)
- {
- fail ("gnutls_x509_crq_set_dn_by_oid: %d\n", ret);
- }
-
- ret = gnutls_privkey_import_x509( abs_pkey, pkey, 0);
- if (ret < 0)
- {
- fail ("gnutls_privkey_import_x509: %d\n", ret);
- }
-
- ret = gnutls_x509_crq_privkey_sign (crq, abs_pkey, GNUTLS_DIG_SHA1, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_crq_sign: %d\n", ret);
- }
-
- ret = gnutls_x509_crq_verify (crq, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_crq_verify: %d\n", ret);
- }
-
- crq_key_id_len = 0;
- ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
- }
-
- crq_key_id = malloc (sizeof (unsigned char) * crq_key_id_len);
- ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len);
- if (ret != GNUTLS_E_SUCCESS)
- {
- fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
- }
-
- if (crq_key_id_len == pkey_key_id_len)
- {
- ret = memcmp (crq_key_id, pkey_key_id, crq_key_id_len);
- if (ret == 0)
- {
- if (debug)
- success ("Key ids are identical. OK.\n");
- }
- else
- {
- fail ("Key ids differ incorrectly: %d\n", ret);
- }
- }
- else
- {
- fail ("Key_id lengths differ incorrectly: %d - %d\n",
- (int) crq_key_id_len, (int) pkey_key_id_len);
- }
-
-
- if (pkey_key_id)
- {
- free (pkey_key_id);
- pkey_key_id = NULL;
- }
-
- if (crq_key_id)
- {
- free (crq_key_id);
- crq_key_id = NULL;
- }
-
- gnutls_x509_crq_deinit (crq);
- gnutls_x509_privkey_deinit (pkey);
- gnutls_privkey_deinit (abs_pkey);
- }
-
- gnutls_global_deinit ();
+ gnutls_x509_privkey_t pkey;
+ gnutls_privkey_t abs_pkey;
+ gnutls_x509_crq_t crq;
+
+ size_t pkey_key_id_len;
+ unsigned char *pkey_key_id = NULL;
+
+ size_t crq_key_id_len;
+ unsigned char *crq_key_id = NULL;
+
+ gnutls_pk_algorithm_t algorithm;
+
+ int ret;
+
+ ret = global_init();
+ if (ret < 0)
+ fail("global_init: %d\n", ret);
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_DSA;
+ algorithm++) {
+ ret = gnutls_x509_crq_init(&crq);
+ if (ret < 0)
+ fail("gnutls_x509_crq_init: %d\n", ret);
+
+ ret = gnutls_x509_privkey_init(&pkey);
+ if (ret < 0) {
+ fail("gnutls_x509_privkey_init: %d\n", ret);
+ }
+
+ ret = gnutls_privkey_init(&abs_pkey);
+ if (ret < 0) {
+ fail("gnutls_privkey_init: %d\n", ret);
+ }
+
+ ret =
+ gnutls_x509_privkey_generate(pkey, algorithm, 1024, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_privkey_generate (rsa): %d\n",
+ ret);
+ } else if (debug) {
+ success("Key[%s] generation ok: %d\n",
+ gnutls_pk_algorithm_get_name(algorithm),
+ ret);
+ }
+
+ pkey_key_id_len = 0;
+ ret = gnutls_x509_privkey_get_key_id(pkey, 0, pkey_key_id,
+ &pkey_key_id_len);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ fail("gnutls_x509_privkey_get_key_id incorrectly returns %d\n", ret);
+ }
+
+ pkey_key_id =
+ malloc(sizeof(unsigned char) * pkey_key_id_len);
+ ret =
+ gnutls_x509_privkey_get_key_id(pkey, 0, pkey_key_id,
+ &pkey_key_id_len);
+ if (ret != GNUTLS_E_SUCCESS) {
+ fail("gnutls_x509_privkey_get_key_id incorrectly returns %d\n", ret);
+ }
+
+ ret = gnutls_x509_crq_set_version(crq, 1);
+ if (ret < 0) {
+ fail("gnutls_x509_crq_set_version: %d\n", ret);
+ }
+
+ ret = gnutls_x509_crq_set_key(crq, pkey);
+ if (ret < 0) {
+ fail("gnutls_x509_crq_set_key: %d\n", ret);
+ }
+
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq,
+ GNUTLS_OID_X520_COMMON_NAME,
+ 0, "CN-Test", 7);
+ if (ret < 0) {
+ fail("gnutls_x509_crq_set_dn_by_oid: %d\n", ret);
+ }
+
+ ret = gnutls_privkey_import_x509(abs_pkey, pkey, 0);
+ if (ret < 0) {
+ fail("gnutls_privkey_import_x509: %d\n", ret);
+ }
+
+ ret =
+ gnutls_x509_crq_privkey_sign(crq, abs_pkey,
+ GNUTLS_DIG_SHA1, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_crq_sign: %d\n", ret);
+ }
+
+ ret = gnutls_x509_crq_verify(crq, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_crq_verify: %d\n", ret);
+ }
+
+ crq_key_id_len = 0;
+ ret =
+ gnutls_x509_crq_get_key_id(crq, 0, crq_key_id,
+ &crq_key_id_len);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ fail("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
+ }
+
+ crq_key_id =
+ malloc(sizeof(unsigned char) * crq_key_id_len);
+ ret =
+ gnutls_x509_crq_get_key_id(crq, 0, crq_key_id,
+ &crq_key_id_len);
+ if (ret != GNUTLS_E_SUCCESS) {
+ fail("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
+ }
+
+ if (crq_key_id_len == pkey_key_id_len) {
+ ret =
+ memcmp(crq_key_id, pkey_key_id,
+ crq_key_id_len);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("Key ids are identical. OK.\n");
+ } else {
+ fail("Key ids differ incorrectly: %d\n",
+ ret);
+ }
+ } else {
+ fail("Key_id lengths differ incorrectly: %d - %d\n", (int) crq_key_id_len, (int) pkey_key_id_len);
+ }
+
+
+ if (pkey_key_id) {
+ free(pkey_key_id);
+ pkey_key_id = NULL;
+ }
+
+ if (crq_key_id) {
+ free(crq_key_id);
+ crq_key_id = NULL;
+ }
+
+ gnutls_x509_crq_deinit(crq);
+ gnutls_x509_privkey_deinit(pkey);
+ gnutls_privkey_deinit(abs_pkey);
+ }
+
+ gnutls_global_deinit();
}
diff --git a/tests/cve-2008-4989.c b/tests/cve-2008-4989.c
index c054426b7f..1e54115659 100644
--- a/tests/cve-2008-4989.c
+++ b/tests/cve-2008-4989.c
@@ -37,235 +37,227 @@
verification tester. */
static const char *pem_certs[] = {
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB6zCCAVQCCQCgwnB/k0WZrDANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJE\n"
- "RTEXMBUGA1UEChMOR05VIFRMUyBBdHRhY2sxFTATBgNVBAMTDGludGVybWVkaWF0\n"
- "ZTAeFw0wODExMDMxMjA1MDRaFw0wODEyMDMxMjA1MDRaMDcxCzAJBgNVBAYTAkRF\n"
- "MRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazEPMA0GA1UEAxMGc2VydmVyMIGfMA0G\n"
- "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKdL9g5ErMLOLRCjiomZlNLhy0moWGaKIW\n"
- "aX6vyUIfh8d6FcArHoKoqhmX7ckvod50sOYPojQesDpl7gVaQNA6Ntr1VCcuNPef\n"
- "UKWtEwL0Qu9JbPnUoIYd7mAaqVQgFp6W6yzV/dp63LH4XSdzBMhpZ/EU6vZoE8Sv\n"
- "VLdqj5r6jwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH4QRR7sZEbjW00tXYk/3O/Z\n"
- "96AxJNg0F78W5B68gaJrLJ7DTE2RTglscuEq1+2Jyb4AIziwXpYqxgwcP91QpH97\n"
- "XfwdXIcyjYvVLHiKmkQj2zJTY7MeyiEQQ2it8VstZG2fYmi2EiMZIEnyJ2JJ7bA7\n"
- "bF7pG7Cg3oEHUM0H5KUU\n" "-----END CERTIFICATE-----\n",
- "-----BEGIN CERTIFICATE-----\n"
- "MIICADCCAWmgAwIBAgIJAIZ4nkHQAqTFMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV\n"
- "BAYTAkRFMRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazENMAsGA1UEAxMEcm9vdDAe\n"
- "Fw0wODExMDMxMjA0NDVaFw0wODEyMDMxMjA0NDVaMD0xCzAJBgNVBAYTAkRFMRcw\n"
- "FQYDVQQKEw5HTlUgVExTIEF0dGFjazEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMIGf\n"
- "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvBpW8sAhIuUmNvcBE6wv/q7MtM1Z9\n"
- "2I1SDL8eJ8I2nPg6BlCX+OIqNruynj8J7uPEQ04ZLwLxNXoyZa8057YFyrKLOvoj\n"
- "5IfBtidsLWYv6PO3qqHJXVvwGdS7PKMuUlsjucCRyXVgQ07ODF7piqoVFi9KD99w\n"
- "AU5+9plGrZNP/wIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n"
- "A4GBAGPg+M+8MsB6zHN2o+jAtyqovrTTwmzVWEgfEH/aHC9+imGZRQ5lFNc2vdny\n"
- "AgaJ9/izO5S6Ibb5zUowN2WhoUJOVipuQa2m9AviOgheoU7tmANC9ylm/pRkKy/0\n"
- "n5UVzlKxDhRp/xBb7MWOw3KEQjiAf2Z3wCLcCPUqcJUdJC4v\n"
- "-----END CERTIFICATE-----\n",
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n"
- "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n"
- "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n"
- "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n"
- "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n"
- "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n"
- "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n"
- "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n"
- "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n"
- "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n"
- "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n"
- "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n"
- "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n"
- "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n"
- "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n"
- "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n"
- "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n"
- "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n"
- "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n"
- "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n"
- "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n"
- "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n"
- "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB6zCCAVQCCQCgwnB/k0WZrDANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJE\n"
+ "RTEXMBUGA1UEChMOR05VIFRMUyBBdHRhY2sxFTATBgNVBAMTDGludGVybWVkaWF0\n"
+ "ZTAeFw0wODExMDMxMjA1MDRaFw0wODEyMDMxMjA1MDRaMDcxCzAJBgNVBAYTAkRF\n"
+ "MRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazEPMA0GA1UEAxMGc2VydmVyMIGfMA0G\n"
+ "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKdL9g5ErMLOLRCjiomZlNLhy0moWGaKIW\n"
+ "aX6vyUIfh8d6FcArHoKoqhmX7ckvod50sOYPojQesDpl7gVaQNA6Ntr1VCcuNPef\n"
+ "UKWtEwL0Qu9JbPnUoIYd7mAaqVQgFp6W6yzV/dp63LH4XSdzBMhpZ/EU6vZoE8Sv\n"
+ "VLdqj5r6jwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH4QRR7sZEbjW00tXYk/3O/Z\n"
+ "96AxJNg0F78W5B68gaJrLJ7DTE2RTglscuEq1+2Jyb4AIziwXpYqxgwcP91QpH97\n"
+ "XfwdXIcyjYvVLHiKmkQj2zJTY7MeyiEQQ2it8VstZG2fYmi2EiMZIEnyJ2JJ7bA7\n"
+ "bF7pG7Cg3oEHUM0H5KUU\n" "-----END CERTIFICATE-----\n",
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICADCCAWmgAwIBAgIJAIZ4nkHQAqTFMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV\n"
+ "BAYTAkRFMRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazENMAsGA1UEAxMEcm9vdDAe\n"
+ "Fw0wODExMDMxMjA0NDVaFw0wODEyMDMxMjA0NDVaMD0xCzAJBgNVBAYTAkRFMRcw\n"
+ "FQYDVQQKEw5HTlUgVExTIEF0dGFjazEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMIGf\n"
+ "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvBpW8sAhIuUmNvcBE6wv/q7MtM1Z9\n"
+ "2I1SDL8eJ8I2nPg6BlCX+OIqNruynj8J7uPEQ04ZLwLxNXoyZa8057YFyrKLOvoj\n"
+ "5IfBtidsLWYv6PO3qqHJXVvwGdS7PKMuUlsjucCRyXVgQ07ODF7piqoVFi9KD99w\n"
+ "AU5+9plGrZNP/wIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n"
+ "A4GBAGPg+M+8MsB6zHN2o+jAtyqovrTTwmzVWEgfEH/aHC9+imGZRQ5lFNc2vdny\n"
+ "AgaJ9/izO5S6Ibb5zUowN2WhoUJOVipuQa2m9AviOgheoU7tmANC9ylm/pRkKy/0\n"
+ "n5UVzlKxDhRp/xBb7MWOw3KEQjiAf2Z3wCLcCPUqcJUdJC4v\n"
+ "-----END CERTIFICATE-----\n",
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n"
+ "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n"
+ "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n"
+ "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n"
+ "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n"
+ "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n"
+ "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n"
+ "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n"
+ "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n"
+ "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n"
+ "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n"
+ "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n"
+ "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n"
+ "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n"
+ "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n"
+ "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n"
+ "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n"
+ "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n"
+ "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n"
+ "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n"
+ "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n"
+ "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n"
+ "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n"
+ "-----END CERTIFICATE-----\n"
};
static const char *pem_ca = {
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n"
- "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n"
- "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n"
- "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n"
- "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n"
- "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n"
- "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n"
- "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n"
- "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n"
- "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n"
- "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n"
- "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n"
- "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n"
- "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n"
- "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n"
- "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n"
- "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n"
- "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n"
- "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n"
- "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n"
- "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n"
- "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n"
- "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n"
+ "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n"
+ "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n"
+ "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n"
+ "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n"
+ "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n"
+ "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n"
+ "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n"
+ "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n"
+ "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n"
+ "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n"
+ "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n"
+ "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n"
+ "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n"
+ "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n"
+ "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n"
+ "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n"
+ "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n"
+ "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n"
+ "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n"
+ "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n"
+ "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n"
+ "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n"
+ "-----END CERTIFICATE-----\n"
};
#define CHAIN_LENGTH (sizeof (pem_certs) / sizeof (pem_certs[0]))
static const char *pem_self_cert = {
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n"
- "BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n"
- "YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n"
- "BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n"
- "IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n"
- "CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n"
- "0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n"
- "y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n"
- "yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n"
- "hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n"
- "1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n"
- "HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
- "BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n"
- "WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n"
- "jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n"
- "8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n"
- "HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n"
- "kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n"
- "DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n"
- "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n"
+ "BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n"
+ "YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n"
+ "BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n"
+ "IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n"
+ "CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n"
+ "0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n"
+ "y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n"
+ "yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n"
+ "hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n"
+ "1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n"
+ "HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
+ "BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n"
+ "WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n"
+ "jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n"
+ "8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n"
+ "HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n"
+ "kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n"
+ "DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n"
+ "-----END CERTIFICATE-----\n"
};
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- int ret;
- gnutls_x509_crt_t certs[3];
- gnutls_x509_crt_t ca;
- gnutls_x509_crt_t self_cert;
- gnutls_datum_t tmp;
- size_t i;
- unsigned int verify_status;
+ int ret;
+ gnutls_x509_crt_t certs[3];
+ gnutls_x509_crt_t ca;
+ gnutls_x509_crt_t self_cert;
+ gnutls_datum_t tmp;
+ size_t i;
+ unsigned int verify_status;
- ret = global_init ();
- if (ret != 0)
- {
- printf ("%d: %s\n", ret, gnutls_strerror (ret));
- return EXIT_FAILURE;
- }
+ ret = global_init();
+ if (ret != 0) {
+ printf("%d: %s\n", ret, gnutls_strerror(ret));
+ return EXIT_FAILURE;
+ }
- for (i = 0; i < CHAIN_LENGTH; i++)
- {
- ret = gnutls_x509_crt_init (&certs[i]);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_init[%d]: %s", (int) i,
- gnutls_strerror (ret));
- exit(1);
- }
+ for (i = 0; i < CHAIN_LENGTH; i++) {
+ ret = gnutls_x509_crt_init(&certs[i]);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_init[%d]: %s",
+ (int) i, gnutls_strerror(ret));
+ exit(1);
+ }
- tmp.data = (unsigned char *) pem_certs[i];
- tmp.size = strlen (pem_certs[i]);
+ tmp.data = (unsigned char *) pem_certs[i];
+ tmp.size = strlen(pem_certs[i]);
- ret = gnutls_x509_crt_import (certs[i], &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_import[%d]: %s", (int) i,
- gnutls_strerror (ret));
- exit(1);
- }
- }
+ ret =
+ gnutls_x509_crt_import(certs[i], &tmp,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_import[%d]: %s",
+ (int) i, gnutls_strerror(ret));
+ exit(1);
+ }
+ }
- ret = gnutls_x509_crt_init (&ca);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_crt_init: %s",
- gnutls_strerror (ret));
- exit(1);
- }
+ ret = gnutls_x509_crt_init(&ca);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
- tmp.data = (unsigned char *) pem_ca;
- tmp.size = strlen (pem_ca);
+ tmp.data = (unsigned char *) pem_ca;
+ tmp.size = strlen(pem_ca);
- ret = gnutls_x509_crt_import (ca, &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_crt_import: %s",
- gnutls_strerror (ret));
- exit(1);
- }
+ ret = gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_import: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
- ret = gnutls_x509_crt_list_verify (certs, CHAIN_LENGTH,
- &ca, 1,
- NULL, 0,
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
- &verify_status);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_crt_list_verify[%d]: %s", (int) i,
- gnutls_strerror (ret));
- exit(1);
- }
+ ret = gnutls_x509_crt_list_verify(certs, CHAIN_LENGTH,
+ &ca, 1,
+ NULL, 0,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
+ &verify_status);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_list_verify[%d]: %s",
+ (int) i, gnutls_strerror(ret));
+ exit(1);
+ }
- if (verify_status != (GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID))
- {
- fprintf( stderr, "verify_status: %d", verify_status);
- exit(1);
- }
+ if (verify_status !=
+ (GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID)) {
+ fprintf(stderr, "verify_status: %d", verify_status);
+ exit(1);
+ }
- gnutls_x509_crt_deinit (ca);
- for (i = 0; i < CHAIN_LENGTH; i++)
- gnutls_x509_crt_deinit (certs[i]);
+ gnutls_x509_crt_deinit(ca);
+ for (i = 0; i < CHAIN_LENGTH; i++)
+ gnutls_x509_crt_deinit(certs[i]);
- /* Also test chain length of 1, since the initial patch to solve the
- problem caused a crash in this situation. */
+ /* Also test chain length of 1, since the initial patch to solve the
+ problem caused a crash in this situation. */
- ret = gnutls_x509_crt_init (&self_cert);
- if (ret < 0)
- {
- fprintf( stderr, "gnutls_x509_crt_init: %s",
- gnutls_strerror (ret));
- exit(1);
- }
+ ret = gnutls_x509_crt_init(&self_cert);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_init: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
- tmp.data = (unsigned char *) pem_self_cert;
- tmp.size = strlen (pem_self_cert);
+ tmp.data = (unsigned char *) pem_self_cert;
+ tmp.size = strlen(pem_self_cert);
- ret = gnutls_x509_crt_import (self_cert, &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf (stderr, "gnutls_x509_crt_import: %s",
- gnutls_strerror (ret));
- exit(1);
- }
- ret = gnutls_x509_crt_list_verify (&self_cert, 1,
- &self_cert, 1,
- NULL, 0,
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
- &verify_status);
- if (ret < 0)
- {
- fprintf(stderr, "gnutls_x509_crt_list_verify[%d]: %s", (int) i,
- gnutls_strerror (ret));
- exit(1);
- }
+ ret = gnutls_x509_crt_import(self_cert, &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_import: %s",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ ret = gnutls_x509_crt_list_verify(&self_cert, 1,
+ &self_cert, 1,
+ NULL, 0,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
+ &verify_status);
+ if (ret < 0) {
+ fprintf(stderr, "gnutls_x509_crt_list_verify[%d]: %s",
+ (int) i, gnutls_strerror(ret));
+ exit(1);
+ }
- if (verify_status != 0)
- {
- fprintf(stderr, "verify_status: %d", verify_status);
- exit(1);
- }
+ if (verify_status != 0) {
+ fprintf(stderr, "verify_status: %d", verify_status);
+ exit(1);
+ }
- gnutls_x509_crt_deinit (self_cert);
+ gnutls_x509_crt_deinit(self_cert);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/tests/cve-2009-1415.c b/tests/cve-2009-1415.c
index f9b3d6c4e3..8f27ded013 100644
--- a/tests/cve-2009-1415.c
+++ b/tests/cve-2009-1415.c
@@ -50,67 +50,68 @@
#include <gnutls/abstract.h>
static char dsa_cert[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDbzCCAtqgAwIBAgIERiYdRTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTQxWhcNMDgwNDE3MTMyOTQxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCCAbQwggEpBgcqhkjOOAQBMIIBHAKBgLmE9VqBvhoNxYpzjwybL5u2DkvD\n"
- "dBp/ZK2d8yjFoEe8m1dW8ZfVfjcD6fJM9OOLfzCjXS+7oaI3wuo1jx+xX6aiXwHx\n"
- "IzYr5E8vLd2d1TqmOa96UXzSJY6XdM8exXtLdkOBBx8GFLhuWBLhkOI3b9Ib7GjF\n"
- "WOLmMOBqXixjeOwHAhSfVoxIZC/+jap6bZbbBF0W7wilcQKBgGIGfuRcdgi3Rhpd\n"
- "15fUKiH7HzHJ0vT6Odgn0Zv8J12nCqca/FPBL0PCN8iFfz1Mq12BMvsdXh5UERYg\n"
- "xoBa2YybQ/Dda6D0w/KKnDnSHHsP7/ook4/SoSLr3OCKi60oDs/vCYXpNr2LelDV\n"
- "e/clDWxgEcTvcJDP1hvru47GPjqXA4GEAAKBgA+Kh1fy0cLcrN9Liw+Luin34QPk\n"
- "VfqymAfW/RKxgLz1urRQ1H+gDkPnn8l4EV/l5Awsa2qkNdy9VOVgNpox0YpZbmsc\n"
- "ur0uuut8h+/ayN2h66SD5out+vqOW9c3yDI+lsI+9EPafZECD7e8+O+P90EAXpbf\n"
- "DwiW3Oqy6QaCr9Ivo4GTMIGQMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdGVz\n"
- "dC5nbnV0bHMub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n"
- "gAAwHQYDVR0OBBYEFL/su87Y6HtwVuzz0SuS1tSZClvzMB8GA1UdIwQYMBaAFOk8\n"
- "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n"
- "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n"
- "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n"
- "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDbzCCAtqgAwIBAgIERiYdRTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTQxWhcNMDgwNDE3MTMyOTQxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCCAbQwggEpBgcqhkjOOAQBMIIBHAKBgLmE9VqBvhoNxYpzjwybL5u2DkvD\n"
+ "dBp/ZK2d8yjFoEe8m1dW8ZfVfjcD6fJM9OOLfzCjXS+7oaI3wuo1jx+xX6aiXwHx\n"
+ "IzYr5E8vLd2d1TqmOa96UXzSJY6XdM8exXtLdkOBBx8GFLhuWBLhkOI3b9Ib7GjF\n"
+ "WOLmMOBqXixjeOwHAhSfVoxIZC/+jap6bZbbBF0W7wilcQKBgGIGfuRcdgi3Rhpd\n"
+ "15fUKiH7HzHJ0vT6Odgn0Zv8J12nCqca/FPBL0PCN8iFfz1Mq12BMvsdXh5UERYg\n"
+ "xoBa2YybQ/Dda6D0w/KKnDnSHHsP7/ook4/SoSLr3OCKi60oDs/vCYXpNr2LelDV\n"
+ "e/clDWxgEcTvcJDP1hvru47GPjqXA4GEAAKBgA+Kh1fy0cLcrN9Liw+Luin34QPk\n"
+ "VfqymAfW/RKxgLz1urRQ1H+gDkPnn8l4EV/l5Awsa2qkNdy9VOVgNpox0YpZbmsc\n"
+ "ur0uuut8h+/ayN2h66SD5out+vqOW9c3yDI+lsI+9EPafZECD7e8+O+P90EAXpbf\n"
+ "DwiW3Oqy6QaCr9Ivo4GTMIGQMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdGVz\n"
+ "dC5nbnV0bHMub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n"
+ "gAAwHQYDVR0OBBYEFL/su87Y6HtwVuzz0SuS1tSZClvzMB8GA1UdIwQYMBaAFOk8\n"
+ "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n"
+ "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n"
+ "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n"
+ "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t dsa_cert_dat = {
- (void*)dsa_cert, sizeof (dsa_cert)
+ (void *) dsa_cert, sizeof(dsa_cert)
};
-int
-main (void)
+int main(void)
{
- gnutls_x509_crt_t crt;
- gnutls_pubkey_t pubkey;
- gnutls_datum_t data = { (void *) "foo", 3 };
- gnutls_datum_t sig = { (void *) "bar", 3 };
- int ret;
+ gnutls_x509_crt_t crt;
+ gnutls_pubkey_t pubkey;
+ gnutls_datum_t data = { (void *) "foo", 3 };
+ gnutls_datum_t sig = { (void *) "bar", 3 };
+ int ret;
- global_init ();
+ global_init();
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- return 1;
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ return 1;
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- return 1;
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0)
+ return 1;
- ret = gnutls_x509_crt_import (crt, &dsa_cert_dat, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- return 1;
+ ret =
+ gnutls_x509_crt_import(crt, &dsa_cert_dat,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ return 1;
- ret = gnutls_pubkey_import_x509( pubkey, crt, 0);
- if (ret < 0)
- return 1;
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0)
+ return 1;
- ret = gnutls_pubkey_verify_data (pubkey, 0, &data, &sig);
- if (ret < 0 && ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
- return 1;
+ ret = gnutls_pubkey_verify_data(pubkey, 0, &data, &sig);
+ if (ret < 0 && ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
+ return 1;
- //printf ("success!\n");
+ //printf ("success!\n");
- gnutls_x509_crt_deinit (crt);
- gnutls_pubkey_deinit( pubkey);
- gnutls_global_deinit ();
+ gnutls_x509_crt_deinit(crt);
+ gnutls_pubkey_deinit(pubkey);
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/tests/cve-2009-1416.c b/tests/cve-2009-1416.c
index 667e1958e0..5bfb43cd7b 100644
--- a/tests/cve-2009-1416.c
+++ b/tests/cve-2009-1416.c
@@ -46,41 +46,39 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
-int
-main (void)
+int main(void)
{
- gnutls_x509_privkey_t key;
- gnutls_datum_t p, q, g, y, x;
- int ret;
+ gnutls_x509_privkey_t key;
+ gnutls_datum_t p, q, g, y, x;
+ int ret;
- global_init ();
+ global_init();
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- return 1;
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0)
+ return 1;
- ret = gnutls_x509_privkey_generate (key, GNUTLS_PK_DSA, 512, 0);
- if (ret < 0)
- return 1;
+ ret = gnutls_x509_privkey_generate(key, GNUTLS_PK_DSA, 512, 0);
+ if (ret < 0)
+ return 1;
- ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
- if (ret < 0)
- return 1;
+ ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y, &x);
+ if (ret < 0)
+ return 1;
- if (q.size == 3 && memcmp (q.data, "\x01\x00\x01", 3) == 0)
- {
- printf ("buggy\n");
- return 1;
- }
+ if (q.size == 3 && memcmp(q.data, "\x01\x00\x01", 3) == 0) {
+ printf("buggy\n");
+ return 1;
+ }
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
- gnutls_free (x.data);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+ gnutls_free(x.data);
- gnutls_x509_privkey_deinit (key);
- gnutls_global_deinit ();
+ gnutls_x509_privkey_deinit(key);
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/tests/dhepskself.c b/tests/dhepskself.c
index dcb91fa15e..64db452d26 100644
--- a/tests/dhepskself.c
+++ b/tests/dhepskself.c
@@ -33,10 +33,9 @@
#if defined(_WIN32)
/* socketpair isn't supported on Win32. */
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -58,94 +57,86 @@ main (int argc, char** argv)
#define MAX_BUF 1024
#define MSG "Hello TLS"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-static void
-client (int sd)
+static void client(int sd)
{
- int ret, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_psk_client_credentials_t pskcred;
- const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
-
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (5);
-
- gnutls_psk_allocate_client_credentials (&pskcred);
- gnutls_psk_set_client_credentials (pskcred, "test", &key,
- GNUTLS_PSK_KEY_HEX);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NORMAL:+DHE-PSK", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, pskcred);
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- fputc (buffer[ii], stdout);
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
-end:
-
- close (sd);
-
- gnutls_deinit (session);
-
- gnutls_psk_free_client_credentials (pskcred);
-
- gnutls_global_deinit ();
+ int ret, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_psk_client_credentials_t pskcred;
+ const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(5);
+
+ gnutls_psk_allocate_client_credentials(&pskcred);
+ gnutls_psk_set_client_credentials(pskcred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, "NORMAL:+DHE-PSK", NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred);
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ fputc(buffer[ii], stdout);
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ close(sd);
+
+ gnutls_deinit(session);
+
+ gnutls_psk_free_client_credentials(pskcred);
+
+ gnutls_global_deinit();
}
/* This is a sample TLS 1.0 echo server, for PSK authentication.
@@ -156,50 +147,50 @@ end:
/* These are global */
gnutls_psk_server_credentials_t server_pskcred;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct(session, "NORMAL:+DHE-PSK", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, "NORMAL:+DHE-PSK", NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, server_pskcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred);
- return session;
+ return session;
}
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ return gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
}
static int
-pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
+pskfunc(gnutls_session_t session, const char *username,
+ gnutls_datum_t * key)
{
- if (debug)
- printf ("psk callback to get %s's password\n", username);
- key->data = gnutls_malloc (4);
- key->data[0] = 0xDE;
- key->data[1] = 0xAD;
- key->data[2] = 0xBE;
- key->data[3] = 0xEF;
- key->size = 4;
- return 0;
+ if (debug)
+ printf("psk callback to get %s's password\n", username);
+ key->data = gnutls_malloc(4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
}
int err, ret;
@@ -208,111 +199,102 @@ gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
-static void
-server (int sd)
+static void server(int sd)
{
- /* this must be called once in the program
- */
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- generate_dh_params ();
-
- gnutls_psk_allocate_server_credentials (&server_pskcred);
- gnutls_psk_set_server_credentials_function (server_pskcred, pskfunc);
- gnutls_psk_set_server_dh_params (server_pskcred, dh_params);
-
- session = initialize_tls_session ();
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- return;
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- gnutls_psk_free_server_credentials (server_pskcred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ /* this must be called once in the program
+ */
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ generate_dh_params();
+
+ gnutls_psk_allocate_server_credentials(&server_pskcred);
+ gnutls_psk_set_server_credentials_function(server_pskcred,
+ pskfunc);
+ gnutls_psk_set_server_dh_params(server_pskcred, dh_params);
+
+ session = initialize_tls_session();
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ return;
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
+
+ gnutls_psk_free_server_credentials(server_pskcred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- pid_t child;
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (sockets[0]);
- wait (&status);
- }
- else
- client (sockets[1]);
+ pid_t child;
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(sockets[0]);
+ wait(&status);
+ } else
+ client(sockets[1]);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/dn.c b/tests/dn.c
index e8e12c3ada..05710fda3b 100644
--- a/tests/dn.c
+++ b/tests/dn.c
@@ -30,105 +30,100 @@
#include "utils.h"
static char pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIE8jCCAtqgAwIBAgIDAkQVMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv\n"
- "b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ\n"
- "Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y\n"
- "dEBjYWNlcnQub3JnMB4XDTA2MDUxNTE1MjEzMVoXDTA3MDUxNTE1MjEzMVowPjEY\n"
- "MBYGA1UEAxMPQ0FjZXJ0IFdvVCBVc2VyMSIwIAYJKoZIhvcNAQkBFhNzaW1vbkBq\n"
- "b3NlZnNzb24ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuddO\n"
- "vxr7gfof8Ejtk/EOC16m0UdymQhwQwfPM5wWKJCJK9l5GoXSHe+s/+6HPLhXo2do\n"
- "byUS6X3w7ODO6MGnlWALJUapUa2LinofYwYWFVlOlwyuN2lW+xQgeQjn24R8Glzl\n"
- "KQ2f5C9JOE3RSGnHr7VH/6JJy+rPovh+gqKHjt9UH6Su1LFEQGUg+x+CVPAluYty\n"
- "ECfHdAad2Gcbgn3vkMyKEF6VAKR/G9uDb7bBVuA73UWkUtDi3dekM882UqH5HQRj\n"
- "mGYoGJk49PQ52jGftXNIDyHDOYWXTl9W64dHKRGaW0LOrkLrodjMPdudTvSsoWzK\n"
- "DpMMdHLsFx2/+MAsPwIDAQABo4G9MIG6MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4\n"
- "QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFk\n"
- "IG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMDIGCCsGAQUFBwEBBCYwJDAi\n"
- "BggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzAeBgNVHREEFzAVgRNz\n"
- "aW1vbkBqb3NlZnNzb24ub3JnMA0GCSqGSIb3DQEBBQUAA4ICAQCXhyNfM8ozU2Jw\n"
- "H+XEDgrt3lUgnUbXQC+AGXdj4ZIJXQfHOCCQxZOO6Oe9V0rxldO3M5tQi92yRjci\n"
- "aa892MCVPxTkJLR0h4Kx4JfeTtSvl+9nWPSRrZbPTdWZ3ecnCyrfLfEas6pZp1ur\n"
- "lJkaEksAg5dGNrvJGPqBbF6A44b1wlBTCHEBZy2n/7Qml7Nhydymq2nFhDtlQJ6X\n"
- "w+6juM85vaEII6kuNatk2OcMJG9R0JxbC0e+PPI1jk7wuAz4WIMyj+ZudGNOTWKN\n"
- "3ohK9v0/EE1/S+KMy3T7fzMkbKkwAQZzQNoDf8bSzvDwtZsoudA4Kcloz8a/iKEH\n"
- "C9nKYBU8sFBd1cYV7ocFhN2awvuVnBlfsEN4eO5TRA50hmLxwt5D8Vs2v55n1kl6\n"
- "7PBo6H2ZMfbQcws731k4RpOqQcU+2yl/wBlDChOOO95mbJ31tqMh27yIjIemgD6Z\n"
- "jxL92AgHPzSFy/nyqmZ1ADcnB5fC5WsEYyr9tPM1gpjJEsi95YIBrO7Uyt4tj5U3\n"
- "dYDvbU+Mg1r0gJi61wciuyAllwKfu9aqkCjJKQGHrTimWzRa6RPygaojWIEmap89\n"
- "bHarWgDg9CKVP1DggVkcD838s//kE1Vl2DReyfAtEQ1agSXLFncgxL+yOi1o3lcq\n"
- "+dmDgpDn168TY1Iug80uVKg7AfkLrA==\n" "-----END CERTIFICATE-----\n";
-
-static void
-print_dn (gnutls_x509_dn_t dn)
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIE8jCCAtqgAwIBAgIDAkQVMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv\n"
+ "b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ\n"
+ "Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y\n"
+ "dEBjYWNlcnQub3JnMB4XDTA2MDUxNTE1MjEzMVoXDTA3MDUxNTE1MjEzMVowPjEY\n"
+ "MBYGA1UEAxMPQ0FjZXJ0IFdvVCBVc2VyMSIwIAYJKoZIhvcNAQkBFhNzaW1vbkBq\n"
+ "b3NlZnNzb24ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuddO\n"
+ "vxr7gfof8Ejtk/EOC16m0UdymQhwQwfPM5wWKJCJK9l5GoXSHe+s/+6HPLhXo2do\n"
+ "byUS6X3w7ODO6MGnlWALJUapUa2LinofYwYWFVlOlwyuN2lW+xQgeQjn24R8Glzl\n"
+ "KQ2f5C9JOE3RSGnHr7VH/6JJy+rPovh+gqKHjt9UH6Su1LFEQGUg+x+CVPAluYty\n"
+ "ECfHdAad2Gcbgn3vkMyKEF6VAKR/G9uDb7bBVuA73UWkUtDi3dekM882UqH5HQRj\n"
+ "mGYoGJk49PQ52jGftXNIDyHDOYWXTl9W64dHKRGaW0LOrkLrodjMPdudTvSsoWzK\n"
+ "DpMMdHLsFx2/+MAsPwIDAQABo4G9MIG6MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4\n"
+ "QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFk\n"
+ "IG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMDIGCCsGAQUFBwEBBCYwJDAi\n"
+ "BggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzAeBgNVHREEFzAVgRNz\n"
+ "aW1vbkBqb3NlZnNzb24ub3JnMA0GCSqGSIb3DQEBBQUAA4ICAQCXhyNfM8ozU2Jw\n"
+ "H+XEDgrt3lUgnUbXQC+AGXdj4ZIJXQfHOCCQxZOO6Oe9V0rxldO3M5tQi92yRjci\n"
+ "aa892MCVPxTkJLR0h4Kx4JfeTtSvl+9nWPSRrZbPTdWZ3ecnCyrfLfEas6pZp1ur\n"
+ "lJkaEksAg5dGNrvJGPqBbF6A44b1wlBTCHEBZy2n/7Qml7Nhydymq2nFhDtlQJ6X\n"
+ "w+6juM85vaEII6kuNatk2OcMJG9R0JxbC0e+PPI1jk7wuAz4WIMyj+ZudGNOTWKN\n"
+ "3ohK9v0/EE1/S+KMy3T7fzMkbKkwAQZzQNoDf8bSzvDwtZsoudA4Kcloz8a/iKEH\n"
+ "C9nKYBU8sFBd1cYV7ocFhN2awvuVnBlfsEN4eO5TRA50hmLxwt5D8Vs2v55n1kl6\n"
+ "7PBo6H2ZMfbQcws731k4RpOqQcU+2yl/wBlDChOOO95mbJ31tqMh27yIjIemgD6Z\n"
+ "jxL92AgHPzSFy/nyqmZ1ADcnB5fC5WsEYyr9tPM1gpjJEsi95YIBrO7Uyt4tj5U3\n"
+ "dYDvbU+Mg1r0gJi61wciuyAllwKfu9aqkCjJKQGHrTimWzRa6RPygaojWIEmap89\n"
+ "bHarWgDg9CKVP1DggVkcD838s//kE1Vl2DReyfAtEQ1agSXLFncgxL+yOi1o3lcq\n"
+ "+dmDgpDn168TY1Iug80uVKg7AfkLrA==\n" "-----END CERTIFICATE-----\n";
+
+static void print_dn(gnutls_x509_dn_t dn)
{
- int i, j, ret = 0;
- gnutls_x509_ava_st ava;
-
- for (i = 0; ret == 0; i++)
- for (j = 0; ret == 0; j++)
- {
- ret = gnutls_x509_dn_get_rdn_ava (dn, i, j, &ava);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- {
- if (j > 0)
- {
- j = 0;
- ret = 0;
- }
- break;
- }
- if (ret < 0)
- fail ("get_rdn_ava %d\n", ret);
- if (debug)
- printf ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n", i, j,
- ava.oid.size, ava.oid.data, ava.value.size, ava.value.data);
- }
+ int i, j, ret = 0;
+ gnutls_x509_ava_st ava;
+
+ for (i = 0; ret == 0; i++)
+ for (j = 0; ret == 0; j++) {
+ ret = gnutls_x509_dn_get_rdn_ava(dn, i, j, &ava);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
+ if (j > 0) {
+ j = 0;
+ ret = 0;
+ }
+ break;
+ }
+ if (ret < 0)
+ fail("get_rdn_ava %d\n", ret);
+ if (debug)
+ printf
+ ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n",
+ i, j, ava.oid.size, ava.oid.data,
+ ava.value.size, ava.value.data);
+ }
}
-void
-doit (void)
+void doit(void)
{
- int ret;
- gnutls_datum_t pem_cert = { (unsigned char*)pem, sizeof (pem) };
- gnutls_x509_crt_t cert;
- gnutls_x509_dn_t xdn;
-
- ret = global_init ();
- if (ret < 0)
- fail ("init %d\n", ret);
-
- ret = gnutls_x509_crt_init (&cert);
- if (ret < 0)
- fail ("crt_init %d\n", ret);
-
- ret = gnutls_x509_crt_import (cert, &pem_cert, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("crt_import %d\n", ret);
-
- ret = gnutls_x509_crt_get_issuer (cert, &xdn);
- if (ret < 0)
- fail ("get_issuer %d\n", ret);
-
- if (debug)
- {
- printf ("Issuer:\n");
- print_dn (xdn);
- }
-
- ret = gnutls_x509_crt_get_subject (cert, &xdn);
- if (ret < 0)
- fail ("get_subject %d\n", ret);
-
- if (debug)
- {
- printf ("Subject:\n");
- print_dn (xdn);
- }
-
- if (debug)
- success ("done\n");
-
- gnutls_x509_crt_deinit (cert);
- gnutls_global_deinit ();
+ int ret;
+ gnutls_datum_t pem_cert = { (unsigned char *) pem, sizeof(pem) };
+ gnutls_x509_crt_t cert;
+ gnutls_x509_dn_t xdn;
+
+ ret = global_init();
+ if (ret < 0)
+ fail("init %d\n", ret);
+
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0)
+ fail("crt_init %d\n", ret);
+
+ ret = gnutls_x509_crt_import(cert, &pem_cert, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("crt_import %d\n", ret);
+
+ ret = gnutls_x509_crt_get_issuer(cert, &xdn);
+ if (ret < 0)
+ fail("get_issuer %d\n", ret);
+
+ if (debug) {
+ printf("Issuer:\n");
+ print_dn(xdn);
+ }
+
+ ret = gnutls_x509_crt_get_subject(cert, &xdn);
+ if (ret < 0)
+ fail("get_subject %d\n", ret);
+
+ if (debug) {
+ printf("Subject:\n");
+ print_dn(xdn);
+ }
+
+ if (debug)
+ success("done\n");
+
+ gnutls_x509_crt_deinit(cert);
+ gnutls_global_deinit();
}
diff --git a/tests/dn2.c b/tests/dn2.c
index a490c4dccb..cd750782c5 100644
--- a/tests/dn2.c
+++ b/tests/dn2.c
@@ -30,75 +30,75 @@
#include "utils.h"
static char pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIFpzCCBI+gAwIBAgIQSOyh48ZYvgTFR8HspnpkMzANBgkqhkiG9w0BAQUFADCB\n"
- "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
- "HhcNMDgxMTEzMDAwMDAwWhcNMDkxMTEzMjM1OTU5WjCB6zETMBEGCysGAQQBgjc8\n"
- "AgEDEwJERTEZMBcGCysGAQQBgjc8AgEBFAhNdWVuY2hlbjEbMBkGA1UEDxMSVjEu\n"
- "MCwgQ2xhdXNlIDUuKGIpMRMwEQYDVQQFEwpIUkIgMTQ0MjYxMQswCQYDVQQGEwJE\n"
- "RTEOMAwGA1UEERQFODA4MDcxEDAOBgNVBAgTB0JhdmFyaWExETAPBgNVBAcUCE11\n"
- "ZW5jaGVuMR0wGwYDVQQJFBRGcmFua2Z1cnRlciBSaW5nIDEyOTERMA8GA1UEChQI\n"
- "R01YIEdtYkgxEzARBgNVBAMUCnd3dy5nbXguZGUwgZ8wDQYJKoZIhvcNAQEBBQAD\n"
- "gY0AMIGJAoGBAN/ZbLu17YtZo2OGnOfQDwhQlCvks2c+5nJDXjnCHI/ykSGlPH4G\n"
- "5qc7/TScNV1/g0bUTRCA11+aVkvf6haRZfgwbxpY1iySNv8eOlm52QAfh3diJQ9N\n"
- "5LxQblLHMRxXSFCJThl4BYAt70YdNMT9mVD21xx6ae+m3xEuco31aV7ZAgMBAAGj\n"
- "ggH0MIIB8DAJBgNVHRMEAjAAMB0GA1UdDgQWBBTW4UAZN3wEg5TRWaoM1angbgOX\n"
- "tjALBgNVHQ8EBAMCBaAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAqMCgGCCsG\n"
- "AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMD4GA1UdHwQ3MDUw\n"
- "M6AxoC+GLWh0dHA6Ly9FVkludGwtY3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2\n"
- "LmNybDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATAf\n"
- "BgNVHSMEGDAWgBROQ8gddu83U3pP8lhvlPM44tW93zB2BggrBgEFBQcBAQRqMGgw\n"
- "KwYIKwYBBQUHMAGGH2h0dHA6Ly9FVkludGwtb2NzcC52ZXJpc2lnbi5jb20wOQYI\n"
- "KwYBBQUHMAKGLWh0dHA6Ly9FVkludGwtYWlhLnZlcmlzaWduLmNvbS9FVkludGwy\n"
- "MDA2LmNlcjBuBggrBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAf\n"
- "MAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52\n"
- "ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJKoZIhvcNAQEFBQADggEBAKpNJQYO\n"
- "JTp34I24kvRF01WpOWOmfBx4K1gqruda/7U0UZqgTgBJVvwraKf6WeTZpHRqDCTw\n"
- "iwySv7jil+gLMT0qIZxL1pII90z71tz08h8xYi1MOLeciG87O9C5pteL/iEtiMxB\n"
- "96B6WWBo9mzgwSM1d8LDhrarZ7uQhm+kBAMyEXhmDnCPWhvExvxJzjEmOlxjThyP\n"
- "2yvIgfLyDfplRe+jUbsY7YNe08eEyoLRq1jwPuRWTaEx2gA7C6pq45747/HkJrtF\n"
- "ya3ULM/AJv6Nj6pobxzQ5rEkUGEwKavu7GMjLrSMnHrbVCiQrn1v6c7B9nSPA31L\n"
- "/do1TDFI0vSl5+M=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIFpzCCBI+gAwIBAgIQSOyh48ZYvgTFR8HspnpkMzANBgkqhkiG9w0BAQUFADCB\n"
+ "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
+ "HhcNMDgxMTEzMDAwMDAwWhcNMDkxMTEzMjM1OTU5WjCB6zETMBEGCysGAQQBgjc8\n"
+ "AgEDEwJERTEZMBcGCysGAQQBgjc8AgEBFAhNdWVuY2hlbjEbMBkGA1UEDxMSVjEu\n"
+ "MCwgQ2xhdXNlIDUuKGIpMRMwEQYDVQQFEwpIUkIgMTQ0MjYxMQswCQYDVQQGEwJE\n"
+ "RTEOMAwGA1UEERQFODA4MDcxEDAOBgNVBAgTB0JhdmFyaWExETAPBgNVBAcUCE11\n"
+ "ZW5jaGVuMR0wGwYDVQQJFBRGcmFua2Z1cnRlciBSaW5nIDEyOTERMA8GA1UEChQI\n"
+ "R01YIEdtYkgxEzARBgNVBAMUCnd3dy5nbXguZGUwgZ8wDQYJKoZIhvcNAQEBBQAD\n"
+ "gY0AMIGJAoGBAN/ZbLu17YtZo2OGnOfQDwhQlCvks2c+5nJDXjnCHI/ykSGlPH4G\n"
+ "5qc7/TScNV1/g0bUTRCA11+aVkvf6haRZfgwbxpY1iySNv8eOlm52QAfh3diJQ9N\n"
+ "5LxQblLHMRxXSFCJThl4BYAt70YdNMT9mVD21xx6ae+m3xEuco31aV7ZAgMBAAGj\n"
+ "ggH0MIIB8DAJBgNVHRMEAjAAMB0GA1UdDgQWBBTW4UAZN3wEg5TRWaoM1angbgOX\n"
+ "tjALBgNVHQ8EBAMCBaAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAqMCgGCCsG\n"
+ "AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMD4GA1UdHwQ3MDUw\n"
+ "M6AxoC+GLWh0dHA6Ly9FVkludGwtY3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2\n"
+ "LmNybDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATAf\n"
+ "BgNVHSMEGDAWgBROQ8gddu83U3pP8lhvlPM44tW93zB2BggrBgEFBQcBAQRqMGgw\n"
+ "KwYIKwYBBQUHMAGGH2h0dHA6Ly9FVkludGwtb2NzcC52ZXJpc2lnbi5jb20wOQYI\n"
+ "KwYBBQUHMAKGLWh0dHA6Ly9FVkludGwtYWlhLnZlcmlzaWduLmNvbS9FVkludGwy\n"
+ "MDA2LmNlcjBuBggrBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAf\n"
+ "MAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52\n"
+ "ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJKoZIhvcNAQEFBQADggEBAKpNJQYO\n"
+ "JTp34I24kvRF01WpOWOmfBx4K1gqruda/7U0UZqgTgBJVvwraKf6WeTZpHRqDCTw\n"
+ "iwySv7jil+gLMT0qIZxL1pII90z71tz08h8xYi1MOLeciG87O9C5pteL/iEtiMxB\n"
+ "96B6WWBo9mzgwSM1d8LDhrarZ7uQhm+kBAMyEXhmDnCPWhvExvxJzjEmOlxjThyP\n"
+ "2yvIgfLyDfplRe+jUbsY7YNe08eEyoLRq1jwPuRWTaEx2gA7C6pq45747/HkJrtF\n"
+ "ya3ULM/AJv6Nj6pobxzQ5rEkUGEwKavu7GMjLrSMnHrbVCiQrn1v6c7B9nSPA31L\n"
+ "/do1TDFI0vSl5+M=\n" "-----END CERTIFICATE-----\n";
static const char *info =
- "subject `jurisdictionOfIncorporationCountryName=DE,jurisdictionOfIncorporationLocalityName=Muenchen,businessCategory=V1.0\\, Clause 5.(b),serialNumber=HRB 144261,C=DE,postalCode=80807,ST=Bavaria,L=Muenchen,street=Frankfurter Ring 129,O=GMX GmbH,CN=www.gmx.de', issuer `C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA', RSA key 1024 bits, signed using RSA-SHA1, activated `2008-11-13 00:00:00 UTC', expires `2009-11-13 23:59:59 UTC', SHA-1 fingerprint `7ece297c45d5b17685224b4e929a30e91a9553cb'";
+ "subject `jurisdictionOfIncorporationCountryName=DE,jurisdictionOfIncorporationLocalityName=Muenchen,businessCategory=V1.0\\, Clause 5.(b),serialNumber=HRB 144261,C=DE,postalCode=80807,ST=Bavaria,L=Muenchen,street=Frankfurter Ring 129,O=GMX GmbH,CN=www.gmx.de', issuer `C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA', RSA key 1024 bits, signed using RSA-SHA1, activated `2008-11-13 00:00:00 UTC', expires `2009-11-13 23:59:59 UTC', SHA-1 fingerprint `7ece297c45d5b17685224b4e929a30e91a9553cb'";
-void
-doit (void)
+void doit(void)
{
- gnutls_datum_t pem_cert = { (void*)pem, sizeof (pem) };
- gnutls_x509_crt_t cert;
- gnutls_datum_t out;
- int ret;
+ gnutls_datum_t pem_cert = { (void *) pem, sizeof(pem) };
+ gnutls_x509_crt_t cert;
+ gnutls_datum_t out;
+ int ret;
- ret = global_init ();
- if (ret < 0)
- fail ("init %d\n", ret);
+ ret = global_init();
+ if (ret < 0)
+ fail("init %d\n", ret);
- ret = gnutls_x509_crt_init (&cert);
- if (ret < 0)
- fail ("crt_init %d\n", ret);
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0)
+ fail("crt_init %d\n", ret);
- ret = gnutls_x509_crt_import (cert, &pem_cert, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("crt_import %d\n", ret);
+ ret = gnutls_x509_crt_import(cert, &pem_cert, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("crt_import %d\n", ret);
- ret = gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_ONELINE, &out);
- if (ret < 0)
- fail ("x509_crt_print %d\n", ret);
+ ret = gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_ONELINE, &out);
+ if (ret < 0)
+ fail("x509_crt_print %d\n", ret);
- if (out.size != strlen (info) ||
- strcasecmp ((char*)out.data, info) != 0)
- fail ("comparison fail (%d/%d)\nexpect: %s\n got: %.*s\n",
- out.size, (int) strlen (info), info, out.size, out.data);
+ if (out.size != strlen(info) ||
+ strcasecmp((char *) out.data, info) != 0)
+ fail("comparison fail (%d/%d)\nexpect: %s\n got: %.*s\n",
+ out.size, (int) strlen(info), info, out.size,
+ out.data);
- gnutls_x509_crt_deinit (cert);
- gnutls_global_deinit ();
- gnutls_free (out.data);
+ gnutls_x509_crt_deinit(cert);
+ gnutls_global_deinit();
+ gnutls_free(out.data);
- if (debug)
- success ("done\n");
+ if (debug)
+ success("done\n");
}
diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c
index 7e758bbbf3..ebbfc09342 100644
--- a/tests/dtls/dtls-stress.c
+++ b/tests/dtls/dtls-stress.c
@@ -107,13 +107,14 @@ typedef struct {
typedef struct {
gnutls_datum_t packets[5];
- int* order;
+ int *order;
int count;
} filter_permute_state_t;
-typedef void (*filter_fn)(gnutls_transport_ptr_t, const unsigned char*, size_t);
+typedef void (*filter_fn) (gnutls_transport_ptr_t, const unsigned char *,
+ size_t);
-typedef int (*match_fn)(const unsigned char*, size_t);
+typedef int (*match_fn) (const unsigned char *, size_t);
enum role { SERVER, CLIENT };
@@ -122,128 +123,201 @@ enum role { SERVER, CLIENT };
// {{{ static data
static int permutations2[2][2]
- = { { 0, 1 }, { 1, 0 } };
+= { {0, 1}, {1, 0} };
-static const char* permutation_names2[]
- = { "01", "10", 0 };
+static const char *permutation_names2[]
+= { "01", "10", 0 };
static int permutations3[6][3]
- = { { 0, 1, 2 }, { 0, 2, 1 }, { 1, 0, 2 }, { 1, 2, 0 }, { 2, 0, 1 }, { 2, 1, 0 } };
+= { {0, 1, 2}, {0, 2, 1}, {1, 0, 2}, {1, 2, 0}, {2, 0, 1}, {2, 1, 0} };
-static const char* permutation_names3[]
- = { "012", "021", "102", "120", "201", "210", 0 };
+static const char *permutation_names3[]
+= { "012", "021", "102", "120", "201", "210", 0 };
static int permutations5[120][5]
- = { { 0, 1, 2, 3, 4 }, { 0, 2, 1, 3, 4 }, { 1, 0, 2, 3, 4 }, { 1, 2, 0, 3, 4 }, { 2, 0, 1, 3, 4 }, { 2, 1, 0, 3, 4 },
- { 0, 1, 3, 2, 4 }, { 0, 2, 3, 1, 4 }, { 1, 0, 3, 2, 4 }, { 1, 2, 3, 0, 4 }, { 2, 0, 3, 1, 4 }, { 2, 1, 3, 0, 4 },
- { 0, 3, 1, 2, 4 }, { 0, 3, 2, 1, 4 }, { 1, 3, 0, 2, 4 }, { 1, 3, 2, 0, 4 }, { 2, 3, 0, 1, 4 }, { 2, 3, 1, 0, 4 },
- { 3, 0, 1, 2, 4 }, { 3, 0, 2, 1, 4 }, { 3, 1, 0, 2, 4 }, { 3, 1, 2, 0, 4 }, { 3, 2, 0, 1, 4 }, { 3, 2, 1, 0, 4 },
- { 0, 1, 2, 4, 3 }, { 0, 2, 1, 4, 3 }, { 1, 0, 2, 4, 3 }, { 1, 2, 0, 4, 3 }, { 2, 0, 1, 4, 3 }, { 2, 1, 0, 4, 3 },
- { 0, 1, 3, 4, 2 }, { 0, 2, 3, 4, 1 }, { 1, 0, 3, 4, 2 }, { 1, 2, 3, 4, 0 }, { 2, 0, 3, 4, 1 }, { 2, 1, 3, 4, 0 },
- { 0, 3, 1, 4, 2 }, { 0, 3, 2, 4, 1 }, { 1, 3, 0, 4, 2 }, { 1, 3, 2, 4, 0 }, { 2, 3, 0, 4, 1 }, { 2, 3, 1, 4, 0 },
- { 3, 0, 1, 4, 2 }, { 3, 0, 2, 4, 1 }, { 3, 1, 0, 4, 2 }, { 3, 1, 2, 4, 0 }, { 3, 2, 0, 4, 1 }, { 3, 2, 1, 4, 0 },
- { 0, 1, 4, 2, 3 }, { 0, 2, 4, 1, 3 }, { 1, 0, 4, 2, 3 }, { 1, 2, 4, 0, 3 }, { 2, 0, 4, 1, 3 }, { 2, 1, 4, 0, 3 },
- { 0, 1, 4, 3, 2 }, { 0, 2, 4, 3, 1 }, { 1, 0, 4, 3, 2 }, { 1, 2, 4, 3, 0 }, { 2, 0, 4, 3, 1 }, { 2, 1, 4, 3, 0 },
- { 0, 3, 4, 1, 2 }, { 0, 3, 4, 2, 1 }, { 1, 3, 4, 0, 2 }, { 1, 3, 4, 2, 0 }, { 2, 3, 4, 0, 1 }, { 2, 3, 4, 1, 0 },
- { 3, 0, 4, 1, 2 }, { 3, 0, 4, 2, 1 }, { 3, 1, 4, 0, 2 }, { 3, 1, 4, 2, 0 }, { 3, 2, 4, 0, 1 }, { 3, 2, 4, 1, 0 },
- { 0, 4, 1, 2, 3 }, { 0, 4, 2, 1, 3 }, { 1, 4, 0, 2, 3 }, { 1, 4, 2, 0, 3 }, { 2, 4, 0, 1, 3 }, { 2, 4, 1, 0, 3 },
- { 0, 4, 1, 3, 2 }, { 0, 4, 2, 3, 1 }, { 1, 4, 0, 3, 2 }, { 1, 4, 2, 3, 0 }, { 2, 4, 0, 3, 1 }, { 2, 4, 1, 3, 0 },
- { 0, 4, 3, 1, 2 }, { 0, 4, 3, 2, 1 }, { 1, 4, 3, 0, 2 }, { 1, 4, 3, 2, 0 }, { 2, 4, 3, 0, 1 }, { 2, 4, 3, 1, 0 },
- { 3, 4, 0, 1, 2 }, { 3, 4, 0, 2, 1 }, { 3, 4, 1, 0, 2 }, { 3, 4, 1, 2, 0 }, { 3, 4, 2, 0, 1 }, { 3, 4, 2, 1, 0 },
- { 4, 0, 1, 2, 3 }, { 4, 0, 2, 1, 3 }, { 4, 1, 0, 2, 3 }, { 4, 1, 2, 0, 3 }, { 4, 2, 0, 1, 3 }, { 4, 2, 1, 0, 3 },
- { 4, 0, 1, 3, 2 }, { 4, 0, 2, 3, 1 }, { 4, 1, 0, 3, 2 }, { 4, 1, 2, 3, 0 }, { 4, 2, 0, 3, 1 }, { 4, 2, 1, 3, 0 },
- { 4, 0, 3, 1, 2 }, { 4, 0, 3, 2, 1 }, { 4, 1, 3, 0, 2 }, { 4, 1, 3, 2, 0 }, { 4, 2, 3, 0, 1 }, { 4, 2, 3, 1, 0 },
- { 4, 3, 0, 1, 2 }, { 4, 3, 0, 2, 1 }, { 4, 3, 1, 0, 2 }, { 4, 3, 1, 2, 0 }, { 4, 3, 2, 0, 1 }, { 4, 3, 2, 1, 0 } };
-
-static const char* permutation_names5[]
- = { "01234", "02134", "10234", "12034", "20134", "21034", "01324", "02314", "10324", "12304", "20314", "21304",
- "03124", "03214", "13024", "13204", "23014", "23104", "30124", "30214", "31024", "31204", "32014", "32104",
- "01243", "02143", "10243", "12043", "20143", "21043", "01342", "02341", "10342", "12340", "20341", "21340",
- "03142", "03241", "13042", "13240", "23041", "23140", "30142", "30241", "31042", "31240", "32041", "32140",
- "01423", "02413", "10423", "12403", "20413", "21403", "01432", "02431", "10432", "12430", "20431", "21430",
- "03412", "03421", "13402", "13420", "23401", "23410", "30412", "30421", "31402", "31420", "32401", "32410",
- "04123", "04213", "14023", "14203", "24013", "24103", "04132", "04231", "14032", "14230", "24031", "24130",
- "04312", "04321", "14302", "14320", "24301", "24310", "34012", "34021", "34102", "34120", "34201", "34210",
- "40123", "40213", "41023", "41203", "42013", "42103", "40132", "40231", "41032", "41230", "42031", "42130",
- "40312", "40321", "41302", "41320", "42301", "42310", "43012", "43021", "43102", "43120", "43201", "43210", 0 };
-
-static const char* filter_names[8]
- = { "SHello",
- "SKeyExchange",
- "SHelloDone",
- "CKeyExchange",
- "CChangeCipherSpec",
- "CFinished",
- "SChangeCipherSpec",
- "SFinished" };
-
-static const char* filter_names_full[12]
- = { "SHello",
- "SCertificate",
- "SKeyExchange",
- "SCertificateRequest",
- "SHelloDone",
- "CCertificate",
- "CKeyExchange",
- "CCertificateVerify",
- "CChangeCipherSpec",
- "CFinished",
- "SChangeCipherSpec",
- "SFinished" };
+= { {0, 1, 2, 3, 4}, {0, 2, 1, 3, 4}, {1, 0, 2, 3, 4}, {1, 2, 0, 3, 4}, {2,
+ 0,
+ 1,
+ 3,
+ 4},
+ {2, 1, 0, 3, 4},
+{0, 1, 3, 2, 4}, {0, 2, 3, 1, 4}, {1, 0, 3, 2, 4}, {1, 2, 3, 0, 4}, {2, 0,
+ 3, 1,
+ 4},
+ {2, 1, 3, 0, 4},
+{0, 3, 1, 2, 4}, {0, 3, 2, 1, 4}, {1, 3, 0, 2, 4}, {1, 3, 2, 0, 4}, {2, 3,
+ 0, 1,
+ 4},
+ {2, 3, 1, 0, 4},
+{3, 0, 1, 2, 4}, {3, 0, 2, 1, 4}, {3, 1, 0, 2, 4}, {3, 1, 2, 0, 4}, {3, 2,
+ 0, 1,
+ 4},
+ {3, 2, 1, 0, 4},
+{0, 1, 2, 4, 3}, {0, 2, 1, 4, 3}, {1, 0, 2, 4, 3}, {1, 2, 0, 4, 3}, {2, 0,
+ 1, 4,
+ 3},
+ {2, 1, 0, 4, 3},
+{0, 1, 3, 4, 2}, {0, 2, 3, 4, 1}, {1, 0, 3, 4, 2}, {1, 2, 3, 4, 0}, {2, 0,
+ 3, 4,
+ 1},
+ {2, 1, 3, 4, 0},
+{0, 3, 1, 4, 2}, {0, 3, 2, 4, 1}, {1, 3, 0, 4, 2}, {1, 3, 2, 4, 0}, {2, 3,
+ 0, 4,
+ 1},
+ {2, 3, 1, 4, 0},
+{3, 0, 1, 4, 2}, {3, 0, 2, 4, 1}, {3, 1, 0, 4, 2}, {3, 1, 2, 4, 0}, {3, 2,
+ 0, 4,
+ 1},
+ {3, 2, 1, 4, 0},
+{0, 1, 4, 2, 3}, {0, 2, 4, 1, 3}, {1, 0, 4, 2, 3}, {1, 2, 4, 0, 3}, {2, 0,
+ 4, 1,
+ 3},
+ {2, 1, 4, 0, 3},
+{0, 1, 4, 3, 2}, {0, 2, 4, 3, 1}, {1, 0, 4, 3, 2}, {1, 2, 4, 3, 0}, {2, 0,
+ 4, 3,
+ 1},
+ {2, 1, 4, 3, 0},
+{0, 3, 4, 1, 2}, {0, 3, 4, 2, 1}, {1, 3, 4, 0, 2}, {1, 3, 4, 2, 0}, {2, 3,
+ 4, 0,
+ 1},
+ {2, 3, 4, 1, 0},
+{3, 0, 4, 1, 2}, {3, 0, 4, 2, 1}, {3, 1, 4, 0, 2}, {3, 1, 4, 2, 0}, {3, 2,
+ 4, 0,
+ 1},
+ {3, 2, 4, 1, 0},
+{0, 4, 1, 2, 3}, {0, 4, 2, 1, 3}, {1, 4, 0, 2, 3}, {1, 4, 2, 0, 3}, {2, 4,
+ 0, 1,
+ 3},
+ {2, 4, 1, 0, 3},
+{0, 4, 1, 3, 2}, {0, 4, 2, 3, 1}, {1, 4, 0, 3, 2}, {1, 4, 2, 3, 0}, {2, 4,
+ 0, 3,
+ 1},
+ {2, 4, 1, 3, 0},
+{0, 4, 3, 1, 2}, {0, 4, 3, 2, 1}, {1, 4, 3, 0, 2}, {1, 4, 3, 2, 0}, {2, 4,
+ 3, 0,
+ 1},
+ {2, 4, 3, 1, 0},
+{3, 4, 0, 1, 2}, {3, 4, 0, 2, 1}, {3, 4, 1, 0, 2}, {3, 4, 1, 2, 0}, {3, 4,
+ 2, 0,
+ 1},
+ {3, 4, 2, 1, 0},
+{4, 0, 1, 2, 3}, {4, 0, 2, 1, 3}, {4, 1, 0, 2, 3}, {4, 1, 2, 0, 3}, {4, 2,
+ 0, 1,
+ 3},
+ {4, 2, 1, 0, 3},
+{4, 0, 1, 3, 2}, {4, 0, 2, 3, 1}, {4, 1, 0, 3, 2}, {4, 1, 2, 3, 0}, {4, 2,
+ 0, 3,
+ 1},
+ {4, 2, 1, 3, 0},
+{4, 0, 3, 1, 2}, {4, 0, 3, 2, 1}, {4, 1, 3, 0, 2}, {4, 1, 3, 2, 0}, {4, 2,
+ 3, 0,
+ 1},
+ {4, 2, 3, 1, 0},
+{4, 3, 0, 1, 2}, {4, 3, 0, 2, 1}, {4, 3, 1, 0, 2}, {4, 3, 1, 2, 0}, {4, 3,
+ 2, 0,
+ 1},
+ {4, 3, 2, 1, 0}
+};
+
+static const char *permutation_names5[]
+ = { "01234", "02134", "10234", "12034", "20134", "21034", "01324",
+ "02314", "10324", "12304", "20314", "21304",
+ "03124", "03214", "13024", "13204", "23014", "23104", "30124",
+ "30214", "31024", "31204", "32014", "32104",
+ "01243", "02143", "10243", "12043", "20143", "21043", "01342",
+ "02341", "10342", "12340", "20341", "21340",
+ "03142", "03241", "13042", "13240", "23041", "23140", "30142",
+ "30241", "31042", "31240", "32041", "32140",
+ "01423", "02413", "10423", "12403", "20413", "21403", "01432",
+ "02431", "10432", "12430", "20431", "21430",
+ "03412", "03421", "13402", "13420", "23401", "23410", "30412",
+ "30421", "31402", "31420", "32401", "32410",
+ "04123", "04213", "14023", "14203", "24013", "24103", "04132",
+ "04231", "14032", "14230", "24031", "24130",
+ "04312", "04321", "14302", "14320", "24301", "24310", "34012",
+ "34021", "34102", "34120", "34201", "34210",
+ "40123", "40213", "41023", "41203", "42013", "42103", "40132",
+ "40231", "41032", "41230", "42031", "42130",
+ "40312", "40321", "41302", "41320", "42301", "42310", "43012",
+ "43021", "43102", "43120", "43201", "43210", 0
+};
+
+static const char *filter_names[8]
+ = { "SHello",
+ "SKeyExchange",
+ "SHelloDone",
+ "CKeyExchange",
+ "CChangeCipherSpec",
+ "CFinished",
+ "SChangeCipherSpec",
+ "SFinished"
+};
+
+static const char *filter_names_full[12]
+ = { "SHello",
+ "SCertificate",
+ "SKeyExchange",
+ "SCertificateRequest",
+ "SHelloDone",
+ "CCertificate",
+ "CKeyExchange",
+ "CCertificateVerify",
+ "CChangeCipherSpec",
+ "CFinished",
+ "SChangeCipherSpec",
+ "SFinished"
+};
static const unsigned char PUBKEY[] =
- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
- "\n"
- "mI0ETz0XRAEEAKXSU/tg2yGvoKf/r1pdzj7dnfPHeS+BRiT34763uUhibAbTgMkp\n"
- "v44OlBPiAaZ54uuXVkz8e4pgvrBgQwIRtNp3xPaWF1CfC4F+V4LdZV8l8IG+AfES\n"
- "K0GbfUS4q8vjnPJ0TyxnXE2KtbcRdzZzWBshJ8KChKwbH2vvrMrlmEeZABEBAAG0\n"
- "CHRlc3Qga2V5iLgEEwECACIFAk89F0QCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B\n"
- "AheAAAoJEMNjhmkfkLY9J/YD+wYZ2BD/0/c5gkkDP2NlVvrLGyFmEwQcR7DcaQYB\n"
- "P3/Teq2gnscZ5Xm/z1qgGEpwmaVfVHY8mfEj8bYI8jAu0v1C1jCtJPUTmxf9tmkZ\n"
- "QYFNR8T+F5Xae2XseOH70lSN/AEiW02BEBFlGBx0a3T30muFfqi/KawaE7KKn2e4\n"
- "uNWvuI0ETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1\n"
- "Ao9g+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw\n"
- "1PUl/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEB\n"
- "AAGInwQYAQIACQUCTz0XRAIbDAAKCRDDY4ZpH5C2PTBtBACVsR6l4HtuzQb5WFQt\n"
- "sD/lQEk6BEY9aVfK957Oj+A4alGEGObToqVJFo/nq+P7aWExIXucJQRL8lYnC7u+\n"
- "GjPVCun5TYzKMiryxHPkQr9NBx4hh8JjkDCc8nAgI3il49uPYkmsv70CgqJFFtT8\n"
- "NfM+8fS537I+XA+hfjt20NUFIA==\n"
- "=oD3a\n"
- "-----END PGP PUBLIC KEY BLOCK-----\n";
-
-static const unsigned char PRIVKEY[] =
- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
- "\n"
- "lQHYBE89F0QBBACl0lP7YNshr6Cn/69aXc4+3Z3zx3kvgUYk9+O+t7lIYmwG04DJ\n"
- "Kb+ODpQT4gGmeeLrl1ZM/HuKYL6wYEMCEbTad8T2lhdQnwuBfleC3WVfJfCBvgHx\n"
- "EitBm31EuKvL45zydE8sZ1xNirW3EXc2c1gbISfCgoSsGx9r76zK5ZhHmQARAQAB\n"
- "AAP6A6VhRVi22MHE1YzQrTr8yvMSgwayynGcOjndHxdpEodferLx1Pp/BL+bT+ib\n"
- "Qq7RZ363Xg/7I2rHJpenQYdkI5SI4KrXIV57p8G+isyTtsxU38SY84WoB5os8sfT\n"
- "YhxG+edoTfDzXkRSWFB8EUjRaLa2b//nvLpxNRyqDSzzUxECAMtEnL5H/8gHbpZf\n"
- "D98TSJVxdAl9rBAQaVMgrFgcU/IlmxCyVEh9eh/P261tefgOnyVcGFYHxdZvJ3td\n"
- "miM+DNUCANDW1S9t7IiqflDpQIS2wGTZ/rLKPoE1F3285EaYAd0FQUq0O4/Nu31D\n"
- "5pz/S7D+PfXn9oEZH3Dvl3EVIDyq4bUB+QEzFc3BsH2uueD3g42RoBfMGl6m3LI9\n"
- "yWOnrUmIW+h9Fu8W9mcU6y82Q1G7OPIxA1me/Qtzo20lGQa8jAyzLhuit7QIdGVz\n"
- "dCBrZXmIuAQTAQIAIgUCTz0XRAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA\n"
- "CgkQw2OGaR+Qtj0n9gP7BhnYEP/T9zmCSQM/Y2VW+ssbIWYTBBxHsNxpBgE/f9N6\n"
- "raCexxnleb/PWqAYSnCZpV9UdjyZ8SPxtgjyMC7S/ULWMK0k9RObF/22aRlBgU1H\n"
- "xP4Xldp7Zex44fvSVI38ASJbTYEQEWUYHHRrdPfSa4V+qL8prBoTsoqfZ7i41a+d\n"
- "AdgETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1Ao9g\n"
- "+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw1PUl\n"
- "/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEBAAEA\n"
- "A/4wX+brqkGZQTv8lateHn3PRHM3O34nPjgiNeo/SV9EKZg1e1PdRx9ZTAJrGK9y\n"
- "uZ03BKn7vZIy7fD4ufVzV/s/BaypVmvwjZud8fdMgsMQAJYtoMhozbOtUelCFpja\n"
- "I1xAbDBx1PAAbS8Sh022/0jvOGnZhvkgZMG90z7AEANUYQIAwzywU087TcJk8Bzd\n"
- "37JGWyE4f3iYFGA+r8BoIOrxvvgfUHKxdhG0gaT8SDeRAwNY6D43dCBZkG7Uel1F\n"
- "x9MlLQIA3Goaz58hEN0fdm4TM7A8crtMB+f8/h87EneBgMl+Yj/3sklhyahR6Itm\n"
- "lGuAAGTAOmD7i8OmS/a1ac5MtHAGtwH6A0B5GjaL8VnLQo4vFnuR7JuCQaLqGadV\n"
- "mBmKxVHElduLf/VauBQPD5KZA+egpg+laJ4JLVXMmKIZGqRzopcIWZnKiJ8EGAEC\n"
- "AAkFAk89F0QCGwwACgkQw2OGaR+Qtj0wbQQAlbEepeB7bs0G+VhULbA/5UBJOgRG\n"
- "PWlXyveezo/gOGpRhBjm06KlSRaP56vj+2lhMSF7nCUES/JWJwu7vhoz1Qrp+U2M\n"
- "yjIq8sRz5EK/TQceIYfCY5AwnPJwICN4pePbj2JJrL+9AoKiRRbU/DXzPvH0ud+y\n"
- "PlwPoX47dtDVBSA=\n"
- "=EVlv\n"
- "-----END PGP PRIVATE KEY BLOCK-----\n";
+ "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+ "\n"
+ "mI0ETz0XRAEEAKXSU/tg2yGvoKf/r1pdzj7dnfPHeS+BRiT34763uUhibAbTgMkp\n"
+ "v44OlBPiAaZ54uuXVkz8e4pgvrBgQwIRtNp3xPaWF1CfC4F+V4LdZV8l8IG+AfES\n"
+ "K0GbfUS4q8vjnPJ0TyxnXE2KtbcRdzZzWBshJ8KChKwbH2vvrMrlmEeZABEBAAG0\n"
+ "CHRlc3Qga2V5iLgEEwECACIFAk89F0QCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B\n"
+ "AheAAAoJEMNjhmkfkLY9J/YD+wYZ2BD/0/c5gkkDP2NlVvrLGyFmEwQcR7DcaQYB\n"
+ "P3/Teq2gnscZ5Xm/z1qgGEpwmaVfVHY8mfEj8bYI8jAu0v1C1jCtJPUTmxf9tmkZ\n"
+ "QYFNR8T+F5Xae2XseOH70lSN/AEiW02BEBFlGBx0a3T30muFfqi/KawaE7KKn2e4\n"
+ "uNWvuI0ETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1\n"
+ "Ao9g+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw\n"
+ "1PUl/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEB\n"
+ "AAGInwQYAQIACQUCTz0XRAIbDAAKCRDDY4ZpH5C2PTBtBACVsR6l4HtuzQb5WFQt\n"
+ "sD/lQEk6BEY9aVfK957Oj+A4alGEGObToqVJFo/nq+P7aWExIXucJQRL8lYnC7u+\n"
+ "GjPVCun5TYzKMiryxHPkQr9NBx4hh8JjkDCc8nAgI3il49uPYkmsv70CgqJFFtT8\n"
+ "NfM+8fS537I+XA+hfjt20NUFIA==\n"
+ "=oD3a\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+
+static const unsigned char PRIVKEY[] =
+ "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+ "\n"
+ "lQHYBE89F0QBBACl0lP7YNshr6Cn/69aXc4+3Z3zx3kvgUYk9+O+t7lIYmwG04DJ\n"
+ "Kb+ODpQT4gGmeeLrl1ZM/HuKYL6wYEMCEbTad8T2lhdQnwuBfleC3WVfJfCBvgHx\n"
+ "EitBm31EuKvL45zydE8sZ1xNirW3EXc2c1gbISfCgoSsGx9r76zK5ZhHmQARAQAB\n"
+ "AAP6A6VhRVi22MHE1YzQrTr8yvMSgwayynGcOjndHxdpEodferLx1Pp/BL+bT+ib\n"
+ "Qq7RZ363Xg/7I2rHJpenQYdkI5SI4KrXIV57p8G+isyTtsxU38SY84WoB5os8sfT\n"
+ "YhxG+edoTfDzXkRSWFB8EUjRaLa2b//nvLpxNRyqDSzzUxECAMtEnL5H/8gHbpZf\n"
+ "D98TSJVxdAl9rBAQaVMgrFgcU/IlmxCyVEh9eh/P261tefgOnyVcGFYHxdZvJ3td\n"
+ "miM+DNUCANDW1S9t7IiqflDpQIS2wGTZ/rLKPoE1F3285EaYAd0FQUq0O4/Nu31D\n"
+ "5pz/S7D+PfXn9oEZH3Dvl3EVIDyq4bUB+QEzFc3BsH2uueD3g42RoBfMGl6m3LI9\n"
+ "yWOnrUmIW+h9Fu8W9mcU6y82Q1G7OPIxA1me/Qtzo20lGQa8jAyzLhuit7QIdGVz\n"
+ "dCBrZXmIuAQTAQIAIgUCTz0XRAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA\n"
+ "CgkQw2OGaR+Qtj0n9gP7BhnYEP/T9zmCSQM/Y2VW+ssbIWYTBBxHsNxpBgE/f9N6\n"
+ "raCexxnleb/PWqAYSnCZpV9UdjyZ8SPxtgjyMC7S/ULWMK0k9RObF/22aRlBgU1H\n"
+ "xP4Xldp7Zex44fvSVI38ASJbTYEQEWUYHHRrdPfSa4V+qL8prBoTsoqfZ7i41a+d\n"
+ "AdgETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1Ao9g\n"
+ "+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw1PUl\n"
+ "/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEBAAEA\n"
+ "A/4wX+brqkGZQTv8lateHn3PRHM3O34nPjgiNeo/SV9EKZg1e1PdRx9ZTAJrGK9y\n"
+ "uZ03BKn7vZIy7fD4ufVzV/s/BaypVmvwjZud8fdMgsMQAJYtoMhozbOtUelCFpja\n"
+ "I1xAbDBx1PAAbS8Sh022/0jvOGnZhvkgZMG90z7AEANUYQIAwzywU087TcJk8Bzd\n"
+ "37JGWyE4f3iYFGA+r8BoIOrxvvgfUHKxdhG0gaT8SDeRAwNY6D43dCBZkG7Uel1F\n"
+ "x9MlLQIA3Goaz58hEN0fdm4TM7A8crtMB+f8/h87EneBgMl+Yj/3sklhyahR6Itm\n"
+ "lGuAAGTAOmD7i8OmS/a1ac5MtHAGtwH6A0B5GjaL8VnLQo4vFnuR7JuCQaLqGadV\n"
+ "mBmKxVHElduLf/VauBQPD5KZA+egpg+laJ4JLVXMmKIZGqRzopcIWZnKiJ8EGAEC\n"
+ "AAkFAk89F0QCGwwACgkQw2OGaR+Qtj0wbQQAlbEepeB7bs0G+VhULbA/5UBJOgRG\n"
+ "PWlXyveezo/gOGpRhBjm06KlSRaP56vj+2lhMSF7nCUES/JWJwu7vhoz1Qrp+U2M\n"
+ "yjIq8sRz5EK/TQceIYfCY5AwnPJwICN4pePbj2JJrL+9AoKiRRbU/DXzPvH0ud+y\n"
+ "PlwPoX47dtDVBSA=\n" "=EVlv\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
// }}}
@@ -266,31 +340,34 @@ int run_id;
// {{{ logging and error handling
-static void logfn(int level, const char* s)
+static void logfn(int level, const char *s)
{
if (debug) {
- fprintf(stdout, "%i %s|<%i> %s", run_id, role_name, level, s);
+ fprintf(stdout, "%i %s|<%i> %s", run_id, role_name, level,
+ s);
}
}
-static void auditfn(gnutls_session_t session, const char* s)
+static void auditfn(gnutls_session_t session, const char *s)
{
if (debug) {
fprintf(stdout, "%i %s| %s", run_id, role_name, s);
}
}
-static void drop(const char* packet)
+static void drop(const char *packet)
{
if (debug) {
- fprintf(stdout, "%i %s| dropping %s\n", run_id, role_name, packet);
+ fprintf(stdout, "%i %s| dropping %s\n", run_id, role_name,
+ packet);
}
}
static int _process_error(int loc, int code, int die)
{
if (code < 0 && (die || code != GNUTLS_E_AGAIN)) {
- fprintf(stdout, "%i <%s tls> line %i: %s", run_id, role_name, loc, gnutls_strerror(code));
+ fprintf(stdout, "%i <%s tls> line %i: %s", run_id,
+ role_name, loc, gnutls_strerror(code));
if (gnutls_error_is_fatal(code) || die) {
fprintf(stdout, " (fatal)\n");
exit(1);
@@ -310,7 +387,9 @@ static void _process_error_or_timeout(int loc, int err, time_t tdiff)
if (err != GNUTLS_E_TIMEDOUT || tdiff >= 60) {
_process_error(loc, err, 0);
} else {
- fprintf(stdout, "%i %s| line %i: {spurious timeout} (fatal)", run_id, role_name, loc);
+ fprintf(stdout,
+ "%i %s| line %i: {spurious timeout} (fatal)",
+ run_id, role_name, loc);
exit(1);
}
}
@@ -318,9 +397,10 @@ static void _process_error_or_timeout(int loc, int err, time_t tdiff)
#define process_error_or_timeout(code, tdiff) _process_error_or_timeout(__LINE__, code, tdiff)
-static void rperror(const char* name)
+static void rperror(const char *name)
{
- fprintf(stdout, "%i %s| %s: %s\n", run_id, role_name, name, strerror(errno));
+ fprintf(stdout, "%i %s| %s: %s\n", run_id, role_name, name,
+ strerror(errno));
}
// }}}
@@ -340,20 +420,27 @@ filter_packet_state_t state_packet_ClientFinished = { 0 };
filter_packet_state_t state_packet_ServerChangeCipherSpec = { 0 };
filter_packet_state_t state_packet_ServerFinished = { 0 };
-filter_permute_state_t state_permute_ServerHello = { { { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 } }, 0, 0 };
-filter_permute_state_t state_permute_ServerHelloFull = { { { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 } }, 0, 0 };
-filter_permute_state_t state_permute_ServerFinished = { { { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 } }, 0, 0 };
-filter_permute_state_t state_permute_ClientFinished = { { { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 } }, 0, 0 };
-filter_permute_state_t state_permute_ClientFinishedFull = { { { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 }, { 0, 0 } }, 0, 0 };
+filter_permute_state_t state_permute_ServerHello =
+ { {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 };
+filter_permute_state_t state_permute_ServerHelloFull =
+ { {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 };
+filter_permute_state_t state_permute_ServerFinished =
+ { {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 };
+filter_permute_state_t state_permute_ClientFinished =
+ { {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 };
+filter_permute_state_t state_permute_ClientFinishedFull =
+ { {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 };
filter_fn filter_chain[32];
int filter_current_idx;
-static void filter_permute_state_free_buffer(filter_permute_state_t* state)
+static void filter_permute_state_free_buffer(filter_permute_state_t *
+ state)
{
unsigned int i;
- for (i = 0; i < sizeof(state->packets) / sizeof(state->packets[0]); i++) {
+ for (i = 0; i < sizeof(state->packets) / sizeof(state->packets[0]);
+ i++) {
free(state->packets[i].data);
state->packets[i].data = NULL;
}
@@ -367,36 +454,54 @@ static void filter_clear_state(void)
filter_permute_state_free_buffer(&state_permute_ServerHelloFull);
filter_permute_state_free_buffer(&state_permute_ServerFinished);
filter_permute_state_free_buffer(&state_permute_ClientFinished);
- filter_permute_state_free_buffer(&state_permute_ClientFinishedFull);
-
- memset(&state_packet_ServerHello, 0, sizeof(state_packet_ServerHello));
- memset(&state_packet_ServerCertificate, 0, sizeof(state_packet_ServerCertificate));
- memset(&state_packet_ServerKeyExchange, 0, sizeof(state_packet_ServerKeyExchange));
- memset(&state_packet_ServerCertificateRequest, 0, sizeof(state_packet_ServerCertificateRequest));
- memset(&state_packet_ServerHelloDone, 0, sizeof(state_packet_ServerHelloDone));
- memset(&state_packet_ClientCertificate, 0, sizeof(state_packet_ClientCertificate));
- memset(&state_packet_ClientKeyExchange, 0, sizeof(state_packet_ClientKeyExchange));
- memset(&state_packet_ClientCertificateVerify, 0, sizeof(state_packet_ClientCertificateVerify));
- memset(&state_packet_ClientChangeCipherSpec, 0, sizeof(state_packet_ClientChangeCipherSpec));
- memset(&state_packet_ClientFinished, 0, sizeof(state_packet_ClientFinished));
- memset(&state_packet_ServerChangeCipherSpec, 0, sizeof(state_packet_ServerChangeCipherSpec));
- memset(&state_packet_ServerFinished, 0, sizeof(state_packet_ServerFinished));
- memset(&state_permute_ServerHello, 0, sizeof(state_permute_ServerHello));
- memset(&state_permute_ServerHelloFull, 0, sizeof(state_permute_ServerHelloFull));
- memset(&state_permute_ServerFinished, 0, sizeof(state_permute_ServerFinished));
- memset(&state_permute_ClientFinished, 0, sizeof(state_permute_ClientFinished));
- memset(&state_permute_ClientFinishedFull, 0, sizeof(state_permute_ClientFinishedFull));
+ filter_permute_state_free_buffer
+ (&state_permute_ClientFinishedFull);
+
+ memset(&state_packet_ServerHello, 0,
+ sizeof(state_packet_ServerHello));
+ memset(&state_packet_ServerCertificate, 0,
+ sizeof(state_packet_ServerCertificate));
+ memset(&state_packet_ServerKeyExchange, 0,
+ sizeof(state_packet_ServerKeyExchange));
+ memset(&state_packet_ServerCertificateRequest, 0,
+ sizeof(state_packet_ServerCertificateRequest));
+ memset(&state_packet_ServerHelloDone, 0,
+ sizeof(state_packet_ServerHelloDone));
+ memset(&state_packet_ClientCertificate, 0,
+ sizeof(state_packet_ClientCertificate));
+ memset(&state_packet_ClientKeyExchange, 0,
+ sizeof(state_packet_ClientKeyExchange));
+ memset(&state_packet_ClientCertificateVerify, 0,
+ sizeof(state_packet_ClientCertificateVerify));
+ memset(&state_packet_ClientChangeCipherSpec, 0,
+ sizeof(state_packet_ClientChangeCipherSpec));
+ memset(&state_packet_ClientFinished, 0,
+ sizeof(state_packet_ClientFinished));
+ memset(&state_packet_ServerChangeCipherSpec, 0,
+ sizeof(state_packet_ServerChangeCipherSpec));
+ memset(&state_packet_ServerFinished, 0,
+ sizeof(state_packet_ServerFinished));
+ memset(&state_permute_ServerHello, 0,
+ sizeof(state_permute_ServerHello));
+ memset(&state_permute_ServerHelloFull, 0,
+ sizeof(state_permute_ServerHelloFull));
+ memset(&state_permute_ServerFinished, 0,
+ sizeof(state_permute_ServerFinished));
+ memset(&state_permute_ClientFinished, 0,
+ sizeof(state_permute_ClientFinished));
+ memset(&state_permute_ClientFinishedFull, 0,
+ sizeof(state_permute_ClientFinishedFull));
}
static void filter_run_next(gnutls_transport_ptr_t fd,
- const unsigned char* buffer, size_t len)
+ const unsigned char *buffer, size_t len)
{
filter_fn fn = filter_chain[filter_current_idx];
filter_current_idx++;
if (fn) {
fn(fd, buffer, len);
} else {
- send((int)(intptr_t) fd, buffer, len, 0);
+ send((int) (intptr_t) fd, buffer, len, 0);
}
filter_current_idx--;
}
@@ -405,64 +510,78 @@ static void filter_run_next(gnutls_transport_ptr_t fd,
// {{{ packet match functions
-static int match_ServerHello(const unsigned char* buffer, size_t len)
+static int match_ServerHello(const unsigned char *buffer, size_t len)
{
- return role == SERVER && len >= 13 + 1 && buffer[0] == 22 && buffer[13] == 2;
+ return role == SERVER && len >= 13 + 1 && buffer[0] == 22
+ && buffer[13] == 2;
}
-static int match_ServerCertificate(const unsigned char* buffer, size_t len)
+static int match_ServerCertificate(const unsigned char *buffer, size_t len)
{
- return role == SERVER && len >= 13 + 1 && buffer[0] == 22 && buffer[13] == 11;
+ return role == SERVER && len >= 13 + 1 && buffer[0] == 22
+ && buffer[13] == 11;
}
-static int match_ServerKeyExchange(const unsigned char* buffer, size_t len)
+static int match_ServerKeyExchange(const unsigned char *buffer, size_t len)
{
- return role == SERVER && len >= 13 + 1 && buffer[0] == 22 && buffer[13] == 12;
+ return role == SERVER && len >= 13 + 1 && buffer[0] == 22
+ && buffer[13] == 12;
}
-static int match_ServerCertificateRequest(const unsigned char* buffer, size_t len)
+static int match_ServerCertificateRequest(const unsigned char *buffer,
+ size_t len)
{
- return role == SERVER && len >= 13 + 1 && buffer[0] == 22 && buffer[13] == 13;
+ return role == SERVER && len >= 13 + 1 && buffer[0] == 22
+ && buffer[13] == 13;
}
-static int match_ServerHelloDone(const unsigned char* buffer, size_t len)
+static int match_ServerHelloDone(const unsigned char *buffer, size_t len)
{
- return role == SERVER && len >= 13 + 1 && buffer[0] == 22 && buffer[13] == 14;
+ return role == SERVER && len >= 13 + 1 && buffer[0] == 22
+ && buffer[13] == 14;
}
-static int match_ClientCertificate(const unsigned char* buffer, size_t len)
+static int match_ClientCertificate(const unsigned char *buffer, size_t len)
{
- return role == CLIENT && len >= 13 + 1 && buffer[0] == 22 && buffer[13] == 11;
+ return role == CLIENT && len >= 13 + 1 && buffer[0] == 22
+ && buffer[13] == 11;
}
-static int match_ClientKeyExchange(const unsigned char* buffer, size_t len)
+static int match_ClientKeyExchange(const unsigned char *buffer, size_t len)
{
- return role == CLIENT && len >= 13 + 1 && buffer[0] == 22 && buffer[13] == 16;
+ return role == CLIENT && len >= 13 + 1 && buffer[0] == 22
+ && buffer[13] == 16;
}
-static int match_ClientCertificateVerify(const unsigned char* buffer, size_t len)
+static int match_ClientCertificateVerify(const unsigned char *buffer,
+ size_t len)
{
- return role == CLIENT && len >= 13 + 1 && buffer[0] == 22 && buffer[13] == 15;
+ return role == CLIENT && len >= 13 + 1 && buffer[0] == 22
+ && buffer[13] == 15;
}
-static int match_ClientChangeCipherSpec(const unsigned char* buffer, size_t len)
+static int match_ClientChangeCipherSpec(const unsigned char *buffer,
+ size_t len)
{
return role == CLIENT && len >= 13 && buffer[0] == 20;
}
-static int match_ClientFinished(const unsigned char* buffer, size_t len)
+static int match_ClientFinished(const unsigned char *buffer, size_t len)
{
- return role == CLIENT && len >= 13 && buffer[0] == 22 && buffer[4] == 1;
+ return role == CLIENT && len >= 13 && buffer[0] == 22
+ && buffer[4] == 1;
}
-static int match_ServerChangeCipherSpec(const unsigned char* buffer, size_t len)
+static int match_ServerChangeCipherSpec(const unsigned char *buffer,
+ size_t len)
{
return role == SERVER && len >= 13 && buffer[0] == 20;
}
-static int match_ServerFinished(const unsigned char* buffer, size_t len)
+static int match_ServerFinished(const unsigned char *buffer, size_t len)
{
- return role == SERVER && len >= 13 && buffer[0] == 22 && buffer[4] == 1;
+ return role == SERVER && len >= 13 && buffer[0] == 22
+ && buffer[4] == 1;
}
// }}}
@@ -482,26 +601,26 @@ static int match_ServerFinished(const unsigned char* buffer, size_t len)
}
DECLARE_FILTER(ServerHello)
-DECLARE_FILTER(ServerCertificate)
-DECLARE_FILTER(ServerKeyExchange)
-DECLARE_FILTER(ServerCertificateRequest)
-DECLARE_FILTER(ServerHelloDone)
-DECLARE_FILTER(ClientCertificate)
-DECLARE_FILTER(ClientKeyExchange)
-DECLARE_FILTER(ClientCertificateVerify)
-DECLARE_FILTER(ClientChangeCipherSpec)
-DECLARE_FILTER(ClientFinished)
-DECLARE_FILTER(ServerChangeCipherSpec)
-DECLARE_FILTER(ServerFinished)
-
+ DECLARE_FILTER(ServerCertificate)
+ DECLARE_FILTER(ServerKeyExchange)
+ DECLARE_FILTER(ServerCertificateRequest)
+ DECLARE_FILTER(ServerHelloDone)
+ DECLARE_FILTER(ClientCertificate)
+ DECLARE_FILTER(ClientKeyExchange)
+ DECLARE_FILTER(ClientCertificateVerify)
+ DECLARE_FILTER(ClientChangeCipherSpec)
+ DECLARE_FILTER(ClientFinished)
+ DECLARE_FILTER(ServerChangeCipherSpec)
+ DECLARE_FILTER(ServerFinished)
// }}}
-
// {{{ flight permutation filters
-
-static void filter_permute_state_run(filter_permute_state_t* state, int packetCount,
- gnutls_transport_ptr_t fd, const unsigned char* buffer, size_t len)
+static void filter_permute_state_run(filter_permute_state_t * state,
+ int packetCount,
+ gnutls_transport_ptr_t fd,
+ const unsigned char *buffer,
+ size_t len)
{
- unsigned char* data = malloc(len);
+ unsigned char *data = malloc(len);
int packet = state->order[state->count];
memcpy(data, buffer, len);
@@ -534,30 +653,36 @@ static void filter_permute_state_run(filter_permute_state_t* state, int packetCo
filter_run_next(fd, buffer, len); \
}
-static match_fn permute_match_ServerHello[] = { match_ServerHello, match_ServerKeyExchange, match_ServerHelloDone };
-static match_fn permute_match_ServerHelloFull[] = { match_ServerHello, match_ServerCertificate, match_ServerKeyExchange,
- match_ServerCertificateRequest, match_ServerHelloDone };
-static match_fn permute_match_ServerFinished[] = { match_ServerChangeCipherSpec, match_ServerFinished };
-static match_fn permute_match_ClientFinished[] = { match_ClientKeyExchange, match_ClientChangeCipherSpec, match_ClientFinished };
-static match_fn permute_match_ClientFinishedFull[] = { match_ClientCertificate, match_ClientKeyExchange,
- match_ClientCertificateVerify, match_ClientChangeCipherSpec, match_ClientFinished };
+static match_fn permute_match_ServerHello[] =
+ { match_ServerHello, match_ServerKeyExchange, match_ServerHelloDone };
+static match_fn permute_match_ServerHelloFull[] =
+ { match_ServerHello, match_ServerCertificate, match_ServerKeyExchange,
+ match_ServerCertificateRequest, match_ServerHelloDone
+};
+static match_fn permute_match_ServerFinished[] =
+ { match_ServerChangeCipherSpec, match_ServerFinished };
+static match_fn permute_match_ClientFinished[] =
+ { match_ClientKeyExchange, match_ClientChangeCipherSpec,
+match_ClientFinished };
+static match_fn permute_match_ClientFinishedFull[] =
+ { match_ClientCertificate, match_ClientKeyExchange,
+ match_ClientCertificateVerify, match_ClientChangeCipherSpec,
+ match_ClientFinished
+};
DECLARE_PERMUTE(ServerHello)
-DECLARE_PERMUTE(ServerHelloFull)
-DECLARE_PERMUTE(ServerFinished)
-DECLARE_PERMUTE(ClientFinished)
-DECLARE_PERMUTE(ClientFinishedFull)
-
+ DECLARE_PERMUTE(ServerHelloFull)
+ DECLARE_PERMUTE(ServerFinished)
+ DECLARE_PERMUTE(ClientFinished)
+ DECLARE_PERMUTE(ClientFinishedFull)
// }}}
-
// {{{ emergency deadlock resolution time bomb
-
timer_t killtimer_tid = 0;
static void killtimer_set(void)
{
struct sigevent sig;
- struct itimerspec tout = { { 0, 0 }, { 2 * timeout_seconds, 0 } };
+ struct itimerspec tout = { {0, 0}, {2 * timeout_seconds, 0} };
if (killtimer_tid != 0) {
timer_delete(killtimer_tid);
@@ -581,9 +706,10 @@ static void killtimer_set(void)
gnutls_certificate_credentials_t cred;
gnutls_session_t session;
-static ssize_t writefn(gnutls_transport_ptr_t fd, const void* buffer, size_t len)
+static ssize_t writefn(gnutls_transport_ptr_t fd, const void *buffer,
+ size_t len)
{
- filter_run_next(fd, (const unsigned char*) buffer, len);
+ filter_run_next(fd, (const unsigned char *) buffer, len);
return len;
}
@@ -591,7 +717,8 @@ static void await(int fd, int timeout)
{
if (nonblock) {
struct pollfd p = { fd, POLLIN, 0 };
- if (poll(&p, 1, timeout) < 0 && errno != EAGAIN && errno != EINTR) {
+ if (poll(&p, 1, timeout) < 0 && errno != EAGAIN
+ && errno != EINTR) {
rperror("poll");
exit(3);
}
@@ -600,25 +727,33 @@ static void await(int fd, int timeout)
static void cred_init(void)
{
- gnutls_datum_t key = { (unsigned char*) PUBKEY, sizeof(PUBKEY) };
- gnutls_datum_t sec = { (unsigned char*) PRIVKEY, sizeof(PRIVKEY) };
+ gnutls_datum_t key = { (unsigned char *) PUBKEY, sizeof(PUBKEY) };
+ gnutls_datum_t sec =
+ { (unsigned char *) PRIVKEY, sizeof(PRIVKEY) };
gnutls_certificate_allocate_credentials(&cred);
- gnutls_certificate_set_openpgp_key_mem(cred, &key, &sec, GNUTLS_OPENPGP_FMT_BASE64);
+ gnutls_certificate_set_openpgp_key_mem(cred, &key, &sec,
+ GNUTLS_OPENPGP_FMT_BASE64);
}
static void session_init(int sock, int server)
{
- gnutls_init(&session, GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT)
- | GNUTLS_NONBLOCK * nonblock);
- gnutls_priority_set_direct(session, "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH", 0);
+ gnutls_init(&session,
+ GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER :
+ GNUTLS_CLIENT)
+ | GNUTLS_NONBLOCK * nonblock);
+ gnutls_priority_set_direct(session,
+ "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH",
+ 0);
gnutls_transport_set_int(session, sock);
if (full) {
- gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cred);
if (server) {
- gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE);
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUIRE);
}
} else if (server) {
gnutls_anon_server_credentials_t cred;
@@ -633,14 +768,15 @@ static void session_init(int sock, int server)
gnutls_transport_set_push_function(session, writefn);
gnutls_dtls_set_mtu(session, 1400);
- gnutls_dtls_set_timeouts(session, retransmit_milliseconds, timeout_seconds * 1000);
+ gnutls_dtls_set_timeouts(session, retransmit_milliseconds,
+ timeout_seconds * 1000);
}
static void client(int sock)
{
int err = 0;
time_t started = time(0);
- const char* line = "foobar!";
+ const char *line = "foobar!";
char buffer[8192];
int len;
@@ -655,13 +791,15 @@ static void client(int sock)
}
} while (err != 0);
process_error_or_timeout(err, time(0) - started);
-
+
killtimer_set();
die_on_error(gnutls_record_send(session, line, strlen(line)));
-
+
do {
await(sock, -1);
- len = process_error(gnutls_record_recv(session, buffer, sizeof(buffer)));
+ len =
+ process_error(gnutls_record_recv
+ (session, buffer, sizeof(buffer)));
} while (len < 0);
if (len > 0 && strncmp(line, buffer, len) == 0) {
@@ -672,7 +810,7 @@ static void client(int sock)
}
static void server(int sock)
-{
+{
int err;
time_t started = time(0);
char buffer[8192];
@@ -695,7 +833,9 @@ static void server(int sock)
killtimer_set();
do {
await(sock, -1);
- len = process_error(gnutls_record_recv(session, buffer, sizeof(buffer)));
+ len =
+ process_error(gnutls_record_recv
+ (session, buffer, sizeof(buffer)));
} while (len < 0);
die_on_error(gnutls_record_send(session, buffer, len));
@@ -707,19 +847,21 @@ static void server(int sock)
// {{{ test running/handling itself
#if 0
-static void udp_sockpair(int* socks)
+static void udp_sockpair(int *socks)
{
- struct sockaddr_in6 sa = { AF_INET6, htons(30000), 0, in6addr_loopback, 0 };
- struct sockaddr_in6 sb = { AF_INET6, htons(20000), 0, in6addr_loopback, 0 };
+ struct sockaddr_in6 sa =
+ { AF_INET6, htons(30000), 0, in6addr_loopback, 0 };
+ struct sockaddr_in6 sb =
+ { AF_INET6, htons(20000), 0, in6addr_loopback, 0 };
socks[0] = socket(AF_INET6, SOCK_DGRAM, 0);
socks[1] = socket(AF_INET6, SOCK_DGRAM, 0);
- bind(socks[0], (struct sockaddr*) &sa, sizeof(sa));
- bind(socks[1], (struct sockaddr*) &sb, sizeof(sb));
+ bind(socks[0], (struct sockaddr *) &sa, sizeof(sa));
+ bind(socks[1], (struct sockaddr *) &sb, sizeof(sb));
- connect(socks[1], (struct sockaddr*) &sa, sizeof(sa));
- connect(socks[0], (struct sockaddr*) &sb, sizeof(sb));
+ connect(socks[1], (struct sockaddr *) &sa, sizeof(sa));
+ connect(socks[0], (struct sockaddr *) &sb, sizeof(sb));
}
#endif
@@ -741,14 +883,14 @@ static int run_test(void)
if (!(pid1 = fork())) {
role = SERVER;
- server(fds[1]); // noreturn
+ server(fds[1]); // noreturn
} else if (pid1 < 0) {
rperror("fork server");
exit(2);
}
if (!(pid2 = fork())) {
role = CLIENT;
- client(fds[0]); // noreturn
+ client(fds[0]); // noreturn
} else if (pid2 < 0) {
rperror("fork client");
exit(2);
@@ -761,69 +903,83 @@ static int run_test(void)
close(fds[1]);
if (!WIFSIGNALED(status2) && WEXITSTATUS(status2) != 3) {
- return !!WEXITSTATUS(status2);
+ return ! !WEXITSTATUS(status2);
} else {
return 3;
}
}
static filter_fn filters[8]
- = { filter_packet_ServerHello,
- filter_packet_ServerKeyExchange,
- filter_packet_ServerHelloDone,
- filter_packet_ClientKeyExchange,
- filter_packet_ClientChangeCipherSpec,
- filter_packet_ClientFinished,
- filter_packet_ServerChangeCipherSpec,
- filter_packet_ServerFinished };
+ = { filter_packet_ServerHello,
+ filter_packet_ServerKeyExchange,
+ filter_packet_ServerHelloDone,
+ filter_packet_ClientKeyExchange,
+ filter_packet_ClientChangeCipherSpec,
+ filter_packet_ClientFinished,
+ filter_packet_ServerChangeCipherSpec,
+ filter_packet_ServerFinished
+};
static filter_fn filters_full[12]
- = { filter_packet_ServerHello,
- filter_packet_ServerCertificate,
- filter_packet_ServerKeyExchange,
- filter_packet_ServerCertificateRequest,
- filter_packet_ServerHelloDone,
- filter_packet_ClientCertificate,
- filter_packet_ClientKeyExchange,
- filter_packet_ClientCertificateVerify,
- filter_packet_ClientChangeCipherSpec,
- filter_packet_ClientFinished,
- filter_packet_ServerChangeCipherSpec,
- filter_packet_ServerFinished };
-
-static int run_one_test(int dropMode, int serverFinishedPermute, int serverHelloPermute, int clientFinishedPermute)
+ = { filter_packet_ServerHello,
+ filter_packet_ServerCertificate,
+ filter_packet_ServerKeyExchange,
+ filter_packet_ServerCertificateRequest,
+ filter_packet_ServerHelloDone,
+ filter_packet_ClientCertificate,
+ filter_packet_ClientKeyExchange,
+ filter_packet_ClientCertificateVerify,
+ filter_packet_ClientChangeCipherSpec,
+ filter_packet_ClientFinished,
+ filter_packet_ServerChangeCipherSpec,
+ filter_packet_ServerFinished
+};
+
+static int run_one_test(int dropMode, int serverFinishedPermute,
+ int serverHelloPermute, int clientFinishedPermute)
{
int fnIdx = 0;
int res, filterIdx;
- filter_fn* local_filters = full ? filters_full : filters;
- const char** local_filter_names = full ? filter_names_full : filter_names;
- const char** permutation_namesX = full ? permutation_names5 : permutation_names3;
+ filter_fn *local_filters = full ? filters_full : filters;
+ const char **local_filter_names =
+ full ? filter_names_full : filter_names;
+ const char **permutation_namesX =
+ full ? permutation_names5 : permutation_names3;
int filter_count = full ? 12 : 8;
- run_id = ((dropMode * 2 + serverFinishedPermute) * (full ? 120 : 6) + serverHelloPermute) * (full ? 120 : 6) + clientFinishedPermute;
+ run_id =
+ ((dropMode * 2 + serverFinishedPermute) * (full ? 120 : 6) +
+ serverHelloPermute) * (full ? 120 : 6) +
+ clientFinishedPermute;
filter_clear_state();
if (full) {
filter_chain[fnIdx++] = filter_permute_ServerHelloFull;
- state_permute_ServerHelloFull.order = permutations5[serverHelloPermute];
+ state_permute_ServerHelloFull.order =
+ permutations5[serverHelloPermute];
filter_chain[fnIdx++] = filter_permute_ClientFinishedFull;
- state_permute_ClientFinishedFull.order = permutations5[clientFinishedPermute];
+ state_permute_ClientFinishedFull.order =
+ permutations5[clientFinishedPermute];
} else {
filter_chain[fnIdx++] = filter_permute_ServerHello;
- state_permute_ServerHello.order = permutations3[serverHelloPermute];
+ state_permute_ServerHello.order =
+ permutations3[serverHelloPermute];
filter_chain[fnIdx++] = filter_permute_ClientFinished;
- state_permute_ClientFinished.order = permutations3[clientFinishedPermute];
+ state_permute_ClientFinished.order =
+ permutations3[clientFinishedPermute];
}
filter_chain[fnIdx++] = filter_permute_ServerFinished;
- state_permute_ServerFinished.order = permutations2[serverFinishedPermute];
+ state_permute_ServerFinished.order =
+ permutations2[serverFinishedPermute];
if (dropMode) {
for (filterIdx = 0; filterIdx < filter_count; filterIdx++) {
if (dropMode & (1 << filterIdx)) {
- filter_chain[fnIdx++] = local_filters[filterIdx];
+ filter_chain[fnIdx++] =
+ local_filters[filterIdx];
}
}
}
@@ -832,30 +988,34 @@ static int run_one_test(int dropMode, int serverFinishedPermute, int serverHello
res = run_test();
switch (res) {
- case 0:
- fprintf(stdout, "%i ++ ", run_id);
- break;
- case 1:
- fprintf(stdout, "%i -- ", run_id);
- break;
- case 2:
- fprintf(stdout, "%i !! ", run_id);
- break;
- case 3:
- fprintf(stdout, "%i TT ", run_id);
- break;
+ case 0:
+ fprintf(stdout, "%i ++ ", run_id);
+ break;
+ case 1:
+ fprintf(stdout, "%i -- ", run_id);
+ break;
+ case 2:
+ fprintf(stdout, "%i !! ", run_id);
+ break;
+ case 3:
+ fprintf(stdout, "%i TT ", run_id);
+ break;
}
- fprintf(stdout, "SHello(%s), ", permutation_namesX[serverHelloPermute]);
- fprintf(stdout, "SFinished(%s), ", permutation_names2[serverFinishedPermute]);
- fprintf(stdout, "CFinished(%s) :- ", permutation_namesX[clientFinishedPermute]);
+ fprintf(stdout, "SHello(%s), ",
+ permutation_namesX[serverHelloPermute]);
+ fprintf(stdout, "SFinished(%s), ",
+ permutation_names2[serverFinishedPermute]);
+ fprintf(stdout, "CFinished(%s) :- ",
+ permutation_namesX[clientFinishedPermute]);
if (dropMode) {
for (filterIdx = 0; filterIdx < filter_count; filterIdx++) {
if (dropMode & (1 << filterIdx)) {
if (dropMode & ((1 << filterIdx) - 1)) {
fprintf(stdout, ", ");
}
- fprintf(stdout, "%s", local_filter_names[filterIdx]);
+ fprintf(stdout, "%s",
+ local_filter_names[filterIdx]);
}
}
}
@@ -867,7 +1027,8 @@ static int run_one_test(int dropMode, int serverFinishedPermute, int serverHello
static int run_test_by_id(int id)
{
int pscale = full ? 120 : 6;
- int dropMode, serverFinishedPermute, serverHelloPermute, clientFinishedPermute;
+ int dropMode, serverFinishedPermute, serverHelloPermute,
+ clientFinishedPermute;
clientFinishedPermute = id % pscale;
id /= pscale;
@@ -880,10 +1041,11 @@ static int run_test_by_id(int id)
dropMode = id;
- return run_one_test(dropMode, serverFinishedPermute, serverHelloPermute, clientFinishedPermute);
+ return run_one_test(dropMode, serverFinishedPermute,
+ serverHelloPermute, clientFinishedPermute);
}
-int* job_pids;
+int *job_pids;
int job_limit;
int children = 0;
@@ -918,7 +1080,8 @@ static int wait_children(int child_limit)
if (WEXITSTATUS(status)) {
result = 1;
if (!run_to_end && !fail) {
- fprintf(stderr, "One test failed, waiting for remaining tests\n");
+ fprintf(stderr,
+ "One test failed, waiting for remaining tests\n");
fail = 1;
child_limit = 0;
}
@@ -944,7 +1107,9 @@ static int run_tests_from_id_list(int childcount)
while ((ret = fscanf(stdin, "%i\n", &test_id)) > 0) {
int pid;
- if (test_id < 0 || test_id > 2 * (full ? 120 * 120 * (1 << 12) : 6 * 6 * 256)) {
+ if (test_id < 0
+ || test_id >
+ 2 * (full ? 120 * 120 * (1 << 12) : 6 * 6 * 256)) {
fprintf(stderr, "Invalid test id %i\n", test_id);
break;
}
@@ -971,25 +1136,38 @@ static int run_tests_from_id_list(int childcount)
static int run_all_tests(int childcount)
{
- int dropMode, serverFinishedPermute, serverHelloPermute, clientFinishedPermute;
+ int dropMode, serverFinishedPermute, serverHelloPermute,
+ clientFinishedPermute;
int result = 0;
for (dropMode = 0; dropMode != 1 << (full ? 12 : 8); dropMode++)
- for (serverFinishedPermute = 0; serverFinishedPermute < 2; serverFinishedPermute++)
- for (serverHelloPermute = 0; serverHelloPermute < (full ? 120 : 6); serverHelloPermute++)
- for (clientFinishedPermute = 0; clientFinishedPermute < (full ? 120 : 6); clientFinishedPermute++) {
- int pid;
- if (!(pid = fork())) {
- exit(run_one_test(dropMode, serverFinishedPermute, serverHelloPermute, clientFinishedPermute));
- } else if (pid < 0) {
- rperror("fork");
- result = 4;
- break;
- } else {
- register_child(pid);
- result |= wait_children(childcount);
- }
- }
+ for (serverFinishedPermute = 0; serverFinishedPermute < 2;
+ serverFinishedPermute++)
+ for (serverHelloPermute = 0;
+ serverHelloPermute < (full ? 120 : 6);
+ serverHelloPermute++)
+ for (clientFinishedPermute = 0;
+ clientFinishedPermute <
+ (full ? 120 : 6);
+ clientFinishedPermute++) {
+ int pid;
+ if (!(pid = fork())) {
+ exit(run_one_test
+ (dropMode,
+ serverFinishedPermute,
+ serverHelloPermute,
+ clientFinishedPermute));
+ } else if (pid < 0) {
+ rperror("fork");
+ result = 4;
+ break;
+ } else {
+ register_child(pid);
+ result |=
+ wait_children
+ (childcount);
+ }
+ }
result |= wait_children(0);
@@ -998,7 +1176,8 @@ static int run_all_tests(int childcount)
// }}}
-static int parse_permutation(const char* arg, const char* permutations[], int* val)
+static int parse_permutation(const char *arg, const char *permutations[],
+ int *val)
{
*val = 0;
while (permutations[*val]) {
@@ -1011,7 +1190,7 @@ static int parse_permutation(const char* arg, const char* permutations[], int* v
return 0;
}
-int main(int argc, const char* argv[])
+int main(int argc, const char *argv[])
{
int dropMode = 0;
int serverFinishedPermute = 0;
@@ -1047,8 +1226,8 @@ int main(int argc, const char* argv[])
} else if (strcmp("-batch", argv[arg]) == 0) {
batch = 1;
} else if (strcmp("-d", argv[arg]) == 0) {
- char* end;
- int level = strtol(argv[arg+1], &end, 10);
+ char *end;
+ int level = strtol(argv[arg + 1], &end, 10);
if (*end == '\0') {
debug = level;
arg++;
@@ -1058,7 +1237,7 @@ int main(int argc, const char* argv[])
} else if (strcmp("-nb", argv[arg]) == 0) {
nonblock = 1;
} else if (strcmp("-timeout", argv[arg]) == 0) {
- char* end;
+ char *end;
int val;
NEXT_ARG(timeout);
@@ -1069,7 +1248,7 @@ int main(int argc, const char* argv[])
FAIL_ARG(timeout);
}
} else if (strcmp("-retransmit", argv[arg]) == 0) {
- char* end;
+ char *end;
int val;
NEXT_ARG(retransmit);
@@ -1080,7 +1259,7 @@ int main(int argc, const char* argv[])
FAIL_ARG(retransmit);
}
} else if (strcmp("-j", argv[arg]) == 0) {
- char* end;
+ char *end;
int val;
NEXT_ARG(timeout);
@@ -1094,31 +1273,43 @@ int main(int argc, const char* argv[])
full = 1;
} else if (strcmp("-shello", argv[arg]) == 0) {
NEXT_ARG(shello);
- if (!parse_permutation(argv[arg], full ? permutation_names5 : permutation_names3, &serverHelloPermute)) {
+ if (!parse_permutation
+ (argv[arg],
+ full ? permutation_names5 :
+ permutation_names3, &serverHelloPermute)) {
FAIL_ARG(shell);
}
} else if (strcmp("-sfinished", argv[arg]) == 0) {
NEXT_ARG(sfinished);
- if (!parse_permutation(argv[arg], permutation_names2, &serverFinishedPermute)) {
+ if (!parse_permutation
+ (argv[arg], permutation_names2,
+ &serverFinishedPermute)) {
FAIL_ARG(sfinished);
}
} else if (strcmp("-cfinished", argv[arg]) == 0) {
NEXT_ARG(cfinished);
- if (!parse_permutation(argv[arg], full ? permutation_names5 : permutation_names3, &clientFinishedPermute)) {
+ if (!parse_permutation
+ (argv[arg],
+ full ? permutation_names5 :
+ permutation_names3, &clientFinishedPermute)) {
FAIL_ARG(cfinished);
}
} else {
int drop;
int filter_count = full ? 12 : 8;
- const char** local_filter_names = full ? filter_names_full : filter_names;
+ const char **local_filter_names =
+ full ? filter_names_full : filter_names;
for (drop = 0; drop < filter_count; drop++) {
- if (strcmp(local_filter_names[drop], argv[arg]) == 0) {
+ if (strcmp
+ (local_filter_names[drop],
+ argv[arg]) == 0) {
dropMode |= (1 << drop);
break;
}
}
if (drop == filter_count) {
- fprintf(stderr, "Unknown packet %s\n", argv[arg]);
+ fprintf(stderr, "Unknown packet %s\n",
+ argv[arg]);
exit(8);
}
}
@@ -1131,8 +1322,11 @@ int main(int argc, const char* argv[])
gnutls_global_set_audit_log_function(auditfn);
gnutls_global_set_log_level(debug);
- if (dropMode || serverFinishedPermute || serverHelloPermute || clientFinishedPermute) {
- return run_one_test(dropMode, serverFinishedPermute, serverHelloPermute, clientFinishedPermute);
+ if (dropMode || serverFinishedPermute || serverHelloPermute
+ || clientFinishedPermute) {
+ return run_one_test(dropMode, serverFinishedPermute,
+ serverHelloPermute,
+ clientFinishedPermute);
} else {
job_pids = calloc(sizeof(int), job_limit);
if (batch) {
@@ -1145,11 +1339,11 @@ int main(int argc, const char* argv[])
// vim: foldmethod=marker
-#else /* NO POSIX TIMERS */
+#else /* NO POSIX TIMERS */
-int main(int argc, const char* argv[])
+int main(int argc, const char *argv[])
{
- exit(77);
+ exit(77);
}
#endif
diff --git a/tests/eagain-common.h b/tests/eagain-common.h
index dac712b8b3..995658d0b2 100644
--- a/tests/eagain-common.h
+++ b/tests/eagain-common.h
@@ -1,6 +1,6 @@
#define min(x,y) ((x)<(y)?(x):(y))
-extern const char* side;
+extern const char *side;
#define HANDSHAKE_EXPECT(c, s, clierr, serverr) \
sret = cret = GNUTLS_E_AGAIN; \
@@ -133,10 +133,10 @@ extern const char* side;
TRANSFER2(c, s, msg, msglen, buf, buflen, 0); \
TRANSFER2(c, s, msg, msglen, buf, buflen, 1)
-static char to_server[64*1024];
+static char to_server[64 * 1024];
static size_t to_server_len = 0;
-static char to_client[64*1024];
+static char to_client[64 * 1024];
static size_t to_client_len = 0;
#ifdef RANDOMIZE
@@ -153,158 +153,173 @@ static size_t to_client_len = 0;
#ifndef IGNORE_PUSH
static ssize_t
-client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+client_push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
- size_t newlen;
- RETURN_RND_EAGAIN(tr);
+ size_t newlen;
+ RETURN_RND_EAGAIN(tr);
- len = min(len, sizeof(to_server)-to_server_len);
+ len = min(len, sizeof(to_server) - to_server_len);
- newlen = to_server_len + len;
- memcpy (to_server + to_server_len, data, len);
- to_server_len = newlen;
+ newlen = to_server_len + len;
+ memcpy(to_server + to_server_len, data, len);
+ to_server_len = newlen;
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: pushed %d bytes to server (avail: %d)\n", (int)len, (int)to_server_len);
+ fprintf(stderr, "eagain: pushed %d bytes to server (avail: %d)\n",
+ (int) len, (int) to_server_len);
#endif
- return len;
+ return len;
}
#endif
static ssize_t
-client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+client_pull(gnutls_transport_ptr_t tr, void *data, size_t len)
{
- RETURN_RND_EAGAIN(tr);
+ RETURN_RND_EAGAIN(tr);
- if (to_client_len == 0)
- {
+ if (to_client_len == 0) {
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: Not enough data by server (asked for: %d, have: %d)\n", (int)len, (int)to_client_len);
+ fprintf(stderr,
+ "eagain: Not enough data by server (asked for: %d, have: %d)\n",
+ (int) len, (int) to_client_len);
#endif
- gnutls_transport_set_errno ((gnutls_session_t)tr, EAGAIN);
- return -1;
- }
+ gnutls_transport_set_errno((gnutls_session_t) tr, EAGAIN);
+ return -1;
+ }
- len = min(len, to_client_len);
+ len = min(len, to_client_len);
- memcpy (data, to_client, len);
+ memcpy(data, to_client, len);
- memmove (to_client, to_client + len, to_client_len - len);
- to_client_len -= len;
+ memmove(to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: pulled %d bytes by client (avail: %d)\n", (int)len, (int)to_client_len);
+ fprintf(stderr, "eagain: pulled %d bytes by client (avail: %d)\n",
+ (int) len, (int) to_client_len);
#endif
- return len;
+ return len;
}
static ssize_t
-server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+server_pull(gnutls_transport_ptr_t tr, void *data, size_t len)
{
- //success ("server_pull len %d has %d\n", len, to_server_len);
- RETURN_RND_EAGAIN(tr);
+ //success ("server_pull len %d has %d\n", len, to_server_len);
+ RETURN_RND_EAGAIN(tr);
- if (to_server_len == 0)
- {
+ if (to_server_len == 0) {
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: Not enough data by client (asked for: %d, have: %d)\n", (int)len, (int)to_server_len);
+ fprintf(stderr,
+ "eagain: Not enough data by client (asked for: %d, have: %d)\n",
+ (int) len, (int) to_server_len);
#endif
- gnutls_transport_set_errno ((gnutls_session_t)tr, EAGAIN);
- return -1;
- }
+ gnutls_transport_set_errno((gnutls_session_t) tr, EAGAIN);
+ return -1;
+ }
- len = min(len, to_server_len);
+ len = min(len, to_server_len);
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: pulled %d bytes by server (avail: %d)\n", (int)len, (int)to_server_len);
+ fprintf(stderr, "eagain: pulled %d bytes by server (avail: %d)\n",
+ (int) len, (int) to_server_len);
#endif
- memcpy (data, to_server, len);
+ memcpy(data, to_server, len);
- memmove (to_server, to_server + len, to_server_len - len);
- to_server_len -= len;
+ memmove(to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
- return len;
+ return len;
}
#ifndef IGNORE_PUSH
static ssize_t
-server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+server_push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
- size_t newlen;
- RETURN_RND_EAGAIN(tr);
+ size_t newlen;
+ RETURN_RND_EAGAIN(tr);
// hexprint (data, len);
- len = min(len, sizeof(to_client)-to_client_len);
+ len = min(len, sizeof(to_client) - to_client_len);
- newlen = to_client_len + len;
- memcpy (to_client + to_client_len, data, len);
- to_client_len = newlen;
+ newlen = to_client_len + len;
+ memcpy(to_client + to_client_len, data, len);
+ to_client_len = newlen;
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: pushed %d bytes to client (avail: %d)\n", (int)len, (int)to_client_len);
+ fprintf(stderr, "eagain: pushed %d bytes to client (avail: %d)\n",
+ (int) len, (int) to_client_len);
#endif
- return len;
+ return len;
}
#endif
/* inline is used to avoid a gcc warning if used in mini-eagain */
-inline static int server_pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms)
+inline static int server_pull_timeout_func(gnutls_transport_ptr_t ptr,
+ unsigned int ms)
{
-int ret;
+ int ret;
- if (to_server_len > 0)
- ret = 1; /* available data */
- else
- ret = 0; /* timeout */
+ if (to_server_len > 0)
+ ret = 1; /* available data */
+ else
+ ret = 0; /* timeout */
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: server_pull_timeout: %d (avail: cli %d, serv %d)\n", ret, (int)to_client_len, (int)to_server_len);
+ fprintf(stderr,
+ "eagain: server_pull_timeout: %d (avail: cli %d, serv %d)\n",
+ ret, (int) to_client_len, (int) to_server_len);
#endif
- return ret;
+ return ret;
}
-inline static int client_pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms)
+inline static int client_pull_timeout_func(gnutls_transport_ptr_t ptr,
+ unsigned int ms)
{
-int ret;
+ int ret;
- if (to_client_len > 0)
- ret = 1;
- else
- ret = 0;
+ if (to_client_len > 0)
+ ret = 1;
+ else
+ ret = 0;
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: client_pull_timeout: %d (avail: cli %d, serv %d)\n", ret, (int)to_client_len, (int)to_server_len);
+ fprintf(stderr,
+ "eagain: client_pull_timeout: %d (avail: cli %d, serv %d)\n",
+ ret, (int) to_client_len, (int) to_server_len);
#endif
- return ret;
+ return ret;
}
inline static void reset_buffers(void)
{
- to_server_len = 0;
- to_client_len = 0;
+ to_server_len = 0;
+ to_client_len = 0;
}
-inline static int record_send_loop(gnutls_session_t session, const void * data, size_t sizeofdata, int use_null_on_retry)
+inline static int record_send_loop(gnutls_session_t session,
+ const void *data, size_t sizeofdata,
+ int use_null_on_retry)
{
-int ret;
-const void * retry_data;
-size_t retry_sizeofdata;
-
- if( use_null_on_retry ) {
- retry_data = 0;
- retry_sizeofdata = 0;
- }
- else {
- retry_data = data;
- retry_sizeofdata = sizeofdata;
- }
-
- ret = gnutls_record_send( session, data, sizeofdata );
- while( ret == GNUTLS_E_AGAIN ) {
- ret = gnutls_record_send( session, retry_data, retry_sizeofdata );
- }
-
- return ret;
+ int ret;
+ const void *retry_data;
+ size_t retry_sizeofdata;
+
+ if (use_null_on_retry) {
+ retry_data = 0;
+ retry_sizeofdata = 0;
+ } else {
+ retry_data = data;
+ retry_sizeofdata = sizeofdata;
+ }
+
+ ret = gnutls_record_send(session, data, sizeofdata);
+ while (ret == GNUTLS_E_AGAIN) {
+ ret =
+ gnutls_record_send(session, retry_data,
+ retry_sizeofdata);
+ }
+
+ return ret;
}
diff --git a/tests/gc.c b/tests/gc.c
index 1b7c144b22..275a13877e 100644
--- a/tests/gc.c
+++ b/tests/gc.c
@@ -33,81 +33,71 @@
#include "../lib/x509/pbkdf2-sha1.h"
#include "../lib/debug.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-void
-doit (void)
+void doit(void)
{
- unsigned char digest[20];
- int err;
+ unsigned char digest[20];
+ int err;
- /* XXX: We need this to fix secure memory. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
+ /* XXX: We need this to fix secure memory. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
- err =
- gnutls_hmac_fast (GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8, digest);
- if (err < 0)
- fail ("gnutls_hmac_fast(MD5) failed: %d\n", err);
- else
- {
- if (memcmp (digest, "\x3c\xb0\x9d\x83\x28\x01\xef\xc0"
- "\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0)
- {
- if (debug)
- success ("gnutls_hmac_fast(MD5) OK\n");
- }
- else
- {
- hexprint (digest, 16);
- fail ("gnutls_hmac_fast(MD5) failure\n");
- }
- }
+ err =
+ gnutls_hmac_fast(GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8,
+ digest);
+ if (err < 0)
+ fail("gnutls_hmac_fast(MD5) failed: %d\n", err);
+ else {
+ if (memcmp(digest, "\x3c\xb0\x9d\x83\x28\x01\xef\xc0"
+ "\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0) {
+ if (debug)
+ success("gnutls_hmac_fast(MD5) OK\n");
+ } else {
+ hexprint(digest, 16);
+ fail("gnutls_hmac_fast(MD5) failure\n");
+ }
+ }
- err =
- gnutls_hmac_fast (GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,
- digest);
- if (err < 0)
- fail ("gnutls_hmac_fast(SHA1) failed: %d\n", err);
- else
- {
- if (memcmp (digest, "\x58\x93\x7a\x58\xfe\xea\x82\xf8"
- "\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa",
- 20) == 0)
- {
- if (debug)
- success ("gnutls_hmac_fast(SHA1) OK\n");
- }
- else
- {
- hexprint (digest, 20);
- fail ("gnutls_hmac_fast(SHA1) failure\n");
- }
- }
+ err =
+ gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh",
+ 8, digest);
+ if (err < 0)
+ fail("gnutls_hmac_fast(SHA1) failed: %d\n", err);
+ else {
+ if (memcmp(digest, "\x58\x93\x7a\x58\xfe\xea\x82\xf8"
+ "\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa",
+ 20) == 0) {
+ if (debug)
+ success("gnutls_hmac_fast(SHA1) OK\n");
+ } else {
+ hexprint(digest, 20);
+ fail("gnutls_hmac_fast(SHA1) failure\n");
+ }
+ }
- err = _gnutls_pbkdf2_sha1 ("password", 8, (unsigned char*)"salt", 4, 4711, digest, 16);
- if (err < 0)
- fail ("_gnutls_pkcs5_pbkdf2_sha1() failed: %d\n", err);
- else
- {
- if (memcmp (digest, "\x09\xb7\x85\x57\xdd\xf6\x07\x15"
- "\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0)
- {
- if (debug)
- success ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
- }
- else
- {
- hexprint (digest, 16);
- fail ("_gnutls_pkcs5_pbkdf2_sha1() failure\n");
- }
- }
+ err =
+ _gnutls_pbkdf2_sha1("password", 8, (unsigned char *) "salt", 4,
+ 4711, digest, 16);
+ if (err < 0)
+ fail("_gnutls_pkcs5_pbkdf2_sha1() failed: %d\n", err);
+ else {
+ if (memcmp(digest, "\x09\xb7\x85\x57\xdd\xf6\x07\x15"
+ "\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0) {
+ if (debug)
+ success
+ ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
+ } else {
+ hexprint(digest, 16);
+ fail("_gnutls_pkcs5_pbkdf2_sha1() failure\n");
+ }
+ }
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
diff --git a/tests/hostname-check.c b/tests/hostname-check.c
index 2dd31da3f0..d644fe0d07 100644
--- a/tests/hostname-check.c
+++ b/tests/hostname-check.c
@@ -41,828 +41,833 @@
/* Certificate with no SAN nor CN. */
char pem1[] =
- "X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: O=GnuTLS hostname check test CA\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
- " Not After: Fri Mar 30 12:59:13 UTC 2007\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
- " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
- " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
- " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
- " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
- " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
- " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
- " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
- "Other Information:\n"
- " MD5 fingerprint:\n"
- " fd845ded8c28ba5e78d6c1844ceafd24\n"
- " SHA-1 fingerprint:\n"
- " 0bae431dda3cae76012b82276e4cd92ad7961798\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
- "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTI1OTA5WhcNMDcwMzMw\n"
- "MTI1OTEzWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
- "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
- "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
- "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
- "8of+3HiTfFm/oXUCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n"
- "6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBAHvoEWwVP/kBoPEo\n"
- "DGJQWPiSRPu/qyCKO4HK5Whgcd8r6FBYgjLv+25KcizJN0+IHdcbaFvbgxsa87SO\n"
- "4IgD4kORvtixyvJi7KH9GshBjP5TG74DyaE99K5X/ESmNLssLqdWFB+J6TrsH6Pa\n"
- "16GUO3IdEnG5ZaGFokw60Szp6eoc\n" "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: O=GnuTLS hostname check test CA\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 12:59:09 UTC 2007\n"
+ " Not After: Fri Mar 30 12:59:13 UTC 2007\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n"
+ " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n"
+ " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n"
+ " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n"
+ " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n"
+ " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n"
+ " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n"
+ " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n"
+ "Other Information:\n"
+ " MD5 fingerprint:\n"
+ " fd845ded8c28ba5e78d6c1844ceafd24\n"
+ " SHA-1 fingerprint:\n"
+ " 0bae431dda3cae76012b82276e4cd92ad7961798\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
+ "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTI1OTA5WhcNMDcwMzMw\n"
+ "MTI1OTEzWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
+ "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
+ "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
+ "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
+ "8of+3HiTfFm/oXUCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n"
+ "6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBAHvoEWwVP/kBoPEo\n"
+ "DGJQWPiSRPu/qyCKO4HK5Whgcd8r6FBYgjLv+25KcizJN0+IHdcbaFvbgxsa87SO\n"
+ "4IgD4kORvtixyvJi7KH9GshBjP5TG74DyaE99K5X/ESmNLssLqdWFB+J6TrsH6Pa\n"
+ "16GUO3IdEnG5ZaGFokw60Szp6eoc\n" "-----END CERTIFICATE-----\n";
/* Certificate with CN but no SAN. */
char pem2[] =
- "X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: CN=www.example.org\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
- " Not After: Fri Mar 30 13:30:32 UTC 2007\n"
- " Subject: CN=www.example.org\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
- " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
- " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
- " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
- " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
- " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
- " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
- " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
- "Other Information:\n"
- " MD5 fingerprint:\n"
- " 30cda7de4f0360892547974f45111ac1\n"
- " SHA-1 fingerprint:\n"
- " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
- "YW1wbGUub3JnMB4XDTA3MDIxNjEzMzAzMFoXDTA3MDMzMDEzMzAzMlowGjEYMBYG\n"
- "A1UEAxMPd3d3LmV4YW1wbGUub3JnMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgCgYC+\n"
- "7Jh6HW9+ayWe6CB4QqBkBWZDmW1J1RjsfblYZLKAoxRhnQpPvi/wLvzSq1w231Ps\n"
- "Q8f83pG8HgGmt2yyBxAuy2FHdcoDziNuOPE0JxoazfeW87PwDWd/yneEP5wp9GKR\n"
- "9hJbYlrMuu0ILjJEJqz9I85TG7vyh/7ceJN8Wb+hdQIDAQABozIwMDAPBgNVHRMB\n"
- "Af8EBTADAQH/MB0GA1UdDgQWBBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG\n"
- "9w0BAQUDgYEAsE6s+4kSNifzcrgaV9y/86kn3hV1lE9lzDpZEkuRDii5jdNurF2o\n"
- "Prk1gQyPx5Vy2VFhBgDGqmhUyFI/th8hksj9FVAVrNQYKaH/ySVazl4Rf4KylIxE\n"
- "PD/e1zv/HNqcgfpj4adn7qr60MkvZhter0aM+VNV54B+dJWY1C1flKs=\n"
- "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: CN=www.example.org\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:30:30 UTC 2007\n"
+ " Not After: Fri Mar 30 13:30:32 UTC 2007\n"
+ " Subject: CN=www.example.org\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n"
+ " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n"
+ " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n"
+ " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n"
+ " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n"
+ " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n"
+ " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n"
+ " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n"
+ "Other Information:\n"
+ " MD5 fingerprint:\n"
+ " 30cda7de4f0360892547974f45111ac1\n"
+ " SHA-1 fingerprint:\n"
+ " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n"
+ "YW1wbGUub3JnMB4XDTA3MDIxNjEzMzAzMFoXDTA3MDMzMDEzMzAzMlowGjEYMBYG\n"
+ "A1UEAxMPd3d3LmV4YW1wbGUub3JnMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgCgYC+\n"
+ "7Jh6HW9+ayWe6CB4QqBkBWZDmW1J1RjsfblYZLKAoxRhnQpPvi/wLvzSq1w231Ps\n"
+ "Q8f83pG8HgGmt2yyBxAuy2FHdcoDziNuOPE0JxoazfeW87PwDWd/yneEP5wp9GKR\n"
+ "9hJbYlrMuu0ILjJEJqz9I85TG7vyh/7ceJN8Wb+hdQIDAQABozIwMDAPBgNVHRMB\n"
+ "Af8EBTADAQH/MB0GA1UdDgQWBBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG\n"
+ "9w0BAQUDgYEAsE6s+4kSNifzcrgaV9y/86kn3hV1lE9lzDpZEkuRDii5jdNurF2o\n"
+ "Prk1gQyPx5Vy2VFhBgDGqmhUyFI/th8hksj9FVAVrNQYKaH/ySVazl4Rf4KylIxE\n"
+ "PD/e1zv/HNqcgfpj4adn7qr60MkvZhter0aM+VNV54B+dJWY1C1flKs=\n"
+ "-----END CERTIFICATE-----\n";
/* Certificate with SAN but no CN. */
char pem3[] =
- "X.509 Certificate Information:"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer: O=GnuTLS hostname check test CA\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
- " Not After: Fri Mar 30 13:36:29 UTC 2007\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: www.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
- " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
- " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
- " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
- " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
- " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
- " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
- " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
- "Other Information:\n"
- " MD5 fingerprint:\n"
- " df3f57d00c8149bd826b177d6ea4f369\n"
- " SHA-1 fingerprint:\n"
- " e95e56e2acac305f72ea6f698c11624663a595bd\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
- "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTMzNjI3WhcNMDcwMzMw\n"
- "MTMzNjI5WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
- "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
- "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
- "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
- "8of+3HiTfFm/oXUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
- "gg93d3cuZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
- "FOk8HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQChMLwBsw+Yf452\n"
- "fSOHNBV/pq6h+4d14+ga5V4DXb9EdUZP0qEoUIRJbTvgvE7eeYX64Qe3bgwUBEqC\n"
- "ufMiaryZFCA7SR/kl9nq63Oag6bMuFX7Uo5fhnyd+q8Ddq6X4GRQWXMimVXP2lkx\n"
- "CuhtoFO8OWMurJJK6Yse0APfM7tOiA==\n" "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer: O=GnuTLS hostname check test CA\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:36:27 UTC 2007\n"
+ " Not After: Fri Mar 30 13:36:29 UTC 2007\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: www.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n"
+ " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n"
+ " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n"
+ " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n"
+ " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n"
+ " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n"
+ " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n"
+ " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n"
+ "Other Information:\n"
+ " MD5 fingerprint:\n"
+ " df3f57d00c8149bd826b177d6ea4f369\n"
+ " SHA-1 fingerprint:\n"
+ " e95e56e2acac305f72ea6f698c11624663a595bd\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
+ "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTMzNjI3WhcNMDcwMzMw\n"
+ "MTMzNjI5WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
+ "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n"
+ "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n"
+ "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n"
+ "8of+3HiTfFm/oXUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
+ "gg93d3cuZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
+ "FOk8HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQChMLwBsw+Yf452\n"
+ "fSOHNBV/pq6h+4d14+ga5V4DXb9EdUZP0qEoUIRJbTvgvE7eeYX64Qe3bgwUBEqC\n"
+ "ufMiaryZFCA7SR/kl9nq63Oag6bMuFX7Uo5fhnyd+q8Ddq6X4GRQWXMimVXP2lkx\n"
+ "CuhtoFO8OWMurJJK6Yse0APfM7tOiA==\n" "-----END CERTIFICATE-----\n";
/* Certificate with wildcard SAN but no CN. */
char pem4[] =
- "X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Issuer:\n"
- " Validity:\n"
- " Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
- " Not After: Fri Mar 30 13:40:12 UTC 2007\n"
- " Subject:\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
- " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
- " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
- " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
- " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
- " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
- " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
- " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: *.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
- " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
- " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
- " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
- " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
- " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
- " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
- " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
- "Other Information:\n"
- " MD5 fingerprint:\n"
- " a411da7b0fa064d214116d5f94e06c24\n"
- " SHA-1 fingerprint:\n"
- " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
- " Public Key ID:\n"
- " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n"
- "Fw0wNzAzMzAxMzQwMTJaMAAwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgL7smHod\n"
- "b35rJZ7oIHhCoGQFZkOZbUnVGOx9uVhksoCjFGGdCk++L/Au/NKrXDbfU+xDx/ze\n"
- "kbweAaa3bLIHEC7LYUd1ygPOI2448TQnGhrN95bzs/ANZ3/Kd4Q/nCn0YpH2Elti\n"
- "Wsy67QguMkQmrP0jzlMbu/KH/tx4k3xZv6F1AgMBAAGjYTBfMA8GA1UdEwEB/wQF\n"
- "MAMBAf8wGAYDVR0RBBEwD4INKi5leGFtcGxlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
- "BQcDATAdBgNVHQ4EFgQU6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEF\n"
- "A4GBALFi5eMLpZlYsBxc9dE/fLtn4UPF16Jc2/Ja8wP8duRNwaCJNiSCpKGt9YPj\n"
- "lnX0xPPr/zqb2tIsWNQQN1Az0TlTcZ5ILbJbJ84e2dU2WawXOoPMWWuPaiS4n/Dm\n"
- "FAMjWofnMxAyEViiu/HlWoiHu4AbtrsSGMsV1Tr8meRCWrpF\n"
- "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Issuer:\n"
+ " Validity:\n"
+ " Not Before: Fri Feb 16 13:40:10 UTC 2007\n"
+ " Not After: Fri Mar 30 13:40:12 UTC 2007\n"
+ " Subject:\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n"
+ " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n"
+ " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n"
+ " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n"
+ " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n"
+ " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n"
+ " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n"
+ " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: *.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n"
+ " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n"
+ " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n"
+ " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n"
+ " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n"
+ " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n"
+ " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n"
+ " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n"
+ "Other Information:\n"
+ " MD5 fingerprint:\n"
+ " a411da7b0fa064d214116d5f94e06c24\n"
+ " SHA-1 fingerprint:\n"
+ " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n"
+ " Public Key ID:\n"
+ " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n"
+ "Fw0wNzAzMzAxMzQwMTJaMAAwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgL7smHod\n"
+ "b35rJZ7oIHhCoGQFZkOZbUnVGOx9uVhksoCjFGGdCk++L/Au/NKrXDbfU+xDx/ze\n"
+ "kbweAaa3bLIHEC7LYUd1ygPOI2448TQnGhrN95bzs/ANZ3/Kd4Q/nCn0YpH2Elti\n"
+ "Wsy67QguMkQmrP0jzlMbu/KH/tx4k3xZv6F1AgMBAAGjYTBfMA8GA1UdEwEB/wQF\n"
+ "MAMBAf8wGAYDVR0RBBEwD4INKi5leGFtcGxlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
+ "BQcDATAdBgNVHQ4EFgQU6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEF\n"
+ "A4GBALFi5eMLpZlYsBxc9dE/fLtn4UPF16Jc2/Ja8wP8duRNwaCJNiSCpKGt9YPj\n"
+ "lnX0xPPr/zqb2tIsWNQQN1Az0TlTcZ5ILbJbJ84e2dU2WawXOoPMWWuPaiS4n/Dm\n"
+ "FAMjWofnMxAyEViiu/HlWoiHu4AbtrsSGMsV1Tr8meRCWrpF\n"
+ "-----END CERTIFICATE-----\n";
/* Certificate with multiple wildcards SAN but no CN. */
char pem6[] =
- "X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:00:51 UTC 2008\n"
- " Not After: Sat May 17 11:00:54 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: *.*.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
- "Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
- "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMDUxWhcNMDgwNTE3\n"
- "MTEwMDU0WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
- "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
- "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
- "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
- "AUp+YdcEIQVM8QcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
- "gg8qLiouZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
- "FFST5lmbKDtFKTeIGK75pKu/TZkYMAsGCSqGSIb3DQEBBQOBgQAQ9PStleVvfmlK\n"
- "wRs8RE/oOO+ouC3qLdnumNEITMRFh8Q12/X4yMLD3CH0aQ/hvHcP26PxAWzpNutk\n"
- "swNx7AzsCu6pN1t1aI3jLgo8e4/zZi57e8QcRuXZPDJxtJxVhJZX/C4pSz802WhS\n"
- "64NgtpHEMu9JUHFhtRwPcvVGYqPUUA==\n" "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:00:51 UTC 2008\n"
+ " Not After: Sat May 17 11:00:54 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: *.*.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ "Other Information:\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
+ "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMDUxWhcNMDgwNTE3\n"
+ "MTEwMDU0WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
+ "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
+ "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
+ "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
+ "AUp+YdcEIQVM8QcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n"
+ "gg8qLiouZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n"
+ "FFST5lmbKDtFKTeIGK75pKu/TZkYMAsGCSqGSIb3DQEBBQOBgQAQ9PStleVvfmlK\n"
+ "wRs8RE/oOO+ouC3qLdnumNEITMRFh8Q12/X4yMLD3CH0aQ/hvHcP26PxAWzpNutk\n"
+ "swNx7AzsCu6pN1t1aI3jLgo8e4/zZi57e8QcRuXZPDJxtJxVhJZX/C4pSz802WhS\n"
+ "64NgtpHEMu9JUHFhtRwPcvVGYqPUUA==\n" "-----END CERTIFICATE-----\n";
/* Certificate with prefixed and suffixed wildcard SAN but no CN. */
char pem7[] =
- "X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:02:43 UTC 2008\n"
- " Not After: Sat May 17 11:02:45 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: foo*bar.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
- "Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIICJjCCAZGgAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
- "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMjQzWhcNMDgwNTE3\n"
- "MTEwMjQ1WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
- "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
- "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
- "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
- "AUp+YdcEIQVM8QcCAwEAAaNnMGUwDwYDVR0TAQH/BAUwAwEB/zAeBgNVHREEFzAV\n"
- "ghNmb28qYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud\n"
- "DgQWBBRUk+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAPPNe38jc\n"
- "8NsZQVKKLYc1Y4y8LRPhvnxkSnlcGa1RzYZY1s12BZ6OVIfyxD1Z9BcNdqRSq7bQ\n"
- "kEicsGp5ugGQTNq6aSlzYOUD9/fUP3jDsH7HVb36aCF3waGCQWj+pLqK0LYcW2p/\n"
- "xnr5+z4YevFBhn7l/fMhg8TzKejxYm7TECg=\n" "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:02:43 UTC 2008\n"
+ " Not After: Sat May 17 11:02:45 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: foo*bar.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ "Other Information:\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICJjCCAZGgAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
+ "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMjQzWhcNMDgwNTE3\n"
+ "MTEwMjQ1WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
+ "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
+ "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
+ "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
+ "AUp+YdcEIQVM8QcCAwEAAaNnMGUwDwYDVR0TAQH/BAUwAwEB/zAeBgNVHREEFzAV\n"
+ "ghNmb28qYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud\n"
+ "DgQWBBRUk+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAPPNe38jc\n"
+ "8NsZQVKKLYc1Y4y8LRPhvnxkSnlcGa1RzYZY1s12BZ6OVIfyxD1Z9BcNdqRSq7bQ\n"
+ "kEicsGp5ugGQTNq6aSlzYOUD9/fUP3jDsH7HVb36aCF3waGCQWj+pLqK0LYcW2p/\n"
+ "xnr5+z4YevFBhn7l/fMhg8TzKejxYm7TECg=\n" "-----END CERTIFICATE-----\n";
/* Certificate with ending wildcard SAN but no CN. */
char pem8[] =
- "X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 00\n"
- " Validity:\n"
- " Not Before: Sat May 3 11:24:38 UTC 2008\n"
- " Not After: Sat May 17 11:24:40 UTC 2008\n"
- " Subject: O=GnuTLS hostname check test CA\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
- " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
- " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
- " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
- " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
- " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
- " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
- " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
- " Exponent:\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: www.example.*\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
- "Other Information:\n"
- " Public Key ID:\n"
- " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIICIDCCAYugAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
- "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEyNDM4WhcNMDgwNTE3\n"
- "MTEyNDQwWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
- "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
- "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
- "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
- "AUp+YdcEIQVM8QcCAwEAAaNhMF8wDwYDVR0TAQH/BAUwAwEB/zAYBgNVHREEETAP\n"
- "gg13d3cuZXhhbXBsZS4qMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBRU\n"
- "k+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAZ7gLXtXwFW61dSAM\n"
- "0Qt6IN68WBH7LCzetSF8ofG1WVUImCUU3pqXhXYtPGTrswOh2AavWTRbzVTtrFvf\n"
- "WJg09Z7H6I70RPvAYGsK9t9qJ/4TPoYTGYQgsTbVpkv13O54O6jzemd8Zws/xMH5\n"
- "7/q6C7P5OUmGOtfVe7UVDY0taQM=\n" "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:\n"
+ " Version: 3\n"
+ " Serial Number (hex): 00\n"
+ " Validity:\n"
+ " Not Before: Sat May 3 11:24:38 UTC 2008\n"
+ " Not After: Sat May 17 11:24:40 UTC 2008\n"
+ " Subject: O=GnuTLS hostname check test CA\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n"
+ " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n"
+ " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n"
+ " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n"
+ " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n"
+ " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n"
+ " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n"
+ " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n"
+ " Exponent:\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: www.example.*\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ "Other Information:\n"
+ " Public Key ID:\n"
+ " 5493e6599b283b4529378818aef9a4abbf4d9918\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICIDCCAYugAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n"
+ "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEyNDM4WhcNMDgwNTE3\n"
+ "MTEyNDQwWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n"
+ "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n"
+ "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n"
+ "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n"
+ "AUp+YdcEIQVM8QcCAwEAAaNhMF8wDwYDVR0TAQH/BAUwAwEB/zAYBgNVHREEETAP\n"
+ "gg13d3cuZXhhbXBsZS4qMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBRU\n"
+ "k+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAZ7gLXtXwFW61dSAM\n"
+ "0Qt6IN68WBH7LCzetSF8ofG1WVUImCUU3pqXhXYtPGTrswOh2AavWTRbzVTtrFvf\n"
+ "WJg09Z7H6I70RPvAYGsK9t9qJ/4TPoYTGYQgsTbVpkv13O54O6jzemd8Zws/xMH5\n"
+ "7/q6C7P5OUmGOtfVe7UVDY0taQM=\n" "-----END CERTIFICATE-----\n";
/* Certificate with SAN and CN but for different names. */
char pem9[] =
- "X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 4a827d5c\n"
- " Issuer: O=GnuTLS hostname check test CA,CN=foo.example.org\n"
- " Validity:\n"
- " Not Before: Wed Aug 12 08:29:17 UTC 2009\n"
- " Not After: Thu Aug 13 08:29:23 UTC 2009\n"
- " Subject: O=GnuTLS hostname check test CA,CN=foo.example.org\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " bb:66:43:f5:f2:c5:d7:b6:8c:cc:c5:df:f5:88:3b:b1\n"
- " c9:4b:6a:0e:a1:ad:20:50:40:08:80:a1:4f:5c:a3:d0\n"
- " f8:6c:cf:e6:3c:f7:ec:04:76:13:17:8b:64:89:22:5b\n"
- " c0:dd:53:7c:3b:ed:7c:04:bb:80:b9:28:be:8e:9b:c6\n"
- " 8e:a0:a5:12:cb:f5:57:1e:a2:e7:bb:b7:33:49:9f:e3\n"
- " bb:4a:ae:6a:4d:68:ff:c9:11:e2:32:8d:ce:3d:80:0b\n"
- " 8d:75:ef:d8:00:81:8f:28:04:03:a0:22:8d:61:04:07\n"
- " fa:b6:37:7d:21:07:49:d2:09:61:69:98:90:a3:58:a9\n"
- " Exponent (bits 24):\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): TRUE\n"
- " Subject Alternative Name (not critical):\n"
- " DNSname: bar.example.org\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " a2:1f:d2:90:5f:c9:1c:6f:92:1d:c5:0b:ac:b0:17:23\n"
- " c5:67:46:94:6f:0f:62:7d:66:4c:28:ff:b7:10:73:60\n"
- " ae:0e:a2:47:82:83:bb:89:0d:f1:16:5e:f9:5b:35:4b\n"
- " ce:ee:5e:d0:ad:b5:8b:cc:37:b3:ac:4d:1b:58:c2:4f\n"
- " 1c:7f:c6:ac:3d:25:18:67:37:f0:27:11:9b:2c:20:b6\n"
- " 78:24:21:a6:77:44:e7:1a:e5:f6:bf:45:84:32:81:67\n"
- " af:8d:96:26:f7:39:31:6b:63:c5:15:9d:e0:a0:9a:1e\n"
- " 96:12:cb:ad:85:cb:a7:d4:86:ac:d8:f5:e9:a4:2b:20\n"
- "Other Information:\n"
- " MD5 fingerprint:\n"
- " f27b18092c7497f206e70f504eee0f8e\n"
- " SHA-1 fingerprint:\n"
- " bebdac9d0dd54e8f044642e0f065fae5d75ca6e5\n"
- " Public Key ID:\n"
- " 4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIICWTCCAcSgAwIBAgIESoJ9XDALBgkqhkiG9w0BAQUwQjEmMCQGA1UEChMdR251\n"
- "VExTIGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0ExGDAWBgNVBAMTD2Zvby5leGFtcGxl\n"
- "Lm9yZzAeFw0wOTA4MTIwODI5MTdaFw0wOTA4MTMwODI5MjNaMEIxJjAkBgNVBAoT\n"
- "HUdudVRMUyBob3N0bmFtZSBjaGVjayB0ZXN0IENBMRgwFgYDVQQDEw9mb28uZXhh\n"
- "bXBsZS5vcmcwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgLtmQ/Xyxde2jMzF3/WI\n"
- "O7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeLZIkiW8DdU3w77XwEu4C5KL6O\n"
- "m8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKNzj2AC41179gAgY8oBAOgIo1h\n"
- "BAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wGgYD\n"
- "VR0RBBMwEYIPYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0G\n"
- "A1UdDgQWBBRMuQqb+h00437ey9IHFf6h2stokTALBgkqhkiG9w0BAQUDgYEAoh/S\n"
- "kF/JHG+SHcULrLAXI8VnRpRvD2J9Zkwo/7cQc2CuDqJHgoO7iQ3xFl75WzVLzu5e\n"
- "0K21i8w3s6xNG1jCTxx/xqw9JRhnN/AnEZssILZ4JCGmd0TnGuX2v0WEMoFnr42W\n"
- "Jvc5MWtjxRWd4KCaHpYSy62Fy6fUhqzY9emkKyA=\n" "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:\n"
+ " Version: 3\n"
+ " Serial Number (hex): 4a827d5c\n"
+ " Issuer: O=GnuTLS hostname check test CA,CN=foo.example.org\n"
+ " Validity:\n"
+ " Not Before: Wed Aug 12 08:29:17 UTC 2009\n"
+ " Not After: Thu Aug 13 08:29:23 UTC 2009\n"
+ " Subject: O=GnuTLS hostname check test CA,CN=foo.example.org\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " bb:66:43:f5:f2:c5:d7:b6:8c:cc:c5:df:f5:88:3b:b1\n"
+ " c9:4b:6a:0e:a1:ad:20:50:40:08:80:a1:4f:5c:a3:d0\n"
+ " f8:6c:cf:e6:3c:f7:ec:04:76:13:17:8b:64:89:22:5b\n"
+ " c0:dd:53:7c:3b:ed:7c:04:bb:80:b9:28:be:8e:9b:c6\n"
+ " 8e:a0:a5:12:cb:f5:57:1e:a2:e7:bb:b7:33:49:9f:e3\n"
+ " bb:4a:ae:6a:4d:68:ff:c9:11:e2:32:8d:ce:3d:80:0b\n"
+ " 8d:75:ef:d8:00:81:8f:28:04:03:a0:22:8d:61:04:07\n"
+ " fa:b6:37:7d:21:07:49:d2:09:61:69:98:90:a3:58:a9\n"
+ " Exponent (bits 24):\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): TRUE\n"
+ " Subject Alternative Name (not critical):\n"
+ " DNSname: bar.example.org\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " a2:1f:d2:90:5f:c9:1c:6f:92:1d:c5:0b:ac:b0:17:23\n"
+ " c5:67:46:94:6f:0f:62:7d:66:4c:28:ff:b7:10:73:60\n"
+ " ae:0e:a2:47:82:83:bb:89:0d:f1:16:5e:f9:5b:35:4b\n"
+ " ce:ee:5e:d0:ad:b5:8b:cc:37:b3:ac:4d:1b:58:c2:4f\n"
+ " 1c:7f:c6:ac:3d:25:18:67:37:f0:27:11:9b:2c:20:b6\n"
+ " 78:24:21:a6:77:44:e7:1a:e5:f6:bf:45:84:32:81:67\n"
+ " af:8d:96:26:f7:39:31:6b:63:c5:15:9d:e0:a0:9a:1e\n"
+ " 96:12:cb:ad:85:cb:a7:d4:86:ac:d8:f5:e9:a4:2b:20\n"
+ "Other Information:\n"
+ " MD5 fingerprint:\n"
+ " f27b18092c7497f206e70f504eee0f8e\n"
+ " SHA-1 fingerprint:\n"
+ " bebdac9d0dd54e8f044642e0f065fae5d75ca6e5\n"
+ " Public Key ID:\n"
+ " 4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICWTCCAcSgAwIBAgIESoJ9XDALBgkqhkiG9w0BAQUwQjEmMCQGA1UEChMdR251\n"
+ "VExTIGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0ExGDAWBgNVBAMTD2Zvby5leGFtcGxl\n"
+ "Lm9yZzAeFw0wOTA4MTIwODI5MTdaFw0wOTA4MTMwODI5MjNaMEIxJjAkBgNVBAoT\n"
+ "HUdudVRMUyBob3N0bmFtZSBjaGVjayB0ZXN0IENBMRgwFgYDVQQDEw9mb28uZXhh\n"
+ "bXBsZS5vcmcwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgLtmQ/Xyxde2jMzF3/WI\n"
+ "O7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeLZIkiW8DdU3w77XwEu4C5KL6O\n"
+ "m8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKNzj2AC41179gAgY8oBAOgIo1h\n"
+ "BAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wGgYD\n"
+ "VR0RBBMwEYIPYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0G\n"
+ "A1UdDgQWBBRMuQqb+h00437ey9IHFf6h2stokTALBgkqhkiG9w0BAQUDgYEAoh/S\n"
+ "kF/JHG+SHcULrLAXI8VnRpRvD2J9Zkwo/7cQc2CuDqJHgoO7iQ3xFl75WzVLzu5e\n"
+ "0K21i8w3s6xNG1jCTxx/xqw9JRhnN/AnEZssILZ4JCGmd0TnGuX2v0WEMoFnr42W\n"
+ "Jvc5MWtjxRWd4KCaHpYSy62Fy6fUhqzY9emkKyA=\n"
+ "-----END CERTIFICATE-----\n";
/* Certificate with SAN and CN that match iff you truncate the SAN to
the embedded NUL.
See <http://thread.gmane.org/gmane.network.gnutls.general/1735>. */
char pem10[] =
- "X.509 Certificate Information:\n"
- " Version: 3\n"
- " Serial Number (hex): 0b5d0a870d09\n"
- " Issuer: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=Nothern Nowhere Trust Anchor\n"
- " Validity:\n"
- " Not Before: Tue Aug 04 22:07:33 UTC 2009\n"
- " Not After: Sat Oct 21 22:07:33 UTC 2017\n"
- " Subject: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=localhost\n"
- " Subject Public Key Algorithm: RSA\n"
- " Modulus (bits 1024):\n"
- " be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23:36:f5\n"
- " c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd:16:90:eb\n"
- " f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82:57:ab:5f:b5\n"
- " ba:5c:a0:48:8c:82:77:fd:67:d8:53:44:61:86:a5:06\n"
- " 19:bf:73:51:68:2e:1a:0a:c5:05:39:ca:3d:ca:83:ed\n"
- " 07:fe:ae:b7:73:1d:60:dd:ab:9e:0e:7e:02:f3:68:42\n"
- " 93:27:c8:5f:c5:fa:cb:a9:84:06:2f:f3:66:bd:de:7d\n"
- " 29:82:57:47:e4:a9:df:bf:8b:bc:c0:46:33:5a:7b:87\n"
- " Exponent (bits 24):\n"
- " 01:00:01\n"
- " Extensions:\n"
- " Subject Alternative Name (not critical):\n"
- "warning: SAN contains an embedded NUL, replacing with '!'\n"
- " DNSname: localhost!h\n"
- " Key Usage (not critical):\n"
- " Key encipherment.\n"
- " Key Purpose (not critical):\n"
- " TLS WWW Server.\n"
- " Subject Key Identifier (not critical):\n"
- " 0c37a3db0f73b3388a69d36eb3a7d6d8774eda67\n"
- " Authority Key Identifier (not critical):\n"
- " 126b24d24a68b7a1b01ccdbfd64ccc405b7fe040\n"
- " Basic Constraints (critical):\n"
- " Certificate Authority (CA): FALSE\n"
- " Signature Algorithm: RSA-SHA\n"
- " Signature:\n"
- " 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31\n"
- " fa:2f:7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9\n"
- " e6:cf:c8:77:bd:85:16:d7:9f:18:52:78:3f:ea:9c:86\n"
- " 62:6e:db:90:b0:cd:f1:c1:6f:2d:87:4a:a0:be:b3:dc\n"
- " 6d:e4:6b:d1:da:b9:10:25:7e:35:1f:1b:aa:a7:09:2f\n"
- " 84:77:27:b0:48:a8:6d:54:57:38:35:22:34:03:0f:d4\n"
- " 5d:ab:1c:72:15:b1:d9:89:56:10:12:fb:7d:0d:18:12\n"
- " a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb:92:6c\n"
- " 55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18\n"
- " a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d\n"
- " 7a:39:c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9\n"
- " 5f:c4:3d:cb:81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2\n"
- " fb:ab:c6:0e:a2:01:8b:a1:42:73:de:96:29:3e:bf:d7\n"
- " d9:51:a7:d4:98:07:7f:f0:f4:cd:00:a1:e1:ac:6c:05\n"
- " ac:ab:93:1b:b0:5c:2c:13:ad:ff:27:dc:80:99:34:66\n"
- " bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52:28:61:5e:bd\n"
- "Other Information:\n"
- " MD5 fingerprint:\n"
- " 0b4d6d944200cdd1639008b24dc0fe0a\n"
- " SHA-1 fingerprint:\n"
- " ce85660f5451b0cc12f525577f0eb9411a20c76b\n"
- " Public Key ID:\n"
- " a1d18c15e65c7c4935512eeea7ca5d3e6baad4e1\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\n"
- "Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo\n"
- "IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X\n"
- "DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv\n"
- "BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx\n"
- "EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
- "vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1\n"
- "ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC\n"
- "kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV\n"
- "HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB\n"
- "BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA\n"
- "FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF\n"
- "BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef\n"
- "GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX\n"
- "ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L\n"
- "gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t\n"
- "170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt\n"
- "/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=\n" "-----END CERTIFICATE-----\n";
+ "X.509 Certificate Information:\n"
+ " Version: 3\n"
+ " Serial Number (hex): 0b5d0a870d09\n"
+ " Issuer: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=Nothern Nowhere Trust Anchor\n"
+ " Validity:\n"
+ " Not Before: Tue Aug 04 22:07:33 UTC 2009\n"
+ " Not After: Sat Oct 21 22:07:33 UTC 2017\n"
+ " Subject: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=localhost\n"
+ " Subject Public Key Algorithm: RSA\n"
+ " Modulus (bits 1024):\n"
+ " be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23:36:f5\n"
+ " c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd:16:90:eb\n"
+ " f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82:57:ab:5f:b5\n"
+ " ba:5c:a0:48:8c:82:77:fd:67:d8:53:44:61:86:a5:06\n"
+ " 19:bf:73:51:68:2e:1a:0a:c5:05:39:ca:3d:ca:83:ed\n"
+ " 07:fe:ae:b7:73:1d:60:dd:ab:9e:0e:7e:02:f3:68:42\n"
+ " 93:27:c8:5f:c5:fa:cb:a9:84:06:2f:f3:66:bd:de:7d\n"
+ " 29:82:57:47:e4:a9:df:bf:8b:bc:c0:46:33:5a:7b:87\n"
+ " Exponent (bits 24):\n"
+ " 01:00:01\n"
+ " Extensions:\n"
+ " Subject Alternative Name (not critical):\n"
+ "warning: SAN contains an embedded NUL, replacing with '!'\n"
+ " DNSname: localhost!h\n"
+ " Key Usage (not critical):\n"
+ " Key encipherment.\n"
+ " Key Purpose (not critical):\n"
+ " TLS WWW Server.\n"
+ " Subject Key Identifier (not critical):\n"
+ " 0c37a3db0f73b3388a69d36eb3a7d6d8774eda67\n"
+ " Authority Key Identifier (not critical):\n"
+ " 126b24d24a68b7a1b01ccdbfd64ccc405b7fe040\n"
+ " Basic Constraints (critical):\n"
+ " Certificate Authority (CA): FALSE\n"
+ " Signature Algorithm: RSA-SHA\n"
+ " Signature:\n"
+ " 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31\n"
+ " fa:2f:7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9\n"
+ " e6:cf:c8:77:bd:85:16:d7:9f:18:52:78:3f:ea:9c:86\n"
+ " 62:6e:db:90:b0:cd:f1:c1:6f:2d:87:4a:a0:be:b3:dc\n"
+ " 6d:e4:6b:d1:da:b9:10:25:7e:35:1f:1b:aa:a7:09:2f\n"
+ " 84:77:27:b0:48:a8:6d:54:57:38:35:22:34:03:0f:d4\n"
+ " 5d:ab:1c:72:15:b1:d9:89:56:10:12:fb:7d:0d:18:12\n"
+ " a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb:92:6c\n"
+ " 55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18\n"
+ " a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d\n"
+ " 7a:39:c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9\n"
+ " 5f:c4:3d:cb:81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2\n"
+ " fb:ab:c6:0e:a2:01:8b:a1:42:73:de:96:29:3e:bf:d7\n"
+ " d9:51:a7:d4:98:07:7f:f0:f4:cd:00:a1:e1:ac:6c:05\n"
+ " ac:ab:93:1b:b0:5c:2c:13:ad:ff:27:dc:80:99:34:66\n"
+ " bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52:28:61:5e:bd\n"
+ "Other Information:\n"
+ " MD5 fingerprint:\n"
+ " 0b4d6d944200cdd1639008b24dc0fe0a\n"
+ " SHA-1 fingerprint:\n"
+ " ce85660f5451b0cc12f525577f0eb9411a20c76b\n"
+ " Public Key ID:\n"
+ " a1d18c15e65c7c4935512eeea7ca5d3e6baad4e1\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\n"
+ "Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo\n"
+ "IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X\n"
+ "DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv\n"
+ "BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx\n"
+ "EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
+ "vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1\n"
+ "ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC\n"
+ "kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV\n"
+ "HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB\n"
+ "BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA\n"
+ "FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF\n"
+ "BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef\n"
+ "GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX\n"
+ "ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L\n"
+ "gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t\n"
+ "170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt\n"
+ "/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=\n" "-----END CERTIFICATE-----\n";
char pem_too_many[] = "\n"
- " Subject: C=BE,CN=******************.gnutls.org\n"
- "\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDljCCAk6gAwIBAgIETcMNdjANBgkqhkiG9w0BAQsFADA6MQswCQYDVQQGEwJC\n"
- "RTErMCkGA1UEAxMiKioqKioqKioqKioqKioqKioqKioqKiouZ251dGxzLm9yZzAe\n"
- "Fw0xMTA1MDUyMDQ5NTlaFw02NDAxMTUyMDUwMDJaMDoxCzAJBgNVBAYTAkJFMSsw\n"
- "KQYDVQQDEyIqKioqKioqKioqKioqKioqKioqKioqKi5nbnV0bHMub3JnMIIBUjAN\n"
- "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEA3c+X0qUdld2GGNjEua2mDLSdttz6\n"
- "3CHhOmI0B+gzsuiX7ixB0hLxX+3kdv9lJh4Mx0EVaV8N+a2JFI3q1xZSmkfBuwAC\n"
- "5IhFc3ikrts4w8YH0mQOh+10jGvEwAJQfE6m0Vjp5RMJqdta6usPBoBcCe+UyOn7\n"
- "Ny514ayTrZs3E0tmOnYz2MTXTPthyJIhB/zfqYhU5KOpR9JsuOM5iRGIOC2i3D5e\n"
- "SqmkjtUfstDdQTzaEGieRxtlAqLFKHMCgwMJ/fUpfpfcKk5LqnlGRnCGG5u49oq+\n"
- "KYd9X9qll2vvyEMJQ+IfihZ+HVBd9doC7vLDKkjmazDqAtfvrIsMuMGF2L98hage\n"
- "g75cJi55e0f1Sj9mYpL9QSC2LADwUsomBi18z3pQfQ/L3ZcgyG/k4FD04wIDAQAB\n"
- "o0QwQjAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQW\n"
- "BBSSU9ZxufhoqrNT9o31OUVmnKflMTANBgkqhkiG9w0BAQsFAAOCATEAUMK435LP\n"
- "0XpmpWLBBuC6VLLIsAGmXRv7odw8sG9fOctalsbK3zd9pDOaoFI/128GOmlTp1aC\n"
- "n4a/pZ9G5wTKRvdxVqecdYkozDtAS35uwCSQPU/P12Oug6kA4NNJDxF3FGm5eov6\n"
- "SnZDL0Qlhat9y0yOakaOkVNwESAwgUEYClZeR45htvH5oP48XEgwqHQ9jPS2MXAe\n"
- "QLBjqqeYzIvWqwT4z14tIkN0VWWqqVo/dzV+lfNwQy0UL8iWVYnks8wKs2SBkVHx\n"
- "41wBR3uCgCDwlYGDLIG1cm0n7mXrnE7KNcrwQKXL8WGNRAVvx5MVO1vDoWPyQ1Y4\n"
- "sDdnQiVER9ee/KxO6IgCTGh+nCBTSSYgLX2E/m789quPvzyi9Hf/go28he6E3dSK\n"
- "q7/LRSxaZenB/Q==\n"
- "-----END CERTIFICATE-----\n";
+ " Subject: C=BE,CN=******************.gnutls.org\n"
+ "\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDljCCAk6gAwIBAgIETcMNdjANBgkqhkiG9w0BAQsFADA6MQswCQYDVQQGEwJC\n"
+ "RTErMCkGA1UEAxMiKioqKioqKioqKioqKioqKioqKioqKiouZ251dGxzLm9yZzAe\n"
+ "Fw0xMTA1MDUyMDQ5NTlaFw02NDAxMTUyMDUwMDJaMDoxCzAJBgNVBAYTAkJFMSsw\n"
+ "KQYDVQQDEyIqKioqKioqKioqKioqKioqKioqKioqKi5nbnV0bHMub3JnMIIBUjAN\n"
+ "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEA3c+X0qUdld2GGNjEua2mDLSdttz6\n"
+ "3CHhOmI0B+gzsuiX7ixB0hLxX+3kdv9lJh4Mx0EVaV8N+a2JFI3q1xZSmkfBuwAC\n"
+ "5IhFc3ikrts4w8YH0mQOh+10jGvEwAJQfE6m0Vjp5RMJqdta6usPBoBcCe+UyOn7\n"
+ "Ny514ayTrZs3E0tmOnYz2MTXTPthyJIhB/zfqYhU5KOpR9JsuOM5iRGIOC2i3D5e\n"
+ "SqmkjtUfstDdQTzaEGieRxtlAqLFKHMCgwMJ/fUpfpfcKk5LqnlGRnCGG5u49oq+\n"
+ "KYd9X9qll2vvyEMJQ+IfihZ+HVBd9doC7vLDKkjmazDqAtfvrIsMuMGF2L98hage\n"
+ "g75cJi55e0f1Sj9mYpL9QSC2LADwUsomBi18z3pQfQ/L3ZcgyG/k4FD04wIDAQAB\n"
+ "o0QwQjAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQW\n"
+ "BBSSU9ZxufhoqrNT9o31OUVmnKflMTANBgkqhkiG9w0BAQsFAAOCATEAUMK435LP\n"
+ "0XpmpWLBBuC6VLLIsAGmXRv7odw8sG9fOctalsbK3zd9pDOaoFI/128GOmlTp1aC\n"
+ "n4a/pZ9G5wTKRvdxVqecdYkozDtAS35uwCSQPU/P12Oug6kA4NNJDxF3FGm5eov6\n"
+ "SnZDL0Qlhat9y0yOakaOkVNwESAwgUEYClZeR45htvH5oP48XEgwqHQ9jPS2MXAe\n"
+ "QLBjqqeYzIvWqwT4z14tIkN0VWWqqVo/dzV+lfNwQy0UL8iWVYnks8wKs2SBkVHx\n"
+ "41wBR3uCgCDwlYGDLIG1cm0n7mXrnE7KNcrwQKXL8WGNRAVvx5MVO1vDoWPyQ1Y4\n"
+ "sDdnQiVER9ee/KxO6IgCTGh+nCBTSSYgLX2E/m789quPvzyi9Hf/go28he6E3dSK\n"
+ "q7/LRSxaZenB/Q==\n" "-----END CERTIFICATE-----\n";
#ifdef ENABLE_OPENPGP
/* Check basic OpenPGP comparison too.
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3812>. */
char pem11[] =
- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
- "Version: GnuPG v1.4.6 (GNU/Linux)\n"
- "\n"
- "mQGiBEXInlgRBAD0teb6ohIlchkHcFlmmvtVW1KXexlDfXExf8T+fOz5z354GPOX\n"
- "sDq98ztCEE3hnPEOFj4NT0X3nEtrvLkhmZqrDHSbuJACB4qxeHwEbGFx7OIDW8+u\n"
- "4sKxpaza1GVf1NQ7VIaQiXaGHy8Esn9SW7oNhK6z5l4TIRlm3OBt3cxU3wCgjnnO\n"
- "jpGJeeo0OnZzSH+xsNLJQEcEAOmUc+7N9OhpT/gqddIgzYRr/FD0Ad6HBfABol6Q\n"
- "wWCapzIxggnZJ9i+lHujpcA8idtrBU/DGhkGtW95QaHwQ8d5SvetM7Wc/xoHEP3o\n"
- "HGvSGoXtfqlofastcC7eso39EBD10cpIB+gUmhe1MpaXm7A6m+KJO+2CkqE1vMkc\n"
- "tmKHBACzDRrWgkV+AtGWKl3ge9RkYHKxAPc0FBrpzDrvmvvNMaIme2u/+WP/xa4T\n"
- "nTjgys+pfeplHVfCO/n6nKWrVepMPE0+ZeNWzY6CsfhL7VjSN99vm7qzNHswBiJS\n"
- "gCSwJXRmQcJcS9hxqLciUyVEB32zPqX24QHnsyPYaSCzEBgOnLQPdGVzdC5nbnV0\n"
- "bHMub3JniF8EExECACAFAkXInlgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK\n"
- "CRCuX60+XR0U2FcfAJ9eZDmhk5a9k4K/zu+a5xFwb9SWsgCXTkDnOIQmueZPHg5U\n"
- "VgKnazckK7kCDQRFyJ51EAgAozi9Vk9R5I2AtRcqV4jLfpzh3eiBYSUt4U3ZLxff\n"
- "LAyvGMUXA7OATGGhuKphNQLux17AGpRN4nugnIWMLE9akyrxXqg/165UFKbwwVsl\n"
- "po7KzPvEXHmOYDgVEqS0sZNWmkJeMPdCVsD2wifPkocufUu2Ux8CmrvT1nEgoiVu\n"
- "kUjplJOralQBdsPkIEk8LMVtF3IW2aHCEET0yrJ2Y2q0i/u1K4bxSUi5ESrN0UNa\n"
- "WT7wtCegdwWlObwJEgwcu/8YtjMnfBI855gXVdJiRLdOJvkU+65I/jnPQG5QEIQM\n"
- "weLty/+GHkXVN2xw5OGUIryIPUHi8+EDGOGqoxqNUMTzvwADBQf/bTPc0z3oHp+X\n"
- "hsj3JP/AMCSQV87peKqFYEnRIubsN4Y4tTwVjEkRA3s5u+qTNvdypE1tvAEmdspa\n"
- "CL/EKfMCEltcW3WUwqUIULQ2Z0t9tBuVfMEH1Z1jjb68IOVwTJYz+iBtmbq5Wxoq\n"
- "lc5woOCDVL9qaKR6hOuAukTl6L3wQL+5zGBE4k5UfLf8UVJEa4ZTqsoMi3iyQAFO\n"
- "/h7WzqUATH3aQSz9tpilJ760wadDhc+Sdt2a0W6cC+SBmJaU/ym9seTd26nyWHG+\n"
- "03G+ynCHf5pBAXHhfCNhA0lMv5h3eJECNElcCh0sYGmo19jOzbnlRSGKRqrflOtO\n"
- "YwhQXK9y/ohJBBgRAgAJBQJFyJ51AhsMAAoJEK5frT5dHRTYDDgAn2bLaS5n3Xy8\n"
- "Z/V2Me1st/9pqPfZAJ4+9YBnyjCq/0vosIoZabi+s92m7g==\n"
- "=NkXV\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+ "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+ "Version: GnuPG v1.4.6 (GNU/Linux)\n"
+ "\n"
+ "mQGiBEXInlgRBAD0teb6ohIlchkHcFlmmvtVW1KXexlDfXExf8T+fOz5z354GPOX\n"
+ "sDq98ztCEE3hnPEOFj4NT0X3nEtrvLkhmZqrDHSbuJACB4qxeHwEbGFx7OIDW8+u\n"
+ "4sKxpaza1GVf1NQ7VIaQiXaGHy8Esn9SW7oNhK6z5l4TIRlm3OBt3cxU3wCgjnnO\n"
+ "jpGJeeo0OnZzSH+xsNLJQEcEAOmUc+7N9OhpT/gqddIgzYRr/FD0Ad6HBfABol6Q\n"
+ "wWCapzIxggnZJ9i+lHujpcA8idtrBU/DGhkGtW95QaHwQ8d5SvetM7Wc/xoHEP3o\n"
+ "HGvSGoXtfqlofastcC7eso39EBD10cpIB+gUmhe1MpaXm7A6m+KJO+2CkqE1vMkc\n"
+ "tmKHBACzDRrWgkV+AtGWKl3ge9RkYHKxAPc0FBrpzDrvmvvNMaIme2u/+WP/xa4T\n"
+ "nTjgys+pfeplHVfCO/n6nKWrVepMPE0+ZeNWzY6CsfhL7VjSN99vm7qzNHswBiJS\n"
+ "gCSwJXRmQcJcS9hxqLciUyVEB32zPqX24QHnsyPYaSCzEBgOnLQPdGVzdC5nbnV0\n"
+ "bHMub3JniF8EExECACAFAkXInlgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK\n"
+ "CRCuX60+XR0U2FcfAJ9eZDmhk5a9k4K/zu+a5xFwb9SWsgCXTkDnOIQmueZPHg5U\n"
+ "VgKnazckK7kCDQRFyJ51EAgAozi9Vk9R5I2AtRcqV4jLfpzh3eiBYSUt4U3ZLxff\n"
+ "LAyvGMUXA7OATGGhuKphNQLux17AGpRN4nugnIWMLE9akyrxXqg/165UFKbwwVsl\n"
+ "po7KzPvEXHmOYDgVEqS0sZNWmkJeMPdCVsD2wifPkocufUu2Ux8CmrvT1nEgoiVu\n"
+ "kUjplJOralQBdsPkIEk8LMVtF3IW2aHCEET0yrJ2Y2q0i/u1K4bxSUi5ESrN0UNa\n"
+ "WT7wtCegdwWlObwJEgwcu/8YtjMnfBI855gXVdJiRLdOJvkU+65I/jnPQG5QEIQM\n"
+ "weLty/+GHkXVN2xw5OGUIryIPUHi8+EDGOGqoxqNUMTzvwADBQf/bTPc0z3oHp+X\n"
+ "hsj3JP/AMCSQV87peKqFYEnRIubsN4Y4tTwVjEkRA3s5u+qTNvdypE1tvAEmdspa\n"
+ "CL/EKfMCEltcW3WUwqUIULQ2Z0t9tBuVfMEH1Z1jjb68IOVwTJYz+iBtmbq5Wxoq\n"
+ "lc5woOCDVL9qaKR6hOuAukTl6L3wQL+5zGBE4k5UfLf8UVJEa4ZTqsoMi3iyQAFO\n"
+ "/h7WzqUATH3aQSz9tpilJ760wadDhc+Sdt2a0W6cC+SBmJaU/ym9seTd26nyWHG+\n"
+ "03G+ynCHf5pBAXHhfCNhA0lMv5h3eJECNElcCh0sYGmo19jOzbnlRSGKRqrflOtO\n"
+ "YwhQXK9y/ohJBBgRAgAJBQJFyJ51AhsMAAoJEK5frT5dHRTYDDgAn2bLaS5n3Xy8\n"
+ "Z/V2Me1st/9pqPfZAJ4+9YBnyjCq/0vosIoZabi+s92m7g==\n"
+ "=NkXV\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
#endif
-void
-doit (void)
+void doit(void)
{
- gnutls_x509_crt_t x509;
+ gnutls_x509_crt_t x509;
#ifdef ENABLE_OPENPGP
- gnutls_openpgp_crt_t pgp;
+ gnutls_openpgp_crt_t pgp;
#endif
- gnutls_datum_t data;
- int ret;
+ gnutls_datum_t data;
+ int ret;
- ret = global_init ();
- if (ret < 0)
- fail ("global_init: %d\n", ret);
+ ret = global_init();
+ if (ret < 0)
+ fail("global_init: %d\n", ret);
- ret = gnutls_x509_crt_init (&x509);
- if (ret < 0)
- fail ("gnutls_x509_crt_init: %d\n", ret);
+ ret = gnutls_x509_crt_init(&x509);
+ if (ret < 0)
+ fail("gnutls_x509_crt_init: %d\n", ret);
#ifdef ENABLE_OPENPGP
- ret = gnutls_openpgp_crt_init (&pgp);
- if (ret < 0)
- fail ("gnutls_openpgp_crt_init: %d\n", ret);
+ ret = gnutls_openpgp_crt_init(&pgp);
+ if (ret < 0)
+ fail("gnutls_openpgp_crt_init: %d\n", ret);
#endif
- if (debug)
- success ("Testing pem1...\n");
- data.data = (unsigned char*)pem1;
- data.size = strlen (pem1);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- if (debug)
- success ("Testing pem2...\n");
- data.data = (unsigned char*)pem2;
- data.size = strlen (pem2);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "*.example.org");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- if (debug)
- success ("Testing pem3...\n");
- data.data = (unsigned char*)pem3;
- data.size = strlen (pem3);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "*.example.org");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- if (debug)
- success ("Testing pem4...\n");
- data.data = (unsigned char*)pem4;
- data.size = strlen (pem4);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo.example.com");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- if (debug)
- success ("Testing pem6...\n");
- data.data = (unsigned char*)pem6;
- data.size = strlen (pem6);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "bar.foo.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- if (debug)
- success ("Testing pem7...\n");
- data.data = (unsigned char*)pem7;
- data.size = strlen (pem7);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo.bar.example.org");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foobar.bar.example.org");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foobar.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foobazbar.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- if (debug)
- success ("Testing pem8...\n");
- data.data = (unsigned char*)pem8;
- data.size = strlen (pem8);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "www.example.");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "www.example.com");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "www.example.foo.com");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- if (debug)
- success ("Testing pem9...\n");
- data.data = (unsigned char*)pem9;
- data.size = strlen (pem9);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "bar.example.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- if (debug)
- success ("Testing pem10...\n");
- data.data = (unsigned char*)pem10;
- data.size = strlen (pem10);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "localhost");
- if (ret)
- fail ("Hostname incorrectly matches (%d)\n", ret);
-
- if (debug)
- success ("Testing pem_too_many...\n");
- data.data = (unsigned char*)pem_too_many;
- data.size = strlen (pem_too_many);
-
- ret = gnutls_x509_crt_import (x509, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import: %d\n", ret);
-
- ret = gnutls_x509_crt_check_hostname (x509, "localhost.gnutls.gnutls.org");
- if (ret)
- fail ("Hostname verification should have failed (too many wildcards)\n");
+ if (debug)
+ success("Testing pem1...\n");
+ data.data = (unsigned char *) pem1;
+ data.size = strlen(pem1);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem2...\n");
+ data.data = (unsigned char *) pem2;
+ data.size = strlen(pem2);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "www.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "*.example.org");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem3...\n");
+ data.data = (unsigned char *) pem3;
+ data.size = strlen(pem3);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "www.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "*.example.org");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem4...\n");
+ data.data = (unsigned char *) pem4;
+ data.size = strlen(pem4);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "www.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo.example.com");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem6...\n");
+ data.data = (unsigned char *) pem6;
+ data.size = strlen(pem6);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "bar.foo.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem7...\n");
+ data.data = (unsigned char *) pem7;
+ data.size = strlen(pem7);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo.bar.example.org");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ ret =
+ gnutls_x509_crt_check_hostname(x509, "foobar.bar.example.org");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foobar.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ ret =
+ gnutls_x509_crt_check_hostname(x509, "foobazbar.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem8...\n");
+ data.data = (unsigned char *) pem8;
+ data.size = strlen(pem8);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "www.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "www.example.");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "www.example.com");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "www.example.foo.com");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem9...\n");
+ data.data = (unsigned char *) pem9;
+ data.size = strlen(pem9);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "bar.example.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem10...\n");
+ data.data = (unsigned char *) pem10;
+ data.size = strlen(pem10);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret = gnutls_x509_crt_check_hostname(x509, "localhost");
+ if (ret)
+ fail("Hostname incorrectly matches (%d)\n", ret);
+
+ if (debug)
+ success("Testing pem_too_many...\n");
+ data.data = (unsigned char *) pem_too_many;
+ data.size = strlen(pem_too_many);
+
+ ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import: %d\n", ret);
+
+ ret =
+ gnutls_x509_crt_check_hostname(x509,
+ "localhost.gnutls.gnutls.org");
+ if (ret)
+ fail("Hostname verification should have failed (too many wildcards)\n");
#ifdef ENABLE_OPENPGP
- if (debug)
- success ("Testing pem11...\n");
- data.data = (unsigned char*)pem11;
- data.size = strlen (pem11);
-
- ret = gnutls_openpgp_crt_import (pgp, &data, GNUTLS_OPENPGP_FMT_BASE64);
- if (ret < 0)
- fail ("gnutls_openpgp_crt_import: %d\n", ret);
-
- ret = gnutls_openpgp_crt_check_hostname (pgp, "test.gnutls.org");
- if (!ret)
- fail ("Hostname incorrectly does not match (%d)\n", ret);
-
- gnutls_openpgp_crt_deinit (pgp);
+ if (debug)
+ success("Testing pem11...\n");
+ data.data = (unsigned char *) pem11;
+ data.size = strlen(pem11);
+
+ ret =
+ gnutls_openpgp_crt_import(pgp, &data,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (ret < 0)
+ fail("gnutls_openpgp_crt_import: %d\n", ret);
+
+ ret = gnutls_openpgp_crt_check_hostname(pgp, "test.gnutls.org");
+ if (!ret)
+ fail("Hostname incorrectly does not match (%d)\n", ret);
+
+ gnutls_openpgp_crt_deinit(pgp);
#endif
- gnutls_x509_crt_deinit (x509);
+ gnutls_x509_crt_deinit(x509);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
diff --git a/tests/infoaccess.c b/tests/infoaccess.c
index 2f7e79bb4f..71189ed51f 100644
--- a/tests/infoaccess.c
+++ b/tests/infoaccess.c
@@ -33,206 +33,199 @@
#include "utils.h"
static char cert_with_aia_data[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC\n"
- "TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0\n"
- "aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0\n"
- "aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz\n"
- "MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw\n"
- "IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR\n"
- "dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG\n"
- "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp\n"
- "li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D\n"
- "rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ\n"
- "WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug\n"
- "F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU\n"
- "xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC\n"
- "Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv\n"
- "dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw\n"
- "ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl\n"
- "IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh\n"
- "c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy\n"
- "ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh\n"
- "Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI\n"
- "KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T\n"
- "KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq\n"
- "y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p\n"
- "dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD\n"
- "VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL\n"
- "MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk\n"
- "fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8\n"
- "7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R\n"
- "cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y\n"
- "mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW\n"
- "xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK\n"
- "SnQ2+Q==\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC\n"
+ "TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0\n"
+ "aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0\n"
+ "aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz\n"
+ "MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw\n"
+ "IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR\n"
+ "dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG\n"
+ "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp\n"
+ "li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D\n"
+ "rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ\n"
+ "WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug\n"
+ "F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU\n"
+ "xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC\n"
+ "Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv\n"
+ "dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw\n"
+ "ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl\n"
+ "IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh\n"
+ "c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy\n"
+ "ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh\n"
+ "Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI\n"
+ "KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T\n"
+ "KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq\n"
+ "y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p\n"
+ "dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD\n"
+ "VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL\n"
+ "MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk\n"
+ "fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8\n"
+ "7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R\n"
+ "cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y\n"
+ "mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW\n"
+ "xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK\n"
+ "SnQ2+Q==\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t cert_with_aia = {
- (void*)cert_with_aia_data, sizeof (cert_with_aia_data)
+ (void *) cert_with_aia_data, sizeof(cert_with_aia_data)
};
-void
-doit (void)
+void doit(void)
{
- gnutls_x509_crt_t crt;
- int ret;
- gnutls_datum_t data;
- unsigned int critical;
-
- ret = global_init ();
- if (ret < 0)
- {
- fail ("global_init\n");
- exit (1);
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret != 0)
- {
- fail ("gnutls_x509_crt_init\n");
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (crt, &cert_with_aia, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_import\n");
- exit (1);
- }
-
- /* test null input */
- ret = gnutls_x509_crt_get_authority_info_access (NULL, 0, 0, NULL, NULL);
- if (ret != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_x509_crt_get_authority_info_access null input\n");
- exit (1);
- }
-
- /* test unused enum */
- ret = gnutls_x509_crt_get_authority_info_access (crt, 0, 44, NULL, NULL);
- if (ret != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_x509_crt_get_authority_info_access insane input\n");
- exit (1);
- }
-
- /* test basic query with null output */
- ret = gnutls_x509_crt_get_authority_info_access
- (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, NULL, NULL);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_get_authority_info_access "
- "GNUTLS_IA_ACCESSMETHOD_OID null output critical\n");
- exit (1);
- }
-
- /* test same as previous but also check that critical flag is
- correct */
- ret = gnutls_x509_crt_get_authority_info_access
- (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, NULL, &critical);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_get_authority_info_access "
- "GNUTLS_IA_ACCESSMETHOD_OID null output\n");
- exit (1);
- }
-
- if (critical != 0)
- {
- fail ("gnutls_x509_crt_get_authority_info_access "
- "critical failed: %d\n", critical);
- exit (1);
- }
-
- /* basic query of another type */
- ret = gnutls_x509_crt_get_authority_info_access
- (crt, 0, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, NULL, NULL);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_get_authority_info_access "
- "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE null output\n");
- exit (1);
- }
-
- /* basic query of another type, with out-of-bound sequence */
- ret = gnutls_x509_crt_get_authority_info_access
- (crt, 1, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, NULL, NULL);
- if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- fail ("gnutls_x509_crt_get_authority_info_access "
- "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE out-of-bounds\n");
- exit (1);
- }
-
- /* basic query and check output value */
- ret = gnutls_x509_crt_get_authority_info_access
- (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_get_authority_info_access "
- "GNUTLS_IA_ACCESSMETHOD_OID\n");
- exit (1);
- }
-
- if (memcmp ("1.3.6.1.5.5.7.48.1", data.data, data.size) != 0)
- {
- fail ("memcmp OCSP OID failed\n");
- exit (1);
- }
- gnutls_free (data.data);
-
- /* basic query of another type and check output value */
- ret = gnutls_x509_crt_get_authority_info_access
- (crt, 0, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_get_authority_info_access "
- "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE\n");
- exit (1);
- }
-
- if (memcmp ("uniformResourceIdentifier", data.data, data.size) != 0)
- {
- fail ("memcmp URI failed\n");
- exit (1);
- }
- gnutls_free (data.data);
-
- /* specific query */
- ret = gnutls_x509_crt_get_authority_info_access
- (crt, 0, GNUTLS_IA_URI, &data, NULL);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_URI\n");
- exit (1);
- }
-
- if (memcmp ("https://ocsp.quovadisoffshore.com", data.data, data.size) != 0)
- {
- fail ("memcmp URI value failed\n");
- exit (1);
- }
- gnutls_free (data.data);
-
- /* even more specific query */
- ret = gnutls_x509_crt_get_authority_info_access
- (crt, 0, GNUTLS_IA_OCSP_URI, &data, NULL);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_OCSP_URI\n");
- exit (1);
- }
-
- if (memcmp ("https://ocsp.quovadisoffshore.com", data.data, data.size) != 0)
- {
- fail ("memcmp URI value failed\n");
- exit (1);
- }
- gnutls_free (data.data);
-
- gnutls_x509_crt_deinit (crt);
-
- gnutls_global_deinit ();
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t data;
+ unsigned int critical;
+
+ ret = global_init();
+ if (ret < 0) {
+ fail("global_init\n");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret != 0) {
+ fail("gnutls_x509_crt_init\n");
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(crt, &cert_with_aia,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_import\n");
+ exit(1);
+ }
+
+ /* test null input */
+ ret =
+ gnutls_x509_crt_get_authority_info_access(NULL, 0, 0, NULL,
+ NULL);
+ if (ret != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_x509_crt_get_authority_info_access null input\n");
+ exit(1);
+ }
+
+ /* test unused enum */
+ ret =
+ gnutls_x509_crt_get_authority_info_access(crt, 0, 44, NULL,
+ NULL);
+ if (ret != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_x509_crt_get_authority_info_access insane input\n");
+ exit(1);
+ }
+
+ /* test basic query with null output */
+ ret = gnutls_x509_crt_get_authority_info_access
+ (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, NULL, NULL);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_get_authority_info_access "
+ "GNUTLS_IA_ACCESSMETHOD_OID null output critical\n");
+ exit(1);
+ }
+
+ /* test same as previous but also check that critical flag is
+ correct */
+ ret = gnutls_x509_crt_get_authority_info_access
+ (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, NULL, &critical);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_get_authority_info_access "
+ "GNUTLS_IA_ACCESSMETHOD_OID null output\n");
+ exit(1);
+ }
+
+ if (critical != 0) {
+ fail("gnutls_x509_crt_get_authority_info_access "
+ "critical failed: %d\n", critical);
+ exit(1);
+ }
+
+ /* basic query of another type */
+ ret = gnutls_x509_crt_get_authority_info_access
+ (crt, 0, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, NULL,
+ NULL);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_get_authority_info_access "
+ "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE null output\n");
+ exit(1);
+ }
+
+ /* basic query of another type, with out-of-bound sequence */
+ ret = gnutls_x509_crt_get_authority_info_access
+ (crt, 1, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, NULL,
+ NULL);
+ if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ fail("gnutls_x509_crt_get_authority_info_access "
+ "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE out-of-bounds\n");
+ exit(1);
+ }
+
+ /* basic query and check output value */
+ ret = gnutls_x509_crt_get_authority_info_access
+ (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_get_authority_info_access "
+ "GNUTLS_IA_ACCESSMETHOD_OID\n");
+ exit(1);
+ }
+
+ if (memcmp("1.3.6.1.5.5.7.48.1", data.data, data.size) != 0) {
+ fail("memcmp OCSP OID failed\n");
+ exit(1);
+ }
+ gnutls_free(data.data);
+
+ /* basic query of another type and check output value */
+ ret = gnutls_x509_crt_get_authority_info_access
+ (crt, 0, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data,
+ NULL);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_get_authority_info_access "
+ "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE\n");
+ exit(1);
+ }
+
+ if (memcmp("uniformResourceIdentifier", data.data, data.size) != 0) {
+ fail("memcmp URI failed\n");
+ exit(1);
+ }
+ gnutls_free(data.data);
+
+ /* specific query */
+ ret = gnutls_x509_crt_get_authority_info_access
+ (crt, 0, GNUTLS_IA_URI, &data, NULL);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_URI\n");
+ exit(1);
+ }
+
+ if (memcmp
+ ("https://ocsp.quovadisoffshore.com", data.data,
+ data.size) != 0) {
+ fail("memcmp URI value failed\n");
+ exit(1);
+ }
+ gnutls_free(data.data);
+
+ /* even more specific query */
+ ret = gnutls_x509_crt_get_authority_info_access
+ (crt, 0, GNUTLS_IA_OCSP_URI, &data, NULL);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_OCSP_URI\n");
+ exit(1);
+ }
+
+ if (memcmp
+ ("https://ocsp.quovadisoffshore.com", data.data,
+ data.size) != 0) {
+ fail("memcmp URI value failed\n");
+ exit(1);
+ }
+ gnutls_free(data.data);
+
+ gnutls_x509_crt_deinit(crt);
+
+ gnutls_global_deinit();
}
diff --git a/tests/init_roundtrip.c b/tests/init_roundtrip.c
index c96dd50345..4160b61bfe 100644
--- a/tests/init_roundtrip.c
+++ b/tests/init_roundtrip.c
@@ -30,23 +30,22 @@
/* See <http://bugs.gentoo.org/272388>. */
-void
-doit (void)
+void doit(void)
{
- int res;
+ int res;
- res = global_init ();
- if (res != 0)
- fail ("global_init\n");
+ res = global_init();
+ if (res != 0)
+ fail("global_init\n");
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- res = global_init ();
- if (res != 0)
- fail ("global_init2\n");
+ res = global_init();
+ if (res != 0)
+ fail("global_init2\n");
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- if (debug)
- success ("init-deinit round-trip success\n");
+ if (debug)
+ success("init-deinit round-trip success\n");
}
diff --git a/tests/key-openssl.c b/tests/key-openssl.c
index 3d8fd51eb3..1fb599d7d7 100644
--- a/tests/key-openssl.c
+++ b/tests/key-openssl.c
@@ -33,94 +33,94 @@
#include "utils.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", "crq_key_id", level, str);
+ fprintf(stderr, "%s |<%d>| %s", "crq_key_id", level, str);
}
-const char key1[] =
-"-----BEGIN RSA PRIVATE KEY-----\n"
-"Proc-Type: 4,ENCRYPTED\n"
-"DEK-Info: DES-EDE3-CBC,82B2F7684A1713F8\n"
-"\n"
-"1zzOuu89dfFc2UkFCtSJBsBeEFxV8wE84OSxoWu4aYkPhl1LR08BchaTbjeLTP0b\n"
-"t961vVpva0ekJkwGDEgmqlGjmhJq9y2sJfq7IeYa8OdTilfGrG1xeJ1QGBi6SCfR\n"
-"s/PhkMxwGBtrZ2Z7bEcLT5dQKmKRqsthnClQggmngvk7zX7bPk0hKQKvf+FDxt6x\n"
-"hzEaF3k9juU6vAVVSakrZ4QDqk9MUuTGHx0ksTDcC4EESS0l3Ybuum/rAzR4lQKR\n"
-"4OLmAeYBDl+l/PSMllfd5x/z1YXYoiAbkpT4ix0lyZJgHrvrYIeUtJk2ODiMHezL\n"
-"9BbK7EobtOGmrDLUNVX5BpdaExkWMGkioqzs2QqD/VkKu8RcNSsHVGqkdWKuhzXo\n"
-"wcczQ+RiHckN2uy/zApubEWZNLPeDQ499kaF+QdZ+h4RM6E1r1Gu+A==\n"
-"-----END RSA PRIVATE KEY-----\n";
-
-const char key2[] =
-"-----BEGIN RSA PRIVATE KEY-----\n"
-"Proc-Type: 4,ENCRYPTED\n"
-"DEK-Info: AES-128-CBC,2A57FF97B701B3F760145D7446929481\n"
-"\n"
-"mGAPhSw48wZBnkHOhfMDg8yL2IBgMuTmeKE4xoHi7T6isHBNfkqMd0iJ+DJP/OKb\n"
-"t+7lkKjj/xQ7w/bOBvBxlfRe4MW6+ejCdAFD9XSolW6WN6CEJPMI4UtmOK5inqcC\n"
-"8l2l54f/VGrVN9uavU3KlXCjrd3Jp9B0Mu4Zh/UU4+EWs9rJAZfLIn+vHZ3OHetx\n"
-"g74LdV7nC7lt/fjxc1caNIfgHs40dUt9FVrnJvAtkcNMtcjX/D+L8ZrLgQzIWFcs\n"
-"WAbUZj7Me22mCli3RPET7Je37K59IzfWgbWFCGaNu3X02g5xtCfdcn/Uqy9eofH0\n"
-"YjKRhpgXPeGJCkoRqDeUHQNPpVP5HrzDZMVK3E4DC03C8qvgsYvuwYt3KkbG2fuA\n"
-"F3bDyqlxSOm7uxF/K3YzI44v8/D8GGnLBTpN+ANBdiY=\n"
-"-----END RSA PRIVATE KEY-----\n";
-
-void
-doit (void)
+const char key1[] =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: DES-EDE3-CBC,82B2F7684A1713F8\n"
+ "\n"
+ "1zzOuu89dfFc2UkFCtSJBsBeEFxV8wE84OSxoWu4aYkPhl1LR08BchaTbjeLTP0b\n"
+ "t961vVpva0ekJkwGDEgmqlGjmhJq9y2sJfq7IeYa8OdTilfGrG1xeJ1QGBi6SCfR\n"
+ "s/PhkMxwGBtrZ2Z7bEcLT5dQKmKRqsthnClQggmngvk7zX7bPk0hKQKvf+FDxt6x\n"
+ "hzEaF3k9juU6vAVVSakrZ4QDqk9MUuTGHx0ksTDcC4EESS0l3Ybuum/rAzR4lQKR\n"
+ "4OLmAeYBDl+l/PSMllfd5x/z1YXYoiAbkpT4ix0lyZJgHrvrYIeUtJk2ODiMHezL\n"
+ "9BbK7EobtOGmrDLUNVX5BpdaExkWMGkioqzs2QqD/VkKu8RcNSsHVGqkdWKuhzXo\n"
+ "wcczQ+RiHckN2uy/zApubEWZNLPeDQ499kaF+QdZ+h4RM6E1r1Gu+A==\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+const char key2[] =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: AES-128-CBC,2A57FF97B701B3F760145D7446929481\n"
+ "\n"
+ "mGAPhSw48wZBnkHOhfMDg8yL2IBgMuTmeKE4xoHi7T6isHBNfkqMd0iJ+DJP/OKb\n"
+ "t+7lkKjj/xQ7w/bOBvBxlfRe4MW6+ejCdAFD9XSolW6WN6CEJPMI4UtmOK5inqcC\n"
+ "8l2l54f/VGrVN9uavU3KlXCjrd3Jp9B0Mu4Zh/UU4+EWs9rJAZfLIn+vHZ3OHetx\n"
+ "g74LdV7nC7lt/fjxc1caNIfgHs40dUt9FVrnJvAtkcNMtcjX/D+L8ZrLgQzIWFcs\n"
+ "WAbUZj7Me22mCli3RPET7Je37K59IzfWgbWFCGaNu3X02g5xtCfdcn/Uqy9eofH0\n"
+ "YjKRhpgXPeGJCkoRqDeUHQNPpVP5HrzDZMVK3E4DC03C8qvgsYvuwYt3KkbG2fuA\n"
+ "F3bDyqlxSOm7uxF/K3YzI44v8/D8GGnLBTpN+ANBdiY=\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+void doit(void)
{
- gnutls_x509_privkey_t pkey;
- int ret;
- gnutls_datum_t key;
-
- ret = global_init ();
- if (ret < 0)
- fail ("global_init: %d\n", ret);
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- ret = gnutls_x509_privkey_init (&pkey);
- if (ret < 0)
- fail ("gnutls_x509_privkey_init: %d\n", ret);
-
- key.data = (void*)key1;
- key.size = sizeof(key1);
- ret = gnutls_x509_privkey_import_openssl (pkey, &key, "123456");
- if (ret < 0)
- {
- fail ("gnutls_x509_privkey_import_openssl (key1): %s\n", gnutls_strerror(ret)) ;
- }
- gnutls_x509_privkey_deinit (pkey);
-
- ret = gnutls_x509_privkey_init (&pkey);
- if (ret < 0)
- fail ("gnutls_x509_privkey_init: %d\n", ret);
-
- key.data = (void*)key2;
- key.size = sizeof(key2);
- ret = gnutls_x509_privkey_import_openssl (pkey, &key, "a123456");
- if (ret < 0)
- {
- fail ("gnutls_x509_privkey_import_openssl (key2): %s\n", gnutls_strerror(ret)) ;
- }
-
- gnutls_x509_privkey_deinit (pkey);
-
- ret = gnutls_x509_privkey_init (&pkey);
- if (ret < 0)
- fail ("gnutls_x509_privkey_init: %d\n", ret);
-
- key.data = (void*)key1;
- key.size = sizeof(key1);
- ret = gnutls_x509_privkey_import2 (pkey, &key, GNUTLS_X509_FMT_PEM, "123456", 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_privkey_import2: %s\n", gnutls_strerror(ret)) ;
- }
- gnutls_x509_privkey_deinit (pkey);
-
- gnutls_global_deinit ();
+ gnutls_x509_privkey_t pkey;
+ int ret;
+ gnutls_datum_t key;
+
+ ret = global_init();
+ if (ret < 0)
+ fail("global_init: %d\n", ret);
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ ret = gnutls_x509_privkey_init(&pkey);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_init: %d\n", ret);
+
+ key.data = (void *) key1;
+ key.size = sizeof(key1);
+ ret = gnutls_x509_privkey_import_openssl(pkey, &key, "123456");
+ if (ret < 0) {
+ fail("gnutls_x509_privkey_import_openssl (key1): %s\n",
+ gnutls_strerror(ret));
+ }
+ gnutls_x509_privkey_deinit(pkey);
+
+ ret = gnutls_x509_privkey_init(&pkey);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_init: %d\n", ret);
+
+ key.data = (void *) key2;
+ key.size = sizeof(key2);
+ ret = gnutls_x509_privkey_import_openssl(pkey, &key, "a123456");
+ if (ret < 0) {
+ fail("gnutls_x509_privkey_import_openssl (key2): %s\n",
+ gnutls_strerror(ret));
+ }
+
+ gnutls_x509_privkey_deinit(pkey);
+
+ ret = gnutls_x509_privkey_init(&pkey);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_init: %d\n", ret);
+
+ key.data = (void *) key1;
+ key.size = sizeof(key1);
+ ret =
+ gnutls_x509_privkey_import2(pkey, &key, GNUTLS_X509_FMT_PEM,
+ "123456", 0);
+ if (ret < 0) {
+ fail("gnutls_x509_privkey_import2: %s\n",
+ gnutls_strerror(ret));
+ }
+ gnutls_x509_privkey_deinit(pkey);
+
+ gnutls_global_deinit();
}
diff --git a/tests/mini-alpn.c b/tests/mini-alpn.c
index 69ddd88191..355141a771 100644
--- a/tests/mini-alpn.c
+++ b/tests/mini-alpn.c
@@ -27,10 +27,9 @@
#if defined(_WIN32) || !defined(ENABLE_ALPN)
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -47,21 +46,19 @@ main (int argc, char** argv)
#include "utils.h"
-static void terminate (void);
+static void terminate(void);
/* This program tests the rehandshake in DTLS
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* These are global */
@@ -70,253 +67,229 @@ static pid_t child;
/* A very basic DTLS client, with anonymous authentication, that negotiates SRTP
*/
-static void
-client (int fd, const char* protocol1, const char* protocol2)
+static void client(int fd, const char *protocol1, const char *protocol2)
{
- gnutls_session_t session;
- int ret;
- gnutls_datum_t proto;
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
- if (protocol1)
- {
- gnutls_datum_t t[2];
- t[0].data = (void*)protocol1;
- t[0].size = strlen(protocol1);
- t[1].data = (void*)protocol2;
- t[1].size = strlen(protocol2);
-
- ret = gnutls_alpn_set_protocols(session, t, 2, 0);
- if (ret < 0)
- {
- gnutls_perror(ret);
- exit(1);
- }
- }
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit (1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- ret = gnutls_alpn_get_selected_protocol(session, &proto);
- if (ret < 0)
- {
- gnutls_perror(ret);
- exit(1);
- }
-
- if (debug)
- {
- fprintf(stderr, "selected protocol: %.*s\n", (int)proto.size, proto.data);
- }
-
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
-
- gnutls_global_deinit ();
+ gnutls_session_t session;
+ int ret;
+ gnutls_datum_t proto;
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+ if (protocol1) {
+ gnutls_datum_t t[2];
+ t[0].data = (void *) protocol1;
+ t[0].size = strlen(protocol1);
+ t[1].data = (void *) protocol2;
+ t[1].size = strlen(protocol2);
+
+ ret = gnutls_alpn_set_protocols(session, t, 2, 0);
+ if (ret < 0) {
+ gnutls_perror(ret);
+ exit(1);
+ }
+ }
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ ret = gnutls_alpn_get_selected_protocol(session, &proto);
+ if (ret < 0) {
+ gnutls_perror(ret);
+ exit(1);
+ }
+
+ if (debug) {
+ fprintf(stderr, "selected protocol: %.*s\n",
+ (int) proto.size, proto.data);
+ }
+
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+
+ gnutls_global_deinit();
}
-static void
-terminate (void)
+static void terminate(void)
{
- int status;
+ int status;
- kill (child, SIGTERM);
- wait (&status);
- exit (1);
+ kill(child, SIGTERM);
+ wait(&status);
+ exit(1);
}
-static void
-server (int fd, const char* protocol1, const char* protocol2)
+static void server(int fd, const char *protocol1, const char *protocol2)
{
- int ret;
- gnutls_session_t session;
- gnutls_anon_server_credentials_t anoncred;
- gnutls_datum_t t[2];
-
- /* this must be called once in the program
- */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
-
- t[0].data = (void*)protocol1;
- t[0].size = strlen(protocol1);
- t[1].data = (void*)protocol2;
- t[1].size = strlen(protocol2);
-
- ret = gnutls_alpn_set_protocols(session, t, 2, 0);
- if (ret < 0)
- {
- gnutls_perror(ret);
- exit(1);
- }
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- terminate ();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- ret = gnutls_alpn_get_selected_protocol(session, &t[0]);
- if (ret < 0)
- {
- gnutls_perror(ret);
- exit(1);
- }
-
+ int ret;
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ gnutls_datum_t t[2];
+
+ /* this must be called once in the program
+ */
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ gnutls_init(&session, GNUTLS_SERVER);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ t[0].data = (void *) protocol1;
+ t[0].size = strlen(protocol1);
+ t[1].data = (void *) protocol2;
+ t[1].size = strlen(protocol2);
+
+ ret = gnutls_alpn_set_protocols(session, t, 2, 0);
+ if (ret < 0) {
+ gnutls_perror(ret);
+ exit(1);
+ }
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ ret = gnutls_alpn_get_selected_protocol(session, &t[0]);
+ if (ret < 0) {
+ gnutls_perror(ret);
+ exit(1);
+ }
#if 0
- if (debug)
- {
- success ("Protocol: %.*s\n", (int)t[0].size, t[0].data);
- }
+ if (debug) {
+ success("Protocol: %.*s\n", (int) t[0].size, t[0].data);
+ }
#endif
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
- close (fd);
- gnutls_deinit (session);
+ close(fd);
+ gnutls_deinit(session);
- gnutls_anon_free_server_credentials (anoncred);
+ gnutls_anon_free_server_credentials(anoncred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- if (debug)
- success ("server: finished\n");
+ if (debug)
+ success("server: finished\n");
}
-static void
-start (const char* p1, const char* p2)
+static void start(const char *p1, const char *p2)
{
- int fd[2];
- int ret;
-
- ret = socketpair (AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror ("socketpair");
- exit (1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit (1);
- }
-
- if (child)
- {
- int status;
- /* parent */
-
- server (fd[0], p1, p2);
- wait (&status);
- if (WEXITSTATUS (status) != 0)
- fail ("Child died with status %d\n", WEXITSTATUS (status));
- }
- else
- {
- close (fd[0]);
- client (fd[1], p2, p1);
- exit (0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+
+ server(fd[0], p1, p2);
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ } else {
+ close(fd[0]);
+ client(fd[1], p2, p1);
+ exit(0);
+ }
}
-void
-doit (void)
+void doit(void)
{
- start ("spdy/2", "spdy/3");
- start ("spdy/3", "spdy/2");
+ start("spdy/2", "spdy/3");
+ start("spdy/3", "spdy/2");
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-cert-status.c b/tests/mini-cert-status.c
index 3b58e7b2f7..77dc030125 100644
--- a/tests/mini-cert-status.c
+++ b/tests/mini-cert-status.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -53,57 +53,55 @@ int main()
* decoding.
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
// fprintf (stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
@@ -112,213 +110,200 @@ const gnutls_datum_t server_key = { server_key_pem,
#define MAX_BUF 1024
-static void
-client (int fd)
+static void client(int fd)
{
- int ret;
- const char *p;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_session_t session;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (7);
- }
-
- gnutls_certificate_allocate_credentials (&x509_cred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- ret = gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", &p);
- if (ret < 0)
- {
- fail("error in setting priority: %s\n", p);
- exit(1);
- }
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- if (debug)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- }
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
+ int ret;
+ const char *p;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_session_t session;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(7);
+ }
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ ret =
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
+ &p);
+ if (ret < 0) {
+ fail("error in setting priority: %s\n", p);
+ exit(1);
+ }
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ if (debug) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ }
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
}
/* These are global */
pid_t child;
-static void
-server (int fd, unsigned status, int expected)
+static void server(int fd, unsigned status, int expected)
{
-int ret;
-char buffer[MAX_BUF + 1];
-gnutls_session_t session;
-gnutls_certificate_credentials_t x509_cred;
-
- /* this must be called once in the program
- */
- global_init ();
- memset(buffer, 0, sizeof(buffer));
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", NULL);
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
- gnutls_certificate_server_set_request(session, status);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret == expected)
- {
- if (debug)
- success("server: Handshake finished as expected\n");
- goto finish;
- }
- else
- {
- fail("expected %d, handshake returned %d\n", expected, ret);
- }
-
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-finish:
- close(fd);
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t x509_cred;
+
+ /* this must be called once in the program
+ */
+ global_init();
+ memset(buffer, 0, sizeof(buffer));
+
+ gnutls_init(&session, GNUTLS_SERVER);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
+ NULL);
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+ gnutls_certificate_server_set_request(session, status);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret == expected) {
+ if (debug)
+ success
+ ("server: Handshake finished as expected\n");
+ goto finish;
+ } else {
+ fail("expected %d, handshake returned %d\n", expected,
+ ret);
+ }
+
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+ finish:
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void start (unsigned status, int expected)
+static void start(unsigned status, int expected)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], status, expected);
- waitpid(-1, NULL, 0);
- //kill(child, SIGTERM);
- }
- else
- {
- close(fd[0]);
- client (fd[1]);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], status, expected);
+ waitpid(-1, NULL, 0);
+ //kill(child, SIGTERM);
+ } else {
+ close(fd[0]);
+ client(fd[1]);
+ exit(0);
+ }
}
static void ch_handler(int sig)
{
-int status = 0;
-
- waitpid(-1, &status, 0);
- if (WEXITSTATUS(status) != 0 ||
- (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
- {
- if (WIFSIGNALED(status))
- fail("Child died with sigsegv\n");
- }
- return;
+ int status = 0;
+
+ waitpid(-1, &status, 0);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+ if (WIFSIGNALED(status))
+ fail("Child died with sigsegv\n");
+ }
+ return;
}
-void
-doit (void)
+void doit(void)
{
- signal(SIGCHLD, ch_handler);
+ signal(SIGCHLD, ch_handler);
- start(GNUTLS_CERT_IGNORE, 0);
- start(GNUTLS_CERT_REQUEST, 0);
- start(GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND);
+ start(GNUTLS_CERT_IGNORE, 0);
+ start(GNUTLS_CERT_REQUEST, 0);
+ start(GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-deflate.c b/tests/mini-deflate.c
index fa4ad27e1a..1307f100b1 100644
--- a/tests/mini-deflate.c
+++ b/tests/mini-deflate.c
@@ -32,104 +32,107 @@
#ifdef HAVE_LIBZ
-# include "eagain-common.h"
-# include "utils.h"
+#include "eagain-common.h"
+#include "utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
-# define MAX_BUF 6*1024
-# define MSG "Hello TLS, and Hello and Hello and Hello"
+#define MAX_BUF 6*1024
+#define MSG "Hello TLS, and Hello and Hello and Hello"
-void
-doit (void)
+void doit(void)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (unsigned char*) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
- /* Need to enable anonymous KX specifically. */
- char buffer[MAX_BUF + 1];
- ssize_t ns;
- int ret, transferred = 0, msglen;
- const char * str;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
- gnutls_init (&server, GNUTLS_SERVER);
- ret = gnutls_priority_set_direct (server, "NONE:+VERS-TLS-ALL:+AES-128-CBC:+MAC-ALL:+SIGN-ALL:+COMP-DEFLATE:+ANON-DH", &str);
- if (ret < 0)
- {
- fprintf(stderr, "error at: %s\n", str);
- exit(1);
- }
-
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT);
- ret = gnutls_priority_set_direct (client, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-DEFLATE:+ANON-DH", &str);
- if (ret < 0)
- {
- fprintf(stderr, "error at: %s\n", str);
- exit(1);
- }
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- HANDSHAKE(client, server);
-
- if (debug)
- success ("Handshake established\n");
-
- msglen = strlen(MSG);
- TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
- if (debug)
- fputs ("\n", stdout);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 =
+ { (unsigned char *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+ /* Need to enable anonymous KX specifically. */
+ char buffer[MAX_BUF + 1];
+ ssize_t ns;
+ int ret, transferred = 0, msglen;
+ const char *str;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+ gnutls_init(&server, GNUTLS_SERVER);
+ ret =
+ gnutls_priority_set_direct(server,
+ "NONE:+VERS-TLS-ALL:+AES-128-CBC:+MAC-ALL:+SIGN-ALL:+COMP-DEFLATE:+ANON-DH",
+ &str);
+ if (ret < 0) {
+ fprintf(stderr, "error at: %s\n", str);
+ exit(1);
+ }
+
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ ret =
+ gnutls_priority_set_direct(client,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-DEFLATE:+ANON-DH",
+ &str);
+ if (ret < 0) {
+ fprintf(stderr, "error at: %s\n", str);
+ exit(1);
+ }
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ if (debug)
+ success("Handshake established\n");
+
+ msglen = strlen(MSG);
+ TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
+ if (debug)
+ fputs("\n", stdout);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
}
#else
-int main(int argc, char** argv)
+int main(int argc, char **argv)
{
- return 77;
+ return 77;
}
#endif
diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c
index 5b4d995aeb..1fea6b65df 100644
--- a/tests/mini-dtls-heartbeat.c
+++ b/tests/mini-dtls-heartbeat.c
@@ -29,10 +29,9 @@
#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
-int
-main ()
+int main()
{
- exit (77);
+ exit(77);
}
#else
@@ -49,21 +48,19 @@ main ()
#include "utils.h"
-static void terminate (void);
+static void terminate(void);
/* This program tests the rehandshake in DTLS
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* These are global */
@@ -75,306 +72,279 @@ static pid_t child;
#define MAX_BUF 1024
-static void
-client (int fd, int server_init)
+static void client(int fd, int server_init)
{
- gnutls_session_t session;
- int ret, ret2;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
- gnutls_dtls_set_mtu (session, 1500);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit (1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: DTLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- if (!server_init)
- {
- do
- {
- ret =
- gnutls_record_recv (session, buffer, sizeof (buffer));
-
- if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
- {
- if (debug)
- success ("Ping received. Replying with pong.\n");
- ret2 = gnutls_heartbeat_pong (session, 0);
- if (ret2 < 0)
- {
- fail ("pong: %s\n", gnutls_strerror (ret));
- terminate ();
- }
- }
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
- || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
-
- if (ret < 0)
- {
- fail ("recv: %s\n", gnutls_strerror (ret));
- terminate();
- }
- }
- else
- {
- do
- {
- ret =
- gnutls_heartbeat_ping (session, 256, 5,
- GNUTLS_HEARTBEAT_WAIT);
-
- if (debug)
- success ("Ping sent.\n");
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- fail ("ping: %s\n", gnutls_strerror (ret));
- terminate ();
- }
- }
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
-
- gnutls_global_deinit ();
+ gnutls_session_t session;
+ int ret, ret2;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: DTLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ if (!server_init) {
+ do {
+ ret =
+ gnutls_record_recv(session, buffer,
+ sizeof(buffer));
+
+ if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
+ if (debug)
+ success
+ ("Ping received. Replying with pong.\n");
+ ret2 = gnutls_heartbeat_pong(session, 0);
+ if (ret2 < 0) {
+ fail("pong: %s\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ }
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+
+ if (ret < 0) {
+ fail("recv: %s\n", gnutls_strerror(ret));
+ terminate();
+ }
+ } else {
+ do {
+ ret =
+ gnutls_heartbeat_ping(session, 256, 5,
+ GNUTLS_HEARTBEAT_WAIT);
+
+ if (debug)
+ success("Ping sent.\n");
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fail("ping: %s\n", gnutls_strerror(ret));
+ terminate();
+ }
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+
+ gnutls_global_deinit();
}
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
- gnutls_dtls_set_mtu (session, 1500);
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu(session, 1500);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
- return session;
+ return session;
}
-static void
-terminate (void)
+static void terminate(void)
{
- int status;
+ int status;
- kill (child, SIGTERM);
- wait (&status);
- exit (1);
+ kill(child, SIGTERM);
+ wait(&status);
+ exit(1);
}
-static void
-server (int fd, int server_init)
+static void server(int fd, int server_init)
{
- int ret, ret2;
- char buffer[MAX_BUF + 1];
- gnutls_session_t session;
- gnutls_anon_server_credentials_t anoncred;
- /* this must be called once in the program
- */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- session = initialize_tls_session ();
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- terminate ();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- if (server_init)
- {
- do
- {
- ret =
- gnutls_record_recv (session, buffer, sizeof (buffer));
-
- if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
- {
- if (debug)
- success ("Ping received. Replying with pong.\n");
- ret2 = gnutls_heartbeat_pong (session, 0);
- if (ret2 < 0)
- {
- fail ("pong: %s\n", gnutls_strerror (ret));
- terminate ();
- }
- }
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
- || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
- }
- else
- {
- do
- {
- ret =
- gnutls_heartbeat_ping (session, 256, 5,
- GNUTLS_HEARTBEAT_WAIT);
-
- if (debug)
- success ("Ping sent.\n");
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- fail ("ping: %s\n", gnutls_strerror (ret));
- terminate ();
- }
- }
-
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret, ret2;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ /* this must be called once in the program
+ */
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ session = initialize_tls_session();
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ if (server_init) {
+ do {
+ ret =
+ gnutls_record_recv(session, buffer,
+ sizeof(buffer));
+
+ if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
+ if (debug)
+ success
+ ("Ping received. Replying with pong.\n");
+ ret2 = gnutls_heartbeat_pong(session, 0);
+ if (ret2 < 0) {
+ fail("pong: %s\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ }
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+ } else {
+ do {
+ ret =
+ gnutls_heartbeat_ping(session, 256, 5,
+ GNUTLS_HEARTBEAT_WAIT);
+
+ if (debug)
+ success("Ping sent.\n");
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fail("ping: %s\n", gnutls_strerror(ret));
+ terminate();
+ }
+ }
+
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void
-start (int server_initiated)
+static void start(int server_initiated)
{
- int fd[2];
- int ret;
-
- ret = socketpair (AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror ("socketpair");
- exit (1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit (1);
- }
-
- if (child)
- {
- int status;
- /* parent */
-
- server (fd[0], server_initiated);
- wait (&status);
- if (WEXITSTATUS (status) != 0)
- fail ("Child died with status %d\n", WEXITSTATUS (status));
- }
- else
- {
- close (fd[0]);
- client (fd[1], server_initiated);
- exit (0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+
+ server(fd[0], server_initiated);
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ } else {
+ close(fd[0]);
+ client(fd[1], server_initiated);
+ exit(0);
+ }
}
-void
-doit (void)
+void doit(void)
{
- start (0);
- start (1);
+ start(0);
+ start(1);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-dtls-hello-verify.c b/tests/mini-dtls-hello-verify.c
index 534d8a6178..c5e3d96993 100644
--- a/tests/mini-dtls-hello-verify.c
+++ b/tests/mini-dtls-hello-verify.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -53,16 +53,14 @@ static void terminate(void);
/* This program tests the client hello verify in DTLS
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* A very basic TLS client, with anonymous authentication.
@@ -71,100 +69,94 @@ client_log_func (int level, const char *str)
#define MAX_BUF 1024
static ssize_t
-push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
-int fd = (long int)tr;
+ int fd = (long int) tr;
- return send(fd, data, len, 0);
+ return send(fd, data, len, 0);
}
-static void
-client (int fd)
+static void client(int fd)
{
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- gnutls_session_t session;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu( session, 1500);
- gnutls_handshake_set_timeout(session, 20*1000);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
- gnutls_transport_set_push_function (session, push);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
-end:
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
-
- gnutls_global_deinit ();
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ gnutls_session_t session;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_dtls_set_mtu(session, 1500);
+ gnutls_handshake_set_timeout(session, 20 * 1000);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+ gnutls_transport_set_push_function(session, push);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ do {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ end:
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+
+ gnutls_global_deinit();
}
@@ -173,188 +165,186 @@ pid_t child;
static void terminate(void)
{
-int status;
+ int status;
- kill(child, SIGTERM);
- wait(&status);
- exit(1);
+ kill(child, SIGTERM);
+ wait(&status);
+ exit(1);
}
#define CLI_ADDR (void*)"test"
#define CLI_ADDR_LEN 4
-static void
-server (int fd)
+static void server(int fd)
{
-int ret, csend = 0;
-gnutls_anon_server_credentials_t anoncred;
-char buffer[MAX_BUF + 1];
-gnutls_datum_t cookie_key;
-gnutls_dtls_prestate_st prestate;
-gnutls_session_t session;
-
- /* this must be called once in the program
- */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- ret = gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
- if (ret < 0)
- {
- fail("Cannot generate key: %s\n", gnutls_strerror(ret));
- terminate();
- }
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM);
- gnutls_handshake_set_timeout(session, 20*1000);
- gnutls_dtls_set_mtu( session, 1500);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
- gnutls_transport_set_push_function (session, push);
-
- for (;;)
- {
- ret = recv(fd, buffer, sizeof(buffer), MSG_PEEK);
- if (ret < 0)
- {
- fail("Cannot receive data\n");
- terminate();
- }
-
- memset(&prestate, 0, sizeof(prestate));
- ret = gnutls_dtls_cookie_verify(&cookie_key, CLI_ADDR, CLI_ADDR_LEN, buffer, ret, &prestate);
- if (ret < 0) /* cookie not valid */
- {
- if (debug) success("Sending hello verify request\n");
-
- ret = gnutls_dtls_cookie_send(&cookie_key, CLI_ADDR, CLI_ADDR_LEN, &prestate, (gnutls_transport_ptr_t)(long)fd, push);
- if (ret < 0)
- {
- fail("Cannot send data\n");
- terminate();
- }
-
- /* discard peeked data*/
- recv(fd, buffer, sizeof(buffer), 0);
- csend++;
-
- if (csend > 2)
- {
- fail("too many cookies sent\n");
- terminate();
- }
-
- continue;
- }
-
- /* success */
- break;
- }
-
- gnutls_dtls_prestate_set(session, &prestate);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- terminate();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- do {
- ret = gnutls_record_send (session, buffer, sizeof (buffer));
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: data sending has failed (%s)\n\n", gnutls_strerror (ret));
- terminate();
- }
-
-
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
- gnutls_free(cookie_key.data);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret, csend = 0;
+ gnutls_anon_server_credentials_t anoncred;
+ char buffer[MAX_BUF + 1];
+ gnutls_datum_t cookie_key;
+ gnutls_dtls_prestate_st prestate;
+ gnutls_session_t session;
+
+ /* this must be called once in the program
+ */
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ ret = gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
+ if (ret < 0) {
+ fail("Cannot generate key: %s\n", gnutls_strerror(ret));
+ terminate();
+ }
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_handshake_set_timeout(session, 20 * 1000);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+ gnutls_transport_set_push_function(session, push);
+
+ for (;;) {
+ ret = recv(fd, buffer, sizeof(buffer), MSG_PEEK);
+ if (ret < 0) {
+ fail("Cannot receive data\n");
+ terminate();
+ }
+
+ memset(&prestate, 0, sizeof(prestate));
+ ret =
+ gnutls_dtls_cookie_verify(&cookie_key, CLI_ADDR,
+ CLI_ADDR_LEN, buffer, ret,
+ &prestate);
+ if (ret < 0) { /* cookie not valid */
+ if (debug)
+ success("Sending hello verify request\n");
+
+ ret =
+ gnutls_dtls_cookie_send(&cookie_key, CLI_ADDR,
+ CLI_ADDR_LEN,
+ &prestate,
+ (gnutls_transport_ptr_t)
+ (long) fd, push);
+ if (ret < 0) {
+ fail("Cannot send data\n");
+ terminate();
+ }
+
+ /* discard peeked data */
+ recv(fd, buffer, sizeof(buffer), 0);
+ csend++;
+
+ if (csend > 2) {
+ fail("too many cookies sent\n");
+ terminate();
+ }
+
+ continue;
+ }
+
+ /* success */
+ break;
+ }
+
+ gnutls_dtls_prestate_set(session, &prestate);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ do {
+ ret = gnutls_record_send(session, buffer, sizeof(buffer));
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: data sending has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+
+
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+ gnutls_free(cookie_key.data);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-void doit (void)
+void doit(void)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- int status;
- /* parent */
-
- server (fd[0]);
- wait (&status);
- if (WEXITSTATUS(status) != 0)
- fail("Child died with status %d\n", WEXITSTATUS(status));
- }
- else
- {
- close(fd[0]);
- client (fd[1]);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+
+ server(fd[0]);
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ } else {
+ close(fd[0]);
+ client(fd[1]);
+ exit(0);
+ }
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-dtls-large.c b/tests/mini-dtls-large.c
index 2aeea92421..c724dad34f 100644
--- a/tests/mini-dtls-large.c
+++ b/tests/mini-dtls-large.c
@@ -27,10 +27,9 @@
#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
-int
-main ()
+int main()
{
- exit (77);
+ exit(77);
}
#else
@@ -47,21 +46,19 @@ main ()
#include "utils.h"
-static void terminate (void);
+static void terminate(void);
/* This program tests the rehandshake in DTLS
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* These are global */
@@ -74,258 +71,245 @@ static pid_t child;
#define MAX_MTU 20*1024
-static void
-client (int fd)
+static void client(int fd)
{
- gnutls_session_t session;
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
- gnutls_dtls_set_mtu (session, 1500);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit (1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: DTLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- do
- {
- ret =
- gnutls_record_recv (session, buffer, sizeof (buffer));
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret > 0);
-
- if (ret < 0)
- {
- fail ("recv: %s\n", gnutls_strerror (ret));
- terminate();
- }
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
-
- gnutls_global_deinit ();
+ gnutls_session_t session;
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: DTLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ do {
+ ret = gnutls_record_recv(session, buffer, sizeof(buffer));
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
+ || ret > 0);
+
+ if (ret < 0) {
+ fail("recv: %s\n", gnutls_strerror(ret));
+ terminate();
+ }
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+
+ gnutls_global_deinit();
}
-static void
-terminate (void)
+static void terminate(void)
{
- int status;
+ int status;
- kill (child, SIGTERM);
- wait (&status);
- exit (1);
+ kill(child, SIGTERM);
+ wait(&status);
+ exit(1);
}
-static void
-server (int fd)
+static void server(int fd)
{
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_session_t session;
- gnutls_anon_server_credentials_t anoncred;
- /* this must be called once in the program
- */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu (session, 1500);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- terminate ();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- ret = gnutls_record_send(session, buffer, gnutls_dtls_get_data_mtu(session)+12);
- if (ret != GNUTLS_E_LARGE_PACKET)
- {
- fail ("send[%d]: %s\n", __LINE__, gnutls_strerror (ret));
- terminate ();
- }
-
- ret = gnutls_record_send(session, buffer, gnutls_dtls_get_data_mtu(session)+5048);
- if (ret != GNUTLS_E_LARGE_PACKET)
- {
- fail ("send[%d]: %s\n", __LINE__, gnutls_strerror (ret));
- terminate ();
- }
-
- ret = gnutls_record_send(session, buffer, gnutls_dtls_get_data_mtu(session));
- if (ret < 0)
- {
- fail ("send[%d]: %s\n", __LINE__, gnutls_strerror (ret));
- terminate ();
- }
-
- gnutls_dtls_set_mtu (session, MAX_MTU);
- ret = gnutls_record_send(session, buffer, gnutls_dtls_get_data_mtu(session)+12);
- if (ret != GNUTLS_E_LARGE_PACKET)
- {
- fail ("send[%d]: %s\n", __LINE__, gnutls_strerror (ret));
- terminate ();
- }
-
- ret = gnutls_record_send(session, buffer, gnutls_dtls_get_data_mtu(session)+5048);
- if (ret != GNUTLS_E_LARGE_PACKET)
- {
- fail ("send[%d]: %s\n", __LINE__, gnutls_strerror (ret));
- terminate ();
- }
-
- ret = gnutls_record_send(session, buffer, gnutls_dtls_get_data_mtu(session));
- if (ret > 16384 || ret < 0)
- {
- fail ("send[%d]: %s\n", __LINE__, gnutls_strerror (ret));
- terminate ();
- }
-
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ /* this must be called once in the program
+ */
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ ret =
+ gnutls_record_send(session, buffer,
+ gnutls_dtls_get_data_mtu(session) + 12);
+ if (ret != GNUTLS_E_LARGE_PACKET) {
+ fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
+ terminate();
+ }
+
+ ret =
+ gnutls_record_send(session, buffer,
+ gnutls_dtls_get_data_mtu(session) + 5048);
+ if (ret != GNUTLS_E_LARGE_PACKET) {
+ fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
+ terminate();
+ }
+
+ ret =
+ gnutls_record_send(session, buffer,
+ gnutls_dtls_get_data_mtu(session));
+ if (ret < 0) {
+ fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
+ terminate();
+ }
+
+ gnutls_dtls_set_mtu(session, MAX_MTU);
+ ret =
+ gnutls_record_send(session, buffer,
+ gnutls_dtls_get_data_mtu(session) + 12);
+ if (ret != GNUTLS_E_LARGE_PACKET) {
+ fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
+ terminate();
+ }
+
+ ret =
+ gnutls_record_send(session, buffer,
+ gnutls_dtls_get_data_mtu(session) + 5048);
+ if (ret != GNUTLS_E_LARGE_PACKET) {
+ fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
+ terminate();
+ }
+
+ ret =
+ gnutls_record_send(session, buffer,
+ gnutls_dtls_get_data_mtu(session));
+ if (ret > 16384 || ret < 0) {
+ fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret));
+ terminate();
+ }
+
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void
-start (void)
+static void start(void)
{
- int fd[2];
- int ret;
-
- ret = socketpair (AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror ("socketpair");
- exit (1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit (1);
- }
-
- if (child)
- {
- int status;
- /* parent */
-
- server (fd[0]);
- wait (&status);
- if (WEXITSTATUS (status) != 0)
- fail ("Child died with status %d\n", WEXITSTATUS (status));
- }
- else
- {
- close (fd[0]);
- client (fd[1]);
- exit (0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+
+ server(fd[0]);
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ } else {
+ close(fd[0]);
+ client(fd[1]);
+ exit(0);
+ }
}
-void
-doit (void)
+void doit(void)
{
- start ();
+ start();
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-dtls-record.c b/tests/mini-dtls-record.c
index 5128d2ed9d..37d1ebfb46 100644
--- a/tests/mini-dtls-record.c
+++ b/tests/mini-dtls-record.c
@@ -24,17 +24,16 @@
#include <config.h>
#endif
-#define REL_LAYER
+#define REL_LAYER
#include <stdio.h>
#include <stdlib.h>
#if defined(_WIN32)
-int
-main ()
+int main()
{
- exit (77);
+ exit(77);
}
#else
@@ -53,7 +52,7 @@ main ()
#include "utils.h"
static int test_finished = 0;
-static void terminate (void);
+static void terminate(void);
/* This program tests the rehandshake in DTLS
*/
@@ -66,16 +65,14 @@ tls_audit_log_func (gnutls_session_t session, const char *str)
}
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* These are global */
@@ -88,363 +85,351 @@ static pid_t child;
#define MAX_SEQ 128
-static int msg_seq[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 10, 16, 5, 32, 11, 11, 11, 11, 12, 10, 13, 14,
- 15, 16, 17, 19, 20, 18, 22, 24, 23, 25, 26, 27, 29, 28, 29, 29, 30, 31, 32, 33, 34, 35, 37, 36, 38, 39,
- 42, 37, 40, 41, 41, -1};
+static int msg_seq[] =
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 10, 16, 5, 32, 11, 11, 11, 11, 12,
+10, 13, 14,
+ 15, 16, 17, 19, 20, 18, 22, 24, 23, 25, 26, 27, 29, 28, 29, 29, 30,
+ 31, 32, 33, 34, 35, 37, 36, 38, 39,
+ 42, 37, 40, 41, 41, -1
+};
+
static unsigned int current = 0;
static unsigned int pos = 0;
-unsigned char* stored_messages[MAX_SEQ];
+unsigned char *stored_messages[MAX_SEQ];
unsigned int stored_sizes[MAX_SEQ];
static ssize_t
-odd_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+odd_push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
-ssize_t ret;
-unsigned i;
-
- if (msg_seq[current] == -1 || test_finished != 0)
- {
- test_finished = 1;
- return len;
- }
-
- stored_messages[current] = malloc(len);
- memcpy(stored_messages[current], data, len);
- stored_sizes[current] = len;
-
- if (pos != current)
- {
- for (i=pos;i<=current;i++)
- {
- if (stored_messages[msg_seq[i]] != NULL)
- {
- do
- {
- ret = send((long int)tr, stored_messages[msg_seq[i]], stored_sizes[msg_seq[i]], 0);
- }
- while(ret == -1 && errno == EAGAIN);
- pos++;
- }
- else
- break;
- }
- }
- else if (msg_seq[current] == (int)current)
- {
- do
- {
- ret = send((long int)tr, data, len, 0);
- }
- while(ret == -1 && errno == EAGAIN);
-
- current++;
- pos++;
-
- return ret;
- }
- else if (stored_messages[msg_seq[current]] != NULL)
- {
- do
- {
- ret = send((long int)tr, stored_messages[msg_seq[current]], stored_sizes[msg_seq[current]], 0);
- }
- while(ret == -1 && errno == EAGAIN);
- current++;
- pos++;
- return ret;
- }
-
- current++;
-
- return len;
+ ssize_t ret;
+ unsigned i;
+
+ if (msg_seq[current] == -1 || test_finished != 0) {
+ test_finished = 1;
+ return len;
+ }
+
+ stored_messages[current] = malloc(len);
+ memcpy(stored_messages[current], data, len);
+ stored_sizes[current] = len;
+
+ if (pos != current) {
+ for (i = pos; i <= current; i++) {
+ if (stored_messages[msg_seq[i]] != NULL) {
+ do {
+ ret =
+ send((long int) tr,
+ stored_messages[msg_seq
+ [i]],
+ stored_sizes[msg_seq[i]],
+ 0);
+ }
+ while (ret == -1 && errno == EAGAIN);
+ pos++;
+ } else
+ break;
+ }
+ } else if (msg_seq[current] == (int) current) {
+ do {
+ ret = send((long int) tr, data, len, 0);
+ }
+ while (ret == -1 && errno == EAGAIN);
+
+ current++;
+ pos++;
+
+ return ret;
+ } else if (stored_messages[msg_seq[current]] != NULL) {
+ do {
+ ret =
+ send((long int) tr,
+ stored_messages[msg_seq[current]],
+ stored_sizes[msg_seq[current]], 0);
+ }
+ while (ret == -1 && errno == EAGAIN);
+ current++;
+ pos++;
+ return ret;
+ }
+
+ current++;
+
+ return len;
}
static ssize_t
-n_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+n_push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
- return send((unsigned long)tr, data, len, 0);
+ return send((unsigned long) tr, data, len, 0);
}
/* The first five messages are handshake. Thus corresponds to msg_seq+5 */
-static int recv_msg_seq[] = { 1, 2, 3, 4, 5, 6, 12, 28, 7, 8, 9, 10, 11, 13, 15, 16, 14, 18, 20, 19, 21, 22,
- 23, 25, 24, 26, 27, 29, 30, 31, 33, 32, 34, 35, 38, 36, 37, -1};
+static int recv_msg_seq[] =
+ { 1, 2, 3, 4, 5, 6, 12, 28, 7, 8, 9, 10, 11, 13, 15, 16, 14, 18, 20,
+19, 21, 22,
+ 23, 25, 24, 26, 27, 29, 30, 31, 33, 32, 34, 35, 38, 36, 37, -1
+};
-static void
-client (int fd)
+static void client(int fd)
{
- gnutls_session_t session;
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- unsigned char seq[8];
- uint64_t useq;
- unsigned current = 0;
+ gnutls_session_t session;
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ unsigned char seq[8];
+ uint64_t useq;
+ unsigned current = 0;
#ifndef REL_LAYER
- struct timespec ts;
+ struct timespec ts;
- ts.tv_sec = 0;
- ts.tv_nsec = 100*1000*1000;
+ ts.tv_sec = 0;
+ ts.tv_nsec = 100 * 1000 * 1000;
#endif
-
- memset(buffer, 0, sizeof(buffer));
-
- /* Need to enable anonymous KX specifically. */
+
+ memset(buffer, 0, sizeof(buffer));
+
+ /* Need to enable anonymous KX specifically. */
/* gnutls_global_set_audit_log_function (tls_audit_log_func); */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (99);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
- gnutls_dtls_set_mtu (session, 1500);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit (1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- gnutls_record_send( session, buffer, 1);
-
- if (debug)
- success ("client: DTLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
- do
- {
- ret = gnutls_record_recv_seq (session, buffer, sizeof (buffer), seq);
-
- if (ret > 0)
- {
- useq = seq[3] | (seq[2] << 8) | (seq[1] << 16) | (seq[0] << 24);
- useq <<= 32;
- useq |= seq[7] | (seq[6] << 8) | (seq[5] << 16) | (seq[4] << 24);
-
- if (recv_msg_seq[current] == -1)
- {
- fail("received message sequence differs\n");
- terminate();
- }
-
- if ((uint32_t)recv_msg_seq[current] != (uint32_t)useq)
- {
- fail("received message sequence differs\n");
- terminate();
- }
-
- current++;
- }
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(99);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ gnutls_record_send(session, buffer, 1);
+
+ if (debug)
+ success("client: DTLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+ do {
+ ret =
+ gnutls_record_recv_seq(session, buffer, sizeof(buffer),
+ seq);
+
+ if (ret > 0) {
+ useq =
+ seq[3] | (seq[2] << 8) | (seq[1] << 16) |
+ (seq[0] << 24);
+ useq <<= 32;
+ useq |=
+ seq[7] | (seq[6] << 8) | (seq[5] << 16) |
+ (seq[4] << 24);
+
+ if (recv_msg_seq[current] == -1) {
+ fail("received message sequence differs\n");
+ terminate();
+ }
+
+ if ((uint32_t) recv_msg_seq[current] !=
+ (uint32_t) useq) {
+ fail("received message sequence differs\n");
+ terminate();
+ }
+
+ current++;
+ }
#ifndef REL_LAYER
- nanosleep(&ts, NULL);
+ nanosleep(&ts, NULL);
#endif
- }
- while ((ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret > 0));
+ }
+ while ((ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
+ || ret > 0));
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ gnutls_bye(session, GNUTLS_SHUT_WR);
- close (fd);
+ close(fd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_anon_free_client_credentials (anoncred);
+ gnutls_anon_free_client_credentials(anoncred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
-static void
-terminate (void)
+static void terminate(void)
{
- int status;
+ int status;
- kill (child, SIGTERM);
- wait (&status);
- exit (1);
+ kill(child, SIGTERM);
+ wait(&status);
+ exit(1);
}
-static void
-server (int fd)
+static void server(int fd)
{
- int ret;
- gnutls_session_t session;
- gnutls_anon_server_credentials_t anoncred;
- char c;
+ int ret;
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ char c;
#ifndef REL_LAYER
- struct timespec ts;
-
- ts.tv_sec = 0;
- ts.tv_nsec = 100*1000*1000;
+ struct timespec ts;
+
+ ts.tv_sec = 0;
+ ts.tv_nsec = 100 * 1000 * 1000;
#endif
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- gnutls_transport_set_push_function (session, odd_push);
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
- gnutls_dtls_set_mtu (session, 1500);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- terminate ();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- gnutls_record_recv(session, &c, 1);
- do
- {
- do
- {
- ret = gnutls_record_send( session, &c, 1);
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- fail ("send: %s\n", gnutls_strerror (ret));
- terminate ();
- }
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_transport_set_push_function(session, odd_push);
+ gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ gnutls_record_recv(session, &c, 1);
+ do {
+ do {
+ ret = gnutls_record_send(session, &c, 1);
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fail("send: %s\n", gnutls_strerror(ret));
+ terminate();
+ }
#ifndef REL_LAYER
- nanosleep(&ts, NULL);
+ nanosleep(&ts, NULL);
#endif
- }
- while (test_finished == 0);
+ }
+ while (test_finished == 0);
- gnutls_transport_set_push_function (session, n_push);
+ gnutls_transport_set_push_function(session, n_push);
#ifndef REL_LAYER
- nanosleep(&ts, NULL);
+ nanosleep(&ts, NULL);
#endif
- do
- {
- ret = gnutls_bye (session, GNUTLS_SHUT_WR);
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+ do {
+ ret = gnutls_bye(session, GNUTLS_SHUT_WR);
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- close (fd);
- gnutls_deinit (session);
+ close(fd);
+ gnutls_deinit(session);
- gnutls_anon_free_server_credentials (anoncred);
+ gnutls_anon_free_server_credentials(anoncred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- if (debug)
- success ("server: finished\n");
+ if (debug)
+ success("server: finished\n");
}
-static void
-start (void)
+static void start(void)
{
- int fd[2];
- int ret;
+ int fd[2];
+ int ret;
#ifdef REL_LAYER
- ret = socketpair (AF_UNIX, SOCK_STREAM, 0, fd);
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
#else
- ret = socketpair (AF_UNIX, SOCK_DGRAM, 0, fd);
+ ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, fd);
#endif
- if (ret < 0)
- {
- perror ("socketpair");
- exit (1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit (1);
- }
-
- if (child)
- {
- int status;
- /* parent */
-
- server (fd[0]);
- wait (&status);
- if (WEXITSTATUS (status) != 0)
- fail ("Child died with status %d\n", WEXITSTATUS (status));
- }
- else
- {
- close (fd[0]);
- client (fd[1]);
- exit (0);
- }
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+
+ server(fd[0]);
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ } else {
+ close(fd[0]);
+ client(fd[1]);
+ exit(0);
+ }
}
-void
-doit (void)
+void doit(void)
{
- start ();
+ start();
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-dtls-rehandshake.c b/tests/mini-dtls-rehandshake.c
index 187d9297b4..84828b5bdb 100644
--- a/tests/mini-dtls-rehandshake.c
+++ b/tests/mini-dtls-rehandshake.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -53,16 +53,14 @@ static void terminate(void);
/* This program tests the rehandshake in DTLS
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* A very basic TLS client, with anonymous authentication.
@@ -74,132 +72,123 @@ client_log_func (int level, const char *str)
gnutls_session_t session;
static ssize_t
-push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
-int fd = (long int)tr;
+ int fd = (long int) tr;
- return send(fd, data, len, 0);
+ return send(fd, data, len, 0);
}
-static void
-client (int fd, int server_init)
+static void client(int fd, int server_init)
{
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu( session, 1500);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
- gnutls_transport_set_push_function (session, push);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- if (!server_init)
- {
- if (debug) success("Initiating client rehandshake\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("2nd client gnutls_handshake: %s\n", gnutls_strerror(ret));
- terminate();
- }
- }
- else
- {
- do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- }
-
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- if (server_init && ret == GNUTLS_E_REHANDSHAKE)
- {
- if (debug) success("Initiating rehandshake due to server request\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- }
-
- if (ret != 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- do {
- ret = gnutls_record_send (session, MSG, strlen (MSG));
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
-end:
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
-
- gnutls_global_deinit ();
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+ gnutls_transport_set_push_function(session, push);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ if (!server_init) {
+ if (debug)
+ success("Initiating client rehandshake\n");
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("2nd client gnutls_handshake: %s\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ } else {
+ do {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+ }
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ if (server_init && ret == GNUTLS_E_REHANDSHAKE) {
+ if (debug)
+ success
+ ("Initiating rehandshake due to server request\n");
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ }
+
+ if (ret != 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ do {
+ ret = gnutls_record_send(session, MSG, strlen(MSG));
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ end:
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+
+ gnutls_global_deinit();
}
@@ -207,201 +196,195 @@ end:
gnutls_anon_server_credentials_t anoncred;
pid_t child;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu( session, 1500);
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_dtls_set_mtu(session, 1500);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
- return session;
+ return session;
}
static void terminate(void)
{
-int status;
+ int status;
- kill(child, SIGTERM);
- wait(&status);
- exit(1);
+ kill(child, SIGTERM);
+ wait(&status);
+ exit(1);
}
-static void
-server (int fd, int server_init)
+static void server(int fd, int server_init)
{
-int ret;
-char buffer[MAX_BUF + 1];
- /* this must be called once in the program
- */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- session = initialize_tls_session ();
-
- gnutls_transport_set_int (session, fd);
- gnutls_transport_set_push_function (session, push);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- terminate();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- if (server_init)
- {
- if (debug) success("server: Sending dummy packet\n");
- ret = gnutls_rehandshake(session);
- if (ret < 0)
- {
- fail ("gnutls_rehandshake: %s\n", gnutls_strerror(ret));
- terminate();
- }
-
- if (debug) success("server: Initiating rehandshake\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("server: 2nd gnutls_handshake: %s\n", gnutls_strerror(ret));
- terminate();
- }
- }
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
-
- do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- if (!server_init && ret == GNUTLS_E_REHANDSHAKE)
- {
- if (debug) success("Initiating rehandshake due to client request\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret == 0) break;
- }
-
- fail ("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret));
- terminate();
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- do {
- ret = gnutls_record_send (session, buffer, strlen (buffer));
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- }
- }
-
-
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ char buffer[MAX_BUF + 1];
+ /* this must be called once in the program
+ */
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ session = initialize_tls_session();
+
+ gnutls_transport_set_int(session, fd);
+ gnutls_transport_set_push_function(session, push);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ if (server_init) {
+ if (debug)
+ success("server: Sending dummy packet\n");
+ ret = gnutls_rehandshake(session);
+ if (ret < 0) {
+ fail("gnutls_rehandshake: %s\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+
+ if (debug)
+ success("server: Initiating rehandshake\n");
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("server: 2nd gnutls_handshake: %s\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ }
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+
+ do {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ if (!server_init && ret == GNUTLS_E_REHANDSHAKE) {
+ if (debug)
+ success
+ ("Initiating rehandshake due to client request\n");
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0
+ && gnutls_error_is_fatal(ret) == 0);
+ if (ret == 0)
+ break;
+ }
+
+ fail("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret));
+ terminate();
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ do {
+ ret =
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+ }
+ }
+
+
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void start (int server_initiated)
+static void start(int server_initiated)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- int status;
- /* parent */
-
- server (fd[0], server_initiated);
- wait (&status);
- if (WEXITSTATUS(status) != 0)
- fail("Child died with status %d\n", WEXITSTATUS(status));
- }
- else
- {
- close(fd[0]);
- client (fd[1], server_initiated);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+
+ server(fd[0], server_initiated);
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ } else {
+ close(fd[0]);
+ client(fd[1], server_initiated);
+ exit(0);
+ }
}
-void
-doit (void)
+void doit(void)
{
- start(0);
- start(1);
+ start(0);
+ start(1);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-dtls-srtp.c b/tests/mini-dtls-srtp.c
index 6d3d8000bd..07e624e2af 100644
--- a/tests/mini-dtls-srtp.c
+++ b/tests/mini-dtls-srtp.c
@@ -29,10 +29,9 @@
#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP)
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -49,21 +48,19 @@ main (int argc, char** argv)
#include "utils.h"
-static void terminate (void);
+static void terminate(void);
/* This program tests the rehandshake in DTLS
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* These are global */
@@ -73,284 +70,273 @@ static pid_t child;
/* A very basic DTLS client, with anonymous authentication, that negotiates SRTP
*/
-static void
-client (int fd, int profile)
+static void client(int fd, int profile)
{
- gnutls_session_t session;
- int ret;
- gnutls_anon_client_credentials_t anoncred;
- uint8_t km[MAX_KEY_MATERIAL];
- char buf[2*MAX_KEY_MATERIAL];
- gnutls_datum_t cli_key, cli_salt, server_key, server_salt;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
- gnutls_dtls_set_mtu (session, 1500);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
- if (profile)
- ret = gnutls_srtp_set_profile_direct(session, "SRTP_AES128_CM_HMAC_SHA1_80",
- NULL);
- else
- ret = gnutls_srtp_set_profile_direct(session, "SRTP_NULL_HMAC_SHA1_80",
- NULL);
- if (ret < 0)
- {
- gnutls_perror(ret);
- exit(1);
- }
-
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit (1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: DTLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- ret = gnutls_srtp_get_keys (session, km, sizeof(km), &cli_key, &cli_salt, &server_key, &server_salt);
- if (ret < 0)
- {
- gnutls_perror(ret);
- exit(1);
- }
-
- if (debug)
- {
- size_t size = sizeof(buf);
- gnutls_hex_encode(&cli_key, buf, &size);
- success ("Client key: %s\n", buf);
-
- size = sizeof(buf);
- gnutls_hex_encode(&cli_salt, buf, &size);
- success ("Client salt: %s\n", buf);
-
- size = sizeof(buf);
- gnutls_hex_encode(&server_key, buf, &size);
- success ("Server key: %s\n", buf);
-
- size = sizeof(buf);
- gnutls_hex_encode(&server_salt, buf, &size);
- success ("Server salt: %s\n", buf);
- }
-
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
-
- gnutls_global_deinit ();
+ gnutls_session_t session;
+ int ret;
+ gnutls_anon_client_credentials_t anoncred;
+ uint8_t km[MAX_KEY_MATERIAL];
+ char buf[2 * MAX_KEY_MATERIAL];
+ gnutls_datum_t cli_key, cli_salt, server_key, server_salt;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+ if (profile)
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ "SRTP_AES128_CM_HMAC_SHA1_80",
+ NULL);
+ else
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ "SRTP_NULL_HMAC_SHA1_80",
+ NULL);
+ if (ret < 0) {
+ gnutls_perror(ret);
+ exit(1);
+ }
+
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: DTLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ ret =
+ gnutls_srtp_get_keys(session, km, sizeof(km), &cli_key,
+ &cli_salt, &server_key, &server_salt);
+ if (ret < 0) {
+ gnutls_perror(ret);
+ exit(1);
+ }
+
+ if (debug) {
+ size_t size = sizeof(buf);
+ gnutls_hex_encode(&cli_key, buf, &size);
+ success("Client key: %s\n", buf);
+
+ size = sizeof(buf);
+ gnutls_hex_encode(&cli_salt, buf, &size);
+ success("Client salt: %s\n", buf);
+
+ size = sizeof(buf);
+ gnutls_hex_encode(&server_key, buf, &size);
+ success("Server key: %s\n", buf);
+
+ size = sizeof(buf);
+ gnutls_hex_encode(&server_salt, buf, &size);
+ success("Server salt: %s\n", buf);
+ }
+
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+
+ gnutls_global_deinit();
}
-static void
-terminate (void)
+static void terminate(void)
{
- int status;
+ int status;
- kill (child, SIGTERM);
- wait (&status);
- exit (1);
+ kill(child, SIGTERM);
+ wait(&status);
+ exit(1);
}
-static void
-server (int fd, int profile)
+static void server(int fd, int profile)
{
- int ret;
- gnutls_session_t session;
- gnutls_anon_server_credentials_t anoncred;
- uint8_t km[MAX_KEY_MATERIAL];
- char buf[2*MAX_KEY_MATERIAL];
- gnutls_datum_t cli_key, cli_salt, server_key, server_salt;
-
- /* this must be called once in the program
- */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
- gnutls_dtls_set_mtu (session, 1500);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
- NULL);
-
- if (profile)
- ret = gnutls_srtp_set_profile_direct(session, "SRTP_AES128_CM_HMAC_SHA1_80",
- NULL);
- else
- ret = gnutls_srtp_set_profile_direct(session, "SRTP_NULL_HMAC_SHA1_80",
- NULL);
- if (ret < 0)
- {
- gnutls_perror(ret);
- exit(1);
- }
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- terminate ();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- ret = gnutls_srtp_get_keys (session, km, sizeof(km), &cli_key, &cli_salt, &server_key, &server_salt);
- if (ret < 0)
- {
- gnutls_perror(ret);
- exit(1);
- }
-
- if (debug)
- {
- size_t size = sizeof(buf);
- gnutls_hex_encode(&cli_key, buf, &size);
- success ("Client key: %s\n", buf);
-
- size = sizeof(buf);
- gnutls_hex_encode(&cli_salt, buf, &size);
- success ("Client salt: %s\n", buf);
-
- size = sizeof(buf);
- gnutls_hex_encode(&server_key, buf, &size);
- success ("Server key: %s\n", buf);
-
- size = sizeof(buf);
- gnutls_hex_encode(&server_salt, buf, &size);
- success ("Server salt: %s\n", buf);
- }
-
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ uint8_t km[MAX_KEY_MATERIAL];
+ char buf[2 * MAX_KEY_MATERIAL];
+ gnutls_datum_t cli_key, cli_salt, server_key, server_salt;
+
+ /* this must be called once in the program
+ */
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ if (profile)
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ "SRTP_AES128_CM_HMAC_SHA1_80",
+ NULL);
+ else
+ ret =
+ gnutls_srtp_set_profile_direct(session,
+ "SRTP_NULL_HMAC_SHA1_80",
+ NULL);
+ if (ret < 0) {
+ gnutls_perror(ret);
+ exit(1);
+ }
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ ret =
+ gnutls_srtp_get_keys(session, km, sizeof(km), &cli_key,
+ &cli_salt, &server_key, &server_salt);
+ if (ret < 0) {
+ gnutls_perror(ret);
+ exit(1);
+ }
+
+ if (debug) {
+ size_t size = sizeof(buf);
+ gnutls_hex_encode(&cli_key, buf, &size);
+ success("Client key: %s\n", buf);
+
+ size = sizeof(buf);
+ gnutls_hex_encode(&cli_salt, buf, &size);
+ success("Client salt: %s\n", buf);
+
+ size = sizeof(buf);
+ gnutls_hex_encode(&server_key, buf, &size);
+ success("Server key: %s\n", buf);
+
+ size = sizeof(buf);
+ gnutls_hex_encode(&server_salt, buf, &size);
+ success("Server salt: %s\n", buf);
+ }
+
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void
-start (int profile)
+static void start(int profile)
{
- int fd[2];
- int ret;
-
- ret = socketpair (AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror ("socketpair");
- exit (1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit (1);
- }
-
- if (child)
- {
- int status;
- /* parent */
-
- server (fd[0], profile);
- wait (&status);
- if (WEXITSTATUS (status) != 0)
- fail ("Child died with status %d\n", WEXITSTATUS (status));
- }
- else
- {
- close (fd[0]);
- client (fd[1], profile);
- exit (0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+
+ server(fd[0], profile);
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ } else {
+ close(fd[0]);
+ client(fd[1], profile);
+ exit(0);
+ }
}
-void
-doit (void)
+void doit(void)
{
- start (0);
- start (1);
+ start(0);
+ start(1);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-eagain-dtls.c b/tests/mini-eagain-dtls.c
index 84e174b7ed..8b1a501916 100644
--- a/tests/mini-eagain-dtls.c
+++ b/tests/mini-eagain-dtls.c
@@ -34,12 +34,11 @@
#define RANDOMIZE
#include "eagain-common.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static int handshake = 0;
@@ -47,86 +46,94 @@ static int handshake = 0;
#define MAX_BUF 1024
#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..."
-void
-doit (void)
+void doit(void)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret, cret;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- /* Need to enable anonymous KX specifically. */
- char buffer[MAX_BUF + 1];
- ssize_t ns;
- int ret, transferred = 0, msglen;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (99);
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
- gnutls_init (&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
- ret = gnutls_priority_set_direct (server, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
- if (ret < 0)
- exit(1);
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_pull_timeout_function (server, server_pull_timeout_func);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
- cret = gnutls_priority_set_direct (client, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
- if (cret < 0)
- exit(1);
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_pull_timeout_function (client, client_pull_timeout_func);
- gnutls_transport_set_ptr (client, client);
-
- handshake = 1;
- HANDSHAKE(client, server);
-
- handshake = 0;
- if (debug)
- success ("Handshake established\n");
-
- do
- {
- ret = gnutls_record_send (client, MSG, strlen (MSG));
- }
- while(ret == GNUTLS_E_AGAIN);
- //success ("client: sent %d\n", ns);
-
- msglen = strlen(MSG);
- TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
-
- if (debug)
- fputs ("\n", stdout);
-
- gnutls_bye (client, GNUTLS_SHUT_WR);
- gnutls_bye (server, GNUTLS_SHUT_WR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret, cret;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ /* Need to enable anonymous KX specifically. */
+ char buffer[MAX_BUF + 1];
+ ssize_t ns;
+ int ret, transferred = 0, msglen;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(99);
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+ gnutls_init(&server,
+ GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
+ ret =
+ gnutls_priority_set_direct(server,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+ if (ret < 0)
+ exit(1);
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_pull_timeout_function(server,
+ server_pull_timeout_func);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client,
+ GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
+ cret =
+ gnutls_priority_set_direct(client,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+ if (cret < 0)
+ exit(1);
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_pull_timeout_function(client,
+ client_pull_timeout_func);
+ gnutls_transport_set_ptr(client, client);
+
+ handshake = 1;
+ HANDSHAKE(client, server);
+
+ handshake = 0;
+ if (debug)
+ success("Handshake established\n");
+
+ do {
+ ret = gnutls_record_send(client, MSG, strlen(MSG));
+ }
+ while (ret == GNUTLS_E_AGAIN);
+ //success ("client: sent %d\n", ns);
+
+ msglen = strlen(MSG);
+ TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
+
+ if (debug)
+ fputs("\n", stdout);
+
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
}
diff --git a/tests/mini-eagain.c b/tests/mini-eagain.c
index d95c644c74..8f913e66b2 100644
--- a/tests/mini-eagain.c
+++ b/tests/mini-eagain.c
@@ -35,12 +35,11 @@
#define RANDOMIZE
#include "eagain-common.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static int handshake = 0;
@@ -48,76 +47,82 @@ static int handshake = 0;
#define MAX_BUF 1024
#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..."
-void
-doit (void)
+void doit(void)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (unsigned char *) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret, cret;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- /* Need to enable anonymous KX specifically. */
- char buffer[MAX_BUF + 1];
- ssize_t ns;
- int ret, transferred = 0, msglen;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
- gnutls_init (&server, GNUTLS_SERVER);
- ret = gnutls_priority_set_direct (server, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
- if (ret < 0)
- exit(1);
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT);
- ret = gnutls_priority_set_direct (client, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
- if (ret < 0)
- exit(1);
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- handshake = 1;
- HANDSHAKE(client, server);
-
- handshake = 0;
- if (debug)
- success ("Handshake established\n");
-
- msglen = strlen(MSG);
- TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
- if (debug)
- fputs ("\n", stdout);
-
- gnutls_bye (client, GNUTLS_SHUT_WR);
- gnutls_bye (server, GNUTLS_SHUT_WR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 =
+ { (unsigned char *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret, cret;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ /* Need to enable anonymous KX specifically. */
+ char buffer[MAX_BUF + 1];
+ ssize_t ns;
+ int ret, transferred = 0, msglen;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+ gnutls_init(&server, GNUTLS_SERVER);
+ ret =
+ gnutls_priority_set_direct(server,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+ if (ret < 0)
+ exit(1);
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ ret =
+ gnutls_priority_set_direct(client,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+ if (ret < 0)
+ exit(1);
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ handshake = 1;
+ HANDSHAKE(client, server);
+
+ handshake = 0;
+ if (debug)
+ success("Handshake established\n");
+
+ msglen = strlen(MSG);
+ TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
+ if (debug)
+ fputs("\n", stdout);
+
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
}
diff --git a/tests/mini-emsgsize-dtls.c b/tests/mini-emsgsize-dtls.c
index e3ca6723ee..d69122f83e 100644
--- a/tests/mini-emsgsize-dtls.c
+++ b/tests/mini-emsgsize-dtls.c
@@ -36,12 +36,11 @@
#define IGNORE_PUSH
#include "eagain-common.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static int handshake = 0;
@@ -50,136 +49,145 @@ static int handshake = 0;
#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..."
static ssize_t
-client_push_300 (gnutls_transport_ptr_t tr, const void *data, size_t len)
+client_push_300(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
- size_t newlen;
-
- if (len > 300)
- {
- gnutls_transport_set_errno ((gnutls_session_t)tr, EMSGSIZE);
- return -1;
- }
-
- len = min(len, sizeof(to_server)-to_server_len);
-
- newlen = to_server_len + len;
- memcpy (to_server + to_server_len, data, len);
- to_server_len = newlen;
+ size_t newlen;
+
+ if (len > 300) {
+ gnutls_transport_set_errno((gnutls_session_t) tr,
+ EMSGSIZE);
+ return -1;
+ }
+
+ len = min(len, sizeof(to_server) - to_server_len);
+
+ newlen = to_server_len + len;
+ memcpy(to_server + to_server_len, data, len);
+ to_server_len = newlen;
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: pushed %d bytes to server (avail: %d)\n", (int)len, (int)to_server_len);
+ fprintf(stderr, "eagain: pushed %d bytes to server (avail: %d)\n",
+ (int) len, (int) to_server_len);
#endif
- return len;
+ return len;
}
static ssize_t
-server_push_300 (gnutls_transport_ptr_t tr, const void *data, size_t len)
+server_push_300(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
- size_t newlen;
+ size_t newlen;
- if (len > 300)
- {
- gnutls_transport_set_errno ((gnutls_session_t)tr, EMSGSIZE);
- return -1;
- }
+ if (len > 300) {
+ gnutls_transport_set_errno((gnutls_session_t) tr,
+ EMSGSIZE);
+ return -1;
+ }
- len = min(len, sizeof(to_client)-to_client_len);
+ len = min(len, sizeof(to_client) - to_client_len);
- newlen = to_client_len + len;
- memcpy (to_client + to_client_len, data, len);
- to_client_len = newlen;
+ newlen = to_client_len + len;
+ memcpy(to_client + to_client_len, data, len);
+ to_client_len = newlen;
#ifdef EAGAIN_DEBUG
- fprintf(stderr, "eagain: pushed %d bytes to client (avail: %d)\n", (int)len, (int)to_client_len);
+ fprintf(stderr, "eagain: pushed %d bytes to client (avail: %d)\n",
+ (int) len, (int) to_client_len);
#endif
- return len;
+ return len;
}
-void
-doit (void)
+void doit(void)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret, cret;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- /* Need to enable anonymous KX specifically. */
- char buffer[MAX_BUF + 1];
- ssize_t ns;
- int ret, transferred = 0, msglen;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (99);
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
- gnutls_init (&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
- ret = gnutls_priority_set_direct (server, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
- if (ret < 0)
- exit(1);
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_transport_set_push_function (server, server_push_300);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_pull_timeout_function (server, server_pull_timeout_func);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
- cret = gnutls_priority_set_direct (client, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
- if (cret < 0)
- exit(1);
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push_300);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_pull_timeout_function (client, client_pull_timeout_func);
- gnutls_transport_set_ptr (client, client);
-
- handshake = 1;
- HANDSHAKE_DTLS(client, server);
-
- if (gnutls_protocol_get_version(client) != GNUTLS_DTLS1_2)
- {
- fail("Error in negotiated version\n");
- exit(1);
- }
-
- handshake = 0;
- if (debug)
- success ("Handshake established\n");
-
- do
- {
- ret = gnutls_record_send (client, MSG, strlen (MSG));
- }
- while(ret == GNUTLS_E_AGAIN);
- //success ("client: sent %d\n", ns);
-
- msglen = strlen(MSG);
- TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
-
- if (debug)
- fputs ("\n", stdout);
-
- gnutls_bye (client, GNUTLS_SHUT_WR);
- gnutls_bye (server, GNUTLS_SHUT_WR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret, cret;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ /* Need to enable anonymous KX specifically. */
+ char buffer[MAX_BUF + 1];
+ ssize_t ns;
+ int ret, transferred = 0, msglen;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(99);
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+ gnutls_init(&server,
+ GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
+ ret =
+ gnutls_priority_set_direct(server,
+ "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+ if (ret < 0)
+ exit(1);
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_transport_set_push_function(server, server_push_300);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_pull_timeout_function(server,
+ server_pull_timeout_func);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client,
+ GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
+ cret =
+ gnutls_priority_set_direct(client,
+ "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+ if (cret < 0)
+ exit(1);
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_transport_set_push_function(client, client_push_300);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_pull_timeout_function(client,
+ client_pull_timeout_func);
+ gnutls_transport_set_ptr(client, client);
+
+ handshake = 1;
+ HANDSHAKE_DTLS(client, server);
+
+ if (gnutls_protocol_get_version(client) != GNUTLS_DTLS1_2) {
+ fail("Error in negotiated version\n");
+ exit(1);
+ }
+
+ handshake = 0;
+ if (debug)
+ success("Handshake established\n");
+
+ do {
+ ret = gnutls_record_send(client, MSG, strlen(MSG));
+ }
+ while (ret == GNUTLS_E_AGAIN);
+ //success ("client: sent %d\n", ns);
+
+ msglen = strlen(MSG);
+ TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
+
+ if (debug)
+ fputs("\n", stdout);
+
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
}
diff --git a/tests/mini-handshake-timeout.c b/tests/mini-handshake-timeout.c
index 5fea3aee5a..02b412e69d 100644
--- a/tests/mini-handshake-timeout.c
+++ b/tests/mini-handshake-timeout.c
@@ -32,7 +32,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -52,202 +52,185 @@ int main()
/* This program tests whether the handshake timeout value is enforced.
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* A very basic TLS client, with anonymous authentication.
*/
-static void
-client (int fd, int wait)
+static void client(int fd, int wait)
{
- int ret;
- gnutls_anon_client_credentials_t anoncred;
- gnutls_session_t session;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
- gnutls_handshake_set_timeout( session, 20*1000);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- gnutls_deinit(session);
- gnutls_anon_free_client_credentials(anoncred);
- gnutls_global_deinit();
-
- if (ret < 0)
- {
- if (ret != GNUTLS_E_TIMEDOUT || wait == 0)
- {
- if (debug) fail("client: unexpected error: %s\n", gnutls_strerror(ret));
- exit(1);
- }
- if (debug) success("client: expected timeout occured\n");
- return;
- }
- else
- {
- gnutls_bye(session, GNUTLS_SHUT_WR);
-
- if (wait != 0)
- {
- fail ("client: handshake was completed unexpectedly\n");
- gnutls_perror (ret);
- exit(1);
- }
- }
-
- return;
+ int ret;
+ gnutls_anon_client_credentials_t anoncred;
+ gnutls_session_t session;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+ gnutls_handshake_set_timeout(session, 20 * 1000);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH", NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ gnutls_deinit(session);
+ gnutls_anon_free_client_credentials(anoncred);
+ gnutls_global_deinit();
+
+ if (ret < 0) {
+ if (ret != GNUTLS_E_TIMEDOUT || wait == 0) {
+ if (debug)
+ fail("client: unexpected error: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+ if (debug)
+ success("client: expected timeout occured\n");
+ return;
+ } else {
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ if (wait != 0) {
+ fail("client: handshake was completed unexpectedly\n");
+ gnutls_perror(ret);
+ exit(1);
+ }
+ }
+
+ return;
}
-static void
-initialize_tls_session (gnutls_session_t * session)
+static void initialize_tls_session(gnutls_session_t * session)
{
- gnutls_init (session, GNUTLS_SERVER);
+ gnutls_init(session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (*session, "NORMAL:+ANON-ECDH", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(*session, "NORMAL:+ANON-ECDH", NULL);
}
-static void
-server (int fd, int wait)
+static void server(int fd, int wait)
{
-int ret;
-gnutls_session_t session;
-gnutls_anon_server_credentials_t anoncred;
-
- /* this must be called once in the program
- */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- initialize_tls_session (&session);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_transport_set_int (session, fd);
-
- if (wait) sleep(25);
- else
- {
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret == 0)
- gnutls_bye(session, GNUTLS_SHUT_RDWR);
- }
-
- gnutls_deinit (session);
- gnutls_anon_free_server_credentials(anoncred);
- gnutls_global_deinit();
+ int ret;
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+
+ /* this must be called once in the program
+ */
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ initialize_tls_session(&session);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_int(session, fd);
+
+ if (wait)
+ sleep(25);
+ else {
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret == 0)
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ }
+
+ gnutls_deinit(session);
+ gnutls_anon_free_server_credentials(anoncred);
+ gnutls_global_deinit();
}
-static void start (int wait)
+static void start(int wait)
{
- int fd[2];
- int ret;
- pid_t child;
-
- if (debug && wait)
- fprintf(stderr, "\nWill test timeout\n");
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], wait);
- close(fd[0]);
- }
- else
- {
- close(fd[0]);
- client (fd[1], wait);
- close(fd[1]);
- exit(0);
- }
+ int fd[2];
+ int ret;
+ pid_t child;
+
+ if (debug && wait)
+ fprintf(stderr, "\nWill test timeout\n");
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], wait);
+ close(fd[0]);
+ } else {
+ close(fd[0]);
+ client(fd[1], wait);
+ close(fd[1]);
+ exit(0);
+ }
}
static void ch_handler(int sig)
{
-int status;
- wait(&status);
- if (WEXITSTATUS(status) != 0)
- fail("Child died with status %d\n", WEXITSTATUS(status));
- return;
+ int status;
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n", WEXITSTATUS(status));
+ return;
}
-void
-doit (void)
+void doit(void)
{
- signal(SIGCHLD, ch_handler);
+ signal(SIGCHLD, ch_handler);
+
+ /* make sure that normal handshake occurs */
+ start(0);
- /* make sure that normal handshake occurs */
- start(0);
-
- /* check the handshake with an expected timeout */
- start(1);
+ /* check the handshake with an expected timeout */
+ start(1);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-loss-time.c b/tests/mini-loss-time.c
index 6b88eb9378..6a10606b5b 100644
--- a/tests/mini-loss-time.c
+++ b/tests/mini-loss-time.c
@@ -32,7 +32,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -53,43 +53,41 @@ int main()
* in a minute.
*/
-static void print_type(const unsigned char* buf, int size)
+static void print_type(const unsigned char *buf, int size)
{
- if (buf[0] == 22 && size >= 13) {
- if (buf[13] == 1)
- fprintf(stderr, "Client Hello\n");
- else if (buf[13] == 2)
- fprintf(stderr, "Server Hello\n");
- else if (buf[13] == 12)
- fprintf(stderr, "Server Key exchange\n");
- else if (buf[13] == 14)
- fprintf(stderr, "Server Hello Done\n");
- else if (buf[13] == 11)
- fprintf(stderr, "Certificate\n");
- else if (buf[13] == 16)
- fprintf(stderr, "Client Key Exchange\n");
- else if (buf[4] == 1)
- fprintf(stderr, "Finished\n");
- else if (buf[13] == 11)
- fprintf(stderr, "Server Hello Done\n");
- else
- fprintf(stderr, "Unknown handshake\n");
- } else if (buf[0] == 20) {
- fprintf(stderr, "Change Cipher Spec\n");
- } else
- fprintf(stderr, "Unknown\n");
+ if (buf[0] == 22 && size >= 13) {
+ if (buf[13] == 1)
+ fprintf(stderr, "Client Hello\n");
+ else if (buf[13] == 2)
+ fprintf(stderr, "Server Hello\n");
+ else if (buf[13] == 12)
+ fprintf(stderr, "Server Key exchange\n");
+ else if (buf[13] == 14)
+ fprintf(stderr, "Server Hello Done\n");
+ else if (buf[13] == 11)
+ fprintf(stderr, "Certificate\n");
+ else if (buf[13] == 16)
+ fprintf(stderr, "Client Key Exchange\n");
+ else if (buf[4] == 1)
+ fprintf(stderr, "Finished\n");
+ else if (buf[13] == 11)
+ fprintf(stderr, "Server Hello Done\n");
+ else
+ fprintf(stderr, "Unknown handshake\n");
+ } else if (buf[0] == 20) {
+ fprintf(stderr, "Change Cipher Spec\n");
+ } else
+ fprintf(stderr, "Unknown\n");
}
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
/* A very basic TLS client, with anonymous authentication.
@@ -100,86 +98,82 @@ static int packet_to_lose;
gnutls_session_t session;
static ssize_t
-push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
-int fd = (long int)tr;
-
- counter++;
-
- if (packet_to_lose != -1 && packet_to_lose == counter) {
- if (debug)
- {
- fprintf(stderr, "Discarding packet %d: ", counter);
- print_type(data, len);
- }
-
- packet_to_lose = 1;
- counter = 0;
- return len;
- }
- return send(fd, data, len, 0);
+ int fd = (long int) tr;
+
+ counter++;
+
+ if (packet_to_lose != -1 && packet_to_lose == counter) {
+ if (debug) {
+ fprintf(stderr, "Discarding packet %d: ", counter);
+ print_type(data, len);
+ }
+
+ packet_to_lose = 1;
+ counter = 0;
+ return len;
+ }
+ return send(fd, data, len, 0);
}
-static void
-client (int fd, int packet)
+static void client(int fd, int packet)
{
- int ret;
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu( session, 1500);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- counter = 0;
- packet_to_lose = packet;
-
- gnutls_transport_set_int (session, fd);
- gnutls_transport_set_push_function (session, push);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- gnutls_deinit(session);
- gnutls_global_deinit();
-
- if (ret < 0)
- {
- if (ret == GNUTLS_E_TIMEDOUT) return;
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- exit(1);
+ int ret;
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ counter = 0;
+ packet_to_lose = packet;
+
+ gnutls_transport_set_int(session, fd);
+ gnutls_transport_set_push_function(session, push);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ gnutls_deinit(session);
+ gnutls_global_deinit();
+
+ if (ret < 0) {
+ if (ret == GNUTLS_E_TIMEDOUT)
+ return;
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ exit(1);
}
@@ -187,129 +181,122 @@ client (int fd, int packet)
gnutls_anon_server_credentials_t anoncred;
pid_t child;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu( session, 1500);
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_dtls_set_mtu(session, 1500);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
- return session;
+ return session;
}
-static void
-server (int fd, int packet)
+static void server(int fd, int packet)
{
-int ret;
- /* this must be called once in the program
- */
- global_init ();
+ int ret;
+ /* this must be called once in the program
+ */
+ global_init();
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
- gnutls_anon_allocate_server_credentials (&anoncred);
+ gnutls_anon_allocate_server_credentials(&anoncred);
- session = initialize_tls_session ();
+ session = initialize_tls_session();
- counter = 0;
- packet_to_lose = packet;
+ counter = 0;
+ packet_to_lose = packet;
- gnutls_transport_set_int (session, fd);
- gnutls_transport_set_push_function (session, push);
+ gnutls_transport_set_int(session, fd);
+ gnutls_transport_set_push_function(session, push);
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- gnutls_deinit (session);
- gnutls_global_deinit();
+ gnutls_deinit(session);
+ gnutls_global_deinit();
- if (ret < 0)
- {
- return;
- }
+ if (ret < 0) {
+ return;
+ }
}
-static void start (int server_packet, int client_packet)
+static void start(int server_packet, int client_packet)
{
- int fd[2];
- int ret;
-
- if (debug)
- fprintf(stderr, "\nWill discard %s packet %d\n",
- (client_packet!=-1)?"client":"server", (client_packet!=-1)?client_packet:server_packet);
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], server_packet);
- close(fd[0]);
- kill(child, SIGTERM);
- }
- else
- {
- close(fd[0]);
- client (fd[1], client_packet);
- close(fd[1]);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ if (debug)
+ fprintf(stderr, "\nWill discard %s packet %d\n",
+ (client_packet != -1) ? "client" : "server",
+ (client_packet !=
+ -1) ? client_packet : server_packet);
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], server_packet);
+ close(fd[0]);
+ kill(child, SIGTERM);
+ } else {
+ close(fd[0]);
+ client(fd[1], client_packet);
+ close(fd[1]);
+ exit(0);
+ }
}
static void ch_handler(int sig)
{
-int status;
- wait(&status);
- if (WEXITSTATUS(status) != 0)
- fail("Child died with status %d\n", WEXITSTATUS(status));
- return;
+ int status;
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n", WEXITSTATUS(status));
+ return;
}
-void
-doit (void)
+void doit(void)
{
-time_t tstart, tstop;
+ time_t tstart, tstop;
+
+ signal(SIGCHLD, ch_handler);
- signal(SIGCHLD, ch_handler);
+ tstart = time(0);
+ start(2, -1);
- tstart = time(0);
- start(2, -1);
+ tstop = time(0);
- tstop = time(0);
-
- tstop = tstop - tstart;
+ tstop = tstop - tstart;
- if (!(tstop < 70 && tstop > 55))
- fail("Time difference: %u\n", (unsigned)tstop);
+ if (!(tstop < 70 && tstop > 55))
+ fail("Time difference: %u\n", (unsigned) tstop);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-overhead.c b/tests/mini-overhead.c
index fb6ceae352..cf5d1e19c2 100644
--- a/tests/mini-overhead.c
+++ b/tests/mini-overhead.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -55,57 +55,55 @@ static void terminate(void);
* decoding.
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
// fprintf (stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
@@ -115,87 +113,80 @@ const gnutls_datum_t server_key = { server_key_pem,
#define MAX_BUF 1024
#define MTU 1500
-static void
-client (int fd, const char* prio, unsigned overhead)
+static void client(int fd, const char *prio, unsigned overhead)
{
- int ret;
- gnutls_anon_client_credentials_t anoncred;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_session_t session;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (7);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
- gnutls_certificate_allocate_credentials (&x509_cred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
-
- /* Use default priorities */
- ret = gnutls_priority_set_direct (session, prio, NULL);
- if (ret < 0)
- {
- fail("error in setting priority: %s\n", prio);
- exit(1);
- }
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- gnutls_dtls_set_mtu(session, MTU);
- ret = gnutls_dtls_get_data_mtu(session);
-
- if (MTU-ret != (int)overhead)
- {
- fail("overhead for %s is %d, expected %u\n", prio, MTU-ret, overhead);
- exit(1);
- }
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
+ int ret;
+ gnutls_anon_client_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_session_t session;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(7);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+ gnutls_certificate_allocate_credentials(&x509_cred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+
+ /* Use default priorities */
+ ret = gnutls_priority_set_direct(session, prio, NULL);
+ if (ret < 0) {
+ fail("error in setting priority: %s\n", prio);
+ exit(1);
+ }
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ gnutls_dtls_set_mtu(session, MTU);
+ ret = gnutls_dtls_get_data_mtu(session);
+
+ if (MTU - ret != (int) overhead) {
+ fail("overhead for %s is %d, expected %u\n", prio,
+ MTU - ret, overhead);
+ exit(1);
+ }
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
}
@@ -204,155 +195,154 @@ gnutls_anon_server_credentials_t anoncred;
gnutls_certificate_credentials_t x509_cred;
pid_t child;
-static gnutls_session_t
-initialize_tls_session (const char* prio)
+static gnutls_session_t initialize_tls_session(const char *prio)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM);
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, prio, NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, prio, NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- return session;
+ return session;
}
static void terminate(void)
{
- kill(child, SIGTERM);
- exit(1);
+ kill(child, SIGTERM);
+ exit(1);
}
-static void
-server (int fd, const char* prio)
+static void server(int fd, const char *prio)
{
-int ret;
-char buffer[MAX_BUF + 1];
-gnutls_session_t session;
-
- /* this must be called once in the program
- */
- global_init ();
- memset(buffer, 0, sizeof(buffer));
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- session = initialize_tls_session (prio);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- terminate();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
- close(fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+
+ /* this must be called once in the program
+ */
+ global_init();
+ memset(buffer, 0, sizeof(buffer));
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ session = initialize_tls_session(prio);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void start (const char* prio, unsigned overhead)
+static void start(const char *prio, unsigned overhead)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], prio);
- waitpid(-1, NULL, 0);
- //kill(child, SIGTERM);
- }
- else
- {
- close(fd[0]);
- client (fd[1], prio, overhead);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], prio);
+ waitpid(-1, NULL, 0);
+ //kill(child, SIGTERM);
+ } else {
+ close(fd[0]);
+ client(fd[1], prio, overhead);
+ exit(0);
+ }
}
static void ch_handler(int sig)
{
-int status = 0;
-
- waitpid(-1, &status, 0);
- if (WEXITSTATUS(status) != 0 ||
- (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
- {
- if (WIFSIGNALED(status))
- fail("Child died with sigsegv\n");
- else
- fail("Child died with status %d\n", WEXITSTATUS(status));
- terminate();
- }
- return;
+ int status = 0;
+
+ waitpid(-1, &status, 0);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+ if (WIFSIGNALED(status))
+ fail("Child died with sigsegv\n");
+ else
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ terminate();
+ }
+ return;
}
-void
-doit (void)
+void doit(void)
{
- signal(SIGCHLD, ch_handler);
-
- /* 13 + 20(sha1) + 16(iv) + 16(max pad) */
- start("NONE:+VERS-DTLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", 65);
- /* 13 + 16(tag) + 4(iv) */
- start("NONE:+VERS-DTLS1.0:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+RSA", 37);
- /* 13 + 20(tag) */
- start("NONE:+VERS-DTLS1.0:+SALSA20-256:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", 33);
- /* 13 + 12(tag) */
- start("NONE:+VERS-DTLS1.0:+SALSA20-256:+UMAC-96:+SIGN-ALL:+COMP-NULL:+RSA", 25);
+ signal(SIGCHLD, ch_handler);
+
+ /* 13 + 20(sha1) + 16(iv) + 16(max pad) */
+ start
+ ("NONE:+VERS-DTLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
+ 65);
+ /* 13 + 16(tag) + 4(iv) */
+ start
+ ("NONE:+VERS-DTLS1.0:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+RSA",
+ 37);
+ /* 13 + 20(tag) */
+ start
+ ("NONE:+VERS-DTLS1.0:+SALSA20-256:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA",
+ 33);
+ /* 13 + 12(tag) */
+ start
+ ("NONE:+VERS-DTLS1.0:+SALSA20-256:+UMAC-96:+SIGN-ALL:+COMP-NULL:+RSA",
+ 25);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-record-2.c b/tests/mini-record-2.c
index da609a2c6f..f531070baa 100644
--- a/tests/mini-record-2.c
+++ b/tests/mini-record-2.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -55,57 +55,55 @@ static void terminate(void);
* by the record layer, under different ciphersuites.
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
@@ -114,99 +112,92 @@ const gnutls_datum_t server_key = { server_key_pem,
#define MAX_BUF 24*1024
-static void
-client (int fd, const char* prio)
+static void client(int fd, const char *prio)
{
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_session_t session;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
- memset(buffer, 2, sizeof(buffer));
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (7);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
- gnutls_certificate_allocate_credentials (&x509_cred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, prio, NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("client (%s): Handshake has failed (%s)\n\n", prio, gnutls_strerror (ret));
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- do {
- do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- } while( ret > 0);
-
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- if (ret != 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
-end:
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_session_t session;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+ memset(buffer, 2, sizeof(buffer));
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(7);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+ gnutls_certificate_allocate_credentials(&x509_cred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, prio, NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client (%s): Handshake has failed (%s)\n\n", prio,
+ gnutls_strerror(ret));
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ do {
+ do {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+ } while (ret > 0);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ if (ret != 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ end:
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
}
@@ -215,148 +206,138 @@ pid_t child;
static void terminate(void)
{
- kill(child, SIGTERM);
- exit(1);
+ kill(child, SIGTERM);
+ exit(1);
}
-static void
-server (int fd, const char* prio, int ign)
+static void server(int fd, const char *prio, int ign)
{
-int ret;
-unsigned i;
-char buffer[MAX_BUF + 1];
-gnutls_session_t session;
-gnutls_anon_server_credentials_t anoncred;
-gnutls_certificate_credentials_t x509_cred;
-
- /* this must be called once in the program
- */
- global_init ();
- memset(buffer, 0, sizeof(buffer));
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, prio, NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server (%s): Handshake has failed (%s)\n\n", prio, gnutls_strerror (ret));
- terminate();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- for (i=1;i<16384;i++)
- {
- do {
- ret = gnutls_record_send (session, buffer, i);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- fail("server (%s): Error sending %d byte packet: %s\n", prio, i, gnutls_strerror(ret));
- terminate();
- }
- }
-
- /* Try sending a bit more */
- i = 21056;
- do {
- ret = gnutls_record_send (session, buffer, i);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- fail("server (%s): Error sending %d byte packet: %s\n", prio, i, gnutls_strerror(ret));
- terminate();
- }
- else if (ign == 0 && ret != 16384)
- {
- fail("server (%s): Error sending %d byte packet; sent %d bytes instead of 16384\n", prio, i, ret);
- terminate();
- }
-
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ unsigned i;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+
+ /* this must be called once in the program
+ */
+ global_init();
+ memset(buffer, 0, sizeof(buffer));
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ gnutls_init(&session, GNUTLS_SERVER);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, prio, NULL);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server (%s): Handshake has failed (%s)\n\n", prio,
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ for (i = 1; i < 16384; i++) {
+ do {
+ ret = gnutls_record_send(session, buffer, i);
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fail("server (%s): Error sending %d byte packet: %s\n", prio, i, gnutls_strerror(ret));
+ terminate();
+ }
+ }
+
+ /* Try sending a bit more */
+ i = 21056;
+ do {
+ ret = gnutls_record_send(session, buffer, i);
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fail("server (%s): Error sending %d byte packet: %s\n",
+ prio, i, gnutls_strerror(ret));
+ terminate();
+ } else if (ign == 0 && ret != 16384) {
+ fail("server (%s): Error sending %d byte packet; sent %d bytes instead of 16384\n", prio, i, ret);
+ terminate();
+ }
+
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void start (const char* prio, int ign)
+static void start(const char *prio, int ign)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], prio, ign);
- kill(child, SIGTERM);
- }
- else
- {
- close(fd[0]);
- client (fd[1], prio);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], prio, ign);
+ kill(child, SIGTERM);
+ } else {
+ close(fd[0]);
+ client(fd[1], prio);
+ exit(0);
+ }
}
#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
@@ -375,38 +356,37 @@ static void start (const char* prio, int ign)
static void ch_handler(int sig)
{
-int status;
- wait(&status);
- if (WEXITSTATUS(status) != 0 ||
- (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
- {
- if (WIFSIGNALED(status))
- fail("Child died with sigsegv\n");
- else
- fail("Child died with status %d\n", WEXITSTATUS(status));
- terminate();
- }
- return;
+ int status;
+ wait(&status);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+ if (WIFSIGNALED(status))
+ fail("Child died with sigsegv\n");
+ else
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ terminate();
+ }
+ return;
}
-void
-doit (void)
+void doit(void)
{
- signal(SIGCHLD, ch_handler);
+ signal(SIGCHLD, ch_handler);
- start(NULL_SHA1, 0);
+ start(NULL_SHA1, 0);
- start(NEW_ARCFOUR_SHA1, 1);
- start(NEW_AES_CBC, 1);
- start(NEW_AES_CBC_SHA256, 1);
- start(NEW_AES_GCM, 1);
+ start(NEW_ARCFOUR_SHA1, 1);
+ start(NEW_AES_CBC, 1);
+ start(NEW_AES_CBC_SHA256, 1);
+ start(NEW_AES_GCM, 1);
- start(AES_CBC, 1);
- start(AES_CBC_SHA256, 1);
- start(AES_GCM, 0);
+ start(AES_CBC, 1);
+ start(AES_CBC_SHA256, 1);
+ start(AES_GCM, 0);
- start(ARCFOUR_SHA1, 0);
- start(ARCFOUR_MD5, 0);
+ start(ARCFOUR_SHA1, 0);
+ start(ARCFOUR_MD5, 0);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-record-range.c b/tests/mini-record-range.c
index 532ace27a3..10b793737a 100644
--- a/tests/mini-record-range.c
+++ b/tests/mini-record-range.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -57,57 +57,55 @@ static int to_send;
/* This program tests the robustness of record range sending.
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
@@ -117,111 +115,103 @@ const gnutls_datum_t server_key = { server_key_pem,
static ssize_t
-push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
-int fd = (long int)tr;
-
- if (to_send >= 0 && len < HIGH(MAX_BUF))
- {
- fail("Sent data (%u) are lower than expected (%u)\n", (unsigned)len, (unsigned)HIGH(MAX_BUF));
- terminate();
- }
- return send(fd, data, len, 0);
+ int fd = (long int) tr;
+
+ if (to_send >= 0 && len < HIGH(MAX_BUF)) {
+ fail("Sent data (%u) are lower than expected (%u)\n",
+ (unsigned) len, (unsigned) HIGH(MAX_BUF));
+ terminate();
+ }
+ return send(fd, data, len, 0);
}
-static void
-client (int fd, const char* prio)
+static void client(int fd, const char *prio)
{
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_session_t session;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (7);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
- gnutls_certificate_allocate_credentials (&x509_cred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, prio, NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- do {
- do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- } while( ret > 0);
-
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- if (ret != 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
-end:
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_session_t session;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(7);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+ gnutls_certificate_allocate_credentials(&x509_cred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, prio, NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ do {
+ do {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+ } while (ret > 0);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ if (ret != 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ end:
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
}
@@ -230,173 +220,167 @@ pid_t child;
static void terminate(void)
{
- kill(child, SIGTERM);
- exit(1);
+ kill(child, SIGTERM);
+ exit(1);
}
-static void
-server (int fd, const char* prio)
+static void server(int fd, const char *prio)
{
-int ret;
-char buffer[MAX_BUF + 1];
-gnutls_session_t session;
-gnutls_anon_server_credentials_t anoncred;
-gnutls_certificate_credentials_t x509_cred;
-gnutls_range_st range;
-
- to_send = 0;
-
- range.low = MAX_BUF;
- range.high = HIGH(MAX_BUF);
-
- /* this must be called once in the program
- */
- global_init ();
- memset(buffer, 0, sizeof(buffer));
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, prio, NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- terminate();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- gnutls_transport_set_push_function (session, push);
-
- if (gnutls_record_can_use_length_hiding(session) == 0)
- {
- fail("Length hiding isn't possible\n");
- terminate();
- }
-
- do
- {
- do {
- ret = gnutls_record_send_range (session, buffer, sizeof (buffer), &range);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- fail("Error sending packet: %s\n", gnutls_strerror(ret));
- terminate();
- }
- to_send++;
- }
- while(to_send < 4);
-
- to_send = -1;
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_range_st range;
+
+ to_send = 0;
+
+ range.low = MAX_BUF;
+ range.high = HIGH(MAX_BUF);
+
+ /* this must be called once in the program
+ */
+ global_init();
+ memset(buffer, 0, sizeof(buffer));
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ gnutls_init(&session, GNUTLS_SERVER);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, prio, NULL);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ gnutls_transport_set_push_function(session, push);
+
+ if (gnutls_record_can_use_length_hiding(session) == 0) {
+ fail("Length hiding isn't possible\n");
+ terminate();
+ }
+
+ do {
+ do {
+ ret =
+ gnutls_record_send_range(session, buffer,
+ sizeof(buffer),
+ &range);
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fail("Error sending packet: %s\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ to_send++;
+ }
+ while (to_send < 4);
+
+ to_send = -1;
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void start (const char* prio)
+static void start(const char *prio)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], prio);
- kill(child, SIGTERM);
- }
- else
- {
- close(fd[0]);
- client (fd[1], prio);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], prio);
+ kill(child, SIGTERM);
+ } else {
+ close(fd[0]);
+ client(fd[1], prio);
+ exit(0);
+ }
}
#define AES_CBC "NORMAL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
static void ch_handler(int sig)
{
-int status;
- wait(&status);
- if (WEXITSTATUS(status) != 0 ||
- (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
- {
- if (WIFSIGNALED(status))
- fail("Child died with sigsegv\n");
- else
- fail("Child died with status %d\n", WEXITSTATUS(status));
- terminate();
- }
- return;
+ int status;
+ wait(&status);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+ if (WIFSIGNALED(status))
+ fail("Child died with sigsegv\n");
+ else
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ terminate();
+ }
+ return;
}
-void
-doit (void)
+void doit(void)
{
- signal(SIGCHLD, ch_handler);
+ signal(SIGCHLD, ch_handler);
- start(AES_CBC);
+ start(AES_CBC);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-record.c b/tests/mini-record.c
index 4f0316f4e9..001c1eabf5 100644
--- a/tests/mini-record.c
+++ b/tests/mini-record.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -55,57 +55,55 @@ static void terminate(void);
* decoding.
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
@@ -118,140 +116,133 @@ static int to_send = -1;
static int mtu = 0;
static ssize_t
-push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+push(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
-int fd = (long int)tr;
+ int fd = (long int) tr;
- return send(fd, data, len, 0);
+ return send(fd, data, len, 0);
}
#define RECORD_HEADER_SIZE (5+8)
static ssize_t
-push_crippled (gnutls_transport_ptr_t tr, const void *data, size_t len)
+push_crippled(gnutls_transport_ptr_t tr, const void *data, size_t len)
{
-int fd = (long int)tr;
-int _len, ret;
-uint8_t* _data = (void*)data;
-
- if (to_send == -1)
- return send(fd, data, len, 0);
- else
- {
+ int fd = (long int) tr;
+ int _len, ret;
+ uint8_t *_data = (void *) data;
+
+ if (to_send == -1)
+ return send(fd, data, len, 0);
+ else {
#if 0
- _len = ((uint8_t*)data)[11] << 8 | ((uint8_t*)data)[12];
-fprintf(stderr, "mtu: %d, len: %d", mtu, (int)_len);
-fprintf(stderr, " send: %d\n", (int)to_send);
+ _len =
+ ((uint8_t *) data)[11] << 8 | ((uint8_t *) data)[12];
+ fprintf(stderr, "mtu: %d, len: %d", mtu, (int) _len);
+ fprintf(stderr, " send: %d\n", (int) to_send);
#endif
-
- _len = to_send;
- _data[11] = _len >> 8;
- _data[12] = _len;
- /* correct len */
- ret = send(fd, data, RECORD_HEADER_SIZE+_len, 0);
+ _len = to_send;
+ _data[11] = _len >> 8;
+ _data[12] = _len;
+
+ /* correct len */
+ ret = send(fd, data, RECORD_HEADER_SIZE + _len, 0);
- if (ret < 0) return ret;
+ if (ret < 0)
+ return ret;
- return len;
- }
+ return len;
+ }
}
-static void
-client (int fd, const char* prio)
+static void client(int fd, const char *prio)
{
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_session_t session;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (7);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
- gnutls_certificate_allocate_credentials (&x509_cred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu( session, 1500);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, prio, NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
- gnutls_transport_set_push_function (session, push);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- do {
- do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- } while( ret > 0);
-
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- if (ret != 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- exit(1);
- }
- }
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
-end:
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_session_t session;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(7);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+ gnutls_certificate_allocate_credentials(&x509_cred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, prio, NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+ gnutls_transport_set_push_function(session, push);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ do {
+ do {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+ } while (ret > 0);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ if (ret != 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ end:
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
}
@@ -260,136 +251,131 @@ pid_t child;
static void terminate(void)
{
- kill(child, SIGTERM);
- exit(1);
+ kill(child, SIGTERM);
+ exit(1);
}
-static void
-server (int fd, const char* prio)
+static void server(int fd, const char *prio)
{
-int ret;
-char buffer[MAX_BUF + 1];
-gnutls_session_t session;
-gnutls_anon_server_credentials_t anoncred;
-gnutls_certificate_credentials_t x509_cred;
-
- /* this must be called once in the program
- */
- global_init ();
- memset(buffer, 0, sizeof(buffer));
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM);
- gnutls_dtls_set_mtu(session, 1500);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, prio, NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
- gnutls_transport_set_push_function (session, push_crippled);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- terminate();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
- mtu = gnutls_dtls_get_mtu(session);
-
- do
- {
- do {
- ret = gnutls_record_send (session, buffer, sizeof (buffer));
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0)
- {
- fail("Error sending %d byte packet: %s\n", to_send, gnutls_strerror(ret));
- terminate();
- }
- to_send++;
- }
- while(to_send < 64);
-
- to_send = -1;
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+
+ /* this must be called once in the program
+ */
+ global_init();
+ memset(buffer, 0, sizeof(buffer));
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_dtls_set_mtu(session, 1500);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, prio, NULL);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+ gnutls_transport_set_push_function(session, push_crippled);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+ mtu = gnutls_dtls_get_mtu(session);
+
+ do {
+ do {
+ ret =
+ gnutls_record_send(session, buffer,
+ sizeof(buffer));
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0) {
+ fail("Error sending %d byte packet: %s\n", to_send,
+ gnutls_strerror(ret));
+ terminate();
+ }
+ to_send++;
+ }
+ while (to_send < 64);
+
+ to_send = -1;
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void start (const char* prio)
+static void start(const char *prio)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], prio);
- kill(child, SIGTERM);
- }
- else
- {
- close(fd[0]);
- client (fd[1], prio);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], prio);
+ kill(child, SIGTERM);
+ } else {
+ close(fd[0]);
+ client(fd[1], prio);
+ exit(0);
+ }
}
#define AES_CBC "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
@@ -402,32 +388,31 @@ static void start (const char* prio)
static void ch_handler(int sig)
{
-int status;
- wait(&status);
- if (WEXITSTATUS(status) != 0 ||
- (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
- {
- if (WIFSIGNALED(status))
- fail("Child died with sigsegv\n");
- else
- fail("Child died with status %d\n", WEXITSTATUS(status));
- terminate();
- }
- return;
+ int status;
+ wait(&status);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+ if (WIFSIGNALED(status))
+ fail("Child died with sigsegv\n");
+ else
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ terminate();
+ }
+ return;
}
-void
-doit (void)
+void doit(void)
{
- signal(SIGCHLD, ch_handler);
+ signal(SIGCHLD, ch_handler);
- start(NEW_AES_CBC);
- start(NEW_AES_CBC_SHA256);
- start(NEW_AES_GCM);
+ start(NEW_AES_CBC);
+ start(NEW_AES_CBC_SHA256);
+ start(NEW_AES_GCM);
- start(AES_CBC);
- start(AES_CBC_SHA256);
- start(AES_GCM);
+ start(AES_CBC);
+ start(AES_CBC_SHA256);
+ start(AES_GCM);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-rehandshake.c b/tests/mini-rehandshake.c
index d3fe336319..995277b263 100644
--- a/tests/mini-rehandshake.c
+++ b/tests/mini-rehandshake.c
@@ -32,131 +32,129 @@
#include "utils.h"
#include "eagain-common.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
-void
-doit (void)
+void doit(void)
{
- int exit_code = EXIT_SUCCESS;
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- HANDSHAKE(client, server);
-
- sret = gnutls_rehandshake (server);
- if (debug)
- {
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- HANDSHAKE(client, server);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- {
- if (exit_code == 0)
- puts ("Self-test successful");
- else
- puts ("Self-test failed");
- }
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server, "NORMAL", NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL", NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ sret = gnutls_rehandshake(server);
+ if (debug) {
+ tls_log_func(0, "gnutls_rehandshake (server)...\n");
+ tls_log_func(0, gnutls_strerror(sret));
+ tls_log_func(0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv(client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort();
+ }
+
+ HANDSHAKE(client, server);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug) {
+ if (exit_code == 0)
+ puts("Self-test successful");
+ else
+ puts("Self-test failed");
+ }
}
diff --git a/tests/mini-rsa-psk.c b/tests/mini-rsa-psk.c
index 3ec4170397..b6bc190f1a 100644
--- a/tests/mini-rsa-psk.c
+++ b/tests/mini-rsa-psk.c
@@ -34,10 +34,9 @@
#if defined(_WIN32)
/* socketpair isn't supported on Win32. */
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -56,108 +55,101 @@ main (int argc, char** argv)
/* A very basic TLS client, with PSK authentication.
*/
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
#define MAX_BUF 1024
#define MSG "Hello TLS"
-static void
-client (int sd)
+static void client(int sd)
{
- int ret, ii;
- gnutls_session_t session;
- gnutls_certificate_credentials_t clientx509cred;
- char buffer[MAX_BUF + 1];
- gnutls_psk_client_credentials_t pskcred;
- /* Need to enable anonymous KX specifically. */
- const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
-
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- side = "client";
-
- gnutls_certificate_allocate_credentials (&clientx509cred);
-
- gnutls_psk_allocate_client_credentials (&pskcred);
- gnutls_psk_set_client_credentials (pskcred, "test", &key,
- GNUTLS_PSK_KEY_HEX);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NORMAL:-KX-ALL:+RSA-PSK", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, pskcred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, clientx509cred);
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
-end:
-
- close (sd);
-
- gnutls_deinit (session);
-
- gnutls_psk_free_client_credentials (pskcred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
+ int ret, ii;
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t clientx509cred;
+ char buffer[MAX_BUF + 1];
+ gnutls_psk_client_credentials_t pskcred;
+ /* Need to enable anonymous KX specifically. */
+ const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
+
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ side = "client";
+
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+
+ gnutls_psk_allocate_client_credentials(&pskcred);
+ gnutls_psk_set_client_credentials(pskcred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+RSA-PSK",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ close(sd);
+
+ gnutls_deinit(session);
+
+ gnutls_psk_free_client_credentials(pskcred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
}
/* This is a sample TLS 1.0 echo server, for PSK authentication.
@@ -166,78 +158,79 @@ end:
#define MAX_BUF 1024
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
/* These are global */
gnutls_psk_server_credentials_t server_pskcred;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NORMAL:-KX-ALL:+RSA-PSK", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+RSA-PSK",
+ NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, server_pskcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred);
- return session;
+ return session;
}
static int
-pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
+pskfunc(gnutls_session_t session, const char *username,
+ gnutls_datum_t * key)
{
- if (debug)
- printf ("psk: username %s\n", username);
- key->data = gnutls_malloc (4);
- key->data[0] = 0xDE;
- key->data[1] = 0xAD;
- key->data[2] = 0xBE;
- key->data[3] = 0xEF;
- key->size = 4;
- return 0;
+ if (debug)
+ printf("psk: username %s\n", username);
+ key->data = gnutls_malloc(4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
}
int err, ret;
@@ -246,116 +239,108 @@ gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
-static void
-server (int sd)
+static void server(int sd)
{
- gnutls_certificate_credentials_t serverx509cred;
-
- /* this must be called once in the program
- */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- side = "server";
-
- gnutls_psk_allocate_server_credentials (&server_pskcred);
- gnutls_psk_set_server_credentials_function (server_pskcred, pskfunc);
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- session = initialize_tls_session ();
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, serverx509cred);
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- return;
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- gnutls_psk_free_server_credentials (server_pskcred);
- gnutls_certificate_free_credentials (serverx509cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ gnutls_certificate_credentials_t serverx509cred;
+
+ /* this must be called once in the program
+ */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ side = "server";
+
+ gnutls_psk_allocate_server_credentials(&server_pskcred);
+ gnutls_psk_set_server_credentials_function(server_pskcred,
+ pskfunc);
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ session = initialize_tls_session();
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ return;
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
+
+ gnutls_psk_free_server_credentials(server_pskcred);
+ gnutls_certificate_free_credentials(serverx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- pid_t child;
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (sockets[0]);
- wait (&status);
- }
- else
- client (sockets[1]);
+ pid_t child;
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(sockets[0]);
+ wait(&status);
+ } else
+ client(sockets[1]);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-tdb.c b/tests/mini-tdb.c
index 5f5f18ace1..cbd7520670 100644
--- a/tests/mini-tdb.c
+++ b/tests/mini-tdb.c
@@ -34,47 +34,47 @@
/* This will test whether the default public key storage backend
* is operating properly */
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static char client_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t client_cert = { (void*)client_pem, sizeof (client_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t client_cert =
+ { (void *) client_pem, sizeof(client_pem) };
#define TMP_FILE "mini-tdb-tmp"
@@ -82,105 +82,109 @@ const gnutls_datum_t client_cert = { (void*)client_pem, sizeof (client_pem) };
void doit(void)
{
- gnutls_datum_t der_cert, der_cert2;
- int ret;
- gnutls_datum_t hash;
-
- /* the sha1 hash of the server's pubkey */
- hash.data = (void*)SHA1_HASH;
- hash.size = sizeof(SHA1_HASH)-1;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- ret = gnutls_pem_base64_decode_alloc("CERTIFICATE", &server_cert, &der_cert);
- if (ret < 0)
- {
- fail("base64 decoding\n");
- goto fail;
- }
-
- ret = gnutls_pem_base64_decode_alloc("CERTIFICATE", &client_cert, &der_cert2);
- if (ret < 0)
- {
- fail("base64 decoding\n");
- goto fail;
- }
-
- remove(TMP_FILE);
-
- /* verify whether the stored hash verification succeeeds */
- ret = gnutls_store_commitment(TMP_FILE, NULL, "localhost", "https",
- GNUTLS_DIG_SHA1, &hash, 0, 0);
- if (ret != 0)
- {
- fail("commitment storage: %s\n", gnutls_strerror(ret));
- goto fail;
- }
-
- if (debug)
- success("Commitment storage: passed\n");
-
- ret = gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", "https",
- GNUTLS_CRT_X509, &der_cert, 0);
- remove(TMP_FILE);
-
- if (ret != 0)
- {
- fail("commitment verification: %s\n", gnutls_strerror(ret));
- goto fail;
- }
-
- if (debug)
- success("Commitment verification: passed\n");
-
- /* verify whether the stored pubkey verification succeeeds */
- ret = gnutls_store_pubkey(TMP_FILE, NULL, "localhost", "https",
- GNUTLS_CRT_X509, &der_cert, 0, 0);
- if (ret != 0)
- {
- fail("storage: %s\n", gnutls_strerror(ret));
- goto fail;
- }
-
- if (debug)
- success("Public key storage: passed\n");
-
- ret = gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", "https",
- GNUTLS_CRT_X509, &der_cert, 0);
- if (ret != 0)
- {
- fail("pubkey verification: %s\n", gnutls_strerror(ret));
- goto fail;
- }
-
- ret = gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", "https",
- GNUTLS_CRT_X509, &der_cert2, 0);
- remove(TMP_FILE);
- if (ret == 0)
- {
- fail("verification succeed when shouldn't!\n");
- goto fail;
- }
- if (ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- {
- fail("Wrong error code returned: %s!\n", gnutls_strerror(ret));
- goto fail;
- }
-
- if (debug)
- success("Public key verification: passed\n");
-
-
- gnutls_global_deinit();
- gnutls_free(der_cert.data);
- gnutls_free(der_cert2.data);
-
- return;
-fail:
- remove(TMP_FILE);
- exit(1);
+ gnutls_datum_t der_cert, der_cert2;
+ int ret;
+ gnutls_datum_t hash;
+
+ /* the sha1 hash of the server's pubkey */
+ hash.data = (void *) SHA1_HASH;
+ hash.size = sizeof(SHA1_HASH) - 1;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ ret =
+ gnutls_pem_base64_decode_alloc("CERTIFICATE", &server_cert,
+ &der_cert);
+ if (ret < 0) {
+ fail("base64 decoding\n");
+ goto fail;
+ }
+
+ ret =
+ gnutls_pem_base64_decode_alloc("CERTIFICATE", &client_cert,
+ &der_cert2);
+ if (ret < 0) {
+ fail("base64 decoding\n");
+ goto fail;
+ }
+
+ remove(TMP_FILE);
+
+ /* verify whether the stored hash verification succeeeds */
+ ret = gnutls_store_commitment(TMP_FILE, NULL, "localhost", "https",
+ GNUTLS_DIG_SHA1, &hash, 0, 0);
+ if (ret != 0) {
+ fail("commitment storage: %s\n", gnutls_strerror(ret));
+ goto fail;
+ }
+
+ if (debug)
+ success("Commitment storage: passed\n");
+
+ ret =
+ gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost",
+ "https", GNUTLS_CRT_X509,
+ &der_cert, 0);
+ remove(TMP_FILE);
+
+ if (ret != 0) {
+ fail("commitment verification: %s\n",
+ gnutls_strerror(ret));
+ goto fail;
+ }
+
+ if (debug)
+ success("Commitment verification: passed\n");
+
+ /* verify whether the stored pubkey verification succeeeds */
+ ret = gnutls_store_pubkey(TMP_FILE, NULL, "localhost", "https",
+ GNUTLS_CRT_X509, &der_cert, 0, 0);
+ if (ret != 0) {
+ fail("storage: %s\n", gnutls_strerror(ret));
+ goto fail;
+ }
+
+ if (debug)
+ success("Public key storage: passed\n");
+
+ ret =
+ gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost",
+ "https", GNUTLS_CRT_X509,
+ &der_cert, 0);
+ if (ret != 0) {
+ fail("pubkey verification: %s\n", gnutls_strerror(ret));
+ goto fail;
+ }
+
+ ret =
+ gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost",
+ "https", GNUTLS_CRT_X509,
+ &der_cert2, 0);
+ remove(TMP_FILE);
+ if (ret == 0) {
+ fail("verification succeed when shouldn't!\n");
+ goto fail;
+ }
+ if (ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
+ fail("Wrong error code returned: %s!\n",
+ gnutls_strerror(ret));
+ goto fail;
+ }
+
+ if (debug)
+ success("Public key verification: passed\n");
+
+
+ gnutls_global_deinit();
+ gnutls_free(der_cert.data);
+ gnutls_free(der_cert2.data);
+
+ return;
+ fail:
+ remove(TMP_FILE);
+ exit(1);
}
diff --git a/tests/mini-termination.c b/tests/mini-termination.c
index c4741b59ed..f396d58bc7 100644
--- a/tests/mini-termination.c
+++ b/tests/mini-termination.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -55,57 +55,55 @@ static void terminate(void);
* decoding.
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
// fprintf (stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
@@ -114,92 +112,86 @@ const gnutls_datum_t server_key = { server_key_pem,
#define MAX_BUF 1024
-static void
-client (int fd, const char* prio)
+static void client(int fd, const char *prio)
{
- int ret;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_session_t session;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (7);
- }
-
- gnutls_anon_allocate_client_credentials (&anoncred);
- gnutls_certificate_allocate_credentials (&x509_cred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, prio, NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
- do {
- do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- } while( ret > 0);
-
- if (ret == GNUTLS_E_PREMATURE_TERMINATION)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else
- {
- fail ("client: Unexpected error: %d (%s)\n", ret, gnutls_strerror (ret));
- exit(1);
- }
-
-end:
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_anon_free_client_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_session_t session;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(7);
+ }
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+ gnutls_certificate_allocate_credentials(&x509_cred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, prio, NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+ do {
+ do {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+ } while (ret > 0);
+
+ if (ret == GNUTLS_E_PREMATURE_TERMINATION) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else {
+ fail("client: Unexpected error: %d (%s)\n", ret,
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ end:
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_anon_free_client_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
}
@@ -208,148 +200,139 @@ gnutls_anon_server_credentials_t anoncred;
gnutls_certificate_credentials_t x509_cred;
pid_t child;
-static gnutls_session_t
-initialize_tls_session (const char* prio)
+static gnutls_session_t initialize_tls_session(const char *prio)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, prio, NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, prio, NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- return session;
+ return session;
}
static void terminate(void)
{
- kill(child, SIGTERM);
- exit(1);
+ kill(child, SIGTERM);
+ exit(1);
}
-static void
-server (int fd, const char* prio)
+static void server(int fd, const char *prio)
{
-int ret;
-char buffer[MAX_BUF + 1];
-gnutls_session_t session;
-
- /* this must be called once in the program
- */
- global_init ();
- memset(buffer, 0, sizeof(buffer));
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- session = initialize_tls_session (prio);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- terminate();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
- close(fd);
- gnutls_deinit (session);
-
- gnutls_anon_free_server_credentials (anoncred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+
+ /* this must be called once in the program
+ */
+ global_init();
+ memset(buffer, 0, sizeof(buffer));
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ session = initialize_tls_session(prio);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_anon_free_server_credentials(anoncred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void start (const char* prio)
+static void start(const char *prio)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], prio);
- waitpid(-1, NULL, 0);
- //kill(child, SIGTERM);
- }
- else
- {
- close(fd[0]);
- client (fd[1], prio);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], prio);
+ waitpid(-1, NULL, 0);
+ //kill(child, SIGTERM);
+ } else {
+ close(fd[0]);
+ client(fd[1], prio);
+ exit(0);
+ }
}
static void ch_handler(int sig)
{
-int status = 0;
-
- waitpid(-1, &status, 0);
- if (WEXITSTATUS(status) != 0 ||
- (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
- {
- if (WIFSIGNALED(status))
- fail("Child died with sigsegv\n");
- else
- fail("Child died with status %d\n", WEXITSTATUS(status));
- terminate();
- }
- return;
+ int status = 0;
+
+ waitpid(-1, &status, 0);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+ if (WIFSIGNALED(status))
+ fail("Child died with sigsegv\n");
+ else
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ terminate();
+ }
+ return;
}
-void
-doit (void)
+void doit(void)
{
- signal(SIGCHLD, ch_handler);
+ signal(SIGCHLD, ch_handler);
- start("NORMAL");
+ start("NORMAL");
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/mini-x509-2.c b/tests/mini-x509-2.c
index 7e98e5ab8d..3e0b42231f 100644
--- a/tests/mini-x509-2.c
+++ b/tests/mini-x509-2.c
@@ -35,145 +35,145 @@
/* This tests gnutls_certificate_set_x509_key() */
-const char* side;
+const char *side;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- int exit_code = EXIT_SUCCESS;
- int ret;
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
- gnutls_x509_crt_t crt;
- gnutls_x509_privkey_t pkey;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- ret = gnutls_x509_crt_init(&crt);
- if (ret < 0)
- {
- fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_privkey_init(&pkey);
- if (ret < 0)
- {
- fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- ret = gnutls_x509_privkey_import(pkey, &server_key, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key (serverx509cred,
- &crt, 1, pkey);
- gnutls_x509_privkey_deinit(pkey);
- gnutls_x509_crt_deinit(crt);
-
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL:-CIPHER-ALL:+AES-128-GCM", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- HANDSHAKE(client, server);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug > 0)
- {
- if (exit_code == 0)
- puts ("Self-test successful");
- else
- puts ("Self-test failed");
- }
+ int exit_code = EXIT_SUCCESS;
+ int ret;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+ gnutls_x509_crt_t crt;
+ gnutls_x509_privkey_t pkey;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_x509_privkey_init(&pkey);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_privkey_import(pkey, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key(serverx509cred, &crt, 1, pkey);
+ gnutls_x509_privkey_deinit(pkey);
+ gnutls_x509_crt_deinit(crt);
+
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server,
+ "NORMAL:-CIPHER-ALL:+AES-128-GCM",
+ NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL", NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug > 0) {
+ if (exit_code == 0)
+ puts("Self-test successful");
+ else
+ puts("Self-test failed");
+ }
}
diff --git a/tests/mini-x509-callbacks.c b/tests/mini-x509-callbacks.c
index 0246f9d7cc..66ab17b6d4 100644
--- a/tests/mini-x509-callbacks.c
+++ b/tests/mini-x509-callbacks.c
@@ -37,21 +37,20 @@
* are tested.
*/
-const char* side;
+const char *side;
static int client_ok = 0, server_ok = 0;
static int pch_ok = 0;
-static int
-client_callback (gnutls_session_t session)
+static int client_callback(gnutls_session_t session)
{
- client_ok = 1;
- return 0;
+ client_ok = 1;
+ return 0;
}
-static int post_client_hello_callback (gnutls_session_t session)
+static int post_client_hello_callback(gnutls_session_t session)
{
- pch_ok = 1;
- return 0;
+ pch_ok = 1;
+ return 0;
}
unsigned int msg_order[] = {
@@ -67,169 +66,173 @@ unsigned int msg_order[] = {
GNUTLS_HANDSHAKE_FINISHED,
};
-static int handshake_callback (gnutls_session_t session, unsigned int htype, unsigned post, unsigned int incoming)
+static int handshake_callback(gnutls_session_t session, unsigned int htype,
+ unsigned post, unsigned int incoming)
{
-static unsigned idx = 0;
-unsigned int msg;
-
- if (msg_order[idx] != htype)
- {
- fail("%s: %s, expected %s\n", incoming!=0?"Received":"Sent", gnutls_handshake_description_get_name(htype), gnutls_handshake_description_get_name(msg_order[idx]));
- exit(1);
- }
- idx++;
-
- if (incoming != 0)
- {
- msg = gnutls_handshake_get_last_in(session);
- if (msg != htype)
- {
- fail("last input message was not recorded (exp: %d, found: %d) \n", msg, htype);
- exit(1);
- }
- }
- else
- {
- msg = gnutls_handshake_get_last_out(session);
- if (msg != htype)
- {
- fail("last output message was not recorded (exp: %d, found: %d) \n", msg, htype);
- exit(1);
- }
- }
-
- return 0;
+ static unsigned idx = 0;
+ unsigned int msg;
+
+ if (msg_order[idx] != htype) {
+ fail("%s: %s, expected %s\n",
+ incoming != 0 ? "Received" : "Sent",
+ gnutls_handshake_description_get_name(htype),
+ gnutls_handshake_description_get_name(msg_order
+ [idx]));
+ exit(1);
+ }
+ idx++;
+
+ if (incoming != 0) {
+ msg = gnutls_handshake_get_last_in(session);
+ if (msg != htype) {
+ fail("last input message was not recorded (exp: %d, found: %d) \n", msg, htype);
+ exit(1);
+ }
+ } else {
+ msg = gnutls_handshake_get_last_out(session);
+ if (msg != htype) {
+ fail("last output message was not recorded (exp: %d, found: %d) \n", msg, htype);
+ exit(1);
+ }
+ }
+
+ return 0;
}
-static int
-server_callback (gnutls_session_t session)
+static int server_callback(gnutls_session_t session)
{
- server_ok = 1;
+ server_ok = 1;
- if (gnutls_handshake_get_last_in(session) != GNUTLS_HANDSHAKE_CERTIFICATE_PKT)
- {
- fail("client's last input message was unexpected\n");
- exit(1);
- }
+ if (gnutls_handshake_get_last_in(session) !=
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT) {
+ fail("client's last input message was unexpected\n");
+ exit(1);
+ }
- if (gnutls_handshake_get_last_out(session) != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE)
- {
- fail("client's last output message was unexpected\n");
- exit(1);
- }
+ if (gnutls_handshake_get_last_out(session) !=
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) {
+ fail("client's last output message was unexpected\n");
+ exit(1);
+ }
- return 0;
+ return 0;
}
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
- gnutls_certificate_set_verify_function (serverx509cred, server_callback);
- gnutls_certificate_server_set_request (server, GNUTLS_CERT_REQUEST);
- gnutls_handshake_set_post_client_hello_function (server, post_client_hello_callback);
- gnutls_handshake_set_hook_function (server, GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, handshake_callback);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
- gnutls_certificate_set_verify_function (clientx509cred, client_callback);
-
- HANDSHAKE(client, server);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (pch_ok == 0)
- fail("Post client hello callback wasn't called\n");
-
- if (server_ok == 0)
- fail("Server certificate verify callback wasn't called\n");
-
- if (client_ok == 0)
- fail("Client certificate verify callback wasn't called\n");
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server, "NORMAL", NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+ gnutls_certificate_set_verify_function(serverx509cred,
+ server_callback);
+ gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
+ gnutls_handshake_set_post_client_hello_function(server,
+ post_client_hello_callback);
+ gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY,
+ GNUTLS_HOOK_POST,
+ handshake_callback);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL", NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+ gnutls_certificate_set_verify_function(clientx509cred,
+ client_callback);
+
+ HANDSHAKE(client, server);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (pch_ok == 0)
+ fail("Post client hello callback wasn't called\n");
+
+ if (server_ok == 0)
+ fail("Server certificate verify callback wasn't called\n");
+
+ if (client_ok == 0)
+ fail("Client certificate verify callback wasn't called\n");
}
diff --git a/tests/mini-x509-cas.c b/tests/mini-x509-cas.c
index 5e42093292..7b222ced67 100644
--- a/tests/mini-x509-cas.c
+++ b/tests/mini-x509-cas.c
@@ -35,127 +35,127 @@
/* Tests whether a very long CA list, that spans over multiple records
* is tolerated */
-const char* side;
+const char *side;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- int exit_code = EXIT_SUCCESS;
- const char* ca_file;
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN, ret;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- ca_file = getenv("CAFILE");
- if (ca_file == NULL)
- {
- ca_file = "certs/ca-certs.pem";
- }
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- ret = gnutls_certificate_set_x509_trust_file(serverx509cred, ca_file, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf(stderr, "%s\n", gnutls_strerror(ret));
- exit(1);
- }
-
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
- gnutls_priority_set_direct (server, "NORMAL", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- HANDSHAKE(client, server);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug > 0)
- {
- if (exit_code == 0)
- puts ("Self-test successful");
- else
- puts ("Self-test failed");
- }
+ int exit_code = EXIT_SUCCESS;
+ const char *ca_file;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN, ret;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ ca_file = getenv("CAFILE");
+ if (ca_file == NULL) {
+ ca_file = "certs/ca-certs.pem";
+ }
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ ret =
+ gnutls_certificate_set_x509_trust_file(serverx509cred, ca_file,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "%s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
+ gnutls_priority_set_direct(server, "NORMAL", NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL", NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug > 0) {
+ if (exit_code == 0)
+ puts("Self-test successful");
+ else
+ puts("Self-test failed");
+ }
}
diff --git a/tests/mini-x509.c b/tests/mini-x509.c
index d05dbf821e..333d544df9 100644
--- a/tests/mini-x509.c
+++ b/tests/mini-x509.c
@@ -32,112 +32,114 @@
#include "utils.h"
#include "eagain-common.h"
-const char* side;
+const char *side;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- int exit_code = EXIT_SUCCESS;
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL:-CIPHER-ALL:+ARCFOUR-128", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- HANDSHAKE(client, server);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug > 0)
- {
- if (exit_code == 0)
- puts ("Self-test successful");
- else
- puts ("Self-test failed");
- }
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server,
+ "NORMAL:-CIPHER-ALL:+ARCFOUR-128",
+ NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL", NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug > 0) {
+ if (exit_code == 0)
+ puts("Self-test successful");
+ else
+ puts("Self-test failed");
+ }
}
diff --git a/tests/mini-xssl.c b/tests/mini-xssl.c
index f448ca9644..c6d8c82dfc 100644
--- a/tests/mini-xssl.c
+++ b/tests/mini-xssl.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -57,196 +57,186 @@ static void terminate(void);
* decoding.
*/
-static time_t mytime (time_t * t)
+static time_t mytime(time_t * t)
{
- time_t then = 1359304177;
+ time_t then = 1359304177;
- if (t)
- *t = then;
+ if (t)
+ *t = then;
- return then;
+ return then;
}
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
// fprintf (stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
static unsigned char ca_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU\n"
- "TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV\n"
- "BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB\n"
- "OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL\n"
- "dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb\n"
- "HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08\n"
- "WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3\n"
- "F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3\n"
- "a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe\n"
- "oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/\n"
- "MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P\n"
- "MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH\n"
- "VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc\n"
- "4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s\n"
- "V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK\n"
- "VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u\n"
- "f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv\n"
- "ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU\n"
+ "TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV\n"
+ "BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB\n"
+ "OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL\n"
+ "dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb\n"
+ "HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08\n"
+ "WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3\n"
+ "F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3\n"
+ "a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe\n"
+ "oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/\n"
+ "MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P\n"
+ "MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH\n"
+ "VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc\n"
+ "4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s\n"
+ "V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK\n"
+ "VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u\n"
+ "f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv\n"
+ "ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k\n"
+ "-----END CERTIFICATE-----\n";
const gnutls_datum_t ca_cert = { ca_pem,
- sizeof (ca_pem)-1
+ sizeof(ca_pem) - 1
};
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICsDCCAWigAwIBAgIETeC0kjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H\n"
- "bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM4NDNaFw0zODEwMTIwODM4NDZaMDEx\n"
- "LzAtBgNVBAMTJkdudVRMUyBUZXN0IHNlcnZlciAoRUNEU0EgY2VydGlmaWNhdGUp\n"
- "ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE0vMmf/W0rRoUqBxH5Uq+c/sR76ElmyZM\n"
- "e2zj3U9PRJ0maKstEOHkpaDaSU6s2Hyi9L88wS1ZX0ijgY0wgYowDAYDVR0TAQH/\n"
- "BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEw\n"
- "DwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUJ97Q83IFpLgqeOnT1rX/JzCvlTQw\n"
- "HwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQAD\n"
- "ggExAErP9z8CCwt7YwA+SHoulNjqcXsngeKAKN9fVgV/XuspG6L2nU1WZvCjjFj6\n"
- "jggMbJSElyCuLZJKlTC/DihXUgRXyswOzg9qQ7dDv+V/Qi95XH5slXNzYxMQSdoA\n"
- "IaULVVDZcMFMVSc+TyAchJ6XwUY9umiysz3lSOioMQCch4MA366ZNqqnq5OD4moH\n"
- "1SUX8CbRjA6SLpvffexLTB2Af+mFi8ReTkXCwB1LGEH1HRp/XzBc+/F9mavy3g/6\n"
- "Hnjf2E1h2GDYXcJCVfE+ArjNS+R94jJwRMFBvwD/x2hsvpSajDpO0+GIxlGGKdyh\n"
- "7o4puz/BqHwSzX9h7I7RvFEogDUNUzLgHMdcjq5usnmQpdWNUP8Xs/WqLjML+/PT\n"
- "+jyCwmll0lPlC2RqAx3pM1XrjjQ=\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICsDCCAWigAwIBAgIETeC0kjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H\n"
+ "bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM4NDNaFw0zODEwMTIwODM4NDZaMDEx\n"
+ "LzAtBgNVBAMTJkdudVRMUyBUZXN0IHNlcnZlciAoRUNEU0EgY2VydGlmaWNhdGUp\n"
+ "ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE0vMmf/W0rRoUqBxH5Uq+c/sR76ElmyZM\n"
+ "e2zj3U9PRJ0maKstEOHkpaDaSU6s2Hyi9L88wS1ZX0ijgY0wgYowDAYDVR0TAQH/\n"
+ "BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEw\n"
+ "DwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUJ97Q83IFpLgqeOnT1rX/JzCvlTQw\n"
+ "HwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQAD\n"
+ "ggExAErP9z8CCwt7YwA+SHoulNjqcXsngeKAKN9fVgV/XuspG6L2nU1WZvCjjFj6\n"
+ "jggMbJSElyCuLZJKlTC/DihXUgRXyswOzg9qQ7dDv+V/Qi95XH5slXNzYxMQSdoA\n"
+ "IaULVVDZcMFMVSc+TyAchJ6XwUY9umiysz3lSOioMQCch4MA366ZNqqnq5OD4moH\n"
+ "1SUX8CbRjA6SLpvffexLTB2Af+mFi8ReTkXCwB1LGEH1HRp/XzBc+/F9mavy3g/6\n"
+ "Hnjf2E1h2GDYXcJCVfE+ArjNS+R94jJwRMFBvwD/x2hsvpSajDpO0+GIxlGGKdyh\n"
+ "7o4puz/BqHwSzX9h7I7RvFEogDUNUzLgHMdcjq5usnmQpdWNUP8Xs/WqLjML+/PT\n"
+ "+jyCwmll0lPlC2RqAx3pM1XrjjQ=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)-1
+ sizeof(server_cert_pem) - 1
};
static unsigned char server_key_pem[] =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MGgCAQEEHHX3xeBOGgIxxtuhhpbwdwZnJztR7+uZTHnYuL+gBwYFK4EEACGhPAM6\n"
- "AATS8yZ/9bStGhSoHEflSr5z+xHvoSWbJkx7bOPdT09EnSZoqy0Q4eSloNpJTqzY\n"
- "fKL0vzzBLVlfSA==\n"
- "-----END EC PRIVATE KEY-----\n";
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MGgCAQEEHHX3xeBOGgIxxtuhhpbwdwZnJztR7+uZTHnYuL+gBwYFK4EEACGhPAM6\n"
+ "AATS8yZ/9bStGhSoHEflSr5z+xHvoSWbJkx7bOPdT09EnSZoqy0Q4eSloNpJTqzY\n"
+ "fKL0vzzBLVlfSA==\n" "-----END EC PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)-1
+ sizeof(server_key_pem) - 1
};
#define LINE1 "hello there people\n"
#define LINE2 "how are you doing today, all well?\n"
-static const char* test = NULL;
+static const char *test = NULL;
#define err_quit(r) {fail("%s: Error in line %d: %s\n", test, __LINE__, gnutls_strerror(r)); exit(1);}
-static void
-client (int fd, unsigned int vmethod, unsigned use_cert)
+static void client(int fd, unsigned int vmethod, unsigned use_cert)
{
- int ret;
- char *line = NULL;
- size_t line_len;
- xssl_cred_t cred;
- xssl_t sb;
- gnutls_cinput_st aux[6];
- unsigned int status;
- unsigned aux_size = 0;
-
- global_init ();
- gnutls_global_set_time_function (mytime);
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (7);
- }
-
- if (vmethod & GNUTLS_VMETHOD_GIVEN_CAS)
- {
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
- aux[aux_size].contents = GNUTLS_CINPUT_CAS;
- aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
- aux[aux_size].i1.mem = ca_cert;
- aux_size++;
- }
-
- if (use_cert != 0)
- {
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
- aux[aux_size].contents = GNUTLS_CINPUT_KEYPAIR;
- aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
- aux[aux_size].i1.mem = server_cert;
- aux[aux_size].i2.mem = server_key;
- aux_size++;
- }
-
- if (vmethod & GNUTLS_VMETHOD_TOFU)
- {
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
- aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB;
- aux[aux_size].i1.file = TOFU_DB_FILE;
- aux_size++;
- }
-
- ret = xssl_cred_init(&cred, vmethod, aux, aux_size);
- if (ret < 0)
- err_quit(ret);
-
- /* Initialize TLS session
- */
- ret = xssl_client_init(&sb, "localhost", NULL, (gnutls_transport_ptr_t)(long)fd,
- NULL, cred, &status, 0);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_AUTH_ERROR)
- {
- gnutls_datum_t txt;
-
- gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509,
- &txt, 0);
-
- fprintf(stderr, "auth[%x]: %s\n", status, txt.data);
- gnutls_free(txt.data);
- }
- err_quit(ret);
- }
-
- ret = xssl_getline(sb, &line, &line_len);
- if (ret < 0)
- err_quit(ret);
-
- if (strcmp(line, LINE1) != 0)
- {
- fail("Error comparing first line\n");
- exit(1);
- }
-
- ret = xssl_getline(sb, &line, &line_len);
- if (ret < 0)
- err_quit(ret);
-
- if (strcmp(line, LINE2) != 0)
- {
- fail("Error comparing first line\n");
- exit(1);
- }
-
- gnutls_free(line);
-
- xssl_deinit(sb);
-
- close (fd);
-
- xssl_cred_deinit (cred);
-
- gnutls_global_deinit ();
+ int ret;
+ char *line = NULL;
+ size_t line_len;
+ xssl_cred_t cred;
+ xssl_t sb;
+ gnutls_cinput_st aux[6];
+ unsigned int status;
+ unsigned aux_size = 0;
+
+ global_init();
+ gnutls_global_set_time_function(mytime);
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(7);
+ }
+
+ if (vmethod & GNUTLS_VMETHOD_GIVEN_CAS) {
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
+ aux[aux_size].contents = GNUTLS_CINPUT_CAS;
+ aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
+ aux[aux_size].i1.mem = ca_cert;
+ aux_size++;
+ }
+
+ if (use_cert != 0) {
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
+ aux[aux_size].contents = GNUTLS_CINPUT_KEYPAIR;
+ aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
+ aux[aux_size].i1.mem = server_cert;
+ aux[aux_size].i2.mem = server_key;
+ aux_size++;
+ }
+
+ if (vmethod & GNUTLS_VMETHOD_TOFU) {
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
+ aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB;
+ aux[aux_size].i1.file = TOFU_DB_FILE;
+ aux_size++;
+ }
+
+ ret = xssl_cred_init(&cred, vmethod, aux, aux_size);
+ if (ret < 0)
+ err_quit(ret);
+
+ /* Initialize TLS session
+ */
+ ret =
+ xssl_client_init(&sb, "localhost", NULL,
+ (gnutls_transport_ptr_t) (long) fd, NULL,
+ cred, &status, 0);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_AUTH_ERROR) {
+ gnutls_datum_t txt;
+
+ gnutls_certificate_verification_status_print
+ (status, GNUTLS_CRT_X509, &txt, 0);
+
+ fprintf(stderr, "auth[%x]: %s\n", status,
+ txt.data);
+ gnutls_free(txt.data);
+ }
+ err_quit(ret);
+ }
+
+ ret = xssl_getline(sb, &line, &line_len);
+ if (ret < 0)
+ err_quit(ret);
+
+ if (strcmp(line, LINE1) != 0) {
+ fail("Error comparing first line\n");
+ exit(1);
+ }
+
+ ret = xssl_getline(sb, &line, &line_len);
+ if (ret < 0)
+ err_quit(ret);
+
+ if (strcmp(line, LINE2) != 0) {
+ fail("Error comparing first line\n");
+ exit(1);
+ }
+
+ gnutls_free(line);
+
+ xssl_deinit(sb);
+
+ close(fd);
+
+ xssl_cred_deinit(cred);
+
+ gnutls_global_deinit();
}
@@ -255,163 +245,154 @@ pid_t child;
static void terminate(void)
{
- kill(child, SIGTERM);
- exit(1);
+ kill(child, SIGTERM);
+ exit(1);
}
-static void
-server (int fd, unsigned vmethod)
+static void server(int fd, unsigned vmethod)
{
- int ret;
- xssl_cred_t cred;
- xssl_t sb;
- gnutls_cinput_st aux[6];
- unsigned aux_size = 0;
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (7);
- }
-
-
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
- aux[aux_size].contents = GNUTLS_CINPUT_KEYPAIR;
- aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
- aux[aux_size].i1.mem = server_cert;
- aux[aux_size].i2.mem = server_key;
- aux_size++;
-
- if (vmethod & GNUTLS_VMETHOD_GIVEN_CAS)
- {
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
- aux[aux_size].contents = GNUTLS_CINPUT_CAS;
- aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
- aux[aux_size].i1.mem = ca_cert;
- aux_size++;
- }
-
- ret = xssl_cred_init(&cred, vmethod, aux, aux_size);
- if (ret < 0)
- err_quit(ret);
-
- /* Initialize TLS session
- */
- ret = xssl_server_init(&sb, (gnutls_transport_ptr_t)(long)fd,
- NULL, cred, NULL, 0);
- if (ret < 0)
- err_quit(ret);
-
- ret = xssl_write(sb, LINE1, sizeof(LINE1)-1);
- if (ret < 0)
- err_quit(ret);
-
- ret = xssl_write(sb, LINE2, sizeof(LINE2)-1);
- if (ret < 0)
- err_quit(ret);
-
- ret = xssl_flush(sb);
- if (ret < 0)
- err_quit(ret);
-
- xssl_deinit(sb);
-
- close (fd);
-
- xssl_cred_deinit (cred);
-
- gnutls_global_deinit ();
+ int ret;
+ xssl_cred_t cred;
+ xssl_t sb;
+ gnutls_cinput_st aux[6];
+ unsigned aux_size = 0;
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(7);
+ }
+
+
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
+ aux[aux_size].contents = GNUTLS_CINPUT_KEYPAIR;
+ aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
+ aux[aux_size].i1.mem = server_cert;
+ aux[aux_size].i2.mem = server_key;
+ aux_size++;
+
+ if (vmethod & GNUTLS_VMETHOD_GIVEN_CAS) {
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
+ aux[aux_size].contents = GNUTLS_CINPUT_CAS;
+ aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
+ aux[aux_size].i1.mem = ca_cert;
+ aux_size++;
+ }
+
+ ret = xssl_cred_init(&cred, vmethod, aux, aux_size);
+ if (ret < 0)
+ err_quit(ret);
+
+ /* Initialize TLS session
+ */
+ ret = xssl_server_init(&sb, (gnutls_transport_ptr_t) (long) fd,
+ NULL, cred, NULL, 0);
+ if (ret < 0)
+ err_quit(ret);
+
+ ret = xssl_write(sb, LINE1, sizeof(LINE1) - 1);
+ if (ret < 0)
+ err_quit(ret);
+
+ ret = xssl_write(sb, LINE2, sizeof(LINE2) - 1);
+ if (ret < 0)
+ err_quit(ret);
+
+ ret = xssl_flush(sb);
+ if (ret < 0)
+ err_quit(ret);
+
+ xssl_deinit(sb);
+
+ close(fd);
+
+ xssl_cred_deinit(cred);
+
+ gnutls_global_deinit();
}
-static void start (unsigned vc, unsigned vs, unsigned ccert)
+static void start(unsigned vc, unsigned vs, unsigned ccert)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], vs);
- waitpid(-1, NULL, 0);
- //kill(child, SIGTERM);
- }
- else
- {
- close(fd[0]);
- client (fd[1], vc, ccert);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], vs);
+ waitpid(-1, NULL, 0);
+ //kill(child, SIGTERM);
+ } else {
+ close(fd[0]);
+ client(fd[1], vc, ccert);
+ exit(0);
+ }
}
static void ch_handler(int sig)
{
-int status = 0;
-
- waitpid(-1, &status, 0);
- if (WEXITSTATUS(status) != 0 ||
- (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
- {
- if (WIFSIGNALED(status))
- fail("Child died with sigsegv\n");
- else
- fail("Child died with status %d\n", WEXITSTATUS(status));
- terminate();
- }
- return;
+ int status = 0;
+
+ waitpid(-1, &status, 0);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+ if (WIFSIGNALED(status))
+ fail("Child died with sigsegv\n");
+ else
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ terminate();
+ }
+ return;
}
-void
-doit (void)
+void doit(void)
{
- signal(SIGCHLD, ch_handler);
- signal(SIGPIPE, SIG_IGN);
-
- test = "test1: no auth";
- if (debug)
- fprintf(stderr, "running %s", test);
- start(GNUTLS_VMETHOD_NO_AUTH, GNUTLS_VMETHOD_NO_AUTH, 0);
-
- test = "test2: server auth";
- if (debug)
- fprintf(stderr, "running %s", test);
- start(GNUTLS_VMETHOD_GIVEN_CAS, GNUTLS_VMETHOD_NO_AUTH, 0);
-
- test = "test3: mutual auth";
- if (debug)
- fprintf(stderr, "running %s", test);
- start(GNUTLS_VMETHOD_GIVEN_CAS, GNUTLS_VMETHOD_GIVEN_CAS, 1);
-
- remove(TOFU_DB_FILE);
- test = "test4: trust on first use p1";
- if (debug)
- fprintf(stderr, "running %s", test);
- start(GNUTLS_VMETHOD_TOFU, GNUTLS_VMETHOD_NO_AUTH, 0);
-
- test = "test5: trust on first use p2";
- if (debug)
- fprintf(stderr, "running %s", test);
- start(GNUTLS_VMETHOD_TOFU, GNUTLS_VMETHOD_NO_AUTH, 0);
- remove(TOFU_DB_FILE);
+ signal(SIGCHLD, ch_handler);
+ signal(SIGPIPE, SIG_IGN);
+
+ test = "test1: no auth";
+ if (debug)
+ fprintf(stderr, "running %s", test);
+ start(GNUTLS_VMETHOD_NO_AUTH, GNUTLS_VMETHOD_NO_AUTH, 0);
+
+ test = "test2: server auth";
+ if (debug)
+ fprintf(stderr, "running %s", test);
+ start(GNUTLS_VMETHOD_GIVEN_CAS, GNUTLS_VMETHOD_NO_AUTH, 0);
+
+ test = "test3: mutual auth";
+ if (debug)
+ fprintf(stderr, "running %s", test);
+ start(GNUTLS_VMETHOD_GIVEN_CAS, GNUTLS_VMETHOD_GIVEN_CAS, 1);
+
+ remove(TOFU_DB_FILE);
+ test = "test4: trust on first use p1";
+ if (debug)
+ fprintf(stderr, "running %s", test);
+ start(GNUTLS_VMETHOD_TOFU, GNUTLS_VMETHOD_NO_AUTH, 0);
+
+ test = "test5: trust on first use p2";
+ if (debug)
+ fprintf(stderr, "running %s", test);
+ start(GNUTLS_VMETHOD_TOFU, GNUTLS_VMETHOD_NO_AUTH, 0);
+ remove(TOFU_DB_FILE);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/moredn.c b/tests/moredn.c
index 994a99522e..528be496e4 100644
--- a/tests/moredn.c
+++ b/tests/moredn.c
@@ -38,69 +38,72 @@
#include "utils.h"
static const char cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
static const gnutls_datum_t cert_datum = { (unsigned char *) cert_pem,
- sizeof (cert_pem)
+ sizeof(cert_pem)
};
-void
-doit (void)
+void doit(void)
{
- gnutls_x509_crt_t cert;
- gnutls_x509_dn_t sdn, dn2;
- unsigned char buf[8192], buf2[8192];
- size_t buflen, buf2len;
- gnutls_datum_t datum;
- int rv;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_dn_t sdn, dn2;
+ unsigned char buf[8192], buf2[8192];
+ size_t buflen, buf2len;
+ gnutls_datum_t datum;
+ int rv;
- global_init ();
+ global_init();
- if (gnutls_x509_crt_init (&cert) != 0)
- fail ("cert init failure\n");
+ if (gnutls_x509_crt_init(&cert) != 0)
+ fail("cert init failure\n");
- if (gnutls_x509_crt_import (cert, &cert_datum, GNUTLS_X509_FMT_PEM) != 0)
- fail ("FAIL: could not import PEM cert\n");
+ if (gnutls_x509_crt_import(cert, &cert_datum, GNUTLS_X509_FMT_PEM)
+ != 0)
+ fail("FAIL: could not import PEM cert\n");
- if (gnutls_x509_crt_get_subject (cert, &sdn) != 0)
- fail ("FAIL: could not get subject DN.\n");
+ if (gnutls_x509_crt_get_subject(cert, &sdn) != 0)
+ fail("FAIL: could not get subject DN.\n");
- buflen = sizeof buf;
- rv = gnutls_x509_dn_export (sdn, GNUTLS_X509_FMT_DER, buf, &buflen);
- if (rv != 0)
- fail ("FAIL: could not export subject DN: %s\n", gnutls_strerror (rv));
+ buflen = sizeof buf;
+ rv = gnutls_x509_dn_export(sdn, GNUTLS_X509_FMT_DER, buf, &buflen);
+ if (rv != 0)
+ fail("FAIL: could not export subject DN: %s\n",
+ gnutls_strerror(rv));
- if (gnutls_x509_dn_init (&dn2) != 0)
- fail ("FAIL: DN init.\n");
+ if (gnutls_x509_dn_init(&dn2) != 0)
+ fail("FAIL: DN init.\n");
- datum.data = buf;
- datum.size = buflen;
+ datum.data = buf;
+ datum.size = buflen;
- if (gnutls_x509_dn_import (dn2, &datum) != 0)
- fail ("FAIL: re-import subject DN.\n");
+ if (gnutls_x509_dn_import(dn2, &datum) != 0)
+ fail("FAIL: re-import subject DN.\n");
- buf2len = sizeof buf2;
- rv = gnutls_x509_dn_export (dn2, GNUTLS_X509_FMT_DER, buf2, &buf2len);
- if (rv != 0)
- fail ("FAIL: could not export subject DN: %s\n", gnutls_strerror (rv));
+ buf2len = sizeof buf2;
+ rv = gnutls_x509_dn_export(dn2, GNUTLS_X509_FMT_DER, buf2,
+ &buf2len);
+ if (rv != 0)
+ fail("FAIL: could not export subject DN: %s\n",
+ gnutls_strerror(rv));
- if (buflen == buf2len && memcmp (buf, buf2, buflen) != 0)
- fail ("FAIL: export/import/export differ.\n");
+ if (buflen == buf2len && memcmp(buf, buf2, buflen) != 0)
+ fail("FAIL: export/import/export differ.\n");
- gnutls_x509_dn_deinit (dn2);
+ gnutls_x509_dn_deinit(dn2);
- gnutls_x509_crt_deinit (cert);
+ gnutls_x509_crt_deinit(cert);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
diff --git a/tests/mpi.c b/tests/mpi.c
index 3f7e0e725f..40788fd72d 100644
--- a/tests/mpi.c
+++ b/tests/mpi.c
@@ -32,58 +32,58 @@
#include "../lib/gnutls_errors.h"
#include "../lib/debug.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-#define RND_BITS 510 /* not multiple of 8 */
-void
-doit (void)
+#define RND_BITS 510 /* not multiple of 8 */
+void doit(void)
{
- int rc;
- bigint_t n1, n2, n3, n4;
+ int rc;
+ bigint_t n1, n2, n3, n4;
- global_init ();
+ global_init();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (99);
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(99);
- n1 = _gnutls_mpi_new (1000);
- if (n1 == NULL)
- fail ("mpi_new failed\n");
+ n1 = _gnutls_mpi_new(1000);
+ if (n1 == NULL)
+ fail("mpi_new failed\n");
- n2 = _gnutls_mpi_set_ui (NULL, 2);
- if (n2 == NULL)
- fail ("mpi_set_ui failed\n");
+ n2 = _gnutls_mpi_set_ui(NULL, 2);
+ if (n2 == NULL)
+ fail("mpi_set_ui failed\n");
- n3 = _gnutls_mpi_set_ui (NULL, 5);
- if (n3 == NULL)
- fail ("mpi_set_ui failed\n");
+ n3 = _gnutls_mpi_set_ui(NULL, 5);
+ if (n3 == NULL)
+ fail("mpi_set_ui failed\n");
- _gnutls_mpi_randomize (n1, RND_BITS, GNUTLS_RND_NONCE);
+ _gnutls_mpi_randomize(n1, RND_BITS, GNUTLS_RND_NONCE);
- _gnutls_mpi_log ("rand:", n1);
+ _gnutls_mpi_log("rand:", n1);
- rc = _gnutls_mpi_get_nbits (n1);
- if (rc > RND_BITS)
- fail ("mpi_get_nbits failed... returned %d\n", rc);
+ rc = _gnutls_mpi_get_nbits(n1);
+ if (rc > RND_BITS)
+ fail("mpi_get_nbits failed... returned %d\n", rc);
- n4 = _gnutls_mpi_addm (NULL, n1, n3, n2);
- if (n4 == NULL)
- fail ("mpi_set_ui failed\n");
+ n4 = _gnutls_mpi_addm(NULL, n1, n3, n2);
+ if (n4 == NULL)
+ fail("mpi_set_ui failed\n");
- if (_gnutls_mpi_cmp_ui (n4, 0) != 0 && _gnutls_mpi_cmp_ui (n4, 1) != 0)
- fail ("mpi_cmp_ui failed\n");
+ if (_gnutls_mpi_cmp_ui(n4, 0) != 0
+ && _gnutls_mpi_cmp_ui(n4, 1) != 0)
+ fail("mpi_cmp_ui failed\n");
- _gnutls_mpi_release (&n1);
- _gnutls_mpi_release (&n2);
- _gnutls_mpi_release (&n3);
- _gnutls_mpi_release (&n4);
+ _gnutls_mpi_release(&n1);
+ _gnutls_mpi_release(&n2);
+ _gnutls_mpi_release(&n3);
+ _gnutls_mpi_release(&n4);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- if (debug) success ("mpi ops ok\n");
+ if (debug)
+ success("mpi ops ok\n");
}
diff --git a/tests/nul-in-x509-names.c b/tests/nul-in-x509-names.c
index aac7594bc8..208bd3899b 100644
--- a/tests/nul-in-x509-names.c
+++ b/tests/nul-in-x509-names.c
@@ -36,118 +36,113 @@
certs that trigger this bug. */
static char badguy_nul_cn_data[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES\n"
- "MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N\n"
- "eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k\n"
- "bHkgQ0EwHhcNMDkwODA0MDczMzQzWhcNMTkwODAyMDczMzQzWjAjMSEwHwYDVQQD\n"
- "Exh3d3cuYmFuay5jb20ALmJhZGd1eS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB\n"
- "DwAwggEKAoIBAQDNJnCWqaZdPpztDwgVWnwXJWhorxO5rUH6ElTihHJ9WNHiQELB\n"
- "We0FPaoQU3AAiDp3oMBWnqx9ISpxRFEIvBcH2qijdtxRvBuK9gIaVb9GtERrJ16+\n"
- "5ReLVrLGgjYRg6i/9y8NF/bNR7VvK6ZBto0zX+rqi7Ea4pk4/1lbCqFxE8o3P7mw\n"
- "HpGayJM1DErgnfTSYcdOW0EKfDFUmdv1Zc6A08ICN2T9VBJ76qyFWVwX4S720Kjy\n"
- "0C6UWS/Cpl/aB957LhQH7eQnJDedCS6x+VpIuYAkQ+bLx24139VpNP/m1p7odmZu\n"
- "X1kBPJY77HILPB6VD85oE5wi3Ru1RChQSgV/AgMBAAGjezB5MAkGA1UdEwQCMAAw\n"
- "LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G\n"
- "A1UdDgQWBBQzFSS+2mY6BovZJzQ6r2JA5JVmXTAfBgNVHSMEGDAWgBQKaTlfnTAE\n"
- "GAguAg7m6p2yJvbiajANBgkqhkiG9w0BAQUFAAOCAQEAMmUjH8jZU4SC0ArrFFEk\n"
- "A7xsGypa/hvw6GkMKxmGz38ydtgr0s+LxNG2W5xgo5kuknIGzt6L0qLSiXwTqQtO\n"
- "vhIJ5dYoOqynJlaUfxPuZH3elGB1wbxVl9SqE44C2LCwcFOuGFPOqrIshT7j8+Em\n"
- "8/pc7vh7C8Y5tQQzXq64Xg5mzKjAag3sYMHF2TnqvRuPHH0WOLHoyDcBqkuZ3+QP\n"
- "EL5h7prPzScFRgBg2Gp0CDI8i5ABagczDGyQ2+r7ahcadrtzFCfhpH7V3TCxXfIO\n"
- "qtSy1Uz2T5EqB/Q3wc9IGcX+fpKWqN9QajGSo7EU/kHMSWKYTerFugUtScMicu9B\n"
- "CQ==\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES\n"
+ "MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N\n"
+ "eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k\n"
+ "bHkgQ0EwHhcNMDkwODA0MDczMzQzWhcNMTkwODAyMDczMzQzWjAjMSEwHwYDVQQD\n"
+ "Exh3d3cuYmFuay5jb20ALmJhZGd1eS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB\n"
+ "DwAwggEKAoIBAQDNJnCWqaZdPpztDwgVWnwXJWhorxO5rUH6ElTihHJ9WNHiQELB\n"
+ "We0FPaoQU3AAiDp3oMBWnqx9ISpxRFEIvBcH2qijdtxRvBuK9gIaVb9GtERrJ16+\n"
+ "5ReLVrLGgjYRg6i/9y8NF/bNR7VvK6ZBto0zX+rqi7Ea4pk4/1lbCqFxE8o3P7mw\n"
+ "HpGayJM1DErgnfTSYcdOW0EKfDFUmdv1Zc6A08ICN2T9VBJ76qyFWVwX4S720Kjy\n"
+ "0C6UWS/Cpl/aB957LhQH7eQnJDedCS6x+VpIuYAkQ+bLx24139VpNP/m1p7odmZu\n"
+ "X1kBPJY77HILPB6VD85oE5wi3Ru1RChQSgV/AgMBAAGjezB5MAkGA1UdEwQCMAAw\n"
+ "LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G\n"
+ "A1UdDgQWBBQzFSS+2mY6BovZJzQ6r2JA5JVmXTAfBgNVHSMEGDAWgBQKaTlfnTAE\n"
+ "GAguAg7m6p2yJvbiajANBgkqhkiG9w0BAQUFAAOCAQEAMmUjH8jZU4SC0ArrFFEk\n"
+ "A7xsGypa/hvw6GkMKxmGz38ydtgr0s+LxNG2W5xgo5kuknIGzt6L0qLSiXwTqQtO\n"
+ "vhIJ5dYoOqynJlaUfxPuZH3elGB1wbxVl9SqE44C2LCwcFOuGFPOqrIshT7j8+Em\n"
+ "8/pc7vh7C8Y5tQQzXq64Xg5mzKjAag3sYMHF2TnqvRuPHH0WOLHoyDcBqkuZ3+QP\n"
+ "EL5h7prPzScFRgBg2Gp0CDI8i5ABagczDGyQ2+r7ahcadrtzFCfhpH7V3TCxXfIO\n"
+ "qtSy1Uz2T5EqB/Q3wc9IGcX+fpKWqN9QajGSo7EU/kHMSWKYTerFugUtScMicu9B\n"
+ "CQ==\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t badguy_nul_cn = {
- (void*)badguy_nul_cn_data, sizeof (badguy_nul_cn_data)
+ (void *) badguy_nul_cn_data, sizeof(badguy_nul_cn_data)
};
static char badguy_nul_san_data[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDrTCCApWgAwIBAgIBADANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES\n"
- "MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N\n"
- "eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k\n"
- "bHkgQ0EwHhcNMDkwODA0MDY1MzA1WhcNMTkwODAyMDY1MzA1WjAZMRcwFQYDVQQD\n"
- "Ew53d3cuYmFkZ3V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "AM0mcJappl0+nO0PCBVafBclaGivE7mtQfoSVOKEcn1Y0eJAQsFZ7QU9qhBTcACI\n"
- "OnegwFaerH0hKnFEUQi8FwfaqKN23FG8G4r2AhpVv0a0RGsnXr7lF4tWssaCNhGD\n"
- "qL/3Lw0X9s1HtW8rpkG2jTNf6uqLsRrimTj/WVsKoXETyjc/ubAekZrIkzUMSuCd\n"
- "9NJhx05bQQp8MVSZ2/VlzoDTwgI3ZP1UEnvqrIVZXBfhLvbQqPLQLpRZL8KmX9oH\n"
- "3nsuFAft5CckN50JLrH5Wki5gCRD5svHbjXf1Wk0/+bWnuh2Zm5fWQE8ljvscgs8\n"
- "HpUPzmgTnCLdG7VEKFBKBX8CAwEAAaOBpDCBoTAJBgNVHRMEAjAAMCwGCWCGSAGG\n"
- "+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU\n"
- "MxUkvtpmOgaL2Sc0Oq9iQOSVZl0wHwYDVR0jBBgwFoAUCmk5X50wBBgILgIO5uqd\n"
- "sib24mowJgYDVR0RBB8wHYIbd3d3LmJhbmsuY29tAHd3dy5iYWRndXkuY29tMA0G\n"
- "CSqGSIb3DQEBBQUAA4IBAQAnbn2zqYZSV2qgxjBsHpQJp2+t/hGfvjKNAXuLlGbX\n"
- "fLaxkPzk9bYyvGxxI7EYiNZHvNoHx15GcTrmQG7Bfx1WlnBl2FGp3J6lBgCY5x4Q\n"
- "vIK6AOVOog8+7Irdb8bJweztbXwxPmaHR6GLFTwhfuwheD0hcHK6cMNk+B1P2dAn\n"
- "PD5+olmuvprTAESncjrjP8ibxY+xlP4AD264FIjxA1CRUa/wHve4WqRXNS3xrciu\n"
- "3SlhFH3q0TSAXBv960PcIW3GRPk7VHbEkVuspI5y59gk/6dawO8nw9fk+X9VjQ0w\n"
- "7KLZbch29L6UPRIySpFP28PndgdaEpcYtxUAmFkhiT41\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDrTCCApWgAwIBAgIBADANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES\n"
+ "MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N\n"
+ "eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k\n"
+ "bHkgQ0EwHhcNMDkwODA0MDY1MzA1WhcNMTkwODAyMDY1MzA1WjAZMRcwFQYDVQQD\n"
+ "Ew53d3cuYmFkZ3V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "AM0mcJappl0+nO0PCBVafBclaGivE7mtQfoSVOKEcn1Y0eJAQsFZ7QU9qhBTcACI\n"
+ "OnegwFaerH0hKnFEUQi8FwfaqKN23FG8G4r2AhpVv0a0RGsnXr7lF4tWssaCNhGD\n"
+ "qL/3Lw0X9s1HtW8rpkG2jTNf6uqLsRrimTj/WVsKoXETyjc/ubAekZrIkzUMSuCd\n"
+ "9NJhx05bQQp8MVSZ2/VlzoDTwgI3ZP1UEnvqrIVZXBfhLvbQqPLQLpRZL8KmX9oH\n"
+ "3nsuFAft5CckN50JLrH5Wki5gCRD5svHbjXf1Wk0/+bWnuh2Zm5fWQE8ljvscgs8\n"
+ "HpUPzmgTnCLdG7VEKFBKBX8CAwEAAaOBpDCBoTAJBgNVHRMEAjAAMCwGCWCGSAGG\n"
+ "+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU\n"
+ "MxUkvtpmOgaL2Sc0Oq9iQOSVZl0wHwYDVR0jBBgwFoAUCmk5X50wBBgILgIO5uqd\n"
+ "sib24mowJgYDVR0RBB8wHYIbd3d3LmJhbmsuY29tAHd3dy5iYWRndXkuY29tMA0G\n"
+ "CSqGSIb3DQEBBQUAA4IBAQAnbn2zqYZSV2qgxjBsHpQJp2+t/hGfvjKNAXuLlGbX\n"
+ "fLaxkPzk9bYyvGxxI7EYiNZHvNoHx15GcTrmQG7Bfx1WlnBl2FGp3J6lBgCY5x4Q\n"
+ "vIK6AOVOog8+7Irdb8bJweztbXwxPmaHR6GLFTwhfuwheD0hcHK6cMNk+B1P2dAn\n"
+ "PD5+olmuvprTAESncjrjP8ibxY+xlP4AD264FIjxA1CRUa/wHve4WqRXNS3xrciu\n"
+ "3SlhFH3q0TSAXBv960PcIW3GRPk7VHbEkVuspI5y59gk/6dawO8nw9fk+X9VjQ0w\n"
+ "7KLZbch29L6UPRIySpFP28PndgdaEpcYtxUAmFkhiT41\n"
+ "-----END CERTIFICATE-----\n";
const gnutls_datum_t badguy_nul_san = {
- (void*)badguy_nul_san_data, sizeof (badguy_nul_san_data)
+ (void *) badguy_nul_san_data, sizeof(badguy_nul_san_data)
};
-void
-doit (void)
+void doit(void)
{
- gnutls_x509_crt_t crt;
- int ret;
-
- ret = global_init ();
- if (ret < 0)
- {
- fail ("global_init");
- exit (1);
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret != 0)
- {
- fail ("gnutls_x509_crt_init");
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (crt, &badguy_nul_cn, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_import");
- exit (1);
- }
-
- ret = gnutls_x509_crt_check_hostname (crt, "www.bank.com");
- if (ret == 0)
- {
- if (debug)
- success ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)");
- }
- else
- {
- fail ("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-CN)");
- }
-
- ret = gnutls_x509_crt_import (crt, &badguy_nul_san, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_import");
- exit (1);
- }
-
- ret = gnutls_x509_crt_check_hostname (crt, "www.bank.com");
- if (ret == 0)
- {
- if (debug)
- success ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)");
- }
- else
- {
- fail ("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-SAN)");
- }
-
- gnutls_x509_crt_deinit (crt);
-
- gnutls_global_deinit ();
+ gnutls_x509_crt_t crt;
+ int ret;
+
+ ret = global_init();
+ if (ret < 0) {
+ fail("global_init");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret != 0) {
+ fail("gnutls_x509_crt_init");
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(crt, &badguy_nul_cn,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_import");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_check_hostname(crt, "www.bank.com");
+ if (ret == 0) {
+ if (debug)
+ success
+ ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)");
+ } else {
+ fail("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-CN)");
+ }
+
+ ret =
+ gnutls_x509_crt_import(crt, &badguy_nul_san,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_import");
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_check_hostname(crt, "www.bank.com");
+ if (ret == 0) {
+ if (debug)
+ success
+ ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)");
+ } else {
+ fail("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-SAN)");
+ }
+
+ gnutls_x509_crt_deinit(crt);
+
+ gnutls_global_deinit();
}
diff --git a/tests/ocsp.c b/tests/ocsp.c
index 9354897382..7269d9364e 100644
--- a/tests/ocsp.c
+++ b/tests/ocsp.c
@@ -33,28 +33,27 @@
#include "utils.h"
-static time_t mytime (time_t * t)
+static time_t mytime(time_t * t)
{
- time_t then = 1332548220;
+ time_t then = 1332548220;
- if (t)
- *t = then;
+ if (t)
+ *t = then;
- return then;
+ return then;
}
/* sample request */
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
#define REQ1 "\x30\x67\x30\x65\x30\x3e\x30\x3c\x30\x3a\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\x13\x9d\xa0\x9e\xf4\x32\xab\x8f\xe2\x89\x56\x67\xfa\xd0\xd4\xe3\x35\x86\x71\xb9\x04\x14\x5d\xa7\xdd\x70\x06\x51\x32\x7e\xe7\xb6\x6d\xb3\xb5\xe5\xe0\x60\xea\x2e\x4d\xef\x02\x01\x1d\xa2\x23\x30\x21\x30\x1f\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x35\xc5\xe3\x50\xc3\xcf\x04\x33\xcc\x9e\x06\x3a\x9a\x18\x80\xcc"
static const gnutls_datum_t req1 =
- { (unsigned char *) REQ1, sizeof (REQ1) - 1 };
+ { (unsigned char *) REQ1, sizeof(REQ1) - 1 };
#define REQ1INFO \
"OCSP Request Information:\n" \
@@ -79,7 +78,7 @@ static const gnutls_datum_t req1 =
#define RESP1 "\x30\x03\x0a\x01\x01"
static const gnutls_datum_t resp1 =
- { (unsigned char*) RESP1, sizeof (RESP1) - 1 };
+ { (unsigned char *) RESP1, sizeof(RESP1) - 1 };
#define RESP1INFO \
"OCSP Response Information:\n" \
@@ -126,1352 +125,1228 @@ static const gnutls_datum_t resp1 =
/* cut */
static const gnutls_datum_t resp2 =
- { (unsigned char*) RESP2, sizeof (RESP2) - 1 };
+ { (unsigned char *) RESP2, sizeof(RESP2) - 1 };
static unsigned char issuer_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ\n"
- "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS\n"
- "b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE\n"
- "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u\n"
- "Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y\n"
- "X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f\n"
- "FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc\n"
- "4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/\n"
- "7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5\n"
- "gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr\n"
- "K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG\n"
- "A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j\n"
- "BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw\n"
- "FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv\n"
- "b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in\n"
- "Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n\n"
- "1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y\n"
- "vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si\n"
- "7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa\n"
- "Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n"
- "-----END CERTIFICATE-----\n";
-const gnutls_datum_t issuer_data = { issuer_pem, sizeof (issuer_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ\n"
+ "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS\n"
+ "b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE\n"
+ "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u\n"
+ "Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y\n"
+ "X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f\n"
+ "FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc\n"
+ "4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/\n"
+ "7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5\n"
+ "gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr\n"
+ "K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG\n"
+ "A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j\n"
+ "BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw\n"
+ "FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv\n"
+ "b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in\n"
+ "Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n\n"
+ "1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y\n"
+ "vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si\n"
+ "7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa\n"
+ "Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n"
+ "-----END CERTIFICATE-----\n";
+const gnutls_datum_t issuer_data = { issuer_pem, sizeof(issuer_pem) };
static unsigned char subject_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ\n"
- "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS\n"
- "b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE\n"
- "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh\n"
- "cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN\n"
- "AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx\n"
- "6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ\n"
- "Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V\n"
- "Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G\n"
- "I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov\n"
- "x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC\n"
- "MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5\n"
- "tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL\n"
- "MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT\n"
- "EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz\n"
- "d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u\n"
- "b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul\n"
- "GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7\n"
- "ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr\n"
- "F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ\n"
- "L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK\n"
- "ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k\n"
- "Rf5Z0GOR\n"
- "-----END CERTIFICATE-----\n";
-const gnutls_datum_t subject_data = { subject_pem, sizeof (subject_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ\n"
+ "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS\n"
+ "b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE\n"
+ "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh\n"
+ "cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN\n"
+ "AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx\n"
+ "6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ\n"
+ "Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V\n"
+ "Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G\n"
+ "I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov\n"
+ "x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC\n"
+ "MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5\n"
+ "tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL\n"
+ "MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT\n"
+ "EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz\n"
+ "d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u\n"
+ "b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul\n"
+ "GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7\n"
+ "ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr\n"
+ "F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ\n"
+ "L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK\n"
+ "ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k\n"
+ "Rf5Z0GOR\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t subject_data = { subject_pem, sizeof(subject_pem) };
/* For testing verify functions. */
#define BLOG_RESP "\x30\x82\x06\xF8\x0A\x01\x00\xA0\x82\x06\xF1\x30\x82\x06\xED\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\xDE\x30\x82\x06\xDA\x30\x82\x01\x25\xA1\x7E\x30\x7C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x55\x31\x0C\x30\x0A\x06\x03\x55\x04\x08\x13\x03\x4E\x53\x57\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x13\x06\x53\x79\x64\x6E\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x53\x65\x72\x76\x65\x72\x20\x41\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x69\x6F\x6E\x31\x18\x30\x16\x06\x03\x55\x04\x03\x13\x0F\x6F\x63\x73\x70\x2E\x63\x61\x63\x65\x72\x74\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x33\x30\x38\x35\x30\x34\x32\x5A\x30\x66\x30\x64\x30\x3C\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\xF2\x2A\x62\x16\x93\xA6\xDA\x5A\xD0\xB9\x8D\x3A\x13\x5E\x35\xD1\xEB\x18\x36\x61\x04\x14\x75\xA8\x71\x60\x4C\x88\x13\xF0\x78\xD9\x89\x77\xB5\x6D\xC5\x89\xDF\xBC\xB1\x7A\x02\x03\x00\xBC\xE0\x80\x00\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x33\x30\x37\x32\x30\x34\x39\x5A\xA0\x11\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x35\x30\x38\x35\x30\x34\x32\x5A\xA1\x2A\x30\x28\x30\x26\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x19\x04\x17\x73\x69\xD2\xC5\x6F\xC7\x7E\x2E\xB0\x2F\xCC\xC3\xE2\x80\xD6\x2A\xCE\xD3\xDE\x8F\x27\x1B\xB2\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3E\x50\x9D\xE9\xA2\xE0\xCA\x33\x88\x9B\x28\x7E\xE7\xA4\xAF\xDA\xBB\x75\x2D\xD9\x66\xA6\xD5\xFA\x17\x56\xC0\x3B\xDD\x74\xB6\x7E\x42\x2C\x28\xD0\x73\x91\x54\x69\xFA\xCF\xD8\xC7\x74\x1C\x5D\xBC\x8E\xCD\xE3\x0E\xD5\x3F\x80\x71\x9C\x95\x53\xC4\xD1\x95\x63\x5D\x72\xCE\xCC\x77\x9D\x7C\xAD\x47\x3F\x34\xDA\x90\x80\xC5\x15\xE1\x2B\xEE\x98\x57\xA3\xA7\x9F\xA2\xC3\xF5\x5E\xF7\x13\x26\x52\xDA\x09\x38\x5B\x18\x91\x07\x38\xCF\x09\xDA\x08\xED\x80\x4F\x26\x3A\xB9\xBE\xF6\xED\x65\x3F\xB1\x3A\x6D\xA3\x87\x22\xA3\x2A\xA5\x99\xCC\x06\xF3\x5A\xD5\x34\xFB\x9E\x32\x28\xC3\x3E\xF4\xAF\x33\x02\xCF\x6A\x74\x73\x17\x24\x17\x41\x0D\x7E\x86\x79\x83\x34\xE8\x82\x0A\x0D\x21\xED\xCB\x3B\xB7\x31\x64\xC9\xB6\x1E\xC7\x0C\x75\xCE\xBA\xB7\xDC\xB2\x67\x96\x2B\xAD\xBF\x86\x22\x81\x54\x66\xBA\x68\x89\xD7\x7E\x35\x60\x93\xEC\x6B\xD8\x59\x23\xA0\xD0\x95\x55\x8F\x93\x52\x48\x4E\x48\xCB\x92\xE9\x67\x71\x60\x07\xC9\xA3\x3B\xAC\xD1\xEA\x5B\x71\xDB\xC1\x94\x79\x85\x55\x8C\x03\x61\x9E\xC7\xD6\x32\x40\xFA\xDD\xF6\xC9\xF8\xE0\xFF\x4D\xAC\x54\xED\x61\xFE\xB2\xA0\x82\x04\x99\x30\x82\x04\x95\x30\x82\x04\x91\x30\x82\x02\x79\xA0\x03\x02\x01\x02\x02\x03\x00\xDC\xA6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x54\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x43\x41\x63\x65\x72\x74\x2E\x6F\x72\x67\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x43\x41\x63\x65\x72\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x31\x31\x30\x38\x32\x33\x30\x30\x30\x38\x33\x37\x5A\x17\x0D\x31\x33\x30\x38\x32\x32\x30\x30\x30\x38\x33\x37\x5A\x30\x7C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x55\x31\x0C\x30\x0A\x06\x03\x55\x04\x08\x13\x03\x4E\x53\x57\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x13\x06\x53\x79\x64\x6E\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x53\x65\x72\x76\x65\x72\x20\x41\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x69\x6F\x6E\x31\x18\x30\x16\x06\x03\x55\x04\x03\x13\x0F\x6F\x63\x73\x70\x2E\x63\x61\x63\x65\x72\x74\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x9C\xC6\xD4\x6F\xE4\x23\xC7\xC3\x70\x4B\x75\x1F\xE4\xFC\xAE\xF6\x62\xC4\x60\xA1\xD6\xCF\xF9\x47\x40\x38\xD9\xAF\x06\xF5\xB3\x87\x09\xBA\x07\xC8\x7A\x3B\xE3\x3A\xE2\xC1\x6B\xDB\x0E\x9B\x7B\xB4\x98\x04\x40\x88\xC8\xE4\x20\x34\x9D\x5F\x94\xAE\x0C\xA0\x05\xA1\x74\x10\x3F\x1F\x93\x6D\xC5\xA0\xCE\x29\xB0\x2A\x03\x6E\xED\x3B\xD1\x9A\x7A\xF7\x0F\xA7\xB7\x39\xD7\xC3\xB4\xDE\x15\x67\x94\xF2\xEF\xB0\xDD\x5F\xE3\xC9\xD8\xD2\x34\x0E\x5D\x44\xDF\xBF\x99\xD8\x5E\x60\xF4\x39\x24\x8A\xFD\x5D\xC8\x46\x8D\x0A\xB1\x60\x7A\x4F\xD5\x27\x30\x60\x9E\x13\x06\xF8\x3A\xAA\xB3\xBB\x33\x34\x6F\x84\x81\x7E\x5C\xCC\x12\x89\xF2\xFE\x6E\x93\x83\xFA\x8B\xEE\xAB\x36\x4C\xB6\x40\xA9\xEE\xFB\xF8\x16\x5A\x55\xD1\x64\x0D\x49\xDA\x04\xDE\xD1\xC8\xCA\xEE\x5F\x24\xB1\x79\x78\xB3\x9A\x88\x13\xDD\x68\x51\x39\xE9\x68\x31\xAF\xD7\xF8\x4D\x35\x6D\x60\x58\x04\x42\xBB\x55\x92\x18\xF6\x98\x01\xA5\x74\x3B\xBC\x36\xDB\x20\x68\x18\xB8\x85\xD4\x8B\x6D\x30\x87\x4D\xD6\x33\x2D\x7A\x54\x36\x1D\x57\x42\x14\x5C\x7A\x62\x74\xD5\x1E\x2B\xD5\xBF\x04\xF3\xFF\xEC\x03\xC1\x02\x03\x01\x00\x01\xA3\x44\x30\x42\x30\x0C\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x02\x30\x00\x30\x27\x06\x03\x55\x1D\x25\x04\x20\x30\x1E\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x02\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x09\x06\x03\x55\x1D\x11\x04\x02\x30\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x50\xDD\x63\xB7\x1A\x6F\x91\x4C\xE8\x7F\x82\x1A\x27\x04\x81\x05\xBB\xA6\x69\xAC\x41\x7B\x62\xFC\x4B\x08\xDC\x60\xCF\xB2\x5A\xF1\xB4\xB5\x27\x69\x6B\x12\xE4\x07\xC8\x16\xCE\x3B\x42\xCC\x02\x90\x66\x0E\x79\xB8\x6C\x4B\x90\x00\xC5\x66\x64\x92\x2B\x2B\x48\x0E\x84\xC2\x6D\xBF\xA5\xDE\x16\xE3\xBD\x19\xF5\x5C\x93\xA1\x86\x7F\xD9\x89\x78\x6A\x3F\x83\xF0\xAA\xF8\xEA\x1D\xA4\x13\xF7\x2A\x15\x4C\x51\x9C\xC4\xB0\xBE\x58\x66\xCF\x4C\x6C\x3D\x31\xE5\xF9\x54\x21\xCD\xA1\x30\x01\x6A\xB3\x1A\x48\x85\x34\x93\xB8\xF9\x15\x19\x48\x34\x8D\x73\xE7\x03\x50\xAF\xDE\x50\xC7\x62\xAF\x25\x22\x2B\xF6\xE8\x37\x2E\xE4\x71\xA9\x5C\x26\xEA\x79\xCB\x04\x29\x73\x6B\x8F\xDF\x1F\x5C\x41\x52\xC0\x36\xAA\xD7\x7D\x8E\x44\x54\x98\x06\x4C\x63\xA6\x0B\x01\x94\x5D\x0C\x5C\xD4\xCF\xCB\x0B\x7B\x2D\x56\xCC\xBF\x97\x7F\x15\x24\x1D\xBA\xEA\xB7\x97\xB0\x32\xAD\xFC\xEA\x6D\x94\x39\x7A\xE3\x25\x54\xFC\x4A\xF5\x3D\xBD\x2E\xD5\x31\x07\x49\x24\xCC\x92\x69\x0E\x79\xB9\xDF\xDB\x36\xBF\x04\x44\x15\xD0\x46\x99\x8C\xD2\x4C\x94\x38\x0E\x10\x64\x13\xAB\xD9\x1B\x54\x02\x31\x56\x20\xEE\x69\x95\xDF\x39\xBB\xE9\xA7\x6D\xC3\x23\x86\x0B\xD6\x34\x40\x37\xC3\xD4\x41\xA8\x2E\x71\x1D\x6E\x5B\xD7\xC5\x9F\x2A\xE6\x02\x80\xAE\x0A\x28\x69\x63\x4B\x89\x2E\xBD\x4F\x42\x58\xFB\x86\x9A\xA2\x18\xDC\xC6\x32\xC1\x46\xBA\x28\xD2\x8B\xCE\x56\x63\x04\x80\x51\x51\x39\x00\x3B\x00\xB9\x5F\x67\xFA\x90\x1E\xDA\x76\xB5\x31\xA5\xBD\x11\xD2\x5F\xDA\x5D\xD5\xF7\xEE\xAB\xC0\x62\x74\x60\x47\x32\x42\xFD\xB2\x2E\x04\x3A\x2E\xF2\xC8\xB3\x41\xA3\xBD\xFE\x94\x5F\xEF\x6E\xD7\x92\x7C\x1D\x04\xF0\xC6\x53\x8E\x46\xDC\x30\x3A\x35\x5F\x1A\x4B\xEA\x3B\x00\x8B\x97\xB5\xB9\xCE\x71\x6E\x5C\xD5\xA0\x0B\xB1\x33\x08\x89\x61\x23\xCF\x97\x9F\x8F\x9A\x50\xB5\xEC\xCE\x40\x8D\x82\x95\x8B\x79\x26\x66\xF3\xF4\x70\xD8\xEE\x58\xDD\x75\x29\xD5\x6A\x91\x51\x7A\x17\xBC\x4F\xD4\xA3\x45\x7B\x84\xE7\xBE\x69\x53\xC1\xE2\x5C\xC8\x45\xA0\x3A\xEC\xDF\x8A\x1E\xC1\x18\x84\x8B\x7A\x4E\x4E\x9E\x3A\x26\xFE\x5D\x22\xD4\xC5\x14\xBE\xEE\x06\xEB\x05\x4A\x66\xC9\xA4\xB3\x68\x04\xB0\x5D\x25\x54\xB3\x05\xED\x41\xF0\x65\x69\x6D\xA5\x4E\xB7\x97\xD8\xD8\xF5"
static const gnutls_datum_t blog_resp =
- { (unsigned char*) BLOG_RESP, sizeof (BLOG_RESP) - 1 };
+ { (unsigned char *) BLOG_RESP, sizeof(BLOG_RESP) - 1 };
static unsigned char blog_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIE8DCCAtigAwIBAgIDALzgMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB\n"
- "Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV\n"
- "BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTAxMTE2MjI1MjMzWhcNMTIxMTE1\n"
- "MjI1MjMzWjAdMRswGQYDVQQDExJibG9nLmpvc2Vmc3Nvbi5vcmcwggEiMA0GCSqG\n"
- "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBKA6bm/Kip0i00vU+BOmUF2MBDTwps41c\n"
- "xKN5bDn7usWZj8loi6BHRPE2WzCVPnPRD1FJXBc4rXL8zZWrCRe1b4A+l8NjPN2o\n"
- "uUgJvYLXYQ2hXkvxlPBQPKNOudaOAVsahpyxk6g6Z3mskOfqPhxvjutHvMC4fOsJ\n"
- "1+FstMzvg5SpDd4uYM9m0UK8pbEUSuwW+fxyWqhciSi7kJtdrD6bwx3ub3t9GFkM\n"
- "9uTzImIslTq19w8AHQsTICNnmNwfUGF5XMUIuxun0HlFt2KUP5G3Qg9Cd18wZFql\n"
- "RQJvLA3nbVFtmN3M3yKXnGSsEn38ZJvC+UxFuSfYJN9UwgoG6gwhAgMBAAGjggEA\n"
- "MIH9MAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMB\n"
- "BglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMDMGCCsGAQUFBwEB\n"
- "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2FjZXJ0Lm9yZy8wdQYDVR0R\n"
- "BG4wbIISYmxvZy5qb3NlZnNzb24ub3JnoCAGCCsGAQUFBwgFoBQMEmJsb2cuam9z\n"
- "ZWZzc29uLm9yZ4ISYmxvZy5qb3NlZnNzb24ub3JnoCAGCCsGAQUFBwgFoBQMEmJs\n"
- "b2cuam9zZWZzc29uLm9yZzANBgkqhkiG9w0BAQUFAAOCAgEACQX0KziT81G0XJ4C\n"
- "SlVumGN0KcVPDjtiUYskMpUvyLF951Q4Uuih0Aa9c0LynyZq8yqr6sW5OTmnRfSU\n"
- "DuUK5IH+IPq5PU7qteQSIy+63yjMQ+1wye1zfCWI+MyaS54AOn6uZObsr4grq41i\n"
- "sTwnX8OF/z15dQBjDR18WoehsnbuMz3Ld7+w5UcVWRGDzTyZ7JrYisEywQ7TXcoK\n"
- "1IlhD1TqwFucH7lIr4mPWNjL7Nw0sw11HN0Syt9H3upcq6lqyEI0ygfNZ9cdxvmX\n"
- "WqOBxxLc6G/87G4nGW4jw3WrCX7LqSmChlR3SbEC1UhWpaQMQ+mOU5+vXon7blRV\n"
- "zGJ/1wK8mKu3fKw9rm5TQ1xfJuRABbzsD3BrrUaHlREQQ+i6SCPVFGer6oeAaxyv\n"
- "so0NCbmBQkcpmUUl0COIR/Lh/YT78PjIEfxaUnUlaZXvCbKPKP2cM8LY7ltEaTgJ\n"
- "4W6sZi3QNFySzd4sz7J/YhY/jGjqku7TfpN/GOheW8AzKTBlm3WLps1YXys4TKrB\n"
- "0RStfaPfRJI1PeSlrWl6+kQu/5O8WA8NK0JZ/0Jc4d5LNrtUXo4VU9XCthrxLkgL\n"
- "3XWgZKFrqJd1UeJJ7OvkRYfI1c5i4oAP5ksuF0SHTpqnXE8K39kUnUx3B+ItJlZP\n"
- "VXTFhXRc06QwYqYXuYSAmj7/GJk=\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIE8DCCAtigAwIBAgIDALzgMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB\n"
+ "Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV\n"
+ "BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTAxMTE2MjI1MjMzWhcNMTIxMTE1\n"
+ "MjI1MjMzWjAdMRswGQYDVQQDExJibG9nLmpvc2Vmc3Nvbi5vcmcwggEiMA0GCSqG\n"
+ "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBKA6bm/Kip0i00vU+BOmUF2MBDTwps41c\n"
+ "xKN5bDn7usWZj8loi6BHRPE2WzCVPnPRD1FJXBc4rXL8zZWrCRe1b4A+l8NjPN2o\n"
+ "uUgJvYLXYQ2hXkvxlPBQPKNOudaOAVsahpyxk6g6Z3mskOfqPhxvjutHvMC4fOsJ\n"
+ "1+FstMzvg5SpDd4uYM9m0UK8pbEUSuwW+fxyWqhciSi7kJtdrD6bwx3ub3t9GFkM\n"
+ "9uTzImIslTq19w8AHQsTICNnmNwfUGF5XMUIuxun0HlFt2KUP5G3Qg9Cd18wZFql\n"
+ "RQJvLA3nbVFtmN3M3yKXnGSsEn38ZJvC+UxFuSfYJN9UwgoG6gwhAgMBAAGjggEA\n"
+ "MIH9MAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMB\n"
+ "BglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMDMGCCsGAQUFBwEB\n"
+ "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2FjZXJ0Lm9yZy8wdQYDVR0R\n"
+ "BG4wbIISYmxvZy5qb3NlZnNzb24ub3JnoCAGCCsGAQUFBwgFoBQMEmJsb2cuam9z\n"
+ "ZWZzc29uLm9yZ4ISYmxvZy5qb3NlZnNzb24ub3JnoCAGCCsGAQUFBwgFoBQMEmJs\n"
+ "b2cuam9zZWZzc29uLm9yZzANBgkqhkiG9w0BAQUFAAOCAgEACQX0KziT81G0XJ4C\n"
+ "SlVumGN0KcVPDjtiUYskMpUvyLF951Q4Uuih0Aa9c0LynyZq8yqr6sW5OTmnRfSU\n"
+ "DuUK5IH+IPq5PU7qteQSIy+63yjMQ+1wye1zfCWI+MyaS54AOn6uZObsr4grq41i\n"
+ "sTwnX8OF/z15dQBjDR18WoehsnbuMz3Ld7+w5UcVWRGDzTyZ7JrYisEywQ7TXcoK\n"
+ "1IlhD1TqwFucH7lIr4mPWNjL7Nw0sw11HN0Syt9H3upcq6lqyEI0ygfNZ9cdxvmX\n"
+ "WqOBxxLc6G/87G4nGW4jw3WrCX7LqSmChlR3SbEC1UhWpaQMQ+mOU5+vXon7blRV\n"
+ "zGJ/1wK8mKu3fKw9rm5TQ1xfJuRABbzsD3BrrUaHlREQQ+i6SCPVFGer6oeAaxyv\n"
+ "so0NCbmBQkcpmUUl0COIR/Lh/YT78PjIEfxaUnUlaZXvCbKPKP2cM8LY7ltEaTgJ\n"
+ "4W6sZi3QNFySzd4sz7J/YhY/jGjqku7TfpN/GOheW8AzKTBlm3WLps1YXys4TKrB\n"
+ "0RStfaPfRJI1PeSlrWl6+kQu/5O8WA8NK0JZ/0Jc4d5LNrtUXo4VU9XCthrxLkgL\n"
+ "3XWgZKFrqJd1UeJJ7OvkRYfI1c5i4oAP5ksuF0SHTpqnXE8K39kUnUx3B+ItJlZP\n"
+ "VXTFhXRc06QwYqYXuYSAmj7/GJk=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t blog_cert_data = { blog_cert_pem,
- sizeof (blog_cert_pem) };
+ sizeof(blog_cert_pem)
+};
static unsigned char blog_issuer_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv\n"
- "b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ\n"
- "Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y\n"
- "dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU\n"
- "MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0\n"
- "Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN\n"
- "AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a\n"
- "iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1\n"
- "aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C\n"
- "jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia\n"
- "pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0\n"
- "FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt\n"
- "XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL\n"
- "oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6\n"
- "R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp\n"
- "rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/\n"
- "LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA\n"
- "BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow\n"
- "gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV\n"
- "BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG\n"
- "A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS\n"
- "c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH\n"
- "AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr\n"
- "BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB\n"
- "MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y\n"
- "Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj\n"
- "ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5\n"
- "b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D\n"
- "QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc\n"
- "7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH\n"
- "Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4\n"
- "D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3\n"
- "VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a\n"
- "lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW\n"
- "Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt\n"
- "hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz\n"
- "0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn\n"
- "ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT\n"
- "d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60\n"
- "4GGSt/M3mMS+lqO3ig==\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv\n"
+ "b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ\n"
+ "Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y\n"
+ "dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU\n"
+ "MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0\n"
+ "Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN\n"
+ "AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a\n"
+ "iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1\n"
+ "aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C\n"
+ "jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia\n"
+ "pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0\n"
+ "FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt\n"
+ "XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL\n"
+ "oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6\n"
+ "R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp\n"
+ "rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/\n"
+ "LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA\n"
+ "BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow\n"
+ "gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV\n"
+ "BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG\n"
+ "A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS\n"
+ "c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH\n"
+ "AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr\n"
+ "BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB\n"
+ "MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y\n"
+ "Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj\n"
+ "ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5\n"
+ "b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D\n"
+ "QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc\n"
+ "7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH\n"
+ "Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4\n"
+ "D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3\n"
+ "VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a\n"
+ "lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW\n"
+ "Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt\n"
+ "hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz\n"
+ "0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn\n"
+ "ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT\n"
+ "d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60\n"
+ "4GGSt/M3mMS+lqO3ig==\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t blog_issuer_data = { blog_issuer_pem,
- sizeof (blog_issuer_pem) };
+ sizeof(blog_issuer_pem)
+};
static unsigned char blog_signer_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEkTCCAnmgAwIBAgIDANymMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB\n"
- "Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV\n"
- "BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTEwODIzMDAwODM3WhcNMTMwODIy\n"
- "MDAwODM3WjB8MQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZT\n"
- "eWRuZXkxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVTZXJ2ZXIgQWRt\n"
- "aW5pc3RyYXRpb24xGDAWBgNVBAMTD29jc3AuY2FjZXJ0Lm9yZzCCASIwDQYJKoZI\n"
- "hvcNAQEBBQADggEPADCCAQoCggEBAJzG1G/kI8fDcEt1H+T8rvZixGCh1s/5R0A4\n"
- "2a8G9bOHCboHyHo74zriwWvbDpt7tJgEQIjI5CA0nV+UrgygBaF0ED8fk23FoM4p\n"
- "sCoDbu070Zp69w+ntznXw7TeFWeU8u+w3V/jydjSNA5dRN+/mdheYPQ5JIr9XchG\n"
- "jQqxYHpP1ScwYJ4TBvg6qrO7MzRvhIF+XMwSifL+bpOD+ovuqzZMtkCp7vv4FlpV\n"
- "0WQNSdoE3tHIyu5fJLF5eLOaiBPdaFE56Wgxr9f4TTVtYFgEQrtVkhj2mAGldDu8\n"
- "NtsgaBi4hdSLbTCHTdYzLXpUNh1XQhRcemJ01R4r1b8E8//sA8ECAwEAAaNEMEIw\n"
- "DAYDVR0TAQH/BAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsG\n"
- "AQUFBwMJMAkGA1UdEQQCMAAwDQYJKoZIhvcNAQEFBQADggIBAFDdY7cab5FM6H+C\n"
- "GicEgQW7pmmsQXti/EsI3GDPslrxtLUnaWsS5AfIFs47QswCkGYOebhsS5AAxWZk\n"
- "kisrSA6Ewm2/pd4W470Z9VyToYZ/2Yl4aj+D8Kr46h2kE/cqFUxRnMSwvlhmz0xs\n"
- "PTHl+VQhzaEwAWqzGkiFNJO4+RUZSDSNc+cDUK/eUMdiryUiK/boNy7kcalcJup5\n"
- "ywQpc2uP3x9cQVLANqrXfY5EVJgGTGOmCwGUXQxc1M/LC3stVsy/l38VJB266reX\n"
- "sDKt/OptlDl64yVU/Er1Pb0u1TEHSSTMkmkOebnf2za/BEQV0EaZjNJMlDgOEGQT\n"
- "q9kbVAIxViDuaZXfObvpp23DI4YL1jRAN8PUQagucR1uW9fFnyrmAoCuCihpY0uJ\n"
- "Lr1PQlj7hpqiGNzGMsFGuijSi85WYwSAUVE5ADsAuV9n+pAe2na1MaW9EdJf2l3V\n"
- "9+6rwGJ0YEcyQv2yLgQ6LvLIs0Gjvf6UX+9u15J8HQTwxlOORtwwOjVfGkvqOwCL\n"
- "l7W5znFuXNWgC7EzCIlhI8+Xn4+aULXszkCNgpWLeSZm8/Rw2O5Y3XUp1WqRUXoX\n"
- "vE/Uo0V7hOe+aVPB4lzIRaA67N+KHsEYhIt6Tk6eOib+XSLUxRS+7gbrBUpmyaSz\n"
- "aASwXSVUswXtQfBlaW2lTreX2Nj1\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEkTCCAnmgAwIBAgIDANymMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB\n"
+ "Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV\n"
+ "BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTEwODIzMDAwODM3WhcNMTMwODIy\n"
+ "MDAwODM3WjB8MQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZT\n"
+ "eWRuZXkxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVTZXJ2ZXIgQWRt\n"
+ "aW5pc3RyYXRpb24xGDAWBgNVBAMTD29jc3AuY2FjZXJ0Lm9yZzCCASIwDQYJKoZI\n"
+ "hvcNAQEBBQADggEPADCCAQoCggEBAJzG1G/kI8fDcEt1H+T8rvZixGCh1s/5R0A4\n"
+ "2a8G9bOHCboHyHo74zriwWvbDpt7tJgEQIjI5CA0nV+UrgygBaF0ED8fk23FoM4p\n"
+ "sCoDbu070Zp69w+ntznXw7TeFWeU8u+w3V/jydjSNA5dRN+/mdheYPQ5JIr9XchG\n"
+ "jQqxYHpP1ScwYJ4TBvg6qrO7MzRvhIF+XMwSifL+bpOD+ovuqzZMtkCp7vv4FlpV\n"
+ "0WQNSdoE3tHIyu5fJLF5eLOaiBPdaFE56Wgxr9f4TTVtYFgEQrtVkhj2mAGldDu8\n"
+ "NtsgaBi4hdSLbTCHTdYzLXpUNh1XQhRcemJ01R4r1b8E8//sA8ECAwEAAaNEMEIw\n"
+ "DAYDVR0TAQH/BAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsG\n"
+ "AQUFBwMJMAkGA1UdEQQCMAAwDQYJKoZIhvcNAQEFBQADggIBAFDdY7cab5FM6H+C\n"
+ "GicEgQW7pmmsQXti/EsI3GDPslrxtLUnaWsS5AfIFs47QswCkGYOebhsS5AAxWZk\n"
+ "kisrSA6Ewm2/pd4W470Z9VyToYZ/2Yl4aj+D8Kr46h2kE/cqFUxRnMSwvlhmz0xs\n"
+ "PTHl+VQhzaEwAWqzGkiFNJO4+RUZSDSNc+cDUK/eUMdiryUiK/boNy7kcalcJup5\n"
+ "ywQpc2uP3x9cQVLANqrXfY5EVJgGTGOmCwGUXQxc1M/LC3stVsy/l38VJB266reX\n"
+ "sDKt/OptlDl64yVU/Er1Pb0u1TEHSSTMkmkOebnf2za/BEQV0EaZjNJMlDgOEGQT\n"
+ "q9kbVAIxViDuaZXfObvpp23DI4YL1jRAN8PUQagucR1uW9fFnyrmAoCuCihpY0uJ\n"
+ "Lr1PQlj7hpqiGNzGMsFGuijSi85WYwSAUVE5ADsAuV9n+pAe2na1MaW9EdJf2l3V\n"
+ "9+6rwGJ0YEcyQv2yLgQ6LvLIs0Gjvf6UX+9u15J8HQTwxlOORtwwOjVfGkvqOwCL\n"
+ "l7W5znFuXNWgC7EzCIlhI8+Xn4+aULXszkCNgpWLeSZm8/Rw2O5Y3XUp1WqRUXoX\n"
+ "vE/Uo0V7hOe+aVPB4lzIRaA67N+KHsEYhIt6Tk6eOib+XSLUxRS+7gbrBUpmyaSz\n"
+ "aASwXSVUswXtQfBlaW2lTreX2Nj1\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t blog_signer_data = { blog_signer_pem,
- sizeof (blog_signer_pem) };
+ sizeof(blog_signer_pem)
+};
-static void
-ocsp_invalid_calls (void)
+static void ocsp_invalid_calls(void)
{
- gnutls_ocsp_req_t req;
- gnutls_ocsp_resp_t resp;
- gnutls_datum_t dat;
- char c = 42;
- void *p = &c;
- int rc;
-
- rc = gnutls_ocsp_req_init (&req);
- if (rc != GNUTLS_E_SUCCESS)
- {
- fail ("gnutls_ocsp_req_init alloc\n");
- exit (1);
- }
- rc = gnutls_ocsp_resp_init (&resp);
- if (rc != GNUTLS_E_SUCCESS)
- {
- fail ("gnutls_ocsp_resp_init alloc\n");
- exit (1);
- }
-
- gnutls_ocsp_req_deinit (NULL);
- gnutls_ocsp_resp_deinit (NULL);
-
- rc = gnutls_ocsp_req_import (NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_import NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_import (NULL, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_import NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_import (req, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_import NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_import (NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_import NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_import (NULL, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_import NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_import (resp, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_import NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_export (NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_export NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_export (NULL, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_export NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_export (req, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_export NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_export (NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_export NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_export (NULL, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_export NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_export (resp, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_export NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_get_version (NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_get_version NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_get_cert_id (NULL, 0, NULL, NULL, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_get_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_get_cert_id (req, 0, NULL, NULL, NULL, NULL);
- if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- fail ("gnutls_ocsp_req_get_cert_id empty\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (NULL, 0, NULL, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (req, 0, NULL, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, NULL, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, p, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, NULL, p, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, NULL, NULL, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, p, p, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, p, NULL, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1, NULL, p, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert (NULL, 0, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert (req, 0, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
-
- rc = gnutls_ocsp_req_add_cert (req, 0, p, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_add_cert (req, 0, NULL, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_add_cert_id NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_get_extension (NULL, 0, NULL, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_get_extension NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_get_extension (req, 0, NULL, NULL, NULL);
- if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- fail ("gnutls_ocsp_req_get_extension NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_get_extension (req, 0, p, p, p);
- if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- fail ("gnutls_ocsp_req_get_extension NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_set_extension (NULL, NULL, 0, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_set_extension NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_set_extension (req, NULL, 0, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_set_extension NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_set_extension (req, p, 0, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_set_extension NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_set_extension (req, NULL, 0, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_set_extension NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_get_nonce (NULL, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_get_nonce NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_get_nonce (NULL, NULL, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_get_nonce NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_set_nonce (NULL, 0, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_set_nonce NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_set_nonce (req, 0, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_set_nonce NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_req_randomize_nonce (NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_req_randomize_nonce NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_status (NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_get_status NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_status (resp);
- if (rc != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- fail ("gnutls_ocsp_resp_get_status %d\n", rc);
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_response (NULL, NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_get_response NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_response (NULL, p, p);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_get_response NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_response (resp, NULL, NULL);
- if (rc != GNUTLS_E_SUCCESS)
- {
- fail ("gnutls_ocsp_resp_get_response %d\n", rc);
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_version (NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_get_version NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_version (resp);
- if (rc != 1)
- {
- fail ("gnutls_ocsp_resp_get_version ret %d\n", rc);
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_responder (NULL, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_get_responder NULL\n");
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_responder (resp, NULL);
- if (rc != GNUTLS_E_INVALID_REQUEST)
- {
- fail ("gnutls_ocsp_resp_get_responder 2nd %d\n", rc);
- exit (1);
- }
-
- rc = gnutls_ocsp_resp_get_responder (resp, &dat);
- if (rc != GNUTLS_E_SUCCESS || dat.size != 0)
- {
- fail ("gnutls_ocsp_resp_get_responder %d\n", rc);
- exit (1);
- }
-
- gnutls_free (dat.data);
-
- gnutls_ocsp_req_deinit (req);
- gnutls_ocsp_resp_deinit (resp);
+ gnutls_ocsp_req_t req;
+ gnutls_ocsp_resp_t resp;
+ gnutls_datum_t dat;
+ char c = 42;
+ void *p = &c;
+ int rc;
+
+ rc = gnutls_ocsp_req_init(&req);
+ if (rc != GNUTLS_E_SUCCESS) {
+ fail("gnutls_ocsp_req_init alloc\n");
+ exit(1);
+ }
+ rc = gnutls_ocsp_resp_init(&resp);
+ if (rc != GNUTLS_E_SUCCESS) {
+ fail("gnutls_ocsp_resp_init alloc\n");
+ exit(1);
+ }
+
+ gnutls_ocsp_req_deinit(NULL);
+ gnutls_ocsp_resp_deinit(NULL);
+
+ rc = gnutls_ocsp_req_import(NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_import NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_import(NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_import NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_import(req, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_import NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_import(NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_import NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_import(NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_import NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_import(resp, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_import NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_export(NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_export NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_export(NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_export NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_export(req, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_export NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_export(NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_export NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_export(NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_export NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_export(resp, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_export NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_get_version(NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_get_version NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_get_cert_id(NULL, 0, NULL, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_get_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_get_cert_id(req, 0, NULL, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ fail("gnutls_ocsp_req_get_cert_id empty\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(NULL, 0, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(req, 0, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, NULL,
+ NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, NULL,
+ NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, p,
+ NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, NULL,
+ p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, p, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, p, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert(NULL, 0, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert(req, 0, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+
+ rc = gnutls_ocsp_req_add_cert(req, 0, p, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_add_cert(req, 0, NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_add_cert_id NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_get_extension(NULL, 0, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_get_extension NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_get_extension(req, 0, NULL, NULL, NULL);
+ if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ fail("gnutls_ocsp_req_get_extension NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_get_extension(req, 0, p, p, p);
+ if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ fail("gnutls_ocsp_req_get_extension NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_set_extension(NULL, NULL, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_set_extension NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_set_extension(req, NULL, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_set_extension NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_set_extension(req, p, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_set_extension NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_set_extension(req, NULL, 0, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_set_extension NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_get_nonce(NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_get_nonce NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_get_nonce(NULL, NULL, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_get_nonce NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_set_nonce(NULL, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_set_nonce NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_set_nonce(req, 0, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_set_nonce NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_req_randomize_nonce(NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_req_randomize_nonce NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_status(NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_get_status NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_status(resp);
+ if (rc != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ fail("gnutls_ocsp_resp_get_status %d\n", rc);
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_response(NULL, NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_get_response NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_response(NULL, p, p);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_get_response NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_response(resp, NULL, NULL);
+ if (rc != GNUTLS_E_SUCCESS) {
+ fail("gnutls_ocsp_resp_get_response %d\n", rc);
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_version(NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_get_version NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_version(resp);
+ if (rc != 1) {
+ fail("gnutls_ocsp_resp_get_version ret %d\n", rc);
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_responder(NULL, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_get_responder NULL\n");
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_responder(resp, NULL);
+ if (rc != GNUTLS_E_INVALID_REQUEST) {
+ fail("gnutls_ocsp_resp_get_responder 2nd %d\n", rc);
+ exit(1);
+ }
+
+ rc = gnutls_ocsp_resp_get_responder(resp, &dat);
+ if (rc != GNUTLS_E_SUCCESS || dat.size != 0) {
+ fail("gnutls_ocsp_resp_get_responder %d\n", rc);
+ exit(1);
+ }
+
+ gnutls_free(dat.data);
+
+ gnutls_ocsp_req_deinit(req);
+ gnutls_ocsp_resp_deinit(resp);
}
/* import a request, query some fields and print and export it */
-static void
-req_parse (void)
+static void req_parse(void)
{
- gnutls_ocsp_req_t req;
- int ret;
- gnutls_datum_t d;
-
- /* init request */
-
- ret = gnutls_ocsp_req_init (&req);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_init\n");
- exit (1);
- }
-
- /* import ocsp request */
-
- ret = gnutls_ocsp_req_import (req, &req1);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_import %d\n", ret);
- exit (1);
- }
-
- /* simple version query */
-
- ret = gnutls_ocsp_req_get_version (req);
- if (ret != 1)
- {
- fail ("gnutls_ocsp_req_get_version %d\n", ret);
- exit (1);
- }
-
- /* check nonce */
- {
- gnutls_datum_t expect =
- { (unsigned char*) REQ1NONCE + 2, sizeof (REQ1NONCE) - 3 };
- gnutls_datum_t got;
- unsigned int critical;
-
- ret = gnutls_ocsp_req_get_nonce (req, &critical, &got);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_get_nonce %d\n", ret);
- exit (1);
- }
-
- if (critical != 0)
- {
- fail ("unexpected critical %d\n", critical);
- exit (1);
- }
-
- if (expect.size != got.size ||
- memcmp (expect.data, got.data, got.size) != 0)
- {
- fail ("ocsp request nonce memcmp failed\n");
- exit (1);
- }
-
- gnutls_free (got.data);
- }
-
- /* print request */
-
- ret = gnutls_ocsp_req_print (req, GNUTLS_OCSP_PRINT_FULL, &d);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_print\n");
- exit (1);
- }
-
- if (strlen (REQ1INFO) != d.size - 1 ||
- memcmp (REQ1INFO, d.data, strlen (REQ1INFO)) != 0)
- {
- printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen (REQ1INFO), REQ1INFO, (int) d.size - 1,
- (int) d.size, d.data);
- fail ("ocsp request print failed\n");
- exit (1);
- }
- gnutls_free (d.data);
-
- /* test export */
- ret = gnutls_ocsp_req_export (req, &d);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_export %d\n", ret);
- exit (1);
- }
-
- /* compare against earlier imported bytes */
-
- if (req1.size != d.size ||
- memcmp (req1.data, d.data, d.size) != 0)
- {
- fail ("ocsp request export memcmp failed\n");
- exit (1);
- }
- gnutls_free (d.data);
-
- /* test setting nonce */
- {
- gnutls_datum_t n1 = { (unsigned char *) "foo", 3 };
- gnutls_datum_t n2 = { (unsigned char *) "foobar", 6 };
- gnutls_datum_t got;
- unsigned critical;
-
- ret = gnutls_ocsp_req_set_nonce (req, 0, &n1);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_set_nonce %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_req_get_nonce (req, &critical, &got);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_get_nonce %d\n", ret);
- exit (1);
- }
-
- if (critical != 0)
- {
- fail ("unexpected critical %d\n", critical);
- exit (1);
- }
-
- if (n1.size != got.size ||
- memcmp (n1.data, got.data, got.size) != 0)
- {
- fail ("ocsp request parse nonce memcmp failed\n");
- exit (1);
- }
-
- gnutls_free (got.data);
-
- /* set another time */
-
- ret = gnutls_ocsp_req_set_nonce (req, 1, &n2);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_set_nonce %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_req_get_nonce (req, &critical, &got);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_get_nonce %d\n", ret);
- exit (1);
- }
-
- if (critical != 1)
- {
- fail ("unexpected critical %d\n", critical);
- exit (1);
- }
-
- if (n2.size != got.size ||
- memcmp (n2.data, got.data, got.size) != 0)
- {
- fail ("ocsp request parse2 nonce memcmp failed\n");
- exit (1);
- }
-
- gnutls_free (got.data);
-
- /* randomize nonce */
-
- ret = gnutls_ocsp_req_randomize_nonce (req);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_randomize_nonce %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_req_get_nonce (req, &critical, &n1);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_get_nonce %d\n", ret);
- exit (1);
- }
-
- if (critical != 0)
- {
- fail ("unexpected random critical %d\n", critical);
- exit (1);
- }
-
- ret = gnutls_ocsp_req_randomize_nonce (req);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_randomize_nonce %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_req_get_nonce (req, &critical, &n2);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_get_nonce %d\n", ret);
- exit (1);
- }
-
- if (critical != 0)
- {
- fail ("unexpected random critical %d\n", critical);
- exit (1);
- }
-
- if (n2.size == got.size && memcmp (n1.data, n2.data, n1.size) == 0)
- {
- fail ("ocsp request random nonce memcmp failed\n");
- exit (1);
- }
-
- gnutls_free (n1.data);
- gnutls_free (n2.data);
- }
-
- /* cleanup */
-
- gnutls_ocsp_req_deinit (req);
+ gnutls_ocsp_req_t req;
+ int ret;
+ gnutls_datum_t d;
+
+ /* init request */
+
+ ret = gnutls_ocsp_req_init(&req);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_init\n");
+ exit(1);
+ }
+
+ /* import ocsp request */
+
+ ret = gnutls_ocsp_req_import(req, &req1);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_import %d\n", ret);
+ exit(1);
+ }
+
+ /* simple version query */
+
+ ret = gnutls_ocsp_req_get_version(req);
+ if (ret != 1) {
+ fail("gnutls_ocsp_req_get_version %d\n", ret);
+ exit(1);
+ }
+
+ /* check nonce */
+ {
+ gnutls_datum_t expect =
+ { (unsigned char *) REQ1NONCE + 2,
+ sizeof(REQ1NONCE) - 3 };
+ gnutls_datum_t got;
+ unsigned int critical;
+
+ ret = gnutls_ocsp_req_get_nonce(req, &critical, &got);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_get_nonce %d\n", ret);
+ exit(1);
+ }
+
+ if (critical != 0) {
+ fail("unexpected critical %d\n", critical);
+ exit(1);
+ }
+
+ if (expect.size != got.size ||
+ memcmp(expect.data, got.data, got.size) != 0) {
+ fail("ocsp request nonce memcmp failed\n");
+ exit(1);
+ }
+
+ gnutls_free(got.data);
+ }
+
+ /* print request */
+
+ ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_print\n");
+ exit(1);
+ }
+
+ if (strlen(REQ1INFO) != d.size - 1 ||
+ memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
+ printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen(REQ1INFO), REQ1INFO, (int) d.size - 1,
+ (int) d.size, d.data);
+ fail("ocsp request print failed\n");
+ exit(1);
+ }
+ gnutls_free(d.data);
+
+ /* test export */
+ ret = gnutls_ocsp_req_export(req, &d);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_export %d\n", ret);
+ exit(1);
+ }
+
+ /* compare against earlier imported bytes */
+
+ if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) {
+ fail("ocsp request export memcmp failed\n");
+ exit(1);
+ }
+ gnutls_free(d.data);
+
+ /* test setting nonce */
+ {
+ gnutls_datum_t n1 = { (unsigned char *) "foo", 3 };
+ gnutls_datum_t n2 = { (unsigned char *) "foobar", 6 };
+ gnutls_datum_t got;
+ unsigned critical;
+
+ ret = gnutls_ocsp_req_set_nonce(req, 0, &n1);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_set_nonce %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_get_nonce(req, &critical, &got);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_get_nonce %d\n", ret);
+ exit(1);
+ }
+
+ if (critical != 0) {
+ fail("unexpected critical %d\n", critical);
+ exit(1);
+ }
+
+ if (n1.size != got.size ||
+ memcmp(n1.data, got.data, got.size) != 0) {
+ fail("ocsp request parse nonce memcmp failed\n");
+ exit(1);
+ }
+
+ gnutls_free(got.data);
+
+ /* set another time */
+
+ ret = gnutls_ocsp_req_set_nonce(req, 1, &n2);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_set_nonce %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_get_nonce(req, &critical, &got);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_get_nonce %d\n", ret);
+ exit(1);
+ }
+
+ if (critical != 1) {
+ fail("unexpected critical %d\n", critical);
+ exit(1);
+ }
+
+ if (n2.size != got.size ||
+ memcmp(n2.data, got.data, got.size) != 0) {
+ fail("ocsp request parse2 nonce memcmp failed\n");
+ exit(1);
+ }
+
+ gnutls_free(got.data);
+
+ /* randomize nonce */
+
+ ret = gnutls_ocsp_req_randomize_nonce(req);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_randomize_nonce %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_get_nonce(req, &critical, &n1);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_get_nonce %d\n", ret);
+ exit(1);
+ }
+
+ if (critical != 0) {
+ fail("unexpected random critical %d\n", critical);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_randomize_nonce(req);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_randomize_nonce %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_get_nonce(req, &critical, &n2);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_get_nonce %d\n", ret);
+ exit(1);
+ }
+
+ if (critical != 0) {
+ fail("unexpected random critical %d\n", critical);
+ exit(1);
+ }
+
+ if (n2.size == got.size
+ && memcmp(n1.data, n2.data, n1.size) == 0) {
+ fail("ocsp request random nonce memcmp failed\n");
+ exit(1);
+ }
+
+ gnutls_free(n1.data);
+ gnutls_free(n2.data);
+ }
+
+ /* cleanup */
+
+ gnutls_ocsp_req_deinit(req);
}
/* check that creating a request (using low-level add_cert_id) ends up
with same DER as above. */
-static void
-req_addcert_id (void)
+static void req_addcert_id(void)
{
- gnutls_ocsp_req_t req;
- int ret;
- gnutls_datum_t d;
-
- /* init request */
-
- ret = gnutls_ocsp_req_init (&req);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_init\n");
- exit (1);
- }
-
- /* add ocsp request nonce */
-
- {
- gnutls_datum_t nonce =
- { (unsigned char*) REQ1NONCE, sizeof (REQ1NONCE) - 1 };
-
- ret = gnutls_ocsp_req_set_extension (req, "1.3.6.1.5.5.7.48.1.2",
- 0, &nonce);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_set_extension %d\n", ret);
- exit (1);
- }
- }
-
- /* add cert_id */
- {
- gnutls_datum_t issuer_name_hash =
- { (unsigned char*) REQ1INH, sizeof (REQ1INH) - 1 };
- gnutls_datum_t issuer_key_hash =
- { (unsigned char*) REQ1IKH, sizeof (REQ1IKH) - 1 };
- gnutls_datum_t serial_number =
- { (unsigned char*) REQ1SN, sizeof (REQ1SN) - 1 };
-
- ret = gnutls_ocsp_req_add_cert_id (req, GNUTLS_DIG_SHA1,
- &issuer_name_hash,
- &issuer_key_hash,
- &serial_number);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_add_cert_id %d\n", ret);
- exit (1);
- }
- }
-
- /* print request */
-
- ret = gnutls_ocsp_req_print (req, GNUTLS_OCSP_PRINT_FULL, &d);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_print\n");
- exit (1);
- }
-
- if (strlen (REQ1INFO) != d.size - 1 ||
- memcmp (REQ1INFO, d.data, strlen (REQ1INFO)) != 0)
- {
- printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen (REQ1INFO), REQ1INFO, (int) d.size - 1,
- (int) d.size, d.data);
- fail ("ocsp request print failed\n");
- exit (1);
- }
- gnutls_free (d.data);
-
- /* test export */
- ret = gnutls_ocsp_req_export (req, &d);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_export %d\n", ret);
- exit (1);
- }
-
- /* compare against earlier imported bytes */
-
- if (req1.size != d.size ||
- memcmp (req1.data, d.data, d.size) != 0)
- {
- fail ("ocsp request export memcmp failed\n");
- exit (1);
- }
- gnutls_free (d.data);
-
- /* cleanup */
-
- gnutls_ocsp_req_deinit (req);
+ gnutls_ocsp_req_t req;
+ int ret;
+ gnutls_datum_t d;
+
+ /* init request */
+
+ ret = gnutls_ocsp_req_init(&req);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_init\n");
+ exit(1);
+ }
+
+ /* add ocsp request nonce */
+
+ {
+ gnutls_datum_t nonce =
+ { (unsigned char *) REQ1NONCE, sizeof(REQ1NONCE) - 1 };
+
+ ret =
+ gnutls_ocsp_req_set_extension(req,
+ "1.3.6.1.5.5.7.48.1.2",
+ 0, &nonce);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_set_extension %d\n", ret);
+ exit(1);
+ }
+ }
+
+ /* add cert_id */
+ {
+ gnutls_datum_t issuer_name_hash =
+ { (unsigned char *) REQ1INH, sizeof(REQ1INH) - 1 };
+ gnutls_datum_t issuer_key_hash =
+ { (unsigned char *) REQ1IKH, sizeof(REQ1IKH) - 1 };
+ gnutls_datum_t serial_number =
+ { (unsigned char *) REQ1SN, sizeof(REQ1SN) - 1 };
+
+ ret = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1,
+ &issuer_name_hash,
+ &issuer_key_hash,
+ &serial_number);
+ if (ret != 0) {
+ fail("gnutls_ocsp_add_cert_id %d\n", ret);
+ exit(1);
+ }
+ }
+
+ /* print request */
+
+ ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_print\n");
+ exit(1);
+ }
+
+ if (strlen(REQ1INFO) != d.size - 1 ||
+ memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
+ printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen(REQ1INFO), REQ1INFO, (int) d.size - 1,
+ (int) d.size, d.data);
+ fail("ocsp request print failed\n");
+ exit(1);
+ }
+ gnutls_free(d.data);
+
+ /* test export */
+ ret = gnutls_ocsp_req_export(req, &d);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_export %d\n", ret);
+ exit(1);
+ }
+
+ /* compare against earlier imported bytes */
+
+ if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) {
+ fail("ocsp request export memcmp failed\n");
+ exit(1);
+ }
+ gnutls_free(d.data);
+
+ /* cleanup */
+
+ gnutls_ocsp_req_deinit(req);
}
/* check that creating a request (using high-level add_cert) ends up
with same DER as above. */
-static void
-req_addcert (void)
+static void req_addcert(void)
{
- gnutls_ocsp_req_t req;
- int ret;
- gnutls_datum_t d;
-
- /* init request */
-
- ret = gnutls_ocsp_req_init (&req);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_init\n");
- exit (1);
- }
-
- /* add ocsp request nonce */
-
- {
- gnutls_datum_t nonce =
- { (unsigned char*) REQ1NONCE, sizeof (REQ1NONCE) - 1 };
-
- ret = gnutls_ocsp_req_set_extension (req, "1.3.6.1.5.5.7.48.1.2",
- 0, &nonce);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_set_extension %d\n", ret);
- exit (1);
- }
- }
-
- /* add cert_id */
- {
- gnutls_x509_crt_t issuer = NULL, subject = NULL;
-
- ret = gnutls_x509_crt_init (&issuer);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_init (issuer) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_init (&subject);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_init (subject) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (issuer, &issuer_data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_import (issuer) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (subject, &subject_data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_import (subject) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_req_add_cert (req, GNUTLS_DIG_SHA1,
- issuer, subject);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_add_cert %d\n", ret);
- exit (1);
- }
-
- gnutls_x509_crt_deinit (subject);
- gnutls_x509_crt_deinit (issuer);
- }
-
- /* print request */
-
- ret = gnutls_ocsp_req_print (req, GNUTLS_OCSP_PRINT_FULL, &d);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_print\n");
- exit (1);
- }
-
- if (strlen (REQ1INFO) != d.size - 1 ||
- memcmp (REQ1INFO, d.data, strlen (REQ1INFO)) != 0)
- {
- printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen (REQ1INFO), REQ1INFO, (int) d.size - 1,
- (int) d.size, d.data);
- fail ("ocsp request print failed\n");
- exit (1);
- }
- gnutls_free (d.data);
-
- /* test export */
- ret = gnutls_ocsp_req_export (req, &d);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_req_export %d\n", ret);
- exit (1);
- }
-
- /* compare against earlier imported bytes */
-
- if (req1.size != d.size ||
- memcmp (req1.data, d.data, d.size) != 0)
- {
- fail ("ocsp request export memcmp failed\n");
- exit (1);
- }
- gnutls_free (d.data);
-
- /* cleanup */
-
- gnutls_ocsp_req_deinit (req);
+ gnutls_ocsp_req_t req;
+ int ret;
+ gnutls_datum_t d;
+
+ /* init request */
+
+ ret = gnutls_ocsp_req_init(&req);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_init\n");
+ exit(1);
+ }
+
+ /* add ocsp request nonce */
+
+ {
+ gnutls_datum_t nonce =
+ { (unsigned char *) REQ1NONCE, sizeof(REQ1NONCE) - 1 };
+
+ ret =
+ gnutls_ocsp_req_set_extension(req,
+ "1.3.6.1.5.5.7.48.1.2",
+ 0, &nonce);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_set_extension %d\n", ret);
+ exit(1);
+ }
+ }
+
+ /* add cert_id */
+ {
+ gnutls_x509_crt_t issuer = NULL, subject = NULL;
+
+ ret = gnutls_x509_crt_init(&issuer);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_init (issuer) %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&subject);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_init (subject) %d\n", ret);
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(issuer, &issuer_data,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_import (issuer) %d\n", ret);
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(subject, &subject_data,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_import (subject) %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1,
+ issuer, subject);
+ if (ret != 0) {
+ fail("gnutls_ocsp_add_cert %d\n", ret);
+ exit(1);
+ }
+
+ gnutls_x509_crt_deinit(subject);
+ gnutls_x509_crt_deinit(issuer);
+ }
+
+ /* print request */
+
+ ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_print\n");
+ exit(1);
+ }
+
+ if (strlen(REQ1INFO) != d.size - 1 ||
+ memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) {
+ printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen(REQ1INFO), REQ1INFO, (int) d.size - 1,
+ (int) d.size, d.data);
+ fail("ocsp request print failed\n");
+ exit(1);
+ }
+ gnutls_free(d.data);
+
+ /* test export */
+ ret = gnutls_ocsp_req_export(req, &d);
+ if (ret != 0) {
+ fail("gnutls_ocsp_req_export %d\n", ret);
+ exit(1);
+ }
+
+ /* compare against earlier imported bytes */
+
+ if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) {
+ fail("ocsp request export memcmp failed\n");
+ exit(1);
+ }
+ gnutls_free(d.data);
+
+ /* cleanup */
+
+ gnutls_ocsp_req_deinit(req);
}
-static void
-resp_import (void)
+static void resp_import(void)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- gnutls_datum_t d;
-
- /* init response */
-
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_resp_init\n");
- exit (1);
- }
-
- /* import ocsp response */
-
- ret = gnutls_ocsp_resp_import (resp, &resp1);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_resp_import %d\n", ret);
- exit (1);
- }
-
- /* print response */
-
- ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_FULL, &d);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_resp_print\n");
- exit (1);
- }
-
- if (strlen (RESP1INFO) != d.size - 1 ||
- memcmp (RESP1INFO, d.data, strlen (RESP1INFO)) != 0)
- {
- printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen (RESP1INFO), RESP1INFO, (int) d.size - 1,
- (int) d.size, d.data);
- fail ("ocsp response print failed\n");
- exit (1);
- }
- gnutls_free (d.data);
-
- /* import ocsp response */
-
- ret = gnutls_ocsp_resp_import (resp, &resp2);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_resp_import %d\n", ret);
- exit (1);
- }
-
- /* print response */
-
- ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_FULL, &d);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_resp_print\n");
- exit (1);
- }
-
- if (memcmp (RESP2INFO, d.data, strlen (RESP2INFO)) != 0)
- {
- printf ("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
- strlen (RESP2INFO), RESP2INFO, (int) d.size - 1,
- (int) d.size, d.data);
- fail ("ocsp response print failed\n");
- exit (1);
- }
- gnutls_free (d.data);
-
- /* cleanup */
-
- gnutls_ocsp_resp_deinit (resp);
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ gnutls_datum_t d;
+
+ /* init response */
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret != 0) {
+ fail("gnutls_ocsp_resp_init\n");
+ exit(1);
+ }
+
+ /* import ocsp response */
+
+ ret = gnutls_ocsp_resp_import(resp, &resp1);
+ if (ret != 0) {
+ fail("gnutls_ocsp_resp_import %d\n", ret);
+ exit(1);
+ }
+
+ /* print response */
+
+ ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &d);
+ if (ret != 0) {
+ fail("gnutls_ocsp_resp_print\n");
+ exit(1);
+ }
+
+ if (strlen(RESP1INFO) != d.size - 1 ||
+ memcmp(RESP1INFO, d.data, strlen(RESP1INFO)) != 0) {
+ printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen(RESP1INFO), RESP1INFO, (int) d.size - 1,
+ (int) d.size, d.data);
+ fail("ocsp response print failed\n");
+ exit(1);
+ }
+ gnutls_free(d.data);
+
+ /* import ocsp response */
+
+ ret = gnutls_ocsp_resp_import(resp, &resp2);
+ if (ret != 0) {
+ fail("gnutls_ocsp_resp_import %d\n", ret);
+ exit(1);
+ }
+
+ /* print response */
+
+ ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &d);
+ if (ret != 0) {
+ fail("gnutls_ocsp_resp_print\n");
+ exit(1);
+ }
+
+ if (memcmp(RESP2INFO, d.data, strlen(RESP2INFO)) != 0) {
+ printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n",
+ strlen(RESP2INFO), RESP2INFO, (int) d.size - 1,
+ (int) d.size, d.data);
+ fail("ocsp response print failed\n");
+ exit(1);
+ }
+ gnutls_free(d.data);
+
+ /* cleanup */
+
+ gnutls_ocsp_resp_deinit(resp);
}
-static void
-resp_verify (void)
+static void resp_verify(void)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- gnutls_x509_crt_t cert = NULL, issuer = NULL, signer = NULL;
- gnutls_x509_trust_list_t list;
- unsigned verify;
-
- /* init response */
-
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_resp_init\n");
- exit (1);
- }
-
- /* import ocsp response */
-
- ret = gnutls_ocsp_resp_import (resp, &blog_resp);
- if (ret != 0)
- {
- fail ("gnutls_ocsp_resp_import %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_init (&cert);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_init (cert) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_init (&issuer);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_init (issuer) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_init (&signer);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_init (signer) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (cert, &blog_cert_data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_import (cert) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (issuer, &blog_issuer_data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_import (issuer) %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (signer, &blog_signer_data, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fail ("gnutls_x509_crt_import (signer) %d\n", ret);
- exit (1);
- }
-
- /* check direct verify with signer (should succeed) */
-
- ret = gnutls_ocsp_resp_verify_direct (resp, signer, &verify, 0);
- if (ret < 0)
- {
- fail ("gnutls_ocsp_resp_verify_direct (signer) %d\n", ret);
- exit (1);
- }
-
- if (verify != 0)
- {
- fail ("gnutls_ocsp_resp_verify_direct %d\n", verify);
- exit (1);
- }
-
- /* check direct verify with cert (should fail) */
-
- ret = gnutls_ocsp_resp_verify_direct (resp, cert, &verify, 0);
- if (ret < 0)
- {
- fail ("gnutls_ocsp_resp_verify_direct (cert) %d\n", ret);
- exit (1);
- }
-
- if (verify != GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER)
- {
- fail ("gnutls_ocsp_resp_verify_direct3 %d\n", verify);
- exit (1);
- }
-
- /* check trust verify with issuer (should succeed) */
-
- ret = gnutls_x509_trust_list_init (&list, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_init %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_trust_list_add_cas (list, &issuer, 1, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_add_cas %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
- if (ret < 0)
- {
- fail ("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
- exit (1);
- }
-
- if (verify != 0)
- {
- fail ("gnutls_ocsp_resp_verify %d\n", verify);
- exit (1);
- }
-
- gnutls_x509_trust_list_deinit (list, 0);
-
- /* check trust verify with signer (should succeed) */
-
- ret = gnutls_x509_trust_list_init (&list, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_init %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_trust_list_add_cas (list, &signer, 1, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_add_cas %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
- if (ret < 0)
- {
- fail ("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
- exit (1);
- }
-
- if (verify != 0)
- {
- fail ("gnutls_ocsp_resp_verify %d\n", verify);
- exit (1);
- }
-
- gnutls_x509_trust_list_deinit (list, 0);
-
- /* check trust verify with cert (should fail) */
-
- ret = gnutls_x509_trust_list_init (&list, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_init %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_trust_list_add_cas (list, &cert, 1, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_add_cas %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
- if (ret < 0)
- {
- fail ("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
- exit (1);
- }
-
- if (verify != GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER)
- {
- fail ("gnutls_ocsp_resp_verify %d\n", verify);
- exit (1);
- }
-
- gnutls_x509_trust_list_deinit (list, 0);
-
- /* check trust verify with all certs (should succeed) */
-
- ret = gnutls_x509_trust_list_init (&list, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_init %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_trust_list_add_cas (list, &cert, 1, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_add_cas %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_trust_list_add_cas (list, &issuer, 1, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_add_cas %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_x509_trust_list_add_cas (list, &signer, 1, 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_trust_list_add_cas %d\n", ret);
- exit (1);
- }
-
- ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
- if (ret < 0)
- {
- fail ("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
- exit (1);
- }
-
- if (verify != 0)
- {
- fail ("gnutls_ocsp_resp_verify %d\n", verify);
- exit (1);
- }
-
- gnutls_x509_trust_list_deinit (list, 0);
-
- /* cleanup */
-
- gnutls_ocsp_resp_deinit (resp);
- gnutls_x509_crt_deinit (cert);
- gnutls_x509_crt_deinit (issuer);
- gnutls_x509_crt_deinit (signer);
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ gnutls_x509_crt_t cert = NULL, issuer = NULL, signer = NULL;
+ gnutls_x509_trust_list_t list;
+ unsigned verify;
+
+ /* init response */
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret != 0) {
+ fail("gnutls_ocsp_resp_init\n");
+ exit(1);
+ }
+
+ /* import ocsp response */
+
+ ret = gnutls_ocsp_resp_import(resp, &blog_resp);
+ if (ret != 0) {
+ fail("gnutls_ocsp_resp_import %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_init (cert) %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&issuer);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_init (issuer) %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&signer);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_init (signer) %d\n", ret);
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(cert, &blog_cert_data,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_import (cert) %d\n", ret);
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(issuer, &blog_issuer_data,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_import (issuer) %d\n", ret);
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(signer, &blog_signer_data,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fail("gnutls_x509_crt_import (signer) %d\n", ret);
+ exit(1);
+ }
+
+ /* check direct verify with signer (should succeed) */
+
+ ret = gnutls_ocsp_resp_verify_direct(resp, signer, &verify, 0);
+ if (ret < 0) {
+ fail("gnutls_ocsp_resp_verify_direct (signer) %d\n", ret);
+ exit(1);
+ }
+
+ if (verify != 0) {
+ fail("gnutls_ocsp_resp_verify_direct %d\n", verify);
+ exit(1);
+ }
+
+ /* check direct verify with cert (should fail) */
+
+ ret = gnutls_ocsp_resp_verify_direct(resp, cert, &verify, 0);
+ if (ret < 0) {
+ fail("gnutls_ocsp_resp_verify_direct (cert) %d\n", ret);
+ exit(1);
+ }
+
+ if (verify != GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) {
+ fail("gnutls_ocsp_resp_verify_direct3 %d\n", verify);
+ exit(1);
+ }
+
+ /* check trust verify with issuer (should succeed) */
+
+ ret = gnutls_x509_trust_list_init(&list, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_init %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_trust_list_add_cas(list, &issuer, 1, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_add_cas %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
+ if (ret < 0) {
+ fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
+ exit(1);
+ }
+
+ if (verify != 0) {
+ fail("gnutls_ocsp_resp_verify %d\n", verify);
+ exit(1);
+ }
+
+ gnutls_x509_trust_list_deinit(list, 0);
+
+ /* check trust verify with signer (should succeed) */
+
+ ret = gnutls_x509_trust_list_init(&list, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_init %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_trust_list_add_cas(list, &signer, 1, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_add_cas %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
+ if (ret < 0) {
+ fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
+ exit(1);
+ }
+
+ if (verify != 0) {
+ fail("gnutls_ocsp_resp_verify %d\n", verify);
+ exit(1);
+ }
+
+ gnutls_x509_trust_list_deinit(list, 0);
+
+ /* check trust verify with cert (should fail) */
+
+ ret = gnutls_x509_trust_list_init(&list, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_init %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_trust_list_add_cas(list, &cert, 1, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_add_cas %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
+ if (ret < 0) {
+ fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
+ exit(1);
+ }
+
+ if (verify != GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) {
+ fail("gnutls_ocsp_resp_verify %d\n", verify);
+ exit(1);
+ }
+
+ gnutls_x509_trust_list_deinit(list, 0);
+
+ /* check trust verify with all certs (should succeed) */
+
+ ret = gnutls_x509_trust_list_init(&list, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_init %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_trust_list_add_cas(list, &cert, 1, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_add_cas %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_trust_list_add_cas(list, &issuer, 1, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_add_cas %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_trust_list_add_cas(list, &signer, 1, 0);
+ if (ret < 0) {
+ fail("gnutls_x509_trust_list_add_cas %d\n", ret);
+ exit(1);
+ }
+
+ ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0);
+ if (ret < 0) {
+ fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret);
+ exit(1);
+ }
+
+ if (verify != 0) {
+ fail("gnutls_ocsp_resp_verify %d\n", verify);
+ exit(1);
+ }
+
+ gnutls_x509_trust_list_deinit(list, 0);
+
+ /* cleanup */
+
+ gnutls_ocsp_resp_deinit(resp);
+ gnutls_x509_crt_deinit(cert);
+ gnutls_x509_crt_deinit(issuer);
+ gnutls_x509_crt_deinit(signer);
}
-void
-doit (void)
+void doit(void)
{
- int ret;
-
- ret = global_init ();
- if (ret < 0)
- {
- fail ("global_init\n");
- exit (1);
- }
-
- gnutls_global_set_time_function (mytime);
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (99);
-
- ocsp_invalid_calls ();
- req_parse ();
- resp_import ();
- req_addcert_id ();
- req_addcert ();
- resp_verify ();
-
- /* we're done */
-
- gnutls_global_deinit ();
+ int ret;
+
+ ret = global_init();
+ if (ret < 0) {
+ fail("global_init\n");
+ exit(1);
+ }
+
+ gnutls_global_set_time_function(mytime);
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(99);
+
+ ocsp_invalid_calls();
+ req_parse();
+ resp_import();
+ req_addcert_id();
+ req_addcert();
+ resp_verify();
+
+ /* we're done */
+
+ gnutls_global_deinit();
}
diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c
index ac2b616357..67faf73898 100644
--- a/tests/openpgp-auth.c
+++ b/tests/openpgp-auth.c
@@ -46,265 +46,281 @@ static const char message[] = "Hello, brave GNU world!";
static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
static const char *key_id = NULL;
-static gnutls_datum_t stored_cli_cert = {NULL, 0};
+static gnutls_datum_t stored_cli_cert = { NULL, 0 };
-static void
-log_message (int level, const char *message)
+static void log_message(int level, const char *message)
{
- fprintf (stderr, "[%5d|%2d] %s", getpid (), level, message);
+ fprintf(stderr, "[%5d|%2d] %s", getpid(), level, message);
}
static
int key_recv_func(gnutls_session_t session, const unsigned char *keyfpr,
- unsigned int keyfpr_length, gnutls_datum_t * key)
+ unsigned int keyfpr_length, gnutls_datum_t * key)
{
key->data = gnutls_malloc(stored_cli_cert.size);
memcpy(key->data, stored_cli_cert.data, stored_cli_cert.size);
key->size = stored_cli_cert.size;
-
+
return 0;
}
-void
-doit ()
+void doit()
{
- int err, i;
- int sockets[2];
- const char *srcdir;
- pid_t child;
- char pub_key_path[512], priv_key_path[512];
-
- global_init ();
-
- srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
-
- for (i = 0; i < 5; i++)
- {
- if (i <= 1)
- key_id = NULL; /* try using the master key */
- else if (i == 2)
- key_id = "auto"; /* test auto */
- else if (i >= 3)
- key_id = "f30fd423c143e7ba";
-
- if (debug)
- {
- gnutls_global_set_log_level (5);
- gnutls_global_set_log_function (log_message);
- }
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err != 0)
- fail ("socketpair %s\n", strerror (errno));
-
- if (sizeof(pub_key_path) < strlen (srcdir) + strlen (pub_key_file) + 2)
- abort();
-
- strcpy (pub_key_path, srcdir);
- strcat (pub_key_path, "/");
- strcat (pub_key_path, pub_key_file);
-
- if (sizeof(priv_key_path) < strlen (srcdir) + strlen (priv_key_file) + 2)
- abort();
-
- strcpy (priv_key_path, srcdir);
- strcat (priv_key_path, "/");
- strcat (priv_key_path, priv_key_file);
-
- child = fork ();
- if (child == -1)
- fail ("fork %s\n", strerror (errno));
-
- if (child == 0)
- {
- /* Child process (client). */
- gnutls_session_t session;
- gnutls_certificate_credentials_t cred;
- ssize_t sent;
-
- if (debug)
- printf ("client process %i\n", getpid ());
-
- err = gnutls_init (&session, GNUTLS_CLIENT);
- if (err != 0)
- fail ("client session %d\n", err);
-
- if (i==0) /* we use the primary key which is RSA. Test the RSA ciphersuite */
- gnutls_priority_set_direct (session,
- "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+RSA:+CTYPE-OPENPGP",
- NULL);
- else
- gnutls_priority_set_direct (session,
- "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
- NULL);
- gnutls_transport_set_int (session, sockets[0]);
-
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("client credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path,
- priv_key_path, key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("client openpgp keys %s\n", gnutls_strerror (err));
-
- err =
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("client credential_set %d\n", err);
-
- gnutls_dh_set_prime_bits (session, 1024);
-
- if (i==4)
- gnutls_openpgp_send_cert(session, GNUTLS_OPENPGP_CERT_FINGERPRINT);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("client handshake %s (%d) \n", gnutls_strerror (err), err);
- else if (debug)
- printf ("client handshake successful\n");
-
- sent = gnutls_record_send (session, message, sizeof (message));
- if (sent != sizeof (message))
- fail ("client sent %li vs. %li\n",
- (long) sent, (long) sizeof (message));
-
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
- if (err != 0)
- fail ("client bye %d\n", err);
-
- if (debug)
- printf ("client done\n");
-
- gnutls_deinit(session);
- gnutls_certificate_free_credentials (cred);
- gnutls_free(stored_cli_cert.data);
- gnutls_global_deinit ();
- return;
- }
- else
- {
- /* Parent process (server). */
- gnutls_session_t session;
- gnutls_dh_params_t dh_params;
- gnutls_certificate_credentials_t cred;
- char greetings[sizeof (message) * 2];
- ssize_t received;
- pid_t done;
- int status;
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
-
- if (debug)
- printf ("server process %i (child %i)\n", getpid (), child);
-
- err = gnutls_init (&session, GNUTLS_SERVER);
- if (err != 0)
- fail ("server session %d\n", err);
-
- gnutls_priority_set_direct (session,
- "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+RSA:+CTYPE-OPENPGP",
- NULL);
- gnutls_transport_set_int (session, sockets[1]);
-
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("server credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path,
- priv_key_path, key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("server openpgp keys %s\n", gnutls_strerror (err));
-
- err = gnutls_dh_params_init (&dh_params);
- if (err)
- fail ("server DH params init %d\n", err);
-
- err =
- gnutls_dh_params_import_pkcs3 (dh_params, &p3,
- GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server DH params generate %d\n", err);
-
- gnutls_certificate_set_dh_params (cred, dh_params);
-
- err =
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("server credential_set %d\n", err);
-
- gnutls_certificate_server_set_request (session,
- GNUTLS_CERT_REQUIRE);
-
- if (i==4)
- gnutls_openpgp_set_recv_key_function(session, key_recv_func);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("server handshake %s (%d) \n", gnutls_strerror (err), err);
-
- if (stored_cli_cert.data == NULL)
- {
- const gnutls_datum_t* d;
- unsigned int d_size;
- d = gnutls_certificate_get_peers(session, &d_size);
- if (d != NULL)
- {
- stored_cli_cert.data = gnutls_malloc(d[0].size);
- memcpy(stored_cli_cert.data, d[0].data, d[0].size);
- stored_cli_cert.size = d[0].size;
- }
- }
-
- received =
- gnutls_record_recv (session, greetings, sizeof (greetings));
- if (received != sizeof (message)
- || memcmp (greetings, message, sizeof (message)))
- fail ("server received %li vs. %li\n", (long) received,
- (long) sizeof (message));
-
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
- if (err != 0)
- fail ("server bye %s (%d) \n", gnutls_strerror (err), err);
-
- if (debug)
- printf ("server done\n");
-
- gnutls_deinit(session);
- gnutls_certificate_free_credentials (cred);
- gnutls_dh_params_deinit (dh_params);
-
- done = wait (&status);
- if (done < 0)
- fail ("wait %s\n", strerror (errno));
-
- if (done != child)
- fail ("who's that?! %d\n", done);
-
- if (WIFEXITED (status))
- {
- if (WEXITSTATUS (status) != 0)
- fail ("child exited with status %d\n", WEXITSTATUS (status));
- }
- else if (WIFSIGNALED (status))
- fail ("child stopped by signal %d\n", WTERMSIG (status));
- else
- fail ("child failed: %d\n", status);
- }
- }
-
- gnutls_free(stored_cli_cert.data);
- gnutls_global_deinit ();
+ int err, i;
+ int sockets[2];
+ const char *srcdir;
+ pid_t child;
+ char pub_key_path[512], priv_key_path[512];
+
+ global_init();
+
+ srcdir = getenv("srcdir") ? getenv("srcdir") : ".";
+
+ for (i = 0; i < 5; i++) {
+ if (i <= 1)
+ key_id = NULL; /* try using the master key */
+ else if (i == 2)
+ key_id = "auto"; /* test auto */
+ else if (i >= 3)
+ key_id = "f30fd423c143e7ba";
+
+ if (debug) {
+ gnutls_global_set_log_level(5);
+ gnutls_global_set_log_function(log_message);
+ }
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err != 0)
+ fail("socketpair %s\n", strerror(errno));
+
+ if (sizeof(pub_key_path) <
+ strlen(srcdir) + strlen(pub_key_file) + 2)
+ abort();
+
+ strcpy(pub_key_path, srcdir);
+ strcat(pub_key_path, "/");
+ strcat(pub_key_path, pub_key_file);
+
+ if (sizeof(priv_key_path) <
+ strlen(srcdir) + strlen(priv_key_file) + 2)
+ abort();
+
+ strcpy(priv_key_path, srcdir);
+ strcat(priv_key_path, "/");
+ strcat(priv_key_path, priv_key_file);
+
+ child = fork();
+ if (child == -1)
+ fail("fork %s\n", strerror(errno));
+
+ if (child == 0) {
+ /* Child process (client). */
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ ssize_t sent;
+
+ if (debug)
+ printf("client process %i\n", getpid());
+
+ err = gnutls_init(&session, GNUTLS_CLIENT);
+ if (err != 0)
+ fail("client session %d\n", err);
+
+ if (i == 0) /* we use the primary key which is RSA. Test the RSA ciphersuite */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+RSA:+CTYPE-OPENPGP",
+ NULL);
+ else
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_int(session, sockets[0]);
+
+ err =
+ gnutls_certificate_allocate_credentials(&cred);
+ if (err != 0)
+ fail("client credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2(cred,
+ pub_key_path,
+ priv_key_path,
+ key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail("client openpgp keys %s\n",
+ gnutls_strerror(err));
+
+ err =
+ gnutls_credentials_set(session,
+ GNUTLS_CRD_CERTIFICATE,
+ cred);
+ if (err != 0)
+ fail("client credential_set %d\n", err);
+
+ gnutls_dh_set_prime_bits(session, 1024);
+
+ if (i == 4)
+ gnutls_openpgp_send_cert(session,
+ GNUTLS_OPENPGP_CERT_FINGERPRINT);
+
+ err = gnutls_handshake(session);
+ if (err != 0)
+ fail("client handshake %s (%d) \n",
+ gnutls_strerror(err), err);
+ else if (debug)
+ printf("client handshake successful\n");
+
+ sent =
+ gnutls_record_send(session, message,
+ sizeof(message));
+ if (sent != sizeof(message))
+ fail("client sent %li vs. %li\n",
+ (long) sent, (long) sizeof(message));
+
+ err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail("client bye %d\n", err);
+
+ if (debug)
+ printf("client done\n");
+
+ gnutls_deinit(session);
+ gnutls_certificate_free_credentials(cred);
+ gnutls_free(stored_cli_cert.data);
+ gnutls_global_deinit();
+ return;
+ } else {
+ /* Parent process (server). */
+ gnutls_session_t session;
+ gnutls_dh_params_t dh_params;
+ gnutls_certificate_credentials_t cred;
+ char greetings[sizeof(message) * 2];
+ ssize_t received;
+ pid_t done;
+ int status;
+ const gnutls_datum_t p3 =
+ { (void *) pkcs3, strlen(pkcs3) };
+
+ if (debug)
+ printf("server process %i (child %i)\n",
+ getpid(), child);
+
+ err = gnutls_init(&session, GNUTLS_SERVER);
+ if (err != 0)
+ fail("server session %d\n", err);
+
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_int(session, sockets[1]);
+
+ err =
+ gnutls_certificate_allocate_credentials(&cred);
+ if (err != 0)
+ fail("server credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2(cred,
+ pub_key_path,
+ priv_key_path,
+ key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail("server openpgp keys %s\n",
+ gnutls_strerror(err));
+
+ err = gnutls_dh_params_init(&dh_params);
+ if (err)
+ fail("server DH params init %d\n", err);
+
+ err =
+ gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
+ if (err)
+ fail("server DH params generate %d\n",
+ err);
+
+ gnutls_certificate_set_dh_params(cred, dh_params);
+
+ err =
+ gnutls_credentials_set(session,
+ GNUTLS_CRD_CERTIFICATE,
+ cred);
+ if (err != 0)
+ fail("server credential_set %d\n", err);
+
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUIRE);
+
+ if (i == 4)
+ gnutls_openpgp_set_recv_key_function
+ (session, key_recv_func);
+
+ err = gnutls_handshake(session);
+ if (err != 0)
+ fail("server handshake %s (%d) \n",
+ gnutls_strerror(err), err);
+
+ if (stored_cli_cert.data == NULL) {
+ const gnutls_datum_t *d;
+ unsigned int d_size;
+ d = gnutls_certificate_get_peers(session,
+ &d_size);
+ if (d != NULL) {
+ stored_cli_cert.data =
+ gnutls_malloc(d[0].size);
+ memcpy(stored_cli_cert.data,
+ d[0].data, d[0].size);
+ stored_cli_cert.size = d[0].size;
+ }
+ }
+
+ received =
+ gnutls_record_recv(session, greetings,
+ sizeof(greetings));
+ if (received != sizeof(message)
+ || memcmp(greetings, message, sizeof(message)))
+ fail("server received %li vs. %li\n",
+ (long) received,
+ (long) sizeof(message));
+
+ err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail("server bye %s (%d) \n",
+ gnutls_strerror(err), err);
+
+ if (debug)
+ printf("server done\n");
+
+ gnutls_deinit(session);
+ gnutls_certificate_free_credentials(cred);
+ gnutls_dh_params_deinit(dh_params);
+
+ done = wait(&status);
+ if (done < 0)
+ fail("wait %s\n", strerror(errno));
+
+ if (done != child)
+ fail("who's that?! %d\n", done);
+
+ if (WIFEXITED(status)) {
+ if (WEXITSTATUS(status) != 0)
+ fail("child exited with status %d\n", WEXITSTATUS(status));
+ } else if (WIFSIGNALED(status))
+ fail("child stopped by signal %d\n",
+ WTERMSIG(status));
+ else
+ fail("child failed: %d\n", status);
+ }
+ }
+
+ gnutls_free(stored_cli_cert.data);
+ gnutls_global_deinit();
}
#else
-void
-doit ()
+void doit()
{
- exit (77);
+ exit(77);
}
#endif
diff --git a/tests/openpgp-auth2.c b/tests/openpgp-auth2.c
index ab2f3a92bc..12accbaa67 100644
--- a/tests/openpgp-auth2.c
+++ b/tests/openpgp-auth2.c
@@ -52,212 +52,227 @@ static const char message[] = "Hello, brave GNU world!";
static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
static const char *key_id = NULL
- /* FIXME: The values below don't work as expected. */
- /* "auto" */
- /* "bd572cdcccc07c35" */ ;
+ /* FIXME: The values below don't work as expected. */
+ /* "auto" */
+ /* "bd572cdcccc07c35" */ ;
-static void
-log_message (int level, const char *message)
+static void log_message(int level, const char *message)
{
- fprintf (stderr, "[%5d|%2d] %s", getpid (), level, message);
+ fprintf(stderr, "[%5d|%2d] %s", getpid(), level, message);
}
-void
-doit ()
+void doit()
{
- int err;
- int sockets[2];
- const char *srcdir;
- char pub_key_path[512], priv_key_path[512];
- pid_t child;
-
- global_init ();
-
- srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
-
- if (debug)
- {
- gnutls_global_set_log_level (10);
- gnutls_global_set_log_function (log_message);
- }
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err != 0)
- fail ("socketpair %s\n", strerror (errno));
-
- if (sizeof(pub_key_path) < strlen (srcdir) + strlen (pub_key_file) + 2)
- abort();
-
- strcpy (pub_key_path, srcdir);
- strcat (pub_key_path, "/");
- strcat (pub_key_path, pub_key_file);
-
- if (sizeof(priv_key_path) < strlen (srcdir) + strlen (priv_key_file) + 2)
- abort();
-
- strcpy (priv_key_path, srcdir);
- strcat (priv_key_path, "/");
- strcat (priv_key_path, priv_key_file);
-
- child = fork ();
- if (child == -1)
- fail ("fork %s\n", strerror (errno));
-
- if (child == 0)
- {
- /* Child process (client). */
- gnutls_session_t session;
- gnutls_certificate_credentials_t cred;
- ssize_t sent;
-
- if (debug)
- printf ("client process %i\n", getpid ());
-
- err = gnutls_init (&session, GNUTLS_CLIENT);
- if (err != 0)
- fail ("client session %d\n", err);
-
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP", NULL);
- gnutls_transport_set_int (session, sockets[0]);
-
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("client credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("client openpgp keys %d\n", err);
-
- err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("client credential_set %d\n", err);
-
- gnutls_dh_set_prime_bits (session, 1024);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("client handshake %s (%d) \n", gnutls_strerror(err), err);
- else if (debug)
- printf ("client handshake successful\n");
-
- sent = gnutls_record_send (session, message, sizeof (message));
- if (sent != sizeof (message))
- fail ("client sent %li vs. %li\n",
- (long) sent, (long) sizeof (message));
-
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
- if (err != 0)
- fail ("client bye %d\n", err);
-
- if (debug)
- printf ("client done\n");
-
- gnutls_deinit(session);
- gnutls_certificate_free_credentials (cred);
- }
- else
- {
- /* Parent process (server). */
- gnutls_session_t session;
- gnutls_dh_params_t dh_params;
- gnutls_certificate_credentials_t cred;
- char greetings[sizeof (message) * 2];
- ssize_t received;
- pid_t done;
- int status;
- const gnutls_datum_t p3 = { (void*) pkcs3, strlen (pkcs3) };
-
- if (debug)
- printf ("server process %i (child %i)\n", getpid (), child);
-
- err = gnutls_init (&session, GNUTLS_SERVER);
- if (err != 0)
- fail ("server session %d\n", err);
-
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP", NULL);
- gnutls_transport_set_int (session, sockets[1]);
-
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("server credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("server openpgp keys %d\n", err);
-
- err = gnutls_dh_params_init (&dh_params);
- if (err)
- fail ("server DH params init %d\n", err);
-
- err =
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server DH params generate %d\n", err);
-
- gnutls_certificate_set_dh_params (cred, dh_params);
-
- err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("server credential_set %d\n", err);
-
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("server handshake %s (%d) \n", gnutls_strerror(err), err);
-
- received = gnutls_record_recv (session, greetings, sizeof (greetings));
- if (received != sizeof (message)
- || memcmp (greetings, message, sizeof (message)))
- fail ("server received %li vs. %li\n",
- (long) received, (long) sizeof (message));
-
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
- if (err != 0)
- fail ("server bye %s (%d) \n", gnutls_strerror(err), err);
-
- if (debug)
- printf ("server done\n");
-
- gnutls_deinit(session);
- gnutls_certificate_free_credentials (cred);
- gnutls_dh_params_deinit (dh_params);
-
- done = wait (&status);
- if (done < 0)
- fail ("wait %s\n", strerror (errno));
-
- if (done != child)
- fail ("who's that?! %d\n", done);
-
- if (WIFEXITED (status))
- {
- if (WEXITSTATUS (status) != 0)
- fail ("child exited with status %d\n", WEXITSTATUS (status));
- }
- else if (WIFSIGNALED (status))
- fail ("child stopped by signal %d\n", WTERMSIG (status));
- else
- fail ("child failed: %d\n", status);
- }
-
- gnutls_global_deinit ();
+ int err;
+ int sockets[2];
+ const char *srcdir;
+ char pub_key_path[512], priv_key_path[512];
+ pid_t child;
+
+ global_init();
+
+ srcdir = getenv("srcdir") ? getenv("srcdir") : ".";
+
+ if (debug) {
+ gnutls_global_set_log_level(10);
+ gnutls_global_set_log_function(log_message);
+ }
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err != 0)
+ fail("socketpair %s\n", strerror(errno));
+
+ if (sizeof(pub_key_path) <
+ strlen(srcdir) + strlen(pub_key_file) + 2)
+ abort();
+
+ strcpy(pub_key_path, srcdir);
+ strcat(pub_key_path, "/");
+ strcat(pub_key_path, pub_key_file);
+
+ if (sizeof(priv_key_path) <
+ strlen(srcdir) + strlen(priv_key_file) + 2)
+ abort();
+
+ strcpy(priv_key_path, srcdir);
+ strcat(priv_key_path, "/");
+ strcat(priv_key_path, priv_key_file);
+
+ child = fork();
+ if (child == -1)
+ fail("fork %s\n", strerror(errno));
+
+ if (child == 0) {
+ /* Child process (client). */
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ ssize_t sent;
+
+ if (debug)
+ printf("client process %i\n", getpid());
+
+ err = gnutls_init(&session, GNUTLS_CLIENT);
+ if (err != 0)
+ fail("client session %d\n", err);
+
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_int(session, sockets[0]);
+
+ err = gnutls_certificate_allocate_credentials(&cred);
+ if (err != 0)
+ fail("client credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2(cred,
+ pub_key_path,
+ priv_key_path,
+ key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail("client openpgp keys %d\n", err);
+
+ err =
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cred);
+ if (err != 0)
+ fail("client credential_set %d\n", err);
+
+ gnutls_dh_set_prime_bits(session, 1024);
+
+ err = gnutls_handshake(session);
+ if (err != 0)
+ fail("client handshake %s (%d) \n",
+ gnutls_strerror(err), err);
+ else if (debug)
+ printf("client handshake successful\n");
+
+ sent =
+ gnutls_record_send(session, message, sizeof(message));
+ if (sent != sizeof(message))
+ fail("client sent %li vs. %li\n",
+ (long) sent, (long) sizeof(message));
+
+ err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail("client bye %d\n", err);
+
+ if (debug)
+ printf("client done\n");
+
+ gnutls_deinit(session);
+ gnutls_certificate_free_credentials(cred);
+ } else {
+ /* Parent process (server). */
+ gnutls_session_t session;
+ gnutls_dh_params_t dh_params;
+ gnutls_certificate_credentials_t cred;
+ char greetings[sizeof(message) * 2];
+ ssize_t received;
+ pid_t done;
+ int status;
+ const gnutls_datum_t p3 =
+ { (void *) pkcs3, strlen(pkcs3) };
+
+ if (debug)
+ printf("server process %i (child %i)\n", getpid(),
+ child);
+
+ err = gnutls_init(&session, GNUTLS_SERVER);
+ if (err != 0)
+ fail("server session %d\n", err);
+
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_int(session, sockets[1]);
+
+ err = gnutls_certificate_allocate_credentials(&cred);
+ if (err != 0)
+ fail("server credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2(cred,
+ pub_key_path,
+ priv_key_path,
+ key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail("server openpgp keys %d\n", err);
+
+ err = gnutls_dh_params_init(&dh_params);
+ if (err)
+ fail("server DH params init %d\n", err);
+
+ err =
+ gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
+ if (err)
+ fail("server DH params generate %d\n", err);
+
+ gnutls_certificate_set_dh_params(cred, dh_params);
+
+ err =
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cred);
+ if (err != 0)
+ fail("server credential_set %d\n", err);
+
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUIRE);
+
+ err = gnutls_handshake(session);
+ if (err != 0)
+ fail("server handshake %s (%d) \n",
+ gnutls_strerror(err), err);
+
+ received =
+ gnutls_record_recv(session, greetings,
+ sizeof(greetings));
+ if (received != sizeof(message)
+ || memcmp(greetings, message, sizeof(message)))
+ fail("server received %li vs. %li\n",
+ (long) received, (long) sizeof(message));
+
+ err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail("server bye %s (%d) \n", gnutls_strerror(err),
+ err);
+
+ if (debug)
+ printf("server done\n");
+
+ gnutls_deinit(session);
+ gnutls_certificate_free_credentials(cred);
+ gnutls_dh_params_deinit(dh_params);
+
+ done = wait(&status);
+ if (done < 0)
+ fail("wait %s\n", strerror(errno));
+
+ if (done != child)
+ fail("who's that?! %d\n", done);
+
+ if (WIFEXITED(status)) {
+ if (WEXITSTATUS(status) != 0)
+ fail("child exited with status %d\n",
+ WEXITSTATUS(status));
+ } else if (WIFSIGNALED(status))
+ fail("child stopped by signal %d\n",
+ WTERMSIG(status));
+ else
+ fail("child failed: %d\n", status);
+ }
+
+ gnutls_global_deinit();
}
#else
#include <stdlib.h>
-void
-doit ()
+void doit()
{
- exit (77);
+ exit(77);
}
#endif
diff --git a/tests/openpgp-keyring.c b/tests/openpgp-keyring.c
index c7423b8b7d..efdd97c30f 100644
--- a/tests/openpgp-keyring.c
+++ b/tests/openpgp-keyring.c
@@ -33,202 +33,326 @@
/* A hex-encoded raw OpenPGP keyring. This is a copy of (`sha1sum' output):
5fdce61bff528070dfabdd237d91be618c353b4e src/openpgp/cli_ring.gpg */
static unsigned char raw_keyring[] = {
- 0x99, 0x01, 0xA2, 0x04, 0x3C, 0x67, 0x95, 0x8D, 0x11, 0x04, 0x00, 0x80,
- 0xB1, 0x65, 0x21, 0x8B, 0xF8, 0x28, 0x06, 0xFA, 0x6F, 0x4C, 0x18, 0x0B,
- 0xF1, 0xF1, 0x4F, 0xC0, 0x10, 0x2E, 0x0F, 0x4E, 0x15, 0x60, 0x51, 0x2D,
- 0x0B, 0xBF, 0xB8, 0xA4, 0x1A, 0x7A, 0x90, 0x5B, 0x07, 0x8D, 0x44, 0x7B,
- 0x4D, 0x35, 0x24, 0x06, 0xC3, 0xA4, 0xD8, 0xFB, 0xCC, 0x1E, 0xB0, 0xDD,
- 0xBF, 0x4F, 0x82, 0xE3, 0x1D, 0x82, 0x1F, 0xC6, 0x06, 0x3F, 0x57, 0xBE,
- 0x3B, 0x47, 0xF6, 0xC8, 0xB5, 0xA4, 0xF1, 0x4B, 0xBE, 0x92, 0x41, 0x75,
- 0xDB, 0x28, 0xAA, 0x6D, 0xBB, 0xC3, 0x12, 0x20, 0x9D, 0x78, 0x94, 0xFA,
- 0x73, 0x7B, 0xC8, 0xB2, 0xD6, 0x3C, 0xBC, 0x9F, 0x49, 0xB2, 0x8E, 0x60,
- 0xFC, 0xB0, 0x7C, 0x5E, 0x08, 0x2A, 0xF3, 0xC4, 0x7B, 0x8D, 0x71, 0x52,
- 0xDE, 0x11, 0xFE, 0x58, 0x2E, 0x6F, 0xFF, 0xA3, 0xFA, 0x48, 0x04, 0x5F,
- 0xCD, 0x79, 0x78, 0xE7, 0xB7, 0x15, 0x7B, 0x00, 0xA0, 0xBF, 0x14, 0x9F,
- 0x1A, 0xC9, 0xBD, 0x98, 0x5A, 0x2C, 0xA4, 0x9D, 0x01, 0xDD, 0x11, 0xB2,
- 0x83, 0x93, 0x01, 0xD1, 0xDF, 0x03, 0xFD, 0x14, 0x10, 0xAF, 0x22, 0x42,
- 0x19, 0xD4, 0x76, 0x9C, 0xB7, 0xB8, 0x55, 0xF7, 0x2D, 0x3C, 0xBD, 0x90,
- 0x04, 0x3F, 0xF5, 0x5E, 0x1B, 0x6E, 0x6E, 0xA1, 0x1B, 0x7A, 0xD6, 0x95,
- 0x3F, 0x1B, 0x2C, 0xAA, 0xB2, 0x5D, 0x03, 0xE7, 0xA9, 0x94, 0x14, 0x53,
- 0xED, 0x41, 0xE8, 0x91, 0x20, 0x5A, 0x84, 0xCF, 0x20, 0x99, 0x29, 0x8D,
- 0xB9, 0x2A, 0xCB, 0x0E, 0xE8, 0xCF, 0x7C, 0x4B, 0x5A, 0x32, 0x0E, 0x98,
- 0x22, 0x40, 0x7E, 0x2A, 0xAD, 0x15, 0x78, 0x92, 0xC4, 0xD1, 0xC5, 0xD3,
- 0x64, 0x81, 0xF6, 0xF4, 0xA2, 0x65, 0x23, 0xFA, 0xA4, 0xD7, 0x11, 0xB8,
- 0x2B, 0xB0, 0xFA, 0x07, 0x47, 0x0A, 0x68, 0x70, 0xBF, 0x2F, 0x80, 0x48,
- 0xA0, 0xA7, 0x10, 0x2C, 0x9C, 0xDF, 0x4C, 0x83, 0xF0, 0xDD, 0xFA, 0xD2,
- 0xE2, 0x35, 0x5E, 0x35, 0xA4, 0x19, 0x34, 0x74, 0x95, 0xA9, 0x9F, 0x3F,
- 0x56, 0x63, 0x8C, 0x03, 0xFF, 0x6B, 0x90, 0xDB, 0x5C, 0x71, 0x0E, 0x11,
- 0x55, 0xDF, 0x56, 0x4C, 0x5A, 0x07, 0x2A, 0xF4, 0xF8, 0xBD, 0xF8, 0x88,
- 0x48, 0x43, 0x88, 0xCC, 0xA1, 0xA6, 0x70, 0x16, 0x3D, 0x1F, 0x29, 0xAA,
- 0xEC, 0xC0, 0x9C, 0x8B, 0x79, 0x8D, 0x7B, 0x80, 0x83, 0x22, 0x69, 0x2F,
- 0x66, 0x09, 0xE3, 0x0E, 0x52, 0x40, 0x33, 0xDD, 0x42, 0x5F, 0x53, 0x83,
- 0xB6, 0x13, 0xCB, 0x06, 0xAB, 0xF2, 0x86, 0x73, 0x21, 0x87, 0x10, 0xE7,
- 0x68, 0x39, 0x78, 0x36, 0x1E, 0x36, 0xB8, 0xF3, 0x12, 0xAF, 0xD2, 0x44,
- 0x5B, 0x62, 0x30, 0xA0, 0x86, 0xC5, 0x9D, 0xED, 0x74, 0x8A, 0x11, 0x93,
- 0x3B, 0x89, 0x41, 0x4B, 0x50, 0xB6, 0xF1, 0x47, 0xD2, 0x18, 0x43, 0x26,
- 0xFF, 0xC2, 0x41, 0x32, 0xDC, 0x40, 0x8D, 0xB6, 0x32, 0xDC, 0x16, 0x33,
- 0x52, 0xD0, 0x8C, 0x03, 0xE6, 0xC6, 0x04, 0x6E, 0x95, 0xA1, 0xEE, 0x62,
- 0xE4, 0xB4, 0x25, 0x44, 0x72, 0x2E, 0x20, 0x57, 0x68, 0x6F, 0x20, 0x28,
- 0x4E, 0x6F, 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x65, 0x6E, 0x74, 0x73, 0x29,
- 0x20, 0x3C, 0x77, 0x68, 0x6F, 0x40, 0x77, 0x68, 0x6F, 0x69, 0x73, 0x2E,
- 0x6F, 0x72, 0x67, 0x3E, 0x88, 0x5D, 0x04, 0x13, 0x11, 0x02, 0x00, 0x1D,
- 0x05, 0x02, 0x3C, 0x67, 0x95, 0x8D, 0x05, 0x09, 0x03, 0xC2, 0x67, 0x00,
- 0x05, 0x0B, 0x07, 0x0A, 0x03, 0x04, 0x03, 0x15, 0x03, 0x02, 0x03, 0x16,
- 0x02, 0x01, 0x02, 0x17, 0x80, 0x00, 0x0A, 0x09, 0x10, 0x35, 0x14, 0x5C,
- 0xEA, 0xA7, 0xD9, 0x3C, 0x3F, 0x96, 0x58, 0x00, 0x9F, 0x78, 0x99, 0xCB,
- 0xC9, 0xF6, 0xE9, 0x4C, 0x30, 0x7B, 0x98, 0x38, 0x77, 0x68, 0x04, 0xDB,
- 0xFB, 0x43, 0xD7, 0xCF, 0x6F, 0x00, 0xA0, 0xA4, 0x5D, 0x02, 0x90, 0x55,
- 0x33, 0xA0, 0x6D, 0xCB, 0xEB, 0xD6, 0xC9, 0x71, 0xFA, 0x1D, 0xF1, 0x7A,
- 0x65, 0x38, 0xFE, 0x99, 0x01, 0xA2, 0x04, 0x3C, 0x4A, 0xC5, 0x6C, 0x11,
- 0x04, 0x00, 0xE7, 0x2E, 0x76, 0xB6, 0x2E, 0xEF, 0xA9, 0xA3, 0xBD, 0x59,
- 0x40, 0x93, 0x29, 0x24, 0x18, 0x05, 0x0C, 0x02, 0xD7, 0x02, 0x9D, 0x6C,
- 0xA2, 0x06, 0x6E, 0xFC, 0x34, 0xC8, 0x60, 0x38, 0x62, 0x7C, 0x64, 0x3E,
- 0xB1, 0xA6, 0x52, 0xA7, 0xAF, 0x1D, 0x37, 0xCF, 0x46, 0xFC, 0x50, 0x5A,
- 0xC1, 0xE0, 0xC6, 0x99, 0xB3, 0x78, 0x95, 0xB4, 0xBC, 0xB3, 0xE5, 0x35,
- 0x41, 0xFF, 0xDA, 0x47, 0x66, 0xD6, 0x16, 0x8C, 0x2B, 0x8A, 0xAF, 0xD6,
- 0xAB, 0x22, 0x46, 0x6D, 0x06, 0xD1, 0x80, 0x34, 0xD5, 0xDA, 0xC6, 0x98,
- 0xE6, 0x99, 0x3B, 0xA5, 0xB3, 0x50, 0xFF, 0x82, 0x2E, 0x1C, 0xD8, 0x70,
- 0x2A, 0x75, 0x11, 0x4E, 0x8B, 0x73, 0xA6, 0xB0, 0x9C, 0xB3, 0xB9, 0x3C,
- 0xE4, 0x4D, 0xBB, 0x51, 0x6C, 0x9B, 0xB5, 0xF9, 0x5B, 0xB6, 0x66, 0x18,
- 0x86, 0x02, 0xA0, 0xA1, 0x44, 0x72, 0x36, 0xC0, 0x65, 0x8F, 0x00, 0xA0,
- 0x8F, 0x5B, 0x5E, 0x78, 0xD8, 0x5F, 0x79, 0x2C, 0xC2, 0x07, 0x2F, 0x94,
- 0x74, 0x64, 0x57, 0x26, 0xFB, 0x4D, 0x93, 0x73, 0x03, 0xFE, 0x35, 0x78,
- 0xD6, 0x89, 0xD6, 0x60, 0x6E, 0x91, 0x18, 0xE9, 0xF9, 0xA7, 0x04, 0x2B,
- 0x96, 0x3C, 0xF2, 0x3F, 0x3D, 0x8F, 0x13, 0x77, 0xA2, 0x73, 0xC0, 0xF0,
- 0x97, 0x4D, 0xBF, 0x44, 0xB3, 0xCA, 0xBC, 0xBE, 0x14, 0xDD, 0x64, 0x41,
- 0x25, 0x55, 0x86, 0x3E, 0x39, 0xA9, 0xC6, 0x27, 0x66, 0x2D, 0x77, 0xAC,
- 0x36, 0x66, 0x2A, 0xE4, 0x49, 0x79, 0x2C, 0x32, 0x62, 0xD3, 0xF1, 0x2E,
- 0x98, 0x32, 0xA7, 0x56, 0x53, 0x09, 0xD6, 0x7B, 0xA0, 0xAE, 0x4D, 0xF2,
- 0x5F, 0x5E, 0xDA, 0x09, 0x37, 0x05, 0x6A, 0xD5, 0xBE, 0x89, 0xF4, 0x06,
- 0x9E, 0xBD, 0x7E, 0xC7, 0x6C, 0xE4, 0x32, 0x44, 0x1D, 0xF5, 0xD5, 0x2F,
- 0xFF, 0xD0, 0x6D, 0x39, 0xE5, 0xF6, 0x1E, 0x36, 0x94, 0x7B, 0x69, 0x8A,
- 0x77, 0xCB, 0x62, 0xAB, 0x81, 0xE4, 0xA4, 0x12, 0x2B, 0xF9, 0x05, 0x06,
- 0x71, 0xD9, 0x94, 0x6C, 0x86, 0x5E, 0x04, 0x00, 0xD0, 0x61, 0x43, 0x7A,
- 0x96, 0x4D, 0xDE, 0x31, 0x88, 0x18, 0xC2, 0xB2, 0x4D, 0xE0, 0x08, 0xE6,
- 0x00, 0x96, 0xB6, 0x0D, 0xB8, 0xA6, 0x84, 0xB8, 0x5A, 0x83, 0x8D, 0x11,
- 0x9F, 0xC9, 0x30, 0x31, 0x18, 0x89, 0xAD, 0x57, 0xA3, 0xB9, 0x27, 0xF4,
- 0x48, 0xF8, 0x4E, 0xB2, 0x53, 0xC6, 0x23, 0xED, 0xA7, 0x3B, 0x42, 0xFF,
- 0x78, 0xBC, 0xE6, 0x3A, 0x6A, 0x53, 0x1D, 0x75, 0xA6, 0x4C, 0xE8, 0x54,
- 0x05, 0x13, 0x80, 0x8E, 0x9F, 0x5B, 0x10, 0xCE, 0x07, 0x5D, 0x34, 0x17,
- 0xB8, 0x01, 0x16, 0x49, 0x18, 0xB1, 0x31, 0xD3, 0x54, 0x4C, 0x87, 0x65,
- 0xA8, 0xEC, 0xB9, 0x97, 0x1F, 0x61, 0xA0, 0x9F, 0xC7, 0x3D, 0x50, 0x98,
- 0x06, 0x10, 0x6B, 0x59, 0x77, 0xD2, 0x11, 0xCB, 0x0E, 0x1D, 0x04, 0xD0,
- 0xED, 0x96, 0xBC, 0xE8, 0x9B, 0xAE, 0x8F, 0x73, 0xD8, 0x00, 0xB0, 0x52,
- 0x13, 0x9C, 0xBF, 0x8D, 0xB4, 0x49, 0x4F, 0x70, 0x65, 0x6E, 0x43, 0x44,
- 0x4B, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6B, 0x65, 0x79, 0x20, 0x28,
- 0x4F, 0x6E, 0x6C, 0x79, 0x20, 0x69, 0x6E, 0x74, 0x65, 0x6E, 0x64, 0x65,
- 0x64, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x70,
- 0x75, 0x72, 0x70, 0x6F, 0x73, 0x65, 0x73, 0x21, 0x29, 0x20, 0x3C, 0x6F,
- 0x70, 0x65, 0x6E, 0x63, 0x64, 0x6B, 0x40, 0x66, 0x6F, 0x6F, 0x2D, 0x62,
- 0x61, 0x72, 0x2E, 0x6F, 0x72, 0x67, 0x3E, 0x88, 0x62, 0x04, 0x13, 0x11,
- 0x02, 0x00, 0x1A, 0x05, 0x02, 0x3C, 0x4A, 0xC5, 0x6C, 0x05, 0x0B, 0x07,
- 0x0A, 0x03, 0x04, 0x03, 0x15, 0x03, 0x02, 0x03, 0x16, 0x02, 0x01, 0x02,
- 0x1E, 0x01, 0x02, 0x17, 0x80, 0x00, 0x12, 0x09, 0x10, 0xBD, 0x57, 0x2C,
- 0xDC, 0xCC, 0xC0, 0x7C, 0x35, 0x07, 0x65, 0x47, 0x50, 0x47, 0x00, 0x01,
- 0x01, 0x81, 0xC1, 0x00, 0x9C, 0x0E, 0x12, 0x8D, 0x8E, 0xD4, 0x44, 0x7C,
- 0x6D, 0xCB, 0xCE, 0x61, 0x50, 0xD9, 0xCD, 0x86, 0xE2, 0x0D, 0x84, 0x59,
- 0xA5, 0x00, 0x9F, 0x66, 0x81, 0x66, 0x2C, 0x80, 0xC6, 0xAA, 0xCF, 0x1D,
- 0x2D, 0x2B, 0xC2, 0x04, 0xF0, 0x82, 0xFE, 0x80, 0xD3, 0xDB, 0xA4, 0xB9,
- 0x01, 0x0D, 0x04, 0x3C, 0x4A, 0xC5, 0x6F, 0x10, 0x04, 0x00, 0xE2, 0x01,
- 0x56, 0x52, 0x60, 0x69, 0xD0, 0x67, 0xD2, 0x4F, 0x4D, 0x71, 0xE6, 0xD3,
- 0x86, 0x58, 0xE0, 0x8B, 0xE3, 0xBF, 0x24, 0x6C, 0x1A, 0xDC, 0xE0, 0x8D,
- 0xB6, 0x9C, 0xD8, 0xD4, 0x59, 0xC1, 0xED, 0x33, 0x57, 0x38, 0x41, 0x07,
- 0x98, 0x75, 0x5A, 0xFD, 0xB7, 0x9F, 0x17, 0x97, 0xCF, 0x02, 0x2E, 0x70,
- 0xC7, 0x96, 0x0F, 0x12, 0xCA, 0x68, 0x96, 0xD2, 0x7C, 0xFD, 0x24, 0xA1,
- 0x1C, 0xD3, 0x16, 0xDD, 0xE1, 0xFB, 0xCC, 0x1E, 0xA6, 0x15, 0xC5, 0xC3,
- 0x1F, 0xEC, 0x65, 0x6E, 0x46, 0x70, 0x78, 0xC8, 0x75, 0xFC, 0x50, 0x9B,
- 0x1E, 0xCB, 0x99, 0xC8, 0xB5, 0x6C, 0x2D, 0x87, 0x5C, 0x50, 0xE2, 0x01,
- 0x8B, 0x5B, 0x0F, 0xA3, 0x78, 0x60, 0x6E, 0xB6, 0x42, 0x5A, 0x25, 0x33,
- 0x83, 0x0F, 0x55, 0xFD, 0x21, 0xD6, 0x49, 0x01, 0x56, 0x15, 0xD4, 0x9A,
- 0x1D, 0x09, 0xE9, 0x51, 0x0F, 0x5F, 0x00, 0x03, 0x05, 0x04, 0x00, 0xD0,
- 0xBD, 0xAD, 0xE4, 0x04, 0x32, 0x75, 0x86, 0x75, 0xC8, 0x7D, 0x07, 0x30,
- 0xC3, 0x60, 0x98, 0x14, 0x67, 0xBA, 0xE1, 0xBE, 0xB6, 0xCC, 0x10, 0x5A,
- 0x3C, 0x1F, 0x36, 0x6B, 0xFD, 0xBE, 0xA1, 0x2E, 0x37, 0x84, 0x56, 0x51,
- 0x32, 0x38, 0xB8, 0xAD, 0x41, 0x4E, 0x52, 0xA2, 0xA9, 0x66, 0x1D, 0x1D,
- 0xF1, 0xDB, 0x6B, 0xB5, 0xF3, 0x3F, 0x69, 0x06, 0x16, 0x61, 0x07, 0x55,
- 0x6C, 0x81, 0x32, 0x24, 0x33, 0x0B, 0x30, 0x93, 0x2D, 0xB7, 0xC8, 0xCC,
- 0x82, 0x25, 0x67, 0x2D, 0x7A, 0xE2, 0x4A, 0xF2, 0x46, 0x97, 0x50, 0xE5,
- 0x39, 0xB6, 0x61, 0xEA, 0x64, 0x75, 0xD2, 0xE0, 0x3C, 0xD8, 0xD3, 0x83,
- 0x8D, 0xC4, 0xA8, 0xAC, 0x4A, 0xFD, 0x21, 0x35, 0x36, 0xFE, 0x3E, 0x96,
- 0xEC, 0x9D, 0x0A, 0xEA, 0x65, 0x16, 0x4B, 0x57, 0x6E, 0x01, 0xB3, 0x7A,
- 0x8D, 0xCA, 0x89, 0xF2, 0xB2, 0x57, 0xD0, 0x88, 0x4E, 0x04, 0x18, 0x11,
- 0x02, 0x00, 0x06, 0x05, 0x02, 0x3C, 0x4A, 0xC5, 0x6F, 0x00, 0x12, 0x09,
- 0x10, 0xBD, 0x57, 0x2C, 0xDC, 0xCC, 0xC0, 0x7C, 0x35, 0x07, 0x65, 0x47,
- 0x50, 0x47, 0x00, 0x01, 0x01, 0x75, 0x66, 0x00, 0x9F, 0x60, 0x1E, 0x1F,
- 0x99, 0xE0, 0xB0, 0x7C, 0x77, 0xE6, 0x7F, 0x3E, 0xEC, 0xA1, 0xE1, 0x9F,
- 0x94, 0x63, 0xD3, 0x73, 0x67, 0x00, 0x9F, 0x6A, 0xC6, 0x9E, 0xB4, 0x11,
- 0x9A, 0x6F, 0xFB, 0xF4, 0x49, 0xE7, 0xD1, 0x54, 0xD8, 0x2E, 0x05, 0xD4,
- 0x08, 0x61, 0xDB
+ 0x99, 0x01, 0xA2, 0x04, 0x3C, 0x67, 0x95, 0x8D, 0x11, 0x04, 0x00,
+ 0x80,
+ 0xB1, 0x65, 0x21, 0x8B, 0xF8, 0x28, 0x06, 0xFA, 0x6F, 0x4C, 0x18,
+ 0x0B,
+ 0xF1, 0xF1, 0x4F, 0xC0, 0x10, 0x2E, 0x0F, 0x4E, 0x15, 0x60, 0x51,
+ 0x2D,
+ 0x0B, 0xBF, 0xB8, 0xA4, 0x1A, 0x7A, 0x90, 0x5B, 0x07, 0x8D, 0x44,
+ 0x7B,
+ 0x4D, 0x35, 0x24, 0x06, 0xC3, 0xA4, 0xD8, 0xFB, 0xCC, 0x1E, 0xB0,
+ 0xDD,
+ 0xBF, 0x4F, 0x82, 0xE3, 0x1D, 0x82, 0x1F, 0xC6, 0x06, 0x3F, 0x57,
+ 0xBE,
+ 0x3B, 0x47, 0xF6, 0xC8, 0xB5, 0xA4, 0xF1, 0x4B, 0xBE, 0x92, 0x41,
+ 0x75,
+ 0xDB, 0x28, 0xAA, 0x6D, 0xBB, 0xC3, 0x12, 0x20, 0x9D, 0x78, 0x94,
+ 0xFA,
+ 0x73, 0x7B, 0xC8, 0xB2, 0xD6, 0x3C, 0xBC, 0x9F, 0x49, 0xB2, 0x8E,
+ 0x60,
+ 0xFC, 0xB0, 0x7C, 0x5E, 0x08, 0x2A, 0xF3, 0xC4, 0x7B, 0x8D, 0x71,
+ 0x52,
+ 0xDE, 0x11, 0xFE, 0x58, 0x2E, 0x6F, 0xFF, 0xA3, 0xFA, 0x48, 0x04,
+ 0x5F,
+ 0xCD, 0x79, 0x78, 0xE7, 0xB7, 0x15, 0x7B, 0x00, 0xA0, 0xBF, 0x14,
+ 0x9F,
+ 0x1A, 0xC9, 0xBD, 0x98, 0x5A, 0x2C, 0xA4, 0x9D, 0x01, 0xDD, 0x11,
+ 0xB2,
+ 0x83, 0x93, 0x01, 0xD1, 0xDF, 0x03, 0xFD, 0x14, 0x10, 0xAF, 0x22,
+ 0x42,
+ 0x19, 0xD4, 0x76, 0x9C, 0xB7, 0xB8, 0x55, 0xF7, 0x2D, 0x3C, 0xBD,
+ 0x90,
+ 0x04, 0x3F, 0xF5, 0x5E, 0x1B, 0x6E, 0x6E, 0xA1, 0x1B, 0x7A, 0xD6,
+ 0x95,
+ 0x3F, 0x1B, 0x2C, 0xAA, 0xB2, 0x5D, 0x03, 0xE7, 0xA9, 0x94, 0x14,
+ 0x53,
+ 0xED, 0x41, 0xE8, 0x91, 0x20, 0x5A, 0x84, 0xCF, 0x20, 0x99, 0x29,
+ 0x8D,
+ 0xB9, 0x2A, 0xCB, 0x0E, 0xE8, 0xCF, 0x7C, 0x4B, 0x5A, 0x32, 0x0E,
+ 0x98,
+ 0x22, 0x40, 0x7E, 0x2A, 0xAD, 0x15, 0x78, 0x92, 0xC4, 0xD1, 0xC5,
+ 0xD3,
+ 0x64, 0x81, 0xF6, 0xF4, 0xA2, 0x65, 0x23, 0xFA, 0xA4, 0xD7, 0x11,
+ 0xB8,
+ 0x2B, 0xB0, 0xFA, 0x07, 0x47, 0x0A, 0x68, 0x70, 0xBF, 0x2F, 0x80,
+ 0x48,
+ 0xA0, 0xA7, 0x10, 0x2C, 0x9C, 0xDF, 0x4C, 0x83, 0xF0, 0xDD, 0xFA,
+ 0xD2,
+ 0xE2, 0x35, 0x5E, 0x35, 0xA4, 0x19, 0x34, 0x74, 0x95, 0xA9, 0x9F,
+ 0x3F,
+ 0x56, 0x63, 0x8C, 0x03, 0xFF, 0x6B, 0x90, 0xDB, 0x5C, 0x71, 0x0E,
+ 0x11,
+ 0x55, 0xDF, 0x56, 0x4C, 0x5A, 0x07, 0x2A, 0xF4, 0xF8, 0xBD, 0xF8,
+ 0x88,
+ 0x48, 0x43, 0x88, 0xCC, 0xA1, 0xA6, 0x70, 0x16, 0x3D, 0x1F, 0x29,
+ 0xAA,
+ 0xEC, 0xC0, 0x9C, 0x8B, 0x79, 0x8D, 0x7B, 0x80, 0x83, 0x22, 0x69,
+ 0x2F,
+ 0x66, 0x09, 0xE3, 0x0E, 0x52, 0x40, 0x33, 0xDD, 0x42, 0x5F, 0x53,
+ 0x83,
+ 0xB6, 0x13, 0xCB, 0x06, 0xAB, 0xF2, 0x86, 0x73, 0x21, 0x87, 0x10,
+ 0xE7,
+ 0x68, 0x39, 0x78, 0x36, 0x1E, 0x36, 0xB8, 0xF3, 0x12, 0xAF, 0xD2,
+ 0x44,
+ 0x5B, 0x62, 0x30, 0xA0, 0x86, 0xC5, 0x9D, 0xED, 0x74, 0x8A, 0x11,
+ 0x93,
+ 0x3B, 0x89, 0x41, 0x4B, 0x50, 0xB6, 0xF1, 0x47, 0xD2, 0x18, 0x43,
+ 0x26,
+ 0xFF, 0xC2, 0x41, 0x32, 0xDC, 0x40, 0x8D, 0xB6, 0x32, 0xDC, 0x16,
+ 0x33,
+ 0x52, 0xD0, 0x8C, 0x03, 0xE6, 0xC6, 0x04, 0x6E, 0x95, 0xA1, 0xEE,
+ 0x62,
+ 0xE4, 0xB4, 0x25, 0x44, 0x72, 0x2E, 0x20, 0x57, 0x68, 0x6F, 0x20,
+ 0x28,
+ 0x4E, 0x6F, 0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x65, 0x6E, 0x74, 0x73,
+ 0x29,
+ 0x20, 0x3C, 0x77, 0x68, 0x6F, 0x40, 0x77, 0x68, 0x6F, 0x69, 0x73,
+ 0x2E,
+ 0x6F, 0x72, 0x67, 0x3E, 0x88, 0x5D, 0x04, 0x13, 0x11, 0x02, 0x00,
+ 0x1D,
+ 0x05, 0x02, 0x3C, 0x67, 0x95, 0x8D, 0x05, 0x09, 0x03, 0xC2, 0x67,
+ 0x00,
+ 0x05, 0x0B, 0x07, 0x0A, 0x03, 0x04, 0x03, 0x15, 0x03, 0x02, 0x03,
+ 0x16,
+ 0x02, 0x01, 0x02, 0x17, 0x80, 0x00, 0x0A, 0x09, 0x10, 0x35, 0x14,
+ 0x5C,
+ 0xEA, 0xA7, 0xD9, 0x3C, 0x3F, 0x96, 0x58, 0x00, 0x9F, 0x78, 0x99,
+ 0xCB,
+ 0xC9, 0xF6, 0xE9, 0x4C, 0x30, 0x7B, 0x98, 0x38, 0x77, 0x68, 0x04,
+ 0xDB,
+ 0xFB, 0x43, 0xD7, 0xCF, 0x6F, 0x00, 0xA0, 0xA4, 0x5D, 0x02, 0x90,
+ 0x55,
+ 0x33, 0xA0, 0x6D, 0xCB, 0xEB, 0xD6, 0xC9, 0x71, 0xFA, 0x1D, 0xF1,
+ 0x7A,
+ 0x65, 0x38, 0xFE, 0x99, 0x01, 0xA2, 0x04, 0x3C, 0x4A, 0xC5, 0x6C,
+ 0x11,
+ 0x04, 0x00, 0xE7, 0x2E, 0x76, 0xB6, 0x2E, 0xEF, 0xA9, 0xA3, 0xBD,
+ 0x59,
+ 0x40, 0x93, 0x29, 0x24, 0x18, 0x05, 0x0C, 0x02, 0xD7, 0x02, 0x9D,
+ 0x6C,
+ 0xA2, 0x06, 0x6E, 0xFC, 0x34, 0xC8, 0x60, 0x38, 0x62, 0x7C, 0x64,
+ 0x3E,
+ 0xB1, 0xA6, 0x52, 0xA7, 0xAF, 0x1D, 0x37, 0xCF, 0x46, 0xFC, 0x50,
+ 0x5A,
+ 0xC1, 0xE0, 0xC6, 0x99, 0xB3, 0x78, 0x95, 0xB4, 0xBC, 0xB3, 0xE5,
+ 0x35,
+ 0x41, 0xFF, 0xDA, 0x47, 0x66, 0xD6, 0x16, 0x8C, 0x2B, 0x8A, 0xAF,
+ 0xD6,
+ 0xAB, 0x22, 0x46, 0x6D, 0x06, 0xD1, 0x80, 0x34, 0xD5, 0xDA, 0xC6,
+ 0x98,
+ 0xE6, 0x99, 0x3B, 0xA5, 0xB3, 0x50, 0xFF, 0x82, 0x2E, 0x1C, 0xD8,
+ 0x70,
+ 0x2A, 0x75, 0x11, 0x4E, 0x8B, 0x73, 0xA6, 0xB0, 0x9C, 0xB3, 0xB9,
+ 0x3C,
+ 0xE4, 0x4D, 0xBB, 0x51, 0x6C, 0x9B, 0xB5, 0xF9, 0x5B, 0xB6, 0x66,
+ 0x18,
+ 0x86, 0x02, 0xA0, 0xA1, 0x44, 0x72, 0x36, 0xC0, 0x65, 0x8F, 0x00,
+ 0xA0,
+ 0x8F, 0x5B, 0x5E, 0x78, 0xD8, 0x5F, 0x79, 0x2C, 0xC2, 0x07, 0x2F,
+ 0x94,
+ 0x74, 0x64, 0x57, 0x26, 0xFB, 0x4D, 0x93, 0x73, 0x03, 0xFE, 0x35,
+ 0x78,
+ 0xD6, 0x89, 0xD6, 0x60, 0x6E, 0x91, 0x18, 0xE9, 0xF9, 0xA7, 0x04,
+ 0x2B,
+ 0x96, 0x3C, 0xF2, 0x3F, 0x3D, 0x8F, 0x13, 0x77, 0xA2, 0x73, 0xC0,
+ 0xF0,
+ 0x97, 0x4D, 0xBF, 0x44, 0xB3, 0xCA, 0xBC, 0xBE, 0x14, 0xDD, 0x64,
+ 0x41,
+ 0x25, 0x55, 0x86, 0x3E, 0x39, 0xA9, 0xC6, 0x27, 0x66, 0x2D, 0x77,
+ 0xAC,
+ 0x36, 0x66, 0x2A, 0xE4, 0x49, 0x79, 0x2C, 0x32, 0x62, 0xD3, 0xF1,
+ 0x2E,
+ 0x98, 0x32, 0xA7, 0x56, 0x53, 0x09, 0xD6, 0x7B, 0xA0, 0xAE, 0x4D,
+ 0xF2,
+ 0x5F, 0x5E, 0xDA, 0x09, 0x37, 0x05, 0x6A, 0xD5, 0xBE, 0x89, 0xF4,
+ 0x06,
+ 0x9E, 0xBD, 0x7E, 0xC7, 0x6C, 0xE4, 0x32, 0x44, 0x1D, 0xF5, 0xD5,
+ 0x2F,
+ 0xFF, 0xD0, 0x6D, 0x39, 0xE5, 0xF6, 0x1E, 0x36, 0x94, 0x7B, 0x69,
+ 0x8A,
+ 0x77, 0xCB, 0x62, 0xAB, 0x81, 0xE4, 0xA4, 0x12, 0x2B, 0xF9, 0x05,
+ 0x06,
+ 0x71, 0xD9, 0x94, 0x6C, 0x86, 0x5E, 0x04, 0x00, 0xD0, 0x61, 0x43,
+ 0x7A,
+ 0x96, 0x4D, 0xDE, 0x31, 0x88, 0x18, 0xC2, 0xB2, 0x4D, 0xE0, 0x08,
+ 0xE6,
+ 0x00, 0x96, 0xB6, 0x0D, 0xB8, 0xA6, 0x84, 0xB8, 0x5A, 0x83, 0x8D,
+ 0x11,
+ 0x9F, 0xC9, 0x30, 0x31, 0x18, 0x89, 0xAD, 0x57, 0xA3, 0xB9, 0x27,
+ 0xF4,
+ 0x48, 0xF8, 0x4E, 0xB2, 0x53, 0xC6, 0x23, 0xED, 0xA7, 0x3B, 0x42,
+ 0xFF,
+ 0x78, 0xBC, 0xE6, 0x3A, 0x6A, 0x53, 0x1D, 0x75, 0xA6, 0x4C, 0xE8,
+ 0x54,
+ 0x05, 0x13, 0x80, 0x8E, 0x9F, 0x5B, 0x10, 0xCE, 0x07, 0x5D, 0x34,
+ 0x17,
+ 0xB8, 0x01, 0x16, 0x49, 0x18, 0xB1, 0x31, 0xD3, 0x54, 0x4C, 0x87,
+ 0x65,
+ 0xA8, 0xEC, 0xB9, 0x97, 0x1F, 0x61, 0xA0, 0x9F, 0xC7, 0x3D, 0x50,
+ 0x98,
+ 0x06, 0x10, 0x6B, 0x59, 0x77, 0xD2, 0x11, 0xCB, 0x0E, 0x1D, 0x04,
+ 0xD0,
+ 0xED, 0x96, 0xBC, 0xE8, 0x9B, 0xAE, 0x8F, 0x73, 0xD8, 0x00, 0xB0,
+ 0x52,
+ 0x13, 0x9C, 0xBF, 0x8D, 0xB4, 0x49, 0x4F, 0x70, 0x65, 0x6E, 0x43,
+ 0x44,
+ 0x4B, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6B, 0x65, 0x79, 0x20,
+ 0x28,
+ 0x4F, 0x6E, 0x6C, 0x79, 0x20, 0x69, 0x6E, 0x74, 0x65, 0x6E, 0x64,
+ 0x65,
+ 0x64, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20,
+ 0x70,
+ 0x75, 0x72, 0x70, 0x6F, 0x73, 0x65, 0x73, 0x21, 0x29, 0x20, 0x3C,
+ 0x6F,
+ 0x70, 0x65, 0x6E, 0x63, 0x64, 0x6B, 0x40, 0x66, 0x6F, 0x6F, 0x2D,
+ 0x62,
+ 0x61, 0x72, 0x2E, 0x6F, 0x72, 0x67, 0x3E, 0x88, 0x62, 0x04, 0x13,
+ 0x11,
+ 0x02, 0x00, 0x1A, 0x05, 0x02, 0x3C, 0x4A, 0xC5, 0x6C, 0x05, 0x0B,
+ 0x07,
+ 0x0A, 0x03, 0x04, 0x03, 0x15, 0x03, 0x02, 0x03, 0x16, 0x02, 0x01,
+ 0x02,
+ 0x1E, 0x01, 0x02, 0x17, 0x80, 0x00, 0x12, 0x09, 0x10, 0xBD, 0x57,
+ 0x2C,
+ 0xDC, 0xCC, 0xC0, 0x7C, 0x35, 0x07, 0x65, 0x47, 0x50, 0x47, 0x00,
+ 0x01,
+ 0x01, 0x81, 0xC1, 0x00, 0x9C, 0x0E, 0x12, 0x8D, 0x8E, 0xD4, 0x44,
+ 0x7C,
+ 0x6D, 0xCB, 0xCE, 0x61, 0x50, 0xD9, 0xCD, 0x86, 0xE2, 0x0D, 0x84,
+ 0x59,
+ 0xA5, 0x00, 0x9F, 0x66, 0x81, 0x66, 0x2C, 0x80, 0xC6, 0xAA, 0xCF,
+ 0x1D,
+ 0x2D, 0x2B, 0xC2, 0x04, 0xF0, 0x82, 0xFE, 0x80, 0xD3, 0xDB, 0xA4,
+ 0xB9,
+ 0x01, 0x0D, 0x04, 0x3C, 0x4A, 0xC5, 0x6F, 0x10, 0x04, 0x00, 0xE2,
+ 0x01,
+ 0x56, 0x52, 0x60, 0x69, 0xD0, 0x67, 0xD2, 0x4F, 0x4D, 0x71, 0xE6,
+ 0xD3,
+ 0x86, 0x58, 0xE0, 0x8B, 0xE3, 0xBF, 0x24, 0x6C, 0x1A, 0xDC, 0xE0,
+ 0x8D,
+ 0xB6, 0x9C, 0xD8, 0xD4, 0x59, 0xC1, 0xED, 0x33, 0x57, 0x38, 0x41,
+ 0x07,
+ 0x98, 0x75, 0x5A, 0xFD, 0xB7, 0x9F, 0x17, 0x97, 0xCF, 0x02, 0x2E,
+ 0x70,
+ 0xC7, 0x96, 0x0F, 0x12, 0xCA, 0x68, 0x96, 0xD2, 0x7C, 0xFD, 0x24,
+ 0xA1,
+ 0x1C, 0xD3, 0x16, 0xDD, 0xE1, 0xFB, 0xCC, 0x1E, 0xA6, 0x15, 0xC5,
+ 0xC3,
+ 0x1F, 0xEC, 0x65, 0x6E, 0x46, 0x70, 0x78, 0xC8, 0x75, 0xFC, 0x50,
+ 0x9B,
+ 0x1E, 0xCB, 0x99, 0xC8, 0xB5, 0x6C, 0x2D, 0x87, 0x5C, 0x50, 0xE2,
+ 0x01,
+ 0x8B, 0x5B, 0x0F, 0xA3, 0x78, 0x60, 0x6E, 0xB6, 0x42, 0x5A, 0x25,
+ 0x33,
+ 0x83, 0x0F, 0x55, 0xFD, 0x21, 0xD6, 0x49, 0x01, 0x56, 0x15, 0xD4,
+ 0x9A,
+ 0x1D, 0x09, 0xE9, 0x51, 0x0F, 0x5F, 0x00, 0x03, 0x05, 0x04, 0x00,
+ 0xD0,
+ 0xBD, 0xAD, 0xE4, 0x04, 0x32, 0x75, 0x86, 0x75, 0xC8, 0x7D, 0x07,
+ 0x30,
+ 0xC3, 0x60, 0x98, 0x14, 0x67, 0xBA, 0xE1, 0xBE, 0xB6, 0xCC, 0x10,
+ 0x5A,
+ 0x3C, 0x1F, 0x36, 0x6B, 0xFD, 0xBE, 0xA1, 0x2E, 0x37, 0x84, 0x56,
+ 0x51,
+ 0x32, 0x38, 0xB8, 0xAD, 0x41, 0x4E, 0x52, 0xA2, 0xA9, 0x66, 0x1D,
+ 0x1D,
+ 0xF1, 0xDB, 0x6B, 0xB5, 0xF3, 0x3F, 0x69, 0x06, 0x16, 0x61, 0x07,
+ 0x55,
+ 0x6C, 0x81, 0x32, 0x24, 0x33, 0x0B, 0x30, 0x93, 0x2D, 0xB7, 0xC8,
+ 0xCC,
+ 0x82, 0x25, 0x67, 0x2D, 0x7A, 0xE2, 0x4A, 0xF2, 0x46, 0x97, 0x50,
+ 0xE5,
+ 0x39, 0xB6, 0x61, 0xEA, 0x64, 0x75, 0xD2, 0xE0, 0x3C, 0xD8, 0xD3,
+ 0x83,
+ 0x8D, 0xC4, 0xA8, 0xAC, 0x4A, 0xFD, 0x21, 0x35, 0x36, 0xFE, 0x3E,
+ 0x96,
+ 0xEC, 0x9D, 0x0A, 0xEA, 0x65, 0x16, 0x4B, 0x57, 0x6E, 0x01, 0xB3,
+ 0x7A,
+ 0x8D, 0xCA, 0x89, 0xF2, 0xB2, 0x57, 0xD0, 0x88, 0x4E, 0x04, 0x18,
+ 0x11,
+ 0x02, 0x00, 0x06, 0x05, 0x02, 0x3C, 0x4A, 0xC5, 0x6F, 0x00, 0x12,
+ 0x09,
+ 0x10, 0xBD, 0x57, 0x2C, 0xDC, 0xCC, 0xC0, 0x7C, 0x35, 0x07, 0x65,
+ 0x47,
+ 0x50, 0x47, 0x00, 0x01, 0x01, 0x75, 0x66, 0x00, 0x9F, 0x60, 0x1E,
+ 0x1F,
+ 0x99, 0xE0, 0xB0, 0x7C, 0x77, 0xE6, 0x7F, 0x3E, 0xEC, 0xA1, 0xE1,
+ 0x9F,
+ 0x94, 0x63, 0xD3, 0x73, 0x67, 0x00, 0x9F, 0x6A, 0xC6, 0x9E, 0xB4,
+ 0x11,
+ 0x9A, 0x6F, 0xFB, 0xF4, 0x49, 0xE7, 0xD1, 0x54, 0xD8, 0x2E, 0x05,
+ 0xD4,
+ 0x08, 0x61, 0xDB
};
/* The ID of a key known to be in the above keyring. */
static const gnutls_openpgp_keyid_t id_in_keyring =
- /* "Dr. Who", first key in the keyring */
+ /* "Dr. Who", first key in the keyring */
{ 0x35, 0x14, 0x5c, 0xea,
- 0xa7, 0xd9, 0x3c, 0x3f
+ 0xa7, 0xd9, 0x3c, 0x3f
};
static const gnutls_openpgp_keyid_t id2_in_keyring =
- /* OpenCDK test key, second key in the keyring */
+ /* OpenCDK test key, second key in the keyring */
{ 0xbd, 0x57, 0x2c, 0xdc,
- 0xcc, 0xc0, 0x7c, 0x35
+ 0xcc, 0xc0, 0x7c, 0x35
};
static const gnutls_openpgp_keyid_t id_not_in_keyring =
- { 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00
+ { 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
};
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%d| %s", level, str);
+ fprintf(stderr, "%d| %s", level, str);
}
-void
-doit (void)
+void doit(void)
{
- gnutls_openpgp_keyring_t keyring;
- gnutls_datum_t data;
- int ret;
-
- ret = global_init ();
- if (ret < 0)
- fail ("init %d\n", ret);
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- ret = gnutls_openpgp_keyring_init (&keyring);
- if (ret < 0)
- fail ("keyring-init %d\n", ret);
-
- data.data = raw_keyring;
- data.size = sizeof (raw_keyring) / sizeof (raw_keyring[0]);
- ret = gnutls_openpgp_keyring_import (keyring, &data,
- GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- fail ("keyring-import %d\n", ret);
-
- ret = gnutls_openpgp_keyring_check_id (keyring, id_not_in_keyring, 0);
- if (ret == 0)
- fail ("keyring-check-id (not-in-keyring) %d\n", ret);
-
- ret = gnutls_openpgp_keyring_check_id (keyring, id_in_keyring, 0);
- if (ret != 0)
- fail ("keyring-check-id first key %d\n", ret);
-
- ret = gnutls_openpgp_keyring_check_id (keyring, id2_in_keyring, 0);
- if (ret != 0)
- fail ("keyring-check-id second key %d\n", ret);
-
- if (debug)
- success ("done\n");
-
- gnutls_openpgp_keyring_deinit (keyring);
- gnutls_global_deinit ();
+ gnutls_openpgp_keyring_t keyring;
+ gnutls_datum_t data;
+ int ret;
+
+ ret = global_init();
+ if (ret < 0)
+ fail("init %d\n", ret);
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ ret = gnutls_openpgp_keyring_init(&keyring);
+ if (ret < 0)
+ fail("keyring-init %d\n", ret);
+
+ data.data = raw_keyring;
+ data.size = sizeof(raw_keyring) / sizeof(raw_keyring[0]);
+ ret = gnutls_openpgp_keyring_import(keyring, &data,
+ GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0)
+ fail("keyring-import %d\n", ret);
+
+ ret =
+ gnutls_openpgp_keyring_check_id(keyring, id_not_in_keyring, 0);
+ if (ret == 0)
+ fail("keyring-check-id (not-in-keyring) %d\n", ret);
+
+ ret = gnutls_openpgp_keyring_check_id(keyring, id_in_keyring, 0);
+ if (ret != 0)
+ fail("keyring-check-id first key %d\n", ret);
+
+ ret = gnutls_openpgp_keyring_check_id(keyring, id2_in_keyring, 0);
+ if (ret != 0)
+ fail("keyring-check-id second key %d\n", ret);
+
+ if (debug)
+ success("done\n");
+
+ gnutls_openpgp_keyring_deinit(keyring);
+ gnutls_global_deinit();
}
/* Local Variables:
diff --git a/tests/openpgp_test.c b/tests/openpgp_test.c
index 4648477b53..861efaa610 100644
--- a/tests/openpgp_test.c
+++ b/tests/openpgp_test.c
@@ -15,150 +15,145 @@
#include <time.h>
#include <assert.h>
-static const char *
-get_pkalgo (int algo)
+static const char *get_pkalgo(int algo)
{
- switch (algo)
- {
- case GNUTLS_PK_DSA:
- return "DSA";
- case GNUTLS_PK_RSA:
- return "RSA";
- }
- return NULL;
+ switch (algo) {
+ case GNUTLS_PK_DSA:
+ return "DSA";
+ case GNUTLS_PK_RSA:
+ return "RSA";
+ }
+ return NULL;
}
-static const char *
-get_pktime (long timestamp)
+static const char *get_pktime(long timestamp)
{
- static char buf[128];
- struct tm *tb;
+ static char buf[128];
+ struct tm *tb;
- tb = localtime (&timestamp);
- sprintf (buf, "%04d-%02d-%02d", tb->tm_year + 1900, tb->tm_mon + 1,
- tb->tm_mday);
- return buf;
+ tb = localtime(&timestamp);
+ sprintf(buf, "%04d-%02d-%02d", tb->tm_year + 1900, tb->tm_mon + 1,
+ tb->tm_mday);
+ return buf;
}
int
-get_pubkey (gnutls_datum_t * pk, const gnutls_datum_t * kr, unsigned long kid)
+get_pubkey(gnutls_datum_t * pk, const gnutls_datum_t * kr,
+ unsigned long kid)
{
- unsigned char buf[4];
+ unsigned char buf[4];
- buf[0] = kid >> 24;
- buf[1] = kid >> 16;
- buf[2] = kid >> 8;
- buf[3] = kid;
- return gnutls_openpgp_get_key (pk, kr, KEY_ATTR_SHORT_KEYID, buf);
+ buf[0] = kid >> 24;
+ buf[1] = kid >> 16;
+ buf[2] = kid >> 8;
+ buf[3] = kid;
+ return gnutls_openpgp_get_key(pk, kr, KEY_ATTR_SHORT_KEYID, buf);
}
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- gnutls_certificate_credentials ctx;
- gnutls_datum_t dat, xml, pk;
- gnutls_openpgp_name uid;
- gnutls_privkey *pkey;
- gnutls_cert *cert;
- unsigned char fpr[20], keyid[8];
- char *s, *t;
- size_t fprlen = 0;
- int rc, nbits = 0, i;
-
- rc = gnutls_certificate_allocate_credentials (&ctx);
- assert (rc == 0);
-
- s = "../doc/credentials/openpgp/cli_ring.gpg";
- rc = gnutls_certificate_set_openpgp_keyring_file (ctx, s);
- assert (rc == 0);
-
- s = "../doc/credentials/openpgp/pub.asc";
- t = "../doc/credentials/openpgp/sec.asc";
- rc = gnutls_certificate_set_openpgp_key_file (ctx, s, t);
- assert (rc == 0);
-
- dat = ctx->cert_list[0]->raw;
- assert (ctx->cert_list[0]);
- printf ("Key v%d\n", gnutls_openpgp_extract_key_version (&dat));
- rc = gnutls_openpgp_extract_key_name (&dat, 1, &uid);
- assert (rc == 0);
- printf ("userID %s\n", uid.name);
-
- rc = gnutls_openpgp_extract_key_pk_algorithm (&dat, &nbits);
- printf ("pk-algorithm %s %d bits\n", get_pkalgo (rc), nbits);
-
- rc = gnutls_openpgp_extract_key_creation_time (&dat);
- printf ("creation time %s\n", get_pktime (rc));
-
- rc = gnutls_openpgp_extract_key_expiration_time (&dat);
- printf ("expiration time %lu\n", rc);
-
- printf ("key fingerprint: ");
- rc = gnutls_openpgp_fingerprint (&dat, fpr, &fprlen);
- assert (rc == 0);
- for (i = 0; i < fprlen / 2; i++)
- printf ("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]);
- printf ("\n");
-
- printf ("key id: ");
- rc = gnutls_openpgp_extract_key_id (&dat, keyid);
- assert (rc == 0);
- for (i = 0; i < 8; i++)
- printf ("%02X", keyid[i]);
- printf ("\n\n");
-
- printf ("Check MPIs\n");
- cert = ctx->cert_list[0];
- printf ("number of certs %d\n", *ctx->cert_list_length);
- assert (*ctx->cert_list_length == 1);
- printf ("number of items %d\n", cert->params_size);
- for (i = 0; i < cert->params_size; i++)
- {
- nbits = gcry_mpi_get_nbits (cert->params[i]);
- printf ("mpi %d %d bits\n", i, nbits);
- }
-
- printf ("\nCheck key\n");
- rc = gnutls_openpgp_verify_key (NULL, &ctx->keyring, &dat, 1);
- printf ("certifiacte status...%d\n", rc);
-
- printf ("\nSeckey\n");
- pkey = ctx->pkey;
- assert (pkey);
- assert (pkey->params_size);
- nbits = gcry_mpi_get_nbits (pkey->params[0]);
- rc = pkey->pk_algorithm;
- printf ("pk-algorithm %s %d bits\n", get_pkalgo (rc), nbits);
- printf ("number of items %d\n", pkey->params_size);
- for (i = 0; i < pkey->params_size; i++)
- {
- nbits = gcry_mpi_get_nbits (pkey->params[i]);
- printf ("mpi %d %d bits\n", i, nbits);
- }
-
- printf ("\nGet public key\n");
- rc = get_pubkey (&pk, &ctx->keyring, 0xA7D93C3F);
- assert (rc == 0);
-
- printf ("key fingerprint: ");
- gnutls_openpgp_fingerprint (&pk, fpr, &fprlen);
- for (i = 0; i < fprlen / 2; i++)
- printf ("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]);
- printf ("\n");
- _gnutls_free_datum (&pk);
+ gnutls_certificate_credentials ctx;
+ gnutls_datum_t dat, xml, pk;
+ gnutls_openpgp_name uid;
+ gnutls_privkey *pkey;
+ gnutls_cert *cert;
+ unsigned char fpr[20], keyid[8];
+ char *s, *t;
+ size_t fprlen = 0;
+ int rc, nbits = 0, i;
+
+ rc = gnutls_certificate_allocate_credentials(&ctx);
+ assert(rc == 0);
+
+ s = "../doc/credentials/openpgp/cli_ring.gpg";
+ rc = gnutls_certificate_set_openpgp_keyring_file(ctx, s);
+ assert(rc == 0);
+
+ s = "../doc/credentials/openpgp/pub.asc";
+ t = "../doc/credentials/openpgp/sec.asc";
+ rc = gnutls_certificate_set_openpgp_key_file(ctx, s, t);
+ assert(rc == 0);
+
+ dat = ctx->cert_list[0]->raw;
+ assert(ctx->cert_list[0]);
+ printf("Key v%d\n", gnutls_openpgp_extract_key_version(&dat));
+ rc = gnutls_openpgp_extract_key_name(&dat, 1, &uid);
+ assert(rc == 0);
+ printf("userID %s\n", uid.name);
+
+ rc = gnutls_openpgp_extract_key_pk_algorithm(&dat, &nbits);
+ printf("pk-algorithm %s %d bits\n", get_pkalgo(rc), nbits);
+
+ rc = gnutls_openpgp_extract_key_creation_time(&dat);
+ printf("creation time %s\n", get_pktime(rc));
+
+ rc = gnutls_openpgp_extract_key_expiration_time(&dat);
+ printf("expiration time %lu\n", rc);
+
+ printf("key fingerprint: ");
+ rc = gnutls_openpgp_fingerprint(&dat, fpr, &fprlen);
+ assert(rc == 0);
+ for (i = 0; i < fprlen / 2; i++)
+ printf("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]);
+ printf("\n");
+
+ printf("key id: ");
+ rc = gnutls_openpgp_extract_key_id(&dat, keyid);
+ assert(rc == 0);
+ for (i = 0; i < 8; i++)
+ printf("%02X", keyid[i]);
+ printf("\n\n");
+
+ printf("Check MPIs\n");
+ cert = ctx->cert_list[0];
+ printf("number of certs %d\n", *ctx->cert_list_length);
+ assert(*ctx->cert_list_length == 1);
+ printf("number of items %d\n", cert->params_size);
+ for (i = 0; i < cert->params_size; i++) {
+ nbits = gcry_mpi_get_nbits(cert->params[i]);
+ printf("mpi %d %d bits\n", i, nbits);
+ }
+
+ printf("\nCheck key\n");
+ rc = gnutls_openpgp_verify_key(NULL, &ctx->keyring, &dat, 1);
+ printf("certifiacte status...%d\n", rc);
+
+ printf("\nSeckey\n");
+ pkey = ctx->pkey;
+ assert(pkey);
+ assert(pkey->params_size);
+ nbits = gcry_mpi_get_nbits(pkey->params[0]);
+ rc = pkey->pk_algorithm;
+ printf("pk-algorithm %s %d bits\n", get_pkalgo(rc), nbits);
+ printf("number of items %d\n", pkey->params_size);
+ for (i = 0; i < pkey->params_size; i++) {
+ nbits = gcry_mpi_get_nbits(pkey->params[i]);
+ printf("mpi %d %d bits\n", i, nbits);
+ }
+
+ printf("\nGet public key\n");
+ rc = get_pubkey(&pk, &ctx->keyring, 0xA7D93C3F);
+ assert(rc == 0);
+
+ printf("key fingerprint: ");
+ gnutls_openpgp_fingerprint(&pk, fpr, &fprlen);
+ for (i = 0; i < fprlen / 2; i++)
+ printf("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]);
+ printf("\n");
+ _gnutls_free_datum(&pk);
#if 0
- rc = gnutls_openpgp_key_to_xml (&dat, &xml, 1);
- printf ("rc=%d\n", rc);
- assert (rc == 0);
- xml.data[xml.size] = '\0';
- printf ("%s\n", xml.data);
- _gnutls_free_datum (&xml);
+ rc = gnutls_openpgp_key_to_xml(&dat, &xml, 1);
+ printf("rc=%d\n", rc);
+ assert(rc == 0);
+ xml.data[xml.size] = '\0';
+ printf("%s\n", xml.data);
+ _gnutls_free_datum(&xml);
#endif
- _gnutls_free_datum (&dat);
- gnutls_certificate_free_credentials (ctx);
+ _gnutls_free_datum(&dat);
+ gnutls_certificate_free_credentials(ctx);
- return 0;
+ return 0;
}
diff --git a/tests/openpgpself.c b/tests/openpgpself.c
index 950c67f64e..4fd2522965 100644
--- a/tests/openpgpself.c
+++ b/tests/openpgpself.c
@@ -33,10 +33,9 @@
#if defined(_WIN32)
/* socketpair isn't supported on Win32. */
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -58,10 +57,10 @@ main (int argc, char** argv)
pid_t child;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
+ fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level,
+ str);
}
/* A very basic TLS client, with anonymous authentication.
@@ -72,184 +71,173 @@ tls_log_func (int level, const char *str)
#define MSG "Hello TLS"
static unsigned char cert_txt[] =
-"-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
-"Version: GnuPG v1.4.10 (GNU/Linux)\n"
-"Comment: Test key for GnuTLS\n"
-"\n"
-"mI0ETYD2OQEEAMHmDBtJii82NbWuYcvEWCYnwa7GTcz2PYikYCcq/t5nkyb5Bfmx\n"
-"mh2hpto7Lr5d1L/shvab1gXCcrWEAREgNNk9LiowtLuTHBdeOFlJ1u1P1rvdFVKq\n"
-"2a6ft77Q5VltUDKPgTqz4NWH2KUlLfTvwJDnq2DxYsbwVpBDURuUocXhABEBAAG0\n"
-"CVRlc3QgdXNlcoi4BBMBAgAiBQJNgPY5AhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe\n"
-"AQIXgAAKCRAMTrFUBnAKMOVDA/9GEw7AokwJSGvHREriXcvMMKp6c6SYqa0TVsTg\n"
-"Gh3ENu/KTfGJIM5p+zR6xy+5u5DfP5qLrRdCnoczncR5w9fn3RsP8ju/Ga5z23Q+\n"
-"6XxRKRkXjE/E0ZFulbuaBom/nhrOmmfqKe7Mor9Y4QwzL2wL3sf6jWLglwdFYS/X\n"
-"W3wqjLkBogRNgPY5EQQApafdUhCAHj8LLXYCqOXRSPZbKzvB55NwWrdvnod0seUW\n"
-"aiTSWBlKnSvIomdcII/E3bjdngK4fTJ+Xr5pEJuzBnW3w787r6jBJSq2Lp0T9SP4\n"
-"CBzd0gXcOQkILvX1VzxAsYVULJA0mhAR3IHFcywjX6ENKuvs7ApniBNoXqi6d3cA\n"
-"oIAzYKrjyZ+guM4IUlRRrB8abx5vBACJPV+d15GYgzt1d8zLvOl/mzs85Twj2SB1\n"
-"ZqzK6H/6QxQkEZpP/UVFpXaUGUly3nGEqg1yw4cgqW4SSxgLFz6B23Si+cTsssE6\n"
-"CYziN1UI6NjxkoG/npMm0wRp7Z+KylEolAdbFBAAprORkt58CrGgpYe8O/35+PWc\n"
-"J9rjhwxxkQP/VCpbZLugkL4XHWGWFGG35S6k9F3xPPTPoX9Zoud+0bOeoOK5RQHo\n"
-"e99sVNN4hxxPTM/rJXfTTZUoB6o84yulTSxb6C9ueHotDV0eB9QX1ov/ltmwy3XS\n"
-"fXEyWtI0CDBuZgEww26Up0pzg4XTBYMkmXrxx3J9ihcCIYyAHoE13EWI5wQYAQIA\n"
-"CQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkRAgAGBQJNgPY5AAoJEPMP1CPBQ+e6\n"
-"3fQAnR7HWLnQTbxCIhlBTZiuJv2HC6cbAJwJ6VsSU6ADCkMuGT3LLNo+UnckK+4i\n"
-"BACcivWsW40ddtEQ0wno1uP65TmKq3aJrdODXTAnqkmNQKL7X7Fz+nmEWiS+LBH8\n"
-"lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZApto5cjem/EnO7op2QwkCCa6oUp0l\n"
-"YA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfszYpFL4VP5wQ==\n"
-"=ydIq\n"
-"-----END PGP PUBLIC KEY BLOCK-----\n";
-
-const gnutls_datum_t cert = { cert_txt, sizeof (cert_txt) };
+ "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+ "Version: GnuPG v1.4.10 (GNU/Linux)\n"
+ "Comment: Test key for GnuTLS\n"
+ "\n"
+ "mI0ETYD2OQEEAMHmDBtJii82NbWuYcvEWCYnwa7GTcz2PYikYCcq/t5nkyb5Bfmx\n"
+ "mh2hpto7Lr5d1L/shvab1gXCcrWEAREgNNk9LiowtLuTHBdeOFlJ1u1P1rvdFVKq\n"
+ "2a6ft77Q5VltUDKPgTqz4NWH2KUlLfTvwJDnq2DxYsbwVpBDURuUocXhABEBAAG0\n"
+ "CVRlc3QgdXNlcoi4BBMBAgAiBQJNgPY5AhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe\n"
+ "AQIXgAAKCRAMTrFUBnAKMOVDA/9GEw7AokwJSGvHREriXcvMMKp6c6SYqa0TVsTg\n"
+ "Gh3ENu/KTfGJIM5p+zR6xy+5u5DfP5qLrRdCnoczncR5w9fn3RsP8ju/Ga5z23Q+\n"
+ "6XxRKRkXjE/E0ZFulbuaBom/nhrOmmfqKe7Mor9Y4QwzL2wL3sf6jWLglwdFYS/X\n"
+ "W3wqjLkBogRNgPY5EQQApafdUhCAHj8LLXYCqOXRSPZbKzvB55NwWrdvnod0seUW\n"
+ "aiTSWBlKnSvIomdcII/E3bjdngK4fTJ+Xr5pEJuzBnW3w787r6jBJSq2Lp0T9SP4\n"
+ "CBzd0gXcOQkILvX1VzxAsYVULJA0mhAR3IHFcywjX6ENKuvs7ApniBNoXqi6d3cA\n"
+ "oIAzYKrjyZ+guM4IUlRRrB8abx5vBACJPV+d15GYgzt1d8zLvOl/mzs85Twj2SB1\n"
+ "ZqzK6H/6QxQkEZpP/UVFpXaUGUly3nGEqg1yw4cgqW4SSxgLFz6B23Si+cTsssE6\n"
+ "CYziN1UI6NjxkoG/npMm0wRp7Z+KylEolAdbFBAAprORkt58CrGgpYe8O/35+PWc\n"
+ "J9rjhwxxkQP/VCpbZLugkL4XHWGWFGG35S6k9F3xPPTPoX9Zoud+0bOeoOK5RQHo\n"
+ "e99sVNN4hxxPTM/rJXfTTZUoB6o84yulTSxb6C9ueHotDV0eB9QX1ov/ltmwy3XS\n"
+ "fXEyWtI0CDBuZgEww26Up0pzg4XTBYMkmXrxx3J9ihcCIYyAHoE13EWI5wQYAQIA\n"
+ "CQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkRAgAGBQJNgPY5AAoJEPMP1CPBQ+e6\n"
+ "3fQAnR7HWLnQTbxCIhlBTZiuJv2HC6cbAJwJ6VsSU6ADCkMuGT3LLNo+UnckK+4i\n"
+ "BACcivWsW40ddtEQ0wno1uP65TmKq3aJrdODXTAnqkmNQKL7X7Fz+nmEWiS+LBH8\n"
+ "lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZApto5cjem/EnO7op2QwkCCa6oUp0l\n"
+ "YA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfszYpFL4VP5wQ==\n"
+ "=ydIq\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+
+const gnutls_datum_t cert = { cert_txt, sizeof(cert_txt) };
static unsigned char key_txt[] =
-"-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
-"Version: GnuPG v1.4.10 (GNU/Linux)\n"
-"Comment: Test key for GnuTLS\n"
-"\n"
-"lQHYBE2A9jkBBADB5gwbSYovNjW1rmHLxFgmJ8Guxk3M9j2IpGAnKv7eZ5Mm+QX5\n"
-"sZodoabaOy6+XdS/7Ib2m9YFwnK1hAERIDTZPS4qMLS7kxwXXjhZSdbtT9a73RVS\n"
-"qtmun7e+0OVZbVAyj4E6s+DVh9ilJS3078CQ56tg8WLG8FaQQ1EblKHF4QARAQAB\n"
-"AAP9HJePsXZmqg+UW/Ya9bE+TmIObXdQgajN6hhTFXOBocokKNsPxoIp97Sepg+U\n"
-"FP5BIQv/2t2f8bl6sMmGXsAhCqVzRxGuA+9USx8OfTHSdgIKT5T2VFSGJaU4df3Q\n"
-"rstUY3dcvl6VKpDDZic1T7u2ANzaWM2u+pwooKC4cc/k9AECAMNDvrKF3FC7R9sd\n"
-"TagVrrfde0RZuwhbGW9ghslkY893EelXQL/lbBI20crPdrsdDpMe370KO2bQLqwO\n"
-"HGAxIYUCAP41iC7KReYvysLZ34tM55ZFE7BPsMcXUeu6hkYOMDZYvE+x4KV6Umo+\n"
-"Civd4qD9dESR3WOcI9MwALUdNTxQU60B/21MrWjajY1m1vv7l2slJon5eSrH6BkH\n"
-"Aj173uZca8HbgqSF1xOQW8ZGa6KInN3wHe+vPOXAgzlku/4XHgEYVVGeq7QJVGVz\n"
-"dCB1c2VyiLgEEwECACIFAk2A9jkCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA\n"
-"AAoJEAxOsVQGcAow5UMD/0YTDsCiTAlIa8dESuJdy8wwqnpzpJiprRNWxOAaHcQ2\n"
-"78pN8Ykgzmn7NHrHL7m7kN8/moutF0KehzOdxHnD1+fdGw/yO78ZrnPbdD7pfFEp\n"
-"GReMT8TRkW6Vu5oGib+eGs6aZ+op7syiv1jhDDMvbAvex/qNYuCXB0VhL9dbfCqM\n"
-"nQG7BE2A9jkRBAClp91SEIAePwstdgKo5dFI9lsrO8Hnk3Bat2+eh3Sx5RZqJNJY\n"
-"GUqdK8iiZ1wgj8TduN2eArh9Mn5evmkQm7MGdbfDvzuvqMElKrYunRP1I/gIHN3S\n"
-"Bdw5CQgu9fVXPECxhVQskDSaEBHcgcVzLCNfoQ0q6+zsCmeIE2heqLp3dwCggDNg\n"
-"quPJn6C4zghSVFGsHxpvHm8EAIk9X53XkZiDO3V3zMu86X+bOzzlPCPZIHVmrMro\n"
-"f/pDFCQRmk/9RUWldpQZSXLecYSqDXLDhyCpbhJLGAsXPoHbdKL5xOyywToJjOI3\n"
-"VQjo2PGSgb+ekybTBGntn4rKUSiUB1sUEACms5GS3nwKsaClh7w7/fn49Zwn2uOH\n"
-"DHGRA/9UKltku6CQvhcdYZYUYbflLqT0XfE89M+hf1mi537Rs56g4rlFAeh732xU\n"
-"03iHHE9Mz+sld9NNlSgHqjzjK6VNLFvoL254ei0NXR4H1BfWi/+W2bDLddJ9cTJa\n"
-"0jQIMG5mATDDbpSnSnODhdMFgySZevHHcn2KFwIhjIAegTXcRQAAn2PK9kOqhjOJ\n"
-"KU5iaagnF176FwhdCO2I5wQYAQIACQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkR\n"
-"AgAGBQJNgPY5AAoJEPMP1CPBQ+e63fQAniK5kU+dwIbkD+OHJHkC73V6v4D8AJ0Z\n"
-"+GBYj4nhKEX21QXfj55F3Zpg1e4iBACcivWsW40ddtEQ0wno1uP65TmKq3aJrdOD\n"
-"XTAnqkmNQKL7X7Fz+nmEWiS+LBH8lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZA\n"
-"pto5cjem/EnO7op2QwkCCa6oUp0lYA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfsz\n"
-"YpFL4VP5wQ==\n"
-"=zzoN\n"
-"-----END PGP PRIVATE KEY BLOCK-----\n";
-
-const gnutls_datum_t key = { key_txt, sizeof (key_txt) };
-
-
-static void
-client (int sds[])
+ "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+ "Version: GnuPG v1.4.10 (GNU/Linux)\n"
+ "Comment: Test key for GnuTLS\n"
+ "\n"
+ "lQHYBE2A9jkBBADB5gwbSYovNjW1rmHLxFgmJ8Guxk3M9j2IpGAnKv7eZ5Mm+QX5\n"
+ "sZodoabaOy6+XdS/7Ib2m9YFwnK1hAERIDTZPS4qMLS7kxwXXjhZSdbtT9a73RVS\n"
+ "qtmun7e+0OVZbVAyj4E6s+DVh9ilJS3078CQ56tg8WLG8FaQQ1EblKHF4QARAQAB\n"
+ "AAP9HJePsXZmqg+UW/Ya9bE+TmIObXdQgajN6hhTFXOBocokKNsPxoIp97Sepg+U\n"
+ "FP5BIQv/2t2f8bl6sMmGXsAhCqVzRxGuA+9USx8OfTHSdgIKT5T2VFSGJaU4df3Q\n"
+ "rstUY3dcvl6VKpDDZic1T7u2ANzaWM2u+pwooKC4cc/k9AECAMNDvrKF3FC7R9sd\n"
+ "TagVrrfde0RZuwhbGW9ghslkY893EelXQL/lbBI20crPdrsdDpMe370KO2bQLqwO\n"
+ "HGAxIYUCAP41iC7KReYvysLZ34tM55ZFE7BPsMcXUeu6hkYOMDZYvE+x4KV6Umo+\n"
+ "Civd4qD9dESR3WOcI9MwALUdNTxQU60B/21MrWjajY1m1vv7l2slJon5eSrH6BkH\n"
+ "Aj173uZca8HbgqSF1xOQW8ZGa6KInN3wHe+vPOXAgzlku/4XHgEYVVGeq7QJVGVz\n"
+ "dCB1c2VyiLgEEwECACIFAk2A9jkCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA\n"
+ "AAoJEAxOsVQGcAow5UMD/0YTDsCiTAlIa8dESuJdy8wwqnpzpJiprRNWxOAaHcQ2\n"
+ "78pN8Ykgzmn7NHrHL7m7kN8/moutF0KehzOdxHnD1+fdGw/yO78ZrnPbdD7pfFEp\n"
+ "GReMT8TRkW6Vu5oGib+eGs6aZ+op7syiv1jhDDMvbAvex/qNYuCXB0VhL9dbfCqM\n"
+ "nQG7BE2A9jkRBAClp91SEIAePwstdgKo5dFI9lsrO8Hnk3Bat2+eh3Sx5RZqJNJY\n"
+ "GUqdK8iiZ1wgj8TduN2eArh9Mn5evmkQm7MGdbfDvzuvqMElKrYunRP1I/gIHN3S\n"
+ "Bdw5CQgu9fVXPECxhVQskDSaEBHcgcVzLCNfoQ0q6+zsCmeIE2heqLp3dwCggDNg\n"
+ "quPJn6C4zghSVFGsHxpvHm8EAIk9X53XkZiDO3V3zMu86X+bOzzlPCPZIHVmrMro\n"
+ "f/pDFCQRmk/9RUWldpQZSXLecYSqDXLDhyCpbhJLGAsXPoHbdKL5xOyywToJjOI3\n"
+ "VQjo2PGSgb+ekybTBGntn4rKUSiUB1sUEACms5GS3nwKsaClh7w7/fn49Zwn2uOH\n"
+ "DHGRA/9UKltku6CQvhcdYZYUYbflLqT0XfE89M+hf1mi537Rs56g4rlFAeh732xU\n"
+ "03iHHE9Mz+sld9NNlSgHqjzjK6VNLFvoL254ei0NXR4H1BfWi/+W2bDLddJ9cTJa\n"
+ "0jQIMG5mATDDbpSnSnODhdMFgySZevHHcn2KFwIhjIAegTXcRQAAn2PK9kOqhjOJ\n"
+ "KU5iaagnF176FwhdCO2I5wQYAQIACQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkR\n"
+ "AgAGBQJNgPY5AAoJEPMP1CPBQ+e63fQAniK5kU+dwIbkD+OHJHkC73V6v4D8AJ0Z\n"
+ "+GBYj4nhKEX21QXfj55F3Zpg1e4iBACcivWsW40ddtEQ0wno1uP65TmKq3aJrdOD\n"
+ "XTAnqkmNQKL7X7Fz+nmEWiS+LBH8lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZA\n"
+ "pto5cjem/EnO7op2QwkCCa6oUp0lYA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfsz\n"
+ "YpFL4VP5wQ==\n" "=zzoN\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
+
+const gnutls_datum_t key = { key_txt, sizeof(key_txt) };
+
+
+static void client(int sds[])
{
- int ret, ii, j;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
-
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (9);
-
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* sets the trusted cas file
- */
- if (debug)
- success ("Setting key files...\n");
-
- ret = gnutls_certificate_set_openpgp_key_mem (xcred, &cert, &key,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (ret < 0)
- {
- fail ("Could not set key files...\n");
- return;
- }
-
- for (j = 0; j < SESSIONS; j++)
- {
- int sd = sds[j];
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NORMAL:+CTYPE-OPENPGP", NULL);
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake %d failed\n", j);
- gnutls_perror (ret);
- goto end;
- }
- else if (debug)
- {
- success ("client: Handshake %d was completed\n", j);
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- if (debug)
- print_info (session);
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
- close (sd);
-
- gnutls_deinit (session);
-
- }
-
-end:
-
- gnutls_certificate_free_credentials (xcred);
-
- gnutls_global_deinit ();
+ int ret, ii, j;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(9);
+
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* sets the trusted cas file
+ */
+ if (debug)
+ success("Setting key files...\n");
+
+ ret = gnutls_certificate_set_openpgp_key_mem(xcred, &cert, &key,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (ret < 0) {
+ fail("Could not set key files...\n");
+ return;
+ }
+
+ for (j = 0; j < SESSIONS; j++) {
+ int sd = sds[j];
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NORMAL:+CTYPE-OPENPGP", NULL);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ xcred);
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake %d failed\n", j);
+ gnutls_perror(ret);
+ goto end;
+ } else if (debug) {
+ success("client: Handshake %d was completed\n", j);
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ if (debug)
+ print_info(session);
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ close(sd);
+
+ gnutls_deinit(session);
+
+ }
+
+ end:
+
+ gnutls_certificate_free_credentials(xcred);
+
+ gnutls_global_deinit();
}
/* This is a sample TLS 1.0 echo server, using X.509 authentication.
@@ -261,42 +249,42 @@ end:
/* These are global */
gnutls_certificate_credentials_t pgp_cred;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NORMAL:+CTYPE-OPENPGP", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP", NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, pgp_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, pgp_cred);
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
- gnutls_dh_set_prime_bits (session, DH_BITS);
+ gnutls_dh_set_prime_bits(session, DH_BITS);
- return session;
+ return session;
}
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ return gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
}
int err, ret;
@@ -306,335 +294,320 @@ char buffer[MAX_BUF + 1];
int optval = 1;
static unsigned char server_crt_txt[] =
- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
- "Version: GnuPG v1.4.6 (GNU/Linux)\n"
- "\n"
- "mNEER2PogwEGINdIR4u5PR4SwADWwj/ztgtoi7XVbmlfbQTHpBYFxTSC88pISSNy\n"
- "V/rgnlqunYP77F7aHL4KUReN3v9sKw01xSGEfox/JmlqUUg6CVvTjdeLfkuVIBnH\n"
- "j+2KMlaxezp7IxtPaTXpXcSf8iOuVq7UX7p6tKbppKXO5GgmfA88VUVvGBs1/PQp\n"
- "WKQdGrj+6I3RRmDN/hna1jGU/N23230Hbx+bu7g9cviiSh10ri7rdDhVJ67tRkRG\n"
- "Usy3XO6dWC7EmzZlEO8AEQEAAbQQdGVzdDMuZ251dGxzLm9yZ4kBAAQTAQIAJgUC\n"
- "R2PogwIbAwUJCWYBgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEKAh4/gImZBR\n"
- "96QGH3E3zynETuQS3++hGMvMXq2mDJeT2e8964y/ifIOBpr2K2isuLYnrtGKyxi+\n"
- "ZptyHv6ymR3bDvio50cjnoT/WK1onosOJvtijGBS+U/ooq3im7ExpeQYXc/zpYsX\n"
- "OmB5m6BvdomUp2PMqdxsmOPoaRkSYx5R2Rlo/z3csodl6sp3k465Y/jg7L4gkxDz\n"
- "XJM+CS1xMhcOF0gBhppqLnG67x0ow847Pydstzkw0sOqedkLPuScaHNnlAWQ7QH6\n"
- "mbbpqHJwekS4jQRHiKV8AQQA0iZ81WXypLI4ZE2+hYfBCnfMVfQF/vPgvASxhwri\n"
- "GDa9Zc2f/VfakfNiwZgHH6iCeppHBiP2jljnbuOsL6f1R+0FsnyTVwHbuEU7IU2y\n"
- "+J0/s0z3wcx9sx8T7brP5z5F2hdagBsD9YFGCifHDAEew4mmAisY0i2QHVIuXJFj\n"
- "4RMAEQEAAYkBhwQYAQIADwUCR4ilfAIbAgUJEOrPgACoCRCgIeP4CJmQUZ0gBBkB\n"
- "AgAGBQJHiKV8AAoJEIN7b7QuD+F2AEcEAKAjhO9kSOE8UuwEOKlwsWL9LUUSkHJj\n"
- "c/ca0asLAerzrHsldRAcwCbWkVxBBHySw2CLFjzpgdXhwRtsytMgHaapfAPbinAW\n"
- "jCPIEJx2gDZeZnTgi4DVbZn5E3UzHGyL69MEoXr5t+vpiemQFd/nGD+h/Q2A76od\n"
- "gvAryRvS1Soj8bcGHjUflayXGOSvaD8P2V5Vz0hS82QZcqWxD8qUBqbcB8atokmO\n"
- "IYxhKyRmO58T5Ma+iaxBTUIwee+pBYDgdH6E2dh9xLlwwzZKaCcIRCQcObkLsMVo\n"
- "fZJo+m0Xf8zI57NeQF+hXJhW7lIrWgQVr8IVp/lgo76acLHfL/t1n0Nhg4r2srz2\n"
- "fpP2w5laQ0qImYLnZhGFHU+rJUyFaHfhD8/svN2LuZkO570pjV/K68EaHnEfk5b8\n"
- "jWu/euohwcCwf20M1kTo3Bg=\n"
- "=Xjon\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
-const gnutls_datum_t server_crt = { server_crt_txt, sizeof (server_crt_txt) };
+ "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+ "Version: GnuPG v1.4.6 (GNU/Linux)\n"
+ "\n"
+ "mNEER2PogwEGINdIR4u5PR4SwADWwj/ztgtoi7XVbmlfbQTHpBYFxTSC88pISSNy\n"
+ "V/rgnlqunYP77F7aHL4KUReN3v9sKw01xSGEfox/JmlqUUg6CVvTjdeLfkuVIBnH\n"
+ "j+2KMlaxezp7IxtPaTXpXcSf8iOuVq7UX7p6tKbppKXO5GgmfA88VUVvGBs1/PQp\n"
+ "WKQdGrj+6I3RRmDN/hna1jGU/N23230Hbx+bu7g9cviiSh10ri7rdDhVJ67tRkRG\n"
+ "Usy3XO6dWC7EmzZlEO8AEQEAAbQQdGVzdDMuZ251dGxzLm9yZ4kBAAQTAQIAJgUC\n"
+ "R2PogwIbAwUJCWYBgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEKAh4/gImZBR\n"
+ "96QGH3E3zynETuQS3++hGMvMXq2mDJeT2e8964y/ifIOBpr2K2isuLYnrtGKyxi+\n"
+ "ZptyHv6ymR3bDvio50cjnoT/WK1onosOJvtijGBS+U/ooq3im7ExpeQYXc/zpYsX\n"
+ "OmB5m6BvdomUp2PMqdxsmOPoaRkSYx5R2Rlo/z3csodl6sp3k465Y/jg7L4gkxDz\n"
+ "XJM+CS1xMhcOF0gBhppqLnG67x0ow847Pydstzkw0sOqedkLPuScaHNnlAWQ7QH6\n"
+ "mbbpqHJwekS4jQRHiKV8AQQA0iZ81WXypLI4ZE2+hYfBCnfMVfQF/vPgvASxhwri\n"
+ "GDa9Zc2f/VfakfNiwZgHH6iCeppHBiP2jljnbuOsL6f1R+0FsnyTVwHbuEU7IU2y\n"
+ "+J0/s0z3wcx9sx8T7brP5z5F2hdagBsD9YFGCifHDAEew4mmAisY0i2QHVIuXJFj\n"
+ "4RMAEQEAAYkBhwQYAQIADwUCR4ilfAIbAgUJEOrPgACoCRCgIeP4CJmQUZ0gBBkB\n"
+ "AgAGBQJHiKV8AAoJEIN7b7QuD+F2AEcEAKAjhO9kSOE8UuwEOKlwsWL9LUUSkHJj\n"
+ "c/ca0asLAerzrHsldRAcwCbWkVxBBHySw2CLFjzpgdXhwRtsytMgHaapfAPbinAW\n"
+ "jCPIEJx2gDZeZnTgi4DVbZn5E3UzHGyL69MEoXr5t+vpiemQFd/nGD+h/Q2A76od\n"
+ "gvAryRvS1Soj8bcGHjUflayXGOSvaD8P2V5Vz0hS82QZcqWxD8qUBqbcB8atokmO\n"
+ "IYxhKyRmO58T5Ma+iaxBTUIwee+pBYDgdH6E2dh9xLlwwzZKaCcIRCQcObkLsMVo\n"
+ "fZJo+m0Xf8zI57NeQF+hXJhW7lIrWgQVr8IVp/lgo76acLHfL/t1n0Nhg4r2srz2\n"
+ "fpP2w5laQ0qImYLnZhGFHU+rJUyFaHfhD8/svN2LuZkO570pjV/K68EaHnEfk5b8\n"
+ "jWu/euohwcCwf20M1kTo3Bg=\n"
+ "=Xjon\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+const gnutls_datum_t server_crt =
+ { server_crt_txt, sizeof(server_crt_txt) };
static unsigned char server_key_txt[] =
- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
- "Version: GnuPG v1.4.6 (GNU/Linux)\n"
- "\n"
- "lQLGBEdj6IMBBiDXSEeLuT0eEsAA1sI/87YLaIu11W5pX20Ex6QWBcU0gvPKSEkj\n"
- "clf64J5arp2D++xe2hy+ClEXjd7/bCsNNcUhhH6MfyZpalFIOglb043Xi35LlSAZ\n"
- "x4/tijJWsXs6eyMbT2k16V3En/Ijrlau1F+6erSm6aSlzuRoJnwPPFVFbxgbNfz0\n"
- "KVikHRq4/uiN0UZgzf4Z2tYxlPzdt9t9B28fm7u4PXL4okoddK4u63Q4VSeu7UZE\n"
- "RlLMt1zunVguxJs2ZRDvABEBAAEABhwMx6crpb75ko5gXl9gsYSMj9O/YyCvU7Fi\n"
- "l8FnZ0dKMz3qs7jXyFlttLjh1DzYkXN6PAN5yp3+wnbK/e5eVeNSdo2WpJOwrVWO\n"
- "7pcQovHoKklAjmU98olaRhpv6BBTK+0tGUFaRrmrrYuz2xnwf3+kIpt4ahYW2dr9\n"
- "B+/pvBSVC/sv2+3PEQSsXlWCYVgkQ7WBN4GQdyjjxhQpcWdf8Z6unx4zuS3s7GGM\n"
- "4WaDxmDNCFlTGdrKPQeogtS3LVF9OiRCOvIlAxDmDvnC3zAwO/IvDUHFED9x9hmK\n"
- "MeVwCg8rwDMptVYN2hm+bjNzjV4pimUVd+w7edjEky0Jd/6tTH01CBUWxs9Pfup2\n"
- "cQ9zkYcVz1bwcoqeyRzFCJgi6PiVT38QFEvyusoVkwMQ747D6p7y+R52MEcIvcLb\n"
- "lBXhRviz3rW+Sch4+ohUPvBU41saM5B6UcOmhdPfdvPriI4qXwFxusGWt98NN3aW\n"
- "Ns2/L9kMX/SWnN6Elfj5hrrExDZ2CE60uuvfj+O/uXfO8LUDENE4vQrC399KLbJw\n"
- "uCaqjqLysYA9EY/Nv8RFGkk1UM4ViW8v1/95D95F9WqochSYH8Phr3br0chDxofb\n"
- "rnm6dUPE8uiriNaKWdoiUNSuvumh9lVixmRI923+4imu3scq+rlJAZ20EHRlc3Qz\n"
- "LmdudXRscy5vcmeJAQAEEwECACYFAkdj6IMCGwMFCQlmAYAGCwkIBwMCBBUCCAME\n"
- "FgIDAQIeAQIXgAAKCRCgIeP4CJmQUfekBh9xN88pxE7kEt/voRjLzF6tpgyXk9nv\n"
- "PeuMv4nyDgaa9itorLi2J67RissYvmabch7+spkd2w74qOdHI56E/1itaJ6LDib7\n"
- "YoxgUvlP6KKt4puxMaXkGF3P86WLFzpgeZugb3aJlKdjzKncbJjj6GkZEmMeUdkZ\n"
- "aP893LKHZerKd5OOuWP44Oy+IJMQ81yTPgktcTIXDhdIAYaaai5xuu8dKMPOOz8n\n"
- "bLc5MNLDqnnZCz7knGhzZ5QFkO0B+pm26ahycHpEnQHXBEeIpXwBBADSJnzVZfKk\n"
- "sjhkTb6Fh8EKd8xV9AX+8+C8BLGHCuIYNr1lzZ/9V9qR82LBmAcfqIJ6mkcGI/aO\n"
- "WOdu46wvp/VH7QWyfJNXAdu4RTshTbL4nT+zTPfBzH2zHxPtus/nPkXaF1qAGwP1\n"
- "gUYKJ8cMAR7DiaYCKxjSLZAdUi5ckWPhEwARAQABAAP3QKGVoNi52HXEN3ttUCyB\n"
- "Q1CDurh0MLDQoHomY3MGfI4VByk2YKMb2el4IJqyHrUbBYjTpHY31W2CSIdWfoTU\n"
- "DIik49CQaUpR13dJXEiG4d+nyETFutEalTQI4hMjABD9l1XvZP7Ll3YWmqN8Cam5\n"
- "JY23YAy2Noqbc3AcEut4+QIA1zcv8EU1QVqOwjSybRdm6HKK/A2bMqnITeUR/ikm\n"
- "IuU4lhijm/d1qS6ZBehRvvYa9MY4V7BGEQLWSlyc5aYJ/wIA+fmRv0lHSs78QSUg\n"
- "uRbNv6Aa6CXEOXmG+TpIaf/RWrPmBpdG8AROBVo1wmwG8oQaIjeX3RjKXfL3HTDD\n"
- "CxNg7QIA06tApdo2j1gr3IrroUwQ7yvi56ELB1Lv+W3WLN8lzCfQ6Fs+7IJRrC2R\n"
- "0uzLMGOsSORGAFIbAuLIMpc6rHCeS50hiQGHBBgBAgAPBQJHiKV8AhsCBQkQ6s+A\n"
- "AKgJEKAh4/gImZBRnSAEGQECAAYFAkeIpXwACgkQg3tvtC4P4XYARwQAoCOE72RI\n"
- "4TxS7AQ4qXCxYv0tRRKQcmNz9xrRqwsB6vOseyV1EBzAJtaRXEEEfJLDYIsWPOmB\n"
- "1eHBG2zK0yAdpql8A9uKcBaMI8gQnHaANl5mdOCLgNVtmfkTdTMcbIvr0wShevm3\n"
- "6+mJ6ZAV3+cYP6H9DYDvqh2C8CvJG9LVKiPxtwYeNR+VrJcY5K9oPw/ZXlXPSFLz\n"
- "ZBlypbEPypQGptwHxq2iSY4hjGErJGY7nxPkxr6JrEFNQjB576kFgOB0foTZ2H3E\n"
- "uXDDNkpoJwhEJBw5uQuwxWh9kmj6bRd/zMjns15AX6FcmFbuUitaBBWvwhWn+WCj\n"
- "vppwsd8v+3WfQ2GDivayvPZ+k/bDmVpDSoiZgudmEYUdT6slTIVod+EPz+y83Yu5\n"
- "mQ7nvSmNX8rrwRoecR+TlvyNa7966iHBwLB/bQzWROjcGA==\n"
- "=mZnW\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
-const gnutls_datum_t server_key = { server_key_txt, sizeof (server_key_txt) };
+ "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+ "Version: GnuPG v1.4.6 (GNU/Linux)\n"
+ "\n"
+ "lQLGBEdj6IMBBiDXSEeLuT0eEsAA1sI/87YLaIu11W5pX20Ex6QWBcU0gvPKSEkj\n"
+ "clf64J5arp2D++xe2hy+ClEXjd7/bCsNNcUhhH6MfyZpalFIOglb043Xi35LlSAZ\n"
+ "x4/tijJWsXs6eyMbT2k16V3En/Ijrlau1F+6erSm6aSlzuRoJnwPPFVFbxgbNfz0\n"
+ "KVikHRq4/uiN0UZgzf4Z2tYxlPzdt9t9B28fm7u4PXL4okoddK4u63Q4VSeu7UZE\n"
+ "RlLMt1zunVguxJs2ZRDvABEBAAEABhwMx6crpb75ko5gXl9gsYSMj9O/YyCvU7Fi\n"
+ "l8FnZ0dKMz3qs7jXyFlttLjh1DzYkXN6PAN5yp3+wnbK/e5eVeNSdo2WpJOwrVWO\n"
+ "7pcQovHoKklAjmU98olaRhpv6BBTK+0tGUFaRrmrrYuz2xnwf3+kIpt4ahYW2dr9\n"
+ "B+/pvBSVC/sv2+3PEQSsXlWCYVgkQ7WBN4GQdyjjxhQpcWdf8Z6unx4zuS3s7GGM\n"
+ "4WaDxmDNCFlTGdrKPQeogtS3LVF9OiRCOvIlAxDmDvnC3zAwO/IvDUHFED9x9hmK\n"
+ "MeVwCg8rwDMptVYN2hm+bjNzjV4pimUVd+w7edjEky0Jd/6tTH01CBUWxs9Pfup2\n"
+ "cQ9zkYcVz1bwcoqeyRzFCJgi6PiVT38QFEvyusoVkwMQ747D6p7y+R52MEcIvcLb\n"
+ "lBXhRviz3rW+Sch4+ohUPvBU41saM5B6UcOmhdPfdvPriI4qXwFxusGWt98NN3aW\n"
+ "Ns2/L9kMX/SWnN6Elfj5hrrExDZ2CE60uuvfj+O/uXfO8LUDENE4vQrC399KLbJw\n"
+ "uCaqjqLysYA9EY/Nv8RFGkk1UM4ViW8v1/95D95F9WqochSYH8Phr3br0chDxofb\n"
+ "rnm6dUPE8uiriNaKWdoiUNSuvumh9lVixmRI923+4imu3scq+rlJAZ20EHRlc3Qz\n"
+ "LmdudXRscy5vcmeJAQAEEwECACYFAkdj6IMCGwMFCQlmAYAGCwkIBwMCBBUCCAME\n"
+ "FgIDAQIeAQIXgAAKCRCgIeP4CJmQUfekBh9xN88pxE7kEt/voRjLzF6tpgyXk9nv\n"
+ "PeuMv4nyDgaa9itorLi2J67RissYvmabch7+spkd2w74qOdHI56E/1itaJ6LDib7\n"
+ "YoxgUvlP6KKt4puxMaXkGF3P86WLFzpgeZugb3aJlKdjzKncbJjj6GkZEmMeUdkZ\n"
+ "aP893LKHZerKd5OOuWP44Oy+IJMQ81yTPgktcTIXDhdIAYaaai5xuu8dKMPOOz8n\n"
+ "bLc5MNLDqnnZCz7knGhzZ5QFkO0B+pm26ahycHpEnQHXBEeIpXwBBADSJnzVZfKk\n"
+ "sjhkTb6Fh8EKd8xV9AX+8+C8BLGHCuIYNr1lzZ/9V9qR82LBmAcfqIJ6mkcGI/aO\n"
+ "WOdu46wvp/VH7QWyfJNXAdu4RTshTbL4nT+zTPfBzH2zHxPtus/nPkXaF1qAGwP1\n"
+ "gUYKJ8cMAR7DiaYCKxjSLZAdUi5ckWPhEwARAQABAAP3QKGVoNi52HXEN3ttUCyB\n"
+ "Q1CDurh0MLDQoHomY3MGfI4VByk2YKMb2el4IJqyHrUbBYjTpHY31W2CSIdWfoTU\n"
+ "DIik49CQaUpR13dJXEiG4d+nyETFutEalTQI4hMjABD9l1XvZP7Ll3YWmqN8Cam5\n"
+ "JY23YAy2Noqbc3AcEut4+QIA1zcv8EU1QVqOwjSybRdm6HKK/A2bMqnITeUR/ikm\n"
+ "IuU4lhijm/d1qS6ZBehRvvYa9MY4V7BGEQLWSlyc5aYJ/wIA+fmRv0lHSs78QSUg\n"
+ "uRbNv6Aa6CXEOXmG+TpIaf/RWrPmBpdG8AROBVo1wmwG8oQaIjeX3RjKXfL3HTDD\n"
+ "CxNg7QIA06tApdo2j1gr3IrroUwQ7yvi56ELB1Lv+W3WLN8lzCfQ6Fs+7IJRrC2R\n"
+ "0uzLMGOsSORGAFIbAuLIMpc6rHCeS50hiQGHBBgBAgAPBQJHiKV8AhsCBQkQ6s+A\n"
+ "AKgJEKAh4/gImZBRnSAEGQECAAYFAkeIpXwACgkQg3tvtC4P4XYARwQAoCOE72RI\n"
+ "4TxS7AQ4qXCxYv0tRRKQcmNz9xrRqwsB6vOseyV1EBzAJtaRXEEEfJLDYIsWPOmB\n"
+ "1eHBG2zK0yAdpql8A9uKcBaMI8gQnHaANl5mdOCLgNVtmfkTdTMcbIvr0wShevm3\n"
+ "6+mJ6ZAV3+cYP6H9DYDvqh2C8CvJG9LVKiPxtwYeNR+VrJcY5K9oPw/ZXlXPSFLz\n"
+ "ZBlypbEPypQGptwHxq2iSY4hjGErJGY7nxPkxr6JrEFNQjB576kFgOB0foTZ2H3E\n"
+ "uXDDNkpoJwhEJBw5uQuwxWh9kmj6bRd/zMjns15AX6FcmFbuUitaBBWvwhWn+WCj\n"
+ "vppwsd8v+3WfQ2GDivayvPZ+k/bDmVpDSoiZgudmEYUdT6slTIVod+EPz+y83Yu5\n"
+ "mQ7nvSmNX8rrwRoecR+TlvyNa7966iHBwLB/bQzWROjcGA==\n"
+ "=mZnW\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
+const gnutls_datum_t server_key =
+ { server_key_txt, sizeof(server_key_txt) };
static unsigned char cert2048_txt[] =
-"-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
-"Version: GnuPG v1.4.10 (GNU/Linux)\n"
-"Comment: Test key for GnuTLS\n"
-"\n"
-"mQMuBE1/6bQRCAD8TQlwbkkX3bLJvemSA/BqT/z0OrJsuXKFQqK5Pp0BRTwC4iCg\n"
-"wnUFrr012up66YTzaA0aQpkf48gqxZ1XTGZtZ13+aAArChqKiffR7OS+BnROd+D3\n"
-"NkPF0tWDAqRFsybIej1GcdSyPw+neExSfoeYzNpUW9oX2iLh5QZC/xt++kE8tOr8\n"
-"BXiDW/+rudjf8Rc0ZI10vi12rb64eYd7szE49crS2YsjqarnncN+J7RX3jSifKrZ\n"
-"XqP/F5s/0a1Nfd4xQU2fsnbQwiIuKTQjU6BHD/2ILnhZImEUn4KqZvbEt6yIJiLy\n"
-"u+KerhTiuAhl+sx2DQf3EVxD8EpCwzFqXtF3AQD9Nf9OFJ2Cchwuz8Q5VDBoRFhP\n"
-"4p/hGWqAsmRSZlxdQQf/Q5R15CMDtCrZnuSeptfgdZUfB0gi0aYeKE2TWto5JEVP\n"
-"i24IXSF2l1qF9IM2i9Fv7FBwZuLQj6s+vOsq0TSATvaTGdCpvqKOCHKBZtfqD/rv\n"
-"XJ5o3oEOtDzXdxrW1f8yVbSeWRGT2iNDPNYCnz4d+njAK1q21Qs1TRC/MKPP2EqB\n"
-"fjy7VE0k4mFCOCLqfEnEh5hmBzegNo6+pq/i7VHuDG/w6oMUILsf+IM+JlRqeTtJ\n"
-"iDDj6yVxBdW/0jSn8Wb2CeJ+S9Jf8zLeOaxtNuD9MbRG4KjnGzmh256FpA3S8E6x\n"
-"ffx7LdqHGkIPEf9wFY5+7C70fbfLvIbYcFf6UdGofAf+I/NtpVMVm1ZbINIcky24\n"
-"T0Y8NtYY4UsGaq5Lv+YQZc8DzGvjTCUMVcfPTn0g2C2l/nv3H+Po5QOjXgCGmq2U\n"
-"NtoJ/GYr/lrN0j7GCLXWyJCWpAv0VqkzFX5HtiuC1/3R8ONpb0wtGcKaVPYm3jZM\n"
-"fZLKlqG+yZABldKgVOoTmvWEsGQhP+OKho8grmiaAqOVHSfd9qofMH/V53wH03JB\n"
-"E5BqdQR6mP2Jq/q8OLlg8VrlSWLi+0dFP1QrNN0u87UBQ9FtpYnRnF0k/3tFdTQL\n"
-"GfjE9BdBO3vwSPg8EEQKUDxgeL5RoQT1ANi/iXBxfYoULVNQysTPwXIg9YauTU0f\n"
-"V7QJbG9jYWxob3N0iHoEExEIACIFAk1/6bQCGyMGCwkIBwMCBhUIAgkKCwQWAgMB\n"
-"Ah4BAheAAAoJEHv/KcoLO9+4imwA/3z+QK0W9yffh/yFKRYYyfyLyF+q/ECKhXn8\n"
-"fb4TUc9CAP9fGN3pHujv2Upk9d3igY2w7jIuO78PA8dRfIKs5QEXFrkDLgRNf+m0\n"
-"EQgAqJc+Kyx+F5Ol4nTQlddVhw0sLUeM+bOWvxIiZUSjkwFQ4Qu32a1JelJ8ne12\n"
-"pBIwvXA9/oa/JyDh14iFoxO4u1aBJUheVo0yeRupjo92gU6bwbLTZHJlTqRo0vne\n"
-"dYpPCnVez5CNSJB9TMugZLygG4/WO3zcBjLgkR/wrebb3tKAmS/RMUuBpFxGjNnL\n"
-"MZOzCqB4LPFQECErOWpg6ddwLXwtP4VjaBE9RYP1uVP1Bhyc28LMQjQW1l5vzVcN\n"
-"0DQmyBA6WX2QBeiVrALrxGq1CdcACIyYw6zzch6J2pB5IumH+IOHQMc4r67dZjIS\n"
-"ISS8T9Xit251J0ssilw4m3rZzwEApK4jhYn2R1KS2ihLlb+7h01YVcUA1sG6Kj4s\n"
-"Oxk3zlEH/RWZurelE5gMT6M3GGe6WTkE1PEBtlnvZvMQu+rllxe/rIQkp5JkHOjP\n"
-"tEX/Wi68ET7yMKDjIQq9joFnRI70scPf3a2MHwc0OL7PGdf13PUmUwOwlqcP4Rme\n"
-"kA2MpDDl9Qn9pT40fUZLoR0lVusJNbrC8fW9MIcg/JAFp7U/zxnbZUESTF0+k486\n"
-"bF6q5QK4kaHjoUOvzX0encs+0xY7tAY+cSgQkn37z2G/K5OUMQXUQ7hQ+LRvQNM/\n"
-"qXRjwsBuW+4D+4bglGLJxT9PINiZ8cgbfCF6E9B+QmsY7KSVYYB955LsCi+8G/tq\n"
-"wdmHDYAKV9OXZfb54UKqLh3R0JkdMpEH/0rPbsxhwFXLE+ixAs5HTu0ILXwj6uCR\n"
-"9PGBR6skB8ONfaXAtq+92O/4aegCxbC9SNWuTvYBKkBdMGSGcO7LwvwjUA2kujEV\n"
-"66In56DCQJS+K19AR+fRYPro8+MavAQlirEK1uOjidoKykVziqO7B6Z4DAaZZBDP\n"
-"h8HwYANauwlfapGuZ5/rLPNCFi5VEJjX/9t0ECCgPOOEK8qWA5ljw35K6W/3CVX7\n"
-"hKNflAx1BGBr0GfrJo/EsneeBEsKPk/hge5uPr+wkDqdXq/7qxCSHhT3OQpiOW65\n"
-"dyBX/44XAVQaWtf6DJc84nWDYsCgscEZzGAUyBY8Fw9S7We5OFLNcYWIwQQYEQgA\n"
-"CQUCTX/ptAIbIgBqCRB7/ynKCzvfuF8gBBkRCAAGBQJNf+m0AAoJEEPv0WrPxcc9\n"
-"aJwA/0zWQ0RfRhlC1nbf7ISEOF36WQjslGKXjf6z6rSNgphoAP4119FDX9jaW0B8\n"
-"HL9p+XRZTOTSo5GMLUTH5zo+zpTbB2cxAP9moc/i1z2D8AXTnUk7YfSm+o7rFThu\n"
-"2Cx0oO7h1g0MjQD6A/6e68DhK9altb/xqtHeG0jbLmvFRtkC0zu7WZjvSbc=\n"
-"=v3gg\n"
-"-----END PGP PUBLIC KEY BLOCK-----\n";
-
-const gnutls_datum_t cert2048 = { cert2048_txt, sizeof (cert2048_txt) };
+ "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+ "Version: GnuPG v1.4.10 (GNU/Linux)\n"
+ "Comment: Test key for GnuTLS\n"
+ "\n"
+ "mQMuBE1/6bQRCAD8TQlwbkkX3bLJvemSA/BqT/z0OrJsuXKFQqK5Pp0BRTwC4iCg\n"
+ "wnUFrr012up66YTzaA0aQpkf48gqxZ1XTGZtZ13+aAArChqKiffR7OS+BnROd+D3\n"
+ "NkPF0tWDAqRFsybIej1GcdSyPw+neExSfoeYzNpUW9oX2iLh5QZC/xt++kE8tOr8\n"
+ "BXiDW/+rudjf8Rc0ZI10vi12rb64eYd7szE49crS2YsjqarnncN+J7RX3jSifKrZ\n"
+ "XqP/F5s/0a1Nfd4xQU2fsnbQwiIuKTQjU6BHD/2ILnhZImEUn4KqZvbEt6yIJiLy\n"
+ "u+KerhTiuAhl+sx2DQf3EVxD8EpCwzFqXtF3AQD9Nf9OFJ2Cchwuz8Q5VDBoRFhP\n"
+ "4p/hGWqAsmRSZlxdQQf/Q5R15CMDtCrZnuSeptfgdZUfB0gi0aYeKE2TWto5JEVP\n"
+ "i24IXSF2l1qF9IM2i9Fv7FBwZuLQj6s+vOsq0TSATvaTGdCpvqKOCHKBZtfqD/rv\n"
+ "XJ5o3oEOtDzXdxrW1f8yVbSeWRGT2iNDPNYCnz4d+njAK1q21Qs1TRC/MKPP2EqB\n"
+ "fjy7VE0k4mFCOCLqfEnEh5hmBzegNo6+pq/i7VHuDG/w6oMUILsf+IM+JlRqeTtJ\n"
+ "iDDj6yVxBdW/0jSn8Wb2CeJ+S9Jf8zLeOaxtNuD9MbRG4KjnGzmh256FpA3S8E6x\n"
+ "ffx7LdqHGkIPEf9wFY5+7C70fbfLvIbYcFf6UdGofAf+I/NtpVMVm1ZbINIcky24\n"
+ "T0Y8NtYY4UsGaq5Lv+YQZc8DzGvjTCUMVcfPTn0g2C2l/nv3H+Po5QOjXgCGmq2U\n"
+ "NtoJ/GYr/lrN0j7GCLXWyJCWpAv0VqkzFX5HtiuC1/3R8ONpb0wtGcKaVPYm3jZM\n"
+ "fZLKlqG+yZABldKgVOoTmvWEsGQhP+OKho8grmiaAqOVHSfd9qofMH/V53wH03JB\n"
+ "E5BqdQR6mP2Jq/q8OLlg8VrlSWLi+0dFP1QrNN0u87UBQ9FtpYnRnF0k/3tFdTQL\n"
+ "GfjE9BdBO3vwSPg8EEQKUDxgeL5RoQT1ANi/iXBxfYoULVNQysTPwXIg9YauTU0f\n"
+ "V7QJbG9jYWxob3N0iHoEExEIACIFAk1/6bQCGyMGCwkIBwMCBhUIAgkKCwQWAgMB\n"
+ "Ah4BAheAAAoJEHv/KcoLO9+4imwA/3z+QK0W9yffh/yFKRYYyfyLyF+q/ECKhXn8\n"
+ "fb4TUc9CAP9fGN3pHujv2Upk9d3igY2w7jIuO78PA8dRfIKs5QEXFrkDLgRNf+m0\n"
+ "EQgAqJc+Kyx+F5Ol4nTQlddVhw0sLUeM+bOWvxIiZUSjkwFQ4Qu32a1JelJ8ne12\n"
+ "pBIwvXA9/oa/JyDh14iFoxO4u1aBJUheVo0yeRupjo92gU6bwbLTZHJlTqRo0vne\n"
+ "dYpPCnVez5CNSJB9TMugZLygG4/WO3zcBjLgkR/wrebb3tKAmS/RMUuBpFxGjNnL\n"
+ "MZOzCqB4LPFQECErOWpg6ddwLXwtP4VjaBE9RYP1uVP1Bhyc28LMQjQW1l5vzVcN\n"
+ "0DQmyBA6WX2QBeiVrALrxGq1CdcACIyYw6zzch6J2pB5IumH+IOHQMc4r67dZjIS\n"
+ "ISS8T9Xit251J0ssilw4m3rZzwEApK4jhYn2R1KS2ihLlb+7h01YVcUA1sG6Kj4s\n"
+ "Oxk3zlEH/RWZurelE5gMT6M3GGe6WTkE1PEBtlnvZvMQu+rllxe/rIQkp5JkHOjP\n"
+ "tEX/Wi68ET7yMKDjIQq9joFnRI70scPf3a2MHwc0OL7PGdf13PUmUwOwlqcP4Rme\n"
+ "kA2MpDDl9Qn9pT40fUZLoR0lVusJNbrC8fW9MIcg/JAFp7U/zxnbZUESTF0+k486\n"
+ "bF6q5QK4kaHjoUOvzX0encs+0xY7tAY+cSgQkn37z2G/K5OUMQXUQ7hQ+LRvQNM/\n"
+ "qXRjwsBuW+4D+4bglGLJxT9PINiZ8cgbfCF6E9B+QmsY7KSVYYB955LsCi+8G/tq\n"
+ "wdmHDYAKV9OXZfb54UKqLh3R0JkdMpEH/0rPbsxhwFXLE+ixAs5HTu0ILXwj6uCR\n"
+ "9PGBR6skB8ONfaXAtq+92O/4aegCxbC9SNWuTvYBKkBdMGSGcO7LwvwjUA2kujEV\n"
+ "66In56DCQJS+K19AR+fRYPro8+MavAQlirEK1uOjidoKykVziqO7B6Z4DAaZZBDP\n"
+ "h8HwYANauwlfapGuZ5/rLPNCFi5VEJjX/9t0ECCgPOOEK8qWA5ljw35K6W/3CVX7\n"
+ "hKNflAx1BGBr0GfrJo/EsneeBEsKPk/hge5uPr+wkDqdXq/7qxCSHhT3OQpiOW65\n"
+ "dyBX/44XAVQaWtf6DJc84nWDYsCgscEZzGAUyBY8Fw9S7We5OFLNcYWIwQQYEQgA\n"
+ "CQUCTX/ptAIbIgBqCRB7/ynKCzvfuF8gBBkRCAAGBQJNf+m0AAoJEEPv0WrPxcc9\n"
+ "aJwA/0zWQ0RfRhlC1nbf7ISEOF36WQjslGKXjf6z6rSNgphoAP4119FDX9jaW0B8\n"
+ "HL9p+XRZTOTSo5GMLUTH5zo+zpTbB2cxAP9moc/i1z2D8AXTnUk7YfSm+o7rFThu\n"
+ "2Cx0oO7h1g0MjQD6A/6e68DhK9altb/xqtHeG0jbLmvFRtkC0zu7WZjvSbc=\n"
+ "=v3gg\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+
+const gnutls_datum_t cert2048 = { cert2048_txt, sizeof(cert2048_txt) };
static unsigned char key2048_txt[] =
-"-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
-"Version: GnuPG v1.4.10 (GNU/Linux)\n"
-"Comment: Test key for GnuTLS\n"
-"\n"
-"lQNTBE1/6bQRCAD8TQlwbkkX3bLJvemSA/BqT/z0OrJsuXKFQqK5Pp0BRTwC4iCg\n"
-"wnUFrr012up66YTzaA0aQpkf48gqxZ1XTGZtZ13+aAArChqKiffR7OS+BnROd+D3\n"
-"NkPF0tWDAqRFsybIej1GcdSyPw+neExSfoeYzNpUW9oX2iLh5QZC/xt++kE8tOr8\n"
-"BXiDW/+rudjf8Rc0ZI10vi12rb64eYd7szE49crS2YsjqarnncN+J7RX3jSifKrZ\n"
-"XqP/F5s/0a1Nfd4xQU2fsnbQwiIuKTQjU6BHD/2ILnhZImEUn4KqZvbEt6yIJiLy\n"
-"u+KerhTiuAhl+sx2DQf3EVxD8EpCwzFqXtF3AQD9Nf9OFJ2Cchwuz8Q5VDBoRFhP\n"
-"4p/hGWqAsmRSZlxdQQf/Q5R15CMDtCrZnuSeptfgdZUfB0gi0aYeKE2TWto5JEVP\n"
-"i24IXSF2l1qF9IM2i9Fv7FBwZuLQj6s+vOsq0TSATvaTGdCpvqKOCHKBZtfqD/rv\n"
-"XJ5o3oEOtDzXdxrW1f8yVbSeWRGT2iNDPNYCnz4d+njAK1q21Qs1TRC/MKPP2EqB\n"
-"fjy7VE0k4mFCOCLqfEnEh5hmBzegNo6+pq/i7VHuDG/w6oMUILsf+IM+JlRqeTtJ\n"
-"iDDj6yVxBdW/0jSn8Wb2CeJ+S9Jf8zLeOaxtNuD9MbRG4KjnGzmh256FpA3S8E6x\n"
-"ffx7LdqHGkIPEf9wFY5+7C70fbfLvIbYcFf6UdGofAf+I/NtpVMVm1ZbINIcky24\n"
-"T0Y8NtYY4UsGaq5Lv+YQZc8DzGvjTCUMVcfPTn0g2C2l/nv3H+Po5QOjXgCGmq2U\n"
-"NtoJ/GYr/lrN0j7GCLXWyJCWpAv0VqkzFX5HtiuC1/3R8ONpb0wtGcKaVPYm3jZM\n"
-"fZLKlqG+yZABldKgVOoTmvWEsGQhP+OKho8grmiaAqOVHSfd9qofMH/V53wH03JB\n"
-"E5BqdQR6mP2Jq/q8OLlg8VrlSWLi+0dFP1QrNN0u87UBQ9FtpYnRnF0k/3tFdTQL\n"
-"GfjE9BdBO3vwSPg8EEQKUDxgeL5RoQT1ANi/iXBxfYoULVNQysTPwXIg9YauTU0f\n"
-"VwAA/RnOgKKKmJo6d4E+mAa0Pl1QKayWKgSsDoww0kUoUTgHDU20CWxvY2FsaG9z\n"
-"dIh6BBMRCAAiBQJNf+m0AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRB7\n"
-"/ynKCzvfuIpsAP98/kCtFvcn34f8hSkWGMn8i8hfqvxAioV5/H2+E1HPQgD/Xxjd\n"
-"6R7o79lKZPXd4oGNsO4yLju/DwPHUXyCrOUBFxadA1METX/ptBEIAKiXPissfheT\n"
-"peJ00JXXVYcNLC1HjPmzlr8SImVEo5MBUOELt9mtSXpSfJ3tdqQSML1wPf6Gvycg\n"
-"4deIhaMTuLtWgSVIXlaNMnkbqY6PdoFOm8Gy02RyZU6kaNL53nWKTwp1Xs+QjUiQ\n"
-"fUzLoGS8oBuP1jt83AYy4JEf8K3m297SgJkv0TFLgaRcRozZyzGTswqgeCzxUBAh\n"
-"KzlqYOnXcC18LT+FY2gRPUWD9blT9QYcnNvCzEI0FtZeb81XDdA0JsgQOll9kAXo\n"
-"lawC68RqtQnXAAiMmMOs83IeidqQeSLph/iDh0DHOK+u3WYyEiEkvE/V4rdudSdL\n"
-"LIpcOJt62c8BAKSuI4WJ9kdSktooS5W/u4dNWFXFANbBuio+LDsZN85RB/0Vmbq3\n"
-"pROYDE+jNxhnulk5BNTxAbZZ72bzELvq5ZcXv6yEJKeSZBzoz7RF/1ouvBE+8jCg\n"
-"4yEKvY6BZ0SO9LHD392tjB8HNDi+zxnX9dz1JlMDsJanD+EZnpANjKQw5fUJ/aU+\n"
-"NH1GS6EdJVbrCTW6wvH1vTCHIPyQBae1P88Z22VBEkxdPpOPOmxequUCuJGh46FD\n"
-"r819Hp3LPtMWO7QGPnEoEJJ9+89hvyuTlDEF1EO4UPi0b0DTP6l0Y8LAblvuA/uG\n"
-"4JRiycU/TyDYmfHIG3whehPQfkJrGOyklWGAfeeS7AovvBv7asHZhw2AClfTl2X2\n"
-"+eFCqi4d0dCZHTKRB/9Kz27MYcBVyxPosQLOR07tCC18I+rgkfTxgUerJAfDjX2l\n"
-"wLavvdjv+GnoAsWwvUjVrk72ASpAXTBkhnDuy8L8I1ANpLoxFeuiJ+egwkCUvitf\n"
-"QEfn0WD66PPjGrwEJYqxCtbjo4naCspFc4qjuwemeAwGmWQQz4fB8GADWrsJX2qR\n"
-"rmef6yzzQhYuVRCY1//bdBAgoDzjhCvKlgOZY8N+Sulv9wlV+4SjX5QMdQRga9Bn\n"
-"6yaPxLJ3ngRLCj5P4YHubj6/sJA6nV6v+6sQkh4U9zkKYjluuXcgV/+OFwFUGlrX\n"
-"+gyXPOJ1g2LAoLHBGcxgFMgWPBcPUu1nuThSzXGFAAEAgj6e0tgxENBORrJkBCl6\n"
-"xfV6iTNXa3HDArTNTyURRzEN0YjBBBgRCAAJBQJNf+m0AhsiAGoJEHv/KcoLO9+4\n"
-"XyAEGREIAAYFAk1/6bQACgkQQ+/Ras/Fxz1onAD/W3lWDopZrH9R66tiyjYOX4sV\n"
-"b1SoPlKRJngsHouxc4oA/RYoFGrhoY+nL22eza/Ku/SUnVrufZ/jIvQakhpmrLD/\n"
-"ZzEBAJ1w0ez3wUJbsfGlWBkb16pYpIh68/qvTTj84v5N0picAQC1p8JjouN88BJw\n"
-"9UquUquXdK1TY965biHIQ70uaOU4Hw==\n"
-"=Rrkw\n"
-"-----END PGP PRIVATE KEY BLOCK-----\n";
-
-const gnutls_datum_t key2048 = { key2048_txt, sizeof (key2048_txt) };
-
-
-static void
-server (int sds[])
+ "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+ "Version: GnuPG v1.4.10 (GNU/Linux)\n"
+ "Comment: Test key for GnuTLS\n"
+ "\n"
+ "lQNTBE1/6bQRCAD8TQlwbkkX3bLJvemSA/BqT/z0OrJsuXKFQqK5Pp0BRTwC4iCg\n"
+ "wnUFrr012up66YTzaA0aQpkf48gqxZ1XTGZtZ13+aAArChqKiffR7OS+BnROd+D3\n"
+ "NkPF0tWDAqRFsybIej1GcdSyPw+neExSfoeYzNpUW9oX2iLh5QZC/xt++kE8tOr8\n"
+ "BXiDW/+rudjf8Rc0ZI10vi12rb64eYd7szE49crS2YsjqarnncN+J7RX3jSifKrZ\n"
+ "XqP/F5s/0a1Nfd4xQU2fsnbQwiIuKTQjU6BHD/2ILnhZImEUn4KqZvbEt6yIJiLy\n"
+ "u+KerhTiuAhl+sx2DQf3EVxD8EpCwzFqXtF3AQD9Nf9OFJ2Cchwuz8Q5VDBoRFhP\n"
+ "4p/hGWqAsmRSZlxdQQf/Q5R15CMDtCrZnuSeptfgdZUfB0gi0aYeKE2TWto5JEVP\n"
+ "i24IXSF2l1qF9IM2i9Fv7FBwZuLQj6s+vOsq0TSATvaTGdCpvqKOCHKBZtfqD/rv\n"
+ "XJ5o3oEOtDzXdxrW1f8yVbSeWRGT2iNDPNYCnz4d+njAK1q21Qs1TRC/MKPP2EqB\n"
+ "fjy7VE0k4mFCOCLqfEnEh5hmBzegNo6+pq/i7VHuDG/w6oMUILsf+IM+JlRqeTtJ\n"
+ "iDDj6yVxBdW/0jSn8Wb2CeJ+S9Jf8zLeOaxtNuD9MbRG4KjnGzmh256FpA3S8E6x\n"
+ "ffx7LdqHGkIPEf9wFY5+7C70fbfLvIbYcFf6UdGofAf+I/NtpVMVm1ZbINIcky24\n"
+ "T0Y8NtYY4UsGaq5Lv+YQZc8DzGvjTCUMVcfPTn0g2C2l/nv3H+Po5QOjXgCGmq2U\n"
+ "NtoJ/GYr/lrN0j7GCLXWyJCWpAv0VqkzFX5HtiuC1/3R8ONpb0wtGcKaVPYm3jZM\n"
+ "fZLKlqG+yZABldKgVOoTmvWEsGQhP+OKho8grmiaAqOVHSfd9qofMH/V53wH03JB\n"
+ "E5BqdQR6mP2Jq/q8OLlg8VrlSWLi+0dFP1QrNN0u87UBQ9FtpYnRnF0k/3tFdTQL\n"
+ "GfjE9BdBO3vwSPg8EEQKUDxgeL5RoQT1ANi/iXBxfYoULVNQysTPwXIg9YauTU0f\n"
+ "VwAA/RnOgKKKmJo6d4E+mAa0Pl1QKayWKgSsDoww0kUoUTgHDU20CWxvY2FsaG9z\n"
+ "dIh6BBMRCAAiBQJNf+m0AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRB7\n"
+ "/ynKCzvfuIpsAP98/kCtFvcn34f8hSkWGMn8i8hfqvxAioV5/H2+E1HPQgD/Xxjd\n"
+ "6R7o79lKZPXd4oGNsO4yLju/DwPHUXyCrOUBFxadA1METX/ptBEIAKiXPissfheT\n"
+ "peJ00JXXVYcNLC1HjPmzlr8SImVEo5MBUOELt9mtSXpSfJ3tdqQSML1wPf6Gvycg\n"
+ "4deIhaMTuLtWgSVIXlaNMnkbqY6PdoFOm8Gy02RyZU6kaNL53nWKTwp1Xs+QjUiQ\n"
+ "fUzLoGS8oBuP1jt83AYy4JEf8K3m297SgJkv0TFLgaRcRozZyzGTswqgeCzxUBAh\n"
+ "KzlqYOnXcC18LT+FY2gRPUWD9blT9QYcnNvCzEI0FtZeb81XDdA0JsgQOll9kAXo\n"
+ "lawC68RqtQnXAAiMmMOs83IeidqQeSLph/iDh0DHOK+u3WYyEiEkvE/V4rdudSdL\n"
+ "LIpcOJt62c8BAKSuI4WJ9kdSktooS5W/u4dNWFXFANbBuio+LDsZN85RB/0Vmbq3\n"
+ "pROYDE+jNxhnulk5BNTxAbZZ72bzELvq5ZcXv6yEJKeSZBzoz7RF/1ouvBE+8jCg\n"
+ "4yEKvY6BZ0SO9LHD392tjB8HNDi+zxnX9dz1JlMDsJanD+EZnpANjKQw5fUJ/aU+\n"
+ "NH1GS6EdJVbrCTW6wvH1vTCHIPyQBae1P88Z22VBEkxdPpOPOmxequUCuJGh46FD\n"
+ "r819Hp3LPtMWO7QGPnEoEJJ9+89hvyuTlDEF1EO4UPi0b0DTP6l0Y8LAblvuA/uG\n"
+ "4JRiycU/TyDYmfHIG3whehPQfkJrGOyklWGAfeeS7AovvBv7asHZhw2AClfTl2X2\n"
+ "+eFCqi4d0dCZHTKRB/9Kz27MYcBVyxPosQLOR07tCC18I+rgkfTxgUerJAfDjX2l\n"
+ "wLavvdjv+GnoAsWwvUjVrk72ASpAXTBkhnDuy8L8I1ANpLoxFeuiJ+egwkCUvitf\n"
+ "QEfn0WD66PPjGrwEJYqxCtbjo4naCspFc4qjuwemeAwGmWQQz4fB8GADWrsJX2qR\n"
+ "rmef6yzzQhYuVRCY1//bdBAgoDzjhCvKlgOZY8N+Sulv9wlV+4SjX5QMdQRga9Bn\n"
+ "6yaPxLJ3ngRLCj5P4YHubj6/sJA6nV6v+6sQkh4U9zkKYjluuXcgV/+OFwFUGlrX\n"
+ "+gyXPOJ1g2LAoLHBGcxgFMgWPBcPUu1nuThSzXGFAAEAgj6e0tgxENBORrJkBCl6\n"
+ "xfV6iTNXa3HDArTNTyURRzEN0YjBBBgRCAAJBQJNf+m0AhsiAGoJEHv/KcoLO9+4\n"
+ "XyAEGREIAAYFAk1/6bQACgkQQ+/Ras/Fxz1onAD/W3lWDopZrH9R66tiyjYOX4sV\n"
+ "b1SoPlKRJngsHouxc4oA/RYoFGrhoY+nL22eza/Ku/SUnVrufZ/jIvQakhpmrLD/\n"
+ "ZzEBAJ1w0ez3wUJbsfGlWBkb16pYpIh68/qvTTj84v5N0picAQC1p8JjouN88BJw\n"
+ "9UquUquXdK1TY965biHIQ70uaOU4Hw==\n"
+ "=Rrkw\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
+
+const gnutls_datum_t key2048 = { key2048_txt, sizeof(key2048_txt) };
+
+
+static void server(int sds[])
{
- int j;
- /* this must be called once in the program
- */
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (5);
-
- if (debug)
- success ("Launched, setting DH parameters...\n");
-
- generate_dh_params ();
-
- for (j = 0; j < SESSIONS; j++)
- {
- int sd = sds[j];
-
- if (j == 0)
- {
- gnutls_certificate_allocate_credentials (&pgp_cred);
- ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt,
- &server_key, "auto",
- GNUTLS_OPENPGP_FMT_BASE64);
- }
- else
- {
- gnutls_certificate_free_credentials (pgp_cred);
- gnutls_certificate_allocate_credentials (&pgp_cred);
- ret =
- gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &cert2048, &key2048,
- "auto", GNUTLS_OPENPGP_FMT_BASE64);
- }
-
- if (ret < 0)
- {
- fail ("Could not set server key files...\n");
- goto end;
- }
-
- gnutls_certificate_set_dh_params (pgp_cred, dh_params);
-
- session = initialize_tls_session ();
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake %d has failed (%s)\n\n",
- j, gnutls_strerror (ret));
- goto end;
- }
- if (debug)
- success ("server: Handshake %d was completed\n", j);
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- if (debug)
- print_info (session);
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- goto end;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
- }
-
-end:
- gnutls_certificate_free_credentials (pgp_cred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int j;
+ /* this must be called once in the program
+ */
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(5);
+
+ if (debug)
+ success("Launched, setting DH parameters...\n");
+
+ generate_dh_params();
+
+ for (j = 0; j < SESSIONS; j++) {
+ int sd = sds[j];
+
+ if (j == 0) {
+ gnutls_certificate_allocate_credentials(&pgp_cred);
+ ret =
+ gnutls_certificate_set_openpgp_key_mem2
+ (pgp_cred, &server_crt, &server_key, "auto",
+ GNUTLS_OPENPGP_FMT_BASE64);
+ } else {
+ gnutls_certificate_free_credentials(pgp_cred);
+ gnutls_certificate_allocate_credentials(&pgp_cred);
+ ret =
+ gnutls_certificate_set_openpgp_key_mem2
+ (pgp_cred, &cert2048, &key2048, "auto",
+ GNUTLS_OPENPGP_FMT_BASE64);
+ }
+
+ if (ret < 0) {
+ fail("Could not set server key files...\n");
+ goto end;
+ }
+
+ gnutls_certificate_set_dh_params(pgp_cred, dh_params);
+
+ session = initialize_tls_session();
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake %d has failed (%s)\n\n",
+ j, gnutls_strerror(ret));
+ goto end;
+ }
+ if (debug)
+ success("server: Handshake %d was completed\n", j);
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ if (debug)
+ print_info(session);
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ goto end;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
+ }
+
+ end:
+ gnutls_certificate_free_credentials(pgp_cred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- int client_sds[SESSIONS], server_sds[SESSIONS];
- int i;
-
- for (i = 0; i < SESSIONS; i++)
- {
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- server_sds[i] = sockets[0];
- client_sds[i] = sockets[1];
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (server_sds);
- wait (&status);
- }
- else
- client (client_sds);
+ int client_sds[SESSIONS], server_sds[SESSIONS];
+ int i;
+
+ for (i = 0; i < SESSIONS; i++) {
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ server_sds[i] = sockets[0];
+ client_sds[i] = sockets[1];
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(server_sds);
+ wait(&status);
+ } else
+ client(client_sds);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/openssl.c b/tests/openssl.c
index 4ed15e6ca7..aee870a707 100644
--- a/tests/openssl.c
+++ b/tests/openssl.c
@@ -30,30 +30,27 @@
#include <gnutls/openssl.h>
-void
-doit (void)
+void doit(void)
{
- MD5_CTX c;
- unsigned char md[MD5_DIGEST_LENGTH];
+ MD5_CTX c;
+ unsigned char md[MD5_DIGEST_LENGTH];
- if (global_init () != 0)
- fail ("global_init\n");
+ if (global_init() != 0)
+ fail("global_init\n");
- if (!gnutls_check_version (GNUTLS_VERSION))
- success ("gnutls_check_version ERROR\n");
+ if (!gnutls_check_version(GNUTLS_VERSION))
+ success("gnutls_check_version ERROR\n");
- MD5_Init (&c);
- MD5_Update (&c, "abc", 3);
- MD5_Final (&(md[0]), &c);
+ MD5_Init(&c);
+ MD5_Update(&c, "abc", 3);
+ MD5_Final(&(md[0]), &c);
- if (memcmp (md, "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
- "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof (md)) != 0)
- {
- hexprint (md, sizeof (md));
- fail ("MD5 failure\n");
- }
- else if (debug)
- success ("MD5 OK\n");
+ if (memcmp(md, "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+ "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof(md)) != 0) {
+ hexprint(md, sizeof(md));
+ fail("MD5 failure\n");
+ } else if (debug)
+ success("MD5 OK\n");
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
diff --git a/tests/parse_ca.c b/tests/parse_ca.c
index f2d7b19e2f..0502e6a65b 100644
--- a/tests/parse_ca.c
+++ b/tests/parse_ca.c
@@ -29,60 +29,61 @@
#include "utils.h"
static char castr[] =
- "-----BEGIN CERTIFICATE-----\r\n"
- "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\r\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\r\n"
- "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\r\n"
- "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\r\n"
- "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\r\n"
- "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\r\n"
- "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\r\n"
- "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\r\n"
- "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\r\n"
- "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\r\n"
- "PfqUpIhz5Bbm7J4=\r\n"
- "-----END CERTIFICATE-----\r\n"
- "-----BEGIN CERTIFICATE-----\r\n"
- "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\r\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\r\n"
- "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\r\n"
- "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\r\n"
- "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\r\n"
- "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\r\n"
- "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\r\n"
- "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\r\n"
- "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\r\n"
- "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\r\n"
- "PfqUpIhz5Bbm7J4=\r\n" "-----END CERTIFICATE-----\r\n";
+ "-----BEGIN CERTIFICATE-----\r\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\r\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\r\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\r\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\r\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\r\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\r\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\r\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\r\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\r\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\r\n"
+ "PfqUpIhz5Bbm7J4=\r\n"
+ "-----END CERTIFICATE-----\r\n"
+ "-----BEGIN CERTIFICATE-----\r\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\r\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\r\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\r\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\r\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\r\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\r\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\r\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\r\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\r\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\r\n"
+ "PfqUpIhz5Bbm7J4=\r\n" "-----END CERTIFICATE-----\r\n";
-void
-doit (void)
+void doit(void)
{
- int rc;
- gnutls_certificate_credentials_t cred;
- gnutls_datum_t ca = { (unsigned char*)castr, sizeof (castr) };
+ int rc;
+ gnutls_certificate_credentials_t cred;
+ gnutls_datum_t ca = { (unsigned char *) castr, sizeof(castr) };
- global_init ();
+ global_init();
- rc = gnutls_certificate_allocate_credentials (&cred);
- if (rc)
- fail ("allocate cred failed: %d\n", rc);
+ rc = gnutls_certificate_allocate_credentials(&cred);
+ if (rc)
+ fail("allocate cred failed: %d\n", rc);
- rc = gnutls_certificate_set_x509_trust_mem (cred, &ca, GNUTLS_X509_FMT_PEM);
- if (rc != 2)
- fail ("import ca failed: %d\n", rc);
+ rc = gnutls_certificate_set_x509_trust_mem(cred, &ca,
+ GNUTLS_X509_FMT_PEM);
+ if (rc != 2)
+ fail("import ca failed: %d\n", rc);
- ca.data = (unsigned char*) "";
- ca.size = 0;
+ ca.data = (unsigned char *) "";
+ ca.size = 0;
- rc = gnutls_certificate_set_x509_trust_mem (cred, &ca, GNUTLS_X509_FMT_PEM);
- if (rc != 0)
- fail ("import ca failed: %d\n", rc);
+ rc = gnutls_certificate_set_x509_trust_mem(cred, &ca,
+ GNUTLS_X509_FMT_PEM);
+ if (rc != 0)
+ fail("import ca failed: %d\n", rc);
- gnutls_certificate_free_credentials (cred);
+ gnutls_certificate_free_credentials(cred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- if (debug)
- success ("import ok\n");
+ if (debug)
+ success("import ok\n");
}
diff --git a/tests/pgps2kgnu.c b/tests/pgps2kgnu.c
index f777896582..a8ae98231c 100644
--- a/tests/pgps2kgnu.c
+++ b/tests/pgps2kgnu.c
@@ -37,85 +37,80 @@
#include <gnutls/openpgp.h>
static char dummy_key[] =
- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
- "Version: GnuPG v1.4.9 (GNU/Linux)\n"
- "\n"
- "lQCVBEO3YdABBACRqqEnucag4+vyZny2M67Pai5+5suIRRvY+Ly8Ms5MvgCi3EVV\n"
- "xT05O/+0ShiRaf+QicCOFrhbU9PZzzU+seEvkeW2UCu4dQfILkmj+HBEIltGnHr3\n"
- "G0yegHj5pnqrcezERURf2e17gGFWX91cXB9Cm721FPXczuKraphKwCA9PwARAQAB\n"
- "/gNlAkdOVQG0OURlbW9uc3RyYXRpb24gS2V5IGZvciBTMksgR05VIGV4dGVuc2lv\n"
- "biAxMDAxIC0tIGdudS1kdW1teYi8BBMBAgAmBQJDt2HQAhsDBQkB4TOABgsJCAcD\n"
- "AgQVAggDBBYCAwECHgECF4AACgkQQZUwSa4UDezTOQP/TMQXUVrWzHYZGopoPZ2+\n"
- "ZS3qddiznBHsgb7MGYg1KlTiVJSroDUBCHIUJvdQKZV9zrzrFl47D07x6hGyUPHV\n"
- "aZXvuITW8t1o5MMHkCy3pmJ2KgfDvdUxrBvLfgPMICA4c6zA0mWquee43syEW9NY\n"
- "g3q61iPlQwD1J1kX1wlimLCdAdgEQ7dh0AEEANAwa63zlQbuy1Meliy8otwiOa+a\n"
- "mH6pxxUgUNggjyjO5qx+rl25mMjvGIRX4/L1QwIBXJBVi3SgvJW1COZxZqBYqj9U\n"
- "8HVT07mWKFEDf0rZLeUE2jTm16cF9fcW4DQhW+sfYm+hi2sY3HeMuwlUBK9KHfW2\n"
- "+bGeDzVZ4pqfUEudABEBAAEAA/0bemib+wxub9IyVFUp7nPobjQC83qxLSNzrGI/\n"
- "RHzgu/5CQi4tfLOnwbcQsLELfker2hYnjsLrT9PURqK4F7udrWEoZ1I1LymOtLG/\n"
- "4tNZ7Mnul3wRC2tCn7FKx8sGJwGh/3li8vZ6ALVJAyOia5TZ/buX0+QZzt6+hPKk\n"
- "7MU1WQIA4bUBjtrsqDwro94DvPj3/jBnMZbXr6WZIItLNeVDUcM8oHL807Am97K1\n"
- "ueO/f6v1sGAHG6lVPTmtekqPSTWBfwIA7CGFvEyvSALfB8NUa6jtk27NCiw0csql\n"
- "kuhCmwXGMVOiryKEfegkIahf2bAd/gnWHPrpWp7bUE20v8YoW22I4wIAhnm5Wr5Q\n"
- "Sy7EHDUxmJm5TzadFp9gq08qNzHBpXSYXXJ3JuWcL1/awUqp3tE1I6zZ0hZ38Ia6\n"
- "SdBMN88idnhDPqPoiKUEGAECAA8FAkO3YdACGyAFCQHhM4AACgkQQZUwSa4UDezm\n"
- "vQP/ZhK+2ly9oI2z7ZcNC/BJRch0/ybQ3haahII8pXXmOThpZohr/LUgoWgCZdXg\n"
- "vP6yiszNk2tIs8KphCAw7Lw/qzDC2hEORjWO4f46qk73RAgSqG/GyzI4ltWiDhqn\n"
- "vnQCFl3+QFSe4zinqykHnLwGPMXv428d/ZjkIc2ju8dRsn4=\n"
- "=CR5w\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
+ "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+ "Version: GnuPG v1.4.9 (GNU/Linux)\n"
+ "\n"
+ "lQCVBEO3YdABBACRqqEnucag4+vyZny2M67Pai5+5suIRRvY+Ly8Ms5MvgCi3EVV\n"
+ "xT05O/+0ShiRaf+QicCOFrhbU9PZzzU+seEvkeW2UCu4dQfILkmj+HBEIltGnHr3\n"
+ "G0yegHj5pnqrcezERURf2e17gGFWX91cXB9Cm721FPXczuKraphKwCA9PwARAQAB\n"
+ "/gNlAkdOVQG0OURlbW9uc3RyYXRpb24gS2V5IGZvciBTMksgR05VIGV4dGVuc2lv\n"
+ "biAxMDAxIC0tIGdudS1kdW1teYi8BBMBAgAmBQJDt2HQAhsDBQkB4TOABgsJCAcD\n"
+ "AgQVAggDBBYCAwECHgECF4AACgkQQZUwSa4UDezTOQP/TMQXUVrWzHYZGopoPZ2+\n"
+ "ZS3qddiznBHsgb7MGYg1KlTiVJSroDUBCHIUJvdQKZV9zrzrFl47D07x6hGyUPHV\n"
+ "aZXvuITW8t1o5MMHkCy3pmJ2KgfDvdUxrBvLfgPMICA4c6zA0mWquee43syEW9NY\n"
+ "g3q61iPlQwD1J1kX1wlimLCdAdgEQ7dh0AEEANAwa63zlQbuy1Meliy8otwiOa+a\n"
+ "mH6pxxUgUNggjyjO5qx+rl25mMjvGIRX4/L1QwIBXJBVi3SgvJW1COZxZqBYqj9U\n"
+ "8HVT07mWKFEDf0rZLeUE2jTm16cF9fcW4DQhW+sfYm+hi2sY3HeMuwlUBK9KHfW2\n"
+ "+bGeDzVZ4pqfUEudABEBAAEAA/0bemib+wxub9IyVFUp7nPobjQC83qxLSNzrGI/\n"
+ "RHzgu/5CQi4tfLOnwbcQsLELfker2hYnjsLrT9PURqK4F7udrWEoZ1I1LymOtLG/\n"
+ "4tNZ7Mnul3wRC2tCn7FKx8sGJwGh/3li8vZ6ALVJAyOia5TZ/buX0+QZzt6+hPKk\n"
+ "7MU1WQIA4bUBjtrsqDwro94DvPj3/jBnMZbXr6WZIItLNeVDUcM8oHL807Am97K1\n"
+ "ueO/f6v1sGAHG6lVPTmtekqPSTWBfwIA7CGFvEyvSALfB8NUa6jtk27NCiw0csql\n"
+ "kuhCmwXGMVOiryKEfegkIahf2bAd/gnWHPrpWp7bUE20v8YoW22I4wIAhnm5Wr5Q\n"
+ "Sy7EHDUxmJm5TzadFp9gq08qNzHBpXSYXXJ3JuWcL1/awUqp3tE1I6zZ0hZ38Ia6\n"
+ "SdBMN88idnhDPqPoiKUEGAECAA8FAkO3YdACGyAFCQHhM4AACgkQQZUwSa4UDezm\n"
+ "vQP/ZhK+2ly9oI2z7ZcNC/BJRch0/ybQ3haahII8pXXmOThpZohr/LUgoWgCZdXg\n"
+ "vP6yiszNk2tIs8KphCAw7Lw/qzDC2hEORjWO4f46qk73RAgSqG/GyzI4ltWiDhqn\n"
+ "vnQCFl3+QFSe4zinqykHnLwGPMXv428d/ZjkIc2ju8dRsn4=\n"
+ "=CR5w\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
/* Test capability of reading the gnu-dummy OpenPGP S2K extension.
See: doc/DETAILS from gnupg
http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00023.html
*/
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- int rc;
- gnutls_datum_t keydatum =
- { (unsigned char *) dummy_key, strlen (dummy_key) };
- gnutls_openpgp_privkey_t key;
+ int rc;
+ gnutls_datum_t keydatum =
+ { (unsigned char *) dummy_key, strlen(dummy_key) };
+ gnutls_openpgp_privkey_t key;
- if (argc > 1)
- {
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (9);
- }
+ if (argc > 1) {
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(9);
+ }
- rc = global_init ();
- if (rc)
- {
- printf ("global_init rc %d: %s\n", rc, gnutls_strerror (rc));
- return 1;
- }
+ rc = global_init();
+ if (rc) {
+ printf("global_init rc %d: %s\n", rc, gnutls_strerror(rc));
+ return 1;
+ }
- rc = gnutls_openpgp_privkey_init (&key);
- if (rc)
- {
- printf ("gnutls_openpgp_privkey_init rc %d: %s\n",
- rc, gnutls_strerror (rc));
- return 1;
- }
+ rc = gnutls_openpgp_privkey_init(&key);
+ if (rc) {
+ printf("gnutls_openpgp_privkey_init rc %d: %s\n",
+ rc, gnutls_strerror(rc));
+ return 1;
+ }
- rc = gnutls_openpgp_privkey_import (key, &keydatum,
- GNUTLS_OPENPGP_FMT_BASE64, NULL, 0);
- if (rc)
- {
- printf ("gnutls_openpgp_privkey_import rc %d: %s\n",
- rc, gnutls_strerror (rc));
- return 1;
- }
+ rc = gnutls_openpgp_privkey_import(key, &keydatum,
+ GNUTLS_OPENPGP_FMT_BASE64, NULL,
+ 0);
+ if (rc) {
+ printf("gnutls_openpgp_privkey_import rc %d: %s\n",
+ rc, gnutls_strerror(rc));
+ return 1;
+ }
- gnutls_openpgp_privkey_deinit (key);
+ gnutls_openpgp_privkey_deinit(key);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c
index caa3ce88f5..42a01812d3 100644
--- a/tests/pkcs12_encode.c
+++ b/tests/pkcs12_encode.c
@@ -34,192 +34,184 @@
#include <stdlib.h>
static char client_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t client_dat = { (void*)client_pem, sizeof (client_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t client_dat =
+ { (void *) client_pem, sizeof(client_pem) };
static char ca_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
- "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
- "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
- "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
- "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
- "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
- "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
- "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
- "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
- "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t ca_dat = { (void*)ca_pem, sizeof (ca_pem) };
-
-static void
-tls_log_func (int level, const char *str)
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
+ "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t ca_dat = { (void *) ca_pem, sizeof(ca_pem) };
+
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-void
-doit (void)
+void doit(void)
{
- gnutls_pkcs12_t pkcs12;
- gnutls_x509_crt_t client;
- gnutls_x509_crt_t ca;
- gnutls_pkcs12_bag_t bag;
- unsigned char key_id_buf[20];
- gnutls_datum_t key_id;
- int ret, indx;
- char outbuf[10240];
- size_t size;
- int i;
-
- ret = global_init ();
- if (ret < 0)
- {
- fprintf(stderr, "global_init %d", ret);
- exit(1);
- }
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- /* Read certs. */
- ret = gnutls_x509_crt_init (&client);
- if (ret < 0)
- {
- fprintf(stderr, "crt_init: %d", ret);
- exit(1);
- }
-
- ret = gnutls_x509_crt_import (client, &client_dat, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf(stderr, "crt_import: %d", ret);
- exit(1);
- }
-
- ret = gnutls_x509_crt_init (&ca);
- if (ret < 0)
- {
- fprintf(stderr, "ca_init: %d", ret);
- exit(1);
- }
-
- ret = gnutls_x509_crt_import (ca, &ca_dat, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf(stderr, "ca_import: %d", ret);
- exit(1);
- }
-
- /* Create PKCS#12 structure. */
- ret = gnutls_pkcs12_init (&pkcs12);
- if (ret < 0)
- {
- fprintf(stderr, "pkcs12_init: %d", ret);
- exit(1);
- }
-
- /* Generate and add PKCS#12 cert bags. */
- for (i = 0; i < 2; i++)
- {
- ret = gnutls_pkcs12_bag_init (&bag);
- if (ret < 0)
- {
- fprintf(stderr, "bag_init: %d", ret);
- exit(1);
- }
-
- ret = gnutls_pkcs12_bag_set_crt (bag, i == 0 ? client : ca);
- if (ret < 0)
- {
- fprintf(stderr, "set_crt: %d", ret);
- exit(1);
- }
-
- indx = ret;
-
- ret = gnutls_pkcs12_bag_set_friendly_name (bag, indx,
- i == 0 ? "client" : "ca");
- if (ret < 0)
- {
- fprintf(stderr, "set_friendly_name: %d", ret);
- exit(1);
- }
-
- size = sizeof (key_id_buf);
- ret = gnutls_x509_crt_get_key_id (i == 0 ? client : ca, 0,
- key_id_buf, &size);
- if (ret < 0)
- {
- fprintf(stderr, "get_key_id: %d", ret);
- exit(1);
- }
-
- key_id.data = key_id_buf;
- key_id.size = size;
-
- ret = gnutls_pkcs12_bag_set_key_id (bag, indx, &key_id);
- if (ret < 0)
- {
- fprintf(stderr, "bag_set_key_id: %d", ret);
- exit(1);
- }
-
- ret = gnutls_pkcs12_bag_encrypt (bag, "pass",
- i == 0 ? GNUTLS_PKCS8_USE_PKCS12_3DES
- : GNUTLS_PKCS_USE_PKCS12_RC2_40);
- if (ret < 0)
- {
- fprintf(stderr, "bag_encrypt: %d: %s", ret,
- i == 0 ? "3DES" : "RC2-40");
- exit(1);
- }
-
- ret = gnutls_pkcs12_set_bag (pkcs12, bag);
- if (ret < 0)
- {
- fprintf(stderr, "set_bag: %d", ret);
- exit(1);
- }
-
- gnutls_pkcs12_bag_deinit (bag);
- }
-
- /* MAC the structure, export and print. */
- ret = gnutls_pkcs12_generate_mac (pkcs12, "pass");
- if (ret < 0)
- {
- fprintf(stderr, "generate_mac: %d", ret);
- exit(1);
- }
-
- size = sizeof (outbuf);
- ret = gnutls_pkcs12_export (pkcs12, GNUTLS_X509_FMT_PEM, outbuf, &size);
- if (ret < 0)
- {
- fprintf(stderr, "pkcs12_export: %d", ret);
- exit(1);
- }
-
- if (debug)
- fwrite (outbuf, size, 1, stdout);
-
- /* Cleanup. */
- gnutls_pkcs12_deinit (pkcs12);
- gnutls_x509_crt_deinit (client);
- gnutls_x509_crt_deinit (ca);
- gnutls_global_deinit ();
+ gnutls_pkcs12_t pkcs12;
+ gnutls_x509_crt_t client;
+ gnutls_x509_crt_t ca;
+ gnutls_pkcs12_bag_t bag;
+ unsigned char key_id_buf[20];
+ gnutls_datum_t key_id;
+ int ret, indx;
+ char outbuf[10240];
+ size_t size;
+ int i;
+
+ ret = global_init();
+ if (ret < 0) {
+ fprintf(stderr, "global_init %d", ret);
+ exit(1);
+ }
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ /* Read certs. */
+ ret = gnutls_x509_crt_init(&client);
+ if (ret < 0) {
+ fprintf(stderr, "crt_init: %d", ret);
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crt_import(client, &client_dat,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "crt_import: %d", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_init(&ca);
+ if (ret < 0) {
+ fprintf(stderr, "ca_init: %d", ret);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(ca, &ca_dat, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "ca_import: %d", ret);
+ exit(1);
+ }
+
+ /* Create PKCS#12 structure. */
+ ret = gnutls_pkcs12_init(&pkcs12);
+ if (ret < 0) {
+ fprintf(stderr, "pkcs12_init: %d", ret);
+ exit(1);
+ }
+
+ /* Generate and add PKCS#12 cert bags. */
+ for (i = 0; i < 2; i++) {
+ ret = gnutls_pkcs12_bag_init(&bag);
+ if (ret < 0) {
+ fprintf(stderr, "bag_init: %d", ret);
+ exit(1);
+ }
+
+ ret = gnutls_pkcs12_bag_set_crt(bag, i == 0 ? client : ca);
+ if (ret < 0) {
+ fprintf(stderr, "set_crt: %d", ret);
+ exit(1);
+ }
+
+ indx = ret;
+
+ ret = gnutls_pkcs12_bag_set_friendly_name(bag, indx,
+ i ==
+ 0 ? "client" :
+ "ca");
+ if (ret < 0) {
+ fprintf(stderr, "set_friendly_name: %d", ret);
+ exit(1);
+ }
+
+ size = sizeof(key_id_buf);
+ ret = gnutls_x509_crt_get_key_id(i == 0 ? client : ca, 0,
+ key_id_buf, &size);
+ if (ret < 0) {
+ fprintf(stderr, "get_key_id: %d", ret);
+ exit(1);
+ }
+
+ key_id.data = key_id_buf;
+ key_id.size = size;
+
+ ret = gnutls_pkcs12_bag_set_key_id(bag, indx, &key_id);
+ if (ret < 0) {
+ fprintf(stderr, "bag_set_key_id: %d", ret);
+ exit(1);
+ }
+
+ ret = gnutls_pkcs12_bag_encrypt(bag, "pass",
+ i ==
+ 0 ?
+ GNUTLS_PKCS8_USE_PKCS12_3DES
+ :
+ GNUTLS_PKCS_USE_PKCS12_RC2_40);
+ if (ret < 0) {
+ fprintf(stderr, "bag_encrypt: %d: %s", ret,
+ i == 0 ? "3DES" : "RC2-40");
+ exit(1);
+ }
+
+ ret = gnutls_pkcs12_set_bag(pkcs12, bag);
+ if (ret < 0) {
+ fprintf(stderr, "set_bag: %d", ret);
+ exit(1);
+ }
+
+ gnutls_pkcs12_bag_deinit(bag);
+ }
+
+ /* MAC the structure, export and print. */
+ ret = gnutls_pkcs12_generate_mac(pkcs12, "pass");
+ if (ret < 0) {
+ fprintf(stderr, "generate_mac: %d", ret);
+ exit(1);
+ }
+
+ size = sizeof(outbuf);
+ ret =
+ gnutls_pkcs12_export(pkcs12, GNUTLS_X509_FMT_PEM, outbuf,
+ &size);
+ if (ret < 0) {
+ fprintf(stderr, "pkcs12_export: %d", ret);
+ exit(1);
+ }
+
+ if (debug)
+ fwrite(outbuf, size, 1, stdout);
+
+ /* Cleanup. */
+ gnutls_pkcs12_deinit(pkcs12);
+ gnutls_x509_crt_deinit(client);
+ gnutls_x509_crt_deinit(ca);
+ gnutls_global_deinit();
}
diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c
index 1275097c64..b3c0518da3 100644
--- a/tests/pkcs12_s2k.c
+++ b/tests/pkcs12_s2k.c
@@ -31,145 +31,142 @@
#include "../../lib/x509/x509_int.h"
#include "../../lib/debug.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-static const unsigned char *salt[3] = { (void*)"salt1", (void*)"ltsa22", (void*)"balt33" };
+static const unsigned char *salt[3] =
+ { (void *) "salt1", (void *) "ltsa22", (void *) "balt33" };
static const char *pw[3] = { "secret1", "verysecret2", "veryverysecret3" };
static const char *values[] = {
/* 1.0 */
- "85a3c676a66f0960f4807144a28c8d61a0001b81846f301a1ac164289879972f",
+ "85a3c676a66f0960f4807144a28c8d61a0001b81846f301a1ac164289879972f",
/* 1.2 */
- "e659da7d5989733a3d268e0bf7752c35c116e5c75919449a98f6812f82a15b16",
+ "e659da7d5989733a3d268e0bf7752c35c116e5c75919449a98f6812f82a15b16",
/* 1.2 */
- "878b8a88bf6166ce803b7498822205b1ac82870d3aec20807148779375a61f1e",
+ "878b8a88bf6166ce803b7498822205b1ac82870d3aec20807148779375a61f1e",
/* 2.0 */
- "1c845be764371d633c7fd1056967a9940385e110e85b58f826d39ae8561a0019",
+ "1c845be764371d633c7fd1056967a9940385e110e85b58f826d39ae8561a0019",
/* 2.1 */
- "de8dd3ffd59b65d3d5f59a1f71d7add582741f7752a786c045953e727e4465c0",
+ "de8dd3ffd59b65d3d5f59a1f71d7add582741f7752a786c045953e727e4465c0",
/* 2.2 */
#ifndef PKCS12_BROKEN_KEYGEN
- "9dd7f19e5e6aee5c5008b5deefd35889ab75193594ed49a605df4e93e7c2a155",
+ "9dd7f19e5e6aee5c5008b5deefd35889ab75193594ed49a605df4e93e7c2a155",
#else
- "9dd7f19e5e6aee5c5008b5deefd35889ab7519356f13478ecdee593c5ed689b1",
+ "9dd7f19e5e6aee5c5008b5deefd35889ab7519356f13478ecdee593c5ed689b1",
#endif
- /* 3.0 */
- "1c165e5a291a1539f3dbcf82a3e6ed566eb9d50ad4b0b3b57b599b08f0531236",
+ /* 3.0 */
+ "1c165e5a291a1539f3dbcf82a3e6ed566eb9d50ad4b0b3b57b599b08f0531236",
/* 3.1 */
- "5c9abee3cde31656eedfc131b7c2f8061032a3c705961ee2306a826c8b4b1a76",
+ "5c9abee3cde31656eedfc131b7c2f8061032a3c705961ee2306a826c8b4b1a76",
/* 3.2 */
- "a9c94e0acdaeaea54d1b1b681c3b64916396a352dea7ffe635fb2c11d8502e98"
+ "a9c94e0acdaeaea54d1b1b681c3b64916396a352dea7ffe635fb2c11d8502e98"
};
/* Values derived from
http://www.drh-consultancy.demon.co.uk/test.txt */
-static struct
-{
- int id;
- const char *password;
- const unsigned char *salt;
- size_t iter;
- size_t keylen;
- const char *key;
-} tv[] =
-{
- {
- 1, "smeg", (void*)"\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1, 24,
- "8aaae6297b6cb04642ab5b077851284eb7128f1a2a7fbca3"},
- {
- 2, "smeg", (void*)"\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1, 8, "79993dfe048d3b76"},
- {
- 1, "smeg", (void*)"\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1, 24,
- "f3a95fec48d7711e985cfe67908c5ab79fa3d7c5caa5d966"},
- {
- 2, "smeg", (void*)"\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1, 8, "c0a38d64a79bea1d"},
- {
- 3, "smeg", (void*)"\x3D\x83\xC0\xE4\x54\x6A\xC1\x40", 1, 20,
- "8d967d88f6caa9d714800ab3d48051d63f73a312"},
- {
- 1, "queeg", (void*)"\x05\xDE\xC9\x59\xAC\xFF\x72\xF7", 1000, 24,
- "ed2034e36328830ff09df1e1a07dd357185dac0d4f9eb3d4"},
- {
- 2, "queeg", (void*)"\x05\xDE\xC9\x59\xAC\xFF\x72\xF7", 1000, 8,
- "11dedad7758d4860"},
- {
- 1, "queeg", (void*)"\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5", 1000, 24,
- "483dd6e919d7de2e8e648ba8f862f3fbfbdc2bcb2c02957f"},
- {
- 2, "queeg", (void*)"\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5", 1000, 8,
- "9d461d1b00355c50"},
- {
- 3, "queeg", (void*)"\x26\x32\x16\xFC\xC2\xFA\xB3\x1C", 1000, 20,
- "5ec4c7a80df652294c3925b6489a7ab857c83476"}
+static struct {
+ int id;
+ const char *password;
+ const unsigned char *salt;
+ size_t iter;
+ size_t keylen;
+ const char *key;
+} tv[] = {
+ {
+ 1, "smeg", (void *) "\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1,
+ 24,
+ "8aaae6297b6cb04642ab5b077851284eb7128f1a2a7fbca3"}, {
+ 2, "smeg", (void *) "\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1,
+ 8, "79993dfe048d3b76"}, {
+ 1, "smeg", (void *) "\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1,
+ 24,
+ "f3a95fec48d7711e985cfe67908c5ab79fa3d7c5caa5d966"}, {
+ 2, "smeg", (void *) "\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1,
+ 8, "c0a38d64a79bea1d"}, {
+ 3, "smeg", (void *) "\x3D\x83\xC0\xE4\x54\x6A\xC1\x40", 1,
+ 20, "8d967d88f6caa9d714800ab3d48051d63f73a312"}, {
+ 1, "queeg", (void *) "\x05\xDE\xC9\x59\xAC\xFF\x72\xF7",
+ 1000, 24,
+ "ed2034e36328830ff09df1e1a07dd357185dac0d4f9eb3d4"}, {
+ 2, "queeg", (void *) "\x05\xDE\xC9\x59\xAC\xFF\x72\xF7",
+ 1000, 8, "11dedad7758d4860"}, {
+ 1, "queeg", (void *) "\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5",
+ 1000, 24,
+ "483dd6e919d7de2e8e648ba8f862f3fbfbdc2bcb2c02957f"}, {
+ 2, "queeg", (void *) "\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5",
+ 1000, 8, "9d461d1b00355c50"}, {
+ 3, "queeg", (void *) "\x26\x32\x16\xFC\xC2\xFA\xB3\x1C",
+ 1000, 20, "5ec4c7a80df652294c3925b6489a7ab857c83476"}
};
-void
-doit (void)
+void doit(void)
{
- int rc;
- unsigned int i, j, x;
- unsigned char key[32];
- char tmp[1024];
-
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (99);
-
- x = 0;
- for (i = 1; i < 4; i++)
- {
- for (j = 0; j < 3; j++)
- {
- rc =
- _gnutls_pkcs12_string_to_key (i, salt[j], strlen ((char*)salt[j]),
- j + i + 15, pw[j], sizeof (key),
- key);
- if (rc < 0)
- fail ("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc);
-
- if (strcmp (_gnutls_bin2hex (key, sizeof (key),
- tmp, sizeof (tmp), NULL),
- values[x]) != 0)
- fail ("_gnutls_pkcs12_string_to_key failed[1]\n");
-
- if (debug)
- printf ("ij: %d.%d: %s\n", i, j,
- _gnutls_bin2hex (key, sizeof (key), tmp, sizeof (tmp),
- NULL));
- x++;
- }
- }
- if (debug)
- printf ("\n");
-
- for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
- {
- rc = _gnutls_pkcs12_string_to_key (tv[i].id, tv[i].salt, 8,
- tv[i].iter, tv[i].password,
- tv[i].keylen, key);
- if (rc < 0)
- fail ("_gnutls_pkcs12_string_to_key failed[2]: %d\n", rc);
-
- if (memcmp (_gnutls_bin2hex (key, tv[i].keylen,
- tmp, sizeof (tmp), NULL),
- tv[i].key, tv[i].keylen) != 0)
- fail ("_gnutls_pkcs12_string_to_key failed[3]\n");
-
- if (debug)
- printf ("tv[%d]: %s\n", i,
- _gnutls_bin2hex (key, tv[i].keylen, tmp, sizeof (tmp), NULL));
- }
- if (debug)
- printf ("\n");
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("_gnutls_pkcs12_string_to_key ok\n");
+ int rc;
+ unsigned int i, j, x;
+ unsigned char key[32];
+ char tmp[1024];
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(99);
+
+ x = 0;
+ for (i = 1; i < 4; i++) {
+ for (j = 0; j < 3; j++) {
+ rc = _gnutls_pkcs12_string_to_key(i, salt[j],
+ strlen((char *)
+ salt[j]),
+ j + i + 15,
+ pw[j],
+ sizeof(key),
+ key);
+ if (rc < 0)
+ fail("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc);
+
+ if (strcmp(_gnutls_bin2hex(key, sizeof(key),
+ tmp, sizeof(tmp), NULL),
+ values[x]) != 0)
+ fail("_gnutls_pkcs12_string_to_key failed[1]\n");
+
+ if (debug)
+ printf("ij: %d.%d: %s\n", i, j,
+ _gnutls_bin2hex(key, sizeof(key),
+ tmp, sizeof(tmp),
+ NULL));
+ x++;
+ }
+ }
+ if (debug)
+ printf("\n");
+
+ for (i = 0; i < sizeof(tv) / sizeof(tv[0]); i++) {
+ rc = _gnutls_pkcs12_string_to_key(tv[i].id, tv[i].salt, 8,
+ tv[i].iter,
+ tv[i].password,
+ tv[i].keylen, key);
+ if (rc < 0)
+ fail("_gnutls_pkcs12_string_to_key failed[2]: %d\n", rc);
+
+ if (memcmp(_gnutls_bin2hex(key, tv[i].keylen,
+ tmp, sizeof(tmp), NULL),
+ tv[i].key, tv[i].keylen) != 0)
+ fail("_gnutls_pkcs12_string_to_key failed[3]\n");
+
+ if (debug)
+ printf("tv[%d]: %s\n", i,
+ _gnutls_bin2hex(key, tv[i].keylen, tmp,
+ sizeof(tmp), NULL));
+ }
+ if (debug)
+ printf("\n");
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("_gnutls_pkcs12_string_to_key ok\n");
}
diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c
index c7a22228a1..35b8947ed6 100644
--- a/tests/pkcs12_s2k_pem.c
+++ b/tests/pkcs12_s2k_pem.c
@@ -229,70 +229,58 @@
"UWl07o3w\n" \
"-----END ENCRYPTED PRIVATE KEY-----\n"
-static struct
-{
- const char *name;
- const char *password;
- const char *pkcs12key;
- int expected_result;
-} keys[] =
-{
- {
- "x_9607", "123456", X_9607, 0},
- {
- "x_9671", "123456", X_9671, 0},
- {
- "x_9925", "123456", X_9925, 0},
- {
- "x_9926", "123456", X_9926, 0},
- {
- "x_9927", "123456", X_9927, 0},
- {
- "x_9928", "123456", X_9928, 0},
- {
- "x_9929", "123456", X_9929, 0},
- {
- "x_9930", "123456", X_9930, 0},
- {
- "x_9931", "123456", X_9931, 0},
- {
- "x_9932", "123456", X_9932, 0}
+static struct {
+ const char *name;
+ const char *password;
+ const char *pkcs12key;
+ int expected_result;
+} keys[] = {
+ {
+ "x_9607", "123456", X_9607, 0}, {
+ "x_9671", "123456", X_9671, 0}, {
+ "x_9925", "123456", X_9925, 0}, {
+ "x_9926", "123456", X_9926, 0}, {
+ "x_9927", "123456", X_9927, 0}, {
+ "x_9928", "123456", X_9928, 0}, {
+ "x_9929", "123456", X_9929, 0}, {
+ "x_9930", "123456", X_9930, 0}, {
+ "x_9931", "123456", X_9931, 0}, {
+ "x_9932", "123456", X_9932, 0}
};
-int
-main (void)
+int main(void)
{
- gnutls_x509_privkey_t key;
- size_t i;
- int ret;
+ gnutls_x509_privkey_t key;
+ size_t i;
+ int ret;
- global_init ();
+ global_init();
- for (i = 0; i < sizeof (keys) / sizeof (keys[0]); i++)
- {
- gnutls_datum_t tmp;
+ for (i = 0; i < sizeof(keys) / sizeof(keys[0]); i++) {
+ gnutls_datum_t tmp;
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- return 1;
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0)
+ return 1;
- tmp.data = (unsigned char *) keys[i].pkcs12key;
- tmp.size = strlen ((char*)tmp.data);
+ tmp.data = (unsigned char *) keys[i].pkcs12key;
+ tmp.size = strlen((char *) tmp.data);
- ret = gnutls_x509_privkey_import_pkcs8 (key, &tmp,
- GNUTLS_X509_FMT_PEM,
- keys[i].password, 0);
- gnutls_x509_privkey_deinit (key);
+ ret = gnutls_x509_privkey_import_pkcs8(key, &tmp,
+ GNUTLS_X509_FMT_PEM,
+ keys[i].password,
+ 0);
+ gnutls_x509_privkey_deinit(key);
- if (ret != keys[i].expected_result)
- {
- printf ("fail[%d]: %d: %s\n", (int) i, ret, gnutls_strerror (ret));
- return 1;
- }
+ if (ret != keys[i].expected_result) {
+ printf("fail[%d]: %d: %s\n", (int) i, ret,
+ gnutls_strerror(ret));
+ return 1;
+ }
- }
+ }
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/tests/pkcs12_simple.c b/tests/pkcs12_simple.c
index 61618f4c9a..bbfe97d181 100644
--- a/tests/pkcs12_simple.c
+++ b/tests/pkcs12_simple.c
@@ -31,112 +31,121 @@
#include <gnutls/x509.h>
#include "utils.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "<%d>| %s", level, str);
+ fprintf(stderr, "<%d>| %s", level, str);
}
-void
-doit (void)
+void doit(void)
{
- const char *filename, *password = "1234";
- gnutls_pkcs12_t pkcs12;
- unsigned char* file_data;
- size_t file_size;
- gnutls_datum_t data;
- gnutls_x509_crt_t * chain, * extras;
- unsigned int chain_size, extras_size, i;
- gnutls_x509_privkey_t pkey;
- int ret;
-
- ret = global_init ();
- if (ret < 0)
- fail ("global_init failed %d\n", ret);
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (2);
-
- ret = gnutls_pkcs12_init(&pkcs12);
- if (ret < 0)
- fail ("initialization failed: %s\n", gnutls_strerror(ret));
-
- filename = getenv ("PKCS12_MANY_CERTS_FILE");
-
- if (!filename)
- filename = "pkcs12-decode/pkcs12_5certs.p12";
-
- if (debug)
- success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
- filename, password);
-
- file_data = (void*)read_binary_file( filename, &file_size);
- if (file_data == NULL)
- fail("cannot open file");
-
- data.data = file_data;
- data.size = file_size;
- ret = gnutls_pkcs12_import(pkcs12, &data, GNUTLS_X509_FMT_DER, 0);
- if (ret < 0)
- fail ("pkcs12_import failed %d: %s\n", ret, gnutls_strerror (ret));
-
- if (debug)
- success ("Read file OK\n");
-
- ret = gnutls_pkcs12_simple_parse (pkcs12, password, &pkey, &chain, &chain_size,
- &extras, &extras_size, NULL, 0);
- if (ret < 0)
- fail ("pkcs12_simple_parse failed %d: %s\n", ret, gnutls_strerror (ret));
-
- if (chain_size != 1)
- fail("chain size (%u) should have been 1\n", chain_size);
-
- if (extras_size != 4)
- fail("extras size (%u) should have been 4\n", extras_size);
-
- if (debug)
- {
- char dn[512];
- size_t dn_size;
-
- dn_size = sizeof(dn);
- ret = gnutls_x509_crt_get_dn(chain[0], dn, &dn_size);
- if (ret < 0)
- fail ("crt_get_dn failed %d: %s\n", ret, gnutls_strerror (ret));
-
- success("dn: %s\n", dn);
-
- dn_size = sizeof(dn);
- ret = gnutls_x509_crt_get_issuer_dn(chain[0], dn, &dn_size);
- if (ret < 0)
- fail ("crt_get_dn failed %d: %s\n", ret, gnutls_strerror (ret));
-
- success("issuer dn: %s\n", dn);
- }
-
- gnutls_pkcs12_deinit(pkcs12);
- gnutls_x509_privkey_deinit(pkey);
-
- for (i=0;i<chain_size;i++)
- gnutls_x509_crt_deinit(chain[i]);
- gnutls_free(chain);
-
- for (i=0;i<extras_size;i++)
- gnutls_x509_crt_deinit(extras[i]);
- gnutls_free(extras);
-
- /* Try gnutls_x509_privkey_import2() */
- ret = gnutls_x509_privkey_init(&pkey);
- if (ret < 0)
- fail ("gnutls_x509_privkey_init failed %d: %s\n", ret, gnutls_strerror (ret));
-
- ret = gnutls_x509_privkey_import2(pkey, &data, GNUTLS_X509_FMT_DER, password, 0);
- if (ret < 0)
- fail ("gnutls_x509_privkey_import2 failed %d: %s\n", ret, gnutls_strerror (ret));
- gnutls_x509_privkey_deinit(pkey);
-
- free(file_data);
-
- gnutls_global_deinit ();
+ const char *filename, *password = "1234";
+ gnutls_pkcs12_t pkcs12;
+ unsigned char *file_data;
+ size_t file_size;
+ gnutls_datum_t data;
+ gnutls_x509_crt_t *chain, *extras;
+ unsigned int chain_size, extras_size, i;
+ gnutls_x509_privkey_t pkey;
+ int ret;
+
+ ret = global_init();
+ if (ret < 0)
+ fail("global_init failed %d\n", ret);
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ ret = gnutls_pkcs12_init(&pkcs12);
+ if (ret < 0)
+ fail("initialization failed: %s\n", gnutls_strerror(ret));
+
+ filename = getenv("PKCS12_MANY_CERTS_FILE");
+
+ if (!filename)
+ filename = "pkcs12-decode/pkcs12_5certs.p12";
+
+ if (debug)
+ success
+ ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
+ filename, password);
+
+ file_data = (void *) read_binary_file(filename, &file_size);
+ if (file_data == NULL)
+ fail("cannot open file");
+
+ data.data = file_data;
+ data.size = file_size;
+ ret = gnutls_pkcs12_import(pkcs12, &data, GNUTLS_X509_FMT_DER, 0);
+ if (ret < 0)
+ fail("pkcs12_import failed %d: %s\n", ret,
+ gnutls_strerror(ret));
+
+ if (debug)
+ success("Read file OK\n");
+
+ ret =
+ gnutls_pkcs12_simple_parse(pkcs12, password, &pkey, &chain,
+ &chain_size, &extras, &extras_size,
+ NULL, 0);
+ if (ret < 0)
+ fail("pkcs12_simple_parse failed %d: %s\n", ret,
+ gnutls_strerror(ret));
+
+ if (chain_size != 1)
+ fail("chain size (%u) should have been 1\n", chain_size);
+
+ if (extras_size != 4)
+ fail("extras size (%u) should have been 4\n", extras_size);
+
+ if (debug) {
+ char dn[512];
+ size_t dn_size;
+
+ dn_size = sizeof(dn);
+ ret = gnutls_x509_crt_get_dn(chain[0], dn, &dn_size);
+ if (ret < 0)
+ fail("crt_get_dn failed %d: %s\n", ret,
+ gnutls_strerror(ret));
+
+ success("dn: %s\n", dn);
+
+ dn_size = sizeof(dn);
+ ret =
+ gnutls_x509_crt_get_issuer_dn(chain[0], dn, &dn_size);
+ if (ret < 0)
+ fail("crt_get_dn failed %d: %s\n", ret,
+ gnutls_strerror(ret));
+
+ success("issuer dn: %s\n", dn);
+ }
+
+ gnutls_pkcs12_deinit(pkcs12);
+ gnutls_x509_privkey_deinit(pkey);
+
+ for (i = 0; i < chain_size; i++)
+ gnutls_x509_crt_deinit(chain[i]);
+ gnutls_free(chain);
+
+ for (i = 0; i < extras_size; i++)
+ gnutls_x509_crt_deinit(extras[i]);
+ gnutls_free(extras);
+
+ /* Try gnutls_x509_privkey_import2() */
+ ret = gnutls_x509_privkey_init(&pkey);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_init failed %d: %s\n", ret,
+ gnutls_strerror(ret));
+
+ ret =
+ gnutls_x509_privkey_import2(pkey, &data, GNUTLS_X509_FMT_DER,
+ password, 0);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_import2 failed %d: %s\n", ret,
+ gnutls_strerror(ret));
+ gnutls_x509_privkey_deinit(pkey);
+
+ free(file_data);
+
+ gnutls_global_deinit();
}
diff --git a/tests/priorities.c b/tests/priorities.c
index 751cbfd19c..bf183fe164 100644
--- a/tests/priorities.c
+++ b/tests/priorities.c
@@ -32,83 +32,80 @@
#include "utils.h"
static void
-try_prio (const char* prio, unsigned expected_cs, unsigned expected_ciphers)
+try_prio(const char *prio, unsigned expected_cs, unsigned expected_ciphers)
{
-int ret;
-gnutls_priority_t p;
-const char* err;
-const unsigned int * t;
-unsigned i, si, count = 0;
+ int ret;
+ gnutls_priority_t p;
+ const char *err;
+ const unsigned int *t;
+ unsigned i, si, count = 0;
- /* this must be called once in the program
- */
- global_init ();
-
- ret = gnutls_priority_init(&p, prio, &err);
- if (ret < 0)
- {
- fprintf(stderr, "error: %s: %s\n", gnutls_strerror(ret), err);
- exit(1);
- }
-
- for (i=0;;i++)
- {
- ret = gnutls_priority_get_cipher_suite_index(p, i, &si);
- if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
- continue;
- else if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- else if (ret == 0)
- {
- count++;
- /* fprintf(stderr, "%s\n", gnutls_cipher_suite_info(si, NULL, NULL, NULL, NULL, NULL)); */
- }
+ /* this must be called once in the program
+ */
+ global_init();
- }
-
- ret = gnutls_priority_cipher_list (p, &t);
- if ((unsigned)ret != expected_ciphers)
- {
+ ret = gnutls_priority_init(&p, prio, &err);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s: %s\n", gnutls_strerror(ret),
+ err);
+ exit(1);
+ }
+
+ for (i = 0;; i++) {
+ ret = gnutls_priority_get_cipher_suite_index(p, i, &si);
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
+ continue;
+ else if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ else if (ret == 0) {
+ count++;
+ /* fprintf(stderr, "%s\n", gnutls_cipher_suite_info(si, NULL, NULL, NULL, NULL, NULL)); */
+ }
+
+ }
+
+ ret = gnutls_priority_cipher_list(p, &t);
+ if ((unsigned) ret != expected_ciphers) {
#if 0
-for (i=0;i<ret;i++)
- fprintf(stderr, "%s\n", gnutls_cipher_get_name(t[i]));
+ for (i = 0; i < ret; i++)
+ fprintf(stderr, "%s\n",
+ gnutls_cipher_get_name(t[i]));
#endif
- fail("expected %d ciphers, found %d\n", expected_ciphers, ret);
- exit(1);
- }
-
- gnutls_priority_deinit(p);
-
- /* fprintf(stderr, "count: %d\n", count); */
+ fail("expected %d ciphers, found %d\n", expected_ciphers,
+ ret);
+ exit(1);
+ }
+
+ gnutls_priority_deinit(p);
- if (debug)
- success ("finished: %s\n", prio);
-
- if (count != expected_cs)
- {
- fail("expected %d ciphersuites, found %d\n", expected_cs, count);
- exit(1);
- }
+ /* fprintf(stderr, "count: %d\n", count); */
+
+ if (debug)
+ success("finished: %s\n", prio);
+
+ if (count != expected_cs) {
+ fail("expected %d ciphersuites, found %d\n", expected_cs,
+ count);
+ exit(1);
+ }
}
-void
-doit (void)
+void doit(void)
{
-const int normal = 66;
-const int null = 5;
-const int sec128 = 56;
+ const int normal = 66;
+ const int null = 5;
+ const int sec128 = 56;
- try_prio("NORMAL", normal, 10);
- try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 10);
- try_prio("NORMAL:+CIPHER-ALL", normal, 10); /* all (except null) */
- try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
- try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal+null, 11); /* should be null + all */
- try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */
- try_prio("PERFORMANCE", normal, 10);
- try_prio("SECURE256", 20, 4);
- try_prio("SECURE128", sec128, 8);
- try_prio("SECURE128:+SECURE256", sec128, 8); /* should be the same as SECURE128 */
- try_prio("SECURE128:+SECURE256:+NORMAL", normal, 10); /* should be the same as NORMAL */
- try_prio("SUITEB192", 1, 1);
+ try_prio("NORMAL", normal, 10);
+ try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 10);
+ try_prio("NORMAL:+CIPHER-ALL", normal, 10); /* all (except null) */
+ try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
+ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 11); /* should be null + all */
+ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */
+ try_prio("PERFORMANCE", normal, 10);
+ try_prio("SECURE256", 20, 4);
+ try_prio("SECURE128", sec128, 8);
+ try_prio("SECURE128:+SECURE256", sec128, 8); /* should be the same as SECURE128 */
+ try_prio("SECURE128:+SECURE256:+NORMAL", normal, 10); /* should be the same as NORMAL */
+ try_prio("SUITEB192", 1, 1);
}
-
diff --git a/tests/pskself.c b/tests/pskself.c
index 3c924dddf2..8b3fe48ab8 100644
--- a/tests/pskself.c
+++ b/tests/pskself.c
@@ -33,10 +33,9 @@
#if defined(_WIN32)
/* socketpair isn't supported on Win32. */
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -55,103 +54,94 @@ main (int argc, char** argv)
/* A very basic TLS client, with PSK authentication.
*/
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
#define MAX_BUF 1024
#define MSG "Hello TLS"
-static void
-client (int sd)
+static void client(int sd)
{
- int ret, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_psk_client_credentials_t pskcred;
- /* Need to enable anonymous KX specifically. */
- const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
-
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- side = "client";
-
- gnutls_psk_allocate_client_credentials (&pskcred);
- gnutls_psk_set_client_credentials (pskcred, "test", &key,
- GNUTLS_PSK_KEY_HEX);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NORMAL:+PSK", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, pskcred);
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
-end:
-
- close (sd);
-
- gnutls_deinit (session);
-
- gnutls_psk_free_client_credentials (pskcred);
-
- gnutls_global_deinit ();
+ int ret, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_psk_client_credentials_t pskcred;
+ /* Need to enable anonymous KX specifically. */
+ const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
+
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ side = "client";
+
+ gnutls_psk_allocate_client_credentials(&pskcred);
+ gnutls_psk_set_client_credentials(pskcred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, "NORMAL:+PSK", NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred);
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ close(sd);
+
+ gnutls_deinit(session);
+
+ gnutls_psk_free_client_credentials(pskcred);
+
+ gnutls_global_deinit();
}
/* This is a sample TLS 1.0 echo server, for PSK authentication.
@@ -162,35 +152,35 @@ end:
/* These are global */
gnutls_psk_server_credentials_t server_pskcred;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NORMAL:+PSK", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, "NORMAL:+PSK", NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, server_pskcred);
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred);
- return session;
+ return session;
}
static int
-pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
+pskfunc(gnutls_session_t session, const char *username,
+ gnutls_datum_t * key)
{
- if (debug)
- printf ("psk: username %s\n", username);
- key->data = gnutls_malloc (4);
- key->data[0] = 0xDE;
- key->data[1] = 0xAD;
- key->data[2] = 0xBE;
- key->data[3] = 0xEF;
- key->size = 4;
- return 0;
+ if (debug)
+ printf("psk: username %s\n", username);
+ key->data = gnutls_malloc(4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
}
int err, ret;
@@ -199,107 +189,98 @@ gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
-static void
-server (int sd)
+static void server(int sd)
{
- /* this must be called once in the program
- */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- side = "server";
-
- gnutls_psk_allocate_server_credentials (&server_pskcred);
- gnutls_psk_set_server_credentials_function (server_pskcred, pskfunc);
-
- session = initialize_tls_session ();
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- return;
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- gnutls_psk_free_server_credentials (server_pskcred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ /* this must be called once in the program
+ */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ side = "server";
+
+ gnutls_psk_allocate_server_credentials(&server_pskcred);
+ gnutls_psk_set_server_credentials_function(server_pskcred,
+ pskfunc);
+
+ session = initialize_tls_session();
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ return;
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
+
+ gnutls_psk_free_server_credentials(server_pskcred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- pid_t child;
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (sockets[0]);
- wait (&status);
- }
- else
- client (sockets[1]);
+ pid_t child;
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(sockets[0]);
+ wait(&status);
+ } else
+ client(sockets[1]);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/record-sizes-range.c b/tests/record-sizes-range.c
index ae378307a1..2f60649542 100644
--- a/tests/record-sizes-range.c
+++ b/tests/record-sizes-range.c
@@ -33,12 +33,11 @@
#include "utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
/* This test attempts to transfer various sizes using AES-128-CBC.
@@ -49,121 +48,124 @@ tls_log_func (int level, const char *str)
static char b1[MAX_BUF + 1];
static char buffer[MAX_BUF + 1];
-static void try_send(gnutls_session_t client, gnutls_session_t server,
- void* b1, ssize_t b1_size, void* b2, ssize_t b2_size, gnutls_range_st* range)
+static void try_send(gnutls_session_t client, gnutls_session_t server,
+ void *b1, ssize_t b1_size, void *b2, ssize_t b2_size,
+ gnutls_range_st * range)
{
-int ret, recvd;
-
- /* Try sending various other sizes */
- ret = gnutls_record_send_range(client, b1, b1_size, range);
- if (ret < 0)
- {
- fprintf(stderr, "Error sending %d bytes: %s\n", (int)b1_size, gnutls_strerror(ret));
- exit(1);
- }
-
- if (ret != b1_size)
- {
- fprintf(stderr, "Couldn't send %d bytes\n", (int)b1_size);
- exit(1);
- }
-
- recvd = 0;
- do
- {
- ret = gnutls_record_recv(server, b2, b2_size);
- if (ret < 0)
- {
- fprintf(stderr, "Error receiving %d bytes: %s\n", (int)b2_size, gnutls_strerror(ret));
- exit(1);
- }
- recvd += ret;
- }
- while (recvd < b1_size);
-
- if (recvd != b1_size)
- {
- fprintf(stderr, "Couldn't receive %d bytes, received %d\n", (int)b1_size, recvd);
- exit(1);
- }
-
+ int ret, recvd;
+
+ /* Try sending various other sizes */
+ ret = gnutls_record_send_range(client, b1, b1_size, range);
+ if (ret < 0) {
+ fprintf(stderr, "Error sending %d bytes: %s\n",
+ (int) b1_size, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (ret != b1_size) {
+ fprintf(stderr, "Couldn't send %d bytes\n", (int) b1_size);
+ exit(1);
+ }
+
+ recvd = 0;
+ do {
+ ret = gnutls_record_recv(server, b2, b2_size);
+ if (ret < 0) {
+ fprintf(stderr, "Error receiving %d bytes: %s\n",
+ (int) b2_size, gnutls_strerror(ret));
+ exit(1);
+ }
+ recvd += ret;
+ }
+ while (recvd < b1_size);
+
+ if (recvd != b1_size) {
+ fprintf(stderr, "Couldn't receive %d bytes, received %d\n",
+ (int) b1_size, recvd);
+ exit(1);
+ }
+
}
-void
-doit (void)
+void doit(void)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (unsigned char *) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
- /* Need to enable anonymous KX specifically. */
- gnutls_range_st range;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_priority_set_direct (server, "NONE:+VERS-TLS-ALL:+AES-128-CBC:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH", NULL);
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_priority_set_direct (client, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH", NULL);
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- memset(b1, 0, sizeof(b1));
- HANDSHAKE(client, server);
-
- if (debug)
- success ("Handshake established\n");
-
- memset(b1, 1, MAX_BUF);
-
- range.low = 1024;
- range.high = MAX_SEND;
-
-
- try_send(client, server, b1, MAX_SEND, buffer, MAX_BUF, &range);
- try_send(client, server, b1, 1024, buffer, MAX_BUF, &range);
- try_send(client, server, b1, 4096, buffer, MAX_BUF, &range);
- /*try_send(client, server, b1, 128, buffer, MAX_BUF, &range)*/;
-
-
- if (debug)
- fputs ("\n", stdout);
-
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 =
+ { (unsigned char *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+ /* Need to enable anonymous KX specifically. */
+ gnutls_range_st range;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_priority_set_direct(server,
+ "NONE:+VERS-TLS-ALL:+AES-128-CBC:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH",
+ NULL);
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_priority_set_direct(client,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH",
+ NULL);
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ memset(b1, 0, sizeof(b1));
+ HANDSHAKE(client, server);
+
+ if (debug)
+ success("Handshake established\n");
+
+ memset(b1, 1, MAX_BUF);
+
+ range.low = 1024;
+ range.high = MAX_SEND;
+
+
+ try_send(client, server, b1, MAX_SEND, buffer, MAX_BUF, &range);
+ try_send(client, server, b1, 1024, buffer, MAX_BUF, &range);
+ try_send(client, server, b1, 4096, buffer, MAX_BUF, &range);
+ /*try_send(client, server, b1, 128, buffer, MAX_BUF, &range) */ ;
+
+
+ if (debug)
+ fputs("\n", stdout);
+
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
}
diff --git a/tests/record-sizes.c b/tests/record-sizes.c
index 7baf599830..11edde15e1 100644
--- a/tests/record-sizes.c
+++ b/tests/record-sizes.c
@@ -33,12 +33,11 @@
#include "utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
/* This test attempts to transfer various sizes using ARCFOUR-128.
@@ -48,111 +47,112 @@ tls_log_func (int level, const char *str)
static char b1[MAX_BUF + 1];
static char buffer[MAX_BUF + 1];
-void
-doit (void)
+void doit(void)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (unsigned char *) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN, i;
- /* Need to enable anonymous KX specifically. */
- ssize_t ns;
- int ret, transferred = 0;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_priority_set_direct (server, "NONE:+VERS-TLS-ALL:+ARCFOUR-128:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH", NULL);
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_priority_set_direct (client, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH", NULL);
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- memset(b1, 0, sizeof(b1));
- HANDSHAKE(client, server);
-
- if (debug)
- success ("Handshake established\n");
-
- memset(b1, 1, MAX_BUF);
-
- /* try the maximum allowed */
- ret = gnutls_record_send(client, b1, MAX_BUF);
- if (ret < 0)
- {
- fprintf(stderr, "Error sending %d bytes: %s\n", (int)MAX_BUF, gnutls_strerror(ret));
- exit(1);
- }
-
- if (ret != MAX_BUF)
- {
- fprintf(stderr, "Couldn't send %d bytes\n", (int)MAX_BUF);
- exit(1);
- }
-
- ret = gnutls_record_recv(server, buffer, MAX_BUF);
- if (ret < 0)
- {
- fprintf(stderr, "Error receiving %d bytes: %s\n", (int)MAX_BUF, gnutls_strerror(ret));
- exit(1);
- }
-
- if (ret != MAX_BUF)
- {
- fprintf(stderr, "Couldn't receive %d bytes, received %d\n", (int)MAX_BUF, ret);
- exit(1);
- }
-
- if (memcmp(b1, buffer, MAX_BUF) != 0)
- {
- fprintf(stderr, "Buffers do not match!\n");
- exit(1);
- }
-
- /* Try sending various other sizes */
- for (i=1;i<128;i++)
- {
- TRANSFER(client, server, b1, i, buffer, MAX_BUF);
- }
- if (debug)
- fputs ("\n", stdout);
-
-
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 =
+ { (unsigned char *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN, i;
+ /* Need to enable anonymous KX specifically. */
+ ssize_t ns;
+ int ret, transferred = 0;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_priority_set_direct(server,
+ "NONE:+VERS-TLS-ALL:+ARCFOUR-128:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH",
+ NULL);
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_priority_set_direct(client,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH",
+ NULL);
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ memset(b1, 0, sizeof(b1));
+ HANDSHAKE(client, server);
+
+ if (debug)
+ success("Handshake established\n");
+
+ memset(b1, 1, MAX_BUF);
+
+ /* try the maximum allowed */
+ ret = gnutls_record_send(client, b1, MAX_BUF);
+ if (ret < 0) {
+ fprintf(stderr, "Error sending %d bytes: %s\n",
+ (int) MAX_BUF, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (ret != MAX_BUF) {
+ fprintf(stderr, "Couldn't send %d bytes\n", (int) MAX_BUF);
+ exit(1);
+ }
+
+ ret = gnutls_record_recv(server, buffer, MAX_BUF);
+ if (ret < 0) {
+ fprintf(stderr, "Error receiving %d bytes: %s\n",
+ (int) MAX_BUF, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (ret != MAX_BUF) {
+ fprintf(stderr, "Couldn't receive %d bytes, received %d\n",
+ (int) MAX_BUF, ret);
+ exit(1);
+ }
+
+ if (memcmp(b1, buffer, MAX_BUF) != 0) {
+ fprintf(stderr, "Buffers do not match!\n");
+ exit(1);
+ }
+
+ /* Try sending various other sizes */
+ for (i = 1; i < 128; i++) {
+ TRANSFER(client, server, b1, i, buffer, MAX_BUF);
+ }
+ if (debug)
+ fputs("\n", stdout);
+
+
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
}
diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c
index fdb5545255..2e45522438 100644
--- a/tests/resume-dtls.c
+++ b/tests/resume-dtls.c
@@ -32,10 +32,9 @@
#if defined(_WIN32)
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -51,31 +50,31 @@ main (int argc, char** argv)
#include "utils.h"
-static void wrap_db_init (void);
-static void wrap_db_deinit (void);
-static int wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data);
-static gnutls_datum_t wrap_db_fetch (void *dbf, gnutls_datum_t key);
-static int wrap_db_delete (void *dbf, gnutls_datum_t key);
+static void wrap_db_init(void);
+static void wrap_db_deinit(void);
+static int wrap_db_store(void *dbf, gnutls_datum_t key,
+ gnutls_datum_t data);
+static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key);
+static int wrap_db_delete(void *dbf, gnutls_datum_t key);
#define TLS_SESSION_CACHE 50
-struct params_res
-{
- const char *desc;
- int enable_db;
- int enable_session_ticket_server;
- int enable_session_ticket_client;
- int expect_resume;
+struct params_res {
+ const char *desc;
+ int enable_db;
+ int enable_session_ticket_server;
+ int enable_session_ticket_client;
+ int expect_resume;
};
pid_t child;
struct params_res resume_tests[] = {
- {"try to resume from db", 50, 0, 0, 1},
- {"try to resume from session ticket", 0, 1, 1, 1},
- {"try to resume from session ticket (server only)", 0, 1, 0, 0},
- {"try to resume from session ticket (client only)", 0, 0, 1, 0},
- {NULL, -1}
+ {"try to resume from db", 50, 0, 0, 1},
+ {"try to resume from session ticket", 0, 1, 1, 1},
+ {"try to resume from session ticket (server only)", 0, 1, 0, 0},
+ {"try to resume from session ticket (client only)", 0, 0, 1, 0},
+ {NULL, -1}
};
/* A very basic TLS client, with anonymous authentication.
@@ -85,149 +84,135 @@ struct params_res resume_tests[] = {
#define MAX_BUF 5*1024
#define MSG "Hello TLS"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
+ fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level,
+ str);
}
-static void
-client (int sds[], struct params_res *params)
+static void client(int sds[], struct params_res *params)
{
- int ret, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- /* variables used in session resuming
- */
- int t;
- gnutls_datum_t session_data;
-
- if (debug)
- {
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (2);
- }
- global_init ();
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- for (t = 0; t < SESSIONS; t++)
- {
- int sd = sds[t];
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NO_EXTENSIONS);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- if (params->enable_session_ticket_client)
- gnutls_session_ticket_enable_client (session);
-
- if (t > 0)
- {
- /* if this is not the first time we connect */
- gnutls_session_set_data (session, session_data.data,
- session_data.size);
- gnutls_free (session_data.data);
- }
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (t == 0)
- { /* the first time we connect */
- /* get the session data size */
- ret = gnutls_session_get_data2 (session, &session_data);
- if (ret < 0)
- fail ("Getting resume data failed\n");
- }
- else
- { /* the second time we connect */
-
- /* check if we actually resumed the previous session */
- if (gnutls_session_is_resumed (session) != 0)
- {
- if (params->expect_resume)
- {
- if (debug)
- success ("- Previous session was resumed\n");
- }
- else
- fail ("- Previous session was resumed\n");
- }
- else
- {
- if (params->expect_resume)
- {
- fail ("*** Previous session was NOT resumed\n");
- }
- else
- {
- if (debug)
- success
- ("*** Previous session was NOT resumed (expected)\n");
- }
- }
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug )
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
- close (sd);
-
- gnutls_deinit (session);
- }
-
-end:
- gnutls_anon_free_client_credentials (anoncred);
+ int ret, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ /* variables used in session resuming
+ */
+ int t;
+ gnutls_datum_t session_data;
+
+ if (debug) {
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(2);
+ }
+ global_init();
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ for (t = 0; t < SESSIONS; t++) {
+ int sd = sds[t];
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session,
+ GNUTLS_CLIENT | GNUTLS_DATAGRAM |
+ GNUTLS_NO_EXTENSIONS);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ if (params->enable_session_ticket_client)
+ gnutls_session_ticket_enable_client(session);
+
+ if (t > 0) {
+ /* if this is not the first time we connect */
+ gnutls_session_set_data(session, session_data.data,
+ session_data.size);
+ gnutls_free(session_data.data);
+ }
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ if (debug)
+ success
+ ("client: Handshake was completed\n");
+ }
+
+ if (t == 0) { /* the first time we connect */
+ /* get the session data size */
+ ret =
+ gnutls_session_get_data2(session,
+ &session_data);
+ if (ret < 0)
+ fail("Getting resume data failed\n");
+ } else { /* the second time we connect */
+
+ /* check if we actually resumed the previous session */
+ if (gnutls_session_is_resumed(session) != 0) {
+ if (params->expect_resume) {
+ if (debug)
+ success
+ ("- Previous session was resumed\n");
+ } else
+ fail("- Previous session was resumed\n");
+ } else {
+ if (params->expect_resume) {
+ fail("*** Previous session was NOT resumed\n");
+ } else {
+ if (debug)
+ success
+ ("*** Previous session was NOT resumed (expected)\n");
+ }
+ }
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ close(sd);
+
+ gnutls_deinit(session);
+ }
+
+ end:
+ gnutls_anon_free_client_credentials(anoncred);
}
/* This is a sample TLS 1.0 echo server, for anonymous authentication only.
@@ -239,49 +224,50 @@ end:
gnutls_anon_server_credentials_t anoncred;
static gnutls_datum_t session_ticket_key = { NULL, 0 };
-static gnutls_session_t
-initialize_tls_session (struct params_res *params)
+static gnutls_session_t initialize_tls_session(struct params_res *params)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM);
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
- gnutls_dh_set_prime_bits (session, DH_BITS);
+ gnutls_dh_set_prime_bits(session, DH_BITS);
- if (params->enable_db)
- {
- gnutls_db_set_retrieve_function (session, wrap_db_fetch);
- gnutls_db_set_remove_function (session, wrap_db_delete);
- gnutls_db_set_store_function (session, wrap_db_store);
- gnutls_db_set_ptr (session, NULL);
- }
+ if (params->enable_db) {
+ gnutls_db_set_retrieve_function(session, wrap_db_fetch);
+ gnutls_db_set_remove_function(session, wrap_db_delete);
+ gnutls_db_set_store_function(session, wrap_db_store);
+ gnutls_db_set_ptr(session, NULL);
+ }
- if (params->enable_session_ticket_server)
- gnutls_session_ticket_enable_server (session, &session_ticket_key);
+ if (params->enable_session_ticket_server)
+ gnutls_session_ticket_enable_server(session,
+ &session_ticket_key);
- return session;
+ return session;
}
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ return gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
}
int err, ret;
@@ -290,171 +276,152 @@ gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
-static void
-global_stop (void)
+static void global_stop(void)
{
- if (debug)
- success ("global stop\n");
+ if (debug)
+ success("global stop\n");
- gnutls_anon_free_server_credentials (anoncred);
+ gnutls_anon_free_server_credentials(anoncred);
- gnutls_dh_params_deinit (dh_params);
+ gnutls_dh_params_deinit(dh_params);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
-static void
-server (int sds[], struct params_res *params)
+static void server(int sds[], struct params_res *params)
{
- size_t t;
-
- /* this must be called once in the program, it is mostly for the server.
- */
- if (debug)
- {
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (2);
- }
-
- global_init ();
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- if (debug)
- success ("Launched, generating DH parameters...\n");
-
- generate_dh_params ();
-
- gnutls_anon_set_server_dh_params (anoncred, dh_params);
-
- if (params->enable_db)
- {
- wrap_db_init ();
- }
-
- if (params->enable_session_ticket_server)
- gnutls_session_ticket_key_generate (&session_ticket_key);
-
- for (t = 0; t < SESSIONS; t++)
- {
- int sd = sds[t];
-
- session = initialize_tls_session (params);
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- return;
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
-
- gnutls_deinit (session);
- }
-
- if (params->enable_db)
- {
- wrap_db_deinit ();
- }
-
- gnutls_free (session_ticket_key.data);
- session_ticket_key.data = NULL;
-
- if (debug)
- success ("server: finished\n");
+ size_t t;
+
+ /* this must be called once in the program, it is mostly for the server.
+ */
+ if (debug) {
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(2);
+ }
+
+ global_init();
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ if (debug)
+ success("Launched, generating DH parameters...\n");
+
+ generate_dh_params();
+
+ gnutls_anon_set_server_dh_params(anoncred, dh_params);
+
+ if (params->enable_db) {
+ wrap_db_init();
+ }
+
+ if (params->enable_session_ticket_server)
+ gnutls_session_ticket_key_generate(&session_ticket_key);
+
+ for (t = 0; t < SESSIONS; t++) {
+ int sd = sds[t];
+
+ session = initialize_tls_session(params);
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ return;
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+
+ gnutls_deinit(session);
+ }
+
+ if (params->enable_db) {
+ wrap_db_deinit();
+ }
+
+ gnutls_free(session_ticket_key.data);
+ session_ticket_key.data = NULL;
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- int i;
-
- for (i = 0; resume_tests[i].desc; i++)
- {
- int client_sds[SESSIONS], server_sds[SESSIONS];
- int j;
-
- printf ("%s\n", resume_tests[i].desc);
-
- for (j = 0; j < SESSIONS; j++)
- {
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- server_sds[j] = sockets[0];
- client_sds[j] = sockets[1];
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (server_sds, &resume_tests[i]);
- wait (&status);
- if (WEXITSTATUS(status) > 0)
- error_count++;
- global_stop ();
- }
- else
- {
- client (client_sds, &resume_tests[i]);
- gnutls_global_deinit ();
- if (error_count)
- exit(1);
- exit (0);
- }
- }
+ int i;
+
+ for (i = 0; resume_tests[i].desc; i++) {
+ int client_sds[SESSIONS], server_sds[SESSIONS];
+ int j;
+
+ printf("%s\n", resume_tests[i].desc);
+
+ for (j = 0; j < SESSIONS; j++) {
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ server_sds[j] = sockets[0];
+ client_sds[j] = sockets[1];
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(server_sds, &resume_tests[i]);
+ wait(&status);
+ if (WEXITSTATUS(status) > 0)
+ error_count++;
+ global_stop();
+ } else {
+ client(client_sds, &resume_tests[i]);
+ gnutls_global_deinit();
+ if (error_count)
+ exit(1);
+ exit(0);
+ }
+ }
}
/* Functions and other stuff needed for session resuming.
@@ -465,167 +432,157 @@ doit (void)
#define MAX_SESSION_ID_SIZE 32
#define MAX_SESSION_DATA_SIZE 1024
-typedef struct
-{
- unsigned char session_id[MAX_SESSION_ID_SIZE];
- unsigned int session_id_size;
+typedef struct {
+ unsigned char session_id[MAX_SESSION_ID_SIZE];
+ unsigned int session_id_size;
- char session_data[MAX_SESSION_DATA_SIZE];
- int session_data_size;
+ char session_data[MAX_SESSION_DATA_SIZE];
+ int session_data_size;
} CACHE;
static CACHE *cache_db;
static int cache_db_ptr = 0;
-static void
-wrap_db_init (void)
+static void wrap_db_init(void)
{
- /* allocate cache_db */
- cache_db = calloc (1, TLS_SESSION_CACHE * sizeof (CACHE));
+ /* allocate cache_db */
+ cache_db = calloc(1, TLS_SESSION_CACHE * sizeof(CACHE));
}
-static void
-wrap_db_deinit (void)
+static void wrap_db_deinit(void)
{
- free (cache_db);
- cache_db = NULL;
- return;
+ free(cache_db);
+ cache_db = NULL;
+ return;
}
static int
-wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data)
+wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data)
{
- if (debug)
- success ("resume db storing... (%d-%d)\n", key.size, data.size);
-
- if (debug)
- {
- unsigned int i;
- printf ("key:\n");
- for (i = 0; i < key.size; i++)
- {
- printf ("%02x ", key.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
- printf ("\n");
- printf ("data:\n");
- for (i = 0; i < data.size; i++)
- {
- printf ("%02x ", data.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
- printf ("\n");
- }
-
- if (cache_db == NULL)
- return -1;
-
- if (key.size > MAX_SESSION_ID_SIZE)
- return -1;
-
- if (data.size > MAX_SESSION_DATA_SIZE)
- return -1;
-
- memcpy (cache_db[cache_db_ptr].session_id, key.data, key.size);
- cache_db[cache_db_ptr].session_id_size = key.size;
-
- memcpy (cache_db[cache_db_ptr].session_data, data.data, data.size);
- cache_db[cache_db_ptr].session_data_size = data.size;
-
- cache_db_ptr++;
- cache_db_ptr %= TLS_SESSION_CACHE;
-
- return 0;
+ if (debug)
+ success("resume db storing... (%d-%d)\n", key.size,
+ data.size);
+
+ if (debug) {
+ unsigned int i;
+ printf("key:\n");
+ for (i = 0; i < key.size; i++) {
+ printf("%02x ", key.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ printf("data:\n");
+ for (i = 0; i < data.size; i++) {
+ printf("%02x ", data.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ }
+
+ if (cache_db == NULL)
+ return -1;
+
+ if (key.size > MAX_SESSION_ID_SIZE)
+ return -1;
+
+ if (data.size > MAX_SESSION_DATA_SIZE)
+ return -1;
+
+ memcpy(cache_db[cache_db_ptr].session_id, key.data, key.size);
+ cache_db[cache_db_ptr].session_id_size = key.size;
+
+ memcpy(cache_db[cache_db_ptr].session_data, data.data, data.size);
+ cache_db[cache_db_ptr].session_data_size = data.size;
+
+ cache_db_ptr++;
+ cache_db_ptr %= TLS_SESSION_CACHE;
+
+ return 0;
}
-static gnutls_datum_t
-wrap_db_fetch (void *dbf, gnutls_datum_t key)
+static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key)
{
- gnutls_datum_t res = { NULL, 0 };
- int i;
-
- if (debug)
- success ("resume db fetch... (%d)\n", key.size);
- if (debug)
- {
- unsigned int i;
- printf ("key:\n");
- for (i = 0; i < key.size; i++)
- {
- printf ("%02x ", key.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
- printf ("\n");
- }
-
- if (cache_db == NULL)
- return res;
-
- for (i = 0; i < TLS_SESSION_CACHE; i++)
- {
- if (key.size == cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
- if (debug)
- success ("resume db fetch... return info\n");
-
- res.size = cache_db[i].session_data_size;
-
- res.data = gnutls_malloc (res.size);
- if (res.data == NULL)
- return res;
-
- memcpy (res.data, cache_db[i].session_data, res.size);
-
- if (debug)
- {
- unsigned int i;
- printf ("data:\n");
- for (i = 0; i < res.size; i++)
- {
- printf ("%02x ", res.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
- printf ("\n");
- }
-
- return res;
- }
- }
-
- if (debug)
- success ("resume db fetch... NOT FOUND\n");
- return res;
+ gnutls_datum_t res = { NULL, 0 };
+ int i;
+
+ if (debug)
+ success("resume db fetch... (%d)\n", key.size);
+ if (debug) {
+ unsigned int i;
+ printf("key:\n");
+ for (i = 0; i < key.size; i++) {
+ printf("%02x ", key.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ }
+
+ if (cache_db == NULL)
+ return res;
+
+ for (i = 0; i < TLS_SESSION_CACHE; i++) {
+ if (key.size == cache_db[i].session_id_size &&
+ memcmp(key.data, cache_db[i].session_id,
+ key.size) == 0) {
+ if (debug)
+ success
+ ("resume db fetch... return info\n");
+
+ res.size = cache_db[i].session_data_size;
+
+ res.data = gnutls_malloc(res.size);
+ if (res.data == NULL)
+ return res;
+
+ memcpy(res.data, cache_db[i].session_data,
+ res.size);
+
+ if (debug) {
+ unsigned int i;
+ printf("data:\n");
+ for (i = 0; i < res.size; i++) {
+ printf("%02x ",
+ res.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ }
+
+ return res;
+ }
+ }
+
+ if (debug)
+ success("resume db fetch... NOT FOUND\n");
+ return res;
}
-static int
-wrap_db_delete (void *dbf, gnutls_datum_t key)
+static int wrap_db_delete(void *dbf, gnutls_datum_t key)
{
- int i;
+ int i;
- if (cache_db == NULL)
- return -1;
+ if (cache_db == NULL)
+ return -1;
- for (i = 0; i < TLS_SESSION_CACHE; i++)
- {
- if (key.size == cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
+ for (i = 0; i < TLS_SESSION_CACHE; i++) {
+ if (key.size == cache_db[i].session_id_size &&
+ memcmp(key.data, cache_db[i].session_id,
+ key.size) == 0) {
- cache_db[i].session_id_size = 0;
- cache_db[i].session_data_size = 0;
+ cache_db[i].session_id_size = 0;
+ cache_db[i].session_data_size = 0;
- return 0;
- }
- }
+ return 0;
+ }
+ }
- return -1;
+ return -1;
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/resume.c b/tests/resume.c
index 262d888a9f..f23d08d513 100644
--- a/tests/resume.c
+++ b/tests/resume.c
@@ -33,10 +33,9 @@
#if defined(_WIN32)
/* socketpair isn't supported on Win32. */
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -52,32 +51,32 @@ main (int argc, char** argv)
#include "utils.h"
-static void wrap_db_init (void);
-static void wrap_db_deinit (void);
-static int wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data);
-static gnutls_datum_t wrap_db_fetch (void *dbf, gnutls_datum_t key);
-static int wrap_db_delete (void *dbf, gnutls_datum_t key);
+static void wrap_db_init(void);
+static void wrap_db_deinit(void);
+static int wrap_db_store(void *dbf, gnutls_datum_t key,
+ gnutls_datum_t data);
+static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key);
+static int wrap_db_delete(void *dbf, gnutls_datum_t key);
#define TLS_SESSION_CACHE 50
-struct params_res
-{
- const char *desc;
- int enable_db;
- int enable_session_ticket_server;
- int enable_session_ticket_client;
- int expect_resume;
+struct params_res {
+ const char *desc;
+ int enable_db;
+ int enable_session_ticket_server;
+ int enable_session_ticket_client;
+ int expect_resume;
};
pid_t child;
struct params_res resume_tests[] = {
- {"try to resume from db", 1, 0, 0, 1},
- {"try to resume from session ticket", 0, 1, 1, 1},
- {"try to resume from session ticket (server only)", 0, 1, 0, 0},
- {"try to resume from session ticket (client only)", 0, 0, 1, 0},
- {"try to resume from db and ticket", 1, 1, 1, 1},
- {NULL, -1}
+ {"try to resume from db", 1, 0, 0, 1},
+ {"try to resume from session ticket", 0, 1, 1, 1},
+ {"try to resume from session ticket (server only)", 0, 1, 0, 0},
+ {"try to resume from session ticket (client only)", 0, 0, 1, 0},
+ {"try to resume from db and ticket", 1, 1, 1, 1},
+ {NULL, -1}
};
/* A very basic TLS client, with anonymous authentication.
@@ -87,149 +86,134 @@ struct params_res resume_tests[] = {
#define MAX_BUF 5*1024
#define MSG "Hello TLS"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
+ fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level,
+ str);
}
-static void
-client (int sds[], struct params_res *params)
+static void client(int sds[], struct params_res *params)
{
- int ret, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- /* variables used in session resuming
- */
- int t;
- gnutls_datum_t session_data;
-
- if (debug)
- {
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (2);
- }
- global_init ();
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- for (t = 0; t < SESSIONS; t++)
- {
- int sd = sds[t];
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- if (params->enable_session_ticket_client)
- gnutls_session_ticket_enable_client (session);
-
- if (t > 0)
- {
- /* if this is not the first time we connect */
- gnutls_session_set_data (session, session_data.data,
- session_data.size);
- }
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (t == 0)
- { /* the first time we connect */
- /* get the session data size */
- ret = gnutls_session_get_data2 (session, &session_data);
- if (ret < 0)
- fail ("Getting resume data failed\n");
- }
- else
- { /* the second time we connect */
-
- /* check if we actually resumed the previous session */
- if (gnutls_session_is_resumed (session) != 0)
- {
- if (params->expect_resume)
- {
- if (debug)
- success ("- Previous session was resumed\n");
- }
- else
- fail ("- Previous session was resumed\n");
- }
- else
- {
- if (params->expect_resume)
- {
- fail ("*** Previous session was NOT resumed\n");
- }
- else
- {
- if (debug)
- success
- ("*** Previous session was NOT resumed (expected)\n");
- }
- }
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug )
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
- close (sd);
-
- gnutls_deinit (session);
- }
- gnutls_free (session_data.data);
-
-end:
- gnutls_anon_free_client_credentials (anoncred);
+ int ret, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ /* variables used in session resuming
+ */
+ int t;
+ gnutls_datum_t session_data;
+
+ if (debug) {
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(2);
+ }
+ global_init();
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ for (t = 0; t < SESSIONS; t++) {
+ int sd = sds[t];
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session,
+ GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ if (params->enable_session_ticket_client)
+ gnutls_session_ticket_enable_client(session);
+
+ if (t > 0) {
+ /* if this is not the first time we connect */
+ gnutls_session_set_data(session, session_data.data,
+ session_data.size);
+ }
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ if (debug)
+ success
+ ("client: Handshake was completed\n");
+ }
+
+ if (t == 0) { /* the first time we connect */
+ /* get the session data size */
+ ret =
+ gnutls_session_get_data2(session,
+ &session_data);
+ if (ret < 0)
+ fail("Getting resume data failed\n");
+ } else { /* the second time we connect */
+
+ /* check if we actually resumed the previous session */
+ if (gnutls_session_is_resumed(session) != 0) {
+ if (params->expect_resume) {
+ if (debug)
+ success
+ ("- Previous session was resumed\n");
+ } else
+ fail("- Previous session was resumed\n");
+ } else {
+ if (params->expect_resume) {
+ fail("*** Previous session was NOT resumed\n");
+ } else {
+ if (debug)
+ success
+ ("*** Previous session was NOT resumed (expected)\n");
+ }
+ }
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ close(sd);
+
+ gnutls_deinit(session);
+ }
+ gnutls_free(session_data.data);
+
+ end:
+ gnutls_anon_free_client_credentials(anoncred);
}
/* This is a sample TLS 1.0 echo server, for anonymous authentication only.
@@ -241,49 +225,50 @@ end:
gnutls_anon_server_credentials_t anoncred;
static gnutls_datum_t session_ticket_key = { NULL, 0 };
-static gnutls_session_t
-initialize_tls_session (struct params_res *params)
+static gnutls_session_t initialize_tls_session(struct params_res *params)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session,
+ "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+ NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
- gnutls_dh_set_prime_bits (session, DH_BITS);
+ gnutls_dh_set_prime_bits(session, DH_BITS);
- if (params->enable_db)
- {
- gnutls_db_set_retrieve_function (session, wrap_db_fetch);
- gnutls_db_set_remove_function (session, wrap_db_delete);
- gnutls_db_set_store_function (session, wrap_db_store);
- gnutls_db_set_ptr (session, NULL);
- }
+ if (params->enable_db) {
+ gnutls_db_set_retrieve_function(session, wrap_db_fetch);
+ gnutls_db_set_remove_function(session, wrap_db_delete);
+ gnutls_db_set_store_function(session, wrap_db_store);
+ gnutls_db_set_ptr(session, NULL);
+ }
- if (params->enable_session_ticket_server)
- gnutls_session_ticket_enable_server (session, &session_ticket_key);
+ if (params->enable_session_ticket_server)
+ gnutls_session_ticket_enable_server(session,
+ &session_ticket_key);
- return session;
+ return session;
}
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ return gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
}
int err, ret;
@@ -292,171 +277,152 @@ gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
-static void
-global_stop (void)
+static void global_stop(void)
{
- if (debug)
- success ("global stop\n");
+ if (debug)
+ success("global stop\n");
- gnutls_anon_free_server_credentials (anoncred);
+ gnutls_anon_free_server_credentials(anoncred);
- gnutls_dh_params_deinit (dh_params);
+ gnutls_dh_params_deinit(dh_params);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
-static void
-server (int sds[], struct params_res *params)
+static void server(int sds[], struct params_res *params)
{
- size_t t;
-
- /* this must be called once in the program, it is mostly for the server.
- */
- if (debug)
- {
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (2);
- }
-
- global_init ();
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- if (debug)
- success ("Launched, generating DH parameters...\n");
-
- generate_dh_params ();
-
- gnutls_anon_set_server_dh_params (anoncred, dh_params);
-
- if (params->enable_db)
- {
- wrap_db_init ();
- }
-
- if (params->enable_session_ticket_server)
- gnutls_session_ticket_key_generate (&session_ticket_key);
-
- for (t = 0; t < SESSIONS; t++)
- {
- int sd = sds[t];
-
- session = initialize_tls_session (params);
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- return;
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
-
- gnutls_deinit (session);
- }
-
- if (params->enable_db)
- {
- wrap_db_deinit ();
- }
-
- gnutls_free (session_ticket_key.data);
- session_ticket_key.data = NULL;
-
- if (debug)
- success ("server: finished\n");
+ size_t t;
+
+ /* this must be called once in the program, it is mostly for the server.
+ */
+ if (debug) {
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(2);
+ }
+
+ global_init();
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ if (debug)
+ success("Launched, generating DH parameters...\n");
+
+ generate_dh_params();
+
+ gnutls_anon_set_server_dh_params(anoncred, dh_params);
+
+ if (params->enable_db) {
+ wrap_db_init();
+ }
+
+ if (params->enable_session_ticket_server)
+ gnutls_session_ticket_key_generate(&session_ticket_key);
+
+ for (t = 0; t < SESSIONS; t++) {
+ int sd = sds[t];
+
+ session = initialize_tls_session(params);
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ return;
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+
+ gnutls_deinit(session);
+ }
+
+ if (params->enable_db) {
+ wrap_db_deinit();
+ }
+
+ gnutls_free(session_ticket_key.data);
+ session_ticket_key.data = NULL;
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- int i;
-
- for (i = 0; resume_tests[i].desc; i++)
- {
- int client_sds[SESSIONS], server_sds[SESSIONS];
- int j;
-
- printf ("%s\n", resume_tests[i].desc);
-
- for (j = 0; j < SESSIONS; j++)
- {
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- server_sds[j] = sockets[0];
- client_sds[j] = sockets[1];
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (server_sds, &resume_tests[i]);
- wait (&status);
- if (WEXITSTATUS(status) > 0)
- error_count++;
- global_stop ();
- }
- else
- {
- client (client_sds, &resume_tests[i]);
- gnutls_global_deinit ();
- if (error_count)
- exit(1);
- exit (0);
- }
- }
+ int i;
+
+ for (i = 0; resume_tests[i].desc; i++) {
+ int client_sds[SESSIONS], server_sds[SESSIONS];
+ int j;
+
+ printf("%s\n", resume_tests[i].desc);
+
+ for (j = 0; j < SESSIONS; j++) {
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ server_sds[j] = sockets[0];
+ client_sds[j] = sockets[1];
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(server_sds, &resume_tests[i]);
+ wait(&status);
+ if (WEXITSTATUS(status) > 0)
+ error_count++;
+ global_stop();
+ } else {
+ client(client_sds, &resume_tests[i]);
+ gnutls_global_deinit();
+ if (error_count)
+ exit(1);
+ exit(0);
+ }
+ }
}
/* Functions and other stuff needed for session resuming.
@@ -467,163 +433,151 @@ doit (void)
#define MAX_SESSION_ID_SIZE 32
#define MAX_SESSION_DATA_SIZE 1024
-typedef struct
-{
- unsigned char session_id[MAX_SESSION_ID_SIZE];
- unsigned int session_id_size;
+typedef struct {
+ unsigned char session_id[MAX_SESSION_ID_SIZE];
+ unsigned int session_id_size;
- char session_data[MAX_SESSION_DATA_SIZE];
- int session_data_size;
+ char session_data[MAX_SESSION_DATA_SIZE];
+ int session_data_size;
} CACHE;
static CACHE *cache_db;
static int cache_db_ptr = 0;
-static void
-wrap_db_init (void)
+static void wrap_db_init(void)
{
- /* allocate cache_db */
- cache_db = calloc (1, TLS_SESSION_CACHE * sizeof (CACHE));
+ /* allocate cache_db */
+ cache_db = calloc(1, TLS_SESSION_CACHE * sizeof(CACHE));
}
-static void
-wrap_db_deinit (void)
+static void wrap_db_deinit(void)
{
- free (cache_db);
- cache_db = NULL;
- return;
+ free(cache_db);
+ cache_db = NULL;
+ return;
}
static int
-wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data)
+wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data)
{
- if (debug)
- {
- unsigned int i;
- fprintf (stderr, "resume db storing (%d-%d): ", key.size, data.size);
- for (i = 0; i < key.size; i++)
- {
- fprintf (stderr, "%02x", key.data[i] & 0xFF);
- }
- fprintf (stderr, "\n");
- fprintf (stderr, "data: ");
- for (i = 0; i < data.size; i++)
- {
- fprintf (stderr, "%02x", data.data[i] & 0xFF);
- }
- fprintf (stderr, "\n");
- }
-
- if (cache_db == NULL)
- return -1;
-
- if (key.size > MAX_SESSION_ID_SIZE)
- {
- fail("Key size is too large\n");
- return -1;
- }
-
- if (data.size > MAX_SESSION_DATA_SIZE)
- {
- fail("Data size is too large\n");
- return -1;
- }
-
- memcpy (cache_db[cache_db_ptr].session_id, key.data, key.size);
- cache_db[cache_db_ptr].session_id_size = key.size;
-
- memcpy (cache_db[cache_db_ptr].session_data, data.data, data.size);
- cache_db[cache_db_ptr].session_data_size = data.size;
-
- cache_db_ptr++;
- cache_db_ptr %= TLS_SESSION_CACHE;
-
- return 0;
+ if (debug) {
+ unsigned int i;
+ fprintf(stderr, "resume db storing (%d-%d): ", key.size,
+ data.size);
+ for (i = 0; i < key.size; i++) {
+ fprintf(stderr, "%02x", key.data[i] & 0xFF);
+ }
+ fprintf(stderr, "\n");
+ fprintf(stderr, "data: ");
+ for (i = 0; i < data.size; i++) {
+ fprintf(stderr, "%02x", data.data[i] & 0xFF);
+ }
+ fprintf(stderr, "\n");
+ }
+
+ if (cache_db == NULL)
+ return -1;
+
+ if (key.size > MAX_SESSION_ID_SIZE) {
+ fail("Key size is too large\n");
+ return -1;
+ }
+
+ if (data.size > MAX_SESSION_DATA_SIZE) {
+ fail("Data size is too large\n");
+ return -1;
+ }
+
+ memcpy(cache_db[cache_db_ptr].session_id, key.data, key.size);
+ cache_db[cache_db_ptr].session_id_size = key.size;
+
+ memcpy(cache_db[cache_db_ptr].session_data, data.data, data.size);
+ cache_db[cache_db_ptr].session_data_size = data.size;
+
+ cache_db_ptr++;
+ cache_db_ptr %= TLS_SESSION_CACHE;
+
+ return 0;
}
-static gnutls_datum_t
-wrap_db_fetch (void *dbf, gnutls_datum_t key)
+static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key)
{
- gnutls_datum_t res = { NULL, 0 };
- int i;
-
- if (debug)
- {
- unsigned int i;
-
- fprintf (stderr, "resume db looking for (%d): ", key.size);
- for (i = 0; i < key.size; i++)
- {
- fprintf (stderr, "%02x", key.data[i] & 0xFF);
- }
- fprintf (stderr, "\n");
- }
-
- if (cache_db == NULL)
- return res;
-
- for (i = 0; i < TLS_SESSION_CACHE; i++)
- {
- if (key.size == cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
- if (debug)
- success ("resume db fetch... return info\n");
-
- res.size = cache_db[i].session_data_size;
-
- res.data = gnutls_malloc (res.size);
- if (res.data == NULL)
- return res;
-
- memcpy (res.data, cache_db[i].session_data, res.size);
-
- if (debug)
- {
- unsigned int i;
- printf ("data:\n");
- for (i = 0; i < res.size; i++)
- {
- printf ("%02x ", res.data[i] & 0xFF);
- if ((i + 1) % 16 == 0)
- printf ("\n");
- }
- printf ("\n");
- }
-
- return res;
- }
- }
-
- if (debug)
- success ("resume db fetch... NOT FOUND\n");
- return res;
+ gnutls_datum_t res = { NULL, 0 };
+ int i;
+
+ if (debug) {
+ unsigned int i;
+
+ fprintf(stderr, "resume db looking for (%d): ", key.size);
+ for (i = 0; i < key.size; i++) {
+ fprintf(stderr, "%02x", key.data[i] & 0xFF);
+ }
+ fprintf(stderr, "\n");
+ }
+
+ if (cache_db == NULL)
+ return res;
+
+ for (i = 0; i < TLS_SESSION_CACHE; i++) {
+ if (key.size == cache_db[i].session_id_size &&
+ memcmp(key.data, cache_db[i].session_id,
+ key.size) == 0) {
+ if (debug)
+ success
+ ("resume db fetch... return info\n");
+
+ res.size = cache_db[i].session_data_size;
+
+ res.data = gnutls_malloc(res.size);
+ if (res.data == NULL)
+ return res;
+
+ memcpy(res.data, cache_db[i].session_data,
+ res.size);
+
+ if (debug) {
+ unsigned int i;
+ printf("data:\n");
+ for (i = 0; i < res.size; i++) {
+ printf("%02x ",
+ res.data[i] & 0xFF);
+ if ((i + 1) % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+ }
+
+ return res;
+ }
+ }
+
+ if (debug)
+ success("resume db fetch... NOT FOUND\n");
+ return res;
}
-static int
-wrap_db_delete (void *dbf, gnutls_datum_t key)
+static int wrap_db_delete(void *dbf, gnutls_datum_t key)
{
- int i;
+ int i;
- if (cache_db == NULL)
- return -1;
+ if (cache_db == NULL)
+ return -1;
- for (i = 0; i < TLS_SESSION_CACHE; i++)
- {
- if (key.size == cache_db[i].session_id_size &&
- memcmp (key.data, cache_db[i].session_id, key.size) == 0)
- {
+ for (i = 0; i < TLS_SESSION_CACHE; i++) {
+ if (key.size == cache_db[i].session_id_size &&
+ memcmp(key.data, cache_db[i].session_id,
+ key.size) == 0) {
- cache_db[i].session_id_size = 0;
- cache_db[i].session_data_size = 0;
+ cache_db[i].session_id_size = 0;
+ cache_db[i].session_data_size = 0;
- return 0;
- }
- }
+ return 0;
+ }
+ }
- return -1;
+ return -1;
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/rng-fork.c b/tests/rng-fork.c
index 7ff14153da..d2692e2f59 100644
--- a/tests/rng-fork.c
+++ b/tests/rng-fork.c
@@ -36,77 +36,72 @@
#include <gnutls/crypto.h>
#if !defined(_WIN32)
-static void dump(const char* name, unsigned char* buf, int buf_size)
+static void dump(const char *name, unsigned char *buf, int buf_size)
{
-int i;
- printf("%s: ", name);
- for(i=0;i<buf_size;i++)
- printf("%.2x:", buf[i]);
- printf("\n");
+ int i;
+ printf("%s: ", name);
+ for (i = 0; i < buf_size; i++)
+ printf("%.2x:", buf[i]);
+ printf("\n");
}
-
+
#define FILENAME "./rng-test"
-
-void
-doit (void)
+
+void doit(void)
{
- unsigned char buf1[32];
- unsigned char buf2[32];
- pid_t pid;
- int ret;
- FILE* fp;
+ unsigned char buf1[32];
+ unsigned char buf2[32];
+ pid_t pid;
+ int ret;
+ FILE *fp;
+
+ global_init();
+ pid = fork();
+ if (pid == 0) {
+ fp = fopen(FILENAME, "w");
+ if (fp == NULL)
+ fail("cannot open file");
+
+ gnutls_rnd(GNUTLS_RND_NONCE, buf1, sizeof(buf1));
+ if (debug)
+ dump("buf1", buf1, sizeof(buf1));
+
+ fwrite(buf1, 1, sizeof(buf1), fp);
+ fclose(fp);
+ } else {
+ /* daddy */
+ gnutls_rnd(GNUTLS_RND_NONCE, buf2, sizeof(buf2));
+ if (debug)
+ dump("buf2", buf2, sizeof(buf2));
+ waitpid(pid, NULL, 0);
+
+ fp = fopen(FILENAME, "r");
+ if (fp == NULL)
+ fail("cannot open file");
+
+ ret = fread(buf1, 1, sizeof(buf1), fp);
+
+ fclose(fp);
+ remove(FILENAME);
- global_init ();
- pid = fork();
- if (pid == 0)
- {
- fp = fopen(FILENAME, "w");
- if (fp == NULL)
- fail("cannot open file");
-
- gnutls_rnd (GNUTLS_RND_NONCE, buf1, sizeof (buf1));
- if (debug) dump("buf1", buf1, sizeof(buf1));
-
- fwrite(buf1, 1, sizeof(buf1), fp);
- fclose(fp);
- }
- else
- {
- /* daddy */
- gnutls_rnd (GNUTLS_RND_NONCE, buf2, sizeof (buf2));
- if (debug) dump("buf2", buf2, sizeof(buf2));
- waitpid(pid, NULL, 0);
-
- fp = fopen(FILENAME, "r");
- if (fp == NULL)
- fail("cannot open file");
-
- ret = fread(buf1, 1, sizeof(buf1), fp);
-
- fclose(fp);
- remove(FILENAME);
-
- if (ret != sizeof(buf1))
- {
- fail("error testing the random generator.");
- return;
- }
+ if (ret != sizeof(buf1)) {
+ fail("error testing the random generator.");
+ return;
+ }
- if (memcmp(buf1, buf2, sizeof(buf1))==0)
- {
- fail("error in the random generator. Produces same valus after fork()");
- return;
- }
- if(debug)
- success("success\n");
- }
+ if (memcmp(buf1, buf2, sizeof(buf1)) == 0) {
+ fail("error in the random generator. Produces same valus after fork()");
+ return;
+ }
+ if (debug)
+ success("success\n");
+ }
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
#else
-void
-doit (void)
+void doit(void)
{
- exit (77);
+ exit(77);
}
#endif
diff --git a/tests/rsa-encrypt-decrypt.c b/tests/rsa-encrypt-decrypt.c
index fbfe54fb4f..d6add7ec66 100644
--- a/tests/rsa-encrypt-decrypt.c
+++ b/tests/rsa-encrypt-decrypt.c
@@ -42,153 +42,155 @@
/* sha1 hash of "hello" string */
const gnutls_datum_t hash_data = {
- (void *)
- "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe"
- "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d",
- 20
+ (void *)
+ "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe"
+ "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d",
+ 20
};
const gnutls_datum_t raw_data = {
- (void *) "hello there",
- 11
+ (void *) "hello there",
+ 11
};
static char pem1_cert[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
static char pem1_key[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
- "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
- "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
- "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
- "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
- "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
- "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
- "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
- "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
- "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
- "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
- "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
- "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
+ "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
+ "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
+ "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
+ "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
+ "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
+ "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
+ "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
+ "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
+ "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
+ "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
+ "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
+ "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t cert_dat[] = {
- {(void*)pem1_cert, sizeof (pem1_cert)}
+ {(void *) pem1_cert, sizeof(pem1_cert)}
};
const gnutls_datum_t key_dat[] = {
- {(void*)pem1_key, sizeof (pem1_key)}
+ {(void *) pem1_key, sizeof(pem1_key)}
};
-void
-doit (void)
+void doit(void)
{
- gnutls_x509_privkey_t key;
- gnutls_x509_crt_t crt;
- gnutls_pubkey_t pubkey;
- gnutls_privkey_t privkey;
- gnutls_datum_t out, out2;
- int ret;
- size_t i;
+ gnutls_x509_privkey_t key;
+ gnutls_x509_crt_t crt;
+ gnutls_pubkey_t pubkey;
+ gnutls_privkey_t privkey;
+ gnutls_datum_t out, out2;
+ int ret;
+ size_t i;
- global_init ();
+ global_init();
- for (i = 0; i < sizeof (key_dat) / sizeof (key_dat[0]); i++)
- {
- if (debug)
- success ("loop %d\n", (int) i);
+ for (i = 0; i < sizeof(key_dat) / sizeof(key_dat[0]); i++) {
+ if (debug)
+ success("loop %d\n", (int) i);
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- fail ("gnutls_x509_privkey_init\n");
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_init\n");
- ret =
- gnutls_x509_privkey_import (key, &key_dat[i], GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_privkey_import\n");
+ ret =
+ gnutls_x509_privkey_import(key, &key_dat[i],
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_import\n");
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- fail ("gnutls_privkey_init\n");
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0)
+ fail("gnutls_privkey_init\n");
- ret = gnutls_privkey_init (&privkey);
- if (ret < 0)
- fail ("gnutls_pubkey_init\n");
+ ret = gnutls_privkey_init(&privkey);
+ if (ret < 0)
+ fail("gnutls_pubkey_init\n");
- ret = gnutls_privkey_import_x509 (privkey, key, 0);
- if (ret < 0)
- fail ("gnutls_privkey_import_x509\n");
+ ret = gnutls_privkey_import_x509(privkey, key, 0);
+ if (ret < 0)
+ fail("gnutls_privkey_import_x509\n");
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- fail ("gnutls_x509_crt_init\n");
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ fail("gnutls_x509_crt_init\n");
- ret = gnutls_x509_crt_import (crt, &cert_dat[i], GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import\n");
+ ret =
+ gnutls_x509_crt_import(crt, &cert_dat[i],
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import\n");
- ret =
- gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- fail ("gnutls_x509_pubkey_import\n");
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0)
+ fail("gnutls_x509_pubkey_import\n");
- ret = gnutls_pubkey_encrypt_data(pubkey, 0, &hash_data, &out);
- if (ret < 0)
- fail ("gnutls_pubkey_encrypt_data\n");
+ ret =
+ gnutls_pubkey_encrypt_data(pubkey, 0, &hash_data,
+ &out);
+ if (ret < 0)
+ fail("gnutls_pubkey_encrypt_data\n");
- ret = gnutls_privkey_decrypt_data (privkey, 0,
- &out, &out2);
- if (ret < 0)
- fail ("gnutls_privkey_decrypt_data\n");
+ ret = gnutls_privkey_decrypt_data(privkey, 0, &out, &out2);
+ if (ret < 0)
+ fail("gnutls_privkey_decrypt_data\n");
- if (out2.size != hash_data.size)
- fail ("Decrypted data don't match original (1)\n");
+ if (out2.size != hash_data.size)
+ fail("Decrypted data don't match original (1)\n");
- if (memcmp(out2.data, hash_data.data, hash_data.size) != 0)
- fail ("Decrypted data don't match original (2)\n");
+ if (memcmp(out2.data, hash_data.data, hash_data.size) != 0)
+ fail("Decrypted data don't match original (2)\n");
- gnutls_free(out.data);
- gnutls_free(out2.data);
+ gnutls_free(out.data);
+ gnutls_free(out2.data);
- ret = gnutls_pubkey_encrypt_data(pubkey, 0, &raw_data, &out);
- if (ret < 0)
- fail ("gnutls_pubkey_encrypt_data\n");
+ ret =
+ gnutls_pubkey_encrypt_data(pubkey, 0, &raw_data, &out);
+ if (ret < 0)
+ fail("gnutls_pubkey_encrypt_data\n");
- ret = gnutls_privkey_decrypt_data (privkey, 0,
- &out, &out2);
- if (ret < 0)
- fail ("gnutls_privkey_decrypt_data\n");
+ ret = gnutls_privkey_decrypt_data(privkey, 0, &out, &out2);
+ if (ret < 0)
+ fail("gnutls_privkey_decrypt_data\n");
- if (out2.size != raw_data.size)
- fail ("Decrypted data don't match original (3)\n");
+ if (out2.size != raw_data.size)
+ fail("Decrypted data don't match original (3)\n");
- if (memcmp(out2.data, raw_data.data, raw_data.size) != 0)
- fail ("Decrypted data don't match original (4)\n");
+ if (memcmp(out2.data, raw_data.data, raw_data.size) != 0)
+ fail("Decrypted data don't match original (4)\n");
- if (debug) success("ok\n");
+ if (debug)
+ success("ok\n");
- gnutls_free(out.data);
- gnutls_free(out2.data);
- gnutls_x509_privkey_deinit (key);
- gnutls_x509_crt_deinit (crt);
- gnutls_privkey_deinit (privkey);
- gnutls_pubkey_deinit (pubkey);
- }
+ gnutls_free(out.data);
+ gnutls_free(out2.data);
+ gnutls_x509_privkey_deinit(key);
+ gnutls_x509_crt_deinit(crt);
+ gnutls_privkey_deinit(privkey);
+ gnutls_pubkey_deinit(pubkey);
+ }
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
diff --git a/tests/safe-renegotiation/srn0.c b/tests/safe-renegotiation/srn0.c
index 3ef03687e1..6eb10ad231 100644
--- a/tests/safe-renegotiation/srn0.c
+++ b/tests/safe-renegotiation/srn0.c
@@ -40,142 +40,140 @@
#include "../eagain-common.h"
#include "../utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug) gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- HANDSHAKE(client, server);
-
- if (!gnutls_safe_renegotiation_status (client) ||
- !gnutls_safe_renegotiation_status (server))
- {
- tls_log_func (0, "Session not using safe renegotiation!\n");
- exit(1);
- }
-
- sret = gnutls_rehandshake (server);
- if (debug)
- {
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- HANDSHAKE(client, server);
-
- if (!gnutls_safe_renegotiation_status (client) ||
- !gnutls_safe_renegotiation_status (server))
- {
- tls_log_func (0,
- "Rehandshaked session not using safe renegotiation!\n");
- exit(1);
- }
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- {
- puts ("Self-test successful");
- }
-
- return;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server, "NORMAL", NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL", NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ if (!gnutls_safe_renegotiation_status(client) ||
+ !gnutls_safe_renegotiation_status(server)) {
+ tls_log_func(0, "Session not using safe renegotiation!\n");
+ exit(1);
+ }
+
+ sret = gnutls_rehandshake(server);
+ if (debug) {
+ tls_log_func(0, "gnutls_rehandshake (server)...\n");
+ tls_log_func(0, gnutls_strerror(sret));
+ tls_log_func(0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv(client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort();
+ }
+
+ HANDSHAKE(client, server);
+
+ if (!gnutls_safe_renegotiation_status(client) ||
+ !gnutls_safe_renegotiation_status(server)) {
+ tls_log_func(0,
+ "Rehandshaked session not using safe renegotiation!\n");
+ exit(1);
+ }
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug) {
+ puts("Self-test successful");
+ }
+
+ return;
}
diff --git a/tests/safe-renegotiation/srn1.c b/tests/safe-renegotiation/srn1.c
index 6a1df1ac98..ef41c6f912 100644
--- a/tests/safe-renegotiation/srn1.c
+++ b/tests/safe-renegotiation/srn1.c
@@ -39,118 +39,121 @@
#include "../eagain-common.h"
#include "../utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug) gnutls_global_set_log_level (5);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
- NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- /* Check that initially no session use the extension. */
- if (gnutls_safe_renegotiation_status (server)
- || gnutls_safe_renegotiation_status (client))
- {
- puts ("Client or server using extension before handshake?");
- abort ();
- }
-
- HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_SAFE_RENEGOTIATION_FAILED);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- {
- puts ("Self-test successful");
- }
-
- return;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(5);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server, "NORMAL:%SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client,
+ "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status(server)
+ || gnutls_safe_renegotiation_status(client)) {
+ puts("Client or server using extension before handshake?");
+ abort();
+ }
+
+ HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN,
+ GNUTLS_E_SAFE_RENEGOTIATION_FAILED);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug) {
+ puts("Self-test successful");
+ }
+
+ return;
}
diff --git a/tests/safe-renegotiation/srn2.c b/tests/safe-renegotiation/srn2.c
index 789c29cc89..04649c531e 100644
--- a/tests/safe-renegotiation/srn2.c
+++ b/tests/safe-renegotiation/srn2.c
@@ -37,194 +37,189 @@
#include "../eagain-common.h"
#include "../utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug) gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- /* Check that initially no session use the extension. */
- if (gnutls_safe_renegotiation_status (server)
- || gnutls_safe_renegotiation_status (client))
- {
- puts ("Client or server using extension before handshake?");
- abort ();
- }
-
- HANDSHAKE(client, server);
-
- /* Check that both sessions use the extension. */
- if (!gnutls_safe_renegotiation_status (server)
- || !gnutls_safe_renegotiation_status (client))
- {
- puts ("Client or server not using safe renegotiation extension?");
- abort ();
- }
-
- sret = gnutls_rehandshake (server);
- if (debug)
- {
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- HANDSHAKE(client, server);
-
- /* Check that session still use the extension. */
- if (!gnutls_safe_renegotiation_status (server)
- || !gnutls_safe_renegotiation_status (client))
- {
- puts ("Client or server not using safe renegotiation extension?");
- abort ();
- }
-
- /* Check that this API does not affect anything after first
- handshake.
- gnutls_safe_negotiation_set_initial (server, 0); */
-
- sret = gnutls_rehandshake (server);
- if (debug)
- {
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- HANDSHAKE(client, server);
-
- /* Check that disabling the extension will break rehandshakes.
- gnutls_safe_renegotiation_set (client, 0); */
-
- sret = gnutls_rehandshake (server);
- if (debug)
- {
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- HANDSHAKE(client, server);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- {
- puts ("Self-test successful");
- }
-
- return;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server, "NORMAL", NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL", NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status(server)
+ || gnutls_safe_renegotiation_status(client)) {
+ puts("Client or server using extension before handshake?");
+ abort();
+ }
+
+ HANDSHAKE(client, server);
+
+ /* Check that both sessions use the extension. */
+ if (!gnutls_safe_renegotiation_status(server)
+ || !gnutls_safe_renegotiation_status(client)) {
+ puts("Client or server not using safe renegotiation extension?");
+ abort();
+ }
+
+ sret = gnutls_rehandshake(server);
+ if (debug) {
+ tls_log_func(0, "gnutls_rehandshake (server)...\n");
+ tls_log_func(0, gnutls_strerror(sret));
+ tls_log_func(0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv(client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort();
+ }
+
+ HANDSHAKE(client, server);
+
+ /* Check that session still use the extension. */
+ if (!gnutls_safe_renegotiation_status(server)
+ || !gnutls_safe_renegotiation_status(client)) {
+ puts("Client or server not using safe renegotiation extension?");
+ abort();
+ }
+
+ /* Check that this API does not affect anything after first
+ handshake.
+ gnutls_safe_negotiation_set_initial (server, 0); */
+
+ sret = gnutls_rehandshake(server);
+ if (debug) {
+ tls_log_func(0, "gnutls_rehandshake (server)...\n");
+ tls_log_func(0, gnutls_strerror(sret));
+ tls_log_func(0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv(client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort();
+ }
+
+ HANDSHAKE(client, server);
+
+ /* Check that disabling the extension will break rehandshakes.
+ gnutls_safe_renegotiation_set (client, 0); */
+
+ sret = gnutls_rehandshake(server);
+ if (debug) {
+ tls_log_func(0, "gnutls_rehandshake (server)...\n");
+ tls_log_func(0, gnutls_strerror(sret));
+ tls_log_func(0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv(client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort();
+ }
+
+ HANDSHAKE(client, server);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug) {
+ puts("Self-test successful");
+ }
+
+ return;
}
diff --git a/tests/safe-renegotiation/srn3.c b/tests/safe-renegotiation/srn3.c
index ecade2afad..cd83f24938 100644
--- a/tests/safe-renegotiation/srn3.c
+++ b/tests/safe-renegotiation/srn3.c
@@ -39,118 +39,122 @@
#include "../eagain-common.h"
#include "../utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug) gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
- NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL:%SAFE_RENEGOTIATION", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- /* Check that initially no session use the extension. */
- if (gnutls_safe_renegotiation_status (server)
- || gnutls_safe_renegotiation_status (client))
- {
- puts ("Client or server using extension before handshake?");
- abort ();
- }
-
- HANDSHAKE_EXPECT(client, server, GNUTLS_E_SAFE_RENEGOTIATION_FAILED, GNUTLS_E_AGAIN);
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- {
- puts ("Self-test successful");
- }
-
- return;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server,
+ "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL:%SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status(server)
+ || gnutls_safe_renegotiation_status(client)) {
+ puts("Client or server using extension before handshake?");
+ abort();
+ }
+
+ HANDSHAKE_EXPECT(client, server,
+ GNUTLS_E_SAFE_RENEGOTIATION_FAILED,
+ GNUTLS_E_AGAIN);
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug) {
+ puts("Self-test successful");
+ }
+
+ return;
}
diff --git a/tests/safe-renegotiation/srn4.c b/tests/safe-renegotiation/srn4.c
index 45552612da..cef03ef2c0 100644
--- a/tests/safe-renegotiation/srn4.c
+++ b/tests/safe-renegotiation/srn4.c
@@ -39,143 +39,144 @@
#include "../eagain-common.h"
#include "../utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug) gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL", NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
- NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- HANDSHAKE(client, server);
-
- if (gnutls_safe_renegotiation_status (client) ||
- gnutls_safe_renegotiation_status (server))
- {
- tls_log_func (0, "Session using safe renegotiation but shouldn't!\n");
- exit(1);
- }
-
- sret = gnutls_rehandshake (server);
- if (debug)
- {
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED);
-
- if (gnutls_safe_renegotiation_status (client) ||
- gnutls_safe_renegotiation_status (server))
- {
- tls_log_func (0,
- "Rehandshaked session not using safe renegotiation!\n");
- exit(1);
- }
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- {
- puts ("Self-test successful");
- }
-
- return;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server, "NORMAL", NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client,
+ "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ if (gnutls_safe_renegotiation_status(client) ||
+ gnutls_safe_renegotiation_status(server)) {
+ tls_log_func(0,
+ "Session using safe renegotiation but shouldn't!\n");
+ exit(1);
+ }
+
+ sret = gnutls_rehandshake(server);
+ if (debug) {
+ tls_log_func(0, "gnutls_rehandshake (server)...\n");
+ tls_log_func(0, gnutls_strerror(sret));
+ tls_log_func(0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv(client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort();
+ }
+
+ HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN,
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED);
+
+ if (gnutls_safe_renegotiation_status(client) ||
+ gnutls_safe_renegotiation_status(server)) {
+ tls_log_func(0,
+ "Rehandshaked session not using safe renegotiation!\n");
+ exit(1);
+ }
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug) {
+ puts("Self-test successful");
+ }
+
+ return;
}
diff --git a/tests/safe-renegotiation/srn5.c b/tests/safe-renegotiation/srn5.c
index 8b7926347f..f1cd742069 100644
--- a/tests/safe-renegotiation/srn5.c
+++ b/tests/safe-renegotiation/srn5.c
@@ -40,148 +40,150 @@
#include "../eagain-common.h"
#include "../utils.h"
-const char* side = "";
+const char *side = "";
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s|<%d>| %s", side, level, str);
+ fprintf(stderr, "%s|<%d>| %s", side, level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
void doit(void)
{
- /* Server stuff. */
- gnutls_certificate_credentials_t serverx509cred;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_certificate_credentials_t clientx509cred;
- gnutls_session_t client;
- int cret = GNUTLS_E_AGAIN;
-
- /* General init. */
- global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug) gnutls_global_set_log_level (2);
-
- /* Init server */
- gnutls_certificate_allocate_credentials (&serverx509cred);
- gnutls_certificate_set_x509_key_mem (serverx509cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
- NULL);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, server);
-
- /* Init client */
- gnutls_certificate_allocate_credentials (&clientx509cred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
- gnutls_priority_set_direct (client, "NORMAL", NULL);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, client);
-
- HANDSHAKE(client, server);
-
- if (gnutls_safe_renegotiation_status (client))
- {
- tls_log_func (0, "Client thinks it is using safe renegotiation!\n");
- exit(1);
- }
-
- if (gnutls_safe_renegotiation_status (server))
- {
- tls_log_func (0, "Server thinks it is using safe renegotiation!\n");
- exit(1);
- }
-
- sret = gnutls_rehandshake (server);
- if (debug)
- {
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- HANDSHAKE_EXPECT(client, server, GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, GNUTLS_E_AGAIN);
-
- if (gnutls_safe_renegotiation_status (client) ||
- gnutls_safe_renegotiation_status (server))
- {
- tls_log_func (0,
- "Rehandshaked session not using safe renegotiation!\n");
- exit(1);
- }
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- gnutls_certificate_free_credentials (serverx509cred);
- gnutls_certificate_free_credentials (clientx509cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- {
- puts ("Self-test successful");
- }
-
- return;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ global_init();
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(2);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials(&serverx509cred);
+ gnutls_certificate_set_x509_key_mem(serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init(&server, GNUTLS_SERVER);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+ serverx509cred);
+ gnutls_priority_set_direct(server,
+ "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, server);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials(&clientx509cred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ clientx509cred);
+ gnutls_priority_set_direct(client, "NORMAL", NULL);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, client);
+
+ HANDSHAKE(client, server);
+
+ if (gnutls_safe_renegotiation_status(client)) {
+ tls_log_func(0,
+ "Client thinks it is using safe renegotiation!\n");
+ exit(1);
+ }
+
+ if (gnutls_safe_renegotiation_status(server)) {
+ tls_log_func(0,
+ "Server thinks it is using safe renegotiation!\n");
+ exit(1);
+ }
+
+ sret = gnutls_rehandshake(server);
+ if (debug) {
+ tls_log_func(0, "gnutls_rehandshake (server)...\n");
+ tls_log_func(0, gnutls_strerror(sret));
+ tls_log_func(0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv(client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort();
+ }
+
+ HANDSHAKE_EXPECT(client, server,
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED,
+ GNUTLS_E_AGAIN);
+
+ if (gnutls_safe_renegotiation_status(client) ||
+ gnutls_safe_renegotiation_status(server)) {
+ tls_log_func(0,
+ "Rehandshaked session not using safe renegotiation!\n");
+ exit(1);
+ }
+
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
+ gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit(client);
+ gnutls_deinit(server);
+
+ gnutls_certificate_free_credentials(serverx509cred);
+ gnutls_certificate_free_credentials(clientx509cred);
+
+ gnutls_global_deinit();
+
+ if (debug) {
+ puts("Self-test successful");
+ }
+
+ return;
}
diff --git a/tests/set_pkcs12_cred.c b/tests/set_pkcs12_cred.c
index 3aad07d122..5038a8ef47 100644
--- a/tests/set_pkcs12_cred.c
+++ b/tests/set_pkcs12_cred.c
@@ -29,83 +29,87 @@
#include "utils.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "<%d>| %s", level, str);
+ fprintf(stderr, "<%d>| %s", level, str);
}
-void
-doit (void)
+void doit(void)
{
- gnutls_certificate_credentials_t x509cred;
- const char *file, *password;
- int ret;
-
- ret = global_init ();
- if (ret < 0)
- fail ("global_init failed %d\n", ret);
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- ret = gnutls_certificate_allocate_credentials (&x509cred);
- if (ret < 0)
- fail ("gnutls_certificate_allocate_credentials failed %d\n", ret);
-
- file = getenv ("PKCS12FILE");
- password = getenv ("PKCS12PASSWORD");
-
- if (!file)
- file = "pkcs12-decode/client.p12";
- if (!password)
- password = "foobar";
-
- if (debug)
- success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
- file, password);
- ret = gnutls_certificate_set_x509_simple_pkcs12_file (x509cred,
- file,
- GNUTLS_X509_FMT_DER,
- password);
- if (ret < 0)
- fail ("x509_pkcs12 failed %d: %s\n", ret, gnutls_strerror (ret));
-
- if (debug)
- success ("Read file OK\n");
-
- gnutls_certificate_free_credentials (x509cred);
-
- /* try now if we can read correctly from a pkcs12 file that
- * contains two certificates (one unrelated with key)
- */
- ret = gnutls_certificate_allocate_credentials (&x509cred);
- if (ret < 0)
- fail ("gnutls_certificate_allocate_credentials failed %d\n", ret);
-
- file = getenv ("PKCS12FILE_2");
- password = getenv ("PKCS12PASSWORD_2");
-
- if (!file)
- file = "pkcs12-decode/pkcs12_2certs.p12";
- if (!password)
- password = "";
-
- if (debug)
- success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
- file, password);
- ret = gnutls_certificate_set_x509_simple_pkcs12_file (x509cred,
- file,
- GNUTLS_X509_FMT_DER,
- password);
- if (ret < 0)
- fail ("x509_pkcs12 failed %d: %s\n", ret, gnutls_strerror (ret));
-
- if (debug)
- success ("Read file OK\n");
-
- gnutls_certificate_free_credentials (x509cred);
-
- gnutls_global_deinit ();
+ gnutls_certificate_credentials_t x509cred;
+ const char *file, *password;
+ int ret;
+
+ ret = global_init();
+ if (ret < 0)
+ fail("global_init failed %d\n", ret);
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ ret = gnutls_certificate_allocate_credentials(&x509cred);
+ if (ret < 0)
+ fail("gnutls_certificate_allocate_credentials failed %d\n",
+ ret);
+
+ file = getenv("PKCS12FILE");
+ password = getenv("PKCS12PASSWORD");
+
+ if (!file)
+ file = "pkcs12-decode/client.p12";
+ if (!password)
+ password = "foobar";
+
+ if (debug)
+ success
+ ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
+ file, password);
+ ret =
+ gnutls_certificate_set_x509_simple_pkcs12_file(x509cred, file,
+ GNUTLS_X509_FMT_DER,
+ password);
+ if (ret < 0)
+ fail("x509_pkcs12 failed %d: %s\n", ret,
+ gnutls_strerror(ret));
+
+ if (debug)
+ success("Read file OK\n");
+
+ gnutls_certificate_free_credentials(x509cred);
+
+ /* try now if we can read correctly from a pkcs12 file that
+ * contains two certificates (one unrelated with key)
+ */
+ ret = gnutls_certificate_allocate_credentials(&x509cred);
+ if (ret < 0)
+ fail("gnutls_certificate_allocate_credentials failed %d\n",
+ ret);
+
+ file = getenv("PKCS12FILE_2");
+ password = getenv("PKCS12PASSWORD_2");
+
+ if (!file)
+ file = "pkcs12-decode/pkcs12_2certs.p12";
+ if (!password)
+ password = "";
+
+ if (debug)
+ success
+ ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
+ file, password);
+ ret =
+ gnutls_certificate_set_x509_simple_pkcs12_file(x509cred, file,
+ GNUTLS_X509_FMT_DER,
+ password);
+ if (ret < 0)
+ fail("x509_pkcs12 failed %d: %s\n", ret,
+ gnutls_strerror(ret));
+
+ if (debug)
+ success("Read file OK\n");
+
+ gnutls_certificate_free_credentials(x509cred);
+
+ gnutls_global_deinit();
}
diff --git a/tests/setcredcrash.c b/tests/setcredcrash.c
index 85bccd66d6..eade66785e 100644
--- a/tests/setcredcrash.c
+++ b/tests/setcredcrash.c
@@ -30,27 +30,26 @@
#include <utils.h>
#include <gnutls/gnutls.h>
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
- global_init ();
+ global_init();
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_set_default_priority (client);
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+ gnutls_set_default_priority(client);
- /* Test setting the same credential type twice. Earlier GnuTLS had
- a bug that crashed when this happened. */
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
+ /* Test setting the same credential type twice. Earlier GnuTLS had
+ a bug that crashed when this happened. */
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_deinit (client);
- gnutls_anon_free_client_credentials (c_anoncred);
+ gnutls_deinit(client);
+ gnutls_anon_free_client_credentials(c_anoncred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/tests/simple.c b/tests/simple.c
index 8a9481376a..f249bfae41 100644
--- a/tests/simple.c
+++ b/tests/simple.c
@@ -28,72 +28,78 @@
#include "utils.h"
-void
-doit (void)
+void doit(void)
{
- if (debug)
- {
- printf ("GnuTLS header version %s.\n", GNUTLS_VERSION);
- printf ("GnuTLS library version %s.\n", gnutls_check_version (NULL));
- }
+ if (debug) {
+ printf("GnuTLS header version %s.\n", GNUTLS_VERSION);
+ printf("GnuTLS library version %s.\n",
+ gnutls_check_version(NULL));
+ }
- if (!gnutls_check_version (GNUTLS_VERSION))
- fail ("gnutls_check_version ERROR\n");
+ if (!gnutls_check_version(GNUTLS_VERSION))
+ fail("gnutls_check_version ERROR\n");
- {
- const gnutls_pk_algorithm_t *algs;
- size_t i;
- int pk;
+ {
+ const gnutls_pk_algorithm_t *algs;
+ size_t i;
+ int pk;
- algs = gnutls_pk_list ();
- if (!algs)
- fail ("gnutls_pk_list return NULL\n");
+ algs = gnutls_pk_list();
+ if (!algs)
+ fail("gnutls_pk_list return NULL\n");
- for (i = 0; algs[i]; i++)
- {
- if (debug)
- printf ("pk_list[%d] = %d = %s = %d\n", (int) i, algs[i],
- gnutls_pk_algorithm_get_name (algs[i]),
- gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i])));
- if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i]))
- != algs[i])
- fail ("gnutls_pk id's doesn't match\n");
- }
+ for (i = 0; algs[i]; i++) {
+ if (debug)
+ printf("pk_list[%d] = %d = %s = %d\n",
+ (int) i, algs[i],
+ gnutls_pk_algorithm_get_name(algs
+ [i]),
+ gnutls_pk_get_id
+ (gnutls_pk_algorithm_get_name
+ (algs[i])));
+ if (gnutls_pk_get_id
+ (gnutls_pk_algorithm_get_name(algs[i]))
+ != algs[i])
+ fail("gnutls_pk id's doesn't match\n");
+ }
- pk = gnutls_pk_get_id ("foo");
- if (pk != GNUTLS_PK_UNKNOWN)
- fail ("gnutls_pk unknown test failed (%d)\n", pk);
+ pk = gnutls_pk_get_id("foo");
+ if (pk != GNUTLS_PK_UNKNOWN)
+ fail("gnutls_pk unknown test failed (%d)\n", pk);
- if (debug)
- success ("gnutls_pk_list ok\n");
- }
+ if (debug)
+ success("gnutls_pk_list ok\n");
+ }
- {
- const gnutls_sign_algorithm_t *algs;
- size_t i;
- int pk;
+ {
+ const gnutls_sign_algorithm_t *algs;
+ size_t i;
+ int pk;
- algs = gnutls_sign_list ();
- if (!algs)
- fail ("gnutls_sign_list return NULL\n");
+ algs = gnutls_sign_list();
+ if (!algs)
+ fail("gnutls_sign_list return NULL\n");
- for (i = 0; algs[i]; i++)
- {
- if (debug)
- printf ("sign_list[%d] = %d = %s = %d\n", (int) i, algs[i],
- gnutls_sign_algorithm_get_name (algs[i]),
- gnutls_sign_get_id (gnutls_sign_algorithm_get_name
- (algs[i])));
- if (gnutls_sign_get_id (gnutls_sign_algorithm_get_name (algs[i])) !=
- algs[i])
- fail ("gnutls_sign id's doesn't match\n");
- }
+ for (i = 0; algs[i]; i++) {
+ if (debug)
+ printf("sign_list[%d] = %d = %s = %d\n",
+ (int) i, algs[i],
+ gnutls_sign_algorithm_get_name(algs
+ [i]),
+ gnutls_sign_get_id
+ (gnutls_sign_algorithm_get_name
+ (algs[i])));
+ if (gnutls_sign_get_id
+ (gnutls_sign_algorithm_get_name(algs[i])) !=
+ algs[i])
+ fail("gnutls_sign id's doesn't match\n");
+ }
- pk = gnutls_sign_get_id ("foo");
- if (pk != GNUTLS_PK_UNKNOWN)
- fail ("gnutls_sign unknown test failed (%d)\n", pk);
+ pk = gnutls_sign_get_id("foo");
+ if (pk != GNUTLS_PK_UNKNOWN)
+ fail("gnutls_sign unknown test failed (%d)\n", pk);
- if (debug)
- success ("gnutls_sign_list ok\n");
- }
+ if (debug)
+ success("gnutls_sign_list ok\n");
+ }
}
diff --git a/tests/slow/cipher-test.c b/tests/slow/cipher-test.c
index 90c4300a42..bbac05921e 100644
--- a/tests/slow/cipher-test.c
+++ b/tests/slow/cipher-test.c
@@ -11,634 +11,609 @@
* cpu instructions (AES-NI or padlock).
*/
-struct aes_vectors_st
-{
- const uint8_t *key;
- const uint8_t *plaintext;
- const uint8_t *ciphertext;
+struct aes_vectors_st {
+ const uint8_t *key;
+ const uint8_t *plaintext;
+ const uint8_t *ciphertext;
};
-struct aes_gcm_vectors_st
-{
- const uint8_t *key;
- const uint8_t *auth;
- unsigned int auth_size;
- const uint8_t *plaintext;
- unsigned int plaintext_size;
- const uint8_t *iv;
- const uint8_t *ciphertext;
- const uint8_t *tag;
+struct aes_gcm_vectors_st {
+ const uint8_t *key;
+ const uint8_t *auth;
+ unsigned int auth_size;
+ const uint8_t *plaintext;
+ unsigned int plaintext_size;
+ const uint8_t *iv;
+ const uint8_t *ciphertext;
+ const uint8_t *tag;
};
struct aes_gcm_vectors_st aes_gcm_vectors[] = {
#if 0
- {
- .key = (void*)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .auth = NULL,
- .auth_size = 0,
- .plaintext = NULL,
- .plaintext_size = 0,
- .ciphertext = NULL,
- .iv = (void*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .tag = (void*)
- "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a"},
+ {
+ .key = (void *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .auth = NULL,
+ .auth_size = 0,
+ .plaintext = NULL,
+ .plaintext_size = 0,
+ .ciphertext = NULL,
+ .iv = (void *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .tag = (void *)
+ "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a"},
#endif
- {
- .key = (void*)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .auth = NULL,
- .auth_size = 0,
- .plaintext = (void*)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .plaintext_size = 16,
- .ciphertext = (void*)
- "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78",
- .iv = (void*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .tag = (void*)
- "\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf"},
- {
- .key = (void*)
- "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08",
- .auth = (void*)
- "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef\xab\xad\xda\xd2",
- .auth_size = 20,
- .plaintext = (void*)
- "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
- .plaintext_size = 60,
- .ciphertext = (void*)
- "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91",
- .iv = (void*)"\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88",
- .tag = (void*)
- "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"}
+ {
+ .key = (void *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .auth = NULL,
+ .auth_size = 0,
+ .plaintext = (void *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plaintext_size = 16,
+ .ciphertext = (void *)
+ "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78",
+ .iv = (void *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .tag = (void *)
+ "\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf"},
+ {
+ .key = (void *)
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08",
+ .auth = (void *)
+ "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef\xab\xad\xda\xd2",
+ .auth_size = 20,
+ .plaintext = (void *)
+ "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
+ .plaintext_size = 60,
+ .ciphertext = (void *)
+ "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91",
+ .iv = (void *) "\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .tag = (void *)
+ "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"}
};
struct aes_vectors_st aes_vectors[] = {
- {
- .key =
- (uint8_t *)
- "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .plaintext = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .ciphertext = (uint8_t *)
- "\x4b\xc3\xf8\x83\x45\x0c\x11\x3c\x64\xca\x42\xe1\x11\x2a\x9e\x87",
- },
- {
- .key = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .plaintext = (uint8_t *)
- "\xf3\x44\x81\xec\x3c\xc6\x27\xba\xcd\x5d\xc3\xfb\x08\xf2\x73\xe6",
- .ciphertext = (uint8_t *)
- "\x03\x36\x76\x3e\x96\x6d\x92\x59\x5a\x56\x7c\xc9\xce\x53\x7f\x5e",
- },
- {
- .key = (uint8_t *)
- "\x10\xa5\x88\x69\xd7\x4b\xe5\xa3\x74\xcf\x86\x7c\xfb\x47\x38\x59",
- .plaintext = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .ciphertext = (uint8_t *)
- "\x6d\x25\x1e\x69\x44\xb0\x51\xe0\x4e\xaa\x6f\xb4\xdb\xf7\x84\x65",
- },
- {
- .key = (uint8_t *)
- "\xca\xea\x65\xcd\xbb\x75\xe9\x16\x9e\xcd\x22\xeb\xe6\xe5\x46\x75",
- .plaintext = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .ciphertext = (uint8_t *)
- "\x6e\x29\x20\x11\x90\x15\x2d\xf4\xee\x05\x81\x39\xde\xf6\x10\xbb",
- },
- {
- .key = (uint8_t *)
- "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
- .plaintext = (uint8_t *)
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- .ciphertext = (uint8_t *)
- "\x9b\xa4\xa9\x14\x3f\x4e\x5d\x40\x48\x52\x1c\x4f\x88\x77\xd8\x8e",
- },
+ {
+ .key = (uint8_t *)
+ "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plaintext = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ciphertext = (uint8_t *)
+ "\x4b\xc3\xf8\x83\x45\x0c\x11\x3c\x64\xca\x42\xe1\x11\x2a\x9e\x87",
+ },
+ {
+ .key = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plaintext = (uint8_t *)
+ "\xf3\x44\x81\xec\x3c\xc6\x27\xba\xcd\x5d\xc3\xfb\x08\xf2\x73\xe6",
+ .ciphertext = (uint8_t *)
+ "\x03\x36\x76\x3e\x96\x6d\x92\x59\x5a\x56\x7c\xc9\xce\x53\x7f\x5e",
+ },
+ {
+ .key = (uint8_t *)
+ "\x10\xa5\x88\x69\xd7\x4b\xe5\xa3\x74\xcf\x86\x7c\xfb\x47\x38\x59",
+ .plaintext = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ciphertext = (uint8_t *)
+ "\x6d\x25\x1e\x69\x44\xb0\x51\xe0\x4e\xaa\x6f\xb4\xdb\xf7\x84\x65",
+ },
+ {
+ .key = (uint8_t *)
+ "\xca\xea\x65\xcd\xbb\x75\xe9\x16\x9e\xcd\x22\xeb\xe6\xe5\x46\x75",
+ .plaintext = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ciphertext = (uint8_t *)
+ "\x6e\x29\x20\x11\x90\x15\x2d\xf4\xee\x05\x81\x39\xde\xf6\x10\xbb",
+ },
+ {
+ .key = (uint8_t *)
+ "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
+ .plaintext = (uint8_t *)
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ciphertext = (uint8_t *)
+ "\x9b\xa4\xa9\x14\x3f\x4e\x5d\x40\x48\x52\x1c\x4f\x88\x77\xd8\x8e",
+ },
};
/* AES cipher */
-static int
-test_aes (void)
+static int test_aes(void)
{
- gnutls_cipher_hd_t hd;
- int ret;
- unsigned int i, j;
- uint8_t _iv[16];
- uint8_t tmp[128];
- gnutls_datum_t key, iv;
-
- fprintf (stdout, "Tests on AES Encryption: ");
- fflush (stdout);
- for (i = 0; i < sizeof (aes_vectors) / sizeof (aes_vectors[0]); i++)
- {
- memset (_iv, 0, sizeof (_iv));
- memset (tmp, 0, sizeof (tmp));
- key.data = (void *) aes_vectors[i].key;
- key.size = 16;
-
- iv.data = _iv;
- iv.size = 16;
-
- ret =
- gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_CBC, &key,
- &iv);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
- return 1;
- }
-
- ret = gnutls_cipher_encrypt2 (hd, aes_vectors[i].plaintext, 16,
- tmp, sizeof(tmp));
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
- return 1;
- }
-
- gnutls_cipher_deinit (hd);
-
- if (memcmp (tmp, aes_vectors[i].ciphertext, 16) != 0)
- {
- fprintf (stderr, "AES test vector %d failed!\n", i);
-
- fprintf (stderr, "Cipher[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:", (int) tmp[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:",
- (int) aes_vectors[i].ciphertext[j]);
- fprintf (stderr, "\n");
- return 1;
- }
- }
- fprintf (stdout, "ok\n");
-
- fprintf (stdout, "Tests on AES Decryption: ");
- fflush (stdout);
- for (i = 0; i < sizeof (aes_vectors) / sizeof (aes_vectors[0]); i++)
- {
-
- memset (_iv, 0, sizeof (_iv));
- memset (tmp, 0x33, sizeof (tmp));
-
- key.data = (void *) aes_vectors[i].key;
- key.size = 16;
-
- iv.data = _iv;
- iv.size = 16;
-
- ret =
- gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_CBC, &key,
- &iv);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
- return 1;
- }
-
- ret = gnutls_cipher_decrypt2 (hd, aes_vectors[i].ciphertext, 16,
- tmp, sizeof(tmp));
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES test %d failed\n", __LINE__, i);
- return 1;
- }
-
- gnutls_cipher_deinit (hd);
-
- if (memcmp (tmp, aes_vectors[i].plaintext, 16) != 0)
- {
- fprintf (stderr, "AES test vector %d failed!\n", i);
-
- fprintf (stderr, "Plain[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:", (int) tmp[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:",
- (int) aes_vectors[i].plaintext[j]);
- fprintf (stderr, "\n");
- return 1;
- }
- }
-
- fprintf (stdout, "ok\n");
- fprintf (stdout, "\n");
-
- fprintf (stdout, "Tests on AES-GCM: ");
- fflush (stdout);
- for (i = 0; i < sizeof (aes_gcm_vectors) / sizeof (aes_gcm_vectors[0]);
- i++)
- {
- memset (tmp, 0, sizeof (tmp));
- key.data = (void *) aes_gcm_vectors[i].key;
- key.size = 16;
-
- iv.data = (void *) aes_gcm_vectors[i].iv;
- iv.size = 12;
-
- ret =
- gnutls_cipher_init (&hd, GNUTLS_CIPHER_AES_128_GCM, &key,
- &iv);
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES-GCM test %d failed\n", __LINE__,
- i);
- return 1;
- }
-
- if (aes_gcm_vectors[i].auth_size > 0)
- {
- ret =
- gnutls_cipher_add_auth (hd, aes_gcm_vectors[i].auth,
- aes_gcm_vectors[i].auth_size);
-
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES-GCM test %d failed\n",
- __LINE__, i);
- return 1;
- }
- }
-
- if (aes_gcm_vectors[i].plaintext_size > 0)
- {
- ret =
- gnutls_cipher_encrypt2 (hd,
- aes_gcm_vectors[i].plaintext,
- aes_gcm_vectors[i].
- plaintext_size, tmp,
- sizeof(tmp));
- if (ret < 0)
- {
- fprintf (stderr, "%d: AES-GCM test %d failed: %s\n",
- __LINE__, i, gnutls_strerror(ret));
- return 1;
- }
- }
-
-
- if (aes_gcm_vectors[i].plaintext_size > 0)
- if (memcmp
- (tmp, aes_gcm_vectors[i].ciphertext,
- aes_gcm_vectors[i].plaintext_size) != 0)
- {
- fprintf (stderr, "AES-GCM test vector %d failed!\n",
- i);
-
- fprintf (stderr, "Cipher[%d]: ",
- aes_gcm_vectors[i].plaintext_size);
- for (j = 0; j < aes_gcm_vectors[i].plaintext_size; j++)
- fprintf (stderr, "%.2x:", (int) tmp[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ",
- aes_gcm_vectors[i].plaintext_size);
- for (j = 0; j < aes_gcm_vectors[i].plaintext_size; j++)
- fprintf (stderr, "%.2x:",
- (int) aes_gcm_vectors[i].ciphertext[j]);
- fprintf (stderr, "\n");
- return 1;
- }
-
- gnutls_cipher_tag (hd, tmp, 16);
- if (memcmp (tmp, aes_gcm_vectors[i].tag, 16) != 0)
- {
- fprintf (stderr, "AES-GCM test vector %d failed (tag)!\n",
- i);
-
- fprintf (stderr, "Tag[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:", (int) tmp[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ", 16);
- for (j = 0; j < 16; j++)
- fprintf (stderr, "%.2x:",
- (int) aes_gcm_vectors[i].tag[j]);
- fprintf (stderr, "\n");
- return 1;
- }
-
- gnutls_cipher_deinit (hd);
-
- }
- fprintf (stdout, "ok\n");
- fprintf (stdout, "\n");
-
-
- return 0;
+ gnutls_cipher_hd_t hd;
+ int ret;
+ unsigned int i, j;
+ uint8_t _iv[16];
+ uint8_t tmp[128];
+ gnutls_datum_t key, iv;
+
+ fprintf(stdout, "Tests on AES Encryption: ");
+ fflush(stdout);
+ for (i = 0; i < sizeof(aes_vectors) / sizeof(aes_vectors[0]); i++) {
+ memset(_iv, 0, sizeof(_iv));
+ memset(tmp, 0, sizeof(tmp));
+ key.data = (void *) aes_vectors[i].key;
+ key.size = 16;
+
+ iv.data = _iv;
+ iv.size = 16;
+
+ ret =
+ gnutls_cipher_init(&hd, GNUTLS_CIPHER_AES_128_CBC,
+ &key, &iv);
+ if (ret < 0) {
+ fprintf(stderr, "%d: AES test %d failed\n",
+ __LINE__, i);
+ return 1;
+ }
+
+ ret =
+ gnutls_cipher_encrypt2(hd, aes_vectors[i].plaintext,
+ 16, tmp, sizeof(tmp));
+ if (ret < 0) {
+ fprintf(stderr, "%d: AES test %d failed\n",
+ __LINE__, i);
+ return 1;
+ }
+
+ gnutls_cipher_deinit(hd);
+
+ if (memcmp(tmp, aes_vectors[i].ciphertext, 16) != 0) {
+ fprintf(stderr, "AES test vector %d failed!\n", i);
+
+ fprintf(stderr, "Cipher[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf(stderr, "%.2x:", (int) tmp[j]);
+ fprintf(stderr, "\n");
+
+ fprintf(stderr, "Expected[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf(stderr, "%.2x:",
+ (int) aes_vectors[i].
+ ciphertext[j]);
+ fprintf(stderr, "\n");
+ return 1;
+ }
+ }
+ fprintf(stdout, "ok\n");
+
+ fprintf(stdout, "Tests on AES Decryption: ");
+ fflush(stdout);
+ for (i = 0; i < sizeof(aes_vectors) / sizeof(aes_vectors[0]); i++) {
+
+ memset(_iv, 0, sizeof(_iv));
+ memset(tmp, 0x33, sizeof(tmp));
+
+ key.data = (void *) aes_vectors[i].key;
+ key.size = 16;
+
+ iv.data = _iv;
+ iv.size = 16;
+
+ ret =
+ gnutls_cipher_init(&hd, GNUTLS_CIPHER_AES_128_CBC,
+ &key, &iv);
+ if (ret < 0) {
+ fprintf(stderr, "%d: AES test %d failed\n",
+ __LINE__, i);
+ return 1;
+ }
+
+ ret =
+ gnutls_cipher_decrypt2(hd, aes_vectors[i].ciphertext,
+ 16, tmp, sizeof(tmp));
+ if (ret < 0) {
+ fprintf(stderr, "%d: AES test %d failed\n",
+ __LINE__, i);
+ return 1;
+ }
+
+ gnutls_cipher_deinit(hd);
+
+ if (memcmp(tmp, aes_vectors[i].plaintext, 16) != 0) {
+ fprintf(stderr, "AES test vector %d failed!\n", i);
+
+ fprintf(stderr, "Plain[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf(stderr, "%.2x:", (int) tmp[j]);
+ fprintf(stderr, "\n");
+
+ fprintf(stderr, "Expected[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf(stderr, "%.2x:",
+ (int) aes_vectors[i].plaintext[j]);
+ fprintf(stderr, "\n");
+ return 1;
+ }
+ }
+
+ fprintf(stdout, "ok\n");
+ fprintf(stdout, "\n");
+
+ fprintf(stdout, "Tests on AES-GCM: ");
+ fflush(stdout);
+ for (i = 0;
+ i < sizeof(aes_gcm_vectors) / sizeof(aes_gcm_vectors[0]);
+ i++) {
+ memset(tmp, 0, sizeof(tmp));
+ key.data = (void *) aes_gcm_vectors[i].key;
+ key.size = 16;
+
+ iv.data = (void *) aes_gcm_vectors[i].iv;
+ iv.size = 12;
+
+ ret =
+ gnutls_cipher_init(&hd, GNUTLS_CIPHER_AES_128_GCM,
+ &key, &iv);
+ if (ret < 0) {
+ fprintf(stderr, "%d: AES-GCM test %d failed\n",
+ __LINE__, i);
+ return 1;
+ }
+
+ if (aes_gcm_vectors[i].auth_size > 0) {
+ ret =
+ gnutls_cipher_add_auth(hd,
+ aes_gcm_vectors[i].auth,
+ aes_gcm_vectors[i].
+ auth_size);
+
+ if (ret < 0) {
+ fprintf(stderr,
+ "%d: AES-GCM test %d failed\n",
+ __LINE__, i);
+ return 1;
+ }
+ }
+
+ if (aes_gcm_vectors[i].plaintext_size > 0) {
+ ret =
+ gnutls_cipher_encrypt2(hd,
+ aes_gcm_vectors[i].
+ plaintext,
+ aes_gcm_vectors
+ [i].plaintext_size, tmp,
+ sizeof(tmp));
+ if (ret < 0) {
+ fprintf(stderr,
+ "%d: AES-GCM test %d failed: %s\n",
+ __LINE__, i, gnutls_strerror(ret));
+ return 1;
+ }
+ }
+
+
+ if (aes_gcm_vectors[i].plaintext_size > 0)
+ if (memcmp
+ (tmp, aes_gcm_vectors[i].ciphertext,
+ aes_gcm_vectors[i].plaintext_size) != 0) {
+ fprintf(stderr,
+ "AES-GCM test vector %d failed!\n",
+ i);
+
+ fprintf(stderr, "Cipher[%d]: ",
+ aes_gcm_vectors[i].plaintext_size);
+ for (j = 0;
+ j < aes_gcm_vectors[i].plaintext_size;
+ j++)
+ fprintf(stderr, "%.2x:",
+ (int) tmp[j]);
+ fprintf(stderr, "\n");
+
+ fprintf(stderr, "Expected[%d]: ",
+ aes_gcm_vectors[i].plaintext_size);
+ for (j = 0;
+ j < aes_gcm_vectors[i].plaintext_size;
+ j++)
+ fprintf(stderr, "%.2x:",
+ (int) aes_gcm_vectors[i].
+ ciphertext[j]);
+ fprintf(stderr, "\n");
+ return 1;
+ }
+
+ gnutls_cipher_tag(hd, tmp, 16);
+ if (memcmp(tmp, aes_gcm_vectors[i].tag, 16) != 0) {
+ fprintf(stderr,
+ "AES-GCM test vector %d failed (tag)!\n",
+ i);
+
+ fprintf(stderr, "Tag[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf(stderr, "%.2x:", (int) tmp[j]);
+ fprintf(stderr, "\n");
+
+ fprintf(stderr, "Expected[%d]: ", 16);
+ for (j = 0; j < 16; j++)
+ fprintf(stderr, "%.2x:",
+ (int) aes_gcm_vectors[i].tag[j]);
+ fprintf(stderr, "\n");
+ return 1;
+ }
+
+ gnutls_cipher_deinit(hd);
+
+ }
+ fprintf(stdout, "ok\n");
+ fprintf(stdout, "\n");
+
+
+ return 0;
}
-struct hash_vectors_st
-{
- const char *name;
- int algorithm;
- const uint8_t *key; /* if hmac */
- unsigned int key_size;
- const uint8_t *plaintext;
- unsigned int plaintext_size;
- const uint8_t *output;
- unsigned int output_size;
-} hash_vectors[] =
-{
- {
- .name = "SHA1",
- .algorithm = GNUTLS_MAC_SHA1,
- .key = NULL,
- .plaintext =
- (uint8_t *) "what do ya want for nothing?",
- .plaintext_size =
- sizeof ("what do ya want for nothing?") - 1,
- .output =
- (uint8_t *)
- "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
- .output_size = 20,
- },
- {
- .name = "SHA1",
- .algorithm = GNUTLS_MAC_SHA1,
- .key = NULL,
- .plaintext =
- (uint8_t *)
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- .plaintext_size = sizeof
- ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
- - 1,
- .output =
- (uint8_t *)
- "\xbe\xae\xd1\x6d\x65\x8e\xc7\x92\x9e\xdf\xd6\x2b\xfa\xfe\xac\x29\x9f\x0d\x74\x4d",
- .output_size = 20,
- },
- {
- .name = "SHA256",
- .algorithm = GNUTLS_MAC_SHA256,
- .key = NULL,
- .plaintext =
- (uint8_t *)
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- .plaintext_size = sizeof
- ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
- - 1,
- .output =
- (uint8_t *)
- "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
- .output_size = 32,
- },
- {
- .name = "SHA256",
- .algorithm = GNUTLS_MAC_SHA256,
- .key = NULL,
- .plaintext =
- (uint8_t *)
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- .plaintext_size = sizeof
- ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
- - 1,
- .output =
- (uint8_t *)
- "\x50\xea\x82\x5d\x96\x84\xf4\x22\x9c\xa2\x9f\x1f\xec\x51\x15\x93\xe2\x81\xe4\x6a\x14\x0d\x81\xe0\x00\x5f\x8f\x68\x86\x69\xa0\x6c",
- .output_size = 32,
- },
- {
- .name = "SHA512",
- .algorithm = GNUTLS_MAC_SHA512,
- .key = NULL,
- .plaintext =
- (uint8_t *)
- "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
- .plaintext_size = sizeof
- ("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")
- - 1,
- .output =
- (uint8_t *)
- "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09",
- .output_size = 64,
- },
- {
- .name = "HMAC-MD5",.algorithm = GNUTLS_MAC_MD5,.key =
- (uint8_t *) "Jefe",.key_size = 4,.plaintext =
- (uint8_t *) "what do ya want for nothing?",.
- plaintext_size =
- sizeof ("what do ya want for nothing?") - 1,.output =
- (uint8_t *)
- "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",.output_size
- = 16,}
- ,
- /* from rfc4231 */
- {
- .name = "HMAC-SHA2-224",.algorithm = GNUTLS_MAC_SHA224,.key =
- (uint8_t *)
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
- = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
- sizeof ("Hi There") - 1,.output =
- (uint8_t *)
- "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22",.output_size
- = 28,}
- ,
- {
- .name = "HMAC-SHA2-256",.algorithm = GNUTLS_MAC_SHA256,.key =
- (uint8_t *)
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
- = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
- sizeof ("Hi There") - 1,.output =
- (uint8_t *)
- "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7",.output_size
- = 32,}
- ,
- {
- .name = "HMAC-SHA2-384",.algorithm = GNUTLS_MAC_SHA384,.key =
- (uint8_t *)
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
- = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
- sizeof ("Hi There") - 1,.output =
- (uint8_t *)
- "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",.output_size
- = 48,}
- ,
- {
- .name = "HMAC-SHA2-512",.algorithm = GNUTLS_MAC_SHA512,.key =
- (uint8_t *)
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
- = 20,.plaintext = (uint8_t *) "Hi There",.plaintext_size =
- sizeof ("Hi There") - 1,.output =
- (uint8_t *)
- "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",.output_size
- = 64,}
+struct hash_vectors_st {
+ const char *name;
+ int algorithm;
+ const uint8_t *key; /* if hmac */
+ unsigned int key_size;
+ const uint8_t *plaintext;
+ unsigned int plaintext_size;
+ const uint8_t *output;
+ unsigned int output_size;
+} hash_vectors[] = {
+ {
+ .name = "SHA1",.algorithm = GNUTLS_MAC_SHA1,.key =
+ NULL,.plaintext =
+ (uint8_t *) "what do ya want for nothing?",.
+ plaintext_size =
+ sizeof("what do ya want for nothing?") - 1,.output =
+ (uint8_t *)
+ "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",.
+ output_size = 20,}
+ , {
+ .name = "SHA1",.algorithm = GNUTLS_MAC_SHA1,.key =
+ NULL,.plaintext = (uint8_t *)
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",.
+ plaintext_size =
+ sizeof
+ ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
+ - 1,.output = (uint8_t *)
+ "\xbe\xae\xd1\x6d\x65\x8e\xc7\x92\x9e\xdf\xd6\x2b\xfa\xfe\xac\x29\x9f\x0d\x74\x4d",.
+ output_size = 20,}
+ , {
+ .name = "SHA256",.algorithm = GNUTLS_MAC_SHA256,.key =
+ NULL,.plaintext = (uint8_t *)
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",.
+ plaintext_size =
+ sizeof
+ ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
+ - 1,.output = (uint8_t *)
+ "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",.
+ output_size = 32,}
+ , {
+ .name = "SHA256",.algorithm = GNUTLS_MAC_SHA256,.key =
+ NULL,.plaintext = (uint8_t *)
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",.
+ plaintext_size =
+ sizeof
+ ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
+ - 1,.output = (uint8_t *)
+ "\x50\xea\x82\x5d\x96\x84\xf4\x22\x9c\xa2\x9f\x1f\xec\x51\x15\x93\xe2\x81\xe4\x6a\x14\x0d\x81\xe0\x00\x5f\x8f\x68\x86\x69\xa0\x6c",.
+ output_size = 32,}
+ , {
+ .name = "SHA512",.algorithm = GNUTLS_MAC_SHA512,.key =
+ NULL,.plaintext = (uint8_t *)
+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",.
+ plaintext_size =
+ sizeof
+ ("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")
+ - 1,.output = (uint8_t *)
+ "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09",.
+ output_size = 64,}
+ , {
+ .name = "HMAC-MD5",.algorithm = GNUTLS_MAC_MD5,.key =
+ (uint8_t *) "Jefe",.key_size = 4,.plaintext =
+ (uint8_t *)
+ "what do ya want for nothing?",.plaintext_size =
+ sizeof("what do ya want for nothing?") - 1,.output =
+ (uint8_t *)
+ "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",.
+ output_size = 16,}
+ ,
+ /* from rfc4231 */
+ {
+ .name = "HMAC-SHA2-224",.algorithm =
+ GNUTLS_MAC_SHA224,.key = (uint8_t *)
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.
+ key_size = 20,.plaintext =
+ (uint8_t *) "Hi There",.plaintext_size =
+ sizeof("Hi There") - 1,.output = (uint8_t *)
+ "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22",.
+ output_size = 28,}
+ , {
+ .name = "HMAC-SHA2-256",.algorithm =
+ GNUTLS_MAC_SHA256,.key = (uint8_t *)
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.
+ key_size = 20,.plaintext =
+ (uint8_t *) "Hi There",.plaintext_size =
+ sizeof("Hi There") - 1,.output = (uint8_t *)
+ "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7",.
+ output_size = 32,}
+ , {
+ .name = "HMAC-SHA2-384",.algorithm =
+ GNUTLS_MAC_SHA384,.key = (uint8_t *)
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.
+ key_size = 20,.plaintext =
+ (uint8_t *) "Hi There",.plaintext_size =
+ sizeof("Hi There") - 1,.output = (uint8_t *)
+ "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",.
+ output_size = 48,}
+ , {
+ .name = "HMAC-SHA2-512",.algorithm =
+ GNUTLS_MAC_SHA512,.key = (uint8_t *)
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.
+ key_size = 20,.plaintext =
+ (uint8_t *) "Hi There",.plaintext_size =
+ sizeof("Hi There") - 1,.output = (uint8_t *)
+ "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",.
+ output_size = 64,}
,};
#define HASH_DATA_SIZE 64
/* SHA1 and other hashes */
-static int
-test_hash (void)
+static int test_hash(void)
{
- uint8_t data[HASH_DATA_SIZE];
- unsigned int i, j;
- int ret;
- size_t data_size;
-
- fprintf (stdout, "Tests on Hashes\n");
- for (i = 0; i < sizeof (hash_vectors) / sizeof (hash_vectors[0]); i++)
- {
-
- fprintf (stdout, "\t%s: ", hash_vectors[i].name);
- /* import key */
- if (hash_vectors[i].key != NULL)
- {
+ uint8_t data[HASH_DATA_SIZE];
+ unsigned int i, j;
+ int ret;
+ size_t data_size;
+
+ fprintf(stdout, "Tests on Hashes\n");
+ for (i = 0; i < sizeof(hash_vectors) / sizeof(hash_vectors[0]);
+ i++) {
+
+ fprintf(stdout, "\t%s: ", hash_vectors[i].name);
+ /* import key */
+ if (hash_vectors[i].key != NULL) {
#if 0
- ret = gnutls_hmac_fast(hash_vectors[i].algorithm, hash_vectors[i].key, hash_vectors[i].key_size,
- hash_vectors[i].plaintext, hash_vectors[i].plaintext_size, data);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
+ ret =
+ gnutls_hmac_fast(hash_vectors[i].algorithm,
+ hash_vectors[i].key,
+ hash_vectors[i].key_size,
+ hash_vectors[i].plaintext,
+ hash_vectors[i].
+ plaintext_size, data);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
#else
- gnutls_hmac_hd_t hd;
-
- ret = gnutls_hmac_init( &hd, hash_vectors[i].algorithm, hash_vectors[i].key, hash_vectors[i].key_size);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- ret = gnutls_hmac(hd, hash_vectors[i].plaintext, hash_vectors[i].plaintext_size-1);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- ret = gnutls_hmac(hd, &hash_vectors[i].plaintext[hash_vectors[i].plaintext_size-1], 1);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- gnutls_hmac_output(hd, data);
- gnutls_hmac_deinit(hd, NULL);
+ gnutls_hmac_hd_t hd;
+
+ ret =
+ gnutls_hmac_init(&hd,
+ hash_vectors[i].algorithm,
+ hash_vectors[i].key,
+ hash_vectors[i].key_size);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret =
+ gnutls_hmac(hd, hash_vectors[i].plaintext,
+ hash_vectors[i].plaintext_size -
+ 1);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret =
+ gnutls_hmac(hd,
+ &hash_vectors[i].
+ plaintext[hash_vectors[i].
+ plaintext_size - 1], 1);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ gnutls_hmac_output(hd, data);
+ gnutls_hmac_deinit(hd, NULL);
#endif
- data_size =
- gnutls_hmac_get_len (hash_vectors[i].algorithm);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
- }
- else
- {
- gnutls_hash_hd_t hd;
- ret = gnutls_hash_init( &hd, hash_vectors[i].algorithm);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- ret = gnutls_hash (hd,
- hash_vectors[i].plaintext,
- 1);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- ret = gnutls_hash (hd,
- &hash_vectors[i].plaintext[1],
- hash_vectors[i].plaintext_size-1);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
-
- gnutls_hash_output(hd, data);
- gnutls_hash_deinit(hd, NULL);
-
- data_size =
- gnutls_hash_get_len (hash_vectors[i].algorithm);
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s:%d\n", __func__,
- __LINE__);
- return 1;
- }
- }
-
- if (data_size != hash_vectors[i].output_size ||
- memcmp (data, hash_vectors[i].output,
- hash_vectors[i].output_size) != 0)
- {
- fprintf (stderr, "HASH test vector %d failed!\n", i);
-
- fprintf (stderr, "Output[%d]: ", (int) data_size);
- for (j = 0; j < data_size; j++)
- fprintf (stderr, "%.2x:", (int) data[j]);
- fprintf (stderr, "\n");
-
- fprintf (stderr, "Expected[%d]: ",
- hash_vectors[i].output_size);
- for (j = 0; j < hash_vectors[i].output_size; j++)
- fprintf (stderr, "%.2x:",
- (int) hash_vectors[i].output[j]);
- fprintf (stderr, "\n");
- return 1;
- }
-
- fprintf (stdout, "ok\n");
- }
-
- fprintf (stdout, "\n");
-
- return 0;
+ data_size =
+ gnutls_hmac_get_len(hash_vectors[i].algorithm);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+ } else {
+ gnutls_hash_hd_t hd;
+ ret =
+ gnutls_hash_init(&hd,
+ hash_vectors[i].algorithm);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hash(hd,
+ hash_vectors[i].plaintext, 1);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hash(hd,
+ &hash_vectors[i].plaintext[1],
+ hash_vectors[i].plaintext_size -
+ 1);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ gnutls_hash_output(hd, data);
+ gnutls_hash_deinit(hd, NULL);
+
+ data_size =
+ gnutls_hash_get_len(hash_vectors[i].algorithm);
+ if (ret < 0) {
+ fprintf(stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+ }
+
+ if (data_size != hash_vectors[i].output_size ||
+ memcmp(data, hash_vectors[i].output,
+ hash_vectors[i].output_size) != 0) {
+ fprintf(stderr, "HASH test vector %d failed!\n",
+ i);
+
+ fprintf(stderr, "Output[%d]: ", (int) data_size);
+ for (j = 0; j < data_size; j++)
+ fprintf(stderr, "%.2x:", (int) data[j]);
+ fprintf(stderr, "\n");
+
+ fprintf(stderr, "Expected[%d]: ",
+ hash_vectors[i].output_size);
+ for (j = 0; j < hash_vectors[i].output_size; j++)
+ fprintf(stderr, "%.2x:",
+ (int) hash_vectors[i].output[j]);
+ fprintf(stderr, "\n");
+ return 1;
+ }
+
+ fprintf(stdout, "ok\n");
+ }
+
+ fprintf(stdout, "\n");
+
+ return 0;
}
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "<%d>| %s", level, str);
+ fprintf(stderr, "<%d>| %s", level, str);
}
-int
-main (int argc, char **argv)
+int main(int argc, char **argv)
{
- gnutls_global_set_log_function (tls_log_func);
- if (argc > 1)
- gnutls_global_set_log_level (4711);
+ gnutls_global_set_log_function(tls_log_func);
+ if (argc > 1)
+ gnutls_global_set_log_level(4711);
- global_init ();
+ global_init();
- if (test_aes ())
- return 1;
+ if (test_aes())
+ return 1;
- if (test_hash ())
- return 1;
+ if (test_hash())
+ return 1;
- gnutls_global_deinit ();
- return 0;
+ gnutls_global_deinit();
+ return 0;
}
diff --git a/tests/slow/gendh.c b/tests/slow/gendh.c
index b108a05dc0..155cf23d64 100644
--- a/tests/slow/gendh.c
+++ b/tests/slow/gendh.c
@@ -28,25 +28,25 @@
#include "utils.h"
-void
-doit (void)
+void doit(void)
{
- gnutls_dh_params_t dh_params = NULL;
- int rc;
+ gnutls_dh_params_t dh_params = NULL;
+ int rc;
- rc = global_init ();
- if (rc)
- fail ("global_init\n");
+ rc = global_init();
+ if (rc)
+ fail("global_init\n");
- if (gnutls_dh_params_init (&dh_params) < 0)
- fail ("Error in dh parameter initialization\n");
+ if (gnutls_dh_params_init(&dh_params) < 0)
+ fail("Error in dh parameter initialization\n");
- if (gnutls_dh_params_generate2 (dh_params, 1024) < 0)
- fail ("Error in prime generation\n");
-
- gnutls_dh_params_deinit(dh_params);
-
- gnutls_global_deinit();
+ if (gnutls_dh_params_generate2(dh_params, 1024) < 0)
+ fail("Error in prime generation\n");
- if (debug) success ("generated DH params OK\n");
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("generated DH params OK\n");
}
diff --git a/tests/slow/keygen.c b/tests/slow/keygen.c
index 4e02ed4e84..19f7676afe 100644
--- a/tests/slow/keygen.c
+++ b/tests/slow/keygen.c
@@ -35,72 +35,61 @@
#define MAX_TRIES 2
-static int sec_param[MAX_TRIES] = {GNUTLS_SEC_PARAM_LOW, GNUTLS_SEC_PARAM_NORMAL};
+static int sec_param[MAX_TRIES] =
+ { GNUTLS_SEC_PARAM_LOW, GNUTLS_SEC_PARAM_NORMAL };
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", "crq_key_id", level, str);
+ fprintf(stderr, "%s |<%d>| %s", "crq_key_id", level, str);
}
-void
-doit (void)
+void doit(void)
{
- gnutls_x509_privkey_t pkey;
- int ret, algorithm, i;
+ gnutls_x509_privkey_t pkey;
+ int ret, algorithm, i;
- ret = global_init ();
- if (ret < 0)
- fail ("global_init: %d\n", ret);
+ ret = global_init();
+ if (ret < 0)
+ fail("global_init: %d\n", ret);
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
- for (i = 0; i < MAX_TRIES; i++)
- {
- for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_EC;
- algorithm++)
- {
- if (algorithm == GNUTLS_PK_DH)
- continue;
+ for (i = 0; i < MAX_TRIES; i++) {
+ for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_EC;
+ algorithm++) {
+ if (algorithm == GNUTLS_PK_DH)
+ continue;
- ret = gnutls_x509_privkey_init (&pkey);
- if (ret < 0)
- {
- fail ("gnutls_x509_privkey_init: %d\n", ret);
- }
+ ret = gnutls_x509_privkey_init(&pkey);
+ if (ret < 0) {
+ fail("gnutls_x509_privkey_init: %d\n",
+ ret);
+ }
- ret =
- gnutls_x509_privkey_generate (pkey, algorithm,
- gnutls_sec_param_to_pk_bits
- (algorithm,
- sec_param[i]),
- 0);
- if (ret < 0)
- {
- fail ("gnutls_x509_privkey_generate (%s): %s (%d)\n",
- gnutls_pk_algorithm_get_name (algorithm),
- gnutls_strerror (ret), ret);
- }
- else if (debug)
- {
- success ("Key[%s] generation ok: %d\n",
- gnutls_pk_algorithm_get_name (algorithm),
- ret);
- }
+ ret =
+ gnutls_x509_privkey_generate(pkey, algorithm,
+ gnutls_sec_param_to_pk_bits
+ (algorithm,
+ sec_param[i]),
+ 0);
+ if (ret < 0) {
+ fail("gnutls_x509_privkey_generate (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret);
+ } else if (debug) {
+ success("Key[%s] generation ok: %d\n",
+ gnutls_pk_algorithm_get_name
+ (algorithm), ret);
+ }
- ret = gnutls_x509_privkey_verify_params (pkey);
- if (ret < 0)
- {
- fail ("gnutls_x509_privkey_generate (%s): %s (%d)\n",
- gnutls_pk_algorithm_get_name (algorithm),
- gnutls_strerror (ret), ret);
- }
+ ret = gnutls_x509_privkey_verify_params(pkey);
+ if (ret < 0) {
+ fail("gnutls_x509_privkey_generate (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret);
+ }
- gnutls_x509_privkey_deinit (pkey);
- }
- }
+ gnutls_x509_privkey_deinit(pkey);
+ }
+ }
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
diff --git a/tests/srp/mini-srp.c b/tests/srp/mini-srp.c
index 70a684f0d9..35b42e0631 100644
--- a/tests/srp/mini-srp.c
+++ b/tests/srp/mini-srp.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -52,131 +52,123 @@ static void terminate(void);
/* This program tests the SRP and SRP-RSA ciphersuites.
*/
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
-static void
-client (int fd, const char* prio)
+static void client(int fd, const char *prio)
{
- int ret;
- gnutls_session_t session;
- gnutls_srp_client_credentials_t srp_cred;
- gnutls_certificate_credentials_t x509_cred;
- /* Need to enable anonymous KX specifically. */
-
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_srp_allocate_client_credentials (&srp_cred);
- gnutls_certificate_allocate_credentials (&x509_cred);
-
- gnutls_srp_set_client_credentials (srp_cred, "test", "test");
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, prio, NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_srp_free_client_credentials (srp_cred);
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
+ int ret;
+ gnutls_session_t session;
+ gnutls_srp_client_credentials_t srp_cred;
+ gnutls_certificate_credentials_t x509_cred;
+ /* Need to enable anonymous KX specifically. */
+
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_srp_allocate_client_credentials(&srp_cred);
+ gnutls_certificate_allocate_credentials(&x509_cred);
+
+ gnutls_srp_set_client_credentials(srp_cred, "test", "test");
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session, prio, NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_srp_free_client_credentials(srp_cred);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
}
@@ -185,166 +177,160 @@ gnutls_srp_server_credentials_t s_srp_cred;
gnutls_certificate_credentials_t s_x509_cred;
pid_t child;
-static gnutls_session_t
-initialize_tls_session (const char* prio)
+static gnutls_session_t initialize_tls_session(const char *prio)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_priority_set_direct (session, prio, NULL);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct(session, prio, NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, s_srp_cred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, s_x509_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, s_srp_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ s_x509_cred);
- return session;
+ return session;
}
static void terminate(void)
{
-int status;
+ int status;
- kill(child, SIGTERM);
- wait(&status);
- exit(1);
+ kill(child, SIGTERM);
+ wait(&status);
+ exit(1);
}
-static void
-server (int fd, const char* prio)
+static void server(int fd, const char *prio)
{
-int ret;
-gnutls_session_t session;
-
- /* this must be called once in the program
- */
- global_init ();
-
- if (debug)
- {
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (4711);
- }
-
- gnutls_srp_allocate_server_credentials (&s_srp_cred);
- gnutls_srp_set_server_credentials_file (s_srp_cred, "tpasswd",
- "tpasswd.conf");
-
- gnutls_certificate_allocate_credentials (&s_x509_cred);
- gnutls_certificate_set_x509_key_mem (s_x509_cred,
- &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- session = initialize_tls_session (prio);
-
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
- close (fd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- terminate();
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (fd);
- gnutls_deinit (session);
-
- gnutls_srp_free_server_credentials (s_srp_cred);
- gnutls_certificate_free_credentials (s_x509_cred);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ int ret;
+ gnutls_session_t session;
+
+ /* this must be called once in the program
+ */
+ global_init();
+
+ if (debug) {
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(4711);
+ }
+
+ gnutls_srp_allocate_server_credentials(&s_srp_cred);
+ gnutls_srp_set_server_credentials_file(s_srp_cred, "tpasswd",
+ "tpasswd.conf");
+
+ gnutls_certificate_allocate_credentials(&s_x509_cred);
+ gnutls_certificate_set_x509_key_mem(s_x509_cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ session = initialize_tls_session(prio);
+
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
+ close(fd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ terminate();
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(fd);
+ gnutls_deinit(session);
+
+ gnutls_srp_free_server_credentials(s_srp_cred);
+ gnutls_certificate_free_credentials(s_x509_cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-static void start (const char* prio)
+static void start(const char *prio)
{
- int fd[2];
- int ret;
-
- ret = socketpair(AF_LOCAL, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- exit(1);
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (fd[0], prio);
- wait (&status);
- if (WEXITSTATUS(status) != 0)
- fail("Child died with status %d\n", WEXITSTATUS(status));
- }
- else
- {
- client (fd[1], prio);
- exit(0);
- }
+ int fd[2];
+ int ret;
+
+ ret = socketpair(AF_LOCAL, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ exit(1);
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(fd[0], prio);
+ wait(&status);
+ if (WEXITSTATUS(status) != 0)
+ fail("Child died with status %d\n",
+ WEXITSTATUS(status));
+ } else {
+ client(fd[1], prio);
+ exit(0);
+ }
}
-const char* tpasswd_file = "test:CsrY0PxYlYCAa8UuWUrcjpqBvG6ImlAdGwEUh3tN2DSDBbMWTvnUl7A8Hw7l0zFHwyLH5rh0llrmu/v.Df2FjDEGy0s0rYR5ARE2XlXPl66xhevHj5vitD0Qvq/J0x1v0zMWJSgq/Ah2MoOrw9aBEsQUgf9MddiHQKjE3Vetoq3:3h3cfS0WrBgPUsldDASSK0:1\n"
- "test2:1J14yVX4iBa97cySs2/SduwnSbHxiz7WieE761psJQDxkc5flpumEwXbAgK5PrSZ0aZ6q7zyrAN1apJR1QQPAdyScJ6Jw4zjDP7AnezUVGbUNMJXhsI0NPwSc0c/415XfrnM1139yjWCr1qkcYMoN4bALppMMLB8glJkxy7t.3cmH9MkRRAjXXdUgAvHw2ZFLmB/8TlZDhnDS78xCSgLQs.oubZEEIgOWl7BT2.aW76fW3yKWdVrrHQDYPtR4hKx:11rUG9wSMLHe2Cu2p7dmFY:2\n"
- "test3:LVJZDDuElMHuRt5/fcx64AhJ4erhFvbIhv/XCtD0tJI3OC6yEBzthZ1FSqblri9qtsvboPApbFHwP9WEluGtCOuzOON4LS8sSeQDBO.PaqjTnsmXKPYMKa.SuLXFuRTtdiFRwX2ZRy3GIWoCvxJtPDWCEYGBWfnjjGEYmQWvo534JVtVDyMaFItYlMTOtBSgsg488oJ5hIAU6jVyIQZGPVv8OHsPCpEt2UlTixzI9nAgQ0WL5ShKaAq0dksF/AY7UMKm0oHbtZeqAx6YcBzLbBhNvcEqYzH95ONpr.cUh91iRhVzdVscsFweSCtWsQrVT4zmSRwdsljeFQPqFbdeK:iWkELSVg3JxmyEq.XbjAW:3\n";
+const char *tpasswd_file =
+ "test:CsrY0PxYlYCAa8UuWUrcjpqBvG6ImlAdGwEUh3tN2DSDBbMWTvnUl7A8Hw7l0zFHwyLH5rh0llrmu/v.Df2FjDEGy0s0rYR5ARE2XlXPl66xhevHj5vitD0Qvq/J0x1v0zMWJSgq/Ah2MoOrw9aBEsQUgf9MddiHQKjE3Vetoq3:3h3cfS0WrBgPUsldDASSK0:1\n"
+ "test2:1J14yVX4iBa97cySs2/SduwnSbHxiz7WieE761psJQDxkc5flpumEwXbAgK5PrSZ0aZ6q7zyrAN1apJR1QQPAdyScJ6Jw4zjDP7AnezUVGbUNMJXhsI0NPwSc0c/415XfrnM1139yjWCr1qkcYMoN4bALppMMLB8glJkxy7t.3cmH9MkRRAjXXdUgAvHw2ZFLmB/8TlZDhnDS78xCSgLQs.oubZEEIgOWl7BT2.aW76fW3yKWdVrrHQDYPtR4hKx:11rUG9wSMLHe2Cu2p7dmFY:2\n"
+ "test3:LVJZDDuElMHuRt5/fcx64AhJ4erhFvbIhv/XCtD0tJI3OC6yEBzthZ1FSqblri9qtsvboPApbFHwP9WEluGtCOuzOON4LS8sSeQDBO.PaqjTnsmXKPYMKa.SuLXFuRTtdiFRwX2ZRy3GIWoCvxJtPDWCEYGBWfnjjGEYmQWvo534JVtVDyMaFItYlMTOtBSgsg488oJ5hIAU6jVyIQZGPVv8OHsPCpEt2UlTixzI9nAgQ0WL5ShKaAq0dksF/AY7UMKm0oHbtZeqAx6YcBzLbBhNvcEqYzH95ONpr.cUh91iRhVzdVscsFweSCtWsQrVT4zmSRwdsljeFQPqFbdeK:iWkELSVg3JxmyEq.XbjAW:3\n";
-const char* tpasswd_conf_file = "1:Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ:2\n"
- "2:dUyyhxav9tgnyIg65wHxkzkb7VIPh4o0lkwfOKiPp4rVJrzLRYVBtb76gKlaO7ef5LYGEw3G.4E0jbMxcYBetDy2YdpiP/3GWJInoBbvYHIRO9uBuxgsFKTKWu7RnR7yTau/IrFTdQ4LY/q.AvoCzMxV0PKvD9Odso/LFIItn8PbTov3VMn/ZEH2SqhtpBUkWtmcIkEflhX/YY/fkBKfBbe27/zUaKUUZEUYZ2H2nlCL60.JIPeZJSzsu/xHDVcx:2\n"
- "3:2iQzj1CagQc/5ctbuJYLWlhtAsPHc7xWVyCPAKFRLWKADpASkqe9djWPFWTNTdeJtL8nAhImCn3Sr/IAdQ1FrGw0WvQUstPx3FO9KNcXOwisOQ1VlL.gheAHYfbYyBaxXL.NcJx9TUwgWDT0hRzFzqSrdGGTN3FgSTA1v4QnHtEygNj3eZ.u0MThqWUaDiP87nqha7XnT66bkTCkQ8.7T8L4KZjIImrNrUftedTTBi.WCi.zlrBxDuOM0da0JbUkQlXqvp0yvJAPpC11nxmmZOAbQOywZGmu9nhZNuwTlxjfIro0FOdthaDTuZRL9VL7MRPUDo/DQEyW.d4H.UIlzp:2\n";
+const char *tpasswd_conf_file =
+ "1:Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ:2\n"
+ "2:dUyyhxav9tgnyIg65wHxkzkb7VIPh4o0lkwfOKiPp4rVJrzLRYVBtb76gKlaO7ef5LYGEw3G.4E0jbMxcYBetDy2YdpiP/3GWJInoBbvYHIRO9uBuxgsFKTKWu7RnR7yTau/IrFTdQ4LY/q.AvoCzMxV0PKvD9Odso/LFIItn8PbTov3VMn/ZEH2SqhtpBUkWtmcIkEflhX/YY/fkBKfBbe27/zUaKUUZEUYZ2H2nlCL60.JIPeZJSzsu/xHDVcx:2\n"
+ "3:2iQzj1CagQc/5ctbuJYLWlhtAsPHc7xWVyCPAKFRLWKADpASkqe9djWPFWTNTdeJtL8nAhImCn3Sr/IAdQ1FrGw0WvQUstPx3FO9KNcXOwisOQ1VlL.gheAHYfbYyBaxXL.NcJx9TUwgWDT0hRzFzqSrdGGTN3FgSTA1v4QnHtEygNj3eZ.u0MThqWUaDiP87nqha7XnT66bkTCkQ8.7T8L4KZjIImrNrUftedTTBi.WCi.zlrBxDuOM0da0JbUkQlXqvp0yvJAPpC11nxmmZOAbQOywZGmu9nhZNuwTlxjfIro0FOdthaDTuZRL9VL7MRPUDo/DQEyW.d4H.UIlzp:2\n";
-void
-doit (void)
+void doit(void)
{
-FILE * fd;
-
- fd = fopen("tpasswd.conf", "w");
- if (fd == NULL)
- exit(1);
-
- fwrite(tpasswd_conf_file, 1, strlen(tpasswd_conf_file), fd);
- fclose(fd);
-
- fd = fopen("tpasswd", "w");
- if (fd == NULL)
- exit(1);
-
- fwrite(tpasswd_file, 1, strlen(tpasswd_file), fd);
- fclose(fd);
-
- start("NORMAL:-KX-ALL:+SRP");
- start("NORMAL:-KX-ALL:+SRP-RSA");
-
- remove("tpasswd");
- remove("tpasswd.conf");
+ FILE *fd;
+
+ fd = fopen("tpasswd.conf", "w");
+ if (fd == NULL)
+ exit(1);
+
+ fwrite(tpasswd_conf_file, 1, strlen(tpasswd_conf_file), fd);
+ fclose(fd);
+
+ fd = fopen("tpasswd", "w");
+ if (fd == NULL)
+ exit(1);
+
+ fwrite(tpasswd_file, 1, strlen(tpasswd_file), fd);
+ fclose(fd);
+
+ start("NORMAL:-KX-ALL:+SRP");
+ start("NORMAL:-KX-ALL:+SRP-RSA");
+
+ remove("tpasswd");
+ remove("tpasswd.conf");
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/suite/ecore/eina_config.h b/tests/suite/ecore/eina_config.h
index f89327d6a6..14ba859a29 100644
--- a/tests/suite/ecore/eina_config.h
+++ b/tests/suite/ecore/eina_config.h
@@ -20,33 +20,33 @@
#define EINA_CONFIG_H_
#ifdef EINA_MAGIC_DEBUG
-# undef EINA_MAGIC_DEBUG
+#undef EINA_MAGIC_DEBUG
#endif
#define EINA_MAGIC_DEBUG
#ifdef EINA_DEFAULT_MEMPOOL
-# undef EINA_DEFAULT_MEMPOOL
+#undef EINA_DEFAULT_MEMPOOL
#endif
#ifdef EINA_SAFETY_CHECKS
-# undef EINA_SAFETY_CHECKS
+#undef EINA_SAFETY_CHECKS
#endif
#define EINA_SAFETY_CHECKS
#ifdef EINA_HAVE_INTTYPES_H
-# undef EINA_HAVE_INTTYPES_H
+#undef EINA_HAVE_INTTYPES_H
#endif
#define EINA_HAVE_INTTYPES_H
#ifdef EINA_HAVE_STDINT_H
-# undef EINA_HAVE_STDINT_H
+#undef EINA_HAVE_STDINT_H
#endif
#define EINA_HAVE_STDINT_H
#ifdef EINA_SIZEOF_WCHAR_T
-# undef EINA_SIZEOF_WCHAR_T
+#undef EINA_SIZEOF_WCHAR_T
#endif
#define EINA_SIZEOF_WCHAR_T 4
-#endif /* EINA_CONFIG_H_ */
+#endif /* EINA_CONFIG_H_ */
diff --git a/tests/suite/ecore/src/include/Eina.h b/tests/suite/ecore/src/include/Eina.h
index eb0263f6c2..a7bda06aa8 100644
--- a/tests/suite/ecore/src/include/Eina.h
+++ b/tests/suite/ecore/src/include/Eina.h
@@ -114,7 +114,7 @@
#include <dirent.h>
#ifdef _WIN32
-# include <Evil.h>
+#include <Evil.h>
#endif
#ifdef __cplusplus
@@ -161,5 +161,4 @@ extern "C" {
#ifdef __cplusplus
}
#endif
-
-#endif /* EINA_H */
+#endif /* EINA_H */
diff --git a/tests/suite/ecore/src/include/eina_accessor.h b/tests/suite/ecore/src/include/eina_accessor.h
index 4d2f92e0a1..f3f29a4849 100644
--- a/tests/suite/ecore/src/include/eina_accessor.h
+++ b/tests/suite/ecore/src/include/eina_accessor.h
@@ -42,46 +42,49 @@
*/
typedef struct _Eina_Accessor Eina_Accessor;
-typedef Eina_Bool (*Eina_Accessor_Get_At_Callback)(Eina_Accessor *it,
- unsigned int index,
- void **data);
-typedef void *(*Eina_Accessor_Get_Container_Callback)(Eina_Accessor *it);
-typedef void (*Eina_Accessor_Free_Callback)(Eina_Accessor *it);
-typedef Eina_Bool (*Eina_Accessor_Lock_Callback)(Eina_Accessor *it);
-
-struct _Eina_Accessor
-{
+typedef Eina_Bool(*Eina_Accessor_Get_At_Callback) (Eina_Accessor * it,
+ unsigned int index,
+ void **data);
+typedef void *(*Eina_Accessor_Get_Container_Callback) (Eina_Accessor * it);
+typedef void (*Eina_Accessor_Free_Callback) (Eina_Accessor * it);
+typedef Eina_Bool(*Eina_Accessor_Lock_Callback) (Eina_Accessor * it);
+
+struct _Eina_Accessor {
#define EINA_ACCESSOR_VERSION 1
- int version;
+ int version;
- Eina_Accessor_Get_At_Callback get_at EINA_ARG_NONNULL(1, 3) EINA_WARN_UNUSED_RESULT;
- Eina_Accessor_Get_Container_Callback get_container EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
- Eina_Accessor_Free_Callback free EINA_ARG_NONNULL(1);
+ Eina_Accessor_Get_At_Callback get_at EINA_ARG_NONNULL(1,
+ 3)
+ EINA_WARN_UNUSED_RESULT;
+ Eina_Accessor_Get_Container_Callback get_container
+ EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+ Eina_Accessor_Free_Callback free EINA_ARG_NONNULL(1);
- Eina_Accessor_Lock_Callback lock EINA_WARN_UNUSED_RESULT;
- Eina_Accessor_Lock_Callback unlock EINA_WARN_UNUSED_RESULT;
+ Eina_Accessor_Lock_Callback lock EINA_WARN_UNUSED_RESULT;
+ Eina_Accessor_Lock_Callback unlock EINA_WARN_UNUSED_RESULT;
#define EINA_MAGIC_ACCESSOR 0x98761232
- EINA_MAGIC
-};
+ EINA_MAGIC};
#define FUNC_ACCESSOR_GET_AT(Function) ((Eina_Accessor_Get_At_Callback)Function)
#define FUNC_ACCESSOR_GET_CONTAINER(Function) ((Eina_Accessor_Get_Container_Callback)Function)
#define FUNC_ACCESSOR_FREE(Function) ((Eina_Accessor_Free_Callback)Function)
#define FUNC_ACCESSOR_LOCK(Function) ((Eina_Accessor_Lock_Callback)Function)
-EAPI void eina_accessor_free(Eina_Accessor *accessor) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool eina_accessor_data_get(Eina_Accessor *accessor,
- unsigned int position,
- void **data) EINA_ARG_NONNULL(1);
-EAPI void * eina_accessor_container_get(Eina_Accessor *accessor) EINA_ARG_NONNULL(1) EINA_PURE;
-EAPI void eina_accessor_over(Eina_Accessor *accessor,
- Eina_Each_Cb cb,
- unsigned int start,
- unsigned int end,
- const void *fdata) EINA_ARG_NONNULL(1, 2);
-EAPI Eina_Bool eina_accessor_lock(Eina_Accessor *accessor) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool eina_accessor_unlock(Eina_Accessor *accessor) EINA_ARG_NONNULL(1);
+EAPI void eina_accessor_free(Eina_Accessor * accessor) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_accessor_data_get(Eina_Accessor * accessor,
+ unsigned int position,
+ void **data) EINA_ARG_NONNULL(1);
+EAPI void *eina_accessor_container_get(Eina_Accessor *
+ accessor) EINA_ARG_NONNULL(1)
+ EINA_PURE;
+EAPI void eina_accessor_over(Eina_Accessor * accessor, Eina_Each_Cb cb,
+ unsigned int start, unsigned int end,
+ const void *fdata) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_accessor_lock(Eina_Accessor *
+ accessor) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_accessor_unlock(Eina_Accessor *
+ accessor) EINA_ARG_NONNULL(1);
/**
* @def EINA_ACCESSOR_FOREACH
diff --git a/tests/suite/ecore/src/include/eina_array.h b/tests/suite/ecore/src/include/eina_array.h
index cb0d12a1a8..fa647dcef3 100644
--- a/tests/suite/ecore/src/include/eina_array.h
+++ b/tests/suite/ecore/src/include/eina_array.h
@@ -63,42 +63,52 @@ typedef void **Eina_Array_Iterator;
* @struct _Eina_Array
* Type for an array of data.
*/
-struct _Eina_Array
-{
+struct _Eina_Array {
#define EINA_ARRAY_VERSION 1
- int version; /**< Should match EINA_ARRAY_VERSION used when compiled your apps, provided for ABI compatibility */
-
- void **data; /**< Pointer to a vector of pointer to payload */
- unsigned int total; /**< Total number of slots in the vector */
- unsigned int count; /**< Number of active slots in the vector */
- unsigned int step; /**< How much must we grow the vector when it is full */
- EINA_MAGIC
-};
-
-EAPI Eina_Array * eina_array_new(unsigned int step) EINA_WARN_UNUSED_RESULT EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI void eina_array_free(Eina_Array *array) EINA_ARG_NONNULL(1);
-EAPI void eina_array_step_set(Eina_Array *array,
- unsigned int sizeof_eina_array,
- unsigned int step) EINA_ARG_NONNULL(1);
-EAPI void eina_array_clean(Eina_Array *array) EINA_ARG_NONNULL(1);
-EAPI void eina_array_flush(Eina_Array *array) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool eina_array_remove(Eina_Array *array,
- Eina_Bool(*keep)(void *data, void *gdata),
- void *gdata) EINA_ARG_NONNULL(1, 2);
-static inline Eina_Bool eina_array_push(Eina_Array *array,
- const void *data) EINA_ARG_NONNULL(1, 2);
-static inline void * eina_array_pop(Eina_Array *array) EINA_ARG_NONNULL(1);
-static inline void * eina_array_data_get(const Eina_Array *array,
- unsigned int idx) EINA_ARG_NONNULL(1);
-static inline void eina_array_data_set(const Eina_Array *array,
- unsigned int idx,
- const void *data) EINA_ARG_NONNULL(1, 3);
-static inline unsigned int eina_array_count_get(const Eina_Array *array) EINA_ARG_NONNULL(1);
-EAPI Eina_Iterator * eina_array_iterator_new(const Eina_Array *array) EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Accessor * eina_array_accessor_new(const Eina_Array *array) EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-static inline Eina_Bool eina_array_foreach(Eina_Array *array,
- Eina_Each_Cb cb,
- void *data);
+ int version;
+ /**< Should match EINA_ARRAY_VERSION used when compiled your apps, provided for ABI compatibility */
+
+ void **data;
+ /**< Pointer to a vector of pointer to payload */
+ unsigned int total;
+ /**< Total number of slots in the vector */
+ unsigned int count;
+ /**< Number of active slots in the vector */
+ unsigned int step;
+ /**< How much must we grow the vector when it is full */
+ EINA_MAGIC};
+
+EAPI Eina_Array *eina_array_new(unsigned int step)
+EINA_WARN_UNUSED_RESULT EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI void eina_array_free(Eina_Array * array) EINA_ARG_NONNULL(1);
+EAPI void eina_array_step_set(Eina_Array * array,
+ unsigned int sizeof_eina_array,
+ unsigned int step) EINA_ARG_NONNULL(1);
+EAPI void eina_array_clean(Eina_Array * array) EINA_ARG_NONNULL(1);
+EAPI void eina_array_flush(Eina_Array * array) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_array_remove(Eina_Array * array,
+ Eina_Bool(*keep) (void *data,
+ void *gdata),
+ void *gdata) EINA_ARG_NONNULL(1, 2);
+static inline Eina_Bool eina_array_push(Eina_Array * array,
+ const void *data)
+EINA_ARG_NONNULL(1, 2);
+static inline void *eina_array_pop(Eina_Array * array) EINA_ARG_NONNULL(1);
+static inline void *eina_array_data_get(const Eina_Array * array,
+ unsigned int idx)
+EINA_ARG_NONNULL(1);
+static inline void eina_array_data_set(const Eina_Array * array,
+ unsigned int idx,
+ const void *data)
+EINA_ARG_NONNULL(1, 3);
+static inline unsigned int eina_array_count_get(const Eina_Array *
+ array) EINA_ARG_NONNULL(1);
+EAPI Eina_Iterator *eina_array_iterator_new(const Eina_Array * array)
+EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Accessor *eina_array_accessor_new(const Eina_Array * array)
+EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+static inline Eina_Bool eina_array_foreach(Eina_Array * array,
+ Eina_Each_Cb cb, void *data);
/**
* @def EINA_ARRAY_ITER_NEXT
* @brief Macro to iterate over an array easily.
diff --git a/tests/suite/ecore/src/include/eina_benchmark.h b/tests/suite/ecore/src/include/eina_benchmark.h
index e0faa722df..2fd7b8cf50 100644
--- a/tests/suite/ecore/src/include/eina_benchmark.h
+++ b/tests/suite/ecore/src/include/eina_benchmark.h
@@ -43,7 +43,7 @@ typedef struct _Eina_Benchmark Eina_Benchmark;
* @typedef Eina_Benchmark_Specimens
* Type for a test function to be called when running a benchmark.
*/
-typedef void (*Eina_Benchmark_Specimens)(int request);
+typedef void (*Eina_Benchmark_Specimens) (int request);
/**
* @def EINA_BENCHMARK
@@ -55,16 +55,14 @@ typedef void (*Eina_Benchmark_Specimens)(int request);
*/
#define EINA_BENCHMARK(function) ((Eina_Benchmark_Specimens)function)
-EAPI Eina_Benchmark * eina_benchmark_new(const char *name,
- const char *run);
-EAPI void eina_benchmark_free(Eina_Benchmark *bench);
-EAPI Eina_Bool eina_benchmark_register(Eina_Benchmark *bench,
- const char *name,
- Eina_Benchmark_Specimens bench_cb,
- int count_start,
- int count_end,
- int count_set);
-EAPI Eina_Array * eina_benchmark_run(Eina_Benchmark *bench);
+EAPI Eina_Benchmark *eina_benchmark_new(const char *name, const char *run);
+EAPI void eina_benchmark_free(Eina_Benchmark * bench);
+EAPI Eina_Bool eina_benchmark_register(Eina_Benchmark * bench,
+ const char *name,
+ Eina_Benchmark_Specimens bench_cb,
+ int count_start,
+ int count_end, int count_set);
+EAPI Eina_Array *eina_benchmark_run(Eina_Benchmark * bench);
/**
* @}
@@ -74,4 +72,4 @@ EAPI Eina_Array * eina_benchmark_run(Eina_Benchmark *bench);
* @}
*/
-#endif /* EINA_BENCHMARK_H_ */
+#endif /* EINA_BENCHMARK_H_ */
diff --git a/tests/suite/ecore/src/include/eina_binshare.h b/tests/suite/ecore/src/include/eina_binshare.h
index e785ed0137..471665ad30 100644
--- a/tests/suite/ecore/src/include/eina_binshare.h
+++ b/tests/suite/ecore/src/include/eina_binshare.h
@@ -65,14 +65,15 @@
* @{
*/
-EAPI Eina_Bool eina_binshare_init(void);
-EAPI Eina_Bool eina_binshare_shutdown(void);
-EAPI const void * eina_binshare_add_length(const void *obj,
- unsigned int olen) EINA_PURE EINA_WARN_UNUSED_RESULT;
-EAPI const void * eina_binshare_ref(const void *obj);
-EAPI void eina_binshare_del(const void *obj);
-EAPI int eina_binshare_length(const void *obj) EINA_WARN_UNUSED_RESULT;
-EAPI void eina_binshare_dump(void);
+EAPI Eina_Bool eina_binshare_init(void);
+EAPI Eina_Bool eina_binshare_shutdown(void);
+EAPI const void *eina_binshare_add_length(const void *obj,
+ unsigned int olen)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+EAPI const void *eina_binshare_ref(const void *obj);
+EAPI void eina_binshare_del(const void *obj);
+EAPI int eina_binshare_length(const void *obj) EINA_WARN_UNUSED_RESULT;
+EAPI void eina_binshare_dump(void);
/**
* @brief Retrieve an instance of a blob for use in a program.
@@ -102,4 +103,4 @@ EAPI void eina_binshare_dump(void);
* @}
*/
-#endif /* EINA_STRINGSHARE_H_ */
+#endif /* EINA_STRINGSHARE_H_ */
diff --git a/tests/suite/ecore/src/include/eina_config.h b/tests/suite/ecore/src/include/eina_config.h
index f89327d6a6..14ba859a29 100644
--- a/tests/suite/ecore/src/include/eina_config.h
+++ b/tests/suite/ecore/src/include/eina_config.h
@@ -20,33 +20,33 @@
#define EINA_CONFIG_H_
#ifdef EINA_MAGIC_DEBUG
-# undef EINA_MAGIC_DEBUG
+#undef EINA_MAGIC_DEBUG
#endif
#define EINA_MAGIC_DEBUG
#ifdef EINA_DEFAULT_MEMPOOL
-# undef EINA_DEFAULT_MEMPOOL
+#undef EINA_DEFAULT_MEMPOOL
#endif
#ifdef EINA_SAFETY_CHECKS
-# undef EINA_SAFETY_CHECKS
+#undef EINA_SAFETY_CHECKS
#endif
#define EINA_SAFETY_CHECKS
#ifdef EINA_HAVE_INTTYPES_H
-# undef EINA_HAVE_INTTYPES_H
+#undef EINA_HAVE_INTTYPES_H
#endif
#define EINA_HAVE_INTTYPES_H
#ifdef EINA_HAVE_STDINT_H
-# undef EINA_HAVE_STDINT_H
+#undef EINA_HAVE_STDINT_H
#endif
#define EINA_HAVE_STDINT_H
#ifdef EINA_SIZEOF_WCHAR_T
-# undef EINA_SIZEOF_WCHAR_T
+#undef EINA_SIZEOF_WCHAR_T
#endif
#define EINA_SIZEOF_WCHAR_T 4
-#endif /* EINA_CONFIG_H_ */
+#endif /* EINA_CONFIG_H_ */
diff --git a/tests/suite/ecore/src/include/eina_convert.h b/tests/suite/ecore/src/include/eina_convert.h
index 8cd64334f5..e4a56d6d00 100644
--- a/tests/suite/ecore/src/include/eina_convert.h
+++ b/tests/suite/ecore/src/include/eina_convert.h
@@ -54,20 +54,19 @@ EAPI extern Eina_Error EINA_ERROR_CONVERT_0X_NOT_FOUND;
*/
EAPI extern Eina_Error EINA_ERROR_CONVERT_OUTRUN_STRING_LENGTH;
-EAPI int eina_convert_itoa(int n, char *s) EINA_ARG_NONNULL(2);
-EAPI int eina_convert_xtoa(unsigned int n, char *s) EINA_ARG_NONNULL(2);
+EAPI int eina_convert_itoa(int n, char *s) EINA_ARG_NONNULL(2);
+EAPI int eina_convert_xtoa(unsigned int n, char *s) EINA_ARG_NONNULL(2);
-EAPI int eina_convert_dtoa(double d, char *des) EINA_ARG_NONNULL(2);
+EAPI int eina_convert_dtoa(double d, char *des) EINA_ARG_NONNULL(2);
EAPI Eina_Bool eina_convert_atod(const char *src,
- int length,
- long long *m,
- long *e) EINA_ARG_NONNULL(1,3,4);
+ int length,
+ long long *m,
+ long *e) EINA_ARG_NONNULL(1, 3, 4);
-EAPI int eina_convert_fptoa(Eina_F32p32 fp,
- char *des) EINA_ARG_NONNULL(2);
+EAPI int eina_convert_fptoa(Eina_F32p32 fp, char *des) EINA_ARG_NONNULL(2);
EAPI Eina_Bool eina_convert_atofp(const char *src,
- int length,
- Eina_F32p32 *fp) EINA_ARG_NONNULL(1,3);
+ int length,
+ Eina_F32p32 * fp) EINA_ARG_NONNULL(1, 3);
/**
* @}
@@ -77,4 +76,4 @@ EAPI Eina_Bool eina_convert_atofp(const char *src,
* @}
*/
-#endif /* EINA_CONVERT_H_ */
+#endif /* EINA_CONVERT_H_ */
diff --git a/tests/suite/ecore/src/include/eina_counter.h b/tests/suite/ecore/src/include/eina_counter.h
index fc7b23f533..443586a7bb 100644
--- a/tests/suite/ecore/src/include/eina_counter.h
+++ b/tests/suite/ecore/src/include/eina_counter.h
@@ -39,12 +39,13 @@
*/
typedef struct _Eina_Counter Eina_Counter;
-EAPI Eina_Counter * eina_counter_new(const char *name) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
-EAPI void eina_counter_free(Eina_Counter *counter) EINA_ARG_NONNULL(1);
-EAPI void eina_counter_start(Eina_Counter *counter) EINA_ARG_NONNULL(1);
-EAPI void eina_counter_stop(Eina_Counter *counter,
- int specimen) EINA_ARG_NONNULL(1);
-EAPI char * eina_counter_dump(Eina_Counter *counter) EINA_ARG_NONNULL(1);
+EAPI Eina_Counter *eina_counter_new(const char *name)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+EAPI void eina_counter_free(Eina_Counter * counter) EINA_ARG_NONNULL(1);
+EAPI void eina_counter_start(Eina_Counter * counter) EINA_ARG_NONNULL(1);
+EAPI void eina_counter_stop(Eina_Counter * counter,
+ int specimen) EINA_ARG_NONNULL(1);
+EAPI char *eina_counter_dump(Eina_Counter * counter) EINA_ARG_NONNULL(1);
/**
* @}
@@ -54,4 +55,4 @@ EAPI char * eina_counter_dump(Eina_Counter *counter) EINA_ARG_NONNULL(1)
* @}
*/
-#endif /* EINA_COUNTER_H_ */
+#endif /* EINA_COUNTER_H_ */
diff --git a/tests/suite/ecore/src/include/eina_cpu.h b/tests/suite/ecore/src/include/eina_cpu.h
index ac32e1db9b..3fb293af66 100644
--- a/tests/suite/ecore/src/include/eina_cpu.h
+++ b/tests/suite/ecore/src/include/eina_cpu.h
@@ -21,19 +21,18 @@
#include "eina_types.h"
-typedef enum _Eina_Cpu_Features
-{
- EINA_CPU_MMX = 0x00000001,
- EINA_CPU_SSE = 0x00000002,
- EINA_CPU_SSE2 = 0x00000004,
- EINA_CPU_SSE3 = 0x00000008,
- /* TODO 3DNow! */
- EINA_CPU_ALTIVEC = 0x00000010,
- EINA_CPU_VIS = 0x00000020,
- EINA_CPU_NEON = 0x00000040,
+typedef enum _Eina_Cpu_Features {
+ EINA_CPU_MMX = 0x00000001,
+ EINA_CPU_SSE = 0x00000002,
+ EINA_CPU_SSE2 = 0x00000004,
+ EINA_CPU_SSE3 = 0x00000008,
+ /* TODO 3DNow! */
+ EINA_CPU_ALTIVEC = 0x00000010,
+ EINA_CPU_VIS = 0x00000020,
+ EINA_CPU_NEON = 0x00000040,
} Eina_Cpu_Features;
EAPI Eina_Cpu_Features eina_cpu_features_get(void);
-EAPI int eina_cpu_count(void);
+EAPI int eina_cpu_count(void);
-#endif /* EINA_CPU_H_ */
+#endif /* EINA_CPU_H_ */
diff --git a/tests/suite/ecore/src/include/eina_error.h b/tests/suite/ecore/src/include/eina_error.h
index 8c74b66f0f..f654c4b1ea 100644
--- a/tests/suite/ecore/src/include/eina_error.h
+++ b/tests/suite/ecore/src/include/eina_error.h
@@ -47,13 +47,15 @@ typedef int Eina_Error;
*/
EAPI extern Eina_Error EINA_ERROR_OUT_OF_MEMORY;
-EAPI Eina_Error eina_error_msg_register(const char *msg) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Error eina_error_msg_static_register(const char *msg) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Bool eina_error_msg_modify(Eina_Error error,
- const char *msg) EINA_ARG_NONNULL(2);
-EAPI Eina_Error eina_error_get(void);
-EAPI void eina_error_set(Eina_Error err);
-EAPI const char * eina_error_msg_get(Eina_Error error) EINA_PURE;
+EAPI Eina_Error eina_error_msg_register(const char *msg)
+EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Error eina_error_msg_static_register(const char *msg)
+EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Bool eina_error_msg_modify(Eina_Error error,
+ const char *msg) EINA_ARG_NONNULL(2);
+EAPI Eina_Error eina_error_get(void);
+EAPI void eina_error_set(Eina_Error err);
+EAPI const char *eina_error_msg_get(Eina_Error error) EINA_PURE;
/**
* @}
@@ -63,4 +65,4 @@ EAPI const char * eina_error_msg_get(Eina_Error error) EINA_PURE;
* @}
*/
-#endif /* EINA_ERROR_H_ */
+#endif /* EINA_ERROR_H_ */
diff --git a/tests/suite/ecore/src/include/eina_file.h b/tests/suite/ecore/src/include/eina_file.h
index 4c3740ffa0..40fb4c4adf 100644
--- a/tests/suite/ecore/src/include/eina_file.h
+++ b/tests/suite/ecore/src/include/eina_file.h
@@ -48,19 +48,24 @@ typedef struct _Eina_File_Direct_Info Eina_File_Direct_Info;
* Type for a callback to be called when iterating over the files of a
* directory.
*/
-typedef void (*Eina_File_Dir_List_Cb)(const char *name, const char *path, void *data);
+typedef void (*Eina_File_Dir_List_Cb) (const char *name, const char *path,
+ void *data);
/**
* @struct _Eina_File_Direct_Info
* A structure to store informations of a path.
*/
-struct _Eina_File_Direct_Info
-{
- size_t path_length; /**< size of the whole path */
- size_t name_length; /**< size of the filename/basename component */
- size_t name_start; /**< where the filename/basename component starts */
- char path[PATH_MAX]; /**< the path */
- const struct dirent *dirent; /**< the dirent structure of the path */
+struct _Eina_File_Direct_Info {
+ size_t path_length;
+ /**< size of the whole path */
+ size_t name_length;
+ /**< size of the filename/basename component */
+ size_t name_start;
+ /**< where the filename/basename component starts */
+ char path[PATH_MAX];
+ /**< the path */
+ const struct dirent *dirent;
+ /**< the dirent structure of the path */
};
/**
@@ -73,13 +78,16 @@ struct _Eina_File_Direct_Info
*/
#define EINA_FILE_DIR_LIST_CB(function) ((Eina_File_Dir_List_Cb)function)
-EAPI Eina_Bool eina_file_dir_list(const char *dir,
- Eina_Bool recursive,
- Eina_File_Dir_List_Cb cb,
- void *data) EINA_ARG_NONNULL(1, 3);
-EAPI Eina_Array * eina_file_split(char *path) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_MALLOC;
-EAPI Eina_Iterator * eina_file_ls(const char *dir) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_MALLOC;
-EAPI Eina_Iterator * eina_file_direct_ls(const char *dir) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_MALLOC;
+EAPI Eina_Bool eina_file_dir_list(const char *dir,
+ Eina_Bool recursive,
+ Eina_File_Dir_List_Cb cb,
+ void *data) EINA_ARG_NONNULL(1, 3);
+EAPI Eina_Array *eina_file_split(char *path)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_MALLOC;
+EAPI Eina_Iterator *eina_file_ls(const char *dir)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_MALLOC;
+EAPI Eina_Iterator *eina_file_direct_ls(const char *dir)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_MALLOC;
/**
* @}
@@ -89,4 +97,4 @@ EAPI Eina_Iterator * eina_file_direct_ls(const char *dir) EINA_WARN_UNUSED_RESUL
* @}
*/
-#endif /* EINA_FILE_H_ */
+#endif /* EINA_FILE_H_ */
diff --git a/tests/suite/ecore/src/include/eina_fp.h b/tests/suite/ecore/src/include/eina_fp.h
index 47dbaa486d..5aba5ef96f 100644
--- a/tests/suite/ecore/src/include/eina_fp.h
+++ b/tests/suite/ecore/src/include/eina_fp.h
@@ -18,7 +18,7 @@
*/
#ifndef EINA_FP_H_
-# define EINA_FP_H_
+#define EINA_FP_H_
#include "eina_types.h"
@@ -27,7 +27,7 @@ typedef unsigned __int64 uint64_t;
typedef signed __int64 int64_t;
typedef signed int int32_t;
#else
-# include <stdint.h>
+#include <stdint.h>
#endif
#define EINA_F32P32_PI 0x00000003243f6a89
@@ -36,72 +36,57 @@ typedef int64_t Eina_F32p32;
typedef int32_t Eina_F16p16;
typedef int32_t Eina_F8p24;
-static inline Eina_F32p32 eina_f32p32_int_from(int32_t v);
-static inline int32_t eina_f32p32_int_to(Eina_F32p32 v);
-static inline Eina_F32p32 eina_f32p32_double_from(double v);
-static inline double eina_f32p32_double_to(Eina_F32p32 v);
-
-static inline Eina_F32p32 eina_f32p32_add(Eina_F32p32 a,
- Eina_F32p32 b);
-static inline Eina_F32p32 eina_f32p32_sub(Eina_F32p32 a,
- Eina_F32p32 b);
-static inline Eina_F32p32 eina_f32p32_mul(Eina_F32p32 a,
- Eina_F32p32 b);
-static inline Eina_F32p32 eina_f32p32_scale(Eina_F32p32 a,
- int b);
-static inline Eina_F32p32 eina_f32p32_div(Eina_F32p32 a,
- Eina_F32p32 b);
-static inline Eina_F32p32 eina_f32p32_sqrt(Eina_F32p32 a);
+static inline Eina_F32p32 eina_f32p32_int_from(int32_t v);
+static inline int32_t eina_f32p32_int_to(Eina_F32p32 v);
+static inline Eina_F32p32 eina_f32p32_double_from(double v);
+static inline double eina_f32p32_double_to(Eina_F32p32 v);
+
+static inline Eina_F32p32 eina_f32p32_add(Eina_F32p32 a, Eina_F32p32 b);
+static inline Eina_F32p32 eina_f32p32_sub(Eina_F32p32 a, Eina_F32p32 b);
+static inline Eina_F32p32 eina_f32p32_mul(Eina_F32p32 a, Eina_F32p32 b);
+static inline Eina_F32p32 eina_f32p32_scale(Eina_F32p32 a, int b);
+static inline Eina_F32p32 eina_f32p32_div(Eina_F32p32 a, Eina_F32p32 b);
+static inline Eina_F32p32 eina_f32p32_sqrt(Eina_F32p32 a);
static inline unsigned int eina_f32p32_fracc_get(Eina_F32p32 v);
// dont use llabs - issues if not on 64bit
#define eina_fp32p32_llabs(a) ((a < 0) ? -(a) : (a))
-EAPI Eina_F32p32 eina_f32p32_cos(Eina_F32p32 a);
-EAPI Eina_F32p32 eina_f32p32_sin(Eina_F32p32 a);
-
-static inline Eina_F16p16 eina_f16p16_int_from(int32_t v);
-static inline int32_t eina_f16p16_int_to(Eina_F16p16 v);
-static inline Eina_F16p16 eina_f16p16_float_from(float v);
-static inline float eina_f16p16_float_to(Eina_F16p16 v);
-
-static inline Eina_F16p16 eina_f16p16_add(Eina_F16p16 a,
- Eina_F16p16 b);
-static inline Eina_F16p16 eina_f16p16_sub(Eina_F16p16 a,
- Eina_F16p16 b);
-static inline Eina_F16p16 eina_f16p16_mul(Eina_F16p16 a,
- Eina_F16p16 b);
-static inline Eina_F16p16 eina_f16p16_scale(Eina_F16p16 a,
- int b);
-static inline Eina_F16p16 eina_f16p16_div(Eina_F16p16 a,
- Eina_F16p16 b);
-static inline Eina_F16p16 eina_f16p16_sqrt(Eina_F16p16 a);
+EAPI Eina_F32p32 eina_f32p32_cos(Eina_F32p32 a);
+EAPI Eina_F32p32 eina_f32p32_sin(Eina_F32p32 a);
+
+static inline Eina_F16p16 eina_f16p16_int_from(int32_t v);
+static inline int32_t eina_f16p16_int_to(Eina_F16p16 v);
+static inline Eina_F16p16 eina_f16p16_float_from(float v);
+static inline float eina_f16p16_float_to(Eina_F16p16 v);
+
+static inline Eina_F16p16 eina_f16p16_add(Eina_F16p16 a, Eina_F16p16 b);
+static inline Eina_F16p16 eina_f16p16_sub(Eina_F16p16 a, Eina_F16p16 b);
+static inline Eina_F16p16 eina_f16p16_mul(Eina_F16p16 a, Eina_F16p16 b);
+static inline Eina_F16p16 eina_f16p16_scale(Eina_F16p16 a, int b);
+static inline Eina_F16p16 eina_f16p16_div(Eina_F16p16 a, Eina_F16p16 b);
+static inline Eina_F16p16 eina_f16p16_sqrt(Eina_F16p16 a);
static inline unsigned int eina_f16p16_fracc_get(Eina_F16p16 v);
-static inline Eina_F8p24 eina_f8p24_int_from(int32_t v);
-static inline int32_t eina_f8p24_int_to(Eina_F8p24 v);
-static inline Eina_F8p24 eina_f8p24_float_from(float v);
-static inline float eina_f8p24_float_to(Eina_F8p24 v);
-
-static inline Eina_F8p24 eina_f8p24_add(Eina_F8p24 a,
- Eina_F8p24 b);
-static inline Eina_F8p24 eina_f8p24_sub(Eina_F8p24 a,
- Eina_F8p24 b);
-static inline Eina_F8p24 eina_f8p24_mul(Eina_F8p24 a,
- Eina_F8p24 b);
-static inline Eina_F8p24 eina_f8p24_scale(Eina_F8p24 a,
- int b);
-static inline Eina_F8p24 eina_f8p24_div(Eina_F8p24 a,
- Eina_F8p24 b);
-static inline Eina_F8p24 eina_f8p24_sqrt(Eina_F8p24 a);
+static inline Eina_F8p24 eina_f8p24_int_from(int32_t v);
+static inline int32_t eina_f8p24_int_to(Eina_F8p24 v);
+static inline Eina_F8p24 eina_f8p24_float_from(float v);
+static inline float eina_f8p24_float_to(Eina_F8p24 v);
+
+static inline Eina_F8p24 eina_f8p24_add(Eina_F8p24 a, Eina_F8p24 b);
+static inline Eina_F8p24 eina_f8p24_sub(Eina_F8p24 a, Eina_F8p24 b);
+static inline Eina_F8p24 eina_f8p24_mul(Eina_F8p24 a, Eina_F8p24 b);
+static inline Eina_F8p24 eina_f8p24_scale(Eina_F8p24 a, int b);
+static inline Eina_F8p24 eina_f8p24_div(Eina_F8p24 a, Eina_F8p24 b);
+static inline Eina_F8p24 eina_f8p24_sqrt(Eina_F8p24 a);
static inline unsigned int eina_f8p24_fracc_get(Eina_F8p24 v);
-static inline Eina_F32p32 eina_f16p16_to_f32p32(Eina_F16p16 a);
-static inline Eina_F32p32 eina_f8p24_to_f32p32(Eina_F8p24 a);
-static inline Eina_F16p16 eina_f32p32_to_f16p16(Eina_F32p32 a);
-static inline Eina_F16p16 eina_f8p24_to_f16p16(Eina_F8p24 a);
-static inline Eina_F8p24 eina_f32p32_to_f8p24(Eina_F32p32 a);
-static inline Eina_F8p24 eina_f16p16_to_f8p24(Eina_F16p16 a);
+static inline Eina_F32p32 eina_f16p16_to_f32p32(Eina_F16p16 a);
+static inline Eina_F32p32 eina_f8p24_to_f32p32(Eina_F8p24 a);
+static inline Eina_F16p16 eina_f32p32_to_f16p16(Eina_F32p32 a);
+static inline Eina_F16p16 eina_f8p24_to_f16p16(Eina_F8p24 a);
+static inline Eina_F8p24 eina_f32p32_to_f8p24(Eina_F32p32 a);
+static inline Eina_F8p24 eina_f16p16_to_f8p24(Eina_F16p16 a);
#include "eina_inline_f32p32.x"
#include "eina_inline_f16p16.x"
diff --git a/tests/suite/ecore/src/include/eina_hamster.h b/tests/suite/ecore/src/include/eina_hamster.h
index 0818b15616..5b160994fd 100644
--- a/tests/suite/ecore/src/include/eina_hamster.h
+++ b/tests/suite/ecore/src/include/eina_hamster.h
@@ -41,4 +41,4 @@ EAPI int eina_hamster_count(void);
* @}
*/
-#endif /* EINA_HAMSTER_H_ */
+#endif /* EINA_HAMSTER_H_ */
diff --git a/tests/suite/ecore/src/include/eina_hash.h b/tests/suite/ecore/src/include/eina_hash.h
index 03451339a9..d1fc8b13aa 100644
--- a/tests/suite/ecore/src/include/eina_hash.h
+++ b/tests/suite/ecore/src/include/eina_hash.h
@@ -49,107 +49,115 @@ typedef struct _Eina_Hash Eina_Hash;
typedef struct _Eina_Hash_Tuple Eina_Hash_Tuple;
-struct _Eina_Hash_Tuple
-{
- const void *key; /**< The key */
- void *data; /**< The data associated to the key */
- unsigned int key_length; /**< The length of the key */
+struct _Eina_Hash_Tuple {
+ const void *key;
+ /**< The key */
+ void *data;
+ /**< The data associated to the key */
+ unsigned int key_length;
+ /**< The length of the key */
};
-typedef unsigned int (*Eina_Key_Length)(const void *key);
+typedef unsigned int (*Eina_Key_Length) (const void *key);
#define EINA_KEY_LENGTH(Function) ((Eina_Key_Length)Function)
-typedef int (*Eina_Key_Cmp)(const void *key1, int key1_length, const void *key2, int key2_length);
+typedef int (*Eina_Key_Cmp) (const void *key1, int key1_length,
+ const void *key2, int key2_length);
#define EINA_KEY_CMP(Function) ((Eina_Key_Cmp)Function)
-typedef int (*Eina_Key_Hash)(const void *key, int key_length);
+typedef int (*Eina_Key_Hash) (const void *key, int key_length);
#define EINA_KEY_HASH(Function) ((Eina_Key_Hash)Function)
-typedef Eina_Bool (*Eina_Hash_Foreach)(const Eina_Hash *hash, const void *key, void *data, void *fdata);
+typedef Eina_Bool(*Eina_Hash_Foreach) (const Eina_Hash * hash,
+ const void *key, void *data,
+ void *fdata);
-EAPI Eina_Hash * eina_hash_new(Eina_Key_Length key_length_cb,
- Eina_Key_Cmp key_cmp_cb,
- Eina_Key_Hash key_hash_cb,
- Eina_Free_Cb data_free_cb,
- int buckets_power_size) EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(2, 3);
-EAPI Eina_Hash * eina_hash_string_djb2_new(Eina_Free_Cb data_free_cb);
-EAPI Eina_Hash * eina_hash_string_superfast_new(Eina_Free_Cb data_free_cb);
-EAPI Eina_Hash * eina_hash_string_small_new(Eina_Free_Cb data_free_cb);
-EAPI Eina_Hash * eina_hash_int32_new(Eina_Free_Cb data_free_cb);
-EAPI Eina_Hash * eina_hash_int64_new(Eina_Free_Cb data_free_cb);
-EAPI Eina_Hash * eina_hash_pointer_new(Eina_Free_Cb data_free_cb);
-EAPI Eina_Hash * eina_hash_stringshared_new(Eina_Free_Cb data_free_cb);
-EAPI Eina_Bool eina_hash_add(Eina_Hash *hash,
- const void *key,
- const void *data) EINA_ARG_NONNULL(1, 2, 3);
-EAPI Eina_Bool eina_hash_direct_add(Eina_Hash *hash,
- const void *key,
- const void *data) EINA_ARG_NONNULL(1, 2, 3);
-EAPI Eina_Bool eina_hash_del(Eina_Hash *hash,
- const void *key,
- const void *data) EINA_ARG_NONNULL(1);
-EAPI void * eina_hash_find(const Eina_Hash *hash,
- const void *key) EINA_ARG_NONNULL(1, 2);
-EAPI void * eina_hash_modify(Eina_Hash *hash,
- const void *key,
- const void *data) EINA_ARG_NONNULL(1, 2, 3);
-EAPI void * eina_hash_set(Eina_Hash *hash,
- const void *key,
- const void *data) EINA_ARG_NONNULL(1, 2, 3);
-EAPI Eina_Bool eina_hash_move(Eina_Hash *hash,
- const void *old_key,
- const void *new_key) EINA_ARG_NONNULL(1, 2, 3);
-EAPI void eina_hash_free(Eina_Hash *hash) EINA_ARG_NONNULL(1);
-EAPI void eina_hash_free_buckets(Eina_Hash *hash) EINA_ARG_NONNULL(1);
-EAPI int eina_hash_population(const Eina_Hash *hash) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool eina_hash_add_by_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data) EINA_ARG_NONNULL(1, 2, 5);
-EAPI Eina_Bool eina_hash_direct_add_by_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data) EINA_ARG_NONNULL(1, 2, 5);
-EAPI Eina_Bool eina_hash_del_by_key_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash) EINA_ARG_NONNULL(1, 2);
-EAPI Eina_Bool eina_hash_del_by_key(Eina_Hash *hash,
- const void *key) EINA_ARG_NONNULL(1, 2);
-EAPI Eina_Bool eina_hash_del_by_data(Eina_Hash *hash,
- const void *data) EINA_ARG_NONNULL(1, 2);
-EAPI Eina_Bool eina_hash_del_by_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data) EINA_ARG_NONNULL(1);
-EAPI void * eina_hash_find_by_hash(const Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash) EINA_ARG_NONNULL(1, 2);
-EAPI void * eina_hash_modify_by_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data) EINA_ARG_NONNULL(1, 2, 5);
-EAPI Eina_Iterator * eina_hash_iterator_key_new(const Eina_Hash *hash) EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Iterator * eina_hash_iterator_data_new(const Eina_Hash *hash) EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Iterator * eina_hash_iterator_tuple_new(const Eina_Hash *hash) EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-EAPI void eina_hash_foreach(const Eina_Hash *hash,
- Eina_Hash_Foreach cb,
- const void *fdata) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Hash *eina_hash_new(Eina_Key_Length key_length_cb,
+ Eina_Key_Cmp key_cmp_cb,
+ Eina_Key_Hash key_hash_cb,
+ Eina_Free_Cb data_free_cb,
+ int buckets_power_size)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(2, 3);
+EAPI Eina_Hash *eina_hash_string_djb2_new(Eina_Free_Cb data_free_cb);
+EAPI Eina_Hash *eina_hash_string_superfast_new(Eina_Free_Cb data_free_cb);
+EAPI Eina_Hash *eina_hash_string_small_new(Eina_Free_Cb data_free_cb);
+EAPI Eina_Hash *eina_hash_int32_new(Eina_Free_Cb data_free_cb);
+EAPI Eina_Hash *eina_hash_int64_new(Eina_Free_Cb data_free_cb);
+EAPI Eina_Hash *eina_hash_pointer_new(Eina_Free_Cb data_free_cb);
+EAPI Eina_Hash *eina_hash_stringshared_new(Eina_Free_Cb data_free_cb);
+EAPI Eina_Bool eina_hash_add(Eina_Hash * hash,
+ const void *key,
+ const void *data) EINA_ARG_NONNULL(1, 2, 3);
+EAPI Eina_Bool eina_hash_direct_add(Eina_Hash * hash,
+ const void *key,
+ const void *data) EINA_ARG_NONNULL(1,
+ 2,
+ 3);
+EAPI Eina_Bool eina_hash_del(Eina_Hash * hash, const void *key,
+ const void *data) EINA_ARG_NONNULL(1);
+EAPI void *eina_hash_find(const Eina_Hash * hash,
+ const void *key) EINA_ARG_NONNULL(1, 2);
+EAPI void *eina_hash_modify(Eina_Hash * hash, const void *key,
+ const void *data) EINA_ARG_NONNULL(1, 2, 3);
+EAPI void *eina_hash_set(Eina_Hash * hash, const void *key,
+ const void *data) EINA_ARG_NONNULL(1, 2, 3);
+EAPI Eina_Bool eina_hash_move(Eina_Hash * hash, const void *old_key,
+ const void *new_key) EINA_ARG_NONNULL(1, 2,
+ 3);
+EAPI void eina_hash_free(Eina_Hash * hash) EINA_ARG_NONNULL(1);
+EAPI void eina_hash_free_buckets(Eina_Hash * hash) EINA_ARG_NONNULL(1);
+EAPI int eina_hash_population(const Eina_Hash * hash) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_hash_add_by_hash(Eina_Hash * hash,
+ const void *key,
+ int key_length,
+ int key_hash,
+ const void *data) EINA_ARG_NONNULL(1,
+ 2,
+ 5);
+EAPI Eina_Bool eina_hash_direct_add_by_hash(Eina_Hash * hash,
+ const void *key,
+ int key_length, int key_hash,
+ const void *data)
+EINA_ARG_NONNULL(1, 2, 5);
+EAPI Eina_Bool eina_hash_del_by_key_hash(Eina_Hash * hash, const void *key,
+ int key_length,
+ int key_hash) EINA_ARG_NONNULL(1,
+ 2);
+EAPI Eina_Bool eina_hash_del_by_key(Eina_Hash * hash,
+ const void *key) EINA_ARG_NONNULL(1,
+ 2);
+EAPI Eina_Bool eina_hash_del_by_data(Eina_Hash * hash,
+ const void *data) EINA_ARG_NONNULL(1,
+ 2);
+EAPI Eina_Bool eina_hash_del_by_hash(Eina_Hash * hash, const void *key,
+ int key_length, int key_hash,
+ const void *data) EINA_ARG_NONNULL(1);
+EAPI void *eina_hash_find_by_hash(const Eina_Hash * hash, const void *key,
+ int key_length,
+ int key_hash) EINA_ARG_NONNULL(1, 2);
+EAPI void *eina_hash_modify_by_hash(Eina_Hash * hash, const void *key,
+ int key_length, int key_hash,
+ const void *data) EINA_ARG_NONNULL(1,
+ 2,
+ 5);
+EAPI Eina_Iterator *eina_hash_iterator_key_new(const Eina_Hash * hash)
+EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Iterator *eina_hash_iterator_data_new(const Eina_Hash * hash)
+EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Iterator *eina_hash_iterator_tuple_new(const Eina_Hash * hash)
+EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI void eina_hash_foreach(const Eina_Hash * hash,
+ Eina_Hash_Foreach cb,
+ const void *fdata) EINA_ARG_NONNULL(1, 2);
/* Paul Hsieh (http://www.azillionmonkeys.com/qed/hash.html) hash function used by WebCore (http://webkit.org/blog/8/hashtables-part-2/) */
-EAPI int eina_hash_superfast(const char *key,
- int len) EINA_ARG_NONNULL(1);
+EAPI int eina_hash_superfast(const char *key, int len) EINA_ARG_NONNULL(1);
/* Hash function first reported by dan bernstein many years ago in comp.lang.c */
-static inline int eina_hash_djb2(const char *key,
- int len) EINA_ARG_NONNULL(1);
-static inline int eina_hash_djb2_len(const char *key,
- int *plen) EINA_ARG_NONNULL(1, 2);
+static inline int eina_hash_djb2(const char *key,
+ int len) EINA_ARG_NONNULL(1);
+static inline int eina_hash_djb2_len(const char *key,
+ int *plen) EINA_ARG_NONNULL(1, 2);
/* Hash function from http://www.concentric.net/~Ttwang/tech/inthash.htm */
-static inline int eina_hash_int32(const unsigned int *pkey,
- int len) EINA_ARG_NONNULL(1);
-static inline int eina_hash_int64(const unsigned long int *pkey,
- int len) EINA_ARG_NONNULL(1);
+static inline int eina_hash_int32(const unsigned int *pkey,
+ int len) EINA_ARG_NONNULL(1);
+static inline int eina_hash_int64(const unsigned long int *pkey,
+ int len) EINA_ARG_NONNULL(1);
#include "eina_inline_hash.x"
@@ -165,4 +173,4 @@ static inline int eina_hash_int64(const unsigned long int *pkey,
* @}
*/
-#endif /*EINA_HASH_H_*/
+#endif /*EINA_HASH_H_ */
diff --git a/tests/suite/ecore/src/include/eina_inlist.h b/tests/suite/ecore/src/include/eina_inlist.h
index 34ee0ed522..6e55de38ea 100644
--- a/tests/suite/ecore/src/include/eina_inlist.h
+++ b/tests/suite/ecore/src/include/eina_inlist.h
@@ -52,11 +52,13 @@ typedef struct _Eina_Inlist Eina_Inlist;
* @struct _Eina_Inlist
* Inlined list type.
*/
-struct _Eina_Inlist
-{
- Eina_Inlist *next; /**< next node */
- Eina_Inlist *prev; /**< previous node */
- Eina_Inlist *last; /**< last node */
+struct _Eina_Inlist {
+ Eina_Inlist *next;
+ /**< next node */
+ Eina_Inlist *prev;
+ /**< previous node */
+ Eina_Inlist *last;
+ /**< last node */
};
#define EINA_INLIST Eina_Inlist __in_list
@@ -65,28 +67,50 @@ struct _Eina_Inlist
type) ((type *)((char *)ptr - \
offsetof(type, __in_list)))
-EAPI Eina_Inlist * eina_inlist_append(Eina_Inlist *in_list,
- Eina_Inlist *in_item) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Inlist * eina_inlist_prepend(Eina_Inlist *in_list,
- Eina_Inlist *in_item) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Inlist * eina_inlist_append_relative(Eina_Inlist *in_list,
- Eina_Inlist *in_item,
- Eina_Inlist *in_relative) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Inlist * eina_inlist_prepend_relative(Eina_Inlist *in_list,
- Eina_Inlist *in_item,
- Eina_Inlist *in_relative) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Inlist * eina_inlist_remove(Eina_Inlist *in_list,
- Eina_Inlist *in_item) EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Inlist * eina_inlist_find(Eina_Inlist *in_list,
- Eina_Inlist *in_item) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Inlist * eina_inlist_promote(Eina_Inlist *list,
- Eina_Inlist *item) EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Inlist * eina_inlist_demote(Eina_Inlist *list,
- Eina_Inlist *item) EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-EAPI unsigned int eina_inlist_count(const Eina_Inlist *list) EINA_WARN_UNUSED_RESULT;
-
-EAPI Eina_Iterator *eina_inlist_iterator_new(const Eina_Inlist *in_list) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Accessor *eina_inlist_accessor_new(const Eina_Inlist *in_list) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Inlist *eina_inlist_append(Eina_Inlist * in_list,
+ Eina_Inlist *
+ in_item) EINA_ARG_NONNULL(2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Inlist *eina_inlist_prepend(Eina_Inlist * in_list,
+ Eina_Inlist *
+ in_item) EINA_ARG_NONNULL(2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Inlist *eina_inlist_append_relative(Eina_Inlist * in_list,
+ Eina_Inlist * in_item,
+ Eina_Inlist *
+ in_relative)
+EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Inlist *eina_inlist_prepend_relative(Eina_Inlist * in_list,
+ Eina_Inlist * in_item,
+ Eina_Inlist *
+ in_relative)
+EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Inlist *eina_inlist_remove(Eina_Inlist * in_list,
+ Eina_Inlist *
+ in_item) EINA_ARG_NONNULL(1,
+ 2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Inlist *eina_inlist_find(Eina_Inlist * in_list,
+ Eina_Inlist *
+ in_item) EINA_ARG_NONNULL(2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Inlist *eina_inlist_promote(Eina_Inlist * list,
+ Eina_Inlist *
+ item) EINA_ARG_NONNULL(1,
+ 2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Inlist *eina_inlist_demote(Eina_Inlist * list,
+ Eina_Inlist *
+ item) EINA_ARG_NONNULL(1,
+ 2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI unsigned int eina_inlist_count(const Eina_Inlist *
+ list) EINA_WARN_UNUSED_RESULT;
+
+EAPI Eina_Iterator *eina_inlist_iterator_new(const Eina_Inlist * in_list)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Accessor *eina_inlist_accessor_new(const Eina_Inlist * in_list)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
/* This two macros are helpers for the _FOREACH ones, don't use them */
#define _EINA_INLIST_OFFSET(ref) ((char *)&(ref)->__in_list - (char *)(ref))
@@ -112,4 +136,4 @@ EAPI Eina_Accessor *eina_inlist_accessor_new(const Eina_Inlist *in_list) EINA_MA
* @}
*/
-#endif /*EINA_INLIST_H_*/
+#endif /*EINA_INLIST_H_ */
diff --git a/tests/suite/ecore/src/include/eina_iterator.h b/tests/suite/ecore/src/include/eina_iterator.h
index 15188be0fa..5db0809911 100644
--- a/tests/suite/ecore/src/include/eina_iterator.h
+++ b/tests/suite/ecore/src/include/eina_iterator.h
@@ -42,26 +42,28 @@
*/
typedef struct _Eina_Iterator Eina_Iterator;
-typedef Eina_Bool (*Eina_Iterator_Next_Callback)(Eina_Iterator *it, void **data);
-typedef void *(*Eina_Iterator_Get_Container_Callback)(Eina_Iterator *it);
-typedef void (*Eina_Iterator_Free_Callback)(Eina_Iterator *it);
-typedef Eina_Bool (*Eina_Iterator_Lock_Callback)(Eina_Iterator *it);
+typedef Eina_Bool(*Eina_Iterator_Next_Callback) (Eina_Iterator * it,
+ void **data);
+typedef void *(*Eina_Iterator_Get_Container_Callback) (Eina_Iterator * it);
+typedef void (*Eina_Iterator_Free_Callback) (Eina_Iterator * it);
+typedef Eina_Bool(*Eina_Iterator_Lock_Callback) (Eina_Iterator * it);
-struct _Eina_Iterator
-{
+struct _Eina_Iterator {
#define EINA_ITERATOR_VERSION 1
- int version;
+ int version;
- Eina_Iterator_Next_Callback next EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
- Eina_Iterator_Get_Container_Callback get_container EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
- Eina_Iterator_Free_Callback free EINA_ARG_NONNULL(1);
+ Eina_Iterator_Next_Callback next EINA_ARG_NONNULL(1,
+ 2)
+ EINA_WARN_UNUSED_RESULT;
+ Eina_Iterator_Get_Container_Callback get_container
+ EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+ Eina_Iterator_Free_Callback free EINA_ARG_NONNULL(1);
- Eina_Iterator_Lock_Callback lock EINA_WARN_UNUSED_RESULT;
- Eina_Iterator_Lock_Callback unlock EINA_WARN_UNUSED_RESULT;
+ Eina_Iterator_Lock_Callback lock EINA_WARN_UNUSED_RESULT;
+ Eina_Iterator_Lock_Callback unlock EINA_WARN_UNUSED_RESULT;
#define EINA_MAGIC_ITERATOR 0x98761233
- EINA_MAGIC
-};
+ EINA_MAGIC};
#define FUNC_ITERATOR_NEXT(Function) ((Eina_Iterator_Next_Callback)Function)
@@ -71,18 +73,24 @@ struct _Eina_Iterator
#define FUNC_ITERATOR_FREE(Function) ((Eina_Iterator_Free_Callback)Function)
#define FUNC_ITERATOR_LOCK(Function) ((Eina_Iterator_Lock_Callback)Function)
-EAPI void eina_iterator_free (Eina_Iterator *iterator) EINA_ARG_NONNULL(1);
+EAPI void eina_iterator_free(Eina_Iterator * iterator) EINA_ARG_NONNULL(1);
-EAPI void * eina_iterator_container_get (Eina_Iterator *iterator) EINA_ARG_NONNULL(1) EINA_PURE;
-EAPI Eina_Bool eina_iterator_next (Eina_Iterator *iterator,
- void **data) EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
+EAPI void *eina_iterator_container_get(Eina_Iterator *
+ iterator) EINA_ARG_NONNULL(1)
+ EINA_PURE;
+EAPI Eina_Bool eina_iterator_next(Eina_Iterator * iterator,
+ void **data) EINA_ARG_NONNULL(1,
+ 2)
+ EINA_WARN_UNUSED_RESULT;
-EAPI void eina_iterator_foreach (Eina_Iterator *iterator,
- Eina_Each_Cb callback,
- const void *fdata) EINA_ARG_NONNULL(1, 2);
+EAPI void eina_iterator_foreach(Eina_Iterator * iterator,
+ Eina_Each_Cb callback,
+ const void *fdata) EINA_ARG_NONNULL(1, 2);
-EAPI Eina_Bool eina_iterator_lock(Eina_Iterator *iterator) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool eina_iterator_unlock(Eina_Iterator *iterator) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_iterator_lock(Eina_Iterator *
+ iterator) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_iterator_unlock(Eina_Iterator *
+ iterator) EINA_ARG_NONNULL(1);
/**
* @def EINA_ITERATOR_FOREACH
diff --git a/tests/suite/ecore/src/include/eina_lalloc.h b/tests/suite/ecore/src/include/eina_lalloc.h
index d41a9edb83..69ccba8653 100644
--- a/tests/suite/ecore/src/include/eina_lalloc.h
+++ b/tests/suite/ecore/src/include/eina_lalloc.h
@@ -33,21 +33,22 @@
* @{
*/
-typedef Eina_Bool (*Eina_Lalloc_Alloc)(void *user_data, int num);
+typedef Eina_Bool(*Eina_Lalloc_Alloc) (void *user_data, int num);
#define EINA_LALLOC_ALLOC(function) ((Eina_Lalloc_Alloc)function)
-typedef void (*Eina_Lalloc_Free)(void *user_data);
+typedef void (*Eina_Lalloc_Free) (void *user_data);
#define EINA_LALLOC_FREE(function) ((Eina_Lalloc_Free)function)
typedef struct _Eina_Lalloc Eina_Lalloc;
EAPI Eina_Lalloc *eina_lalloc_new(void *data,
- Eina_Lalloc_Alloc alloc_cb,
- Eina_Lalloc_Free free_cb,
- int num_init) EINA_ARG_NONNULL(2, 3);
-EAPI void eina_lalloc_free(Eina_Lalloc *a) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool eina_lalloc_elements_add(Eina_Lalloc *a,
- int num) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool eina_lalloc_element_add(Eina_Lalloc *a) EINA_ARG_NONNULL(1);
+ Eina_Lalloc_Alloc alloc_cb,
+ Eina_Lalloc_Free free_cb,
+ int num_init) EINA_ARG_NONNULL(2, 3);
+EAPI void eina_lalloc_free(Eina_Lalloc * a) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_lalloc_elements_add(Eina_Lalloc * a,
+ int num) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_lalloc_element_add(Eina_Lalloc *
+ a) EINA_ARG_NONNULL(1);
/**
* @}
@@ -57,4 +58,4 @@ EAPI Eina_Bool eina_lalloc_element_add(Eina_Lalloc *a) EINA_ARG_NONNULL(1);
* @}
*/
-#endif /* EINA_LALLOC_H_ */
+#endif /* EINA_LALLOC_H_ */
diff --git a/tests/suite/ecore/src/include/eina_list.h b/tests/suite/ecore/src/include/eina_list.h
index 835422d418..63219f7cda 100644
--- a/tests/suite/ecore/src/include/eina_list.h
+++ b/tests/suite/ecore/src/include/eina_list.h
@@ -58,63 +58,127 @@ typedef struct _Eina_List_Accounting Eina_List_Accounting;
* @struct _Eina_List
* Type for a generic double linked list.
*/
-struct _Eina_List
-{
- void *data; /**< Pointer to list element payload */
- Eina_List *next; /**< Next member in the list */
- Eina_List *prev; /**< Previous member in the list */
- Eina_List_Accounting *accounting; /**< Private list accounting info - don't touch */
+struct _Eina_List {
+ void *data;
+ /**< Pointer to list element payload */
+ Eina_List *next;
+ /**< Next member in the list */
+ Eina_List *prev;
+ /**< Previous member in the list */
+ Eina_List_Accounting *accounting;
+ /**< Private list accounting info - don't touch */
- EINA_MAGIC
-};
+ EINA_MAGIC};
-struct _Eina_List_Accounting
-{
- Eina_List *last;
- unsigned int count;
- EINA_MAGIC
-};
+struct _Eina_List_Accounting {
+ Eina_List *last;
+ unsigned int count;
+ EINA_MAGIC};
-EAPI Eina_List * eina_list_append (Eina_List *list, const void *data) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_prepend (Eina_List *list, const void *data) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_append_relative (Eina_List *list, const void *data, const void *relative) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_append_relative_list (Eina_List *list, const void *data, Eina_List *relative) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_prepend_relative (Eina_List *list, const void *data, const void *relative) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_prepend_relative_list (Eina_List *list, const void *data, Eina_List *relative) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_sorted_insert(Eina_List *list, Eina_Compare_Cb func, const void *data) EINA_ARG_NONNULL(2, 3) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_remove (Eina_List *list, const void *data) EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_remove_list (Eina_List *list, Eina_List *remove_list) EINA_ARG_NONNULL( 2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_promote_list (Eina_List *list, Eina_List *move_list) EINA_ARG_NONNULL( 2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_demote_list (Eina_List *list, Eina_List *move_list);
-EAPI void * eina_list_data_find(const Eina_List *list, const void *data) EINA_PURE EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_data_find_list (const Eina_List *list, const void *data) EINA_PURE EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_free (Eina_List *list);
-EAPI void * eina_list_nth(const Eina_List *list, unsigned int n) EINA_PURE EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_nth_list (const Eina_List *list, unsigned int n) EINA_PURE EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_reverse (Eina_List *list) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_reverse_clone(const Eina_List *list) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_clone(const Eina_List *list) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_sort (Eina_List *list, unsigned int size, Eina_Compare_Cb func) EINA_ARG_NONNULL(3) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_merge (Eina_List *left, Eina_List *right) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_sorted_merge(Eina_List *left, Eina_List *right, Eina_Compare_Cb func) EINA_ARG_NONNULL(3) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_split_list(Eina_List *list, Eina_List *relative, Eina_List **right) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_append(Eina_List * list,
+ const void *data) EINA_ARG_NONNULL(2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_prepend(Eina_List * list,
+ const void *data) EINA_ARG_NONNULL(2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_append_relative(Eina_List * list,
+ const void *data,
+ const void *relative)
+EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_append_relative_list(Eina_List * list,
+ const void *data,
+ Eina_List *
+ relative)
+EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_prepend_relative(Eina_List * list,
+ const void *data,
+ const void *relative)
+EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_prepend_relative_list(Eina_List * list,
+ const void *data,
+ Eina_List *
+ relative)
+EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_sorted_insert(Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data)
+EINA_ARG_NONNULL(2, 3) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_remove(Eina_List * list,
+ const void *data) EINA_ARG_NONNULL(2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_remove_list(Eina_List * list,
+ Eina_List *
+ remove_list) EINA_ARG_NONNULL(2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_promote_list(Eina_List * list,
+ Eina_List *
+ move_list) EINA_ARG_NONNULL(2)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_demote_list(Eina_List * list,
+ Eina_List * move_list);
+EAPI void *eina_list_data_find(const Eina_List * list, const void *data)
+EINA_PURE EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_data_find_list(const Eina_List * list,
+ const void *data)
+EINA_PURE EINA_ARG_NONNULL(2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_free(Eina_List * list);
+EAPI void *eina_list_nth(const Eina_List * list, unsigned int n)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_nth_list(const Eina_List * list, unsigned int n)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_reverse(Eina_List *
+ list) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_reverse_clone(const Eina_List *
+ list) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_clone(const Eina_List *
+ list) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_sort(Eina_List * list, unsigned int size,
+ Eina_Compare_Cb func) EINA_ARG_NONNULL(3)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_merge(Eina_List * left,
+ Eina_List * right) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_sorted_merge(Eina_List * left, Eina_List * right,
+ Eina_Compare_Cb func)
+EINA_ARG_NONNULL(3) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_List *eina_list_split_list(Eina_List * list,
+ Eina_List * relative,
+ Eina_List **
+ right) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_List * eina_list_search_sorted_near_list(const Eina_List *list, Eina_Compare_Cb func, const void *data, int *result_cmp);
-EAPI Eina_List * eina_list_search_sorted_list(const Eina_List *list, Eina_Compare_Cb func, const void *data);
-EAPI void * eina_list_search_sorted(const Eina_List *list, Eina_Compare_Cb func, const void *data);
-EAPI Eina_List * eina_list_search_unsorted_list(const Eina_List *list, Eina_Compare_Cb func, const void *data);
-EAPI void * eina_list_search_unsorted(const Eina_List *list, Eina_Compare_Cb func, const void *data);
+EAPI Eina_List *eina_list_search_sorted_near_list(const Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data,
+ int *result_cmp);
+EAPI Eina_List *eina_list_search_sorted_list(const Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data);
+EAPI void *eina_list_search_sorted(const Eina_List * list,
+ Eina_Compare_Cb func, const void *data);
+EAPI Eina_List *eina_list_search_unsorted_list(const Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data);
+EAPI void *eina_list_search_unsorted(const Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data);
-static inline Eina_List * eina_list_last (const Eina_List *list) EINA_PURE EINA_WARN_UNUSED_RESULT;
-static inline Eina_List * eina_list_next (const Eina_List *list) EINA_PURE EINA_WARN_UNUSED_RESULT;
-static inline Eina_List * eina_list_prev (const Eina_List *list) EINA_PURE EINA_WARN_UNUSED_RESULT;
-static inline void * eina_list_data_get(const Eina_List *list) EINA_PURE EINA_WARN_UNUSED_RESULT;
-static inline unsigned int eina_list_count(const Eina_List *list) EINA_PURE;
+static inline Eina_List *eina_list_last(const Eina_List * list)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+static inline Eina_List *eina_list_next(const Eina_List * list)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+static inline Eina_List *eina_list_prev(const Eina_List * list)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+static inline void *eina_list_data_get(const Eina_List * list)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+static inline unsigned int eina_list_count(const Eina_List *
+ list) EINA_PURE;
-EAPI Eina_Iterator * eina_list_iterator_new(const Eina_List *list) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Iterator * eina_list_iterator_reversed_new(const Eina_List *list) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Accessor * eina_list_accessor_new(const Eina_List *list) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Iterator *eina_list_iterator_new(const Eina_List * list)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Iterator *eina_list_iterator_reversed_new(const Eina_List * list)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Accessor *eina_list_accessor_new(const Eina_List * list)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
/**
* @def EINA_LIST_FOREACH
@@ -346,4 +410,4 @@ EAPI Eina_Accessor * eina_list_accessor_new(const Eina_List *list)
* @}
*/
-#endif /* EINA_LIST_H_ */
+#endif /* EINA_LIST_H_ */
diff --git a/tests/suite/ecore/src/include/eina_log.h b/tests/suite/ecore/src/include/eina_log.h
index d0fd1594d0..3e39bc5e8a 100644
--- a/tests/suite/ecore/src/include/eina_log.h
+++ b/tests/suite/ecore/src/include/eina_log.h
@@ -104,9 +104,9 @@ EAPI extern int EINA_LOG_DOMAIN_GLOBAL;
* @endcode
*
*/
-# define EINA_LOG_DOMAIN_DEFAULT EINA_LOG_DOMAIN_GLOBAL
+#define EINA_LOG_DOMAIN_DEFAULT EINA_LOG_DOMAIN_GLOBAL
-#endif /* EINA_LOG_DOMAIN_DEFAULT */
+#endif /* EINA_LOG_DOMAIN_DEFAULT */
/**
@@ -229,15 +229,19 @@ typedef struct _Eina_Log_Domain Eina_Log_Domain;
* @struct _Eina_Log_Domain
* The domain used for logging.
*/
-struct _Eina_Log_Domain
-{
- int level; /**< Max level to log */
- const char *domain_str; /**< Formatted string with color to print */
- const char *name; /**< Domain name */
- size_t namelen; /**< strlen(name) */
-
- /* Private */
- Eina_Bool deleted : 1; /**< Flags deletion of domain, a free slot */
+struct _Eina_Log_Domain {
+ int level;
+ /**< Max level to log */
+ const char *domain_str;
+ /**< Formatted string with color to print */
+ const char *name;
+ /**< Domain name */
+ size_t namelen;
+ /**< strlen(name) */
+
+ /* Private */
+ Eina_Bool deleted:1;
+ /**< Flags deletion of domain, a free slot */
};
EAPI void eina_log_threads_enable(void);
@@ -246,133 +250,123 @@ EAPI void eina_log_threads_enable(void);
* @enum _Eina_Log_Level
* List of available logging levels.
*/
-typedef enum _Eina_Log_Level
-{
- EINA_LOG_LEVEL_CRITICAL, /**< Critical log level */
- EINA_LOG_LEVEL_ERR, /**< Error log level */
- EINA_LOG_LEVEL_WARN, /**< Warning log level */
- EINA_LOG_LEVEL_INFO, /**< Information log level */
- EINA_LOG_LEVEL_DBG, /**< Debug log level */
- EINA_LOG_LEVELS, /**< Count of default log levels */
- EINA_LOG_LEVEL_UNKNOWN = (-2147483647 - 1) /**< Unknown level */
+typedef enum _Eina_Log_Level {
+ EINA_LOG_LEVEL_CRITICAL,
+ /**< Critical log level */
+ EINA_LOG_LEVEL_ERR,
+ /**< Error log level */
+ EINA_LOG_LEVEL_WARN,
+ /**< Warning log level */
+ EINA_LOG_LEVEL_INFO,
+ /**< Information log level */
+ EINA_LOG_LEVEL_DBG,
+ /**< Debug log level */
+ EINA_LOG_LEVELS,
+ /**< Count of default log levels */
+ EINA_LOG_LEVEL_UNKNOWN = (-2147483647 - 1)/**< Unknown level */
} Eina_Log_Level;
/**
* @typedef Eina_Log_Print_Cb
* Type for print callbacks.
*/
-typedef void (*Eina_Log_Print_Cb)(const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file, const char *fnc, int line,
- const char *fmt, void *data, va_list args);
+typedef void (*Eina_Log_Print_Cb) (const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file, const char *fnc,
+ int line, const char *fmt, void *data,
+ va_list args);
/*
* Customization
*/
EAPI void
-eina_log_print_cb_set(Eina_Log_Print_Cb cb, void *data) EINA_ARG_NONNULL(1);
+eina_log_print_cb_set(Eina_Log_Print_Cb cb,
+ void *data) EINA_ARG_NONNULL(1);
-EAPI void
-eina_log_level_set(int level);
-EAPI int
-eina_log_level_get(void) EINA_WARN_UNUSED_RESULT;
+EAPI void eina_log_level_set(int level);
+EAPI int eina_log_level_get(void) EINA_WARN_UNUSED_RESULT;
-static inline Eina_Bool
-eina_log_level_check(int level);
+static inline Eina_Bool eina_log_level_check(int level);
-EAPI Eina_Bool
-eina_log_main_thread_check(void) EINA_CONST EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Bool eina_log_main_thread_check(void)
+EINA_CONST EINA_WARN_UNUSED_RESULT;
-EAPI void
-eina_log_color_disable_set(Eina_Bool disabled);
-EAPI Eina_Bool
-eina_log_color_disable_get(void) EINA_WARN_UNUSED_RESULT;
-EAPI void
-eina_log_file_disable_set(Eina_Bool disabled);
-EAPI Eina_Bool
-eina_log_file_disable_get(void) EINA_WARN_UNUSED_RESULT;
-EAPI void
-eina_log_function_disable_set(Eina_Bool disabled);
-EAPI Eina_Bool
-eina_log_function_disable_get(void) EINA_WARN_UNUSED_RESULT;
-EAPI void
-eina_log_abort_on_critical_set(Eina_Bool abort_on_critical);
+EAPI void eina_log_color_disable_set(Eina_Bool disabled);
+EAPI Eina_Bool eina_log_color_disable_get(void) EINA_WARN_UNUSED_RESULT;
+EAPI void eina_log_file_disable_set(Eina_Bool disabled);
+EAPI Eina_Bool eina_log_file_disable_get(void) EINA_WARN_UNUSED_RESULT;
+EAPI void eina_log_function_disable_set(Eina_Bool disabled);
+EAPI Eina_Bool eina_log_function_disable_get(void) EINA_WARN_UNUSED_RESULT;
+EAPI void eina_log_abort_on_critical_set(Eina_Bool abort_on_critical);
EAPI Eina_Bool
eina_log_abort_on_critical_get(void) EINA_WARN_UNUSED_RESULT;
-EAPI void
-eina_log_abort_on_critical_level_set(int critical_level);
+EAPI void eina_log_abort_on_critical_level_set(int critical_level);
EAPI int
eina_log_abort_on_critical_level_get(void) EINA_WARN_UNUSED_RESULT;
EAPI void
-eina_log_domain_level_set(const char *domain_name, int level) EINA_ARG_NONNULL(1);
-EAPI int
-eina_log_domain_level_get(const char *domain_name) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+eina_log_domain_level_set(const char *domain_name,
+ int level) EINA_ARG_NONNULL(1);
+EAPI int eina_log_domain_level_get(const char *domain_name)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
EAPI int
eina_log_domain_registered_level_get(int domain) EINA_WARN_UNUSED_RESULT;
-static inline Eina_Bool
-eina_log_domain_level_check(int domain, int level);
+static inline Eina_Bool eina_log_domain_level_check(int domain, int level);
/*
* Logging domains
*/
EAPI int
-eina_log_domain_register(const char *name, const char *color) EINA_ARG_NONNULL(1);
-EAPI void
-eina_log_domain_unregister(int domain);
+eina_log_domain_register(const char *name,
+ const char *color) EINA_ARG_NONNULL(1);
+EAPI void eina_log_domain_unregister(int domain);
/*
* Logging functions.
*/
EAPI void
eina_log_print(int domain,
- Eina_Log_Level level,
- const char *file,
- const char *function,
- int line,
- const char *fmt,
- ...) EINA_ARG_NONNULL(3, 4, 6) EINA_PRINTF(6, 7) EINA_NOINSTRUMENT;
-EAPI void
-eina_log_vprint(int domain,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line,
- const char *fmt,
- va_list args) EINA_ARG_NONNULL(3, 4, 6) EINA_NOINSTRUMENT;
+ Eina_Log_Level level,
+ const char *file,
+ const char *function,
+ int line,
+ const char *fmt,
+ ...) EINA_ARG_NONNULL(3, 4, 6) EINA_PRINTF(6,
+ 7)
+EINA_NOINSTRUMENT;
+EAPI void eina_log_vprint(int domain, Eina_Log_Level level,
+ const char *file, const char *fnc, int line,
+ const char *fmt,
+ va_list args) EINA_ARG_NONNULL(3, 4,
+ 6)
+ EINA_NOINSTRUMENT;
/*
* Logging methods (change how logging is done).
*/
EAPI void
-eina_log_print_cb_stdout(const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line,
- const char *fmt,
- void *data,
- va_list args);
+eina_log_print_cb_stdout(const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc,
+ int line,
+ const char *fmt, void *data, va_list args);
EAPI void
-eina_log_print_cb_stderr(const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line,
- const char *fmt,
- void *data,
- va_list args);
+eina_log_print_cb_stderr(const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc,
+ int line,
+ const char *fmt, void *data, va_list args);
EAPI void
-eina_log_print_cb_file(const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line,
- const char *fmt,
- void *data,
- va_list args);
+eina_log_print_cb_file(const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc,
+ int line,
+ const char *fmt, void *data, va_list args);
#include "eina_inline_log.x"
@@ -384,4 +378,4 @@ eina_log_print_cb_file(const Eina_Log_Domain *d,
* @}
*/
-#endif /* EINA_LOG_H_ */
+#endif /* EINA_LOG_H_ */
diff --git a/tests/suite/ecore/src/include/eina_magic.h b/tests/suite/ecore/src/include/eina_magic.h
index dd1a9f3a56..1f703932ad 100644
--- a/tests/suite/ecore/src/include/eina_magic.h
+++ b/tests/suite/ecore/src/include/eina_magic.h
@@ -41,11 +41,14 @@ typedef unsigned int Eina_Magic;
* @typedef Eina_Magic
* An abstract type for a magic number.
*/
-EAPI const char *eina_magic_string_get(Eina_Magic magic) EINA_PURE EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Bool eina_magic_string_set(Eina_Magic magic,
- const char *magic_name) EINA_ARG_NONNULL(2);
-EAPI Eina_Bool eina_magic_string_static_set(Eina_Magic magic,
- const char *magic_name) EINA_ARG_NONNULL(2);
+EAPI const char *eina_magic_string_get(Eina_Magic magic)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Bool eina_magic_string_set(Eina_Magic magic,
+ const char *magic_name)
+EINA_ARG_NONNULL(2);
+EAPI Eina_Bool eina_magic_string_static_set(Eina_Magic magic,
+ const char *magic_name)
+EINA_ARG_NONNULL(2);
/**
* @def EINA_MAGIC_NONE
@@ -120,8 +123,8 @@ EAPI Eina_Bool eina_magic_string_static_set(Eina_Magic magic,
__LINE__);
EAPI void eina_magic_fail(void *d, Eina_Magic m, Eina_Magic req_m,
- const char *file, const char *fnc,
- int line) EINA_ARG_NONNULL(4, 5);
+ const char *file, const char *fnc,
+ int line) EINA_ARG_NONNULL(4, 5);
#else
@@ -150,4 +153,4 @@ EAPI void eina_magic_fail(void *d, Eina_Magic m, Eina_Magic req_m,
* @}
*/
-#endif /* EINA_MAGIC_H_ */
+#endif /* EINA_MAGIC_H_ */
diff --git a/tests/suite/ecore/src/include/eina_main.h b/tests/suite/ecore/src/include/eina_main.h
index db80042465..06e64d9813 100644
--- a/tests/suite/ecore/src/include/eina_main.h
+++ b/tests/suite/ecore/src/include/eina_main.h
@@ -49,12 +49,15 @@
* @typedef Eina_Version
* The version of Eina.
*/
-typedef struct _Eina_Version
-{
- int major; /**< Major component of the version */
- int minor; /**< Minor component of the version */
- int micro; /**< Micro component of the version */
- int revision; /**< Revision component of the version */
+typedef struct _Eina_Version {
+ int major;
+ /**< Major component of the version */
+ int minor;
+ /**< Minor component of the version */
+ int micro;
+ /**< Micro component of the version */
+ int revision;
+ /**< Revision component of the version */
} Eina_Version;
EAPI extern Eina_Version *eina_version;
@@ -72,4 +75,4 @@ EAPI int eina_threads_shutdown(void);
* @}
*/
-#endif /* EINA_MAIN_H_ */
+#endif /* EINA_MAIN_H_ */
diff --git a/tests/suite/ecore/src/include/eina_matrixsparse.h b/tests/suite/ecore/src/include/eina_matrixsparse.h
index cbf29ccb7e..561ff1a6ba 100644
--- a/tests/suite/ecore/src/include/eina_matrixsparse.h
+++ b/tests/suite/ecore/src/include/eina_matrixsparse.h
@@ -69,41 +69,71 @@ typedef struct _Eina_Matrixsparse_Item_Row Eina_Matrixsparse_Item_Row;
/* constructors and destructors */
EAPI Eina_Matrixsparse *eina_matrixsparse_new(unsigned long rows,
- unsigned long cols,
- void (*free_func)(void *user_data,
- void *cell_data),
- const void *user_data);
-EAPI void eina_matrixsparse_free(Eina_Matrixsparse *m);
+ unsigned long cols,
+ void (*free_func) (void
+ *user_data,
+ void
+ *cell_data),
+ const void *user_data);
+EAPI void eina_matrixsparse_free(Eina_Matrixsparse * m);
/* size manipulation */
-EAPI void eina_matrixsparse_size_get(const Eina_Matrixsparse *m,
- unsigned long *rows,
- unsigned long *cols);
-EAPI Eina_Bool eina_matrixsparse_size_set(Eina_Matrixsparse *m,
- unsigned long rows,
- unsigned long cols);
+EAPI void eina_matrixsparse_size_get(const Eina_Matrixsparse * m,
+ unsigned long *rows,
+ unsigned long *cols);
+EAPI Eina_Bool eina_matrixsparse_size_set(Eina_Matrixsparse * m,
+ unsigned long rows,
+ unsigned long cols);
/* data getting */
-EAPI Eina_Bool eina_matrixsparse_cell_idx_get(const Eina_Matrixsparse *m, unsigned long row, unsigned long col, Eina_Matrixsparse_Cell **cell);
-EAPI void * eina_matrixsparse_cell_data_get(const Eina_Matrixsparse_Cell *cell);
-EAPI void * eina_matrixsparse_data_idx_get(const Eina_Matrixsparse *m, unsigned long row, unsigned long col);
-EAPI Eina_Bool eina_matrixsparse_cell_position_get(const Eina_Matrixsparse_Cell *cell, unsigned long *row, unsigned long *col);
+EAPI Eina_Bool eina_matrixsparse_cell_idx_get(const Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col,
+ Eina_Matrixsparse_Cell **
+ cell);
+EAPI void *eina_matrixsparse_cell_data_get(const Eina_Matrixsparse_Cell *
+ cell);
+EAPI void *eina_matrixsparse_data_idx_get(const Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col);
+EAPI Eina_Bool eina_matrixsparse_cell_position_get(const
+ Eina_Matrixsparse_Cell *
+ cell,
+ unsigned long *row,
+ unsigned long *col);
/* data setting */
-EAPI Eina_Bool eina_matrixsparse_cell_data_replace(Eina_Matrixsparse_Cell *cell, const void *data, void **p_old);
-EAPI Eina_Bool eina_matrixsparse_cell_data_set(Eina_Matrixsparse_Cell *cell, const void *data);
-EAPI Eina_Bool eina_matrixsparse_data_idx_replace(Eina_Matrixsparse *m, unsigned long row, unsigned long col, const void *data, void **p_old);
-EAPI Eina_Bool eina_matrixsparse_data_idx_set(Eina_Matrixsparse *m, unsigned long row, unsigned long col, const void *data);
+EAPI Eina_Bool eina_matrixsparse_cell_data_replace(Eina_Matrixsparse_Cell *
+ cell, const void *data,
+ void **p_old);
+EAPI Eina_Bool eina_matrixsparse_cell_data_set(Eina_Matrixsparse_Cell *
+ cell, const void *data);
+EAPI Eina_Bool eina_matrixsparse_data_idx_replace(Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col,
+ const void *data,
+ void **p_old);
+EAPI Eina_Bool eina_matrixsparse_data_idx_set(Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col,
+ const void *data);
/* data deleting */
-EAPI Eina_Bool eina_matrixsparse_row_idx_clear(Eina_Matrixsparse *m, unsigned long row);
-EAPI Eina_Bool eina_matrixsparse_column_idx_clear(Eina_Matrixsparse *m, unsigned long col);
-EAPI Eina_Bool eina_matrixsparse_cell_idx_clear(Eina_Matrixsparse *m, unsigned long row, unsigned long col);
-EAPI Eina_Bool eina_matrixsparse_cell_clear(Eina_Matrixsparse_Cell *cell);
+EAPI Eina_Bool eina_matrixsparse_row_idx_clear(Eina_Matrixsparse * m,
+ unsigned long row);
+EAPI Eina_Bool eina_matrixsparse_column_idx_clear(Eina_Matrixsparse * m,
+ unsigned long col);
+EAPI Eina_Bool eina_matrixsparse_cell_idx_clear(Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col);
+EAPI Eina_Bool eina_matrixsparse_cell_clear(Eina_Matrixsparse_Cell * cell);
/* iterators */
-EAPI Eina_Iterator *eina_matrixsparse_iterator_new(const Eina_Matrixsparse *m);
-EAPI Eina_Iterator *eina_matrixsparse_iterator_complete_new(const Eina_Matrixsparse *m);
+EAPI Eina_Iterator *eina_matrixsparse_iterator_new(const Eina_Matrixsparse
+ * m);
+EAPI Eina_Iterator *eina_matrixsparse_iterator_complete_new(const
+ Eina_Matrixsparse
+ * m);
/**
* @}
@@ -117,4 +147,4 @@ EAPI Eina_Iterator *eina_matrixsparse_iterator_complete_new(const Eina_Matrixspa
* @}
*/
-#endif /* EINA_MATRIXSPARSE_H_ */
+#endif /* EINA_MATRIXSPARSE_H_ */
diff --git a/tests/suite/ecore/src/include/eina_mempool.h b/tests/suite/ecore/src/include/eina_mempool.h
index cc19e94018..b8004eb143 100644
--- a/tests/suite/ecore/src/include/eina_mempool.h
+++ b/tests/suite/ecore/src/include/eina_mempool.h
@@ -49,20 +49,30 @@ typedef struct _Eina_Mempool_Backend Eina_Mempool_Backend;
EAPI extern Eina_Error EINA_ERROR_NOT_MEMPOOL_MODULE;
-EAPI Eina_Mempool * eina_mempool_add(const char *module,const char *context,const char *options,...) EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
-EAPI void eina_mempool_del(Eina_Mempool *mp) EINA_ARG_NONNULL(1);
-
-static inline void * eina_mempool_realloc(Eina_Mempool *mp,void *element,unsigned int size) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-static inline void * eina_mempool_malloc(Eina_Mempool *mp,unsigned int size) EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-static inline void eina_mempool_free(Eina_Mempool *mp,void *element) EINA_ARG_NONNULL(1);
-
-EAPI void eina_mempool_gc(Eina_Mempool *mp) EINA_ARG_NONNULL(1);
-EAPI void eina_mempool_statistics(Eina_Mempool *mp) EINA_ARG_NONNULL(1);
-
-EAPI Eina_Bool eina_mempool_register(Eina_Mempool_Backend *be) EINA_ARG_NONNULL(1);
-EAPI void eina_mempool_unregister(Eina_Mempool_Backend *be) EINA_ARG_NONNULL(1);
-
-EAPI unsigned int eina_mempool_alignof(unsigned int size);
+EAPI Eina_Mempool *eina_mempool_add(const char *module,
+ const char *context,
+ const char *options, ...)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+EAPI void eina_mempool_del(Eina_Mempool * mp) EINA_ARG_NONNULL(1);
+
+static inline void *eina_mempool_realloc(Eina_Mempool * mp, void *element,
+ unsigned int size)
+EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+static inline void *eina_mempool_malloc(Eina_Mempool * mp,
+ unsigned int size)
+EINA_MALLOC EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+static inline void eina_mempool_free(Eina_Mempool * mp,
+ void *element) EINA_ARG_NONNULL(1);
+
+EAPI void eina_mempool_gc(Eina_Mempool * mp) EINA_ARG_NONNULL(1);
+EAPI void eina_mempool_statistics(Eina_Mempool * mp) EINA_ARG_NONNULL(1);
+
+EAPI Eina_Bool eina_mempool_register(Eina_Mempool_Backend *
+ be) EINA_ARG_NONNULL(1);
+EAPI void eina_mempool_unregister(Eina_Mempool_Backend *
+ be) EINA_ARG_NONNULL(1);
+
+EAPI unsigned int eina_mempool_alignof(unsigned int size);
#include "eina_inline_mempool.x"
@@ -74,4 +84,4 @@ EAPI unsigned int eina_mempool_alignof(unsigned int size);
* @}
*/
-#endif /* EINA_MEMPOOL_H_ */
+#endif /* EINA_MEMPOOL_H_ */
diff --git a/tests/suite/ecore/src/include/eina_module.h b/tests/suite/ecore/src/include/eina_module.h
index 6618381c30..4b856c8bf2 100644
--- a/tests/suite/ecore/src/include/eina_module.h
+++ b/tests/suite/ecore/src/include/eina_module.h
@@ -61,7 +61,7 @@
*/
typedef struct _Eina_Module Eina_Module;
-typedef Eina_Bool (*Eina_Module_Cb)(Eina_Module *m, void *data);
+typedef Eina_Bool(*Eina_Module_Cb) (Eina_Module * m, void *data);
/**
* @typedef Eina_Module_Init
@@ -71,7 +71,7 @@ typedef Eina_Bool (*Eina_Module_Cb)(Eina_Module *m, void *data);
* means the module was successfully initialized.
* @see Eina_Module_Shutdown
*/
-typedef Eina_Bool (*Eina_Module_Init)(void);
+typedef Eina_Bool(*Eina_Module_Init) (void);
/**
* @typedef Eina_Module_Shutdown
@@ -79,7 +79,7 @@ typedef Eina_Bool (*Eina_Module_Init)(void);
* __eina_module_shutdown, it will be called before calling dlclose()
* @see Eina_Module_Init
*/
-typedef void (*Eina_Module_Shutdown)(void);
+typedef void (*Eina_Module_Shutdown) (void);
/**
* @def EINA_MODULE_INIT
@@ -108,36 +108,37 @@ extern EAPI Eina_Error EINA_ERROR_WRONG_MODULE;
*/
extern EAPI Eina_Error EINA_ERROR_MODULE_INIT_FAILED;
-EAPI Eina_Module *
-eina_module_new(const char *file) EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
-EAPI Eina_Bool
-eina_module_free(Eina_Module *m) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool
-eina_module_load(Eina_Module *module) EINA_ARG_NONNULL(1);
-EAPI Eina_Bool
-eina_module_unload(Eina_Module *m) EINA_ARG_NONNULL(1);
-EAPI void *
-eina_module_symbol_get(const Eina_Module *module, const char *symbol) EINA_PURE EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-EAPI const char *
-eina_module_file_get(const Eina_Module *m) EINA_PURE EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
-
-EAPI char *
-eina_module_symbol_path_get(const void *symbol, const char *sub_dir) EINA_PURE EINA_MALLOC EINA_ARG_NONNULL(1, 2);
-EAPI char *
-eina_module_environment_path_get(const char *env, const char *sub_dir) EINA_PURE EINA_MALLOC EINA_ARG_NONNULL(1, 2);
-
-EAPI Eina_Array *
-eina_module_arch_list_get(Eina_Array *array, const char *path, const char *arch);
-EAPI Eina_Array *
-eina_module_list_get(Eina_Array *array, const char *path, Eina_Bool recursive, Eina_Module_Cb cb, void *data) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI void
-eina_module_list_load(Eina_Array *list) EINA_ARG_NONNULL(1);
-EAPI void
-eina_module_list_unload(Eina_Array *list) EINA_ARG_NONNULL(1);
-EAPI void
-eina_module_list_free(Eina_Array *list) EINA_ARG_NONNULL(1);
-EAPI Eina_Module *
-eina_module_find(const Eina_Array *array, const char *module) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Module *eina_module_new(const char *file)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_module_free(Eina_Module * m) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_module_load(Eina_Module * module) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_module_unload(Eina_Module * m) EINA_ARG_NONNULL(1);
+EAPI void *eina_module_symbol_get(const Eina_Module * module,
+ const char *symbol)
+EINA_PURE EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
+EAPI const char *eina_module_file_get(const Eina_Module * m)
+EINA_PURE EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+
+EAPI char *eina_module_symbol_path_get(const void *symbol,
+ const char *sub_dir)
+EINA_PURE EINA_MALLOC EINA_ARG_NONNULL(1, 2);
+EAPI char *eina_module_environment_path_get(const char *env,
+ const char *sub_dir)
+EINA_PURE EINA_MALLOC EINA_ARG_NONNULL(1, 2);
+
+EAPI Eina_Array *eina_module_arch_list_get(Eina_Array * array,
+ const char *path,
+ const char *arch);
+EAPI Eina_Array *eina_module_list_get(Eina_Array * array, const char *path,
+ Eina_Bool recursive,
+ Eina_Module_Cb cb, void *data)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI void eina_module_list_load(Eina_Array * list) EINA_ARG_NONNULL(1);
+EAPI void eina_module_list_unload(Eina_Array * list) EINA_ARG_NONNULL(1);
+EAPI void eina_module_list_free(Eina_Array * list) EINA_ARG_NONNULL(1);
+EAPI Eina_Module *eina_module_find(const Eina_Array * array,
+ const char *module) EINA_ARG_NONNULL(1,
+ 2);
/**
* @}
@@ -147,4 +148,4 @@ eina_module_find(const Eina_Array *array, const char *module) EINA_ARG_NONNULL(1
* @}
*/
-#endif /*EINA_MODULE_H_*/
+#endif /*EINA_MODULE_H_ */
diff --git a/tests/suite/ecore/src/include/eina_quadtree.h b/tests/suite/ecore/src/include/eina_quadtree.h
index ad24c3ebb3..f77b21c954 100644
--- a/tests/suite/ecore/src/include/eina_quadtree.h
+++ b/tests/suite/ecore/src/include/eina_quadtree.h
@@ -27,27 +27,32 @@ typedef struct _Eina_QuadTree Eina_QuadTree;
typedef struct _Eina_QuadTree_Item Eina_QuadTree_Item;
typedef enum {
- EINA_QUAD_LEFT,
- EINA_QUAD_RIGHT,
- EINA_QUAD_BOTH
+ EINA_QUAD_LEFT,
+ EINA_QUAD_RIGHT,
+ EINA_QUAD_BOTH
} Eina_Quad_Direction;
-typedef Eina_Quad_Direction (*Eina_Quad_Callback)(const void *object, size_t middle);
+typedef Eina_Quad_Direction(*Eina_Quad_Callback) (const void *object,
+ size_t middle);
-EAPI Eina_QuadTree * eina_quadtree_new(size_t w, size_t h, Eina_Quad_Callback vertical, Eina_Quad_Callback horizontal);
-EAPI void eina_quadtree_free(Eina_QuadTree *q);
-EAPI void eina_quadtree_resize(Eina_QuadTree *q, size_t w, size_t h);
+EAPI Eina_QuadTree *eina_quadtree_new(size_t w, size_t h,
+ Eina_Quad_Callback vertical,
+ Eina_Quad_Callback horizontal);
+EAPI void eina_quadtree_free(Eina_QuadTree * q);
+EAPI void eina_quadtree_resize(Eina_QuadTree * q, size_t w, size_t h);
-EAPI void eina_quadtree_cycle(Eina_QuadTree *q);
-EAPI void eina_quadtree_increase(Eina_QuadTree_Item *object);
+EAPI void eina_quadtree_cycle(Eina_QuadTree * q);
+EAPI void eina_quadtree_increase(Eina_QuadTree_Item * object);
-EAPI Eina_QuadTree_Item *eina_quadtree_add(Eina_QuadTree *q, const void *object);
-EAPI Eina_Bool eina_quadtree_del(Eina_QuadTree_Item *object);
-EAPI Eina_Bool eina_quadtree_change(Eina_QuadTree_Item *object);
-EAPI Eina_Bool eina_quadtree_hide(Eina_QuadTree_Item *object);
-EAPI Eina_Bool eina_quadtree_show(Eina_QuadTree_Item *object);
+EAPI Eina_QuadTree_Item *eina_quadtree_add(Eina_QuadTree * q,
+ const void *object);
+EAPI Eina_Bool eina_quadtree_del(Eina_QuadTree_Item * object);
+EAPI Eina_Bool eina_quadtree_change(Eina_QuadTree_Item * object);
+EAPI Eina_Bool eina_quadtree_hide(Eina_QuadTree_Item * object);
+EAPI Eina_Bool eina_quadtree_show(Eina_QuadTree_Item * object);
-EAPI Eina_Inlist * eina_quadtree_collide(Eina_QuadTree *q, int x, int y, int w, int h);
-EAPI void * eina_quadtree_object(Eina_Inlist *list);
+EAPI Eina_Inlist *eina_quadtree_collide(Eina_QuadTree * q, int x, int y,
+ int w, int h);
+EAPI void *eina_quadtree_object(Eina_Inlist * list);
#endif
diff --git a/tests/suite/ecore/src/include/eina_rbtree.h b/tests/suite/ecore/src/include/eina_rbtree.h
index 026db41ca1..f2b0e987bb 100644
--- a/tests/suite/ecore/src/include/eina_rbtree.h
+++ b/tests/suite/ecore/src/include/eina_rbtree.h
@@ -48,8 +48,8 @@
* node color.
*/
typedef enum {
- EINA_RBTREE_RED,
- EINA_RBTREE_BLACK
+ EINA_RBTREE_RED,
+ EINA_RBTREE_BLACK
} Eina_Rbtree_Color;
/**
@@ -57,8 +57,8 @@ typedef enum {
* walk direction.
*/
typedef enum {
- EINA_RBTREE_LEFT = 0,
- EINA_RBTREE_RIGHT = 1
+ EINA_RBTREE_LEFT = 0,
+ EINA_RBTREE_RIGHT = 1
} Eina_Rbtree_Direction;
/**
@@ -66,11 +66,10 @@ typedef enum {
* Type for a Red-Black tree node. It should be inlined into user's type.
*/
typedef struct _Eina_Rbtree Eina_Rbtree;
-struct _Eina_Rbtree
-{
- Eina_Rbtree *son[2];
+struct _Eina_Rbtree {
+ Eina_Rbtree *son[2];
- Eina_Rbtree_Color color : 1;
+ Eina_Rbtree_Color color:1;
};
/**
@@ -99,7 +98,11 @@ struct _Eina_Rbtree
* @typedef Eina_Rbtree_Cmp_Node_Cb
* Function used compare two nodes and see which direction to navigate.
*/
-typedef Eina_Rbtree_Direction (*Eina_Rbtree_Cmp_Node_Cb)(const Eina_Rbtree *left, const Eina_Rbtree *right, void *data);
+typedef Eina_Rbtree_Direction(*Eina_Rbtree_Cmp_Node_Cb) (const Eina_Rbtree
+ * left,
+ const Eina_Rbtree
+ * right,
+ void *data);
/**
* @def EINA_RBTREE_CMP_NODE_CB
@@ -111,7 +114,9 @@ typedef Eina_Rbtree_Direction (*Eina_Rbtree_Cmp_Node_Cb)(const Eina_Rbtree *left
* @typedef Eina_Rbtree_Cmp_Key_Cb
* Function used compare node with a given key of specified length.
*/
-typedef int (*Eina_Rbtree_Cmp_Key_Cb)(const Eina_Rbtree *node, const void *key, int length, void *data);
+typedef int (*Eina_Rbtree_Cmp_Key_Cb) (const Eina_Rbtree * node,
+ const void *key, int length,
+ void *data);
/**
* @def EINA_RBTREE_CMP_KEY_CB
* Cast using #Eina_Rbtree_Cmp_Key_Cb
@@ -122,22 +127,39 @@ typedef int (*Eina_Rbtree_Cmp_Key_Cb)(const Eina_Rbtree *node, const void *key,
* @typedef Eina_Rbtree_Free_Cb
* Function used free a node.
*/
-typedef void (*Eina_Rbtree_Free_Cb)(Eina_Rbtree *node, void *data);
+typedef void (*Eina_Rbtree_Free_Cb) (Eina_Rbtree * node, void *data);
/**
* @def EINA_RBTREE_FREE_CB
* Cast using #Eina_Rbtree_Free_Cb
*/
#define EINA_RBTREE_FREE_CB(Function) ((Eina_Rbtree_Free_Cb)Function)
-EAPI Eina_Rbtree * eina_rbtree_inline_insert(Eina_Rbtree *root,Eina_Rbtree *node,Eina_Rbtree_Cmp_Node_Cb cmp,const void *data) EINA_ARG_NONNULL(2, 3) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Rbtree * eina_rbtree_inline_remove(Eina_Rbtree *root,Eina_Rbtree *node,Eina_Rbtree_Cmp_Node_Cb cmp,const void *data) EINA_ARG_NONNULL(2, 3) EINA_WARN_UNUSED_RESULT;
-EAPI void eina_rbtree_delete(Eina_Rbtree *root,Eina_Rbtree_Free_Cb func,void *data) EINA_ARG_NONNULL(2);
-
-static inline Eina_Rbtree * eina_rbtree_inline_lookup(const Eina_Rbtree *root,const void *key,int length,Eina_Rbtree_Cmp_Key_Cb cmp,const void *data) EINA_PURE EINA_ARG_NONNULL(2, 4) EINA_WARN_UNUSED_RESULT;
-
-EAPI Eina_Iterator * eina_rbtree_iterator_prefix(const Eina_Rbtree *root) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Iterator * eina_rbtree_iterator_infix(const Eina_Rbtree *root) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Iterator * eina_rbtree_iterator_postfix(const Eina_Rbtree *root) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Rbtree *eina_rbtree_inline_insert(Eina_Rbtree * root,
+ Eina_Rbtree * node,
+ Eina_Rbtree_Cmp_Node_Cb cmp,
+ const void *data)
+EINA_ARG_NONNULL(2, 3) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Rbtree *eina_rbtree_inline_remove(Eina_Rbtree * root,
+ Eina_Rbtree * node,
+ Eina_Rbtree_Cmp_Node_Cb cmp,
+ const void *data)
+EINA_ARG_NONNULL(2, 3) EINA_WARN_UNUSED_RESULT;
+EAPI void eina_rbtree_delete(Eina_Rbtree * root, Eina_Rbtree_Free_Cb func,
+ void *data) EINA_ARG_NONNULL(2);
+
+static inline Eina_Rbtree *eina_rbtree_inline_lookup(const Eina_Rbtree *
+ root, const void *key,
+ int length,
+ Eina_Rbtree_Cmp_Key_Cb
+ cmp, const void *data)
+EINA_PURE EINA_ARG_NONNULL(2, 4) EINA_WARN_UNUSED_RESULT;
+
+EAPI Eina_Iterator *eina_rbtree_iterator_prefix(const Eina_Rbtree * root)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Iterator *eina_rbtree_iterator_infix(const Eina_Rbtree * root)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Iterator *eina_rbtree_iterator_postfix(const Eina_Rbtree * root)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
#include "eina_inline_rbtree.x"
diff --git a/tests/suite/ecore/src/include/eina_rectangle.h b/tests/suite/ecore/src/include/eina_rectangle.h
index a9daf66672..71a4e70c28 100644
--- a/tests/suite/ecore/src/include/eina_rectangle.h
+++ b/tests/suite/ecore/src/include/eina_rectangle.h
@@ -37,12 +37,15 @@
* @typedef Eina_Rectangle
* Simple rectangle structure.
*/
-typedef struct _Eina_Rectangle
-{
- int x; /**< top-left x co-ordinate of rectangle */
- int y; /**< top-left y co-ordinate of rectangle */
- int w; /**< width of rectangle */
- int h; /**< height of rectangle */
+typedef struct _Eina_Rectangle {
+ int x;
+ /**< top-left x co-ordinate of rectangle */
+ int y;
+ /**< top-left y co-ordinate of rectangle */
+ int w;
+ /**< width of rectangle */
+ int h;
+ /**< height of rectangle */
} Eina_Rectangle;
/**
@@ -51,27 +54,72 @@ typedef struct _Eina_Rectangle
*/
typedef struct _Eina_Rectangle_Pool Eina_Rectangle_Pool;
-static inline int eina_spans_intersect(int c1, int l1, int c2, int l2) EINA_WARN_UNUSED_RESULT;
-static inline Eina_Bool eina_rectangle_is_empty(const Eina_Rectangle *r) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-static inline void eina_rectangle_coords_from(Eina_Rectangle *r, int x, int y, int w, int h) EINA_ARG_NONNULL(1);
-static inline Eina_Bool eina_rectangles_intersect(const Eina_Rectangle *r1, const Eina_Rectangle *r2) EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-static inline Eina_Bool eina_rectangle_xcoord_inside(const Eina_Rectangle *r, int x) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-static inline Eina_Bool eina_rectangle_ycoord_inside(const Eina_Rectangle *r, int y) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-static inline Eina_Bool eina_rectangle_coords_inside(const Eina_Rectangle *r, int x, int y) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-static inline void eina_rectangle_union(Eina_Rectangle *dst, const Eina_Rectangle *src) EINA_ARG_NONNULL(1, 2);
-static inline Eina_Bool eina_rectangle_intersection(Eina_Rectangle *dst, const Eina_Rectangle *src) EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-static inline void eina_rectangle_rescale_in(const Eina_Rectangle *out, const Eina_Rectangle *in, Eina_Rectangle *res) EINA_ARG_NONNULL(1, 2, 3);
-static inline void eina_rectangle_rescale_out(const Eina_Rectangle *out, const Eina_Rectangle *in, Eina_Rectangle *res) EINA_ARG_NONNULL(1, 2, 3);
+static inline int eina_spans_intersect(int c1, int l1, int c2,
+ int l2) EINA_WARN_UNUSED_RESULT;
+static inline Eina_Bool eina_rectangle_is_empty(const Eina_Rectangle *
+ r) EINA_ARG_NONNULL(1)
+ EINA_WARN_UNUSED_RESULT;
+static inline void eina_rectangle_coords_from(Eina_Rectangle * r, int x,
+ int y, int w,
+ int h) EINA_ARG_NONNULL(1);
+static inline Eina_Bool eina_rectangles_intersect(const Eina_Rectangle *
+ r1,
+ const Eina_Rectangle *
+ r2) EINA_ARG_NONNULL(1,
+ 2)
+ EINA_WARN_UNUSED_RESULT;
+static inline Eina_Bool eina_rectangle_xcoord_inside(const Eina_Rectangle *
+ r,
+ int x)
+EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+static inline Eina_Bool eina_rectangle_ycoord_inside(const Eina_Rectangle *
+ r,
+ int y)
+EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+static inline Eina_Bool eina_rectangle_coords_inside(const Eina_Rectangle *
+ r, int x,
+ int y)
+EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+static inline void eina_rectangle_union(Eina_Rectangle * dst,
+ const Eina_Rectangle *
+ src) EINA_ARG_NONNULL(1, 2);
+static inline Eina_Bool eina_rectangle_intersection(Eina_Rectangle * dst,
+ const Eina_Rectangle *
+ src)
+EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
+static inline void eina_rectangle_rescale_in(const Eina_Rectangle * out,
+ const Eina_Rectangle * in,
+ Eina_Rectangle *
+ res) EINA_ARG_NONNULL(1, 2,
+ 3);
+static inline void eina_rectangle_rescale_out(const Eina_Rectangle * out,
+ const Eina_Rectangle * in,
+ Eina_Rectangle *
+ res) EINA_ARG_NONNULL(1, 2,
+ 3);
-EAPI Eina_Rectangle_Pool * eina_rectangle_pool_new(int w, int h) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Rectangle_Pool * eina_rectangle_pool_get(Eina_Rectangle *rect) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
-EAPI Eina_Bool eina_rectangle_pool_geometry_get(Eina_Rectangle_Pool *pool, int *w, int *h) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-EAPI void * eina_rectangle_pool_data_get(Eina_Rectangle_Pool *pool) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
-EAPI void eina_rectangle_pool_data_set(Eina_Rectangle_Pool *pool, const void *data) EINA_ARG_NONNULL(1);
-EAPI void eina_rectangle_pool_free(Eina_Rectangle_Pool *pool) EINA_ARG_NONNULL(1);
-EAPI int eina_rectangle_pool_count(Eina_Rectangle_Pool *pool) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Rectangle * eina_rectangle_pool_request(Eina_Rectangle_Pool *pool, int w, int h) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
-EAPI void eina_rectangle_pool_release(Eina_Rectangle *rect) EINA_ARG_NONNULL(1);
+EAPI Eina_Rectangle_Pool *eina_rectangle_pool_new(int w, int h)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Rectangle_Pool *eina_rectangle_pool_get(Eina_Rectangle * rect)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_rectangle_pool_geometry_get(Eina_Rectangle_Pool * pool,
+ int *w, int *h)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI void *eina_rectangle_pool_data_get(Eina_Rectangle_Pool * pool)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+EAPI void eina_rectangle_pool_data_set(Eina_Rectangle_Pool * pool,
+ const void *data)
+EINA_ARG_NONNULL(1);
+EAPI void eina_rectangle_pool_free(Eina_Rectangle_Pool *
+ pool) EINA_ARG_NONNULL(1);
+EAPI int eina_rectangle_pool_count(Eina_Rectangle_Pool *
+ pool) EINA_ARG_NONNULL(1)
+ EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Rectangle *eina_rectangle_pool_request(Eina_Rectangle_Pool *
+ pool, int w, int h)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+EAPI void eina_rectangle_pool_release(Eina_Rectangle *
+ rect) EINA_ARG_NONNULL(1);
/**
* @def EINA_RECTANGLE_SET
@@ -93,8 +141,9 @@ EAPI void eina_rectangle_pool_release(Eina_Rectangle *rect) EINA_ARG_NONNULL(1);
(Rectangle)->w = W; \
(Rectangle)->h = H;
-EAPI Eina_Rectangle *eina_rectangle_new(int x, int y, int w, int h) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI void eina_rectangle_free(Eina_Rectangle *rect) EINA_ARG_NONNULL(1);
+EAPI Eina_Rectangle *eina_rectangle_new(int x, int y, int w, int h)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI void eina_rectangle_free(Eina_Rectangle * rect) EINA_ARG_NONNULL(1);
#include "eina_inline_rectangle.x"
diff --git a/tests/suite/ecore/src/include/eina_safety_checks.h b/tests/suite/ecore/src/include/eina_safety_checks.h
index 29ebba07d3..43bb86e6b8 100644
--- a/tests/suite/ecore/src/include/eina_safety_checks.h
+++ b/tests/suite/ecore/src/include/eina_safety_checks.h
@@ -193,7 +193,7 @@ EAPI extern Eina_Error EINA_ERROR_SAFETY_FAILED;
#endif
-#else /* no safety checks */
+#else /* no safety checks */
#define EINA_SAFETY_ON_NULL_RETURN(exp) \
do { (void)(!(exp)); } while (0)
@@ -222,8 +222,8 @@ EAPI extern Eina_Error EINA_ERROR_SAFETY_FAILED;
#define EINA_SAFETY_ON_FALSE_GOTO(exp, label) \
do { if (0 && !(exp)) { goto label; } } while (0)
-#endif /* safety checks macros */
-#endif /* EINA_SAFETY_CHECKS_H_ */
+#endif /* safety checks macros */
+#endif /* EINA_SAFETY_CHECKS_H_ */
/**
* @}
diff --git a/tests/suite/ecore/src/include/eina_sched.h b/tests/suite/ecore/src/include/eina_sched.h
index 607b9f5b85..89d0d9eaf0 100644
--- a/tests/suite/ecore/src/include/eina_sched.h
+++ b/tests/suite/ecore/src/include/eina_sched.h
@@ -23,4 +23,4 @@
EAPI void eina_sched_prio_drop(void);
-#endif /* EINA_SCHED_H_ */
+#endif /* EINA_SCHED_H_ */
diff --git a/tests/suite/ecore/src/include/eina_str.h b/tests/suite/ecore/src/include/eina_str.h
index 1d12615e5a..736fa6a7a4 100644
--- a/tests/suite/ecore/src/include/eina_str.h
+++ b/tests/suite/ecore/src/include/eina_str.h
@@ -19,26 +19,46 @@
*/
/* strlcpy implementation for libc's lacking it */
-EAPI size_t eina_strlcpy(char *dst, const char *src, size_t siz) EINA_ARG_NONNULL(1, 2);
-EAPI size_t eina_strlcat(char *dst, const char *src, size_t siz) EINA_ARG_NONNULL(1, 2);
-
-EAPI Eina_Bool eina_str_has_prefix(const char *str, const char *prefix) EINA_PURE EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Bool eina_str_has_suffix(const char *str, const char *suffix) EINA_PURE EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Bool eina_str_has_extension(const char *str, const char *ext) EINA_PURE EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
-
-EAPI char ** eina_str_split(const char *string, const char *delimiter, int max_tokens) EINA_ARG_NONNULL(1, 2) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-EAPI char ** eina_str_split_full(const char *string, const char *delimiter, int max_tokens, unsigned int *elements) EINA_ARG_NONNULL(1, 2, 4) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
-
-EAPI size_t eina_str_join_len(char *dst, size_t size, char sep, const char *a, size_t a_len, const char *b, size_t b_len) EINA_ARG_NONNULL(1, 4, 6);
-
-EAPI char * eina_str_convert(const char *enc_from, const char *enc_to, const char *text) EINA_WARN_UNUSED_RESULT EINA_MALLOC EINA_ARG_NONNULL(1, 2, 3);
-
-EAPI char * eina_str_escape(const char *str) EINA_WARN_UNUSED_RESULT EINA_MALLOC EINA_ARG_NONNULL(1);
-
-EAPI void eina_str_tolower(char **str);
-EAPI void eina_str_toupper(char **str);
-
-static inline size_t eina_str_join(char *dst, size_t size, char sep, const char *a, const char *b) EINA_ARG_NONNULL(1, 4, 5);
+EAPI size_t eina_strlcpy(char *dst, const char *src,
+ size_t siz) EINA_ARG_NONNULL(1, 2);
+EAPI size_t eina_strlcat(char *dst, const char *src,
+ size_t siz) EINA_ARG_NONNULL(1, 2);
+
+EAPI Eina_Bool eina_str_has_prefix(const char *str, const char *prefix)
+EINA_PURE EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Bool eina_str_has_suffix(const char *str, const char *suffix)
+EINA_PURE EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Bool eina_str_has_extension(const char *str, const char *ext)
+EINA_PURE EINA_ARG_NONNULL(1, 2) EINA_WARN_UNUSED_RESULT;
+
+EAPI char **eina_str_split(const char *string, const char *delimiter,
+ int max_tokens) EINA_ARG_NONNULL(1, 2)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI char **eina_str_split_full(const char *string, const char *delimiter,
+ int max_tokens,
+ unsigned int *elements) EINA_ARG_NONNULL(1,
+ 2,
+ 4)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+
+EAPI size_t eina_str_join_len(char *dst, size_t size, char sep,
+ const char *a, size_t a_len, const char *b,
+ size_t b_len) EINA_ARG_NONNULL(1, 4, 6);
+
+EAPI char *eina_str_convert(const char *enc_from, const char *enc_to,
+ const char *text)
+EINA_WARN_UNUSED_RESULT EINA_MALLOC EINA_ARG_NONNULL(1, 2, 3);
+
+EAPI char *eina_str_escape(const char *str)
+EINA_WARN_UNUSED_RESULT EINA_MALLOC EINA_ARG_NONNULL(1);
+
+EAPI void eina_str_tolower(char **str);
+EAPI void eina_str_toupper(char **str);
+
+static inline size_t eina_str_join(char *dst, size_t size, char sep,
+ const char *a,
+ const char *b) EINA_ARG_NONNULL(1, 4,
+ 5);
/**
* @def eina_str_join_static(dst, sep, a, b)
@@ -58,7 +78,8 @@ static inline size_t eina_str_join(char *dst, size_t size, char sep, const char
*/
#define eina_str_join_static(dst, sep, a, b) eina_str_join_len(dst, sizeof(dst), sep, a, (sizeof(a) > 0) ? sizeof(a) - 1 : 0, b, (sizeof(b) > 0) ? sizeof(b) - 1 : 0)
-static inline size_t eina_strlen_bounded(const char *str, size_t maxlen) EINA_PURE EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+static inline size_t eina_strlen_bounded(const char *str, size_t maxlen)
+EINA_PURE EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
#include "eina_inline_str.x"
@@ -70,4 +91,4 @@ static inline size_t eina_strlen_bounded(const char *str, size_t maxlen) EINA_PU
* @}
*/
-#endif /* EINA_STR_H */
+#endif /* EINA_STR_H */
diff --git a/tests/suite/ecore/src/include/eina_strbuf.h b/tests/suite/ecore/src/include/eina_strbuf.h
index 4424eb4852..432fe5f179 100644
--- a/tests/suite/ecore/src/include/eina_strbuf.h
+++ b/tests/suite/ecore/src/include/eina_strbuf.h
@@ -37,7 +37,8 @@ typedef struct _Eina_Strbuf Eina_Strbuf;
* @see eina_strbuf_append()
* @see eina_strbuf_string_get()
*/
-EAPI Eina_Strbuf *eina_strbuf_new(void) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Strbuf *eina_strbuf_new(void)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
/**
* @brief Free a string buffer.
@@ -47,7 +48,7 @@ EAPI Eina_Strbuf *eina_strbuf_new(void) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
* This function frees the memory of @p buf. @p buf must have been
* created by eina_strbuf_new().
*/
-EAPI void eina_strbuf_free(Eina_Strbuf *buf) EINA_ARG_NONNULL(1);
+EAPI void eina_strbuf_free(Eina_Strbuf * buf) EINA_ARG_NONNULL(1);
/**
* @brief Reset a string buffer.
@@ -57,7 +58,7 @@ EAPI void eina_strbuf_free(Eina_Strbuf *buf) EINA_ARG_NONNULL(1);
* This function reset @p buf: the buffer len is set to 0, and the
* string is set to '\\0'. No memory is free'd.
*/
-EAPI void eina_strbuf_reset(Eina_Strbuf *buf) EINA_ARG_NONNULL(1);
+EAPI void eina_strbuf_reset(Eina_Strbuf * buf) EINA_ARG_NONNULL(1);
/**
* @brief Append a string to a buffer, reallocating as necessary.
@@ -75,7 +76,8 @@ EAPI void eina_strbuf_reset(Eina_Strbuf *buf) EINA_ARG_NONNULL(1);
* @see eina_strbuf_append()
* @see eina_strbuf_append_length()
*/
-EAPI Eina_Bool eina_strbuf_append(Eina_Strbuf *buf, const char *str) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_append(Eina_Strbuf * buf,
+ const char *str) EINA_ARG_NONNULL(1, 2);
/**
* @brief Append an escaped string to a buffer, reallocating as necessary.
@@ -88,7 +90,9 @@ EAPI Eina_Bool eina_strbuf_append(Eina_Strbuf *buf, const char *str) EINA_ARG
* str can not be appended, #EINA_FALSE is returned, otherwise,
* #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_strbuf_append_escaped(Eina_Strbuf *buf, const char *str) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_append_escaped(Eina_Strbuf * buf,
+ const char *str)
+EINA_ARG_NONNULL(1, 2);
/**
* @brief Append a string to a buffer, reallocating as necessary,
@@ -111,7 +115,8 @@ EAPI Eina_Bool eina_strbuf_append_escaped(Eina_Strbuf *buf, const char *str)
* @see eina_strbuf_append()
* @see eina_strbuf_append_length()
*/
-EAPI Eina_Bool eina_strbuf_append_n(Eina_Strbuf *buf, const char *str, size_t maxlen) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_append_n(Eina_Strbuf * buf, const char *str,
+ size_t maxlen) EINA_ARG_NONNULL(1, 2);
/**
* @brief Append a string of exact length to a buffer, reallocating as necessary.
@@ -132,7 +137,10 @@ EAPI Eina_Bool eina_strbuf_append_n(Eina_Strbuf *buf, const char *str, size_t
* @see eina_strbuf_append()
* @see eina_strbuf_append_n()
*/
-EAPI Eina_Bool eina_strbuf_append_length(Eina_Strbuf *buf, const char *str, size_t length) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_append_length(Eina_Strbuf * buf,
+ const char *str,
+ size_t length) EINA_ARG_NONNULL(1,
+ 2);
/**
* @brief Append a character to a string buffer, reallocating as
@@ -145,7 +153,8 @@ EAPI Eina_Bool eina_strbuf_append_length(Eina_Strbuf *buf, const char *str, s
* This function inserts @p c to @p buf. If it can not insert it,
* #EINA_FALSE is returned, otherwise #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_strbuf_append_char(Eina_Strbuf *buf, char c) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_strbuf_append_char(Eina_Strbuf * buf,
+ char c) EINA_ARG_NONNULL(1);
/**
* @brief Append a string to a buffer, reallocating as necessary.
@@ -156,7 +165,11 @@ EAPI Eina_Bool eina_strbuf_append_char(Eina_Strbuf *buf, char c) EINA_ARG_NON
*
* @see eina_strbuf_append()
*/
-EAPI Eina_Bool eina_strbuf_append_printf(Eina_Strbuf *buf, const char *fmt, ...) EINA_ARG_NONNULL(1, 2) EINA_PRINTF(2, 3);
+EAPI Eina_Bool eina_strbuf_append_printf(Eina_Strbuf * buf,
+ const char *fmt,
+ ...) EINA_ARG_NONNULL(1,
+ 2)
+EINA_PRINTF(2, 3);
/**
* @brief Append a string to a buffer, reallocating as necessary.
@@ -168,7 +181,10 @@ EAPI Eina_Bool eina_strbuf_append_printf(Eina_Strbuf *buf, const char *fmt, .
*
* @see eina_strbuf_append()
*/
-EAPI Eina_Bool eina_strbuf_append_vprintf(Eina_Strbuf *buf, const char *fmt, va_list args) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_append_vprintf(Eina_Strbuf * buf,
+ const char *fmt,
+ va_list args) EINA_ARG_NONNULL(1,
+ 2);
/**
* @brief Insert a string to a buffer, reallocating as necessary.
@@ -184,7 +200,8 @@ EAPI Eina_Bool eina_strbuf_append_vprintf(Eina_Strbuf *buf, const char *fmt,
* consider using that variant. If @p buf can't insert it, #EINA_FALSE
* is returned, otherwise #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_strbuf_insert(Eina_Strbuf *buf, const char *str, size_t pos) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_insert(Eina_Strbuf * buf, const char *str,
+ size_t pos) EINA_ARG_NONNULL(1, 2);
/**
* @brief Insert an escaped string to a buffer, reallocating as
@@ -199,7 +216,10 @@ EAPI Eina_Bool eina_strbuf_insert(Eina_Strbuf *buf, const char *str, size_t p
* position @p pos. If @p buf can't insert @p str, #EINA_FALSE is
* returned, otherwise #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_strbuf_insert_escaped(Eina_Strbuf *buf, const char *str, size_t pos) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_insert_escaped(Eina_Strbuf * buf,
+ const char *str,
+ size_t pos) EINA_ARG_NONNULL(1,
+ 2);
/**
* @brief Insert a string to a buffer, reallocating as necessary. Limited by maxlen.
@@ -219,7 +239,9 @@ EAPI Eina_Bool eina_strbuf_insert_escaped(Eina_Strbuf *buf, const char *str,
* @p str). If @p str can not be inserted, #EINA_FALSE is returned,
* otherwise, #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_strbuf_insert_n(Eina_Strbuf *buf, const char *str, size_t maxlen, size_t pos) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_insert_n(Eina_Strbuf * buf, const char *str,
+ size_t maxlen,
+ size_t pos) EINA_ARG_NONNULL(1, 2);
/**
* @brief Insert a string of exact length to a buffer, reallocating as necessary.
@@ -241,7 +263,10 @@ EAPI Eina_Bool eina_strbuf_insert_n(Eina_Strbuf *buf, const char *str, size_t
* @see eina_strbuf_insert()
* @see eina_strbuf_insert_n()
*/
-EAPI Eina_Bool eina_strbuf_insert_length(Eina_Strbuf *buf, const char *str, size_t length, size_t pos) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_insert_length(Eina_Strbuf * buf,
+ const char *str, size_t length,
+ size_t pos) EINA_ARG_NONNULL(1,
+ 2);
/**
* @brief Insert a character to a string buffer, reallocating as
@@ -256,7 +281,8 @@ EAPI Eina_Bool eina_strbuf_insert_length(Eina_Strbuf *buf, const char *str, s
* can't append it, #EINA_FALSE is returned, otherwise #EINA_TRUE is
* returned.
*/
-EAPI Eina_Bool eina_strbuf_insert_char(Eina_Strbuf *buf, char c, size_t pos) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_strbuf_insert_char(Eina_Strbuf * buf, char c,
+ size_t pos) EINA_ARG_NONNULL(1);
/**
* @brief Insert a string to a buffer, reallocating as necessary.
@@ -266,7 +292,11 @@ EAPI Eina_Bool eina_strbuf_insert_char(Eina_Strbuf *buf, char c, size_t pos)
* @param pos The position to insert the string.
* @return #EINA_TRUE on success, #EINA_FALSE on failure.
*/
-EAPI Eina_Bool eina_strbuf_insert_printf(Eina_Strbuf *buf, const char *fmt, size_t pos, ...) EINA_ARG_NONNULL(1, 2) EINA_PRINTF(2, 4);
+EAPI Eina_Bool eina_strbuf_insert_printf(Eina_Strbuf * buf,
+ const char *fmt, size_t pos,
+ ...) EINA_ARG_NONNULL(1,
+ 2)
+EINA_PRINTF(2, 4);
/**
* @brief Insert a string to a buffer, reallocating as necessary.
@@ -277,7 +307,10 @@ EAPI Eina_Bool eina_strbuf_insert_printf(Eina_Strbuf *buf, const char *fmt, s
* @param args The variable arguments.
* @return #EINA_TRUE on success, #EINA_FALSE on failure.
*/
-EAPI Eina_Bool eina_strbuf_insert_vprintf(Eina_Strbuf *buf, const char *fmt, size_t pos, va_list args) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_strbuf_insert_vprintf(Eina_Strbuf * buf,
+ const char *fmt, size_t pos,
+ va_list args) EINA_ARG_NONNULL(1,
+ 2);
/**
* @def eina_strbuf_prepend(buf, str)
@@ -395,7 +428,8 @@ EAPI Eina_Bool eina_strbuf_insert_vprintf(Eina_Strbuf *buf, const char *fmt,
* in bytes. It returns #EINA_FALSE on failure, #EINA_TRUE otherwise.
*/
-EAPI Eina_Bool eina_strbuf_remove(Eina_Strbuf *buf, size_t start, size_t end) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_strbuf_remove(Eina_Strbuf * buf, size_t start,
+ size_t end) EINA_ARG_NONNULL(1);
/**
* @brief Retrieve a pointer to the contents of a string buffer
@@ -410,7 +444,9 @@ EAPI Eina_Bool eina_strbuf_remove(Eina_Strbuf *buf, size_t start, size_t end) EI
*
* @see eina_strbuf_string_steal()
*/
-EAPI const char *eina_strbuf_string_get(const Eina_Strbuf *buf) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI const char *eina_strbuf_string_get(const Eina_Strbuf *
+ buf) EINA_ARG_NONNULL(1)
+ EINA_WARN_UNUSED_RESULT;
/**
* @brief Steal the contents of a string buffer.
@@ -425,7 +461,8 @@ EAPI const char *eina_strbuf_string_get(const Eina_Strbuf *buf) EINA_ARG_NONNULL
*
* @see eina_strbuf_string_get()
*/
-EAPI char *eina_strbuf_string_steal(Eina_Strbuf *buf) EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+EAPI char *eina_strbuf_string_steal(Eina_Strbuf * buf)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
/**
* @brief Free the contents of a string buffer but not the buffer.
@@ -435,7 +472,7 @@ EAPI char *eina_strbuf_string_steal(Eina_Strbuf *buf) EINA_MALLOC EINA_WARN_UNUS
* This function frees the string contained in @p buf without freeing
* @p buf.
*/
-EAPI void eina_strbuf_string_free(Eina_Strbuf *buf) EINA_ARG_NONNULL(1);
+EAPI void eina_strbuf_string_free(Eina_Strbuf * buf) EINA_ARG_NONNULL(1);
/**
* @brief Retrieve the length of the string buffer content.
@@ -445,9 +482,14 @@ EAPI void eina_strbuf_string_free(Eina_Strbuf *buf) EINA_ARG_NONNULL(1);
*
* This function returns the length of @p buf.
*/
-EAPI size_t eina_strbuf_length_get(const Eina_Strbuf *buf) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI size_t eina_strbuf_length_get(const Eina_Strbuf *
+ buf) EINA_ARG_NONNULL(1)
+ EINA_WARN_UNUSED_RESULT;
-EAPI Eina_Bool eina_strbuf_replace(Eina_Strbuf *buf, const char *str, const char *with, unsigned int n) EINA_ARG_NONNULL(1, 2, 3);
+EAPI Eina_Bool eina_strbuf_replace(Eina_Strbuf * buf, const char *str,
+ const char *with,
+ unsigned int n) EINA_ARG_NONNULL(1, 2,
+ 3);
/**
* @def eina_strbuf_replace_first(buf, str, with)
@@ -464,7 +506,9 @@ EAPI Eina_Bool eina_strbuf_replace(Eina_Strbuf *buf, const char *str, const char
*/
#define eina_strbuf_replace_first(buf, str, with) eina_strbuf_replace(buf, str, with, 1)
-EAPI int eina_strbuf_replace_all(Eina_Strbuf *buf, const char *str, const char *with) EINA_ARG_NONNULL(1, 2, 3);
+EAPI int eina_strbuf_replace_all(Eina_Strbuf * buf, const char *str,
+ const char *with) EINA_ARG_NONNULL(1, 2,
+ 3);
/**
* @}
@@ -474,4 +518,4 @@ EAPI int eina_strbuf_replace_all(Eina_Strbuf *buf, const char *str, const char *
* @}
*/
-#endif /* EINA_STRBUF_H */
+#endif /* EINA_STRBUF_H */
diff --git a/tests/suite/ecore/src/include/eina_stringshare.h b/tests/suite/ecore/src/include/eina_stringshare.h
index 4df5b40ab9..cc9f46cd6a 100644
--- a/tests/suite/ecore/src/include/eina_stringshare.h
+++ b/tests/suite/ecore/src/include/eina_stringshare.h
@@ -67,18 +67,32 @@
* @{
*/
-EAPI const char * eina_stringshare_add_length(const char *str, unsigned int slen) EINA_WARN_UNUSED_RESULT;
-EAPI const char * eina_stringshare_add(const char *str) EINA_WARN_UNUSED_RESULT;
-EAPI const char * eina_stringshare_printf(const char *fmt, ...) EINA_WARN_UNUSED_RESULT EINA_PRINTF(1, 2);
-EAPI const char * eina_stringshare_vprintf(const char *fmt, va_list args) EINA_WARN_UNUSED_RESULT;
-EAPI const char * eina_stringshare_nprintf(unsigned int len, const char *fmt, ...) EINA_WARN_UNUSED_RESULT EINA_PRINTF(2, 3);
-EAPI const char * eina_stringshare_ref(const char *str);
-EAPI void eina_stringshare_del(const char *str);
-EAPI int eina_stringshare_strlen(const char *str) EINA_PURE EINA_WARN_UNUSED_RESULT;
-EAPI void eina_stringshare_dump(void);
+EAPI const char *eina_stringshare_add_length(const char *str,
+ unsigned int slen)
+ EINA_WARN_UNUSED_RESULT;
+EAPI const char *eina_stringshare_add(const char *str)
+ EINA_WARN_UNUSED_RESULT;
+EAPI const char *eina_stringshare_printf(const char *fmt, ...)
+EINA_WARN_UNUSED_RESULT EINA_PRINTF(1, 2);
+EAPI const char *eina_stringshare_vprintf(const char *fmt,
+ va_list args)
+ EINA_WARN_UNUSED_RESULT;
+EAPI const char *eina_stringshare_nprintf(unsigned int len,
+ const char *fmt, ...)
+EINA_WARN_UNUSED_RESULT EINA_PRINTF(2, 3);
+EAPI const char *eina_stringshare_ref(const char *str);
+EAPI void eina_stringshare_del(const char *str);
+EAPI int eina_stringshare_strlen(const char *str)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+EAPI void eina_stringshare_dump(void);
-static inline Eina_Bool eina_stringshare_replace(const char **p_str, const char *news) EINA_ARG_NONNULL(1);
-static inline Eina_Bool eina_stringshare_replace_length(const char **p_str, const char *news, unsigned int slen) EINA_ARG_NONNULL(1);
+static inline Eina_Bool eina_stringshare_replace(const char **p_str,
+ const char *news)
+EINA_ARG_NONNULL(1);
+static inline Eina_Bool eina_stringshare_replace_length(const char **p_str,
+ const char *news,
+ unsigned int slen)
+EINA_ARG_NONNULL(1);
#include "eina_inline_stringshare.x"
@@ -90,4 +104,4 @@ static inline Eina_Bool eina_stringshare_replace_length(const char **p_str, cons
* @}
*/
-#endif /* EINA_STRINGSHARE_H_ */
+#endif /* EINA_STRINGSHARE_H_ */
diff --git a/tests/suite/ecore/src/include/eina_tiler.h b/tests/suite/ecore/src/include/eina_tiler.h
index 19762a5cf8..b671b11d78 100644
--- a/tests/suite/ecore/src/include/eina_tiler.h
+++ b/tests/suite/ecore/src/include/eina_tiler.h
@@ -51,26 +51,40 @@ typedef struct Eina_Tile_Grid_Info Eina_Tile_Grid_Info;
* @struct Eina_Tile_Grid_Info
* Grid type of a tiler.
*/
-struct Eina_Tile_Grid_Info
-{
- unsigned long col; /**< column of the tiler grid */
- unsigned long row; /**< row of the tiler grid*/
- Eina_Rectangle rect; /**< rectangle of the tiler grid*/
- Eina_Bool full; /**< whether the grid is full or not */
+struct Eina_Tile_Grid_Info {
+ unsigned long col;
+ /**< column of the tiler grid */
+ unsigned long row;
+ /**< row of the tiler grid*/
+ Eina_Rectangle rect;
+ /**< rectangle of the tiler grid*/
+ Eina_Bool full;
+ /**< whether the grid is full or not */
};
typedef struct _Eina_Tile_Grid_Slicer Eina_Tile_Grid_Slicer;
-EAPI Eina_Tiler * eina_tiler_new(int w, int h);
-EAPI void eina_tiler_free(Eina_Tiler *t);
-EAPI void eina_tiler_tile_size_set(Eina_Tiler *t, int w, int h);
-EAPI Eina_Bool eina_tiler_rect_add(Eina_Tiler *t, const Eina_Rectangle *r);
-EAPI void eina_tiler_rect_del(Eina_Tiler *t, const Eina_Rectangle *r);
-EAPI void eina_tiler_clear(Eina_Tiler *t);
-EAPI Eina_Iterator *eina_tiler_iterator_new(const Eina_Tiler *t);
-EAPI Eina_Iterator *eina_tile_grid_slicer_iterator_new(int x, int y, int w, int h, int tile_w, int tile_h);
-static inline Eina_Bool eina_tile_grid_slicer_next(Eina_Tile_Grid_Slicer *slc, const Eina_Tile_Grid_Info **rect);
-static inline Eina_Bool eina_tile_grid_slicer_setup(Eina_Tile_Grid_Slicer *slc, int x, int y, int w, int h, int tile_w, int tile_h);
+EAPI Eina_Tiler *eina_tiler_new(int w, int h);
+EAPI void eina_tiler_free(Eina_Tiler * t);
+EAPI void eina_tiler_tile_size_set(Eina_Tiler * t, int w, int h);
+EAPI Eina_Bool eina_tiler_rect_add(Eina_Tiler * t,
+ const Eina_Rectangle * r);
+EAPI void eina_tiler_rect_del(Eina_Tiler * t, const Eina_Rectangle * r);
+EAPI void eina_tiler_clear(Eina_Tiler * t);
+EAPI Eina_Iterator *eina_tiler_iterator_new(const Eina_Tiler * t);
+EAPI Eina_Iterator *eina_tile_grid_slicer_iterator_new(int x, int y, int w,
+ int h, int tile_w,
+ int tile_h);
+static inline Eina_Bool eina_tile_grid_slicer_next(Eina_Tile_Grid_Slicer *
+ slc,
+ const
+ Eina_Tile_Grid_Info **
+ rect);
+static inline Eina_Bool eina_tile_grid_slicer_setup(Eina_Tile_Grid_Slicer *
+ slc, int x, int y,
+ int w, int h,
+ int tile_w,
+ int tile_h);
#include "eina_inline_tiler.x"
@@ -83,4 +97,4 @@ static inline Eina_Bool eina_tile_grid_slicer_setup(Eina_Tile_Grid_Slicer *slc,
* @}
*/
-#endif /* EINA_TILER_H_ */
+#endif /* EINA_TILER_H_ */
diff --git a/tests/suite/ecore/src/include/eina_trash.h b/tests/suite/ecore/src/include/eina_trash.h
index 0d165f1931..c7088e4f8a 100644
--- a/tests/suite/ecore/src/include/eina_trash.h
+++ b/tests/suite/ecore/src/include/eina_trash.h
@@ -47,14 +47,18 @@ typedef struct _Eina_Trash Eina_Trash;
* @struct _Eina_Trash
* Type for a generic container of unused allocated pointer.
*/
-struct _Eina_Trash
-{
- Eina_Trash *next; /**< next item in trash. */
+struct _Eina_Trash {
+ Eina_Trash *next;
+ /**< next item in trash. */
};
-static inline void eina_trash_init(Eina_Trash **trash) EINA_ARG_NONNULL(1);
-static inline void eina_trash_push(Eina_Trash **trash, void *data) EINA_ARG_NONNULL(1);
-static inline void *eina_trash_pop(Eina_Trash **trash) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+static inline void eina_trash_init(Eina_Trash **
+ trash) EINA_ARG_NONNULL(1);
+static inline void eina_trash_push(Eina_Trash ** trash,
+ void *data) EINA_ARG_NONNULL(1);
+static inline void *eina_trash_pop(Eina_Trash **
+ trash) EINA_ARG_NONNULL(1)
+ EINA_WARN_UNUSED_RESULT;
/**
* @def EINA_TRASH_CLEAN
@@ -97,4 +101,4 @@ static inline void *eina_trash_pop(Eina_Trash **trash) EINA_ARG_NONNULL(1) EINA_
* @}
*/
-#endif /* EINA_TRASH_H_ */
+#endif /* EINA_TRASH_H_ */
diff --git a/tests/suite/ecore/src/include/eina_types.h b/tests/suite/ecore/src/include/eina_types.h
index c94983f618..bb20a23138 100644
--- a/tests/suite/ecore/src/include/eina_types.h
+++ b/tests/suite/ecore/src/include/eina_types.h
@@ -32,186 +32,186 @@
*/
#ifdef EAPI
-# undef EAPI
+#undef EAPI
#endif
#ifdef _WIN32
-# ifdef EFL_EINA_BUILD
-# ifdef DLL_EXPORT
-# define EAPI __declspec(dllexport)
-# else
-# define EAPI
-# endif /* ! DLL_EXPORT */
-# else
-# define EAPI __declspec(dllimport)
-# endif /* ! EFL_EINA_BUILD */
+#ifdef EFL_EINA_BUILD
+#ifdef DLL_EXPORT
+#define EAPI __declspec(dllexport)
#else
-# ifdef __GNUC__
-# if __GNUC__ >= 4
-# define EAPI __attribute__ ((visibility("default")))
-# else
-# define EAPI
-# endif
-# else
-# define EAPI
-# endif
+#define EAPI
+#endif /* ! DLL_EXPORT */
+#else
+#define EAPI __declspec(dllimport)
+#endif /* ! EFL_EINA_BUILD */
+#else
+#ifdef __GNUC__
+#if __GNUC__ >= 4
+#define EAPI __attribute__ ((visibility("default")))
+#else
+#define EAPI
+#endif
+#else
+#define EAPI
+#endif
#endif
#include "eina_config.h"
#ifdef EINA_WARN_UNUSED_RESULT
-# undef EINA_WARN_UNUSED_RESULT
+#undef EINA_WARN_UNUSED_RESULT
#endif
#ifdef EINA_ARG_NONNULL
-# undef EINA_ARG_NONNULL
+#undef EINA_ARG_NONNULL
#endif
#ifdef EINA_DEPRECATED
-# undef EINA_DEPRECATED
+#undef EINA_DEPRECATED
#endif
#ifdef EINA_MALLOC
-# undef EINA_MALLOC
+#undef EINA_MALLOC
#endif
#ifdef EINA_PURE
-# undef EINA_PURE
+#undef EINA_PURE
#endif
#ifdef EINA_PRINTF
-# undef EINA_PRINTF
+#undef EINA_PRINTF
#endif
#ifdef EINA_SCANF
-# undef EINA_SCANF
+#undef EINA_SCANF
#endif
#ifdef EINA_FORMAT
-# undef EINA_FORMAT
+#undef EINA_FORMAT
#endif
#ifdef EINA_CONST
-# undef EINA_CONST
+#undef EINA_CONST
#endif
#ifdef EINA_NOINSTRUMENT
-# undef EINA_NOINSTRUMENT
+#undef EINA_NOINSTRUMENT
#endif
#ifdef EINA_UNLIKELY
-# undef EINA_UNLIKELY
+#undef EINA_UNLIKELY
#endif
#ifdef EINA_LIKELY
-# undef EINA_LIKELY
+#undef EINA_LIKELY
#endif
#ifdef __GNUC__
-# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
-# define EINA_WARN_UNUSED_RESULT __attribute__ ((warn_unused_result))
-# else
-# define EINA_WARN_UNUSED_RESULT
-# endif
-
-# if (!defined(EINA_SAFETY_CHECKS)) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 3))
-# define EINA_ARG_NONNULL(idx, ...) __attribute__ ((nonnull(idx, ## __VA_ARGS__)))
-# else
-# define EINA_ARG_NONNULL(idx, ...)
-# endif
-
-# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)
-# define EINA_DEPRECATED __attribute__ ((__deprecated__))
-# else
-# define EINA_DEPRECATED
-# endif
-
-# if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96)
-# define EINA_MALLOC __attribute__ ((malloc))
-# define EINA_PURE __attribute__ ((pure))
-# else
-# define EINA_MALLOC
-# define EINA_PURE
-# endif
-
-# if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4)
-# define EINA_PRINTF(fmt, arg) __attribute__((format (printf, fmt, arg)))
-# define EINA_SCANF(fmt, arg) __attribute__((format (scanf, fmt, arg)))
-# define EINA_FORMAT(fmt) __attribute__((format_arg(fmt)))
-# define EINA_CONST __attribute__((const))
-# define EINA_NOINSTRUMENT __attribute__((no_instrument_function))
-# define EINA_UNLIKELY(exp) __builtin_expect((exp), 0)
-# define EINA_LIKELY(exp) __builtin_expect((exp), 1)
-# else
-# define EINA_PRINTF(fmt, arg)
-# define EINA_SCANF(fmt, arg)
-# define EINA_FORMAT(fmt)
-# define EINA_CONST
-# define EINA_NOINSTRUMENT
-# define EINA_UNLIKELY(exp) exp
-# define EINA_LIKELY(exp) exp
-# endif
+#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
+#define EINA_WARN_UNUSED_RESULT __attribute__ ((warn_unused_result))
+#else
+#define EINA_WARN_UNUSED_RESULT
+#endif
+
+#if (!defined(EINA_SAFETY_CHECKS)) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 3))
+#define EINA_ARG_NONNULL(idx, ...) __attribute__ ((nonnull(idx, ## __VA_ARGS__)))
+#else
+#define EINA_ARG_NONNULL(idx, ...)
+#endif
+
+#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)
+#define EINA_DEPRECATED __attribute__ ((__deprecated__))
+#else
+#define EINA_DEPRECATED
+#endif
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96)
+#define EINA_MALLOC __attribute__ ((malloc))
+#define EINA_PURE __attribute__ ((pure))
+#else
+#define EINA_MALLOC
+#define EINA_PURE
+#endif
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4)
+#define EINA_PRINTF(fmt, arg) __attribute__((format (printf, fmt, arg)))
+#define EINA_SCANF(fmt, arg) __attribute__((format (scanf, fmt, arg)))
+#define EINA_FORMAT(fmt) __attribute__((format_arg(fmt)))
+#define EINA_CONST __attribute__((const))
+#define EINA_NOINSTRUMENT __attribute__((no_instrument_function))
+#define EINA_UNLIKELY(exp) __builtin_expect((exp), 0)
+#define EINA_LIKELY(exp) __builtin_expect((exp), 1)
+#else
+#define EINA_PRINTF(fmt, arg)
+#define EINA_SCANF(fmt, arg)
+#define EINA_FORMAT(fmt)
+#define EINA_CONST
+#define EINA_NOINSTRUMENT
+#define EINA_UNLIKELY(exp) exp
+#define EINA_LIKELY(exp) exp
+#endif
#elif defined(_WIN32)
-# define EINA_WARN_UNUSED_RESULT
-# define EINA_ARG_NONNULL(idx, ...)
-# if defined(_MSC_VER) && _MSC_VER >= 1300
-# define EINA_DEPRECATED __declspec(deprecated)
-# else
-# define EINA_DEPRECATED
-# endif
-# define EINA_MALLOC
-# define EINA_PURE
-# define EINA_PRINTF(fmt, arg)
-# define EINA_SCANF(fmt, arg)
-# define EINA_FORMAT(fmt)
-# define EINA_CONST
-# define EINA_NOINSTRUMENT
-# define EINA_UNLIKELY(exp) exp
-# define EINA_LIKELY(exp) exp
+#define EINA_WARN_UNUSED_RESULT
+#define EINA_ARG_NONNULL(idx, ...)
+#if defined(_MSC_VER) && _MSC_VER >= 1300
+#define EINA_DEPRECATED __declspec(deprecated)
+#else
+#define EINA_DEPRECATED
+#endif
+#define EINA_MALLOC
+#define EINA_PURE
+#define EINA_PRINTF(fmt, arg)
+#define EINA_SCANF(fmt, arg)
+#define EINA_FORMAT(fmt)
+#define EINA_CONST
+#define EINA_NOINSTRUMENT
+#define EINA_UNLIKELY(exp) exp
+#define EINA_LIKELY(exp) exp
#elif defined(__SUNPRO_C)
-# define EINA_WARN_UNUSED_RESULT
-# define EINA_ARG_NONNULL(...)
-# define EINA_DEPRECATED
-# if __SUNPRO_C >= 0x590
-# define EINA_MALLOC __attribute__ ((malloc))
-# define EINA_PURE __attribute__ ((pure))
-# else
-# define EINA_MALLOC
-# define EINA_PURE
-# endif
-# define EINA_PRINTF(fmt, arg)
-# define EINA_SCANF(fmt, arg)
-# define EINA_FORMAT(fmt)
-# if __SUNPRO_C >= 0x590
-# define EINA_CONST __attribute__ ((const))
-# else
-# define EINA_CONST
-# endif
-# define EINA_NOINSTRUMENT
-# define EINA_UNLIKELY(exp) exp
-# define EINA_LIKELY(exp) exp
-
-#else /* ! __GNUC__ && ! _WIN32 && ! __SUNPRO_C */
+#define EINA_WARN_UNUSED_RESULT
+#define EINA_ARG_NONNULL(...)
+#define EINA_DEPRECATED
+#if __SUNPRO_C >= 0x590
+#define EINA_MALLOC __attribute__ ((malloc))
+#define EINA_PURE __attribute__ ((pure))
+#else
+#define EINA_MALLOC
+#define EINA_PURE
+#endif
+#define EINA_PRINTF(fmt, arg)
+#define EINA_SCANF(fmt, arg)
+#define EINA_FORMAT(fmt)
+#if __SUNPRO_C >= 0x590
+#define EINA_CONST __attribute__ ((const))
+#else
+#define EINA_CONST
+#endif
+#define EINA_NOINSTRUMENT
+#define EINA_UNLIKELY(exp) exp
+#define EINA_LIKELY(exp) exp
+
+#else /* ! __GNUC__ && ! _WIN32 && ! __SUNPRO_C */
/**
* @def EINA_WARN_UNUSED_RESULT
* Used to warn when the returned value of the function is not used.
*/
-# define EINA_WARN_UNUSED_RESULT
+#define EINA_WARN_UNUSED_RESULT
/**
* @def EINA_ARG_NONNULL
* Used to warn when the specified arguments of the function are @c NULL.
*/
-# define EINA_ARG_NONNULL(idx, ...)
+#define EINA_ARG_NONNULL(idx, ...)
/**
* @def EINA_DEPRECATED
* Used to warn when the function is considered as deprecated.
*/
-# define EINA_DEPRECATED
-# define EINA_MALLOC
-# define EINA_PURE
-# define EINA_PRINTF(fmt, arg)
-# define EINA_SCANF(fmt, arg)
-# define EINA_FORMAT(fmt)
-# define EINA_CONST
-# define EINA_NOINSTRUMENT
-# define EINA_UNLIKELY(exp) exp
-# define EINA_LIKELY(exp) exp
-#endif /* ! __GNUC__ && ! _WIN32 && ! __SUNPRO_C */
+#define EINA_DEPRECATED
+#define EINA_MALLOC
+#define EINA_PURE
+#define EINA_PRINTF(fmt, arg)
+#define EINA_SCANF(fmt, arg)
+#define EINA_FORMAT(fmt)
+#define EINA_CONST
+#define EINA_NOINSTRUMENT
+#define EINA_UNLIKELY(exp) exp
+#define EINA_LIKELY(exp) exp
+#endif /* ! __GNUC__ && ! _WIN32 && ! __SUNPRO_C */
/**
@@ -245,7 +245,7 @@ EAPI extern const unsigned int eina_prime_table[];
* if it is 'greater', 1 must be returned, and if they are equal, 0
* must be returned.
*/
-typedef int (*Eina_Compare_Cb)(const void *data1, const void *data2);
+typedef int (*Eina_Compare_Cb) (const void *data1, const void *data2);
/**
* @def EINA_COMPARE_CB
@@ -253,7 +253,8 @@ typedef int (*Eina_Compare_Cb)(const void *data1, const void *data2);
*/
#define EINA_COMPARE_CB(function) ((Eina_Compare_Cb)function)
-typedef Eina_Bool (*Eina_Each_Cb)(const void *container, void *data, void *fdata);
+typedef Eina_Bool(*Eina_Each_Cb) (const void *container, void *data,
+ void *fdata);
/**
* @def EINA_EACH_CB
@@ -265,7 +266,7 @@ typedef Eina_Bool (*Eina_Each_Cb)(const void *container, void *data, void *fdata
* @typedef Eina_Free_Cb
* A callback type used to free data when iterating over a container.
*/
-typedef void (*Eina_Free_Cb)(void *data);
+typedef void (*Eina_Free_Cb) (void *data);
/**
* @def EINA_FREE_CB
@@ -281,4 +282,4 @@ typedef void (*Eina_Free_Cb)(void *data);
* @}
*/
-#endif /* EINA_TYPES_H_ */
+#endif /* EINA_TYPES_H_ */
diff --git a/tests/suite/ecore/src/include/eina_unicode.h b/tests/suite/ecore/src/include/eina_unicode.h
index 06a2af1752..4cd362fcb5 100644
--- a/tests/suite/ecore/src/include/eina_unicode.h
+++ b/tests/suite/ecore/src/include/eina_unicode.h
@@ -26,13 +26,13 @@
* A type that holds Unicode codepoints.
*/
#if EINA_SIZEOF_WCHAR_T >= 4
-# include <wchar.h>
+#include <wchar.h>
typedef wchar_t Eina_Unicode;
#elif defined(EINA_HAVE_INTTYPES_H)
-# include <inttypes.h>
+#include <inttypes.h>
typedef uint32_t Eina_Unicode;
#elif defined(EINA_HAVE_STDINT_H)
-# include <stdint.h>
+#include <stdint.h>
typedef uint32_t Eina_Unicode;
#else
/* Hope that int is big enough */
@@ -41,21 +41,36 @@ typedef unsigned int Eina_Unicode;
EAPI extern const Eina_Unicode *EINA_UNICODE_EMPTY_STRING;
-EAPI size_t eina_unicode_strlen(const Eina_Unicode *ustr) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT EINA_PURE;
-EAPI size_t eina_unicode_strnlen(const Eina_Unicode *ustr, int n) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT EINA_PURE;
+EAPI size_t eina_unicode_strlen(const Eina_Unicode *
+ ustr) EINA_ARG_NONNULL(1)
+EINA_WARN_UNUSED_RESULT EINA_PURE;
+EAPI size_t eina_unicode_strnlen(const Eina_Unicode * ustr,
+ int n) EINA_ARG_NONNULL(1)
+EINA_WARN_UNUSED_RESULT EINA_PURE;
-EAPI Eina_Unicode *eina_unicode_strdup(const Eina_Unicode *text) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_MALLOC;
+EAPI Eina_Unicode *eina_unicode_strdup(const Eina_Unicode * text)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1) EINA_MALLOC;
-EAPI int eina_unicode_strcmp(const Eina_Unicode *a, const Eina_Unicode *b) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1, 2) EINA_PURE;
+EAPI int eina_unicode_strcmp(const Eina_Unicode * a,
+ const Eina_Unicode * b)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1, 2) EINA_PURE;
-EAPI Eina_Unicode *eina_unicode_strcpy(Eina_Unicode *dest, const Eina_Unicode *source) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Unicode *eina_unicode_strcpy(Eina_Unicode * dest,
+ const Eina_Unicode *
+ source) EINA_ARG_NONNULL(1, 2);
-EAPI Eina_Unicode *eina_unicode_strstr(const Eina_Unicode *haystack, const Eina_Unicode *needle) EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1, 2) EINA_PURE;
+EAPI Eina_Unicode *eina_unicode_strstr(const Eina_Unicode * haystack,
+ const Eina_Unicode * needle)
+EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1, 2) EINA_PURE;
-EAPI Eina_Unicode *eina_unicode_strncpy(Eina_Unicode *dest, const Eina_Unicode *source, size_t n) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Unicode *eina_unicode_strncpy(Eina_Unicode * dest,
+ const Eina_Unicode * source,
+ size_t n) EINA_ARG_NONNULL(1, 2);
-EAPI Eina_Unicode *eina_unicode_escape(const Eina_Unicode *str) EINA_ARG_NONNULL(1) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_Unicode *eina_unicode_escape(const Eina_Unicode *
+ str) EINA_ARG_NONNULL(1)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
/**
* @}
diff --git a/tests/suite/ecore/src/include/eina_ustrbuf.h b/tests/suite/ecore/src/include/eina_ustrbuf.h
index e042b5df9d..5a24ccda67 100644
--- a/tests/suite/ecore/src/include/eina_ustrbuf.h
+++ b/tests/suite/ecore/src/include/eina_ustrbuf.h
@@ -37,7 +37,8 @@ typedef struct _Eina_Strbuf Eina_UStrbuf;
* @see eina_ustrbuf_append()
* @see eina_ustrbuf_string_get()
*/
-EAPI Eina_UStrbuf *eina_ustrbuf_new(void) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
+EAPI Eina_UStrbuf *eina_ustrbuf_new(void)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT;
/**
* @brief Free a string buffer.
@@ -47,7 +48,7 @@ EAPI Eina_UStrbuf *eina_ustrbuf_new(void) EINA_MALLOC EINA_WARN_UNUSED_RESULT;
* This function frees the memory of @p buf. @p buf must have been
* created by eina_ustrbuf_new().
*/
-EAPI void eina_ustrbuf_free(Eina_UStrbuf *buf) EINA_ARG_NONNULL(1);
+EAPI void eina_ustrbuf_free(Eina_UStrbuf * buf) EINA_ARG_NONNULL(1);
/**
* @brief Reset a string buffer.
@@ -57,7 +58,7 @@ EAPI void eina_ustrbuf_free(Eina_UStrbuf *buf) EINA_ARG_NONNULL(1);
* This function reset @p buf: the buffer len is set to 0, and the
* string is set to '\\0'. No memory is free'd.
*/
-EAPI void eina_ustrbuf_reset(Eina_UStrbuf *buf) EINA_ARG_NONNULL(1);
+EAPI void eina_ustrbuf_reset(Eina_UStrbuf * buf) EINA_ARG_NONNULL(1);
/**
* @brief Append a string to a buffer, reallocating as necessary.
@@ -75,7 +76,9 @@ EAPI void eina_ustrbuf_reset(Eina_UStrbuf *buf) EINA_ARG_NONNULL(1);
* @see eina_ustrbuf_append()
* @see eina_ustrbuf_append_length()
*/
-EAPI Eina_Bool eina_ustrbuf_append(Eina_UStrbuf *buf, const Eina_Unicode *str) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_ustrbuf_append(Eina_UStrbuf * buf,
+ const Eina_Unicode *
+ str) EINA_ARG_NONNULL(1, 2);
/**
* @brief Append an escaped string to a buffer, reallocating as necessary.
@@ -88,7 +91,9 @@ EAPI Eina_Bool eina_ustrbuf_append(Eina_UStrbuf *buf, const Eina_Unicode *st
* str can not be appended, #EINA_FALSE is returned, otherwise,
* #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_ustrbuf_append_escaped(Eina_UStrbuf *buf, const Eina_Unicode *str) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_ustrbuf_append_escaped(Eina_UStrbuf * buf,
+ const Eina_Unicode *
+ str) EINA_ARG_NONNULL(1, 2);
/**
* @brief Append a string to a buffer, reallocating as necessary,
@@ -111,7 +116,9 @@ EAPI Eina_Bool eina_ustrbuf_append_escaped(Eina_UStrbuf *buf, const Eina_Uni
* @see eina_ustrbuf_append()
* @see eina_ustrbuf_append_length()
*/
-EAPI Eina_Bool eina_ustrbuf_append_n(Eina_UStrbuf *buf, const Eina_Unicode *str, size_t maxlen) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_ustrbuf_append_n(Eina_UStrbuf * buf,
+ const Eina_Unicode * str,
+ size_t maxlen) EINA_ARG_NONNULL(1, 2);
/**
* @brief Append a string of exact length to a buffer, reallocating as necessary.
@@ -132,7 +139,10 @@ EAPI Eina_Bool eina_ustrbuf_append_n(Eina_UStrbuf *buf, const Eina_Unicode *
* @see eina_ustrbuf_append()
* @see eina_ustrbuf_append_n()
*/
-EAPI Eina_Bool eina_ustrbuf_append_length(Eina_UStrbuf *buf, const Eina_Unicode *str, size_t length) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_ustrbuf_append_length(Eina_UStrbuf * buf,
+ const Eina_Unicode * str,
+ size_t length)
+EINA_ARG_NONNULL(1, 2);
/**
* @brief Append a character to a string buffer, reallocating as
@@ -145,7 +155,9 @@ EAPI Eina_Bool eina_ustrbuf_append_length(Eina_UStrbuf *buf, const Eina_Unic
* This function inserts @p c to @p buf. If it can not insert it,
* #EINA_FALSE is returned, otherwise #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_ustrbuf_append_char(Eina_UStrbuf *buf, Eina_Unicode c) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_ustrbuf_append_char(Eina_UStrbuf * buf,
+ Eina_Unicode c)
+EINA_ARG_NONNULL(1);
/**
* @brief Insert a string to a buffer, reallocating as necessary.
@@ -161,7 +173,9 @@ EAPI Eina_Bool eina_ustrbuf_append_char(Eina_UStrbuf *buf, Eina_Unicode c) E
* consider using that variant. If @p buf can't insert it, #EINA_FALSE
* is returned, otherwise #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_ustrbuf_insert(Eina_UStrbuf *buf, const Eina_Unicode *str, size_t pos) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_ustrbuf_insert(Eina_UStrbuf * buf,
+ const Eina_Unicode * str,
+ size_t pos) EINA_ARG_NONNULL(1, 2);
/**
* @brief Insert an escaped string to a buffer, reallocating as
@@ -176,7 +190,10 @@ EAPI Eina_Bool eina_ustrbuf_insert(Eina_UStrbuf *buf, const Eina_Unicode *st
* position @p pos. If @p buf can't insert @p str, #EINA_FALSE is
* returned, otherwise #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_ustrbuf_insert_escaped(Eina_UStrbuf *buf, const Eina_Unicode *str, size_t pos) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_ustrbuf_insert_escaped(Eina_UStrbuf * buf,
+ const Eina_Unicode * str,
+ size_t pos) EINA_ARG_NONNULL(1,
+ 2);
/**
* @brief Insert a string to a buffer, reallocating as necessary. Limited by maxlen.
@@ -196,7 +213,10 @@ EAPI Eina_Bool eina_ustrbuf_insert_escaped(Eina_UStrbuf *buf, const Eina_Uni
* @p str). If @p str can not be inserted, #EINA_FALSE is returned,
* otherwise, #EINA_TRUE is returned.
*/
-EAPI Eina_Bool eina_ustrbuf_insert_n(Eina_UStrbuf *buf, const Eina_Unicode *str, size_t maxlen, size_t pos) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_ustrbuf_insert_n(Eina_UStrbuf * buf,
+ const Eina_Unicode * str,
+ size_t maxlen,
+ size_t pos) EINA_ARG_NONNULL(1, 2);
/**
* @brief Insert a string of exact length to a buffer, reallocating as necessary.
@@ -218,7 +238,11 @@ EAPI Eina_Bool eina_ustrbuf_insert_n(Eina_UStrbuf *buf, const Eina_Unicode *
* @see eina_ustrbuf_insert()
* @see eina_ustrbuf_insert_n()
*/
-EAPI Eina_Bool eina_ustrbuf_insert_length(Eina_UStrbuf *buf, const Eina_Unicode *str, size_t length, size_t pos) EINA_ARG_NONNULL(1, 2);
+EAPI Eina_Bool eina_ustrbuf_insert_length(Eina_UStrbuf * buf,
+ const Eina_Unicode * str,
+ size_t length,
+ size_t pos) EINA_ARG_NONNULL(1,
+ 2);
/**
* @brief Insert a character to a string buffer, reallocating as
@@ -233,7 +257,8 @@ EAPI Eina_Bool eina_ustrbuf_insert_length(Eina_UStrbuf *buf, const Eina_Unic
* can't append it, #EINA_FALSE is returned, otherwise #EINA_TRUE is
* returned.
*/
-EAPI Eina_Bool eina_ustrbuf_insert_char(Eina_UStrbuf *buf, Eina_Unicode c, size_t pos) EINA_ARG_NONNULL(1);
+EAPI Eina_Bool eina_ustrbuf_insert_char(Eina_UStrbuf * buf, Eina_Unicode c,
+ size_t pos) EINA_ARG_NONNULL(1);
/**
* @def eina_ustrbuf_prepend(buf, str)
@@ -351,7 +376,8 @@ EAPI Eina_Bool eina_ustrbuf_insert_char(Eina_UStrbuf *buf, Eina_Unicode c, s
* in bytes. It returns #EINA_FALSE on failure, #EINA_TRUE otherwise.
*/
EAPI Eina_Bool
-eina_ustrbuf_remove(Eina_UStrbuf *buf, size_t start, size_t end) EINA_ARG_NONNULL(1);
+eina_ustrbuf_remove(Eina_UStrbuf * buf, size_t start,
+ size_t end) EINA_ARG_NONNULL(1);
/**
* @brief Retrieve a pointer to the contents of a string buffer
@@ -366,8 +392,9 @@ eina_ustrbuf_remove(Eina_UStrbuf *buf, size_t start, size_t end) EINA_ARG_NONNUL
*
* @see eina_ustrbuf_string_steal()
*/
-EAPI const Eina_Unicode *
-eina_ustrbuf_string_get(const Eina_UStrbuf *buf) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+EAPI const Eina_Unicode *eina_ustrbuf_string_get(const Eina_UStrbuf *
+ buf) EINA_ARG_NONNULL(1)
+ EINA_WARN_UNUSED_RESULT;
/**
* @brief Steal the contents of a string buffer.
@@ -382,8 +409,8 @@ eina_ustrbuf_string_get(const Eina_UStrbuf *buf) EINA_ARG_NONNULL(1) EINA_WARN_U
*
* @see eina_ustrbuf_string_get()
*/
-EAPI Eina_Unicode *
-eina_ustrbuf_string_steal(Eina_UStrbuf *buf) EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
+EAPI Eina_Unicode *eina_ustrbuf_string_steal(Eina_UStrbuf * buf)
+EINA_MALLOC EINA_WARN_UNUSED_RESULT EINA_ARG_NONNULL(1);
/**
* @brief Free the contents of a string buffer but not the buffer.
@@ -393,8 +420,7 @@ eina_ustrbuf_string_steal(Eina_UStrbuf *buf) EINA_MALLOC EINA_WARN_UNUSED_RESULT
* This function frees the string contained in @p buf without freeing
* @p buf.
*/
-EAPI void
-eina_ustrbuf_string_free(Eina_UStrbuf *buf) EINA_ARG_NONNULL(1);
+EAPI void eina_ustrbuf_string_free(Eina_UStrbuf * buf) EINA_ARG_NONNULL(1);
/**
* @brief Retrieve the length of the string buffer content.
@@ -405,7 +431,8 @@ eina_ustrbuf_string_free(Eina_UStrbuf *buf) EINA_ARG_NONNULL(1);
* This function returns the length of @p buf.
*/
EAPI size_t
-eina_ustrbuf_length_get(const Eina_UStrbuf *buf) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
+eina_ustrbuf_length_get(const Eina_UStrbuf *
+ buf) EINA_ARG_NONNULL(1) EINA_WARN_UNUSED_RESULT;
/**
* @}
@@ -415,4 +442,4 @@ eina_ustrbuf_length_get(const Eina_UStrbuf *buf) EINA_ARG_NONNULL(1) EINA_WARN_U
* @}
*/
-#endif /* EINA_STRBUF_H */
+#endif /* EINA_STRBUF_H */
diff --git a/tests/suite/ecore/src/include/eina_ustringshare.h b/tests/suite/ecore/src/include/eina_ustringshare.h
index ac8c8896e2..2db5aa9002 100644
--- a/tests/suite/ecore/src/include/eina_ustringshare.h
+++ b/tests/suite/ecore/src/include/eina_ustringshare.h
@@ -66,15 +66,30 @@
* @{
*/
-EAPI const Eina_Unicode *eina_ustringshare_add_length(const Eina_Unicode *str, unsigned int slen) EINA_WARN_UNUSED_RESULT;
-EAPI const Eina_Unicode *eina_ustringshare_add(const Eina_Unicode *str) EINA_WARN_UNUSED_RESULT;
-EAPI const Eina_Unicode *eina_ustringshare_ref(const Eina_Unicode *str);
-EAPI void eina_ustringshare_del(const Eina_Unicode *str);
-EAPI int eina_ustringshare_strlen(const Eina_Unicode *str) EINA_PURE EINA_WARN_UNUSED_RESULT;
-EAPI void eina_ustringshare_dump(void);
+EAPI const Eina_Unicode *eina_ustringshare_add_length(const Eina_Unicode *
+ str,
+ unsigned int slen)
+ EINA_WARN_UNUSED_RESULT;
+EAPI const Eina_Unicode *eina_ustringshare_add(const Eina_Unicode *
+ str)
+ EINA_WARN_UNUSED_RESULT;
+EAPI const Eina_Unicode *eina_ustringshare_ref(const Eina_Unicode * str);
+EAPI void eina_ustringshare_del(const Eina_Unicode * str);
+EAPI int eina_ustringshare_strlen(const Eina_Unicode * str)
+EINA_PURE EINA_WARN_UNUSED_RESULT;
+EAPI void eina_ustringshare_dump(void);
-static inline Eina_Bool eina_ustringshare_replace(const Eina_Unicode **p_str, const Eina_Unicode *news) EINA_ARG_NONNULL(1);
-static inline Eina_Bool eina_ustringshare_replace_length(const Eina_Unicode **p_str, const Eina_Unicode *news, unsigned int slen) EINA_ARG_NONNULL(1);
+static inline Eina_Bool eina_ustringshare_replace(const Eina_Unicode **
+ p_str,
+ const Eina_Unicode *
+ news)
+EINA_ARG_NONNULL(1);
+static inline Eina_Bool eina_ustringshare_replace_length(const Eina_Unicode
+ ** p_str,
+ const Eina_Unicode
+ * news,
+ unsigned int slen)
+EINA_ARG_NONNULL(1);
#include "eina_inline_ustringshare.x"
@@ -86,4 +101,4 @@ static inline Eina_Bool eina_ustringshare_replace_length(const Eina_Unicode **p
* @}
*/
-#endif /* EINA_STRINGSHARE_H_ */
+#endif /* EINA_STRINGSHARE_H_ */
diff --git a/tests/suite/ecore/src/lib/Ecore.h b/tests/suite/ecore/src/lib/Ecore.h
index c3347e8a63..2c939a688b 100644
--- a/tests/suite/ecore/src/lib/Ecore.h
+++ b/tests/suite/ecore/src/lib/Ecore.h
@@ -2,36 +2,36 @@
#define _ECORE_H
#ifdef _MSC_VER
-# include <Evil.h>
+#include <Evil.h>
#endif
#include <Eina.h>
#ifdef EAPI
-# undef EAPI
+#undef EAPI
#endif
#ifdef _WIN32
-# ifdef EFL_ECORE_BUILD
-# ifdef DLL_EXPORT
-# define EAPI __declspec(dllexport)
-# else
-# define EAPI
-# endif /* ! DLL_EXPORT */
-# else
-# define EAPI __declspec(dllimport)
-# endif /* ! EFL_ECORE_BUILD */
+#ifdef EFL_ECORE_BUILD
+#ifdef DLL_EXPORT
+#define EAPI __declspec(dllexport)
#else
-# ifdef __GNUC__
-# if __GNUC__ >= 4
-# define EAPI __attribute__ ((visibility("default")))
-# else
-# define EAPI
-# endif
-# else
-# define EAPI
-# endif
-#endif /* ! _WIN32 */
+#define EAPI
+#endif /* ! DLL_EXPORT */
+#else
+#define EAPI __declspec(dllimport)
+#endif /* ! EFL_ECORE_BUILD */
+#else
+#ifdef __GNUC__
+#if __GNUC__ >= 4
+#define EAPI __attribute__ ((visibility("default")))
+#else
+#define EAPI
+#endif
+#else
+#define EAPI
+#endif
+#endif /* ! _WIN32 */
/**
* @file Ecore.h
@@ -56,12 +56,12 @@
*/
#ifdef _WIN32
-# include <winsock2.h>
+#include <winsock2.h>
#else
-# include <sys/select.h>
-# include <signal.h>
+#include <sys/select.h>
+#include <signal.h>
#endif
-
+
#include <sys/types.h>
#ifdef __cplusplus
@@ -71,18 +71,17 @@ extern "C" {
#define ECORE_VERSION_MAJOR 1
#define ECORE_VERSION_MINOR 0
- typedef struct _Ecore_Version
- {
- int major;
- int minor;
- int micro;
- int revision;
- } Ecore_Version;
-
- EAPI extern Ecore_Version *ecore_version;
+ typedef struct _Ecore_Version {
+ int major;
+ int minor;
+ int micro;
+ int revision;
+ } Ecore_Version;
+
+ EAPI extern Ecore_Version *ecore_version;
#define ECORE_CALLBACK_CANCEL EINA_FALSE /**< Return value to remove a callback */
-#define ECORE_CALLBACK_RENEW EINA_TRUE /**< Return value to keep a callback */
+#define ECORE_CALLBACK_RENEW EINA_TRUE /**< Return value to keep a callback */
#define ECORE_CALLBACK_PASS_ON EINA_TRUE /**< Return value to pass event to next handler */
#define ECORE_CALLBACK_DONE EINA_FALSE /**< Return value to stop event handling */
@@ -96,384 +95,525 @@ extern "C" {
#define ECORE_EVENT_COUNT 6
#define ECORE_EXE_PRIORITY_INHERIT 9999
-
- EAPI extern int ECORE_EXE_EVENT_ADD; /**< A child process has been added */
- EAPI extern int ECORE_EXE_EVENT_DEL; /**< A child process has been deleted (it exited, naming consistent with the rest of ecore). */
- EAPI extern int ECORE_EXE_EVENT_DATA; /**< Data from a child process. */
- EAPI extern int ECORE_EXE_EVENT_ERROR; /**< Errors from a child process. */
-
- enum _Ecore_Fd_Handler_Flags
- {
- ECORE_FD_READ = 1, /**< Fd Read mask */
- ECORE_FD_WRITE = 2, /**< Fd Write mask */
- ECORE_FD_ERROR = 4 /**< Fd Error mask */
- };
- typedef enum _Ecore_Fd_Handler_Flags Ecore_Fd_Handler_Flags;
-
- enum _Ecore_Exe_Flags /* flags for executing a child with its stdin and/or stdout piped back */
- {
- ECORE_EXE_PIPE_READ = 1, /**< Exe Pipe Read mask */
- ECORE_EXE_PIPE_WRITE = 2, /**< Exe Pipe Write mask */
- ECORE_EXE_PIPE_ERROR = 4, /**< Exe Pipe error mask */
- ECORE_EXE_PIPE_READ_LINE_BUFFERED = 8, /**< Reads are buffered until a newline and delivered 1 event per line */
- ECORE_EXE_PIPE_ERROR_LINE_BUFFERED = 16, /**< Errors are buffered until a newline and delivered 1 event per line */
- ECORE_EXE_PIPE_AUTO = 32, /**< stdout and stderr are buffered automatically */
- ECORE_EXE_RESPAWN = 64, /**< FIXME: Exe is restarted if it dies */
- ECORE_EXE_USE_SH = 128, /**< Use /bin/sh to run the command. */
- ECORE_EXE_NOT_LEADER = 256 /**< Do not use setsid() to have the executed process be its own session leader */
- };
- typedef enum _Ecore_Exe_Flags Ecore_Exe_Flags;
-
- enum _Ecore_Exe_Win32_Priority
- {
- ECORE_EXE_WIN32_PRIORITY_IDLE, /**< Idle priority, for monitoring the system */
- ECORE_EXE_WIN32_PRIORITY_BELOW_NORMAL, /**< Below default priority */
- ECORE_EXE_WIN32_PRIORITY_NORMAL, /**< Default priority */
- ECORE_EXE_WIN32_PRIORITY_ABOVE_NORMAL, /**< Above default priority */
- ECORE_EXE_WIN32_PRIORITY_HIGH, /**< High priority, use with care as other threads in the system will not get processor time */
- ECORE_EXE_WIN32_PRIORITY_REALTIME /**< Realtime priority, should be almost never used as it can interrupt system threads that manage mouse input, keyboard input, and background disk flushing */
- };
- typedef enum _Ecore_Exe_Win32_Priority Ecore_Exe_Win32_Priority;
-
- enum _Ecore_Poller_Type /* Poller types */
- {
- ECORE_POLLER_CORE = 0 /**< The core poller interval */
- };
- typedef enum _Ecore_Poller_Type Ecore_Poller_Type;
-
- typedef struct _Ecore_Exe Ecore_Exe; /**< A handle for spawned processes */
- typedef struct _Ecore_Timer Ecore_Timer; /**< A handle for timers */
- typedef struct _Ecore_Idler Ecore_Idler; /**< A handle for idlers */
- typedef struct _Ecore_Idle_Enterer Ecore_Idle_Enterer; /**< A handle for idle enterers */
- typedef struct _Ecore_Idle_Exiter Ecore_Idle_Exiter; /**< A handle for idle exiters */
- typedef struct _Ecore_Fd_Handler Ecore_Fd_Handler; /**< A handle for Fd handlers */
- typedef struct _Ecore_Win32_Handler Ecore_Win32_Handler; /**< A handle for HANDLE handlers on Windows */
- typedef struct _Ecore_Event_Handler Ecore_Event_Handler; /**< A handle for an event handler */
- typedef struct _Ecore_Event_Filter Ecore_Event_Filter; /**< A handle for an event filter */
- typedef struct _Ecore_Event Ecore_Event; /**< A handle for an event */
- typedef struct _Ecore_Animator Ecore_Animator; /**< A handle for animators */
- typedef struct _Ecore_Pipe Ecore_Pipe; /**< A handle for pipes */
- typedef struct _Ecore_Poller Ecore_Poller; /**< A handle for pollers */
- typedef struct _Ecore_Event_Signal_User Ecore_Event_Signal_User; /**< User signal event */
- typedef struct _Ecore_Event_Signal_Hup Ecore_Event_Signal_Hup; /**< Hup signal event */
- typedef struct _Ecore_Event_Signal_Exit Ecore_Event_Signal_Exit; /**< Exit signal event */
- typedef struct _Ecore_Event_Signal_Power Ecore_Event_Signal_Power; /**< Power signal event */
- typedef struct _Ecore_Event_Signal_Realtime Ecore_Event_Signal_Realtime; /**< Realtime signal event */
- typedef struct _Ecore_Exe_Event_Add Ecore_Exe_Event_Add; /**< Spawned Exe add event */
- typedef struct _Ecore_Exe_Event_Del Ecore_Exe_Event_Del; /**< Spawned Exe exit event */
- typedef struct _Ecore_Exe_Event_Data_Line Ecore_Exe_Event_Data_Line; /**< Lines from a child process */
- typedef struct _Ecore_Exe_Event_Data Ecore_Exe_Event_Data; /**< Data from a child process */
- typedef struct _Ecore_Thread Ecore_Thread;
+
+ EAPI extern int ECORE_EXE_EVENT_ADD;
+ /**< A child process has been added */
+ EAPI extern int ECORE_EXE_EVENT_DEL;
+ /**< A child process has been deleted (it exited, naming consistent with the rest of ecore). */
+ EAPI extern int ECORE_EXE_EVENT_DATA;
+ /**< Data from a child process. */
+ EAPI extern int ECORE_EXE_EVENT_ERROR;
+ /**< Errors from a child process. */
+
+ enum _Ecore_Fd_Handler_Flags {
+ ECORE_FD_READ = 1,
+ /**< Fd Read mask */
+ ECORE_FD_WRITE = 2,
+ /**< Fd Write mask */
+ ECORE_FD_ERROR = 4
+ /**< Fd Error mask */
+ };
+ typedef enum _Ecore_Fd_Handler_Flags Ecore_Fd_Handler_Flags;
+
+ enum _Ecore_Exe_Flags { /* flags for executing a child with its stdin and/or stdout piped back */
+ ECORE_EXE_PIPE_READ = 1,
+ /**< Exe Pipe Read mask */
+ ECORE_EXE_PIPE_WRITE = 2,
+ /**< Exe Pipe Write mask */
+ ECORE_EXE_PIPE_ERROR = 4,
+ /**< Exe Pipe error mask */
+ ECORE_EXE_PIPE_READ_LINE_BUFFERED = 8,
+ /**< Reads are buffered until a newline and delivered 1 event per line */
+ ECORE_EXE_PIPE_ERROR_LINE_BUFFERED = 16,
+ /**< Errors are buffered until a newline and delivered 1 event per line */
+ ECORE_EXE_PIPE_AUTO = 32,
+ /**< stdout and stderr are buffered automatically */
+ ECORE_EXE_RESPAWN = 64,
+ /**< FIXME: Exe is restarted if it dies */
+ ECORE_EXE_USE_SH = 128,
+ /**< Use /bin/sh to run the command. */
+ ECORE_EXE_NOT_LEADER = 256
+ /**< Do not use setsid() to have the executed process be its own session leader */
+ };
+ typedef enum _Ecore_Exe_Flags Ecore_Exe_Flags;
+
+ enum _Ecore_Exe_Win32_Priority {
+ ECORE_EXE_WIN32_PRIORITY_IDLE,
+ /**< Idle priority, for monitoring the system */
+ ECORE_EXE_WIN32_PRIORITY_BELOW_NORMAL,
+ /**< Below default priority */
+ ECORE_EXE_WIN32_PRIORITY_NORMAL,
+ /**< Default priority */
+ ECORE_EXE_WIN32_PRIORITY_ABOVE_NORMAL,
+ /**< Above default priority */
+ ECORE_EXE_WIN32_PRIORITY_HIGH,
+ /**< High priority, use with care as other threads in the system will not get processor time */
+ ECORE_EXE_WIN32_PRIORITY_REALTIME
+ /**< Realtime priority, should be almost never used as it can interrupt system threads that manage mouse input, keyboard input, and background disk flushing */
+ };
+ typedef enum _Ecore_Exe_Win32_Priority Ecore_Exe_Win32_Priority;
+
+ enum _Ecore_Poller_Type { /* Poller types */
+ ECORE_POLLER_CORE = 0
+ /**< The core poller interval */
+ };
+ typedef enum _Ecore_Poller_Type Ecore_Poller_Type;
+
+ typedef struct _Ecore_Exe Ecore_Exe; /**< A handle for spawned processes */
+ typedef struct _Ecore_Timer Ecore_Timer; /**< A handle for timers */
+ typedef struct _Ecore_Idler Ecore_Idler; /**< A handle for idlers */
+ typedef struct _Ecore_Idle_Enterer Ecore_Idle_Enterer; /**< A handle for idle enterers */
+ typedef struct _Ecore_Idle_Exiter Ecore_Idle_Exiter; /**< A handle for idle exiters */
+ typedef struct _Ecore_Fd_Handler Ecore_Fd_Handler; /**< A handle for Fd handlers */
+ typedef struct _Ecore_Win32_Handler Ecore_Win32_Handler; /**< A handle for HANDLE handlers on Windows */
+ typedef struct _Ecore_Event_Handler Ecore_Event_Handler; /**< A handle for an event handler */
+ typedef struct _Ecore_Event_Filter Ecore_Event_Filter; /**< A handle for an event filter */
+ typedef struct _Ecore_Event Ecore_Event; /**< A handle for an event */
+ typedef struct _Ecore_Animator Ecore_Animator; /**< A handle for animators */
+ typedef struct _Ecore_Pipe Ecore_Pipe; /**< A handle for pipes */
+ typedef struct _Ecore_Poller Ecore_Poller; /**< A handle for pollers */
+ typedef struct _Ecore_Event_Signal_User Ecore_Event_Signal_User;/**< User signal event */
+ typedef struct _Ecore_Event_Signal_Hup Ecore_Event_Signal_Hup; /**< Hup signal event */
+ typedef struct _Ecore_Event_Signal_Exit Ecore_Event_Signal_Exit;/**< Exit signal event */
+ typedef struct _Ecore_Event_Signal_Power Ecore_Event_Signal_Power;
+ /**< Power signal event */
+ typedef struct _Ecore_Event_Signal_Realtime Ecore_Event_Signal_Realtime;
+ /**< Realtime signal event */
+ typedef struct _Ecore_Exe_Event_Add Ecore_Exe_Event_Add; /**< Spawned Exe add event */
+ typedef struct _Ecore_Exe_Event_Del Ecore_Exe_Event_Del; /**< Spawned Exe exit event */
+ typedef struct _Ecore_Exe_Event_Data_Line Ecore_Exe_Event_Data_Line;
+ /**< Lines from a child process */
+ typedef struct _Ecore_Exe_Event_Data Ecore_Exe_Event_Data; /**< Data from a child process */
+ typedef struct _Ecore_Thread Ecore_Thread;
/**
* @typedef Ecore_Data_Cb Ecore_Data_Cb
* A callback which is used to return data to the main function
*/
- typedef void *(*Ecore_Data_Cb) (void *data);
+ typedef void *(*Ecore_Data_Cb) (void *data);
/**
* @typedef Ecore_Filter_Cb
* A callback used for filtering events from the main loop.
*/
- typedef Eina_Bool (*Ecore_Filter_Cb) (void *data, void *loop_data, int type, void *event);
+ typedef Eina_Bool(*Ecore_Filter_Cb) (void *data, void *loop_data,
+ int type, void *event);
/**
* @typedef Ecore_Eselect_Function Ecore_Eselect_Function
* A function which can be used to replace select() in the main loop
*/
- typedef int (*Ecore_Select_Function)(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, struct timeval *timeout);
+ typedef int (*Ecore_Select_Function) (int nfds, fd_set * readfds,
+ fd_set * writefds,
+ fd_set * exceptfds,
+ struct timeval * timeout);
/**
* @typedef Ecore_End_Cb Ecore_End_Cb
* This is the callback which is called at the end of a function, usually for cleanup purposes.
*/
- typedef void (*Ecore_End_Cb) (void *user_data, void *func_data);
+ typedef void (*Ecore_End_Cb) (void *user_data, void *func_data);
/**
* @typedef Ecore_Pipe_Cb Ecore_Pipe_Cb
* The callback that data written to the pipe is sent to.
*/
- typedef void (*Ecore_Pipe_Cb) (void *data, void *buffer, unsigned int nbyte);
+ typedef void (*Ecore_Pipe_Cb) (void *data, void *buffer,
+ unsigned int nbyte);
/**
* @typedef Ecore_Exe_Cb Ecore_Exe_Cb
* A callback to run with the associated @ref Ecore_Exe, usually for cleanup purposes.
*/
- typedef void (*Ecore_Exe_Cb)(void *data, const Ecore_Exe *exe);
+ typedef void (*Ecore_Exe_Cb) (void *data, const Ecore_Exe * exe);
/**
* @typedef Ecore_Event_Handler_Cb Ecore_Event_Handler_Cb
* A callback used by the main loop to handle events of a specified type.
*/
- typedef Eina_Bool (*Ecore_Event_Handler_Cb) (void *data, int type, void *event);
+ typedef Eina_Bool(*Ecore_Event_Handler_Cb) (void *data, int type,
+ void *event);
/**
* @typedef Ecore_Thread_Heavy_Cb Ecore_Thread_Heavy_Cb
* A callback used to run cpu intensive or blocking I/O operations.
*/
- typedef void (*Ecore_Thread_Heavy_Cb) (Ecore_Thread *thread, void *data);
+ typedef void (*Ecore_Thread_Heavy_Cb) (Ecore_Thread * thread,
+ void *data);
/**
* @typedef Ecore_Thread_Notify_Cb Ecore_Thread_Notify_Cb
* A callback used by the main loop to receive data sent by an @ref Ecore_Thread.
*/
- typedef void (*Ecore_Thread_Notify_Cb) (Ecore_Thread *thread, void *msg_data, void *data);
+ typedef void (*Ecore_Thread_Notify_Cb) (Ecore_Thread * thread,
+ void *msg_data,
+ void *data);
/**
* @typedef Ecore_Task_Cb Ecore_Task_Cb
* A callback run for a task (timer, idler, poller, animater, etc)
*/
- typedef Eina_Bool (*Ecore_Task_Cb) (void *data);
+ typedef Eina_Bool(*Ecore_Task_Cb) (void *data);
/**
* @typedef Ecore_Cb Ecore_Cb
* A generic callback called as a hook when a certain point in execution is reached.
*/
- typedef void (*Ecore_Cb) (void *data);
+ typedef void (*Ecore_Cb) (void *data);
/**
* @typedef Ecore_Fd_Cb Ecore_Fd_Cb
* A callback used by an @ref Ecore_Fd_Handler.
*/
- typedef Eina_Bool (*Ecore_Fd_Cb) (void *data, Ecore_Fd_Handler *fd_handler);
+ typedef Eina_Bool(*Ecore_Fd_Cb) (void *data,
+ Ecore_Fd_Handler * fd_handler);
/**
* @typedef Ecore_Fd_Prep_Cb Ecore_Fd_Prep_Cb
* A callback used by an @ref Ecore_Fd_Handler.
*/
- typedef void (*Ecore_Fd_Prep_Cb) (void *data, Ecore_Fd_Handler *fd_handler);
+ typedef void (*Ecore_Fd_Prep_Cb) (void *data,
+ Ecore_Fd_Handler * fd_handler);
/**
* @typedef Ecore_Fd_Win32_Cb Ecore_Fd_Win32_Cb
* A callback used by an @ref Ecore_Win32_Handler.
*/
- typedef Eina_Bool (*Ecore_Fd_Win32_Cb) (void *data, Ecore_Win32_Handler *wh);
+ typedef Eina_Bool(*Ecore_Fd_Win32_Cb) (void *data,
+ Ecore_Win32_Handler * wh);
- typedef struct _Ecore_Job Ecore_Job; /**< A job handle */
+ typedef struct _Ecore_Job Ecore_Job;
+ /**< A job handle */
- struct _Ecore_Event_Signal_User /** User signal event */
- {
- int number; /**< The signal number. Either 1 or 2 */
- void *ext_data; /**< Extension data - not used */
+ struct _Ecore_Event_Signal_User {
+/** User signal event */
+ int number;
+ /**< The signal number. Either 1 or 2 */
+ void *ext_data;
+ /**< Extension data - not used */
#ifndef _WIN32
- siginfo_t data; /**< Signal info */
+ siginfo_t data;
+ /**< Signal info */
#endif
- };
+ };
- struct _Ecore_Event_Signal_Hup /** Hup signal event */
- {
- void *ext_data; /**< Extension data - not used */
+ struct _Ecore_Event_Signal_Hup {
+/** Hup signal event */
+ void *ext_data;
+ /**< Extension data - not used */
#ifndef _WIN32
- siginfo_t data; /**< Signal info */
+ siginfo_t data;
+ /**< Signal info */
#endif
- };
+ };
- struct _Ecore_Event_Signal_Exit /** Exit request event */
- {
- unsigned int interrupt : 1; /**< Set if the exit request was an interrupt signal*/
- unsigned int quit : 1; /**< set if the exit request was a quit signal */
- unsigned int terminate : 1; /**< Set if the exit request was a terminate singal */
- void *ext_data; /**< Extension data - not used */
+ struct _Ecore_Event_Signal_Exit {
+/** Exit request event */
+ unsigned int interrupt:1;
+ /**< Set if the exit request was an interrupt signal*/
+ unsigned int quit:1; /**< set if the exit request was a quit signal */
+ unsigned int terminate:1;
+ /**< Set if the exit request was a terminate singal */
+ void *ext_data; /**< Extension data - not used */
#ifndef _WIN32
- siginfo_t data; /**< Signal info */
+ siginfo_t data;
+ /**< Signal info */
#endif
- };
+ };
- struct _Ecore_Event_Signal_Power /** Power event */
- {
- void *ext_data; /**< Extension data - not used */
+ struct _Ecore_Event_Signal_Power {
+/** Power event */
+ void *ext_data;
+ /**< Extension data - not used */
#ifndef _WIN32
- siginfo_t data; /**< Signal info */
+ siginfo_t data;
+ /**< Signal info */
#endif
- };
+ };
- struct _Ecore_Event_Signal_Realtime /** Realtime event */
- {
- int num; /**< The realtime signal's number */
+ struct _Ecore_Event_Signal_Realtime {
+/** Realtime event */
+ int num;
+ /**< The realtime signal's number */
#ifndef _WIN32
- siginfo_t data; /**< Signal info */
+ siginfo_t data;
+ /**< Signal info */
#endif
- };
-
- struct _Ecore_Exe_Event_Add /** Process add event */
- {
- Ecore_Exe *exe; /**< The handle to the added process */
- void *ext_data; /**< Extension data - not used */
- };
-
- struct _Ecore_Exe_Event_Del /** Process exit event */
- {
- pid_t pid; /**< The process ID of the process that exited */
- int exit_code; /**< The exit code of the process */
- Ecore_Exe *exe; /**< The handle to the exited process, or NULL if not found */
- int exit_signal; /** < The signal that caused the process to exit */
- unsigned int exited : 1; /** < set to 1 if the process exited of its own accord */
- unsigned int signalled : 1; /** < set to 1 id the process exited due to uncaught signal */
- void *ext_data; /**< Extension data - not used */
+ };
+
+ struct _Ecore_Exe_Event_Add {
+/** Process add event */
+ Ecore_Exe *exe;
+ /**< The handle to the added process */
+ void *ext_data;
+ /**< Extension data - not used */
+ };
+
+ struct _Ecore_Exe_Event_Del {
+/** Process exit event */
+ pid_t pid; /**< The process ID of the process that exited */
+ int exit_code; /**< The exit code of the process */
+ Ecore_Exe *exe;
+ /**< The handle to the exited process, or NULL if not found */
+ int exit_signal; /** < The signal that caused the process to exit */
+ unsigned int exited:1;
+ /** < set to 1 if the process exited of its own accord */
+ unsigned int signalled:1;
+ /** < set to 1 id the process exited due to uncaught signal */
+ void *ext_data; /**< Extension data - not used */
#ifndef _WIN32
- siginfo_t data; /**< Signal info */
+ siginfo_t data;
+ /**< Signal info */
#endif
- };
-
- struct _Ecore_Exe_Event_Data_Line /**< Lines from a child process */
- {
- char *line;
- int size;
- };
-
- struct _Ecore_Exe_Event_Data /** Data from a child process event */
- {
- Ecore_Exe *exe; /**< The handle to the process */
- void *data; /**< the raw binary data from the child process that was received */
- int size; /**< the size of this data in bytes */
- Ecore_Exe_Event_Data_Line *lines; /**< an array of line data if line buffered, the last one has it's line member set to NULL */
- };
-
- EAPI int ecore_init(void);
- EAPI int ecore_shutdown(void);
-
- EAPI void ecore_app_args_set(int argc, const char **argv);
- EAPI void ecore_app_args_get(int *argc, char ***argv);
- EAPI void ecore_app_restart(void);
-
- EAPI Ecore_Event_Handler *ecore_event_handler_add(int type, Ecore_Event_Handler_Cb func, const void *data);
- EAPI void *ecore_event_handler_del(Ecore_Event_Handler *event_handler);
- EAPI Ecore_Event *ecore_event_add(int type, void *ev, Ecore_End_Cb func_free, void *data);
- EAPI void *ecore_event_del(Ecore_Event *event);
- EAPI int ecore_event_type_new(void);
- EAPI Ecore_Event_Filter *ecore_event_filter_add(Ecore_Data_Cb func_start, Ecore_Filter_Cb func_filter, Ecore_End_Cb func_end, const void *data);
- EAPI void *ecore_event_filter_del(Ecore_Event_Filter *ef);
- EAPI int ecore_event_current_type_get(void);
- EAPI void *ecore_event_current_event_get(void);
-
-
- EAPI void ecore_exe_run_priority_set(int pri);
- EAPI int ecore_exe_run_priority_get(void);
- EAPI Ecore_Exe *ecore_exe_run(const char *exe_cmd, const void *data);
- EAPI Ecore_Exe *ecore_exe_pipe_run(const char *exe_cmd, Ecore_Exe_Flags flags, const void *data);
- EAPI void ecore_exe_callback_pre_free_set(Ecore_Exe *exe, Ecore_Exe_Cb func);
- EAPI Eina_Bool ecore_exe_send(Ecore_Exe *exe, const void *data, int size);
- EAPI void ecore_exe_close_stdin(Ecore_Exe *exe);
- EAPI void ecore_exe_auto_limits_set(Ecore_Exe *exe, int start_bytes, int end_bytes, int start_lines, int end_lines);
- EAPI Ecore_Exe_Event_Data *ecore_exe_event_data_get(Ecore_Exe *exe, Ecore_Exe_Flags flags);
- EAPI void ecore_exe_event_data_free(Ecore_Exe_Event_Data *data);
- EAPI void *ecore_exe_free(Ecore_Exe *exe);
- EAPI pid_t ecore_exe_pid_get(const Ecore_Exe *exe);
- EAPI void ecore_exe_tag_set(Ecore_Exe *exe, const char *tag);
- EAPI const char *ecore_exe_tag_get(const Ecore_Exe *exe);
- EAPI const char *ecore_exe_cmd_get(const Ecore_Exe *exe);
- EAPI void *ecore_exe_data_get(const Ecore_Exe *exe);
- EAPI Ecore_Exe_Flags ecore_exe_flags_get(const Ecore_Exe *exe);
- EAPI void ecore_exe_pause(Ecore_Exe *exe);
- EAPI void ecore_exe_continue(Ecore_Exe *exe);
- EAPI void ecore_exe_interrupt(Ecore_Exe *exe);
- EAPI void ecore_exe_quit(Ecore_Exe *exe);
- EAPI void ecore_exe_terminate(Ecore_Exe *exe);
- EAPI void ecore_exe_kill(Ecore_Exe *exe);
- EAPI void ecore_exe_signal(Ecore_Exe *exe, int num);
- EAPI void ecore_exe_hup(Ecore_Exe *exe);
-
- EAPI Ecore_Idler *ecore_idler_add(Ecore_Task_Cb func, const void *data);
- EAPI void *ecore_idler_del(Ecore_Idler *idler);
-
- EAPI Ecore_Idle_Enterer *ecore_idle_enterer_add(Ecore_Task_Cb func, const void *data);
- EAPI Ecore_Idle_Enterer *ecore_idle_enterer_before_add(Ecore_Task_Cb func, const void *data);
- EAPI void *ecore_idle_enterer_del(Ecore_Idle_Enterer *idle_enterer);
-
- EAPI Ecore_Idle_Exiter *ecore_idle_exiter_add(Ecore_Task_Cb func, const void *data);
- EAPI void *ecore_idle_exiter_del(Ecore_Idle_Exiter *idle_exiter);
-
- EAPI void ecore_main_loop_iterate(void);
-
- EAPI void ecore_main_loop_select_func_set(Ecore_Select_Function func);
- EAPI void *ecore_main_loop_select_func_get(void);
-
- EAPI Eina_Bool ecore_main_loop_glib_integrate(void);
- EAPI void ecore_main_loop_glib_always_integrate_disable(void);
-
- EAPI void ecore_main_loop_begin(void);
- EAPI void ecore_main_loop_quit(void);
- EAPI Ecore_Fd_Handler *ecore_main_fd_handler_add(int fd, Ecore_Fd_Handler_Flags flags, Ecore_Fd_Cb func, const void *data,
- Ecore_Fd_Cb buf_func, const void *buf_data);
- EAPI void ecore_main_fd_handler_prepare_callback_set(Ecore_Fd_Handler *fd_handler, Ecore_Fd_Prep_Cb func, const void *data);
- EAPI void *ecore_main_fd_handler_del(Ecore_Fd_Handler *fd_handler);
- EAPI int ecore_main_fd_handler_fd_get(Ecore_Fd_Handler *fd_handler);
- EAPI Eina_Bool ecore_main_fd_handler_active_get(Ecore_Fd_Handler *fd_handler, Ecore_Fd_Handler_Flags flags);
- EAPI void ecore_main_fd_handler_active_set(Ecore_Fd_Handler *fd_handler, Ecore_Fd_Handler_Flags flags);
-
- EAPI Ecore_Win32_Handler *ecore_main_win32_handler_add(void *h, Ecore_Fd_Win32_Cb func, const void *data);
- EAPI void *ecore_main_win32_handler_del(Ecore_Win32_Handler *win32_handler);
-
- EAPI Ecore_Pipe *ecore_pipe_add(Ecore_Pipe_Cb handler, const void *data);
- EAPI void *ecore_pipe_del(Ecore_Pipe *p);
- EAPI Eina_Bool ecore_pipe_write(Ecore_Pipe *p, const void *buffer, unsigned int nbytes);
- EAPI void ecore_pipe_write_close(Ecore_Pipe *p);
- EAPI void ecore_pipe_read_close(Ecore_Pipe *p);
-
-
-
- EAPI Ecore_Thread *ecore_thread_run(Ecore_Cb,
- Ecore_Cb,
- Ecore_Cb,
- const void *data);
- EAPI Ecore_Thread *ecore_thread_feedback_run(Ecore_Thread_Heavy_Cb,
- Ecore_Thread_Notify_Cb,
- Ecore_Cb,
- Ecore_Cb,
- const void *data,
- Eina_Bool try_no_queue);
- EAPI Eina_Bool ecore_thread_cancel(Ecore_Thread *thread);
- EAPI Eina_Bool ecore_thread_check(Ecore_Thread *thread);
- EAPI Eina_Bool ecore_thread_feedback(Ecore_Thread *thread, const void *msg_data);
- EAPI int ecore_thread_active_get(void);
- EAPI int ecore_thread_pending_get(void);
- EAPI int ecore_thread_pending_feedback_get(void);
- EAPI int ecore_thread_pending_total_get(void);
- EAPI int ecore_thread_max_get(void);
- EAPI void ecore_thread_max_set(int num);
- EAPI void ecore_thread_max_reset(void);
- EAPI int ecore_thread_available_get(void);
-
- EAPI Eina_Bool ecore_thread_local_data_add(Ecore_Thread *thread, const char *key, void *value, Eina_Free_Cb cb, Eina_Bool direct);
- EAPI void *ecore_thread_local_data_set(Ecore_Thread *thread, const char *key, void *value, Eina_Free_Cb cb);
- EAPI void *ecore_thread_local_data_find(Ecore_Thread *thread, const char *key);
- EAPI Eina_Bool ecore_thread_local_data_del(Ecore_Thread *thread, const char *key);
-
- EAPI Eina_Bool ecore_thread_global_data_add(const char *key, void *value, Eina_Free_Cb cb, Eina_Bool direct);
- EAPI void *ecore_thread_global_data_set(const char *key, void *value, Eina_Free_Cb cb);
- EAPI void *ecore_thread_global_data_find(const char *key);
- EAPI Eina_Bool ecore_thread_global_data_del(const char *key);
- EAPI void *ecore_thread_global_data_wait(const char *key, double seconds);
-
-
-
-
- EAPI double ecore_time_get(void);
- EAPI double ecore_time_unix_get(void);
- EAPI double ecore_loop_time_get(void);
-
- EAPI Ecore_Timer *ecore_timer_add(double in, Ecore_Task_Cb func, const void *data);
- EAPI Ecore_Timer *ecore_timer_loop_add(double in, Ecore_Task_Cb func, const void *data);
- EAPI void *ecore_timer_del(Ecore_Timer *timer);
- EAPI void ecore_timer_interval_set(Ecore_Timer *timer, double in);
- EAPI double ecore_timer_interval_get(Ecore_Timer *timer);
- EAPI void ecore_timer_freeze(Ecore_Timer *timer);
- EAPI void ecore_timer_thaw(Ecore_Timer *timer);
- EAPI void ecore_timer_delay(Ecore_Timer *timer, double add);
- EAPI double ecore_timer_pending_get(Ecore_Timer *timer);
-
- EAPI double ecore_timer_precision_get(void);
- EAPI void ecore_timer_precision_set(double precision);
-
- EAPI Ecore_Animator *ecore_animator_add(Ecore_Task_Cb func, const void *data);
- EAPI void *ecore_animator_del(Ecore_Animator *animator);
- EAPI void ecore_animator_freeze(Ecore_Animator *animator);
- EAPI void ecore_animator_thaw(Ecore_Animator *animator);
- EAPI void ecore_animator_frametime_set(double frametime);
- EAPI double ecore_animator_frametime_get(void);
-
- EAPI void ecore_poller_poll_interval_set(Ecore_Poller_Type type, double poll_time);
- EAPI double ecore_poller_poll_interval_get(Ecore_Poller_Type type);
- EAPI Eina_Bool ecore_poller_poller_interval_set(Ecore_Poller *poller, int interval);
- EAPI int ecore_poller_poller_interval_get(Ecore_Poller *poller);
- EAPI Ecore_Poller *ecore_poller_add(Ecore_Poller_Type type, int interval, Ecore_Task_Cb func, const void *data);
- EAPI void *ecore_poller_del(Ecore_Poller *poller);
-
- EAPI Ecore_Job *ecore_job_add(Ecore_Cb func, const void *data);
- EAPI void *ecore_job_del(Ecore_Job *job);
+ };
+
+ struct _Ecore_Exe_Event_Data_Line {
+/**< Lines from a child process */
+ char *line;
+ int size;
+ };
+
+ struct _Ecore_Exe_Event_Data {
+/** Data from a child process event */
+ Ecore_Exe *exe;
+ /**< The handle to the process */
+ void *data;
+ /**< the raw binary data from the child process that was received */
+ int size;
+ /**< the size of this data in bytes */
+ Ecore_Exe_Event_Data_Line *lines;
+ /**< an array of line data if line buffered, the last one has it's line member set to NULL */
+ };
+
+ EAPI int ecore_init(void);
+ EAPI int ecore_shutdown(void);
+
+ EAPI void ecore_app_args_set(int argc, const char **argv);
+ EAPI void ecore_app_args_get(int *argc, char ***argv);
+ EAPI void ecore_app_restart(void);
+
+ EAPI Ecore_Event_Handler *ecore_event_handler_add(int type,
+ Ecore_Event_Handler_Cb
+ func,
+ const void
+ *data);
+ EAPI void *ecore_event_handler_del(Ecore_Event_Handler *
+ event_handler);
+ EAPI Ecore_Event *ecore_event_add(int type, void *ev,
+ Ecore_End_Cb func_free,
+ void *data);
+ EAPI void *ecore_event_del(Ecore_Event * event);
+ EAPI int ecore_event_type_new(void);
+ EAPI Ecore_Event_Filter *ecore_event_filter_add(Ecore_Data_Cb
+ func_start,
+ Ecore_Filter_Cb
+ func_filter,
+ Ecore_End_Cb
+ func_end,
+ const void *data);
+ EAPI void *ecore_event_filter_del(Ecore_Event_Filter * ef);
+ EAPI int ecore_event_current_type_get(void);
+ EAPI void *ecore_event_current_event_get(void);
+
+
+ EAPI void ecore_exe_run_priority_set(int pri);
+ EAPI int ecore_exe_run_priority_get(void);
+ EAPI Ecore_Exe *ecore_exe_run(const char *exe_cmd,
+ const void *data);
+ EAPI Ecore_Exe *ecore_exe_pipe_run(const char *exe_cmd,
+ Ecore_Exe_Flags flags,
+ const void *data);
+ EAPI void ecore_exe_callback_pre_free_set(Ecore_Exe * exe,
+ Ecore_Exe_Cb func);
+ EAPI Eina_Bool ecore_exe_send(Ecore_Exe * exe, const void *data,
+ int size);
+ EAPI void ecore_exe_close_stdin(Ecore_Exe * exe);
+ EAPI void ecore_exe_auto_limits_set(Ecore_Exe * exe,
+ int start_bytes, int end_bytes,
+ int start_lines,
+ int end_lines);
+ EAPI Ecore_Exe_Event_Data *ecore_exe_event_data_get(Ecore_Exe *
+ exe,
+ Ecore_Exe_Flags
+ flags);
+ EAPI void ecore_exe_event_data_free(Ecore_Exe_Event_Data * data);
+ EAPI void *ecore_exe_free(Ecore_Exe * exe);
+ EAPI pid_t ecore_exe_pid_get(const Ecore_Exe * exe);
+ EAPI void ecore_exe_tag_set(Ecore_Exe * exe, const char *tag);
+ EAPI const char *ecore_exe_tag_get(const Ecore_Exe * exe);
+ EAPI const char *ecore_exe_cmd_get(const Ecore_Exe * exe);
+ EAPI void *ecore_exe_data_get(const Ecore_Exe * exe);
+ EAPI Ecore_Exe_Flags ecore_exe_flags_get(const Ecore_Exe * exe);
+ EAPI void ecore_exe_pause(Ecore_Exe * exe);
+ EAPI void ecore_exe_continue(Ecore_Exe * exe);
+ EAPI void ecore_exe_interrupt(Ecore_Exe * exe);
+ EAPI void ecore_exe_quit(Ecore_Exe * exe);
+ EAPI void ecore_exe_terminate(Ecore_Exe * exe);
+ EAPI void ecore_exe_kill(Ecore_Exe * exe);
+ EAPI void ecore_exe_signal(Ecore_Exe * exe, int num);
+ EAPI void ecore_exe_hup(Ecore_Exe * exe);
+
+ EAPI Ecore_Idler *ecore_idler_add(Ecore_Task_Cb func,
+ const void *data);
+ EAPI void *ecore_idler_del(Ecore_Idler * idler);
+
+ EAPI Ecore_Idle_Enterer *ecore_idle_enterer_add(Ecore_Task_Cb func,
+ const void *data);
+ EAPI Ecore_Idle_Enterer
+ *ecore_idle_enterer_before_add(Ecore_Task_Cb func,
+ const void *data);
+ EAPI void *ecore_idle_enterer_del(Ecore_Idle_Enterer *
+ idle_enterer);
+
+ EAPI Ecore_Idle_Exiter *ecore_idle_exiter_add(Ecore_Task_Cb func,
+ const void *data);
+ EAPI void *ecore_idle_exiter_del(Ecore_Idle_Exiter * idle_exiter);
+
+ EAPI void ecore_main_loop_iterate(void);
+
+ EAPI void ecore_main_loop_select_func_set(Ecore_Select_Function
+ func);
+ EAPI void *ecore_main_loop_select_func_get(void);
+
+ EAPI Eina_Bool ecore_main_loop_glib_integrate(void);
+ EAPI void ecore_main_loop_glib_always_integrate_disable(void);
+
+ EAPI void ecore_main_loop_begin(void);
+ EAPI void ecore_main_loop_quit(void);
+ EAPI Ecore_Fd_Handler *ecore_main_fd_handler_add(int fd,
+ Ecore_Fd_Handler_Flags
+ flags,
+ Ecore_Fd_Cb func,
+ const void *data,
+ Ecore_Fd_Cb
+ buf_func,
+ const void
+ *buf_data);
+ EAPI void
+ ecore_main_fd_handler_prepare_callback_set(Ecore_Fd_Handler *
+ fd_handler,
+ Ecore_Fd_Prep_Cb
+ func,
+ const void *data);
+ EAPI void *ecore_main_fd_handler_del(Ecore_Fd_Handler *
+ fd_handler);
+ EAPI int ecore_main_fd_handler_fd_get(Ecore_Fd_Handler *
+ fd_handler);
+ EAPI Eina_Bool ecore_main_fd_handler_active_get(Ecore_Fd_Handler *
+ fd_handler,
+ Ecore_Fd_Handler_Flags
+ flags);
+ EAPI void ecore_main_fd_handler_active_set(Ecore_Fd_Handler *
+ fd_handler,
+ Ecore_Fd_Handler_Flags
+ flags);
+
+ EAPI Ecore_Win32_Handler *ecore_main_win32_handler_add(void *h,
+ Ecore_Fd_Win32_Cb
+ func,
+ const void
+ *data);
+ EAPI void *ecore_main_win32_handler_del(Ecore_Win32_Handler *
+ win32_handler);
+
+ EAPI Ecore_Pipe *ecore_pipe_add(Ecore_Pipe_Cb handler,
+ const void *data);
+ EAPI void *ecore_pipe_del(Ecore_Pipe * p);
+ EAPI Eina_Bool ecore_pipe_write(Ecore_Pipe * p, const void *buffer,
+ unsigned int nbytes);
+ EAPI void ecore_pipe_write_close(Ecore_Pipe * p);
+ EAPI void ecore_pipe_read_close(Ecore_Pipe * p);
+
+
+
+ EAPI Ecore_Thread *ecore_thread_run(Ecore_Cb,
+ Ecore_Cb,
+ Ecore_Cb, const void *data);
+ EAPI Ecore_Thread *ecore_thread_feedback_run(Ecore_Thread_Heavy_Cb,
+ Ecore_Thread_Notify_Cb,
+ Ecore_Cb,
+ Ecore_Cb,
+ const void *data,
+ Eina_Bool
+ try_no_queue);
+ EAPI Eina_Bool ecore_thread_cancel(Ecore_Thread * thread);
+ EAPI Eina_Bool ecore_thread_check(Ecore_Thread * thread);
+ EAPI Eina_Bool ecore_thread_feedback(Ecore_Thread * thread,
+ const void *msg_data);
+ EAPI int ecore_thread_active_get(void);
+ EAPI int ecore_thread_pending_get(void);
+ EAPI int ecore_thread_pending_feedback_get(void);
+ EAPI int ecore_thread_pending_total_get(void);
+ EAPI int ecore_thread_max_get(void);
+ EAPI void ecore_thread_max_set(int num);
+ EAPI void ecore_thread_max_reset(void);
+ EAPI int ecore_thread_available_get(void);
+
+ EAPI Eina_Bool ecore_thread_local_data_add(Ecore_Thread * thread,
+ const char *key,
+ void *value,
+ Eina_Free_Cb cb,
+ Eina_Bool direct);
+ EAPI void *ecore_thread_local_data_set(Ecore_Thread * thread,
+ const char *key,
+ void *value,
+ Eina_Free_Cb cb);
+ EAPI void *ecore_thread_local_data_find(Ecore_Thread * thread,
+ const char *key);
+ EAPI Eina_Bool ecore_thread_local_data_del(Ecore_Thread * thread,
+ const char *key);
+
+ EAPI Eina_Bool ecore_thread_global_data_add(const char *key,
+ void *value,
+ Eina_Free_Cb cb,
+ Eina_Bool direct);
+ EAPI void *ecore_thread_global_data_set(const char *key,
+ void *value,
+ Eina_Free_Cb cb);
+ EAPI void *ecore_thread_global_data_find(const char *key);
+ EAPI Eina_Bool ecore_thread_global_data_del(const char *key);
+ EAPI void *ecore_thread_global_data_wait(const char *key,
+ double seconds);
+
+
+
+
+ EAPI double ecore_time_get(void);
+ EAPI double ecore_time_unix_get(void);
+ EAPI double ecore_loop_time_get(void);
+
+ EAPI Ecore_Timer *ecore_timer_add(double in, Ecore_Task_Cb func,
+ const void *data);
+ EAPI Ecore_Timer *ecore_timer_loop_add(double in,
+ Ecore_Task_Cb func,
+ const void *data);
+ EAPI void *ecore_timer_del(Ecore_Timer * timer);
+ EAPI void ecore_timer_interval_set(Ecore_Timer * timer, double in);
+ EAPI double ecore_timer_interval_get(Ecore_Timer * timer);
+ EAPI void ecore_timer_freeze(Ecore_Timer * timer);
+ EAPI void ecore_timer_thaw(Ecore_Timer * timer);
+ EAPI void ecore_timer_delay(Ecore_Timer * timer, double add);
+ EAPI double ecore_timer_pending_get(Ecore_Timer * timer);
+
+ EAPI double ecore_timer_precision_get(void);
+ EAPI void ecore_timer_precision_set(double precision);
+
+ EAPI Ecore_Animator *ecore_animator_add(Ecore_Task_Cb func,
+ const void *data);
+ EAPI void *ecore_animator_del(Ecore_Animator * animator);
+ EAPI void ecore_animator_freeze(Ecore_Animator * animator);
+ EAPI void ecore_animator_thaw(Ecore_Animator * animator);
+ EAPI void ecore_animator_frametime_set(double frametime);
+ EAPI double ecore_animator_frametime_get(void);
+
+ EAPI void ecore_poller_poll_interval_set(Ecore_Poller_Type type,
+ double poll_time);
+ EAPI double ecore_poller_poll_interval_get(Ecore_Poller_Type type);
+ EAPI Eina_Bool ecore_poller_poller_interval_set(Ecore_Poller *
+ poller,
+ int interval);
+ EAPI int ecore_poller_poller_interval_get(Ecore_Poller * poller);
+ EAPI Ecore_Poller *ecore_poller_add(Ecore_Poller_Type type,
+ int interval,
+ Ecore_Task_Cb func,
+ const void *data);
+ EAPI void *ecore_poller_del(Ecore_Poller * poller);
+
+ EAPI Ecore_Job *ecore_job_add(Ecore_Cb func, const void *data);
+ EAPI void *ecore_job_del(Ecore_Job * job);
#ifdef __cplusplus
}
diff --git a/tests/suite/ecore/src/lib/Ecore_Getopt.h b/tests/suite/ecore/src/lib/Ecore_Getopt.h
index 18a8459bfc..d3dc5688a3 100644
--- a/tests/suite/ecore/src/lib/Ecore_Getopt.h
+++ b/tests/suite/ecore/src/lib/Ecore_Getopt.h
@@ -5,30 +5,30 @@
#include <Eina.h>
#ifdef EAPI
-# undef EAPI
+#undef EAPI
#endif
#ifdef _WIN32
-# ifdef EFL_ECORE_BUILD
-# ifdef DLL_EXPORT
-# define EAPI __declspec(dllexport)
-# else
-# define EAPI
-# endif /* ! DLL_EXPORT */
-# else
-# define EAPI __declspec(dllimport)
-# endif /* ! EFL_ECORE_BUILD */
+#ifdef EFL_ECORE_BUILD
+#ifdef DLL_EXPORT
+#define EAPI __declspec(dllexport)
#else
-# ifdef __GNUC__
-# if __GNUC__ >= 4
-# define EAPI __attribute__ ((visibility("default")))
-# else
-# define EAPI
-# endif
-# else
-# define EAPI
-# endif
-#endif /* ! _WIN32 */
+#define EAPI
+#endif /* ! DLL_EXPORT */
+#else
+#define EAPI __declspec(dllimport)
+#endif /* ! EFL_ECORE_BUILD */
+#else
+#ifdef __GNUC__
+#if __GNUC__ >= 4
+#define EAPI __attribute__ ((visibility("default")))
+#else
+#define EAPI
+#endif
+#else
+#define EAPI
+#endif
+#endif /* ! _WIN32 */
/**
* @file Ecore_Getopt.h
@@ -53,117 +53,126 @@
extern "C" {
#endif
- typedef enum {
- ECORE_GETOPT_ACTION_STORE,
- ECORE_GETOPT_ACTION_STORE_CONST,
- ECORE_GETOPT_ACTION_STORE_TRUE,
- ECORE_GETOPT_ACTION_STORE_FALSE,
- ECORE_GETOPT_ACTION_CHOICE,
- ECORE_GETOPT_ACTION_APPEND,
- ECORE_GETOPT_ACTION_COUNT,
- ECORE_GETOPT_ACTION_CALLBACK,
- ECORE_GETOPT_ACTION_HELP,
- ECORE_GETOPT_ACTION_VERSION,
- ECORE_GETOPT_ACTION_COPYRIGHT,
- ECORE_GETOPT_ACTION_LICENSE
- } Ecore_Getopt_Action;
-
- typedef enum {
- ECORE_GETOPT_TYPE_STR,
- ECORE_GETOPT_TYPE_BOOL,
- ECORE_GETOPT_TYPE_SHORT,
- ECORE_GETOPT_TYPE_INT,
- ECORE_GETOPT_TYPE_LONG,
- ECORE_GETOPT_TYPE_USHORT,
- ECORE_GETOPT_TYPE_UINT,
- ECORE_GETOPT_TYPE_ULONG,
- ECORE_GETOPT_TYPE_DOUBLE
- } Ecore_Getopt_Type;
-
- typedef enum {
- ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO = 0,
- ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES = 1,
- ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL = 3
- } Ecore_Getopt_Desc_Arg_Requirement;
-
- typedef union _Ecore_Getopt_Value Ecore_Getopt_Value;
-
- typedef struct _Ecore_Getopt_Desc_Store Ecore_Getopt_Desc_Store;
- typedef struct _Ecore_Getopt_Desc_Callback Ecore_Getopt_Desc_Callback;
- typedef struct _Ecore_Getopt_Desc Ecore_Getopt_Desc;
- typedef struct _Ecore_Getopt Ecore_Getopt;
-
- union _Ecore_Getopt_Value
- {
- char **strp;
- unsigned char *boolp;
- short *shortp;
- int *intp;
- long *longp;
- unsigned short *ushortp;
- unsigned int *uintp;
- unsigned long *ulongp;
- double *doublep;
- Eina_List **listp;
- void **ptrp;
- };
-
- struct _Ecore_Getopt_Desc_Store
- {
- Ecore_Getopt_Type type; /**< type of data being handled */
- Ecore_Getopt_Desc_Arg_Requirement arg_req;
- union
- {
- const char *strv;
- unsigned char boolv;
- short shortv;
- int intv;
- long longv;
- unsigned short ushortv;
- unsigned int uintv;
- unsigned long ulongv;
- double doublev;
- } def;
- };
-
- struct _Ecore_Getopt_Desc_Callback
- {
- unsigned char (*func)(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc, const char *str, void *data, Ecore_Getopt_Value *storage);
- const void *data;
- Ecore_Getopt_Desc_Arg_Requirement arg_req;
- const char *def;
- };
-
- struct _Ecore_Getopt_Desc
- {
- char shortname; /**< used with a single dash */
- const char *longname; /**< used with double dashes */
- const char *help; /**< used by --help/ecore_getopt_help() */
- const char *metavar; /**< used by ecore_getopt_help() with nargs > 0 */
-
- Ecore_Getopt_Action action; /**< define how to handle it */
- union
- {
- const Ecore_Getopt_Desc_Store store;
- const void *store_const;
- const char *const *choices; /* NULL terminated. */
- const Ecore_Getopt_Type append_type;
- const Ecore_Getopt_Desc_Callback callback;
- const void *dummy;
- } action_param;
- };
-
- struct _Ecore_Getopt
- {
- const char *prog; /**< to be used when ecore_app_args_get() fails */
- const char *usage; /**< usage example, %prog is replaced */
- const char *version; /**< if exists, --version will work */
- const char *copyright; /**< if exists, --copyright will work */
- const char *license; /**< if exists, --license will work */
- const char *description; /**< long description, possible multiline */
- unsigned char strict : 1; /**< fail on errors */
- const Ecore_Getopt_Desc descs[]; /* NULL terminated. */
- };
+ typedef enum {
+ ECORE_GETOPT_ACTION_STORE,
+ ECORE_GETOPT_ACTION_STORE_CONST,
+ ECORE_GETOPT_ACTION_STORE_TRUE,
+ ECORE_GETOPT_ACTION_STORE_FALSE,
+ ECORE_GETOPT_ACTION_CHOICE,
+ ECORE_GETOPT_ACTION_APPEND,
+ ECORE_GETOPT_ACTION_COUNT,
+ ECORE_GETOPT_ACTION_CALLBACK,
+ ECORE_GETOPT_ACTION_HELP,
+ ECORE_GETOPT_ACTION_VERSION,
+ ECORE_GETOPT_ACTION_COPYRIGHT,
+ ECORE_GETOPT_ACTION_LICENSE
+ } Ecore_Getopt_Action;
+
+ typedef enum {
+ ECORE_GETOPT_TYPE_STR,
+ ECORE_GETOPT_TYPE_BOOL,
+ ECORE_GETOPT_TYPE_SHORT,
+ ECORE_GETOPT_TYPE_INT,
+ ECORE_GETOPT_TYPE_LONG,
+ ECORE_GETOPT_TYPE_USHORT,
+ ECORE_GETOPT_TYPE_UINT,
+ ECORE_GETOPT_TYPE_ULONG,
+ ECORE_GETOPT_TYPE_DOUBLE
+ } Ecore_Getopt_Type;
+
+ typedef enum {
+ ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO = 0,
+ ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES = 1,
+ ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL = 3
+ } Ecore_Getopt_Desc_Arg_Requirement;
+
+ typedef union _Ecore_Getopt_Value Ecore_Getopt_Value;
+
+ typedef struct _Ecore_Getopt_Desc_Store Ecore_Getopt_Desc_Store;
+ typedef struct _Ecore_Getopt_Desc_Callback
+ Ecore_Getopt_Desc_Callback;
+ typedef struct _Ecore_Getopt_Desc Ecore_Getopt_Desc;
+ typedef struct _Ecore_Getopt Ecore_Getopt;
+
+ union _Ecore_Getopt_Value {
+ char **strp;
+ unsigned char *boolp;
+ short *shortp;
+ int *intp;
+ long *longp;
+ unsigned short *ushortp;
+ unsigned int *uintp;
+ unsigned long *ulongp;
+ double *doublep;
+ Eina_List **listp;
+ void **ptrp;
+ };
+
+ struct _Ecore_Getopt_Desc_Store {
+ Ecore_Getopt_Type type;/**< type of data being handled */
+ Ecore_Getopt_Desc_Arg_Requirement arg_req;
+ union {
+ const char *strv;
+ unsigned char boolv;
+ short shortv;
+ int intv;
+ long longv;
+ unsigned short ushortv;
+ unsigned int uintv;
+ unsigned long ulongv;
+ double doublev;
+ } def;
+ };
+
+ struct _Ecore_Getopt_Desc_Callback {
+ unsigned char (*func) (const Ecore_Getopt * parser,
+ const Ecore_Getopt_Desc * desc,
+ const char *str, void *data,
+ Ecore_Getopt_Value * storage);
+ const void *data;
+ Ecore_Getopt_Desc_Arg_Requirement arg_req;
+ const char *def;
+ };
+
+ struct _Ecore_Getopt_Desc {
+ char shortname;
+ /**< used with a single dash */
+ const char *longname;
+ /**< used with double dashes */
+ const char *help;
+ /**< used by --help/ecore_getopt_help() */
+ const char *metavar;
+ /**< used by ecore_getopt_help() with nargs > 0 */
+
+ Ecore_Getopt_Action action;
+ /**< define how to handle it */
+ union {
+ const Ecore_Getopt_Desc_Store store;
+ const void *store_const;
+ const char *const *choices; /* NULL terminated. */
+ const Ecore_Getopt_Type append_type;
+ const Ecore_Getopt_Desc_Callback callback;
+ const void *dummy;
+ } action_param;
+ };
+
+ struct _Ecore_Getopt {
+ const char *prog;
+ /**< to be used when ecore_app_args_get() fails */
+ const char *usage;
+ /**< usage example, %prog is replaced */
+ const char *version;
+ /**< if exists, --version will work */
+ const char *copyright;
+ /**< if exists, --copyright will work */
+ const char *license;
+ /**< if exists, --license will work */
+ const char *description;
+ /**< long description, possible multiline */
+ unsigned char strict:1;
+ /**< fail on errors */
+ const Ecore_Getopt_Desc descs[]; /* NULL terminated. */
+ };
#define ECORE_GETOPT_STORE_FULL(shortname, longname, help, metavar, type, arg_requirement, default_value) \
{shortname, longname, help, metavar, ECORE_GETOPT_ACTION_STORE, \
@@ -385,19 +394,43 @@ extern "C" {
#define ECORE_GETOPT_VALUE_LIST(val) {.listp = &(val)}
#define ECORE_GETOPT_VALUE_NONE {.ptrp = NULL}
- EAPI void ecore_getopt_help(FILE *fp, const Ecore_Getopt *info);
-
- EAPI unsigned char ecore_getopt_parser_has_duplicates(const Ecore_Getopt *parser);
- EAPI int ecore_getopt_parse(const Ecore_Getopt *parser, Ecore_Getopt_Value *values, int argc, char **argv);
-
- EAPI Eina_List *ecore_getopt_list_free(Eina_List *list);
-
- /* helper functions to be used with ECORE_GETOPT_CALLBACK_*() */
- EAPI unsigned char ecore_getopt_callback_geometry_parse(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc, const char *str, void *data, Ecore_Getopt_Value *storage);
- EAPI unsigned char ecore_getopt_callback_size_parse(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc, const char *str, void *data, Ecore_Getopt_Value *storage);
+ EAPI void ecore_getopt_help(FILE * fp, const Ecore_Getopt * info);
+
+ EAPI unsigned char ecore_getopt_parser_has_duplicates(const
+ Ecore_Getopt
+ * parser);
+ EAPI int ecore_getopt_parse(const Ecore_Getopt * parser,
+ Ecore_Getopt_Value * values, int argc,
+ char **argv);
+
+ EAPI Eina_List *ecore_getopt_list_free(Eina_List * list);
+
+ /* helper functions to be used with ECORE_GETOPT_CALLBACK_*() */
+ EAPI unsigned char ecore_getopt_callback_geometry_parse(const
+ Ecore_Getopt
+ * parser,
+ const
+ Ecore_Getopt_Desc
+ * desc,
+ const char
+ *str,
+ void *data,
+ Ecore_Getopt_Value
+ * storage);
+ EAPI unsigned char ecore_getopt_callback_size_parse(const
+ Ecore_Getopt *
+ parser,
+ const
+ Ecore_Getopt_Desc
+ * desc,
+ const char
+ *str,
+ void *data,
+ Ecore_Getopt_Value
+ * storage);
#ifdef __cplusplus
}
#endif
-#endif /* _ECORE_GETOPT_H */
+#endif /* _ECORE_GETOPT_H */
diff --git a/tests/suite/ecore/src/lib/ecore.c b/tests/suite/ecore/src/lib/ecore.c
index 5b0789c029..09842d1807 100644
--- a/tests/suite/ecore/src/lib/ecore.c
+++ b/tests/suite/ecore/src/lib/ecore.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
@@ -9,23 +9,23 @@
#include <errno.h>
#ifndef _MSC_VER
-# include <unistd.h>
+#include <unistd.h>
#endif
#ifdef HAVE_LOCALE_H
-# include <locale.h>
+#include <locale.h>
#endif
#ifdef HAVE_LANGINFO_H
-# include <langinfo.h>
+#include <langinfo.h>
#endif
#ifdef HAVE_SYS_MMAN_H
-# include <sys/mman.h>
+#include <sys/mman.h>
#endif
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include <Eina.h>
@@ -36,6 +36,7 @@
#include <malloc.h>
static Ecore_Version _version = { VERS_MAJ, VERS_MIN, VERS_MIC, VERS_REV };
+
EAPI Ecore_Version *ecore_version = &_version;
#define KEEP_MAX(Global, Local) \
@@ -58,7 +59,7 @@ int _ecore_fps_debug = 0;
*/
#ifndef CODESET
-# define CODESET "INVALID"
+#define CODESET "INVALID"
#endif
/**
@@ -83,63 +84,65 @@ int _ecore_fps_debug = 0;
* }
* @endcode
*/
-EAPI int
-ecore_init(void)
+EAPI int ecore_init(void)
{
- if (++_ecore_init_count != 1)
- return _ecore_init_count;
+ if (++_ecore_init_count != 1)
+ return _ecore_init_count;
#ifdef HAVE_LOCALE_H
- setlocale(LC_CTYPE, "");
+ setlocale(LC_CTYPE, "");
#endif
- /*
- if (strcmp(nl_langinfo(CODESET), "UTF-8"))
- {
- WRN("Not a utf8 locale!");
- }
- */
+ /*
+ if (strcmp(nl_langinfo(CODESET), "UTF-8"))
+ {
+ WRN("Not a utf8 locale!");
+ }
+ */
#ifdef HAVE_EVIL
- if (!evil_init())
- return --_ecore_init_count;
+ if (!evil_init())
+ return --_ecore_init_count;
#endif
- if (!eina_init())
- goto shutdown_evil;
- _ecore_log_dom = eina_log_domain_register("Ecore",ECORE_DEFAULT_LOG_COLOR);
- if (_ecore_log_dom < 0) {
- EINA_LOG_ERR("Ecore was unable to create a log domain.");
- goto shutdown_log_dom;
- }
- if (getenv("ECORE_FPS_DEBUG")) _ecore_fps_debug = 1;
- if (_ecore_fps_debug) _ecore_fps_debug_init();
- _ecore_main_loop_init();
- _ecore_signal_init();
- _ecore_exe_init();
- _ecore_thread_init();
- _ecore_glib_init();
- _ecore_job_init();
- _ecore_time_init();
+ if (!eina_init())
+ goto shutdown_evil;
+ _ecore_log_dom =
+ eina_log_domain_register("Ecore", ECORE_DEFAULT_LOG_COLOR);
+ if (_ecore_log_dom < 0) {
+ EINA_LOG_ERR("Ecore was unable to create a log domain.");
+ goto shutdown_log_dom;
+ }
+ if (getenv("ECORE_FPS_DEBUG"))
+ _ecore_fps_debug = 1;
+ if (_ecore_fps_debug)
+ _ecore_fps_debug_init();
+ _ecore_main_loop_init();
+ _ecore_signal_init();
+ _ecore_exe_init();
+ _ecore_thread_init();
+ _ecore_glib_init();
+ _ecore_job_init();
+ _ecore_time_init();
#if HAVE_MALLINFO
- if (getenv("ECORE_MEM_STAT"))
- {
- _ecore_memory_pid = getpid();
- ecore_animator_add(_ecore_memory_statistic, NULL);
- }
+ if (getenv("ECORE_MEM_STAT")) {
+ _ecore_memory_pid = getpid();
+ ecore_animator_add(_ecore_memory_statistic, NULL);
+ }
#endif
#if defined(GLIB_INTEGRATION_ALWAYS)
- if (_ecore_glib_always_integrate) ecore_main_loop_glib_integrate();
+ if (_ecore_glib_always_integrate)
+ ecore_main_loop_glib_integrate();
#endif
-
- return _ecore_init_count;
- shutdown_log_dom:
- eina_shutdown();
- shutdown_evil:
+ return _ecore_init_count;
+
+ shutdown_log_dom:
+ eina_shutdown();
+ shutdown_evil:
#ifdef HAVE_EVIL
- evil_shutdown();
+ evil_shutdown();
#endif
- return --_ecore_init_count;
+ return --_ecore_init_count;
}
/**
@@ -152,122 +155,120 @@ ecore_init(void)
* Do not call this function from any callback that may be called from the main
* loop, as the main loop will then fall over and not function properly.
*/
-EAPI int
-ecore_shutdown(void)
+EAPI int ecore_shutdown(void)
{
- if (--_ecore_init_count != 0)
- return _ecore_init_count;
-
- if (_ecore_fps_debug) _ecore_fps_debug_shutdown();
- _ecore_poller_shutdown();
- _ecore_animator_shutdown();
- _ecore_glib_shutdown();
- _ecore_job_shutdown();
- _ecore_thread_shutdown();
- _ecore_exe_shutdown();
- _ecore_idle_enterer_shutdown();
- _ecore_idle_exiter_shutdown();
- _ecore_idler_shutdown();
- _ecore_timer_shutdown();
- _ecore_event_shutdown();
- _ecore_main_shutdown();
- _ecore_signal_shutdown();
- _ecore_main_loop_shutdown();
+ if (--_ecore_init_count != 0)
+ return _ecore_init_count;
+
+ if (_ecore_fps_debug)
+ _ecore_fps_debug_shutdown();
+ _ecore_poller_shutdown();
+ _ecore_animator_shutdown();
+ _ecore_glib_shutdown();
+ _ecore_job_shutdown();
+ _ecore_thread_shutdown();
+ _ecore_exe_shutdown();
+ _ecore_idle_enterer_shutdown();
+ _ecore_idle_exiter_shutdown();
+ _ecore_idler_shutdown();
+ _ecore_timer_shutdown();
+ _ecore_event_shutdown();
+ _ecore_main_shutdown();
+ _ecore_signal_shutdown();
+ _ecore_main_loop_shutdown();
#if HAVE_MALLINFO
- if (getenv("ECORE_MEM_STAT"))
- {
- _ecore_memory_statistic(NULL);
-
- ERR("[%i] Memory MAX total: %i, free: %i",
- _ecore_memory_pid,
- _ecore_memory_max_total,
- _ecore_memory_max_free);
- }
+ if (getenv("ECORE_MEM_STAT")) {
+ _ecore_memory_statistic(NULL);
+
+ ERR("[%i] Memory MAX total: %i, free: %i",
+ _ecore_memory_pid,
+ _ecore_memory_max_total, _ecore_memory_max_free);
+ }
#endif
- eina_log_domain_unregister(_ecore_log_dom);
- _ecore_log_dom = -1;
- eina_shutdown();
+ eina_log_domain_unregister(_ecore_log_dom);
+ _ecore_log_dom = -1;
+ eina_shutdown();
#ifdef HAVE_EVIL
- evil_shutdown();
+ evil_shutdown();
#endif
- return _ecore_init_count;
+ return _ecore_init_count;
}
-EAPI void
-ecore_print_warning(const char *function, const char *sparam)
+EAPI void ecore_print_warning(const char *function, const char *sparam)
{
- WRN("***** Developer Warning ***** :\n"
- "\tThis program is calling:\n\n"
- "\t%s();\n\n"
- "\tWith the parameter:\n\n"
- "\t%s\n\n"
- "\tbeing NULL. Please fix your program.", function, sparam);
- if (getenv("ECORE_ERROR_ABORT")) abort();
+ WRN("***** Developer Warning ***** :\n"
+ "\tThis program is calling:\n\n"
+ "\t%s();\n\n"
+ "\tWith the parameter:\n\n"
+ "\t%s\n\n"
+ "\tbeing NULL. Please fix your program.", function, sparam);
+ if (getenv("ECORE_ERROR_ABORT"))
+ abort();
}
EAPI void
-_ecore_magic_fail(const void *d, Ecore_Magic m, Ecore_Magic req_m, const char *fname)
+_ecore_magic_fail(const void *d, Ecore_Magic m, Ecore_Magic req_m,
+ const char *fname)
{
- ERR("\n"
- "*** ECORE ERROR: Ecore Magic Check Failed!!!\n"
- "*** IN FUNCTION: %s()", fname);
- if (!d)
- ERR(" Input handle pointer is NULL!");
- else if (m == ECORE_MAGIC_NONE)
- ERR(" Input handle has already been freed!");
- else if (m != req_m)
- ERR(" Input handle is wrong type\n"
- " Expected: %08x - %s\n"
- " Supplied: %08x - %s",
- (unsigned int)req_m, _ecore_magic_string_get(req_m),
- (unsigned int)m, _ecore_magic_string_get(m));
- ERR("*** NAUGHTY PROGRAMMER!!!\n"
- "*** SPANK SPANK SPANK!!!\n"
- "*** Now go fix your code. Tut tut tut!");
- if (getenv("ECORE_ERROR_ABORT")) abort();
+ ERR("\n"
+ "*** ECORE ERROR: Ecore Magic Check Failed!!!\n"
+ "*** IN FUNCTION: %s()", fname);
+ if (!d)
+ ERR(" Input handle pointer is NULL!");
+ else if (m == ECORE_MAGIC_NONE)
+ ERR(" Input handle has already been freed!");
+ else if (m != req_m)
+ ERR(" Input handle is wrong type\n"
+ " Expected: %08x - %s\n"
+ " Supplied: %08x - %s",
+ (unsigned int) req_m, _ecore_magic_string_get(req_m),
+ (unsigned int) m, _ecore_magic_string_get(m));
+ ERR("*** NAUGHTY PROGRAMMER!!!\n"
+ "*** SPANK SPANK SPANK!!!\n"
+ "*** Now go fix your code. Tut tut tut!");
+ if (getenv("ECORE_ERROR_ABORT"))
+ abort();
}
-static const char *
-_ecore_magic_string_get(Ecore_Magic m)
+static const char *_ecore_magic_string_get(Ecore_Magic m)
{
- switch (m)
- {
- case ECORE_MAGIC_NONE:
- return "None (Freed Object)";
- break;
- case ECORE_MAGIC_EXE:
- return "Ecore_Exe (Executable)";
- break;
- case ECORE_MAGIC_TIMER:
- return "Ecore_Timer (Timer)";
- break;
- case ECORE_MAGIC_IDLER:
- return "Ecore_Idler (Idler)";
- break;
- case ECORE_MAGIC_IDLE_ENTERER:
- return "Ecore_Idle_Enterer (Idler Enterer)";
- break;
- case ECORE_MAGIC_IDLE_EXITER:
- return "Ecore_Idle_Exiter (Idler Exiter)";
- break;
- case ECORE_MAGIC_FD_HANDLER:
- return "Ecore_Fd_Handler (Fd Handler)";
- break;
- case ECORE_MAGIC_WIN32_HANDLER:
- return "Ecore_Win32_Handler (Win32 Handler)";
- break;
- case ECORE_MAGIC_EVENT_HANDLER:
- return "Ecore_Event_Handler (Event Handler)";
- break;
- case ECORE_MAGIC_EVENT:
- return "Ecore_Event (Event)";
- break;
- default:
- return "<UNKNOWN>";
- };
+ switch (m) {
+ case ECORE_MAGIC_NONE:
+ return "None (Freed Object)";
+ break;
+ case ECORE_MAGIC_EXE:
+ return "Ecore_Exe (Executable)";
+ break;
+ case ECORE_MAGIC_TIMER:
+ return "Ecore_Timer (Timer)";
+ break;
+ case ECORE_MAGIC_IDLER:
+ return "Ecore_Idler (Idler)";
+ break;
+ case ECORE_MAGIC_IDLE_ENTERER:
+ return "Ecore_Idle_Enterer (Idler Enterer)";
+ break;
+ case ECORE_MAGIC_IDLE_EXITER:
+ return "Ecore_Idle_Exiter (Idler Exiter)";
+ break;
+ case ECORE_MAGIC_FD_HANDLER:
+ return "Ecore_Fd_Handler (Fd Handler)";
+ break;
+ case ECORE_MAGIC_WIN32_HANDLER:
+ return "Ecore_Win32_Handler (Win32 Handler)";
+ break;
+ case ECORE_MAGIC_EVENT_HANDLER:
+ return "Ecore_Event_Handler (Event Handler)";
+ break;
+ case ECORE_MAGIC_EVENT:
+ return "Ecore_Event (Event)";
+ break;
+ default:
+ return "<UNKNOWN>";
+ };
}
/* fps debug calls - for debugging how much time your app actually spends */
@@ -278,121 +279,110 @@ static int _ecore_fps_debug_init_count = 0;
static int _ecore_fps_debug_fd = -1;
unsigned int *_ecore_fps_runtime_mmap = NULL;
-void
-_ecore_fps_debug_init(void)
+void _ecore_fps_debug_init(void)
{
- char buf[4096];
- const char *tmp;
- int pid;
+ char buf[4096];
+ const char *tmp;
+ int pid;
- _ecore_fps_debug_init_count++;
- if (_ecore_fps_debug_init_count > 1) return;
+ _ecore_fps_debug_init_count++;
+ if (_ecore_fps_debug_init_count > 1)
+ return;
#ifndef HAVE_EVIL
- tmp = "/tmp";
+ tmp = "/tmp";
#else
- tmp = (char *)evil_tmpdir_get ();
-#endif /* HAVE_EVIL */
- pid = (int)getpid();
- snprintf(buf, sizeof(buf), "%s/.ecore_fps_debug-%i", tmp, pid);
- _ecore_fps_debug_fd = open(buf, O_CREAT | O_TRUNC | O_RDWR, 0644);
- if (_ecore_fps_debug_fd < 0)
- {
- unlink(buf);
- _ecore_fps_debug_fd = open(buf, O_CREAT | O_TRUNC | O_RDWR, 0644);
- }
- if (_ecore_fps_debug_fd >= 0)
- {
- unsigned int zero = 0;
- char *buf = (char *)&zero;
- ssize_t todo = sizeof(unsigned int);
-
- while (todo > 0)
- {
- ssize_t r = write(_ecore_fps_debug_fd, buf, todo);
- if (r > 0)
- {
- todo -= r;
- buf += r;
- }
- else if ((r < 0) && (errno == EINTR))
- continue;
- else
- {
- ERR("could not write to file '%s' fd %d: %s",
- tmp, _ecore_fps_debug_fd, strerror(errno));
- close(_ecore_fps_debug_fd);
- _ecore_fps_debug_fd = -1;
- return;
- }
- }
- _ecore_fps_runtime_mmap = mmap(NULL, sizeof(unsigned int),
- PROT_READ | PROT_WRITE,
- MAP_SHARED,
- _ecore_fps_debug_fd, 0);
- if (_ecore_fps_runtime_mmap == MAP_FAILED)
- _ecore_fps_runtime_mmap = NULL;
- }
+ tmp = (char *) evil_tmpdir_get();
+#endif /* HAVE_EVIL */
+ pid = (int) getpid();
+ snprintf(buf, sizeof(buf), "%s/.ecore_fps_debug-%i", tmp, pid);
+ _ecore_fps_debug_fd = open(buf, O_CREAT | O_TRUNC | O_RDWR, 0644);
+ if (_ecore_fps_debug_fd < 0) {
+ unlink(buf);
+ _ecore_fps_debug_fd =
+ open(buf, O_CREAT | O_TRUNC | O_RDWR, 0644);
+ }
+ if (_ecore_fps_debug_fd >= 0) {
+ unsigned int zero = 0;
+ char *buf = (char *) &zero;
+ ssize_t todo = sizeof(unsigned int);
+
+ while (todo > 0) {
+ ssize_t r = write(_ecore_fps_debug_fd, buf, todo);
+ if (r > 0) {
+ todo -= r;
+ buf += r;
+ } else if ((r < 0) && (errno == EINTR))
+ continue;
+ else {
+ ERR("could not write to file '%s' fd %d: %s", tmp, _ecore_fps_debug_fd, strerror(errno));
+ close(_ecore_fps_debug_fd);
+ _ecore_fps_debug_fd = -1;
+ return;
+ }
+ }
+ _ecore_fps_runtime_mmap = mmap(NULL, sizeof(unsigned int),
+ PROT_READ | PROT_WRITE,
+ MAP_SHARED,
+ _ecore_fps_debug_fd, 0);
+ if (_ecore_fps_runtime_mmap == MAP_FAILED)
+ _ecore_fps_runtime_mmap = NULL;
+ }
}
-void
-_ecore_fps_debug_shutdown(void)
+void _ecore_fps_debug_shutdown(void)
{
- _ecore_fps_debug_init_count--;
- if (_ecore_fps_debug_init_count > 0) return;
- if (_ecore_fps_debug_fd >= 0)
- {
- char buf[4096];
- const char *tmp;
- int pid;
+ _ecore_fps_debug_init_count--;
+ if (_ecore_fps_debug_init_count > 0)
+ return;
+ if (_ecore_fps_debug_fd >= 0) {
+ char buf[4096];
+ const char *tmp;
+ int pid;
#ifndef HAVE_EVIL
- tmp = "/tmp";
+ tmp = "/tmp";
#else
- tmp = (char *)evil_tmpdir_get ();
-#endif /* HAVE_EVIL */
- pid = (int)getpid();
- snprintf(buf, sizeof(buf), "%s/.ecore_fps_debug-%i", tmp, pid);
- unlink(buf);
- if (_ecore_fps_runtime_mmap)
- {
- munmap(_ecore_fps_runtime_mmap, sizeof(int));
- _ecore_fps_runtime_mmap = NULL;
- }
- close(_ecore_fps_debug_fd);
- _ecore_fps_debug_fd = -1;
- }
+ tmp = (char *) evil_tmpdir_get();
+#endif /* HAVE_EVIL */
+ pid = (int) getpid();
+ snprintf(buf, sizeof(buf), "%s/.ecore_fps_debug-%i", tmp,
+ pid);
+ unlink(buf);
+ if (_ecore_fps_runtime_mmap) {
+ munmap(_ecore_fps_runtime_mmap, sizeof(int));
+ _ecore_fps_runtime_mmap = NULL;
+ }
+ close(_ecore_fps_debug_fd);
+ _ecore_fps_debug_fd = -1;
+ }
}
-void
-_ecore_fps_debug_runtime_add(double t)
+void _ecore_fps_debug_runtime_add(double t)
{
- if ((_ecore_fps_debug_fd >= 0) &&
- (_ecore_fps_runtime_mmap))
- {
- unsigned int tm;
-
- tm = (unsigned int)(t * 1000000.0);
- /* i know its not 100% theoretically guaranteed, but i'd say a write */
- /* of an int could be considered atomic for all practical purposes */
- /* oh and since this is cumulative, 1 second = 1,000,000 ticks, so */
- /* this can run for about 4294 seconds becore looping. if you are */
- /* doing performance testing in one run for over an hour... well */
- /* time to restart or handle a loop condition :) */
- *(_ecore_fps_runtime_mmap) += tm;
- }
+ if ((_ecore_fps_debug_fd >= 0) && (_ecore_fps_runtime_mmap)) {
+ unsigned int tm;
+
+ tm = (unsigned int) (t * 1000000.0);
+ /* i know its not 100% theoretically guaranteed, but i'd say a write */
+ /* of an int could be considered atomic for all practical purposes */
+ /* oh and since this is cumulative, 1 second = 1,000,000 ticks, so */
+ /* this can run for about 4294 seconds becore looping. if you are */
+ /* doing performance testing in one run for over an hour... well */
+ /* time to restart or handle a loop condition :) */
+ *(_ecore_fps_runtime_mmap) += tm;
+ }
}
#if HAVE_MALLINFO
-static Eina_Bool
-_ecore_memory_statistic(__UNUSED__ void *data)
+static Eina_Bool _ecore_memory_statistic(__UNUSED__ void *data)
{
- struct mallinfo mi;
- static int uordblks = 0;
- static int fordblks = 0;
- Eina_Bool changed = EINA_FALSE;
+ struct mallinfo mi;
+ static int uordblks = 0;
+ static int fordblks = 0;
+ Eina_Bool changed = EINA_FALSE;
- mi = mallinfo();
+ mi = mallinfo();
#define HAS_CHANGED(Global, Local) \
if (Global != Local) \
@@ -401,18 +391,16 @@ _ecore_memory_statistic(__UNUSED__ void *data)
changed = EINA_TRUE; \
}
- HAS_CHANGED(uordblks, mi.uordblks);
- HAS_CHANGED(fordblks, mi.fordblks);
+ HAS_CHANGED(uordblks, mi.uordblks);
+ HAS_CHANGED(fordblks, mi.fordblks);
- if (changed)
- ERR("[%i] Memory total: %i, free: %i",
- _ecore_memory_pid,
- mi.uordblks,
- mi.fordblks);
+ if (changed)
+ ERR("[%i] Memory total: %i, free: %i",
+ _ecore_memory_pid, mi.uordblks, mi.fordblks);
- KEEP_MAX(_ecore_memory_max_total, mi.uordblks);
- KEEP_MAX(_ecore_memory_max_free, mi.fordblks);
+ KEEP_MAX(_ecore_memory_max_total, mi.uordblks);
+ KEEP_MAX(_ecore_memory_max_free, mi.fordblks);
- return ECORE_CALLBACK_RENEW;
+ return ECORE_CALLBACK_RENEW;
}
#endif
diff --git a/tests/suite/ecore/src/lib/ecore_anim.c b/tests/suite/ecore/src/lib/ecore_anim.c
index 921071e347..ff37e393e9 100644
--- a/tests/suite/ecore/src/lib/ecore_anim.c
+++ b/tests/suite/ecore/src/lib/ecore_anim.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -9,25 +9,24 @@
#include "ecore_private.h"
-struct _Ecore_Animator
-{
- EINA_INLIST;
- ECORE_MAGIC;
+struct _Ecore_Animator {
+ EINA_INLIST;
+ ECORE_MAGIC;
- Ecore_Task_Cb func;
- void *data;
+ Ecore_Task_Cb func;
+ void *data;
- Eina_Bool delete_me : 1;
- Eina_Bool suspended : 1;
+ Eina_Bool delete_me:1;
+ Eina_Bool suspended:1;
};
static Eina_Bool _ecore_animator(void *data);
-static Ecore_Timer *timer = NULL;
-static int animators_delete_me = 0;
+static Ecore_Timer *timer = NULL;
+static int animators_delete_me = 0;
static Ecore_Animator *animators = NULL;
-static double animators_frametime = 1.0 / 30.0;
+static double animators_frametime = 1.0 / 30.0;
/**
* Add a animator to tick off at every animaton tick during main loop execution.
@@ -46,28 +45,34 @@ static double animators_frametime = 1.0 / 30.0;
* next tick, or if it returns 0 (or ECORE_CALLBACK_CANCEL) it will be deleted
* automatically making any references/handles for it invalid.
*/
-EAPI Ecore_Animator *
-ecore_animator_add(Ecore_Task_Cb func, const void *data)
+EAPI Ecore_Animator *ecore_animator_add(Ecore_Task_Cb func,
+ const void *data)
{
- Ecore_Animator *animator;
-
- if (!func) return NULL;
- animator = calloc(1, sizeof(Ecore_Animator));
- if (!animator) return NULL;
- ECORE_MAGIC_SET(animator, ECORE_MAGIC_ANIMATOR);
- animator->func = func;
- animator->data = (void *)data;
- animators = (Ecore_Animator *)eina_inlist_append(EINA_INLIST_GET(animators), EINA_INLIST_GET(animator));
- if (!timer)
- {
- double t_loop = ecore_loop_time_get();
- double sync_0 = 0.0;
- double d = -fmod(t_loop - sync_0, animators_frametime);
-
- timer = ecore_timer_loop_add(animators_frametime, _ecore_animator, NULL);
- ecore_timer_delay(timer, d);
- }
- return animator;
+ Ecore_Animator *animator;
+
+ if (!func)
+ return NULL;
+ animator = calloc(1, sizeof(Ecore_Animator));
+ if (!animator)
+ return NULL;
+ ECORE_MAGIC_SET(animator, ECORE_MAGIC_ANIMATOR);
+ animator->func = func;
+ animator->data = (void *) data;
+ animators =
+ (Ecore_Animator *)
+ eina_inlist_append(EINA_INLIST_GET(animators),
+ EINA_INLIST_GET(animator));
+ if (!timer) {
+ double t_loop = ecore_loop_time_get();
+ double sync_0 = 0.0;
+ double d = -fmod(t_loop - sync_0, animators_frametime);
+
+ timer =
+ ecore_timer_loop_add(animators_frametime,
+ _ecore_animator, NULL);
+ ecore_timer_delay(timer, d);
+ }
+ return animator;
}
/**
@@ -82,19 +87,18 @@ ecore_animator_add(Ecore_Task_Cb func, const void *data)
* call returns the specified animator object @p animator is invalid and should not
* be used again. It will not get called again after deletion.
*/
-EAPI void *
-ecore_animator_del(Ecore_Animator *animator)
+EAPI void *ecore_animator_del(Ecore_Animator * animator)
{
- if (!ECORE_MAGIC_CHECK(animator, ECORE_MAGIC_ANIMATOR))
- {
- ECORE_MAGIC_FAIL(animator, ECORE_MAGIC_ANIMATOR,
- "ecore_animator_del");
- return NULL;
- }
- if (animator->delete_me) return animator->data;
- animator->delete_me = EINA_TRUE;
- animators_delete_me++;
- return animator->data;
+ if (!ECORE_MAGIC_CHECK(animator, ECORE_MAGIC_ANIMATOR)) {
+ ECORE_MAGIC_FAIL(animator, ECORE_MAGIC_ANIMATOR,
+ "ecore_animator_del");
+ return NULL;
+ }
+ if (animator->delete_me)
+ return animator->data;
+ animator->delete_me = EINA_TRUE;
+ animators_delete_me++;
+ return animator->data;
}
/**
@@ -103,19 +107,21 @@ ecore_animator_del(Ecore_Animator *animator)
*
* This function sets the time interval (in seconds) between animator ticks.
*/
-EAPI void
-ecore_animator_frametime_set(double frametime)
+EAPI void ecore_animator_frametime_set(double frametime)
{
- if (frametime < 0.0) frametime = 0.0;
- if (animators_frametime == frametime) return;
- animators_frametime = frametime;
- if (timer)
- {
- ecore_timer_del(timer);
- timer = NULL;
- }
- if (animators)
- timer = ecore_timer_add(animators_frametime, _ecore_animator, NULL);
+ if (frametime < 0.0)
+ frametime = 0.0;
+ if (animators_frametime == frametime)
+ return;
+ animators_frametime = frametime;
+ if (timer) {
+ ecore_timer_del(timer);
+ timer = NULL;
+ }
+ if (animators)
+ timer =
+ ecore_timer_add(animators_frametime, _ecore_animator,
+ NULL);
}
/**
@@ -124,10 +130,9 @@ ecore_animator_frametime_set(double frametime)
*
* this function retrieves the time between animator ticks, in seconds.
*/
-EAPI double
-ecore_animator_frametime_get(void)
+EAPI double ecore_animator_frametime_get(void)
{
- return animators_frametime;
+ return animators_frametime;
}
/**
@@ -138,17 +143,16 @@ ecore_animator_frametime_get(void)
* The specified @p animator will be temporarly removed from the set of animators
* that are executed during main loop execution.
*/
-EAPI void
-ecore_animator_freeze(Ecore_Animator *animator)
+EAPI void ecore_animator_freeze(Ecore_Animator * animator)
{
- if (!ECORE_MAGIC_CHECK(animator, ECORE_MAGIC_ANIMATOR))
- {
- ECORE_MAGIC_FAIL(animator, ECORE_MAGIC_ANIMATOR,
- "ecore_animator_del");
- return;
- }
- if (animator->delete_me) return;
- animator->suspended = EINA_TRUE;
+ if (!ECORE_MAGIC_CHECK(animator, ECORE_MAGIC_ANIMATOR)) {
+ ECORE_MAGIC_FAIL(animator, ECORE_MAGIC_ANIMATOR,
+ "ecore_animator_del");
+ return;
+ }
+ if (animator->delete_me)
+ return;
+ animator->suspended = EINA_TRUE;
}
/**
@@ -159,75 +163,73 @@ ecore_animator_freeze(Ecore_Animator *animator)
* The specified @p animator will be put back in the set of animators
* that are executed during main loop execution.
*/
-EAPI void
-ecore_animator_thaw(Ecore_Animator *animator)
+EAPI void ecore_animator_thaw(Ecore_Animator * animator)
{
- if (!ECORE_MAGIC_CHECK(animator, ECORE_MAGIC_ANIMATOR))
- {
- ECORE_MAGIC_FAIL(animator, ECORE_MAGIC_ANIMATOR,
- "ecore_animator_del");
- return;
- }
- if (animator->delete_me) return;
- animator->suspended = EINA_FALSE;
+ if (!ECORE_MAGIC_CHECK(animator, ECORE_MAGIC_ANIMATOR)) {
+ ECORE_MAGIC_FAIL(animator, ECORE_MAGIC_ANIMATOR,
+ "ecore_animator_del");
+ return;
+ }
+ if (animator->delete_me)
+ return;
+ animator->suspended = EINA_FALSE;
}
-void
-_ecore_animator_shutdown(void)
+void _ecore_animator_shutdown(void)
{
- if (timer)
- {
- ecore_timer_del(timer);
- timer = NULL;
- }
- while (animators)
- {
- Ecore_Animator *animator;
-
- animator = animators;
- animators = (Ecore_Animator *) eina_inlist_remove(EINA_INLIST_GET(animators), EINA_INLIST_GET(animators));
- ECORE_MAGIC_SET(animator, ECORE_MAGIC_NONE);
- free(animator);
- }
+ if (timer) {
+ ecore_timer_del(timer);
+ timer = NULL;
+ }
+ while (animators) {
+ Ecore_Animator *animator;
+
+ animator = animators;
+ animators =
+ (Ecore_Animator *)
+ eina_inlist_remove(EINA_INLIST_GET(animators),
+ EINA_INLIST_GET(animators));
+ ECORE_MAGIC_SET(animator, ECORE_MAGIC_NONE);
+ free(animator);
+ }
}
-static Eina_Bool
-_ecore_animator(void *data __UNUSED__)
+static Eina_Bool _ecore_animator(void *data __UNUSED__)
{
- Ecore_Animator *animator;
-
- EINA_INLIST_FOREACH(animators, animator)
- {
- if (!animator->delete_me && !animator->suspended)
- {
- if (!animator->func(animator->data))
- {
- animator->delete_me = EINA_TRUE;
- animators_delete_me++;
- }
- }
- }
- if (animators_delete_me)
- {
- Ecore_Animator *l;
- for(l = animators; l;)
- {
- animator = l;
- l = (Ecore_Animator *) EINA_INLIST_GET(l)->next;
- if (animator->delete_me)
- {
- animators = (Ecore_Animator *) eina_inlist_remove(EINA_INLIST_GET(animators), EINA_INLIST_GET(animator));
- ECORE_MAGIC_SET(animator, ECORE_MAGIC_NONE);
- free(animator);
- animators_delete_me--;
- if (animators_delete_me == 0) break;
- }
- }
- }
- if (!animators)
- {
- timer = NULL;
- return ECORE_CALLBACK_CANCEL;
- }
- return ECORE_CALLBACK_RENEW;
+ Ecore_Animator *animator;
+
+ EINA_INLIST_FOREACH(animators, animator) {
+ if (!animator->delete_me && !animator->suspended) {
+ if (!animator->func(animator->data)) {
+ animator->delete_me = EINA_TRUE;
+ animators_delete_me++;
+ }
+ }
+ }
+ if (animators_delete_me) {
+ Ecore_Animator *l;
+ for (l = animators; l;) {
+ animator = l;
+ l = (Ecore_Animator *) EINA_INLIST_GET(l)->next;
+ if (animator->delete_me) {
+ animators =
+ (Ecore_Animator *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (animators),
+ EINA_INLIST_GET
+ (animator));
+ ECORE_MAGIC_SET(animator,
+ ECORE_MAGIC_NONE);
+ free(animator);
+ animators_delete_me--;
+ if (animators_delete_me == 0)
+ break;
+ }
+ }
+ }
+ if (!animators) {
+ timer = NULL;
+ return ECORE_CALLBACK_CANCEL;
+ }
+ return ECORE_CALLBACK_RENEW;
}
diff --git a/tests/suite/ecore/src/lib/ecore_app.c b/tests/suite/ecore/src/lib/ecore_app.c
index f9663a50bb..b83e5b2958 100644
--- a/tests/suite/ecore/src/lib/ecore_app.c
+++ b/tests/suite/ecore/src/lib/ecore_app.c
@@ -1,17 +1,17 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
#ifndef _MSC_VER
-# include <unistd.h>
+#include <unistd.h>
#else
-# include <process.h>
+#include <process.h>
#endif
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "Ecore.h"
@@ -28,13 +28,12 @@ static char **app_argv = NULL;
* A call to this function will store the programs command-line arguments
* for later use by ecore_app_restart() or ecore_app_args_get().
*/
-EAPI void
-ecore_app_args_set(int argc, const char **argv)
+EAPI void ecore_app_args_set(int argc, const char **argv)
{
- if ((argc < 1) ||
- (!argv)) return;
- app_argc = argc;
- app_argv = (char **)argv;
+ if ((argc < 1) || (!argv))
+ return;
+ app_argc = argc;
+ app_argv = (char **) argv;
}
/**
@@ -48,11 +47,12 @@ ecore_app_args_set(int argc, const char **argv)
* also if the pointer is not NULL. The values they are filled with will be the
* same set by ecore_app_args_set().
*/
-EAPI void
-ecore_app_args_get(int *argc, char ***argv)
+EAPI void ecore_app_args_get(int *argc, char ***argv)
{
- if (argc) *argc = app_argc;
- if (argv) *argv = app_argv;
+ if (argc)
+ *argc = app_argc;
+ if (argv)
+ *argv = app_argv;
}
/**
@@ -63,15 +63,17 @@ ecore_app_args_get(int *argc, char ***argv)
* an easy way for a program to restart itself for cleanup purposes,
* configuration reasons or in the event of a crash.
*/
-EAPI void
-ecore_app_restart(void)
+EAPI void ecore_app_restart(void)
{
- char *args[4096];
- int i;
+ char *args[4096];
+ int i;
- if ((app_argc < 1) || (!app_argv)) return;
- if (app_argc >= 4096) return;
- for (i = 0; i < app_argc; i++) args[i] = app_argv[i];
- args[i] = NULL;
- execvp(app_argv[0], args);
+ if ((app_argc < 1) || (!app_argv))
+ return;
+ if (app_argc >= 4096)
+ return;
+ for (i = 0; i < app_argc; i++)
+ args[i] = app_argv[i];
+ args[i] = NULL;
+ execvp(app_argv[0], args);
}
diff --git a/tests/suite/ecore/src/lib/ecore_events.c b/tests/suite/ecore/src/lib/ecore_events.c
index 470838cb9a..ebe22219d3 100644
--- a/tests/suite/ecore/src/lib/ecore_events.c
+++ b/tests/suite/ecore/src/lib/ecore_events.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -9,40 +9,37 @@
static int inpurge = 0;
-struct _Ecore_Event_Handler
-{
- EINA_INLIST;
- ECORE_MAGIC;
- int type;
- Ecore_Event_Handler_Cb func;
- void *data;
- int references;
- Eina_Bool delete_me : 1;
+struct _Ecore_Event_Handler {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ int type;
+ Ecore_Event_Handler_Cb func;
+ void *data;
+ int references;
+ Eina_Bool delete_me:1;
};
-struct _Ecore_Event_Filter
-{
- EINA_INLIST;
- ECORE_MAGIC;
- Ecore_Data_Cb func_start;
- Ecore_Filter_Cb func_filter;
- Ecore_End_Cb func_end;
- void *loop_data;
- void *data;
- int references;
- Eina_Bool delete_me : 1;
+struct _Ecore_Event_Filter {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ Ecore_Data_Cb func_start;
+ Ecore_Filter_Cb func_filter;
+ Ecore_End_Cb func_end;
+ void *loop_data;
+ void *data;
+ int references;
+ Eina_Bool delete_me:1;
};
-struct _Ecore_Event
-{
- EINA_INLIST;
- ECORE_MAGIC;
- int type;
- void *event;
- Ecore_End_Cb func_free;
- void *data;
- int references;
- Eina_Bool delete_me : 1;
+struct _Ecore_Event {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ int type;
+ void *event;
+ Ecore_End_Cb func_free;
+ void *data;
+ int references;
+ Eina_Bool delete_me:1;
};
@@ -63,11 +60,11 @@ static Ecore_Event *event_filter_event_current = NULL;
static int event_filters_delete_me = 0;
static int event_id_max = ECORE_EVENT_COUNT;
static int ecore_raw_event_type = ECORE_EVENT_NONE;
-static void *ecore_raw_event_event = NULL;
+static void *ecore_raw_event_event = NULL;
static void _ecore_event_purge_deleted(void);
-static void *_ecore_event_del(Ecore_Event *event);
+static void *_ecore_event_del(Ecore_Event * event);
/**
@@ -93,44 +90,53 @@ static void *_ecore_event_del(Ecore_Event *event);
* event, so all handler set to handle that event type that have not already
* been called, will not be.
*/
-EAPI Ecore_Event_Handler *
-ecore_event_handler_add(int type, Ecore_Event_Handler_Cb func, const void *data)
+EAPI Ecore_Event_Handler *ecore_event_handler_add(int type,
+ Ecore_Event_Handler_Cb
+ func, const void *data)
{
- Ecore_Event_Handler *eh;
-
- if (!func) return NULL;
- if ((type <= ECORE_EVENT_NONE) || (type >= event_id_max)) return NULL;
- eh = calloc(1, sizeof(Ecore_Event_Handler));
- if (!eh) return NULL;
- ECORE_MAGIC_SET(eh, ECORE_MAGIC_EVENT_HANDLER);
- eh->type = type;
- eh->func = func;
- eh->data = (void *)data;
- if (type >= (event_handlers_num - 1))
- {
- int p_alloc_num;
-
- p_alloc_num = event_handlers_alloc_num;
- event_handlers_num = type + 1;
- if (event_handlers_num > event_handlers_alloc_num)
- {
- Ecore_Event_Handler **new_handlers;
- int i;
-
- event_handlers_alloc_num = ((event_handlers_num + 16) / 16) * 16;
- new_handlers = realloc(event_handlers, event_handlers_alloc_num * sizeof(Ecore_Event_Handler *));
- if (!new_handlers)
- {
- free(eh);
- return NULL;
- }
- event_handlers = new_handlers;
- for (i = p_alloc_num; i < event_handlers_alloc_num; i++)
- event_handlers[i] = NULL;
- }
- }
- event_handlers[type] = (Ecore_Event_Handler *) eina_inlist_append(EINA_INLIST_GET(event_handlers[type]), EINA_INLIST_GET(eh));
- return eh;
+ Ecore_Event_Handler *eh;
+
+ if (!func)
+ return NULL;
+ if ((type <= ECORE_EVENT_NONE) || (type >= event_id_max))
+ return NULL;
+ eh = calloc(1, sizeof(Ecore_Event_Handler));
+ if (!eh)
+ return NULL;
+ ECORE_MAGIC_SET(eh, ECORE_MAGIC_EVENT_HANDLER);
+ eh->type = type;
+ eh->func = func;
+ eh->data = (void *) data;
+ if (type >= (event_handlers_num - 1)) {
+ int p_alloc_num;
+
+ p_alloc_num = event_handlers_alloc_num;
+ event_handlers_num = type + 1;
+ if (event_handlers_num > event_handlers_alloc_num) {
+ Ecore_Event_Handler **new_handlers;
+ int i;
+
+ event_handlers_alloc_num =
+ ((event_handlers_num + 16) / 16) * 16;
+ new_handlers =
+ realloc(event_handlers,
+ event_handlers_alloc_num *
+ sizeof(Ecore_Event_Handler *));
+ if (!new_handlers) {
+ free(eh);
+ return NULL;
+ }
+ event_handlers = new_handlers;
+ for (i = p_alloc_num; i < event_handlers_alloc_num;
+ i++)
+ event_handlers[i] = NULL;
+ }
+ }
+ event_handlers[type] =
+ (Ecore_Event_Handler *)
+ eina_inlist_append(EINA_INLIST_GET(event_handlers[type]),
+ EINA_INLIST_GET(eh));
+ return eh;
}
/**
@@ -143,25 +149,23 @@ ecore_event_handler_add(int type, Ecore_Event_Handler_Cb func, const void *data)
* handler was added by ecore_event_handler_add(). On failure NULL will be
* returned. Once a handler is deleted it will no longer be called.
*/
-EAPI void *
-ecore_event_handler_del(Ecore_Event_Handler *event_handler)
+EAPI void *ecore_event_handler_del(Ecore_Event_Handler * event_handler)
{
- if (!ECORE_MAGIC_CHECK(event_handler, ECORE_MAGIC_EVENT_HANDLER))
- {
- ECORE_MAGIC_FAIL(event_handler, ECORE_MAGIC_EVENT_HANDLER,
- "ecore_event_handler_del");
- return NULL;
- }
- EINA_SAFETY_ON_TRUE_RETURN_VAL(event_handler->delete_me, NULL);
- event_handler->delete_me = 1;
- event_handlers_delete_list = eina_list_append(event_handlers_delete_list, event_handler);
- return event_handler->data;
+ if (!ECORE_MAGIC_CHECK(event_handler, ECORE_MAGIC_EVENT_HANDLER)) {
+ ECORE_MAGIC_FAIL(event_handler, ECORE_MAGIC_EVENT_HANDLER,
+ "ecore_event_handler_del");
+ return NULL;
+ }
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(event_handler->delete_me, NULL);
+ event_handler->delete_me = 1;
+ event_handlers_delete_list =
+ eina_list_append(event_handlers_delete_list, event_handler);
+ return event_handler->data;
}
-static void
-_ecore_event_generic_free (void *data __UNUSED__, void *event)
+static void _ecore_event_generic_free(void *data __UNUSED__, void *event)
{
- free (event);
+ free(event);
}
/**
@@ -182,14 +186,17 @@ _ecore_event_generic_free (void *data __UNUSED__, void *event)
* with the private structure pointer.
* func_free is passed @p data as its data parameter.
*/
-EAPI Ecore_Event *
-ecore_event_add(int type, void *ev, Ecore_End_Cb func_free, void *data)
+EAPI Ecore_Event *ecore_event_add(int type, void *ev,
+ Ecore_End_Cb func_free, void *data)
{
/* if (!ev) return NULL;*/
- if (type <= ECORE_EVENT_NONE) return NULL;
- if (type >= event_id_max) return NULL;
- if ((ev) && (!func_free)) func_free = _ecore_event_generic_free;
- return _ecore_event_add(type, ev, func_free, data);
+ if (type <= ECORE_EVENT_NONE)
+ return NULL;
+ if (type >= event_id_max)
+ return NULL;
+ if ((ev) && (!func_free))
+ func_free = _ecore_event_generic_free;
+ return _ecore_event_add(type, ev, func_free, data);
}
/**
@@ -203,17 +210,16 @@ ecore_event_add(int type, void *ev, Ecore_End_Cb func_free, void *data)
* cleanup, and so if the free function depends on the data pointer to work,
* you should defer cleaning of this till the free function is called later.
*/
-EAPI void *
-ecore_event_del(Ecore_Event *event)
+EAPI void *ecore_event_del(Ecore_Event * event)
{
- if (!ECORE_MAGIC_CHECK(event, ECORE_MAGIC_EVENT))
- {
- ECORE_MAGIC_FAIL(event, ECORE_MAGIC_EVENT, "ecore_event_del");
- return NULL;
- }
- EINA_SAFETY_ON_TRUE_RETURN_VAL(event->delete_me, NULL);
- event->delete_me = 1;
- return event->data;
+ if (!ECORE_MAGIC_CHECK(event, ECORE_MAGIC_EVENT)) {
+ ECORE_MAGIC_FAIL(event, ECORE_MAGIC_EVENT,
+ "ecore_event_del");
+ return NULL;
+ }
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(event->delete_me, NULL);
+ event->delete_me = 1;
+ return event->data;
}
/**
@@ -226,11 +232,10 @@ ecore_event_del(Ecore_Event *event)
* it is calculated, except that the ID will be unique to the current instance
* of the process.
*/
-EAPI int
-ecore_event_type_new(void)
+EAPI int ecore_event_type_new(void)
{
- event_id_max++;
- return event_id_max - 1;
+ event_id_max++;
+ return event_id_max - 1;
}
/**
@@ -253,21 +258,29 @@ ecore_event_type_new(void)
* processing is finished @p func_end is called and is passed the loop_data
* and @p data pointer to clean up.
*/
-EAPI Ecore_Event_Filter *
-ecore_event_filter_add(Ecore_Data_Cb func_start, Ecore_Filter_Cb func_filter, Ecore_End_Cb func_end, const void *data)
+EAPI Ecore_Event_Filter *ecore_event_filter_add(Ecore_Data_Cb func_start,
+ Ecore_Filter_Cb
+ func_filter,
+ Ecore_End_Cb func_end,
+ const void *data)
{
- Ecore_Event_Filter *ef;
-
- if (!func_filter) return NULL;
- ef = calloc(1, sizeof(Ecore_Event_Filter));
- if (!ef) return NULL;
- ECORE_MAGIC_SET(ef, ECORE_MAGIC_EVENT_FILTER);
- ef->func_start = func_start;
- ef->func_filter = func_filter;
- ef->func_end = func_end;
- ef->data = (void *)data;
- event_filters = (Ecore_Event_Filter *) eina_inlist_append(EINA_INLIST_GET(event_filters), EINA_INLIST_GET(ef));
- return ef;
+ Ecore_Event_Filter *ef;
+
+ if (!func_filter)
+ return NULL;
+ ef = calloc(1, sizeof(Ecore_Event_Filter));
+ if (!ef)
+ return NULL;
+ ECORE_MAGIC_SET(ef, ECORE_MAGIC_EVENT_FILTER);
+ ef->func_start = func_start;
+ ef->func_filter = func_filter;
+ ef->func_end = func_end;
+ ef->data = (void *) data;
+ event_filters =
+ (Ecore_Event_Filter *)
+ eina_inlist_append(EINA_INLIST_GET(event_filters),
+ EINA_INLIST_GET(ef));
+ return ef;
}
/**
@@ -279,18 +292,17 @@ ecore_event_filter_add(Ecore_Data_Cb func_start, Ecore_Filter_Cb func_filter, Ec
* will return the data pointer set when this filter was added. On failure
* NULL is returned.
*/
-EAPI void *
-ecore_event_filter_del(Ecore_Event_Filter *ef)
+EAPI void *ecore_event_filter_del(Ecore_Event_Filter * ef)
{
- if (!ECORE_MAGIC_CHECK(ef, ECORE_MAGIC_EVENT_FILTER))
- {
- ECORE_MAGIC_FAIL(ef, ECORE_MAGIC_EVENT_FILTER, "ecore_event_filter_del");
- return NULL;
- }
- EINA_SAFETY_ON_TRUE_RETURN_VAL(ef->delete_me, NULL);
- ef->delete_me = 1;
- event_filters_delete_me = 1;
- return ef->data;
+ if (!ECORE_MAGIC_CHECK(ef, ECORE_MAGIC_EVENT_FILTER)) {
+ ECORE_MAGIC_FAIL(ef, ECORE_MAGIC_EVENT_FILTER,
+ "ecore_event_filter_del");
+ return NULL;
+ }
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(ef->delete_me, NULL);
+ ef->delete_me = 1;
+ event_filters_delete_me = 1;
+ return ef->data;
}
/**
@@ -307,10 +319,9 @@ ecore_event_filter_del(Ecore_Event_Filter *ef)
* the program know if the event type being handled is one it wants to get more
* information about.
*/
-EAPI int
-ecore_event_current_type_get(void)
+EAPI int ecore_event_current_type_get(void)
{
- return ecore_raw_event_type;
+ return ecore_raw_event_type;
}
/**
@@ -327,333 +338,359 @@ ecore_event_current_type_get(void)
* the program access the event data if the type of the event is handled by
* the program.
*/
-EAPI void *
-ecore_event_current_event_get(void)
+EAPI void *ecore_event_current_event_get(void)
{
- return ecore_raw_event_event;
+ return ecore_raw_event_event;
}
-void
-_ecore_event_shutdown(void)
+void _ecore_event_shutdown(void)
{
- int i;
- Ecore_Event_Handler *eh;
- Ecore_Event_Filter *ef;
-
- while (events) _ecore_event_del(events);
- event_current = NULL;
- for (i = 0; i < event_handlers_num; i++)
- {
- while ((eh = event_handlers[i]))
- {
- event_handlers[i] = (Ecore_Event_Handler *) eina_inlist_remove(EINA_INLIST_GET(event_handlers[i]), EINA_INLIST_GET(event_handlers[i]));
- ECORE_MAGIC_SET(eh, ECORE_MAGIC_NONE);
- if (!eh->delete_me) free(eh);
- }
- }
- EINA_LIST_FREE(event_handlers_delete_list, eh)
- free(eh);
- if (event_handlers) free(event_handlers);
- event_handlers = NULL;
- event_handlers_num = 0;
- event_handlers_alloc_num = 0;
- while ((ef = event_filters))
- {
- event_filters = (Ecore_Event_Filter *) eina_inlist_remove(EINA_INLIST_GET(event_filters), EINA_INLIST_GET(event_filters));
- ECORE_MAGIC_SET(ef, ECORE_MAGIC_NONE);
- free(ef);
- }
- event_filters_delete_me = 0;
- event_filter_current = NULL;
- event_filter_event_current = NULL;
+ int i;
+ Ecore_Event_Handler *eh;
+ Ecore_Event_Filter *ef;
+
+ while (events)
+ _ecore_event_del(events);
+ event_current = NULL;
+ for (i = 0; i < event_handlers_num; i++) {
+ while ((eh = event_handlers[i])) {
+ event_handlers[i] =
+ (Ecore_Event_Handler *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (event_handlers[i]),
+ EINA_INLIST_GET
+ (event_handlers[i]));
+ ECORE_MAGIC_SET(eh, ECORE_MAGIC_NONE);
+ if (!eh->delete_me)
+ free(eh);
+ }
+ }
+ EINA_LIST_FREE(event_handlers_delete_list, eh)
+ free(eh);
+ if (event_handlers)
+ free(event_handlers);
+ event_handlers = NULL;
+ event_handlers_num = 0;
+ event_handlers_alloc_num = 0;
+ while ((ef = event_filters)) {
+ event_filters =
+ (Ecore_Event_Filter *)
+ eina_inlist_remove(EINA_INLIST_GET(event_filters),
+ EINA_INLIST_GET(event_filters));
+ ECORE_MAGIC_SET(ef, ECORE_MAGIC_NONE);
+ free(ef);
+ }
+ event_filters_delete_me = 0;
+ event_filter_current = NULL;
+ event_filter_event_current = NULL;
}
-int
-_ecore_event_exist(void)
+int _ecore_event_exist(void)
{
- Ecore_Event *e;
- EINA_INLIST_FOREACH(events, e)
- if (!e->delete_me) return 1;
- return 0;
+ Ecore_Event *e;
+ EINA_INLIST_FOREACH(events, e)
+ if (!e->delete_me)
+ return 1;
+ return 0;
}
-Ecore_Event *
-_ecore_event_add(int type, void *ev, Ecore_End_Cb func_free, void *data)
+Ecore_Event *_ecore_event_add(int type, void *ev, Ecore_End_Cb func_free,
+ void *data)
{
- Ecore_Event *e;
-
- e = calloc(1, sizeof(Ecore_Event));
- if (!e) return NULL;
- ECORE_MAGIC_SET(e, ECORE_MAGIC_EVENT);
- e->type = type;
- e->event = ev;
- e->func_free = func_free;
- e->data = data;
- if (inpurge > 0)
- {
- purge_events = (Ecore_Event *)eina_inlist_append(EINA_INLIST_GET(purge_events), EINA_INLIST_GET(e));
- events_num++;
- }
- else
- {
- events = (Ecore_Event *)eina_inlist_append(EINA_INLIST_GET(events), EINA_INLIST_GET(e));
- events_num++;
- }
- return e;
+ Ecore_Event *e;
+
+ e = calloc(1, sizeof(Ecore_Event));
+ if (!e)
+ return NULL;
+ ECORE_MAGIC_SET(e, ECORE_MAGIC_EVENT);
+ e->type = type;
+ e->event = ev;
+ e->func_free = func_free;
+ e->data = data;
+ if (inpurge > 0) {
+ purge_events =
+ (Ecore_Event *)
+ eina_inlist_append(EINA_INLIST_GET(purge_events),
+ EINA_INLIST_GET(e));
+ events_num++;
+ } else {
+ events =
+ (Ecore_Event *)
+ eina_inlist_append(EINA_INLIST_GET(events),
+ EINA_INLIST_GET(e));
+ events_num++;
+ }
+ return e;
}
-void *
-_ecore_event_del(Ecore_Event *event)
+void *_ecore_event_del(Ecore_Event * event)
{
- void *data;
-
- data = event->data;
- if (event->func_free) event->func_free(event->data, event->event);
- events = (Ecore_Event *) eina_inlist_remove(EINA_INLIST_GET(events), EINA_INLIST_GET(event));
- ECORE_MAGIC_SET(event, ECORE_MAGIC_NONE);
- free(event);
- events_num--;
- return data;
+ void *data;
+
+ data = event->data;
+ if (event->func_free)
+ event->func_free(event->data, event->event);
+ events =
+ (Ecore_Event *) eina_inlist_remove(EINA_INLIST_GET(events),
+ EINA_INLIST_GET(event));
+ ECORE_MAGIC_SET(event, ECORE_MAGIC_NONE);
+ free(event);
+ events_num--;
+ return data;
}
-static void
-_ecore_event_purge_deleted(void)
+static void _ecore_event_purge_deleted(void)
{
- Ecore_Event *itr = events;
-
- inpurge++;
- while (itr)
- {
- Ecore_Event *next = (Ecore_Event *)EINA_INLIST_GET(itr)->next;
- if ((!itr->references) && (itr->delete_me))
- _ecore_event_del(itr);
- itr = next;
- }
- inpurge--;
- while (purge_events)
- {
- Ecore_Event *e = purge_events;
- purge_events = (Ecore_Event *)eina_inlist_remove(EINA_INLIST_GET(purge_events), EINA_INLIST_GET(purge_events));
- events = (Ecore_Event *)eina_inlist_append(EINA_INLIST_GET(events), EINA_INLIST_GET(e));
- }
+ Ecore_Event *itr = events;
+
+ inpurge++;
+ while (itr) {
+ Ecore_Event *next =
+ (Ecore_Event *) EINA_INLIST_GET(itr)->next;
+ if ((!itr->references) && (itr->delete_me))
+ _ecore_event_del(itr);
+ itr = next;
+ }
+ inpurge--;
+ while (purge_events) {
+ Ecore_Event *e = purge_events;
+ purge_events =
+ (Ecore_Event *)
+ eina_inlist_remove(EINA_INLIST_GET(purge_events),
+ EINA_INLIST_GET(purge_events));
+ events =
+ (Ecore_Event *)
+ eina_inlist_append(EINA_INLIST_GET(events),
+ EINA_INLIST_GET(e));
+ }
}
-static inline void
-_ecore_event_filters_apply()
+static inline void _ecore_event_filters_apply()
{
- if (!event_filter_current)
- {
- /* regular main loop, start from head */
- event_filter_current = event_filters;
- }
- else
- {
- /* recursive main loop, continue from where we were */
- event_filter_current = (Ecore_Event_Filter *)EINA_INLIST_GET(event_filter_current)->next;
- }
-
- while (event_filter_current)
- {
- Ecore_Event_Filter *ef = event_filter_current;
-
- if (!ef->delete_me)
- {
- ef->references++;
-
- if (ef->func_start)
- ef->loop_data = ef->func_start(ef->data);
-
- if (!event_filter_event_current)
- {
- /* regular main loop, start from head */
- event_filter_event_current = events;
- }
- else
- {
- /* recursive main loop, continue from where we were */
- event_filter_event_current = (Ecore_Event *)EINA_INLIST_GET(event_filter_event_current)->next;
- }
-
- while (event_filter_event_current)
- {
- Ecore_Event *e = event_filter_event_current;
-
- if (!ef->func_filter(ef->data, ef->loop_data,
- e->type, e->event))
- {
- ecore_event_del(e);
- }
-
- if (event_filter_event_current) /* may have changed in recursive main loops */
- event_filter_event_current = (Ecore_Event *)EINA_INLIST_GET(event_filter_event_current)->next;
- }
- if (ef->func_end)
- ef->func_end(ef->data, ef->loop_data);
-
- ef->references--;
- }
-
- if (event_filter_current) /* may have changed in recursive main loops */
- event_filter_current = (Ecore_Event_Filter *)EINA_INLIST_GET(event_filter_current)->next;
- }
- if (event_filters_delete_me)
- {
- int deleted_in_use = 0;
- Ecore_Event_Filter *l;
- for (l = event_filters; l;)
- {
- Ecore_Event_Filter *ef = l;
- l = (Ecore_Event_Filter *) EINA_INLIST_GET(l)->next;
- if (ef->delete_me)
- {
- if (ef->references)
- {
- deleted_in_use++;
- continue;
- }
-
- event_filters = (Ecore_Event_Filter *) eina_inlist_remove(EINA_INLIST_GET(event_filters), EINA_INLIST_GET(ef));
- ECORE_MAGIC_SET(ef, ECORE_MAGIC_NONE);
- free(ef);
- }
- }
- if (!deleted_in_use)
- event_filters_delete_me = 0;
- }
+ if (!event_filter_current) {
+ /* regular main loop, start from head */
+ event_filter_current = event_filters;
+ } else {
+ /* recursive main loop, continue from where we were */
+ event_filter_current =
+ (Ecore_Event_Filter *)
+ EINA_INLIST_GET(event_filter_current)->next;
+ }
+
+ while (event_filter_current) {
+ Ecore_Event_Filter *ef = event_filter_current;
+
+ if (!ef->delete_me) {
+ ef->references++;
+
+ if (ef->func_start)
+ ef->loop_data = ef->func_start(ef->data);
+
+ if (!event_filter_event_current) {
+ /* regular main loop, start from head */
+ event_filter_event_current = events;
+ } else {
+ /* recursive main loop, continue from where we were */
+ event_filter_event_current =
+ (Ecore_Event *)
+ EINA_INLIST_GET
+ (event_filter_event_current)->next;
+ }
+
+ while (event_filter_event_current) {
+ Ecore_Event *e =
+ event_filter_event_current;
+
+ if (!ef->
+ func_filter(ef->data, ef->loop_data,
+ e->type, e->event)) {
+ ecore_event_del(e);
+ }
+
+ if (event_filter_event_current) /* may have changed in recursive main loops */
+ event_filter_event_current =
+ (Ecore_Event *)
+ EINA_INLIST_GET
+ (event_filter_event_current)->
+ next;
+ }
+ if (ef->func_end)
+ ef->func_end(ef->data, ef->loop_data);
+
+ ef->references--;
+ }
+
+ if (event_filter_current) /* may have changed in recursive main loops */
+ event_filter_current =
+ (Ecore_Event_Filter *)
+ EINA_INLIST_GET(event_filter_current)->next;
+ }
+ if (event_filters_delete_me) {
+ int deleted_in_use = 0;
+ Ecore_Event_Filter *l;
+ for (l = event_filters; l;) {
+ Ecore_Event_Filter *ef = l;
+ l = (Ecore_Event_Filter *) EINA_INLIST_GET(l)->
+ next;
+ if (ef->delete_me) {
+ if (ef->references) {
+ deleted_in_use++;
+ continue;
+ }
+
+ event_filters =
+ (Ecore_Event_Filter *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (event_filters),
+ EINA_INLIST_GET
+ (ef));
+ ECORE_MAGIC_SET(ef, ECORE_MAGIC_NONE);
+ free(ef);
+ }
+ }
+ if (!deleted_in_use)
+ event_filters_delete_me = 0;
+ }
}
-void
-_ecore_event_call(void)
+
+void _ecore_event_call(void)
{
- Eina_List *l, *l_next;
- Ecore_Event_Handler *eh;
-
- _ecore_event_filters_apply();
-
- if (!event_current)
- {
- /* regular main loop, start from head */
- event_current = events;
- event_handler_current = NULL;
- }
-
- while (event_current)
- {
- Ecore_Event *e = event_current;
- int handle_count = 0;
-
- if (e->delete_me)
- {
- event_current = (Ecore_Event *)EINA_INLIST_GET(event_current)->next;
- continue;
- }
-
- ecore_raw_event_type = e->type;
- ecore_raw_event_event = e->event;
- e->references++;
- if ((e->type >= 0) && (e->type < event_handlers_num))
- {
- if (!event_handler_current)
- {
- /* regular main loop, start from head */
- event_handler_current = event_handlers[e->type];
- }
- else
- {
- /* recursive main loop, continue from where we were */
- event_handler_current = (Ecore_Event_Handler *)EINA_INLIST_GET(event_handler_current)->next;
- }
-
- while ((event_handler_current) && (!e->delete_me))
- {
- Ecore_Event_Handler *eh = event_handler_current;
- if (!eh->delete_me)
- {
- Eina_Bool ret;
-
- handle_count++;
-
- eh->references++;
- ret = eh->func(eh->data, e->type, e->event);
- eh->references--;
-
- if (!ret)
- {
- event_handler_current = NULL;
- break; /* 0 == "call no further handlers" */
- }
- }
-
- if (event_handler_current) /* may have changed in recursive main loops */
- event_handler_current = (Ecore_Event_Handler *)EINA_INLIST_GET(event_handler_current)->next;
- }
- }
- /* if no handlers were set for EXIT signal - then default is */
- /* to quit the main loop */
- if ((e->type == ECORE_EVENT_SIGNAL_EXIT) && (handle_count == 0))
- ecore_main_loop_quit();
- e->references--;
- e->delete_me = 1;
-
- if (event_current) /* may have changed in recursive main loops */
- event_current = (Ecore_Event *)EINA_INLIST_GET(event_current)->next;
- }
-
- ecore_raw_event_type = ECORE_EVENT_NONE;
- ecore_raw_event_event = NULL;
-
- _ecore_event_purge_deleted();
-
- EINA_LIST_FOREACH_SAFE(event_handlers_delete_list, l, l_next, eh)
- {
- if (eh->references) continue;
-
- event_handlers_delete_list = eina_list_remove_list(event_handlers_delete_list, l);
-
- event_handlers[eh->type] = (Ecore_Event_Handler *) eina_inlist_remove(EINA_INLIST_GET(event_handlers[eh->type]), EINA_INLIST_GET(eh));
- ECORE_MAGIC_SET(eh, ECORE_MAGIC_NONE);
- free(eh);
- }
+ Eina_List *l, *l_next;
+ Ecore_Event_Handler *eh;
+
+ _ecore_event_filters_apply();
+
+ if (!event_current) {
+ /* regular main loop, start from head */
+ event_current = events;
+ event_handler_current = NULL;
+ }
+
+ while (event_current) {
+ Ecore_Event *e = event_current;
+ int handle_count = 0;
+
+ if (e->delete_me) {
+ event_current =
+ (Ecore_Event *)
+ EINA_INLIST_GET(event_current)->next;
+ continue;
+ }
+
+ ecore_raw_event_type = e->type;
+ ecore_raw_event_event = e->event;
+ e->references++;
+ if ((e->type >= 0) && (e->type < event_handlers_num)) {
+ if (!event_handler_current) {
+ /* regular main loop, start from head */
+ event_handler_current =
+ event_handlers[e->type];
+ } else {
+ /* recursive main loop, continue from where we were */
+ event_handler_current =
+ (Ecore_Event_Handler *)
+ EINA_INLIST_GET
+ (event_handler_current)->next;
+ }
+
+ while ((event_handler_current) && (!e->delete_me)) {
+ Ecore_Event_Handler *eh =
+ event_handler_current;
+ if (!eh->delete_me) {
+ Eina_Bool ret;
+
+ handle_count++;
+
+ eh->references++;
+ ret =
+ eh->func(eh->data, e->type,
+ e->event);
+ eh->references--;
+
+ if (!ret) {
+ event_handler_current =
+ NULL;
+ break; /* 0 == "call no further handlers" */
+ }
+ }
+
+ if (event_handler_current) /* may have changed in recursive main loops */
+ event_handler_current =
+ (Ecore_Event_Handler *)
+ EINA_INLIST_GET
+ (event_handler_current)->next;
+ }
+ }
+ /* if no handlers were set for EXIT signal - then default is */
+ /* to quit the main loop */
+ if ((e->type == ECORE_EVENT_SIGNAL_EXIT)
+ && (handle_count == 0))
+ ecore_main_loop_quit();
+ e->references--;
+ e->delete_me = 1;
+
+ if (event_current) /* may have changed in recursive main loops */
+ event_current =
+ (Ecore_Event *)
+ EINA_INLIST_GET(event_current)->next;
+ }
+
+ ecore_raw_event_type = ECORE_EVENT_NONE;
+ ecore_raw_event_event = NULL;
+
+ _ecore_event_purge_deleted();
+
+ EINA_LIST_FOREACH_SAFE(event_handlers_delete_list, l, l_next, eh) {
+ if (eh->references)
+ continue;
+
+ event_handlers_delete_list =
+ eina_list_remove_list(event_handlers_delete_list, l);
+
+ event_handlers[eh->type] =
+ (Ecore_Event_Handler *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (event_handlers[eh->type]),
+ EINA_INLIST_GET(eh));
+ ECORE_MAGIC_SET(eh, ECORE_MAGIC_NONE);
+ free(eh);
+ }
}
-EAPI void *
-_ecore_event_signal_user_new(void)
+EAPI void *_ecore_event_signal_user_new(void)
{
- Ecore_Event_Signal_User *e;
+ Ecore_Event_Signal_User *e;
- e = calloc(1, sizeof(Ecore_Event_Signal_User));
- return e;
+ e = calloc(1, sizeof(Ecore_Event_Signal_User));
+ return e;
}
-void *
-_ecore_event_signal_hup_new(void)
+void *_ecore_event_signal_hup_new(void)
{
- Ecore_Event_Signal_Hup *e;
+ Ecore_Event_Signal_Hup *e;
- e = calloc(1, sizeof(Ecore_Event_Signal_Hup));
- return e;
+ e = calloc(1, sizeof(Ecore_Event_Signal_Hup));
+ return e;
}
-void *
-_ecore_event_signal_exit_new(void)
+void *_ecore_event_signal_exit_new(void)
{
- Ecore_Event_Signal_Exit *e;
+ Ecore_Event_Signal_Exit *e;
- e = calloc(1, sizeof(Ecore_Event_Signal_Exit));
- return e;
+ e = calloc(1, sizeof(Ecore_Event_Signal_Exit));
+ return e;
}
-void *
-_ecore_event_signal_power_new(void)
+void *_ecore_event_signal_power_new(void)
{
- Ecore_Event_Signal_Power *e;
+ Ecore_Event_Signal_Power *e;
- e = calloc(1, sizeof(Ecore_Event_Signal_Power));
- return e;
+ e = calloc(1, sizeof(Ecore_Event_Signal_Power));
+ return e;
}
-void *
-_ecore_event_signal_realtime_new(void)
+void *_ecore_event_signal_realtime_new(void)
{
- return calloc(1, sizeof(Ecore_Event_Signal_Realtime));
+ return calloc(1, sizeof(Ecore_Event_Signal_Realtime));
}
diff --git a/tests/suite/ecore/src/lib/ecore_exe.c b/tests/suite/ecore/src/lib/ecore_exe.c
index e83dfe9c91..883243a923 100644
--- a/tests/suite/ecore/src/lib/ecore_exe.c
+++ b/tests/suite/ecore/src/lib/ecore_exe.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <sys/time.h>
@@ -14,7 +14,7 @@
#include <fcntl.h>
#ifdef HAVE_SYS_WAIT_H
-# include <sys/wait.h>
+#include <sys/wait.h>
#endif
#include "Ecore.h"
@@ -82,40 +82,39 @@
* hurt. The user code may need to be informed that a timeout is in progress.
*/
-struct _Ecore_Exe
-{
- EINA_INLIST;
- ECORE_MAGIC;
- pid_t pid;
- void *data;
- char *tag, *cmd;
- Ecore_Exe_Flags flags;
- Ecore_Fd_Handler *write_fd_handler; /* the fd_handler to handle write to child - if this was used, or NULL if not */
- Ecore_Fd_Handler *read_fd_handler; /* the fd_handler to handle read from child - if this was used, or NULL if not */
- Ecore_Fd_Handler *error_fd_handler; /* the fd_handler to handle errors from child - if this was used, or NULL if not */
- void *write_data_buf; /* a data buffer for data to write to the child -
- * realloced as needed for more data and flushed when the fd handler says writes are possible
- */
- int write_data_size; /* the size in bytes of the data buffer */
- int write_data_offset; /* the offset in bytes in the data buffer */
- void *read_data_buf; /* data read from the child awating delivery to an event */
- int read_data_size; /* data read from child in bytes */
- void *error_data_buf; /* errors read from the child awating delivery to an event */
- int error_data_size; /* errors read from child in bytes */
- int child_fd_write; /* fd to write TO to send data to the child */
- int child_fd_read; /* fd to read FROM when child has sent us (the parent) data */
- int child_fd_error; /* fd to read FROM when child has sent us (the parent) errors */
- int child_fd_write_x; /* fd to write TO to send data to the child */
- int child_fd_read_x; /* fd to read FROM when child has sent us (the parent) data */
- int child_fd_error_x; /* fd to read FROM when child has sent us (the parent) errors */
- Eina_Bool close_stdin : 1;
-
- int start_bytes, end_bytes, start_lines, end_lines; /* Number of bytes/lines to auto pipe at start/end of stdout/stderr. */
-
- Ecore_Timer *doomsday_clock; /* The Timer of Death. Muahahahaha. */
- void *doomsday_clock_dead; /* data for the doomsday clock */
-
- Ecore_Exe_Cb pre_free_cb;
+struct _Ecore_Exe {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ pid_t pid;
+ void *data;
+ char *tag, *cmd;
+ Ecore_Exe_Flags flags;
+ Ecore_Fd_Handler *write_fd_handler; /* the fd_handler to handle write to child - if this was used, or NULL if not */
+ Ecore_Fd_Handler *read_fd_handler; /* the fd_handler to handle read from child - if this was used, or NULL if not */
+ Ecore_Fd_Handler *error_fd_handler; /* the fd_handler to handle errors from child - if this was used, or NULL if not */
+ void *write_data_buf; /* a data buffer for data to write to the child -
+ * realloced as needed for more data and flushed when the fd handler says writes are possible
+ */
+ int write_data_size; /* the size in bytes of the data buffer */
+ int write_data_offset; /* the offset in bytes in the data buffer */
+ void *read_data_buf; /* data read from the child awating delivery to an event */
+ int read_data_size; /* data read from child in bytes */
+ void *error_data_buf; /* errors read from the child awating delivery to an event */
+ int error_data_size; /* errors read from child in bytes */
+ int child_fd_write; /* fd to write TO to send data to the child */
+ int child_fd_read; /* fd to read FROM when child has sent us (the parent) data */
+ int child_fd_error; /* fd to read FROM when child has sent us (the parent) errors */
+ int child_fd_write_x; /* fd to write TO to send data to the child */
+ int child_fd_read_x; /* fd to read FROM when child has sent us (the parent) data */
+ int child_fd_error_x; /* fd to read FROM when child has sent us (the parent) errors */
+ Eina_Bool close_stdin:1;
+
+ int start_bytes, end_bytes, start_lines, end_lines; /* Number of bytes/lines to auto pipe at start/end of stdout/stderr. */
+
+ Ecore_Timer *doomsday_clock; /* The Timer of Death. Muahahahaha. */
+ void *doomsday_clock_dead; /* data for the doomsday clock */
+
+ Ecore_Exe_Cb pre_free_cb;
};
@@ -131,25 +130,35 @@ struct _Ecore_Exe
* appended with a preceding space. The first is the command off course.
*/
-struct _ecore_exe_dead_exe
-{
- pid_t pid;
- char *cmd;
+struct _ecore_exe_dead_exe {
+ pid_t pid;
+ char *cmd;
};
-static inline void _ecore_exe_exec_it(const char *exe_cmd, Ecore_Exe_Flags flags);
-static Eina_Bool _ecore_exe_data_generic_handler(void *data, Ecore_Fd_Handler *fd_handler, Ecore_Exe_Flags flags);
-static Eina_Bool _ecore_exe_data_error_handler(void *data, Ecore_Fd_Handler *fd_handler);
-static Eina_Bool _ecore_exe_data_read_handler(void *data, Ecore_Fd_Handler *fd_handler);
-static Eina_Bool _ecore_exe_data_write_handler(void *data, Ecore_Fd_Handler *fd_handler);
+static inline void _ecore_exe_exec_it(const char *exe_cmd,
+ Ecore_Exe_Flags flags);
+static Eina_Bool _ecore_exe_data_generic_handler(void *data,
+ Ecore_Fd_Handler *
+ fd_handler,
+ Ecore_Exe_Flags flags);
+static Eina_Bool _ecore_exe_data_error_handler(void *data,
+ Ecore_Fd_Handler *
+ fd_handler);
+static Eina_Bool _ecore_exe_data_read_handler(void *data,
+ Ecore_Fd_Handler *
+ fd_handler);
+static Eina_Bool _ecore_exe_data_write_handler(void *data,
+ Ecore_Fd_Handler *
+ fd_handler);
static void _ecore_exe_flush(Ecore_Exe * exe);
-static void _ecore_exe_event_exe_data_free(void *data __UNUSED__, void *ev);
+static void _ecore_exe_event_exe_data_free(void *data __UNUSED__,
+ void *ev);
static Ecore_Exe *_ecore_exe_is_it_alive(pid_t pid);
static Eina_Bool _ecore_exe_make_sure_its_dead(void *data);
static Eina_Bool _ecore_exe_make_sure_its_really_dead(void *data);
static Ecore_Exe_Event_Add *_ecore_exe_event_add_new(void);
static void _ecore_exe_event_add_free(void *data, void *ev);
-static void _ecore_exe_dead_attach(Ecore_Exe *exe);
+static void _ecore_exe_dead_attach(Ecore_Exe * exe);
EAPI int ECORE_EXE_EVENT_ADD = 0;
EAPI int ECORE_EXE_EVENT_DEL = 0;
@@ -174,14 +183,12 @@ static int _ecore_exe_check_errno(int result, const char *file, int line);
#define E_IF_NO_ERRNO_NOLOOP(result, foo, ok) \
if (((ok) = _ecore_exe_check_errno( (result) = (foo), __FILE__, __LINE__)))
-static int
-_ecore_exe_check_errno(int result, const char *file, int line)
+static int _ecore_exe_check_errno(int result, const char *file, int line)
{
- int saved_errno = errno;
+ int saved_errno = errno;
- if (result == -1)
- {
- perror("*** errno reports ");
+ if (result == -1) {
+ perror("*** errno reports ");
/* What is currently supported -
*
* pipe
@@ -237,64 +244,65 @@ _ecore_exe_check_errno(int result, const char *file, int line)
* // Something failed, cleanup.
* }
*/
- switch (saved_errno)
- {
- case EACCES:
- case EAGAIN:
- case EINTR:
- { /* Not now, try later. */
- ERR("*** Must try again in %s @%u.", file, line);
- result = -1;
- break;
- }
- case EMFILE:
- case ENFILE:
- case ENOLCK:
- { /* Low on resources. */
- ERR("*** Low on resources in %s @%u.", file,
- line);
- result = 0;
- break;
- }
- case EIO:
- { /* I/O error. */
- ERR("*** I/O error in %s @%u.", file, line);
- result = 0;
- break;
- }
- case EFAULT:
- case EBADF:
- case EINVAL:
- case EROFS:
- case EISDIR:
- case EDEADLK:
- case EPERM:
- case EBUSY:
- { /* Programmer fucked up. */
- ERR("*** NAUGHTY PROGRAMMER!!!\n"
- "*** SPANK SPANK SPANK!!!\n"
- "*** Now go fix your code in %s @%u. Tut tut tut!",
- file, line);
- result = 0;
- break;
- }
- default:
- { /* Unsupported errno code, please add this one. */
- ERR("*** NAUGHTY PROGRAMMER!!!\n"
- "*** SPANK SPANK SPANK!!!\n"
- "*** Unsupported errno code %d, please add this one.\n"
- "*** Now go fix your code in %s @%u, from %s @%u. Tut tut tut!",
- saved_errno, __FILE__, __LINE__, file, line);
- result = 0;
- break;
- }
- }
- }
- else /* Everything is fine. */
- result = 1;
-
- errno = saved_errno;
- return result;
+ switch (saved_errno) {
+ case EACCES:
+ case EAGAIN:
+ case EINTR:
+ { /* Not now, try later. */
+ ERR("*** Must try again in %s @%u.", file,
+ line);
+ result = -1;
+ break;
+ }
+ case EMFILE:
+ case ENFILE:
+ case ENOLCK:
+ { /* Low on resources. */
+ ERR("*** Low on resources in %s @%u.",
+ file, line);
+ result = 0;
+ break;
+ }
+ case EIO:
+ { /* I/O error. */
+ ERR("*** I/O error in %s @%u.", file,
+ line);
+ result = 0;
+ break;
+ }
+ case EFAULT:
+ case EBADF:
+ case EINVAL:
+ case EROFS:
+ case EISDIR:
+ case EDEADLK:
+ case EPERM:
+ case EBUSY:
+ { /* Programmer fucked up. */
+ ERR("*** NAUGHTY PROGRAMMER!!!\n"
+ "*** SPANK SPANK SPANK!!!\n"
+ "*** Now go fix your code in %s @%u. Tut tut tut!",
+ file, line);
+ result = 0;
+ break;
+ }
+ default:
+ { /* Unsupported errno code, please add this one. */
+ ERR("*** NAUGHTY PROGRAMMER!!!\n"
+ "*** SPANK SPANK SPANK!!!\n"
+ "*** Unsupported errno code %d, please add this one.\n"
+ "*** Now go fix your code in %s @%u, from %s @%u. Tut tut tut!",
+ saved_errno, __FILE__, __LINE__, file,
+ line);
+ result = 0;
+ break;
+ }
+ }
+ } else /* Everything is fine. */
+ result = 1;
+
+ errno = saved_errno;
+ return result;
}
/**
@@ -322,10 +330,9 @@ static int run_pri = ECORE_EXE_PRIORITY_INHERIT;
* to 19 or ECORE_EXE_PRIORITY_INHERIT on other OS.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI void
-ecore_exe_run_priority_set(int pri)
+EAPI void ecore_exe_run_priority_set(int pri)
{
- run_pri = pri;
+ run_pri = pri;
}
/**
@@ -338,10 +345,9 @@ ecore_exe_run_priority_set(int pri)
* @return the value set by ecore_exe_run_priority_set()
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI int
-ecore_exe_run_priority_get(void)
+EAPI int ecore_exe_run_priority_get(void)
{
- return run_pri;
+ return run_pri;
}
/**
@@ -354,37 +360,34 @@ ecore_exe_run_priority_get(void)
* @return A process handle to the spawned process.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI Ecore_Exe *
-ecore_exe_run(const char *exe_cmd, const void *data)
+EAPI Ecore_Exe *ecore_exe_run(const char *exe_cmd, const void *data)
{
/* I'm just being paranoid again, leaving in the original code in case there is a problem. */
#if 0
- Ecore_Exe *exe;
- pid_t pid;
-
- if (!exe_cmd)
- return NULL;
- pid = fork();
- if (pid)
- {
- exe = calloc(1, sizeof(Ecore_Exe));
- if (!exe)
- {
- kill(pid, SIGKILL);
- return NULL;
- }
- ECORE_MAGIC_SET(exe, ECORE_MAGIC_EXE);
- exe->pid = pid;
- exe->data = (void *)data;
- exe->cmd = strdup(exe_cmd);
- exes = _ecore_list2_append(exes, exe);
- return exe;
- }
- _ecore_exe_exec_it(exe_cmd, 0);
- exit(127);
- return NULL;
+ Ecore_Exe *exe;
+ pid_t pid;
+
+ if (!exe_cmd)
+ return NULL;
+ pid = fork();
+ if (pid) {
+ exe = calloc(1, sizeof(Ecore_Exe));
+ if (!exe) {
+ kill(pid, SIGKILL);
+ return NULL;
+ }
+ ECORE_MAGIC_SET(exe, ECORE_MAGIC_EXE);
+ exe->pid = pid;
+ exe->data = (void *) data;
+ exe->cmd = strdup(exe_cmd);
+ exes = _ecore_list2_append(exes, exe);
+ return exe;
+ }
+ _ecore_exe_exec_it(exe_cmd, 0);
+ exit(127);
+ return NULL;
#else
- return ecore_exe_pipe_run(exe_cmd, 0, data);
+ return ecore_exe_pipe_run(exe_cmd, 0, data);
#endif
}
@@ -414,282 +417,313 @@ ecore_exe_run(const char *exe_cmd, const void *data)
* @return A process handle to the spawned process.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI Ecore_Exe *
-ecore_exe_pipe_run(const char *exe_cmd, Ecore_Exe_Flags flags, const void *data)
+EAPI Ecore_Exe *ecore_exe_pipe_run(const char *exe_cmd,
+ Ecore_Exe_Flags flags, const void *data)
{
- Ecore_Exe *exe = NULL;
- int statusPipe[2] = { -1, -1 };
- int errorPipe[2] = { -1, -1 };
- int readPipe[2] = { -1, -1 };
- int writePipe[2] = { -1, -1 };
- int n = 0;
- int ok = 1;
- int result;
-
- if (!exe_cmd) return NULL;
- exe = calloc(1, sizeof(Ecore_Exe));
- if (!exe) return NULL;
-
- if ((flags & ECORE_EXE_PIPE_AUTO) && (!(flags & ECORE_EXE_PIPE_ERROR))
- && (!(flags & ECORE_EXE_PIPE_READ)))
- /* We need something to auto pipe. */
- flags |= ECORE_EXE_PIPE_READ | ECORE_EXE_PIPE_ERROR;
-
- exe->child_fd_error = -1;
- exe->child_fd_read = -1;
- exe->child_fd_write = -1;
- exe->child_fd_error_x = -1;
- exe->child_fd_read_x = -1;
- exe->child_fd_write_x = -1;
-
- /* Create some pipes. */
- if (ok)
- {
- E_IF_NO_ERRNO_NOLOOP(result, pipe(statusPipe), ok)
- {
- }
- }
- if (ok && (flags & ECORE_EXE_PIPE_ERROR))
- {
- E_IF_NO_ERRNO_NOLOOP(result, pipe(errorPipe), ok)
- {
- exe->child_fd_error = errorPipe[0];
- exe->child_fd_error_x = errorPipe[1];
- }
- }
- if (ok && (flags & ECORE_EXE_PIPE_READ))
- {
- E_IF_NO_ERRNO_NOLOOP(result, pipe(readPipe), ok)
- {
- exe->child_fd_read = readPipe[0];
- exe->child_fd_read_x = readPipe[1];
- }
- }
- if (ok && (flags & ECORE_EXE_PIPE_WRITE))
- {
- E_IF_NO_ERRNO_NOLOOP(result, pipe(writePipe), ok)
- {
- exe->child_fd_write = writePipe[1];
- exe->child_fd_write_x = writePipe[0];
- }
- }
- if (ok)
- {
- pid_t pid = 0;
- volatile int vfork_exec_errno = 0;
-
- /* FIXME: I should double check this. After a quick look around, this is already done, but via a more modern method. */
- /* signal(SIGPIPE, SIG_IGN); We only want EPIPE on errors */
- pid = fork();
-
- if (pid == -1)
- {
- ERR("Failed to fork process");
- pid = 0;
- }
- else if (pid == 0) /* child */
- {
- if (run_pri != ECORE_EXE_PRIORITY_INHERIT)
- {
- if ((run_pri >= -20) && (run_pri <= 19))
- setpriority(PRIO_PROCESS, 0, run_pri);
- }
- /* dup2 STDERR, STDIN, and STDOUT. dup2() allegedly closes the
- * second pipe if it's open. On the other hand, there was the
- * Great FD Leak Scare of '06, so let's be paranoid. */
- if (ok && (flags & ECORE_EXE_PIPE_ERROR))
- {
- E_NO_ERRNO(result, close(STDERR_FILENO), ok);
- E_NO_ERRNO(result, dup2(errorPipe[1], STDERR_FILENO), ok);
- }
- if (ok && (flags & ECORE_EXE_PIPE_READ))
- {
- E_NO_ERRNO(result, close(STDOUT_FILENO), ok);
- E_NO_ERRNO(result, dup2(readPipe[1], STDOUT_FILENO), ok);
- }
- if (ok && (flags & ECORE_EXE_PIPE_WRITE))
- {
- E_NO_ERRNO(result, close(STDIN_FILENO), ok);
- E_NO_ERRNO(result, dup2(writePipe[0], STDIN_FILENO), ok);
- }
-
- if (ok)
- {
- /* Setup the status pipe. */
- E_NO_ERRNO(result, close(statusPipe[0]), ok);
- E_IF_NO_ERRNO(result, fcntl(statusPipe[1], F_SETFD, FD_CLOEXEC), ok) /* close on exec shows success */
- {
- /* Run the actual command. */
- _ecore_exe_exec_it(exe_cmd, flags); /* no return */
- }
- }
-
- /* Something went 'orribly wrong. */
- vfork_exec_errno = errno;
-
- /* Close the pipes. */
- if (flags & ECORE_EXE_PIPE_ERROR)
- E_NO_ERRNO(result, close(errorPipe[1]), ok);
- if (flags & ECORE_EXE_PIPE_READ)
- E_NO_ERRNO(result, close(readPipe[1]), ok);
- if (flags & ECORE_EXE_PIPE_WRITE)
- E_NO_ERRNO(result, close(writePipe[0]), ok);
- E_NO_ERRNO(result, close(statusPipe[1]), ok);
-
- _exit(-1);
- }
- else /* parent */
- {
- /* Close the unused pipes. */
- E_NO_ERRNO(result, close(statusPipe[1]), ok);
-
- /* FIXME: after having a good look at the current e fd
- * handling, investigate fcntl(dataPipe[x], F_SETSIG, ...) */
- /* FIXME: above F_SETSIG etc. - this is async SIGIO based IO
- * which is also linux specific so we probably don't want to
- * do this as long as select() is working fine. the only time
- * we really want to think of SIGIO async IO is when it all
- * actually works basically everywhere and we can turn all
- * IO into DMA async activities (i.e. you do a read() then
- * the read is complete not on return but when you get a
- * SIGIO - the read() just starts the transfer and it is
- * completed in the background by DMA (or whatever mechanism
- * the kernel choses)) */
-
- /* Wait for it to start executing. */
- /* FIXME: this doesn't seem very nice - we sit and block
- * waiting on a child process... even though it's just
- * the segment between the fork() and the exec) it just feels
- * wrong */
- for (;;)
- {
- char buf;
-
- E_NO_ERRNO(result, read(statusPipe[0], &buf, 1), ok);
- if (result == 0)
- {
- if (vfork_exec_errno != 0)
- {
- n = vfork_exec_errno;
- ERR("Could not start \"%s\"", exe_cmd);
- pid = 0;
- }
- break;
- }
- }
-
- /* Close the status pipe. */
- E_NO_ERRNO(result, close(statusPipe[0]), ok);
- }
-
- if (pid)
- {
- /* Setup the exe structure. */
- ECORE_MAGIC_SET(exe, ECORE_MAGIC_EXE);
- exe->start_bytes = -1;
- exe->end_bytes = -1;
- exe->start_lines = -1;
- exe->end_lines = -1;
- exe->pid = pid;
- exe->flags = flags;
- exe->data = (void *)data;
- if ((exe->cmd = strdup(exe_cmd)))
- {
- if (flags & ECORE_EXE_PIPE_ERROR)
- { /* Setup the error stuff. */
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_error, F_SETFL,
- O_NONBLOCK), ok) {}
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_error, F_SETFD,
- FD_CLOEXEC), ok) {}
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_error_x, F_SETFD,
- FD_CLOEXEC), ok) {}
- {
- exe->error_fd_handler =
- ecore_main_fd_handler_add(exe->child_fd_error,
- ECORE_FD_READ,
- _ecore_exe_data_error_handler,
- exe, NULL, NULL);
- if (!exe->error_fd_handler)
- ok = 0;
- }
- }
- if (ok && (flags & ECORE_EXE_PIPE_READ))
- { /* Setup the read stuff. */
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_read, F_SETFL,
- O_NONBLOCK), ok) {}
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_read, F_SETFD,
- FD_CLOEXEC), ok) {}
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_read_x, F_SETFD,
- FD_CLOEXEC), ok) {}
- {
- exe->read_fd_handler =
- ecore_main_fd_handler_add(exe->child_fd_read,
- ECORE_FD_READ,
- _ecore_exe_data_read_handler,
- exe, NULL, NULL);
- if (!exe->read_fd_handler)
- ok = 0;
- }
- }
- if (ok && (flags & ECORE_EXE_PIPE_WRITE))
- { /* Setup the write stuff. */
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_write, F_SETFL,
- O_NONBLOCK), ok) {}
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_write, F_SETFD,
- FD_CLOEXEC), ok) {}
- E_IF_NO_ERRNO(result,
- fcntl(exe->child_fd_write_x, F_SETFD,
- FD_CLOEXEC), ok) {}
- {
- exe->write_fd_handler =
- ecore_main_fd_handler_add(exe->child_fd_write,
- ECORE_FD_WRITE,
- _ecore_exe_data_write_handler,
- exe, NULL, NULL);
- if (exe->write_fd_handler)
- ecore_main_fd_handler_active_set(exe->write_fd_handler, 0); /* Nothing to write to start with. */
- else
- ok = 0;
- }
- }
-
- exes = (Ecore_Exe *) eina_inlist_append(EINA_INLIST_GET(exes), EINA_INLIST_GET(exe));
- n = 0;
- }
- else
- ok = 0;
- }
- else
- ok = 0;
- }
-
- if (!ok)
- { /* Something went wrong, so pull down everything. */
- if (exe->pid) ecore_exe_terminate(exe);
- IF_FN_DEL(ecore_exe_free, exe);
- }
- else
- {
- Ecore_Exe_Event_Add *e;
-
- e = _ecore_exe_event_add_new();
- e->exe = exe;
- if (e) /* Send the event. */
- ecore_event_add(ECORE_EXE_EVENT_ADD, e,
- _ecore_exe_event_add_free, NULL);
- /* INF("Running as %d for %s.\n", exe->pid, exe->cmd); */
- }
-
- errno = n;
- return exe;
+ Ecore_Exe *exe = NULL;
+ int statusPipe[2] = { -1, -1 };
+ int errorPipe[2] = { -1, -1 };
+ int readPipe[2] = { -1, -1 };
+ int writePipe[2] = { -1, -1 };
+ int n = 0;
+ int ok = 1;
+ int result;
+
+ if (!exe_cmd)
+ return NULL;
+ exe = calloc(1, sizeof(Ecore_Exe));
+ if (!exe)
+ return NULL;
+
+ if ((flags & ECORE_EXE_PIPE_AUTO)
+ && (!(flags & ECORE_EXE_PIPE_ERROR))
+ && (!(flags & ECORE_EXE_PIPE_READ)))
+ /* We need something to auto pipe. */
+ flags |= ECORE_EXE_PIPE_READ | ECORE_EXE_PIPE_ERROR;
+
+ exe->child_fd_error = -1;
+ exe->child_fd_read = -1;
+ exe->child_fd_write = -1;
+ exe->child_fd_error_x = -1;
+ exe->child_fd_read_x = -1;
+ exe->child_fd_write_x = -1;
+
+ /* Create some pipes. */
+ if (ok) {
+ E_IF_NO_ERRNO_NOLOOP(result, pipe(statusPipe), ok) {
+ }
+ }
+ if (ok && (flags & ECORE_EXE_PIPE_ERROR)) {
+ E_IF_NO_ERRNO_NOLOOP(result, pipe(errorPipe), ok) {
+ exe->child_fd_error = errorPipe[0];
+ exe->child_fd_error_x = errorPipe[1];
+ }
+ }
+ if (ok && (flags & ECORE_EXE_PIPE_READ)) {
+ E_IF_NO_ERRNO_NOLOOP(result, pipe(readPipe), ok) {
+ exe->child_fd_read = readPipe[0];
+ exe->child_fd_read_x = readPipe[1];
+ }
+ }
+ if (ok && (flags & ECORE_EXE_PIPE_WRITE)) {
+ E_IF_NO_ERRNO_NOLOOP(result, pipe(writePipe), ok) {
+ exe->child_fd_write = writePipe[1];
+ exe->child_fd_write_x = writePipe[0];
+ }
+ }
+ if (ok) {
+ pid_t pid = 0;
+ volatile int vfork_exec_errno = 0;
+
+ /* FIXME: I should double check this. After a quick look around, this is already done, but via a more modern method. */
+ /* signal(SIGPIPE, SIG_IGN); We only want EPIPE on errors */
+ pid = fork();
+
+ if (pid == -1) {
+ ERR("Failed to fork process");
+ pid = 0;
+ } else if (pid == 0) { /* child */
+ if (run_pri != ECORE_EXE_PRIORITY_INHERIT) {
+ if ((run_pri >= -20) && (run_pri <= 19))
+ setpriority(PRIO_PROCESS, 0,
+ run_pri);
+ }
+ /* dup2 STDERR, STDIN, and STDOUT. dup2() allegedly closes the
+ * second pipe if it's open. On the other hand, there was the
+ * Great FD Leak Scare of '06, so let's be paranoid. */
+ if (ok && (flags & ECORE_EXE_PIPE_ERROR)) {
+ E_NO_ERRNO(result, close(STDERR_FILENO),
+ ok);
+ E_NO_ERRNO(result,
+ dup2(errorPipe[1],
+ STDERR_FILENO), ok);
+ }
+ if (ok && (flags & ECORE_EXE_PIPE_READ)) {
+ E_NO_ERRNO(result, close(STDOUT_FILENO),
+ ok);
+ E_NO_ERRNO(result,
+ dup2(readPipe[1],
+ STDOUT_FILENO), ok);
+ }
+ if (ok && (flags & ECORE_EXE_PIPE_WRITE)) {
+ E_NO_ERRNO(result, close(STDIN_FILENO),
+ ok);
+ E_NO_ERRNO(result,
+ dup2(writePipe[0],
+ STDIN_FILENO), ok);
+ }
+
+ if (ok) {
+ /* Setup the status pipe. */
+ E_NO_ERRNO(result, close(statusPipe[0]),
+ ok);
+ E_IF_NO_ERRNO(result, fcntl(statusPipe[1], F_SETFD, FD_CLOEXEC), ok) { /* close on exec shows success */
+ /* Run the actual command. */
+ _ecore_exe_exec_it(exe_cmd, flags); /* no return */
+ }
+ }
+
+ /* Something went 'orribly wrong. */
+ vfork_exec_errno = errno;
+
+ /* Close the pipes. */
+ if (flags & ECORE_EXE_PIPE_ERROR)
+ E_NO_ERRNO(result, close(errorPipe[1]),
+ ok);
+ if (flags & ECORE_EXE_PIPE_READ)
+ E_NO_ERRNO(result, close(readPipe[1]), ok);
+ if (flags & ECORE_EXE_PIPE_WRITE)
+ E_NO_ERRNO(result, close(writePipe[0]),
+ ok);
+ E_NO_ERRNO(result, close(statusPipe[1]), ok);
+
+ _exit(-1);
+ } else { /* parent */
+
+ /* Close the unused pipes. */
+ E_NO_ERRNO(result, close(statusPipe[1]), ok);
+
+ /* FIXME: after having a good look at the current e fd
+ * handling, investigate fcntl(dataPipe[x], F_SETSIG, ...) */
+ /* FIXME: above F_SETSIG etc. - this is async SIGIO based IO
+ * which is also linux specific so we probably don't want to
+ * do this as long as select() is working fine. the only time
+ * we really want to think of SIGIO async IO is when it all
+ * actually works basically everywhere and we can turn all
+ * IO into DMA async activities (i.e. you do a read() then
+ * the read is complete not on return but when you get a
+ * SIGIO - the read() just starts the transfer and it is
+ * completed in the background by DMA (or whatever mechanism
+ * the kernel choses)) */
+
+ /* Wait for it to start executing. */
+ /* FIXME: this doesn't seem very nice - we sit and block
+ * waiting on a child process... even though it's just
+ * the segment between the fork() and the exec) it just feels
+ * wrong */
+ for (;;) {
+ char buf;
+
+ E_NO_ERRNO(result,
+ read(statusPipe[0], &buf, 1),
+ ok);
+ if (result == 0) {
+ if (vfork_exec_errno != 0) {
+ n = vfork_exec_errno;
+ ERR("Could not start \"%s\"", exe_cmd);
+ pid = 0;
+ }
+ break;
+ }
+ }
+
+ /* Close the status pipe. */
+ E_NO_ERRNO(result, close(statusPipe[0]), ok);
+ }
+
+ if (pid) {
+ /* Setup the exe structure. */
+ ECORE_MAGIC_SET(exe, ECORE_MAGIC_EXE);
+ exe->start_bytes = -1;
+ exe->end_bytes = -1;
+ exe->start_lines = -1;
+ exe->end_lines = -1;
+ exe->pid = pid;
+ exe->flags = flags;
+ exe->data = (void *) data;
+ if ((exe->cmd = strdup(exe_cmd))) {
+ if (flags & ECORE_EXE_PIPE_ERROR) { /* Setup the error stuff. */
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_error,
+ F_SETFL,
+ O_NONBLOCK),
+ ok) {
+ }
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_error,
+ F_SETFD,
+ FD_CLOEXEC),
+ ok) {
+ }
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_error_x,
+ F_SETFD,
+ FD_CLOEXEC),
+ ok) {
+ }
+ {
+ exe->error_fd_handler =
+ ecore_main_fd_handler_add
+ (exe->child_fd_error,
+ ECORE_FD_READ,
+ _ecore_exe_data_error_handler,
+ exe, NULL, NULL);
+ if (!exe->error_fd_handler)
+ ok = 0;
+ }
+ }
+ if (ok && (flags & ECORE_EXE_PIPE_READ)) { /* Setup the read stuff. */
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_read,
+ F_SETFL,
+ O_NONBLOCK),
+ ok) {
+ }
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_read,
+ F_SETFD,
+ FD_CLOEXEC),
+ ok) {
+ }
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_read_x,
+ F_SETFD,
+ FD_CLOEXEC),
+ ok) {
+ }
+ {
+ exe->read_fd_handler =
+ ecore_main_fd_handler_add
+ (exe->child_fd_read,
+ ECORE_FD_READ,
+ _ecore_exe_data_read_handler,
+ exe, NULL, NULL);
+ if (!exe->read_fd_handler)
+ ok = 0;
+ }
+ }
+ if (ok && (flags & ECORE_EXE_PIPE_WRITE)) { /* Setup the write stuff. */
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_write,
+ F_SETFL,
+ O_NONBLOCK),
+ ok) {
+ }
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_write,
+ F_SETFD,
+ FD_CLOEXEC),
+ ok) {
+ }
+ E_IF_NO_ERRNO(result,
+ fcntl(exe->
+ child_fd_write_x,
+ F_SETFD,
+ FD_CLOEXEC),
+ ok) {
+ }
+ {
+ exe->write_fd_handler =
+ ecore_main_fd_handler_add
+ (exe->child_fd_write,
+ ECORE_FD_WRITE,
+ _ecore_exe_data_write_handler,
+ exe, NULL, NULL);
+ if (exe->write_fd_handler)
+ ecore_main_fd_handler_active_set(exe->write_fd_handler, 0); /* Nothing to write to start with. */
+ else
+ ok = 0;
+ }
+ }
+
+ exes =
+ (Ecore_Exe *)
+ eina_inlist_append(EINA_INLIST_GET
+ (exes),
+ EINA_INLIST_GET
+ (exe));
+ n = 0;
+ } else
+ ok = 0;
+ } else
+ ok = 0;
+ }
+
+ if (!ok) { /* Something went wrong, so pull down everything. */
+ if (exe->pid)
+ ecore_exe_terminate(exe);
+ IF_FN_DEL(ecore_exe_free, exe);
+ } else {
+ Ecore_Exe_Event_Add *e;
+
+ e = _ecore_exe_event_add_new();
+ e->exe = exe;
+ if (e) /* Send the event. */
+ ecore_event_add(ECORE_EXE_EVENT_ADD, e,
+ _ecore_exe_event_add_free, NULL);
+ /* INF("Running as %d for %s.\n", exe->pid, exe->cmd); */
+ }
+
+ errno = n;
+ return exe;
}
/**
@@ -706,15 +740,14 @@ ecore_exe_pipe_run(const char *exe_cmd, Ecore_Exe_Flags flags, const void *data)
* @param func The function to call before @a exe is freed.
*/
EAPI void
-ecore_exe_callback_pre_free_set(Ecore_Exe *exe, Ecore_Exe_Cb func)
+ecore_exe_callback_pre_free_set(Ecore_Exe * exe, Ecore_Exe_Cb func)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
- "ecore_exe_callback_pre_free_set");
- return;
- }
- exe->pre_free_cb = func;
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_callback_pre_free_set");
+ return;
+ }
+ exe->pre_free_cb = func;
}
/**
@@ -730,42 +763,40 @@ ecore_exe_callback_pre_free_set(Ecore_Exe *exe, Ecore_Exe_Cb func)
* @return EINA_TRUE if successful, EINA_FALSE on failure.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI Eina_Bool
-ecore_exe_send(Ecore_Exe * exe, const void *data, int size)
+EAPI Eina_Bool ecore_exe_send(Ecore_Exe * exe, const void *data, int size)
{
- void *buf;
-
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_send");
- return EINA_FALSE;
- }
-
- if (exe->close_stdin)
- {
- ERR("Ecore_Exe %p stdin is closed! Cannot send %d bytes from %p",
- exe, size, data);
- return EINA_FALSE;
- }
-
- if (exe->child_fd_write == -1)
- {
- ERR("Ecore_Exe %p created without ECORE_EXE_PIPE_WRITE! "
- "Cannot send %d bytes from %p", exe, size, data);
- return EINA_FALSE;
- }
-
- buf = realloc(exe->write_data_buf, exe->write_data_size + size);
- if (!buf) return EINA_FALSE;
-
- exe->write_data_buf = buf;
- memcpy((char *)exe->write_data_buf + exe->write_data_size, data, size);
- exe->write_data_size += size;
-
- if (exe->write_fd_handler)
- ecore_main_fd_handler_active_set(exe->write_fd_handler, ECORE_FD_WRITE);
-
- return EINA_TRUE;
+ void *buf;
+
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_send");
+ return EINA_FALSE;
+ }
+
+ if (exe->close_stdin) {
+ ERR("Ecore_Exe %p stdin is closed! Cannot send %d bytes from %p", exe, size, data);
+ return EINA_FALSE;
+ }
+
+ if (exe->child_fd_write == -1) {
+ ERR("Ecore_Exe %p created without ECORE_EXE_PIPE_WRITE! "
+ "Cannot send %d bytes from %p", exe, size, data);
+ return EINA_FALSE;
+ }
+
+ buf = realloc(exe->write_data_buf, exe->write_data_size + size);
+ if (!buf)
+ return EINA_FALSE;
+
+ exe->write_data_buf = buf;
+ memcpy((char *) exe->write_data_buf + exe->write_data_size, data,
+ size);
+ exe->write_data_size += size;
+
+ if (exe->write_fd_handler)
+ ecore_main_fd_handler_active_set(exe->write_fd_handler,
+ ECORE_FD_WRITE);
+
+ return EINA_TRUE;
}
/**
@@ -774,15 +805,14 @@ ecore_exe_send(Ecore_Exe * exe, const void *data, int size)
* @param exe The child process
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI void
-ecore_exe_close_stdin(Ecore_Exe *exe)
+EAPI void ecore_exe_close_stdin(Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_close_stdin");
- return;
- }
- exe->close_stdin = 1;
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_close_stdin");
+ return;
+ }
+ exe->close_stdin = 1;
}
/**
@@ -797,57 +827,58 @@ ecore_exe_close_stdin(Ecore_Exe *exe)
* @ingroup Ecore_Exe_Basic_Group
*/
EAPI void
-ecore_exe_auto_limits_set(Ecore_Exe *exe, int start_bytes, int end_bytes, int start_lines, int end_lines)
+ecore_exe_auto_limits_set(Ecore_Exe * exe, int start_bytes, int end_bytes,
+ int start_lines, int end_lines)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_auto_limits_set");
- return;
- }
- /* FIXME: sanitize the input. */
- exe->start_bytes = start_bytes;
- exe->end_bytes = end_bytes;
- exe->start_lines = start_lines;
- exe->end_lines = end_lines;
-
- /* FIXME: get this can of worms working.
- *
- * capture stderr & stdout internally
- *
- * raster and onefang keep moving the goal posts on this one. It started out as
- * "show users the error output if an exe fails" and is rapidly approaching
- * "alternative method of getting the data, poll vs event driven". Some serious
- * thinking needs to be applied to this. Do we really want to go that far? If
- * so, we should change the names. The basic design will probably remain the
- * same which ever way we go. The constant goal post moving is probably due to
- * generic design methods leading to feature creep as we inspired each other to
- * more generic designs. It does seem like the closer we get to poll driven,
- * the more issues and corner cases there are.
- *
- * Instead of doing the usual register an event handler thing, we are ecore_exe,
- * we can take some short cuts. Don't send the events, just leave the exe buffers
- * as is until the user asks for them, then return the event.
- *
- * start = 0, end = 0; clogged arteries get flushed, everything is ignored.
- * start = -1, end = -1; clogged arteries get transferred to internal buffers. Actually, either == -1 means buffer everything.
- * start = X, end = 0; buffer first X out of clogged arteries, flush and ignore rest.
- * start = 0, end = X; circular buffer X
- * start = X, end = Y; buffer first X out of clogged arteries, circular buffer Y from beginning.
- *
- * bytes vs lines, which ever one reaches the limit first.
- * Before we go beyond the start+end limit, leave the end buffer empty, and store both in the start buffer, coz they overlap.
- * After we pass the the start+end limit, insert "\n...\n" at the end of the start buffer, copy the rest to the end buffer, then store in the end buffer.
- *
- * Other issues -
- * Spank programmer for polling data if polling is not turned on.
- * Spank programmer for setting up event callbacks if polling is turned on.
- * Spank programmer for freeing the event data if it came from the event system, as that autofrees.
- * Spank the programmer if they try to set the limits bigger than what has been gathered & ignored already, coz they just lost data.
- * Spank onefang and raster for opening this can of worms.
- * Should we have separate out/err limits?
- * Should we remove from the internal buffer the data that was delivered already?
- * If so, what to do about limits, start, and end? They could loose their meaning.
- */
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_auto_limits_set");
+ return;
+ }
+ /* FIXME: sanitize the input. */
+ exe->start_bytes = start_bytes;
+ exe->end_bytes = end_bytes;
+ exe->start_lines = start_lines;
+ exe->end_lines = end_lines;
+
+ /* FIXME: get this can of worms working.
+ *
+ * capture stderr & stdout internally
+ *
+ * raster and onefang keep moving the goal posts on this one. It started out as
+ * "show users the error output if an exe fails" and is rapidly approaching
+ * "alternative method of getting the data, poll vs event driven". Some serious
+ * thinking needs to be applied to this. Do we really want to go that far? If
+ * so, we should change the names. The basic design will probably remain the
+ * same which ever way we go. The constant goal post moving is probably due to
+ * generic design methods leading to feature creep as we inspired each other to
+ * more generic designs. It does seem like the closer we get to poll driven,
+ * the more issues and corner cases there are.
+ *
+ * Instead of doing the usual register an event handler thing, we are ecore_exe,
+ * we can take some short cuts. Don't send the events, just leave the exe buffers
+ * as is until the user asks for them, then return the event.
+ *
+ * start = 0, end = 0; clogged arteries get flushed, everything is ignored.
+ * start = -1, end = -1; clogged arteries get transferred to internal buffers. Actually, either == -1 means buffer everything.
+ * start = X, end = 0; buffer first X out of clogged arteries, flush and ignore rest.
+ * start = 0, end = X; circular buffer X
+ * start = X, end = Y; buffer first X out of clogged arteries, circular buffer Y from beginning.
+ *
+ * bytes vs lines, which ever one reaches the limit first.
+ * Before we go beyond the start+end limit, leave the end buffer empty, and store both in the start buffer, coz they overlap.
+ * After we pass the the start+end limit, insert "\n...\n" at the end of the start buffer, copy the rest to the end buffer, then store in the end buffer.
+ *
+ * Other issues -
+ * Spank programmer for polling data if polling is not turned on.
+ * Spank programmer for setting up event callbacks if polling is turned on.
+ * Spank programmer for freeing the event data if it came from the event system, as that autofrees.
+ * Spank the programmer if they try to set the limits bigger than what has been gathered & ignored already, coz they just lost data.
+ * Spank onefang and raster for opening this can of worms.
+ * Should we have separate out/err limits?
+ * Should we remove from the internal buffer the data that was delivered already?
+ * If so, what to do about limits, start, and end? They could loose their meaning.
+ */
}
/**
@@ -857,128 +888,116 @@ ecore_exe_auto_limits_set(Ecore_Exe *exe, int start_bytes, int end_bytes, int st
* @param flags Is this a ECORE_EXE_PIPE_READ or ECORE_EXE_PIPE_ERROR?
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI Ecore_Exe_Event_Data *
-ecore_exe_event_data_get(Ecore_Exe *exe, Ecore_Exe_Flags flags)
+EAPI Ecore_Exe_Event_Data *ecore_exe_event_data_get(Ecore_Exe * exe,
+ Ecore_Exe_Flags flags)
{
- Ecore_Exe_Event_Data *e = NULL;
- int is_buffered = 0;
- unsigned char *inbuf;
- int inbuf_num;
-
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_event_data_get");
- return NULL;
- }
-
- /* Sort out what sort of event we are. */
- if (flags & ECORE_EXE_PIPE_READ)
- {
- flags = ECORE_EXE_PIPE_READ;
- if (exe->flags & ECORE_EXE_PIPE_READ_LINE_BUFFERED)
- is_buffered = 1;
- }
- else
- {
- flags = ECORE_EXE_PIPE_ERROR;
- if (exe->flags & ECORE_EXE_PIPE_ERROR_LINE_BUFFERED)
- is_buffered = 1;
- }
-
- /* Get the data. */
- if (flags & ECORE_EXE_PIPE_READ)
- {
- inbuf = exe->read_data_buf;
- inbuf_num = exe->read_data_size;
- exe->read_data_buf = NULL;
- exe->read_data_size = 0;
- }
- else
- {
- inbuf = exe->error_data_buf;
- inbuf_num = exe->error_data_size;
- exe->error_data_buf = NULL;
- exe->error_data_size = 0;
- }
-
- e = calloc(1, sizeof(Ecore_Exe_Event_Data));
- if (e)
- {
- e->exe = exe;
- e->data = inbuf;
- e->size = inbuf_num;
-
- if (is_buffered)
- { /* Deal with line buffering. */
- int max = 0;
- int count = 0;
- int i;
- int last = 0;
- char *c;
-
- c = (char *)inbuf;
- for (i = 0; i < inbuf_num; i++) /* Find the lines. */
- {
- if (inbuf[i] == '\n')
- {
- if (count >= max)
- {
- /* In testing, the lines seem to arrive in batches of 500 to 1000 lines at most, roughly speaking. */
- max += 10; /* FIXME: Maybe keep track of the largest number of lines ever sent, and add half that many instead of 10. */
- e->lines = realloc(e->lines, sizeof(Ecore_Exe_Event_Data_Line) * (max + 1)); /* Allow room for the NULL termination. */
- }
- /* raster said to leave the line endings as line endings, however -
- * This is line buffered mode, we are not dealing with binary here, but lines.
- * If we are not dealing with binary, we must be dealing with ASCII, unicode, or some other text format.
- * Thus the user is most likely gonna deal with this text as strings.
- * Thus the user is most likely gonna pass this data to str functions.
- * rasters way - the endings are always gonna be '\n'; onefangs way - they will always be '\0'
- * We are handing them the string length as a convenience.
- * Thus if they really want it in raw format, they can e->lines[i].line[e->lines[i].size - 1] = '\n'; easily enough.
- * In the default case, we can do this conversion quicker than the user can, as we already have the index and pointer.
- * Let's make it easy on them to use these as standard C strings.
- *
- * onefang is proud to announce that he has just set a new personal record for the
- * most over documentation of a simple assignment statement. B-)
- */
- inbuf[i] = '\0';
- e->lines[count].line = c;
- e->lines[count].size = i - last;
- last = i + 1;
- c = (char *)&inbuf[last];
- count++;
- }
- }
- if (count == 0) /* No lines to send, cancel the event. */
- {
- _ecore_exe_event_exe_data_free(NULL, e);
- e = NULL;
- }
- else /* NULL terminate the array, so that people know where the end is. */
- {
- e->lines[count].line = NULL;
- e->lines[count].size = 0;
- }
- if (i > last) /* Partial line left over, save it for next time. */
- {
- if (e) e->size = last;
- if (flags & ECORE_EXE_PIPE_READ)
- {
- exe->read_data_size = i - last;
- exe->read_data_buf = malloc(exe->read_data_size);
- memcpy(exe->read_data_buf, c, exe->read_data_size);
- }
- else
- {
- exe->error_data_size = i - last;
- exe->error_data_buf = malloc(exe->error_data_size);
- memcpy(exe->error_data_buf, c, exe->error_data_size);
- }
- }
- }
- }
-
- return e;
+ Ecore_Exe_Event_Data *e = NULL;
+ int is_buffered = 0;
+ unsigned char *inbuf;
+ int inbuf_num;
+
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_event_data_get");
+ return NULL;
+ }
+
+ /* Sort out what sort of event we are. */
+ if (flags & ECORE_EXE_PIPE_READ) {
+ flags = ECORE_EXE_PIPE_READ;
+ if (exe->flags & ECORE_EXE_PIPE_READ_LINE_BUFFERED)
+ is_buffered = 1;
+ } else {
+ flags = ECORE_EXE_PIPE_ERROR;
+ if (exe->flags & ECORE_EXE_PIPE_ERROR_LINE_BUFFERED)
+ is_buffered = 1;
+ }
+
+ /* Get the data. */
+ if (flags & ECORE_EXE_PIPE_READ) {
+ inbuf = exe->read_data_buf;
+ inbuf_num = exe->read_data_size;
+ exe->read_data_buf = NULL;
+ exe->read_data_size = 0;
+ } else {
+ inbuf = exe->error_data_buf;
+ inbuf_num = exe->error_data_size;
+ exe->error_data_buf = NULL;
+ exe->error_data_size = 0;
+ }
+
+ e = calloc(1, sizeof(Ecore_Exe_Event_Data));
+ if (e) {
+ e->exe = exe;
+ e->data = inbuf;
+ e->size = inbuf_num;
+
+ if (is_buffered) { /* Deal with line buffering. */
+ int max = 0;
+ int count = 0;
+ int i;
+ int last = 0;
+ char *c;
+
+ c = (char *) inbuf;
+ for (i = 0; i < inbuf_num; i++) { /* Find the lines. */
+ if (inbuf[i] == '\n') {
+ if (count >= max) {
+ /* In testing, the lines seem to arrive in batches of 500 to 1000 lines at most, roughly speaking. */
+ max += 10; /* FIXME: Maybe keep track of the largest number of lines ever sent, and add half that many instead of 10. */
+ e->lines = realloc(e->lines, sizeof(Ecore_Exe_Event_Data_Line) * (max + 1)); /* Allow room for the NULL termination. */
+ }
+ /* raster said to leave the line endings as line endings, however -
+ * This is line buffered mode, we are not dealing with binary here, but lines.
+ * If we are not dealing with binary, we must be dealing with ASCII, unicode, or some other text format.
+ * Thus the user is most likely gonna deal with this text as strings.
+ * Thus the user is most likely gonna pass this data to str functions.
+ * rasters way - the endings are always gonna be '\n'; onefangs way - they will always be '\0'
+ * We are handing them the string length as a convenience.
+ * Thus if they really want it in raw format, they can e->lines[i].line[e->lines[i].size - 1] = '\n'; easily enough.
+ * In the default case, we can do this conversion quicker than the user can, as we already have the index and pointer.
+ * Let's make it easy on them to use these as standard C strings.
+ *
+ * onefang is proud to announce that he has just set a new personal record for the
+ * most over documentation of a simple assignment statement. B-)
+ */
+ inbuf[i] = '\0';
+ e->lines[count].line = c;
+ e->lines[count].size = i - last;
+ last = i + 1;
+ c = (char *) &inbuf[last];
+ count++;
+ }
+ }
+ if (count == 0) { /* No lines to send, cancel the event. */
+ _ecore_exe_event_exe_data_free(NULL, e);
+ e = NULL;
+ } else { /* NULL terminate the array, so that people know where the end is. */
+
+ e->lines[count].line = NULL;
+ e->lines[count].size = 0;
+ }
+ if (i > last) { /* Partial line left over, save it for next time. */
+ if (e)
+ e->size = last;
+ if (flags & ECORE_EXE_PIPE_READ) {
+ exe->read_data_size = i - last;
+ exe->read_data_buf =
+ malloc(exe->read_data_size);
+ memcpy(exe->read_data_buf, c,
+ exe->read_data_size);
+ } else {
+ exe->error_data_size = i - last;
+ exe->error_data_buf =
+ malloc(exe->error_data_size);
+ memcpy(exe->error_data_buf, c,
+ exe->error_data_size);
+ }
+ }
+ }
+ }
+
+ return e;
}
/**
@@ -988,19 +1007,18 @@ ecore_exe_event_data_get(Ecore_Exe *exe, Ecore_Exe_Flags flags)
* @param tag The string tag to set on the process handle.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI void
-ecore_exe_tag_set(Ecore_Exe *exe, const char *tag)
+EAPI void ecore_exe_tag_set(Ecore_Exe * exe, const char *tag)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_tag_set");
- return;
- }
- IF_FREE(exe->tag);
- if (tag)
- exe->tag = strdup(tag);
- else
- exe->tag = NULL;
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_tag_set");
+ return;
+ }
+ IF_FREE(exe->tag);
+ if (tag)
+ exe->tag = strdup(tag);
+ else
+ exe->tag = NULL;
}
/**
@@ -1015,15 +1033,14 @@ ecore_exe_tag_set(Ecore_Exe *exe, const char *tag)
* ecore_exe_tag_set() to change it. It might be @c NULL.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI const char *
-ecore_exe_tag_get(const Ecore_Exe *exe)
+EAPI const char *ecore_exe_tag_get(const Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_tag_get");
- return NULL;
- }
- return exe->tag;
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_tag_get");
+ return NULL;
+ }
+ return exe->tag;
}
/**
@@ -1037,63 +1054,61 @@ ecore_exe_tag_get(const Ecore_Exe *exe)
* called.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI void *
-ecore_exe_free(Ecore_Exe *exe)
+EAPI void *ecore_exe_free(Ecore_Exe * exe)
{
- void *data;
- int ok = 0;
- int result;
-
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_free");
- return NULL;
- }
-
- data = exe->data;
-
- if (exe->pre_free_cb)
- exe->pre_free_cb(data, exe);
-
- if (exe->doomsday_clock)
- {
- struct _ecore_exe_dead_exe *dead;
-
- ecore_timer_del(exe->doomsday_clock);
- exe->doomsday_clock = NULL;
- dead = exe->doomsday_clock_dead;
- if (dead)
- {
- IF_FREE(dead->cmd);
- free(dead);
- exe->doomsday_clock_dead = NULL;
- }
- }
- IF_FN_DEL(ecore_main_fd_handler_del, exe->write_fd_handler);
- IF_FN_DEL(ecore_main_fd_handler_del, exe->read_fd_handler);
- IF_FN_DEL(ecore_main_fd_handler_del, exe->error_fd_handler);
- if (exe->child_fd_write_x != -1)
- E_NO_ERRNO(result, close(exe->child_fd_write_x), ok);
- if (exe->child_fd_read_x != -1)
- E_NO_ERRNO(result, close(exe->child_fd_read_x), ok);
- if (exe->child_fd_error_x != -1)
- E_NO_ERRNO(result, close(exe->child_fd_error_x), ok);
- if (exe->child_fd_write != -1)
- E_NO_ERRNO(result, close(exe->child_fd_write), ok);
- if (exe->child_fd_read != -1)
- E_NO_ERRNO(result, close(exe->child_fd_read), ok);
- if (exe->child_fd_error != -1)
- E_NO_ERRNO(result, close(exe->child_fd_error), ok);
- IF_FREE(exe->write_data_buf);
- IF_FREE(exe->read_data_buf);
- IF_FREE(exe->error_data_buf);
- IF_FREE(exe->cmd);
-
- exes = (Ecore_Exe *) eina_inlist_remove(EINA_INLIST_GET(exes), EINA_INLIST_GET(exe));
- ECORE_MAGIC_SET(exe, ECORE_MAGIC_NONE);
- IF_FREE(exe->tag);
- free(exe);
- return data;
+ void *data;
+ int ok = 0;
+ int result;
+
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_free");
+ return NULL;
+ }
+
+ data = exe->data;
+
+ if (exe->pre_free_cb)
+ exe->pre_free_cb(data, exe);
+
+ if (exe->doomsday_clock) {
+ struct _ecore_exe_dead_exe *dead;
+
+ ecore_timer_del(exe->doomsday_clock);
+ exe->doomsday_clock = NULL;
+ dead = exe->doomsday_clock_dead;
+ if (dead) {
+ IF_FREE(dead->cmd);
+ free(dead);
+ exe->doomsday_clock_dead = NULL;
+ }
+ }
+ IF_FN_DEL(ecore_main_fd_handler_del, exe->write_fd_handler);
+ IF_FN_DEL(ecore_main_fd_handler_del, exe->read_fd_handler);
+ IF_FN_DEL(ecore_main_fd_handler_del, exe->error_fd_handler);
+ if (exe->child_fd_write_x != -1)
+ E_NO_ERRNO(result, close(exe->child_fd_write_x), ok);
+ if (exe->child_fd_read_x != -1)
+ E_NO_ERRNO(result, close(exe->child_fd_read_x), ok);
+ if (exe->child_fd_error_x != -1)
+ E_NO_ERRNO(result, close(exe->child_fd_error_x), ok);
+ if (exe->child_fd_write != -1)
+ E_NO_ERRNO(result, close(exe->child_fd_write), ok);
+ if (exe->child_fd_read != -1)
+ E_NO_ERRNO(result, close(exe->child_fd_read), ok);
+ if (exe->child_fd_error != -1)
+ E_NO_ERRNO(result, close(exe->child_fd_error), ok);
+ IF_FREE(exe->write_data_buf);
+ IF_FREE(exe->read_data_buf);
+ IF_FREE(exe->error_data_buf);
+ IF_FREE(exe->cmd);
+
+ exes =
+ (Ecore_Exe *) eina_inlist_remove(EINA_INLIST_GET(exes),
+ EINA_INLIST_GET(exe));
+ ECORE_MAGIC_SET(exe, ECORE_MAGIC_NONE);
+ IF_FREE(exe->tag);
+ free(exe);
+ return data;
}
/**
@@ -1102,13 +1117,13 @@ ecore_exe_free(Ecore_Exe *exe)
* @param e The given event data.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI void
-ecore_exe_event_data_free(Ecore_Exe_Event_Data *e)
+EAPI void ecore_exe_event_data_free(Ecore_Exe_Event_Data * e)
{
- if (!e) return;
- IF_FREE(e->lines);
- IF_FREE(e->data);
- free(e);
+ if (!e)
+ return;
+ IF_FREE(e->lines);
+ IF_FREE(e->data);
+ free(e);
}
/**
@@ -1117,15 +1132,14 @@ ecore_exe_event_data_free(Ecore_Exe_Event_Data *e)
* @return The process ID on success. @c -1 otherwise.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI pid_t
-ecore_exe_pid_get(const Ecore_Exe *exe)
+EAPI pid_t ecore_exe_pid_get(const Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_pid_get");
- return -1;
- }
- return exe->pid;
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_pid_get");
+ return -1;
+ }
+ return exe->pid;
}
/**
@@ -1136,15 +1150,14 @@ ecore_exe_pid_get(const Ecore_Exe *exe)
* any way.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI const char *
-ecore_exe_cmd_get(const Ecore_Exe *exe)
+EAPI const char *ecore_exe_cmd_get(const Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_cmd_get");
- return NULL;
- }
- return exe->cmd;
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_cmd_get");
+ return NULL;
+ }
+ return exe->cmd;
}
/**
@@ -1154,15 +1167,14 @@ ecore_exe_cmd_get(const Ecore_Exe *exe)
* ecore_exe_run() or ecore_exe_pipe_run()
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI void *
-ecore_exe_data_get(const Ecore_Exe *exe)
+EAPI void *ecore_exe_data_get(const Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_data_get");
- return NULL;
- }
- return exe->data;
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_data_get");
+ return NULL;
+ }
+ return exe->data;
}
/**
@@ -1171,15 +1183,14 @@ ecore_exe_data_get(const Ecore_Exe *exe)
* @return The flags attached to @p exe.
* @ingroup Ecore_Exe_Basic_Group
*/
-EAPI Ecore_Exe_Flags
-ecore_exe_flags_get(const Ecore_Exe *exe)
+EAPI Ecore_Exe_Flags ecore_exe_flags_get(const Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_data_get");
- return 0;
- }
- return exe->flags;
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_data_get");
+ return 0;
+ }
+ return exe->flags;
}
/**
@@ -1193,15 +1204,13 @@ ecore_exe_flags_get(const Ecore_Exe *exe)
* @param exe Process handle to the given process.
* @ingroup Ecore_Exe_Signal_Group
*/
-EAPI void
-ecore_exe_pause(Ecore_Exe *exe)
+EAPI void ecore_exe_pause(Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_pause");
- return;
- }
- kill(exe->pid, SIGSTOP);
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_pause");
+ return;
+ }
+ kill(exe->pid, SIGSTOP);
}
/**
@@ -1209,15 +1218,14 @@ ecore_exe_pause(Ecore_Exe *exe)
* @param exe Process handle to the given process.
* @ingroup Ecore_Exe_Signal_Group
*/
-EAPI void
-ecore_exe_continue(Ecore_Exe *exe)
+EAPI void ecore_exe_continue(Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_continue");
- return;
- }
- kill(exe->pid, SIGCONT);
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_continue");
+ return;
+ }
+ kill(exe->pid, SIGCONT);
}
/**
@@ -1225,16 +1233,15 @@ ecore_exe_continue(Ecore_Exe *exe)
* @param exe Process handle to the given process.
* @ingroup Ecore_Exe_Signal_Group
*/
-EAPI void
-ecore_exe_interrupt(Ecore_Exe *exe)
+EAPI void ecore_exe_interrupt(Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_interrupt");
- return;
- }
- _ecore_exe_dead_attach(exe);
- kill(exe->pid, SIGINT);
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_interrupt");
+ return;
+ }
+ _ecore_exe_dead_attach(exe);
+ kill(exe->pid, SIGINT);
}
/**
@@ -1242,16 +1249,14 @@ ecore_exe_interrupt(Ecore_Exe *exe)
* @param exe Process handle to the given process.
* @ingroup Ecore_Exe_Signal_Group
*/
-EAPI void
-ecore_exe_quit(Ecore_Exe *exe)
+EAPI void ecore_exe_quit(Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_quit");
- return;
- }
- _ecore_exe_dead_attach(exe);
- kill(exe->pid, SIGQUIT);
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_quit");
+ return;
+ }
+ _ecore_exe_dead_attach(exe);
+ kill(exe->pid, SIGQUIT);
}
/**
@@ -1259,17 +1264,16 @@ ecore_exe_quit(Ecore_Exe *exe)
* @param exe Process handle to the given process.
* @ingroup Ecore_Exe_Signal_Group
*/
-EAPI void
-ecore_exe_terminate(Ecore_Exe *exe)
+EAPI void ecore_exe_terminate(Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_terminate");
- return;
- }
- _ecore_exe_dead_attach(exe);
- INF("Sending TERM signal to %s (%d).", exe->cmd, exe->pid);
- kill(exe->pid, SIGTERM);
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE,
+ "ecore_exe_terminate");
+ return;
+ }
+ _ecore_exe_dead_attach(exe);
+ INF("Sending TERM signal to %s (%d).", exe->cmd, exe->pid);
+ kill(exe->pid, SIGTERM);
}
/**
@@ -1277,29 +1281,28 @@ ecore_exe_terminate(Ecore_Exe *exe)
* @param exe Process handle to the given process.
* @ingroup Ecore_Exe_Signal_Group
*/
-EAPI void
-ecore_exe_kill(Ecore_Exe *exe)
+EAPI void ecore_exe_kill(Ecore_Exe * exe)
{
- struct _ecore_exe_dead_exe *dead;
-
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_kill");
- return;
- }
-
- dead = calloc(1, sizeof(struct _ecore_exe_dead_exe));
- if (dead)
- {
- dead->pid = exe->pid;
- dead->cmd = strdup(exe->cmd);
- IF_FN_DEL(ecore_timer_del, exe->doomsday_clock);
- exe->doomsday_clock =
- ecore_timer_add(10.0, _ecore_exe_make_sure_its_really_dead, dead);
- }
-
- INF("Sending KILL signal to %s (%d).", exe->cmd, exe->pid);
- kill(exe->pid, SIGKILL);
+ struct _ecore_exe_dead_exe *dead;
+
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_kill");
+ return;
+ }
+
+ dead = calloc(1, sizeof(struct _ecore_exe_dead_exe));
+ if (dead) {
+ dead->pid = exe->pid;
+ dead->cmd = strdup(exe->cmd);
+ IF_FN_DEL(ecore_timer_del, exe->doomsday_clock);
+ exe->doomsday_clock =
+ ecore_timer_add(10.0,
+ _ecore_exe_make_sure_its_really_dead,
+ dead);
+ }
+
+ INF("Sending KILL signal to %s (%d).", exe->cmd, exe->pid);
+ kill(exe->pid, SIGKILL);
}
/**
@@ -1309,18 +1312,16 @@ ecore_exe_kill(Ecore_Exe *exe)
* the signal will be ignored.
* @ingroup Ecore_Exe_Signal_Group
*/
-EAPI void
-ecore_exe_signal(Ecore_Exe *exe, int num)
+EAPI void ecore_exe_signal(Ecore_Exe * exe, int num)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_signal");
- return;
- }
- if (num == 1)
- kill(exe->pid, SIGUSR1);
- else if (num == 2)
- kill(exe->pid, SIGUSR2);
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_signal");
+ return;
+ }
+ if (num == 1)
+ kill(exe->pid, SIGUSR1);
+ else if (num == 2)
+ kill(exe->pid, SIGUSR2);
}
/**
@@ -1328,517 +1329,477 @@ ecore_exe_signal(Ecore_Exe *exe, int num)
* @param exe Process handle to the given process.
* @ingroup Ecore_Exe_Signal_Group
*/
-EAPI void
-ecore_exe_hup(Ecore_Exe *exe)
+EAPI void ecore_exe_hup(Ecore_Exe * exe)
{
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- {
- ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_hup");
- return;
- }
- kill(exe->pid, SIGHUP);
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE)) {
+ ECORE_MAGIC_FAIL(exe, ECORE_MAGIC_EXE, "ecore_exe_hup");
+ return;
+ }
+ kill(exe->pid, SIGHUP);
}
-static Ecore_Exe *
-_ecore_exe_is_it_alive(pid_t pid)
+static Ecore_Exe *_ecore_exe_is_it_alive(pid_t pid)
{
- Ecore_Exe *exe = NULL;
-
- /* FIXME: There is no nice, safe, OS independent way to tell if a
- * particular PID is still alive. I have written code to do so
- * for my urunlevel busybox applet (http://urunlevel.sourceforge.net/),
- * but it's for linux only, and still not guaranteed.
- *
- * So for now, we just check that a valid Ecore_Exe structure
- * exists for it. Even that is not a guarantee, as the structure
- * can be freed without killing the process.
- *
- * I think we can safely put exe's into two categories, those users
- * that care about the life of the exe, and the run and forget type.
- * The run and forget type starts up the exe, then free's the
- * Ecore_Exe structure straight away. They can never call any of
- * the functions that can call this, so we don't worry about them.
- *
- * Those user's that care about the life of exe's will keep the
- * Ecore_Exe structure around, terminate them eventually, or
- * register for exit events. For these ones the assumption
- * that valid Ecore_Exe struct == live exe is almost valid.
- *
- * I will probably copy my urunlevel code into here someday.
- */
- exe = _ecore_exe_find(pid);
- if (exe)
- {
- if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
- exe = NULL;
- }
-
- return exe;
+ Ecore_Exe *exe = NULL;
+
+ /* FIXME: There is no nice, safe, OS independent way to tell if a
+ * particular PID is still alive. I have written code to do so
+ * for my urunlevel busybox applet (http://urunlevel.sourceforge.net/),
+ * but it's for linux only, and still not guaranteed.
+ *
+ * So for now, we just check that a valid Ecore_Exe structure
+ * exists for it. Even that is not a guarantee, as the structure
+ * can be freed without killing the process.
+ *
+ * I think we can safely put exe's into two categories, those users
+ * that care about the life of the exe, and the run and forget type.
+ * The run and forget type starts up the exe, then free's the
+ * Ecore_Exe structure straight away. They can never call any of
+ * the functions that can call this, so we don't worry about them.
+ *
+ * Those user's that care about the life of exe's will keep the
+ * Ecore_Exe structure around, terminate them eventually, or
+ * register for exit events. For these ones the assumption
+ * that valid Ecore_Exe struct == live exe is almost valid.
+ *
+ * I will probably copy my urunlevel code into here someday.
+ */
+ exe = _ecore_exe_find(pid);
+ if (exe) {
+ if (!ECORE_MAGIC_CHECK(exe, ECORE_MAGIC_EXE))
+ exe = NULL;
+ }
+
+ return exe;
}
-static Eina_Bool
-_ecore_exe_make_sure_its_dead(void *data)
+static Eina_Bool _ecore_exe_make_sure_its_dead(void *data)
{
- struct _ecore_exe_dead_exe *dead;
-
- dead = data;
- if (dead)
- {
- Ecore_Exe *exe = NULL;
-
- if ((exe = _ecore_exe_is_it_alive(dead->pid)))
- {
- if (dead->cmd)
- INF("Sending KILL signal to allegedly dead %s (%d).",
- dead->cmd, dead->pid);
- else
- INF("Sending KILL signal to allegedly dead PID %d.",
- dead->pid);
- exe->doomsday_clock =
- ecore_timer_add(10.0, _ecore_exe_make_sure_its_really_dead,
- dead);
- kill(dead->pid, SIGKILL);
- }
- else
- {
- IF_FREE(dead->cmd);
- free(dead);
- }
- }
- return ECORE_CALLBACK_CANCEL;
+ struct _ecore_exe_dead_exe *dead;
+
+ dead = data;
+ if (dead) {
+ Ecore_Exe *exe = NULL;
+
+ if ((exe = _ecore_exe_is_it_alive(dead->pid))) {
+ if (dead->cmd)
+ INF("Sending KILL signal to allegedly dead %s (%d).", dead->cmd, dead->pid);
+ else
+ INF("Sending KILL signal to allegedly dead PID %d.", dead->pid);
+ exe->doomsday_clock =
+ ecore_timer_add(10.0,
+ _ecore_exe_make_sure_its_really_dead,
+ dead);
+ kill(dead->pid, SIGKILL);
+ } else {
+ IF_FREE(dead->cmd);
+ free(dead);
+ }
+ }
+ return ECORE_CALLBACK_CANCEL;
}
-static Eina_Bool
-_ecore_exe_make_sure_its_really_dead(void *data)
+static Eina_Bool _ecore_exe_make_sure_its_really_dead(void *data)
{
- struct _ecore_exe_dead_exe *dead;
-
- dead = data;
- if (dead)
- {
- Ecore_Exe *exe = NULL;
-
- if ((exe = _ecore_exe_is_it_alive(dead->pid)))
- {
- ERR("RUN! The zombie wants to eat your brains! And your CPU!");
- if (dead->cmd)
- INF("%s (%d) is not really dead.", dead->cmd, dead->pid);
- else
- INF("PID %d is not really dead.", dead->pid);
- exe->doomsday_clock = NULL;
- }
- IF_FREE(dead->cmd);
- free(dead);
- }
- return ECORE_CALLBACK_CANCEL;
+ struct _ecore_exe_dead_exe *dead;
+
+ dead = data;
+ if (dead) {
+ Ecore_Exe *exe = NULL;
+
+ if ((exe = _ecore_exe_is_it_alive(dead->pid))) {
+ ERR("RUN! The zombie wants to eat your brains! And your CPU!");
+ if (dead->cmd)
+ INF("%s (%d) is not really dead.",
+ dead->cmd, dead->pid);
+ else
+ INF("PID %d is not really dead.",
+ dead->pid);
+ exe->doomsday_clock = NULL;
+ }
+ IF_FREE(dead->cmd);
+ free(dead);
+ }
+ return ECORE_CALLBACK_CANCEL;
}
-void
-_ecore_exe_init(void)
+void _ecore_exe_init(void)
{
- ECORE_EXE_EVENT_ADD = ecore_event_type_new();
- ECORE_EXE_EVENT_DEL = ecore_event_type_new();
- ECORE_EXE_EVENT_DATA = ecore_event_type_new();
- ECORE_EXE_EVENT_ERROR = ecore_event_type_new();
+ ECORE_EXE_EVENT_ADD = ecore_event_type_new();
+ ECORE_EXE_EVENT_DEL = ecore_event_type_new();
+ ECORE_EXE_EVENT_DATA = ecore_event_type_new();
+ ECORE_EXE_EVENT_ERROR = ecore_event_type_new();
}
-void
-_ecore_exe_shutdown(void)
+void _ecore_exe_shutdown(void)
{
- while (exes)
- ecore_exe_free(exes);
+ while (exes)
+ ecore_exe_free(exes);
}
-Ecore_Exe *
-_ecore_exe_find(pid_t pid)
+Ecore_Exe *_ecore_exe_find(pid_t pid)
{
- Ecore_Exe *exe;
-
- EINA_INLIST_FOREACH(exes, exe)
- {
- if (exe->pid == pid)
- return exe;
- }
- return NULL;
+ Ecore_Exe *exe;
+
+ EINA_INLIST_FOREACH(exes, exe) {
+ if (exe->pid == pid)
+ return exe;
+ }
+ return NULL;
}
-Ecore_Timer *
-_ecore_exe_doomsday_clock_get(Ecore_Exe *exe)
+Ecore_Timer *_ecore_exe_doomsday_clock_get(Ecore_Exe * exe)
{
- return exe->doomsday_clock;
+ return exe->doomsday_clock;
}
-void
-_ecore_exe_doomsday_clock_set(Ecore_Exe *exe, Ecore_Timer *dc)
+void _ecore_exe_doomsday_clock_set(Ecore_Exe * exe, Ecore_Timer * dc)
{
- exe->doomsday_clock = dc;
+ exe->doomsday_clock = dc;
}
static inline void
_ecore_exe_exec_it(const char *exe_cmd, Ecore_Exe_Flags flags)
{
- char use_sh = 1;
- char *buf = NULL;
- char **args = NULL;
- int save_errno = 0;
-
- /* So what is this doing?
- *
- * We are trying to avoid wrapping the exe call with /bin/sh -c.
- * We conservatively search for certain shell meta characters,
- * If we don't find them, we can call the exe directly.
- */
- if (!strpbrk(exe_cmd, "|&;<>()$`\\\"'*?#"))
- {
- char *token;
- char pre_command = 1;
- int num_tokens = 0;
-
- if (!(buf = strdup(exe_cmd)))
- return;
-
- token = strtok(buf, " \t\n\v");
- while (token)
- {
- if (token[0] == '~')
- break;
- if (pre_command)
- {
- if (token[0] == '[')
- break;
- if (strchr(token, '='))
- break;
- else
- pre_command = 0;
- }
- num_tokens++;
- token = strtok(NULL, " \t\n\v");
- }
- IF_FREE(buf);
- if ((!token) && (num_tokens))
- {
- int i = 0;
-
- if (!(buf = strdup(exe_cmd)))
- return;
-
- token = strtok(buf, " \t\n\v");
- use_sh = 0;
- if (!(args = (char **)calloc(num_tokens + 1, sizeof(char *))))
- {
- IF_FREE(buf);
- return;
- }
- for (i = 0; i < num_tokens; i++)
- {
- if (token)
- args[i] = token;
- token = strtok(NULL, " \t\n\v");
- }
- args[num_tokens] = NULL;
- }
- }
-
- if (!(flags & ECORE_EXE_NOT_LEADER)) setsid();
- if ((flags & ECORE_EXE_USE_SH))
- {
- errno = 0;
- execl("/bin/sh", "/bin/sh", "-c", exe_cmd, (char *)NULL);
- }
- else if (use_sh)
- { /* We have to use a shell to run this. */
- if (!shell)
- { /* Find users preferred shell. */
- shell = getenv("SHELL");
- if (!shell)
- shell = "/bin/sh";
- }
- errno = 0;
- execl(shell, shell, "-c", exe_cmd, (char *)NULL);
- }
- else
- { /* We can run this directly. */
- errno = 0;
- execvp(args[0], args);
- }
-
- save_errno = errno;
- IF_FREE(buf);
- IF_FREE(args);
- errno = save_errno;
- return;
+ char use_sh = 1;
+ char *buf = NULL;
+ char **args = NULL;
+ int save_errno = 0;
+
+ /* So what is this doing?
+ *
+ * We are trying to avoid wrapping the exe call with /bin/sh -c.
+ * We conservatively search for certain shell meta characters,
+ * If we don't find them, we can call the exe directly.
+ */
+ if (!strpbrk(exe_cmd, "|&;<>()$`\\\"'*?#")) {
+ char *token;
+ char pre_command = 1;
+ int num_tokens = 0;
+
+ if (!(buf = strdup(exe_cmd)))
+ return;
+
+ token = strtok(buf, " \t\n\v");
+ while (token) {
+ if (token[0] == '~')
+ break;
+ if (pre_command) {
+ if (token[0] == '[')
+ break;
+ if (strchr(token, '='))
+ break;
+ else
+ pre_command = 0;
+ }
+ num_tokens++;
+ token = strtok(NULL, " \t\n\v");
+ }
+ IF_FREE(buf);
+ if ((!token) && (num_tokens)) {
+ int i = 0;
+
+ if (!(buf = strdup(exe_cmd)))
+ return;
+
+ token = strtok(buf, " \t\n\v");
+ use_sh = 0;
+ if (!
+ (args =
+ (char **) calloc(num_tokens + 1,
+ sizeof(char *)))) {
+ IF_FREE(buf);
+ return;
+ }
+ for (i = 0; i < num_tokens; i++) {
+ if (token)
+ args[i] = token;
+ token = strtok(NULL, " \t\n\v");
+ }
+ args[num_tokens] = NULL;
+ }
+ }
+
+ if (!(flags & ECORE_EXE_NOT_LEADER))
+ setsid();
+ if ((flags & ECORE_EXE_USE_SH)) {
+ errno = 0;
+ execl("/bin/sh", "/bin/sh", "-c", exe_cmd, (char *) NULL);
+ } else if (use_sh) { /* We have to use a shell to run this. */
+ if (!shell) { /* Find users preferred shell. */
+ shell = getenv("SHELL");
+ if (!shell)
+ shell = "/bin/sh";
+ }
+ errno = 0;
+ execl(shell, shell, "-c", exe_cmd, (char *) NULL);
+ } else { /* We can run this directly. */
+ errno = 0;
+ execvp(args[0], args);
+ }
+
+ save_errno = errno;
+ IF_FREE(buf);
+ IF_FREE(args);
+ errno = save_errno;
+ return;
}
static Eina_Bool
-_ecore_exe_data_generic_handler(void *data, Ecore_Fd_Handler *fd_handler, Ecore_Exe_Flags flags)
+_ecore_exe_data_generic_handler(void *data, Ecore_Fd_Handler * fd_handler,
+ Ecore_Exe_Flags flags)
{
- Ecore_Exe *exe;
- int child_fd;
- int event_type;
-
- exe = data;
-
- /* Sort out what sort of handler we are. */
- if (flags & ECORE_EXE_PIPE_READ)
- {
- flags = ECORE_EXE_PIPE_READ;
- event_type = ECORE_EXE_EVENT_DATA;
- child_fd = exe->child_fd_read;
- }
- else
- {
- flags = ECORE_EXE_PIPE_ERROR;
- event_type = ECORE_EXE_EVENT_ERROR;
- child_fd = exe->child_fd_error;
- }
-
- if ((fd_handler)
- && (ecore_main_fd_handler_active_get(fd_handler, ECORE_FD_READ)))
- {
- unsigned char *inbuf;
- int inbuf_num;
-
- /* Get any left over data from last time. */
- if (flags & ECORE_EXE_PIPE_READ)
- {
- inbuf = exe->read_data_buf;
- inbuf_num = exe->read_data_size;
- exe->read_data_buf = NULL;
- exe->read_data_size = 0;
- }
- else
- {
- inbuf = exe->error_data_buf;
- inbuf_num = exe->error_data_size;
- exe->error_data_buf = NULL;
- exe->error_data_size = 0;
- }
-
- for (;;)
- {
- int num, lost_exe;
- char buf[READBUFSIZ];
-
- lost_exe = 0;
- errno = 0;
- if ((num = read(child_fd, buf, READBUFSIZ)) < 1)
- /* FIXME: SPEED/SIZE TRADE OFF - add a smaller READBUFSIZE
- * (currently 64k) to inbuf, use that instead of buf, and
- * save ourselves a memcpy(). */
- {
- lost_exe = ((errno == EIO) ||
- (errno == EBADF) ||
- (errno == EPIPE) ||
- (errno == EINVAL) || (errno == ENOSPC));
- if ((errno != EAGAIN) && (errno != EINTR))
- perror("_ecore_exe_generic_handler() read problem ");
- }
- if (num > 0)
- { /* data got read. */
- inbuf = realloc(inbuf, inbuf_num + num);
- memcpy(inbuf + inbuf_num, buf, num);
- inbuf_num += num;
- }
- else
- { /* No more data to read. */
- if (inbuf)
- {
- Ecore_Exe_Event_Data *e;
-
- /* Stash the data away for later. */
- if (flags & ECORE_EXE_PIPE_READ)
- {
- exe->read_data_buf = inbuf;
- exe->read_data_size = inbuf_num;
- }
- else
- {
- exe->error_data_buf = inbuf;
- exe->error_data_size = inbuf_num;
- }
-
- if (!(exe->flags & ECORE_EXE_PIPE_AUTO))
- {
- e = ecore_exe_event_data_get(exe, flags);
- if (e) /* Send the event. */
- ecore_event_add(event_type, e,
- _ecore_exe_event_exe_data_free,
- NULL);
- }
- }
- if (lost_exe)
- {
- if (flags & ECORE_EXE_PIPE_READ)
- {
- if (exe->read_data_size)
- INF("There are %d bytes left unsent from the dead exe %s.",
- exe->read_data_size, exe->cmd);
- }
- else
- {
- if (exe->error_data_size)
- INF("There are %d bytes left unsent from the dead exe %s.",
- exe->error_data_size, exe->cmd);
- }
- /* Thought about this a bit. If the exe has actually
- * died, this won't do any harm as it must have died
- * recently and the pid has not had a chance to recycle.
- * It is also a paranoid catchall, coz the usual ecore_signal
- * mechenism should kick in. But let's give it a good
- * kick in the head anyway.
- */
- ecore_exe_terminate(exe);
- }
- break;
- }
- }
- }
-
- return ECORE_CALLBACK_RENEW;
+ Ecore_Exe *exe;
+ int child_fd;
+ int event_type;
+
+ exe = data;
+
+ /* Sort out what sort of handler we are. */
+ if (flags & ECORE_EXE_PIPE_READ) {
+ flags = ECORE_EXE_PIPE_READ;
+ event_type = ECORE_EXE_EVENT_DATA;
+ child_fd = exe->child_fd_read;
+ } else {
+ flags = ECORE_EXE_PIPE_ERROR;
+ event_type = ECORE_EXE_EVENT_ERROR;
+ child_fd = exe->child_fd_error;
+ }
+
+ if ((fd_handler)
+ &&
+ (ecore_main_fd_handler_active_get(fd_handler, ECORE_FD_READ)))
+ {
+ unsigned char *inbuf;
+ int inbuf_num;
+
+ /* Get any left over data from last time. */
+ if (flags & ECORE_EXE_PIPE_READ) {
+ inbuf = exe->read_data_buf;
+ inbuf_num = exe->read_data_size;
+ exe->read_data_buf = NULL;
+ exe->read_data_size = 0;
+ } else {
+ inbuf = exe->error_data_buf;
+ inbuf_num = exe->error_data_size;
+ exe->error_data_buf = NULL;
+ exe->error_data_size = 0;
+ }
+
+ for (;;) {
+ int num, lost_exe;
+ char buf[READBUFSIZ];
+
+ lost_exe = 0;
+ errno = 0;
+ if ((num = read(child_fd, buf, READBUFSIZ)) < 1)
+ /* FIXME: SPEED/SIZE TRADE OFF - add a smaller READBUFSIZE
+ * (currently 64k) to inbuf, use that instead of buf, and
+ * save ourselves a memcpy(). */
+ {
+ lost_exe = ((errno == EIO) ||
+ (errno == EBADF) ||
+ (errno == EPIPE) ||
+ (errno == EINVAL)
+ || (errno == ENOSPC));
+ if ((errno != EAGAIN) && (errno != EINTR))
+ perror
+ ("_ecore_exe_generic_handler() read problem ");
+ }
+ if (num > 0) { /* data got read. */
+ inbuf = realloc(inbuf, inbuf_num + num);
+ memcpy(inbuf + inbuf_num, buf, num);
+ inbuf_num += num;
+ } else { /* No more data to read. */
+ if (inbuf) {
+ Ecore_Exe_Event_Data *e;
+
+ /* Stash the data away for later. */
+ if (flags & ECORE_EXE_PIPE_READ) {
+ exe->read_data_buf = inbuf;
+ exe->read_data_size =
+ inbuf_num;
+ } else {
+ exe->error_data_buf =
+ inbuf;
+ exe->error_data_size =
+ inbuf_num;
+ }
+
+ if (!
+ (exe->
+ flags & ECORE_EXE_PIPE_AUTO))
+ {
+ e = ecore_exe_event_data_get(exe, flags);
+ if (e) /* Send the event. */
+ ecore_event_add
+ (event_type, e,
+ _ecore_exe_event_exe_data_free,
+ NULL);
+ }
+ }
+ if (lost_exe) {
+ if (flags & ECORE_EXE_PIPE_READ) {
+ if (exe->read_data_size)
+ INF("There are %d bytes left unsent from the dead exe %s.", exe->read_data_size, exe->cmd);
+ } else {
+ if (exe->error_data_size)
+ INF("There are %d bytes left unsent from the dead exe %s.", exe->error_data_size, exe->cmd);
+ }
+ /* Thought about this a bit. If the exe has actually
+ * died, this won't do any harm as it must have died
+ * recently and the pid has not had a chance to recycle.
+ * It is also a paranoid catchall, coz the usual ecore_signal
+ * mechenism should kick in. But let's give it a good
+ * kick in the head anyway.
+ */
+ ecore_exe_terminate(exe);
+ }
+ break;
+ }
+ }
+ }
+
+ return ECORE_CALLBACK_RENEW;
}
static Eina_Bool
-_ecore_exe_data_error_handler(void *data, Ecore_Fd_Handler *fd_handler)
+_ecore_exe_data_error_handler(void *data, Ecore_Fd_Handler * fd_handler)
{
- return _ecore_exe_data_generic_handler(data, fd_handler,
- ECORE_EXE_PIPE_ERROR);
+ return _ecore_exe_data_generic_handler(data, fd_handler,
+ ECORE_EXE_PIPE_ERROR);
}
static Eina_Bool
-_ecore_exe_data_read_handler(void *data, Ecore_Fd_Handler *fd_handler)
+_ecore_exe_data_read_handler(void *data, Ecore_Fd_Handler * fd_handler)
{
- return _ecore_exe_data_generic_handler(data, fd_handler,
- ECORE_EXE_PIPE_READ);
+ return _ecore_exe_data_generic_handler(data, fd_handler,
+ ECORE_EXE_PIPE_READ);
}
static Eina_Bool
-_ecore_exe_data_write_handler(void *data, Ecore_Fd_Handler *fd_handler __UNUSED__)
+_ecore_exe_data_write_handler(void *data,
+ Ecore_Fd_Handler * fd_handler __UNUSED__)
{
- Ecore_Exe *exe;
-
- exe = data;
- if ((exe->write_fd_handler) &&
- (ecore_main_fd_handler_active_get
- (exe->write_fd_handler, ECORE_FD_WRITE)))
- _ecore_exe_flush(exe);
-
- /* If we have sent all there is to send, and we need to close the pipe, then close it. */
- if ((exe->close_stdin == 1)
- && (exe->write_data_size == exe->write_data_offset))
- {
- int ok = 0;
- int result;
-
- INF("Closing stdin for %s", exe->cmd);
- /* if (exe->child_fd_write != -1) E_NO_ERRNO(result, fsync(exe->child_fd_write), ok); This a) doesn't work, and b) isn't needed. */
- IF_FN_DEL(ecore_main_fd_handler_del, exe->write_fd_handler);
- if (exe->child_fd_write != -1)
- E_NO_ERRNO(result, close(exe->child_fd_write), ok);
- exe->child_fd_write = -1;
- IF_FREE(exe->write_data_buf);
- }
-
- return ECORE_CALLBACK_RENEW;
+ Ecore_Exe *exe;
+
+ exe = data;
+ if ((exe->write_fd_handler) &&
+ (ecore_main_fd_handler_active_get
+ (exe->write_fd_handler, ECORE_FD_WRITE)))
+ _ecore_exe_flush(exe);
+
+ /* If we have sent all there is to send, and we need to close the pipe, then close it. */
+ if ((exe->close_stdin == 1)
+ && (exe->write_data_size == exe->write_data_offset)) {
+ int ok = 0;
+ int result;
+
+ INF("Closing stdin for %s", exe->cmd);
+ /* if (exe->child_fd_write != -1) E_NO_ERRNO(result, fsync(exe->child_fd_write), ok); This a) doesn't work, and b) isn't needed. */
+ IF_FN_DEL(ecore_main_fd_handler_del,
+ exe->write_fd_handler);
+ if (exe->child_fd_write != -1)
+ E_NO_ERRNO(result, close(exe->child_fd_write), ok);
+ exe->child_fd_write = -1;
+ IF_FREE(exe->write_data_buf);
+ }
+
+ return ECORE_CALLBACK_RENEW;
}
-static void
-_ecore_exe_flush(Ecore_Exe *exe)
+static void _ecore_exe_flush(Ecore_Exe * exe)
{
- int count;
-
- /* check whether we need to write anything at all. */
- if ((exe->child_fd_write == -1) || (!exe->write_data_buf))
- return;
- if (exe->write_data_size == exe->write_data_offset)
- return;
-
- count = write(exe->child_fd_write,
- (char *)exe->write_data_buf + exe->write_data_offset,
- exe->write_data_size - exe->write_data_offset);
- if (count < 1)
- {
- if (errno == EIO || errno == EBADF || errno == EPIPE || errno == EINVAL || errno == ENOSPC) /* we lost our exe! */
- {
- ecore_exe_terminate(exe);
- if (exe->write_fd_handler)
- ecore_main_fd_handler_active_set(exe->write_fd_handler, 0);
- }
- }
- else
- {
- exe->write_data_offset += count;
- if (exe->write_data_offset >= exe->write_data_size)
- { /* Nothing left to write, clean up. */
- exe->write_data_size = 0;
- exe->write_data_offset = 0;
- IF_FREE(exe->write_data_buf);
- if (exe->write_fd_handler)
- ecore_main_fd_handler_active_set(exe->write_fd_handler, 0);
- }
- }
+ int count;
+
+ /* check whether we need to write anything at all. */
+ if ((exe->child_fd_write == -1) || (!exe->write_data_buf))
+ return;
+ if (exe->write_data_size == exe->write_data_offset)
+ return;
+
+ count = write(exe->child_fd_write,
+ (char *) exe->write_data_buf +
+ exe->write_data_offset,
+ exe->write_data_size - exe->write_data_offset);
+ if (count < 1) {
+ if (errno == EIO || errno == EBADF || errno == EPIPE || errno == EINVAL || errno == ENOSPC) { /* we lost our exe! */
+ ecore_exe_terminate(exe);
+ if (exe->write_fd_handler)
+ ecore_main_fd_handler_active_set(exe->
+ write_fd_handler,
+ 0);
+ }
+ } else {
+ exe->write_data_offset += count;
+ if (exe->write_data_offset >= exe->write_data_size) { /* Nothing left to write, clean up. */
+ exe->write_data_size = 0;
+ exe->write_data_offset = 0;
+ IF_FREE(exe->write_data_buf);
+ if (exe->write_fd_handler)
+ ecore_main_fd_handler_active_set(exe->
+ write_fd_handler,
+ 0);
+ }
+ }
}
-static void
-_ecore_exe_event_exe_data_free(void *data __UNUSED__, void *ev)
+static void _ecore_exe_event_exe_data_free(void *data __UNUSED__, void *ev)
{
- Ecore_Exe_Event_Data *e;
+ Ecore_Exe_Event_Data *e;
- e = ev;
- ecore_exe_event_data_free(e);
+ e = ev;
+ ecore_exe_event_data_free(e);
}
-static Ecore_Exe_Event_Add *
-_ecore_exe_event_add_new(void)
+static Ecore_Exe_Event_Add *_ecore_exe_event_add_new(void)
{
- Ecore_Exe_Event_Add *e;
+ Ecore_Exe_Event_Add *e;
- e = calloc(1, sizeof(Ecore_Exe_Event_Add));
- return e;
+ e = calloc(1, sizeof(Ecore_Exe_Event_Add));
+ return e;
}
-static void
-_ecore_exe_event_add_free(void *data __UNUSED__, void *ev)
+static void _ecore_exe_event_add_free(void *data __UNUSED__, void *ev)
{
- Ecore_Exe_Event_Add *e;
+ Ecore_Exe_Event_Add *e;
- e = ev;
- free(e);
+ e = ev;
+ free(e);
}
-void *
-_ecore_exe_event_del_new(void)
+void *_ecore_exe_event_del_new(void)
{
- Ecore_Exe_Event_Del *e;
+ Ecore_Exe_Event_Del *e;
- e = calloc(1, sizeof(Ecore_Exe_Event_Del));
- return e;
+ e = calloc(1, sizeof(Ecore_Exe_Event_Del));
+ return e;
}
-void
-_ecore_exe_event_del_free(void *data __UNUSED__, void *ev)
+void _ecore_exe_event_del_free(void *data __UNUSED__, void *ev)
{
- Ecore_Exe_Event_Del *e;
+ Ecore_Exe_Event_Del *e;
- e = ev;
- if (e->exe)
- ecore_exe_free(e->exe);
- free(e);
+ e = ev;
+ if (e->exe)
+ ecore_exe_free(e->exe);
+ free(e);
}
-static void
-_ecore_exe_dead_attach(Ecore_Exe *exe)
+static void _ecore_exe_dead_attach(Ecore_Exe * exe)
{
- struct _ecore_exe_dead_exe *dead;
-
- if (exe->doomsday_clock_dead) return;
- dead = calloc(1, sizeof(struct _ecore_exe_dead_exe));
- if (dead)
- {
- dead->pid = exe->pid;
- dead->cmd = strdup(exe->cmd);
- IF_FN_DEL(ecore_timer_del, exe->doomsday_clock);
- exe->doomsday_clock =
- ecore_timer_add(10.0, _ecore_exe_make_sure_its_dead, dead);
- exe->doomsday_clock_dead = dead;
- }
+ struct _ecore_exe_dead_exe *dead;
+
+ if (exe->doomsday_clock_dead)
+ return;
+ dead = calloc(1, sizeof(struct _ecore_exe_dead_exe));
+ if (dead) {
+ dead->pid = exe->pid;
+ dead->cmd = strdup(exe->cmd);
+ IF_FN_DEL(ecore_timer_del, exe->doomsday_clock);
+ exe->doomsday_clock =
+ ecore_timer_add(10.0, _ecore_exe_make_sure_its_dead,
+ dead);
+ exe->doomsday_clock_dead = dead;
+ }
}
diff --git a/tests/suite/ecore/src/lib/ecore_getopt.c b/tests/suite/ecore/src/lib/ecore_getopt.c
index 5b1c7bf9ea..1fdd233693 100644
--- a/tests/suite/ecore/src/lib/ecore_getopt.c
+++ b/tests/suite/ecore/src/lib/ecore_getopt.c
@@ -1,22 +1,22 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#ifdef HAVE_ALLOCA_H
-# include <alloca.h>
+#include <alloca.h>
#elif defined __GNUC__
-# define alloca __builtin_alloca
+#define alloca __builtin_alloca
#elif defined _AIX
-# define alloca __alloca
+#define alloca __alloca
#elif defined _MSC_VER
-# include <malloc.h>
-# define alloca _alloca
+#include <malloc.h>
+#define alloca _alloca
#else
-# include <stddef.h>
-# ifdef __cplusplus
+#include <stddef.h>
+#ifdef __cplusplus
extern "C"
-# endif
-void *alloca (size_t);
+#endif
+void *alloca(size_t);
#endif
#include <stdio.h>
@@ -25,16 +25,16 @@ void *alloca (size_t);
#include <ctype.h>
#ifdef ENABLE_NLS
-# include <libintl.h>
+#include <libintl.h>
#else
-# define gettext(x) (x)
-# define dgettext(domain, x) (x)
+#define gettext(x) (x)
+#define dgettext(domain, x) (x)
#endif
#define _(x) dgettext("ecore", x)
#ifdef _WIN32_WCE
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "Ecore.h"
@@ -47,560 +47,544 @@ static int cols = 80;
static int helpcol = 80 / 3;
static void
-_ecore_getopt_help_print_replace_program(FILE *fp, const Ecore_Getopt *parser __UNUSED__, const char *text)
+_ecore_getopt_help_print_replace_program(FILE * fp,
+ const Ecore_Getopt *
+ parser __UNUSED__,
+ const char *text)
{
- do
- {
- const char *d = strchr(text, '%');
-
- if (!d)
- {
- fputs(text, fp);
- break;
- }
-
- if (fwrite(text, 1, d - text, fp) != (size_t)(d - text))
- return;
- d++;
- if (strncmp(d, "prog", sizeof("prog") - 1) == 0)
- {
- fputs(prog ? prog : "???", fp);
- d += sizeof("prog") - 1;
- }
- else
- {
- if (d[0] == '%')
- d++;
- fputc('%', fp);
- }
-
- text = d;
- }
- while (text[0] != '\0');
-
- fputc('\n', fp);
+ do {
+ const char *d = strchr(text, '%');
+
+ if (!d) {
+ fputs(text, fp);
+ break;
+ }
+
+ if (fwrite(text, 1, d - text, fp) != (size_t) (d - text))
+ return;
+ d++;
+ if (strncmp(d, "prog", sizeof("prog") - 1) == 0) {
+ fputs(prog ? prog : "???", fp);
+ d += sizeof("prog") - 1;
+ } else {
+ if (d[0] == '%')
+ d++;
+ fputc('%', fp);
+ }
+
+ text = d;
+ }
+ while (text[0] != '\0');
+
+ fputc('\n', fp);
}
-static void
-_ecore_getopt_version(FILE *fp, const Ecore_Getopt *parser)
+static void _ecore_getopt_version(FILE * fp, const Ecore_Getopt * parser)
{
- fputs(_("Version:"), fp);
- fputc(' ', fp);
- _ecore_getopt_help_print_replace_program(fp, parser, parser->version);
+ fputs(_("Version:"), fp);
+ fputc(' ', fp);
+ _ecore_getopt_help_print_replace_program(fp, parser,
+ parser->version);
}
static void
-_ecore_getopt_help_usage(FILE *fp, const Ecore_Getopt *parser)
+_ecore_getopt_help_usage(FILE * fp, const Ecore_Getopt * parser)
{
- fputs(_("Usage:"), fp);
- fputc(' ', fp);
+ fputs(_("Usage:"), fp);
+ fputc(' ', fp);
- if (!parser->usage)
- {
- fprintf(fp, _("%s [options]\n"), prog);
- return;
- }
+ if (!parser->usage) {
+ fprintf(fp, _("%s [options]\n"), prog);
+ return;
+ }
- _ecore_getopt_help_print_replace_program(fp, parser, gettext(parser->usage));
+ _ecore_getopt_help_print_replace_program(fp, parser,
+ gettext(parser->usage));
}
static int
-_ecore_getopt_help_line(FILE *fp, const int base, const int total, int used, const char *text, int len)
+_ecore_getopt_help_line(FILE * fp, const int base, const int total,
+ int used, const char *text, int len)
{
- int linebreak = 0;
- do
- {
- /* process line considering spaces (new line and tabs are spaces!) */
- while ((used < total) && (len > 0))
- {
- const char *space = NULL;
- int i, todo;
-
- todo = total - used;
- if (todo > len)
- todo = len;
-
- for (i = 0; i < todo; i++)
- if (isspace(text[i]))
- {
- space = text + i;
- break;
- }
-
- if (space)
- {
- i = fwrite(text, 1, i, fp);
- i++;
- text += i;
- len -= i;
- used += i;
-
- if (linebreak)
- {
- linebreak = 0;
- continue;
- }
-
- if (space[0] == '\n')
- break;
- else if (space[0] == '\t')
- {
- int c;
-
- used--;
- c = ((used / 8) + 1) * 8;
- if (c < total)
- {
- for (; used < c; used++)
- fputc(' ', fp);
- }
- else
- {
- text--;
- len++;
- break;
- }
- }
- else if (used < total)
- fputc(space[0], fp);
- }
- else
- {
- i = fwrite(text, 1, i, fp);
- text += i;
- len -= i;
- used += i;
- }
- linebreak = 0;
- }
- if (len <= 0)
- break;
- linebreak = 1;
- fputc('\n', fp);
- for (used = 0; used < base; used++)
- fputc(' ', fp);
- }
- while (1);
-
- return used;
+ int linebreak = 0;
+ do {
+ /* process line considering spaces (new line and tabs are spaces!) */
+ while ((used < total) && (len > 0)) {
+ const char *space = NULL;
+ int i, todo;
+
+ todo = total - used;
+ if (todo > len)
+ todo = len;
+
+ for (i = 0; i < todo; i++)
+ if (isspace(text[i])) {
+ space = text + i;
+ break;
+ }
+
+ if (space) {
+ i = fwrite(text, 1, i, fp);
+ i++;
+ text += i;
+ len -= i;
+ used += i;
+
+ if (linebreak) {
+ linebreak = 0;
+ continue;
+ }
+
+ if (space[0] == '\n')
+ break;
+ else if (space[0] == '\t') {
+ int c;
+
+ used--;
+ c = ((used / 8) + 1) * 8;
+ if (c < total) {
+ for (; used < c; used++)
+ fputc(' ', fp);
+ } else {
+ text--;
+ len++;
+ break;
+ }
+ } else if (used < total)
+ fputc(space[0], fp);
+ } else {
+ i = fwrite(text, 1, i, fp);
+ text += i;
+ len -= i;
+ used += i;
+ }
+ linebreak = 0;
+ }
+ if (len <= 0)
+ break;
+ linebreak = 1;
+ fputc('\n', fp);
+ for (used = 0; used < base; used++)
+ fputc(' ', fp);
+ }
+ while (1);
+
+ return used;
}
static void
-_ecore_getopt_help_description(FILE *fp, const Ecore_Getopt *parser)
+_ecore_getopt_help_description(FILE * fp, const Ecore_Getopt * parser)
{
- const char *p, *prg, *ver;
- int used, prglen, verlen;
-
- p = gettext(parser->description);
- if (!p)
- return;
-
- fputc('\n', fp);
-
- prg = prog ? prog : "???";
- ver = parser->version ? parser->version : "???";
-
- prglen = strlen(prg);
- verlen = strlen(ver);
-
- used = 0;
-
- do
- {
- const char *d = strchr(p, '%');
-
- if (!d)
- {
- _ecore_getopt_help_line(fp, 0, cols, used, p, strlen(p));
- break;
- }
-
- used = _ecore_getopt_help_line(fp, 0, cols, used, p, d - p);
- d++;
- if (strncmp(d, "prog", sizeof("prog") - 1) == 0)
- {
- used = _ecore_getopt_help_line(fp, 0, cols, used, prg, prglen);
- d += sizeof("prog") - 1;
- }
- else if (strncmp(d, "version", sizeof("version") - 1) == 0)
- {
- used = _ecore_getopt_help_line(fp, 0, cols, used, ver, verlen);
- d += sizeof("version") - 1;
- }
- else
- {
- if (d[0] == '%')
- d++;
- used = _ecore_getopt_help_line(fp, 0, cols, used, "%", 1);
- }
-
- p = d;
- }
- while (p[0] != '\0');
-
- fputs("\n\n", fp);
+ const char *p, *prg, *ver;
+ int used, prglen, verlen;
+
+ p = gettext(parser->description);
+ if (!p)
+ return;
+
+ fputc('\n', fp);
+
+ prg = prog ? prog : "???";
+ ver = parser->version ? parser->version : "???";
+
+ prglen = strlen(prg);
+ verlen = strlen(ver);
+
+ used = 0;
+
+ do {
+ const char *d = strchr(p, '%');
+
+ if (!d) {
+ _ecore_getopt_help_line(fp, 0, cols, used, p,
+ strlen(p));
+ break;
+ }
+
+ used =
+ _ecore_getopt_help_line(fp, 0, cols, used, p, d - p);
+ d++;
+ if (strncmp(d, "prog", sizeof("prog") - 1) == 0) {
+ used =
+ _ecore_getopt_help_line(fp, 0, cols, used, prg,
+ prglen);
+ d += sizeof("prog") - 1;
+ } else if (strncmp(d, "version", sizeof("version") - 1) ==
+ 0) {
+ used =
+ _ecore_getopt_help_line(fp, 0, cols, used, ver,
+ verlen);
+ d += sizeof("version") - 1;
+ } else {
+ if (d[0] == '%')
+ d++;
+ used =
+ _ecore_getopt_help_line(fp, 0, cols, used, "%",
+ 1);
+ }
+
+ p = d;
+ }
+ while (p[0] != '\0');
+
+ fputs("\n\n", fp);
}
-static void
-_ecore_getopt_copyright(FILE *fp, const Ecore_Getopt *parser)
+static void _ecore_getopt_copyright(FILE * fp, const Ecore_Getopt * parser)
{
- const char *txt = gettext(parser->copyright);
- fputs(_("Copyright:"), fp);
- fputs("\n ", fp);
- _ecore_getopt_help_line
- (fp, 3, cols, 3, txt, strlen(txt));
- fputc('\n', fp);
+ const char *txt = gettext(parser->copyright);
+ fputs(_("Copyright:"), fp);
+ fputs("\n ", fp);
+ _ecore_getopt_help_line(fp, 3, cols, 3, txt, strlen(txt));
+ fputc('\n', fp);
}
-static void
-_ecore_getopt_license(FILE *fp, const Ecore_Getopt *parser)
+static void _ecore_getopt_license(FILE * fp, const Ecore_Getopt * parser)
{
- const char *txt = gettext(parser->license);
- fputs(_("License:"), fp);
- fputs("\n ", fp);
- _ecore_getopt_help_line
- (fp, 3, cols, 3, txt, strlen(txt));
- fputc('\n', fp);
+ const char *txt = gettext(parser->license);
+ fputs(_("License:"), fp);
+ fputs("\n ", fp);
+ _ecore_getopt_help_line(fp, 3, cols, 3, txt, strlen(txt));
+ fputc('\n', fp);
}
static Ecore_Getopt_Desc_Arg_Requirement
-_ecore_getopt_desc_arg_requirement(const Ecore_Getopt_Desc *desc)
+_ecore_getopt_desc_arg_requirement(const Ecore_Getopt_Desc * desc)
{
- switch (desc->action)
- {
- case ECORE_GETOPT_ACTION_STORE:
- return desc->action_param.store.arg_req;
- case ECORE_GETOPT_ACTION_STORE_CONST:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
- case ECORE_GETOPT_ACTION_STORE_TRUE:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
- case ECORE_GETOPT_ACTION_STORE_FALSE:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
- case ECORE_GETOPT_ACTION_CHOICE:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES;
- case ECORE_GETOPT_ACTION_APPEND:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES;
- case ECORE_GETOPT_ACTION_COUNT:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
- case ECORE_GETOPT_ACTION_CALLBACK:
- return desc->action_param.callback.arg_req;
- case ECORE_GETOPT_ACTION_HELP:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
- case ECORE_GETOPT_ACTION_VERSION:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
- default:
- return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
- }
+ switch (desc->action) {
+ case ECORE_GETOPT_ACTION_STORE:
+ return desc->action_param.store.arg_req;
+ case ECORE_GETOPT_ACTION_STORE_CONST:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
+ case ECORE_GETOPT_ACTION_STORE_TRUE:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
+ case ECORE_GETOPT_ACTION_STORE_FALSE:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
+ case ECORE_GETOPT_ACTION_CHOICE:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES;
+ case ECORE_GETOPT_ACTION_APPEND:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES;
+ case ECORE_GETOPT_ACTION_COUNT:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
+ case ECORE_GETOPT_ACTION_CALLBACK:
+ return desc->action_param.callback.arg_req;
+ case ECORE_GETOPT_ACTION_HELP:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
+ case ECORE_GETOPT_ACTION_VERSION:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
+ default:
+ return ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO;
+ }
}
static void
-_ecore_getopt_help_desc_setup_metavar(const Ecore_Getopt_Desc *desc, char *metavar, int *metavarlen, int maxsize)
+_ecore_getopt_help_desc_setup_metavar(const Ecore_Getopt_Desc * desc,
+ char *metavar, int *metavarlen,
+ int maxsize)
{
- if (desc->metavar)
- {
- const char *txt = gettext(desc->metavar);
- *metavarlen = strlen(txt);
- if (*metavarlen > maxsize - 1)
- *metavarlen = maxsize - 1;
-
- memcpy(metavar, txt, *metavarlen);
- metavar[*metavarlen] = '\0';
- }
- else if (desc->longname)
- {
- int i;
-
- *metavarlen = strlen(desc->longname);
- if (*metavarlen > maxsize - 1)
- *metavarlen = maxsize - 1;
-
- for (i = 0; i < *metavarlen; i++)
- metavar[i] = toupper(desc->longname[i]);
- metavar[i] = '\0';
- }
+ if (desc->metavar) {
+ const char *txt = gettext(desc->metavar);
+ *metavarlen = strlen(txt);
+ if (*metavarlen > maxsize - 1)
+ *metavarlen = maxsize - 1;
+
+ memcpy(metavar, txt, *metavarlen);
+ metavar[*metavarlen] = '\0';
+ } else if (desc->longname) {
+ int i;
+
+ *metavarlen = strlen(desc->longname);
+ if (*metavarlen > maxsize - 1)
+ *metavarlen = maxsize - 1;
+
+ for (i = 0; i < *metavarlen; i++)
+ metavar[i] = toupper(desc->longname[i]);
+ metavar[i] = '\0';
+ }
}
static int
-_ecore_getopt_help_desc_show_arg(FILE *fp, Ecore_Getopt_Desc_Arg_Requirement requirement, const char *metavar, int metavarlen)
+_ecore_getopt_help_desc_show_arg(FILE * fp,
+ Ecore_Getopt_Desc_Arg_Requirement
+ requirement, const char *metavar,
+ int metavarlen)
{
- int used;
+ int used;
- if (requirement == ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
- return 0;
+ if (requirement == ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
+ return 0;
- used = 0;
+ used = 0;
- if (requirement == ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL)
- {
- fputc('[', fp);
- used++;
- }
+ if (requirement == ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL) {
+ fputc('[', fp);
+ used++;
+ }
- if (requirement != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
- {
- fputc('=', fp);
- fputs(metavar, fp);
- used += metavarlen + 1;
- }
+ if (requirement != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO) {
+ fputc('=', fp);
+ fputs(metavar, fp);
+ used += metavarlen + 1;
+ }
- if (requirement == ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL)
- {
- fputc(']', fp);
- used++;
- }
+ if (requirement == ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL) {
+ fputc(']', fp);
+ used++;
+ }
- return used;
+ return used;
}
static int
-_ecore_getopt_help_desc_store(FILE *fp, const int base, const int total, int used, const Ecore_Getopt_Desc *desc)
+_ecore_getopt_help_desc_store(FILE * fp, const int base, const int total,
+ int used, const Ecore_Getopt_Desc * desc)
{
- const Ecore_Getopt_Desc_Store *store = &desc->action_param.store;
- char buf[64];
- const char *str;
- size_t len;
-
- fputc('\n', fp);
- for (used = 0; used < base; used++)
- fputc(' ', fp);
-
- switch (store->type)
- {
- case ECORE_GETOPT_TYPE_STR:
- str = "STR";
- len = sizeof("STR") - 1;
- break;
- case ECORE_GETOPT_TYPE_BOOL:
- str = "BOOL";
- len = sizeof("BOOL") - 1;
- break;
- case ECORE_GETOPT_TYPE_SHORT:
- str = "SHORT";
- len = sizeof("SHORT") - 1;
- break;
- case ECORE_GETOPT_TYPE_INT:
- str = "INT";
- len = sizeof("INT") - 1;
- break;
- case ECORE_GETOPT_TYPE_LONG:
- str = "LONG";
- len = sizeof("LONG") - 1;
- break;
- case ECORE_GETOPT_TYPE_USHORT:
- str = "USHORT";
- len = sizeof("USHORT") - 1;
- break;
- case ECORE_GETOPT_TYPE_UINT:
- str = "UINT";
- len = sizeof("UINT") - 1;
- break;
- case ECORE_GETOPT_TYPE_ULONG:
- str = "ULONG";
- len = sizeof("ULONG") - 1;
- break;
- case ECORE_GETOPT_TYPE_DOUBLE:
- str = "DOUBLE";
- len = sizeof("DOUBLE") - 1;
- break;
- default:
- str = "???";
- len = sizeof("???") - 1;
- }
-
- used = _ecore_getopt_help_line
- (fp, base, total, used, _("Type: "), strlen(_("Type: ")));
- used = _ecore_getopt_help_line(fp, base, total, used, str, len);
-
- if (store->arg_req == ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES)
- goto end;
-
- used = _ecore_getopt_help_line
- (fp, base, total, used, ". ", sizeof(". ") - 1);
-
- switch (store->type)
- {
- case ECORE_GETOPT_TYPE_STR:
- str = store->def.strv;
- len = str ? strlen(str) : 0;
- break;
- case ECORE_GETOPT_TYPE_BOOL:
- str = store->def.boolv ? "true" : "false";
- len = strlen(str);
- break;
- case ECORE_GETOPT_TYPE_SHORT:
- str = buf;
- len = snprintf(buf, sizeof(buf), "%hd", store->def.shortv);
- if (len > sizeof(buf) - 1)
- len = sizeof(buf) - 1;
- break;
- case ECORE_GETOPT_TYPE_INT:
- str = buf;
- len = snprintf(buf, sizeof(buf), "%d", store->def.intv);
- if (len > sizeof(buf) - 1)
- len = sizeof(buf) - 1;
- break;
- case ECORE_GETOPT_TYPE_LONG:
- str = buf;
- len = snprintf(buf, sizeof(buf), "%ld", store->def.longv);
- if (len > sizeof(buf) - 1)
- len = sizeof(buf) - 1;
- break;
- case ECORE_GETOPT_TYPE_USHORT:
- str = buf;
- len = snprintf(buf, sizeof(buf), "%hu", store->def.ushortv);
- if (len > sizeof(buf) - 1)
- len = sizeof(buf) - 1;
- break;
- case ECORE_GETOPT_TYPE_UINT:
- str = buf;
- len = snprintf(buf, sizeof(buf), "%u", store->def.uintv);
- if (len > sizeof(buf) - 1)
- len = sizeof(buf) - 1;
- break;
- case ECORE_GETOPT_TYPE_ULONG:
- str = buf;
- len = snprintf(buf, sizeof(buf), "%lu", store->def.ulongv);
- if (len > sizeof(buf) - 1)
- len = sizeof(buf) - 1;
- break;
- case ECORE_GETOPT_TYPE_DOUBLE:
- str = buf;
- len = snprintf(buf, sizeof(buf), "%f", store->def.doublev);
- if (len > sizeof(buf) - 1)
- len = sizeof(buf) - 1;
- break;
- default:
- str = "???";
- len = sizeof("???") - 1;
- }
-
- used = _ecore_getopt_help_line
- (fp, base, total, used, _("Default: "), strlen(_("Default: ")));
- used = _ecore_getopt_help_line(fp, base, total, used, str, len);
-
- end:
- return _ecore_getopt_help_line(fp, base, total, used, ".", 1);
+ const Ecore_Getopt_Desc_Store *store = &desc->action_param.store;
+ char buf[64];
+ const char *str;
+ size_t len;
+
+ fputc('\n', fp);
+ for (used = 0; used < base; used++)
+ fputc(' ', fp);
+
+ switch (store->type) {
+ case ECORE_GETOPT_TYPE_STR:
+ str = "STR";
+ len = sizeof("STR") - 1;
+ break;
+ case ECORE_GETOPT_TYPE_BOOL:
+ str = "BOOL";
+ len = sizeof("BOOL") - 1;
+ break;
+ case ECORE_GETOPT_TYPE_SHORT:
+ str = "SHORT";
+ len = sizeof("SHORT") - 1;
+ break;
+ case ECORE_GETOPT_TYPE_INT:
+ str = "INT";
+ len = sizeof("INT") - 1;
+ break;
+ case ECORE_GETOPT_TYPE_LONG:
+ str = "LONG";
+ len = sizeof("LONG") - 1;
+ break;
+ case ECORE_GETOPT_TYPE_USHORT:
+ str = "USHORT";
+ len = sizeof("USHORT") - 1;
+ break;
+ case ECORE_GETOPT_TYPE_UINT:
+ str = "UINT";
+ len = sizeof("UINT") - 1;
+ break;
+ case ECORE_GETOPT_TYPE_ULONG:
+ str = "ULONG";
+ len = sizeof("ULONG") - 1;
+ break;
+ case ECORE_GETOPT_TYPE_DOUBLE:
+ str = "DOUBLE";
+ len = sizeof("DOUBLE") - 1;
+ break;
+ default:
+ str = "???";
+ len = sizeof("???") - 1;
+ }
+
+ used = _ecore_getopt_help_line
+ (fp, base, total, used, _("Type: "), strlen(_("Type: ")));
+ used = _ecore_getopt_help_line(fp, base, total, used, str, len);
+
+ if (store->arg_req == ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES)
+ goto end;
+
+ used = _ecore_getopt_help_line
+ (fp, base, total, used, ". ", sizeof(". ") - 1);
+
+ switch (store->type) {
+ case ECORE_GETOPT_TYPE_STR:
+ str = store->def.strv;
+ len = str ? strlen(str) : 0;
+ break;
+ case ECORE_GETOPT_TYPE_BOOL:
+ str = store->def.boolv ? "true" : "false";
+ len = strlen(str);
+ break;
+ case ECORE_GETOPT_TYPE_SHORT:
+ str = buf;
+ len = snprintf(buf, sizeof(buf), "%hd", store->def.shortv);
+ if (len > sizeof(buf) - 1)
+ len = sizeof(buf) - 1;
+ break;
+ case ECORE_GETOPT_TYPE_INT:
+ str = buf;
+ len = snprintf(buf, sizeof(buf), "%d", store->def.intv);
+ if (len > sizeof(buf) - 1)
+ len = sizeof(buf) - 1;
+ break;
+ case ECORE_GETOPT_TYPE_LONG:
+ str = buf;
+ len = snprintf(buf, sizeof(buf), "%ld", store->def.longv);
+ if (len > sizeof(buf) - 1)
+ len = sizeof(buf) - 1;
+ break;
+ case ECORE_GETOPT_TYPE_USHORT:
+ str = buf;
+ len =
+ snprintf(buf, sizeof(buf), "%hu", store->def.ushortv);
+ if (len > sizeof(buf) - 1)
+ len = sizeof(buf) - 1;
+ break;
+ case ECORE_GETOPT_TYPE_UINT:
+ str = buf;
+ len = snprintf(buf, sizeof(buf), "%u", store->def.uintv);
+ if (len > sizeof(buf) - 1)
+ len = sizeof(buf) - 1;
+ break;
+ case ECORE_GETOPT_TYPE_ULONG:
+ str = buf;
+ len = snprintf(buf, sizeof(buf), "%lu", store->def.ulongv);
+ if (len > sizeof(buf) - 1)
+ len = sizeof(buf) - 1;
+ break;
+ case ECORE_GETOPT_TYPE_DOUBLE:
+ str = buf;
+ len = snprintf(buf, sizeof(buf), "%f", store->def.doublev);
+ if (len > sizeof(buf) - 1)
+ len = sizeof(buf) - 1;
+ break;
+ default:
+ str = "???";
+ len = sizeof("???") - 1;
+ }
+
+ used = _ecore_getopt_help_line
+ (fp, base, total, used, _("Default: "),
+ strlen(_("Default: ")));
+ used = _ecore_getopt_help_line(fp, base, total, used, str, len);
+
+ end:
+ return _ecore_getopt_help_line(fp, base, total, used, ".", 1);
}
static int
-_ecore_getopt_help_desc_choices(FILE *fp, const int base, const int total, int used, const Ecore_Getopt_Desc *desc)
+_ecore_getopt_help_desc_choices(FILE * fp, const int base, const int total,
+ int used, const Ecore_Getopt_Desc * desc)
{
- const char *const *itr;
- const char sep[] = ", ";
- const int seplen = sizeof(sep) - 1;
-
- if (used > 0)
- {
- fputc('\n', fp);
- used = 0;
- }
- for (; used < base; used++)
- fputc(' ', fp);
-
- used = _ecore_getopt_help_line
- (fp, base, total, used, _("Choices: "), strlen(_("Choices: ")));
-
- for (itr = desc->action_param.choices; *itr; itr++)
- {
- used = _ecore_getopt_help_line
- (fp, base, total, used, *itr, strlen(*itr));
- if (itr[1])
- used = _ecore_getopt_help_line(fp, base, total, used, sep, seplen);
- }
-
- return _ecore_getopt_help_line(fp, base, total, used, ".", 1);
+ const char *const *itr;
+ const char sep[] = ", ";
+ const int seplen = sizeof(sep) - 1;
+
+ if (used > 0) {
+ fputc('\n', fp);
+ used = 0;
+ }
+ for (; used < base; used++)
+ fputc(' ', fp);
+
+ used = _ecore_getopt_help_line
+ (fp, base, total, used, _("Choices: "),
+ strlen(_("Choices: ")));
+
+ for (itr = desc->action_param.choices; *itr; itr++) {
+ used = _ecore_getopt_help_line
+ (fp, base, total, used, *itr, strlen(*itr));
+ if (itr[1])
+ used =
+ _ecore_getopt_help_line(fp, base, total, used,
+ sep, seplen);
+ }
+
+ return _ecore_getopt_help_line(fp, base, total, used, ".", 1);
}
static void
-_ecore_getopt_help_desc(FILE *fp, const Ecore_Getopt_Desc *desc)
+_ecore_getopt_help_desc(FILE * fp, const Ecore_Getopt_Desc * desc)
{
- Ecore_Getopt_Desc_Arg_Requirement arg_req;
- char metavar[32] = "ARG";
- int metavarlen = 3;
- int used;
-
- arg_req = _ecore_getopt_desc_arg_requirement(desc);
- if (arg_req != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
- _ecore_getopt_help_desc_setup_metavar
- (desc, metavar, &metavarlen, sizeof(metavar));
-
- fputs(" ", fp);
- used = 2;
-
- if (desc->shortname)
- {
- fputc('-', fp);
- fputc(desc->shortname, fp);
- used += 2;
- used += _ecore_getopt_help_desc_show_arg
- (fp, arg_req, metavar, metavarlen);
- }
-
- if (desc->shortname && desc->longname)
- {
- fputs(", ", fp);
- used += 2;
- }
-
- if (desc->longname)
- {
- int namelen = strlen(desc->longname);
-
- fputs("--", fp);
- fputs(desc->longname, fp);
- used += 2 + namelen;
- used += _ecore_getopt_help_desc_show_arg
- (fp, arg_req, metavar, metavarlen);
- }
-
- if (!desc->help)
- goto end;
-
- if (used + 3 >= helpcol)
- {
- fputc('\n', fp);
- used = 0;
- }
-
- for (; used < helpcol; used++)
- fputc(' ', fp);
-
- used = _ecore_getopt_help_line
- (fp, helpcol, cols, used, desc->help, strlen(desc->help));
-
- switch (desc->action)
- {
- case ECORE_GETOPT_ACTION_STORE:
- _ecore_getopt_help_desc_store(fp, helpcol, cols, used, desc);
- break;
- case ECORE_GETOPT_ACTION_CHOICE:
- _ecore_getopt_help_desc_choices(fp, helpcol, cols, used, desc);
- break;
- default:
- break;
- }
-
- end:
- fputc('\n', fp);
+ Ecore_Getopt_Desc_Arg_Requirement arg_req;
+ char metavar[32] = "ARG";
+ int metavarlen = 3;
+ int used;
+
+ arg_req = _ecore_getopt_desc_arg_requirement(desc);
+ if (arg_req != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
+ _ecore_getopt_help_desc_setup_metavar
+ (desc, metavar, &metavarlen, sizeof(metavar));
+
+ fputs(" ", fp);
+ used = 2;
+
+ if (desc->shortname) {
+ fputc('-', fp);
+ fputc(desc->shortname, fp);
+ used += 2;
+ used += _ecore_getopt_help_desc_show_arg
+ (fp, arg_req, metavar, metavarlen);
+ }
+
+ if (desc->shortname && desc->longname) {
+ fputs(", ", fp);
+ used += 2;
+ }
+
+ if (desc->longname) {
+ int namelen = strlen(desc->longname);
+
+ fputs("--", fp);
+ fputs(desc->longname, fp);
+ used += 2 + namelen;
+ used += _ecore_getopt_help_desc_show_arg
+ (fp, arg_req, metavar, metavarlen);
+ }
+
+ if (!desc->help)
+ goto end;
+
+ if (used + 3 >= helpcol) {
+ fputc('\n', fp);
+ used = 0;
+ }
+
+ for (; used < helpcol; used++)
+ fputc(' ', fp);
+
+ used = _ecore_getopt_help_line
+ (fp, helpcol, cols, used, desc->help, strlen(desc->help));
+
+ switch (desc->action) {
+ case ECORE_GETOPT_ACTION_STORE:
+ _ecore_getopt_help_desc_store(fp, helpcol, cols, used,
+ desc);
+ break;
+ case ECORE_GETOPT_ACTION_CHOICE:
+ _ecore_getopt_help_desc_choices(fp, helpcol, cols, used,
+ desc);
+ break;
+ default:
+ break;
+ }
+
+ end:
+ fputc('\n', fp);
}
static unsigned char
-_ecore_getopt_desc_is_sentinel(const Ecore_Getopt_Desc *desc)
+_ecore_getopt_desc_is_sentinel(const Ecore_Getopt_Desc * desc)
{
- return (desc->shortname == '\0') && (!desc->longname);
+ return (desc->shortname == '\0') && (!desc->longname);
}
static void
-_ecore_getopt_help_options(FILE *fp, const Ecore_Getopt *parser)
+_ecore_getopt_help_options(FILE * fp, const Ecore_Getopt * parser)
{
- const Ecore_Getopt_Desc *desc;
+ const Ecore_Getopt_Desc *desc;
- fputs(_("Options:\n"), fp);
+ fputs(_("Options:\n"), fp);
- for (desc = parser->descs; !_ecore_getopt_desc_is_sentinel(desc); desc++)
- _ecore_getopt_help_desc(fp, desc);
+ for (desc = parser->descs; !_ecore_getopt_desc_is_sentinel(desc);
+ desc++)
+ _ecore_getopt_help_desc(fp, desc);
- fputc('\n', fp);
+ fputc('\n', fp);
}
/**
@@ -608,898 +592,952 @@ _ecore_getopt_help_options(FILE *fp, const Ecore_Getopt *parser)
*
* Message will be print to stderr.
*/
-void
-ecore_getopt_help(FILE *fp, const Ecore_Getopt *parser)
+void ecore_getopt_help(FILE * fp, const Ecore_Getopt * parser)
{
- const char *var;
-
- if (!parser) return;
-
- if (argc < 1)
- {
- ecore_app_args_get(&argc, &argv);
- if ((argc > 0) && (argv[0]))
- prog = argv[0];
- else
- prog = parser->prog;
- }
-
- var = getenv("COLUMNS");
- if (var)
- {
- cols = atoi(var);
- if (cols < 20)
- cols = 20;
-
- helpcol = cols / 3;
- }
-
- _ecore_getopt_help_usage(fp, parser);
- _ecore_getopt_help_description(fp, parser);
- _ecore_getopt_help_options(fp, parser);
+ const char *var;
+
+ if (!parser)
+ return;
+
+ if (argc < 1) {
+ ecore_app_args_get(&argc, &argv);
+ if ((argc > 0) && (argv[0]))
+ prog = argv[0];
+ else
+ prog = parser->prog;
+ }
+
+ var = getenv("COLUMNS");
+ if (var) {
+ cols = atoi(var);
+ if (cols < 20)
+ cols = 20;
+
+ helpcol = cols / 3;
+ }
+
+ _ecore_getopt_help_usage(fp, parser);
+ _ecore_getopt_help_description(fp, parser);
+ _ecore_getopt_help_options(fp, parser);
}
-static const Ecore_Getopt_Desc *
-_ecore_getopt_parse_find_long(const Ecore_Getopt *parser, const char *name)
+static const Ecore_Getopt_Desc *_ecore_getopt_parse_find_long(const
+ Ecore_Getopt
+ * parser,
+ const char
+ *name)
{
- const Ecore_Getopt_Desc *desc = parser->descs;
- const char *p = strchr(name, '=');
- int len = 0;
-
- if (p)
- len = p - name;
-
- for (; !_ecore_getopt_desc_is_sentinel(desc); desc++)
- {
- if (!desc->longname)
- continue;
-
- if (p)
- {
- if ((strncmp(name, desc->longname, len) == 0) &&
- (desc->longname[len] == '\0'))
- return desc;
- }
- else
- {
- if (strcmp(name, desc->longname) == 0)
- return desc;
- }
- }
-
- return NULL;
+ const Ecore_Getopt_Desc *desc = parser->descs;
+ const char *p = strchr(name, '=');
+ int len = 0;
+
+ if (p)
+ len = p - name;
+
+ for (; !_ecore_getopt_desc_is_sentinel(desc); desc++) {
+ if (!desc->longname)
+ continue;
+
+ if (p) {
+ if ((strncmp(name, desc->longname, len) == 0) &&
+ (desc->longname[len] == '\0'))
+ return desc;
+ } else {
+ if (strcmp(name, desc->longname) == 0)
+ return desc;
+ }
+ }
+
+ return NULL;
}
-static const Ecore_Getopt_Desc *
-_ecore_getopt_parse_find_short(const Ecore_Getopt *parser, char name)
+static const Ecore_Getopt_Desc *_ecore_getopt_parse_find_short(const
+ Ecore_Getopt
+ * parser,
+ char name)
{
- const Ecore_Getopt_Desc *desc = parser->descs;
- for (; !_ecore_getopt_desc_is_sentinel(desc); desc++)
- if (name == desc->shortname)
- return desc;
- return NULL;
+ const Ecore_Getopt_Desc *desc = parser->descs;
+ for (; !_ecore_getopt_desc_is_sentinel(desc); desc++)
+ if (name == desc->shortname)
+ return desc;
+ return NULL;
}
static int
-_ecore_getopt_parse_find_nonargs_base(const Ecore_Getopt *parser, int argc, char **argv)
+_ecore_getopt_parse_find_nonargs_base(const Ecore_Getopt * parser,
+ int argc, char **argv)
{
- char **nonargs;
- int src, dst, used, base;
-
- nonargs = alloca(sizeof(char*) * argc);
- src = 1;
- dst = 1;
- used = 0;
- base = 0;
- while (src < argc)
- {
- const Ecore_Getopt_Desc *desc;
- Ecore_Getopt_Desc_Arg_Requirement arg_req;
- char *arg = argv[src];
-
- if (arg[0] != '-')
- goto found_nonarg;
-
- if (arg[1] == '-')
- {
- if (arg[2] == '\0') /* explicit end of options, "--" */
- {
- base = 1;
- break;
- }
- desc = _ecore_getopt_parse_find_long(parser, arg + 2);
- }
- else
- desc = _ecore_getopt_parse_find_short(parser, arg[1]);
-
- if (!desc)
- {
- if (arg[1] == '-')
- fprintf(stderr, _("ERROR: unknown option --%s.\n"), arg + 2);
- else
- fprintf(stderr, _("ERROR: unknown option -%c.\n"), arg[1]);
- if (parser->strict)
- {
- memmove(argv + dst, nonargs, used * sizeof(char *));
- return -1;
- }
- else
- goto found_nonarg;
- }
-
- if (src != dst)
- argv[dst] = argv[src];
- src++;
- dst++;
-
- arg_req = _ecore_getopt_desc_arg_requirement(desc);
- if (arg_req == ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
- continue;
-
- if (strchr(arg, '='))
- continue;
-
- if ((src >= argc) || (argv[src][0] == '-'))
- continue;
-
- if (src != dst)
- argv[dst] = argv[src];
- src++;
- dst++;
- continue;
-
- found_nonarg:
- nonargs[used] = arg;
- used++;
- src++;
- }
-
- if (!base) /* '--' not found */
- base = dst;
- else
- {
- base = dst;
- if (src != dst)
- argv[dst] = argv[src];
- dst++;
- }
-
- memmove(argv + dst, nonargs, used * sizeof(char *));
- return base;
+ char **nonargs;
+ int src, dst, used, base;
+
+ nonargs = alloca(sizeof(char *) * argc);
+ src = 1;
+ dst = 1;
+ used = 0;
+ base = 0;
+ while (src < argc) {
+ const Ecore_Getopt_Desc *desc;
+ Ecore_Getopt_Desc_Arg_Requirement arg_req;
+ char *arg = argv[src];
+
+ if (arg[0] != '-')
+ goto found_nonarg;
+
+ if (arg[1] == '-') {
+ if (arg[2] == '\0') { /* explicit end of options, "--" */
+ base = 1;
+ break;
+ }
+ desc =
+ _ecore_getopt_parse_find_long(parser, arg + 2);
+ } else
+ desc =
+ _ecore_getopt_parse_find_short(parser, arg[1]);
+
+ if (!desc) {
+ if (arg[1] == '-')
+ fprintf(stderr,
+ _("ERROR: unknown option --%s.\n"),
+ arg + 2);
+ else
+ fprintf(stderr,
+ _("ERROR: unknown option -%c.\n"),
+ arg[1]);
+ if (parser->strict) {
+ memmove(argv + dst, nonargs,
+ used * sizeof(char *));
+ return -1;
+ } else
+ goto found_nonarg;
+ }
+
+ if (src != dst)
+ argv[dst] = argv[src];
+ src++;
+ dst++;
+
+ arg_req = _ecore_getopt_desc_arg_requirement(desc);
+ if (arg_req == ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
+ continue;
+
+ if (strchr(arg, '='))
+ continue;
+
+ if ((src >= argc) || (argv[src][0] == '-'))
+ continue;
+
+ if (src != dst)
+ argv[dst] = argv[src];
+ src++;
+ dst++;
+ continue;
+
+ found_nonarg:
+ nonargs[used] = arg;
+ used++;
+ src++;
+ }
+
+ if (!base) /* '--' not found */
+ base = dst;
+ else {
+ base = dst;
+ if (src != dst)
+ argv[dst] = argv[src];
+ dst++;
+ }
+
+ memmove(argv + dst, nonargs, used * sizeof(char *));
+ return base;
}
static void
-_ecore_getopt_desc_print_error(const Ecore_Getopt_Desc *desc, const char *fmt, ...)
+_ecore_getopt_desc_print_error(const Ecore_Getopt_Desc * desc,
+ const char *fmt, ...)
{
- va_list ap;
+ va_list ap;
- fputs(_("ERROR: "), stderr);
+ fputs(_("ERROR: "), stderr);
- if (desc->shortname)
- {
- fputc('-', stderr);
- fputc(desc->shortname, stderr);
- }
+ if (desc->shortname) {
+ fputc('-', stderr);
+ fputc(desc->shortname, stderr);
+ }
- if (desc->shortname && desc->longname)
- fputs(", ", stderr);
+ if (desc->shortname && desc->longname)
+ fputs(", ", stderr);
- if (desc->longname)
- {
- fputs("--", stderr);
- fputs(desc->longname, stderr);
- }
+ if (desc->longname) {
+ fputs("--", stderr);
+ fputs(desc->longname, stderr);
+ }
- fputs(": ", stderr);
+ fputs(": ", stderr);
- va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
- va_end(ap);
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
}
static unsigned char
_ecore_getopt_parse_bool(const char *str, unsigned char *v)
{
- if ((strcmp(str, "0") == 0) ||
- (strcasecmp(str, "f") == 0) ||
- (strcasecmp(str, "false") == 0) ||
- (strcasecmp(str, "no") == 0) ||
- (strcasecmp(str, "off") == 0)
- )
- {
- *v = 0;
- return 1;
- }
- else if ((strcmp(str, "1") == 0) ||
- (strcasecmp(str, "t") == 0) ||
- (strcasecmp(str, "true") == 0) ||
- (strcasecmp(str, "yes") == 0) ||
- (strcasecmp(str, "on") == 0)
- )
- {
- *v = 1;
- return 1;
- }
-
- return 0;
+ if ((strcmp(str, "0") == 0) ||
+ (strcasecmp(str, "f") == 0) ||
+ (strcasecmp(str, "false") == 0) ||
+ (strcasecmp(str, "no") == 0) || (strcasecmp(str, "off") == 0)
+ ) {
+ *v = 0;
+ return 1;
+ } else if ((strcmp(str, "1") == 0) ||
+ (strcasecmp(str, "t") == 0) ||
+ (strcasecmp(str, "true") == 0) ||
+ (strcasecmp(str, "yes") == 0) ||
+ (strcasecmp(str, "on") == 0)
+ ) {
+ *v = 1;
+ return 1;
+ }
+
+ return 0;
}
-static unsigned char
-_ecore_getopt_parse_long(const char *str, long int *v)
+static unsigned char _ecore_getopt_parse_long(const char *str, long int *v)
{
- char *endptr = NULL;
- *v = strtol(str, &endptr, 0);
- return endptr > str;
+ char *endptr = NULL;
+ *v = strtol(str, &endptr, 0);
+ return endptr > str;
}
-static unsigned char
-_ecore_getopt_parse_double(const char *str, double *v)
+static unsigned char _ecore_getopt_parse_double(const char *str, double *v)
{
- char *endptr = NULL;
- *v = strtod(str, &endptr);
- return endptr > str;
+ char *endptr = NULL;
+ *v = strtod(str, &endptr);
+ return endptr > str;
}
static unsigned char
-_ecore_getopt_parse_store(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *value, const char *arg_val)
+_ecore_getopt_parse_store(const Ecore_Getopt * parser __UNUSED__,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * value, const char *arg_val)
{
- const Ecore_Getopt_Desc_Store *store = &desc->action_param.store;
- long int v;
- double d;
- unsigned char b;
-
- if (!value->ptrp)
- {
- _ecore_getopt_desc_print_error(desc, _("value has no pointer set.\n"));
- return 0;
- }
-
- switch (store->arg_req)
- {
- case ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO:
- goto use_optional;
- case ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL:
- if (!arg_val)
- goto use_optional;
- case ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES:
- break;
- }
-
- switch (store->type)
- {
- case ECORE_GETOPT_TYPE_STR:
- *value->strp = (char *)arg_val;
- return 1;
- case ECORE_GETOPT_TYPE_BOOL:
- if (_ecore_getopt_parse_bool(arg_val, &b))
- {
- *value->boolp = b;
- return 1;
- }
- else
- {
- _ecore_getopt_desc_print_error
- (desc, _("unknown boolean value %s.\n"), arg_val);
- return 0;
- }
- case ECORE_GETOPT_TYPE_SHORT:
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- *value->shortp = v;
- return 1;
- case ECORE_GETOPT_TYPE_INT:
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- *value->intp = v;
- return 1;
- case ECORE_GETOPT_TYPE_LONG:
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- *value->longp = v;
- return 1;
- case ECORE_GETOPT_TYPE_USHORT:
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- *value->ushortp = v;
- return 1;
- case ECORE_GETOPT_TYPE_UINT:
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- *value->uintp = v;
- return 1;
- case ECORE_GETOPT_TYPE_ULONG:
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- *value->ulongp = v;
- return 1;
- case ECORE_GETOPT_TYPE_DOUBLE:
- if (!_ecore_getopt_parse_double(arg_val, &d))
- goto error;
- *value->doublep = d;
- break;
- }
-
- return 1;
-
- error:
- _ecore_getopt_desc_print_error
- (desc, _("invalid number format %s\n"), arg_val);
- return 0;
-
- use_optional:
- switch (store->type)
- {
- case ECORE_GETOPT_TYPE_STR:
- *value->strp = (char *)store->def.strv;
- break;
- case ECORE_GETOPT_TYPE_BOOL:
- *value->boolp = store->def.boolv;
- break;
- case ECORE_GETOPT_TYPE_SHORT:
- *value->shortp = store->def.shortv;
- break;
- case ECORE_GETOPT_TYPE_INT:
- *value->intp = store->def.intv;
- break;
- case ECORE_GETOPT_TYPE_LONG:
- *value->longp = store->def.longv;
- break;
- case ECORE_GETOPT_TYPE_USHORT:
- *value->ushortp = store->def.ushortv;
- break;
- case ECORE_GETOPT_TYPE_UINT:
- *value->uintp = store->def.uintv;
- break;
- case ECORE_GETOPT_TYPE_ULONG:
- *value->ulongp = store->def.ulongv;
- break;
- case ECORE_GETOPT_TYPE_DOUBLE:
- *value->doublep = store->def.doublev;
- break;
- }
-
- return 1;
+ const Ecore_Getopt_Desc_Store *store = &desc->action_param.store;
+ long int v;
+ double d;
+ unsigned char b;
+
+ if (!value->ptrp) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("value has no pointer set.\n"));
+ return 0;
+ }
+
+ switch (store->arg_req) {
+ case ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO:
+ goto use_optional;
+ case ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL:
+ if (!arg_val)
+ goto use_optional;
+ case ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES:
+ break;
+ }
+
+ switch (store->type) {
+ case ECORE_GETOPT_TYPE_STR:
+ *value->strp = (char *) arg_val;
+ return 1;
+ case ECORE_GETOPT_TYPE_BOOL:
+ if (_ecore_getopt_parse_bool(arg_val, &b)) {
+ *value->boolp = b;
+ return 1;
+ } else {
+ _ecore_getopt_desc_print_error
+ (desc, _("unknown boolean value %s.\n"),
+ arg_val);
+ return 0;
+ }
+ case ECORE_GETOPT_TYPE_SHORT:
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ *value->shortp = v;
+ return 1;
+ case ECORE_GETOPT_TYPE_INT:
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ *value->intp = v;
+ return 1;
+ case ECORE_GETOPT_TYPE_LONG:
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ *value->longp = v;
+ return 1;
+ case ECORE_GETOPT_TYPE_USHORT:
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ *value->ushortp = v;
+ return 1;
+ case ECORE_GETOPT_TYPE_UINT:
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ *value->uintp = v;
+ return 1;
+ case ECORE_GETOPT_TYPE_ULONG:
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ *value->ulongp = v;
+ return 1;
+ case ECORE_GETOPT_TYPE_DOUBLE:
+ if (!_ecore_getopt_parse_double(arg_val, &d))
+ goto error;
+ *value->doublep = d;
+ break;
+ }
+
+ return 1;
+
+ error:
+ _ecore_getopt_desc_print_error
+ (desc, _("invalid number format %s\n"), arg_val);
+ return 0;
+
+ use_optional:
+ switch (store->type) {
+ case ECORE_GETOPT_TYPE_STR:
+ *value->strp = (char *) store->def.strv;
+ break;
+ case ECORE_GETOPT_TYPE_BOOL:
+ *value->boolp = store->def.boolv;
+ break;
+ case ECORE_GETOPT_TYPE_SHORT:
+ *value->shortp = store->def.shortv;
+ break;
+ case ECORE_GETOPT_TYPE_INT:
+ *value->intp = store->def.intv;
+ break;
+ case ECORE_GETOPT_TYPE_LONG:
+ *value->longp = store->def.longv;
+ break;
+ case ECORE_GETOPT_TYPE_USHORT:
+ *value->ushortp = store->def.ushortv;
+ break;
+ case ECORE_GETOPT_TYPE_UINT:
+ *value->uintp = store->def.uintv;
+ break;
+ case ECORE_GETOPT_TYPE_ULONG:
+ *value->ulongp = store->def.ulongv;
+ break;
+ case ECORE_GETOPT_TYPE_DOUBLE:
+ *value->doublep = store->def.doublev;
+ break;
+ }
+
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_store_const(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val __UNUSED__)
+_ecore_getopt_parse_store_const(const Ecore_Getopt * parser __UNUSED__,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val,
+ const char *arg_val __UNUSED__)
{
- if (!val->ptrp)
- {
- _ecore_getopt_desc_print_error(desc, _("value has no pointer set.\n"));
- return 0;
- }
-
- *val->ptrp = (void *)desc->action_param.store_const;
- return 1;
+ if (!val->ptrp) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("value has no pointer set.\n"));
+ return 0;
+ }
+
+ *val->ptrp = (void *) desc->action_param.store_const;
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_store_true(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val __UNUSED__)
+_ecore_getopt_parse_store_true(const Ecore_Getopt * parser __UNUSED__,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val,
+ const char *arg_val __UNUSED__)
{
- if (!val->boolp)
- {
- _ecore_getopt_desc_print_error(desc, _("value has no pointer set.\n"));
- return 0;
- }
- *val->boolp = 1;
- return 1;
+ if (!val->boolp) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("value has no pointer set.\n"));
+ return 0;
+ }
+ *val->boolp = 1;
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_store_false(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val __UNUSED__)
+_ecore_getopt_parse_store_false(const Ecore_Getopt * parser __UNUSED__,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val,
+ const char *arg_val __UNUSED__)
{
- if (!val->boolp)
- {
- _ecore_getopt_desc_print_error(desc, _("value has no pointer set.\n"));
- return 0;
- }
- *val->boolp = 0;
- return 1;
+ if (!val->boolp) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("value has no pointer set.\n"));
+ return 0;
+ }
+ *val->boolp = 0;
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_choice(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val)
+_ecore_getopt_parse_choice(const Ecore_Getopt * parser __UNUSED__,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val, const char *arg_val)
{
- const char * const *pchoice;
-
- if (!val->strp)
- {
- _ecore_getopt_desc_print_error(desc, _("value has no pointer set.\n"));
- return 0;
- }
-
- pchoice = desc->action_param.choices;
- for (; *pchoice; pchoice++)
- if (strcmp(*pchoice, arg_val) == 0)
- {
- *val->strp = (char *)*pchoice;
- return 1;
- }
-
- _ecore_getopt_desc_print_error
- (desc, _("invalid choice \"%s\". Valid values are: "), arg_val);
-
- pchoice = desc->action_param.choices;
- for (; *pchoice; pchoice++)
- {
- fputs(*pchoice, stderr);
- if (pchoice[1])
- fputs(", ", stderr);
- }
-
- fputs(".\n", stderr);
- return 0;
+ const char *const *pchoice;
+
+ if (!val->strp) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("value has no pointer set.\n"));
+ return 0;
+ }
+
+ pchoice = desc->action_param.choices;
+ for (; *pchoice; pchoice++)
+ if (strcmp(*pchoice, arg_val) == 0) {
+ *val->strp = (char *) *pchoice;
+ return 1;
+ }
+
+ _ecore_getopt_desc_print_error
+ (desc, _("invalid choice \"%s\". Valid values are: "),
+ arg_val);
+
+ pchoice = desc->action_param.choices;
+ for (; *pchoice; pchoice++) {
+ fputs(*pchoice, stderr);
+ if (pchoice[1])
+ fputs(", ", stderr);
+ }
+
+ fputs(".\n", stderr);
+ return 0;
}
static unsigned char
-_ecore_getopt_parse_append(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val)
+_ecore_getopt_parse_append(const Ecore_Getopt * parser __UNUSED__,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val, const char *arg_val)
{
- void *data;
- long int v;
- double d;
- unsigned char b;
-
- if (!arg_val)
- {
- _ecore_getopt_desc_print_error
- (desc, _("missing parameter to append.\n"));
- return 0;
- }
-
- if (!val->listp)
- {
- _ecore_getopt_desc_print_error(desc, _("value has no pointer set.\n"));
- return 0;
- }
-
- switch (desc->action_param.append_type)
- {
- case ECORE_GETOPT_TYPE_STR:
- data = strdup(arg_val);
- break;
- case ECORE_GETOPT_TYPE_BOOL:
- {
- if (_ecore_getopt_parse_bool(arg_val, &b))
- {
- data = malloc(sizeof(unsigned char));
- if (data)
- *(unsigned char *)data = b;
- }
- else
- {
- _ecore_getopt_desc_print_error
- (desc, _("unknown boolean value %s.\n"), arg_val);
- return 0;
- }
- }
- break;
- case ECORE_GETOPT_TYPE_SHORT:
- {
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- data = malloc(sizeof(short));
- if (data)
- *(short *)data = (short)v;
- }
- break;
- case ECORE_GETOPT_TYPE_INT:
- {
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- data = malloc(sizeof(int));
- if (data)
- *(int *)data = (int)v;
- }
- break;
- case ECORE_GETOPT_TYPE_LONG:
- {
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- data = malloc(sizeof(long));
- if (data)
- *(long *)data = v;
- }
- break;
- case ECORE_GETOPT_TYPE_USHORT:
- {
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- data = malloc(sizeof(unsigned short));
- if (data)
- *(unsigned short *)data = (unsigned short)v;
- }
- break;
- case ECORE_GETOPT_TYPE_UINT:
- {
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- data = malloc(sizeof(unsigned int));
- if (data)
- *(unsigned int *)data = (unsigned int)v;
- }
- break;
- case ECORE_GETOPT_TYPE_ULONG:
- {
- if (!_ecore_getopt_parse_long(arg_val, &v))
- goto error;
- data = malloc(sizeof(unsigned long));
- if (data)
- *(unsigned long *)data = v;
- }
- break;
- case ECORE_GETOPT_TYPE_DOUBLE:
- {
- if (!_ecore_getopt_parse_double(arg_val, &d))
- goto error;
- data = malloc(sizeof(double));
- if (data)
- *(double *)data = d;
- }
- break;
- default:
- {
- _ecore_getopt_desc_print_error(desc, _("could not parse value.\n"));
- return 0;
- }
- }
-
- *val->listp = eina_list_append(*val->listp, data);
- return 1;
-
- error:
- _ecore_getopt_desc_print_error
- (desc, _("invalid number format %s\n"), arg_val);
- return 0;
+ void *data;
+ long int v;
+ double d;
+ unsigned char b;
+
+ if (!arg_val) {
+ _ecore_getopt_desc_print_error
+ (desc, _("missing parameter to append.\n"));
+ return 0;
+ }
+
+ if (!val->listp) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("value has no pointer set.\n"));
+ return 0;
+ }
+
+ switch (desc->action_param.append_type) {
+ case ECORE_GETOPT_TYPE_STR:
+ data = strdup(arg_val);
+ break;
+ case ECORE_GETOPT_TYPE_BOOL:
+ {
+ if (_ecore_getopt_parse_bool(arg_val, &b)) {
+ data = malloc(sizeof(unsigned char));
+ if (data)
+ *(unsigned char *) data = b;
+ } else {
+ _ecore_getopt_desc_print_error
+ (desc,
+ _("unknown boolean value %s.\n"),
+ arg_val);
+ return 0;
+ }
+ }
+ break;
+ case ECORE_GETOPT_TYPE_SHORT:
+ {
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ data = malloc(sizeof(short));
+ if (data)
+ *(short *) data = (short) v;
+ }
+ break;
+ case ECORE_GETOPT_TYPE_INT:
+ {
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ data = malloc(sizeof(int));
+ if (data)
+ *(int *) data = (int) v;
+ }
+ break;
+ case ECORE_GETOPT_TYPE_LONG:
+ {
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ data = malloc(sizeof(long));
+ if (data)
+ *(long *) data = v;
+ }
+ break;
+ case ECORE_GETOPT_TYPE_USHORT:
+ {
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ data = malloc(sizeof(unsigned short));
+ if (data)
+ *(unsigned short *) data =
+ (unsigned short) v;
+ }
+ break;
+ case ECORE_GETOPT_TYPE_UINT:
+ {
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ data = malloc(sizeof(unsigned int));
+ if (data)
+ *(unsigned int *) data = (unsigned int) v;
+ }
+ break;
+ case ECORE_GETOPT_TYPE_ULONG:
+ {
+ if (!_ecore_getopt_parse_long(arg_val, &v))
+ goto error;
+ data = malloc(sizeof(unsigned long));
+ if (data)
+ *(unsigned long *) data = v;
+ }
+ break;
+ case ECORE_GETOPT_TYPE_DOUBLE:
+ {
+ if (!_ecore_getopt_parse_double(arg_val, &d))
+ goto error;
+ data = malloc(sizeof(double));
+ if (data)
+ *(double *) data = d;
+ }
+ break;
+ default:
+ {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("could not parse value.\n"));
+ return 0;
+ }
+ }
+
+ *val->listp = eina_list_append(*val->listp, data);
+ return 1;
+
+ error:
+ _ecore_getopt_desc_print_error
+ (desc, _("invalid number format %s\n"), arg_val);
+ return 0;
}
static unsigned char
-_ecore_getopt_parse_count(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val __UNUSED__)
+_ecore_getopt_parse_count(const Ecore_Getopt * parser __UNUSED__,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val,
+ const char *arg_val __UNUSED__)
{
- if (!val->intp)
- {
- _ecore_getopt_desc_print_error(desc, _("value has no pointer set.\n"));
- return 0;
- }
-
- (*val->intp)++;
- return 1;
+ if (!val->intp) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("value has no pointer set.\n"));
+ return 0;
+ }
+
+ (*val->intp)++;
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_callback(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val)
+_ecore_getopt_parse_callback(const Ecore_Getopt * parser,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val, const char *arg_val)
{
- const Ecore_Getopt_Desc_Callback *cb = &desc->action_param.callback;
-
- switch (cb->arg_req)
- {
- case ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO:
- arg_val = cb->def;
- break;
- case ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL:
- if (!arg_val)
- arg_val = cb->def;
- break;
- case ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES:
- break;
- }
-
- if (cb->arg_req != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
- {
- if ((!arg_val) || (arg_val[0] == '\0'))
- {
- _ecore_getopt_desc_print_error(desc, _("missing parameter.\n"));
- return 0;
- }
-
- if (!val->ptrp)
- {
- _ecore_getopt_desc_print_error
- (desc, _("value has no pointer set.\n"));
- return 0;
- }
- }
-
- if (!cb->func)
- {
- _ecore_getopt_desc_print_error(desc, _("missing callback function!\n"));
- return 0;
- }
-
- return cb->func(parser, desc, arg_val, (void *)cb->data, val);
+ const Ecore_Getopt_Desc_Callback *cb =
+ &desc->action_param.callback;
+
+ switch (cb->arg_req) {
+ case ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO:
+ arg_val = cb->def;
+ break;
+ case ECORE_GETOPT_DESC_ARG_REQUIREMENT_OPTIONAL:
+ if (!arg_val)
+ arg_val = cb->def;
+ break;
+ case ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES:
+ break;
+ }
+
+ if (cb->arg_req != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO) {
+ if ((!arg_val) || (arg_val[0] == '\0')) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("missing parameter.\n"));
+ return 0;
+ }
+
+ if (!val->ptrp) {
+ _ecore_getopt_desc_print_error
+ (desc, _("value has no pointer set.\n"));
+ return 0;
+ }
+ }
+
+ if (!cb->func) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("missing callback function!\n"));
+ return 0;
+ }
+
+ return cb->func(parser, desc, arg_val, (void *) cb->data, val);
}
static unsigned char
-_ecore_getopt_parse_help(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc __UNUSED__, Ecore_Getopt_Value *val, const char *arg_val __UNUSED__)
+_ecore_getopt_parse_help(const Ecore_Getopt * parser,
+ const Ecore_Getopt_Desc * desc __UNUSED__,
+ Ecore_Getopt_Value * val,
+ const char *arg_val __UNUSED__)
{
- if (val->boolp)
- (*val->boolp) = 1;
- ecore_getopt_help(stdout, parser);
- return 1;
+ if (val->boolp)
+ (*val->boolp) = 1;
+ ecore_getopt_help(stdout, parser);
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_version(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val __UNUSED__)
+_ecore_getopt_parse_version(const Ecore_Getopt * parser,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val,
+ const char *arg_val __UNUSED__)
{
- if (val->boolp)
- (*val->boolp) = 1;
- if (!parser->version)
- {
- _ecore_getopt_desc_print_error(desc, _("no version was defined.\n"));
- return 0;
- }
- _ecore_getopt_version(stdout, parser);
- return 1;
+ if (val->boolp)
+ (*val->boolp) = 1;
+ if (!parser->version) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("no version was defined.\n"));
+ return 0;
+ }
+ _ecore_getopt_version(stdout, parser);
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_copyright(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val __UNUSED__)
+_ecore_getopt_parse_copyright(const Ecore_Getopt * parser,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val,
+ const char *arg_val __UNUSED__)
{
- if (val->boolp)
- (*val->boolp) = 1;
- if (!parser->copyright)
- {
- _ecore_getopt_desc_print_error(desc, _("no copyright was defined.\n"));
- return 0;
- }
- _ecore_getopt_copyright(stdout, parser);
- return 1;
+ if (val->boolp)
+ (*val->boolp) = 1;
+ if (!parser->copyright) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("no copyright was defined.\n"));
+ return 0;
+ }
+ _ecore_getopt_copyright(stdout, parser);
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_license(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *val, const char *arg_val __UNUSED__)
+_ecore_getopt_parse_license(const Ecore_Getopt * parser,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * val,
+ const char *arg_val __UNUSED__)
{
- if (val->boolp)
- (*val->boolp) = 1;
- if (!parser->license)
- {
- _ecore_getopt_desc_print_error(desc, _("no license was defined.\n"));
- return 0;
- }
- _ecore_getopt_license(stdout, parser);
- return 1;
+ if (val->boolp)
+ (*val->boolp) = 1;
+ if (!parser->license) {
+ _ecore_getopt_desc_print_error(desc,
+ _
+ ("no license was defined.\n"));
+ return 0;
+ }
+ _ecore_getopt_license(stdout, parser);
+ return 1;
}
static unsigned char
-_ecore_getopt_desc_handle(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *desc, Ecore_Getopt_Value *value, const char *arg_val)
+_ecore_getopt_desc_handle(const Ecore_Getopt * parser,
+ const Ecore_Getopt_Desc * desc,
+ Ecore_Getopt_Value * value, const char *arg_val)
{
- switch (desc->action)
- {
- case ECORE_GETOPT_ACTION_STORE:
- return _ecore_getopt_parse_store(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_STORE_CONST:
- return _ecore_getopt_parse_store_const(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_STORE_TRUE:
- return _ecore_getopt_parse_store_true(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_STORE_FALSE:
- return _ecore_getopt_parse_store_false(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_CHOICE:
- return _ecore_getopt_parse_choice(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_APPEND:
- return _ecore_getopt_parse_append(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_COUNT:
- return _ecore_getopt_parse_count(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_CALLBACK:
- return _ecore_getopt_parse_callback(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_HELP:
- return _ecore_getopt_parse_help(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_VERSION:
- return _ecore_getopt_parse_version(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_COPYRIGHT:
- return _ecore_getopt_parse_copyright(parser, desc, value, arg_val);
- case ECORE_GETOPT_ACTION_LICENSE:
- return _ecore_getopt_parse_license(parser, desc, value, arg_val);
- default:
- return 0;
- }
+ switch (desc->action) {
+ case ECORE_GETOPT_ACTION_STORE:
+ return _ecore_getopt_parse_store(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_STORE_CONST:
+ return _ecore_getopt_parse_store_const(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_STORE_TRUE:
+ return _ecore_getopt_parse_store_true(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_STORE_FALSE:
+ return _ecore_getopt_parse_store_false(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_CHOICE:
+ return _ecore_getopt_parse_choice(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_APPEND:
+ return _ecore_getopt_parse_append(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_COUNT:
+ return _ecore_getopt_parse_count(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_CALLBACK:
+ return _ecore_getopt_parse_callback(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_HELP:
+ return _ecore_getopt_parse_help(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_VERSION:
+ return _ecore_getopt_parse_version(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_COPYRIGHT:
+ return _ecore_getopt_parse_copyright(parser, desc, value,
+ arg_val);
+ case ECORE_GETOPT_ACTION_LICENSE:
+ return _ecore_getopt_parse_license(parser, desc, value,
+ arg_val);
+ default:
+ return 0;
+ }
}
static unsigned char
-_ecore_getopt_parse_arg_long(const Ecore_Getopt *parser, Ecore_Getopt_Value *values, int argc __UNUSED__, char **argv, int *idx, int *nonargs, const char *arg)
+_ecore_getopt_parse_arg_long(const Ecore_Getopt * parser,
+ Ecore_Getopt_Value * values,
+ int argc __UNUSED__, char **argv, int *idx,
+ int *nonargs, const char *arg)
{
- const Ecore_Getopt_Desc *desc;
- Ecore_Getopt_Desc_Arg_Requirement arg_req;
- const char *arg_val;
- int desc_idx;
- Ecore_Getopt_Value *value;
- unsigned char ret;
-
- desc = _ecore_getopt_parse_find_long(parser, arg);
- if (!desc)
- {
- fprintf(stderr, _("ERROR: unknown option --%s, ignored.\n"), arg);
- if (parser->strict)
- return 0;
-
- (*idx)++;
- return 1;
- }
-
- (*idx)++;
-
- arg_req = _ecore_getopt_desc_arg_requirement(desc);
- if (arg_req != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
- {
- arg_val = strchr(arg, '=');
- if (arg_val)
- arg_val++;
- else
- {
- if ((*idx < *nonargs) && (argv[*idx][0] != '-'))
- {
- arg_val = argv[*idx];
- (*idx)++;
- }
- else
- arg_val = NULL;
- }
-
- if (arg_val && arg_val[0] == '\0')
- arg_val = NULL;
-
- if ((!arg_val) && (arg_req == ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES))
- {
- fprintf
- (stderr, _("ERROR: option --%s requires an argument!\n"), arg);
- if (parser->strict)
- return 0;
- return 1;
- }
- }
- else
- arg_val = NULL;
-
- desc_idx = desc - parser->descs;
- value = values + desc_idx;
- ret = _ecore_getopt_desc_handle(parser, desc, value, arg_val);
- if ((!ret) && parser->strict)
- return 0;
-
- return 1;
+ const Ecore_Getopt_Desc *desc;
+ Ecore_Getopt_Desc_Arg_Requirement arg_req;
+ const char *arg_val;
+ int desc_idx;
+ Ecore_Getopt_Value *value;
+ unsigned char ret;
+
+ desc = _ecore_getopt_parse_find_long(parser, arg);
+ if (!desc) {
+ fprintf(stderr,
+ _("ERROR: unknown option --%s, ignored.\n"), arg);
+ if (parser->strict)
+ return 0;
+
+ (*idx)++;
+ return 1;
+ }
+
+ (*idx)++;
+
+ arg_req = _ecore_getopt_desc_arg_requirement(desc);
+ if (arg_req != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO) {
+ arg_val = strchr(arg, '=');
+ if (arg_val)
+ arg_val++;
+ else {
+ if ((*idx < *nonargs) && (argv[*idx][0] != '-')) {
+ arg_val = argv[*idx];
+ (*idx)++;
+ } else
+ arg_val = NULL;
+ }
+
+ if (arg_val && arg_val[0] == '\0')
+ arg_val = NULL;
+
+ if ((!arg_val)
+ && (arg_req ==
+ ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES)) {
+ fprintf(stderr,
+ _
+ ("ERROR: option --%s requires an argument!\n"),
+ arg);
+ if (parser->strict)
+ return 0;
+ return 1;
+ }
+ } else
+ arg_val = NULL;
+
+ desc_idx = desc - parser->descs;
+ value = values + desc_idx;
+ ret = _ecore_getopt_desc_handle(parser, desc, value, arg_val);
+ if ((!ret) && parser->strict)
+ return 0;
+
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_arg_short(const Ecore_Getopt *parser, Ecore_Getopt_Value *values, int argc __UNUSED__, char **argv, int *idx, int *nonargs, const char *arg)
+_ecore_getopt_parse_arg_short(const Ecore_Getopt * parser,
+ Ecore_Getopt_Value * values,
+ int argc __UNUSED__, char **argv, int *idx,
+ int *nonargs, const char *arg)
{
- int run = 1;
- while (run && (arg[0] != '\0'))
- {
- int opt = arg[0];
- const Ecore_Getopt_Desc *desc;
- Ecore_Getopt_Desc_Arg_Requirement arg_req;
- const char *arg_val;
- int desc_idx;
- Ecore_Getopt_Value *value;
- unsigned char ret;
-
- desc = _ecore_getopt_parse_find_short(parser, arg[0]);
- if (!desc)
- {
- fprintf
- (stderr, _("ERROR: unknown option -%c, ignored.\n"), arg[0]);
- if (parser->strict)
- return 0;
-
- arg++;
- continue;
- }
-
- arg++;
-
- arg_req = _ecore_getopt_desc_arg_requirement(desc);
- if (arg_req != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO)
- {
- (*idx)++;
- run = 0;
-
- if (arg[0] == '=')
- arg_val = arg + 1;
- else if (arg[0] != '\0')
- arg_val = arg;
- else
- {
- if ((*idx < *nonargs) && (argv[*idx][0] != '-'))
- {
- arg_val = argv[*idx];
- (*idx)++;
- }
- else
- arg_val = NULL;
- }
-
- if (arg_val && arg_val[0] == '\0')
- arg_val = NULL;
-
- if ((!arg_val) &&
- (arg_req == ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES))
- {
- fprintf
- (stderr, _("ERROR: option -%c requires an argument!\n"),
- opt);
- if (parser->strict)
- return 0;
- return 1;
- }
- }
- else
- arg_val = NULL;
-
- desc_idx = desc - parser->descs;
- value = values + desc_idx;
- ret = _ecore_getopt_desc_handle(parser, desc, value, arg_val);
- if ((!ret) && parser->strict)
- return 0;
- }
-
- if (run)
- (*idx)++;
-
- return 1;
+ int run = 1;
+ while (run && (arg[0] != '\0')) {
+ int opt = arg[0];
+ const Ecore_Getopt_Desc *desc;
+ Ecore_Getopt_Desc_Arg_Requirement arg_req;
+ const char *arg_val;
+ int desc_idx;
+ Ecore_Getopt_Value *value;
+ unsigned char ret;
+
+ desc = _ecore_getopt_parse_find_short(parser, arg[0]);
+ if (!desc) {
+ fprintf
+ (stderr,
+ _("ERROR: unknown option -%c, ignored.\n"),
+ arg[0]);
+ if (parser->strict)
+ return 0;
+
+ arg++;
+ continue;
+ }
+
+ arg++;
+
+ arg_req = _ecore_getopt_desc_arg_requirement(desc);
+ if (arg_req != ECORE_GETOPT_DESC_ARG_REQUIREMENT_NO) {
+ (*idx)++;
+ run = 0;
+
+ if (arg[0] == '=')
+ arg_val = arg + 1;
+ else if (arg[0] != '\0')
+ arg_val = arg;
+ else {
+ if ((*idx < *nonargs)
+ && (argv[*idx][0] != '-')) {
+ arg_val = argv[*idx];
+ (*idx)++;
+ } else
+ arg_val = NULL;
+ }
+
+ if (arg_val && arg_val[0] == '\0')
+ arg_val = NULL;
+
+ if ((!arg_val) &&
+ (arg_req ==
+ ECORE_GETOPT_DESC_ARG_REQUIREMENT_YES)) {
+ fprintf(stderr,
+ _
+ ("ERROR: option -%c requires an argument!\n"),
+ opt);
+ if (parser->strict)
+ return 0;
+ return 1;
+ }
+ } else
+ arg_val = NULL;
+
+ desc_idx = desc - parser->descs;
+ value = values + desc_idx;
+ ret =
+ _ecore_getopt_desc_handle(parser, desc, value,
+ arg_val);
+ if ((!ret) && parser->strict)
+ return 0;
+ }
+
+ if (run)
+ (*idx)++;
+
+ return 1;
}
static unsigned char
-_ecore_getopt_parse_arg(const Ecore_Getopt *parser, Ecore_Getopt_Value *values, int argc, char **argv, int *idx, int *nonargs)
+_ecore_getopt_parse_arg(const Ecore_Getopt * parser,
+ Ecore_Getopt_Value * values, int argc, char **argv,
+ int *idx, int *nonargs)
{
- char *arg = argv[*idx];
-
- if (arg[0] != '-')
- {
- char **dst, **src, **src_end;
-
- dst = argv + *idx;
- src = dst + 1;
- src_end = src + *nonargs - *idx - 1;
-
- for (; src < src_end; src++, dst++)
- *dst = *src;
-
- *dst = arg;
- (*nonargs)--;
- return 1;
- }
-
- if (arg[1] == '-')
- return _ecore_getopt_parse_arg_long
- (parser, values, argc, argv, idx, nonargs, arg + 2);
- else
- return _ecore_getopt_parse_arg_short
- (parser, values, argc, argv, idx, nonargs, arg + 1);
+ char *arg = argv[*idx];
+
+ if (arg[0] != '-') {
+ char **dst, **src, **src_end;
+
+ dst = argv + *idx;
+ src = dst + 1;
+ src_end = src + *nonargs - *idx - 1;
+
+ for (; src < src_end; src++, dst++)
+ *dst = *src;
+
+ *dst = arg;
+ (*nonargs)--;
+ return 1;
+ }
+
+ if (arg[1] == '-')
+ return _ecore_getopt_parse_arg_long
+ (parser, values, argc, argv, idx, nonargs, arg + 2);
+ else
+ return _ecore_getopt_parse_arg_short
+ (parser, values, argc, argv, idx, nonargs, arg + 1);
}
-static const Ecore_Getopt_Desc *
-_ecore_getopt_parse_find_short_other(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *orig)
+static const Ecore_Getopt_Desc *_ecore_getopt_parse_find_short_other(const
+ Ecore_Getopt
+ *
+ parser,
+ const
+ Ecore_Getopt_Desc
+ *
+ orig)
{
- const Ecore_Getopt_Desc *desc = parser->descs;
- const char c = orig->shortname;
+ const Ecore_Getopt_Desc *desc = parser->descs;
+ const char c = orig->shortname;
- for (; !_ecore_getopt_desc_is_sentinel(desc); desc++)
- {
- if (desc == orig)
- return NULL;
+ for (; !_ecore_getopt_desc_is_sentinel(desc); desc++) {
+ if (desc == orig)
+ return NULL;
- if (c == desc->shortname)
- return desc;
- }
+ if (c == desc->shortname)
+ return desc;
+ }
- return NULL;
+ return NULL;
}
-static const Ecore_Getopt_Desc *
-_ecore_getopt_parse_find_long_other(const Ecore_Getopt *parser, const Ecore_Getopt_Desc *orig)
+static const Ecore_Getopt_Desc *_ecore_getopt_parse_find_long_other(const
+ Ecore_Getopt
+ *
+ parser,
+ const
+ Ecore_Getopt_Desc
+ * orig)
{
- const Ecore_Getopt_Desc *desc = parser->descs;
- const char *name = orig->longname;
+ const Ecore_Getopt_Desc *desc = parser->descs;
+ const char *name = orig->longname;
- for (; !_ecore_getopt_desc_is_sentinel(desc); desc++)
- {
- if (desc == orig)
- return NULL;
+ for (; !_ecore_getopt_desc_is_sentinel(desc); desc++) {
+ if (desc == orig)
+ return NULL;
- if (desc->longname && (strcmp(name, desc->longname) == 0))
- return desc;
- }
+ if (desc->longname && (strcmp(name, desc->longname) == 0))
+ return desc;
+ }
- return NULL;
+ return NULL;
}
/**
@@ -1508,56 +1546,62 @@ _ecore_getopt_parse_find_long_other(const Ecore_Getopt *parser, const Ecore_Geto
* @return 1 if there are duplicates, 0 otherwise.
*/
unsigned char
-ecore_getopt_parser_has_duplicates(const Ecore_Getopt *parser)
+ecore_getopt_parser_has_duplicates(const Ecore_Getopt * parser)
{
- const Ecore_Getopt_Desc *desc = parser->descs;
- for (; !_ecore_getopt_desc_is_sentinel(desc); desc++)
- {
- if (desc->shortname)
- {
- const Ecore_Getopt_Desc *other;
- other = _ecore_getopt_parse_find_short_other(parser, desc);
- if (other)
- {
- _ecore_getopt_desc_print_error
- (desc, "short name -%c already exists.", desc->shortname);
-
- if (other->longname)
- fprintf(stderr, " Other is --%s.\n", other->longname);
- else
- fputc('\n', stderr);
- return 1;
- }
- }
-
- if (desc->longname)
- {
- const Ecore_Getopt_Desc *other;
- other = _ecore_getopt_parse_find_long_other(parser, desc);
- if (other)
- {
- _ecore_getopt_desc_print_error
- (desc, "long name --%s already exists.", desc->longname);
-
- if (other->shortname)
- fprintf(stderr, " Other is -%c.\n", other->shortname);
- else
- fputc('\n', stderr);
- return 1;
- }
- }
- }
- return 0;
+ const Ecore_Getopt_Desc *desc = parser->descs;
+ for (; !_ecore_getopt_desc_is_sentinel(desc); desc++) {
+ if (desc->shortname) {
+ const Ecore_Getopt_Desc *other;
+ other =
+ _ecore_getopt_parse_find_short_other(parser,
+ desc);
+ if (other) {
+ _ecore_getopt_desc_print_error
+ (desc,
+ "short name -%c already exists.",
+ desc->shortname);
+
+ if (other->longname)
+ fprintf(stderr,
+ " Other is --%s.\n",
+ other->longname);
+ else
+ fputc('\n', stderr);
+ return 1;
+ }
+ }
+
+ if (desc->longname) {
+ const Ecore_Getopt_Desc *other;
+ other =
+ _ecore_getopt_parse_find_long_other(parser,
+ desc);
+ if (other) {
+ _ecore_getopt_desc_print_error
+ (desc,
+ "long name --%s already exists.",
+ desc->longname);
+
+ if (other->shortname)
+ fprintf(stderr, " Other is -%c.\n",
+ other->shortname);
+ else
+ fputc('\n', stderr);
+ return 1;
+ }
+ }
+ }
+ return 0;
}
-static const Ecore_Getopt_Desc *
-_ecore_getopt_find_help(const Ecore_Getopt *parser)
+static const Ecore_Getopt_Desc *_ecore_getopt_find_help(const Ecore_Getopt
+ * parser)
{
- const Ecore_Getopt_Desc *desc = parser->descs;
- for (; !_ecore_getopt_desc_is_sentinel(desc); desc++)
- if (desc->action == ECORE_GETOPT_ACTION_HELP)
- return desc;
- return NULL;
+ const Ecore_Getopt_Desc *desc = parser->descs;
+ for (; !_ecore_getopt_desc_is_sentinel(desc); desc++)
+ if (desc->action == ECORE_GETOPT_ACTION_HELP)
+ return desc;
+ return NULL;
}
/**
@@ -1611,64 +1655,64 @@ _ecore_getopt_find_help(const Ecore_Getopt *parser)
* @return index of first non-option parameter or -1 on error.
*/
int
-ecore_getopt_parse(const Ecore_Getopt *parser, Ecore_Getopt_Value *values, int argc, char **argv)
+ecore_getopt_parse(const Ecore_Getopt * parser,
+ Ecore_Getopt_Value * values, int argc, char **argv)
{
- int i, nonargs;
-
- if (!parser)
- {
- fputs(_("ERROR: no parser provided.\n"), stderr);
- return -1;
- }
- if (!values)
- {
- fputs(_("ERROR: no values provided.\n"), stderr);
- return -1;
- }
-
- if ((argc < 1) || (!argv))
- ecore_app_args_get(&argc, &argv);
-
- if (argc < 1)
- {
- fputs(_("ERROR: no arguments provided.\n"), stderr);
- return -1;
- }
-
- if (argv[0])
- prog = argv[0];
- else
- prog = parser->prog;
-
- nonargs = _ecore_getopt_parse_find_nonargs_base(parser, argc, argv);
- if (nonargs < 0)
- goto error;
-
- if (nonargs > argc)
- nonargs = argc;
-
- i = 1;
- while (i < nonargs)
- if (!_ecore_getopt_parse_arg(parser, values, argc, argv, &i, &nonargs))
- goto error;
-
- return nonargs;
-
- error:
- {
- const Ecore_Getopt_Desc *help;
- fputs(_("ERROR: invalid options found."), stderr);
-
- help = _ecore_getopt_find_help(parser);
- if (!help)
- fputc('\n', stderr);
- else if (help->longname)
- fprintf(stderr, _(" See --%s.\n"), help->longname);
- else
- fprintf(stderr, _(" See -%c.\n"), help->shortname);
- }
-
- return -1;
+ int i, nonargs;
+
+ if (!parser) {
+ fputs(_("ERROR: no parser provided.\n"), stderr);
+ return -1;
+ }
+ if (!values) {
+ fputs(_("ERROR: no values provided.\n"), stderr);
+ return -1;
+ }
+
+ if ((argc < 1) || (!argv))
+ ecore_app_args_get(&argc, &argv);
+
+ if (argc < 1) {
+ fputs(_("ERROR: no arguments provided.\n"), stderr);
+ return -1;
+ }
+
+ if (argv[0])
+ prog = argv[0];
+ else
+ prog = parser->prog;
+
+ nonargs =
+ _ecore_getopt_parse_find_nonargs_base(parser, argc, argv);
+ if (nonargs < 0)
+ goto error;
+
+ if (nonargs > argc)
+ nonargs = argc;
+
+ i = 1;
+ while (i < nonargs)
+ if (!_ecore_getopt_parse_arg
+ (parser, values, argc, argv, &i, &nonargs))
+ goto error;
+
+ return nonargs;
+
+ error:
+ {
+ const Ecore_Getopt_Desc *help;
+ fputs(_("ERROR: invalid options found."), stderr);
+
+ help = _ecore_getopt_find_help(parser);
+ if (!help)
+ fputc('\n', stderr);
+ else if (help->longname)
+ fprintf(stderr, _(" See --%s.\n"), help->longname);
+ else
+ fprintf(stderr, _(" See -%c.\n"), help->shortname);
+ }
+
+ return -1;
}
/**
@@ -1677,14 +1721,13 @@ ecore_getopt_parse(const Ecore_Getopt *parser, Ecore_Getopt_Value *values, int a
* @param list pointer to list to be freed.
* @return always NULL, so you can easily make your list head NULL.
*/
-Eina_List *
-ecore_getopt_list_free(Eina_List *list)
+Eina_List *ecore_getopt_list_free(Eina_List * list)
{
- void *data;
+ void *data;
- EINA_LIST_FREE(list, data)
- free(data);
- return NULL;
+ EINA_LIST_FREE(list, data)
+ free(data);
+ return NULL;
}
/**
@@ -1696,17 +1739,22 @@ ecore_getopt_list_free(Eina_List *list)
* @c callback_data value is ignored, you can safely use @c NULL.
*/
unsigned char
-ecore_getopt_callback_geometry_parse(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc __UNUSED__, const char *str, void *data __UNUSED__, Ecore_Getopt_Value *storage)
+ecore_getopt_callback_geometry_parse(const Ecore_Getopt *
+ parser __UNUSED__,
+ const Ecore_Getopt_Desc *
+ desc __UNUSED__, const char *str,
+ void *data __UNUSED__,
+ Ecore_Getopt_Value * storage)
{
- Eina_Rectangle *v = (Eina_Rectangle *)storage->ptrp;
+ Eina_Rectangle *v = (Eina_Rectangle *) storage->ptrp;
- if (sscanf(str, "%d:%d:%d:%d", &v->x, &v->y, &v->w, &v->h) != 4)
- {
- fprintf(stderr, _("ERROR: incorrect geometry value '%s'\n"), str);
- return 0;
- }
+ if (sscanf(str, "%d:%d:%d:%d", &v->x, &v->y, &v->w, &v->h) != 4) {
+ fprintf(stderr,
+ _("ERROR: incorrect geometry value '%s'\n"), str);
+ return 0;
+ }
- return 1;
+ return 1;
}
/**
@@ -1719,17 +1767,20 @@ ecore_getopt_callback_geometry_parse(const Ecore_Getopt *parser __UNUSED__, cons
* @c callback_data value is ignored, you can safely use @c NULL.
*/
unsigned char
-ecore_getopt_callback_size_parse(const Ecore_Getopt *parser __UNUSED__, const Ecore_Getopt_Desc *desc __UNUSED__, const char *str, void *data __UNUSED__, Ecore_Getopt_Value *storage)
+ecore_getopt_callback_size_parse(const Ecore_Getopt * parser __UNUSED__,
+ const Ecore_Getopt_Desc * desc __UNUSED__,
+ const char *str, void *data __UNUSED__,
+ Ecore_Getopt_Value * storage)
{
- Eina_Rectangle *v = (Eina_Rectangle *)storage->ptrp;
+ Eina_Rectangle *v = (Eina_Rectangle *) storage->ptrp;
- if (sscanf(str, "%dx%d", &v->w, &v->h) != 2)
- {
- fprintf(stderr, _("ERROR: incorrect size value '%s'\n"), str);
- return 0;
- }
- v->x = 0;
- v->y = 0;
+ if (sscanf(str, "%dx%d", &v->w, &v->h) != 2) {
+ fprintf(stderr, _("ERROR: incorrect size value '%s'\n"),
+ str);
+ return 0;
+ }
+ v->x = 0;
+ v->y = 0;
- return 1;
+ return 1;
}
diff --git a/tests/suite/ecore/src/lib/ecore_glib.c b/tests/suite/ecore/src/lib/ecore_glib.c
index 0972776ef0..d986d221cf 100644
--- a/tests/suite/ecore/src/lib/ecore_glib.c
+++ b/tests/suite/ecore/src/lib/ecore_glib.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
@@ -19,203 +19,207 @@ static const size_t ECORE_GLIB_FDS_INITIAL = 128;
static const size_t ECORE_GLIB_FDS_STEP = 8;
static const size_t ECORE_GLIB_FDS_MAX_FREE = 256;
-static Eina_Bool
-_ecore_glib_fds_resize(size_t size)
+static Eina_Bool _ecore_glib_fds_resize(size_t size)
{
- void *tmp = realloc(_ecore_glib_fds, sizeof(GPollFD) * size);
-
- if (!tmp)
- {
- ERR("Could not realloc from %zu to %zu buckets.",
- _ecore_glib_fds_size, size);
- return EINA_FALSE;
- }
-
- _ecore_glib_fds = tmp;
- _ecore_glib_fds_size = size;
- return EINA_TRUE;
+ void *tmp = realloc(_ecore_glib_fds, sizeof(GPollFD) * size);
+
+ if (!tmp) {
+ ERR("Could not realloc from %zu to %zu buckets.",
+ _ecore_glib_fds_size, size);
+ return EINA_FALSE;
+ }
+
+ _ecore_glib_fds = tmp;
+ _ecore_glib_fds_size = size;
+ return EINA_TRUE;
}
static int
-_ecore_glib_context_query(GMainContext *ctx, int priority, int *p_timer)
+_ecore_glib_context_query(GMainContext * ctx, int priority, int *p_timer)
{
- int reqfds;
-
- if (_ecore_glib_fds_size == 0)
- {
- if (!_ecore_glib_fds_resize(ECORE_GLIB_FDS_INITIAL)) return -1;
- }
-
- while (1)
- {
- size_t size;
-
- reqfds = g_main_context_query
- (ctx, priority, p_timer, _ecore_glib_fds, _ecore_glib_fds_size);
- if (reqfds <= (int)_ecore_glib_fds_size) break;
-
- size = (1 + reqfds / ECORE_GLIB_FDS_STEP) * ECORE_GLIB_FDS_STEP;
- if (!_ecore_glib_fds_resize(size)) return -1;
- }
-
- if (reqfds + ECORE_GLIB_FDS_MAX_FREE < _ecore_glib_fds_size)
- {
- size_t size;
-
- size = (1 + reqfds / ECORE_GLIB_FDS_MAX_FREE) * ECORE_GLIB_FDS_MAX_FREE;
- _ecore_glib_fds_resize(size);
- }
-
- return reqfds;
+ int reqfds;
+
+ if (_ecore_glib_fds_size == 0) {
+ if (!_ecore_glib_fds_resize(ECORE_GLIB_FDS_INITIAL))
+ return -1;
+ }
+
+ while (1) {
+ size_t size;
+
+ reqfds = g_main_context_query
+ (ctx, priority, p_timer, _ecore_glib_fds,
+ _ecore_glib_fds_size);
+ if (reqfds <= (int) _ecore_glib_fds_size)
+ break;
+
+ size =
+ (1 +
+ reqfds / ECORE_GLIB_FDS_STEP) * ECORE_GLIB_FDS_STEP;
+ if (!_ecore_glib_fds_resize(size))
+ return -1;
+ }
+
+ if (reqfds + ECORE_GLIB_FDS_MAX_FREE < _ecore_glib_fds_size) {
+ size_t size;
+
+ size =
+ (1 +
+ reqfds / ECORE_GLIB_FDS_MAX_FREE) *
+ ECORE_GLIB_FDS_MAX_FREE;
+ _ecore_glib_fds_resize(size);
+ }
+
+ return reqfds;
}
static int
-_ecore_glib_context_poll_from(const GPollFD *pfds, int count, fd_set *rfds, fd_set *wfds, fd_set *efds)
+_ecore_glib_context_poll_from(const GPollFD * pfds, int count,
+ fd_set * rfds, fd_set * wfds, fd_set * efds)
{
- const GPollFD *itr = pfds, *itr_end = pfds + count;
- int glib_fds = -1;
-
- for (; itr < itr_end; itr++)
- {
- if (glib_fds < itr->fd)
- glib_fds = itr->fd;
-
- if (itr->events & G_IO_IN)
- FD_SET(itr->fd, rfds);
- if (itr->events & G_IO_OUT)
- FD_SET(itr->fd, wfds);
- if (itr->events & (G_IO_HUP | G_IO_ERR))
- FD_SET(itr->fd, efds);
- }
-
- return glib_fds + 1;
+ const GPollFD *itr = pfds, *itr_end = pfds + count;
+ int glib_fds = -1;
+
+ for (; itr < itr_end; itr++) {
+ if (glib_fds < itr->fd)
+ glib_fds = itr->fd;
+
+ if (itr->events & G_IO_IN)
+ FD_SET(itr->fd, rfds);
+ if (itr->events & G_IO_OUT)
+ FD_SET(itr->fd, wfds);
+ if (itr->events & (G_IO_HUP | G_IO_ERR))
+ FD_SET(itr->fd, efds);
+ }
+
+ return glib_fds + 1;
}
static int
-_ecore_glib_context_poll_to(GPollFD *pfds, int count, const fd_set *rfds, const fd_set *wfds, const fd_set *efds, int ready)
+_ecore_glib_context_poll_to(GPollFD * pfds, int count, const fd_set * rfds,
+ const fd_set * wfds, const fd_set * efds,
+ int ready)
{
- GPollFD *itr = pfds, *itr_end = pfds + count;
-
- for (; itr < itr_end && ready > 0; itr++)
- {
- itr->revents = 0;
- if (FD_ISSET(itr->fd, rfds))
- {
- itr->revents |= G_IO_IN;
- ready--;
- }
- if (FD_ISSET(itr->fd, wfds))
- {
- itr->revents |= G_IO_OUT;
- ready--;
- }
- if (FD_ISSET(itr->fd, efds))
- {
- itr->revents |= G_IO_ERR;
- ready--;
- }
- }
- return ready;
+ GPollFD *itr = pfds, *itr_end = pfds + count;
+
+ for (; itr < itr_end && ready > 0; itr++) {
+ itr->revents = 0;
+ if (FD_ISSET(itr->fd, rfds)) {
+ itr->revents |= G_IO_IN;
+ ready--;
+ }
+ if (FD_ISSET(itr->fd, wfds)) {
+ itr->revents |= G_IO_OUT;
+ ready--;
+ }
+ if (FD_ISSET(itr->fd, efds)) {
+ itr->revents |= G_IO_ERR;
+ ready--;
+ }
+ }
+ return ready;
}
static int
-_ecore_glib_select__locked(GMainContext *ctx, int ecore_fds, fd_set *rfds, fd_set *wfds, fd_set *efds, struct timeval *ecore_timeout)
+_ecore_glib_select__locked(GMainContext * ctx, int ecore_fds,
+ fd_set * rfds, fd_set * wfds, fd_set * efds,
+ struct timeval *ecore_timeout)
{
- int priority, maxfds, glib_fds, reqfds, reqtimeout, ret;
- struct timeval *timeout, glib_timeout;
-
- g_main_context_prepare(ctx, &priority);
- reqfds = _ecore_glib_context_query(ctx, priority, &reqtimeout);
- if (reqfds < 0) goto error;
-
- glib_fds = _ecore_glib_context_poll_from
- (_ecore_glib_fds, reqfds, rfds, wfds, efds);
-
- if (reqtimeout == -1)
- timeout = ecore_timeout;
- else
- {
- glib_timeout.tv_sec = reqtimeout / 1000;
- glib_timeout.tv_usec = (reqtimeout % 1000) * 1000;
-
- if (!ecore_timeout || timercmp(ecore_timeout, &glib_timeout, >))
- timeout = &glib_timeout;
- else
- timeout = ecore_timeout;
- }
-
- maxfds = (ecore_fds >= glib_fds) ? ecore_fds : glib_fds;
- ret = _ecore_glib_select_original(maxfds, rfds, wfds, efds, timeout);
-
- ret = _ecore_glib_context_poll_to
- (_ecore_glib_fds, reqfds, rfds, wfds, efds, ret);
-
- if (g_main_context_check(ctx, priority, _ecore_glib_fds, reqfds))
- g_main_context_dispatch(ctx);
-
- return ret;
-
- error:
- return _ecore_glib_select_original
- (ecore_fds, rfds, wfds, efds, ecore_timeout);
+ int priority, maxfds, glib_fds, reqfds, reqtimeout, ret;
+ struct timeval *timeout, glib_timeout;
+
+ g_main_context_prepare(ctx, &priority);
+ reqfds = _ecore_glib_context_query(ctx, priority, &reqtimeout);
+ if (reqfds < 0)
+ goto error;
+
+ glib_fds = _ecore_glib_context_poll_from
+ (_ecore_glib_fds, reqfds, rfds, wfds, efds);
+
+ if (reqtimeout == -1)
+ timeout = ecore_timeout;
+ else {
+ glib_timeout.tv_sec = reqtimeout / 1000;
+ glib_timeout.tv_usec = (reqtimeout % 1000) * 1000;
+
+ if (!ecore_timeout
+ || timercmp(ecore_timeout, &glib_timeout, >))
+ timeout = &glib_timeout;
+ else
+ timeout = ecore_timeout;
+ }
+
+ maxfds = (ecore_fds >= glib_fds) ? ecore_fds : glib_fds;
+ ret =
+ _ecore_glib_select_original(maxfds, rfds, wfds, efds, timeout);
+
+ ret = _ecore_glib_context_poll_to
+ (_ecore_glib_fds, reqfds, rfds, wfds, efds, ret);
+
+ if (g_main_context_check(ctx, priority, _ecore_glib_fds, reqfds))
+ g_main_context_dispatch(ctx);
+
+ return ret;
+
+ error:
+ return _ecore_glib_select_original
+ (ecore_fds, rfds, wfds, efds, ecore_timeout);
}
static int
-_ecore_glib_select(int ecore_fds, fd_set *rfds, fd_set *wfds, fd_set *efds, struct timeval *ecore_timeout)
+_ecore_glib_select(int ecore_fds, fd_set * rfds, fd_set * wfds,
+ fd_set * efds, struct timeval *ecore_timeout)
{
- GStaticMutex lock = G_STATIC_MUTEX_INIT;
- GMutex *mutex = g_static_mutex_get_mutex(&lock);
- GMainContext *ctx = g_main_context_default();
- int ret;
+ GStaticMutex lock = G_STATIC_MUTEX_INIT;
+ GMutex *mutex = g_static_mutex_get_mutex(&lock);
+ GMainContext *ctx = g_main_context_default();
+ int ret;
- if (g_main_context_acquire(ctx))
- g_mutex_lock(mutex);
- else
- {
- if (!_ecore_glib_cond)
- _ecore_glib_cond = g_cond_new();
+ if (g_main_context_acquire(ctx))
+ g_mutex_lock(mutex);
+ else {
+ if (!_ecore_glib_cond)
+ _ecore_glib_cond = g_cond_new();
- while (!g_main_context_wait(ctx, _ecore_glib_cond, mutex))
- g_thread_yield();
- }
+ while (!g_main_context_wait(ctx, _ecore_glib_cond, mutex))
+ g_thread_yield();
+ }
- ret = _ecore_glib_select__locked
- (ctx, ecore_fds, rfds, wfds, efds, ecore_timeout);
+ ret = _ecore_glib_select__locked
+ (ctx, ecore_fds, rfds, wfds, efds, ecore_timeout);
- g_mutex_unlock(mutex);
- g_main_context_release(ctx);
+ g_mutex_unlock(mutex);
+ g_main_context_release(ctx);
- return ret;
+ return ret;
}
#endif
-void
-_ecore_glib_init(void)
+void _ecore_glib_init(void)
{
}
-void
-_ecore_glib_shutdown(void)
+void _ecore_glib_shutdown(void)
{
#ifdef HAVE_GLIB
- if (!_ecore_glib_active) return;
- _ecore_glib_active = EINA_FALSE;
-
- if (ecore_main_loop_select_func_get() == _ecore_glib_select)
- ecore_main_loop_select_func_set(_ecore_glib_select_original);
-
- if (_ecore_glib_fds)
- {
- free(_ecore_glib_fds);
- _ecore_glib_fds = NULL;
- }
- _ecore_glib_fds_size = 0;
-
- if (_ecore_glib_cond)
- {
- g_cond_free(_ecore_glib_cond);
- _ecore_glib_cond = NULL;
- }
+ if (!_ecore_glib_active)
+ return;
+ _ecore_glib_active = EINA_FALSE;
+
+ if (ecore_main_loop_select_func_get() == _ecore_glib_select)
+ ecore_main_loop_select_func_set
+ (_ecore_glib_select_original);
+
+ if (_ecore_glib_fds) {
+ free(_ecore_glib_fds);
+ _ecore_glib_fds = NULL;
+ }
+ _ecore_glib_fds_size = 0;
+
+ if (_ecore_glib_cond) {
+ g_cond_free(_ecore_glib_cond);
+ _ecore_glib_cond = NULL;
+ }
#endif
}
@@ -249,22 +253,23 @@ _ecore_glib_shutdown(void)
* @return @c EINA_TRUE on success of @c EINA_FALSE if it failed,
* likely no GLib support in Ecore.
*/
-EAPI Eina_Bool
-ecore_main_loop_glib_integrate(void)
+EAPI Eina_Bool ecore_main_loop_glib_integrate(void)
{
#ifdef HAVE_GLIB
- void *func;
-
- if (_ecore_glib_active) return EINA_TRUE;
- func = ecore_main_loop_select_func_get();
- if (func == _ecore_glib_select) return EINA_TRUE;
- _ecore_glib_select_original = func;
- ecore_main_loop_select_func_set(_ecore_glib_select);
- _ecore_glib_active = EINA_TRUE;
- return EINA_TRUE;
+ void *func;
+
+ if (_ecore_glib_active)
+ return EINA_TRUE;
+ func = ecore_main_loop_select_func_get();
+ if (func == _ecore_glib_select)
+ return EINA_TRUE;
+ _ecore_glib_select_original = func;
+ ecore_main_loop_select_func_set(_ecore_glib_select);
+ _ecore_glib_active = EINA_TRUE;
+ return EINA_TRUE;
#else
- fputs("ERROR: no glib support in ecore.\n", stderr);
- return EINA_FALSE;
+ fputs("ERROR: no glib support in ecore.\n", stderr);
+ return EINA_FALSE;
#endif
}
@@ -279,8 +284,7 @@ Eina_Bool _ecore_glib_always_integrate = 1;
* This is for apps that explicitly do not want this to happen for whatever
* reasons they may have.
*/
-EAPI void
-ecore_main_loop_glib_always_integrate_disable(void)
+EAPI void ecore_main_loop_glib_always_integrate_disable(void)
{
- _ecore_glib_always_integrate = 0;
+ _ecore_glib_always_integrate = 0;
}
diff --git a/tests/suite/ecore/src/lib/ecore_idle_enterer.c b/tests/suite/ecore/src/lib/ecore_idle_enterer.c
index 2b827ce93e..62c340f109 100644
--- a/tests/suite/ecore/src/lib/ecore_idle_enterer.c
+++ b/tests/suite/ecore/src/lib/ecore_idle_enterer.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -8,20 +8,19 @@
#include "ecore_private.h"
-struct _Ecore_Idle_Enterer
-{
- EINA_INLIST;
- ECORE_MAGIC;
- Ecore_Task_Cb func;
- void *data;
- int references;
- Eina_Bool delete_me : 1;
+struct _Ecore_Idle_Enterer {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ Ecore_Task_Cb func;
+ void *data;
+ int references;
+ Eina_Bool delete_me:1;
};
static Ecore_Idle_Enterer *idle_enterers = NULL;
static Ecore_Idle_Enterer *idle_enterer_current = NULL;
-static int idle_enterers_delete_me = 0;
+static int idle_enterers_delete_me = 0;
/**
* Add an idle enterer handler.
@@ -31,19 +30,24 @@ static int idle_enterers_delete_me = 0;
* NULL is returned.
* @ingroup Idle_Group
*/
-EAPI Ecore_Idle_Enterer *
-ecore_idle_enterer_add(Ecore_Task_Cb func, const void *data)
+EAPI Ecore_Idle_Enterer *ecore_idle_enterer_add(Ecore_Task_Cb func,
+ const void *data)
{
- Ecore_Idle_Enterer *ie;
-
- if (!func) return NULL;
- ie = calloc(1, sizeof(Ecore_Idle_Enterer));
- if (!ie) return NULL;
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_IDLE_ENTERER);
- ie->func = func;
- ie->data = (void *)data;
- idle_enterers = (Ecore_Idle_Enterer *) eina_inlist_append(EINA_INLIST_GET(idle_enterers), EINA_INLIST_GET(ie));
- return ie;
+ Ecore_Idle_Enterer *ie;
+
+ if (!func)
+ return NULL;
+ ie = calloc(1, sizeof(Ecore_Idle_Enterer));
+ if (!ie)
+ return NULL;
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_IDLE_ENTERER);
+ ie->func = func;
+ ie->data = (void *) data;
+ idle_enterers =
+ (Ecore_Idle_Enterer *)
+ eina_inlist_append(EINA_INLIST_GET(idle_enterers),
+ EINA_INLIST_GET(ie));
+ return ie;
}
/**
@@ -54,19 +58,24 @@ ecore_idle_enterer_add(Ecore_Task_Cb func, const void *data)
* NULL is returned.
* @ingroup Idle_Group
*/
-EAPI Ecore_Idle_Enterer *
-ecore_idle_enterer_before_add(Ecore_Task_Cb func, const void *data)
+EAPI Ecore_Idle_Enterer *ecore_idle_enterer_before_add(Ecore_Task_Cb func,
+ const void *data)
{
- Ecore_Idle_Enterer *ie;
-
- if (!func) return NULL;
- ie = calloc(1, sizeof(Ecore_Idle_Enterer));
- if (!ie) return NULL;
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_IDLE_ENTERER);
- ie->func = func;
- ie->data = (void *)data;
- idle_enterers = (Ecore_Idle_Enterer *) eina_inlist_prepend(EINA_INLIST_GET(idle_enterers), EINA_INLIST_GET(ie));
- return ie;
+ Ecore_Idle_Enterer *ie;
+
+ if (!func)
+ return NULL;
+ ie = calloc(1, sizeof(Ecore_Idle_Enterer));
+ if (!ie)
+ return NULL;
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_IDLE_ENTERER);
+ ie->func = func;
+ ie->data = (void *) data;
+ idle_enterers =
+ (Ecore_Idle_Enterer *)
+ eina_inlist_prepend(EINA_INLIST_GET(idle_enterers),
+ EINA_INLIST_GET(ie));
+ return ie;
}
/**
@@ -76,96 +85,94 @@ ecore_idle_enterer_before_add(Ecore_Task_Cb func, const void *data)
* NULL otherwise.
* @ingroup Idle_Group
*/
-EAPI void *
-ecore_idle_enterer_del(Ecore_Idle_Enterer *idle_enterer)
+EAPI void *ecore_idle_enterer_del(Ecore_Idle_Enterer * idle_enterer)
{
- if (!ECORE_MAGIC_CHECK(idle_enterer, ECORE_MAGIC_IDLE_ENTERER))
- {
- ECORE_MAGIC_FAIL(idle_enterer, ECORE_MAGIC_IDLE_ENTERER,
- "ecore_idle_enterer_del");
- return NULL;
- }
- EINA_SAFETY_ON_TRUE_RETURN_VAL(idle_enterer->delete_me, NULL);
- idle_enterer->delete_me = 1;
- idle_enterers_delete_me = 1;
- return idle_enterer->data;
+ if (!ECORE_MAGIC_CHECK(idle_enterer, ECORE_MAGIC_IDLE_ENTERER)) {
+ ECORE_MAGIC_FAIL(idle_enterer, ECORE_MAGIC_IDLE_ENTERER,
+ "ecore_idle_enterer_del");
+ return NULL;
+ }
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(idle_enterer->delete_me, NULL);
+ idle_enterer->delete_me = 1;
+ idle_enterers_delete_me = 1;
+ return idle_enterer->data;
}
-void
-_ecore_idle_enterer_shutdown(void)
+void _ecore_idle_enterer_shutdown(void)
{
- Ecore_Idle_Enterer *ie;
- while ((ie = idle_enterers))
- {
- idle_enterers = (Ecore_Idle_Enterer *) eina_inlist_remove(EINA_INLIST_GET(idle_enterers), EINA_INLIST_GET(idle_enterers));
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
- free(ie);
- }
- idle_enterers_delete_me = 0;
- idle_enterer_current = NULL;
+ Ecore_Idle_Enterer *ie;
+ while ((ie = idle_enterers)) {
+ idle_enterers =
+ (Ecore_Idle_Enterer *)
+ eina_inlist_remove(EINA_INLIST_GET(idle_enterers),
+ EINA_INLIST_GET(idle_enterers));
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
+ free(ie);
+ }
+ idle_enterers_delete_me = 0;
+ idle_enterer_current = NULL;
}
-void
-_ecore_idle_enterer_call(void)
+void _ecore_idle_enterer_call(void)
{
- if (!idle_enterer_current)
- {
- /* regular main loop, start from head */
- idle_enterer_current = idle_enterers;
- }
- else
- {
- /* recursive main loop, continue from where we were */
- idle_enterer_current =
- (Ecore_Idle_Enterer *)EINA_INLIST_GET(idle_enterer_current)->next;
- }
-
- while (idle_enterer_current)
- {
- Ecore_Idle_Enterer *ie = (Ecore_Idle_Enterer *)idle_enterer_current;
- if (!ie->delete_me)
- {
- ie->references++;
- if (!ie->func(ie->data))
- {
- if (!ie->delete_me) ecore_idle_enterer_del(ie);
- }
- ie->references--;
- }
- if (idle_enterer_current) /* may have changed in recursive main loops */
- idle_enterer_current =
- (Ecore_Idle_Enterer *)EINA_INLIST_GET(idle_enterer_current)->next;
- }
- if (idle_enterers_delete_me)
- {
- Ecore_Idle_Enterer *l;
- int deleted_idler_enterers_in_use = 0;
-
- for (l = idle_enterers; l;)
- {
- Ecore_Idle_Enterer *ie = l;
- l = (Ecore_Idle_Enterer *) EINA_INLIST_GET(l)->next;
- if (ie->delete_me)
- {
- if (ie->references)
- {
- deleted_idler_enterers_in_use++;
- continue;
- }
-
- idle_enterers = (Ecore_Idle_Enterer *) eina_inlist_remove(EINA_INLIST_GET(idle_enterers), EINA_INLIST_GET(ie));
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
- free(ie);
- }
- }
- if (!deleted_idler_enterers_in_use)
- idle_enterers_delete_me = 0;
- }
+ if (!idle_enterer_current) {
+ /* regular main loop, start from head */
+ idle_enterer_current = idle_enterers;
+ } else {
+ /* recursive main loop, continue from where we were */
+ idle_enterer_current =
+ (Ecore_Idle_Enterer *)
+ EINA_INLIST_GET(idle_enterer_current)->next;
+ }
+
+ while (idle_enterer_current) {
+ Ecore_Idle_Enterer *ie =
+ (Ecore_Idle_Enterer *) idle_enterer_current;
+ if (!ie->delete_me) {
+ ie->references++;
+ if (!ie->func(ie->data)) {
+ if (!ie->delete_me)
+ ecore_idle_enterer_del(ie);
+ }
+ ie->references--;
+ }
+ if (idle_enterer_current) /* may have changed in recursive main loops */
+ idle_enterer_current =
+ (Ecore_Idle_Enterer *)
+ EINA_INLIST_GET(idle_enterer_current)->next;
+ }
+ if (idle_enterers_delete_me) {
+ Ecore_Idle_Enterer *l;
+ int deleted_idler_enterers_in_use = 0;
+
+ for (l = idle_enterers; l;) {
+ Ecore_Idle_Enterer *ie = l;
+ l = (Ecore_Idle_Enterer *) EINA_INLIST_GET(l)->
+ next;
+ if (ie->delete_me) {
+ if (ie->references) {
+ deleted_idler_enterers_in_use++;
+ continue;
+ }
+
+ idle_enterers =
+ (Ecore_Idle_Enterer *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (idle_enterers),
+ EINA_INLIST_GET
+ (ie));
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
+ free(ie);
+ }
+ }
+ if (!deleted_idler_enterers_in_use)
+ idle_enterers_delete_me = 0;
+ }
}
-int
-_ecore_idle_enterer_exist(void)
+int _ecore_idle_enterer_exist(void)
{
- if (idle_enterers) return 1;
- return 0;
+ if (idle_enterers)
+ return 1;
+ return 0;
}
diff --git a/tests/suite/ecore/src/lib/ecore_idle_exiter.c b/tests/suite/ecore/src/lib/ecore_idle_exiter.c
index d8234e3001..0e9dbaf622 100644
--- a/tests/suite/ecore/src/lib/ecore_idle_exiter.c
+++ b/tests/suite/ecore/src/lib/ecore_idle_exiter.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -8,20 +8,19 @@
#include "ecore_private.h"
-struct _Ecore_Idle_Exiter
-{
- EINA_INLIST;
- ECORE_MAGIC;
- Ecore_Task_Cb func;
- void *data;
- int references;
- Eina_Bool delete_me : 1;
+struct _Ecore_Idle_Exiter {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ Ecore_Task_Cb func;
+ void *data;
+ int references;
+ Eina_Bool delete_me:1;
};
static Ecore_Idle_Exiter *idle_exiters = NULL;
static Ecore_Idle_Exiter *idle_exiter_current = NULL;
-static int idle_exiters_delete_me = 0;
+static int idle_exiters_delete_me = 0;
/**
* Add an idle exiter handler.
@@ -30,19 +29,24 @@ static int idle_exiters_delete_me = 0;
* @return A handle to the idle exiter callback on success. NULL otherwise.
* @ingroup Idle_Group
*/
-EAPI Ecore_Idle_Exiter *
-ecore_idle_exiter_add(Ecore_Task_Cb func, const void *data)
+EAPI Ecore_Idle_Exiter *ecore_idle_exiter_add(Ecore_Task_Cb func,
+ const void *data)
{
- Ecore_Idle_Exiter *ie;
-
- if (!func) return NULL;
- ie = calloc(1, sizeof(Ecore_Idle_Exiter));
- if (!ie) return NULL;
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_IDLE_EXITER);
- ie->func = func;
- ie->data = (void *)data;
- idle_exiters = (Ecore_Idle_Exiter *) eina_inlist_append(EINA_INLIST_GET(idle_exiters), EINA_INLIST_GET(ie));
- return ie;
+ Ecore_Idle_Exiter *ie;
+
+ if (!func)
+ return NULL;
+ ie = calloc(1, sizeof(Ecore_Idle_Exiter));
+ if (!ie)
+ return NULL;
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_IDLE_EXITER);
+ ie->func = func;
+ ie->data = (void *) data;
+ idle_exiters =
+ (Ecore_Idle_Exiter *)
+ eina_inlist_append(EINA_INLIST_GET(idle_exiters),
+ EINA_INLIST_GET(ie));
+ return ie;
}
/**
@@ -52,97 +56,94 @@ ecore_idle_exiter_add(Ecore_Task_Cb func, const void *data)
* successful. NULL otherwise.
* @ingroup Idle_Group
*/
-EAPI void *
-ecore_idle_exiter_del(Ecore_Idle_Exiter *idle_exiter)
+EAPI void *ecore_idle_exiter_del(Ecore_Idle_Exiter * idle_exiter)
{
- if (!ECORE_MAGIC_CHECK(idle_exiter, ECORE_MAGIC_IDLE_EXITER))
- {
- ECORE_MAGIC_FAIL(idle_exiter, ECORE_MAGIC_IDLE_EXITER,
- "ecore_idle_exiter_del");
- return NULL;
- }
- EINA_SAFETY_ON_TRUE_RETURN_VAL(idle_exiter->delete_me, NULL);
- idle_exiter->delete_me = 1;
- idle_exiters_delete_me = 1;
- return idle_exiter->data;
+ if (!ECORE_MAGIC_CHECK(idle_exiter, ECORE_MAGIC_IDLE_EXITER)) {
+ ECORE_MAGIC_FAIL(idle_exiter, ECORE_MAGIC_IDLE_EXITER,
+ "ecore_idle_exiter_del");
+ return NULL;
+ }
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(idle_exiter->delete_me, NULL);
+ idle_exiter->delete_me = 1;
+ idle_exiters_delete_me = 1;
+ return idle_exiter->data;
}
-void
-_ecore_idle_exiter_shutdown(void)
+void _ecore_idle_exiter_shutdown(void)
{
- Ecore_Idle_Exiter *ie;
- while ((ie = idle_exiters))
- {
- idle_exiters = (Ecore_Idle_Exiter *) eina_inlist_remove(EINA_INLIST_GET(idle_exiters), EINA_INLIST_GET(idle_exiters));
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
- free(ie);
- }
- idle_exiters_delete_me = 0;
- idle_exiter_current = NULL;
+ Ecore_Idle_Exiter *ie;
+ while ((ie = idle_exiters)) {
+ idle_exiters =
+ (Ecore_Idle_Exiter *)
+ eina_inlist_remove(EINA_INLIST_GET(idle_exiters),
+ EINA_INLIST_GET(idle_exiters));
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
+ free(ie);
+ }
+ idle_exiters_delete_me = 0;
+ idle_exiter_current = NULL;
}
-void
-_ecore_idle_exiter_call(void)
+void _ecore_idle_exiter_call(void)
{
- if (!idle_exiter_current)
- {
- /* regular main loop, start from head */
- idle_exiter_current = idle_exiters;
- }
- else
- {
- /* recursive main loop, continue from where we were */
- idle_exiter_current =
- (Ecore_Idle_Exiter *)EINA_INLIST_GET(idle_exiter_current)->next;
- }
-
- while (idle_exiter_current)
- {
- Ecore_Idle_Exiter *ie = (Ecore_Idle_Exiter *)idle_exiter_current;
- if (!ie->delete_me)
- {
- ie->references++;
- if (!ie->func(ie->data))
- {
- if (!ie->delete_me) ecore_idle_exiter_del(ie);
- }
- ie->references--;
- }
- if (idle_exiter_current) /* may have changed in recursive main loops */
- idle_exiter_current =
- (Ecore_Idle_Exiter *)EINA_INLIST_GET(idle_exiter_current)->next;
- }
- if (idle_exiters_delete_me)
- {
- Ecore_Idle_Exiter *l;
- int deleted_idler_exiters_in_use = 0;
-
- for (l = idle_exiters; l;)
- {
- Ecore_Idle_Exiter *ie = l;
-
- l = (Ecore_Idle_Exiter *) EINA_INLIST_GET(l)->next;
- if (ie->delete_me)
- {
- if (ie->references)
- {
- deleted_idler_exiters_in_use++;
- continue;
- }
-
- idle_exiters = (Ecore_Idle_Exiter *) eina_inlist_remove(EINA_INLIST_GET(idle_exiters), EINA_INLIST_GET(ie));
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
- free(ie);
- }
- }
- if (!deleted_idler_exiters_in_use)
- idle_exiters_delete_me = 0;
- }
+ if (!idle_exiter_current) {
+ /* regular main loop, start from head */
+ idle_exiter_current = idle_exiters;
+ } else {
+ /* recursive main loop, continue from where we were */
+ idle_exiter_current =
+ (Ecore_Idle_Exiter *)
+ EINA_INLIST_GET(idle_exiter_current)->next;
+ }
+
+ while (idle_exiter_current) {
+ Ecore_Idle_Exiter *ie =
+ (Ecore_Idle_Exiter *) idle_exiter_current;
+ if (!ie->delete_me) {
+ ie->references++;
+ if (!ie->func(ie->data)) {
+ if (!ie->delete_me)
+ ecore_idle_exiter_del(ie);
+ }
+ ie->references--;
+ }
+ if (idle_exiter_current) /* may have changed in recursive main loops */
+ idle_exiter_current =
+ (Ecore_Idle_Exiter *)
+ EINA_INLIST_GET(idle_exiter_current)->next;
+ }
+ if (idle_exiters_delete_me) {
+ Ecore_Idle_Exiter *l;
+ int deleted_idler_exiters_in_use = 0;
+
+ for (l = idle_exiters; l;) {
+ Ecore_Idle_Exiter *ie = l;
+
+ l = (Ecore_Idle_Exiter *) EINA_INLIST_GET(l)->next;
+ if (ie->delete_me) {
+ if (ie->references) {
+ deleted_idler_exiters_in_use++;
+ continue;
+ }
+
+ idle_exiters =
+ (Ecore_Idle_Exiter *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (idle_exiters),
+ EINA_INLIST_GET
+ (ie));
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
+ free(ie);
+ }
+ }
+ if (!deleted_idler_exiters_in_use)
+ idle_exiters_delete_me = 0;
+ }
}
-int
-_ecore_idle_exiter_exist(void)
+int _ecore_idle_exiter_exist(void)
{
- if (idle_exiters) return 1;
- return 0;
+ if (idle_exiters)
+ return 1;
+ return 0;
}
diff --git a/tests/suite/ecore/src/lib/ecore_idler.c b/tests/suite/ecore/src/lib/ecore_idler.c
index 8f1c8206b6..d5cd74c760 100644
--- a/tests/suite/ecore/src/lib/ecore_idler.c
+++ b/tests/suite/ecore/src/lib/ecore_idler.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -8,20 +8,19 @@
#include "ecore_private.h"
-struct _Ecore_Idler
-{
- EINA_INLIST;
- ECORE_MAGIC;
- Ecore_Task_Cb func;
- void *data;
- int references;
- Eina_Bool delete_me : 1;
+struct _Ecore_Idler {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ Ecore_Task_Cb func;
+ void *data;
+ int references;
+ Eina_Bool delete_me:1;
};
static Ecore_Idler *idlers = NULL;
static Ecore_Idler *idler_current = NULL;
-static int idlers_delete_me = 0;
+static int idlers_delete_me = 0;
/**
* Add an idler handler.
@@ -38,19 +37,22 @@ static int idlers_delete_me = 0;
*
* Idlers are useful for progressively prossessing data without blocking.
*/
-EAPI Ecore_Idler *
-ecore_idler_add(Ecore_Task_Cb func, const void *data)
+EAPI Ecore_Idler *ecore_idler_add(Ecore_Task_Cb func, const void *data)
{
- Ecore_Idler *ie;
+ Ecore_Idler *ie;
- if (!func) return NULL;
- ie = calloc(1, sizeof(Ecore_Idler));
- if (!ie) return NULL;
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_IDLER);
- ie->func = func;
- ie->data = (void *)data;
- idlers = (Ecore_Idler *) eina_inlist_append(EINA_INLIST_GET(idlers), EINA_INLIST_GET(ie));
- return ie;
+ if (!func)
+ return NULL;
+ ie = calloc(1, sizeof(Ecore_Idler));
+ if (!ie)
+ return NULL;
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_IDLER);
+ ie->func = func;
+ ie->data = (void *) data;
+ idlers =
+ (Ecore_Idler *) eina_inlist_append(EINA_INLIST_GET(idlers),
+ EINA_INLIST_GET(ie));
+ return ie;
}
/**
@@ -60,95 +62,93 @@ ecore_idler_add(Ecore_Task_Cb func, const void *data)
* otherwise.
* @ingroup Idle_Group
*/
-EAPI void *
-ecore_idler_del(Ecore_Idler *idler)
+EAPI void *ecore_idler_del(Ecore_Idler * idler)
{
- if (!ECORE_MAGIC_CHECK(idler, ECORE_MAGIC_IDLER))
- {
- ECORE_MAGIC_FAIL(idler, ECORE_MAGIC_IDLER,
- "ecore_idler_del");
- return NULL;
- }
- EINA_SAFETY_ON_TRUE_RETURN_VAL(idler->delete_me, NULL);
- idler->delete_me = 1;
- idlers_delete_me = 1;
- return idler->data;
+ if (!ECORE_MAGIC_CHECK(idler, ECORE_MAGIC_IDLER)) {
+ ECORE_MAGIC_FAIL(idler, ECORE_MAGIC_IDLER,
+ "ecore_idler_del");
+ return NULL;
+ }
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(idler->delete_me, NULL);
+ idler->delete_me = 1;
+ idlers_delete_me = 1;
+ return idler->data;
}
-void
-_ecore_idler_shutdown(void)
+void _ecore_idler_shutdown(void)
{
- Ecore_Idler *ie;
- while ((ie = idlers))
- {
- idlers = (Ecore_Idler *) eina_inlist_remove(EINA_INLIST_GET(idlers), EINA_INLIST_GET(idlers));
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
- free(ie);
- }
- idlers_delete_me = 0;
- idler_current = NULL;
+ Ecore_Idler *ie;
+ while ((ie = idlers)) {
+ idlers =
+ (Ecore_Idler *)
+ eina_inlist_remove(EINA_INLIST_GET(idlers),
+ EINA_INLIST_GET(idlers));
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
+ free(ie);
+ }
+ idlers_delete_me = 0;
+ idler_current = NULL;
}
-int
-_ecore_idler_call(void)
+int _ecore_idler_call(void)
{
- if (!idler_current)
- {
- /* regular main loop, start from head */
- idler_current = idlers;
- }
- else
- {
- /* recursive main loop, continue from where we were */
- idler_current = (Ecore_Idler *)EINA_INLIST_GET(idler_current)->next;
- }
+ if (!idler_current) {
+ /* regular main loop, start from head */
+ idler_current = idlers;
+ } else {
+ /* recursive main loop, continue from where we were */
+ idler_current =
+ (Ecore_Idler *) EINA_INLIST_GET(idler_current)->next;
+ }
- while (idler_current)
- {
- Ecore_Idler *ie = (Ecore_Idler *)idler_current;
- if (!ie->delete_me)
- {
- ie->references++;
- if (!ie->func(ie->data))
- {
- if (!ie->delete_me) ecore_idler_del(ie);
- }
- ie->references--;
- }
- if (idler_current) /* may have changed in recursive main loops */
- idler_current = (Ecore_Idler *)EINA_INLIST_GET(idler_current)->next;
- }
- if (idlers_delete_me)
- {
- Ecore_Idler *l;
- int deleted_idlers_in_use = 0;
- for (l = idlers; l;)
- {
- Ecore_Idler *ie = l;
- l = (Ecore_Idler *) EINA_INLIST_GET(l)->next;
- if (ie->delete_me)
- {
- if (ie->references)
- {
- deleted_idlers_in_use++;
- continue;
- }
+ while (idler_current) {
+ Ecore_Idler *ie = (Ecore_Idler *) idler_current;
+ if (!ie->delete_me) {
+ ie->references++;
+ if (!ie->func(ie->data)) {
+ if (!ie->delete_me)
+ ecore_idler_del(ie);
+ }
+ ie->references--;
+ }
+ if (idler_current) /* may have changed in recursive main loops */
+ idler_current =
+ (Ecore_Idler *)
+ EINA_INLIST_GET(idler_current)->next;
+ }
+ if (idlers_delete_me) {
+ Ecore_Idler *l;
+ int deleted_idlers_in_use = 0;
+ for (l = idlers; l;) {
+ Ecore_Idler *ie = l;
+ l = (Ecore_Idler *) EINA_INLIST_GET(l)->next;
+ if (ie->delete_me) {
+ if (ie->references) {
+ deleted_idlers_in_use++;
+ continue;
+ }
- idlers = (Ecore_Idler *) eina_inlist_remove(EINA_INLIST_GET(idlers), EINA_INLIST_GET(ie));
- ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
- free(ie);
- }
- }
- if (!deleted_idlers_in_use)
- idlers_delete_me = 0;
- }
- if (idlers) return 1;
- return 0;
+ idlers =
+ (Ecore_Idler *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (idlers),
+ EINA_INLIST_GET
+ (ie));
+ ECORE_MAGIC_SET(ie, ECORE_MAGIC_NONE);
+ free(ie);
+ }
+ }
+ if (!deleted_idlers_in_use)
+ idlers_delete_me = 0;
+ }
+ if (idlers)
+ return 1;
+ return 0;
}
-int
-_ecore_idler_exist(void)
+int _ecore_idler_exist(void)
{
- if (idlers) return 1;
- return 0;
+ if (idlers)
+ return 1;
+ return 0;
}
diff --git a/tests/suite/ecore/src/lib/ecore_job.c b/tests/suite/ecore/src/lib/ecore_job.c
index cd519f732c..e9a8de169e 100644
--- a/tests/suite/ecore/src/lib/ecore_job.c
+++ b/tests/suite/ecore/src/lib/ecore_job.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -11,28 +11,27 @@ static Eina_Bool _ecore_job_event_handler(void *data, int type, void *ev);
static void _ecore_job_event_free(void *data, void *ev);
static int ecore_event_job_type = 0;
-static Ecore_Event_Handler* _ecore_job_handler = NULL;
+static Ecore_Event_Handler *_ecore_job_handler = NULL;
-struct _Ecore_Job
-{
- ECORE_MAGIC;
- Ecore_Event *event;
- Ecore_Cb func;
- void *data;
+struct _Ecore_Job {
+ ECORE_MAGIC;
+ Ecore_Event *event;
+ Ecore_Cb func;
+ void *data;
};
-void
-_ecore_job_init(void)
+void _ecore_job_init(void)
{
- ecore_event_job_type = ecore_event_type_new();
- _ecore_job_handler = ecore_event_handler_add(ecore_event_job_type, _ecore_job_event_handler, NULL);
+ ecore_event_job_type = ecore_event_type_new();
+ _ecore_job_handler =
+ ecore_event_handler_add(ecore_event_job_type,
+ _ecore_job_event_handler, NULL);
}
-void
-_ecore_job_shutdown(void)
+void _ecore_job_shutdown(void)
{
- ecore_event_handler_del(_ecore_job_handler);
- _ecore_job_handler = NULL;
+ ecore_event_handler_del(_ecore_job_handler);
+ _ecore_job_handler = NULL;
}
/**
@@ -45,25 +44,27 @@ _ecore_job_shutdown(void)
* @ingroup Ecore_Job_Group
* @note Once the job has been executed, the job handle is invalid.
*/
-EAPI Ecore_Job *
-ecore_job_add(Ecore_Cb func, const void *data)
+EAPI Ecore_Job *ecore_job_add(Ecore_Cb func, const void *data)
{
- Ecore_Job *job;
-
- if (!func) return NULL;
+ Ecore_Job *job;
+
+ if (!func)
+ return NULL;
- job = calloc(1, sizeof(Ecore_Job));
- if (!job) return NULL;
- ECORE_MAGIC_SET(job, ECORE_MAGIC_JOB);
- job->event = ecore_event_add(ecore_event_job_type, job, _ecore_job_event_free, NULL);
- if (!job->event)
- {
- free(job);
- return NULL;
- }
- job->func = func;
- job->data = (void *)data;
- return job;
+ job = calloc(1, sizeof(Ecore_Job));
+ if (!job)
+ return NULL;
+ ECORE_MAGIC_SET(job, ECORE_MAGIC_JOB);
+ job->event =
+ ecore_event_add(ecore_event_job_type, job,
+ _ecore_job_event_free, NULL);
+ if (!job->event) {
+ free(job);
+ return NULL;
+ }
+ job->func = func;
+ job->data = (void *) data;
+ return job;
}
/**
@@ -72,35 +73,32 @@ ecore_job_add(Ecore_Cb func, const void *data)
* @return The data pointer that was to be passed to the job.
* @ingroup Ecore_Job_Group
*/
-EAPI void *
-ecore_job_del(Ecore_Job *job)
+EAPI void *ecore_job_del(Ecore_Job * job)
{
- void *data;
-
- if (!ECORE_MAGIC_CHECK(job, ECORE_MAGIC_JOB))
- {
- ECORE_MAGIC_FAIL(job, ECORE_MAGIC_JOB,
- "ecore_job_del");
- return NULL;
- }
- data = job->data;
- ECORE_MAGIC_SET(job, ECORE_MAGIC_NONE);
- ecore_event_del(job->event);
- return data;
+ void *data;
+
+ if (!ECORE_MAGIC_CHECK(job, ECORE_MAGIC_JOB)) {
+ ECORE_MAGIC_FAIL(job, ECORE_MAGIC_JOB, "ecore_job_del");
+ return NULL;
+ }
+ data = job->data;
+ ECORE_MAGIC_SET(job, ECORE_MAGIC_NONE);
+ ecore_event_del(job->event);
+ return data;
}
static Eina_Bool
-_ecore_job_event_handler(void *data __UNUSED__, int type __UNUSED__, void *ev)
+_ecore_job_event_handler(void *data __UNUSED__, int type __UNUSED__,
+ void *ev)
{
- Ecore_Job *job;
-
- job = ev;
- job->func(job->data);
- return ECORE_CALLBACK_CANCEL;
+ Ecore_Job *job;
+
+ job = ev;
+ job->func(job->data);
+ return ECORE_CALLBACK_CANCEL;
}
-static void
-_ecore_job_event_free(void *data __UNUSED__, void *ev)
+static void _ecore_job_event_free(void *data __UNUSED__, void *ev)
{
- free(ev);
+ free(ev);
}
diff --git a/tests/suite/ecore/src/lib/ecore_main.c b/tests/suite/ecore/src/lib/ecore_main.c
index de507dae0d..6c22589114 100644
--- a/tests/suite/ecore/src/lib/ecore_main.c
+++ b/tests/suite/ecore/src/lib/ecore_main.c
@@ -1,19 +1,19 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#ifdef _WIN32
-# define WIN32_LEAN_AND_MEAN
-# include <winsock2.h>
-# undef WIN32_LEAN_AND_MEAN
-# ifndef USER_TIMER_MINIMUM
-# define USER_TIMER_MINIMUM 0x0a
-# endif
+#define WIN32_LEAN_AND_MEAN
+#include <winsock2.h>
+#undef WIN32_LEAN_AND_MEAN
+#ifndef USER_TIMER_MINIMUM
+#define USER_TIMER_MINIMUM 0x0a
+#endif
#endif
#ifdef __SUNPRO_C
-# include <ieeefp.h>
-# include <string.h>
+#include <ieeefp.h>
+#include <string.h>
#endif
#include <stdlib.h>
@@ -25,98 +25,97 @@
#ifndef _MSC_VER
#include <sys/time.h>
-# include <unistd.h>
+#include <unistd.h>
#else
-# include <float.h>
+#include <float.h>
#endif
#define FIX_HZ 1
#ifdef FIX_HZ
-# ifndef _MSC_VER
-# include <sys/param.h>
-# endif
-# ifndef HZ
-# define HZ 100
-# endif
+#ifndef _MSC_VER
+#include <sys/param.h>
+#endif
+#ifndef HZ
+#define HZ 100
+#endif
#endif
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "Ecore.h"
#include "ecore_private.h"
#ifdef HAVE_SYS_EPOLL_H
-# define HAVE_EPOLL
-# include <sys/epoll.h>
+#define HAVE_EPOLL
+#include <sys/epoll.h>
#endif
#ifdef USE_G_MAIN_LOOP
#include <glib.h>
#endif
-struct _Ecore_Fd_Handler
-{
- EINA_INLIST;
- ECORE_MAGIC;
- int fd;
- Ecore_Fd_Handler_Flags flags;
- Ecore_Fd_Cb func;
- void *data;
- Ecore_Fd_Cb buf_func;
- void *buf_data;
- Ecore_Fd_Prep_Cb prep_func;
- void *prep_data;
- int references;
- Eina_Bool read_active : 1;
- Eina_Bool write_active : 1;
- Eina_Bool error_active : 1;
- Eina_Bool delete_me : 1;
+struct _Ecore_Fd_Handler {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ int fd;
+ Ecore_Fd_Handler_Flags flags;
+ Ecore_Fd_Cb func;
+ void *data;
+ Ecore_Fd_Cb buf_func;
+ void *buf_data;
+ Ecore_Fd_Prep_Cb prep_func;
+ void *prep_data;
+ int references;
+ Eina_Bool read_active:1;
+ Eina_Bool write_active:1;
+ Eina_Bool error_active:1;
+ Eina_Bool delete_me:1;
};
#ifdef _WIN32
-struct _Ecore_Win32_Handler
-{
- EINA_INLIST;
- ECORE_MAGIC;
- HANDLE h;
- Ecore_Fd_Win32_Cb func;
- void *data;
- int references;
- Eina_Bool delete_me : 1;
+struct _Ecore_Win32_Handler {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ HANDLE h;
+ Ecore_Fd_Win32_Cb func;
+ void *data;
+ int references;
+ Eina_Bool delete_me:1;
};
#endif
-static int _ecore_main_select(double timeout);
+static int _ecore_main_select(double timeout);
static void _ecore_main_prepare_handlers(void);
static void _ecore_main_fd_handlers_cleanup(void);
#ifndef _WIN32
static void _ecore_main_fd_handlers_bads_rem(void);
#endif
static void _ecore_main_fd_handlers_call(void);
-static int _ecore_main_fd_handlers_buf_call(void);
+static int _ecore_main_fd_handlers_buf_call(void);
#ifndef USE_G_MAIN_LOOP
static void _ecore_main_loop_iterate_internal(int once_only);
#endif
#ifdef _WIN32
-static int _ecore_main_win32_select(int nfds, fd_set *readfds, fd_set *writefds,
- fd_set *exceptfds, struct timeval *timeout);
+static int _ecore_main_win32_select(int nfds, fd_set * readfds,
+ fd_set * writefds, fd_set * exceptfds,
+ struct timeval *timeout);
static void _ecore_main_win32_handlers_cleanup(void);
#endif
-static int in_main_loop = 0;
-static int do_quit = 0;
+static int in_main_loop = 0;
+static int do_quit = 0;
static Ecore_Fd_Handler *fd_handlers = NULL;
static Ecore_Fd_Handler *fd_handler_current = NULL;
-static int fd_handlers_delete_me = 0;
+static int fd_handlers_delete_me = 0;
#ifdef _WIN32
static Ecore_Win32_Handler *win32_handlers = NULL;
static Ecore_Win32_Handler *win32_handler_current = NULL;
-static int win32_handlers_delete_me = 0;
+static int win32_handlers_delete_me = 0;
#endif
#ifdef _WIN32
@@ -125,8 +124,8 @@ static Ecore_Select_Function main_loop_select = _ecore_main_win32_select;
static Ecore_Select_Function main_loop_select = select;
#endif
-static double t1 = 0.0;
-static double t2 = 0.0;
+static double t1 = 0.0;
+static double t2 = 0.0;
#ifdef HAVE_EPOLL
static int epoll_fd = -1;
@@ -136,127 +135,133 @@ static int epoll_fd = -1;
static GSource *ecore_epoll_source;
static GPollFD ecore_epoll_fd;
static guint ecore_epoll_id;
-static GMainLoop* ecore_main_loop;
+static GMainLoop *ecore_main_loop;
static gboolean ecore_idling;
static gboolean ecore_fds_ready;
#endif
#ifdef HAVE_EPOLL
-static inline int _ecore_poll_events_from_fdh(Ecore_Fd_Handler *fdh)
+static inline int _ecore_poll_events_from_fdh(Ecore_Fd_Handler * fdh)
{
- int events = 0;
- if (fdh->flags & ECORE_FD_READ) events |= EPOLLIN;
- if (fdh->flags & ECORE_FD_WRITE) events |= EPOLLOUT;
- if (fdh->flags & ECORE_FD_ERROR) events |= EPOLLERR;
- return events;
+ int events = 0;
+ if (fdh->flags & ECORE_FD_READ)
+ events |= EPOLLIN;
+ if (fdh->flags & ECORE_FD_WRITE)
+ events |= EPOLLOUT;
+ if (fdh->flags & ECORE_FD_ERROR)
+ events |= EPOLLERR;
+ return events;
}
#else
-static inline int _ecore_poll_events_from_fdh(Ecore_Fd_Handler *fdh __UNUSED__)
+static inline int _ecore_poll_events_from_fdh(Ecore_Fd_Handler *
+ fdh __UNUSED__)
{
- return 0;
+ return 0;
}
#endif
#ifdef HAVE_EPOLL
-static inline int _ecore_main_fdh_epoll_add(Ecore_Fd_Handler *fdh)
+static inline int _ecore_main_fdh_epoll_add(Ecore_Fd_Handler * fdh)
{
- int r = 0;
- struct epoll_event ev;
-
- memset(&ev, 0, sizeof (ev));
- ev.events = _ecore_poll_events_from_fdh(fdh);
- ev.data.ptr = fdh;
- INF("adding poll on %d %08x", fdh->fd, ev.events);
- r = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fdh->fd, &ev);
- return r;
+ int r = 0;
+ struct epoll_event ev;
+
+ memset(&ev, 0, sizeof(ev));
+ ev.events = _ecore_poll_events_from_fdh(fdh);
+ ev.data.ptr = fdh;
+ INF("adding poll on %d %08x", fdh->fd, ev.events);
+ r = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fdh->fd, &ev);
+ return r;
}
#else
-static inline int _ecore_main_fdh_epoll_add(Ecore_Fd_Handler *fdh __UNUSED__)
+static inline int _ecore_main_fdh_epoll_add(Ecore_Fd_Handler *
+ fdh __UNUSED__)
{
- return 0;
+ return 0;
}
#endif
#ifdef HAVE_EPOLL
-static inline void _ecore_main_fdh_epoll_del(Ecore_Fd_Handler *fdh)
+static inline void _ecore_main_fdh_epoll_del(Ecore_Fd_Handler * fdh)
{
- struct epoll_event ev;
-
- memset(&ev, 0, sizeof (ev));
- INF("removing poll on %d", fdh->fd);
- /* could get an EBADF if somebody closed the FD before removing it */
- if ((epoll_ctl(epoll_fd, EPOLL_CTL_DEL, fdh->fd, &ev) < 0) &&
- (errno != EBADF))
- {
- ERR("Failed to delete epoll fd %d! (errno=%d)", fdh->fd, errno);
- }
+ struct epoll_event ev;
+
+ memset(&ev, 0, sizeof(ev));
+ INF("removing poll on %d", fdh->fd);
+ /* could get an EBADF if somebody closed the FD before removing it */
+ if ((epoll_ctl(epoll_fd, EPOLL_CTL_DEL, fdh->fd, &ev) < 0) &&
+ (errno != EBADF)) {
+ ERR("Failed to delete epoll fd %d! (errno=%d)", fdh->fd,
+ errno);
+ }
}
#else
-static inline void _ecore_main_fdh_epoll_del(Ecore_Fd_Handler *fdh __UNUSED__)
+static inline void _ecore_main_fdh_epoll_del(Ecore_Fd_Handler *
+ fdh __UNUSED__)
{
}
#endif
#ifdef HAVE_EPOLL
-static inline int _ecore_main_fdh_epoll_modify(Ecore_Fd_Handler *fdh)
+static inline int _ecore_main_fdh_epoll_modify(Ecore_Fd_Handler * fdh)
{
- int r = 0;
- struct epoll_event ev;
-
- memset(&ev, 0, sizeof (ev));
- ev.events = _ecore_poll_events_from_fdh(fdh);
- ev.data.ptr = fdh;
- INF("modifing epoll on %d to %08x", fdh->fd, ev.events);
- r = epoll_ctl(epoll_fd, EPOLL_CTL_MOD, fdh->fd, &ev);
- return r;
+ int r = 0;
+ struct epoll_event ev;
+
+ memset(&ev, 0, sizeof(ev));
+ ev.events = _ecore_poll_events_from_fdh(fdh);
+ ev.data.ptr = fdh;
+ INF("modifing epoll on %d to %08x", fdh->fd, ev.events);
+ r = epoll_ctl(epoll_fd, EPOLL_CTL_MOD, fdh->fd, &ev);
+ return r;
}
#else
-static inline int _ecore_main_fdh_epoll_modify(Ecore_Fd_Handler *fdh __UNUSED__)
+static inline int _ecore_main_fdh_epoll_modify(Ecore_Fd_Handler *
+ fdh __UNUSED__)
{
- return 0;
+ return 0;
}
#endif
#ifdef HAVE_EPOLL
static inline int _ecore_main_fdh_epoll_mark_active(void)
{
- struct epoll_event ev[32];
- int i, ret;
-
- memset(&ev, 0, sizeof (ev));
- ret = epoll_wait(epoll_fd, ev, sizeof(ev) / sizeof(struct epoll_event), 0);
- if (ret < 0)
- {
- if (errno == EINTR) return -1;
- ERR("epoll_wait failed %d", errno);
- return -1;
- }
-
- for (i = 0; i < ret; i++)
- {
- Ecore_Fd_Handler *fdh;
-
- fdh = ev[i].data.ptr;
- if (!ECORE_MAGIC_CHECK(fdh, ECORE_MAGIC_FD_HANDLER))
- {
- ECORE_MAGIC_FAIL(fdh, ECORE_MAGIC_FD_HANDLER,
- "_ecore_main_fdh_epoll_mark_active");
- continue;
- }
- if (fdh->delete_me)
- {
- ERR("deleted fd in epoll");
- continue;
- }
- if (ev->events & EPOLLIN)
- fdh->read_active = 1;
- if (ev->events & EPOLLOUT)
- fdh->write_active = 1;
- if (ev->events & EPOLLERR)
- fdh->error_active = 1;
- }
-
- return ret;
+ struct epoll_event ev[32];
+ int i, ret;
+
+ memset(&ev, 0, sizeof(ev));
+ ret =
+ epoll_wait(epoll_fd, ev,
+ sizeof(ev) / sizeof(struct epoll_event), 0);
+ if (ret < 0) {
+ if (errno == EINTR)
+ return -1;
+ ERR("epoll_wait failed %d", errno);
+ return -1;
+ }
+
+ for (i = 0; i < ret; i++) {
+ Ecore_Fd_Handler *fdh;
+
+ fdh = ev[i].data.ptr;
+ if (!ECORE_MAGIC_CHECK(fdh, ECORE_MAGIC_FD_HANDLER)) {
+ ECORE_MAGIC_FAIL(fdh, ECORE_MAGIC_FD_HANDLER,
+ "_ecore_main_fdh_epoll_mark_active");
+ continue;
+ }
+ if (fdh->delete_me) {
+ ERR("deleted fd in epoll");
+ continue;
+ }
+ if (ev->events & EPOLLIN)
+ fdh->read_active = 1;
+ if (ev->events & EPOLLOUT)
+ fdh->write_active = 1;
+ if (ev->events & EPOLLERR)
+ fdh->error_active = 1;
+ }
+
+ return ret;
}
#endif
@@ -264,194 +269,178 @@ static inline int _ecore_main_fdh_epoll_mark_active(void)
/* like we are about to enter main_loop_select in _ecore_main_select */
static gboolean
-_ecore_main_gsource_prepare(GSource *source, gint *next_time)
+_ecore_main_gsource_prepare(GSource * source, gint * next_time)
{
- double t = _ecore_timer_next_get();
- gboolean running;
-
- INF("enter, next timeout in %.1f", t);
- in_main_loop++;
-
- if (!ecore_idling)
- {
- while (_ecore_timer_call(_ecore_time_loop_time));
- _ecore_timer_cleanup();
-
- /* when idling, busy loop checking the fds only */
- if (!ecore_idling) _ecore_idle_enterer_call();
- }
-
- /* don't check fds if somebody quit */
- running = g_main_loop_is_running(ecore_main_loop);
- if (running)
- {
- /* only set idling state in dispatch */
- if (ecore_idling && !_ecore_idler_exist())
- {
- if (_ecore_timers_exists())
- {
- double t = _ecore_timer_next_get();
- *next_time = (t / 1000.0);
- }
- else
- *next_time = -1;
- }
- else
- *next_time = 0;
-
- _ecore_main_prepare_handlers();
- }
-
- in_main_loop--;
- INF("leave, timeout = %d", *next_time);
-
- /* ready if we're not running (about to quit) */
- return !running;
+ double t = _ecore_timer_next_get();
+ gboolean running;
+
+ INF("enter, next timeout in %.1f", t);
+ in_main_loop++;
+
+ if (!ecore_idling) {
+ while (_ecore_timer_call(_ecore_time_loop_time));
+ _ecore_timer_cleanup();
+
+ /* when idling, busy loop checking the fds only */
+ if (!ecore_idling)
+ _ecore_idle_enterer_call();
+ }
+
+ /* don't check fds if somebody quit */
+ running = g_main_loop_is_running(ecore_main_loop);
+ if (running) {
+ /* only set idling state in dispatch */
+ if (ecore_idling && !_ecore_idler_exist()) {
+ if (_ecore_timers_exists()) {
+ double t = _ecore_timer_next_get();
+ *next_time = (t / 1000.0);
+ } else
+ *next_time = -1;
+ } else
+ *next_time = 0;
+
+ _ecore_main_prepare_handlers();
+ }
+
+ in_main_loop--;
+ INF("leave, timeout = %d", *next_time);
+
+ /* ready if we're not running (about to quit) */
+ return !running;
}
-static gboolean
-_ecore_main_gsource_check(GSource *source)
+static gboolean _ecore_main_gsource_check(GSource * source)
{
- INF("enter");
- in_main_loop++;
+ INF("enter");
+ in_main_loop++;
- ecore_fds_ready = (_ecore_main_fdh_epoll_mark_active() > 0);
- _ecore_main_fd_handlers_cleanup();
+ ecore_fds_ready = (_ecore_main_fdh_epoll_mark_active() > 0);
+ _ecore_main_fd_handlers_cleanup();
- _ecore_time_loop_time = ecore_time_get();
- _ecore_timer_enable_new();
+ _ecore_time_loop_time = ecore_time_get();
+ _ecore_timer_enable_new();
- in_main_loop--;
- INF("leave");
+ in_main_loop--;
+ INF("leave");
- return TRUE; /* always dispatch */
+ return TRUE; /* always dispatch */
}
/* like we just came out of main_loop_select in _ecore_main_select */
static gboolean
-_ecore_main_gsource_dispatch(GSource *source, GSourceFunc callback, gpointer user_data)
+_ecore_main_gsource_dispatch(GSource * source, GSourceFunc callback,
+ gpointer user_data)
{
- gboolean events_ready, timers_ready, idlers_ready, signals_ready;
- double next_time = _ecore_timer_next_get();
-
- events_ready = _ecore_event_exist();
- timers_ready = _ecore_timers_exists() && (0.0 <= next_time);
- idlers_ready = _ecore_idler_exist();
- signals_ready = (_ecore_signal_count_get() > 0);
-
- in_main_loop++;
- INF("enter idling=%d fds=%d events=%d signals=%d timers=%d (next=%.2f) idlers=%d",
- ecore_idling, ecore_fds_ready, events_ready, signals_ready,
- _ecore_timers_exists(), next_time, idlers_ready);
-
- if (ecore_idling && events_ready)
- {
- INF("calling idle exiters");
- _ecore_idle_exiter_call();
- ecore_idling = 0;
- }
- else if (!ecore_idling && !events_ready)
- {
- INF("start idling");
- ecore_idling = 1;
- }
-
- if (ecore_idling)
- {
- INF("calling idler");
- _ecore_idler_call();
-
- events_ready = _ecore_event_exist();
- timers_ready = _ecore_timers_exists() && (0.0 <= next_time);
- idlers_ready = _ecore_idler_exist();
-
- if ((ecore_fds_ready || events_ready || timers_ready || idlers_ready || signals_ready))
- {
- INF("calling idle exiters");
- _ecore_idle_exiter_call();
- ecore_idling = 0;
- }
- }
-
- /* process events */
- if (!ecore_idling)
- {
- INF("work");
- _ecore_main_fd_handlers_call();
- _ecore_main_fd_handlers_buf_call();
- while (_ecore_signal_count_get()) _ecore_signal_call();
- _ecore_event_call();
- _ecore_main_fd_handlers_cleanup();
- }
-
- in_main_loop--;
-
- INF("leave");
-
- return TRUE; /* what should be returned here? */
+ gboolean events_ready, timers_ready, idlers_ready, signals_ready;
+ double next_time = _ecore_timer_next_get();
+
+ events_ready = _ecore_event_exist();
+ timers_ready = _ecore_timers_exists() && (0.0 <= next_time);
+ idlers_ready = _ecore_idler_exist();
+ signals_ready = (_ecore_signal_count_get() > 0);
+
+ in_main_loop++;
+ INF("enter idling=%d fds=%d events=%d signals=%d timers=%d (next=%.2f) idlers=%d", ecore_idling, ecore_fds_ready, events_ready, signals_ready, _ecore_timers_exists(), next_time, idlers_ready);
+
+ if (ecore_idling && events_ready) {
+ INF("calling idle exiters");
+ _ecore_idle_exiter_call();
+ ecore_idling = 0;
+ } else if (!ecore_idling && !events_ready) {
+ INF("start idling");
+ ecore_idling = 1;
+ }
+
+ if (ecore_idling) {
+ INF("calling idler");
+ _ecore_idler_call();
+
+ events_ready = _ecore_event_exist();
+ timers_ready = _ecore_timers_exists()
+ && (0.0 <= next_time);
+ idlers_ready = _ecore_idler_exist();
+
+ if ((ecore_fds_ready || events_ready || timers_ready
+ || idlers_ready || signals_ready)) {
+ INF("calling idle exiters");
+ _ecore_idle_exiter_call();
+ ecore_idling = 0;
+ }
+ }
+
+ /* process events */
+ if (!ecore_idling) {
+ INF("work");
+ _ecore_main_fd_handlers_call();
+ _ecore_main_fd_handlers_buf_call();
+ while (_ecore_signal_count_get())
+ _ecore_signal_call();
+ _ecore_event_call();
+ _ecore_main_fd_handlers_cleanup();
+ }
+
+ in_main_loop--;
+
+ INF("leave");
+
+ return TRUE; /* what should be returned here? */
}
-static void
-_ecore_main_gsource_finalize(GSource *source)
+static void _ecore_main_gsource_finalize(GSource * source)
{
- INF("finalize");
+ INF("finalize");
}
-static GSourceFuncs ecore_gsource_funcs =
-{
- .prepare = _ecore_main_gsource_prepare,
- .check = _ecore_main_gsource_check,
- .dispatch = _ecore_main_gsource_dispatch,
- .finalize = _ecore_main_gsource_finalize,
+static GSourceFuncs ecore_gsource_funcs = {
+ .prepare = _ecore_main_gsource_prepare,
+ .check = _ecore_main_gsource_check,
+ .dispatch = _ecore_main_gsource_dispatch,
+ .finalize = _ecore_main_gsource_finalize,
};
#endif
-void
-_ecore_main_loop_init(void)
+void _ecore_main_loop_init(void)
{
- INF("enter");
+ INF("enter");
#ifdef HAVE_EPOLL
- epoll_fd = epoll_create(1);
- if (epoll_fd < 0)
- CRIT("Failed to create epoll fd!");
+ epoll_fd = epoll_create(1);
+ if (epoll_fd < 0)
+ CRIT("Failed to create epoll fd!");
#endif
#ifdef USE_G_MAIN_LOOP
- ecore_epoll_source = g_source_new(&ecore_gsource_funcs, sizeof (GSource));
- if (!ecore_epoll_source)
- CRIT("Failed to create glib source for epoll!");
- else
- {
- ecore_epoll_fd.fd = epoll_fd;
- ecore_epoll_fd.events = G_IO_IN;
- ecore_epoll_fd.revents = 0;
- g_source_add_poll(ecore_epoll_source, &ecore_epoll_fd);
- ecore_epoll_id = g_source_attach(ecore_epoll_source, NULL);
- if (ecore_epoll_id <= 0)
- CRIT("Failed to attach glib source to default context");
- }
+ ecore_epoll_source =
+ g_source_new(&ecore_gsource_funcs, sizeof(GSource));
+ if (!ecore_epoll_source)
+ CRIT("Failed to create glib source for epoll!");
+ else {
+ ecore_epoll_fd.fd = epoll_fd;
+ ecore_epoll_fd.events = G_IO_IN;
+ ecore_epoll_fd.revents = 0;
+ g_source_add_poll(ecore_epoll_source, &ecore_epoll_fd);
+ ecore_epoll_id = g_source_attach(ecore_epoll_source, NULL);
+ if (ecore_epoll_id <= 0)
+ CRIT("Failed to attach glib source to default context");
+ }
#endif
- INF("leave");
+ INF("leave");
}
-void
-_ecore_main_loop_shutdown(void)
+void _ecore_main_loop_shutdown(void)
{
#ifdef USE_G_MAIN_LOOP
- if (ecore_epoll_source)
- {
- g_source_destroy(ecore_epoll_source);
- ecore_epoll_source = NULL;
- }
+ if (ecore_epoll_source) {
+ g_source_destroy(ecore_epoll_source);
+ ecore_epoll_source = NULL;
+ }
#endif
#ifdef HAVE_EPOLL
- if (epoll_fd >= 0)
- {
- close(epoll_fd);
- epoll_fd = -1;
- }
+ if (epoll_fd >= 0) {
+ close(epoll_fd);
+ epoll_fd = -1;
+ }
#endif
}
@@ -481,13 +470,12 @@ _ecore_main_loop_shutdown(void)
* queue.
* @ingroup Ecore_Main_Loop_Group
*/
-EAPI void
-ecore_main_loop_iterate(void)
+EAPI void ecore_main_loop_iterate(void)
{
#ifndef USE_G_MAIN_LOOP
- _ecore_main_loop_iterate_internal(1);
+ _ecore_main_loop_iterate_internal(1);
#else
- g_main_context_iteration(NULL, 1);
+ g_main_context_iteration(NULL, 1);
#endif
}
@@ -498,17 +486,17 @@ ecore_main_loop_iterate(void)
*
* @ingroup Ecore_Main_Loop_Group
*/
-EAPI void
-ecore_main_loop_begin(void)
+EAPI void ecore_main_loop_begin(void)
{
#ifndef USE_G_MAIN_LOOP
- in_main_loop++;
- while (do_quit == 0) _ecore_main_loop_iterate_internal(0);
- do_quit = 0;
- in_main_loop--;
+ in_main_loop++;
+ while (do_quit == 0)
+ _ecore_main_loop_iterate_internal(0);
+ do_quit = 0;
+ in_main_loop--;
#else
- ecore_main_loop = g_main_loop_new(NULL, FALSE);
- g_main_loop_run(ecore_main_loop);
+ ecore_main_loop = g_main_loop_new(NULL, FALSE);
+ g_main_loop_run(ecore_main_loop);
#endif
}
@@ -517,15 +505,14 @@ ecore_main_loop_begin(void)
* been processed.
* @ingroup Ecore_Main_Loop_Group
*/
-EAPI void
-ecore_main_loop_quit(void)
+EAPI void ecore_main_loop_quit(void)
{
#ifndef USE_G_MAIN_LOOP
- do_quit = 1;
+ do_quit = 1;
#else
- INF("enter");
- g_main_loop_quit(ecore_main_loop);
- INF("leave");
+ INF("enter");
+ g_main_loop_quit(ecore_main_loop);
+ INF("leave");
#endif
}
@@ -542,10 +529,9 @@ ecore_main_loop_quit(void)
*
* @ingroup Ecore_Main_Loop_Group
*/
-EAPI void
-ecore_main_loop_select_func_set(Ecore_Select_Function func)
+EAPI void ecore_main_loop_select_func_set(Ecore_Select_Function func)
{
- main_loop_select = func;
+ main_loop_select = func;
}
/**
@@ -554,10 +540,9 @@ ecore_main_loop_select_func_set(Ecore_Select_Function func)
*
* @ingroup Ecore_Main_Loop_Group
*/
-EAPI void *
-ecore_main_loop_select_func_get(void)
+EAPI void *ecore_main_loop_select_func_get(void)
{
- return main_loop_select;
+ return main_loop_select;
}
/**
@@ -598,65 +583,75 @@ ecore_main_loop_select_func_get(void)
* @return A fd handler handle if successful. @c NULL otherwise.
* @ingroup Ecore_FD_Handler_Group
*/
-EAPI Ecore_Fd_Handler *
-ecore_main_fd_handler_add(int fd, Ecore_Fd_Handler_Flags flags, Ecore_Fd_Cb func, const void *data,
- Ecore_Fd_Cb buf_func, const void *buf_data)
+EAPI Ecore_Fd_Handler *ecore_main_fd_handler_add(int fd,
+ Ecore_Fd_Handler_Flags
+ flags, Ecore_Fd_Cb func,
+ const void *data,
+ Ecore_Fd_Cb buf_func,
+ const void *buf_data)
{
- Ecore_Fd_Handler *fdh;
-
- if ((fd < 0) || (flags == 0) || (!func)) return NULL;
-
- fdh = calloc(1, sizeof(Ecore_Fd_Handler));
- if (!fdh) return NULL;
- ECORE_MAGIC_SET(fdh, ECORE_MAGIC_FD_HANDLER);
- fdh->fd = fd;
- fdh->flags = flags;
- if (0 > _ecore_main_fdh_epoll_add(fdh))
- {
- ERR("Failed to add epoll fd %d (errno = %d)!", fd, errno);
- free(fdh);
- return NULL;
- }
- fdh->read_active = 0;
- fdh->write_active = 0;
- fdh->error_active = 0;
- fdh->delete_me = 0;
- fdh->func = func;
- fdh->data = (void *)data;
- fdh->buf_func = buf_func;
- fdh->buf_data = (void *)buf_data;
- fd_handlers = (Ecore_Fd_Handler *)
- eina_inlist_append(EINA_INLIST_GET(fd_handlers),
- EINA_INLIST_GET(fdh));
- return fdh;
+ Ecore_Fd_Handler *fdh;
+
+ if ((fd < 0) || (flags == 0) || (!func))
+ return NULL;
+
+ fdh = calloc(1, sizeof(Ecore_Fd_Handler));
+ if (!fdh)
+ return NULL;
+ ECORE_MAGIC_SET(fdh, ECORE_MAGIC_FD_HANDLER);
+ fdh->fd = fd;
+ fdh->flags = flags;
+ if (0 > _ecore_main_fdh_epoll_add(fdh)) {
+ ERR("Failed to add epoll fd %d (errno = %d)!", fd, errno);
+ free(fdh);
+ return NULL;
+ }
+ fdh->read_active = 0;
+ fdh->write_active = 0;
+ fdh->error_active = 0;
+ fdh->delete_me = 0;
+ fdh->func = func;
+ fdh->data = (void *) data;
+ fdh->buf_func = buf_func;
+ fdh->buf_data = (void *) buf_data;
+ fd_handlers = (Ecore_Fd_Handler *)
+ eina_inlist_append(EINA_INLIST_GET(fd_handlers),
+ EINA_INLIST_GET(fdh));
+ return fdh;
}
#ifdef _WIN32
-EAPI Ecore_Win32_Handler *
-ecore_main_win32_handler_add(void *h, Ecore_Fd_Win32_Cb func, const void *data)
+EAPI Ecore_Win32_Handler *ecore_main_win32_handler_add(void *h,
+ Ecore_Fd_Win32_Cb
+ func,
+ const void *data)
{
- Ecore_Win32_Handler *wh;
-
- if (!h || !func) return NULL;
-
- wh = calloc(1, sizeof(Ecore_Win32_Handler));
- if (!wh) return NULL;
- ECORE_MAGIC_SET(wh, ECORE_MAGIC_WIN32_HANDLER);
- wh->h = (HANDLE)h;
- wh->delete_me = 0;
- wh->func = func;
- wh->data = (void *)data;
- win32_handlers = (Ecore_Win32_Handler *)
- eina_inlist_append(EINA_INLIST_GET(win32_handlers),
- EINA_INLIST_GET(wh));
- return wh;
+ Ecore_Win32_Handler *wh;
+
+ if (!h || !func)
+ return NULL;
+
+ wh = calloc(1, sizeof(Ecore_Win32_Handler));
+ if (!wh)
+ return NULL;
+ ECORE_MAGIC_SET(wh, ECORE_MAGIC_WIN32_HANDLER);
+ wh->h = (HANDLE) h;
+ wh->delete_me = 0;
+ wh->func = func;
+ wh->data = (void *) data;
+ win32_handlers = (Ecore_Win32_Handler *)
+ eina_inlist_append(EINA_INLIST_GET(win32_handlers),
+ EINA_INLIST_GET(wh));
+ return wh;
}
#else
-EAPI Ecore_Win32_Handler *
-ecore_main_win32_handler_add(void *h __UNUSED__, Ecore_Fd_Win32_Cb func __UNUSED__,
- const void *data __UNUSED__)
+EAPI Ecore_Win32_Handler *ecore_main_win32_handler_add(void *h __UNUSED__,
+ Ecore_Fd_Win32_Cb
+ func __UNUSED__,
+ const void *data
+ __UNUSED__)
{
- return NULL;
+ return NULL;
}
#endif
@@ -672,54 +667,52 @@ ecore_main_win32_handler_add(void *h __UNUSED__, Ecore_Fd_Win32_Cb func __UNUSED
* crashes and instability. Remember to delete your fd handlers before the
* fd's they listen to are closed.
*/
-EAPI void *
-ecore_main_fd_handler_del(Ecore_Fd_Handler *fd_handler)
+EAPI void *ecore_main_fd_handler_del(Ecore_Fd_Handler * fd_handler)
{
- if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER))
- {
- ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
- "ecore_main_fd_handler_del");
- return NULL;
- }
- fd_handler->delete_me = 1;
- fd_handlers_delete_me = 1;
- _ecore_main_fdh_epoll_del(fd_handler);
- return fd_handler->data;
+ if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER)) {
+ ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
+ "ecore_main_fd_handler_del");
+ return NULL;
+ }
+ fd_handler->delete_me = 1;
+ fd_handlers_delete_me = 1;
+ _ecore_main_fdh_epoll_del(fd_handler);
+ return fd_handler->data;
}
#ifdef _WIN32
-EAPI void *
-ecore_main_win32_handler_del(Ecore_Win32_Handler *win32_handler)
+EAPI void *ecore_main_win32_handler_del(Ecore_Win32_Handler *
+ win32_handler)
{
- if (!ECORE_MAGIC_CHECK(win32_handler, ECORE_MAGIC_WIN32_HANDLER))
- {
- ECORE_MAGIC_FAIL(win32_handler, ECORE_MAGIC_WIN32_HANDLER,
- "ecore_main_win32_handler_del");
- return NULL;
- }
- win32_handler->delete_me = 1;
- win32_handlers_delete_me = 1;
- return win32_handler->data;
+ if (!ECORE_MAGIC_CHECK(win32_handler, ECORE_MAGIC_WIN32_HANDLER)) {
+ ECORE_MAGIC_FAIL(win32_handler, ECORE_MAGIC_WIN32_HANDLER,
+ "ecore_main_win32_handler_del");
+ return NULL;
+ }
+ win32_handler->delete_me = 1;
+ win32_handlers_delete_me = 1;
+ return win32_handler->data;
}
#else
-EAPI void *
-ecore_main_win32_handler_del(Ecore_Win32_Handler *win32_handler __UNUSED__)
+EAPI void *ecore_main_win32_handler_del(Ecore_Win32_Handler *
+ win32_handler __UNUSED__)
{
- return NULL;
+ return NULL;
}
#endif
EAPI void
-ecore_main_fd_handler_prepare_callback_set(Ecore_Fd_Handler *fd_handler, Ecore_Fd_Prep_Cb func, const void *data)
+ecore_main_fd_handler_prepare_callback_set(Ecore_Fd_Handler * fd_handler,
+ Ecore_Fd_Prep_Cb func,
+ const void *data)
{
- if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER))
- {
- ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
- "ecore_main_fd_handler_prepare_callback_set");
- return;
- }
- fd_handler->prep_func = func;
- fd_handler->prep_data = (void *) data;
+ if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER)) {
+ ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
+ "ecore_main_fd_handler_prepare_callback_set");
+ return;
+ }
+ fd_handler->prep_func = func;
+ fd_handler->prep_data = (void *) data;
}
/**
@@ -728,16 +721,14 @@ ecore_main_fd_handler_prepare_callback_set(Ecore_Fd_Handler *fd_handler, Ecore_F
* @return The file descriptor the handler is watching.
* @ingroup Ecore_FD_Handler_Group
*/
-EAPI int
-ecore_main_fd_handler_fd_get(Ecore_Fd_Handler *fd_handler)
+EAPI int ecore_main_fd_handler_fd_get(Ecore_Fd_Handler * fd_handler)
{
- if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER))
- {
- ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
- "ecore_main_fd_handler_fd_get");
- return -1;
- }
- return fd_handler->fd;
+ if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER)) {
+ ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
+ "ecore_main_fd_handler_fd_get");
+ return -1;
+ }
+ return fd_handler->fd;
}
/**
@@ -750,20 +741,23 @@ ecore_main_fd_handler_fd_get(Ecore_Fd_Handler *fd_handler)
* @ingroup Ecore_FD_Handler_Group
*/
EAPI Eina_Bool
-ecore_main_fd_handler_active_get(Ecore_Fd_Handler *fd_handler, Ecore_Fd_Handler_Flags flags)
+ecore_main_fd_handler_active_get(Ecore_Fd_Handler * fd_handler,
+ Ecore_Fd_Handler_Flags flags)
{
- int ret = EINA_FALSE;
-
- if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER))
- {
- ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
- "ecore_main_fd_handler_active_get");
- return EINA_FALSE;
- }
- if ((flags & ECORE_FD_READ) && (fd_handler->read_active)) ret = EINA_TRUE;
- if ((flags & ECORE_FD_WRITE) && (fd_handler->write_active)) ret = EINA_TRUE;
- if ((flags & ECORE_FD_ERROR) && (fd_handler->error_active)) ret = EINA_TRUE;
- return ret;
+ int ret = EINA_FALSE;
+
+ if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER)) {
+ ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
+ "ecore_main_fd_handler_active_get");
+ return EINA_FALSE;
+ }
+ if ((flags & ECORE_FD_READ) && (fd_handler->read_active))
+ ret = EINA_TRUE;
+ if ((flags & ECORE_FD_WRITE) && (fd_handler->write_active))
+ ret = EINA_TRUE;
+ if ((flags & ECORE_FD_ERROR) && (fd_handler->error_active))
+ ret = EINA_TRUE;
+ return ret;
}
/**
@@ -773,681 +767,649 @@ ecore_main_fd_handler_active_get(Ecore_Fd_Handler *fd_handler, Ecore_Fd_Handler_
* @ingroup Ecore_FD_Handler_Group
*/
EAPI void
-ecore_main_fd_handler_active_set(Ecore_Fd_Handler *fd_handler, Ecore_Fd_Handler_Flags flags)
+ecore_main_fd_handler_active_set(Ecore_Fd_Handler * fd_handler,
+ Ecore_Fd_Handler_Flags flags)
{
- if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER))
- {
- ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
- "ecore_main_fd_handler_active_set");
- return;
- }
- fd_handler->flags = flags;
- if (0 > _ecore_main_fdh_epoll_modify(fd_handler))
- {
- ERR("Failed to mod epoll fd %d!", fd_handler->fd);
- }
+ if (!ECORE_MAGIC_CHECK(fd_handler, ECORE_MAGIC_FD_HANDLER)) {
+ ECORE_MAGIC_FAIL(fd_handler, ECORE_MAGIC_FD_HANDLER,
+ "ecore_main_fd_handler_active_set");
+ return;
+ }
+ fd_handler->flags = flags;
+ if (0 > _ecore_main_fdh_epoll_modify(fd_handler)) {
+ ERR("Failed to mod epoll fd %d!", fd_handler->fd);
+ }
}
-void
-_ecore_main_shutdown(void)
+void _ecore_main_shutdown(void)
{
- if (in_main_loop)
- {
- ERR("\n"
- "*** ECORE WARINING: Calling ecore_shutdown() while still in the main loop.\n"
- "*** Program may crash or behave strangely now.");
- return;
- }
- while (fd_handlers)
- {
- Ecore_Fd_Handler *fdh;
-
- fdh = fd_handlers;
- fd_handlers = (Ecore_Fd_Handler *) eina_inlist_remove(EINA_INLIST_GET(fd_handlers),
- EINA_INLIST_GET(fdh));
- ECORE_MAGIC_SET(fdh, ECORE_MAGIC_NONE);
- free(fdh);
- }
- fd_handlers_delete_me = 0;
- fd_handler_current = NULL;
+ if (in_main_loop) {
+ ERR("\n"
+ "*** ECORE WARINING: Calling ecore_shutdown() while still in the main loop.\n"
+ "*** Program may crash or behave strangely now.");
+ return;
+ }
+ while (fd_handlers) {
+ Ecore_Fd_Handler *fdh;
+
+ fdh = fd_handlers;
+ fd_handlers =
+ (Ecore_Fd_Handler *)
+ eina_inlist_remove(EINA_INLIST_GET(fd_handlers),
+ EINA_INLIST_GET(fdh));
+ ECORE_MAGIC_SET(fdh, ECORE_MAGIC_NONE);
+ free(fdh);
+ }
+ fd_handlers_delete_me = 0;
+ fd_handler_current = NULL;
#ifdef _WIN32
- while (win32_handlers)
- {
- Ecore_Win32_Handler *wh;
-
- wh = win32_handlers;
- win32_handlers = (Ecore_Win32_Handler *) eina_inlist_remove(EINA_INLIST_GET(win32_handlers),
- EINA_INLIST_GET(wh));
- ECORE_MAGIC_SET(wh, ECORE_MAGIC_NONE);
- free(wh);
- }
- win32_handlers_delete_me = 0;
- win32_handler_current = NULL;
+ while (win32_handlers) {
+ Ecore_Win32_Handler *wh;
+
+ wh = win32_handlers;
+ win32_handlers =
+ (Ecore_Win32_Handler *)
+ eina_inlist_remove(EINA_INLIST_GET(win32_handlers),
+ EINA_INLIST_GET(wh));
+ ECORE_MAGIC_SET(wh, ECORE_MAGIC_NONE);
+ free(wh);
+ }
+ win32_handlers_delete_me = 0;
+ win32_handler_current = NULL;
#endif
}
-static void
-_ecore_main_prepare_handlers(void)
+static void _ecore_main_prepare_handlers(void)
{
- Ecore_Fd_Handler *fdh;
-
- /* call the prepare callback for all handlers */
- EINA_INLIST_FOREACH(fd_handlers, fdh)
- {
- if (!fdh->delete_me && fdh->prep_func)
- {
- fdh->references++;
- fdh->prep_func (fdh->prep_data, fdh);
- fdh->references--;
- }
- }
+ Ecore_Fd_Handler *fdh;
+
+ /* call the prepare callback for all handlers */
+ EINA_INLIST_FOREACH(fd_handlers, fdh) {
+ if (!fdh->delete_me && fdh->prep_func) {
+ fdh->references++;
+ fdh->prep_func(fdh->prep_data, fdh);
+ fdh->references--;
+ }
+ }
}
-static int
-_ecore_main_select(double timeout)
+static int _ecore_main_select(double timeout)
{
- struct timeval tv, *t;
- fd_set rfds, wfds, exfds;
- int max_fd;
- int ret;
-
- t = NULL;
- if ((!finite(timeout)) || (timeout == 0.0)) /* finite() tests for NaN, too big, too small, and infinity. */
- {
- tv.tv_sec = 0;
- tv.tv_usec = 0;
- t = &tv;
- }
- else if (timeout > 0.0)
- {
- int sec, usec;
+ struct timeval tv, *t;
+ fd_set rfds, wfds, exfds;
+ int max_fd;
+ int ret;
+
+ t = NULL;
+ if ((!finite(timeout)) || (timeout == 0.0)) { /* finite() tests for NaN, too big, too small, and infinity. */
+ tv.tv_sec = 0;
+ tv.tv_usec = 0;
+ t = &tv;
+ } else if (timeout > 0.0) {
+ int sec, usec;
#ifdef FIX_HZ
- timeout += (0.5 / HZ);
- sec = (int)timeout;
- usec = (int)((timeout - (double)sec) * 1000000);
+ timeout += (0.5 / HZ);
+ sec = (int) timeout;
+ usec = (int) ((timeout - (double) sec) * 1000000);
#else
- sec = (int)timeout;
- usec = (int)((timeout - (double)sec) * 1000000);
+ sec = (int) timeout;
+ usec = (int) ((timeout - (double) sec) * 1000000);
#endif
- tv.tv_sec = sec;
- tv.tv_usec = usec;
- t = &tv;
- }
- max_fd = 0;
- FD_ZERO(&rfds);
- FD_ZERO(&wfds);
- FD_ZERO(&exfds);
-
- /* call the prepare callback for all handlers */
- _ecore_main_prepare_handlers();
+ tv.tv_sec = sec;
+ tv.tv_usec = usec;
+ t = &tv;
+ }
+ max_fd = 0;
+ FD_ZERO(&rfds);
+ FD_ZERO(&wfds);
+ FD_ZERO(&exfds);
+
+ /* call the prepare callback for all handlers */
+ _ecore_main_prepare_handlers();
#ifndef HAVE_EPOLL
- Ecore_Fd_Handler *fdh;
-
- EINA_INLIST_FOREACH(fd_handlers, fdh)
- {
- if (!fdh->delete_me)
- {
- if (fdh->flags & ECORE_FD_READ)
- {
- FD_SET(fdh->fd, &rfds);
- if (fdh->fd > max_fd) max_fd = fdh->fd;
- }
- if (fdh->flags & ECORE_FD_WRITE)
- {
- FD_SET(fdh->fd, &wfds);
- if (fdh->fd > max_fd) max_fd = fdh->fd;
- }
- if (fdh->flags & ECORE_FD_ERROR)
- {
- FD_SET(fdh->fd, &exfds);
- if (fdh->fd > max_fd) max_fd = fdh->fd;
- }
- }
- }
-#else /* HAVE_EPOLL */
- /* polling on the epoll fd will wake when an fd in the epoll set is active */
- FD_SET(epoll_fd, &rfds);
- max_fd = epoll_fd;
-#endif /* HAVE_EPOLL */
-
- if (_ecore_signal_count_get()) return -1;
-
- ret = main_loop_select(max_fd + 1, &rfds, &wfds, &exfds, t);
-
- _ecore_time_loop_time = ecore_time_get();
- if (ret < 0)
- {
+ Ecore_Fd_Handler *fdh;
+
+ EINA_INLIST_FOREACH(fd_handlers, fdh) {
+ if (!fdh->delete_me) {
+ if (fdh->flags & ECORE_FD_READ) {
+ FD_SET(fdh->fd, &rfds);
+ if (fdh->fd > max_fd)
+ max_fd = fdh->fd;
+ }
+ if (fdh->flags & ECORE_FD_WRITE) {
+ FD_SET(fdh->fd, &wfds);
+ if (fdh->fd > max_fd)
+ max_fd = fdh->fd;
+ }
+ if (fdh->flags & ECORE_FD_ERROR) {
+ FD_SET(fdh->fd, &exfds);
+ if (fdh->fd > max_fd)
+ max_fd = fdh->fd;
+ }
+ }
+ }
+#else /* HAVE_EPOLL */
+ /* polling on the epoll fd will wake when an fd in the epoll set is active */
+ FD_SET(epoll_fd, &rfds);
+ max_fd = epoll_fd;
+#endif /* HAVE_EPOLL */
+
+ if (_ecore_signal_count_get())
+ return -1;
+
+ ret = main_loop_select(max_fd + 1, &rfds, &wfds, &exfds, t);
+
+ _ecore_time_loop_time = ecore_time_get();
+ if (ret < 0) {
#ifndef _WIN32
- if (errno == EINTR) return -1;
- else if (errno == EBADF) _ecore_main_fd_handlers_bads_rem();
+ if (errno == EINTR)
+ return -1;
+ else if (errno == EBADF)
+ _ecore_main_fd_handlers_bads_rem();
#endif
- }
- if (ret > 0)
- {
+ }
+ if (ret > 0) {
#ifdef HAVE_EPOLL
- _ecore_main_fdh_epoll_mark_active();
-#else /* HAVE_EPOLL */
- Ecore_Fd_Handler *fdh;
-
- EINA_INLIST_FOREACH(fd_handlers, fdh)
- {
- if (!fdh->delete_me)
- {
- if (FD_ISSET(fdh->fd, &rfds))
- fdh->read_active = 1;
- if (FD_ISSET(fdh->fd, &wfds))
- fdh->write_active = 1;
- if (FD_ISSET(fdh->fd, &exfds))
- fdh->error_active = 1;
- }
- }
-#endif /* HAVE_EPOLL */
- _ecore_main_fd_handlers_cleanup();
+ _ecore_main_fdh_epoll_mark_active();
+#else /* HAVE_EPOLL */
+ Ecore_Fd_Handler *fdh;
+
+ EINA_INLIST_FOREACH(fd_handlers, fdh) {
+ if (!fdh->delete_me) {
+ if (FD_ISSET(fdh->fd, &rfds))
+ fdh->read_active = 1;
+ if (FD_ISSET(fdh->fd, &wfds))
+ fdh->write_active = 1;
+ if (FD_ISSET(fdh->fd, &exfds))
+ fdh->error_active = 1;
+ }
+ }
+#endif /* HAVE_EPOLL */
+ _ecore_main_fd_handlers_cleanup();
#ifdef _WIN32
- _ecore_main_win32_handlers_cleanup();
+ _ecore_main_win32_handlers_cleanup();
#endif
- return 1;
- }
- return 0;
+ return 1;
+ }
+ return 0;
}
#ifndef _WIN32
-static void
-_ecore_main_fd_handlers_bads_rem(void)
+static void _ecore_main_fd_handlers_bads_rem(void)
{
- Ecore_Fd_Handler *fdh;
- Eina_Inlist *l;
- int found = 0;
-
- ERR("Removing bad fds");
- for (l = EINA_INLIST_GET(fd_handlers); l; )
- {
- fdh = (Ecore_Fd_Handler *) l;
- l = l->next;
- errno = 0;
-
- if ((fcntl(fdh->fd, F_GETFD) < 0) && (errno == EBADF))
- {
- ERR("Found bad fd at index %d", fdh->fd);
- if (fdh->flags & ECORE_FD_ERROR)
- {
- ERR("Fd set for error! calling user");
- fdh->references++;
- if (!fdh->func(fdh->data, fdh))
- {
- ERR("Fd function err returned 0, remove it");
- fdh->delete_me = 1;
- fd_handlers_delete_me = 1;
- found++;
- }
- fdh->references--;
- }
- else
- {
- ERR("Problematic fd found at %d! setting it for delete", fdh->fd);
- fdh->delete_me = 1;
- fd_handlers_delete_me = 1;
- found++;
- }
- }
- }
- if (found == 0)
- {
+ Ecore_Fd_Handler *fdh;
+ Eina_Inlist *l;
+ int found = 0;
+
+ ERR("Removing bad fds");
+ for (l = EINA_INLIST_GET(fd_handlers); l;) {
+ fdh = (Ecore_Fd_Handler *) l;
+ l = l->next;
+ errno = 0;
+
+ if ((fcntl(fdh->fd, F_GETFD) < 0) && (errno == EBADF)) {
+ ERR("Found bad fd at index %d", fdh->fd);
+ if (fdh->flags & ECORE_FD_ERROR) {
+ ERR("Fd set for error! calling user");
+ fdh->references++;
+ if (!fdh->func(fdh->data, fdh)) {
+ ERR("Fd function err returned 0, remove it");
+ fdh->delete_me = 1;
+ fd_handlers_delete_me = 1;
+ found++;
+ }
+ fdh->references--;
+ } else {
+ ERR("Problematic fd found at %d! setting it for delete", fdh->fd);
+ fdh->delete_me = 1;
+ fd_handlers_delete_me = 1;
+ found++;
+ }
+ }
+ }
+ if (found == 0) {
#ifdef HAVE_GLIB
- ERR("No bad fd found. Maybe a foreign fd from glib?");
-#else
- ERR("No bad fd found. EEEK!");
-#endif
- }
- _ecore_main_fd_handlers_cleanup();
+ ERR("No bad fd found. Maybe a foreign fd from glib?");
+#else
+ ERR("No bad fd found. EEEK!");
+#endif
+ }
+ _ecore_main_fd_handlers_cleanup();
}
#endif
-static void
-_ecore_main_fd_handlers_cleanup(void)
+static void _ecore_main_fd_handlers_cleanup(void)
{
- Ecore_Fd_Handler *fdh;
- Eina_Inlist *l;
- int deleted_in_use = 0;
-
- if (!fd_handlers_delete_me) return;
- for (l = EINA_INLIST_GET(fd_handlers); l; )
- {
- fdh = (Ecore_Fd_Handler *) l;
-
- l = l->next;
- if (fdh->delete_me)
- {
- if (fdh->references)
- {
- deleted_in_use++;
- continue;
- }
-
- fd_handlers = (Ecore_Fd_Handler *)
- eina_inlist_remove(EINA_INLIST_GET(fd_handlers),
- EINA_INLIST_GET(fdh));
- ECORE_MAGIC_SET(fdh, ECORE_MAGIC_NONE);
- free(fdh);
- }
- }
- if (!deleted_in_use) fd_handlers_delete_me = 0;
+ Ecore_Fd_Handler *fdh;
+ Eina_Inlist *l;
+ int deleted_in_use = 0;
+
+ if (!fd_handlers_delete_me)
+ return;
+ for (l = EINA_INLIST_GET(fd_handlers); l;) {
+ fdh = (Ecore_Fd_Handler *) l;
+
+ l = l->next;
+ if (fdh->delete_me) {
+ if (fdh->references) {
+ deleted_in_use++;
+ continue;
+ }
+
+ fd_handlers = (Ecore_Fd_Handler *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (fd_handlers),
+ EINA_INLIST_GET(fdh));
+ ECORE_MAGIC_SET(fdh, ECORE_MAGIC_NONE);
+ free(fdh);
+ }
+ }
+ if (!deleted_in_use)
+ fd_handlers_delete_me = 0;
}
#ifdef _WIN32
-static void
-_ecore_main_win32_handlers_cleanup(void)
+static void _ecore_main_win32_handlers_cleanup(void)
{
- Ecore_Win32_Handler *wh;
- Eina_Inlist *l;
- int deleted_in_use = 0;
-
- if (!win32_handlers_delete_me) return;
- for (l = EINA_INLIST_GET(win32_handlers); l; )
- {
- wh = (Ecore_Win32_Handler *)l;
-
- l = l->next;
- if (wh->delete_me)
- {
- if (wh->references)
- {
- deleted_in_use++;
- continue;
- }
-
- win32_handlers = (Ecore_Win32_Handler *)
- eina_inlist_remove(EINA_INLIST_GET(win32_handlers),
- EINA_INLIST_GET(wh));
- ECORE_MAGIC_SET(wh, ECORE_MAGIC_NONE);
- free(wh);
- }
- }
- if (!deleted_in_use) win32_handlers_delete_me = 0;
+ Ecore_Win32_Handler *wh;
+ Eina_Inlist *l;
+ int deleted_in_use = 0;
+
+ if (!win32_handlers_delete_me)
+ return;
+ for (l = EINA_INLIST_GET(win32_handlers); l;) {
+ wh = (Ecore_Win32_Handler *) l;
+
+ l = l->next;
+ if (wh->delete_me) {
+ if (wh->references) {
+ deleted_in_use++;
+ continue;
+ }
+
+ win32_handlers = (Ecore_Win32_Handler *)
+ eina_inlist_remove(EINA_INLIST_GET
+ (win32_handlers),
+ EINA_INLIST_GET(wh));
+ ECORE_MAGIC_SET(wh, ECORE_MAGIC_NONE);
+ free(wh);
+ }
+ }
+ if (!deleted_in_use)
+ win32_handlers_delete_me = 0;
}
#endif
-static void
-_ecore_main_fd_handlers_call(void)
+static void _ecore_main_fd_handlers_call(void)
{
- if (!fd_handler_current)
- {
- /* regular main loop, start from head */
- fd_handler_current = fd_handlers;
- }
- else
- {
- /* recursive main loop, continue from where we were */
- fd_handler_current = (Ecore_Fd_Handler *)EINA_INLIST_GET(fd_handler_current)->next;
- }
-
- while (fd_handler_current)
- {
- Ecore_Fd_Handler *fdh = fd_handler_current;
-
- if (!fdh->delete_me)
- {
- if ((fdh->read_active) ||
- (fdh->write_active) ||
- (fdh->error_active))
- {
- fdh->references++;
- if (!fdh->func(fdh->data, fdh))
- {
- fdh->delete_me = 1;
- fd_handlers_delete_me = 1;
- }
- fdh->references--;
-
- fdh->read_active = 0;
- fdh->write_active = 0;
- fdh->error_active = 0;
- }
- }
-
- if (fd_handler_current) /* may have changed in recursive main loops */
- fd_handler_current = (Ecore_Fd_Handler *)EINA_INLIST_GET(fd_handler_current)->next;
- }
+ if (!fd_handler_current) {
+ /* regular main loop, start from head */
+ fd_handler_current = fd_handlers;
+ } else {
+ /* recursive main loop, continue from where we were */
+ fd_handler_current =
+ (Ecore_Fd_Handler *)
+ EINA_INLIST_GET(fd_handler_current)->next;
+ }
+
+ while (fd_handler_current) {
+ Ecore_Fd_Handler *fdh = fd_handler_current;
+
+ if (!fdh->delete_me) {
+ if ((fdh->read_active) ||
+ (fdh->write_active) || (fdh->error_active)) {
+ fdh->references++;
+ if (!fdh->func(fdh->data, fdh)) {
+ fdh->delete_me = 1;
+ fd_handlers_delete_me = 1;
+ }
+ fdh->references--;
+
+ fdh->read_active = 0;
+ fdh->write_active = 0;
+ fdh->error_active = 0;
+ }
+ }
+
+ if (fd_handler_current) /* may have changed in recursive main loops */
+ fd_handler_current =
+ (Ecore_Fd_Handler *)
+ EINA_INLIST_GET(fd_handler_current)->next;
+ }
}
-static int
-_ecore_main_fd_handlers_buf_call(void)
+static int _ecore_main_fd_handlers_buf_call(void)
{
- Ecore_Fd_Handler *fdh;
- int ret;
-
- ret = 0;
- EINA_INLIST_FOREACH(fd_handlers, fdh)
- {
- if (!fdh->delete_me)
- {
- if (fdh->buf_func)
- {
- fdh->references++;
- if (fdh->buf_func(fdh->buf_data, fdh))
- {
- ret |= fdh->func(fdh->data, fdh);
- fdh->read_active = 1;
- }
- fdh->references--;
- }
- }
- }
- return ret;
+ Ecore_Fd_Handler *fdh;
+ int ret;
+
+ ret = 0;
+ EINA_INLIST_FOREACH(fd_handlers, fdh) {
+ if (!fdh->delete_me) {
+ if (fdh->buf_func) {
+ fdh->references++;
+ if (fdh->buf_func(fdh->buf_data, fdh)) {
+ ret |= fdh->func(fdh->data, fdh);
+ fdh->read_active = 1;
+ }
+ fdh->references--;
+ }
+ }
+ }
+ return ret;
}
#ifndef USE_G_MAIN_LOOP
-static void
-_ecore_main_loop_iterate_internal(int once_only)
+static void _ecore_main_loop_iterate_internal(int once_only)
{
- double next_time = -1.0;
- int have_event = 0;
- int have_signal;
-
- in_main_loop++;
- /* expire any timers */
- while (_ecore_timer_call(_ecore_time_loop_time));
- _ecore_timer_cleanup();
-
- /* process signals into events .... */
- while (_ecore_signal_count_get()) _ecore_signal_call();
- if (_ecore_event_exist())
- {
- _ecore_idle_enterer_call();
- have_event = 1;
- _ecore_main_select(0.0);
- _ecore_time_loop_time = ecore_time_get();
- _ecore_timer_enable_new();
- goto process_events;
- }
- /* call idle enterers ... */
- if (!once_only) _ecore_idle_enterer_call();
- else
- {
- have_event = have_signal = 0;
-
- if (_ecore_main_select(0.0) > 0) have_event = 1;
- if (_ecore_signal_count_get() > 0) have_signal = 1;
- if (have_signal || have_event)
- {
- _ecore_time_loop_time = ecore_time_get();
- _ecore_timer_enable_new();
- goto process_events;
- }
- }
-
- /* if these calls caused any buffered events to appear - deal with them */
- _ecore_main_fd_handlers_buf_call();
-
- /* if there are any - jump to processing them */
- if (_ecore_event_exist())
- {
- have_event = 1;
- _ecore_main_select(0.0);
- _ecore_time_loop_time = ecore_time_get();
- _ecore_timer_enable_new();
- goto process_events;
- }
- if (once_only)
- {
- _ecore_idle_enterer_call();
- in_main_loop--;
- _ecore_time_loop_time = ecore_time_get();
- _ecore_timer_enable_new();
- return;
- }
-
- if (_ecore_fps_debug)
- {
- t2 = ecore_time_get();
- if ((t1 > 0.0) && (t2 > 0.0))
- _ecore_fps_debug_runtime_add(t2 - t1);
- }
- start_loop:
- /* any timers re-added as a result of these are allowed to go */
- _ecore_timer_enable_new();
- if (do_quit)
- {
- _ecore_time_loop_time = ecore_time_get();
- in_main_loop--;
- _ecore_timer_enable_new();
- return;
- }
- if (!_ecore_event_exist())
- {
- /* init flags */
- have_event = have_signal = 0;
- next_time = _ecore_timer_next_get();
- /* no timers */
- if (next_time < 0)
- {
- /* no idlers */
- if (!_ecore_idler_exist())
- {
- if (_ecore_main_select(-1.0) > 0) have_event = 1;
- }
- /* idlers */
- else
- {
- for (;;)
- {
- if (!_ecore_idler_call()) goto start_loop;
- if (_ecore_event_exist()) break;
- if (_ecore_main_select(0.0) > 0) have_event = 1;
- if (_ecore_signal_count_get() > 0) have_signal = 1;
- if (have_event || have_signal) break;
- if (_ecore_timers_exists()) goto start_loop;
- if (do_quit) break;
- }
- }
- }
- /* timers */
- else
- {
- /* no idlers */
- if (!_ecore_idler_exist())
- {
- if (_ecore_main_select(next_time) > 0) have_event = 1;
- }
- /* idlers */
- else
- {
- for (;;)
- {
- if (!_ecore_idler_call()) goto start_loop;
- if (_ecore_event_exist()) break;
- if (_ecore_main_select(0.0) > 0) have_event = 1;
- if (_ecore_signal_count_get() > 0) have_signal = 1;
- if (have_event || have_signal) break;
- next_time = _ecore_timer_next_get();
- if (next_time <= 0) break;
- if (do_quit) break;
- }
- }
- }
- _ecore_time_loop_time = ecore_time_get();
- }
- if (_ecore_fps_debug) t1 = ecore_time_get();
- /* we came out of our "wait state" so idle has exited */
- if (!once_only) _ecore_idle_exiter_call();
- /* call the fd handler per fd that became alive... */
- /* this should read or write any data to the monitored fd and then */
- /* post events onto the ecore event pipe if necessary */
- process_events:
- _ecore_main_fd_handlers_call();
- _ecore_main_fd_handlers_buf_call();
- /* process signals into events .... */
- while (_ecore_signal_count_get()) _ecore_signal_call();
- /* handle events ... */
- _ecore_event_call();
- _ecore_main_fd_handlers_cleanup();
-
- if (once_only) _ecore_idle_enterer_call();
- in_main_loop--;
+ double next_time = -1.0;
+ int have_event = 0;
+ int have_signal;
+
+ in_main_loop++;
+ /* expire any timers */
+ while (_ecore_timer_call(_ecore_time_loop_time));
+ _ecore_timer_cleanup();
+
+ /* process signals into events .... */
+ while (_ecore_signal_count_get())
+ _ecore_signal_call();
+ if (_ecore_event_exist()) {
+ _ecore_idle_enterer_call();
+ have_event = 1;
+ _ecore_main_select(0.0);
+ _ecore_time_loop_time = ecore_time_get();
+ _ecore_timer_enable_new();
+ goto process_events;
+ }
+ /* call idle enterers ... */
+ if (!once_only)
+ _ecore_idle_enterer_call();
+ else {
+ have_event = have_signal = 0;
+
+ if (_ecore_main_select(0.0) > 0)
+ have_event = 1;
+ if (_ecore_signal_count_get() > 0)
+ have_signal = 1;
+ if (have_signal || have_event) {
+ _ecore_time_loop_time = ecore_time_get();
+ _ecore_timer_enable_new();
+ goto process_events;
+ }
+ }
+
+ /* if these calls caused any buffered events to appear - deal with them */
+ _ecore_main_fd_handlers_buf_call();
+
+ /* if there are any - jump to processing them */
+ if (_ecore_event_exist()) {
+ have_event = 1;
+ _ecore_main_select(0.0);
+ _ecore_time_loop_time = ecore_time_get();
+ _ecore_timer_enable_new();
+ goto process_events;
+ }
+ if (once_only) {
+ _ecore_idle_enterer_call();
+ in_main_loop--;
+ _ecore_time_loop_time = ecore_time_get();
+ _ecore_timer_enable_new();
+ return;
+ }
+
+ if (_ecore_fps_debug) {
+ t2 = ecore_time_get();
+ if ((t1 > 0.0) && (t2 > 0.0))
+ _ecore_fps_debug_runtime_add(t2 - t1);
+ }
+ start_loop:
+ /* any timers re-added as a result of these are allowed to go */
+ _ecore_timer_enable_new();
+ if (do_quit) {
+ _ecore_time_loop_time = ecore_time_get();
+ in_main_loop--;
+ _ecore_timer_enable_new();
+ return;
+ }
+ if (!_ecore_event_exist()) {
+ /* init flags */
+ have_event = have_signal = 0;
+ next_time = _ecore_timer_next_get();
+ /* no timers */
+ if (next_time < 0) {
+ /* no idlers */
+ if (!_ecore_idler_exist()) {
+ if (_ecore_main_select(-1.0) > 0)
+ have_event = 1;
+ }
+ /* idlers */
+ else {
+ for (;;) {
+ if (!_ecore_idler_call())
+ goto start_loop;
+ if (_ecore_event_exist())
+ break;
+ if (_ecore_main_select(0.0) > 0)
+ have_event = 1;
+ if (_ecore_signal_count_get() > 0)
+ have_signal = 1;
+ if (have_event || have_signal)
+ break;
+ if (_ecore_timers_exists())
+ goto start_loop;
+ if (do_quit)
+ break;
+ }
+ }
+ }
+ /* timers */
+ else {
+ /* no idlers */
+ if (!_ecore_idler_exist()) {
+ if (_ecore_main_select(next_time) > 0)
+ have_event = 1;
+ }
+ /* idlers */
+ else {
+ for (;;) {
+ if (!_ecore_idler_call())
+ goto start_loop;
+ if (_ecore_event_exist())
+ break;
+ if (_ecore_main_select(0.0) > 0)
+ have_event = 1;
+ if (_ecore_signal_count_get() > 0)
+ have_signal = 1;
+ if (have_event || have_signal)
+ break;
+ next_time =
+ _ecore_timer_next_get();
+ if (next_time <= 0)
+ break;
+ if (do_quit)
+ break;
+ }
+ }
+ }
+ _ecore_time_loop_time = ecore_time_get();
+ }
+ if (_ecore_fps_debug)
+ t1 = ecore_time_get();
+ /* we came out of our "wait state" so idle has exited */
+ if (!once_only)
+ _ecore_idle_exiter_call();
+ /* call the fd handler per fd that became alive... */
+ /* this should read or write any data to the monitored fd and then */
+ /* post events onto the ecore event pipe if necessary */
+ process_events:
+ _ecore_main_fd_handlers_call();
+ _ecore_main_fd_handlers_buf_call();
+ /* process signals into events .... */
+ while (_ecore_signal_count_get())
+ _ecore_signal_call();
+ /* handle events ... */
+ _ecore_event_call();
+ _ecore_main_fd_handlers_cleanup();
+
+ if (once_only)
+ _ecore_idle_enterer_call();
+ in_main_loop--;
}
#endif
#ifdef _WIN32
static int
-_ecore_main_win32_select(int nfds __UNUSED__, fd_set *readfds, fd_set *writefds,
- fd_set *exceptfds, struct timeval *tv)
+_ecore_main_win32_select(int nfds __UNUSED__, fd_set * readfds,
+ fd_set * writefds, fd_set * exceptfds,
+ struct timeval *tv)
{
- HANDLE objects[MAXIMUM_WAIT_OBJECTS];
- int sockets[MAXIMUM_WAIT_OBJECTS];
- Ecore_Fd_Handler *fdh;
- Ecore_Win32_Handler *wh;
- unsigned int objects_nbr = 0;
- unsigned int handles_nbr = 0;
- unsigned int events_nbr = 0;
- DWORD result;
- DWORD timeout;
- MSG msg;
- unsigned int i;
- int res;
-
- /* Create an event object per socket */
- EINA_INLIST_FOREACH(fd_handlers, fdh)
- {
- WSAEVENT event;
- long network_event;
-
- network_event = 0;
- if (FD_ISSET(fdh->fd, readfds))
- network_event |= FD_READ;
- if (FD_ISSET(fdh->fd, writefds))
- network_event |= FD_WRITE;
- if (FD_ISSET(fdh->fd, exceptfds))
- network_event |= FD_OOB;
-
- if (network_event)
- {
- event = WSACreateEvent();
- WSAEventSelect(fdh->fd, event, network_event);
- objects[objects_nbr] = event;
- sockets[events_nbr] = fdh->fd;
- events_nbr++;
- objects_nbr++;
- }
- }
-
- /* store the HANDLEs in the objects to wait for */
- EINA_INLIST_FOREACH(win32_handlers, wh)
- {
- objects[objects_nbr] = wh->h;
- handles_nbr++;
- objects_nbr++;
- }
-
- /* Empty the queue before waiting */
- while (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE))
- {
- TranslateMessage(&msg);
- DispatchMessage(&msg);
- }
-
- /* Wait for any message sent or posted to this queue */
- /* or for one of the passed handles be set to signaled. */
- if (!tv)
- timeout = INFINITE;
- else
- timeout = (DWORD)((tv->tv_sec * 1000.0) + (tv->tv_usec / 1000.0));
-
- if (timeout == 0) return 0;
-
- result = MsgWaitForMultipleObjects(objects_nbr, (const HANDLE *)objects, EINA_FALSE,
- timeout, QS_ALLINPUT);
-
- FD_ZERO(readfds);
- FD_ZERO(writefds);
- FD_ZERO(exceptfds);
-
- /* The result tells us the type of event we have. */
- if (result == WAIT_FAILED)
- {
- char *msg;
-
- msg = evil_last_error_get();
- ERR(" * %s\n", msg);
- free(msg);
- res = -1;
- }
- else if (result == WAIT_TIMEOUT)
- {
- /* ERR("time out\n"); */
- res = 0;
- }
- else if (result == (WAIT_OBJECT_0 + objects_nbr))
- {
- while (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE))
- {
- TranslateMessage(&msg);
- DispatchMessage(&msg);
- }
-
- res = 0;
- }
- else if ((result >= 0) && (result < WAIT_OBJECT_0 + events_nbr))
- {
- WSANETWORKEVENTS network_event;
-
- WSAEnumNetworkEvents(sockets[result], objects[result], &network_event);
-
- if (network_event.lNetworkEvents & FD_READ)
- FD_SET(sockets[result], readfds);
- if (network_event.lNetworkEvents & FD_WRITE)
- FD_SET(sockets[result], writefds);
- if (network_event.lNetworkEvents & FD_OOB)
- FD_SET(sockets[result], exceptfds);
-
- res = 1;
- }
- else if ((result >= (WAIT_OBJECT_0 + events_nbr)) &&
- (result < (WAIT_OBJECT_0 + objects_nbr)))
- {
- if (!win32_handler_current)
- {
- /* regular main loop, start from head */
- win32_handler_current = win32_handlers;
- }
- else
- {
- /* recursive main loop, continue from where we were */
- win32_handler_current = (Ecore_Win32_Handler *)EINA_INLIST_GET(win32_handler_current)->next;
- }
-
- while (win32_handler_current)
- {
- wh = win32_handler_current;
-
- if (objects[result - WAIT_OBJECT_0] == wh->h)
- {
- if (!wh->delete_me)
- {
- wh->references++;
- if (!wh->func(wh->data, wh))
- {
- wh->delete_me = 1;
- win32_handlers_delete_me = 1;
- }
- wh->references--;
- }
- }
- if (win32_handler_current) /* may have changed in recursive main loops */
- win32_handler_current = (Ecore_Win32_Handler *)EINA_INLIST_GET(win32_handler_current)->next;
- }
- res = 1;
- }
- else
- {
- ERR("unknown result...\n");
- res = -1;
- }
-
- /* Remove event objects again */
- for (i = 0; i < events_nbr; i++) WSACloseEvent(objects[i]);
-
- return res;
+ HANDLE objects[MAXIMUM_WAIT_OBJECTS];
+ int sockets[MAXIMUM_WAIT_OBJECTS];
+ Ecore_Fd_Handler *fdh;
+ Ecore_Win32_Handler *wh;
+ unsigned int objects_nbr = 0;
+ unsigned int handles_nbr = 0;
+ unsigned int events_nbr = 0;
+ DWORD result;
+ DWORD timeout;
+ MSG msg;
+ unsigned int i;
+ int res;
+
+ /* Create an event object per socket */
+ EINA_INLIST_FOREACH(fd_handlers, fdh) {
+ WSAEVENT event;
+ long network_event;
+
+ network_event = 0;
+ if (FD_ISSET(fdh->fd, readfds))
+ network_event |= FD_READ;
+ if (FD_ISSET(fdh->fd, writefds))
+ network_event |= FD_WRITE;
+ if (FD_ISSET(fdh->fd, exceptfds))
+ network_event |= FD_OOB;
+
+ if (network_event) {
+ event = WSACreateEvent();
+ WSAEventSelect(fdh->fd, event, network_event);
+ objects[objects_nbr] = event;
+ sockets[events_nbr] = fdh->fd;
+ events_nbr++;
+ objects_nbr++;
+ }
+ }
+
+ /* store the HANDLEs in the objects to wait for */
+ EINA_INLIST_FOREACH(win32_handlers, wh) {
+ objects[objects_nbr] = wh->h;
+ handles_nbr++;
+ objects_nbr++;
+ }
+
+ /* Empty the queue before waiting */
+ while (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE)) {
+ TranslateMessage(&msg);
+ DispatchMessage(&msg);
+ }
+
+ /* Wait for any message sent or posted to this queue */
+ /* or for one of the passed handles be set to signaled. */
+ if (!tv)
+ timeout = INFINITE;
+ else
+ timeout =
+ (DWORD) ((tv->tv_sec * 1000.0) +
+ (tv->tv_usec / 1000.0));
+
+ if (timeout == 0)
+ return 0;
+
+ result =
+ MsgWaitForMultipleObjects(objects_nbr,
+ (const HANDLE *) objects, EINA_FALSE,
+ timeout, QS_ALLINPUT);
+
+ FD_ZERO(readfds);
+ FD_ZERO(writefds);
+ FD_ZERO(exceptfds);
+
+ /* The result tells us the type of event we have. */
+ if (result == WAIT_FAILED) {
+ char *msg;
+
+ msg = evil_last_error_get();
+ ERR(" * %s\n", msg);
+ free(msg);
+ res = -1;
+ } else if (result == WAIT_TIMEOUT) {
+ /* ERR("time out\n"); */
+ res = 0;
+ } else if (result == (WAIT_OBJECT_0 + objects_nbr)) {
+ while (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE)) {
+ TranslateMessage(&msg);
+ DispatchMessage(&msg);
+ }
+
+ res = 0;
+ } else if ((result >= 0) && (result < WAIT_OBJECT_0 + events_nbr)) {
+ WSANETWORKEVENTS network_event;
+
+ WSAEnumNetworkEvents(sockets[result], objects[result],
+ &network_event);
+
+ if (network_event.lNetworkEvents & FD_READ)
+ FD_SET(sockets[result], readfds);
+ if (network_event.lNetworkEvents & FD_WRITE)
+ FD_SET(sockets[result], writefds);
+ if (network_event.lNetworkEvents & FD_OOB)
+ FD_SET(sockets[result], exceptfds);
+
+ res = 1;
+ } else if ((result >= (WAIT_OBJECT_0 + events_nbr)) &&
+ (result < (WAIT_OBJECT_0 + objects_nbr))) {
+ if (!win32_handler_current) {
+ /* regular main loop, start from head */
+ win32_handler_current = win32_handlers;
+ } else {
+ /* recursive main loop, continue from where we were */
+ win32_handler_current =
+ (Ecore_Win32_Handler *)
+ EINA_INLIST_GET(win32_handler_current)->next;
+ }
+
+ while (win32_handler_current) {
+ wh = win32_handler_current;
+
+ if (objects[result - WAIT_OBJECT_0] == wh->h) {
+ if (!wh->delete_me) {
+ wh->references++;
+ if (!wh->func(wh->data, wh)) {
+ wh->delete_me = 1;
+ win32_handlers_delete_me =
+ 1;
+ }
+ wh->references--;
+ }
+ }
+ if (win32_handler_current) /* may have changed in recursive main loops */
+ win32_handler_current =
+ (Ecore_Win32_Handler *)
+ EINA_INLIST_GET
+ (win32_handler_current)->next;
+ }
+ res = 1;
+ } else {
+ ERR("unknown result...\n");
+ res = -1;
+ }
+
+ /* Remove event objects again */
+ for (i = 0; i < events_nbr; i++)
+ WSACloseEvent(objects[i]);
+
+ return res;
}
#endif
diff --git a/tests/suite/ecore/src/lib/ecore_pipe.c b/tests/suite/ecore/src/lib/ecore_pipe.c
index 8a8aca5ffe..123cab681b 100644
--- a/tests/suite/ecore/src/lib/ecore_pipe.c
+++ b/tests/suite/ecore/src/lib/ecore_pipe.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -7,7 +7,7 @@
#include <errno.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "Ecore.h"
@@ -27,42 +27,42 @@
#ifdef _WIN32
-# include <winsock2.h>
+#include <winsock2.h>
-# define pipe_write(fd, buffer, size) send((fd), (char *)(buffer), size, 0)
-# define pipe_read(fd, buffer, size) recv((fd), (char *)(buffer), size, 0)
-# define pipe_close(fd) closesocket(fd)
-# define PIPE_FD_INVALID INVALID_SOCKET
-# define PIPE_FD_ERROR SOCKET_ERROR
+#define pipe_write(fd, buffer, size) send((fd), (char *)(buffer), size, 0)
+#define pipe_read(fd, buffer, size) recv((fd), (char *)(buffer), size, 0)
+#define pipe_close(fd) closesocket(fd)
+#define PIPE_FD_INVALID INVALID_SOCKET
+#define PIPE_FD_ERROR SOCKET_ERROR
#else
-# include <unistd.h>
-# include <fcntl.h>
-
-# define pipe_write(fd, buffer, size) write((fd), buffer, size)
-# define pipe_read(fd, buffer, size) read((fd), buffer, size)
-# define pipe_close(fd) close(fd)
-# define PIPE_FD_INVALID -1
-# define PIPE_FD_ERROR -1
-
-#endif /* ! _WIN32 */
-
-struct _Ecore_Pipe
-{
- ECORE_MAGIC;
- int fd_read;
- int fd_write;
- Ecore_Fd_Handler *fd_handler;
- const void *data;
- Ecore_Pipe_Cb handler;
- unsigned int len;
- size_t already_read;
- void *passed_data;
+#include <unistd.h>
+#include <fcntl.h>
+
+#define pipe_write(fd, buffer, size) write((fd), buffer, size)
+#define pipe_read(fd, buffer, size) read((fd), buffer, size)
+#define pipe_close(fd) close(fd)
+#define PIPE_FD_INVALID -1
+#define PIPE_FD_ERROR -1
+
+#endif /* ! _WIN32 */
+
+struct _Ecore_Pipe {
+ ECORE_MAGIC;
+ int fd_read;
+ int fd_write;
+ Ecore_Fd_Handler *fd_handler;
+ const void *data;
+ Ecore_Pipe_Cb handler;
+ unsigned int len;
+ size_t already_read;
+ void *passed_data;
};
-static Eina_Bool _ecore_pipe_read(void *data, Ecore_Fd_Handler *fd_handler);
+static Eina_Bool _ecore_pipe_read(void *data,
+ Ecore_Fd_Handler * fd_handler);
/**
* @defgroup Ecore_Pipe_Group Pipe wrapper
@@ -277,36 +277,35 @@ static Eina_Bool _ecore_pipe_read(void *data, Ecore_Fd_Handler *fd_handler);
* @c NULL otherwise.
* @ingroup Ecore_Pipe_Group
*/
-EAPI Ecore_Pipe *
-ecore_pipe_add(Ecore_Pipe_Cb handler, const void *data)
+EAPI Ecore_Pipe *ecore_pipe_add(Ecore_Pipe_Cb handler, const void *data)
{
- Ecore_Pipe *p;
- int fds[2];
-
- if (!handler) return NULL;
-
- p = (Ecore_Pipe *)calloc(1, sizeof(Ecore_Pipe));
- if (!p) return NULL;
-
- if (pipe(fds))
- {
- free(p);
- return NULL;
- }
-
- ECORE_MAGIC_SET(p, ECORE_MAGIC_PIPE);
- p->fd_read = fds[0];
- p->fd_write = fds[1];
- p->handler = handler;
- p->data = data;
-
- fcntl(p->fd_read, F_SETFL, O_NONBLOCK);
- p->fd_handler = ecore_main_fd_handler_add(p->fd_read,
- ECORE_FD_READ,
- _ecore_pipe_read,
- p,
- NULL, NULL);
- return p;
+ Ecore_Pipe *p;
+ int fds[2];
+
+ if (!handler)
+ return NULL;
+
+ p = (Ecore_Pipe *) calloc(1, sizeof(Ecore_Pipe));
+ if (!p)
+ return NULL;
+
+ if (pipe(fds)) {
+ free(p);
+ return NULL;
+ }
+
+ ECORE_MAGIC_SET(p, ECORE_MAGIC_PIPE);
+ p->fd_read = fds[0];
+ p->fd_write = fds[1];
+ p->handler = handler;
+ p->data = data;
+
+ fcntl(p->fd_read, F_SETFL, O_NONBLOCK);
+ p->fd_handler = ecore_main_fd_handler_add(p->fd_read,
+ ECORE_FD_READ,
+ _ecore_pipe_read,
+ p, NULL, NULL);
+ return p;
}
/**
@@ -316,22 +315,23 @@ ecore_pipe_add(Ecore_Pipe_Cb handler, const void *data)
* @return The pointer to the private data
* @ingroup Ecore_Pipe_Group
*/
-EAPI void *
-ecore_pipe_del(Ecore_Pipe *p)
+EAPI void *ecore_pipe_del(Ecore_Pipe * p)
{
- void *data;
-
- if (!ECORE_MAGIC_CHECK(p, ECORE_MAGIC_PIPE))
- {
- ECORE_MAGIC_FAIL(p, ECORE_MAGIC_PIPE, "ecore_pipe_del");
- return NULL;
- }
- if (p->fd_handler) ecore_main_fd_handler_del(p->fd_handler);
- if (p->fd_read != PIPE_FD_INVALID) pipe_close(p->fd_read);
- if (p->fd_write != PIPE_FD_INVALID) pipe_close(p->fd_write);
- data = (void *)p->data;
- free(p);
- return data;
+ void *data;
+
+ if (!ECORE_MAGIC_CHECK(p, ECORE_MAGIC_PIPE)) {
+ ECORE_MAGIC_FAIL(p, ECORE_MAGIC_PIPE, "ecore_pipe_del");
+ return NULL;
+ }
+ if (p->fd_handler)
+ ecore_main_fd_handler_del(p->fd_handler);
+ if (p->fd_read != PIPE_FD_INVALID)
+ pipe_close(p->fd_read);
+ if (p->fd_write != PIPE_FD_INVALID)
+ pipe_close(p->fd_write);
+ data = (void *) p->data;
+ free(p);
+ return data;
}
/**
@@ -340,18 +340,17 @@ ecore_pipe_del(Ecore_Pipe *p)
* @param p The Ecore_Pipe object.
* @ingroup Ecore_Pipe_Group
*/
-EAPI void
-ecore_pipe_read_close(Ecore_Pipe *p)
+EAPI void ecore_pipe_read_close(Ecore_Pipe * p)
{
- if (!ECORE_MAGIC_CHECK(p, ECORE_MAGIC_PIPE))
- {
- ECORE_MAGIC_FAIL(p, ECORE_MAGIC_PIPE, "ecore_pipe_read_close");
- return;
- }
- ecore_main_fd_handler_del(p->fd_handler);
- p->fd_handler = NULL;
- pipe_close(p->fd_read);
- p->fd_read = PIPE_FD_INVALID;
+ if (!ECORE_MAGIC_CHECK(p, ECORE_MAGIC_PIPE)) {
+ ECORE_MAGIC_FAIL(p, ECORE_MAGIC_PIPE,
+ "ecore_pipe_read_close");
+ return;
+ }
+ ecore_main_fd_handler_del(p->fd_handler);
+ p->fd_handler = NULL;
+ pipe_close(p->fd_read);
+ p->fd_read = PIPE_FD_INVALID;
}
/**
@@ -360,16 +359,15 @@ ecore_pipe_read_close(Ecore_Pipe *p)
* @param p The Ecore_Pipe object.
* @ingroup Ecore_Pipe_Group
*/
-EAPI void
-ecore_pipe_write_close(Ecore_Pipe *p)
+EAPI void ecore_pipe_write_close(Ecore_Pipe * p)
{
- if (!ECORE_MAGIC_CHECK(p, ECORE_MAGIC_PIPE))
- {
- ECORE_MAGIC_FAIL(p, ECORE_MAGIC_PIPE, "ecore_pipe_write_close");
- return;
- }
- pipe_close(p->fd_write);
- p->fd_write = PIPE_FD_INVALID;
+ if (!ECORE_MAGIC_CHECK(p, ECORE_MAGIC_PIPE)) {
+ ECORE_MAGIC_FAIL(p, ECORE_MAGIC_PIPE,
+ "ecore_pipe_write_close");
+ return;
+ }
+ pipe_close(p->fd_write);
+ p->fd_write = PIPE_FD_INVALID;
}
/**
@@ -382,214 +380,189 @@ ecore_pipe_write_close(Ecore_Pipe *p)
* @ingroup Ecore_Pipe_Group
*/
EAPI Eina_Bool
-ecore_pipe_write(Ecore_Pipe *p, const void *buffer, unsigned int nbytes)
+ecore_pipe_write(Ecore_Pipe * p, const void *buffer, unsigned int nbytes)
{
- ssize_t ret;
- size_t already_written = 0;
- int retry = ECORE_PIPE_WRITE_RETRY;
-
- if (!ECORE_MAGIC_CHECK(p, ECORE_MAGIC_PIPE))
- {
- ECORE_MAGIC_FAIL(p, ECORE_MAGIC_PIPE, "ecore_pipe_write");
- return EINA_FALSE;
- }
-
- if (p->fd_write == PIPE_FD_INVALID) return EINA_FALSE;
-
- /* First write the len into the pipe */
- do
- {
- ret = pipe_write(p->fd_write, &nbytes, sizeof(nbytes));
- if (ret == sizeof(nbytes))
- {
- retry = ECORE_PIPE_WRITE_RETRY;
- break;
- }
- else if (ret > 0)
- {
- /* XXX What should we do here? */
- ERR("The length of the data was not written complete"
- " to the pipe");
- return EINA_FALSE;
- }
- else if (ret == PIPE_FD_ERROR && errno == EPIPE)
- {
- pipe_close(p->fd_write);
- p->fd_write = PIPE_FD_INVALID;
- return EINA_FALSE;
- }
- else if (ret == PIPE_FD_ERROR && errno == EINTR)
- /* try it again */
- ;
- else
- {
- ERR("An unhandled error (ret: %zd errno: %d)"
- "occurred while writing to the pipe the length",
- ret, errno);
- }
- }
- while (retry--);
-
- if (retry != ECORE_PIPE_WRITE_RETRY) return EINA_FALSE;
-
- /* and now pass the data to the pipe */
- do
- {
- ret = pipe_write(p->fd_write,
- ((unsigned char *)buffer) + already_written,
- nbytes - already_written);
-
- if (ret == (ssize_t)(nbytes - already_written))
- return EINA_TRUE;
- else if (ret >= 0)
- {
- already_written -= ret;
- continue;
- }
- else if (ret == PIPE_FD_ERROR && errno == EPIPE)
- {
- pipe_close(p->fd_write);
- p->fd_write = PIPE_FD_INVALID;
- return EINA_FALSE;
- }
- else if (ret == PIPE_FD_ERROR && errno == EINTR)
- /* try it again */
- ;
- else
- {
- ERR("An unhandled error (ret: %zd errno: %d)"
- "occurred while writing to the pipe the length",
- ret, errno);
- }
- }
- while (retry--);
-
- return EINA_FALSE;
+ ssize_t ret;
+ size_t already_written = 0;
+ int retry = ECORE_PIPE_WRITE_RETRY;
+
+ if (!ECORE_MAGIC_CHECK(p, ECORE_MAGIC_PIPE)) {
+ ECORE_MAGIC_FAIL(p, ECORE_MAGIC_PIPE, "ecore_pipe_write");
+ return EINA_FALSE;
+ }
+
+ if (p->fd_write == PIPE_FD_INVALID)
+ return EINA_FALSE;
+
+ /* First write the len into the pipe */
+ do {
+ ret = pipe_write(p->fd_write, &nbytes, sizeof(nbytes));
+ if (ret == sizeof(nbytes)) {
+ retry = ECORE_PIPE_WRITE_RETRY;
+ break;
+ } else if (ret > 0) {
+ /* XXX What should we do here? */
+ ERR("The length of the data was not written complete" " to the pipe");
+ return EINA_FALSE;
+ } else if (ret == PIPE_FD_ERROR && errno == EPIPE) {
+ pipe_close(p->fd_write);
+ p->fd_write = PIPE_FD_INVALID;
+ return EINA_FALSE;
+ } else if (ret == PIPE_FD_ERROR && errno == EINTR)
+ /* try it again */
+ ;
+ else {
+ ERR("An unhandled error (ret: %zd errno: %d)"
+ "occurred while writing to the pipe the length",
+ ret, errno);
+ }
+ }
+ while (retry--);
+
+ if (retry != ECORE_PIPE_WRITE_RETRY)
+ return EINA_FALSE;
+
+ /* and now pass the data to the pipe */
+ do {
+ ret = pipe_write(p->fd_write,
+ ((unsigned char *) buffer) +
+ already_written,
+ nbytes - already_written);
+
+ if (ret == (ssize_t) (nbytes - already_written))
+ return EINA_TRUE;
+ else if (ret >= 0) {
+ already_written -= ret;
+ continue;
+ } else if (ret == PIPE_FD_ERROR && errno == EPIPE) {
+ pipe_close(p->fd_write);
+ p->fd_write = PIPE_FD_INVALID;
+ return EINA_FALSE;
+ } else if (ret == PIPE_FD_ERROR && errno == EINTR)
+ /* try it again */
+ ;
+ else {
+ ERR("An unhandled error (ret: %zd errno: %d)"
+ "occurred while writing to the pipe the length",
+ ret, errno);
+ }
+ }
+ while (retry--);
+
+ return EINA_FALSE;
}
/* Private function */
static Eina_Bool
-_ecore_pipe_read(void *data, Ecore_Fd_Handler *fd_handler __UNUSED__)
+_ecore_pipe_read(void *data, Ecore_Fd_Handler * fd_handler __UNUSED__)
{
- Ecore_Pipe *p;
- double start_time;
-
- p = (Ecore_Pipe *)data;
- start_time = ecore_time_get();
-
- do
- {
- ssize_t ret;
-
- /* if we already have read some data we don't need to read the len
- * but to finish the already started job
- */
- if (p->len == 0)
- {
- /* read the len of the passed data */
- ret = pipe_read(p->fd_read, &p->len, sizeof(p->len));
-
- /* catch the non error case first */
- if (ret == sizeof(p->len))
- ;
- else if (ret > 0)
- {
- /* XXX What should we do here? */
- ERR("Only read %zd bytes from the pipe, although"
- " we need to read %zd bytes.", ret, sizeof(p->len));
- }
- else if (ret == 0)
- {
- p->handler((void *)p->data, NULL, 0);
- pipe_close(p->fd_read);
- p->fd_read = PIPE_FD_INVALID;
- p->fd_handler = NULL;
- return ECORE_CALLBACK_CANCEL;
- }
+ Ecore_Pipe *p;
+ double start_time;
+
+ p = (Ecore_Pipe *) data;
+ start_time = ecore_time_get();
+
+ do {
+ ssize_t ret;
+
+ /* if we already have read some data we don't need to read the len
+ * but to finish the already started job
+ */
+ if (p->len == 0) {
+ /* read the len of the passed data */
+ ret =
+ pipe_read(p->fd_read, &p->len, sizeof(p->len));
+
+ /* catch the non error case first */
+ if (ret == sizeof(p->len));
+ else if (ret > 0) {
+ /* XXX What should we do here? */
+ ERR("Only read %zd bytes from the pipe, although" " we need to read %zd bytes.", ret, sizeof(p->len));
+ } else if (ret == 0) {
+ p->handler((void *) p->data, NULL, 0);
+ pipe_close(p->fd_read);
+ p->fd_read = PIPE_FD_INVALID;
+ p->fd_handler = NULL;
+ return ECORE_CALLBACK_CANCEL;
+ }
#ifndef _WIN32
- else if ((ret == PIPE_FD_ERROR) && ((errno == EINTR) || (errno == EAGAIN)))
- return ECORE_CALLBACK_RENEW;
- else
- {
- ERR("An unhandled error (ret: %zd errno: %d)"
- "occurred while reading from the pipe the length",
- ret, errno);
- return ECORE_CALLBACK_RENEW;
- }
+ else if ((ret == PIPE_FD_ERROR)
+ && ((errno == EINTR)
+ || (errno == EAGAIN)))
+ return ECORE_CALLBACK_RENEW;
+ else {
+ ERR("An unhandled error (ret: %zd errno: %d)" "occurred while reading from the pipe the length", ret, errno);
+ return ECORE_CALLBACK_RENEW;
+ }
#else
- else /* ret == PIPE_FD_ERROR is the only other case on Windows */
- {
- if (WSAGetLastError() != WSAEWOULDBLOCK)
- {
- p->handler((void *)p->data, NULL, 0);
- pipe_close(p->fd_read);
- p->fd_read = PIPE_FD_INVALID;
- p->fd_handler = NULL;
- return ECORE_CALLBACK_CANCEL;
- }
- }
+ else { /* ret == PIPE_FD_ERROR is the only other case on Windows */
+
+ if (WSAGetLastError() != WSAEWOULDBLOCK) {
+ p->handler((void *) p->data, NULL,
+ 0);
+ pipe_close(p->fd_read);
+ p->fd_read = PIPE_FD_INVALID;
+ p->fd_handler = NULL;
+ return ECORE_CALLBACK_CANCEL;
+ }
+ }
#endif
- }
-
- if (!p->passed_data)
- p->passed_data = malloc(p->len);
-
- /* and read the passed data */
- ret = pipe_read(p->fd_read,
- ((unsigned char *)p->passed_data) + p->already_read,
- p->len - p->already_read);
-
- /* catch the non error case first */
- if (ret == (ssize_t)(p->len - p->already_read))
- {
- p->handler((void *)p->data, p->passed_data, p->len);
- free(p->passed_data);
- /* reset all values to 0 */
- p->passed_data = NULL;
- p->already_read = 0;
- p->len = 0;
- }
- else if (ret >= 0)
- {
- p->already_read += ret;
- return ECORE_CALLBACK_RENEW;
- }
- else if (ret == 0)
- {
- p->handler((void *)p->data, NULL, 0);
- pipe_close(p->fd_read);
- p->fd_read = PIPE_FD_INVALID;
- p->fd_handler = NULL;
- return ECORE_CALLBACK_CANCEL;
- }
+ }
+
+ if (!p->passed_data)
+ p->passed_data = malloc(p->len);
+
+ /* and read the passed data */
+ ret = pipe_read(p->fd_read,
+ ((unsigned char *) p->passed_data) +
+ p->already_read, p->len - p->already_read);
+
+ /* catch the non error case first */
+ if (ret == (ssize_t) (p->len - p->already_read)) {
+ p->handler((void *) p->data, p->passed_data,
+ p->len);
+ free(p->passed_data);
+ /* reset all values to 0 */
+ p->passed_data = NULL;
+ p->already_read = 0;
+ p->len = 0;
+ } else if (ret >= 0) {
+ p->already_read += ret;
+ return ECORE_CALLBACK_RENEW;
+ } else if (ret == 0) {
+ p->handler((void *) p->data, NULL, 0);
+ pipe_close(p->fd_read);
+ p->fd_read = PIPE_FD_INVALID;
+ p->fd_handler = NULL;
+ return ECORE_CALLBACK_CANCEL;
+ }
#ifndef _WIN32
- else if (ret == PIPE_FD_ERROR && (errno == EINTR || errno == EAGAIN))
- return ECORE_CALLBACK_RENEW;
- else
- {
- ERR("An unhandled error (ret: %zd errno: %d)"
- "occurred while reading from the pipe the data",
- ret, errno);
- return ECORE_CALLBACK_RENEW;
- }
+ else if (ret == PIPE_FD_ERROR
+ && (errno == EINTR || errno == EAGAIN))
+ return ECORE_CALLBACK_RENEW;
+ else {
+ ERR("An unhandled error (ret: %zd errno: %d)"
+ "occurred while reading from the pipe the data",
+ ret, errno);
+ return ECORE_CALLBACK_RENEW;
+ }
#else
- else /* ret == PIPE_FD_ERROR is the only other case on Windows */
- {
- if (WSAGetLastError() != WSAEWOULDBLOCK)
- {
- p->handler((void *)p->data, NULL, 0);
- pipe_close(p->fd_read);
- p->fd_read = PIPE_FD_INVALID;
- p->fd_handler = NULL;
- return ECORE_CALLBACK_CANCEL;
- }
- else
- break;
- }
+ else { /* ret == PIPE_FD_ERROR is the only other case on Windows */
+
+ if (WSAGetLastError() != WSAEWOULDBLOCK) {
+ p->handler((void *) p->data, NULL, 0);
+ pipe_close(p->fd_read);
+ p->fd_read = PIPE_FD_INVALID;
+ p->fd_handler = NULL;
+ return ECORE_CALLBACK_CANCEL;
+ } else
+ break;
+ }
#endif
- }
- while (ecore_time_get() - start_time < ecore_animator_frametime_get());
-
- return ECORE_CALLBACK_RENEW;
+ }
+ while (ecore_time_get() - start_time <
+ ecore_animator_frametime_get());
+
+ return ECORE_CALLBACK_RENEW;
}
diff --git a/tests/suite/ecore/src/lib/ecore_poll.c b/tests/suite/ecore/src/lib/ecore_poll.c
index d5bc6badf5..0c3c208692 100644
--- a/tests/suite/ecore/src/lib/ecore_poll.c
+++ b/tests/suite/ecore/src/lib/ecore_poll.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -8,186 +8,177 @@
#include "ecore_private.h"
-struct _Ecore_Poller
-{
- EINA_INLIST;
- ECORE_MAGIC;
- int ibit;
- unsigned char delete_me : 1;
- Ecore_Task_Cb func;
- void *data;
+struct _Ecore_Poller {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ int ibit;
+ unsigned char delete_me:1;
+ Ecore_Task_Cb func;
+ void *data;
};
-static Ecore_Timer *timer = NULL;
-static int min_interval = -1;
-static int interval_incr = 0;
-static int at_tick = 0;
-static int just_added_poller = 0;
-static int poller_delete_count = 0;
-static int poller_walking = 0;
-static double poll_interval = 0.125;
-static double poll_cur_interval = 0.0;
-static double last_tick = 0.0;
-static Ecore_Poller *pollers[16] =
-{
- NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
- NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
+static Ecore_Timer *timer = NULL;
+static int min_interval = -1;
+static int interval_incr = 0;
+static int at_tick = 0;
+static int just_added_poller = 0;
+static int poller_delete_count = 0;
+static int poller_walking = 0;
+static double poll_interval = 0.125;
+static double poll_cur_interval = 0.0;
+static double last_tick = 0.0;
+static Ecore_Poller *pollers[16] = {
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
-static unsigned short poller_counters[16] =
-{
- 0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0
+
+static unsigned short poller_counters[16] = {
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0
};
static void _ecore_poller_next_tick_eval(void);
static Eina_Bool _ecore_poller_cb_timer(void *data);
-static void
-_ecore_poller_next_tick_eval(void)
+static void _ecore_poller_next_tick_eval(void)
{
- int i;
- double interval;
-
- min_interval = -1;
- for (i = 0; i < 15; i++)
- {
- if (pollers[i])
- {
- min_interval = i;
- break;
- }
- }
- if (min_interval < 0)
- {
- /* no pollers */
- if (timer)
- {
- ecore_timer_del(timer);
- timer = NULL;
- }
- return;
- }
- interval_incr = (1 << min_interval);
- interval = interval_incr * poll_interval;
- /* we are at the tick callback - so no need to do inter-tick adjustments
- * so we can fasttrack this as t -= last_tick in theory is 0.0 (though
- * in practice it will be a very very very small value. also the tick
- * callback will adjust the timer interval at the end anyway */
- if (at_tick)
- {
- if (!timer)
- timer = ecore_timer_add(interval, _ecore_poller_cb_timer, NULL);
- }
- else
- {
- double t;
-
- if (!timer)
- timer = ecore_timer_add(interval, _ecore_poller_cb_timer, NULL);
- else
- {
- t = ecore_time_get();
- if (interval != poll_cur_interval)
- {
- t -= last_tick; /* time since we last ticked */
- /* delete the timer and reset it to tick off in the new
- * time interval. at the tick this will be adjusted */
- ecore_timer_del(timer);
- timer = ecore_timer_add(interval - t,
- _ecore_poller_cb_timer, NULL);
- }
- }
- }
- poll_cur_interval = interval;
+ int i;
+ double interval;
+
+ min_interval = -1;
+ for (i = 0; i < 15; i++) {
+ if (pollers[i]) {
+ min_interval = i;
+ break;
+ }
+ }
+ if (min_interval < 0) {
+ /* no pollers */
+ if (timer) {
+ ecore_timer_del(timer);
+ timer = NULL;
+ }
+ return;
+ }
+ interval_incr = (1 << min_interval);
+ interval = interval_incr * poll_interval;
+ /* we are at the tick callback - so no need to do inter-tick adjustments
+ * so we can fasttrack this as t -= last_tick in theory is 0.0 (though
+ * in practice it will be a very very very small value. also the tick
+ * callback will adjust the timer interval at the end anyway */
+ if (at_tick) {
+ if (!timer)
+ timer =
+ ecore_timer_add(interval,
+ _ecore_poller_cb_timer, NULL);
+ } else {
+ double t;
+
+ if (!timer)
+ timer =
+ ecore_timer_add(interval,
+ _ecore_poller_cb_timer, NULL);
+ else {
+ t = ecore_time_get();
+ if (interval != poll_cur_interval) {
+ t -= last_tick; /* time since we last ticked */
+ /* delete the timer and reset it to tick off in the new
+ * time interval. at the tick this will be adjusted */
+ ecore_timer_del(timer);
+ timer = ecore_timer_add(interval - t,
+ _ecore_poller_cb_timer,
+ NULL);
+ }
+ }
+ }
+ poll_cur_interval = interval;
}
-static Eina_Bool
-_ecore_poller_cb_timer(void *data __UNUSED__)
+static Eina_Bool _ecore_poller_cb_timer(void *data __UNUSED__)
{
- int i;
- Ecore_Poller *poller, *l;
- int changes = 0;
-
- at_tick++;
- last_tick = ecore_time_get();
- /* we have 16 counters - each incriments every time the poller counter
- * "ticks". it incriments by the minimum interval (which can be 1, 2, 4,
- * 7, 16 etc. up to 32768) */
- for (i = 0; i < 15; i++)
- {
- poller_counters[i] += interval_incr;
- /* wrap back to 0 if we exceed out loop count for the counter */
- if (poller_counters[i] >= (1 << i)) poller_counters[i] = 0;
- }
-
- just_added_poller = 0;
- /* walk the pollers now */
- poller_walking++;
- for (i = 0; i < 15; i++)
- {
- /* if the counter is @ 0 - this means that counter "went off" this
- * tick interval, so run all pollers hooked to that counter */
- if (poller_counters[i] == 0)
- {
- EINA_INLIST_FOREACH(pollers[i], poller)
- {
- if (!poller->delete_me)
- {
- if (!poller->func(poller->data))
- {
- if (!poller->delete_me)
- {
- poller->delete_me = 1;
- poller_delete_count++;
- }
- }
- }
- }
- }
- }
- poller_walking--;
-
- /* handle deletes afterwards */
- if (poller_delete_count > 0)
- {
- /* FIXME: walk all pollers and remove deleted ones */
- for (i = 0; i < 15; i++)
- {
- for (l = pollers[i]; l;)
- {
- poller = l;
- l = (Ecore_Poller *) EINA_INLIST_GET(l)->next;
- if (poller->delete_me)
- {
- pollers[i] = (Ecore_Poller *) eina_inlist_remove(EINA_INLIST_GET(pollers[i]), EINA_INLIST_GET(poller));
- free(poller);
- poller_delete_count--;
- changes++;
- if (poller_delete_count <= 0) break;
- }
- }
- if (poller_delete_count <= 0) break;
- }
- }
- /* if we deleted or added any pollers, then we need to re-evaluate our
- * minimum poll interval */
- if ((changes > 0) || (just_added_poller > 0))
- _ecore_poller_next_tick_eval();
-
- just_added_poller = 0;
- poller_delete_count = 0;
-
- at_tick--;
-
- /* if the timer was deleted then there is no point returning 1 - ambiguous
- * if we do as it im plies "keep running me" but we have been deleted
- * anyway */
- if (!timer) return ECORE_CALLBACK_CANCEL;
-
- /* adjust interval */
- ecore_timer_interval_set(timer, poll_cur_interval);
- return ECORE_CALLBACK_RENEW;
+ int i;
+ Ecore_Poller *poller, *l;
+ int changes = 0;
+
+ at_tick++;
+ last_tick = ecore_time_get();
+ /* we have 16 counters - each incriments every time the poller counter
+ * "ticks". it incriments by the minimum interval (which can be 1, 2, 4,
+ * 7, 16 etc. up to 32768) */
+ for (i = 0; i < 15; i++) {
+ poller_counters[i] += interval_incr;
+ /* wrap back to 0 if we exceed out loop count for the counter */
+ if (poller_counters[i] >= (1 << i))
+ poller_counters[i] = 0;
+ }
+
+ just_added_poller = 0;
+ /* walk the pollers now */
+ poller_walking++;
+ for (i = 0; i < 15; i++) {
+ /* if the counter is @ 0 - this means that counter "went off" this
+ * tick interval, so run all pollers hooked to that counter */
+ if (poller_counters[i] == 0) {
+ EINA_INLIST_FOREACH(pollers[i], poller) {
+ if (!poller->delete_me) {
+ if (!poller->func(poller->data)) {
+ if (!poller->delete_me) {
+ poller->delete_me =
+ 1;
+ poller_delete_count++;
+ }
+ }
+ }
+ }
+ }
+ }
+ poller_walking--;
+
+ /* handle deletes afterwards */
+ if (poller_delete_count > 0) {
+ /* FIXME: walk all pollers and remove deleted ones */
+ for (i = 0; i < 15; i++) {
+ for (l = pollers[i]; l;) {
+ poller = l;
+ l = (Ecore_Poller *) EINA_INLIST_GET(l)->
+ next;
+ if (poller->delete_me) {
+ pollers[i] =
+ (Ecore_Poller *)
+ eina_inlist_remove
+ (EINA_INLIST_GET(pollers[i]),
+ EINA_INLIST_GET(poller));
+ free(poller);
+ poller_delete_count--;
+ changes++;
+ if (poller_delete_count <= 0)
+ break;
+ }
+ }
+ if (poller_delete_count <= 0)
+ break;
+ }
+ }
+ /* if we deleted or added any pollers, then we need to re-evaluate our
+ * minimum poll interval */
+ if ((changes > 0) || (just_added_poller > 0))
+ _ecore_poller_next_tick_eval();
+
+ just_added_poller = 0;
+ poller_delete_count = 0;
+
+ at_tick--;
+
+ /* if the timer was deleted then there is no point returning 1 - ambiguous
+ * if we do as it im plies "keep running me" but we have been deleted
+ * anyway */
+ if (!timer)
+ return ECORE_CALLBACK_CANCEL;
+
+ /* adjust interval */
+ ecore_timer_interval_set(timer, poll_cur_interval);
+ return ECORE_CALLBACK_RENEW;
}
/**
@@ -210,10 +201,11 @@ _ecore_poller_cb_timer(void *data __UNUSED__)
* by @p type to the time period defined by @p poll_time.
*/
EAPI void
-ecore_poller_poll_interval_set(Ecore_Poller_Type type __UNUSED__, double poll_time)
+ecore_poller_poll_interval_set(Ecore_Poller_Type type __UNUSED__,
+ double poll_time)
{
- poll_interval = poll_time;
- _ecore_poller_next_tick_eval();
+ poll_interval = poll_time;
+ _ecore_poller_next_tick_eval();
}
/**
@@ -227,7 +219,7 @@ ecore_poller_poll_interval_set(Ecore_Poller_Type type __UNUSED__, double poll_ti
EAPI double
ecore_poller_poll_interval_get(Ecore_Poller_Type type __UNUSED__)
{
- return poll_interval;
+ return poll_interval;
}
/**
@@ -277,38 +269,46 @@ ecore_poller_poll_interval_get(Ecore_Poller_Type type __UNUSED__)
* 0 it will be deleted automatically making any references/handles for it
* invalid.
*/
-EAPI Ecore_Poller *
-ecore_poller_add(Ecore_Poller_Type type __UNUSED__, int interval, Ecore_Task_Cb func, const void *data)
+EAPI Ecore_Poller *ecore_poller_add(Ecore_Poller_Type type __UNUSED__,
+ int interval, Ecore_Task_Cb func,
+ const void *data)
{
- Ecore_Poller *poller;
- int ibit;
-
- if (!func) return NULL;
- if (interval < 1) interval = 1;
-
- poller = calloc(1, sizeof(Ecore_Poller));
- if (!poller) return NULL;
- ECORE_MAGIC_SET(poller, ECORE_MAGIC_POLLER);
- /* interval MUST be a power of 2, so enforce it */
- if (interval < 1) interval = 1;
- ibit = -1;
- while (interval != 0)
- {
- ibit++;
- interval >>= 1;
- }
- /* only allow up to 32768 - i.e. ibit == 15, so limit it */
- if (ibit > 15) ibit = 15;
-
- poller->ibit = ibit;
- poller->func = func;
- poller->data = (void *)data;
- pollers[poller->ibit] = (Ecore_Poller *) eina_inlist_prepend(EINA_INLIST_GET(pollers[poller->ibit]), EINA_INLIST_GET(poller));
- if (poller_walking)
- just_added_poller++;
- else
- _ecore_poller_next_tick_eval();
- return poller;
+ Ecore_Poller *poller;
+ int ibit;
+
+ if (!func)
+ return NULL;
+ if (interval < 1)
+ interval = 1;
+
+ poller = calloc(1, sizeof(Ecore_Poller));
+ if (!poller)
+ return NULL;
+ ECORE_MAGIC_SET(poller, ECORE_MAGIC_POLLER);
+ /* interval MUST be a power of 2, so enforce it */
+ if (interval < 1)
+ interval = 1;
+ ibit = -1;
+ while (interval != 0) {
+ ibit++;
+ interval >>= 1;
+ }
+ /* only allow up to 32768 - i.e. ibit == 15, so limit it */
+ if (ibit > 15)
+ ibit = 15;
+
+ poller->ibit = ibit;
+ poller->func = func;
+ poller->data = (void *) data;
+ pollers[poller->ibit] =
+ (Ecore_Poller *)
+ eina_inlist_prepend(EINA_INLIST_GET(pollers[poller->ibit]),
+ EINA_INLIST_GET(poller));
+ if (poller_walking)
+ just_added_poller++;
+ else
+ _ecore_poller_next_tick_eval();
+ return poller;
}
/**
@@ -323,38 +323,44 @@ ecore_poller_add(Ecore_Poller_Type type __UNUSED__, int interval, Ecore_Task_Cb
* @ingroup Ecore_Poller_Group
*/
EAPI Eina_Bool
-ecore_poller_poller_interval_set(Ecore_Poller *poller, int interval)
+ecore_poller_poller_interval_set(Ecore_Poller * poller, int interval)
{
- int ibit;
-
- if (!ECORE_MAGIC_CHECK(poller, ECORE_MAGIC_POLLER))
- {
- ECORE_MAGIC_FAIL(poller, ECORE_MAGIC_POLLER,
- "ecore_poller_poller_interval_set");
- return EINA_FALSE;
- }
-
- /* interval MUST be a power of 2, so enforce it */
- if (interval < 1) interval = 1;
- ibit = -1;
- while (interval != 0)
- {
- ibit++;
- interval >>= 1;
- }
- /* only allow up to 32768 - i.e. ibit == 15, so limit it */
- if (ibit > 15) ibit = 15;
- /* if interval specified is the same as interval set, return true without wasting time */
- if (poller->ibit == ibit)
- return EINA_TRUE;
- pollers[poller->ibit] = (Ecore_Poller *) eina_inlist_remove(EINA_INLIST_GET(pollers[poller->ibit]), EINA_INLIST_GET(poller));
- poller->ibit = ibit;
- pollers[poller->ibit] = (Ecore_Poller *) eina_inlist_prepend(EINA_INLIST_GET(pollers[poller->ibit]), EINA_INLIST_GET(poller));
- if (poller_walking)
- just_added_poller++;
- else
- _ecore_poller_next_tick_eval();
- return EINA_TRUE;
+ int ibit;
+
+ if (!ECORE_MAGIC_CHECK(poller, ECORE_MAGIC_POLLER)) {
+ ECORE_MAGIC_FAIL(poller, ECORE_MAGIC_POLLER,
+ "ecore_poller_poller_interval_set");
+ return EINA_FALSE;
+ }
+
+ /* interval MUST be a power of 2, so enforce it */
+ if (interval < 1)
+ interval = 1;
+ ibit = -1;
+ while (interval != 0) {
+ ibit++;
+ interval >>= 1;
+ }
+ /* only allow up to 32768 - i.e. ibit == 15, so limit it */
+ if (ibit > 15)
+ ibit = 15;
+ /* if interval specified is the same as interval set, return true without wasting time */
+ if (poller->ibit == ibit)
+ return EINA_TRUE;
+ pollers[poller->ibit] =
+ (Ecore_Poller *)
+ eina_inlist_remove(EINA_INLIST_GET(pollers[poller->ibit]),
+ EINA_INLIST_GET(poller));
+ poller->ibit = ibit;
+ pollers[poller->ibit] =
+ (Ecore_Poller *)
+ eina_inlist_prepend(EINA_INLIST_GET(pollers[poller->ibit]),
+ EINA_INLIST_GET(poller));
+ if (poller_walking)
+ just_added_poller++;
+ else
+ _ecore_poller_next_tick_eval();
+ return EINA_TRUE;
}
/**
@@ -366,25 +372,22 @@ ecore_poller_poller_interval_set(Ecore_Poller *poller, int interval)
* This returns a poller's polling interval, or 0 on error.
* @ingroup Ecore_Poller_Group
*/
-EAPI int
-ecore_poller_poller_interval_get(Ecore_Poller *poller)
+EAPI int ecore_poller_poller_interval_get(Ecore_Poller * poller)
{
- int ibit, interval = 1;
-
- if (!ECORE_MAGIC_CHECK(poller, ECORE_MAGIC_POLLER))
- {
- ECORE_MAGIC_FAIL(poller, ECORE_MAGIC_POLLER,
- "ecore_poller_poller_interval_get");
- return 0;
- }
-
- ibit = poller->ibit;
- while (ibit != 0)
- {
- ibit--;
- interval <<= 1;
- }
- return interval;
+ int ibit, interval = 1;
+
+ if (!ECORE_MAGIC_CHECK(poller, ECORE_MAGIC_POLLER)) {
+ ECORE_MAGIC_FAIL(poller, ECORE_MAGIC_POLLER,
+ "ecore_poller_poller_interval_get");
+ return 0;
+ }
+
+ ibit = poller->ibit;
+ while (ibit != 0) {
+ ibit--;
+ interval <<= 1;
+ }
+ return interval;
}
/**
@@ -397,46 +400,47 @@ ecore_poller_poller_interval_get(Ecore_Poller *poller)
* Note: @p poller must be a valid handle. If the poller function has already
* returned 0, the handle is no longer valid (and does not need to be delete).
*/
-EAPI void *
-ecore_poller_del(Ecore_Poller *poller)
+EAPI void *ecore_poller_del(Ecore_Poller * poller)
{
- void *data;
-
- if (!ECORE_MAGIC_CHECK(poller, ECORE_MAGIC_POLLER))
- {
- ECORE_MAGIC_FAIL(poller, ECORE_MAGIC_POLLER,
- "ecore_poller_del");
- return NULL;
- }
- /* we are walking the poller list - a bad idea to remove from it while
- * walking it, so just flag it as delete_me and come back to it after
- * the loop has finished */
- if (poller_walking > 0)
- {
- poller_delete_count++;
- poller->delete_me = 1;
- return poller->data;
- }
- /* not in loop so safe - delete immediately */
- data = poller->data;
- pollers[poller->ibit] = (Ecore_Poller *) eina_inlist_remove(EINA_INLIST_GET(pollers[poller->ibit]), EINA_INLIST_GET(poller));
- free(poller);
- _ecore_poller_next_tick_eval();
- return data;
+ void *data;
+
+ if (!ECORE_MAGIC_CHECK(poller, ECORE_MAGIC_POLLER)) {
+ ECORE_MAGIC_FAIL(poller, ECORE_MAGIC_POLLER,
+ "ecore_poller_del");
+ return NULL;
+ }
+ /* we are walking the poller list - a bad idea to remove from it while
+ * walking it, so just flag it as delete_me and come back to it after
+ * the loop has finished */
+ if (poller_walking > 0) {
+ poller_delete_count++;
+ poller->delete_me = 1;
+ return poller->data;
+ }
+ /* not in loop so safe - delete immediately */
+ data = poller->data;
+ pollers[poller->ibit] =
+ (Ecore_Poller *)
+ eina_inlist_remove(EINA_INLIST_GET(pollers[poller->ibit]),
+ EINA_INLIST_GET(poller));
+ free(poller);
+ _ecore_poller_next_tick_eval();
+ return data;
}
-void
-_ecore_poller_shutdown(void)
+void _ecore_poller_shutdown(void)
{
- int i;
- Ecore_Poller *poller;
-
- for (i = 0; i < 15; i++)
- {
- while ((poller = pollers[i]))
- {
- pollers[i] = (Ecore_Poller *) eina_inlist_remove(EINA_INLIST_GET(pollers[i]), EINA_INLIST_GET(pollers[i]));
- free(poller);
- }
- }
+ int i;
+ Ecore_Poller *poller;
+
+ for (i = 0; i < 15; i++) {
+ while ((poller = pollers[i])) {
+ pollers[i] =
+ (Ecore_Poller *)
+ eina_inlist_remove(EINA_INLIST_GET(pollers[i]),
+ EINA_INLIST_GET(pollers
+ [i]));
+ free(poller);
+ }
+ }
}
diff --git a/tests/suite/ecore/src/lib/ecore_private.h b/tests/suite/ecore/src/lib/ecore_private.h
index 5f08f8ab51..d487739679 100644
--- a/tests/suite/ecore/src/lib/ecore_private.h
+++ b/tests/suite/ecore/src/lib/ecore_private.h
@@ -1,63 +1,63 @@
#ifndef _ECORE_PRIVATE_H
#define _ECORE_PRIVATE_H
-extern int _ecore_log_dom ;
+extern int _ecore_log_dom;
#ifdef _ECORE_DEFAULT_LOG_DOM
-# undef _ECORE_DEFAULT_LOG_DOM
+#undef _ECORE_DEFAULT_LOG_DOM
#endif
#define _ECORE_DEFAULT_LOG_DOM _ecore_log_dom
#ifdef ECORE_DEFAULT_LOG_COLOR
-# undef ECORE_DEFAULT_LOG_COLOR
+#undef ECORE_DEFAULT_LOG_COLOR
#endif
#define ECORE_DEFAULT_LOG_COLOR EINA_COLOR_BLUE
#ifdef ERR
-# undef ERR
+#undef ERR
#endif
#define ERR(...) EINA_LOG_DOM_ERR(_ECORE_DEFAULT_LOG_DOM, __VA_ARGS__)
#ifdef DBG
-# undef DBG
+#undef DBG
#endif
#define DBG(...) EINA_LOG_DOM_DBG(_ECORE_DEFAULT_LOG_DOM, __VA_ARGS__)
#ifdef INF
-# undef INF
+#undef INF
#endif
#define INF(...) EINA_LOG_DOM_INFO(_ECORE_DEFAULT_LOG_DOM, __VA_ARGS__)
#ifdef WRN
-# undef WRN
+#undef WRN
#endif
#define WRN(...) EINA_LOG_DOM_WARN(_ECORE_DEFAULT_LOG_DOM, __VA_ARGS__)
#ifdef CRIT
-# undef CRIT
+#undef CRIT
#endif
#define CRIT(...) EINA_LOG_DOM_CRIT(_ECORE_DEFAULT_LOG_DOM, __VA_ARGS__)
#ifndef PATH_MAX
-# define PATH_MAX 4096
+#define PATH_MAX 4096
#endif
#ifndef MIN
-# define MIN(x, y) (((x) > (y)) ? (y) : (x))
+#define MIN(x, y) (((x) > (y)) ? (y) : (x))
#endif
#ifndef MAX
-# define MAX(x, y) (((x) > (y)) ? (x) : (y))
+#define MAX(x, y) (((x) > (y)) ? (x) : (y))
#endif
#ifndef ABS
-# define ABS(x) ((x) < 0 ? -(x) : (x))
+#define ABS(x) ((x) < 0 ? -(x) : (x))
#endif
#ifndef CLAMP
-# define CLAMP(x, min, max) (((x) > (max)) ? (max) : (((x) < (min)) ? (min) : (x)))
+#define CLAMP(x, min, max) (((x) > (max)) ? (max) : (((x) < (min)) ? (min) : (x)))
#endif
-#define EVAS_FRAME_QUEUING 1 /* for test */
+#define EVAS_FRAME_QUEUING 1 /* for test */
#define READBUFSIZ 65536
@@ -113,81 +113,97 @@ EAPI void ecore_print_warning(const char *function, const char *sparam);
return; \
}
-typedef unsigned int Ecore_Magic;
+typedef unsigned int Ecore_Magic;
-EAPI void _ecore_magic_fail(const void *d, Ecore_Magic m, Ecore_Magic req_m, const char *fname);
+EAPI void _ecore_magic_fail(const void *d, Ecore_Magic m,
+ Ecore_Magic req_m, const char *fname);
-void _ecore_time_init(void);
+void _ecore_time_init(void);
-void _ecore_timer_shutdown(void);
-void _ecore_timer_cleanup(void);
-void _ecore_timer_enable_new(void);
-double _ecore_timer_next_get(void);
-int _ecore_timers_exists(void);
-int _ecore_timer_call(double when);
+void _ecore_timer_shutdown(void);
+void _ecore_timer_cleanup(void);
+void _ecore_timer_enable_new(void);
+double _ecore_timer_next_get(void);
+int _ecore_timers_exists(void);
+int _ecore_timer_call(double when);
-void _ecore_idler_shutdown(void);
-int _ecore_idler_call(void);
-int _ecore_idler_exist(void);
+void _ecore_idler_shutdown(void);
+int _ecore_idler_call(void);
+int _ecore_idler_exist(void);
-void _ecore_idle_enterer_shutdown(void);
-void _ecore_idle_enterer_call(void);
-int _ecore_idle_enterer_exist(void);
+void _ecore_idle_enterer_shutdown(void);
+void _ecore_idle_enterer_call(void);
+int _ecore_idle_enterer_exist(void);
-void _ecore_idle_exiter_shutdown(void);
-void _ecore_idle_exiter_call(void);
-int _ecore_idle_exiter_exist(void);
+void _ecore_idle_exiter_shutdown(void);
+void _ecore_idle_exiter_call(void);
+int _ecore_idle_exiter_exist(void);
-void _ecore_event_shutdown(void);
-int _ecore_event_exist(void);
-Ecore_Event *_ecore_event_add(int type, void *ev, Ecore_End_Cb func_free, void *data);
-void _ecore_event_call(void);
+void _ecore_event_shutdown(void);
+int _ecore_event_exist(void);
+Ecore_Event *_ecore_event_add(int type, void *ev, Ecore_End_Cb func_free,
+ void *data);
+void _ecore_event_call(void);
-Ecore_Timer *_ecore_exe_doomsday_clock_get(Ecore_Exe *exe);
-void _ecore_exe_doomsday_clock_set(Ecore_Exe *exe, Ecore_Timer *dc);
+Ecore_Timer *_ecore_exe_doomsday_clock_get(Ecore_Exe * exe);
+void _ecore_exe_doomsday_clock_set(Ecore_Exe * exe, Ecore_Timer * dc);
-EAPI void *_ecore_event_signal_user_new(void);
-void *_ecore_event_signal_hup_new(void);
-void *_ecore_event_signal_exit_new(void);
-void *_ecore_event_signal_power_new(void);
-void *_ecore_event_signal_realtime_new(void);
+EAPI void *_ecore_event_signal_user_new(void);
+void *_ecore_event_signal_hup_new(void);
+void *_ecore_event_signal_exit_new(void);
+void *_ecore_event_signal_power_new(void);
+void *_ecore_event_signal_realtime_new(void);
-void _ecore_main_shutdown(void);
+void _ecore_main_shutdown(void);
#ifdef _WIN32
-static inline void _ecore_signal_shutdown(void) { }
-static inline void _ecore_signal_init(void) { }
-static inline int _ecore_signal_count_get(void) { return 0; }
-static inline void _ecore_signal_call(void) { }
+static inline void _ecore_signal_shutdown(void)
+{
+}
+
+static inline void _ecore_signal_init(void)
+{
+}
+
+static inline int _ecore_signal_count_get(void)
+{
+ return 0;
+}
+
+static inline void _ecore_signal_call(void)
+{
+}
#else
-void _ecore_signal_shutdown(void);
-void _ecore_signal_init(void);
-int _ecore_signal_count_get(void);
-void _ecore_signal_call(void);
+void _ecore_signal_shutdown(void);
+void _ecore_signal_init(void);
+int _ecore_signal_count_get(void);
+void _ecore_signal_call(void);
#endif
-void _ecore_exe_init(void);
-void _ecore_exe_shutdown(void);
+void _ecore_exe_init(void);
+void _ecore_exe_shutdown(void);
#ifndef _WIN32
-Ecore_Exe *_ecore_exe_find(pid_t pid);
-void *_ecore_exe_event_del_new(void);
-void _ecore_exe_event_del_free(void *data, void *ev);
+Ecore_Exe *_ecore_exe_find(pid_t pid);
+void *_ecore_exe_event_del_new(void);
+void _ecore_exe_event_del_free(void *data, void *ev);
#endif
-void _ecore_animator_shutdown(void);
+void _ecore_animator_shutdown(void);
-void _ecore_poller_shutdown(void);
+void _ecore_poller_shutdown(void);
-EAPI void *_ecore_list2_append (void *in_list, void *in_item);
-EAPI void *_ecore_list2_prepend (void *in_list, void *in_item);
-EAPI void *_ecore_list2_append_relative (void *in_list, void *in_item, void *in_relative);
-EAPI void *_ecore_list2_prepend_relative (void *in_list, void *in_item, void *in_relative);
-EAPI void *_ecore_list2_remove (void *in_list, void *in_item);
-EAPI void *_ecore_list2_find (void *in_list, void *in_item);
+EAPI void *_ecore_list2_append(void *in_list, void *in_item);
+EAPI void *_ecore_list2_prepend(void *in_list, void *in_item);
+EAPI void *_ecore_list2_append_relative(void *in_list, void *in_item,
+ void *in_relative);
+EAPI void *_ecore_list2_prepend_relative(void *in_list, void *in_item,
+ void *in_relative);
+EAPI void *_ecore_list2_remove(void *in_list, void *in_item);
+EAPI void *_ecore_list2_find(void *in_list, void *in_item);
-void _ecore_fps_debug_init(void);
-void _ecore_fps_debug_shutdown(void);
-void _ecore_fps_debug_runtime_add(double t);
+void _ecore_fps_debug_init(void);
+void _ecore_fps_debug_shutdown(void);
+void _ecore_fps_debug_runtime_add(double t);
void _ecore_thread_init(void);
void _ecore_thread_shutdown(void);
@@ -201,7 +217,7 @@ void _ecore_job_shutdown(void);
void _ecore_main_loop_init(void);
void _ecore_main_loop_shutdown(void);
-extern int _ecore_fps_debug;
+extern int _ecore_fps_debug;
extern double _ecore_time_loop_time;
extern Eina_Bool _ecore_glib_always_integrate;
diff --git a/tests/suite/ecore/src/lib/ecore_signal.c b/tests/suite/ecore/src/lib/ecore_signal.c
index 10a4711bed..a3ef01e53a 100644
--- a/tests/suite/ecore/src/lib/ecore_signal.c
+++ b/tests/suite/ecore/src/lib/ecore_signal.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdio.h>
@@ -17,29 +17,39 @@
/* valgrind in some versions/setups uses SIGRT's... hmmm */
#undef SIGRTMIN
-typedef void (*Signal_Handler)(int sig, siginfo_t *si, void *foo);
+typedef void (*Signal_Handler) (int sig, siginfo_t * si, void *foo);
static void _ecore_signal_callback_set(int sig, Signal_Handler func);
-static void _ecore_signal_callback_ignore(int sig, siginfo_t *si, void *foo);
-static void _ecore_signal_callback_sigchld(int sig, siginfo_t *si, void *foo);
-static void _ecore_signal_callback_sigusr1(int sig, siginfo_t *si, void *foo);
-static void _ecore_signal_callback_sigusr2(int sig, siginfo_t *si, void *foo);
-static void _ecore_signal_callback_sighup(int sig, siginfo_t *si, void *foo);
-static void _ecore_signal_callback_sigquit(int sig, siginfo_t *si, void *foo);
-static void _ecore_signal_callback_sigint(int sig, siginfo_t *si, void *foo);
-static void _ecore_signal_callback_sigterm(int sig, siginfo_t *si, void *foo);
+static void _ecore_signal_callback_ignore(int sig, siginfo_t * si,
+ void *foo);
+static void _ecore_signal_callback_sigchld(int sig, siginfo_t * si,
+ void *foo);
+static void _ecore_signal_callback_sigusr1(int sig, siginfo_t * si,
+ void *foo);
+static void _ecore_signal_callback_sigusr2(int sig, siginfo_t * si,
+ void *foo);
+static void _ecore_signal_callback_sighup(int sig, siginfo_t * si,
+ void *foo);
+static void _ecore_signal_callback_sigquit(int sig, siginfo_t * si,
+ void *foo);
+static void _ecore_signal_callback_sigint(int sig, siginfo_t * si,
+ void *foo);
+static void _ecore_signal_callback_sigterm(int sig, siginfo_t * si,
+ void *foo);
#ifdef SIGPWR
-static void _ecore_signal_callback_sigpwr(int sig, siginfo_t *si, void *foo);
+static void _ecore_signal_callback_sigpwr(int sig, siginfo_t * si,
+ void *foo);
#endif
#ifdef SIGRTMIN
-static void _ecore_signal_callback_sigrt(int sig, siginfo_t *si, void *foo);
+static void _ecore_signal_callback_sigrt(int sig, siginfo_t * si,
+ void *foo);
#endif
static Eina_Bool _ecore_signal_exe_exit_delay(void *data);
//#define MAXSIGQ 256 // 32k
-#define MAXSIGQ 64 // 8k
+#define MAXSIGQ 64 // 8k
static volatile sig_atomic_t sig_count = 0;
static volatile sig_atomic_t sigchld_count = 0;
@@ -70,551 +80,545 @@ static volatile siginfo_t sigpwr_info[MAXSIGQ];
static volatile siginfo_t *sigrt_info[MAXSIGQ];
#endif
-void
-_ecore_signal_shutdown(void)
+void _ecore_signal_shutdown(void)
{
#ifdef SIGRTMIN
- int i, num = SIGRTMAX - SIGRTMIN;
+ int i, num = SIGRTMAX - SIGRTMIN;
#endif
- _ecore_signal_callback_set(SIGPIPE, (Signal_Handler) SIG_DFL);
- _ecore_signal_callback_set(SIGALRM, (Signal_Handler) SIG_DFL);
- _ecore_signal_callback_set(SIGCHLD, (Signal_Handler) SIG_DFL);
- _ecore_signal_callback_set(SIGUSR1, (Signal_Handler) SIG_DFL);
- _ecore_signal_callback_set(SIGUSR2, (Signal_Handler) SIG_DFL);
- _ecore_signal_callback_set(SIGHUP, (Signal_Handler) SIG_DFL);
- _ecore_signal_callback_set(SIGQUIT, (Signal_Handler) SIG_DFL);
- _ecore_signal_callback_set(SIGINT, (Signal_Handler) SIG_DFL);
- _ecore_signal_callback_set(SIGTERM, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGPIPE, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGALRM, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGCHLD, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGUSR1, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGUSR2, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGHUP, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGQUIT, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGINT, (Signal_Handler) SIG_DFL);
+ _ecore_signal_callback_set(SIGTERM, (Signal_Handler) SIG_DFL);
#ifdef SIGPWR
- _ecore_signal_callback_set(SIGPWR, (Signal_Handler) SIG_DFL);
- sigpwr_count = 0;
+ _ecore_signal_callback_set(SIGPWR, (Signal_Handler) SIG_DFL);
+ sigpwr_count = 0;
#endif
- sigchld_count = 0;
- sigusr1_count = 0;
- sigusr2_count = 0;
- sighup_count = 0;
- sigquit_count = 0;
- sigint_count = 0;
- sigterm_count = 0;
- sig_count = 0;
+ sigchld_count = 0;
+ sigusr1_count = 0;
+ sigusr2_count = 0;
+ sighup_count = 0;
+ sigquit_count = 0;
+ sigint_count = 0;
+ sigterm_count = 0;
+ sig_count = 0;
#ifdef SIGRTMIN
- for (i = 0; i < num; i++)
- {
- _ecore_signal_callback_set(SIGRTMIN + i, (Signal_Handler) SIG_DFL);
- sigrt_count[i] = 0;
- }
-
- if (sigrt_count)
- {
- free((sig_atomic_t *) sigrt_count);
- sigrt_count = NULL;
- }
-
- for (i = 0; i < MAXSIGQ; i++)
- {
- if (sigrt_info[i])
- {
- free((siginfo_t *) sigrt_info[i]);
- sigrt_info[i] = NULL;
- }
- }
+ for (i = 0; i < num; i++) {
+ _ecore_signal_callback_set(SIGRTMIN + i,
+ (Signal_Handler) SIG_DFL);
+ sigrt_count[i] = 0;
+ }
+
+ if (sigrt_count) {
+ free((sig_atomic_t *) sigrt_count);
+ sigrt_count = NULL;
+ }
+
+ for (i = 0; i < MAXSIGQ; i++) {
+ if (sigrt_info[i]) {
+ free((siginfo_t *) sigrt_info[i]);
+ sigrt_info[i] = NULL;
+ }
+ }
#endif
}
-void
-_ecore_signal_init(void)
+void _ecore_signal_init(void)
{
#ifdef SIGRTMIN
- int i, num = SIGRTMAX - SIGRTMIN;
+ int i, num = SIGRTMAX - SIGRTMIN;
#endif
- _ecore_signal_callback_set(SIGPIPE, _ecore_signal_callback_ignore);
- _ecore_signal_callback_set(SIGALRM, _ecore_signal_callback_ignore);
- _ecore_signal_callback_set(SIGCHLD, _ecore_signal_callback_sigchld);
- _ecore_signal_callback_set(SIGUSR1, _ecore_signal_callback_sigusr1);
- _ecore_signal_callback_set(SIGUSR2, _ecore_signal_callback_sigusr2);
- _ecore_signal_callback_set(SIGHUP, _ecore_signal_callback_sighup);
- _ecore_signal_callback_set(SIGQUIT, _ecore_signal_callback_sigquit);
- _ecore_signal_callback_set(SIGINT, _ecore_signal_callback_sigint);
- _ecore_signal_callback_set(SIGTERM, _ecore_signal_callback_sigterm);
+ _ecore_signal_callback_set(SIGPIPE, _ecore_signal_callback_ignore);
+ _ecore_signal_callback_set(SIGALRM, _ecore_signal_callback_ignore);
+ _ecore_signal_callback_set(SIGCHLD,
+ _ecore_signal_callback_sigchld);
+ _ecore_signal_callback_set(SIGUSR1,
+ _ecore_signal_callback_sigusr1);
+ _ecore_signal_callback_set(SIGUSR2,
+ _ecore_signal_callback_sigusr2);
+ _ecore_signal_callback_set(SIGHUP, _ecore_signal_callback_sighup);
+ _ecore_signal_callback_set(SIGQUIT,
+ _ecore_signal_callback_sigquit);
+ _ecore_signal_callback_set(SIGINT, _ecore_signal_callback_sigint);
+ _ecore_signal_callback_set(SIGTERM,
+ _ecore_signal_callback_sigterm);
#ifdef SIGPWR
- _ecore_signal_callback_set(SIGPWR, _ecore_signal_callback_sigpwr);
+ _ecore_signal_callback_set(SIGPWR, _ecore_signal_callback_sigpwr);
#endif
#ifdef SIGRTMIN
- sigrt_count = calloc(1, sizeof(sig_atomic_t) * num);
- assert(sigrt_count);
+ sigrt_count = calloc(1, sizeof(sig_atomic_t) * num);
+ assert(sigrt_count);
- for (i = 0; i < MAXSIGQ; i++)
- {
- sigrt_info[i] = calloc(1, sizeof(siginfo_t) * num);
- assert(sigrt_info[i]);
- }
+ for (i = 0; i < MAXSIGQ; i++) {
+ sigrt_info[i] = calloc(1, sizeof(siginfo_t) * num);
+ assert(sigrt_info[i]);
+ }
- for (i = 0; i < num; i++)
- _ecore_signal_callback_set(SIGRTMIN + i, _ecore_signal_callback_sigrt);
+ for (i = 0; i < num; i++)
+ _ecore_signal_callback_set(SIGRTMIN + i,
+ _ecore_signal_callback_sigrt);
#endif
}
-int
-_ecore_signal_count_get(void)
+int _ecore_signal_count_get(void)
{
- return sig_count;
+ return sig_count;
}
-void
-_ecore_signal_call(void)
+void _ecore_signal_call(void)
{
#ifdef SIGRTMIN
- int i, num = SIGRTMAX - SIGRTMIN;
+ int i, num = SIGRTMAX - SIGRTMIN;
#endif
- volatile sig_atomic_t n;
- sigset_t oldset, newset;
-
- if (sig_count == 0) return;
- sigemptyset(&newset);
- sigaddset(&newset, SIGPIPE);
- sigaddset(&newset, SIGALRM);
- sigaddset(&newset, SIGCHLD);
- sigaddset(&newset, SIGUSR1);
- sigaddset(&newset, SIGUSR2);
- sigaddset(&newset, SIGHUP);
- sigaddset(&newset, SIGQUIT);
- sigaddset(&newset, SIGINT);
- sigaddset(&newset, SIGTERM);
+ volatile sig_atomic_t n;
+ sigset_t oldset, newset;
+
+ if (sig_count == 0)
+ return;
+ sigemptyset(&newset);
+ sigaddset(&newset, SIGPIPE);
+ sigaddset(&newset, SIGALRM);
+ sigaddset(&newset, SIGCHLD);
+ sigaddset(&newset, SIGUSR1);
+ sigaddset(&newset, SIGUSR2);
+ sigaddset(&newset, SIGHUP);
+ sigaddset(&newset, SIGQUIT);
+ sigaddset(&newset, SIGINT);
+ sigaddset(&newset, SIGTERM);
#ifdef SIGPWR
- sigaddset(&newset, SIGPWR);
+ sigaddset(&newset, SIGPWR);
#endif
#ifdef SIGRTMIN
- for (i = 0; i < num; i++)
- sigaddset(&newset, SIGRTMIN + i);
+ for (i = 0; i < num; i++)
+ sigaddset(&newset, SIGRTMIN + i);
#endif
- sigprocmask(SIG_BLOCK, &newset, &oldset);
- if (sigchld_count > MAXSIGQ)
- WRN("%i SIGCHLD in queue. max queue size %i. losing "
- "siginfo for extra signals.", sigchld_count, MAXSIGQ);
- for (n = 0; n < sigchld_count; n++)
- {
- pid_t pid;
- int status;
-
- while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
- {
- Ecore_Exe_Event_Del *e;
-
- /* FIXME: If this process is set respawn, respawn with a suitable backoff
- * period for those that need too much respawning.
- */
- e = _ecore_exe_event_del_new();
- if (e)
- {
- if (WIFEXITED(status))
- {
- e->exit_code = WEXITSTATUS(status);
- e->exited = 1;
- }
- else if (WIFSIGNALED(status))
- {
- e->exit_signal = WTERMSIG(status);
- e->signalled = 1;
- }
- e->pid = pid;
- e->exe = _ecore_exe_find(pid);
-
- if ((n < MAXSIGQ) && (sigchld_info[n].si_signo))
- e->data = sigchld_info[n]; /* No need to clone this. */
-
- if ((e->exe) && (ecore_exe_flags_get(e->exe) & (ECORE_EXE_PIPE_READ | ECORE_EXE_PIPE_ERROR)))
- {
- /* We want to report the Last Words of the exe, so delay this event.
- * This is twice as relevant for stderr.
- * There are three possibilities here -
- * 1 There are no Last Words.
- * 2 There are Last Words, they are not ready to be read.
- * 3 There are Last Words, they are ready to be read.
- *
- * For 1 we don't want to delay, for 3 we want to delay.
- * 2 is the problem. If we check for data now and there
- * is none, then there is no way to differentiate 1 and 2.
- * If we don't delay, we may loose data, but if we do delay,
- * there may not be data and the exit event never gets sent.
- *
- * Any way you look at it, there has to be some time passed
- * before the exit event gets sent. So the strategy here is
- * to setup a timer event that will send the exit event after
- * an arbitrary, but brief, time.
- *
- * This is probably paranoid, for the less paraniod, we could
- * check to see for Last Words, and only delay if there are any.
- * This has it's own set of problems.
- */
- Ecore_Timer *doomsday_clock;
-
- doomsday_clock = _ecore_exe_doomsday_clock_get(e->exe);
- IF_FN_DEL(ecore_timer_del, doomsday_clock);
- _ecore_exe_doomsday_clock_set(e->exe, ecore_timer_add(0.1, _ecore_signal_exe_exit_delay, e));
- }
- else
- {
- _ecore_event_add(ECORE_EXE_EVENT_DEL, e,
- _ecore_exe_event_del_free, NULL);
- }
- }
- }
- sig_count--;
- }
- sigchld_count = 0;
-
- if (sigusr1_count > MAXSIGQ)
- WRN("%i SIGUSR1 in queue. max queue size %i. losing "
- "siginfo for extra signals.", sigusr1_count, MAXSIGQ);
- for (n = 0; n < sigusr1_count; n++)
- {
- Ecore_Event_Signal_User *e;
-
- e = _ecore_event_signal_user_new();
- if (e)
- {
- e->number = 1;
-
- if ((n < MAXSIGQ) && (sigusr1_info[n].si_signo))
- e->data = sigusr1_info[n];
-
- ecore_event_add(ECORE_EVENT_SIGNAL_USER, e, NULL, NULL);
- }
- sig_count--;
- }
- sigusr1_count = 0;
-
- if (sigusr2_count > MAXSIGQ)
- WRN("%i SIGUSR2 in queue. max queue size %i. losing "
- "siginfo for extra signals.", sigusr2_count, MAXSIGQ);
- for (n = 0; n < sigusr2_count; n++)
- {
- Ecore_Event_Signal_User *e;
-
- e = _ecore_event_signal_user_new();
- if (e)
- {
- e->number = 2;
-
- if ((n < MAXSIGQ) && (sigusr2_info[n].si_signo))
- e->data = sigusr2_info[n];
-
- ecore_event_add(ECORE_EVENT_SIGNAL_USER, e, NULL, NULL);
- }
- sig_count--;
- }
- sigusr2_count = 0;
-
- if (sighup_count > MAXSIGQ)
- WRN("%i SIGHUP in queue. max queue size %i. losing "
- "siginfo for extra signals.", sighup_count, MAXSIGQ);
- for (n = 0; n < sighup_count; n++)
- {
- Ecore_Event_Signal_Hup *e;
-
- e = _ecore_event_signal_hup_new();
- if (e)
- {
- if ((n < MAXSIGQ) && (sighup_info[n].si_signo))
- e->data = sighup_info[n];
-
- ecore_event_add(ECORE_EVENT_SIGNAL_HUP, e, NULL, NULL);
- }
- sig_count--;
- }
- sighup_count = 0;
-
- if (sigquit_count > MAXSIGQ)
- WRN("%i SIGQUIT in queue. max queue size %i. losing "
- "siginfo for extra signals.", sigquit_count, MAXSIGQ);
- for (n = 0; n < sigquit_count; n++)
- {
- Ecore_Event_Signal_Exit *e;
-
- e = _ecore_event_signal_exit_new();
- if (e)
- {
- e->quit = 1;
-
- if ((n < MAXSIGQ) && (sigquit_info[n].si_signo))
- e->data = sigquit_info[n];
-
- ecore_event_add(ECORE_EVENT_SIGNAL_EXIT, e, NULL, NULL);
- }
- sig_count--;
- }
- sigquit_count = 0;
-
- if (sigint_count > MAXSIGQ)
- WRN("%i SIGINT in queue. max queue size %i. losing "
- "siginfo for extra signals.", sigint_count, MAXSIGQ);
- for (n = 0; n < sigint_count; n++)
- {
- Ecore_Event_Signal_Exit *e;
-
- e = _ecore_event_signal_exit_new();
- if (e)
- {
- e->interrupt = 1;
-
- if ((n < MAXSIGQ) && (sigint_info[n].si_signo))
- e->data = sigint_info[n];
-
- ecore_event_add(ECORE_EVENT_SIGNAL_EXIT, e, NULL, NULL);
- }
- sig_count--;
- }
- sigint_count = 0;
-
- if (sigterm_count > MAXSIGQ)
- WRN("%i SIGTERM in queue. max queue size %i. losing "
- "siginfo for extra signals.", sigterm_count, MAXSIGQ);
- for (n = 0; n < sigterm_count; n++)
- {
- Ecore_Event_Signal_Exit *e;
-
- e = _ecore_event_signal_exit_new();
- if (e)
- {
- e->terminate = 1;
-
- if ((n < MAXSIGQ) && (sigterm_info[n].si_signo))
- e->data = sigterm_info[n];
-
- ecore_event_add(ECORE_EVENT_SIGNAL_EXIT, e, NULL, NULL);
- }
- sig_count--;
- }
- sigterm_count = 0;
+ sigprocmask(SIG_BLOCK, &newset, &oldset);
+ if (sigchld_count > MAXSIGQ)
+ WRN("%i SIGCHLD in queue. max queue size %i. losing "
+ "siginfo for extra signals.", sigchld_count, MAXSIGQ);
+ for (n = 0; n < sigchld_count; n++) {
+ pid_t pid;
+ int status;
+
+ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
+ Ecore_Exe_Event_Del *e;
+
+ /* FIXME: If this process is set respawn, respawn with a suitable backoff
+ * period for those that need too much respawning.
+ */
+ e = _ecore_exe_event_del_new();
+ if (e) {
+ if (WIFEXITED(status)) {
+ e->exit_code = WEXITSTATUS(status);
+ e->exited = 1;
+ } else if (WIFSIGNALED(status)) {
+ e->exit_signal = WTERMSIG(status);
+ e->signalled = 1;
+ }
+ e->pid = pid;
+ e->exe = _ecore_exe_find(pid);
+
+ if ((n < MAXSIGQ)
+ && (sigchld_info[n].si_signo))
+ e->data = sigchld_info[n]; /* No need to clone this. */
+
+ if ((e->exe)
+ && (ecore_exe_flags_get(e->exe) &
+ (ECORE_EXE_PIPE_READ |
+ ECORE_EXE_PIPE_ERROR))) {
+ /* We want to report the Last Words of the exe, so delay this event.
+ * This is twice as relevant for stderr.
+ * There are three possibilities here -
+ * 1 There are no Last Words.
+ * 2 There are Last Words, they are not ready to be read.
+ * 3 There are Last Words, they are ready to be read.
+ *
+ * For 1 we don't want to delay, for 3 we want to delay.
+ * 2 is the problem. If we check for data now and there
+ * is none, then there is no way to differentiate 1 and 2.
+ * If we don't delay, we may loose data, but if we do delay,
+ * there may not be data and the exit event never gets sent.
+ *
+ * Any way you look at it, there has to be some time passed
+ * before the exit event gets sent. So the strategy here is
+ * to setup a timer event that will send the exit event after
+ * an arbitrary, but brief, time.
+ *
+ * This is probably paranoid, for the less paraniod, we could
+ * check to see for Last Words, and only delay if there are any.
+ * This has it's own set of problems.
+ */
+ Ecore_Timer *doomsday_clock;
+
+ doomsday_clock =
+ _ecore_exe_doomsday_clock_get
+ (e->exe);
+ IF_FN_DEL(ecore_timer_del,
+ doomsday_clock);
+ _ecore_exe_doomsday_clock_set(e->
+ exe,
+ ecore_timer_add
+ (0.1,
+ _ecore_signal_exe_exit_delay,
+ e));
+ } else {
+ _ecore_event_add
+ (ECORE_EXE_EVENT_DEL, e,
+ _ecore_exe_event_del_free,
+ NULL);
+ }
+ }
+ }
+ sig_count--;
+ }
+ sigchld_count = 0;
+
+ if (sigusr1_count > MAXSIGQ)
+ WRN("%i SIGUSR1 in queue. max queue size %i. losing "
+ "siginfo for extra signals.", sigusr1_count, MAXSIGQ);
+ for (n = 0; n < sigusr1_count; n++) {
+ Ecore_Event_Signal_User *e;
+
+ e = _ecore_event_signal_user_new();
+ if (e) {
+ e->number = 1;
+
+ if ((n < MAXSIGQ) && (sigusr1_info[n].si_signo))
+ e->data = sigusr1_info[n];
+
+ ecore_event_add(ECORE_EVENT_SIGNAL_USER, e, NULL,
+ NULL);
+ }
+ sig_count--;
+ }
+ sigusr1_count = 0;
+
+ if (sigusr2_count > MAXSIGQ)
+ WRN("%i SIGUSR2 in queue. max queue size %i. losing "
+ "siginfo for extra signals.", sigusr2_count, MAXSIGQ);
+ for (n = 0; n < sigusr2_count; n++) {
+ Ecore_Event_Signal_User *e;
+
+ e = _ecore_event_signal_user_new();
+ if (e) {
+ e->number = 2;
+
+ if ((n < MAXSIGQ) && (sigusr2_info[n].si_signo))
+ e->data = sigusr2_info[n];
+
+ ecore_event_add(ECORE_EVENT_SIGNAL_USER, e, NULL,
+ NULL);
+ }
+ sig_count--;
+ }
+ sigusr2_count = 0;
+
+ if (sighup_count > MAXSIGQ)
+ WRN("%i SIGHUP in queue. max queue size %i. losing "
+ "siginfo for extra signals.", sighup_count, MAXSIGQ);
+ for (n = 0; n < sighup_count; n++) {
+ Ecore_Event_Signal_Hup *e;
+
+ e = _ecore_event_signal_hup_new();
+ if (e) {
+ if ((n < MAXSIGQ) && (sighup_info[n].si_signo))
+ e->data = sighup_info[n];
+
+ ecore_event_add(ECORE_EVENT_SIGNAL_HUP, e, NULL,
+ NULL);
+ }
+ sig_count--;
+ }
+ sighup_count = 0;
+
+ if (sigquit_count > MAXSIGQ)
+ WRN("%i SIGQUIT in queue. max queue size %i. losing "
+ "siginfo for extra signals.", sigquit_count, MAXSIGQ);
+ for (n = 0; n < sigquit_count; n++) {
+ Ecore_Event_Signal_Exit *e;
+
+ e = _ecore_event_signal_exit_new();
+ if (e) {
+ e->quit = 1;
+
+ if ((n < MAXSIGQ) && (sigquit_info[n].si_signo))
+ e->data = sigquit_info[n];
+
+ ecore_event_add(ECORE_EVENT_SIGNAL_EXIT, e, NULL,
+ NULL);
+ }
+ sig_count--;
+ }
+ sigquit_count = 0;
+
+ if (sigint_count > MAXSIGQ)
+ WRN("%i SIGINT in queue. max queue size %i. losing "
+ "siginfo for extra signals.", sigint_count, MAXSIGQ);
+ for (n = 0; n < sigint_count; n++) {
+ Ecore_Event_Signal_Exit *e;
+
+ e = _ecore_event_signal_exit_new();
+ if (e) {
+ e->interrupt = 1;
+
+ if ((n < MAXSIGQ) && (sigint_info[n].si_signo))
+ e->data = sigint_info[n];
+
+ ecore_event_add(ECORE_EVENT_SIGNAL_EXIT, e, NULL,
+ NULL);
+ }
+ sig_count--;
+ }
+ sigint_count = 0;
+
+ if (sigterm_count > MAXSIGQ)
+ WRN("%i SIGTERM in queue. max queue size %i. losing "
+ "siginfo for extra signals.", sigterm_count, MAXSIGQ);
+ for (n = 0; n < sigterm_count; n++) {
+ Ecore_Event_Signal_Exit *e;
+
+ e = _ecore_event_signal_exit_new();
+ if (e) {
+ e->terminate = 1;
+
+ if ((n < MAXSIGQ) && (sigterm_info[n].si_signo))
+ e->data = sigterm_info[n];
+
+ ecore_event_add(ECORE_EVENT_SIGNAL_EXIT, e, NULL,
+ NULL);
+ }
+ sig_count--;
+ }
+ sigterm_count = 0;
#ifdef SIGPWR
- if (sigpwr_count > MAXSIGQ)
- WRN("%i SIGPWR in queue. max queue size %i. losing "
- "siginfo for extra signals.", sigpwr_count, MAXSIGQ);
- for (n = 0; n < sigpwr_count; n++)
- {
- Ecore_Event_Signal_Power *e;
-
- e = _ecore_event_signal_power_new();
- if (e)
- {
- if ((n < MAXSIGQ) && (sigpwr_info[n].si_signo))
- e->data = sigpwr_info[n];
-
- ecore_event_add(ECORE_EVENT_SIGNAL_POWER, e, NULL, NULL);
- }
- sig_count--;
- }
- sigpwr_count = 0;
+ if (sigpwr_count > MAXSIGQ)
+ WRN("%i SIGPWR in queue. max queue size %i. losing "
+ "siginfo for extra signals.", sigpwr_count, MAXSIGQ);
+ for (n = 0; n < sigpwr_count; n++) {
+ Ecore_Event_Signal_Power *e;
+
+ e = _ecore_event_signal_power_new();
+ if (e) {
+ if ((n < MAXSIGQ) && (sigpwr_info[n].si_signo))
+ e->data = sigpwr_info[n];
+
+ ecore_event_add(ECORE_EVENT_SIGNAL_POWER, e, NULL,
+ NULL);
+ }
+ sig_count--;
+ }
+ sigpwr_count = 0;
#endif
#ifdef SIGRTMIN
- for (i = 0; i < num; i++)
- {
- if (sigrt_count[i] > MAXSIGQ)
- WRN("%i SIGRT%i in queue. max queue size %i. losing "
- "siginfo for extra signals.", i + 1, sigrt_count[i], MAXSIGQ);
- for (n = 0; n < sigrt_count[i]; n++)
- {
- Ecore_Event_Signal_Realtime *e;
-
- if ((e = _ecore_event_signal_realtime_new()))
- {
- e->num = i;
-
- if ((n < MAXSIGQ) && (sigrt_info[n][i].si_signo))
- e->data = sigrt_info[n][i];
-
- ecore_event_add(ECORE_EVENT_SIGNAL_REALTIME, e, NULL, NULL);
- }
- sig_count--;
- }
- sigrt_count[i] = 0;
- }
+ for (i = 0; i < num; i++) {
+ if (sigrt_count[i] > MAXSIGQ)
+ WRN("%i SIGRT%i in queue. max queue size %i. losing " "siginfo for extra signals.", i + 1, sigrt_count[i], MAXSIGQ);
+ for (n = 0; n < sigrt_count[i]; n++) {
+ Ecore_Event_Signal_Realtime *e;
+
+ if ((e = _ecore_event_signal_realtime_new())) {
+ e->num = i;
+
+ if ((n < MAXSIGQ)
+ && (sigrt_info[n][i].si_signo))
+ e->data = sigrt_info[n][i];
+
+ ecore_event_add
+ (ECORE_EVENT_SIGNAL_REALTIME, e, NULL,
+ NULL);
+ }
+ sig_count--;
+ }
+ sigrt_count[i] = 0;
+ }
#endif
- sigprocmask(SIG_SETMASK, &oldset, NULL);
+ sigprocmask(SIG_SETMASK, &oldset, NULL);
}
-static void
-_ecore_signal_callback_set(int sig, Signal_Handler func)
+static void _ecore_signal_callback_set(int sig, Signal_Handler func)
{
- struct sigaction sa;
+ struct sigaction sa;
- sa.sa_sigaction = func;
- sa.sa_flags = SA_RESTART | SA_SIGINFO;
- sigemptyset(&sa.sa_mask);
- sigaction(sig, &sa, NULL);
+ sa.sa_sigaction = func;
+ sa.sa_flags = SA_RESTART | SA_SIGINFO;
+ sigemptyset(&sa.sa_mask);
+ sigaction(sig, &sa, NULL);
}
static void
-_ecore_signal_callback_ignore(int sig __UNUSED__, siginfo_t *si __UNUSED__, void *foo __UNUSED__)
+_ecore_signal_callback_ignore(int sig __UNUSED__,
+ siginfo_t * si __UNUSED__,
+ void *foo __UNUSED__)
{
}
static void
-_ecore_signal_callback_sigchld(int sig __UNUSED__, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sigchld(int sig __UNUSED__, siginfo_t * si,
+ void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sigchld_info[n] = *si;
- else
- sigchld_info[n].si_signo = 0;
- }
-
- sigchld_count++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sigchld_info[n] = *si;
+ else
+ sigchld_info[n].si_signo = 0;
+ }
+
+ sigchld_count++;
+ sig_count++;
}
static void
-_ecore_signal_callback_sigusr1(int sig __UNUSED__, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sigusr1(int sig __UNUSED__, siginfo_t * si,
+ void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sigusr1_info[n] = *si;
- else
- sigusr1_info[n].si_signo = 0;
- }
- sigusr1_count++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sigusr1_info[n] = *si;
+ else
+ sigusr1_info[n].si_signo = 0;
+ }
+ sigusr1_count++;
+ sig_count++;
}
static void
-_ecore_signal_callback_sigusr2(int sig __UNUSED__, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sigusr2(int sig __UNUSED__, siginfo_t * si,
+ void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sigusr2_info[n] = *si;
- else
- sigusr2_info[n].si_signo = 0;
- }
- sigusr2_count++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sigusr2_info[n] = *si;
+ else
+ sigusr2_info[n].si_signo = 0;
+ }
+ sigusr2_count++;
+ sig_count++;
}
static void
-_ecore_signal_callback_sighup(int sig __UNUSED__, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sighup(int sig __UNUSED__, siginfo_t * si,
+ void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sighup_info[n] = *si;
- else
- sighup_info[n].si_signo = 0;
- }
- sighup_count++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sighup_info[n] = *si;
+ else
+ sighup_info[n].si_signo = 0;
+ }
+ sighup_count++;
+ sig_count++;
}
static void
-_ecore_signal_callback_sigquit(int sig __UNUSED__, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sigquit(int sig __UNUSED__, siginfo_t * si,
+ void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sigquit_info[n] = *si;
- else
- sigquit_info[n].si_signo = 0;
- }
- sigquit_count++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sigquit_info[n] = *si;
+ else
+ sigquit_info[n].si_signo = 0;
+ }
+ sigquit_count++;
+ sig_count++;
}
static void
-_ecore_signal_callback_sigint(int sig __UNUSED__, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sigint(int sig __UNUSED__, siginfo_t * si,
+ void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sigint_info[n] = *si;
- else
- sigint_info[n].si_signo = 0;
- }
- sigint_count++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sigint_info[n] = *si;
+ else
+ sigint_info[n].si_signo = 0;
+ }
+ sigint_count++;
+ sig_count++;
}
static void
-_ecore_signal_callback_sigterm(int sig __UNUSED__, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sigterm(int sig __UNUSED__, siginfo_t * si,
+ void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sigterm_info[n] = *si;
- else
- sigterm_info[n].si_signo = 0;
- }
- sigterm_count++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sigterm_info[n] = *si;
+ else
+ sigterm_info[n].si_signo = 0;
+ }
+ sigterm_count++;
+ sig_count++;
}
#ifdef SIGPWR
static void
-_ecore_signal_callback_sigpwr(int sig __UNUSED__, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sigpwr(int sig __UNUSED__, siginfo_t * si,
+ void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sigpwr_info[n] = *si;
- else
- sigpwr_info[n].si_signo = 0;
- }
- sigpwr_count++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sigpwr_info[n] = *si;
+ else
+ sigpwr_info[n].si_signo = 0;
+ }
+ sigpwr_count++;
+ sig_count++;
}
#endif
#ifdef SIGRTMIN
static void
-_ecore_signal_callback_sigrt(int sig, siginfo_t *si, void *foo __UNUSED__)
+_ecore_signal_callback_sigrt(int sig, siginfo_t * si, void *foo __UNUSED__)
{
- volatile sig_atomic_t n;
- n = sigchld_count;
- if (n < MAXSIGQ)
- {
- if (si)
- sigrt_info[n][sig - SIGRTMIN] = *si;
- else
- sigrt_info[n][sig - SIGRTMIN].si_signo = 0;
- }
- sigrt_count[sig - SIGRTMIN]++;
- sig_count++;
+ volatile sig_atomic_t n;
+ n = sigchld_count;
+ if (n < MAXSIGQ) {
+ if (si)
+ sigrt_info[n][sig - SIGRTMIN] = *si;
+ else
+ sigrt_info[n][sig - SIGRTMIN].si_signo = 0;
+ }
+ sigrt_count[sig - SIGRTMIN]++;
+ sig_count++;
}
#endif
-static Eina_Bool
-_ecore_signal_exe_exit_delay(void *data)
+static Eina_Bool _ecore_signal_exe_exit_delay(void *data)
{
- Ecore_Exe_Event_Del *e;
-
- e = data;
- if (e)
- {
- _ecore_exe_doomsday_clock_set(e->exe, NULL);
- _ecore_event_add(ECORE_EXE_EVENT_DEL, e,
- _ecore_exe_event_del_free, NULL);
- }
- return ECORE_CALLBACK_CANCEL;
+ Ecore_Exe_Event_Del *e;
+
+ e = data;
+ if (e) {
+ _ecore_exe_doomsday_clock_set(e->exe, NULL);
+ _ecore_event_add(ECORE_EXE_EVENT_DEL, e,
+ _ecore_exe_event_del_free, NULL);
+ }
+ return ECORE_CALLBACK_CANCEL;
}
diff --git a/tests/suite/ecore/src/lib/ecore_thread.c b/tests/suite/ecore/src/lib/ecore_thread.c
index c8a5daf190..27a924f7e5 100644
--- a/tests/suite/ecore/src/lib/ecore_thread.c
+++ b/tests/suite/ecore/src/lib/ecore_thread.c
@@ -1,24 +1,24 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#ifdef EFL_HAVE_PTHREAD
-# include <pthread.h>
-# ifdef __linux__
-# ifndef _GNU_SOURCE
-# define _GNU_SOURCE 1
-# endif
-# include <sched.h>
-# include <sys/time.h>
-# include <sys/resource.h>
-# include <unistd.h>
-# include <sys/syscall.h>
-# include <errno.h>
-# endif
+#include <pthread.h>
+#ifdef __linux__
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+#include <sched.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+#include <errno.h>
+#endif
#endif
#include "Ecore.h"
@@ -26,50 +26,47 @@
typedef struct _Ecore_Pthread_Worker Ecore_Pthread_Worker;
typedef struct _Ecore_Pthread Ecore_Pthread;
-typedef struct _Ecore_Thread_Data Ecore_Thread_Data;
+typedef struct _Ecore_Thread_Data Ecore_Thread_Data;
-struct _Ecore_Thread_Data
-{
- void *data;
- Eina_Free_Cb cb;
+struct _Ecore_Thread_Data {
+ void *data;
+ Eina_Free_Cb cb;
};
-struct _Ecore_Pthread_Worker
-{
- union {
- struct {
- Ecore_Cb func_blocking;
- } short_run;
- struct {
- Ecore_Thread_Heavy_Cb func_heavy;
- Ecore_Thread_Notify_Cb func_notify;
- Ecore_Pipe *notify;
- } feedback_run;
- } u;
-
- Ecore_Cb func_cancel;
- Ecore_Cb func_end;
+struct _Ecore_Pthread_Worker {
+ union {
+ struct {
+ Ecore_Cb func_blocking;
+ } short_run;
+ struct {
+ Ecore_Thread_Heavy_Cb func_heavy;
+ Ecore_Thread_Notify_Cb func_notify;
+ Ecore_Pipe *notify;
+ } feedback_run;
+ } u;
+
+ Ecore_Cb func_cancel;
+ Ecore_Cb func_end;
#ifdef EFL_HAVE_PTHREAD
- pthread_t self;
- Eina_Hash *hash;
- pthread_cond_t cond;
- pthread_mutex_t mutex;
+ pthread_t self;
+ Eina_Hash *hash;
+ pthread_cond_t cond;
+ pthread_mutex_t mutex;
#endif
-
- const void *data;
-
- Eina_Bool cancel : 1;
- Eina_Bool feedback_run : 1;
+
+ const void *data;
+
+ Eina_Bool cancel:1;
+ Eina_Bool feedback_run:1;
};
#ifdef EFL_HAVE_PTHREAD
typedef struct _Ecore_Pthread_Data Ecore_Pthread_Data;
-struct _Ecore_Pthread_Data
-{
- Ecore_Pipe *p;
- void *data;
- pthread_t thread;
+struct _Ecore_Pthread_Data {
+ Ecore_Pipe *p;
+ void *data;
+ pthread_t thread;
};
#endif
@@ -83,303 +80,316 @@ static Eina_List *_ecore_active_job_threads = NULL;
static Eina_List *_ecore_pending_job_threads = NULL;
static Eina_List *_ecore_pending_job_threads_feedback = NULL;
static Ecore_Event_Handler *del_handler = NULL;
-static pthread_mutex_t _ecore_pending_job_threads_mutex = PTHREAD_MUTEX_INITIALIZER;
+static pthread_mutex_t _ecore_pending_job_threads_mutex =
+ PTHREAD_MUTEX_INITIALIZER;
static Eina_Hash *_ecore_thread_global_hash = NULL;
-static pthread_rwlock_t _ecore_thread_global_hash_lock = PTHREAD_RWLOCK_INITIALIZER;
-static pthread_mutex_t _ecore_thread_global_hash_mutex = PTHREAD_MUTEX_INITIALIZER;
-static pthread_cond_t _ecore_thread_global_hash_cond = PTHREAD_COND_INITIALIZER;
+static pthread_rwlock_t _ecore_thread_global_hash_lock =
+ PTHREAD_RWLOCK_INITIALIZER;
+static pthread_mutex_t _ecore_thread_global_hash_mutex =
+ PTHREAD_MUTEX_INITIALIZER;
+static pthread_cond_t _ecore_thread_global_hash_cond =
+ PTHREAD_COND_INITIALIZER;
static pthread_t main_loop_thread;
static Eina_Bool have_main_loop_thread = 0;
-static void
-_ecore_thread_data_free(void *data)
+static void _ecore_thread_data_free(void *data)
{
- Ecore_Thread_Data *d = data;
+ Ecore_Thread_Data *d = data;
- if (d->cb) d->cb(d->data);
- free(d);
+ if (d->cb)
+ d->cb(d->data);
+ free(d);
}
-static void
-_ecore_thread_pipe_free(void *data __UNUSED__, void *event)
+static void _ecore_thread_pipe_free(void *data __UNUSED__, void *event)
{
- Ecore_Pipe *p = event;
+ Ecore_Pipe *p = event;
- ecore_pipe_del(p);
+ ecore_pipe_del(p);
}
static Eina_Bool
-_ecore_thread_pipe_del(void *data __UNUSED__, int type __UNUSED__, void *event __UNUSED__)
+_ecore_thread_pipe_del(void *data __UNUSED__, int type __UNUSED__,
+ void *event __UNUSED__)
{
- /* This is a hack to delay pipe destruction until we are out of its internal loop. */
- return ECORE_CALLBACK_CANCEL;
+ /* This is a hack to delay pipe destruction until we are out of its internal loop. */
+ return ECORE_CALLBACK_CANCEL;
}
-static void
-_ecore_thread_end(Ecore_Pthread_Data *pth)
+static void _ecore_thread_end(Ecore_Pthread_Data * pth)
{
- Ecore_Pipe *p;
+ Ecore_Pipe *p;
- if (pthread_join(pth->thread, (void **) &p) != 0)
- return ;
+ if (pthread_join(pth->thread, (void **) &p) != 0)
+ return;
- _ecore_active_job_threads = eina_list_remove(_ecore_active_job_threads, pth);
+ _ecore_active_job_threads =
+ eina_list_remove(_ecore_active_job_threads, pth);
- ecore_event_add(ECORE_THREAD_PIPE_DEL, pth->p, _ecore_thread_pipe_free, NULL);
- free(pth);
+ ecore_event_add(ECORE_THREAD_PIPE_DEL, pth->p,
+ _ecore_thread_pipe_free, NULL);
+ free(pth);
}
static void
-_ecore_thread_handler(void *data __UNUSED__, void *buffer, unsigned int nbyte)
+_ecore_thread_handler(void *data __UNUSED__, void *buffer,
+ unsigned int nbyte)
{
- Ecore_Pthread_Worker *work;
-
- if (nbyte != sizeof (Ecore_Pthread_Worker *)) return ;
-
- work = *(Ecore_Pthread_Worker **)buffer;
-
- if (work->cancel)
- {
- if (work->func_cancel)
- work->func_cancel((void *) work->data);
- }
- else
- {
- if (work->func_end)
- work->func_end((void *) work->data);
- }
-
- if (work->feedback_run)
- ecore_pipe_del(work->u.feedback_run.notify);
- pthread_cond_destroy(&work->cond);
- pthread_mutex_destroy(&work->mutex);
- if (work->hash)
- eina_hash_free(work->hash);
- free(work);
+ Ecore_Pthread_Worker *work;
+
+ if (nbyte != sizeof(Ecore_Pthread_Worker *))
+ return;
+
+ work = *(Ecore_Pthread_Worker **) buffer;
+
+ if (work->cancel) {
+ if (work->func_cancel)
+ work->func_cancel((void *) work->data);
+ } else {
+ if (work->func_end)
+ work->func_end((void *) work->data);
+ }
+
+ if (work->feedback_run)
+ ecore_pipe_del(work->u.feedback_run.notify);
+ pthread_cond_destroy(&work->cond);
+ pthread_mutex_destroy(&work->mutex);
+ if (work->hash)
+ eina_hash_free(work->hash);
+ free(work);
}
static void
_ecore_notify_handler(void *data, void *buffer, unsigned int nbyte)
{
- Ecore_Pthread_Worker *work = data;
- void *user_data;
+ Ecore_Pthread_Worker *work = data;
+ void *user_data;
- if (nbyte != sizeof (Ecore_Pthread_Worker *)) return ;
+ if (nbyte != sizeof(Ecore_Pthread_Worker *))
+ return;
- user_data = *(void **)buffer;
+ user_data = *(void **) buffer;
- if (work->u.feedback_run.func_notify)
- work->u.feedback_run.func_notify((Ecore_Thread *) work, user_data, (void *) work->data);
+ if (work->u.feedback_run.func_notify)
+ work->u.feedback_run.func_notify((Ecore_Thread *) work,
+ user_data,
+ (void *) work->data);
}
-static void
-_ecore_short_job(Ecore_Pipe *end_pipe)
+static void _ecore_short_job(Ecore_Pipe * end_pipe)
{
- Ecore_Pthread_Worker *work;
+ Ecore_Pthread_Worker *work;
- while (_ecore_pending_job_threads)
- {
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ while (_ecore_pending_job_threads) {
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- if (!_ecore_pending_job_threads)
- {
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- break;
- }
+ if (!_ecore_pending_job_threads) {
+ pthread_mutex_unlock
+ (&_ecore_pending_job_threads_mutex);
+ break;
+ }
- work = eina_list_data_get(_ecore_pending_job_threads);
- _ecore_pending_job_threads = eina_list_remove_list(_ecore_pending_job_threads, _ecore_pending_job_threads);
+ work = eina_list_data_get(_ecore_pending_job_threads);
+ _ecore_pending_job_threads =
+ eina_list_remove_list(_ecore_pending_job_threads,
+ _ecore_pending_job_threads);
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- if (!work->cancel)
- work->u.short_run.func_blocking((void *) work->data);
+ if (!work->cancel)
+ work->u.short_run.func_blocking((void *) work->
+ data);
- ecore_pipe_write(end_pipe, &work, sizeof (Ecore_Pthread_Worker *));
- }
+ ecore_pipe_write(end_pipe, &work,
+ sizeof(Ecore_Pthread_Worker *));
+ }
}
-static void
-_ecore_feedback_job(Ecore_Pipe *end_pipe, pthread_t thread)
+static void _ecore_feedback_job(Ecore_Pipe * end_pipe, pthread_t thread)
{
- Ecore_Pthread_Worker *work;
-
- while (_ecore_pending_job_threads_feedback)
- {
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
-
- if (!_ecore_pending_job_threads_feedback)
- {
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- break;
- }
-
- work = eina_list_data_get(_ecore_pending_job_threads_feedback);
- _ecore_pending_job_threads_feedback = eina_list_remove_list(_ecore_pending_job_threads_feedback, _ecore_pending_job_threads_feedback);
-
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
-
- work->self = thread;
- if (!work->cancel)
- work->u.feedback_run.func_heavy((Ecore_Thread *) work, (void *) work->data);
-
- ecore_pipe_write(end_pipe, &work, sizeof (Ecore_Pthread_Worker *));
- }
+ Ecore_Pthread_Worker *work;
+
+ while (_ecore_pending_job_threads_feedback) {
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+
+ if (!_ecore_pending_job_threads_feedback) {
+ pthread_mutex_unlock
+ (&_ecore_pending_job_threads_mutex);
+ break;
+ }
+
+ work =
+ eina_list_data_get
+ (_ecore_pending_job_threads_feedback);
+ _ecore_pending_job_threads_feedback =
+ eina_list_remove_list
+ (_ecore_pending_job_threads_feedback,
+ _ecore_pending_job_threads_feedback);
+
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+
+ work->self = thread;
+ if (!work->cancel)
+ work->u.feedback_run.
+ func_heavy((Ecore_Thread *) work,
+ (void *) work->data);
+
+ ecore_pipe_write(end_pipe, &work,
+ sizeof(Ecore_Pthread_Worker *));
+ }
}
-static void *
-_ecore_direct_worker(Ecore_Pthread_Worker *work)
+static void *_ecore_direct_worker(Ecore_Pthread_Worker * work)
{
- Ecore_Pthread_Data *pth;
-
- pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
- pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
- eina_sched_prio_drop();
-
- pth = malloc(sizeof (Ecore_Pthread_Data));
- if (!pth) return NULL;
-
- pth->p = ecore_pipe_add(_ecore_thread_handler, NULL);
- if (!pth->p)
- {
- free(pth);
- return NULL;
- }
- pth->thread = pthread_self();
-
- work->self = pth->thread;
- work->u.feedback_run.func_heavy((Ecore_Thread *) work, (void *) work->data);
-
- ecore_pipe_write(pth->p, &work, sizeof (Ecore_Pthread_Worker *));
-
- work = malloc(sizeof (Ecore_Pthread_Worker));
- if (!work)
- {
- ecore_pipe_del(pth->p);
- free(pth);
- return NULL;
- }
-
- work->data = pth;
- work->u.short_run.func_blocking = NULL;
- work->func_end = (void *) _ecore_thread_end;
- work->func_cancel = NULL;
- work->cancel = EINA_FALSE;
- work->feedback_run = EINA_FALSE;
- work->hash = NULL;
- pthread_cond_init(&work->cond, NULL);
- pthread_mutex_init(&work->mutex, NULL);
-
- ecore_pipe_write(pth->p, &work, sizeof (Ecore_Pthread_Worker *));
-
- return pth->p;
+ Ecore_Pthread_Data *pth;
+
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
+ pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+ eina_sched_prio_drop();
+
+ pth = malloc(sizeof(Ecore_Pthread_Data));
+ if (!pth)
+ return NULL;
+
+ pth->p = ecore_pipe_add(_ecore_thread_handler, NULL);
+ if (!pth->p) {
+ free(pth);
+ return NULL;
+ }
+ pth->thread = pthread_self();
+
+ work->self = pth->thread;
+ work->u.feedback_run.func_heavy((Ecore_Thread *) work,
+ (void *) work->data);
+
+ ecore_pipe_write(pth->p, &work, sizeof(Ecore_Pthread_Worker *));
+
+ work = malloc(sizeof(Ecore_Pthread_Worker));
+ if (!work) {
+ ecore_pipe_del(pth->p);
+ free(pth);
+ return NULL;
+ }
+
+ work->data = pth;
+ work->u.short_run.func_blocking = NULL;
+ work->func_end = (void *) _ecore_thread_end;
+ work->func_cancel = NULL;
+ work->cancel = EINA_FALSE;
+ work->feedback_run = EINA_FALSE;
+ work->hash = NULL;
+ pthread_cond_init(&work->cond, NULL);
+ pthread_mutex_init(&work->mutex, NULL);
+
+ ecore_pipe_write(pth->p, &work, sizeof(Ecore_Pthread_Worker *));
+
+ return pth->p;
}
-static void *
-_ecore_thread_worker(Ecore_Pthread_Data *pth)
+static void *_ecore_thread_worker(Ecore_Pthread_Data * pth)
{
- Ecore_Pthread_Worker *work;
-
- pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
- pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
- eina_sched_prio_drop();
-
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- _ecore_thread_count++;
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
-
- on_error:
- if (_ecore_pending_job_threads) _ecore_short_job(pth->p);
- if (_ecore_pending_job_threads_feedback) _ecore_feedback_job(pth->p, pth->thread);
-
- /* FIXME: Check if there is feedback running task todo, and switch to feedback run handler. */
-
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- if (_ecore_pending_job_threads)
- {
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- goto on_error;
- }
- if (_ecore_pending_job_threads_feedback)
- {
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- goto on_error;
- }
-
- _ecore_thread_count--;
-
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
-
- work = malloc(sizeof (Ecore_Pthread_Worker));
- if (!work) return NULL;
-
- work->data = pth;
- work->u.short_run.func_blocking = NULL;
- work->func_end = (void *) _ecore_thread_end;
- work->func_cancel = NULL;
- work->cancel = EINA_FALSE;
- work->feedback_run = EINA_FALSE;
- work->hash = NULL;
- pthread_cond_init(&work->cond, NULL);
- pthread_mutex_init(&work->mutex, NULL);
-
- ecore_pipe_write(pth->p, &work, sizeof (Ecore_Pthread_Worker *));
-
- return pth->p;
+ Ecore_Pthread_Worker *work;
+
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
+ pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+ eina_sched_prio_drop();
+
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ _ecore_thread_count++;
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+
+ on_error:
+ if (_ecore_pending_job_threads)
+ _ecore_short_job(pth->p);
+ if (_ecore_pending_job_threads_feedback)
+ _ecore_feedback_job(pth->p, pth->thread);
+
+ /* FIXME: Check if there is feedback running task todo, and switch to feedback run handler. */
+
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ if (_ecore_pending_job_threads) {
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ goto on_error;
+ }
+ if (_ecore_pending_job_threads_feedback) {
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ goto on_error;
+ }
+
+ _ecore_thread_count--;
+
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+
+ work = malloc(sizeof(Ecore_Pthread_Worker));
+ if (!work)
+ return NULL;
+
+ work->data = pth;
+ work->u.short_run.func_blocking = NULL;
+ work->func_end = (void *) _ecore_thread_end;
+ work->func_cancel = NULL;
+ work->cancel = EINA_FALSE;
+ work->feedback_run = EINA_FALSE;
+ work->hash = NULL;
+ pthread_cond_init(&work->cond, NULL);
+ pthread_mutex_init(&work->mutex, NULL);
+
+ ecore_pipe_write(pth->p, &work, sizeof(Ecore_Pthread_Worker *));
+
+ return pth->p;
}
#endif
-void
-_ecore_thread_init(void)
+void _ecore_thread_init(void)
{
- _ecore_thread_count_max = eina_cpu_count();
- if (_ecore_thread_count_max <= 0)
- _ecore_thread_count_max = 1;
+ _ecore_thread_count_max = eina_cpu_count();
+ if (_ecore_thread_count_max <= 0)
+ _ecore_thread_count_max = 1;
- ECORE_THREAD_PIPE_DEL = ecore_event_type_new();
+ ECORE_THREAD_PIPE_DEL = ecore_event_type_new();
#ifdef EFL_HAVE_PTHREAD
- del_handler = ecore_event_handler_add(ECORE_THREAD_PIPE_DEL, _ecore_thread_pipe_del, NULL);
- main_loop_thread = pthread_self();
- have_main_loop_thread = 1;
+ del_handler =
+ ecore_event_handler_add(ECORE_THREAD_PIPE_DEL,
+ _ecore_thread_pipe_del, NULL);
+ main_loop_thread = pthread_self();
+ have_main_loop_thread = 1;
#endif
}
-void
-_ecore_thread_shutdown(void)
+void _ecore_thread_shutdown(void)
{
- /* FIXME: If function are still running in the background, should we kill them ? */
+ /* FIXME: If function are still running in the background, should we kill them ? */
#ifdef EFL_HAVE_PTHREAD
- Ecore_Pthread_Worker *work;
- Ecore_Pthread_Data *pth;
-
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
-
- EINA_LIST_FREE(_ecore_pending_job_threads, work)
- {
- if (work->func_cancel)
- work->func_cancel((void *)work->data);
- free(work);
- }
-
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
-
- EINA_LIST_FREE(_ecore_active_job_threads, pth)
- {
- Ecore_Pipe *p;
-
- pthread_cancel(pth->thread);
- pthread_join(pth->thread, (void **) &p);
-
- ecore_pipe_del(pth->p);
- }
- if (_ecore_thread_global_hash)
- eina_hash_free(_ecore_thread_global_hash);
- ecore_event_handler_del(del_handler);
- have_main_loop_thread = 0;
- del_handler = NULL;
+ Ecore_Pthread_Worker *work;
+ Ecore_Pthread_Data *pth;
+
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+
+ EINA_LIST_FREE(_ecore_pending_job_threads, work) {
+ if (work->func_cancel)
+ work->func_cancel((void *) work->data);
+ free(work);
+ }
+
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+
+ EINA_LIST_FREE(_ecore_active_job_threads, pth) {
+ Ecore_Pipe *p;
+
+ pthread_cancel(pth->thread);
+ pthread_join(pth->thread, (void **) &p);
+
+ ecore_pipe_del(pth->p);
+ }
+ if (_ecore_thread_global_hash)
+ eina_hash_free(_ecore_thread_global_hash);
+ ecore_event_handler_del(del_handler);
+ have_main_loop_thread = 0;
+ del_handler = NULL;
#endif
}
+
/**
* @addtogroup Ecore_Thread Ecore Thread Functions
* These functions allow for ecore-managed threads which integrate with ecore's main loop.
@@ -406,80 +416,80 @@ _ecore_thread_shutdown(void)
* after many call to ecore_thread_run, as we start as much thread as the
* host CPU can handle.
*/
-EAPI Ecore_Thread *
-ecore_thread_run(Ecore_Cb func_blocking,
- Ecore_Cb func_end,
- Ecore_Cb func_cancel,
- const void *data)
+EAPI Ecore_Thread *ecore_thread_run(Ecore_Cb func_blocking,
+ Ecore_Cb func_end,
+ Ecore_Cb func_cancel, const void *data)
{
#ifdef EFL_HAVE_PTHREAD
- Ecore_Pthread_Worker *work;
- Ecore_Pthread_Data *pth = NULL;
-
- if (!func_blocking) return NULL;
-
- work = malloc(sizeof (Ecore_Pthread_Worker));
- if (!work)
- {
- func_cancel((void *) data);
- return NULL;
- }
-
- work->u.short_run.func_blocking = func_blocking;
- work->hash = NULL;
- pthread_cond_init(&work->cond, NULL);
- pthread_mutex_init(&work->mutex, NULL);
- work->func_end = func_end;
- work->func_cancel = func_cancel;
- work->cancel = EINA_FALSE;
- work->feedback_run = EINA_FALSE;
- work->data = data;
-
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- _ecore_pending_job_threads = eina_list_append(_ecore_pending_job_threads, work);
-
- if (_ecore_thread_count == _ecore_thread_count_max)
- {
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- return (Ecore_Thread *) work;
- }
-
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
-
- /* One more thread could be created. */
- pth = malloc(sizeof (Ecore_Pthread_Data));
- if (!pth) goto on_error;
-
- pth->p = ecore_pipe_add(_ecore_thread_handler, NULL);
- if (!pth->p) goto on_error;
-
- if (pthread_create(&pth->thread, NULL, (void *) _ecore_thread_worker, pth) == 0)
- return (Ecore_Thread *) work;
-
- on_error:
- if (pth)
- {
- if (pth->p) ecore_pipe_del(pth->p);
- free(pth);
- }
-
- if (_ecore_thread_count == 0)
- {
- if (work->func_cancel)
- work->func_cancel((void *) work->data);
- free(work);
- work = NULL;
- }
- return (Ecore_Thread *) work;
+ Ecore_Pthread_Worker *work;
+ Ecore_Pthread_Data *pth = NULL;
+
+ if (!func_blocking)
+ return NULL;
+
+ work = malloc(sizeof(Ecore_Pthread_Worker));
+ if (!work) {
+ func_cancel((void *) data);
+ return NULL;
+ }
+
+ work->u.short_run.func_blocking = func_blocking;
+ work->hash = NULL;
+ pthread_cond_init(&work->cond, NULL);
+ pthread_mutex_init(&work->mutex, NULL);
+ work->func_end = func_end;
+ work->func_cancel = func_cancel;
+ work->cancel = EINA_FALSE;
+ work->feedback_run = EINA_FALSE;
+ work->data = data;
+
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ _ecore_pending_job_threads =
+ eina_list_append(_ecore_pending_job_threads, work);
+
+ if (_ecore_thread_count == _ecore_thread_count_max) {
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ return (Ecore_Thread *) work;
+ }
+
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+
+ /* One more thread could be created. */
+ pth = malloc(sizeof(Ecore_Pthread_Data));
+ if (!pth)
+ goto on_error;
+
+ pth->p = ecore_pipe_add(_ecore_thread_handler, NULL);
+ if (!pth->p)
+ goto on_error;
+
+ if (pthread_create
+ (&pth->thread, NULL, (void *) _ecore_thread_worker, pth) == 0)
+ return (Ecore_Thread *) work;
+
+ on_error:
+ if (pth) {
+ if (pth->p)
+ ecore_pipe_del(pth->p);
+ free(pth);
+ }
+
+ if (_ecore_thread_count == 0) {
+ if (work->func_cancel)
+ work->func_cancel((void *) work->data);
+ free(work);
+ work = NULL;
+ }
+ return (Ecore_Thread *) work;
#else
- /*
- If no thread and as we don't want to break app that rely on this
- facility, we will lock the interface until we are done.
- */
- func_blocking((void *)data);
- func_end((void *)data);
-
- return NULL;
+ /*
+ If no thread and as we don't want to break app that rely on this
+ facility, we will lock the interface until we are done.
+ */
+ func_blocking((void *) data);
+ func_end((void *) data);
+
+ return NULL;
#endif
}
@@ -498,45 +508,45 @@ ecore_thread_run(Ecore_Cb func_blocking,
* func_end, func_cancel will destroy the handler, so don't use it after.
* And if ecore_thread_cancel return EINA_TRUE, you should not use Ecore_Thread also.
*/
-EAPI Eina_Bool
-ecore_thread_cancel(Ecore_Thread *thread)
+EAPI Eina_Bool ecore_thread_cancel(Ecore_Thread * thread)
{
#ifdef EFL_HAVE_PTHREAD
- Ecore_Pthread_Worker *work = (Ecore_Pthread_Worker *)thread;
- Eina_List *l;
-
- if (!work)
- return EINA_TRUE;
-
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
-
- if ((have_main_loop_thread) &&
- (pthread_equal(main_loop_thread, pthread_self())))
- {
- EINA_LIST_FOREACH(_ecore_pending_job_threads, l, work)
- {
- if ((void *) work == (void *) thread)
- {
- _ecore_pending_job_threads = eina_list_remove_list(_ecore_pending_job_threads, l);
-
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
-
- if (work->func_cancel)
- work->func_cancel((void *) work->data);
- free(work);
-
- return EINA_TRUE;
- }
- }
- }
-
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
-
- /* Delay the destruction */
- ((Ecore_Pthread_Worker *)thread)->cancel = EINA_TRUE;
- return EINA_FALSE;
+ Ecore_Pthread_Worker *work = (Ecore_Pthread_Worker *) thread;
+ Eina_List *l;
+
+ if (!work)
+ return EINA_TRUE;
+
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+
+ if ((have_main_loop_thread) &&
+ (pthread_equal(main_loop_thread, pthread_self()))) {
+ EINA_LIST_FOREACH(_ecore_pending_job_threads, l, work) {
+ if ((void *) work == (void *) thread) {
+ _ecore_pending_job_threads =
+ eina_list_remove_list
+ (_ecore_pending_job_threads, l);
+
+ pthread_mutex_unlock
+ (&_ecore_pending_job_threads_mutex);
+
+ if (work->func_cancel)
+ work->func_cancel((void *) work->
+ data);
+ free(work);
+
+ return EINA_TRUE;
+ }
+ }
+ }
+
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+
+ /* Delay the destruction */
+ ((Ecore_Pthread_Worker *) thread)->cancel = EINA_TRUE;
+ return EINA_FALSE;
#else
- return EINA_TRUE;
+ return EINA_TRUE;
#endif
}
@@ -548,13 +558,13 @@ ecore_thread_cancel(Ecore_Thread *thread)
*
* You can use this function in main loop and in the thread.
*/
-EAPI Eina_Bool
-ecore_thread_check(Ecore_Thread *thread)
+EAPI Eina_Bool ecore_thread_check(Ecore_Thread * thread)
{
- Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
+ Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
- if (!worker) return EINA_TRUE;
- return worker->cancel;
+ if (!worker)
+ return EINA_TRUE;
+ return worker->cancel;
}
/**
@@ -585,109 +595,118 @@ ecore_thread_check(Ecore_Thread *thread)
* the CPU down, so be careful with that. Of course if it can't start a new thread, it will
* try to use one from the pool.
*/
-EAPI Ecore_Thread *ecore_thread_feedback_run(Ecore_Thread_Heavy_Cb func_heavy,
- Ecore_Thread_Notify_Cb func_notify,
- Ecore_Cb func_end,
- Ecore_Cb func_cancel,
- const void *data,
- Eina_Bool try_no_queue)
+EAPI Ecore_Thread *ecore_thread_feedback_run(Ecore_Thread_Heavy_Cb
+ func_heavy,
+ Ecore_Thread_Notify_Cb
+ func_notify,
+ Ecore_Cb func_end,
+ Ecore_Cb func_cancel,
+ const void *data,
+ Eina_Bool try_no_queue)
{
#ifdef EFL_HAVE_PTHREAD
- Ecore_Pthread_Worker *worker;
- Ecore_Pthread_Data *pth = NULL;
-
- if (!func_heavy) return NULL;
-
- worker = malloc(sizeof (Ecore_Pthread_Worker));
- if (!worker) goto on_error;
-
- worker->u.feedback_run.func_heavy = func_heavy;
- worker->u.feedback_run.func_notify = func_notify;
- worker->hash = NULL;
- pthread_cond_init(&worker->cond, NULL);
- pthread_mutex_init(&worker->mutex, NULL);
- worker->func_cancel = func_cancel;
- worker->func_end = func_end;
- worker->data = data;
- worker->cancel = EINA_FALSE;
- worker->feedback_run = EINA_TRUE;
-
- worker->u.feedback_run.notify = ecore_pipe_add(_ecore_notify_handler, worker);
-
- if (!try_no_queue)
- {
- pthread_t t;
-
- if (pthread_create(&t, NULL, (void *) _ecore_direct_worker, worker) == 0)
- return (Ecore_Thread *) worker;
- }
-
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- _ecore_pending_job_threads_feedback = eina_list_append(_ecore_pending_job_threads_feedback, worker);
-
- if (_ecore_thread_count == _ecore_thread_count_max)
- {
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- return (Ecore_Thread *) worker;
- }
-
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
-
- /* One more thread could be created. */
- pth = malloc(sizeof (Ecore_Pthread_Data));
- if (!pth) goto on_error;
-
- pth->p = ecore_pipe_add(_ecore_thread_handler, NULL);
- if (!pth->p) goto on_error;
-
- if (pthread_create(&pth->thread, NULL, (void *) _ecore_thread_worker, pth) == 0)
- return (Ecore_Thread *) worker;
-
- on_error:
- if (pth)
- {
- if (pth->p) ecore_pipe_del(pth->p);
- free(pth);
- }
-
- if (_ecore_thread_count == 0)
- {
- if (func_cancel) func_cancel((void *) data);
-
- if (worker)
- {
- ecore_pipe_del(worker->u.feedback_run.notify);
- free(worker);
- worker = NULL;
- }
- }
-
- return (Ecore_Thread *) worker;
+ Ecore_Pthread_Worker *worker;
+ Ecore_Pthread_Data *pth = NULL;
+
+ if (!func_heavy)
+ return NULL;
+
+ worker = malloc(sizeof(Ecore_Pthread_Worker));
+ if (!worker)
+ goto on_error;
+
+ worker->u.feedback_run.func_heavy = func_heavy;
+ worker->u.feedback_run.func_notify = func_notify;
+ worker->hash = NULL;
+ pthread_cond_init(&worker->cond, NULL);
+ pthread_mutex_init(&worker->mutex, NULL);
+ worker->func_cancel = func_cancel;
+ worker->func_end = func_end;
+ worker->data = data;
+ worker->cancel = EINA_FALSE;
+ worker->feedback_run = EINA_TRUE;
+
+ worker->u.feedback_run.notify =
+ ecore_pipe_add(_ecore_notify_handler, worker);
+
+ if (!try_no_queue) {
+ pthread_t t;
+
+ if (pthread_create
+ (&t, NULL, (void *) _ecore_direct_worker, worker) == 0)
+ return (Ecore_Thread *) worker;
+ }
+
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ _ecore_pending_job_threads_feedback =
+ eina_list_append(_ecore_pending_job_threads_feedback, worker);
+
+ if (_ecore_thread_count == _ecore_thread_count_max) {
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ return (Ecore_Thread *) worker;
+ }
+
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+
+ /* One more thread could be created. */
+ pth = malloc(sizeof(Ecore_Pthread_Data));
+ if (!pth)
+ goto on_error;
+
+ pth->p = ecore_pipe_add(_ecore_thread_handler, NULL);
+ if (!pth->p)
+ goto on_error;
+
+ if (pthread_create
+ (&pth->thread, NULL, (void *) _ecore_thread_worker, pth) == 0)
+ return (Ecore_Thread *) worker;
+
+ on_error:
+ if (pth) {
+ if (pth->p)
+ ecore_pipe_del(pth->p);
+ free(pth);
+ }
+
+ if (_ecore_thread_count == 0) {
+ if (func_cancel)
+ func_cancel((void *) data);
+
+ if (worker) {
+ ecore_pipe_del(worker->u.feedback_run.notify);
+ free(worker);
+ worker = NULL;
+ }
+ }
+
+ return (Ecore_Thread *) worker;
#else
- Ecore_Pthread_Worker worker;
-
- (void) try_no_queue;
-
- /*
- If no thread and as we don't want to break app that rely on this
- facility, we will lock the interface until we are done.
- */
- worker.u.feedback_run.func_heavy = func_heavy;
- worker.u.feedback_run.func_notify = func_notify;
- worker.u.feedback_run.notify = NULL;
- worker.func_cancel = func_cancel;
- worker.func_end = func_end;
- worker.data = data;
- worker.cancel = EINA_FALSE;
- worker.feedback_run = EINA_TRUE;
-
- func_heavy((Ecore_Thread *) &worker, (void *)data);
-
- if (worker.cancel) func_cancel((void *)data);
- else func_end((void *)data);
-
- return NULL;
+ Ecore_Pthread_Worker worker;
+
+ (void) try_no_queue;
+
+ /*
+ If no thread and as we don't want to break app that rely on this
+ facility, we will lock the interface until we are done.
+ */
+ worker.u.feedback_run.func_heavy = func_heavy;
+ worker.u.feedback_run.func_notify = func_notify;
+ worker.u.feedback_run.notify = NULL;
+ worker.func_cancel = func_cancel;
+ worker.func_end = func_end;
+ worker.data = data;
+ worker.cancel = EINA_FALSE;
+ worker.feedback_run = EINA_TRUE;
+
+ func_heavy((Ecore_Thread *) & worker, (void *) data);
+
+ if (worker.cancel)
+ func_cancel((void *) data);
+ else
+ func_end((void *) data);
+
+ return NULL;
#endif
}
@@ -704,23 +723,28 @@ EAPI Ecore_Thread *ecore_thread_feedback_run(Ecore_Thread_Heavy_Cb func_heavy,
* You should use this function only in the func_heavy call.
*/
EAPI Eina_Bool
-ecore_thread_feedback(Ecore_Thread *thread, const void *data)
+ecore_thread_feedback(Ecore_Thread * thread, const void *data)
{
- Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
+ Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
- if (!worker) return EINA_FALSE;
- if (!worker->feedback_run) return EINA_FALSE;
+ if (!worker)
+ return EINA_FALSE;
+ if (!worker->feedback_run)
+ return EINA_FALSE;
#ifdef EFL_HAVE_PTHREAD
- if (!pthread_equal(worker->self, pthread_self())) return EINA_FALSE;
+ if (!pthread_equal(worker->self, pthread_self()))
+ return EINA_FALSE;
- ecore_pipe_write(worker->u.feedback_run.notify, &data, sizeof (void *));
+ ecore_pipe_write(worker->u.feedback_run.notify, &data,
+ sizeof(void *));
- return EINA_TRUE;
+ return EINA_TRUE;
#else
- worker->u.feedback_run.func_notify(thread, (void*) data, (void*) worker->data);
+ worker->u.feedback_run.func_notify(thread, (void *) data,
+ (void *) worker->data);
- return EINA_TRUE;
+ return EINA_TRUE;
#endif
}
@@ -730,13 +754,12 @@ ecore_thread_feedback(Ecore_Thread *thread, const void *data)
* This returns the number of threads currently running jobs through the
* ecore_thread api.
*/
-EAPI int
-ecore_thread_active_get(void)
+EAPI int ecore_thread_active_get(void)
{
#ifdef EFL_HAVE_PTHREAD
- return _ecore_thread_count;
+ return _ecore_thread_count;
#else
- return 0;
+ return 0;
#endif
}
@@ -746,17 +769,16 @@ ecore_thread_active_get(void)
* This returns the number of threads currently running jobs through the
* ecore_thread_run api call.
*/
-EAPI int
-ecore_thread_pending_get(void)
+EAPI int ecore_thread_pending_get(void)
{
- int ret;
+ int ret;
#ifdef EFL_HAVE_PTHREAD
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- ret = eina_list_count(_ecore_pending_job_threads);
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- return ret;
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ ret = eina_list_count(_ecore_pending_job_threads);
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ return ret;
#else
- return 0;
+ return 0;
#endif
}
@@ -766,17 +788,16 @@ ecore_thread_pending_get(void)
* This returns the number of threads currently running jobs through the
* ecore_thread_feedback_run api call.
*/
-EAPI int
-ecore_thread_pending_feedback_get(void)
+EAPI int ecore_thread_pending_feedback_get(void)
{
- int ret;
+ int ret;
#ifdef EFL_HAVE_PTHREAD
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- ret = eina_list_count(_ecore_pending_job_threads_feedback);
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- return ret;
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ ret = eina_list_count(_ecore_pending_job_threads_feedback);
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ return ret;
#else
- return 0;
+ return 0;
#endif
}
@@ -786,17 +807,18 @@ ecore_thread_pending_feedback_get(void)
* This returns the number of threads currently running jobs through the
* ecore_thread_run and ecore_thread_feedback_run api calls combined.
*/
-EAPI int
-ecore_thread_pending_total_get(void)
+EAPI int ecore_thread_pending_total_get(void)
{
- int ret;
+ int ret;
#ifdef EFL_HAVE_PTHREAD
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- ret = eina_list_count(_ecore_pending_job_threads) + eina_list_count(_ecore_pending_job_threads_feedback);
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- return ret;
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ ret =
+ eina_list_count(_ecore_pending_job_threads) +
+ eina_list_count(_ecore_pending_job_threads_feedback);
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ return ret;
#else
- return 0;
+ return 0;
#endif
}
@@ -806,10 +828,9 @@ ecore_thread_pending_total_get(void)
* This returns the total number of threads that ecore will attempt to run
* simultaneously.
*/
-EAPI int
-ecore_thread_max_get(void)
+EAPI int ecore_thread_max_get(void)
{
- return _ecore_thread_count_max;
+ return _ecore_thread_count_max;
}
/**
@@ -818,14 +839,15 @@ ecore_thread_max_get(void)
* This sets the maximum number of threads that ecore will try to run
* simultaneously. This number cannot be < 1 or >= 2x the number of active cpus.
*/
-EAPI void
-ecore_thread_max_set(int num)
+EAPI void ecore_thread_max_set(int num)
{
- if (num < 1) return;
- /* avoid doing something hilarious by blocking dumb users */
- if (num >= (2 * eina_cpu_count())) return;
+ if (num < 1)
+ return;
+ /* avoid doing something hilarious by blocking dumb users */
+ if (num >= (2 * eina_cpu_count()))
+ return;
- _ecore_thread_count_max = num;
+ _ecore_thread_count_max = num;
}
/**
@@ -833,10 +855,9 @@ ecore_thread_max_set(int num)
* This resets the maximum number of threads that ecore will try to run
* simultaneously to the number of active cpus.
*/
-EAPI void
-ecore_thread_max_reset(void)
+EAPI void ecore_thread_max_reset(void)
{
- _ecore_thread_count_max = eina_cpu_count();
+ _ecore_thread_count_max = eina_cpu_count();
}
/**
@@ -846,17 +867,16 @@ ecore_thread_max_reset(void)
* Assuming that you haven't changed the max number of threads with @ref ecore_thread_max_set
* this should be equal to (num_cpus - (active_running + active_feedback_running))
*/
-EAPI int
-ecore_thread_available_get(void)
+EAPI int ecore_thread_available_get(void)
{
- int ret;
+ int ret;
#ifdef EFL_HAVE_PTHREAD
- pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
- ret = _ecore_thread_count_max - _ecore_thread_count;
- pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
- return ret;
+ pthread_mutex_lock(&_ecore_pending_job_threads_mutex);
+ ret = _ecore_thread_count_max - _ecore_thread_count;
+ pthread_mutex_unlock(&_ecore_pending_job_threads_mutex);
+ return ret;
#else
- return 0;
+ return 0;
#endif
}
@@ -876,37 +896,40 @@ ecore_thread_available_get(void)
* data, but this is most likely not what you want.
*/
EAPI Eina_Bool
-ecore_thread_local_data_add(Ecore_Thread *thread, const char *key, void *value, Eina_Free_Cb cb, Eina_Bool direct)
+ecore_thread_local_data_add(Ecore_Thread * thread, const char *key,
+ void *value, Eina_Free_Cb cb, Eina_Bool direct)
{
- Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
- Ecore_Thread_Data *d;
- Eina_Bool ret;
+ Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
+ Ecore_Thread_Data *d;
+ Eina_Bool ret;
- if ((!thread) || (!key) || (!value))
- return EINA_FALSE;
+ if ((!thread) || (!key) || (!value))
+ return EINA_FALSE;
#ifdef EFL_HAVE_PTHREAD
- if (!pthread_equal(worker->self, pthread_self())) return EINA_FALSE;
+ if (!pthread_equal(worker->self, pthread_self()))
+ return EINA_FALSE;
- if (!worker->hash)
- worker->hash = eina_hash_string_small_new(_ecore_thread_data_free);
+ if (!worker->hash)
+ worker->hash =
+ eina_hash_string_small_new(_ecore_thread_data_free);
- if (!worker->hash)
- return EINA_FALSE;
+ if (!worker->hash)
+ return EINA_FALSE;
- if (!(d = malloc(sizeof(Ecore_Thread_Data))))
- return EINA_FALSE;
+ if (!(d = malloc(sizeof(Ecore_Thread_Data))))
+ return EINA_FALSE;
- d->data = value;
- d->cb = cb;
+ d->data = value;
+ d->cb = cb;
- if (direct)
- ret = eina_hash_direct_add(worker->hash, key, d);
- else
- ret = eina_hash_add(worker->hash, key, d);
- pthread_cond_broadcast(&worker->cond);
- return ret;
+ if (direct)
+ ret = eina_hash_direct_add(worker->hash, key, d);
+ else
+ ret = eina_hash_add(worker->hash, key, d);
+ pthread_cond_broadcast(&worker->cond);
+ return ret;
#else
- return EINA_TRUE;
+ return EINA_TRUE;
#endif
}
@@ -923,36 +946,39 @@ ecore_thread_local_data_add(Ecore_Thread *thread, const char *key, void *value,
* upon thread termination. If no callback is specified, it is expected that the user will free the
* data, but this is most likely not what you want.
*/
-EAPI void *
-ecore_thread_local_data_set(Ecore_Thread *thread, const char *key, void *value, Eina_Free_Cb cb)
+EAPI void *ecore_thread_local_data_set(Ecore_Thread * thread,
+ const char *key, void *value,
+ Eina_Free_Cb cb)
{
- Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
- Ecore_Thread_Data *d, *r;
- void *ret;
- if ((!thread) || (!key) || (!value))
- return NULL;
+ Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
+ Ecore_Thread_Data *d, *r;
+ void *ret;
+ if ((!thread) || (!key) || (!value))
+ return NULL;
#ifdef EFL_HAVE_PTHREAD
- if (!pthread_equal(worker->self, pthread_self())) return NULL;
+ if (!pthread_equal(worker->self, pthread_self()))
+ return NULL;
- if (!worker->hash)
- worker->hash = eina_hash_string_small_new(_ecore_thread_data_free);
+ if (!worker->hash)
+ worker->hash =
+ eina_hash_string_small_new(_ecore_thread_data_free);
- if (!worker->hash)
- return NULL;
+ if (!worker->hash)
+ return NULL;
- if (!(d = malloc(sizeof(Ecore_Thread_Data))))
- return NULL;
+ if (!(d = malloc(sizeof(Ecore_Thread_Data))))
+ return NULL;
- d->data = value;
- d->cb = cb;
+ d->data = value;
+ d->cb = cb;
- r = eina_hash_set(worker->hash, key, d);
- pthread_cond_broadcast(&worker->cond);
- ret = r->data;
- free(r);
- return ret;
+ r = eina_hash_set(worker->hash, key, d);
+ pthread_cond_broadcast(&worker->cond);
+ ret = r->data;
+ free(r);
+ return ret;
#else
- return NULL;
+ return NULL;
#endif
}
@@ -966,24 +992,25 @@ ecore_thread_local_data_set(Ecore_Thread *thread, const char *key, void *value,
* in any case but success.
*/
-EAPI void *
-ecore_thread_local_data_find(Ecore_Thread *thread, const char *key)
+EAPI void *ecore_thread_local_data_find(Ecore_Thread * thread,
+ const char *key)
{
- Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
- Ecore_Thread_Data *d;
+ Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
+ Ecore_Thread_Data *d;
- if ((!thread) || (!key))
- return NULL;
+ if ((!thread) || (!key))
+ return NULL;
#ifdef EFL_HAVE_PTHREAD
- if (!pthread_equal(worker->self, pthread_self())) return NULL;
+ if (!pthread_equal(worker->self, pthread_self()))
+ return NULL;
- if (!worker->hash)
- return NULL;
+ if (!worker->hash)
+ return NULL;
- d = eina_hash_find(worker->hash, key);
- return d->data;
+ d = eina_hash_find(worker->hash, key);
+ return d->data;
#else
- return NULL;
+ return NULL;
#endif
}
@@ -997,22 +1024,23 @@ ecore_thread_local_data_find(Ecore_Thread *thread, const char *key)
* in any case but success. Note that this WILL free the data if a callback was specified.
*/
EAPI Eina_Bool
-ecore_thread_local_data_del(Ecore_Thread *thread, const char *key)
+ecore_thread_local_data_del(Ecore_Thread * thread, const char *key)
{
- Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
- Ecore_Thread_Data *d;
- if ((!thread) || (!key))
- return EINA_FALSE;
+ Ecore_Pthread_Worker *worker = (Ecore_Pthread_Worker *) thread;
+ Ecore_Thread_Data *d;
+ if ((!thread) || (!key))
+ return EINA_FALSE;
#ifdef EFL_HAVE_PTHREAD
- if (!pthread_equal(worker->self, pthread_self())) return EINA_FALSE;
-
- if (!worker->hash)
- return EINA_FALSE;
- if ((d = eina_hash_find(worker->hash, key)))
- _ecore_thread_data_free(d);
- return eina_hash_del_by_key(worker->hash, key);
+ if (!pthread_equal(worker->self, pthread_self()))
+ return EINA_FALSE;
+
+ if (!worker->hash)
+ return EINA_FALSE;
+ if ((d = eina_hash_find(worker->hash, key)))
+ _ecore_thread_data_free(d);
+ return eina_hash_del_by_key(worker->hash, key);
#else
- return EINA_TRUE;
+ return EINA_TRUE;
#endif
}
@@ -1029,37 +1057,41 @@ ecore_thread_local_data_del(Ecore_Thread *thread, const char *key)
* was specified for, you will most likely encounter a segv later on.
*/
EAPI Eina_Bool
-ecore_thread_global_data_add(const char *key, void *value, Eina_Free_Cb cb, Eina_Bool direct)
+ecore_thread_global_data_add(const char *key, void *value, Eina_Free_Cb cb,
+ Eina_Bool direct)
{
- Eina_Bool ret;
- Ecore_Thread_Data *d;
+ Eina_Bool ret;
+ Ecore_Thread_Data *d;
- if ((!key) || (!value))
- return EINA_FALSE;
+ if ((!key) || (!value))
+ return EINA_FALSE;
#ifdef EFL_HAVE_PTHREAD
- pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
- if (!_ecore_thread_global_hash)
- _ecore_thread_global_hash = eina_hash_string_small_new(_ecore_thread_data_free);
- pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
-
- if (!(d = malloc(sizeof(Ecore_Thread_Data))))
- return EINA_FALSE;
-
- d->data = value;
- d->cb = cb;
-
- if (!_ecore_thread_global_hash)
- return EINA_FALSE;
- pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
- if (direct)
- ret = eina_hash_direct_add(_ecore_thread_global_hash, key, d);
- else
- ret = eina_hash_add(_ecore_thread_global_hash, key, d);
- pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
- pthread_cond_broadcast(&_ecore_thread_global_hash_cond);
- return ret;
+ pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
+ if (!_ecore_thread_global_hash)
+ _ecore_thread_global_hash =
+ eina_hash_string_small_new(_ecore_thread_data_free);
+ pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
+
+ if (!(d = malloc(sizeof(Ecore_Thread_Data))))
+ return EINA_FALSE;
+
+ d->data = value;
+ d->cb = cb;
+
+ if (!_ecore_thread_global_hash)
+ return EINA_FALSE;
+ pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
+ if (direct)
+ ret =
+ eina_hash_direct_add(_ecore_thread_global_hash, key,
+ d);
+ else
+ ret = eina_hash_add(_ecore_thread_global_hash, key, d);
+ pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
+ pthread_cond_broadcast(&_ecore_thread_global_hash_cond);
+ return ret;
#else
- return EINA_TRUE;
+ return EINA_TRUE;
#endif
}
@@ -1076,39 +1108,40 @@ ecore_thread_global_data_add(const char *key, void *value, Eina_Free_Cb cb, Eina
* be called upon ecore_thread shutting down. Note that if you have manually freed data that a callback
* was specified for, you will most likely encounter a segv later on.
*/
-EAPI void *
-ecore_thread_global_data_set(const char *key, void *value, Eina_Free_Cb cb)
+EAPI void *ecore_thread_global_data_set(const char *key, void *value,
+ Eina_Free_Cb cb)
{
- Ecore_Thread_Data *d, *r;
- void *ret;
+ Ecore_Thread_Data *d, *r;
+ void *ret;
- if ((!key) || (!value))
- return NULL;
+ if ((!key) || (!value))
+ return NULL;
#ifdef EFL_HAVE_PTHREAD
- pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
- if (!_ecore_thread_global_hash)
- _ecore_thread_global_hash = eina_hash_string_small_new(_ecore_thread_data_free);
- pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
+ pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
+ if (!_ecore_thread_global_hash)
+ _ecore_thread_global_hash =
+ eina_hash_string_small_new(_ecore_thread_data_free);
+ pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
- if (!_ecore_thread_global_hash)
- return NULL;
+ if (!_ecore_thread_global_hash)
+ return NULL;
- if (!(d = malloc(sizeof(Ecore_Thread_Data))))
- return NULL;
+ if (!(d = malloc(sizeof(Ecore_Thread_Data))))
+ return NULL;
- d->data = value;
- d->cb = cb;
+ d->data = value;
+ d->cb = cb;
- pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
- r = eina_hash_set(_ecore_thread_global_hash, key, d);
- pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
- pthread_cond_broadcast(&_ecore_thread_global_hash_cond);
+ pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
+ r = eina_hash_set(_ecore_thread_global_hash, key, d);
+ pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
+ pthread_cond_broadcast(&_ecore_thread_global_hash_cond);
- ret = r->data;
- free(r);
- return ret;
+ ret = r->data;
+ free(r);
+ return ret;
#else
- return NULL;
+ return NULL;
#endif
}
@@ -1125,21 +1158,21 @@ ecore_thread_global_data_set(const char *key, void *value, Eina_Free_Cb cb)
* if you will be doing anything with it.
*/
-EAPI void *
-ecore_thread_global_data_find(const char *key)
+EAPI void *ecore_thread_global_data_find(const char *key)
{
- Ecore_Thread_Data *ret;
- if (!key)
- return NULL;
+ Ecore_Thread_Data *ret;
+ if (!key)
+ return NULL;
#ifdef EFL_HAVE_PTHREAD
- if (!_ecore_thread_global_hash) return NULL;
+ if (!_ecore_thread_global_hash)
+ return NULL;
- pthread_rwlock_rdlock(&_ecore_thread_global_hash_lock);
- ret = eina_hash_find(_ecore_thread_global_hash, key);
- pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
- return ret->data;
+ pthread_rwlock_rdlock(&_ecore_thread_global_hash_lock);
+ ret = eina_hash_find(_ecore_thread_global_hash, key);
+ pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
+ return ret->data;
#else
- return NULL;
+ return NULL;
#endif
}
@@ -1151,26 +1184,25 @@ ecore_thread_global_data_find(const char *key)
* This function will return EINA_FALSE in any case but success.
* Note that this WILL free the data if an @c Eina_Free_Cb was specified when the data was added.
*/
-EAPI Eina_Bool
-ecore_thread_global_data_del(const char *key)
+EAPI Eina_Bool ecore_thread_global_data_del(const char *key)
{
- Eina_Bool ret;
- Ecore_Thread_Data *d;
+ Eina_Bool ret;
+ Ecore_Thread_Data *d;
- if (!key)
- return EINA_FALSE;
+ if (!key)
+ return EINA_FALSE;
#ifdef EFL_HAVE_PTHREAD
- if (!_ecore_thread_global_hash)
- return EINA_FALSE;
-
- pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
- if ((d = eina_hash_find(_ecore_thread_global_hash, key)))
- _ecore_thread_data_free(d);
- ret = eina_hash_del_by_key(_ecore_thread_global_hash, key);
- pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
- return ret;
+ if (!_ecore_thread_global_hash)
+ return EINA_FALSE;
+
+ pthread_rwlock_wrlock(&_ecore_thread_global_hash_lock);
+ if ((d = eina_hash_find(_ecore_thread_global_hash, key)))
+ _ecore_thread_data_free(d);
+ ret = eina_hash_del_by_key(_ecore_thread_global_hash, key);
+ pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
+ return ret;
#else
- return EINA_TRUE;
+ return EINA_TRUE;
#endif
}
@@ -1186,38 +1218,41 @@ ecore_thread_global_data_del(const char *key)
* @note Keep in mind that the data returned can be used by multiple threads at a time, so you will most likely want to mutex
* if you will be doing anything with it.
*/
-EAPI void *
-ecore_thread_global_data_wait(const char *key, double seconds)
+EAPI void *ecore_thread_global_data_wait(const char *key, double seconds)
{
- double time = 0;
- Ecore_Thread_Data *ret = NULL;
- if (!key)
- return NULL;
+ double time = 0;
+ Ecore_Thread_Data *ret = NULL;
+ if (!key)
+ return NULL;
#ifdef EFL_HAVE_PTHREAD
- if (!_ecore_thread_global_hash)
- return NULL;
- if (seconds > 0)
- time = ecore_time_get() + seconds;
-
- while (1)
- {
- struct timespec t = { 0, 0 };
-
- t.tv_sec = (long int)time;
- t.tv_nsec = (long int)((time - (double)t.tv_sec) * 1000000000);
- pthread_rwlock_rdlock(&_ecore_thread_global_hash_lock);
- ret = eina_hash_find(_ecore_thread_global_hash, key);
- pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
- if ((ret) || (!seconds) || ((seconds > 0) && (time <= ecore_time_get())))
- break;
- pthread_mutex_lock(&_ecore_thread_global_hash_mutex);
- pthread_cond_timedwait(&_ecore_thread_global_hash_cond, &_ecore_thread_global_hash_mutex, &t);
- pthread_mutex_unlock(&_ecore_thread_global_hash_mutex);
- }
- if (ret) return ret->data;
- return NULL;
+ if (!_ecore_thread_global_hash)
+ return NULL;
+ if (seconds > 0)
+ time = ecore_time_get() + seconds;
+
+ while (1) {
+ struct timespec t = { 0, 0 };
+
+ t.tv_sec = (long int) time;
+ t.tv_nsec =
+ (long int) ((time - (double) t.tv_sec) * 1000000000);
+ pthread_rwlock_rdlock(&_ecore_thread_global_hash_lock);
+ ret = eina_hash_find(_ecore_thread_global_hash, key);
+ pthread_rwlock_unlock(&_ecore_thread_global_hash_lock);
+ if ((ret) || (!seconds)
+ || ((seconds > 0) && (time <= ecore_time_get())))
+ break;
+ pthread_mutex_lock(&_ecore_thread_global_hash_mutex);
+ pthread_cond_timedwait(&_ecore_thread_global_hash_cond,
+ &_ecore_thread_global_hash_mutex,
+ &t);
+ pthread_mutex_unlock(&_ecore_thread_global_hash_mutex);
+ }
+ if (ret)
+ return ret->data;
+ return NULL;
#else
- return NULL;
+ return NULL;
#endif
}
diff --git a/tests/suite/ecore/src/lib/ecore_time.c b/tests/suite/ecore/src/lib/ecore_time.c
index 1fbb4781f4..837aa8bbb5 100644
--- a/tests/suite/ecore/src/lib/ecore_time.c
+++ b/tests/suite/ecore/src/lib/ecore_time.c
@@ -1,15 +1,15 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
#ifdef HAVE_SYS_TIME_H
-# include <sys/time.h>
+#include <sys/time.h>
#endif
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "Ecore.h"
@@ -38,25 +38,23 @@ double _ecore_time_loop_time = -1.0;
* messages when the application started).
* @ingroup Ecore_Time_Group
*/
-EAPI double
-ecore_time_get(void)
+EAPI double ecore_time_get(void)
{
#ifdef HAVE_CLOCK_GETTIME
- struct timespec t;
+ struct timespec t;
- if (EINA_UNLIKELY(_ecore_time_clock_id < 0))
- return ecore_time_unix_get();
+ if (EINA_UNLIKELY(_ecore_time_clock_id < 0))
+ return ecore_time_unix_get();
- if (EINA_UNLIKELY(clock_gettime(_ecore_time_clock_id, &t)))
- {
- CRIT("Cannot get current time.");
- /* Try to at least return the latest value retrieved*/
- return _ecore_time_loop_time;
- }
+ if (EINA_UNLIKELY(clock_gettime(_ecore_time_clock_id, &t))) {
+ CRIT("Cannot get current time.");
+ /* Try to at least return the latest value retrieved */
+ return _ecore_time_loop_time;
+ }
- return (double)t.tv_sec + (((double)t.tv_nsec) / 1000000000.0);
+ return (double) t.tv_sec + (((double) t.tv_nsec) / 1000000000.0);
#else
- return ecore_time_unix_get();
+ return ecore_time_unix_get();
#endif
}
@@ -69,20 +67,20 @@ ecore_time_get(void)
* @return The number of seconds since 12.00AM 1st January 1970.
* @ingroup Ecore_Time_Group
*/
-EAPI double
-ecore_time_unix_get(void)
+EAPI double ecore_time_unix_get(void)
{
#ifdef HAVE_EVIL
- return evil_time_get();
+ return evil_time_get();
#else
-# ifdef HAVE_GETTIMEOFDAY
- struct timeval timev;
-
- gettimeofday(&timev, NULL);
- return (double)timev.tv_sec + (((double)timev.tv_usec) / 1000000);
-# else
-# error "Your platform isn't supported yet"
-# endif
+#ifdef HAVE_GETTIMEOFDAY
+ struct timeval timev;
+
+ gettimeofday(&timev, NULL);
+ return (double) timev.tv_sec +
+ (((double) timev.tv_usec) / 1000000);
+#else
+#error "Your platform isn't supported yet"
+#endif
#endif
}
@@ -108,10 +106,9 @@ ecore_time_unix_get(void)
* messages when the application started).
* @ingroup Ecore_Time_Group
*/
-EAPI double
-ecore_loop_time_get(void)
+EAPI double ecore_loop_time_get(void)
{
- return _ecore_time_loop_time;
+ return _ecore_time_loop_time;
}
@@ -121,36 +118,31 @@ ecore_loop_time_get(void)
* real-time clock, which is identified by CLOCK_REALTIME. Check if the fallback
* to unix time (without specifying the resolution) might be removed
*/
-void
-_ecore_time_init(void)
+void _ecore_time_init(void)
{
#ifdef HAVE_CLOCK_GETTIME
- struct timespec t;
-
- if (_ecore_time_clock_id != -1) return;
-
- if (!clock_gettime(CLOCK_MONOTONIC, &t))
- {
- _ecore_time_clock_id = CLOCK_MONOTONIC;
- DBG("using CLOCK_MONOTONIC.");
- }
- else if (!clock_gettime(CLOCK_REALTIME, &t))
- {
- /* may go backwards */
- _ecore_time_clock_id = CLOCK_REALTIME;
- WRN("CLOCK_MONOTONIC not available. Fallback to CLOCK_REALTIME.");
- }
- else
- {
- _ecore_time_clock_id = -2;
- CRIT("Cannot get a valid clock_gettime() clock id! "
- "Fallback to unix time.");
- }
+ struct timespec t;
+
+ if (_ecore_time_clock_id != -1)
+ return;
+
+ if (!clock_gettime(CLOCK_MONOTONIC, &t)) {
+ _ecore_time_clock_id = CLOCK_MONOTONIC;
+ DBG("using CLOCK_MONOTONIC.");
+ } else if (!clock_gettime(CLOCK_REALTIME, &t)) {
+ /* may go backwards */
+ _ecore_time_clock_id = CLOCK_REALTIME;
+ WRN("CLOCK_MONOTONIC not available. Fallback to CLOCK_REALTIME.");
+ } else {
+ _ecore_time_clock_id = -2;
+ CRIT("Cannot get a valid clock_gettime() clock id! "
+ "Fallback to unix time.");
+ }
#else
-# warning "Your platform isn't supported yet"
- CRIT("Platform does not support clock_gettime. "
- "Fallback to unix time.");
+#warning "Your platform isn't supported yet"
+ CRIT("Platform does not support clock_gettime. "
+ "Fallback to unix time.");
#endif
- _ecore_time_loop_time = ecore_time_get();
+ _ecore_time_loop_time = ecore_time_get();
}
diff --git a/tests/suite/ecore/src/lib/ecore_timer.c b/tests/suite/ecore/src/lib/ecore_timer.c
index fd6c64e42d..5c4cecb10f 100644
--- a/tests/suite/ecore/src/lib/ecore_timer.c
+++ b/tests/suite/ecore/src/lib/ecore_timer.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include <config.h>
+#include <config.h>
#endif
#include <stdlib.h>
@@ -9,32 +9,32 @@
#include "ecore_private.h"
-struct _Ecore_Timer
-{
- EINA_INLIST;
- ECORE_MAGIC;
- double in;
- double at;
- double pending;
- Ecore_Task_Cb func;
- void *data;
-
- int references;
- unsigned char delete_me : 1;
- unsigned char just_added : 1;
- unsigned char frozen : 1;
+struct _Ecore_Timer {
+ EINA_INLIST;
+ ECORE_MAGIC;
+ double in;
+ double at;
+ double pending;
+ Ecore_Task_Cb func;
+ void *data;
+
+ int references;
+ unsigned char delete_me:1;
+ unsigned char just_added:1;
+ unsigned char frozen:1;
};
-static void _ecore_timer_set(Ecore_Timer *timer, double at, double in, Ecore_Task_Cb func, void *data);
+static void _ecore_timer_set(Ecore_Timer * timer, double at, double in,
+ Ecore_Task_Cb func, void *data);
-static int timers_added = 0;
-static int timers_delete_me = 0;
+static int timers_added = 0;
+static int timers_delete_me = 0;
static Ecore_Timer *timers = NULL;
static Ecore_Timer *timer_current = NULL;
static Ecore_Timer *suspended = NULL;
-static double last_check = 0.0;
-static double precision = 10.0 / 1000000.0;
+static double last_check = 0.0;
+static double precision = 10.0 / 1000000.0;
/**
* @defgroup Ecore_Time_Group Ecore Time Functions
@@ -48,10 +48,9 @@ static double precision = 10.0 / 1000000.0;
*
* @see ecore_timer_precision_set()
*/
-EAPI double
-ecore_timer_precision_get(void)
+EAPI double ecore_timer_precision_get(void)
{
- return precision;
+ return precision;
}
/**
@@ -78,15 +77,13 @@ ecore_timer_precision_get(void)
*
* @param value allowed introduced timeout delay, in seconds.
*/
-EAPI void
-ecore_timer_precision_set(double value)
+EAPI void ecore_timer_precision_set(double value)
{
- if (value < 0.0)
- {
- ERR("Precision %f less than zero, ignored", value);
- return;
- }
- precision = value;
+ if (value < 0.0) {
+ ERR("Precision %f less than zero, ignored", value);
+ return;
+ }
+ precision = value;
}
/**
@@ -108,20 +105,23 @@ ecore_timer_precision_set(double value)
* 0 it will be deleted automatically making any references/handles for it
* invalid.
*/
-EAPI Ecore_Timer *
-ecore_timer_add(double in, Ecore_Task_Cb func, const void *data)
+EAPI Ecore_Timer *ecore_timer_add(double in, Ecore_Task_Cb func,
+ const void *data)
{
- double now;
- Ecore_Timer *timer;
-
- if (!func) return NULL;
- if (in < 0.0) in = 0.0;
- timer = calloc(1, sizeof(Ecore_Timer));
- if (!timer) return NULL;
- ECORE_MAGIC_SET(timer, ECORE_MAGIC_TIMER);
- now = ecore_time_get();
- _ecore_timer_set(timer, now + in, in, func, (void *)data);
- return timer;
+ double now;
+ Ecore_Timer *timer;
+
+ if (!func)
+ return NULL;
+ if (in < 0.0)
+ in = 0.0;
+ timer = calloc(1, sizeof(Ecore_Timer));
+ if (!timer)
+ return NULL;
+ ECORE_MAGIC_SET(timer, ECORE_MAGIC_TIMER);
+ now = ecore_time_get();
+ _ecore_timer_set(timer, now + in, in, func, (void *) data);
+ return timer;
}
/**
@@ -137,20 +137,23 @@ ecore_timer_add(double in, Ecore_Task_Cb func, const void *data)
* ecore_loop_time_get() not ecore_time_get() as ecore_timer_add() uses. See
* ecore_timer_add() for more details.
*/
-EAPI Ecore_Timer *
-ecore_timer_loop_add(double in, Ecore_Task_Cb func, const void *data)
+EAPI Ecore_Timer *ecore_timer_loop_add(double in, Ecore_Task_Cb func,
+ const void *data)
{
- double now;
- Ecore_Timer *timer;
-
- if (!func) return NULL;
- if (in < 0.0) in = 0.0;
- timer = calloc(1, sizeof(Ecore_Timer));
- if (!timer) return NULL;
- ECORE_MAGIC_SET(timer, ECORE_MAGIC_TIMER);
- now = ecore_loop_time_get();
- _ecore_timer_set(timer, now + in, in, func, (void *)data);
- return timer;
+ double now;
+ Ecore_Timer *timer;
+
+ if (!func)
+ return NULL;
+ if (in < 0.0)
+ in = 0.0;
+ timer = calloc(1, sizeof(Ecore_Timer));
+ if (!timer)
+ return NULL;
+ ECORE_MAGIC_SET(timer, ECORE_MAGIC_TIMER);
+ now = ecore_loop_time_get();
+ _ecore_timer_set(timer, now + in, in, func, (void *) data);
+ return timer;
}
/**
@@ -163,33 +166,33 @@ ecore_timer_loop_add(double in, Ecore_Task_Cb func, const void *data)
* Note: @p timer must be a valid handle. If the timer function has already
* returned 0, the handle is no longer valid (and does not need to be delete).
*/
-EAPI void *
-ecore_timer_del(Ecore_Timer *timer)
+EAPI void *ecore_timer_del(Ecore_Timer * timer)
{
- if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER))
- {
- ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
- "ecore_timer_del");
- return NULL;
- }
-
- if (timer->frozen && !timer->references)
- {
- void *data = timer->data;
-
- suspended = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(suspended), EINA_INLIST_GET(timer));
-
- if (timer->delete_me)
- timers_delete_me--;
-
- free(timer);
- return data;
- }
-
- EINA_SAFETY_ON_TRUE_RETURN_VAL(timer->delete_me, NULL);
- timer->delete_me = 1;
- timers_delete_me++;
- return timer->data;
+ if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER)) {
+ ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
+ "ecore_timer_del");
+ return NULL;
+ }
+
+ if (timer->frozen && !timer->references) {
+ void *data = timer->data;
+
+ suspended =
+ (Ecore_Timer *)
+ eina_inlist_remove(EINA_INLIST_GET(suspended),
+ EINA_INLIST_GET(timer));
+
+ if (timer->delete_me)
+ timers_delete_me--;
+
+ free(timer);
+ return data;
+ }
+
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(timer->delete_me, NULL);
+ timer->delete_me = 1;
+ timers_delete_me++;
+ return timer->data;
}
/**
@@ -200,16 +203,14 @@ ecore_timer_del(Ecore_Timer *timer)
* @param in The interval in seconds.
* @ingroup Ecore_Time_Group
*/
-EAPI void
-ecore_timer_interval_set(Ecore_Timer *timer, double in)
+EAPI void ecore_timer_interval_set(Ecore_Timer * timer, double in)
{
- if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER))
- {
- ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
- "ecore_timer_interval_set");
- return;
- }
- timer->in = in;
+ if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER)) {
+ ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
+ "ecore_timer_interval_set");
+ return;
+ }
+ timer->in = in;
}
/**
@@ -219,17 +220,15 @@ ecore_timer_interval_set(Ecore_Timer *timer, double in)
* @return The interval on success. -1 on failure.
* @ingroup Ecore_Time_Group
*/
-EAPI double
-ecore_timer_interval_get(Ecore_Timer *timer)
+EAPI double ecore_timer_interval_get(Ecore_Timer * timer)
{
- if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER))
- {
- ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
- "ecore_timer_interval_get");
- return -1.0;
- }
-
- return timer->in;
+ if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER)) {
+ ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
+ "ecore_timer_interval_get");
+ return -1.0;
+ }
+
+ return timer->in;
}
/**
@@ -240,25 +239,24 @@ ecore_timer_interval_get(Ecore_Timer *timer)
* @param add The dalay to add to the next iteration.
* @ingroup Ecore_Time_Group
*/
-EAPI void
-ecore_timer_delay(Ecore_Timer *timer, double add)
+EAPI void ecore_timer_delay(Ecore_Timer * timer, double add)
{
- if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER))
- {
- ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
- "ecore_timer_delay");
- return;
- }
-
- if (timer->frozen)
- {
- timer->pending += add;
- }
- else
- {
- timers = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(timers), EINA_INLIST_GET(timer));
- _ecore_timer_set(timer, timer->at + add, timer->in, timer->func, timer->data);
- }
+ if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER)) {
+ ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
+ "ecore_timer_delay");
+ return;
+ }
+
+ if (timer->frozen) {
+ timer->pending += add;
+ } else {
+ timers =
+ (Ecore_Timer *)
+ eina_inlist_remove(EINA_INLIST_GET(timers),
+ EINA_INLIST_GET(timer));
+ _ecore_timer_set(timer, timer->at + add, timer->in,
+ timer->func, timer->data);
+ }
}
/**
@@ -267,325 +265,338 @@ ecore_timer_delay(Ecore_Timer *timer, double add)
* @param timer The timer to learn from.
* @ingroup Ecore_Time_Group
*/
-EAPI double
-ecore_timer_pending_get(Ecore_Timer *timer)
+EAPI double ecore_timer_pending_get(Ecore_Timer * timer)
{
- double now;
+ double now;
- if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER))
- {
- ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
- "ecore_timer_pending_get");
- return 0;
- }
+ if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER)) {
+ ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
+ "ecore_timer_pending_get");
+ return 0;
+ }
- now = ecore_time_get();
+ now = ecore_time_get();
- if (timer->frozen)
- return timer->pending;
- return timer->at - now;
+ if (timer->frozen)
+ return timer->pending;
+ return timer->at - now;
}
/**
*
*
*/
-EAPI void
-ecore_timer_freeze(Ecore_Timer *timer)
+EAPI void ecore_timer_freeze(Ecore_Timer * timer)
{
- double now;
-
- if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER))
- {
- ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
- "ecore_timer_freeze");
- return ;
- }
-
- /* Timer already frozen */
- if (timer->frozen)
- return ;
-
- timers = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(timers), EINA_INLIST_GET(timer));
- suspended = (Ecore_Timer *) eina_inlist_prepend(EINA_INLIST_GET(suspended), EINA_INLIST_GET(timer));
-
- now = ecore_time_get();
-
- timer->pending = timer->at - now;
- timer->at = 0.0;
- timer->frozen = 1;
+ double now;
+
+ if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER)) {
+ ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
+ "ecore_timer_freeze");
+ return;
+ }
+
+ /* Timer already frozen */
+ if (timer->frozen)
+ return;
+
+ timers =
+ (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(timers),
+ EINA_INLIST_GET(timer));
+ suspended =
+ (Ecore_Timer *) eina_inlist_prepend(EINA_INLIST_GET(suspended),
+ EINA_INLIST_GET(timer));
+
+ now = ecore_time_get();
+
+ timer->pending = timer->at - now;
+ timer->at = 0.0;
+ timer->frozen = 1;
}
-EAPI void
-ecore_timer_thaw(Ecore_Timer *timer)
+EAPI void ecore_timer_thaw(Ecore_Timer * timer)
{
- double now;
+ double now;
- if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER))
- {
- ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
- "ecore_timer_thaw");
- return ;
- }
+ if (!ECORE_MAGIC_CHECK(timer, ECORE_MAGIC_TIMER)) {
+ ECORE_MAGIC_FAIL(timer, ECORE_MAGIC_TIMER,
+ "ecore_timer_thaw");
+ return;
+ }
- /* Timer not frozen */
- if (!timer->frozen)
- return ;
+ /* Timer not frozen */
+ if (!timer->frozen)
+ return;
- suspended = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(suspended), EINA_INLIST_GET(timer));
- now = ecore_time_get();
+ suspended =
+ (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(suspended),
+ EINA_INLIST_GET(timer));
+ now = ecore_time_get();
- _ecore_timer_set(timer, timer->pending + now, timer->in, timer->func, timer->data);
+ _ecore_timer_set(timer, timer->pending + now, timer->in,
+ timer->func, timer->data);
}
-void
-_ecore_timer_shutdown(void)
+void _ecore_timer_shutdown(void)
{
- Ecore_Timer *timer;
-
- while ((timer = timers))
- {
- timers = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(timers), EINA_INLIST_GET(timers));
- ECORE_MAGIC_SET(timer, ECORE_MAGIC_NONE);
- free(timer);
- }
-
- while ((timer = suspended))
- {
- suspended = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(suspended), EINA_INLIST_GET(suspended));
- ECORE_MAGIC_SET(timer, ECORE_MAGIC_NONE);
- free(timer);
- }
-
- timer_current = NULL;
+ Ecore_Timer *timer;
+
+ while ((timer = timers)) {
+ timers =
+ (Ecore_Timer *)
+ eina_inlist_remove(EINA_INLIST_GET(timers),
+ EINA_INLIST_GET(timers));
+ ECORE_MAGIC_SET(timer, ECORE_MAGIC_NONE);
+ free(timer);
+ }
+
+ while ((timer = suspended)) {
+ suspended =
+ (Ecore_Timer *)
+ eina_inlist_remove(EINA_INLIST_GET(suspended),
+ EINA_INLIST_GET(suspended));
+ ECORE_MAGIC_SET(timer, ECORE_MAGIC_NONE);
+ free(timer);
+ }
+
+ timer_current = NULL;
}
-void
-_ecore_timer_cleanup(void)
+void _ecore_timer_cleanup(void)
{
- Ecore_Timer *l;
- int in_use = 0, todo = timers_delete_me, done = 0;
-
- if (!timers_delete_me) return;
- for (l = timers; l;)
- {
- Ecore_Timer *timer = l;
-
- l = (Ecore_Timer *) EINA_INLIST_GET(l)->next;
- if (timer->delete_me)
- {
- if (timer->references)
- {
- in_use++;
- continue;
- }
- timers = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(timers), EINA_INLIST_GET(timer));
- ECORE_MAGIC_SET(timer, ECORE_MAGIC_NONE);
- free(timer);
- timers_delete_me--;
- done++;
- if (timers_delete_me == 0) return;
- }
- }
- for (l = suspended; l;)
- {
- Ecore_Timer *timer = l;
-
- l = (Ecore_Timer *) EINA_INLIST_GET(l)->next;
- if (timer->delete_me)
- {
- if (timer->references)
- {
- in_use++;
- continue;
- }
- suspended = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(suspended), EINA_INLIST_GET(timer));
- ECORE_MAGIC_SET(timer, ECORE_MAGIC_NONE);
- free(timer);
- timers_delete_me--;
- done++;
- if (timers_delete_me == 0) return;
- }
- }
-
- if ((!in_use) && (timers_delete_me))
- {
- ERR("%d timers to delete, but they were not found!"
- "Stats: todo=%d, done=%d, pending=%d, in_use=%d. "
- "reset counter.",
- timers_delete_me, todo, done, todo - done, in_use);
- timers_delete_me = 0;
- }
+ Ecore_Timer *l;
+ int in_use = 0, todo = timers_delete_me, done = 0;
+
+ if (!timers_delete_me)
+ return;
+ for (l = timers; l;) {
+ Ecore_Timer *timer = l;
+
+ l = (Ecore_Timer *) EINA_INLIST_GET(l)->next;
+ if (timer->delete_me) {
+ if (timer->references) {
+ in_use++;
+ continue;
+ }
+ timers =
+ (Ecore_Timer *)
+ eina_inlist_remove(EINA_INLIST_GET(timers),
+ EINA_INLIST_GET(timer));
+ ECORE_MAGIC_SET(timer, ECORE_MAGIC_NONE);
+ free(timer);
+ timers_delete_me--;
+ done++;
+ if (timers_delete_me == 0)
+ return;
+ }
+ }
+ for (l = suspended; l;) {
+ Ecore_Timer *timer = l;
+
+ l = (Ecore_Timer *) EINA_INLIST_GET(l)->next;
+ if (timer->delete_me) {
+ if (timer->references) {
+ in_use++;
+ continue;
+ }
+ suspended =
+ (Ecore_Timer *)
+ eina_inlist_remove(EINA_INLIST_GET(suspended),
+ EINA_INLIST_GET(timer));
+ ECORE_MAGIC_SET(timer, ECORE_MAGIC_NONE);
+ free(timer);
+ timers_delete_me--;
+ done++;
+ if (timers_delete_me == 0)
+ return;
+ }
+ }
+
+ if ((!in_use) && (timers_delete_me)) {
+ ERR("%d timers to delete, but they were not found!"
+ "Stats: todo=%d, done=%d, pending=%d, in_use=%d. "
+ "reset counter.",
+ timers_delete_me, todo, done, todo - done, in_use);
+ timers_delete_me = 0;
+ }
}
-void
-_ecore_timer_enable_new(void)
+void _ecore_timer_enable_new(void)
{
- Ecore_Timer *timer;
+ Ecore_Timer *timer;
- if (!timers_added) return;
- timers_added = 0;
- EINA_INLIST_FOREACH(timers, timer) timer->just_added = 0;
+ if (!timers_added)
+ return;
+ timers_added = 0;
+ EINA_INLIST_FOREACH(timers, timer) timer->just_added = 0;
}
-int
-_ecore_timers_exists(void)
+int _ecore_timers_exists(void)
{
- Ecore_Timer *timer = timers;
+ Ecore_Timer *timer = timers;
- while ((timer) && (timer->delete_me))
- timer = (Ecore_Timer *)EINA_INLIST_GET(timer)->next;
+ while ((timer) && (timer->delete_me))
+ timer = (Ecore_Timer *) EINA_INLIST_GET(timer)->next;
- return !!timer;
+ return ! !timer;
}
-static inline Ecore_Timer *
-_ecore_timer_first_get(void)
+static inline Ecore_Timer *_ecore_timer_first_get(void)
{
- Ecore_Timer *timer = timers;
+ Ecore_Timer *timer = timers;
- while ((timer) && ((timer->delete_me) || (timer->just_added)))
- timer = (Ecore_Timer *) EINA_INLIST_GET(timer)->next;
+ while ((timer) && ((timer->delete_me) || (timer->just_added)))
+ timer = (Ecore_Timer *) EINA_INLIST_GET(timer)->next;
- return timer;
+ return timer;
}
-static inline Ecore_Timer *
-_ecore_timer_after_get(Ecore_Timer *base)
+static inline Ecore_Timer *_ecore_timer_after_get(Ecore_Timer * base)
{
- Ecore_Timer *timer = (Ecore_Timer *) EINA_INLIST_GET(base)->next;
- double maxtime = base->at + precision;
+ Ecore_Timer *timer = (Ecore_Timer *) EINA_INLIST_GET(base)->next;
+ double maxtime = base->at + precision;
- while ((timer) && ((timer->delete_me) || (timer->just_added)) && (timer->at <= maxtime))
- timer = (Ecore_Timer *) EINA_INLIST_GET(timer)->next;
+ while ((timer) && ((timer->delete_me) || (timer->just_added))
+ && (timer->at <= maxtime))
+ timer = (Ecore_Timer *) EINA_INLIST_GET(timer)->next;
- if ((!timer) || (timer->at > maxtime))
- return NULL;
+ if ((!timer) || (timer->at > maxtime))
+ return NULL;
- return timer;
+ return timer;
}
-double
-_ecore_timer_next_get(void)
+double _ecore_timer_next_get(void)
{
- double now;
- double in;
- Ecore_Timer *first, *second;
-
- first = _ecore_timer_first_get();
- if (!first) return -1;
-
- second = _ecore_timer_after_get(first);
- if (second)
- first = second;
-
- now = ecore_loop_time_get();
- in = first->at - now;
- if (in < 0) in = 0;
- return in;
+ double now;
+ double in;
+ Ecore_Timer *first, *second;
+
+ first = _ecore_timer_first_get();
+ if (!first)
+ return -1;
+
+ second = _ecore_timer_after_get(first);
+ if (second)
+ first = second;
+
+ now = ecore_loop_time_get();
+ in = first->at - now;
+ if (in < 0)
+ in = 0;
+ return in;
}
static inline void
-_ecore_timer_reschedule(Ecore_Timer *timer, double when)
+_ecore_timer_reschedule(Ecore_Timer * timer, double when)
{
- if ((timer->delete_me) || (timer->frozen)) return;
-
- timers = (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(timers), EINA_INLIST_GET(timer));
-
- /* if the timer would have gone off more than 15 seconds ago,
- * assume that the system hung and set the timer to go off
- * timer->in from now. this handles system hangs, suspends
- * and more, so ecore will only "replay" the timers while
- * the system is suspended if it is suspended for less than
- * 15 seconds (basically). this also handles if the process
- * is stopped in a debugger or IO and other handling gets
- * really slow within the main loop.
- */
- if ((timer->at + timer->in) < (when - 15.0))
- _ecore_timer_set(timer, when + timer->in, timer->in, timer->func, timer->data);
- else
- _ecore_timer_set(timer, timer->at + timer->in, timer->in, timer->func, timer->data);
+ if ((timer->delete_me) || (timer->frozen))
+ return;
+
+ timers =
+ (Ecore_Timer *) eina_inlist_remove(EINA_INLIST_GET(timers),
+ EINA_INLIST_GET(timer));
+
+ /* if the timer would have gone off more than 15 seconds ago,
+ * assume that the system hung and set the timer to go off
+ * timer->in from now. this handles system hangs, suspends
+ * and more, so ecore will only "replay" the timers while
+ * the system is suspended if it is suspended for less than
+ * 15 seconds (basically). this also handles if the process
+ * is stopped in a debugger or IO and other handling gets
+ * really slow within the main loop.
+ */
+ if ((timer->at + timer->in) < (when - 15.0))
+ _ecore_timer_set(timer, when + timer->in, timer->in,
+ timer->func, timer->data);
+ else
+ _ecore_timer_set(timer, timer->at + timer->in, timer->in,
+ timer->func, timer->data);
}
-int
-_ecore_timer_call(double when)
+int _ecore_timer_call(double when)
{
- if (!timers) return 0;
- if (last_check > when)
- {
- Ecore_Timer *timer;
- /* User set time backwards */
- EINA_INLIST_FOREACH(timers, timer) timer->at -= (last_check - when);
- }
- last_check = when;
-
- if (!timer_current)
- {
- /* regular main loop, start from head */
- timer_current = timers;
- }
- else
- {
- /* recursive main loop, continue from where we were */
- Ecore_Timer *timer_old = timer_current;
- timer_current = (Ecore_Timer *)EINA_INLIST_GET(timer_current)->next;
- _ecore_timer_reschedule(timer_old, when);
- }
-
- while (timer_current)
- {
- Ecore_Timer *timer = timer_current;
-
- if (timer->at > when)
- {
- timer_current = NULL; /* ended walk, next should restart. */
- return 0;
- }
-
- if ((timer->just_added) || (timer->delete_me))
- {
- timer_current = (Ecore_Timer*)EINA_INLIST_GET(timer_current)->next;
- continue;
- }
-
- timer->references++;
- if (!timer->func(timer->data))
- {
- if (!timer->delete_me) ecore_timer_del(timer);
- }
- timer->references--;
-
- if (timer_current) /* may have changed in recursive main loops */
- timer_current = (Ecore_Timer *)EINA_INLIST_GET(timer_current)->next;
-
- _ecore_timer_reschedule(timer, when);
- }
- return 0;
+ if (!timers)
+ return 0;
+ if (last_check > when) {
+ Ecore_Timer *timer;
+ /* User set time backwards */
+ EINA_INLIST_FOREACH(timers, timer) timer->at -=
+ (last_check - when);
+ }
+ last_check = when;
+
+ if (!timer_current) {
+ /* regular main loop, start from head */
+ timer_current = timers;
+ } else {
+ /* recursive main loop, continue from where we were */
+ Ecore_Timer *timer_old = timer_current;
+ timer_current =
+ (Ecore_Timer *) EINA_INLIST_GET(timer_current)->next;
+ _ecore_timer_reschedule(timer_old, when);
+ }
+
+ while (timer_current) {
+ Ecore_Timer *timer = timer_current;
+
+ if (timer->at > when) {
+ timer_current = NULL; /* ended walk, next should restart. */
+ return 0;
+ }
+
+ if ((timer->just_added) || (timer->delete_me)) {
+ timer_current =
+ (Ecore_Timer *)
+ EINA_INLIST_GET(timer_current)->next;
+ continue;
+ }
+
+ timer->references++;
+ if (!timer->func(timer->data)) {
+ if (!timer->delete_me)
+ ecore_timer_del(timer);
+ }
+ timer->references--;
+
+ if (timer_current) /* may have changed in recursive main loops */
+ timer_current =
+ (Ecore_Timer *)
+ EINA_INLIST_GET(timer_current)->next;
+
+ _ecore_timer_reschedule(timer, when);
+ }
+ return 0;
}
static void
-_ecore_timer_set(Ecore_Timer *timer, double at, double in, Ecore_Task_Cb func, void *data)
+_ecore_timer_set(Ecore_Timer * timer, double at, double in,
+ Ecore_Task_Cb func, void *data)
{
- Ecore_Timer *t2;
-
- timers_added = 1;
- timer->at = at;
- timer->in = in;
- timer->func = func;
- timer->data = data;
- timer->just_added = 1;
- timer->frozen = 0;
- timer->pending = 0.0;
- if (timers)
- {
- EINA_INLIST_REVERSE_FOREACH(EINA_INLIST_GET(timers), t2)
- {
- if (timer->at > t2->at)
- {
- timers = (Ecore_Timer *) eina_inlist_append_relative(EINA_INLIST_GET(timers), EINA_INLIST_GET(timer), EINA_INLIST_GET(t2));
- return;
- }
- }
- }
- timers = (Ecore_Timer *) eina_inlist_prepend(EINA_INLIST_GET(timers), EINA_INLIST_GET(timer));
+ Ecore_Timer *t2;
+
+ timers_added = 1;
+ timer->at = at;
+ timer->in = in;
+ timer->func = func;
+ timer->data = data;
+ timer->just_added = 1;
+ timer->frozen = 0;
+ timer->pending = 0.0;
+ if (timers) {
+ EINA_INLIST_REVERSE_FOREACH(EINA_INLIST_GET(timers), t2) {
+ if (timer->at > t2->at) {
+ timers =
+ (Ecore_Timer *)
+ eina_inlist_append_relative
+ (EINA_INLIST_GET(timers),
+ EINA_INLIST_GET(timer),
+ EINA_INLIST_GET(t2));
+ return;
+ }
+ }
+ }
+ timers =
+ (Ecore_Timer *) eina_inlist_prepend(EINA_INLIST_GET(timers),
+ EINA_INLIST_GET(timer));
}
diff --git a/tests/suite/ecore/src/lib/eina_accessor.c b/tests/suite/ecore/src/lib/eina_accessor.c
index cb20cab184..ade870a935 100644
--- a/tests/suite/ecore/src/lib/eina_accessor.c
+++ b/tests/suite/ecore/src/lib/eina_accessor.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -64,10 +64,10 @@ static const char EINA_MAGIC_ACCESSOR_STR[] = "Eina Accessor";
*
* @see eina_init()
*/
-Eina_Bool
-eina_accessor_init(void)
+Eina_Bool eina_accessor_init(void)
{
- return eina_magic_string_set(EINA_MAGIC_ACCESSOR, EINA_MAGIC_ACCESSOR_STR);
+ return eina_magic_string_set(EINA_MAGIC_ACCESSOR,
+ EINA_MAGIC_ACCESSOR_STR);
}
/**
@@ -81,10 +81,9 @@ eina_accessor_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_accessor_shutdown(void)
+Eina_Bool eina_accessor_shutdown(void)
{
- return EINA_TRUE;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -118,13 +117,12 @@ eina_accessor_shutdown(void)
*
* This function frees @p accessor if it is not @c NULL;
*/
-EAPI void
-eina_accessor_free(Eina_Accessor *accessor)
+EAPI void eina_accessor_free(Eina_Accessor * accessor)
{
- EINA_MAGIC_CHECK_ACCESSOR(accessor);
- EINA_SAFETY_ON_NULL_RETURN(accessor);
- EINA_SAFETY_ON_NULL_RETURN(accessor->free);
- accessor->free(accessor);
+ EINA_MAGIC_CHECK_ACCESSOR(accessor);
+ EINA_SAFETY_ON_NULL_RETURN(accessor);
+ EINA_SAFETY_ON_NULL_RETURN(accessor->free);
+ accessor->free(accessor);
}
/**
@@ -136,13 +134,12 @@ eina_accessor_free(Eina_Accessor *accessor)
* This function returns the container which created @p accessor. If
* @p accessor is @c NULL, this function returns @c NULL.
*/
-EAPI void *
-eina_accessor_container_get(Eina_Accessor *accessor)
+EAPI void *eina_accessor_container_get(Eina_Accessor * accessor)
{
- EINA_MAGIC_CHECK_ACCESSOR(accessor);
- EINA_SAFETY_ON_NULL_RETURN_VAL(accessor, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(accessor->get_container, NULL);
- return accessor->get_container(accessor);
+ EINA_MAGIC_CHECK_ACCESSOR(accessor);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(accessor, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(accessor->get_container, NULL);
+ return accessor->get_container(accessor);
}
/**
@@ -159,15 +156,14 @@ eina_accessor_container_get(Eina_Accessor *accessor)
* #EINA_FALSE is returned, otherwise EINA_TRUE is returned.
*/
EAPI Eina_Bool
-eina_accessor_data_get(Eina_Accessor *accessor,
- unsigned int position,
- void **data)
+eina_accessor_data_get(Eina_Accessor * accessor,
+ unsigned int position, void **data)
{
- EINA_MAGIC_CHECK_ACCESSOR(accessor);
- EINA_SAFETY_ON_NULL_RETURN_VAL(accessor, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(accessor->get_at, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
- return accessor->get_at(accessor, position, data);
+ EINA_MAGIC_CHECK_ACCESSOR(accessor);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(accessor, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(accessor->get_at, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
+ return accessor->get_at(accessor, position, data);
}
/**
@@ -187,34 +183,33 @@ eina_accessor_data_get(Eina_Accessor *accessor,
* immediately.
*/
EAPI void
-eina_accessor_over(Eina_Accessor *accessor,
- Eina_Each_Cb cb,
- unsigned int start,
- unsigned int end,
- const void *fdata)
+eina_accessor_over(Eina_Accessor * accessor,
+ Eina_Each_Cb cb,
+ unsigned int start, unsigned int end, const void *fdata)
{
- const void *container;
- void *data;
- unsigned int i;
+ const void *container;
+ void *data;
+ unsigned int i;
- EINA_MAGIC_CHECK_ACCESSOR(accessor);
- EINA_SAFETY_ON_NULL_RETURN(accessor);
- EINA_SAFETY_ON_NULL_RETURN(accessor->get_container);
- EINA_SAFETY_ON_NULL_RETURN(accessor->get_at);
- EINA_SAFETY_ON_NULL_RETURN(cb);
- EINA_SAFETY_ON_FALSE_RETURN(start < end);
+ EINA_MAGIC_CHECK_ACCESSOR(accessor);
+ EINA_SAFETY_ON_NULL_RETURN(accessor);
+ EINA_SAFETY_ON_NULL_RETURN(accessor->get_container);
+ EINA_SAFETY_ON_NULL_RETURN(accessor->get_at);
+ EINA_SAFETY_ON_NULL_RETURN(cb);
+ EINA_SAFETY_ON_FALSE_RETURN(start < end);
- if (!eina_accessor_lock(accessor))
- return ;
+ if (!eina_accessor_lock(accessor))
+ return;
- container = accessor->get_container(accessor);
- for (i = start; i < end && accessor->get_at(accessor, i, &data) == EINA_TRUE;
- ++i)
- if (cb(container, data, (void *)fdata) != EINA_TRUE)
- goto on_exit;
+ container = accessor->get_container(accessor);
+ for (i = start;
+ i < end && accessor->get_at(accessor, i, &data) == EINA_TRUE;
+ ++i)
+ if (cb(container, data, (void *) fdata) != EINA_TRUE)
+ goto on_exit;
- on_exit:
- (void) eina_accessor_unlock(accessor);
+ on_exit:
+ (void) eina_accessor_unlock(accessor);
}
/**
@@ -228,15 +223,14 @@ eina_accessor_over(Eina_Accessor *accessor,
* returned, otherwise #EINA_TRUE is returned. If the container
* is not lockable, it will return EINA_TRUE.
*/
-EAPI Eina_Bool
-eina_accessor_lock(Eina_Accessor *accessor)
+EAPI Eina_Bool eina_accessor_lock(Eina_Accessor * accessor)
{
- EINA_MAGIC_CHECK_ACCESSOR(accessor);
- EINA_SAFETY_ON_NULL_RETURN_VAL(accessor, EINA_FALSE);
+ EINA_MAGIC_CHECK_ACCESSOR(accessor);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(accessor, EINA_FALSE);
- if (accessor->lock)
- return accessor->lock(accessor);
- return EINA_TRUE;
+ if (accessor->lock)
+ return accessor->lock(accessor);
+ return EINA_TRUE;
}
/**
@@ -251,15 +245,14 @@ eina_accessor_lock(Eina_Accessor *accessor)
* is returned. If the container is not lockable, it will return
* EINA_TRUE.
*/
-EAPI Eina_Bool
-eina_accessor_unlock(Eina_Accessor *accessor)
+EAPI Eina_Bool eina_accessor_unlock(Eina_Accessor * accessor)
{
- EINA_MAGIC_CHECK_ACCESSOR(accessor);
- EINA_SAFETY_ON_NULL_RETURN_VAL(accessor, EINA_FALSE);
+ EINA_MAGIC_CHECK_ACCESSOR(accessor);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(accessor, EINA_FALSE);
- if (accessor->unlock)
- return accessor->unlock(accessor);
- return EINA_TRUE;
+ if (accessor->unlock)
+ return accessor->unlock(accessor);
+ return EINA_TRUE;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_array.c b/tests/suite/ecore/src/lib/eina_array.c
index bd71fc9782..e6bb0493df 100644
--- a/tests/suite/ecore/src/lib/eina_array.c
+++ b/tests/suite/ecore/src/lib/eina_array.c
@@ -107,7 +107,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <assert.h>
@@ -162,23 +162,19 @@ static const char EINA_MAGIC_ARRAY_ACCESSOR_STR[] = "Eina Array Accessor";
typedef struct _Eina_Iterator_Array Eina_Iterator_Array;
-struct _Eina_Iterator_Array
-{
- Eina_Iterator iterator;
+struct _Eina_Iterator_Array {
+ Eina_Iterator iterator;
- const Eina_Array *array;
- unsigned int index;
+ const Eina_Array *array;
+ unsigned int index;
- EINA_MAGIC
-};
+ EINA_MAGIC};
typedef struct _Eina_Accessor_Array Eina_Accessor_Array;
-struct _Eina_Accessor_Array
-{
- Eina_Accessor accessor;
- const Eina_Array *array;
- EINA_MAGIC
-};
+struct _Eina_Accessor_Array {
+ Eina_Accessor accessor;
+ const Eina_Array *array;
+ EINA_MAGIC};
static int _eina_array_log_dom = -1;
@@ -192,99 +188,101 @@ static int _eina_array_log_dom = -1;
#endif
#define DBG(...) EINA_LOG_DOM_DBG(_eina_array_log_dom, __VA_ARGS__)
-static void eina_array_iterator_free(Eina_Iterator_Array *it) EINA_ARG_NONNULL(1);
-static Eina_Array *eina_array_iterator_get_container(Eina_Iterator_Array *it) EINA_ARG_NONNULL(1);
-static Eina_Bool eina_array_iterator_next(Eina_Iterator_Array *it,
- void **data) EINA_ARG_NONNULL(1);
-
-static Eina_Bool eina_array_accessor_get_at(Eina_Accessor_Array *it,
- unsigned int idx,
- void **data) EINA_ARG_NONNULL(1);
-static Eina_Array *eina_array_accessor_get_container(Eina_Accessor_Array *it) EINA_ARG_NONNULL(1);
-static void eina_array_accessor_free(Eina_Accessor_Array *it) EINA_ARG_NONNULL(1);
+static void eina_array_iterator_free(Eina_Iterator_Array *
+ it) EINA_ARG_NONNULL(1);
+static Eina_Array *eina_array_iterator_get_container(Eina_Iterator_Array *
+ it)
+EINA_ARG_NONNULL(1);
+static Eina_Bool eina_array_iterator_next(Eina_Iterator_Array * it,
+ void **data) EINA_ARG_NONNULL(1);
+
+static Eina_Bool eina_array_accessor_get_at(Eina_Accessor_Array * it,
+ unsigned int idx,
+ void **data)
+EINA_ARG_NONNULL(1);
+static Eina_Array *eina_array_accessor_get_container(Eina_Accessor_Array *
+ it)
+EINA_ARG_NONNULL(1);
+static void eina_array_accessor_free(Eina_Accessor_Array *
+ it) EINA_ARG_NONNULL(1);
static Eina_Bool
-eina_array_iterator_next(Eina_Iterator_Array *it, void **data)
+eina_array_iterator_next(Eina_Iterator_Array * it, void **data)
{
- EINA_MAGIC_CHECK_ARRAY_ITERATOR(it, EINA_FALSE);
+ EINA_MAGIC_CHECK_ARRAY_ITERATOR(it, EINA_FALSE);
- if (!(it->index < eina_array_count_get(it->array)))
- return EINA_FALSE;
+ if (!(it->index < eina_array_count_get(it->array)))
+ return EINA_FALSE;
- if (data)
- *data = eina_array_data_get(it->array, it->index);
+ if (data)
+ *data = eina_array_data_get(it->array, it->index);
- it->index++;
- return EINA_TRUE;
+ it->index++;
+ return EINA_TRUE;
}
-static Eina_Array *
-eina_array_iterator_get_container(Eina_Iterator_Array *it)
+static Eina_Array *eina_array_iterator_get_container(Eina_Iterator_Array *
+ it)
{
- EINA_MAGIC_CHECK_ARRAY_ITERATOR(it, NULL);
- return (Eina_Array *)it->array;
+ EINA_MAGIC_CHECK_ARRAY_ITERATOR(it, NULL);
+ return (Eina_Array *) it->array;
}
-static void
-eina_array_iterator_free(Eina_Iterator_Array *it)
+static void eina_array_iterator_free(Eina_Iterator_Array * it)
{
- EINA_MAGIC_CHECK_ARRAY_ITERATOR(it);
- MAGIC_FREE(it);
+ EINA_MAGIC_CHECK_ARRAY_ITERATOR(it);
+ MAGIC_FREE(it);
}
static Eina_Bool
-eina_array_accessor_get_at(Eina_Accessor_Array *it,
- unsigned int idx,
- void **data)
+eina_array_accessor_get_at(Eina_Accessor_Array * it,
+ unsigned int idx, void **data)
{
- EINA_MAGIC_CHECK_ARRAY_ACCESSOR(it, EINA_FALSE);
+ EINA_MAGIC_CHECK_ARRAY_ACCESSOR(it, EINA_FALSE);
- if (!(idx < eina_array_count_get(it->array)))
- return EINA_FALSE;
+ if (!(idx < eina_array_count_get(it->array)))
+ return EINA_FALSE;
- if (data)
- *data = eina_array_data_get(it->array, idx);
+ if (data)
+ *data = eina_array_data_get(it->array, idx);
- return EINA_TRUE;
+ return EINA_TRUE;
}
-static Eina_Array *
-eina_array_accessor_get_container(Eina_Accessor_Array *it)
+static Eina_Array *eina_array_accessor_get_container(Eina_Accessor_Array *
+ it)
{
- EINA_MAGIC_CHECK_ARRAY_ACCESSOR(it, NULL);
- return (Eina_Array *)it->array;
+ EINA_MAGIC_CHECK_ARRAY_ACCESSOR(it, NULL);
+ return (Eina_Array *) it->array;
}
-static void
-eina_array_accessor_free(Eina_Accessor_Array *it)
+static void eina_array_accessor_free(Eina_Accessor_Array * it)
{
- EINA_MAGIC_CHECK_ARRAY_ACCESSOR(it);
- MAGIC_FREE(it);
+ EINA_MAGIC_CHECK_ARRAY_ACCESSOR(it);
+ MAGIC_FREE(it);
}
-EAPI Eina_Bool
-eina_array_grow(Eina_Array *array)
+EAPI Eina_Bool eina_array_grow(Eina_Array * array)
{
- void **tmp;
- unsigned int total;
+ void **tmp;
+ unsigned int total;
- EINA_SAFETY_ON_NULL_RETURN_VAL(array, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(array, EINA_FALSE);
- EINA_MAGIC_CHECK_ARRAY(array);
+ EINA_MAGIC_CHECK_ARRAY(array);
- total = array->total + array->step;
- eina_error_set(0);
- tmp = realloc(array->data, sizeof (void *) * total);
- if (EINA_UNLIKELY(!tmp))
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return 0;
- }
+ total = array->total + array->step;
+ eina_error_set(0);
+ tmp = realloc(array->data, sizeof(void *) * total);
+ if (EINA_UNLIKELY(!tmp)) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return 0;
+ }
- array->total = total;
- array->data = tmp;
+ array->total = total;
+ array->data = tmp;
- return 1;
+ return 1;
}
/**
@@ -307,23 +305,20 @@ eina_array_grow(Eina_Array *array)
*
* @see eina_init()
*/
-Eina_Bool
-eina_array_init(void)
+Eina_Bool eina_array_init(void)
{
- _eina_array_log_dom = eina_log_domain_register("eina_array",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_array_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_array");
- return EINA_FALSE;
- }
-
+ _eina_array_log_dom = eina_log_domain_register("eina_array",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_array_log_dom < 0) {
+ EINA_LOG_ERR("Could not register log domain: eina_array");
+ return EINA_FALSE;
+ }
#define EMS(n) eina_magic_string_static_set(n, n ## _STR)
- EMS(EINA_MAGIC_ARRAY);
- EMS(EINA_MAGIC_ARRAY_ITERATOR);
- EMS(EINA_MAGIC_ARRAY_ACCESSOR);
+ EMS(EINA_MAGIC_ARRAY);
+ EMS(EINA_MAGIC_ARRAY_ITERATOR);
+ EMS(EINA_MAGIC_ARRAY_ACCESSOR);
#undef EMS
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -337,12 +332,11 @@ eina_array_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_array_shutdown(void)
+Eina_Bool eina_array_shutdown(void)
{
- eina_log_domain_unregister(_eina_array_log_dom);
- _eina_array_log_dom = -1;
- return EINA_TRUE;
+ eina_log_domain_unregister(_eina_array_log_dom);
+ _eina_array_log_dom = -1;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -401,28 +395,26 @@ eina_array_shutdown(void)
* allocation fails. In that case, the error is set to
* #EINA_ERROR_OUT_OF_MEMORY.
*/
-EAPI Eina_Array *
-eina_array_new(unsigned int step)
+EAPI Eina_Array *eina_array_new(unsigned int step)
{
- Eina_Array *array;
+ Eina_Array *array;
- eina_error_set(0);
- array = malloc(sizeof (Eina_Array));
- if (!array)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ array = malloc(sizeof(Eina_Array));
+ if (!array) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- EINA_MAGIC_SET(array, EINA_MAGIC_ARRAY);
+ EINA_MAGIC_SET(array, EINA_MAGIC_ARRAY);
- array->version = EINA_ARRAY_VERSION;
- array->data = NULL;
- array->total = 0;
- array->count = 0;
- array->step = step;
+ array->version = EINA_ARRAY_VERSION;
+ array->data = NULL;
+ array->total = 0;
+ array->count = 0;
+ array->step = step;
- return array;
+ return array;
}
/**
@@ -436,14 +428,13 @@ eina_array_new(unsigned int step)
* #EINA_ARRAY_ITER_NEXT. For performance reasons, there is no check
* of @p array.
*/
-EAPI void
-eina_array_free(Eina_Array *array)
+EAPI void eina_array_free(Eina_Array * array)
{
- eina_array_flush(array);
+ eina_array_flush(array);
- EINA_SAFETY_ON_NULL_RETURN(array);
- EINA_MAGIC_CHECK_ARRAY(array);
- MAGIC_FREE(array);
+ EINA_SAFETY_ON_NULL_RETURN(array);
+ EINA_MAGIC_CHECK_ARRAY(array);
+ MAGIC_FREE(array);
}
/**
@@ -459,28 +450,25 @@ eina_array_free(Eina_Array *array)
* the array is not initialized.
*/
EAPI void
-eina_array_step_set(Eina_Array *array,
- unsigned int sizeof_eina_array,
- unsigned int step)
+eina_array_step_set(Eina_Array * array,
+ unsigned int sizeof_eina_array, unsigned int step)
{
- EINA_SAFETY_ON_NULL_RETURN(array);
-
- if (sizeof (Eina_Array) != sizeof_eina_array)
- {
- ERR("Unknow Eina_Array size ! Got %i, expected %i !\n",
- sizeof_eina_array,
- (int) sizeof (Eina_Array));
- /* Force memory to zero to provide a small layer of security */
- memset(array, 0, sizeof_eina_array);
- return ;
- }
-
- array->version = EINA_ARRAY_VERSION;
- array->data = NULL;
- array->total = 0;
- array->count = 0;
- array->step = step;
- EINA_MAGIC_SET(array, EINA_MAGIC_ARRAY);
+ EINA_SAFETY_ON_NULL_RETURN(array);
+
+ if (sizeof(Eina_Array) != sizeof_eina_array) {
+ ERR("Unknow Eina_Array size ! Got %i, expected %i !\n",
+ sizeof_eina_array, (int) sizeof(Eina_Array));
+ /* Force memory to zero to provide a small layer of security */
+ memset(array, 0, sizeof_eina_array);
+ return;
+ }
+
+ array->version = EINA_ARRAY_VERSION;
+ array->data = NULL;
+ array->total = 0;
+ array->count = 0;
+ array->step = step;
+ EINA_MAGIC_SET(array, EINA_MAGIC_ARRAY);
}
/**
@@ -492,13 +480,12 @@ eina_array_step_set(Eina_Array *array,
* performance reasons, there is no check of @p array. If it is
* @c NULL or invalid, the program may crash.
*/
-EAPI void
-eina_array_clean(Eina_Array *array)
+EAPI void eina_array_clean(Eina_Array * array)
{
- EINA_SAFETY_ON_NULL_RETURN(array);
- EINA_MAGIC_CHECK_ARRAY(array);
+ EINA_SAFETY_ON_NULL_RETURN(array);
+ EINA_MAGIC_CHECK_ARRAY(array);
- array->count = 0;
+ array->count = 0;
}
/**
@@ -511,20 +498,19 @@ eina_array_clean(Eina_Array *array)
* there is no check of @p array. If it is @c NULL or invalid, the
* program may crash.
*/
-EAPI void
-eina_array_flush(Eina_Array *array)
+EAPI void eina_array_flush(Eina_Array * array)
{
- EINA_SAFETY_ON_NULL_RETURN(array);
- EINA_MAGIC_CHECK_ARRAY(array);
+ EINA_SAFETY_ON_NULL_RETURN(array);
+ EINA_MAGIC_CHECK_ARRAY(array);
- array->count = 0;
- array->total = 0;
+ array->count = 0;
+ array->total = 0;
- if (!array->data)
- return;
+ if (!array->data)
+ return;
- free(array->data);
- array->data = NULL;
+ free(array->data);
+ array->data = NULL;
}
/**
@@ -545,97 +531,89 @@ eina_array_flush(Eina_Array *array)
* and the error is set to #EINA_ERROR_OUT_OF_MEMORY.
*/
EAPI Eina_Bool
-eina_array_remove(Eina_Array *array, Eina_Bool (*keep)(void *data,
- void *gdata),
- void *gdata)
+eina_array_remove(Eina_Array * array, Eina_Bool(*keep) (void *data,
+ void *gdata),
+ void *gdata)
{
- void **tmp;
- /* WARNING:
- The algorithm does exit before using unitialized data. So compiler is
- giving you a false positiv here too.
- */
- void *data = NULL;
- unsigned int total = 0;
- unsigned int limit;
- unsigned int i;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(array, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(keep, EINA_FALSE);
- EINA_MAGIC_CHECK_ARRAY(array);
-
- if (array->total == 0)
- return EINA_TRUE;
-
- for (i = 0; i < array->count; ++i)
- {
- data = eina_array_data_get(array, i);
-
- if (keep(data, gdata) == EINA_FALSE)
- break;
- }
- limit = i;
- if (i < array->count)
- ++i;
-
- for (; i < array->count; ++i)
- {
- data = eina_array_data_get(array, i);
-
- if (keep(data, gdata) == EINA_TRUE)
- break;
- }
- /* Special case all objects that need to stay are at the beginning of the array. */
- if (i == array->count)
- {
- array->count = limit;
- if (array->count == 0)
- {
- free(array->data);
- array->total = 0;
- array->data = NULL;
- }
-
- return EINA_TRUE;
- }
-
- eina_error_set(0);
- tmp = malloc(sizeof (void *) * array->total);
- if (!tmp)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return EINA_FALSE;
- }
-
- memcpy(tmp, array->data, limit * sizeof(void *));
- total = limit;
-
- if (i < array->count)
- {
- tmp[total] = data;
- total++;
- ++i;
- }
-
- for (; i < array->count; ++i)
- {
- data = eina_array_data_get(array, i);
-
- if (keep(data, gdata))
- {
- tmp[total] = data;
- total++;
- }
- }
-
- free(array->data);
-
- /* If we do not keep any object in the array, we should have exited
- earlier in test (i == array->count). */
- assert(total != 0);
-
- array->data = tmp;
- array->count = total;
- return EINA_TRUE;
+ void **tmp;
+ /* WARNING:
+ The algorithm does exit before using unitialized data. So compiler is
+ giving you a false positiv here too.
+ */
+ void *data = NULL;
+ unsigned int total = 0;
+ unsigned int limit;
+ unsigned int i;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(array, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(keep, EINA_FALSE);
+ EINA_MAGIC_CHECK_ARRAY(array);
+
+ if (array->total == 0)
+ return EINA_TRUE;
+
+ for (i = 0; i < array->count; ++i) {
+ data = eina_array_data_get(array, i);
+
+ if (keep(data, gdata) == EINA_FALSE)
+ break;
+ }
+ limit = i;
+ if (i < array->count)
+ ++i;
+
+ for (; i < array->count; ++i) {
+ data = eina_array_data_get(array, i);
+
+ if (keep(data, gdata) == EINA_TRUE)
+ break;
+ }
+ /* Special case all objects that need to stay are at the beginning of the array. */
+ if (i == array->count) {
+ array->count = limit;
+ if (array->count == 0) {
+ free(array->data);
+ array->total = 0;
+ array->data = NULL;
+ }
+
+ return EINA_TRUE;
+ }
+
+ eina_error_set(0);
+ tmp = malloc(sizeof(void *) * array->total);
+ if (!tmp) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return EINA_FALSE;
+ }
+
+ memcpy(tmp, array->data, limit * sizeof(void *));
+ total = limit;
+
+ if (i < array->count) {
+ tmp[total] = data;
+ total++;
+ ++i;
+ }
+
+ for (; i < array->count; ++i) {
+ data = eina_array_data_get(array, i);
+
+ if (keep(data, gdata)) {
+ tmp[total] = data;
+ total++;
+ }
+ }
+
+ free(array->data);
+
+ /* If we do not keep any object in the array, we should have exited
+ earlier in test (i == array->count). */
+ assert(total != 0);
+
+ array->data = tmp;
+ array->count = total;
+ return EINA_TRUE;
}
/**
@@ -650,34 +628,32 @@ eina_array_remove(Eina_Array *array, Eina_Bool (*keep)(void *data,
* not be allocated, NULL is returned and #EINA_ERROR_OUT_OF_MEMORY is
* set. Otherwise, a valid iterator is returned.
*/
-EAPI Eina_Iterator *
-eina_array_iterator_new(const Eina_Array *array)
+EAPI Eina_Iterator *eina_array_iterator_new(const Eina_Array * array)
{
- Eina_Iterator_Array *it;
+ Eina_Iterator_Array *it;
- EINA_SAFETY_ON_NULL_RETURN_VAL(array, NULL);
- EINA_MAGIC_CHECK_ARRAY(array);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(array, NULL);
+ EINA_MAGIC_CHECK_ARRAY(array);
- eina_error_set(0);
- it = calloc(1, sizeof (Eina_Iterator_Array));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ it = calloc(1, sizeof(Eina_Iterator_Array));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- EINA_MAGIC_SET(it, EINA_MAGIC_ARRAY_ITERATOR);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(it, EINA_MAGIC_ARRAY_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- it->array = array;
+ it->array = array;
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(eina_array_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- eina_array_iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(eina_array_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(eina_array_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(eina_array_iterator_get_container);
+ it->iterator.free = FUNC_ITERATOR_FREE(eina_array_iterator_free);
- return &it->iterator;
+ return &it->iterator;
}
/**
@@ -692,34 +668,33 @@ eina_array_iterator_new(const Eina_Array *array)
* not be allocated, NULL is returned and #EINA_ERROR_OUT_OF_MEMORY is
* set. Otherwise, a valid accessor is returned.
*/
-EAPI Eina_Accessor *
-eina_array_accessor_new(const Eina_Array *array)
+EAPI Eina_Accessor *eina_array_accessor_new(const Eina_Array * array)
{
- Eina_Accessor_Array *ac;
+ Eina_Accessor_Array *ac;
- EINA_SAFETY_ON_NULL_RETURN_VAL(array, NULL);
- EINA_MAGIC_CHECK_ARRAY(array);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(array, NULL);
+ EINA_MAGIC_CHECK_ARRAY(array);
- eina_error_set(0);
- ac = calloc(1, sizeof (Eina_Accessor_Array));
- if (!ac)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ ac = calloc(1, sizeof(Eina_Accessor_Array));
+ if (!ac) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- EINA_MAGIC_SET(ac, EINA_MAGIC_ARRAY_ACCESSOR);
- EINA_MAGIC_SET(&ac->accessor, EINA_MAGIC_ACCESSOR);
+ EINA_MAGIC_SET(ac, EINA_MAGIC_ARRAY_ACCESSOR);
+ EINA_MAGIC_SET(&ac->accessor, EINA_MAGIC_ACCESSOR);
- ac->array = array;
+ ac->array = array;
- ac->accessor.version = EINA_ACCESSOR_VERSION;
- ac->accessor.get_at = FUNC_ACCESSOR_GET_AT(eina_array_accessor_get_at);
- ac->accessor.get_container = FUNC_ACCESSOR_GET_CONTAINER(
- eina_array_accessor_get_container);
- ac->accessor.free = FUNC_ACCESSOR_FREE(eina_array_accessor_free);
+ ac->accessor.version = EINA_ACCESSOR_VERSION;
+ ac->accessor.get_at =
+ FUNC_ACCESSOR_GET_AT(eina_array_accessor_get_at);
+ ac->accessor.get_container =
+ FUNC_ACCESSOR_GET_CONTAINER(eina_array_accessor_get_container);
+ ac->accessor.free = FUNC_ACCESSOR_FREE(eina_array_accessor_free);
- return &ac->accessor;
+ return &ac->accessor;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_benchmark.c b/tests/suite/ecore/src/lib/eina_benchmark.c
index 5cd3fd36e1..83ead5ee5a 100644
--- a/tests/suite/ecore/src/lib/eina_benchmark.c
+++ b/tests/suite/ecore/src/lib/eina_benchmark.c
@@ -288,24 +288,24 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#ifdef HAVE_ALLOCA_H
-# include <alloca.h>
+#include <alloca.h>
#elif defined __GNUC__
-# define alloca __builtin_alloca
+#define alloca __builtin_alloca
#elif defined _AIX
-# define alloca __alloca
+#define alloca __alloca
#elif defined _MSC_VER
-# include <malloc.h>
-# define alloca _alloca
+#include <malloc.h>
+#define alloca _alloca
#else
-# include <stddef.h>
-# ifdef __cplusplus
+#include <stddef.h>
+#ifdef __cplusplus
extern "C"
-# endif
-void *alloca (size_t);
+#endif
+void *alloca(size_t);
#endif
#include <stdlib.h>
@@ -313,7 +313,7 @@ void *alloca (size_t);
#include <string.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -336,24 +336,22 @@ void *alloca (size_t);
#define EINA_BENCHMARK_DATA_MASK "bench_%s_%s.%s.data"
typedef struct _Eina_Run Eina_Run;
-struct _Eina_Run
-{
- EINA_INLIST;
-
- Eina_Benchmark_Specimens cb;
- const char *name;
- int start;
- int end;
- int step;
+struct _Eina_Run {
+ EINA_INLIST;
+
+ Eina_Benchmark_Specimens cb;
+ const char *name;
+ int start;
+ int end;
+ int step;
};
-struct _Eina_Benchmark
-{
- const char *name;
- const char *run;
+struct _Eina_Benchmark {
+ const char *name;
+ const char *run;
- Eina_Inlist *runs;
- Eina_List *names;
+ Eina_Inlist *runs;
+ Eina_List *names;
};
static int _eina_benchmark_log_dom = -1;
@@ -387,18 +385,18 @@ static int _eina_benchmark_log_dom = -1;
*
* @see eina_init()
*/
-Eina_Bool
-eina_benchmark_init(void)
+Eina_Bool eina_benchmark_init(void)
{
- _eina_benchmark_log_dom = eina_log_domain_register("eina_benchmark",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_benchmark_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_benchmark");
- return EINA_FALSE;
- }
-
- return EINA_TRUE;
+ _eina_benchmark_log_dom =
+ eina_log_domain_register("eina_benchmark",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_benchmark_log_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_benchmark");
+ return EINA_FALSE;
+ }
+
+ return EINA_TRUE;
}
/**
@@ -412,12 +410,11 @@ eina_benchmark_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_benchmark_shutdown(void)
+Eina_Bool eina_benchmark_shutdown(void)
{
- eina_log_domain_unregister(_eina_benchmark_log_dom);
- _eina_benchmark_log_dom = -1;
- return EINA_TRUE;
+ eina_log_domain_unregister(_eina_benchmark_log_dom);
+ _eina_benchmark_log_dom = -1;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -468,23 +465,21 @@ eina_benchmark_shutdown(void)
* When the new module is not needed anymore, use
* eina_benchmark_free() to free the allocated memory.
*/
-EAPI Eina_Benchmark *
-eina_benchmark_new(const char *name, const char *run)
+EAPI Eina_Benchmark *eina_benchmark_new(const char *name, const char *run)
{
- Eina_Benchmark *new;
+ Eina_Benchmark *new;
- eina_error_set(0);
- new = calloc(1, sizeof (Eina_Benchmark));
- if (!new)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ new = calloc(1, sizeof(Eina_Benchmark));
+ if (!new) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- new->name = name;
- new->run = run;
+ new->name = name;
+ new->run = run;
- return new;
+ return new;
}
/**
@@ -496,35 +491,32 @@ eina_benchmark_new(const char *name, const char *run)
* registered and frees @p bench. If @p bench is @c NULL, this
* function returns immediately.
*/
-EAPI void
-eina_benchmark_free(Eina_Benchmark *bench)
+EAPI void eina_benchmark_free(Eina_Benchmark * bench)
{
- Eina_Array *names;
+ Eina_Array *names;
- if (!bench)
- return;
+ if (!bench)
+ return;
- while (bench->runs)
- {
- Eina_Run *run = (Eina_Run *)bench->runs;
+ while (bench->runs) {
+ Eina_Run *run = (Eina_Run *) bench->runs;
- bench->runs = eina_inlist_remove(bench->runs, bench->runs);
- free(run);
- }
+ bench->runs = eina_inlist_remove(bench->runs, bench->runs);
+ free(run);
+ }
- EINA_LIST_FREE(bench->names, names)
- {
- Eina_Array_Iterator it;
- char *tmp;
- unsigned int i;
+ EINA_LIST_FREE(bench->names, names) {
+ Eina_Array_Iterator it;
+ char *tmp;
+ unsigned int i;
- EINA_ARRAY_ITER_NEXT(names, i, tmp, it)
- free(tmp);
+ EINA_ARRAY_ITER_NEXT(names, i, tmp, it)
+ free(tmp);
- eina_array_free(names);
- }
+ eina_array_free(names);
+ }
- free(bench);
+ free(bench);
}
/**
@@ -549,38 +541,36 @@ eina_benchmark_free(Eina_Benchmark *bench)
* to #EINA_ERROR_OUT_OF_MEMORY.
*/
EAPI Eina_Bool
-eina_benchmark_register(Eina_Benchmark *bench,
- const char *name,
- Eina_Benchmark_Specimens bench_cb,
- int count_start,
- int count_end,
- int count_step)
+eina_benchmark_register(Eina_Benchmark * bench,
+ const char *name,
+ Eina_Benchmark_Specimens bench_cb,
+ int count_start, int count_end, int count_step)
{
- Eina_Run *run;
+ Eina_Run *run;
- if (!bench)
- return EINA_FALSE;
+ if (!bench)
+ return EINA_FALSE;
- if (count_step == 0)
- return EINA_FALSE;
+ if (count_step == 0)
+ return EINA_FALSE;
- eina_error_set(0);
- run = calloc(1, sizeof (Eina_Run));
- if (!run)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return EINA_FALSE;
- }
+ eina_error_set(0);
+ run = calloc(1, sizeof(Eina_Run));
+ if (!run) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return EINA_FALSE;
+ }
- run->cb = bench_cb;
- run->name = name;
- run->start = count_start;
- run->end = count_end;
- run->step = count_step;
+ run->cb = bench_cb;
+ run->name = name;
+ run->start = count_start;
+ run->end = count_end;
+ run->step = count_step;
- bench->runs = eina_inlist_append(bench->runs, EINA_INLIST_GET(run));
+ bench->runs =
+ eina_inlist_append(bench->runs, EINA_INLIST_GET(run));
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -608,133 +598,121 @@ eina_benchmark_register(Eina_Benchmark *bench,
* immediately. Otherwise, it returns the list of the names of each
* test.
*/
-EAPI Eina_Array *
-eina_benchmark_run(Eina_Benchmark *bench)
+EAPI Eina_Array *eina_benchmark_run(Eina_Benchmark * bench)
{
- FILE *main_script;
- FILE *current_data;
- Eina_Array *ea;
- Eina_Run *run;
- char *buffer;
- Eina_Bool first = EINA_FALSE;
- size_t length;
-
- if (!bench)
- return NULL;
-
- length = strlen(EINA_BENCHMARK_FILENAME_MASK) + strlen(bench->name) + strlen(
- bench->run);
-
- buffer = alloca(sizeof (char) * length);
- if (!buffer)
- return NULL;
-
- snprintf(buffer,
- length,
- EINA_BENCHMARK_FILENAME_MASK,
- bench->name,
- bench->run);
-
- main_script = fopen(buffer, "w");
- if (!main_script)
- return NULL;
-
- ea = eina_array_new(16);
- if (!ea)
- {
- fclose(main_script);
- return NULL;
- }
-
- eina_array_push(ea, strdup(buffer));
-
- fprintf(
- main_script,
- "set autoscale # scale axes automatically\n"
- "unset log # remove any log-scaling\n"
- "unset label # remove any previous labels\n"
- "set xtic auto # set xtics automatically\n"
- "set ytic auto # set ytics automatically\n"
+ FILE *main_script;
+ FILE *current_data;
+ Eina_Array *ea;
+ Eina_Run *run;
+ char *buffer;
+ Eina_Bool first = EINA_FALSE;
+ size_t length;
+
+ if (!bench)
+ return NULL;
+
+ length =
+ strlen(EINA_BENCHMARK_FILENAME_MASK) + strlen(bench->name) +
+ strlen(bench->run);
+
+ buffer = alloca(sizeof(char) * length);
+ if (!buffer)
+ return NULL;
+
+ snprintf(buffer,
+ length,
+ EINA_BENCHMARK_FILENAME_MASK, bench->name, bench->run);
+
+ main_script = fopen(buffer, "w");
+ if (!main_script)
+ return NULL;
+
+ ea = eina_array_new(16);
+ if (!ea) {
+ fclose(main_script);
+ return NULL;
+ }
+
+ eina_array_push(ea, strdup(buffer));
+
+ fprintf(main_script,
+ "set autoscale # scale axes automatically\n"
+ "unset log # remove any log-scaling\n"
+ "unset label # remove any previous labels\n"
+ "set xtic auto # set xtics automatically\n"
+ "set ytic auto # set ytics automatically\n"
/* "set logscale y\n" */
- "set terminal png size 1024,768\n"
- "set output \"output_%s_%s.png\"\n"
- "set title \"%s %s\n"
- "set xlabel \"tests\"\n"
- "set ylabel \"time\"\n"
- "plot ",
- bench->name,
- bench->run,
- bench->name,
- bench->run);
-
- EINA_INLIST_FOREACH(bench->runs, run)
- {
- Eina_Counter *counter;
- char *result;
- size_t tmp;
- int i;
-
- tmp = strlen(EINA_BENCHMARK_DATA_MASK) + strlen(bench->name) + strlen(
- bench->run) + strlen(run->name);
- if (tmp > length)
- {
- buffer = alloca(sizeof (char) * tmp);
- length = tmp;
- }
-
- snprintf(buffer,
- length,
- EINA_BENCHMARK_DATA_MASK,
- bench->name,
- bench->run,
- run->name);
-
- current_data = fopen(buffer, "w");
- if (!current_data)
- continue;
-
- eina_array_push(ea, strdup(buffer));
-
- counter = eina_counter_new(run->name);
-
- for (i = run->start; i < run->end; i += run->step)
- {
- fprintf(stderr, "Run %s: %i\n", run->name, i);
- eina_counter_start(counter);
-
- run->cb(i);
-
- eina_counter_stop(counter, i);
- }
-
- result = eina_counter_dump(counter);
- if (result)
- {
- fprintf(current_data, "%s", result);
- free(result);
- }
-
- eina_counter_free(counter);
-
- fclose(current_data);
-
- if (first == EINA_FALSE)
- first = EINA_TRUE;
- else
- fprintf(main_script, ", \\\n");
-
- fprintf(main_script,
- "\"%s\" using 1:2 title \'%s\' with line",
- buffer, run->name);
- }
-
- fprintf(main_script, "\n");
-
- fclose(main_script);
-
- bench->names = eina_list_append(bench->names, ea);
-
- return ea;
+ "set terminal png size 1024,768\n"
+ "set output \"output_%s_%s.png\"\n"
+ "set title \"%s %s\n"
+ "set xlabel \"tests\"\n"
+ "set ylabel \"time\"\n"
+ "plot ", bench->name, bench->run, bench->name, bench->run);
+
+ EINA_INLIST_FOREACH(bench->runs, run) {
+ Eina_Counter *counter;
+ char *result;
+ size_t tmp;
+ int i;
+
+ tmp =
+ strlen(EINA_BENCHMARK_DATA_MASK) +
+ strlen(bench->name) + strlen(bench->run) +
+ strlen(run->name);
+ if (tmp > length) {
+ buffer = alloca(sizeof(char) * tmp);
+ length = tmp;
+ }
+
+ snprintf(buffer,
+ length,
+ EINA_BENCHMARK_DATA_MASK,
+ bench->name, bench->run, run->name);
+
+ current_data = fopen(buffer, "w");
+ if (!current_data)
+ continue;
+
+ eina_array_push(ea, strdup(buffer));
+
+ counter = eina_counter_new(run->name);
+
+ for (i = run->start; i < run->end; i += run->step) {
+ fprintf(stderr, "Run %s: %i\n", run->name, i);
+ eina_counter_start(counter);
+
+ run->cb(i);
+
+ eina_counter_stop(counter, i);
+ }
+
+ result = eina_counter_dump(counter);
+ if (result) {
+ fprintf(current_data, "%s", result);
+ free(result);
+ }
+
+ eina_counter_free(counter);
+
+ fclose(current_data);
+
+ if (first == EINA_FALSE)
+ first = EINA_TRUE;
+ else
+ fprintf(main_script, ", \\\n");
+
+ fprintf(main_script,
+ "\"%s\" using 1:2 title \'%s\' with line",
+ buffer, run->name);
+ }
+
+ fprintf(main_script, "\n");
+
+ fclose(main_script);
+
+ bench->names = eina_list_append(bench->names, ea);
+
+ return ea;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_binshare.c b/tests/suite/ecore/src/lib/eina_binshare.c
index 3973357deb..f6946379ab 100644
--- a/tests/suite/ecore/src/lib/eina_binshare.c
+++ b/tests/suite/ecore/src/lib/eina_binshare.c
@@ -52,12 +52,11 @@ static const char EINA_MAGIC_BINSHARE_NODE_STR[] = "Eina Binshare Node";
*
* @see eina_init()
*/
-EAPI Eina_Bool
-eina_binshare_init(void)
+EAPI Eina_Bool eina_binshare_init(void)
{
- return eina_share_common_init(&binshare_share,
- EINA_MAGIC_BINSHARE_NODE,
- EINA_MAGIC_BINSHARE_NODE_STR);
+ return eina_share_common_init(&binshare_share,
+ EINA_MAGIC_BINSHARE_NODE,
+ EINA_MAGIC_BINSHARE_NODE_STR);
}
/**
@@ -71,12 +70,11 @@ eina_binshare_init(void)
*
* @see eina_shutdown()
*/
-EAPI Eina_Bool
-eina_binshare_shutdown(void)
+EAPI Eina_Bool eina_binshare_shutdown(void)
{
- Eina_Bool ret;
- ret = eina_share_common_shutdown(&binshare_share);
- return ret;
+ Eina_Bool ret;
+ ret = eina_share_common_shutdown(&binshare_share);
+ return ret;
}
/*============================================================================*
@@ -109,13 +107,12 @@ eina_binshare_shutdown(void)
* Note that if the given pointer is not shared or NULL, bad things
* will happen, likely a segmentation fault.
*/
-EAPI void
-eina_binshare_del(const void *obj)
+EAPI void eina_binshare_del(const void *obj)
{
- if (!obj)
- return;
+ if (!obj)
+ return;
- eina_share_common_del(binshare_share, obj);
+ eina_share_common_del(binshare_share, obj);
}
/**
@@ -138,13 +135,11 @@ eina_binshare_del(const void *obj)
*
* @see eina_binshare_add()
*/
-EAPI const void *
-eina_binshare_add_length(const void *obj, unsigned int olen)
+EAPI const void *eina_binshare_add_length(const void *obj,
+ unsigned int olen)
{
- return eina_share_common_add_length(binshare_share,
- obj,
- (olen) * sizeof(char),
- 0);
+ return eina_share_common_add_length(binshare_share,
+ obj, (olen) * sizeof(char), 0);
}
/**
@@ -161,10 +156,9 @@ eina_binshare_add_length(const void *obj, unsigned int olen)
*
* There is no unref since this is the work of eina_binshare_del().
*/
-EAPI const void *
-eina_binshare_ref(const void *obj)
+EAPI const void *eina_binshare_ref(const void *obj)
{
- return eina_share_common_ref(binshare_share, obj);
+ return eina_share_common_ref(binshare_share, obj);
}
/**
@@ -178,10 +172,9 @@ eina_binshare_ref(const void *obj)
* things will happen, likely a segmentation fault. If in doubt, try
* strlen().
*/
-EAPI int
-eina_binshare_length(const void *obj)
+EAPI int eina_binshare_length(const void *obj)
{
- return eina_share_common_length(binshare_share, obj);
+ return eina_share_common_length(binshare_share, obj);
}
/**
@@ -190,13 +183,11 @@ eina_binshare_length(const void *obj)
* This function dumps all objects in the share_common to stdout with a
* DDD: prefix per line and a memory usage summary.
*/
-EAPI void
-eina_binshare_dump(void)
+EAPI void eina_binshare_dump(void)
{
- eina_share_common_dump(binshare_share, NULL, 0);
+ eina_share_common_dump(binshare_share, NULL, 0);
}
/**
* @}
*/
-
diff --git a/tests/suite/ecore/src/lib/eina_chained_mempool.c b/tests/suite/ecore/src/lib/eina_chained_mempool.c
index f178cac01d..2fd5152a24 100644
--- a/tests/suite/ecore/src/lib/eina_chained_mempool.c
+++ b/tests/suite/ecore/src/lib/eina_chained_mempool.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -28,9 +28,9 @@
#endif
#ifdef EFL_HAVE_WIN32_THREADS
-# define WIN32_LEAN_AND_MEAN
-# include <windows.h>
-# undef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#undef WIN32_LEAN_AND_MEAN
#endif
#include "eina_inlist.h"
@@ -53,293 +53,287 @@ static int _eina_mempool_log_dom = -1;
#endif
typedef struct _Chained_Mempool Chained_Mempool;
-struct _Chained_Mempool
-{
- Eina_Inlist *first;
- const char *name;
- int item_alloc;
- int pool_size;
- int alloc_size;
- int group_size;
- int usage;
+struct _Chained_Mempool {
+ Eina_Inlist *first;
+ const char *name;
+ int item_alloc;
+ int pool_size;
+ int alloc_size;
+ int group_size;
+ int usage;
#ifdef EFL_HAVE_THREADS
-# ifdef EFL_HAVE_POSIX_THREADS
- pthread_mutex_t mutex;
-# else
- HANDLE mutex;
-# endif
+#ifdef EFL_HAVE_POSIX_THREADS
+ pthread_mutex_t mutex;
+#else
+ HANDLE mutex;
+#endif
#endif
};
typedef struct _Chained_Pool Chained_Pool;
-struct _Chained_Pool
-{
- EINA_INLIST;
- Eina_Trash *base;
- int usage;
+struct _Chained_Pool {
+ EINA_INLIST;
+ Eina_Trash *base;
+ int usage;
};
-static inline Chained_Pool *
-_eina_chained_mp_pool_new(Chained_Mempool *pool)
+static inline Chained_Pool *_eina_chained_mp_pool_new(Chained_Mempool *
+ pool)
{
- Chained_Pool *p;
- unsigned char *ptr;
- int i;
-
- eina_error_set(0);
- p = malloc(pool->alloc_size);
- if (!p)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
-
- ptr = (unsigned char *)p + eina_mempool_alignof(sizeof(Chained_Pool));
- p->usage = 0;
- p->base = NULL;
- for (i = 0; i < pool->pool_size; ++i, ptr += pool->item_alloc)
- eina_trash_push(&p->base, ptr);
- return p;
+ Chained_Pool *p;
+ unsigned char *ptr;
+ int i;
+
+ eina_error_set(0);
+ p = malloc(pool->alloc_size);
+ if (!p) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+
+ ptr =
+ (unsigned char *) p +
+ eina_mempool_alignof(sizeof(Chained_Pool));
+ p->usage = 0;
+ p->base = NULL;
+ for (i = 0; i < pool->pool_size; ++i, ptr += pool->item_alloc)
+ eina_trash_push(&p->base, ptr);
+ return p;
}
-static inline void
-_eina_chained_mp_pool_free(Chained_Pool *p)
+static inline void _eina_chained_mp_pool_free(Chained_Pool * p)
{
- free(p);
+ free(p);
}
-static void *
-eina_chained_mempool_malloc(void *data, __UNUSED__ unsigned int size)
+static void *eina_chained_mempool_malloc(void *data,
+ __UNUSED__ unsigned int size)
{
- Chained_Mempool *pool = data;
- Chained_Pool *p = NULL;
- void *mem;
+ Chained_Mempool *pool = data;
+ Chained_Pool *p = NULL;
+ void *mem;
#ifdef EFL_HAVE_THREADS
-# ifdef EFL_HAVE_POSIX_THREADS
- pthread_mutex_lock(&pool->mutex);
-# else
- WaitForSingleObject(pool->mutex, INFINITE);
-# endif
+#ifdef EFL_HAVE_POSIX_THREADS
+ pthread_mutex_lock(&pool->mutex);
+#else
+ WaitForSingleObject(pool->mutex, INFINITE);
+#endif
#endif
- // look 4 pool from 2nd bucket on
- EINA_INLIST_FOREACH(pool->first, p)
- {
- // base is not NULL - has a free slot
- if (p->base)
- {
- pool->first = eina_inlist_demote(pool->first, EINA_INLIST_GET(p));
- break;
- }
- }
-
- // we have reached the end of the list - no free pools
- if (!p)
- {
- p = _eina_chained_mp_pool_new(pool);
- if (!p)
- {
+ // look 4 pool from 2nd bucket on
+ EINA_INLIST_FOREACH(pool->first, p) {
+ // base is not NULL - has a free slot
+ if (p->base) {
+ pool->first =
+ eina_inlist_demote(pool->first,
+ EINA_INLIST_GET(p));
+ break;
+ }
+ }
+
+ // we have reached the end of the list - no free pools
+ if (!p) {
+ p = _eina_chained_mp_pool_new(pool);
+ if (!p) {
#ifdef EFL_HAVE_PTHREAD
-# ifdef EFL_HAVE_POSIX_THREADS
- pthread_mutex_unlock(&pool->mutex);
-# else
- ReleaseMutex(pool->mutex);
-# endif
+#ifdef EFL_HAVE_POSIX_THREADS
+ pthread_mutex_unlock(&pool->mutex);
+#else
+ ReleaseMutex(pool->mutex);
#endif
- return NULL;
- }
-
- pool->first = eina_inlist_prepend(pool->first, EINA_INLIST_GET(p));
- }
-
- // Request a free pointer
- mem = eina_trash_pop(&p->base);
- // move to end - it just filled up
- if (!p->base)
- pool->first = eina_inlist_demote(pool->first, EINA_INLIST_GET(p));
-
- p->usage++;
- pool->usage++;
+#endif
+ return NULL;
+ }
+
+ pool->first =
+ eina_inlist_prepend(pool->first, EINA_INLIST_GET(p));
+ }
+ // Request a free pointer
+ mem = eina_trash_pop(&p->base);
+ // move to end - it just filled up
+ if (!p->base)
+ pool->first =
+ eina_inlist_demote(pool->first, EINA_INLIST_GET(p));
+
+ p->usage++;
+ pool->usage++;
#ifdef EFL_HAVE_THREADS
-# ifdef EFL_HAVE_POSIX_THREADS
- pthread_mutex_unlock(&pool->mutex);
-# else
- ReleaseMutex(pool->mutex);
-# endif
+#ifdef EFL_HAVE_POSIX_THREADS
+ pthread_mutex_unlock(&pool->mutex);
+#else
+ ReleaseMutex(pool->mutex);
+#endif
#endif
- return mem;
+ return mem;
}
-static void
-eina_chained_mempool_free(void *data, void *ptr)
+static void eina_chained_mempool_free(void *data, void *ptr)
{
- Chained_Mempool *pool = data;
- Chained_Pool *p;
- void *pmem;
- int psize;
+ Chained_Mempool *pool = data;
+ Chained_Pool *p;
+ void *pmem;
+ int psize;
- psize = pool->group_size;
- // look 4 pool
+ psize = pool->group_size;
+ // look 4 pool
#ifdef EFL_HAVE_THREADS
-# ifdef EFL_HAVE_POSIX_THREADS
- pthread_mutex_lock(&pool->mutex);
-# else
- WaitForSingleObject(pool->mutex, INFINITE);
-# endif
+#ifdef EFL_HAVE_POSIX_THREADS
+ pthread_mutex_lock(&pool->mutex);
+#else
+ WaitForSingleObject(pool->mutex, INFINITE);
+#endif
#endif
- EINA_INLIST_FOREACH(pool->first, p)
- {
- // pool mem base
- pmem = (void *)(((unsigned char *)p) + sizeof(Chained_Pool));
- // is it in pool mem?
- if ((ptr >= pmem) &&
- ((unsigned char *)ptr < (((unsigned char *)pmem) + psize)))
- {
- // freed node points to prev free node
- eina_trash_push(&p->base, ptr);
- // next free node is now the one we freed
- p->usage--;
- pool->usage--;
- if (p->usage == 0)
- {
- // free bucket
- pool->first = eina_inlist_remove(pool->first, EINA_INLIST_GET(p));
- _eina_chained_mp_pool_free(p);
- }
- else
- // move to front
- pool->first = eina_inlist_promote(pool->first, EINA_INLIST_GET(p));
-
- break;
- }
- }
+ EINA_INLIST_FOREACH(pool->first, p) {
+ // pool mem base
+ pmem =
+ (void *) (((unsigned char *) p) +
+ sizeof(Chained_Pool));
+ // is it in pool mem?
+ if ((ptr >= pmem) &&
+ ((unsigned char *) ptr <
+ (((unsigned char *) pmem) + psize))) {
+ // freed node points to prev free node
+ eina_trash_push(&p->base, ptr);
+ // next free node is now the one we freed
+ p->usage--;
+ pool->usage--;
+ if (p->usage == 0) {
+ // free bucket
+ pool->first =
+ eina_inlist_remove(pool->first,
+ EINA_INLIST_GET(p));
+ _eina_chained_mp_pool_free(p);
+ } else
+ // move to front
+ pool->first =
+ eina_inlist_promote(pool->first,
+ EINA_INLIST_GET
+ (p));
+
+ break;
+ }
+ }
#ifdef EFL_HAVE_THREADS
-# ifdef EFL_HAVE_POSIX_THREADS
- pthread_mutex_unlock(&pool->mutex);
-# else
- ReleaseMutex(pool->mutex);
-# endif
+#ifdef EFL_HAVE_POSIX_THREADS
+ pthread_mutex_unlock(&pool->mutex);
+#else
+ ReleaseMutex(pool->mutex);
+#endif
#endif
}
-static void *
-eina_chained_mempool_realloc(__UNUSED__ void *data,
- __UNUSED__ void *element,
- __UNUSED__ unsigned int size)
+static void *eina_chained_mempool_realloc(__UNUSED__ void *data,
+ __UNUSED__ void *element,
+ __UNUSED__ unsigned int size)
{
- return NULL;
+ return NULL;
}
-static void *
-eina_chained_mempool_init(const char *context,
- __UNUSED__ const char *option,
- va_list args)
+static void *eina_chained_mempool_init(const char *context,
+ __UNUSED__ const char *option,
+ va_list args)
{
- Chained_Mempool *mp;
- int item_size;
- size_t length;
+ Chained_Mempool *mp;
+ int item_size;
+ size_t length;
- length = context ? strlen(context) + 1 : 0;
+ length = context ? strlen(context) + 1 : 0;
- mp = calloc(1, sizeof(Chained_Mempool) + length);
- if (!mp)
- return NULL;
+ mp = calloc(1, sizeof(Chained_Mempool) + length);
+ if (!mp)
+ return NULL;
- item_size = va_arg(args, int);
- mp->pool_size = va_arg(args, int);
+ item_size = va_arg(args, int);
+ mp->pool_size = va_arg(args, int);
- if (length)
- {
- mp->name = (const char *)(mp + 1);
- memcpy((char *)mp->name, context, length);
- }
+ if (length) {
+ mp->name = (const char *) (mp + 1);
+ memcpy((char *) mp->name, context, length);
+ }
- mp->item_alloc = eina_mempool_alignof(item_size);
- mp->group_size = mp->item_alloc * mp->pool_size;
- mp->alloc_size = mp->group_size + eina_mempool_alignof(sizeof(Chained_Pool));
+ mp->item_alloc = eina_mempool_alignof(item_size);
+ mp->group_size = mp->item_alloc * mp->pool_size;
+ mp->alloc_size =
+ mp->group_size + eina_mempool_alignof(sizeof(Chained_Pool));
#ifdef EFL_HAVE_THREADS
-# ifdef EFL_HAVE_POSIX_THREADS
- pthread_mutex_init(&mp->mutex, NULL);
-# else
- mp->mutex = CreateMutex(NULL, FALSE, NULL);
-# endif
+#ifdef EFL_HAVE_POSIX_THREADS
+ pthread_mutex_init(&mp->mutex, NULL);
+#else
+ mp->mutex = CreateMutex(NULL, FALSE, NULL);
+#endif
#endif
- return mp;
+ return mp;
}
-static void
-eina_chained_mempool_shutdown(void *data)
+static void eina_chained_mempool_shutdown(void *data)
{
- Chained_Mempool *mp;
+ Chained_Mempool *mp;
- mp = (Chained_Mempool *)data;
+ mp = (Chained_Mempool *) data;
- while (mp->first)
- {
- Chained_Pool *p = (Chained_Pool *)mp->first;
+ while (mp->first) {
+ Chained_Pool *p = (Chained_Pool *) mp->first;
#ifdef DEBUG
- if (p->usage > 0)
- INF("Bad news we are destroying not an empty mempool [%s]\n",
- mp->name);
+ if (p->usage > 0)
+ INF("Bad news we are destroying not an empty mempool [%s]\n", mp->name);
#endif
- mp->first = eina_inlist_remove(mp->first, mp->first);
- _eina_chained_mp_pool_free(p);
- }
+ mp->first = eina_inlist_remove(mp->first, mp->first);
+ _eina_chained_mp_pool_free(p);
+ }
#ifdef EFL_HAVE_THREADS
-# ifdef EFL_HAVE_POSIX_THREADS
- pthread_mutex_destroy(&mp->mutex);
-# else
- CloseHandle(mp->mutex);
-# endif
+#ifdef EFL_HAVE_POSIX_THREADS
+ pthread_mutex_destroy(&mp->mutex);
+#else
+ CloseHandle(mp->mutex);
+#endif
#endif
- free(mp);
+ free(mp);
}
static Eina_Mempool_Backend _eina_chained_mp_backend = {
- "chained_mempool",
- &eina_chained_mempool_init,
- &eina_chained_mempool_free,
- &eina_chained_mempool_malloc,
- &eina_chained_mempool_realloc,
- NULL,
- NULL,
- &eina_chained_mempool_shutdown
+ "chained_mempool",
+ &eina_chained_mempool_init,
+ &eina_chained_mempool_free,
+ &eina_chained_mempool_malloc,
+ &eina_chained_mempool_realloc,
+ NULL,
+ NULL,
+ &eina_chained_mempool_shutdown
};
Eina_Bool chained_init(void)
{
#ifdef DEBUG
- _eina_mempool_log_dom = eina_log_domain_register("eina_mempool",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_mempool_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_mempool");
- return EINA_FALSE;
- }
-
+ _eina_mempool_log_dom = eina_log_domain_register("eina_mempool",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_mempool_log_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_mempool");
+ return EINA_FALSE;
+ }
#endif
- return eina_mempool_register(&_eina_chained_mp_backend);
+ return eina_mempool_register(&_eina_chained_mp_backend);
}
void chained_shutdown(void)
{
- eina_mempool_unregister(&_eina_chained_mp_backend);
+ eina_mempool_unregister(&_eina_chained_mp_backend);
#ifdef DEBUG
- eina_log_domain_unregister(_eina_mempool_log_dom);
- _eina_mempool_log_dom = -1;
+ eina_log_domain_unregister(_eina_mempool_log_dom);
+ _eina_mempool_log_dom = -1;
#endif
}
@@ -348,4 +342,4 @@ void chained_shutdown(void)
EINA_MODULE_INIT(chained_init);
EINA_MODULE_SHUTDOWN(chained_shutdown);
-#endif /* ! EINA_STATIC_BUILD_CHAINED_POOL */
+#endif /* ! EINA_STATIC_BUILD_CHAINED_POOL */
diff --git a/tests/suite/ecore/src/lib/eina_convert.c b/tests/suite/ecore/src/lib/eina_convert.c
index 0d75469ca0..d949723c28 100644
--- a/tests/suite/ecore/src/lib/eina_convert.c
+++ b/tests/suite/ecore/src/lib/eina_convert.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <math.h>
@@ -26,7 +26,7 @@
#include <stdio.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -46,9 +46,11 @@
* @cond LOCAL
*/
-static const char look_up_table[] = {'0', '1', '2', '3', '4',
- '5', '6', '7', '8', '9',
- 'a', 'b', 'c', 'd', 'e', 'f'};
+static const char look_up_table[] = { '0', '1', '2', '3', '4',
+ '5', '6', '7', '8', '9',
+ 'a', 'b', 'c', 'd', 'e', 'f'
+};
+
static int _eina_convert_log_dom = -1;
#ifdef ERR
@@ -65,15 +67,14 @@ static int _eina_convert_log_dom = -1;
static inline void reverse(char s[], int length)
{
- int i, j;
- char c;
-
- for (i = 0, j = length - 1; i < j; i++, j--)
- {
- c = s[i];
- s[i] = s[j];
- s[j] = c;
- }
+ int i, j;
+ char c;
+
+ for (i = 0, j = length - 1; i < j; i++, j--) {
+ c = s[i];
+ s[i] = s[j];
+ s[j] = c;
+ }
}
/**
@@ -93,11 +94,11 @@ EAPI Eina_Error EINA_ERROR_CONVERT_0X_NOT_FOUND = 0;
EAPI Eina_Error EINA_ERROR_CONVERT_OUTRUN_STRING_LENGTH = 0;
static const char EINA_ERROR_CONVERT_0X_NOT_FOUND_STR[] =
- "Error during string conversion to float, First '0x' was not found.";
+ "Error during string conversion to float, First '0x' was not found.";
static const char EINA_ERROR_CONVERT_P_NOT_FOUND_STR[] =
- "Error during string conversion to float, First 'p' was not found.";
+ "Error during string conversion to float, First 'p' was not found.";
static const char EINA_ERROR_CONVERT_OUTRUN_STRING_LENGTH_STR[] =
- "Error outrun string limit during conversion string conversion to float.";
+ "Error outrun string limit during conversion string conversion to float.";
/**
* @endcond
@@ -119,24 +120,22 @@ static const char EINA_ERROR_CONVERT_OUTRUN_STRING_LENGTH_STR[] =
*
* @see eina_init()
*/
-Eina_Bool
-eina_convert_init(void)
+Eina_Bool eina_convert_init(void)
{
- _eina_convert_log_dom = eina_log_domain_register("eina_convert",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_convert_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_convert");
- return EINA_FALSE;
- }
-
+ _eina_convert_log_dom = eina_log_domain_register("eina_convert",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_convert_log_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_convert");
+ return EINA_FALSE;
+ }
#define EEMR(n) n = eina_error_msg_static_register(n ## _STR)
- EEMR(EINA_ERROR_CONVERT_0X_NOT_FOUND);
- EEMR(EINA_ERROR_CONVERT_P_NOT_FOUND);
- EEMR(EINA_ERROR_CONVERT_OUTRUN_STRING_LENGTH);
+ EEMR(EINA_ERROR_CONVERT_0X_NOT_FOUND);
+ EEMR(EINA_ERROR_CONVERT_P_NOT_FOUND);
+ EEMR(EINA_ERROR_CONVERT_OUTRUN_STRING_LENGTH);
#undef EEMR
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -150,12 +149,11 @@ eina_convert_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_convert_shutdown(void)
+Eina_Bool eina_convert_shutdown(void)
{
- eina_log_domain_unregister(_eina_convert_log_dom);
- _eina_convert_log_dom = -1;
- return EINA_TRUE;
+ eina_log_domain_unregister(_eina_convert_log_dom);
+ _eina_convert_log_dom = -1;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -305,30 +303,28 @@ eina_convert_shutdown(void)
* The returned value is the length of the string, including the nul
* terminated character.
*/
-EAPI int
-eina_convert_itoa(int n, char *s)
+EAPI int eina_convert_itoa(int n, char *s)
{
- int i = 0;
- int r = 0;
+ int i = 0;
+ int r = 0;
- EINA_SAFETY_ON_NULL_RETURN_VAL(s, 0);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(s, 0);
- if (n < 0)
- {
- n = -n;
- *s++ = '-';
- r = 1;
- }
+ if (n < 0) {
+ n = -n;
+ *s++ = '-';
+ r = 1;
+ }
- do {
- s[i++] = n % 10 + '0';
- } while ((n /= 10) > 0);
+ do {
+ s[i++] = n % 10 + '0';
+ } while ((n /= 10) > 0);
- s[i] = '\0';
+ s[i] = '\0';
- reverse(s, i);
+ reverse(s, i);
- return i + r;
+ return i + r;
}
/**
@@ -347,23 +343,22 @@ eina_convert_itoa(int n, char *s)
* The returned value is the length of the string, including the nul
* terminated character.
*/
-EAPI int
-eina_convert_xtoa(unsigned int n, char *s)
+EAPI int eina_convert_xtoa(unsigned int n, char *s)
{
- int i;
+ int i;
- EINA_SAFETY_ON_NULL_RETURN_VAL(s, 0);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(s, 0);
- i = 0;
- do {
- s[i++] = look_up_table[n & 0xF];
- } while ((n >>= 4) > 0);
+ i = 0;
+ do {
+ s[i++] = look_up_table[n & 0xF];
+ } while ((n >>= 4) > 0);
- s[i] = '\0';
+ s[i] = '\0';
- reverse(s, i);
+ reverse(s, i);
- return i;
+ return i;
}
/**
@@ -411,99 +406,96 @@ eina_convert_xtoa(unsigned int n, char *s)
EAPI Eina_Bool
eina_convert_atod(const char *src, int length, long long *m, long *e)
{
- const char *str = src;
- long long mantisse;
- long exponent;
- int nbr_decimals = 0;
- int sign = 1;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(src, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(m, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(e, EINA_FALSE);
-
- if (length <= 0)
- goto on_length_error;
-
- /* Compute the mantisse. */
- if (*str == '-')
- {
- sign = -1;
- str++;
- length--;
- }
-
- if (length <= 2)
- goto on_length_error;
-
- if (strncmp(str, "0x", 2))
- {
- eina_error_set(EINA_ERROR_CONVERT_0X_NOT_FOUND);
- DBG("'0x' not found in '%s'", src);
- return EINA_FALSE;
- }
-
- str += 2;
- length -= 2;
-
- mantisse = HEXA_TO_INT(*str);
-
- str++;
- length--; if (length <= 0)
- goto on_length_error;
-
- if (*str == '.')
- for (str++, length--;
- length > 0 && *str != 'p';
- ++str, --length, ++nbr_decimals)
- {
- mantisse <<= 4;
- mantisse += HEXA_TO_INT(*str);
- }
-
- if (sign < 0)
- mantisse = -mantisse;
-
- /* Compute the exponent. */
- if (*str != 'p')
- {
- eina_error_set(EINA_ERROR_CONVERT_P_NOT_FOUND);
- DBG("'p' not found in '%s'", src);
- return EINA_FALSE;
- }
-
- sign = +1;
-
- str++;
- length--; if (length <= 0)
- goto on_length_error;
-
- if (strchr("-+", *str))
- {
- sign = (*str == '-') ? -1 : +1;
-
- str++; length--;
- }
-
- for (exponent = 0; length > 0 && *str != '\0'; ++str, --length)
- {
- exponent *= 10;
- exponent += *str - '0';
- }
-
- if (length < 0)
- goto on_length_error;
-
- if (sign < 0)
- exponent = -exponent;
-
- *m = mantisse;
- *e = exponent - (nbr_decimals << 2);
-
- return EINA_TRUE;
-
-on_length_error:
- eina_error_set(EINA_ERROR_CONVERT_OUTRUN_STRING_LENGTH);
- return EINA_FALSE;
+ const char *str = src;
+ long long mantisse;
+ long exponent;
+ int nbr_decimals = 0;
+ int sign = 1;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(src, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(m, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(e, EINA_FALSE);
+
+ if (length <= 0)
+ goto on_length_error;
+
+ /* Compute the mantisse. */
+ if (*str == '-') {
+ sign = -1;
+ str++;
+ length--;
+ }
+
+ if (length <= 2)
+ goto on_length_error;
+
+ if (strncmp(str, "0x", 2)) {
+ eina_error_set(EINA_ERROR_CONVERT_0X_NOT_FOUND);
+ DBG("'0x' not found in '%s'", src);
+ return EINA_FALSE;
+ }
+
+ str += 2;
+ length -= 2;
+
+ mantisse = HEXA_TO_INT(*str);
+
+ str++;
+ length--;
+ if (length <= 0)
+ goto on_length_error;
+
+ if (*str == '.')
+ for (str++, length--;
+ length > 0 && *str != 'p';
+ ++str, --length, ++nbr_decimals) {
+ mantisse <<= 4;
+ mantisse += HEXA_TO_INT(*str);
+ }
+
+ if (sign < 0)
+ mantisse = -mantisse;
+
+ /* Compute the exponent. */
+ if (*str != 'p') {
+ eina_error_set(EINA_ERROR_CONVERT_P_NOT_FOUND);
+ DBG("'p' not found in '%s'", src);
+ return EINA_FALSE;
+ }
+
+ sign = +1;
+
+ str++;
+ length--;
+ if (length <= 0)
+ goto on_length_error;
+
+ if (strchr("-+", *str)) {
+ sign = (*str == '-') ? -1 : +1;
+
+ str++;
+ length--;
+ }
+
+ for (exponent = 0; length > 0 && *str != '\0'; ++str, --length) {
+ exponent *= 10;
+ exponent += *str - '0';
+ }
+
+ if (length < 0)
+ goto on_length_error;
+
+ if (sign < 0)
+ exponent = -exponent;
+
+ *m = mantisse;
+ *e = exponent - (nbr_decimals << 2);
+
+ return EINA_TRUE;
+
+ on_length_error:
+ eina_error_set(EINA_ERROR_CONVERT_OUTRUN_STRING_LENGTH);
+ return EINA_FALSE;
}
/**
@@ -528,67 +520,59 @@ on_length_error:
* The returned value is the length of the string, including the nul
* character.
*/
-EAPI int
-eina_convert_dtoa(double d, char *des)
+EAPI int eina_convert_dtoa(double d, char *des)
{
- int length = 0;
- int p;
- int i;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(des, EINA_FALSE);
-
- if (d < 0.0)
- {
- *(des++) = '-';
- d = -d;
- length++;
- }
-
- d = frexp(d, &p);
-
- if (p)
- {
- d *= 2;
- p -= 1;
- }
-
- *(des++) = '0';
- *(des++) = 'x';
- *(des++) = look_up_table[(size_t)d];
- *(des++) = '.';
- length += 4;
-
- for (i = 0; i < 16; i++, length++)
- {
- d -= floor(d);
- d *= 16;
- *(des++) = look_up_table[(size_t)d];
- }
-
- while (*(des - 1) == '0')
- {
- des--;
- length--;
- }
-
- if (*(des - 1) == '.')
- {
- des--;
- length--;
- }
-
- *(des++) = 'p';
- if (p < 0)
- {
- *(des++) = '-';
- p = -p;
- }
- else
- *(des++) = '+';
-
- length += 2;
-
- return length + eina_convert_itoa(p, des);
+ int length = 0;
+ int p;
+ int i;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(des, EINA_FALSE);
+
+ if (d < 0.0) {
+ *(des++) = '-';
+ d = -d;
+ length++;
+ }
+
+ d = frexp(d, &p);
+
+ if (p) {
+ d *= 2;
+ p -= 1;
+ }
+
+ *(des++) = '0';
+ *(des++) = 'x';
+ *(des++) = look_up_table[(size_t) d];
+ *(des++) = '.';
+ length += 4;
+
+ for (i = 0; i < 16; i++, length++) {
+ d -= floor(d);
+ d *= 16;
+ *(des++) = look_up_table[(size_t) d];
+ }
+
+ while (*(des - 1) == '0') {
+ des--;
+ length--;
+ }
+
+ if (*(des - 1) == '.') {
+ des--;
+ length--;
+ }
+
+ *(des++) = 'p';
+ if (p < 0) {
+ *(des++) = '-';
+ p = -p;
+ } else
+ *(des++) = '+';
+
+ length += 2;
+
+ return length + eina_convert_itoa(p, des);
}
/**
@@ -618,88 +602,77 @@ eina_convert_dtoa(double d, char *des)
* implements the frexp() function for fixed point numbers and does
* some optimisations.
*/
-EAPI int
-eina_convert_fptoa(Eina_F32p32 fp, char *des)
+EAPI int eina_convert_fptoa(Eina_F32p32 fp, char *des)
{
- int length = 0;
- int p = 0;
- int i;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(des, EINA_FALSE);
-
- if (fp == 0)
- {
- memcpy(des, "0x0p+0", 7);
- return 7;
- }
-
- if (fp < 0)
- {
- *(des++) = '-';
- fp = -fp;
- length++;
- }
-
- /* fp >= 1 */
- if (fp >= 0x0000000100000000LL)
- while (fp >= 0x0000000100000000LL)
- {
- p++;
- /* fp /= 2 */
- fp >>= 1;
- } /* fp < 0.5 */
- else if (fp < 0x80000000)
- while (fp < 0x80000000)
- {
- p--;
- /* fp *= 2 */
- fp <<= 1;
- }
-
- if (p)
- {
- p--;
- /* fp *= 2 */
- fp <<= 1;
- }
-
- *(des++) = '0';
- *(des++) = 'x';
- *(des++) = look_up_table[fp >> 32];
- *(des++) = '.';
- length += 4;
-
- for (i = 0; i < 16; i++, length++)
- {
- fp &= 0x00000000ffffffffLL;
- fp <<= 4; /* fp *= 16 */
- *(des++) = look_up_table[fp >> 32];
- }
-
- while (*(des - 1) == '0')
- {
- des--;
- length--;
- }
-
- if (*(des - 1) == '.')
- {
- des--;
- length--;
- }
-
- *(des++) = 'p';
- if (p < 0)
- {
- *(des++) = '-';
- p = -p;
- }
- else
- *(des++) = '+';
-
- length += 2;
-
- return length + eina_convert_itoa(p, des);
+ int length = 0;
+ int p = 0;
+ int i;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(des, EINA_FALSE);
+
+ if (fp == 0) {
+ memcpy(des, "0x0p+0", 7);
+ return 7;
+ }
+
+ if (fp < 0) {
+ *(des++) = '-';
+ fp = -fp;
+ length++;
+ }
+
+ /* fp >= 1 */
+ if (fp >= 0x0000000100000000LL)
+ while (fp >= 0x0000000100000000LL) {
+ p++;
+ /* fp /= 2 */
+ fp >>= 1;
+ } /* fp < 0.5 */
+ else if (fp < 0x80000000)
+ while (fp < 0x80000000) {
+ p--;
+ /* fp *= 2 */
+ fp <<= 1;
+ }
+
+ if (p) {
+ p--;
+ /* fp *= 2 */
+ fp <<= 1;
+ }
+
+ *(des++) = '0';
+ *(des++) = 'x';
+ *(des++) = look_up_table[fp >> 32];
+ *(des++) = '.';
+ length += 4;
+
+ for (i = 0; i < 16; i++, length++) {
+ fp &= 0x00000000ffffffffLL;
+ fp <<= 4; /* fp *= 16 */
+ *(des++) = look_up_table[fp >> 32];
+ }
+
+ while (*(des - 1) == '0') {
+ des--;
+ length--;
+ }
+
+ if (*(des - 1) == '.') {
+ des--;
+ length--;
+ }
+
+ *(des++) = 'p';
+ if (p < 0) {
+ *(des++) = '-';
+ p = -p;
+ } else
+ *(des++) = '+';
+
+ length += 2;
+
+ return length + eina_convert_itoa(p, des);
}
/**
@@ -747,25 +720,25 @@ eina_convert_fptoa(Eina_F32p32 fp, char *des)
* shift to compute the fixed point number.
*/
EAPI Eina_Bool
-eina_convert_atofp(const char *src, int length, Eina_F32p32 *fp)
+eina_convert_atofp(const char *src, int length, Eina_F32p32 * fp)
{
- long long m;
- long e;
+ long long m;
+ long e;
- if (!eina_convert_atod(src, length, &m, &e))
- return EINA_FALSE;
+ if (!eina_convert_atod(src, length, &m, &e))
+ return EINA_FALSE;
- if (!fp)
- return EINA_TRUE;
+ if (!fp)
+ return EINA_TRUE;
- e += 32;
+ e += 32;
- if (e > 0)
- *fp = m << e;
- else
- *fp = m >> -e;
+ if (e > 0)
+ *fp = m << e;
+ else
+ *fp = m >> -e;
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_counter.c b/tests/suite/ecore/src/lib/eina_counter.c
index 8c430dc162..b22c8ac067 100644
--- a/tests/suite/ecore/src/lib/eina_counter.c
+++ b/tests/suite/ecore/src/lib/eina_counter.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
@@ -25,12 +25,12 @@
#include <string.h>
#include <stdarg.h>
#ifndef _WIN32
-# include <time.h>
+#include <time.h>
#else
-# define WIN32_LEAN_AND_MEAN
-# include <windows.h>
-# undef WIN32_LEAN_AND_MEAN
-#endif /* _WIN2 */
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#undef WIN32_LEAN_AND_MEAN
+#endif /* _WIN2 */
#include "eina_config.h"
#include "eina_private.h"
@@ -57,90 +57,84 @@ typedef LARGE_INTEGER Eina_Nano_Time;
typedef struct _Eina_Clock Eina_Clock;
-struct _Eina_Counter
-{
- EINA_INLIST;
+struct _Eina_Counter {
+ EINA_INLIST;
- Eina_Inlist *clocks;
- const char *name;
+ Eina_Inlist *clocks;
+ const char *name;
};
-struct _Eina_Clock
-{
- EINA_INLIST;
+struct _Eina_Clock {
+ EINA_INLIST;
- Eina_Nano_Time start;
- Eina_Nano_Time end;
- int specimen;
+ Eina_Nano_Time start;
+ Eina_Nano_Time end;
+ int specimen;
- Eina_Bool valid;
+ Eina_Bool valid;
};
#ifndef _WIN32
-static inline int
-_eina_counter_time_get(Eina_Nano_Time *tp)
+static inline int _eina_counter_time_get(Eina_Nano_Time * tp)
{
-# if defined(CLOCK_PROCESS_CPUTIME_ID)
- return clock_gettime(CLOCK_PROCESS_CPUTIME_ID, tp);
-# elif defined(CLOCK_PROF)
- return clock_gettime(CLOCK_PROF, tp);
-# elif defined(CLOCK_REALTIME)
- return clock_gettime(CLOCK_REALTIME, tp);
-# else
- return gettimeofday(tp, NULL);
-# endif
+#if defined(CLOCK_PROCESS_CPUTIME_ID)
+ return clock_gettime(CLOCK_PROCESS_CPUTIME_ID, tp);
+#elif defined(CLOCK_PROF)
+ return clock_gettime(CLOCK_PROF, tp);
+#elif defined(CLOCK_REALTIME)
+ return clock_gettime(CLOCK_REALTIME, tp);
+#else
+ return gettimeofday(tp, NULL);
+#endif
}
#else
static const char EINA_ERROR_COUNTER_WINDOWS_STR[] =
- "Change your OS, you moron !";
+ "Change your OS, you moron !";
static int EINA_ERROR_COUNTER_WINDOWS = 0;
static LARGE_INTEGER _eina_counter_frequency;
-static inline int
-_eina_counter_time_get(Eina_Nano_Time *tp)
+static inline int _eina_counter_time_get(Eina_Nano_Time * tp)
{
- return QueryPerformanceCounter(tp);
+ return QueryPerformanceCounter(tp);
}
-#endif /* _WIN2 */
+#endif /* _WIN2 */
-static char *
-_eina_counter_asiprintf(char *base, int *position, const char *format, ...)
+static char *_eina_counter_asiprintf(char *base, int *position,
+ const char *format, ...)
{
- char *tmp, *result;
- int size = 32;
- int n;
- va_list ap;
-
- tmp = realloc(base, sizeof (char) * (*position + size));
- if (!tmp)
- return base;
-
- result = tmp;
-
- while (1)
- {
- va_start(ap, format);
- n = vsnprintf(result + *position, size, format, ap);
- va_end(ap);
-
- if (n > -1 && n < size)
- {
- /* If we always have glibc > 2.2, we could just return *position += n. */
- *position += strlen(result + *position);
- return result;
- }
-
- if (n > -1)
- size = n + 1;
- else
- size <<= 1;
-
- tmp = realloc(result, sizeof (char) * (*position + size));
- if (!tmp)
- return result;
-
- result = tmp;
- }
+ char *tmp, *result;
+ int size = 32;
+ int n;
+ va_list ap;
+
+ tmp = realloc(base, sizeof(char) * (*position + size));
+ if (!tmp)
+ return base;
+
+ result = tmp;
+
+ while (1) {
+ va_start(ap, format);
+ n = vsnprintf(result + *position, size, format, ap);
+ va_end(ap);
+
+ if (n > -1 && n < size) {
+ /* If we always have glibc > 2.2, we could just return *position += n. */
+ *position += strlen(result + *position);
+ return result;
+ }
+
+ if (n > -1)
+ size = n + 1;
+ else
+ size <<= 1;
+
+ tmp = realloc(result, sizeof(char) * (*position + size));
+ if (!tmp)
+ return result;
+
+ result = tmp;
+ }
}
/**
@@ -168,20 +162,17 @@ _eina_counter_asiprintf(char *base, int *position, const char *format, ...)
*
* @see eina_init()
*/
-Eina_Bool
-eina_counter_init(void)
+Eina_Bool eina_counter_init(void)
{
#ifdef _WIN32
- EINA_ERROR_COUNTER_WINDOWS = eina_error_msg_static_register(
- EINA_ERROR_COUNTER_WINDOWS_STR);
- if (!QueryPerformanceFrequency(&_eina_counter_frequency))
- {
- eina_error_set(EINA_ERROR_COUNTER_WINDOWS);
- return EINA_FALSE;
- }
-
-#endif /* _WIN2 */
- return EINA_TRUE;
+ EINA_ERROR_COUNTER_WINDOWS =
+ eina_error_msg_static_register(EINA_ERROR_COUNTER_WINDOWS_STR);
+ if (!QueryPerformanceFrequency(&_eina_counter_frequency)) {
+ eina_error_set(EINA_ERROR_COUNTER_WINDOWS);
+ return EINA_FALSE;
+ }
+#endif /* _WIN2 */
+ return EINA_TRUE;
}
/**
@@ -195,10 +186,9 @@ eina_counter_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_counter_shutdown(void)
+Eina_Bool eina_counter_shutdown(void)
{
- return EINA_TRUE;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -301,28 +291,26 @@ eina_counter_shutdown(void)
* Whe the new counter is not needed anymore, use eina_counter_free() to
* free the allocated memory.
*/
-EAPI Eina_Counter *
-eina_counter_new(const char *name)
+EAPI Eina_Counter *eina_counter_new(const char *name)
{
- Eina_Counter *counter;
- size_t length;
+ Eina_Counter *counter;
+ size_t length;
- EINA_SAFETY_ON_NULL_RETURN_VAL(name, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(name, NULL);
- length = strlen(name) + 1;
+ length = strlen(name) + 1;
- eina_error_set(0);
- counter = calloc(1, sizeof (Eina_Counter) + length);
- if (!counter)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ counter = calloc(1, sizeof(Eina_Counter) + length);
+ if (!counter) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- counter->name = (char *)(counter + 1);
- memcpy((char *)counter->name, name, length);
+ counter->name = (char *) (counter + 1);
+ memcpy((char *) counter->name, name, length);
- return counter;
+ return counter;
}
/**
@@ -335,20 +323,19 @@ eina_counter_new(const char *name)
* @p counter. If @p counter is @c NULL, the function returns
* immediately.
*/
-EAPI void
-eina_counter_free(Eina_Counter *counter)
+EAPI void eina_counter_free(Eina_Counter * counter)
{
- EINA_SAFETY_ON_NULL_RETURN(counter);
+ EINA_SAFETY_ON_NULL_RETURN(counter);
- while (counter->clocks)
- {
- Eina_Clock *clk = (Eina_Clock *)counter->clocks;
+ while (counter->clocks) {
+ Eina_Clock *clk = (Eina_Clock *) counter->clocks;
- counter->clocks = eina_inlist_remove(counter->clocks, counter->clocks);
- free(clk);
- }
+ counter->clocks =
+ eina_inlist_remove(counter->clocks, counter->clocks);
+ free(clk);
+ }
- free(counter);
+ free(counter);
}
/**
@@ -367,28 +354,27 @@ eina_counter_free(Eina_Counter *counter)
* To stop the timing, eina_counter_stop() must be called with the
* same counter.
*/
-EAPI void
-eina_counter_start(Eina_Counter *counter)
+EAPI void eina_counter_start(Eina_Counter * counter)
{
- Eina_Clock *clk;
- Eina_Nano_Time tp;
+ Eina_Clock *clk;
+ Eina_Nano_Time tp;
- EINA_SAFETY_ON_NULL_RETURN(counter);
- if (_eina_counter_time_get(&tp) != 0)
- return;
+ EINA_SAFETY_ON_NULL_RETURN(counter);
+ if (_eina_counter_time_get(&tp) != 0)
+ return;
- eina_error_set(0);
- clk = calloc(1, sizeof (Eina_Clock));
- if (!clk)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return;
- }
+ eina_error_set(0);
+ clk = calloc(1, sizeof(Eina_Clock));
+ if (!clk) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return;
+ }
- counter->clocks = eina_inlist_prepend(counter->clocks, EINA_INLIST_GET(clk));
+ counter->clocks =
+ eina_inlist_prepend(counter->clocks, EINA_INLIST_GET(clk));
- clk->valid = EINA_FALSE;
- clk->start = tp;
+ clk->valid = EINA_FALSE;
+ clk->start = tp;
}
/**
@@ -403,24 +389,23 @@ eina_counter_start(Eina_Counter *counter)
* test. If @p counter or its associated clock are @c NULL, or if the
* time can't be retrieved the function exits.
*/
-EAPI void
-eina_counter_stop(Eina_Counter *counter, int specimen)
+EAPI void eina_counter_stop(Eina_Counter * counter, int specimen)
{
- Eina_Clock *clk;
- Eina_Nano_Time tp;
+ Eina_Clock *clk;
+ Eina_Nano_Time tp;
- EINA_SAFETY_ON_NULL_RETURN(counter);
- if (_eina_counter_time_get(&tp) != 0)
- return;
+ EINA_SAFETY_ON_NULL_RETURN(counter);
+ if (_eina_counter_time_get(&tp) != 0)
+ return;
- clk = (Eina_Clock *)counter->clocks;
+ clk = (Eina_Clock *) counter->clocks;
- if (!clk || clk->valid == EINA_TRUE)
- return;
+ if (!clk || clk->valid == EINA_TRUE)
+ return;
- clk->end = tp;
- clk->specimen = specimen;
- clk->valid = EINA_TRUE;
+ clk->end = tp;
+ clk->specimen = specimen;
+ clk->valid = EINA_TRUE;
}
/**
@@ -441,63 +426,64 @@ eina_counter_stop(Eina_Counter *counter, int specimen)
*
* The unit of time is the nanosecond.
*/
-EAPI char *
-eina_counter_dump(Eina_Counter *counter)
+EAPI char *eina_counter_dump(Eina_Counter * counter)
{
- Eina_Clock *clk;
- char *result = NULL;
- int position = 0;
+ Eina_Clock *clk;
+ char *result = NULL;
+ int position = 0;
- EINA_SAFETY_ON_NULL_RETURN_VAL(counter, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(counter, NULL);
- result = _eina_counter_asiprintf(
- result,
- &position,
- "# specimen\texperiment time\tstarting time\tending time\n");
- if (!result)
- return NULL;
+ result = _eina_counter_asiprintf(result,
+ &position,
+ "# specimen\texperiment time\tstarting time\tending time\n");
+ if (!result)
+ return NULL;
- EINA_INLIST_REVERSE_FOREACH(counter->clocks, clk)
- {
- long int start;
- long int end;
- long int diff;
+ EINA_INLIST_REVERSE_FOREACH(counter->clocks, clk) {
+ long int start;
+ long int end;
+ long int diff;
- if (clk->valid == EINA_FALSE)
- continue;
+ if (clk->valid == EINA_FALSE)
+ continue;
#ifndef _WIN32
- start = clk->start.tv_sec * 1000000000 + clk->start.tv_nsec;
- end = clk->end.tv_sec * 1000000000 + clk->end.tv_nsec;
- diff =
- (clk->end.tv_sec -
- clk->start.tv_sec) * 1000000000 + clk->end.tv_nsec -
- clk->start.tv_nsec;
+ start =
+ clk->start.tv_sec * 1000000000 + clk->start.tv_nsec;
+ end = clk->end.tv_sec * 1000000000 + clk->end.tv_nsec;
+ diff =
+ (clk->end.tv_sec -
+ clk->start.tv_sec) * 1000000000 + clk->end.tv_nsec -
+ clk->start.tv_nsec;
#else
- start =
- (long int)(((long long int)clk->start.QuadPart *
- 1000000000ll) /
- (long long int)_eina_counter_frequency.QuadPart);
- end =
- (long int)(((long long int)clk->end.QuadPart *
- 1000000000LL) /
- (long long int)_eina_counter_frequency.QuadPart);
- diff =
- (long int)(((long long int)(clk->end.QuadPart -
- clk->start.QuadPart) *
- 1000000000LL) /
- (long long int)_eina_counter_frequency.QuadPart);
-#endif /* _WIN2 */
-
- result = _eina_counter_asiprintf(result, &position,
- "%i\t%li\t%li\t%li\n",
- clk->specimen,
- diff,
- start,
- end);
- }
-
- return result;
+ start =
+ (long int) (((long long int) clk->start.QuadPart *
+ 1000000000ll) /
+ (long long int) _eina_counter_frequency.
+ QuadPart);
+ end =
+ (long
+ int) (((long long int) clk->end.QuadPart *
+ 1000000000LL) /
+ (long long int) _eina_counter_frequency.
+ QuadPart);
+ diff =
+ (long
+ int) (((long long int) (clk->end.QuadPart -
+ clk->start.QuadPart) *
+ 1000000000LL) /
+ (long long int) _eina_counter_frequency.
+ QuadPart);
+#endif /* _WIN2 */
+
+ result = _eina_counter_asiprintf(result, &position,
+ "%i\t%li\t%li\t%li\n",
+ clk->specimen,
+ diff, start, end);
+ }
+
+ return result;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_cpu.c b/tests/suite/ecore/src/lib/eina_cpu.c
index 1ee411fac6..ab8686fa2d 100644
--- a/tests/suite/ecore/src/lib/eina_cpu.c
+++ b/tests/suite/ecore/src/lib/eina_cpu.c
@@ -17,30 +17,30 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#ifdef EFL_HAVE_THREADS
-# ifdef _WIN32
-# define WIN32_LEAN_AND_MEAN
-# include <windows.h>
-# elif defined (__SUNPRO_C) || defined(__GNU__)
-# include <unistd.h>
-# elif defined (__FreeBSD__) || defined (__OpenBSD__) || \
+#ifdef _WIN32
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#elif defined (__SUNPRO_C) || defined(__GNU__)
+#include <unistd.h>
+#elif defined (__FreeBSD__) || defined (__OpenBSD__) || \
defined (__NetBSD__) || defined (__DragonFly__) || defined (__MacOSX__) || \
(defined (__MACH__) && defined (__APPLE__))
-# include <unistd.h>
-# include <sys/param.h>
-# include <sys/sysctl.h>
-# elif defined (__linux__) || defined(__GLIBC__)
-# define _GNU_SOURCE
-# include <sched.h>
-# endif
-# ifdef EFL_HAVE_POSIX_THREADS
-# include <pthread.h>
-# endif
-
-# define TH_MAX 8
+#include <unistd.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#elif defined (__linux__) || defined(__GLIBC__)
+#define _GNU_SOURCE
+#include <sched.h>
+#endif
+#ifdef EFL_HAVE_POSIX_THREADS
+#include <pthread.h>
+#endif
+
+#define TH_MAX 8
#endif
#include <stdio.h>
@@ -58,52 +58,51 @@
/* We save ebx and restore it to be PIC compatible */
static inline void _x86_cpuid(int op, int *a, int *b, int *c, int *d)
{
- asm volatile (
+ asm volatile (
#if defined(__x86_64__)
- "pushq %%rbx \n\t" /* save %ebx */
+ "pushq %%rbx \n\t" /* save %ebx */
#else
- "pushl %%ebx \n\t" /* save %ebx */
+ "pushl %%ebx \n\t" /* save %ebx */
#endif
- "cpuid \n\t"
- "movl %%ebx, %1 \n\t" /* save what cpuid just put in %ebx */
+ "cpuid \n\t" "movl %%ebx, %1 \n\t" /* save what cpuid just put in %ebx */
#if defined(__x86_64__)
- "popq %%rbx \n\t" /* restore the old %ebx */
+ "popq %%rbx \n\t" /* restore the old %ebx */
#else
- "popl %%ebx \n\t" /* restore the old %ebx */
+ "popl %%ebx \n\t" /* restore the old %ebx */
#endif
- : "=a" (*a), "=r" (*b), "=c" (*c), "=d" (*d)
- : "a" (op)
- : "cc");
+ :"=a" (*a), "=r"(*b), "=c"(*c), "=d"(*d)
+ :"a"(op)
+ :"cc");
}
static
-void _x86_simd(Eina_Cpu_Features *features)
+void _x86_simd(Eina_Cpu_Features * features)
{
- int a, b, c, d;
-
- _x86_cpuid(1, &a, &b, &c, &d);
- /*
- * edx
- * 18 = PN (Processor Number)
- * 19 = CLFlush (Cache Line Flush)
- * 23 = MMX
- * 25 = SSE
- * 26 = SSE2
- * 28 = HTT (Hyper Threading)
- * ecx
- * 0 = SSE3
- */
- if ((d >> 23) & 1)
- *features |= EINA_CPU_MMX;
-
- if ((d >> 25) & 1)
- *features |= EINA_CPU_SSE;
-
- if ((d >> 26) & 1)
- *features |= EINA_CPU_SSE2;
-
- if (c & 1)
- *features |= EINA_CPU_SSE3;
+ int a, b, c, d;
+
+ _x86_cpuid(1, &a, &b, &c, &d);
+ /*
+ * edx
+ * 18 = PN (Processor Number)
+ * 19 = CLFlush (Cache Line Flush)
+ * 23 = MMX
+ * 25 = SSE
+ * 26 = SSE2
+ * 28 = HTT (Hyper Threading)
+ * ecx
+ * 0 = SSE3
+ */
+ if ((d >> 23) & 1)
+ *features |= EINA_CPU_MMX;
+
+ if ((d >> 25) & 1)
+ *features |= EINA_CPU_SSE;
+
+ if ((d >> 26) & 1)
+ *features |= EINA_CPU_SSE2;
+
+ if (c & 1)
+ *features |= EINA_CPU_SSE3;
}
#endif
@@ -124,85 +123,83 @@ void _x86_simd(Eina_Cpu_Features *features)
*/
EAPI Eina_Cpu_Features eina_cpu_features_get(void)
{
- Eina_Cpu_Features ecf = 0;
+ Eina_Cpu_Features ecf = 0;
#if defined(__i386__) || defined(__x86_64__)
- _x86_simd(&ecf);
+ _x86_simd(&ecf);
#endif
- return ecf;
+ return ecf;
}
EAPI int eina_cpu_count(void)
{
#ifdef EFL_HAVE_THREADS
-# if defined (_WIN32)
- SYSTEM_INFO sysinfo;
-
- GetSystemInfo(&sysinfo);
- return sysinfo.dwNumberOfProcessors;
-
-# elif defined (__SUNPRO_C) || defined(__GNU__)
- /*
- * _SC_NPROCESSORS_ONLN: number of processors that are online, that
- is available when sysconf is called. The number
- of cpu can change by admins.
- * _SC_NPROCESSORS_CONF: maximum number of processors that are available
- to the current OS instance. That number can be
- change after a reboot.
- * _SC_NPROCESSORS_MAX : maximum number of processors that are on the
- motherboard.
- */
- return sysconf(_SC_NPROCESSORS_ONLN);
-
-# elif defined (__FreeBSD__) || defined (__OpenBSD__) || \
+#if defined (_WIN32)
+ SYSTEM_INFO sysinfo;
+
+ GetSystemInfo(&sysinfo);
+ return sysinfo.dwNumberOfProcessors;
+
+#elif defined (__SUNPRO_C) || defined(__GNU__)
+ /*
+ * _SC_NPROCESSORS_ONLN: number of processors that are online, that
+ is available when sysconf is called. The number
+ of cpu can change by admins.
+ * _SC_NPROCESSORS_CONF: maximum number of processors that are available
+ to the current OS instance. That number can be
+ change after a reboot.
+ * _SC_NPROCESSORS_MAX : maximum number of processors that are on the
+ motherboard.
+ */
+ return sysconf(_SC_NPROCESSORS_ONLN);
+
+#elif defined (__FreeBSD__) || defined (__OpenBSD__) || \
defined (__NetBSD__) || defined (__DragonFly__) || defined (__MacOSX__) || \
(defined (__MACH__) && defined (__APPLE__))
- int mib[4];
- int cpus;
- size_t len = sizeof(cpus);
+ int mib[4];
+ int cpus;
+ size_t len = sizeof(cpus);
- mib[0] = CTL_HW;
+ mib[0] = CTL_HW;
#ifdef HW_AVAILCPU
- mib[1] = HW_AVAILCPU;
+ mib[1] = HW_AVAILCPU;
+#else
+ mib[1] = HW_NCPU;
+#endif
+ sysctl(mib, 2, &cpus, &len, NULL, 0);
+ if (cpus < 1)
+ cpus = 1;
+
+ return cpus;
+
+#elif defined (__linux__) || defined(__GLIBC__)
+ cpu_set_t cpu;
+ int i;
+ static int cpus = 0;
+
+ if (cpus != 0)
+ return cpus;
+
+ CPU_ZERO(&cpu);
+ if (sched_getaffinity(0, sizeof(cpu), &cpu) != 0) {
+ fprintf(stderr, "[Eina] could not get cpu affinity: %s\n",
+ strerror(errno));
+ return 1;
+ }
+
+ for (i = 0; i < TH_MAX; i++) {
+ if (CPU_ISSET(i, &cpu))
+ cpus = i + 1;
+ else
+ break;
+ }
+ return cpus;
+
#else
- mib[1] = HW_NCPU;
+#error "eina_cpu_count() error: Platform not supported"
#endif
- sysctl(mib, 2, &cpus, &len, NULL, 0);
- if (cpus < 1)
- cpus = 1;
-
- return cpus;
-
-# elif defined (__linux__) || defined(__GLIBC__)
- cpu_set_t cpu;
- int i;
- static int cpus = 0;
-
- if (cpus != 0)
- return cpus;
-
- CPU_ZERO(&cpu);
- if (sched_getaffinity(0, sizeof(cpu), &cpu) != 0)
- {
- fprintf(stderr, "[Eina] could not get cpu affinity: %s\n",
- strerror(errno));
- return 1;
- }
-
- for (i = 0; i < TH_MAX; i++)
- {
- if (CPU_ISSET(i, &cpu))
- cpus = i + 1;
- else
- break;
- }
- return cpus;
-
-# else
-# error "eina_cpu_count() error: Platform not supported"
-# endif
#else
- return 1;
+ return 1;
#endif
}
diff --git a/tests/suite/ecore/src/lib/eina_error.c b/tests/suite/ecore/src/lib/eina_error.c
index f273ca51c1..17ec74d904 100644
--- a/tests/suite/ecore/src/lib/eina_error.c
+++ b/tests/suite/ecore/src/lib/eina_error.c
@@ -131,7 +131,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
@@ -139,7 +139,7 @@
#include <stdlib.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -166,10 +166,9 @@
*/
typedef struct _Eina_Error_Message Eina_Error_Message;
-struct _Eina_Error_Message
-{
- Eina_Bool string_allocated;
- const char *string;
+struct _Eina_Error_Message {
+ Eina_Bool string_allocated;
+ const char *string;
};
static Eina_Error_Message *_eina_errors = NULL;
@@ -177,32 +176,32 @@ static size_t _eina_errors_count = 0;
static size_t _eina_errors_allocated = 0;
static Eina_Error _eina_last_error;
-static Eina_Error_Message *
-_eina_error_msg_alloc(void)
+static Eina_Error_Message *_eina_error_msg_alloc(void)
{
- size_t idx;
-
- if (_eina_errors_count == _eina_errors_allocated)
- {
- void *tmp;
- size_t size;
-
- if (EINA_UNLIKELY(_eina_errors_allocated == 0))
- size = 24;
- else
- size = _eina_errors_allocated + 8;
-
- tmp = realloc(_eina_errors, sizeof(Eina_Error_Message) * size);
- if (!tmp)
- return NULL;
-
- _eina_errors = tmp;
- _eina_errors_allocated = size;
- }
-
- idx = _eina_errors_count;
- _eina_errors_count++;
- return _eina_errors + idx;
+ size_t idx;
+
+ if (_eina_errors_count == _eina_errors_allocated) {
+ void *tmp;
+ size_t size;
+
+ if (EINA_UNLIKELY(_eina_errors_allocated == 0))
+ size = 24;
+ else
+ size = _eina_errors_allocated + 8;
+
+ tmp =
+ realloc(_eina_errors,
+ sizeof(Eina_Error_Message) * size);
+ if (!tmp)
+ return NULL;
+
+ _eina_errors = tmp;
+ _eina_errors_allocated = size;
+ }
+
+ idx = _eina_errors_count;
+ _eina_errors_count++;
+ return _eina_errors + idx;
}
/**
@@ -239,13 +238,12 @@ static const char EINA_ERROR_OUT_OF_MEMORY_STR[] = "Out of memory";
*
* @see eina_init()
*/
-Eina_Bool
-eina_error_init(void)
+Eina_Bool eina_error_init(void)
{
- /* TODO register the eina's basic errors */
- EINA_ERROR_OUT_OF_MEMORY = eina_error_msg_static_register(
- EINA_ERROR_OUT_OF_MEMORY_STR);
- return EINA_TRUE;
+ /* TODO register the eina's basic errors */
+ EINA_ERROR_OUT_OF_MEMORY =
+ eina_error_msg_static_register(EINA_ERROR_OUT_OF_MEMORY_STR);
+ return EINA_TRUE;
}
/**
@@ -259,24 +257,23 @@ eina_error_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_error_shutdown(void)
+Eina_Bool eina_error_shutdown(void)
{
- Eina_Error_Message *eem, *eem_end;
+ Eina_Error_Message *eem, *eem_end;
- eem = _eina_errors;
- eem_end = eem + _eina_errors_count;
+ eem = _eina_errors;
+ eem_end = eem + _eina_errors_count;
- for (; eem < eem_end; eem++)
- if (eem->string_allocated)
- free((char *)eem->string);
+ for (; eem < eem_end; eem++)
+ if (eem->string_allocated)
+ free((char *) eem->string);
- free(_eina_errors);
- _eina_errors = NULL;
- _eina_errors_count = 0;
- _eina_errors_allocated = 0;
+ free(_eina_errors);
+ _eina_errors = NULL;
+ _eina_errors_count = 0;
+ _eina_errors_allocated = 0;
- return EINA_TRUE;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -313,26 +310,24 @@ eina_error_shutdown(void)
*
* @see eina_error_msg_static_register()
*/
-EAPI Eina_Error
-eina_error_msg_register(const char *msg)
+EAPI Eina_Error eina_error_msg_register(const char *msg)
{
- Eina_Error_Message *eem;
+ Eina_Error_Message *eem;
- EINA_SAFETY_ON_NULL_RETURN_VAL(msg, 0);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(msg, 0);
- eem = _eina_error_msg_alloc();
- if (!eem)
- return 0;
+ eem = _eina_error_msg_alloc();
+ if (!eem)
+ return 0;
- eem->string_allocated = EINA_TRUE;
- eem->string = strdup(msg);
- if (!eem->string)
- {
- _eina_errors_count--;
- return 0;
- }
+ eem->string_allocated = EINA_TRUE;
+ eem->string = strdup(msg);
+ if (!eem->string) {
+ _eina_errors_count--;
+ return 0;
+ }
- return _eina_errors_count; /* identifier = index + 1 (== _count). */
+ return _eina_errors_count; /* identifier = index + 1 (== _count). */
}
/**
@@ -350,20 +345,19 @@ eina_error_msg_register(const char *msg)
*
* @see eina_error_msg_register()
*/
-EAPI Eina_Error
-eina_error_msg_static_register(const char *msg)
+EAPI Eina_Error eina_error_msg_static_register(const char *msg)
{
- Eina_Error_Message *eem;
+ Eina_Error_Message *eem;
- EINA_SAFETY_ON_NULL_RETURN_VAL(msg, 0);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(msg, 0);
- eem = _eina_error_msg_alloc();
- if (!eem)
- return 0;
+ eem = _eina_error_msg_alloc();
+ if (!eem)
+ return 0;
- eem->string_allocated = EINA_FALSE;
- eem->string = msg;
- return _eina_errors_count; /* identifier = index + 1 (== _count). */
+ eem->string_allocated = EINA_FALSE;
+ eem->string = msg;
+ return _eina_errors_count; /* identifier = index + 1 (== _count). */
}
/**
@@ -382,30 +376,28 @@ eina_error_msg_static_register(const char *msg)
*
* @see eina_error_msg_register()
*/
-EAPI Eina_Bool
-eina_error_msg_modify(Eina_Error error, const char *msg)
+EAPI Eina_Bool eina_error_msg_modify(Eina_Error error, const char *msg)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(msg, EINA_FALSE);
- if (error < 1)
- return EINA_FALSE;
+ EINA_SAFETY_ON_NULL_RETURN_VAL(msg, EINA_FALSE);
+ if (error < 1)
+ return EINA_FALSE;
- if ((size_t)error > _eina_errors_count)
- return EINA_FALSE;
+ if ((size_t) error > _eina_errors_count)
+ return EINA_FALSE;
- if (_eina_errors[error - 1].string_allocated)
- {
- const char *tmp;
+ if (_eina_errors[error - 1].string_allocated) {
+ const char *tmp;
- if (!(tmp = strdup(msg)))
- return EINA_FALSE;
+ if (!(tmp = strdup(msg)))
+ return EINA_FALSE;
- free((void *)_eina_errors[error - 1].string);
- _eina_errors[error - 1].string = tmp;
- return EINA_TRUE;
- }
+ free((void *) _eina_errors[error - 1].string);
+ _eina_errors[error - 1].string = tmp;
+ return EINA_TRUE;
+ }
- _eina_errors[error - 1].string = msg;
- return EINA_TRUE;
+ _eina_errors[error - 1].string = msg;
+ return EINA_TRUE;
}
/**
@@ -418,16 +410,15 @@ eina_error_msg_modify(Eina_Error error, const char *msg)
* registered with eina_error_msg_register(). If an incorrect error is
* given, then @c NULL is returned.
*/
-EAPI const char *
-eina_error_msg_get(Eina_Error error)
+EAPI const char *eina_error_msg_get(Eina_Error error)
{
- if (error < 1)
- return NULL;
+ if (error < 1)
+ return NULL;
- if ((size_t)error > _eina_errors_count)
- return NULL;
+ if ((size_t) error > _eina_errors_count)
+ return NULL;
- return _eina_errors[error - 1].string;
+ return _eina_errors[error - 1].string;
}
/**
@@ -438,10 +429,9 @@ eina_error_msg_get(Eina_Error error)
* This function returns the last error set by eina_error_set(). The
* description of the message is returned by eina_error_msg_get().
*/
-EAPI Eina_Error
-eina_error_get(void)
+EAPI Eina_Error eina_error_get(void)
{
- return _eina_last_error;
+ return _eina_last_error;
}
/**
@@ -452,10 +442,9 @@ eina_error_get(void)
* This function sets the last error identifier. The last error can be
* retrieved with eina_error_get().
*/
-EAPI void
-eina_error_set(Eina_Error err)
+EAPI void eina_error_set(Eina_Error err)
{
- _eina_last_error = err;
+ _eina_last_error = err;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_file.c b/tests/suite/ecore/src/lib/eina_file.c
index a5c95720b6..ca1cb35969 100644
--- a/tests/suite/ecore/src/lib/eina_file.c
+++ b/tests/suite/ecore/src/lib/eina_file.c
@@ -17,52 +17,52 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#ifndef _WIN32
-# define _GNU_SOURCE
+#define _GNU_SOURCE
#endif
#ifdef HAVE_ALLOCA_H
-# include <alloca.h>
+#include <alloca.h>
#elif defined __GNUC__
-# define alloca __builtin_alloca
+#define alloca __builtin_alloca
#elif defined _AIX
-# define alloca __alloca
+#define alloca __alloca
#elif defined _MSC_VER
-# include <malloc.h>
-# define alloca _alloca
+#include <malloc.h>
+#define alloca _alloca
#else
-# include <stddef.h>
-# ifdef __cplusplus
+#include <stddef.h>
+#ifdef __cplusplus
extern "C"
-# endif
-void *alloca (size_t);
+#endif
+void *alloca(size_t);
#endif
#include <string.h>
#include <dirent.h>
#ifndef _WIN32
-# include <sys/types.h>
-# include <sys/stat.h>
-# include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
#else
-# include <Evil.h>
-#endif /* _WIN2 */
+#include <Evil.h>
+#endif /* _WIN2 */
#ifndef _WIN32
-# define PATH_DELIM '/'
+#define PATH_DELIM '/'
#else
-# define PATH_DELIM '\\'
-# define NAME_MAX MAX_PATH
+#define PATH_DELIM '\\'
+#define NAME_MAX MAX_PATH
#endif
#ifdef __sun
-# ifndef NAME_MAX
-# define NAME_MAX 255
-# endif
+#ifndef NAME_MAX
+#define NAME_MAX 255
+#endif
#endif
#include "eina_config.h"
@@ -74,115 +74,111 @@ void *alloca (size_t);
#include "eina_stringshare.h"
typedef struct _Eina_File_Iterator Eina_File_Iterator;
-struct _Eina_File_Iterator
-{
- Eina_Iterator iterator;
+struct _Eina_File_Iterator {
+ Eina_Iterator iterator;
- DIR *dirp;
- int length;
+ DIR *dirp;
+ int length;
- char dir[1];
+ char dir[1];
};
static Eina_Bool
-_eina_file_ls_iterator_next(Eina_File_Iterator *it, void **data)
+_eina_file_ls_iterator_next(Eina_File_Iterator * it, void **data)
{
- struct dirent *dp;
- char *name;
- size_t length;
-
- do
- {
- dp = readdir(it->dirp);
- if (!dp)
- return EINA_FALSE;
- }
- while ((dp->d_name[0] == '.') &&
- ((dp->d_name[1] == '\0') ||
- ((dp->d_name[1] == '.') && (dp->d_name[2] == '\0'))));
-
- length = strlen(dp->d_name);
- name = alloca(length + 2 + it->length);
-
- memcpy(name, it->dir, it->length);
- memcpy(name + it->length, "/", 1);
- memcpy(name + it->length + 1, dp->d_name, length + 1);
-
- *data = (char *)eina_stringshare_add(name);
- return EINA_TRUE;
+ struct dirent *dp;
+ char *name;
+ size_t length;
+
+ do {
+ dp = readdir(it->dirp);
+ if (!dp)
+ return EINA_FALSE;
+ }
+ while ((dp->d_name[0] == '.') &&
+ ((dp->d_name[1] == '\0') ||
+ ((dp->d_name[1] == '.') && (dp->d_name[2] == '\0'))));
+
+ length = strlen(dp->d_name);
+ name = alloca(length + 2 + it->length);
+
+ memcpy(name, it->dir, it->length);
+ memcpy(name + it->length, "/", 1);
+ memcpy(name + it->length + 1, dp->d_name, length + 1);
+
+ *data = (char *) eina_stringshare_add(name);
+ return EINA_TRUE;
}
-static char *
-_eina_file_ls_iterator_container(Eina_File_Iterator *it)
+static char *_eina_file_ls_iterator_container(Eina_File_Iterator * it)
{
- return it->dir;
+ return it->dir;
}
-static void
-_eina_file_ls_iterator_free(Eina_File_Iterator *it)
+static void _eina_file_ls_iterator_free(Eina_File_Iterator * it)
{
- closedir(it->dirp);
+ closedir(it->dirp);
- EINA_MAGIC_SET(&it->iterator, 0);
- free(it);
+ EINA_MAGIC_SET(&it->iterator, 0);
+ free(it);
}
typedef struct _Eina_File_Direct_Iterator Eina_File_Direct_Iterator;
-struct _Eina_File_Direct_Iterator
-{
- Eina_Iterator iterator;
+struct _Eina_File_Direct_Iterator {
+ Eina_Iterator iterator;
- DIR *dirp;
- int length;
+ DIR *dirp;
+ int length;
- Eina_File_Direct_Info info;
+ Eina_File_Direct_Info info;
- char dir[1];
+ char dir[1];
};
static Eina_Bool
-_eina_file_direct_ls_iterator_next(Eina_File_Direct_Iterator *it, void **data)
+_eina_file_direct_ls_iterator_next(Eina_File_Direct_Iterator * it,
+ void **data)
{
- struct dirent *dp;
- size_t length;
-
- do
- {
- dp = readdir(it->dirp);
- if (!dp)
- return EINA_FALSE;
-
- length = strlen(dp->d_name);
- if (it->info.name_start + length + 1 >= PATH_MAX)
- continue;
- }
- while ((dp->d_name[0] == '.') &&
- ((dp->d_name[1] == '\0') ||
- ((dp->d_name[1] == '.') && (dp->d_name[2] == '\0'))));
-
- memcpy(it->info.path + it->info.name_start, dp->d_name, length);
- it->info.name_length = length;
- it->info.path_length = it->info.name_start + length;
- it->info.path[it->info.path_length] = '\0';
- it->info.dirent = dp;
-
- *data = &it->info;
- return EINA_TRUE;
+ struct dirent *dp;
+ size_t length;
+
+ do {
+ dp = readdir(it->dirp);
+ if (!dp)
+ return EINA_FALSE;
+
+ length = strlen(dp->d_name);
+ if (it->info.name_start + length + 1 >= PATH_MAX)
+ continue;
+ }
+ while ((dp->d_name[0] == '.') &&
+ ((dp->d_name[1] == '\0') ||
+ ((dp->d_name[1] == '.') && (dp->d_name[2] == '\0'))));
+
+ memcpy(it->info.path + it->info.name_start, dp->d_name, length);
+ it->info.name_length = length;
+ it->info.path_length = it->info.name_start + length;
+ it->info.path[it->info.path_length] = '\0';
+ it->info.dirent = dp;
+
+ *data = &it->info;
+ return EINA_TRUE;
}
-static char *
-_eina_file_direct_ls_iterator_container(Eina_File_Direct_Iterator *it)
+static char
+ *_eina_file_direct_ls_iterator_container(Eina_File_Direct_Iterator *
+ it)
{
- return it->dir;
+ return it->dir;
}
static void
-_eina_file_direct_ls_iterator_free(Eina_File_Direct_Iterator *it)
+_eina_file_direct_ls_iterator_free(Eina_File_Direct_Iterator * it)
{
- closedir(it->dirp);
+ closedir(it->dirp);
- EINA_MAGIC_SET(&it->iterator, 0);
- free(it);
+ EINA_MAGIC_SET(&it->iterator, 0);
+ free(it);
}
/*============================================================================*
@@ -227,132 +223,127 @@ _eina_file_direct_ls_iterator_free(Eina_File_Direct_Iterator *it)
*/
EAPI Eina_Bool
eina_file_dir_list(const char *dir,
- Eina_Bool recursive,
- Eina_File_Dir_List_Cb cb,
- void *data)
+ Eina_Bool recursive,
+ Eina_File_Dir_List_Cb cb, void *data)
{
#ifndef _WIN32
- struct dirent *de;
- DIR *d;
+ struct dirent *de;
+ DIR *d;
- EINA_SAFETY_ON_NULL_RETURN_VAL(cb, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(dir, EINA_FALSE);
- EINA_SAFETY_ON_TRUE_RETURN_VAL(dir[0] == '\0', EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(cb, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(dir, EINA_FALSE);
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(dir[0] == '\0', EINA_FALSE);
- d = opendir(dir);
- if (!d)
- return EINA_FALSE;
+ d = opendir(dir);
+ if (!d)
+ return EINA_FALSE;
- while ((de = readdir(d)))
- {
- if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, ".."))
- continue;
+ while ((de = readdir(d))) {
+ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, ".."))
+ continue;
- cb(de->d_name, dir, data);
- /* d_type is only available on linux and bsd (_BSD_SOURCE) */
+ cb(de->d_name, dir, data);
+ /* d_type is only available on linux and bsd (_BSD_SOURCE) */
- if (recursive == EINA_TRUE)
- {
- char *path;
+ if (recursive == EINA_TRUE) {
+ char *path;
- path = alloca(strlen(dir) + strlen(de->d_name) + 2);
- strcpy(path, dir);
- strcat(path, "/");
- strcat(path, de->d_name);
+ path =
+ alloca(strlen(dir) + strlen(de->d_name) + 2);
+ strcpy(path, dir);
+ strcat(path, "/");
+ strcat(path, de->d_name);
#ifndef sun
- if (de->d_type == DT_UNKNOWN)
- {
+ if (de->d_type == DT_UNKNOWN) {
#endif
- struct stat st;
+ struct stat st;
- if (stat(path, &st))
- continue;
+ if (stat(path, &st))
+ continue;
- if (!S_ISDIR(st.st_mode))
- continue;
+ if (!S_ISDIR(st.st_mode))
+ continue;
#ifndef sun
- }
- else if (de->d_type != DT_DIR)
- continue;
+ } else if (de->d_type != DT_DIR)
+ continue;
#endif
- eina_file_dir_list(path, recursive, cb, data);
- }
- }
+ eina_file_dir_list(path, recursive, cb, data);
+ }
+ }
- closedir(d);
+ closedir(d);
#else
- WIN32_FIND_DATA file;
- HANDLE hSearch;
- char *new_dir;
- TCHAR *tdir;
- size_t length_dir;
+ WIN32_FIND_DATA file;
+ HANDLE hSearch;
+ char *new_dir;
+ TCHAR *tdir;
+ size_t length_dir;
- EINA_SAFETY_ON_NULL_RETURN_VAL(cb, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(dir, EINA_FALSE);
- EINA_SAFETY_ON_TRUE_RETURN_VAL(dir[0] == '\0', EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(cb, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(dir, EINA_FALSE);
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(dir[0] == '\0', EINA_FALSE);
- length_dir = strlen(dir);
- new_dir = (char *)alloca(length_dir + 5);
- if (!new_dir)
- return EINA_FALSE;
+ length_dir = strlen(dir);
+ new_dir = (char *) alloca(length_dir + 5);
+ if (!new_dir)
+ return EINA_FALSE;
- memcpy(new_dir, dir, length_dir);
- memcpy(new_dir + length_dir, "/*.*", 5);
+ memcpy(new_dir, dir, length_dir);
+ memcpy(new_dir + length_dir, "/*.*", 5);
#ifdef UNICODE
- tdir = evil_char_to_wchar(new_dir);
+ tdir = evil_char_to_wchar(new_dir);
#else
- tdir = new_dir;
-#endif /* ! UNICODE */
- hSearch = FindFirstFile(tdir, &file);
+ tdir = new_dir;
+#endif /* ! UNICODE */
+ hSearch = FindFirstFile(tdir, &file);
#ifdef UNICODE
- free(tdir);
-#endif /* UNICODE */
+ free(tdir);
+#endif /* UNICODE */
- if (hSearch == INVALID_HANDLE_VALUE)
- return EINA_FALSE;
+ if (hSearch == INVALID_HANDLE_VALUE)
+ return EINA_FALSE;
- do
- {
- char *filename;
+ do {
+ char *filename;
#ifdef UNICODE
- filename = evil_wchar_to_char(file.cFileName);
+ filename = evil_wchar_to_char(file.cFileName);
#else
- filename = file.cFileName;
-#endif /* ! UNICODE */
- if (!strcmp(filename, ".") || !strcmp(filename, ".."))
- continue;
-
- cb(filename, dir, data);
+ filename = file.cFileName;
+#endif /* ! UNICODE */
+ if (!strcmp(filename, ".") || !strcmp(filename, ".."))
+ continue;
- if (recursive == EINA_TRUE)
- {
- char *path;
+ cb(filename, dir, data);
- path = alloca(strlen(dir) + strlen(filename) + 2);
- strcpy(path, dir);
- strcat(path, "/");
- strcat(path, filename);
+ if (recursive == EINA_TRUE) {
+ char *path;
- if (!(file.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
- continue;
+ path = alloca(strlen(dir) + strlen(filename) + 2);
+ strcpy(path, dir);
+ strcat(path, "/");
+ strcat(path, filename);
- eina_file_dir_list(path, recursive, cb, data);
- }
+ if (!
+ (file.
+ dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
+ continue;
+ eina_file_dir_list(path, recursive, cb, data);
+ }
#ifdef UNICODE
- free(filename);
-#endif /* UNICODE */
+ free(filename);
+#endif /* UNICODE */
- } while (FindNextFile(hSearch, &file));
- FindClose(hSearch);
-#endif /* _WIN32 */
+ } while (FindNextFile(hSearch, &file));
+ FindClose(hSearch);
+#endif /* _WIN32 */
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -366,37 +357,35 @@ eina_file_dir_list(const char *dir,
* created, @c NULL is returned, otherwise, an array with the
* different parts of @p path is returned.
*/
-EAPI Eina_Array *
-eina_file_split(char *path)
+EAPI Eina_Array *eina_file_split(char *path)
{
- Eina_Array *ea;
- char *current;
- size_t length;
+ Eina_Array *ea;
+ char *current;
+ size_t length;
- EINA_SAFETY_ON_NULL_RETURN_VAL(path, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(path, NULL);
- ea = eina_array_new(16);
+ ea = eina_array_new(16);
- if (!ea)
- return NULL;
+ if (!ea)
+ return NULL;
- for (current = strchr(path, PATH_DELIM);
- current;
- path = current + 1, current = strchr(path, PATH_DELIM))
- {
- length = current - path;
+ for (current = strchr(path, PATH_DELIM);
+ current;
+ path = current + 1, current = strchr(path, PATH_DELIM)) {
+ length = current - path;
- if (length <= 0)
- continue;
+ if (length <= 0)
+ continue;
- eina_array_push(ea, path);
- *current = '\0';
- }
+ eina_array_push(ea, path);
+ *current = '\0';
+ }
- if (*path != '\0')
- eina_array_push(ea, path);
+ if (*path != '\0')
+ eina_array_push(ea, path);
- return ea;
+ return ea;
}
/**
@@ -424,45 +413,45 @@ eina_file_split(char *path)
*
* @see eina_file_direct_ls()
*/
-EAPI Eina_Iterator *
-eina_file_ls(const char *dir)
+EAPI Eina_Iterator *eina_file_ls(const char *dir)
{
- Eina_File_Iterator *it;
- size_t length;
-
- if (!dir)
- return NULL;
-
- length = strlen(dir);
- if (length < 1)
- return NULL;
-
- it = calloc(1, sizeof (Eina_File_Iterator) + length);
- if (!it)
- return NULL;
-
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
-
- it->dirp = opendir(dir);
- if (!it->dirp)
- {
- free(it);
- return NULL;
- }
-
- memcpy(it->dir, dir, length + 1);
- if (dir[length - 1] != '/')
- it->length = length;
- else
- it->length = length - 1;
-
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(_eina_file_ls_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _eina_file_ls_iterator_container);
- it->iterator.free = FUNC_ITERATOR_FREE(_eina_file_ls_iterator_free);
-
- return &it->iterator;
+ Eina_File_Iterator *it;
+ size_t length;
+
+ if (!dir)
+ return NULL;
+
+ length = strlen(dir);
+ if (length < 1)
+ return NULL;
+
+ it = calloc(1, sizeof(Eina_File_Iterator) + length);
+ if (!it)
+ return NULL;
+
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+
+ it->dirp = opendir(dir);
+ if (!it->dirp) {
+ free(it);
+ return NULL;
+ }
+
+ memcpy(it->dir, dir, length + 1);
+ if (dir[length - 1] != '/')
+ it->length = length;
+ else
+ it->length = length - 1;
+
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next =
+ FUNC_ITERATOR_NEXT(_eina_file_ls_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(_eina_file_ls_iterator_container);
+ it->iterator.free =
+ FUNC_ITERATOR_FREE(_eina_file_ls_iterator_free);
+
+ return &it->iterator;
}
/**
@@ -489,54 +478,54 @@ eina_file_ls(const char *dir)
*
* @see eina_file_ls()
*/
-EAPI Eina_Iterator *
-eina_file_direct_ls(const char *dir)
+EAPI Eina_Iterator *eina_file_direct_ls(const char *dir)
{
- Eina_File_Direct_Iterator *it;
- size_t length;
-
- if (!dir)
- return NULL;
-
- length = strlen(dir);
- if (length < 1)
- return NULL;
-
- if (length + NAME_MAX + 2 >= PATH_MAX)
- return NULL;
-
- it = calloc(1, sizeof(Eina_File_Direct_Iterator) + length);
- if (!it)
- return NULL;
-
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
-
- it->dirp = opendir(dir);
- if (!it->dirp)
- {
- free(it);
- return NULL;
- }
-
- memcpy(it->dir, dir, length + 1);
- it->length = length;
-
- memcpy(it->info.path, dir, length);
- if (dir[length - 1] == '/')
- it->info.name_start = length;
- else
- {
- it->info.path[length] = '/';
- it->info.name_start = length + 1;
- }
-
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(_eina_file_direct_ls_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _eina_file_direct_ls_iterator_container);
- it->iterator.free = FUNC_ITERATOR_FREE(_eina_file_direct_ls_iterator_free);
-
- return &it->iterator;
+ Eina_File_Direct_Iterator *it;
+ size_t length;
+
+ if (!dir)
+ return NULL;
+
+ length = strlen(dir);
+ if (length < 1)
+ return NULL;
+
+ if (length + NAME_MAX + 2 >= PATH_MAX)
+ return NULL;
+
+ it = calloc(1, sizeof(Eina_File_Direct_Iterator) + length);
+ if (!it)
+ return NULL;
+
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+
+ it->dirp = opendir(dir);
+ if (!it->dirp) {
+ free(it);
+ return NULL;
+ }
+
+ memcpy(it->dir, dir, length + 1);
+ it->length = length;
+
+ memcpy(it->info.path, dir, length);
+ if (dir[length - 1] == '/')
+ it->info.name_start = length;
+ else {
+ it->info.path[length] = '/';
+ it->info.name_start = length + 1;
+ }
+
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next =
+ FUNC_ITERATOR_NEXT(_eina_file_direct_ls_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER
+ (_eina_file_direct_ls_iterator_container);
+ it->iterator.free =
+ FUNC_ITERATOR_FREE(_eina_file_direct_ls_iterator_free);
+
+ return &it->iterator;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_fp.c b/tests/suite/ecore/src/lib/eina_fp.c
index 73a2df0eb7..890c58ca88 100644
--- a/tests/suite/ecore/src/lib/eina_fp.c
+++ b/tests/suite/ecore/src/lib/eina_fp.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
@@ -9,524 +9,530 @@
#include "eina_fp.h"
#define MAX_PREC 1025
-static const Eina_F32p32 eina_trigo[MAX_PREC] =
-{
- 0x0000000100000000, 0x00000000ffffec43, 0x00000000ffffb10b,
- 0x00000000ffff4e5a, 0x00000000fffec42e, 0x00000000fffe1287,
- 0x00000000fffd3967, 0x00000000fffc38cd, 0x00000000fffb10b9,
- 0x00000000fff9c12c,
- 0x00000000fff84a25, 0x00000000fff6aba5, 0x00000000fff4e5ac,
- 0x00000000fff2f83b, 0x00000000fff0e351, 0x00000000ffeea6ef,
- 0x00000000ffec4316, 0x00000000ffe9b7c5, 0x00000000ffe704fe,
- 0x00000000ffe42ac0,
- 0x00000000ffe1290b, 0x00000000ffddffe2, 0x00000000ffdaaf43,
- 0x00000000ffd7372f, 0x00000000ffd397a8, 0x00000000ffcfd0ad,
- 0x00000000ffcbe23f, 0x00000000ffc7cc5f, 0x00000000ffc38f0d,
- 0x00000000ffbf2a4b,
- 0x00000000ffba9e17, 0x00000000ffb5ea75, 0x00000000ffb10f63,
- 0x00000000ffac0ce3, 0x00000000ffa6e2f6, 0x00000000ffa1919c,
- 0x00000000ff9c18d6, 0x00000000ff9678a6, 0x00000000ff90b10b,
- 0x00000000ff8ac208,
- 0x00000000ff84ab9c, 0x00000000ff7e6dc8, 0x00000000ff78088f,
- 0x00000000ff717bf0, 0x00000000ff6ac7ec, 0x00000000ff63ec85,
- 0x00000000ff5ce9bc, 0x00000000ff55bf92, 0x00000000ff4e6e08,
- 0x00000000ff46f51f,
- 0x00000000ff3f54d8, 0x00000000ff378d34, 0x00000000ff2f9e35,
- 0x00000000ff2787dc, 0x00000000ff1f4a2a, 0x00000000ff16e520,
- 0x00000000ff0e58c0, 0x00000000ff05a50a, 0x00000000fefcca01,
- 0x00000000fef3c7a6,
- 0x00000000feea9df9, 0x00000000fee14cfe, 0x00000000fed7d4b3,
- 0x00000000fece351d, 0x00000000fec46e3b, 0x00000000feba800f,
- 0x00000000feb06a9c, 0x00000000fea62de1, 0x00000000fe9bc9e2,
- 0x00000000fe913e9f,
- 0x00000000fe868c1b, 0x00000000fe7bb256, 0x00000000fe70b153,
- 0x00000000fe658913, 0x00000000fe5a3998, 0x00000000fe4ec2e4,
- 0x00000000fe4324f9, 0x00000000fe375fd7, 0x00000000fe2b7382,
- 0x00000000fe1f5ffa,
- 0x00000000fe132543, 0x00000000fe06c35d, 0x00000000fdfa3a4b,
- 0x00000000fded8a0e, 0x00000000fde0b2a8, 0x00000000fdd3b41c,
- 0x00000000fdc68e6c, 0x00000000fdb94199, 0x00000000fdabcda5,
- 0x00000000fd9e3294,
- 0x00000000fd907065, 0x00000000fd82871d, 0x00000000fd7476bd,
- 0x00000000fd663f46, 0x00000000fd57e0bd, 0x00000000fd495b21,
- 0x00000000fd3aae77, 0x00000000fd2bdabf, 0x00000000fd1cdffd,
- 0x00000000fd0dbe32,
- 0x00000000fcfe7562, 0x00000000fcef058e, 0x00000000fcdf6eb8,
- 0x00000000fccfb0e4, 0x00000000fcbfcc13, 0x00000000fcafc048,
- 0x00000000fc9f8d86, 0x00000000fc8f33ce, 0x00000000fc7eb325,
- 0x00000000fc6e0b8b,
- 0x00000000fc5d3d03, 0x00000000fc4c4791, 0x00000000fc3b2b37,
- 0x00000000fc29e7f7, 0x00000000fc187dd5, 0x00000000fc06ecd2,
- 0x00000000fbf534f2, 0x00000000fbe35637, 0x00000000fbd150a3,
- 0x00000000fbbf243b,
- 0x00000000fbacd100, 0x00000000fb9a56f6, 0x00000000fb87b61f,
- 0x00000000fb74ee7e, 0x00000000fb620016, 0x00000000fb4eeaea,
- 0x00000000fb3baefd, 0x00000000fb284c52, 0x00000000fb14c2eb,
- 0x00000000fb0112cd,
- 0x00000000faed3bf9, 0x00000000fad93e73, 0x00000000fac51a3f,
- 0x00000000fab0cf5e, 0x00000000fa9c5dd5, 0x00000000fa87c5a6,
- 0x00000000fa7306d5, 0x00000000fa5e2164, 0x00000000fa491558,
- 0x00000000fa33e2b3,
- 0x00000000fa1e8978, 0x00000000fa0909ab, 0x00000000f9f36350,
- 0x00000000f9dd9668, 0x00000000f9c7a2f9, 0x00000000f9b18905,
- 0x00000000f99b488f, 0x00000000f984e19c, 0x00000000f96e542e,
- 0x00000000f957a049,
- 0x00000000f940c5f1, 0x00000000f929c528, 0x00000000f9129df3,
- 0x00000000f8fb5056, 0x00000000f8e3dc53, 0x00000000f8cc41ee,
- 0x00000000f8b4812b, 0x00000000f89c9a0e, 0x00000000f8848c9b,
- 0x00000000f86c58d4,
- 0x00000000f853febe, 0x00000000f83b7e5d, 0x00000000f822d7b4,
- 0x00000000f80a0ac7, 0x00000000f7f1179a, 0x00000000f7d7fe31,
- 0x00000000f7bebe90, 0x00000000f7a558ba, 0x00000000f78bccb3,
- 0x00000000f7721a80,
- 0x00000000f7584225, 0x00000000f73e43a5, 0x00000000f7241f04,
- 0x00000000f709d446, 0x00000000f6ef6370, 0x00000000f6d4cc85,
- 0x00000000f6ba0f8a, 0x00000000f69f2c83, 0x00000000f6842374,
- 0x00000000f668f461,
- 0x00000000f64d9f4e, 0x00000000f632243f, 0x00000000f616833a,
- 0x00000000f5fabc41, 0x00000000f5decf59, 0x00000000f5c2bc87,
- 0x00000000f5a683cf, 0x00000000f58a2535, 0x00000000f56da0be,
- 0x00000000f550f66e,
- 0x00000000f5342649, 0x00000000f5173054, 0x00000000f4fa1494,
- 0x00000000f4dcd30c, 0x00000000f4bf6bc2, 0x00000000f4a1deb9,
- 0x00000000f4842bf7, 0x00000000f4665380, 0x00000000f4485559,
- 0x00000000f42a3186,
- 0x00000000f40be80c, 0x00000000f3ed78ef, 0x00000000f3cee434,
- 0x00000000f3b029e1, 0x00000000f39149f9, 0x00000000f3724482,
- 0x00000000f3531980, 0x00000000f333c8f8, 0x00000000f31452ef,
- 0x00000000f2f4b76a,
- 0x00000000f2d4f66d, 0x00000000f2b50ffe, 0x00000000f2950421,
- 0x00000000f274d2dc, 0x00000000f2547c33, 0x00000000f234002b,
- 0x00000000f2135eca, 0x00000000f1f29814, 0x00000000f1d1ac0e,
- 0x00000000f1b09abe,
- 0x00000000f18f6429, 0x00000000f16e0853, 0x00000000f14c8742,
- 0x00000000f12ae0fb, 0x00000000f1091583, 0x00000000f0e724e0,
- 0x00000000f0c50f17, 0x00000000f0a2d42c, 0x00000000f0807426,
- 0x00000000f05def09,
- 0x00000000f03b44db, 0x00000000f01875a1, 0x00000000eff58161,
- 0x00000000efd2681f, 0x00000000efaf29e2, 0x00000000ef8bc6af,
- 0x00000000ef683e8b, 0x00000000ef44917b, 0x00000000ef20bf86,
- 0x00000000eefcc8b1,
- 0x00000000eed8ad01, 0x00000000eeb46c7b, 0x00000000ee900727,
- 0x00000000ee6b7d08, 0x00000000ee46ce25, 0x00000000ee21fa83,
- 0x00000000edfd0228, 0x00000000edd7e51a, 0x00000000edb2a35f,
- 0x00000000ed8d3cfc,
- 0x00000000ed67b1f6, 0x00000000ed420255, 0x00000000ed1c2e1d,
- 0x00000000ecf63554, 0x00000000ecd01801, 0x00000000eca9d628,
- 0x00000000ec836fd1, 0x00000000ec5ce501, 0x00000000ec3635bd,
- 0x00000000ec0f620d,
- 0x00000000ebe869f5, 0x00000000ebc14d7d, 0x00000000eb9a0ca9,
- 0x00000000eb72a780, 0x00000000eb4b1e08, 0x00000000eb237047,
- 0x00000000eafb9e43, 0x00000000ead3a803, 0x00000000eaab8d8d,
- 0x00000000ea834ee6,
- 0x00000000ea5aec15, 0x00000000ea326520, 0x00000000ea09ba0d,
- 0x00000000e9e0eae4, 0x00000000e9b7f7a9, 0x00000000e98ee063,
- 0x00000000e965a51a, 0x00000000e93c45d2, 0x00000000e912c292,
- 0x00000000e8e91b61,
- 0x00000000e8bf5046, 0x00000000e8956146, 0x00000000e86b4e68,
- 0x00000000e84117b3, 0x00000000e816bd2d, 0x00000000e7ec3edc,
- 0x00000000e7c19cc8, 0x00000000e796d6f6, 0x00000000e76bed6e,
- 0x00000000e740e036,
- 0x00000000e715af54, 0x00000000e6ea5ad0, 0x00000000e6bee2af,
- 0x00000000e69346f9, 0x00000000e66787b5, 0x00000000e63ba4e9,
- 0x00000000e60f9e9b, 0x00000000e5e374d4, 0x00000000e5b72798,
- 0x00000000e58ab6f1,
- 0x00000000e55e22e3, 0x00000000e5316b76, 0x00000000e50490b1,
- 0x00000000e4d7929c, 0x00000000e4aa713c, 0x00000000e47d2c98,
- 0x00000000e44fc4b9, 0x00000000e42239a4, 0x00000000e3f48b61,
- 0x00000000e3c6b9f7,
- 0x00000000e398c56c, 0x00000000e36aadc9, 0x00000000e33c7314,
- 0x00000000e30e1554, 0x00000000e2df9490, 0x00000000e2b0f0d0,
- 0x00000000e2822a1a, 0x00000000e2534077, 0x00000000e22433ec,
- 0x00000000e1f50482,
- 0x00000000e1c5b240, 0x00000000e1963d2d, 0x00000000e166a550,
- 0x00000000e136eab0, 0x00000000e1070d56, 0x00000000e0d70d48,
- 0x00000000e0a6ea8e, 0x00000000e076a52f, 0x00000000e0463d33,
- 0x00000000e015b2a1,
- 0x00000000dfe50580, 0x00000000dfb435d9, 0x00000000df8343b2,
- 0x00000000df522f13, 0x00000000df20f804, 0x00000000deef9e8d,
- 0x00000000debe22b5, 0x00000000de8c8483, 0x00000000de5ac3ff,
- 0x00000000de28e131,
- 0x00000000ddf6dc21, 0x00000000ddc4b4d6, 0x00000000dd926b59,
- 0x00000000dd5fffb0, 0x00000000dd2d71e3, 0x00000000dcfac1fb,
- 0x00000000dcc7f000, 0x00000000dc94fbf8, 0x00000000dc61e5ec,
- 0x00000000dc2eade4,
- 0x00000000dbfb53e8, 0x00000000dbc7d7ff, 0x00000000db943a31,
- 0x00000000db607a88, 0x00000000db2c9909, 0x00000000daf895bf,
- 0x00000000dac470af, 0x00000000da9029e3, 0x00000000da5bc163,
- 0x00000000da273737,
- 0x00000000d9f28b66, 0x00000000d9bdbdf9, 0x00000000d988cef8,
- 0x00000000d953be6b, 0x00000000d91e8c5b, 0x00000000d8e938d0,
- 0x00000000d8b3c3d1, 0x00000000d87e2d67, 0x00000000d848759b,
- 0x00000000d8129c74,
- 0x00000000d7dca1fb, 0x00000000d7a68638, 0x00000000d7704934,
- 0x00000000d739eaf7, 0x00000000d7036b89, 0x00000000d6cccaf3,
- 0x00000000d696093d, 0x00000000d65f266f, 0x00000000d6282293,
- 0x00000000d5f0fdb0,
- 0x00000000d5b9b7d0, 0x00000000d58250fa, 0x00000000d54ac937,
- 0x00000000d513208f, 0x00000000d4db570c, 0x00000000d4a36cb6,
- 0x00000000d46b6195, 0x00000000d43335b3, 0x00000000d3fae917,
- 0x00000000d3c27bcb,
- 0x00000000d389edd7, 0x00000000d3513f43, 0x00000000d318701a,
- 0x00000000d2df8063, 0x00000000d2a67027, 0x00000000d26d3f6f,
- 0x00000000d233ee43, 0x00000000d1fa7cae, 0x00000000d1c0eab7,
- 0x00000000d1873867,
- 0x00000000d14d65c8, 0x00000000d11372e1, 0x00000000d0d95fbd,
- 0x00000000d09f2c64, 0x00000000d064d8df, 0x00000000d02a6537,
- 0x00000000cfefd176, 0x00000000cfb51da3, 0x00000000cf7a49c8,
- 0x00000000cf3f55ef,
- 0x00000000cf044220, 0x00000000cec90e64, 0x00000000ce8dbac5,
- 0x00000000ce52474c, 0x00000000ce16b401, 0x00000000cddb00ef,
- 0x00000000cd9f2e1e, 0x00000000cd633b97, 0x00000000cd272964,
- 0x00000000cceaf78e,
- 0x00000000ccaea61e, 0x00000000cc72351e, 0x00000000cc35a497,
- 0x00000000cbf8f492, 0x00000000cbbc2519, 0x00000000cb7f3634,
- 0x00000000cb4227ee, 0x00000000cb04fa50, 0x00000000cac7ad63,
- 0x00000000ca8a4131,
- 0x00000000ca4cb5c3, 0x00000000ca0f0b22, 0x00000000c9d14159,
- 0x00000000c9935870, 0x00000000c9555072, 0x00000000c9172967,
- 0x00000000c8d8e35a, 0x00000000c89a7e53, 0x00000000c85bfa5e,
- 0x00000000c81d5782,
- 0x00000000c7de95cb, 0x00000000c79fb541, 0x00000000c760b5ee,
- 0x00000000c72197dc, 0x00000000c6e25b15, 0x00000000c6a2ffa3,
- 0x00000000c663858f, 0x00000000c623ece2, 0x00000000c5e435a8,
- 0x00000000c5a45fe9,
- 0x00000000c5646bb0, 0x00000000c5245906, 0x00000000c4e427f6,
- 0x00000000c4a3d888, 0x00000000c4636ac8, 0x00000000c422debf,
- 0x00000000c3e23476, 0x00000000c3a16bf9, 0x00000000c3608550,
- 0x00000000c31f8087,
- 0x00000000c2de5da6, 0x00000000c29d1cb8, 0x00000000c25bbdc8,
- 0x00000000c21a40de, 0x00000000c1d8a606, 0x00000000c196ed49,
- 0x00000000c15516b2, 0x00000000c113224a, 0x00000000c0d1101d,
- 0x00000000c08ee033,
- 0x00000000c04c9297, 0x00000000c00a2754, 0x00000000bfc79e73,
- 0x00000000bf84f800, 0x00000000bf423404, 0x00000000beff5289,
- 0x00000000bebc539a, 0x00000000be793741, 0x00000000be35fd89,
- 0x00000000bdf2a67b,
- 0x00000000bdaf3223, 0x00000000bd6ba08b, 0x00000000bd27f1bc,
- 0x00000000bce425c2, 0x00000000bca03ca7, 0x00000000bc5c3676,
- 0x00000000bc181338, 0x00000000bbd3d2f9, 0x00000000bb8f75c3,
- 0x00000000bb4afba1,
- 0x00000000bb06649c, 0x00000000bac1b0c0, 0x00000000ba7ce018,
- 0x00000000ba37f2ad, 0x00000000b9f2e88b, 0x00000000b9adc1bc,
- 0x00000000b9687e4a, 0x00000000b9231e41, 0x00000000b8dda1ac,
- 0x00000000b8980894,
- 0x00000000b8525305, 0x00000000b80c8109, 0x00000000b7c692ac,
- 0x00000000b78087f7, 0x00000000b73a60f6, 0x00000000b6f41db4,
- 0x00000000b6adbe3a, 0x00000000b6674296, 0x00000000b620aad0,
- 0x00000000b5d9f6f4,
- 0x00000000b593270e, 0x00000000b54c3b27, 0x00000000b505334a,
- 0x00000000b4be0f84, 0x00000000b476cfde, 0x00000000b42f7464,
- 0x00000000b3e7fd20, 0x00000000b3a06a1e, 0x00000000b358bb69,
- 0x00000000b310f10c,
- 0x00000000b2c90b11, 0x00000000b2810985, 0x00000000b238ec71,
- 0x00000000b1f0b3e2, 0x00000000b1a85fe2, 0x00000000b15ff07c,
- 0x00000000b11765bc, 0x00000000b0cebfad, 0x00000000b085fe5a,
- 0x00000000b03d21ce,
- 0x00000000aff42a15, 0x00000000afab1739, 0x00000000af61e946,
- 0x00000000af18a048, 0x00000000aecf3c49, 0x00000000ae85bd55,
- 0x00000000ae3c2377, 0x00000000adf26ebb, 0x00000000ada89f2c,
- 0x00000000ad5eb4d5,
- 0x00000000ad14afc2, 0x00000000acca8ffd, 0x00000000ac805594,
- 0x00000000ac360090, 0x00000000abeb90fe, 0x00000000aba106e9,
- 0x00000000ab56625d, 0x00000000ab0ba364, 0x00000000aac0ca0b,
- 0x00000000aa75d65d,
- 0x00000000aa2ac865, 0x00000000a9dfa030, 0x00000000a9945dc9,
- 0x00000000a949013a, 0x00000000a8fd8a91, 0x00000000a8b1f9d8,
- 0x00000000a8664f1c, 0x00000000a81a8a68, 0x00000000a7ceabc7,
- 0x00000000a782b345,
- 0x00000000a736a0ef, 0x00000000a6ea74cf, 0x00000000a69e2ef2,
- 0x00000000a651cf63, 0x00000000a605562f, 0x00000000a5b8c360,
- 0x00000000a56c1702, 0x00000000a51f5123, 0x00000000a4d271cc,
- 0x00000000a485790b,
- 0x00000000a43866eb, 0x00000000a3eb3b77, 0x00000000a39df6bd,
- 0x00000000a35098c7, 0x00000000a30321a2, 0x00000000a2b5915a,
- 0x00000000a267e7fa, 0x00000000a21a258e, 0x00000000a1cc4a24,
- 0x00000000a17e55c5,
- 0x00000000a1304880, 0x00000000a0e2225f, 0x00000000a093e36f,
- 0x00000000a0458bbb, 0x000000009ff71b50, 0x000000009fa8923a,
- 0x000000009f59f086, 0x000000009f0b363e, 0x000000009ebc6370,
- 0x000000009e6d7827,
- 0x000000009e1e746f, 0x000000009dcf5856, 0x000000009d8023e6,
- 0x000000009d30d72d, 0x000000009ce17236, 0x000000009c91f50e,
- 0x000000009c425fc1, 0x000000009bf2b25b, 0x000000009ba2ece8,
- 0x000000009b530f76,
- 0x000000009b031a0f, 0x000000009ab30cc1, 0x000000009a62e797,
- 0x000000009a12aa9f, 0x0000000099c255e5, 0x000000009971e974,
- 0x000000009921655a, 0x0000000098d0c9a2, 0x0000000098801659,
- 0x00000000982f4b8d,
- 0x0000000097de6948, 0x00000000978d6f97, 0x00000000973c5e88,
- 0x0000000096eb3626, 0x000000009699f67f, 0x0000000096489f9e,
- 0x0000000095f73190, 0x0000000095a5ac61, 0x000000009554101f,
- 0x0000000095025cd6,
- 0x0000000094b09292, 0x00000000945eb161, 0x00000000940cb94e,
- 0x0000000093baaa66, 0x00000000936884b6, 0x000000009316484b,
- 0x0000000092c3f531, 0x0000000092718b75, 0x00000000921f0b24,
- 0x0000000091cc744b,
- 0x000000009179c6f5, 0x0000000091270331, 0x0000000090d4290a,
- 0x000000009081388e, 0x00000000902e31c8, 0x000000008fdb14c7,
- 0x000000008f87e197, 0x000000008f349845, 0x000000008ee138dd,
- 0x000000008e8dc36c,
- 0x000000008e3a3800, 0x000000008de696a5, 0x000000008d92df68,
- 0x000000008d3f1256, 0x000000008ceb2f7c, 0x000000008c9736e7,
- 0x000000008c4328a3, 0x000000008bef04bf, 0x000000008b9acb46,
- 0x000000008b467c45,
- 0x000000008af217cb, 0x000000008a9d9de3, 0x000000008a490e9b,
- 0x0000000089f469ff, 0x00000000899fb01e, 0x00000000894ae103,
- 0x0000000088f5fcbc, 0x0000000088a10357, 0x00000000884bf4df,
- 0x0000000087f6d163,
- 0x0000000087a198f0, 0x00000000874c4b92, 0x0000000086f6e956,
- 0x0000000086a1724b, 0x00000000864be67c, 0x0000000085f645f8,
- 0x0000000085a090cc, 0x00000000854ac704, 0x0000000084f4e8ad,
- 0x00000000849ef5d7,
- 0x000000008448ee8c, 0x0000000083f2d2db, 0x00000000839ca2d1,
- 0x0000000083465e7c, 0x0000000082f005e8, 0x0000000082999922,
- 0x0000000082431839, 0x0000000081ec833a, 0x000000008195da31,
- 0x00000000813f1d2d,
- 0x0000000080e84c3a, 0x0000000080916766, 0x00000000803a6ebf,
- 0x000000007fe36251, 0x000000007f8c422b, 0x000000007f350e59,
- 0x000000007eddc6ea, 0x000000007e866bea, 0x000000007e2efd67,
- 0x000000007dd77b6f,
- 0x000000007d7fe60f, 0x000000007d283d54, 0x000000007cd0814c,
- 0x000000007c78b205, 0x000000007c20cf8c, 0x000000007bc8d9ef,
- 0x000000007b70d13b, 0x000000007b18b57e, 0x000000007ac086c5,
- 0x000000007a68451f,
- 0x000000007a0ff098, 0x0000000079b7893e, 0x00000000795f0f1f,
- 0x0000000079068248, 0x0000000078ade2c8, 0x00000000785530ab,
- 0x0000000077fc6c01, 0x0000000077a394d5, 0x00000000774aab36,
- 0x0000000076f1af32,
- 0x000000007698a0d6, 0x00000000763f8030, 0x0000000075e64d4e,
- 0x00000000758d083e, 0x000000007533b10d, 0x0000000074da47c9,
- 0x000000007480cc80, 0x0000000074273f3f, 0x0000000073cda016,
- 0x000000007373ef10,
- 0x00000000731a2c3d, 0x0000000072c057aa, 0x0000000072667164,
- 0x00000000720c797a, 0x0000000071b26ffa, 0x00000000715854f2,
- 0x0000000070fe286e, 0x0000000070a3ea7e, 0x0000000070499b30,
- 0x000000006fef3a90,
- 0x000000006f94c8ae, 0x000000006f3a4596, 0x000000006edfb157,
- 0x000000006e850c00, 0x000000006e2a559d, 0x000000006dcf8e3d,
- 0x000000006d74b5ee, 0x000000006d19ccbe, 0x000000006cbed2bb,
- 0x000000006c63c7f3,
- 0x000000006c08ac74, 0x000000006bad804c, 0x000000006b524389,
- 0x000000006af6f639, 0x000000006a9b986b, 0x000000006a402a2c,
- 0x0000000069e4ab8a, 0x0000000069891c94, 0x00000000692d7d57,
- 0x0000000068d1cde3,
- 0x0000000068760e44, 0x00000000681a3e89, 0x0000000067be5ec1,
- 0x0000000067626ef9, 0x0000000067066f40, 0x0000000066aa5fa3,
- 0x00000000664e4032, 0x0000000065f210f9, 0x000000006595d209,
- 0x000000006539836d,
- 0x0000000064dd2536, 0x000000006480b770, 0x0000000064243a2b,
- 0x0000000063c7ad75, 0x00000000636b115c, 0x00000000630e65ed,
- 0x0000000062b1ab39, 0x000000006254e14c, 0x0000000061f80835,
- 0x00000000619b2002,
- 0x00000000613e28c2, 0x0000000060e12283, 0x0000000060840d54,
- 0x000000006026e943, 0x000000005fc9b65d, 0x000000005f6c74b2,
- 0x000000005f0f2450, 0x000000005eb1c545, 0x000000005e5457a0,
- 0x000000005df6db6f,
- 0x000000005d9950c0, 0x000000005d3bb7a3, 0x000000005cde1024,
- 0x000000005c805a54, 0x000000005c22963f, 0x000000005bc4c3f6,
- 0x000000005b66e385, 0x000000005b08f4fd, 0x000000005aaaf86a,
- 0x000000005a4ceddc,
- 0x0000000059eed561, 0x000000005990af08, 0x0000000059327adf,
- 0x0000000058d438f4, 0x000000005875e957, 0x0000000058178c16,
- 0x0000000057b9213f, 0x00000000575aa8e0, 0x0000000056fc230a,
- 0x00000000569d8fc9,
- 0x00000000563eef2d, 0x0000000055e04144, 0x000000005581861d,
- 0x000000005522bdc6, 0x0000000054c3e84e, 0x00000000546505c4,
- 0x0000000054061636, 0x0000000053a719b3, 0x000000005348104a,
- 0x0000000052e8fa09,
- 0x000000005289d6ff, 0x00000000522aa73a, 0x0000000051cb6aca,
- 0x00000000516c21bc, 0x00000000510ccc20, 0x0000000050ad6a05,
- 0x00000000504dfb78, 0x000000004fee808a, 0x000000004f8ef947,
- 0x000000004f2f65c0,
- 0x000000004ecfc603, 0x000000004e701a1f, 0x000000004e106222,
- 0x000000004db09e1b, 0x000000004d50ce19, 0x000000004cf0f22b,
- 0x000000004c910a5f, 0x000000004c3116c5, 0x000000004bd1176b,
- 0x000000004b710c5f,
- 0x000000004b10f5b2, 0x000000004ab0d371, 0x000000004a50a5ab,
- 0x0000000049f06c70, 0x00000000499027cd, 0x00000000492fd7d3,
- 0x0000000048cf7c8f, 0x00000000486f1611, 0x00000000480ea467,
- 0x0000000047ae27a1,
- 0x00000000474d9fcd, 0x0000000046ed0cfa, 0x00000000468c6f37,
- 0x00000000462bc693, 0x0000000045cb131c, 0x00000000456a54e3,
- 0x0000000045098bf5, 0x0000000044a8b861, 0x000000004447da37,
- 0x0000000043e6f186,
- 0x000000004385fe5c, 0x00000000432500c8, 0x0000000042c3f8d9,
- 0x000000004262e69f, 0x000000004201ca28, 0x0000000041a0a383,
- 0x00000000413f72bf, 0x0000000040de37eb, 0x00000000407cf317,
- 0x00000000401ba450,
- 0x000000003fba4ba7, 0x000000003f58e92a, 0x000000003ef77ce8,
- 0x000000003e9606f1, 0x000000003e348752, 0x000000003dd2fe1c,
- 0x000000003d716b5e, 0x000000003d0fcf25, 0x000000003cae2982,
- 0x000000003c4c7a83,
- 0x000000003beac238, 0x000000003b8900b0, 0x000000003b2735f9,
- 0x000000003ac56223, 0x000000003a63853d, 0x000000003a019f56,
- 0x00000000399fb07d, 0x00000000393db8c1, 0x0000000038dbb831,
- 0x000000003879aedd,
- 0x0000000038179cd3, 0x0000000037b58222, 0x0000000037535edb,
- 0x0000000036f1330b, 0x00000000368efec2, 0x00000000362cc20f,
- 0x0000000035ca7d02, 0x0000000035682fa9, 0x000000003505da14,
- 0x0000000034a37c51,
- 0x0000000034411671, 0x0000000033dea881, 0x00000000337c3292,
- 0x000000003319b4b3, 0x0000000032b72ef2, 0x000000003254a15e,
- 0x0000000031f20c08, 0x00000000318f6efe, 0x00000000312cca50,
- 0x0000000030ca1e0c,
- 0x0000000030676a43, 0x000000003004af02, 0x000000002fa1ec5a,
- 0x000000002f3f2259, 0x000000002edc510f, 0x000000002e79788b,
- 0x000000002e1698dc, 0x000000002db3b212, 0x000000002d50c43c,
- 0x000000002cedcf68,
- 0x000000002c8ad3a7, 0x000000002c27d108, 0x000000002bc4c799,
- 0x000000002b61b76b, 0x000000002afea08c, 0x000000002a9b830b,
- 0x000000002a385ef9, 0x0000000029d53464, 0x000000002972035b,
- 0x00000000290ecbee,
- 0x0000000028ab8e2c, 0x0000000028484a25, 0x0000000027e4ffe7,
- 0x000000002781af83, 0x00000000271e5906, 0x0000000026bafc82,
- 0x0000000026579a04, 0x0000000025f4319d, 0x000000002590c35c,
- 0x00000000252d4f4f,
- 0x0000000024c9d587, 0x0000000024665613, 0x000000002402d101,
- 0x00000000239f4662, 0x00000000233bb644, 0x0000000022d820b8,
- 0x00000000227485cc, 0x000000002210e590, 0x0000000021ad4013,
- 0x0000000021499565,
- 0x0000000020e5e594, 0x00000000208230b1, 0x00000000201e76ca,
- 0x000000001fbab7ef, 0x000000001f56f430, 0x000000001ef32b9b,
- 0x000000001e8f5e41, 0x000000001e2b8c30, 0x000000001dc7b578,
- 0x000000001d63da29,
- 0x000000001cfffa51, 0x000000001c9c1600, 0x000000001c382d46,
- 0x000000001bd44032, 0x000000001b704ed3, 0x000000001b0c5939,
- 0x000000001aa85f74, 0x000000001a446191, 0x0000000019e05fa2,
- 0x00000000197c59b5,
- 0x0000000019184fdb, 0x0000000018b44221, 0x0000000018503098,
- 0x0000000017ec1b50, 0x0000000017880257, 0x000000001723e5bd,
- 0x0000000016bfc591, 0x00000000165ba1e4, 0x0000000015f77ac3,
- 0x0000000015935040,
- 0x00000000152f2269, 0x0000000014caf14d, 0x000000001466bcfd,
- 0x0000000014028587, 0x00000000139e4afb, 0x00000000133a0d69,
- 0x0000000012d5cce0, 0x000000001271896f, 0x00000000120d4326,
- 0x0000000011a8fa15,
- 0x000000001144ae4a, 0x0000000010e05fd6, 0x00000000107c0ec7,
- 0x000000001017bb2d, 0x000000000fb36519, 0x000000000f4f0c98,
- 0x000000000eeab1bb, 0x000000000e865491, 0x000000000e21f52a,
- 0x000000000dbd9395,
- 0x000000000d592fe1, 0x000000000cf4ca1f, 0x000000000c90625c,
- 0x000000000c2bf8aa, 0x000000000bc78d18, 0x000000000b631fb4,
- 0x000000000afeb08f, 0x000000000a9a3fb8, 0x000000000a35cd3e,
- 0x0000000009d15931,
- 0x00000000096ce3a1, 0x0000000009086c9c, 0x0000000008a3f433,
- 0x00000000083f7a75, 0x0000000007daff71, 0x0000000007768337,
- 0x00000000071205d6, 0x0000000006ad875f, 0x00000000064907df,
- 0x0000000005e48768,
- 0x0000000005800608, 0x00000000051b83cf, 0x0000000004b700cc,
- 0x0000000004527d0f, 0x0000000003edf8a7, 0x00000000038973a4,
- 0x000000000324ee16, 0x0000000002c0680b, 0x00000000025be194,
- 0x0000000001f75ac0,
- 0x000000000192d39e, 0x00000000012e4c3e, 0x0000000000c9c4af,
- 0x0000000000653d02, 0x0000000000000000
+static const Eina_F32p32 eina_trigo[MAX_PREC] = {
+ 0x0000000100000000, 0x00000000ffffec43, 0x00000000ffffb10b,
+ 0x00000000ffff4e5a, 0x00000000fffec42e, 0x00000000fffe1287,
+ 0x00000000fffd3967, 0x00000000fffc38cd, 0x00000000fffb10b9,
+ 0x00000000fff9c12c,
+ 0x00000000fff84a25, 0x00000000fff6aba5, 0x00000000fff4e5ac,
+ 0x00000000fff2f83b, 0x00000000fff0e351, 0x00000000ffeea6ef,
+ 0x00000000ffec4316, 0x00000000ffe9b7c5, 0x00000000ffe704fe,
+ 0x00000000ffe42ac0,
+ 0x00000000ffe1290b, 0x00000000ffddffe2, 0x00000000ffdaaf43,
+ 0x00000000ffd7372f, 0x00000000ffd397a8, 0x00000000ffcfd0ad,
+ 0x00000000ffcbe23f, 0x00000000ffc7cc5f, 0x00000000ffc38f0d,
+ 0x00000000ffbf2a4b,
+ 0x00000000ffba9e17, 0x00000000ffb5ea75, 0x00000000ffb10f63,
+ 0x00000000ffac0ce3, 0x00000000ffa6e2f6, 0x00000000ffa1919c,
+ 0x00000000ff9c18d6, 0x00000000ff9678a6, 0x00000000ff90b10b,
+ 0x00000000ff8ac208,
+ 0x00000000ff84ab9c, 0x00000000ff7e6dc8, 0x00000000ff78088f,
+ 0x00000000ff717bf0, 0x00000000ff6ac7ec, 0x00000000ff63ec85,
+ 0x00000000ff5ce9bc, 0x00000000ff55bf92, 0x00000000ff4e6e08,
+ 0x00000000ff46f51f,
+ 0x00000000ff3f54d8, 0x00000000ff378d34, 0x00000000ff2f9e35,
+ 0x00000000ff2787dc, 0x00000000ff1f4a2a, 0x00000000ff16e520,
+ 0x00000000ff0e58c0, 0x00000000ff05a50a, 0x00000000fefcca01,
+ 0x00000000fef3c7a6,
+ 0x00000000feea9df9, 0x00000000fee14cfe, 0x00000000fed7d4b3,
+ 0x00000000fece351d, 0x00000000fec46e3b, 0x00000000feba800f,
+ 0x00000000feb06a9c, 0x00000000fea62de1, 0x00000000fe9bc9e2,
+ 0x00000000fe913e9f,
+ 0x00000000fe868c1b, 0x00000000fe7bb256, 0x00000000fe70b153,
+ 0x00000000fe658913, 0x00000000fe5a3998, 0x00000000fe4ec2e4,
+ 0x00000000fe4324f9, 0x00000000fe375fd7, 0x00000000fe2b7382,
+ 0x00000000fe1f5ffa,
+ 0x00000000fe132543, 0x00000000fe06c35d, 0x00000000fdfa3a4b,
+ 0x00000000fded8a0e, 0x00000000fde0b2a8, 0x00000000fdd3b41c,
+ 0x00000000fdc68e6c, 0x00000000fdb94199, 0x00000000fdabcda5,
+ 0x00000000fd9e3294,
+ 0x00000000fd907065, 0x00000000fd82871d, 0x00000000fd7476bd,
+ 0x00000000fd663f46, 0x00000000fd57e0bd, 0x00000000fd495b21,
+ 0x00000000fd3aae77, 0x00000000fd2bdabf, 0x00000000fd1cdffd,
+ 0x00000000fd0dbe32,
+ 0x00000000fcfe7562, 0x00000000fcef058e, 0x00000000fcdf6eb8,
+ 0x00000000fccfb0e4, 0x00000000fcbfcc13, 0x00000000fcafc048,
+ 0x00000000fc9f8d86, 0x00000000fc8f33ce, 0x00000000fc7eb325,
+ 0x00000000fc6e0b8b,
+ 0x00000000fc5d3d03, 0x00000000fc4c4791, 0x00000000fc3b2b37,
+ 0x00000000fc29e7f7, 0x00000000fc187dd5, 0x00000000fc06ecd2,
+ 0x00000000fbf534f2, 0x00000000fbe35637, 0x00000000fbd150a3,
+ 0x00000000fbbf243b,
+ 0x00000000fbacd100, 0x00000000fb9a56f6, 0x00000000fb87b61f,
+ 0x00000000fb74ee7e, 0x00000000fb620016, 0x00000000fb4eeaea,
+ 0x00000000fb3baefd, 0x00000000fb284c52, 0x00000000fb14c2eb,
+ 0x00000000fb0112cd,
+ 0x00000000faed3bf9, 0x00000000fad93e73, 0x00000000fac51a3f,
+ 0x00000000fab0cf5e, 0x00000000fa9c5dd5, 0x00000000fa87c5a6,
+ 0x00000000fa7306d5, 0x00000000fa5e2164, 0x00000000fa491558,
+ 0x00000000fa33e2b3,
+ 0x00000000fa1e8978, 0x00000000fa0909ab, 0x00000000f9f36350,
+ 0x00000000f9dd9668, 0x00000000f9c7a2f9, 0x00000000f9b18905,
+ 0x00000000f99b488f, 0x00000000f984e19c, 0x00000000f96e542e,
+ 0x00000000f957a049,
+ 0x00000000f940c5f1, 0x00000000f929c528, 0x00000000f9129df3,
+ 0x00000000f8fb5056, 0x00000000f8e3dc53, 0x00000000f8cc41ee,
+ 0x00000000f8b4812b, 0x00000000f89c9a0e, 0x00000000f8848c9b,
+ 0x00000000f86c58d4,
+ 0x00000000f853febe, 0x00000000f83b7e5d, 0x00000000f822d7b4,
+ 0x00000000f80a0ac7, 0x00000000f7f1179a, 0x00000000f7d7fe31,
+ 0x00000000f7bebe90, 0x00000000f7a558ba, 0x00000000f78bccb3,
+ 0x00000000f7721a80,
+ 0x00000000f7584225, 0x00000000f73e43a5, 0x00000000f7241f04,
+ 0x00000000f709d446, 0x00000000f6ef6370, 0x00000000f6d4cc85,
+ 0x00000000f6ba0f8a, 0x00000000f69f2c83, 0x00000000f6842374,
+ 0x00000000f668f461,
+ 0x00000000f64d9f4e, 0x00000000f632243f, 0x00000000f616833a,
+ 0x00000000f5fabc41, 0x00000000f5decf59, 0x00000000f5c2bc87,
+ 0x00000000f5a683cf, 0x00000000f58a2535, 0x00000000f56da0be,
+ 0x00000000f550f66e,
+ 0x00000000f5342649, 0x00000000f5173054, 0x00000000f4fa1494,
+ 0x00000000f4dcd30c, 0x00000000f4bf6bc2, 0x00000000f4a1deb9,
+ 0x00000000f4842bf7, 0x00000000f4665380, 0x00000000f4485559,
+ 0x00000000f42a3186,
+ 0x00000000f40be80c, 0x00000000f3ed78ef, 0x00000000f3cee434,
+ 0x00000000f3b029e1, 0x00000000f39149f9, 0x00000000f3724482,
+ 0x00000000f3531980, 0x00000000f333c8f8, 0x00000000f31452ef,
+ 0x00000000f2f4b76a,
+ 0x00000000f2d4f66d, 0x00000000f2b50ffe, 0x00000000f2950421,
+ 0x00000000f274d2dc, 0x00000000f2547c33, 0x00000000f234002b,
+ 0x00000000f2135eca, 0x00000000f1f29814, 0x00000000f1d1ac0e,
+ 0x00000000f1b09abe,
+ 0x00000000f18f6429, 0x00000000f16e0853, 0x00000000f14c8742,
+ 0x00000000f12ae0fb, 0x00000000f1091583, 0x00000000f0e724e0,
+ 0x00000000f0c50f17, 0x00000000f0a2d42c, 0x00000000f0807426,
+ 0x00000000f05def09,
+ 0x00000000f03b44db, 0x00000000f01875a1, 0x00000000eff58161,
+ 0x00000000efd2681f, 0x00000000efaf29e2, 0x00000000ef8bc6af,
+ 0x00000000ef683e8b, 0x00000000ef44917b, 0x00000000ef20bf86,
+ 0x00000000eefcc8b1,
+ 0x00000000eed8ad01, 0x00000000eeb46c7b, 0x00000000ee900727,
+ 0x00000000ee6b7d08, 0x00000000ee46ce25, 0x00000000ee21fa83,
+ 0x00000000edfd0228, 0x00000000edd7e51a, 0x00000000edb2a35f,
+ 0x00000000ed8d3cfc,
+ 0x00000000ed67b1f6, 0x00000000ed420255, 0x00000000ed1c2e1d,
+ 0x00000000ecf63554, 0x00000000ecd01801, 0x00000000eca9d628,
+ 0x00000000ec836fd1, 0x00000000ec5ce501, 0x00000000ec3635bd,
+ 0x00000000ec0f620d,
+ 0x00000000ebe869f5, 0x00000000ebc14d7d, 0x00000000eb9a0ca9,
+ 0x00000000eb72a780, 0x00000000eb4b1e08, 0x00000000eb237047,
+ 0x00000000eafb9e43, 0x00000000ead3a803, 0x00000000eaab8d8d,
+ 0x00000000ea834ee6,
+ 0x00000000ea5aec15, 0x00000000ea326520, 0x00000000ea09ba0d,
+ 0x00000000e9e0eae4, 0x00000000e9b7f7a9, 0x00000000e98ee063,
+ 0x00000000e965a51a, 0x00000000e93c45d2, 0x00000000e912c292,
+ 0x00000000e8e91b61,
+ 0x00000000e8bf5046, 0x00000000e8956146, 0x00000000e86b4e68,
+ 0x00000000e84117b3, 0x00000000e816bd2d, 0x00000000e7ec3edc,
+ 0x00000000e7c19cc8, 0x00000000e796d6f6, 0x00000000e76bed6e,
+ 0x00000000e740e036,
+ 0x00000000e715af54, 0x00000000e6ea5ad0, 0x00000000e6bee2af,
+ 0x00000000e69346f9, 0x00000000e66787b5, 0x00000000e63ba4e9,
+ 0x00000000e60f9e9b, 0x00000000e5e374d4, 0x00000000e5b72798,
+ 0x00000000e58ab6f1,
+ 0x00000000e55e22e3, 0x00000000e5316b76, 0x00000000e50490b1,
+ 0x00000000e4d7929c, 0x00000000e4aa713c, 0x00000000e47d2c98,
+ 0x00000000e44fc4b9, 0x00000000e42239a4, 0x00000000e3f48b61,
+ 0x00000000e3c6b9f7,
+ 0x00000000e398c56c, 0x00000000e36aadc9, 0x00000000e33c7314,
+ 0x00000000e30e1554, 0x00000000e2df9490, 0x00000000e2b0f0d0,
+ 0x00000000e2822a1a, 0x00000000e2534077, 0x00000000e22433ec,
+ 0x00000000e1f50482,
+ 0x00000000e1c5b240, 0x00000000e1963d2d, 0x00000000e166a550,
+ 0x00000000e136eab0, 0x00000000e1070d56, 0x00000000e0d70d48,
+ 0x00000000e0a6ea8e, 0x00000000e076a52f, 0x00000000e0463d33,
+ 0x00000000e015b2a1,
+ 0x00000000dfe50580, 0x00000000dfb435d9, 0x00000000df8343b2,
+ 0x00000000df522f13, 0x00000000df20f804, 0x00000000deef9e8d,
+ 0x00000000debe22b5, 0x00000000de8c8483, 0x00000000de5ac3ff,
+ 0x00000000de28e131,
+ 0x00000000ddf6dc21, 0x00000000ddc4b4d6, 0x00000000dd926b59,
+ 0x00000000dd5fffb0, 0x00000000dd2d71e3, 0x00000000dcfac1fb,
+ 0x00000000dcc7f000, 0x00000000dc94fbf8, 0x00000000dc61e5ec,
+ 0x00000000dc2eade4,
+ 0x00000000dbfb53e8, 0x00000000dbc7d7ff, 0x00000000db943a31,
+ 0x00000000db607a88, 0x00000000db2c9909, 0x00000000daf895bf,
+ 0x00000000dac470af, 0x00000000da9029e3, 0x00000000da5bc163,
+ 0x00000000da273737,
+ 0x00000000d9f28b66, 0x00000000d9bdbdf9, 0x00000000d988cef8,
+ 0x00000000d953be6b, 0x00000000d91e8c5b, 0x00000000d8e938d0,
+ 0x00000000d8b3c3d1, 0x00000000d87e2d67, 0x00000000d848759b,
+ 0x00000000d8129c74,
+ 0x00000000d7dca1fb, 0x00000000d7a68638, 0x00000000d7704934,
+ 0x00000000d739eaf7, 0x00000000d7036b89, 0x00000000d6cccaf3,
+ 0x00000000d696093d, 0x00000000d65f266f, 0x00000000d6282293,
+ 0x00000000d5f0fdb0,
+ 0x00000000d5b9b7d0, 0x00000000d58250fa, 0x00000000d54ac937,
+ 0x00000000d513208f, 0x00000000d4db570c, 0x00000000d4a36cb6,
+ 0x00000000d46b6195, 0x00000000d43335b3, 0x00000000d3fae917,
+ 0x00000000d3c27bcb,
+ 0x00000000d389edd7, 0x00000000d3513f43, 0x00000000d318701a,
+ 0x00000000d2df8063, 0x00000000d2a67027, 0x00000000d26d3f6f,
+ 0x00000000d233ee43, 0x00000000d1fa7cae, 0x00000000d1c0eab7,
+ 0x00000000d1873867,
+ 0x00000000d14d65c8, 0x00000000d11372e1, 0x00000000d0d95fbd,
+ 0x00000000d09f2c64, 0x00000000d064d8df, 0x00000000d02a6537,
+ 0x00000000cfefd176, 0x00000000cfb51da3, 0x00000000cf7a49c8,
+ 0x00000000cf3f55ef,
+ 0x00000000cf044220, 0x00000000cec90e64, 0x00000000ce8dbac5,
+ 0x00000000ce52474c, 0x00000000ce16b401, 0x00000000cddb00ef,
+ 0x00000000cd9f2e1e, 0x00000000cd633b97, 0x00000000cd272964,
+ 0x00000000cceaf78e,
+ 0x00000000ccaea61e, 0x00000000cc72351e, 0x00000000cc35a497,
+ 0x00000000cbf8f492, 0x00000000cbbc2519, 0x00000000cb7f3634,
+ 0x00000000cb4227ee, 0x00000000cb04fa50, 0x00000000cac7ad63,
+ 0x00000000ca8a4131,
+ 0x00000000ca4cb5c3, 0x00000000ca0f0b22, 0x00000000c9d14159,
+ 0x00000000c9935870, 0x00000000c9555072, 0x00000000c9172967,
+ 0x00000000c8d8e35a, 0x00000000c89a7e53, 0x00000000c85bfa5e,
+ 0x00000000c81d5782,
+ 0x00000000c7de95cb, 0x00000000c79fb541, 0x00000000c760b5ee,
+ 0x00000000c72197dc, 0x00000000c6e25b15, 0x00000000c6a2ffa3,
+ 0x00000000c663858f, 0x00000000c623ece2, 0x00000000c5e435a8,
+ 0x00000000c5a45fe9,
+ 0x00000000c5646bb0, 0x00000000c5245906, 0x00000000c4e427f6,
+ 0x00000000c4a3d888, 0x00000000c4636ac8, 0x00000000c422debf,
+ 0x00000000c3e23476, 0x00000000c3a16bf9, 0x00000000c3608550,
+ 0x00000000c31f8087,
+ 0x00000000c2de5da6, 0x00000000c29d1cb8, 0x00000000c25bbdc8,
+ 0x00000000c21a40de, 0x00000000c1d8a606, 0x00000000c196ed49,
+ 0x00000000c15516b2, 0x00000000c113224a, 0x00000000c0d1101d,
+ 0x00000000c08ee033,
+ 0x00000000c04c9297, 0x00000000c00a2754, 0x00000000bfc79e73,
+ 0x00000000bf84f800, 0x00000000bf423404, 0x00000000beff5289,
+ 0x00000000bebc539a, 0x00000000be793741, 0x00000000be35fd89,
+ 0x00000000bdf2a67b,
+ 0x00000000bdaf3223, 0x00000000bd6ba08b, 0x00000000bd27f1bc,
+ 0x00000000bce425c2, 0x00000000bca03ca7, 0x00000000bc5c3676,
+ 0x00000000bc181338, 0x00000000bbd3d2f9, 0x00000000bb8f75c3,
+ 0x00000000bb4afba1,
+ 0x00000000bb06649c, 0x00000000bac1b0c0, 0x00000000ba7ce018,
+ 0x00000000ba37f2ad, 0x00000000b9f2e88b, 0x00000000b9adc1bc,
+ 0x00000000b9687e4a, 0x00000000b9231e41, 0x00000000b8dda1ac,
+ 0x00000000b8980894,
+ 0x00000000b8525305, 0x00000000b80c8109, 0x00000000b7c692ac,
+ 0x00000000b78087f7, 0x00000000b73a60f6, 0x00000000b6f41db4,
+ 0x00000000b6adbe3a, 0x00000000b6674296, 0x00000000b620aad0,
+ 0x00000000b5d9f6f4,
+ 0x00000000b593270e, 0x00000000b54c3b27, 0x00000000b505334a,
+ 0x00000000b4be0f84, 0x00000000b476cfde, 0x00000000b42f7464,
+ 0x00000000b3e7fd20, 0x00000000b3a06a1e, 0x00000000b358bb69,
+ 0x00000000b310f10c,
+ 0x00000000b2c90b11, 0x00000000b2810985, 0x00000000b238ec71,
+ 0x00000000b1f0b3e2, 0x00000000b1a85fe2, 0x00000000b15ff07c,
+ 0x00000000b11765bc, 0x00000000b0cebfad, 0x00000000b085fe5a,
+ 0x00000000b03d21ce,
+ 0x00000000aff42a15, 0x00000000afab1739, 0x00000000af61e946,
+ 0x00000000af18a048, 0x00000000aecf3c49, 0x00000000ae85bd55,
+ 0x00000000ae3c2377, 0x00000000adf26ebb, 0x00000000ada89f2c,
+ 0x00000000ad5eb4d5,
+ 0x00000000ad14afc2, 0x00000000acca8ffd, 0x00000000ac805594,
+ 0x00000000ac360090, 0x00000000abeb90fe, 0x00000000aba106e9,
+ 0x00000000ab56625d, 0x00000000ab0ba364, 0x00000000aac0ca0b,
+ 0x00000000aa75d65d,
+ 0x00000000aa2ac865, 0x00000000a9dfa030, 0x00000000a9945dc9,
+ 0x00000000a949013a, 0x00000000a8fd8a91, 0x00000000a8b1f9d8,
+ 0x00000000a8664f1c, 0x00000000a81a8a68, 0x00000000a7ceabc7,
+ 0x00000000a782b345,
+ 0x00000000a736a0ef, 0x00000000a6ea74cf, 0x00000000a69e2ef2,
+ 0x00000000a651cf63, 0x00000000a605562f, 0x00000000a5b8c360,
+ 0x00000000a56c1702, 0x00000000a51f5123, 0x00000000a4d271cc,
+ 0x00000000a485790b,
+ 0x00000000a43866eb, 0x00000000a3eb3b77, 0x00000000a39df6bd,
+ 0x00000000a35098c7, 0x00000000a30321a2, 0x00000000a2b5915a,
+ 0x00000000a267e7fa, 0x00000000a21a258e, 0x00000000a1cc4a24,
+ 0x00000000a17e55c5,
+ 0x00000000a1304880, 0x00000000a0e2225f, 0x00000000a093e36f,
+ 0x00000000a0458bbb, 0x000000009ff71b50, 0x000000009fa8923a,
+ 0x000000009f59f086, 0x000000009f0b363e, 0x000000009ebc6370,
+ 0x000000009e6d7827,
+ 0x000000009e1e746f, 0x000000009dcf5856, 0x000000009d8023e6,
+ 0x000000009d30d72d, 0x000000009ce17236, 0x000000009c91f50e,
+ 0x000000009c425fc1, 0x000000009bf2b25b, 0x000000009ba2ece8,
+ 0x000000009b530f76,
+ 0x000000009b031a0f, 0x000000009ab30cc1, 0x000000009a62e797,
+ 0x000000009a12aa9f, 0x0000000099c255e5, 0x000000009971e974,
+ 0x000000009921655a, 0x0000000098d0c9a2, 0x0000000098801659,
+ 0x00000000982f4b8d,
+ 0x0000000097de6948, 0x00000000978d6f97, 0x00000000973c5e88,
+ 0x0000000096eb3626, 0x000000009699f67f, 0x0000000096489f9e,
+ 0x0000000095f73190, 0x0000000095a5ac61, 0x000000009554101f,
+ 0x0000000095025cd6,
+ 0x0000000094b09292, 0x00000000945eb161, 0x00000000940cb94e,
+ 0x0000000093baaa66, 0x00000000936884b6, 0x000000009316484b,
+ 0x0000000092c3f531, 0x0000000092718b75, 0x00000000921f0b24,
+ 0x0000000091cc744b,
+ 0x000000009179c6f5, 0x0000000091270331, 0x0000000090d4290a,
+ 0x000000009081388e, 0x00000000902e31c8, 0x000000008fdb14c7,
+ 0x000000008f87e197, 0x000000008f349845, 0x000000008ee138dd,
+ 0x000000008e8dc36c,
+ 0x000000008e3a3800, 0x000000008de696a5, 0x000000008d92df68,
+ 0x000000008d3f1256, 0x000000008ceb2f7c, 0x000000008c9736e7,
+ 0x000000008c4328a3, 0x000000008bef04bf, 0x000000008b9acb46,
+ 0x000000008b467c45,
+ 0x000000008af217cb, 0x000000008a9d9de3, 0x000000008a490e9b,
+ 0x0000000089f469ff, 0x00000000899fb01e, 0x00000000894ae103,
+ 0x0000000088f5fcbc, 0x0000000088a10357, 0x00000000884bf4df,
+ 0x0000000087f6d163,
+ 0x0000000087a198f0, 0x00000000874c4b92, 0x0000000086f6e956,
+ 0x0000000086a1724b, 0x00000000864be67c, 0x0000000085f645f8,
+ 0x0000000085a090cc, 0x00000000854ac704, 0x0000000084f4e8ad,
+ 0x00000000849ef5d7,
+ 0x000000008448ee8c, 0x0000000083f2d2db, 0x00000000839ca2d1,
+ 0x0000000083465e7c, 0x0000000082f005e8, 0x0000000082999922,
+ 0x0000000082431839, 0x0000000081ec833a, 0x000000008195da31,
+ 0x00000000813f1d2d,
+ 0x0000000080e84c3a, 0x0000000080916766, 0x00000000803a6ebf,
+ 0x000000007fe36251, 0x000000007f8c422b, 0x000000007f350e59,
+ 0x000000007eddc6ea, 0x000000007e866bea, 0x000000007e2efd67,
+ 0x000000007dd77b6f,
+ 0x000000007d7fe60f, 0x000000007d283d54, 0x000000007cd0814c,
+ 0x000000007c78b205, 0x000000007c20cf8c, 0x000000007bc8d9ef,
+ 0x000000007b70d13b, 0x000000007b18b57e, 0x000000007ac086c5,
+ 0x000000007a68451f,
+ 0x000000007a0ff098, 0x0000000079b7893e, 0x00000000795f0f1f,
+ 0x0000000079068248, 0x0000000078ade2c8, 0x00000000785530ab,
+ 0x0000000077fc6c01, 0x0000000077a394d5, 0x00000000774aab36,
+ 0x0000000076f1af32,
+ 0x000000007698a0d6, 0x00000000763f8030, 0x0000000075e64d4e,
+ 0x00000000758d083e, 0x000000007533b10d, 0x0000000074da47c9,
+ 0x000000007480cc80, 0x0000000074273f3f, 0x0000000073cda016,
+ 0x000000007373ef10,
+ 0x00000000731a2c3d, 0x0000000072c057aa, 0x0000000072667164,
+ 0x00000000720c797a, 0x0000000071b26ffa, 0x00000000715854f2,
+ 0x0000000070fe286e, 0x0000000070a3ea7e, 0x0000000070499b30,
+ 0x000000006fef3a90,
+ 0x000000006f94c8ae, 0x000000006f3a4596, 0x000000006edfb157,
+ 0x000000006e850c00, 0x000000006e2a559d, 0x000000006dcf8e3d,
+ 0x000000006d74b5ee, 0x000000006d19ccbe, 0x000000006cbed2bb,
+ 0x000000006c63c7f3,
+ 0x000000006c08ac74, 0x000000006bad804c, 0x000000006b524389,
+ 0x000000006af6f639, 0x000000006a9b986b, 0x000000006a402a2c,
+ 0x0000000069e4ab8a, 0x0000000069891c94, 0x00000000692d7d57,
+ 0x0000000068d1cde3,
+ 0x0000000068760e44, 0x00000000681a3e89, 0x0000000067be5ec1,
+ 0x0000000067626ef9, 0x0000000067066f40, 0x0000000066aa5fa3,
+ 0x00000000664e4032, 0x0000000065f210f9, 0x000000006595d209,
+ 0x000000006539836d,
+ 0x0000000064dd2536, 0x000000006480b770, 0x0000000064243a2b,
+ 0x0000000063c7ad75, 0x00000000636b115c, 0x00000000630e65ed,
+ 0x0000000062b1ab39, 0x000000006254e14c, 0x0000000061f80835,
+ 0x00000000619b2002,
+ 0x00000000613e28c2, 0x0000000060e12283, 0x0000000060840d54,
+ 0x000000006026e943, 0x000000005fc9b65d, 0x000000005f6c74b2,
+ 0x000000005f0f2450, 0x000000005eb1c545, 0x000000005e5457a0,
+ 0x000000005df6db6f,
+ 0x000000005d9950c0, 0x000000005d3bb7a3, 0x000000005cde1024,
+ 0x000000005c805a54, 0x000000005c22963f, 0x000000005bc4c3f6,
+ 0x000000005b66e385, 0x000000005b08f4fd, 0x000000005aaaf86a,
+ 0x000000005a4ceddc,
+ 0x0000000059eed561, 0x000000005990af08, 0x0000000059327adf,
+ 0x0000000058d438f4, 0x000000005875e957, 0x0000000058178c16,
+ 0x0000000057b9213f, 0x00000000575aa8e0, 0x0000000056fc230a,
+ 0x00000000569d8fc9,
+ 0x00000000563eef2d, 0x0000000055e04144, 0x000000005581861d,
+ 0x000000005522bdc6, 0x0000000054c3e84e, 0x00000000546505c4,
+ 0x0000000054061636, 0x0000000053a719b3, 0x000000005348104a,
+ 0x0000000052e8fa09,
+ 0x000000005289d6ff, 0x00000000522aa73a, 0x0000000051cb6aca,
+ 0x00000000516c21bc, 0x00000000510ccc20, 0x0000000050ad6a05,
+ 0x00000000504dfb78, 0x000000004fee808a, 0x000000004f8ef947,
+ 0x000000004f2f65c0,
+ 0x000000004ecfc603, 0x000000004e701a1f, 0x000000004e106222,
+ 0x000000004db09e1b, 0x000000004d50ce19, 0x000000004cf0f22b,
+ 0x000000004c910a5f, 0x000000004c3116c5, 0x000000004bd1176b,
+ 0x000000004b710c5f,
+ 0x000000004b10f5b2, 0x000000004ab0d371, 0x000000004a50a5ab,
+ 0x0000000049f06c70, 0x00000000499027cd, 0x00000000492fd7d3,
+ 0x0000000048cf7c8f, 0x00000000486f1611, 0x00000000480ea467,
+ 0x0000000047ae27a1,
+ 0x00000000474d9fcd, 0x0000000046ed0cfa, 0x00000000468c6f37,
+ 0x00000000462bc693, 0x0000000045cb131c, 0x00000000456a54e3,
+ 0x0000000045098bf5, 0x0000000044a8b861, 0x000000004447da37,
+ 0x0000000043e6f186,
+ 0x000000004385fe5c, 0x00000000432500c8, 0x0000000042c3f8d9,
+ 0x000000004262e69f, 0x000000004201ca28, 0x0000000041a0a383,
+ 0x00000000413f72bf, 0x0000000040de37eb, 0x00000000407cf317,
+ 0x00000000401ba450,
+ 0x000000003fba4ba7, 0x000000003f58e92a, 0x000000003ef77ce8,
+ 0x000000003e9606f1, 0x000000003e348752, 0x000000003dd2fe1c,
+ 0x000000003d716b5e, 0x000000003d0fcf25, 0x000000003cae2982,
+ 0x000000003c4c7a83,
+ 0x000000003beac238, 0x000000003b8900b0, 0x000000003b2735f9,
+ 0x000000003ac56223, 0x000000003a63853d, 0x000000003a019f56,
+ 0x00000000399fb07d, 0x00000000393db8c1, 0x0000000038dbb831,
+ 0x000000003879aedd,
+ 0x0000000038179cd3, 0x0000000037b58222, 0x0000000037535edb,
+ 0x0000000036f1330b, 0x00000000368efec2, 0x00000000362cc20f,
+ 0x0000000035ca7d02, 0x0000000035682fa9, 0x000000003505da14,
+ 0x0000000034a37c51,
+ 0x0000000034411671, 0x0000000033dea881, 0x00000000337c3292,
+ 0x000000003319b4b3, 0x0000000032b72ef2, 0x000000003254a15e,
+ 0x0000000031f20c08, 0x00000000318f6efe, 0x00000000312cca50,
+ 0x0000000030ca1e0c,
+ 0x0000000030676a43, 0x000000003004af02, 0x000000002fa1ec5a,
+ 0x000000002f3f2259, 0x000000002edc510f, 0x000000002e79788b,
+ 0x000000002e1698dc, 0x000000002db3b212, 0x000000002d50c43c,
+ 0x000000002cedcf68,
+ 0x000000002c8ad3a7, 0x000000002c27d108, 0x000000002bc4c799,
+ 0x000000002b61b76b, 0x000000002afea08c, 0x000000002a9b830b,
+ 0x000000002a385ef9, 0x0000000029d53464, 0x000000002972035b,
+ 0x00000000290ecbee,
+ 0x0000000028ab8e2c, 0x0000000028484a25, 0x0000000027e4ffe7,
+ 0x000000002781af83, 0x00000000271e5906, 0x0000000026bafc82,
+ 0x0000000026579a04, 0x0000000025f4319d, 0x000000002590c35c,
+ 0x00000000252d4f4f,
+ 0x0000000024c9d587, 0x0000000024665613, 0x000000002402d101,
+ 0x00000000239f4662, 0x00000000233bb644, 0x0000000022d820b8,
+ 0x00000000227485cc, 0x000000002210e590, 0x0000000021ad4013,
+ 0x0000000021499565,
+ 0x0000000020e5e594, 0x00000000208230b1, 0x00000000201e76ca,
+ 0x000000001fbab7ef, 0x000000001f56f430, 0x000000001ef32b9b,
+ 0x000000001e8f5e41, 0x000000001e2b8c30, 0x000000001dc7b578,
+ 0x000000001d63da29,
+ 0x000000001cfffa51, 0x000000001c9c1600, 0x000000001c382d46,
+ 0x000000001bd44032, 0x000000001b704ed3, 0x000000001b0c5939,
+ 0x000000001aa85f74, 0x000000001a446191, 0x0000000019e05fa2,
+ 0x00000000197c59b5,
+ 0x0000000019184fdb, 0x0000000018b44221, 0x0000000018503098,
+ 0x0000000017ec1b50, 0x0000000017880257, 0x000000001723e5bd,
+ 0x0000000016bfc591, 0x00000000165ba1e4, 0x0000000015f77ac3,
+ 0x0000000015935040,
+ 0x00000000152f2269, 0x0000000014caf14d, 0x000000001466bcfd,
+ 0x0000000014028587, 0x00000000139e4afb, 0x00000000133a0d69,
+ 0x0000000012d5cce0, 0x000000001271896f, 0x00000000120d4326,
+ 0x0000000011a8fa15,
+ 0x000000001144ae4a, 0x0000000010e05fd6, 0x00000000107c0ec7,
+ 0x000000001017bb2d, 0x000000000fb36519, 0x000000000f4f0c98,
+ 0x000000000eeab1bb, 0x000000000e865491, 0x000000000e21f52a,
+ 0x000000000dbd9395,
+ 0x000000000d592fe1, 0x000000000cf4ca1f, 0x000000000c90625c,
+ 0x000000000c2bf8aa, 0x000000000bc78d18, 0x000000000b631fb4,
+ 0x000000000afeb08f, 0x000000000a9a3fb8, 0x000000000a35cd3e,
+ 0x0000000009d15931,
+ 0x00000000096ce3a1, 0x0000000009086c9c, 0x0000000008a3f433,
+ 0x00000000083f7a75, 0x0000000007daff71, 0x0000000007768337,
+ 0x00000000071205d6, 0x0000000006ad875f, 0x00000000064907df,
+ 0x0000000005e48768,
+ 0x0000000005800608, 0x00000000051b83cf, 0x0000000004b700cc,
+ 0x0000000004527d0f, 0x0000000003edf8a7, 0x00000000038973a4,
+ 0x000000000324ee16, 0x0000000002c0680b, 0x00000000025be194,
+ 0x0000000001f75ac0,
+ 0x000000000192d39e, 0x00000000012e4c3e, 0x0000000000c9c4af,
+ 0x0000000000653d02, 0x0000000000000000
};
-EAPI Eina_F32p32
-eina_f32p32_cos(Eina_F32p32 a)
+EAPI Eina_F32p32 eina_f32p32_cos(Eina_F32p32 a)
{
- Eina_F32p32 F32P32_2PI;
- Eina_F32p32 F32P32_PI2;
- Eina_F32p32 F32P32_3PI2;
- Eina_F32p32 remainder_2PI;
- Eina_F32p32 remainder_PI;
- Eina_F32p32 interpol;
- Eina_F32p32 result;
- int idx;
- int index2;
+ Eina_F32p32 F32P32_2PI;
+ Eina_F32p32 F32P32_PI2;
+ Eina_F32p32 F32P32_3PI2;
+ Eina_F32p32 remainder_2PI;
+ Eina_F32p32 remainder_PI;
+ Eina_F32p32 interpol;
+ Eina_F32p32 result;
+ int idx;
+ int index2;
- F32P32_2PI = EINA_F32P32_PI << 1;
- F32P32_PI2 = EINA_F32P32_PI >> 1;
- F32P32_3PI2 = EINA_F32P32_PI + F32P32_PI2;
+ F32P32_2PI = EINA_F32P32_PI << 1;
+ F32P32_PI2 = EINA_F32P32_PI >> 1;
+ F32P32_3PI2 = EINA_F32P32_PI + F32P32_PI2;
- /* Take advantage of cosinus symetrie. */
- a = eina_fp32p32_llabs(a);
+ /* Take advantage of cosinus symetrie. */
+ a = eina_fp32p32_llabs(a);
- /* Find table entry in 0 to PI / 2 */
- remainder_PI = a - (a / EINA_F32P32_PI) * EINA_F32P32_PI;
+ /* Find table entry in 0 to PI / 2 */
+ remainder_PI = a - (a / EINA_F32P32_PI) * EINA_F32P32_PI;
- /* Find which case from 0 to 2 * PI */
- remainder_2PI = a - (a / F32P32_2PI) * F32P32_2PI;
+ /* Find which case from 0 to 2 * PI */
+ remainder_2PI = a - (a / F32P32_2PI) * F32P32_2PI;
- interpol = eina_f32p32_div(eina_f32p32_scale(remainder_PI, MAX_PREC * 2),
- EINA_F32P32_PI);
- idx = eina_f32p32_int_to(interpol);
- if (idx >= MAX_PREC)
- idx = 2 * MAX_PREC - (idx - 1);
+ interpol =
+ eina_f32p32_div(eina_f32p32_scale(remainder_PI, MAX_PREC * 2),
+ EINA_F32P32_PI);
+ idx = eina_f32p32_int_to(interpol);
+ if (idx >= MAX_PREC)
+ idx = 2 * MAX_PREC - (idx - 1);
- index2 = idx + 1;
- if (index2 == MAX_PREC)
- index2 = idx - 1;
+ index2 = idx + 1;
+ if (index2 == MAX_PREC)
+ index2 = idx - 1;
- result = eina_f32p32_add(eina_trigo[idx],
- eina_f32p32_mul(eina_f32p32_sub(eina_trigo[idx],
- eina_trigo[index2]),
- (Eina_F32p32)eina_f32p32_fracc_get(
- interpol)));
+ result = eina_f32p32_add(eina_trigo[idx],
+ eina_f32p32_mul(eina_f32p32_sub
+ (eina_trigo[idx],
+ eina_trigo[index2]),
+ (Eina_F32p32)
+ eina_f32p32_fracc_get
+ (interpol)));
- if (0 <= remainder_2PI && remainder_2PI < F32P32_PI2)
- return result;
- else if (F32P32_PI2 <= remainder_2PI && remainder_2PI < EINA_F32P32_PI)
- return -result;
- else if (EINA_F32P32_PI <= remainder_2PI && remainder_2PI < F32P32_3PI2)
- return -result;
- else /* if (F32P32_3PI2 <= remainder_2PI) */
- return result;
+ if (0 <= remainder_2PI && remainder_2PI < F32P32_PI2)
+ return result;
+ else if (F32P32_PI2 <= remainder_2PI
+ && remainder_2PI < EINA_F32P32_PI)
+ return -result;
+ else if (EINA_F32P32_PI <= remainder_2PI
+ && remainder_2PI < F32P32_3PI2)
+ return -result;
+ else /* if (F32P32_3PI2 <= remainder_2PI) */
+ return result;
}
-EAPI Eina_F32p32
-eina_f32p32_sin(Eina_F32p32 a)
+EAPI Eina_F32p32 eina_f32p32_sin(Eina_F32p32 a)
{
- Eina_F32p32 F32P32_2PI;
- Eina_F32p32 F32P32_PI2;
- Eina_F32p32 F32P32_3PI2;
- Eina_F32p32 remainder_2PI;
- Eina_F32p32 remainder_PI;
- Eina_F32p32 interpol;
- Eina_F32p32 result;
- int idx;
- int index2;
+ Eina_F32p32 F32P32_2PI;
+ Eina_F32p32 F32P32_PI2;
+ Eina_F32p32 F32P32_3PI2;
+ Eina_F32p32 remainder_2PI;
+ Eina_F32p32 remainder_PI;
+ Eina_F32p32 interpol;
+ Eina_F32p32 result;
+ int idx;
+ int index2;
- F32P32_2PI = EINA_F32P32_PI << 1;
- F32P32_PI2 = EINA_F32P32_PI >> 1;
- F32P32_3PI2 = EINA_F32P32_PI + F32P32_PI2;
+ F32P32_2PI = EINA_F32P32_PI << 1;
+ F32P32_PI2 = EINA_F32P32_PI >> 1;
+ F32P32_3PI2 = EINA_F32P32_PI + F32P32_PI2;
- /* We only have a table for cosinus, but sin(a) = cos(pi / 2 - a) */
- a = eina_f32p32_sub(F32P32_PI2, a);
+ /* We only have a table for cosinus, but sin(a) = cos(pi / 2 - a) */
+ a = eina_f32p32_sub(F32P32_PI2, a);
- /* Take advantage of cosinus symetrie. */
- a = eina_fp32p32_llabs(a);
+ /* Take advantage of cosinus symetrie. */
+ a = eina_fp32p32_llabs(a);
- /* Find table entry in 0 to PI / 2 */
- remainder_PI = a - (a / EINA_F32P32_PI) * EINA_F32P32_PI;
+ /* Find table entry in 0 to PI / 2 */
+ remainder_PI = a - (a / EINA_F32P32_PI) * EINA_F32P32_PI;
- /* Find which case from 0 to 2 * PI */
- remainder_2PI = a - (a / F32P32_2PI) * F32P32_2PI;
+ /* Find which case from 0 to 2 * PI */
+ remainder_2PI = a - (a / F32P32_2PI) * F32P32_2PI;
- interpol = eina_f32p32_div(eina_f32p32_scale(remainder_PI, MAX_PREC * 2),
- EINA_F32P32_PI);
- idx = eina_f32p32_int_to(interpol);
- if (idx >= MAX_PREC)
- idx = 2 * MAX_PREC - (idx + 1);
+ interpol =
+ eina_f32p32_div(eina_f32p32_scale(remainder_PI, MAX_PREC * 2),
+ EINA_F32P32_PI);
+ idx = eina_f32p32_int_to(interpol);
+ if (idx >= MAX_PREC)
+ idx = 2 * MAX_PREC - (idx + 1);
- index2 = idx + 1;
- if (index2 == MAX_PREC)
- index2 = idx - 1;
+ index2 = idx + 1;
+ if (index2 == MAX_PREC)
+ index2 = idx - 1;
- result = eina_f32p32_add(eina_trigo[idx],
- eina_f32p32_mul(eina_f32p32_sub(eina_trigo[idx],
- eina_trigo[index2]),
- (Eina_F32p32)eina_f32p32_fracc_get(
- interpol)));
+ result = eina_f32p32_add(eina_trigo[idx],
+ eina_f32p32_mul(eina_f32p32_sub
+ (eina_trigo[idx],
+ eina_trigo[index2]),
+ (Eina_F32p32)
+ eina_f32p32_fracc_get
+ (interpol)));
- if (0 <= remainder_2PI && remainder_2PI < F32P32_PI2)
- return result;
- else if (F32P32_PI2 <= remainder_2PI && remainder_2PI < EINA_F32P32_PI)
- return -result;
- else if (EINA_F32P32_PI <= remainder_2PI && remainder_2PI < F32P32_3PI2)
- return -result;
- else /* if (F32P32_3PI2 <= remainder_2PI) */
- return result;
+ if (0 <= remainder_2PI && remainder_2PI < F32P32_PI2)
+ return result;
+ else if (F32P32_PI2 <= remainder_2PI
+ && remainder_2PI < EINA_F32P32_PI)
+ return -result;
+ else if (EINA_F32P32_PI <= remainder_2PI
+ && remainder_2PI < F32P32_3PI2)
+ return -result;
+ else /* if (F32P32_3PI2 <= remainder_2PI) */
+ return result;
}
-
diff --git a/tests/suite/ecore/src/lib/eina_hamster.c b/tests/suite/ecore/src/lib/eina_hamster.c
index 2f68777cc6..4390430e8e 100644
--- a/tests/suite/ecore/src/lib/eina_hamster.c
+++ b/tests/suite/ecore/src/lib/eina_hamster.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
@@ -66,61 +66,58 @@ static int _eina_hamsters = -1;
*
* This function returns how many hamsters you have.
*/
-EAPI int
-eina_hamster_count(void)
+EAPI int eina_hamster_count(void)
{
- if (_eina_hamsters < 0)
- {
- int hrs = 0, min = 0, sec = 0;
- char mon[8] = "";
- int monnum = 0, day = 0, year = 0;
- int fields;
+ if (_eina_hamsters < 0) {
+ int hrs = 0, min = 0, sec = 0;
+ char mon[8] = "";
+ int monnum = 0, day = 0, year = 0;
+ int fields;
- fields = sscanf(_eina_hamster_time, "%02i:%02i:%02i", &hrs, &min, &sec);
- if (fields == 3)
- {
- _eina_hamsters = (hrs * 60) + min;
- fields = sscanf(_eina_hamster_date, "%s %i %i", mon, &day, &year);
- if (fields == 3)
- {
- int i;
- const char *mons[] =
- {
- "Jan",
- "Feb",
- "Mar",
- "Apr",
- "May",
- "Jun",
- "Jul",
- "Aug",
- "Sep",
- "Oct",
- "Nov",
- "Dec"
- };
+ fields =
+ sscanf(_eina_hamster_time, "%02i:%02i:%02i", &hrs,
+ &min, &sec);
+ if (fields == 3) {
+ _eina_hamsters = (hrs * 60) + min;
+ fields =
+ sscanf(_eina_hamster_date, "%s %i %i", mon,
+ &day, &year);
+ if (fields == 3) {
+ int i;
+ const char *mons[] = {
+ "Jan",
+ "Feb",
+ "Mar",
+ "Apr",
+ "May",
+ "Jun",
+ "Jul",
+ "Aug",
+ "Sep",
+ "Oct",
+ "Nov",
+ "Dec"
+ };
- for (i = 0; i < 12; i++)
- {
- if (!strcmp(mon, mons[i]))
- {
- monnum = i + 1;
- break;
- }
- }
- // alloc 60 for mins, 24 for hrs
- // alloc 1-31 (32) for days, 1-12 (13) for months
- // use year as-is, for 31 bits (signed) this gives us up to
- // 3584 years, which is good enough imho. - 1500 years from
- // now or so. :)
- _eina_hamsters +=
- (day + (monnum * 32) + (13 * 32 * year)) * (24 * 60);
- }
- }
- }
-
- // format: [rest - year][0-12 - month][0-31 - day][0-23 - hrs][0-59 - sec]
- return _eina_hamsters;
+ for (i = 0; i < 12; i++) {
+ if (!strcmp(mon, mons[i])) {
+ monnum = i + 1;
+ break;
+ }
+ }
+ // alloc 60 for mins, 24 for hrs
+ // alloc 1-31 (32) for days, 1-12 (13) for months
+ // use year as-is, for 31 bits (signed) this gives us up to
+ // 3584 years, which is good enough imho. - 1500 years from
+ // now or so. :)
+ _eina_hamsters +=
+ (day + (monnum * 32) +
+ (13 * 32 * year)) * (24 * 60);
+ }
+ }
+ }
+ // format: [rest - year][0-12 - month][0-31 - day][0-23 - hrs][0-59 - sec]
+ return _eina_hamsters;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_hash.c b/tests/suite/ecore/src/lib/eina_hash.c
index 4c5f533b55..e6a440baa6 100644
--- a/tests/suite/ecore/src/lib/eina_hash.c
+++ b/tests/suite/ecore/src/lib/eina_hash.c
@@ -18,16 +18,16 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef _MSC_VER
-# include <Evil.h>
+#include <Evil.h>
#else
-# include <stdint.h>
+#include <stdint.h>
#endif
#include "eina_config.h"
@@ -73,621 +73,622 @@ typedef struct _Eina_Hash_Foreach_Data Eina_Hash_Foreach_Data;
typedef struct _Eina_Iterator_Hash Eina_Iterator_Hash;
typedef struct _Eina_Hash_Each Eina_Hash_Each;
-struct _Eina_Hash
-{
- Eina_Key_Length key_length_cb;
- Eina_Key_Cmp key_cmp_cb;
- Eina_Key_Hash key_hash_cb;
- Eina_Free_Cb data_free_cb;
+struct _Eina_Hash {
+ Eina_Key_Length key_length_cb;
+ Eina_Key_Cmp key_cmp_cb;
+ Eina_Key_Hash key_hash_cb;
+ Eina_Free_Cb data_free_cb;
- Eina_Rbtree **buckets;
- int size;
- int mask;
+ Eina_Rbtree **buckets;
+ int size;
+ int mask;
- int population;
+ int population;
- EINA_MAGIC
-};
+ EINA_MAGIC};
-struct _Eina_Hash_Head
-{
- EINA_RBTREE;
- int hash;
+struct _Eina_Hash_Head {
+ EINA_RBTREE;
+ int hash;
- Eina_Rbtree *head;
+ Eina_Rbtree *head;
};
-struct _Eina_Hash_Element
-{
- EINA_RBTREE;
- Eina_Hash_Tuple tuple;
- Eina_Bool begin : 1;
+struct _Eina_Hash_Element {
+ EINA_RBTREE;
+ Eina_Hash_Tuple tuple;
+ Eina_Bool begin:1;
};
-struct _Eina_Hash_Foreach_Data
-{
- Eina_Hash_Foreach cb;
- const void *fdata;
+struct _Eina_Hash_Foreach_Data {
+ Eina_Hash_Foreach cb;
+ const void *fdata;
};
-typedef void *(*Eina_Iterator_Get_Content_Callback)(Eina_Iterator_Hash *it);
+typedef void *(*Eina_Iterator_Get_Content_Callback) (Eina_Iterator_Hash *
+ it);
#define FUNC_ITERATOR_GET_CONTENT(Function) ((Eina_Iterator_Get_Content_Callback)Function)
-struct _Eina_Iterator_Hash
-{
- Eina_Iterator iterator;
+struct _Eina_Iterator_Hash {
+ Eina_Iterator iterator;
- Eina_Iterator_Get_Content_Callback get_content;
- const Eina_Hash *hash;
+ Eina_Iterator_Get_Content_Callback get_content;
+ const Eina_Hash *hash;
- Eina_Iterator *current;
- Eina_Iterator *list;
- Eina_Hash_Head *hash_head;
- Eina_Hash_Element *hash_element;
- int bucket;
+ Eina_Iterator *current;
+ Eina_Iterator *list;
+ Eina_Hash_Head *hash_head;
+ Eina_Hash_Element *hash_element;
+ int bucket;
- int index;
+ int index;
- EINA_MAGIC
-};
+ EINA_MAGIC};
-struct _Eina_Hash_Each
-{
- Eina_Hash_Head *hash_head;
- const Eina_Hash_Element *hash_element;
- const void *data;
+struct _Eina_Hash_Each {
+ Eina_Hash_Head *hash_head;
+ const Eina_Hash_Element *hash_element;
+ const void *data;
};
#undef get16bits
#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__) \
|| defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__)
-# define get16bits(d) (*((const uint16_t *)(d)))
+#define get16bits(d) (*((const uint16_t *)(d)))
#endif
#if !defined (get16bits)
-# define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8) \
+#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8) \
+ (uint32_t)(((const uint8_t *)(d))[0]))
#endif
static inline int
-_eina_hash_hash_rbtree_cmp_hash(const Eina_Hash_Head *hash_head,
- const int *hash,
- __UNUSED__ int key_length,
- __UNUSED__ void *data)
+_eina_hash_hash_rbtree_cmp_hash(const Eina_Hash_Head * hash_head,
+ const int *hash,
+ __UNUSED__ int key_length,
+ __UNUSED__ void *data)
{
- return hash_head->hash - *hash;
+ return hash_head->hash - *hash;
}
static Eina_Rbtree_Direction
-_eina_hash_hash_rbtree_cmp_node(const Eina_Hash_Head *left,
- const Eina_Hash_Head *right,
- __UNUSED__ void *data)
+_eina_hash_hash_rbtree_cmp_node(const Eina_Hash_Head * left,
+ const Eina_Hash_Head * right,
+ __UNUSED__ void *data)
{
- if (left->hash - right->hash < 0)
- return EINA_RBTREE_LEFT;
+ if (left->hash - right->hash < 0)
+ return EINA_RBTREE_LEFT;
- return EINA_RBTREE_RIGHT;
+ return EINA_RBTREE_RIGHT;
}
static inline int
-_eina_hash_key_rbtree_cmp_key_data(const Eina_Hash_Element *hash_element,
- const Eina_Hash_Tuple *tuple,
- __UNUSED__ unsigned int key_length,
- Eina_Key_Cmp cmp)
+_eina_hash_key_rbtree_cmp_key_data(const Eina_Hash_Element * hash_element,
+ const Eina_Hash_Tuple * tuple,
+ __UNUSED__ unsigned int key_length,
+ Eina_Key_Cmp cmp)
{
- int result;
+ int result;
- result = cmp(hash_element->tuple.key,
- hash_element->tuple.key_length,
- tuple->key,
- tuple->key_length);
+ result = cmp(hash_element->tuple.key,
+ hash_element->tuple.key_length,
+ tuple->key, tuple->key_length);
- if (result == 0 && tuple->data && tuple->data != hash_element->tuple.data)
- return 1;
+ if (result == 0 && tuple->data
+ && tuple->data != hash_element->tuple.data)
+ return 1;
- return result;
+ return result;
}
static Eina_Rbtree_Direction
-_eina_hash_key_rbtree_cmp_node(const Eina_Hash_Element *left,
- const Eina_Hash_Element *right,
- Eina_Key_Cmp cmp)
+_eina_hash_key_rbtree_cmp_node(const Eina_Hash_Element * left,
+ const Eina_Hash_Element * right,
+ Eina_Key_Cmp cmp)
{
- int result;
+ int result;
- result = cmp(left->tuple.key, left->tuple.key_length,
- right->tuple.key, right->tuple.key_length);
+ result = cmp(left->tuple.key, left->tuple.key_length,
+ right->tuple.key, right->tuple.key_length);
- if (result < 0)
- return EINA_RBTREE_LEFT;
+ if (result < 0)
+ return EINA_RBTREE_LEFT;
- return EINA_RBTREE_RIGHT;
+ return EINA_RBTREE_RIGHT;
}
static inline Eina_Bool
-eina_hash_add_alloc_by_hash(Eina_Hash *hash,
- const void *key, int key_length, int alloc_length,
- int key_hash,
- const void *data)
-{
- Eina_Hash_Element *new_hash_element = NULL;
- Eina_Hash_Head *hash_head;
- Eina_Error error = 0;
- int hash_num;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
- EINA_MAGIC_CHECK_HASH(hash);
-
- error = EINA_ERROR_OUT_OF_MEMORY;
-
- /* Apply eina mask to hash. */
- hash_num = key_hash & hash->mask;
- key_hash &= EINA_HASH_RBTREE_MASK;
-
- if (!hash->buckets)
- {
- hash->buckets = calloc(sizeof (Eina_Rbtree *), hash->size);
- if (!hash->buckets) goto on_error;
-
- hash_head = NULL;
- }
- else
- /* Look up for head node. */
- hash_head = (Eina_Hash_Head *)eina_rbtree_inline_lookup(hash->buckets[hash_num],
- &key_hash, 0,
- EINA_RBTREE_CMP_KEY_CB(_eina_hash_hash_rbtree_cmp_hash),
- NULL);
-
- if (!hash_head)
- {
- /* If not found allocate it and an element. */
- hash_head = malloc(sizeof(Eina_Hash_Head) + sizeof(Eina_Hash_Element) + alloc_length);
- if (!hash_head)
- goto on_error;
-
- hash_head->hash = key_hash;
- hash_head->head = NULL;
-
- hash->buckets[hash_num] =
- eina_rbtree_inline_insert(hash->buckets[hash_num], EINA_RBTREE_GET(hash_head),
- EINA_RBTREE_CMP_NODE_CB(
- _eina_hash_hash_rbtree_cmp_node), NULL);
-
- new_hash_element = (Eina_Hash_Element *)(hash_head + 1);
- new_hash_element->begin = EINA_TRUE;
- }
-
- if (!new_hash_element)
- {
- /*
- Alloc a new element
- (No more lookup as we expect to support more than one item for one key).
- */
- new_hash_element = malloc(sizeof (Eina_Hash_Element) + alloc_length);
- if (!new_hash_element)
- goto on_error;
-
- new_hash_element->begin = EINA_FALSE;
- }
-
- /* Setup the element */
- new_hash_element->tuple.key_length = key_length;
- new_hash_element->tuple.data = (void *)data;
- if (alloc_length > 0)
- {
- new_hash_element->tuple.key = (char *)(new_hash_element + 1);
- memcpy((char *)new_hash_element->tuple.key, key, alloc_length);
- }
- else
- new_hash_element->tuple.key = key;
-
- /* add the new element to the hash. */
- hash_head->head = eina_rbtree_inline_insert(hash_head->head, EINA_RBTREE_GET(new_hash_element),
- EINA_RBTREE_CMP_NODE_CB(
- _eina_hash_key_rbtree_cmp_node),
- (const void *)hash->key_cmp_cb);
- hash->population++;
- return EINA_TRUE;
-
-on_error:
- eina_error_set(error);
- return EINA_FALSE;
+eina_hash_add_alloc_by_hash(Eina_Hash * hash,
+ const void *key, int key_length,
+ int alloc_length, int key_hash,
+ const void *data)
+{
+ Eina_Hash_Element *new_hash_element = NULL;
+ Eina_Hash_Head *hash_head;
+ Eina_Error error = 0;
+ int hash_num;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
+ EINA_MAGIC_CHECK_HASH(hash);
+
+ error = EINA_ERROR_OUT_OF_MEMORY;
+
+ /* Apply eina mask to hash. */
+ hash_num = key_hash & hash->mask;
+ key_hash &= EINA_HASH_RBTREE_MASK;
+
+ if (!hash->buckets) {
+ hash->buckets = calloc(sizeof(Eina_Rbtree *), hash->size);
+ if (!hash->buckets)
+ goto on_error;
+
+ hash_head = NULL;
+ } else
+ /* Look up for head node. */
+ hash_head =
+ (Eina_Hash_Head *) eina_rbtree_inline_lookup(hash->
+ buckets
+ [hash_num],
+ &key_hash,
+ 0,
+ EINA_RBTREE_CMP_KEY_CB
+ (_eina_hash_hash_rbtree_cmp_hash),
+ NULL);
+
+ if (!hash_head) {
+ /* If not found allocate it and an element. */
+ hash_head =
+ malloc(sizeof(Eina_Hash_Head) +
+ sizeof(Eina_Hash_Element) + alloc_length);
+ if (!hash_head)
+ goto on_error;
+
+ hash_head->hash = key_hash;
+ hash_head->head = NULL;
+
+ hash->buckets[hash_num] =
+ eina_rbtree_inline_insert(hash->buckets[hash_num],
+ EINA_RBTREE_GET(hash_head),
+ EINA_RBTREE_CMP_NODE_CB
+ (_eina_hash_hash_rbtree_cmp_node),
+ NULL);
+
+ new_hash_element = (Eina_Hash_Element *) (hash_head + 1);
+ new_hash_element->begin = EINA_TRUE;
+ }
+
+ if (!new_hash_element) {
+ /*
+ Alloc a new element
+ (No more lookup as we expect to support more than one item for one key).
+ */
+ new_hash_element =
+ malloc(sizeof(Eina_Hash_Element) + alloc_length);
+ if (!new_hash_element)
+ goto on_error;
+
+ new_hash_element->begin = EINA_FALSE;
+ }
+
+ /* Setup the element */
+ new_hash_element->tuple.key_length = key_length;
+ new_hash_element->tuple.data = (void *) data;
+ if (alloc_length > 0) {
+ new_hash_element->tuple.key =
+ (char *) (new_hash_element + 1);
+ memcpy((char *) new_hash_element->tuple.key, key,
+ alloc_length);
+ } else
+ new_hash_element->tuple.key = key;
+
+ /* add the new element to the hash. */
+ hash_head->head =
+ eina_rbtree_inline_insert(hash_head->head,
+ EINA_RBTREE_GET(new_hash_element),
+ EINA_RBTREE_CMP_NODE_CB
+ (_eina_hash_key_rbtree_cmp_node),
+ (const void *) hash->key_cmp_cb);
+ hash->population++;
+ return EINA_TRUE;
+
+ on_error:
+ eina_error_set(error);
+ return EINA_FALSE;
}
static Eina_Bool
-_eina_hash_rbtree_each(__UNUSED__ const Eina_Rbtree *container,
- const Eina_Hash_Head *hash_head,
- Eina_Hash_Each *data)
-{
- Eina_Iterator *it;
- Eina_Hash_Element *hash_element;
- Eina_Bool found = EINA_TRUE;
-
- it = eina_rbtree_iterator_prefix(hash_head->head);
- EINA_ITERATOR_FOREACH(it, hash_element)
- {
- if (hash_element->tuple.data == data->data)
- {
- data->hash_element = hash_element;
- data->hash_head = (Eina_Hash_Head *)hash_head;
- found = EINA_FALSE;
- break;
- }
- }
-
- eina_iterator_free(it);
- return found;
+_eina_hash_rbtree_each(__UNUSED__ const Eina_Rbtree * container,
+ const Eina_Hash_Head * hash_head,
+ Eina_Hash_Each * data)
+{
+ Eina_Iterator *it;
+ Eina_Hash_Element *hash_element;
+ Eina_Bool found = EINA_TRUE;
+
+ it = eina_rbtree_iterator_prefix(hash_head->head);
+ EINA_ITERATOR_FOREACH(it, hash_element) {
+ if (hash_element->tuple.data == data->data) {
+ data->hash_element = hash_element;
+ data->hash_head = (Eina_Hash_Head *) hash_head;
+ found = EINA_FALSE;
+ break;
+ }
+ }
+
+ eina_iterator_free(it);
+ return found;
}
-static inline Eina_Hash_Element *
-_eina_hash_find_by_hash(const Eina_Hash *hash,
- Eina_Hash_Tuple *tuple,
- int key_hash,
- Eina_Hash_Head **hash_head)
-{
- Eina_Hash_Element *hash_element;
- int rb_hash = key_hash & EINA_HASH_RBTREE_MASK;
-
- key_hash &= hash->mask;
-
- if (!hash->buckets)
- return NULL;
-
- *hash_head = (Eina_Hash_Head *)eina_rbtree_inline_lookup(hash->buckets[key_hash],
- &rb_hash, 0,
- EINA_RBTREE_CMP_KEY_CB(
- _eina_hash_hash_rbtree_cmp_hash),
- NULL);
- if (!*hash_head)
- return NULL;
-
- hash_element = (Eina_Hash_Element *)eina_rbtree_inline_lookup((*hash_head)->head,
- tuple, 0,
- EINA_RBTREE_CMP_KEY_CB(
- _eina_hash_key_rbtree_cmp_key_data),
- (const void *)hash->
- key_cmp_cb);
-
- return hash_element;
+static inline Eina_Hash_Element *_eina_hash_find_by_hash(const Eina_Hash *
+ hash,
+ Eina_Hash_Tuple *
+ tuple,
+ int key_hash,
+ Eina_Hash_Head **
+ hash_head)
+{
+ Eina_Hash_Element *hash_element;
+ int rb_hash = key_hash & EINA_HASH_RBTREE_MASK;
+
+ key_hash &= hash->mask;
+
+ if (!hash->buckets)
+ return NULL;
+
+ *hash_head =
+ (Eina_Hash_Head *) eina_rbtree_inline_lookup(hash->
+ buckets[key_hash],
+ &rb_hash, 0,
+ EINA_RBTREE_CMP_KEY_CB
+ (_eina_hash_hash_rbtree_cmp_hash),
+ NULL);
+ if (!*hash_head)
+ return NULL;
+
+ hash_element =
+ (Eina_Hash_Element *) eina_rbtree_inline_lookup((*hash_head)->
+ head, tuple, 0,
+ EINA_RBTREE_CMP_KEY_CB
+ (_eina_hash_key_rbtree_cmp_key_data),
+ (const void *)
+ hash->key_cmp_cb);
+
+ return hash_element;
}
-static inline Eina_Hash_Element *
-_eina_hash_find_by_data(const Eina_Hash *hash,
- const void *data,
- int *key_hash,
- Eina_Hash_Head **hash_head)
-{
- Eina_Hash_Each each;
- Eina_Iterator *it;
- int hash_num;
-
- if (!hash->buckets)
- return NULL;
-
- each.hash_element = NULL;
- each.data = data;
-
- for (hash_num = 0; hash_num < hash->size; hash_num++)
- {
- if (!hash->buckets[hash_num])
- continue;
-
- it = eina_rbtree_iterator_prefix(hash->buckets[hash_num]);
- eina_iterator_foreach(it, EINA_EACH_CB(_eina_hash_rbtree_each), &each);
- eina_iterator_free(it);
-
- if (each.hash_element)
- {
- *key_hash = hash_num;
- *hash_head = each.hash_head;
- return (Eina_Hash_Element *)each.hash_element;
- }
- }
-
- return NULL;
+static inline Eina_Hash_Element *_eina_hash_find_by_data(const Eina_Hash *
+ hash,
+ const void *data,
+ int *key_hash,
+ Eina_Hash_Head **
+ hash_head)
+{
+ Eina_Hash_Each each;
+ Eina_Iterator *it;
+ int hash_num;
+
+ if (!hash->buckets)
+ return NULL;
+
+ each.hash_element = NULL;
+ each.data = data;
+
+ for (hash_num = 0; hash_num < hash->size; hash_num++) {
+ if (!hash->buckets[hash_num])
+ continue;
+
+ it = eina_rbtree_iterator_prefix(hash->buckets[hash_num]);
+ eina_iterator_foreach(it,
+ EINA_EACH_CB(_eina_hash_rbtree_each),
+ &each);
+ eina_iterator_free(it);
+
+ if (each.hash_element) {
+ *key_hash = hash_num;
+ *hash_head = each.hash_head;
+ return (Eina_Hash_Element *) each.hash_element;
+ }
+ }
+
+ return NULL;
}
static void
-_eina_hash_el_free(Eina_Hash_Element *hash_element, Eina_Hash *hash)
+_eina_hash_el_free(Eina_Hash_Element * hash_element, Eina_Hash * hash)
{
- if (hash->data_free_cb)
- hash->data_free_cb(hash_element->tuple.data);
+ if (hash->data_free_cb)
+ hash->data_free_cb(hash_element->tuple.data);
- if (hash_element->begin == EINA_FALSE)
- free(hash_element);
+ if (hash_element->begin == EINA_FALSE)
+ free(hash_element);
}
static void
-_eina_hash_head_free(Eina_Hash_Head *hash_head, Eina_Hash *hash)
+_eina_hash_head_free(Eina_Hash_Head * hash_head, Eina_Hash * hash)
{
- eina_rbtree_delete(hash_head->head, EINA_RBTREE_FREE_CB(_eina_hash_el_free), hash);
- free(hash_head);
+ eina_rbtree_delete(hash_head->head,
+ EINA_RBTREE_FREE_CB(_eina_hash_el_free), hash);
+ free(hash_head);
}
static Eina_Bool
-_eina_hash_del_by_hash_el(Eina_Hash *hash,
- Eina_Hash_Element *hash_element,
- Eina_Hash_Head *hash_head,
- int key_hash)
-{
- hash_head->head = eina_rbtree_inline_remove(hash_head->head, EINA_RBTREE_GET(
- hash_element), EINA_RBTREE_CMP_NODE_CB(
- _eina_hash_key_rbtree_cmp_node),
- (const void *)hash->key_cmp_cb);
- _eina_hash_el_free(hash_element, hash);
-
- if (!hash_head->head)
- {
- key_hash &= hash->mask;
-
- hash->buckets[key_hash] =
- eina_rbtree_inline_remove(hash->buckets[key_hash], EINA_RBTREE_GET(
- hash_head),
- EINA_RBTREE_CMP_NODE_CB(
- _eina_hash_hash_rbtree_cmp_node), NULL);
- free(hash_head);
- }
-
- hash->population--;
- if (hash->population == 0)
- {
- free(hash->buckets);
- hash->buckets = NULL;
- }
-
- return EINA_TRUE;
+_eina_hash_del_by_hash_el(Eina_Hash * hash,
+ Eina_Hash_Element * hash_element,
+ Eina_Hash_Head * hash_head, int key_hash)
+{
+ hash_head->head =
+ eina_rbtree_inline_remove(hash_head->head,
+ EINA_RBTREE_GET(hash_element),
+ EINA_RBTREE_CMP_NODE_CB
+ (_eina_hash_key_rbtree_cmp_node),
+ (const void *) hash->key_cmp_cb);
+ _eina_hash_el_free(hash_element, hash);
+
+ if (!hash_head->head) {
+ key_hash &= hash->mask;
+
+ hash->buckets[key_hash] =
+ eina_rbtree_inline_remove(hash->buckets[key_hash],
+ EINA_RBTREE_GET(hash_head),
+ EINA_RBTREE_CMP_NODE_CB
+ (_eina_hash_hash_rbtree_cmp_node),
+ NULL);
+ free(hash_head);
+ }
+
+ hash->population--;
+ if (hash->population == 0) {
+ free(hash->buckets);
+ hash->buckets = NULL;
+ }
+
+ return EINA_TRUE;
}
static Eina_Bool
-_eina_hash_del_by_key_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data)
+_eina_hash_del_by_key_hash(Eina_Hash * hash,
+ const void *key,
+ int key_length, int key_hash, const void *data)
{
- Eina_Hash_Element *hash_element;
- Eina_Hash_Head *hash_head;
- Eina_Hash_Tuple tuple;
+ Eina_Hash_Element *hash_element;
+ Eina_Hash_Head *hash_head;
+ Eina_Hash_Tuple tuple;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
+ EINA_MAGIC_CHECK_HASH(hash);
- if (!hash->buckets)
- return EINA_FALSE;
+ if (!hash->buckets)
+ return EINA_FALSE;
- tuple.key = (void *)key;
- tuple.key_length = key_length;
- tuple.data = (void *)data;
+ tuple.key = (void *) key;
+ tuple.key_length = key_length;
+ tuple.data = (void *) data;
- hash_element = _eina_hash_find_by_hash(hash, &tuple, key_hash, &hash_head);
- if (!hash_element)
- return EINA_FALSE;
+ hash_element =
+ _eina_hash_find_by_hash(hash, &tuple, key_hash, &hash_head);
+ if (!hash_element)
+ return EINA_FALSE;
- return _eina_hash_del_by_hash_el(hash, hash_element, hash_head, key_hash);
+ return _eina_hash_del_by_hash_el(hash, hash_element, hash_head,
+ key_hash);
}
static Eina_Bool
-_eina_hash_del_by_key(Eina_Hash *hash, const void *key, const void *data)
+_eina_hash_del_by_key(Eina_Hash * hash, const void *key, const void *data)
{
- int key_length, key_hash;
+ int key_length, key_hash;
- EINA_MAGIC_CHECK_HASH(hash);
- if (!hash)
- return EINA_FALSE;
+ EINA_MAGIC_CHECK_HASH(hash);
+ if (!hash)
+ return EINA_FALSE;
- if (!key)
- return EINA_FALSE;
+ if (!key)
+ return EINA_FALSE;
- if (!hash->buckets)
- return EINA_FALSE;
+ if (!hash->buckets)
+ return EINA_FALSE;
- key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
- key_hash = hash->key_hash_cb(key, key_length);
- return _eina_hash_del_by_key_hash(hash, key, key_length, key_hash, data);
+ key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
+ key_hash = hash->key_hash_cb(key, key_length);
+ return _eina_hash_del_by_key_hash(hash, key, key_length, key_hash,
+ data);
}
-static unsigned int
-_eina_string_key_length(const char *key)
+static unsigned int _eina_string_key_length(const char *key)
{
- if (!key)
- return 0;
+ if (!key)
+ return 0;
- return (int)strlen(key) + 1;
+ return (int) strlen(key) + 1;
}
static int
_eina_string_key_cmp(const char *key1, __UNUSED__ int key1_length,
- const char *key2, __UNUSED__ int key2_length)
+ const char *key2, __UNUSED__ int key2_length)
{
- return strcmp(key1, key2);
+ return strcmp(key1, key2);
}
static int
_eina_stringshared_key_cmp(const char *key1, __UNUSED__ int key1_length,
- const char *key2, __UNUSED__ int key2_length)
+ const char *key2, __UNUSED__ int key2_length)
{
- return key1 - key2;
+ return key1 - key2;
}
-static unsigned int
-_eina_int32_key_length(__UNUSED__ const uint32_t *key)
+static unsigned int _eina_int32_key_length(__UNUSED__ const uint32_t * key)
{
- return 4;
+ return 4;
}
static int
-_eina_int32_key_cmp(const uint32_t *key1, __UNUSED__ int key1_length,
- const uint32_t *key2, __UNUSED__ int key2_length)
+_eina_int32_key_cmp(const uint32_t * key1, __UNUSED__ int key1_length,
+ const uint32_t * key2, __UNUSED__ int key2_length)
{
- return *key1 - *key2;
+ return *key1 - *key2;
}
-static unsigned int
-_eina_int64_key_length(__UNUSED__ const uint32_t *key)
+static unsigned int _eina_int64_key_length(__UNUSED__ const uint32_t * key)
{
- return 8;
+ return 8;
}
static int
-_eina_int64_key_cmp(const uint64_t *key1, __UNUSED__ int key1_length,
- const uint64_t *key2, __UNUSED__ int key2_length)
+_eina_int64_key_cmp(const uint64_t * key1, __UNUSED__ int key1_length,
+ const uint64_t * key2, __UNUSED__ int key2_length)
{
- return *key1 - *key2;
+ return *key1 - *key2;
}
static Eina_Bool
-_eina_foreach_cb(const Eina_Hash *hash,
- Eina_Hash_Tuple *data,
- Eina_Hash_Foreach_Data *fdata)
+_eina_foreach_cb(const Eina_Hash * hash,
+ Eina_Hash_Tuple * data, Eina_Hash_Foreach_Data * fdata)
{
- return fdata->cb((Eina_Hash *)hash,
- data->key,
- data->data,
- (void *)fdata->fdata);
+ return fdata->cb((Eina_Hash *) hash,
+ data->key, data->data, (void *) fdata->fdata);
}
-static void *
-_eina_hash_iterator_data_get_content(Eina_Iterator_Hash *it)
+static void *_eina_hash_iterator_data_get_content(Eina_Iterator_Hash * it)
{
- Eina_Hash_Element *stuff;
+ Eina_Hash_Element *stuff;
- EINA_MAGIC_CHECK_HASH_ITERATOR(it, NULL);
+ EINA_MAGIC_CHECK_HASH_ITERATOR(it, NULL);
- stuff = it->hash_element;
+ stuff = it->hash_element;
- if (!stuff)
- return NULL;
+ if (!stuff)
+ return NULL;
- return stuff->tuple.data;
+ return stuff->tuple.data;
}
-static void *
-_eina_hash_iterator_key_get_content(Eina_Iterator_Hash *it)
+static void *_eina_hash_iterator_key_get_content(Eina_Iterator_Hash * it)
{
- Eina_Hash_Element *stuff;
+ Eina_Hash_Element *stuff;
- EINA_MAGIC_CHECK_HASH_ITERATOR(it, NULL);
+ EINA_MAGIC_CHECK_HASH_ITERATOR(it, NULL);
- stuff = it->hash_element;
+ stuff = it->hash_element;
- if (!stuff)
- return NULL;
+ if (!stuff)
+ return NULL;
- return (void *)stuff->tuple.key;
+ return (void *) stuff->tuple.key;
}
-static Eina_Hash_Tuple *
-_eina_hash_iterator_tuple_get_content(Eina_Iterator_Hash *it)
+static Eina_Hash_Tuple
+ *_eina_hash_iterator_tuple_get_content(Eina_Iterator_Hash * it)
{
- Eina_Hash_Element *stuff;
+ Eina_Hash_Element *stuff;
- EINA_MAGIC_CHECK_HASH_ITERATOR(it, NULL);
+ EINA_MAGIC_CHECK_HASH_ITERATOR(it, NULL);
- stuff = it->hash_element;
+ stuff = it->hash_element;
- if (!stuff)
- return NULL;
+ if (!stuff)
+ return NULL;
- return &stuff->tuple;
+ return &stuff->tuple;
}
static Eina_Bool
-_eina_hash_iterator_next(Eina_Iterator_Hash *it, void **data)
-{
- Eina_Bool ok;
- int bucket;
-
- if (!(it->index < it->hash->population))
- return EINA_FALSE;
-
- if (!it->current)
- {
- ok = EINA_FALSE;
- bucket = 0;
- it->index = -1;
- }
- else
- {
- ok = eina_iterator_next(it->list, (void **)&it->hash_element);
- if (!ok)
- {
- eina_iterator_free(it->list);
- it->list = NULL;
-
- ok = eina_iterator_next(it->current, (void **)&it->hash_head);
- if (!ok)
- {
- eina_iterator_free(it->current);
- it->current = NULL;
- it->bucket++;
- }
- else
- {
- it->list = eina_rbtree_iterator_prefix(it->hash_head->head);
- ok = eina_iterator_next(it->list, (void **)&it->hash_element);
- }
- }
-
- bucket = it->bucket;
- }
-
- if (ok == EINA_FALSE)
- {
- while (bucket < it->hash->size)
- {
- if (it->hash->buckets[bucket])
- {
- it->current =
- eina_rbtree_iterator_prefix(it->hash->buckets[bucket]);
- ok = eina_iterator_next(it->current, (void **)&it->hash_head);
- if (ok)
- break;
-
- eina_iterator_free(it->current);
- it->current = NULL;
- }
-
- ++bucket;
- }
- if (it->list)
- eina_iterator_free(it->list);
-
- it->list = eina_rbtree_iterator_prefix(it->hash_head->head);
- ok = eina_iterator_next(it->list, (void **)&it->hash_element);
- if (bucket == it->hash->size)
- ok = EINA_FALSE;
- }
-
- it->index++;
- it->bucket = bucket;
-
- if (ok)
- *data = it->get_content(it);
-
- return ok;
+_eina_hash_iterator_next(Eina_Iterator_Hash * it, void **data)
+{
+ Eina_Bool ok;
+ int bucket;
+
+ if (!(it->index < it->hash->population))
+ return EINA_FALSE;
+
+ if (!it->current) {
+ ok = EINA_FALSE;
+ bucket = 0;
+ it->index = -1;
+ } else {
+ ok = eina_iterator_next(it->list,
+ (void **) &it->hash_element);
+ if (!ok) {
+ eina_iterator_free(it->list);
+ it->list = NULL;
+
+ ok = eina_iterator_next(it->current,
+ (void **) &it->hash_head);
+ if (!ok) {
+ eina_iterator_free(it->current);
+ it->current = NULL;
+ it->bucket++;
+ } else {
+ it->list =
+ eina_rbtree_iterator_prefix(it->
+ hash_head->
+ head);
+ ok = eina_iterator_next(it->list,
+ (void **) &it->
+ hash_element);
+ }
+ }
+
+ bucket = it->bucket;
+ }
+
+ if (ok == EINA_FALSE) {
+ while (bucket < it->hash->size) {
+ if (it->hash->buckets[bucket]) {
+ it->current =
+ eina_rbtree_iterator_prefix(it->hash->
+ buckets
+ [bucket]);
+ ok = eina_iterator_next(it->current,
+ (void **) &it->
+ hash_head);
+ if (ok)
+ break;
+
+ eina_iterator_free(it->current);
+ it->current = NULL;
+ }
+
+ ++bucket;
+ }
+ if (it->list)
+ eina_iterator_free(it->list);
+
+ it->list =
+ eina_rbtree_iterator_prefix(it->hash_head->head);
+ ok = eina_iterator_next(it->list,
+ (void **) &it->hash_element);
+ if (bucket == it->hash->size)
+ ok = EINA_FALSE;
+ }
+
+ it->index++;
+ it->bucket = bucket;
+
+ if (ok)
+ *data = it->get_content(it);
+
+ return ok;
}
-static void *
-_eina_hash_iterator_get_container(Eina_Iterator_Hash *it)
+static void *_eina_hash_iterator_get_container(Eina_Iterator_Hash * it)
{
- EINA_MAGIC_CHECK_HASH_ITERATOR(it, NULL);
- return (void *)it->hash;
+ EINA_MAGIC_CHECK_HASH_ITERATOR(it, NULL);
+ return (void *) it->hash;
}
-static void
-_eina_hash_iterator_free(Eina_Iterator_Hash *it)
+static void _eina_hash_iterator_free(Eina_Iterator_Hash * it)
{
- EINA_MAGIC_CHECK_HASH_ITERATOR(it);
- if (it->current)
- eina_iterator_free(it->current);
+ EINA_MAGIC_CHECK_HASH_ITERATOR(it);
+ if (it->current)
+ eina_iterator_free(it->current);
- if (it->list)
- eina_iterator_free(it->list);
+ if (it->list)
+ eina_iterator_free(it->list);
- free(it);
+ free(it);
}
/**
@@ -750,43 +751,42 @@ _eina_hash_iterator_free(Eina_Iterator_Hash *it)
* eina_hash_int64_new(), eina_hash_pointer_new() and
* eina_hash_stringshared_new().
*/
-EAPI Eina_Hash *
-eina_hash_new(Eina_Key_Length key_length_cb,
- Eina_Key_Cmp key_cmp_cb,
- Eina_Key_Hash key_hash_cb,
- Eina_Free_Cb data_free_cb,
- int buckets_power_size)
-{
- /* FIXME: Use mempool. */
- Eina_Hash *new;
-
- eina_error_set(0);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key_cmp_cb, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key_hash_cb, NULL);
- EINA_SAFETY_ON_TRUE_RETURN_VAL(buckets_power_size < 3, NULL);
- EINA_SAFETY_ON_TRUE_RETURN_VAL(buckets_power_size > 16, NULL);
-
- new = malloc(sizeof (Eina_Hash));
- if (!new)
- goto on_error;
-
- EINA_MAGIC_SET(new, EINA_MAGIC_HASH);
-
- new->key_length_cb = key_length_cb;
- new->key_cmp_cb = key_cmp_cb;
- new->key_hash_cb = key_hash_cb;
- new->data_free_cb = data_free_cb;
- new->buckets = NULL;
- new->population = 0;
-
- new->size = 1 << buckets_power_size;
- new->mask = new->size - 1;
-
- return new;
-
-on_error:
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
+EAPI Eina_Hash *eina_hash_new(Eina_Key_Length key_length_cb,
+ Eina_Key_Cmp key_cmp_cb,
+ Eina_Key_Hash key_hash_cb,
+ Eina_Free_Cb data_free_cb,
+ int buckets_power_size)
+{
+ /* FIXME: Use mempool. */
+ Eina_Hash *new;
+
+ eina_error_set(0);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key_cmp_cb, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key_hash_cb, NULL);
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(buckets_power_size < 3, NULL);
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(buckets_power_size > 16, NULL);
+
+ new = malloc(sizeof(Eina_Hash));
+ if (!new)
+ goto on_error;
+
+ EINA_MAGIC_SET(new, EINA_MAGIC_HASH);
+
+ new->key_length_cb = key_length_cb;
+ new->key_cmp_cb = key_cmp_cb;
+ new->key_hash_cb = key_hash_cb;
+ new->data_free_cb = data_free_cb;
+ new->buckets = NULL;
+ new->population = 0;
+
+ new->size = 1 << buckets_power_size;
+ new->mask = new->size - 1;
+
+ return new;
+
+ on_error:
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
}
/**
@@ -802,14 +802,12 @@ on_error:
* @p data_free_cb is a callback called when the hash table is
* freed. @c NULL can be passed as callback.
*/
-EAPI Eina_Hash *
-eina_hash_string_djb2_new(Eina_Free_Cb data_free_cb)
+EAPI Eina_Hash *eina_hash_string_djb2_new(Eina_Free_Cb data_free_cb)
{
- return eina_hash_new(EINA_KEY_LENGTH(_eina_string_key_length),
- EINA_KEY_CMP(_eina_string_key_cmp),
- EINA_KEY_HASH(eina_hash_djb2),
- data_free_cb,
- EINA_HASH_BUCKET_SIZE);
+ return eina_hash_new(EINA_KEY_LENGTH(_eina_string_key_length),
+ EINA_KEY_CMP(_eina_string_key_cmp),
+ EINA_KEY_HASH(eina_hash_djb2),
+ data_free_cb, EINA_HASH_BUCKET_SIZE);
}
/**
@@ -825,14 +823,12 @@ eina_hash_string_djb2_new(Eina_Free_Cb data_free_cb)
* @c NULL. @p data_free_cb is a callback called when the hash table is
* freed. @c NULL can be passed as callback.
*/
-EAPI Eina_Hash *
-eina_hash_string_superfast_new(Eina_Free_Cb data_free_cb)
+EAPI Eina_Hash *eina_hash_string_superfast_new(Eina_Free_Cb data_free_cb)
{
- return eina_hash_new(EINA_KEY_LENGTH(_eina_string_key_length),
- EINA_KEY_CMP(_eina_string_key_cmp),
- EINA_KEY_HASH(eina_hash_superfast),
- data_free_cb,
- EINA_HASH_BUCKET_SIZE);
+ return eina_hash_new(EINA_KEY_LENGTH(_eina_string_key_length),
+ EINA_KEY_CMP(_eina_string_key_cmp),
+ EINA_KEY_HASH(eina_hash_superfast),
+ data_free_cb, EINA_HASH_BUCKET_SIZE);
}
/**
@@ -850,14 +846,12 @@ eina_hash_string_superfast_new(Eina_Free_Cb data_free_cb)
* function returns @c NULL. @p data_free_cb is a callback called when
* the hash table is freed. @c NULL can be passed as callback.
*/
-EAPI Eina_Hash *
-eina_hash_string_small_new(Eina_Free_Cb data_free_cb)
+EAPI Eina_Hash *eina_hash_string_small_new(Eina_Free_Cb data_free_cb)
{
- return eina_hash_new(EINA_KEY_LENGTH(_eina_string_key_length),
- EINA_KEY_CMP(_eina_string_key_cmp),
- EINA_KEY_HASH(eina_hash_superfast),
- data_free_cb,
- EINA_HASH_SMALL_BUCKET_SIZE);
+ return eina_hash_new(EINA_KEY_LENGTH(_eina_string_key_length),
+ EINA_KEY_CMP(_eina_string_key_cmp),
+ EINA_KEY_HASH(eina_hash_superfast),
+ data_free_cb, EINA_HASH_SMALL_BUCKET_SIZE);
}
/**
@@ -875,14 +869,12 @@ eina_hash_string_small_new(Eina_Free_Cb data_free_cb)
* @p data_free_cb is a callback called when the hash table is freed.
* @c NULL can be passed as callback.
*/
-EAPI Eina_Hash *
-eina_hash_int32_new(Eina_Free_Cb data_free_cb)
+EAPI Eina_Hash *eina_hash_int32_new(Eina_Free_Cb data_free_cb)
{
- return eina_hash_new(EINA_KEY_LENGTH(_eina_int32_key_length),
- EINA_KEY_CMP(_eina_int32_key_cmp),
- EINA_KEY_HASH(eina_hash_int32),
- data_free_cb,
- EINA_HASH_BUCKET_SIZE);
+ return eina_hash_new(EINA_KEY_LENGTH(_eina_int32_key_length),
+ EINA_KEY_CMP(_eina_int32_key_cmp),
+ EINA_KEY_HASH(eina_hash_int32),
+ data_free_cb, EINA_HASH_BUCKET_SIZE);
}
/**
@@ -900,14 +892,12 @@ eina_hash_int32_new(Eina_Free_Cb data_free_cb)
* @p data_free_cb is a callback called when the hash table is freed.
* @c NULL can be passed as callback.
*/
-EAPI Eina_Hash *
-eina_hash_int64_new(Eina_Free_Cb data_free_cb)
+EAPI Eina_Hash *eina_hash_int64_new(Eina_Free_Cb data_free_cb)
{
- return eina_hash_new(EINA_KEY_LENGTH(_eina_int64_key_length),
- EINA_KEY_CMP(_eina_int64_key_cmp),
- EINA_KEY_HASH(eina_hash_int64),
- data_free_cb,
- EINA_HASH_BUCKET_SIZE);
+ return eina_hash_new(EINA_KEY_LENGTH(_eina_int64_key_length),
+ EINA_KEY_CMP(_eina_int64_key_cmp),
+ EINA_KEY_HASH(eina_hash_int64),
+ data_free_cb, EINA_HASH_BUCKET_SIZE);
}
/**
@@ -925,21 +915,18 @@ eina_hash_int64_new(Eina_Free_Cb data_free_cb)
* @p data_free_cb is a callback called when the hash table is freed.
* @c NULL can be passed as callback.
*/
-EAPI Eina_Hash *
-eina_hash_pointer_new(Eina_Free_Cb data_free_cb)
+EAPI Eina_Hash *eina_hash_pointer_new(Eina_Free_Cb data_free_cb)
{
#ifdef __LP64__
- return eina_hash_new(EINA_KEY_LENGTH(_eina_int64_key_length),
- EINA_KEY_CMP(_eina_int64_key_cmp),
- EINA_KEY_HASH(eina_hash_int64),
- data_free_cb,
- EINA_HASH_BUCKET_SIZE);
+ return eina_hash_new(EINA_KEY_LENGTH(_eina_int64_key_length),
+ EINA_KEY_CMP(_eina_int64_key_cmp),
+ EINA_KEY_HASH(eina_hash_int64),
+ data_free_cb, EINA_HASH_BUCKET_SIZE);
#else
- return eina_hash_new(EINA_KEY_LENGTH(_eina_int32_key_length),
- EINA_KEY_CMP(_eina_int32_key_cmp),
- EINA_KEY_HASH(eina_hash_int32),
- data_free_cb,
- EINA_HASH_BUCKET_SIZE);
+ return eina_hash_new(EINA_KEY_LENGTH(_eina_int32_key_length),
+ EINA_KEY_CMP(_eina_int32_key_cmp),
+ EINA_KEY_HASH(eina_hash_int32),
+ data_free_cb, EINA_HASH_BUCKET_SIZE);
#endif
}
@@ -966,14 +953,12 @@ eina_hash_pointer_new(Eina_Free_Cb data_free_cb)
* eina_hash_find(hash, "key")
* @endcode
*/
-EAPI Eina_Hash *
-eina_hash_stringshared_new(Eina_Free_Cb data_free_cb)
+EAPI Eina_Hash *eina_hash_stringshared_new(Eina_Free_Cb data_free_cb)
{
- return eina_hash_new(NULL,
- EINA_KEY_CMP(_eina_stringshared_key_cmp),
- EINA_KEY_HASH(eina_hash_superfast),
- data_free_cb,
- EINA_HASH_BUCKET_SIZE);
+ return eina_hash_new(NULL,
+ EINA_KEY_CMP(_eina_stringshared_key_cmp),
+ EINA_KEY_HASH(eina_hash_superfast),
+ data_free_cb, EINA_HASH_BUCKET_SIZE);
}
/**
@@ -985,14 +970,13 @@ eina_hash_stringshared_new(Eina_Free_Cb data_free_cb)
* This function returns the number of entries in @p hash, or 0 on
* error. If @p hash is @c NULL, 0 is returned.
*/
-EAPI int
-eina_hash_population(const Eina_Hash *hash)
+EAPI int eina_hash_population(const Eina_Hash * hash)
{
- if (!hash)
- return 0;
+ if (!hash)
+ return 0;
- EINA_MAGIC_CHECK_HASH(hash);
- return hash->population;
+ EINA_MAGIC_CHECK_HASH(hash);
+ return hash->population;
}
/**
@@ -1017,21 +1001,21 @@ eina_hash_population(const Eina_Hash *hash)
* hash = NULL;
* @endcode
*/
-EAPI void
-eina_hash_free(Eina_Hash *hash)
+EAPI void eina_hash_free(Eina_Hash * hash)
{
- int i;
-
- EINA_MAGIC_CHECK_HASH(hash);
- EINA_SAFETY_ON_NULL_RETURN(hash);
-
- if (hash->buckets)
- {
- for (i = 0; i < hash->size; i++)
- eina_rbtree_delete(hash->buckets[i], EINA_RBTREE_FREE_CB(_eina_hash_head_free), hash);
- free(hash->buckets);
- }
- free(hash);
+ int i;
+
+ EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN(hash);
+
+ if (hash->buckets) {
+ for (i = 0; i < hash->size; i++)
+ eina_rbtree_delete(hash->buckets[i],
+ EINA_RBTREE_FREE_CB
+ (_eina_hash_head_free), hash);
+ free(hash->buckets);
+ }
+ free(hash);
}
/**
@@ -1046,23 +1030,22 @@ eina_hash_free(Eina_Hash *hash)
* buckets value will be freed. If @p hash is @c NULL, the function
* returns immediately.
*/
-EAPI void
-eina_hash_free_buckets(Eina_Hash *hash)
-{
- int i;
-
- EINA_MAGIC_CHECK_HASH(hash);
- EINA_SAFETY_ON_NULL_RETURN(hash);
-
- if (hash->buckets)
- {
- for (i = 0; i < hash->size; i++)
- eina_rbtree_delete(hash->buckets[i],
- EINA_RBTREE_FREE_CB(_eina_hash_head_free), hash);
- free(hash->buckets);
- hash->buckets = NULL;
- hash->population = 0;
- }
+EAPI void eina_hash_free_buckets(Eina_Hash * hash)
+{
+ int i;
+
+ EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN(hash);
+
+ if (hash->buckets) {
+ for (i = 0; i < hash->size; i++)
+ eina_rbtree_delete(hash->buckets[i],
+ EINA_RBTREE_FREE_CB
+ (_eina_hash_head_free), hash);
+ free(hash->buckets);
+ hash->buckets = NULL;
+ hash->population = 0;
+ }
}
/**
@@ -1089,18 +1072,14 @@ eina_hash_free_buckets(Eina_Hash *hash)
* returns #EINA_FALSE if an error occurred, #EINA_TRUE otherwise.
*/
EAPI Eina_Bool
-eina_hash_add_by_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data)
-{
- return eina_hash_add_alloc_by_hash(hash,
- key,
- key_length,
- key_length,
- key_hash,
- data);
+eina_hash_add_by_hash(Eina_Hash * hash,
+ const void *key,
+ int key_length, int key_hash, const void *data)
+{
+ return eina_hash_add_alloc_by_hash(hash,
+ key,
+ key_length,
+ key_length, key_hash, data);
}
/**
@@ -1129,13 +1108,13 @@ eina_hash_add_by_hash(Eina_Hash *hash,
* returns #EINA_FALSE if an error occurred, #EINA_TRUE otherwise.
*/
EAPI Eina_Bool
-eina_hash_direct_add_by_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data)
+eina_hash_direct_add_by_hash(Eina_Hash * hash,
+ const void *key,
+ int key_length,
+ int key_hash, const void *data)
{
- return eina_hash_add_alloc_by_hash(hash, key, key_length, 0, key_hash, data);
+ return eina_hash_add_alloc_by_hash(hash, key, key_length, 0,
+ key_hash, data);
}
/**
@@ -1161,21 +1140,22 @@ eina_hash_direct_add_by_hash(Eina_Hash *hash,
* occurred, #EINA_TRUE otherwise.
*/
EAPI Eina_Bool
-eina_hash_add(Eina_Hash *hash, const void *key, const void *data)
+eina_hash_add(Eina_Hash * hash, const void *key, const void *data)
{
- unsigned int key_length;
- int key_hash;
+ unsigned int key_length;
+ int key_hash;
- EINA_MAGIC_CHECK_HASH(hash);
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
+ EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
- key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
- key_hash = hash->key_hash_cb(key, key_length);
+ key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
+ key_hash = hash->key_hash_cb(key, key_length);
- return eina_hash_add_alloc_by_hash(hash, key, key_length, key_length, key_hash, data);
+ return eina_hash_add_alloc_by_hash(hash, key, key_length,
+ key_length, key_hash, data);
}
/**
@@ -1203,21 +1183,22 @@ eina_hash_add(Eina_Hash *hash, const void *key, const void *data)
* occurred, #EINA_TRUE otherwise.
*/
EAPI Eina_Bool
-eina_hash_direct_add(Eina_Hash *hash, const void *key, const void *data)
+eina_hash_direct_add(Eina_Hash * hash, const void *key, const void *data)
{
- int key_length;
- int key_hash;
+ int key_length;
+ int key_hash;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
+ EINA_MAGIC_CHECK_HASH(hash);
- key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
- key_hash = hash->key_hash_cb(key, key_length);
+ key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
+ key_hash = hash->key_hash_cb(key, key_length);
- return eina_hash_add_alloc_by_hash(hash, key, key_length, 0, key_hash, data);
+ return eina_hash_add_alloc_by_hash(hash, key, key_length, 0,
+ key_hash, data);
}
/**
@@ -1241,15 +1222,14 @@ eina_hash_direct_add(Eina_Hash *hash, const void *key, const void *data)
* @note if you don't have the key, use eina_hash_del_by_data() instead.
*/
EAPI Eina_Bool
-eina_hash_del_by_key_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash)
+eina_hash_del_by_key_hash(Eina_Hash * hash,
+ const void *key, int key_length, int key_hash)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
- return _eina_hash_del_by_key_hash(hash, key, key_length, key_hash, NULL);
+ return _eina_hash_del_by_key_hash(hash, key, key_length, key_hash,
+ NULL);
}
/**
@@ -1273,13 +1253,12 @@ eina_hash_del_by_key_hash(Eina_Hash *hash,
* @note if you already have the key_hash, use eina_hash_del_by_key_hash() instead.
* @note if you don't have the key, use eina_hash_del_by_data() instead.
*/
-EAPI Eina_Bool
-eina_hash_del_by_key(Eina_Hash *hash, const void *key)
+EAPI Eina_Bool eina_hash_del_by_key(Eina_Hash * hash, const void *key)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, EINA_FALSE);
- return _eina_hash_del_by_key(hash, key, NULL);
+ return _eina_hash_del_by_key(hash, key, NULL);
}
/**
@@ -1301,28 +1280,29 @@ eina_hash_del_by_key(Eina_Hash *hash, const void *key)
*
* @note if you already have the key, use eina_hash_del_by_key() or eina_hash_del_by_key_hash() instead.
*/
-EAPI Eina_Bool
-eina_hash_del_by_data(Eina_Hash *hash, const void *data)
+EAPI Eina_Bool eina_hash_del_by_data(Eina_Hash * hash, const void *data)
{
- Eina_Hash_Element *hash_element;
- Eina_Hash_Head *hash_head;
- int key_hash;
+ Eina_Hash_Element *hash_element;
+ Eina_Hash_Head *hash_head;
+ int key_hash;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
+ EINA_MAGIC_CHECK_HASH(hash);
- hash_element = _eina_hash_find_by_data(hash, data, &key_hash, &hash_head);
- if (!hash_element)
- goto error;
+ hash_element =
+ _eina_hash_find_by_data(hash, data, &key_hash, &hash_head);
+ if (!hash_element)
+ goto error;
- if (hash_element->tuple.data != data)
- goto error;
+ if (hash_element->tuple.data != data)
+ goto error;
- return _eina_hash_del_by_hash_el(hash, hash_element, hash_head, key_hash);
+ return _eina_hash_del_by_hash_el(hash, hash_element, hash_head,
+ key_hash);
-error:
- return EINA_FALSE;
+ error:
+ return EINA_FALSE;
}
/**
@@ -1355,23 +1335,23 @@ error:
* directly.
*/
EAPI Eina_Bool
-eina_hash_del_by_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data)
+eina_hash_del_by_hash(Eina_Hash * hash,
+ const void *key,
+ int key_length, int key_hash, const void *data)
{
- Eina_Bool ret;
+ Eina_Bool ret;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_MAGIC_CHECK_HASH(hash);
- if (key)
- ret = _eina_hash_del_by_key_hash(hash, key, key_length, key_hash, data);
- else
- ret = eina_hash_del_by_data(hash, data);
+ if (key)
+ ret =
+ _eina_hash_del_by_key_hash(hash, key, key_length,
+ key_hash, data);
+ else
+ ret = eina_hash_del_by_data(hash, data);
- return ret;
+ return ret;
}
/**
@@ -1398,15 +1378,15 @@ eina_hash_del_by_hash(Eina_Hash *hash,
* directly.
*/
EAPI Eina_Bool
-eina_hash_del(Eina_Hash *hash, const void *key, const void *data)
+eina_hash_del(Eina_Hash * hash, const void *key, const void *data)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_MAGIC_CHECK_HASH(hash);
- if (!key)
- return eina_hash_del_by_data(hash, data);
+ if (!key)
+ return eina_hash_del_by_data(hash, data);
- return _eina_hash_del_by_key(hash, key, data);
+ return _eina_hash_del_by_key(hash, key, data);
}
/**
@@ -1426,31 +1406,30 @@ eina_hash_del(Eina_Hash *hash, const void *key, const void *data)
* @p hash is @c NULL, this function returns immediately @c NULL. This
* function returns the data pointer on success, @c NULL otherwise.
*/
-EAPI void *
-eina_hash_find_by_hash(const Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash)
+EAPI void *eina_hash_find_by_hash(const Eina_Hash * hash,
+ const void *key,
+ int key_length, int key_hash)
{
- Eina_Hash_Head *hash_head;
- Eina_Hash_Element *hash_element;
- Eina_Hash_Tuple tuple;
+ Eina_Hash_Head *hash_head;
+ Eina_Hash_Element *hash_element;
+ Eina_Hash_Tuple tuple;
- if (!hash)
- return NULL;
+ if (!hash)
+ return NULL;
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
+ EINA_MAGIC_CHECK_HASH(hash);
- tuple.key = key;
- tuple.key_length = key_length;
- tuple.data = NULL;
+ tuple.key = key;
+ tuple.key_length = key_length;
+ tuple.data = NULL;
- hash_element = _eina_hash_find_by_hash(hash, &tuple, key_hash, &hash_head);
- if (hash_element)
- return hash_element->tuple.data;
+ hash_element =
+ _eina_hash_find_by_hash(hash, &tuple, key_hash, &hash_head);
+ if (hash_element)
+ return hash_element->tuple.data;
- return NULL;
+ return NULL;
}
/**
@@ -1466,23 +1445,22 @@ eina_hash_find_by_hash(const Eina_Hash *hash,
* @c NULL. This function returns the data pointer on success, @c NULL
* otherwise.
*/
-EAPI void *
-eina_hash_find(const Eina_Hash *hash, const void *key)
+EAPI void *eina_hash_find(const Eina_Hash * hash, const void *key)
{
- int key_length;
- int hash_num;
+ int key_length;
+ int hash_num;
- if (!hash)
- return NULL;
+ if (!hash)
+ return NULL;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
+ EINA_MAGIC_CHECK_HASH(hash);
- key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
- hash_num = hash->key_hash_cb(key, key_length);
+ key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
+ hash_num = hash->key_hash_cb(key, key_length);
- return eina_hash_find_by_hash(hash, key, key_length, hash_num);
+ return eina_hash_find_by_hash(hash, key, key_length, hash_num);
}
/**
@@ -1498,35 +1476,33 @@ eina_hash_find(const Eina_Hash *hash, const void *key)
* found. If an existing entry is not found, nothing is added to the
* hash.
*/
-EAPI void *
-eina_hash_modify_by_hash(Eina_Hash *hash,
- const void *key,
- int key_length,
- int key_hash,
- const void *data)
-{
- Eina_Hash_Head *hash_head;
- Eina_Hash_Element *hash_element;
- void *old_data = NULL;
- Eina_Hash_Tuple tuple;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, NULL);
- EINA_MAGIC_CHECK_HASH(hash);
-
- tuple.key = key;
- tuple.key_length = key_length;
- tuple.data = NULL;
-
- hash_element = _eina_hash_find_by_hash(hash, &tuple, key_hash, &hash_head);
- if (hash_element)
- {
- old_data = hash_element->tuple.data;
- hash_element->tuple.data = (void *)data;
- }
-
- return old_data;
+EAPI void *eina_hash_modify_by_hash(Eina_Hash * hash,
+ const void *key,
+ int key_length,
+ int key_hash, const void *data)
+{
+ Eina_Hash_Head *hash_head;
+ Eina_Hash_Element *hash_element;
+ void *old_data = NULL;
+ Eina_Hash_Tuple tuple;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, NULL);
+ EINA_MAGIC_CHECK_HASH(hash);
+
+ tuple.key = key;
+ tuple.key_length = key_length;
+ tuple.data = NULL;
+
+ hash_element =
+ _eina_hash_find_by_hash(hash, &tuple, key_hash, &hash_head);
+ if (hash_element) {
+ old_data = hash_element->tuple.data;
+ hash_element->tuple.data = (void *) data;
+ }
+
+ return old_data;
}
/**
@@ -1545,46 +1521,45 @@ eina_hash_modify_by_hash(Eina_Hash *hash,
* otherwise it returns @c NULL. To check for errors, use
* eina_error_get().
*/
-EAPI void *
-eina_hash_set(Eina_Hash *hash, const void *key, const void *data)
-{
- Eina_Hash_Tuple tuple;
- Eina_Hash_Head *hash_head;
- Eina_Hash_Element *hash_element;
- int key_length;
- int key_hash;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, NULL);
- EINA_MAGIC_CHECK_HASH(hash);
-
- key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
- key_hash = hash->key_hash_cb(key, key_length);
-
- tuple.key = key;
- tuple.key_length = key_length;
- tuple.data = NULL;
-
- hash_element = _eina_hash_find_by_hash(hash, &tuple, key_hash, &hash_head);
- if (hash_element)
- {
- void *old_data = NULL;
-
- old_data = hash_element->tuple.data;
- hash_element->tuple.data = (void *)data;
- return old_data;
- }
-
- eina_hash_add_alloc_by_hash(hash,
- key,
- key_length,
- key_length,
- key_hash,
- data);
- return NULL;
+EAPI void *eina_hash_set(Eina_Hash * hash, const void *key,
+ const void *data)
+{
+ Eina_Hash_Tuple tuple;
+ Eina_Hash_Head *hash_head;
+ Eina_Hash_Element *hash_element;
+ int key_length;
+ int key_hash;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, NULL);
+ EINA_MAGIC_CHECK_HASH(hash);
+
+ key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
+ key_hash = hash->key_hash_cb(key, key_length);
+
+ tuple.key = key;
+ tuple.key_length = key_length;
+ tuple.data = NULL;
+
+ hash_element =
+ _eina_hash_find_by_hash(hash, &tuple, key_hash, &hash_head);
+ if (hash_element) {
+ void *old_data = NULL;
+
+ old_data = hash_element->tuple.data;
+ hash_element->tuple.data = (void *) data;
+ return old_data;
+ }
+
+ eina_hash_add_alloc_by_hash(hash,
+ key,
+ key_length,
+ key_length, key_hash, data);
+ return NULL;
}
+
/**
* @brief Modify the entry pointer at the specified key and return the old entry.
* @param hash The given hash table.
@@ -1597,22 +1572,23 @@ eina_hash_set(Eina_Hash *hash, const void *key, const void *data)
* hash. If no entry is found, nothing is added to @p hash. On success
* this function returns the old entry, otherwise it returns @c NULL.
*/
-EAPI void *
-eina_hash_modify(Eina_Hash *hash, const void *key, const void *data)
+EAPI void *eina_hash_modify(Eina_Hash * hash, const void *key,
+ const void *data)
{
- int key_length;
- int hash_num;
+ int key_length;
+ int hash_num;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, NULL);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(key, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, NULL);
+ EINA_MAGIC_CHECK_HASH(hash);
- key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
- hash_num = hash->key_hash_cb(key, key_length);
+ key_length = hash->key_length_cb ? hash->key_length_cb(key) : 0;
+ hash_num = hash->key_hash_cb(key, key_length);
- return eina_hash_modify_by_hash(hash, key, key_length, hash_num, data);
+ return eina_hash_modify_by_hash(hash, key, key_length, hash_num,
+ data);
}
/**
@@ -1629,31 +1605,32 @@ eina_hash_modify(Eina_Hash *hash, const void *key, const void *data)
* when destroying the old key.
*/
EAPI Eina_Bool
-eina_hash_move(Eina_Hash *hash, const void *old_key, const void *new_key)
+eina_hash_move(Eina_Hash * hash, const void *old_key, const void *new_key)
{
- Eina_Free_Cb hash_free_cb;
- const void *data;
- Eina_Bool result = EINA_FALSE;
+ Eina_Free_Cb hash_free_cb;
+ const void *data;
+ Eina_Bool result = EINA_FALSE;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(old_key, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(new_key, EINA_FALSE);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash->key_hash_cb, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(old_key, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(new_key, EINA_FALSE);
+ EINA_MAGIC_CHECK_HASH(hash);
- data = eina_hash_find(hash, old_key);
- if (!data) goto error;
+ data = eina_hash_find(hash, old_key);
+ if (!data)
+ goto error;
- hash_free_cb = hash->data_free_cb;
- hash->data_free_cb = NULL;
+ hash_free_cb = hash->data_free_cb;
+ hash->data_free_cb = NULL;
- eina_hash_del(hash, old_key, data);
- result = eina_hash_add(hash, new_key, data);
+ eina_hash_del(hash, old_key, data);
+ result = eina_hash_add(hash, new_key, data);
- hash->data_free_cb = hash_free_cb;
+ hash->data_free_cb = hash_free_cb;
-error:
- return result;
+ error:
+ return result;
}
/*============================================================================*
@@ -1694,26 +1671,26 @@ error:
* @endcode
*/
EAPI void
-eina_hash_foreach(const Eina_Hash *hash,
- Eina_Hash_Foreach func,
- const void *fdata)
+eina_hash_foreach(const Eina_Hash * hash,
+ Eina_Hash_Foreach func, const void *fdata)
{
- Eina_Iterator *it;
- Eina_Hash_Foreach_Data foreach;
+ Eina_Iterator *it;
+ Eina_Hash_Foreach_Data foreach;
- EINA_MAGIC_CHECK_HASH(hash);
- EINA_SAFETY_ON_NULL_RETURN(hash);
- EINA_SAFETY_ON_NULL_RETURN(func);
+ EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN(hash);
+ EINA_SAFETY_ON_NULL_RETURN(func);
- foreach.cb = func;
- foreach.fdata = fdata;
+ foreach.cb = func;
+ foreach.fdata = fdata;
- it = eina_hash_iterator_tuple_new(hash);
- if (!it)
- return;
- eina_iterator_foreach(it, EINA_EACH_CB(_eina_foreach_cb), &foreach);
+ it = eina_hash_iterator_tuple_new(hash);
+ if (!it)
+ return;
+ eina_iterator_foreach(it, EINA_EACH_CB(_eina_foreach_cb),
+ &foreach);
- eina_iterator_free(it);
+ eina_iterator_free(it);
}
/**
@@ -1735,35 +1712,35 @@ eina_hash_foreach(const Eina_Hash *hash,
* invalid. That is, if you add or remove items this iterator behavior
* is undefined and your program may crash.
*/
-EAPI Eina_Iterator *
-eina_hash_iterator_data_new(const Eina_Hash *hash)
+EAPI Eina_Iterator *eina_hash_iterator_data_new(const Eina_Hash * hash)
{
- Eina_Iterator_Hash *it;
+ Eina_Iterator_Hash *it;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
+ EINA_MAGIC_CHECK_HASH(hash);
- eina_error_set(0);
- it = calloc(1, sizeof (Eina_Iterator_Hash));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ it = calloc(1, sizeof(Eina_Iterator_Hash));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- it->hash = hash;
- it->get_content = FUNC_ITERATOR_GET_CONTENT(_eina_hash_iterator_data_get_content);
+ it->hash = hash;
+ it->get_content =
+ FUNC_ITERATOR_GET_CONTENT
+ (_eina_hash_iterator_data_get_content);
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(_eina_hash_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _eina_hash_iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(_eina_hash_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(_eina_hash_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(_eina_hash_iterator_get_container);
+ it->iterator.free = FUNC_ITERATOR_FREE(_eina_hash_iterator_free);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- EINA_MAGIC_SET(it, EINA_MAGIC_HASH_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(it, EINA_MAGIC_HASH_ITERATOR);
- return &it->iterator;
+ return &it->iterator;
}
/**
@@ -1785,36 +1762,34 @@ eina_hash_iterator_data_new(const Eina_Hash *hash)
* invalid! That is, if you add or remove items this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_hash_iterator_key_new(const Eina_Hash *hash)
+EAPI Eina_Iterator *eina_hash_iterator_key_new(const Eina_Hash * hash)
{
- Eina_Iterator_Hash *it;
+ Eina_Iterator_Hash *it;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
+ EINA_MAGIC_CHECK_HASH(hash);
- eina_error_set(0);
- it = calloc(1, sizeof (Eina_Iterator_Hash));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ it = calloc(1, sizeof(Eina_Iterator_Hash));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- it->hash = hash;
- it->get_content = FUNC_ITERATOR_GET_CONTENT(
- _eina_hash_iterator_key_get_content);
+ it->hash = hash;
+ it->get_content =
+ FUNC_ITERATOR_GET_CONTENT(_eina_hash_iterator_key_get_content);
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(_eina_hash_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _eina_hash_iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(_eina_hash_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(_eina_hash_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(_eina_hash_iterator_get_container);
+ it->iterator.free = FUNC_ITERATOR_FREE(_eina_hash_iterator_free);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- EINA_MAGIC_SET(it, EINA_MAGIC_HASH_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(it, EINA_MAGIC_HASH_ITERATOR);
- return &it->iterator;
+ return &it->iterator;
}
/**
@@ -1839,92 +1814,88 @@ eina_hash_iterator_key_new(const Eina_Hash *hash)
* invalid! That is, if you add or remove items this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_hash_iterator_tuple_new(const Eina_Hash *hash)
+EAPI Eina_Iterator *eina_hash_iterator_tuple_new(const Eina_Hash * hash)
{
- Eina_Iterator_Hash *it;
+ Eina_Iterator_Hash *it;
- EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
- EINA_MAGIC_CHECK_HASH(hash);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(hash, NULL);
+ EINA_MAGIC_CHECK_HASH(hash);
- eina_error_set(0);
- it = calloc(1, sizeof (Eina_Iterator_Hash));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ it = calloc(1, sizeof(Eina_Iterator_Hash));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- it->hash = hash;
- it->get_content = FUNC_ITERATOR_GET_CONTENT(
- _eina_hash_iterator_tuple_get_content);
+ it->hash = hash;
+ it->get_content =
+ FUNC_ITERATOR_GET_CONTENT
+ (_eina_hash_iterator_tuple_get_content);
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(_eina_hash_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _eina_hash_iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(_eina_hash_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(_eina_hash_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(_eina_hash_iterator_get_container);
+ it->iterator.free = FUNC_ITERATOR_FREE(_eina_hash_iterator_free);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- EINA_MAGIC_SET(it, EINA_MAGIC_HASH_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(it, EINA_MAGIC_HASH_ITERATOR);
- return &it->iterator;
+ return &it->iterator;
}
/* Common hash functions */
/* Paul Hsieh (http://www.azillionmonkeys.com/qed/hash.html)
used by WebCore (http://webkit.org/blog/8/hashtables-part-2/) */
-EAPI int
-eina_hash_superfast(const char *key, int len)
-{
- int hash = len, tmp;
- int rem;
-
- rem = len & 3;
- len >>= 2;
-
- /* Main loop */
- for (; len > 0; len--)
- {
- hash += get16bits(key);
- tmp = (get16bits(key + 2) << 11) ^ hash;
- hash = (hash << 16) ^ tmp;
- key += 2 * sizeof (uint16_t);
- hash += hash >> 11;
- }
-
- /* Handle end cases */
- switch (rem)
- {
- case 3:
- hash += get16bits(key);
- hash ^= hash << 16;
- hash ^= key[sizeof (uint16_t)] << 18;
- hash += hash >> 11;
- break;
-
- case 2:
- hash += get16bits(key);
- hash ^= hash << 11;
- hash += hash >> 17;
- break;
-
- case 1:
- hash += *key;
- hash ^= hash << 10;
- hash += hash >> 1;
- }
-
- /* Force "avalanching" of final 127 bits */
- hash ^= hash << 3;
- hash += hash >> 5;
- hash ^= hash << 4;
- hash += hash >> 17;
- hash ^= hash << 25;
- hash += hash >> 6;
-
- return hash;
+EAPI int eina_hash_superfast(const char *key, int len)
+{
+ int hash = len, tmp;
+ int rem;
+
+ rem = len & 3;
+ len >>= 2;
+
+ /* Main loop */
+ for (; len > 0; len--) {
+ hash += get16bits(key);
+ tmp = (get16bits(key + 2) << 11) ^ hash;
+ hash = (hash << 16) ^ tmp;
+ key += 2 * sizeof(uint16_t);
+ hash += hash >> 11;
+ }
+
+ /* Handle end cases */
+ switch (rem) {
+ case 3:
+ hash += get16bits(key);
+ hash ^= hash << 16;
+ hash ^= key[sizeof(uint16_t)] << 18;
+ hash += hash >> 11;
+ break;
+
+ case 2:
+ hash += get16bits(key);
+ hash ^= hash << 11;
+ hash += hash >> 17;
+ break;
+
+ case 1:
+ hash += *key;
+ hash ^= hash << 10;
+ hash += hash >> 1;
+ }
+
+ /* Force "avalanching" of final 127 bits */
+ hash ^= hash << 3;
+ hash += hash >> 5;
+ hash ^= hash << 4;
+ hash += hash >> 17;
+ hash ^= hash << 25;
+ hash += hash >> 6;
+
+ return hash;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_inlist.c b/tests/suite/ecore/src/lib/eina_inlist.c
index 9ebc6233c4..a8f65ce624 100644
--- a/tests/suite/ecore/src/lib/eina_inlist.c
+++ b/tests/suite/ecore/src/lib/eina_inlist.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -44,100 +44,94 @@
typedef struct _Eina_Iterator_Inlist Eina_Iterator_Inlist;
typedef struct _Eina_Accessor_Inlist Eina_Accessor_Inlist;
-struct _Eina_Iterator_Inlist
-{
- Eina_Iterator iterator;
- const Eina_Inlist *head;
- const Eina_Inlist *current;
+struct _Eina_Iterator_Inlist {
+ Eina_Iterator iterator;
+ const Eina_Inlist *head;
+ const Eina_Inlist *current;
};
-struct _Eina_Accessor_Inlist
-{
- Eina_Accessor accessor;
+struct _Eina_Accessor_Inlist {
+ Eina_Accessor accessor;
- const Eina_Inlist *head;
- const Eina_Inlist *current;
+ const Eina_Inlist *head;
+ const Eina_Inlist *current;
- unsigned int index;
+ unsigned int index;
};
static Eina_Bool
-eina_inlist_iterator_next(Eina_Iterator_Inlist *it, void **data) {
- if (!it->current)
- return EINA_FALSE;
+eina_inlist_iterator_next(Eina_Iterator_Inlist * it, void **data)
+{
+ if (!it->current)
+ return EINA_FALSE;
- if (data)
- *data = (void *)it->current;
+ if (data)
+ *data = (void *) it->current;
- it->current = it->current->next;
+ it->current = it->current->next;
- return EINA_TRUE;
+ return EINA_TRUE;
}
-static Eina_Inlist *
-eina_inlist_iterator_get_container(Eina_Iterator_Inlist *it) {
- return (Eina_Inlist *)it->head;
+static Eina_Inlist *eina_inlist_iterator_get_container(Eina_Iterator_Inlist
+ * it)
+{
+ return (Eina_Inlist *) it->head;
}
-static void
-eina_inlist_iterator_free(Eina_Iterator_Inlist *it) {
- free(it);
+static void eina_inlist_iterator_free(Eina_Iterator_Inlist * it)
+{
+ free(it);
}
static Eina_Bool
-eina_inlist_accessor_get_at(Eina_Accessor_Inlist *it,
- unsigned int idx,
- void **data) {
- const Eina_Inlist *over;
- unsigned int middle;
- unsigned int i;
-
- if (it->index == idx)
- over = it->current;
- else if (idx > it->index)
- /* Looking after current. */
- for (i = it->index, over = it->current;
- i < idx && over;
- ++i, over = over->next)
- ;
- else
- {
- middle = it->index >> 1;
-
- if (idx > middle)
- /* Looking backward from current. */
- for (i = it->index, over = it->current;
- i > idx && over;
- --i, over = over->prev)
- ;
- else
- /* Looking from the start. */
- for (i = 0, over = it->head;
- i < idx && over;
- ++i, over = over->next)
- ;
- }
-
- if (!over)
- return EINA_FALSE;
-
- it->current = over;
- it->index = idx;
-
- if (data)
- *data = (void *)over;
-
- return EINA_TRUE;
+eina_inlist_accessor_get_at(Eina_Accessor_Inlist * it,
+ unsigned int idx, void **data)
+{
+ const Eina_Inlist *over;
+ unsigned int middle;
+ unsigned int i;
+
+ if (it->index == idx)
+ over = it->current;
+ else if (idx > it->index)
+ /* Looking after current. */
+ for (i = it->index, over = it->current;
+ i < idx && over; ++i, over = over->next);
+ else {
+ middle = it->index >> 1;
+
+ if (idx > middle)
+ /* Looking backward from current. */
+ for (i = it->index, over = it->current;
+ i > idx && over; --i, over = over->prev);
+ else
+ /* Looking from the start. */
+ for (i = 0, over = it->head;
+ i < idx && over; ++i, over = over->next);
+ }
+
+ if (!over)
+ return EINA_FALSE;
+
+ it->current = over;
+ it->index = idx;
+
+ if (data)
+ *data = (void *) over;
+
+ return EINA_TRUE;
}
-static Eina_Inlist *
-eina_inlist_accessor_get_container(Eina_Accessor_Inlist *it) {
- return (Eina_Inlist *)it->head;
+static Eina_Inlist *eina_inlist_accessor_get_container(Eina_Accessor_Inlist
+ * it)
+{
+ return (Eina_Inlist *) it->head;
}
-static void
-eina_inlist_accessor_free(Eina_Accessor_Inlist *it) {
- free(it);
+static void eina_inlist_accessor_free(Eina_Accessor_Inlist * it)
+{
+ free(it);
}
/**
@@ -243,31 +237,29 @@ eina_inlist_accessor_free(Eina_Accessor_Inlist *it) {
*
* @return the new list head. Use it and not given @a list anymore.
*/
-EAPI Eina_Inlist *
-eina_inlist_append(Eina_Inlist *list, Eina_Inlist *new_l)
+EAPI Eina_Inlist *eina_inlist_append(Eina_Inlist * list,
+ Eina_Inlist * new_l)
{
- Eina_Inlist *l;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(new_l, list);
-
- new_l->next = NULL;
- if (!list)
- {
- new_l->prev = NULL;
- new_l->last = new_l;
- return new_l;
- }
-
- if (list->last)
- l = list->last;
- else
- for (l = list; (l) && (l->next); l = l->next)
- ;
-
- l->next = new_l;
- new_l->prev = l;
- list->last = new_l;
- return list;
+ Eina_Inlist *l;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(new_l, list);
+
+ new_l->next = NULL;
+ if (!list) {
+ new_l->prev = NULL;
+ new_l->last = new_l;
+ return new_l;
+ }
+
+ if (list->last)
+ l = list->last;
+ else
+ for (l = list; (l) && (l->next); l = l->next);
+
+ l->next = new_l;
+ new_l->prev = l;
+ list->last = new_l;
+ return list;
}
/**
@@ -286,24 +278,23 @@ eina_inlist_append(Eina_Inlist *list, Eina_Inlist *new_l)
*
* @return the new list head. Use it and not given @a list anymore.
*/
-EAPI Eina_Inlist *
-eina_inlist_prepend(Eina_Inlist *list, Eina_Inlist *new_l)
+EAPI Eina_Inlist *eina_inlist_prepend(Eina_Inlist * list,
+ Eina_Inlist * new_l)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(new_l, list);
-
- new_l->prev = NULL;
- if (!list)
- {
- new_l->next = NULL;
- new_l->last = new_l;
- return new_l;
- }
-
- new_l->next = list;
- list->prev = new_l;
- new_l->last = list->last;
- list->last = NULL;
- return new_l;
+ EINA_SAFETY_ON_NULL_RETURN_VAL(new_l, list);
+
+ new_l->prev = NULL;
+ if (!list) {
+ new_l->next = NULL;
+ new_l->last = new_l;
+ return new_l;
+ }
+
+ new_l->next = list;
+ list->prev = new_l;
+ new_l->last = list->last;
+ list->last = NULL;
+ return new_l;
}
/**
@@ -328,32 +319,28 @@ eina_inlist_prepend(Eina_Inlist *list, Eina_Inlist *new_l)
*
* @return the new list head. Use it and not given @a list anymore.
*/
-EAPI Eina_Inlist *
-eina_inlist_append_relative(Eina_Inlist *list,
- Eina_Inlist *new_l,
- Eina_Inlist *relative)
+EAPI Eina_Inlist *eina_inlist_append_relative(Eina_Inlist * list,
+ Eina_Inlist * new_l,
+ Eina_Inlist * relative)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(new_l, list);
-
- if (relative)
- {
- if (relative->next)
- {
- new_l->next = relative->next;
- relative->next->prev = new_l;
- }
- else
- new_l->next = NULL;
-
- relative->next = new_l;
- new_l->prev = relative;
- if (!new_l->next)
- list->last = new_l;
-
- return list;
- }
-
- return eina_inlist_append(list, new_l);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(new_l, list);
+
+ if (relative) {
+ if (relative->next) {
+ new_l->next = relative->next;
+ relative->next->prev = new_l;
+ } else
+ new_l->next = NULL;
+
+ relative->next = new_l;
+ new_l->prev = relative;
+ if (!new_l->next)
+ list->last = new_l;
+
+ return list;
+ }
+
+ return eina_inlist_append(list, new_l);
}
/**
@@ -378,37 +365,32 @@ eina_inlist_append_relative(Eina_Inlist *list,
*
* @return the new list head. Use it and not given @a list anymore.
*/
-EAPI Eina_Inlist *
-eina_inlist_prepend_relative(Eina_Inlist *list,
- Eina_Inlist *new_l,
- Eina_Inlist *relative)
+EAPI Eina_Inlist *eina_inlist_prepend_relative(Eina_Inlist * list,
+ Eina_Inlist * new_l,
+ Eina_Inlist * relative)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(new_l, list);
-
- if (relative)
- {
- new_l->prev = relative->prev;
- new_l->next = relative;
- relative->prev = new_l;
- if (new_l->prev)
- {
- new_l->prev->next = new_l;
- /* new_l->next could not be NULL, as it was set to 'relative' */
- assert(new_l->next);
- return list;
- }
- else
- {
- /* new_l->next could not be NULL, as it was set to 'relative' */
- assert(new_l->next);
-
- new_l->last = list->last;
- list->last = NULL;
- return new_l;
- }
- }
-
- return eina_inlist_prepend(list, new_l);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(new_l, list);
+
+ if (relative) {
+ new_l->prev = relative->prev;
+ new_l->next = relative;
+ relative->prev = new_l;
+ if (new_l->prev) {
+ new_l->prev->next = new_l;
+ /* new_l->next could not be NULL, as it was set to 'relative' */
+ assert(new_l->next);
+ return list;
+ } else {
+ /* new_l->next could not be NULL, as it was set to 'relative' */
+ assert(new_l->next);
+
+ new_l->last = list->last;
+ list->last = NULL;
+ return new_l;
+ }
+ }
+
+ return eina_inlist_prepend(list, new_l);
}
/**
@@ -428,38 +410,35 @@ eina_inlist_prepend_relative(Eina_Inlist *list,
*
* @return the new list head. Use it and not given @a list anymore.
*/
-EAPI Eina_Inlist *
-eina_inlist_remove(Eina_Inlist *list, Eina_Inlist *item)
+EAPI Eina_Inlist *eina_inlist_remove(Eina_Inlist * list,
+ Eina_Inlist * item)
{
- Eina_Inlist *return_l;
-
- /* checkme */
- EINA_SAFETY_ON_NULL_RETURN_VAL(list, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(item, list);
- EINA_SAFETY_ON_TRUE_RETURN_VAL
- ((item != list) && (!item->prev) && (!item->next), list);
-
- if (item->next)
- item->next->prev = item->prev;
-
- if (item->prev)
- {
- item->prev->next = item->next;
- return_l = list;
- }
- else
- {
- return_l = item->next;
- if (return_l)
- return_l->last = list->last;
- }
-
- if (item == list->last)
- list->last = item->prev;
-
- item->next = NULL;
- item->prev = NULL;
- return return_l;
+ Eina_Inlist *return_l;
+
+ /* checkme */
+ EINA_SAFETY_ON_NULL_RETURN_VAL(list, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(item, list);
+ EINA_SAFETY_ON_TRUE_RETURN_VAL
+ ((item != list) && (!item->prev) && (!item->next), list);
+
+ if (item->next)
+ item->next->prev = item->prev;
+
+ if (item->prev) {
+ item->prev->next = item->next;
+ return_l = list;
+ } else {
+ return_l = item->next;
+ if (return_l)
+ return_l->last = list->last;
+ }
+
+ if (item == list->last)
+ list->last = item->prev;
+
+ item->next = NULL;
+ item->prev = NULL;
+ return return_l;
}
/**
@@ -477,31 +456,31 @@ eina_inlist_remove(Eina_Inlist *list, Eina_Inlist *item)
*
* @return the new list head. Use it and not given @a list anymore.
*/
-EAPI Eina_Inlist *
-eina_inlist_promote(Eina_Inlist *list, Eina_Inlist *item)
+EAPI Eina_Inlist *eina_inlist_promote(Eina_Inlist * list,
+ Eina_Inlist * item)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(list, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(item, list);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(list, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(item, list);
- if (item == list)
- return list;
+ if (item == list)
+ return list;
- if (item->next)
- item->next->prev = item->prev;
+ if (item->next)
+ item->next->prev = item->prev;
- item->prev->next = item->next;
+ item->prev->next = item->next;
- if (list->last == item)
- list->last = item->prev;
+ if (list->last == item)
+ list->last = item->prev;
- item->next = list;
- item->prev = NULL;
- item->last = list->last;
+ item->next = list;
+ item->prev = NULL;
+ item->last = list->last;
- list->prev = item;
- list->last = NULL;
+ list->prev = item;
+ list->last = NULL;
- return item;
+ return item;
}
/**
@@ -519,38 +498,36 @@ eina_inlist_promote(Eina_Inlist *list, Eina_Inlist *item)
*
* @return the new list head. Use it and not given @a list anymore.
*/
-EAPI Eina_Inlist *
-eina_inlist_demote(Eina_Inlist *list, Eina_Inlist *item)
+EAPI Eina_Inlist *eina_inlist_demote(Eina_Inlist * list,
+ Eina_Inlist * item)
{
- Eina_Inlist *l;
+ Eina_Inlist *l;
- EINA_SAFETY_ON_NULL_RETURN_VAL(list, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(item, list);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(list, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(item, list);
- if (list->last == item)
- return list;
+ if (list->last == item)
+ return list;
- if (!list->last)
- {
- for (l = list; l->next; l = l->next)
- ;
- list->last = l;
- }
+ if (!list->last) {
+ for (l = list; l->next; l = l->next);
+ list->last = l;
+ }
- l = list;
- if (item->prev)
- item->prev->next = item->next;
- else
- l = item->next;
+ l = list;
+ if (item->prev)
+ item->prev->next = item->next;
+ else
+ l = item->next;
- item->next->prev = item->prev;
+ item->next->prev = item->prev;
- list->last->next = item;
- item->prev = list->last;
- item->next = NULL;
+ list->last->next = item;
+ item->prev = list->last;
+ item->next = NULL;
- l->last = item;
- return l;
+ l->last = item;
+ return l;
}
/**
@@ -564,16 +541,15 @@ eina_inlist_demote(Eina_Inlist *list, Eina_Inlist *item)
*
* @return @a item if found, NULL if not.
*/
-EAPI Eina_Inlist *
-eina_inlist_find(Eina_Inlist *list, Eina_Inlist *item)
+EAPI Eina_Inlist *eina_inlist_find(Eina_Inlist * list, Eina_Inlist * item)
{
- Eina_Inlist *l;
+ Eina_Inlist *l;
- for (l = list; l; l = l->next) {
- if (l == item)
- return item;
- }
- return NULL;
+ for (l = list; l; l = l->next) {
+ if (l == item)
+ return item;
+ }
+ return NULL;
}
/**
@@ -589,16 +565,15 @@ eina_inlist_find(Eina_Inlist *list, Eina_Inlist *item)
* on the number of elements on the list, that is, it might become
* slow for big lists!
*/
-EAPI unsigned int
-eina_inlist_count(const Eina_Inlist *list)
+EAPI unsigned int eina_inlist_count(const Eina_Inlist * list)
{
- const Eina_Inlist *l;
- unsigned int i = 0;
+ const Eina_Inlist *l;
+ unsigned int i = 0;
- for (l = list; l; l = l->next)
- i++;
+ for (l = list; l; l = l->next)
+ i++;
- return i;
+ return i;
}
/**
@@ -621,31 +596,30 @@ eina_inlist_count(const Eina_Inlist *list)
* invalid! That is, if you add or remove nodes this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_inlist_iterator_new(const Eina_Inlist *list)
+EAPI Eina_Iterator *eina_inlist_iterator_new(const Eina_Inlist * list)
{
- Eina_Iterator_Inlist *it;
+ Eina_Iterator_Inlist *it;
- eina_error_set(0);
- it = calloc(1, sizeof (Eina_Iterator_Inlist));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ it = calloc(1, sizeof(Eina_Iterator_Inlist));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- it->head = list;
- it->current = list;
+ it->head = list;
+ it->current = list;
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(eina_inlist_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- eina_inlist_iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(eina_inlist_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(eina_inlist_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER
+ (eina_inlist_iterator_get_container);
+ it->iterator.free = FUNC_ITERATOR_FREE(eina_inlist_iterator_free);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- return &it->iterator;
+ return &it->iterator;
}
/**
@@ -660,32 +634,32 @@ eina_inlist_iterator_new(const Eina_Inlist *list)
* not be allocated, NULL is returned and #EINA_ERROR_OUT_OF_MEMORY is
* set. Otherwise, a valid accessor is returned.
*/
-EAPI Eina_Accessor *
-eina_inlist_accessor_new(const Eina_Inlist *list)
+EAPI Eina_Accessor *eina_inlist_accessor_new(const Eina_Inlist * list)
{
- Eina_Accessor_Inlist *ac;
-
- eina_error_set(0);
- ac = calloc(1, sizeof (Eina_Accessor_Inlist));
- if (!ac)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
-
- ac->head = list;
- ac->current = list;
- ac->index = 0;
-
- ac->accessor.version = EINA_ACCESSOR_VERSION;
- ac->accessor.get_at = FUNC_ACCESSOR_GET_AT(eina_inlist_accessor_get_at);
- ac->accessor.get_container = FUNC_ACCESSOR_GET_CONTAINER(
- eina_inlist_accessor_get_container);
- ac->accessor.free = FUNC_ACCESSOR_FREE(eina_inlist_accessor_free);
-
- EINA_MAGIC_SET(&ac->accessor, EINA_MAGIC_ACCESSOR);
-
- return &ac->accessor;
+ Eina_Accessor_Inlist *ac;
+
+ eina_error_set(0);
+ ac = calloc(1, sizeof(Eina_Accessor_Inlist));
+ if (!ac) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+
+ ac->head = list;
+ ac->current = list;
+ ac->index = 0;
+
+ ac->accessor.version = EINA_ACCESSOR_VERSION;
+ ac->accessor.get_at =
+ FUNC_ACCESSOR_GET_AT(eina_inlist_accessor_get_at);
+ ac->accessor.get_container =
+ FUNC_ACCESSOR_GET_CONTAINER
+ (eina_inlist_accessor_get_container);
+ ac->accessor.free = FUNC_ACCESSOR_FREE(eina_inlist_accessor_free);
+
+ EINA_MAGIC_SET(&ac->accessor, EINA_MAGIC_ACCESSOR);
+
+ return &ac->accessor;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_iterator.c b/tests/suite/ecore/src/lib/eina_iterator.c
index 66dbbf4ee7..7389319519 100644
--- a/tests/suite/ecore/src/lib/eina_iterator.c
+++ b/tests/suite/ecore/src/lib/eina_iterator.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -65,10 +65,10 @@ static const char EINA_MAGIC_ITERATOR_STR[] = "Eina Iterator";
*
* @see eina_init()
*/
-Eina_Bool
-eina_iterator_init(void)
+Eina_Bool eina_iterator_init(void)
{
- return eina_magic_string_set(EINA_MAGIC_ITERATOR, EINA_MAGIC_ITERATOR_STR);
+ return eina_magic_string_set(EINA_MAGIC_ITERATOR,
+ EINA_MAGIC_ITERATOR_STR);
}
/**
@@ -82,10 +82,9 @@ eina_iterator_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_iterator_shutdown(void)
+Eina_Bool eina_iterator_shutdown(void)
{
- return EINA_TRUE;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -119,13 +118,12 @@ eina_iterator_shutdown(void)
*
* This function frees @p iterator if it is not @c NULL;
*/
-EAPI void
-eina_iterator_free(Eina_Iterator *iterator)
+EAPI void eina_iterator_free(Eina_Iterator * iterator)
{
- EINA_MAGIC_CHECK_ITERATOR(iterator);
- EINA_SAFETY_ON_NULL_RETURN(iterator);
- EINA_SAFETY_ON_NULL_RETURN(iterator->free);
- iterator->free(iterator);
+ EINA_MAGIC_CHECK_ITERATOR(iterator);
+ EINA_SAFETY_ON_NULL_RETURN(iterator);
+ EINA_SAFETY_ON_NULL_RETURN(iterator->free);
+ iterator->free(iterator);
}
/**
@@ -137,13 +135,12 @@ eina_iterator_free(Eina_Iterator *iterator)
* This function returns the container which created @p iterator. If
* @p iterator is @c NULL, this function returns @c NULL.
*/
-EAPI void *
-eina_iterator_container_get(Eina_Iterator *iterator)
+EAPI void *eina_iterator_container_get(Eina_Iterator * iterator)
{
- EINA_MAGIC_CHECK_ITERATOR(iterator);
- EINA_SAFETY_ON_NULL_RETURN_VAL(iterator, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(iterator->get_container, NULL);
- return iterator->get_container(iterator);
+ EINA_MAGIC_CHECK_ITERATOR(iterator);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(iterator, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(iterator->get_container, NULL);
+ return iterator->get_container(iterator);
}
/**
@@ -158,17 +155,16 @@ eina_iterator_container_get(Eina_Iterator *iterator)
* iterator is @c NULL or if a problem occurred, #EINA_FALSE is
* returned, otherwise #EINA_TRUE is returned.
*/
-EAPI Eina_Bool
-eina_iterator_next(Eina_Iterator *iterator, void **data)
+EAPI Eina_Bool eina_iterator_next(Eina_Iterator * iterator, void **data)
{
- if (!iterator)
- return EINA_FALSE;
-
- EINA_MAGIC_CHECK_ITERATOR(iterator);
- EINA_SAFETY_ON_NULL_RETURN_VAL(iterator, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(iterator->next, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
- return iterator->next(iterator, data);
+ if (!iterator)
+ return EINA_FALSE;
+
+ EINA_MAGIC_CHECK_ITERATOR(iterator);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(iterator, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(iterator->next, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(data, EINA_FALSE);
+ return iterator->next(iterator, data);
}
/**
@@ -185,29 +181,29 @@ eina_iterator_next(Eina_Iterator *iterator, void **data)
* EINA_FALSE, the iteration stops at that point.
*/
EAPI void
-eina_iterator_foreach(Eina_Iterator *iterator,
- Eina_Each_Cb cb,
- const void *fdata)
+eina_iterator_foreach(Eina_Iterator * iterator,
+ Eina_Each_Cb cb, const void *fdata)
{
- const void *container;
- void *data;
-
- EINA_MAGIC_CHECK_ITERATOR(iterator);
- EINA_SAFETY_ON_NULL_RETURN(iterator);
- EINA_SAFETY_ON_NULL_RETURN(iterator->get_container);
- EINA_SAFETY_ON_NULL_RETURN(iterator->next);
- EINA_SAFETY_ON_NULL_RETURN(cb);
-
- if (!eina_iterator_lock(iterator)) return ;
-
- container = iterator->get_container(iterator);
- while (iterator->next(iterator, &data) == EINA_TRUE) {
- if (cb(container, data, (void *)fdata) != EINA_TRUE)
- goto on_exit;
- }
-
- on_exit:
- (void) eina_iterator_unlock(iterator);
+ const void *container;
+ void *data;
+
+ EINA_MAGIC_CHECK_ITERATOR(iterator);
+ EINA_SAFETY_ON_NULL_RETURN(iterator);
+ EINA_SAFETY_ON_NULL_RETURN(iterator->get_container);
+ EINA_SAFETY_ON_NULL_RETURN(iterator->next);
+ EINA_SAFETY_ON_NULL_RETURN(cb);
+
+ if (!eina_iterator_lock(iterator))
+ return;
+
+ container = iterator->get_container(iterator);
+ while (iterator->next(iterator, &data) == EINA_TRUE) {
+ if (cb(container, data, (void *) fdata) != EINA_TRUE)
+ goto on_exit;
+ }
+
+ on_exit:
+ (void) eina_iterator_unlock(iterator);
}
/**
@@ -221,15 +217,14 @@ eina_iterator_foreach(Eina_Iterator *iterator,
* returned, otherwise #EINA_TRUE is returned. If the container
* is not lockable, it will return EINA_TRUE.
*/
-EAPI Eina_Bool
-eina_iterator_lock(Eina_Iterator *iterator)
+EAPI Eina_Bool eina_iterator_lock(Eina_Iterator * iterator)
{
- EINA_MAGIC_CHECK_ITERATOR(iterator);
- EINA_SAFETY_ON_NULL_RETURN_VAL(iterator, EINA_FALSE);
+ EINA_MAGIC_CHECK_ITERATOR(iterator);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(iterator, EINA_FALSE);
- if (iterator->lock)
- return iterator->lock(iterator);
- return EINA_TRUE;
+ if (iterator->lock)
+ return iterator->lock(iterator);
+ return EINA_TRUE;
}
/**
@@ -244,15 +239,14 @@ eina_iterator_lock(Eina_Iterator *iterator)
* is returned. If the container is not lockable, it will return
* EINA_TRUE.
*/
-EAPI Eina_Bool
-eina_iterator_unlock(Eina_Iterator *iterator)
+EAPI Eina_Bool eina_iterator_unlock(Eina_Iterator * iterator)
{
- EINA_MAGIC_CHECK_ITERATOR(iterator);
- EINA_SAFETY_ON_NULL_RETURN_VAL(iterator, EINA_FALSE);
+ EINA_MAGIC_CHECK_ITERATOR(iterator);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(iterator, EINA_FALSE);
- if (iterator->unlock)
- return iterator->unlock(iterator);
- return EINA_TRUE;
+ if (iterator->unlock)
+ return iterator->unlock(iterator);
+ return EINA_TRUE;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_lalloc.c b/tests/suite/ecore/src/lib/eina_lalloc.c
index b1e62b7420..a902d7623d 100644
--- a/tests/suite/ecore/src/lib/eina_lalloc.c
+++ b/tests/suite/ecore/src/lib/eina_lalloc.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -37,14 +37,13 @@
* @cond LOCAL
*/
-struct _Eina_Lalloc
-{
- void *data;
- int num_allocated;
- int num_elements;
- int acc;
- Eina_Lalloc_Alloc alloc_cb;
- Eina_Lalloc_Free free_cb;
+struct _Eina_Lalloc {
+ void *data;
+ int num_allocated;
+ int num_elements;
+ int acc;
+ Eina_Lalloc_Alloc alloc_cb;
+ Eina_Lalloc_Free free_cb;
};
/**
@@ -66,91 +65,82 @@ struct _Eina_Lalloc
*/
EAPI Eina_Lalloc *eina_lalloc_new(void *data,
- Eina_Lalloc_Alloc alloc_cb,
- Eina_Lalloc_Free free_cb,
- int num_init)
+ Eina_Lalloc_Alloc alloc_cb,
+ Eina_Lalloc_Free free_cb, int num_init)
{
- Eina_Lalloc *a;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(alloc_cb, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(free_cb, NULL);
-
- a = calloc(1, sizeof(Eina_Lalloc));
- a->data = data;
- a->alloc_cb = alloc_cb;
- a->free_cb = free_cb;
- if (num_init > 0)
- {
- a->num_allocated = num_init;
- a->alloc_cb(a->data, a->num_allocated);
- }
-
- return a;
+ Eina_Lalloc *a;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(alloc_cb, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(free_cb, NULL);
+
+ a = calloc(1, sizeof(Eina_Lalloc));
+ a->data = data;
+ a->alloc_cb = alloc_cb;
+ a->free_cb = free_cb;
+ if (num_init > 0) {
+ a->num_allocated = num_init;
+ a->alloc_cb(a->data, a->num_allocated);
+ }
+
+ return a;
}
-EAPI void eina_lalloc_free(Eina_Lalloc *a)
+EAPI void eina_lalloc_free(Eina_Lalloc * a)
{
- EINA_SAFETY_ON_NULL_RETURN(a);
- EINA_SAFETY_ON_NULL_RETURN(a->free_cb);
- a->free_cb(a->data);
- free(a);
+ EINA_SAFETY_ON_NULL_RETURN(a);
+ EINA_SAFETY_ON_NULL_RETURN(a->free_cb);
+ a->free_cb(a->data);
+ free(a);
}
-EAPI Eina_Bool eina_lalloc_element_add(Eina_Lalloc *a)
+EAPI Eina_Bool eina_lalloc_element_add(Eina_Lalloc * a)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(a, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(a->alloc_cb, EINA_FALSE);
-
- if (a->num_elements == a->num_allocated)
- {
- if (a->alloc_cb(a->data, (1 << a->acc)) == EINA_TRUE)
- {
- a->num_allocated = (1 << a->acc);
- a->acc++;
- }
- else
- return EINA_FALSE;
- }
-
- a->num_elements++;
-
- return EINA_TRUE;
+ EINA_SAFETY_ON_NULL_RETURN_VAL(a, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(a->alloc_cb, EINA_FALSE);
+
+ if (a->num_elements == a->num_allocated) {
+ if (a->alloc_cb(a->data, (1 << a->acc)) == EINA_TRUE) {
+ a->num_allocated = (1 << a->acc);
+ a->acc++;
+ } else
+ return EINA_FALSE;
+ }
+
+ a->num_elements++;
+
+ return EINA_TRUE;
}
-EAPI Eina_Bool eina_lalloc_elements_add(Eina_Lalloc *a, int num)
+EAPI Eina_Bool eina_lalloc_elements_add(Eina_Lalloc * a, int num)
{
- int tmp;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(a, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(a->alloc_cb, EINA_FALSE);
-
- tmp = a->num_elements + num;
- if (tmp > a->num_allocated)
- {
- int allocated;
- int acc;
-
- allocated = a->num_allocated;
- acc = a->acc;
-
- while (tmp > allocated)
- {
- allocated = (1 << acc);
- acc++;
- }
-
- if (a->alloc_cb(a->data, allocated) == EINA_TRUE)
- {
- a->num_allocated = allocated;
- a->acc = acc;
- }
- else
- return EINA_FALSE;
- }
-
- a->num_elements += num;
-
- return EINA_TRUE;
+ int tmp;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(a, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(a->alloc_cb, EINA_FALSE);
+
+ tmp = a->num_elements + num;
+ if (tmp > a->num_allocated) {
+ int allocated;
+ int acc;
+
+ allocated = a->num_allocated;
+ acc = a->acc;
+
+ while (tmp > allocated) {
+ allocated = (1 << acc);
+ acc++;
+ }
+
+ if (a->alloc_cb(a->data, allocated) == EINA_TRUE) {
+ a->num_allocated = allocated;
+ a->acc = acc;
+ } else
+ return EINA_FALSE;
+ }
+
+ a->num_elements += num;
+
+ return EINA_TRUE;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_list.c b/tests/suite/ecore/src/lib/eina_list.c
index e301476f27..b8901c6644 100644
--- a/tests/suite/ecore/src/lib/eina_list.c
+++ b/tests/suite/ecore/src/lib/eina_list.c
@@ -61,7 +61,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -69,7 +69,7 @@
#include <string.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -94,7 +94,8 @@
static const char EINA_MAGIC_LIST_STR[] = "Eina List";
static const char EINA_MAGIC_LIST_ITERATOR_STR[] = "Eina List Iterator";
static const char EINA_MAGIC_LIST_ACCESSOR_STR[] = "Eina List Accessor";
-static const char EINA_MAGIC_LIST_ACCOUNTING_STR[] = "Eina List Accounting";
+static const char EINA_MAGIC_LIST_ACCOUNTING_STR[] =
+ "Eina List Accounting";
#define EINA_MAGIC_CHECK_LIST(d, ...) \
@@ -138,27 +139,23 @@ static const char EINA_MAGIC_LIST_ACCOUNTING_STR[] = "Eina List Accounting";
typedef struct _Eina_Iterator_List Eina_Iterator_List;
typedef struct _Eina_Accessor_List Eina_Accessor_List;
-struct _Eina_Iterator_List
-{
- Eina_Iterator iterator;
+struct _Eina_Iterator_List {
+ Eina_Iterator iterator;
- const Eina_List *head;
- const Eina_List *current;
+ const Eina_List *head;
+ const Eina_List *current;
- EINA_MAGIC
-};
+ EINA_MAGIC};
-struct _Eina_Accessor_List
-{
- Eina_Accessor accessor;
+struct _Eina_Accessor_List {
+ Eina_Accessor accessor;
- const Eina_List *head;
- const Eina_List *current;
+ const Eina_List *head;
+ const Eina_List *current;
- unsigned int index;
+ unsigned int index;
- EINA_MAGIC
-};
+ EINA_MAGIC};
static Eina_Mempool *_eina_list_mp = NULL;
static Eina_Mempool *_eina_list_accounting_mp = NULL;
@@ -174,259 +171,248 @@ static int _eina_list_log_dom = -1;
#endif
#define DBG(...) EINA_LOG_DOM_DBG(_eina_list_log_dom, __VA_ARGS__)
-static inline Eina_List_Accounting *
-_eina_list_mempool_accounting_new(__UNUSED__ Eina_List *list)
+static inline Eina_List_Accounting
+ *_eina_list_mempool_accounting_new(__UNUSED__ Eina_List * list)
{
- Eina_List_Accounting *tmp;
+ Eina_List_Accounting *tmp;
- tmp =
- eina_mempool_malloc(_eina_list_accounting_mp,
- sizeof (Eina_List_Accounting));
- if (!tmp)
- return NULL;
+ tmp =
+ eina_mempool_malloc(_eina_list_accounting_mp,
+ sizeof(Eina_List_Accounting));
+ if (!tmp)
+ return NULL;
- EINA_MAGIC_SET(tmp, EINA_MAGIC_LIST_ACCOUNTING);
+ EINA_MAGIC_SET(tmp, EINA_MAGIC_LIST_ACCOUNTING);
- return tmp;
+ return tmp;
}
+
static inline void
-_eina_list_mempool_accounting_free(Eina_List_Accounting *accounting)
+_eina_list_mempool_accounting_free(Eina_List_Accounting * accounting)
{
- EINA_MAGIC_CHECK_LIST_ACCOUNTING(accounting);
+ EINA_MAGIC_CHECK_LIST_ACCOUNTING(accounting);
- EINA_MAGIC_SET(accounting, EINA_MAGIC_NONE);
- eina_mempool_free(_eina_list_accounting_mp, accounting);
+ EINA_MAGIC_SET(accounting, EINA_MAGIC_NONE);
+ eina_mempool_free(_eina_list_accounting_mp, accounting);
}
-static inline Eina_List *
-_eina_list_mempool_list_new(__UNUSED__ Eina_List *list)
+static inline Eina_List *_eina_list_mempool_list_new(__UNUSED__ Eina_List *
+ list)
{
- Eina_List *tmp;
+ Eina_List *tmp;
- tmp = eina_mempool_malloc(_eina_list_mp, sizeof (Eina_List));
- if (!tmp)
- return NULL;
+ tmp = eina_mempool_malloc(_eina_list_mp, sizeof(Eina_List));
+ if (!tmp)
+ return NULL;
- EINA_MAGIC_SET(tmp, EINA_MAGIC_LIST);
+ EINA_MAGIC_SET(tmp, EINA_MAGIC_LIST);
- return tmp;
+ return tmp;
}
-static inline void
-_eina_list_mempool_list_free(Eina_List *list)
+
+static inline void _eina_list_mempool_list_free(Eina_List * list)
{
- EINA_MAGIC_CHECK_LIST(list);
+ EINA_MAGIC_CHECK_LIST(list);
- list->accounting->count--;
- if (list->accounting->count == 0)
- _eina_list_mempool_accounting_free(list->accounting);
+ list->accounting->count--;
+ if (list->accounting->count == 0)
+ _eina_list_mempool_accounting_free(list->accounting);
- EINA_MAGIC_SET(list, EINA_MAGIC_NONE);
- eina_mempool_free(_eina_list_mp, list);
+ EINA_MAGIC_SET(list, EINA_MAGIC_NONE);
+ eina_mempool_free(_eina_list_mp, list);
}
-static Eina_List *
-_eina_list_setup_accounting(Eina_List *list)
+static Eina_List *_eina_list_setup_accounting(Eina_List * list)
{
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- list->accounting = _eina_list_mempool_accounting_new(list);
- if (!list->accounting)
- goto on_error;
+ list->accounting = _eina_list_mempool_accounting_new(list);
+ if (!list->accounting)
+ goto on_error;
- list->accounting->last = list;
- list->accounting->count = 1;
+ list->accounting->last = list;
+ list->accounting->count = 1;
- return list;
+ return list;
-on_error:
- _eina_list_mempool_list_free(list);
- return NULL;
+ on_error:
+ _eina_list_mempool_list_free(list);
+ return NULL;
}
static inline void
-_eina_list_update_accounting(Eina_List *list, Eina_List *new_list)
+_eina_list_update_accounting(Eina_List * list, Eina_List * new_list)
{
- EINA_MAGIC_CHECK_LIST(list);
- EINA_MAGIC_CHECK_LIST(new_list);
+ EINA_MAGIC_CHECK_LIST(list);
+ EINA_MAGIC_CHECK_LIST(new_list);
- list->accounting->count++;
- new_list->accounting = list->accounting;
+ list->accounting->count++;
+ new_list->accounting = list->accounting;
}
#if 0
-static Eina_Mempool2 _eina_list_mempool =
-{
- sizeof(Eina_List),
- 320,
- 0, NULL, NULL
+static Eina_Mempool2 _eina_list_mempool = {
+ sizeof(Eina_List),
+ 320,
+ 0, NULL, NULL
};
-static Eina_Mempool2 _eina_list_accounting_mempool =
-{
- sizeof(Eina_List_Accounting),
- 80,
- 0, NULL, NULL
+
+static Eina_Mempool2 _eina_list_accounting_mempool = {
+ sizeof(Eina_List_Accounting),
+ 80,
+ 0, NULL, NULL
};
#endif
static Eina_Bool
-eina_list_iterator_next(Eina_Iterator_List *it, void **data)
+eina_list_iterator_next(Eina_Iterator_List * it, void **data)
{
- EINA_MAGIC_CHECK_LIST_ITERATOR(it, EINA_FALSE);
+ EINA_MAGIC_CHECK_LIST_ITERATOR(it, EINA_FALSE);
- if (!it->current)
- return EINA_FALSE;
+ if (!it->current)
+ return EINA_FALSE;
- *data = eina_list_data_get(it->current);
+ *data = eina_list_data_get(it->current);
- it->current = eina_list_next(it->current);
+ it->current = eina_list_next(it->current);
- return EINA_TRUE;
+ return EINA_TRUE;
}
static Eina_Bool
-eina_list_iterator_prev(Eina_Iterator_List *it, void **data)
+eina_list_iterator_prev(Eina_Iterator_List * it, void **data)
{
- EINA_MAGIC_CHECK_LIST_ITERATOR(it, EINA_FALSE);
+ EINA_MAGIC_CHECK_LIST_ITERATOR(it, EINA_FALSE);
- if (!it->current)
- return EINA_FALSE;
+ if (!it->current)
+ return EINA_FALSE;
- *data = eina_list_data_get(it->current);
+ *data = eina_list_data_get(it->current);
- it->current = eina_list_prev(it->current);
+ it->current = eina_list_prev(it->current);
- return EINA_TRUE;
+ return EINA_TRUE;
}
-static Eina_List *
-eina_list_iterator_get_container(Eina_Iterator_List *it)
+static Eina_List *eina_list_iterator_get_container(Eina_Iterator_List * it)
{
- EINA_MAGIC_CHECK_LIST_ITERATOR(it, NULL);
+ EINA_MAGIC_CHECK_LIST_ITERATOR(it, NULL);
- return (Eina_List *)it->head;
+ return (Eina_List *) it->head;
}
-static void
-eina_list_iterator_free(Eina_Iterator_List *it)
+static void eina_list_iterator_free(Eina_Iterator_List * it)
{
- EINA_MAGIC_CHECK_LIST_ITERATOR(it);
+ EINA_MAGIC_CHECK_LIST_ITERATOR(it);
- MAGIC_FREE(it);
+ MAGIC_FREE(it);
}
static Eina_Bool
-eina_list_accessor_get_at(Eina_Accessor_List *it, unsigned int idx, void **data)
+eina_list_accessor_get_at(Eina_Accessor_List * it, unsigned int idx,
+ void **data)
{
- const Eina_List *over;
- unsigned int middle;
- unsigned int i;
-
- EINA_MAGIC_CHECK_LIST_ACCESSOR(it, EINA_FALSE);
-
- if (idx >= eina_list_count(it->head))
- return EINA_FALSE;
-
- if (it->index == idx)
- over = it->current;
- else if (idx > it->index)
- {
- /* After current position. */
- middle = ((eina_list_count(it->head) - it->index) >> 1) + it->index;
-
- if (idx > middle)
- /* Go backward from the end. */
- for (i = eina_list_count(it->head) - 1,
- over = eina_list_last(it->head);
- i > idx && over;
- --i, over = eina_list_prev(over))
- ;
- else
- /* Go forward from current. */
- for (i = it->index, over = it->current;
- i < idx && over;
- ++i, over = eina_list_next(over))
- ;
- }
- else
- {
- /* Before current position. */
- middle = it->index >> 1;
-
- if (idx > middle)
- /* Go backward from current. */
- for (i = it->index, over = it->current;
- i > idx && over;
- --i, over = eina_list_prev(over))
- ;
- else
- /* Go forward from start. */
- for (i = 0, over = it->head;
- i < idx && over;
- ++i, over = eina_list_next(over))
- ;
- }
-
- if (!over)
- return EINA_FALSE;
-
- it->current = over;
- it->index = idx;
-
- *data = eina_list_data_get(it->current);
- return EINA_TRUE;
+ const Eina_List *over;
+ unsigned int middle;
+ unsigned int i;
+
+ EINA_MAGIC_CHECK_LIST_ACCESSOR(it, EINA_FALSE);
+
+ if (idx >= eina_list_count(it->head))
+ return EINA_FALSE;
+
+ if (it->index == idx)
+ over = it->current;
+ else if (idx > it->index) {
+ /* After current position. */
+ middle =
+ ((eina_list_count(it->head) - it->index) >> 1) +
+ it->index;
+
+ if (idx > middle)
+ /* Go backward from the end. */
+ for (i = eina_list_count(it->head) - 1,
+ over = eina_list_last(it->head);
+ i > idx && over;
+ --i, over = eina_list_prev(over));
+ else
+ /* Go forward from current. */
+ for (i = it->index, over = it->current;
+ i < idx && over;
+ ++i, over = eina_list_next(over));
+ } else {
+ /* Before current position. */
+ middle = it->index >> 1;
+
+ if (idx > middle)
+ /* Go backward from current. */
+ for (i = it->index, over = it->current;
+ i > idx && over;
+ --i, over = eina_list_prev(over));
+ else
+ /* Go forward from start. */
+ for (i = 0, over = it->head;
+ i < idx && over;
+ ++i, over = eina_list_next(over));
+ }
+
+ if (!over)
+ return EINA_FALSE;
+
+ it->current = over;
+ it->index = idx;
+
+ *data = eina_list_data_get(it->current);
+ return EINA_TRUE;
}
-static Eina_List *
-eina_list_accessor_get_container(Eina_Accessor_List *it)
+static Eina_List *eina_list_accessor_get_container(Eina_Accessor_List * it)
{
- EINA_MAGIC_CHECK_LIST_ACCESSOR(it, NULL);
+ EINA_MAGIC_CHECK_LIST_ACCESSOR(it, NULL);
- return (Eina_List *)it->head;
+ return (Eina_List *) it->head;
}
-static void
-eina_list_accessor_free(Eina_Accessor_List *it)
+static void eina_list_accessor_free(Eina_Accessor_List * it)
{
- EINA_MAGIC_CHECK_LIST_ACCESSOR(it);
+ EINA_MAGIC_CHECK_LIST_ACCESSOR(it);
- MAGIC_FREE(it);
+ MAGIC_FREE(it);
}
-static Eina_List *
-eina_list_sort_rebuild_prev(Eina_List *list)
+static Eina_List *eina_list_sort_rebuild_prev(Eina_List * list)
{
- Eina_List *prev = NULL;
+ Eina_List *prev = NULL;
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- for (; list; list = list->next)
- {
- list->prev = prev;
- prev = list;
- }
+ for (; list; list = list->next) {
+ list->prev = prev;
+ prev = list;
+ }
- return prev;
+ return prev;
}
-static Eina_List *
-eina_list_sort_merge(Eina_List *a, Eina_List *b, Eina_Compare_Cb func)
+static Eina_List *eina_list_sort_merge(Eina_List * a, Eina_List * b,
+ Eina_Compare_Cb func)
{
- Eina_List *first, *last;
+ Eina_List *first, *last;
- if (func(a->data, b->data) < 0)
- a = (last = first = a)->next;
- else
- b = (last = first = b)->next;
+ if (func(a->data, b->data) < 0)
+ a = (last = first = a)->next;
+ else
+ b = (last = first = b)->next;
- while (a && b)
- if (func(a->data, b->data) < 0)
- a = (last = last->next = a)->next;
- else
- b = (last = last->next = b)->next;
+ while (a && b)
+ if (func(a->data, b->data) < 0)
+ a = (last = last->next = a)->next;
+ else
+ b = (last = last->next = b)->next;
- last->next = a ? a : b;
+ last->next = a ? a : b;
- return first;
+ return first;
}
/**
@@ -452,59 +438,53 @@ eina_list_sort_merge(Eina_List *a, Eina_List *b, Eina_Compare_Cb func)
*
* @see eina_init()
*/
-Eina_Bool
-eina_list_init(void)
+Eina_Bool eina_list_init(void)
{
- const char *choice, *tmp;
-
- _eina_list_log_dom = eina_log_domain_register("eina_list",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_list_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_list");
- return EINA_FALSE;
- }
-
+ const char *choice, *tmp;
+
+ _eina_list_log_dom = eina_log_domain_register("eina_list",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_list_log_dom < 0) {
+ EINA_LOG_ERR("Could not register log domain: eina_list");
+ return EINA_FALSE;
+ }
#ifdef EINA_DEFAULT_MEMPOOL
- choice = "pass_through";
+ choice = "pass_through";
#else
- choice = "chained_mempool";
+ choice = "chained_mempool";
#endif
- tmp = getenv("EINA_MEMPOOL");
- if (tmp && tmp[0])
- choice = tmp;
-
- _eina_list_mp = eina_mempool_add
- (choice, "list", NULL, sizeof(Eina_List), 320);
- if (!_eina_list_mp)
- {
- ERR("ERROR: Mempool for list cannot be allocated in list init.");
- goto on_init_fail;
- }
-
- _eina_list_accounting_mp = eina_mempool_add
- (choice, "list_accounting", NULL, sizeof(Eina_List_Accounting), 80);
- if (!_eina_list_accounting_mp)
- {
- ERR(
- "ERROR: Mempool for list accounting cannot be allocated in list init.");
- eina_mempool_del(_eina_list_mp);
- goto on_init_fail;
- }
-
+ tmp = getenv("EINA_MEMPOOL");
+ if (tmp && tmp[0])
+ choice = tmp;
+
+ _eina_list_mp = eina_mempool_add
+ (choice, "list", NULL, sizeof(Eina_List), 320);
+ if (!_eina_list_mp) {
+ ERR("ERROR: Mempool for list cannot be allocated in list init.");
+ goto on_init_fail;
+ }
+
+ _eina_list_accounting_mp = eina_mempool_add
+ (choice, "list_accounting", NULL, sizeof(Eina_List_Accounting),
+ 80);
+ if (!_eina_list_accounting_mp) {
+ ERR("ERROR: Mempool for list accounting cannot be allocated in list init.");
+ eina_mempool_del(_eina_list_mp);
+ goto on_init_fail;
+ }
#define EMS(n) eina_magic_string_static_set(n, n ## _STR)
- EMS(EINA_MAGIC_LIST);
- EMS(EINA_MAGIC_LIST_ITERATOR);
- EMS(EINA_MAGIC_LIST_ACCESSOR);
- EMS(EINA_MAGIC_LIST_ACCOUNTING);
+ EMS(EINA_MAGIC_LIST);
+ EMS(EINA_MAGIC_LIST_ITERATOR);
+ EMS(EINA_MAGIC_LIST_ACCESSOR);
+ EMS(EINA_MAGIC_LIST_ACCOUNTING);
#undef EMS
- return EINA_TRUE;
+ return EINA_TRUE;
-on_init_fail:
- eina_log_domain_unregister(_eina_list_log_dom);
- _eina_list_log_dom = -1;
- return EINA_FALSE;
+ on_init_fail:
+ eina_log_domain_unregister(_eina_list_log_dom);
+ _eina_list_log_dom = -1;
+ return EINA_FALSE;
}
/**
@@ -518,15 +498,14 @@ on_init_fail:
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_list_shutdown(void)
+Eina_Bool eina_list_shutdown(void)
{
- eina_mempool_del(_eina_list_accounting_mp);
- eina_mempool_del(_eina_list_mp);
+ eina_mempool_del(_eina_list_accounting_mp);
+ eina_mempool_del(_eina_list_mp);
- eina_log_domain_unregister(_eina_list_log_dom);
- _eina_list_log_dom = -1;
- return EINA_TRUE;
+ eina_log_domain_unregister(_eina_list_log_dom);
+ _eina_list_log_dom = -1;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -570,34 +549,32 @@ eina_list_shutdown(void)
* }
* @endcode
*/
-EAPI Eina_List *
-eina_list_append(Eina_List *list, const void *data)
+EAPI Eina_List *eina_list_append(Eina_List * list, const void *data)
{
- Eina_List *l, *new_l;
+ Eina_List *l, *new_l;
- eina_error_set(0);
- new_l = _eina_list_mempool_list_new(list);
- if (!new_l)
- return list;
+ eina_error_set(0);
+ new_l = _eina_list_mempool_list_new(list);
+ if (!new_l)
+ return list;
- new_l->next = NULL;
- new_l->data = (void *)data;
- if (!list)
- {
- new_l->prev = NULL;
- return _eina_list_setup_accounting(new_l);
- }
+ new_l->next = NULL;
+ new_l->data = (void *) data;
+ if (!list) {
+ new_l->prev = NULL;
+ return _eina_list_setup_accounting(new_l);
+ }
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- l = list->accounting->last;
- list->accounting->last = new_l;
+ l = list->accounting->last;
+ list->accounting->last = new_l;
- l->next = new_l;
- new_l->prev = l;
+ l->next = new_l;
+ new_l->prev = l;
- _eina_list_update_accounting(list, new_l);
- return list;
+ _eina_list_update_accounting(list, new_l);
+ return list;
}
/**
@@ -628,30 +605,29 @@ eina_list_append(Eina_List *list, const void *data)
* }
* @endcode
*/
-EAPI Eina_List *
-eina_list_prepend(Eina_List *list, const void *data)
+EAPI Eina_List *eina_list_prepend(Eina_List * list, const void *data)
{
- Eina_List *new_l;
+ Eina_List *new_l;
- eina_error_set(0);
- new_l = _eina_list_mempool_list_new(list);
- if (!new_l)
- return list;
+ eina_error_set(0);
+ new_l = _eina_list_mempool_list_new(list);
+ if (!new_l)
+ return list;
- new_l->prev = NULL;
- new_l->next = list;
- new_l->data = (void *)data;
+ new_l->prev = NULL;
+ new_l->next = list;
+ new_l->data = (void *) data;
- if (!list)
- return _eina_list_setup_accounting(new_l);
+ if (!list)
+ return _eina_list_setup_accounting(new_l);
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- list->prev = new_l;
+ list->prev = new_l;
- _eina_list_update_accounting(list, new_l);
+ _eina_list_update_accounting(list, new_l);
- return new_l;
+ return new_l;
}
/**
@@ -692,24 +668,23 @@ eina_list_prepend(Eina_List *list, const void *data)
* }
* @endcode
*/
-EAPI Eina_List *
-eina_list_append_relative(Eina_List *list,
- const void *data,
- const void *relative)
+EAPI Eina_List *eina_list_append_relative(Eina_List * list,
+ const void *data,
+ const void *relative)
{
- Eina_List *l;
- void *list_data;
+ Eina_List *l;
+ void *list_data;
- if (list)
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ if (list)
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- EINA_LIST_FOREACH(list, l, list_data)
- {
- if (list_data == relative)
- return eina_list_append_relative_list(list, data, l);
- }
+ EINA_LIST_FOREACH(list, l, list_data) {
+ if (list_data == relative)
+ return eina_list_append_relative_list(list, data,
+ l);
+ }
- return eina_list_append(list, data);
+ return eina_list_append(list, data);
}
/**
@@ -729,37 +704,36 @@ eina_list_append_relative(Eina_List *list,
* place of the one given to this function is returned. Otherwise, the
* old pointer is returned.
*/
-EAPI Eina_List *
-eina_list_append_relative_list(Eina_List *list,
- const void *data,
- Eina_List *relative)
+EAPI Eina_List *eina_list_append_relative_list(Eina_List * list,
+ const void *data,
+ Eina_List * relative)
{
- Eina_List *new_l;
+ Eina_List *new_l;
- if ((!list) || (!relative))
- return eina_list_append(list, data);
+ if ((!list) || (!relative))
+ return eina_list_append(list, data);
- eina_error_set(0);
- new_l = _eina_list_mempool_list_new(list);
- if (!new_l)
- return list;
+ eina_error_set(0);
+ new_l = _eina_list_mempool_list_new(list);
+ if (!new_l)
+ return list;
- EINA_MAGIC_CHECK_LIST(relative, NULL);
- new_l->next = relative->next;
- new_l->data = (void *)data;
+ EINA_MAGIC_CHECK_LIST(relative, NULL);
+ new_l->next = relative->next;
+ new_l->data = (void *) data;
- if (relative->next)
- relative->next->prev = new_l;
+ if (relative->next)
+ relative->next->prev = new_l;
- relative->next = new_l;
- new_l->prev = relative;
+ relative->next = new_l;
+ new_l->prev = relative;
- _eina_list_update_accounting(list, new_l);
+ _eina_list_update_accounting(list, new_l);
- if (!new_l->next)
- new_l->accounting->last = new_l;
+ if (!new_l->next)
+ new_l->accounting->last = new_l;
- return list;
+ return list;
}
/**
@@ -800,23 +774,22 @@ eina_list_append_relative_list(Eina_List *list,
* }
* @endcode
*/
-EAPI Eina_List *
-eina_list_prepend_relative(Eina_List *list,
- const void *data,
- const void *relative)
+EAPI Eina_List *eina_list_prepend_relative(Eina_List * list,
+ const void *data,
+ const void *relative)
{
- Eina_List *l;
- void *list_data;
-
- if (list)
- EINA_MAGIC_CHECK_LIST(list, NULL);
-
- EINA_LIST_FOREACH(list, l, list_data)
- {
- if (list_data == relative)
- return eina_list_prepend_relative_list(list, data, l);
- }
- return eina_list_prepend(list, data);
+ Eina_List *l;
+ void *list_data;
+
+ if (list)
+ EINA_MAGIC_CHECK_LIST(list, NULL);
+
+ EINA_LIST_FOREACH(list, l, list_data) {
+ if (list_data == relative)
+ return eina_list_prepend_relative_list(list, data,
+ l);
+ }
+ return eina_list_prepend(list, data);
}
/**
@@ -836,38 +809,37 @@ eina_list_prepend_relative(Eina_List *list,
* place of the one given to this function is returned. Otherwise, the
* old pointer is returned.
*/
-EAPI Eina_List *
-eina_list_prepend_relative_list(Eina_List *list,
- const void *data,
- Eina_List *relative)
+EAPI Eina_List *eina_list_prepend_relative_list(Eina_List * list,
+ const void *data,
+ Eina_List * relative)
{
- Eina_List *new_l;
+ Eina_List *new_l;
- if ((!list) || (!relative))
- return eina_list_prepend(list, data);
+ if ((!list) || (!relative))
+ return eina_list_prepend(list, data);
- eina_error_set(0);
- new_l = _eina_list_mempool_list_new(list);
- if (!new_l)
- return list;
+ eina_error_set(0);
+ new_l = _eina_list_mempool_list_new(list);
+ if (!new_l)
+ return list;
- EINA_MAGIC_CHECK_LIST(relative, NULL);
+ EINA_MAGIC_CHECK_LIST(relative, NULL);
- new_l->prev = relative->prev;
- new_l->next = relative;
- new_l->data = (void *)data;
+ new_l->prev = relative->prev;
+ new_l->next = relative;
+ new_l->data = (void *) data;
- if (relative->prev)
- relative->prev->next = new_l;
+ if (relative->prev)
+ relative->prev->next = new_l;
- relative->prev = new_l;
+ relative->prev = new_l;
- _eina_list_update_accounting(list, new_l);
+ _eina_list_update_accounting(list, new_l);
- if (new_l->prev)
- return list;
+ if (new_l->prev)
+ return list;
- return new_l;
+ return new_l;
}
/**
@@ -891,20 +863,21 @@ eina_list_prepend_relative_list(Eina_List *list,
* can be costly, consider worst case to be almost O(n) pointer
* dereference (list walk).
*/
-EAPI Eina_List *
-eina_list_sorted_insert(Eina_List *list, Eina_Compare_Cb func, const void *data)
+EAPI Eina_List *eina_list_sorted_insert(Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data)
{
- Eina_List *lnear;
- int cmp;
+ Eina_List *lnear;
+ int cmp;
- if (!list)
- return eina_list_append(NULL, data);
+ if (!list)
+ return eina_list_append(NULL, data);
- lnear = eina_list_search_sorted_near_list(list, func, data, &cmp);
- if (cmp < 0)
- return eina_list_append_relative_list(list, data, lnear);
- else
- return eina_list_prepend_relative_list(list, data, lnear);
+ lnear = eina_list_search_sorted_near_list(list, func, data, &cmp);
+ if (cmp < 0)
+ return eina_list_append_relative_list(list, data, lnear);
+ else
+ return eina_list_prepend_relative_list(list, data, lnear);
}
/**
@@ -921,16 +894,15 @@ eina_list_sorted_insert(Eina_List *list, Eina_Compare_Cb func, const void *data)
* pointer that should be used in place of the one passed to this
* function.
*/
-EAPI Eina_List *
-eina_list_remove(Eina_List *list, const void *data)
+EAPI Eina_List *eina_list_remove(Eina_List * list, const void *data)
{
- Eina_List *l;
+ Eina_List *l;
- if (list)
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ if (list)
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- l = eina_list_data_find_list(list, data);
- return eina_list_remove_list(list, l);
+ l = eina_list_data_find_list(list, data);
+ return eina_list_remove_list(list, l);
}
/**
@@ -966,38 +938,35 @@ eina_list_remove(Eina_List *list, const void *data)
* }
* @endcode
*/
-EAPI Eina_List *
-eina_list_remove_list(Eina_List *list, Eina_List *remove_list)
+EAPI Eina_List *eina_list_remove_list(Eina_List * list,
+ Eina_List * remove_list)
{
- Eina_List *return_l;
+ Eina_List *return_l;
- if (!list)
- return NULL;
+ if (!list)
+ return NULL;
- if (!remove_list)
- return list;
+ if (!remove_list)
+ return list;
- EINA_MAGIC_CHECK_LIST(remove_list, NULL);
+ EINA_MAGIC_CHECK_LIST(remove_list, NULL);
- if (remove_list->next)
- remove_list->next->prev = remove_list->prev;
+ if (remove_list->next)
+ remove_list->next->prev = remove_list->prev;
- if (remove_list->prev)
- {
- remove_list->prev->next = remove_list->next;
- return_l = list;
- }
- else
- return_l = remove_list->next;
+ if (remove_list->prev) {
+ remove_list->prev->next = remove_list->next;
+ return_l = list;
+ } else
+ return_l = remove_list->next;
- if (remove_list == remove_list->accounting->last)
- {
- EINA_MAGIC_CHECK_LIST(list, NULL);
- list->accounting->last = remove_list->prev;
- }
+ if (remove_list == remove_list->accounting->last) {
+ EINA_MAGIC_CHECK_LIST(list, NULL);
+ list->accounting->last = remove_list->prev;
+ }
- _eina_list_mempool_list_free(remove_list);
- return return_l;
+ _eina_list_mempool_list_free(remove_list);
+ return return_l;
}
/**
@@ -1009,25 +978,23 @@ eina_list_remove_list(Eina_List *list, Eina_List *remove_list)
* This function frees all the nodes of @p list. It does not free the
* data of the nodes. To free them, use #EINA_LIST_FREE.
*/
-EAPI Eina_List *
-eina_list_free(Eina_List *list)
+EAPI Eina_List *eina_list_free(Eina_List * list)
{
- Eina_List *l, *free_l;
+ Eina_List *l, *free_l;
- if (!list)
- return NULL;
+ if (!list)
+ return NULL;
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- for (l = list; l; )
- {
- free_l = l;
- l = l->next;
+ for (l = list; l;) {
+ free_l = l;
+ l = l->next;
- _eina_list_mempool_list_free(free_l);
- }
+ _eina_list_mempool_list_free(free_l);
+ }
- return NULL;
+ return NULL;
}
/**
@@ -1059,47 +1026,45 @@ eina_list_free(Eina_List *list)
* }
* @endcode
*/
-EAPI Eina_List *
-eina_list_promote_list(Eina_List *list, Eina_List *move_list)
+EAPI Eina_List *eina_list_promote_list(Eina_List * list,
+ Eina_List * move_list)
{
- if (!list)
- return NULL;
-
- if (!move_list)
- {
- return list; /* Promoting head to be head. */
-
- }
-
- if (move_list == list)
- return list;
-
- if (move_list->next == list)
- return move_list;
-
- EINA_MAGIC_CHECK_LIST(list, NULL);
- EINA_MAGIC_CHECK_LIST(move_list, NULL);
-
- /* Remove the promoted item from the list. */
- if (!move_list->prev)
- move_list->next->prev = NULL;
- else
- {
- move_list->prev->next = move_list->next;
- if (move_list == list->accounting->last)
- list->accounting->last = move_list->prev;
- else
- move_list->next->prev = move_list->prev;
- }
-
- /* Add the promoted item in the list. */
- move_list->next = list;
- move_list->prev = list->prev;
- list->prev = move_list;
- if (move_list->prev)
- move_list->prev->next = move_list;
-
- return move_list;
+ if (!list)
+ return NULL;
+
+ if (!move_list) {
+ return list; /* Promoting head to be head. */
+
+ }
+
+ if (move_list == list)
+ return list;
+
+ if (move_list->next == list)
+ return move_list;
+
+ EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(move_list, NULL);
+
+ /* Remove the promoted item from the list. */
+ if (!move_list->prev)
+ move_list->next->prev = NULL;
+ else {
+ move_list->prev->next = move_list->next;
+ if (move_list == list->accounting->last)
+ list->accounting->last = move_list->prev;
+ else
+ move_list->next->prev = move_list->prev;
+ }
+
+ /* Add the promoted item in the list. */
+ move_list->next = list;
+ move_list->prev = list->prev;
+ list->prev = move_list;
+ if (move_list->prev)
+ move_list->prev->next = move_list;
+
+ return move_list;
}
/**
@@ -1131,42 +1096,40 @@ eina_list_promote_list(Eina_List *list, Eina_List *move_list)
* }
* @endcode
*/
-EAPI Eina_List *
-eina_list_demote_list(Eina_List *list, Eina_List *move_list)
+EAPI Eina_List *eina_list_demote_list(Eina_List * list,
+ Eina_List * move_list)
{
- if (!list)
- return NULL;
+ if (!list)
+ return NULL;
- if (!move_list)
- {
- return list; /* Demoting tail to be tail. */
+ if (!move_list) {
+ return list; /* Demoting tail to be tail. */
- }
+ }
- if (move_list == list->accounting->last)
- return list;
+ if (move_list == list->accounting->last)
+ return list;
- EINA_MAGIC_CHECK_LIST(list, NULL);
- EINA_MAGIC_CHECK_LIST(move_list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(move_list, NULL);
- /* Update pointer list if necessary. */
- if (list == move_list)
- {
- list = move_list->next; /* Remove the demoted item from the list. */
+ /* Update pointer list if necessary. */
+ if (list == move_list) {
+ list = move_list->next; /* Remove the demoted item from the list. */
- }
+ }
- if (move_list->prev)
- move_list->prev->next = move_list->next;
+ if (move_list->prev)
+ move_list->prev->next = move_list->next;
- move_list->next->prev = move_list->prev;
- /* Add the demoted item in the list. */
- move_list->prev = list->accounting->last;
- move_list->prev->next = move_list;
- move_list->next = NULL;
- list->accounting->last = move_list;
+ move_list->next->prev = move_list->prev;
+ /* Add the demoted item in the list. */
+ move_list->prev = list->accounting->last;
+ move_list->prev->next = move_list;
+ move_list->next = NULL;
+ list->accounting->last = move_list;
- return list;
+ return list;
}
/**
@@ -1191,13 +1154,12 @@ eina_list_demote_list(Eina_List *list, Eina_List *move_list)
* }
* @endcode
*/
-EAPI void *
-eina_list_data_find(const Eina_List *list, const void *data)
+EAPI void *eina_list_data_find(const Eina_List * list, const void *data)
{
- if (eina_list_data_find_list(list, data))
- return (void *)data;
+ if (eina_list_data_find_list(list, data))
+ return (void *) data;
- return NULL;
+ return NULL;
}
/**
@@ -1212,22 +1174,21 @@ eina_list_data_find(const Eina_List *list, const void *data)
* list node containing the specified member is returned, otherwise
* @c NULL is returned.
*/
-EAPI Eina_List *
-eina_list_data_find_list(const Eina_List *list, const void *data)
+EAPI Eina_List *eina_list_data_find_list(const Eina_List * list,
+ const void *data)
{
- const Eina_List *l;
- void *list_data;
+ const Eina_List *l;
+ void *list_data;
- if (list)
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ if (list)
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- EINA_LIST_FOREACH(list, l, list_data)
- {
- if (list_data == data)
- return (Eina_List *)l;
- }
+ EINA_LIST_FOREACH(list, l, list_data) {
+ if (list_data == data)
+ return (Eina_List *) l;
+ }
- return NULL;
+ return NULL;
}
/**
@@ -1242,13 +1203,12 @@ eina_list_data_find_list(const Eina_List *list, const void *data)
* the element number @p n does not exist, @c NULL is
* returned. Otherwise, the data of the found element is returned.
*/
-EAPI void *
-eina_list_nth(const Eina_List *list, unsigned int n)
+EAPI void *eina_list_nth(const Eina_List * list, unsigned int n)
{
- Eina_List *l;
+ Eina_List *l;
- l = eina_list_nth_list(list, n);
- return l ? l->data : NULL;
+ l = eina_list_nth_list(list, n);
+ return l ? l->data : NULL;
}
/**
@@ -1265,39 +1225,33 @@ eina_list_nth(const Eina_List *list, unsigned int n)
* returned. Otherwise the list node stored in the numbered element is
* returned.
*/
-EAPI Eina_List *
-eina_list_nth_list(const Eina_List *list, unsigned int n)
+EAPI Eina_List *eina_list_nth_list(const Eina_List * list, unsigned int n)
{
- const Eina_List *l;
- unsigned int i;
-
- if (list)
- EINA_MAGIC_CHECK_LIST(list, NULL);
-
- /* check for non-existing nodes */
- if ((!list) || (n > (list->accounting->count - 1)))
- return NULL;
-
- /* if the node is in the 2nd half of the list, search from the end
- * else, search from the beginning.
- */
- if (n > (list->accounting->count / 2))
- for (i = list->accounting->count - 1,
- l = list->accounting->last;
- l;
- l = l->prev, i--)
- {
- if (i == n)
- return (Eina_List *)l;
- }
- else
- for (i = 0, l = list; l; l = l->next, i++)
- {
- if (i == n)
- return (Eina_List *)l;
- }
-
- abort();
+ const Eina_List *l;
+ unsigned int i;
+
+ if (list)
+ EINA_MAGIC_CHECK_LIST(list, NULL);
+
+ /* check for non-existing nodes */
+ if ((!list) || (n > (list->accounting->count - 1)))
+ return NULL;
+
+ /* if the node is in the 2nd half of the list, search from the end
+ * else, search from the beginning.
+ */
+ if (n > (list->accounting->count / 2))
+ for (i = list->accounting->count - 1,
+ l = list->accounting->last; l; l = l->prev, i--) {
+ if (i == n)
+ return (Eina_List *) l;
+ } else
+ for (i = 0, l = list; l; l = l->next, i++) {
+ if (i == n)
+ return (Eina_List *) l;
+ }
+
+ abort();
}
/**
@@ -1316,33 +1270,31 @@ eina_list_nth_list(const Eina_List *list, unsigned int n)
* @see eina_list_reverse_clone()
* @see eina_list_iterator_reversed_new()
*/
-EAPI Eina_List *
-eina_list_reverse(Eina_List *list)
+EAPI Eina_List *eina_list_reverse(Eina_List * list)
{
- Eina_List *l1, *l2;
+ Eina_List *l1, *l2;
- if (!list)
- return NULL;
+ if (!list)
+ return NULL;
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- l1 = list;
- l2 = list->accounting->last;
- while (l1 != l2)
- {
- void *data;
+ l1 = list;
+ l2 = list->accounting->last;
+ while (l1 != l2) {
+ void *data;
- data = l1->data;
- l1->data = l2->data;
- l2->data = data;
- l1 = l1->next;
- if (l1 == l2)
- break;
+ data = l1->data;
+ l1->data = l2->data;
+ l2->data = data;
+ l1 = l1->next;
+ if (l1 == l2)
+ break;
- l2 = l2->prev;
- }
+ l2 = l2->prev;
+ }
- return list;
+ return list;
}
/**
@@ -1361,23 +1313,22 @@ eina_list_reverse(Eina_List *list)
* @see eina_list_reverse()
* @see eina_list_clone()
*/
-EAPI Eina_List *
-eina_list_reverse_clone(const Eina_List *list)
+EAPI Eina_List *eina_list_reverse_clone(const Eina_List * list)
{
- const Eina_List *l;
- Eina_List *lclone;
- void *data;
+ const Eina_List *l;
+ Eina_List *lclone;
+ void *data;
- if (!list)
- return NULL;
+ if (!list)
+ return NULL;
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- lclone = NULL;
- EINA_LIST_FOREACH(list, l, data)
- lclone = eina_list_prepend(lclone, data);
+ lclone = NULL;
+ EINA_LIST_FOREACH(list, l, data)
+ lclone = eina_list_prepend(lclone, data);
- return lclone;
+ return lclone;
}
/**
@@ -1395,23 +1346,22 @@ eina_list_reverse_clone(const Eina_List *list)
*
* @see eina_list_reverse_clone()
*/
-EAPI Eina_List *
-eina_list_clone(const Eina_List *list)
+EAPI Eina_List *eina_list_clone(const Eina_List * list)
{
- const Eina_List *l;
- Eina_List *lclone;
- void *data;
+ const Eina_List *l;
+ Eina_List *lclone;
+ void *data;
- if (!list)
- return NULL;
+ if (!list)
+ return NULL;
- EINA_MAGIC_CHECK_LIST(list, NULL);
+ EINA_MAGIC_CHECK_LIST(list, NULL);
- lclone = NULL;
- EINA_LIST_FOREACH(list, l, data)
- lclone = eina_list_append(lclone, data);
+ lclone = NULL;
+ EINA_LIST_FOREACH(list, l, data)
+ lclone = eina_list_append(lclone, data);
- return lclone;
+ return lclone;
}
/**
@@ -1455,73 +1405,70 @@ eina_list_clone(const Eina_List *list)
* list = eina_list_sort(list, eina_list_count(list), sort_cb);
* @endcode
*/
-EAPI Eina_List *
-eina_list_sort(Eina_List *list, unsigned int size, Eina_Compare_Cb func)
+EAPI Eina_List *eina_list_sort(Eina_List * list, unsigned int size,
+ Eina_Compare_Cb func)
{
- unsigned int i = 0;
- unsigned int n = 0;
- Eina_List *tail = list;
- Eina_List *unsort = NULL;
- Eina_List *stack[EINA_LIST_SORT_STACK_SIZE];
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(func, list);
- if (!list)
- return NULL;
-
- EINA_MAGIC_CHECK_LIST(list, NULL);
-
- /* if the caller specified an invalid size, sort the whole list */
- if ((size == 0) ||
- (size > list->accounting->count))
- size = list->accounting->count;
-
- if (size != list->accounting->count)
- {
- unsort = eina_list_nth_list(list, size);
- if (unsort)
- unsort->prev->next = NULL;
- }
-
- while (tail)
- {
- unsigned int idx, tmp;
-
- Eina_List *a = tail;
- Eina_List *b = tail->next;
-
- if (!b)
- {
- stack[i++] = a;
- break;
- }
-
- tail = b->next;
-
- if (func(a->data, b->data) < 0)
- ((stack[i++] = a)->next = b)->next = 0;
- else
- ((stack[i++] = b)->next = a)->next = 0;
-
- tmp = n++;
- for (idx = n ^ tmp; idx &= idx - 1; i--)
- stack[i - 2] = eina_list_sort_merge(stack[i - 2], stack[i - 1], func);
- }
-
- while (i-- > 1)
- stack[i - 1] = eina_list_sort_merge(stack[i - 1], stack[i], func);
-
- list = stack[0];
- tail = eina_list_sort_rebuild_prev(list);
-
- if (unsort)
- {
- tail->next = unsort;
- unsort->prev = tail;
- }
- else
- list->accounting->last = tail;
-
- return list;
+ unsigned int i = 0;
+ unsigned int n = 0;
+ Eina_List *tail = list;
+ Eina_List *unsort = NULL;
+ Eina_List *stack[EINA_LIST_SORT_STACK_SIZE];
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(func, list);
+ if (!list)
+ return NULL;
+
+ EINA_MAGIC_CHECK_LIST(list, NULL);
+
+ /* if the caller specified an invalid size, sort the whole list */
+ if ((size == 0) || (size > list->accounting->count))
+ size = list->accounting->count;
+
+ if (size != list->accounting->count) {
+ unsort = eina_list_nth_list(list, size);
+ if (unsort)
+ unsort->prev->next = NULL;
+ }
+
+ while (tail) {
+ unsigned int idx, tmp;
+
+ Eina_List *a = tail;
+ Eina_List *b = tail->next;
+
+ if (!b) {
+ stack[i++] = a;
+ break;
+ }
+
+ tail = b->next;
+
+ if (func(a->data, b->data) < 0)
+ ((stack[i++] = a)->next = b)->next = 0;
+ else
+ ((stack[i++] = b)->next = a)->next = 0;
+
+ tmp = n++;
+ for (idx = n ^ tmp; idx &= idx - 1; i--)
+ stack[i - 2] =
+ eina_list_sort_merge(stack[i - 2],
+ stack[i - 1], func);
+ }
+
+ while (i-- > 1)
+ stack[i - 1] =
+ eina_list_sort_merge(stack[i - 1], stack[i], func);
+
+ list = stack[0];
+ tail = eina_list_sort_rebuild_prev(list);
+
+ if (unsort) {
+ tail->next = unsort;
+ unsort->prev = tail;
+ } else
+ list->accounting->last = tail;
+
+ return list;
}
/**
@@ -1539,54 +1486,48 @@ eina_list_sort(Eina_List *list, unsigned int size, Eina_Compare_Cb func)
* list. This is due the need to fix accounting of that segment,
* making count and last access O(1).
*/
-EAPI Eina_List *
-eina_list_merge(Eina_List *left, Eina_List *right)
+EAPI Eina_List *eina_list_merge(Eina_List * left, Eina_List * right)
{
- unsigned int n_left, n_right;
-
- if (!left)
- return right;
-
- if (!right)
- return left;
-
- left->accounting->last->next = right;
- right->prev = left->accounting->last;
-
- n_left = left->accounting->count;
- n_right = right->accounting->count;
-
- if (n_left >= n_right)
- {
- Eina_List *itr = right;
- left->accounting->last = right->accounting->last;
- left->accounting->count += n_right;
-
- _eina_list_mempool_accounting_free(right->accounting);
-
- do
- {
- itr->accounting = left->accounting;
- itr = itr->next;
- }
- while (itr);
- }
- else
- {
- Eina_List *itr = left->accounting->last;
- right->accounting->count += n_left;
-
- _eina_list_mempool_accounting_free(left->accounting);
-
- do
- {
- itr->accounting = right->accounting;
- itr = itr->prev;
- }
- while (itr);
- }
-
- return left;
+ unsigned int n_left, n_right;
+
+ if (!left)
+ return right;
+
+ if (!right)
+ return left;
+
+ left->accounting->last->next = right;
+ right->prev = left->accounting->last;
+
+ n_left = left->accounting->count;
+ n_right = right->accounting->count;
+
+ if (n_left >= n_right) {
+ Eina_List *itr = right;
+ left->accounting->last = right->accounting->last;
+ left->accounting->count += n_right;
+
+ _eina_list_mempool_accounting_free(right->accounting);
+
+ do {
+ itr->accounting = left->accounting;
+ itr = itr->next;
+ }
+ while (itr);
+ } else {
+ Eina_List *itr = left->accounting->last;
+ right->accounting->count += n_left;
+
+ _eina_list_mempool_accounting_free(left->accounting);
+
+ do {
+ itr->accounting = right->accounting;
+ itr = itr->prev;
+ }
+ while (itr);
+ }
+
+ return left;
}
@@ -1606,49 +1547,49 @@ eina_list_merge(Eina_List *left, Eina_List *right)
* list does not exist anymore after the split.
*
*/
-EAPI Eina_List *
-eina_list_split_list(Eina_List *list, Eina_List *relative, Eina_List **right)
+EAPI Eina_List *eina_list_split_list(Eina_List * list,
+ Eina_List * relative,
+ Eina_List ** right)
{
- Eina_List *next;
- Eina_List *itr;
-
- if(!right)
- return list;
-
- *right = NULL;
-
- if (!list)
- return NULL;
-
- if (!relative)
- {
- *right = list;
- return NULL;
- }
-
- if (relative == eina_list_last(list))
- return list;
-
- next = eina_list_next(relative);
- next->prev = NULL;
- next->accounting = _eina_list_mempool_accounting_new(next);
- next->accounting->last = list->accounting->last;
- *right = next;
-
- itr = next;
- do
- {
- itr->accounting = next->accounting;
- next->accounting->count++;
- itr = itr->next;
- }
- while (itr);
-
- relative->next = NULL;
- list->accounting->last = relative;
- list->accounting->count = list->accounting->count - next->accounting->count;
-
- return list;
+ Eina_List *next;
+ Eina_List *itr;
+
+ if (!right)
+ return list;
+
+ *right = NULL;
+
+ if (!list)
+ return NULL;
+
+ if (!relative) {
+ *right = list;
+ return NULL;
+ }
+
+ if (relative == eina_list_last(list))
+ return list;
+
+ next = eina_list_next(relative);
+ next->prev = NULL;
+ next->accounting = _eina_list_mempool_accounting_new(next);
+ next->accounting->last = list->accounting->last;
+ *right = next;
+
+ itr = next;
+ do {
+ itr->accounting = next->accounting;
+ next->accounting->count++;
+ itr = itr->next;
+ }
+ while (itr);
+
+ relative->next = NULL;
+ list->accounting->last = relative;
+ list->accounting->count =
+ list->accounting->count - next->accounting->count;
+
+ return list;
}
/**
@@ -1686,81 +1627,71 @@ eina_list_split_list(Eina_List *list, Eina_List *relative, Eina_List **right)
* list = eina_list_sorted_merge(sorted1, sorted2, sort_cb);
* @endcode
*/
-EAPI Eina_List *
-eina_list_sorted_merge(Eina_List *left, Eina_List *right, Eina_Compare_Cb func)
+EAPI Eina_List *eina_list_sorted_merge(Eina_List * left, Eina_List * right,
+ Eina_Compare_Cb func)
{
- Eina_List *ret;
- Eina_List *current;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(func, NULL);
-
- if (!left)
- return right;
-
- if (!right)
- return left;
-
- if (func(left->data, right->data) < 0)
- {
- ret = left;
- current = left;
- left = left->next;
- ret->accounting->count += right->accounting->count;
-
- _eina_list_mempool_accounting_free(right->accounting);
- }
- else
- {
- ret = right;
- current = right;
- right = right->next;
- ret->accounting->count += left->accounting->count;
-
- _eina_list_mempool_accounting_free(left->accounting);
- }
-
- while (left && right)
- {
- if (func(left->data, right->data) < 0)
- {
- current->next = left;
- left->prev = current;
- left = left->next;
- }
- else
- {
- current->next = right;
- right->prev = current;
- right = right->next;
- }
-
- current = current->next;
- current->accounting = ret->accounting;
- }
-
- if (left)
- {
- current->next = left;
- left->prev = current;
- current->accounting = ret->accounting;
- }
-
- if (right)
- {
- current->next = right;
- right->prev = current;
- current->accounting = ret->accounting;
- }
-
- while (current->next)
- {
- current = current->next;
- current->accounting = ret->accounting;
- }
-
- ret->accounting->last = current;
-
- return ret;
+ Eina_List *ret;
+ Eina_List *current;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(func, NULL);
+
+ if (!left)
+ return right;
+
+ if (!right)
+ return left;
+
+ if (func(left->data, right->data) < 0) {
+ ret = left;
+ current = left;
+ left = left->next;
+ ret->accounting->count += right->accounting->count;
+
+ _eina_list_mempool_accounting_free(right->accounting);
+ } else {
+ ret = right;
+ current = right;
+ right = right->next;
+ ret->accounting->count += left->accounting->count;
+
+ _eina_list_mempool_accounting_free(left->accounting);
+ }
+
+ while (left && right) {
+ if (func(left->data, right->data) < 0) {
+ current->next = left;
+ left->prev = current;
+ left = left->next;
+ } else {
+ current->next = right;
+ right->prev = current;
+ right = right->next;
+ }
+
+ current = current->next;
+ current->accounting = ret->accounting;
+ }
+
+ if (left) {
+ current->next = left;
+ left->prev = current;
+ current->accounting = ret->accounting;
+ }
+
+ if (right) {
+ current->next = right;
+ right->prev = current;
+ current->accounting = ret->accounting;
+ }
+
+ while (current->next) {
+ current = current->next;
+ current->accounting = ret->accounting;
+ }
+
+ ret->accounting->last = current;
+
+ return ret;
}
/**
@@ -1798,89 +1729,82 @@ eina_list_sorted_merge(Eina_List *left, Eina_List *right, Eina_Compare_Cb func)
* @see eina_list_sort()
* @see eina_list_sorted_merge()
*/
-EAPI Eina_List *
-eina_list_search_sorted_near_list(const Eina_List *list,
- Eina_Compare_Cb func,
- const void *data,
- int *result_cmp)
+EAPI Eina_List *eina_list_search_sorted_near_list(const Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data,
+ int *result_cmp)
{
- const Eina_List *ct;
- unsigned int inf, sup, cur;
- int cmp;
-
- if (!list)
- {
- if (result_cmp)
- *result_cmp = 0;
-
- return NULL;
- }
-
- if (list->accounting->count == 1)
- {
- if (result_cmp)
- *result_cmp = func(list->data, data);
-
- return (Eina_List *)list;
- }
-
- /* list walk is expensive, do quick check: tail */
- ct = list->accounting->last;
- cmp = func(ct->data, data);
- if (cmp <= 0)
- goto end;
-
- /* list walk is expensive, do quick check: head */
- ct = list;
- cmp = func(ct->data, data);
- if (cmp >= 0)
- goto end;
-
- /* inclusive bounds */
- inf = 1;
- sup = list->accounting->count - 2;
- cur = 1;
- ct = list->next;
-
- /* no loop, just compare if comparison value is important to caller */
- if (inf > sup)
- {
- if (result_cmp)
- cmp = func(ct->data, data);
-
- goto end;
- }
-
- while (inf <= sup)
- {
- unsigned int tmp = cur;
- cur = inf + ((sup - inf) >> 1);
- if (tmp < cur)
- for (; tmp != cur; tmp++, ct = ct->next) ;
- else if (tmp > cur)
- for (; tmp != cur; tmp--, ct = ct->prev) ;
-
- cmp = func(ct->data, data);
- if (cmp == 0)
- break;
- else if (cmp < 0)
- inf = cur + 1;
- else if (cmp > 0)
- {
- if (cur > 0)
- sup = cur - 1;
- else
- break;
- }
- else
- break;
- }
-
-end:
- if (result_cmp)
- *result_cmp = cmp;
-
- return (Eina_List *)ct;
+ const Eina_List *ct;
+ unsigned int inf, sup, cur;
+ int cmp;
+
+ if (!list) {
+ if (result_cmp)
+ *result_cmp = 0;
+
+ return NULL;
+ }
+
+ if (list->accounting->count == 1) {
+ if (result_cmp)
+ *result_cmp = func(list->data, data);
+
+ return (Eina_List *) list;
+ }
+
+ /* list walk is expensive, do quick check: tail */
+ ct = list->accounting->last;
+ cmp = func(ct->data, data);
+ if (cmp <= 0)
+ goto end;
+
+ /* list walk is expensive, do quick check: head */
+ ct = list;
+ cmp = func(ct->data, data);
+ if (cmp >= 0)
+ goto end;
+
+ /* inclusive bounds */
+ inf = 1;
+ sup = list->accounting->count - 2;
+ cur = 1;
+ ct = list->next;
+
+ /* no loop, just compare if comparison value is important to caller */
+ if (inf > sup) {
+ if (result_cmp)
+ cmp = func(ct->data, data);
+
+ goto end;
+ }
+
+ while (inf <= sup) {
+ unsigned int tmp = cur;
+ cur = inf + ((sup - inf) >> 1);
+ if (tmp < cur)
+ for (; tmp != cur; tmp++, ct = ct->next);
+ else if (tmp > cur)
+ for (; tmp != cur; tmp--, ct = ct->prev);
+
+ cmp = func(ct->data, data);
+ if (cmp == 0)
+ break;
+ else if (cmp < 0)
+ inf = cur + 1;
+ else if (cmp > 0) {
+ if (cur > 0)
+ sup = cur - 1;
+ else
+ break;
+ } else
+ break;
+ }
+
+ end:
+ if (result_cmp)
+ *result_cmp = cmp;
+
+ return (Eina_List *) ct;
}
/**
@@ -1914,22 +1838,21 @@ end:
* @see eina_list_search_unsorted_list()
* @see eina_list_search_sorted_near_list()
*/
-EAPI Eina_List *
-eina_list_search_sorted_list(const Eina_List *list,
- Eina_Compare_Cb func,
- const void *data)
+EAPI Eina_List *eina_list_search_sorted_list(const Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data)
{
- Eina_List *lnear;
- int cmp;
+ Eina_List *lnear;
+ int cmp;
- lnear = eina_list_search_sorted_near_list(list, func, data, &cmp);
- if (!lnear)
- return NULL;
+ lnear = eina_list_search_sorted_near_list(list, func, data, &cmp);
+ if (!lnear)
+ return NULL;
- if (cmp == 0)
- return lnear;
+ if (cmp == 0)
+ return lnear;
- return NULL;
+ return NULL;
}
@@ -1964,12 +1887,12 @@ eina_list_search_sorted_list(const Eina_List *list,
* @see eina_list_sorted_merge()
* @see eina_list_search_unsorted_list()
*/
-EAPI void *
-eina_list_search_sorted(const Eina_List *list,
- Eina_Compare_Cb func,
- const void *data)
+EAPI void *eina_list_search_sorted(const Eina_List * list,
+ Eina_Compare_Cb func, const void *data)
{
- return eina_list_data_get(eina_list_search_sorted_list(list, func, data));
+ return
+ eina_list_data_get(eina_list_search_sorted_list
+ (list, func, data));
}
/**
@@ -1993,20 +1916,18 @@ eina_list_search_sorted(const Eina_List *list,
* @see eina_list_search_sorted_list()
* @see eina_list_search_unsorted()
*/
-EAPI Eina_List *
-eina_list_search_unsorted_list(const Eina_List *list,
- Eina_Compare_Cb func,
- const void *data)
+EAPI Eina_List *eina_list_search_unsorted_list(const Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data)
{
- const Eina_List *l;
- void *d;
-
- EINA_LIST_FOREACH(list, l, d)
- {
- if (!func(d, data))
- return (Eina_List *)l;
- }
- return NULL;
+ const Eina_List *l;
+ void *d;
+
+ EINA_LIST_FOREACH(list, l, d) {
+ if (!func(d, data))
+ return (Eina_List *) l;
+ }
+ return NULL;
}
/**
@@ -2031,12 +1952,13 @@ eina_list_search_unsorted_list(const Eina_List *list,
* @see eina_list_search_sorted()
* @see eina_list_search_unsorted_list()
*/
-EAPI void *
-eina_list_search_unsorted(const Eina_List *list,
- Eina_Compare_Cb func,
- const void *data)
+EAPI void *eina_list_search_unsorted(const Eina_List * list,
+ Eina_Compare_Cb func,
+ const void *data)
{
- return eina_list_data_get(eina_list_search_unsorted_list(list, func, data));
+ return
+ eina_list_data_get(eina_list_search_unsorted_list
+ (list, func, data));
}
@@ -2060,32 +1982,30 @@ eina_list_search_unsorted(const Eina_List *list,
* invalid! That is, if you add or remove nodes this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_list_iterator_new(const Eina_List *list)
+EAPI Eina_Iterator *eina_list_iterator_new(const Eina_List * list)
{
- Eina_Iterator_List *it;
+ Eina_Iterator_List *it;
- eina_error_set(0);
- it = calloc(1, sizeof (Eina_Iterator_List));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ it = calloc(1, sizeof(Eina_Iterator_List));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- EINA_MAGIC_SET(it, EINA_MAGIC_LIST_ITERATOR);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(it, EINA_MAGIC_LIST_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- it->head = list;
- it->current = list;
+ it->head = list;
+ it->current = list;
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(eina_list_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- eina_list_iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(eina_list_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(eina_list_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(eina_list_iterator_get_container);
+ it->iterator.free = FUNC_ITERATOR_FREE(eina_list_iterator_free);
- return &it->iterator;
+ return &it->iterator;
}
/**
@@ -2110,32 +2030,30 @@ eina_list_iterator_new(const Eina_List *list)
* invalid! That is, if you add or remove nodes this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_list_iterator_reversed_new(const Eina_List *list)
+EAPI Eina_Iterator *eina_list_iterator_reversed_new(const Eina_List * list)
{
- Eina_Iterator_List *it;
+ Eina_Iterator_List *it;
- eina_error_set(0);
- it = calloc(1, sizeof (Eina_Iterator_List));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ it = calloc(1, sizeof(Eina_Iterator_List));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- EINA_MAGIC_SET(it, EINA_MAGIC_LIST_ITERATOR);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(it, EINA_MAGIC_LIST_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- it->head = eina_list_last(list);
- it->current = it->head;
+ it->head = eina_list_last(list);
+ it->current = it->head;
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(eina_list_iterator_prev);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- eina_list_iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(eina_list_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(eina_list_iterator_prev);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(eina_list_iterator_get_container);
+ it->iterator.free = FUNC_ITERATOR_FREE(eina_list_iterator_free);
- return &it->iterator;
+ return &it->iterator;
}
/**
@@ -2150,33 +2068,32 @@ eina_list_iterator_reversed_new(const Eina_List *list)
* not be allocated, NULL is returned and #EINA_ERROR_OUT_OF_MEMORY is
* set. Otherwise, a valid accessor is returned.
*/
-EAPI Eina_Accessor *
-eina_list_accessor_new(const Eina_List *list)
+EAPI Eina_Accessor *eina_list_accessor_new(const Eina_List * list)
{
- Eina_Accessor_List *ac;
-
- eina_error_set(0);
- ac = calloc(1, sizeof (Eina_Accessor_List));
- if (!ac)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
-
- EINA_MAGIC_SET(ac, EINA_MAGIC_LIST_ACCESSOR);
- EINA_MAGIC_SET(&ac->accessor, EINA_MAGIC_ACCESSOR);
-
- ac->head = list;
- ac->current = list;
- ac->index = 0;
-
- ac->accessor.version = EINA_ACCESSOR_VERSION;
- ac->accessor.get_at = FUNC_ACCESSOR_GET_AT(eina_list_accessor_get_at);
- ac->accessor.get_container = FUNC_ACCESSOR_GET_CONTAINER(
- eina_list_accessor_get_container);
- ac->accessor.free = FUNC_ACCESSOR_FREE(eina_list_accessor_free);
-
- return &ac->accessor;
+ Eina_Accessor_List *ac;
+
+ eina_error_set(0);
+ ac = calloc(1, sizeof(Eina_Accessor_List));
+ if (!ac) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+
+ EINA_MAGIC_SET(ac, EINA_MAGIC_LIST_ACCESSOR);
+ EINA_MAGIC_SET(&ac->accessor, EINA_MAGIC_ACCESSOR);
+
+ ac->head = list;
+ ac->current = list;
+ ac->index = 0;
+
+ ac->accessor.version = EINA_ACCESSOR_VERSION;
+ ac->accessor.get_at =
+ FUNC_ACCESSOR_GET_AT(eina_list_accessor_get_at);
+ ac->accessor.get_container =
+ FUNC_ACCESSOR_GET_CONTAINER(eina_list_accessor_get_container);
+ ac->accessor.free = FUNC_ACCESSOR_FREE(eina_list_accessor_free);
+
+ return &ac->accessor;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_log.c b/tests/suite/ecore/src/lib/eina_log.c
index aa9b7819ac..5b5aca839f 100644
--- a/tests/suite/ecore/src/lib/eina_log.c
+++ b/tests/suite/ecore/src/lib/eina_log.c
@@ -258,7 +258,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
@@ -268,15 +268,15 @@
#include <assert.h>
#ifndef _MSC_VER
-# include <unistd.h>
+#include <unistd.h>
#endif
#ifdef EFL_HAVE_POSIX_THREADS
-# include <pthread.h>
+#include <pthread.h>
#endif
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -313,13 +313,13 @@
// Structure for storing domain level settings passed from the command line
// that will be matched with application-defined domains.
-typedef struct _Eina_Log_Domain_Level_Pending Eina_Log_Domain_Level_Pending;
-struct _Eina_Log_Domain_Level_Pending
-{
- EINA_INLIST;
- unsigned int level;
- size_t namelen;
- char name[];
+typedef struct _Eina_Log_Domain_Level_Pending
+ Eina_Log_Domain_Level_Pending;
+struct _Eina_Log_Domain_Level_Pending {
+ EINA_INLIST;
+ unsigned int level;
+ size_t namelen;
+ char name[];
};
/*
@@ -341,16 +341,16 @@ static int _abort_level_on_critical = EINA_LOG_LEVEL_CRITICAL;
static Eina_Bool _threads_enabled = EINA_FALSE;
-# ifdef EFL_HAVE_POSIX_THREADS
+#ifdef EFL_HAVE_POSIX_THREADS
typedef pthread_t Thread;
static pthread_t _main_thread;
-# define SELF() pthread_self()
-# define IS_MAIN(t) pthread_equal(t, _main_thread)
-# define IS_OTHER(t) EINA_UNLIKELY(!IS_MAIN(t))
-# define CHECK_MAIN(...) \
+#define SELF() pthread_self()
+#define IS_MAIN(t) pthread_equal(t, _main_thread)
+#define IS_OTHER(t) EINA_UNLIKELY(!IS_MAIN(t))
+#define CHECK_MAIN(...) \
do { \
if (!IS_MAIN(pthread_self())) { \
fprintf(stderr, \
@@ -361,10 +361,10 @@ static pthread_t _main_thread;
} \
} while (0)
-# ifdef EFL_HAVE_POSIX_THREADS_SPINLOCK
+#ifdef EFL_HAVE_POSIX_THREADS_SPINLOCK
static pthread_spinlock_t _log_lock;
-# define LOG_LOCK() \
+#define LOG_LOCK() \
if (_threads_enabled) \
do { \
if (0) { \
@@ -373,7 +373,7 @@ static pthread_spinlock_t _log_lock;
if (EINA_UNLIKELY(_threads_enabled)) { \
pthread_spin_lock(&_log_lock); } \
} while (0)
-# define LOG_UNLOCK() \
+#define LOG_UNLOCK() \
if (_threads_enabled) \
do { \
if (EINA_UNLIKELY(_threads_enabled)) { \
@@ -383,29 +383,29 @@ static pthread_spinlock_t _log_lock;
"---LOG LOG_UNLOCKED! [%s, %lu]\n", \
__FUNCTION__, (unsigned long)pthread_self()); } \
} while (0)
-# define INIT() pthread_spin_init(&_log_lock, PTHREAD_PROCESS_PRIVATE)
-# define SHUTDOWN() pthread_spin_destroy(&_log_lock)
+#define INIT() pthread_spin_init(&_log_lock, PTHREAD_PROCESS_PRIVATE)
+#define SHUTDOWN() pthread_spin_destroy(&_log_lock)
-# else /* ! EFL_HAVE_POSIX_THREADS_SPINLOCK */
+#else /* ! EFL_HAVE_POSIX_THREADS_SPINLOCK */
static pthread_mutex_t _log_mutex = PTHREAD_MUTEX_INITIALIZER;
-# define LOG_LOCK() if(_threads_enabled) {pthread_mutex_lock(&_log_mutex); }
-# define LOG_UNLOCK() if(_threads_enabled) {pthread_mutex_unlock(&_log_mutex); }
-# define INIT() (1)
-# define SHUTDOWN() do {} while (0)
+#define LOG_LOCK() if(_threads_enabled) {pthread_mutex_lock(&_log_mutex); }
+#define LOG_UNLOCK() if(_threads_enabled) {pthread_mutex_unlock(&_log_mutex); }
+#define INIT() (1)
+#define SHUTDOWN() do {} while (0)
-# endif /* ! EFL_HAVE_POSIX_THREADS_SPINLOCK */
+#endif /* ! EFL_HAVE_POSIX_THREADS_SPINLOCK */
-# else /* EFL_HAVE_WIN32_THREADS */
+#else /* EFL_HAVE_WIN32_THREADS */
typedef DWORD Thread;
static DWORD _main_thread;
-# define SELF() GetCurrentThreadId()
-# define IS_MAIN(t) (t == _main_thread)
-# define IS_OTHER(t) EINA_UNLIKELY(!IS_MAIN(t))
-# define CHECK_MAIN(...) \
+#define SELF() GetCurrentThreadId()
+#define IS_MAIN(t) (t == _main_thread)
+#define IS_OTHER(t) EINA_UNLIKELY(!IS_MAIN(t))
+#define CHECK_MAIN(...) \
do { \
if (!IS_MAIN(GetCurrentThreadId())) { \
fprintf(stderr, \
@@ -417,24 +417,24 @@ static DWORD _main_thread;
static HANDLE _log_mutex = NULL;
-# define LOG_LOCK() if(_threads_enabled) WaitForSingleObject(_log_mutex, INFINITE)
-# define LOG_UNLOCK() if(_threads_enabled) ReleaseMutex(_log_mutex)
-# define INIT() ((_log_mutex = CreateMutex(NULL, FALSE, NULL)) ? 1 : 0)
-# define SHUTDOWN() if (_log_mutex) CloseHandle(_log_mutex)
+#define LOG_LOCK() if(_threads_enabled) WaitForSingleObject(_log_mutex, INFINITE)
+#define LOG_UNLOCK() if(_threads_enabled) ReleaseMutex(_log_mutex)
+#define INIT() ((_log_mutex = CreateMutex(NULL, FALSE, NULL)) ? 1 : 0)
+#define SHUTDOWN() if (_log_mutex) CloseHandle(_log_mutex)
-# endif /* EFL_HAVE_WIN32_THREADS */
+#endif /* EFL_HAVE_WIN32_THREADS */
-#else /* ! EFL_HAVE_THREADS */
+#else /* ! EFL_HAVE_THREADS */
-# define LOG_LOCK() do {} while (0)
-# define LOG_UNLOCK() do {} while (0)
-# define IS_MAIN(t) (1)
-# define IS_OTHER(t) (0)
-# define CHECK_MAIN(...) do {} while (0)
-# define INIT() (1)
-# define SHUTDOWN() do {} while (0)
+#define LOG_LOCK() do {} while (0)
+#define LOG_UNLOCK() do {} while (0)
+#define IS_MAIN(t) (1)
+#define IS_OTHER(t) (0)
+#define CHECK_MAIN(...) do {} while (0)
+#define INIT() (1)
+#define SHUTDOWN() do {} while (0)
-#endif /* ! EFL_HAVE_THREADS */
+#endif /* ! EFL_HAVE_THREADS */
// List of domains registered
@@ -459,600 +459,569 @@ static Eina_Log_Level _log_level = EINA_LOG_LEVEL_ERR;
* eina_log_print_level_name_color_get()
*/
static const char *_names[] = {
- "CRI",
- "ERR",
- "WRN",
- "INF",
- "DBG",
+ "CRI",
+ "ERR",
+ "WRN",
+ "INF",
+ "DBG",
};
#ifdef _WIN32
-static int
-eina_log_win32_color_get(const char *domain_str)
+static int eina_log_win32_color_get(const char *domain_str)
{
- char *str;
- char *tmp;
- char *tmp2;
- int code = -1;
- int lighted = 0;
- int ret = 0;
-
- str = strdup(domain_str);
- if (!str)
- return 0;
-
- /* this should not append */
- if (str[0] != '\033')
- {
- free(str);
- return 0;
- }
-
- /* we skip the first char and the [ */
- tmp = tmp2 = str + 2;
- while (*tmp != 'm')
- {
- if (*tmp == ';')
- {
- *tmp = '\0';
- code = atol(tmp2);
- tmp++;
- tmp2 = tmp;
- }
-
- tmp++;
- }
- *tmp = '\0';
- if (code < 0)
- code = atol(tmp2);
- else
- lighted = atol(tmp2);
-
- free(str);
-
- if (code < lighted)
- {
- int c;
-
- c = code;
- code = lighted;
- lighted = c;
- }
-
- if (lighted)
- ret = FOREGROUND_INTENSITY;
-
- if (code == 31)
- ret |= FOREGROUND_RED;
- else if (code == 32)
- ret |= FOREGROUND_GREEN;
- else if (code == 33)
- ret |= FOREGROUND_RED | FOREGROUND_GREEN;
- else if (code == 34)
- ret |= FOREGROUND_BLUE;
- else if (code == 36)
- ret |= FOREGROUND_GREEN | FOREGROUND_BLUE;
- else if (code == 37)
- ret |= FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE;
-
- return ret;
+ char *str;
+ char *tmp;
+ char *tmp2;
+ int code = -1;
+ int lighted = 0;
+ int ret = 0;
+
+ str = strdup(domain_str);
+ if (!str)
+ return 0;
+
+ /* this should not append */
+ if (str[0] != '\033') {
+ free(str);
+ return 0;
+ }
+
+ /* we skip the first char and the [ */
+ tmp = tmp2 = str + 2;
+ while (*tmp != 'm') {
+ if (*tmp == ';') {
+ *tmp = '\0';
+ code = atol(tmp2);
+ tmp++;
+ tmp2 = tmp;
+ }
+
+ tmp++;
+ }
+ *tmp = '\0';
+ if (code < 0)
+ code = atol(tmp2);
+ else
+ lighted = atol(tmp2);
+
+ free(str);
+
+ if (code < lighted) {
+ int c;
+
+ c = code;
+ code = lighted;
+ lighted = c;
+ }
+
+ if (lighted)
+ ret = FOREGROUND_INTENSITY;
+
+ if (code == 31)
+ ret |= FOREGROUND_RED;
+ else if (code == 32)
+ ret |= FOREGROUND_GREEN;
+ else if (code == 33)
+ ret |= FOREGROUND_RED | FOREGROUND_GREEN;
+ else if (code == 34)
+ ret |= FOREGROUND_BLUE;
+ else if (code == 36)
+ ret |= FOREGROUND_GREEN | FOREGROUND_BLUE;
+ else if (code == 37)
+ ret |= FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE;
+
+ return ret;
}
#endif
static inline void
eina_log_print_level_name_get(int level, const char **p_name)
{
- static char buf[4];
- /* NOTE: if you change this, also change
- * eina_log_print_level_name_color_get()
- * eina_log_level_name_get() (at eina_inline_log.x)
- */
- if (EINA_UNLIKELY(level < 0))
- {
- snprintf(buf, sizeof(buf), "%03d", level);
- *p_name = buf;
- }
- else if (EINA_UNLIKELY(level >= EINA_LOG_LEVELS))
- {
- snprintf(buf, sizeof(buf), "%03d", level);
- *p_name = buf;
- }
- else
- *p_name = _names[level];
+ static char buf[4];
+ /* NOTE: if you change this, also change
+ * eina_log_print_level_name_color_get()
+ * eina_log_level_name_get() (at eina_inline_log.x)
+ */
+ if (EINA_UNLIKELY(level < 0)) {
+ snprintf(buf, sizeof(buf), "%03d", level);
+ *p_name = buf;
+ } else if (EINA_UNLIKELY(level >= EINA_LOG_LEVELS)) {
+ snprintf(buf, sizeof(buf), "%03d", level);
+ *p_name = buf;
+ } else
+ *p_name = _names[level];
}
#ifdef _WIN32
static inline void
eina_log_print_level_name_color_get(int level,
- const char **p_name,
- int *p_color)
+ const char **p_name, int *p_color)
{
- static char buf[4];
- /* NOTE: if you change this, also change:
- * eina_log_print_level_name_get()
- */
- if (EINA_UNLIKELY(level < 0))
- {
- snprintf(buf, sizeof(buf), "%03d", level);
- *p_name = buf;
- }
- else if (EINA_UNLIKELY(level >= EINA_LOG_LEVELS))
- {
- snprintf(buf, sizeof(buf), "%03d", level);
- *p_name = buf;
- }
- else
- *p_name = _names[level];
-
- *p_color = eina_log_win32_color_get(eina_log_level_color_get(level));
+ static char buf[4];
+ /* NOTE: if you change this, also change:
+ * eina_log_print_level_name_get()
+ */
+ if (EINA_UNLIKELY(level < 0)) {
+ snprintf(buf, sizeof(buf), "%03d", level);
+ *p_name = buf;
+ } else if (EINA_UNLIKELY(level >= EINA_LOG_LEVELS)) {
+ snprintf(buf, sizeof(buf), "%03d", level);
+ *p_name = buf;
+ } else
+ *p_name = _names[level];
+
+ *p_color =
+ eina_log_win32_color_get(eina_log_level_color_get(level));
}
#else
static inline void
eina_log_print_level_name_color_get(int level,
- const char **p_name,
- const char **p_color)
+ const char **p_name,
+ const char **p_color)
{
- static char buf[4];
- /* NOTE: if you change this, also change:
- * eina_log_print_level_name_get()
- */
- if (EINA_UNLIKELY(level < 0))
- {
- snprintf(buf, sizeof(buf), "%03d", level);
- *p_name = buf;
- }
- else if (EINA_UNLIKELY(level >= EINA_LOG_LEVELS))
- {
- snprintf(buf, sizeof(buf), "%03d", level);
- *p_name = buf;
- }
- else
- *p_name = _names[level];
-
- *p_color = eina_log_level_color_get(level);
+ static char buf[4];
+ /* NOTE: if you change this, also change:
+ * eina_log_print_level_name_get()
+ */
+ if (EINA_UNLIKELY(level < 0)) {
+ snprintf(buf, sizeof(buf), "%03d", level);
+ *p_name = buf;
+ } else if (EINA_UNLIKELY(level >= EINA_LOG_LEVELS)) {
+ snprintf(buf, sizeof(buf), "%03d", level);
+ *p_name = buf;
+ } else
+ *p_name = _names[level];
+
+ *p_color = eina_log_level_color_get(level);
}
#endif
#define DECLARE_LEVEL_NAME(level) const char *name; \
eina_log_print_level_name_get(level, &name)
#ifdef _WIN32
-# define DECLARE_LEVEL_NAME_COLOR(level) const char *name; int color; \
+#define DECLARE_LEVEL_NAME_COLOR(level) const char *name; int color; \
eina_log_print_level_name_color_get(level, &name, &color)
#else
-# define DECLARE_LEVEL_NAME_COLOR(level) const char *name, *color; \
+#define DECLARE_LEVEL_NAME_COLOR(level) const char *name, *color; \
eina_log_print_level_name_color_get(level, &name, &color)
#endif
/** No threads, No color */
static void
-eina_log_print_prefix_NOthreads_NOcolor_file_func(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line)
+eina_log_print_prefix_NOthreads_NOcolor_file_func(FILE * fp,
+ const Eina_Log_Domain *
+ d, Eina_Log_Level level,
+ const char *file,
+ const char *fnc,
+ int line)
{
- DECLARE_LEVEL_NAME(level);
- fprintf(fp, "%s:%s %s:%d %s() ", name, d->domain_str, file, line, fnc);
+ DECLARE_LEVEL_NAME(level);
+ fprintf(fp, "%s:%s %s:%d %s() ", name, d->domain_str, file, line,
+ fnc);
}
static void
-eina_log_print_prefix_NOthreads_NOcolor_NOfile_func(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file __UNUSED__,
- const char *fnc,
- int line __UNUSED__)
+eina_log_print_prefix_NOthreads_NOcolor_NOfile_func(FILE * fp,
+ const Eina_Log_Domain *
+ d,
+ Eina_Log_Level level,
+ const char *file
+ __UNUSED__,
+ const char *fnc,
+ int line __UNUSED__)
{
- DECLARE_LEVEL_NAME(level);
- fprintf(fp, "%s:%s %s() ", name, d->domain_str, fnc);
+ DECLARE_LEVEL_NAME(level);
+ fprintf(fp, "%s:%s %s() ", name, d->domain_str, fnc);
}
static void
-eina_log_print_prefix_NOthreads_NOcolor_file_NOfunc(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc __UNUSED__,
- int line)
+eina_log_print_prefix_NOthreads_NOcolor_file_NOfunc(FILE * fp,
+ const Eina_Log_Domain *
+ d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc
+ __UNUSED__, int line)
{
- DECLARE_LEVEL_NAME(level);
- fprintf(fp, "%s:%s %s:%d ", name, d->domain_str, file, line);
+ DECLARE_LEVEL_NAME(level);
+ fprintf(fp, "%s:%s %s:%d ", name, d->domain_str, file, line);
}
/* No threads, color */
static void
-eina_log_print_prefix_NOthreads_color_file_func(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line)
+eina_log_print_prefix_NOthreads_color_file_func(FILE * fp,
+ const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc, int line)
{
- DECLARE_LEVEL_NAME_COLOR(level);
+ DECLARE_LEVEL_NAME_COLOR(level);
#ifdef _WIN32
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- color);
- fprintf(fp, "%s", name);
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, ":");
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- eina_log_win32_color_get(d->domain_str));
- fprintf(fp, "%s", d->name);
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, " %s:%d ", file, line);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_INTENSITY | FOREGROUND_RED |
- FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, "%s()", fnc);
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, " ");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), color);
+ fprintf(fp, "%s", name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, ":");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ eina_log_win32_color_get(d->domain_str));
+ fprintf(fp, "%s", d->name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, " %s:%d ", file, line);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_INTENSITY | FOREGROUND_RED |
+ FOREGROUND_GREEN | FOREGROUND_BLUE);
+ fprintf(fp, "%s()", fnc);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, " ");
#else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s %s:%d "
- EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
- color, name, d->domain_str, file, line, fnc);
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s %s:%d "
+ EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
+ color, name, d->domain_str, file, line, fnc);
#endif
}
static void
-eina_log_print_prefix_NOthreads_color_NOfile_func(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file __UNUSED__,
- const char *fnc,
- int line __UNUSED__)
+eina_log_print_prefix_NOthreads_color_NOfile_func(FILE * fp,
+ const Eina_Log_Domain *
+ d, Eina_Log_Level level,
+ const char *file
+ __UNUSED__,
+ const char *fnc,
+ int line __UNUSED__)
{
- DECLARE_LEVEL_NAME_COLOR(level);
+ DECLARE_LEVEL_NAME_COLOR(level);
#ifdef _WIN32
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- color);
- fprintf(fp, "%s", name);
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, ":");
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- eina_log_win32_color_get(d->domain_str));
- fprintf(fp, "%s", d->name);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_INTENSITY | FOREGROUND_RED |
- FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, "%s()", fnc);
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, " ");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), color);
+ fprintf(fp, "%s", name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, ":");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ eina_log_win32_color_get(d->domain_str));
+ fprintf(fp, "%s", d->name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_INTENSITY | FOREGROUND_RED |
+ FOREGROUND_GREEN | FOREGROUND_BLUE);
+ fprintf(fp, "%s()", fnc);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, " ");
#else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s "
- EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
- color, name, d->domain_str, fnc);
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s "
+ EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
+ color, name, d->domain_str, fnc);
#endif
}
static void
-eina_log_print_prefix_NOthreads_color_file_NOfunc(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc __UNUSED__,
- int line)
+eina_log_print_prefix_NOthreads_color_file_NOfunc(FILE * fp,
+ const Eina_Log_Domain *
+ d, Eina_Log_Level level,
+ const char *file,
+ const char *fnc
+ __UNUSED__, int line)
{
- DECLARE_LEVEL_NAME_COLOR(level);
+ DECLARE_LEVEL_NAME_COLOR(level);
#ifdef _WIN32
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- color);
- fprintf(fp, "%s", name);
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, ":");
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- eina_log_win32_color_get(d->domain_str));
- fprintf(fp, "%s", d->name);
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, " %s:%d ", file, line);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), color);
+ fprintf(fp, "%s", name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, ":");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ eina_log_win32_color_get(d->domain_str));
+ fprintf(fp, "%s", d->name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, " %s:%d ", file, line);
#else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s %s:%d ",
- color, name, d->domain_str, file, line);
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s %s:%d ",
+ color, name, d->domain_str, file, line);
#endif
}
/** threads, No color */
#ifdef EFL_HAVE_THREADS
static void
-eina_log_print_prefix_threads_NOcolor_file_func(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line)
+eina_log_print_prefix_threads_NOcolor_file_func(FILE * fp,
+ const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc, int line)
{
- Thread cur;
-
- DECLARE_LEVEL_NAME(level);
- cur = SELF();
- if (IS_OTHER(cur))
- {
- fprintf(fp, "%s:%s[T:%lu] %s:%d %s() ",
- name, d->domain_str, (unsigned long)cur, file, line, fnc);
- return;
- }
-
- fprintf(fp, "%s:%s %s:%d %s() ", name, d->domain_str, file, line, fnc);
+ Thread cur;
+
+ DECLARE_LEVEL_NAME(level);
+ cur = SELF();
+ if (IS_OTHER(cur)) {
+ fprintf(fp, "%s:%s[T:%lu] %s:%d %s() ",
+ name, d->domain_str, (unsigned long) cur, file,
+ line, fnc);
+ return;
+ }
+
+ fprintf(fp, "%s:%s %s:%d %s() ", name, d->domain_str, file, line,
+ fnc);
}
static void
-eina_log_print_prefix_threads_NOcolor_NOfile_func(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file __UNUSED__,
- const char *fnc,
- int line __UNUSED__)
+eina_log_print_prefix_threads_NOcolor_NOfile_func(FILE * fp,
+ const Eina_Log_Domain *
+ d, Eina_Log_Level level,
+ const char *file
+ __UNUSED__,
+ const char *fnc,
+ int line __UNUSED__)
{
- Thread cur;
-
- DECLARE_LEVEL_NAME(level);
- cur = SELF();
- if (IS_OTHER(cur))
- {
- fprintf(fp, "%s:%s[T:%lu] %s() ",
- name, d->domain_str, (unsigned long)cur, fnc);
- return;
- }
-
- fprintf(fp, "%s:%s %s() ", name, d->domain_str, fnc);
+ Thread cur;
+
+ DECLARE_LEVEL_NAME(level);
+ cur = SELF();
+ if (IS_OTHER(cur)) {
+ fprintf(fp, "%s:%s[T:%lu] %s() ",
+ name, d->domain_str, (unsigned long) cur, fnc);
+ return;
+ }
+
+ fprintf(fp, "%s:%s %s() ", name, d->domain_str, fnc);
}
static void
-eina_log_print_prefix_threads_NOcolor_file_NOfunc(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc __UNUSED__,
- int line)
+eina_log_print_prefix_threads_NOcolor_file_NOfunc(FILE * fp,
+ const Eina_Log_Domain *
+ d, Eina_Log_Level level,
+ const char *file,
+ const char *fnc
+ __UNUSED__, int line)
{
- Thread cur;
-
- DECLARE_LEVEL_NAME(level);
- cur = SELF();
- if (IS_OTHER(cur))
- {
- fprintf(fp, "%s:%s[T:%lu] %s:%d ",
- name, d->domain_str, (unsigned long)cur, file, line);
- return;
- }
-
- fprintf(fp, "%s:%s %s:%d ", name, d->domain_str, file, line);
+ Thread cur;
+
+ DECLARE_LEVEL_NAME(level);
+ cur = SELF();
+ if (IS_OTHER(cur)) {
+ fprintf(fp, "%s:%s[T:%lu] %s:%d ",
+ name, d->domain_str, (unsigned long) cur, file,
+ line);
+ return;
+ }
+
+ fprintf(fp, "%s:%s %s:%d ", name, d->domain_str, file, line);
}
/* threads, color */
static void
-eina_log_print_prefix_threads_color_file_func(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line)
+eina_log_print_prefix_threads_color_file_func(FILE * fp,
+ const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc, int line)
{
- Thread cur;
-
- DECLARE_LEVEL_NAME_COLOR(level);
- cur = SELF();
- if (IS_OTHER(cur))
- {
-# ifdef _WIN32
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- color);
- fprintf(fp, "%s", name);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, ":");
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- eina_log_win32_color_get(d->domain_str));
- fprintf(fp, "%s[T:", d->name);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, "[T:");
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, "%lu", (unsigned long)cur);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, "] %s:%d ", file, line);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_INTENSITY | FOREGROUND_RED |
- FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, "%s()", fnc);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, " ");
-# else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s[T:"
- EINA_COLOR_ORANGE "%lu" EINA_COLOR_RESET "] %s:%d "
- EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
- color, name, d->domain_str, (unsigned long)cur, file,
- line, fnc);
-# endif
- return;
- }
-
-# ifdef _WIN32
- eina_log_print_prefix_NOthreads_color_file_func(fp,
- d,
- level,
- file,
- fnc,
- line);
-# else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s %s:%d "
- EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
- color, name, d->domain_str, file, line, fnc);
-# endif
+ Thread cur;
+
+ DECLARE_LEVEL_NAME_COLOR(level);
+ cur = SELF();
+ if (IS_OTHER(cur)) {
+#ifdef _WIN32
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ color);
+ fprintf(fp, "%s", name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, ":");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ eina_log_win32_color_get(d->
+ domain_str));
+ fprintf(fp, "%s[T:", d->name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "[T:");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "%lu", (unsigned long) cur);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "] %s:%d ", file, line);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_INTENSITY |
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "%s()", fnc);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, " ");
+#else
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s[T:"
+ EINA_COLOR_ORANGE "%lu" EINA_COLOR_RESET "] %s:%d "
+ EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
+ color, name, d->domain_str, (unsigned long) cur,
+ file, line, fnc);
+#endif
+ return;
+ }
+#ifdef _WIN32
+ eina_log_print_prefix_NOthreads_color_file_func(fp,
+ d,
+ level,
+ file, fnc, line);
+#else
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s %s:%d "
+ EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
+ color, name, d->domain_str, file, line, fnc);
+#endif
}
static void
-eina_log_print_prefix_threads_color_NOfile_func(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file __UNUSED__,
- const char *fnc,
- int line __UNUSED__)
+eina_log_print_prefix_threads_color_NOfile_func(FILE * fp,
+ const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file
+ __UNUSED__,
+ const char *fnc,
+ int line __UNUSED__)
{
- Thread cur;
-
- DECLARE_LEVEL_NAME_COLOR(level);
- cur = SELF();
- if (IS_OTHER(cur))
- {
-# ifdef _WIN32
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- color);
- fprintf(fp, "%s", name);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, ":");
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- eina_log_win32_color_get(d->domain_str));
- fprintf(fp, "%s[T:", d->name);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, "[T:");
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, "%lu", (unsigned long)cur);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_INTENSITY | FOREGROUND_RED |
- FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, "%s()", fnc);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, " ");
-# else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s[T:"
- EINA_COLOR_ORANGE "%lu" EINA_COLOR_RESET "] "
- EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
- color, name, d->domain_str, (unsigned long)cur, fnc);
-# endif
- return;
- }
-
-# ifdef _WIN32
- eina_log_print_prefix_NOthreads_color_NOfile_func(fp,
- d,
- level,
- file,
- fnc,
- line);
-# else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s "
- EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
- color, name, d->domain_str, fnc);
-# endif
+ Thread cur;
+
+ DECLARE_LEVEL_NAME_COLOR(level);
+ cur = SELF();
+ if (IS_OTHER(cur)) {
+#ifdef _WIN32
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ color);
+ fprintf(fp, "%s", name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, ":");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ eina_log_win32_color_get(d->
+ domain_str));
+ fprintf(fp, "%s[T:", d->name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "[T:");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "%lu", (unsigned long) cur);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_INTENSITY |
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "%s()", fnc);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, " ");
+#else
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s[T:"
+ EINA_COLOR_ORANGE "%lu" EINA_COLOR_RESET "] "
+ EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
+ color, name, d->domain_str, (unsigned long) cur,
+ fnc);
+#endif
+ return;
+ }
+#ifdef _WIN32
+ eina_log_print_prefix_NOthreads_color_NOfile_func(fp,
+ d,
+ level,
+ file, fnc, line);
+#else
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s "
+ EINA_COLOR_HIGH "%s()" EINA_COLOR_RESET " ",
+ color, name, d->domain_str, fnc);
+#endif
}
static void
-eina_log_print_prefix_threads_color_file_NOfunc(FILE *fp,
- const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc __UNUSED__,
- int line)
+eina_log_print_prefix_threads_color_file_NOfunc(FILE * fp,
+ const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc __UNUSED__,
+ int line)
{
- Thread cur;
-
- DECLARE_LEVEL_NAME_COLOR(level);
- cur = SELF();
- if (IS_OTHER(cur))
- {
-# ifdef _WIN32
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- color);
- fprintf(fp, "%s", name);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, ":");
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- eina_log_win32_color_get(d->domain_str));
- fprintf(fp, "%s[T:", d->name);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, "[T:");
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
- FOREGROUND_GREEN | FOREGROUND_BLUE);
- fprintf(fp, "%lu", (unsigned long)cur);
- SetConsoleTextAttribute(GetStdHandle(
- STD_OUTPUT_HANDLE),
- FOREGROUND_RED | FOREGROUND_GREEN |
- FOREGROUND_BLUE);
- fprintf(fp, "] %s:%d ", file, line);
-# else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s[T:"
- EINA_COLOR_ORANGE "%lu" EINA_COLOR_RESET "] %s:%d ",
- color, name, d->domain_str, (unsigned long)cur, file, line);
-# endif
- return;
- }
-
-# ifdef _WIN32
- eina_log_print_prefix_NOthreads_color_file_NOfunc(fp,
- d,
- level,
- file,
- fnc,
- line);
-# else
- fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s %s:%d ",
- color, name, d->domain_str, file, line);
-# endif
+ Thread cur;
+
+ DECLARE_LEVEL_NAME_COLOR(level);
+ cur = SELF();
+ if (IS_OTHER(cur)) {
+#ifdef _WIN32
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ color);
+ fprintf(fp, "%s", name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, ":");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ eina_log_win32_color_get(d->
+ domain_str));
+ fprintf(fp, "%s[T:", d->name);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "[T:");
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "%lu", (unsigned long) cur);
+ SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
+ FOREGROUND_RED | FOREGROUND_GREEN |
+ FOREGROUND_BLUE);
+ fprintf(fp, "] %s:%d ", file, line);
+#else
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s[T:"
+ EINA_COLOR_ORANGE "%lu" EINA_COLOR_RESET
+ "] %s:%d ", color, name, d->domain_str,
+ (unsigned long) cur, file, line);
+#endif
+ return;
+ }
+#ifdef _WIN32
+ eina_log_print_prefix_NOthreads_color_file_NOfunc(fp,
+ d,
+ level,
+ file, fnc, line);
+#else
+ fprintf(fp, "%s%s" EINA_COLOR_RESET ":%s %s:%d ",
+ color, name, d->domain_str, file, line);
+#endif
}
-#endif /* EFL_HAVE_THREADS */
+#endif /* EFL_HAVE_THREADS */
-static void (*_eina_log_print_prefix)(FILE *fp, const Eina_Log_Domain *d,
- Eina_Log_Level level, const char *file,
- const char *fnc,
- int line) =
- eina_log_print_prefix_NOthreads_color_file_func;
+static void (*_eina_log_print_prefix) (FILE * fp,
+ const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file, const char *fnc,
+ int line) =
+ eina_log_print_prefix_NOthreads_color_file_func;
-static inline void
-eina_log_print_prefix_update(void)
+static inline void eina_log_print_prefix_update(void)
{
- if (_disable_file && _disable_function)
- {
- fprintf(stderr, "ERROR: cannot have " EINA_LOG_ENV_FILE_DISABLE " and "
- EINA_LOG_ENV_FUNCTION_DISABLE " set at the same time, will "
- "just disable function.\n");
- _disable_file = 0;
- }
-
+ if (_disable_file && _disable_function) {
+ fprintf(stderr,
+ "ERROR: cannot have " EINA_LOG_ENV_FILE_DISABLE
+ " and " EINA_LOG_ENV_FUNCTION_DISABLE
+ " set at the same time, will "
+ "just disable function.\n");
+ _disable_file = 0;
+ }
#define S(NOthread, NOcolor, NOfile, NOfunc) \
_eina_log_print_prefix = \
eina_log_print_prefix_ ## NOthread ## threads_ ## NOcolor ## color_ ## \
@@ -1060,50 +1029,42 @@ eina_log_print_prefix_update(void)
## file_ ## NOfunc ## func
#ifdef EFL_HAVE_THREADS
- if (_threads_enabled)
- {
- if (_disable_color)
- {
- if (_disable_file)
- S(,NO,NO,);
- else if (_disable_function)
- S(,NO,,NO);
- else
- S(,NO,,);
- }
- else
- {
- if (_disable_file)
- S(,,NO,);
- else if (_disable_function)
- S(,,,NO);
- else
- S(,,,);
- }
-
- return;
- }
-
+ if (_threads_enabled) {
+ if (_disable_color) {
+ if (_disable_file)
+ S(, NO, NO,);
+ else if (_disable_function)
+ S(, NO,, NO);
+ else
+ S(, NO,,);
+ } else {
+ if (_disable_file)
+ S(,, NO,);
+ else if (_disable_function)
+ S(,,, NO);
+ else
+ S(,,,);
+ }
+
+ return;
+ }
#endif
- if (_disable_color)
- {
- if (_disable_file)
- S(NO,NO,NO,);
- else if (_disable_function)
- S(NO,NO,,NO);
- else
- S(NO,NO,,);
- }
- else
- {
- if (_disable_file)
- S(NO,,NO,);
- else if (_disable_function)
- S(NO,,,NO);
- else
- S(NO,,,);
- }
+ if (_disable_color) {
+ if (_disable_file)
+ S(NO, NO, NO,);
+ else if (_disable_function)
+ S(NO, NO,, NO);
+ else
+ S(NO, NO,,);
+ } else {
+ if (_disable_file)
+ S(NO,, NO,);
+ else if (_disable_function)
+ S(NO,,, NO);
+ else
+ S(NO,,,);
+ }
#undef S
}
@@ -1111,398 +1072,374 @@ eina_log_print_prefix_update(void)
/*
* Creates a colored domain name string.
*/
-static const char *
-eina_log_domain_str_get(const char *name, const char *color)
+static const char *eina_log_domain_str_get(const char *name,
+ const char *color)
{
- const char *d;
-
- if (color)
- {
- size_t name_len;
- size_t color_len;
-
- name_len = strlen(name);
- color_len = strlen(color);
- d =
- malloc(sizeof(char) *
- (color_len + name_len + strlen(EINA_COLOR_RESET) + 1));
- if (!d)
- return NULL;
-
- memcpy((char *)d, color, color_len);
- memcpy((char *)(d + color_len), name, name_len);
- memcpy((char *)(d + color_len + name_len), EINA_COLOR_RESET,
- strlen(EINA_COLOR_RESET));
- ((char *)d)[color_len + name_len + strlen(EINA_COLOR_RESET)] = '\0';
- }
- else
- d = strdup(name);
-
- return d;
+ const char *d;
+
+ if (color) {
+ size_t name_len;
+ size_t color_len;
+
+ name_len = strlen(name);
+ color_len = strlen(color);
+ d = malloc(sizeof(char) *
+ (color_len + name_len +
+ strlen(EINA_COLOR_RESET) + 1));
+ if (!d)
+ return NULL;
+
+ memcpy((char *) d, color, color_len);
+ memcpy((char *) (d + color_len), name, name_len);
+ memcpy((char *) (d + color_len + name_len),
+ EINA_COLOR_RESET, strlen(EINA_COLOR_RESET));
+ ((char *) d)[color_len + name_len +
+ strlen(EINA_COLOR_RESET)] = '\0';
+ } else
+ d = strdup(name);
+
+ return d;
}
/*
* Setups a new logging domain to the name and color specified. Note that this
* constructor acts upon an pre-allocated object.
*/
-static Eina_Log_Domain *
-eina_log_domain_new(Eina_Log_Domain *d, const char *name, const char *color)
+static Eina_Log_Domain *eina_log_domain_new(Eina_Log_Domain * d,
+ const char *name,
+ const char *color)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(d, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(name, NULL);
-
- d->level = EINA_LOG_LEVEL_UNKNOWN;
- d->deleted = EINA_FALSE;
-
- if (name)
- {
- if ((color) && (!_disable_color))
- d->domain_str = eina_log_domain_str_get(name, color);
- else
- d->domain_str = eina_log_domain_str_get(name, NULL);
-
- d->name = strdup(name);
- d->namelen = strlen(name);
- }
- else
- {
- d->domain_str = NULL;
- d->name = NULL;
- d->namelen = 0;
- }
-
- return d;
+ EINA_SAFETY_ON_NULL_RETURN_VAL(d, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(name, NULL);
+
+ d->level = EINA_LOG_LEVEL_UNKNOWN;
+ d->deleted = EINA_FALSE;
+
+ if (name) {
+ if ((color) && (!_disable_color))
+ d->domain_str =
+ eina_log_domain_str_get(name, color);
+ else
+ d->domain_str =
+ eina_log_domain_str_get(name, NULL);
+
+ d->name = strdup(name);
+ d->namelen = strlen(name);
+ } else {
+ d->domain_str = NULL;
+ d->name = NULL;
+ d->namelen = 0;
+ }
+
+ return d;
}
/*
* Frees internal strings of a log domain, keeping the log domain itself as a
* slot for next domain registers.
*/
-static void
-eina_log_domain_free(Eina_Log_Domain *d)
+static void eina_log_domain_free(Eina_Log_Domain * d)
{
- EINA_SAFETY_ON_NULL_RETURN(d);
+ EINA_SAFETY_ON_NULL_RETURN(d);
- if (d->domain_str)
- free((char *)d->domain_str);
+ if (d->domain_str)
+ free((char *) d->domain_str);
- if (d->name)
- free((char *)d->name);
+ if (d->name)
+ free((char *) d->name);
}
/*
* Parses domain levels passed through the env var.
*/
-static void
-eina_log_domain_parse_pendings(void)
+static void eina_log_domain_parse_pendings(void)
{
- const char *start;
-
- if (!(start = getenv(EINA_LOG_ENV_LEVELS)))
- return;
-
- // name1:level1,name2:level2,name3:level3,...
- while (1)
- {
- Eina_Log_Domain_Level_Pending *p;
- char *end = NULL;
- char *tmp = NULL;
- long int level;
-
- end = strchr(start, ':');
- if (!end)
- break;
-
- // Parse level, keep going if failed
- level = strtol((char *)(end + 1), &tmp, 10);
- if (tmp == (end + 1))
- goto parse_end;
-
- // Parse name
- p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + end - start + 1);
- if (!p)
- break;
-
- p->namelen = end - start;
- memcpy((char *)p->name, start, end - start);
- ((char *)p->name)[end - start] = '\0';
- p->level = level;
-
- _pending_list = eina_inlist_append(_pending_list, EINA_INLIST_GET(p));
-
-parse_end:
- start = strchr(tmp, ',');
- if (start)
- start++;
- else
- break;
- }
+ const char *start;
+
+ if (!(start = getenv(EINA_LOG_ENV_LEVELS)))
+ return;
+
+ // name1:level1,name2:level2,name3:level3,...
+ while (1) {
+ Eina_Log_Domain_Level_Pending *p;
+ char *end = NULL;
+ char *tmp = NULL;
+ long int level;
+
+ end = strchr(start, ':');
+ if (!end)
+ break;
+
+ // Parse level, keep going if failed
+ level = strtol((char *) (end + 1), &tmp, 10);
+ if (tmp == (end + 1))
+ goto parse_end;
+
+ // Parse name
+ p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + end -
+ start + 1);
+ if (!p)
+ break;
+
+ p->namelen = end - start;
+ memcpy((char *) p->name, start, end - start);
+ ((char *) p->name)[end - start] = '\0';
+ p->level = level;
+
+ _pending_list =
+ eina_inlist_append(_pending_list, EINA_INLIST_GET(p));
+
+ parse_end:
+ start = strchr(tmp, ',');
+ if (start)
+ start++;
+ else
+ break;
+ }
}
-static void
-eina_log_domain_parse_pending_globs(void)
+static void eina_log_domain_parse_pending_globs(void)
{
- const char *start;
-
- if (!(start = getenv(EINA_LOG_ENV_LEVELS_GLOB)))
- return;
-
- // name1:level1,name2:level2,name3:level3,...
- while (1)
- {
- Eina_Log_Domain_Level_Pending *p;
- char *end = NULL;
- char *tmp = NULL;
- long int level;
-
- end = strchr(start, ':');
- if (!end)
- break;
-
- // Parse level, keep going if failed
- level = strtol((char *)(end + 1), &tmp, 10);
- if (tmp == (end + 1))
- goto parse_end;
-
- // Parse name
- p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + end - start + 1);
- if (!p)
- break;
-
- p->namelen = 0; /* not that useful */
- memcpy((char *)p->name, start, end - start);
- ((char *)p->name)[end - start] = '\0';
- p->level = level;
-
- _glob_list = eina_inlist_append(_glob_list, EINA_INLIST_GET(p));
-
-parse_end:
- start = strchr(tmp, ',');
- if (start)
- start++;
- else
- break;
- }
+ const char *start;
+
+ if (!(start = getenv(EINA_LOG_ENV_LEVELS_GLOB)))
+ return;
+
+ // name1:level1,name2:level2,name3:level3,...
+ while (1) {
+ Eina_Log_Domain_Level_Pending *p;
+ char *end = NULL;
+ char *tmp = NULL;
+ long int level;
+
+ end = strchr(start, ':');
+ if (!end)
+ break;
+
+ // Parse level, keep going if failed
+ level = strtol((char *) (end + 1), &tmp, 10);
+ if (tmp == (end + 1))
+ goto parse_end;
+
+ // Parse name
+ p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + end -
+ start + 1);
+ if (!p)
+ break;
+
+ p->namelen = 0; /* not that useful */
+ memcpy((char *) p->name, start, end - start);
+ ((char *) p->name)[end - start] = '\0';
+ p->level = level;
+
+ _glob_list =
+ eina_inlist_append(_glob_list, EINA_INLIST_GET(p));
+
+ parse_end:
+ start = strchr(tmp, ',');
+ if (start)
+ start++;
+ else
+ break;
+ }
}
static inline int
eina_log_domain_register_unlocked(const char *name, const char *color)
{
- Eina_Log_Domain_Level_Pending *pending = NULL;
- size_t namelen;
- unsigned int i;
-
- for (i = 0; i < _log_domains_count; i++)
- {
- if (_log_domains[i].deleted)
- {
- // Found a flagged slot, free domain_str and replace slot
- eina_log_domain_new(&_log_domains[i], name, color);
- goto finish_register;
- }
- }
-
- if (_log_domains_count >= _log_domains_allocated)
- {
- Eina_Log_Domain *tmp;
- size_t size;
-
- if (!_log_domains)
- // special case for init, eina itself will allocate a dozen of domains
- size = 24;
- else
- // grow 8 buckets to minimize reallocs
- size = _log_domains_allocated + 8;
-
- tmp = realloc(_log_domains, sizeof(Eina_Log_Domain) * size);
-
- if (tmp)
- {
- // Success!
- _log_domains = tmp;
- _log_domains_allocated = size;
- }
- else
- return -1;
- }
-
- // Use an allocated slot
- eina_log_domain_new(&_log_domains[i], name, color);
- _log_domains_count++;
-
-finish_register:
- namelen = _log_domains[i].namelen;
-
- EINA_INLIST_FOREACH(_pending_list, pending)
- {
- if ((namelen == pending->namelen) && (strcmp(pending->name, name) == 0))
- {
- _log_domains[i].level = pending->level;
- _pending_list =
- eina_inlist_remove(_pending_list, EINA_INLIST_GET(pending));
- free(pending);
- break;
- }
- }
-
- if (_log_domains[i].level == EINA_LOG_LEVEL_UNKNOWN)
- {
- EINA_INLIST_FOREACH(_glob_list, pending)
- {
- if (!fnmatch(pending->name, name, 0))
- {
- _log_domains[i].level = pending->level;
- break;
- }
- }
- }
-
- // Check if level is still UNKNOWN, set it to global
- if (_log_domains[i].level == EINA_LOG_LEVEL_UNKNOWN)
- _log_domains[i].level = _log_level;
-
- return i;
+ Eina_Log_Domain_Level_Pending *pending = NULL;
+ size_t namelen;
+ unsigned int i;
+
+ for (i = 0; i < _log_domains_count; i++) {
+ if (_log_domains[i].deleted) {
+ // Found a flagged slot, free domain_str and replace slot
+ eina_log_domain_new(&_log_domains[i], name, color);
+ goto finish_register;
+ }
+ }
+
+ if (_log_domains_count >= _log_domains_allocated) {
+ Eina_Log_Domain *tmp;
+ size_t size;
+
+ if (!_log_domains)
+ // special case for init, eina itself will allocate a dozen of domains
+ size = 24;
+ else
+ // grow 8 buckets to minimize reallocs
+ size = _log_domains_allocated + 8;
+
+ tmp =
+ realloc(_log_domains, sizeof(Eina_Log_Domain) * size);
+
+ if (tmp) {
+ // Success!
+ _log_domains = tmp;
+ _log_domains_allocated = size;
+ } else
+ return -1;
+ }
+ // Use an allocated slot
+ eina_log_domain_new(&_log_domains[i], name, color);
+ _log_domains_count++;
+
+ finish_register:
+ namelen = _log_domains[i].namelen;
+
+ EINA_INLIST_FOREACH(_pending_list, pending) {
+ if ((namelen == pending->namelen)
+ && (strcmp(pending->name, name) == 0)) {
+ _log_domains[i].level = pending->level;
+ _pending_list =
+ eina_inlist_remove(_pending_list,
+ EINA_INLIST_GET(pending));
+ free(pending);
+ break;
+ }
+ }
+
+ if (_log_domains[i].level == EINA_LOG_LEVEL_UNKNOWN) {
+ EINA_INLIST_FOREACH(_glob_list, pending) {
+ if (!fnmatch(pending->name, name, 0)) {
+ _log_domains[i].level = pending->level;
+ break;
+ }
+ }
+ }
+ // Check if level is still UNKNOWN, set it to global
+ if (_log_domains[i].level == EINA_LOG_LEVEL_UNKNOWN)
+ _log_domains[i].level = _log_level;
+
+ return i;
}
-static inline Eina_Bool
-eina_log_term_color_supported(const char *term)
+static inline Eina_Bool eina_log_term_color_supported(const char *term)
{
- const char *tail;
-
- if (!term)
- return EINA_FALSE;
-
- tail = term + 1;
- switch (term[0])
- {
- /* list of known to support color terminals,
- * take from gentoo's portage.
- */
-
- case 'x': /* xterm and xterm-color */
- return ((strncmp(tail, "term", sizeof("term") - 1) == 0) &&
- ((tail[sizeof("term") - 1] == '\0') ||
- (strcmp(tail + sizeof("term") - 1, "-color") == 0)));
-
- case 'E': /* Eterm */
- case 'a': /* aterm */
- case 'k': /* kterm */
- return (strcmp(tail, "term") == 0);
-
- case 'r': /* xrvt or rxvt-unicode */
- return ((strncmp(tail, "xvt", sizeof("xvt") - 1) == 0) &&
- ((tail[sizeof("xvt") - 1] == '\0') ||
- (strcmp(tail + sizeof("xvt") - 1, "-unicode") == 0)));
-
- case 's': /* screen */
- return (strcmp(tail, "creen") == 0);
-
- case 'g': /* gnome */
- return (strcmp(tail, "nome") == 0);
-
- case 'i': /* interix */
- return (strcmp(tail, "nterix") == 0);
-
- default:
- return EINA_FALSE;
- }
+ const char *tail;
+
+ if (!term)
+ return EINA_FALSE;
+
+ tail = term + 1;
+ switch (term[0]) {
+ /* list of known to support color terminals,
+ * take from gentoo's portage.
+ */
+
+ case 'x': /* xterm and xterm-color */
+ return ((strncmp(tail, "term", sizeof("term") - 1) == 0) &&
+ ((tail[sizeof("term") - 1] == '\0') ||
+ (strcmp(tail + sizeof("term") - 1, "-color") ==
+ 0)));
+
+ case 'E': /* Eterm */
+ case 'a': /* aterm */
+ case 'k': /* kterm */
+ return (strcmp(tail, "term") == 0);
+
+ case 'r': /* xrvt or rxvt-unicode */
+ return ((strncmp(tail, "xvt", sizeof("xvt") - 1) == 0) &&
+ ((tail[sizeof("xvt") - 1] == '\0') ||
+ (strcmp(tail + sizeof("xvt") - 1, "-unicode") ==
+ 0)));
+
+ case 's': /* screen */
+ return (strcmp(tail, "creen") == 0);
+
+ case 'g': /* gnome */
+ return (strcmp(tail, "nome") == 0);
+
+ case 'i': /* interix */
+ return (strcmp(tail, "nterix") == 0);
+
+ default:
+ return EINA_FALSE;
+ }
}
-static inline void
-eina_log_domain_unregister_unlocked(int domain)
+static inline void eina_log_domain_unregister_unlocked(int domain)
{
- Eina_Log_Domain *d;
+ Eina_Log_Domain *d;
- if ((unsigned int)domain >= _log_domains_count)
- return;
+ if ((unsigned int) domain >= _log_domains_count)
+ return;
- d = &_log_domains[domain];
- eina_log_domain_free(d);
- d->deleted = 1;
+ d = &_log_domains[domain];
+ eina_log_domain_free(d);
+ d->deleted = 1;
}
static inline void
eina_log_print_unlocked(int domain,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line,
- const char *fmt,
- va_list args)
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc,
+ int line, const char *fmt, va_list args)
{
- Eina_Log_Domain *d;
+ Eina_Log_Domain *d;
#ifdef EINA_SAFETY_CHECKS
- if (EINA_UNLIKELY((unsigned int)domain >= _log_domains_count) ||
- EINA_UNLIKELY(domain < 0))
- {
- if (file && fnc && fmt)
- fprintf(
- stderr,
- "CRI: %s:%d %s() eina_log_print() unknown domain %d, original message format '%s'\n",
- file,
- line,
- fnc,
- domain,
- fmt);
- else
- fprintf(
- stderr,
- "CRI: eina_log_print() unknown domain %d, original message format '%s'\n",
- domain,
- fmt ? fmt : "");
-
- if (_abort_on_critical)
- abort();
-
- return;
- }
-
+ if (EINA_UNLIKELY((unsigned int) domain >= _log_domains_count) ||
+ EINA_UNLIKELY(domain < 0)) {
+ if (file && fnc && fmt)
+ fprintf(stderr,
+ "CRI: %s:%d %s() eina_log_print() unknown domain %d, original message format '%s'\n",
+ file, line, fnc, domain, fmt);
+ else
+ fprintf(stderr,
+ "CRI: eina_log_print() unknown domain %d, original message format '%s'\n",
+ domain, fmt ? fmt : "");
+
+ if (_abort_on_critical)
+ abort();
+
+ return;
+ }
#endif
- d = _log_domains + domain;
+ d = _log_domains + domain;
#ifdef EINA_SAFETY_CHECKS
- if (EINA_UNLIKELY(d->deleted))
- {
- fprintf(stderr,
- "ERR: eina_log_print() domain %d is deleted\n",
- domain);
- return;
- }
-
+ if (EINA_UNLIKELY(d->deleted)) {
+ fprintf(stderr,
+ "ERR: eina_log_print() domain %d is deleted\n",
+ domain);
+ return;
+ }
#endif
- if (level > d->level)
- return;
+ if (level > d->level)
+ return;
#ifdef _WIN32
- {
- char *wfmt;
- char *tmp;
-
- wfmt = strdup(fmt);
- if (!wfmt)
- {
- fprintf(stderr, "ERR: %s: can not allocate memory\n", __FUNCTION__);
- return;
- }
-
- tmp = wfmt;
- while (strchr(tmp, "%"))
- {
- tmp++;
- if (*tmp == 'z')
- *tmp = 'I';
- }
- _print_cb(d, level, file, fnc, line, wfmt, _print_cb_data, args);
- free(wfmt);
- }
+ {
+ char *wfmt;
+ char *tmp;
+
+ wfmt = strdup(fmt);
+ if (!wfmt) {
+ fprintf(stderr,
+ "ERR: %s: can not allocate memory\n",
+ __FUNCTION__);
+ return;
+ }
+
+ tmp = wfmt;
+ while (strchr(tmp, "%")) {
+ tmp++;
+ if (*tmp == 'z')
+ *tmp = 'I';
+ }
+ _print_cb(d, level, file, fnc, line, wfmt, _print_cb_data,
+ args);
+ free(wfmt);
+ }
#else
- _print_cb(d, level, file, fnc, line, fmt, _print_cb_data, args);
+ _print_cb(d, level, file, fnc, line, fmt, _print_cb_data, args);
#endif
- if (EINA_UNLIKELY(_abort_on_critical) &&
- EINA_UNLIKELY(level <= _abort_level_on_critical))
- abort();
+ if (EINA_UNLIKELY(_abort_on_critical) &&
+ EINA_UNLIKELY(level <= _abort_level_on_critical))
+ abort();
}
/**
@@ -1529,81 +1466,78 @@ eina_log_print_unlocked(int domain,
* place where this function was called the first time is
* considered the main thread.
*/
-Eina_Bool
-eina_log_init(void)
+Eina_Bool eina_log_init(void)
{
- const char *level, *tmp;
- int color_disable;
+ const char *level, *tmp;
+ int color_disable;
- assert((sizeof(_names) / sizeof(_names[0])) == EINA_LOG_LEVELS);
+ assert((sizeof(_names) / sizeof(_names[0])) == EINA_LOG_LEVELS);
- if ((tmp = getenv(EINA_LOG_ENV_COLOR_DISABLE)))
- color_disable = atoi(tmp);
- else
- color_disable = -1;
+ if ((tmp = getenv(EINA_LOG_ENV_COLOR_DISABLE)))
+ color_disable = atoi(tmp);
+ else
+ color_disable = -1;
- /* Check if color is explicitly disabled */
- if (color_disable == 1)
- _disable_color = EINA_TRUE;
+ /* Check if color is explicitly disabled */
+ if (color_disable == 1)
+ _disable_color = EINA_TRUE;
#ifndef _WIN32
- /* color was not explicitly disabled or enabled, guess it */
- else if (color_disable == -1)
- {
- if (!eina_log_term_color_supported(getenv("TERM")))
- _disable_color = EINA_TRUE;
- else
- {
- /* if not a terminal, but redirected to a file, disable color */
- int fd;
-
- if (_print_cb == eina_log_print_cb_stderr)
- fd = STDERR_FILENO;
- else if (_print_cb == eina_log_print_cb_stdout)
- fd = STDOUT_FILENO;
- else
- fd = -1;
-
- if ((fd >= 0) && (!isatty(fd)))
- _disable_color = EINA_TRUE;
- }
- }
+ /* color was not explicitly disabled or enabled, guess it */
+ else if (color_disable == -1) {
+ if (!eina_log_term_color_supported(getenv("TERM")))
+ _disable_color = EINA_TRUE;
+ else {
+ /* if not a terminal, but redirected to a file, disable color */
+ int fd;
+
+ if (_print_cb == eina_log_print_cb_stderr)
+ fd = STDERR_FILENO;
+ else if (_print_cb == eina_log_print_cb_stdout)
+ fd = STDOUT_FILENO;
+ else
+ fd = -1;
+
+ if ((fd >= 0) && (!isatty(fd)))
+ _disable_color = EINA_TRUE;
+ }
+ }
#endif
- if ((tmp = getenv(EINA_LOG_ENV_FILE_DISABLE)) && (atoi(tmp) == 1))
- _disable_file = EINA_TRUE;
-
- if ((tmp = getenv(EINA_LOG_ENV_FUNCTION_DISABLE)) && (atoi(tmp) == 1))
- _disable_function = EINA_TRUE;
+ if ((tmp = getenv(EINA_LOG_ENV_FILE_DISABLE)) && (atoi(tmp) == 1))
+ _disable_file = EINA_TRUE;
- if ((tmp = getenv(EINA_LOG_ENV_ABORT)) && (atoi(tmp) == 1))
- _abort_on_critical = EINA_TRUE;
+ if ((tmp = getenv(EINA_LOG_ENV_FUNCTION_DISABLE))
+ && (atoi(tmp) == 1))
+ _disable_function = EINA_TRUE;
- if ((tmp = getenv(EINA_LOG_ENV_ABORT_LEVEL)))
- _abort_level_on_critical = atoi(tmp);
+ if ((tmp = getenv(EINA_LOG_ENV_ABORT)) && (atoi(tmp) == 1))
+ _abort_on_critical = EINA_TRUE;
- eina_log_print_prefix_update();
+ if ((tmp = getenv(EINA_LOG_ENV_ABORT_LEVEL)))
+ _abort_level_on_critical = atoi(tmp);
- // Global log level
- if ((level = getenv(EINA_LOG_ENV_LEVEL)))
- _log_level = atoi(level);
+ eina_log_print_prefix_update();
- // Register UNKNOWN domain, the default logger
- EINA_LOG_DOMAIN_GLOBAL = eina_log_domain_register("", NULL);
+ // Global log level
+ if ((level = getenv(EINA_LOG_ENV_LEVEL)))
+ _log_level = atoi(level);
- if (EINA_LOG_DOMAIN_GLOBAL < 0)
- {
- fprintf(stderr, "Failed to create global logging domain.\n");
- return EINA_FALSE;
- }
+ // Register UNKNOWN domain, the default logger
+ EINA_LOG_DOMAIN_GLOBAL = eina_log_domain_register("", NULL);
- // Parse pending domains passed through EINA_LOG_LEVELS_GLOB
- eina_log_domain_parse_pending_globs();
+ if (EINA_LOG_DOMAIN_GLOBAL < 0) {
+ fprintf(stderr,
+ "Failed to create global logging domain.\n");
+ return EINA_FALSE;
+ }
+ // Parse pending domains passed through EINA_LOG_LEVELS_GLOB
+ eina_log_domain_parse_pending_globs();
- // Parse pending domains passed through EINA_LOG_LEVELS
- eina_log_domain_parse_pendings();
+ // Parse pending domains passed through EINA_LOG_LEVELS
+ eina_log_domain_parse_pendings();
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -1621,40 +1555,36 @@ eina_log_init(void)
* place where eina_log_init() (eina_init()) was called the
* first time is considered the main thread.
*/
-Eina_Bool
-eina_log_shutdown(void)
+Eina_Bool eina_log_shutdown(void)
{
- Eina_Inlist *tmp;
+ Eina_Inlist *tmp;
- while (_log_domains_count--)
- {
- if (_log_domains[_log_domains_count].deleted)
- continue;
+ while (_log_domains_count--) {
+ if (_log_domains[_log_domains_count].deleted)
+ continue;
- eina_log_domain_free(&_log_domains[_log_domains_count]);
- }
+ eina_log_domain_free(&_log_domains[_log_domains_count]);
+ }
- free(_log_domains);
+ free(_log_domains);
- _log_domains = NULL;
- _log_domains_count = 0;
- _log_domains_allocated = 0;
+ _log_domains = NULL;
+ _log_domains_count = 0;
+ _log_domains_allocated = 0;
- while (_glob_list)
- {
- tmp = _glob_list;
- _glob_list = _glob_list->next;
- free(tmp);
- }
+ while (_glob_list) {
+ tmp = _glob_list;
+ _glob_list = _glob_list->next;
+ free(tmp);
+ }
- while (_pending_list)
- {
- tmp = _pending_list;
- _pending_list = _pending_list->next;
- free(tmp);
- }
+ while (_pending_list) {
+ tmp = _pending_list;
+ _pending_list = _pending_list->next;
+ free(tmp);
+ }
- return EINA_TRUE;
+ return EINA_TRUE;
}
#ifdef EFL_HAVE_THREADS
@@ -1668,12 +1598,11 @@ eina_log_shutdown(void)
*
* @see eina_threads_init()
*/
-void
-eina_log_threads_init(void)
+void eina_log_threads_init(void)
{
- _main_thread = SELF();
- if (INIT())
- _threads_enabled = EINA_TRUE;
+ _main_thread = SELF();
+ if (INIT())
+ _threads_enabled = EINA_TRUE;
}
/**
@@ -1685,12 +1614,11 @@ eina_log_threads_init(void)
*
* @see eina_threads_shutdown()
*/
-void
-eina_log_threads_shutdown(void)
+void eina_log_threads_shutdown(void)
{
- CHECK_MAIN();
- SHUTDOWN();
- _threads_enabled = EINA_FALSE;
+ CHECK_MAIN();
+ SHUTDOWN();
+ _threads_enabled = EINA_FALSE;
}
#endif
@@ -1817,12 +1745,11 @@ EAPI int EINA_LOG_DOMAIN_GLOBAL = 0;
* The main thread is considered the thread where the first
* eina_init() was called.
*/
-EAPI void
-eina_log_threads_enable(void)
+EAPI void eina_log_threads_enable(void)
{
#ifdef EFL_HAVE_THREADS
- _threads_enabled = 1;
- eina_log_print_prefix_update();
+ _threads_enabled = 1;
+ eina_log_print_prefix_update();
#endif
}
@@ -1840,14 +1767,13 @@ eina_log_threads_enable(void)
* This means you're safe from other calls but you should never
* call eina_log_print(), directly or indirectly.
*/
-EAPI void
-eina_log_print_cb_set(Eina_Log_Print_Cb cb, void *data)
+EAPI void eina_log_print_cb_set(Eina_Log_Print_Cb cb, void *data)
{
- LOG_LOCK();
- _print_cb = cb;
- _print_cb_data = data;
- eina_log_print_prefix_update();
- LOG_UNLOCK();
+ LOG_LOCK();
+ _print_cb = cb;
+ _print_cb_data = data;
+ eina_log_print_prefix_update();
+ LOG_UNLOCK();
}
/**
@@ -1862,13 +1788,13 @@ eina_log_print_cb_set(Eina_Log_Print_Cb cb, void *data)
*
* @see eina_log_level_get()
*/
-EAPI void
-eina_log_level_set(int level)
+EAPI void eina_log_level_set(int level)
{
- _log_level = level;
- if (EINA_LIKELY((EINA_LOG_DOMAIN_GLOBAL >= 0) &&
- ((unsigned int)EINA_LOG_DOMAIN_GLOBAL < _log_domains_count)))
- _log_domains[EINA_LOG_DOMAIN_GLOBAL].level = level;
+ _log_level = level;
+ if (EINA_LIKELY((EINA_LOG_DOMAIN_GLOBAL >= 0) &&
+ ((unsigned int) EINA_LOG_DOMAIN_GLOBAL <
+ _log_domains_count)))
+ _log_domains[EINA_LOG_DOMAIN_GLOBAL].level = level;
}
/**
@@ -1878,10 +1804,9 @@ eina_log_level_set(int level)
*
* @see eina_log_level_set()
*/
-EAPI int
-eina_log_level_get(void)
+EAPI int eina_log_level_get(void)
{
- return _log_level;
+ return _log_level;
}
/**
@@ -1896,13 +1821,12 @@ eina_log_level_get(void)
* thread is not the main (one that called
* eina_log_threads_init()).
*/
-EAPI Eina_Bool
-eina_log_main_thread_check(void)
+EAPI Eina_Bool eina_log_main_thread_check(void)
{
#ifdef EFL_HAVE_THREADS
- return ((!_threads_enabled) || IS_MAIN(SELF()));
+ return ((!_threads_enabled) || IS_MAIN(SELF()));
#else
- return EINA_TRUE;
+ return EINA_TRUE;
#endif
}
@@ -1915,10 +1839,9 @@ eina_log_main_thread_check(void)
*
* @see eina_log_color_disable_get()
*/
-EAPI void
-eina_log_color_disable_set(Eina_Bool disabled)
+EAPI void eina_log_color_disable_set(Eina_Bool disabled)
{
- _disable_color = disabled;
+ _disable_color = disabled;
}
/**
@@ -1928,10 +1851,9 @@ eina_log_color_disable_set(Eina_Bool disabled)
*
* @see eina_log_color_disable_set()
*/
-EAPI Eina_Bool
-eina_log_color_disable_get(void)
+EAPI Eina_Bool eina_log_color_disable_get(void)
{
- return _disable_color;
+ return _disable_color;
}
/**
@@ -1943,10 +1865,9 @@ eina_log_color_disable_get(void)
*
* @see eina_log_file_disable_get()
*/
-EAPI void
-eina_log_file_disable_set(Eina_Bool disabled)
+EAPI void eina_log_file_disable_set(Eina_Bool disabled)
{
- _disable_file = disabled;
+ _disable_file = disabled;
}
/**
@@ -1956,10 +1877,9 @@ eina_log_file_disable_set(Eina_Bool disabled)
*
* @see eina_log_file_disable_set()
*/
-EAPI Eina_Bool
-eina_log_file_disable_get(void)
+EAPI Eina_Bool eina_log_file_disable_get(void)
{
- return _disable_file;
+ return _disable_file;
}
/**
@@ -1972,10 +1892,9 @@ eina_log_file_disable_get(void)
*
* @see eina_log_function_disable_get()
*/
-EAPI void
-eina_log_function_disable_set(Eina_Bool disabled)
+EAPI void eina_log_function_disable_set(Eina_Bool disabled)
{
- _disable_function = disabled;
+ _disable_function = disabled;
}
/**
@@ -1985,10 +1904,9 @@ eina_log_function_disable_set(Eina_Bool disabled)
*
* @see eina_log_function_disable_set()
*/
-EAPI Eina_Bool
-eina_log_function_disable_get(void)
+EAPI Eina_Bool eina_log_function_disable_get(void)
{
- return _disable_function;
+ return _disable_function;
}
/**
@@ -2004,10 +1922,9 @@ eina_log_function_disable_get(void)
* @see eina_log_abort_on_critical_get()
* @see eina_log_abort_on_critical_level_set()
*/
-EAPI void
-eina_log_abort_on_critical_set(Eina_Bool abort_on_critical)
+EAPI void eina_log_abort_on_critical_set(Eina_Bool abort_on_critical)
{
- _abort_on_critical = abort_on_critical;
+ _abort_on_critical = abort_on_critical;
}
/**
@@ -2020,10 +1937,9 @@ eina_log_abort_on_critical_set(Eina_Bool abort_on_critical)
* @see eina_log_abort_on_critical_set()
* @see eina_log_abort_on_critical_level_set()
*/
-EAPI Eina_Bool
-eina_log_abort_on_critical_get(void)
+EAPI Eina_Bool eina_log_abort_on_critical_get(void)
{
- return _abort_on_critical;
+ return _abort_on_critical;
}
/**
@@ -2039,10 +1955,9 @@ eina_log_abort_on_critical_get(void)
* @see eina_log_abort_on_critical_level_get()
* @see eina_log_abort_on_critical_get()
*/
-EAPI void
-eina_log_abort_on_critical_level_set(int critical_level)
+EAPI void eina_log_abort_on_critical_level_set(int critical_level)
{
- _abort_level_on_critical = critical_level;
+ _abort_level_on_critical = critical_level;
}
/**
@@ -2055,10 +1970,9 @@ eina_log_abort_on_critical_level_set(int critical_level)
* @see eina_log_abort_on_critical_level_set()
* @see eina_log_abort_on_critical_get()
*/
-EAPI int
-eina_log_abort_on_critical_level_get(void)
+EAPI int eina_log_abort_on_critical_level_get(void)
{
- return _abort_level_on_critical;
+ return _abort_level_on_critical;
}
/**
@@ -2070,17 +1984,16 @@ eina_log_abort_on_critical_level_get(void)
*
* @note MT: safe to call from any thread.
*/
-EAPI int
-eina_log_domain_register(const char *name, const char *color)
+EAPI int eina_log_domain_register(const char *name, const char *color)
{
- int r;
+ int r;
- EINA_SAFETY_ON_NULL_RETURN_VAL(name, -1);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(name, -1);
- LOG_LOCK();
- r = eina_log_domain_register_unlocked(name, color);
- LOG_UNLOCK();
- return r;
+ LOG_LOCK();
+ r = eina_log_domain_register_unlocked(name, color);
+ LOG_UNLOCK();
+ return r;
}
/**
@@ -2091,13 +2004,12 @@ eina_log_domain_register(const char *name, const char *color)
*
* @note MT: safe to call from any thread.
*/
-EAPI void
-eina_log_domain_unregister(int domain)
+EAPI void eina_log_domain_unregister(int domain)
{
- EINA_SAFETY_ON_FALSE_RETURN(domain >= 0);
- LOG_LOCK();
- eina_log_domain_unregister_unlocked(domain);
- LOG_UNLOCK();
+ EINA_SAFETY_ON_FALSE_RETURN(domain >= 0);
+ LOG_LOCK();
+ eina_log_domain_unregister_unlocked(domain);
+ LOG_UNLOCK();
}
/**
@@ -2112,49 +2024,47 @@ eina_log_domain_unregister(int domain)
* registration.
* @param level level to use to limit eina_log_print() for given domain.
*/
-EAPI void
-eina_log_domain_level_set(const char *domain_name, int level)
+EAPI void eina_log_domain_level_set(const char *domain_name, int level)
{
- Eina_Log_Domain_Level_Pending *pending;
- size_t namelen;
- unsigned int i;
-
- EINA_SAFETY_ON_NULL_RETURN(domain_name);
-
- namelen = strlen(domain_name);
-
- for (i = 0; i < _log_domains_count; i++)
- {
- if (_log_domains[i].deleted)
- continue;
-
- if ((namelen != _log_domains[i].namelen) ||
- (strcmp(_log_domains[i].name, domain_name) != 0))
- continue;
-
- _log_domains[i].level = level;
- return;
- }
-
- EINA_INLIST_FOREACH(_pending_list, pending)
- {
- if ((namelen == pending->namelen) &&
- (strcmp(pending->name, domain_name) == 0))
- {
- pending->level = level;
- return;
- }
- }
-
- pending = malloc(sizeof(Eina_Log_Domain_Level_Pending) + namelen + 1);
- if (!pending)
- return;
-
- pending->level = level;
- pending->namelen = namelen;
- memcpy(pending->name, domain_name, namelen + 1);
-
- _pending_list = eina_inlist_append(_pending_list, EINA_INLIST_GET(pending));
+ Eina_Log_Domain_Level_Pending *pending;
+ size_t namelen;
+ unsigned int i;
+
+ EINA_SAFETY_ON_NULL_RETURN(domain_name);
+
+ namelen = strlen(domain_name);
+
+ for (i = 0; i < _log_domains_count; i++) {
+ if (_log_domains[i].deleted)
+ continue;
+
+ if ((namelen != _log_domains[i].namelen) ||
+ (strcmp(_log_domains[i].name, domain_name) != 0))
+ continue;
+
+ _log_domains[i].level = level;
+ return;
+ }
+
+ EINA_INLIST_FOREACH(_pending_list, pending) {
+ if ((namelen == pending->namelen) &&
+ (strcmp(pending->name, domain_name) == 0)) {
+ pending->level = level;
+ return;
+ }
+ }
+
+ pending =
+ malloc(sizeof(Eina_Log_Domain_Level_Pending) + namelen + 1);
+ if (!pending)
+ return;
+
+ pending->level = level;
+ pending->namelen = namelen;
+ memcpy(pending->name, domain_name, namelen + 1);
+
+ _pending_list =
+ eina_inlist_append(_pending_list, EINA_INLIST_GET(pending));
}
/**
@@ -2175,43 +2085,40 @@ eina_log_domain_level_set(const char *domain_name, int level)
* @see eina_log_domain_level_set()
* @see eina_log_domain_registered_level_get()
*/
-EAPI int
-eina_log_domain_level_get(const char *domain_name)
+EAPI int eina_log_domain_level_get(const char *domain_name)
{
- Eina_Log_Domain_Level_Pending *pending;
- size_t namelen;
- unsigned int i;
+ Eina_Log_Domain_Level_Pending *pending;
+ size_t namelen;
+ unsigned int i;
- EINA_SAFETY_ON_NULL_RETURN_VAL(domain_name, EINA_LOG_LEVEL_UNKNOWN);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(domain_name,
+ EINA_LOG_LEVEL_UNKNOWN);
- namelen = strlen(domain_name);
+ namelen = strlen(domain_name);
- for (i = 0; i < _log_domains_count; i++)
- {
- if (_log_domains[i].deleted)
- continue;
+ for (i = 0; i < _log_domains_count; i++) {
+ if (_log_domains[i].deleted)
+ continue;
- if ((namelen != _log_domains[i].namelen) ||
- (strcmp(_log_domains[i].name, domain_name) != 0))
- continue;
+ if ((namelen != _log_domains[i].namelen) ||
+ (strcmp(_log_domains[i].name, domain_name) != 0))
+ continue;
- return _log_domains[i].level;
- }
+ return _log_domains[i].level;
+ }
- EINA_INLIST_FOREACH(_pending_list, pending)
- {
- if ((namelen == pending->namelen) &&
- (strcmp(pending->name, domain_name) == 0))
- return pending->level;
- }
+ EINA_INLIST_FOREACH(_pending_list, pending) {
+ if ((namelen == pending->namelen) &&
+ (strcmp(pending->name, domain_name) == 0))
+ return pending->level;
+ }
- EINA_INLIST_FOREACH(_glob_list, pending)
- {
- if (!fnmatch(pending->name, domain_name, 0))
- return pending->level;
- }
+ EINA_INLIST_FOREACH(_glob_list, pending) {
+ if (!fnmatch(pending->name, domain_name, 0))
+ return pending->level;
+ }
- return _log_level;
+ return _log_level;
}
/**
@@ -2225,15 +2132,16 @@ eina_log_domain_level_get(const char *domain_name)
* @return level to use to limit eina_log_print() for given domain. On
* error EINA_LOG_LEVEL_UNKNOWN is returned.
*/
-EAPI int
-eina_log_domain_registered_level_get(int domain)
+EAPI int eina_log_domain_registered_level_get(int domain)
{
- EINA_SAFETY_ON_FALSE_RETURN_VAL(domain >= 0, EINA_LOG_LEVEL_UNKNOWN);
- EINA_SAFETY_ON_FALSE_RETURN_VAL((unsigned int)domain < _log_domains_count,
- EINA_LOG_LEVEL_UNKNOWN);
- EINA_SAFETY_ON_TRUE_RETURN_VAL(_log_domains[domain].deleted,
- EINA_LOG_LEVEL_UNKNOWN);
- return _log_domains[domain].level;
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(domain >= 0,
+ EINA_LOG_LEVEL_UNKNOWN);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL((unsigned int) domain <
+ _log_domains_count,
+ EINA_LOG_LEVEL_UNKNOWN);
+ EINA_SAFETY_ON_TRUE_RETURN_VAL(_log_domains[domain].deleted,
+ EINA_LOG_LEVEL_UNKNOWN);
+ return _log_domains[domain].level;
}
/**
@@ -2262,18 +2170,17 @@ eina_log_domain_registered_level_get(int domain)
* appended to domain name.
*/
EAPI void
-eina_log_print_cb_stderr(const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line,
- const char *fmt,
- __UNUSED__ void *data,
- va_list args)
+eina_log_print_cb_stderr(const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc,
+ int line,
+ const char *fmt,
+ __UNUSED__ void *data, va_list args)
{
- _eina_log_print_prefix(stderr, d, level, file, fnc, line);
- vfprintf(stderr, fmt, args);
- putc('\n', stderr);
+ _eina_log_print_prefix(stderr, d, level, file, fnc, line);
+ vfprintf(stderr, fmt, args);
+ putc('\n', stderr);
}
/**
@@ -2303,18 +2210,17 @@ eina_log_print_cb_stderr(const Eina_Log_Domain *d,
* appended to domain name.
*/
EAPI void
-eina_log_print_cb_stdout(const Eina_Log_Domain *d,
- Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line,
- const char *fmt,
- __UNUSED__ void *data,
- va_list args)
+eina_log_print_cb_stdout(const Eina_Log_Domain * d,
+ Eina_Log_Level level,
+ const char *file,
+ const char *fnc,
+ int line,
+ const char *fmt,
+ __UNUSED__ void *data, va_list args)
{
- _eina_log_print_prefix(stdout, d, level, file, fnc, line);
- vprintf(fmt, args);
- putchar('\n');
+ _eina_log_print_prefix(stdout, d, level, file, fnc, line);
+ vprintf(fmt, args);
+ putchar('\n');
}
/**
@@ -2336,37 +2242,31 @@ eina_log_print_cb_stdout(const Eina_Log_Domain *d,
* appended to domain name.
*/
EAPI void
-eina_log_print_cb_file(const Eina_Log_Domain *d,
- __UNUSED__ Eina_Log_Level level,
- const char *file,
- const char *fnc,
- int line,
- const char *fmt,
- void *data,
- va_list args)
+eina_log_print_cb_file(const Eina_Log_Domain * d,
+ __UNUSED__ Eina_Log_Level level,
+ const char *file,
+ const char *fnc,
+ int line, const char *fmt, void *data, va_list args)
{
- FILE *f = data;
+ FILE *f = data;
#ifdef EFL_HAVE_THREADS
- if (_threads_enabled)
- {
- Thread cur;
-
- cur = SELF();
- if (IS_OTHER(cur))
- {
- fprintf(f, "%s[T:%lu] %s:%d %s() ", d->name, (unsigned long)cur,
- file, line, fnc);
- goto end;
- }
- }
-
+ if (_threads_enabled) {
+ Thread cur;
+
+ cur = SELF();
+ if (IS_OTHER(cur)) {
+ fprintf(f, "%s[T:%lu] %s:%d %s() ", d->name,
+ (unsigned long) cur, file, line, fnc);
+ goto end;
+ }
+ }
#endif
- fprintf(f, "%s %s:%d %s() ", d->name, file, line, fnc);
+ fprintf(f, "%s %s:%d %s() ", d->name, file, line, fnc);
#ifdef EFL_HAVE_THREADS
-end:
+ end:
#endif
- vfprintf(f, fmt, args);
- putc('\n', f);
+ vfprintf(f, fmt, args);
+ putc('\n', f);
}
/**
@@ -2393,35 +2293,31 @@ end:
*/
EAPI void
eina_log_print(int domain, Eina_Log_Level level, const char *file,
- const char *fnc, int line, const char *fmt, ...)
+ const char *fnc, int line, const char *fmt, ...)
{
- va_list args;
+ va_list args;
#ifdef EINA_SAFETY_CHECKS
- if (EINA_UNLIKELY(!file))
- {
- fputs("ERR: eina_log_print() file == NULL\n", stderr);
- return;
- }
-
- if (EINA_UNLIKELY(!fnc))
- {
- fputs("ERR: eina_log_print() fnc == NULL\n", stderr);
- return;
- }
-
- if (EINA_UNLIKELY(!fmt))
- {
- fputs("ERR: eina_log_print() fmt == NULL\n", stderr);
- return;
- }
-
+ if (EINA_UNLIKELY(!file)) {
+ fputs("ERR: eina_log_print() file == NULL\n", stderr);
+ return;
+ }
+
+ if (EINA_UNLIKELY(!fnc)) {
+ fputs("ERR: eina_log_print() fnc == NULL\n", stderr);
+ return;
+ }
+
+ if (EINA_UNLIKELY(!fmt)) {
+ fputs("ERR: eina_log_print() fmt == NULL\n", stderr);
+ return;
+ }
#endif
- va_start(args, fmt);
- LOG_LOCK();
- eina_log_print_unlocked(domain, level, file, fnc, line, fmt, args);
- LOG_UNLOCK();
- va_end(args);
+ va_start(args, fmt);
+ LOG_LOCK();
+ eina_log_print_unlocked(domain, level, file, fnc, line, fmt, args);
+ LOG_UNLOCK();
+ va_end(args);
}
/**
@@ -2451,31 +2347,27 @@ eina_log_print(int domain, Eina_Log_Level level, const char *file,
*/
EAPI void
eina_log_vprint(int domain, Eina_Log_Level level, const char *file,
- const char *fnc, int line, const char *fmt, va_list args)
+ const char *fnc, int line, const char *fmt, va_list args)
{
#ifdef EINA_SAFETY_CHECKS
- if (EINA_UNLIKELY(!file))
- {
- fputs("ERR: eina_log_print() file == NULL\n", stderr);
- return;
- }
-
- if (EINA_UNLIKELY(!fnc))
- {
- fputs("ERR: eina_log_print() fnc == NULL\n", stderr);
- return;
- }
-
- if (EINA_UNLIKELY(!fmt))
- {
- fputs("ERR: eina_log_print() fmt == NULL\n", stderr);
- return;
- }
-
+ if (EINA_UNLIKELY(!file)) {
+ fputs("ERR: eina_log_print() file == NULL\n", stderr);
+ return;
+ }
+
+ if (EINA_UNLIKELY(!fnc)) {
+ fputs("ERR: eina_log_print() fnc == NULL\n", stderr);
+ return;
+ }
+
+ if (EINA_UNLIKELY(!fmt)) {
+ fputs("ERR: eina_log_print() fmt == NULL\n", stderr);
+ return;
+ }
#endif
- LOG_LOCK();
- eina_log_print_unlocked(domain, level, file, fnc, line, fmt, args);
- LOG_UNLOCK();
+ LOG_LOCK();
+ eina_log_print_unlocked(domain, level, file, fnc, line, fmt, args);
+ LOG_UNLOCK();
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_magic.c b/tests/suite/ecore/src/lib/eina_magic.c
index 83cd247d26..cc607d0f11 100644
--- a/tests/suite/ecore/src/lib/eina_magic.c
+++ b/tests/suite/ecore/src/lib/eina_magic.c
@@ -17,14 +17,14 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -45,11 +45,10 @@
*/
typedef struct _Eina_Magic_String Eina_Magic_String;
-struct _Eina_Magic_String
-{
- Eina_Magic magic;
- Eina_Bool string_allocated;
- const char *string;
+struct _Eina_Magic_String {
+ Eina_Magic magic;
+ Eina_Bool string_allocated;
+ const char *string;
};
static int _eina_magic_string_log_dom = -1;
@@ -69,55 +68,52 @@ static size_t _eina_magic_strings_count = 0;
static size_t _eina_magic_strings_allocated = 0;
static Eina_Bool _eina_magic_strings_dirty = 0;
-static int
-_eina_magic_strings_sort_cmp(const void *p1, const void *p2)
+static int _eina_magic_strings_sort_cmp(const void *p1, const void *p2)
{
- const Eina_Magic_String *a = p1, *b = p2;
- return a->magic - b->magic;
+ const Eina_Magic_String *a = p1, *b = p2;
+ return a->magic - b->magic;
}
-static int
-_eina_magic_strings_find_cmp(const void *p1, const void *p2)
+static int _eina_magic_strings_find_cmp(const void *p1, const void *p2)
{
- Eina_Magic a = (long)p1;
- const Eina_Magic_String *b = p2;
- return a - b->magic;
+ Eina_Magic a = (long) p1;
+ const Eina_Magic_String *b = p2;
+ return a - b->magic;
}
-static Eina_Magic_String *
-_eina_magic_strings_alloc(void)
+static Eina_Magic_String *_eina_magic_strings_alloc(void)
{
- size_t idx;
+ size_t idx;
- if (_eina_magic_strings_count == _eina_magic_strings_allocated)
- {
- void *tmp;
- size_t size;
+ if (_eina_magic_strings_count == _eina_magic_strings_allocated) {
+ void *tmp;
+ size_t size;
- if (EINA_UNLIKELY(_eina_magic_strings_allocated == 0))
- size = 48;
- else
- size = _eina_magic_strings_allocated + 16;
+ if (EINA_UNLIKELY(_eina_magic_strings_allocated == 0))
+ size = 48;
+ else
+ size = _eina_magic_strings_allocated + 16;
- tmp = realloc(_eina_magic_strings, sizeof(Eina_Magic_String) * size);
- if (!tmp)
- {
+ tmp =
+ realloc(_eina_magic_strings,
+ sizeof(Eina_Magic_String) * size);
+ if (!tmp) {
#ifdef _WIN32
- ERR("could not realloc magic_strings from %Iu to %Iu buckets.",
+ ERR("could not realloc magic_strings from %Iu to %Iu buckets.",
#else
- ERR("could not realloc magic_strings from %zu to %zu buckets.",
+ ERR("could not realloc magic_strings from %zu to %zu buckets.",
#endif
- _eina_magic_strings_allocated, size);
- return NULL;
- }
+ _eina_magic_strings_allocated, size);
+ return NULL;
+ }
- _eina_magic_strings = tmp;
- _eina_magic_strings_allocated = size;
- }
+ _eina_magic_strings = tmp;
+ _eina_magic_strings_allocated = size;
+ }
- idx = _eina_magic_strings_count;
- _eina_magic_strings_count++;
- return _eina_magic_strings + idx;
+ idx = _eina_magic_strings_count;
+ _eina_magic_strings_count++;
+ return _eina_magic_strings + idx;
}
/**
@@ -139,18 +135,17 @@ _eina_magic_strings_alloc(void)
*
* @see eina_init()
*/
-Eina_Bool
-eina_magic_string_init(void)
+Eina_Bool eina_magic_string_init(void)
{
- _eina_magic_string_log_dom = eina_log_domain_register
- ("eina_magic_string", EINA_LOG_COLOR_DEFAULT);
- if (_eina_magic_string_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_magic_string");
- return EINA_FALSE;
- }
-
- return EINA_TRUE;
+ _eina_magic_string_log_dom = eina_log_domain_register
+ ("eina_magic_string", EINA_LOG_COLOR_DEFAULT);
+ if (_eina_magic_string_log_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_magic_string");
+ return EINA_FALSE;
+ }
+
+ return EINA_TRUE;
}
/**
@@ -164,27 +159,26 @@ eina_magic_string_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_magic_string_shutdown(void)
+Eina_Bool eina_magic_string_shutdown(void)
{
- Eina_Magic_String *ems, *ems_end;
+ Eina_Magic_String *ems, *ems_end;
- ems = _eina_magic_strings;
- ems_end = ems + _eina_magic_strings_count;
+ ems = _eina_magic_strings;
+ ems_end = ems + _eina_magic_strings_count;
- for (; ems < ems_end; ems++)
- if (ems->string_allocated)
- free((char *)ems->string);
+ for (; ems < ems_end; ems++)
+ if (ems->string_allocated)
+ free((char *) ems->string);
- free(_eina_magic_strings);
- _eina_magic_strings = NULL;
- _eina_magic_strings_count = 0;
- _eina_magic_strings_allocated = 0;
+ free(_eina_magic_strings);
+ _eina_magic_strings = NULL;
+ _eina_magic_strings_count = 0;
+ _eina_magic_strings_allocated = 0;
- eina_log_domain_unregister(_eina_magic_string_log_dom);
- _eina_magic_string_log_dom = -1;
+ eina_log_domain_unregister(_eina_magic_string_log_dom);
+ _eina_magic_string_log_dom = -1;
- return EINA_TRUE;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -304,28 +298,27 @@ eina_magic_string_shutdown(void)
* - (undefined): magic was registered and found, but no string associated.
* - (unknown): magic was not found in the registry.
*/
-EAPI const char *
-eina_magic_string_get(Eina_Magic magic)
+EAPI const char *eina_magic_string_get(Eina_Magic magic)
{
- Eina_Magic_String *ems;
+ Eina_Magic_String *ems;
- if (!_eina_magic_strings)
- return "(none)";
+ if (!_eina_magic_strings)
+ return "(none)";
- if (_eina_magic_strings_dirty)
- {
- qsort(_eina_magic_strings, _eina_magic_strings_count,
- sizeof(Eina_Magic_String), _eina_magic_strings_sort_cmp);
- _eina_magic_strings_dirty = 0;
- }
+ if (_eina_magic_strings_dirty) {
+ qsort(_eina_magic_strings, _eina_magic_strings_count,
+ sizeof(Eina_Magic_String),
+ _eina_magic_strings_sort_cmp);
+ _eina_magic_strings_dirty = 0;
+ }
- ems = bsearch((void *)(long)magic, _eina_magic_strings,
- _eina_magic_strings_count, sizeof(Eina_Magic_String),
- _eina_magic_strings_find_cmp);
- if (ems)
- return ems->string ? ems->string : "(undefined)";
+ ems = bsearch((void *) (long) magic, _eina_magic_strings,
+ _eina_magic_strings_count, sizeof(Eina_Magic_String),
+ _eina_magic_strings_find_cmp);
+ if (ems)
+ return ems->string ? ems->string : "(undefined)";
- return "(unknown)";
+ return "(unknown)";
}
/**
@@ -346,26 +339,25 @@ eina_magic_string_get(Eina_Magic magic)
EAPI Eina_Bool
eina_magic_string_set(Eina_Magic magic, const char *magic_name)
{
- Eina_Magic_String *ems;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(magic_name, EINA_FALSE);
-
- ems = _eina_magic_strings_alloc();
- if (!ems)
- return EINA_FALSE;
-
- ems->magic = magic;
- ems->string_allocated = EINA_TRUE;
- ems->string = strdup(magic_name);
- if (!ems->string)
- {
- ERR("could not allocate string '%s'", magic_name);
- _eina_magic_strings_count--;
- return EINA_FALSE;
- }
-
- _eina_magic_strings_dirty = 1;
- return EINA_TRUE;
+ Eina_Magic_String *ems;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(magic_name, EINA_FALSE);
+
+ ems = _eina_magic_strings_alloc();
+ if (!ems)
+ return EINA_FALSE;
+
+ ems->magic = magic;
+ ems->string_allocated = EINA_TRUE;
+ ems->string = strdup(magic_name);
+ if (!ems->string) {
+ ERR("could not allocate string '%s'", magic_name);
+ _eina_magic_strings_count--;
+ return EINA_FALSE;
+ }
+
+ _eina_magic_strings_dirty = 1;
+ return EINA_TRUE;
}
/**
@@ -387,24 +379,24 @@ eina_magic_string_set(Eina_Magic magic, const char *magic_name)
EAPI Eina_Bool
eina_magic_string_static_set(Eina_Magic magic, const char *magic_name)
{
- Eina_Magic_String *ems;
+ Eina_Magic_String *ems;
- EINA_SAFETY_ON_NULL_RETURN_VAL(magic_name, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(magic_name, EINA_FALSE);
- ems = _eina_magic_strings_alloc();
- if (!ems)
- return EINA_FALSE;
+ ems = _eina_magic_strings_alloc();
+ if (!ems)
+ return EINA_FALSE;
- ems->magic = magic;
- ems->string_allocated = EINA_FALSE;
- ems->string = magic_name;
+ ems->magic = magic;
+ ems->string_allocated = EINA_FALSE;
+ ems->string = magic_name;
- _eina_magic_strings_dirty = 1;
- return EINA_TRUE;
+ _eina_magic_strings_dirty = 1;
+ return EINA_TRUE;
}
#ifdef eina_magic_fail
-# undef eina_magic_fail
+#undef eina_magic_fail
#endif
/**
@@ -432,54 +424,49 @@ eina_magic_string_static_set(Eina_Magic magic, const char *magic_name)
*/
EAPI void
eina_magic_fail(void *d,
- Eina_Magic m,
- Eina_Magic req_m,
- const char *file,
- const char *fnc,
- int line)
+ Eina_Magic m,
+ Eina_Magic req_m,
+ const char *file, const char *fnc, int line)
{
- if (!d)
- eina_log_print(EINA_LOG_DOMAIN_GLOBAL, EINA_LOG_LEVEL_CRITICAL,
- file, fnc, line,
- "*** Eina Magic Check Failed !!!\n"
- " Input handle pointer is NULL !\n"
- "*** NAUGHTY PROGRAMMER!!!\n"
- "*** SPANK SPANK SPANK!!!\n"
- "*** Now go fix your code. Tut tut tut!\n"
- "\n");
- else
- if (m == EINA_MAGIC_NONE)
- eina_log_print(EINA_LOG_DOMAIN_GLOBAL, EINA_LOG_LEVEL_CRITICAL,
- file, fnc, line,
- "*** Eina Magic Check Failed !!!\n"
- " Input handle has already been freed!\n"
- "*** NAUGHTY PROGRAMMER!!!\n"
- "*** SPANK SPANK SPANK!!!\n"
- "*** Now go fix your code. Tut tut tut!\n"
- "\n");
- else
- if (m != req_m)
- eina_log_print(EINA_LOG_DOMAIN_GLOBAL, EINA_LOG_LEVEL_CRITICAL,
- file, fnc, line,
- "*** Eina Magic Check Failed !!!\n"
- " Input handle is wrong type\n"
- " Expected: %08x - %s\n"
- " Supplied: %08x - %s\n"
- "*** NAUGHTY PROGRAMMER!!!\n"
- "*** SPANK SPANK SPANK!!!\n"
- "*** Now go fix your code. Tut tut tut!\n"
- "\n",
- req_m, eina_magic_string_get(req_m),
- m, eina_magic_string_get(m));
- else
- eina_log_print(EINA_LOG_DOMAIN_GLOBAL, EINA_LOG_LEVEL_CRITICAL,
- file, fnc, line,
- "*** Eina Magic Check Failed !!!\n"
- " Why did you call me !\n"
- "*** NAUGHTY PROGRAMMER!!!\n"
- "*** SPANK SPANK SPANK!!!\n"
- "*** Now go fix your code. Tut tut tut!\n"
- "\n");
+ if (!d)
+ eina_log_print(EINA_LOG_DOMAIN_GLOBAL,
+ EINA_LOG_LEVEL_CRITICAL, file, fnc, line,
+ "*** Eina Magic Check Failed !!!\n"
+ " Input handle pointer is NULL !\n"
+ "*** NAUGHTY PROGRAMMER!!!\n"
+ "*** SPANK SPANK SPANK!!!\n"
+ "*** Now go fix your code. Tut tut tut!\n"
+ "\n");
+ else if (m == EINA_MAGIC_NONE)
+ eina_log_print(EINA_LOG_DOMAIN_GLOBAL,
+ EINA_LOG_LEVEL_CRITICAL, file, fnc, line,
+ "*** Eina Magic Check Failed !!!\n"
+ " Input handle has already been freed!\n"
+ "*** NAUGHTY PROGRAMMER!!!\n"
+ "*** SPANK SPANK SPANK!!!\n"
+ "*** Now go fix your code. Tut tut tut!\n"
+ "\n");
+ else if (m != req_m)
+ eina_log_print(EINA_LOG_DOMAIN_GLOBAL,
+ EINA_LOG_LEVEL_CRITICAL, file, fnc, line,
+ "*** Eina Magic Check Failed !!!\n"
+ " Input handle is wrong type\n"
+ " Expected: %08x - %s\n"
+ " Supplied: %08x - %s\n"
+ "*** NAUGHTY PROGRAMMER!!!\n"
+ "*** SPANK SPANK SPANK!!!\n"
+ "*** Now go fix your code. Tut tut tut!\n"
+ "\n", req_m, eina_magic_string_get(req_m),
+ m, eina_magic_string_get(m));
+ else
+ eina_log_print(EINA_LOG_DOMAIN_GLOBAL,
+ EINA_LOG_LEVEL_CRITICAL, file, fnc, line,
+ "*** Eina Magic Check Failed !!!\n"
+ " Why did you call me !\n"
+ "*** NAUGHTY PROGRAMMER!!!\n"
+ "*** SPANK SPANK SPANK!!!\n"
+ "*** Now go fix your code. Tut tut tut!\n"
+ "\n");
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_main.c b/tests/suite/ecore/src/lib/eina_main.c
index ceae398363..32be0fe653 100644
--- a/tests/suite/ecore/src/lib/eina_main.c
+++ b/tests/suite/ecore/src/lib/eina_main.c
@@ -17,19 +17,19 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
#ifdef EFL_HAVE_POSIX_THREADS
-# include <pthread.h>
+#include <pthread.h>
#endif
#ifdef EFL_HAVE_WIN32_THREADS
-# define WIN32_LEAN_AND_MEAN
-# include <windows.h>
-# undef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#undef WIN32_LEAN_AND_MEAN
#endif
#include "eina_config.h"
@@ -79,21 +79,21 @@ static int _eina_log_dom = -1;
#ifdef EFL_HAVE_THREADS
static Eina_Bool _threads_activated = EINA_FALSE;
-# ifdef EFL_HAVE_POSIX_THREADS
+#ifdef EFL_HAVE_POSIX_THREADS
static pthread_mutex_t _mutex = PTHREAD_MUTEX_INITIALIZER;
-# define LOCK() if(_threads_activated) pthread_mutex_lock(&_mutex)
-# define UNLOCK() if(_threads_activated) pthread_mutex_unlock(&_mutex)
-# define UNLOCK_FORCE() pthread_mutex_unlock(&_mutex)
-# else /* EFL_HAVE_WIN32_THREADS */
+#define LOCK() if(_threads_activated) pthread_mutex_lock(&_mutex)
+#define UNLOCK() if(_threads_activated) pthread_mutex_unlock(&_mutex)
+#define UNLOCK_FORCE() pthread_mutex_unlock(&_mutex)
+#else /* EFL_HAVE_WIN32_THREADS */
static HANDLE _mutex = NULL;
-# define LOCK() if(_threads_activated) WaitForSingleObject(_mutex, INFINITE)
-# define UNLOCK() if(_threads_activated) ReleaseMutex(_mutex)
-# define UNLOCK_FORCE() ReleaseMutex(_mutex)
-# endif
+#define LOCK() if(_threads_activated) WaitForSingleObject(_mutex, INFINITE)
+#define UNLOCK() if(_threads_activated) ReleaseMutex(_mutex)
+#define UNLOCK_FORCE() ReleaseMutex(_mutex)
+#endif
#else
-# define LOCK() do {} while (0)
-# define UNLOCK() do {} while (0)
-# define UNLOCK_FORCE() do {} while (0)
+#define LOCK() do {} while (0)
+#define UNLOCK() do {} while (0)
+#define UNLOCK_FORCE() do {} while (0)
#endif
/* place module init/shutdown functions here to avoid other modules
@@ -101,76 +101,74 @@ static HANDLE _mutex = NULL;
*/
#define S(x) extern Eina_Bool eina_ ## x ## _init(void); \
extern Eina_Bool eina_ ## x ## _shutdown(void)
- S(log);
- S(error);
- S(safety_checks);
- S(magic_string);
- S(iterator);
- S(accessor);
- S(array);
- S(module);
- S(mempool);
- S(list);
- S(binshare);
- S(stringshare);
- S(ustringshare);
- S(matrixsparse);
- S(convert);
- S(counter);
- S(benchmark);
- S(rectangle);
- S(strbuf);
- S(ustrbuf);
- S(quadtree);
+S(log);
+S(error);
+S(safety_checks);
+S(magic_string);
+S(iterator);
+S(accessor);
+S(array);
+S(module);
+S(mempool);
+S(list);
+S(binshare);
+S(stringshare);
+S(ustringshare);
+S(matrixsparse);
+S(convert);
+S(counter);
+S(benchmark);
+S(rectangle);
+S(strbuf);
+S(ustrbuf);
+S(quadtree);
#undef S
-struct eina_desc_setup
-{
- const char *name;
- Eina_Bool (*init)(void);
- Eina_Bool (*shutdown)(void);
+struct eina_desc_setup {
+ const char *name;
+ Eina_Bool(*init) (void);
+ Eina_Bool(*shutdown) (void);
};
static const struct eina_desc_setup _eina_desc_setup[] = {
#define S(x) {# x, eina_ ## x ## _init, eina_ ## x ## _shutdown}
- /* log is a special case as it needs printf */
- S(error),
- S(safety_checks),
- S(magic_string),
- S(iterator),
- S(accessor),
- S(array),
- S(module),
- S(mempool),
- S(list),
- S(binshare),
- S(stringshare),
- S(ustringshare),
- S(matrixsparse),
- S(convert),
- S(counter),
- S(benchmark),
- S(rectangle),
- S(strbuf),
- S(ustrbuf),
- S(quadtree)
+ /* log is a special case as it needs printf */
+ S(error),
+ S(safety_checks),
+ S(magic_string),
+ S(iterator),
+ S(accessor),
+ S(array),
+ S(module),
+ S(mempool),
+ S(list),
+ S(binshare),
+ S(stringshare),
+ S(ustringshare),
+ S(matrixsparse),
+ S(convert),
+ S(counter),
+ S(benchmark),
+ S(rectangle),
+ S(strbuf),
+ S(ustrbuf),
+ S(quadtree)
#undef S
};
+
static const size_t _eina_desc_setup_len = sizeof(_eina_desc_setup) /
- sizeof(_eina_desc_setup[0]);
+ sizeof(_eina_desc_setup[0]);
-static void
-_eina_shutdown_from_desc(const struct eina_desc_setup *itr)
+static void _eina_shutdown_from_desc(const struct eina_desc_setup *itr)
{
- for (itr--; itr >= _eina_desc_setup; itr--)
- {
- if (!itr->shutdown())
- ERR("Problems shutting down eina module '%s', ignored.", itr->name);
- }
-
- eina_log_domain_unregister(_eina_log_dom);
- _eina_log_dom = -1;
- eina_log_shutdown();
+ for (itr--; itr >= _eina_desc_setup; itr--) {
+ if (!itr->shutdown())
+ ERR("Problems shutting down eina module '%s', ignored.", itr->name);
+ }
+
+ eina_log_domain_unregister(_eina_log_dom);
+ _eina_log_dom = -1;
+ eina_log_shutdown();
}
/**
@@ -214,42 +212,40 @@ EAPI Eina_Version *eina_version = &_version;
* When Eina is not used anymore, call eina_shutdown() to shut down
* the Eina library.
*/
-EAPI int
-eina_init(void)
+EAPI int eina_init(void)
{
- const struct eina_desc_setup *itr, *itr_end;
-
- if (EINA_LIKELY(_eina_main_count > 0))
- return ++_eina_main_count;
-
- if (!eina_log_init())
- {
- fprintf(stderr, "Could not initialize eina logging system.\n");
- return 0;
- }
-
- _eina_log_dom = eina_log_domain_register("eina", EINA_LOG_COLOR_DEFAULT);
- if (_eina_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina");
- eina_log_shutdown();
- return 0;
- }
-
- itr = _eina_desc_setup;
- itr_end = itr + _eina_desc_setup_len;
- for (; itr < itr_end; itr++)
- {
- if (!itr->init())
- {
- ERR("Could not initialize eina module '%s'.", itr->name);
- _eina_shutdown_from_desc(itr);
- return 0;
- }
- }
-
- _eina_main_count = 1;
- return 1;
+ const struct eina_desc_setup *itr, *itr_end;
+
+ if (EINA_LIKELY(_eina_main_count > 0))
+ return ++_eina_main_count;
+
+ if (!eina_log_init()) {
+ fprintf(stderr,
+ "Could not initialize eina logging system.\n");
+ return 0;
+ }
+
+ _eina_log_dom =
+ eina_log_domain_register("eina", EINA_LOG_COLOR_DEFAULT);
+ if (_eina_log_dom < 0) {
+ EINA_LOG_ERR("Could not register log domain: eina");
+ eina_log_shutdown();
+ return 0;
+ }
+
+ itr = _eina_desc_setup;
+ itr_end = itr + _eina_desc_setup_len;
+ for (; itr < itr_end; itr++) {
+ if (!itr->init()) {
+ ERR("Could not initialize eina module '%s'.",
+ itr->name);
+ _eina_shutdown_from_desc(itr);
+ return 0;
+ }
+ }
+
+ _eina_main_count = 1;
+ return 1;
}
/**
@@ -266,14 +262,14 @@ eina_init(void)
* not call any of the Eina function anymore. You must call
* eina_init() again to use the Eina functions again.
*/
-EAPI int
-eina_shutdown(void)
+EAPI int eina_shutdown(void)
{
- _eina_main_count--;
- if (EINA_UNLIKELY(_eina_main_count == 0))
- _eina_shutdown_from_desc(_eina_desc_setup + _eina_desc_setup_len);
+ _eina_main_count--;
+ if (EINA_UNLIKELY(_eina_main_count == 0))
+ _eina_shutdown_from_desc(_eina_desc_setup +
+ _eina_desc_setup_len);
- return _eina_main_count;
+ return _eina_main_count;
}
@@ -290,38 +286,36 @@ eina_shutdown(void)
* When the mutexes are not used anymore, call eina_threads_shutdown() to shut down
* the mutexes.
*/
-EAPI int
-eina_threads_init(void)
+EAPI int eina_threads_init(void)
{
#ifdef EFL_HAVE_THREADS
- int ret;
+ int ret;
-# ifdef EFL_HAVE_WIN32_THREADS
- if (!_mutex)
- _mutex = CreateMutex(NULL, FALSE, NULL);
+#ifdef EFL_HAVE_WIN32_THREADS
+ if (!_mutex)
+ _mutex = CreateMutex(NULL, FALSE, NULL);
- if (!_mutex)
- return 0;
+ if (!_mutex)
+ return 0;
-# endif
+#endif
- LOCK();
- ++_eina_main_thread_count;
- ret = _eina_main_thread_count;
+ LOCK();
+ ++_eina_main_thread_count;
+ ret = _eina_main_thread_count;
- if(_eina_main_thread_count > 1)
- {
- UNLOCK();
- return ret;
- }
+ if (_eina_main_thread_count > 1) {
+ UNLOCK();
+ return ret;
+ }
- eina_share_common_threads_init();
- eina_log_threads_init();
- _threads_activated = EINA_TRUE;
+ eina_share_common_threads_init();
+ eina_log_threads_init();
+ _threads_activated = EINA_TRUE;
- return ret;
+ return ret;
#else
- return 0;
+ return 0;
#endif
}
@@ -339,36 +333,34 @@ eina_threads_init(void)
* not call any of the Eina function in a thread anymore. You must call
* eina_threads_init() again to use the Eina functions in a thread again.
*/
-EAPI int
-eina_threads_shutdown(void)
+EAPI int eina_threads_shutdown(void)
{
#ifdef EFL_HAVE_THREADS
- int ret;
+ int ret;
- LOCK();
- ret = --_eina_main_thread_count;
- if(_eina_main_thread_count > 0)
- {
- UNLOCK();
- return ret;
- }
+ LOCK();
+ ret = --_eina_main_thread_count;
+ if (_eina_main_thread_count > 0) {
+ UNLOCK();
+ return ret;
+ }
- eina_share_common_threads_shutdown();
- eina_log_threads_shutdown();
+ eina_share_common_threads_shutdown();
+ eina_log_threads_shutdown();
- _threads_activated = EINA_FALSE;
+ _threads_activated = EINA_FALSE;
- UNLOCK_FORCE();
+ UNLOCK_FORCE();
-# ifdef EFL_HAVE_WIN32_THREADS
- if (_mutex)
- CloseHandle(_mutex);
+#ifdef EFL_HAVE_WIN32_THREADS
+ if (_mutex)
+ CloseHandle(_mutex);
-# endif
+#endif
- return ret;
+ return ret;
#else
- return 0;
+ return 0;
#endif
}
diff --git a/tests/suite/ecore/src/lib/eina_matrixsparse.c b/tests/suite/ecore/src/lib/eina_matrixsparse.c
index e19f24aa86..bf88cefe12 100644
--- a/tests/suite/ecore/src/lib/eina_matrixsparse.c
+++ b/tests/suite/ecore/src/lib/eina_matrixsparse.c
@@ -25,7 +25,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -34,7 +34,7 @@
#include <assert.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -58,18 +58,20 @@
*/
static const char EINA_MAGIC_MATRIXSPARSE_STR[] = "Eina Matrixsparse";
-static const char EINA_MAGIC_MATRIXSPARSE_ROW_STR[] = "Eina Matrixsparse Row";
-static const char EINA_MAGIC_MATRIXSPARSE_CELL_STR[] = "Eina Matrixsparse Cell";
+static const char EINA_MAGIC_MATRIXSPARSE_ROW_STR[] =
+ "Eina Matrixsparse Row";
+static const char EINA_MAGIC_MATRIXSPARSE_CELL_STR[] =
+ "Eina Matrixsparse Cell";
static const char EINA_MAGIC_MATRIXSPARSE_ITERATOR_STR[] =
- "Eina Matrixsparse Iterator";
+ "Eina Matrixsparse Iterator";
static const char EINA_MAGIC_MATRIXSPARSE_ROW_ACCESSOR_STR[] =
- "Eina Matrixsparse Row Accessor";
+ "Eina Matrixsparse Row Accessor";
static const char EINA_MAGIC_MATRIXSPARSE_ROW_ITERATOR_STR[] =
- "Eina Matrixsparse Row Iterator";
+ "Eina Matrixsparse Row Iterator";
static const char EINA_MAGIC_MATRIXSPARSE_CELL_ACCESSOR_STR[] =
- "Eina Matrixsparse Cell Accessor";
+ "Eina Matrixsparse Cell Accessor";
static const char EINA_MAGIC_MATRIXSPARSE_CELL_ITERATOR_STR[] =
- "Eina Matrixsparse Cell Iterator";
+ "Eina Matrixsparse Cell Iterator";
#define EINA_MAGIC_CHECK_MATRIXSPARSE(d, ...) \
@@ -108,97 +110,81 @@ static const char EINA_MAGIC_MATRIXSPARSE_CELL_ITERATOR_STR[] =
} \
} while(0)
-struct _Eina_Matrixsparse_Cell
-{
- Eina_Matrixsparse_Cell *next;
- Eina_Matrixsparse_Cell *prev;
+struct _Eina_Matrixsparse_Cell {
+ Eina_Matrixsparse_Cell *next;
+ Eina_Matrixsparse_Cell *prev;
- void *data;
- unsigned long col;
+ void *data;
+ unsigned long col;
- Eina_Matrixsparse_Row *parent;
+ Eina_Matrixsparse_Row *parent;
- EINA_MAGIC
-};
+ EINA_MAGIC};
-struct _Eina_Matrixsparse_Row
-{
- Eina_Matrixsparse_Row *next;
- Eina_Matrixsparse_Row *prev;
+struct _Eina_Matrixsparse_Row {
+ Eina_Matrixsparse_Row *next;
+ Eina_Matrixsparse_Row *prev;
- Eina_Matrixsparse_Cell *cols;
- Eina_Matrixsparse_Cell *last_col;
- Eina_Matrixsparse_Cell *last_used; /* fast sequential access */
- unsigned long row;
+ Eina_Matrixsparse_Cell *cols;
+ Eina_Matrixsparse_Cell *last_col;
+ Eina_Matrixsparse_Cell *last_used; /* fast sequential access */
+ unsigned long row;
- Eina_Matrixsparse *parent;
+ Eina_Matrixsparse *parent;
- EINA_MAGIC
-};
+ EINA_MAGIC};
-struct _Eina_Matrixsparse
-{
- Eina_Matrixsparse_Row *rows;
- Eina_Matrixsparse_Row *last_row;
- Eina_Matrixsparse_Row *last_used; /* fast sequential access */
+struct _Eina_Matrixsparse {
+ Eina_Matrixsparse_Row *rows;
+ Eina_Matrixsparse_Row *last_row;
+ Eina_Matrixsparse_Row *last_used; /* fast sequential access */
- struct
- {
- unsigned long rows;
- unsigned long cols;
- } size;
+ struct {
+ unsigned long rows;
+ unsigned long cols;
+ } size;
- struct
- {
- void (*func)(void *user_data, void *cell_data);
- void *user_data;
- } free;
+ struct {
+ void (*func) (void *user_data, void *cell_data);
+ void *user_data;
+ } free;
- EINA_MAGIC
-};
+ EINA_MAGIC};
typedef struct _Eina_Matrixsparse_Iterator Eina_Matrixsparse_Iterator;
typedef struct _Eina_Matrixsparse_Iterator_Complete
-Eina_Matrixsparse_Iterator_Complete;
+ Eina_Matrixsparse_Iterator_Complete;
-struct _Eina_Matrixsparse_Iterator
-{
- Eina_Iterator iterator;
+struct _Eina_Matrixsparse_Iterator {
+ Eina_Iterator iterator;
- const Eina_Matrixsparse *m;
- struct
- {
- const Eina_Matrixsparse_Row *row;
- const Eina_Matrixsparse_Cell *col;
- } ref;
+ const Eina_Matrixsparse *m;
+ struct {
+ const Eina_Matrixsparse_Row *row;
+ const Eina_Matrixsparse_Cell *col;
+ } ref;
- EINA_MAGIC
-};
+ EINA_MAGIC};
-struct _Eina_Matrixsparse_Iterator_Complete
-{
- Eina_Iterator iterator;
+struct _Eina_Matrixsparse_Iterator_Complete {
+ Eina_Iterator iterator;
- const Eina_Matrixsparse *m;
- struct
- {
- const Eina_Matrixsparse_Row *row;
- const Eina_Matrixsparse_Cell *col;
- } ref;
+ const Eina_Matrixsparse *m;
+ struct {
+ const Eina_Matrixsparse_Row *row;
+ const Eina_Matrixsparse_Cell *col;
+ } ref;
- struct
- {
- unsigned long row, col;
- } idx;
+ struct {
+ unsigned long row, col;
+ } idx;
- struct
- {
- Eina_Matrixsparse_Row row;
- Eina_Matrixsparse_Cell col;
- } dummy;
+ struct {
+ Eina_Matrixsparse_Row row;
+ Eina_Matrixsparse_Cell col;
+ } dummy;
- EINA_MAGIC
-};
+ EINA_MAGIC};
/**
* @todo Eina_Matrixsparse_Row_Iterator: iterator over rows in matrix
@@ -223,600 +209,557 @@ static Eina_Mempool *_eina_matrixsparse_cell_mp = NULL;
static Eina_Mempool *_eina_matrixsparse_row_mp = NULL;
static inline void
-_eina_matrixsparse_cell_free(Eina_Matrixsparse_Cell *c, void (*free_func)(
- void *,
- void *), void *user_data)
+_eina_matrixsparse_cell_free(Eina_Matrixsparse_Cell * c,
+ void (*free_func) (void *, void *),
+ void *user_data)
{
- if (free_func)
- free_func(user_data, c->data);
+ if (free_func)
+ free_func(user_data, c->data);
- EINA_MAGIC_SET(c, EINA_MAGIC_NONE);
- eina_mempool_free(_eina_matrixsparse_cell_mp, c);
+ EINA_MAGIC_SET(c, EINA_MAGIC_NONE);
+ eina_mempool_free(_eina_matrixsparse_cell_mp, c);
}
static inline void
-_eina_matrixsparse_cell_unlink(Eina_Matrixsparse_Cell *c)
+_eina_matrixsparse_cell_unlink(Eina_Matrixsparse_Cell * c)
{
- Eina_Matrixsparse_Row *r = c->parent;
-
- if (r->last_used == c)
- {
- if (c->next)
- r->last_used = c->next;
- else
- r->last_used = c->prev;
- }
-
- if (r->last_col == c)
- r->last_col = c->prev;
-
- if (r->cols == c)
- r->cols = c->next;
-
- if (c->next && c->prev)
- {
- c->next->prev = c->prev;
- c->prev->next = c->next;
- }
- else if (c->next)
- c->next->prev = NULL;
- else if (c->prev)
- c->prev->next = NULL;
+ Eina_Matrixsparse_Row *r = c->parent;
+
+ if (r->last_used == c) {
+ if (c->next)
+ r->last_used = c->next;
+ else
+ r->last_used = c->prev;
+ }
+
+ if (r->last_col == c)
+ r->last_col = c->prev;
+
+ if (r->cols == c)
+ r->cols = c->next;
+
+ if (c->next && c->prev) {
+ c->next->prev = c->prev;
+ c->prev->next = c->next;
+ } else if (c->next)
+ c->next->prev = NULL;
+ else if (c->prev)
+ c->prev->next = NULL;
}
static inline void
-_eina_matrixsparse_row_cells_free(Eina_Matrixsparse_Row *r, void (*free_func)(
- void *,
- void *), void *user_data)
+_eina_matrixsparse_row_cells_free(Eina_Matrixsparse_Row * r,
+ void (*free_func) (void *, void *),
+ void *user_data)
{
- Eina_Matrixsparse_Cell *c = r->cols;
- while (c)
- {
- Eina_Matrixsparse_Cell *c_aux = c;
- c = c->next;
- _eina_matrixsparse_cell_free(c_aux, free_func, user_data);
- }
+ Eina_Matrixsparse_Cell *c = r->cols;
+ while (c) {
+ Eina_Matrixsparse_Cell *c_aux = c;
+ c = c->next;
+ _eina_matrixsparse_cell_free(c_aux, free_func, user_data);
+ }
}
static inline void
-_eina_matrixsparse_row_free(Eina_Matrixsparse_Row *r, void (*free_func)(void *,
- void *),
- void *user_data)
+_eina_matrixsparse_row_free(Eina_Matrixsparse_Row * r,
+ void (*free_func) (void *, void *),
+ void *user_data)
{
- _eina_matrixsparse_row_cells_free(r, free_func, user_data);
- EINA_MAGIC_SET(r, EINA_MAGIC_NONE);
- eina_mempool_free(_eina_matrixsparse_row_mp, r);
+ _eina_matrixsparse_row_cells_free(r, free_func, user_data);
+ EINA_MAGIC_SET(r, EINA_MAGIC_NONE);
+ eina_mempool_free(_eina_matrixsparse_row_mp, r);
}
-static inline void
-_eina_matrixsparse_row_unlink(Eina_Matrixsparse_Row *r)
+static inline void _eina_matrixsparse_row_unlink(Eina_Matrixsparse_Row * r)
{
- Eina_Matrixsparse *m = r->parent;
-
- if (m->last_used == r)
- {
- if (r->next)
- m->last_used = r->next;
- else
- m->last_used = r->prev;
- }
-
- if (m->last_row == r)
- m->last_row = r->prev;
-
- if (m->rows == r)
- m->rows = r->next;
-
- if (r->next && r->prev)
- {
- r->next->prev = r->prev;
- r->prev->next = r->next;
- }
- else if (r->next)
- r->next->prev = NULL;
- else if (r->prev)
- r->prev->next = NULL;
+ Eina_Matrixsparse *m = r->parent;
+
+ if (m->last_used == r) {
+ if (r->next)
+ m->last_used = r->next;
+ else
+ m->last_used = r->prev;
+ }
+
+ if (m->last_row == r)
+ m->last_row = r->prev;
+
+ if (m->rows == r)
+ m->rows = r->next;
+
+ if (r->next && r->prev) {
+ r->next->prev = r->prev;
+ r->prev->next = r->next;
+ } else if (r->next)
+ r->next->prev = NULL;
+ else if (r->prev)
+ r->prev->next = NULL;
}
static inline void
-_eina_matrixsparse_row_find_parms_get(const Eina_Matrixsparse *m,
- unsigned long row,
- Eina_Matrixsparse_Row **p_r,
- int *p_dir)
+_eina_matrixsparse_row_find_parms_get(const Eina_Matrixsparse * m,
+ unsigned long row,
+ Eina_Matrixsparse_Row ** p_r,
+ int *p_dir)
{
- Eina_Matrixsparse_Row *r;
- unsigned long dist;
- int dir;
-
- dist = row - m->rows->row;
- r = m->rows;
- dir = 1;
- if (dist > m->last_row->row - row)
- {
- dist = m->last_row->row - row;
- r = m->last_row;
- dir = -1;
- }
-
- if (m->last_used)
- {
- if (m->last_used->row < row)
- {
- if (dist > row - m->last_used->row)
- {
+ Eina_Matrixsparse_Row *r;
+ unsigned long dist;
+ int dir;
+
+ dist = row - m->rows->row;
+ r = m->rows;
+ dir = 1;
+ if (dist > m->last_row->row - row) {
+ dist = m->last_row->row - row;
+ r = m->last_row;
+ dir = -1;
+ }
+
+ if (m->last_used) {
+ if (m->last_used->row < row) {
+ if (dist > row - m->last_used->row) {
/* dist = row = m->last_used->row; */
- r = m->last_used;
- dir = 1;
- }
- }
- else if (dist > m->last_used->row - row)
- {
+ r = m->last_used;
+ dir = 1;
+ }
+ } else if (dist > m->last_used->row - row) {
/* dist = m->last_used->row - row; */
- r = m->last_used;
- dir = -1;
- }
- }
+ r = m->last_used;
+ dir = -1;
+ }
+ }
- *p_r = r;
- *p_dir = dir;
+ *p_r = r;
+ *p_dir = dir;
}
static inline void
-_eina_matrixsparse_row_cell_find_parms_get(const Eina_Matrixsparse_Row *r,
- unsigned long col,
- Eina_Matrixsparse_Cell **p_c,
- int *p_dir)
+_eina_matrixsparse_row_cell_find_parms_get(const Eina_Matrixsparse_Row * r,
+ unsigned long col,
+ Eina_Matrixsparse_Cell ** p_c,
+ int *p_dir)
{
- Eina_Matrixsparse_Cell *c;
- unsigned long dist;
- int dir;
-
- dist = col - r->cols->col;
- c = r->cols;
- dir = 1;
- if (dist > r->last_col->col - col)
- {
- dist = r->last_col->col - col;
- c = r->last_col;
- dir = -1;
- }
-
- if (r->last_used)
- {
- if (r->last_used->col < col)
- {
- if (dist > col - r->last_used->col)
- {
+ Eina_Matrixsparse_Cell *c;
+ unsigned long dist;
+ int dir;
+
+ dist = col - r->cols->col;
+ c = r->cols;
+ dir = 1;
+ if (dist > r->last_col->col - col) {
+ dist = r->last_col->col - col;
+ c = r->last_col;
+ dir = -1;
+ }
+
+ if (r->last_used) {
+ if (r->last_used->col < col) {
+ if (dist > col - r->last_used->col) {
/* dist = col = r->last_used->col; */
- c = r->last_used;
- dir = 1;
- }
- }
- else if (dist > r->last_used->col - col)
- {
+ c = r->last_used;
+ dir = 1;
+ }
+ } else if (dist > r->last_used->col - col) {
/* dist = r->last_used->col - col; */
- c = r->last_used;
- dir = -1;
- }
- }
+ c = r->last_used;
+ dir = -1;
+ }
+ }
- *p_c = c;
- *p_dir = dir;
+ *p_c = c;
+ *p_dir = dir;
}
-static inline Eina_Matrixsparse_Row *
-_eina_matrixsparse_row_idx_get(const Eina_Matrixsparse *m, unsigned long row)
+static inline Eina_Matrixsparse_Row *_eina_matrixsparse_row_idx_get(const
+ Eina_Matrixsparse
+ * m,
+ unsigned
+ long
+ row)
{
- Eina_Matrixsparse_Row *r;
- int dir;
-
- if (!m->rows)
- return NULL;
-
- if (m->rows->row == row)
- return m->rows;
- else if (m->rows->row > row)
- return NULL;
-
- if (m->last_row->row == row)
- return m->last_row;
- else if (m->last_row->row < row)
- return NULL;
-
- if ((m->last_used) && (m->last_used->row == row))
- return m->last_used;
-
- _eina_matrixsparse_row_find_parms_get(m, row, &r, &dir);
- assert(dir != 0);
- if (dir > 0)
- {
- for (; r; r = r->next)
- if (r->row == row)
- {
- ((Eina_Matrixsparse *)m)->last_used = r;
- return r;
- }
- else if (r->row > row)
- return NULL;
-
- }
- else if (dir < 0)
- {
- for (; r; r = r->prev)
- if (r->row == row)
- {
- ((Eina_Matrixsparse *)m)->last_used = r;
- return r;
- }
- else if (r->row < row)
- return NULL;
- }
-
- return NULL;
+ Eina_Matrixsparse_Row *r;
+ int dir;
+
+ if (!m->rows)
+ return NULL;
+
+ if (m->rows->row == row)
+ return m->rows;
+ else if (m->rows->row > row)
+ return NULL;
+
+ if (m->last_row->row == row)
+ return m->last_row;
+ else if (m->last_row->row < row)
+ return NULL;
+
+ if ((m->last_used) && (m->last_used->row == row))
+ return m->last_used;
+
+ _eina_matrixsparse_row_find_parms_get(m, row, &r, &dir);
+ assert(dir != 0);
+ if (dir > 0) {
+ for (; r; r = r->next)
+ if (r->row == row) {
+ ((Eina_Matrixsparse *) m)->last_used = r;
+ return r;
+ } else if (r->row > row)
+ return NULL;
+
+ } else if (dir < 0) {
+ for (; r; r = r->prev)
+ if (r->row == row) {
+ ((Eina_Matrixsparse *) m)->last_used = r;
+ return r;
+ } else if (r->row < row)
+ return NULL;
+ }
+
+ return NULL;
}
-static inline Eina_Matrixsparse_Cell *
-_eina_matrixsparse_row_cell_idx_get(const Eina_Matrixsparse_Row *r,
- unsigned long col)
+static inline Eina_Matrixsparse_Cell
+ *_eina_matrixsparse_row_cell_idx_get(const Eina_Matrixsparse_Row * r,
+ unsigned long col)
{
- Eina_Matrixsparse_Cell *c;
- int dir;
-
- if (!r->cols)
- return NULL;
-
- if (r->cols->col == col)
- return r->cols;
- else if (r->cols->col > col)
- return NULL;
-
- if (r->last_col->col == col)
- return r->last_col;
- else if (r->last_col->col < col)
- return NULL;
-
- if ((r->last_used) && (r->last_used->col == col))
- return r->last_used;
-
- _eina_matrixsparse_row_cell_find_parms_get(r, col, &c, &dir);
- assert(dir != 0);
- if (dir > 0)
- {
- for (; r; c = c->next)
- if (c->col == col)
- {
- ((Eina_Matrixsparse_Row *)r)->last_used = c;
- return c;
- }
- else if (c->col > col)
- return NULL;
-
- }
- else if (dir < 0)
- {
- for (; r; c = c->prev)
- if (c->col == col)
- {
- ((Eina_Matrixsparse_Row *)r)->last_used = c;
- return c;
- }
- else if (c->col < col)
- return NULL;
- }
-
- return NULL;
+ Eina_Matrixsparse_Cell *c;
+ int dir;
+
+ if (!r->cols)
+ return NULL;
+
+ if (r->cols->col == col)
+ return r->cols;
+ else if (r->cols->col > col)
+ return NULL;
+
+ if (r->last_col->col == col)
+ return r->last_col;
+ else if (r->last_col->col < col)
+ return NULL;
+
+ if ((r->last_used) && (r->last_used->col == col))
+ return r->last_used;
+
+ _eina_matrixsparse_row_cell_find_parms_get(r, col, &c, &dir);
+ assert(dir != 0);
+ if (dir > 0) {
+ for (; r; c = c->next)
+ if (c->col == col) {
+ ((Eina_Matrixsparse_Row *) r)->last_used =
+ c;
+ return c;
+ } else if (c->col > col)
+ return NULL;
+
+ } else if (dir < 0) {
+ for (; r; c = c->prev)
+ if (c->col == col) {
+ ((Eina_Matrixsparse_Row *) r)->last_used =
+ c;
+ return c;
+ } else if (c->col < col)
+ return NULL;
+ }
+
+ return NULL;
}
-static inline Eina_Matrixsparse_Cell *
-_eina_matrixsparse_cell_idx_get(const Eina_Matrixsparse *m,
- unsigned long row,
- unsigned long col)
+static inline Eina_Matrixsparse_Cell *_eina_matrixsparse_cell_idx_get(const
+ Eina_Matrixsparse
+ * m,
+ unsigned
+ long
+ row,
+ unsigned
+ long
+ col)
{
- Eina_Matrixsparse_Row *r = _eina_matrixsparse_row_idx_get(m, row);
- if (!r)
- return NULL;
+ Eina_Matrixsparse_Row *r = _eina_matrixsparse_row_idx_get(m, row);
+ if (!r)
+ return NULL;
- return _eina_matrixsparse_row_cell_idx_get(r, col);
+ return _eina_matrixsparse_row_cell_idx_get(r, col);
}
static inline void
-_eina_matrixsparse_row_idx_siblings_find(const Eina_Matrixsparse *m,
- unsigned long row,
- Eina_Matrixsparse_Row **p_prev,
- Eina_Matrixsparse_Row **p_next)
+_eina_matrixsparse_row_idx_siblings_find(const Eina_Matrixsparse * m,
+ unsigned long row,
+ Eina_Matrixsparse_Row ** p_prev,
+ Eina_Matrixsparse_Row ** p_next)
{
- Eina_Matrixsparse_Row *r;
- int dir;
-
- _eina_matrixsparse_row_find_parms_get(m, row, &r, &dir);
- assert(dir != 0);
- if (dir > 0)
- {
- for (; r; r = r->next)
- if (r->row > row)
- break;
-
- assert(r != NULL);
- *p_prev = r->prev;
- *p_next = r;
- }
- else if (dir < 0)
- {
- for (; r; r = r->prev)
- if (r->row < row)
- break;
-
- assert(r != NULL);
- *p_prev = r;
- *p_next = r->next;
- }
+ Eina_Matrixsparse_Row *r;
+ int dir;
+
+ _eina_matrixsparse_row_find_parms_get(m, row, &r, &dir);
+ assert(dir != 0);
+ if (dir > 0) {
+ for (; r; r = r->next)
+ if (r->row > row)
+ break;
+
+ assert(r != NULL);
+ *p_prev = r->prev;
+ *p_next = r;
+ } else if (dir < 0) {
+ for (; r; r = r->prev)
+ if (r->row < row)
+ break;
+
+ assert(r != NULL);
+ *p_prev = r;
+ *p_next = r->next;
+ }
}
static inline void
-_eina_matrixsparse_row_cell_idx_siblings_find(const Eina_Matrixsparse_Row *r,
- unsigned long col,
- Eina_Matrixsparse_Cell **p_prev,
- Eina_Matrixsparse_Cell **p_next)
+_eina_matrixsparse_row_cell_idx_siblings_find(const Eina_Matrixsparse_Row *
+ r, unsigned long col,
+ Eina_Matrixsparse_Cell **
+ p_prev,
+ Eina_Matrixsparse_Cell **
+ p_next)
{
- Eina_Matrixsparse_Cell *c;
- int dir;
-
- _eina_matrixsparse_row_cell_find_parms_get(r, col, &c, &dir);
- assert(dir != 0);
- if (dir > 0)
- {
- for (; c; c = c->next)
- if (c->col > col)
- break;
-
- assert(c != NULL);
- *p_prev = c->prev;
- *p_next = c;
- }
- else if (dir < 0)
- {
- for (; c; c = c->prev)
- if (c->col < col)
- break;
-
- assert(c != NULL);
- *p_prev = c;
- *p_next = c->next;
- }
+ Eina_Matrixsparse_Cell *c;
+ int dir;
+
+ _eina_matrixsparse_row_cell_find_parms_get(r, col, &c, &dir);
+ assert(dir != 0);
+ if (dir > 0) {
+ for (; c; c = c->next)
+ if (c->col > col)
+ break;
+
+ assert(c != NULL);
+ *p_prev = c->prev;
+ *p_next = c;
+ } else if (dir < 0) {
+ for (; c; c = c->prev)
+ if (c->col < col)
+ break;
+
+ assert(c != NULL);
+ *p_prev = c;
+ *p_next = c->next;
+ }
}
-static inline Eina_Matrixsparse_Row *
-_eina_matrixsparse_row_idx_add(Eina_Matrixsparse *m, unsigned long row)
+static inline Eina_Matrixsparse_Row
+ *_eina_matrixsparse_row_idx_add(Eina_Matrixsparse * m,
+ unsigned long row)
{
- Eina_Matrixsparse_Row *r = eina_mempool_malloc
- (_eina_matrixsparse_row_mp, sizeof(Eina_Matrixsparse_Row));
- if (!r)
- return NULL;
-
- if (!m->rows)
- {
- r->prev = NULL;
- r->next = NULL;
- m->rows = r;
- m->last_row = r;
- }
- else if (row < m->rows->row)
- {
- r->prev = NULL;
- r->next = m->rows;
- m->rows->prev = r;
- m->rows = r;
- }
- else if (row > m->last_row->row)
- {
- r->prev = m->last_row;
- m->last_row->next = r;
- r->next = NULL;
- m->last_row = r;
- }
- else
- {
- Eina_Matrixsparse_Row *prev = NULL, *next = NULL;
- _eina_matrixsparse_row_idx_siblings_find(m, row, &prev, &next);
- assert(prev != NULL);
- assert(next != NULL);
- r->prev = prev;
- r->next = next;
- prev->next = r;
- next->prev = r;
- }
-
- r->cols = NULL;
- r->last_col = NULL;
- r->last_used = NULL;
- r->row = row;
- r->parent = m;
- EINA_MAGIC_SET(r, EINA_MAGIC_MATRIXSPARSE_ROW);
- m->last_used = r;
- return r;
+ Eina_Matrixsparse_Row *r = eina_mempool_malloc
+ (_eina_matrixsparse_row_mp, sizeof(Eina_Matrixsparse_Row));
+ if (!r)
+ return NULL;
+
+ if (!m->rows) {
+ r->prev = NULL;
+ r->next = NULL;
+ m->rows = r;
+ m->last_row = r;
+ } else if (row < m->rows->row) {
+ r->prev = NULL;
+ r->next = m->rows;
+ m->rows->prev = r;
+ m->rows = r;
+ } else if (row > m->last_row->row) {
+ r->prev = m->last_row;
+ m->last_row->next = r;
+ r->next = NULL;
+ m->last_row = r;
+ } else {
+ Eina_Matrixsparse_Row *prev = NULL, *next = NULL;
+ _eina_matrixsparse_row_idx_siblings_find(m, row, &prev,
+ &next);
+ assert(prev != NULL);
+ assert(next != NULL);
+ r->prev = prev;
+ r->next = next;
+ prev->next = r;
+ next->prev = r;
+ }
+
+ r->cols = NULL;
+ r->last_col = NULL;
+ r->last_used = NULL;
+ r->row = row;
+ r->parent = m;
+ EINA_MAGIC_SET(r, EINA_MAGIC_MATRIXSPARSE_ROW);
+ m->last_used = r;
+ return r;
}
-static inline Eina_Matrixsparse_Cell *
-_eina_matrixsparse_row_cell_idx_add(Eina_Matrixsparse_Row *r,
- unsigned long col,
- const void *data)
+static inline Eina_Matrixsparse_Cell
+ *_eina_matrixsparse_row_cell_idx_add(Eina_Matrixsparse_Row * r,
+ unsigned long col,
+ const void *data)
{
- Eina_Matrixsparse_Cell *c = eina_mempool_malloc
- (_eina_matrixsparse_cell_mp, sizeof(Eina_Matrixsparse_Cell));
- if (!c)
- return NULL;
-
- if (!r->cols)
- {
- c->prev = NULL;
- c->next = NULL;
- r->cols = c;
- r->last_col = c;
- }
- else if (col < r->cols->col)
- {
- c->prev = NULL;
- c->next = r->cols;
- r->cols->prev = c;
- r->cols = c;
- }
- else if (col > r->last_col->col)
- {
- c->prev = r->last_col;
- r->last_col->next = c;
- c->next = NULL;
- r->last_col = c;
- }
- else
- {
- Eina_Matrixsparse_Cell *prev = NULL, *next = NULL;
- _eina_matrixsparse_row_cell_idx_siblings_find(r, col, &prev, &next);
- assert(prev != NULL);
- assert(next != NULL);
- c->prev = prev;
- c->next = next;
- prev->next = c;
- next->prev = c;
- }
-
- c->data = (void *)data;
- c->col = col;
- c->parent = r;
- EINA_MAGIC_SET(c, EINA_MAGIC_MATRIXSPARSE_CELL);
- r->last_used = c;
- return c;
+ Eina_Matrixsparse_Cell *c = eina_mempool_malloc
+ (_eina_matrixsparse_cell_mp, sizeof(Eina_Matrixsparse_Cell));
+ if (!c)
+ return NULL;
+
+ if (!r->cols) {
+ c->prev = NULL;
+ c->next = NULL;
+ r->cols = c;
+ r->last_col = c;
+ } else if (col < r->cols->col) {
+ c->prev = NULL;
+ c->next = r->cols;
+ r->cols->prev = c;
+ r->cols = c;
+ } else if (col > r->last_col->col) {
+ c->prev = r->last_col;
+ r->last_col->next = c;
+ c->next = NULL;
+ r->last_col = c;
+ } else {
+ Eina_Matrixsparse_Cell *prev = NULL, *next = NULL;
+ _eina_matrixsparse_row_cell_idx_siblings_find(r, col,
+ &prev,
+ &next);
+ assert(prev != NULL);
+ assert(next != NULL);
+ c->prev = prev;
+ c->next = next;
+ prev->next = c;
+ next->prev = c;
+ }
+
+ c->data = (void *) data;
+ c->col = col;
+ c->parent = r;
+ EINA_MAGIC_SET(c, EINA_MAGIC_MATRIXSPARSE_CELL);
+ r->last_used = c;
+ return c;
}
static inline Eina_Bool
-_eina_matrixsparse_cell_idx_add(Eina_Matrixsparse *m,
- unsigned long row,
- unsigned long col,
- const void *data)
+_eina_matrixsparse_cell_idx_add(Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col, const void *data)
{
- Eina_Matrixsparse_Row *r = _eina_matrixsparse_row_idx_get(m, row);
- if (!r)
- r = _eina_matrixsparse_row_idx_add(m, row);
+ Eina_Matrixsparse_Row *r = _eina_matrixsparse_row_idx_get(m, row);
+ if (!r)
+ r = _eina_matrixsparse_row_idx_add(m, row);
- if (!r)
- return 0;
+ if (!r)
+ return 0;
- if (_eina_matrixsparse_row_cell_idx_add(r, col, data))
- return 1;
+ if (_eina_matrixsparse_row_cell_idx_add(r, col, data))
+ return 1;
- if (r->cols)
- return 0;
+ if (r->cols)
+ return 0;
- _eina_matrixsparse_row_unlink(r);
- _eina_matrixsparse_row_free(r, m->free.func, m->free.user_data);
- return 0;
+ _eina_matrixsparse_row_unlink(r);
+ _eina_matrixsparse_row_free(r, m->free.func, m->free.user_data);
+ return 0;
}
/*============================================================================*
* Iterators *
*============================================================================*/
static Eina_Bool
-_eina_matrixsparse_iterator_next(Eina_Matrixsparse_Iterator *it, void **data)
+_eina_matrixsparse_iterator_next(Eina_Matrixsparse_Iterator * it,
+ void **data)
{
- EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it, EINA_FALSE);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it, EINA_FALSE);
- /* do not touch it->idx */
+ /* do not touch it->idx */
- if (!it->ref.col)
- return 0;
+ if (!it->ref.col)
+ return 0;
- *data = (Eina_Matrixsparse_Cell *)it->ref.col;
+ *data = (Eina_Matrixsparse_Cell *) it->ref.col;
- it->ref.col = it->ref.col->next;
- if (!it->ref.col)
- {
- it->ref.row = it->ref.row->next;
- if (it->ref.row)
- it->ref.col = it->ref.row->cols;
- }
+ it->ref.col = it->ref.col->next;
+ if (!it->ref.col) {
+ it->ref.row = it->ref.row->next;
+ if (it->ref.row)
+ it->ref.col = it->ref.row->cols;
+ }
- return 1;
+ return 1;
}
-static Eina_Matrixsparse *
-_eina_matrixsparse_iterator_get_container(Eina_Matrixsparse_Iterator *it)
+static Eina_Matrixsparse
+ *_eina_matrixsparse_iterator_get_container(Eina_Matrixsparse_Iterator *
+ it)
{
- EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it, NULL);
- return (Eina_Matrixsparse *)it->m;
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it, NULL);
+ return (Eina_Matrixsparse *) it->m;
}
static void
-_eina_matrixsparse_iterator_free(Eina_Matrixsparse_Iterator *it)
+_eina_matrixsparse_iterator_free(Eina_Matrixsparse_Iterator * it)
{
- EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it);
- EINA_MAGIC_SET(it, EINA_MAGIC_NONE);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_NONE);
- free(it);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it);
+ EINA_MAGIC_SET(it, EINA_MAGIC_NONE);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_NONE);
+ free(it);
}
static Eina_Bool
-_eina_matrixsparse_iterator_complete_next(
- Eina_Matrixsparse_Iterator_Complete *it,
- void **data)
+_eina_matrixsparse_iterator_complete_next
+(Eina_Matrixsparse_Iterator_Complete * it, void **data)
{
- EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it, EINA_FALSE);
-
- if (it->idx.row >= it->m->size.rows)
- return 0;
-
- if (it->dummy.col.data)
- ERR("Last iterator call changed dummy cell!");
-
- if ((it->ref.col) &&
- (it->ref.col->col == it->idx.col) &&
- (it->ref.row->row == it->idx.row))
- {
- *data = (Eina_Matrixsparse_Cell *)it->ref.col;
- it->ref.col = it->ref.col->next;
- if (!it->ref.col)
- {
- it->ref.row = it->ref.row->next;
- if (it->ref.row)
- it->ref.col = it->ref.row->cols;
- }
- }
- else
- {
- it->dummy.col.data = NULL;
- it->dummy.col.col = it->idx.col;
- it->dummy.row.row = it->idx.row;
- *data = &it->dummy.col;
- }
-
- it->idx.col++;
- if (it->idx.col == it->m->size.cols)
- {
- it->idx.col = 0;
- it->idx.row++;
- }
-
- return 1;
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it, EINA_FALSE);
+
+ if (it->idx.row >= it->m->size.rows)
+ return 0;
+
+ if (it->dummy.col.data)
+ ERR("Last iterator call changed dummy cell!");
+
+ if ((it->ref.col) &&
+ (it->ref.col->col == it->idx.col) &&
+ (it->ref.row->row == it->idx.row)) {
+ *data = (Eina_Matrixsparse_Cell *) it->ref.col;
+ it->ref.col = it->ref.col->next;
+ if (!it->ref.col) {
+ it->ref.row = it->ref.row->next;
+ if (it->ref.row)
+ it->ref.col = it->ref.row->cols;
+ }
+ } else {
+ it->dummy.col.data = NULL;
+ it->dummy.col.col = it->idx.col;
+ it->dummy.row.row = it->idx.row;
+ *data = &it->dummy.col;
+ }
+
+ it->idx.col++;
+ if (it->idx.col == it->m->size.cols) {
+ it->idx.col = 0;
+ it->idx.row++;
+ }
+
+ return 1;
}
-static Eina_Matrixsparse *
-_eina_matrixsparse_iterator_complete_get_container(
- Eina_Matrixsparse_Iterator_Complete *it)
+static Eina_Matrixsparse
+ *_eina_matrixsparse_iterator_complete_get_container
+ (Eina_Matrixsparse_Iterator_Complete * it)
{
- EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it, NULL);
- return (Eina_Matrixsparse *)it->m;
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it, NULL);
+ return (Eina_Matrixsparse *) it->m;
}
static void
-_eina_matrixsparse_iterator_complete_free(
- Eina_Matrixsparse_Iterator_Complete *it)
+_eina_matrixsparse_iterator_complete_free
+(Eina_Matrixsparse_Iterator_Complete * it)
{
- EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ITERATOR(it);
- if (it->dummy.col.data)
- ERR("Last iterator call changed dummy cell!");
+ if (it->dummy.col.data)
+ ERR("Last iterator call changed dummy cell!");
- EINA_MAGIC_SET(it, EINA_MAGIC_NONE);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_NONE);
- free(it);
+ EINA_MAGIC_SET(it, EINA_MAGIC_NONE);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_NONE);
+ free(it);
}
@@ -843,67 +786,60 @@ _eina_matrixsparse_iterator_complete_free(
*
* @see eina_init()
*/
-Eina_Bool
-eina_matrixsparse_init(void)
+Eina_Bool eina_matrixsparse_init(void)
{
- const char *choice, *tmp;
-
- _eina_matrixsparse_log_dom = eina_log_domain_register("eina_matrixsparse",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_matrixsparse_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_matrixsparse");
- return EINA_FALSE;
- }
-
+ const char *choice, *tmp;
+
+ _eina_matrixsparse_log_dom =
+ eina_log_domain_register("eina_matrixsparse",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_matrixsparse_log_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_matrixsparse");
+ return EINA_FALSE;
+ }
#ifdef EINA_DEFAULT_MEMPOOL
- choice = "pass_through";
+ choice = "pass_through";
#else
- choice = "chained_mempool";
+ choice = "chained_mempool";
#endif
- tmp = getenv("EINA_MEMPOOL");
- if (tmp && tmp[0])
- choice = tmp;
-
- _eina_matrixsparse_cell_mp = eina_mempool_add
- (choice,
- "matrixsparse_cell",
- NULL,
- sizeof (Eina_Matrixsparse_Cell),
- 120);
- if (!_eina_matrixsparse_cell_mp)
- {
- ERR(
- "Mempool for matrixsparse_cell cannot be allocated in matrixsparse init.");
- goto on_init_fail;
- }
-
- _eina_matrixsparse_row_mp = eina_mempool_add
- (choice, "matrixsparse_row", NULL, sizeof (Eina_Matrixsparse_Row), 120);
- if (!_eina_matrixsparse_row_mp)
- {
- ERR(
- "Mempool for matrixsparse_row cannot be allocated in matrixsparse init.");
- goto on_init_fail;
- }
-
+ tmp = getenv("EINA_MEMPOOL");
+ if (tmp && tmp[0])
+ choice = tmp;
+
+ _eina_matrixsparse_cell_mp = eina_mempool_add
+ (choice,
+ "matrixsparse_cell",
+ NULL, sizeof(Eina_Matrixsparse_Cell), 120);
+ if (!_eina_matrixsparse_cell_mp) {
+ ERR("Mempool for matrixsparse_cell cannot be allocated in matrixsparse init.");
+ goto on_init_fail;
+ }
+
+ _eina_matrixsparse_row_mp = eina_mempool_add
+ (choice, "matrixsparse_row", NULL,
+ sizeof(Eina_Matrixsparse_Row), 120);
+ if (!_eina_matrixsparse_row_mp) {
+ ERR("Mempool for matrixsparse_row cannot be allocated in matrixsparse init.");
+ goto on_init_fail;
+ }
#define EMS(n) eina_magic_string_static_set(n, n ## _STR)
- EMS(EINA_MAGIC_MATRIXSPARSE);
- EMS(EINA_MAGIC_MATRIXSPARSE_ROW);
- EMS(EINA_MAGIC_MATRIXSPARSE_CELL);
- EMS(EINA_MAGIC_MATRIXSPARSE_ITERATOR);
- EMS(EINA_MAGIC_MATRIXSPARSE_ROW_ACCESSOR);
- EMS(EINA_MAGIC_MATRIXSPARSE_ROW_ITERATOR);
- EMS(EINA_MAGIC_MATRIXSPARSE_CELL_ACCESSOR);
- EMS(EINA_MAGIC_MATRIXSPARSE_CELL_ITERATOR);
+ EMS(EINA_MAGIC_MATRIXSPARSE);
+ EMS(EINA_MAGIC_MATRIXSPARSE_ROW);
+ EMS(EINA_MAGIC_MATRIXSPARSE_CELL);
+ EMS(EINA_MAGIC_MATRIXSPARSE_ITERATOR);
+ EMS(EINA_MAGIC_MATRIXSPARSE_ROW_ACCESSOR);
+ EMS(EINA_MAGIC_MATRIXSPARSE_ROW_ITERATOR);
+ EMS(EINA_MAGIC_MATRIXSPARSE_CELL_ACCESSOR);
+ EMS(EINA_MAGIC_MATRIXSPARSE_CELL_ITERATOR);
#undef EMS
- return EINA_TRUE;
+ return EINA_TRUE;
-on_init_fail:
- eina_log_domain_unregister(_eina_matrixsparse_log_dom);
- _eina_matrixsparse_log_dom = -1;
- return EINA_FALSE;
+ on_init_fail:
+ eina_log_domain_unregister(_eina_matrixsparse_log_dom);
+ _eina_matrixsparse_log_dom = -1;
+ return EINA_FALSE;
}
/**
@@ -917,15 +853,14 @@ on_init_fail:
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_matrixsparse_shutdown(void)
+Eina_Bool eina_matrixsparse_shutdown(void)
{
- eina_mempool_del(_eina_matrixsparse_row_mp);
- eina_mempool_del(_eina_matrixsparse_cell_mp);
+ eina_mempool_del(_eina_matrixsparse_row_mp);
+ eina_mempool_del(_eina_matrixsparse_cell_mp);
- eina_log_domain_unregister(_eina_matrixsparse_log_dom);
- _eina_matrixsparse_log_dom = -1;
- return EINA_TRUE;
+ eina_log_domain_unregister(_eina_matrixsparse_log_dom);
+ _eina_matrixsparse_log_dom = -1;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -959,36 +894,38 @@ eina_matrixsparse_shutdown(void)
* @return newly allocated matrix or NULL if allocation failed and eina_error
* is set.
*/
-EAPI Eina_Matrixsparse *
-eina_matrixsparse_new(unsigned long rows, unsigned long cols, void (*free_func)(
- void *user_data,
- void *cell_data), const void *user_data)
+EAPI Eina_Matrixsparse *eina_matrixsparse_new(unsigned long rows,
+ unsigned long cols,
+ void (*free_func) (void
+ *user_data,
+ void
+ *cell_data),
+ const void *user_data)
{
- Eina_Matrixsparse *m;
-
- EINA_SAFETY_ON_FALSE_RETURN_VAL(rows > 0, NULL);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(cols > 0, NULL);
-
- m = malloc(sizeof(Eina_Matrixsparse));
- if (!m)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
-
- EINA_MAGIC_SET(m, EINA_MAGIC_MATRIXSPARSE);
-
- m->rows = NULL;
- m->last_row = NULL;
- m->last_used = NULL;
-
- m->size.rows = rows;
- m->size.cols = cols;
- m->free.func = free_func;
- m->free.user_data = (void *)user_data;
-
- eina_error_set(0);
- return m;
+ Eina_Matrixsparse *m;
+
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(rows > 0, NULL);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(cols > 0, NULL);
+
+ m = malloc(sizeof(Eina_Matrixsparse));
+ if (!m) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+
+ EINA_MAGIC_SET(m, EINA_MAGIC_MATRIXSPARSE);
+
+ m->rows = NULL;
+ m->last_row = NULL;
+ m->last_used = NULL;
+
+ m->size.rows = rows;
+ m->size.cols = cols;
+ m->free.func = free_func;
+ m->free.user_data = (void *) user_data;
+
+ eina_error_set(0);
+ return m;
}
/**
@@ -996,28 +933,26 @@ eina_matrixsparse_new(unsigned long rows, unsigned long cols, void (*free_func)(
*
* @param m The Sparse Matrix instance to free, must @b not be @c NULL.
*/
-EAPI void
-eina_matrixsparse_free(Eina_Matrixsparse *m)
+EAPI void eina_matrixsparse_free(Eina_Matrixsparse * m)
{
- void (*free_func)(void *, void *);
- void *user_data;
+ void (*free_func) (void *, void *);
+ void *user_data;
- Eina_Matrixsparse_Row *r;
- EINA_MAGIC_CHECK_MATRIXSPARSE(m);
+ Eina_Matrixsparse_Row *r;
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m);
- free_func = m->free.func;
- user_data = m->free.user_data;
+ free_func = m->free.func;
+ user_data = m->free.user_data;
- r = m->rows;
- while (r)
- {
- Eina_Matrixsparse_Row *r_aux = r;
- r = r->next;
- _eina_matrixsparse_row_free(r_aux, free_func, user_data);
- }
+ r = m->rows;
+ while (r) {
+ Eina_Matrixsparse_Row *r_aux = r;
+ r = r->next;
+ _eina_matrixsparse_row_free(r_aux, free_func, user_data);
+ }
- EINA_MAGIC_SET(m, EINA_MAGIC_NONE);
- free(m);
+ EINA_MAGIC_SET(m, EINA_MAGIC_NONE);
+ free(m);
}
/**
@@ -1033,22 +968,21 @@ eina_matrixsparse_free(Eina_Matrixsparse *m)
* invalid, returned value is zero, otherwise it's a positive integer.
*/
EAPI void
-eina_matrixsparse_size_get(const Eina_Matrixsparse *m,
- unsigned long *rows,
- unsigned long *cols)
+eina_matrixsparse_size_get(const Eina_Matrixsparse * m,
+ unsigned long *rows, unsigned long *cols)
{
- if (rows)
- *rows = 0;
+ if (rows)
+ *rows = 0;
- if (cols)
- *cols = 0;
+ if (cols)
+ *cols = 0;
- EINA_MAGIC_CHECK_MATRIXSPARSE(m);
- if (rows)
- *rows = m->size.rows;
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m);
+ if (rows)
+ *rows = m->size.rows;
- if (cols)
- *cols = m->size.cols;
+ if (cols)
+ *cols = m->size.cols;
}
/**
@@ -1067,107 +1001,100 @@ eina_matrixsparse_size_get(const Eina_Matrixsparse *m,
* freed.
*/
EAPI Eina_Bool
-eina_matrixsparse_size_set(Eina_Matrixsparse *m,
- unsigned long rows,
- unsigned long cols)
+eina_matrixsparse_size_set(Eina_Matrixsparse * m,
+ unsigned long rows, unsigned long cols)
{
- Eina_Bool update_last_used_row;
- Eina_Matrixsparse_Row *r;
- void (*free_func)(void *, void *);
- void *user_data;
-
- EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(rows > 0, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(cols > 0, 0);
-
- if ((rows == m->size.rows) && (cols == m->size.cols))
- return 1;
-
- update_last_used_row = ((m->last_used) && (m->last_used->row >= rows));
- free_func = m->free.func;
- user_data = m->free.user_data;
-
- r = m->last_row;
- while (r && r->row >= rows)
- {
- Eina_Matrixsparse_Row *r_aux = r;
- r = r->prev;
- _eina_matrixsparse_row_free(r_aux, free_func, user_data);
- }
- if (!r)
- {
- m->last_row = NULL;
- m->rows = NULL;
- }
- else if (r != m->last_row)
- {
- r->next = NULL;
- m->last_row = r;
- }
-
- if (update_last_used_row)
- m->last_used = m->last_row;
-
- r = m->rows;
- while (r)
- {
- Eina_Matrixsparse_Cell *c = r->last_col;
- Eina_Bool update_last_used_col;
- update_last_used_col = ((r->last_used) && (r->last_used->col >= cols));
- while (c && c->col >= cols)
- {
- Eina_Matrixsparse_Cell *c_aux = c;
- c = c->prev;
- _eina_matrixsparse_cell_free(c_aux, free_func, user_data);
- }
- if (!c)
- {
- Eina_Matrixsparse_Row *r_aux = r;
- r->cols = NULL;
- r->last_col = NULL;
- if (r->next)
- r->next->prev = r->prev;
- else
- m->last_row = r->prev;
-
- if (r->prev)
- r->prev->next = r->next;
- else
- m->rows = r->next;
-
- r = r->next;
- _eina_matrixsparse_row_free(r_aux, free_func, user_data);
- }
- else
- {
- if (c != r->last_col)
- {
- c->next = NULL;
- r->last_col = c;
- }
-
- if (update_last_used_col)
- r->last_used = r->last_col;
-
- r = r->next;
- }
- }
-
- update_last_used_row = 0;
- if (m->last_used)
- {
- if (m->last_row)
- update_last_used_row = m->last_used->row > m->last_row->row;
- else
- update_last_used_row = 1;
- }
-
- if (update_last_used_row)
- m->last_used = m->last_row;
-
- m->size.rows = rows;
- m->size.cols = cols;
- return 1;
+ Eina_Bool update_last_used_row;
+ Eina_Matrixsparse_Row *r;
+ void (*free_func) (void *, void *);
+ void *user_data;
+
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(rows > 0, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(cols > 0, 0);
+
+ if ((rows == m->size.rows) && (cols == m->size.cols))
+ return 1;
+
+ update_last_used_row = ((m->last_used)
+ && (m->last_used->row >= rows));
+ free_func = m->free.func;
+ user_data = m->free.user_data;
+
+ r = m->last_row;
+ while (r && r->row >= rows) {
+ Eina_Matrixsparse_Row *r_aux = r;
+ r = r->prev;
+ _eina_matrixsparse_row_free(r_aux, free_func, user_data);
+ }
+ if (!r) {
+ m->last_row = NULL;
+ m->rows = NULL;
+ } else if (r != m->last_row) {
+ r->next = NULL;
+ m->last_row = r;
+ }
+
+ if (update_last_used_row)
+ m->last_used = m->last_row;
+
+ r = m->rows;
+ while (r) {
+ Eina_Matrixsparse_Cell *c = r->last_col;
+ Eina_Bool update_last_used_col;
+ update_last_used_col = ((r->last_used)
+ && (r->last_used->col >= cols));
+ while (c && c->col >= cols) {
+ Eina_Matrixsparse_Cell *c_aux = c;
+ c = c->prev;
+ _eina_matrixsparse_cell_free(c_aux, free_func,
+ user_data);
+ }
+ if (!c) {
+ Eina_Matrixsparse_Row *r_aux = r;
+ r->cols = NULL;
+ r->last_col = NULL;
+ if (r->next)
+ r->next->prev = r->prev;
+ else
+ m->last_row = r->prev;
+
+ if (r->prev)
+ r->prev->next = r->next;
+ else
+ m->rows = r->next;
+
+ r = r->next;
+ _eina_matrixsparse_row_free(r_aux, free_func,
+ user_data);
+ } else {
+ if (c != r->last_col) {
+ c->next = NULL;
+ r->last_col = c;
+ }
+
+ if (update_last_used_col)
+ r->last_used = r->last_col;
+
+ r = r->next;
+ }
+ }
+
+ update_last_used_row = 0;
+ if (m->last_used) {
+ if (m->last_row)
+ update_last_used_row =
+ m->last_used->row > m->last_row->row;
+ else
+ update_last_used_row = 1;
+ }
+
+ if (update_last_used_row)
+ m->last_used = m->last_row;
+
+ m->size.rows = rows;
+ m->size.cols = cols;
+ return 1;
}
/**
@@ -1185,18 +1112,18 @@ eina_matrixsparse_size_set(Eina_Matrixsparse *m,
* @see eina_matrixsparse_data_idx_get()
*/
EAPI Eina_Bool
-eina_matrixsparse_cell_idx_get(const Eina_Matrixsparse *m,
- unsigned long row,
- unsigned long col,
- Eina_Matrixsparse_Cell **cell)
+eina_matrixsparse_cell_idx_get(const Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col,
+ Eina_Matrixsparse_Cell ** cell)
{
- EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
- EINA_SAFETY_ON_NULL_RETURN_VAL(cell, 0);
- *cell = NULL;
- EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
- *cell = _eina_matrixsparse_cell_idx_get(m, row, col);
- return 1;
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(cell, 0);
+ *cell = NULL;
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
+ *cell = _eina_matrixsparse_cell_idx_get(m, row, col);
+ return 1;
}
/**
@@ -1209,11 +1136,11 @@ eina_matrixsparse_cell_idx_get(const Eina_Matrixsparse *m,
* @see eina_matrixsparse_cell_idx_get()
* @see eina_matrixsparse_data_idx_get()
*/
-EAPI void *
-eina_matrixsparse_cell_data_get(const Eina_Matrixsparse_Cell *cell)
+EAPI void *eina_matrixsparse_cell_data_get(const Eina_Matrixsparse_Cell *
+ cell)
{
- EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, NULL);
- return cell->data;
+ EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, NULL);
+ return cell->data;
}
/**
@@ -1228,18 +1155,17 @@ eina_matrixsparse_cell_data_get(const Eina_Matrixsparse_Cell *cell)
* @see eina_matrixsparse_cell_idx_get()
* @see eina_matrixsparse_cell_data_get()
*/
-EAPI void *
-eina_matrixsparse_data_idx_get(const Eina_Matrixsparse *m,
- unsigned long row,
- unsigned long col)
+EAPI void *eina_matrixsparse_data_idx_get(const Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col)
{
- Eina_Matrixsparse_Cell *c;
- EINA_MAGIC_CHECK_MATRIXSPARSE(m, NULL);
- c = _eina_matrixsparse_cell_idx_get(m, row, col);
- if (c)
- return c->data;
- else
- return NULL;
+ Eina_Matrixsparse_Cell *c;
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m, NULL);
+ c = _eina_matrixsparse_cell_idx_get(m, row, col);
+ if (c)
+ return c->data;
+ else
+ return NULL;
}
/**
@@ -1252,25 +1178,24 @@ eina_matrixsparse_data_idx_get(const Eina_Matrixsparse *m,
* @return 1 on success, 0 otherwise (@c cell is @c NULL).
*/
EAPI Eina_Bool
-eina_matrixsparse_cell_position_get(const Eina_Matrixsparse_Cell *cell,
- unsigned long *row,
- unsigned long *col)
+eina_matrixsparse_cell_position_get(const Eina_Matrixsparse_Cell * cell,
+ unsigned long *row, unsigned long *col)
{
- if (row)
- *row = 0;
+ if (row)
+ *row = 0;
- if (col)
- *col = 0;
+ if (col)
+ *col = 0;
- EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, 0);
- EINA_MAGIC_CHECK_MATRIXSPARSE_ROW(cell->parent, 0);
- if (row)
- *row = cell->parent->row;
+ EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ROW(cell->parent, 0);
+ if (row)
+ *row = cell->parent->row;
- if (col)
- *col = cell->col;
+ if (col)
+ *col = cell->col;
- return 1;
+ return 1;
}
/**
@@ -1286,20 +1211,19 @@ eina_matrixsparse_cell_position_get(const Eina_Matrixsparse_Cell *cell,
* @see eina_matrixsparse_data_idx_replace()
*/
EAPI Eina_Bool
-eina_matrixsparse_cell_data_replace(Eina_Matrixsparse_Cell *cell,
- const void *data,
- void **p_old)
+eina_matrixsparse_cell_data_replace(Eina_Matrixsparse_Cell * cell,
+ const void *data, void **p_old)
{
- if (p_old)
- *p_old = NULL;
+ if (p_old)
+ *p_old = NULL;
- EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, 0);
- if (p_old)
- *p_old = cell->data;
+ if (p_old)
+ *p_old = cell->data;
- cell->data = (void *)data;
- return 1;
+ cell->data = (void *) data;
+ return 1;
}
/**
@@ -1317,21 +1241,22 @@ eina_matrixsparse_cell_data_replace(Eina_Matrixsparse_Cell *cell,
* @see eina_matrixsparse_data_idx_set()
*/
EAPI Eina_Bool
-eina_matrixsparse_cell_data_set(Eina_Matrixsparse_Cell *cell, const void *data)
+eina_matrixsparse_cell_data_set(Eina_Matrixsparse_Cell * cell,
+ const void *data)
{
- Eina_Matrixsparse *m;
+ Eina_Matrixsparse *m;
- EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, 0);
- EINA_MAGIC_CHECK_MATRIXSPARSE_ROW(cell->parent, 0);
- EINA_MAGIC_CHECK_MATRIXSPARSE(cell->parent->parent, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ROW(cell->parent, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE(cell->parent->parent, 0);
- m = cell->parent->parent;
+ m = cell->parent->parent;
- if (m->free.func)
- m->free.func(m->free.user_data, cell->data);
+ if (m->free.func)
+ m->free.func(m->free.user_data, cell->data);
- cell->data = (void *)data;
- return 1;
+ cell->data = (void *) data;
+ return 1;
}
/**
@@ -1350,32 +1275,30 @@ eina_matrixsparse_cell_data_set(Eina_Matrixsparse_Cell *cell, const void *data)
* @see eina_matrixsparse_data_idx_set()
*/
EAPI Eina_Bool
-eina_matrixsparse_data_idx_replace(Eina_Matrixsparse *m,
- unsigned long row,
- unsigned long col,
- const void *data,
- void **p_old)
+eina_matrixsparse_data_idx_replace(Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col,
+ const void *data, void **p_old)
{
- Eina_Matrixsparse_Cell *cell;
+ Eina_Matrixsparse_Cell *cell;
- if (p_old)
- *p_old = NULL;
+ if (p_old)
+ *p_old = NULL;
- EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
- cell = _eina_matrixsparse_cell_idx_get(m, row, col);
- if (cell)
- {
- if (p_old)
- *p_old = cell->data;
+ cell = _eina_matrixsparse_cell_idx_get(m, row, col);
+ if (cell) {
+ if (p_old)
+ *p_old = cell->data;
- cell->data = (void *)data;
- return 1;
- }
+ cell->data = (void *) data;
+ return 1;
+ }
- return _eina_matrixsparse_cell_idx_add(m, row, col, data);
+ return _eina_matrixsparse_cell_idx_add(m, row, col, data);
}
/**
@@ -1395,28 +1318,26 @@ eina_matrixsparse_data_idx_replace(Eina_Matrixsparse *m,
* @see eina_matrixsparse_cell_data_replace()
*/
EAPI Eina_Bool
-eina_matrixsparse_data_idx_set(Eina_Matrixsparse *m,
- unsigned long row,
- unsigned long col,
- const void *data)
+eina_matrixsparse_data_idx_set(Eina_Matrixsparse * m,
+ unsigned long row,
+ unsigned long col, const void *data)
{
- Eina_Matrixsparse_Cell *cell;
+ Eina_Matrixsparse_Cell *cell;
- EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
- cell = _eina_matrixsparse_cell_idx_get(m, row, col);
- if (cell)
- {
- if (m->free.func)
- m->free.func(m->free.user_data, cell->data);
+ cell = _eina_matrixsparse_cell_idx_get(m, row, col);
+ if (cell) {
+ if (m->free.func)
+ m->free.func(m->free.user_data, cell->data);
- cell->data = (void *)data;
- return 1;
- }
+ cell->data = (void *) data;
+ return 1;
+ }
- return _eina_matrixsparse_cell_idx_add(m, row, col, data);
+ return _eina_matrixsparse_cell_idx_add(m, row, col, data);
}
/**
@@ -1437,21 +1358,21 @@ eina_matrixsparse_data_idx_set(Eina_Matrixsparse *m,
* freed.
*/
EAPI Eina_Bool
-eina_matrixsparse_row_idx_clear(Eina_Matrixsparse *m, unsigned long row)
+eina_matrixsparse_row_idx_clear(Eina_Matrixsparse * m, unsigned long row)
{
- Eina_Matrixsparse_Row *r;
+ Eina_Matrixsparse_Row *r;
- EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
- r = _eina_matrixsparse_row_idx_get(m, row);
- if (!r)
- return 1;
+ r = _eina_matrixsparse_row_idx_get(m, row);
+ if (!r)
+ return 1;
- _eina_matrixsparse_row_unlink(r);
- _eina_matrixsparse_row_free(r, m->free.func, m->free.user_data);
+ _eina_matrixsparse_row_unlink(r);
+ _eina_matrixsparse_row_free(r, m->free.func, m->free.user_data);
- return 1;
+ return 1;
}
/**
@@ -1472,42 +1393,41 @@ eina_matrixsparse_row_idx_clear(Eina_Matrixsparse *m, unsigned long row)
* freed.
*/
EAPI Eina_Bool
-eina_matrixsparse_column_idx_clear(Eina_Matrixsparse *m, unsigned long col)
+eina_matrixsparse_column_idx_clear(Eina_Matrixsparse * m,
+ unsigned long col)
{
- Eina_Matrixsparse_Row *r;
- void (*free_func)(void *, void *);
- void *user_data;
-
- EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
-
- free_func = m->free.func;
- user_data = m->free.user_data;
-
- for (r = m->rows; r; )
- {
- Eina_Matrixsparse_Row *r_aux = r;
- Eina_Matrixsparse_Cell *c;
-
- c = _eina_matrixsparse_row_cell_idx_get(r, col);
- r = r->next;
-
- if (!c)
- continue;
-
- if ((r_aux->cols != c) || (r_aux->last_col != c))
- {
- _eina_matrixsparse_cell_unlink(c);
- _eina_matrixsparse_cell_free(c, free_func, user_data);
- }
- else
- {
- _eina_matrixsparse_row_unlink(r_aux);
- _eina_matrixsparse_row_free(r_aux, free_func, user_data);
- }
- }
-
- return 1;
+ Eina_Matrixsparse_Row *r;
+ void (*free_func) (void *, void *);
+ void *user_data;
+
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
+
+ free_func = m->free.func;
+ user_data = m->free.user_data;
+
+ for (r = m->rows; r;) {
+ Eina_Matrixsparse_Row *r_aux = r;
+ Eina_Matrixsparse_Cell *c;
+
+ c = _eina_matrixsparse_row_cell_idx_get(r, col);
+ r = r->next;
+
+ if (!c)
+ continue;
+
+ if ((r_aux->cols != c) || (r_aux->last_col != c)) {
+ _eina_matrixsparse_cell_unlink(c);
+ _eina_matrixsparse_cell_free(c, free_func,
+ user_data);
+ } else {
+ _eina_matrixsparse_row_unlink(r_aux);
+ _eina_matrixsparse_row_free(r_aux, free_func,
+ user_data);
+ }
+ }
+
+ return 1;
}
/**
@@ -1529,24 +1449,23 @@ eina_matrixsparse_column_idx_clear(Eina_Matrixsparse *m, unsigned long col)
* row if this cell was the last remainder.
*/
EAPI Eina_Bool
-eina_matrixsparse_cell_idx_clear(Eina_Matrixsparse *m,
- unsigned long row,
- unsigned long col)
+eina_matrixsparse_cell_idx_clear(Eina_Matrixsparse * m,
+ unsigned long row, unsigned long col)
{
- Eina_Matrixsparse_Cell *c;
+ Eina_Matrixsparse_Cell *c;
- EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE(m, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(row < m->size.rows, 0);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(col < m->size.cols, 0);
- c = _eina_matrixsparse_cell_idx_get(m, row, col);
- if (!c)
- return 1;
+ c = _eina_matrixsparse_cell_idx_get(m, row, col);
+ if (!c)
+ return 1;
- _eina_matrixsparse_cell_unlink(c);
- _eina_matrixsparse_cell_free(c, m->free.func, m->free.user_data);
+ _eina_matrixsparse_cell_unlink(c);
+ _eina_matrixsparse_cell_free(c, m->free.func, m->free.user_data);
- return 1;
+ return 1;
}
/**
@@ -1561,20 +1480,20 @@ eina_matrixsparse_cell_idx_clear(Eina_Matrixsparse *m,
* freed. Note that this call might delete container column and
* row if this cell was the last remainder.
*/
-EAPI Eina_Bool
-eina_matrixsparse_cell_clear(Eina_Matrixsparse_Cell *cell)
+EAPI Eina_Bool eina_matrixsparse_cell_clear(Eina_Matrixsparse_Cell * cell)
{
- Eina_Matrixsparse *m;
+ Eina_Matrixsparse *m;
- EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, 0);
- EINA_MAGIC_CHECK_MATRIXSPARSE_ROW(cell->parent, 0);
- EINA_MAGIC_CHECK_MATRIXSPARSE(cell->parent->parent, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_CELL(cell, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE_ROW(cell->parent, 0);
+ EINA_MAGIC_CHECK_MATRIXSPARSE(cell->parent->parent, 0);
- m = cell->parent->parent;
+ m = cell->parent->parent;
- _eina_matrixsparse_cell_unlink(cell);
- _eina_matrixsparse_cell_free(cell, m->free.func, m->free.user_data);
- return 1;
+ _eina_matrixsparse_cell_unlink(cell);
+ _eina_matrixsparse_cell_free(cell, m->free.func,
+ m->free.user_data);
+ return 1;
}
/**
@@ -1595,31 +1514,33 @@ eina_matrixsparse_cell_clear(Eina_Matrixsparse_Cell *cell)
* invalid! That is, if you add or remove cells this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_matrixsparse_iterator_new(const Eina_Matrixsparse *m)
+EAPI Eina_Iterator *eina_matrixsparse_iterator_new(const Eina_Matrixsparse
+ * m)
{
- Eina_Matrixsparse_Iterator *it;
-
- it = calloc(1, sizeof(*it));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
-
- EINA_MAGIC_SET(it, EINA_MAGIC_MATRIXSPARSE_ITERATOR);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
-
- it->m = m;
- it->ref.row = m->rows;
- it->ref.col = m->rows ? m->rows->cols : NULL;
-
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(_eina_matrixsparse_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _eina_matrixsparse_iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(_eina_matrixsparse_iterator_free);
- return &it->iterator;
+ Eina_Matrixsparse_Iterator *it;
+
+ it = calloc(1, sizeof(*it));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+
+ EINA_MAGIC_SET(it, EINA_MAGIC_MATRIXSPARSE_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+
+ it->m = m;
+ it->ref.row = m->rows;
+ it->ref.col = m->rows ? m->rows->cols : NULL;
+
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next =
+ FUNC_ITERATOR_NEXT(_eina_matrixsparse_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER
+ (_eina_matrixsparse_iterator_get_container);
+ it->iterator.free =
+ FUNC_ITERATOR_FREE(_eina_matrixsparse_iterator_free);
+ return &it->iterator;
}
/**
@@ -1646,45 +1567,47 @@ eina_matrixsparse_iterator_new(const Eina_Matrixsparse *m)
* invalid! That is, if you add or remove cells this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_matrixsparse_iterator_complete_new(const Eina_Matrixsparse *m)
+EAPI Eina_Iterator *eina_matrixsparse_iterator_complete_new(const
+ Eina_Matrixsparse
+ * m)
{
- Eina_Matrixsparse_Iterator_Complete *it;
-
- it = calloc(1, sizeof(*it));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
-
- EINA_MAGIC_SET(it, EINA_MAGIC_MATRIXSPARSE_ITERATOR);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
-
- it->m = m;
- it->idx.row = 0;
- it->idx.col = 0;
- it->ref.row = m->rows;
- it->ref.col = m->rows ? m->rows->cols : NULL;
-
- it->dummy.row.next = it->dummy.row.prev = NULL;
- it->dummy.row.cols = it->dummy.row.last_col = it->dummy.row.last_used = NULL;
- it->dummy.row.parent = (Eina_Matrixsparse *)m;
- EINA_MAGIC_SET(&it->dummy.row, EINA_MAGIC_MATRIXSPARSE_ROW);
-
- it->dummy.col.next = it->dummy.col.prev = NULL;
- it->dummy.col.data = NULL;
- it->dummy.col.parent = &it->dummy.row;
- EINA_MAGIC_SET(&it->dummy.col, EINA_MAGIC_MATRIXSPARSE_CELL);
-
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(
- _eina_matrixsparse_iterator_complete_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _eina_matrixsparse_iterator_complete_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(
- _eina_matrixsparse_iterator_complete_free);
- return &it->iterator;
+ Eina_Matrixsparse_Iterator_Complete *it;
+
+ it = calloc(1, sizeof(*it));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+
+ EINA_MAGIC_SET(it, EINA_MAGIC_MATRIXSPARSE_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+
+ it->m = m;
+ it->idx.row = 0;
+ it->idx.col = 0;
+ it->ref.row = m->rows;
+ it->ref.col = m->rows ? m->rows->cols : NULL;
+
+ it->dummy.row.next = it->dummy.row.prev = NULL;
+ it->dummy.row.cols = it->dummy.row.last_col =
+ it->dummy.row.last_used = NULL;
+ it->dummy.row.parent = (Eina_Matrixsparse *) m;
+ EINA_MAGIC_SET(&it->dummy.row, EINA_MAGIC_MATRIXSPARSE_ROW);
+
+ it->dummy.col.next = it->dummy.col.prev = NULL;
+ it->dummy.col.data = NULL;
+ it->dummy.col.parent = &it->dummy.row;
+ EINA_MAGIC_SET(&it->dummy.col, EINA_MAGIC_MATRIXSPARSE_CELL);
+
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next =
+ FUNC_ITERATOR_NEXT(_eina_matrixsparse_iterator_complete_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER
+ (_eina_matrixsparse_iterator_complete_get_container);
+ it->iterator.free =
+ FUNC_ITERATOR_FREE(_eina_matrixsparse_iterator_complete_free);
+ return &it->iterator;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_mempool.c b/tests/suite/ecore/src/lib/eina_mempool.c
index b9062bef9a..1828e76ee6 100644
--- a/tests/suite/ecore/src/lib/eina_mempool.c
+++ b/tests/suite/ecore/src/lib/eina_mempool.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <assert.h>
@@ -59,72 +59,70 @@ static int _eina_mempool_log_dom = -1;
#define DBG(...) EINA_LOG_DOM_DBG(_eina_mempool_log_dom, __VA_ARGS__)
-static Eina_Mempool *
-_new_va(const char *name,
- const char *context,
- const char *options,
- va_list args)
+static Eina_Mempool *_new_va(const char *name,
+ const char *context,
+ const char *options, va_list args)
{
- Eina_Mempool_Backend *be;
- Eina_Mempool *mp;
+ Eina_Mempool_Backend *be;
+ Eina_Mempool *mp;
- Eina_Error err = EINA_ERROR_NOT_MEMPOOL_MODULE;
+ Eina_Error err = EINA_ERROR_NOT_MEMPOOL_MODULE;
- eina_error_set(0);
- be = eina_hash_find(_backends, name);
- if (!be)
- goto on_error;
+ eina_error_set(0);
+ be = eina_hash_find(_backends, name);
+ if (!be)
+ goto on_error;
- err = EINA_ERROR_OUT_OF_MEMORY;
- mp = calloc(1, sizeof(Eina_Mempool));
- if (!mp)
- goto on_error;
+ err = EINA_ERROR_OUT_OF_MEMORY;
+ mp = calloc(1, sizeof(Eina_Mempool));
+ if (!mp)
+ goto on_error;
- /* FIXME why backend is not a pointer? */
- mp->backend = *be;
- mp->backend_data = mp->backend.init(context, options, args);
+ /* FIXME why backend is not a pointer? */
+ mp->backend = *be;
+ mp->backend_data = mp->backend.init(context, options, args);
- return mp;
+ return mp;
-on_error:
- eina_error_set(err);
- return NULL;
+ on_error:
+ eina_error_set(err);
+ return NULL;
}
/* Built-in backend's prototypes */
#ifdef EINA_STATIC_BUILD_CHAINED_POOL
Eina_Bool chained_init(void);
-void chained_shutdown(void);
+void chained_shutdown(void);
#endif
#ifdef EINA_STATIC_BUILD_PASS_THROUGH
Eina_Bool pass_through_init(void);
-void pass_through_shutdown(void);
+void pass_through_shutdown(void);
#endif
#ifdef EINA_STATIC_BUILD_EMEMOA_UNKNOWN
Eina_Bool ememoa_unknown_init(void);
-void ememoa_unknown_shutdown(void);
+void ememoa_unknown_shutdown(void);
#endif
#ifdef EINA_STATIC_BUILD_EMEMOA_FIXED
Eina_Bool ememoa_fixed_init(void);
-void ememoa_fixed_shutdown(void);
+void ememoa_fixed_shutdown(void);
#endif
#ifdef EINA_STATIC_BUILD_FIXED_BITMAP
Eina_Bool fixed_bitmap_init(void);
-void fixed_bitmap_shutdown(void);
+void fixed_bitmap_shutdown(void);
#endif
#ifdef EINA_STATIC_BUILD_BUDDY
Eina_Bool buddy_init(void);
-void buddy_shutdown(void);
+void buddy_shutdown(void);
#endif
#ifdef EINA_STATIC_BUILD_ONE_BIG
Eina_Bool one_big_init(void);
-void one_big_shutdown(void);
+void one_big_shutdown(void);
#endif
/**
@@ -142,145 +140,144 @@ void one_big_shutdown(void);
EAPI Eina_Error EINA_ERROR_NOT_MEMPOOL_MODULE = 0;
static const char EINA_ERROR_NOT_MEMPOOL_MODULE_STR[] =
- "Not a memory pool module.";
+ "Not a memory pool module.";
/**
* @endcond
*/
-EAPI Eina_Bool
-eina_mempool_register(Eina_Mempool_Backend *be)
+EAPI Eina_Bool eina_mempool_register(Eina_Mempool_Backend * be)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(be, 0);
- DBG("be=%p, name=%p", be, be->name);
- return eina_hash_add(_backends, be->name, be);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(be, 0);
+ DBG("be=%p, name=%p", be, be->name);
+ return eina_hash_add(_backends, be->name, be);
}
-EAPI void
-eina_mempool_unregister(Eina_Mempool_Backend *be)
+EAPI void eina_mempool_unregister(Eina_Mempool_Backend * be)
{
- EINA_SAFETY_ON_NULL_RETURN(be);
- DBG("be=%p, name=%p", be, be->name);
- eina_hash_del(_backends, be->name, be);
+ EINA_SAFETY_ON_NULL_RETURN(be);
+ DBG("be=%p, name=%p", be, be->name);
+ eina_hash_del(_backends, be->name, be);
}
-Eina_Bool
-eina_mempool_init(void)
+Eina_Bool eina_mempool_init(void)
{
- char *path;
-
- _eina_mempool_log_dom = eina_log_domain_register("eina_mempool",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_mempool_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_mempool");
- return 0;
- }
-
- EINA_ERROR_NOT_MEMPOOL_MODULE = eina_error_msg_static_register(
- EINA_ERROR_NOT_MEMPOOL_MODULE_STR);
- _backends = eina_hash_string_superfast_new(NULL);
-
- /* dynamic backends */
- _modules = eina_module_arch_list_get(NULL,
- PACKAGE_LIB_DIR "/eina/modules/mp",
- MODULE_ARCH);
-
- path = eina_module_environment_path_get("HOME", "/.eina/mp/modules/mp");
- _modules = eina_module_arch_list_get(_modules, path, MODULE_ARCH);
- if (path)
- free(path);
-
- path = eina_module_environment_path_get("EINA_MODULES_MEMPOOL_DIR",
- "/eina/modules/mp");
- _modules = eina_module_arch_list_get(_modules, path, MODULE_ARCH);
- if (path)
- free(path);
-
- path = eina_module_symbol_path_get((const void *)eina_init,
- "/eina/modules/mp");
- _modules = eina_module_arch_list_get(_modules, path, MODULE_ARCH);
- if (path)
- free(path);
-
- if (!_modules)
- {
- ERR("no mempool modules able to be loaded.");
- eina_hash_free(_backends);
- goto mempool_init_error;
- }
-
- eina_module_list_load(_modules);
-
- /* builtin backends */
+ char *path;
+
+ _eina_mempool_log_dom = eina_log_domain_register("eina_mempool",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_mempool_log_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_mempool");
+ return 0;
+ }
+
+ EINA_ERROR_NOT_MEMPOOL_MODULE =
+ eina_error_msg_static_register
+ (EINA_ERROR_NOT_MEMPOOL_MODULE_STR);
+ _backends = eina_hash_string_superfast_new(NULL);
+
+ /* dynamic backends */
+ _modules = eina_module_arch_list_get(NULL,
+ PACKAGE_LIB_DIR
+ "/eina/modules/mp",
+ MODULE_ARCH);
+
+ path =
+ eina_module_environment_path_get("HOME",
+ "/.eina/mp/modules/mp");
+ _modules = eina_module_arch_list_get(_modules, path, MODULE_ARCH);
+ if (path)
+ free(path);
+
+ path = eina_module_environment_path_get("EINA_MODULES_MEMPOOL_DIR",
+ "/eina/modules/mp");
+ _modules = eina_module_arch_list_get(_modules, path, MODULE_ARCH);
+ if (path)
+ free(path);
+
+ path = eina_module_symbol_path_get((const void *) eina_init,
+ "/eina/modules/mp");
+ _modules = eina_module_arch_list_get(_modules, path, MODULE_ARCH);
+ if (path)
+ free(path);
+
+ if (!_modules) {
+ ERR("no mempool modules able to be loaded.");
+ eina_hash_free(_backends);
+ goto mempool_init_error;
+ }
+
+ eina_module_list_load(_modules);
+
+ /* builtin backends */
#ifdef EINA_STATIC_BUILD_CHAINED_POOL
- chained_init();
+ chained_init();
#endif
#ifdef EINA_STATIC_BUILD_PASS_THROUGH
- pass_through_init();
+ pass_through_init();
#endif
#ifdef EINA_STATIC_BUILD_EMEMOA_UNKNOWN
- ememoa_unknown_init();
+ ememoa_unknown_init();
#endif
#ifdef EINA_STATIC_BUILD_EMEMOA_FIXED
- ememoa_fixed_init();
+ ememoa_fixed_init();
#endif
#ifdef EINA_STATIC_BUILD_FIXED_BITMAP
- fixed_bitmap_init();
+ fixed_bitmap_init();
#endif
#ifdef EINA_STATIC_BUILD_BUDDY
- buddy_init();
+ buddy_init();
#endif
#ifdef EINA_STATIC_BUILD_ONE_BIG
- one_big_init();
+ one_big_init();
#endif
- return EINA_TRUE;
+ return EINA_TRUE;
-mempool_init_error:
- eina_log_domain_unregister(_eina_mempool_log_dom);
- _eina_mempool_log_dom = -1;
+ mempool_init_error:
+ eina_log_domain_unregister(_eina_mempool_log_dom);
+ _eina_mempool_log_dom = -1;
- return EINA_FALSE;
+ return EINA_FALSE;
}
-Eina_Bool
-eina_mempool_shutdown(void)
+Eina_Bool eina_mempool_shutdown(void)
{
- /* builtin backends */
+ /* builtin backends */
#ifdef EINA_STATIC_BUILD_CHAINED_POOL
- chained_shutdown();
+ chained_shutdown();
#endif
#ifdef EINA_STATIC_BUILD_PASS_THROUGH
- pass_through_shutdown();
+ pass_through_shutdown();
#endif
#ifdef EINA_STATIC_BUILD_EMEMOA_UNKNOWN
- ememoa_unknown_shutdown();
+ ememoa_unknown_shutdown();
#endif
#ifdef EINA_STATIC_BUILD_EMEMOA_FIXED
- ememoa_fixed_shutdown();
+ ememoa_fixed_shutdown();
#endif
#ifdef EINA_STATIC_BUILD_FIXED_BITMAP
- fixed_bitmap_shutdown();
+ fixed_bitmap_shutdown();
#endif
#ifdef EINA_STATIC_BUILD_BUDDY
- buddy_shutdown();
+ buddy_shutdown();
#endif
#ifdef EINA_STATIC_BUILD_ONE_BIG
- one_big_shutdown();
+ one_big_shutdown();
#endif
- /* dynamic backends */
- eina_module_list_free(_modules);
- if (_modules)
- eina_array_free(_modules);
+ /* dynamic backends */
+ eina_module_list_free(_modules);
+ if (_modules)
+ eina_array_free(_modules);
- if (_backends)
- eina_hash_free(_backends);
+ if (_backends)
+ eina_hash_free(_backends);
- eina_log_domain_unregister(_eina_mempool_log_dom);
- _eina_mempool_log_dom = -1;
+ eina_log_domain_unregister(_eina_mempool_log_dom);
+ _eina_mempool_log_dom = -1;
- return EINA_TRUE;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -323,75 +320,72 @@ eina_mempool_shutdown(void)
* @{
*/
-EAPI Eina_Mempool *
-eina_mempool_add(const char *name,
- const char *context,
- const char *options,
- ...)
+EAPI Eina_Mempool *eina_mempool_add(const char *name,
+ const char *context,
+ const char *options, ...)
{
- Eina_Mempool *mp;
- va_list args;
+ Eina_Mempool *mp;
+ va_list args;
- EINA_SAFETY_ON_NULL_RETURN_VAL(name, NULL);
- DBG("name=%s, context=%s, options=%s",
- name, context ? context : "", options ? options : "");
+ EINA_SAFETY_ON_NULL_RETURN_VAL(name, NULL);
+ DBG("name=%s, context=%s, options=%s",
+ name, context ? context : "", options ? options : "");
- va_start(args, options);
- mp = _new_va(name, context, options, args);
- va_end(args);
+ va_start(args, options);
+ mp = _new_va(name, context, options, args);
+ va_end(args);
- DBG("name=%s, context=%s, options=%s, mp=%p",
- name, context ? context : "", options ? options : "", mp);
+ DBG("name=%s, context=%s, options=%s, mp=%p",
+ name, context ? context : "", options ? options : "", mp);
- return mp;
+ return mp;
}
-EAPI void eina_mempool_del(Eina_Mempool *mp)
+EAPI void eina_mempool_del(Eina_Mempool * mp)
{
- EINA_SAFETY_ON_NULL_RETURN(mp);
- EINA_SAFETY_ON_NULL_RETURN(mp->backend.shutdown);
- DBG("mp=%p", mp);
- mp->backend.shutdown(mp->backend_data);
- free(mp);
+ EINA_SAFETY_ON_NULL_RETURN(mp);
+ EINA_SAFETY_ON_NULL_RETURN(mp->backend.shutdown);
+ DBG("mp=%p", mp);
+ mp->backend.shutdown(mp->backend_data);
+ free(mp);
}
-EAPI void eina_mempool_gc(Eina_Mempool *mp)
+EAPI void eina_mempool_gc(Eina_Mempool * mp)
{
- EINA_SAFETY_ON_NULL_RETURN(mp);
- EINA_SAFETY_ON_NULL_RETURN(mp->backend.garbage_collect);
- DBG("mp=%p", mp);
- mp->backend.garbage_collect(mp->backend_data);
+ EINA_SAFETY_ON_NULL_RETURN(mp);
+ EINA_SAFETY_ON_NULL_RETURN(mp->backend.garbage_collect);
+ DBG("mp=%p", mp);
+ mp->backend.garbage_collect(mp->backend_data);
}
-EAPI void eina_mempool_statistics(Eina_Mempool *mp)
+EAPI void eina_mempool_statistics(Eina_Mempool * mp)
{
- EINA_SAFETY_ON_NULL_RETURN(mp);
- EINA_SAFETY_ON_NULL_RETURN(mp->backend.statistics);
- DBG("mp=%p", mp);
- mp->backend.statistics(mp->backend_data);
+ EINA_SAFETY_ON_NULL_RETURN(mp);
+ EINA_SAFETY_ON_NULL_RETURN(mp->backend.statistics);
+ DBG("mp=%p", mp);
+ mp->backend.statistics(mp->backend_data);
}
-EAPI unsigned int
-eina_mempool_alignof(unsigned int size)
+EAPI unsigned int eina_mempool_alignof(unsigned int size)
{
- int align;
+ int align;
- if (size <= 2)
- align = 2;
- else if (size < 8)
- align = 4;
- else
+ if (size <= 2)
+ align = 2;
+ else if (size < 8)
+ align = 4;
+ else
#if __WORDSIZE == 32
- align = 8;
+ align = 8;
#else
- if (size < 16)
- align = 8;
- else
- align = 16;
+ if (size < 16)
+ align = 8;
+ else
+ align = 16;
#endif
- return ((size / align) + 1) * align;
+ return ((size / align) + 1) * align;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_module.c b/tests/suite/ecore/src/lib/eina_module.c
index 7ae4bdbd6b..2e7301b013 100644
--- a/tests/suite/ecore/src/lib/eina_module.c
+++ b/tests/suite/ecore/src/lib/eina_module.c
@@ -17,28 +17,28 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#ifdef HAVE_DLADDR
-# define _GNU_SOURCE
+#define _GNU_SOURCE
#endif
#ifdef HAVE_ALLOCA_H
-# include <alloca.h>
+#include <alloca.h>
#elif defined __GNUC__
-# define alloca __builtin_alloca
+#define alloca __builtin_alloca
#elif defined _AIX
-# define alloca __alloca
+#define alloca __alloca
#elif defined _MSC_VER
-# include <malloc.h>
-# define alloca _alloca
+#include <malloc.h>
+#define alloca _alloca
#else
-# include <stddef.h>
-# ifdef __cplusplus
+#include <stddef.h>
+#ifdef __cplusplus
extern "C"
-# endif
-void *alloca (size_t);
+#endif
+void *alloca(size_t);
#endif
#include <stdio.h>
@@ -47,15 +47,15 @@ void *alloca (size_t);
#include <string.h>
#ifndef _MSC_VER
-# include <libgen.h>
+#include <libgen.h>
#else
-# include <Evil.h>
+#include <Evil.h>
#endif
#include <dlfcn.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -95,93 +95,89 @@ static int EINA_MODULE_LOG_DOM = -1;
#define EINA_MODULE_SYMBOL_INIT "__eina_module_init"
#define EINA_MODULE_SYMBOL_SHUTDOWN "__eina_module_shutdown"
-struct _Eina_Module
-{
- void *handle;
- int ref;
- const char file[];
+struct _Eina_Module {
+ void *handle;
+ int ref;
+ const char file[];
};
-typedef struct _Dir_List_Get_Cb_Data
-{
- Eina_Module_Cb cb;
- void *data;
- Eina_Array *array;
+typedef struct _Dir_List_Get_Cb_Data {
+ Eina_Module_Cb cb;
+ void *data;
+ Eina_Array *array;
} Dir_List_Get_Cb_Data;
-typedef struct _Dir_List_Cb_Data
-{
- Eina_Module_Cb cb;
- void *data;
+typedef struct _Dir_List_Cb_Data {
+ Eina_Module_Cb cb;
+ void *data;
} Dir_List_Cb_Data;
-static Eina_Bool _dir_list_get_cb(Eina_Module *m, void *data)
+static Eina_Bool _dir_list_get_cb(Eina_Module * m, void *data)
{
- Dir_List_Get_Cb_Data *cb_data = data;
- Eina_Bool ret = EINA_TRUE;
+ Dir_List_Get_Cb_Data *cb_data = data;
+ Eina_Bool ret = EINA_TRUE;
- if (cb_data->cb)
- ret = cb_data->cb(m, cb_data->data);
+ if (cb_data->cb)
+ ret = cb_data->cb(m, cb_data->data);
- if (ret)
- eina_array_push(cb_data->array, m);
+ if (ret)
+ eina_array_push(cb_data->array, m);
- return ret;
+ return ret;
}
static void _dir_list_cb(const char *name, const char *path, void *data)
{
- Dir_List_Cb_Data *cb_data = data;
- size_t length;
+ Dir_List_Cb_Data *cb_data = data;
+ size_t length;
- length = strlen(name);
- if (length < sizeof(SHARED_LIB_SUFFIX)) /* x.so */
- return;
+ length = strlen(name);
+ if (length < sizeof(SHARED_LIB_SUFFIX)) /* x.so */
+ return;
- if (!strcmp(name + length - sizeof(SHARED_LIB_SUFFIX) + 1,
- SHARED_LIB_SUFFIX))
- {
- char *file;
- Eina_Module *m;
+ if (!strcmp(name + length - sizeof(SHARED_LIB_SUFFIX) + 1,
+ SHARED_LIB_SUFFIX)) {
+ char *file;
+ Eina_Module *m;
- length = strlen(path) + strlen(name) + 2;
+ length = strlen(path) + strlen(name) + 2;
- file = alloca(sizeof (char) * length);
- if (!file)
- return;
+ file = alloca(sizeof(char) * length);
+ if (!file)
+ return;
- snprintf(file, length, "%s/%s", path, name);
- m = eina_module_new(file);
- if (!m)
- {
- return; /* call the user provided cb on this module */
+ snprintf(file, length, "%s/%s", path, name);
+ m = eina_module_new(file);
+ if (!m) {
+ return; /* call the user provided cb on this module */
- }
+ }
- if (!cb_data->cb(m, cb_data->data))
- eina_module_free(m);
- }
+ if (!cb_data->cb(m, cb_data->data))
+ eina_module_free(m);
+ }
}
-static void _dir_arch_list_cb(const char *name, const char *path, void *data)
+static void _dir_arch_list_cb(const char *name, const char *path,
+ void *data)
{
- Dir_List_Get_Cb_Data *cb_data = data;
- Eina_Module *m;
- char *file = NULL;
- size_t length;
-
- length = strlen(path) + 1 + strlen(name) + 1 +
- strlen((char *)(cb_data->data)) + 1 + sizeof("module") +
- sizeof(SHARED_LIB_SUFFIX) + 1;
-
- file = alloca(length);
- snprintf(file, length, "%s/%s/%s/module" SHARED_LIB_SUFFIX,
- path, name, (char *)(cb_data->data));
- m = eina_module_new(file);
- if (!m)
- return;
-
- eina_array_push(cb_data->array, m);
+ Dir_List_Get_Cb_Data *cb_data = data;
+ Eina_Module *m;
+ char *file = NULL;
+ size_t length;
+
+ length = strlen(path) + 1 + strlen(name) + 1 +
+ strlen((char *) (cb_data->data)) + 1 + sizeof("module") +
+ sizeof(SHARED_LIB_SUFFIX) + 1;
+
+ file = alloca(length);
+ snprintf(file, length, "%s/%s/%s/module" SHARED_LIB_SUFFIX,
+ path, name, (char *) (cb_data->data));
+ m = eina_module_new(file);
+ if (!m)
+ return;
+
+ eina_array_push(cb_data->array, m);
}
/**
@@ -198,9 +194,9 @@ static void _dir_arch_list_cb(const char *name, const char *path, void *data)
*/
static const char EINA_ERROR_WRONG_MODULE_STR[] =
- "Wrong file format or no file module found";
+ "Wrong file format or no file module found";
static const char EINA_ERROR_MODULE_INIT_FAILED_STR[] =
- "Module initialisation function failed";
+ "Module initialisation function failed";
EAPI Eina_Error EINA_ERROR_WRONG_MODULE = 0;
EAPI Eina_Error EINA_ERROR_MODULE_INIT_FAILED = 0;
@@ -224,23 +220,20 @@ EAPI Eina_Error EINA_ERROR_MODULE_INIT_FAILED = 0;
*
* @see eina_init()
*/
-Eina_Bool
-eina_module_init(void)
+Eina_Bool eina_module_init(void)
{
- EINA_MODULE_LOG_DOM = eina_log_domain_register
- ("eina_module", EINA_LOG_COLOR_DEFAULT);
- if (EINA_MODULE_LOG_DOM < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_module");
- return EINA_FALSE;
- }
-
+ EINA_MODULE_LOG_DOM = eina_log_domain_register
+ ("eina_module", EINA_LOG_COLOR_DEFAULT);
+ if (EINA_MODULE_LOG_DOM < 0) {
+ EINA_LOG_ERR("Could not register log domain: eina_module");
+ return EINA_FALSE;
+ }
#define EEMR(n) n = eina_error_msg_static_register(n ## _STR)
- EEMR(EINA_ERROR_WRONG_MODULE);
- EEMR(EINA_ERROR_MODULE_INIT_FAILED);
+ EEMR(EINA_ERROR_WRONG_MODULE);
+ EEMR(EINA_ERROR_MODULE_INIT_FAILED);
#undef EEMR
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -254,16 +247,15 @@ eina_module_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_module_shutdown(void)
+Eina_Bool eina_module_shutdown(void)
{
- /* TODO should we store every module when "new" is called and
- * delete the list of modules here
- */
+ /* TODO should we store every module when "new" is called and
+ * delete the list of modules here
+ */
- eina_log_domain_unregister(EINA_MODULE_LOG_DOM);
- EINA_MODULE_LOG_DOM = -1;
- return EINA_TRUE;
+ eina_log_domain_unregister(EINA_MODULE_LOG_DOM);
+ EINA_MODULE_LOG_DOM = -1;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -295,29 +287,28 @@ eina_module_shutdown(void)
*/
EAPI Eina_Module *eina_module_new(const char *file)
{
- Eina_Module *m;
- size_t len;
+ Eina_Module *m;
+ size_t len;
- EINA_SAFETY_ON_NULL_RETURN_VAL(file, NULL);
- /* TODO check that the file exists. Update doc too */
+ EINA_SAFETY_ON_NULL_RETURN_VAL(file, NULL);
+ /* TODO check that the file exists. Update doc too */
- len = strlen(file);
- EINA_SAFETY_ON_FALSE_RETURN_VAL(len > 0, NULL);
+ len = strlen(file);
+ EINA_SAFETY_ON_FALSE_RETURN_VAL(len > 0, NULL);
- m = malloc(sizeof(Eina_Module) + len + 1);
- if (!m)
- {
- ERR("could not malloc(%lu)",
- (unsigned long)(sizeof(Eina_Module) + len + 1));
- return NULL;
- }
+ m = malloc(sizeof(Eina_Module) + len + 1);
+ if (!m) {
+ ERR("could not malloc(%lu)",
+ (unsigned long) (sizeof(Eina_Module) + len + 1));
+ return NULL;
+ }
- memcpy((char *)m->file, file, len + 1);
- m->ref = 0;
- m->handle = NULL;
- DBG("m=%p, file=%s", m, file);
+ memcpy((char *) m->file, file, len + 1);
+ m->ref = 0;
+ m->handle = NULL;
+ DBG("m=%p, file=%s", m, file);
- return m;
+ return m;
}
/**
@@ -331,18 +322,19 @@ EAPI Eina_Module *eina_module_new(const char *file)
* returns EINA_TRUE and EINA_FALSE otherwise. If @p m is @c NULL, the
* function returns immediately.
*/
-EAPI Eina_Bool eina_module_free(Eina_Module *m)
+EAPI Eina_Bool eina_module_free(Eina_Module * m)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(m, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(m, EINA_FALSE);
- DBG("m=%p, handle=%p, file=%s, refs=%d", m, m->handle, m->file, m->ref);
+ DBG("m=%p, handle=%p, file=%s, refs=%d", m, m->handle, m->file,
+ m->ref);
- if (m->handle)
- if (eina_module_unload(m) == EINA_FALSE)
- return EINA_FALSE;
+ if (m->handle)
+ if (eina_module_unload(m) == EINA_FALSE)
+ return EINA_FALSE;
- free(m);
- return EINA_TRUE;
+ free(m);
+ return EINA_TRUE;
}
/**
@@ -365,47 +357,48 @@ EAPI Eina_Bool eina_module_free(Eina_Module *m)
* When the symbols of the shared file objetcts are not needed
* anymore, call eina_module_unload() to unload the module.
*/
-EAPI Eina_Bool eina_module_load(Eina_Module *m)
+EAPI Eina_Bool eina_module_load(Eina_Module * m)
{
- void *dl_handle;
- Eina_Module_Init *initcall;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(m, EINA_FALSE);
-
- DBG("m=%p, handle=%p, file=%s, refs=%d", m, m->handle, m->file, m->ref);
-
- if (m->handle)
- goto loaded;
-
- dl_handle = dlopen(m->file, RTLD_NOW);
- if (!dl_handle)
- {
- WRN("could not dlopen(\"%s\", RTLD_NOW): %s", m->file, dlerror());
- eina_error_set(EINA_ERROR_WRONG_MODULE);
- return EINA_FALSE;
- }
-
- initcall = dlsym(dl_handle, EINA_MODULE_SYMBOL_INIT);
- if ((!initcall) || (!(*initcall)))
- goto ok;
-
- if ((*initcall)() == EINA_TRUE)
- goto ok;
-
- WRN("could not find eina's entry symbol %s inside module %s",
- EINA_MODULE_SYMBOL_INIT, m->file);
- eina_error_set(EINA_ERROR_MODULE_INIT_FAILED);
- dlclose(dl_handle);
- return EINA_FALSE;
-ok:
- DBG("successfully loaded %s", m->file);
- m->handle = dl_handle;
-loaded:
- m->ref++;
- DBG("ref %d", m->ref);
-
- eina_error_set(0);
- return EINA_TRUE;
+ void *dl_handle;
+ Eina_Module_Init *initcall;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(m, EINA_FALSE);
+
+ DBG("m=%p, handle=%p, file=%s, refs=%d", m, m->handle, m->file,
+ m->ref);
+
+ if (m->handle)
+ goto loaded;
+
+ dl_handle = dlopen(m->file, RTLD_NOW);
+ if (!dl_handle) {
+ WRN("could not dlopen(\"%s\", RTLD_NOW): %s", m->file,
+ dlerror());
+ eina_error_set(EINA_ERROR_WRONG_MODULE);
+ return EINA_FALSE;
+ }
+
+ initcall = dlsym(dl_handle, EINA_MODULE_SYMBOL_INIT);
+ if ((!initcall) || (!(*initcall)))
+ goto ok;
+
+ if ((*initcall) () == EINA_TRUE)
+ goto ok;
+
+ WRN("could not find eina's entry symbol %s inside module %s",
+ EINA_MODULE_SYMBOL_INIT, m->file);
+ eina_error_set(EINA_ERROR_MODULE_INIT_FAILED);
+ dlclose(dl_handle);
+ return EINA_FALSE;
+ ok:
+ DBG("successfully loaded %s", m->file);
+ m->handle = dl_handle;
+ loaded:
+ m->ref++;
+ DBG("ref %d", m->ref);
+
+ eina_error_set(0);
+ return EINA_TRUE;
}
/**
@@ -422,27 +415,27 @@ loaded:
* returned. In all case, the reference counter is decreased. If @p m
* is @c NULL, the function returns immediately #EINA_FALSE.
*/
-EAPI Eina_Bool eina_module_unload(Eina_Module *m)
+EAPI Eina_Bool eina_module_unload(Eina_Module * m)
{
- Eina_Module_Shutdown *shut;
- EINA_SAFETY_ON_NULL_RETURN_VAL(m, EINA_FALSE);
+ Eina_Module_Shutdown *shut;
+ EINA_SAFETY_ON_NULL_RETURN_VAL(m, EINA_FALSE);
- DBG("m=%p, handle=%p, file=%s, refs=%d", m, m->handle, m->file, m->ref);
+ DBG("m=%p, handle=%p, file=%s, refs=%d", m, m->handle, m->file,
+ m->ref);
- m->ref--;
- if (!m->ref)
- {
- shut = dlsym(m->handle, EINA_MODULE_SYMBOL_SHUTDOWN);
- if ((shut) && (*shut))
- (*shut)();
+ m->ref--;
+ if (!m->ref) {
+ shut = dlsym(m->handle, EINA_MODULE_SYMBOL_SHUTDOWN);
+ if ((shut) && (*shut))
+ (*shut) ();
- dlclose(m->handle);
- m->handle = NULL;
- DBG("unloaded module %s", m->file);
- return EINA_TRUE;
- }
+ dlclose(m->handle);
+ m->handle = NULL;
+ DBG("unloaded module %s", m->file);
+ return EINA_TRUE;
+ }
- return EINA_FALSE;
+ return EINA_FALSE;
}
/**
@@ -457,11 +450,12 @@ EAPI Eina_Bool eina_module_unload(Eina_Module *m)
* is @c NULL, or if it has not been correctly loaded before, the
* function returns immediately @c NULL.
*/
-EAPI void *eina_module_symbol_get(const Eina_Module *m, const char *symbol)
+EAPI void *eina_module_symbol_get(const Eina_Module * m,
+ const char *symbol)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(m, NULL);
- EINA_SAFETY_ON_NULL_RETURN_VAL(m->handle, NULL);
- return dlsym(m->handle, symbol);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(m, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(m->handle, NULL);
+ return dlsym(m->handle, symbol);
}
/**
@@ -474,10 +468,10 @@ EAPI void *eina_module_symbol_get(const Eina_Module *m, const char *symbol)
* @p m is @c NULL, the function returns immediately @c NULL. The
* returned value must no be freed.
*/
-EAPI const char *eina_module_file_get(const Eina_Module *m)
+EAPI const char *eina_module_file_get(const Eina_Module * m)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(m, NULL);
- return m->file;
+ EINA_SAFETY_ON_NULL_RETURN_VAL(m, NULL);
+ return m->file;
}
/**
@@ -494,44 +488,42 @@ EAPI const char *eina_module_file_get(const Eina_Module *m)
* anymore. If the symbol is not found, or dl_addr() is not supported,
* or allocation fails, this function returns @c NULL.
*/
-EAPI char *eina_module_symbol_path_get(const void *symbol, const char *sub_dir)
+EAPI char *eina_module_symbol_path_get(const void *symbol,
+ const char *sub_dir)
{
#ifdef HAVE_DLADDR
- Dl_info eina_dl;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(symbol, NULL);
-
- if (dladdr(symbol, &eina_dl))
- {
- char *pos = strrchr(eina_dl.dli_fname, '/');
- if (pos)
- {
- char *path;
- int l0;
- int l1;
- int l2 = 0;
-
- l0 = strlen(eina_dl.dli_fname);
- l1 = strlen(pos);
- if (sub_dir && (*sub_dir != '\0'))
- l2 = strlen(sub_dir);
-
- path = malloc(l0 - l1 + l2 + 1);
- if (path)
- {
- memcpy(path, eina_dl.dli_fname, l0 - l1);
- if (sub_dir && (*sub_dir != '\0'))
- memcpy(path + l0 - l1, sub_dir, l2);
-
- path[l0 - l1 + l2] = '\0';
- return path;
- }
- }
- }
-
-#endif /* ! HAVE_DLADDR */
-
- return NULL;
+ Dl_info eina_dl;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(symbol, NULL);
+
+ if (dladdr(symbol, &eina_dl)) {
+ char *pos = strrchr(eina_dl.dli_fname, '/');
+ if (pos) {
+ char *path;
+ int l0;
+ int l1;
+ int l2 = 0;
+
+ l0 = strlen(eina_dl.dli_fname);
+ l1 = strlen(pos);
+ if (sub_dir && (*sub_dir != '\0'))
+ l2 = strlen(sub_dir);
+
+ path = malloc(l0 - l1 + l2 + 1);
+ if (path) {
+ memcpy(path, eina_dl.dli_fname, l0 - l1);
+ if (sub_dir && (*sub_dir != '\0'))
+ memcpy(path + l0 - l1, sub_dir,
+ l2);
+
+ path[l0 - l1 + l2] = '\0';
+ return path;
+ }
+ }
+ }
+#endif /* ! HAVE_DLADDR */
+
+ return NULL;
}
/**
@@ -549,37 +541,35 @@ EAPI char *eina_module_symbol_path_get(const void *symbol, const char *sub_dir)
* allocation fails, this function returns @c NULL.
*/
EAPI char *eina_module_environment_path_get(const char *env,
- const char *sub_dir)
+ const char *sub_dir)
{
- const char *env_dir;
+ const char *env_dir;
- EINA_SAFETY_ON_NULL_RETURN_VAL(env, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(env, NULL);
- env_dir = getenv(env);
- if (env_dir)
- {
- char *path;
- size_t l1;
- size_t l2 = 0;
+ env_dir = getenv(env);
+ if (env_dir) {
+ char *path;
+ size_t l1;
+ size_t l2 = 0;
- l1 = strlen(env_dir);
- if (sub_dir && (*sub_dir != '\0'))
- l2 = strlen(sub_dir);
+ l1 = strlen(env_dir);
+ if (sub_dir && (*sub_dir != '\0'))
+ l2 = strlen(sub_dir);
- path = (char *)malloc(l1 + l2 + 1);
- if (path)
- {
- memcpy(path, env_dir, l1);
- if (sub_dir && (*sub_dir != '\0'))
- memcpy(path + l1, sub_dir, l2);
+ path = (char *) malloc(l1 + l2 + 1);
+ if (path) {
+ memcpy(path, env_dir, l1);
+ if (sub_dir && (*sub_dir != '\0'))
+ memcpy(path + l1, sub_dir, l2);
- path[l1 + l2] = '\0';
+ path[l1 + l2] = '\0';
- return path;
- }
- }
+ return path;
+ }
+ }
- return NULL;
+ return NULL;
}
/**
@@ -594,22 +584,22 @@ EAPI char *eina_module_environment_path_get(const char *env,
* @c NULL, the function returns immediately @p array. @p array can be
* @c NULL. In that case, it is created with 4 elements.
*/
-EAPI Eina_Array *eina_module_arch_list_get(Eina_Array *array,
- const char *path,
- const char *arch)
+EAPI Eina_Array *eina_module_arch_list_get(Eina_Array * array,
+ const char *path,
+ const char *arch)
{
- Dir_List_Get_Cb_Data list_get_cb_data;
+ Dir_List_Get_Cb_Data list_get_cb_data;
- if ((!path) || (!arch))
- return array;
+ if ((!path) || (!arch))
+ return array;
- list_get_cb_data.array = array ? array : eina_array_new(4);
- list_get_cb_data.cb = NULL;
- list_get_cb_data.data = (void *)arch;
+ list_get_cb_data.array = array ? array : eina_array_new(4);
+ list_get_cb_data.cb = NULL;
+ list_get_cb_data.data = (void *) arch;
- eina_file_dir_list(path, 0, &_dir_arch_list_cb, &list_get_cb_data);
+ eina_file_dir_list(path, 0, &_dir_arch_list_cb, &list_get_cb_data);
- return list_get_cb_data.array;
+ return list_get_cb_data.array;
}
/**
@@ -630,28 +620,27 @@ EAPI Eina_Array *eina_module_arch_list_get(Eina_Array *array,
* @p array can be @c NULL. In that case, it is created with 4
* elements. @p cb can be @c NULL.
*/
-EAPI Eina_Array *eina_module_list_get(Eina_Array *array,
- const char *path,
- Eina_Bool recursive,
- Eina_Module_Cb cb,
- void *data)
+EAPI Eina_Array *eina_module_list_get(Eina_Array * array,
+ const char *path,
+ Eina_Bool recursive,
+ Eina_Module_Cb cb, void *data)
{
- Dir_List_Get_Cb_Data list_get_cb_data;
- Dir_List_Cb_Data list_cb_data;
+ Dir_List_Get_Cb_Data list_get_cb_data;
+ Dir_List_Cb_Data list_cb_data;
- if (!path)
- return array;
+ if (!path)
+ return array;
- list_get_cb_data.array = array ? array : eina_array_new(4);
- list_get_cb_data.cb = cb;
- list_get_cb_data.data = data;
+ list_get_cb_data.array = array ? array : eina_array_new(4);
+ list_get_cb_data.cb = cb;
+ list_get_cb_data.data = data;
- list_cb_data.cb = &_dir_list_get_cb;
- list_cb_data.data = &list_get_cb_data;
+ list_cb_data.cb = &_dir_list_get_cb;
+ list_cb_data.data = &list_get_cb_data;
- eina_file_dir_list(path, recursive, &_dir_list_cb, &list_cb_data);
+ eina_file_dir_list(path, recursive, &_dir_list_cb, &list_cb_data);
- return list_get_cb_data.array;
+ return list_get_cb_data.array;
}
/**
@@ -664,35 +653,34 @@ EAPI Eina_Array *eina_module_list_get(Eina_Array *array,
* If the element is found the function returns the module, else
* @c NULL is returned.
*/
-EAPI Eina_Module *
-eina_module_find(const Eina_Array *array, const char *module)
+EAPI Eina_Module *eina_module_find(const Eina_Array * array,
+ const char *module)
{
- unsigned int i;
- Eina_Array_Iterator iterator;
- Eina_Module *m;
-
- EINA_ARRAY_ITER_NEXT(array, i, m, iterator)
- {
- char *file_m;
- char *tmp;
- ssize_t len;
-
- /* basename() can modify its argument, so we first get a copie */
- /* do not use strdupa, as opensolaris does not have it */
- len = strlen(eina_module_file_get(m));
- tmp = alloca(len + 1);
- memcpy(tmp, eina_module_file_get(m), len + 1);
- file_m = basename(tmp);
- len = strlen(file_m);
- len -= sizeof(SHARED_LIB_SUFFIX) - 1;
- if (len <= 0)
- continue;
-
- if (!strncmp(module, file_m, len))
- return m;;
- }
-
- return NULL;
+ unsigned int i;
+ Eina_Array_Iterator iterator;
+ Eina_Module *m;
+
+ EINA_ARRAY_ITER_NEXT(array, i, m, iterator) {
+ char *file_m;
+ char *tmp;
+ ssize_t len;
+
+ /* basename() can modify its argument, so we first get a copie */
+ /* do not use strdupa, as opensolaris does not have it */
+ len = strlen(eina_module_file_get(m));
+ tmp = alloca(len + 1);
+ memcpy(tmp, eina_module_file_get(m), len + 1);
+ file_m = basename(tmp);
+ len = strlen(file_m);
+ len -= sizeof(SHARED_LIB_SUFFIX) - 1;
+ if (len <= 0)
+ continue;
+
+ if (!strncmp(module, file_m, len))
+ return m;;
+ }
+
+ return NULL;
}
/**
@@ -703,16 +691,16 @@ eina_module_find(const Eina_Array *array, const char *module)
* This function calls eina_module_load() on each element found in
* @p array. If @p array is @c NULL, this function does nothing.
*/
-EAPI void eina_module_list_load(Eina_Array *array)
+EAPI void eina_module_list_load(Eina_Array * array)
{
- Eina_Array_Iterator iterator;
- Eina_Module *m;
- unsigned int i;
-
- EINA_SAFETY_ON_NULL_RETURN(array);
- DBG("array %p, count %u", array, array->count);
- EINA_ARRAY_ITER_NEXT(array, i, m, iterator)
- eina_module_load(m);
+ Eina_Array_Iterator iterator;
+ Eina_Module *m;
+ unsigned int i;
+
+ EINA_SAFETY_ON_NULL_RETURN(array);
+ DBG("array %p, count %u", array, array->count);
+ EINA_ARRAY_ITER_NEXT(array, i, m, iterator)
+ eina_module_load(m);
}
/**
@@ -723,16 +711,16 @@ EAPI void eina_module_list_load(Eina_Array *array)
* This function calls eina_module_unload() on each element found in
* @p array. If @p array is @c NULL, this function does nothing.
*/
-EAPI void eina_module_list_unload(Eina_Array *array)
+EAPI void eina_module_list_unload(Eina_Array * array)
{
- Eina_Array_Iterator iterator;
- Eina_Module *m;
- unsigned int i;
-
- EINA_SAFETY_ON_NULL_RETURN(array);
- DBG("array %p, count %u", array, array->count);
- EINA_ARRAY_ITER_NEXT(array, i, m, iterator)
- eina_module_unload(m);
+ Eina_Array_Iterator iterator;
+ Eina_Module *m;
+ unsigned int i;
+
+ EINA_SAFETY_ON_NULL_RETURN(array);
+ DBG("array %p, count %u", array, array->count);
+ EINA_ARRAY_ITER_NEXT(array, i, m, iterator)
+ eina_module_unload(m);
}
/**
@@ -743,18 +731,18 @@ EAPI void eina_module_list_unload(Eina_Array *array)
* This function calls eina_module_free() on each element found in
* @p array. If @p array is @c NULL, this function does nothing.
*/
-EAPI void eina_module_list_free(Eina_Array *array)
+EAPI void eina_module_list_free(Eina_Array * array)
{
- Eina_Array_Iterator iterator;
- Eina_Module *m;
- unsigned int i;
+ Eina_Array_Iterator iterator;
+ Eina_Module *m;
+ unsigned int i;
- EINA_SAFETY_ON_NULL_RETURN(array);
- DBG("array %p, count %u", array, array->count);
- EINA_ARRAY_ITER_NEXT(array, i, m, iterator)
- eina_module_free(m);
+ EINA_SAFETY_ON_NULL_RETURN(array);
+ DBG("array %p, count %u", array, array->count);
+ EINA_ARRAY_ITER_NEXT(array, i, m, iterator)
+ eina_module_free(m);
- eina_array_flush(array);
+ eina_array_flush(array);
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_private.h b/tests/suite/ecore/src/lib/eina_private.h
index 2f8ff8117d..30b3859a1a 100644
--- a/tests/suite/ecore/src/lib/eina_private.h
+++ b/tests/suite/ecore/src/lib/eina_private.h
@@ -22,9 +22,9 @@
#include <stdarg.h>
#if HAVE___ATTRIBUTE__
-# define __UNUSED__ __attribute__((unused))
+#define __UNUSED__ __attribute__((unused))
#else
-# define __UNUSED__
+#define __UNUSED__
#endif
#include "eina_magic.h"
@@ -32,19 +32,19 @@
#include "eina_accessor.h"
#ifndef MIN
-# define MIN(x, y) (((x) > (y)) ? (y) : (x))
+#define MIN(x, y) (((x) > (y)) ? (y) : (x))
#endif
#ifndef MAX
-# define MAX(x, y) (((x) > (y)) ? (x) : (y))
+#define MAX(x, y) (((x) > (y)) ? (x) : (y))
#endif
#ifndef ABS
-# define ABS(x) ((x) < 0 ? -(x) : (x))
+#define ABS(x) ((x) < 0 ? -(x) : (x))
#endif
#ifndef CLAMP
-# define CLAMP(x, min, \
+#define CLAMP(x, min, \
max) (((x) > (max)) ? (max) : (((x) < (min)) ? (min) : (x)))
#endif
@@ -131,5 +131,4 @@ void eina_log_threads_init(void);
void eina_log_threads_shutdown(void);
#endif
-#endif /* EINA_PRIVATE_H_ */
-
+#endif /* EINA_PRIVATE_H_ */
diff --git a/tests/suite/ecore/src/lib/eina_quadtree.c b/tests/suite/ecore/src/lib/eina_quadtree.c
index 251bb96faa..063b87b4c1 100644
--- a/tests/suite/ecore/src/lib/eina_quadtree.c
+++ b/tests/suite/ecore/src/lib/eina_quadtree.c
@@ -24,7 +24,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -74,71 +74,66 @@ static const char EINA_MAGIC_QUADTREE_ITEM_STR[] = "Eina QuadTree Item";
} \
} while(0);
-struct _Eina_QuadTree
-{
- EINA_MAGIC;
+struct _Eina_QuadTree {
+ EINA_MAGIC;
- Eina_QuadTree_Root *root;
+ Eina_QuadTree_Root *root;
- Eina_List *hidden;
+ Eina_List *hidden;
- size_t root_count;
- size_t items_count;
+ size_t root_count;
+ size_t items_count;
- Eina_Trash *items_trash;
- Eina_Trash *root_trash;
+ Eina_Trash *items_trash;
+ Eina_Trash *root_trash;
- Eina_Inlist *change;
- Eina_Inlist *cached;
- Eina_Rectangle target;
+ Eina_Inlist *change;
+ Eina_Inlist *cached;
+ Eina_Rectangle target;
- size_t index;
+ size_t index;
- struct
- {
- Eina_Quad_Callback v;
- Eina_Quad_Callback h;
- } func;
+ struct {
+ Eina_Quad_Callback v;
+ Eina_Quad_Callback h;
+ } func;
- struct
- {
- size_t w;
- size_t h;
- } geom;
+ struct {
+ size_t w;
+ size_t h;
+ } geom;
- Eina_Bool resize : 1;
- Eina_Bool lost : 1;
+ Eina_Bool resize:1;
+ Eina_Bool lost:1;
};
-struct _Eina_QuadTree_Root
-{
- EINA_MAGIC;
+struct _Eina_QuadTree_Root {
+ EINA_MAGIC;
- Eina_QuadTree_Root *parent;
- Eina_QuadTree_Root *left;
- Eina_QuadTree_Root *right;
+ Eina_QuadTree_Root *parent;
+ Eina_QuadTree_Root *left;
+ Eina_QuadTree_Root *right;
- Eina_List *both;
+ Eina_List *both;
- Eina_Bool sorted : 1;
+ Eina_Bool sorted:1;
};
-struct _Eina_QuadTree_Item
-{
- EINA_MAGIC;
- EINA_INLIST;
+struct _Eina_QuadTree_Item {
+ EINA_MAGIC;
+ EINA_INLIST;
- Eina_QuadTree *quad;
- Eina_QuadTree_Root *root;
+ Eina_QuadTree *quad;
+ Eina_QuadTree_Root *root;
- const void *object;
+ const void *object;
- size_t index;
+ size_t index;
- Eina_Bool change : 1;
- Eina_Bool delete_me : 1;
- Eina_Bool visible : 1;
- Eina_Bool hidden : 1;
+ Eina_Bool change:1;
+ Eina_Bool delete_me:1;
+ Eina_Bool visible:1;
+ Eina_Bool hidden:1;
};
static int _eina_log_qd_dom = -1;
@@ -156,761 +151,758 @@ static Eina_Mempool *items_mp = NULL;
#define DBG(...) EINA_LOG_DOM_DBG(_eina_log_qd_dom, __VA_ARGS__)
-static int
-_eina_quadtree_item_cmp(const void *a, const void *b)
+static int _eina_quadtree_item_cmp(const void *a, const void *b)
{
- const Eina_QuadTree_Item *i = a;
- const Eina_QuadTree_Item *j = b;
+ const Eina_QuadTree_Item *i = a;
+ const Eina_QuadTree_Item *j = b;
- return i->index - j->index;
+ return i->index - j->index;
}
-static Eina_QuadTree_Root *
-eina_quadtree_root_free(Eina_QuadTree *q, Eina_QuadTree_Root *root)
+static Eina_QuadTree_Root *eina_quadtree_root_free(Eina_QuadTree * q,
+ Eina_QuadTree_Root *
+ root)
{
- Eina_QuadTree_Item *item;
+ Eina_QuadTree_Item *item;
- if (!root)
- return NULL;
+ if (!root)
+ return NULL;
- EINA_MAGIC_CHECK_QUADTREE_ROOT(root, NULL);
+ EINA_MAGIC_CHECK_QUADTREE_ROOT(root, NULL);
- EINA_LIST_FREE(root->both, item)
- eina_mempool_free(items_mp, item);
+ EINA_LIST_FREE(root->both, item)
+ eina_mempool_free(items_mp, item);
- root->left = eina_quadtree_root_free(q, root->left);
- root->right = eina_quadtree_root_free(q, root->right);
+ root->left = eina_quadtree_root_free(q, root->left);
+ root->right = eina_quadtree_root_free(q, root->right);
- EINA_MAGIC_SET(root, 0);
- eina_mempool_free(root_mp, root);
+ EINA_MAGIC_SET(root, 0);
+ eina_mempool_free(root_mp, root);
- return NULL;
+ return NULL;
}
-static Eina_QuadTree_Root *
-eina_quadtree_root_rebuild_pre(Eina_QuadTree *q,
- Eina_Inlist **change,
- Eina_QuadTree_Root *root)
+static Eina_QuadTree_Root *eina_quadtree_root_rebuild_pre(Eina_QuadTree *
+ q,
+ Eina_Inlist **
+ change,
+ Eina_QuadTree_Root
+ * root)
{
- Eina_QuadTree_Item *item;
-
- if (!root)
- return NULL;
-
- EINA_LIST_FREE(root->both, item)
- {
- if (item->visible)
- *change = eina_inlist_append(*change, EINA_INLIST_GET(item));
- else if (!item->hidden)
- {
- q->hidden = eina_list_append(q->hidden, item);
- item->hidden = EINA_TRUE;
- item->root = NULL;
- }
- }
-
- root->left = eina_quadtree_root_rebuild_pre(q, change, root->left);
- root->right = eina_quadtree_root_rebuild_pre(q, change, root->right);
-
- EINA_MAGIC_SET(root, 0);
- if (q->root_count > 50)
- eina_mempool_free(root_mp, root);
- else
- {
- eina_trash_push(&q->root_trash, root);
- q->root_count++;
- }
-
- return NULL;
+ Eina_QuadTree_Item *item;
+
+ if (!root)
+ return NULL;
+
+ EINA_LIST_FREE(root->both, item) {
+ if (item->visible)
+ *change =
+ eina_inlist_append(*change,
+ EINA_INLIST_GET(item));
+ else if (!item->hidden) {
+ q->hidden = eina_list_append(q->hidden, item);
+ item->hidden = EINA_TRUE;
+ item->root = NULL;
+ }
+ }
+
+ root->left = eina_quadtree_root_rebuild_pre(q, change, root->left);
+ root->right =
+ eina_quadtree_root_rebuild_pre(q, change, root->right);
+
+ EINA_MAGIC_SET(root, 0);
+ if (q->root_count > 50)
+ eina_mempool_free(root_mp, root);
+ else {
+ eina_trash_push(&q->root_trash, root);
+ q->root_count++;
+ }
+
+ return NULL;
}
static size_t
-_eina_quadtree_split(Eina_Inlist *objects,
- Eina_QuadTree_Root *root,
- Eina_Inlist **left,
- Eina_Inlist **right,
- Eina_Quad_Callback func,
- int border,
- int middle)
+_eina_quadtree_split(Eina_Inlist * objects,
+ Eina_QuadTree_Root * root,
+ Eina_Inlist ** left,
+ Eina_Inlist ** right,
+ Eina_Quad_Callback func, int border, int middle)
{
- Eina_QuadTree_Item *object;
-
- middle /= 2;
-
- if (middle <= 4)
- while (objects)
- {
- object = EINA_INLIST_CONTAINER_GET(objects, Eina_QuadTree_Item);
- objects = objects->next;
-
- object->change = EINA_FALSE;
- if (!object->visible)
- {
- if (!object->hidden)
- {
- object->hidden = EINA_TRUE;
- object->quad->hidden = eina_list_append(
- object->quad->hidden,
- object);
- }
-
- continue;
- }
-
- if (object->hidden)
- {
- object->hidden = EINA_FALSE;
- object->quad->hidden = eina_list_remove(object->quad->hidden,
- object);
- }
-
- if (!object->delete_me)
- {
- if (root->sorted)
- root->both = eina_list_sorted_insert(root->both,
- _eina_quadtree_item_cmp,
- object);
- else
- root->both = eina_list_append(root->both, object);
-
- object->root = root;
- }
- else
- eina_quadtree_del(object);
- }
- else
- while (objects)
- {
- object = EINA_INLIST_CONTAINER_GET(objects, Eina_QuadTree_Item);
- objects = objects->next;
-
- object->change = EINA_FALSE;
- if (!object->visible)
- {
- if (!object->hidden)
- {
- object->hidden = EINA_TRUE;
- object->quad->hidden = eina_list_append(
- object->quad->hidden,
- object);
- }
-
- continue;
- }
-
- if (object->hidden)
- {
- object->hidden = EINA_FALSE;
- object->quad->hidden = eina_list_remove(object->quad->hidden,
- object);
- }
-
- if (!object->delete_me)
- {
- switch (func(object->object, border + middle))
- {
- case EINA_QUAD_LEFT:
- *left = eina_inlist_append(*left, EINA_INLIST_GET(object));
- break;
-
- case EINA_QUAD_RIGHT:
- *right =
- eina_inlist_append(*right, EINA_INLIST_GET(object));
- break;
-
- case EINA_QUAD_BOTH:
- root->both = eina_list_append(root->both, object);
- object->root = root;
- break;
-
- default:
- abort();
- }
- }
- else
- eina_quadtree_del(object);
- }
-
- return middle;
+ Eina_QuadTree_Item *object;
+
+ middle /= 2;
+
+ if (middle <= 4)
+ while (objects) {
+ object =
+ EINA_INLIST_CONTAINER_GET(objects,
+ Eina_QuadTree_Item);
+ objects = objects->next;
+
+ object->change = EINA_FALSE;
+ if (!object->visible) {
+ if (!object->hidden) {
+ object->hidden = EINA_TRUE;
+ object->quad->hidden =
+ eina_list_append(object->quad->
+ hidden,
+ object);
+ }
+
+ continue;
+ }
+
+ if (object->hidden) {
+ object->hidden = EINA_FALSE;
+ object->quad->hidden =
+ eina_list_remove(object->quad->hidden,
+ object);
+ }
+
+ if (!object->delete_me) {
+ if (root->sorted)
+ root->both =
+ eina_list_sorted_insert(root->
+ both,
+ _eina_quadtree_item_cmp,
+ object);
+ else
+ root->both =
+ eina_list_append(root->both,
+ object);
+
+ object->root = root;
+ } else
+ eina_quadtree_del(object);
+ } else
+ while (objects) {
+ object =
+ EINA_INLIST_CONTAINER_GET(objects,
+ Eina_QuadTree_Item);
+ objects = objects->next;
+
+ object->change = EINA_FALSE;
+ if (!object->visible) {
+ if (!object->hidden) {
+ object->hidden = EINA_TRUE;
+ object->quad->hidden =
+ eina_list_append(object->quad->
+ hidden,
+ object);
+ }
+
+ continue;
+ }
+
+ if (object->hidden) {
+ object->hidden = EINA_FALSE;
+ object->quad->hidden =
+ eina_list_remove(object->quad->hidden,
+ object);
+ }
+
+ if (!object->delete_me) {
+ switch (func
+ (object->object,
+ border + middle)) {
+ case EINA_QUAD_LEFT:
+ *left =
+ eina_inlist_append(*left,
+ EINA_INLIST_GET
+ (object));
+ break;
+
+ case EINA_QUAD_RIGHT:
+ *right =
+ eina_inlist_append(*right,
+ EINA_INLIST_GET
+ (object));
+ break;
+
+ case EINA_QUAD_BOTH:
+ root->both =
+ eina_list_append(root->both,
+ object);
+ object->root = root;
+ break;
+
+ default:
+ abort();
+ }
+ } else
+ eina_quadtree_del(object);
+ }
+
+ return middle;
}
-static Eina_QuadTree_Root *
-_eina_quadtree_update(Eina_QuadTree *q, Eina_QuadTree_Root *parent,
- Eina_QuadTree_Root *root, Eina_Inlist *objects,
- Eina_Bool direction, Eina_Rectangle *size)
+static Eina_QuadTree_Root *_eina_quadtree_update(Eina_QuadTree * q,
+ Eina_QuadTree_Root *
+ parent,
+ Eina_QuadTree_Root * root,
+ Eina_Inlist * objects,
+ Eina_Bool direction,
+ Eina_Rectangle * size)
{
- Eina_Inlist *right = NULL;
- Eina_Inlist *left = NULL;
- size_t w2;
- size_t h2;
-
- if (!objects)
- return root;
-
- if (!root)
- {
- root = eina_trash_pop(&q->root_trash);
- if (!root)
- root = eina_mempool_malloc(root_mp, sizeof (Eina_QuadTree_Root));
- else
- q->root_count--;
-
- if (!root)
- /* FIXME: NOT GOOD TIMING, WE ARE GOING TO LEAK MORE MEMORY */
- return NULL;
-
- root->parent = parent;
- root->both = NULL;
- root->left = NULL;
- root->right = NULL;
- root->sorted = EINA_TRUE;
-
- EINA_MAGIC_SET(root, EINA_MAGIC_QUADTREE_ROOT);
- }
-
- w2 = 0;
- h2 = 0;
-
- if (direction)
- w2 = _eina_quadtree_split(objects, root,
- &left, &right,
- q->func.h, size->x, size->w);
- else
- h2 = _eina_quadtree_split(objects, root,
- &left, &right,
- q->func.v, size->y, size->h);
-
- size->w -= w2; size->h -= h2;
- root->left = _eina_quadtree_update(q, root,
- root->left, left,
- !direction, size);
- size->x += w2; size->y += h2;
- root->right = _eina_quadtree_update(q, root,
- root->right, right,
- !direction, size);
- size->x -= w2; size->y -= h2;
- size->w += w2; size->h += h2;
-
- return root;
+ Eina_Inlist *right = NULL;
+ Eina_Inlist *left = NULL;
+ size_t w2;
+ size_t h2;
+
+ if (!objects)
+ return root;
+
+ if (!root) {
+ root = eina_trash_pop(&q->root_trash);
+ if (!root)
+ root =
+ eina_mempool_malloc(root_mp,
+ sizeof
+ (Eina_QuadTree_Root));
+ else
+ q->root_count--;
+
+ if (!root)
+ /* FIXME: NOT GOOD TIMING, WE ARE GOING TO LEAK MORE MEMORY */
+ return NULL;
+
+ root->parent = parent;
+ root->both = NULL;
+ root->left = NULL;
+ root->right = NULL;
+ root->sorted = EINA_TRUE;
+
+ EINA_MAGIC_SET(root, EINA_MAGIC_QUADTREE_ROOT);
+ }
+
+ w2 = 0;
+ h2 = 0;
+
+ if (direction)
+ w2 = _eina_quadtree_split(objects, root,
+ &left, &right,
+ q->func.h, size->x, size->w);
+ else
+ h2 = _eina_quadtree_split(objects, root,
+ &left, &right,
+ q->func.v, size->y, size->h);
+
+ size->w -= w2;
+ size->h -= h2;
+ root->left = _eina_quadtree_update(q, root,
+ root->left, left,
+ !direction, size);
+ size->x += w2;
+ size->y += h2;
+ root->right = _eina_quadtree_update(q, root,
+ root->right, right,
+ !direction, size);
+ size->x -= w2;
+ size->y -= h2;
+ size->w += w2;
+ size->h += h2;
+
+ return root;
}
-static Eina_Inlist *
-_eina_quadtree_merge(Eina_Inlist *result,
- Eina_List *both)
+static Eina_Inlist *_eina_quadtree_merge(Eina_Inlist * result,
+ Eina_List * both)
{
- Eina_QuadTree_Item *item;
- Eina_QuadTree_Item *b;
- Eina_Inlist *moving;
-
- if (!both)
- return result;
-
- if (!result)
- {
- Eina_List *l;
-
- EINA_LIST_FOREACH(both, l, item)
- if (item->visible)
- result = eina_inlist_append(result, EINA_INLIST_GET(item));
-
- return result;
- }
-
- moving = result;
-
- item = EINA_INLIST_CONTAINER_GET(moving, Eina_QuadTree_Item);
- b = eina_list_data_get(both);
-
- while (both && moving)
- {
- if (!b->visible)
- {
- both = eina_list_next(both);
- b = eina_list_data_get(both);
- continue;
- }
-
- if (_eina_quadtree_item_cmp(item, b) < 0)
- {
- /* moving is still lower than item, so we can continue to the next one. */
- moving = moving->next;
- item = EINA_INLIST_CONTAINER_GET(moving, Eina_QuadTree_Item);
- }
- else
- {
- /* we just get above the limit of both, so insert it */
- result = eina_inlist_prepend_relative(result,
- EINA_INLIST_GET(b),
- moving);
- both = eina_list_next(both);
- b = eina_list_data_get(both);
- }
- }
-
- item = EINA_INLIST_CONTAINER_GET(result->last, Eina_QuadTree_Item);
-
- while (both)
- {
- b = eina_list_data_get(both);
- if (b->visible)
- {
- if (_eina_quadtree_item_cmp(item, b) < 0)
- break;
-
- result = eina_inlist_prepend_relative(result,
- EINA_INLIST_GET(b),
- result->last);
- }
-
- both = eina_list_next(both);
- }
-
- while (both)
- {
- b = eina_list_data_get(both);
- if (b->visible)
- result = eina_inlist_append(result, EINA_INLIST_GET(b));
-
- both = eina_list_next(both);
- }
-
- return result;
+ Eina_QuadTree_Item *item;
+ Eina_QuadTree_Item *b;
+ Eina_Inlist *moving;
+
+ if (!both)
+ return result;
+
+ if (!result) {
+ Eina_List *l;
+
+ EINA_LIST_FOREACH(both, l, item)
+ if (item->visible)
+ result =
+ eina_inlist_append(result,
+ EINA_INLIST_GET(item));
+
+ return result;
+ }
+
+ moving = result;
+
+ item = EINA_INLIST_CONTAINER_GET(moving, Eina_QuadTree_Item);
+ b = eina_list_data_get(both);
+
+ while (both && moving) {
+ if (!b->visible) {
+ both = eina_list_next(both);
+ b = eina_list_data_get(both);
+ continue;
+ }
+
+ if (_eina_quadtree_item_cmp(item, b) < 0) {
+ /* moving is still lower than item, so we can continue to the next one. */
+ moving = moving->next;
+ item =
+ EINA_INLIST_CONTAINER_GET(moving,
+ Eina_QuadTree_Item);
+ } else {
+ /* we just get above the limit of both, so insert it */
+ result = eina_inlist_prepend_relative(result,
+ EINA_INLIST_GET
+ (b), moving);
+ both = eina_list_next(both);
+ b = eina_list_data_get(both);
+ }
+ }
+
+ item = EINA_INLIST_CONTAINER_GET(result->last, Eina_QuadTree_Item);
+
+ while (both) {
+ b = eina_list_data_get(both);
+ if (b->visible) {
+ if (_eina_quadtree_item_cmp(item, b) < 0)
+ break;
+
+ result = eina_inlist_prepend_relative(result,
+ EINA_INLIST_GET
+ (b),
+ result->
+ last);
+ }
+
+ both = eina_list_next(both);
+ }
+
+ while (both) {
+ b = eina_list_data_get(both);
+ if (b->visible)
+ result =
+ eina_inlist_append(result, EINA_INLIST_GET(b));
+
+ both = eina_list_next(both);
+ }
+
+ return result;
}
-static Eina_Inlist *
-_eina_quadtree_collide(Eina_Inlist *result,
- Eina_QuadTree_Root *root,
- Eina_Bool direction, Eina_Rectangle *size,
- Eina_Rectangle *target)
+static Eina_Inlist *_eina_quadtree_collide(Eina_Inlist * result,
+ Eina_QuadTree_Root * root,
+ Eina_Bool direction,
+ Eina_Rectangle * size,
+ Eina_Rectangle * target)
{
- if (!root)
- return result;
-
- if (!root->sorted)
- {
- root->both = eina_list_sort(root->both, -1, _eina_quadtree_item_cmp);
- root->sorted = EINA_TRUE;
- }
-
- result = _eina_quadtree_merge(result, root->both);
- DBG("%p: %i in both for (%i, %i - %i, %i)",
- root, eina_list_count(root->both),
- size->x, size->y, size->w, size->h);
-
- if (direction)
- {
- int middle = size->w / 2;
-
- size->w -= middle;
- if (eina_spans_intersect(size->x, size->w, target->x, target->w))
- result = _eina_quadtree_collide(result, root->left,
- !direction, size,
- target);
-
- size->x += middle;
- if (eina_spans_intersect(size->x, size->w, target->x, target->w))
- result = _eina_quadtree_collide(result, root->right,
- !direction, size,
- target);
-
- size->x -= middle;
- size->w += middle;
- }
- else
- {
- int middle = size->h / 2;
-
- size->h -= middle;
- if (eina_spans_intersect(size->y, size->h, target->y, target->h))
- result = _eina_quadtree_collide(result, root->left,
- !direction, size,
- target);
-
- size->y += middle;
- if (eina_spans_intersect(size->y, size->h, target->y, target->h))
- result = _eina_quadtree_collide(result, root->right,
- !direction, size,
- target);
-
- size->y -= middle;
- size->h += middle;
- }
-
- return result;
+ if (!root)
+ return result;
+
+ if (!root->sorted) {
+ root->both =
+ eina_list_sort(root->both, -1,
+ _eina_quadtree_item_cmp);
+ root->sorted = EINA_TRUE;
+ }
+
+ result = _eina_quadtree_merge(result, root->both);
+ DBG("%p: %i in both for (%i, %i - %i, %i)",
+ root, eina_list_count(root->both),
+ size->x, size->y, size->w, size->h);
+
+ if (direction) {
+ int middle = size->w / 2;
+
+ size->w -= middle;
+ if (eina_spans_intersect
+ (size->x, size->w, target->x, target->w))
+ result =
+ _eina_quadtree_collide(result, root->left,
+ !direction, size,
+ target);
+
+ size->x += middle;
+ if (eina_spans_intersect
+ (size->x, size->w, target->x, target->w))
+ result =
+ _eina_quadtree_collide(result, root->right,
+ !direction, size,
+ target);
+
+ size->x -= middle;
+ size->w += middle;
+ } else {
+ int middle = size->h / 2;
+
+ size->h -= middle;
+ if (eina_spans_intersect
+ (size->y, size->h, target->y, target->h))
+ result =
+ _eina_quadtree_collide(result, root->left,
+ !direction, size,
+ target);
+
+ size->y += middle;
+ if (eina_spans_intersect
+ (size->y, size->h, target->y, target->h))
+ result =
+ _eina_quadtree_collide(result, root->right,
+ !direction, size,
+ target);
+
+ size->y -= middle;
+ size->h += middle;
+ }
+
+ return result;
}
-static void
-_eina_quadtree_remove(Eina_QuadTree_Item *object)
+static void _eina_quadtree_remove(Eina_QuadTree_Item * object)
{
- if (!object->root)
- return;
-
- object->root->both = eina_list_remove(object->root->both, object);
- if (object->root->both)
- goto end;
-
- if (object->root->left)
- goto end;
-
- if (object->root->right)
- goto end;
-
- /* The root is not useful anymore... */
- if (object->root->parent)
- {
- if (object->root->parent->left == object->root)
- object->root->parent->left = NULL;
- else
- object->root->parent->right = NULL;
-
- object->root->parent = NULL;
- }
- else
- object->quad->root = NULL;
-
- if (object->quad->root_count > 50)
- eina_mempool_free(root_mp, object->root);
- else
- {
- eina_trash_push(&object->quad->root_trash, object->root);
- object->quad->root_count++;
- }
-
-end:
- object->root = NULL;
+ if (!object->root)
+ return;
+
+ object->root->both = eina_list_remove(object->root->both, object);
+ if (object->root->both)
+ goto end;
+
+ if (object->root->left)
+ goto end;
+
+ if (object->root->right)
+ goto end;
+
+ /* The root is not useful anymore... */
+ if (object->root->parent) {
+ if (object->root->parent->left == object->root)
+ object->root->parent->left = NULL;
+ else
+ object->root->parent->right = NULL;
+
+ object->root->parent = NULL;
+ } else
+ object->quad->root = NULL;
+
+ if (object->quad->root_count > 50)
+ eina_mempool_free(root_mp, object->root);
+ else {
+ eina_trash_push(&object->quad->root_trash, object->root);
+ object->quad->root_count++;
+ }
+
+ end:
+ object->root = NULL;
}
-EAPI Eina_QuadTree *
-eina_quadtree_new(size_t w, size_t h,
- Eina_Quad_Callback vertical, Eina_Quad_Callback horizontal)
+EAPI Eina_QuadTree *eina_quadtree_new(size_t w, size_t h,
+ Eina_Quad_Callback vertical,
+ Eina_Quad_Callback horizontal)
{
- Eina_QuadTree *result;
+ Eina_QuadTree *result;
- if (!vertical || !horizontal || h == 0 || w == 0)
- return NULL;
+ if (!vertical || !horizontal || h == 0 || w == 0)
+ return NULL;
- result = calloc(1, sizeof (Eina_QuadTree));
- if (!result)
- return NULL;
+ result = calloc(1, sizeof(Eina_QuadTree));
+ if (!result)
+ return NULL;
- result->func.v = vertical;
- result->func.h = horizontal;
+ result->func.v = vertical;
+ result->func.h = horizontal;
- result->geom.w = w;
- result->geom.h = h;
+ result->geom.w = w;
+ result->geom.h = h;
- result->change = NULL;
+ result->change = NULL;
- result->lost = EINA_TRUE;
+ result->lost = EINA_TRUE;
- EINA_MAGIC_SET(result, EINA_MAGIC_QUADTREE);
+ EINA_MAGIC_SET(result, EINA_MAGIC_QUADTREE);
- return result;
+ return result;
}
-EAPI void
-eina_quadtree_free(Eina_QuadTree *q)
+EAPI void eina_quadtree_free(Eina_QuadTree * q)
{
- Eina_QuadTree_Item *item;
+ Eina_QuadTree_Item *item;
- if (!q)
- return;
+ if (!q)
+ return;
- EINA_MAGIC_CHECK_QUADTREE(q);
+ EINA_MAGIC_CHECK_QUADTREE(q);
- while (q->change)
- {
- item = EINA_INLIST_CONTAINER_GET(q->change, Eina_QuadTree_Item);
- q->change = q->change->next;
- if (!item->hidden)
- eina_mempool_free(items_mp, item);
- }
+ while (q->change) {
+ item =
+ EINA_INLIST_CONTAINER_GET(q->change,
+ Eina_QuadTree_Item);
+ q->change = q->change->next;
+ if (!item->hidden)
+ eina_mempool_free(items_mp, item);
+ }
- EINA_LIST_FREE(q->hidden, item)
- eina_mempool_free(items_mp, item);
+ EINA_LIST_FREE(q->hidden, item)
+ eina_mempool_free(items_mp, item);
- eina_quadtree_root_free(q, q->root);
+ eina_quadtree_root_free(q, q->root);
- while (q->items_trash)
- {
- item = eina_trash_pop(&q->items_trash);
- eina_mempool_free(items_mp, item);
- }
+ while (q->items_trash) {
+ item = eina_trash_pop(&q->items_trash);
+ eina_mempool_free(items_mp, item);
+ }
- while (q->root_trash)
- {
- Eina_QuadTree_Root *root;
+ while (q->root_trash) {
+ Eina_QuadTree_Root *root;
- root = eina_trash_pop(&q->root_trash);
- eina_mempool_free(root_mp, root);
- }
+ root = eina_trash_pop(&q->root_trash);
+ eina_mempool_free(root_mp, root);
+ }
- EINA_MAGIC_SET(q, 0);
- free(q);
+ EINA_MAGIC_SET(q, 0);
+ free(q);
}
-EAPI Eina_QuadTree_Item *
-eina_quadtree_add(Eina_QuadTree *q, const void *object)
+EAPI Eina_QuadTree_Item *eina_quadtree_add(Eina_QuadTree * q,
+ const void *object)
{
- Eina_QuadTree_Item *result;
+ Eina_QuadTree_Item *result;
- EINA_MAGIC_CHECK_QUADTREE(q, NULL);
+ EINA_MAGIC_CHECK_QUADTREE(q, NULL);
- if (!object)
- return NULL;
+ if (!object)
+ return NULL;
- result = eina_trash_pop(&q->items_trash);
- if (!result)
- result = eina_mempool_malloc(items_mp, sizeof (Eina_QuadTree_Item));
- else
- q->items_count--;
+ result = eina_trash_pop(&q->items_trash);
+ if (!result)
+ result =
+ eina_mempool_malloc(items_mp,
+ sizeof(Eina_QuadTree_Item));
+ else
+ q->items_count--;
- if (!result)
- return NULL;
+ if (!result)
+ return NULL;
- result->quad = q;
- result->root = NULL;
- result->object = object;
+ result->quad = q;
+ result->root = NULL;
+ result->object = object;
- result->index = q->index++;
+ result->index = q->index++;
- result->change = EINA_TRUE;
- result->delete_me = EINA_FALSE;
- result->visible = EINA_TRUE;
- result->hidden = EINA_FALSE;
+ result->change = EINA_TRUE;
+ result->delete_me = EINA_FALSE;
+ result->visible = EINA_TRUE;
+ result->hidden = EINA_FALSE;
- EINA_MAGIC_SET(result, EINA_MAGIC_QUADTREE_ITEM);
+ EINA_MAGIC_SET(result, EINA_MAGIC_QUADTREE_ITEM);
- /* Insertion is delayed until we really need to use it */
- q->change = eina_inlist_append(q->change, EINA_INLIST_GET(result));
+ /* Insertion is delayed until we really need to use it */
+ q->change = eina_inlist_append(q->change, EINA_INLIST_GET(result));
- return result;
+ return result;
}
-EAPI Eina_Bool
-eina_quadtree_del(Eina_QuadTree_Item *object)
+EAPI Eina_Bool eina_quadtree_del(Eina_QuadTree_Item * object)
{
- if (!object)
- return EINA_FALSE;
-
- EINA_MAGIC_CHECK_QUADTREE_ITEM(object, EINA_FALSE);
-
- _eina_quadtree_remove(object);
-
- if (object->change)
- {
- /* This object is still in the update array, delaying it's removal !*/
- object->delete_me = EINA_TRUE;
- object->visible = EINA_TRUE;
- return EINA_TRUE;
- }
-
- if (object->hidden)
- {
- object->quad->hidden = eina_list_remove(object->quad->hidden, object);
- object->hidden = EINA_TRUE;
- }
-
- /* This object is not anymore inside the tree, we can remove it now !*/
- EINA_MAGIC_SET(object, 0);
- if (object->quad->items_count > 256)
- eina_mempool_free(items_mp, object);
- else
- {
- object->quad->items_count++;
- eina_trash_push(&object->quad->items_trash, object);
- }
-
- return EINA_TRUE;
+ if (!object)
+ return EINA_FALSE;
+
+ EINA_MAGIC_CHECK_QUADTREE_ITEM(object, EINA_FALSE);
+
+ _eina_quadtree_remove(object);
+
+ if (object->change) {
+ /* This object is still in the update array, delaying it's removal ! */
+ object->delete_me = EINA_TRUE;
+ object->visible = EINA_TRUE;
+ return EINA_TRUE;
+ }
+
+ if (object->hidden) {
+ object->quad->hidden =
+ eina_list_remove(object->quad->hidden, object);
+ object->hidden = EINA_TRUE;
+ }
+
+ /* This object is not anymore inside the tree, we can remove it now ! */
+ EINA_MAGIC_SET(object, 0);
+ if (object->quad->items_count > 256)
+ eina_mempool_free(items_mp, object);
+ else {
+ object->quad->items_count++;
+ eina_trash_push(&object->quad->items_trash, object);
+ }
+
+ return EINA_TRUE;
}
-EAPI Eina_Bool
-eina_quadtree_change(Eina_QuadTree_Item *object)
+EAPI Eina_Bool eina_quadtree_change(Eina_QuadTree_Item * object)
{
- EINA_MAGIC_CHECK_QUADTREE_ITEM(object, EINA_FALSE);
+ EINA_MAGIC_CHECK_QUADTREE_ITEM(object, EINA_FALSE);
- if (object->delete_me || !object->visible)
- return EINA_FALSE;
+ if (object->delete_me || !object->visible)
+ return EINA_FALSE;
- if (object->quad->resize)
- return EINA_TRUE;
+ if (object->quad->resize)
+ return EINA_TRUE;
- /* Delaying change until needed */
- if (!object->change)
- object->quad->change = eina_inlist_append(object->quad->change,
- EINA_INLIST_GET(object));
+ /* Delaying change until needed */
+ if (!object->change)
+ object->quad->change =
+ eina_inlist_append(object->quad->change,
+ EINA_INLIST_GET(object));
- object->change = EINA_TRUE;
+ object->change = EINA_TRUE;
- _eina_quadtree_remove(object);
+ _eina_quadtree_remove(object);
- return EINA_TRUE;
+ return EINA_TRUE;
}
-EAPI Eina_Bool
-eina_quadtree_hide(Eina_QuadTree_Item *object)
+EAPI Eina_Bool eina_quadtree_hide(Eina_QuadTree_Item * object)
{
- EINA_MAGIC_CHECK_QUADTREE_ITEM(object, EINA_FALSE);
+ EINA_MAGIC_CHECK_QUADTREE_ITEM(object, EINA_FALSE);
- object->visible = EINA_FALSE;
+ object->visible = EINA_FALSE;
- return EINA_TRUE;
+ return EINA_TRUE;
}
-EAPI Eina_Bool
-eina_quadtree_show(Eina_QuadTree_Item *object)
+EAPI Eina_Bool eina_quadtree_show(Eina_QuadTree_Item * object)
{
- EINA_MAGIC_CHECK_QUADTREE_ITEM(object, EINA_FALSE);
+ EINA_MAGIC_CHECK_QUADTREE_ITEM(object, EINA_FALSE);
- object->quad->lost = EINA_TRUE;
+ object->quad->lost = EINA_TRUE;
- if (object->visible)
- return EINA_TRUE;
+ if (object->visible)
+ return EINA_TRUE;
- object->visible = EINA_TRUE;
- if (!object->change)
- return eina_quadtree_change(object);
+ object->visible = EINA_TRUE;
+ if (!object->change)
+ return eina_quadtree_change(object);
- return EINA_TRUE;
+ return EINA_TRUE;
}
-EAPI Eina_Inlist *
-eina_quadtree_collide(Eina_QuadTree *q, int x, int y, int w, int h)
+EAPI Eina_Inlist *eina_quadtree_collide(Eina_QuadTree * q, int x, int y,
+ int w, int h)
{
- Eina_Rectangle canvas;
-
- EINA_MAGIC_CHECK_QUADTREE(q, NULL);
-
- /* Now we need the tree to be up to date, so it's time */
- if (q->resize) /* Full rebuild needed ! */
- {
- DBG("resizing quadtree");
- q->root = eina_quadtree_root_rebuild_pre(q, &q->change, q->root);
- q->resize = EINA_FALSE;
- }
-
- EINA_RECTANGLE_SET(&canvas, 0, 0, q->geom.w, q->geom.h);
-
- if (q->change)
- {
- DBG("updating quadtree content");
- q->root = _eina_quadtree_update(q, NULL, q->root, q->change,
- EINA_FALSE, &canvas);
- q->change = NULL;
- q->lost = EINA_TRUE;
- }
-
- if (q->target.x != x
- || q->target.y != y
- || q->target.w != w
- || q->target.h != h)
- {
- DBG("new target");
- EINA_RECTANGLE_SET(&q->target, x, y, w, h);
- q->lost = EINA_TRUE;
- }
-
- if (q->lost)
- {
- DBG("computing collide");
- q->cached = _eina_quadtree_collide(NULL, q->root,
- EINA_FALSE, &canvas,
- &q->target);
- q->lost = EINA_FALSE;
- }
-
- return q->cached;
+ Eina_Rectangle canvas;
+
+ EINA_MAGIC_CHECK_QUADTREE(q, NULL);
+
+ /* Now we need the tree to be up to date, so it's time */
+ if (q->resize) { /* Full rebuild needed ! */
+ DBG("resizing quadtree");
+ q->root =
+ eina_quadtree_root_rebuild_pre(q, &q->change, q->root);
+ q->resize = EINA_FALSE;
+ }
+
+ EINA_RECTANGLE_SET(&canvas, 0, 0, q->geom.w, q->geom.h);
+
+ if (q->change) {
+ DBG("updating quadtree content");
+ q->root =
+ _eina_quadtree_update(q, NULL, q->root, q->change,
+ EINA_FALSE, &canvas);
+ q->change = NULL;
+ q->lost = EINA_TRUE;
+ }
+
+ if (q->target.x != x
+ || q->target.y != y || q->target.w != w || q->target.h != h) {
+ DBG("new target");
+ EINA_RECTANGLE_SET(&q->target, x, y, w, h);
+ q->lost = EINA_TRUE;
+ }
+
+ if (q->lost) {
+ DBG("computing collide");
+ q->cached = _eina_quadtree_collide(NULL, q->root,
+ EINA_FALSE, &canvas,
+ &q->target);
+ q->lost = EINA_FALSE;
+ }
+
+ return q->cached;
}
-EAPI void *
-eina_quadtree_object(Eina_Inlist *item)
+EAPI void *eina_quadtree_object(Eina_Inlist * item)
{
- Eina_QuadTree_Item *qi;
+ Eina_QuadTree_Item *qi;
- if (!item)
- return NULL;
+ if (!item)
+ return NULL;
- qi = EINA_INLIST_CONTAINER_GET(item, Eina_QuadTree_Item);
- if (!qi)
- return NULL;
+ qi = EINA_INLIST_CONTAINER_GET(item, Eina_QuadTree_Item);
+ if (!qi)
+ return NULL;
- EINA_MAGIC_CHECK_QUADTREE_ITEM(qi, NULL);
+ EINA_MAGIC_CHECK_QUADTREE_ITEM(qi, NULL);
- if (!qi->visible)
- return NULL;
+ if (!qi->visible)
+ return NULL;
- return (void *)qi->object;
+ return (void *) qi->object;
}
-EAPI void
-eina_quadtree_resize(Eina_QuadTree *q, size_t w, size_t h)
+EAPI void eina_quadtree_resize(Eina_QuadTree * q, size_t w, size_t h)
{
- EINA_MAGIC_CHECK_QUADTREE(q);
+ EINA_MAGIC_CHECK_QUADTREE(q);
- if (q->geom.w == w
- && q->geom.h == h)
- return;
+ if (q->geom.w == w && q->geom.h == h)
+ return;
- q->resize = EINA_TRUE;
- q->geom.w = w;
- q->geom.h = h;
+ q->resize = EINA_TRUE;
+ q->geom.w = w;
+ q->geom.h = h;
}
-EAPI void
-eina_quadtree_cycle(Eina_QuadTree *q)
+EAPI void eina_quadtree_cycle(Eina_QuadTree * q)
{
- EINA_MAGIC_CHECK_QUADTREE(q);
+ EINA_MAGIC_CHECK_QUADTREE(q);
- q->index = 0;
+ q->index = 0;
}
-EAPI void
-eina_quadtree_increase(Eina_QuadTree_Item *object)
+EAPI void eina_quadtree_increase(Eina_QuadTree_Item * object)
{
- size_t tmp;
+ size_t tmp;
- tmp = object->quad->index++;
- if (object->index == tmp)
- return;
+ tmp = object->quad->index++;
+ if (object->index == tmp)
+ return;
- object->index = tmp;
- if (object->root)
- object->root->sorted = EINA_FALSE;
+ object->index = tmp;
+ if (object->root)
+ object->root->sorted = EINA_FALSE;
}
-Eina_Bool
-eina_quadtree_init(void)
+Eina_Bool eina_quadtree_init(void)
{
- _eina_log_qd_dom = eina_log_domain_register("eina_quadtree",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_log_qd_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_quadtree");
- return EINA_FALSE;
- }
-
+ _eina_log_qd_dom = eina_log_domain_register("eina_quadtree",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_log_qd_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_quadtree");
+ return EINA_FALSE;
+ }
#define EMS(n) eina_magic_string_static_set(n, n ## _STR)
- EMS(EINA_MAGIC_QUADTREE);
- EMS(EINA_MAGIC_QUADTREE_ROOT);
- EMS(EINA_MAGIC_QUADTREE_ITEM);
+ EMS(EINA_MAGIC_QUADTREE);
+ EMS(EINA_MAGIC_QUADTREE_ROOT);
+ EMS(EINA_MAGIC_QUADTREE_ITEM);
#undef EMS
- items_mp = eina_mempool_add("chained_mempool", "QuadTree Item", NULL,
- sizeof (Eina_QuadTree_Item), 320);
- root_mp = eina_mempool_add("chained_mempool", "QuadTree Root", NULL,
- sizeof (Eina_QuadTree_Root), 32);
+ items_mp =
+ eina_mempool_add("chained_mempool", "QuadTree Item", NULL,
+ sizeof(Eina_QuadTree_Item), 320);
+ root_mp =
+ eina_mempool_add("chained_mempool", "QuadTree Root", NULL,
+ sizeof(Eina_QuadTree_Root), 32);
- return EINA_TRUE;
+ return EINA_TRUE;
}
-Eina_Bool
-eina_quadtree_shutdown(void)
+Eina_Bool eina_quadtree_shutdown(void)
{
- eina_log_domain_unregister(_eina_log_qd_dom);
- _eina_log_qd_dom = -1;
- return EINA_TRUE;
+ eina_log_domain_unregister(_eina_log_qd_dom);
+ _eina_log_qd_dom = -1;
+ return EINA_TRUE;
}
-
-
-
diff --git a/tests/suite/ecore/src/lib/eina_rbtree.c b/tests/suite/ecore/src/lib/eina_rbtree.c
index 1f03308426..905cafd302 100644
--- a/tests/suite/ecore/src/lib/eina_rbtree.c
+++ b/tests/suite/ecore/src/lib/eina_rbtree.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -43,183 +43,180 @@
typedef struct _Eina_Iterator_Rbtree Eina_Iterator_Rbtree;
typedef struct _Eina_Iterator_Rbtree_List Eina_Iterator_Rbtree_List;
-struct _Eina_Iterator_Rbtree
-{
- Eina_Iterator iterator;
+struct _Eina_Iterator_Rbtree {
+ Eina_Iterator iterator;
- Eina_Array *stack;
+ Eina_Array *stack;
- unsigned char mask;
+ unsigned char mask;
};
-struct _Eina_Iterator_Rbtree_List
-{
- Eina_Rbtree *tree;
+struct _Eina_Iterator_Rbtree_List {
+ Eina_Rbtree *tree;
- Eina_Rbtree_Direction dir : 1;
- Eina_Bool up : 1;
+ Eina_Rbtree_Direction dir:1;
+ Eina_Bool up:1;
};
-static Eina_Iterator_Rbtree_List *
-_eina_rbtree_iterator_list_new(const Eina_Rbtree *tree)
+static Eina_Iterator_Rbtree_List *_eina_rbtree_iterator_list_new(const
+ Eina_Rbtree
+ * tree)
{
- Eina_Iterator_Rbtree_List *new;
+ Eina_Iterator_Rbtree_List *new;
- eina_error_set(0);
- new = malloc(sizeof (Eina_Iterator_Rbtree_List));
- if (!new)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ new = malloc(sizeof(Eina_Iterator_Rbtree_List));
+ if (!new) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- new->tree = (Eina_Rbtree *)tree;
- new->dir = EINA_RBTREE_RIGHT;
- new->up = EINA_FALSE;
+ new->tree = (Eina_Rbtree *) tree;
+ new->dir = EINA_RBTREE_RIGHT;
+ new->up = EINA_FALSE;
- return new;
+ return new;
}
-static Eina_Rbtree *
-_eina_rbtree_iterator_get_content(Eina_Iterator_Rbtree *it)
+static Eina_Rbtree *_eina_rbtree_iterator_get_content(Eina_Iterator_Rbtree
+ * it)
{
- if (eina_array_count_get(it->stack) <= 0)
- return NULL;
+ if (eina_array_count_get(it->stack) <= 0)
+ return NULL;
- return eina_array_data_get(it->stack, 0);
+ return eina_array_data_get(it->stack, 0);
}
-static void
-_eina_rbtree_iterator_free(Eina_Iterator_Rbtree *it)
+static void _eina_rbtree_iterator_free(Eina_Iterator_Rbtree * it)
{
- Eina_Iterator_Rbtree_List *item;
- Eina_Array_Iterator et;
- unsigned int i;
+ Eina_Iterator_Rbtree_List *item;
+ Eina_Array_Iterator et;
+ unsigned int i;
- EINA_ARRAY_ITER_NEXT(it->stack, i, item, et)
- free(item);
+ EINA_ARRAY_ITER_NEXT(it->stack, i, item, et)
+ free(item);
- eina_array_free(it->stack);
- free(it);
+ eina_array_free(it->stack);
+ free(it);
}
static Eina_Bool
-_eina_rbtree_iterator_next(Eina_Iterator_Rbtree *it, void **data)
+_eina_rbtree_iterator_next(Eina_Iterator_Rbtree * it, void **data)
{
- Eina_Iterator_Rbtree_List *last;
- Eina_Iterator_Rbtree_List *new;
- Eina_Rbtree *tree;
-
- if (eina_array_count_get(it->stack) <= 0)
- return EINA_FALSE;
-
- last = eina_array_data_get(it->stack, eina_array_count_get(it->stack) - 1);
- tree = last->tree;
-
- if (!last->tree || last->up == EINA_TRUE)
- {
- last = eina_array_pop(it->stack);
- while (last->dir == EINA_RBTREE_LEFT
- || !last->tree)
- {
- if (tree)
- if ((it->mask & EINA_RBTREE_ITERATOR_POSTFIX_MASK) ==
- EINA_RBTREE_ITERATOR_POSTFIX_MASK)
- {
- free(last);
-
- if (eina_array_count_get(it->stack) > 0)
- {
- last = eina_array_data_get(it->stack,
- eina_array_count_get(
- it->
- stack)
- - 1);
- last->up = EINA_TRUE;
- }
-
- goto onfix;
- }
-
- free(last);
-
- last = eina_array_pop(it->stack);
- if (!last)
- return EINA_FALSE;
-
- tree = last->tree;
- }
-
- last->dir = EINA_RBTREE_LEFT;
- last->up = EINA_FALSE;
-
- eina_array_push(it->stack, last);
-
- if ((it->mask & EINA_RBTREE_ITERATOR_INFIX_MASK) ==
- EINA_RBTREE_ITERATOR_INFIX_MASK)
- goto onfix;
- }
-
- new = _eina_rbtree_iterator_list_new(last->tree->son[last->dir]);
- if (!new)
- return EINA_FALSE;
-
- eina_array_push(it->stack, new);
-
- if (last->dir == EINA_RBTREE_RIGHT)
- if ((it->mask & EINA_RBTREE_ITERATOR_PREFIX_MASK) ==
- EINA_RBTREE_ITERATOR_PREFIX_MASK)
- goto onfix;
-
- return _eina_rbtree_iterator_next(it, data);
-
-onfix:
- *data = tree;
- return EINA_TRUE;
+ Eina_Iterator_Rbtree_List *last;
+ Eina_Iterator_Rbtree_List *new;
+ Eina_Rbtree *tree;
+
+ if (eina_array_count_get(it->stack) <= 0)
+ return EINA_FALSE;
+
+ last =
+ eina_array_data_get(it->stack,
+ eina_array_count_get(it->stack) - 1);
+ tree = last->tree;
+
+ if (!last->tree || last->up == EINA_TRUE) {
+ last = eina_array_pop(it->stack);
+ while (last->dir == EINA_RBTREE_LEFT || !last->tree) {
+ if (tree)
+ if ((it->
+ mask &
+ EINA_RBTREE_ITERATOR_POSTFIX_MASK) ==
+ EINA_RBTREE_ITERATOR_POSTFIX_MASK) {
+ free(last);
+
+ if (eina_array_count_get(it->stack)
+ > 0) {
+ last =
+ eina_array_data_get
+ (it->stack,
+ eina_array_count_get
+ (it->stack)
+ - 1);
+ last->up = EINA_TRUE;
+ }
+
+ goto onfix;
+ }
+
+ free(last);
+
+ last = eina_array_pop(it->stack);
+ if (!last)
+ return EINA_FALSE;
+
+ tree = last->tree;
+ }
+
+ last->dir = EINA_RBTREE_LEFT;
+ last->up = EINA_FALSE;
+
+ eina_array_push(it->stack, last);
+
+ if ((it->mask & EINA_RBTREE_ITERATOR_INFIX_MASK) ==
+ EINA_RBTREE_ITERATOR_INFIX_MASK)
+ goto onfix;
+ }
+
+ new = _eina_rbtree_iterator_list_new(last->tree->son[last->dir]);
+ if (!new)
+ return EINA_FALSE;
+
+ eina_array_push(it->stack, new);
+
+ if (last->dir == EINA_RBTREE_RIGHT)
+ if ((it->mask & EINA_RBTREE_ITERATOR_PREFIX_MASK) ==
+ EINA_RBTREE_ITERATOR_PREFIX_MASK)
+ goto onfix;
+
+ return _eina_rbtree_iterator_next(it, data);
+
+ onfix:
+ *data = tree;
+ return EINA_TRUE;
}
-static Eina_Iterator *
-_eina_rbtree_iterator_build(const Eina_Rbtree *root, unsigned char mask)
+static Eina_Iterator *_eina_rbtree_iterator_build(const Eina_Rbtree * root,
+ unsigned char mask)
{
- Eina_Iterator_Rbtree_List *first;
- Eina_Iterator_Rbtree *it;
+ Eina_Iterator_Rbtree_List *first;
+ Eina_Iterator_Rbtree *it;
- eina_error_set(0);
- it = calloc(1, sizeof (Eina_Iterator_Rbtree));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ eina_error_set(0);
+ it = calloc(1, sizeof(Eina_Iterator_Rbtree));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- it->stack = eina_array_new(8);
- if (!it->stack)
- goto on_error2;
+ it->stack = eina_array_new(8);
+ if (!it->stack)
+ goto on_error2;
- first = _eina_rbtree_iterator_list_new(root);
- if (!first)
- goto on_error;
+ first = _eina_rbtree_iterator_list_new(root);
+ if (!first)
+ goto on_error;
- eina_array_push(it->stack, first);
+ eina_array_push(it->stack, first);
- it->mask = mask;
+ it->mask = mask;
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(_eina_rbtree_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _eina_rbtree_iterator_get_content);
- it->iterator.free = FUNC_ITERATOR_FREE(_eina_rbtree_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(_eina_rbtree_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(_eina_rbtree_iterator_get_content);
+ it->iterator.free = FUNC_ITERATOR_FREE(_eina_rbtree_iterator_free);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- return &it->iterator;
+ return &it->iterator;
-on_error:
- eina_array_free(it->stack);
-on_error2:
- free(it);
+ on_error:
+ eina_array_free(it->stack);
+ on_error2:
+ free(it);
- return NULL;
+ return NULL;
}
/*
@@ -227,45 +224,46 @@ on_error2:
* http://eternallyconfuzzled.com/tuts/datastructures/jsw_tut_rbtree.aspx
*/
-static void
-_eina_rbtree_node_init(Eina_Rbtree *node)
+static void _eina_rbtree_node_init(Eina_Rbtree * node)
{
- if (!node)
- return;
+ if (!node)
+ return;
- node->son[0] = NULL;
- node->son[1] = NULL;
+ node->son[0] = NULL;
+ node->son[1] = NULL;
- node->color = EINA_RBTREE_RED;
+ node->color = EINA_RBTREE_RED;
}
-static inline Eina_Bool
-_eina_rbtree_is_red(Eina_Rbtree *node)
+static inline Eina_Bool _eina_rbtree_is_red(Eina_Rbtree * node)
{
- return !!node && node->color == EINA_RBTREE_RED;
+ return ! !node && node->color == EINA_RBTREE_RED;
}
-static inline Eina_Rbtree *
-_eina_rbtree_inline_single_rotation(Eina_Rbtree *node,
- Eina_Rbtree_Direction dir)
+static inline Eina_Rbtree *_eina_rbtree_inline_single_rotation(Eina_Rbtree
+ * node,
+ Eina_Rbtree_Direction
+ dir)
{
- Eina_Rbtree *save = node->son[!dir];
+ Eina_Rbtree *save = node->son[!dir];
- node->son[!dir] = save->son[dir];
- save->son[dir] = node;
+ node->son[!dir] = save->son[dir];
+ save->son[dir] = node;
- node->color = EINA_RBTREE_RED;
- save->color = EINA_RBTREE_BLACK;
+ node->color = EINA_RBTREE_RED;
+ save->color = EINA_RBTREE_BLACK;
- return save;
+ return save;
}
-static inline Eina_Rbtree *
-_eina_rbtree_inline_double_rotation(Eina_Rbtree *node,
- Eina_Rbtree_Direction dir)
+static inline Eina_Rbtree *_eina_rbtree_inline_double_rotation(Eina_Rbtree
+ * node,
+ Eina_Rbtree_Direction
+ dir)
{
- node->son[!dir] = _eina_rbtree_inline_single_rotation(node->son[!dir], !dir);
- return _eina_rbtree_inline_single_rotation(node, dir);
+ node->son[!dir] =
+ _eina_rbtree_inline_single_rotation(node->son[!dir], !dir);
+ return _eina_rbtree_inline_single_rotation(node, dir);
}
/*============================================================================*
@@ -284,219 +282,243 @@ _eina_rbtree_inline_double_rotation(Eina_Rbtree *node,
* @{
*/
-EAPI Eina_Rbtree *
-eina_rbtree_inline_insert(Eina_Rbtree *root,
- Eina_Rbtree *node,
- Eina_Rbtree_Cmp_Node_Cb cmp,
- const void *data)
+EAPI Eina_Rbtree *eina_rbtree_inline_insert(Eina_Rbtree * root,
+ Eina_Rbtree * node,
+ Eina_Rbtree_Cmp_Node_Cb cmp,
+ const void *data)
{
- Eina_Rbtree head;
- Eina_Rbtree *g, *t; /* Grandparent & parent */
- Eina_Rbtree *p, *q; /* Iterator & parent */
- /* WARNING:
- Compiler is not able to understand the underlying algorithm and don't know that
- first top node is always black, so it will never use last before running the loop
- one time.
- */
- Eina_Rbtree_Direction dir, last;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(node, root);
- EINA_SAFETY_ON_NULL_RETURN_VAL( cmp, root);
-
- if (!node)
- return root;
-
- _eina_rbtree_node_init(node);
-
- if (!root)
- {
- root = node;
- goto end_add;
- }
-
- memset(&head, 0, sizeof (Eina_Rbtree));
- last = dir = EINA_RBTREE_LEFT;
-
- /* Set up helpers */
- t = &head;
- g = p = NULL;
- q = t->son[1] = root;
-
- /* Search down the tree */
- for (;; )
- {
- if (!q)
- /* Insert new node at the bottom */
- p->son[dir] = q = node;
- else if (_eina_rbtree_is_red(q->son[0])
- && _eina_rbtree_is_red(q->son[1]))
- {
- /* Color flip */
- q->color = EINA_RBTREE_RED;
- q->son[0]->color = EINA_RBTREE_BLACK;
- q->son[1]->color = EINA_RBTREE_BLACK;
- }
-
- /* Fix red violation */
- if (_eina_rbtree_is_red(q) && _eina_rbtree_is_red(p))
- {
- Eina_Rbtree_Direction dir2;
-
- dir2 = (t->son[1] == g) ? EINA_RBTREE_RIGHT : EINA_RBTREE_LEFT;
-
- if (q == p->son[last])
- t->son[dir2] = _eina_rbtree_inline_single_rotation(g, !last);
- else
- t->son[dir2] = _eina_rbtree_inline_double_rotation(g, !last);
- }
-
- /* Stop if found */
- if (q == node)
- break;
-
- last = dir;
- dir = cmp(q, node, (void *)data);
-
- /* Update helpers */
- if ( g )
- t = g;
-
- g = p, p = q;
- q = q->son[dir];
- }
-
- root = head.son[1];
-
-end_add:
- /* Make root black */
- root->color = EINA_RBTREE_BLACK;
-
- return root;
+ Eina_Rbtree head;
+ Eina_Rbtree *g, *t; /* Grandparent & parent */
+ Eina_Rbtree *p, *q; /* Iterator & parent */
+ /* WARNING:
+ Compiler is not able to understand the underlying algorithm and don't know that
+ first top node is always black, so it will never use last before running the loop
+ one time.
+ */
+ Eina_Rbtree_Direction dir, last;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(node, root);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(cmp, root);
+
+ if (!node)
+ return root;
+
+ _eina_rbtree_node_init(node);
+
+ if (!root) {
+ root = node;
+ goto end_add;
+ }
+
+ memset(&head, 0, sizeof(Eina_Rbtree));
+ last = dir = EINA_RBTREE_LEFT;
+
+ /* Set up helpers */
+ t = &head;
+ g = p = NULL;
+ q = t->son[1] = root;
+
+ /* Search down the tree */
+ for (;;) {
+ if (!q)
+ /* Insert new node at the bottom */
+ p->son[dir] = q = node;
+ else if (_eina_rbtree_is_red(q->son[0])
+ && _eina_rbtree_is_red(q->son[1])) {
+ /* Color flip */
+ q->color = EINA_RBTREE_RED;
+ q->son[0]->color = EINA_RBTREE_BLACK;
+ q->son[1]->color = EINA_RBTREE_BLACK;
+ }
+
+ /* Fix red violation */
+ if (_eina_rbtree_is_red(q) && _eina_rbtree_is_red(p)) {
+ Eina_Rbtree_Direction dir2;
+
+ dir2 =
+ (t->son[1] ==
+ g) ? EINA_RBTREE_RIGHT : EINA_RBTREE_LEFT;
+
+ if (q == p->son[last])
+ t->son[dir2] =
+ _eina_rbtree_inline_single_rotation(g,
+ !last);
+ else
+ t->son[dir2] =
+ _eina_rbtree_inline_double_rotation(g,
+ !last);
+ }
+
+ /* Stop if found */
+ if (q == node)
+ break;
+
+ last = dir;
+ dir = cmp(q, node, (void *) data);
+
+ /* Update helpers */
+ if (g)
+ t = g;
+
+ g = p, p = q;
+ q = q->son[dir];
+ }
+
+ root = head.son[1];
+
+ end_add:
+ /* Make root black */
+ root->color = EINA_RBTREE_BLACK;
+
+ return root;
}
-EAPI Eina_Rbtree *
-eina_rbtree_inline_remove(Eina_Rbtree *root,
- Eina_Rbtree *node,
- Eina_Rbtree_Cmp_Node_Cb cmp,
- const void *data)
+EAPI Eina_Rbtree *eina_rbtree_inline_remove(Eina_Rbtree * root,
+ Eina_Rbtree * node,
+ Eina_Rbtree_Cmp_Node_Cb cmp,
+ const void *data)
{
- Eina_Rbtree head;
- Eina_Rbtree *q, *p;
- Eina_Rbtree *f = NULL;
- Eina_Rbtree_Direction dir;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL(node, root);
- EINA_SAFETY_ON_NULL_RETURN_VAL( cmp, root);
-
- if (!root || !node)
- return root;
-
- memset(&head, 0, sizeof(Eina_Rbtree));
-
- dir = EINA_RBTREE_RIGHT;
- q = &head;
- p = NULL;
- q->son[EINA_RBTREE_RIGHT] = root;
-
- /* Search and push a red down */
- while (q->son[dir])
- {
- Eina_Rbtree_Direction last = dir;
- Eina_Rbtree *g;
-
- /* Update helpers */
- g = p; p = q;
- q = q->son[dir];
- dir = cmp(q, node, (void *)data);
-
- /* Save parent node found */
- if (q == node)
- f = p;
-
- /* Push the red node down */
- if (!_eina_rbtree_is_red(q)
- && !_eina_rbtree_is_red(q->son[dir]))
- {
- if (_eina_rbtree_is_red(q->son[!dir]))
- q = p->son[last] = _eina_rbtree_inline_single_rotation(q, dir);
- else if (!_eina_rbtree_is_red(q->son[!dir]))
- {
- Eina_Rbtree *s = p->son[!last];
-
- if (s)
- {
- if (!_eina_rbtree_is_red(s->son[EINA_RBTREE_LEFT])
- && !_eina_rbtree_is_red(s->son[EINA_RBTREE_RIGHT]))
- {
+ Eina_Rbtree head;
+ Eina_Rbtree *q, *p;
+ Eina_Rbtree *f = NULL;
+ Eina_Rbtree_Direction dir;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(node, root);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(cmp, root);
+
+ if (!root || !node)
+ return root;
+
+ memset(&head, 0, sizeof(Eina_Rbtree));
+
+ dir = EINA_RBTREE_RIGHT;
+ q = &head;
+ p = NULL;
+ q->son[EINA_RBTREE_RIGHT] = root;
+
+ /* Search and push a red down */
+ while (q->son[dir]) {
+ Eina_Rbtree_Direction last = dir;
+ Eina_Rbtree *g;
+
+ /* Update helpers */
+ g = p;
+ p = q;
+ q = q->son[dir];
+ dir = cmp(q, node, (void *) data);
+
+ /* Save parent node found */
+ if (q == node)
+ f = p;
+
+ /* Push the red node down */
+ if (!_eina_rbtree_is_red(q)
+ && !_eina_rbtree_is_red(q->son[dir])) {
+ if (_eina_rbtree_is_red(q->son[!dir]))
+ q = p->son[last] =
+ _eina_rbtree_inline_single_rotation(q,
+ dir);
+ else if (!_eina_rbtree_is_red(q->son[!dir])) {
+ Eina_Rbtree *s = p->son[!last];
+
+ if (s) {
+ if (!_eina_rbtree_is_red
+ (s->son[EINA_RBTREE_LEFT])
+ && !_eina_rbtree_is_red(s->
+ son
+ [EINA_RBTREE_RIGHT]))
+ {
/* Color flip */
- p->color = EINA_RBTREE_BLACK;
- p->son[EINA_RBTREE_LEFT]->color = EINA_RBTREE_RED;
- p->son[EINA_RBTREE_RIGHT]->color = EINA_RBTREE_RED;
- }
- else
- {
- Eina_Rbtree_Direction dir2;
-
- dir2 = g->son[1] ==
- p ? EINA_RBTREE_RIGHT : EINA_RBTREE_LEFT;
-
- if (_eina_rbtree_is_red(s->son[last]))
- {
- g->son[dir2] =
- _eina_rbtree_inline_double_rotation(p, last);
- if (f == g)
- {
- p = g->son[dir2]->son[last];
- f = g->son[dir2];
- }
- }
- else if (_eina_rbtree_is_red(s->son[!last]))
- {
- g->son[dir2] =
- _eina_rbtree_inline_single_rotation(p, last);
- if (f == g)
- {
- p = g->son[dir2]->son[last];
- f = g->son[dir2];
- }
- }
+ p->color =
+ EINA_RBTREE_BLACK;
+ p->son[EINA_RBTREE_LEFT]->
+ color =
+ EINA_RBTREE_RED;
+ p->son[EINA_RBTREE_RIGHT]->
+ color =
+ EINA_RBTREE_RED;
+ } else {
+ Eina_Rbtree_Direction dir2;
+
+ dir2 = g->son[1] ==
+ p ? EINA_RBTREE_RIGHT :
+ EINA_RBTREE_LEFT;
+
+ if (_eina_rbtree_is_red
+ (s->son[last])) {
+ g->son[dir2] =
+ _eina_rbtree_inline_double_rotation
+ (p, last);
+ if (f == g) {
+ p = g->
+ son
+ [dir2]->
+ son
+ [last];
+ f = g->
+ son
+ [dir2];
+ }
+ } else
+ if (_eina_rbtree_is_red
+ (s->son[!last])) {
+ g->son[dir2] =
+ _eina_rbtree_inline_single_rotation
+ (p, last);
+ if (f == g) {
+ p = g->
+ son
+ [dir2]->
+ son
+ [last];
+ f = g->
+ son
+ [dir2];
+ }
+ }
/* Ensure correct coloring */
- q->color = g->son[dir2]->color = EINA_RBTREE_RED;
- g->son[dir2]->son[EINA_RBTREE_LEFT]->color =
- EINA_RBTREE_BLACK;
- g->son[dir2]->son[EINA_RBTREE_RIGHT]->color =
- EINA_RBTREE_BLACK;
- }
- }
- }
- }
- }
-
- /* Replace and remove if found */
- if (f)
- {
- /* 'q' should take the place of 'node' parent */
- f->son[f->son[1] == node] = q;
-
- /* Switch the link from the parent to q's son */
- p->son[p->son[1] == q] = q->son[!q->son[0]];
-
- /* Put q at the place of node */
- q->son[0] = node->son[0];
- q->son[1] = node->son[1];
- q->color = node->color;
-
- /* Reset node link */
- node->son[0] = NULL;
- node->son[1] = NULL;
- }
-
- root = head.son[1];
- if (root)
- root->color = EINA_RBTREE_BLACK;
-
- return root;
+ q->color =
+ g->son[dir2]->color =
+ EINA_RBTREE_RED;
+ g->son[dir2]->
+ son[EINA_RBTREE_LEFT]->
+ color =
+ EINA_RBTREE_BLACK;
+ g->son[dir2]->
+ son
+ [EINA_RBTREE_RIGHT]->
+ color =
+ EINA_RBTREE_BLACK;
+ }
+ }
+ }
+ }
+ }
+
+ /* Replace and remove if found */
+ if (f) {
+ /* 'q' should take the place of 'node' parent */
+ f->son[f->son[1] == node] = q;
+
+ /* Switch the link from the parent to q's son */
+ p->son[p->son[1] == q] = q->son[!q->son[0]];
+
+ /* Put q at the place of node */
+ q->son[0] = node->son[0];
+ q->son[1] = node->son[1];
+ q->color = node->color;
+
+ /* Reset node link */
+ node->son[0] = NULL;
+ node->son[1] = NULL;
+ }
+
+ root = head.son[1];
+ if (root)
+ root->color = EINA_RBTREE_BLACK;
+
+ return root;
}
/**
@@ -518,10 +540,10 @@ eina_rbtree_inline_remove(Eina_Rbtree *root,
* invalid! That is, if you add or remove nodes this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_rbtree_iterator_prefix(const Eina_Rbtree *root)
+EAPI Eina_Iterator *eina_rbtree_iterator_prefix(const Eina_Rbtree * root)
{
- return _eina_rbtree_iterator_build(root, EINA_RBTREE_ITERATOR_PREFIX_MASK);
+ return _eina_rbtree_iterator_build(root,
+ EINA_RBTREE_ITERATOR_PREFIX_MASK);
}
/**
@@ -543,10 +565,10 @@ eina_rbtree_iterator_prefix(const Eina_Rbtree *root)
* invalid! That is, if you add or remove nodes this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_rbtree_iterator_infix(const Eina_Rbtree *root)
+EAPI Eina_Iterator *eina_rbtree_iterator_infix(const Eina_Rbtree * root)
{
- return _eina_rbtree_iterator_build(root, EINA_RBTREE_ITERATOR_INFIX_MASK);
+ return _eina_rbtree_iterator_build(root,
+ EINA_RBTREE_ITERATOR_INFIX_MASK);
}
/**
@@ -568,23 +590,24 @@ eina_rbtree_iterator_infix(const Eina_Rbtree *root)
* invalid! That is, if you add or remove nodes this iterator
* behavior is undefined and your program may crash!
*/
-EAPI Eina_Iterator *
-eina_rbtree_iterator_postfix(const Eina_Rbtree *root)
+EAPI Eina_Iterator *eina_rbtree_iterator_postfix(const Eina_Rbtree * root)
{
- return _eina_rbtree_iterator_build(root, EINA_RBTREE_ITERATOR_POSTFIX_MASK);
+ return _eina_rbtree_iterator_build(root,
+ EINA_RBTREE_ITERATOR_POSTFIX_MASK);
}
EAPI void
-eina_rbtree_delete(Eina_Rbtree *root, Eina_Rbtree_Free_Cb func, void *data)
+eina_rbtree_delete(Eina_Rbtree * root, Eina_Rbtree_Free_Cb func,
+ void *data)
{
- if (!root)
- return;
+ if (!root)
+ return;
- EINA_SAFETY_ON_NULL_RETURN(func);
+ EINA_SAFETY_ON_NULL_RETURN(func);
- eina_rbtree_delete(root->son[0], func, data);
- eina_rbtree_delete(root->son[1], func, data);
- func(root, data);
+ eina_rbtree_delete(root->son[0], func, data);
+ eina_rbtree_delete(root->son[1], func, data);
+ func(root, data);
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_rectangle.c b/tests/suite/ecore/src/lib/eina_rectangle.c
index 237ca8b461..7ad8428352 100644
--- a/tests/suite/ecore/src/lib/eina_rectangle.c
+++ b/tests/suite/ecore/src/lib/eina_rectangle.c
@@ -17,14 +17,14 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -55,29 +55,25 @@
typedef struct _Eina_Rectangle_Alloc Eina_Rectangle_Alloc;
-struct _Eina_Rectangle_Pool
-{
- Eina_Inlist *head;
- Eina_List *empty;
- void *data;
+struct _Eina_Rectangle_Pool {
+ Eina_Inlist *head;
+ Eina_List *empty;
+ void *data;
- Eina_Trash *bucket;
- unsigned int bucket_count;
+ Eina_Trash *bucket;
+ unsigned int bucket_count;
- unsigned int references;
- int w;
- int h;
+ unsigned int references;
+ int w;
+ int h;
- Eina_Bool sorted;
- EINA_MAGIC
-};
+ Eina_Bool sorted;
+ EINA_MAGIC};
-struct _Eina_Rectangle_Alloc
-{
- EINA_INLIST;
- Eina_Rectangle_Pool *pool;
- EINA_MAGIC
-};
+struct _Eina_Rectangle_Alloc {
+ EINA_INLIST;
+ Eina_Rectangle_Pool *pool;
+ EINA_MAGIC};
#define EINA_MAGIC_CHECK_RECTANGLE_POOL(d) \
do { \
@@ -109,138 +105,125 @@ static int _eina_rectangle_log_dom = -1;
#define DBG(...) EINA_LOG_DOM_DBG(_eina_rectangle_log_dom, __VA_ARGS__)
static int
-_eina_rectangle_cmp(const Eina_Rectangle *r1, const Eina_Rectangle *r2)
+_eina_rectangle_cmp(const Eina_Rectangle * r1, const Eina_Rectangle * r2)
{
- return (r2->w * r2->h) - (r1->w * r1->h);
+ return (r2->w * r2->h) - (r1->w * r1->h);
}
-static Eina_List *
-_eina_rectangle_merge_list(Eina_List *empty, Eina_Rectangle *r)
+static Eina_List *_eina_rectangle_merge_list(Eina_List * empty,
+ Eina_Rectangle * r)
{
- Eina_Rectangle *match;
- Eina_List *l;
- int xw;
- int yh;
+ Eina_Rectangle *match;
+ Eina_List *l;
+ int xw;
+ int yh;
- if (r->w == 0 || r->h == 0)
- {
- eina_rectangle_free(r);
- return empty;
- }
+ if (r->w == 0 || r->h == 0) {
+ eina_rectangle_free(r);
+ return empty;
+ }
-start_again:
- xw = r->x + r->w;
- yh = r->y + r->h;
+ start_again:
+ xw = r->x + r->w;
+ yh = r->y + r->h;
- EINA_LIST_FOREACH(empty, l, match)
- {
- if (match->x == r->x && match->w == r->w
- && (match->y == yh || r->y == match->y + match->h))
- {
- if (match->y > r->y)
- match->y = r->y;
+ EINA_LIST_FOREACH(empty, l, match) {
+ if (match->x == r->x && match->w == r->w
+ && (match->y == yh || r->y == match->y + match->h)) {
+ if (match->y > r->y)
+ match->y = r->y;
- match->h += r->h;
+ match->h += r->h;
- eina_rectangle_free(r);
+ eina_rectangle_free(r);
- empty = eina_list_remove_list(empty, l);
+ empty = eina_list_remove_list(empty, l);
- r = match;
+ r = match;
- goto start_again;
- }
- else if (match->y == r->y && match->h == r->h
- && (match->x == xw || r->x == match->x + match->w))
- {
- if (match->x > r->x)
- match->x = r->x;
+ goto start_again;
+ } else if (match->y == r->y && match->h == r->h
+ && (match->x == xw
+ || r->x == match->x + match->w)) {
+ if (match->x > r->x)
+ match->x = r->x;
- match->w += r->w;
+ match->w += r->w;
- eina_rectangle_free(r);
+ eina_rectangle_free(r);
- empty = eina_list_remove_list(empty, l);
+ empty = eina_list_remove_list(empty, l);
- r = match;
+ r = match;
- goto start_again;
- }
- }
+ goto start_again;
+ }
+ }
- return eina_list_append(empty, r);
+ return eina_list_append(empty, r);
}
-static Eina_List *
-_eina_rectangle_empty_space_find(Eina_List *empty, int w, int h, int *x, int *y)
+static Eina_List *_eina_rectangle_empty_space_find(Eina_List * empty,
+ int w, int h, int *x,
+ int *y)
{
- Eina_Rectangle *r;
- Eina_List *l;
-
- EINA_LIST_FOREACH(empty, l, r)
- {
- if (r->w >= w && r->h >= h)
- {
- /* Remove l from empty */
- empty = eina_list_remove_list(empty, l);
- /* Remember x and y */
- *x = r->x;
- *y = r->y;
- /* Split r in 2 rectangle if needed (only the empty one) and insert them */
- if (r->w == w)
- {
- r->y += h;
- r->h -= h;
- }
- else if (r->h == h)
- {
- r->x += w;
- r->w -= w;
- }
- else
- {
- int rx1, ry1, rw1, rh1;
- int x2, y2, w2, h2;
-
- rx1 = r->x + w;
- ry1 = r->y;
- rw1 = r->w - w;
- /* h1 could be h or r->h */
- x2 = r->x;
- y2 = r->y + h;
- /* w2 could be w or r->w */
- h2 = r->h - h;
-
- if (rw1 * r->h > h2 * r->w)
- {
- rh1 = r->h;
- w2 = w;
- }
- else
- {
- rh1 = h;
- w2 = r->w;
- }
-
- EINA_RECTANGLE_SET(r, rx1, ry1, rw1, rh1);
- empty = _eina_rectangle_merge_list(empty, r);
-
- r = eina_rectangle_new(x2, y2, w2, h2);
- }
-
- if (r)
- {
- empty = _eina_rectangle_merge_list(empty, r); /* Return empty */
-
- }
-
- return empty;
- }
- }
-
- *x = -1;
- *y = -1;
- return empty;
+ Eina_Rectangle *r;
+ Eina_List *l;
+
+ EINA_LIST_FOREACH(empty, l, r) {
+ if (r->w >= w && r->h >= h) {
+ /* Remove l from empty */
+ empty = eina_list_remove_list(empty, l);
+ /* Remember x and y */
+ *x = r->x;
+ *y = r->y;
+ /* Split r in 2 rectangle if needed (only the empty one) and insert them */
+ if (r->w == w) {
+ r->y += h;
+ r->h -= h;
+ } else if (r->h == h) {
+ r->x += w;
+ r->w -= w;
+ } else {
+ int rx1, ry1, rw1, rh1;
+ int x2, y2, w2, h2;
+
+ rx1 = r->x + w;
+ ry1 = r->y;
+ rw1 = r->w - w;
+ /* h1 could be h or r->h */
+ x2 = r->x;
+ y2 = r->y + h;
+ /* w2 could be w or r->w */
+ h2 = r->h - h;
+
+ if (rw1 * r->h > h2 * r->w) {
+ rh1 = r->h;
+ w2 = w;
+ } else {
+ rh1 = h;
+ w2 = r->w;
+ }
+
+ EINA_RECTANGLE_SET(r, rx1, ry1, rw1, rh1);
+ empty =
+ _eina_rectangle_merge_list(empty, r);
+
+ r = eina_rectangle_new(x2, y2, w2, h2);
+ }
+
+ if (r) {
+ empty = _eina_rectangle_merge_list(empty, r); /* Return empty */
+
+ }
+
+ return empty;
+ }
+ }
+
+ *x = -1;
+ *y = -1;
+ return empty;
}
/**
@@ -251,70 +234,66 @@ _eina_rectangle_empty_space_find(Eina_List *empty, int w, int h, int *x, int *y)
* Global *
*============================================================================*/
-Eina_Bool
-eina_rectangle_init(void)
+Eina_Bool eina_rectangle_init(void)
{
- const char *choice, *tmp;
-
- _eina_rectangle_log_dom = eina_log_domain_register("eina_rectangle",
- EINA_LOG_COLOR_DEFAULT);
- if (_eina_rectangle_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_rectangle");
- return EINA_FALSE;
- }
-
+ const char *choice, *tmp;
+
+ _eina_rectangle_log_dom =
+ eina_log_domain_register("eina_rectangle",
+ EINA_LOG_COLOR_DEFAULT);
+ if (_eina_rectangle_log_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_rectangle");
+ return EINA_FALSE;
+ }
#ifdef EINA_DEFAULT_MEMPOOL
- choice = "pass_through";
+ choice = "pass_through";
#else
- choice = "chained_mempool";
+ choice = "chained_mempool";
#endif
- tmp = getenv("EINA_MEMPOOL");
- if (tmp && tmp[0])
- choice = tmp;
-
- _eina_rectangle_alloc_mp = eina_mempool_add
- (choice, "rectangle-alloc", NULL,
- sizeof(Eina_Rectangle_Alloc) + sizeof(Eina_Rectangle), 1024);
- if (!_eina_rectangle_alloc_mp)
- {
- ERR("Mempool for rectangle cannot be allocated in rectangle init.");
- goto init_error;
- }
-
- _eina_rectangle_mp = eina_mempool_add
- (choice, "rectangle", NULL, sizeof(Eina_Rectangle), 256);
- if (!_eina_rectangle_mp)
- {
- ERR("Mempool for rectangle cannot be allocated in rectangle init.");
- goto init_error;
- }
-
- return EINA_TRUE;
-
-init_error:
- eina_log_domain_unregister(_eina_rectangle_log_dom);
- _eina_rectangle_log_dom = -1;
-
- return EINA_FALSE;
+ tmp = getenv("EINA_MEMPOOL");
+ if (tmp && tmp[0])
+ choice = tmp;
+
+ _eina_rectangle_alloc_mp = eina_mempool_add
+ (choice, "rectangle-alloc", NULL,
+ sizeof(Eina_Rectangle_Alloc) + sizeof(Eina_Rectangle), 1024);
+ if (!_eina_rectangle_alloc_mp) {
+ ERR("Mempool for rectangle cannot be allocated in rectangle init.");
+ goto init_error;
+ }
+
+ _eina_rectangle_mp = eina_mempool_add
+ (choice, "rectangle", NULL, sizeof(Eina_Rectangle), 256);
+ if (!_eina_rectangle_mp) {
+ ERR("Mempool for rectangle cannot be allocated in rectangle init.");
+ goto init_error;
+ }
+
+ return EINA_TRUE;
+
+ init_error:
+ eina_log_domain_unregister(_eina_rectangle_log_dom);
+ _eina_rectangle_log_dom = -1;
+
+ return EINA_FALSE;
}
-Eina_Bool
-eina_rectangle_shutdown(void)
+Eina_Bool eina_rectangle_shutdown(void)
{
- Eina_Rectangle *del;
+ Eina_Rectangle *del;
- while ((del = eina_trash_pop(&_eina_rectangles)))
- eina_mempool_free(_eina_rectangle_mp, del);
- _eina_rectangles_count = 0;
+ while ((del = eina_trash_pop(&_eina_rectangles)))
+ eina_mempool_free(_eina_rectangle_mp, del);
+ _eina_rectangles_count = 0;
- eina_mempool_del(_eina_rectangle_alloc_mp);
- eina_mempool_del(_eina_rectangle_mp);
+ eina_mempool_del(_eina_rectangle_alloc_mp);
+ eina_mempool_del(_eina_rectangle_mp);
- eina_log_domain_unregister(_eina_rectangle_log_dom);
- _eina_rectangle_log_dom = -1;
+ eina_log_domain_unregister(_eina_rectangle_log_dom);
+ _eina_rectangle_log_dom = -1;
- return EINA_TRUE;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -343,25 +322,24 @@ eina_rectangle_shutdown(void)
* it to the rectangles pool. No check is done on @p w and @p h. This
* function returns a new rectangle on success, @c NULL otherwhise.
*/
-EAPI Eina_Rectangle *
-eina_rectangle_new(int x, int y, int w, int h)
+EAPI Eina_Rectangle *eina_rectangle_new(int x, int y, int w, int h)
{
- Eina_Rectangle *rect;
+ Eina_Rectangle *rect;
- if (_eina_rectangles)
- {
- rect = eina_trash_pop(&_eina_rectangles);
- _eina_rectangles_count--;
- }
- else
- rect = eina_mempool_malloc(_eina_rectangle_mp, sizeof (Eina_Rectangle));
+ if (_eina_rectangles) {
+ rect = eina_trash_pop(&_eina_rectangles);
+ _eina_rectangles_count--;
+ } else
+ rect =
+ eina_mempool_malloc(_eina_rectangle_mp,
+ sizeof(Eina_Rectangle));
- if (!rect)
- return NULL;
+ if (!rect)
+ return NULL;
- EINA_RECTANGLE_SET(rect, x, y, w, h);
+ EINA_RECTANGLE_SET(rect, x, y, w, h);
- return rect;
+ return rect;
}
/**
@@ -371,18 +349,16 @@ eina_rectangle_new(int x, int y, int w, int h)
*
* This function removes @p rect from the rectangles pool.
*/
-EAPI void
-eina_rectangle_free(Eina_Rectangle *rect)
+EAPI void eina_rectangle_free(Eina_Rectangle * rect)
{
- EINA_SAFETY_ON_NULL_RETURN(rect);
-
- if (_eina_rectangles_count > BUCKET_THRESHOLD)
- eina_mempool_free(_eina_rectangle_mp, rect);
- else
- {
- eina_trash_push(&_eina_rectangles, rect);
- _eina_rectangles_count++;
- }
+ EINA_SAFETY_ON_NULL_RETURN(rect);
+
+ if (_eina_rectangles_count > BUCKET_THRESHOLD)
+ eina_mempool_free(_eina_rectangle_mp, rect);
+ else {
+ eina_trash_push(&_eina_rectangles, rect);
+ _eina_rectangles_count++;
+ }
}
/**
@@ -396,28 +372,28 @@ eina_rectangle_free(Eina_Rectangle *rect)
* new pool. If the pool can not be created, @c NULL is
* returned. Otherwise the newly allocated pool is returned.
*/
-EAPI Eina_Rectangle_Pool *
-eina_rectangle_pool_new(int w, int h)
+EAPI Eina_Rectangle_Pool *eina_rectangle_pool_new(int w, int h)
{
- Eina_Rectangle_Pool *new;
-
- new = malloc(sizeof (Eina_Rectangle_Pool));
- if (!new)
- return NULL;
-
- new->head = NULL;
- new->empty = eina_list_append(NULL, eina_rectangle_new(0, 0, w, h));
- new->references = 0;
- new->sorted = EINA_FALSE;
- new->w = w;
- new->h = h;
- new->bucket = NULL;
- new->bucket_count = 0;
-
- EINA_MAGIC_SET(new, EINA_RECTANGLE_POOL_MAGIC);
- DBG("pool=%p, size=(%d, %d)", new, w, h);
-
- return new;
+ Eina_Rectangle_Pool *new;
+
+ new = malloc(sizeof(Eina_Rectangle_Pool));
+ if (!new)
+ return NULL;
+
+ new->head = NULL;
+ new->empty =
+ eina_list_append(NULL, eina_rectangle_new(0, 0, w, h));
+ new->references = 0;
+ new->sorted = EINA_FALSE;
+ new->w = w;
+ new->h = h;
+ new->bucket = NULL;
+ new->bucket_count = 0;
+
+ EINA_MAGIC_SET(new, EINA_RECTANGLE_POOL_MAGIC);
+ DBG("pool=%p, size=(%d, %d)", new, w, h);
+
+ return new;
}
/**
@@ -428,31 +404,28 @@ eina_rectangle_pool_new(int w, int h)
* This function frees the allocated data of @p pool. If @p pool is
* @c NULL, ths function returned immediately.
*/
-EAPI void
-eina_rectangle_pool_free(Eina_Rectangle_Pool *pool)
+EAPI void eina_rectangle_pool_free(Eina_Rectangle_Pool * pool)
{
- Eina_Rectangle_Alloc *del;
+ Eina_Rectangle_Alloc *del;
- EINA_SAFETY_ON_NULL_RETURN(pool);
- DBG("pool=%p, size=(%d, %d), references=%u",
- pool, pool->w, pool->h, pool->references);
- while (pool->head)
- {
- del = (Eina_Rectangle_Alloc *)pool->head;
+ EINA_SAFETY_ON_NULL_RETURN(pool);
+ DBG("pool=%p, size=(%d, %d), references=%u",
+ pool, pool->w, pool->h, pool->references);
+ while (pool->head) {
+ del = (Eina_Rectangle_Alloc *) pool->head;
- pool->head = (EINA_INLIST_GET(del))->next;
+ pool->head = (EINA_INLIST_GET(del))->next;
- EINA_MAGIC_SET(del, EINA_MAGIC_NONE);
- eina_mempool_free(_eina_rectangle_alloc_mp, del);
- }
+ EINA_MAGIC_SET(del, EINA_MAGIC_NONE);
+ eina_mempool_free(_eina_rectangle_alloc_mp, del);
+ }
- while (pool->bucket)
- {
- del = eina_trash_pop(&pool->bucket);
- eina_mempool_free(_eina_rectangle_alloc_mp, del);
- }
+ while (pool->bucket) {
+ del = eina_trash_pop(&pool->bucket);
+ eina_mempool_free(_eina_rectangle_alloc_mp, del);
+ }
- MAGIC_FREE(pool);
+ MAGIC_FREE(pool);
}
/**
@@ -463,11 +436,10 @@ eina_rectangle_pool_free(Eina_Rectangle_Pool *pool)
*
* This function returns the number of rectangles in @p pool.
*/
-EAPI int
-eina_rectangle_pool_count(Eina_Rectangle_Pool *pool)
+EAPI int eina_rectangle_pool_count(Eina_Rectangle_Pool * pool)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(pool, 0);
- return pool->references;
+ EINA_SAFETY_ON_NULL_RETURN_VAL(pool, 0);
+ return pool->references;
}
/**
@@ -485,65 +457,64 @@ eina_rectangle_pool_count(Eina_Rectangle_Pool *pool)
* returns the rectangle which matches the size (@p w, @p h).
* Otherwise it returns @c NULL.
*/
-EAPI Eina_Rectangle *
-eina_rectangle_pool_request(Eina_Rectangle_Pool *pool, int w, int h)
+EAPI Eina_Rectangle *eina_rectangle_pool_request(Eina_Rectangle_Pool *
+ pool, int w, int h)
{
- Eina_Rectangle_Alloc *new;
- Eina_Rectangle *rect;
- int x;
- int y;
+ Eina_Rectangle_Alloc *new;
+ Eina_Rectangle *rect;
+ int x;
+ int y;
- EINA_SAFETY_ON_NULL_RETURN_VAL(pool, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(pool, NULL);
- DBG("pool=%p, size=(%d, %d), references=%u",
- pool, pool->w, pool->h, pool->references);
+ DBG("pool=%p, size=(%d, %d), references=%u",
+ pool, pool->w, pool->h, pool->references);
- if (w <= 0 || h <= 0)
- return NULL;
+ if (w <= 0 || h <= 0)
+ return NULL;
- if (w > pool->w || h > pool->h)
- return NULL;
+ if (w > pool->w || h > pool->h)
+ return NULL;
- /* Sort empty if dirty */
- if (pool->sorted)
- {
- pool->empty =
- eina_list_sort(pool->empty, 0, EINA_COMPARE_CB(_eina_rectangle_cmp));
- pool->sorted = EINA_TRUE;
- }
+ /* Sort empty if dirty */
+ if (pool->sorted) {
+ pool->empty =
+ eina_list_sort(pool->empty, 0,
+ EINA_COMPARE_CB(_eina_rectangle_cmp));
+ pool->sorted = EINA_TRUE;
+ }
- pool->empty = _eina_rectangle_empty_space_find(pool->empty, w, h, &x, &y);
- if (x == -1)
- return NULL;
+ pool->empty =
+ _eina_rectangle_empty_space_find(pool->empty, w, h, &x, &y);
+ if (x == -1)
+ return NULL;
- pool->sorted = EINA_FALSE;
+ pool->sorted = EINA_FALSE;
- if (pool->bucket_count > 0)
- {
- new = eina_trash_pop(&pool->bucket);
- pool->bucket_count--;
- }
- else
- new = eina_mempool_malloc(_eina_rectangle_alloc_mp,
- sizeof (Eina_Rectangle_Alloc) +
- sizeof (Eina_Rectangle));
+ if (pool->bucket_count > 0) {
+ new = eina_trash_pop(&pool->bucket);
+ pool->bucket_count--;
+ } else
+ new = eina_mempool_malloc(_eina_rectangle_alloc_mp,
+ sizeof(Eina_Rectangle_Alloc) +
+ sizeof(Eina_Rectangle));
- if (!new)
- return NULL;
+ if (!new)
+ return NULL;
- rect = (Eina_Rectangle *)(new + 1);
- eina_rectangle_coords_from(rect, x, y, w, h);
+ rect = (Eina_Rectangle *) (new + 1);
+ eina_rectangle_coords_from(rect, x, y, w, h);
- pool->head = eina_inlist_prepend(pool->head, EINA_INLIST_GET(new));
- pool->references++;
+ pool->head = eina_inlist_prepend(pool->head, EINA_INLIST_GET(new));
+ pool->references++;
- new->pool = pool;
+ new->pool = pool;
- EINA_MAGIC_SET(new, EINA_RECTANGLE_ALLOC_MAGIC);
- DBG("rect=%p pool=%p, size=(%d, %d), references=%u",
- rect, pool, pool->w, pool->h, pool->references);
+ EINA_MAGIC_SET(new, EINA_RECTANGLE_ALLOC_MAGIC);
+ DBG("rect=%p pool=%p, size=(%d, %d), references=%u",
+ rect, pool, pool->w, pool->h, pool->references);
- return rect;
+ return rect;
}
/**
@@ -555,44 +526,42 @@ eina_rectangle_pool_request(Eina_Rectangle_Pool *pool, int w, int h)
* @c NULL, the function returns immediately. Otherwise it remoes @p
* rect from the pool.
*/
-EAPI void
-eina_rectangle_pool_release(Eina_Rectangle *rect)
+EAPI void eina_rectangle_pool_release(Eina_Rectangle * rect)
{
- Eina_Rectangle_Alloc *era = ((Eina_Rectangle_Alloc *)rect) - 1;
- Eina_Rectangle *r;
+ Eina_Rectangle_Alloc *era = ((Eina_Rectangle_Alloc *) rect) - 1;
+ Eina_Rectangle *r;
- EINA_SAFETY_ON_NULL_RETURN(rect);
+ EINA_SAFETY_ON_NULL_RETURN(rect);
- EINA_MAGIC_CHECK_RECTANGLE_ALLOC(era);
- EINA_MAGIC_CHECK_RECTANGLE_POOL(era->pool);
+ EINA_MAGIC_CHECK_RECTANGLE_ALLOC(era);
+ EINA_MAGIC_CHECK_RECTANGLE_POOL(era->pool);
- DBG("rect=%p pool=%p, size=(%d, %d), references=%u",
- rect, era->pool, era->pool->w, era->pool->h, era->pool->references);
+ DBG("rect=%p pool=%p, size=(%d, %d), references=%u",
+ rect, era->pool, era->pool->w, era->pool->h,
+ era->pool->references);
- era->pool->references--;
- era->pool->head = eina_inlist_remove(era->pool->head, EINA_INLIST_GET(era));
+ era->pool->references--;
+ era->pool->head =
+ eina_inlist_remove(era->pool->head, EINA_INLIST_GET(era));
- r = eina_rectangle_new(rect->x, rect->y, rect->w, rect->h);
- if (r)
- {
- era->pool->empty = _eina_rectangle_merge_list(era->pool->empty, r);
- era->pool->sorted = EINA_FALSE;
- }
+ r = eina_rectangle_new(rect->x, rect->y, rect->w, rect->h);
+ if (r) {
+ era->pool->empty =
+ _eina_rectangle_merge_list(era->pool->empty, r);
+ era->pool->sorted = EINA_FALSE;
+ }
- if (era->pool->bucket_count < BUCKET_THRESHOLD)
- {
- Eina_Rectangle_Pool *pool;
+ if (era->pool->bucket_count < BUCKET_THRESHOLD) {
+ Eina_Rectangle_Pool *pool;
- pool = era->pool;
+ pool = era->pool;
- pool->bucket_count++;
- eina_trash_push(&pool->bucket, era);
- }
- else
- {
- EINA_MAGIC_SET(era, EINA_MAGIC_NONE);
- eina_mempool_free(_eina_rectangle_alloc_mp, era);
- }
+ pool->bucket_count++;
+ eina_trash_push(&pool->bucket, era);
+ } else {
+ EINA_MAGIC_SET(era, EINA_MAGIC_NONE);
+ eina_mempool_free(_eina_rectangle_alloc_mp, era);
+ }
}
/**
@@ -604,17 +573,16 @@ eina_rectangle_pool_release(Eina_Rectangle *rect)
* This function returns the pool in which @p rect is. If @p rect is
* @c NULL, @c NULL is returned.
*/
-EAPI Eina_Rectangle_Pool *
-eina_rectangle_pool_get(Eina_Rectangle *rect)
+EAPI Eina_Rectangle_Pool *eina_rectangle_pool_get(Eina_Rectangle * rect)
{
- Eina_Rectangle_Alloc *era = ((Eina_Rectangle_Alloc *)rect) - 1;
+ Eina_Rectangle_Alloc *era = ((Eina_Rectangle_Alloc *) rect) - 1;
- EINA_SAFETY_ON_NULL_RETURN_VAL(rect, NULL);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(rect, NULL);
- EINA_MAGIC_CHECK_RECTANGLE_ALLOC(era);
- EINA_MAGIC_CHECK_RECTANGLE_POOL(era->pool);
+ EINA_MAGIC_CHECK_RECTANGLE_ALLOC(era);
+ EINA_MAGIC_CHECK_RECTANGLE_POOL(era->pool);
- return era->pool;
+ return era->pool;
}
/**
@@ -627,15 +595,15 @@ eina_rectangle_pool_get(Eina_Rectangle *rect)
* function does nothing.
*/
EAPI void
-eina_rectangle_pool_data_set(Eina_Rectangle_Pool *pool, const void *data)
+eina_rectangle_pool_data_set(Eina_Rectangle_Pool * pool, const void *data)
{
- EINA_MAGIC_CHECK_RECTANGLE_POOL(pool);
- EINA_SAFETY_ON_NULL_RETURN(pool);
+ EINA_MAGIC_CHECK_RECTANGLE_POOL(pool);
+ EINA_SAFETY_ON_NULL_RETURN(pool);
- DBG("data=%p pool=%p, size=(%d, %d), references=%u",
- data, pool, pool->w, pool->h, pool->references);
+ DBG("data=%p pool=%p, size=(%d, %d), references=%u",
+ data, pool, pool->w, pool->h, pool->references);
- pool->data = (void *)data;
+ pool->data = (void *) data;
}
/**
@@ -648,13 +616,12 @@ eina_rectangle_pool_data_set(Eina_Rectangle_Pool *pool, const void *data)
* eina_rectangle_pool_data_set(). If @p pool is @c NULL, this
* function returns @c NULL.
*/
-EAPI void *
-eina_rectangle_pool_data_get(Eina_Rectangle_Pool *pool)
+EAPI void *eina_rectangle_pool_data_get(Eina_Rectangle_Pool * pool)
{
- EINA_MAGIC_CHECK_RECTANGLE_POOL(pool);
- EINA_SAFETY_ON_NULL_RETURN_VAL(pool, NULL);
+ EINA_MAGIC_CHECK_RECTANGLE_POOL(pool);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(pool, NULL);
- return pool->data;
+ return pool->data;
}
/**
@@ -671,21 +638,22 @@ eina_rectangle_pool_data_get(Eina_Rectangle_Pool *pool)
* returned.
*/
EAPI Eina_Bool
-eina_rectangle_pool_geometry_get(Eina_Rectangle_Pool *pool, int *w, int *h)
+eina_rectangle_pool_geometry_get(Eina_Rectangle_Pool * pool, int *w,
+ int *h)
{
- if (!pool)
- return EINA_FALSE;
+ if (!pool)
+ return EINA_FALSE;
- EINA_MAGIC_CHECK_RECTANGLE_POOL(pool);
- EINA_SAFETY_ON_NULL_RETURN_VAL(pool, EINA_FALSE);
+ EINA_MAGIC_CHECK_RECTANGLE_POOL(pool);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(pool, EINA_FALSE);
- if (w)
- *w = pool->w;
+ if (w)
+ *w = pool->w;
- if (h)
- *h = pool->h;
+ if (h)
+ *h = pool->h;
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_safety_checks.c b/tests/suite/ecore/src/lib/eina_safety_checks.c
index 09aa2983b5..78f82c76ac 100644
--- a/tests/suite/ecore/src/lib/eina_safety_checks.c
+++ b/tests/suite/ecore/src/lib/eina_safety_checks.c
@@ -17,7 +17,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include "eina_private.h"
@@ -44,10 +44,9 @@
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_safety_checks_shutdown(void)
+Eina_Bool eina_safety_checks_shutdown(void)
{
- return EINA_TRUE;
+ return EINA_TRUE;
}
/*============================================================================*
@@ -101,12 +100,11 @@ static const char EINA_ERROR_SAFETY_FAILED_STR[] = "Safety check failed.";
*
* @see eina_init()
*/
-Eina_Bool
-eina_safety_checks_init(void)
+Eina_Bool eina_safety_checks_init(void)
{
- EINA_ERROR_SAFETY_FAILED = eina_error_msg_static_register(
- EINA_ERROR_SAFETY_FAILED_STR);
- return EINA_TRUE;
+ EINA_ERROR_SAFETY_FAILED =
+ eina_error_msg_static_register(EINA_ERROR_SAFETY_FAILED_STR);
+ return EINA_TRUE;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_sched.c b/tests/suite/ecore/src/lib/eina_sched.c
index dbb3da663c..69e2d06682 100644
--- a/tests/suite/ecore/src/lib/eina_sched.c
+++ b/tests/suite/ecore/src/lib/eina_sched.c
@@ -17,17 +17,17 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#ifdef EFL_HAVE_POSIX_THREADS
-# include <pthread.h>
-# ifdef __linux__
-# include <sched.h>
-# include <sys/time.h>
-# include <sys/resource.h>
-# include <errno.h>
-# endif
+#include <pthread.h>
+#ifdef __linux__
+#include <sched.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <errno.h>
+#endif
#endif
#include "eina_sched.h"
@@ -48,48 +48,43 @@
* only one that is implemented as of now. In this case the nice level is
* incremented on this thread by @c NICENESS.
*/
-EAPI void
-eina_sched_prio_drop(void)
+EAPI void eina_sched_prio_drop(void)
{
#ifdef EFL_HAVE_POSIX_THREADS
- struct sched_param param;
- int pol, prio, ret;
- pthread_t pthread_id;
+ struct sched_param param;
+ int pol, prio, ret;
+ pthread_t pthread_id;
- pthread_id = pthread_self();
- ret = pthread_getschedparam(pthread_id, &pol, &param);
- if (ret)
- {
- EINA_LOG_ERR("Unable to query sched parameters");
- return;
- }
+ pthread_id = pthread_self();
+ ret = pthread_getschedparam(pthread_id, &pol, &param);
+ if (ret) {
+ EINA_LOG_ERR("Unable to query sched parameters");
+ return;
+ }
- if (EINA_UNLIKELY(pol == SCHED_RR || pol == SCHED_FIFO))
- {
- prio = sched_get_priority_max(pol);
- param.sched_priority += RTNICENESS;
- if (prio > 0 && param.sched_priority > prio)
- param.sched_priority = prio;
+ if (EINA_UNLIKELY(pol == SCHED_RR || pol == SCHED_FIFO)) {
+ prio = sched_get_priority_max(pol);
+ param.sched_priority += RTNICENESS;
+ if (prio > 0 && param.sched_priority > prio)
+ param.sched_priority = prio;
- pthread_setschedparam(pthread_id, pol, &param);
- }
+ pthread_setschedparam(pthread_id, pol, &param);
+ }
#ifdef __linux__
- else
- {
- errno = 0;
- prio = getpriority(PRIO_PROCESS, 0);
- if (errno == 0)
- {
- prio += NICENESS;
- if (prio > 19)
- prio = 19;
+ else {
+ errno = 0;
+ prio = getpriority(PRIO_PROCESS, 0);
+ if (errno == 0) {
+ prio += NICENESS;
+ if (prio > 19)
+ prio = 19;
- setpriority(PRIO_PROCESS, 0, prio);
- }
- }
+ setpriority(PRIO_PROCESS, 0, prio);
+ }
+ }
#endif
#else
- EINA_LOG_ERR("Eina does not have support for threads enabled"
- "or it doesn't support setting scheduler priorities");
+ EINA_LOG_ERR("Eina does not have support for threads enabled"
+ "or it doesn't support setting scheduler priorities");
#endif
}
diff --git a/tests/suite/ecore/src/lib/eina_share_common.c b/tests/suite/ecore/src/lib/eina_share_common.c
index 2302843eaa..76deb8b3ac 100644
--- a/tests/suite/ecore/src/lib/eina_share_common.c
+++ b/tests/suite/ecore/src/lib/eina_share_common.c
@@ -55,7 +55,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -64,11 +64,11 @@
#include <stddef.h>
#ifdef EFL_HAVE_POSIX_THREADS
-# include <pthread.h>
+#include <pthread.h>
#endif
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -126,468 +126,460 @@ typedef struct _Eina_Share_Common_Head Eina_Share_Common_Head;
int _eina_share_common_log_dom = -1;
-struct _Eina_Share
-{
- Eina_Share_Common *share;
- Eina_Magic node_magic;
+struct _Eina_Share {
+ Eina_Share_Common *share;
+ Eina_Magic node_magic;
#ifdef EINA_SHARE_COMMON_USAGE
- Eina_Share_Common_Population population;
- int max_node_population;
+ Eina_Share_Common_Population population;
+ int max_node_population;
#endif
};
-struct _Eina_Share_Common
-{
- Eina_Share_Common_Head *buckets[EINA_SHARE_COMMON_BUCKETS];
+struct _Eina_Share_Common {
+ Eina_Share_Common_Head *buckets[EINA_SHARE_COMMON_BUCKETS];
- EINA_MAGIC
-};
-
-struct _Eina_Share_Common_Node
-{
- Eina_Share_Common_Node *next;
+ EINA_MAGIC};
- EINA_MAGIC
+struct _Eina_Share_Common_Node {
+ Eina_Share_Common_Node *next;
- unsigned int length;
- unsigned int references;
- char str[];
+ EINA_MAGIC unsigned int length;
+ unsigned int references;
+ char str[];
};
-struct _Eina_Share_Common_Head
-{
- EINA_RBTREE;
- EINA_MAGIC
-
- int hash;
+struct _Eina_Share_Common_Head {
+ EINA_RBTREE;
+ EINA_MAGIC int hash;
#ifdef EINA_SHARE_COMMON_USAGE
- int population;
+ int population;
#endif
- Eina_Share_Common_Node *head;
- Eina_Share_Common_Node builtin_node;
+ Eina_Share_Common_Node *head;
+ Eina_Share_Common_Node builtin_node;
};
#ifdef EFL_HAVE_THREADS
Eina_Bool _share_common_threads_activated = EINA_FALSE;
-# ifdef EFL_HAVE_POSIX_THREADS
+#ifdef EFL_HAVE_POSIX_THREADS
static pthread_mutex_t _mutex_big = PTHREAD_MUTEX_INITIALIZER;
-# define SHARE_COMMON_LOCK_BIG() if(_share_common_threads_activated) \
+#define SHARE_COMMON_LOCK_BIG() if(_share_common_threads_activated) \
pthread_mutex_lock(&_mutex_big)
-# define SHARE_COMMON_UNLOCK_BIG() if(_share_common_threads_activated) \
+#define SHARE_COMMON_UNLOCK_BIG() if(_share_common_threads_activated) \
pthread_mutex_unlock(&_mutex_big)
-# else /* EFL_HAVE_WIN32_THREADS */
+#else /* EFL_HAVE_WIN32_THREADS */
static HANDLE _mutex_big = NULL;
-# define SHARE_COMMON_LOCK_BIG() if(_share_common_threads_activated) \
+#define SHARE_COMMON_LOCK_BIG() if(_share_common_threads_activated) \
WaitForSingleObject(_mutex_big, INFINITE)
-# define SHARE_COMMON_UNLOCK_BIG() if(_share_common_threads_activated) \
+#define SHARE_COMMON_UNLOCK_BIG() if(_share_common_threads_activated) \
ReleaseMutex(_mutex_big)
-# endif /* EFL_HAVE_WIN32_THREADS */
-#else /* EFL_HAVE_THREADS */
-# define SHARE_COMMON_LOCK_BIG() do {} while (0)
-# define SHARE_COMMON_UNLOCK_BIG() do {} while (0)
+#endif /* EFL_HAVE_WIN32_THREADS */
+#else /* EFL_HAVE_THREADS */
+#define SHARE_COMMON_LOCK_BIG() do {} while (0)
+#define SHARE_COMMON_UNLOCK_BIG() do {} while (0)
#endif
#ifdef EINA_SHARE_COMMON_USAGE
-struct _Eina_Share_Common_Population
-{
- int count;
- int max;
+struct _Eina_Share_Common_Population {
+ int count;
+ int max;
};
static Eina_Share_Common_Population population = { 0, 0 };
-static Eina_Share_Common_Population population_group[4] =
-{
- { 0, 0 },
- { 0, 0 },
- { 0, 0 },
- { 0, 0 }
+static Eina_Share_Common_Population population_group[4] = {
+ {0, 0},
+ {0, 0},
+ {0, 0},
+ {0, 0}
};
-static void
-_eina_share_common_population_init(Eina_Share *share)
+static void _eina_share_common_population_init(Eina_Share * share)
{
- unsigned int i;
+ unsigned int i;
- for (i = 0;
- i < sizeof (share->population_group) /
- sizeof (share->population_group[0]);
- ++i)
- {
- share->population_group[i].count = 0;
- share->population_group[i].max = 0;
- }
+ for (i = 0;
+ i < sizeof(share->population_group) /
+ sizeof(share->population_group[0]); ++i) {
+ share->population_group[i].count = 0;
+ share->population_group[i].max = 0;
+ }
}
-static void
-_eina_share_common_population_shutdown(Eina_Share *share)
+static void _eina_share_common_population_shutdown(Eina_Share * share)
{
- unsigned int i;
+ unsigned int i;
- share->max_node_population = 0;
- share->population.count = 0;
- share->population.max = 0;
+ share->max_node_population = 0;
+ share->population.count = 0;
+ share->population.max = 0;
- for (i = 0;
- i < sizeof (share->population_group) /
- sizeof (share->population_group[0]);
- ++i)
- {
- share->population_group[i].count = 0;
- share->population_group[i].max = 0;
- }
+ for (i = 0;
+ i < sizeof(share->population_group) /
+ sizeof(share->population_group[0]); ++i) {
+ share->population_group[i].count = 0;
+ share->population_group[i].max = 0;
+ }
}
-static void
-_eina_share_common_population_stats(Eina_Share *share)
+static void _eina_share_common_population_stats(Eina_Share * share)
{
- unsigned int i;
+ unsigned int i;
- fprintf(stderr, "eina share_common statistic:\n");
- fprintf(stderr,
- " * maximum shared strings : %i\n",
- share->population.max);
- fprintf(stderr,
- " * maximum shared strings per node : %i\n",
- share->max_node_population);
+ fprintf(stderr, "eina share_common statistic:\n");
+ fprintf(stderr,
+ " * maximum shared strings : %i\n", share->population.max);
+ fprintf(stderr,
+ " * maximum shared strings per node : %i\n",
+ share->max_node_population);
- for (i = 0;
- i < sizeof (share->population_group) /
- sizeof (share->population_group[0]);
- ++i)
- fprintf(stderr,
- "DDD: %i strings of length %i, max strings: %i\n",
- share->population_group[i].count,
- i,
- share->population_group[i].max);
+ for (i = 0;
+ i < sizeof(share->population_group) /
+ sizeof(share->population_group[0]); ++i)
+ fprintf(stderr,
+ "DDD: %i strings of length %i, max strings: %i\n",
+ share->population_group[i].count,
+ i, share->population_group[i].max);
}
-void
-eina_share_common_population_add(Eina_Share *share, int slen)
+void eina_share_common_population_add(Eina_Share * share, int slen)
{
- SHARE_COMMON_LOCK_BIG();
+ SHARE_COMMON_LOCK_BIG();
- share->population.count++;
- if (share->population.count > share->population.max)
- share->population.max = share->population.count;
+ share->population.count++;
+ if (share->population.count > share->population.max)
+ share->population.max = share->population.count;
- if (slen < 4)
- {
- share->population_group[slen].count++;
- if (share->population_group[slen].count >
- share->population_group[slen].max)
- share->population_group[slen].max =
- share->population_group[slen].count;
- }
+ if (slen < 4) {
+ share->population_group[slen].count++;
+ if (share->population_group[slen].count >
+ share->population_group[slen].max)
+ share->population_group[slen].max =
+ share->population_group[slen].count;
+ }
- SHARE_COMMON_UNLOCK_BIG();
+ SHARE_COMMON_UNLOCK_BIG();
}
-void
-eina_share_common_population_del(Eina_Share *share, int slen)
+void eina_share_common_population_del(Eina_Share * share, int slen)
{
- SHARE_COMMON_LOCK_BIG();
+ SHARE_COMMON_LOCK_BIG();
- share->population.count--;
- if (slen < 4)
- share->population_group[slen].count--;
+ share->population.count--;
+ if (slen < 4)
+ share->population_group[slen].count--;
- SHARE_COMMON_UNLOCK_BIG();
+ SHARE_COMMON_UNLOCK_BIG();
}
static void
-_eina_share_common_population_head_init(Eina_Share *share,
- Eina_Share_Common_Head *head)
+_eina_share_common_population_head_init(Eina_Share * share,
+ Eina_Share_Common_Head * head)
{
- head->population = 1;
+ head->population = 1;
}
static void
-_eina_share_common_population_head_add(Eina_Share *share,
- Eina_Share_Common_Head *head)
+_eina_share_common_population_head_add(Eina_Share * share,
+ Eina_Share_Common_Head * head)
{
- head->population++;
- if (head->population > share->max_node_population)
- share->max_node_population = head->population;
+ head->population++;
+ if (head->population > share->max_node_population)
+ share->max_node_population = head->population;
}
static void
-_eina_share_common_population_head_del(Eina_Share *share,
- Eina_Share_Common_Head *head)
+_eina_share_common_population_head_del(Eina_Share * share,
+ Eina_Share_Common_Head * head)
{
- head->population--;
+ head->population--;
}
-#else /* EINA_SHARE_COMMON_USAGE undefined */
+#else /* EINA_SHARE_COMMON_USAGE undefined */
-static void _eina_share_common_population_init(__UNUSED__ Eina_Share *share) {
+static void _eina_share_common_population_init(__UNUSED__ Eina_Share *
+ share)
+{
}
-static void _eina_share_common_population_shutdown(__UNUSED__ Eina_Share *share)
+
+static void _eina_share_common_population_shutdown(__UNUSED__ Eina_Share *
+ share)
{
}
-static void _eina_share_common_population_stats(__UNUSED__ Eina_Share *share) {
+
+static void _eina_share_common_population_stats(__UNUSED__ Eina_Share *
+ share)
+{
}
-void eina_share_common_population_add(__UNUSED__ Eina_Share *share,
- __UNUSED__ int slen) {
+
+void eina_share_common_population_add(__UNUSED__ Eina_Share * share,
+ __UNUSED__ int slen)
+{
}
-void eina_share_common_population_del(__UNUSED__ Eina_Share *share,
- __UNUSED__ int slen) {
+
+void eina_share_common_population_del(__UNUSED__ Eina_Share * share,
+ __UNUSED__ int slen)
+{
}
-static void _eina_share_common_population_head_init(
- __UNUSED__ Eina_Share *share,
- __UNUSED__ Eina_Share_Common_Head *head) {
+
+static void _eina_share_common_population_head_init(__UNUSED__ Eina_Share *
+ share,
+ __UNUSED__
+ Eina_Share_Common_Head
+ * head)
+{
}
-static void _eina_share_common_population_head_add(
- __UNUSED__ Eina_Share *share,
- __UNUSED__
- Eina_Share_Common_Head *head) {
+
+static void _eina_share_common_population_head_add(__UNUSED__ Eina_Share *
+ share,
+ __UNUSED__
+ Eina_Share_Common_Head *
+ head)
+{
}
-static void _eina_share_common_population_head_del(
- __UNUSED__ Eina_Share *share,
- __UNUSED__
- Eina_Share_Common_Head *head) {
+
+static void _eina_share_common_population_head_del(__UNUSED__ Eina_Share *
+ share,
+ __UNUSED__
+ Eina_Share_Common_Head *
+ head)
+{
}
#endif
static int
-_eina_share_common_cmp(const Eina_Share_Common_Head *ed,
- const int *hash,
- __UNUSED__ int length,
- __UNUSED__ void *data)
+_eina_share_common_cmp(const Eina_Share_Common_Head * ed,
+ const int *hash,
+ __UNUSED__ int length, __UNUSED__ void *data)
{
- EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(ed, , 0);
+ EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(ed,, 0);
- return ed->hash - *hash;
+ return ed->hash - *hash;
}
static Eina_Rbtree_Direction
-_eina_share_common_node(const Eina_Share_Common_Head *left,
- const Eina_Share_Common_Head *right,
- __UNUSED__ void *data)
+_eina_share_common_node(const Eina_Share_Common_Head * left,
+ const Eina_Share_Common_Head * right,
+ __UNUSED__ void *data)
{
- EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(left, , 0);
- EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(right, , 0);
+ EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(left,, 0);
+ EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(right,, 0);
- if (left->hash - right->hash < 0)
- return EINA_RBTREE_LEFT;
+ if (left->hash - right->hash < 0)
+ return EINA_RBTREE_LEFT;
- return EINA_RBTREE_RIGHT;
+ return EINA_RBTREE_RIGHT;
}
static void
-_eina_share_common_head_free(Eina_Share_Common_Head *ed, __UNUSED__ void *data)
+_eina_share_common_head_free(Eina_Share_Common_Head * ed,
+ __UNUSED__ void *data)
{
- EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(ed, );
+ EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(ed,);
- while (ed->head)
- {
- Eina_Share_Common_Node *el = ed->head;
+ while (ed->head) {
+ Eina_Share_Common_Node *el = ed->head;
- ed->head = ed->head->next;
- if (el != &ed->builtin_node)
- MAGIC_FREE(el);
- }
- MAGIC_FREE(ed);
+ ed->head = ed->head->next;
+ if (el != &ed->builtin_node)
+ MAGIC_FREE(el);
+ }
+ MAGIC_FREE(ed);
}
static void
-_eina_share_common_node_init(Eina_Share_Common_Node *node,
- const char *str,
- int slen,
- unsigned int null_size,
- Eina_Magic node_magic)
+_eina_share_common_node_init(Eina_Share_Common_Node * node,
+ const char *str,
+ int slen,
+ unsigned int null_size, Eina_Magic node_magic)
{
- EINA_MAGIC_SET(node, node_magic);
- node->references = 1;
- node->length = slen;
- memcpy(node->str, str, slen);
- memset(node->str + slen, 0, null_size); /* Nullify the null */
+ EINA_MAGIC_SET(node, node_magic);
+ node->references = 1;
+ node->length = slen;
+ memcpy(node->str, str, slen);
+ memset(node->str + slen, 0, null_size); /* Nullify the null */
- (void) node_magic; /* When magic are disable, node_magic is unused, this remove a warning. */
+ (void) node_magic; /* When magic are disable, node_magic is unused, this remove a warning. */
}
-static Eina_Share_Common_Head *
-_eina_share_common_head_alloc(int slen)
+static Eina_Share_Common_Head *_eina_share_common_head_alloc(int slen)
{
- Eina_Share_Common_Head *head;
- const size_t head_size = offsetof(Eina_Share_Common_Head, builtin_node.str);
+ Eina_Share_Common_Head *head;
+ const size_t head_size =
+ offsetof(Eina_Share_Common_Head, builtin_node.str);
- head = malloc(head_size + slen);
- if (!head)
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ head = malloc(head_size + slen);
+ if (!head)
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return head;
+ return head;
}
-static const char *
-_eina_share_common_add_head(Eina_Share *share,
- Eina_Share_Common_Head **p_bucket,
- int hash,
- const char *str,
- unsigned int slen,
- unsigned int null_size)
+static const char *_eina_share_common_add_head(Eina_Share * share,
+ Eina_Share_Common_Head **
+ p_bucket, int hash,
+ const char *str,
+ unsigned int slen,
+ unsigned int null_size)
{
- Eina_Rbtree **p_tree = (Eina_Rbtree **)p_bucket;
- Eina_Share_Common_Head *head;
+ Eina_Rbtree **p_tree = (Eina_Rbtree **) p_bucket;
+ Eina_Share_Common_Head *head;
- head = _eina_share_common_head_alloc(slen + null_size);
- if (!head)
- return NULL;
+ head = _eina_share_common_head_alloc(slen + null_size);
+ if (!head)
+ return NULL;
- EINA_MAGIC_SET(head, EINA_MAGIC_SHARE_HEAD);
- head->hash = hash;
- head->head = &head->builtin_node;
- _eina_share_common_node_init(head->head,
- str,
- slen,
- null_size,
- share->node_magic);
- head->head->next = NULL;
+ EINA_MAGIC_SET(head, EINA_MAGIC_SHARE_HEAD);
+ head->hash = hash;
+ head->head = &head->builtin_node;
+ _eina_share_common_node_init(head->head,
+ str,
+ slen, null_size, share->node_magic);
+ head->head->next = NULL;
- _eina_share_common_population_head_init(share, head);
+ _eina_share_common_population_head_init(share, head);
- *p_tree = eina_rbtree_inline_insert
- (*p_tree, EINA_RBTREE_GET(head),
- EINA_RBTREE_CMP_NODE_CB(_eina_share_common_node), NULL);
+ *p_tree = eina_rbtree_inline_insert
+ (*p_tree, EINA_RBTREE_GET(head),
+ EINA_RBTREE_CMP_NODE_CB(_eina_share_common_node), NULL);
- return head->head->str;
+ return head->head->str;
}
static void
-_eina_share_common_del_head(Eina_Share_Common_Head **p_bucket,
- Eina_Share_Common_Head *head)
+_eina_share_common_del_head(Eina_Share_Common_Head ** p_bucket,
+ Eina_Share_Common_Head * head)
{
- Eina_Rbtree **p_tree = (Eina_Rbtree **)p_bucket;
+ Eina_Rbtree **p_tree = (Eina_Rbtree **) p_bucket;
- *p_tree = eina_rbtree_inline_remove
- (*p_tree, EINA_RBTREE_GET(head),
- EINA_RBTREE_CMP_NODE_CB(_eina_share_common_node), NULL);
+ *p_tree = eina_rbtree_inline_remove
+ (*p_tree, EINA_RBTREE_GET(head),
+ EINA_RBTREE_CMP_NODE_CB(_eina_share_common_node), NULL);
- MAGIC_FREE(head);
+ MAGIC_FREE(head);
}
static inline Eina_Bool
-_eina_share_common_node_eq(const Eina_Share_Common_Node *node,
- const char *str,
- unsigned int slen)
+_eina_share_common_node_eq(const Eina_Share_Common_Node * node,
+ const char *str, unsigned int slen)
{
- return ((node->length == slen) &&
- (memcmp(node->str, str, slen) == 0));
+ return ((node->length == slen) &&
+ (memcmp(node->str, str, slen) == 0));
}
-static Eina_Share_Common_Node *
-_eina_share_common_head_find(Eina_Share_Common_Head *head,
- const char *str,
- unsigned int slen)
+static Eina_Share_Common_Node
+ *_eina_share_common_head_find(Eina_Share_Common_Head * head,
+ const char *str, unsigned int slen)
{
- Eina_Share_Common_Node *node, *prev;
+ Eina_Share_Common_Node *node, *prev;
- node = head->head;
- if (_eina_share_common_node_eq(node, str, slen))
- return node;
+ node = head->head;
+ if (_eina_share_common_node_eq(node, str, slen))
+ return node;
- prev = node;
- node = node->next;
- for (; node; prev = node, node = node->next)
- if (_eina_share_common_node_eq(node, str, slen))
- {
- /* promote node, make hot items be at the beginning */
- prev->next = node->next;
- node->next = head->head;
- head->head = node;
- return node;
- }
+ prev = node;
+ node = node->next;
+ for (; node; prev = node, node = node->next)
+ if (_eina_share_common_node_eq(node, str, slen)) {
+ /* promote node, make hot items be at the beginning */
+ prev->next = node->next;
+ node->next = head->head;
+ head->head = node;
+ return node;
+ }
- return NULL;
+ return NULL;
}
static Eina_Bool
-_eina_share_common_head_remove_node(Eina_Share_Common_Head *head,
- const Eina_Share_Common_Node *node)
+_eina_share_common_head_remove_node(Eina_Share_Common_Head * head,
+ const Eina_Share_Common_Node * node)
{
- Eina_Share_Common_Node *cur, *prev;
+ Eina_Share_Common_Node *cur, *prev;
- if (head->head == node)
- {
- head->head = node->next;
- return 1;
- }
+ if (head->head == node) {
+ head->head = node->next;
+ return 1;
+ }
- prev = head->head;
- cur = head->head->next;
- for (; cur; prev = cur, cur = cur->next)
- if (cur == node)
- {
- prev->next = cur->next;
- return 1;
- }
+ prev = head->head;
+ cur = head->head->next;
+ for (; cur; prev = cur, cur = cur->next)
+ if (cur == node) {
+ prev->next = cur->next;
+ return 1;
+ }
- return 0;
+ return 0;
}
-static Eina_Share_Common_Head *
-_eina_share_common_find_hash(Eina_Share_Common_Head *bucket, int hash)
+static Eina_Share_Common_Head
+ *_eina_share_common_find_hash(Eina_Share_Common_Head * bucket,
+ int hash)
{
- return (Eina_Share_Common_Head *)eina_rbtree_inline_lookup
- (EINA_RBTREE_GET(bucket), &hash, 0,
- EINA_RBTREE_CMP_KEY_CB(_eina_share_common_cmp), NULL);
+ return (Eina_Share_Common_Head *) eina_rbtree_inline_lookup
+ (EINA_RBTREE_GET(bucket), &hash, 0,
+ EINA_RBTREE_CMP_KEY_CB(_eina_share_common_cmp), NULL);
}
-static Eina_Share_Common_Node *
-_eina_share_common_node_alloc(unsigned int slen, unsigned int null_size)
+static Eina_Share_Common_Node *_eina_share_common_node_alloc(unsigned int
+ slen,
+ unsigned int
+ null_size)
{
- Eina_Share_Common_Node *node;
- const size_t node_size = offsetof(Eina_Share_Common_Node, str);
+ Eina_Share_Common_Node *node;
+ const size_t node_size = offsetof(Eina_Share_Common_Node, str);
- node = malloc(node_size + slen + null_size);
- if (!node)
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ node = malloc(node_size + slen + null_size);
+ if (!node)
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return node;
+ return node;
}
-static Eina_Share_Common_Node *
-_eina_share_common_node_from_str(const char *str, Eina_Magic node_magic)
+static Eina_Share_Common_Node *_eina_share_common_node_from_str(const char
+ *str,
+ Eina_Magic
+ node_magic)
{
- Eina_Share_Common_Node *node;
- const size_t offset = offsetof(Eina_Share_Common_Node, str);
+ Eina_Share_Common_Node *node;
+ const size_t offset = offsetof(Eina_Share_Common_Node, str);
- node = (Eina_Share_Common_Node *)(str - offset);
- EINA_MAGIC_CHECK_SHARE_COMMON_NODE(node, node_magic, );
- return node;
+ node = (Eina_Share_Common_Node *) (str - offset);
+ EINA_MAGIC_CHECK_SHARE_COMMON_NODE(node, node_magic,);
+ return node;
- (void) node_magic; /* When magic are disable, node_magic is unused, this remove a warning. */
+ (void) node_magic; /* When magic are disable, node_magic is unused, this remove a warning. */
}
static Eina_Bool
-eina_iterator_array_check(const Eina_Rbtree *rbtree __UNUSED__,
- Eina_Share_Common_Head *head,
- struct dumpinfo *fdata)
+eina_iterator_array_check(const Eina_Rbtree * rbtree __UNUSED__,
+ Eina_Share_Common_Head * head,
+ struct dumpinfo *fdata)
{
- Eina_Share_Common_Node *node;
+ Eina_Share_Common_Node *node;
- SHARE_COMMON_LOCK_BIG();
+ SHARE_COMMON_LOCK_BIG();
- fdata->used += sizeof(Eina_Share_Common_Head);
- for (node = head->head; node; node = node->next)
- {
- printf("DDD: %5i %5i ", node->length, node->references);
- printf("'%.*s'\n", node->length, ((char *)node) + sizeof(Eina_Share_Common_Node));
- fdata->used += sizeof(Eina_Share_Common_Node);
- fdata->used += node->length;
- fdata->saved += (node->references - 1) * node->length;
- fdata->dups += node->references - 1;
- fdata->unique++;
- }
+ fdata->used += sizeof(Eina_Share_Common_Head);
+ for (node = head->head; node; node = node->next) {
+ printf("DDD: %5i %5i ", node->length, node->references);
+ printf("'%.*s'\n", node->length,
+ ((char *) node) + sizeof(Eina_Share_Common_Node));
+ fdata->used += sizeof(Eina_Share_Common_Node);
+ fdata->used += node->length;
+ fdata->saved += (node->references - 1) * node->length;
+ fdata->dups += node->references - 1;
+ fdata->unique++;
+ }
- SHARE_COMMON_UNLOCK_BIG();
+ SHARE_COMMON_UNLOCK_BIG();
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -611,48 +603,46 @@ eina_iterator_array_check(const Eina_Rbtree *rbtree __UNUSED__,
* @see eina_init()
*/
Eina_Bool
-eina_share_common_init(Eina_Share **_share,
- Eina_Magic node_magic,
- const char *node_magic_STR)
-{
- Eina_Share *share;
- share = *_share = calloc(sizeof(Eina_Share), 1);
- if (!share)
- return EINA_FALSE;
-
- if (_eina_share_common_log_dom < 0) /*Only register if not already */
- _eina_share_common_log_dom = eina_log_domain_register(
- "eina_share",
- EINA_LOG_COLOR_DEFAULT);
-
- if (_eina_share_common_log_dom < 0)
- {
- EINA_LOG_ERR("Could not register log domain: eina_share_common");
- return EINA_FALSE;
- }
-
- share->share = calloc(1, sizeof(Eina_Share_Common));
- if (!share->share)
- {
- if (_eina_share_common_log_dom > 0)
- {
- eina_log_domain_unregister(_eina_share_common_log_dom);
- _eina_share_common_log_dom = -1;
- }
-
- return EINA_FALSE;
- }
-
- share->node_magic = node_magic;
+eina_share_common_init(Eina_Share ** _share,
+ Eina_Magic node_magic, const char *node_magic_STR)
+{
+ Eina_Share *share;
+ share = *_share = calloc(sizeof(Eina_Share), 1);
+ if (!share)
+ return EINA_FALSE;
+
+ if (_eina_share_common_log_dom < 0) /*Only register if not already */
+ _eina_share_common_log_dom =
+ eina_log_domain_register("eina_share",
+ EINA_LOG_COLOR_DEFAULT);
+
+ if (_eina_share_common_log_dom < 0) {
+ EINA_LOG_ERR
+ ("Could not register log domain: eina_share_common");
+ return EINA_FALSE;
+ }
+
+ share->share = calloc(1, sizeof(Eina_Share_Common));
+ if (!share->share) {
+ if (_eina_share_common_log_dom > 0) {
+ eina_log_domain_unregister
+ (_eina_share_common_log_dom);
+ _eina_share_common_log_dom = -1;
+ }
+
+ return EINA_FALSE;
+ }
+
+ share->node_magic = node_magic;
#define EMS(n) eina_magic_string_static_set(n, n ## _STR)
- EMS(EINA_MAGIC_SHARE);
- EMS(EINA_MAGIC_SHARE_HEAD);
- EMS(node_magic);
+ EMS(EINA_MAGIC_SHARE);
+ EMS(EINA_MAGIC_SHARE_HEAD);
+ EMS(node_magic);
#undef EMS
- EINA_MAGIC_SET(share->share, EINA_MAGIC_SHARE);
+ EINA_MAGIC_SET(share->share, EINA_MAGIC_SHARE);
- _eina_share_common_population_init(share);
- return EINA_TRUE;
+ _eina_share_common_population_init(share);
+ return EINA_TRUE;
}
/**
@@ -666,39 +656,36 @@ eina_share_common_init(Eina_Share **_share,
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_share_common_shutdown(Eina_Share **_share)
+Eina_Bool eina_share_common_shutdown(Eina_Share ** _share)
{
- unsigned int i;
- Eina_Share *share = *_share;
+ unsigned int i;
+ Eina_Share *share = *_share;
- SHARE_COMMON_LOCK_BIG();
+ SHARE_COMMON_LOCK_BIG();
- _eina_share_common_population_stats(share);
+ _eina_share_common_population_stats(share);
- /* remove any string still in the table */
- for (i = 0; i < EINA_SHARE_COMMON_BUCKETS; i++)
- {
- eina_rbtree_delete(EINA_RBTREE_GET(
- share->share->buckets[i]),
- EINA_RBTREE_FREE_CB(
- _eina_share_common_head_free), NULL);
- share->share->buckets[i] = NULL;
- }
- MAGIC_FREE(share->share);
+ /* remove any string still in the table */
+ for (i = 0; i < EINA_SHARE_COMMON_BUCKETS; i++) {
+ eina_rbtree_delete(EINA_RBTREE_GET
+ (share->share->buckets[i]),
+ EINA_RBTREE_FREE_CB
+ (_eina_share_common_head_free), NULL);
+ share->share->buckets[i] = NULL;
+ }
+ MAGIC_FREE(share->share);
- _eina_share_common_population_shutdown(share);
- if (_eina_share_common_log_dom > 0) /* Only free if necessary */
- {
- eina_log_domain_unregister(_eina_share_common_log_dom);
- _eina_share_common_log_dom = -1;
- }
+ _eina_share_common_population_shutdown(share);
+ if (_eina_share_common_log_dom > 0) { /* Only free if necessary */
+ eina_log_domain_unregister(_eina_share_common_log_dom);
+ _eina_share_common_log_dom = -1;
+ }
- SHARE_COMMON_UNLOCK_BIG();
+ SHARE_COMMON_UNLOCK_BIG();
- free(*_share);
- *_share = NULL;
- return EINA_TRUE;
+ free(*_share);
+ *_share = NULL;
+ return EINA_TRUE;
}
#ifdef EFL_HAVE_THREADS
@@ -712,10 +699,9 @@ eina_share_common_shutdown(Eina_Share **_share)
*
* @see eina_threads_init()
*/
-void
-eina_share_common_threads_init(void)
+void eina_share_common_threads_init(void)
{
- _share_common_threads_activated = EINA_TRUE;
+ _share_common_threads_activated = EINA_TRUE;
}
/**
@@ -727,10 +713,9 @@ eina_share_common_threads_init(void)
*
* @see eina_threads_shutdown()
*/
-void
-eina_share_common_threads_shutdown(void)
+void eina_share_common_threads_shutdown(void)
{
- _share_common_threads_activated = EINA_FALSE;
+ _share_common_threads_activated = EINA_FALSE;
}
#endif
@@ -743,230 +728,225 @@ eina_share_common_threads_shutdown(void)
* @cond LOCAL
*/
-const char *
-eina_share_common_add_length(Eina_Share *share,
- const char *str,
- unsigned int slen,
- unsigned int null_size)
+const char *eina_share_common_add_length(Eina_Share * share,
+ const char *str,
+ unsigned int slen,
+ unsigned int null_size)
{
- Eina_Share_Common_Head **p_bucket, *ed;
- Eina_Share_Common_Node *el;
- int hash_num, hash;
+ Eina_Share_Common_Head **p_bucket, *ed;
+ Eina_Share_Common_Node *el;
+ int hash_num, hash;
- if (!str)
- return NULL;
+ if (!str)
+ return NULL;
- eina_share_common_population_add(share, slen);
+ eina_share_common_population_add(share, slen);
- if (slen <= 0)
- return NULL;
+ if (slen <= 0)
+ return NULL;
- hash = eina_hash_superfast(str, slen);
- hash_num = hash & 0xFF;
- hash = (hash >> 8) & EINA_SHARE_COMMON_MASK;
+ hash = eina_hash_superfast(str, slen);
+ hash_num = hash & 0xFF;
+ hash = (hash >> 8) & EINA_SHARE_COMMON_MASK;
- SHARE_COMMON_LOCK_BIG();
- p_bucket = share->share->buckets + hash_num;
+ SHARE_COMMON_LOCK_BIG();
+ p_bucket = share->share->buckets + hash_num;
- ed = _eina_share_common_find_hash(*p_bucket, hash);
- if (!ed)
- {
- const char *s = _eina_share_common_add_head(share,
- p_bucket,
- hash,
- str,
- slen,
- null_size);
- SHARE_COMMON_UNLOCK_BIG();
- return s;
- }
+ ed = _eina_share_common_find_hash(*p_bucket, hash);
+ if (!ed) {
+ const char *s = _eina_share_common_add_head(share,
+ p_bucket,
+ hash,
+ str,
+ slen,
+ null_size);
+ SHARE_COMMON_UNLOCK_BIG();
+ return s;
+ }
- EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(ed, SHARE_COMMON_UNLOCK_BIG(), NULL);
+ EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(ed, SHARE_COMMON_UNLOCK_BIG(),
+ NULL);
- el = _eina_share_common_head_find(ed, str, slen);
- if (el)
- {
- EINA_MAGIC_CHECK_SHARE_COMMON_NODE(el,
- share->node_magic,
- SHARE_COMMON_UNLOCK_BIG());
- el->references++;
- SHARE_COMMON_UNLOCK_BIG();
- return el->str;
- }
+ el = _eina_share_common_head_find(ed, str, slen);
+ if (el) {
+ EINA_MAGIC_CHECK_SHARE_COMMON_NODE(el,
+ share->node_magic,
+ SHARE_COMMON_UNLOCK_BIG
+ ());
+ el->references++;
+ SHARE_COMMON_UNLOCK_BIG();
+ return el->str;
+ }
- el = _eina_share_common_node_alloc(slen, null_size);
- if (!el)
- {
- SHARE_COMMON_UNLOCK_BIG();
- return NULL;
- }
+ el = _eina_share_common_node_alloc(slen, null_size);
+ if (!el) {
+ SHARE_COMMON_UNLOCK_BIG();
+ return NULL;
+ }
- _eina_share_common_node_init(el, str, slen, null_size, share->node_magic);
- el->next = ed->head;
- ed->head = el;
- _eina_share_common_population_head_add(share, ed);
+ _eina_share_common_node_init(el, str, slen, null_size,
+ share->node_magic);
+ el->next = ed->head;
+ ed->head = el;
+ _eina_share_common_population_head_add(share, ed);
- SHARE_COMMON_UNLOCK_BIG();
+ SHARE_COMMON_UNLOCK_BIG();
- return el->str;
+ return el->str;
}
-const char *
-eina_share_common_ref(Eina_Share *share, const char *str)
+const char *eina_share_common_ref(Eina_Share * share, const char *str)
{
- Eina_Share_Common_Node *node;
+ Eina_Share_Common_Node *node;
- if (!str)
- return NULL;
+ if (!str)
+ return NULL;
- SHARE_COMMON_LOCK_BIG();
- node = _eina_share_common_node_from_str(str, share->node_magic);
- node->references++;
- DBG("str=%p refs=%u", str, node->references);
+ SHARE_COMMON_LOCK_BIG();
+ node = _eina_share_common_node_from_str(str, share->node_magic);
+ node->references++;
+ DBG("str=%p refs=%u", str, node->references);
- SHARE_COMMON_UNLOCK_BIG();
+ SHARE_COMMON_UNLOCK_BIG();
- eina_share_common_population_add(share, node->length);
+ eina_share_common_population_add(share, node->length);
- return str;
+ return str;
}
-void
-eina_share_common_del(Eina_Share *share, const char *str)
+void eina_share_common_del(Eina_Share * share, const char *str)
{
- unsigned int slen;
- Eina_Share_Common_Head *ed;
- Eina_Share_Common_Head **p_bucket;
- Eina_Share_Common_Node *node;
- int hash_num, hash;
+ unsigned int slen;
+ Eina_Share_Common_Head *ed;
+ Eina_Share_Common_Head **p_bucket;
+ Eina_Share_Common_Node *node;
+ int hash_num, hash;
- if (!str)
- return;
+ if (!str)
+ return;
- SHARE_COMMON_LOCK_BIG();
+ SHARE_COMMON_LOCK_BIG();
- node = _eina_share_common_node_from_str(str, share->node_magic);
- slen = node->length;
- eina_share_common_population_del(share, slen);
- if (node->references > 1)
- {
- node->references--;
- DBG("str=%p refs=%u", str, node->references);
- SHARE_COMMON_UNLOCK_BIG();
- return;
- }
+ node = _eina_share_common_node_from_str(str, share->node_magic);
+ slen = node->length;
+ eina_share_common_population_del(share, slen);
+ if (node->references > 1) {
+ node->references--;
+ DBG("str=%p refs=%u", str, node->references);
+ SHARE_COMMON_UNLOCK_BIG();
+ return;
+ }
- DBG("str=%p refs=0, delete.", str);
- node->references = 0;
+ DBG("str=%p refs=0, delete.", str);
+ node->references = 0;
- hash = eina_hash_superfast(str, slen);
- hash_num = hash & 0xFF;
- hash = (hash >> 8) & EINA_SHARE_COMMON_MASK;
+ hash = eina_hash_superfast(str, slen);
+ hash_num = hash & 0xFF;
+ hash = (hash >> 8) & EINA_SHARE_COMMON_MASK;
- p_bucket = share->share->buckets + hash_num;
- ed = _eina_share_common_find_hash(*p_bucket, hash);
- if (!ed)
- goto on_error;
+ p_bucket = share->share->buckets + hash_num;
+ ed = _eina_share_common_find_hash(*p_bucket, hash);
+ if (!ed)
+ goto on_error;
- EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(ed, SHARE_COMMON_UNLOCK_BIG());
+ EINA_MAGIC_CHECK_SHARE_COMMON_HEAD(ed, SHARE_COMMON_UNLOCK_BIG());
- if (!_eina_share_common_head_remove_node(ed, node))
- goto on_error;
+ if (!_eina_share_common_head_remove_node(ed, node))
+ goto on_error;
- if (node != &ed->builtin_node)
- MAGIC_FREE(node);
+ if (node != &ed->builtin_node)
+ MAGIC_FREE(node);
- if (!ed->head)
- _eina_share_common_del_head(p_bucket, ed);
- else
- _eina_share_common_population_head_del(share, ed);
+ if (!ed->head)
+ _eina_share_common_del_head(p_bucket, ed);
+ else
+ _eina_share_common_population_head_del(share, ed);
- SHARE_COMMON_UNLOCK_BIG();
+ SHARE_COMMON_UNLOCK_BIG();
- return;
+ return;
-on_error:
- SHARE_COMMON_UNLOCK_BIG();
- /* possible segfault happened before here, but... */
- CRITICAL("EEEK trying to del non-shared share_common \"%s\"", str);
+ on_error:
+ SHARE_COMMON_UNLOCK_BIG();
+ /* possible segfault happened before here, but... */
+ CRITICAL("EEEK trying to del non-shared share_common \"%s\"", str);
}
int
-eina_share_common_length(__UNUSED__ Eina_Share *share, const char *str)
+eina_share_common_length(__UNUSED__ Eina_Share * share, const char *str)
{
- const Eina_Share_Common_Node *node;
+ const Eina_Share_Common_Node *node;
- if (!str)
- return -1;
+ if (!str)
+ return -1;
- node = _eina_share_common_node_from_str(str, share->node_magic);
- return node->length;
+ node = _eina_share_common_node_from_str(str, share->node_magic);
+ return node->length;
}
void
-eina_share_common_dump(Eina_Share *share, void (*additional_dump)(
- struct dumpinfo *), int used)
-{
- Eina_Iterator *it;
- unsigned int i;
- struct dumpinfo di;
-
- if (!share)
- return;
-
- di.used = used;
- di.saved = 0;
- di.dups = 0;
- di.unique = 0;
- printf("DDD: len ref string\n");
- printf("DDD:-------------------\n");
-
- SHARE_COMMON_LOCK_BIG();
- for (i = 0; i < EINA_SHARE_COMMON_BUCKETS; i++)
- {
- if (!share->share->buckets[i])
- {
- continue; // printf("DDD: BUCKET # %i (HEAD=%i, NODE=%i)\n", i,
-
- }
-
-// sizeof(Eina_Share_Common_Head), sizeof(Eina_Share_Common_Node));
- it = eina_rbtree_iterator_prefix(
- (Eina_Rbtree *)share->share->buckets[i]);
- eina_iterator_foreach(it, EINA_EACH_CB(eina_iterator_array_check), &di);
- eina_iterator_free(it);
- }
- if (additional_dump)
- additional_dump(&di);
+eina_share_common_dump(Eina_Share * share,
+ void (*additional_dump) (struct dumpinfo *),
+ int used)
+{
+ Eina_Iterator *it;
+ unsigned int i;
+ struct dumpinfo di;
+
+ if (!share)
+ return;
+
+ di.used = used;
+ di.saved = 0;
+ di.dups = 0;
+ di.unique = 0;
+ printf("DDD: len ref string\n");
+ printf("DDD:-------------------\n");
+
+ SHARE_COMMON_LOCK_BIG();
+ for (i = 0; i < EINA_SHARE_COMMON_BUCKETS; i++) {
+ if (!share->share->buckets[i]) {
+ continue; // printf("DDD: BUCKET # %i (HEAD=%i, NODE=%i)\n", i,
+
+ }
+// sizeof(Eina_Share_Common_Head), sizeof(Eina_Share_Common_Node));
+ it = eina_rbtree_iterator_prefix((Eina_Rbtree *) share->
+ share->buckets[i]);
+ eina_iterator_foreach(it,
+ EINA_EACH_CB
+ (eina_iterator_array_check), &di);
+ eina_iterator_free(it);
+ }
+ if (additional_dump)
+ additional_dump(&di);
#ifdef EINA_SHARE_COMMON_USAGE
- /* One character strings are not counted in the hash. */
- di.saved += share->population_group[0].count * sizeof(char);
- di.saved += share->population_group[1].count * sizeof(char) * 2;
+ /* One character strings are not counted in the hash. */
+ di.saved += share->population_group[0].count * sizeof(char);
+ di.saved += share->population_group[1].count * sizeof(char) * 2;
#endif
- printf("DDD:-------------------\n");
- printf("DDD: usage (bytes) = %i, saved = %i (%3.0f%%)\n",
- di.used, di.saved, di.used ? (di.saved * 100.0 / di.used) : 0.0);
- printf("DDD: unique: %d, duplicates: %d (%3.0f%%)\n",
- di.unique, di.dups, di.unique ? (di.dups * 100.0 / di.unique) : 0.0);
+ printf("DDD:-------------------\n");
+ printf("DDD: usage (bytes) = %i, saved = %i (%3.0f%%)\n",
+ di.used, di.saved,
+ di.used ? (di.saved * 100.0 / di.used) : 0.0);
+ printf("DDD: unique: %d, duplicates: %d (%3.0f%%)\n", di.unique,
+ di.dups, di.unique ? (di.dups * 100.0 / di.unique) : 0.0);
#ifdef EINA_SHARE_COMMON_USAGE
- printf("DDD: Allocated strings: %i\n", share->population.count);
- printf("DDD: Max allocated strings: %i\n", share->population.max);
-
- for (i = 0;
- i < sizeof (share->population_group) /
- sizeof (share->population_group[0]);
- ++i)
- fprintf(stderr,
- "DDD: %i strings of length %i, max strings: %i\n",
- share->population_group[i].count,
- i,
- share->population_group[i].max);
+ printf("DDD: Allocated strings: %i\n", share->population.count);
+ printf("DDD: Max allocated strings: %i\n", share->population.max);
+
+ for (i = 0;
+ i < sizeof(share->population_group) /
+ sizeof(share->population_group[0]); ++i)
+ fprintf(stderr,
+ "DDD: %i strings of length %i, max strings: %i\n",
+ share->population_group[i].count,
+ i, share->population_group[i].max);
#endif
- SHARE_COMMON_UNLOCK_BIG();
+ SHARE_COMMON_UNLOCK_BIG();
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_share_common.h b/tests/suite/ecore/src/lib/eina_share_common.h
index 002c65276c..99b8481f95 100644
--- a/tests/suite/ecore/src/lib/eina_share_common.h
+++ b/tests/suite/ecore/src/lib/eina_share_common.h
@@ -56,32 +56,32 @@
typedef struct _Eina_Share Eina_Share;
-struct dumpinfo
-{
- int used, saved, dups, unique;
+struct dumpinfo {
+ int used, saved, dups, unique;
};
-Eina_Bool eina_share_common_init(Eina_Share **share,
- Eina_Magic node_magic,
- const char *node_magic_STR);
-Eina_Bool eina_share_common_shutdown(Eina_Share **share);
-const char *eina_share_common_add_length(Eina_Share *share,
- const char *str,
- unsigned int slen,
- unsigned int null_size)
-EINA_WARN_UNUSED_RESULT;
-const char *eina_share_common_ref(Eina_Share *share, const char *str);
-void eina_share_common_del(Eina_Share *share, const char *str);
-int eina_share_common_length(Eina_Share *share,
- const char *str) EINA_CONST
-EINA_WARN_UNUSED_RESULT;
-void eina_share_common_dump(Eina_Share *share, void (*additional_dump)(
- struct dumpinfo *), int used);
+Eina_Bool eina_share_common_init(Eina_Share ** share,
+ Eina_Magic node_magic,
+ const char *node_magic_STR);
+Eina_Bool eina_share_common_shutdown(Eina_Share ** share);
+const char *eina_share_common_add_length(Eina_Share * share,
+ const char *str,
+ unsigned int slen,
+ unsigned int null_size)
+ EINA_WARN_UNUSED_RESULT;
+const char *eina_share_common_ref(Eina_Share * share, const char *str);
+void eina_share_common_del(Eina_Share * share, const char *str);
+int eina_share_common_length(Eina_Share * share,
+ const char *str) EINA_CONST
+ EINA_WARN_UNUSED_RESULT;
+void eina_share_common_dump(Eina_Share * share,
+ void (*additional_dump) (struct dumpinfo *),
+ int used);
/* Population functions */
-void eina_share_common_population_add(Eina_Share *share, int slen);
-void eina_share_common_population_del(Eina_Share *share, int slen);
+void eina_share_common_population_add(Eina_Share * share, int slen);
+void eina_share_common_population_del(Eina_Share * share, int slen);
/* Share logging */
#ifdef CRITICAL
@@ -100,4 +100,4 @@ void eina_share_common_population_del(Eina_Share *share, int slen);
#define DBG(...) EINA_LOG_DOM_DBG(_eina_share_common_log_dom, __VA_ARGS__)
extern int _eina_share_common_log_dom;
-#endif /* EINA_STRINGSHARE_H_ */
+#endif /* EINA_STRINGSHARE_H_ */
diff --git a/tests/suite/ecore/src/lib/eina_str.c b/tests/suite/ecore/src/lib/eina_str.c
index bd9badbc58..13cecfb3fc 100644
--- a/tests/suite/ecore/src/lib/eina_str.c
+++ b/tests/suite/ecore/src/lib/eina_str.c
@@ -19,7 +19,7 @@
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdio.h>
@@ -29,8 +29,8 @@
#include <ctype.h>
#ifdef HAVE_ICONV
-# include <errno.h>
-# include <iconv.h>
+#include <errno.h>
+#include <iconv.h>
#endif
#include "eina_private.h"
@@ -50,118 +50,105 @@
*/
static inline Eina_Bool
eina_str_has_suffix_helper(const char *str,
- const char *suffix,
- int (*cmp)(const char *, const char *))
+ const char *suffix,
+ int (*cmp) (const char *, const char *))
{
- size_t str_len;
- size_t suffix_len;
+ size_t str_len;
+ size_t suffix_len;
- str_len = strlen(str);
- suffix_len = eina_strlen_bounded(suffix, str_len);
- if (suffix_len == (size_t)-1)
- return EINA_FALSE;
+ str_len = strlen(str);
+ suffix_len = eina_strlen_bounded(suffix, str_len);
+ if (suffix_len == (size_t) - 1)
+ return EINA_FALSE;
- return cmp(str + str_len - suffix_len, suffix) == 0;
+ return cmp(str + str_len - suffix_len, suffix) == 0;
}
-static inline char **
-eina_str_split_full_helper(const char *str,
- const char *delim,
- int max_tokens,
- unsigned int *elements)
+static inline char **eina_str_split_full_helper(const char *str,
+ const char *delim,
+ int max_tokens,
+ unsigned int *elements)
{
- char *s, **str_array;
- const char *src;
- size_t len, dlen;
- unsigned int tokens;
-
- dlen = strlen(delim);
- if (dlen == 0)
- {
- if (elements)
- *elements = 0;
-
- return NULL;
- }
-
- tokens = 0;
- src = str;
- /* count tokens and check strlen(str) */
- while (*src != '\0')
- {
- const char *d = delim, *d_end = d + dlen;
- const char *tmp = src;
- for (; (d < d_end) && (*tmp != '\0'); d++, tmp++)
- {
- if (EINA_LIKELY(*d != *tmp))
- break;
- }
- if (EINA_UNLIKELY(d == d_end))
- {
- src = tmp;
- tokens++;
- }
- else
- src++;
- }
- len = src - str;
-
- if ((max_tokens > 0) && (tokens > (unsigned int)max_tokens))
- tokens = max_tokens;
-
- str_array = malloc(sizeof(char *) * (tokens + 2));
- if (!str_array)
- {
- if (elements)
- *elements = 0;
-
- return NULL;
- }
-
- s = malloc(len + 1);
- if (!s)
- {
- free(str_array);
- if (elements)
- *elements = 0;
-
- return NULL;
- }
-
- /* copy tokens and string */
- tokens = 0;
- str_array[0] = s;
- src = str;
- while (*src != '\0')
- {
- const char *d = delim, *d_end = d + dlen;
- const char *tmp = src;
- for (; (d < d_end) && (*tmp != '\0'); d++, tmp++)
- {
- if (EINA_LIKELY(*d != *tmp))
- break;
- }
- if (EINA_UNLIKELY(d == d_end))
- {
- src = tmp;
- *s = '\0';
- s += dlen;
- tokens++;
- str_array[tokens] = s;
- }
- else
- {
- *s = *src;
- s++;
- src++;
- }
- }
- *s = '\0';
- str_array[tokens + 1] = NULL;
- if (elements)
- *elements = (tokens + 1);
-
- return str_array;
+ char *s, **str_array;
+ const char *src;
+ size_t len, dlen;
+ unsigned int tokens;
+
+ dlen = strlen(delim);
+ if (dlen == 0) {
+ if (elements)
+ *elements = 0;
+
+ return NULL;
+ }
+
+ tokens = 0;
+ src = str;
+ /* count tokens and check strlen(str) */
+ while (*src != '\0') {
+ const char *d = delim, *d_end = d + dlen;
+ const char *tmp = src;
+ for (; (d < d_end) && (*tmp != '\0'); d++, tmp++) {
+ if (EINA_LIKELY(*d != *tmp))
+ break;
+ }
+ if (EINA_UNLIKELY(d == d_end)) {
+ src = tmp;
+ tokens++;
+ } else
+ src++;
+ }
+ len = src - str;
+
+ if ((max_tokens > 0) && (tokens > (unsigned int) max_tokens))
+ tokens = max_tokens;
+
+ str_array = malloc(sizeof(char *) * (tokens + 2));
+ if (!str_array) {
+ if (elements)
+ *elements = 0;
+
+ return NULL;
+ }
+
+ s = malloc(len + 1);
+ if (!s) {
+ free(str_array);
+ if (elements)
+ *elements = 0;
+
+ return NULL;
+ }
+
+ /* copy tokens and string */
+ tokens = 0;
+ str_array[0] = s;
+ src = str;
+ while (*src != '\0') {
+ const char *d = delim, *d_end = d + dlen;
+ const char *tmp = src;
+ for (; (d < d_end) && (*tmp != '\0'); d++, tmp++) {
+ if (EINA_LIKELY(*d != *tmp))
+ break;
+ }
+ if (EINA_UNLIKELY(d == d_end)) {
+ src = tmp;
+ *s = '\0';
+ s += dlen;
+ tokens++;
+ str_array[tokens] = s;
+ } else {
+ *s = *src;
+ s++;
+ src++;
+ }
+ }
+ *s = '\0';
+ str_array[tokens + 1] = NULL;
+ if (elements)
+ *elements = (tokens + 1);
+
+ return str_array;
}
/**
@@ -199,35 +186,31 @@ eina_str_split_full_helper(const char *str,
* @p src. If the returned value is greater than @p siz, truncation
* occurred.
*/
-EAPI size_t
-eina_strlcpy(char *dst, const char *src, size_t siz)
+EAPI size_t eina_strlcpy(char *dst, const char *src, size_t siz)
{
#ifdef HAVE_STRLCPY
- return strlcpy(dst, src, siz);
+ return strlcpy(dst, src, siz);
#else
- char *d = dst;
- const char *s = src;
- size_t n = siz;
-
- /* Copy as many bytes as will fit */
- if (n != 0)
- while (--n != 0)
- {
- if ((*d++ = *s++) == '\0')
- break;
- }
-
- /* Not enough room in dst, add NUL and traverse rest of src */
- if (n == 0)
- {
- if (siz != 0)
- *d = '\0'; /* NUL-terminate dst */
-
- while (*s++)
- ;
- }
-
- return(s - src - 1); /* count does not include NUL */
+ char *d = dst;
+ const char *s = src;
+ size_t n = siz;
+
+ /* Copy as many bytes as will fit */
+ if (n != 0)
+ while (--n != 0) {
+ if ((*d++ = *s++) == '\0')
+ break;
+ }
+
+ /* Not enough room in dst, add NUL and traverse rest of src */
+ if (n == 0) {
+ if (siz != 0)
+ *d = '\0'; /* NUL-terminate dst */
+
+ while (*s++);
+ }
+
+ return (s - src - 1); /* count does not include NUL */
#endif
}
@@ -246,35 +229,33 @@ eina_strlcpy(char *dst, const char *src, size_t siz)
* MIN(siz, strlen(initial dst)). If the returned value is greater or
* equal than @p siz, truncation occurred.
*/
-EAPI size_t
-eina_strlcat(char *dst, const char *src, size_t siz)
+EAPI size_t eina_strlcat(char *dst, const char *src, size_t siz)
{
- char *d = dst;
- const char *s = src;
- size_t n = siz;
- size_t dlen;
-
- /* Find the end of dst and adjust bytes left but don't go past end */
- while (n-- != 0 && *d != '\0')
- d++;
- dlen = d - dst;
- n = siz - dlen;
-
- if (n == 0)
- return(dlen + strlen(s));
-
- while (*s != '\0') {
- if (n != 1)
- {
- *d++ = *s;
- n--;
- }
-
- s++;
- }
- *d = '\0';
-
- return(dlen + (s - src)); /* count does not include NUL */
+ char *d = dst;
+ const char *s = src;
+ size_t n = siz;
+ size_t dlen;
+
+ /* Find the end of dst and adjust bytes left but don't go past end */
+ while (n-- != 0 && *d != '\0')
+ d++;
+ dlen = d - dst;
+ n = siz - dlen;
+
+ if (n == 0)
+ return (dlen + strlen(s));
+
+ while (*s != '\0') {
+ if (n != 1) {
+ *d++ = *s;
+ n--;
+ }
+
+ s++;
+ }
+ *d = '\0';
+
+ return (dlen + (s - src)); /* count does not include NUL */
}
/**
@@ -288,18 +269,17 @@ eina_strlcat(char *dst, const char *src, size_t siz)
* @p prefix, #EINA_FALSE otherwise. If the length of @p prefix is
* greater than @p str, #EINA_FALSE is returned.
*/
-EAPI Eina_Bool
-eina_str_has_prefix(const char *str, const char *prefix)
+EAPI Eina_Bool eina_str_has_prefix(const char *str, const char *prefix)
{
- size_t str_len;
- size_t prefix_len;
+ size_t str_len;
+ size_t prefix_len;
- str_len = strlen(str);
- prefix_len = eina_strlen_bounded(prefix, str_len);
- if (prefix_len == (size_t)-1)
- return EINA_FALSE;
+ str_len = strlen(str);
+ prefix_len = eina_strlen_bounded(prefix, str_len);
+ if (prefix_len == (size_t) - 1)
+ return EINA_FALSE;
- return (strncmp(str, prefix, prefix_len) == 0);
+ return (strncmp(str, prefix, prefix_len) == 0);
}
/**
@@ -319,10 +299,9 @@ eina_str_has_prefix(const char *str, const char *prefix)
* @return true if str has the given suffix
* @brief checks if the string has the given suffix
*/
-EAPI Eina_Bool
-eina_str_has_suffix(const char *str, const char *suffix)
+EAPI Eina_Bool eina_str_has_suffix(const char *str, const char *suffix)
{
- return eina_str_has_suffix_helper(str, suffix, strcmp);
+ return eina_str_has_suffix_helper(str, suffix, strcmp);
}
/**
@@ -335,10 +314,9 @@ eina_str_has_suffix(const char *str, const char *suffix)
* This function does the same like eina_str_has_suffix(), but with a
* case insensitive compare.
*/
-EAPI Eina_Bool
-eina_str_has_extension(const char *str, const char *ext)
+EAPI Eina_Bool eina_str_has_extension(const char *str, const char *ext)
{
- return eina_str_has_suffix_helper(str, ext, strcasecmp);
+ return eina_str_has_suffix_helper(str, ext, strcasecmp);
}
/**
@@ -364,13 +342,12 @@ eina_str_has_extension(const char *str, const char *ext)
*
* @see eina_str_split()
*/
-EAPI char **
-eina_str_split_full(const char *str,
- const char *delim,
- int max_tokens,
- unsigned int *elements)
+EAPI char **eina_str_split_full(const char *str,
+ const char *delim,
+ int max_tokens, unsigned int *elements)
{
- return eina_str_split_full_helper(str, delim, max_tokens, elements);
+ return eina_str_split_full_helper(str, delim, max_tokens,
+ elements);
}
@@ -393,10 +370,10 @@ eina_str_split_full(const char *str,
* allocate the array. To free it, free the first element of the array and the
* array itself.
*/
-EAPI char **
-eina_str_split(const char *str, const char *delim, int max_tokens)
+EAPI char **eina_str_split(const char *str, const char *delim,
+ int max_tokens)
{
- return eina_str_split_full_helper(str, delim, max_tokens, NULL);
+ return eina_str_split_full_helper(str, delim, max_tokens, NULL);
}
/**
@@ -427,48 +404,42 @@ eina_str_split(const char *str, const char *delim, int max_tokens)
*/
EAPI size_t
eina_str_join_len(char *dst,
- size_t size,
- char sep,
- const char *a,
- size_t a_len,
- const char *b,
- size_t b_len)
+ size_t size,
+ char sep,
+ const char *a, size_t a_len, const char *b, size_t b_len)
{
- size_t ret = a_len + b_len + 1;
- size_t off;
-
- if (size < 1)
- return ret;
-
- if (size <= a_len)
- {
- memcpy(dst, a, size - 1);
- dst[size - 1] = '\0';
- return ret;
- }
-
- memcpy(dst, a, a_len);
- off = a_len;
-
- if (size <= off + 1)
- {
- dst[size - 1] = '\0';
- return ret;
- }
-
- dst[off] = sep;
- off++;
-
- if (size <= off + b_len + 1)
- {
- memcpy(dst + off, b, size - off - 1);
- dst[size - 1] = '\0';
- return ret;
- }
-
- memcpy(dst + off, b, b_len);
- dst[off + b_len] = '\0';
- return ret;
+ size_t ret = a_len + b_len + 1;
+ size_t off;
+
+ if (size < 1)
+ return ret;
+
+ if (size <= a_len) {
+ memcpy(dst, a, size - 1);
+ dst[size - 1] = '\0';
+ return ret;
+ }
+
+ memcpy(dst, a, a_len);
+ off = a_len;
+
+ if (size <= off + 1) {
+ dst[size - 1] = '\0';
+ return ret;
+ }
+
+ dst[off] = sep;
+ off++;
+
+ if (size <= off + b_len + 1) {
+ memcpy(dst + off, b, size - off - 1);
+ dst[size - 1] = '\0';
+ return ret;
+ }
+
+ memcpy(dst + off, b, b_len);
+ dst[off + b_len] = '\0';
+ return ret;
}
/**
@@ -480,89 +451,78 @@ eina_str_join_len(char *dst,
*
*/
#ifdef HAVE_ICONV
-EAPI char *
-eina_str_convert(const char *enc_from, const char *enc_to, const char *text)
+EAPI char *eina_str_convert(const char *enc_from, const char *enc_to,
+ const char *text)
{
- iconv_t ic;
- char *new_txt, *inp, *outp;
- size_t inb, outb, outlen, tob, outalloc;
-
- if (!text)
- return NULL;
-
- ic = iconv_open(enc_to, enc_from);
- if (ic == (iconv_t)(-1))
- return NULL;
-
- new_txt = malloc(64);
- inb = strlen(text);
- outb = 64;
- inp = (char *)text;
- outp = new_txt;
- outalloc = 64;
- outlen = 0;
-
- for (;; )
- {
- size_t count;
-
- tob = outb;
- count = iconv(ic, &inp, &inb, &outp, &outb);
- outlen += tob - outb;
- if (count == (size_t)(-1))
- {
- if (errno == E2BIG)
- {
- new_txt = realloc(new_txt, outalloc + 64);
- outp = new_txt + outlen;
- outalloc += 64;
- outb += 64;
- }
- else if (errno == EILSEQ)
- {
- if (new_txt)
- free(new_txt);
-
- new_txt = NULL;
- break;
- }
- else if (errno == EINVAL)
- {
- if (new_txt)
- free(new_txt);
-
- new_txt = NULL;
- break;
- }
- else
- {
- if (new_txt)
- free(new_txt);
-
- new_txt = NULL;
- break;
- }
- }
-
- if (inb == 0)
- {
- if (outalloc == outlen)
- new_txt = realloc(new_txt, outalloc + 1);
-
- new_txt[outlen] = 0;
- break;
- }
- }
- iconv_close(ic);
- return new_txt;
+ iconv_t ic;
+ char *new_txt, *inp, *outp;
+ size_t inb, outb, outlen, tob, outalloc;
+
+ if (!text)
+ return NULL;
+
+ ic = iconv_open(enc_to, enc_from);
+ if (ic == (iconv_t) (-1))
+ return NULL;
+
+ new_txt = malloc(64);
+ inb = strlen(text);
+ outb = 64;
+ inp = (char *) text;
+ outp = new_txt;
+ outalloc = 64;
+ outlen = 0;
+
+ for (;;) {
+ size_t count;
+
+ tob = outb;
+ count = iconv(ic, &inp, &inb, &outp, &outb);
+ outlen += tob - outb;
+ if (count == (size_t) (-1)) {
+ if (errno == E2BIG) {
+ new_txt = realloc(new_txt, outalloc + 64);
+ outp = new_txt + outlen;
+ outalloc += 64;
+ outb += 64;
+ } else if (errno == EILSEQ) {
+ if (new_txt)
+ free(new_txt);
+
+ new_txt = NULL;
+ break;
+ } else if (errno == EINVAL) {
+ if (new_txt)
+ free(new_txt);
+
+ new_txt = NULL;
+ break;
+ } else {
+ if (new_txt)
+ free(new_txt);
+
+ new_txt = NULL;
+ break;
+ }
+ }
+
+ if (inb == 0) {
+ if (outalloc == outlen)
+ new_txt = realloc(new_txt, outalloc + 1);
+
+ new_txt[outlen] = 0;
+ break;
+ }
+ }
+ iconv_close(ic);
+ return new_txt;
}
#else
-EAPI char *
-eina_str_convert(const char *enc_from __UNUSED__,
- const char *enc_to __UNUSED__,
- const char *text __UNUSED__)
+EAPI char *eina_str_convert(const char *enc_from __UNUSED__,
+ const char *enc_to __UNUSED__,
+ const char *text __UNUSED__)
{
- return NULL;
+ return NULL;
}
#endif
@@ -573,28 +533,25 @@ eina_str_convert(const char *enc_from __UNUSED__,
*
* A newly allocated string is returned.
*/
-EAPI char *
-eina_str_escape(const char *str)
+EAPI char *eina_str_escape(const char *str)
{
- char *s2, *d;
- const char *s;
-
- s2 = malloc((strlen(str) * 2) + 1);
- if (!s2)
- return NULL;
-
- for (s = str, d = s2; *s != 0; s++, d++)
- {
- if ((*s == ' ') || (*s == '\\') || (*s == '\''))
- {
- *d = '\\';
- d++;
- }
-
- *d = *s;
- }
- *d = 0;
- return s2;
+ char *s2, *d;
+ const char *s;
+
+ s2 = malloc((strlen(str) * 2) + 1);
+ if (!s2)
+ return NULL;
+
+ for (s = str, d = s2; *s != 0; s++, d++) {
+ if ((*s == ' ') || (*s == '\\') || (*s == '\'')) {
+ *d = '\\';
+ d++;
+ }
+
+ *d = *s;
+ }
+ *d = 0;
+ return s2;
}
/**
@@ -604,15 +561,14 @@ eina_str_escape(const char *str)
*
* This modifies the original string, changing all characters in [A-Z] to lowercase.
*/
-EAPI void
-eina_str_tolower(char **str)
+EAPI void eina_str_tolower(char **str)
{
- char *p;
- if ((!str) || (!(*str)))
- return;
+ char *p;
+ if ((!str) || (!(*str)))
+ return;
- for (p = *str; (*p); p++)
- *p = tolower((unsigned char )(*p));
+ for (p = *str; (*p); p++)
+ *p = tolower((unsigned char) (*p));
}
/**
@@ -622,15 +578,14 @@ eina_str_tolower(char **str)
*
* This modifies the original string, changing all characters in [a-z] to uppercase.
*/
-EAPI void
-eina_str_toupper(char **str)
+EAPI void eina_str_toupper(char **str)
{
- char *p;
- if ((!str) || (!(*str)))
- return;
+ char *p;
+ if ((!str) || (!(*str)))
+ return;
- for (p = *str; (*p); p++)
- *p = toupper((unsigned char)(*p));
+ for (p = *str; (*p); p++)
+ *p = toupper((unsigned char) (*p));
}
diff --git a/tests/suite/ecore/src/lib/eina_strbuf.c b/tests/suite/ecore/src/lib/eina_strbuf.c
index 3968af56ae..338d056d86 100644
--- a/tests/suite/ecore/src/lib/eina_strbuf.c
+++ b/tests/suite/ecore/src/lib/eina_strbuf.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#define _GNU_SOURCE
@@ -8,7 +8,7 @@
#include <string.h>
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_private.h"
@@ -25,35 +25,35 @@
*/
#ifdef _STRBUF_DATA_TYPE
-# undef _STRBUF_DATA_TYPE
+#undef _STRBUF_DATA_TYPE
#endif
#ifdef _STRBUF_CSIZE
-# undef _STRBUF_CSIZE
+#undef _STRBUF_CSIZE
#endif
#ifdef _STRBUF_STRUCT_NAME
-# undef _STRBUF_STRUCT_NAME
+#undef _STRBUF_STRUCT_NAME
#endif
#ifdef _STRBUF_STRLEN_FUNC
-# undef _STRBUF_STRLEN_FUNC
+#undef _STRBUF_STRLEN_FUNC
#endif
#ifdef _STRBUF_STRESCAPE_FUNC
-# undef _STRBUF_STRESCAPE_FUNC
+#undef _STRBUF_STRESCAPE_FUNC
#endif
#ifdef _STRBUF_MAGIC
-# undef _STRBUF_MAGIC
+#undef _STRBUF_MAGIC
#endif
#ifdef _STRBUF_MAGIC_STR
-# undef _STRBUF_MAGIC_STR
+#undef _STRBUF_MAGIC_STR
#endif
#ifdef _FUNC_EXPAND
-# undef _FUNC_EXPAND
+#undef _FUNC_EXPAND
#endif
@@ -95,80 +95,80 @@ static const char __STRBUF_MAGIC_STR[] = "Eina Strbuf";
*/
EAPI Eina_Bool
-eina_strbuf_append_printf(Eina_Strbuf *buf, const char *fmt, ...)
+eina_strbuf_append_printf(Eina_Strbuf * buf, const char *fmt, ...)
{
- va_list args;
- char *str;
- size_t len;
- Eina_Bool ret;
+ va_list args;
+ char *str;
+ size_t len;
+ Eina_Bool ret;
- va_start(args, fmt);
- len = vasprintf(&str, fmt, args);
- va_end(args);
+ va_start(args, fmt);
+ len = vasprintf(&str, fmt, args);
+ va_end(args);
- if (len <= 0 || !str)
- return EINA_FALSE;
+ if (len <= 0 || !str)
+ return EINA_FALSE;
- ret = eina_strbuf_append_length(buf, str, len);
- free(str);
- return ret;
+ ret = eina_strbuf_append_length(buf, str, len);
+ free(str);
+ return ret;
}
EAPI Eina_Bool
-eina_strbuf_append_vprintf(Eina_Strbuf *buf, const char *fmt, va_list args)
+eina_strbuf_append_vprintf(Eina_Strbuf * buf, const char *fmt,
+ va_list args)
{
- char *str;
- size_t len;
- Eina_Bool ret;
+ char *str;
+ size_t len;
+ Eina_Bool ret;
- len = vasprintf(&str, fmt, args);
+ len = vasprintf(&str, fmt, args);
- if (len <= 0 || !str)
- return EINA_FALSE;
+ if (len <= 0 || !str)
+ return EINA_FALSE;
- ret = eina_strbuf_append_length(buf, str, len);
- free(str);
- return ret;
+ ret = eina_strbuf_append_length(buf, str, len);
+ free(str);
+ return ret;
}
EAPI Eina_Bool
-eina_strbuf_insert_printf(Eina_Strbuf *buf, const char *fmt, size_t pos, ...)
+eina_strbuf_insert_printf(Eina_Strbuf * buf, const char *fmt, size_t pos,
+ ...)
{
- va_list args;
- char *str;
- size_t len;
- Eina_Bool ret;
+ va_list args;
+ char *str;
+ size_t len;
+ Eina_Bool ret;
- va_start(args, pos);
- len = vasprintf(&str, fmt, args);
- va_end(args);
+ va_start(args, pos);
+ len = vasprintf(&str, fmt, args);
+ va_end(args);
- if (len <= 0 || !str)
- return EINA_FALSE;
+ if (len <= 0 || !str)
+ return EINA_FALSE;
- ret = eina_strbuf_insert(buf, str, pos);
- free(str);
- return ret;
+ ret = eina_strbuf_insert(buf, str, pos);
+ free(str);
+ return ret;
}
EAPI Eina_Bool
-eina_strbuf_insert_vprintf(Eina_Strbuf *buf,
- const char *fmt,
- size_t pos,
- va_list args)
+eina_strbuf_insert_vprintf(Eina_Strbuf * buf,
+ const char *fmt, size_t pos, va_list args)
{
- char *str;
- size_t len;
- Eina_Bool ret;
+ char *str;
+ size_t len;
+ Eina_Bool ret;
- len = vasprintf(&str, fmt, args);
+ len = vasprintf(&str, fmt, args);
- if (len <= 0 || !str)
- return EINA_FALSE;
+ if (len <= 0 || !str)
+ return EINA_FALSE;
- ret = eina_strbuf_insert(buf, str, pos);
- free(str);
- return ret;
+ ret = eina_strbuf_insert(buf, str, pos);
+ free(str);
+ return ret;
}
/* Unicode */
diff --git a/tests/suite/ecore/src/lib/eina_strbuf_common.c b/tests/suite/ecore/src/lib/eina_strbuf_common.c
index c96e70189d..9e3c09ded1 100644
--- a/tests/suite/ecore/src/lib/eina_strbuf_common.c
+++ b/tests/suite/ecore/src/lib/eina_strbuf_common.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#define _GNU_SOURCE
@@ -9,7 +9,7 @@
#include <string.h>
#ifdef _WIN32
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_private.h"
@@ -51,10 +51,9 @@
*
* @see eina_init()
*/
-Eina_Bool
-eina_strbuf_common_init(void)
+Eina_Bool eina_strbuf_common_init(void)
{
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -68,10 +67,9 @@ eina_strbuf_common_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_strbuf_common_shutdown(void)
+Eina_Bool eina_strbuf_common_shutdown(void)
{
- return EINA_TRUE;
+ return EINA_TRUE;
}
/**
@@ -82,22 +80,20 @@ eina_strbuf_common_shutdown(void)
*
* @return #EINA_TRUE on success, #EINA_FALSE on failure.
*/
-static Eina_Bool
-_eina_strbuf_common_init(size_t csize, Eina_Strbuf *buf)
+static Eina_Bool _eina_strbuf_common_init(size_t csize, Eina_Strbuf * buf)
{
- buf->len = 0;
- buf->size = EINA_STRBUF_INIT_SIZE;
- buf->step = EINA_STRBUF_INIT_STEP;
-
- eina_error_set(0);
- buf->buf = calloc(csize, buf->size);
- if (EINA_UNLIKELY(!buf->buf))
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return EINA_FALSE;
- }
-
- return EINA_TRUE;
+ buf->len = 0;
+ buf->size = EINA_STRBUF_INIT_SIZE;
+ buf->step = EINA_STRBUF_INIT_STEP;
+
+ eina_error_set(0);
+ buf->buf = calloc(csize, buf->size);
+ if (EINA_UNLIKELY(!buf->buf)) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return EINA_FALSE;
+ }
+
+ return EINA_TRUE;
}
/**
@@ -110,48 +106,46 @@ _eina_strbuf_common_init(size_t csize, Eina_Strbuf *buf)
* @return #EINA_TRUE on success, #EINA_FALSE on failure.
*/
static inline Eina_Bool
-_eina_strbuf_common_resize(size_t csize, Eina_Strbuf *buf, size_t size)
+_eina_strbuf_common_resize(size_t csize, Eina_Strbuf * buf, size_t size)
{
- size_t new_size, new_step, delta;
- void *buffer;
-
- size += 1; // Add extra space for '\0'
-
- if (size == buf->size)
- /* nothing to do */
- return EINA_TRUE;
- else if (size > buf->size)
- delta = size - buf->size;
- else
- delta = buf->size - size;
-
- /* check if should keep the same step (just used while growing) */
- if ((delta <= buf->step) && (size > buf->size))
- new_step = buf->step;
- else
- {
- new_step = (((delta / EINA_STRBUF_INIT_STEP) + 1)
- * EINA_STRBUF_INIT_STEP);
-
- if (new_step > EINA_STRBUF_MAX_STEP)
- new_step = EINA_STRBUF_MAX_STEP;
- }
-
- new_size = (((size / new_step) + 1) * new_step);
-
- /* reallocate the buffer to the new size */
- buffer = realloc(buf->buf, new_size * csize);
- if (EINA_UNLIKELY(!buffer))
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return EINA_FALSE;
- }
-
- buf->buf = buffer;
- buf->size = new_size;
- buf->step = new_step;
- eina_error_set(0);
- return EINA_TRUE;
+ size_t new_size, new_step, delta;
+ void *buffer;
+
+ size += 1; // Add extra space for '\0'
+
+ if (size == buf->size)
+ /* nothing to do */
+ return EINA_TRUE;
+ else if (size > buf->size)
+ delta = size - buf->size;
+ else
+ delta = buf->size - size;
+
+ /* check if should keep the same step (just used while growing) */
+ if ((delta <= buf->step) && (size > buf->size))
+ new_step = buf->step;
+ else {
+ new_step = (((delta / EINA_STRBUF_INIT_STEP) + 1)
+ * EINA_STRBUF_INIT_STEP);
+
+ if (new_step > EINA_STRBUF_MAX_STEP)
+ new_step = EINA_STRBUF_MAX_STEP;
+ }
+
+ new_size = (((size / new_step) + 1) * new_step);
+
+ /* reallocate the buffer to the new size */
+ buffer = realloc(buf->buf, new_size * csize);
+ if (EINA_UNLIKELY(!buffer)) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return EINA_FALSE;
+ }
+
+ buf->buf = buffer;
+ buf->size = new_size;
+ buf->step = new_step;
+ eina_error_set(0);
+ return EINA_TRUE;
}
/**
@@ -165,12 +159,12 @@ _eina_strbuf_common_resize(size_t csize, Eina_Strbuf *buf, size_t size)
* @return #EINA_TRUE on success, #EINA_FALSE on failure.
*/
Eina_Bool
-_eina_strbuf_common_grow(size_t csize, Eina_Strbuf *buf, size_t size)
+_eina_strbuf_common_grow(size_t csize, Eina_Strbuf * buf, size_t size)
{
- if ((size + 1) < buf->size)
- return EINA_TRUE;
+ if ((size + 1) < buf->size)
+ return EINA_TRUE;
- return _eina_strbuf_common_resize(csize, buf, size);
+ return _eina_strbuf_common_resize(csize, buf, size);
}
/**
@@ -188,24 +182,23 @@ _eina_strbuf_common_grow(size_t csize, Eina_Strbuf *buf, size_t size)
*/
static inline Eina_Bool
_eina_strbuf_common_insert_length(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len,
- size_t pos)
+ Eina_Strbuf * buf,
+ const void *str, size_t len, size_t pos)
{
- if (EINA_UNLIKELY(!_eina_strbuf_common_grow(csize, buf, buf->len + len)))
- return EINA_FALSE;
+ if (EINA_UNLIKELY
+ (!_eina_strbuf_common_grow(csize, buf, buf->len + len)))
+ return EINA_FALSE;
- /* move the existing text */
- memmove(buf->buf + ((len + pos) * csize), buf->buf + (pos * csize),
- (buf->len - pos) * csize);
+ /* move the existing text */
+ memmove(buf->buf + ((len + pos) * csize), buf->buf + (pos * csize),
+ (buf->len - pos) * csize);
- /* and now insert the given string */
- memcpy(buf->buf + (pos * csize), str, len * csize);
+ /* and now insert the given string */
+ memcpy(buf->buf + (pos * csize), str, len * csize);
- buf->len += len;
- memset(buf->buf + (buf->len * csize), 0, csize);
- return EINA_TRUE;
+ buf->len += len;
+ memset(buf->buf + (buf->len * csize), 0, csize);
+ return EINA_TRUE;
}
/*============================================================================*
@@ -225,26 +218,23 @@ _eina_strbuf_common_insert_length(size_t csize,
* @see eina_strbuf_common_append()
* @see eina_strbuf_common_string_get()
*/
-Eina_Strbuf *
-eina_strbuf_common_new(size_t csize)
+Eina_Strbuf *eina_strbuf_common_new(size_t csize)
{
- Eina_Strbuf *buf;
-
- eina_error_set(0);
- buf = malloc(sizeof(Eina_Strbuf));
- if (EINA_UNLIKELY(!buf))
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
-
- if (EINA_UNLIKELY(!_eina_strbuf_common_init(csize, buf)))
- {
- eina_strbuf_common_free(buf);
- return NULL;
- }
-
- return buf;
+ Eina_Strbuf *buf;
+
+ eina_error_set(0);
+ buf = malloc(sizeof(Eina_Strbuf));
+ if (EINA_UNLIKELY(!buf)) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+
+ if (EINA_UNLIKELY(!_eina_strbuf_common_init(csize, buf))) {
+ eina_strbuf_common_free(buf);
+ return NULL;
+ }
+
+ return buf;
}
/**
@@ -255,11 +245,10 @@ eina_strbuf_common_new(size_t csize)
* This function frees the memory of @p buf. @p buf must have been
* created by eina_strbuf_common_new().
*/
-void
-eina_strbuf_common_free(Eina_Strbuf *buf)
+void eina_strbuf_common_free(Eina_Strbuf * buf)
{
- free(buf->buf);
- free(buf);
+ free(buf->buf);
+ free(buf);
}
/**
@@ -270,13 +259,12 @@ eina_strbuf_common_free(Eina_Strbuf *buf)
* This function reset @p buf: the buffer len is set to 0, and the
* string is set to '\\0'. No memory is free'd.
*/
-void
-eina_strbuf_common_reset(size_t csize, Eina_Strbuf *buf)
+void eina_strbuf_common_reset(size_t csize, Eina_Strbuf * buf)
{
- buf->len = 0;
- buf->step = EINA_STRBUF_INIT_STEP;
+ buf->len = 0;
+ buf->step = EINA_STRBUF_INIT_STEP;
- memset(buf->buf, 0, csize);
+ memset(buf->buf, 0, csize);
}
/**
@@ -297,19 +285,18 @@ eina_strbuf_common_reset(size_t csize, Eina_Strbuf *buf)
*/
Eina_Bool
eina_strbuf_common_append(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len)
+ Eina_Strbuf * buf, const void *str, size_t len)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
- if (EINA_UNLIKELY(!_eina_strbuf_common_grow(csize, buf, buf->len + len)))
- return EINA_FALSE;
+ if (EINA_UNLIKELY
+ (!_eina_strbuf_common_grow(csize, buf, buf->len + len)))
+ return EINA_FALSE;
- memcpy(buf->buf + (buf->len * csize), str, (len + 1) * csize);
- buf->len += len;
- return EINA_TRUE;
+ memcpy(buf->buf + (buf->len * csize), str, (len + 1) * csize);
+ buf->len += len;
+ return EINA_TRUE;
}
/**
@@ -335,23 +322,22 @@ eina_strbuf_common_append(size_t csize,
*/
Eina_Bool
eina_strbuf_common_append_n(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len,
- size_t maxlen)
+ Eina_Strbuf * buf,
+ const void *str, size_t len, size_t maxlen)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
- if (len > maxlen)
- len = maxlen;
+ if (len > maxlen)
+ len = maxlen;
- if (EINA_UNLIKELY(!_eina_strbuf_common_grow(csize, buf, buf->len + len)))
- return EINA_FALSE;
+ if (EINA_UNLIKELY
+ (!_eina_strbuf_common_grow(csize, buf, buf->len + len)))
+ return EINA_FALSE;
- memcpy(buf->buf + (buf->len * csize), str, len * csize);
- buf->len += len;
- memset(buf->buf + (buf->len * csize), 0, csize);
- return EINA_TRUE;
+ memcpy(buf->buf + (buf->len * csize), str, len * csize);
+ buf->len += len;
+ memset(buf->buf + (buf->len * csize), 0, csize);
+ return EINA_TRUE;
}
/**
@@ -375,19 +361,19 @@ eina_strbuf_common_append_n(size_t csize,
*/
Eina_Bool
eina_strbuf_common_append_length(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t length)
+ Eina_Strbuf * buf,
+ const void *str, size_t length)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
- if (EINA_UNLIKELY(!_eina_strbuf_common_grow(csize, buf, buf->len + length)))
- return EINA_FALSE;
+ if (EINA_UNLIKELY
+ (!_eina_strbuf_common_grow(csize, buf, buf->len + length)))
+ return EINA_FALSE;
- memcpy(buf->buf + (buf->len * csize), str, length * csize);
- buf->len += length;
- memset(buf->buf + (buf->len * csize), 0, csize);
- return EINA_TRUE;
+ memcpy(buf->buf + (buf->len * csize), str, length * csize);
+ buf->len += length;
+ memset(buf->buf + (buf->len * csize), 0, csize);
+ return EINA_TRUE;
}
/**
@@ -406,17 +392,16 @@ eina_strbuf_common_append_length(size_t csize,
*/
Eina_Bool
eina_strbuf_common_insert(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len,
- size_t pos)
+ Eina_Strbuf * buf,
+ const void *str, size_t len, size_t pos)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
- if (pos >= buf->len)
- return eina_strbuf_common_append(csize, buf, str, len);
+ if (pos >= buf->len)
+ return eina_strbuf_common_append(csize, buf, str, len);
- return _eina_strbuf_common_insert_length(csize, buf, str, len, pos);
+ return _eina_strbuf_common_insert_length(csize, buf, str, len,
+ pos);
}
/**
@@ -439,21 +424,21 @@ eina_strbuf_common_insert(size_t csize,
*/
Eina_Bool
eina_strbuf_common_insert_n(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len,
- size_t maxlen,
- size_t pos)
+ Eina_Strbuf * buf,
+ const void *str,
+ size_t len, size_t maxlen, size_t pos)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
- if (pos >= buf->len)
- return eina_strbuf_common_append_n(csize, buf, str, len, maxlen);
+ if (pos >= buf->len)
+ return eina_strbuf_common_append_n(csize, buf, str, len,
+ maxlen);
- if (len > maxlen)
- len = maxlen;
+ if (len > maxlen)
+ len = maxlen;
- return _eina_strbuf_common_insert_length(csize, buf, str, len, pos);
+ return _eina_strbuf_common_insert_length(csize, buf, str, len,
+ pos);
}
/**
@@ -478,17 +463,18 @@ eina_strbuf_common_insert_n(size_t csize,
*/
Eina_Bool
eina_strbuf_common_insert_length(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t length,
- size_t pos)
+ Eina_Strbuf * buf,
+ const void *str,
+ size_t length, size_t pos)
{
- EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
- if (pos >= buf->len)
- return eina_strbuf_common_append_length(csize, buf, str, length);
+ if (pos >= buf->len)
+ return eina_strbuf_common_append_length(csize, buf, str,
+ length);
- return _eina_strbuf_common_insert_length(csize, buf, str, length, pos);
+ return _eina_strbuf_common_insert_length(csize, buf, str, length,
+ pos);
}
/**
@@ -503,15 +489,17 @@ eina_strbuf_common_insert_length(size_t csize,
* #EINA_FALSE is returned, otherwise #EINA_TRUE is returned.
*/
Eina_Bool
-eina_strbuf_common_append_char(size_t csize, Eina_Strbuf *buf, const void *c)
+eina_strbuf_common_append_char(size_t csize, Eina_Strbuf * buf,
+ const void *c)
{
- if (EINA_UNLIKELY(!_eina_strbuf_common_grow(csize, buf, buf->len + 1)))
- return EINA_FALSE;
+ if (EINA_UNLIKELY
+ (!_eina_strbuf_common_grow(csize, buf, buf->len + 1)))
+ return EINA_FALSE;
- memcpy(buf->buf + ((buf->len)++ *csize), c, csize);
- memset(buf->buf + (buf->len * csize), 0, csize);
- return EINA_TRUE;
+ memcpy(buf->buf + ((buf->len)++ * csize), c, csize);
+ memset(buf->buf + (buf->len * csize), 0, csize);
+ return EINA_TRUE;
}
/**
@@ -529,15 +517,14 @@ eina_strbuf_common_append_char(size_t csize, Eina_Strbuf *buf, const void *c)
*/
Eina_Bool
eina_strbuf_common_insert_char(size_t csize,
- Eina_Strbuf *buf,
- const void *c,
- size_t pos)
+ Eina_Strbuf * buf,
+ const void *c, size_t pos)
{
- if (pos >= buf->len)
- return eina_strbuf_common_append_char(csize, buf, c);
+ if (pos >= buf->len)
+ return eina_strbuf_common_append_char(csize, buf, c);
- return _eina_strbuf_common_insert_length(csize, buf, c, 1, pos);
+ return _eina_strbuf_common_insert_length(csize, buf, c, 1, pos);
}
/**
@@ -556,31 +543,27 @@ eina_strbuf_common_insert_char(size_t csize,
*/
Eina_Bool
eina_strbuf_common_remove(size_t csize,
- Eina_Strbuf *buf,
- size_t start,
- size_t end)
+ Eina_Strbuf * buf, size_t start, size_t end)
{
- size_t remove_len, tail_len;
-
- if (end >= buf->len)
- end = buf->len;
-
- if (end <= start)
- return EINA_TRUE;
-
- remove_len = end - start;
- if (remove_len == buf->len)
- {
- free(buf->buf);
- return _eina_strbuf_common_init(csize, buf);
- }
-
- tail_len = buf->len - end + 1; /* includes '\0' */
- memmove(buf->buf + (start * csize),
- buf->buf + (end * csize),
- tail_len * csize);
- buf->len -= remove_len;
- return _eina_strbuf_common_resize(csize, buf, buf->len);
+ size_t remove_len, tail_len;
+
+ if (end >= buf->len)
+ end = buf->len;
+
+ if (end <= start)
+ return EINA_TRUE;
+
+ remove_len = end - start;
+ if (remove_len == buf->len) {
+ free(buf->buf);
+ return _eina_strbuf_common_init(csize, buf);
+ }
+
+ tail_len = buf->len - end + 1; /* includes '\0' */
+ memmove(buf->buf + (start * csize),
+ buf->buf + (end * csize), tail_len * csize);
+ buf->len -= remove_len;
+ return _eina_strbuf_common_resize(csize, buf, buf->len);
}
/**
@@ -596,10 +579,9 @@ eina_strbuf_common_remove(size_t csize,
*
* @see eina_strbuf_common_string_steal()
*/
-const void *
-eina_strbuf_common_string_get(const Eina_Strbuf *buf)
+const void *eina_strbuf_common_string_get(const Eina_Strbuf * buf)
{
- return buf->buf;
+ return buf->buf;
}
/**
@@ -615,15 +597,14 @@ eina_strbuf_common_string_get(const Eina_Strbuf *buf)
*
* @see eina_strbuf_common_string_get()
*/
-void *
-eina_strbuf_common_string_steal(size_t csize, Eina_Strbuf *buf)
+void *eina_strbuf_common_string_steal(size_t csize, Eina_Strbuf * buf)
{
- void *ret;
+ void *ret;
- ret = buf->buf;
- // TODO: Check return value and do something clever
- _eina_strbuf_common_init(csize, buf);
- return ret;
+ ret = buf->buf;
+ // TODO: Check return value and do something clever
+ _eina_strbuf_common_init(csize, buf);
+ return ret;
}
/**
@@ -634,11 +615,10 @@ eina_strbuf_common_string_steal(size_t csize, Eina_Strbuf *buf)
* This function frees the string contained in @p buf without freeing
* @p buf.
*/
-void
-eina_strbuf_common_string_free(size_t csize, Eina_Strbuf *buf)
+void eina_strbuf_common_string_free(size_t csize, Eina_Strbuf * buf)
{
- free(buf->buf);
- _eina_strbuf_common_init(csize, buf);
+ free(buf->buf);
+ _eina_strbuf_common_init(csize, buf);
}
/**
@@ -649,10 +629,9 @@ eina_strbuf_common_string_free(size_t csize, Eina_Strbuf *buf)
*
* This function returns the length of @p buf.
*/
-size_t
-eina_strbuf_common_length_get(const Eina_Strbuf *buf)
+size_t eina_strbuf_common_length_get(const Eina_Strbuf * buf)
{
- return buf->len;
+ return buf->len;
}
/**
@@ -674,15 +653,15 @@ eina_strbuf_common_length_get(const Eina_Strbuf *buf)
/*FIXME: Implementing them here is a hack! */
#ifdef _STRBUF_CSIZE
-# undef _STRBUF_CSIZE
+#undef _STRBUF_CSIZE
#endif
#ifdef _STRBUF_MAGIC
-# undef _STRBUF_MAGIC
+#undef _STRBUF_MAGIC
#endif
#ifdef _STRBUF_MAGIC_STR
-# undef _STRBUF_MAGIC_STR
+#undef _STRBUF_MAGIC_STR
#endif
#define _STRBUF_CSIZE 1
@@ -709,56 +688,52 @@ static const char __STRBUF_STR_MAGIC_STR[] = "Eina Strbuf";
* @p with. It returns #EINA_FALSE on failure, #EINA_TRUE otherwise.
*/
EAPI Eina_Bool
-eina_strbuf_replace(Eina_Strbuf *buf,
- const char *str,
- const char *with,
- unsigned int n)
+eina_strbuf_replace(Eina_Strbuf * buf,
+ const char *str, const char *with, unsigned int n)
{
- size_t len1, len2;
- char *spos;
- size_t pos;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL( str, EINA_FALSE);
- EINA_SAFETY_ON_NULL_RETURN_VAL(with, EINA_FALSE);
- EINA_MAGIC_CHECK_STRBUF(buf, 0);
-
- if (n == 0)
- return EINA_FALSE;
-
- spos = buf->buf;
- while (n--)
- {
- spos = strstr(spos, str);
- if (!spos || *spos == '\0')
- return EINA_FALSE;
-
- if (n)
- spos++;
- }
-
- pos = spos - (const char *)buf->buf;
- len1 = strlen(str);
- len2 = strlen(with);
- if (len1 != len2)
- {
- /* resize the buffer if necessary */
- if (EINA_UNLIKELY(!_eina_strbuf_common_grow(_STRBUF_CSIZE, buf,
- buf->len - len1 + len2)))
- {
- return EINA_FALSE; /* move the existing text */
-
- }
-
- memmove(buf->buf + pos + len2, buf->buf + pos + len1,
- buf->len - pos - len1);
- }
-
- /* and now insert the given string */
- memcpy(buf->buf + pos, with, len2);
- buf->len += len2 - len1;
- memset((char *)buf->buf + buf->len, 0, 1);
-
- return EINA_TRUE;
+ size_t len1, len2;
+ char *spos;
+ size_t pos;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(str, EINA_FALSE);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(with, EINA_FALSE);
+ EINA_MAGIC_CHECK_STRBUF(buf, 0);
+
+ if (n == 0)
+ return EINA_FALSE;
+
+ spos = buf->buf;
+ while (n--) {
+ spos = strstr(spos, str);
+ if (!spos || *spos == '\0')
+ return EINA_FALSE;
+
+ if (n)
+ spos++;
+ }
+
+ pos = spos - (const char *) buf->buf;
+ len1 = strlen(str);
+ len2 = strlen(with);
+ if (len1 != len2) {
+ /* resize the buffer if necessary */
+ if (EINA_UNLIKELY
+ (!_eina_strbuf_common_grow
+ (_STRBUF_CSIZE, buf, buf->len - len1 + len2))) {
+ return EINA_FALSE; /* move the existing text */
+
+ }
+
+ memmove(buf->buf + pos + len2, buf->buf + pos + len1,
+ buf->len - pos - len1);
+ }
+
+ /* and now insert the given string */
+ memcpy(buf->buf + pos, with, len2);
+ buf->len += len2 - len1;
+ memset((char *) buf->buf + buf->len, 0, 1);
+
+ return EINA_TRUE;
}
/**
@@ -774,87 +749,84 @@ eina_strbuf_replace(Eina_Strbuf *buf,
* has been replaced. On failure, it returns 0.
*/
EAPI int
-eina_strbuf_replace_all(Eina_Strbuf *buf, const char *str, const char *with)
+eina_strbuf_replace_all(Eina_Strbuf * buf, const char *str,
+ const char *with)
{
- size_t len1, len2, len;
- char *tmp_buf = NULL;
- char *spos;
- size_t pos, start;
- size_t pos_tmp, start_tmp;
- int n = 0;
-
- EINA_SAFETY_ON_NULL_RETURN_VAL( str, 0);
- EINA_SAFETY_ON_NULL_RETURN_VAL(with, 0);
- EINA_MAGIC_CHECK_STRBUF(buf, 0);
-
- spos = strstr(buf->buf, str);
- if (!spos || *spos == '\0')
- return 0;
-
- len1 = strlen(str);
- len2 = strlen(with);
-
- /* if the size of the two string is equal, it is fairly easy to replace them
- * we don't need to resize the buffer or doing other calculations */
- if (len1 == len2)
- {
- while (spos)
- {
- memcpy(spos, with, len2);
- spos = strstr(spos + len2, str);
- n++;
- }
- return n;
- }
-
- pos = pos_tmp = spos - (const char *)buf->buf;
- tmp_buf = buf->buf;
- buf->buf = malloc(buf->size);
- if (EINA_UNLIKELY(!buf->buf))
- {
- buf->buf = tmp_buf;
- return 0;
- }
-
- start = start_tmp = 0;
- len = buf->len;
-
- while (spos)
- {
- n++;
- len = (len + len2) - len1;
- /* resize the buffer if necessary */
- if (EINA_UNLIKELY(!_eina_strbuf_common_grow(_STRBUF_CSIZE, buf, len)))
- {
- /* we have to stop replacing here, because we haven't enough
- * memory to go on */
- len = (len + len1) - len2;
- break;
- }
-
- /* copy the untouched text */
- memcpy(buf->buf + start, tmp_buf + start_tmp, pos - start);
- /* copy the new string */
- memcpy(buf->buf + pos, with, len2);
-
- /* calculate the next positions */
- start_tmp = pos_tmp + len1;
- start = pos + len2;
- spos = strstr(tmp_buf + start_tmp, str);
- /* this calculations don't make sense if spos == NULL, but the
- * calculated values won't be used, because the loop will stop
- * then */
- pos_tmp = spos - tmp_buf;
- pos = start + pos_tmp - start_tmp;
- }
- /* and now copy the rest of the text */
- memcpy(buf->buf + start, tmp_buf + start_tmp, len - start);
- buf->len = len;
- memset((char *)buf->buf + buf->len, 0, 1);
-
- free(tmp_buf);
-
- return n;
+ size_t len1, len2, len;
+ char *tmp_buf = NULL;
+ char *spos;
+ size_t pos, start;
+ size_t pos_tmp, start_tmp;
+ int n = 0;
+
+ EINA_SAFETY_ON_NULL_RETURN_VAL(str, 0);
+ EINA_SAFETY_ON_NULL_RETURN_VAL(with, 0);
+ EINA_MAGIC_CHECK_STRBUF(buf, 0);
+
+ spos = strstr(buf->buf, str);
+ if (!spos || *spos == '\0')
+ return 0;
+
+ len1 = strlen(str);
+ len2 = strlen(with);
+
+ /* if the size of the two string is equal, it is fairly easy to replace them
+ * we don't need to resize the buffer or doing other calculations */
+ if (len1 == len2) {
+ while (spos) {
+ memcpy(spos, with, len2);
+ spos = strstr(spos + len2, str);
+ n++;
+ }
+ return n;
+ }
+
+ pos = pos_tmp = spos - (const char *) buf->buf;
+ tmp_buf = buf->buf;
+ buf->buf = malloc(buf->size);
+ if (EINA_UNLIKELY(!buf->buf)) {
+ buf->buf = tmp_buf;
+ return 0;
+ }
+
+ start = start_tmp = 0;
+ len = buf->len;
+
+ while (spos) {
+ n++;
+ len = (len + len2) - len1;
+ /* resize the buffer if necessary */
+ if (EINA_UNLIKELY
+ (!_eina_strbuf_common_grow(_STRBUF_CSIZE, buf, len))) {
+ /* we have to stop replacing here, because we haven't enough
+ * memory to go on */
+ len = (len + len1) - len2;
+ break;
+ }
+
+ /* copy the untouched text */
+ memcpy(buf->buf + start, tmp_buf + start_tmp, pos - start);
+ /* copy the new string */
+ memcpy(buf->buf + pos, with, len2);
+
+ /* calculate the next positions */
+ start_tmp = pos_tmp + len1;
+ start = pos + len2;
+ spos = strstr(tmp_buf + start_tmp, str);
+ /* this calculations don't make sense if spos == NULL, but the
+ * calculated values won't be used, because the loop will stop
+ * then */
+ pos_tmp = spos - tmp_buf;
+ pos = start + pos_tmp - start_tmp;
+ }
+ /* and now copy the rest of the text */
+ memcpy(buf->buf + start, tmp_buf + start_tmp, len - start);
+ buf->len = len;
+ memset((char *) buf->buf + buf->len, 0, 1);
+
+ free(tmp_buf);
+
+ return n;
}
/**
diff --git a/tests/suite/ecore/src/lib/eina_strbuf_common.h b/tests/suite/ecore/src/lib/eina_strbuf_common.h
index 3713f2c48a..0c38e639b1 100644
--- a/tests/suite/ecore/src/lib/eina_strbuf_common.h
+++ b/tests/suite/ecore/src/lib/eina_strbuf_common.h
@@ -7,15 +7,13 @@
#include "eina_magic.h"
#include "eina_strbuf.h"
-struct _Eina_Strbuf
-{
- void *buf;
- size_t len;
- size_t size;
- size_t step;
+struct _Eina_Strbuf {
+ void *buf;
+ size_t len;
+ size_t size;
+ size_t step;
- EINA_MAGIC
-};
+ EINA_MAGIC};
#define EINA_MAGIC_CHECK_STRBUF(d, ...) \
do { \
@@ -26,85 +24,58 @@ struct _Eina_Strbuf
} \
} while (0)
-Eina_Bool
-eina_strbuf_common_init(void);
+Eina_Bool eina_strbuf_common_init(void);
-Eina_Bool
-eina_strbuf_common_shutdown(void);
-Eina_Strbuf *
-eina_strbuf_common_new(size_t csize);
-void
-eina_strbuf_common_free(Eina_Strbuf *buf);
-void
-eina_strbuf_common_reset(size_t csize, Eina_Strbuf *buf);
+Eina_Bool eina_strbuf_common_shutdown(void);
+Eina_Strbuf *eina_strbuf_common_new(size_t csize);
+void eina_strbuf_common_free(Eina_Strbuf * buf);
+void eina_strbuf_common_reset(size_t csize, Eina_Strbuf * buf);
Eina_Bool
eina_strbuf_common_append(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len);
+ Eina_Strbuf * buf, const void *str, size_t len);
Eina_Bool
eina_strbuf_common_append_escaped(size_t csize,
- Eina_Strbuf *buf,
- const void *str);
+ Eina_Strbuf * buf, const void *str);
Eina_Bool
eina_strbuf_common_append_n(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len,
- size_t maxlen);
+ Eina_Strbuf * buf,
+ const void *str, size_t len, size_t maxlen);
Eina_Bool
eina_strbuf_common_append_length(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t length);
+ Eina_Strbuf * buf,
+ const void *str, size_t length);
Eina_Bool
eina_strbuf_common_insert(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len,
- size_t pos);
+ Eina_Strbuf * buf,
+ const void *str, size_t len, size_t pos);
Eina_Bool
eina_strbuf_common_insert_escaped(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len,
- size_t pos);
+ Eina_Strbuf * buf,
+ const void *str, size_t len, size_t pos);
Eina_Bool
eina_strbuf_common_insert_n(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t len,
- size_t maxlen,
- size_t pos);
+ Eina_Strbuf * buf,
+ const void *str,
+ size_t len, size_t maxlen, size_t pos);
Eina_Bool
eina_strbuf_common_insert_length(size_t csize,
- Eina_Strbuf *buf,
- const void *str,
- size_t length,
- size_t pos);
-Eina_Bool
-eina_strbuf_common_append_char(size_t csize, Eina_Strbuf *buf, const void *c);
-Eina_Bool
-eina_strbuf_common_insert_char(size_t csize,
- Eina_Strbuf *buf,
- const void *c,
- size_t pos);
+ Eina_Strbuf * buf,
+ const void *str,
+ size_t length, size_t pos);
Eina_Bool
-eina_strbuf_common_remove(size_t csize,
- Eina_Strbuf *buf,
- size_t start,
- size_t end);
-const void *
-eina_strbuf_common_string_get(const Eina_Strbuf *buf);
-void *
-eina_strbuf_common_string_steal(size_t csize, Eina_Strbuf *buf);
-void
-eina_strbuf_common_string_free(size_t csize, Eina_Strbuf *buf);
-size_t
-eina_strbuf_common_length_get(const Eina_Strbuf *buf);
+eina_strbuf_common_append_char(size_t csize, Eina_Strbuf * buf,
+ const void *c);
+Eina_Bool eina_strbuf_common_insert_char(size_t csize, Eina_Strbuf * buf,
+ const void *c, size_t pos);
+Eina_Bool eina_strbuf_common_remove(size_t csize, Eina_Strbuf * buf,
+ size_t start, size_t end);
+const void *eina_strbuf_common_string_get(const Eina_Strbuf * buf);
+void *eina_strbuf_common_string_steal(size_t csize, Eina_Strbuf * buf);
+void eina_strbuf_common_string_free(size_t csize, Eina_Strbuf * buf);
+size_t eina_strbuf_common_length_get(const Eina_Strbuf * buf);
Eina_Bool
-_eina_strbuf_common_grow(size_t csize, Eina_Strbuf *buf, size_t size);
+_eina_strbuf_common_grow(size_t csize, Eina_Strbuf * buf, size_t size);
/**
* @}
*/
diff --git a/tests/suite/ecore/src/lib/eina_stringshare.c b/tests/suite/ecore/src/lib/eina_stringshare.c
index 86b461725d..9269437e9d 100644
--- a/tests/suite/ecore/src/lib/eina_stringshare.c
+++ b/tests/suite/ecore/src/lib/eina_stringshare.c
@@ -30,26 +30,26 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#define _GNU_SOURCE
#ifdef HAVE_ALLOCA_H
-# include <alloca.h>
+#include <alloca.h>
#elif defined __GNUC__
-# define alloca __builtin_alloca
+#define alloca __builtin_alloca
#elif defined _AIX
-# define alloca __alloca
+#define alloca __alloca
#elif defined _MSC_VER
-# include <malloc.h>
-# define alloca _alloca
+#include <malloc.h>
+#define alloca _alloca
#else
-# include <stddef.h>
-# ifdef __cplusplus
+#include <stddef.h>
+#ifdef __cplusplus
extern "C"
-# endif
-void *alloca (size_t);
+#endif
+void *alloca(size_t);
#endif
#include <stdlib.h>
@@ -57,11 +57,11 @@ void *alloca (size_t);
#include <string.h>
#ifdef EFL_HAVE_POSIX_THREADS
-# include <pthread.h>
+#include <pthread.h>
#endif
#ifdef HAVE_EVIL
-# include <Evil.h>
+#include <Evil.h>
#endif
#include "eina_config.h"
@@ -78,436 +78,440 @@ void *alloca (size_t);
/* The actual share */
static Eina_Share *stringshare_share;
-static const char EINA_MAGIC_STRINGSHARE_NODE_STR[] = "Eina Stringshare Node";
+static const char EINA_MAGIC_STRINGSHARE_NODE_STR[] =
+ "Eina Stringshare Node";
#ifdef EFL_HAVE_THREADS
extern Eina_Bool _share_common_threads_activated;
-# ifdef EFL_HAVE_POSIX_THREADS
+#ifdef EFL_HAVE_POSIX_THREADS
static pthread_mutex_t _mutex_small = PTHREAD_MUTEX_INITIALIZER;
-# define STRINGSHARE_LOCK_SMALL() if(_share_common_threads_activated) \
+#define STRINGSHARE_LOCK_SMALL() if(_share_common_threads_activated) \
pthread_mutex_lock(&_mutex_small)
-# define STRINGSHARE_UNLOCK_SMALL() if(_share_common_threads_activated) \
+#define STRINGSHARE_UNLOCK_SMALL() if(_share_common_threads_activated) \
pthread_mutex_unlock(&_mutex_small)
-# else /* EFL_HAVE_WIN32_THREADS */
+#else /* EFL_HAVE_WIN32_THREADS */
static HANDLE _mutex_small = NULL;
-# define STRINGSHARE_LOCK_SMALL() if(_share_common_threads_activated) \
+#define STRINGSHARE_LOCK_SMALL() if(_share_common_threads_activated) \
WaitForSingleObject(_mutex_small, INFINITE)
-# define STRINGSHARE_UNLOCK_SMALL() if(_share_common_threads_activated) \
+#define STRINGSHARE_UNLOCK_SMALL() if(_share_common_threads_activated) \
ReleaseMutex(_mutex_small)
-# endif /* EFL_HAVE_WIN32_THREADS */
-#else /* EFL_HAVE_THREADS */
-# define STRINGSHARE_LOCK_SMALL() do {} while (0)
-# define STRINGSHARE_UNLOCK_SMALL() do {} while (0)
+#endif /* EFL_HAVE_WIN32_THREADS */
+#else /* EFL_HAVE_THREADS */
+#define STRINGSHARE_LOCK_SMALL() do {} while (0)
+#define STRINGSHARE_UNLOCK_SMALL() do {} while (0)
#endif
/* Stringshare optimizations */
static const unsigned char _eina_stringshare_single[512] = {
- 0,0,1,0,2,0,3,0,4,0,5,0,6,0,7,0,8,0,9,0,10,0,11,0,12,0,13,0,14,0,15,0,
- 16,0,17,0,18,0,19,0,20,0,21,0,22,0,23,0,24,0,25,0,26,0,27,0,28,0,29,0,30,0,
- 31,0,32,0,33,0,34,0,35,0,36,0,37,0,38,0,39,0,40,0,41,0,42,0,43,0,44,0,45,0,
- 46,0,47,0,48,0,49,0,50,0,51,0,52,0,53,0,54,0,55,0,56,0,57,0,58,0,59,0,60,0,
- 61,0,62,0,63,0,64,0,65,0,66,0,67,0,68,0,69,0,70,0,71,0,72,0,73,0,74,0,75,0,
- 76,0,77,0,78,0,79,0,80,0,81,0,82,0,83,0,84,0,85,0,86,0,87,0,88,0,89,0,90,0,
- 91,0,92,0,93,0,94,0,95,0,96,0,97,0,98,0,99,0,100,0,101,0,102,0,103,0,104,0,
- 105,0,
- 106,0,107,0,108,0,109,0,110,0,111,0,112,0,113,0,114,0,115,0,116,0,117,0,118,
- 0,119,0,120,0,
- 121,0,122,0,123,0,124,0,125,0,126,0,127,0,128,0,129,0,130,0,131,0,132,0,133,
- 0,134,0,135,0,
- 136,0,137,0,138,0,139,0,140,0,141,0,142,0,143,0,144,0,145,0,146,0,147,0,148,
- 0,149,0,150,0,
- 151,0,152,0,153,0,154,0,155,0,156,0,157,0,158,0,159,0,160,0,161,0,162,0,163,
- 0,164,0,165,0,
- 166,0,167,0,168,0,169,0,170,0,171,0,172,0,173,0,174,0,175,0,176,0,177,0,178,
- 0,179,0,180,0,
- 181,0,182,0,183,0,184,0,185,0,186,0,187,0,188,0,189,0,190,0,191,0,192,0,193,
- 0,194,0,195,0,
- 196,0,197,0,198,0,199,0,200,0,201,0,202,0,203,0,204,0,205,0,206,0,207,0,208,
- 0,209,0,210,0,
- 211,0,212,0,213,0,214,0,215,0,216,0,217,0,218,0,219,0,220,0,221,0,222,0,223,
- 0,224,0,225,0,
- 226,0,227,0,228,0,229,0,230,0,231,0,232,0,233,0,234,0,235,0,236,0,237,0,238,
- 0,239,0,240,0,
- 241,0,242,0,243,0,244,0,245,0,246,0,247,0,248,0,249,0,250,0,251,0,252,0,253,
- 0,254,0,255,0
+ 0, 0, 1, 0, 2, 0, 3, 0, 4, 0, 5, 0, 6, 0, 7, 0, 8, 0, 9, 0, 10, 0,
+ 11, 0, 12, 0, 13, 0, 14, 0, 15, 0,
+ 16, 0, 17, 0, 18, 0, 19, 0, 20, 0, 21, 0, 22, 0, 23, 0, 24, 0, 25,
+ 0, 26, 0, 27, 0, 28, 0, 29, 0, 30, 0,
+ 31, 0, 32, 0, 33, 0, 34, 0, 35, 0, 36, 0, 37, 0, 38, 0, 39, 0, 40,
+ 0, 41, 0, 42, 0, 43, 0, 44, 0, 45, 0,
+ 46, 0, 47, 0, 48, 0, 49, 0, 50, 0, 51, 0, 52, 0, 53, 0, 54, 0, 55,
+ 0, 56, 0, 57, 0, 58, 0, 59, 0, 60, 0,
+ 61, 0, 62, 0, 63, 0, 64, 0, 65, 0, 66, 0, 67, 0, 68, 0, 69, 0, 70,
+ 0, 71, 0, 72, 0, 73, 0, 74, 0, 75, 0,
+ 76, 0, 77, 0, 78, 0, 79, 0, 80, 0, 81, 0, 82, 0, 83, 0, 84, 0, 85,
+ 0, 86, 0, 87, 0, 88, 0, 89, 0, 90, 0,
+ 91, 0, 92, 0, 93, 0, 94, 0, 95, 0, 96, 0, 97, 0, 98, 0, 99, 0, 100,
+ 0, 101, 0, 102, 0, 103, 0, 104, 0,
+ 105, 0,
+ 106, 0, 107, 0, 108, 0, 109, 0, 110, 0, 111, 0, 112, 0, 113, 0,
+ 114, 0, 115, 0, 116, 0, 117, 0, 118,
+ 0, 119, 0, 120, 0,
+ 121, 0, 122, 0, 123, 0, 124, 0, 125, 0, 126, 0, 127, 0, 128, 0,
+ 129, 0, 130, 0, 131, 0, 132, 0, 133,
+ 0, 134, 0, 135, 0,
+ 136, 0, 137, 0, 138, 0, 139, 0, 140, 0, 141, 0, 142, 0, 143, 0,
+ 144, 0, 145, 0, 146, 0, 147, 0, 148,
+ 0, 149, 0, 150, 0,
+ 151, 0, 152, 0, 153, 0, 154, 0, 155, 0, 156, 0, 157, 0, 158, 0,
+ 159, 0, 160, 0, 161, 0, 162, 0, 163,
+ 0, 164, 0, 165, 0,
+ 166, 0, 167, 0, 168, 0, 169, 0, 170, 0, 171, 0, 172, 0, 173, 0,
+ 174, 0, 175, 0, 176, 0, 177, 0, 178,
+ 0, 179, 0, 180, 0,
+ 181, 0, 182, 0, 183, 0, 184, 0, 185, 0, 186, 0, 187, 0, 188, 0,
+ 189, 0, 190, 0, 191, 0, 192, 0, 193,
+ 0, 194, 0, 195, 0,
+ 196, 0, 197, 0, 198, 0, 199, 0, 200, 0, 201, 0, 202, 0, 203, 0,
+ 204, 0, 205, 0, 206, 0, 207, 0, 208,
+ 0, 209, 0, 210, 0,
+ 211, 0, 212, 0, 213, 0, 214, 0, 215, 0, 216, 0, 217, 0, 218, 0,
+ 219, 0, 220, 0, 221, 0, 222, 0, 223,
+ 0, 224, 0, 225, 0,
+ 226, 0, 227, 0, 228, 0, 229, 0, 230, 0, 231, 0, 232, 0, 233, 0,
+ 234, 0, 235, 0, 236, 0, 237, 0, 238,
+ 0, 239, 0, 240, 0,
+ 241, 0, 242, 0, 243, 0, 244, 0, 245, 0, 246, 0, 247, 0, 248, 0,
+ 249, 0, 250, 0, 251, 0, 252, 0, 253,
+ 0, 254, 0, 255, 0
};
typedef struct _Eina_Stringshare_Small Eina_Stringshare_Small;
-typedef struct _Eina_Stringshare_Small_Bucket Eina_Stringshare_Small_Bucket;
-
-struct _Eina_Stringshare_Small_Bucket
-{
- /* separate arrays for faster lookups */
- const char **strings;
- unsigned char *lengths;
- unsigned short *references;
- int count;
- int size;
+typedef struct _Eina_Stringshare_Small_Bucket
+ Eina_Stringshare_Small_Bucket;
+
+struct _Eina_Stringshare_Small_Bucket {
+ /* separate arrays for faster lookups */
+ const char **strings;
+ unsigned char *lengths;
+ unsigned short *references;
+ int count;
+ int size;
};
-struct _Eina_Stringshare_Small
-{
- Eina_Stringshare_Small_Bucket *buckets[256];
+struct _Eina_Stringshare_Small {
+ Eina_Stringshare_Small_Bucket *buckets[256];
};
#define EINA_STRINGSHARE_SMALL_BUCKET_STEP 8
static Eina_Stringshare_Small _eina_small_share;
static inline int
-_eina_stringshare_small_cmp(const Eina_Stringshare_Small_Bucket *bucket,
- int i,
- const char *pstr,
- unsigned char plength)
+_eina_stringshare_small_cmp(const Eina_Stringshare_Small_Bucket * bucket,
+ int i, const char *pstr, unsigned char plength)
{
- /* pstr and plength are from second char and on, since the first is
- * always the same.
- *
- * First string being always the same, size being between 2 and 3
- * characters (there is a check for special case length==1 and then
- * small stringshare is applied to strings < 4), we just need to
- * compare 2 characters of both strings.
- */
- const unsigned char cur_plength = bucket->lengths[i] - 1;
- const char *cur_pstr;
-
- if (cur_plength > plength)
- return 1;
- else if (cur_plength < plength)
- return -1;
-
- cur_pstr = bucket->strings[i] + 1;
-
- if (cur_pstr[0] > pstr[0])
- return 1;
- else if (cur_pstr[0] < pstr[0])
- return -1;
-
- if (plength == 1)
- return 0;
-
- if (cur_pstr[1] > pstr[1])
- return 1;
- else if (cur_pstr[1] < pstr[1])
- return -1;
-
- return 0;
+ /* pstr and plength are from second char and on, since the first is
+ * always the same.
+ *
+ * First string being always the same, size being between 2 and 3
+ * characters (there is a check for special case length==1 and then
+ * small stringshare is applied to strings < 4), we just need to
+ * compare 2 characters of both strings.
+ */
+ const unsigned char cur_plength = bucket->lengths[i] - 1;
+ const char *cur_pstr;
+
+ if (cur_plength > plength)
+ return 1;
+ else if (cur_plength < plength)
+ return -1;
+
+ cur_pstr = bucket->strings[i] + 1;
+
+ if (cur_pstr[0] > pstr[0])
+ return 1;
+ else if (cur_pstr[0] < pstr[0])
+ return -1;
+
+ if (plength == 1)
+ return 0;
+
+ if (cur_pstr[1] > pstr[1])
+ return 1;
+ else if (cur_pstr[1] < pstr[1])
+ return -1;
+
+ return 0;
}
-static const char *
-_eina_stringshare_small_bucket_find(const Eina_Stringshare_Small_Bucket *bucket,
- const char *str,
- unsigned char length,
- int *idx)
+static const char *_eina_stringshare_small_bucket_find(const
+ Eina_Stringshare_Small_Bucket
+ * bucket,
+ const char *str,
+ unsigned char
+ length, int *idx)
{
- const char *pstr = str + 1; /* skip first letter, it's always the same */
- unsigned char plength = length - 1;
- int i, low, high;
-
- if (bucket->count == 0)
- {
- *idx = 0;
- return NULL;
- }
-
- low = 0;
- high = bucket->count;
-
- while (low < high)
- {
- int r;
-
- i = (low + high - 1) / 2;
-
- r = _eina_stringshare_small_cmp(bucket, i, pstr, plength);
- if (r > 0)
- high = i;
- else if (r < 0)
- low = i + 1;
- else
- {
- *idx = i;
- return bucket->strings[i];
- }
- }
-
- *idx = low;
- return NULL;
+ const char *pstr = str + 1; /* skip first letter, it's always the same */
+ unsigned char plength = length - 1;
+ int i, low, high;
+
+ if (bucket->count == 0) {
+ *idx = 0;
+ return NULL;
+ }
+
+ low = 0;
+ high = bucket->count;
+
+ while (low < high) {
+ int r;
+
+ i = (low + high - 1) / 2;
+
+ r = _eina_stringshare_small_cmp(bucket, i, pstr, plength);
+ if (r > 0)
+ high = i;
+ else if (r < 0)
+ low = i + 1;
+ else {
+ *idx = i;
+ return bucket->strings[i];
+ }
+ }
+
+ *idx = low;
+ return NULL;
}
static Eina_Bool
-_eina_stringshare_small_bucket_resize(Eina_Stringshare_Small_Bucket *bucket,
- int size)
+_eina_stringshare_small_bucket_resize(Eina_Stringshare_Small_Bucket *
+ bucket, int size)
{
- void *tmp;
-
- tmp = realloc((void *)bucket->strings, size * sizeof(bucket->strings[0]));
- if (!tmp)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return 0;
- }
-
- bucket->strings = tmp;
-
- tmp = realloc(bucket->lengths, size * sizeof(bucket->lengths[0]));
- if (!tmp)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return 0;
- }
-
- bucket->lengths = tmp;
-
- tmp = realloc(bucket->references, size * sizeof(bucket->references[0]));
- if (!tmp)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return 0;
- }
-
- bucket->references = tmp;
-
- bucket->size = size;
- return 1;
+ void *tmp;
+
+ tmp =
+ realloc((void *) bucket->strings,
+ size * sizeof(bucket->strings[0]));
+ if (!tmp) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return 0;
+ }
+
+ bucket->strings = tmp;
+
+ tmp = realloc(bucket->lengths, size * sizeof(bucket->lengths[0]));
+ if (!tmp) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return 0;
+ }
+
+ bucket->lengths = tmp;
+
+ tmp =
+ realloc(bucket->references,
+ size * sizeof(bucket->references[0]));
+ if (!tmp) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return 0;
+ }
+
+ bucket->references = tmp;
+
+ bucket->size = size;
+ return 1;
}
-static const char *
-_eina_stringshare_small_bucket_insert_at(
- Eina_Stringshare_Small_Bucket **p_bucket,
- const char *str,
- unsigned char length,
- int idx)
+static const char
+ *_eina_stringshare_small_bucket_insert_at(Eina_Stringshare_Small_Bucket
+ ** p_bucket, const char *str,
+ unsigned char length,
+ int idx)
{
- Eina_Stringshare_Small_Bucket *bucket = *p_bucket;
- int todo, off;
- char *snew;
-
- if (!bucket)
- {
- *p_bucket = bucket = calloc(1, sizeof(*bucket));
- if (!bucket)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
- }
-
- if (bucket->count + 1 >= bucket->size)
- {
- int size = bucket->size + EINA_STRINGSHARE_SMALL_BUCKET_STEP;
- if (!_eina_stringshare_small_bucket_resize(bucket, size))
- return NULL;
- }
-
- snew = malloc(length + 1);
- if (!snew)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
-
- memcpy(snew, str, length);
- snew[length] = '\0';
-
- off = idx + 1;
- todo = bucket->count - idx;
- if (todo > 0)
- {
- memmove((void *)(bucket->strings + off), bucket->strings + idx,
- todo * sizeof(bucket->strings[0]));
- memmove(bucket->lengths + off, bucket->lengths + idx,
- todo * sizeof(bucket->lengths[0]));
- memmove(bucket->references + off, bucket->references + idx,
- todo * sizeof(bucket->references[0]));
- }
-
- bucket->strings[idx] = snew;
- bucket->lengths[idx] = length;
- bucket->references[idx] = 1;
- bucket->count++;
-
- return snew;
+ Eina_Stringshare_Small_Bucket *bucket = *p_bucket;
+ int todo, off;
+ char *snew;
+
+ if (!bucket) {
+ *p_bucket = bucket = calloc(1, sizeof(*bucket));
+ if (!bucket) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+ }
+
+ if (bucket->count + 1 >= bucket->size) {
+ int size =
+ bucket->size + EINA_STRINGSHARE_SMALL_BUCKET_STEP;
+ if (!_eina_stringshare_small_bucket_resize(bucket, size))
+ return NULL;
+ }
+
+ snew = malloc(length + 1);
+ if (!snew) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
+
+ memcpy(snew, str, length);
+ snew[length] = '\0';
+
+ off = idx + 1;
+ todo = bucket->count - idx;
+ if (todo > 0) {
+ memmove((void *) (bucket->strings + off),
+ bucket->strings + idx,
+ todo * sizeof(bucket->strings[0]));
+ memmove(bucket->lengths + off, bucket->lengths + idx,
+ todo * sizeof(bucket->lengths[0]));
+ memmove(bucket->references + off, bucket->references + idx,
+ todo * sizeof(bucket->references[0]));
+ }
+
+ bucket->strings[idx] = snew;
+ bucket->lengths[idx] = length;
+ bucket->references[idx] = 1;
+ bucket->count++;
+
+ return snew;
}
static void
-_eina_stringshare_small_bucket_remove_at(
- Eina_Stringshare_Small_Bucket **p_bucket,
- int idx)
+_eina_stringshare_small_bucket_remove_at(Eina_Stringshare_Small_Bucket **
+ p_bucket, int idx)
{
- Eina_Stringshare_Small_Bucket *bucket = *p_bucket;
- int todo, off;
-
- if (bucket->references[idx] > 1)
- {
- bucket->references[idx]--;
- return;
- }
-
- free((char *)bucket->strings[idx]);
-
- if (bucket->count == 1)
- {
- free((void *)bucket->strings);
- free(bucket->lengths);
- free(bucket->references);
- free(bucket);
- *p_bucket = NULL;
- return;
- }
-
- bucket->count--;
- if (idx == bucket->count)
- goto end;
-
- off = idx + 1;
- todo = bucket->count - idx;
-
- memmove((void *)(bucket->strings + idx), bucket->strings + off,
- todo * sizeof(bucket->strings[0]));
- memmove(bucket->lengths + idx, bucket->lengths + off,
- todo * sizeof(bucket->lengths[0]));
- memmove(bucket->references + idx, bucket->references + off,
- todo * sizeof(bucket->references[0]));
-
-end:
- if (bucket->count + EINA_STRINGSHARE_SMALL_BUCKET_STEP < bucket->size)
- {
- int size = bucket->size - EINA_STRINGSHARE_SMALL_BUCKET_STEP;
- _eina_stringshare_small_bucket_resize(bucket, size);
- }
+ Eina_Stringshare_Small_Bucket *bucket = *p_bucket;
+ int todo, off;
+
+ if (bucket->references[idx] > 1) {
+ bucket->references[idx]--;
+ return;
+ }
+
+ free((char *) bucket->strings[idx]);
+
+ if (bucket->count == 1) {
+ free((void *) bucket->strings);
+ free(bucket->lengths);
+ free(bucket->references);
+ free(bucket);
+ *p_bucket = NULL;
+ return;
+ }
+
+ bucket->count--;
+ if (idx == bucket->count)
+ goto end;
+
+ off = idx + 1;
+ todo = bucket->count - idx;
+
+ memmove((void *) (bucket->strings + idx), bucket->strings + off,
+ todo * sizeof(bucket->strings[0]));
+ memmove(bucket->lengths + idx, bucket->lengths + off,
+ todo * sizeof(bucket->lengths[0]));
+ memmove(bucket->references + idx, bucket->references + off,
+ todo * sizeof(bucket->references[0]));
+
+ end:
+ if (bucket->count + EINA_STRINGSHARE_SMALL_BUCKET_STEP <
+ bucket->size) {
+ int size =
+ bucket->size - EINA_STRINGSHARE_SMALL_BUCKET_STEP;
+ _eina_stringshare_small_bucket_resize(bucket, size);
+ }
}
-static const char *
-_eina_stringshare_small_add(const char *str, unsigned char length)
+static const char *_eina_stringshare_small_add(const char *str,
+ unsigned char length)
{
- Eina_Stringshare_Small_Bucket **bucket;
- int i;
-
- bucket = _eina_small_share.buckets + (unsigned char)str[0];
- if (!*bucket)
- i = 0;
- else
- {
- const char *ret;
- ret = _eina_stringshare_small_bucket_find(*bucket, str, length, &i);
- if (ret)
- {
- (*bucket)->references[i]++;
- return ret;
- }
- }
-
- return _eina_stringshare_small_bucket_insert_at(bucket, str, length, i);
+ Eina_Stringshare_Small_Bucket **bucket;
+ int i;
+
+ bucket = _eina_small_share.buckets + (unsigned char) str[0];
+ if (!*bucket)
+ i = 0;
+ else {
+ const char *ret;
+ ret =
+ _eina_stringshare_small_bucket_find(*bucket, str,
+ length, &i);
+ if (ret) {
+ (*bucket)->references[i]++;
+ return ret;
+ }
+ }
+
+ return _eina_stringshare_small_bucket_insert_at(bucket, str,
+ length, i);
}
static void
_eina_stringshare_small_del(const char *str, unsigned char length)
{
- Eina_Stringshare_Small_Bucket **bucket;
- const char *ret;
- int i;
+ Eina_Stringshare_Small_Bucket **bucket;
+ const char *ret;
+ int i;
- bucket = _eina_small_share.buckets + (unsigned char)str[0];
- if (!*bucket)
- goto error;
+ bucket = _eina_small_share.buckets + (unsigned char) str[0];
+ if (!*bucket)
+ goto error;
- ret = _eina_stringshare_small_bucket_find(*bucket, str, length, &i);
- if (!ret)
- goto error;
+ ret =
+ _eina_stringshare_small_bucket_find(*bucket, str, length, &i);
+ if (!ret)
+ goto error;
- _eina_stringshare_small_bucket_remove_at(bucket, i);
- return;
+ _eina_stringshare_small_bucket_remove_at(bucket, i);
+ return;
-error:
- CRITICAL("EEEK trying to del non-shared stringshare \"%s\"", str);
+ error:
+ CRITICAL("EEEK trying to del non-shared stringshare \"%s\"", str);
}
-static void
-_eina_stringshare_small_init(void)
+static void _eina_stringshare_small_init(void)
{
- memset(&_eina_small_share, 0, sizeof(_eina_small_share));
+ memset(&_eina_small_share, 0, sizeof(_eina_small_share));
}
-static void
-_eina_stringshare_small_shutdown(void)
+static void _eina_stringshare_small_shutdown(void)
{
- Eina_Stringshare_Small_Bucket **p_bucket, **p_bucket_end;
-
- p_bucket = _eina_small_share.buckets;
- p_bucket_end = p_bucket + 256;
-
- for (; p_bucket < p_bucket_end; p_bucket++)
- {
- Eina_Stringshare_Small_Bucket *bucket = *p_bucket;
- char **s, **s_end;
-
- if (!bucket)
- continue;
-
- s = (char **)bucket->strings;
- s_end = s + bucket->count;
- for (; s < s_end; s++)
- free(*s);
-
- free((void *)bucket->strings);
- free(bucket->lengths);
- free(bucket->references);
- free(bucket);
- *p_bucket = NULL;
- }
+ Eina_Stringshare_Small_Bucket **p_bucket, **p_bucket_end;
+
+ p_bucket = _eina_small_share.buckets;
+ p_bucket_end = p_bucket + 256;
+
+ for (; p_bucket < p_bucket_end; p_bucket++) {
+ Eina_Stringshare_Small_Bucket *bucket = *p_bucket;
+ char **s, **s_end;
+
+ if (!bucket)
+ continue;
+
+ s = (char **) bucket->strings;
+ s_end = s + bucket->count;
+ for (; s < s_end; s++)
+ free(*s);
+
+ free((void *) bucket->strings);
+ free(bucket->lengths);
+ free(bucket->references);
+ free(bucket);
+ *p_bucket = NULL;
+ }
}
static void
-_eina_stringshare_small_bucket_dump(Eina_Stringshare_Small_Bucket *bucket,
- struct dumpinfo *di)
+_eina_stringshare_small_bucket_dump(Eina_Stringshare_Small_Bucket * bucket,
+ struct dumpinfo *di)
{
- const char **s = bucket->strings;
- unsigned char *l = bucket->lengths;
- unsigned short *r = bucket->references;
- int i;
-
- di->used += sizeof(*bucket);
- di->used += bucket->count * sizeof(*s);
- di->used += bucket->count * sizeof(*l);
- di->used += bucket->count * sizeof(*r);
- di->unique += bucket->count;
-
- for (i = 0; i < bucket->count; i++, s++, l++, r++)
- {
- int dups;
+ const char **s = bucket->strings;
+ unsigned char *l = bucket->lengths;
+ unsigned short *r = bucket->references;
+ int i;
+
+ di->used += sizeof(*bucket);
+ di->used += bucket->count * sizeof(*s);
+ di->used += bucket->count * sizeof(*l);
+ di->used += bucket->count * sizeof(*r);
+ di->unique += bucket->count;
+
+ for (i = 0; i < bucket->count; i++, s++, l++, r++) {
+ int dups;
#ifdef _WIN32
- printf("DDD: %5hu %5hu '%s'\n", *l, *r, *s);
+ printf("DDD: %5hu %5hu '%s'\n", *l, *r, *s);
#else
- printf("DDD: %5hhu %5hu '%s'\n", *l, *r, *s);
+ printf("DDD: %5hhu %5hu '%s'\n", *l, *r, *s);
#endif
- dups = (*r - 1);
+ dups = (*r - 1);
- di->used += *l;
- di->saved += *l * dups;
- di->dups += dups;
- }
+ di->used += *l;
+ di->saved += *l * dups;
+ di->dups += dups;
+ }
}
-static void
-_eina_stringshare_small_dump(struct dumpinfo *di)
+static void _eina_stringshare_small_dump(struct dumpinfo *di)
{
- Eina_Stringshare_Small_Bucket **p_bucket, **p_bucket_end;
+ Eina_Stringshare_Small_Bucket **p_bucket, **p_bucket_end;
- p_bucket = _eina_small_share.buckets;
- p_bucket_end = p_bucket + 256;
+ p_bucket = _eina_small_share.buckets;
+ p_bucket_end = p_bucket + 256;
- for (; p_bucket < p_bucket_end; p_bucket++)
- {
- Eina_Stringshare_Small_Bucket *bucket = *p_bucket;
+ for (; p_bucket < p_bucket_end; p_bucket++) {
+ Eina_Stringshare_Small_Bucket *bucket = *p_bucket;
- if (!bucket)
- continue;
+ if (!bucket)
+ continue;
- _eina_stringshare_small_bucket_dump(bucket, di);
- }
+ _eina_stringshare_small_bucket_dump(bucket, di);
+ }
}
@@ -526,17 +530,16 @@ _eina_stringshare_small_dump(struct dumpinfo *di)
*
* @see eina_init()
*/
-Eina_Bool
-eina_stringshare_init(void)
+Eina_Bool eina_stringshare_init(void)
{
- Eina_Bool ret;
- ret = eina_share_common_init(&stringshare_share,
- EINA_MAGIC_STRINGSHARE_NODE,
- EINA_MAGIC_STRINGSHARE_NODE_STR);
- if (ret)
- _eina_stringshare_small_init();
-
- return ret;
+ Eina_Bool ret;
+ ret = eina_share_common_init(&stringshare_share,
+ EINA_MAGIC_STRINGSHARE_NODE,
+ EINA_MAGIC_STRINGSHARE_NODE_STR);
+ if (ret)
+ _eina_stringshare_small_init();
+
+ return ret;
}
/**
@@ -550,13 +553,12 @@ eina_stringshare_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_stringshare_shutdown(void)
+Eina_Bool eina_stringshare_shutdown(void)
{
- Eina_Bool ret;
- _eina_stringshare_small_shutdown();
- ret = eina_share_common_shutdown(&stringshare_share);
- return ret;
+ Eina_Bool ret;
+ _eina_stringshare_small_shutdown();
+ ret = eina_share_common_shutdown(&stringshare_share);
+ return ret;
}
/*============================================================================*
@@ -600,38 +602,36 @@ eina_stringshare_shutdown(void)
* Note that if the given pointer is not shared or NULL, bad things
* will happen, likely a segmentation fault.
*/
-EAPI void
-eina_stringshare_del(const char *str)
+EAPI void eina_stringshare_del(const char *str)
{
- int slen;
- DBG("str=%p (%s)", str, str ? str : "");
- if (!str)
- return;
-
- /* special cases */
- if (str[0] == '\0')
- slen = 0;
- else if (str[1] == '\0')
- slen = 1;
- else if (str[2] == '\0')
- slen = 2;
- else if (str[3] == '\0')
- slen = 3;
- else
- slen = 4; /* handled later */
-
- if (slen < 2)
- return;
- else if (slen < 4)
- {
- eina_share_common_population_del(stringshare_share, slen);
- STRINGSHARE_LOCK_SMALL();
- _eina_stringshare_small_del(str, slen);
- STRINGSHARE_UNLOCK_SMALL();
- return;
- }
-
- eina_share_common_del(stringshare_share, str);
+ int slen;
+ DBG("str=%p (%s)", str, str ? str : "");
+ if (!str)
+ return;
+
+ /* special cases */
+ if (str[0] == '\0')
+ slen = 0;
+ else if (str[1] == '\0')
+ slen = 1;
+ else if (str[2] == '\0')
+ slen = 2;
+ else if (str[3] == '\0')
+ slen = 3;
+ else
+ slen = 4; /* handled later */
+
+ if (slen < 2)
+ return;
+ else if (slen < 4) {
+ eina_share_common_population_del(stringshare_share, slen);
+ STRINGSHARE_LOCK_SMALL();
+ _eina_stringshare_small_del(str, slen);
+ STRINGSHARE_UNLOCK_SMALL();
+ return;
+ }
+
+ eina_share_common_del(stringshare_share, str);
}
/**
@@ -654,27 +654,27 @@ eina_stringshare_del(const char *str)
*
* @see eina_share_common_add()
*/
-EAPI const char *
-eina_stringshare_add_length(const char *str, unsigned int slen)
+EAPI const char *eina_stringshare_add_length(const char *str,
+ unsigned int slen)
{
- DBG("str=%p (%.*s), slen=%u", str, slen, str ? str : "", slen);
-
- if (slen <= 0)
- return "";
- else if (slen == 1)
- return (const char *)_eina_stringshare_single + ((*str) << 1);
- else if (slen < 4)
- {
- const char *s;
-
- STRINGSHARE_LOCK_SMALL();
- s = _eina_stringshare_small_add(str, slen);
- STRINGSHARE_UNLOCK_SMALL();
- return s;
- }
-
- return eina_share_common_add_length(stringshare_share, str, slen *
- sizeof(char), sizeof(char));
+ DBG("str=%p (%.*s), slen=%u", str, slen, str ? str : "", slen);
+
+ if (slen <= 0)
+ return "";
+ else if (slen == 1)
+ return (const char *) _eina_stringshare_single +
+ ((*str) << 1);
+ else if (slen < 4) {
+ const char *s;
+
+ STRINGSHARE_LOCK_SMALL();
+ s = _eina_stringshare_small_add(str, slen);
+ STRINGSHARE_UNLOCK_SMALL();
+ return s;
+ }
+
+ return eina_share_common_add_length(stringshare_share, str, slen *
+ sizeof(char), sizeof(char));
}
/**
@@ -696,25 +696,24 @@ eina_stringshare_add_length(const char *str, unsigned int slen)
*
* @see eina_stringshare_add_length()
*/
-EAPI const char *
-eina_stringshare_add(const char *str)
+EAPI const char *eina_stringshare_add(const char *str)
{
- int slen;
- if (!str)
- return NULL;
-
- if (str[0] == '\0')
- slen = 0;
- else if (str[1] == '\0')
- slen = 1;
- else if (str[2] == '\0')
- slen = 2;
- else if (str[3] == '\0')
- slen = 3;
- else
- slen = 3 + (int)strlen(str + 3);
-
- return eina_stringshare_add_length(str, slen);
+ int slen;
+ if (!str)
+ return NULL;
+
+ if (str[0] == '\0')
+ slen = 0;
+ else if (str[1] == '\0')
+ slen = 1;
+ else if (str[2] == '\0')
+ slen = 2;
+ else if (str[3] == '\0')
+ slen = 3;
+ else
+ slen = 3 + (int) strlen(str + 3);
+
+ return eina_stringshare_add_length(str, slen);
}
/**
@@ -737,28 +736,27 @@ eina_stringshare_add(const char *str)
*
* @see eina_stringshare_nprintf()
*/
-EAPI const char *
-eina_stringshare_printf(const char *fmt, ...)
+EAPI const char *eina_stringshare_printf(const char *fmt, ...)
{
- va_list args;
- char *tmp;
- const char *ret;
- int len;
+ va_list args;
+ char *tmp;
+ const char *ret;
+ int len;
- if (!fmt)
- return NULL;
+ if (!fmt)
+ return NULL;
- va_start(args, fmt);
- len = vasprintf(&tmp, fmt, args);
- va_end(args);
+ va_start(args, fmt);
+ len = vasprintf(&tmp, fmt, args);
+ va_end(args);
- if (len < 1)
- return NULL;
+ if (len < 1)
+ return NULL;
- ret = eina_stringshare_add_length(tmp, len);
- free(tmp);
+ ret = eina_stringshare_add_length(tmp, len);
+ free(tmp);
- return ret;
+ return ret;
}
/**
@@ -782,25 +780,24 @@ eina_stringshare_printf(const char *fmt, ...)
*
* @see eina_stringshare_nprintf()
*/
-EAPI const char *
-eina_stringshare_vprintf(const char *fmt, va_list args)
+EAPI const char *eina_stringshare_vprintf(const char *fmt, va_list args)
{
- char *tmp;
- const char *ret;
- int len;
+ char *tmp;
+ const char *ret;
+ int len;
- if (!fmt)
- return NULL;
+ if (!fmt)
+ return NULL;
- len = vasprintf(&tmp, fmt, args);
+ len = vasprintf(&tmp, fmt, args);
- if (len < 1)
- return NULL;
+ if (len < 1)
+ return NULL;
- ret = eina_stringshare_add_length(tmp, len);
- free(tmp);
+ ret = eina_stringshare_add_length(tmp, len);
+ free(tmp);
- return ret;
+ return ret;
}
/**
@@ -822,29 +819,29 @@ eina_stringshare_vprintf(const char *fmt, va_list args)
*
* @see eina_stringshare_printf()
*/
-EAPI const char *
-eina_stringshare_nprintf(unsigned int len, const char *fmt, ...)
+EAPI const char *eina_stringshare_nprintf(unsigned int len,
+ const char *fmt, ...)
{
- va_list args;
- char *tmp;
- int size;
+ va_list args;
+ char *tmp;
+ int size;
- if (!fmt)
- return NULL;
+ if (!fmt)
+ return NULL;
- if (len < 1)
- return NULL;
+ if (len < 1)
+ return NULL;
- tmp = alloca(sizeof(char) * len + 1);
+ tmp = alloca(sizeof(char) * len + 1);
- va_start(args, fmt);
- size = vsnprintf(tmp, len, fmt, args);
- va_end(args);
+ va_start(args, fmt);
+ size = vsnprintf(tmp, len, fmt, args);
+ va_end(args);
- if (size < 1)
- return NULL;
+ if (size < 1)
+ return NULL;
- return eina_stringshare_add_length(tmp, len);
+ return eina_stringshare_add_length(tmp, len);
}
/**
@@ -861,46 +858,42 @@ eina_stringshare_nprintf(unsigned int len, const char *fmt, ...)
*
* There is no unref since this is the work of eina_share_common_del().
*/
-EAPI const char *
-eina_stringshare_ref(const char *str)
+EAPI const char *eina_stringshare_ref(const char *str)
{
- int slen;
- DBG("str=%p (%s)", str, str ? str : "");
-
- if (!str)
- return eina_share_common_ref(stringshare_share, str);
-
- /* special cases */
- if (str[0] == '\0')
- slen = 0;
- else if (str[1] == '\0')
- slen = 1;
- else if (str[2] == '\0')
- slen = 2;
- else if (str[3] == '\0')
- slen = 3;
- else
- slen = 3 + (int)strlen(str + 3);
-
- if (slen < 2)
- {
- eina_share_common_population_add(stringshare_share, slen);
-
- return str;
- }
- else if (slen < 4)
- {
- const char *s;
- eina_share_common_population_add(stringshare_share, slen);
-
- STRINGSHARE_LOCK_SMALL();
- s = _eina_stringshare_small_add(str, slen);
- STRINGSHARE_UNLOCK_SMALL();
-
- return s;
- }
-
- return eina_share_common_ref(stringshare_share, str);
+ int slen;
+ DBG("str=%p (%s)", str, str ? str : "");
+
+ if (!str)
+ return eina_share_common_ref(stringshare_share, str);
+
+ /* special cases */
+ if (str[0] == '\0')
+ slen = 0;
+ else if (str[1] == '\0')
+ slen = 1;
+ else if (str[2] == '\0')
+ slen = 2;
+ else if (str[3] == '\0')
+ slen = 3;
+ else
+ slen = 3 + (int) strlen(str + 3);
+
+ if (slen < 2) {
+ eina_share_common_population_add(stringshare_share, slen);
+
+ return str;
+ } else if (slen < 4) {
+ const char *s;
+ eina_share_common_population_add(stringshare_share, slen);
+
+ STRINGSHARE_LOCK_SMALL();
+ s = _eina_stringshare_small_add(str, slen);
+ STRINGSHARE_UNLOCK_SMALL();
+
+ return s;
+ }
+
+ return eina_share_common_ref(stringshare_share, str);
}
/**
@@ -914,26 +907,27 @@ eina_stringshare_ref(const char *str)
* things will happen, likely a segmentation fault. If in doubt, try
* strlen().
*/
-EAPI int
-eina_stringshare_strlen(const char *str)
+EAPI int eina_stringshare_strlen(const char *str)
{
- int len;
- /* special cases */
- if (str[0] == '\0')
- return 0;
+ int len;
+ /* special cases */
+ if (str[0] == '\0')
+ return 0;
- if (str[1] == '\0')
- return 1;
+ if (str[1] == '\0')
+ return 1;
- if (str[2] == '\0')
- return 2;
+ if (str[2] == '\0')
+ return 2;
- if (str[3] == '\0')
- return 3;
+ if (str[3] == '\0')
+ return 3;
- len = eina_share_common_length(stringshare_share, (const char *)str);
- len = (len > 0) ? len / (int)sizeof(char) : -1;
- return len;
+ len =
+ eina_share_common_length(stringshare_share,
+ (const char *) str);
+ len = (len > 0) ? len / (int) sizeof(char) : -1;
+ return len;
}
/**
@@ -942,15 +936,13 @@ eina_stringshare_strlen(const char *str)
* This function dumps all strings in the share_common to stdout with a
* DDD: prefix per line and a memory usage summary.
*/
-EAPI void
-eina_stringshare_dump(void)
+EAPI void eina_stringshare_dump(void)
{
- eina_share_common_dump(stringshare_share,
- _eina_stringshare_small_dump,
- sizeof(_eina_stringshare_single));
+ eina_share_common_dump(stringshare_share,
+ _eina_stringshare_small_dump,
+ sizeof(_eina_stringshare_single));
}
/**
* @}
*/
-
diff --git a/tests/suite/ecore/src/lib/eina_tiler.c b/tests/suite/ecore/src/lib/eina_tiler.c
index 2d263b7a15..5d31aba6cf 100644
--- a/tests/suite/ecore/src/lib/eina_tiler.c
+++ b/tests/suite/ecore/src/lib/eina_tiler.c
@@ -23,7 +23,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <stdlib.h>
@@ -44,45 +44,39 @@ typedef struct list list_t;
typedef struct rect rect_t;
typedef struct rect_node rect_node_t;
-struct list_node
-{
- struct list_node *next;
+struct list_node {
+ struct list_node *next;
};
-struct list
-{
- struct list_node *head;
- struct list_node *tail;
+struct list {
+ struct list_node *head;
+ struct list_node *tail;
};
-struct rect
-{
- short right;
- short bottom;
- short left;
- short top;
- short width;
- short height;
- int area;
+struct rect {
+ short right;
+ short bottom;
+ short left;
+ short top;
+ short width;
+ short height;
+ int area;
};
-struct rect_node
-{
- struct list_node _lst;
- struct rect rect;
+struct rect_node {
+ struct list_node _lst;
+ struct rect rect;
};
-typedef struct splitter
-{
- Eina_Bool need_merge;
- list_t rects;
+typedef struct splitter {
+ Eina_Bool need_merge;
+ list_t rects;
} splitter_t;
-typedef struct list_node_pool
-{
- list_node_t *node;
- int len;
- int max;
+typedef struct list_node_pool {
+ list_node_t *node;
+ int len;
+ int max;
} list_node_pool_t;
@@ -91,23 +85,18 @@ static const list_t list_zeroed = { NULL, NULL };
static list_node_pool_t list_node_pool = { NULL, 0, 1024 };
-typedef struct _Eina_Iterator_Tiler
-{
- Eina_Iterator iterator;
- const Eina_Tiler *tiler;
- list_node_t *curr;
- EINA_MAGIC
-} Eina_Iterator_Tiler;
+typedef struct _Eina_Iterator_Tiler {
+ Eina_Iterator iterator;
+ const Eina_Tiler *tiler;
+ list_node_t *curr;
+ EINA_MAGIC} Eina_Iterator_Tiler;
-struct _Eina_Tiler
-{
- struct
- {
- int w, h;
- } tile;
- Eina_Rectangle area;
- EINA_MAGIC
- splitter_t splitter;
+struct _Eina_Tiler {
+ struct {
+ int w, h;
+ } tile;
+ Eina_Rectangle area;
+ EINA_MAGIC splitter_t splitter;
};
#define EINA_MAGIC_CHECK_TILER(d, ...) \
@@ -130,976 +119,919 @@ struct _Eina_Tiler
} while(0)
/* The Splitter algorithm */
-static inline void rect_init(rect_t *r, int x, int y, int w, int h)
+static inline void rect_init(rect_t * r, int x, int y, int w, int h)
{
- r->area = w * h;
+ r->area = w * h;
- r->left = x;
- r->top = y;
+ r->left = x;
+ r->top = y;
- r->right = x + w;
- r->bottom = y + h;
+ r->right = x + w;
+ r->bottom = y + h;
- r->width = w;
- r->height = h;
+ r->width = w;
+ r->height = h;
}
-static inline list_node_t *
-rect_list_node_pool_get(void)
+static inline list_node_t *rect_list_node_pool_get(void)
{
- if (list_node_pool.node)
- {
- list_node_t *node;
-
- node = list_node_pool.node;
- list_node_pool.node = node->next;
- list_node_pool.len--;
-
- return node;
- }
- else
- return malloc(sizeof(rect_node_t));
+ if (list_node_pool.node) {
+ list_node_t *node;
+
+ node = list_node_pool.node;
+ list_node_pool.node = node->next;
+ list_node_pool.len--;
+
+ return node;
+ } else
+ return malloc(sizeof(rect_node_t));
}
-static inline void rect_list_concat(list_t *rects, list_t *other)
+static inline void rect_list_concat(list_t * rects, list_t * other)
{
- if (!other->head)
- return;
-
- if (rects->tail)
- {
- rects->tail->next = other->head;
- rects->tail = other->tail;
- }
- else
- {
- rects->head = other->head;
- rects->tail = other->tail;
- }
-
- *other = list_zeroed;
+ if (!other->head)
+ return;
+
+ if (rects->tail) {
+ rects->tail->next = other->head;
+ rects->tail = other->tail;
+ } else {
+ rects->head = other->head;
+ rects->tail = other->tail;
+ }
+
+ *other = list_zeroed;
}
-static inline void rect_list_append_node(list_t *rects, list_node_t *node)
+static inline void rect_list_append_node(list_t * rects,
+ list_node_t * node)
{
- if (rects->tail)
- {
- rects->tail->next = node;
- rects->tail = node;
- }
- else
- {
- rects->head = node;
- rects->tail = node;
- }
+ if (rects->tail) {
+ rects->tail->next = node;
+ rects->tail = node;
+ } else {
+ rects->head = node;
+ rects->tail = node;
+ }
}
-static inline void rect_list_append(list_t *rects, const rect_t r)
+static inline void rect_list_append(list_t * rects, const rect_t r)
{
- rect_node_t *rect_node;
+ rect_node_t *rect_node;
- rect_node = (rect_node_t *)rect_list_node_pool_get();
- rect_node->rect = r;
- rect_node->_lst = list_node_zeroed;
+ rect_node = (rect_node_t *) rect_list_node_pool_get();
+ rect_node->rect = r;
+ rect_node->_lst = list_node_zeroed;
- rect_list_append_node(rects, (list_node_t *)rect_node);
+ rect_list_append_node(rects, (list_node_t *) rect_node);
}
-static inline void rect_list_append_xywh(list_t *rects,
- int x,
- int y,
- int w,
- int h)
+static inline void rect_list_append_xywh(list_t * rects,
+ int x, int y, int w, int h)
{
- rect_t r;
+ rect_t r;
- rect_init(&r, x, y, w, h);
- rect_list_append(rects, r);
+ rect_init(&r, x, y, w, h);
+ rect_list_append(rects, r);
}
static inline void _calc_intra_rect_area(const rect_t a, const rect_t b,
- int *width, int *height)
+ int *width, int *height)
{
- int max_left, min_right, max_top, min_bottom;
+ int max_left, min_right, max_top, min_bottom;
- if (a.left < b.left)
- max_left = b.left;
- else
- max_left = a.left;
+ if (a.left < b.left)
+ max_left = b.left;
+ else
+ max_left = a.left;
- if (a.right < b.right)
- min_right = a.right;
- else
- min_right = b.right;
+ if (a.right < b.right)
+ min_right = a.right;
+ else
+ min_right = b.right;
- *width = min_right - max_left;
+ *width = min_right - max_left;
- if (a.top < b.top)
- max_top = b.top;
- else
- max_top = a.top;
+ if (a.top < b.top)
+ max_top = b.top;
+ else
+ max_top = a.top;
- if (a.bottom < b.bottom)
- min_bottom = a.bottom;
- else
- min_bottom = b.bottom;
+ if (a.bottom < b.bottom)
+ min_bottom = a.bottom;
+ else
+ min_bottom = b.bottom;
- *height = min_bottom - max_top;
+ *height = min_bottom - max_top;
}
-static inline void _split_strict(list_t *dirty, const rect_t current, rect_t r)
+static inline void _split_strict(list_t * dirty, const rect_t current,
+ rect_t r)
{
- int h_1, h_2, w_1, w_2;
-
- h_1 = current.top - r.top;
- h_2 = r.bottom - current.bottom;
- w_1 = current.left - r.left;
- w_2 = r.right - current.right;
-
- if (h_1 > 0)
- {
- /* .--.r (b) .---.r2
- * | | | |
- * .-------.cur (a) .---.r '---'
- * | | | | -> | | +
- * | `--' | `---'
- * `-------'
- */
- rect_list_append_xywh(dirty, r.left, r.top, r.width, h_1);
- r.height -= h_1;
- r.top = current.top;
- }
-
- if (h_2 > 0)
- {
- /* .-------.cur (a)
- * | .---. | .---.r
- * | | | | -> | |
- * `-------' `---' + .---.r2
- * | | | |
- * `---'r (b) `---'
- */
- rect_list_append_xywh(dirty, r.left, current.bottom, r.width,
- h_2);
- r.height -= h_2;
- }
-
- if (w_1 > 0)
- /* (b) r .----.cur (a)
- * .--|-. | .--.r2 .-.r
- * | | | | -> | | + | |
- * `--|-' | `--' `-'
- * `----'
- */
- rect_list_append_xywh(dirty, r.left, r.top, w_1, r.height); /* not necessary to keep these, r (b) will be destroyed */
-
- /* r.width -= w_1; */
- /* r.left = current.left; */
-
- if (w_2 > 0)
- /* .----.cur (a)
- * | |
- * | .-|--.r (b) .-.r .--.r2
- * | | | | -> | | + | |
- * | `-|--' `-' `--'
- * `----'
- */
- rect_list_append_xywh(dirty, current.right, r.top, w_2,
- r.height); /* not necessary to keep this, r (b) will be destroyed */
-
- /* r.width -= w_2; */
+ int h_1, h_2, w_1, w_2;
+
+ h_1 = current.top - r.top;
+ h_2 = r.bottom - current.bottom;
+ w_1 = current.left - r.left;
+ w_2 = r.right - current.right;
+
+ if (h_1 > 0) {
+ /* .--.r (b) .---.r2
+ * | | | |
+ * .-------.cur (a) .---.r '---'
+ * | | | | -> | | +
+ * | `--' | `---'
+ * `-------'
+ */
+ rect_list_append_xywh(dirty, r.left, r.top, r.width, h_1);
+ r.height -= h_1;
+ r.top = current.top;
+ }
+
+ if (h_2 > 0) {
+ /* .-------.cur (a)
+ * | .---. | .---.r
+ * | | | | -> | |
+ * `-------' `---' + .---.r2
+ * | | | |
+ * `---'r (b) `---'
+ */
+ rect_list_append_xywh(dirty, r.left, current.bottom,
+ r.width, h_2);
+ r.height -= h_2;
+ }
+
+ if (w_1 > 0)
+ /* (b) r .----.cur (a)
+ * .--|-. | .--.r2 .-.r
+ * | | | | -> | | + | |
+ * `--|-' | `--' `-'
+ * `----'
+ */
+ rect_list_append_xywh(dirty, r.left, r.top, w_1, r.height); /* not necessary to keep these, r (b) will be destroyed */
+
+ /* r.width -= w_1; */
+ /* r.left = current.left; */
+
+ if (w_2 > 0)
+ /* .----.cur (a)
+ * | |
+ * | .-|--.r (b) .-.r .--.r2
+ * | | | | -> | | + | |
+ * | `-|--' `-' `--'
+ * `----'
+ */
+ rect_list_append_xywh(dirty, current.right, r.top, w_2, r.height); /* not necessary to keep this, r (b) will be destroyed */
+
+ /* r.width -= w_2; */
}
-static inline void _calc_intra_outer_rect_area(const rect_t a, const rect_t b,
- rect_t *intra, rect_t *outer)
+static inline void _calc_intra_outer_rect_area(const rect_t a,
+ const rect_t b,
+ rect_t * intra,
+ rect_t * outer)
{
- int min_left, max_left, min_right, max_right;
- int min_top, max_top, min_bottom, max_bottom;
-
- if (a.left < b.left)
- {
- max_left = b.left;
- min_left = a.left;
- }
- else
- {
- max_left = a.left;
- min_left = b.left;
- }
-
- if (a.right < b.right)
- {
- min_right = a.right;
- max_right = b.right;
- }
- else
- {
- min_right = b.right;
- max_right = a.right;
- }
-
- intra->left = max_left;
- intra->right = min_right;
- intra->width = min_right - max_left;
-
- outer->left = min_left;
- outer->right = max_right;
- outer->width = max_right - min_left;
-
- if (a.top < b.top)
- {
- max_top = b.top;
- min_top = a.top;
- }
- else
- {
- max_top = a.top;
- min_top = b.top;
- }
-
- if (a.bottom < b.bottom)
- {
- min_bottom = a.bottom;
- max_bottom = b.bottom;
- }
- else
- {
- min_bottom = b.bottom;
- max_bottom = a.bottom;
- }
-
- intra->top = max_top;
- intra->bottom = min_bottom;
- intra->height = min_bottom - max_top;
- if ((intra->width > 0) && (intra->height > 0))
- intra->area = intra->width * intra->height;
- else
- intra->area = 0;
-
- outer->top = min_top;
- outer->bottom = max_bottom;
- outer->height = max_bottom - min_top;
- outer->area = outer->width * outer->height;
+ int min_left, max_left, min_right, max_right;
+ int min_top, max_top, min_bottom, max_bottom;
+
+ if (a.left < b.left) {
+ max_left = b.left;
+ min_left = a.left;
+ } else {
+ max_left = a.left;
+ min_left = b.left;
+ }
+
+ if (a.right < b.right) {
+ min_right = a.right;
+ max_right = b.right;
+ } else {
+ min_right = b.right;
+ max_right = a.right;
+ }
+
+ intra->left = max_left;
+ intra->right = min_right;
+ intra->width = min_right - max_left;
+
+ outer->left = min_left;
+ outer->right = max_right;
+ outer->width = max_right - min_left;
+
+ if (a.top < b.top) {
+ max_top = b.top;
+ min_top = a.top;
+ } else {
+ max_top = a.top;
+ min_top = b.top;
+ }
+
+ if (a.bottom < b.bottom) {
+ min_bottom = a.bottom;
+ max_bottom = b.bottom;
+ } else {
+ min_bottom = b.bottom;
+ max_bottom = a.bottom;
+ }
+
+ intra->top = max_top;
+ intra->bottom = min_bottom;
+ intra->height = min_bottom - max_top;
+ if ((intra->width > 0) && (intra->height > 0))
+ intra->area = intra->width * intra->height;
+ else
+ intra->area = 0;
+
+ outer->top = min_top;
+ outer->bottom = max_bottom;
+ outer->height = max_bottom - min_top;
+ outer->area = outer->width * outer->height;
}
-enum
-{
- SPLIT_FUZZY_ACTION_NONE,
- SPLIT_FUZZY_ACTION_SPLIT,
- SPLIT_FUZZY_ACTION_MERGE
+enum {
+ SPLIT_FUZZY_ACTION_NONE,
+ SPLIT_FUZZY_ACTION_SPLIT,
+ SPLIT_FUZZY_ACTION_MERGE
};
-static inline int _split_fuzzy(list_t *dirty, const rect_t a, rect_t *b)
+static inline int _split_fuzzy(list_t * dirty, const rect_t a, rect_t * b)
{
- int h_1, h_2, w_1, w_2, action;
-
- h_1 = a.top - b->top;
- h_2 = b->bottom - a.bottom;
- w_1 = a.left - b->left;
- w_2 = b->right - a.right;
-
- action = SPLIT_FUZZY_ACTION_NONE;
-
- if (h_1 > 0)
- {
- /* .--.r (b) .---.r2
- * | | | |
- * .-------.cur (a) .---.r '---'
- * | | | | -> | | +
- * | `--' | `---'
- * `-------'
- */
- rect_list_append_xywh(dirty, b->left, b->top, b->width, h_1);
- b->height -= h_1;
- b->top = a.top;
- action = SPLIT_FUZZY_ACTION_SPLIT;
- }
-
- if (h_2 > 0)
- {
- /* .-------.cur (a)
- * | .---. | .---.r
- * | | | | -> | |
- * `-------' `---' + .---.r2
- * | | | |
- * `---'r (b) `---'
- */
- rect_list_append_xywh(dirty, b->left, a.bottom, b->width, h_2);
- b->height -= h_2;
- action = SPLIT_FUZZY_ACTION_SPLIT;
- }
-
- if (((w_1 > 0) || (w_2 > 0)) && (a.height == b->height))
- return SPLIT_FUZZY_ACTION_MERGE;
-
- if (w_1 > 0)
- {
- /* (b) r .----.cur (a)
- * .--|-. | .--.r2 .-.r
- * | | | | -> | | + | |
- * `--|-' | `--' `-'
- * `----'
- */
- rect_list_append_xywh(dirty, b->left, b->top, w_1, b->height);
- /* not necessary to keep these, r (b) will be destroyed */
- /* b->width -= w_1; */
- /* b->left = a.left; */
- action = SPLIT_FUZZY_ACTION_SPLIT;
- }
-
- if (w_2 > 0)
- {
- /* .----.cur (a)
- * | |
- * | .-|--.r (b) .-.r .--.r2
- * | | | | -> | | + | |
- * | `-|--' `-' `--'
- * `----'
- */
- rect_list_append_xywh(dirty, a.right, b->top, w_2, b->height);
- /* not necessary to keep these, r (b) will be destroyed */
- /* b->width -= w_2; */
- action = SPLIT_FUZZY_ACTION_SPLIT;
- }
-
- return action;
+ int h_1, h_2, w_1, w_2, action;
+
+ h_1 = a.top - b->top;
+ h_2 = b->bottom - a.bottom;
+ w_1 = a.left - b->left;
+ w_2 = b->right - a.right;
+
+ action = SPLIT_FUZZY_ACTION_NONE;
+
+ if (h_1 > 0) {
+ /* .--.r (b) .---.r2
+ * | | | |
+ * .-------.cur (a) .---.r '---'
+ * | | | | -> | | +
+ * | `--' | `---'
+ * `-------'
+ */
+ rect_list_append_xywh(dirty, b->left, b->top, b->width,
+ h_1);
+ b->height -= h_1;
+ b->top = a.top;
+ action = SPLIT_FUZZY_ACTION_SPLIT;
+ }
+
+ if (h_2 > 0) {
+ /* .-------.cur (a)
+ * | .---. | .---.r
+ * | | | | -> | |
+ * `-------' `---' + .---.r2
+ * | | | |
+ * `---'r (b) `---'
+ */
+ rect_list_append_xywh(dirty, b->left, a.bottom, b->width,
+ h_2);
+ b->height -= h_2;
+ action = SPLIT_FUZZY_ACTION_SPLIT;
+ }
+
+ if (((w_1 > 0) || (w_2 > 0)) && (a.height == b->height))
+ return SPLIT_FUZZY_ACTION_MERGE;
+
+ if (w_1 > 0) {
+ /* (b) r .----.cur (a)
+ * .--|-. | .--.r2 .-.r
+ * | | | | -> | | + | |
+ * `--|-' | `--' `-'
+ * `----'
+ */
+ rect_list_append_xywh(dirty, b->left, b->top, w_1,
+ b->height);
+ /* not necessary to keep these, r (b) will be destroyed */
+ /* b->width -= w_1; */
+ /* b->left = a.left; */
+ action = SPLIT_FUZZY_ACTION_SPLIT;
+ }
+
+ if (w_2 > 0) {
+ /* .----.cur (a)
+ * | |
+ * | .-|--.r (b) .-.r .--.r2
+ * | | | | -> | | + | |
+ * | `-|--' `-' `--'
+ * `----'
+ */
+ rect_list_append_xywh(dirty, a.right, b->top, w_2,
+ b->height);
+ /* not necessary to keep these, r (b) will be destroyed */
+ /* b->width -= w_2; */
+ action = SPLIT_FUZZY_ACTION_SPLIT;
+ }
+
+ return action;
}
#if 0
static void rect_list_node_pool_set_max(int max)
{
- int diff;
+ int diff;
- diff = list_node_pool.len - max;
- for (; diff > 0 && list_node_pool.node != NULL; diff--)
- {
- list_node_t *node;
+ diff = list_node_pool.len - max;
+ for (; diff > 0 && list_node_pool.node != NULL; diff--) {
+ list_node_t *node;
- node = list_node_pool.node;
- list_node_pool.node = node->next;
- list_node_pool.len--;
+ node = list_node_pool.node;
+ list_node_pool.node = node->next;
+ list_node_pool.len--;
- free(node);
- }
+ free(node);
+ }
- list_node_pool.max = max;
+ list_node_pool.max = max;
}
#endif
static void rect_list_node_pool_flush(void)
{
- while (list_node_pool.node)
- {
- list_node_t *node;
+ while (list_node_pool.node) {
+ list_node_t *node;
- node = list_node_pool.node;
- list_node_pool.node = node->next;
- list_node_pool.len--;
+ node = list_node_pool.node;
+ list_node_pool.node = node->next;
+ list_node_pool.len--;
- free(node);
- }
+ free(node);
+ }
}
-static inline void rect_list_node_pool_put(list_node_t *node)
+static inline void rect_list_node_pool_put(list_node_t * node)
{
- if (list_node_pool.len < list_node_pool.max)
- {
- node->next = list_node_pool.node;
- list_node_pool.node = node;
- list_node_pool.len++;
- }
- else
- free(node);
+ if (list_node_pool.len < list_node_pool.max) {
+ node->next = list_node_pool.node;
+ list_node_pool.node = node;
+ list_node_pool.len++;
+ } else
+ free(node);
}
#if 0
static void rect_print(const rect_t r)
{
- printf("<rect(%d, %d, %d, %d)>", r.left, r.top, r.width, r.height);
+ printf("<rect(%d, %d, %d, %d)>", r.left, r.top, r.width, r.height);
}
static void rect_list_print(const list_t rects)
{
- list_node_t *node;
- int len;
-
- len = 0;
- for (node = rects.head; node != NULL; node = node->next)
- len++;
-
- printf("[");
- for (node = rects.head; node != NULL; node = node->next)
- {
- rect_print(((rect_node_t *)node)->rect);
- if (node->next)
- {
- putchar(',');
- if (len < 4)
- putchar(' ');
- else
- {
- putchar('\n');
- putchar(' ');
- }
- }
- }
- printf("]\n");
+ list_node_t *node;
+ int len;
+
+ len = 0;
+ for (node = rects.head; node != NULL; node = node->next)
+ len++;
+
+ printf("[");
+ for (node = rects.head; node != NULL; node = node->next) {
+ rect_print(((rect_node_t *) node)->rect);
+ if (node->next) {
+ putchar(',');
+ if (len < 4)
+ putchar(' ');
+ else {
+ putchar('\n');
+ putchar(' ');
+ }
+ }
+ }
+ printf("]\n");
}
#endif
-static inline list_node_t *
-rect_list_unlink_next(list_t *rects, list_node_t *parent_node)
+static inline list_node_t *rect_list_unlink_next(list_t * rects,
+ list_node_t * parent_node)
{
- list_node_t *node;
-
- if (parent_node)
- {
- node = parent_node->next;
- parent_node->next = node->next;
- }
- else
- {
- node = rects->head;
- rects->head = node->next;
- }
-
- if (rects->tail == node)
- rects->tail = parent_node;
-
- *node = list_node_zeroed;
- return node;
+ list_node_t *node;
+
+ if (parent_node) {
+ node = parent_node->next;
+ parent_node->next = node->next;
+ } else {
+ node = rects->head;
+ rects->head = node->next;
+ }
+
+ if (rects->tail == node)
+ rects->tail = parent_node;
+
+ *node = list_node_zeroed;
+ return node;
}
-static inline void rect_list_del_next(list_t *rects, list_node_t *parent_node)
+static inline void rect_list_del_next(list_t * rects,
+ list_node_t * parent_node)
{
- list_node_t *node;
+ list_node_t *node;
- node = rect_list_unlink_next(rects, parent_node);
- rect_list_node_pool_put(node);
+ node = rect_list_unlink_next(rects, parent_node);
+ rect_list_node_pool_put(node);
}
-static void rect_list_clear(list_t *rects)
+static void rect_list_clear(list_t * rects)
{
- list_node_t *node;
-
- node = rects->head;
- while (node)
- {
- list_node_t *aux;
-
- aux = node->next;
- rect_list_node_pool_put(node);
- node = aux;
- }
- *rects = list_zeroed;
+ list_node_t *node;
+
+ node = rects->head;
+ while (node) {
+ list_node_t *aux;
+
+ aux = node->next;
+ rect_list_node_pool_put(node);
+ node = aux;
+ }
+ *rects = list_zeroed;
}
-static void rect_list_del_split_strict(list_t *rects, const rect_t del_r)
+static void rect_list_del_split_strict(list_t * rects, const rect_t del_r)
{
- list_t modified = list_zeroed;
- list_node_t *cur_node, *prev_node;
-
- prev_node = NULL;
- cur_node = rects->head;
- while (cur_node)
- {
- int intra_width, intra_height;
- rect_t current;
-
- current = ((rect_node_t *)cur_node)->rect;
-
- _calc_intra_rect_area(del_r, current, &intra_width,
- &intra_height);
- if ((intra_width <= 0) || (intra_height <= 0))
- {
- /* .---.current .---.del_r
- * | | | |
- * `---+---.del_r `---+---.current
- * | | | |
- * `---' `---'
- * no intersection, nothing to do
- */
- prev_node = cur_node;
- cur_node = cur_node->next;
- }
- else if ((intra_width == current.width) && (intra_height
- == current.height))
- {
- /* .-------.del_r
- * | .---. |
- * | | | |
- * | `---'current
- * `-------'
- * current is contained, remove from rects
- */
- cur_node = cur_node->next;
- rect_list_del_next(rects, prev_node);
- }
- else
- {
- _split_strict(&modified, del_r, current);
- cur_node = cur_node->next;
- rect_list_del_next(rects, prev_node);
- }
- }
-
- rect_list_concat(rects, &modified);
+ list_t modified = list_zeroed;
+ list_node_t *cur_node, *prev_node;
+
+ prev_node = NULL;
+ cur_node = rects->head;
+ while (cur_node) {
+ int intra_width, intra_height;
+ rect_t current;
+
+ current = ((rect_node_t *) cur_node)->rect;
+
+ _calc_intra_rect_area(del_r, current, &intra_width,
+ &intra_height);
+ if ((intra_width <= 0) || (intra_height <= 0)) {
+ /* .---.current .---.del_r
+ * | | | |
+ * `---+---.del_r `---+---.current
+ * | | | |
+ * `---' `---'
+ * no intersection, nothing to do
+ */
+ prev_node = cur_node;
+ cur_node = cur_node->next;
+ } else if ((intra_width == current.width) && (intra_height
+ ==
+ current.
+ height)) {
+ /* .-------.del_r
+ * | .---. |
+ * | | | |
+ * | `---'current
+ * `-------'
+ * current is contained, remove from rects
+ */
+ cur_node = cur_node->next;
+ rect_list_del_next(rects, prev_node);
+ } else {
+ _split_strict(&modified, del_r, current);
+ cur_node = cur_node->next;
+ rect_list_del_next(rects, prev_node);
+ }
+ }
+
+ rect_list_concat(rects, &modified);
}
#if 0
-static void rect_list_add_split_strict(list_t *rects, list_node_t *node)
+static void rect_list_add_split_strict(list_t * rects, list_node_t * node)
{
- list_t dirty = list_zeroed;
- list_t new_dirty = list_zeroed;
- list_node_t *cur_node;
-
- if (!rects->head)
- {
- rect_list_append_node(rects, node);
- return;
- }
-
- rect_list_append_node(&dirty, node);
-
- cur_node = rects->head;
- while (dirty.head)
- {
- rect_t current;
-
- if (!cur_node)
- {
- rect_list_concat(rects, &dirty);
- break;
- }
-
- current = ((rect_node_t *)cur_node)->rect;
-
- while (dirty.head)
- {
- int intra_width, intra_height;
- rect_t r;
-
- r = ((rect_node_t *)dirty.head)->rect;
- _calc_intra_rect_area(r, current, &intra_width,
- &intra_height);
- if ((intra_width == r.width) && (intra_height
- == r.height))
- /* .-------.cur
- * | .---.r|
- * | | | |
- * | `---' |
- * `-------'
- */
- rect_list_del_next(&dirty, NULL);
- else if ((intra_width <= 0) || (intra_height <= 0))
- {
- /* .---.cur .---.r
- * | | | |
- * `---+---.r `---+---.cur
- * | | | |
- * `---' `---'
- */
- list_node_t *tmp;
- tmp = rect_list_unlink_next(&dirty, NULL);
- rect_list_append_node(&new_dirty, tmp);
- }
- else
- {
- _split_strict(&new_dirty, current, r);
- rect_list_del_next(&dirty, NULL);
- }
- }
- dirty = new_dirty;
- new_dirty = list_zeroed;
-
- cur_node = cur_node->next;
- }
+ list_t dirty = list_zeroed;
+ list_t new_dirty = list_zeroed;
+ list_node_t *cur_node;
+
+ if (!rects->head) {
+ rect_list_append_node(rects, node);
+ return;
+ }
+
+ rect_list_append_node(&dirty, node);
+
+ cur_node = rects->head;
+ while (dirty.head) {
+ rect_t current;
+
+ if (!cur_node) {
+ rect_list_concat(rects, &dirty);
+ break;
+ }
+
+ current = ((rect_node_t *) cur_node)->rect;
+
+ while (dirty.head) {
+ int intra_width, intra_height;
+ rect_t r;
+
+ r = ((rect_node_t *) dirty.head)->rect;
+ _calc_intra_rect_area(r, current, &intra_width,
+ &intra_height);
+ if ((intra_width == r.width) && (intra_height
+ == r.height))
+ /* .-------.cur
+ * | .---.r|
+ * | | | |
+ * | `---' |
+ * `-------'
+ */
+ rect_list_del_next(&dirty, NULL);
+ else if ((intra_width <= 0) || (intra_height <= 0)) {
+ /* .---.cur .---.r
+ * | | | |
+ * `---+---.r `---+---.cur
+ * | | | |
+ * `---' `---'
+ */
+ list_node_t *tmp;
+ tmp = rect_list_unlink_next(&dirty, NULL);
+ rect_list_append_node(&new_dirty, tmp);
+ } else {
+ _split_strict(&new_dirty, current, r);
+ rect_list_del_next(&dirty, NULL);
+ }
+ }
+ dirty = new_dirty;
+ new_dirty = list_zeroed;
+
+ cur_node = cur_node->next;
+ }
}
#endif
-static list_node_t *
-rect_list_add_split_fuzzy(list_t *rects, list_node_t *node, int accepted_error)
+static list_node_t *rect_list_add_split_fuzzy(list_t * rects,
+ list_node_t * node,
+ int accepted_error)
{
- list_t dirty = list_zeroed;
- list_node_t *old_last;
-
- old_last = rects->tail;
-
- if (!rects->head)
- {
- rect_list_append_node(rects, node);
- return old_last;
- }
-
- rect_list_append_node(&dirty, node);
- while (dirty.head)
- {
- list_node_t *d_node, *cur_node, *prev_cur_node;
- int keep_dirty;
- rect_t r;
-
- d_node = rect_list_unlink_next(&dirty, NULL);
- r = ((rect_node_t *)d_node)->rect;
-
- prev_cur_node = NULL;
- cur_node = rects->head;
- keep_dirty = 1;
- while (cur_node)
- {
- int area, action;
- rect_t current, intra, outer;
-
- current = ((rect_node_t *)cur_node)->rect;
-
- _calc_intra_outer_rect_area(r, current, &intra, &outer);
- area = current.area + r.area - intra.area;
-
- if ((intra.width == r.width) && (intra.height
- == r.height))
- {
- /* .-------.cur
- * | .---.r|
- * | | | |
- * | `---' |
- * `-------'
- */
- keep_dirty = 0;
- break;
- }
- else if ((intra.width == current.width)
- && (intra.height == current.height))
- {
- /* .-------.r
- * | .---.cur
- * | | | |
- * | `---' |
- * `-------'
- */
- if (old_last == cur_node)
- old_last = prev_cur_node;
-
- cur_node = cur_node->next;
- rect_list_del_next(rects, prev_cur_node);
- }
- else if ((outer.area - area) <= accepted_error)
- {
- /* .-----------. bounding box (outer)
- * |.---. .---.|
- * ||cur| |r ||
- * || | | ||
- * |`---' `---'|
- * `-----------'
- * merge them, remove both and add merged
- */
- rect_node_t *n;
-
- if (old_last == cur_node)
- old_last = prev_cur_node;
-
- n = (rect_node_t *)rect_list_unlink_next(
- rects, prev_cur_node);
- n->rect = outer;
- rect_list_append_node(&dirty, (list_node_t *)n);
-
- keep_dirty = 0;
- break;
- }
- else if (intra.area <= accepted_error)
- {
- /* .---.cur .---.r
- * | | | |
- * `---+---.r `---+---.cur
- * | | | |
- * `---' `---'
- * no split, no merge
- */
- prev_cur_node = cur_node;
- cur_node = cur_node->next;
- }
- else
- {
- /* split is required */
- action = _split_fuzzy(&dirty, current, &r);
- if (action == SPLIT_FUZZY_ACTION_MERGE)
- {
+ list_t dirty = list_zeroed;
+ list_node_t *old_last;
+
+ old_last = rects->tail;
+
+ if (!rects->head) {
+ rect_list_append_node(rects, node);
+ return old_last;
+ }
+
+ rect_list_append_node(&dirty, node);
+ while (dirty.head) {
+ list_node_t *d_node, *cur_node, *prev_cur_node;
+ int keep_dirty;
+ rect_t r;
+
+ d_node = rect_list_unlink_next(&dirty, NULL);
+ r = ((rect_node_t *) d_node)->rect;
+
+ prev_cur_node = NULL;
+ cur_node = rects->head;
+ keep_dirty = 1;
+ while (cur_node) {
+ int area, action;
+ rect_t current, intra, outer;
+
+ current = ((rect_node_t *) cur_node)->rect;
+
+ _calc_intra_outer_rect_area(r, current, &intra,
+ &outer);
+ area = current.area + r.area - intra.area;
+
+ if ((intra.width == r.width) && (intra.height
+ == r.height)) {
+ /* .-------.cur
+ * | .---.r|
+ * | | | |
+ * | `---' |
+ * `-------'
+ */
+ keep_dirty = 0;
+ break;
+ } else if ((intra.width == current.width)
+ && (intra.height == current.height)) {
+ /* .-------.r
+ * | .---.cur
+ * | | | |
+ * | `---' |
+ * `-------'
+ */
+ if (old_last == cur_node)
+ old_last = prev_cur_node;
+
+ cur_node = cur_node->next;
+ rect_list_del_next(rects, prev_cur_node);
+ } else if ((outer.area - area) <= accepted_error) {
+ /* .-----------. bounding box (outer)
+ * |.---. .---.|
+ * ||cur| |r ||
+ * || | | ||
+ * |`---' `---'|
+ * `-----------'
+ * merge them, remove both and add merged
+ */
+ rect_node_t *n;
+
+ if (old_last == cur_node)
+ old_last = prev_cur_node;
+
+ n = (rect_node_t *)
+ rect_list_unlink_next(rects,
+ prev_cur_node);
+ n->rect = outer;
+ rect_list_append_node(&dirty,
+ (list_node_t *) n);
+
+ keep_dirty = 0;
+ break;
+ } else if (intra.area <= accepted_error) {
+ /* .---.cur .---.r
+ * | | | |
+ * `---+---.r `---+---.cur
+ * | | | |
+ * `---' `---'
+ * no split, no merge
+ */
+ prev_cur_node = cur_node;
+ cur_node = cur_node->next;
+ } else {
+ /* split is required */
+ action = _split_fuzzy(&dirty, current, &r);
+ if (action == SPLIT_FUZZY_ACTION_MERGE) {
/* horizontal merge is possible: remove both, add merged */
- rect_node_t *n;
-
- if (old_last == cur_node)
- old_last = prev_cur_node;
-
- n
- = (rect_node_t *)rect_list_unlink_next(
- rects,
- prev_cur_node);
-
- n->rect.left = outer.left;
- n->rect.width = outer.width;
- n->rect.right = outer.right;
- n->rect.area = outer.width * r.height;
- rect_list_append_node(&dirty,
- (list_node_t *)n);
- }
- else if (action == SPLIT_FUZZY_ACTION_NONE)
- {
+ rect_node_t *n;
+
+ if (old_last == cur_node)
+ old_last = prev_cur_node;
+
+ n = (rect_node_t *)
+ rect_list_unlink_next(rects,
+ prev_cur_node);
+
+ n->rect.left = outer.left;
+ n->rect.width = outer.width;
+ n->rect.right = outer.right;
+ n->rect.area =
+ outer.width * r.height;
+ rect_list_append_node(&dirty,
+ (list_node_t
+ *) n);
+ } else if (action ==
+ SPLIT_FUZZY_ACTION_NONE) {
/*
* this rect check was totally useless,
* should never happen
*/
/* prev_cur_node = cur_node; */
/* cur_node = cur_node->next; */
- printf("Should not get here!\n");
- abort();
- }
-
- keep_dirty = 0;
- break;
- }
- }
- if (EINA_UNLIKELY(keep_dirty))
- rect_list_append_node(rects, d_node);
- else
- rect_list_node_pool_put(d_node);
- }
-
- return old_last;
+ printf("Should not get here!\n");
+ abort();
+ }
+
+ keep_dirty = 0;
+ break;
+ }
+ }
+ if (EINA_UNLIKELY(keep_dirty))
+ rect_list_append_node(rects, d_node);
+ else
+ rect_list_node_pool_put(d_node);
+ }
+
+ return old_last;
}
static inline void _calc_outer_rect_area(const rect_t a, const rect_t b,
- rect_t *outer)
+ rect_t * outer)
{
- int min_left, max_right;
- int min_top, max_bottom;
-
- if (a.left < b.left)
- min_left = a.left;
- else
- min_left = b.left;
-
- if (a.right < b.right)
- max_right = b.right;
- else
- max_right = a.right;
-
- outer->left = min_left;
- outer->right = max_right;
- outer->width = max_right - min_left;
-
- if (a.top < b.top)
- min_top = a.top;
- else
- min_top = b.top;
-
- if (a.bottom < b.bottom)
- max_bottom = b.bottom;
- else
- max_bottom = a.bottom;
-
- outer->top = min_top;
- outer->bottom = max_bottom;
- outer->height = max_bottom - min_top;
-
- outer->area = outer->width * outer->height;
+ int min_left, max_right;
+ int min_top, max_bottom;
+
+ if (a.left < b.left)
+ min_left = a.left;
+ else
+ min_left = b.left;
+
+ if (a.right < b.right)
+ max_right = b.right;
+ else
+ max_right = a.right;
+
+ outer->left = min_left;
+ outer->right = max_right;
+ outer->width = max_right - min_left;
+
+ if (a.top < b.top)
+ min_top = a.top;
+ else
+ min_top = b.top;
+
+ if (a.bottom < b.bottom)
+ max_bottom = b.bottom;
+ else
+ max_bottom = a.bottom;
+
+ outer->top = min_top;
+ outer->bottom = max_bottom;
+ outer->height = max_bottom - min_top;
+
+ outer->area = outer->width * outer->height;
}
-static void rect_list_merge_rects(list_t *rects,
- list_t *to_merge,
- int accepted_error)
+static void rect_list_merge_rects(list_t * rects,
+ list_t * to_merge, int accepted_error)
{
- while (to_merge->head)
- {
- list_node_t *node, *parent_node;
- rect_t r1;
- int merged;
-
- r1 = ((rect_node_t *)to_merge->head)->rect;
-
- merged = 0;
- parent_node = NULL;
- node = rects->head;
- while (node)
- {
- rect_t r2, outer;
- int area;
-
- r2 = ((rect_node_t *)node)->rect;
-
- _calc_outer_rect_area(r1, r2, &outer);
- area = r1.area + r2.area; /* intra area is taken as 0 */
- if (outer.area - area <= accepted_error)
- {
- /*
- * remove both r1 and r2, create r3
- * actually r3 uses r2 instance, saves memory
- */
- rect_node_t *n;
-
- n = (rect_node_t *)rect_list_unlink_next(
- rects, parent_node);
- n->rect = outer;
- rect_list_append_node(to_merge,
- (list_node_t *)n);
- merged = 1;
- break;
- }
-
- parent_node = node;
- node = node->next;
- }
-
- if (!merged)
- {
- list_node_t *n;
- n = rect_list_unlink_next(to_merge, NULL);
- rect_list_append_node(rects, n);
- }
- else
- rect_list_del_next(to_merge, NULL);
- }
+ while (to_merge->head) {
+ list_node_t *node, *parent_node;
+ rect_t r1;
+ int merged;
+
+ r1 = ((rect_node_t *) to_merge->head)->rect;
+
+ merged = 0;
+ parent_node = NULL;
+ node = rects->head;
+ while (node) {
+ rect_t r2, outer;
+ int area;
+
+ r2 = ((rect_node_t *) node)->rect;
+
+ _calc_outer_rect_area(r1, r2, &outer);
+ area = r1.area + r2.area; /* intra area is taken as 0 */
+ if (outer.area - area <= accepted_error) {
+ /*
+ * remove both r1 and r2, create r3
+ * actually r3 uses r2 instance, saves memory
+ */
+ rect_node_t *n;
+
+ n = (rect_node_t *)
+ rect_list_unlink_next(rects,
+ parent_node);
+ n->rect = outer;
+ rect_list_append_node(to_merge,
+ (list_node_t *) n);
+ merged = 1;
+ break;
+ }
+
+ parent_node = node;
+ node = node->next;
+ }
+
+ if (!merged) {
+ list_node_t *n;
+ n = rect_list_unlink_next(to_merge, NULL);
+ rect_list_append_node(rects, n);
+ } else
+ rect_list_del_next(to_merge, NULL);
+ }
}
-static void rect_list_add_split_fuzzy_and_merge(list_t *rects,
- list_node_t *node,
- int split_accepted_error,
- int merge_accepted_error)
+static void rect_list_add_split_fuzzy_and_merge(list_t * rects,
+ list_node_t * node,
+ int split_accepted_error,
+ int merge_accepted_error)
{
- list_node_t *n;
+ list_node_t *n;
- n = rect_list_add_split_fuzzy(rects, node, split_accepted_error);
- if (n && n->next)
- {
- list_t to_merge;
+ n = rect_list_add_split_fuzzy(rects, node, split_accepted_error);
+ if (n && n->next) {
+ list_t to_merge;
- /* split list into 2 segments, already merged and to merge */
- to_merge.head = n->next;
- to_merge.tail = rects->tail;
- rects->tail = n;
- n->next = NULL;
+ /* split list into 2 segments, already merged and to merge */
+ to_merge.head = n->next;
+ to_merge.tail = rects->tail;
+ rects->tail = n;
+ n->next = NULL;
- rect_list_merge_rects(rects, &to_merge, merge_accepted_error);
- }
+ rect_list_merge_rects(rects, &to_merge,
+ merge_accepted_error);
+ }
}
-static inline void _splitter_new(Eina_Tiler *t)
+static inline void _splitter_new(Eina_Tiler * t)
{
- t->splitter.rects = list_zeroed;
- t->splitter.need_merge = EINA_FALSE;
+ t->splitter.rects = list_zeroed;
+ t->splitter.need_merge = EINA_FALSE;
}
-static inline void _splitter_del(Eina_Tiler *t)
+static inline void _splitter_del(Eina_Tiler * t)
{
- rect_list_clear(&t->splitter.rects);
- rect_list_node_pool_flush();
+ rect_list_clear(&t->splitter.rects);
+ rect_list_node_pool_flush();
}
-static inline void _splitter_tile_size_set(Eina_Tiler *t,
- int w __UNUSED__,
- int h __UNUSED__)
+static inline void _splitter_tile_size_set(Eina_Tiler * t,
+ int w __UNUSED__,
+ int h __UNUSED__)
{
- /* TODO are w and h used for something? */
- t->splitter.rects = list_zeroed;
+ /* TODO are w and h used for something? */
+ t->splitter.rects = list_zeroed;
}
-static inline Eina_Bool _splitter_rect_add(Eina_Tiler *t, Eina_Rectangle *rect)
+static inline Eina_Bool _splitter_rect_add(Eina_Tiler * t,
+ Eina_Rectangle * rect)
{
- rect_node_t *rn;
-
- //printf("ACCOUNTING[1]: add_redraw: %4d,%4d %3dx%3d\n", x, y, w, h);
- rect->x >>= 1;
- rect->y >>= 1;
- rect->w += 2;
- rect->w >>= 1;
- rect->h += 2;
- rect->h >>= 1;
-
- rn = (rect_node_t *)rect_list_node_pool_get();
- rn->_lst = list_node_zeroed;
- rect_init(&rn->rect, rect->x, rect->y, rect->w, rect->h);
- //printf("ACCOUNTING[2]: add_redraw: %4d,%4d %3dx%3d\n", x, y, w, h);
- //testing on my core2 duo desktop - fuzz of 32 or 48 is best.
+ rect_node_t *rn;
+
+ //printf("ACCOUNTING[1]: add_redraw: %4d,%4d %3dx%3d\n", x, y, w, h);
+ rect->x >>= 1;
+ rect->y >>= 1;
+ rect->w += 2;
+ rect->w >>= 1;
+ rect->h += 2;
+ rect->h >>= 1;
+
+ rn = (rect_node_t *) rect_list_node_pool_get();
+ rn->_lst = list_node_zeroed;
+ rect_init(&rn->rect, rect->x, rect->y, rect->w, rect->h);
+ //printf("ACCOUNTING[2]: add_redraw: %4d,%4d %3dx%3d\n", x, y, w, h);
+ //testing on my core2 duo desktop - fuzz of 32 or 48 is best.
#define FUZZ 32
- rect_list_add_split_fuzzy_and_merge(&t->splitter.rects,
- (list_node_t *)rn,
- FUZZ * FUZZ,
- FUZZ * FUZZ);
- return EINA_TRUE;
+ rect_list_add_split_fuzzy_and_merge(&t->splitter.rects,
+ (list_node_t *) rn,
+ FUZZ * FUZZ, FUZZ * FUZZ);
+ return EINA_TRUE;
}
-static inline void _splitter_rect_del(Eina_Tiler *t, Eina_Rectangle *rect)
+static inline void _splitter_rect_del(Eina_Tiler * t,
+ Eina_Rectangle * rect)
{
- rect_t r;
+ rect_t r;
- if (!t->splitter.rects.head)
- return;
+ if (!t->splitter.rects.head)
+ return;
- rect->x += 1;
- rect->y += 1;
- rect->x >>= 1;
- rect->y >>= 1;
- rect->w -= 1;
- rect->w >>= 1;
- rect->h -= 1;
- rect->h >>= 1;
+ rect->x += 1;
+ rect->y += 1;
+ rect->x >>= 1;
+ rect->y >>= 1;
+ rect->w -= 1;
+ rect->w >>= 1;
+ rect->h -= 1;
+ rect->h >>= 1;
- if ((rect->w <= 0) || (rect->h <= 0))
- return;
+ if ((rect->w <= 0) || (rect->h <= 0))
+ return;
- rect_init(&r, rect->x, rect->y, rect->w, rect->h);
- //fprintf(stderr, "ACCOUNTING: del_redraw: %4d,%4d %3dx%3d\n", x, y, w, h);
+ rect_init(&r, rect->x, rect->y, rect->w, rect->h);
+ //fprintf(stderr, "ACCOUNTING: del_redraw: %4d,%4d %3dx%3d\n", x, y, w, h);
- rect_list_del_split_strict(&t->splitter.rects, r);
- t->splitter.need_merge = EINA_TRUE;
- return;
+ rect_list_del_split_strict(&t->splitter.rects, r);
+ t->splitter.need_merge = EINA_TRUE;
+ return;
}
-static inline void _splitter_clear(Eina_Tiler *t)
+static inline void _splitter_clear(Eina_Tiler * t)
{
- rect_list_clear(&t->splitter.rects);
- t->splitter.need_merge = EINA_FALSE;
+ rect_list_clear(&t->splitter.rects);
+ t->splitter.need_merge = EINA_FALSE;
}
+
/* end of splitter algorithm */
-static Eina_Bool _iterator_next(Eina_Iterator_Tiler *it, void **data)
+static Eina_Bool _iterator_next(Eina_Iterator_Tiler * it, void **data)
{
- Eina_Rectangle *rect = (Eina_Rectangle *)data;
- list_node_t *n;
+ Eina_Rectangle *rect = (Eina_Rectangle *) data;
+ list_node_t *n;
- for (n = it->curr; n; n = n->next)
- {
- rect_t cur;
+ for (n = it->curr; n; n = n->next) {
+ rect_t cur;
- cur = ((rect_node_t *)n)->rect;
+ cur = ((rect_node_t *) n)->rect;
- rect->x = cur.left << 1;
- rect->y = cur.top << 1;
- rect->w = cur.width << 1;
- rect->h = cur.height << 1;
+ rect->x = cur.left << 1;
+ rect->y = cur.top << 1;
+ rect->w = cur.width << 1;
+ rect->h = cur.height << 1;
- if (eina_rectangle_intersection(rect, &it->tiler->area) == EINA_FALSE)
- continue;
+ if (eina_rectangle_intersection(rect, &it->tiler->area) ==
+ EINA_FALSE)
+ continue;
- if ((rect->w <= 0) || (rect->h <= 0))
- continue;
+ if ((rect->w <= 0) || (rect->h <= 0))
+ continue;
- it->curr = n->next;
- return EINA_TRUE;
- }
- return EINA_FALSE;
+ it->curr = n->next;
+ return EINA_TRUE;
+ }
+ return EINA_FALSE;
}
-static void *_iterator_get_container(Eina_Iterator_Tiler *it)
+static void *_iterator_get_container(Eina_Iterator_Tiler * it)
{
- EINA_MAGIC_CHECK_TILER_ITERATOR(it, NULL);
- return (void *)it->tiler;
+ EINA_MAGIC_CHECK_TILER_ITERATOR(it, NULL);
+ return (void *) it->tiler;
}
-static void _iterator_free(Eina_Iterator_Tiler *it)
+static void _iterator_free(Eina_Iterator_Tiler * it)
{
- EINA_MAGIC_CHECK_TILER_ITERATOR(it);
- free(it);
+ EINA_MAGIC_CHECK_TILER_ITERATOR(it);
+ free(it);
}
/*============================================================================*
@@ -1112,138 +1044,138 @@ static void _iterator_free(Eina_Iterator_Tiler *it)
EAPI Eina_Tiler *eina_tiler_new(int w, int h)
{
- Eina_Tiler *t;
-
- t = calloc(1, sizeof(Eina_Tiler));
- t->area.w = w;
- t->area.h = h;
- t->tile.w = w;
- t->tile.h = h;
- EINA_MAGIC_SET(t, EINA_MAGIC_TILER);
- _splitter_new(t);
- return t;
+ Eina_Tiler *t;
+
+ t = calloc(1, sizeof(Eina_Tiler));
+ t->area.w = w;
+ t->area.h = h;
+ t->tile.w = w;
+ t->tile.h = h;
+ EINA_MAGIC_SET(t, EINA_MAGIC_TILER);
+ _splitter_new(t);
+ return t;
}
-EAPI void eina_tiler_free(Eina_Tiler *t)
+EAPI void eina_tiler_free(Eina_Tiler * t)
{
- EINA_MAGIC_CHECK_TILER(t);
- _splitter_del(t);
- free(t);
+ EINA_MAGIC_CHECK_TILER(t);
+ _splitter_del(t);
+ free(t);
}
-EAPI void eina_tiler_tile_size_set(Eina_Tiler *t, int w, int h)
+EAPI void eina_tiler_tile_size_set(Eina_Tiler * t, int w, int h)
{
- EINA_MAGIC_CHECK_TILER(t);
- if ((w <= 0) || (h <= 0))
- return;
+ EINA_MAGIC_CHECK_TILER(t);
+ if ((w <= 0) || (h <= 0))
+ return;
- t->tile.w = w;
- t->tile.h = h;
- _splitter_tile_size_set(t, w, h);
+ t->tile.w = w;
+ t->tile.h = h;
+ _splitter_tile_size_set(t, w, h);
}
-EAPI Eina_Bool eina_tiler_rect_add(Eina_Tiler *t, const Eina_Rectangle *r)
+EAPI Eina_Bool eina_tiler_rect_add(Eina_Tiler * t,
+ const Eina_Rectangle * r)
{
- Eina_Rectangle tmp;
+ Eina_Rectangle tmp;
- EINA_MAGIC_CHECK_TILER(t, EINA_FALSE);
- if ((r->w <= 0) || (r->h <= 0))
- return EINA_FALSE;
+ EINA_MAGIC_CHECK_TILER(t, EINA_FALSE);
+ if ((r->w <= 0) || (r->h <= 0))
+ return EINA_FALSE;
- tmp = *r;
- if (eina_rectangle_intersection(&tmp, &t->area) == EINA_FALSE)
- return EINA_FALSE;
+ tmp = *r;
+ if (eina_rectangle_intersection(&tmp, &t->area) == EINA_FALSE)
+ return EINA_FALSE;
- if ((tmp.w <= 0) || (tmp.h <= 0))
- return EINA_FALSE;
+ if ((tmp.w <= 0) || (tmp.h <= 0))
+ return EINA_FALSE;
- return _splitter_rect_add(t, &tmp);
+ return _splitter_rect_add(t, &tmp);
}
-EAPI void eina_tiler_rect_del(Eina_Tiler *t, const Eina_Rectangle *r)
+EAPI void eina_tiler_rect_del(Eina_Tiler * t, const Eina_Rectangle * r)
{
- Eina_Rectangle tmp;
+ Eina_Rectangle tmp;
- EINA_MAGIC_CHECK_TILER(t);
- if ((r->w <= 0) || (r->h <= 0))
- return;
+ EINA_MAGIC_CHECK_TILER(t);
+ if ((r->w <= 0) || (r->h <= 0))
+ return;
- tmp = *r;
- if (eina_rectangle_intersection(&tmp, &t->area) == EINA_FALSE)
- return;
+ tmp = *r;
+ if (eina_rectangle_intersection(&tmp, &t->area) == EINA_FALSE)
+ return;
- if ((tmp.w <= 0) || (tmp.h <= 0))
- return;
+ if ((tmp.w <= 0) || (tmp.h <= 0))
+ return;
- _splitter_rect_del(t, &tmp);
+ _splitter_rect_del(t, &tmp);
}
-EAPI void eina_tiler_clear(Eina_Tiler *t)
+EAPI void eina_tiler_clear(Eina_Tiler * t)
{
- EINA_MAGIC_CHECK_TILER(t);
- _splitter_clear(t);
+ EINA_MAGIC_CHECK_TILER(t);
+ _splitter_clear(t);
}
-EAPI Eina_Iterator *eina_tiler_iterator_new(const Eina_Tiler *t)
+EAPI Eina_Iterator *eina_tiler_iterator_new(const Eina_Tiler * t)
{
- Eina_Iterator_Tiler *it;
+ Eina_Iterator_Tiler *it;
- EINA_MAGIC_CHECK_TILER(t, NULL);
+ EINA_MAGIC_CHECK_TILER(t, NULL);
- it = calloc(1, sizeof (Eina_Iterator_Tiler));
- if (!it)
- return NULL;
+ it = calloc(1, sizeof(Eina_Iterator_Tiler));
+ if (!it)
+ return NULL;
- it->tiler = t;
+ it->tiler = t;
- if (t->splitter.need_merge == EINA_TRUE)
- {
- list_t to_merge;
- splitter_t *sp;
+ if (t->splitter.need_merge == EINA_TRUE) {
+ list_t to_merge;
+ splitter_t *sp;
- sp = (splitter_t *)&(t->splitter);
- to_merge = t->splitter.rects;
- sp->rects = list_zeroed;
- rect_list_merge_rects(&sp->rects, &to_merge, FUZZ * FUZZ);
- sp->need_merge = 0;
- }
+ sp = (splitter_t *) & (t->splitter);
+ to_merge = t->splitter.rects;
+ sp->rects = list_zeroed;
+ rect_list_merge_rects(&sp->rects, &to_merge, FUZZ * FUZZ);
+ sp->need_merge = 0;
+ }
- it->curr = it->tiler->splitter.rects.head;
+ it->curr = it->tiler->splitter.rects.head;
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(_iterator_next);
- it->iterator.get_container = FUNC_ITERATOR_GET_CONTAINER(
- _iterator_get_container);
- it->iterator.free = FUNC_ITERATOR_FREE(_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next = FUNC_ITERATOR_NEXT(_iterator_next);
+ it->iterator.get_container =
+ FUNC_ITERATOR_GET_CONTAINER(_iterator_get_container);
+ it->iterator.free = FUNC_ITERATOR_FREE(_iterator_free);
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- EINA_MAGIC_SET(it, EINA_MAGIC_TILER_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(it, EINA_MAGIC_TILER_ITERATOR);
- return &it->iterator;
+ return &it->iterator;
}
-struct _Eina_Tile_Grid_Slicer_Iterator
-{
- Eina_Iterator iterator;
- Eina_Tile_Grid_Slicer priv;
+struct _Eina_Tile_Grid_Slicer_Iterator {
+ Eina_Iterator iterator;
+ Eina_Tile_Grid_Slicer priv;
};
-typedef struct _Eina_Tile_Grid_Slicer_Iterator Eina_Tile_Grid_Slicer_Iterator;
+typedef struct _Eina_Tile_Grid_Slicer_Iterator
+ Eina_Tile_Grid_Slicer_Iterator;
static void
-eina_tile_grid_slicer_iterator_free(Eina_Tile_Grid_Slicer_Iterator *it)
+eina_tile_grid_slicer_iterator_free(Eina_Tile_Grid_Slicer_Iterator * it)
{
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_NONE);
- free(it);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_NONE);
+ free(it);
}
static Eina_Bool
-eina_tile_grid_slicer_iterator_next(Eina_Tile_Grid_Slicer_Iterator *it,
- void **data)
+eina_tile_grid_slicer_iterator_next(Eina_Tile_Grid_Slicer_Iterator * it,
+ void **data)
{
- return eina_tile_grid_slicer_next
- (&it->priv, (const Eina_Tile_Grid_Info **)data);
+ return eina_tile_grid_slicer_next
+ (&it->priv, (const Eina_Tile_Grid_Info **) data);
}
/**
@@ -1266,30 +1198,30 @@ eina_tile_grid_slicer_iterator_next(Eina_Tile_Grid_Slicer_Iterator *it,
* region, then @c full flag
* is set.
*/
-EAPI Eina_Iterator *
-eina_tile_grid_slicer_iterator_new(int x,
- int y,
- int w,
- int h,
- int tile_w,
- int tile_h)
+EAPI Eina_Iterator *eina_tile_grid_slicer_iterator_new(int x,
+ int y,
+ int w,
+ int h,
+ int tile_w,
+ int tile_h)
{
- Eina_Tile_Grid_Slicer_Iterator *it;
+ Eina_Tile_Grid_Slicer_Iterator *it;
- it = calloc(1, sizeof(*it));
- if (!it)
- {
- eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
- return NULL;
- }
+ it = calloc(1, sizeof(*it));
+ if (!it) {
+ eina_error_set(EINA_ERROR_OUT_OF_MEMORY);
+ return NULL;
+ }
- EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
+ EINA_MAGIC_SET(&it->iterator, EINA_MAGIC_ITERATOR);
- it->iterator.version = EINA_ITERATOR_VERSION;
- it->iterator.next = FUNC_ITERATOR_NEXT(eina_tile_grid_slicer_iterator_next);
- it->iterator.free = FUNC_ITERATOR_FREE(eina_tile_grid_slicer_iterator_free);
+ it->iterator.version = EINA_ITERATOR_VERSION;
+ it->iterator.next =
+ FUNC_ITERATOR_NEXT(eina_tile_grid_slicer_iterator_next);
+ it->iterator.free =
+ FUNC_ITERATOR_FREE(eina_tile_grid_slicer_iterator_free);
- eina_tile_grid_slicer_setup(&it->priv, x, y, w, h, tile_w, tile_h);
+ eina_tile_grid_slicer_setup(&it->priv, x, y, w, h, tile_w, tile_h);
- return &it->iterator;
+ return &it->iterator;
}
diff --git a/tests/suite/ecore/src/lib/eina_unicode.c b/tests/suite/ecore/src/lib/eina_unicode.c
index cef07fb4fa..d414ae9f83 100644
--- a/tests/suite/ecore/src/lib/eina_unicode.c
+++ b/tests/suite/ecore/src/lib/eina_unicode.c
@@ -25,63 +25,63 @@
* probably better to use the standard functions */
/* Maybe I'm too tired, but this is the only thing that actually worked. */
-const Eina_Unicode _EINA_UNICODE_EMPTY_STRING[1] = {0};
-EAPI const Eina_Unicode *EINA_UNICODE_EMPTY_STRING = _EINA_UNICODE_EMPTY_STRING;
+const Eina_Unicode _EINA_UNICODE_EMPTY_STRING[1] = { 0 };
+
+EAPI const Eina_Unicode *EINA_UNICODE_EMPTY_STRING =
+ _EINA_UNICODE_EMPTY_STRING;
/**
* @brief Same as the standard strcmp just with Eina_Unicode instead of char.
*/
EAPI int
-eina_unicode_strcmp(const Eina_Unicode *a, const Eina_Unicode *b)
+eina_unicode_strcmp(const Eina_Unicode * a, const Eina_Unicode * b)
{
- for (; *a && *a == *b; a++, b++)
- ;
- if (*a == *b)
- return 0;
- else if (*a < *b)
- return -1;
- else
- return 1;
+ for (; *a && *a == *b; a++, b++);
+ if (*a == *b)
+ return 0;
+ else if (*a < *b)
+ return -1;
+ else
+ return 1;
}
/**
* @brief Same as the standard strcpy just with Eina_Unicode instead of char.
*/
-EAPI Eina_Unicode *
-eina_unicode_strcpy(Eina_Unicode *dest, const Eina_Unicode *source)
+EAPI Eina_Unicode *eina_unicode_strcpy(Eina_Unicode * dest,
+ const Eina_Unicode * source)
{
- Eina_Unicode *ret = dest;
+ Eina_Unicode *ret = dest;
- while (*source)
- *dest++ = *source++;
- *dest = 0;
- return ret;
+ while (*source)
+ *dest++ = *source++;
+ *dest = 0;
+ return ret;
}
/**
* @brief Same as the standard strncpy just with Eina_Unicode instead of char.
*/
-EAPI Eina_Unicode *
-eina_unicode_strncpy(Eina_Unicode *dest, const Eina_Unicode *source, size_t n)
+EAPI Eina_Unicode *eina_unicode_strncpy(Eina_Unicode * dest,
+ const Eina_Unicode * source,
+ size_t n)
{
- Eina_Unicode *ret = dest;
+ Eina_Unicode *ret = dest;
- for ( ; n && *source ; n--)
- *dest++ = *source++;
- for (; n; n--)
- *dest++ = 0;
- return ret;
+ for (; n && *source; n--)
+ *dest++ = *source++;
+ for (; n; n--)
+ *dest++ = 0;
+ return ret;
}
/**
* @brief Same as the standard strlen just with Eina_Unicode instead of char.
*/
-EAPI size_t
-eina_unicode_strlen(const Eina_Unicode *ustr)
+EAPI size_t eina_unicode_strlen(const Eina_Unicode * ustr)
{
- const Eina_Unicode *end;
- for (end = ustr; *end; end++)
- ;
- return end - ustr;
+ const Eina_Unicode *end;
+ for (end = ustr; *end; end++);
+ return end - ustr;
}
/**
@@ -95,14 +95,12 @@ eina_unicode_strlen(const Eina_Unicode *ustr)
* @param n Max length to search
* @return Number of characters or n.
*/
-EAPI size_t
-eina_unicode_strnlen(const Eina_Unicode *ustr, int n)
+EAPI size_t eina_unicode_strnlen(const Eina_Unicode * ustr, int n)
{
- const Eina_Unicode *end;
- const Eina_Unicode *last = ustr + n; /* technically not portable ;-) */
- for (end = ustr; end < last && *end; end++)
- ;
- return end - ustr;
+ const Eina_Unicode *end;
+ const Eina_Unicode *last = ustr + n; /* technically not portable ;-) */
+ for (end = ustr; end < last && *end; end++);
+ return end - ustr;
}
@@ -111,66 +109,58 @@ eina_unicode_strnlen(const Eina_Unicode *ustr, int n)
/**
* @brief Same as the standard strdup just with Eina_Unicode instead of char.
*/
-EAPI Eina_Unicode *
-eina_unicode_strdup(const Eina_Unicode *text)
+EAPI Eina_Unicode *eina_unicode_strdup(const Eina_Unicode * text)
{
- Eina_Unicode *ustr;
- int len;
+ Eina_Unicode *ustr;
+ int len;
- len = eina_unicode_strlen(text);
- ustr = (Eina_Unicode *)calloc(len + 1, sizeof(Eina_Unicode));
- memcpy(ustr, text, len * sizeof(Eina_Unicode));
+ len = eina_unicode_strlen(text);
+ ustr = (Eina_Unicode *) calloc(len + 1, sizeof(Eina_Unicode));
+ memcpy(ustr, text, len * sizeof(Eina_Unicode));
- return ustr;
+ return ustr;
}
/**
* @brief Same as the standard strdup just with Eina_Unicode instead of char.
*/
-EAPI Eina_Unicode *
-eina_unicode_strstr(const Eina_Unicode *haystack, const Eina_Unicode *needle)
+EAPI Eina_Unicode *eina_unicode_strstr(const Eina_Unicode * haystack,
+ const Eina_Unicode * needle)
{
- const Eina_Unicode *i, *j;
+ const Eina_Unicode *i, *j;
- for (i = haystack; *i; i++)
- {
- haystack = i; /* set this location as the base position */
- for (j = needle; *j && *i && *j == *i; j++, i++)
- ;
+ for (i = haystack; *i; i++) {
+ haystack = i; /* set this location as the base position */
+ for (j = needle; *j && *i && *j == *i; j++, i++);
- if (!*j) /*if we got to the end of j this means we got a full match */
- {
- return (Eina_Unicode *)haystack; /* return the new base position */
- }
- }
+ if (!*j) { /*if we got to the end of j this means we got a full match */
+ return (Eina_Unicode *) haystack; /* return the new base position */
+ }
+ }
- return NULL;
+ return NULL;
}
/**
* @see eina_str_escape()
*/
-EAPI Eina_Unicode *
-eina_unicode_escape(const Eina_Unicode *str)
+EAPI Eina_Unicode *eina_unicode_escape(const Eina_Unicode * str)
{
- Eina_Unicode *s2, *d;
- const Eina_Unicode *s;
-
- s2 = malloc((eina_unicode_strlen(str) * 2) + 1);
- if (!s2)
- return NULL;
-
- for (s = str, d = s2; *s != 0; s++, d++)
- {
- if ((*s == ' ') || (*s == '\\') || (*s == '\''))
- {
- *d = '\\';
- d++;
- }
-
- *d = *s;
- }
- *d = 0;
- return s2;
+ Eina_Unicode *s2, *d;
+ const Eina_Unicode *s;
+
+ s2 = malloc((eina_unicode_strlen(str) * 2) + 1);
+ if (!s2)
+ return NULL;
+
+ for (s = str, d = s2; *s != 0; s++, d++) {
+ if ((*s == ' ') || (*s == '\\') || (*s == '\'')) {
+ *d = '\\';
+ d++;
+ }
+
+ *d = *s;
+ }
+ *d = 0;
+ return s2;
}
-
diff --git a/tests/suite/ecore/src/lib/eina_ustrbuf.c b/tests/suite/ecore/src/lib/eina_ustrbuf.c
index 7df5b1603b..f571ef61a6 100644
--- a/tests/suite/ecore/src/lib/eina_ustrbuf.c
+++ b/tests/suite/ecore/src/lib/eina_ustrbuf.c
@@ -1,5 +1,5 @@
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include "eina_strbuf_common.h"
@@ -15,35 +15,35 @@
*/
#ifdef _STRBUF_DATA_TYPE
-# undef _STRBUF_DATA_TYPE
+#undef _STRBUF_DATA_TYPE
#endif
#ifdef _STRBUF_CSIZE
-# undef _STRBUF_CSIZE
+#undef _STRBUF_CSIZE
#endif
#ifdef _STRBUF_STRUCT_NAME
-# undef _STRBUF_STRUCT_NAME
+#undef _STRBUF_STRUCT_NAME
#endif
#ifdef _STRBUF_STRLEN_FUNC
-# undef _STRBUF_STRLEN_FUNC
+#undef _STRBUF_STRLEN_FUNC
#endif
#ifdef _STRBUF_STRESCAPE_FUNC
-# undef _STRBUF_STRESCAPE_FUNC
+#undef _STRBUF_STRESCAPE_FUNC
#endif
#ifdef _STRBUF_MAGIC
-# undef _STRBUF_MAGIC
+#undef _STRBUF_MAGIC
#endif
#ifdef _STRBUF_MAGIC_STR
-# undef _STRBUF_MAGIC_STR
+#undef _STRBUF_MAGIC_STR
#endif
#ifdef _FUNC_EXPAND
-# undef _FUNC_EXPAND
+#undef _FUNC_EXPAND
#endif
#define _STRBUF_DATA_TYPE Eina_Unicode
diff --git a/tests/suite/ecore/src/lib/eina_ustringshare.c b/tests/suite/ecore/src/lib/eina_ustringshare.c
index 8fe18c8968..11f9f7a136 100644
--- a/tests/suite/ecore/src/lib/eina_ustringshare.c
+++ b/tests/suite/ecore/src/lib/eina_ustringshare.c
@@ -34,7 +34,8 @@
/* The actual share */
static Eina_Share *ustringshare_share;
-static const char EINA_MAGIC_USTRINGSHARE_NODE_STR[] = "Eina UStringshare Node";
+static const char EINA_MAGIC_USTRINGSHARE_NODE_STR[] =
+ "Eina UStringshare Node";
/*============================================================================*
* Global *
@@ -51,12 +52,11 @@ static const char EINA_MAGIC_USTRINGSHARE_NODE_STR[] = "Eina UStringshare Node";
*
* @see eina_init()
*/
-Eina_Bool
-eina_ustringshare_init(void)
+Eina_Bool eina_ustringshare_init(void)
{
- return eina_share_common_init(&ustringshare_share,
- EINA_MAGIC_USTRINGSHARE_NODE,
- EINA_MAGIC_USTRINGSHARE_NODE_STR);
+ return eina_share_common_init(&ustringshare_share,
+ EINA_MAGIC_USTRINGSHARE_NODE,
+ EINA_MAGIC_USTRINGSHARE_NODE_STR);
}
/**
@@ -70,12 +70,11 @@ eina_ustringshare_init(void)
*
* @see eina_shutdown()
*/
-Eina_Bool
-eina_ustringshare_shutdown(void)
+Eina_Bool eina_ustringshare_shutdown(void)
{
- Eina_Bool ret;
- ret = eina_share_common_shutdown(&ustringshare_share);
- return ret;
+ Eina_Bool ret;
+ ret = eina_share_common_shutdown(&ustringshare_share);
+ return ret;
}
/*============================================================================*
@@ -118,13 +117,12 @@ eina_ustringshare_shutdown(void)
* Note that if the given pointer is not shared or NULL, bad things
* will happen, likely a segmentation fault.
*/
-EAPI void
-eina_ustringshare_del(const Eina_Unicode *str)
+EAPI void eina_ustringshare_del(const Eina_Unicode * str)
{
- if (!str)
- return;
+ if (!str)
+ return;
- eina_share_common_del(ustringshare_share,(const char *)str);
+ eina_share_common_del(ustringshare_share, (const char *) str);
}
/**
@@ -147,16 +145,15 @@ eina_ustringshare_del(const Eina_Unicode *str)
*
* @see eina_ustringshare_add()
*/
-EAPI const Eina_Unicode *
-eina_ustringshare_add_length(const Eina_Unicode *str, unsigned int slen)
+EAPI const Eina_Unicode *eina_ustringshare_add_length(const Eina_Unicode *
+ str,
+ unsigned int slen)
{
- return (const Eina_Unicode *)eina_share_common_add_length(ustringshare_share,
- (const char *)str,
- slen *
- sizeof(
- Eina_Unicode),
- sizeof(
- Eina_Unicode));
+ return (const Eina_Unicode *)
+ eina_share_common_add_length(ustringshare_share,
+ (const char *) str,
+ slen * sizeof(Eina_Unicode),
+ sizeof(Eina_Unicode));
}
/**
@@ -178,11 +175,10 @@ eina_ustringshare_add_length(const Eina_Unicode *str, unsigned int slen)
*
* @see eina_ustringshare_add_length()
*/
-EAPI const Eina_Unicode *
-eina_ustringshare_add(const Eina_Unicode *str)
+EAPI const Eina_Unicode *eina_ustringshare_add(const Eina_Unicode * str)
{
- int slen = (str) ? (int)eina_unicode_strlen(str) : -1;
- return eina_ustringshare_add_length(str, slen);
+ int slen = (str) ? (int) eina_unicode_strlen(str) : -1;
+ return eina_ustringshare_add_length(str, slen);
}
/**
@@ -199,11 +195,10 @@ eina_ustringshare_add(const Eina_Unicode *str)
*
* There is no unref since this is the work of eina_ustringshare_del().
*/
-EAPI const Eina_Unicode *
-eina_ustringshare_ref(const Eina_Unicode *str)
+EAPI const Eina_Unicode *eina_ustringshare_ref(const Eina_Unicode * str)
{
- return (const Eina_Unicode *)eina_share_common_ref(ustringshare_share,
- (const char *)str);
+ return (const Eina_Unicode *)
+ eina_share_common_ref(ustringshare_share, (const char *) str);
}
/**
@@ -217,12 +212,13 @@ eina_ustringshare_ref(const Eina_Unicode *str)
* things will happen, likely a segmentation fault. If in doubt, try
* strlen().
*/
-EAPI int
-eina_ustringshare_strlen(const Eina_Unicode *str)
+EAPI int eina_ustringshare_strlen(const Eina_Unicode * str)
{
- int len = eina_share_common_length(ustringshare_share, (const char *)str);
- len = (len > 0) ? len / (int)sizeof(Eina_Unicode) : -1;
- return len;
+ int len =
+ eina_share_common_length(ustringshare_share,
+ (const char *) str);
+ len = (len > 0) ? len / (int) sizeof(Eina_Unicode) : -1;
+ return len;
}
/**
@@ -231,13 +227,11 @@ eina_ustringshare_strlen(const Eina_Unicode *str)
* This function dumps all strings in the share_common to stdout with a
* DDD: prefix per line and a memory usage summary.
*/
-EAPI void
-eina_ustringshare_dump(void)
+EAPI void eina_ustringshare_dump(void)
{
- eina_share_common_dump(ustringshare_share, NULL, 0);
+ eina_share_common_dump(ustringshare_share, NULL, 0);
}
/**
* @}
*/
-
diff --git a/tests/suite/ecore/src/lib/eina_value.c b/tests/suite/ecore/src/lib/eina_value.c
index 554f907d6d..7115a3063a 100644
--- a/tests/suite/ecore/src/lib/eina_value.c
+++ b/tests/suite/ecore/src/lib/eina_value.c
@@ -25,7 +25,7 @@
*/
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include "eina_config.h"
@@ -39,9 +39,9 @@
* API *
*============================================================================*/
-EAPI const unsigned int eina_prime_table[] =
-{
- 17, 31, 61, 127, 257, 509, 1021,
- 2053, 4093, 8191, 16381, 32771, 65537, 131071, 262147, 524287, 1048573,
- 2097143, 4194301, 8388617, 16777213
+EAPI const unsigned int eina_prime_table[] = {
+ 17, 31, 61, 127, 257, 509, 1021,
+ 2053, 4093, 8191, 16381, 32771, 65537, 131071, 262147, 524287,
+ 1048573,
+ 2097143, 4194301, 8388617, 16777213
};
diff --git a/tests/suite/mini-eagain2.c b/tests/suite/mini-eagain2.c
index 11a91a4ddb..9346041fdf 100644
--- a/tests/suite/mini-eagain2.c
+++ b/tests/suite/mini-eagain2.c
@@ -24,186 +24,194 @@
static int done = 0;
#if 0
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf(stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
#endif
-static const char*
-SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_description_t status)
+static const char
+ *SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_description_t
+ status)
{
- switch (status)
- {
- case GNUTLS_HANDSHAKE_HELLO_REQUEST:
- return "Hello request";
- case GNUTLS_HANDSHAKE_CLIENT_HELLO:
- return "Client hello";
- case GNUTLS_HANDSHAKE_SERVER_HELLO:
- return "Server hello";
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
- return "Certificate packet";
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
- return "Server key exchange";
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
- return "Certificate request";
- case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
- return "Server hello done";
- case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
- return "Certificate verify";
- case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
- return "Client key exchange";
- case GNUTLS_HANDSHAKE_FINISHED:
- return "Finished";
- case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
- return "Supplemental";
- default:
- return NULL;
- }
- return NULL;
+ switch (status) {
+ case GNUTLS_HANDSHAKE_HELLO_REQUEST:
+ return "Hello request";
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+ return "Client hello";
+ case GNUTLS_HANDSHAKE_SERVER_HELLO:
+ return "Server hello";
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+ return "Certificate packet";
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
+ return "Server key exchange";
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
+ return "Certificate request";
+ case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
+ return "Server hello done";
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ return "Certificate verify";
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ return "Client key exchange";
+ case GNUTLS_HANDSHAKE_FINISHED:
+ return "Finished";
+ case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
+ return "Supplemental";
+ default:
+ return NULL;
+ }
+ return NULL;
}
/* Connects to the peer and returns a socket
* descriptor.
*/
-static int
-tcp_connect (void)
+static int tcp_connect(void)
{
- const char *PORT = "4445";
- const char *SERVER = "127.0.0.1"; //verisign.com
- int err, sd;
- int flag = 1, curstate = 0;
- struct sockaddr_in sa;
-
- /* sets some fd options such as nonblock */
- sd = socket (AF_INET, SOCK_STREAM, 0);
- fcntl(sd, F_SETFL, O_NONBLOCK);
- fcntl(sd, F_SETFD, FD_CLOEXEC);
- setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, (const void *)&curstate, sizeof(curstate));
-
- setsockopt(sd, IPPROTO_TCP, TCP_NODELAY, (char *)&flag, sizeof(int));
-
- memset (&sa, '\0', sizeof (sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (atoi (PORT));
- inet_pton (AF_INET, SERVER, &sa.sin_addr);
-
- /* connects to server
- */
- err = connect (sd, (struct sockaddr *) &sa, sizeof (sa));
- if ((err < 0) && (errno != EINPROGRESS))
- {
- print("Connect error\n");
- exit (1);
- }
-
- return sd;
+ const char *PORT = "4445";
+ const char *SERVER = "127.0.0.1"; //verisign.com
+ int err, sd;
+ int flag = 1, curstate = 0;
+ struct sockaddr_in sa;
+
+ /* sets some fd options such as nonblock */
+ sd = socket(AF_INET, SOCK_STREAM, 0);
+ fcntl(sd, F_SETFL, O_NONBLOCK);
+ fcntl(sd, F_SETFD, FD_CLOEXEC);
+ setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, (const void *) &curstate,
+ sizeof(curstate));
+
+ setsockopt(sd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag,
+ sizeof(int));
+
+ memset(&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons(atoi(PORT));
+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
+
+ /* connects to server
+ */
+ err = connect(sd, (struct sockaddr *) &sa, sizeof(sa));
+ if ((err < 0) && (errno != EINPROGRESS)) {
+ print("Connect error\n");
+ exit(1);
+ }
+
+ return sd;
}
/* closes the given socket descriptor.
*/
-static void
-tcp_close (int sd)
+static void tcp_close(int sd)
{
- shutdown (sd, SHUT_RDWR); /* no more receptions */
- close (sd);
+ shutdown(sd, SHUT_RDWR); /* no more receptions */
+ close(sd);
}
static Eina_Bool
-_process_data(gnutls_session_t client, Ecore_Fd_Handler *fd_handler)
+_process_data(gnutls_session_t client, Ecore_Fd_Handler * fd_handler)
{
- static int ret, lastret;
- static unsigned int count = 0;
-
- if (!done)
- {
- lastret = ret;
- ret = gnutls_handshake (client);
- count++;
- if (gnutls_record_get_direction(client))
- ecore_main_fd_handler_active_set(fd_handler, ECORE_FD_WRITE);
- else
- ecore_main_fd_handler_active_set(fd_handler, ECORE_FD_READ);
- /* avoid printing messages infinity times */
- if (lastret != ret && ret != 0 && ret != GNUTLS_E_AGAIN)
- {
- print("gnutls returned with: %s - %s", gnutls_strerror_name(ret), gnutls_strerror(ret));
- if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) || (ret == GNUTLS_E_FATAL_ALERT_RECEIVED))
- print("Also received alert: %s", gnutls_alert_get_name(gnutls_alert_get(client)));
- print("last out: %s", SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_get_last_out(client)));
- print("last in: %s", SSL_GNUTLS_PRINT_HANDSHAKE_STATUS(gnutls_handshake_get_last_in(client)));
- }
-
- if (gnutls_error_is_fatal(ret))
- {
- print("yarrr this be an error!");
- exit(1);
- }
-
- }
- if (ret == GNUTLS_E_SUCCESS)
- {
- done = 1;
- //print("Handshake successful in %u handshake calls!", count);
- ecore_main_loop_quit();
- }
-
- return ECORE_CALLBACK_RENEW;
+ static int ret, lastret;
+ static unsigned int count = 0;
+
+ if (!done) {
+ lastret = ret;
+ ret = gnutls_handshake(client);
+ count++;
+ if (gnutls_record_get_direction(client))
+ ecore_main_fd_handler_active_set(fd_handler,
+ ECORE_FD_WRITE);
+ else
+ ecore_main_fd_handler_active_set(fd_handler,
+ ECORE_FD_READ);
+ /* avoid printing messages infinity times */
+ if (lastret != ret && ret != 0 && ret != GNUTLS_E_AGAIN) {
+ print("gnutls returned with: %s - %s",
+ gnutls_strerror_name(ret),
+ gnutls_strerror(ret));
+ if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
+ || (ret == GNUTLS_E_FATAL_ALERT_RECEIVED))
+ print("Also received alert: %s",
+ gnutls_alert_get_name
+ (gnutls_alert_get(client)));
+ print("last out: %s",
+ SSL_GNUTLS_PRINT_HANDSHAKE_STATUS
+ (gnutls_handshake_get_last_out(client)));
+ print("last in: %s",
+ SSL_GNUTLS_PRINT_HANDSHAKE_STATUS
+ (gnutls_handshake_get_last_in(client)));
+ }
+
+ if (gnutls_error_is_fatal(ret)) {
+ print("yarrr this be an error!");
+ exit(1);
+ }
+
+ }
+ if (ret == GNUTLS_E_SUCCESS) {
+ done = 1;
+ //print("Handshake successful in %u handshake calls!", count);
+ ecore_main_loop_quit();
+ }
+
+ return ECORE_CALLBACK_RENEW;
}
-int
-main (void)
+int main(void)
{
- /* credentials */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_certificate_credentials_t c_certcred;
-
- gnutls_session_t client;
- int sd, i;
-
- /* General init. */
- global_init ();
- ecore_init();
+ /* credentials */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_certificate_credentials_t c_certcred;
+
+ gnutls_session_t client;
+ int sd, i;
+
+ /* General init. */
+ global_init();
+ ecore_init();
// gnutls_global_set_log_function (tls_log_func);
// gnutls_global_set_log_level (2);
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_certificate_allocate_credentials (&c_certcred);
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_certificate_allocate_credentials(&c_certcred);
+
+ for (i = 0; i < 5; i++) {
- for (i=0;i<5;i++)
- {
+ gnutls_init(&client, GNUTLS_CLIENT);
+ /* set very specific priorities */
+ gnutls_priority_set_direct(client, "NORMAL:+ANON-DH",
+ NULL);
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON,
+ c_anoncred);
+ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+ c_certcred);
+ gnutls_server_name_set(client, GNUTLS_NAME_DNS,
+ "localhost", strlen("localhost"));
- gnutls_init (&client, GNUTLS_CLIENT);
- /* set very specific priorities */
- gnutls_priority_set_direct(client, "NORMAL:+ANON-DH", NULL);
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, c_certcred);
- gnutls_server_name_set(client, GNUTLS_NAME_DNS, "localhost", strlen("localhost"));
+ /* connect to the peer
+ */
+ sd = tcp_connect();
- /* connect to the peer
- */
- sd = tcp_connect ();
+ /* associate gnutls with socket */
+ gnutls_transport_set_int(client, sd);
+ /* add a callback for data being available for send/receive on socket */
+ if (!ecore_main_fd_handler_add
+ (sd, ECORE_FD_READ | ECORE_FD_WRITE,
+ (Ecore_Fd_Cb) _process_data, client, NULL, NULL)) {
+ print("could not create fd handler!");
+ exit(1);
+ }
+ /* begin main loop */
+ ecore_main_loop_begin();
- /* associate gnutls with socket */
- gnutls_transport_set_int (client, sd);
- /* add a callback for data being available for send/receive on socket */
- if (!ecore_main_fd_handler_add(sd, ECORE_FD_READ | ECORE_FD_WRITE, (Ecore_Fd_Cb)_process_data, client, NULL, NULL))
- {
- print("could not create fd handler!");
- exit(1);
- }
- /* begin main loop */
- ecore_main_loop_begin();
+ gnutls_bye(client, GNUTLS_SHUT_RDWR);
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_deinit(client);
- gnutls_deinit (client);
+ tcp_close(sd);
+ }
- tcp_close (sd);
- }
-
- return 0;
+ return 0;
}
diff --git a/tests/suite/mini-record-timing.c b/tests/suite/mini-record-timing.c
index 849a8c2e6c..215c0933d5 100644
--- a/tests/suite/mini-record-timing.c
+++ b/tests/suite/mini-record-timing.c
@@ -31,7 +31,7 @@
int main()
{
- exit(77);
+ exit(77);
}
#else
@@ -53,16 +53,14 @@ int main()
#include <sys/resource.h>
#ifdef DEBUG
-static void
-server_log_func (int level, const char *str)
+static void server_log_func(int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+ fprintf(stderr, "server|<%d>| %s", level, str);
}
-static void
-client_log_func (int level, const char *str)
+static void client_log_func(int level, const char *str)
{
- fprintf (stderr, "client|<%d>| %s", level, str);
+ fprintf(stderr, "client|<%d>| %s", level, str);
}
#endif
@@ -73,35 +71,34 @@ client_log_func (int level, const char *str)
*/
static unsigned char server_cert_pem[] =
-"-----BEGIN CERTIFICATE-----\n"
-"MIIBeTCCASWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwROb25l\n"
-"MCIYDzIwMTMwMTE5MTA0MDAwWhgPMjA0MDA2MDUxMDQwMDBaMA8xDTALBgNVBAMT\n"
-"BE5vbmUwWTANBgkqhkiG9w0BAQEFAANIADBFAj4Bh52/b3FNXDdICg1Obqu9ivW+\n"
-"PGJ89mNsX3O9S/aclnx5Ozw9MC1UJuZ2UEHl27YVmm4xG/y3nKUNevZjKwIDAQAB\n"
-"o2swaTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUE\n"
-"DDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRhEgmVCi6c\n"
-"hhRQvMzfEXqLKTRxcTANBgkqhkiG9w0BAQsFAAM/AADMi31wr0Tp2SJUCuQjFVCb\n"
-"JDleomTayOWVS/afCyAUxYjqFfUFSZ8sYN3zAgnXt5DYO3VclIlax4n6iXOg\n"
-"-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBeTCCASWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwROb25l\n"
+ "MCIYDzIwMTMwMTE5MTA0MDAwWhgPMjA0MDA2MDUxMDQwMDBaMA8xDTALBgNVBAMT\n"
+ "BE5vbmUwWTANBgkqhkiG9w0BAQEFAANIADBFAj4Bh52/b3FNXDdICg1Obqu9ivW+\n"
+ "PGJ89mNsX3O9S/aclnx5Ozw9MC1UJuZ2UEHl27YVmm4xG/y3nKUNevZjKwIDAQAB\n"
+ "o2swaTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUE\n"
+ "DDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRhEgmVCi6c\n"
+ "hhRQvMzfEXqLKTRxcTANBgkqhkiG9w0BAQsFAAM/AADMi31wr0Tp2SJUCuQjFVCb\n"
+ "JDleomTayOWVS/afCyAUxYjqFfUFSZ8sYN3zAgnXt5DYO3VclIlax4n6iXOg\n"
+ "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
-"-----BEGIN RSA PRIVATE KEY-----\n"
-"MIIBLAIBAAI+AYedv29xTVw3SAoNTm6rvYr1vjxifPZjbF9zvUv2nJZ8eTs8PTAt\n"
-"VCbmdlBB5du2FZpuMRv8t5ylDXr2YysCAwEAAQI9EPt8Q77sFeWn0BfHoPD9pTsG\n"
-"5uN2e9DP8Eu6l8K4AcOuEsEkqZzvxgqZPA68pw8BZ5xKINMFdRPHmrX/cQIfHsdq\n"
-"aMDYR/moqgj8MbupqOr/48iorTk/D//2lgAMnwIfDLk3UWGvPiv6fNTlEnTgVn6o\n"
-"TdL0mvpkixebQ5RR9QIfHDjkRGtXph+xXUBh50RZXE8nFfl/WV7diVE+DOq8pwIf\n"
-"BxdOwjdsAH1oLBxG0sN6qBoM2NrCYoE8edydNsu55QIfEWsrlJnO/t0GzHy7qWdV\n"
-"zi9JMPu9MTDhOGmqPQO7Xw==\n"
-"-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIBLAIBAAI+AYedv29xTVw3SAoNTm6rvYr1vjxifPZjbF9zvUv2nJZ8eTs8PTAt\n"
+ "VCbmdlBB5du2FZpuMRv8t5ylDXr2YysCAwEAAQI9EPt8Q77sFeWn0BfHoPD9pTsG\n"
+ "5uN2e9DP8Eu6l8K4AcOuEsEkqZzvxgqZPA68pw8BZ5xKINMFdRPHmrX/cQIfHsdq\n"
+ "aMDYR/moqgj8MbupqOr/48iorTk/D//2lgAMnwIfDLk3UWGvPiv6fNTlEnTgVn6o\n"
+ "TdL0mvpkixebQ5RR9QIfHDjkRGtXph+xXUBh50RZXE8nFfl/WV7diVE+DOq8pwIf\n"
+ "BxdOwjdsAH1oLBxG0sN6qBoM2NrCYoE8edydNsu55QIfEWsrlJnO/t0GzHy7qWdV\n"
+ "zi9JMPu9MTDhOGmqPQO7Xw==\n" "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
@@ -114,20 +111,20 @@ const gnutls_datum_t server_key = { server_key_pem,
#define MAX_BUF 1024
struct point_st {
- unsigned char byte1;
- unsigned char byte2;
- unsigned midx;
- unsigned long *measurements;
- unsigned long *smeasurements;
+ unsigned char byte1;
+ unsigned char byte2;
+ unsigned midx;
+ unsigned long *measurements;
+ unsigned long *smeasurements;
};
struct test_st {
- struct point_st* points;
- unsigned int npoints;
- const char* desc;
- const char* file;
- const char* name;
- unsigned text_size;
+ struct point_st *points;
+ unsigned int npoints;
+ const char *desc;
+ const char *file;
+ const char *name;
+ unsigned text_size;
};
struct point_st *prev_point_ptr = NULL;
@@ -137,465 +134,477 @@ static gnutls_session_t cli_session = NULL;
static ssize_t
push(gnutls_transport_ptr_t tr, const void *_data, size_t len)
{
-int fd = (long int)tr;
-
- return send(fd, _data, len, 0);
+ int fd = (long int) tr;
+
+ return send(fd, _data, len, 0);
}
static ssize_t
-push_crippled (gnutls_transport_ptr_t tr, const void *_data, size_t len)
+push_crippled(gnutls_transport_ptr_t tr, const void *_data, size_t len)
{
-int fd = (long int)tr;
-unsigned char* data = (void*)_data;
-struct point_st * p;
-unsigned p_size;
-struct test_st * test = gnutls_session_get_ptr(cli_session);
-
- p = &test->points[point_idx];
- p_size = test->npoints;
+ int fd = (long int) tr;
+ unsigned char *data = (void *) _data;
+ struct point_st *p;
+ unsigned p_size;
+ struct test_st *test = gnutls_session_get_ptr(cli_session);
- memcpy(&data[len-32], data+5, 32);
+ p = &test->points[point_idx];
+ p_size = test->npoints;
+
+ memcpy(&data[len - 32], data + 5, 32);
/*fprintf(stderr, "sending: %d: %d\n", (unsigned)p->byte1, (int)len);*/
- data[len-17] ^= p->byte1;
- data[len-18] ^= p->byte2;
-
- prev_point_ptr = p;
- point_idx++;
- if (point_idx >= p_size)
- point_idx = 0;
-
- return send(fd, data, len, 0);
+ data[len - 17] ^= p->byte1;
+ data[len - 18] ^= p->byte2;
+
+ prev_point_ptr = p;
+ point_idx++;
+ if (point_idx >= p_size)
+ point_idx = 0;
+
+ return send(fd, data, len, 0);
}
-static unsigned long timespec_sub_ns(struct timespec *a, struct timespec *b)
+static unsigned long timespec_sub_ns(struct timespec *a,
+ struct timespec *b)
{
- return (a->tv_sec*1000*1000*1000 + a->tv_nsec - (b->tv_sec*1000*1000*1000 +
- b->tv_nsec));
+ return (a->tv_sec * 1000 * 1000 * 1000 + a->tv_nsec -
+ (b->tv_sec * 1000 * 1000 * 1000 + b->tv_nsec));
}
static
double calc_avg(unsigned long *diffs, unsigned int diffs_size)
{
-double avg = 0;
-unsigned int i;
-unsigned int start = diffs_size/20;
-unsigned int stop = diffs_size-diffs_size/20;
+ double avg = 0;
+ unsigned int i;
+ unsigned int start = diffs_size / 20;
+ unsigned int stop = diffs_size - diffs_size / 20;
+
+ for (i = start; i < stop; i++)
+ avg += diffs[i];
- for(i=start;i<stop;i++)
- avg += diffs[i];
-
- avg /= (stop-start);
+ avg /= (stop - start);
- return avg;
+ return avg;
}
-static int compar(const void* _a, const void* _b)
+static int compar(const void *_a, const void *_b)
{
- unsigned long a, b;
-
- a = *((unsigned long*)_a);
- b = *((unsigned long*)_b);
-
- if (a < b)
- return -1;
- else if (a==b)
- return 0;
- else
- return 1;
+ unsigned long a, b;
+
+ a = *((unsigned long *) _a);
+ b = *((unsigned long *) _b);
+
+ if (a < b)
+ return -1;
+ else if (a == b)
+ return 0;
+ else
+ return 1;
}
static
double calc_median(unsigned long *diffs, unsigned int diffs_size)
{
-double med;
+ double med;
- if (diffs_size % 2 == 1)
- med = diffs[diffs_size/2];
- else
- {
- med = diffs[diffs_size/2] + diffs[(diffs_size-1)/2];
- med /= 2;
- }
+ if (diffs_size % 2 == 1)
+ med = diffs[diffs_size / 2];
+ else {
+ med = diffs[diffs_size / 2] + diffs[(diffs_size - 1) / 2];
+ med /= 2;
+ }
- return med;
+ return med;
}
#if 0
static
unsigned long calc_min(unsigned long *diffs, unsigned int diffs_size)
{
-unsigned long min = 0, i;
-unsigned int start = diffs_size/20;
-unsigned int stop = diffs_size-diffs_size/20;
-
-
- for (i=start;i<stop;i++) {
- if (min == 0)
- min = diffs[i];
- else if (diffs[i] < min)
- min = diffs[i];
- }
- return min;
+ unsigned long min = 0, i;
+ unsigned int start = diffs_size / 20;
+ unsigned int stop = diffs_size - diffs_size / 20;
+
+
+ for (i = start; i < stop; i++) {
+ if (min == 0)
+ min = diffs[i];
+ else if (diffs[i] < min)
+ min = diffs[i];
+ }
+ return min;
}
static
double calc_var(unsigned long *diffs, unsigned int diffs_size, double avg)
{
-double sum = 0, d;
-unsigned int i;
-unsigned int start = diffs_size/20;
-unsigned int stop = diffs_size-diffs_size/20;
-
- for (i=start;i<stop;i++) {
- d = ((double)diffs[i] - avg);
- d *= d;
-
- sum += d;
- }
- sum /= diffs_size - 1;
-
- return sum;
+ double sum = 0, d;
+ unsigned int i;
+ unsigned int start = diffs_size / 20;
+ unsigned int stop = diffs_size - diffs_size / 20;
+
+ for (i = start; i < stop; i++) {
+ d = ((double) diffs[i] - avg);
+ d *= d;
+
+ sum += d;
+ }
+ sum /= diffs_size - 1;
+
+ return sum;
}
#endif
static void
-client (int fd, const char* prio, unsigned int text_size, struct test_st *test)
+client(int fd, const char *prio, unsigned int text_size,
+ struct test_st *test)
{
- int ret;
- char buffer[MAX_BUF + 1];
- char text[text_size];
- gnutls_certificate_credentials_t x509_cred;
- gnutls_session_t session;
- struct timespec start, stop;
- static unsigned long taken = 0;
- static unsigned long measurement;
- const char* err;
-
- global_init ();
-
- setpriority(PRIO_PROCESS, getpid(), -15);
-
- memset(text, 0, text_size);
+ int ret;
+ char buffer[MAX_BUF + 1];
+ char text[text_size];
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_session_t session;
+ struct timespec start, stop;
+ static unsigned long taken = 0;
+ static unsigned long measurement;
+ const char *err;
+
+ global_init();
+
+ setpriority(PRIO_PROCESS, getpid(), -15);
+
+ memset(text, 0, text_size);
#ifdef DEBUG
- gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (6);
+ gnutls_global_set_log_function(client_log_func);
+ gnutls_global_set_log_level(6);
#endif
- gnutls_certificate_allocate_credentials (&x509_cred);
+ gnutls_certificate_allocate_credentials(&x509_cred);
#ifdef REHANDSHAKE
-restart:
+ restart:
#endif
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
- gnutls_session_set_ptr(session, test);
- cli_session = session;
-
- /* Use default priorities */
- if ((ret=gnutls_priority_set_direct (session, prio, &err)) < 0) {
- fprintf(stderr, "Error in priority string %s: %s\n", gnutls_strerror(ret), err);
- exit(1);
- }
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- gnutls_transport_set_int (session, fd);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "client: Handshake failed\n");
- gnutls_perror (ret);
- exit(1);
- }
-
- ret = gnutls_protocol_get_version(session);
- if (ret < GNUTLS_TLS1_1)
- {
- fprintf (stderr, "client: Handshake didn't negotiate TLS 1.1 (or later)\n");
- exit(1);
- }
-
- gnutls_transport_set_push_function (session, push_crippled);
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+ gnutls_session_set_ptr(session, test);
+ cli_session = session;
+
+ /* Use default priorities */
+ if ((ret = gnutls_priority_set_direct(session, prio, &err)) < 0) {
+ fprintf(stderr, "Error in priority string %s: %s\n",
+ gnutls_strerror(ret), err);
+ exit(1);
+ }
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ gnutls_transport_set_int(session, fd);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "client: Handshake failed\n");
+ gnutls_perror(ret);
+ exit(1);
+ }
+
+ ret = gnutls_protocol_get_version(session);
+ if (ret < GNUTLS_TLS1_1) {
+ fprintf(stderr,
+ "client: Handshake didn't negotiate TLS 1.1 (or later)\n");
+ exit(1);
+ }
+
+ gnutls_transport_set_push_function(session, push_crippled);
#ifndef REHANDSHAKE
-restart:
+ restart:
#endif
- do {
- ret = gnutls_record_send (session, text, sizeof(text));
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- /* measure peer's processing time */
- clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &start);
+ do {
+ ret = gnutls_record_send(session, text, sizeof(text));
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+ /* measure peer's processing time */
+ clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &start);
#define TLS_RECV
#ifdef TLS_RECV
- do {
- ret = gnutls_record_recv(session, buffer, sizeof(buffer));
- } while(ret < 0 && (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED));
+ do {
+ ret = gnutls_record_recv(session, buffer, sizeof(buffer));
+ } while (ret < 0
+ && (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED));
#else
- do {
- ret = recv(fd, buffer, sizeof(buffer), 0);
- } while(ret == -1 && errno == EAGAIN);
+ do {
+ ret = recv(fd, buffer, sizeof(buffer), 0);
+ } while (ret == -1 && errno == EAGAIN);
#endif
- if (taken < MAX_MEASUREMENTS(test->npoints) && ret > 0)
- {
- clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &stop);
- taken++;
- measurement = timespec_sub_ns(&stop, &start);
- prev_point_ptr->measurements[prev_point_ptr->midx] = measurement;
+ if (taken < MAX_MEASUREMENTS(test->npoints) && ret > 0) {
+ clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &stop);
+ taken++;
+ measurement = timespec_sub_ns(&stop, &start);
+ prev_point_ptr->measurements[prev_point_ptr->midx] =
+ measurement;
/*fprintf(stderr, "(%u,%u): %lu\n", (unsigned) prev_point_ptr->byte1,
(unsigned) prev_point_ptr->byte2, measurements[taken]);*/
- memcpy(&measurement, buffer, sizeof(measurement));
- prev_point_ptr->smeasurements[prev_point_ptr->midx] = measurement;
- prev_point_ptr->midx++;
+ memcpy(&measurement, buffer, sizeof(measurement));
+ prev_point_ptr->smeasurements[prev_point_ptr->midx] =
+ measurement;
+ prev_point_ptr->midx++;
+
+ /* read server's measurement */
- /* read server's measurement */
-
#ifdef REHANDSHAKE
- gnutls_deinit(session);
-#endif
- goto restart;
- }
+ gnutls_deinit(session);
+#endif
+ goto restart;
+ }
#ifndef TLS_RECV
- else if (ret < 0)
- {
- fprintf(stderr, "Error in recv()\n");
- exit(1);
- }
+ else if (ret < 0) {
+ fprintf(stderr, "Error in recv()\n");
+ exit(1);
+ }
#endif
- gnutls_transport_set_push_function (session, push);
-
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- {
- double avg2, med, savg, smed;
- unsigned i;
- FILE* fp = NULL;
-
- if (test->file)
- fp = fopen(test->file, "w");
-
- if (fp) /* point, avg, median */
- fprintf(fp, "Delta,TimeAvg,TimeMedian,ServerAvg,ServerMedian\n");
-
- for (i=0;i<test->npoints;i++)
- {
- qsort( test->points[i].measurements, test->points[i].midx,
- sizeof(test->points[i].measurements[0]), compar);
-
- qsort( test->points[i].smeasurements, test->points[i].midx,
- sizeof(test->points[i].smeasurements[0]), compar);
-
- avg2 = calc_avg( test->points[i].measurements, test->points[i].midx);
- /*var = calc_var( test->points[i].measurements, test->points[i].midx, avg2);*/
- med = calc_median( test->points[i].measurements, test->points[i].midx);
-
- savg = calc_avg( test->points[i].smeasurements, test->points[i].midx);
- /*var = calc_var( test->points[i].measurements, test->points[i].midx, avg2);*/
- smed = calc_median( test->points[i].smeasurements, test->points[i].midx);
- /*min = calc_min( test->points[i].measurements, test->points[i].midx);*/
-
- if (fp) /* point, avg, median */
- fprintf(fp, "%u,%.2lf,%.2lf,%.2lf,%.2lf\n", (unsigned)test->points[i].byte1,
- avg2,med,savg, smed);
-
- /*printf("(%u) Avg: %.3f nanosec, Median: %.3f, Variance: %.3f\n", (unsigned)test->points[i].byte1,
- avg2, med, var);*/
- }
-
- if (fp)
- fclose(fp);
- }
-
- if (test->desc)
- fprintf(stderr, "Description: %s\n", test->desc);
-
- close (fd);
-
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_global_deinit ();
+ gnutls_transport_set_push_function(session, push);
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ {
+ double avg2, med, savg, smed;
+ unsigned i;
+ FILE *fp = NULL;
+
+ if (test->file)
+ fp = fopen(test->file, "w");
+
+ if (fp) /* point, avg, median */
+ fprintf(fp,
+ "Delta,TimeAvg,TimeMedian,ServerAvg,ServerMedian\n");
+
+ for (i = 0; i < test->npoints; i++) {
+ qsort(test->points[i].measurements,
+ test->points[i].midx,
+ sizeof(test->points[i].measurements[0]),
+ compar);
+
+ qsort(test->points[i].smeasurements,
+ test->points[i].midx,
+ sizeof(test->points[i].smeasurements[0]),
+ compar);
+
+ avg2 =
+ calc_avg(test->points[i].measurements,
+ test->points[i].midx);
+ /*var = calc_var( test->points[i].measurements, test->points[i].midx, avg2); */
+ med =
+ calc_median(test->points[i].measurements,
+ test->points[i].midx);
+
+ savg =
+ calc_avg(test->points[i].smeasurements,
+ test->points[i].midx);
+ /*var = calc_var( test->points[i].measurements, test->points[i].midx, avg2); */
+ smed =
+ calc_median(test->points[i].smeasurements,
+ test->points[i].midx);
+ /*min = calc_min( test->points[i].measurements, test->points[i].midx); */
+
+ if (fp) /* point, avg, median */
+ fprintf(fp, "%u,%.2lf,%.2lf,%.2lf,%.2lf\n",
+ (unsigned) test->points[i].byte1,
+ avg2, med, savg, smed);
+
+ /*printf("(%u) Avg: %.3f nanosec, Median: %.3f, Variance: %.3f\n", (unsigned)test->points[i].byte1,
+ avg2, med, var); */
+ }
+
+ if (fp)
+ fclose(fp);
+ }
+
+ if (test->desc)
+ fprintf(stderr, "Description: %s\n", test->desc);
+
+ close(fd);
+
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
}
-static void
-server (int fd, const char* prio)
+static void server(int fd, const char *prio)
{
-int ret;
-char buffer[MAX_BUF + 1];
-gnutls_session_t session;
-gnutls_certificate_credentials_t x509_cred;
-const char* err;
-struct timespec start, stop;
-static unsigned long measurement;
+ int ret;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t x509_cred;
+ const char *err;
+ struct timespec start, stop;
+ static unsigned long measurement;
- setpriority(PRIO_PROCESS, getpid(), -15);
+ setpriority(PRIO_PROCESS, getpid(), -15);
- /* this must be called once in the program
- */
- global_init ();
- memset(buffer, 0, sizeof(buffer));
+ /* this must be called once in the program
+ */
+ global_init();
+ memset(buffer, 0, sizeof(buffer));
#ifdef DEBUG
- gnutls_global_set_log_function (server_log_func);
- gnutls_global_set_log_level (6);
+ gnutls_global_set_log_function(server_log_func);
+ gnutls_global_set_log_level(6);
#endif
- gnutls_certificate_allocate_credentials (&x509_cred);
- ret = gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- fprintf(stderr, "Could not set certificate\n");
- return;
- }
-
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ ret =
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ fprintf(stderr, "Could not set certificate\n");
+ return;
+ }
#ifdef REHANDSHAKE
-restart:
+ restart:
#endif
- gnutls_init (&session, GNUTLS_SERVER);
-
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- if ((ret=gnutls_priority_set_direct (session, prio, &err)) < 0) {
- fprintf(stderr, "Error in priority string %s: %s\n", gnutls_strerror(ret), err);
- return;
- }
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- gnutls_transport_set_int (session, fd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- {
+ gnutls_init(&session, GNUTLS_SERVER);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ if ((ret = gnutls_priority_set_direct(session, prio, &err)) < 0) {
+ fprintf(stderr, "Error in priority string %s: %s\n",
+ gnutls_strerror(ret), err);
+ return;
+ }
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ gnutls_transport_set_int(session, fd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0) {
#ifdef GNUTLS_E_PREMATURE_TERMINATION
- if (ret != GNUTLS_E_PREMATURE_TERMINATION && ret != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
+ if (ret != GNUTLS_E_PREMATURE_TERMINATION
+ && ret != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
#else
- if (ret != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
+ if (ret != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
#endif
- {
- fprintf( stderr, "server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- }
- goto finish;
- }
-
+ {
+ fprintf(stderr,
+ "server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ }
+ goto finish;
+ }
#ifndef REHANDSHAKE
-restart:
+ restart:
#endif
- clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &start);
-
- do {
- ret = gnutls_record_recv (session, buffer, sizeof (buffer));
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+ clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &start);
+
+ do {
+ ret = gnutls_record_recv(session, buffer, sizeof(buffer));
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &stop);
+ clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &stop);
- if (ret == GNUTLS_E_DECRYPTION_FAILED)
- {
- gnutls_session_force_valid(session);
- measurement = timespec_sub_ns(&stop, &start);
- do {
- ret = gnutls_record_send(session, &measurement, sizeof(measurement));
- /* GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC); */
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+ if (ret == GNUTLS_E_DECRYPTION_FAILED) {
+ gnutls_session_force_valid(session);
+ measurement = timespec_sub_ns(&stop, &start);
+ do {
+ ret =
+ gnutls_record_send(session, &measurement,
+ sizeof(measurement));
+ /* GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC); */
+ } while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
#ifdef REHANDSHAKE
- gnutls_deinit(session);
+ gnutls_deinit(session);
#endif
- if (ret >= 0)
- goto restart;
- }
- else if (ret < 0)
- fprintf(stderr, "err: %s\n", gnutls_strerror(ret));
-
+ if (ret >= 0)
+ goto restart;
+ } else if (ret < 0)
+ fprintf(stderr, "err: %s\n", gnutls_strerror(ret));
+
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
-finish:
- close (fd);
- gnutls_deinit (session);
+ finish:
+ close(fd);
+ gnutls_deinit(session);
- gnutls_certificate_free_credentials (x509_cred);
+ gnutls_certificate_free_credentials(x509_cred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
}
-static void start (const char* prio, unsigned int text_size, struct test_st *p)
+static void start(const char *prio, unsigned int text_size,
+ struct test_st *p)
{
- int fd[2];
- int ret;
- pid_t child;
-
- ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
- if (ret < 0)
- {
- perror("socketpair");
- exit(1);
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fprintf( stderr, "fork");
- exit(1);
- }
-
- if (child != 0)
- {
- /* parent */
- close(fd[1]);
- server (fd[0], prio);
- kill(child, SIGTERM);
- }
- else if (child == 0)
- {
- close(fd[0]);
- client (fd[1], prio, text_size, p);
- exit(0);
- }
+ int fd[2];
+ int ret;
+ pid_t child;
+
+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
+ if (ret < 0) {
+ perror("socketpair");
+ exit(1);
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fprintf(stderr, "fork");
+ exit(1);
+ }
+
+ if (child != 0) {
+ /* parent */
+ close(fd[1]);
+ server(fd[0], prio);
+ kill(child, SIGTERM);
+ } else if (child == 0) {
+ close(fd[0]);
+ client(fd[1], prio, text_size, p);
+ exit(0);
+ }
}
static void ch_handler(int sig)
{
-int status;
- wait(&status);
- if (WEXITSTATUS(status) != 0 ||
- (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
- {
- if (WIFSIGNALED(status))
- fprintf(stderr, "Child died with sigsegv\n");
- else
- fprintf(stderr, "Child died with status %d\n", WEXITSTATUS(status));
- }
- return;
+ int status;
+ wait(&status);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+ if (WIFSIGNALED(status))
+ fprintf(stderr, "Child died with sigsegv\n");
+ else
+ fprintf(stderr, "Child died with status %d\n",
+ WEXITSTATUS(status));
+ }
+ return;
}
static struct point_st all_points[256];
@@ -609,12 +618,12 @@ static struct point_st all_points_one[256];
* for AES-SHA1.
*/
static struct test_st test_sha1 = {
- .points = all_points,
- .npoints = NPOINTS(all_points),
- .text_size = 18*16,
- .name = "sha1",
- .file = "out-sha1.txt",
- .desc = NULL
+ .points = all_points,
+ .npoints = NPOINTS(all_points),
+ .text_size = 18 * 16,
+ .name = "sha1",
+ .file = "out-sha1.txt",
+ .desc = NULL
};
/* Test that outputs a graph of the timings
@@ -622,12 +631,12 @@ static struct test_st test_sha1 = {
* for AES-SHA256.
*/
static struct test_st test_sha256 = {
- .points = all_points,
- .npoints = NPOINTS(all_points),
- .text_size = 17*16,
- .name = "sha256",
- .file = "out-sha256.txt",
- .desc = NULL
+ .points = all_points,
+ .npoints = NPOINTS(all_points),
+ .text_size = 17 * 16,
+ .name = "sha256",
+ .file = "out-sha256.txt",
+ .desc = NULL
};
/* Test that outputs a graph of the timings
@@ -635,12 +644,12 @@ static struct test_st test_sha256 = {
* for AES-SHA1, on a short message.
*/
static struct test_st test_sha1_short = {
- .points = all_points,
- .npoints = NPOINTS(all_points),
- .text_size = 16*2,
- .name = "sha1-short",
- .file = "out-sha1-short.txt",
- .desc = NULL
+ .points = all_points,
+ .npoints = NPOINTS(all_points),
+ .text_size = 16 * 2,
+ .name = "sha1-short",
+ .file = "out-sha1-short.txt",
+ .desc = NULL
};
/* Test that outputs a graph of the timings
@@ -648,12 +657,12 @@ static struct test_st test_sha1_short = {
* for AES-SHA256.
*/
static struct test_st test_sha256_short = {
- .points = all_points,
- .npoints = NPOINTS(all_points),
- .text_size = 16*2,
- .name = "sha256-short",
- .file = "out-sha256-short.txt",
- .desc = NULL
+ .points = all_points,
+ .npoints = NPOINTS(all_points),
+ .text_size = 16 * 2,
+ .name = "sha256-short",
+ .file = "out-sha256-short.txt",
+ .desc = NULL
};
/* Test that outputs a graph of the timings
@@ -664,146 +673,134 @@ static struct test_st test_sha256_short = {
* [1,1] shows up in the measurements)
*/
static struct test_st test_sha1_one = {
- .points = all_points_one,
- .npoints = NPOINTS(all_points_one),
- .text_size = 16*2,
- .name = "sha1-one",
- .file = "out-sha1-one.txt",
- .desc = NULL
+ .points = all_points_one,
+ .npoints = NPOINTS(all_points_one),
+ .text_size = 16 * 2,
+ .name = "sha1-one",
+ .file = "out-sha1-one.txt",
+ .desc = NULL
};
-int main(int argc, char** argv)
+int main(int argc, char **argv)
{
-unsigned int i;
-struct test_st* test;
-const char* hash;
-char prio[512];
-
- signal(SIGCHLD, ch_handler);
- signal(SIGPIPE, SIG_IGN);
-
- if (argc > 1)
- {
- if (strcmp(argv[1], "sha1")== 0)
- {
- test = &test_sha1;
- hash = "SHA1";
- }
- else if (strncmp(argv[1], "sha2", 4)== 0)
- {
- test = &test_sha256;
- hash = "SHA256";
- }
- else if (strcmp(argv[1], "sha1-short")== 0)
- {
- test = &test_sha1_short;
- hash = "SHA1";
- }
- else if (strcmp(argv[1], "sha256-short")== 0)
- {
- test = &test_sha256_short;
- hash = "SHA256";
- }
- else if (strcmp(argv[1], "sha1-one")== 0)
- {
- test = &test_sha1_one;
- hash = "SHA1";
- }
- else
- {
- fprintf(stderr, "Unknown test: %s\n", argv[1]);
- exit(1);
- }
- }
- else
- {
- fprintf(stderr, "Please specify the test, sha1, sha1-one, sha256, sha1-short, sha256-short\n");
- exit(1);
- }
-
- memset(&all_points, 0, sizeof(all_points));
- for (i=0;i<256;i++)
- {
- all_points[i].byte1 = i;
- all_points[i].measurements = malloc(MAX_PER_POINT*sizeof(all_points[i].measurements[0]));
- all_points[i].smeasurements = malloc(MAX_PER_POINT*sizeof(all_points[i].measurements[0]));
- }
-
- memset(&all_points_one, 0, sizeof(all_points_one));
- for (i=0;i<256;i++)
- {
- all_points_one[i].byte1 = i;
- all_points_one[i].byte2 = 1;
- all_points_one[i].measurements = all_points[i].measurements;
- all_points_one[i].smeasurements = all_points[i].smeasurements;
- }
-
-
- remove(test->file);
- snprintf(prio, sizeof(prio), "NONE:+COMP-NULL:+AES-128-CBC:+%s:+RSA:%%COMPAT:+VERS-TLS1.2:+VERS-TLS1.1", hash);
-
- printf("\nAES-%s (calculating different padding timings)\n", hash);
- start(prio, test->text_size, test);
-
- signal(SIGCHLD, SIG_IGN);
-
+ unsigned int i;
+ struct test_st *test;
+ const char *hash;
+ char prio[512];
+
+ signal(SIGCHLD, ch_handler);
+ signal(SIGPIPE, SIG_IGN);
+
+ if (argc > 1) {
+ if (strcmp(argv[1], "sha1") == 0) {
+ test = &test_sha1;
+ hash = "SHA1";
+ } else if (strncmp(argv[1], "sha2", 4) == 0) {
+ test = &test_sha256;
+ hash = "SHA256";
+ } else if (strcmp(argv[1], "sha1-short") == 0) {
+ test = &test_sha1_short;
+ hash = "SHA1";
+ } else if (strcmp(argv[1], "sha256-short") == 0) {
+ test = &test_sha256_short;
+ hash = "SHA256";
+ } else if (strcmp(argv[1], "sha1-one") == 0) {
+ test = &test_sha1_one;
+ hash = "SHA1";
+ } else {
+ fprintf(stderr, "Unknown test: %s\n", argv[1]);
+ exit(1);
+ }
+ } else {
+ fprintf(stderr,
+ "Please specify the test, sha1, sha1-one, sha256, sha1-short, sha256-short\n");
+ exit(1);
+ }
+
+ memset(&all_points, 0, sizeof(all_points));
+ for (i = 0; i < 256; i++) {
+ all_points[i].byte1 = i;
+ all_points[i].measurements =
+ malloc(MAX_PER_POINT *
+ sizeof(all_points[i].measurements[0]));
+ all_points[i].smeasurements =
+ malloc(MAX_PER_POINT *
+ sizeof(all_points[i].measurements[0]));
+ }
+
+ memset(&all_points_one, 0, sizeof(all_points_one));
+ for (i = 0; i < 256; i++) {
+ all_points_one[i].byte1 = i;
+ all_points_one[i].byte2 = 1;
+ all_points_one[i].measurements =
+ all_points[i].measurements;
+ all_points_one[i].smeasurements =
+ all_points[i].smeasurements;
+ }
+
+
+ remove(test->file);
+ snprintf(prio, sizeof(prio),
+ "NONE:+COMP-NULL:+AES-128-CBC:+%s:+RSA:%%COMPAT:+VERS-TLS1.2:+VERS-TLS1.1",
+ hash);
+
+ printf("\nAES-%s (calculating different padding timings)\n", hash);
+ start(prio, test->text_size, test);
+
+ signal(SIGCHLD, SIG_IGN);
+
#ifdef PDF
- snprintf(prio, sizeof(prio),
- "R -e 'pdf(file=\"%s-timings-avg.pdf\");z=read.csv(\"%s\");"
- "plot(z$Delta,z$TimeAvg,xlab=\"Delta\",ylab=\"Average timings (ns)\");"
- "dev.off();'"
- test->name, test->file);
- system(prio);
-
- snprintf(prio, sizeof(prio),
- "R -e 'pdf(file=\"%s-timings-med.pdf\");z=read.csv(\"%s\");"
- "plot(z$Delta,z$TimeMedian,xlab=\"Delta\",ylab=\"Median timings (ns)\");"
- "dev.off();'";
- test->name, test->file);
- system(prio);
-
- snprintf(prio, sizeof(prio),
- "R -e 'pdf(file=\"%s-server-timings-avg.pdf\");z=read.csv(\"%s\");"
- "plot(z$Delta,z$ServerAvg,xlab=\"Delta\",ylab=\"Average timings (ns)\");"
- "dev.off();'"
- test->name, test->file);
- system(prio);
-
- snprintf(prio, sizeof(prio),
- "R -e 'pdf(file=\"%s-server-timings-med.pdf\");z=read.csv(\"%s\");"
- "plot(z$Delta,z$ServerMedian,xlab=\"Delta\",ylab=\"Median timings (ns)\");"
- "dev.off();'";
- test->name, test->file);
- system(prio);
+ snprintf(prio, sizeof(prio),
+ "R -e 'pdf(file=\"%s-timings-avg.pdf\");z=read.csv(\"%s\");"
+ "plot(z$Delta,z$TimeAvg,xlab=\"Delta\",ylab=\"Average timings (ns)\");"
+ "dev.off();'" test->name, test->file);
+ system(prio);
+
+ snprintf(prio, sizeof(prio),
+ "R -e 'pdf(file=\"%s-timings-med.pdf\");z=read.csv(\"%s\");"
+ "plot(z$Delta,z$TimeMedian,xlab=\"Delta\",ylab=\"Median timings (ns)\");"
+ "dev.off();'"; test->name, test->file);
+ system(prio);
+
+ snprintf(prio, sizeof(prio),
+ "R -e 'pdf(file=\"%s-server-timings-avg.pdf\");z=read.csv(\"%s\");"
+ "plot(z$Delta,z$ServerAvg,xlab=\"Delta\",ylab=\"Average timings (ns)\");"
+ "dev.off();'" test->name, test->file);
+ system(prio);
+
+ snprintf(prio, sizeof(prio),
+ "R -e 'pdf(file=\"%s-server-timings-med.pdf\");z=read.csv(\"%s\");"
+ "plot(z$Delta,z$ServerMedian,xlab=\"Delta\",ylab=\"Median timings (ns)\");"
+ "dev.off();'"; test->name, test->file);
+ system(prio);
#else
- snprintf(prio, sizeof(prio),
- "R -e 'z=read.csv(\"%s\");png(filename = \"%s-timings-avg.png\",width=1024,height=1024,units=\"px\","
- "bg=\"white\");plot(z$Delta,z$TimeAvg,xlab=\"Delta\",ylab=\"Average timings (ns)\");dev.off();'",
- test->file, test->name);
- system(prio);
-
- snprintf(prio, sizeof(prio),
- "R -e 'z=read.csv(\"%s\");"
- "png(filename = \"%s-timings-med.png\",width=1024,height=1024,units=\"px\","
- "bg=\"white\");plot(z$Delta,z$TimeMedian,xlab=\"Delta\",ylab=\"Median timings (ns)\");dev.off();'",
- test->file, test->name);
- system(prio);
-
- snprintf(prio, sizeof(prio),
- "R -e 'z=read.csv(\"%s\");png(filename = \"%s-server-timings-avg.png\",width=1024,height=1024,units=\"px\","
- "bg=\"white\");plot(z$Delta,z$ServerAvg,xlab=\"Delta\",ylab=\"Average timings (ns)\");dev.off();'",
- test->file, test->name);
- system(prio);
-
- snprintf(prio, sizeof(prio),
- "R -e 'z=read.csv(\"%s\");"
- "png(filename = \"%s-server-timings-med.png\",width=1024,height=1024,units=\"px\","
- "bg=\"white\");plot(z$Delta,z$ServerMedian,xlab=\"Delta\",ylab=\"Median timings (ns)\");dev.off();'",
- test->file, test->name);
- system(prio);
+ snprintf(prio, sizeof(prio),
+ "R -e 'z=read.csv(\"%s\");png(filename = \"%s-timings-avg.png\",width=1024,height=1024,units=\"px\","
+ "bg=\"white\");plot(z$Delta,z$TimeAvg,xlab=\"Delta\",ylab=\"Average timings (ns)\");dev.off();'",
+ test->file, test->name);
+ system(prio);
+
+ snprintf(prio, sizeof(prio),
+ "R -e 'z=read.csv(\"%s\");"
+ "png(filename = \"%s-timings-med.png\",width=1024,height=1024,units=\"px\","
+ "bg=\"white\");plot(z$Delta,z$TimeMedian,xlab=\"Delta\",ylab=\"Median timings (ns)\");dev.off();'",
+ test->file, test->name);
+ system(prio);
+
+ snprintf(prio, sizeof(prio),
+ "R -e 'z=read.csv(\"%s\");png(filename = \"%s-server-timings-avg.png\",width=1024,height=1024,units=\"px\","
+ "bg=\"white\");plot(z$Delta,z$ServerAvg,xlab=\"Delta\",ylab=\"Average timings (ns)\");dev.off();'",
+ test->file, test->name);
+ system(prio);
+
+ snprintf(prio, sizeof(prio),
+ "R -e 'z=read.csv(\"%s\");"
+ "png(filename = \"%s-server-timings-med.png\",width=1024,height=1024,units=\"px\","
+ "bg=\"white\");plot(z$Delta,z$ServerMedian,xlab=\"Delta\",ylab=\"Median timings (ns)\");dev.off();'",
+ test->file, test->name);
+ system(prio);
#endif
- return 0;
+ return 0;
}
-#endif /* _WIN32 */
-
+#endif /* _WIN32 */
diff --git a/tests/utils.c b/tests/utils.c
index 490c1e2f3a..e77541bcf5 100644
--- a/tests/utils.c
+++ b/tests/utils.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
-
+
#include "utils.h"
int debug = 0;
@@ -35,127 +35,120 @@ int error_count = 0;
int break_on_error = 0;
const char *pkcs3 =
- "-----BEGIN DH PARAMETERS-----\n"
- "MIGGAoGAtkxw2jlsVCsrfLqxrN+IrF/3W8vVFvDzYbLmxi2GQv9s/PQGWP1d9i22\n"
- "P2DprfcJknWt7KhCI1SaYseOQIIIAYP78CfyIpGScW/vS8khrw0rlQiyeCvQgF3O\n"
- "GeGOEywcw+oQT4SmFOD7H0smJe2CNyjYpexBXQ/A0mbTF9QKm1cCAQU=\n"
- "-----END DH PARAMETERS-----\n";
-
-void
-fail (const char *format, ...)
+ "-----BEGIN DH PARAMETERS-----\n"
+ "MIGGAoGAtkxw2jlsVCsrfLqxrN+IrF/3W8vVFvDzYbLmxi2GQv9s/PQGWP1d9i22\n"
+ "P2DprfcJknWt7KhCI1SaYseOQIIIAYP78CfyIpGScW/vS8khrw0rlQiyeCvQgF3O\n"
+ "GeGOEywcw+oQT4SmFOD7H0smJe2CNyjYpexBXQ/A0mbTF9QKm1cCAQU=\n"
+ "-----END DH PARAMETERS-----\n";
+
+void fail(const char *format, ...)
{
- char str[1024];
- va_list arg_ptr;
-
- va_start (arg_ptr, format);
- vsnprintf ( str, sizeof(str), format, arg_ptr);
- va_end (arg_ptr);
- fputs(str, stderr);
- error_count++;
- if (break_on_error)
- exit (1);
+ char str[1024];
+ va_list arg_ptr;
+
+ va_start(arg_ptr, format);
+ vsnprintf(str, sizeof(str), format, arg_ptr);
+ va_end(arg_ptr);
+ fputs(str, stderr);
+ error_count++;
+ if (break_on_error)
+ exit(1);
}
-void
-success (const char *format, ...)
+void success(const char *format, ...)
{
- char str[1024];
- va_list arg_ptr;
+ char str[1024];
+ va_list arg_ptr;
- va_start (arg_ptr, format);
- vsnprintf ( str, sizeof(str), format, arg_ptr);
- va_end (arg_ptr);
- fputs(str, stderr);
+ va_start(arg_ptr, format);
+ vsnprintf(str, sizeof(str), format, arg_ptr);
+ va_end(arg_ptr);
+ fputs(str, stderr);
}
-void
-escapeprint (const char *str, size_t len)
+void escapeprint(const char *str, size_t len)
{
- size_t i;
-
- printf (" (length %d bytes):\n\t", (int) len);
- for (i = 0; i < len; i++)
- {
- if (((str[i] & 0xFF) >= 'A' && (str[i] & 0xFF) <= 'Z') ||
- ((str[i] & 0xFF) >= 'a' && (str[i] & 0xFF) <= 'z') ||
- ((str[i] & 0xFF) >= '0' && (str[i] & 0xFF) <= '9')
- || (str[i] & 0xFF) == ' ' || (str[i] & 0xFF) == '.')
- printf ("%c", (str[i] & 0xFF));
- else
- printf ("\\x%02X", (str[i] & 0xFF));
- if ((i + 1) % 16 == 0 && (i + 1) < len)
- printf ("'\n\t'");
- }
- printf ("\n");
+ size_t i;
+
+ printf(" (length %d bytes):\n\t", (int) len);
+ for (i = 0; i < len; i++) {
+ if (((str[i] & 0xFF) >= 'A' && (str[i] & 0xFF) <= 'Z') ||
+ ((str[i] & 0xFF) >= 'a' && (str[i] & 0xFF) <= 'z') ||
+ ((str[i] & 0xFF) >= '0' && (str[i] & 0xFF) <= '9')
+ || (str[i] & 0xFF) == ' ' || (str[i] & 0xFF) == '.')
+ printf("%c", (str[i] & 0xFF));
+ else
+ printf("\\x%02X", (str[i] & 0xFF));
+ if ((i + 1) % 16 == 0 && (i + 1) < len)
+ printf("'\n\t'");
+ }
+ printf("\n");
}
-void
-hexprint (const void *_str, size_t len)
+void hexprint(const void *_str, size_t len)
{
- size_t i;
- const char* str = _str;
-
- printf ("\t;; ");
- for (i = 0; i < len; i++)
- {
- printf ("%02x ", (str[i] & 0xFF));
- if ((i + 1) % 8 == 0)
- printf (" ");
- if ((i + 1) % 16 == 0 && i + 1 < len)
- printf ("\n\t;; ");
- }
- printf ("\n");
+ size_t i;
+ const char *str = _str;
+
+ printf("\t;; ");
+ for (i = 0; i < len; i++) {
+ printf("%02x ", (str[i] & 0xFF));
+ if ((i + 1) % 8 == 0)
+ printf(" ");
+ if ((i + 1) % 16 == 0 && i + 1 < len)
+ printf("\n\t;; ");
+ }
+ printf("\n");
}
-void
-binprint (const void *_str, size_t len)
+void binprint(const void *_str, size_t len)
{
- size_t i;
- const char* str = _str;
-
- printf ("\t;; ");
- for (i = 0; i < len; i++)
- {
- printf ("%d%d%d%d%d%d%d%d ",
- (str[i] & 0xFF) & 0x80 ? 1 : 0,
- (str[i] & 0xFF) & 0x40 ? 1 : 0,
- (str[i] & 0xFF) & 0x20 ? 1 : 0,
- (str[i] & 0xFF) & 0x10 ? 1 : 0,
- (str[i] & 0xFF) & 0x08 ? 1 : 0,
- (str[i] & 0xFF) & 0x04 ? 1 : 0,
- (str[i] & 0xFF) & 0x02 ? 1 : 0, (str[i] & 0xFF) & 0x01 ? 1 : 0);
- if ((i + 1) % 3 == 0)
- printf (" ");
- if ((i + 1) % 6 == 0 && i + 1 < len)
- printf ("\n\t;; ");
- }
- printf ("\n");
+ size_t i;
+ const char *str = _str;
+
+ printf("\t;; ");
+ for (i = 0; i < len; i++) {
+ printf("%d%d%d%d%d%d%d%d ",
+ (str[i] & 0xFF) & 0x80 ? 1 : 0,
+ (str[i] & 0xFF) & 0x40 ? 1 : 0,
+ (str[i] & 0xFF) & 0x20 ? 1 : 0,
+ (str[i] & 0xFF) & 0x10 ? 1 : 0,
+ (str[i] & 0xFF) & 0x08 ? 1 : 0,
+ (str[i] & 0xFF) & 0x04 ? 1 : 0,
+ (str[i] & 0xFF) & 0x02 ? 1 : 0,
+ (str[i] & 0xFF) & 0x01 ? 1 : 0);
+ if ((i + 1) % 3 == 0)
+ printf(" ");
+ if ((i + 1) % 6 == 0 && i + 1 < len)
+ printf("\n\t;; ");
+ }
+ printf("\n");
}
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- do
- if (strcmp (argv[argc - 1], "-v") == 0 ||
- strcmp (argv[argc - 1], "--verbose") == 0)
- debug = 1;
- else if (strcmp (argv[argc - 1], "-b") == 0 ||
- strcmp (argv[argc - 1], "--break-on-error") == 0)
- break_on_error = 1;
- else if (strcmp (argv[argc - 1], "-h") == 0 ||
- strcmp (argv[argc - 1], "-?") == 0 ||
- strcmp (argv[argc - 1], "--help") == 0)
- {
- printf ("Usage: %s [-vbh?] [--verbose] [--break-on-error] [--help]\n",
- argv[0]);
- return 1;
- }
- while (argc-- > 1);
-
- doit ();
-
- if (debug || error_count > 0)
- printf ("Self test `%s' finished with %d errors\n", argv[0], error_count);
-
- return error_count ? 1 : 0;
+ do
+ if (strcmp(argv[argc - 1], "-v") == 0 ||
+ strcmp(argv[argc - 1], "--verbose") == 0)
+ debug = 1;
+ else if (strcmp(argv[argc - 1], "-b") == 0 ||
+ strcmp(argv[argc - 1], "--break-on-error") == 0)
+ break_on_error = 1;
+ else if (strcmp(argv[argc - 1], "-h") == 0 ||
+ strcmp(argv[argc - 1], "-?") == 0 ||
+ strcmp(argv[argc - 1], "--help") == 0) {
+ printf
+ ("Usage: %s [-vbh?] [--verbose] [--break-on-error] [--help]\n",
+ argv[0]);
+ return 1;
+ }
+ while (argc-- > 1);
+
+ doit();
+
+ if (debug || error_count > 0)
+ printf("Self test `%s' finished with %d errors\n", argv[0],
+ error_count);
+
+ return error_count ? 1 : 0;
}
diff --git a/tests/utils.h b/tests/utils.h
index d156187f20..7d89e8ce97 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -30,15 +30,16 @@
#ifndef __attribute__
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#define __attribute__(Spec) /* empty */
+#define __attribute__(Spec) /* empty */
#endif
#endif
-inline static int global_init(void) {
+inline static int global_init(void)
+{
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+ gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
#endif
- return gnutls_global_init();
+ return gnutls_global_init();
}
extern int debug;
@@ -47,16 +48,16 @@ extern int break_on_error;
extern const char *pkcs3;
-extern void fail (const char *format, ...)
- __attribute__ ((format (printf, 1, 2)));
-extern void success (const char *format, ...)
- __attribute__ ((format (printf, 1, 2)));
+extern void fail(const char *format, ...)
+ __attribute__ ((format(printf, 1, 2)));
+extern void success(const char *format, ...)
+ __attribute__ ((format(printf, 1, 2)));
-extern void escapeprint (const char *str, size_t len);
-extern void hexprint (const void *str, size_t len);
-extern void binprint (const void *str, size_t len);
+extern void escapeprint(const char *str, size_t len);
+extern void hexprint(const void *str, size_t len);
+extern void binprint(const void *str, size_t len);
/* This must be implemented elsewhere. */
-extern void doit (void);
+extern void doit(void);
-#endif /* UTILS_H */
+#endif /* UTILS_H */
diff --git a/tests/x509_altname.c b/tests/x509_altname.c
index 48ee402d79..bec6484b89 100644
--- a/tests/x509_altname.c
+++ b/tests/x509_altname.c
@@ -30,101 +30,94 @@
#include "utils.h"
static char pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIE6zCCA9OgAwIBAgIBdjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJTRTEf\n"
- "MB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRldDEgMB4GA1UEAxMXU3RvY2to\n"
- "b2xtIFVuaXZlcnNpdHkgQ0EwHhcNMDYwMzIyMDkxNTI4WhcNMDcwMzIyMDkxNTI4\n"
- "WjBDMQswCQYDVQQGEwJTRTEfMB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRl\n"
- "dDETMBEGA1UEAxMKc2lwMS5zdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\n"
- "gYEArUzXTD36ZK7CwZJH/faUNTcdaqM7JyiZsfrO703d7cT/bJ3wKxT8trOOh/Ou\n"
- "WwgGFX2+r7ykun3aIUXUuD13Yle/yHqH/4g9vWX7UeFCBlSI0tAxnlqt0QqlPgSd\n"
- "GLHcoO4PPyjon9jj0A/zpJGZHiRUCooo63YqE9MYfr5HBfkCAwEAAaOCAl8wggJb\n"
- "MAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYD\n"
- "VR0OBBYEFDpcXNHMLJ7fc/c72BtZseq4MDXFMH8GA1UdIwR4MHaAFJ4uMLo32VFE\n"
- "yZ2/GCHxvX7utYZIoVukWTBXMQswCQYDVQQGEwJTRTEYMBYGA1UEChMPVW1lYSBV\n"
- "bml2ZXJzaXR5MRMwEQYDVQQLEwpTd1VQS0ktUENBMRkwFwYDVQQDExBTd1VQS0kg\n"
- "UG9saWN5IENBggEQMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jYS5zdS5zZS8y\n"
- "MDA1LTEvY3JsLXYyLmNybDB5BgNVHSAEcjBwMG4GCCqFcCsCAQEBMGIwHwYIKwYB\n"
- "BQUHAgEWE2h0dHA6Ly9jYS5zdS5zZS9DUFMwPwYIKwYBBQUHAgIwMxoxTGltaXRl\n"
- "ZCBMaWFiaWxpdHksIHNlZSBodHRwOi8vd3d3LnN3dXBraS5zdS5zZS9DUDAkBgNV\n"
- "HRIEHTAbgQhjYUBzdS5zZYYPaHR0cDovL2NhLnN1LnNlMIG3BgNVHREEga8wgayC\n"
- "F2luY29taW5ncHJveHkuc2lwLnN1LnNlghhpbmNvbWluZ3Byb3h5MS5zaXAuc3Uu\n"
- "c2WCF291dGdvaW5ncHJveHkuc2lwLnN1LnNlghhvdXRnb2luZ3Byb3h5MS5zaXAu\n"
- "c3Uuc2WCDW91dC5zaXAuc3Uuc2WCE2FwcHNlcnZlci5zaXAuc3Uuc2WCFGFwcHNl\n"
- "cnZlcjEuc2lwLnN1LnNlggpzaXAxLnN1LnNlMA0GCSqGSIb3DQEBBQUAA4IBAQAR\n"
- "FYg7ytcph0E7WmvM44AN/8qru7tRX6aSFWrjLyVr/1Wk4prCK4y5JpfNw5dh9Z8f\n"
- "/gyFsr1iFsb6fS3nJTTd3fVlWRfcNCGIx5g8KuSb3u6f7VznkGOeiRMRESQc1G8B\n"
- "eh0zbdZS7BYO2g9EKlbGST5PwQnc4g9K7pqPyKSNVkzb60Nujg/+qYje7MCcN+ZR\n"
- "nUBo6U2NZ06/QEUFm+uUIhZ8IGM1gLehC7Q3G4+d4c38CDJxQnSPOgWiXuSvhhQm\n"
- "KDsbrKzRaeBRh5eEJbTkA8Dp0Emb0UrkRVhixeg97stxUcATAjdGljJ9MLnuHXnI\n"
- "7ihGdUfg5q/105vpsQpO\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIE6zCCA9OgAwIBAgIBdjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJTRTEf\n"
+ "MB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRldDEgMB4GA1UEAxMXU3RvY2to\n"
+ "b2xtIFVuaXZlcnNpdHkgQ0EwHhcNMDYwMzIyMDkxNTI4WhcNMDcwMzIyMDkxNTI4\n"
+ "WjBDMQswCQYDVQQGEwJTRTEfMB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRl\n"
+ "dDETMBEGA1UEAxMKc2lwMS5zdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\n"
+ "gYEArUzXTD36ZK7CwZJH/faUNTcdaqM7JyiZsfrO703d7cT/bJ3wKxT8trOOh/Ou\n"
+ "WwgGFX2+r7ykun3aIUXUuD13Yle/yHqH/4g9vWX7UeFCBlSI0tAxnlqt0QqlPgSd\n"
+ "GLHcoO4PPyjon9jj0A/zpJGZHiRUCooo63YqE9MYfr5HBfkCAwEAAaOCAl8wggJb\n"
+ "MAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYD\n"
+ "VR0OBBYEFDpcXNHMLJ7fc/c72BtZseq4MDXFMH8GA1UdIwR4MHaAFJ4uMLo32VFE\n"
+ "yZ2/GCHxvX7utYZIoVukWTBXMQswCQYDVQQGEwJTRTEYMBYGA1UEChMPVW1lYSBV\n"
+ "bml2ZXJzaXR5MRMwEQYDVQQLEwpTd1VQS0ktUENBMRkwFwYDVQQDExBTd1VQS0kg\n"
+ "UG9saWN5IENBggEQMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jYS5zdS5zZS8y\n"
+ "MDA1LTEvY3JsLXYyLmNybDB5BgNVHSAEcjBwMG4GCCqFcCsCAQEBMGIwHwYIKwYB\n"
+ "BQUHAgEWE2h0dHA6Ly9jYS5zdS5zZS9DUFMwPwYIKwYBBQUHAgIwMxoxTGltaXRl\n"
+ "ZCBMaWFiaWxpdHksIHNlZSBodHRwOi8vd3d3LnN3dXBraS5zdS5zZS9DUDAkBgNV\n"
+ "HRIEHTAbgQhjYUBzdS5zZYYPaHR0cDovL2NhLnN1LnNlMIG3BgNVHREEga8wgayC\n"
+ "F2luY29taW5ncHJveHkuc2lwLnN1LnNlghhpbmNvbWluZ3Byb3h5MS5zaXAuc3Uu\n"
+ "c2WCF291dGdvaW5ncHJveHkuc2lwLnN1LnNlghhvdXRnb2luZ3Byb3h5MS5zaXAu\n"
+ "c3Uuc2WCDW91dC5zaXAuc3Uuc2WCE2FwcHNlcnZlci5zaXAuc3Uuc2WCFGFwcHNl\n"
+ "cnZlcjEuc2lwLnN1LnNlggpzaXAxLnN1LnNlMA0GCSqGSIb3DQEBBQUAA4IBAQAR\n"
+ "FYg7ytcph0E7WmvM44AN/8qru7tRX6aSFWrjLyVr/1Wk4prCK4y5JpfNw5dh9Z8f\n"
+ "/gyFsr1iFsb6fS3nJTTd3fVlWRfcNCGIx5g8KuSb3u6f7VznkGOeiRMRESQc1G8B\n"
+ "eh0zbdZS7BYO2g9EKlbGST5PwQnc4g9K7pqPyKSNVkzb60Nujg/+qYje7MCcN+ZR\n"
+ "nUBo6U2NZ06/QEUFm+uUIhZ8IGM1gLehC7Q3G4+d4c38CDJxQnSPOgWiXuSvhhQm\n"
+ "KDsbrKzRaeBRh5eEJbTkA8Dp0Emb0UrkRVhixeg97stxUcATAjdGljJ9MLnuHXnI\n"
+ "7ihGdUfg5q/105vpsQpO\n" "-----END CERTIFICATE-----\n";
#define MAX_DATA_SIZE 1024
-void
-doit (void)
+void doit(void)
{
- int ret;
- gnutls_datum_t derCert = { (void*)pem, sizeof (pem) };
- gnutls_x509_crt_t cert;
- size_t data_len = MAX_DATA_SIZE;
- char data[MAX_DATA_SIZE];
- unsigned int critical = 0;
- int alt_name_count = 0;
+ int ret;
+ gnutls_datum_t derCert = { (void *) pem, sizeof(pem) };
+ gnutls_x509_crt_t cert;
+ size_t data_len = MAX_DATA_SIZE;
+ char data[MAX_DATA_SIZE];
+ unsigned int critical = 0;
+ int alt_name_count = 0;
- ret = global_init ();
- if (ret < 0)
- fail ("init %d\n", ret);
+ ret = global_init();
+ if (ret < 0)
+ fail("init %d\n", ret);
- ret = gnutls_x509_crt_init (&cert);
- if (ret < 0)
- fail ("crt_init %d\n", ret);
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0)
+ fail("crt_init %d\n", ret);
- ret = gnutls_x509_crt_import (cert, &derCert, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("crt_import %d\n", ret);
+ ret = gnutls_x509_crt_import(cert, &derCert, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("crt_import %d\n", ret);
- for (alt_name_count = 0;; ++alt_name_count)
- {
- ret =
- gnutls_x509_crt_get_issuer_alt_name (cert, alt_name_count, data,
- &data_len, &critical);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
+ for (alt_name_count = 0;; ++alt_name_count) {
+ ret =
+ gnutls_x509_crt_get_issuer_alt_name(cert,
+ alt_name_count,
+ data, &data_len,
+ &critical);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
- if (ret < 0)
- fail ("get_issuer_alt_name: %d\n", ret);
+ if (ret < 0)
+ fail("get_issuer_alt_name: %d\n", ret);
- // TODO: print out / check results
- if (GNUTLS_SAN_URI == ret)
- {
- if (strcmp (data, "http://ca.su.se") != 0)
- {
- fail ("unexpected issuer GNUTLS_SAN_URI: %s\n", data);
- }
- }
- else if (GNUTLS_SAN_RFC822NAME == ret)
- {
- if (strcmp (data, "ca@su.se") != 0)
- {
- fail ("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data);
- }
- }
- else
- {
- fail ("unexpected alt name type: %d\n", ret);
- }
- data_len = MAX_DATA_SIZE;
- }
+ // TODO: print out / check results
+ if (GNUTLS_SAN_URI == ret) {
+ if (strcmp(data, "http://ca.su.se") != 0) {
+ fail("unexpected issuer GNUTLS_SAN_URI: %s\n", data);
+ }
+ } else if (GNUTLS_SAN_RFC822NAME == ret) {
+ if (strcmp(data, "ca@su.se") != 0) {
+ fail("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data);
+ }
+ } else {
+ fail("unexpected alt name type: %d\n", ret);
+ }
+ data_len = MAX_DATA_SIZE;
+ }
- if (alt_name_count != 2)
- {
- fail ("unexpected number of alt names: %i\n", alt_name_count);
- }
+ if (alt_name_count != 2) {
+ fail("unexpected number of alt names: %i\n",
+ alt_name_count);
+ }
- if (debug)
- success ("done\n");
+ if (debug)
+ success("done\n");
- gnutls_x509_crt_deinit (cert);
- gnutls_global_deinit ();
+ gnutls_x509_crt_deinit(cert);
+ gnutls_global_deinit();
}
diff --git a/tests/x509cert-tl.c b/tests/x509cert-tl.c
index 3f4329a670..7ba147f079 100644
--- a/tests/x509cert-tl.c
+++ b/tests/x509cert-tl.c
@@ -39,241 +39,273 @@
/* gnutls_trust_list_*().
*/
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "<%d>| %s", level, str);
+ fprintf(stderr, "<%d>| %s", level, str);
}
static unsigned char ca_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
- "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
- "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
- "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
- "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
- "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
- "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
- "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
- "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
- "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t ca = { ca_pem, sizeof (ca_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
+ "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) };
static unsigned char cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t cert = { cert_pem, sizeof (cert_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) };
static unsigned char key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
- "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
- "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
- "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
- "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
- "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
- "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
- "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
- "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
- "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
- "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
- "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
- "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
- "-----END RSA PRIVATE KEY-----\n";
-const gnutls_datum_t key = { key_pem, sizeof (key_pem) };
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
+ "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
+ "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
+ "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
+ "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
+ "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
+ "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
+ "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
+ "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
+ "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
+ "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
+ "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
+ "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
+ "-----END RSA PRIVATE KEY-----\n";
+const gnutls_datum_t key = { key_pem, sizeof(key_pem) };
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
static unsigned char cert_der[602] =
- "\x30\x82\x02\x56\x30\x82\x01\xc1\xa0\x03\x02\x01\x02\x02\x04\x46"
- "\x26\x1d\x31\x30\x0b\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05"
- "\x30\x19\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x47\x6e\x75"
- "\x54\x4c\x53\x20\x74\x65\x73\x74\x20\x43\x41\x30\x1e\x17\x0d\x30"
- "\x37\x30\x34\x31\x38\x31\x33\x32\x39\x32\x31\x5a\x17\x0d\x30\x38"
- "\x30\x34\x31\x37\x31\x33\x32\x39\x32\x31\x5a\x30\x37\x31\x1b\x30"
- "\x19\x06\x03\x55\x04\x0a\x13\x12\x47\x6e\x75\x54\x4c\x53\x20\x74"
- "\x65\x73\x74\x20\x73\x65\x72\x76\x65\x72\x31\x18\x30\x16\x06\x03"
- "\x55\x04\x03\x13\x0f\x74\x65\x73\x74\x2e\x67\x6e\x75\x74\x6c\x73"
- "\x2e\x6f\x72\x67\x30\x81\x9c\x30\x0b\x06\x09\x2a\x86\x48\x86\xf7"
- "\x0d\x01\x01\x01\x03\x81\x8c\x00\x30\x81\x88\x02\x81\x80\xd7\xba"
- "\x5c\xaf\xa3\x0c\xf0\x2e\xa9\x27\x56\xaa\x53\x8e\xa8\xeb\x7f\x81"
- "\x75\x4c\x6b\x98\xbe\x4a\xea\xb7\x1e\xf8\x4b\xc3\x6a\xc4\xda\x0d"
- "\x00\xb8\xea\x4c\x13\x1f\x36\x16\x93\xde\x72\xef\xc6\xa4\x5e\xb2"
- "\x6e\xb6\xca\x0a\x88\x55\x75\x90\x96\xed\xa6\x57\xbc\x0c\x3b\x76"
- "\x0d\x97\x1e\xbd\xe9\xec\x7f\xd3\xa9\xec\xfb\x85\x64\xa0\x6b\xa0"
- "\x48\xce\x77\x7e\x73\x9c\x31\x13\xff\x3d\xc8\xae\xa5\x60\x6e\xd9"
- "\xb6\x8c\x5a\x9a\x6f\xb6\xbe\x9f\x6a\xbd\xa7\xf0\xa0\x33\x27\xf5"
- "\xb7\x1d\x92\xe5\x96\x9c\x73\x52\xd6\x9f\xd6\xc8\x8e\xb1\x02\x03"
- "\x01\x00\x01\xa3\x81\x93\x30\x81\x90\x30\x0c\x06\x03\x55\x1d\x13"
- "\x01\x01\xff\x04\x02\x30\x00\x30\x1a\x06\x03\x55\x1d\x11\x04\x13"
- "\x30\x11\x82\x0f\x74\x65\x73\x74\x2e\x67\x6e\x75\x74\x6c\x73\x2e"
- "\x6f\x72\x67\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08"
- "\x2b\x06\x01\x05\x05\x07\x03\x01\x30\x0f\x06\x03\x55\x1d\x0f\x01"
- "\x01\xff\x04\x05\x03\x03\x07\xa0\x00\x30\x1d\x06\x03\x55\x1d\x0e"
- "\x04\x16\x04\x14\xeb\xc7\x45\x6e\xe5\xf8\x25\xca\x8c\x8d\x83\x0d"
- "\x74\xe9\x86\xd4\xdd\x55\xb4\x75\x30\x1f\x06\x03\x55\x1d\x23\x04"
- "\x18\x30\x16\x80\x14\xe9\x3c\x1c\xfb\xad\x92\x6e\xe6\x06\xa4\x56"
- "\x2c\xa2\xe1\xc0\x53\x27\xc8\xf2\x95\x30\x0b\x06\x09\x2a\x86\x48"
- "\x86\xf7\x0d\x01\x01\x05\x03\x81\x81\x00\x68\x51\x0f\x4e\xdf\xbb"
- "\x6f\x3b\xc1\xb8\xe7\xfb\xf9\x09\x9e\x41\xc9\xf6\xf6\x44\xfa\x06"
- "\xcc\xa1\xd5\x11\xc9\x5d\xff\x0a\x4e\x4e\x50\x45\xfc\x29\xea\x88"
- "\x1b\xa7\xde\x09\x41\x67\x0d\x43\xf4\xbb\x60\x31\x47\x82\x50\xf5"
- "\x03\x05\x0d\x05\x15\xf0\x77\x7a\xe2\x52\xc3\x27\xb3\x18\x1e\x48"
- "\x3c\x58\x05\xf2\x58\x6c\x32\xde\xa2\x13\x41\xb2\xa6\x8f\x0c\x96"
- "\xfb\x5d\xa8\xa5\x59\xb3\x10\x29\xf0\x1b\x15\x0f\x1c\x9c\xec\x60"
- "\xac\xe2\x8b\x51\x04\x56\x27\x42\xb7\x1f\x25\xd1\x32\x16\xea\x8d"
- "\xd2\xc8\x69\x08\x82\xbd\x02\xee\x8b\x3a";
+ "\x30\x82\x02\x56\x30\x82\x01\xc1\xa0\x03\x02\x01\x02\x02\x04\x46"
+ "\x26\x1d\x31\x30\x0b\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05"
+ "\x30\x19\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x47\x6e\x75"
+ "\x54\x4c\x53\x20\x74\x65\x73\x74\x20\x43\x41\x30\x1e\x17\x0d\x30"
+ "\x37\x30\x34\x31\x38\x31\x33\x32\x39\x32\x31\x5a\x17\x0d\x30\x38"
+ "\x30\x34\x31\x37\x31\x33\x32\x39\x32\x31\x5a\x30\x37\x31\x1b\x30"
+ "\x19\x06\x03\x55\x04\x0a\x13\x12\x47\x6e\x75\x54\x4c\x53\x20\x74"
+ "\x65\x73\x74\x20\x73\x65\x72\x76\x65\x72\x31\x18\x30\x16\x06\x03"
+ "\x55\x04\x03\x13\x0f\x74\x65\x73\x74\x2e\x67\x6e\x75\x74\x6c\x73"
+ "\x2e\x6f\x72\x67\x30\x81\x9c\x30\x0b\x06\x09\x2a\x86\x48\x86\xf7"
+ "\x0d\x01\x01\x01\x03\x81\x8c\x00\x30\x81\x88\x02\x81\x80\xd7\xba"
+ "\x5c\xaf\xa3\x0c\xf0\x2e\xa9\x27\x56\xaa\x53\x8e\xa8\xeb\x7f\x81"
+ "\x75\x4c\x6b\x98\xbe\x4a\xea\xb7\x1e\xf8\x4b\xc3\x6a\xc4\xda\x0d"
+ "\x00\xb8\xea\x4c\x13\x1f\x36\x16\x93\xde\x72\xef\xc6\xa4\x5e\xb2"
+ "\x6e\xb6\xca\x0a\x88\x55\x75\x90\x96\xed\xa6\x57\xbc\x0c\x3b\x76"
+ "\x0d\x97\x1e\xbd\xe9\xec\x7f\xd3\xa9\xec\xfb\x85\x64\xa0\x6b\xa0"
+ "\x48\xce\x77\x7e\x73\x9c\x31\x13\xff\x3d\xc8\xae\xa5\x60\x6e\xd9"
+ "\xb6\x8c\x5a\x9a\x6f\xb6\xbe\x9f\x6a\xbd\xa7\xf0\xa0\x33\x27\xf5"
+ "\xb7\x1d\x92\xe5\x96\x9c\x73\x52\xd6\x9f\xd6\xc8\x8e\xb1\x02\x03"
+ "\x01\x00\x01\xa3\x81\x93\x30\x81\x90\x30\x0c\x06\x03\x55\x1d\x13"
+ "\x01\x01\xff\x04\x02\x30\x00\x30\x1a\x06\x03\x55\x1d\x11\x04\x13"
+ "\x30\x11\x82\x0f\x74\x65\x73\x74\x2e\x67\x6e\x75\x74\x6c\x73\x2e"
+ "\x6f\x72\x67\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08"
+ "\x2b\x06\x01\x05\x05\x07\x03\x01\x30\x0f\x06\x03\x55\x1d\x0f\x01"
+ "\x01\xff\x04\x05\x03\x03\x07\xa0\x00\x30\x1d\x06\x03\x55\x1d\x0e"
+ "\x04\x16\x04\x14\xeb\xc7\x45\x6e\xe5\xf8\x25\xca\x8c\x8d\x83\x0d"
+ "\x74\xe9\x86\xd4\xdd\x55\xb4\x75\x30\x1f\x06\x03\x55\x1d\x23\x04"
+ "\x18\x30\x16\x80\x14\xe9\x3c\x1c\xfb\xad\x92\x6e\xe6\x06\xa4\x56"
+ "\x2c\xa2\xe1\xc0\x53\x27\xc8\xf2\x95\x30\x0b\x06\x09\x2a\x86\x48"
+ "\x86\xf7\x0d\x01\x01\x05\x03\x81\x81\x00\x68\x51\x0f\x4e\xdf\xbb"
+ "\x6f\x3b\xc1\xb8\xe7\xfb\xf9\x09\x9e\x41\xc9\xf6\xf6\x44\xfa\x06"
+ "\xcc\xa1\xd5\x11\xc9\x5d\xff\x0a\x4e\x4e\x50\x45\xfc\x29\xea\x88"
+ "\x1b\xa7\xde\x09\x41\x67\x0d\x43\xf4\xbb\x60\x31\x47\x82\x50\xf5"
+ "\x03\x05\x0d\x05\x15\xf0\x77\x7a\xe2\x52\xc3\x27\xb3\x18\x1e\x48"
+ "\x3c\x58\x05\xf2\x58\x6c\x32\xde\xa2\x13\x41\xb2\xa6\x8f\x0c\x96"
+ "\xfb\x5d\xa8\xa5\x59\xb3\x10\x29\xf0\x1b\x15\x0f\x1c\x9c\xec\x60"
+ "\xac\xe2\x8b\x51\x04\x56\x27\x42\xb7\x1f\x25\xd1\x32\x16\xea\x8d"
+ "\xd2\xc8\x69\x08\x82\xbd\x02\xee\x8b\x3a";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
-static time_t mytime (time_t * t)
+static time_t mytime(time_t * t)
{
- time_t then = 1207000800;
+ time_t then = 1207000800;
- if (t)
- *t = then;
+ if (t)
+ *t = then;
- return then;
+ return then;
}
#define NAME "localhost"
#define NAME_SIZE (sizeof(NAME)-1)
-void
-doit (void)
+void doit(void)
{
- int ret;
- gnutls_datum_t data;
- gnutls_x509_crt_t server_crt, ca_crt;
- gnutls_x509_trust_list_t tl;
- unsigned int status;
-
- /* this must be called once in the program
- */
- global_init ();
-
- gnutls_global_set_time_function (mytime);
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (6);
-
- /* test for gnutls_certificate_get_issuer() */
- gnutls_x509_trust_list_init(&tl, 0);
- gnutls_x509_crt_init(&server_crt);
- gnutls_x509_crt_init(&ca_crt);
-
- ret = gnutls_x509_crt_import(server_crt, &cert, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail("gnutls_x509_crt_import");
-
- ret = gnutls_x509_crt_import(ca_crt, &ca, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail("gnutls_x509_crt_import");
-
- ret = gnutls_x509_trust_list_add_cas(tl, &ca_crt, 1, 0);
- if (ret < 0)
- fail("gnutls_x509_trust_list_add_cas");
-
- ret = gnutls_x509_trust_list_add_named_crt(tl, server_crt, NAME, NAME_SIZE, 0);
- if (ret < 0)
- fail("gnutls_x509_trust_list_add_named_crt");
-
- ret = gnutls_x509_trust_list_verify_crt(tl, &server_crt, 1, 0, &status, NULL);
- if (ret < 0 || status != 0)
- fail("gnutls_x509_trust_list_verify_crt\n");
-
- ret = gnutls_x509_trust_list_verify_named_crt(tl, server_crt, NAME, NAME_SIZE, 0, &status, NULL);
- if (ret < 0 || status != 0)
- fail("gnutls_x509_trust_list_verify_named_crt: %d\n", __LINE__);
-
- ret = gnutls_x509_trust_list_verify_named_crt(tl, server_crt, NAME, NAME_SIZE-1, 0, &status, NULL);
- if (ret < 0 || status == 0)
- fail("gnutls_x509_trust_list_verify_named_crt: %d\n", __LINE__);
-
- ret = gnutls_x509_trust_list_verify_named_crt(tl, server_crt, "other", 5, 0, &status, NULL);
- if (ret < 0 || status == 0)
- fail("gnutls_x509_trust_list_verify_named_crt: %d\n", __LINE__);
-
- /* test convenience functions in verify-high2.c */
- data.data = cert_pem;
- data.size = strlen((char*)cert_pem);
- ret = gnutls_x509_trust_list_add_trust_mem(tl, &data, NULL, GNUTLS_X509_FMT_PEM, 0, 0);
- if (ret < 1)
- fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n", __LINE__, gnutls_strerror(ret));
-
- ret = gnutls_x509_trust_list_remove_trust_mem(tl, &data, GNUTLS_X509_FMT_PEM);
- if (ret < 1)
- fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n", __LINE__, gnutls_strerror(ret));
-
- data.data = cert_der;
- data.size = sizeof(cert_der);
- ret = gnutls_x509_trust_list_add_trust_mem(tl, &data, NULL, GNUTLS_X509_FMT_DER, 0, 0);
- if (ret < 1)
- fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n", __LINE__, gnutls_strerror(ret));
-
- ret = gnutls_x509_trust_list_remove_trust_mem(tl, &data, GNUTLS_X509_FMT_DER);
- if (ret < 1)
- fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n", __LINE__, gnutls_strerror(ret));
-
- ret = gnutls_x509_trust_list_remove_cas(tl, &ca_crt, 1);
- if (ret < 1)
- fail("gnutls_x509_trust_list_add_cas");
-
- ret = gnutls_x509_trust_list_verify_crt(tl, &server_crt, 1, 0, &status, NULL);
- if (ret == 0 && status == 0)
- fail("gnutls_x509_trust_list_verify_crt\n");
-
- gnutls_x509_trust_list_deinit(tl, 1);
-
- gnutls_global_deinit();
-
- if (debug) success("success");
+ int ret;
+ gnutls_datum_t data;
+ gnutls_x509_crt_t server_crt, ca_crt;
+ gnutls_x509_trust_list_t tl;
+ unsigned int status;
+
+ /* this must be called once in the program
+ */
+ global_init();
+
+ gnutls_global_set_time_function(mytime);
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(6);
+
+ /* test for gnutls_certificate_get_issuer() */
+ gnutls_x509_trust_list_init(&tl, 0);
+ gnutls_x509_crt_init(&server_crt);
+ gnutls_x509_crt_init(&ca_crt);
+
+ ret =
+ gnutls_x509_crt_import(server_crt, &cert, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import");
+
+ ret = gnutls_x509_crt_import(ca_crt, &ca, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import");
+
+ ret = gnutls_x509_trust_list_add_cas(tl, &ca_crt, 1, 0);
+ if (ret < 0)
+ fail("gnutls_x509_trust_list_add_cas");
+
+ ret =
+ gnutls_x509_trust_list_add_named_crt(tl, server_crt, NAME,
+ NAME_SIZE, 0);
+ if (ret < 0)
+ fail("gnutls_x509_trust_list_add_named_crt");
+
+ ret =
+ gnutls_x509_trust_list_verify_crt(tl, &server_crt, 1, 0,
+ &status, NULL);
+ if (ret < 0 || status != 0)
+ fail("gnutls_x509_trust_list_verify_crt\n");
+
+ ret =
+ gnutls_x509_trust_list_verify_named_crt(tl, server_crt, NAME,
+ NAME_SIZE, 0, &status,
+ NULL);
+ if (ret < 0 || status != 0)
+ fail("gnutls_x509_trust_list_verify_named_crt: %d\n",
+ __LINE__);
+
+ ret =
+ gnutls_x509_trust_list_verify_named_crt(tl, server_crt, NAME,
+ NAME_SIZE - 1, 0,
+ &status, NULL);
+ if (ret < 0 || status == 0)
+ fail("gnutls_x509_trust_list_verify_named_crt: %d\n",
+ __LINE__);
+
+ ret =
+ gnutls_x509_trust_list_verify_named_crt(tl, server_crt,
+ "other", 5, 0, &status,
+ NULL);
+ if (ret < 0 || status == 0)
+ fail("gnutls_x509_trust_list_verify_named_crt: %d\n",
+ __LINE__);
+
+ /* test convenience functions in verify-high2.c */
+ data.data = cert_pem;
+ data.size = strlen((char *) cert_pem);
+ ret =
+ gnutls_x509_trust_list_add_trust_mem(tl, &data, NULL,
+ GNUTLS_X509_FMT_PEM, 0,
+ 0);
+ if (ret < 1)
+ fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n",
+ __LINE__, gnutls_strerror(ret));
+
+ ret =
+ gnutls_x509_trust_list_remove_trust_mem(tl, &data,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 1)
+ fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n",
+ __LINE__, gnutls_strerror(ret));
+
+ data.data = cert_der;
+ data.size = sizeof(cert_der);
+ ret =
+ gnutls_x509_trust_list_add_trust_mem(tl, &data, NULL,
+ GNUTLS_X509_FMT_DER, 0,
+ 0);
+ if (ret < 1)
+ fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n",
+ __LINE__, gnutls_strerror(ret));
+
+ ret =
+ gnutls_x509_trust_list_remove_trust_mem(tl, &data,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 1)
+ fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n",
+ __LINE__, gnutls_strerror(ret));
+
+ ret = gnutls_x509_trust_list_remove_cas(tl, &ca_crt, 1);
+ if (ret < 1)
+ fail("gnutls_x509_trust_list_add_cas");
+
+ ret =
+ gnutls_x509_trust_list_verify_crt(tl, &server_crt, 1, 0,
+ &status, NULL);
+ if (ret == 0 && status == 0)
+ fail("gnutls_x509_trust_list_verify_crt\n");
+
+ gnutls_x509_trust_list_deinit(tl, 1);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("success");
}
diff --git a/tests/x509cert.c b/tests/x509cert.c
index 3e974b429e..853e7e78e7 100644
--- a/tests/x509cert.c
+++ b/tests/x509cert.c
@@ -46,164 +46,169 @@
* gnutls_trust_list_get_issuer().
*/
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "<%d>| %s", level, str);
+ fprintf(stderr, "<%d>| %s", level, str);
}
static unsigned char ca_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
- "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
- "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
- "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
- "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
- "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
- "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
- "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
- "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
- "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t ca = { ca_pem, sizeof (ca_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
+ "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) };
static unsigned char cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
- "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
- "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
- "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
- "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
- "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
- "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
- "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
- "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
- "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t cert = { cert_pem, sizeof (cert_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
+ "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) };
static unsigned char key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
- "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
- "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
- "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
- "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
- "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
- "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
- "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
- "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
- "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
- "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
- "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
- "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
- "-----END RSA PRIVATE KEY-----\n";
-const gnutls_datum_t key = { key_pem, sizeof (key_pem) };
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
+ "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
+ "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
+ "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
+ "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
+ "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
+ "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
+ "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
+ "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
+ "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
+ "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
+ "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
+ "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
+ "-----END RSA PRIVATE KEY-----\n";
+const gnutls_datum_t key = { key_pem, sizeof(key_pem) };
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
#define LIST_SIZE 3
-void
-doit (void)
+void doit(void)
{
- gnutls_certificate_credentials_t x509_cred;
- int ret;
- unsigned int i;
- gnutls_x509_crt_t issuer;
- gnutls_x509_crt_t list[LIST_SIZE];
- char dn[128];
- size_t dn_size;
- unsigned int list_size;
-
- /* this must be called once in the program
- */
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (6);
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- /* test for gnutls_certificate_get_issuer() */
-
- list_size = LIST_SIZE;
- ret = gnutls_x509_crt_list_import(list, &list_size, &cert, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED);
- if (ret < 0)
- fail("gnutls_x509_crt_list_import");
-
- ret = gnutls_certificate_get_issuer(x509_cred, list[0], &issuer, 0);
- if (ret < 0)
- fail("gnutls_certificate_get_isser");
-
- dn_size = sizeof(dn);
- ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size);
- if (ret < 0)
- fail("gnutls_certificate_get_isser");
-
- if (debug)
- fprintf(stderr, "Issuer's DN: %s\n", dn);
- for (i=0;i<list_size;i++)
- gnutls_x509_crt_deinit(list[i]);
- gnutls_certificate_free_credentials(x509_cred);
-
- gnutls_global_deinit();
-
- if (debug) success("success");
+ gnutls_certificate_credentials_t x509_cred;
+ int ret;
+ unsigned int i;
+ gnutls_x509_crt_t issuer;
+ gnutls_x509_crt_t list[LIST_SIZE];
+ char dn[128];
+ size_t dn_size;
+ unsigned int list_size;
+
+ /* this must be called once in the program
+ */
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(6);
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_trust_mem(x509_cred, &ca,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ /* test for gnutls_certificate_get_issuer() */
+
+ list_size = LIST_SIZE;
+ ret =
+ gnutls_x509_crt_list_import(list, &list_size, &cert,
+ GNUTLS_X509_FMT_PEM,
+ GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED);
+ if (ret < 0)
+ fail("gnutls_x509_crt_list_import");
+
+ ret =
+ gnutls_certificate_get_issuer(x509_cred, list[0], &issuer, 0);
+ if (ret < 0)
+ fail("gnutls_certificate_get_isser");
+
+ dn_size = sizeof(dn);
+ ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size);
+ if (ret < 0)
+ fail("gnutls_certificate_get_isser");
+
+ if (debug)
+ fprintf(stderr, "Issuer's DN: %s\n", dn);
+ for (i = 0; i < list_size; i++)
+ gnutls_x509_crt_deinit(list[i]);
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("success");
}
diff --git a/tests/x509dn.c b/tests/x509dn.c
index 0af95e5c4f..8cb0eb3365 100644
--- a/tests/x509dn.c
+++ b/tests/x509dn.c
@@ -33,10 +33,9 @@
#if defined(_WIN32)
/* socketpair isn't supported on Win32. */
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -58,10 +57,10 @@ main (int argc, char** argv)
pid_t child;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
+ fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level,
+ str);
}
/* A very basic TLS client, with anonymous authentication.
@@ -71,221 +70,207 @@ tls_log_func (int level, const char *str)
#define MSG "Hello TLS"
static unsigned char ca_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
- "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
- "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
- "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
- "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
- "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
- "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
- "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
- "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
- "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t ca = { ca_pem, sizeof (ca_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
+ "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) };
static unsigned char cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t cert = { cert_pem, sizeof (cert_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) };
static unsigned char key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
- "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
- "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
- "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
- "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
- "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
- "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
- "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
- "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
- "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
- "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
- "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
- "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
- "-----END RSA PRIVATE KEY-----\n";
-const gnutls_datum_t key = { key_pem, sizeof (key_pem) };
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
+ "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
+ "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
+ "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
+ "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
+ "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
+ "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
+ "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
+ "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
+ "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
+ "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
+ "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
+ "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
+ "-----END RSA PRIVATE KEY-----\n";
+const gnutls_datum_t key = { key_pem, sizeof(key_pem) };
#define EXPECT_RDN0 "GnuTLS test CA"
static int
-cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_pcert_st ** pcert,
- unsigned int* pcert_length, gnutls_privkey_t *pkey)
+cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_pcert_st ** pcert,
+ unsigned int *pcert_length, gnutls_privkey_t * pkey)
{
- int result;
- gnutls_x509_dn_t dn;
-
- if (nreqs != 1)
- {
- fail ("client: invoked to provide client cert, %d CA .\n", nreqs);
- return -1;
- }
-
- if (debug)
- success ("client: invoked to provide client cert.\n");
-
- result = gnutls_x509_dn_init (&dn);
- if (result < 0)
- {
- fail ("client: could not initialize DN.\n");
- return -1;
- }
-
- result = gnutls_x509_dn_import (dn, req_ca_rdn);
- if (result == 0)
- {
- gnutls_x509_ava_st val;
-
- if (debug)
- success ("client: imported DN.\n");
-
- if (gnutls_x509_dn_get_rdn_ava (dn, 0, 0, &val) == 0)
- {
- if (debug)
- success ("client: got RDN 0.\n");
-
- if (val.value.size == strlen (EXPECT_RDN0)
- && strncmp ((char*)val.value.data, EXPECT_RDN0, val.value.size) == 0)
- {
- if (debug)
- success ("client: RND 0 correct.\n");
- }
- else
- {
- fail ("client: RND 0 bad: %.*s\n",
- val.value.size, val.value.data);
- return -1;
- }
- }
- else
- {
- fail ("client: could not retrieve RDN 0.\n");
- return -1;
- }
-
- gnutls_x509_dn_deinit (dn);
- }
- else
- {
- fail ("client: failed to parse RDN: %s\n", gnutls_strerror (result));
- }
-
- return 0;
+ int result;
+ gnutls_x509_dn_t dn;
+
+ if (nreqs != 1) {
+ fail("client: invoked to provide client cert, %d CA .\n",
+ nreqs);
+ return -1;
+ }
+
+ if (debug)
+ success("client: invoked to provide client cert.\n");
+
+ result = gnutls_x509_dn_init(&dn);
+ if (result < 0) {
+ fail("client: could not initialize DN.\n");
+ return -1;
+ }
+
+ result = gnutls_x509_dn_import(dn, req_ca_rdn);
+ if (result == 0) {
+ gnutls_x509_ava_st val;
+
+ if (debug)
+ success("client: imported DN.\n");
+
+ if (gnutls_x509_dn_get_rdn_ava(dn, 0, 0, &val) == 0) {
+ if (debug)
+ success("client: got RDN 0.\n");
+
+ if (val.value.size == strlen(EXPECT_RDN0)
+ && strncmp((char *) val.value.data,
+ EXPECT_RDN0, val.value.size) == 0) {
+ if (debug)
+ success
+ ("client: RND 0 correct.\n");
+ } else {
+ fail("client: RND 0 bad: %.*s\n",
+ val.value.size, val.value.data);
+ return -1;
+ }
+ } else {
+ fail("client: could not retrieve RDN 0.\n");
+ return -1;
+ }
+
+ gnutls_x509_dn_deinit(dn);
+ } else {
+ fail("client: failed to parse RDN: %s\n",
+ gnutls_strerror(result));
+ }
+
+ return 0;
}
-static void
-client (int sd)
+static void client(int sd)
{
- int ret, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
-
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* sets the trusted cas file
- */
- gnutls_certificate_set_x509_trust_mem (xcred, &ca, GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_retrieve_function2 (xcred, cert_callback);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_set_default_priority (session);
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- if (debug)
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- if (debug)
- print_info (session);
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
-end:
-
- close (sd);
-
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (xcred);
-
- gnutls_global_deinit ();
+ int ret, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* sets the trusted cas file
+ */
+ gnutls_certificate_set_x509_trust_mem(xcred, &ca,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_retrieve_function2(xcred, cert_callback);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_set_default_priority(session);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ if (debug)
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ if (debug)
+ print_info(session);
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ close(sd);
+
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(xcred);
+
+ gnutls_global_deinit();
}
/* This is a sample TLS 1.0 echo server, using X.509 authentication.
@@ -297,42 +282,42 @@ end:
/* These are global */
gnutls_certificate_credentials_t x509_cred;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_set_default_priority (session);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_set_default_priority(session);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
- gnutls_dh_set_prime_bits (session, DH_BITS);
+ gnutls_dh_set_prime_bits(session, DH_BITS);
- return session;
+ return session;
}
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ return gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
}
int err, ret;
@@ -343,181 +328,170 @@ int optval = 1;
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
-static void
-server (int sd)
+static void server(int sd)
{
- /* this must be called once in the program
- */
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- if (debug)
- success ("Launched, generating DH parameters...\n");
-
- generate_dh_params ();
-
- gnutls_certificate_set_dh_params (x509_cred, dh_params);
-
- session = initialize_tls_session ();
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- return;
- }
- if (debug)
- success ("server: Handshake was completed\n");
-
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- if (debug)
- print_info (session);
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ /* this must be called once in the program
+ */
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(4711);
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_trust_mem(x509_cred, &ca,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ if (debug)
+ success("Launched, generating DH parameters...\n");
+
+ generate_dh_params();
+
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+
+ session = initialize_tls_session();
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ return;
+ }
+ if (debug)
+ success("server: Handshake was completed\n");
+
+ if (debug)
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ if (debug)
+ print_info(session);
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
- /* parent */
- server (sockets[0]);
- wait (&status);
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+ /* parent */
+ server(sockets[0]);
+ wait(&status);
#if defined WIFEXITED && defined WEXITSTATUS
- if (WIFEXITED (status) && WEXITSTATUS (status))
- {
- fail ("server: client failed with exit status %d\n",
- WEXITSTATUS (status));
- }
+ if (WIFEXITED(status) && WEXITSTATUS(status)) {
+ fail("server: client failed with exit status %d\n",
+ WEXITSTATUS(status));
+ }
#endif
#if defined WIFSIGNALED && defined WTERMSIG
- if (WIFSIGNALED (status))
- {
- fail ("server: client failed with fatal signal %d\n",
- WTERMSIG (status));
- }
+ if (WIFSIGNALED(status)) {
+ fail("server: client failed with fatal signal %d\n", WTERMSIG(status));
+ }
#endif
- }
- else
- client (sockets[1]);
+ } else
+ client(sockets[1]);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/x509self.c b/tests/x509self.c
index 91a696d843..9178702171 100644
--- a/tests/x509self.c
+++ b/tests/x509self.c
@@ -33,10 +33,9 @@
#if defined(_WIN32)
/* socketpair isn't supported on Win32. */
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- exit (77);
+ exit(77);
}
#else
@@ -57,10 +56,10 @@ main (int argc, char** argv)
pid_t child;
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
+ fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level,
+ str);
}
/* A very basic TLS client, with anonymous authentication.
@@ -71,182 +70,169 @@ tls_log_func (int level, const char *str)
#define MSG "Hello TLS"
static unsigned char ca_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
- "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
- "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
- "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
- "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
- "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
- "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
- "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
- "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
- "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t ca = { ca_pem, sizeof (ca_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
+ "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) };
static unsigned char cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
-const gnutls_datum_t cert = { cert_pem, sizeof (cert_pem) };
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) };
static unsigned char key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
- "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
- "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
- "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
- "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
- "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
- "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
- "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
- "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
- "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
- "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
- "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
- "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
- "-----END RSA PRIVATE KEY-----\n";
-const gnutls_datum_t key = { key_pem, sizeof (key_pem) };
-
-static void
-client (int sd)
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
+ "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
+ "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
+ "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
+ "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
+ "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
+ "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
+ "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
+ "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
+ "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
+ "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
+ "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
+ "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
+ "-----END RSA PRIVATE KEY-----\n";
+const gnutls_datum_t key = { key_pem, sizeof(key_pem) };
+
+static void client(int sd)
{
- int ret, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
-
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (6);
-
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* sets the trusted cas file
- */
- gnutls_certificate_set_x509_trust_mem (xcred, &ca, GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_x509_key_mem (xcred, &cert, &key,
- GNUTLS_X509_FMT_PEM);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_set_default_priority (session);
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else if (debug)
- {
- success ("client: Handshake was completed\n");
- }
-
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
-
- /* see the Getting peer's information example */
- if (debug)
- print_info (session);
-
- ret = gnutls_record_send (session, MSG, strlen (MSG));
-
- if (ret == strlen (MSG))
- {
- if (debug)
- success ("client: sent record.\n");
- }
- else
- {
- fail ("client: failed to send record.\n");
- gnutls_perror (ret);
- goto end;
- }
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (debug)
- success ("client: recv returned %d.\n", ret);
-
- if (ret == GNUTLS_E_REHANDSHAKE)
- {
- if (debug)
- success ("client: doing handshake!\n");
- ret = gnutls_handshake (session);
- if (ret == 0)
- {
- if (debug)
- success ("client: handshake complete, reading again.\n");
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- }
- else
- {
- fail ("client: handshake failed.\n");
- }
- }
-
- if (ret == 0)
- {
- if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
-end:
-
- close (sd);
-
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (xcred);
-
- gnutls_global_deinit ();
+ int ret, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(6);
+
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* sets the trusted cas file
+ */
+ gnutls_certificate_set_x509_trust_mem(xcred, &ca,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_key_mem(xcred, &cert, &key,
+ GNUTLS_X509_FMT_PEM);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_set_default_priority(session);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fail("client: Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else if (debug) {
+ success("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success("client: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+
+ /* see the Getting peer's information example */
+ if (debug)
+ print_info(session);
+
+ ret = gnutls_record_send(session, MSG, strlen(MSG));
+
+ if (ret == strlen(MSG)) {
+ if (debug)
+ success("client: sent record.\n");
+ } else {
+ fail("client: failed to send record.\n");
+ gnutls_perror(ret);
+ goto end;
+ }
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (debug)
+ success("client: recv returned %d.\n", ret);
+
+ if (ret == GNUTLS_E_REHANDSHAKE) {
+ if (debug)
+ success("client: doing handshake!\n");
+ ret = gnutls_handshake(session);
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: handshake complete, reading again.\n");
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ } else {
+ fail("client: handshake failed.\n");
+ }
+ }
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("client: Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fail("client: Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (debug) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ close(sd);
+
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(xcred);
+
+ gnutls_global_deinit();
}
/* This is a sample TLS 1.0 echo server, using X.509 authentication.
@@ -258,43 +244,42 @@ end:
/* These are global */
gnutls_certificate_credentials_t x509_cred;
-static gnutls_session_t
-initialize_tls_session (void)
+static gnutls_session_t initialize_tls_session(void)
{
- gnutls_session_t session;
+ gnutls_session_t session;
- gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER);
- /* avoid calling all the priority functions, since the defaults
- * are adequate.
- */
- gnutls_set_default_priority (session);
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_set_default_priority(session);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- /* request client certificate if any.
- Moved to later on to be able to test re-handshakes.
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
- */
+ /* request client certificate if any.
+ Moved to later on to be able to test re-handshakes.
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
+ */
- gnutls_dh_set_prime_bits (session, DH_BITS);
+ gnutls_dh_set_prime_bits(session, DH_BITS);
- return session;
+ return session;
}
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ return gnutls_dh_params_import_pkcs3(dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
}
int err, ret;
@@ -305,189 +290,179 @@ int optval = 1;
static unsigned char server_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
- "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
- "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
- "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
- "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
- "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
- "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
- "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
- "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
- "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t server_cert = { server_cert_pem,
- sizeof (server_cert_pem)
+ sizeof(server_cert_pem)
};
static unsigned char server_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
- "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
- "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
- "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
- "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
- "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
- "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
- "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
- "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
- "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
- "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
- "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
- "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
const gnutls_datum_t server_key = { server_key_pem,
- sizeof (server_key_pem)
+ sizeof(server_key_pem)
};
-static void
-server (int sd)
+static void server(int sd)
{
- /* this must be called once in the program
- */
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (6);
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
- GNUTLS_X509_FMT_PEM);
-
- if (debug)
- success ("Launched, generating DH parameters...\n");
-
- generate_dh_params ();
-
- gnutls_certificate_set_dh_params (x509_cred, dh_params);
-
- session = initialize_tls_session ();
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- return;
- }
- if (debug)
- {
- success ("server: Handshake was completed\n");
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
- }
-
- /* see the Getting peer's information example */
- if (debug)
- print_info (session);
-
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
- {
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
- }
- else if (ret > 0)
- {
- gnutls_certificate_server_set_request (session,
- GNUTLS_CERT_REQUEST);
-
- if (debug)
- success ("server: got data, forcing rehandshake.\n");
-
- ret = gnutls_rehandshake (session);
- if (ret < 0)
- {
- fail ("server: rehandshake failed\n");
- gnutls_perror (ret);
- break;
- }
-
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- fail ("server: (re)handshake failed\n");
- gnutls_perror (ret);
- break;
- }
-
- if (debug)
- success ("server: rehandshake complete.\n");
-
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
- }
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (x509_cred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
-
- if (debug)
- success ("server: finished\n");
+ /* this must be called once in the program
+ */
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(6);
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_trust_mem(x509_cred, &ca,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
+ &server_key,
+ GNUTLS_X509_FMT_PEM);
+
+ if (debug)
+ success("Launched, generating DH parameters...\n");
+
+ generate_dh_params();
+
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+
+ session = initialize_tls_session();
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fail("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ return;
+ }
+ if (debug) {
+ success("server: Handshake was completed\n");
+ success("server: TLS version is: %s\n",
+ gnutls_protocol_get_name
+ (gnutls_protocol_get_version(session)));
+ }
+
+ /* see the Getting peer's information example */
+ if (debug)
+ print_info(session);
+
+ for (;;) {
+ memset(buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ if (debug)
+ success
+ ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0) {
+ fail("server: Received corrupted data(%d). Closing...\n", ret);
+ break;
+ } else if (ret > 0) {
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
+
+ if (debug)
+ success
+ ("server: got data, forcing rehandshake.\n");
+
+ ret = gnutls_rehandshake(session);
+ if (ret < 0) {
+ fail("server: rehandshake failed\n");
+ gnutls_perror(ret);
+ break;
+ }
+
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ fail("server: (re)handshake failed\n");
+ gnutls_perror(ret);
+ break;
+ }
+
+ if (debug)
+ success("server: rehandshake complete.\n");
+
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer,
+ strlen(buffer));
+ }
+ }
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(x509_cred);
+
+ gnutls_dh_params_deinit(dh_params);
+
+ gnutls_global_deinit();
+
+ if (debug)
+ success("server: finished\n");
}
-void
-doit (void)
+void doit(void)
{
- int sockets[2];
-
- err = socketpair (AF_UNIX, SOCK_STREAM, 0, sockets);
- if (err == -1)
- {
- perror ("socketpair");
- fail ("socketpair failed\n");
- return;
- }
-
- child = fork ();
- if (child < 0)
- {
- perror ("fork");
- fail ("fork");
- return;
- }
-
- if (child)
- {
- int status;
-
- server (sockets[0]);
- wait (&status);
- }
- else
- client (sockets[1]);
+ int sockets[2];
+
+ err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err == -1) {
+ perror("socketpair");
+ fail("socketpair failed\n");
+ return;
+ }
+
+ child = fork();
+ if (child < 0) {
+ perror("fork");
+ fail("fork");
+ return;
+ }
+
+ if (child) {
+ int status;
+
+ server(sockets[0]);
+ wait(&status);
+ } else
+ client(sockets[1]);
}
-#endif /* _WIN32 */
+#endif /* _WIN32 */
diff --git a/tests/x509sign-verify.c b/tests/x509sign-verify.c
index 143dcd1d59..debb1fe69f 100644
--- a/tests/x509sign-verify.c
+++ b/tests/x509sign-verify.c
@@ -40,240 +40,265 @@
#include "utils.h"
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "<%d> %s", level, str);
+ fprintf(stderr, "<%d> %s", level, str);
}
/* sha1 hash of "hello" string */
const gnutls_datum_t hash_data = {
- (void *)
- "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe"
- "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d",
- 20
+ (void *)
+ "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe"
+ "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d",
+ 20
};
const gnutls_datum_t invalid_hash_data = {
- (void *)
- "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe"
- "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d",
- 20
+ (void *)
+ "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe"
+ "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d",
+ 20
};
const gnutls_datum_t raw_data = {
- (void *) "hello",
- 5
+ (void *) "hello",
+ 5
};
static char pem1_cert[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
- "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
- "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
- "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
- "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
- "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
- "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
- "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
- "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
- "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
+ "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
+ "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
+ "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
+ "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
+ "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
+ "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
+ "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
+ "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
+ "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
static char pem1_key[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
- "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
- "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
- "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
- "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
- "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
- "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
- "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
- "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
- "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
- "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
- "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
- "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
+ "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
+ "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
+ "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
+ "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
+ "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
+ "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
+ "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
+ "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
+ "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
+ "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
+ "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
+ "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
+ "-----END RSA PRIVATE KEY-----\n";
static char pem2_cert[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDbzCCAtqgAwIBAgIERiYdRTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
- "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTQxWhcNMDgwNDE3MTMyOTQxWjA3MRsw\n"
- "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
- "Lm9yZzCCAbQwggEpBgcqhkjOOAQBMIIBHAKBgLmE9VqBvhoNxYpzjwybL5u2DkvD\n"
- "dBp/ZK2d8yjFoEe8m1dW8ZfVfjcD6fJM9OOLfzCjXS+7oaI3wuo1jx+xX6aiXwHx\n"
- "IzYr5E8vLd2d1TqmOa96UXzSJY6XdM8exXtLdkOBBx8GFLhuWBLhkOI3b9Ib7GjF\n"
- "WOLmMOBqXixjeOwHAhSfVoxIZC/+jap6bZbbBF0W7wilcQKBgGIGfuRcdgi3Rhpd\n"
- "15fUKiH7HzHJ0vT6Odgn0Zv8J12nCqca/FPBL0PCN8iFfz1Mq12BMvsdXh5UERYg\n"
- "xoBa2YybQ/Dda6D0w/KKnDnSHHsP7/ook4/SoSLr3OCKi60oDs/vCYXpNr2LelDV\n"
- "e/clDWxgEcTvcJDP1hvru47GPjqXA4GEAAKBgA+Kh1fy0cLcrN9Liw+Luin34QPk\n"
- "VfqymAfW/RKxgLz1urRQ1H+gDkPnn8l4EV/l5Awsa2qkNdy9VOVgNpox0YpZbmsc\n"
- "ur0uuut8h+/ayN2h66SD5out+vqOW9c3yDI+lsI+9EPafZECD7e8+O+P90EAXpbf\n"
- "DwiW3Oqy6QaCr9Ivo4GTMIGQMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdGVz\n"
- "dC5nbnV0bHMub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n"
- "gAAwHQYDVR0OBBYEFL/su87Y6HtwVuzz0SuS1tSZClvzMB8GA1UdIwQYMBaAFOk8\n"
- "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n"
- "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n"
- "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n"
- "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDbzCCAtqgAwIBAgIERiYdRTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTQxWhcNMDgwNDE3MTMyOTQxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCCAbQwggEpBgcqhkjOOAQBMIIBHAKBgLmE9VqBvhoNxYpzjwybL5u2DkvD\n"
+ "dBp/ZK2d8yjFoEe8m1dW8ZfVfjcD6fJM9OOLfzCjXS+7oaI3wuo1jx+xX6aiXwHx\n"
+ "IzYr5E8vLd2d1TqmOa96UXzSJY6XdM8exXtLdkOBBx8GFLhuWBLhkOI3b9Ib7GjF\n"
+ "WOLmMOBqXixjeOwHAhSfVoxIZC/+jap6bZbbBF0W7wilcQKBgGIGfuRcdgi3Rhpd\n"
+ "15fUKiH7HzHJ0vT6Odgn0Zv8J12nCqca/FPBL0PCN8iFfz1Mq12BMvsdXh5UERYg\n"
+ "xoBa2YybQ/Dda6D0w/KKnDnSHHsP7/ook4/SoSLr3OCKi60oDs/vCYXpNr2LelDV\n"
+ "e/clDWxgEcTvcJDP1hvru47GPjqXA4GEAAKBgA+Kh1fy0cLcrN9Liw+Luin34QPk\n"
+ "VfqymAfW/RKxgLz1urRQ1H+gDkPnn8l4EV/l5Awsa2qkNdy9VOVgNpox0YpZbmsc\n"
+ "ur0uuut8h+/ayN2h66SD5out+vqOW9c3yDI+lsI+9EPafZECD7e8+O+P90EAXpbf\n"
+ "DwiW3Oqy6QaCr9Ivo4GTMIGQMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdGVz\n"
+ "dC5nbnV0bHMub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n"
+ "gAAwHQYDVR0OBBYEFL/su87Y6HtwVuzz0SuS1tSZClvzMB8GA1UdIwQYMBaAFOk8\n"
+ "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n"
+ "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n"
+ "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n"
+ "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n";
static char pem2_key[] =
- "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBugIBAAKBgQC5hPVagb4aDcWKc48Mmy+btg5Lw3Qaf2StnfMoxaBHvJtXVvGX\n"
- "1X43A+nyTPTji38wo10vu6GiN8LqNY8fsV+mol8B8SM2K+RPLy3dndU6pjmvelF8\n"
- "0iWOl3TPHsV7S3ZDgQcfBhS4blgS4ZDiN2/SG+xoxVji5jDgal4sY3jsBwIVAJ9W\n"
- "jEhkL/6NqnptltsEXRbvCKVxAoGAYgZ+5Fx2CLdGGl3Xl9QqIfsfMcnS9Po52CfR\n"
- "m/wnXacKpxr8U8EvQ8I3yIV/PUyrXYEy+x1eHlQRFiDGgFrZjJtD8N1roPTD8oqc\n"
- "OdIcew/v+iiTj9KhIuvc4IqLrSgOz+8Jhek2vYt6UNV79yUNbGARxO9wkM/WG+u7\n"
- "jsY+OpcCgYAPiodX8tHC3KzfS4sPi7op9+ED5FX6spgH1v0SsYC89bq0UNR/oA5D\n"
- "55/JeBFf5eQMLGtqpDXcvVTlYDaaMdGKWW5rHLq9LrrrfIfv2sjdoeukg+aLrfr6\n"
- "jlvXN8gyPpbCPvRD2n2RAg+3vPjvj/dBAF6W3w8IltzqsukGgq/SLwIUS5/r/2ya\n"
- "AoNBXjeBjgCGMei2m8E=\n" "-----END DSA PRIVATE KEY-----\n";
+ "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBugIBAAKBgQC5hPVagb4aDcWKc48Mmy+btg5Lw3Qaf2StnfMoxaBHvJtXVvGX\n"
+ "1X43A+nyTPTji38wo10vu6GiN8LqNY8fsV+mol8B8SM2K+RPLy3dndU6pjmvelF8\n"
+ "0iWOl3TPHsV7S3ZDgQcfBhS4blgS4ZDiN2/SG+xoxVji5jDgal4sY3jsBwIVAJ9W\n"
+ "jEhkL/6NqnptltsEXRbvCKVxAoGAYgZ+5Fx2CLdGGl3Xl9QqIfsfMcnS9Po52CfR\n"
+ "m/wnXacKpxr8U8EvQ8I3yIV/PUyrXYEy+x1eHlQRFiDGgFrZjJtD8N1roPTD8oqc\n"
+ "OdIcew/v+iiTj9KhIuvc4IqLrSgOz+8Jhek2vYt6UNV79yUNbGARxO9wkM/WG+u7\n"
+ "jsY+OpcCgYAPiodX8tHC3KzfS4sPi7op9+ED5FX6spgH1v0SsYC89bq0UNR/oA5D\n"
+ "55/JeBFf5eQMLGtqpDXcvVTlYDaaMdGKWW5rHLq9LrrrfIfv2sjdoeukg+aLrfr6\n"
+ "jlvXN8gyPpbCPvRD2n2RAg+3vPjvj/dBAF6W3w8IltzqsukGgq/SLwIUS5/r/2ya\n"
+ "AoNBXjeBjgCGMei2m8E=\n" "-----END DSA PRIVATE KEY-----\n";
const gnutls_datum_t cert_dat[] = {
- {(void*)pem1_cert, sizeof (pem1_cert)}
- ,
- {(void*)pem2_cert, sizeof (pem2_cert)}
+ {(void *) pem1_cert, sizeof(pem1_cert)}
+ ,
+ {(void *) pem2_cert, sizeof(pem2_cert)}
};
const gnutls_datum_t key_dat[] = {
- {(void*)pem1_key, sizeof (pem1_key)}
- ,
- {(void*)pem2_key, sizeof (pem2_key)}
+ {(void *) pem1_key, sizeof(pem1_key)}
+ ,
+ {(void *) pem2_key, sizeof(pem2_key)}
};
-void
-doit (void)
+void doit(void)
{
- gnutls_x509_privkey_t key;
- gnutls_x509_crt_t crt;
- gnutls_pubkey_t pubkey;
- gnutls_privkey_t privkey;
- gnutls_digest_algorithm_t hash_algo;
- gnutls_sign_algorithm_t sign_algo;
- gnutls_datum_t signature;
- gnutls_datum_t signature2;
- int ret;
- size_t i;
-
- global_init ();
-
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (6);
-
- for (i = 0; i < sizeof (key_dat) / sizeof (key_dat[0]); i++)
- {
- if (debug)
- success ("loop %d\n", (int) i);
-
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- fail ("gnutls_x509_privkey_init\n");
-
- ret =
- gnutls_x509_privkey_import (key, &key_dat[i], GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_privkey_import\n");
-
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- fail ("gnutls_privkey_init\n");
-
- ret = gnutls_privkey_init (&privkey);
- if (ret < 0)
- fail ("gnutls_pubkey_init\n");
-
- ret = gnutls_privkey_import_x509 (privkey, key, 0);
- if (ret < 0)
- fail ("gnutls_privkey_import_x509\n");
-
- ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA1, 0,
- &hash_data, &signature2);
- if (ret < 0)
- fail ("gnutls_privkey_sign_hash\n");
-
- ret = gnutls_privkey_sign_data (privkey, GNUTLS_DIG_SHA1, 0,
- &raw_data, &signature);
- if (ret < 0)
- fail ("gnutls_x509_privkey_sign_hash\n");
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- fail ("gnutls_x509_crt_init\n");
-
- ret = gnutls_x509_crt_import (crt, &cert_dat[i], GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail ("gnutls_x509_crt_import\n");
-
- ret =
- gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- fail ("gnutls_x509_pubkey_import\n");
-
- ret =
- gnutls_pubkey_get_verify_algorithm (pubkey, &signature, &hash_algo);
- if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
- fail ("gnutls_x509_crt_get_verify_algorithm\n");
-
- ret = gnutls_pubkey_verify_hash (pubkey, 0, &hash_data, &signature);
- if (ret < 0)
- fail ("gnutls_x509_pubkey_verify_hash\n");
-
- ret =
- gnutls_pubkey_get_verify_algorithm (pubkey, &signature2, &hash_algo);
- if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
- fail ("gnutls_x509_crt_get_verify_algorithm (hashed data)\n");
-
- ret = gnutls_pubkey_verify_hash (pubkey, 0, &hash_data, &signature2);
- if (ret < 0)
- fail ("gnutls_x509_pubkey_verify_hash-1 (hashed data)\n");
-
- /* should fail */
- ret = gnutls_pubkey_verify_hash (pubkey, 0, &invalid_hash_data, &signature2);
- if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
- fail ("gnutls_x509_pubkey_verify_hash-2 (hashed data)\n");
-
- sign_algo = gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),
- GNUTLS_DIG_SHA1);
-
- ret = gnutls_pubkey_verify_hash2 (pubkey, sign_algo, 0, &hash_data, &signature2);
- if (ret < 0)
- fail ("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n");
-
- /* should fail */
- ret = gnutls_pubkey_verify_hash2 (pubkey, sign_algo, 0, &invalid_hash_data, &signature2);
- if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
- fail ("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n");
-
- /* test the raw interface */
- gnutls_free(signature.data);
- signature.data = NULL;
-
- if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == GNUTLS_PK_RSA)
- {
- ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA1, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
- &hash_data, &signature);
- if (ret < 0)
- fail ("gnutls_privkey_sign_hash: %s\n", gnutls_strerror(ret));
-
- sign_algo = gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),
- GNUTLS_DIG_SHA1);
-
- ret = gnutls_pubkey_verify_hash2 (pubkey, sign_algo, GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, &hash_data, &signature);
- if (ret < 0)
- fail ("gnutls_pubkey_verify_hash-3 (raw hashed data)\n");
- }
- gnutls_free(signature.data);
- gnutls_free(signature2.data);
- gnutls_x509_privkey_deinit (key);
- gnutls_x509_crt_deinit (crt);
- gnutls_privkey_deinit (privkey);
- gnutls_pubkey_deinit (pubkey);
- }
-
- gnutls_global_deinit ();
+ gnutls_x509_privkey_t key;
+ gnutls_x509_crt_t crt;
+ gnutls_pubkey_t pubkey;
+ gnutls_privkey_t privkey;
+ gnutls_digest_algorithm_t hash_algo;
+ gnutls_sign_algorithm_t sign_algo;
+ gnutls_datum_t signature;
+ gnutls_datum_t signature2;
+ int ret;
+ size_t i;
+
+ global_init();
+
+ gnutls_global_set_log_function(tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level(6);
+
+ for (i = 0; i < sizeof(key_dat) / sizeof(key_dat[0]); i++) {
+ if (debug)
+ success("loop %d\n", (int) i);
+
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_init\n");
+
+ ret =
+ gnutls_x509_privkey_import(key, &key_dat[i],
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_import\n");
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0)
+ fail("gnutls_privkey_init\n");
+
+ ret = gnutls_privkey_init(&privkey);
+ if (ret < 0)
+ fail("gnutls_pubkey_init\n");
+
+ ret = gnutls_privkey_import_x509(privkey, key, 0);
+ if (ret < 0)
+ fail("gnutls_privkey_import_x509\n");
+
+ ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0,
+ &hash_data, &signature2);
+ if (ret < 0)
+ fail("gnutls_privkey_sign_hash\n");
+
+ ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0,
+ &raw_data, &signature);
+ if (ret < 0)
+ fail("gnutls_x509_privkey_sign_hash\n");
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ fail("gnutls_x509_crt_init\n");
+
+ ret =
+ gnutls_x509_crt_import(crt, &cert_dat[i],
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ fail("gnutls_x509_crt_import\n");
+
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0)
+ fail("gnutls_x509_pubkey_import\n");
+
+ ret =
+ gnutls_pubkey_get_verify_algorithm(pubkey, &signature,
+ &hash_algo);
+ if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
+ fail("gnutls_x509_crt_get_verify_algorithm\n");
+
+ ret =
+ gnutls_pubkey_verify_hash(pubkey, 0, &hash_data,
+ &signature);
+ if (ret < 0)
+ fail("gnutls_x509_pubkey_verify_hash\n");
+
+ ret =
+ gnutls_pubkey_get_verify_algorithm(pubkey, &signature2,
+ &hash_algo);
+ if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
+ fail("gnutls_x509_crt_get_verify_algorithm (hashed data)\n");
+
+ ret =
+ gnutls_pubkey_verify_hash(pubkey, 0, &hash_data,
+ &signature2);
+ if (ret < 0)
+ fail("gnutls_x509_pubkey_verify_hash-1 (hashed data)\n");
+
+ /* should fail */
+ ret =
+ gnutls_pubkey_verify_hash(pubkey, 0,
+ &invalid_hash_data,
+ &signature2);
+ if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
+ fail("gnutls_x509_pubkey_verify_hash-2 (hashed data)\n");
+
+ sign_algo =
+ gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm
+ (pubkey, NULL), GNUTLS_DIG_SHA1);
+
+ ret =
+ gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
+ &hash_data, &signature2);
+ if (ret < 0)
+ fail("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n");
+
+ /* should fail */
+ ret =
+ gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
+ &invalid_hash_data,
+ &signature2);
+ if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
+ fail("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n");
+
+ /* test the raw interface */
+ gnutls_free(signature.data);
+ signature.data = NULL;
+
+ if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) ==
+ GNUTLS_PK_RSA) {
+ ret =
+ gnutls_privkey_sign_hash(privkey,
+ GNUTLS_DIG_SHA1,
+ GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
+ &hash_data,
+ &signature);
+ if (ret < 0)
+ fail("gnutls_privkey_sign_hash: %s\n",
+ gnutls_strerror(ret));
+
+ sign_algo =
+ gnutls_pk_to_sign
+ (gnutls_pubkey_get_pk_algorithm(pubkey, NULL),
+ GNUTLS_DIG_SHA1);
+
+ ret =
+ gnutls_pubkey_verify_hash2(pubkey, sign_algo,
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
+ &hash_data,
+ &signature);
+ if (ret < 0)
+ fail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n");
+ }
+ gnutls_free(signature.data);
+ gnutls_free(signature2.data);
+ gnutls_x509_privkey_deinit(key);
+ gnutls_x509_crt_deinit(crt);
+ gnutls_privkey_deinit(privkey);
+ gnutls_pubkey_deinit(pubkey);
+ }
+
+ gnutls_global_deinit();
}
View Lorry Controller Status